From 5a5bcd9f6e16a3da39cb370bbb4a8f335d8d22cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Tue, 21 Nov 2023 16:04:12 -0800 Subject: [PATCH] fix(ESDK): Head Auth logic and HKDF's info parameter (#621) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The ESDK-NET’s Message Header AAD incorrectly appended two empty bytes when using the DefaultCMM. The HKDF invocation of non-committing algorithm suites failed to include the Message ID in the info parameter. Neither of these issues effect the security of messages written by the 4.0.0 release. However, these messages diverge from the Encryption SDK Message Specification. Thus: * ESDK-NET v4.0.0 writes messages that only ESDK-NET v4.0.0 and greater can read. * ESDK-NET v4.0.0 is ONLY able to read messages that are written by ESDK-NET v4.0.0 These issues are fixed in 4.0.1, which writes messages according to the Encryption SDK Message Specification, and are interoperable with other implementations of this library. The option NetV4_RetryPolicy can be use to decrypt v4.0.0 messages. See AwsEncryptionSDK/runtimes/net/Examples/NetV4_0_0Example.cs on how to use the NetV4_RetryPolicy and details on distributed applications. --- .github/CODEOWNERS | 5 - .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/duvet.yaml | 2 +- .../workflows/library_dafny_verification.yml | 2 +- .github/workflows/library_java_tests.yml | 2 +- .github/workflows/library_net_tests.yml | 234 +- .gitmodules | 3 - .../codebuild/release/release-staging.yml | 49 + .../codebuild/release/test-prod.yml | 58 + .../AwsCryptographyEncryptionSdkTypes.dfy | 620 ++-- .../dafny/AwsEncryptionSdk/Model/esdk.smithy | 19 + .../src/AwsEncryptionSdkOperations.dfy | 88 +- .../AwsEncryptionSdk/src/EncryptDecrypt.dfy | 2 +- .../dafny/AwsEncryptionSdk/src/Index.dfy | 9 +- .../AwsEncryptionSdk/src/KeyDerivation.dfy | 29 +- .../src/Serialize/EncryptionContext.dfy | 42 +- .../test/TestCreateEsdkClient.dfy | 93 +- .../runtimes/net/Benchmarks/.gitignore | 3 - .../AWSEncryptionSDKBenchmarks.csproj | 21 - .../runtimes/net/Benchmarks/Benchmarks.cs | 158 - .../runtimes/net/Benchmarks/README.md | 55 - AwsEncryptionSDK/runtimes/net/CHANGELOG.md | 31 + AwsEncryptionSDK/runtimes/net/ESDK.csproj | 2 +- .../net/Examples/DiscoveryFilterExample.cs | 33 - .../net/Examples/ExampleUtils/ExampleUtils.cs | 34 + .../runtimes/net/Examples/NetV4_0_0Example.cs | 180 ++ .../resources/defaultRegionKmsKey.bin | Bin 797 -> 797 bytes .../resources/defaultRegionMrkKey.bin | Bin 814 -> 814 bytes .../resources/v4DefaultRegionKmsKey.bin | Bin 0 -> 797 bytes .../resources/v4DefaultRegionMrkKey.bin | Bin 0 -> 814 bytes .../AwsEncryptionSdkConfig.cs | 8 + .../AwsEncryptionSdk/NetV4_0_0_RetryPolicy.cs | 17 + .../Generated/AwsEncryptionSdk/OpaqueError.cs | 2 +- .../AwsEncryptionSdk/TypeConversion.cs | 1364 ++++++-- AwsEncryptionSDK/runtimes/net/README.md | 40 +- ...AWSEncryptionSDKTestVectorGenerator.csproj | 9 +- .../TestVectorGenerator/Generator.cs | 90 +- .../TestVectorGenerator/README.md | 0 .../resources/0002-keys.v3.json | 0 ...wses-message-decryption-generation.v2.json | 0 .../resources/net4x-generate-manifest.json | 2850 +++++++++++++++++ .../resources/net4x-keys.json | 44 + .../resources/python-2.3.0_keys.json | 0 .../AWSEncryptionSDKTestVectorLib.csproj | 15 + .../TestVectorLib/MaterialProviderFactory.cs | 91 +- .../TestVectorLib/TestVectorTypes.cs | 99 +- .../TestVectorLib/Utils.cs | 29 + .../AWSEncryptionSDKTestVectors.csproj | 4 +- .../TestVectors/README.md | 0 .../TestVectors/TestVectors.cs | 280 ++ .../resources/invalid-Net-4.0.0.zip | Bin 0 -> 328285 bytes .../TestVectors/resources/valid-Net-4.0.0.zip | Bin 0 -> 68110 bytes .../Test/AWSEncryptionSDKTests.csproj | 84 - .../TestVectorsV3/Test/Extern/TestUtils.cs | 33 - .../NativeWrappers/OutputValidationTests.cs | 142 - .../TypeConversionToDafnyWrapperTest.cs | 52 - .../AWSEncryptionSDKTestVectorLib.csproj | 13 - .../TestVectorsV3/TestVectors/TestVectors.cs | 159 - .../resources/aws-encryption-sdk-test-vectors | 1 - SharedMakefileV2.mk | 9 +- 60 files changed, 5579 insertions(+), 1632 deletions(-) delete mode 100644 .github/CODEOWNERS delete mode 100644 AwsEncryptionSDK/runtimes/net/Benchmarks/.gitignore delete mode 100644 AwsEncryptionSDK/runtimes/net/Benchmarks/AWSEncryptionSDKBenchmarks.csproj delete mode 100644 AwsEncryptionSDK/runtimes/net/Benchmarks/Benchmarks.cs delete mode 100644 AwsEncryptionSDK/runtimes/net/Benchmarks/README.md create mode 100644 AwsEncryptionSDK/runtimes/net/Examples/NetV4_0_0Example.cs create mode 100644 AwsEncryptionSDK/runtimes/net/Examples/resources/v4DefaultRegionKmsKey.bin create mode 100644 AwsEncryptionSDK/runtimes/net/Examples/resources/v4DefaultRegionMrkKey.bin create mode 100644 AwsEncryptionSDK/runtimes/net/Generated/AwsEncryptionSdk/NetV4_0_0_RetryPolicy.cs rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectorGenerator/AWSEncryptionSDKTestVectorGenerator.csproj (66%) rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectorGenerator/Generator.cs (67%) rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectorGenerator/README.md (100%) rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectorGenerator/resources/0002-keys.v3.json (100%) rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectorGenerator/resources/0006-awses-message-decryption-generation.v2.json (100%) create mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/net4x-generate-manifest.json create mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/net4x-keys.json rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectorGenerator/resources/python-2.3.0_keys.json (100%) create mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectorLib/MaterialProviderFactory.cs (73%) rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectorLib/TestVectorTypes.cs (62%) rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectorLib/Utils.cs (81%) rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectors/AWSEncryptionSDKTestVectors.csproj (93%) rename AwsEncryptionSDK/runtimes/net/{TestVectorsV3 => TestVectorsNative}/TestVectors/README.md (100%) create mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/TestVectors.cs create mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/invalid-Net-4.0.0.zip create mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/valid-Net-4.0.0.zip delete mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/AWSEncryptionSDKTests.csproj delete mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/Extern/TestUtils.cs delete mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/NativeWrappers/OutputValidationTests.cs delete mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/NativeWrappers/TypeConversionToDafnyWrapperTest.cs delete mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj delete mode 100644 AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/TestVectors.cs delete mode 160000 AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/resources/aws-encryption-sdk-test-vectors diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS deleted file mode 100644 index 806891736..000000000 --- a/.github/CODEOWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# Each line is a file pattern followed by one or more owners. -# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners - -# Default code owner for everything is our aws-crypto-tools group -* @aws/aws-crypto-tools diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 139c158cb..d08c5ea5b 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -1,7 +1,7 @@ # This workflow performs static analysis checks. name: static analysis -on: ["pull_request", "push"] +on: ["pull_request"] jobs: not-grep: diff --git a/.github/workflows/duvet.yaml b/.github/workflows/duvet.yaml index bf278775b..db9513192 100644 --- a/.github/workflows/duvet.yaml +++ b/.github/workflows/duvet.yaml @@ -7,7 +7,7 @@ on: pull_request: push: branches: - - main + - public-v4 jobs: duvet: diff --git a/.github/workflows/library_dafny_verification.yml b/.github/workflows/library_dafny_verification.yml index 33b734f23..33dc497c0 100644 --- a/.github/workflows/library_dafny_verification.yml +++ b/.github/workflows/library_dafny_verification.yml @@ -5,7 +5,7 @@ on: pull_request: push: branches: - - main + - public-v4 workflow_dispatch: # Manual trigger for this workflow, either the normal version # or the nightly build that uses the latest Dafny prerelease diff --git a/.github/workflows/library_java_tests.yml b/.github/workflows/library_java_tests.yml index 4c7e09f52..bba8a6723 100644 --- a/.github/workflows/library_java_tests.yml +++ b/.github/workflows/library_java_tests.yml @@ -5,7 +5,7 @@ on: pull_request: push: branches: - - main + - public-v4 schedule: # Nightly build against Dafny's nightly prereleases, # for early warning of verification issues or regressions. diff --git a/.github/workflows/library_net_tests.yml b/.github/workflows/library_net_tests.yml index 2f335f924..5f3c9fcb0 100644 --- a/.github/workflows/library_net_tests.yml +++ b/.github/workflows/library_net_tests.yml @@ -5,7 +5,7 @@ on: pull_request: push: branches: - - main + - public-v4 schedule: # Nightly build against Dafny's nightly prereleases, # for early warning of verification issues or regressions. @@ -22,6 +22,8 @@ env: AWS_ENCRYPTION_SDK_EXAMPLE_KMS_MRK_KEY_ID_2: arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_US_EAST_1: arn:aws:iam::370957321024:role/GitHub-CI-ESDK-Dafny-Role-us-west-2 AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_EU_WEST_1: arn:aws:iam::370957321024:role/GitHub-CI-ESDK-Dafny-Role-us-west-2 + # Used for Test Vectors + VECTORS_URL: https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip jobs: testDotNet: @@ -29,11 +31,6 @@ jobs: if: github.event_name != 'schedule' || github.repository_owner == 'aws' strategy: matrix: - library: [ - AwsEncryptionSDK - ] - dotnet-version: [ '6.0.x' ] - frameworks: [net6.0, net48] os: [ windows-latest, ubuntu-latest, @@ -57,18 +54,18 @@ jobs: run: | git submodule update --init libraries git submodule update --init --recursive mpl - + - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v2 with: aws-region: us-west-2 - role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-ESDK-Dafny-Role-us-west-2 role-session-name: NetTests - - - name: Setup .NET Core SDK ${{ matrix.dotnet-version }} + + - name: Setup .NET Core SDK 6 uses: actions/setup-dotnet@v3 with: - dotnet-version: ${{ matrix.dotnet-version }} + dotnet-version: '6.0.x' - name: Setup Dafny uses: dafny-lang/setup-dafny-action@v1.6.1 @@ -77,53 +74,208 @@ jobs: dafny-version: ${{ (github.event_name == 'schedule' || inputs.nightly) && 'nightly-latest' || '4.2.0' }} - name: Download Dependencies - working-directory: ./${{ matrix.library }} + working-directory: ./AwsEncryptionSDK run: make setup_net - - name: Compile ${{ matrix.library }} implementation + - name: Compile AwsEncryptionSDK implementation shell: bash - working-directory: ./${{ matrix.library }} + working-directory: ./AwsEncryptionSDK run: | # This works because `node` is installed by default on GHA runners CORES=$(node -e 'console.log(os.cpus().length)') make transpile_net CORES=$CORES - - name: Test ${{ matrix.library }} .NET Framework net48 - working-directory: ./${{ matrix.library }} + - name: Test .NET Framework net48 + working-directory: ./AwsEncryptionSDK + shell: bash + run: | + make test_net FRAMEWORK=net48 + + - name: Test .NET net6.0 + working-directory: ./AwsEncryptionSDK + shell: bash + run: | + if [ "$RUNNER_OS" == "macOS" ]; then + make test_net_mac_intel FRAMEWORK=net6.0 + else + make test_net FRAMEWORK=net6.0 + fi + + - name: Test Examples on .NET Framework net48 + working-directory: ./AwsEncryptionSDK + shell: bash + run: | + dotnet test \ + runtimes/net/Examples \ + --framework net48 + + - name: Test Examples on .NET net6.0 + working-directory: ./AwsEncryptionSDK shell: bash run: | if [ "$RUNNER_OS" == "macOS" ]; then - DYLD_LIBRARY_PATH="/usr/local/opt/openssl@1.1/lib" - dotnet run \ - --project runtimes/net/tests/ \ - --framework net48 - else - dotnet run \ - --project runtimes/net/tests/ \ - --framework net48 - fi + DYLD_LIBRARY_PATH="/usr/local/opt/openssl@1.1/lib" + dotnet test \ + runtimes/net/Examples \ + --framework net6.0 + else + dotnet test \ + runtimes/net/Examples \ + --framework net6.0 + fi + + - name: Fetch awses-decrypt/python-2.3.0.zip + working-directory: ./ + shell: bash + run: | + PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors + mkdir -p $PYTHON_23_VECTOR_PATH + DOWNLOAD_NAME=python23.zip + curl --no-progress-meter --output $DOWNLOAD_NAME --location $VECTORS_URL + unzip -o -qq $DOWNLOAD_NAME -d $PYTHON_23_VECTOR_PATH + rm $DOWNLOAD_NAME - - name: Test ${{ matrix.library }} - working-directory: ./${{ matrix.library }} + - name: Run Test Vectors on .NET Framework net48 + working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors shell: bash run: | + PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \ + dotnet test --framework net48 + + - name: Run Decrypt Test Vectors on .NET net6.0 + working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors + shell: bash + run: | + PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors if [ "$RUNNER_OS" == "macOS" ]; then - make test_net_mac_intel + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \ + DYLD_LIBRARY_PATH="/usr/local/opt/openssl@1.1/lib" \ + dotnet test --framework net6.0 else - make test_net + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \ + dotnet test --framework net6.0 fi - - name: Test Examples on ${{ matrix.frameworks }} + - name: Generate Test Vectors with .NET Framework net6.0 + # TODO Post-#619: Fix Zip file creation on Windows + if: matrix.os != 'windows-latest' + working-directory: ./AwsEncryptionSDK + shell: bash + run: | + NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors + mkdir -p $NET_41_VECTOR_PATH + GEN_PATH=runtimes/net/TestVectorsNative/TestVectorGenerator + dotnet run --project $GEN_PATH --framework net6.0 -- \ + --encrypt-manifest $GEN_PATH/resources/0006-awses-message-decryption-generation.v2.json \ + --output-dir $NET_41_VECTOR_PATH + + # TODO: Fix Zip file creation on Windows + # - name: Zip the Generated Test Vectors for ESDK-JS on Windows + # if: matrix.os == 'windows-latest' + # shell: pwsh + # run: | + # # NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors + # Set-Location -Path "$env:GITHUB_WORKSPACE\net41\vectors" + # Compress-Archive -Path "$env:GITHUB_WORKSPACE\net41\vectors\*" -DestinationPath "$env:GITHUB_WORKSPACE\net41\vectors\net41.zip" + + - name: Zip the Generated Test Vectors for ESDK-JS on Mac/Linux + if: matrix.os != 'windows-latest' + shell: bash + run: | + NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors + cd $NET_41_VECTOR_PATH + zip -qq net41.zip -r . + + - name: Decrypt Generated Test Vectors with ESDK-JS + # TODO Post-#619: Fix Zip file creation on Windows + if: matrix.os != 'windows-latest' + shell: bash + run: | + NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors + cd $NET_41_VECTOR_PATH + npx -y @aws-crypto/integration-node decrypt -v $NET_41_VECTOR_PATH/net41.zip -c cpu + + - name: Unzip ESDK-NET @ v4.0.0 Valid Vectors + working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources + shell: bash + run: | + NET_400_VALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Valid/vectors + mkdir -p $NET_400_VALID_VECTORS + DOWNLOAD_NAME=valid-Net-4.0.0.zip + unzip -o -qq $DOWNLOAD_NAME -d $NET_400_VALID_VECTORS + + - name: Run ESDK-NET @ v4.0.0 Valid Vectors expect success + working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors + continue-on-error: true + shell: bash + run: | + NET_400_VALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Valid/vectors + ESDK_NET_V400_POLICY="forbid" \ + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_VALID_VECTORS/manifest.json" \ + dotnet test --framework net48 + ESDK_NET_V400_POLICY="forbid" \ + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_VALID_VECTORS/manifest.json" \ + dotnet test --framework net6.0 --logger "console;verbosity=quiet" + + - name: Unzip ESDK-NET @ v4.0.0 Invalid Vectors + working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources shell: bash - working-directory: ./${{ matrix.library }} run: | + NET_400_INVALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Invalid/vectors + mkdir -p $NET_400_INVALID_VECTORS + DOWNLOAD_NAME=invalid-Net-4.0.0.zip + unzip -o -qq $DOWNLOAD_NAME -d $NET_400_INVALID_VECTORS + + - name: Run ESDK-NET @ v4.0.0 Invalid Vectors .NET 48 expect failure + working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors + continue-on-error: true + shell: bash + run: | + NET_400_INVALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Invalid/vectors + ESDK_NET_V400_POLICY="forbid" \ + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \ + dotnet test --framework net48 + # Dotnet test returns 1 for failure. + TEMP=$?; if [[ "$TEMP" -eq 1 ]]; then true; else false; fi; + # We want this to fail, so if it returned 1, step passes, else it fails + # TODO Post-#619: Refactor Test Vectors to expect failure, + # as I doubt this true false logic works + + - name: Run ESDK-NET @ v4.0.0 Invalid Vectors .NET 6.0 expect failure + working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors + continue-on-error: true + shell: bash + run: | + NET_400_INVALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Invalid/vectors if [ "$RUNNER_OS" == "macOS" ]; then - DYLD_LIBRARY_PATH="/usr/local/opt/openssl@1.1/lib" - dotnet test \ - runtimes/net/Examples \ - --framework ${{ matrix.frameworks }} - else - dotnet test \ - runtimes/net/Examples \ - --framework ${{ matrix.frameworks }} - fi + ESDK_NET_V400_POLICY="forbid" \ + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \ + DYLD_LIBRARY_PATH="/usr/local/opt/openssl@1.1/lib" \ + dotnet test --framework net6.0 + else + ESDK_NET_V400_POLICY="forbid" \ + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \ + dotnet test --framework net6.0 + fi + # Dotnet test returns 1 for failure. + TEMP=$?; if [[ "$TEMP" -eq 1 ]]; then true; else false; fi; + # We want this to fail, so if it returned 1, step passes, else it fails + # TODO Post-#619: Refactor Test Vectors to expect failure, + # as I doubt this true false logic works + + - name: Run ESDK-NET @ v4.0.0 Invalid Vectors .NET expect Success + working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors + shell: bash + run: | + NET_400_INVALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Invalid/vectors + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \ + dotnet test --framework net48 --logger "console;verbosity=quiet" + if [ "$RUNNER_OS" == "macOS" ]; then + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \ + DYLD_LIBRARY_PATH="/usr/local/opt/openssl@1.1/lib" \ + dotnet test --framework net6.0 --logger "console;verbosity=quiet" + else + DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \ + dotnet test --framework net6.0 --logger "console;verbosity=quiet" + fi diff --git a/.gitmodules b/.gitmodules index b36b1ceca..f2f326da7 100644 --- a/.gitmodules +++ b/.gitmodules @@ -8,6 +8,3 @@ [submodule "mpl"] path = mpl url = https://github.com/aws/aws-cryptographic-material-providers-library-dafny.git -[submodule "AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/resources/aws-encryption-sdk-test-vectors"] - path = AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/resources/aws-encryption-sdk-test-vectors - url = https://github.com/awslabs/aws-encryption-sdk-test-vectors.git diff --git a/AwsEncryptionSDK/codebuild/release/release-staging.yml b/AwsEncryptionSDK/codebuild/release/release-staging.yml index e81f75383..e6170ddc1 100644 --- a/AwsEncryptionSDK/codebuild/release/release-staging.yml +++ b/AwsEncryptionSDK/codebuild/release/release-staging.yml @@ -14,6 +14,9 @@ env: arn:aws:iam::587316601012:role/GitHub-DotNet-KMS-US-East-1-Only AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_EU_WEST_1: >- arn:aws:iam::587316601012:role/GitHub-DotNet-KMS-EU-West-1-Only + VECTORS_URL: >- + https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip + phases: install: @@ -26,6 +29,13 @@ phases: - curl https://github.com/dafny-lang/dafny/releases/download/v4.2.0/dafny-4.2.0-x64-ubuntu-20.04.zip -L -o dafny.zip - unzip -qq dafny.zip && rm dafny.zip - export PATH="$PWD/dafny:$PATH" + # install mono to run net48 copied from + # https://www.mono-project.com/download/stable/#download-lin + - sudo apt install ca-certificates gnupg + - sudo gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mono-official-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF + - echo "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.gpg] https://download.mono-project.com/repo/ubuntu stable-focal main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list + - sudo apt update + - sudo apt-get install mono-devel -y # Switch back to the main directory - cd private-aws-encryption-sdk-dafny-staging/AwsEncryptionSDK pre_build: @@ -72,3 +82,42 @@ phases: - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken') - aws sts get-caller-identity - make test_net + + # add staged artifact to testvectors + - sed -i.backup "/\/d" runtimes/net/TestVectorsNative/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj + - dotnet add runtimes/net/TestVectorsNative/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj package AWS.Cryptography.EncryptionSDK --version $VERSION + + # Fetch awses-decrypt/python-2.3.0.zip + - cd ../ + - pwd + - export PYTHON_23_VECTOR_PATH=$(pwd)/python23/vectors + - mkdir -p $PYTHON_23_VECTOR_PATH + - export DOWNLOAD_NAME=python23.zip + - curl --no-progress-meter --output $DOWNLOAD_NAME --location $VECTORS_URL + - unzip -o -qq $DOWNLOAD_NAME -d $PYTHON_23_VECTOR_PATH + - rm $DOWNLOAD_NAME + + # Run Decrypt Test Vectors on .NET Framework net48 + - cd ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors + - export DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \ + - dotnet test --framework net48 + + # Run Decrypt Test Vectors on .NET net6.0 + - dotnet test --framework net6.0 + + # Generate Test Vectors with .NET Framework net6.0 + - cd ../../../../ + - export NET_41_VECTOR_PATH=$(pwd)/net41/vectors + - mkdir -p $NET_41_VECTOR_PATH + - GEN_PATH=runtimes/net/TestVectorsNative/TestVectorGenerator + - >- + dotnet run --project $GEN_PATH --framework net6.0 -- \ + --encrypt-manifest $GEN_PATH/resources/0006-awses-message-decryption-generation.v2.json \ + --output-dir $NET_41_VECTOR_PATH + + # Zip the Generated Test Vectors for ESDK-JS on Mac/Linux + - cd $NET_41_VECTOR_PATH + - zip -qq net41.zip -r . + + # Decrypt Generated Test Vectors with ESDK-JS + - npx -y @aws-crypto/integration-node decrypt -v $NET_41_VECTOR_PATH/net41.zip -c cpu diff --git a/AwsEncryptionSDK/codebuild/release/test-prod.yml b/AwsEncryptionSDK/codebuild/release/test-prod.yml index f111190de..9fba593e1 100644 --- a/AwsEncryptionSDK/codebuild/release/test-prod.yml +++ b/AwsEncryptionSDK/codebuild/release/test-prod.yml @@ -1,5 +1,10 @@ version: 0.2 +env: + variables: + VECTORS_URL: >- + https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip + phases: install: runtime-versions: @@ -11,6 +16,13 @@ phases: - curl https://github.com/dafny-lang/dafny/releases/download/v4.2.0/dafny-4.2.0-x64-ubuntu-20.04.zip -L -o dafny.zip - unzip -qq dafny.zip && rm dafny.zip - export PATH="$PWD/dafny:$PATH" + # install mono to run net48 copied from + # https://www.mono-project.com/download/stable/#download-lin + - sudo apt install ca-certificates gnupg + - sudo gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mono-official-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF + - echo "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.gpg] https://download.mono-project.com/repo/ubuntu stable-focal main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list + - sudo apt update + - sudo apt-get install mono-devel -y # Switch back to the main directory - cd private-aws-encryption-sdk-dafny-staging/AwsEncryptionSDK pre_build: @@ -30,3 +42,49 @@ phases: - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken') - aws sts get-caller-identity - make test_net + + # add released artifact to testvectors + - sed -i.backup "/\/d" runtimes/net/TestVectorsNative/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj + - dotnet add runtimes/net/TestVectorsNative/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj package AWS.Cryptography.EncryptionSDK --version $VERSION + + # Fetch awses-decrypt/python-2.3.0.zip + - cd ../ + - pwd + - export PYTHON_23_VECTOR_PATH=$(pwd)/python23/vectors + - mkdir -p $PYTHON_23_VECTOR_PATH + - export DOWNLOAD_NAME=python23.zip + - curl --no-progress-meter --output $DOWNLOAD_NAME --location $VECTORS_URL + - unzip -o -qq $DOWNLOAD_NAME -d $PYTHON_23_VECTOR_PATH + - rm $DOWNLOAD_NAME + + # Run Decrypt Test Vectors on .NET Framework net48 + - cd ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors + - export DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \ + - dotnet test --framework net48 + + # Run Decrypt Test Vectors on .NET net6.0 + - dotnet test --framework net6.0 + + # Generate Test Vectors with .NET Framework net6.0 + - cd ../../../../ + - export NET_41_VECTOR_PATH=$(pwd)/net41/vectors + - mkdir -p $NET_41_VECTOR_PATH + - GEN_PATH=runtimes/net/TestVectorsNative/TestVectorGenerator + - >- + dotnet run --project $GEN_PATH --framework net6.0 -- \ + --encrypt-manifest $GEN_PATH/resources/0006-awses-message-decryption-generation.v2.json \ + --output-dir $NET_41_VECTOR_PATH + + # Zip the Generated Test Vectors for ESDK-JS on Mac/Linux + - cd $NET_41_VECTOR_PATH + - zip -qq net41.zip -r . + + # Decrypt Generated Test Vectors with ESDK-JS + - npx -y @aws-crypto/integration-node decrypt -v $NET_41_VECTOR_PATH/net41.zip -c cpu + + # Unzip ESDK-NET @ v4.0.0 Valid Vectors + - cd runtimes/net/TestVectorsNative/TestVectors/resources + - NET_400_VALID_VECTORS=$(pwd)/v4Net400Valid/vectors + - mkdir -p $NET_400_VALID_VECTORS + - DOWNLOAD_NAME=valid-Net-4.0.0.zip + - unzip -o -qq $DOWNLOAD_NAME -d $NET_400_VALID_VECTORS diff --git a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/Model/AwsCryptographyEncryptionSdkTypes.dfy b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/Model/AwsCryptographyEncryptionSdkTypes.dfy index c80ce7bc6..2cf7013f2 100644 --- a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/Model/AwsCryptographyEncryptionSdkTypes.dfy +++ b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/Model/AwsCryptographyEncryptionSdkTypes.dfy @@ -2,322 +2,326 @@ // SPDX-License-Identifier: Apache-2.0 // Do not modify this file. This file is machine generated, and any changes to it will be overwritten. include "../../../../mpl/StandardLibrary/src/Index.dfy" - include "../../../../mpl/AwsCryptographicMaterialProviders/dafny/AwsCryptographicMaterialProviders/src/Index.dfy" - include "../../../../mpl/AwsCryptographyPrimitives/src/Index.dfy" - module {:extern "software.amazon.cryptography.encryptionsdk.internaldafny.types" } AwsCryptographyEncryptionSdkTypes - { - import opened Wrappers - import opened StandardLibrary.UInt - import opened UTF8 - import AwsCryptographyMaterialProvidersTypes - import AwsCryptographyPrimitivesTypes - // Generic helpers for verification of mock/unit tests. - datatype DafnyCallEvent = DafnyCallEvent(input: I, output: O) - - // Begin Generated Types - - class IAwsEncryptionSdkClientCallHistory { - ghost constructor() { - Encrypt := []; - Decrypt := []; -} - ghost var Encrypt: seq>> - ghost var Decrypt: seq>> -} - trait {:termination false} IAwsEncryptionSdkClient - { - // Helper to define any additional modifies/reads clauses. - // If your operations need to mutate state, - // add it in your constructor function: - // Modifies := {your, fields, here, History}; - // If you do not need to mutate anything: -// Modifies := {History}; +include "../../../../mpl/AwsCryptographicMaterialProviders/dafny/AwsCryptographicMaterialProviders/src/Index.dfy" +include "../../../../mpl/AwsCryptographyPrimitives/src/Index.dfy" +module {:extern "software.amazon.cryptography.encryptionsdk.internaldafny.types" } AwsCryptographyEncryptionSdkTypes +{ + import opened Wrappers + import opened StandardLibrary.UInt + import opened UTF8 + import AwsCryptographyMaterialProvidersTypes + import AwsCryptographyPrimitivesTypes + // Generic helpers for verification of mock/unit tests. + datatype DafnyCallEvent = DafnyCallEvent(input: I, output: O) - ghost const Modifies: set - // For an unassigned field defined in a trait, - // Dafny can only assign a value in the constructor. - // This means that for Dafny to reason about this value, - // it needs some way to know (an invariant), - // about the state of the object. - // This builds on the Valid/Repr paradigm - // To make this kind requires safe to add - // to methods called from unverified code, - // the predicate MUST NOT take any arguments. - // This means that the correctness of this requires - // MUST only be evaluated by the class itself. - // If you require any additional mutation, - // then you MUST ensure everything you need in ValidState. - // You MUST also ensure ValidState in your constructor. - predicate ValidState() - ensures ValidState() ==> History in Modifies - ghost const History: IAwsEncryptionSdkClientCallHistory - predicate EncryptEnsuresPublicly(input: EncryptInput , output: Result) - // The public method to be called by library consumers - method Encrypt ( input: EncryptInput ) - returns (output: Result) - requires - && ValidState() && ( input.materialsManager.Some? ==> - && input.materialsManager.value.ValidState() - && input.materialsManager.value.Modifies !! {History} - ) && ( input.keyring.Some? ==> - && input.keyring.value.ValidState() - && input.keyring.value.Modifies !! {History} - ) - modifies Modifies - {History} , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) , - History`Encrypt - // Dafny will skip type parameters when generating a default decreases clause. - decreases Modifies - {History} , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) - ensures - && ValidState() - ensures EncryptEnsuresPublicly(input, output) - ensures History.Encrypt == old(History.Encrypt) + [DafnyCallEvent(input, output)] - - predicate DecryptEnsuresPublicly(input: DecryptInput , output: Result) - // The public method to be called by library consumers - method Decrypt ( input: DecryptInput ) - returns (output: Result) - requires - && ValidState() && ( input.materialsManager.Some? ==> - && input.materialsManager.value.ValidState() - && input.materialsManager.value.Modifies !! {History} - ) && ( input.keyring.Some? ==> - && input.keyring.value.ValidState() - && input.keyring.value.Modifies !! {History} - ) - modifies Modifies - {History} , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) , - History`Decrypt - // Dafny will skip type parameters when generating a default decreases clause. - decreases Modifies - {History} , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) - ensures - && ValidState() - ensures DecryptEnsuresPublicly(input, output) - ensures History.Decrypt == old(History.Decrypt) + [DafnyCallEvent(input, output)] - -} - datatype AwsEncryptionSdkConfig = | AwsEncryptionSdkConfig ( - nameonly commitmentPolicy: Option , - nameonly maxEncryptedDataKeys: Option - ) - type CountingNumbers = x: int64 | IsValid_CountingNumbers(x) witness * - predicate method IsValid_CountingNumbers(x: int64) { - ( 1 <= x ) -} - datatype DecryptInput = | DecryptInput ( - nameonly ciphertext: seq , - nameonly materialsManager: Option , - nameonly keyring: Option , - nameonly encryptionContext: Option - ) - datatype DecryptOutput = | DecryptOutput ( - nameonly plaintext: seq , - nameonly encryptionContext: AwsCryptographyMaterialProvidersTypes.EncryptionContext , - nameonly algorithmSuiteId: AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId - ) - datatype EncryptInput = | EncryptInput ( - nameonly plaintext: seq , - nameonly encryptionContext: Option , - nameonly materialsManager: Option , - nameonly keyring: Option , - nameonly algorithmSuiteId: Option , - nameonly frameLength: Option - ) - datatype EncryptOutput = | EncryptOutput ( - nameonly ciphertext: seq , - nameonly encryptionContext: AwsCryptographyMaterialProvidersTypes.EncryptionContext , - nameonly algorithmSuiteId: AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId - ) - type FrameLength = x: int64 | IsValid_FrameLength(x) witness * - predicate method IsValid_FrameLength(x: int64) { - ( 1 <= x <= 4294967296 ) -} - datatype Error = - // Local Error structures are listed here - | AwsEncryptionSdkException ( - nameonly message: string - ) - // Any dependent models are listed here - | AwsCryptographyMaterialProviders(AwsCryptographyMaterialProviders: AwsCryptographyMaterialProvidersTypes.Error) - | AwsCryptographyPrimitives(AwsCryptographyPrimitives: AwsCryptographyPrimitivesTypes.Error) - // The Collection error is used to collect several errors together - // This is useful when composing OR logic. - // Consider the following method: - // - // method FN(n:I) - // returns (res: Result) - // ensures A(I).Success? ==> res.Success? - // ensures B(I).Success? ==> res.Success? - // ensures A(I).Failure? && B(I).Failure? ==> res.Failure? - // - // If either A || B is successful then FN is successful. - // And if A && B fail then FN will fail. - // But what information should FN transmit back to the caller? - // While it may be correct to hide these details from the caller, - // this can not be the globally correct option. - // Suppose that A and B can be blocked by different ACLs, - // and that their representation of I is only eventually consistent. - // How can the caller distinguish, at a minimum for logging, - // the difference between the four failure modes? - // || (!access(A(I)) && !access(B(I))) - // || (!exit(A(I)) && !exit(B(I))) - // || (!access(A(I)) && !exit(B(I))) - // || (!exit(A(I)) && !access(B(I))) - | CollectionOfErrors(list: seq, nameonly message: string) - // The Opaque error, used for native, extern, wrapped or unknown errors - | Opaque(obj: object) - type OpaqueError = e: Error | e.Opaque? witness * -} - abstract module AbstractAwsCryptographyEncryptionSdkService - { - import opened Wrappers - import opened StandardLibrary.UInt - import opened UTF8 - import opened Types = AwsCryptographyEncryptionSdkTypes - import Operations : AbstractAwsCryptographyEncryptionSdkOperations - function method DefaultAwsEncryptionSdkConfig(): AwsEncryptionSdkConfig - method ESDK(config: AwsEncryptionSdkConfig := DefaultAwsEncryptionSdkConfig()) - returns (res: Result) - ensures res.Success? ==> - && fresh(res.value) - && fresh(res.value.Modifies) - && fresh(res.value.History) - && res.value.ValidState() + // Begin Generated Types - class ESDKClient extends IAwsEncryptionSdkClient - { - constructor(config: Operations.InternalConfig) - requires Operations.ValidInternalConfig?(config) - ensures - && ValidState() - && fresh(History) - && this.config == config - const config: Operations.InternalConfig - predicate ValidState() - ensures ValidState() ==> - && Operations.ValidInternalConfig?(config) - && History !in Operations.ModifiesInternalConfig(config) - && Modifies == Operations.ModifiesInternalConfig(config) + {History} - predicate EncryptEnsuresPublicly(input: EncryptInput , output: Result) - {Operations.EncryptEnsuresPublicly(input, output)} - // The public method to be called by library consumers - method Encrypt ( input: EncryptInput ) - returns (output: Result) - requires - && ValidState() && ( input.materialsManager.Some? ==> - && input.materialsManager.value.ValidState() - && input.materialsManager.value.Modifies !! {History} - ) && ( input.keyring.Some? ==> - && input.keyring.value.ValidState() - && input.keyring.value.Modifies !! {History} - ) - modifies Modifies - {History} , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) , - History`Encrypt - // Dafny will skip type parameters when generating a default decreases clause. - decreases Modifies - {History} , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) - ensures - && ValidState() - ensures EncryptEnsuresPublicly(input, output) - ensures History.Encrypt == old(History.Encrypt) + [DafnyCallEvent(input, output)] - { - output := Operations.Encrypt(config, input); - History.Encrypt := History.Encrypt + [DafnyCallEvent(input, output)]; -} - - predicate DecryptEnsuresPublicly(input: DecryptInput , output: Result) - {Operations.DecryptEnsuresPublicly(input, output)} - // The public method to be called by library consumers - method Decrypt ( input: DecryptInput ) - returns (output: Result) - requires - && ValidState() && ( input.materialsManager.Some? ==> - && input.materialsManager.value.ValidState() - && input.materialsManager.value.Modifies !! {History} - ) && ( input.keyring.Some? ==> - && input.keyring.value.ValidState() - && input.keyring.value.Modifies !! {History} - ) - modifies Modifies - {History} , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) , - History`Decrypt - // Dafny will skip type parameters when generating a default decreases clause. - decreases Modifies - {History} , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) - ensures - && ValidState() - ensures DecryptEnsuresPublicly(input, output) - ensures History.Decrypt == old(History.Decrypt) + [DafnyCallEvent(input, output)] - { - output := Operations.Decrypt(config, input); - History.Decrypt := History.Decrypt + [DafnyCallEvent(input, output)]; -} - + class IAwsEncryptionSdkClientCallHistory { + ghost constructor() { + Encrypt := []; + Decrypt := []; + } + ghost var Encrypt: seq>> + ghost var Decrypt: seq>> + } + trait {:termination false} IAwsEncryptionSdkClient + { + // Helper to define any additional modifies/reads clauses. + // If your operations need to mutate state, + // add it in your constructor function: + // Modifies := {your, fields, here, History}; + // If you do not need to mutate anything: + // Modifies := {History}; + + ghost const Modifies: set + // For an unassigned field defined in a trait, + // Dafny can only assign a value in the constructor. + // This means that for Dafny to reason about this value, + // it needs some way to know (an invariant), + // about the state of the object. + // This builds on the Valid/Repr paradigm + // To make this kind requires safe to add + // to methods called from unverified code, + // the predicate MUST NOT take any arguments. + // This means that the correctness of this requires + // MUST only be evaluated by the class itself. + // If you require any additional mutation, + // then you MUST ensure everything you need in ValidState. + // You MUST also ensure ValidState in your constructor. + predicate ValidState() + ensures ValidState() ==> History in Modifies + ghost const History: IAwsEncryptionSdkClientCallHistory + predicate EncryptEnsuresPublicly(input: EncryptInput , output: Result) + // The public method to be called by library consumers + method Encrypt ( input: EncryptInput ) + returns (output: Result) + requires + && ValidState() && ( input.materialsManager.Some? ==> + && input.materialsManager.value.ValidState() + && input.materialsManager.value.Modifies !! {History} + ) && ( input.keyring.Some? ==> + && input.keyring.value.ValidState() + && input.keyring.value.Modifies !! {History} + ) + modifies Modifies - {History} , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) , + History`Encrypt + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) + ensures + && ValidState() + ensures EncryptEnsuresPublicly(input, output) + ensures History.Encrypt == old(History.Encrypt) + [DafnyCallEvent(input, output)] + + predicate DecryptEnsuresPublicly(input: DecryptInput , output: Result) + // The public method to be called by library consumers + method Decrypt ( input: DecryptInput ) + returns (output: Result) + requires + && ValidState() && ( input.materialsManager.Some? ==> + && input.materialsManager.value.ValidState() + && input.materialsManager.value.Modifies !! {History} + ) && ( input.keyring.Some? ==> + && input.keyring.value.ValidState() + && input.keyring.value.Modifies !! {History} + ) + modifies Modifies - {History} , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) , + History`Decrypt + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) + ensures + && ValidState() + ensures DecryptEnsuresPublicly(input, output) + ensures History.Decrypt == old(History.Decrypt) + [DafnyCallEvent(input, output)] + + } + datatype AwsEncryptionSdkConfig = | AwsEncryptionSdkConfig ( + nameonly commitmentPolicy: Option , + nameonly maxEncryptedDataKeys: Option , + nameonly netV4_0_0_RetryPolicy: Option + ) + type CountingNumbers = x: int64 | IsValid_CountingNumbers(x) witness * + predicate method IsValid_CountingNumbers(x: int64) { + ( 1 <= x ) + } + datatype DecryptInput = | DecryptInput ( + nameonly ciphertext: seq , + nameonly materialsManager: Option , + nameonly keyring: Option , + nameonly encryptionContext: Option + ) + datatype DecryptOutput = | DecryptOutput ( + nameonly plaintext: seq , + nameonly encryptionContext: AwsCryptographyMaterialProvidersTypes.EncryptionContext , + nameonly algorithmSuiteId: AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId + ) + datatype EncryptInput = | EncryptInput ( + nameonly plaintext: seq , + nameonly encryptionContext: Option , + nameonly materialsManager: Option , + nameonly keyring: Option , + nameonly algorithmSuiteId: Option , + nameonly frameLength: Option + ) + datatype EncryptOutput = | EncryptOutput ( + nameonly ciphertext: seq , + nameonly encryptionContext: AwsCryptographyMaterialProvidersTypes.EncryptionContext , + nameonly algorithmSuiteId: AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId + ) + type FrameLength = x: int64 | IsValid_FrameLength(x) witness * + predicate method IsValid_FrameLength(x: int64) { + ( 1 <= x <= 4294967296 ) + } + datatype NetV4_0_0_RetryPolicy = + | FORBID_RETRY + | ALLOW_RETRY + datatype Error = + // Local Error structures are listed here + | AwsEncryptionSdkException ( + nameonly message: string + ) + // Any dependent models are listed here + | AwsCryptographyMaterialProviders(AwsCryptographyMaterialProviders: AwsCryptographyMaterialProvidersTypes.Error) + | AwsCryptographyPrimitives(AwsCryptographyPrimitives: AwsCryptographyPrimitivesTypes.Error) + // The Collection error is used to collect several errors together + // This is useful when composing OR logic. + // Consider the following method: + // + // method FN(n:I) + // returns (res: Result) + // ensures A(I).Success? ==> res.Success? + // ensures B(I).Success? ==> res.Success? + // ensures A(I).Failure? && B(I).Failure? ==> res.Failure? + // + // If either A || B is successful then FN is successful. + // And if A && B fail then FN will fail. + // But what information should FN transmit back to the caller? + // While it may be correct to hide these details from the caller, + // this can not be the globally correct option. + // Suppose that A and B can be blocked by different ACLs, + // and that their representation of I is only eventually consistent. + // How can the caller distinguish, at a minimum for logging, + // the difference between the four failure modes? + // || (!access(A(I)) && !access(B(I))) + // || (!exit(A(I)) && !exit(B(I))) + // || (!access(A(I)) && !exit(B(I))) + // || (!exit(A(I)) && !access(B(I))) + | CollectionOfErrors(list: seq, nameonly message: string) + // The Opaque error, used for native, extern, wrapped or unknown errors + | Opaque(obj: object) + type OpaqueError = e: Error | e.Opaque? witness * } +abstract module AbstractAwsCryptographyEncryptionSdkService +{ + import opened Wrappers + import opened StandardLibrary.UInt + import opened UTF8 + import opened Types = AwsCryptographyEncryptionSdkTypes + import Operations : AbstractAwsCryptographyEncryptionSdkOperations + function method DefaultAwsEncryptionSdkConfig(): AwsEncryptionSdkConfig + method ESDK(config: AwsEncryptionSdkConfig := DefaultAwsEncryptionSdkConfig()) + returns (res: Result) + ensures res.Success? ==> + && fresh(res.value) + && fresh(res.value.Modifies) + && fresh(res.value.History) + && res.value.ValidState() + + class ESDKClient extends IAwsEncryptionSdkClient + { + constructor(config: Operations.InternalConfig) + requires Operations.ValidInternalConfig?(config) + ensures + && ValidState() + && fresh(History) + && this.config == config + const config: Operations.InternalConfig + predicate ValidState() + ensures ValidState() ==> + && Operations.ValidInternalConfig?(config) + && History !in Operations.ModifiesInternalConfig(config) + && Modifies == Operations.ModifiesInternalConfig(config) + {History} + predicate EncryptEnsuresPublicly(input: EncryptInput , output: Result) + {Operations.EncryptEnsuresPublicly(input, output)} + // The public method to be called by library consumers + method Encrypt ( input: EncryptInput ) + returns (output: Result) + requires + && ValidState() && ( input.materialsManager.Some? ==> + && input.materialsManager.value.ValidState() + && input.materialsManager.value.Modifies !! {History} + ) && ( input.keyring.Some? ==> + && input.keyring.value.ValidState() + && input.keyring.value.Modifies !! {History} + ) + modifies Modifies - {History} , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) , + History`Encrypt + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) + ensures + && ValidState() + ensures EncryptEnsuresPublicly(input, output) + ensures History.Encrypt == old(History.Encrypt) + [DafnyCallEvent(input, output)] + { + output := Operations.Encrypt(config, input); + History.Encrypt := History.Encrypt + [DafnyCallEvent(input, output)]; + } + + predicate DecryptEnsuresPublicly(input: DecryptInput , output: Result) + {Operations.DecryptEnsuresPublicly(input, output)} + // The public method to be called by library consumers + method Decrypt ( input: DecryptInput ) + returns (output: Result) + requires + && ValidState() && ( input.materialsManager.Some? ==> + && input.materialsManager.value.ValidState() + && input.materialsManager.value.Modifies !! {History} + ) && ( input.keyring.Some? ==> + && input.keyring.value.ValidState() + && input.keyring.value.Modifies !! {History} + ) + modifies Modifies - {History} , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) , + History`Decrypt + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) + ensures + && ValidState() + ensures DecryptEnsuresPublicly(input, output) + ensures History.Decrypt == old(History.Decrypt) + [DafnyCallEvent(input, output)] + { + output := Operations.Decrypt(config, input); + History.Decrypt := History.Decrypt + [DafnyCallEvent(input, output)]; + } + + } } - abstract module AbstractAwsCryptographyEncryptionSdkOperations { - import opened Wrappers - import opened StandardLibrary.UInt - import opened UTF8 - import opened Types = AwsCryptographyEncryptionSdkTypes - type InternalConfig - predicate ValidInternalConfig?(config: InternalConfig) - function ModifiesInternalConfig(config: InternalConfig): set - predicate EncryptEnsuresPublicly(input: EncryptInput , output: Result) - // The private method to be refined by the library developer +abstract module AbstractAwsCryptographyEncryptionSdkOperations { + import opened Wrappers + import opened StandardLibrary.UInt + import opened UTF8 + import opened Types = AwsCryptographyEncryptionSdkTypes + type InternalConfig + predicate ValidInternalConfig?(config: InternalConfig) + function ModifiesInternalConfig(config: InternalConfig): set + predicate EncryptEnsuresPublicly(input: EncryptInput , output: Result) + // The private method to be refined by the library developer - method Encrypt ( config: InternalConfig , input: EncryptInput ) - returns (output: Result) - requires - && ValidInternalConfig?(config) && ( input.materialsManager.Some? ==> - && input.materialsManager.value.ValidState() - ) && ( input.keyring.Some? ==> - && input.keyring.value.ValidState() - ) - modifies ModifiesInternalConfig(config) , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) - // Dafny will skip type parameters when generating a default decreases clause. - decreases ModifiesInternalConfig(config) , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) - ensures - && ValidInternalConfig?(config) - ensures EncryptEnsuresPublicly(input, output) + method Encrypt ( config: InternalConfig , input: EncryptInput ) + returns (output: Result) + requires + && ValidInternalConfig?(config) && ( input.materialsManager.Some? ==> + && input.materialsManager.value.ValidState() + ) && ( input.keyring.Some? ==> + && input.keyring.value.ValidState() + ) + modifies ModifiesInternalConfig(config) , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) + // Dafny will skip type parameters when generating a default decreases clause. + decreases ModifiesInternalConfig(config) , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) + ensures + && ValidInternalConfig?(config) + ensures EncryptEnsuresPublicly(input, output) - predicate DecryptEnsuresPublicly(input: DecryptInput , output: Result) - // The private method to be refined by the library developer + predicate DecryptEnsuresPublicly(input: DecryptInput , output: Result) + // The private method to be refined by the library developer - method Decrypt ( config: InternalConfig , input: DecryptInput ) - returns (output: Result) - requires - && ValidInternalConfig?(config) && ( input.materialsManager.Some? ==> - && input.materialsManager.value.ValidState() - ) && ( input.keyring.Some? ==> - && input.keyring.value.ValidState() - ) - modifies ModifiesInternalConfig(config) , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) - // Dafny will skip type parameters when generating a default decreases clause. - decreases ModifiesInternalConfig(config) , - (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , - (if input.keyring.Some? then input.keyring.value.Modifies else {}) - ensures - && ValidInternalConfig?(config) - ensures DecryptEnsuresPublicly(input, output) + method Decrypt ( config: InternalConfig , input: DecryptInput ) + returns (output: Result) + requires + && ValidInternalConfig?(config) && ( input.materialsManager.Some? ==> + && input.materialsManager.value.ValidState() + ) && ( input.keyring.Some? ==> + && input.keyring.value.ValidState() + ) + modifies ModifiesInternalConfig(config) , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) + // Dafny will skip type parameters when generating a default decreases clause. + decreases ModifiesInternalConfig(config) , + (if input.materialsManager.Some? then input.materialsManager.value.Modifies else {}) , + (if input.keyring.Some? then input.keyring.value.Modifies else {}) + ensures + && ValidInternalConfig?(config) + ensures DecryptEnsuresPublicly(input, output) } diff --git a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/Model/esdk.smithy b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/Model/esdk.smithy index fb8c05494..ba12c4325 100644 --- a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/Model/esdk.smithy +++ b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/Model/esdk.smithy @@ -35,8 +35,27 @@ long FrameLength structure AwsEncryptionSdkConfig { commitmentPolicy: aws.cryptography.materialProviders#ESDKCommitmentPolicy, maxEncryptedDataKeys: CountingNumbers, + netV4_0_0_RetryPolicy: NetV4_0_0_RetryPolicy } +// Allow or Forbid ESDK-NET v4.0.0 Behavior on a retry +// The default, for ESDK-NET 4.x, is Allow +@aws.polymorph#javadoc( + "During Decryption, Allow or Forbid ESDK-NET v4.0.0 Behavior if the ESDK Message Header fails the Header Authentication check." +) +@enum([ + { + name: "FORBID_RETRY", + value: "FORBID_RETRY", + }, + { + name: "ALLOW_RETRY", + value: "ALLOW_RETRY", + } +]) +string NetV4_0_0_RetryPolicy + + ///////////// // ESDK Operations diff --git a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/AwsEncryptionSdkOperations.dfy b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/AwsEncryptionSdkOperations.dfy index 2ce835078..695b3379d 100644 --- a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/AwsEncryptionSdkOperations.dfy +++ b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/AwsEncryptionSdkOperations.dfy @@ -41,7 +41,8 @@ module AwsEncryptionSdkOperations refines AbstractAwsCryptographyEncryptionSdkOp nameonly crypto: Primitives.AtomicPrimitivesClient, nameonly mpl: MaterialProviders.MaterialProvidersClient, nameonly commitmentPolicy: AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy, - nameonly maxEncryptedDataKeys: Option + nameonly maxEncryptedDataKeys: Option, + nameonly netV4_0_0_RetryPolicy: NetV4_0_0_RetryPolicy ) type InternalConfig = Config @@ -193,9 +194,12 @@ module AwsEncryptionSdkOperations refines AbstractAwsCryptographyEncryptionSdkOp //# cmm-interface.md#get-encryption-materials) call. var messageId: HeaderTypes.MessageId :- EncryptDecryptHelpers.GenerateMessageId(materials.algorithmSuite, config.crypto); + // TODO Post-#619: Remove Net v4.0.0 references + // TODO Post-#619: Formally Verify Message ID is in info of HKDF var maybeDerivedDataKeys := KeyDerivation.DeriveKeys( - messageId, materials.plaintextDataKey.value, materials.algorithmSuite, config.crypto + messageId, materials.plaintextDataKey.value, materials.algorithmSuite, config.crypto, config.netV4_0_0_RetryPolicy, false ); + var derivedDataKeys :- maybeDerivedDataKeys .MapFailure(e => Types.AwsEncryptionSdkException( message := "Failed to derive data keys")); @@ -480,9 +484,11 @@ module AwsEncryptionSdkOperations refines AbstractAwsCryptographyEncryptionSdkOp // * Encryption Context (Section 2.6.2) && var headerEncryptionContext := EncryptionContext.GetEncryptionContext(headerBody.value.data.encryptionContext); && output.value.encryptionContext == - headerEncryptionContext + buildEncryptionContextToOnlyAuthenticate(decMat, headerEncryptionContext) + headerEncryptionContext + buildEncryptionContextToOnlyAuthenticate(decMat) { - + // Track if a failure has triggered a V4 Retry + var v4Retry := false; + //= compliance/client-apis/decrypt.txt#2.5.1.1 //= type=TODO //# To make diagnosing this mistake easier, implementations SHOULD detect @@ -570,9 +576,9 @@ module AwsEncryptionSdkOperations refines AbstractAwsCryptographyEncryptionSdkOp } ConcatenateCorrectlyReadByteRanges(buffer, headerBody.tail, headerAuth.tail); - + var maybeDerivedDataKeys := KeyDerivation.DeriveKeys( - headerBody.data.messageId, decMat.plaintextDataKey.value, suite, config.crypto + headerBody.data.messageId, decMat.plaintextDataKey.value, suite, config.crypto, config.netV4_0_0_RetryPolicy, false ); :- Need(maybeDerivedDataKeys.Success?, Types.AwsEncryptionSdkException( @@ -603,7 +609,7 @@ module AwsEncryptionSdkOperations refines AbstractAwsCryptographyEncryptionSdkOp //# (../framework/structures.md#required-encryption-context-keys-1) //# serialized according to the [encryption context serialization specification] //# (../framework/structures.md#serialization). - var encryptionContextToOnlyAuthenticate := buildEncryptionContextToOnlyAuthenticate(decMat, headerEncryptionContext); + var encryptionContextToOnlyAuthenticate := buildEncryptionContextToOnlyAuthenticate(decMat); EncryptionContext.SubsetOfESDKEncryptionContextIsESDKEncryptionContext( decMat.encryptionContext, @@ -612,8 +618,8 @@ module AwsEncryptionSdkOperations refines AbstractAwsCryptographyEncryptionSdkOp var canonicalReqEncryptionContext := EncryptionContext.GetCanonicalEncryptionContext(encryptionContextToOnlyAuthenticate); - var serializedReqEncryptionContext := - EncryptionContext.WriteAAD(canonicalReqEncryptionContext); + var serializedReqEncryptionContext := + EncryptionContext.WriteEmptyEcOrWriteAAD(canonicalReqEncryptionContext); var maybeHeaderAuth := //= compliance/client-apis/decrypt.txt#2.7.3 @@ -641,6 +647,60 @@ module AwsEncryptionSdkOperations refines AbstractAwsCryptographyEncryptionSdkOp aad := rawHeader + serializedReqEncryptionContext )); + + // TODO Post-#619: Add to the ESDK Specification the following: + // ESDK-NET v4.0.0 Header Auth Catch + // This will catch the Header Auth failure, + // The Retry MUST + // calculate the HKDF without the Message ID in the info and + // use EncryptionContext.WriteAAD to serialize the + // the Canonical Required Encryption Context. + + // TODO Post-#619: Formally Verify this section + // TODO Post-#619: Duvet this section + // TODO Post-#619: Refactor this to eliminate duplicate code + if maybeHeaderAuth.Failure? + && config.netV4_0_0_RetryPolicy == NetV4_0_0_RetryPolicy.ALLOW_RETRY + && v4Retry == false + { + v4Retry := true; + // Derive Keys following ESDK-NET @ v4.0.0 Behavior + maybeDerivedDataKeys := KeyDerivation.DeriveKeys( + headerBody.data.messageId, decMat.plaintextDataKey.value, suite, config.crypto, config.netV4_0_0_RetryPolicy, true + ); + :- Need(maybeDerivedDataKeys.Success?, + Types.AwsEncryptionSdkException( + message := "Failed to derive data keys") + ); + derivedDataKeys := maybeDerivedDataKeys.value; + // Serialize Required Encryption Context following ESDK-NET @ v4.0.0 Behavior + serializedReqEncryptionContext := EncryptionContext.WriteAAD(canonicalReqEncryptionContext); + maybeHeaderAuth := + //= compliance/client-apis/decrypt.txt#2.7.3 + //# Once a valid message header is deserialized and decryption materials + //# are available, this operation MUST validate the message header body + //# (../data-format/message-header.md#header-body) by using the + //# authenticated encryption algorithm (../framework/algorithm- + //# suites.md#encryption-algorithm) to decrypt with the following inputs: + config.crypto.AESDecrypt(Primitives.Types.AESDecryptInput( + encAlg := suite.encrypt.AES_GCM, + //#* the cipherkey is the derived data key + key := derivedDataKeys.dataKey, + //#* the ciphertext is an empty byte array + cipherTxt := [], + //#* the tag is the value serialized in the message header's + //# authentication tag field (../data-format/message- + //# header.md#authentication-tag) + authTag := headerAuth.data.headerAuthTag, + //#* the IV is the value serialized in the message header's IV field + //# (../data-format/message-header#iv). + iv := headerAuth.data.headerIv, + //#* MUST be the concatenation of the serialized [message header body] + //# (../data-format/message-header.md#header-body) + //# and the serialization of encryption context to only authenticate. + aad := rawHeader + serializedReqEncryptionContext + )); + } //= compliance/client-apis/decrypt.txt#2.7.3 //# If this tag verification fails, this operation MUST immediately halt //# and fail. @@ -660,7 +720,7 @@ module AwsEncryptionSdkOperations refines AbstractAwsCryptographyEncryptionSdkOp var key := derivedDataKeys.dataKey; var plaintext: seq; var messageBodyTail: SerializeFunctions.ReadableBuffer; - + //= compliance/client-apis/decrypt.txt#2.7.4 //# Once the message header is successfully parsed, the next sequential //# bytes MUST be deserialized according to the message body spec @@ -736,9 +796,13 @@ module AwsEncryptionSdkOperations refines AbstractAwsCryptographyEncryptionSdkOp } + // The encryption context to only authenticate MUST be + // the encryption context in the decryption materials filtered + // to only contain key value pairs listed + // in the decryption material's required encryption context keys. + // TODO Post-#619: Duvet this section function method buildEncryptionContextToOnlyAuthenticate( - decMat: MPL.DecryptionMaterials, - headerEncryptionContext: MPL.EncryptionContext + decMat: MPL.DecryptionMaterials ): MPL.EncryptionContext { map diff --git a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/EncryptDecrypt.dfy b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/EncryptDecrypt.dfy index d1d39c9ed..6a3762abe 100644 --- a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/EncryptDecrypt.dfy +++ b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/EncryptDecrypt.dfy @@ -476,7 +476,7 @@ module EncryptDecryptHelpers { var canonicalReqEncryptionContext := EncryptionContext.GetCanonicalEncryptionContext(requiredEncryptionContextMap); var serializedReqEncryptionContext := - EncryptionContext.WriteAAD(canonicalReqEncryptionContext); + EncryptionContext.WriteEmptyEcOrWriteAAD(canonicalReqEncryptionContext); //= compliance/client-apis/encrypt.txt#2.6.2 //# Before encrypting input plaintext, this operation MUST serialize the diff --git a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/Index.dfy b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/Index.dfy index 064ea75bf..057ab8d96 100644 --- a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/Index.dfy +++ b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/Index.dfy @@ -11,11 +11,14 @@ module import MaterialProviders import AwsCryptographyMaterialProvidersTypes + // TODO Post-#619: Formally Verify this section + // TODO Post-#619: Duvet this section function method DefaultAwsEncryptionSdkConfig(): AwsEncryptionSdkConfig { AwsEncryptionSdkConfig( commitmentPolicy := Some(AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT), - maxEncryptedDataKeys := None + maxEncryptedDataKeys := None, + netV4_0_0_RetryPolicy := Some(NetV4_0_0_RetryPolicy.ALLOW_RETRY) ) } @@ -33,8 +36,8 @@ module crypto := crypto, mpl := mpl, commitmentPolicy := config.commitmentPolicy.UnwrapOr(AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT), - maxEncryptedDataKeys := config.maxEncryptedDataKeys - + maxEncryptedDataKeys := config.maxEncryptedDataKeys, + netV4_0_0_RetryPolicy := config.netV4_0_0_RetryPolicy.UnwrapOr(NetV4_0_0_RetryPolicy.ALLOW_RETRY) ); var client := new ESDKClient(internalConfig); return Success(client); diff --git a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/KeyDerivation.dfy b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/KeyDerivation.dfy index dc9944a30..2607f528c 100644 --- a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/KeyDerivation.dfy +++ b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/KeyDerivation.dfy @@ -31,7 +31,9 @@ module KeyDerivation { messageId: HeaderTypes.MessageId, plaintextDataKey: seq, suite: MPL.AlgorithmSuiteInfo, - crypto: Primitives.AtomicPrimitivesClient + crypto: Primitives.AtomicPrimitivesClient, + // TODO Post-#619: Refactor, breaking Net v4.0.0 logic out into independent method + onNetV4Retry: bool ) returns (res: Result) @@ -77,9 +79,20 @@ module KeyDerivation { digestAlgorithm := hkdf.hmac, salt := None, ikm := plaintextDataKey, - info := suite.binaryId, + info := suite.binaryId + messageId, expectedLength := hkdf.outputKeyLength ); + // TODO Post-#619: Formally Verify this section + // TODO Post-#619: Duvet this section + if onNetV4Retry { + hkdfInput := AwsCryptographyPrimitivesTypes.HkdfInput( + digestAlgorithm := hkdf.hmac, + salt := None, + ikm := plaintextDataKey, + info := suite.binaryId, + expectedLength := hkdf.outputKeyLength + ); + } var maybeDerivedKey := crypto.Hkdf(hkdfInput); var derivedKey :- maybeDerivedKey.MapFailure(e => Types.AwsCryptographyPrimitives(e)); @@ -209,7 +222,10 @@ module KeyDerivation { messageId: HeaderTypes.MessageId, plaintextKey: seq, suite: MPL.AlgorithmSuiteInfo, - crypto: Primitives.AtomicPrimitivesClient + crypto: Primitives.AtomicPrimitivesClient, + // TODO Post-#619: Refactor, breaking Net v4.0.0 logic out into independent method + netV4_0_0_RetryPolicy: Types.NetV4_0_0_RetryPolicy, + onNetV4Retry: bool ) returns (res: Result) @@ -261,7 +277,12 @@ module KeyDerivation { }, Types.AwsEncryptionSdkException( message := "Suites with message version 1 must not have commitment")); - keys :- DeriveKey(messageId, plaintextKey, suite, crypto); + if netV4_0_0_RetryPolicy == Types.NetV4_0_0_RetryPolicy.ALLOW_RETRY && onNetV4Retry { + keys :- DeriveKey(messageId, plaintextKey, suite, crypto, true); + } else { + keys :- DeriveKey(messageId, plaintextKey, suite, crypto, false); + } + } else { return Failure(Types.AwsEncryptionSdkException( message := "Unknown message version")); diff --git a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/Serialize/EncryptionContext.dfy b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/Serialize/EncryptionContext.dfy index 0c96be845..af70c4b8b 100644 --- a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/Serialize/EncryptionContext.dfy +++ b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/src/Serialize/EncryptionContext.dfy @@ -320,6 +320,40 @@ module {:options "/functionSyntax:4" } EncryptionContext { WriteUint16(|aad| as uint16) + aad } + // To Calculate the Authenication Only AAD for the Encryption Context, + // the Encryption Context MUST be: + // - filtered, + // - Canonicalized + // Finally, if the result of the above is an empy Encryption Context, + // it is serialized as []. + // Otherwise, it is serialized following the spec's + // compliance/data-format/message-header.txt#2.5.1.7.2 + // This method ONLY handles the last porition. + // + // On Decrypt, the Decryption Materials' filtering is done + // via buildEncryptionContextToOnlyAuthenticate, + // which returns the pairs that exist in requiredEncryptionContextKeys. + // On Encrypt, the filtering is done inside of `BuildHeaderForEncrypt`, + // (currently) on lines 472 to 474. + // Both Decrypt & Encrypt Canonicalize via GetCanonicalEncryptionContext. + function WriteEmptyEcOrWriteAAD( + ec: ESDKCanonicalEncryptionContext + ): + (ret: seq) + ensures HasUint16Len(ret) + { + // The Serialization of No Encryption Context is NOT `[0, [0, 0]]`, + // but `[]`. + if |ec| == 0 then + [] + else + WriteAAD(ec) + } + + lemma WriteEmptyEcOrWriteAADIsCorrect(ec: ESDKCanonicalEncryptionContext) + ensures WriteEmptyEcOrWriteAAD(ec) == WriteAADSection(ec)[2..] + {} + //= compliance/data-format/message-header.txt#2.5.1.7.2 //#The following table describes the fields that form the Key Value //#Pairs. The bytes are appended in the order shown. @@ -342,8 +376,12 @@ module {:options "/functionSyntax:4" } EncryptionContext { ensures HasUint16Len(ret) // To support older versions of the ESDK // |ec| == 0 is encoded as 0 count. - // However, this is never called on write path. - // See WriteAADSection + // However, + // this |ec| == 0 behavior is never invoked, + // as this method is protected by + // WriteAADSection and WriteEmptyEcOrWriteAAD, + // which both handle |ec| == 0 independently + // of this method. ensures |ec| == 0 ==> ret == WriteUint16(0) { WriteUint16(|ec| as uint16) + WriteAADPairs(ec) diff --git a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/test/TestCreateEsdkClient.dfy b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/test/TestCreateEsdkClient.dfy index 75b645d19..1d29adba5 100644 --- a/AwsEncryptionSDK/dafny/AwsEncryptionSdk/test/TestCreateEsdkClient.dfy +++ b/AwsEncryptionSDK/dafny/AwsEncryptionSdk/test/TestCreateEsdkClient.dfy @@ -7,6 +7,47 @@ module TestCreateEsdkClient { import Types = AwsCryptographyEncryptionSdkTypes import mplTypes = AwsCryptographyMaterialProvidersTypes import EncryptionSdk + import MaterialProviders + import opened Wrappers + import opened UInt = StandardLibrary.UInt + + + // THIS IS AN INCORRECTLY SERIALIZED CIPHERTEXT PRODUCED BY + // THE ESDK .NET V4.0.0 + // This message was constructucted with a zeroed 32 byte AES Key + // using v4.0.0 of the Encryption SDK for .NET which incorrectly + // serializes the message header making messages unreadble in + // other implementations and making this version unable to + // read other implementation's messages. + const ESDK_NET_V400_MESSAGE: seq := [ + 2, 5, 120, 238, 5, 239, 107, 129, 136, 211, 103, 75, 18, 140, + 11, 74, 26, 191, 92, 27, 202, 170, 33, 28, 9, 117, 252, 29, 29, + 92, 213, 21, 231, 172, 234, 0, 95, 0, 1, 0, 21, 97, 119, 115, 45, + 99, 114, 121, 112, 116, 111, 45, 112, 117, 98, 108, 105, 99, 45, 107, + 101, 121, 0, 68, 65, 119, 102, 117, 103, 90, 99, 107, 57, 116, 100, 53, + 104, 78, 108, 49, 78, 108, 75, 111, 47, 104, 105, 114, 53, 85, 47, 48, 81, + 109, 98, 73, 111, 107, 79, 72, 81, 87, 97, 72, 83, 43, 115, 117, 119, 75, + 73, 77, 82, 76, 99, 67, 80, 49, 54, 55, 56, 43, 49, 82, 75, 49, 48, 82, + 101, 119, 61, 61, 0, 1, 0, 21, 83, 111, 109, 101, 32, 109, 97, 110, 97, + 103, 101, 100, 32, 114, 97, 119, 32, 107, 101, 121, 115, 0, 47, 77, 121, + 32, 50, 53, 54, 45, 98, 105, 116, 32, 65, 69, 83, 32, 119, 114, 97, 112, + 112, 105, 110, 103, 32, 107, 101, 121, 0, 0, 0, 128, 0, 0, 0, 12, 229, 254, + 197, 205, 110, 124, 222, 48, 217, 121, 252, 11, 0, 48, 64, 60, 232, 232, 76, + 229, 15, 118, 224, 152, 79, 93, 113, 166, 255, 172, 255, 148, 185, 150, 195, 179, + 78, 52, 186, 38, 216, 48, 118, 45, 113, 204, 71, 102, 116, 148, 199, 109, 178, + 19, 2, 203, 150, 201, 65, 32, 199, 180, 2, 0, 0, 16, 0, 67, 72, 208, 112, 230, + 137, 188, 187, 0, 28, 183, 198, 192, 45, 248, 108, 2, 129, 34, 42, 59, 155, 70, + 117, 182, 216, 239, 27, 210, 78, 62, 104, 181, 247, 141, 50, 133, 42, 72, 200, + 185, 57, 20, 49, 193, 240, 171, 140, 255, 255, 255, 255, 0, 0, 0, 1, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 15, 67, 37, 106, 11, 15, 23, 78, 239, 208, + 185, 4, 36, 182, 9, 63, 62, 83, 97, 42, 250, 252, 185, 165, 14, 182, 231, 83, + 176, 227, 191, 92, 0, 103, 48, 101, 2, 49, 0, 193, 152, 7, 169, 197, 137, 244, + 88, 9, 1, 6, 56, 96, 13, 220, 201, 56, 16, 50, 68, 70, 36, 174, 38, 14, 241, 207, + 11, 139, 154, 166, 224, 191, 20, 12, 175, 56, 117, 183, 120, 119, 228, 173, 130, + 71, 110, 211, 189, 2, 48, 99, 98, 250, 36, 53, 182, 2, 204, 198, 55, 150, 51, + 159, 101, 231, 34, 42, 30, 57, 204, 88, 114, 138, 94, 12, 79, 52, 71, 178, + 34, 61, 246, 55, 163, 145, 95, 80, 61, 85, 143, 32, 0, 98, 20, 88, 251, 204, 5 + ]; method {:test} TestClientCreation() { var defaultConfig := EncryptionSdk.DefaultAwsEncryptionSdkConfig(); @@ -15,5 +56,55 @@ module TestCreateEsdkClient { expect esdk.config.commitmentPolicy == defaultConfig.commitmentPolicy.value; expect esdk.config.maxEncryptedDataKeys == defaultConfig.maxEncryptedDataKeys; + expect esdk.config.netV4_0_0_RetryPolicy == Types.NetV4_0_0_RetryPolicy.ALLOW_RETRY; } -} \ No newline at end of file + + method {:test} TestNetRetryFlag() { + var mpl :- expect MaterialProviders.MaterialProviders(); + var keyNamespace := "Some managed raw keys"; + var keyName := "My 256-bit AES wrapping key"; + var expectedMessage : seq := [84,104,105,115,32,105,115,32,97,32,116,101,115,116,46]; + + var rawAesKeyring :- expect mpl.CreateRawAesKeyring(mplTypes.CreateRawAesKeyringInput( + keyNamespace := keyNamespace, + keyName := keyName, + wrappingKey := seq(32, i => 0), + wrappingAlg := mplTypes.ALG_AES256_GCM_IV12_TAG16 + )); + + // Attempt to decrypt the v4.0.0 message without the retry flag and expect + // decryption to fail + var esdkConfig := Types.AwsEncryptionSdkConfig( + commitmentPolicy := Some(mplTypes.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT), + maxEncryptedDataKeys := None, + netV4_0_0_RetryPolicy := Some(Types.NetV4_0_0_RetryPolicy.FORBID_RETRY) + ); + + var noRetryEsdk :- expect EncryptionSdk.ESDK(config := esdkConfig); + + var expectFailureDecryptOutput := noRetryEsdk.Decrypt(Types.DecryptInput( + ciphertext := ESDK_NET_V400_MESSAGE, + materialsManager := None, + keyring := Some(rawAesKeyring), + encryptionContext := None + )); + + expect expectFailureDecryptOutput.Failure?; + + // Decrypt v4.0.0 message with the default configuration which is to retry + // and expect decryption to pass + var defaultConfig := EncryptionSdk.DefaultAwsEncryptionSdkConfig(); + var esdk :- expect EncryptionSdk.ESDK(config := defaultConfig); + + var decryptOutput := esdk.Decrypt(Types.DecryptInput( + ciphertext := ESDK_NET_V400_MESSAGE, + materialsManager := None, + keyring := Some(rawAesKeyring), + encryptionContext := None + )); + + expect decryptOutput.Success?; + expect decryptOutput.value.plaintext == expectedMessage; + } + +} diff --git a/AwsEncryptionSDK/runtimes/net/Benchmarks/.gitignore b/AwsEncryptionSDK/runtimes/net/Benchmarks/.gitignore deleted file mode 100644 index 502a49c36..000000000 --- a/AwsEncryptionSDK/runtimes/net/Benchmarks/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -bin/ -obj/ -BenchmarkDotNet.Artifacts/ diff --git a/AwsEncryptionSDK/runtimes/net/Benchmarks/AWSEncryptionSDKBenchmarks.csproj b/AwsEncryptionSDK/runtimes/net/Benchmarks/AWSEncryptionSDKBenchmarks.csproj deleted file mode 100644 index 77d6ae70c..000000000 --- a/AwsEncryptionSDK/runtimes/net/Benchmarks/AWSEncryptionSDKBenchmarks.csproj +++ /dev/null @@ -1,21 +0,0 @@ - - - - Exe - - netcoreapp3.1;net461 - 7.3 - - - - - - - - - diff --git a/AwsEncryptionSDK/runtimes/net/Benchmarks/Benchmarks.cs b/AwsEncryptionSDK/runtimes/net/Benchmarks/Benchmarks.cs deleted file mode 100644 index 7b5992e05..000000000 --- a/AwsEncryptionSDK/runtimes/net/Benchmarks/Benchmarks.cs +++ /dev/null @@ -1,158 +0,0 @@ -using System; -using System.Collections.Generic; -using System.IO; -using System.Linq; -using System.Security.Cryptography; -using AWS.EncryptionSDK; -using AWS.EncryptionSDK.Core; -using BenchmarkDotNet.Attributes; -using BenchmarkDotNet.Running; -using Org.BouncyCastle.Utilities.Encoders; -using RSA = RSAEncryption.RSA; - -namespace Benchmarks -{ - public abstract class BaseEncryptDecryptBenchmark - { - [ParamsSource(nameof(ValuesForPlaintextLengthBytes))] - public int PlaintextLengthBytes { get; set; } - - [ParamsSource(nameof(ValuesForFrameLengthBytes))] - public int FrameLengthBytes { get; set; } - - private IAwsEncryptionSdk _encryptionSdk; - private IKeyring _keyring; - private MemoryStream _plaintext; - private MemoryStream _ciphertext; - private Dictionary _encryptionContext; - - /** - * Concrete benchmark classes should implement this method. - */ - protected abstract IKeyring CreateKeyring(); - - // Runs once for each combination of params - [GlobalSetup] - public void GlobalSetup() - { - _encryptionSdk = AwsEncryptionSdkFactory.CreateDefaultAwsEncryptionSdk(); - - _keyring = CreateKeyring(); - - _plaintext = new MemoryStream(PlaintextLengthBytes); - _plaintext.SetLength(PlaintextLengthBytes); // need to set this because buffer is 0-length by default - RandomNumberGenerator.Create().GetBytes(_plaintext.GetBuffer()); - - _encryptionContext = new Dictionary - { - { "key1", "value1" }, - { "key2", "value2" }, - { "key3", "value3" } - }; - - _ciphertext = Encrypt().Ciphertext; - } - - [Benchmark] - public EncryptOutput Encrypt() => - _encryptionSdk.Encrypt(new EncryptInput - { - Keyring = _keyring, - Plaintext = _plaintext, - EncryptionContext = _encryptionContext, - AlgorithmSuiteId = AlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY, - FrameLength = FrameLengthBytes - }); - - [Benchmark] - public DecryptOutput Decrypt() => - _encryptionSdk.Decrypt(new DecryptInput - { - Keyring = _keyring, - Ciphertext = _ciphertext - }); - - private static readonly int[] DefaultValuesForPlaintextLengthBytes = - { - 1, 10, 100, 1_000, 10_000, 100_000, 1_000_000, 10_000_000 - }; - - public static IEnumerable ValuesForPlaintextLengthBytes() => - ParseIntsFromEnvVar("BENCHMARK_PLAINTEXT_LENGTH_BYTES", DefaultValuesForPlaintextLengthBytes); - - private static readonly int[] DefaultValuesForFrameLengthBytes = { 1024, 4096, 65536 }; - - public static IEnumerable ValuesForFrameLengthBytes() => - ParseIntsFromEnvVar("BENCHMARK_FRAME_LENGTH_BYTES", DefaultValuesForFrameLengthBytes); - - /// - /// Parses the named environment variable as comma-separated integers and returns them, - /// or returns the given default values if the environment variable is empty. - /// - /// if the environment variable is incorrectly formatted - private static IEnumerable ParseIntsFromEnvVar(string name, IEnumerable defaults) - { - var envValue = Environment.GetEnvironmentVariable(name); - if (string.IsNullOrWhiteSpace(envValue)) - { - return defaults; - } - - try - { - return envValue - .Split(',') - .Select(part => int.Parse(part.Trim())) - // Evaluate this query immediately so that we catch parse exceptions right away, - // and not when the caller tries to use the results - .ToList(); - } - catch (FormatException exception) - { - throw new ApplicationException( - $"Environment variable {name} could not be parsed as comma-separated ints", - exception); - } - } - } - - public class RawAesKeyringBenchmark : BaseEncryptDecryptBenchmark - { - private static readonly string AES_256_KEY_MATERIAL_B64 = "AAECAwQFBgcICRAREhMUFRYXGBkgISIjJCUmJygpMDE="; - - protected override IKeyring CreateKeyring() - { - var providers = AwsCryptographicMaterialProvidersFactory.CreateDefaultAwsCryptographicMaterialProviders(); - return providers.CreateRawAesKeyring(new CreateRawAesKeyringInput - { - KeyNamespace = "aes_namespace", - KeyName = "aes_name", - WrappingAlg = AesWrappingAlg.ALG_AES256_GCM_IV12_TAG16, - WrappingKey = new MemoryStream(Base64.Decode(AES_256_KEY_MATERIAL_B64)) - }); - } - } - - public class RawRsaKeyringBenchmark : BaseEncryptDecryptBenchmark - { - protected override IKeyring CreateKeyring() - { - RSA.GenerateKeyPairBytes(2048, out var publicKeyBytes, out var privateKeyBytes); - - var providers = AwsCryptographicMaterialProvidersFactory.CreateDefaultAwsCryptographicMaterialProviders(); - return providers.CreateRawRsaKeyring(new CreateRawRsaKeyringInput - { - KeyNamespace = "rsa_namespace", - KeyName = "rsa_name", - PaddingScheme = PaddingScheme.OAEP_SHA512_MGF1, - PublicKey = new MemoryStream(publicKeyBytes), - PrivateKey = new MemoryStream(privateKeyBytes) - }); - } - } - - public class Program - { - public static void Main(string[] args) => BenchmarkSwitcher.FromAssembly(typeof(Program).Assembly).Run(args); - } -} diff --git a/AwsEncryptionSDK/runtimes/net/Benchmarks/README.md b/AwsEncryptionSDK/runtimes/net/Benchmarks/README.md deleted file mode 100644 index 2901ec035..000000000 --- a/AwsEncryptionSDK/runtimes/net/Benchmarks/README.md +++ /dev/null @@ -1,55 +0,0 @@ -# AWSEncryptionSDKBenchmarks - -This project contains benchmarks for the .NET Encryption SDK implementation. -We use the [BenchmarkDotNet](https://benchmarkdotnet.org/) framework. - -## Usage - -All commands are to be run from this directory. - -For more information about CLI arguments, see . - -### Running benchmarks - -Note the single quotes! - -```bash -$ # All benchmarks -$ dotnet run -c Release -f netcoreapp3.1 -- -f '*' - -$ # Just encryption -$ dotnet run -c Release -f netcoreapp3.1 -- -f '*Encrypt' - -$ # Just RawAesKeyring decryption -$ dotnet run -c Release -f netcoreapp3.1 -- -f '*RawAes*Decrypt' - -$ # Just 1B and 1KB plaintexts, and just 4KB-byte frames -$ BENCHMARK_PLAINTEXT_LENGTH_BYTES=1,1000 \ - BENCHMARK_FRAME_LENGTH_BYTES=4096 \ - dotnet run -c Release -f netcoreapp3.1 -- -f '*' -``` - -The benchmarks will run, and dump output to both the console -and to the `BenchmarkDotNet.Artifacts` directory. - -### List available benchmarks - -```bash -$ dotnet run -c Release -f netcoreapp3.1 -- --list flat -``` - -## Troubleshooting - -### Failed to set up high priority - -BenchmarkDotNet spins up new processes for running separate benchmarks, -and so it needs to manipulate the CPU priority of those processes. -If it's unable to do so, you may see some console output that says - -> Failed to set up high priority - -You can work around this by running the benchmark suite as superuser, e.g. - -```bash -$ sudo dotnet run -c Release -``` diff --git a/AwsEncryptionSDK/runtimes/net/CHANGELOG.md b/AwsEncryptionSDK/runtimes/net/CHANGELOG.md index 8350f0931..8b9494f94 100644 --- a/AwsEncryptionSDK/runtimes/net/CHANGELOG.md +++ b/AwsEncryptionSDK/runtimes/net/CHANGELOG.md @@ -1,5 +1,36 @@ # Changelog +## 4.0.1 + +### Fixes + +The ESDK-NET’s Message Header AAD +incorrectly appended two empty bytes +when using the DefaultCMM. +The HKDF invocation of non-committing algorithm suites +failed to include the Message ID in the info parameter. + +Neither of these issues +effect the security of messages +written by the 4.0.0 release. + +However, +these messages diverge +from the Encryption SDK Message Specification. +Thus: + +* ESDK-NET v4.0.0 writes messages that only ESDK-NET v4.0.0 and greater can read. +* ESDK-NET v4.0.0 is ONLY able to read messages that are written by ESDK-NET v4.0.0 + +These issues are fixed in 4.0.1, +which writes messages according to the Encryption SDK Message Specification, +and are interoperable with other implementations of this library. + +The option NetV4_RetryPolicy can be use to decrypt v4.0.0 messages. +See [NetV4_0_0Example.cs](Examples/NetV4_0_0Example.cs) on how to use the NetV4_RetryPolicy +and details on distributed applications. + + ## 4.0.0 ### BREAKING CHANGES diff --git a/AwsEncryptionSDK/runtimes/net/ESDK.csproj b/AwsEncryptionSDK/runtimes/net/ESDK.csproj index 23503b234..8cbf4b900 100644 --- a/AwsEncryptionSDK/runtimes/net/ESDK.csproj +++ b/AwsEncryptionSDK/runtimes/net/ESDK.csproj @@ -8,7 +8,7 @@ false true - 4.0.0 + 4.0.1 AWS.Cryptography.EncryptionSDK AWS.Cryptography.EncryptionSDK diff --git a/AwsEncryptionSDK/runtimes/net/Examples/DiscoveryFilterExample.cs b/AwsEncryptionSDK/runtimes/net/Examples/DiscoveryFilterExample.cs index c18765562..f65b58ff9 100644 --- a/AwsEncryptionSDK/runtimes/net/Examples/DiscoveryFilterExample.cs +++ b/AwsEncryptionSDK/runtimes/net/Examples/DiscoveryFilterExample.cs @@ -129,39 +129,6 @@ string awsPartition Assert.True(decryptFailed); } - /// - /// For this example, we break out encryption context verification - /// into a helper method. - /// While encryption context verification is a best practice, it is not - /// the topic of this example. - /// - private static void VerifyEncryptionContext( - DecryptOutput decryptOutput, - Dictionary encryptionContext - ) - { - // Before your application uses plaintext data, verify that the encryption context that - // you used to encrypt the message is included in the encryption context that was used to - // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. - // - // In production, always use a meaningful encryption context. - foreach (var expectedPair in encryptionContext) - if (!decryptOutput.EncryptionContext.TryGetValue(expectedPair.Key, out var decryptedValue) - || !decryptedValue.Equals(expectedPair.Value)) - throw new Exception("Encryption context does not match expected values"); - } - - /// - /// This helper method ensures the decrypted message is the same as the - /// encrypted message. - /// - private static void VerifyDecryptedIsPlaintext(DecryptOutput decryptOutput, MemoryStream plaintext) - { - // Demonstrate that the decrypted plaintext is identical to the original plaintext. - var decrypted = decryptOutput.Plaintext; - Assert.Equal(decrypted.ToArray(), plaintext.ToArray()); - } - // We test examples to ensure they remain up-to-date. [Fact] public void TestDiscoveryFilterExample() diff --git a/AwsEncryptionSDK/runtimes/net/Examples/ExampleUtils/ExampleUtils.cs b/AwsEncryptionSDK/runtimes/net/Examples/ExampleUtils/ExampleUtils.cs index f5bed8625..5a1e32014 100644 --- a/AwsEncryptionSDK/runtimes/net/Examples/ExampleUtils/ExampleUtils.cs +++ b/AwsEncryptionSDK/runtimes/net/Examples/ExampleUtils/ExampleUtils.cs @@ -13,6 +13,7 @@ using AWS.Cryptography.EncryptionSDK; using AWS.Cryptography.MaterialProviders; using Org.BouncyCastle.Security; +using Xunit; using AesWrappingAlg = AWS.Cryptography.MaterialProviders.AesWrappingAlg; using CreateAwsKmsMrkMultiKeyringInput = AWS.Cryptography.MaterialProviders.CreateAwsKmsMrkMultiKeyringInput; using CreateRawAesKeyringInput = AWS.Cryptography.MaterialProviders.CreateRawAesKeyringInput; @@ -233,5 +234,38 @@ public static MemoryStream ReadMessage(string path) file.CopyTo(rtn); return rtn; } + + /// + /// For this example, we break out encryption context verification + /// into a helper method. + /// While encryption context verification is a best practice, it is not + /// the topic of this example. + /// + public static void VerifyEncryptionContext( + DecryptOutput decryptOutput, + Dictionary encryptionContext + ) + { + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + // + // In production, always use a meaningful encryption context. + foreach (var expectedPair in encryptionContext) + if (!decryptOutput.EncryptionContext.TryGetValue(expectedPair.Key, out var decryptedValue) + || !decryptedValue.Equals(expectedPair.Value)) + throw new Exception("Encryption context does not match expected values"); + } + + /// + /// This helper method ensures the decrypted message is the same as the + /// encrypted message. + /// + public static void VerifyDecryptedIsPlaintext(DecryptOutput decryptOutput, MemoryStream plaintext) + { + // Demonstrate that the decrypted plaintext is identical to the original plaintext. + var decrypted = decryptOutput.Plaintext; + Assert.Equal(decrypted.ToArray(), plaintext.ToArray()); + } } } diff --git a/AwsEncryptionSDK/runtimes/net/Examples/NetV4_0_0Example.cs b/AwsEncryptionSDK/runtimes/net/Examples/NetV4_0_0Example.cs new file mode 100644 index 000000000..79cc10dda --- /dev/null +++ b/AwsEncryptionSDK/runtimes/net/Examples/NetV4_0_0Example.cs @@ -0,0 +1,180 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +using System.Collections.Immutable; +using Amazon.KeyManagementService; +using AWS.Cryptography.EncryptionSDK; +using AWS.Cryptography.MaterialProviders; +using Xunit; +using static ExampleUtils.ExampleUtils; + +/// This Demonstrates Allowing for or Forbidding the Decryption +/// of ESDK-NET v4.0.0 Messages. +/// It also documents the expected exceptions a +/// ESDK-NET v4.0.0 application would throw +/// if it encountered a proper ESDK Message, +/// like all those created by the ESDK-NET >= v4.0.1. +/// +/// The AWS Encryption SDK for .NET (ESDK-NET) v4.0.0 +/// diverged from the Encryption SDK Message Specification. +/// +/// The ESDK-NET v4.0.0, +/// when configured +/// with the Default Cryptographic Materials Manager +/// OR when configured with an Algorithm Suites with a Key Derivation Function (KDF) +/// but without Key Commitment, +/// created a Message Header Authentication Tag +/// that is secure but differs from the ESDK Message Specification. +/// +/// By default, in ESDK-NET >= v4.0.1, +/// these divergent messages are read by identifying +/// a Header Authentication Tag failure and +/// recalculating the Header Authentication Tag +/// following the v4.0.0 behavior. +/// +/// This retry can be disabled via the +/// NetV4_0_0_RetryPolicy, +/// an optional property of the +/// AwsEncryptionSdkConfig. +/// +/// Distributed Applications may encounter these +/// Header Authentication Tag failures when +/// upgrading from ESDK-NET v4.0.0 to later ESDK-NET versions. +/// As the ESDK-NET v4.0.0 can, +/// for most ESDK Configurations, +/// only read messages it created, +/// and the ESDK-NET >= v4.0.1 cannot write +/// such messages. +/// +/// One path forward for distributed applications +/// is to catch these Exceptions, +/// which are documented in the ExpectedExceptions method below, +/// and delay processing of these messages until +/// the upgrade deployment is complete. +/// +/// Please note that these exceptions MAY BE caused +/// by an ESDK-NET v4.0.0 upgrade, +/// or they can be caused by message tampering. +public class NetV4_0_0Example +{ + const string fileName = "v4DefaultRegionKmsKey.bin"; + private static readonly ImmutableDictionary EncryptionContext = new Dictionary + { + {"encryption", "context"}, + {"is not", "secret"}, + {"but adds", "useful metadata"}, + {"that can help you", "be confident that"}, + {"the data you are handling", "is what you think it is"} + }.ToImmutableDictionary(); + + private static void Run( + MemoryStream plaintext, + string keyArn + ) + { + /* 1. Instantiate the Material Providers and Encryption SDK */ + var materialProviders = new MaterialProviders(new MaterialProvidersConfig()); + // Instantiate the Encryption SDK such that it allows for + // ESDK-NET v4.0.0 messages to be decrypted. + // This is the default configuration in v4.0.1 and later. + var esdkConfig = new AwsEncryptionSdkConfig + { + NetV4_0_0_RetryPolicy = NetV4_0_0_RetryPolicy.ALLOW_RETRY + }; + var encryptionSdk = new ESDK(esdkConfig); + var keyringInput = new CreateAwsKmsKeyringInput + { + KmsClient = new AmazonKeyManagementServiceClient(), + KmsKeyId = keyArn + }; + var decryptKeyring = materialProviders.CreateAwsKmsKeyring(keyringInput); + /* 3. Load an ESDK-NET v4.0.0 Message */ + var ciphertext = ReadMessage(fileName); + Dictionary encryptionContext = EncryptionContext.ToDictionary(p => p.Key, p => p.Value); + + /* 4. Decrypt the encrypted data. */ + var decryptInput = new DecryptInput + { + Ciphertext = ciphertext, + Keyring = decryptKeyring, + EncryptionContext = encryptionContext + }; + var decryptOutput = encryptionSdk.Decrypt(decryptInput); + + /* 5. Verify the decrypted plaintext is the original plaintext */ + VerifyDecryptedIsPlaintext(decryptOutput, plaintext); + + /* 6. Instantiate another Encryption SDK that will reject ESDK-NET v4.0.0 Messages */ + encryptionSdk = new ESDK(new AwsEncryptionSdkConfig + { + NetV4_0_0_RetryPolicy = NetV4_0_0_RetryPolicy.FORBID_RETRY, + }); + + /* 7. Validate the ESDK rejects the Message with an Authentication error. */ + var decryptFailed = false; + try + { + encryptionSdk.Decrypt(decryptInput); + } + catch (AWS.Cryptography.Primitives.OpaqueError ex) + { + decryptFailed = true; + } + Assert.True(decryptFailed); + ExpectedExceptions(decryptInput); + } + + /// + /// This method demonstrates the exceptions that + /// are thrown by an ESDK-NET v4.0.0 application + /// which decrypts proper ESDK Messages. + /// + /// Such exceptions MAY BE caused by + /// the differences between v4.0.0 and v4.0.1, + /// though they CAN BE caused by other means. + /// + private static void ExpectedExceptions(DecryptInput decryptInput) + { + var encryptionSdk = new ESDK(new AwsEncryptionSdkConfig + { + NetV4_0_0_RetryPolicy = NetV4_0_0_RetryPolicy.FORBID_RETRY, + }); + var decryptFailed = false; + try + { + encryptionSdk.Decrypt(decryptInput); + } + catch (AWS.Cryptography.Primitives.OpaqueError ex) + { + decryptFailed = true; + Assert.True(ex.obj is Exception); + switch (ex.obj) + { + case Org.BouncyCastle.Crypto.InvalidCipherTextException bc: + // On net48, BouncyCastle provides the AES-GCM cipher + Assert.Contains("mac check in GCM failed", bc.Message); + break; + case System.Security.Cryptography.CryptographicException sys: + // On net6.0, the System's Cryptography provides the AES-GCM cipher + Assert.Contains( + "The computed authentication tag did not match the input authentication tag.", + sys.Message); + break; + default: + Assert.False(true, + "This is not a possible case," + + " unless the AES-GCM Cipher provider is unexpected."); + break; + } + } + Assert.True(decryptFailed); + } + + + // We test examples to ensure they remain up-to-date. + [Fact] + public void TestNetV4_0_0Example() + { + Run(GetPlaintextStream(), GetDefaultRegionKmsKeyArn()); + } +} diff --git a/AwsEncryptionSDK/runtimes/net/Examples/resources/defaultRegionKmsKey.bin b/AwsEncryptionSDK/runtimes/net/Examples/resources/defaultRegionKmsKey.bin index 9c28a48a833c9550664de55025bff5e242797be7..2f17a8a77e2020a57cc08743fe83da8f0bdfd8c9 100644 GIT binary patch delta 473 zcmV;~0Ve*P2Au|f0tI++6DL831;Z?a)$<-7j@O)P+#19JQ(%MQPo=KRDJcd3`2Yq0 z6=8RCEn{+daCC1iaCKsAX=5#GWqANZL1$xkS203bXhl_NP+~JNIZ$#>K{8@$I7L=A zPeo~NR4;f(Ze>tzL^DA-Yj|mEIc-Z=F)&6jVR3FoXD~SfZ$oFXf>8l~E13SdOV?7d zmAs>E0s#I8fxt<$Jqj%2R4g z&I}9fWu$50ssII08S(FohO+{(0pD{5SI4-HxBZb7F~Fw;r}0?SEB6~ zFsby7@8|1=9y)z}CvKyEG_?Q!|Nj600096100000000000096105}JQ3>d?=??|e; zGPW^wUAxn1&T(VpDGynof;0$Su37iq znTU5#nX0(p`SSp0Fl7QTP9e-@5*|Rg+u-Rt=&>`b{|xo+`z&@$9}aSLU-jC;YZvhd zxHt?mILm55_d`c2jRG+Moc*Sje#quSB8SfGP-vsQ8ZQH;u?kIW2hYs11*&spho7tR PfvNsFH^7q`M~U;bS-;6L delta 473 zcmV;~0Ve*P2Au|f0tI*{OH#roEzsajS@LFY)iL1pUW)d^?^I8Q{v%IjoLrdz`2Yq0 z6=8RCEn{+daCC1iaCKsAX=5#GWqANZL1<<(STj#>X?06>d1h%tXl!j#LTglRaYb=h zQdd|nX)t8l~5Ws|x+d$=k zx;DPG0s#rSTQdw`sce zl<39dUw##UYj5}e27~5*X5at+|Nj60009610000000000009610626M++|3;fiAYM zRK18A?E3E#OC>%J4dM!i%zk;- PYR%r!YVj7horqGp4Z+mC diff --git a/AwsEncryptionSDK/runtimes/net/Examples/resources/defaultRegionMrkKey.bin b/AwsEncryptionSDK/runtimes/net/Examples/resources/defaultRegionMrkKey.bin index 6e3f43c63de34ea7823caa258c61fcd357373dae..7bc62321215a8d1b5690885a1d55171d93907e3a 100644 GIT binary patch delta 494 zcmVO_z*+Df8h21|Ns900003100000 z00000000310021A%{XrLqjq|nI8WN0x#!-#Uy}O1XLaYA1KCh&DyGbqee%KLzQEf{ zv{ljKRbg`ymND)FGC)-=~Fc&?ufen{VL;r&u|1%&d zFFEm3d5!*POhEcpx=G5^Qh%Mr@FTxSlwy!f6?c%OmjMDX0O_Y$%Qg?xh5RqQ1dOHAf??{^5W&i*H delta 494 zcmVbR0XQ&BUlUenn7<5r&~1U-w%b)y_l!`2Yq0 z6=8RCEn{+daCC1iaCKsAX=5#GWqANZL2q(rR!ulEacfmmZCXb}Zfa^%R(WYeLpNe? zP;FyXNK`R2D?&wDPBU~dP)1@_PIgi-SVm?tYhz4PXlY>saWZ$Yf*b)5kX{~7%W2xO zCAlQpiQ5Hbldb_af5X_nUxJk*SrNs;+5!O(fIHTKf8lJ1=TzCJYKry)Aq};c_7B)5 z=}D)fMmb1t7!K~Rd*lyxU}W&!{J5C91ecY!qAQd1`l zY90XF-g?zbT@U|-MD`p&)mC|D>MeNzq|o^E{2Tc}GjcZ4e-Uc`|Ns900003100000 z0000000031001~^gG!t{&87*w^K+TM_>8xsi49m5@?8hbHPy87P6CPZ9nVKYkxdC; z!A?qCIJz@60j!Fo1+^59^A+2)Y8S4c)2t287$&#?XE0>~F#w%mN1pq_d)7{Y7 k1)kwIZMgJG%=V0z_%(jb)h7?QZcFCC&xG?#b$KrK#xgV)ON&#}N^=x) zQ%e$45=#;pxKi`Lwr1w%F|a4+=ar;ZlrXSm7AxfC1L@+_He zGe9yW8JT(63YjGenZ*o@4D29}XXh3(cqbO+Sphj#K#o;uv2J;4afz;xm6@r9rKy>j zfq{jwu@x{#^plKDjm=Zj40Tg1Qj&E|%q@5qwPB{BRkuI ze1lvjMh1fngczfN92;jsn+IbmGYg}hfglTyz=4(tw;i4~?lRlAm5EWH!TOt4+U;K=ejclf;`4!+~Kv~vd2&3-fY_RD)Pj=m)-iSd%jHNvD^}6B3Bf@KgqXb z=i_y~ObiSH3}V$H&x($9mHs_?_4#Qo?M=5*eWddyExL5^pxE}zUEij>IQlrgPP8FA z|NDQo=4Wa5{{sQg>5M=O10c3ViO8K)kG+k0+t!Ed?T~u&>%EY-svSS?Bd#TTp5Aqr z>^XRKa)|o1-ZiTpUfjC7wq-*mvx}+9^!Ks%-W#0|3#oEWbu9_zp0IB(L%KmKlY#KU z?o!R%y*3-~+s{$oFC;d5RpET+OYu$>VmEfm+`6@OQj+b;sdabG>@<*CH(~3>-%N%K zM-~N1>zh?CzTP1F$64D$urWS8w*SH5&wa^C7Yz6pemzrHc|Ggwy^C2N#dgf?2-*bz Do)0$_ literal 0 HcmV?d00001 diff --git a/AwsEncryptionSDK/runtimes/net/Examples/resources/v4DefaultRegionMrkKey.bin b/AwsEncryptionSDK/runtimes/net/Examples/resources/v4DefaultRegionMrkKey.bin new file mode 100644 index 0000000000000000000000000000000000000000..6e3f43c63de34ea7823caa258c61fcd357373dae GIT binary patch literal 814 zcmZQ#tuSb>G5BO?ZgNp& zK}o)DL1|J>X0mQ}Y9)hn>=X^ui} zYDr>BVo4$cS85*E*3A4o2KMCqypq(45(c)+VuieXAYGiAT$EbEAXt)-SfY@en5U4D znp2=qnP18vn3SpjRGyZZlA2ed0Fq~rEXhb!02vBWppaOUs*sVGmy(m2m(Cy#G_V|G z21uqPBQq~sA+tmwvzURAfgR-W?A&4o@5G`!DSzX_l6?wN#|Hgkq?WO1P!zPk@gD$DPow4!noR@9E zhWvU#bN3YM%@1-6=(;?mRJ}ZniGe|Yfs?*pzWi*AmvPBK@C5Z*R#GU$@}$ z8s75~YC9Ox4N{p58RjOsFHCVYy|y;$?3AE-Kl1~H-FJj$-u}hi%TYS}#;en3oo5!# zQvRZE>A)vDBYwpuCIe&l{BwLUt6tm9=eT_L!cEqB56yFTeDON-t!MfV)4H=))%kbi Rc|SXFzU8w|X{Fw`V*nN) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M17_encryptionContext(concrete._encryptionContext); return converted; -} - internal static software.amazon.cryptography.encryptionsdk.internaldafny.types._IDecryptInput ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput (AWS.Cryptography.EncryptionSDK.DecryptInput value) { - AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager var_materialsManager = value.IsSetMaterialsManager() ? value.MaterialsManager : (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager) null; - AWS.Cryptography.MaterialProviders.IKeyring var_keyring = value.IsSetKeyring() ? value.Keyring : (AWS.Cryptography.MaterialProviders.IKeyring) null; - System.Collections.Generic.Dictionary var_encryptionContext = value.IsSetEncryptionContext() ? value.EncryptionContext : (System.Collections.Generic.Dictionary) null; - return new software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptInput ( ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M10_ciphertext(value.Ciphertext) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M16_materialsManager(var_materialsManager) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M7_keyring(var_keyring) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M17_encryptionContext(var_encryptionContext) ) ; -} - internal static AWS.Cryptography.EncryptionSDK.DecryptOutput FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput (software.amazon.cryptography.encryptionsdk.internaldafny.types._IDecryptOutput value) { - software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptOutput concrete = (software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptOutput)value; AWS.Cryptography.EncryptionSDK.DecryptOutput converted = new AWS.Cryptography.EncryptionSDK.DecryptOutput(); converted.Plaintext = (System.IO.MemoryStream) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M9_plaintext(concrete._plaintext); - converted.EncryptionContext = (System.Collections.Generic.Dictionary) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M17_encryptionContext(concrete._encryptionContext); - converted.AlgorithmSuiteId = (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M16_algorithmSuiteId(concrete._algorithmSuiteId); return converted; -} - internal static software.amazon.cryptography.encryptionsdk.internaldafny.types._IDecryptOutput ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput (AWS.Cryptography.EncryptionSDK.DecryptOutput value) { +using System.Linq; +using System; - return new software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptOutput ( ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M9_plaintext(value.Plaintext) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M17_encryptionContext(value.EncryptionContext) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M16_algorithmSuiteId(value.AlgorithmSuiteId) ) ; -} - internal static AWS.Cryptography.EncryptionSDK.EncryptInput FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput (software.amazon.cryptography.encryptionsdk.internaldafny.types._IEncryptInput value) { - software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptInput concrete = (software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptInput)value; AWS.Cryptography.EncryptionSDK.EncryptInput converted = new AWS.Cryptography.EncryptionSDK.EncryptInput(); converted.Plaintext = (System.IO.MemoryStream) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M9_plaintext(concrete._plaintext); - if (concrete._encryptionContext.is_Some) converted.EncryptionContext = (System.Collections.Generic.Dictionary) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M17_encryptionContext(concrete._encryptionContext); - if (concrete._materialsManager.is_Some) converted.MaterialsManager = (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_materialsManager(concrete._materialsManager); - if (concrete._keyring.is_Some) converted.Keyring = (AWS.Cryptography.MaterialProviders.IKeyring) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M7_keyring(concrete._keyring); - if (concrete._algorithmSuiteId.is_Some) converted.AlgorithmSuiteId = (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_algorithmSuiteId(concrete._algorithmSuiteId); - if (concrete._frameLength.is_Some) converted.FrameLength = (long) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M11_frameLength(concrete._frameLength); return converted; -} - internal static software.amazon.cryptography.encryptionsdk.internaldafny.types._IEncryptInput ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput (AWS.Cryptography.EncryptionSDK.EncryptInput value) { - System.Collections.Generic.Dictionary var_encryptionContext = value.IsSetEncryptionContext() ? value.EncryptionContext : (System.Collections.Generic.Dictionary) null; - AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager var_materialsManager = value.IsSetMaterialsManager() ? value.MaterialsManager : (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager) null; - AWS.Cryptography.MaterialProviders.IKeyring var_keyring = value.IsSetKeyring() ? value.Keyring : (AWS.Cryptography.MaterialProviders.IKeyring) null; - AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId var_algorithmSuiteId = value.IsSetAlgorithmSuiteId() ? value.AlgorithmSuiteId : (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId) null; - long? var_frameLength = value.IsSetFrameLength() ? value.FrameLength : (long?) null; - return new software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptInput ( ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M9_plaintext(value.Plaintext) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M17_encryptionContext(var_encryptionContext) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_materialsManager(var_materialsManager) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M7_keyring(var_keyring) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_algorithmSuiteId(var_algorithmSuiteId) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M11_frameLength(var_frameLength) ) ; -} - internal static AWS.Cryptography.EncryptionSDK.EncryptOutput FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput (software.amazon.cryptography.encryptionsdk.internaldafny.types._IEncryptOutput value) { - software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptOutput concrete = (software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptOutput)value; AWS.Cryptography.EncryptionSDK.EncryptOutput converted = new AWS.Cryptography.EncryptionSDK.EncryptOutput(); converted.Ciphertext = (System.IO.MemoryStream) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M10_ciphertext(concrete._ciphertext); - converted.EncryptionContext = (System.Collections.Generic.Dictionary) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M17_encryptionContext(concrete._encryptionContext); - converted.AlgorithmSuiteId = (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId) FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M16_algorithmSuiteId(concrete._algorithmSuiteId); return converted; -} - internal static software.amazon.cryptography.encryptionsdk.internaldafny.types._IEncryptOutput ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput (AWS.Cryptography.EncryptionSDK.EncryptOutput value) { +namespace AWS.Cryptography.EncryptionSDK +{ + public static class TypeConversion + { + public static AWS.Cryptography.EncryptionSDK.AwsEncryptionSdkConfig + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig( + software.amazon.cryptography.encryptionsdk.internaldafny.types._IAwsEncryptionSdkConfig value) + { + software.amazon.cryptography.encryptionsdk.internaldafny.types.AwsEncryptionSdkConfig concrete = + (software.amazon.cryptography.encryptionsdk.internaldafny.types.AwsEncryptionSdkConfig)value; + AWS.Cryptography.EncryptionSDK.AwsEncryptionSdkConfig converted = + new AWS.Cryptography.EncryptionSDK.AwsEncryptionSdkConfig(); + if (concrete._commitmentPolicy.is_Some) + converted.CommitmentPolicy = + (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M16_commitmentPolicy( + concrete._commitmentPolicy); + if (concrete._maxEncryptedDataKeys.is_Some) + converted.MaxEncryptedDataKeys = + (long) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M20_maxEncryptedDataKeys( + concrete._maxEncryptedDataKeys); + // BEGIN MANUAL EDIT + if (concrete._netV4__0__0__RetryPolicy.is_Some) + // END MANUAL EDIT + converted.NetV4_0_0_RetryPolicy = + (AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M21_netV4_0_0_RetryPolicy( + // BEGIN MANUAL EDIT + concrete._netV4__0__0__RetryPolicy); + // END MANUAL EDIT + return converted; + } - return new software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptOutput ( ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M10_ciphertext(value.Ciphertext) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M17_encryptionContext(value.EncryptionContext) , ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M16_algorithmSuiteId(value.AlgorithmSuiteId) ) ; -} - internal static AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M16_commitmentPolicy (Wrappers_Compile._IOption value) { - return value.is_None ? (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy) null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKCommitmentPolicy(value.Extract()); -} - internal static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M16_commitmentPolicy (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy value) { - return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKCommitmentPolicy((AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy) value)); -} - internal static long? FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M20_maxEncryptedDataKeys (Wrappers_Compile._IOption value) { - return value.is_None ? (long?) null : FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S15_CountingNumbers(value.Extract()); -} - internal static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M20_maxEncryptedDataKeys (long? value) { - return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S15_CountingNumbers((long) value)); -} - internal static string FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException__M7_message (Dafny.ISequence value) { - return FromDafny_N6_smithy__N3_api__S6_String(value); -} - internal static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException__M7_message (string value) { - return ToDafny_N6_smithy__N3_api__S6_String(value); -} - internal static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M10_ciphertext (Dafny.ISequence value) { - return FromDafny_N6_smithy__N3_api__S4_Blob(value); -} - internal static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M10_ciphertext (System.IO.MemoryStream value) { - return ToDafny_N6_smithy__N3_api__S4_Blob(value); -} - internal static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M16_materialsManager (Wrappers_Compile._IOption value) { - return value.is_None ? (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager) null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference(value.Extract()); -} - internal static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M16_materialsManager (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager value) { - return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference((AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager) value)); -} - internal static AWS.Cryptography.MaterialProviders.IKeyring FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M7_keyring (Wrappers_Compile._IOption value) { - return value.is_None ? (AWS.Cryptography.MaterialProviders.IKeyring) null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference(value.Extract()); -} - internal static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M7_keyring (AWS.Cryptography.MaterialProviders.IKeyring value) { - return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference((AWS.Cryptography.MaterialProviders.IKeyring) value)); -} - internal static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M17_encryptionContext (Wrappers_Compile._IOption, Dafny.ISequence>> value) { - return value.is_None ? (System.Collections.Generic.Dictionary) null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value.Extract()); -} - internal static Wrappers_Compile._IOption, Dafny.ISequence>> ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M17_encryptionContext (System.Collections.Generic.Dictionary value) { - return value == null ? Wrappers_Compile.Option, Dafny.ISequence>>.create_None() : Wrappers_Compile.Option, Dafny.ISequence>>.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext((System.Collections.Generic.Dictionary) value)); -} - internal static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M9_plaintext (Dafny.ISequence value) { - return FromDafny_N6_smithy__N3_api__S4_Blob(value); -} - internal static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M9_plaintext (System.IO.MemoryStream value) { - return ToDafny_N6_smithy__N3_api__S4_Blob(value); -} - internal static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M17_encryptionContext (Dafny.IMap, Dafny.ISequence> value) { - return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value); -} - internal static Dafny.IMap, Dafny.ISequence> ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M17_encryptionContext (System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value); -} - internal static AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M16_algorithmSuiteId (software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId value) { - return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value); -} - internal static software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M16_algorithmSuiteId (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value) { - return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value); -} - internal static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M9_plaintext (Dafny.ISequence value) { - return FromDafny_N6_smithy__N3_api__S4_Blob(value); -} - internal static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M9_plaintext (System.IO.MemoryStream value) { - return ToDafny_N6_smithy__N3_api__S4_Blob(value); -} - internal static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M17_encryptionContext (Wrappers_Compile._IOption, Dafny.ISequence>> value) { - return value.is_None ? (System.Collections.Generic.Dictionary) null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value.Extract()); -} - internal static Wrappers_Compile._IOption, Dafny.ISequence>> ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M17_encryptionContext (System.Collections.Generic.Dictionary value) { - return value == null ? Wrappers_Compile.Option, Dafny.ISequence>>.create_None() : Wrappers_Compile.Option, Dafny.ISequence>>.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext((System.Collections.Generic.Dictionary) value)); -} - internal static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_materialsManager (Wrappers_Compile._IOption value) { - return value.is_None ? (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager) null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference(value.Extract()); -} - internal static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_materialsManager (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager value) { - return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference((AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager) value)); -} - internal static AWS.Cryptography.MaterialProviders.IKeyring FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M7_keyring (Wrappers_Compile._IOption value) { - return value.is_None ? (AWS.Cryptography.MaterialProviders.IKeyring) null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference(value.Extract()); -} - internal static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M7_keyring (AWS.Cryptography.MaterialProviders.IKeyring value) { - return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference((AWS.Cryptography.MaterialProviders.IKeyring) value)); -} - internal static AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_algorithmSuiteId (Wrappers_Compile._IOption value) { - return value.is_None ? (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId) null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value.Extract()); -} - internal static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_algorithmSuiteId (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value) { - return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId((AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId) value)); -} - internal static long? FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M11_frameLength (Wrappers_Compile._IOption value) { - return value.is_None ? (long?) null : FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S11_FrameLength(value.Extract()); -} - internal static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M11_frameLength (long? value) { - return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S11_FrameLength((long) value)); -} - internal static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M10_ciphertext (Dafny.ISequence value) { - return FromDafny_N6_smithy__N3_api__S4_Blob(value); -} - internal static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M10_ciphertext (System.IO.MemoryStream value) { - return ToDafny_N6_smithy__N3_api__S4_Blob(value); -} - internal static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M17_encryptionContext (Dafny.IMap, Dafny.ISequence> value) { - return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value); -} - internal static Dafny.IMap, Dafny.ISequence> ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M17_encryptionContext (System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value); -} - internal static AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M16_algorithmSuiteId (software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId value) { - return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value); -} - internal static software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M16_algorithmSuiteId (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value) { - return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value); -} - internal static AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKCommitmentPolicy (software.amazon.cryptography.materialproviders.internaldafny.types._IESDKCommitmentPolicy value) { - if (value.is_FORBID__ENCRYPT__ALLOW__DECRYPT) return AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT; - if (value.is_REQUIRE__ENCRYPT__ALLOW__DECRYPT) return AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_ALLOW_DECRYPT; - if (value.is_REQUIRE__ENCRYPT__REQUIRE__DECRYPT) return AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT; -throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy value"); -} - internal static software.amazon.cryptography.materialproviders.internaldafny.types._IESDKCommitmentPolicy ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKCommitmentPolicy (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy value) { - if (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKCommitmentPolicy.create_FORBID__ENCRYPT__ALLOW__DECRYPT(); - if (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_ALLOW_DECRYPT.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKCommitmentPolicy.create_REQUIRE__ENCRYPT__ALLOW__DECRYPT(); - if (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKCommitmentPolicy.create_REQUIRE__ENCRYPT__REQUIRE__DECRYPT(); -throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy value"); -} - internal static long FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S15_CountingNumbers (long value) { - return value; -} - internal static long ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S15_CountingNumbers (long value) { - return value; -} - internal static string FromDafny_N6_smithy__N3_api__S6_String (Dafny.ISequence value) { - return new string(value.Elements); -} - internal static Dafny.ISequence ToDafny_N6_smithy__N3_api__S6_String (string value) { - return Dafny.Sequence.FromString(value); -} - internal static System.IO.MemoryStream FromDafny_N6_smithy__N3_api__S4_Blob (Dafny.ISequence value) { - return new System.IO.MemoryStream(value.Elements); -} - internal static Dafny.ISequence ToDafny_N6_smithy__N3_api__S4_Blob (System.IO.MemoryStream value) { - return Dafny.Sequence.FromArray(value.ToArray()); -} - internal static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference (software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager value) { - // This is converting a reference type in a dependant module. - // Therefore it defers to the dependant module for conversion - return AWS.Cryptography.MaterialProviders.TypeConversion.FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference(value); -} - internal static software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager value) { - // This is converting a reference type in a dependant module. - // Therefore it defers to the dependant module for conversion - return AWS.Cryptography.MaterialProviders.TypeConversion.ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference(value); -} - internal static AWS.Cryptography.MaterialProviders.IKeyring FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference (software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring value) { - // This is converting a reference type in a dependant module. - // Therefore it defers to the dependant module for conversion - return AWS.Cryptography.MaterialProviders.TypeConversion.FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference(value); -} - internal static software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference (AWS.Cryptography.MaterialProviders.IKeyring value) { - // This is converting a reference type in a dependant module. - // Therefore it defers to the dependant module for conversion - return AWS.Cryptography.MaterialProviders.TypeConversion.ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference(value); -} - internal static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext (Dafny.IMap, Dafny.ISequence> value) { - return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M5_value(pair.Cdr)); -} - internal static Dafny.IMap, Dafny.ISequence> ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext (System.Collections.Generic.Dictionary value) { - return Dafny.Map, Dafny.ISequence>.FromCollection(value.Select(pair => - new Dafny.Pair, Dafny.ISequence>(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M5_value(pair.Value)) -)); -} - internal static AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId (software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId value) { - if (value.is_ALG__AES__128__GCM__IV12__TAG16__NO__KDF) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_NO_KDF; - if (value.is_ALG__AES__192__GCM__IV12__TAG16__NO__KDF) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_NO_KDF; - if (value.is_ALG__AES__256__GCM__IV12__TAG16__NO__KDF) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_NO_KDF; - if (value.is_ALG__AES__128__GCM__IV12__TAG16__HKDF__SHA256) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256; - if (value.is_ALG__AES__192__GCM__IV12__TAG16__HKDF__SHA256) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA256; - if (value.is_ALG__AES__256__GCM__IV12__TAG16__HKDF__SHA256) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256; - if (value.is_ALG__AES__128__GCM__IV12__TAG16__HKDF__SHA256__ECDSA__P256) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256; - if (value.is_ALG__AES__192__GCM__IV12__TAG16__HKDF__SHA384__ECDSA__P384) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384; - if (value.is_ALG__AES__256__GCM__IV12__TAG16__HKDF__SHA384__ECDSA__P384) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384; - if (value.is_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY; - if (value.is_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__ECDSA__P384) return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384; -throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value"); -} - internal static software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value) { - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_NO_KDF.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__128__GCM__IV12__TAG16__NO__KDF(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_NO_KDF.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__192__GCM__IV12__TAG16__NO__KDF(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__256__GCM__IV12__TAG16__NO__KDF(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__128__GCM__IV12__TAG16__HKDF__SHA256(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA256.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__192__GCM__IV12__TAG16__HKDF__SHA256(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__256__GCM__IV12__TAG16__HKDF__SHA256(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__128__GCM__IV12__TAG16__HKDF__SHA256__ECDSA__P256(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__192__GCM__IV12__TAG16__HKDF__SHA384__ECDSA__P384(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__256__GCM__IV12__TAG16__HKDF__SHA384__ECDSA__P384(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY(); - if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId.create_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__ECDSA__P384(); -throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value"); -} - internal static long FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S11_FrameLength (long value) { - return value; -} - internal static long ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S11_FrameLength (long value) { - return value; -} - internal static string FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key (Dafny.ISequence value) { - return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); -} - internal static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key (string value) { - return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); -} - internal static string FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M5_value (Dafny.ISequence value) { - return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); -} - internal static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M5_value (string value) { - return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); -} - internal static string FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes (Dafny.ISequence value) { - System.Text.UTF8Encoding utf8 = new System.Text.UTF8Encoding(false, true); -return utf8.GetString(value.Elements); -} - internal static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes (string value) { - System.Text.UTF8Encoding utf8 = new System.Text.UTF8Encoding(false, true); -return Dafny.Sequence.FromArray(utf8.GetBytes(value)); -} - public static System.Exception FromDafny_CommonError(software.amazon.cryptography.encryptionsdk.internaldafny.types._IError value) { - switch(value) - { - case software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_AwsCryptographyMaterialProviders dafnyVal: - return AWS.Cryptography.MaterialProviders.TypeConversion.FromDafny_CommonError( - dafnyVal._AwsCryptographyMaterialProviders - ); - case software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_AwsCryptographyPrimitives dafnyVal: - return AWS.Cryptography.Primitives.TypeConversion.FromDafny_CommonError( - dafnyVal._AwsCryptographyPrimitives - ); - case software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_AwsEncryptionSdkException dafnyVal: -return FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException(dafnyVal); - case software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_CollectionOfErrors dafnyVal: - return new CollectionOfErrors( - new System.Collections.Generic.List(dafnyVal.dtor_list.CloneAsArray() - .Select(x => TypeConversion.FromDafny_CommonError(x))), - new string(dafnyVal.dtor_message.Elements)); - case software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_Opaque dafnyVal: - return new OpaqueError(dafnyVal._obj); - default: - // The switch MUST be complete for _IError, so `value` MUST NOT be an _IError. (How did you get here?) - return new OpaqueError(); -} -} - public static software.amazon.cryptography.encryptionsdk.internaldafny.types._IError ToDafny_CommonError(System.Exception value) { - switch (value.GetType().Namespace) { - case "AWS.Cryptography.MaterialProviders": - return software.amazon.cryptography.encryptionsdk.internaldafny.types.Error.create_AwsCryptographyMaterialProviders( - AWS.Cryptography.MaterialProviders.TypeConversion.ToDafny_CommonError(value) - ); -} - switch (value) - { - case AWS.Cryptography.EncryptionSDK.AwsEncryptionSdkException exception: - return ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException(exception); - case CollectionOfErrors collectionOfErrors: - return new software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_CollectionOfErrors( - Dafny.Sequence - .FromArray( - collectionOfErrors.list.Select - (x => TypeConversion.ToDafny_CommonError(x)) - .ToArray()), - Dafny.Sequence.FromString(collectionOfErrors.Message) - ); - // OpaqueError is redundant, but listed for completeness. - case OpaqueError exception: - return new software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_Opaque(exception); - case System.Exception exception: - return new software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_Opaque(exception); - default: - // The switch MUST be complete for System.Exception, so `value` MUST NOT be an System.Exception. (How did you get here?) - return new software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_Opaque(value); -} -} -} + public static software.amazon.cryptography.encryptionsdk.internaldafny.types._IAwsEncryptionSdkConfig + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig( + AWS.Cryptography.EncryptionSDK.AwsEncryptionSdkConfig value) + { + AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy var_commitmentPolicy = value.IsSetCommitmentPolicy() + ? value.CommitmentPolicy + : (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy)null; + long? var_maxEncryptedDataKeys = + value.IsSetMaxEncryptedDataKeys() ? value.MaxEncryptedDataKeys : (long?)null; + AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy var_netV4_0_0_RetryPolicy = + value.IsSetNetV4__0__0__RetryPolicy() + ? value.NetV4_0_0_RetryPolicy + : (AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy)null; + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.AwsEncryptionSdkConfig( + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M16_commitmentPolicy( + var_commitmentPolicy), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M20_maxEncryptedDataKeys( + var_maxEncryptedDataKeys), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M21_netV4_0_0_RetryPolicy( + var_netV4_0_0_RetryPolicy)); + } + + public static AWS.Cryptography.EncryptionSDK.AwsEncryptionSdkException + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException( + software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_AwsEncryptionSdkException value) + { + return new AWS.Cryptography.EncryptionSDK.AwsEncryptionSdkException( + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException__M7_message( + value._message) + ); + } + + public static software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_AwsEncryptionSdkException + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException( + AWS.Cryptography.EncryptionSDK.AwsEncryptionSdkException value) + { + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_AwsEncryptionSdkException( + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException__M7_message( + value.Message) + ); + } + + public static AWS.Cryptography.EncryptionSDK.DecryptInput + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput( + software.amazon.cryptography.encryptionsdk.internaldafny.types._IDecryptInput value) + { + software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptInput concrete = + (software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptInput)value; + AWS.Cryptography.EncryptionSDK.DecryptInput converted = new AWS.Cryptography.EncryptionSDK.DecryptInput(); + converted.Ciphertext = + (System.IO.MemoryStream) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M10_ciphertext( + concrete._ciphertext); + if (concrete._materialsManager.is_Some) + converted.MaterialsManager = + (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M16_materialsManager( + concrete._materialsManager); + if (concrete._keyring.is_Some) + converted.Keyring = + (AWS.Cryptography.MaterialProviders.IKeyring) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M7_keyring( + concrete._keyring); + if (concrete._encryptionContext.is_Some) + converted.EncryptionContext = + (System.Collections.Generic.Dictionary) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M17_encryptionContext( + concrete._encryptionContext); + return converted; + } + + public static software.amazon.cryptography.encryptionsdk.internaldafny.types._IDecryptInput + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput( + AWS.Cryptography.EncryptionSDK.DecryptInput value) + { + AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager var_materialsManager = + value.IsSetMaterialsManager() + ? value.MaterialsManager + : (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)null; + AWS.Cryptography.MaterialProviders.IKeyring var_keyring = + value.IsSetKeyring() ? value.Keyring : (AWS.Cryptography.MaterialProviders.IKeyring)null; + System.Collections.Generic.Dictionary var_encryptionContext = value.IsSetEncryptionContext() + ? value.EncryptionContext + : (System.Collections.Generic.Dictionary)null; + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptInput( + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M10_ciphertext(value.Ciphertext), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M16_materialsManager( + var_materialsManager), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M7_keyring(var_keyring), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M17_encryptionContext( + var_encryptionContext)); + } + + public static AWS.Cryptography.EncryptionSDK.DecryptOutput + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput( + software.amazon.cryptography.encryptionsdk.internaldafny.types._IDecryptOutput value) + { + software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptOutput concrete = + (software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptOutput)value; + AWS.Cryptography.EncryptionSDK.DecryptOutput converted = new AWS.Cryptography.EncryptionSDK.DecryptOutput(); + converted.Plaintext = + (System.IO.MemoryStream) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M9_plaintext( + concrete._plaintext); + converted.EncryptionContext = + (System.Collections.Generic.Dictionary) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M17_encryptionContext( + concrete._encryptionContext); + converted.AlgorithmSuiteId = + (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M16_algorithmSuiteId( + concrete._algorithmSuiteId); + return converted; + } + + public static software.amazon.cryptography.encryptionsdk.internaldafny.types._IDecryptOutput + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput( + AWS.Cryptography.EncryptionSDK.DecryptOutput value) + { + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.DecryptOutput( + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M9_plaintext(value.Plaintext), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M17_encryptionContext( + value.EncryptionContext), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M16_algorithmSuiteId( + value.AlgorithmSuiteId)); + } + + public static AWS.Cryptography.EncryptionSDK.EncryptInput + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput( + software.amazon.cryptography.encryptionsdk.internaldafny.types._IEncryptInput value) + { + software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptInput concrete = + (software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptInput)value; + AWS.Cryptography.EncryptionSDK.EncryptInput converted = new AWS.Cryptography.EncryptionSDK.EncryptInput(); + converted.Plaintext = + (System.IO.MemoryStream) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M9_plaintext( + concrete._plaintext); + if (concrete._encryptionContext.is_Some) + converted.EncryptionContext = + (System.Collections.Generic.Dictionary) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M17_encryptionContext( + concrete._encryptionContext); + if (concrete._materialsManager.is_Some) + converted.MaterialsManager = + (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_materialsManager( + concrete._materialsManager); + if (concrete._keyring.is_Some) + converted.Keyring = + (AWS.Cryptography.MaterialProviders.IKeyring) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M7_keyring( + concrete._keyring); + if (concrete._algorithmSuiteId.is_Some) + converted.AlgorithmSuiteId = + (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_algorithmSuiteId( + concrete._algorithmSuiteId); + if (concrete._frameLength.is_Some) + converted.FrameLength = + (long)FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M11_frameLength( + concrete._frameLength); + return converted; + } + + public static software.amazon.cryptography.encryptionsdk.internaldafny.types._IEncryptInput + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput( + AWS.Cryptography.EncryptionSDK.EncryptInput value) + { + System.Collections.Generic.Dictionary var_encryptionContext = value.IsSetEncryptionContext() + ? value.EncryptionContext + : (System.Collections.Generic.Dictionary)null; + AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager var_materialsManager = + value.IsSetMaterialsManager() + ? value.MaterialsManager + : (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)null; + AWS.Cryptography.MaterialProviders.IKeyring var_keyring = + value.IsSetKeyring() ? value.Keyring : (AWS.Cryptography.MaterialProviders.IKeyring)null; + AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId var_algorithmSuiteId = value.IsSetAlgorithmSuiteId() + ? value.AlgorithmSuiteId + : (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId)null; + long? var_frameLength = value.IsSetFrameLength() ? value.FrameLength : (long?)null; + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptInput( + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M9_plaintext(value.Plaintext), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M17_encryptionContext( + var_encryptionContext), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_materialsManager( + var_materialsManager), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M7_keyring(var_keyring), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_algorithmSuiteId( + var_algorithmSuiteId), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M11_frameLength( + var_frameLength)); + } + + public static AWS.Cryptography.EncryptionSDK.EncryptOutput + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput( + software.amazon.cryptography.encryptionsdk.internaldafny.types._IEncryptOutput value) + { + software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptOutput concrete = + (software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptOutput)value; + AWS.Cryptography.EncryptionSDK.EncryptOutput converted = new AWS.Cryptography.EncryptionSDK.EncryptOutput(); + converted.Ciphertext = + (System.IO.MemoryStream) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M10_ciphertext( + concrete._ciphertext); + converted.EncryptionContext = + (System.Collections.Generic.Dictionary) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M17_encryptionContext( + concrete._encryptionContext); + converted.AlgorithmSuiteId = + (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId) + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M16_algorithmSuiteId( + concrete._algorithmSuiteId); + return converted; + } + + public static software.amazon.cryptography.encryptionsdk.internaldafny.types._IEncryptOutput + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput( + AWS.Cryptography.EncryptionSDK.EncryptOutput value) + { + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.EncryptOutput( + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M10_ciphertext( + value.Ciphertext), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M17_encryptionContext( + value.EncryptionContext), + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M16_algorithmSuiteId( + value.AlgorithmSuiteId)); + } + + public static AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S21_NetV4_0_0_RetryPolicy( + // BEGIN MANUAL EDIT + software.amazon.cryptography.encryptionsdk.internaldafny.types._INetV4__0__0__RetryPolicy value) + // END MANUAL EDIT + { + if (value.is_FORBID__RETRY) return AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy.FORBID_RETRY; + if (value.is_ALLOW__RETRY) return AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy.ALLOW_RETRY; + throw new System.ArgumentException("Invalid AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy value"); + } + + // BEGIN MANUAL EDIT + internal static software.amazon.cryptography.encryptionsdk.internaldafny.types._INetV4__0__0__RetryPolicy + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S21_NetV4_0_0_RetryPolicy( + AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy value) + { + if (AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy.FORBID_RETRY.Equals(value)) + // BEGIN MANUAL EDIT + return software.amazon.cryptography.encryptionsdk.internaldafny.types.NetV4__0__0__RetryPolicy + // END MANUAL EDIT + .create_FORBID__RETRY(); + if (AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy.ALLOW_RETRY.Equals(value)) + // BEGIN MANUAL EDIT + return software.amazon.cryptography.encryptionsdk.internaldafny.types.NetV4__0__0__RetryPolicy + // END MANUAL EDIT + .create_ALLOW__RETRY(); + throw new System.ArgumentException("Invalid AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy value"); + } + + public static AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M16_commitmentPolicy( + Wrappers_Compile._IOption value) + { + return value.is_None + ? (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy)null + : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKCommitmentPolicy(value.Extract()); + } + + public static + Wrappers_Compile._IOption< + software.amazon.cryptography.materialproviders.internaldafny.types._IESDKCommitmentPolicy> + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M16_commitmentPolicy( + AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy value) + { + return value == null + ? Wrappers_Compile + .Option + .create_None() + : Wrappers_Compile + .Option + .create_Some( + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKCommitmentPolicy( + (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy)value)); + } + + public static long? + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M20_maxEncryptedDataKeys( + Wrappers_Compile._IOption value) + { + return value.is_None + ? (long?)null + : FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S15_CountingNumbers(value.Extract()); + } + + public static Wrappers_Compile._IOption + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M20_maxEncryptedDataKeys( + long? value) + { + return value == null + ? Wrappers_Compile.Option.create_None() + : Wrappers_Compile.Option.create_Some( + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S15_CountingNumbers((long)value)); + } + + public static AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M21_netV4_0_0_RetryPolicy( + Wrappers_Compile._IOption value) + // END MANUAL EDIT + { + return value.is_None + ? (AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy)null + : FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S21_NetV4_0_0_RetryPolicy(value.Extract()); + } + + public static + Wrappers_Compile._IOption< + // BEGIN MANUAL EDIT + software.amazon.cryptography.encryptionsdk.internaldafny.types._INetV4__0__0__RetryPolicy> + // END MANUAL EDIT + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S22_AwsEncryptionSdkConfig__M21_netV4_0_0_RetryPolicy( + AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy value) + { + return value == null + ? Wrappers_Compile + // BEGIN MANUAL EDIT + .Option + // END MANUAL EDIT + .create_None() + : Wrappers_Compile + // BEGIN MANUAL EDIT + .Option + // END MANUAL EDIT + .create_Some( + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S21_NetV4_0_0_RetryPolicy( + (AWS.Cryptography.EncryptionSDK.NetV4_0_0_RetryPolicy)value)); + } + + public static string + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException__M7_message( + Dafny.ISequence value) + { + return FromDafny_N6_smithy__N3_api__S6_String(value); + } + + public static Dafny.ISequence + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException__M7_message(string value) + { + return ToDafny_N6_smithy__N3_api__S6_String(value); + } + + public static System.IO.MemoryStream + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M10_ciphertext( + Dafny.ISequence value) + { + return FromDafny_N6_smithy__N3_api__S4_Blob(value); + } + + public static Dafny.ISequence + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M10_ciphertext( + System.IO.MemoryStream value) + { + return ToDafny_N6_smithy__N3_api__S4_Blob(value); + } + + public static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M16_materialsManager( + Wrappers_Compile._IOption value) + { + return value.is_None + ? (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)null + : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference( + value.Extract()); + } + + public static + Wrappers_Compile._IOption + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M16_materialsManager( + AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager value) + { + return value == null + ? Wrappers_Compile + .Option< + software.amazon.cryptography.materialproviders.internaldafny.types. + ICryptographicMaterialsManager>.create_None() + : Wrappers_Compile + .Option< + software.amazon.cryptography.materialproviders.internaldafny.types. + ICryptographicMaterialsManager> + .create_Some( + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference( + (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)value)); + } + + public static AWS.Cryptography.MaterialProviders.IKeyring + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M7_keyring( + Wrappers_Compile._IOption + value) + { + return value.is_None + ? (AWS.Cryptography.MaterialProviders.IKeyring)null + : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference(value.Extract()); + } + + public static + Wrappers_Compile._IOption + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M7_keyring( + AWS.Cryptography.MaterialProviders.IKeyring value) + { + return value == null + ? Wrappers_Compile.Option + .create_None() + : Wrappers_Compile.Option + .create_Some( + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference( + (AWS.Cryptography.MaterialProviders.IKeyring)value)); + } + + public static System.Collections.Generic.Dictionary + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M17_encryptionContext( + Wrappers_Compile._IOption, Dafny.ISequence>> value) + { + return value.is_None + ? (System.Collections.Generic.Dictionary)null + : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value.Extract()); + } + + public static Wrappers_Compile._IOption, Dafny.ISequence>> + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_DecryptInput__M17_encryptionContext( + System.Collections.Generic.Dictionary value) + { + return value == null + ? Wrappers_Compile.Option, Dafny.ISequence>>.create_None() + : Wrappers_Compile.Option, Dafny.ISequence>>.create_Some( + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext( + (System.Collections.Generic.Dictionary)value)); + } + + public static System.IO.MemoryStream + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M9_plaintext( + Dafny.ISequence value) + { + return FromDafny_N6_smithy__N3_api__S4_Blob(value); + } + + public static Dafny.ISequence + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M9_plaintext( + System.IO.MemoryStream value) + { + return ToDafny_N6_smithy__N3_api__S4_Blob(value); + } + + public static System.Collections.Generic.Dictionary + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M17_encryptionContext( + Dafny.IMap, Dafny.ISequence> value) + { + return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value); + } + + public static Dafny.IMap, Dafny.ISequence> + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M17_encryptionContext( + System.Collections.Generic.Dictionary value) + { + return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value); + } + + public static AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M16_algorithmSuiteId( + software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId value) + { + return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value); + } + + public static software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_DecryptOutput__M16_algorithmSuiteId( + AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value) + { + return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value); + } + + public static System.IO.MemoryStream + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M9_plaintext( + Dafny.ISequence value) + { + return FromDafny_N6_smithy__N3_api__S4_Blob(value); + } + + public static Dafny.ISequence + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M9_plaintext( + System.IO.MemoryStream value) + { + return ToDafny_N6_smithy__N3_api__S4_Blob(value); + } + + public static System.Collections.Generic.Dictionary + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M17_encryptionContext( + Wrappers_Compile._IOption, Dafny.ISequence>> value) + { + return value.is_None + ? (System.Collections.Generic.Dictionary)null + : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value.Extract()); + } + + public static Wrappers_Compile._IOption, Dafny.ISequence>> + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M17_encryptionContext( + System.Collections.Generic.Dictionary value) + { + return value == null + ? Wrappers_Compile.Option, Dafny.ISequence>>.create_None() + : Wrappers_Compile.Option, Dafny.ISequence>>.create_Some( + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext( + (System.Collections.Generic.Dictionary)value)); + } + + public static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_materialsManager( + Wrappers_Compile._IOption value) + { + return value.is_None + ? (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)null + : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference( + value.Extract()); + } + + public static + Wrappers_Compile._IOption + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_materialsManager( + AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager value) + { + return value == null + ? Wrappers_Compile + .Option< + software.amazon.cryptography.materialproviders.internaldafny.types. + ICryptographicMaterialsManager>.create_None() + : Wrappers_Compile + .Option< + software.amazon.cryptography.materialproviders.internaldafny.types. + ICryptographicMaterialsManager> + .create_Some( + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference( + (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)value)); + } + + public static AWS.Cryptography.MaterialProviders.IKeyring + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M7_keyring( + Wrappers_Compile._IOption + value) + { + return value.is_None + ? (AWS.Cryptography.MaterialProviders.IKeyring)null + : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference(value.Extract()); + } + + public static + Wrappers_Compile._IOption + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M7_keyring( + AWS.Cryptography.MaterialProviders.IKeyring value) + { + return value == null + ? Wrappers_Compile.Option + .create_None() + : Wrappers_Compile.Option + .create_Some( + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference( + (AWS.Cryptography.MaterialProviders.IKeyring)value)); + } + + public static AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_algorithmSuiteId( + Wrappers_Compile._IOption value) + { + return value.is_None + ? (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId)null + : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value.Extract()); + } + + public static + Wrappers_Compile._IOption< + software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId> + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M16_algorithmSuiteId( + AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value) + { + return value == null + ? Wrappers_Compile + .Option + .create_None() + : Wrappers_Compile + .Option + .create_Some( + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId( + (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId)value)); + } + + public static long? FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M11_frameLength( + Wrappers_Compile._IOption value) + { + return value.is_None + ? (long?)null + : FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S11_FrameLength(value.Extract()); + } + + public static Wrappers_Compile._IOption + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S12_EncryptInput__M11_frameLength(long? value) + { + return value == null + ? Wrappers_Compile.Option.create_None() + : Wrappers_Compile.Option.create_Some( + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S11_FrameLength((long)value)); + } + + public static System.IO.MemoryStream + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M10_ciphertext( + Dafny.ISequence value) + { + return FromDafny_N6_smithy__N3_api__S4_Blob(value); + } + + public static Dafny.ISequence + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M10_ciphertext( + System.IO.MemoryStream value) + { + return ToDafny_N6_smithy__N3_api__S4_Blob(value); + } + + public static System.Collections.Generic.Dictionary + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M17_encryptionContext( + Dafny.IMap, Dafny.ISequence> value) + { + return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value); + } + + public static Dafny.IMap, Dafny.ISequence> + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M17_encryptionContext( + System.Collections.Generic.Dictionary value) + { + return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value); + } + + public static AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M16_algorithmSuiteId( + software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId value) + { + return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value); + } + + public static software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId + ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S13_EncryptOutput__M16_algorithmSuiteId( + AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value) + { + return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId(value); + } + + public static AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy + FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKCommitmentPolicy( + software.amazon.cryptography.materialproviders.internaldafny.types._IESDKCommitmentPolicy value) + { + if (value.is_FORBID__ENCRYPT__ALLOW__DECRYPT) + return AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT; + if (value.is_REQUIRE__ENCRYPT__ALLOW__DECRYPT) + return AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_ALLOW_DECRYPT; + if (value.is_REQUIRE__ENCRYPT__REQUIRE__DECRYPT) + return AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT; + throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy value"); + } + + public static software.amazon.cryptography.materialproviders.internaldafny.types._IESDKCommitmentPolicy + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKCommitmentPolicy( + AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy value) + { + if (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKCommitmentPolicy + .create_FORBID__ENCRYPT__ALLOW__DECRYPT(); + if (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_ALLOW_DECRYPT.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKCommitmentPolicy + .create_REQUIRE__ENCRYPT__ALLOW__DECRYPT(); + if (AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKCommitmentPolicy + .create_REQUIRE__ENCRYPT__REQUIRE__DECRYPT(); + throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.ESDKCommitmentPolicy value"); + } + + public static long FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S15_CountingNumbers(long value) + { + return value; + } + + public static long ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S15_CountingNumbers(long value) + { + return value; + } + + public static string FromDafny_N6_smithy__N3_api__S6_String(Dafny.ISequence value) + { + return new string(value.Elements); + } + + public static Dafny.ISequence ToDafny_N6_smithy__N3_api__S6_String(string value) + { + return Dafny.Sequence.FromString(value); + } + + public static System.IO.MemoryStream FromDafny_N6_smithy__N3_api__S4_Blob(Dafny.ISequence value) + { + return new System.IO.MemoryStream(value.Elements); + } + + public static Dafny.ISequence ToDafny_N6_smithy__N3_api__S4_Blob(System.IO.MemoryStream value) + { + return Dafny.Sequence.FromArray(value.ToArray()); + } + + public static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager + FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference( + software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager value) + { + // This is converting a reference type in a dependant module. + // Therefore it defers to the dependant module for conversion + return AWS.Cryptography.MaterialProviders.TypeConversion + .FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference( + value); + } + + public static software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference( + AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager value) + { + // This is converting a reference type in a dependant module. + // Therefore it defers to the dependant module for conversion + return AWS.Cryptography.MaterialProviders.TypeConversion + .ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference( + value); + } + + public static AWS.Cryptography.MaterialProviders.IKeyring + FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference( + software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring value) + { + // This is converting a reference type in a dependant module. + // Therefore it defers to the dependant module for conversion + return AWS.Cryptography.MaterialProviders.TypeConversion + .FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference(value); + } + + public static software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference( + AWS.Cryptography.MaterialProviders.IKeyring value) + { + // This is converting a reference type in a dependant module. + // Therefore it defers to the dependant module for conversion + return AWS.Cryptography.MaterialProviders.TypeConversion + .ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_KeyringReference(value); + } + + public static System.Collections.Generic.Dictionary + FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext( + Dafny.IMap, Dafny.ISequence> value) + { + return value.ItemEnumerable.ToDictionary( + pair => + FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key(pair.Car), + pair => + FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M5_value( + pair.Cdr)); + } + + public static Dafny.IMap, Dafny.ISequence> + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext( + System.Collections.Generic.Dictionary value) + { + return Dafny.Map, Dafny.ISequence>.FromCollection(value.Select(pair => + new Dafny.Pair, Dafny.ISequence>( + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key(pair.Key), + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M5_value( + pair.Value)) + )); + } + + public static AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId( + software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId value) + { + if (value.is_ALG__AES__128__GCM__IV12__TAG16__NO__KDF) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_NO_KDF; + if (value.is_ALG__AES__192__GCM__IV12__TAG16__NO__KDF) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_NO_KDF; + if (value.is_ALG__AES__256__GCM__IV12__TAG16__NO__KDF) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_NO_KDF; + if (value.is_ALG__AES__128__GCM__IV12__TAG16__HKDF__SHA256) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256; + if (value.is_ALG__AES__192__GCM__IV12__TAG16__HKDF__SHA256) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA256; + if (value.is_ALG__AES__256__GCM__IV12__TAG16__HKDF__SHA256) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256; + if (value.is_ALG__AES__128__GCM__IV12__TAG16__HKDF__SHA256__ECDSA__P256) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + .ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256; + if (value.is_ALG__AES__192__GCM__IV12__TAG16__HKDF__SHA384__ECDSA__P384) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + .ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384; + if (value.is_ALG__AES__256__GCM__IV12__TAG16__HKDF__SHA384__ECDSA__P384) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + .ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384; + if (value.is_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY; + if (value.is_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__ECDSA__P384) + return AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + .ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384; + throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value"); + } + + public static software.amazon.cryptography.materialproviders.internaldafny.types._IESDKAlgorithmSuiteId + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_ESDKAlgorithmSuiteId( + AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value) + { + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_NO_KDF.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__128__GCM__IV12__TAG16__NO__KDF(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_NO_KDF.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__192__GCM__IV12__TAG16__NO__KDF(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__256__GCM__IV12__TAG16__NO__KDF(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256 + .Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__128__GCM__IV12__TAG16__HKDF__SHA256(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA256 + .Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__192__GCM__IV12__TAG16__HKDF__SHA256(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256 + .Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__256__GCM__IV12__TAG16__HKDF__SHA256(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + .ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__128__GCM__IV12__TAG16__HKDF__SHA256__ECDSA__P256(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + .ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__192__GCM__IV12__TAG16__HKDF__SHA384__ECDSA__P384(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + .ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__256__GCM__IV12__TAG16__HKDF__SHA384__ECDSA__P384(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY + .Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY(); + if (AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId + .ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384.Equals(value)) + return software.amazon.cryptography.materialproviders.internaldafny.types.ESDKAlgorithmSuiteId + .create_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__ECDSA__P384(); + throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.ESDKAlgorithmSuiteId value"); + } + + public static long FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S11_FrameLength(long value) + { + return value; + } + + public static long ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S11_FrameLength(long value) + { + return value; + } + + public static string FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key( + Dafny.ISequence value) + { + return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); + } + + public static Dafny.ISequence + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key(string value) + { + return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); + } + + public static string FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M5_value( + Dafny.ISequence value) + { + return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); + } + + public static Dafny.ISequence + ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M5_value(string value) + { + return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); + } + + public static string FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes( + Dafny.ISequence value) + { + System.Text.UTF8Encoding utf8 = new System.Text.UTF8Encoding(false, true); + return utf8.GetString(value.Elements); + } + + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes( + string value) + { + System.Text.UTF8Encoding utf8 = new System.Text.UTF8Encoding(false, true); + return Dafny.Sequence.FromArray(utf8.GetBytes(value)); + } + + public static System.Exception FromDafny_CommonError( + software.amazon.cryptography.encryptionsdk.internaldafny.types._IError value) + { + switch (value) + { + case software.amazon.cryptography.encryptionsdk.internaldafny.types. + Error_AwsCryptographyMaterialProviders dafnyVal: + return AWS.Cryptography.MaterialProviders.TypeConversion.FromDafny_CommonError( + dafnyVal._AwsCryptographyMaterialProviders + ); + case software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_AwsCryptographyPrimitives + dafnyVal: + return AWS.Cryptography.Primitives.TypeConversion.FromDafny_CommonError( + dafnyVal._AwsCryptographyPrimitives + ); + case software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_AwsEncryptionSdkException + dafnyVal: + return FromDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException( + dafnyVal); + case software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_CollectionOfErrors dafnyVal: + return new CollectionOfErrors( + new System.Collections.Generic.List(dafnyVal.dtor_list.CloneAsArray() + .Select(x => TypeConversion.FromDafny_CommonError(x))), + new string(dafnyVal.dtor_message.Elements)); + case software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_Opaque dafnyVal: + return new OpaqueError(dafnyVal._obj); + default: + // The switch MUST be complete for _IError, so `value` MUST NOT be an _IError. (How did you get here?) + return new OpaqueError(); + } + } + + public static software.amazon.cryptography.encryptionsdk.internaldafny.types._IError ToDafny_CommonError( + System.Exception value) + { + switch (value.GetType().Namespace) + { + case "AWS.Cryptography.MaterialProviders": + return software.amazon.cryptography.encryptionsdk.internaldafny.types.Error + .create_AwsCryptographyMaterialProviders( + AWS.Cryptography.MaterialProviders.TypeConversion.ToDafny_CommonError(value) + ); + } + + switch (value) + { + case AWS.Cryptography.EncryptionSDK.AwsEncryptionSdkException exception: + return ToDafny_N3_aws__N12_cryptography__N13_encryptionSdk__S25_AwsEncryptionSdkException( + exception); + case CollectionOfErrors collectionOfErrors: + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_CollectionOfErrors( + Dafny.Sequence + .FromArray( + collectionOfErrors.list.Select + (x => TypeConversion.ToDafny_CommonError(x)) + .ToArray()), + Dafny.Sequence.FromString(collectionOfErrors.Message) + ); + // OpaqueError is redundant, but listed for completeness. + case OpaqueError exception: + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_Opaque(exception); + case System.Exception exception: + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_Opaque(exception); + default: + // The switch MUST be complete for System.Exception, so `value` MUST NOT be an System.Exception. (How did you get here?) + return new software.amazon.cryptography.encryptionsdk.internaldafny.types.Error_Opaque(value); + } + } + } } diff --git a/AwsEncryptionSDK/runtimes/net/README.md b/AwsEncryptionSDK/runtimes/net/README.md index 5c3648fd3..305bebd23 100644 --- a/AwsEncryptionSDK/runtimes/net/README.md +++ b/AwsEncryptionSDK/runtimes/net/README.md @@ -32,9 +32,7 @@ Please refer to [the wiki](https://github.com/aws/aws-encryption-sdk-dafny/wiki/ To build, the AWS Encryption SDK requires the most up to date version of [Dafny](https://github.com/dafny-lang/dafny) on your PATH. -The AWS Encryption SDK targets frameworks [`net48`](https://docs.microsoft.com/en-us/dotnet/standard/frameworks#supported-target-frameworks). -Tests and test vectors target frameworks `net6.0`. -In all cases, `net48` and newer .NET Framework versions are only supported on Windows. +The AWS Encryption SDK targets frameworks [`net48` and `net6.0`](https://docs.microsoft.com/en-us/dotnet/standard/frameworks#supported-target-frameworks). To build and test the AWS Encryption SDK, you must install the following .NET tools: * [.NET 6.0](https://dotnet.microsoft.com/en-us/download/dotnet/6.0) or newer @@ -45,7 +43,13 @@ You will also need to ensure that you fetch all submodules using either `git clo To build all source files into one dll: ``` -dotnet build +# Transpile Dafny to .NET +cd AwsEncryptionSDK +make transpile_implementation_net +# Run dotnet restore +make setup_net +# Run dotnet build +dotnet build runtimes/net ``` ### (Optional) Set up the AWS Encryption SDK to work with AWS KMS @@ -62,7 +66,7 @@ Instructions for setting up AWS credentials are available in the [AWS Docs for t ### Configure AWS credentials To run the test suite you must first set up AWS credentials for use with the AWS SDK. -This is required in order to run the integration tests, which use a KMS Keyring against a publically accessible KMS CMK. +This is required in order to run the integration tests, which use a KMS Keyring against a publicly accessible KMS CMK. Instructions for setting up AWS credentials are available in the [AWS Docs for the AWS SDK for .NET](https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html). @@ -71,23 +75,35 @@ Instructions for setting up AWS credentials are available in the [AWS Docs for t Run the test suite with: ``` -dotnet test -``` - -You can see more detail about what test cases are being run by increasing the verbosity: - -``` -dotnet test --logger:"console;verbosity=normal" +cd AwsEncryptionSDK +make transpile_test_net +# Windows/Linux +make test_net +# On Mac +make test_net_mac_brew ``` Run tests on examples, to ensure they are up to date: ``` +cd AwsEncryptionSDK/runtimes/net dotnet test Examples ``` Please note that tests and test vectors require internet access and valid AWS credentials, since calls to KMS are made as part of the test workflow. +## Other Development advice + +Most c# IDEs appreciate Solution files. +To generate one Solution file for all the projects here, +run: +``` +cd AwsEncryptionSDK/runtimes/net +dotnet new sln --name ESDK +dotnet sln add $(find . -name '*.csproj') +``` +Then ask your IDE to open `ESDK.sln`. + ## License This library is licensed under the Apache 2.0 License. diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/AWSEncryptionSDKTestVectorGenerator.csproj b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/AWSEncryptionSDKTestVectorGenerator.csproj similarity index 66% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/AWSEncryptionSDKTestVectorGenerator.csproj rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/AWSEncryptionSDKTestVectorGenerator.csproj index 1f4009ad2..d00536ebb 100644 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/AWSEncryptionSDKTestVectorGenerator.csproj +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/AWSEncryptionSDKTestVectorGenerator.csproj @@ -2,12 +2,9 @@ Exe - - netcoreapp3.1 - 7.3 + net6.0;net48 + 10 + enable AWSEncryptionSDKTestVectorGenerator 0.1.0 diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/Generator.cs b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/Generator.cs similarity index 67% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/Generator.cs rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/Generator.cs index 9e19179cc..e19c59416 100644 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/Generator.cs +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/Generator.cs @@ -1,15 +1,10 @@ // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -using System; -using System.Collections.Generic; using System.CommandLine; -using System.Diagnostics; -using System.IO; -using System.Linq; using System.Security.Cryptography; -using AWS.EncryptionSDK.Core; -using AWS.EncryptionSDK; +using AWS.Cryptography.EncryptionSDK; +using AWS.Cryptography.MaterialProviders; namespace TestVectors { class Generator @@ -42,9 +37,11 @@ static void Main(string[] args) private readonly DirectoryInfo _plaintextDir; private readonly DirectoryInfo _ciphertextDir; private readonly bool _quiet; + private RandomNumberGenerator _randomNumberGenerator; private Generator(FileInfo encryptManifestFile, DirectoryInfo outputDir, bool quiet) { + _randomNumberGenerator = RandomNumberGenerator.Create(); _encryptManifest = Utils.LoadObjectFromPath(encryptManifestFile.FullName); Console.Error.WriteLine( $"Loaded {_encryptManifest.VectorMap.Count} vectors from {encryptManifestFile.FullName}"); @@ -83,7 +80,7 @@ private void Run() Console.Error.WriteLine($"Wrote {targetedVectors.Count} ciphertexts"); DecryptManifest decryptManifest = GenerateDecryptManifest(targetedVectors, plaintexts); - string decryptManifestPath = Path.Join(_outputDir.FullName, "manifest.json"); + string decryptManifestPath = Path.Combine(_outputDir.FullName, "manifest.json"); Utils.WriteObjectToPath(decryptManifest, decryptManifestPath); Console.Error.WriteLine("Wrote decrypt vector manifest"); @@ -93,30 +90,27 @@ private void Run() Console.Error.WriteLine("Wrote key manifest"); } - private static Dictionary GeneratePlaintexts(Dictionary sizes) + private Dictionary GeneratePlaintexts(Dictionary sizes) { var plaintexts = new Dictionary(); - foreach (var (name, size) in sizes) + foreach (var entry in sizes) { - if (size > int.MaxValue) + if (entry.Value > int.MaxValue) { - throw new ArgumentException($"Can't generate a {size}-byte plaintext"); + throw new ArgumentException($"Can't generate a {entry.Value}-byte plaintext"); } - - var buffer = new MemoryStream((int)size); - RandomNumberGenerator.Fill(buffer.GetBuffer()); - plaintexts.Add(name, buffer); + var bytes = new byte[(int)entry.Value]; + _randomNumberGenerator.GetBytes(bytes); + var buffer = new MemoryStream(bytes); + plaintexts.Add(entry.Key, buffer); } return plaintexts; } - // We don't have a better way to query this information right now. - // This could be a use case for Smithy enums' "tags" property, that we'd need to support in codegen. - // https://awslabs.github.io/smithy/1.0/spec/core/constraint-traits.html#enum-trait - private static readonly AlgorithmSuiteId[] COMMITTING_ALGORITHM_SUITES = { - AlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY, - AlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384, + private static readonly ESDKAlgorithmSuiteId[] COMMITTING_ALGORITHM_SUITES = { + ESDKAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY, + ESDKAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384, }; /// @@ -130,22 +124,24 @@ private bool ShouldTargetVector(string id, EncryptVector vector) } private void GenerateAndWriteVectors( - IList> targetedVectors, Dictionary plaintexts) + IList> targetedVectors, + Dictionary plaintexts + ) { - foreach (var (id, vector) in targetedVectors) + foreach (var entry in targetedVectors) { try { - var ciphertext = GenerateDecryptVector(vector, plaintexts); - Utils.WriteBinaryFile(_ciphertextDir, id, ciphertext); + var ciphertext = GenerateDecryptVector(entry.Value, plaintexts); + Utils.WriteBinaryFile(_ciphertextDir, entry.Key, ciphertext); if (!_quiet) { - Console.Error.WriteLine($"Wrote ciphertext file for vector {id}"); + Console.Error.WriteLine($"Wrote ciphertext file for vector {entry.Key}"); } } catch (AwsEncryptionSdkException ex) { - throw new ApplicationException($"Failed to encrypt vector {id}", ex); + throw new ApplicationException($"Failed to encrypt vector {entry.Key}", ex); } } } @@ -154,14 +150,16 @@ private DecryptManifest GenerateDecryptManifest( IList> targetedVectors, Dictionary plaintexts) { var decryptVectors = new Dictionary(); - foreach (var (id, encryptVector) in targetedVectors) + foreach (var entry in targetedVectors) { - var plaintextPath = "file://" + Path.Join(_plaintextDir.Name, encryptVector.Scenario.PlaintextName); - var ciphertextPath = "file://" + Path.Join(_ciphertextDir.Name, id); - decryptVectors[id] = new DecryptVector + var plaintextPath = "file://" + Path.Combine(_plaintextDir.Name, entry.Value.Scenario.PlaintextName); + var ciphertextPath = "file://" + Path.Combine(_ciphertextDir.Name, entry.Key); + decryptVectors[entry.Key] = new DecryptVector { Ciphertext = ciphertextPath, - MasterKeys = encryptVector.Scenario.MasterKeys, + MasterKeys = entry.Value.Scenario.MasterKeys, + CMM = entry.Value.Scenario.CMM, + EncryptionContext = entry.Value.Scenario.EncryptionContext, Result = new DecryptResult { Output = new DecryptOutput { Plaintext = plaintextPath } @@ -174,20 +172,13 @@ private DecryptManifest GenerateDecryptManifest( Meta = new ManifestMeta { Type = "awses-decrypt", - // This manifest format is described by version 3 of "AWS Encryption SDK Message Decryption": - // https://github.com/awslabs/aws-crypto-tools-test-vector-framework/blob/master/features/0004-awses-message-decryption.md - // - // Although the Python ESDK's test vector handler would correctly handle/decrypt the vectors, - // it incorrectly rejects the version "3" during manifest loading, - // so for expedience we'll just advertise what Python can handle. - // TODO: fix Python's vector handler version validation, and change this value to 3 - Version = 2 + Version = 4 }, Client = new Client { - Name = "awslabs/aws-encryption-sdk-dafny", + Name = "ESDK-NET", // TODO pass this by env var - Version = "0.1.0-alpha" + Version = "4.0.0" }, KeysUri = OutputKeysManifestUri, VectorMap = decryptVectors @@ -199,17 +190,16 @@ private MemoryStream GenerateDecryptVector( { EncryptScenario scenario = vector.Scenario; - AlgorithmSuiteId algSuiteId = new AlgorithmSuiteId("0x" + scenario.Algorithm); - Debug.Assert(AlgorithmSuiteId.Values.Contains(algSuiteId)); + ESDKAlgorithmSuiteId algSuiteId = new ESDKAlgorithmSuiteId("0x" + scenario.Algorithm); - CommitmentPolicy commitmentPolicy = COMMITTING_ALGORITHM_SUITES.Contains(algSuiteId) - ? CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT - : CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT; + ESDKCommitmentPolicy commitmentPolicy = COMMITTING_ALGORITHM_SUITES.Contains(algSuiteId) + ? ESDKCommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT + : ESDKCommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT; AwsEncryptionSdkConfig config = new AwsEncryptionSdkConfig { CommitmentPolicy = commitmentPolicy }; - IAwsEncryptionSdk client = AwsEncryptionSdkFactory.CreateAwsEncryptionSdk(config); + ESDK encryptionSdk = new ESDK(config); ICryptographicMaterialsManager cmm = MaterialProviderFactory.CreateEncryptCmm(vector, _keyManifest.Keys); EncryptInput encryptInput = new EncryptInput @@ -220,7 +210,7 @@ private MemoryStream GenerateDecryptVector( MaterialsManager = cmm, Plaintext = plaintexts[scenario.PlaintextName] }; - return client.Encrypt(encryptInput).Ciphertext; + return encryptionSdk.Encrypt(encryptInput).Ciphertext; } } } diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/README.md b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/README.md similarity index 100% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/README.md rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/README.md diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/resources/0002-keys.v3.json b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/0002-keys.v3.json similarity index 100% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/resources/0002-keys.v3.json rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/0002-keys.v3.json diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/resources/0006-awses-message-decryption-generation.v2.json b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/0006-awses-message-decryption-generation.v2.json similarity index 100% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/resources/0006-awses-message-decryption-generation.v2.json rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/0006-awses-message-decryption-generation.v2.json diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/net4x-generate-manifest.json b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/net4x-generate-manifest.json new file mode 100644 index 000000000..8d97ab917 --- /dev/null +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/net4x-generate-manifest.json @@ -0,0 +1,2850 @@ +{ + "manifest": { + "type": "awses-decrypt-generate", + "version": 4 + }, + "keys": "file://net4x-keys.json", + "plaintexts": { + "small": 10240 + }, + "tests": { + "0014-ec_len_2-cmm_Default-87a71576-3ad9-44b0-8fe8-4c22c8ee4577": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0014-ec_len_2-cmm_Default-db7da351-35ca-49a5-8355-9e99b9630285": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0014-ec_len_2-cmm_Default-43e32297-1a01-43bd-8552-892e454c9408": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0014-ec_len_2-cmm_Default-5ec65559-25a7-4a75-b875-3517f168693b": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0046-ec_len_2-cmm_Default-4a5ecab5-893f-4fe5-9d63-948818adecee": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0046-ec_len_2-cmm_Default-dc546b20-464b-4ea5-b8ab-85c6e2fba57a": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0046-ec_len_2-cmm_Default-435155ce-e9f8-4a9b-ae36-e1b9c4956981": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0046-ec_len_2-cmm_Default-c896e2d5-5e84-49de-84c0-1704ea7c7f4c": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0078-ec_len_2-cmm_Default-77d8cf5d-7f8a-41b1-bc8e-142353a91e94": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0078-ec_len_2-cmm_Default-f919668a-245f-4d8d-9a7e-a7fd8ae8e37b": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0078-ec_len_2-cmm_Default-3c21b082-5b39-4e01-b2d8-746e5af8cde5": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0078-ec_len_2-cmm_Default-11d59905-810e-4007-b3b3-1f2bdad9e05d": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0114-ec_len_2-cmm_Default-a9bf5489-065f-4388-af32-c46795ea5803": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0114-ec_len_2-cmm_Default-4309d05a-d0d3-437a-94a0-d586ffb92e64": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0114-ec_len_2-cmm_Default-84c3f58b-b347-40f1-b2a5-790948f7febf": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0114-ec_len_2-cmm_Default-296d2996-f086-4a24-ab61-e614b725cc8e": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0146-ec_len_2-cmm_Default-358db415-9ac7-4a4d-bb70-dc60c669097e": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0146-ec_len_2-cmm_Default-6827b4fa-00ac-48dc-b4dc-39bfb7112f0f": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0146-ec_len_2-cmm_Default-f80762e7-339f-4c74-959f-d4f4bc58ff54": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0146-ec_len_2-cmm_Default-a89cf309-cf34-44c8-89a9-9e8379c20f6b": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0178-ec_len_2-cmm_Default-b6b29b49-8963-49c8-a363-85f2c41e2ea2": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0178-ec_len_2-cmm_Default-9c983f6d-20f2-49b7-97a1-6941f2c70aad": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0178-ec_len_2-cmm_Default-4202d8b6-ed48-46a0-9b9c-2e808adba2ca": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0178-ec_len_2-cmm_Default-b41cace8-bee5-4bdb-b71d-84ec5b5cc083": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0214-ec_len_2-cmm_Default-8f591844-07a4-498c-a61a-f611f3922671": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0214-ec_len_2-cmm_Default-93e1bd66-52f3-4749-872b-41eca328852f": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0214-ec_len_2-cmm_Default-bc104a1e-bd47-40d0-860b-09c36724b4cc": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0214-ec_len_2-cmm_Default-171605b2-2593-4708-a879-5f17502b04e1": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0346-ec_len_2-cmm_Default-ddd1a5a7-a72b-458a-9adf-96f15e80e323": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0346-ec_len_2-cmm_Default-032e7939-800d-4bca-91b4-3edf36df6cfc": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0346-ec_len_2-cmm_Default-1a9312ce-57dc-4245-8cf7-a94e4b6c1ccf": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0346-ec_len_2-cmm_Default-fa101197-36f4-438f-9765-1ef586386167": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0378-ec_len_2-cmm_Default-2c729d9b-ac5f-4a58-9506-f8797c83bed2": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0378-ec_len_2-cmm_Default-8491d581-813a-40e3-ad2c-b9a78f75c8dc": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0378-ec_len_2-cmm_Default-cfadb14e-f9c4-4ea4-aba1-737440537321": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0378-ec_len_2-cmm_Default-627ff035-493c-42fc-9e00-81c8c5f14599": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0478-ec_len_2-cmm_Default-4104bc88-79e7-4a1a-8126-ebac41ba9a4a": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0478-ec_len_2-cmm_Default-0753d7fa-f37a-4b8c-b1fe-29db29f57af6": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0478-ec_len_2-cmm_Default-36864ab6-a93f-4513-a82a-2ed5c90ced46": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0478-ec_len_2-cmm_Default-7d82b233-7c59-4b3d-a309-ff639370107a": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0578-ec_len_2-cmm_Default-80221206-73f3-4afe-bef2-4a6335d671a6": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0578-ec_len_2-cmm_Default-74967b4f-3015-44cc-870e-8cc8b525bb6c": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0578-ec_len_2-cmm_Default-6113d607-92cc-4a14-8b24-013ba02cfbbf": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0578-ec_len_2-cmm_Default-49d41154-0d7a-4175-9718-1da555f639bd": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0014-ec_len_2-cmm_RequiredEncryptionContext-aa708966-0601-45ef-b86c-65b945bbda36": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0014-ec_len_2-cmm_RequiredEncryptionContext-f6fc55ab-46e8-481c-abfc-3d0c81ceb7e1": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0014-ec_len_2-cmm_RequiredEncryptionContext-b65331b8-98f9-40cf-9d11-c091c5d6d7d8": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0014-ec_len_2-cmm_RequiredEncryptionContext-8e85ba36-a933-417d-9d74-45d2c0c02a1f": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0046-ec_len_2-cmm_RequiredEncryptionContext-1402b3d1-1e26-4e31-8ab7-df63086d03a2": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0046-ec_len_2-cmm_RequiredEncryptionContext-0516034b-df51-4fdb-8036-1e8a546dd62d": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0046-ec_len_2-cmm_RequiredEncryptionContext-87031663-22e8-40f1-a00e-5b45b16fb8cf": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0046-ec_len_2-cmm_RequiredEncryptionContext-c60313b8-4a41-49b3-8561-f744040dc3b1": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0078-ec_len_2-cmm_RequiredEncryptionContext-2f8af289-94e8-4e68-9024-86edb9599fa1": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0078-ec_len_2-cmm_RequiredEncryptionContext-43bc4b74-7652-4435-9856-c8b655df970c": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0078-ec_len_2-cmm_RequiredEncryptionContext-22eba1e3-44dc-44e7-a456-826f0d7196c8": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0078-ec_len_2-cmm_RequiredEncryptionContext-b04b4413-a966-4bc5-bb04-65944e4466f5": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0114-ec_len_2-cmm_RequiredEncryptionContext-649aa781-5889-4f7d-a04c-7a696e0572c7": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0114-ec_len_2-cmm_RequiredEncryptionContext-b6f7ae62-0826-4248-b1fb-b237e1f110c5": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0114-ec_len_2-cmm_RequiredEncryptionContext-03bb83cf-c90b-41cc-aaf4-c56530333a47": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0114-ec_len_2-cmm_RequiredEncryptionContext-8de5171e-f1cb-49dd-98f7-357de65ce2e1": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0146-ec_len_2-cmm_RequiredEncryptionContext-05699a16-e053-44a7-9597-15b055a26db7": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0146-ec_len_2-cmm_RequiredEncryptionContext-601580fc-f3de-4932-88a4-32e81123984b": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0146-ec_len_2-cmm_RequiredEncryptionContext-ab7c0a48-343b-4a3f-bbff-2e8daaf0d0e8": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0146-ec_len_2-cmm_RequiredEncryptionContext-09a1fa19-7a44-40a2-983c-3d65710c35f7": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0178-ec_len_2-cmm_RequiredEncryptionContext-7767e68f-4e1a-4df6-a082-b83ff2c79643": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0178-ec_len_2-cmm_RequiredEncryptionContext-34ec7e5a-fea5-40e0-958e-27bf6cd2f376": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0178-ec_len_2-cmm_RequiredEncryptionContext-ae642564-42c7-4926-948a-3cbdb2a0ada9": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0178-ec_len_2-cmm_RequiredEncryptionContext-25a79f62-ed72-4129-a04c-82bea2fc0d93": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0214-ec_len_2-cmm_RequiredEncryptionContext-8eadac6c-7830-4571-8893-3954f13fa7cd": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0214-ec_len_2-cmm_RequiredEncryptionContext-3e398c79-6e37-4262-827d-b9f24c7b2a5e": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0214-ec_len_2-cmm_RequiredEncryptionContext-175cbbc7-1254-41c1-bc43-7a461bc6cef2": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0214-ec_len_2-cmm_RequiredEncryptionContext-cf1ae2da-1517-4958-9403-0946d4939ba2": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0346-ec_len_2-cmm_RequiredEncryptionContext-2814441c-311f-48a3-ae9b-f6fb3060cc45": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0346-ec_len_2-cmm_RequiredEncryptionContext-e8719411-bdaf-4c9a-9294-a41b2350781b": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0346-ec_len_2-cmm_RequiredEncryptionContext-5f0856d7-cd86-4564-afeb-12fee8ebd571": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0346-ec_len_2-cmm_RequiredEncryptionContext-df99037a-eed4-4f2a-bee2-3981932c4705": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0378-ec_len_2-cmm_RequiredEncryptionContext-bd8413ef-f7a9-4c3e-a5a0-af80470c59a8": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0378-ec_len_2-cmm_RequiredEncryptionContext-8c8365a3-509c-4318-87ac-dba1e82e629e": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0378-ec_len_2-cmm_RequiredEncryptionContext-69ee1ca7-0b3f-407b-ad19-a5417673e6f8": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0378-ec_len_2-cmm_RequiredEncryptionContext-9cce0c2e-d151-47f3-9d04-4e780eb33408": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0478-ec_len_2-cmm_RequiredEncryptionContext-6638a456-bbcb-401f-b817-31a368079cdd": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0478-ec_len_2-cmm_RequiredEncryptionContext-e6017b36-1eca-4a48-9f60-b90982183206": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0478-ec_len_2-cmm_RequiredEncryptionContext-88b9d001-1502-4ed9-b42e-06f0bdb50af4": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0478-ec_len_2-cmm_RequiredEncryptionContext-e7eb3837-5a6f-4e52-9fa3-6fd1379fb030": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0578-ec_len_2-cmm_RequiredEncryptionContext-292e77c7-9dd8-4d7f-80a6-b839a823226c": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0578-ec_len_2-cmm_RequiredEncryptionContext-55c9eb75-95d6-4e2f-8f77-8d6e326ce000": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0578-ec_len_2-cmm_RequiredEncryptionContext-c80250ea-a45a-499c-8a6a-19816a88c116": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0578-ec_len_2-cmm_RequiredEncryptionContext-20a6c574-a62c-49ff-bfce-29d59f898ac6": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": { + "key1": "val1", + "key2": "val2" + }, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "RequiredEncryptionContext" + } + }, + "0014-ec_len_0-cmm_Default-ea6819e2-4fb0-4cbc-a1c2-c0bb0fbf1a10": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0014-ec_len_0-cmm_Default-26d25bfe-05b2-4aa1-8f21-8ad37e0827b1": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0014-ec_len_0-cmm_Default-35bb6c3e-17d3-441b-b7cb-b0d2c9d2b745": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0014-ec_len_0-cmm_Default-3b7471c2-a9e0-41d1-ad44-e3cbec68904b": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0014", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0046-ec_len_0-cmm_Default-46994368-cd10-4f08-8617-f06e7e9382a0": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0046-ec_len_0-cmm_Default-fbc20916-acda-4e91-a4ec-1e7048e90243": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0046-ec_len_0-cmm_Default-cc285acd-7c2a-415b-ab69-145f15b1d112": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0046-ec_len_0-cmm_Default-20533365-f408-4adc-a269-a51e0ae5e6c1": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0046", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0078-ec_len_0-cmm_Default-9caff804-35d2-432c-a4df-ac536f0573f6": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0078-ec_len_0-cmm_Default-2be0f4d3-16ec-4310-a5e7-6efd0af1b8dd": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0078-ec_len_0-cmm_Default-4decb61a-ffaf-431c-bbbd-2380a047c3b7": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0078-ec_len_0-cmm_Default-27b91067-9c7e-4ef5-90b3-487da8b4c36a": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0078", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0114-ec_len_0-cmm_Default-9e5818e5-33e8-4519-8e20-e60a8939e16f": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0114-ec_len_0-cmm_Default-414482e4-ae27-4b2f-bbfe-f879dc643176": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0114-ec_len_0-cmm_Default-b899a6c4-dd2f-4002-a19c-4e00a204471e": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0114-ec_len_0-cmm_Default-7966716e-4076-483f-8dcb-f0557a1c4785": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0114", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0146-ec_len_0-cmm_Default-61f40fac-696e-432a-85bf-7043acae314f": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0146-ec_len_0-cmm_Default-e93454e4-2181-4492-b848-2deb9d0091ae": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0146-ec_len_0-cmm_Default-79d37a57-7251-445f-9fc9-d556353d28d0": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0146-ec_len_0-cmm_Default-3c2fe2d9-7f10-4dce-af05-2aebb7907b2a": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0146", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0178-ec_len_0-cmm_Default-73778701-ae09-477a-9a27-e950bfbe81ef": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0178-ec_len_0-cmm_Default-c966a875-f1bb-4100-95c7-af190b424f1a": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0178-ec_len_0-cmm_Default-fa9af9ef-3520-4b6e-a213-857aa948efde": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0178-ec_len_0-cmm_Default-c69bbc88-9596-4c2e-8c10-cf331e13baad": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0178", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0214-ec_len_0-cmm_Default-dfee0680-6b4a-496c-b020-aa35f37b2a5e": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0214-ec_len_0-cmm_Default-b55081fe-5bb7-4339-9d9c-7a745513cd26": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0214-ec_len_0-cmm_Default-fce8dc87-3752-4902-9111-c1b00a902b03": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0214-ec_len_0-cmm_Default-ba45ac79-3cb7-4b20-9d66-8958ab061e99": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0214", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0346-ec_len_0-cmm_Default-6feec3e2-5325-4283-9b88-1ca377376f3d": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0346-ec_len_0-cmm_Default-0f15d59b-e9ab-46c7-9fb7-4c0ff3c5a6bf": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0346-ec_len_0-cmm_Default-6eaf4c34-5ad4-43d1-812b-25f03ca067a3": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0346-ec_len_0-cmm_Default-0c8a11cb-e21d-4327-8d25-db396f708d61": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0346", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0378-ec_len_0-cmm_Default-1dacfbb9-ab68-4a9c-9242-788490d4da4d": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0378-ec_len_0-cmm_Default-1c9f3309-2f67-4c61-a49f-f3537a2ea893": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0378-ec_len_0-cmm_Default-a8ea538e-adda-423d-9d97-f32cdbe41da8": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0378-ec_len_0-cmm_Default-68fe5679-554e-4e1f-90a4-903c3bf123d6": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0378", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0478-ec_len_0-cmm_Default-17fef3f6-1e17-4c0a-afb6-f3ee32bdc6da": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0478-ec_len_0-cmm_Default-8aa92ac6-31f0-49b2-801d-8f51633affc2": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0478-ec_len_0-cmm_Default-e8f02f10-5e66-4484-b395-1bd9e515289d": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0478-ec_len_0-cmm_Default-9cce32a0-8ace-403d-8641-86731d3893bb": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0478", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + }, + "0578-ec_len_0-cmm_Default-df556081-2c1e-4a0f-921b-f937f5e1208a": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "aws-kms", + "key": "us-west-2-decryptable" + } + ], + "cmm": "Default" + } + }, + "0578-ec_len_0-cmm_Default-edd8a07a-358e-476b-a85c-4d48d5120a4f": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "aes-256", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "aes" + } + ], + "cmm": "Default" + } + }, + "0578-ec_len_0-cmm_Default-c15b3d56-4498-4c66-97ca-d262f9d60d65": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + } + ], + "cmm": "Default" + } + }, + "0578-ec_len_0-cmm_Default-dc8f2fa4-4256-4946-badd-329a98f68646": { + "encryption-scenario": { + "plaintext": "small", + "algorithm": "0578", + "frame-size": 512, + "encryption-context": {}, + "master-keys": [ + { + "type": "raw", + "key": "rsa-4096-private", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha512" + }, + { + "type": "raw", + "key": "rsa-4096-public", + "provider-id": "aws-raw-vectors-persistant", + "encryption-algorithm": "rsa", + "padding-algorithm": "oaep-mgf1", + "padding-hash": "sha256" + } + ], + "cmm": "Default" + } + } + } +} diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/net4x-keys.json b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/net4x-keys.json new file mode 100644 index 000000000..8dfd7d968 --- /dev/null +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/net4x-keys.json @@ -0,0 +1,44 @@ +{ + "manifest": { + "type": "keys", + "version": 3 + }, + "keys": { + "aes-256": { + "key-id": "aes-256", + "encrypt": true, + "decrypt": true, + "algorithm": "aes", + "type": "symmetric", + "bits": 256, + "encoding": "base64", + "material": "AAECAwQFBgcICRAREhMUFRYXGBkgISIjJCUmJygpMDE=" + }, + "rsa-4096-private": { + "key-id": "rsa-4096-private", + "encrypt": true, + "decrypt": true, + "algorithm": "rsa", + "type": "private", + "bits": 4096, + "encoding": "pem", + "material": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCztGg1gQ8AjCzz\n1VX6StqtW//jBt2ZQBoApaBa7FmLmdr0YlKaeEKSrItGbvA9tBjgsKhrn8gxTGQc\nuxgM92651jRCbQZyjE6W8kodijhGMXsfKJLfgPp2/I7gZ3dqrSZkejFIYLFb/uF/\nTfAQzNyJUldYdeFojSUPqevMgSAusTgv7dXYt4BCO9mxMp35tgyp5k4vazKJVUgB\nTw87AAYZUGugmi94Wb9JSnqUKI3QzaRN7JADZrHdBO1lIBryfCsjtTnZc7NWZ0yJ\nwmzLY+C5b3y17cy44N0rbjI2QciRhqZ4/9SZ/9ImyFQlB3lr9NSndcT4eE5YC6bH\nba0gOUK9lLXVy6TZ+nRZ4dSddoLX03mpYp+8cQpK6DO3L/PeUY/si0WGsXZfWokd\n4ACwvXWSOjotzjwqwTW8q9udbhUvIHfB02JW+ZQ07b209fBpHRDkZuveOTedTN2Q\nQei4dZDjWW5s4cIIE3dXXeaH8yC02ERIeN+aY6eHngSsP2xoDV3sKNN/yDbCqaMS\nq8ZJbo2rvOFxZHa2nWiV+VLugfO6Xj8jeGeR8vopvbEBZZpAq+Dea2xjY4+XMUQ/\nS1HlRwc9+nkJ5LVfODuE3q9EgJbqbiXe7YckWV3ZqQMybW+dLPxEJs9buOntgHFS\nRYmbKky0bti/ZoZlcZtS0zyjVxlqsQIDAQABAoICAEr3m/GWIXgNAkPGX9PGnmtr\n0dgX6SIhh7d1YOwNZV3DlYAV9HfUa5Fcwc1kQny7QRWbHOepBI7sW2dQ9buTDXIh\nVjPP37yxo6d89EZWfxtpUP+yoXL0D4jL257qCvtJuJZ6E00qaVMDhXbiQKABlo8C\n9sVEiABhwXBDZsctpwtTiykTgv6hrrPy2+H8R8MAm0/VcBCAG9kG5r8FCEmIvQKa\ndgvNxrfiWNZuZ6yfLmpJH54SbhG9Kb4WbCKfvh4ihqyi0btRdSM6fMeLgG9o/zrc\ns54B0kHeLOYNVo0j7FQpZBFeSIbmHfln4RKBh7ntrTke/Ejbh3NbiPvxWSP0P067\nSYWPkQpip2q0ION81wSQZ1haP2GewFFu4IEjG3DlqqpKKGLqXrmjMufnildVFpBx\nir+MgvgQfEBoGEx0aElyO7QuRYaEiXeb/BhMZeC5O65YhJrWSuTVizh3xgJWjgfV\naYwYgxN8SBXBhXLIVvnPhadTqsW1C/aevLOk110eSFWcHf+FCK781ykIzcpXoRGX\nOwWcZzC/fmSABS0yH56ow+I0tjdLIEEMhoa4/kkamioHOJ4yyB+W1DO6/DnMyQlx\ng7y2WsAaIEBoWUARy776k70xPPMtYAxzFXI9KhqRVrPfeaRZ+ojeyLyr3GQGyyoo\ncuGRdMUblsmODv4ixmOxAoIBAQDvkznvVYNdP3Eg5vQeLm/qsP6dLejLijBLeq9i\n7DZH2gRpKcflXZxCkRjsKDDE+fgDcBYEp2zYfRIVvgrxlTQZdaSG+GoDcbjbNQn3\ndjCCtOOACioN/vg2zFlX4Bs6Q+NaV7g5qP5SUaxUBjuHLe7Nc+ZkyheMHuNYVLvk\nHL/IoWyANpZYjMUU3xMbL/J29Gz7CPGr8Si28TihAHGfcNgn8S04OQZhTX+bU805\n/+7B4XW47Mthg/u7hlqFl+YIAaSJYvWkEaVP1A9I7Ve0aMDSMWwzTg9cle2uVaL3\n+PTzWY5coBlHKjqAg9ufhYSDhAqBd/JOSlv8RwcA3PDXJ6C/AoIBAQDABmXXYQky\n7phExXBvkLtJt2TBGjjwulf4R8TC6W5F51jJuoqY/mTqYcLcOn2nYGVwoFvPsy/Q\nCTjfODwJBXzbloXtYFR3PWAeL1Y6+7Cm+koMWIPJyVbD5Fzm+gZStM0GwP8FhDt2\nWt8fWEyXmoLdAy6RAwiEmCagEh8o+13oBfwnBllbz7TxaErsUuR+XVgl/iHwztdv\ncdJKyRgaFfWSh9aiO7EMV2rBGWsoX09SRvprPFAGx8Ffm7YcqIk34QXsQyc45Dyn\nCwkvypxHoaB3ot/48FeFm9IubApb/ctv+EgkBfL4S4bdwRXS1rt+0+QihBoFyP2o\nJ91cdm4hEWCPAoIBAQC6l11hFaYZo0bWDGsHcr2B+dZkzxPoKznQH76n+jeQoLIc\nwgjJkK4afm39yJOrZtEOxGaxu0CgIFFMk9ZsL/wC9EhvQt02z4TdXiLkFK5VrtMd\nr0zv16y06VWQhqBOMf/KJlX6uq9RqADi9HO6pkC+zc0cpPXQEWKaMmygju+kMG2U\nMm/IieMZjWCRJTfgBCE5J88qTsqaKagkZXcZakdAXKwOhQN+F2EStiM6UCZB5PrO\nS8dfrO8ML+ki8Zqck8L1qhiNb5zkXtKExy4u+gNr8khGcT6vqqoSxOoH3mPRgOfL\nJnppne8wlwIf7Vq3H8ka6zPSXEHma999gZcmy9t7AoIBAGbQhiLl79j3a0wXMvZp\nVf5IVYgXFDnAbG2hb7a06bhAAIgyexcjzsC4C2+DWdgOgwHkuoPg+062QV8zauGh\nsJKaa6cHlvIpSJeg3NjD/nfJN3CYzCd0yCIm2Z9Ka6xI5iYhm+pGPNhIG4Na8deS\ngVL46yv1pc/o73VxfoGg5UzgN3xlp97Cva0sHEGguHr4W8Qr59xZw3wGQ4SLW35M\nF6qXVNKUh12GSMCPbZK2RXBWVKqqJmca+WzJoJ6DlsT2lQdFhXCus9L007xlDXxF\nC/hCmw1dEl+VaNo2Ou26W/zdwTKYhNlxBwsg4SB8nPNxXIsmlBBY54froFhriNfn\nx/0CggEAUzz+VMtjoEWw2HSHLOXrO4EmwJniNgiiwfX3DfZE4tMNZgqZwLkq67ns\nT0n3b0XfAOOkLgMZrUoOxPHkxFeyLLf7pAEJe7QNB+Qilw8e2zVqtiJrRk6uDIGJ\nSv+yM52zkImZAe2jOdU3KeUZxSMmb5vIoiPBm+tb2WupAg3YdpKn1/jWTpVmV/+G\nUtTLVE6YpAyFp1gMxhutE9vfIS94ek+vt03AoEOlltt6hqZfv3xmY8vGuAjlnj12\nzHaq+fhCRPsbsZkzJ9nIVdXYnNIEGtMGNnxax7tYRej/UXqyazbxHiJ0iPF4PeDn\ndzxtGxpeTBi+KhKlca8SlCdCqYwG6Q==\n-----END PRIVATE KEY-----" + }, + "rsa-4096-public": { + "key-id": "rsa-4096-public", + "encrypt": true, + "decrypt": false, + "algorithm": "rsa", + "type": "public", + "bits": 4096, + "encoding": "pem", + "material": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs7RoNYEPAIws89VV+kra\nrVv/4wbdmUAaAKWgWuxZi5na9GJSmnhCkqyLRm7wPbQY4LCoa5/IMUxkHLsYDPdu\nudY0Qm0GcoxOlvJKHYo4RjF7HyiS34D6dvyO4Gd3aq0mZHoxSGCxW/7hf03wEMzc\niVJXWHXhaI0lD6nrzIEgLrE4L+3V2LeAQjvZsTKd+bYMqeZOL2syiVVIAU8POwAG\nGVBroJoveFm/SUp6lCiN0M2kTeyQA2ax3QTtZSAa8nwrI7U52XOzVmdMicJsy2Pg\nuW98te3MuODdK24yNkHIkYameP/Umf/SJshUJQd5a/TUp3XE+HhOWAumx22tIDlC\nvZS11cuk2fp0WeHUnXaC19N5qWKfvHEKSugzty/z3lGP7ItFhrF2X1qJHeAAsL11\nkjo6Lc48KsE1vKvbnW4VLyB3wdNiVvmUNO29tPXwaR0Q5Gbr3jk3nUzdkEHouHWQ\n41lubOHCCBN3V13mh/MgtNhESHjfmmOnh54ErD9saA1d7CjTf8g2wqmjEqvGSW6N\nq7zhcWR2tp1olflS7oHzul4/I3hnkfL6Kb2xAWWaQKvg3mtsY2OPlzFEP0tR5UcH\nPfp5CeS1Xzg7hN6vRICW6m4l3u2HJFld2akDMm1vnSz8RCbPW7jp7YBxUkWJmypM\ntG7Yv2aGZXGbUtM8o1cZarECAwEAAQ==\n-----END PUBLIC KEY-----" + }, + "us-west-2-decryptable": { + "type": "aws-kms", + "key-id": "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f", + "encrypt": true, + "decrypt": true + } + } +} diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/resources/python-2.3.0_keys.json b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/python-2.3.0_keys.json similarity index 100% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorGenerator/resources/python-2.3.0_keys.json rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorGenerator/resources/python-2.3.0_keys.json diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj new file mode 100644 index 000000000..6c283d130 --- /dev/null +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj @@ -0,0 +1,15 @@ + + + + net6.0;net48 + 10 + enable + enable + + + + + + + + diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/MaterialProviderFactory.cs b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/MaterialProviderFactory.cs similarity index 73% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/MaterialProviderFactory.cs rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/MaterialProviderFactory.cs index ede97b930..327648c55 100644 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/MaterialProviderFactory.cs +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/MaterialProviderFactory.cs @@ -1,14 +1,11 @@ // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -using System; -using System.Collections.Generic; using System.Diagnostics; -using System.IO; -using System.Linq; using Amazon; using Amazon.KeyManagementService; -using AWS.EncryptionSDK.Core; +using AWS.Cryptography.MaterialProviders; + using RSAEncryption; namespace TestVectors @@ -20,19 +17,44 @@ public enum CryptoOperation public static class MaterialProviderFactory { - public static IAwsCryptographicMaterialProviders materialProviders = - AwsCryptographicMaterialProvidersFactory.CreateDefaultAwsCryptographicMaterialProviders(); + private static readonly MaterialProviders materialProviders = new(new MaterialProvidersConfig()); - public static ICryptographicMaterialsManager CreateDecryptCmm(DecryptVector vector, Dictionary keys) { - CreateDefaultCryptographicMaterialsManagerInput input = new CreateDefaultCryptographicMaterialsManagerInput + public static ICryptographicMaterialsManager CreateDecryptCmm( + DecryptVector vector, + Dictionary keys, + string vectorId + ) { + ICryptographicMaterialsManager cmm; + ICryptographicMaterialsManager defaultCMM = materialProviders.CreateDefaultCryptographicMaterialsManager( + new CreateDefaultCryptographicMaterialsManagerInput + { + Keyring = CreateDecryptKeyring(vector, keys) + }); + switch (vector.CMM) { - Keyring = CreateDecryptKeyring(vector, keys) - }; - return materialProviders.CreateDefaultCryptographicMaterialsManager(input); + case "RequiredEncryptionContext": + if (vector.EncryptionContext is null) + { + throw new Utils.InvalidDecryptVectorException( + $"RequiredEncryptionContext requires Encryption Context! ID = {vector}"); + } + CreateRequiredEncryptionContextCMMInput requiredCMM = new CreateRequiredEncryptionContextCMMInput + { + UnderlyingCMM = defaultCMM, + RequiredEncryptionContextKeys = new List(vector.EncryptionContext.Keys) + }; + cmm = materialProviders.CreateRequiredEncryptionContextCMM(requiredCMM); + break; + default: + cmm = defaultCMM; + break; + } + return cmm; } private static IKeyring CreateDecryptKeyring(DecryptVector vector, Dictionary keys) { List children = new List(); + Debug.Assert(vector.MasterKeys != null, "vector.MasterKeys != null"); foreach (MasterKey keyInfo in vector.MasterKeys) { // Some keyrings, like discovery KMS keyrings, do not specify keys @@ -48,13 +70,32 @@ private static IKeyring CreateDecryptKeyring(DecryptVector vector, Dictionary keys) { - CreateDefaultCryptographicMaterialsManagerInput input = new CreateDefaultCryptographicMaterialsManagerInput + public static ICryptographicMaterialsManager CreateEncryptCmm(EncryptVector vector, + Dictionary keys) + { + ICryptographicMaterialsManager cmm; + ICryptographicMaterialsManager defaultCMM = materialProviders.CreateDefaultCryptographicMaterialsManager( + new CreateDefaultCryptographicMaterialsManagerInput + { + Keyring = CreateEncryptKeyring(vector, keys) + }); + switch (vector.Scenario.CMM) { - Keyring = CreateEncryptKeyring(vector, keys) - }; - return materialProviders.CreateDefaultCryptographicMaterialsManager(input); + case "RequiredEncryptionContext": + CreateRequiredEncryptionContextCMMInput requiredCMM = new CreateRequiredEncryptionContextCMMInput + { + UnderlyingCMM = defaultCMM, + RequiredEncryptionContextKeys = new List(vector.Scenario.EncryptionContext.Keys) + }; + cmm = materialProviders.CreateRequiredEncryptionContextCMM(requiredCMM); + break; + default: + cmm = defaultCMM; + break; + } + return cmm; } + private static IKeyring CreateEncryptKeyring(EncryptVector vector, Dictionary keys) { @@ -100,10 +141,10 @@ private static IKeyring CreateKeyring(MasterKey keyInfo, Key key, CryptoOperatio } if (keyInfo.Type == "aws-kms-mrk-aware-discovery" && operation == CryptoOperation.DECRYPT) { - AWS.EncryptionSDK.Core.DiscoveryFilter filter = null; + AWS.Cryptography.MaterialProviders.DiscoveryFilter filter = null; if (keyInfo.AwsKmsDiscoveryFilter != null) { - filter = new AWS.EncryptionSDK.Core.DiscoveryFilter + filter = new AWS.Cryptography.MaterialProviders.DiscoveryFilter { AccountIds = (List)keyInfo.AwsKmsDiscoveryFilter.AccountIds, Partition = keyInfo.AwsKmsDiscoveryFilter.Partition, @@ -165,9 +206,9 @@ private static IKeyring CreateKeyring(MasterKey keyInfo, Key key, CryptoOperatio return materialProviders.CreateRawRsaKeyring(createKeyringInput); } - string operationStr = operation == CryptoOperation.ENCRYPT - ? "encryption" - : "decryption"; + // string operationStr = operation == CryptoOperation.ENCRYPT + // ? "encryption" + // : "decryption"; throw new Exception($"Unsupported keyring type for {operation}"); } @@ -180,7 +221,7 @@ private static AesWrappingAlg AesAlgorithmFromBits(ushort bits) { case 256: return AesWrappingAlg.ALG_AES256_GCM_IV12_TAG16; default: throw new Exception("Unsupported AES wrapping algorithm"); - }; + } } private static PaddingScheme RSAPaddingFromStrings(string strAlg, string strHash) { @@ -197,7 +238,7 @@ private static PaddingScheme RSAPaddingFromStrings(string strAlg, string strHash case "sha512": return PaddingScheme.OAEP_SHA512_MGF1; } break; - }; + } throw new Exception("Unsupported RSA Padding " + strAlg + strHash); } @@ -207,7 +248,7 @@ private static RegionEndpoint GetRegionForArn(string keyId) { Arn arn = Arn.Parse(keyId); return RegionEndpoint.GetBySystemName(arn.Region); - } catch (ArgumentException e) + } catch (ArgumentException) { // Some of our test vector key definitions use a variety of // malformed key ids. diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/TestVectorTypes.cs b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/TestVectorTypes.cs similarity index 62% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/TestVectorTypes.cs rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/TestVectorTypes.cs index b8c35552a..a3e6dcf35 100644 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/TestVectorTypes.cs +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/TestVectorTypes.cs @@ -1,7 +1,6 @@ // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -using System.Collections.Generic; using Newtonsoft.Json; namespace TestVectors @@ -14,172 +13,178 @@ public class Key { public bool Encrypt { get; set; } [JsonRequired] [JsonProperty("type")] - public string Type { get; set; } + public string Type { get; set; } = null!; [JsonRequired] [JsonProperty("key-id")] - public string Id { get; set; } + public string Id { get; set; } = null!; [JsonProperty("algorithm")] - public string Algorithm { get; set; } + public string? Algorithm { get; set; } [JsonProperty("bits")] public ushort Bits { get; set; } [JsonProperty("encoding")] - public string Encoding { get; set; } + public string? Encoding { get; set; } [JsonProperty("material")] - public string Material { get; set; } + public string? Material { get; set; } } public class KeyManifest { [JsonRequired] [JsonProperty("manifest")] - public ManifestMeta Meta { get; set; } + public ManifestMeta Meta { get; set; } = null!; [JsonRequired] [JsonProperty("keys")] - public Dictionary Keys { get; set; } + public Dictionary Keys { get; set; } = null!; } // TODO Rename? Need to use some enums for various fields, possibly subtypes to represent RSA vs AES having different params? public class MasterKey { [JsonProperty("type")] - public string Type { get; set; } + public string? Type { get; set; } [JsonProperty("key")] - public string Key { get; set; } + public string? Key { get; set; } [JsonProperty("provider-id")] - public string ProviderId { get; set; } + public string? ProviderId { get; set; } [JsonProperty("encryption-algorithm")] - public string EncryptionAlgorithm { get; set; } + public string? EncryptionAlgorithm { get; set; } [JsonProperty("padding-algorithm")] - public string PaddingAlgorithm { get; set; } + public string? PaddingAlgorithm { get; set; } [JsonProperty("padding-hash")] - public string PaddingHash { get; set; } + public string? PaddingHash { get; set; } [JsonProperty("default-mrk-region")] - public string DefaultMrkRegion { get; set; } + public string? DefaultMrkRegion { get; set; } [JsonProperty("aws-kms-discovery-filter")] - public DiscoveryFilter AwsKmsDiscoveryFilter { get; set; } + public DiscoveryFilter? AwsKmsDiscoveryFilter { get; set; } } public class DiscoveryFilter { [JsonProperty("partition")] - public string Partition { get; set; } + public string? Partition { get; set; } [JsonProperty("account-ids")] - public IList AccountIds { get; set; } + public IList? AccountIds { get; set; } } public class DecryptVector { [JsonProperty("description")] - public string Description { get; set; } + public string? Description { get; set; } [JsonRequired] [JsonProperty("ciphertext")] - public string Ciphertext { get; set; } + public string Ciphertext { get; set; } = null!; [JsonProperty("master-keys")] - public IList MasterKeys { get; set; } + public IList? MasterKeys { get; set; } + [JsonProperty("cmm")] + public string? CMM { get; set; } + [JsonProperty("encryption-context")] + public Dictionary? EncryptionContext { get; set; } [JsonProperty("result")] - public DecryptResult Result { get; set; } + public DecryptResult? Result { get; set; } [JsonProperty("decryption-method")] - public string DecryptionMethod { get; set; } + public string? DecryptionMethod { get; set; } } public class DecryptResult { [JsonProperty("output")] - public DecryptOutput Output { get; set; } + public DecryptOutput? Output { get; set; } [JsonProperty("error")] - public DecryptError Error { get; set; } + public DecryptError? Error { get; set; } } public class DecryptOutput { [JsonProperty("plaintext")] - public string Plaintext { get; set; } + public string? Plaintext { get; set; } } public class DecryptError { [JsonProperty("error-description")] - public string ErrorMessage { get; set; } + public string? ErrorMessage { get; set; } } public class DecryptManifest { [JsonRequired] [JsonProperty("manifest")] - public ManifestMeta Meta { get; set; } + public ManifestMeta Meta { get; set; } = null!; [JsonRequired] [JsonProperty("client")] - public Client Client { get; set; } + public Client Client { get; set; } = null!; [JsonRequired] [JsonProperty("keys")] - public string KeysUri { get; set; } + public string KeysUri { get; set; }= null!; [JsonRequired] [JsonProperty("tests")] - public Dictionary VectorMap { get; set; } + public Dictionary VectorMap { get; set; } = null!; } public class EncryptScenario { [JsonRequired] [JsonProperty("plaintext")] - public string PlaintextName { get; set; } + public string PlaintextName { get; set; } = null!; /// /// Hex string of algorithm suite ID /// [JsonRequired] [JsonProperty("algorithm")] - public string Algorithm { get; set; } + public string Algorithm { get; set; } = null!; [JsonRequired] [JsonProperty("frame-size")] public uint FrameSize { get; set; } [JsonRequired] [JsonProperty("encryption-context")] - public Dictionary EncryptionContext { get; set; } + public Dictionary EncryptionContext { get; set; } = null!; [JsonRequired] [JsonProperty("master-keys")] - public IList MasterKeys { get; set; } + public IList MasterKeys { get; set; } = null!; + [JsonProperty("cmm")] + public string? CMM { get; set; } } public class EncryptVector { [JsonRequired] [JsonProperty("encryption-scenario")] - public EncryptScenario Scenario { get; set; } + public EncryptScenario Scenario { get; set; } = null!; // TODO: each of these three are currently unused, but we need to model them // so that we can successfully parse the manifest [JsonProperty("decryption-method")] - public string DecryptionMethod { get; set; } + public string? DecryptionMethod { get; set; } [JsonProperty("result")] - public DecryptResult Result { get; set; } + public DecryptResult? Result { get; set; } [JsonProperty("decryption-master-keys")] - public IList DecryptionMasterKeys { get; set; } + public IList? DecryptionMasterKeys { get; set; } // TODO create tampered messages // 'dynamic' type because we sometimes set this as a string // and sometimes set it as an object. Will need to figure this // out when we support tampered messages [JsonProperty("tampering")] - public dynamic Tampering { get; set; } + public dynamic? Tampering { get; set; } } public class EncryptManifest { [JsonRequired] [JsonProperty("manifest")] - public ManifestMeta Meta { get; set; } + public ManifestMeta Meta { get; set; } = null!; [JsonRequired] [JsonProperty("keys")] - public string KeysUri { get; set; } + public string KeysUri { get; set; } = null!; [JsonRequired] [JsonProperty("plaintexts")] - public Dictionary PlaintextSizes { get; set; } + public Dictionary PlaintextSizes { get; set; } = null!; [JsonRequired] [JsonProperty("tests")] - public Dictionary VectorMap { get; set; } + public Dictionary VectorMap { get; set; } = null!; } public class ManifestMeta { [JsonRequired] [JsonProperty("type")] - public string Type { get; set; } + public string Type { get; set; } = null!; [JsonRequired] [JsonProperty("version")] public int Version { get; set; } @@ -189,9 +194,9 @@ public class Client { [JsonRequired] [JsonProperty("name")] - public string Name { get; set; } + public string Name { get; set; } = null!; [JsonRequired] [JsonProperty("version")] - public string Version { get; set; } + public string Version { get; set; } = null!; } } diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/Utils.cs b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/Utils.cs similarity index 81% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/Utils.cs rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/Utils.cs index 588c9699d..9d4fb0079 100644 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/Utils.cs +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectorLib/Utils.cs @@ -21,6 +21,30 @@ public static string GetEnvironmentVariableOrError(string key) { return nullableResult; } + /// + /// Check the Environment for a variable. + /// If it exists, pass to function. + /// Otherwise, return default. + /// + /// Key for Environmental Variable + /// If key does not exist, use this + /// If key does exist, pass to this function + /// + /// + public static T GetEnvironmentVariableOrDefault( + string key, + T _default, + Func stringToValue) + { + string? nullableResult = Environment.GetEnvironmentVariable(key); + if (nullableResult is null) + { + return _default; + } + + return stringToValue(nullableResult); + } + public static T LoadObjectFromPath(string path) { if (!File.Exists(path)) { @@ -113,5 +137,10 @@ public static void WriteBinaryFile(DirectoryInfo dir, string name, MemoryStream } } } + + public class InvalidDecryptVectorException : Exception + { + public InvalidDecryptVectorException(string message) : base(message) { } + } } } diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/AWSEncryptionSDKTestVectors.csproj b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/AWSEncryptionSDKTestVectors.csproj similarity index 93% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/AWSEncryptionSDKTestVectors.csproj rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/AWSEncryptionSDKTestVectors.csproj index 364960d3e..1c2bbf34a 100644 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/AWSEncryptionSDKTestVectors.csproj +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/AWSEncryptionSDKTestVectors.csproj @@ -6,8 +6,8 @@ So we specify netcoreapp3.1 instead of the more general netstandard2.1. See https://xunit.net/docs/why-no-netstandard. --> - netcoreapp3.1;net452 - 7.3 + net6.0;net48 + 10 false false diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/README.md b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/README.md similarity index 100% rename from AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/README.md rename to AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/README.md diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/TestVectors.cs b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/TestVectors.cs new file mode 100644 index 000000000..dea6891cd --- /dev/null +++ b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/TestVectors.cs @@ -0,0 +1,280 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +using System; +using System.Collections; +using System.Collections.Generic; +using System.IO; +using System.Linq; +using System.Reflection; +using Xunit; +using Xunit.Abstractions; + +using AWS.Cryptography.EncryptionSDK; +using AWS.Cryptography.MaterialProviders; +using Exception = System.Exception; +// ReSharper disable SuggestVarOrType_SimpleTypes +// ReSharper disable SuggestVarOrType_Elsewhere +// ReSharper disable SuggestVarOrType_BuiltInTypes + +namespace TestVectors.Runner { + + static class RunnerUtils + { + internal static NetV4_0_0_RetryPolicy fromString(string input) + { + return input.ToLower() switch + { + "forbid" => NetV4_0_0_RetryPolicy.FORBID_RETRY, + "allow" => NetV4_0_0_RetryPolicy.ALLOW_RETRY, + _ => throw new ArgumentException( + $"Net v4.0.0 retry policy MUST be forbid or allow, got: {input}") + }; + } + } + public abstract class TestVectorData : IEnumerable { + protected readonly Dictionary VectorMap; + protected readonly Dictionary KeyMap; + protected readonly string VectorRoot; + protected readonly NetV4_0_0_RetryPolicy _netV400RetryPolicy; + + protected TestVectorData() { + this.VectorRoot = Utils.GetEnvironmentVariableOrError("DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH"); + this._netV400RetryPolicy = Utils.GetEnvironmentVariableOrDefault("ESDK_NET_V400_POLICY", + NetV4_0_0_RetryPolicy.ALLOW_RETRY, RunnerUtils.fromString); + DecryptManifest manifest = Utils.LoadObjectFromPath(VectorRoot); + this.VectorMap = manifest.VectorMap; + string keysPath = Utils.ManifestUriToPath(manifest.KeysUri, VectorRoot); + this.KeyMap = Utils.LoadObjectFromPath(keysPath).Keys; + } + + protected static bool VectorContainsMasterKeyOfType(DecryptVector vector, string typeOfKey) + { + return vector.MasterKeys != null && vector.MasterKeys.Any(masterKey => masterKey.Type == typeOfKey); + } + + public abstract IEnumerator GetEnumerator(); + + IEnumerator IEnumerable.GetEnumerator() => GetEnumerator(); + + // Simplistic method for narrowing down which vectors to target. Add any permanent skips + // here (e.g. for unsupported features) or temporarily update if you want to + // test certain vectors + protected static bool TargetVector(KeyValuePair entry) + { + if (entry.Value.DecryptionMethod != null && entry.Value.DecryptionMethod.Equals("streaming-unsigned-only")) { + // These vectors specifically target streaming APIs. Since we do not + // yet support streaming, we cannot test against these. + return false; + } + return true; + } + } + + public class DecryptTestVectors : TestVectorData { + public override IEnumerator GetEnumerator() + { + long count = 0; + foreach(var vectorEntry in VectorMap) { + + if (!TargetVector(vectorEntry)) + { + continue; + } + + DecryptVector vector = vectorEntry.Value; + byte[] plaintext = null; + if (vector.Result is {Output: not null}) + { + if (vector.Result.Output.Plaintext != null) + { + string plaintextPath = Utils.ManifestUriToPath(vector.Result.Output.Plaintext, VectorRoot); + if (!File.Exists(plaintextPath)) + { + throw new ArgumentException($"Could not find plaintext file at path: {plaintextPath}"); + } + + plaintext = File.ReadAllBytes(plaintextPath); + } + } + + string errorMessage = null; + if (vector.Result != null && vector.Result.Error != null) + { + errorMessage = vector.Result.Error.ErrorMessage; + } + + string ciphertextPath = Utils.ManifestUriToPath(vector.Ciphertext, VectorRoot); + if (!File.Exists(ciphertextPath)) { + throw new ArgumentException($"Could not find ciphertext file at path: {ciphertextPath}"); + } + byte[] ciphertext = File.ReadAllBytes(Utils.ManifestUriToPath(vector.Ciphertext, VectorRoot)); + + MemoryStream ciphertextStream = new MemoryStream(ciphertext); + + yield return new object[] { vectorEntry.Key, vector, KeyMap, plaintext, errorMessage, ciphertextStream, _netV400RetryPolicy }; + count++; + } + + // If nothing gets `yield return`-ed, xUnit gives an unclear error message. This error is better. + if (count == 0) + { + throw new Exception("No targeted vectors found"); + } + } + } + + public class TestVectorDecryptTests { + private readonly ITestOutputHelper testLogging; + private static string OPAQUE_ERROR_NULL_OBJ_MSG = "Unknown Unexpected Error"; + public TestVectorDecryptTests(ITestOutputHelper testLogging) + { + this.testLogging = testLogging; + } + + [SkippableTheory] + [ClassData (typeof(DecryptTestVectors))] + public void CanDecryptTestVector( + string vectorId, + DecryptVector vector, + Dictionary keyMap, + byte[] expectedPlaintext, + string expectedError, + MemoryStream ciphertextStream, + NetV4_0_0_RetryPolicy _netV400RetryPolicy + ) { + if (expectedPlaintext != null && expectedError != null) + { + throw new ArgumentException( + $"Test vector {vectorId} has both plaintext and error in its expected result, this is not possible" + ); + } + Exception exceptionHolder = null; + bool exceptionHasBeenCaught = false; + try + { + AwsEncryptionSdkConfig config = new AwsEncryptionSdkConfig + { + CommitmentPolicy = ESDKCommitmentPolicy.REQUIRE_ENCRYPT_ALLOW_DECRYPT, + NetV4_0_0_RetryPolicy = _netV400RetryPolicy + }; + ESDK encryptionSdk = new ESDK(config); + + ICryptographicMaterialsManager cmm = MaterialProviderFactory.CreateDecryptCmm(vector, keyMap, vectorId); + + DecryptInput decryptInput = new DecryptInput + { + Ciphertext = ciphertextStream, + MaterialsManager = cmm, + }; + if (vector.CMM is "RequiredEncryptionContext") + { + decryptInput = new DecryptInput + { + Ciphertext = ciphertextStream, + MaterialsManager = cmm, + EncryptionContext = vector.EncryptionContext + }; + } + AWS.Cryptography.EncryptionSDK.DecryptOutput decryptOutput = encryptionSdk.Decrypt(decryptInput); + if (expectedError != null) + { + throw new TestVectorShouldHaveFailedException( + $"Test vector {vectorId} succeeded when it shouldn't have" + ); + } + + byte[] result = decryptOutput.Plaintext.ToArray(); + Assert.Equal(expectedPlaintext, result); + } + // Ensure Test Failure is not caught + catch (TestVectorShouldHaveFailedException) + { + throw; + } + catch (Exception e) when ( + e is AWS.Cryptography.Primitives.CollectionOfErrors + or AWS.Cryptography.KeyStore.CollectionOfErrors + or AWS.Cryptography.MaterialProviders.CollectionOfErrors + or AWS.Cryptography.EncryptionSDK.CollectionOfErrors + ) + { + exceptionHasBeenCaught = true; + exceptionHolder = e; + // Use Reflection to get the common list field + Type collectionType = e.GetType(); + FieldInfo listFieldInfo = collectionType.GetField("list"); + List list = (List)listFieldInfo?.GetValue(e); + List debugList = new List(); + if (vector.MasterKeys != null) debugList.AddRange(vector.MasterKeys.Select(keyInfo => $"Key: {keyInfo.Key}, Type: {keyInfo.Type}")); + + testLogging.WriteLine($"CollectionOfErrors Logging. List:\n{string.Join("\n\t", list!)}"); + testLogging.WriteLine($"CollectionOfErrors Logging. master-keys:\n{string.Join("\n\t", debugList)}"); + } + catch (Exception e) when ( + e is AWS.Cryptography.Primitives.OpaqueError + or AWS.Cryptography.KeyStore.OpaqueError + or AWS.Cryptography.MaterialProviders.OpaqueError + or AWS.Cryptography.EncryptionSDK.OpaqueError + ) + { + exceptionHasBeenCaught = true; + // Use Reflection to get the common Obj field + Type opaqueType = e.GetType(); + FieldInfo objFieldInfo = opaqueType.GetField("obj"); + object obj = objFieldInfo?.GetValue(e); + switch (obj) + { + case null when e.Message.Equals(OPAQUE_ERROR_NULL_OBJ_MSG): + testLogging.WriteLine($"OpaqueError Logging: Obj was null. Error Type is {opaqueType}"); + exceptionHolder = e; + break; + case Exception nestedException: + testLogging.WriteLine($"OpaqueError Logging: Obj is an Exception. " + + $"Error Type is {opaqueType}.\n" + + $"Nested Exception is {nestedException.GetType()}.\n" + + $"Nested Exceptions message is: \n\t{nestedException.Message}\n" + // + $"Nested Exceptions StackTrace is: \n\t{nestedException.StackTrace}" + ); + exceptionHolder = nestedException; + break; + default: + testLogging.WriteLine($"OpaqueError Logging: Obj is an arbitrary object. " + + $"Error Type is {opaqueType}. " + + $"Type of Obj is {obj!.GetType()}."); + exceptionHolder = e; + break; + } + } + catch (Exception e) + { + exceptionHasBeenCaught = true; + exceptionHolder = e; + testLogging.WriteLine($"Unexpected Exception: {e}"); + testLogging.WriteLine($"Unexpected Exception: Error Type is {e.GetType()}. " + + $"Exception's message is: {e.Message}"); + } + finally + { + if (expectedPlaintext == null && exceptionHasBeenCaught) + { + testLogging.WriteLine("Decrypt Failed, possibly correctly?"); + } + if (expectedPlaintext != null && exceptionHasBeenCaught) + { + testLogging.WriteLine("Decrypt Failed, and should not have!"); + } + } + if (exceptionHolder != null && expectedPlaintext != null) + { + // Should succeed but did not, throw exception + throw exceptionHolder; + } + } + + private class TestVectorShouldHaveFailedException : Exception + { + public TestVectorShouldHaveFailedException(string message) : base(message) { } + } + } +} diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/invalid-Net-4.0.0.zip b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/invalid-Net-4.0.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..5d2bccd255e74a592d30621d50149a8b76b3432c GIT binary patch literal 328285 zcmagEV~{98yQSNhzTs~RwIbnu2PslG z&<4~W?^7uDH_^EYmCmNBk+Mpv&h~sBq}O<`C#pR4pnM;hD;@f6%yATVlvr< z0P)?Fe72T$vh#n>y=;_{XB>0?XzUoV$g4hZ3WjY~w`h8_*irojA}nOmDAtL{^LVg_ zKVHMMXG6TeLfFIvcfk4`Z@Vf>*ZRBrHCkGXDe&bFb%Sg_!DV}%i6ez;W^E`ScbRJG zsMAJ*t@B~1V*q9lSj2N?xs07bket8rAUB8$k5X|`jB)3e`0x-N1VB!clvM z&#*8d667B!@sroUt`jY7x=5e22P8k&few}@M@>q%sA0N{Nd+}s%x$Dz@?Fp==HzkQ z0}-g7ajKYz%~y{Z5>t@@WC9LCcNkS@`#n`|l`8R&Rbx%BcIyA@O4J!@5aEhXtRw*8kFR_=t+iscU__^~kdva}Tj zY&#a4UOduh=XF7xeN-?sxdf`0%f8dScOoi2)ii`yI?0j`uiV?}8$b@tv=l&8aP=KGxW=^pb*BZ5xa29$cS<5^?=lA>t z#;*RtBW?%<+I*{hdjC(O_n#&94Rtj3hS+MdK2PvzOpL3p6YmCOY$R?rA0%ke?F9jg z2@Xx=Od53dcCG6g%Y?_j0|u{15tx09JJp|{)+CYuC0S4Ryo;JvQ^jOciNL#K?LHl6 z+`;4kai?g7W!C1FD;XH5c6!~Y&~~_&vLTy%(%#qj0yk^4C{$#<4ziSJ?hryj8ez_z z;uFM+WqrCIJp@6B3E1ow)X@Pmo7d5REApSHMIkO#64pweJ$doMtSe`4}tYAihGgo9W zfek)n>QEj~`G;|)UwM6jAU&y@CtAU>K=Po?$w2!fFKJEd9tdy9wu?4>^qU4 zcD!x91zvXzO0gKNEc3gYV1$)cK^2b}_hlT}!81dh_hVM%IZ!2P>VqDf@vXeeZJn zHTkXeisWdt#Uv$kU8g@Y?%X_YUemWV{R&xZ4tJRJnuxTQ`O&kJ*BB{6CVMeWh8n56 zrGuLCpEW!i(j_BeBrLKWMaad2$3m2(&S;$;2vvh7+=zJDnxtl~5CD7&SVjqFj*>i{VbP^JfCUaEI)7$zR$I_A~zIk^BDPyIZ%K!2^`&r7|}uecf1 z_r=~zJJmi#anPM9os&qkJ!wsy zHEq&~qTQ#Zy~yxK;TW+D!C+Yi01L!&TlZvs2@jQv5^&}V{ZOuCO>LSxRPx5#FU`c) z{89|;;f3jg>Z;?MVZ=r=7+6)hA{U4JW3vcylqxC>xK09=8R@p{wDVo%kAa}lU+*SK z4owtzY`_}OSRNM)q7f{_fsk>VtVJdGPy*mjEJ<}9G%09EnJa17u8&B(qoV`!W#J>- zu7;Uy@`Ly{52Z2DtjysvtmaQ$oAquaW89O|CZ5R^)mmPqgNDqr<0B|>$p0RuoR6JTDJrE05- zxQV^JoCS#kB^%jbOL`OvP_JK`M1?$B%tu9$V}9q4E-p|Hhy%oIf%vQkltKe$pa9Ko z1_agqcY5WP%s{WJWMu{fnaPXrwBIFrvW;qCDwGK}x8AI=Wk-XOo8vyuCLkQFN^P4q z{_eW(r;%3|jhk_fFlPK4)Lo=q{j2xwSNvq_C{qw?7)vh0LxQ?&PQN zZ1hdcMjmWCBc)mPa1WAE!+q?W-HA);zNL8F2us5(cuW;cLmg4+NG?wjdS1ihrS! z>R@oS3dqoxlPFCJhd=Q3cC~JV1<{f4y2*w-7cqP5E8?ex$ zcP>rZiC!z@h?{4;Ae~AjGkYK+hMBlNL6bcA@oAkx+2LTH?#|Z7)-6!O6ndTfuSW(d z*is>9R@iO`|IjM@HDEDzGMdw#5w2XxJ6?j?NvQvklN*G7F!NRhM& z`PmTeUG%LI8!_OmbxW=H)Qkek@~<{71~lR!v_$&!)lk~}l(<~ez<|q=<<_6E({h>==s7EhQp9!uA6!VJ@)#ja z29WpEa*DoS_QK>30h9nm|NUMYWS&I>HU1oq946|#SzIAiS!KsoSB#;ION9cRtiBX< zqD8@t21!iUmK!>_nOazaHkQ3g(nIoGyhXpClXLe3t|Hk+!Z4b{20l|_^>kCS-h3Moy!_W5H6F0S%*7^A+g>+&z?Bb<2>BQL$lrkC2$)-wO@qD*3;@tb7}Z!^+llTt+Q1 zohg*R&TN@9o5U`Sw8vK>8A$x`Qa_*a+ z7WcdWSMR(zr)*rt1^Np|=!*U7>2E6|9SzyC1%3?LyW?X>DbK)!t9$I2tT=3QeOz=z zK@MlqJQd&C2|7}Gxhx*Yi4|Go+iIP<5pigPbAjEHqe?*yW)PuZc(`GN-ea3Cnz~1j z^{P2h8B7aP)c81{z2hXqc9{e~82^eNE`d(p?U6;qc-@#@OGy zW>yizh%3lU8Bi(p*00wH1!iz-BP;&C-b-XV))GK4bc&G}TRB;-=CvhI6Z^*A#uhX@ zw&e_?Ov|hvYbZcY6#t%@(}m5h)aclNoLAy2-t)KqR%PTBo8Yz!I1rvJnWpe=D{Ld| zB%!)g>5xYr&oDgvt-*AX=I4U=%a!}1yq-9!xGE2hVRYd>=0p6Q-b~M5GRUc2VXv!A zdh`ox(#>gESU?^!1jObzJKvTu3#rGl@Mr?b(e^ihiQyCUYcLCrju-nG*0mT^{)paK zEx|(#0@WhyynnBrccjUJqz{_NUqPF5R5h>BBLPBE?u&!(R+>lw1og#QT6vG!IyQdE zS)V!C0s@lOvo&i{Q~y0z)#_@Q!XPoR3-V1UWS2_`=@`{fBQ`{@yT|c z8{w*h?1YDhFwh}DR7LrOm0&rAhW+xvVTnZ80(bBe1N9FxcLY)U;us*Zo(iPBDl*JYN;`!ZD1LyUGrES&%ib2D7Yom_NASx3{1t#^I!(7kP6mUBL{{=hDs zX`S;vo=vVX*afoOjy8y+mOp&+Qn{@8zQXk}P+=piUWI|cHyMSxz9Th*ZW@URv+}4} zL;7FJ*t<5()MRzLL)Hew57^d(lu?uHS?&WoWv&-sZ;yUpu=ISlBAL_Ija!sljR|{( z_68Ux6BR7gRu%=e;uc*I;?sA!2+YzwUysy=QIhyG#(l780IJX@n3KnsHs{MHQ8Q>n zK|5(Bm4p;MVEa2lJmRvH3T!buCxL8mKNpE01_`?kzL{Zj0Dd$uwNLWonz`0{1x(Hz zJb^C(*uH+z_A14CnI!EN4m=b_^$;W5Pb24aTsNo*jTrfQ$q<^43EL#R5IuQrGAuh@ zz>pvrvPM;DQarK$qSSs`t4Tx@jK1K~a4z(d%}F4O6*V1G|2e8ZW+B@_mC;iY2P=+H zRl85iys(+^b?=f+IPhky!_i|BZrfklLfO>2s;=Cbr#j*YvG?ssHD#8q@)C_$Af12* z&go9l#QXW+FFBIDnR#2Z=rdLB7=sCg4}#$8XkKSuzsDFPLA?J#RQ7}1Q7xlA#;`_> z2tm(A67q6NpZDMXYP>tR?BX1|CJk>1o77@2-E;yG!1ks(bUx+fTs5A|oW2C5E|6nj zn?`JM&06myA}Nv=k%lSaVvahI0TEOzmSd*Jl%`2a4*;sO$(~EvaUQ>58Qd|rQ`m+J zWPe|_8o~GDx4#H?_umB(@fH6}tscs#bD7#8Et;jIjtKBs10pEyWaPgD^pbQ#A>o>N zt)w$qtp@!h3zsl~qT<1vwdcJ*5Xr%ZeZ7g3a@Ra;_kt$p9+X0M^o&s?nEA#l==hm{ z<<(}xH1sox3nq~#@ zL;EzitiIG-d2BnE)L|^)lF@vxfoPANHb|PWvaEl7lrc|=DVx^DVN~t$TF!zB{+ZI& z(T1r*odW$UJI9947^$z--94K+XO+AqfNZ$AWEdrmwu~wTv-0jJ!SuF*D!5o!I_{Z( zt5q!W!Gf2fm*7ZKcFvG}F25B9WOIguzPa~mk}WO#4r$~y-vXmDDF5u1r#gq2bvkLf zNQLUM1rrx_?{KR;a6xvarjnL}MZ|QryMQx6_=oXv?fWeDZE( z0P~|5m+JLH+`d}o#)?t33=LbWG zGk@G(FhC80?XnJrv5*T zoQ316l=N=smGh7$@{EneNyH=iQ=Rc;38cd0+x{V-{xUl_bczx3S%8ND^4Lbtlr5X9 zAfZFL`gV-SeMWKZux!l<*_pg?H~QMQ)B*=EL0jL@8kcc@HhGZE#ZXmjQ3PtRo#Jqk z1ZF4avFkclwHe4|od2#-E)}spXp>}~3c?&xs4*t$waA;vL27%Xr> zwmEQXR9;|&_yi)^mOb>x1KN5!E^%{5h1b&PUYA}~20i>8f}fWcv>_r$%dve~0N6i7 zt0ZG%Y7#$P6iz?jJXJCh4NI48uL-X!xq1pMd7R=_S^AuYMt~w-ea!FD{rOMD&2}(_ zSfXvxQ6tSQPif=R+Z8ZwQrlgRJ{#hn2`PM+C-Ye=8JNY!Ea4ElEM}c%{ppVpBo~^|vqeLu*iUGc z-e-Zyv%KV%x5Nmx?m0HmFA)8HFK4jd-xV;A-DQv1m3jGL?aiW;WUHB3%d1c*6^jOLpn~)z~5s6VGX#w?p--&Hsfd^>b-Uz%d~Kh!Twti*a=C4@M=1 z)KWH6A#y83Jgb#<3iHn$o+V}qSqQ^Q!wK(!G%Ufovq zK?R3$bBoXKX8u8)jRjWJmlY6pq$pmW0zUem=fsdx77*9#{g+DGLSAIJB<50j0;PH! zs=d3{NSn59nIZ5tBp`VA@58Y`-V1)hwiHPrW-tyK7Fe5L7zMLB#zRh)rCj!j_b7Lu z4WIYz(=l?_c>6#+!We$ZMjKh{Ex9+7_n{b6m-AOxgdr!*f4}4#b@5fyrau{VJh30e zqj;wya2mwF=z^lr9h;7ByUcFP)Ro?U+7bE9t+`lSOB{_6$7V^57@EzU)rXJpu=_aG z9FW7FQQ_%0DaHBp(algvBDgboqXOmIoEKvE)%#kKW4Ol6(PSP3(HZ0IiPugR(WPHQmtUm2t?YSfToXD7Y=Qm+w#EC*Jwt8@168ugDXFown_Wg*;xZ zz2FJ8M^k1KnC@i7_p*K>xVbs9m|SFO0ZOYJz*6$6%?~LL{<-vbhHcu~-sKNLyld9& ziGn1*yo{odblMtU%`Lf(Zv0EW^WMxy%t&(Q8cyV)%&0%)zB<`t;ik=e&7zEE4!<@~ zNCZWgpt*U7OLOCuIiURa-BUPC3ifbA+R6l1rfIUf473|k6x0>@CtxBNLE1SA!Bt|b zu4n)D2otGwCJVKY`^yh+jNzQJgJe{>R~OoiW#mVMzF0-_2_S{=bl*uC2@EVTX}h2D z)qm`!N-s-OA8Y@y!O1xmq<)~GAHjUVlZ*p+)hHlWWfq)b{$~~V6z-{5{;!ee2h|&$ z&l1z*d=EiVCnPEETaL+KU^{kwP)=;0dN~UIN0G86vni$0B=@(N#$f{);$^l!l*jm~ z?&Af(OEWcw(GDsRh%p+fyrHSl**VOue}GR?#K&b1f+#33F|PqK%r^{+de^?N-de^F zfzpyYH!zV2lIsPq#I6gn=m!?q9Rm`WA1s1BsV>m3of`WpO%U_7eY^MaUw6KIu^-t5 zu#kk-ih_X!zd{s?PC)*)aG|AXf2DLocY|7zEAQ?FVI0WQb0zSGQrJJ!vKA9wirZ0Av+D0+=TbMdBj9E}3V<7&u#2 zrSgPoch=CLW9F;yre+-AI5F9+SU$7!Go$`V5@id-W75dL&V85H542fQEk#OiS742@ zVeqTP1@WjcRJ99()j3*yj|Eh2NE?Y;H4I75S2{yZT)(gfnMwi>OebgUe-tGa`3{-# zsQA*Ol<{ggJ`cw3w$6^`Ky`{xztQD*H6FK`JWK2MXYNg#{T}$-iDG@WGI!rEI;0Zy zyo_b6yZ&0l)ecgpdp?g;{*I^rBF1CadRb+iGyt)|&a}KIqGhM5UZ2TkWd}2FrO-Bf zYRlzszypCIVB*|;()Nu$MLr=h>5#h}hoUH4* z?FSQPu@$!<=3c9(%OSs@eY)(4pr(zDNE)TO27Y%`2l%&m^G_|!+(TA)Gqhadqq?I- z7gaUzTt?aojBoFn0&@Z|S6ug5+Kw-d9vY)ivV_vgJPwVOY$Ltn38E)y36u0DJaXze zHs#wKG?Hd!*LA4-37{j}t6)V=!Mtq5&i&3n%N1!MOMPobXl!$;CJk$4D~(dD`A(|H}IT zbUhM#!?A&0j>kQhCSct-M()gea!%;#BX)Jk&k~}T%Cb*|68a|uRkdsaJn*8C@5)vl z_@+DP;_`500}*8i9d`dcNHRPY0}`WoWh^##vUnVfM6d0;+62d}lkp4_eGO3GJsnmc zK4EH0m!)Xe{GcNUiCLl^Cy^dS&3f}3xi`Qq41w^9oV}dBQ*r{SGQdjU(rUP<@;Xp* zmUo!}wEIm^tvfUy%9oC?63zcrMnES{fJVPBz3D!zH!xU;bUm6PvKb2m_C07$3iK!0 zs(35F2MwnW$kPG~$v~&nFar1Kv5QcB1B8ReYK+Ie=R}#g2Evj44&NpXSNr2PKLFo= zNu={96%ADb@NJ8kf3I%DWJ@|gJ0*jwH>Ixv=cU}OCs7v|mOw7xY0eH-Ch^TSAt_74 zQS0f zZ!}rYPAHc5bDw*4YU^^{_!*xBo+-q!vdGFz-<>r&8qB8*1J4{BB@Q4^|S!uwfO=vu-}J0RC+do$YBYfk6F< zWF=#KN@$ZA_Db#D>G=ZXLH*VvmEGs8={z^TQW!orZ8STAPyo;;hG7IeLQSVZoAWH( z8#o+z&ELojznxqSGI2nJ_HVoJAHKX4k%eooR7QRFxTQib522sN%)%M)jYXMDihQTze`ns~nv2pQRsW~Ks~ZoR-5fbWqfNTZSVs;Uo5 z(g@h(5~$sUp8}Rq_v-qBm_2;qm|M8AwFqN1b&J)cO_ViA zgy-%kde$ulnhV$k*ghK1{3M;4E(gZv8d+Z z*CadNgRc|0_UIYoY;t%;J8t!D4v>2A5H3(jSflti#&0AaQn5@bGF-izPSl*nG{y_{ zwNtoAa|G8Ep|_TeT!!_gUZ=zubwA^GCVs)y?YTqe4%Eg$NJ(?p#8UCksRT4Y$}JCW z7X-4ZE*kY_Bco04$~l{(D>XyESVrdqpL{YHwMd-yf=Y=yuyy%q6VF_bDdtB;rKe3q zKVu?jWsoy{-qwu}JRW8*L2@+5q0iXtWxI+P9y$@#bTU<-0=X6h$V3p3NEm^?m*6fX zNR5rq&3gpfr8M%ke?NAGKPGSGHWvh#C{CHL11c;9D`$Od`*?J(Lo&rMdG)^s&lI|T zM##1XCaD`EnXokvZ=|3KhtM}Q^kg0BmH3Vyv#2KBc70niEUPDu%U!^g7VQxO+hI~s;UR>fMXTWH_GDN zt5!+o!>4G$`8x##R*6bxeS>Afs9if8$DRWg7nTgB;Sy`}YHF9?sKn_$gnd6|4(Rm> zJWOgL$T@E)6d=(d5f4|2BIF<>fA@iUZxSD82<9%U5@c01>6AyzO zK}Zfe%GL1!$nij&BK5)h9K?q99izw*P}h<0we@-vc%IMA(dN_)W1M945%y-Ypomtp z7!0uIRcfC4&Et7Atbh=U0wxEaRD!|L)yQ^!nD|TCw?Tv>K|;c9fJCVHM%_=|xAn#= zy!0GY?9Tidq)StGsn^oX*=JiYEy=M~y(-qYwxdl5^ri?cA)#9>0SM!(ap7s+YvE;S zv>Neekq}}Y_?+SNj0^K4Bu60S2nL;=a1t!E_f=%Pg>)>GSfb9M^4uwKS$RX^KPzq( zH)^hcBo;d9SE1jUlv`E)tbFL(aXV(YHV%D70v>;(Vp1UZtj2A-scvJ>9PU;Mf~W1J zJbVtz$pY2M=HQtXX>3Qt22Lh&=)^00H;}$ud^K#pLb1AcHSrD_Q^G~fJIq5knykZS z!bE8;6RVXM2#IukN<5#z@WasmB;Qw+?V3Omw>geL7^4SA7i6604ZRGf#8Rl7?Aj)O z6wg7`FKAo2!=E^R$px8VbCI@HrV|EY5~tUCT6dUg5=4K&^&>)QDUCCKG>t{JS)^`Y zrMKK^JR$#dh|D9-0nYnJcKIJ{DxR;G<99g_f~>v9gX6cVxp>0$~cif77-7ougasPGF5OKEwL z2G{#XCjhPrXL;IpGOnJ7yCm^~fYb46JDn0>e>bZL&TYC$fsNrVLX*4#iV>I>S{IAv23GDhQY(d_aG zk7q%E8!v;hN~(IZD8R!_W$K&=1Df&Zs6hnsb(Geh+#3#mxM=@nh}}Lug5@kqA>+)# zxhmo6=yFn0H@is}B#tR7R=~Br`3^qe>k7X_?T$lo08fw`^ka&nSl1CY+ZbRk&^mX@ zkTR~2^}S2t)@Jr-i4z35JKPAEsTHH7+4ijrFOcXh^O(xiQ68PwB9PL#8BiEe-^9ChvfS|@{)D~I1Q<9cPnWW1`e#-=U; z4YDL0VoB_9h|hNi9c}l@!)1K#7LxdcWpLte#M50;h6M7M*NHJ7Em`PO#GVfawSDu@ ztk$2cBAtQ=E=keZ)jD(V4h5>55iVqcxQatZ9>!sEL1;_@rn2PfHm&h9&Qcq?2BQXI z^$4`?hJB=eTJq1B$k>eR^otQaqmj{G$w5evWc2LD?o1C)IMh?4m_4;c7j0W|XorVm z2AS^>a~lo$v~%3uUxHiXOiL8e;q9^bjZ?{l%{MeZF4=R?i=qQVr}VXQwMR0Sq%Zy) zvOZt;7YinzXJKG{ezYKh-O}Rg9G{n$?W5IWNsuXirEjke8XdGFd^|DEI4UfIGLyIL z2=Xnzt-ge!W*D)*Tzg=jvY~?tWCOl>MaN!^K>@W}RbUIN`Hkjp{Allt!$t{V{_bcg z#)iN4V(Pg$-Wwzpp;UI1wZ4u4N)7!=<#QKgN;%7Rwh%vb3Hc96_#dJW;=gdjH~MPB zv41nAf1n}cKa$YO#KVcs(#g*DzYxOz;Di4U2%$}U4_qJvikMq&pmXR5J{U5%2unOe zIN{%h!4@@&_*P4-!LH59{GdbL)5~w$4b9dVjM{U|U=ir9#U?VPmV9!RK%{YxCT@Gd zEUm)|u$}@t{@y`?t%)t{05Q;`KP{$BN9^`sFwc5COHd;i5^_!~RNF@jgX0AzD(ytD zWe6vNA8hpzcj}*#?l=2a_DT@W8(fo7EC{pcQ$cX(XG)V?(a0 ziRSn^hXh6qL^h3ZX=g3@?0tsM^8eilrqm8rbx;5R8bJU6*ndvg7}#2vnm9TC|GIIV zC2fbzjxcunjuJYXk&XkW*TKe#dRA~;>aqUx6&OtY4ZGT$?Wyr@))Xq z`F^bQA&F(%wW6sx?eVT3XwtbRclT4~wmSrW>*vemDrUEY&AK^v2kxiqHe=Jf*LHfk zeVnzs`taB0RxGuxH&53>w*Po2FbyAJa%3b7|9$TAJ@WGN*tMqce*4&Q$j^qr64@yq zh|UY>K~wl?1jwtTdPE7T?0b4!?L-~lV;R<`KKpa@`8_JCuQ#bz;u5w_-;LULoi*=z z)m1-B^`jZT<2v3zJ1b&jzH_LzYWaAkdvfcsvx$1#y?wv2<4?_gCG(VLQfk(aLH8~~ z@rYeo)%(feh@4UD@7DEAo!;wbyw`%y#hFdV?mcio`9)n_ij)@AvVQ&(`Pn43Vf`7_ z5Gs*qc^bBiUkYAMulH11?rCb7DNmM!r9w*#A_g5-Z4eO&iQcas*#L$f?l+}oVsxr!@%s|Q(VHeopCLl`=?_^<6 zVc@D|#p13n-<1AWjf@6wMaIpcxwiMix*!Ej>k4CpStXMCG0yE(j;s%47$O;Igwaes{Y;LY!(31AAPRs&YD>a+A3)~>Bc;ras7hVD6pB)fR+BdKvll&i31h6>0kMgx;Lv?PW^ z*jE1yJi<`S#^5DGE8|lmv5``IwV{7I9t~a&BB#3OUl}C}TB8NAF>a9Wm>?oujV4p?h$cZ&<0vlxCMoNm4H55U z=U~pdI<77PViXBZM4jO-$Y=;zkzc%z*+EVaR7@ry2OQ4ldIMfZ8+NlS%S6H1;uddX zEb;d(ohj7ZlW!cCj1|z4NFX-nGeN^q-;9tOHNaX8p~<_gN=S(nq;UQf^-xd=nSdPV zXsx3zN~(b*IF$py;ng?e+3`l(CQt}Hv4$5AljNTWmcZRwhdd+oX;A7PAsKN4?fw}& zm0~2J`UW`nyF2**Sqf*S7DbM*6;!3#+IJMLU}dS->Qq^1jXRZ(RnLD_3o_o|lqX}# z1}YeFemUrpASO8?aq;r< zQ|;M*2LETryr!(p9UF8i(PSnB9sbGLiS+HIXxbHkUcHs9GL}F`yP!v^uTG!r|DAaM z7g7Ja!TdX&jV$cVO&tGE-28uH>i>nC|3A`BqOd<~iV6Tgo*Do^>i?p`z{1W!Yht8l zZDOm(Kx<@UqbFiwYT#n+Ol!=}X28VBZa`~f!oW$(!p3S!%gM>aNXx*?#=>CC#=^wF z!ukIdm$Dnm_GEt+>Gn9}t-TC4Uy#X@WU^(ZBW$=c)>>^g|MiW>>!jbFst;@2rvX(R z9UW+xK^FyE1)&yTSn5S*K*%>$sFcJE&UBY}6m<>lljz^HLtqdP5EKyg-I0JD-QAF# z^|krGqdNgRD{DIgTLX%_8;BtCyK4ctAvuS;!n=N;dbLCtQftd*Nf4G{kb@$AtY6=Q zBBrPfybD7hGp~w0OzQ@M+Na{4WnP{uCb7qSFDemdjJmmmdvMb3U+5g}}Hjy}YU{kEfpjAL zeVft!9ZHkY($HEwH*jg~*N^0^kgo`jcZX$yj!z#sr!NqOVVk+#4Jrqse%h?jwN`)J zZbNCa2AP;;G96}9NwuU;!l-T_AYGD7C8mH4KhZfA_0Jx3(>P{7>oXWZEc`JEu z;uE?fszRc#*{Pc!4g&+-_;2bP;krmxsxlZhXxw$O{^i(*{z^%Dxvh9%wlb^5Kb-fB zUK8B_FK#&tf+kl|WDtvex!?7ZV4cywH0M(u2EXOb8^-gtAlhxAv}AKac%%t9qSuxF zcyF7pCzhXMTfAZ8g4hid6Zi}KN1&hLX!?h;eVX0lWGe;~H4|2yEx6ON5)3)mKvvwF zuagl6NuP?-pTA$EKQ?jw=KYIm+55d%v%}A51yssubYxMS*C>4lI#pU@-i&B4if@P^ zEty~yfQ4~DE!%aShwD4$s-`Bm9B+xQRnZV|vFrff$+Ku64w=|G_y$4uC33N3Z~bzi zk-DjM<3G@mXdklMn_)_9dc&OVGbk}F>f!UDr^Kf18qH>P*7l(r7fEo?lXPvYqgd~4 zy0#v@@Yyr+vsy=OY*&Asi-q4&r5lT-YFi?TNxDRjq_O>$ll$@WV5(zG}~k4%C!DNeqKMq4o8f$yS;?=lWwI2#}ks z>g;xGT)|*T>>ajQVtkNWN2&)G-I}=mRG(7meo^+Z7bD0pFLz~N?E4mp@zxWL==u?w z;b@_Jz@W3q;6cLR7_w!6_h*KzB~`?U8wEprJMXlPU(tz|dV9I+_|>v;6J-?nmN&mH zO`zc)b{gkKkUK8iPd_6;68nUR7}ngHUgaoY+&hz^Qi$A7G<&%@7!*dRT673#TP^}T z(t233>}vRzbg##o)GuAXuI<(NRSJPmhga%_I;lCxE<_qr^U$k~tmFn1z$rZk%arNS z+>ZW5u+=|-TWw}Q2Iklkb=L#gc4I(5tfrqmaW1pYD~Ll6e0!mNy8*lA4l#9Ykz(%E zN3O!<#b4%NGj^!qj8MbD0BmSzy}i=L^ErBwLm>B?r*L2(P&R9rk1_D-gP6r^k}Gx@ z1*u$thmster;2M_)e6^E6+NA$+egOMbDra7QY#HxoQBwe&cQq|W7tfDC92mjdR;Cq zPP5`3TSixxW3?q`#4~ZbK^3=WwKF4X0-;z6(bpUs(h?NOEBPJG@YM}JvN>z6r2$$0 zg^|_7E)Ti`g-r2`E0wpu(DZ#}v;8&$`r_y7Ck{Bht9>Xrug4K+x@?x{<{k?1HC?&# zzj`@;h}%*U^w!3d{$u$(iLlF$vEHjQhG5|b4@OQc=Rmrpl!|Fd28@s5J>MXVK|^@g zL2N4zJ^oY}@HnaVq9C%xgqLVnhVz`|8jXh7QRV0AY1bQKyPMfkZk-Qfy5*m;7t3PI z+r~rV2cmgwcafwxqg$g#49q~6^mIGiR36r#l9^G~F;SA0eHB7ti(E){1k~yrscdv; zb2J4@vw8U#sj}+5BM%B7P+dKk5Oyq#)^lf^E|`f8eWh1=I4d&Ps=s<#=&ZqHFCCE0 z0`P4yY(re->twm)fAaO+J^7bWj)$laeS2hB8Yd3#=aM0H4=pIJ?XqVK;{0H^^u9Yu z(Jo6Jj2=!k==ol967R$uTjA%eK!#XbGs8%gb6kX-?}XObdqXcKcVlv{aa%m-pi+iE z(oH&)ffJ3%(NRn7R1YO@fU1;BVcukE>|uAe6sAM?4{3qC3TJ~Kw=m;u&kv@>8eQAj zr|b$b_}zP_PY$9YPw;cLR>Ol(dGfKu%f>P75f}>N(#PbUKdg`;As=fGQ-WI`J#2f) zt)rq#9O)c&CLZfbvb0@b7UygDe zYQqxJ*E=7x9mn-@>9=Qwo|olP#O)S1R2p|?EW5}#p1j-J*KdaZTO53NEP$;wU=X!b zCe?95QTB+a{E^_FdPcu%jV7lO1@XnSTvJB&3T5F+S<=!->+4kjFc^m3m9rJI_&W^= zj{x>EQrP6gX}AHM(;$rlY;;GCLp)ATLv#{0STXW`K3nE@ZF!cU?0y>g@L08nB7GW{ z$nr3;hhZF}$rVZS@jJHgS0pkD>FP!#L$*;OXAdj{nA54lV0gX#%jb#mM+}~DyjkQp z{67~Jn>`ntFy&qOPtXm3^;`aO45ajcGU+xQB}Dv?W?c@Jle;xknIJqkZ&GUiE*WX7 zJqLwTY!Qd(p;85tpP`A0(3o53J+wy#1K=7Z=fHDui7<>WVP>8Bt1+ksYXFKon7wSV5N}FtWDp z`;ig+9s)bM%@iB1->EJVwL^Z{VcM);RwiQ8HPpe-l_>8J4%$-B6eJGR6f_+Q~ouK zN*6i;hft6=LHxpzAxl(wt0OzL@}o=d5C;^po4k+u6CI)Cz^f&EbYsuTj#)FghUt4o zrIynMf3<9v+(Cl}U0_1xI= zpYssmqw;9~IIG{mG!kx3J~`3JUlEY(%n3Ux*VWA@P@O9DWIRo>>e=T^+Shb>%U8!S ztqIr;i27|^BwVyxPSDyF~i9J(CrEr&a8C}MrV1hl_*Fkn> zheNCAokbN!Bj3U@G9X0t@3i=cgD>`gvSn->p86Skua`YcibYmv84?lG z(v#gqH$FtoM!!H9_9`>j)|{%mipMj<*D>m1h5}-O)HQf`cW?dc{q&|@^Mxqtl5Zf*Wz>XXOVGqH%!&Nt?WEmUH5 zlfDMrdy&QN$}0$r0vOeOAm0P? za%pO^@fPkOAI{Ox6Nho+Bl?iZ%apT-xIQUm_M_y#{K)ga_kgn5wJ7@eZM%iAL0CT& zy3)`YurTHRnkHe1wYbiVy&pO<@VdJ>6LXWR@b-Nf1=J$t2Tj-5u~)A={u|NjaU0It zMe36L4Y^qlYvyu|L&&(wWc(p_V)t+92(IV`O5qOa z2THP}pN8K(+V!GY93!~!`O+#A+^}&ehhMR75|$fT>AHJg`vpTM?RM*`ZqmQBNOE)u z3B>T(SnJyoE=MV`Pdvsr z1K^g%9H{91UlLbr{ibdJ9$&70o`=FaEFU^yTr?+KCTKN3ZE~3k<5P8I`Sg;;H@B9L zW5NXH_1>VDM1_W;5havIwxyfbB2@N$6{jg-zP~ZSOVvilMWw+RrtyQ^))YOR2cW!2 zdNmew;&mYWUVDhz{5+|>VNZ_>SraVlXR9u%S;uF#&03?Ym-_Lw-FHX5ePb|T+AZk#&mqZODy{X@orYyevqe)$gJ)fZt5Mg_3 zy)^scfoVB&w#E~qJEIu9X1F&FG$YDtzqmh~AP1gj-UW4t*C&mIL6km-h~T7^_!r+&RcPI_EkR2}>fd}TNyGnqs&dn5x$4{g4 zaSNn1yphUmFTl-Ur-r(|6ZY6AS-j}!k=U8xrrzs=AA2f`aQ@N7q(V8DtFKhXXk ze4Rs=Fj^2@+qP}nwr$(CZQHhO+cv+pZM!=!$;u!ZWO9GO8Puw~&#uYS`Ms+%tkas& zj{T!~8V1ndCZWZK<6)_yW_OliKn3;-7SNrgysK8MaBZewdQ-%;7cip&el}9bP%UZR zH9ZW{@Lnx<Wx(W{tD1D84i^SRVqN7P20qcJ^z51Az1P0&8R$F z8u$&R(dAz1Lg@7Y@OiVT%X{F(xZ^9VdDIPIGT0HI9;}x5%{ZR^bue#ez&Rop*5E?Z zB~IBP@r^wIxOE1sa25~yJzzjcXpyepQaF`uR%%l`26DsM(@f^wUw3^f@Y&X2j8kw3d&)kpM8&}RAE+4zZC4w>wnp(K2G;f(D^yK}dtfQdWaIfn{u zrvZiZ^j%QjoQ!hl;-qR540BXm5vTGkHZ}*!gc4}`;Mn|QNnp-NR9jpwLBTt_xyH0# zHmGR!GVbR+KnRMkt=qSe2MR`>LH((DQn(@d+Ayri`m0l~yj@pLvA&vpXxLJ8kWavy z=U2mHfvh7T`r`@H+R|dI;eeCHukB?YXNR_?xW|OAssJo>K1N(@LE{t@MS=3-4g1x# zxI3TuBhaH+#2x9q;rC8OEP0;?x%T%NU`tq5=#`!;n&mmUytJSfDlzCK|5en+v~`Bf zYBlZInf`3r(DLeGpqdGrz@x_7~1eDkP=HSqzOnT=|>8C*`6-<`> zK^JJB3o3=^6!!1-&N1vZ^&$dPzul61`ZR-;d*q{-;*V^FnsLyzxR;4hT1E8J6)dGBvTe=TYtXr4F?BFjz;H@`c>HywTQilNp!QdWgDF=u z?E@U?nM68L5Jj$AMICzksl&?NiUARuA8ndFM5yGume5;{OTns=UqLY>FNzCXL4V=N z>4n*Rvh{&0E?q95Tdvi~T$Q{*tKKifC)U!t{DEMrG72(!7o>-wIr`+4Y=_i)$`W5o-aT}idr=J>!K)Z*bC2~~fI+UZ66n`v7 zu7{|QmK+3`|GJohF9iPyRsCRQdHSoo?M;ylU7#C@rgRi~Fbf0aU4+zkSZB~5Tee{JDvQFGYM!h7UMLc0!t`i zwwX54u$&_7(CwP#>bWdNmMm9^0zaMNy6J_~DIiGtDgFGNnl-|)F`^bUm1!jZvtbhd z%FC&PI+_l01+ez%+z?Yzd_up5yMC!!w0;G3%R}b3Lbx4mA&5nQ;KXHsp(S19fg_92 zNI3Kn0v^wZUDl5K7-uowC1|$jSEYt-eWulGbx^w8QJ++U)LzkI>n!J&bGZCH7=iYE zBXU{@h?%()b$X1@DtSNcl&}*$6thQiT5OEqT$Z`P!nlC3AJw-FX-YPyEF&c69AzT@b}43QWk%^~@_Ox-tCV+a09+EnKBNE8m9{N&K+m;eqqwZ~pW5 z9zYH!F@CW%UxK$!(^RUb?m+H;Tx<{si?HUX)A+vcz^7%>NE<>NHIPQWX0xeZ;`lKo zpTg2{hLMy7^ooBtp&*=Mx^GuWBe9rGQKvzqMLb%-dY5P@Rce*E8e*O-&x9k1&noz% z5FzIMD`VcM&$`!1r;Y@5X%1 ziQ^X&?kLpYb)~DM(7-XShndA=ng(5(J%b^{ zwYxG_-DgtiK5mGK5>rpu7;P>HSTyZDm1T_KQ&mef5bUg+)6CqoSfO$0<T|YzOZQ-iuYAMWXRvUfX3K3r=Ve)J{J2D>PJ|!?R*hgF=sgZ#+0(CdM(Y+Oj}R( z#b`U%)xM(*cXm6*LDOd>f;fV7OZF-pa2zg4;xd|4&=ii5E6$=aViDt8MjP?8?`^4B z=r-cA3#865_Gh#Se^A5nv$-EY_5&KDs*sN1;AFbbWfN(H;|DpmGSsrI*Q6q~ZRIyI zVA)>g3O?yvpQ)#p^rfq7Tg4;XF8~g&Ozazn9jdgNl4DlE1$tOlm+wd1)5l&aGg8^T^FSEAMKn|N3 z+`&i21Y1!wX@f{bXUp*2A=`TSQ9oaZhp6j($dUhYAyaG92fnEV|e$5N3hACksKr>Cs+i$TE5dirXj>ZhY~N*rXQpyTKryDBIC67%g(N zp#6)R9}vMQ>XAkZ)gP#Jgw+x|5;&B=mKx=rXwf)4Y19iz<8RHh6^O|tI+8JKGATa% zrK_9S(vzRl{k=8j{>Dwtosc1bm)SN*uk5f(7j~-L%;{=g$9O|kY4bh=(p1E1BV>Mq zWf$*h@2Ja}6fTSJ*Y4VFierS5pL(-~e$b^p87Ed9RT7g-`fsdE& z<;<|6ud|=}0$gY}c{%sgfbb((y7`hOJ4e76W3OyMf!8>W8i#TPrkx$CpxJD+X|Mgi z4Yu2@4D0(R)r>{zq(f5*Zx~y0+M+}S`qxJk4cYpJMZvp#@V;3j{0}BK=!tsD)7vx> zeJL3vz}Oc0FuDxixaF`qHm4cBv%|3}3%770n^oy!6jtn-Q3*AqEZcF$&ATF>U{AR0Y&=r7g*-FNR@EeY9^ z-8iymL9-$4TyVm7t4vjgq^4*#7_;5kOZcHN%V_z*4q$ICNuPR?*HJ!X$$zmRI;+UI zWfJ33>Q6!O)XbgWdX{O^q4yYbCic<^ItCX|a^6uh5OF^5*HwRF9Jm$DeDL{d2AJAr z(@)$W(a|y!b85)*P!CMgY;XA|JLyde?-h}dMSf!V=FH5WuxX8|hJV!;vJDnwGHgnQ`>Drw*;G=a z(%2nQpPF-pg>A&+bEOw2@Hl!Qs0GVE?LI=cCS9K>`L{wHA@kwKk=Pd7%d@{~@ORJoWk7Map`8U87btZ3Z|V0cDo ztMxOFJR=T(Os1WTnhJ{GYKSxVXDeK;q1xp;8Rqd-n`{);e$QCHrxXzs;eN&szn1V& zXRhF1RMjolY2RT)2F*>E`=wYvy;3ZWn$MWC0qLhlrpm)~?d>OFGvlk7ReI4W%<(Qc ziOfXxH*?@OKK_J~RpQEY^vhJbURJ7&X*|Ys&F3l~RR$==c|z>uKkJ27L73I!uX-ey z%$%c|Ot7DxrwQ;TX4c}?r01LWC_>&8Mw`je$%rEzjKQxMTSV5*ALGQf@sWia5jS|= zC@2Iq-qcYi(ppB8S>#;)%yEjQ}D5SM#YbPMMItm&xb)&CZo7 z$@y}OOPXH$0AaNz{UCl9Xy2)3_)DvB-c$nNyjI`E_no-=;ifr;lFe(>RymVRGYl}X zt93`yYxL37$1q#zuQO|758mbv=3@yFgHqh+IM*JPlrcKE@xF6WRXvvgowUcoara_< zJ2&+1z4_Uk$|B`t!HALx;gq@qSA;y3|Mn)jUq|A`$wfKdC+R<_JSxx7AtL|?xiued z$Qn?+;0j z;wl`TN?3cxJRPvf&8yDuCpa$x41$>V?bL!`lH{Up7cUM zqJpvQ;!Hs{ljPvN%G@A>zUhFNl}_f;QuJ+4$z^ZObNN>Lp4f?QkF-%hP zgkuKLfi>rq6nBqc<9+UaX_+a=v4|kl?h_XqOT|sG)3r@iH#A-yz`Xd4#=*|WDUKVx zgLW%?FEUS8=PwEH@ZtYtXNYM3WD35=!K0WRj$&ta0v_{h>8fc8#mZbPsMhC;%GhL-DssxHV>Shd4O*uRp|o}=-Rq~%-tt~ z4}Krg!sxfl!P_aNY0yGtT<~$|m=x9~<@e`8umUGK>lx(kVT`pL%8l@jq#=X0|U2FEL+-mF7|NTn z(xUA5?H=K`$tb$Ql5QQ-52cflbrGEt!dOmN%s6Uu4}6dEd4IM}g(PnRx4g~&M?MP< zY_)cFCl)D4CC_;s_J=72w>{(ic&8k;m-mQXg2L5c97gOmwe|s2~ zZ(@bWJD{T%hQcURk7iB5hGbwvIpD^7QqtalM+3QqmjQffY6jHh7-q&Mag?7ij39iz zyX{k?j&p@q)wI_5062tcp2d7uTr`huzUWmdQrCY8y5Pe2{5+-U)_qYyKOF>G5|5)^`ADJk$&SAwuaW_u z;zn$i-W{g3fN45mja={&3*OQG?VXQ5tVN)3bW7@=0cwL_WJ1N?)f}_F&5JUw_?KME z!Hv=k@OgM}%f2;k*#=+{wgZ=L91<>X3^ZG*1O&Z>Daq<&{_u;*hBNUr%BS0fsXuP| zqX(G*F_f7t>@#_rW-OF;=F(sYK=bJ}WoVbS%;c%GV^pL`T(YD)_)xD3VI2n`Tp&7k z7{L|WN5V(Xg4Hf+K^LMM#NB*`)n(Rq_jM_}VV@=9-?K|bz~!8ek*hj!{t+KORN+sy z@Za7-_R)NziE0c@4fQ8>x*1r1LnJz3k5&O@lABmoH%fAK&MP!C!05$&Td9AWTwkic zPVANqHu7+Y9AHqZ1d%e@4} zD9yHjw{w;9Ekv1Z*xd%$o~ie)Kc`+4#x7rM8`Th}((PREzei{S(j=ek10Jy3d0S`B z-hz<1z82*(9IMQ(u`|D+t$!l2A=%pw`7o&yMHIKYOHwtcus5=$H3!JJWU5 z+xA$YOxYTTMbED`9?M)R{H%5GNBah~FN!!}M0Z+4E&e?d>*ej6iQvdlsH|e%(-O^d z!KMtnv~fxnUM70o&4@-(yxJHjJ8yy$0YD`A@_iJ3a-#3GbECfJ$Q}s&HxW?4+AuiC39bCN5qC>#@1ua$8L>J9hg_Jl@}a z(#dT`>yi7P2MWPa7nvBipUq`BQyhemWeynAmZ;Kepb4i_TfVTne>+u(Ipr~x)bhu{ zLlsv?06Ya|wN-%kfBmNW(=GfNgZ%jGPj$=}AoyRJHoulgo&(t!7*MuFrJ_%lB)LNG zUkEj^1Ko5*)3UC=i-_TyYV_%Z4HNHn0X&A2z7mCrhO3F_R{@6cLEi+;5V zrQ9tV5V#z50@b!l77g#E0Iwt40tRn-y3p&%kj~p)*YFQRT$M;4oy2fbzL3Pg?=uFr zPjT~+an$*Y*e@Q2=fbd!*BqJ5%%bXY?RsO9ZRSzSHL6qA+AyMmx1Ycb%Q`Ny>@<}S z;MwC)x(1`>zQkhI6WH$%bWLE41< zM+Y1|Kr79dB1%HvVRQE3=S_iK&(-Iq^FWWs3x;+@`*mBvSUT{Q2oshS=?_qIWeGng6)HG&5u~!!;Ow(=!5Q2wo03L$ij3Ad-+l zj^D|!R|^{PW(r+EvH(}IHP&?bdu;+TH7tr>ng7B88WjT@Q*^6bXsEohIPwT=c&;uF z<2J!(p1u3^=|1oQ@1tk?sj|Z`yQp7pNKh6s37;dF+2+sx|E^5<`BZDA|A*63{)f}* z{J%IYBMaOA!D*TP7f!2W>ga0eWNIR6XYAzZ;9_ZSCv5+}%-6I=tc)y7EKF>)tfm}H zv@B*uhP0fFOlGvKEXF2=%$%$YoE(P#KfqS?e*(5L&t&)P{~M?M-)|O2ra@7pZ8rDc zPSuWmewDKCvhFH+f3|a1AW-1Q9cQ#e5O;iE&ee@O8i%FpfBhE(fUSw)(7BC?;JKZd zk=4PC(7DB#jnS#m)rnoy0ArI=q4AlqUwh;I{-Bd87|7Y@H67}yzXuQnqIJjIW=v;M zFCPQ#6wUb?s^!`23WAyJB`OZ5w26zxMAsApAc$>7^IKw_E(qZ)Ax^<;@+M2o6Yj(?qO#X$7A{r(@NUMq^pt=$Cot;I8D`Yv7p{fXGkEW+97EPt@PeOU zaHu>$JvA?#DPvBJFTa!sY$Q8fEfYxICw=xiPh@pYeA78eUa<~+t2Xcpn>Jxyxc&PF zY3GBm<(#JzBgI^MzIvb7d9Nk6T)_8#z(94j#jj$Wg^htL$7QtKbw$rlhCpvPwpFPO0pQOXG2`2~kecF3FalJJvv({CvY_|LWK ztEkre`zXZmS!OWnPJD~muW5S1Rcx|qKkhFeptL;<p`XP=iey4<>7_o-ZkLrV1 zjM4*4Px|mmhVHv}+;F2%44PaB`?yh5nAhjvJ!^5_845k{^E7+CRB@$dA*lji&HR^6 zz(^3W5Rl4`g@}>q2CpB9ANT&#Ki6WoP(#(kSRl9^7Xb0^p=A`F#)aUu4}C6Jpm`Bn zmU1mlOUdqQ>p$vd8Q%4L>#`6$Y`YcDA$V0X7M_iDJAhIfsT{@_WN&nqD`%V`!Y}QD zV}YcFo@Ps=fjmxM(eqm8;cye8V=31W3S2LWlCpgQ6tG*Ov7-4ZY=+Qh;S*lFKSnNs zbN6&)K$;=OTF|zd23I&MyD&DWkY&O^qyyHJpzC*dp#!qoJ%Zy7cjL7%xggM4I zyiGr-rFS^{`ha`N_n%$8z_^nh6pf)K=g49o#SuFUy>l=NQoEe%%xCMup1(_OiCx~B zmp{e8N})SQE?#Rx0y?cP))D)C(B0n^Bw+sNWD3)*A7s6rrtjS0JL=lmM8VGKyB9ld zPJt}EE7Rj>$P2I;DmaOUkC5-sC&2~MEg~NFtx$o2)~NqcP5>YA@Cd@3K|hlRVb}KK z(e5DUck?Hgyep_@huywnuORkvre_MzEUw#pW~eTsa}0$n%_sej zol&%^EAw4rzazMJRA~26q$43448{~RZ03@7ZtETvC4>1T`tUE05SUcoV=IZrphHc# zA!(hWsIF(%j|H_TDQ86+3a78K=dH+dHc!$8y7vS&h)c81#YnMPuko6fY=tS&H|Z`e z+qKpv)68-kFq>8zT@ELq69po&jxF9%xV+zPY2KM6meUrfPUMo#@ZCJW9c3-igf}^X zC3wW68M}5(&a56EA|O<$eLXw8yLKF3rL7E;`#uejJHZ;iAQ6b}DV7 zIx@C}4stw0@L?1+_ctTC<&MekwwM(9&x~m+CZVtyc{meV3)$w;5AJ5NI_hZKawVWP zNWkqcFH$Fs3{U^g=ILJTQF7C@?&i>aiDP>Mim5R91@O9-`tsG*qapM2@>wnvu(`jP z0YCBa3-}CuCX{6A#K-uK8kdX_!Lc_b$-+=hvhX6K+dyJLNd_8AJ$9Bx>qSV8&nXbN z!Z2_BaE6U`mGXajgui`4WI{Y5ZbhYdS7fA{A(Q0I{&m!WAWgBWV21jYqs>2H#{hO^`Yv#ts zq#n;?sSALTA$*}pw-atX5Ewo!Jqmdzw;M93&>h}=S8j9>qlHF^>hHs(~1j`h{zGgyF+z5uH^c>YWiC-j+l*UY90-kOpc z%0;x$b8=Kg}{HpdLS@_ak^!Z>t^&^p{i%7G1Mfl;W-|KO2t2x9pe(XpINvv z{3}|DA2@`kAs)VhUlF16@{8VPhju(All!j=*hN~-NB)g*p>|d%W`a5||@c!Yj;#IomH}_`B-vr?~r&$~E{6@DyHiO&e0?E`1$zjCM-?nJ!mnKs!;> zq50Y-UkIxd7{pZN83L@LM*{I2b!`PMpz2$YYWj|b}~&ub&MIEFGY`ST##g z?cAHeR#?#HtYJAFLL<$u8e5NjKZ3!n9=E_~zsa`Lz`GS~2XxaT=0i&X%ZY>n zIq)6nsqpqIIiw@Ios+gqzn2OjmCK{~6bVdd%l#lJg~4lfJuf-+tYO9X>HUlpaR2@a zEUXW9_t!{2M>k8+u6InfMqknQ&1D$@i8aSvSD}{6f|q(_@9I07F4^<7Am@qHyT;Ct zq#KE@x@EQ@z0ma-d@CbDk)!h{a-u?M7go6$aegORqf2D%kar%}i8MyDveHE*JLfmV zoYZxPDrbcPS@2;bah0F<#)hDHE%9zmkTpVLs)2x^$}ag5r-(cO$DWfEXhPxVYg8M0 z6&REE9BV{cPKO6UzM(kb&CS%f$fW_)VPSXXUMNY3Hn2;Q_z6We3glDLXIJBojn`i_ zj6K^5HzttkNdB>z$#S6P!^uwiZHT}r#Z4}W#b#5&N4)IOC}U2BZMMl(8|W8K*TJn> z^C;%&V*v-AP;zJ~VPRkdS`V?DC972GnE>%n!9CNXm`mURg5aee^oQRo2=+?}z`vMw zd6xM1Whc|#&eEuhElkaEVE6cT8|h)Ai1WsW!TQ4t_=}IfAF-7U2$4o;HY~tB6a~;g z;H@#jLx2}1X8pl!*~5=8>`>|v(Vhiqy|y9SAZ(~@L-=3$Ku#a$L{TOI+Nuq@2%{`K zg=Rvzv9!h2J*`)N!upa?%${M>DPEcts8puoja4SBpXdaXIH z@XqFbh|y54aY{O7j~+q{ImaqcUb0dbq^{C>^+c5-VLY3QAFTvlL10a}D1oLMhKd&J zaSb)wt8O?T+{~RBt?1RfOIRss9}(CSoMv67E~c-`z2}9U=2B<=@Qw`S#y=U}FBy1; z_lV&mWZ`}9OXqW^ni}?&ZU|(9?wZ#%$8n9zt+qHaWa_J1rCFN2Wh^Wm)jWMkst$O} zG^HgH{VZzN3XLn{^^6M`+`yHapYLTimE0geg9u(9?)DdAxvfh@(FNpmCuyQSTSijn zQdO*x`Z#m9V9HL~whq&@4vdOjJbuLnb193O%k!HKQ<>=S1fzK1Dvw`T0X^TfT;P}3 z16}}kHERm%G3y5uYI41Y&3W;r@9@Fk&m=+sGk5GxGHO3!d)V7^3VM-qT|l@SJGZ)R zQ!PzsbgMJsb)9gqPRWC@5g&8z;j|KbCjeXBeAoIpnUbaQ{SH}e1nrq-WugWdRCUnq z4|~HdD|P-fl`dQrU(cXcn;XhVZ zF`Nn-aU|UAVc2glwBiA1Ld=8H0X`G8gLCXs;lV#KTm03A@lR~V-K(b|ni(}$tbbA`Fe*&@Y0fKquNv@*$kwmbLg(E~{m(CS zhB`AlO%x4*-C-$veC~m|ehJ=ls}+*L@x%9^f8}n#4Rld( zqKK0hm{Y9ZA)%ta>EEqe=F9u0UlHC(yTP3J$Zv&ZfmdF_VG|{8uX}%-4!|GZ)=bB< z-KFK;^??93?7L~65<4Pnt~|hx9Zo3Wwcq6hF1h>9PscCPie&r)&7lAG%?!lj&U)Z8k)|Cv^=p;zTD7`A(fb( zD6RO-uMx5FUuM7$eEfvE)EQ3i?6+QX z^&#IGo2ZjrEXaevrg_UX$6Z=?>>svxG-zDplpcN!o$u0D%mVL`5!2^mT~)90u1j1S zP0o|5UiK~nKfPwD$ml(V`Z2)h!cKw12W@Gaifc*qksRXjVfvtFm%)8T-HLM?H?k0U zUa|)IHDM|pYO|)hYa&2bMV847ttgj}NJdGGEmhj?V24&f)2hf}m3K?$e2-x}>HDLXz(DbT&nn~?BR(X=or4nrco;#x)$^M{(-?+ASAYi}ieXtJ zx=#MC5udsVZWZV3e#6I7W3avko6624lR2)vp;e@6)qw*Q>bghmSG#fLo%Xpr0dAji z2q2$^F}{fwBj9N9ux9k6Xgl)TwrIldO@w8<2U4zQvy&Xs3YFrh4t9e|6Vt*D@|0eI zQ^sWMiN*ll^$6YmOA3iR+FTYuf0C*Aoe^&9ozFge>qsNTvMId7a1qEl*1}tYMk@sz zF+KA`+JI49Mqzx0`MOY!?R~qE2uG-Y=0KPHd<9(P(A#p0xwWBVW+|S+8ZFxxaFPMN zxp6v?P{1S zpc)z}o|Lypn5g&~BCBQg$g?al8Ly&z@jWbz?#wVka;5ytX$)x4bo-X|6_g^3^5*h3 zPPV~AcuWO>F}522XaoZvzD{I_=WY8vzzDw>MQ9>=c9Rd%W~ATjo0l^L%;NAIMvcj; zW5D~dZZ^{VYGC)wcnGi#H2}~l5FBe`A2w;#oV`Gv1E#=xS0@c|%{W~rx#Tc@wj(`F zR{>!0mad+FRbxJ8y$Y|JZW?8G&i9Hw(^SkvG@p_Y%_~JJ*S3S*K;#-jg@@r>F`Gs{IL@-3Y!p7sfj<9>MW+@kf3XC< z%`y_Jnnj)W#%K^BreRBQnM1xb4cs`nZBi|6ffnW)w{IPlt8JR>aQBjfZ`#@suPs9v zfetYvt_7NM>wQ7|*p1iSiW?oDo? ziYOA06$t#~%pEfiyUbIeO2CAZ5=SkmZQUHbE5X`^@a_e`qS}q&*fI7m zRMJ}^^&6{ZGrBDj=#a#Fs6+if<2I%FP6W60sqNA7Zcy-Du_y#_YjS17#!Tw^`x|5R0e3e1kClsR zHp)@~)*i(qD*j+Y^*Bo9yX$SXIJ&7US(qi*=Hs3=N`e}qMnN|y2%{Vgoh<--cdb0J zI(g&|S8Ql?j+}?4ZI@6Xu6%AmnEAa*=Z&{kInQd#%7(NXK@u@q!ng1>v>ICY?eq_Y!r zisq?f3O#A!Miba%3;QdqA;A6O9K~MA>H8RMgu>bbJOg{1>am+9O%9r|Yq~ZfljP>{ zRgZPr?jfWe=1;^cxPZ3Qrn>9h{IHEdm-&wcKsKV5J_(S&|K zT0T>(KY1c|5+=?a+1hA3Qx3(AgZ`Y-7o=kJ1~mFWLCMdFz68tdQsfmh5p7k{Mkrbn z{(UF)Fq2@++2VqvXLKeH{4odr^#|IXzASp-%GqFvlRF~MuERRt1zASPHox2`!_g=R zl&J)D&I8vXfmv2*D~}1L#U1)UnWkUsSG0L%*se+^7u8kX)WyiS_20?yy?+#r1M% zN2n4oV?Vn1^RB;LquTJ|M}H@VjK5fk`=6&j!qVWIesi}ud_$rUD^*C&(O1Jc7JlHR zc}2vE{H5VEB2&-*+%`Q_Tev=t68hYJl-@Cr36-MEySv06*AZ^vQv2`a( zxFe=`ZfrKVnBT_VW_VBhRtyktFnw&>2BG@11Yzc>vTVS{FZ(h1&jSOi$Uhk@toit_ zKy9Kk^xcMsXRLlYan}8_krkLzv*TdA7o3)Ly@~5*mb>JnapZABmxLPwZ(q14qRTE| zD()fh*0nLDY9 z{FIC{%Pz9s1uq)(whi~lBHe$hLG=2Pn#iie$+HE)0@Nr^W=}2cw4)*7AQ>%vUt64* zfDHbQj7M`-6Gaev2Uu-}(i%x*eb<}bv-n8EH(G;&8ld4<+w$XLS(`jM<;ngb9^97# z)Vn|UzAuVoEpQC8!+saEyc@j?02d`lo)d`n7h5RU~qhSe_JfMrAHHQpE6rwVofG zPl2+rSOMG=3zk^aUnW%DKxqH?yl7{4u$`GCRdT~Pf7mlIBZJIGVd9v(#fbggatr#j zuicM1R)K9VLP9zBD*aqwPk{6x-8?<*^aDBSOoDBJFO!>Y-Kb<`ww$GX9N8LerX7IN zW@W=bq#9e~85*?QD8<1lsmXA_R<` zH9-Mi^k&NioJ2Mbx;)ky&dRLqV28bSvTj@Q%(#Jv1h$W`j({A<)4M}UpCyv_md@f(&)ROgt}6)+lXsEc}^(a;|L@h-IMG-b+h{|4QAF&k>s1vis=up{Oe%TPZ>qi z6l(El*$Ka&v_^>vpAYpiD#V!)E&Diwf~>^7^}))#wAOUBgDR02HqCWjZoT?{qKIF9 zzWs4QVgjH$iXPJAVcxV%qd|e=Z4V42gtBHkd6g|6i{!+_!+wP>?KS>_UU|LUB$w2D zU}R8fQnz4d^nN^Uk`{55`Vc+#jY@N+*KLzPKj5ii?og_A7?2>oN>f{ofkX|FV<&z+;%(h%ut* z2gY%bg4?BSmG7{uka|dNWCtP}(j%P66O+`ZroLc;83etx4BecJd7@63V$a+yQJSU$jez5#hEu@3sjpc?`FknQ*2wiB2lh_XGT;<`5$%;)WR(5<>Y0?$4ls(Mb#a zEg6d#kX{wpI?yT_Re*YA*`{)}bKx<>xw z2~mHHCnfU(oNm=$Oh!wz=2dpG<7ZBk&$;YjD#4>@bH$b`k|pQ>iZ~%C9liP}0j8OX zsCNx)%ha1-rYPh$oWkFK0R}5zL`cYsZX_EqZ3TFIMp#ohV?b)17}@pU@MSqw?iRn1 zWl6KeM2%DsV@)r+r%~4(B}8b8XXmTj&d8XTB|6!yCs_i6loea4Vzcj?s6HK->@5<5 zn<+p9O?QSNjp*#Ve|OIp9nll!dFg6aRL}u~9ml*}SC@-#9{5V@xmvivjRBq53!tZt zlAjhX+1F)3eEXFR$FYaH`R-%_XDUWkZ%6(Yi~md!4?tJ1r!(vggn$W=wD~ zEa4$mN?#)tT=v3YnPJm+m6OjZv4FrMPCWw0=~Gv0lnD+BXdMAlv`2Ng0`#V#sGs3~ z2SLUeHc2@TUv0&*lj{rFUXz$b2fgE0Fqugy`v2VxwN@b2_nioSfX%Nb$5$f5IsCVl zn))|)HFZI2$hH(zmmPPp^&fDq&pK$OSQK_$`pAWMchp9ae|sf@(f8$?)d73KCESBRt?jDW%Ho0P0Zch zoqTfW6b+;jF2wR1(j}>Ydbys&ORJD+HOUi<|5Dmjyzb>>&7-2yxsFe%igN|@D=A-# zahL!%eGlQ(X5mBpoQSZWaGdm)?*J;(uanw-?xLLmJJePv;&@6u)C{Z!Mn2T1@@dTqpeKFimAu+gJ^%#LnLhmD@7y_bk;4_8+g6_ms{9?FnzPZ~Wf zBBO(Wxw!UN(Db+yFF6#Y2SvAqnD^Mrh|?#_vQ8{Yx1^99OHXLt)*uFWyJMx78)2?+ z%b+o1z>Tj=@eIYT$qgxOfuKtL=~)9G43T!f!Qrm5tRiZ3(SH~<3VX3=AV$&5-;!UM;Pn?m?+sL4If#7%&2e<} z7s=J@pSHUzn_N;zv{skr8k=Y`m7vs8@yNOTjwU~s>~{`OI%q@0?t3@(c?i_1?MP)Z z*Myfoo6N_^5n7cJ+E88}+EM$k{F$aSRk+REJT!*7~85{Kn*{*(({f1n*< zF*udH{q^({{EdS@4oXFzUNLz(l;?Xz*B>Qss(Eq- zUA*3FLAZHu#CP5HGUfWQ<}CE3gmw)kzGg(7ZV zaq2aXDSjcx?PmfLt|y*X$|=fZmQdZYFSbyCgdnk)cVJP)ZAY0=DH3~EwJRRfua#>y zEhwhRlyPCtG^@J3c}x&Ny(cV@W2*lkqjy|Apb`HCaYQ=NvyR85$oq!%0rcve+VU+kG(x~|$pI>m*ou0$N8Ddi2-^lf7rBI3 zb;uQi1TksLn{-2nJ$I-$N11149pVUAOugp5?Go3S(*Rh67c22&i{BkU%Wzs4Q`1}yflOmvtq$a{UXqLrswSc5`B;9GYj4hvV=1%QQXK8J|I`z=Y z{6nW3RxQ`n{|Ja+c`*@&FCl>L@A;S~W-cVrA8;XK+|D<87q8mkU4aZlMe5ySV3PE3 zZu{7p$`3kxsRVZszt-=`^!@tmAy7q5!{mhliT$vPuO@%w0ZLFo?azL1u2xg+}NF{dew=Z5^M0f93MLDinM#QwEsnZs|8D$J`{; zB#>`6Qb|mKSkaRs-KTu1ce!wOZd4m8Mv}PHljomL^uF7E*?NSwaSM|vs=8s=p1vG~wFH|qv)*Z6p$K}pzeXTP< zsYd0QwkKu6WtaN~-=^ndooBd=_E{>-4J9d)WaX-jg~aIfiOQcUa&zuA>=)sGCfr1c z%Bp!T-!VlGmOcbz7ARQO5;#YNcOT^iS+mH8)1T^<7 zyHv_jVIQzU{PCGi$R1!vb4YGm&c(rQnG!VN*5d$8zkZumE5>y6UgL2NSVSl(T_Xk}1Wqu|F{MV>4Di)A&E0`mssq~fn5RCd) zIat3w;e@$)NntWPWbq#5SWQT&ZQV}potxWxt3l5)z@jgOq)dVYtfPL|65 z);HRJ!m?`SNsW2Guq@aA%RNia!2F-E?EkoDnK?LE3=9~JXgC46?4qA2|BRqxD#~f4%2>|-n6hFAW7=!?Dn3@lJ;OA8Gb1V(u51<}u zJKZQ7YTMW&9iwxZon?U|ot;IKtpjtV4Nwa!lWmc%zV@r^{rsUtPeS3-1-AEyTrW*G z0toD{%eLIML96SqzE2C?CRqpM=noGw{(Xoib8jky36sS4|Jeitc)j`dGr-2SH30xD z3~u8d&8_oV0i4ouJ`N=QdkY_m9ae9|>ZY`A-wqnJ z5BoNTb{sHlp0tb;TDp5>-BQe?*zeL>RHh_=o@<(l9Sjh)JILBabnu6l3AA)L8NP5C zx>);5C0hR&at~ZLAo-x)^?ondZj}F2nAe^mV+RxliB|x2Kp>A_->OIK}SAXy|90 zdu8g9OM|;*s;uflg9N@VChulupvh+uV-G@)3d@EZ4$|(te^K^dz^7A0Dh*fEDkr{( z(w&k6!<=Vh;KBPFibFBN;O!X%!xdl?Dn29s?gNG;OjWM-yV;i6mikyg5-?&HOMNKr8%j5lM z#II|tL~S9|CbB2K9UL^ioE^W_Tf9ZT`Masv`{B@RNw~MhE~na+=v~ z&$683bemS!n+KXXCv;p=Z>PdJJ3F604Ob;>s=LTT-M&y;#=NfPioDT_rd^&e4X$

R-gDC0d zzZqZGKN4z8*j5pf$kdYrNwO*z1}qh{ygWhP$pHE}33(X8CJntTHce`nmnVsj6X%k+ zEd*oMg0xE6Rd6Tl4)>Sl%*PQ@O_5beyZS%wY1+86TWrIpnEWewua>7sQxCumaKs#9 z;5CHGDas_+;T1L!tYBakp~pG2d2qva&Fx7qWM|XX52gr220a5gq4cB_#bf^_xpP zctcWP7eG%@k~hYzX(o8l%pNFcG^M7O1gp|s!0O}-&XkI(Uxvzcw?!P>H891Z-PG|+ zu#XV3GXq2W#3<9)inOvS129#+jhW@bS57>NXG_KY?FDH{Cy9vhj;ZRIoOq32j%5Z! zN*$fOwWhPmSJ=cdt1u?%yQHx1(?Xo7S>U@@Z$;?lUFLek{y6-hS%NTR>v#GMw{`g( zx*pH-vaNO>h<6JI&~!eSaVk7FjB3;d(>7%>Dpg9lX}^A_PGDxB=h%V z9ds%Wd%1Y5T(A<3tTp|Q<|xW1PfCny-gU~_j6t`vJbpa}jPS<_$SohQKb>u03bLSg zA;%=T4oZTdWUchP+-H_)vWjV+tEPGHX^8%V#wlE1#x3{djh$s=$DPEU7MPX>4wOxp z?*+3Me*|25hXUh+(LlI+x``b)-tr(EzADR` z6pe#544TP}R8o(Ng^|>cmJ{)#@ZWowPF?n0erBtl4$_8v2Gm85L;O_7M0+evE^WX! zHd&G>U>5DpRZx<5D8Hd?Y-WXwp+BRmC6nVb^f#>9lWq1)ahK;b{zq^g3N8y4%0P3b zkFnvs1a{>Oz?DKCqTzos5yg+7WeU%jMW%a{vo2@TL$uZtc#LIz5s@F^2q`TAOU43w zmD+z22>>PSOU09sBY>7z3;f}bD~>HSl#{mW5tTG-#-*f6Qyg24D5m?BA2gdm*(G? zftB`<@_*j}3P#Em_zC%nTK6}<3fmr;sMIkV-I;kjdy+Y28_euM&+xpON3)k|HFvIe9L?77#jGWR?1#So=DX9tZCcI_{BJ#-hAfs3o9p^jU~-_N0-L z`GM8erBj~dq=-D~&}u~;25X-IlNklH?4kJ*=)A=YtZcJ?))k?PxiDUPYOmWl0&L_W z1dH>~CIWs1J9f}4lYzT4C8cg#WFO+w7|dM)zm$cfYqA`;W}ENUP+>7v6dJ&PdTTR-1Bsz>JTx$ zuA8S+3Yk1a6J3g28UlfUeSpd16uz;c{?QR@yaVC>Js2IltLWzl=NlEvr0 zOr3Q&iYfZua*H|~PMO9&>-)_D_-hWGmFv50n}>5b{gMYXI$Q9F-1)?G=}{Rww&I7DL_X0}jfT!rCzX*vbhiLSh6jY#P zc3k{1|1-}4=nJGs_b0-nrws4Mcy$4fpmR5H-DDp^!5HnO<^ zu}|9tq&U~lRbt%=WwZ-Bb&c{A(owiLDchWyg*N~jP{TEubT3{9|J?1z5@PWL5W6|> zc%U+5igjgSZ5}?(3gN4%9(ia4rCGix)9LyjaCl_rhJEhrvIUW4fDi51gbEYbBS5nU}M`iJCyusdF>Wk zisI@$f@f6A@HEz!zLI)TRIi+eO-~7X>)2MO9ak!1yPu~48 zj4v>B=?UGMgS>$nuB*yx;D`qdQy_G@0y0+FMUK7rK<=!p?18yqNK$Mip|WXiKi-&` zoA#DtRfdJeJ>LoIZ^tdUs=4utN03f^hfpVe2rBh^9Ezv#CK4* zw08Bh1w-tn<<+)oB8ET`ya*`A1W+Tiz@>9Bmn`BKn9Y6Z#7^;N`m6VjJgO0e4NKZ2 z?J_E^mjmt!-3-1;O#p7ChM{u(0%HR%YXOu36C@ZP+n_ft!%Aoi$~;jHG!P;_yw?Jf zMsNMkWzwv=E0pz%(8HV@#8vZ}xx_LCUf(cY;$1}Z~ zf|qK3ze@`0Wzu*a_|J$N5`%2Lx1G^o0`7JGYOtoS6PF!mt#Ph(&|5G<%5^9!B=tjn zDbD?6zU`9aU0=VRuk`PxHaggamK}rr$jD^|?!M~l5-;t4a}o!izxbyIV{H8J9*KF$0gPfKS821(+ezl?6=v>Z4v=vop$H^5iCCP1lzFN!p6Bbj@44SV z-*JC#Gu}OltCEYrPdqtm(3egJmMxX!ZNEHQUa=(l&1LvIz3aE@Qp16;K2X80-2Umo z!AZZ=L!We(_#AmA5T6;Nq^-Fk?mF2HdnOvagJ8AdcAUH2*vhsScUDV+ooPU;48vHc2V1WLz&sH8%TNkx7RR_A}XCI zaQPx*OtZ-K8+*q~(e3OyEcy1X23(XmlnZNdCS`75ge(u z^g~}y_!dAz==**D8vE%^0kB6^5=^5++BDHHo8sXw zjcd76!T;8_iL8O}o7TRMhX-$ZB2zx(tjAnGH;?x?=ao}a`Gq2*sXMZ zM>%eO{-Dy^-_SBdZrtOO%e$8&n!uMz<^B$AkSEkI8U0KDO^t@)LKOj(?0l_{<`W9J zIDa1eus#p~D;!z`hn;;T5^GlVIQtC|f01{NVPJ4v!>H>9c{f^~*n`j$P-UQthoH}6 z-S|AUw$OlkOP|{cuRqo1Grl6ZW|~YLu2U9m?NuczaJ3IQ()Sqzj)pLV*WS%vlsK+@ zA}?Zi#}dKjDy?S4Fn>J-ba`}Rp%KI{X(%b~HI>{NbomqVnv1i%q@ap@FF`e^3#9dn zjK2GsXVN3IrsexP%ESI#;FuC@vhB%o8LI}LFNcW&8|&JnT$}P)Gf9Q7Dq$B0X*-Rb z3vq#qDvbxK8d>ETMThD1t6K*bz`cjl5g#y|P$-$hAKtvy)gO{J!8WwI)!>22F=2BC z!!5x_Pl6<$%PRbXeB9Tk8$+{~DmR;${ukuEB%^`>wBHtgu$bOU_F_gqn~tr4Rhv1= z4TDlB6*KoQr2*G0>^CV$7@{c5%!K){ z>=3d6w{C3-&*8ZTCd5HuN!8GnCG;45 zW+VVdE5DO->8mP1ud^C*hMN>t`K++@51yDlBB1jxG}MIDq&Sb}9~5Xw2NY_NJuPQM z@A=F@4()AkEXMF-f^hY4u`br2C<`ci{jq{>uO+7OLrClRDDpJz-N{qA{%_+BGxw*e z7SA{H9pR7SPPhZH!3B%<02JOu3;4^rLbVhmP>niSa_vbrdCpu2yY4zKoIJd5u2>Yc2ti6oH)T#G%xN% z{+oJ-mQapX`cM&tea*Bn=j*WXhOq7@8f%sC+5%m(@}=iCHxI*YY>3M?Lml72{?!soKS?z{VehH|6+!% zqlvs3bG4afWy|WKBW4PUvg)BS&%IYof z4II_z;!67y><<-26OG*~-j29)NB<*>%wLa&7GIiFnGwHtG8xcD$AL zQsn}Pz(lTP_<>&nNFX?*7ioa*z}jVF;R%)(EXv=^i#>(=IC!l7D_;MDLY~;dZTlA<`uGm3oUrGRr3IADlJt|ndQ!|B{Q0`@U2!ZT zZGBWcUWfg!T!G?dOB~emfs+1!ni{;t=19AYeVgTRlQJPrL(l=C2V~E+fZ-M7mn>;& z9-ptRq34nr;?6dJTKw_F#W2@dlawd3-NPB~BXHe7r0=zfrEZ&ff}U^|Ug?>WoqRRs zuKsLW6KT>T*QZ*OrF5qT#8D|nO1gi(fE&v`?)VnCD>AztwzWgFzOwU{4wD^D6Trh$ zz>N9F4)o)hRC(w?z-hr8>Q1H0Cg6x2D(u$kqlGwq>q|UXRms=ae=T$^Zq>|E|x)FY?NOc_H4W#HLgnGLh6dp>a& zq0`{@iUX5cFuXVKNKB#KDKYOY0!A(Y`-aU-+wwW}Q8$>H(^>rs0~ljg_4u{mlY7;^ehZt4;dRtC7h8+ zG9yBPAhd-2wD0l<%ShxB*Zexuea3sc{6qnZ#nwj5ji%rQ*wUJfh7C=u&K&M7t(9h; zP`Ukc=U^NUy*xY)Y*m?Skq{fy#3F%>su!@M*+0Fq0?dT<6-0T&eC)APQKejPvW3ix z;I&jKb>xP^CIBNkJcvlFK{)90uGqgpkVK;r4O<97Sc$|y!$S+l^bv#!IzP5VlCiOOwSlvpUbNc;aWuih>y>a9#%hBgqo)SOq+%?H zKFIOc@WdxIVIYDrXFK9J&3dKskM(&;P*wVbCB>afxaS&8%C5I`DC97l>{E#uomwl8 z<5x7ZFAkOZgqE>$vRV}0G%wOi_nU%5k1PH**t^r&h9^15qJqG)NsVGGE6e>eagJ%o z|AOsxX`f>?timsOpOsI%(2ga(-~wfFiLmXl+@}!!7W)A~#iib#m^Ra5x9t z8bjnxDqoGvj&qr?-)IT@kUQPL8G)>JTV8+7%6MQh=OH5K23S4H(B)TFRLuCU&P+q`ttvF_v1z8b1NcHEU(Oa;8_>0MK zZ*EFW@3||bby%=NOlA{sM+7!BP}i>ssYdE-%OXLEzZ`K&zaN4zR9 zNtOMbIN2l6gk@>pk47pGSf7VofC@4stsf2*B~&H(N&>NnP&Eh|OJoVQ{Wb-p2|6CZ zCMlwK=U3$LNbN2`K9#W`kzT|gXQz}aCf~(dRAlJKK!Cs~9Sy8sNhAM_H1+0yj=@lI zt$-hWE<*7r`NO{%-E*h_L%x)i&$~Af2{!alclWB0|+CS>!nw? zFeMxp&cjP5cXN_gc04Ep>7|Rj+=1VMfS{HLh$COP8L_Ug^=|d+3C63n$_W~#@fw~F zwxUvZn{I0I*IXFy$%7}CV0+C_F%r=!D9G(rassf+Tc5a*2hyOj$xjZPv^ai#)^3Yv z&7kGvrYv!PYJ{;UK92GZ!ZBT4O zS>Q5ALCgl8$uwQSxHa)wDuXMh#D})#TX&Rh8p=E?ABaLdbuARlI@*J#l={h^rIs~T zf^0`Yu!WxOHgL$?qK#w;4I8j;avO_`I`$Bziu%VS8Ada)9)Bu3+3nuKK?Sm?TziTGmKQeh zb$Zq?cVEkd1_rU@J&3BAqRf6Tq;Jd%3TzSy;ewv8AI! z+oqI-InrGpWJ4ax0~J1`7?CZ($mzH)*y6ey*D8_QNXo^fhpMeI3W>axIN^SV=RW_Q zp_+>b;Pmzk!}MPGI-}<_|K62`F3Dnzkr6~ZIGwy}74TBcF1NAE8MYgM$B|2M3Z>P; zk&P=}s1DKzh*2<8#1lmUGgNxa1msh7llZi>^UR@8rBbT@@cJPGGn}%#>rgG{$dr$DN zmg62DCpcJqWYqckUVKPsLqlg$LV(-=zR*HkzY#HxvWq)EAR}5=N5qg41#v$U9%?&o z8Dz^P6eN4`yR02BCDK9XrFfXERKhJVBC{OocI-#Bi$n+y)iGYJ3Yt9U4`IOq0Snoz zkq>mvUqO6Hd%%zo<-m1=9OPW_`^$WkR&~N^v=u=(_f~~y!G)?v9h(ZE_1y2ESl2zH z$(Y+kb5gn3MT>*BCS462`2xlIX?dH8d`=u{5-UqhTTaW#9t2zsuF_AIXY_cm4P9)o zsfP?D<$0e)EW%{$8*CKvo$N7iGIGk;W@^}DK&_74l@ zoLv6#2<17XBB6Iwx9pxKzj|eflbeYh2fhxbMN7}xQ!{;Xo^=UsJSN0^Wz46@cl#a* zJ=nWACAtdf#fc{0+GbW;Gy7CA%(S@!1|_|)>YG0SX$}pYwky;by%)MkHv-c@%|Ea& z>!?_=2k&KrbVor33@)No6VN06HE~185fa?2`2_pB>H6&13ILP%9tOlGGl4y#%19I% zqSO2l`Cd_KB^gN1H8fxLTm$*~yDW0o`{9pb+9_&)E$~!QsP{j58HZbPZYk31*aL?$ zJ(3-G|-3(0GSo#i6|1j$Kr;B0PFHx`KQgGNs0B9(uM4|!r%oV#! zbS~KD+VX?AxEI#N+-aO)N}VeA+x@FXA()dsScJ`^aFaYvtzjpMiF-c7Q3MSx;M-|<1tAwSxQE@VU8>J*n8?TKr)hgsdsO0#@jklio6pvMk7&Ej%k) z8lLu9M{5_tl%FRM5>v)7;cwi#tq~F@>Av>p(8T%OME3CTAe%sk@+wY)H1CVOZzge1En^s9sjR0D zY@edu6c`*3Vj1xBvt?iX*@ebBwoKr;AByYroMFlqqy&UwN;~o zO^lZ~6Gk$Zj8Wnb{^?+oYRZfg98Q!oknjvY60R$bM~>0iy4rsiC&}OjL2jX_vX5(m zcj9xY%ztaJ=P30}(tr$CP=zogN8%JSw{pA#zfM2J2QW89AOcGkyzI&%k2@N-uN8I3btd4(-{q#RAT|W6TUW1w^58`4EiA7+{T|sDN*32gL>GN8I(#sJ;yGoQOR|JG z6q=oa(TZg5ah2TU%ccBxo`Zg#yD#YUWw0B6|Ge&KzXjyq&EIG0_&3UzARv7>60U#6 zM)P_(B5MDlGy{ZMraI{u{SiM{kR9iVo4AReg=~?Xd)Uhry6qvd%Ypu#BPoBf1pG!X z4(9AdMNH^TJ+Zc(@O0-G^WsrYy4M7Ks?VsY7n1Q64_+W3`2vas_aYWO)W6Ar@T*py z`VlhsDX#CFK)&m(n;4$UN=68=??bw(A--UyOEt(V%pat^M8}WK1N{D0)z=GX(OG8@hm6fVbr z1wO~8kWOo7*ec4rhZ|aIr4NeMyJGURY)Q9n1brikc2Y?`D#diQkZYaydyQ_9I5_?d zZm1L|GK9)@+KBKCjk*Dy(pzX}(#?trA~}FR%vVCyW5p5QF3ldKOX-9+x%=!pjQ6|6 zNCF?li|xBS7tIqaw8>e2H^*y{CXEz`&w1Y-uJh&@B!LDJ@5R*>9(2eZ%4RC1+9?*I zX^QUA3&=|&-c3iq^+J`~oQrRua1vjfy8(4sn_Hz)-_xAPlum9k z?Z8Dr!OPc8bVLd8Qa^6D|K*8TFyKihfWS7t{Y}>{A7b^}X!MXWo}T6dGg~50_7ft3 zrr)4N2`r+xs#-!bO6xg_)$qcpS}9l|Um}TESR-%=pA0+4q_i>kTYSY?9%7JVqr|9r zQR8cG(pcp#MRB(RGS9~wFATQr3*p1v9aAKE`{b! z2>!8EEAarBUy};^cbP{J?7;{H%CUKom6qDMHKhYKV`wX~;X&=CUi~y@Ip%{unVjs{ z8}!tnchAwt`d!k}IZhn-#F!VvRzwRKE~C3pdr;qG3Zl{E1JBeW{%bIdqDF*sYPi_c zn9W7FP7yS)irs-DGqzAHSTGQrS(?O$4saj|VaQpwJ^Jc8-@e^B#;qa#`j+8e=g)24 zIRHH3O4!Blws!yLop~JxBm;n?YP1n|L)c2KqR@exkU{?g>+%^&)QhS=rO0L7_$^01 zlQ`4mt5VXy``C6mGfhg&TNC>Pt`UqIfgi01 z+G(+yeER?_$(M6%>JXPxRC#QTCLftPhQg=MtgRDQw&`Vc8=ojfj z1xQ;Rn0APIQGB|-;u$mtN@HA+fh2~JvNiRS`9G1I8Vx#vO^g|A4DG2vO0fI)b$5qA z+IEiuuw2~ZtFM9YyAHBQKp5~`8;ICIBxyp+r|bU2(0Rp2izvfnk5=k|YZcT@`4I#m zI3(z7?QS&x{@T64j~#h@!6=t+zNNAY)4r#$vA7oO8bimB%BZB@Etszw=&sk7H*wjn zLYzO5rF5B@Zd42~3A6b6o0mLZgrj}EToragiPk}A3;2{BWwxLp=PH1bs>ZrTX13eS z!-^x_@Z5`!IBiU7aiBIIgzz(_@#4xfwwy8);3gkAO^gFwC@jNZnXpCx01vvKSz}U5 zD~Y(V>;7`2u_XLX8is5o2X`p|vs?agcGXtyMOst*u8|djp2S3UaDI{~1*c(|wH?a9 z$&Ql-i7QPVRp33N5L}VJ?BktzQfl6GeUN|hA%rOwY zJ+QMD5CP3}okvy5Jb?&x(a}gEeVU?(;>2IWws6>rV(_;^2Ha(w1((jp)(Er`ko&Kx zsFj+NZcGlA2hqd&^TV3c#LnMWo^^_jZ8An zc{62R9TyibDeTLR_x14~G0f?jf-0N@FlY;2%*K_(UzwJbWE`}UC%HX$E1=_iqVnGl z#nhTZG~n|F%oeCUQqhZPtQ+wB@+?Ne?6GrJAB4_?+}2+lGgyGdPO(Hh74Nxd^%)5X?;K%3@&)#^OIDxISv7)p*> zT5>A0{04HH1_%|{(~$7VR!+Cvi>1w0mkjtDZC9qfz7r2~sxuD>(LT#s_hWv=B0H-}Tg>a1 zVv*LI4=D(*XtvqM70K0`T%(+VE`f7@y$~abLTECCY61VUG4?jq z)?1-#c4>H<_h=ebXi?fhDK^0JAFS|^52%23qMoY-@(T2_5ZezIr#_(LiLo7+m)?a{ ziOvSE38K|~**CHEoTU);Fv~vDVaio2FRxhwp5m+-LAbGE+9^9zV|luiZ%3)w8fY0v z?mEVM-@FVKw1N5o{!d2s4DahZ?w64z`2R4n^#3iC{U1h_iN%1Gk{|n06Xe~6`7_C1y#$?;E zt@*sj%AU)qDDqWj9V$by13=Jk%-G3!&+8XShXH<;Fkl0NfPlaR+nioYpBSIYo|sx* z8r~dApXi?-TAy7Snx6m#8=0R=j|`4K+Zpxt1a@?fKQRB9G2fF|?*b;wQaaNXz#zg` z76;sN?u)ija#|)C#^po&kZl%%q_yt{0DRA7;^+VI`s$&GZQTARF$?_!QV;<}UGM+8 zlltlhD9SWeBvCN2xF9a~mmim+>fsRCj`gr%vl8NL&3BRVq8Y-sj=a@-9MMspZPf>hPT^0FLE+&Y^iDYRwErOi~e>08~1BxbF0;S$r_jBvKO$84Pa3Ezp1 z)MHv`IE;Jk;OSh)D0KaU%=>f5cBL zr2G4n7&k1LiG9?fM%%fLb*%z-Dz9+xI4cru+)xiiIb~r>?AYQ@snG%9p59Xy3$;^D zFiChXno`*&<@YN)48Z!sM0;&9R#NTElDiKH-BeNd`;6q%{TOg2we`Gu2eillGka>F zoka#}2~a%U$gX3n$P5-63m_0-I$T3YC~%Q)N7v<@!FlqdC{EDXyN+qL*V#5Tr}4w^;m#(+u)MrxYj!(1wOs;KSJ)USlFHIq z!Zk}l{0&Vu`+9Zxr-!#XPXS8N$HK>^7&!Wbv)3#zQF=}wO|riIU>HRSIqkMPelm{S zqy8rMm}dd2fVU-O=p_69kj_Ox@O*UH=Eoxl;cz zB~M%~o`>x?gzQK&UuzRpaT;=d66nhoDso_=>x z`cjN4s(uVs%}}rT5L-P)q#tP%zr~(|i*{4%C0cz@gw?pT0dAyrAqN>VWGuP8yqgdN z_CGNPp*GOUzL#kfvUkzV57%2_Pi&4wMDrLvV*?oUFZb!dW#N(PG57KKjqN?xGxi-c zBsf3aWh+1(1&*~BY3o)ajLrOVLR!t7p}0776Cst&^AYOlINZtKmg|HJ;Hhk73)DGl zyQdOwCGJrDBUT8b8LU3C2`Qfd4pAkE!Tq5V2p)!S@#WcX2+dkj)J|t~Zv(pGa)W`x zn!l2doz#dWJN~8pw^cvAXZ@6xIeZD5GE@i9F(tAHnDNShZ>@4RG-!8|%Atr64lzrX zq6gL5O5*z=rnErQoR7>$WJD!c7R)k78r%g7g~i2kU*qKkXK3Kib_}7^rm=-&p0+}^ z1?cSb`?;E|OBzG#5Fi}`@qQh+jSo|JiCQm5nc%ztF`)^FqjSVQXFyJWO_1x35`x+xM7Qm2>Oq|V%B~kK z2}5SgJXV7vA*b`$m)(%t?Oaa+1M9f?F-}rP4s30YLz-ercD?X`1~9a}vf_-#l11jd zy<3#mofg#b7gp*^qQs>yxJ^$K1VItG zS^u66<}YLl$i$xMqI>{r=53#_#0N|QAPyf`=3f`cUFCN(H4l}iL z74-|c(jyX55q4>Fa+Gc8nrU94g7RYy&QpdlCisY}TePrjfw>~I3lt6CZ8=V0m!(7~ z>a)E3(2&H(ntaN!f*9UH>lZTzvYN0;CM~`(@k?fUWhi zCeNI5pwqg0Q!!wFf@-v{=L=hRK5AYlp_myJT&}OG9M2HpW}fy^2BB{9BZ>Eb zv5G;cOW2j+6>2~bfW&_s4V86fl$MeQ&E?jal@Oy~H%tC|!UHKxYCbW?r$K^^y)AYWsUeokK z^KmmM76{C7p^57cHCfvuR8ZdUcaNrpl9UQ%LzL~_%)6jex)}EPMv3`@I7WrG-l-gP z!D!Um5prOZHXCGXxe?MLLrvSLvA_&R-6nh|=JzUX09D6E!H}?GHc4(LD(hIC3 z-F8);h&`3c4QS^Q3xa8XY3&r!C6#2WBx9NVv~__h@n|IJ7+J_hSDw)-m2AN;fRqF9 zTp3zStQyM4TiPk3Y83AM>0f3=%hhT(Zv}bxni5lW4FGDWt_dPl0x8!PvLaakg+|Bg$S9Ql-*hU{Lln0EoCJ=Cw1m)6myl zmsBgKUS|7@U5t{c59dc4q_h+I>{SDXV)sVnwr}P`0uxwJu`5tc!BJ)d(xLKGyuS2+ z__%GmXzax|awV;fo{TB2*#R%cTVu z!6C0&GO%2&NSd9Ud$*!$u6MO;=UIy_H@Tq|o3hDUuaYS}?|J~KG& zytC7kc_v^|Cc+ssR4FD+l<-?OQy4878;2Ricj9qxP>Hni(eu6W2E#1XOJccQVEpbc zZIQgvSy5A`;@Ws^R+EL1s9HQKR)2ZJ0gd_3r%Tvu`V(%?W*ppsTPkZ|{T8A7rwA9b zsQO?mlCwDG@e1mz!>B~Ca|aEWChp7IOMbG%d#|4Nrk;<>aix(_Asr{8W$RPW8U_dM zg<~`unxG}ITB3Khl5+((P>$NuLZ$Ba+-^%>CaQx+bB2jIyULk01rb3cqxP?XLz_DJo zx^3)_q9@udXrDRpbC|Dy)Lk0iMNZL!&X*t#$}9irHtO4J2l-fGA8g=yw6s$haugVx zmgE#uB?<-pQ7F{QcKl#Hw!y8x#Se)8`nmEb0*q>a&9o*TvH`b=SeVpd#37M zAv`zEN=6ba9$s$aigeP#nO%&l;ky-UnHZadQO)kMZ4XvYz?#o*rqI-jW+r6d6Z9Sd zbwa6daRn_V^{5h!M{?R66R!2n&N+6BZKjLL&qJfZ%OiuMPlHm>2kvCN`Xb4SK}dSd z522WDEEK#h`$fEUozb`X9-TSDP=u~PpYS}5UR69+9jmVJxrJI`kdoh}HAGF_icKt1 z-0~dpAY?uo4gkdL25*&Ye-1P*ZUg_Vw6aa&f2)29P=03V z$E!LpVd(n04>%8KueB&E8U%Q>_$U3DzT76ldQ^~Vai!|H*0f+SX3K|WH*&tH=+Fu1 z6WMR7hr&VnN+?SN7oD|TpBLQGcPZm=Z;8O{bF}vM>N**cR*384`dy~*iuqh+AiaL zZ)CZIw#7CTz+yTmcR-WS@EOgZwf6}zePrxU#o~ds{`6o+uHj{neS(~SBPV<8=}iY$ zEm|8VnfworHp}+;+83OBnpeJ|S{4~vFpeZx#*YQ#LK`eh1}KOBUfYV8qash(s^z~M zZteUOBe6>Os5}V0!Qoh*hOL2KcJt+spzas?gi_taU96Xvw9&|(#p=wm)av$3i?ZIT zlVVdC@@#oxJLws`I2x$@hymv{p3-xVsC#v?`zlz-S4_h5NxjXl@6eDa7c}0OSM8R?IwYq}>VDu$rY(TsWOYNx}qV<=_dL1`6 z*|Tnsa*q|2E}>@lz&u=2S7GrK^eIuL5)2I%3<66@fTE z>HfcS6=hx1??xj}&8RBe2dNV)E9$)*)c;Z$*pa)YQYG=@K|r^&oDHQWHF`I?$Ppcq z`f4ZE8=Rj1d4=Q}7L1wJD+SDFdIva&=o$pD_Ki)CTeVL?#pw#`9O~eh1lyBI08~!e zBL?$B69-H}NaeWzbHLUx49qvru;}sJ!K_}~4KjYchEE=dq~+>0P3SClHV5X5@poF| zW&eXq5yI=|jgFyY$!tA^9M43(XrcmqEq3>|+&ur-BDHbR1_eC}?5fV78OH-MQ2M8? zR*QK-@GQ@f;f)ue603F<<&8rlq7foFNGR%sHqz=rrT_&jW?vRhQgB^koEcvSoLabD zz9r#+l(}TDS{8}x24nODNq86GbUv3)894RACvTHZE)oZL#Y8GuS#{1m;P&4eI6Iv zcCiLyIV4|i^eJHz`luDa0%g|3y0<{9wmgqoV-}lzJ9^4q^P^z5jehOw4V4pY`2E2= zdYSI*39U2MkyEnI4O~6_zX&_W-cX<|f!4NrYrDO*ZQHhO+qP}n_N{H(wx`LWpEyR0Nr;mb3(msFDd$33Vh_R$ z-4_xx*Qm!gUgX(d$#gfcQ^}B*m7$~u;TPK2r2vJqQSQ9dTB@eL?l-SUvARn04UbPO$j%< zQJ5cgg&OX>8;sCEX5+n6_O#UD|%srHY#6s4oCWvzFCP>3gk+5Fm zF_>4@_?3P6GEqQuU~ZFTFiqDEqceS{jo+F}-LMi>hKrQ+@*aD7azuJr9Htg-v_*Yv z;4Ah@O6xuZg)?GlSqoi(3C6kJi=a23On{xa?ye#jp0Xm{iOPnSZ}`3y5ejoERp~)a zrvYKCbMuU1(u-sJPfwjN+PlS?DzM3_>Ae6vA4(lXXc5U@mdZkIRfTU6f9e7-tric| zQ;Vw-ZR3pJ8gcF(&nMvMO?_OW|HN)jRKi?o%~t*!hBC!}Y%A=g>%4pC0*w zv9q3HpKNQ+!ase-+16^)tfw|#h`>~KJPa@PdS{;|1Mak}SA=7@N>31Sru22ervw;Oe-`m-)7cP`T2EAwmM-`fOCc;zs)<*rJZ_#fmC3m~d#@vhi(~3uS#h zcRX1SWT5W&gHO|OX1sf*0{B|fUwNHBo#2IG?<+ppARBdhq^$yIg(d3Md**ZOl^dKj zX^XnOoB%?!ac6o(>Dm==6JG-81RZUjA6FVlQqq!Y;DlBZ7V zB=AZnc5?O%37|TQ^eRjU=(EKE*Y*uk_D=E0N>(|PSmO{E@q4HZ>B${;M~P_m1fjz=q-qTz~9fi+alkQm7f`W8zMo1R(^3 z;KxURhFIGG`koXYu5~9;u^!Txfv}+{Cxlo*3-;lZQ7Qng^NjS;oMyU>H3S2Gq=P9b zak{>{aNzLGmoQSj0*D(2bb^Tb=FOr-QVw-X5skhL+rOHdk-51>1_+Wdk8U#Ionq$K zSoCyavK3Jg5bNF~IRwvBQ?JH@g^Z(|+%~R^qEl=|)Nk#D{eS4t16cFC!s>`ZcIGGf zKnJjNym&lUnn8prV`vs4)TwxRouBBonHJQc`Qp*t%%THs$yQeVWD{2jEfCofYe}O{ zpR<$J%8sW;BFSBSrNHv?3LbP8E zegGGR-=bjQPWbiHDG`p04k0m+8t~7>l-xB*Zm76xp}T@*g-^~r#~H+|R_V&b(S&C+ z$PEP{xyK}{IuQTM0**lpEd|R6KlI>+A1Z9X18%5~H4nDYTNPY>MsBrXXfAiS^{Yko za2GJ9o_A!TgpVYcG2GueZE!&hp3T^{m@)l4y5hvpD0qakKx7c!qpdzn%?&%((xGv- zRWnVvmUG<(lFRevpsH_*5Y2q4_nbOagsjyn32Fqoq$}tJH?scu!mw201ig!a*;Yny zEEq_Pb&vP5D4`zM{SkB?w(+9FItmQXIW$`ecOiu_qvwKcudB2deSMNai3LJ(28vvm zmg9!rOIyVPY5bi(?m#Ge6)_0g^wH4)FpTa!c@~gYDI+^yuUb>$T~jaubV(x_q3kV5 zy|7|4&g>6$(mSmig3&LxG$(tY5MdW)cRGbH)uxB$X82f8eSv`JaiYO_N*o(Fa=mo? z=24)zF{H_jg*exvdKv-2Iy45YKQ!YjX(?GR%yMO4!Q;?v>iJBV9?Q5BWSA z>DG>Y?buzdOiG;TkJ%ZW`|S+)K`GOA054+3UXV`;RGFz%Vu;;XKFrvBW!1He zuR^N<^B(u27~#{ydz|%O0pqTTrO$$;eI6hq(_Je1>>~r_8ZxRi%d;uPPPgO}%Gs#_ z-@LZBKdg2UaPFb&*}QinQkH^p?aK}pPX`S`%#m*Lkvnj}be?#ActP+! zKc-&Ye4b+$RPB77Ox*IJ?)M%!-ILH{wnxdRySc(W>qdEz)c;JJ5!{^In3Y0r7GwirqbtS0E z)t_3M9(cA6fh$|-&0!<)w3vjGW<`L*lS>X*(_AZk$?=XFXj77a^9f;=cp;~DD(qJ> z+Pnc$?g*QL>cN*!Jf`a=L$Sxp-Khma<@%<-Uh1&oF%~sg-`NW@LC{utR}S*vBVsjz zgJ&)(9Os0YSQuRFm({dLap-})Z#mlCNIFcr!kooeoco~rORHRm`^I=)dw6edp_b}@{%%I`r56xkGYN;UTczleaPqRu2?QXTKrxaMO61MwJz9~ z&#v(ehpWfRTeaB3K_dJeOaZQs6Hb7P=&T{W|L9_937tkVbhGTy9#a z31i^Q58W6ceEP;AjEQD{r~CcH!n-|H!Da4u>QV?Mw@1z0a9s7;lSNEjMpD_tS8Py+U?qsg5fa?~lQj@=mb zQFM=imrfEJHA*!gpyghZA4D@Sfa6h+EHsJQxbq&lHENK5kc6}pmo=%|gGVqZ*0^L9{^X&yyjNjQn1&J4N8D7xRkMy;BQD_mVZO~Fc_7&h zIVDC2rJ|AdbK!v~i{NOxuNQK?`Nvns!4ub3Xw9(gyX$;b<(nP%Df~h5;bkTj(t1r> zz+bV92f>*XI~rHi2v-Ho`M1kIx=PRmUvMW_303hVkeJn2Yn(@+k_4iZzSV0Yrg%Yh zGxL<#LibATV_t5eMN1f9#;ZQ$;qzgbU--o`asV_lC?qNvS~kYQ8D3a=z{hs3p|eZ_ zAxA*UR6+P&=T7KgFA`gHIygQha*X@$-6H7cm2cO1G$lt_+Vh|m4kA(4 zk6^wfp<4 z2#c>%V+HyffW2L$9F+)R)8%O0bnv*}Vw?t6=$mnZ5rs}v*jWS;lZU5aL|tlgSZa=V z+^QYlF9*8ll-`s$UyX%L$ks7jgtfmhFhC2-P|mlm3)7t?RBiqWP9idVdd>B_c2C#a z+P<;(chYY$9d%rlM{0$bacqOSyU0<9<)2Z@tx2O=EgMPwrg_3e+GJEuK z!a4qaxv$i3xq^Prr zoWb@QH)f^&Km&8HWwYMUak-cp6I$TF!Ma-@XkaC38<9^$4)143K44JtV@dnD7OgCi z;%5&w?XeJ!KVHCoE_MW<94v+Cx6RXh=rco%iQ_(|1f%yW8~(X`8HMIvGw1TBDbO7+ z55fZf7*5tslh_@Zu(%TM&ds)H`6*0)a6^g#5|1v!m;ETZn>JWW|QduJi>)%8VxwqT{_x=a`7)o9zj}&1`@hSPoCp+h8MHdK^3*T!|~2{)&@uRev&=95t>=mZfbDv_rM{v9w(S z0QUyr7){t4eqO}_A3WkS4}*&keGl+)NVJI|1DBEtftW#ss3^h-Fu`hq@5?cK7#daa zMuP7*3QMrr$=pp^sCO$M_=Sc8QlP6cpkVGf3D}HS&K~0m{03NKJKF?ViwlTaiOzqK_WB+hu>^q_%$An}aKFZ1rXIkJhDzVW zWs%7r1ees$gjp#1^n$Ght*3tZ`M;$`a2~o}i&Cz;tvYtPH66${ zKvd?wW`A0m>N;eoXWf^}P@edYx%bxX9;1hM^UV6gW)yaKC^lpPItjl*l-2<)PWsa) z1EiC1eg4QqhrE240-gO*Zd`xd;{~-!H|C=Sw&Q%a-3J!Ndd}K+d@Cu31I_R5iV&Qg z+g1FCI&~FJZQ#0E3(|~zXDX^uy&BU{^-}mW8`dOBEbz-ys5nsS+*6&Ma06UidP%KbXV@11;n5}0Ik~?3OFpA!Je1BfIN)rQ<>D)3R6}z) zxNWPs*dMf0)eTSP3V7{$=ii_O(;t3E$MaA!)|?lbt|%9Gtu(4`t8^b+%+GTHksWr3I42Th&#+| zCvu|WBjz`#P6&Ba17`F_Lmj0u63<0lsP)d@P2oFuO(UI|L$$P)Bilp;-y%VROb?2W z(9sdCLl6vrj7}+FMnG<5Din9;;j}K$6aLJA-1~arXa32A+?u9S-%$cei{!eZr|-0y z&+)z3EOkVMLk=@`e+V&-2QrN08bGl^5(yY%oh}z2E4r<_sMU9e&cq6a_nJ0xvl^2o zxrLAWGEksfzzRlX>el*Z1voBVC;-K|13~3BYKa?lWR{8n4)-xz&R|j}0Ndh+nwuK# z3NNKf{-$-=jW!>;T}PagyAP(~nH*;eubef=xVmrplUyQ?r*Gu?wZAC$5Fggooht4MLzmox=zy-{Yub z7oa=@>=PSZfqXG*y0SJWxsa;fqHmSz7V(OYEl#4wQ-vaWn|s71}#o!1AIAoZss>=xcl`TXy7$H3W`^w=uDT0}s!_U_MIpgUB<+cx=IW zoIhxHF7nFtPdvSviG7jSYkB(9i<`k2VDcI%yqiVsc~B`SxSS;2+tORAuc-wWpz8ss7{l zi)mItk3>hdEx0uRV%r=q!vr6SRO9pl2E7-Jg%)qK>@01YK)jxa4X+s}pKs14bh0ST zKxzHQ#rTuZ=E*^{=S$~W{r7nQSw)9!-3(B<3T`gx@gvT!PkXnJHEWF`1Q5p@YVwHX z-Yz2Y;+>R+?}CR$4(=ZS?pSxp%@Vy$A!q(-66YZ)1z)xxmPkbs4bcHUnFs08Uj|2> zS_6Y)Fd`3}*6V)l8X_Q9{a&}`JE+CpiIyjhf<0Jb)mq}M@J~z1 zT9s&W$;OXSsFK+e&vXG60Gd|^5nv)!MN659#6Eku`sjp%)DN5?6B>MoC{!TQn~V%@qtR}>(AE1^ej8CDi z1wr!klhOaT$Xb@q>9L89Y0=%!$+ia87q??QTlV=cAiBgo_ep!kux>x8C4a*a{R>tI zk5#CupHa~-98_!OEk$s2Ksvlfg6XW<<1wWncpK18>7;1==?gm%_f7NsGf$v-ZIgJ) z@zA9g*BPWn4!t}&L|B&uYhpCm{m6YF-Ox*w3jXH<6DM$`swTLnd46uP*6{{^fM*WH_@xRuY1<&+8Aiaxyb8Si0UP>TZVEO$0~*by~vTK zHEF3Vix09X&_b?{eaHII9nqcP_4)nGcU!gpv1;2#sT7BlqvwsmOl(PlHrE0lV8 z4~c&ZlO^yy+=rbcR<|!haK39}#xQcx?(vg_KmmKn!ukTSk<@dfM>H z&krb?mbD;l`y&1lZ$(zyXWjfgK~v8r5TMcye0$_W=2#NHn88!#>!H&iQl+xz+?uvT zgN90_Kc`fHDqk^Oi5qP6V%z>l069nDTZ2oX3Jt9tpSJMDckRye6e_8=X$x>ACY*!V zhj7AjT`keRr_F;rqHGy#M}$HTmVLV9VcdwZ;c9(dJCsK_&Dxr zW-PWMt&Zli7=o9HB6i4RAhN7HA5ay8FNOX0;`6z@vn1B~`OZ+EV{Ov-s8lpoBsSU8 z&1wm_{UCU0pC^N4?(H_=8tZ(CQk`PWWUQu(*J_3lVb1`00N#2RLIk@CosTPllI;hG z#yC0^)>TtQRcHO9>1S!8-qTVab=8%Jpwc7wIF9lDpcaKpDE}b5_VmE6epIZ(N{^QC>mXG2lCo34NuGY@w3C z%)IdZ!VEM;KzoZk25XHxf=W}}H}hUy${mWdaSl(zcOqEN^<3-BApimI-N3FaG%-o) z!l8=i+@XUvFM;owD4j0pJ0pnty4vFTc>K8lO%jK1D{yW&wBpgwL}N7I2U zq>pbIcmcNi6&786>@MiZ?!?+nM8TG+XU+(pm2_J55OFM^+^RBwrj->F289(H0NP5R zip`EG4@j_J5E%J>Qdf)VFJxxpbE2D^P8=F7y@g|#v#}SE$*rMFINj`^ebJQ-o_h=) zR*W=~sr^L%`EHC%*c6?KKq-2b>%z8l5Ps)en>feHPQ5BEF#<-wPcOiKBe8Q}UOMK# zIPBa1g~T$lvi+|%_P>!>CPo8eV@5*;n!g5YCNxa!hQ>4oCI)|L*qM!(|C+EE7_%EQ z{y#{p6{*xJ-EAk!^?FNm^)D0K-fZ2uwf?-kz20Kos+r|IBfiabB0-usNxV|J6Z)ft z83*teeyG({TURkIDbTUkGu~sz$PW+z#Lwn&A$WUeZDDT7e|v6fb$L8!dt?$BpK{2^ z!qnX2+GN7yNMC@8aP;bswEC>1i1Omp#`NTVLFTKps2(^JtvY}?GpjqD6g-p?J+V5e zAikC9uJ!kG6RJSZtX3-@7p zq0l+q`?mrX?`)Z~0hw)f&RZ~QWNmS*!sWFshLNlo8Y`|P6`IIVj zIjNmQ22EaYOgo%-$)FP&-0T`$u%7er0xTH!?ay^Q-+Nk|)$MrstCF2alA( zA_tBcryWww>G2oy4HLOnZtz)18z&SH>ohQ;0~2@@!h#C)*{wA&imxD-m5~2$_T#=eU@?+9F*M zAHz!3k3xPJ#6Y7=uFh4ZyG#PD4ySgMaJ^LkByVO!ZN3qB4Sy3V5A>H%L~t1O@Ny33 zcz*f;-vcT%CkD!>rY=aoqw?lD>NMS+leIElqP>~Ks$Nm}eRhsdtyPeC$M^PXil^$i zHM+*c@b<*2-SU%F8^4|Gtr+hkj=~)$l(>&Dna9K-%;hTj{0t=M9C8zp0(ruHH&m>s zpj0HnO!Mwp0v_izt3RuyVD>}TSs;6~nU}s`+L}a54%i&G4GwXE0+MEzdt+?K`HYbM zF+K3@em{5!X8YSB_JN*tkIn_k#zid&3(<4)IqjvT;sR;G*;M~N1|ujimbuAkLR+(x z54qerziKH5s@q*B{Gv@WBt>;qv`LwNGsca~K&?K4N+!=vrhvMKcn_GfSx*XJnqdCb z!_3mzm_7`{H>(^%Tc=hGddPSuIlj4vwQ2WGQ9cm+ppTaHrIuBz_nN>-YxGf?Oz zfr++EBy8|T3Wv4bf02!7?)a?;eY^ydD&=EjC>cvYFklzh{2Eg`OKD)$(?zWrkRbSU zF`zpp2ExbRo-CrG+ha#J8EMFublm)cF?wU#TU?6 z*i@SIgFKbg^euFAiN)>O8zpwqoGP=qSxcsJ+$G)HXK(WasZpAGGESsFPPbwWRP7D! zB;#1~mz--O&dWDkz+Sxl=zgU9ew$_(Isna~!~g1Xgd8v=RzFEn-XLzu$6-Dqh|q(O z=leD;XLy0lFYzZgKptb-8?pOLPi&>4+V!k=)#^K%@+fqp@yeP@#*`KmcZf(C3N3S; zo5gswlHdLf-WTR#qXoI~bG9$+goZy~f^09Ew%*_X^>dxS){;-ki{rOygXQ2Ox%WK8 zeNiyX5L3)hP$5Z)ooolfQfRCGCDYZd^hkGPq}(exbzyRXaya$IAiPX@0OK;8`~;+Y z2~d-yVrhu->rw1|k5Tj+;_+(m|M#I+KSwd9)rlVOS#4>amqR_b9qK|xX2!bCMUAaq z=kL!2sli#;$!!Z1-rts?j+c_KFxd#h=OhxGHlCfbTt13#6ciAIBEwms)-M~s(;;i9 zMMs4EuAEbw7(&`NMl!m#U=D);1_-GEK^Xd2=`~4y5XKcg!KPswYpeG~CPR9LBpo6c z570zrSghrUeO-rrf-v34Sx@FHY(J*1jvgkX@gY%uBXO8!`wHbTz9_=vTLX6Vgp3yh z)cjSLp2sQ$dnZcW>z^SC6+HMv;A(m=c_`t&(*yA4_+Una##EIOf~7)(%z;v-lIVv->{;IU90@?@uNtvpM@D z6{sWqbnoJPm~yORWf$R-7zn0_bNdQGoA>eEavp`jDkvHweSd@lEd5VFkKTdZ3B*m7 zg{xH7`!we$!>SWe2pUPc2592z&4`Qa-PH3X(b=U_5KJTXuu|@1u0{Gtro`r>Usb#o zMFt?w(-dtHTb_&O%aZDci(@qQpGq|X*`?!u3{00p0qR%&h)vl&{jIuV0@ViWeE-;A`pji1w^!*pEFma9Zc*#XhU$|jLWAJyGn&ohIV|T*! zO5>wT@LyDUarXU&ts=IR`s9){_ z`RTb4O8@XnxW41^u^QsF-R4zZ`b`q5rETiS+k++)-Y$oHoXPoabN|LiHG-@NCa!D6 zi)4iMO21F&$Y{YKbV92&x1XO-LNi9;Edax#kF`Dn1g4weEh+y>#Tzq$aQqh|;N7oJ zFj#B`LoObb+j=6`U$PZisjY5wfqog~k6?oSwwAY8Q!+#%xwL6SD_Y`2)% zaqW&AJ-3$e-rxl|Ee>OYrTnnIWB&u=)y3rXI}`Ob(g=a z{lShs1-FB+v$|uLrnfY{?&|aFeh|E8rsK&XwX%O19MR-43%f(Dby8Pdp(Z1eFjMcC z3rkh~d8TlZ$j*0R{#|_IUiSS3z_O$f1DXF;MCsVCKLr+NWM_)`!Znxx!+%A zlZasQ_%V$8de6YWlLqlPR6NJ8z$V}JvL5UY*9m-P%JXO$h8o;4c=@2Bb=H<6w4Cp! zF(*!X9_OKzth=g8Fo*Mb#7dJoU5nF12w~T7ZI3#6S)^ymabYP?;h$?Tn!a%EL$q=5 zR~kAe_XuBC$)Y{LzJH||y=qc=B;puf+OWJ?Z!wr~4g-p=(a>h5rp*yq6+QLkHV`}h z0dhI;JI6uO@n^Z25SG`MPVD1t{v#C2=L_{ceMVtb3>+p+%7!reOJtlSBpI9Uhr470 z*M{G{vxnhZxJdBpB0Cn|qfg0jIoPE(?TqCqo#BeN_M(O6dRSE`Nzt+dCjVo((kF_iU zA*`Y}T^t@kV0^-8$MXb@8Txv(30Z6>FHLo0XUyJsHm7t{sWeiM03`ry!f%e!>*;&x z0G$S724+KBf0t^>oHb&y$~*r-rxb|zF7GG}w-P$8PaA^p<-p1jX3_NN|EHzMtBs>2 zc@PxE^9HH(qhL~lGAUI*$dAd*Aq=zo81Vx#F6ZTN9$*1Wu1&h`KvX^)^GE#w-e_reueF%zCdNAwuh|0fXKa7wh%F0?=A_C z{)-%4H>Pd*@zAJn(03{j^&5EI?<@*^;5U}cik&PQ!&E~+q%ib-LWkVelp_@upR!J| zOR>i;y;L=%fZUs5M@T5jESo(cS65T?e`u@Xkfx`sW{?Vk zu()}JcZaafX;u*H0jw1qLsx0jq0rYQ-)Yo|`=EMu+I@4I{$2Fp>KsHViks8|ib=v?PQmi^LG8lP0a_b#xgxYj(w64W}TK*t$g z2}k?8xA}_0jziMq=aQZD+B*{B{oc+JAKcA=L3m6$iWFe6eD{{NvVyo4j4>iAj=Oj^ zUiPpSY8Ty4oGR79LJuln0UJR~0;mL8V;cyB^5Jmfw(jmfPx1Yzn8m4ffwZ&@4J{J#CzffDj`G?Q7Z`QGo zBdLyCC!Z`*Fqs$_hIFc*Cv!YznSXzlsw1=MK%}epD&8$oS=NS6R54gejh?aLd&`%8 z(q?p>M@UXzA*+0AbHyyplb*1}q%Y4| z)^Wz{(7c`Aag0X%nV@((AcP7fXQvrT1Lkm2ze$Mrm(@YsS%LC2b0Rc@q&DL1@qABU zWcfZ|5Px^i9_pa>)-jF-?s>0AR=6b$kKZq7aKTWlD%L6lQv6nu?lu?l^!HfE2nD20 zDTw(}v7UQtkq*=#;69LqEuB%Q>qErx(5}mUDu`_+AX^=c@|VFbOtcpB$1mLOBg$21 zz37Z+GHIhwmNnB>lqL;tWdshNNKaZS;?Yu|baVN0qwCee>*2DN8aBSb42s%Tc%w(?$R~yC) zAP_t5jZ-QJ`^?RjdaKEWs1PXq0t!ni%;SqgxOHWD*Gt2%Q2}<0#qcM7;Z8{-JD)|mDEM@`YySg@ zm#Lz=`y7i!EVUzIyXl z)?Fcs)sx_jNT~R@A3|*w>h^x9OCg3OC~j?D$I9ctE6jfqO~wlT1k8z~sp`X|hV7+l zyHVww{6clVR@zCdDlz_U6`xrEpxnCm(|&@TRu{|KYzG=?1|8bo4G-67sAKm;LHe=a zN)&JjQZa1D!S=NAQ)zk4z(am8CI-?7E%&OPD-@IzPdQ_O=bhNb7S4b%x2Iia;O`?p z=i&F+^hqJSe%$1U1PoKvZNx&dWxja#<1R8t>SJ@+s>E&F?$W zLg?&#5U!qw-n122$#M+Tr?!^z@|+0RtV(v)oYgRMZp`qE2m*!FIF{k= za#FKCjqc1Br`(H}5-{StEYeHAU3n^hOsOYA6b6R$jmp#UrO`{`RP>PD028 z1*{g$WvR9zz=yx*53>wbTw5kq%jOP|xXLSv{oxS5AT)Vu|Dq-uj|&zB`_h|uJ9Xu( zH6idl*#`{F!<9p4Jg2sm;jbnr9edzxGeq%|by%?m4LZrL64|&Gw+)Fgjzco#)!o^A zlKuh__7lhj68$NF9#G zDnQ@)8;4^4k|QO(2+0Ggli1ySXOE@>O*^S=|={z>w zbvnm>@5>iqV}Veu7GMAUbsc%&#koBgXa13qOW_+x$1{`t1`+a+GA8hCA2Mui{FQdk zBA-yZp7l$dt3}!-oHAF7njBUI$PutEAZ9lQ%Vwm zOE@|hm~YevHO3m>skY{TZg?0}y1EuX6tjM(C^xBW6ejzb7ie379+(97lRESgQ2taN zY13RV(81}$A`*sl?pLm{s@@m(PDVAVO1e&eaZxoe(tkz#ibYObLxrfLi1PO@=q<1$@QHB z{@DdPZrd6ml;NJWM{wEpxn^fpBkl^tQ+O4)jdw?n?G>vy$~#nYTZ7ia<_Zx}oF0eP z6v#^>!0A$WhUdAzDi`(H&V?ZyXu*AKa0$u-BxA!?agX%S}lqa33 z{b#UQEqqOc(;np3Ly-D;w#^y96l+Vr9@^FD z+vdjPDnC?Prbd*?;AcL?@zf8#-N5K5&evi&UG*OS`oe2MIf+t}22`628L^X*&THK} z)M63{Y9CdijH9H@D#v$8?cueeq2=C+mQ;I123U50u_k;DpEv()VL>4LEqvU(kyw}z z!2<2EcvjdjlF!aRuMQv5pO@_7^RH^b(Rn0u_So$7Cw&ud`{)%YeUyr?$giRJWTN8I zPeLh-NRY~xUv>{Hh_9D%xb+O{XcY)wjLicfu*uZe62>T}} z?z(+T>vt!(9KIXoox8H{1~J(d=5*HJpN+j;OE1A~KJ%%S5{on2VTeVnf`$^Yuh z`1(Wh3hWWmWUF-Zu)W<2M@5-R@7`rd-|3liOodIu_XzvyiOtZ@@TnqjsSTS<3IF{% zGiaBaXZM1K`PO~kVav7NHtuW|dnx-{hKHXY*rlZ?e=LY}o&YcKTn#rbbRAW+F{BKw zcKe!HCq>xPJC+V-)@mErby`z0ic1~$-r%X=iKpU^UVmOzsLi`DjyRT z3=cPVhywa5_o5x}$OuD@X1j9(>`2uv3eGQMx2gc77?dI31UWhvDXP%(jxS#A8Lq`a z2aiGXbVQB(k42wXh)`P+rGPmZW0ST2hMp7@8MQsxMf|<~l$d5j4Evi@1O}tq%iQO$ z`^uw(NBDu6+_cs3gXJ53G~FdVF}dwTThoNcRk&$h&>f)B6BY;5BGCu{zuFm_or0~D zPo06+TEfSy(_=JT1@KET%VCZvN|RT_@~(K|@%4H$N+<$@*vLmRG+JLS9y1~x8U#i) z2L(;0VMq`wvIDCaX5NnHUdFRiK(!|vFlei~YnlmDvc4j6+fRe)H63k+{((hVkihLX z>?eajvTipxV2N+p?rAfTJHN_U>X#qnpv=IIL%lTx@{yp4Y$$;=4+v1eB&GdjhD3;+ zI-oqOhTg7=RjNT-ZI}>-Bg6% zNvAkf7JvMB@LXE(RKkjH6M$H@5;&2WEg+<=s+VAC>)BzC%+xq2KYhB{ z8+^aU!0EG6!r1bgsidNEdzDi+Nmh#-5Nf+Jyl7 z2xzOKRD_K$VpvCA<3$iD7ExEat8rtrt3)C;eC(<}q2??1qgmGa&oF@YMKG^G<0`;YjaO1I1G~u#sfg z-f-{cd#OND{~t9VA|_#^(Fn^+EVB@CY8l&wX!H9gEeqLUBjbPDzArU@xD^o1imlIU3Z z>_Et8${+a$UhJ$6>7DxEs2D{`4D1B})?ZH> zieiv;LIlO=ptI>}!>_LoQISR8>7llGB|*yl>>DbKo;vmWEcV=7TXtP{O#3M04CSKZ zCT*;9wS`=wMIO~dA>wCgYTt`K38)yGK|bF0rZyy#yms>&{?T}p#G=I?nHzq*hT*!U zqM$zF0x+wr0y?QK2zuPbI$_*R?WEVokkwre8i*Hn+oo{Oq;$Qj>M_zqM=YHkee2?* zZuy@vh!OxLFm*5d%yP>;8m0F=tfDa}1ksfd1Yk!C31;g;bsOwMd!dtu%7|04IBZyH_-GHoHn`k(!;Xbl<2}I7K+7QIf@d5CDc3Vn{!_} zGfXtL0cVbGma>EeLQo7O5}T05r)b??W{r#ba<^0a3WDf*sZjEJGh{NSCOS)5~YYpY_UG{785vFNtxa%5Ot zvNxCfaR${*hksZ{AGrGD-ZvwPr@ez-vxL4>b~e)=l^|pR?0+JJvn4St^kt`tXcZ6b zn$rKCB6&&uIQZ(4&S50vv|13A)KN0tjYKsGK|Ze`@izT5%{Dn-(jcZRm-FG zMahK4=eT#D%Zv}t2W7;)5)q_1<9T=z(jLs0;r_$LO*kGdmUQ?^qGSV16&MQ2O|B;_ z##zC&z(wSq3DUpglXHnm@#0ywHY%F{d|f$wHuQIFV00ERa=;W7coJHNOAs57MnKbD z7rB>B1o84?*L(dpMJZM%5PjiT{1K^)CZ4foLUZTC)=V_>r;487H26xq5vH{rPV&ND zMPAd8+*ytF!Zc*UNl!0jTA=-9ZoggjF9jb1slh5w)&`~`q_ks7_FUxDE)mLJk7CsztXIwNl-RW> z-c5Ce8GnWvU`BMKQw@zev5!Z-7l9L5?@J=t%uFwiJu)@ftbNg*Gc4`*{WU<<*Y&4~EEg<8eyYY1XR;wzr2JTc_8uN_6GM z%%~FBu4l!nnhp7Ak;Za>v?WI@?XOdrA%MGMGA;oAP#bhZ_G>7|Gt9WDU=~{N6R9kK zEJGr1##Gccv2799d$>j_lI{*J8UKYV*r2Zaa=YMM2+$S%+R6{Q$#@#jIB9+u%*8ah z?=mi)M^1CICta=x)NxF2)1fiJXVE?TXvjq)iVpQV;q~ZCHkYqmS0UvZicDRqKk}tP zxSYi{OVJcWM(S2EAiV-_798025mYJop{Xh}9c7ssjUZ$8o#U(Fssn60V7K-ic=G5; zKk5}8d`^Dg&UT~)b!Lg-sJl4J>p*i)x7A+Vza#A|ihRX|@VB}Yg&2KCS-w6X$_6wj=;Yb>E?b1@RMbfCh zs=Y(r!8Wrv5iLcUthhaOZV=y%6#SP7mE;JpvhCvhMpasq9vjvWNeX{i$nv3xulWA;5)`<+6gSE?SJL0>-bgidTA z8gtL=$YXd_Vo{#BrqAix+M_yVezC4Y&T>Q!qx-rvlz|ZP5UeX{kF4b=^zEz%$V7B- z+TkurnZKiwX~NU=F9Xr%m5VY3q&%Pd-4rMY*fokq^_1%Z*KBE7G$Ni^D}H+-1D0rC zF}j_a-gIz`Sh{yll~|%KidDyoSCTTI%Ki?Af==Nc90?|71O;EZBPSd$j=?HCfm=gO zR``BeSTpR9ZDWczvY;2eDUBP7X%0q^0Th5p^138K8qTN1yS(lRvp9O?C`Kt87o{0| zv#0|vxI|6fShXR?nAJLRsy+(ON3~~yq?9cG3AW|xP+`6oekm@fG9maOd{;zaf*5pe z^*ki=gw}TtguSC{@f>b)JYCO6RjY;{E5ygXH!t8J>_e0&mkq$wC7fn^N9xwkB#+#$ zl|w#xppYTiGlw;{Oh^v+d5w4&J;{uf3&rgO`Qj(e85-=-aVJ5|A%WaecE$ z_n9J3SlL?u5UNbNr51Uj{DUoj;?gquW3HqXYWU(cM6C(lhM}*0sqFJ87RU>B zjo58|{LyOIbbIHXEt@oQfMhQv3z#`uX)^jst_jrV#^`J-mN=eJ*sYEoNFf0IR5IY} zZ>%K&Lr)?&|HeXO=aKfRpSvux7#&5in|9xcp2Z9*?al`GvnFUe5yf)D`>?VAZ~_p- zk9h!Ho-fap?OSZAnp{1wF?h=8m;|GjuqAx2aPV&E(Ys-8-M4nxO$tK|7*%ap;2ht% zCfyI#hTAvlEu+WHHkW!n#vyJCn6+e-ik-<)zm~<0EsqMrqX092EiR4#1>1JN89dLc zZ_pOFN!T!4TU|#6Eg^^enICypsRj46Aaq@xyXfX`oR$R$fYwOE~qZ8{qBtLqD8fPNuh|4xHKB9}z@hzvzh4fh6M6w-=}<4hE>{cBhY!7# zkOMXkOAE=%;j1oR?};4)Ym+MWyoA|V?Svr^8H1gwHGQXbjuT`KrBf!<23hv6>RQ!R z_QtH1-<+`|D4a4v0lh^is^DY}5DSmtVCr_9L9iCzS8J7{BA2xGqR7|q$MIE?DYd^5 zH%9oV1#iC3dA`RvVGC>WjaP=&rw1}h~H z|F3_wM59(jPsd$i>Z|HyVy7CM8==f7>}HW=eL7z+l{HM!#L$M1*dD4Xay4mL*pa2G zKH?hLY^7~jgyp!NG>nTik?`lMrJw-#clSgjY{6rE7Ac0;9Xic5(lY*mNV->;AbNI5 z5~YI;^hc+Ih{aNOA6}9PM?42>w1X7M;!d0Y7>Q(ySQA{$jxRf8wa_av!}kakE#aCm8*#(9niBwANN0K*qKIGt6ZIVZYiJs*thoaEdscvcL3EhAk^Sd z>E2rqq~m1yMuBK0Vr;ge?wVYv7y}=%QheBO5;oe9oj+(ICOMP71<~t6fjh1Z-+q&*C zlIcehXMs)r^-uujZe};08OTAo&2^7M%*c~;0aD~`#E;+qfPKd{I*##wLErk{Pa6OS zz{tYh+{Dq@#NFA6j-HW$`M+Ub#{cr)Dw;UBSU8#(i`W`Dde}Q#*x3r%+5YEb8g>pt zW>$7qW*Rmlc6u6SW>ym#15;B*8dDPvMgwDJLt_&Lj{gn+C6isEySq@^Z22!A?)8do z>wo=aYISb6xaE2!lKp(h$daayXQ}0~nKAYO;+JjRpix`A%8@=$cFR+~H>2_+@%QnY zi{jEclg{YI)WA8%*p9TQk~*`R>hd=UN?YgX&Q!!$%2v=WRODR9ibkxUtxWB}+*Cxt zIcg`A=q|*-j8sJApiMpeZ0P^UVVe=bbN(O5m-GKZzW6vqOz51ZtgiU@dH#N&&;~5F zFPx#G-Y#?Mu)=Lxmz^aYzeSs=gq*7!?0p+yOr5XDUOx|>OPGx%AtH!hA?6JL;MeZ6 z9}!88%?r~7{l4MypC=dg^fx=`SH97{{)@q=$F=L>oGZHzE68tUp)mBeyu=mzp)ap- zPK=}XxnKH=te_U*?^^4L41x6WiL*aP;zmd%km=_WHaZ>>S(tVkoY=Go_djgHJu(A_ z)J{QD;DctsVe?Xz=qag|sj63nMA6#8aE00Ko$Mn}@&|~Rj3fobm~@5Kf!*{_@Gj9T zGSKFEvkS+-QNjb?W$Qiatfo zWg756$P1ZO#dReI{(D{JE9U5~S%8b)8ry@gzDc+n5$@r&rG=uI%r^9miBZyU!R&g> zMopQxi_Mcz1I~J&ufHAy(nKr7bxI7v5-0rGp>q-nxneF#vlYFUW=m{M-V}ai_mC`_ zy82=?!3th_Nea4%-D|AGvg0qMqQK`}N^zO*qFNrRc73|f^R*0g7g)&~gDn7qF5yy# z?tCXta`Wb*;vkTaS|CJOlN~h0ENDwE4YN#AX#w~SXC!$u&hialRWNYTH{-->+Rn;` z2Rx4HrA?|Kx9`5Ic|P*tLS3v#VV%d(ewKw?kW*KcewqlJs~FbEz+D+>NU9p5o2)&_ zhc>!Cc!&|woBDb%%X$JKggLn`*w3rcE`JpXid@pV5c~$W z8MT{Zj~|=i3C3xKq$5~9ljkHu$!2AINCj1?Ec}oehOySJ0$m)ST-Qr?bhz~V zmeaCbe|;RM`)#gF20?S0QYx2rV0RLE@OJm#MQuhY`xLI zRv~(zq(RyiQ)isDjvL^=*M@04t}M+J4oo#k%lAY06l&q&SGl;`3jRYjCGP>}3fH5d z=}KEzmT`vBDKV7|r%^>Hb*2McW!TrPVRz3wIecS73jgbC1($7y7R#4gPd-yQ|J|g0 zO+@WIl2kaTs`AY%H0yLesHhglKVG553I7e6lOHh}Qv>MP(AT&w$`^^tJ_H7k(T%rA+ zhPp1F+L90m&u1)HQ}cya#DyYZK^1b=olSQh(o@vzyR{$S#<_9v>BFgm(+^TJF5ZV5 z&QeKo$5<9om7WTc24mZbxZ8LE5u=ZWEq@G;wA^eyO+p7+yLAuUZs`dD3{;LUL|ks5ATo&qjbqQuF55|8t;vl0syo; z9s6FUH^NJ3(fuabLQIdj30N}^o#?h&9w^19<-M{?MBl{=E=@X*H?HYrJzFjl?J#e@ z^HBlUV1-aHs$s*zGc@GubB`oaM|wZ(rcM7@+nQ+{@YYsS=DM4dd(Z_m)MHlcZ9tF@ zjW($)+t4j3Og>IIf&yO88#&(^bkPu|%#(vmjeVI&8W}c4pY$Bp>_PXnA(f zKXN!EZ(+$tqb0U@ESG3k()R+zK;d&I4UBt|+-t;C&6I{2ner{IIs*K-ch-{WVG zYWekI(JhkZs$c13&tz;Iyh(RT6PgHi1mzJZk=>Rb5IhVWh6vZ~GmT25rjjv!q~G{J zv5ig*Zigh`a*y+@xHpu7zKT46!`kvIt&(rm0xMB;z)7g`=FmZF_wEqM-q#hs&Qn}e-@7;O5+u_D7So)0x2(mZCC?1X4VH=-qGO z{iuKJV+~26Y1wie^{4h%Nh6}F(&9WJdF!1XkTt5D(4ooB=RY;_9{|r-_4K+{vx9bB zF(BV`k@x%YBDi&SL(mRaT)(pGAU>Ab(I*Tfaq?P~9Fde>V~G6RVV5@YnDJ-P8rV)M zKhFW)+48+>Z;Wm?0YO4ZM_O>w>WU-p){={kz9GRE$`Q`RKSeI28C;0XyT~gSs>ocP z##V0$SXP?HW1`N>Fu) zVi=WHk|Y8$=l#L?0oiR53_THl)XJHbk;7CTK4G)xdn{k{KRv!3)*5{Kavkoieqe7K zLNYNGc`iVBFF~!0y9^Ks-}1wr>~Oeyj-pLk$TupPLap_$F9d#U19r~#o|d@H1fsN8 z2IeAx|DYy=(@TY-N7N&U1WXP>%mec zH6U?1>X|i{5k}Jjn{i7tm;@UpD1KRUJe1*dZ<)Gl2PM8eAw8Ch^#HK6ej2dvQQRvVGyRt8 zLd=z#@=PVnw<;;0uL+zGWao9pA>0Wmm+T`sCr2Kxk1xsim~)0eKh_obrrghPce^3R zRShrw&Wj2OjeDV)5%m+H6YIQNQyi;-FuTO8Z*jU{B6JE}t{i=NZs)YC8vqW0XIB&Z zd5yF>{Mk)xa2%a|lUc=oz9`t=C#05y9fbi`b3!@^4%iwVFt>K}RJ0qpxjO{djO zD=}0{g0G0aVi?FQ&qd*!`AwtwHXsQ15`z*+BIG_LOP<_%l zcujnTW-fh1gI-_U{!KwJ@wW}G4E zg81ia$Np`$0nKs~a)!S~c4RUa$rQOzn)9=W_tXx!zrX5H!QF8iD zQ!3h)NZ}JcPP@A?Co#D!uWp_eifo}ohcJ>Y5Kp^T46@|PE@{uJ*X>uS91j|O??F&9 z`n#nW%H)F)y^h6U@ku_#3!Ok4K!Fwc5q7fT>@PWs^zYMNG*##!5fF1-!5vN$a1#;$ zp?&`Xm#RKI6o{<6kn05O-)#aV)h7gAsp(V6qP@a^U7WfjX3nhyDda&Bz2~GY86AAc zHt;;ci5_7OdRKzzIuRX?857k&oEiRBvsX@UjVgT?;o5{or6$>4h?lBhkPZA42xzKR z*tO$Ly?mkCa!M^c%YTydmIWV$^(sFD9&9}pfrWo{&P~-!l$tDTS;eFY9K0GD--NFq z(dw+7=0b-3@>upP@_Ed7EU6wSb?YFt0V`YWSOUd$3^LlV$E6>Kr~MQ8i{>-_RX_YI z4Ki8@{l;IcOA|^`BZp_Qo6f@0zP^G!tU(KcG&=$V+o!nH8h35RE-Iu1?dPJ`Rk?Kw zjdjP3Iex!nHo>UAMkrka{QEzcc*QndXVbsHT2MhU)Bv|zOSo0%`hsA)LF4bhS1;fW zNrU)~a_+E3fb2ozp;^t-O=}KsjE@3Q>88GDafnfwx}FKDma(j95y`e-Z6TwcZtpGz zRY#taoqxn1yeHBj81MBt&^nCBtxcrog3RLB>$n!;-#=iE;x$?pHN7o#R8QyNihcCh zSs<@JmM`VLH2N9GJBM@vJt~*?E*phtuE4>qbL1BblJ2!@!J5C?o^b)^o}|$fNr8%s z@@$K>Ks+R%Q#L5Yz195`p)N7G7r~$35II1UC|T(m!fsoag>qlGX)5-NJZVT+3^1&n zLTFwlj1b>fvr&U7*&}#V5o|=3xBMfJwLq9a7xi500sIYGWxJl>vdr*h%b;u6?VB(V zQ0yEW=15Rd(fG`&cTyA_cE1hpFXX(}RluO|X>lR-FQV*)c z6j-=b+s_m|skMy+jqR573UN_>r1^iHh(&nwVCd=yiuA%Bf=had8+mRotmIR{H4Dtfe6S7QSx=rmFsqdT12c59Cb~QXi|mB89=2&$!a$+vri%=G zo(7cr`t9BSw2h?OAg$@}T}wTglIF4Wx?0-;2`XpxUW)GXWLw`RJHUyjFgX($q(V=e z>%gEYK}Yoe_JHq98_8BeS)MTh$G4*H+R!IEc0x7LJ7XcTTaR~1z*VaxkX$H(kHpaTQQ&$i>ij()FDO@v!M2Dso$7`o;^i60CnQWeB zrW#HY>rQO&vlvhX+KoJ~dkuI-HsyNYLcXzJA6K@i(Pn#5X}F|Y9kR=J5E2H-Kw2>_ z;$h}KgB88G=FIo)TPufAG0_U82Sdk==&>8m%0y*CXLX*NZBLhc$fre~oXd4p!^nON zU}g?PA)jlXV!-U{hXoc~;(}UySSLq^f6nV&_RQmBXJa3w6fE;{!yk}ypmL_-Z-J<$ zU6S?GO#Yt9n~Ze9(AGf(#?27fMNY)0({29lRxb>di8a^IGFUE zZv3D&{a$J<8~AZ#Q5Fx`rZHlJOt%i5ZEZZUka@+SGaADXdnuwo&sgw1tOoHxjvL|- zLffYFcv|iIAx~C6(9A-HjlzKbe1|huSDRxZ&I@;FT9ZjUi5zEyqgL{R7i@O$9CFdNhH!;sxr@xD*=tXlmN_#! z4`mWA%h`4BiEwO_3X%6x!a=s82T+QkUQ^sCr#hH9P%&?+5r(|#QrFs#+M7;0e;HKNZ-nJ-o7L~zPL`!C%$n9cHuoMlT8)FFax%RSUViri zadMr64B{$TSy??iqacqkLTa2v3RlM(hDN&B{<0?Yq-t$ z;;t6|nix4ov4zrI+=gD8#_^ScglR)e^R#P4#>^GIZ)hpQ z5Rm-lD2a`+L|Ui%WDFmTu(whBXtID?UM+9cOHY}`HRtADt6kEKqTooOYaSe*g_IAX zXJf_cmF{;K$zbhn!mp;gHwTeI5jV;8RYA)3-#1h_BT*g(eSJNN*1F~zDfotj?y7pS zUI?x!%`u~9T(!VoKLzYkvBZPkL?T`2To}h;GMyK7$=qXACk853fNRHEwilchGn)mK zDYBFg#NK5|syMo+f{dBrB;8v8<&q6<3@aGTo>w#bhZw{99%h5W$LA-cm19gk9c_W5+ms_qw#wg-F$pYSzlaw^7(2Pq;I3mikf>!%)*E+ zaJ|w^7~=78QG;(!Zwd`&c4?Vz9>+`XJj<0NsT7&Fi(TufU9I=5tfi5(>#mcTpc$+! zGZ7IAMFpB)Vam7mZ(|HhLO8J%FMA2J*vn<53}LxDu*D8OraS`b9-i7FPJcNB(Q)aAf44#7{jZB5oqZy&04 zOJ~4&QE%C1HaqtAdZhMQi}q4<-sTSimlVC<19ajkhlEyZyFRq?1r>g1U3BJFf zePEjl2cMEF%ql4*qF;rumJF~zelI<&a7&6xdtJA02dCJP9knVYK|sPi(1&@YfdAv% zK}#H8x5}Pwy{Pd#@|@u@XA;Hazjq)e>-*{|pd=PReg{`{Ze$b{@6gBzf?N(7(h;luVAv!pZ@Xs`?K5ELf)fNEQ4^J?l~w1*JBOc zHTUVc0vCOsQ0bbP7En;WJx4NMa<=5Cs9$i+B_%yT%!^>*Iyt2dtmu(JfQ_zwE>Msb!`S zTo_vJJ~U0yH=Yck(v#zKo?6NQuW)j;Y> zsUpd&5*YscSdTW1YMma;^hxOT0Y*gz6j<4YI->3ILA29Dr4hJwH>h|;l={X0*CZo? zmRC{j4OI7#$*o1?>#F(|p4@dFZX)Ihwh(b@N4i~cY@fK6gXCJ%dmx@?&iAPV!$!FN z>v?Q0Bm+305H$(N-*%MtnVjn%`UqFuY^J*GC6Y$W9P&@ys5xQT-6d?+?$zsrqixo^ z>@Cn0O7tM^BVwU1-8yOqrJu675j^xig#~}Zy9)gDS=+ck_c*2S5+C)1$j}{FZ7@ne zMiL+~(Y|tQY&|aVDrvwfJT3;MGiD2CIcG{xu!iKTB)#jSvcC-@*9&c`^Cw;xjne9p zX_*1$#x_OmNujv(%LasuoDp?rrVefpJZ3t@CA z5^JzCnUAM?KPuhWlELY1T)lt#pP77(jBN`gbNX@PJ@xD926V&R=OBnourmQ+26O|t zRneJ21`^us&EMx!o@vU(?Xww_k`XchJYJ|y^SR+A81oBe<3W=MrMeTH&XxK+M?3D>a~wMS4e>P)3=sKVpAKP$u@*gE4G1Fv0YEyNNrS?yyv_hX1MXY2-6>`J74omMZZ$;8yYoKJF zo2GW8_-?V+eMW(*(7y)};+x2p8vXy=O)kHNFTx8ID{u(yD5jo2mueZ{7|qo)TgoJl zD)Ff9z=EdA(i*xZ8e%vsd=%k*3EQ^qu8fHx1z$cxnLtvbzd15hy~1UXtXc!J%CMfm z$eM}2(T`AAexqOZej$q-K*)LdVn^7Fqw*KIqLqNWqx7+|v zNoqVM=RbN>gLv8p_>4|WLKQ$XNzgta0AfgPKy^ATgc!(eJ{^%t_}o`eG>gTH;c3a=Z{VjbqE0K7en+@ z;@G^O!yG&PfCg&5HmouZpYP7DOt5YOxyr{yF)#dx3OC``x(LXy1_;q8|Gwo{e$>us zFt}Kf&MT=XJ&gz##|ellzT;M>~d9k`-QNoc|2oQ^G+qJS`{6r z%zmwCIfCNGVR|MDb(v-U;ZbMD((Z^I{7&cp&5s93F9IiUW+@Ig8j?A-xP;~!1?CnG z<;_{QrN^(F=Ouwt9P~YKq8A9A%tIv0CH~U@Ec+--M6+Umpl<0{{KwhnZg!3JB^`$Q zpRQuQ+k!ot>E7`uORBJsN-DvbR#~70R#C1!1!mb*QQm)mMU*@> zqK8RwC8F7WQgZA+1kEz9b97=r+!-rUAEMN7RYl+IMQ+_b9AV)W5%*=uMRBp~oh>;wYg3@U5D(P%uF_`IvXQ@NB=(m20S6 zbB@`cVKTHOXi}h@aoJ1vSygT_|L~_g6c`U0D?T8PP=mwf0|}?PItXFM{3-Bws+5n9 z-E5RVxj#VOJw>@MeuHatMLme?tqzo^F)Y1HE#g%lK^K3q_4m4T5w-{6=rm3xpfSzj z%{8Akvh$b^9LweiBBQ;6eVoGU!B~`J4G{LxUS46**;`1(OYp3M@t6LiGZQzifk!^& z@Ij}s5d^rZj%wq+|+qI9>3Qoar3G^ztW_(=x@R0CZ}P&W6r z$>nT{b#$7ZMRWZ|(&amSDTKC)YC3s#9x-+jSuM0<5RI&N10V%udAGM6)lj5vMk{+N zl5&c7YBpigLqEygLu?491fqF!hrWh==Qoq>XF^jc%^jD6>vW*zm@uiq+`y$~Y|}J? zzv#EM^!qy&LOBJc9QlbQDV^y_M>UY~CKlwE2*BDA2uk-6 zqCx=S|C;U4!V$Y}0F)zF)w-nBGhhOB{{WIIka@pgpn;CL>GXn{P%}ZzYNG_u(-P!!r%GU0OU(PS?VEeU2Z&KI(b@Q(C9c_0E8dC^Rf0Tm1dSi@&arqp6hf&} zmsB9gH6bozkivx@^htg&-l=L#mtJk=fdkMO6T|4YBtH^7%VZ0Z zr$ifD8D28Bv5PMb>ZB4yykP4{S4AKuiK>-&!$O8e2A@CG*6Ykg+jU&*SOVLy*5ci- zZNRsQsRd^3g#>mp%T9Osh3OBV(guh>B3`VW;XlAPbZYR06p9bXqtRwnn-G zH3N*wJ+0NUZY=TjJ8%}J5o1Fz_^3F9IbhubZd@NFsy^ARu!wXpcfX5FVzJREwcmh` z9l5n~*xp;c%>aeEF;1kVeQ6-%h=oI*a0Q23tv@>{UTAw&TKW)t(Dy^5!pMW99{g_@ zyadwyLmX^TJI_lxs0MS&ajb_|tb0QjSKZd*4!v`Sa76V;t#IJNgbocPCrsh(s5XA< zCr-#2k+t>}QEaYC^-G+#EYz=^{q0x7O(BT3o6r3jvq;JAAQARRY7Y%6h56{p59zQ4 zjw44Pts5n^e9nKmHlq2Dj^7IxPZxlB^e6?*&=OK5|LG>JT(cQ%>yQqa5-zzao zAD-9!CI^9cQBF=#O0n+fDfxLjtizlVe6a>SKx|d?)_MuJl7Wr|@i9PUJ6RsHLCJu` z*iV|}p?PEHA>OhW{9THZk4i3C7>H2F2=P5!GGjU(oWd@2*ioVh;sGX_Qd>6~;e8h~qvItX<3 zWWpK-iU4LAM&yk$v1ZI`>{%TW(+h zsZuxLhU@@$@MuLrpQf_RAJwMQO6fSR{oPT$A`sa-Q6$QWpfFNW ze?DdY`b|{oA$TWD7+?Vj+`pVW!S;?Z@h{1Q*piueWx0 z?b{8Zr$X+SfxMdr4!cY$;Z59{b+#f?TYdz@i*C6giS;G#ILsV5oaz4Ce(-irOPCvu zQ9jx|kt`F~k>ammpzhW{S@{COu+HycPT*7!y=iD&vQQEyDRcY+%c7kH7oCwj2UwR6 z09X$~6PFpv?+>_6j`c_@y~NntC!y)3u{#=*->y!D`lpfFCH?L(w-tw)(GJF>n?OrV zC_BpPbaHaML>r<1&z!3sFpYZ>TULT~1=T#}Zra!sR=ku7RG7Kq)b#<|Nv?c)YrVbi zsFMrUoLBmLYaE2D=1lAXut1BBK|vL>WWvq4*1P7rCq`e*>*k2UX>u-wnFaCbzt282 zyoqdGkWqnE-i5%j$JGx3QFL17sJ(#%X}pmII;j0arujOmR{M=52&$1afcx=ilbYKP z7C#-beoR=|Enw{`b?fIrv;kFwEc-y3X$q`WXZ7YAkI@u4`DIS+=LNup3xpp+ufXRfh>5lWhCm1iE?W<8pZr(G`n z5P1?#l4e+Z$t6}wj)`=@14UhNQyp8+iw{&qt`yUJP)iVv+9N?^Wu5xK1wE5KHokn{ zA-mk6p1x!VLZ2 zwwj`Xd~)4Od(|#KDAFmfJUh@WUlX>ylvg98zZgMYzWKYah{$oY9jW+8!KL>Uk_w^+ zM#G;=h(H1}Wz7gVC!S}OY+37PG7EX2(Go|T2hkd>Z;hMDC*?YxF81~kU>jLh`L?Ci|U>(OR{BD1+69ch}^aZpyGb2M2+TL4Vet4&TKry`exhED<94i72 zjSXq}bkr@=xq`btSC7nJ_<5sr#O8x0sqT>#^}(1Izt7IF`<;^3FjkMziJjQL1J~~m zU>U(#X6wDLMGMP?O``PIAr)bLO3nbmMT+AWTVuV?9bbu8d6*Ll*$SZEY+xRkW9iW? zuNotQY8md~Yvh#DuB@-`HfBqxY+F}VC@s|u?3ZKWz{(5fP3M|6WMC0QsWJDtX>fw3 z!wi^PiVN`YWcw=7T+Dl+uAgExKxZL z305}UsO?|qBZNskc%X|q6>y+9-^Jb2Mc`j%7t(z3_i{-wplsZrpX6&q;9;iM^yi^grS5Q>S)I4^KB^ePv}MQ#-@r3jIfrSo{5G z2J|2=MXhXj^peO{>CxT({wY%W6R+8mAMw)bKaYmK)&e=^oX|U_FU#ukZ`i7$>UG^Q zsi?TIusj0vc|ZMHCG$$bTtv7rW&qv0GKHbc3 z$YLwEOuVy?8x~y&SkSldw6wG)6+b>nzt0!&(D!><#7R|K!C$PE5Yo}lc9X3<;6BMj z>YFrc5(oK)))`%k`WOr?a?2%m^)t>Tp(k0E1}|gAkS_m~^$=`ZN{ANhd}}NW&oO%V zrysxokR)l0M1+hnf<+J!fN^nm_a)s=Y9@e1B=(fay+w#rgy4N|-URusG&5-)4W@5t zRb^`sk6X6toMb$@GMAo@JvUN4$Ac8U>J;zXuasQ&=-Ls*b(uLG``CqnYZM#hQ_yCM z8_amcw7Y)w3ANDeDRm8&KU&SLw3N&JJ2N zFZC~^Lk|z6GmxS%Qt>+c%aNnVPQwEy?nCXZ3l!EIjzr{C+9luF7WL9d;J~JgE+yW4 z->eVVmSm<#QTViGTkPppgH$ynR7b-p0?TD?2FB48G+-b9&g=2HkE)R*%Z8vg4H=6q z3=^T50qo|r`37+nwNOQ>95gfJp^c2riGn=7l0M=WC$;ALmHtLK-x&y26-^jRE!V;H z??CF+=93r9ad=)mmkx;7M}n@K5Mu-F2V=*LTl?-2y}p^0zr^ij_*Xkz}9hg8Tt&Y~t1Q)=v_Cg`W~=XkMu^biEK zJ~pw`L6wx=yqM3$AA4AfSkp-jZ#P*_TI96;p)1P`uRhN2vr3dFtG8szytd@drZjjL zavD2!;HvFhY|8kwvG-sXhl9=E#HAr=QsIXTz+ttcsy)mQfOO(AmBr-jNSkBR$2cjA* zEzulEs+6rVILXh5!)W-d6EV}dS}wmY8>Z@R%uZ_w=r8f8m#&XpfD&J(LFpjW!{BXdI) z0Wr(C4IS)^+iakifV?pdt}CvJihQxZ%%#jLv!kKg?QMR|P|82Ki&_ zVFYk-;2+xIK>N@J_He-zKID?^90-q4veNE=LzFdLpBm!ljmP?)ZVB9VK(-vHIy|qf%_Gf;=;kG4&)#i z6sXTX?bj{u1$WA64=^-mAUFtt`an{K^#srizJ0%^{t!l5_>j7{V|$FYW_thSB1pEM zj*(X!Z_XKj*o*4?DA?i6RO+B8`lPiTelUQ8^^aO(g+3_eB zjLD)3A%!#cK*2%U%dxd60r1pxsvCn*hnO)>)ylroJ0D7Nr>jAVp2dC@prj+*XS~&x z&2kj?tMpAt%~~uj?GmSKP$hLhBqm?PoduH&4&6^DN~m;#L$EkUtRgA|$KTW9wTpM**e{#R*}73~88{Q}_F;Y#$BohCR0sj-%Eg!ui-}rKJOH zJ^_6U1qx!w0enWy@I4|`O-GG+WimE{sE61{jJ-bZQP%TQNm}VPf=?uo0iwx!4UIZ) zGZvBSu9HT5SyK&O?Ut|u~}LvssN-GQ4+Sv6MN#{KX{HfZm_s^`&Y4J1H1%brX zRZ&e`5ND$+s^&vK{_C7{dDfdAPTK<>l+PLez72rx;FHh~{ncLR;mB%(4=_H>$W4;m z$~KIVt#L-1rt4D`gv|$yRlvYT%;|rV^EB>^Ui^yzwSxV}u`mHXUMEwgIPM+*dvJR5 zI)g2SnyftEpH@Hzze;8D^Z>@-;A6P?163;mDC`eZUCOF&{(77#>6oOl}Kf4rbpunG-F zjrI=ng%_gM^GI)R!HZVYZ)ArTu z>3Wvq@a2D2k7Yf!iu+u|GrT;;i)Gx+Y{K*NU@}?d4%>rCd*%hId_yrNi4QQ+ zy@6lKZvNA0rUyT6qD&qTjCXv+ZYzb^wRaMwKJ1i1qAXLh)@yoBZjG6$Ro#T7YH3%f zAB59E6{;nKBqar5x)fF{P_B{$pT~D4b_i=Gngn$|a#y z?SrrIe%*O#Ef3KgkygTta={QlV3pG<0S&H)6iU4_{yUYxB8^tpcbFG?ozU0<2TOwU zgf`@;4YyGh+s^4HugsmTyv~Y@@&dz32o8vlG4NSDB*y||bh-ksFBJs1*#M1G zp%6U8p;V%{PhI3JH!!pR4f6;bg4;JXd_|HF>e~iLH?=}H;E&#;PB$zV1qu)7%*_Zu zVO=V+2i|E9XnPVIA5jV zITw+3KPYff9MF|i{{S(@_o>}*JZ2jo7X_(-6-@2`f=rN6NF3zDYem(;PcnS0NiTiD zE^ubBf<5FgJ_hN6vqH%K?b$+mn?>Tdv@_*w^%@`}P2x3fY@yKSLEjvT+ZSd`%>!~cC0Tsa|4$;(b_ zXuVyB=3~0{Xa-5w{!9sRPW~M?xzDqFNGJvi7Xc_32)$jTR&KPY- zK2WsfqN(>~i|z}GKS;zx0UEd(YuWCcYlqJ@LgWKqWVxa+i6CD=n|{x5`~&XV9}OE)3$Bfwr$(C z?MmCWZKKk*ZB*JuXGhOEe#9TX@qL4H?p=HBna5k#d9fFuX(=nBC^5OA(8xR= z|2lC&sfR^CDKIB^y^Z%z=O(HTGkJ(EvFyDIi!7j!?J~Rb6BO9CA!&~U3zt*7U!0G4 z9?gM)cu&L5PeeF!WUKrmeROh{h^wldg;2RPs(0VI8@u~RMBi;oJzPJ_OvW-VN-~b+ zAF(|zO9IhJanLF%7|DIubbIPMq37SmsJ32wE)qiupMzHm*>H_& z*z{cEds8gbbEN)BX<`>0J{!^Rwwn1r!*&Si z4X}KL(L{N4kclNNII6H@#i(gzp*g3Bjduweret0ZxG6O-Y$ZhX&g;Qjho?F~ZJE_^ z5OFP^X47%Z9E)3+ClMEW_|_&iVFgnnzQB*NbF z50jNqYs<6zQ=^`CAsJ8{Wf?vIQBob>QBK@fTT`W6yR!MywZ?;fp=7_vR3kCR&%67l zA)CwqZ(5_WvH3j^#7^Eid-7q;eT9f@h4nkTTV;j$=;y#h(fg;c`P3jal^5Jx1E4n3 zCToF#N%?L4+%KouX+LUw``V z=lwAJSc@%NAw$lvahIe4@T|izcI%{hJQ}%}6naA?slPM7u-B8nGVPw8<2%a7)0O2Z zzg$tXE>9c=d5wo69k0-ukNEB2NXoi@kJ#XQRt7_-MK*-lz+WDSbjzk6kx-#p|8?l1 z6R9QXJvDNv(^2C!ePo8;sK&lJ8)85uzq6Fd5L|Jj))K@nGWa8>7ov{m4w#e>z)}^d z#wHdx=3wjlbrA@vg1oed}T|4jq0?>eU=}4m!cXx!iz9CIZ zObVn1YZpXASqxHO;Q0oo#!*fFr5WK!udz#WUyWmbFy*Tyed5!oOk6cwX|Dzv*K4lM z);`0)4LXhV6pPauLlp+J)1^?xQvgK%k{5sMN*{ytN9HbM>&K;`7jiMYYNcfqYRN8L ze>bbrfuB}Do5?Df{Xc}jM2^KA5Prr@n3o;GUU0gxR`O%3^z-?GqeM(7Rvl;1-+L7o4X;9-)07|}u#_hY9T9o0xZxxVF zAiiM`worAWgMY8?{ba1Fp1Vpm62gD=3gQI(8rHM|t5xl*#M~YRp<}Su%QMqM%r7i% zZWiG7O?b6rzc|X82E|`Jxqbbuj(%d4XN?C3_{(=&xzG?|T%VX^?`}cRYSivCDz4odV2E@s`4WQ6JuUzqJ zsA>_1aIqyUzxl_m57FXq0~W%osvt*vAg8pG!xB#tu9vudER4gORry}&z3t&0=J>Sw z;PyVA!)~v!mT+Q2)!l#;NF<)U4+HMa-m?!}S4ycTM5*3O*xT!=7@sDEFUH)j$)Gs2 zh*XA=8MA*NqebJkIoIt?-g;lXMXZHqtvS+-6&kn?S<6F0E}gdTQQVOvf1R?H;e=~V z`xlb!5v+7(&Nd=CSv@liR%pI+f@uPB&Lul7aXZQc2#17Edfd@H);Fi3bDhSJ=UUo? zd`)I_iQj}01u~mvPH|p(Fncr+L2(bNQKFy8E8B+hMmZZ-jaW7_%_joXQ^QR%Wqv>edgW89Ar)2m@QDoY^mbclY^I3A}PTcaxDXN9w zd`6maLcb%GzCd_oeF`*b$R?C|Fd!#tC#Js|ofM%})M_na_c;w3xjrzJ*a8oo*g7d* zkt_{!f46f6oZW&a{?_+pD$0y`h9hFOOo0a7_R@i=MiartJ%mjGnPiJXCIPdhYo9|e zM5kNcN7Uq*O104&i6*zsBU${>%xicCKvJ!U@PUKqW)x#ctyifO^ybgh-VeJ&74Pw` z;*8HJ_o4|?e<;$tEwqNVo$t**HAR+w)XAOeKs$<+-JB;pm)+u9K}7s)&w0Dn;iViH zw>Yi#$Dsh(B4#A?;zvJ#w5A1G5h)}Xn?2?_Y4IKvXHwNs}77gz4AYh_tkpQx9qNL=n-OHkU@jJORqy`c7Z)E7!NA95o&TgNC@FWT;#Mf#tK0-on) z`1-Scn!(^!Vvx1yU5|l3!`s4<&PQgj+!j@@^_Yc3F(#ERhiyCAh@kdRtCm}kqvp%2 z6jh%}`c+1sE)t>w1W9FEedT`ZR)-I9lMMfIna|k@TFpBN4A!ZsO91r!t)yI*)jdgp zvdM`{)OHvQ@XKj_6bkMzO+$!TIONj+-nOt*yk$y>_CxH@uVC-4EbWvkV7l-B&ZTOr z*+7-&dsEsCCzgrolu|Yr4L>fV5$N-QtP#!e3k^T&o3>NM3*sthDX6c<|i{u{7Qbi!Y4o#dICRpl&jLk?wzGbPOiRCWdW_=7$?hW7&Qf2R92+Kr4?O$i3TGGI_WSBP z#~)8si;9RW=r|@}C9eDu;`EX_xH+iL$9Jb`SFv14Q|GjTm>`KcN5>vO`!*!^*AaN) zRFv_C))!e(+G`83cWxf!50uW#vhxI%3hM8qMV2z9>3=p3Gd7OXhFOn?2!h1)5XhqZ zK*-_o$Y$)XkffC;y#SU z>XZqnKxiC%zv4oxxlv|lOjc=l)TnsYD_FcJ@od3ZOB`U6jxnQfqFD8tKLyAlfb3e8a*_&u|W5>cEgM}_{5ovkh(in zlE+g7hP~`pX;MsX(bhc;%cWnV>Yr=Ey&5pV07}4)#glZ|@l+KGK(rP5`I`4~TKm<~ zP3rK?pnUsvB5T^0CToVc!xx*`5!bWVi9LX}!S}8wgLvtrioXe`P4=8MeG?nk{n%_t zQZgKL?EQe(_9=*n-U%jba2Im~V(0KSdv`xMdUWS4EtOL5Rn1$-yzVN3XNl`QV~@o6 z7=!wb{S$%zWhht3;35`|K z1P@VSPBVCw%~y*aOp87K(_90(J zGxMWD_3;mbn#_ngL&P^neV**3*pJ!}#%u%;E!(DRAXUDJ2>Qzg@LF4=Uz^~>&m4mf zAp&qk9W3AFxvYQib2*7AIt1mzewXWbC;dW`)V?u(Bigv%V`2G~%pwajZ>&>18Hnw? z-q3*unT!~xwW~LSd}A>Tm``$gYT^FId4;t2tcxaBq48Fi_gMf~ehHaqR`x1cB{>m9fz2@ja2N{RZLtLvg0vKv4-;qd^n}4?jT$=$n_IK?w*;sS46Q#OD3upC`By> zZN`(~SKl0mWKb1fUBiK_dE1b6_;Hv~;ajI#q3;nC+WTl4313Uj23X4<0O}O#S6(-a z!v(C`o=iwWy>2m;u86eT@2RoEiSa~oD_uOf;a)jtjAweV{Vm-Oe1G;RCJ3`Q+OC7`U1I(XjpOyFL*>Q`x8 z=@GyoZ)}(;O0dh1S3<84ZsIQvnx%$hf*gOm^I)!UW?|Gu)T`Bz=uKtj7VR7T`ZfmS zRTnYRbT9+pZNa^~B0wwYw|adZYPUmMYiPd=-H1jH)+Cr+Xi6yz1bf}z>N5uK1u;v3 z=2JhS7~rei(a9$H3KXHTgNwaT;k<>!=hL1n`$21O%_A+UeQM{NY2eF>&s)b8CGJ)T z^uNqsYo25e^0U@67Rfy*pd&j3+=sDpSMND+4EXviOMo_G4JWOK+bAGmDk?j`5n2-i zTq|7hkAMCyI|iUinkZ=FN{?(tP4UERVfiC{`Gh&2(3`UugDh<^>!^`KJ|SHCf- zb;Wwsi>+c~JC?u2vYQOy5`x^6zLA9Eh&Mxy$`ZaBDh$imLIUTSK=`4ws16P{E5-9{ zYkJ7)wp*uCHe(Myjm{v(*JkicI!Dr-f+dp8pCHywCK{O99~Pb0_g)~3gd=*pEoYQR zRoim@_#TB239d<%bCLKF)70k*HMLj6BIFmE)^?&$cm2s!!mhT#W8k<0)CTb~4->E&ILG!imE@Mu4uzcEAgPw*fF2m6 zF_yCZJ2iVps=zmMI7&S_&YEcbYcZc`?pw|~o||YUS{;>TAb_r1U*L)s%Y&tx(T11a zCI~;}i!8EE>jbKBgGM=I>6v>JGT)s^-{wZkxDWLJGSf4-BH$GJT|~je6Pd+#jS?-( zf0WvMwn?eX=eYj>(z@HjQ3v7Z%P_E}lH^Ygg6KmjT@AfdR#o~*;bfj{CdfAo@?oG5 zVO+rzN`zjrV#0e9Vlp&1I0Nh($HGiV3Ol!f;yW{~Tn_}k987yKB81;EI(&v#ZXOK_ zKO)}=uU7^_;=Y+H*BhOVA{HT>jys8_Y;>5|AN%N=rlVfY;43@H`X#_sa3=xlZI1qa zp9ls@QV&RJgpUqL3y-@G9C1!2+b)(AzB4doySk5*m<(^K<*X(+bj`g`43QR;4ziju zAt;h47~|ZHx}q!OLKzkF5Ufo)rMB4X#ub#7pH+|vem;f7_C-j!wI=)N9tAPTO_^!y z(SMSod|I|OXisQ98V+FxbM)g*O(v&|R`FJM9V^0XS3J<*(;0D)mpw*!Sf&2@UcFo% zTZ^!&Wm~)M8FWoPi=+SecX>eb?~-a}R;*t_!k|6Q*@WVHWBdJTq$9|lmVz8Md&#A* zzJArFCUIQDddYP}Ncj!{u?%$a;?48uZPmx@KHCVnvm6TrKh#Du(gzVx@n6@MQ7BFGX$KGI=^R^>G+VWyIz_LP68yBD+(M0>?*`HLY)r!e|Zj|gpY5mh$>2s#hQ~Zh(BSD zNqI^*F8uo0HIH(Dt}Z;9C7%UJq>h%KL1fDBGv1c5_bdG7mIvDcEzK<7P>I!Z&6wz* zDY9%?UMk7v1CLzXA#9kJvS~Q+Cw2*)ahpnG0H(vEFO+9tXZ zB~GUNf0Vz(3GvSx0I4R`HdGp4)C1+bO><-tCIzqcx_E0~gJsjIfag^?fJMW$^KyL3CTF9wo3h|U|U8|9-3=r%EPXwxvt~M#LU(P^pPq268Vwu zA+I>V=TqW>VXNjfm|chMb8q%X#M$ze$ThBGZe#3z1sW)G3-h zdH}n>eRJMiru$`34F^3i)IKLM2L3ZI00J8gZ*bTK_vsOXn{<O5}^&%>e* zM~kX3uH0ozgJU4SHgSPndE~*4JW*ShOYrN9;{lw87jTq4BtG7&diK#lC&qj-sAR+u z8FD)ge>DeTI*mR+?kS$=yNsxrelE?x(^}r@ZIvJd9^Gv8Mn07&y%d7+;M^I|1$_Mi zDh5+o%yq6p`3B>$-Q6O4C~tp(Da@fCyx^YRr)k$eVMMmT=K81P!sgRvJ57 z2I6{3JRdeBfFhLbE;rsM(nG8nAm_XF)JZ^ zf7d|GAuoAhuFepG?`Ak$r48$V0AE!0kS(kmt(rd+C$^AI%DWdaLUuR@`J)wAr0Q?g zMm{)ut4DSwx*coKi2G&VdU~f=8x%8t+EtIEn<8c&1pmTCFO?_nRo{X)!#M(JG%+4Y z;9kebw523ha}_R-dW_hWZZp!dwMBB8811s*TxOk2)@A%9`G@kxi&za7lIgYr9qrxU zX`}$e%!4v{BeTy&QiUxp((GKK>TyI6H@}go?L@ejxZ`Z8)9(A&A@cYbecgffgxYx_ zTxLx^OxgDOVgKDJ@G%Op;oqBVi8|}t_coowvN4T|K3~;INFoo~uGQXl3VorbZLr() zW5de@B4Tvzz=ulVIxP_2^cp1HHuzqNX*=NnT#?>^MV)p|_A0RmTJym?4^QukVvps` zS;n3~Z@DJuGuBMK6WNHTd;e*dq-!)YV=+RsTt~p=?W^1MOz4abhvOGGYW+nNJ>MXd zom>lXAXhGlMWMx1Sqt1x9>ZD4&0(CD$)QDd+;h1kzHj4>?uT*EfwXCRvcIq*Qez}= zL^QbA(?nvH3-)KZyMso8!-s=9<*sv+WoUCV*6X8Q3kPBgh9#X(D2u2L51BDox{Qr{ z0$vp)fsHR`RBaZYCjoDm%As-38J0UlteZ%#HPu$LJ#&kSh1(-7)D%)&$v(K^0y3I80+M^l)!TEp}wVknbh9Huo3bE;Fi{KO7k z5bz-YJCrC$ZPU8ZGKwy+^vGYlvGA_6*PRBpJ9R=~54lnV;A~qR zeW)zw6K49O@-L2_#ae+kPX^B%Ni$XyeY;JO|^Qx5?P>A;8+Pu80CQ0vQlV= zl=FFJ2v87Bnycv?Xt{qkq~1Rxez7 zG|^`_rjM=?G+PtsHyK}k;yOn#D=AtCHL%ByA9Mw2U=S1l000Pp2pdOrxZG~)(qA%` z`#+Mg|KDdTVrpjSYU4u7YQ)6Az-(wnYr9YUrSEig0_+KR zSV3}GD<{GSjq(je*q7;t5HbiH2n@*3_PQSmXy43c@O?M)s*e>Lf&wC!@o&cbIL6;I zGrM!6o1>{SgX<%kf0sr!r$9mWHrG>QBjcbzKnE``1PU=~z88flCVXr$0HB1DAj@AE z@urDd6jv8t?PKtCdg0Lk^|4ISV+%8#p}6-!fuH7JAV+;KKc>tv?ERX0%WX=#aC$$< z3O_f< zdS1FCW;hf<60(YL-};laDe{~B)geK@)AX`xOuy;goxtR2>tc(P)rxx;n@J_+*OmC4ciJsVq2UuA%T_=!$xp`Pmx+78MhepM@N zd08w?dZWGe#8{eHnguskngTY6vnW3Zqjj>KyR<0O>krW|&0Mws@%o}%P>H+9qvXX# zI=bR$EQ3gwj8=7El}944@Cj8$kSMF^F~_#(9<_EynP8G5cc@@?Dk}7;{Ss_`10t&o z{_kB^*4dn1yus}>6Bx4aap=ni0lYRnsd24Ar_{PMQMK4>@r!a=>exm3rwt56=|jCg=6N;D0jB(^7NYqi8h+kAYc?=|ZG z@K7btOMI$T(bt^9lUlpggJOIp5N5%yKnjJw|BJGwY_=gN7XQZN7&qcofwD!-@adoq zcB$6iA12naWh^Kae-W&7-^8N9(@i&p@pR7gxhH(nN8bDGNHO;-J<2r8iNsn>h&V{~ z7XW1|k|U3A-!WVVb3C2Rl6mzQV(CnAyn2XbxoSsjv)GFSr2+K^YlnEJW;*0k9m!)J$JG$Ni zI@m3*2p^eyaj+Zcx79g}YZs*<1p(h|&Ir%gKPZ%4!9bx0i&JZ}6XitrPSacI#hEXE z_H3#Vx%Gw|EZK8&DPPyb3>#g*P~u@@1}w-h@H{#0{*ViylZvbOCCM=FU*n=-?iE5Y z-`9=;6#dJA^l9nr1`3?AM2P`sloUatSXT`yJj=cHKFig_TqYh4;4~e^O2yazp>LdN z;n7uBh0T}7Gm&2ovyaACG%^YGk=e@^I2W(G8!mjJ3y%=qfEr$mJ?c#${(CUg;k8-gv0gW1lYW4hMVd){QuAJNNaPVh!X2@O+A zEitUW7{|4a%~C9o^T zJ-IT6J)JLI^%y8lOKVx&0E8fZ*o(`+3f#OlOw7inb>WGN4eB$PBG1bvE>F2dAK77A zlSYXW-xPL+tz!s8(Y8)WS?~|`G@mm=$D>0BTxTk<{i;-|8aat2@@$YK|GZHT6a>8A zg5qN!<;uf*Cwk_Ldj+V6@ahu|{^MJxL%Cu>nb$_YM3Znf`I3sq~5= zPseeLhRDC(P(@;#;-Y-JB5l2SlQl(Ot*n!ZZ(YDVs!e5nichxe86|ok;LCSu2H}B( zM<*5!7IVwl`GMog(GKC?U7nZZC$S`LQmIMcmw2Q4dLv5ifdhJ=IO zz#U1rw}ct}Yz-gxItlboWayne&%V6gXjpcFV(e%*N^*Nj4c9y{q`SRR8M3Ps+5^UE zKBDv@XC2lXrRRQm2iPhJDOLOv9vIl2AyJ>>K(<}SDcJ5dY);OX2(Ed1j2nORozTQ` z1gu5jCNMyZiMtbSQ?;@wiTv%Id-gWNht;9<6z3Oi&`;iwbz)6=`RZ;=?88%ID6fMo zhMOu|Srh9;JRf+ajo3F)pf(h(SgD-phnTx4C+dxF&*Pn)(roSS+~cHGtb?H#6!9;H zdLJi3bWd8}U%@c}W1FvY*LcSODpq-FV?J2>&8aT>o7hNl2r@hKW2LS7sWe4%=o{uW~*qmmi?i zRda+SHtTfE^fGRaYAPuP?@EZ6F2Y|{;Oh|B%5mHZf3C}c=#>Cy(@KN>NAEDzuj-iu zNsUtIP6@#e0%9qFn$m6QY$$`-mQClY!rYqBe#JH(FeVKdb9DUVuimxLx0#JJdOS${ z{66f|;$^QAI*)>*HuTU$Y;6`_G+mc-ThhvCuD#o-$0AuqO;i24+DUOUJ{X(;so|n@ z)_W23D;0FDMv3<}s$lO#h(;73tlW9gBVTc5m1h0YMsYO*eO3HXLLr%+x?!{}y+2UB zq2o2}29>AueukO3_X#W96oR)N z9M35O{YN7}B*_b3^Nl0WQ0VtDv6oBLEUxH(dmRWDPQsRPVtwbEOt{U03ggOOg0Owi zoKBjwgAu;GDJc2qSb~KI~~hOE2fK+qp&2mMwR0_Ol%6`peZccGw2%JW>()7U9q(`WBK9 z`|7hltk0FDMU{QQa}Y0*-w`%F?0G$wNH%3B z1SvqY`n`mCKA6CkUlP-49alw+Ia`|vbr+P^z#!TEvt1J+cxsLDN85Tp(+YfHoIlK} z0SW+jI`dz=H+wk;|kCW(4Jyb10UIs z#`9?FZ}BcG^Tr5BUguP#`vAmV0{4=RAIqG zfx&!WK)7sHvTI&}D9DZm{AlZxP$)RZ&}N9^IIH_-Q>C3v{L-xI74iG{UKVxRHL>@m zwd2Lb^+zryg@k;unpIYleM-As3^e-x9An!MyE0h+p_7UYZ*}AKz6mQ$kQP~SLlR|P$9z>d|v0?n1LpxsYC`Krs&qLIe z8bU?wY+S(AOoS$bR8V`E)Tfw{n={e9D;`n8#9M_vETlh3BNFNPfFL0ecy~@ zq~~0k>)L|vCV1I09i z!J+NXP7oXd3#X6Vy3Lb-^pY`ofN4*t)zhlXPu6x+%^FAUEA}M$hq)98rDZV?Or-yr zbe)(NQ&Bg3SDo#Ot7NKP7S1i7AnaBmRv9D?4)f1gSP1>+IjACV3pY>Wv7q^2U=qL` zOW3Ma2i~Mz6s{8%fqt0PUVab7$I>xvu{C%?H9?^qKc^G6XU-^+}}Q2ukGQ$tkE!c>g)d0|Ux)lxI}~U%35<0}_xE_mNji zY7W)WRSomqMd*Z+-kFVnHY8KrS|CU&+9U88 z79tcAi3?@cytoQAA)+vhKK&G&nJ_mY8Az zukpaoYU%GzQg=39ecOj~In5A(_ie(@B^#v3&^+FiJaCP&wGa`}Y?a-<Mm~B&#Y0 zW0_Ln#csSV(kr(Wn;NKnBQ(q;Dr;tQ3}-b9WbW6o9lr#1X?f{wJ9G^2q%lVhOO`tAmTr zUk9zmcitN)*iHotSy%xfLUh62zh*rjyc)J&Rg4EJIKtj!Lgmlk`=@GraNuQprVM9# zVjvx2);Q4j6q@Ti%AVt|mj9-Y86MS^W5X-{WmD2g=3u1}64?`5a3qE`F%zSCSX`N; zjH<9lBh4p?ea+y5u4oQv>fqf2g{7@M8CVgfs-sJMCA3V?Ii2t7*ZQe^&o{Rud@z!O zV$^!K%P_pCaIWkX+BZMzM8hL3d$tue32*8oNS6Epk-wwG^`@i?OMN>tCHY{>%0JS~ zO-U#)F2mS*>%*%0B&6V$AS!-XY=;rLM+H?#ljoWG2g-XXO(vSRD#IQ*$^m& zlrS9gGe~cy;Zk3cG=kFI#W``6e@pE&!lF9O?*WtqDs=kX$Id)JZ1i`fB-3Jy5H&8sja}PT*ff zW>^crbR1H5sz%Qb(x)I3#&DR@M)%ZiQRjt8^geZ~Yp}Bs3{zfuKIHm~tGm&-o@e|m zmDbC)Dk*MBf~VpiKO%8N;zeoWv9tnf1(O~T^E|=Oab`H}H=9R%rvdC2#~`k*6rsom zAGqNnh!>>BhCXOf;}eUgOlm(B-D%2JzQ+L_U3trtCIGPI*Dfwh_*Ne8we)l1H#3Sg zrVBEc5Wa~~iWa+RhGsd`zC3wIwPQj3fS3hVQd}b$tVumfEgV`_3-+HIJuC_ghz5Oq zw@Jl0g0CLlcU~5I2d-{?2XVSD%ZTTMrSr5Fk;>46@vzrI4NL2#m*qPTBZD6(Zz&oc zpN`V#%4m}k1lSlhW0uiGv1~;la&uuK))KFd2KOT#jmUT5Sz)U>$AnO;xR@7zVc^0y zi@b%}dG4qfX6ReAwcU+k#G_)#m>dQ2dcnMoU#6Hgq06-L%x^DH6Z-4RW zpJ=&iG0n#|yK=|yvD;b4FngK)>)B#O!;W{t%P2h6)g@eP=DKTN zyUDA+IV9A(%c-DP9cl%V>BWl!=5|*MwC_yRlP7TP&GO_SrY&ztm(eZSEi+$#gJ*g% zd}k2|lb|9xVEGqZl^br(%xzr5JPR|ZF8^D$8Ru~3Yi9JkZ zgY;xfl=qWQyoWT=yZIw6UL`awnqaIHa0o21h2CX?Tjk8kf)pt}UOd5UPEebg#E@aO z8kPBJRQepDIO|IJ@6#yX-ewFGQE(0FCAkCyFb$zedH+e!^5K=_ssi?XU`mo+uLNnp zdC_2El1TvmL~d$*-hl_g5dV~?cmolh7LE1x>_|@q$%QOF=h7;2tR9j;=u)BMO=`&T z=py?_tK>drOhoh2!k-TAfP%!T9iP`QAe#c&v#b+>bIdPV;&v2ld1Y0ZOV{jO1fbm1 z%}&7C>ljOC>%@1-PtEna3Y|sUcL0JtX9CU6DSY5YAig3gqxd-rE6Lm&%E?2Yfj*Hk zrQ~N7f3yo|g!;UJ`~C?M7}Gc_vy%d$JFU-66)i%IoA}|0t`;1ptL=yBeLVHp`4C~5 zS-zS!{f^EgKn^n5Zl0bb3S^RAmo(|Ba!dDMC%TpxQ`j;5nzj-zw&N?H$ z3Qt6BA?r|FYJ2zT92 zoa;y}TWZSb*XH*yPaj1LTQ4cp$eL;$tz$|+a$7NBZ+O#h$^e6BJ(eX3+5mo!r9c{ zU22i27twSY&x-+fg#+GFRtZ*yjUjyV>>VKhOm1Oo`Q@ZBoAiHdbbkWqmbu$7R}LZ? zVZu?*+OL`yPO*Fr>^vrxxyN+@Jv3y{VO(B8YbtS7g0RHko!QI|_XfX~0B;bVL(CEQ zPx-1Yp;-10TvH8iELIwmoOl8HqCZ*h&>u`UFn~VgoS`^ai-HLcoH;^HYCLmWI@)WM zT_3hjUSZbp!2c;4F_#48(V)V}iD&{O0r6g4YF(2)AX0ketBZ<{Zfef8xFW7Eyd|NL zU(ln^Y2+YNGD?yyxH?h+39$kKyKYkYZU-Yh9Rs(1_z^}Fa?$<5&vtk;Kn9ba)X>2b zo%75M+uussA!}(N8JQ0(S6Wa$OwS4bZu-a&exIk$c)NWX3<8e@y>DpC@UZMrjSlk>QnpXN^`QT%3#Md6-&RMHw*9=vvca!B|6$@^YAVp8Ro`2FCJyf!ZAQZIr+D#WgP1iwNGgG z=RrYmZ?JocobeA=tV(DXm?_07Bk5PQybLTp=0)m#ksYAe^qu)B1RBTYtyHYb*J~wF zI~1ide}S|q6!~+|j%z#|y+6`njD&#Eh#v$kKU2shr&=3Fp-dTLdjUb&9J0ACg8~Hy zmk2hrdX)Ol2#)}L%g`li@y@si*C&wiV_1CCym@oGk1aN~MVMf40FCI-9e#vCzDeOp z;2LKx+-LI?4~RbRwDnwwa&^hHF(2#^Uh;ye-uNYt3iAWP$a?&=yQW&@ENWGy&wS9? z3vV{L4fO?VP5)S`6~V+#Te1gq0x31w(Re3&mR{+>gvoGWSjeQ#b{|>%_g&zUA3*uB zBlUxZMuU(u=##i*{CA+Q(}b}3l?VG**T6;l2sDmgfG9+-0NOo#wVLJJ_h z!0Eih-4X}B7wC)`Sp)3|vQi>I@sU-#83K555Vaji7drqUuAHLEnmv&@+|7hKXXYG7 zJV=i^h$W=+Ld*04C8y{PxbEslyHC1C4)xir^6b%`13tHkBoT@3nrTQjLanu+AfVq0 zON!t)iGW<~6*c3KoS{*uVQNShXAv}K#o|$~KD0Hd@b%=_AjORabDTa02 zS6954NqlCC6a&cUplZYi%V&1Kx{g?8l!uuCSwSV$OkfPPKl$f#5heSrObfcN)oGAl zh3xZ92e`h92Eray{GMIJ{zv7K|mhv?W%!vV9X9y^9gWqWQhJ!qS8{v#ubf2E#UvTSqFI|v2HWkb#@oeGl=PEuK zm*<(Jg>nTV0+b@udW_3NDVjVsO1*n-`4|=A$1FoRmSuz`c3_@t<)}4PeA3mfzm2PI z($%7jt1bKP(LEw1iOZ7PQ+0L(I?~`5g(e!l>;x^58w9@Bm9Sag76tl9TL`(7gpoHa z{9g9pV0diK1Fe*8(7qN$nPB*rww7bdXG0cJJ{C zi!p!L5Wc2XaAnt++#E(9+)Z*S2u|I*`dXg++k>t-K2t`(SyNOPIKsoH;m*wi1{)N+ zDw%#CSx2u_nJ;Mv(z7vH3O){}@xywZ$ADCjLx;o*`8;uVcxPa_h(KMwR`te=Jkp;^yu=JRo<~mX+AxRp16navpqss)-}d^u#!r; zk+6hH$!MdG54-kN9yjU7B1NCbH!I7{uYDh39uwzue0(=57@MMrN5}bUXafOG2;#D! zaDgnt$FJt){4|Vti{w|<%Jn@9k*?3PN?~EY!F3T1$+q(SMXGgIBI^3eZ(`{tXBb`= z_WQvtBE6c>Z5E4;S}jJPNOZg z!GrXI*!aW!r9lysi!=t#<14k#ou0>+@DJ(SQ1aIdfDn{T4Zay7rbwmw2OKq=p3DpW zuZ_DG9=<+?zcCkWz;jr9B!7a72TcXHbGuZ)l>LYoWVj0YB!$dVDLv?+=c8HX42j#eL0_7EMZrCipc6>qVrS!|C~S4vSoZ-` z>EA+Gj-I$40D;%bL@ik1j7|eMcfojgY*16C@~}M)JcJt?#$VJVo+6g*%uE+WANh;w zsk}VWhD|buN^&>Gjr{w3yic~tA&>0JHf$XvnV@bMX^UIPIQ2=<9gnta`Ese1PGUQzokRl%oXEE8gVLKtrMM2Dt}nsm}sl<&bMxOP*du?hGQ z!j9Q}PJNM&2lqp-K-B|W!a13(WsgO#k0gKoMO2I~S?esTo%OFn8V*EztG#G!`{NKpl(>t7^I*cd$!xk~D zHCNhKw)l(XdCaprgLG-a<*hc_7f~ucc|dlo+0jM)_(J_7chiDX0A(5KcmJhwd;tui#o2h*id`f{oc@z>##Yg ztLfk6U1pYMdMST8&5qhrYA3z{E`7paBkSOiab;yEs$K})>0NI))hhssb1FhVFd5Ujq_En8jCm_iO)tQ>yl%3d64GA z_gXvH1;2jm6P9VHNTmbgR0zR zDD%?j>>V0+p6z@LL*mo$25D4o=ef0|g(#lXQDRzd4Np6e7+XcK$3GCi5R^YZ&&4xx)8fwmH{yXy* zd;{0gLSp72tNV#i46->kY-s>41Ld7&7$b+S;tnq5y`uQMg#BC|XXFbxy6Gi4sZonx zOXnJ?wilCIm2FW9^8q0t>Sn&Q_si?m)Wwj@zfp>r!HI#m&5O0{O@RNVMnMBz_kZut)N8I>hSzBm!p{32 z!phB^mJG>VKfGP%IxkME zYmMEa-M9Oo9HA{H06^0>cH|VtMRZvuV}2IZssSilLp88CJ{HAv%`Gkvws_t)R`kOj z7L?F#M`;~<*&mJ%vcBf6fKvdc{-|ft>>J*ZDCRSIplnAlk3HI?{$@d;umrW+vS*E7 zLSv;m*WJAc)8Pg!?H0?fHfyWtwjGN*m(rCS#q2`gYb2fdQ}Ig`Lx!eY zWzfUG2}WQpjs_aE|B%X1?+RVQHz>j2RGpe+?bGn_Kev^!;3;Iur%LP6wv}i`$@waz zvXpk$-B=z~-!AdAMicxs$!Xh0kUaJMn$knZ_`&FVok^|F1QF&NkmW2*d^O5Bs<@XE zODSfhZXyZ9C-T*W-Ait8cZ0fSM*IN=at@-um9Q!auy=XH$a-o>e<_IH0DGCykUL=u zw}ZQ+jhM6pcRpC~l=p@T zQ(POplG%A7+JEQ7m^qK`P`h5ER-gzF)GKTS-z}E;9kpl5LPNakL&}gk4}1CtXEcpP zeu_G;Sr`J^Dmq|QcizW3g>TiG)o0y>`h>hBphRVRQ^Fl@HC1rIGyQ!uPPY29&p7QU zECyLzXX>`8mK-nbaSE&j^qWUS9cXe+AYcVG^T=x#kuiGC7h_=W zIsAUp7Xa|XL+RFRgpT5RY(+WAYxKusT-tu8=mu5-sBs~u>k@qa6~YiM|MgA>`t zTfwsXUUtR{y%9J-PB4EeUpd&Y63{IlVu9de&dtL1`U zhOtr!36;7Rc#U8I1~v}eMeZT>sIN{1vzV5!qc~iCymq0I4lXv{SE>$0gB3E~lB5wp zzH4ppN?nRH6tH(+)A3jR8H*CZ;JDRQ0b$qpDR(&>gZJKp?%^+I)!sWng-DO>OXjMo z)mFcUL@CGYzlS0sAy~I~JfBI|)Pa)(8Oamy?ywzG#0Rb>c|sGcO&V5-Z}|U7${HA! z9asO7vO@niQkMSzIAj@VjBIT5{x>OW%4}+E%*x6{^Lt=I!^~)GL}SQd%=pX9va_?Y zGqW1A($oKcNm=bh+Fw%kN_ML3ziHWDo$LayP0oL4+3a?+?i*sVo3{T&%3l1EvalfW zx7bz{kM3rAVm-;b?KtJY{<{JG0sO0J9(DfwtypXIpLSF4JuFoJA!Xykpo1FX!Gk)| z|5gMwKnE41H$)~!R>XJxx`5-;p@FHu$si!acYA_%ag)+3SYC8HHHz3l1Q+;Qn94-a zi6#`LFyjMIrU`dyYjQ97g@8r7$yD4DRw;pT_)`y*+aSR1`5N%?f4qKrZkKSA#9+Lq zC$pug1+28Azr29H`0&_Dk>D(x#Ts*PbTPyaelq}vM3E@zB#i@J(mSVjrFy&o<)PBWJ+s?BHF zC|`kON|88O7N&|kw)3&l7Q7J&f)j1%U5oLT_UG|(GjM=Zi7Ciz_VaQ;?qc;lQ;DNQ zb>gLfq+l?=2&lxZ71zrrK2&_=FIue)c-|` zfq`I_CperC&PPu=4$C2@K3-VYJN%pI|MbaZTma1?iX*IuOKxMr84KqvX|p*3u+pgO zfVJq#0p9-I3A$-n&KDLfD-*bod@YE?hr3e2bNFV~6k^q~&s$g9{oZs<=m;o%1A>7T z9_=xf#Dsk39-h9u4srApzvORQ5Gu!ef0CZv55*zjF|ea3shi^qB?nqCSP!5?*|NisiutOZyF+tomgCIsIk0F`s-mfLfg@(1q^bVRa zapWi^%}OPbgo9?_Ok#s{#?}#w@>*bze)t0pvJ7t->-iA}5uM2w6uSw-H-FTA(yj+= zM|avKV7aL{Pfv~STkGy;5NooIs!cJTPH-8do1)0dPJkUBb-JR8A4w$3ta*_=J=t96 z!DM7lD!UMJ=YmCbD~HcY6T zczu%X>@gdkb<={phSj z7lzOXtAcKyX(5fk8iRgH0ZXS9c3(L1aa!2mGHu^6+@9N<4)^C!%-y?1x2>+?Omc|wmt9e4+cuJZBDWuhrRtcbq<*H zkhKsP2)8LwF;~bOi*Q|0kB9^nT&2~|NQ2Jz-q&!z43yvCP%L1+?oI|rkp2+ch;uA?NV;+{2={id0xw;2({ zC`t(62fi%GMrEb~adLl)Z*J*fnY-hZrc7y%%vE&!*ncc8Bg-I^m_gu)6_A5~%m z1nfXCG|X*_@kucNjd^j{@;xL$)Obr5Mo(;wr&HiUvV6?@u8V6dQz*j*(;-&QO;fZS z95W6Ld{U<|g z{YdeD#{h)B9bj;&4Y3f>&(nt2Vt2fS;3Z#??nsJ(G}qLR?>hS%`D{R>fdQ$3J(;&H z2(K#RPWj;9SEn+ozNW+iXq&U)l)W@6tW-(<}eXKT1>997Nop2 z9S5WQb(>OZYTOz`-!+)MwY!qsf`Y+t8>fzsk`)0u2Ehiw%v0WxF0Ldntb4o>hC;qR zdDIsi;_tjC$5yS`VY=adq8KebRt4fYg$biVJy1}q?h#1lIXgp-nr1jV{RxJIm$DSJ zRara63X~Kb+GkjQgW7F%lt0hSKJsKZS1!#Tm#J%0&S@Oj0S)m_HiG0V<{HMJK!mHl zS1Lyv)|t0UV-5U`-WVRn8+~SS(Tn%R7AMC(4j~!M?7S{Hzb0B`Kf+>NA`*CnNEPJc z|3L)RK8>XaJZS+l8v#!}0!2Rh~&)H`UMSRRt+PADpKhp3Zdrr+<6caTCYwd}9pEHQ-AqxQZxPR3B2zE^ zm2R%&uI;^r`NQ(>g3JH%QMMqB1QtCBjR|h&iGlxO>7(+Np|CL6R!8*G_{4MFoB^*0 z`%{QD^L`_x<+0-DE9q`!L4U{yf=N4)Y6^*9*~4p*>`xsAHP#E1^1;>i2N{9X;-lCV z;Eg1p_g^D3h8xkR)xIV|CG~U`D!g2DH5M4|#18-aN;DXeR7b4a1!zw%hpe*8MOZUuniZw_r?RB^nO^3_Lgw6 zKK%-9svBZPKD%5V+7nhE*K?JQt98uS32+@jXIp@As9?|Efed2{XYdiC;Mmm z9{c+9g4L|j-uk$yd3Xo3d`PWyOZD5Q@LR(eD$*?IfZJMyUhca#W%oc>_URnHl*O_E zgj6=c9q$zGmSeb{9F*S#>JaC{0vw(J3_=gB2OOGborqhti_a=O%^CdyNjB#Xdr@C< z3aO(X)i=NR@AAD8aeuzC>%5GXbL&uVgUIQ{#+kcOEL-E1v&FJh61qPqe1>bkEb!37 z&kk%~t#iaM3t`qRb%}cjsKmOtO@oDog7ekrLHI8vl>fpVSXCe)xCsIW*UaxLToMO# z=r!WB9*!uu-^2r3B(f7sANW?YEP<(AMT;(>&kel?~+%#5eIO7DGPF0(S zCEI5pM&lLr?CV9eM53xg6Viiw;JCT!+kCd}PL?eBlW+q!RCOE5b4x~=w&Z^QNb~=U zfIl8@L5=1B*zZ0;FjknB(mGk|mhS}ICp@vsjlaQ=y}-J{`7US=;1C?Hk~YaN3oaOU zvG4={c0*gZ@_<7z5%e-^qD+`__>YPV#uB7zWdnjo>Vf+Ds|gVWZ{_|>A#rTUQ27Dc z-KG~IZyvP6nRYN77FSk&7OvJOr!kj~^4GaH==2G!Hzw}p5vGDIvr;p)m2 z=b`BgtT_^&B->h87E=q4fx22It<3OtjqYYTvR9tCd)B`ORNz7*V34Ss$n;;NfIm|& zudi2ThMXUB6)$W7dKSrz*6(s&Y1$r8trCkRoqubGm&>3TnZ!MYk_V{Z9~f0STx(8T z-C`}+Y9LSjD6lE+fz`0e&5z3&GE}Sc`9Va+AhQMpHQdwnVi4|~dj4fr*<`Wi_Qr^d zj#>%nuVZZd)TuQ&%4H&4CF8Kb@b@3jx+yuHGYBbeI2~Izxwar+?KR;zh_jE4O}`ux zyG#wlVYkSWrc8>$jQHZ8l%GH&(($VZ1$hB!53?*wgzbd0Z;ANhbel=x zVw{7}oz72D28glGXmaS4?*3Y!yaP;#rHvt8MP`$>u}UD>S3Xh-|AiLU)GMNCf9A7@ z$_2wa9_tyyQ1v_mGU?~t>x@~r!C6)7e5q)b^i<#tOJji_D18X`KxyZ}`vnB1wHNs) z&ZrV22eE01LzaYMwitL7fR=DJ6TVm&_HTgKIThOPUfo%ux`ZwW^Xckq9{hDtm11{Z zv6(V#wUO3;33Zwzr%UpqB=G_ScMc1vCp38aFwi=1WvAIO&7`3K^=rKu&0D`LtR8Db zhOGe@pv1$Y-B~@?S#57`cHo7xMIcFquCeFJprmm~iiiF%1@1MXS&JUfg~OuARom&`QRmirGa)_)L1f^8B=DH`yuC7mlAWF9rjWh2YMI}3_OSL?e`)_iS)WNtx%FY}S z)GFM=eDFFhH?ojZ1uTt@#a!VL)QqoRX969a16NKLP0={mR#C4Es*ZhO<8p-qiZSlh z*{&dWZ#&+JesJRRq@+*b7IUA-LO3ruN#*1TB_-vmWA5uT)B1zh9%QO01Vj2?;A zoH~0K%Q>x=F?VHDDCr{wr5TAqZ4ZSQWZiwCPnt3DYV{y6cu~*wcs5VBML@^DyjeXO ztRegBA*rydset;<&woq)#Tx%Maa2-d1O%s=LA~cqQpJG`PaT8x?5lu3+l^@THSXwU z<8TdPaS_rszpbn}$UEv!!0i_O!lIhaJATsrf7P<9oxK@yh8s29eo+qs?Iy(WkS6*d zS~U@to>B846gqsq17o++M5{h`pU3IGy4T6&Sx8WEa3AItG;wP+p8pi%s!0K@z&cT`y_}jf{i10_ZtMIzE+iSepFs5tOT)wtHhUtBBq+T6Rj@0 zAn3Y@03E&2Sbz-`ZC1Hq+N_>!BKIXa#(tgeoEslPWyE(bcW_D%8%PctkPXeGK9828 z+??Yi=d}SSD3EoVQj!cV6U@RuS+)vy$SeIM&9ZRQ8cg5H0`D&r+U}$DU+PLkxk(oz z#+xn5HrX%CG{0tf#^ES*%#{uTdo>6hPfsCW4{ObfLT>tn&t)Q9w{ehOp;lsDn`k5r z{>iBevj3oTsXs8J@bSQMZy5xKzvg24Ogr*AZGT18muKe;80AH`6j~VSF`fGN?~hoH zDS#-G>{3VJ%&94H+vS<}PuMsSNj*d(`vitmmo917av8NV3Qc=GVz+jrC$?_L3gpCb z7^T+!L}<*miVoEvJ!kTtXLW?li5QRJmNqmRwl@3zYFw1W>0W`kz5gz6r{=K<-CJET zUip)0MtF~DzoH@}pylENejI$z zv@F4Q_kG#_%V%Fxsi+iC1dl{rdX%4oZdN>(kR+A=_U`c2yFKpx7?~MbMa$wjk$c{> zLz?30H~|#q7gOkJAa(9G+PaX~2F0*L=%6x7>_owYE=WQekUMI$YW1}vHsu1J%6yAt z|7(ZAePI)HGz``M_q^amgd;BzY^7ef8q0Y?Q{wxGHU0exughQaCCq0d;eycaB(Zqd zB8}ZpsXeR4iCOaFL97{Jz!|hsQ2HPJg5zI+_HJ7Il6(i>HKO4bV3KqND0HUK-?n;& zQ!uUhD`^ZZai$u&E3ZG~s{2D%nO4uV1`+vu7?3Iodins_{_wgGdv3QjBPV$xQm(z=_>U=EmHQVqJDPm1iV{oCl`>W18&L=jsZx80H)nMptTCAB+a;L?iP5i zC+D@4_1|WU8E`~`*N95vEk=37+U%)13zEi(q*XBU%#QQ6R9K;_HN^FG{iURZf#&Pu zbUT;}vq&_g&Ugj{OM&UX4YYi94#b8?R0%x2S50F5=S-&{_*>j#xc4$|!LkgStN1TJ zn#fY1UM%JvhI=Y_FCxuc3BO6}-Y&3?73p=uVOMQTs-DaNB|__pLNgG+^JE)#=v zBhraEax9@F^wkH8h<_i=*JkaI=75hoj010^P{7ag*eUwyg2(AvH&cOY3{fn zi|Ax@IH}0r5U86#nJu-1gZa(_y>RN}^IuFIL$jT-Z$>6PB!AOu@hh{U32;L6*Ben@ zm(_oEH%Kar{_y9EA68-6tLIz$o}D5BM{GTs`RC5A1mOYseNq1_gEK*2(}8Qpw11?T z92O55K4hy*yF4KpufPmrBaI_<@&-}{fyHQy{?Lhmj6IRHca!7-FqduQrYct&*i%E2 zA`%i4)pvLLbj`UK1!q)Irv6Q7>o_g+# z*4vha5i5u(uS5Ps+sm3yz0A=dBn16zJqO4#J%y5X$D9AxpQM+C3!aDs5zYqq_)2#V+?U**xs-JE)Gh(3 zZ=fBSd{fp7td%4erkhH8V+p~CYWq`{1dmf%kjBc06eZJ%V^}6Sy)dvXX{GgXMZ^^` zfx9}uxBjr~XHDBfpBCHij_L4a8J0Mo0f%WN!o-Twjeo%VM!ga@l8v1`>96R+6Mg55 zpS%lQsor6v=wiB-ZIAuj@TrOvEK}a~hOdH(NB?9EPZlOSm|ko2jL&~Ro;KY^Q!;VF zpdISdBXtiiN5U(^33hPhwVj$uqLV;0a)3a{#Z67cl@9tUu%tvWxaoo|`C(qubtdp^ z{4-zvtvx{SZu-x1n6=*89D`9QtW7)}nhVPe9?rLh0@5^krsaJJSacQJ*EfW$kFq+j z#Eg3s-7Vnjgfd0zeh0d?x^cw?EahV#bz(y0kIQ0_sh1g!vNp3An0!t+BGWfCH(;El z`x{d6H}YAqaV0PWHfwW{>HH*Qogp}_*>wz`9E>N&{Xj)3lXWXQtn1ExI=07Q4ItM2 zs~-PQ=O)x!0CtEFh-*j4sBnq*SPQ%5Zhxd^tWLKLz$X0N{EC=;5Tqjwq|OX~t2nSA zq9QrP_@7*WUEjWKR;326ZdKQ8L2|rH@!LCgRUA4}11e@r8&w9EcW z9l{!!gx~;(9|-XC(q}+2y||=qX>;StWb4{fjr)Fl$BnNth*WorjlAh%@gR~W?R(J45%V7)f0do!)xsOx~9v)Q~ z3p)K8NM)&UVjk7fEw7Aav<#h$bi|^Q@h1|@m{$Tfgpz7QgLt?rnVy_Rx0doAa`?wi zvxvk>lIY1;qP%N+KsZ{naF=sqQjugcQW^akLJ%%)wA|o{xL!t#fPu`X13xp-x0WV1 ztw%{zp@;LZB#k;5YqZ7?N%A(3^Jc@FLx(RlZ~&rjbE)U&qecY0ug`#&7MeYD00(st zYY$)g#{`!t-_z@qAiqi@$>mgT&%Yhmy~I%idHQp_V}+if>W%`DFHZ8qgYR_y_gHx1 zZB|DuKU`W8rLK~S&B$=ZD#vj)50$bB^DM}uNUw@xWd%6`#A^(bf|r2+U3+p#gN~fa za)^*XKJ_c8;WNIRSd>}Y&SOLiuAbgGVfH<5>fWe1gbL0&L( zY|zblxM=$}CX-S?CwXhLBt5N6lMsqA6EvdDmV3A#J>P<>>sI@Dc6=K%0-tU;w^XZ($}G`;xsvM;WwU_bkZp!4KBg*h7nUMCxd=*e3sQH>e6r=0hs zqmAMfoRjOfIa`p}HvWtXtt-;cd<wMvDow|4R^%m^A#-VZy_`OtM}9yZA5&4S35|Z zN+vL`r;TXH_+kq9`~_wUs6yoh-u6|vcrB)p5pr{4zpvWAHI_z7Ey1|5e`O9Qmnx~c zuSosYar#9Vwtz>@l@mA`bMn&lq$YJ_QB^mHDIQy1)(pai)km~X#ns#6%M{g0uvFTSC{vn?Kv%MR^O+R@=pV_qs`tWSDS7`;Nkq zc?zbCHIe63?nS*7CEYA}q{x)6ya;CBiE(Tk$2T!dZpt>oNA2yqZyeUX+h)rpxjFd3 zdZQqC$6uleUwa|b&-Ra~G0>gwPvkIhp(Ds|nbe*S@!8t9=?tnDOmJ3j%B4Pj^NJa% z6!?D8^KW8|EAC;OMM^*B^aJg$Wk{WIV~-a_tL>Wwj@0k?rUui^!f6Tr%64gfyG3_E z-!CK562#1Zyw}cegqjyCSQuDLG84@LlQ3*tRTCgLI*#H#^`3z#S8b2B0H90o(}KXK zwbMN8tZQcYh_VDt*18dYX=~uEGJRLGaD<>fGUZ}j3dM>zM7(sx(N6;N=KWm! zVa+UOK05Md^cAdb3B2kv{_2Y!O2pf$-^ay&(%X8qS>}E)>41{zwpw_ZoQGE9*>=49 zs@DU%ko~5gTj!)_Sb;r+)s0C~g(RQ}NvATS;Ky_ z`(ej9=XV9cpj>tdMG1_|hB}M6>a2A~7{*xiWLPzJ<5Y(vze%hkRBx8le=mqO%1{)fMs67imf8xn7IC z=#!Q4wPPHte(a#CrM7phpBDM3)p7&vg3%+IpCU^FWVBt)iKXtJwGST%NPVE?kT14b z!fvFa{aV5IjlKg`sXsoniW^+=Fnt<(!i=?si9T~XjsSvIg^g`qOGwyctiqlJi0dOdtC zz$FrO0#PfD^>7hb*dS3blagsi7}M)s8n54WtSmZdLYSo*-4P@ z9ED3Ts1_)Vm&eQDtwI48&U9uRp7FJADL4a@6uTHe_YN;;!X_m+y6VU<0hlA?fLc5d z9;T1MpzIoU-}``^?Pt?;l4xdFv*C!TKW~>DgB-_fR{{Tem7U3Ed3SP436}h&fH%v_ z|D#gGGp;_4wwy=#6inyFCsx9ga!9Vn`BiwS+a(Yp#z{5b%77+%oc z@DnQ70{O{e;uT7ZxyFWHN3M2{yj=FFo{l(iZ^aZxMZzG#s0~NI2P9efz^LRbo+TIv zLwFkM&Oa{8F0sTE_WaXS3otNtp_sYAQ~&dM902zF zlJE~x!0!gQxfU(~Y}7oMm*plUm7ZdbHxW3i6nQ;vwUz-Tw>kVb-DkFS+F|=QbS#DJ zsl>BB&%bSXCdJ16q+#!Fgnmvd!>=_gDkwPgi|7p2;nv^`y86~8MJy2UBKOG@PmOt5 zchFZMa?psUo6G8cn&-*Bk~OTAXk;r$k=A(|GHuwaDn# z%#IbWr63D4vS$Hoq9VD!?JTWie#JvbHjs}$8TkeTGyO)1dHp95rk>oJM#0PlYLjdj z*-X1ipH{^G?6#LrM5KWg0N>ntb_wMyg%x)i6l5=jnxmrs`tR5;t|nrXcLwaEzIJ>Se4BvxPHvP zwFHI;_J`R>bs=BopI!{8vl7MVn6Ytx4M}_`B5x*rQ$|i7v4!(Z!%puKRaZx@r1yRp z?{jyF$gMCBZt)bwFU|jRi%)R)^CHcGRs#<5BPw)>=2$MqG4rdG*OnebEb;?%jn+R9 z(ryDquad&C84r%?qRBdvc_t2QfR{R(CnX_TuP3^;Q8V7qc4H&An9;&ra*pz{g9dFV*B&hB8cTXG(TZ32s&6 znPLL{w5h}ws;xG3E5h>5XS&V#y~?lrHBB5b3G$|e@$v(3=M3AS>(ke@FtfaZ^o-qd zn5>lH`y)6z9wa*8)D3I}e`sv1H$k^gEi-Zebq36*MmW)H0_9HH)d3!w2Jz+T9G2!v zVA`y5C8{g4Av{SE+*ooJETO{QH#mqI)ib9D)MijV3~ln+X$K*flFg>0LX%$mUGj!s z>8Xo34g8d*x>*8JU`l8e7G%sh@i~|5CTF-8$kg#sn`M)Hb(hxxnY>st-rqtbCr7bP z>PFkgoHrWf_6&030Zn`pE^EF^A-~IxZ?F$wm@UP=yY-eP55)A6_a4zLvQ8l1PpuS@ z+N7{p8og#kPP`|wspH=#z&Ld9wZf}HLvnebO2@#Ai8F>Ah zxSh8-Ma;^aQC8)6q_Wyt=)BlB1?o|22QU(Ok4EAj15_XQIc~{zxeRMNOh(zE+!fb` z(1g+~9LV$X+6)o%%-6xGsqB7U{`Svey(lEIx3~nD?MLjfM`#j7&^!Yd14p`3-wP@f z(^iuYFJH^W5RlU%lyR^E!8|(qwPP?Xq`Pxg%xtsSJ(rH6WYAQH8`ljMjz4N$R8wxv z*Y(-quZ0_mYVy4;&0Fx=haJQC?MEdAbDno#<>4tb5rac`pYwqqfGY9C-LsBQ>)Gu>3l{`OT$ zwE>##-QRiu5=cn7xEAJSTce5|m(`q*lup}ALzN~3Bjk}iG1SmPOd$FURpbKgD=(2W zm%_g`fAfOHXaWv2+xLdxTQI%j!N!`+PdpJ+t%l0uPvM3gmOO^-mH5s(kh;?)vaPK` z;3P-EUBu_|U$*~^T()vibUj4s4hzoi@m*&wBcOK}B#73#B;kExe!Vyf%PI#81?*qb`KnX`gL|e{c$8rx8;!z#~@a+@fK0M(7`2L zs&#A88^$OA&HsGtVL7~{P^=Y>5CI3G7=Zfm{CUrI=K5?)^dEm+aLtI{Kp0f2XKqmp z^{nl_^-WnsCq;O?PSOq%W1X?_#&b4%-qpyyI23#e;DaSSt^G58!A;yhTKDTaBC2gX z?Ox!>;^7MFSPiDAdJ3;u3sV+#3>(nY@3ufhQjDeRUT`2+&vGy~8$n`vnS_kV;#KulzVx(tnVypK*iCJa? zLsLUT6DAr1=3iKr*_f4`hQo;QS1`-SL2t-lK+j-eV)XweW|izod+PyqSDS6D3ZfrI zeks}E;kDnhlh_6a)@BnZ0L~@JmAnJ`Nf&&4cRoQQP?Fx zjX{kK$o~ISl#~Luqm{67ZOVub2rCS1sx4=Zb3yf=Q$WHsIvl*hB_yQ0ZXbg9KWT=3 zy|uQ+6Yo1&S3Mm6@z!qpt#e{|(6?u%w{o&~&~s*Rbf~wr{#ok?+{H?7qp$Zl009Jq z{Omx0ODj1gfW7{X<0|$Ftd;%&Vd*p)jg;-xEfZVA@a~XPEM`{yd+?_DrP;q>m;#-D zfvFRmk4E29b{5Y|{lf$Fb@E3!!yp-y zUNzHsDcK}p&jZ^Yq4WoYE0Pv%vmx!( z%xi=?MCC~=k*Ldu2LyT1=}7%G&L-A7l3X5fcB%%t=96s2HKd$) zwylUfEi>!E7-Br1-Amuf^Bu8QKzQ#6O-C;2%EIAAvXTHoUYFtY>>tk%F=WiZ>B8OO zU1;rh%@A9I67MXT8-;#xYPZ(c! zaqa0`RI)x)t&2^X;Q_8mRDNvs6Yxjl69cO@j!~Y_sinZ51XS)&wHU&Juk)%}-{%bd z2A78UTt}3v*uUx|uw^9J%<5OOtX41G4=_x26#m##u^1T2H1^6f zwN?^wtZ4|=VRRe}ksXn6 z&i_FTHZ887GbE|tNU;MK8K)Wg*nu}?bqgB)Yf4EpslzvXf@wmgOT-`#3cJ@Z8Yfd&>>#4dSx)c2#Og>1EeUe2glDPeoR;($v z*Xyr=0P^5epe zs;7j@gh<7dnsPMljWi6(RaD%0XRSq$g+0uk&SdZyZ4G2y{5WsD@bjJ;%b;TX{)|u} zKEs@wYU%6+g`G`m9it`<`MXEh3r|lP-;pUMIn04hcGZc>I7CL zF%x9tfn{v7OH=fkU}EcU1tq3EFt}cBaQNI5fSaelfHi(PO~h834cF47*-`N(S#0HDBnx@w?TyEylwk(sROYx8 z?<@|pVkyX*3PonAf!YeHzkK92m?dp<`jq$nZHA-@t;>3c%NOCb?8d&U&7MG(A+CA5 zr+A7ZWBZdPbQpF1y8f^!zF)Ok8dMl32aYSw5sBT)8IgykcL0G9o>e98!$cQ9O!|Ne zrmdbJmP%^oU8e$@hlhy|O7uq5uel-~F5;H^F^0`1gVbH#(fgV1yK87~uN6Bl) z6F>)E@SQWY_c&C|bSLX{h7xe{_V0RAO!e&UxP~GbXL7%0%FhE}K}HV45G07@^y)}Q zmhXWnPf_pDzt)zgAx0rtO89QD-~^}&y=Zl4QOaVb)=*O6qjXR}$EhRX{uT-? zl82Exo3O}@OhqDbkO%)fg7rr39P+89ZGG&w!yi?3LIZDZjC!&*=C1D$JB|Ed2X=Q9 zw*HM)fXF7x5I8%P3n9zJYpNcjk~%CHZW>?iWr;7!2C<{ecN zrEqr`xsEj1qJ;*bd$hP-{49m!ioBj3T(humEjUca_?1bDJR!`8m8OSzF&k!P5P?bF ztsfJs?H)lx;+g8{=s+7O9MnKH~S$a2pGll&ceis~d88(}b;@VY$phYuqZd z1+tNjWcGHoEVIKu@rm#crD=gM!$bRD&|2`JqY5H9eX;mODpM`rTS?{7W;46Oc7sDI z%z5#(K7d2-v?ojAX8YHO!_wHpCMY)(#m>wkW3_*w3sHCDJs~1uhM_u)s>;>HiP}H3j_pwm2_Ump6_yoVi;8J+?n$yZ#H%?Fg_Z!&J$BjrADuG zQvN8rvOAqS#m36@$?L{E|No<@Wfz>{Kk#$ z@$ljlY~xJbiF3-o2w0!?1IjrVofL|lsjT<2YOrGgVH%M}50>Vhy~H>t&*u!>VV2SH zxv5MR>5X0uFI$7%{v_1`Ft$~L|KM#{G}ouk3W-$IVjJv+%q$wox{JNvTwlq~2Y2WX zQurZ|z&Ii38ynxf_-Mu#-WkN34-DRbMNw;wEo_)v-Z}5Ff2JY+S$s|vTNYmoRNl$} z(okH3ma>~DS>yt*w|yPf=U~N5Ui6EOJ=2cU3L|hHd$=ihln2cLMMCI@8F*N&%rgtr ztw{{)C%K7&d^%-#U{huqziD)W5Ls7f1r^0`jdFt^2+sAVmbJ8LshEmrY@r^~7}Pa$ zc>%^JJ+ztErID7hKTWqJH@v&v$K}l}c5sCoF3(dgW|QQ|lpjB+|F)&VNlA&skV#$pV)e+b`AWGT0MeL_*7OKsj>LH(vc> z{%Hff%1ML%fjUqePQ;p!Y74?9D*4v;F*5ix>9Ei-aG93-78*U zIpJ*cMWZ`C(()9yTGhppaev2e2d$dI_Eb36XrJ02kVWti5_ZB{4%27yF+yPd2pJqn z2>ehUT?VS1dNmamlZyOJ4RK~FM39XmaMHC875pYCQMwhDS6-VUq8J|;o80J26utO3 zA4gt>;Icv9U5@5r%uzOz+f}|5+{+dTn06#k*PfZy$9k>%<*ldm7^QF#;itFyYO!Oh z31FrjnQ0RBS|5!@Y%Z?j31O7nI7QS0hTDT%eIUT>jo@U>=SRQMqzT{oJ-%@2HK4V_C zB-t_eIp=dhrY&$hWJ3w`i}Wy2tG7M4xt*qNYambky!rLo;#;yR_8&#OaEGXXB$1E% zT*5Sc3S1HZN){1?dyITs<4&9mMpJV@V^?+QS~lKr5agJi2c}s`(79mHPIM&HH=M!I z%((*vBLU;5{*HUqr5+vE*_CtjcW<_oRf{j(fM18v{BGq?vgI$9LDtxsQ#;U<$j8`1 z{d-mn)Vg7Rc@MyceZ;1tjLHU}hTIFNu9Sq;A8t=xIh4O5YpCM?A@D&oF_1T`a6M*yL zdWC7AGtnx-w`e16v*Kn)UfwIf)oiw3=@6KI7Rc2`wow-}1d1;1nCz1Kl4Qhqkf*z zmw|^+0~qsIWU^;TXXPLbO(DJW0Q)j*ART65O$ZxSrhZq9M_GO~CFs{N`KixPRyFZ~ zA%Vm#fp<)YkxraR`ng)v%htBN0I#cf$)|1 z1zJ+o2SLPIp5Z3BwdnX)qIvc%-{Wphm&4X3Epnaf)6v14Dql-p&ux14g=gXG<|76%dC^PbQ02V(gTSZ^)gMmubAwQLptBQ`lx; zJl~W-BcyIskosLmK3(3Xur3xMip%;Fw-OR+O1k-t$m+=KgpBf!zQ;^{TXaINu0o#| znm8ieR$rb!2f7#*hITDu^`Qy2^bxQ=GOXWV}*j5|P9EXIl zDR@`AKrX{Y`-RYYhJNgV3SjWN|385b)W+hgPsg3Ocgq^V+icnl))6iHI!VWPjVf_ zgta=ry@t-y1FG`GCo8u|(FSW6K#^SDd=|>&oANJ}9VG#IE&>ouGrlAI&XJ(c<4?E@ z*K8)2c9+ofdIbA(k|G_Fj>VEY?;kxkGru;C$Qw01CvfP(rr!#;VY6x;HQw*Nk6n9y{!mdQkv{_e0`K(*L%x#NRG@r6Zl;eAH ztA2CxB=`3WO3tu z`G>^TLkHFl|CsxN3|FhS5q$Ti$7%&1&!zLFPE^4S(&s?u?Dgte`7DP{a#8kU$}Zf( z2k4tH&nzA<(R0ZJf%6~Z^cxh|cD(6Pw&lODyqcEDq`~+d;id~NMJBf;GAXR9nU%Lytx&PD2Arlk`-`wdQo+q&?q{uB6s?_A8=37fL9jImoCn6cdQYFRKKBkq3wFH>7wUEr9d&6t{7er#B>xU ziEFApJkWPHK}VOwJ){L-;Ul)^W#;Xp@ap_@PL8RB2N5@j)8{(0jk!iD30J1 zXB~`TP{&;xgRv_Q%N8P=tpkSbxT(*3(?z*Up0Ou`jAj@_Qz62UQq8fz?PZlh8Vwu_ zhOV*-NDsk~TI(ryIY=hpq*#04aqrogcK)@~J1f64)FA`K(E`kZ9ZKm@km3ZM*Q=jv zTD-_x57ybjX;hpIE1bPE?jP<3lKz~5TEX3+bq{;>DEAdP4I_(Q_)m#!8Y)OUPqYhu zs65@olK$+~cw)iMyao7@GI(OgpW@AwrZ<^R1vJKQ`7vgyrY?_G@ez-R<^)UhSDxeX zW2)buran5pF_qGy=#1$BdI*O`30x>f!~OhhvK59ro&shhg&^pl`C3^Pf4mp}j9KkA zN)AevP0FKZ!UyL|k?~Zwzu%}2>>RzU9j%=End1GY$CeGzO$8Cc)AF46{Giw7PfrLe zR?mq|smX}!2kQ5>l3rcLY-jj|lQ|kA_c2ZcZ8W--)x~%rv8=D`Z)BwkbRSb%yaC9t zcwlD#Ar4{cT%>t!>X043A7fE5r1onFOjuj?+|i=&Zvu1vI7OzO*pWWRU|N5S8*Y9 z((m zZB#XSdm zHohgC)sI*F3r8XaPbBpM-<{jLONrCnH{u_=J>$gq6@{D}LZx_M)II+A%1AG1n!U)k zy){RyDbGdN(h73YN-pi*IwvfTz0!D zd1BzJDnG^W>FLScMJYw8N3LO*3=Dry)W4j;737ae!p-AVNE7)R4nLW~n`=aPLGjTQ zQ#DUvD6SMqQZ^g~UsP%bv4ql{2OwLC*1hxS%M6Vav1Po>i4xe?RdL5)4H>h*f5 zuT>(Kuy9Z}K$CxSwZu{YSVc+yovAE5Y{j=rvUfJCfVpNVapA-*HHxl~#cZiTC=+Jz z23J8mbVPfVLf<32U^Fs}Umq9~o;@Hav2kb9MH?^|WBE3eFEJJnB^&S3BawWmn$$!l zmzS6n44{40Y^^C%`%Nn4*J%_%%@ce_XH3cryyi^7!v(Zmun~=iM~?3F)hI=}nW%EH zAd-9shS2))u1Q$e53(^3YWPrdE92WRTVj$j5rT7L2mXun)l%BfGT_77x%!dLgo!2) z*1QYA%&5$>n71})3|P`+(3{3%3Bj-Kq-7KjERjGS+{CEMoj%JsiSnR)`8W<)SORCw zRRB`em`p)k8f4nb&nKb?Z>4%-S+NVseRS0l9g6viPsK|!ikh4inmv|`W-O}?O!nnL zX5D~9#l5D76#j1%-kiZE?BrgV)fWhYbeudw5N%;BzANg~v%V=?o$^T1rFFRG?}6z{ zMcDM(?q}mrdb9ofOML(OvJupGNj)?j2a#A4f$aUX@ z=*oTS-@r7j!;>vDS_x~ofI&|*!B~0D!IoS0pMk`J zTobBvwv#kD6}&rHqQ@;y?LOJ~{RwF$Jh4>0h=MB$Hx1ka)(OArQ!N*lWDr{%gmc68 z0OGwk?ax^tHi;0!Ui`S}SzB8Yhcf1tOMjLt93ZfU%r0^F6KMfpv|xfYptPu~i31A; z2O1e^Fid*vgClczaWq{IFUed?`1cCso7NPfC=Xr!I#r=LgM>pZ$<1`cAjpb)=?sD2asaH|lpQx7e#_ z2Vswmr;cf2y2Vj@6eWaCg}YLT^QT!CCl@FPF~EowRH5oZ3e`Xyc#e~+p*XIwnMi19 z)uC+?_%A{w1MS{*=MWYLRZUtbGk@jVvDsFVElYMk-=a8)1}%)PU_l_j zY?xV?G1@WpP_0z9V#ur+w59y;)=P%NYH7r*iZ@OkTmJ}fx)m%zf7?&8)%1-XQ>(SCdiQqZ5C#%z`{{ES$ zaX!&Vw-MeBCDR480Z%^AHSrSHu2@QNFj^2FTbLrvEU)i}*NdyQrGFiHoh0N*Ir;0@ ztpLcfB*a(lTy0XcZ(iVemcYR4BCnAG909Tib{G1gTiD(h5yyz5WLq9XtTuOJSAI5MAV5&bp-P<;O)mw<5}BsBzJ&{alXDsPmBnUn|5Vsw4lhzE#^`JMZMy3(txx%jKnqSZ3w_^L27cQ|JGf7C%7{VR*#x5op7d^1Y4 zJ?QoF*_wyiUN~)|ztY)5s{%GhE0WQmfgZyrqX_Y5op^~RsTQ!D?g6ZtoePD5Kt*q| zGi@RMh}}@QAAD2XW$z)L!;V!iPszDs%7P~!sHEXFLXmz#5V(V^9bd9>HiDU@ezN#} z;qn!jO$Ut;5l5Ev%D447xNaCe!|%#zPM<$9h)t8Dl?YK3ZTb_D2 zm4gImd{>B+AK#PV!Z3#hzt)%y^d%#+HY)+L;Uw>JM%h>l&C>BF;9`FR7uMq9K)d#~ z?G72Fd3za*CDEM1ot*+ax5j_~=iCyvO&3P`lqOjQ3S&U=yR>C!`}K?GUP>jtifWNL zIsu@1F%UNTcLa$CG<|M-02D57g4V!jVH+LXYKn=KEIX%Px8@t&JS>oS1a+X8-0so2 zD-%<~yd*)|5m<6QiP^4K2Lo&DNxk7wq3Iisbw)fPG@JzMTakEvbh|Q83m1zMJKD~Z zO^^IXcKxTL?zw3sizf|f4rm#>#aOJnZ%ymYAEr0>78a2h?oSf%7Y9c8>7U7hhH7Q6 z|CuS@$G{>Vkd!eD?#$_y zm2JURsHd<4>_Prz_tJpCoU3cCvX zhayb9rdpW-UlkvjB}!Nu>0O>W#hxRVH?s~a>GRX5P?L{1C!jmTgmcx3QUhnR}NJ zS_PC32;tlU>!uw*^KOU}`6Kb5YaxV}DWaIOCQOw9!g6fQ7w@nns^l0OCr`T_l+r=` zgjl}>?uE(1*g4FWO6GPQKvt4vJCB>kc)F_YmhF=U$Xb~ly&>t?u30?K%)}2G1I-o2 zd}K*3*C09xqw7!mjBMB_Kn=3IXEv{$RqK00eeC(seTs zbx1AMj0Hwti_A^DOQ6%}2uRNBcitfwUb3GA1tCWCDOb@^8=i>H7P(H!vU<{ffs=cD zrR6HCoxlw{&>jf*4BS)Iz#JX}b5^RGrw}sq7k4?&@nO$aSORg#-ww8?J~Q?U5G&VV zl==)TAhXfSWl6LlI`t{_b{c2c-vSH>bVve)5k}kBcK-Vqt)Bk4cu8DNVie>_QJfy)7 z0%S|QG&Q>#Nd-Us0ryv!c5DF*Z)v$qGc_!|&Vjqu4!;u;Kuud4WQTAa!YTBu(n({D z>OdfqZ%#1cFZIWxzL8}0LGoYbK`vv9v-Bb{oZTOmfR{M9W_aDuqXmhXi`%3x-@87a zk7D9j8zhAR9?JG((9(tzQZKOP`-GyVRf*md;_3#HPHF}+Q9KU`Tk=C&$fDf8(DInL zh>>=o{ynjMpWPe4BvHwrhwW(Ufr5e1xpSN$=)v?A!s_08rfx4Xz|icPb>}D*e%%~y zZ2-bs@zS8Iph7VHW9!CF>#P`?Vn99KyC|e+B0FeMXmq`?DUnV=l!1P^7>^%tQlT}M zaP2c9pB?)SlqR#E!41QeGn^iQ-GUn&csRNZkWWFe-Z0G!O@+OwG24xytVGBdtFhWy zfK-ZMP5kK;ujZD}eHH~ng;s;1!N}BGI~+2wZ49OK7Sm2wfGtl7rE8HldEArF-X7AK zRK?W!S!RW2Y(TLFapYQH`*uVSy$dlK%JpxDUfsnr4@gSH-~4^a%1=+ZVm{R@T`c>< zS)EGCKC~FT_ch5ko#Tok^R`ygzlQTTH=N|tDQ}oE*xFpmAU~?Lc$|kFZ1KTJAoHZF z`<*AYn2$I1+%t^t1?dMb=BUkb%R*#b7MON8pSBA8TE|jUFL5o-8BC8$(HEnpt=EWp zVRdQ;Ylr!(FjXpbj@Bz+aN`HQu5KcgXZld=Si(=!Xo5;SpHmFe&Vhm$&uas`)g|&W z+^P&TpCavPX(nwbdc|3MG(Rt8(N6t_lXhr8|~4PU}Cq`~O1RzVYzR z^a)iX?Vm$f(^JL!DSSxFjn;vXVCFB#4j+$U_~?ZzD6gY{$S_ip_si)C=PTujQfq1+ z(Htj5K+Fr>oa|4sQ~0Fh9=c?dWQG#R<*wDu0&iB9m|5s|pc^1r3P(Wf=FhE0`aBVx z7E4UU(gF|OW7}v|BcdkG4_c0%zIst;;(N-dF3X0g!CRSfJTI#<5_+o7E;HunaiR4) z9LPk>pz91RAoi`F>5}#*KlQVNRq9a{jpNiav%U5XM<(0Tuyaft%T;sMV=R^a>@8b3 z;R0+E^C@P`z*JJ?C2wJG&xz898>cn4`QE3dlLo){MoNy{R)X{zhH~I{Khy5&)a?veIgz%>jHVPfz-$0PfE* zr)5&Y%ukU zVkdKPW4Kzhv`M-0agX|soIX>Jxs zMMtx+T9O82>-inlK}GvT>wld}VQ3-XOjdPCB)9B2iX>ZDDyJ{03;Sgzx3_S{y9T;ZYPduf zRF?MSbCjHTxUhm-ximc1YSvR;^PrU0MrE8L327*z%xl2GyeUoJ=`crPe$~-LV-?vN z8)T72_w1fI|D_H*_irmG$l2LbG<4N#^x-vg#D+%MHz;EzbF{p202^;(Bp&LO|E)D^fcfFmbZ8(7; zKY3+L^vizOw`m(Y|Fj}dGN3b_{5&$Zr6uHaRWNW3yKfp_Z_(I~`aCNKexu-seF_@qw+Eagb zQwx@@I226NXW46;pUJ5J8gp7wCWDzdMN9uLb|`U%LMd|7H2V z@Lxkl4rUg179$$^|H6NnOiXADnc3KA3{4qLSlKuX8R<=!{y+RzW>YDeRCB z_aFNE-zSr`%x3GxVr%>Ho9t6Zg2YAnGQZaNxE7f{9jpwivpU>H%k2eCEnx8yO|-gO zSx1J%U=yj%s1#o&khUM^4P>w~j>Lz#;`OJf6bX$$K!a5y;UJQkM6{FFFE z1EbZVS2-7YqlHA%RC*@_gE+297|p3T^w7TT^X94 z0QS%`IhPn48Ug?aqgepSioyru9JXI7n2FB z23Q(pfTXcY*E^pbWYm^q!-dyZI^9e@K{yx0Gk47J6CA9XJkX}Q;y{66|!IAkyo-eaT1uyUS=bUbDx1i6MatdsUI3t~Vs z0vy(8HbIZGns$wK&*EV&*@RCPAv38sVP1)5f6aG)mJp<$b*(Fd*>f?YS&1Jp-exyK zy!I*`UKY?Qr{~s|Ij%ryHb$vl-V?9mwvlx_5i^T-Y?hx15$NH`jB|{bXyn|>K>@7R0qG3Xp zrUvBUTH#wTD*VdJa_@{~mh9pd{hYU}^1G&>DZDG?N!uQ0{ryST^ZIeV zm!OQYLFLece;f>;>S}hmG@~Pn9xFjj>l>-TU&YB6Tcp7$3GZbfx+!0L7$ju;S;*MQ zB+y8QHRh%+@nDAl;Cd*It^&(O`Lc~=by9=uHn{qM^+j$U@O;T6oe>wRAHM+zEXAPzl8;V{jR&Pfhc#)iBIZ}YCSF6N=*av>YtNhjLj~NwE z@&D|Kl`**;cdEZZMPhXEb6OZ_ zGb=(V3g`#@spM)_EI4xzF2_>qpIeEgw6pUH^V07Jw%#|Db+)$3VJoL~gdA{L2to?` zGb1{pi`@Hye&$0PP+D6a{xfmuNLk$zEZUgsU>9?sp`;#WtXo7EJ2gYx65HwrxcU7x zp(PwCQxp5`!9HS}rhu77i`i)>h_R^f3#BYDmVAn+Fs$fced5l$qi^mUFJDi$Vj}wqjgh3MW8VFan(>VD!k#ixGjW1JUBwT;EjpZjW?BKk@7=|XP8(1 z9>yY3%mZpmEhfwb1Wd2nS`SPK78Q82rMWLBWEf;g*+n>;;YrBeo3gJz@&UfWm4SEg z{4F~VOu!Pb_k(d;FuiL~87+_OK!Pkww))sgTIT80SLrXs6d~`={)huJEY){Aine4x zu$qbvY%x(E9eQX=@gZf-vA3vio%caa{}zbvj1J0DnN_pD;3b@i2;2%RKn8@B^I>eR zrn3?9EUu8hf3Cj5H`l`+f&B4Gv^Mt`g|-Y}xOot#t3{SYUCbreaqE!%A z4w(aCZ=d|oIFtna$z~NmP+#4ioG%8Hm|4hSQ)$%zKOcS41d&>nG))zS=^SDVmm2ZW ze&&-4`Rqr^|4-3+q#Au$!^$*H;z&xhQ4orhhc}_Jr)9Xj0L+Y+mAx*R**wU|jC$sw z?#`oD!tKRz&Z^^B$6gO~WWLIbEN`c)bY9)C8J(GNWkr6Vmiw z5!(rpH1{s48`K>Lf1=^kwd1sv8kQ-FlRB4FVQZ=*>^gkcx4T{nOw+!^Wh}#=w=oYJ zLf&v6J4gZ&YQOSdO3I)9PLG*0z^Kvnsybt}KKaT!1*o9cNTe2oXeNF+e}zdICs%?h znl2l&1=2}93xiJ7>5B@56+>8hePhVYpwJ9)yYIAGd zA5ug#K}QbyBJTJsfYNnNE|>^L;xL3ipj2$>&*(uXlTHL7aQC3}Es1zeodRAwhaCJj zUQJ%ph6nQeUx|{R)Qk4j$D|2*dK&9?lNJSCu&fEqQ_UA~FD1#(MA|)UZ_ov0;4GLu z0t}XxFLuzg8$|Z8&*oiKM!S)w{|v29e7yW{-<>yD@%Ek5z6V0z8{-fBHE8RlmJXS) zBe~bTb$wy+NhVP$R3b5Eo>4gLcx?Kl>37r1#Wl~0&4j9KDJ-o6w=>fBDCU?u2$7M$ zkuDh}zmyln@JUROB@c1N+9j*wcCM(>z0*2G`~LIbopkjYkiL^CQ)dYd>^Xd*oy9*= z@i}PUU2qb=vUc{CBm@(OcG{T_)yE8ivUP(*S>9l(3S$K1vUF6O*mSnc@}wu9D{|chNy!b zxV2Tci-@EHg$Hwzq6Lg_do436>oa=;Aql_+)75l&T9~vl?#a6dhacS4ig|9Yio4yL zMp9{Ywqsio8A<*zkDw_^V6{yE1=gzZ!^`V8fP-e(cYxa0KQPIL1hhcjr>l8U$Yurn z+o-@0K$p|V7c|az*6b@9!ig00CZ8}kWYm4eM7;^3Sy6-jIs>d6moF;9U1aN5#{P^a zb+I@YG>mz7$Wf{FQbsYBanX5vxnPp5Km2eJ{O?OjKeayIi@a{+k@)ayw;V6=;-2^n zqKEjdLd^a5NW5v>?m3)HZ*liq_Fb>vNwjNR_+@np9?MYbi_l_Tpxz9guN2Cy6s1ie zGSbP#z=Z0{^_@S!RFQwH73s}I_t_VYnSJ6S6E^yeQs9 zYRrc&5+~TyI6i_Kr2=4AJ_uu=b~ACD{e$mjDP?54a%R#Y%@x$s zy#-c$ME5-QlQ!S7CTIRoZlh0Bx_#S2?GRRLYL z&mXIGNT70FSgmzz`0>dPDx});wjtRU>%3-ApV=e@I$5^OoPRTrVIsvf|J~n5svc*W z*Yr5Cyga#pd@?{~7#K2efE?0I%T!4FSY_BjfVh{ulv_XkgZ}cHHkjy*S9)g-QpPnk zc3c~~30P-*)rK22ia8(qh1^k->uD-M?EMtNn8ZVu+Cu#L02p;r;rKF)ZXkI)U>6mm z&agNfFTI?Sbb{736avMLnm}LNuCeBUH|6C%_2X^vVvVmN3sFDpV>bQR{yM4i*$qkf zL*@cTK=xTk)N3bGZjpybD`qvt@OgnMKdf84zdp+}aIeMvtWD87(lf?YLcz#y6Lm@I zTCUe5PY)Y^nt0Ky-J}LYaE*(XhYF6BN<1?upIWp?$PDnYJN7{bCUPHCg!H*hWeJx2 zNc(>efwD0&?FhRwQ{{pf3J55?--4LelPOQeNTyQ77M8=CUk0Fd zwOGTjs?HeeF1Gpm-v*Gh0M-FWzQw^(8t`%uBb{bnNW^ve&G8tRr2Ux-ng^$>kWUfH z-`;~#=O!efJx8fs=IVl@129H@KT+EHv#b8Ldk`n%Bmx1i=Za4OtviD`BOhjf+g2Mh z*?81D9m|dt2p?SG2TCEda;Mbw`u2nCl`5YR!(&W*5npY&_;Snyd`AXF|5_HEhYGvL z^cjFu*13qMk(dX4PM$U_zQ}(&YnC`Zaj|EtZc7MHShhfFlYuZ<*e75%dETWeM$rje zOL6a+8?X_{;4zU>OheN0B^KRK5FT+)Ab?z**vbhd9kZ=jvM7&=O=P{kjR^lOR!z~nr9Z*T<) zDvU3ellGhV!+uz;(?*DZSUJRx5U5R%VVC?H^e7`5Wv*BKzi9ZQuLWUj=9p zD3KPO6ubp{)XRdhsiPhPKTk%jE)CX?lPtxXx-;|M89YR5RFfyufRlh^Lz5;g6=B6^W3ell%tK`2K*kb$T zT1z6)DmZ`3XMN~sRq^8AQUnq=G@F~B(tS*kw7nF`xE9G!{O<2FdU8z;kNp$G(A=~x z;cO|+pBXqcKz$2neN6@ys}!I^X>fN_H5{T+U;mo^Q|g2fLIFs^2BRNf@Q zO5#6pTen=*;MV@cQ@{l$hwYO^oGv;Gj2zW)+`DU=7(z%iWe(ym9kC9K=+x^`&}iH4 zig~Ma2nsK!+RCS8{9ca~q`o>LtFJB(8dbOnm2x)$QbLRfGM+5#Um0y$%coQ9yYkhLSF)S2QRZ|O$jLxBsI4sqL>|N4v-&rby=mDwAfj%# zAUcY<=}+2*@g?zp%zad^6=0OCL|Tpp1jkO4qKxq&#s4b{j)d=*eQ(HnDcZG5MBYSt zxI31cj+-tq9F~lw10th2RZjpDb)z#v<5C^-#YP|e;K3)F5n0(?g9uxD%wT&ajd6>ok9rgg-bZF60Obb~twn5)vE$BNS#<^LNI^-7FvDp%JHM09*Nshf(bCLPrC>Nd%m*j%<6EB-KRy?Py}Fa2h$^ z8WS>!An09r2xnGi7Y}rt(3f+J(-duGIeUL)Q!jB=mlsaBW=+wE06h^!v#!av?n zi#QEdbot^$dNA1QdQVye8G^HqFre2(pt6a|0KImvF00X{`=$ zdZRO?Q&3H2jShwtz;rqLqBJ(1Ae*9$m*tq3^=Y{~^hc5yLZ$*VAb7im1N0-@Z6#-e z5+w>+3)QiaG4AI)6!QXP{7fBY-f;0zEc+24Y{B3Qy@VBRDAF*~3iMDm*m#C)IOFO} zWAA;5~|2%5s zpyqN@KFU@5Uh*Hc?8MKBRZ&=4-RN&pjkbSBIaWjqM{ider%I&~J8@JY`)zV5RMlD% z8bKK8(!NwPlbzawNWQBT7MFsxX`W;*mEkIK4Qs{qsJwJkcJLx$RQNGQ$Yv zH0bJVT)37DK%8%&@NaqWd)&czU-%J9;F&jKMk}rO(YZyJ9p+y~jgN#60x{^Y>@@;(df3dIO+tg?$g_E4|?Ag3pI6(a%pJ zZWfumN2q3gt*rvDyFE)^BV%CNWXBsTA0Vs`z=BIGPMy%64OywqKGYuui`qziIU+&t zk-T8Sj((hC4qZZq+E+S`z)tq<>CA>e(n4&zT`-a#H|8un*GTfb{niu_5 z!xOb<)EQ9d?&hD-`6mwUOvC@9&s|{pRnub`Ag(YzFn2H|h+d{r!ls%hF)Dibt{Am} z2x1Zh2c?xdEoB=6b>NilE@b0a>rwq5k)t6lEZ5{Kqu_(L>QrbKiVwT0;3w7}Bexma z5))w5$$(CLtEqY`M?rdy8k!j^wp;>@CVzk7gww~FHwuh)O$m6w*Ctkyii5zlQ{r@c zo>kic-_-)hfwzPdY$CI!Q$J~+LbnBz8zGBC#DU3vL0QlB7hP!ZY>OhHjeqkVz8>A5 zbmLG{A*6~j=W@_wtlVTJNj-W|ZD8X4bwx$cTIU)U+;Rr4QFG_6JHi0A)MzhZcLs#oI?#2<#C0e(*B5B_7SC{^3Techycw%g5X7r}i05wMQ zA&85009Nu|5`$^}xl))4j}Wt@jgRWjP29Dkhp!ru=#lutAV5^NBoN4qHBhpGFMF%P zH+7TZPex0tZ_@9hJ(AyaEmO_Q2}hL#6NuetH5ZtMPm2K3`!rHUme5*`qE}Po3XVoj zgTt`Z6iSZGpEHs+W)B!>EoVwuTO^`8l7Y$-LFHPTlGqKL0my>R4(A&8<)GIFq!>k-4|YjI`D*?2uAm zVt^Ma^fvbGInD@XEiOotfu63#5*yEkLp~(>f3L{WT$ZsUp0*?&XQ%RIg`2A1BShJ+ z;K2jHR?pnn;A6T~beSU~3&^43*I)V`O2xuJOI1SrZ0LmSqu=`i7gjaHYT2JPMK&kh z2&O3s{O}Evv+XjG>AZv?fRQuq`LYy@0{d8VO=Z%j`fYSGXG$8#*O|^8IfBzGZ+dH zt}DYzNgE7_@_gl7<+hAV-fLmSvk?zCrD8&^-i}3hGHD(h!4pHN*r^i1p#2Kn!nu}! zD4kJ#UnbmIJ?KKT0GhayJen=N%4X&kKk$ICO5G#)BL0Pu68X5rfA9e-3;3FBEhO39 z7;PBLXX~s=v;@x*=<#4B5U1r(v`|3V(J!Rc8{e`dVF3poK6I%E>78Naa=b*OT+-K{ z8P}LrsromemeU02cGbAedqV3+p3z5+5q0JV8FkR?hE_=d)nZqDQCi3=; zG;wzV%mAPmCld}vna=QuFx5i_CDK?GeVc$7>(T{mK(bl8?W#)eecn)?czE^oPB>BN zBb4Ziyx_qiuLH)MP@q*(1W<)L^{;xt+LWdY=lR!~(sx~2AuPgC`|AhYAV-Bw8tgfs z%W^!Y+F58fFOj>BC`q(-U2?r$v1Yd!1r{(zXFkX18rLwUKH(;r>;vY7{AJ1Dus+V| z>AXH1h$`9v8-boG*$owrC#=#9#j|C%HBV9iz&XPk2RDd1X1fG*<(rn0OVy`_Ib|QM zsJ?c}vhZeeSYn;DA$pH^g=&f{u)lQzdOA`9;xnAL zC`b}Wb^?D)(KzybEn}fEwSp_D0Ms&ty|5W*8N#{Bm5F%Im9yX-Ve$~E{|p}Xij+rx zIL%_-{BQkKt3v_KNhdcr~COP3Xy4 z?9S~X#nERjlAJpw%^sHx+MUx3r{aP!;Vh9Hoc@wS=pfg~;Ur359A;_jUFnkQ)i~I# z;Ib~ZYJ0p#DM?9|QQZux2_7dP)Bf?=t8a3H+9RP0sx^4%?HH_xs;*(k!_K6xr8 z_f(XA(5HDtw1G8ZIQDdE`eT&BA4I#81l9s~%^Nc{NZ8x;nv$t7tCLkfU|q?V#X()4 zJUrF&%LMTHZ`EWcFDmW_Vi#dtg&UDjy;@LA#SR4CorA(1EiN=n%`@63PiaVdR48>B zg>1H!PUpQ-s=27MlWKByz64h$$z)kb?C<{bp4PV%TKEnNE4NnVdcaWA0Et zG}x?yZU5hGA-$85I`a!S7Pe$~@NKzOD>2O&oEIz5CEDW~w|?uUBJcA~4DQyOmzuXt zFliAnjQytib*2jk`~J@N{9AtyPdl5@^i$ouD{n$?@VK5iY58f7y{42~xn$jLsW}GC zKlzb4)~7uluuUs7nGK4t4~6Bk?FV4lmn$!VUH7A0(tz9dS}QAYYoV}Msyl|bkKcqO z?9EOSav%PLoW&X|i?t|DC^a2&Dr?|(GA7SW)-~>HI&G>a!O1U!IX)J72f%W*sJx2Kx<~SOsxxd9p`4Gp=E|jVkS3f*P!i# zj1wTbj%(z|K%0wBl?JpwK;Jp9QmNn3Wh!m3CgXtvylMI9F-L`J&S`kVu?b8hn#Dn$xsEQ6FQ8J98}Z1SUwfQ&C~WTI7*S$ z6Oj#)ge5$5Y5{O4Cl}$kvi_w)g(@SMf+fE*%XDEdgve7{Tj!yJ42}FRf)0#GvzW~t zB550z!;@bux8I%099cg%*a(oP(|vJtlvSj?UrnYpM}qZRz*8eQ5{{=l3I%4 z0YVL6vyXEA3#V00)f9G~9UI6_E_v}yY)KuJ2wZk;?C|#&Q@|Y_9(eJf05j}jD+8ss zScm?fsZUv+waw-acHR6ZM4y8YN!g&GMOE*lUk>-dD_+XgCxjvhmSS3?(~I&|CQIl6V_5h4P>ciyG|JzZW%PEU zRt;>er%%K^*95JmH5VX$1DVFv159*VkAKOv!Ij_80>w3>dIsDaY&k71{a!u_G3;c; zmvJf%37jy84T^Tx!DvIpb3*OMr3QV=X;Gp6gn=k=^Vdk=74A_sLn46>@4edq ztRdmSaJOILw?g;L(_lo2R*DLKbTXnO{v73aocJ^B5Mm zL>|UtZBl&%D-2uvBli*%Xj|W5cHN&}{@+Xu1X03BO!TgTk zFHR7LlVXtjOkqLA#jh7t)73AdB)4^x$Keo`#!yhGzZCzlp+aILuDsAf^q8Z-#_~ZX z4^VWo7fw`0Ess=&%18`>J6aDdv4qyi5JuaA`g7j?aaA<+!yL&HJ{e{iFpcj6#^#^kq7G37(y; zmj`S)yn1oB|HXET;?yTjq(-3?&y5#sMh}s}1Xq#gt~qdPNFr9HXTE8}|0UPu z)lyHQVhdW110-yF6_lzVy%a%?ibSLK;%4iUQwQ~|$n`4k-xrxsmIX^vRCjrZBj~0h zh27o@?TZ`}GbV$dvp)qBKto!o^$o&G!oMP0ggjpLbPn6}C;Q=+Vt#i!GW0>^2`vR2 zNy9Rjh}#k?bTHo>Q{J;tX6WZ7KlUT#09F4WoCUK)L5B!Xxo#JiCAuSKonj-?8mWyB z{yY-~`3%08q^0OsUV*Ihm#zS6aVPKL?W40B>7$8lvAMssUL(4t(v`)ZMC+eY89YF@ zV=cih1+8-y)&L+H)5;6xJr(7WN<8bZmhUfxK>?~iIjl1weP-&b;$gBRFrAR~x&__K z3TsR3&YAvYz^j1tFHGPPdy!d#_InzE^iT4Gq|)KKh;8lTa<`r5X{7sA?kwLeRi?*d zKkp;nXom=!1EBmh#IF~Y(0>Zx6+j75CRV)+1I_4DI3ZKj`=EF*w{N^;4|OBG^me+~ zs6~r2&`r->7?CNvpUT1;XpU8$7u)}o#lr<{a*Kd~^sk>T{*7WpepIeZtbgJTD8h=- z>s?wi7LP}^Mj{4n$lu@wTsD4BWsAG{tW}9_qe6jA;Fb+x#Jl8}aTHwfUs_ulW(FZV zNzH|RrCTTxucOigJx z5Wg3)RCZ&&KPGa!c(1hF)tQ8eL3M2YAVnvWVxI|GF=U>ytduj-oPhIcg1^BA6{;9C zL86SGN~z+gJS5t8%xD`neUY_j^)NWepaZV~OSVfS)&{hVH_IsHQtwnjfP|#;WUO5K z0b6;ZU~bNSQs)FIEe^Y+uL+T2OwSV!F9oKTvv7r8@$qiQyJQX*VkSn86Q1o+>6;X z0kXg&WS3ek5{M!h(2FNzmu5C(+ubbi;@6nZYf&BJohl?Rg7T3-4OzRn>?v?#iw zZT+@w+qTW$wr&2lZQHhO+qP}H)2WP-RB{Jzbcd&2y;o=LwQDK#s&Q7%EFBu^(9#2I zC8`VT4C}7`u@pBpXRsiwI2D`BDj132f0NHi-TQIFUe3c-I?}!6ZA|0;My`Q}z(8T= zTUB~D4A5CF86uRTJm(J9@|X<+s(}D&kefgAI1fKi7PQ{U(4?5q*?sFejQ_yQW)_UX zlC|R0CSeS8lR};`KpSd;GJiqIUNI*8fr*_$Wxf~38WrWkF86pT3%j!w)u52LDswKq z5MuVV_mvITfch2;cy}}y02C-d9qZp1@?J*JBrYZ(>&7 z^{r}};XlAKA)c~8bU8od8uf+%(O1b$wf(-Pcg*97w znHup`BA{#TUKm38B(JLp<+#J6QaYGI!wIAtRpF>$pSly!*ms`~iTrmg;@z}@#FM41 zI($9*uaK68=R7{Fy0n!`VO35w=}D_Kmx%41-pnq~QS^*8w-a!@gI2pdhn}FC6{K>qwSKv%WVM6|Q_r0e6l z6N?&equO@992YStWubI}upYnL^W>~lv2mU7LdV$a=DL1P~OkT!?LE2Lm zd1@a%QPQDwF++0q6zINp8c5PAr;s)YG}#57hu3FoL;4UuJ`dv(O%POGK3yJ^4;X>I zn^N0zZ7OE!rKkwC;L;%Why+&bbANYB4dLu|d^&0&-!kJi$a8E;IQd40ap~kuj(6F% zFH7SrGk<2CEm54x2mnQLr*7DtAc|C?Rj6qm@SP&2Iuw|U&XW^c_y&x#alwC6gEB7} z7(zP&$R@RZ)U`y_OKeH30a5E1?(i><*~$8Fa>|Yr0-CL6@*+9Xi1!Eul+hhN^E>8yPo`CGsJ!*SB8L zh-(R-m4``lcix~?vL+7_Gg7PHustpA3g?RK$Kac>-74~Fljfup6V92b$lXQ)sw|eG zJog19(UrplSi{-d=q=CqN#(v!7Ry@AlNCo66BgmLizfU@r^nvgP<~b^O3+Xae%eD` z`XO4LKm?Z-h8_MqZV2BC2COVJd}Ez`TBRIjZx1VJ8u8?$|6`J>wm0x5#WcH#8-NyM za{P*->id}fq9PO+zs#U>OLUhrJhjU3#-!cD+97glxiwO=g^Tnv%V@`|tjkQO^LgNxJD8I80%%%jbM!WqT0%B&`!Kx@%%*k9lft;q%B9+73L0#2jCgqQyftg`R+N)hWA~ZH6nX>R8 zyDsnZS#Aa7gxhF+%hxUwh4Wlg-(S+5jZ|xM?H2w_sA<77HH>xb29zzKgisE15`K5b zETk64qx!I}0IrtJ^qW9EsQ5^-cL(PE9(P^YVx zqlhlP#_q{Pqo(#ux=iX0>GK7O5e_PT*T#yT`hoK@78wNC`CeZTb^hI~um4BO#AmN_ zf_Ue(Sw`6SdbZX|?n2nd<~icLQi6~#M*szVfJI-311Gt8Y?CNOkfK+nZnHk?j{}}2 zeS`(atwfzto=k;MqI1Gvah})Tus#3-FnXfhud%-K;>%0&)N?wCy*NP*Mb+qgIn&$W z+w!*k=ET&wGYUpE7s+o+nse5hty?s0 zenH`>D(ei*jp60yE0>Gs>zA#=<1Vta$uVihpGmp|js!qRfIB+|)A8Ay$BkZooj#=8 z9un|f0Di#T<>Kr~06R7ztmB_4^=~#)Kwkhm=&h`?EaPu_@0Q_Cu-*}>JQ2u<=f_zKg8xTFr(;vu(MQzR_N4_Cs!Xe_2(rcCk zBsq+C^#qT7kNf(R+Tp?u(d2mPx!k?l=mY$dW#>?YpEDhS(uT`qaou=Z(4@mGckefo$f5 zEyRp|s9XsQVoEI^L{-*j^#c{ZBc|GCzt-F5PJwIL5>0JKUievY>W^2Qe~CT4OeDLj zLIkU@@WhYl08V9zsM0g{8JZnaMtWZ~4tL%xXu13ZA6KX+tKC46euG2zE!RYq#VT3g!MD6gIGDeZds~pGK$00=|tq=%R33 zgduI3==$=ex)5M)K0%DaQ*FszIe*yWZkKx_IYk*sjwO7d%`>m-+sc;4C+pJ6#BYMh=y;!^yVcA(Ilv|y1 z=*mH6rU+hubR|xgSlQk%0%>w0p=?A(m~by&Af>cf&&YVH_6@LgX+@LdtmAdj@q1C& z6=Rqkr$zL^1{$cSGvMe(ngw0PIgr@kn3v_vlV8eEKAY>etMo$38;2J6_S=tpyu{=% z$?Ye6{t(BEbu|pKhzgF1<4O|_YjmezI1~NEBNR6u@wM^J6VHQ;Oy*@bv{jbb+Tmxx zCv?PJJ*XNTum$lx2N;9H0e=4Y@(-*|lkk2u&Ve@op_kDvYk;bn^bKE#&hV{AQMdIq zMV~LGqOLF0v-5dp5$ZCen?A~`AfzH3ir%!P)!A>JeWvkM3*VPgHfasV2EQ6dHW=6c zRg%49oHRTHrv=PcSD)LT>3X|;!^%yhSZT}$u3{Hp)aLPcn*;Fnb$K_G*7i%MANC|S z&yPo9$W|S3>zW`?lp({`Sgz32yS$r%QOxlkTG3{szM0#8_xM&t;VhiDcFc-<{q_J$ z(|zxM#2D%9Rwv1YV!3`5qQwHl>hU)V__Krt$->uJ+Js7Be^D9mb; z4^i3nLaY(Im2;Iq+=}_EtrKyMlgj*r+cZ}XAW~W?7@q(!6NkHwkV+yUVw|v1@C3^D zsKiUh(S8qU(L=9qf+Sk5*l%%(#lFfxMHEQ}?*csL+-a(FfpU9z{($7%W1f z-aVk1gC--z!xbnrY-rRj4(M7G;{^c;YUF@a@Ugt83Xf0=tlu$+Q(* zwu}r~v{tj7^(AzycT5gDcfd*%kl4;FOHP)kV({}xBGqOJEKm&b{VY;RCpgO)*PJvF zXxTpYue`m!@g+xdVZiuEC~J}Jil-e274AH8=>-2WX>>~GLXNYrvuo6S|W~tuxlu?IRTPv zY@qcz3$Gb*{mE>8UhJzR^37l4=prMX`w%+VmffZ;xKcSk+)-RH6ueA^rxPx&Z5Xy* zPG?HMuuTHRMRmLW| z>tHS6SpJ8>=&7+4tOSeU>+2Y{6Y(zyL(J{;YPnPQ&d1Zn--`G!lVxN zc&tjD_-YjFp))2DV`(!Kh5L;=w2CZF8R)qf;U`qYUSoJt>@&rj9i8*eEk2~(-vwwk z{`>Aa4#lh69VKa6FDXk7%jYe$H6WnP`=_>;>>CAW|9*Ei*Ic3@%oo&NI?PT5qUIiE zfAI9r$#I|O4vh7CoRWPH#^&+Hf#bgIQ6*7R3AqdT>RSIC23D13jWPB|f+G%OkK}+C%aL@5>t$7fv9}s8aw|afLI13do z&8IDW@q%SS*IhNH4!$kQ_}!Q8F(YD+hWlHkbHr!zFzClNsh9D@ufFM2$Mvs}bGH4b z_qXc~{koYe(r~AzgV8NMpoGFhw(%5yPe77e^tLFI#zrk%Ui9^jVdJz?i7WBGlHh6? zjE>Q_L7vab&y_c-XlDYQQkJHi0BS9QVTFmXi-Hfdhpf*u*NlHwH%VRuhY=Kq zX6pXazE4{fl(m?q25)OHaBH1?@!TXL2&3VXI$nJT^`g^j;qhs(K_$-8W@DY>L@Lg& z-2yO=taVoXVu{z3FA;r~n<4c?2(^E2To;15ukjp;pQH&9?Vrzd%nCnc%+ER1^3~yY zb6DZA6f#~Om3{CKWS8^8_}OGz)=}COnbTVssrZHc%e2b%++9~Tys{1A{$9ssa?)Jx zv{sYWJT7*b|Kbv_F>s++d)?T&BvzqXk84;=2aO0`-5`4$C-~(>bC*5v$@yO+`$c=!4AZ^i9J-nH)%- z!0VDnXO%$mJ>}PFh2&*7j&Lagk!z5$EaVw4KRnACqV*>?wsQr9RFk2!J=ZPiLv%_x zgVIYSAxO!3M2JMDNV5Bn5`gR6ul0w+U9Yn@c~)NIs~TEBYn!-Y=KKK&YY=fCE{Hbx zTJlyqT)p=ARg*LkOrX1N4f7=|HI)%Jit!{OZ{;o~1|fPB=yKIsYN*Wsr->K%2k!OV zUhae)V|ilT|H~ zTWC;udqyuSWihwsJpHwJz27lj4_jwpzL$1KBVF%oBf>F?9c$1x4*YFMw<1Y(-J0mA z0uS+{Le5wUp?^);mLJDGmUUOEoR78YgxC$A$m2Z92a$&p>rvyAD}xCix7+Wf2a=U3 zn^pp1v9?VnFTUGmG`h1|h}okj9daD>AsxW;l3P#+81&hMkzM_9gEKxIPr*7{Te-;P}ge^wxE(zh=(H(CPB>p zt8FVM@!Zr|=+y!%RaUvbq#2E`lDH3T4@!yU&AaM#GM92{1K|Oj3%buZ`QR9kLTCQk zux-_UWZ1@uq1l>ZXK`9QnbFzA4Ug-T&Xtk98c{xjnV0kByZRq_v#{7@cxKXVY!-;e zi@srAgZwQGs6XTnn7eg`?zLjSNZiSZA5-A*w`h8eA+ZUTB->4{(w|dzJ|w0uZ#c_1 z-+cDcYcqeIvBvbgl)EkbseRRpex}kX@j8MOuW()Jn{pVaTY6C}4KvH82T%pN3qF^) zWYQ^{QD3w*F0%?JKk{|WLnvuK9^;=Z1D-e%EjGxSgHN2>A6j^GH@Ks*5dK~3 zb%cY6lGFjHGnhslYaMt)a~_d{T9Je5fd-Tos7!5>RUc$PR~eDN_y1)IKqkMq82z@A zJQCInYXVP1fn-G{V0>E=awUbvXwvwiM;5042E`C;%`-dow-LcLziQEQtYM2?pX!k4lyu^EQ6?UV*;yVZFyt;g;c^cMR4~uDNS} zI>AS(dd2E*(rJ^*S-Qtzyd@P`)v$MT=NZLjf1E9pmHHzaa1-^1Xc85HhsFm3oY5>2 z9AO*egO$3|>S`L}E!7SGKCa5Z4&m<(ZSr^(x(0ln<(*#N!eITsjuT-BJ&$FeZod2e z4$XCBWczVB6bK=}<=ljxn%C7&`6p-pj#<||FkK0bUb&@=p~A=UZbr?>H{|%%<{-Bf z7Y?4e^lMsgw*0SuwOiX(KkbXj0-8>&DDGy2DseWhcu-OFAPOvN;Qi$119n)TQvQB@ z@#dGjp1YP5BkVYFlZ3ij5>8+9baPn1Y-leDpX^RJI;eJSU~>X?>pyz;?*4uJwerxg zMg)EjcEtnFH_%&aPXd6DVRHsM&~I0w@s-uK-^QIwOkZvzup~;ogjWk!_sTtGTW3a# zAfqf{qj4S8C<&6V0~gm~+D#>#Mw{n3I4m}&WH8bIzN7~?iqPXh0xSJP9#*?<{IhGu z2tbF2%?Zw+Q6VQxv6`k=KWpA}IO`*M$*^=3OHxretPZ_A*Wcw3Tip2FV8Sqq{;ae>7Ob(mL zn~;FtG;NLB*f5AI>gETw6reftUEcmf8;u8n0g^)AW9NJy)=DTfU4Tr?B6pP1ld?ln zlBaGcufbrGXpZct4QSq`fP#dc+`-#AF-Ozm*o}YLNvEagH5BnR*m6JJT#}Kiziwq4tF)@ZH6Sapa4ToeG zwu7JUqxC|EpgqE59OZ~n+D*Ar4Y%!HVrSP85NI6{tTSksR3E@%;`Z#~uk;Wv81!iU zsz)AL`c0hKqm~oZF18YkTK?heL;<9C7dA!y#sZSMYPAp12TiQ*Gthn&?8Z$qhh4|R zpmP3pWcQ2mhbq(6T*wrHBVRd?slR4UNcOS2QqqL3lJ883IUzYaiqhL&^i(oER|x8& zhLbV~k#Vs+2~HRLW>j~;mY*Q@KQ&FKu@&-VgJ@=2`cj_}M-hHBwAu+4zr8ITa$Ttz z*W>gFDA86zPZ_q;b1dgmg5Q*+D8tQ4)DL9pkw+(EStDL_o=&Ih3S9d~{!R(|aj}dw+gI?w|MS z#GT0a;YVUSr=%R+`;iS6W!#-)Xn2nwz||gm18XGSjK&po+bc=(!`CcRz$G5Fs3qGp zO8WlWE3grDiO%>xvN`v@9hpBcq6%t~0xO2UT{|&%zOZ^1cCYbU6&6nKHc{@;qOr^N zO+dTGG!iWdLy~>NTuP0%7pW?aU_^#n z+=#t$W-UvXn&xqTyyFz9t$$wzPQ-ld3@khYnx2lufY`(AEm$=^_xfq-{`L^+dQTmq z8!MiFu|-JF-hW)?3&782)O4id3P*C7dWu#=T$+rjP`^xpo`3z$ei!?jbnFHN-yQ^0 z;BBX*?RFG_@@9_i=!Q}f4pJZi#DVb@C4@F{VQpUSC|No)S7v*QD#!K%@zCE*Moa3o zklaK_dd)bO3IziU7au;2FC6W>V>&M`32b-q-X@B?%2h340zri6MPa$-?+9+e9>Vtb z*e|dEVWKhI@-!R5-O;xNW`II>I6RJ^mxxj2>l6)=7>X_N?d7%VSS@EUOMlZ}AQAJA z#;kRjAU^YHKxqq{%XJ$|S z@kUbICn}cduxv#Uz~E<>5W)pH0;H*f9u<{o4Y^Y#Mtz3j32%%XVjQ{q!8&JNZ`e`Y z9BX2$h~6@X<2P?LXuet^VC|R03=U<{g}aFT~FY?x?)dSHEBtSUB6sg z)@;1$r~kUn1^OHIItSd#TRm2$s%uJ#SBprosVjY@)NH z!fZH$YAJQq&eTa_{8m7r!7cL8H3(=@$2mxbae(;4o`%+#ZQ z>ua@%mOq6-c#I{vQdATSrR0f8&!9*k-;CHFAOkQOhy`6i7C~)7l}l&KJtTXGOOF>b zB`dt4+{2yWM$2MdV5T-j9j${SDtVptL5kO4@>$DBEsESfgu9i%c_J~*p+OXkKhnLw zX~9hsx#nhJRGUgC6t1iw12lancs?45iKz?pM)D_X92HBHW|#3J4yb`09WcD^KnbOevfP!b+oU~e!Ji@_OGnI&%;_P)sOsQn;rz~i|l5sg+j;p*i~#( z5`i5Ce}RXySLfwwwv!&UUXEDO-Hd5CF&ao8uFmhT%|e2)qjbCU#6tHFl_^qyNTOj*4sqSR7O~ktI2@IB(0$IxRx+$mx$WXAKYkoUsHW$uDvVKNN9(+89v3 zvdlqWIfHv?_tW6;U_S>W=6^c3g!1TxBK5mFQ&6J4P6!5_thG7$VOyJYEGq+**77M(U0r1`$Ms2-$6gXe!ib8-Rmn%@~ zjanNC8}^_iZpMm5B!78H&`s2N-P6MiW5GgN4T7O*o&HOAzWRIp*-Hv`tua5{uY!x%{?py})8p%dQyf>4_*Z#IABTvZ3mCLV+HizG?rtb^{;U%BMonEH z1!&LRm!d^Ndz)${zEq`HEyR00lX+@DdA;Q;2Xa^b=A!HZe1=A?t*_3mMG>vOS^=ew4gqslqpGP z9Wx#u^t#3#oPQBc?XN0cvJrHJ`Twfra^q}s-roOCDra?*fmAwVc*fCxRJYQEc-cl9 zXRpfv_y6^pNrS?P7RJ&p-4Mzb7ebkjFX*2b-!>T;iDWv^ftHj?)un;a`F6eo9P#`a z*HE6;o|gzRz6}JK!gK8dH-!-1KjG-#p6Xi*h0Gs9k(*Xk&e0K?zqLinH+;5~^1q5A zJ@q;yzG#jc_On|oj#?;_Hz$8nz5{ZLD(P zEfse?|3nfdjMtYe^G@ccf#R01Zo(1TtY3jv5NE3tfL z-PXRmu94&lFF3e2wUfd2mak0f#N?C9nky`EQ8Pdy-z5=X!n6v3T6p+_=hOU>TJ^9=;THOZm_6`j zWMk+n6^(t}30Gzl!!BN}wBlmvzl(nA%WVS9fnt(^A|~4f>iB3&a)A4R&WfNbbj1=6 z@jaSesC>yXFs)`%luq5#0eBWG^Lh#y3nfRGs>hCK>7B>H;Ba zLjFA7yP&fX?7gs+T)en$r=Y?(xFl`)=v9#+cj>1Wz?)Raj7BZjvQLnhde~pUiU4 zd(x&Z+$|&T1>^ftGQ1*xU17Tyk__IUVg7l2QQ$y_O10M0G13 zDG#3dioNBmqn`2c#-by8eHkof_-|LXW!4-PtPw#YnwJaQ7jWBOaZP5#MZ&#!pm3NJ z>A)MpdkvN;Gz`*(_h%Wy=FG$znJrOMbwP!dRq!$DgyFJ_oXxXGqG#j0%1N~dO21v) zQYo~>@t{2fO2>8(K&DR#-1U^}Hab&orXYfx?|D7YmuU?}BMh@M__ow_B+-pZR8m9^ zvkmj4tAd!gz<7MW!CEZ+i3!tkhUQ&7njZhoc4`c2Qgqf_#k5^$o>(Qon%8t=H&`h%f#JtT`k} zUQ21;V1I9Ue)(3#xtF+39IpDIvYXF!c+*HNXf$sWo{I+uDEADEl{1<9H4QpO7vxoN z&06gIi0N=8yF(ZDC-GojG3mbMb&`jVSU){OeiVSh-r0m8j44J4DJZ|B{v_Y@hG9ex z#-U1=0yoGJl|R|AnSRd>Im9?kYk3TJrT?RvBAQe3WYNzhh71}|y7>gQV2lmeu&A{A z4TAVRR;*_oxMz9ui%G?ssRD`X=6>9fMIM7Ay)x1q%9vOMvq%#n-=Vd*9z^o8dbJOc zIY#L^Ap$Rev^RF`YrWmh{woNORA)Uz1&@B~WcPde?i5FWZMS_SZzvR$sZr7|m{fDhC4|VQzhJLfVji!I{J| zJ(4FAU6$Nm(qDW{bV`x|=u(HLM$^4OajovCK}-}px!7)U zGEa!4FvktM)lrhJN_pNAHr5o63c1_Y-MHU2$i@Ni^Q}G0)xKTxVyEnti%`s;TcgyN z_K7(1@~vS^N+_d8ckT@)P%7iH-Kt6d#DB7H|B9Ma=i$dNf&6NeDWqx%po!?fOtRu; zm0iNKRl<18U*-jnsQ%dT7Sg;UvceY%>g^<7X4n0M`xCu#eZ2_H7~!LUN@y(3c<@0p zzs{~pA(6T=op44LI8@DV{%KH%?fGZrvr=;38LS-44O1)s?8O0blqP3bQV1UZ>7~rD zgA3$t`BBWcw*xMErWQ)tdF+k0yXBt#?KJC4@7_XbBc8ioMilY67oIcGm(~Ig2A@z< z1Q4#F{M?a(IGo~I9u_#sM{~CNQkJyW>x^kZIrX4P1IqMgcts#h^(ESk^JT(H!@zYF zvH2@L2!wHWRNxz<9O|{-fYVhRRg1Dm6IfZBOOZoWF120<()YNseFrfv5TM(D6w!^# zEf1TDS^JcAtEVS-sbcZCfN*ldc zlwEj2|yctmr^9o2O~S@=%Y)Ev**qIn?^TDm`Jh5BTzebzX370A0U;j}+OY6BS0 z**43J>Auvg%A77_9;mb^zY|%8TVF@zEmCs9#8Y=U&rFqIqy+Ix6JiZIg(KW_e!;LB6PiZ>xnP-`K)+ z0z6SrVH|EPleVTsGt6A};AVu{FOlO~YPl^Hr`^Ej!(+?#iKbhIAGYsd^HU5C^&eIi zc^kbqouud0_HH%50X`Uynu7i70>Vq2BKd%%;$rgt?Zz*t!*KFk@|?e!{+dfQws<1; zmM6^#qL@o+&o}UZii5ly8*^JCd#^NvC0VVlXnZEEt%Y0F}yZ zWLumjVn?BGUVajvg&?z?&mu5)kRX%XJ|CZWa^K7;Krw)e1Zj&Ok7Zc*IMn@IKB;>+#+HST(5Nppfr;z(+0|Nro-?qmr;%WFIR*B?-HzC+QE|kqR0tX9GZ>ilcczRge z70=Ixl+fCI9WfXoi69ZW6GV(mAutx53yb6+_c&v+EZw-!b~W6{ZTf7FtSnWm_KsUb zgU1<=b05!K6F^91+=&CwOOnAs!0@N&$y`LK0pXWQ3m>96w*$~{p9Rd7QcketqCf7I z$yK8kRra4;Z*wOMI-PH7uIeZf^hSM?gsQf8Co@dpKeNSu5A2+N;W@b+dgxC2U@7m> zSp5S2=0y4i0|Aj9Tc?Kc7-QB^c$1BibmzQL(jt2ljQrq-N)6GPNGZw>M3gR#^Kv@2 zwRXy&pUSBz1DtD%i6>||0Sn}3KIJd7WUYyZR~z(ZN?@5W1UEN`z!AO)HF$nU?F5Zm zRAN12Srn8zEfshPm)6bBnK9`UMpysqEAJPAz0VBk!f@L@+|(JiBcaZ3b@vmxRh?}% z>b5%|&0{Y&R5o&0^0NyR@!3?$HM^Vk>NrAP))Cw>ug2D8AeN{x zK`naxqa%|ensw)u`QszeoV5g3z_LW)u*cfc5oUGbdvP?zu1XEnEE2G3f6eAk=ZHZ2bs`5z ztkO2lvJ$PJ1IxAsUp4i$jqlmEHi*23%<_rG!|u|5>jSg`?YV)b0yJ^?5|ih^vv2Xa z&hTO!f9u)rhOTJ_6`1?xe@ua{_;_czxzh-+z5L;P@iZmxHs{&u<2F$1F=)r!{%QBD zg^IE(`xuUt&iYkQpxoM9B===73PJ8cn%h|hxBx{F<6V;Ii6Gc!mncqE?GXh)XC$tU z8TL%^4A_UnD0-QddQNBgk7AfA6aBf6Ug|ZNUZ5G_Ul*^Lb5~`=eVOsB=?e>sN7)rZ1Qq{e=}D-(M{gv0Y7NSp}Lcj^oYS7+9<98%c49S#4-6+32R#= za!HCYd%_yc(^d&b^QU>)B}J7C=c8#Slx4CZWXDqbu=axt7YX=_SUY$ZpTGFXS4A`3 zYgvYgZ5=#Pvul?_boOoDa2Avg%>iAkdmzM57!KQ1DN1tep7uUvr2-W_8%e;Zj7yWZ z+%R_E!{|BrUH$x1!KXehTuOG1>ZD)CVC+t!U3TDeee7u!i^M9!X_&NOb$pG+NVRdZKCU+@yic#H-w-}x*|wS3D%DRFJ7eg(3j$g;*{Y@ zaHb?wh--qH38>;Gb%p>1Ra%9=eByrYt1@jn5v54!-We0>*A+$u%YwScG>AjfGJ!02 z@mit#d&h-gIY?XFF5@~A>;{Z|3Q~WgEWX!224Vt;ylqC)(Ui_0mRxmT*R4z zi_up_E;w#J@dBA;s*jj<{b3Z71McPRbd3eIag@bW!O}O% z%3fSaApLVQ0XzIa=8Qvbz4xPG^|^$qYIY5)N=_T$FiyjmcXZ4+P7e|k(|qSNcS^`_ z=S;{+5LFtRsstQNr;Z(ZN7Zs_4tDr-ZixTa`xJp!^+!O%B+XM)_oF{PC`QF};IqU? z2IK%YaX6pIs8FtP9!{X>%(P@0ZSaF5X|{HaC5DbNzbb)oMteZJC%D=n=r}~qZRD@% z!4j9p#GX3=C!+k8)c-#@Wil>?jMlXmUK2@PGrI){+RiZDlio1+hPt(Zad z8+5541ir3z;wB0o%v-yDhf#i(UNwWKWUe*p zA}K}*56Rqo8KSfrRKns!?IX|_`Y;dy>O&zVRB)Gl1>t+eXQ_MP*4COR@Vo8=Qh^^=hoI|kWMdp&P^^awJ*2K zu6Kci3@y)kNBc(~EeMY_@;;!_9A(Q6uF*aGV}ka2M@xe+K3xoAWVN!LgryNn^naT? z_+aqa#PqQFm`4Dw4z%)vTKAX+hm2ov0?Lx|^1e@?$xDB_zIU_?_S&D!7~3%H2+qs>5}qM!$~mFn?s80wd@TPSDJ`66OJRqDSiP*)|`)*1F34Km;rLU)Vr z52LemODR*Jj8!0zd#r@7+s07QCO6Qe$UUqxtdy-Lz^0z%Uvz zau=tq@*mA@@-lNlN0=TK?R=D4-jidq*Hsiqu0$|PBaaJAR)FtlE23rpgx9T2i4YKP}p(}Y*RcM)v)mJ;lVKm5Bp?owp zz~5RQ^(@SXYF&FVtV(0Oy(AM3{$h3Blps8rhzaqVHyPY+LzN*GGvzpNqGFfK6`$Xh z;7 zOzz=IBYFqb76524Uhgr{3mo`iH%Ur7DJUlzEH4&nGu-vC_31F=I4|Ipt zZ7&b+^@EDXWt0cKoiqk_W0odf0Gf=)hk2|7x?D}nDwkhh8>E71QB$4t+wTtKqvM5j zUN|$cUTS3pB?Mo-a5-)9if$K8&C0Ju(RqsB zZJ}4JPo+^FJisxDZy)?Ac%llbq>e9HxqosN;OP1!qN9U+r|7LODO=(!s&~GfC_UAq zGNFN^l^JRC0tX{?SJU!zi814S@c$8yR`IO_7qoVMIuoV$l&BEz54&%gCNf?By#*l| zGUL7DOK8eO7kMM_n!rAD^EXnP!UfvFIYZ;psNT|JW>1C+4Ls0WZ{W4;HT!|-JRz%v zXHb;-i6_$I-EDvVHQOae2VQqh|}<#FfvwpbtX|L>9RB ziVzq>)USCyhY^>~G0gYHZ3r6rxY?U-GBzv}cJG{1e!P?~vKgdZ&)TVz=l_?$I}Xlp zskPp931=)nSQc&b1uBijruP+nb2?=sPB-E@=?@*w;#dvYasHUG7sXJRdxPl;!s7bZ zr)dnqb@x_$>RC76G5bUML-Pu+JyTMpE4-rurLA`;A7i#M7+u7j#&}>@UP(a=wZrP; zk=Sh0s8R*n+yYS0P*qAj*sN}dP}()J2Dd0Y(5gw;gvx^+oR=qzc(aN^X$P`mQ>_QD zES-|Y!&%(w!-F-eLak9t-IK)>S>`E2}@3B&vH&cv4z24pk=hJyFnL%g5y^83Gb*1Da} z2&)jbdhycZ;4N=nDb}jIFC!7b2|MKo)S9Hs&p^7kM=}W0N^yQ-<9KoI?&as#blZGArA5W<%LJj3KL<^AjKA%*(o**6QKI-?lNw@)X zJ<7M9BR0NioE#@~N4R4}|^@|J!Uv-l#aJVfUf65|DK&l+E%^zE;gPX|5krH zs_E_oR0pcomV`wSXiKbIs<8-Cb8_>X6J=e_%<;aly*}S@+Ac08O4oFyOO7O&SyNKasK36hkge)*YJ&fg|NQsTKGNCso1*YEYBY3t|A z3ZmUo|9U(f_KsRnanttz(Alsrttiu_V9lEjd5aSds<|G=?UEJg)#i^BUtIG;7(kt3 zA2K{m>h)`(`-SaW$sA1vw!)=lI8d?s(0<)An%DqY@4w|>7VF4Ruo=!iy{p$tdbu~e&QVFSl$gX-| zX_QLG&iZ@%nucY~P+reY%9M63+lM4mI+etrmF<}rls2&T?U9so5|@~qQx+sALN(N{ z@|8E!>WS^G<1z%>(FDd|JMaX>{us2u-7>BFj>KP=)y)`*Sssa~XmYoqAyMMF z*(PMBj%y};yvQ2@qqhEhg_veN$t&Bo0nw^G_BFTiB_g$(h`;~h1vw}=V{@rMoV?zR z&LtBX1Y8N{t-ozr{rztPFE4cudkZN40GY|9sy^#t{*s2Fzp$?zLA5p9&Y$kFe4y6m`VtGHs$wqS6T5yLE|j4zh@)yoY%( zhy>h1%TrM($YEpOx|a7XqmYsrB#gY04i!B6@Qvo>oa^*D3)9Pc;7gg}f_#j6oLnB8 zwGifF`r$LWo9xCN495{{voXn5tzUfhCkF17#5~c96}?20661oL5SqvSa$s6khCof5 z1H%NPgFDO!Zzv_(NWxMVfycLLNaU#a>tMuQ6fbUmH1^{XgAcAXA{_hoAC}h^k-PE< z%s2C5axC6Y@%S8t%<=kJk5+ZooS5e>=6(8)GO^&Wqk4U=1YrcHFi5Z@ig!*##O9>4 z$be`*t1&PsltdXl?Qg5oSgF|4>b2B!woE5+W~^P@yZ3jbCV~V+wDO{F3x)VimTiY` zZSvyBKKyCIvDDV$fw#uP-SR1thS9nm@_J>%wjmo@B$MPVV9utQAUfob0QI_2zo~$9 z8Yq+P1ayV>Jq$o+Uiy0M><0}iUzm9LRcw8+elN|-m&o)th}!G=fcgz@PUetDrBGG~ zJ+;svME&T6hqZVM3MI>F5e7Be{PV~Fz?+Fm)5^2oN^lHTA+r|?UG>QV2PHZoCH+`_ z^SIerNqX@q!e_f%RV=^Zn<{n8E}hpryv2j+jRLVkg|vRmc79o&OqryTX@Q8Y40wsr zYn;C!Cnw0r`|5Z97j~;>*{c_N2XB>Mu&I6|U*^B~AZb_Uza5%QOz|P2JQvf;IAj2O z3{vv_<+~#17101^r@v)s>o=}w=v(fe(a3JfOd~sJ3t?Y63TkbF zZPNaE=Jz1UF?*M{C%|Cz6Xe4gR+iQ7hyk&f3oetpyP_%DgZV~D6d(`FT)=nUm4 z_!aPo0#kQjJFSno8LR65;OiWlLyNX78r!yQ-`KWo+vbgJ z+qP}nc5-9eNvG?5>ZX1m+YjLL zQ_SuQ#}iExd5OvEM-W*`T#ECi+!gQBE#=EW`LkBn%x>ZHFw1<8h%v=iZSY!h$nXN4 zirwxZ!Eh}; zi$T6M+T_%z_bqy&wyp%v>Pwcl#5-uwD0N!R~wFs8ByQ#cKJKbLsK!mU=x%fy)#qgf8BKsF__)TSZm7s zklwRxRHc`de3tCoQrf6o>LMHirgt+(-oxleT$C8XL#A1$GdN(`*)D=_TuIA$n=+^A2h8=PfE@jLSBB zz^CPtUBLE;b7{_WID=h%r}RH0n?imIEw2hX`utLk{xTpqVau6Z{FG@@Qr&9)e`6QV z%6ZJ0F$>4>N?Ocvw8V?@&o36G+$PqRWApbv6I!|mf}!e-iJtMHPm+!2mUIf3AHmNB z1Xcp8!=AnT2|*pI5`$##~XlO)lGu!WITz!J%Y}6vA#K2?F>J^HMU$(XF9Tzz2@fqPpSuya7> zB9)nK2t>op9*wQHB=8bosJeEArJ@^8oLXQzH?WZnX$tx^HXT2YRQRyK(Z^mL^n@_p zQ0+>=bsP4T-PR6jtJbq6uX?}4tz^h+D5y@q;~eS3E5W`rQ}j;Z)ykK6Ss)!(`l$jE zsp*z(9Caim1eQi$pEa(l4bsF`ElwjsXnX6^5hXQbv&J5_`?CeiblH6U`!JX&_Cjh^O1xnI00<{nv$?r;I^*bg*WC5p0`;Ml_3pj=Fliwh%i zhOoqaW`eKox&vP1-W7oKh7{}LW8s!&kF}je*G^s7X4==G)#Jt{(nEypgW)}uhWT&M z&)`Z$suCi1MlDSK};LXHJobh<|mBtOCk>+ejTHzmtvHOSqMx0|wiC0ff5xV;5fm!rNS88!(c$fN_b+->D z-j@3yhH1!>)5Ckc)jBC>b@X=>FZfG6{fvU&<0BGF7z0AMI3S(7?0 zB9z6byyarNSc{3>Q+HsD2~n=K4o^M~*0oc1%%C)kD3fcs)-FqEvd(u%@dg{;3LZ zf7v#s|1-KbRf@};-8-|V*4|4HsZIDrCqvG;3mJ%GfK){vqkLVaS0tUOsP>9ptJ z86O315D2ml-@KggGNp*lE8T>#_@neAY!tMILWlmbmfObx~)#qw^ zQ*c9{_3K%LY*MXX&S%j#KyptC%)07op?4HZ_!IweKN5kZpP{mQ&aL47$cCy<%o=c* zc|`3(f7;EWMzea49gS#T&?OB7@qUT@niNt^{uE_2dCW9b1S48*Kt!o@$=oR{5Vs@K zR`-xAb^|PuL~x+k%Q;iWU!!xdQm*Vk^62Vp z8cpow{NMhFToJPobSbOP3m0dSX&a3oAY%kCwt`-6 z))F;9m;VXF%jX}MEqMGlz3XC`3P?o*|Ue z!XJMW5hViX)>MyF+IBS$X3Q67pr+*jEzf$E&WT5%bS#rK6neYVR*ax&^_rcLrn-pGcmcF@ zpDPnLEe;q7pya{9WK^%2(nO-&qgqWpRzc=glrq-2u^jtYsGktVJ`Uf_CCp6%v+`;0 z7S@!DhX)%?R_Y89I~?&(=dDN<{{IlJDXG+p?lewpLcX=Zb=%*kK>T*85rEfQaT)9D z^?+`o35NbwjvX%)thC6_4w5n_A5n z=LtI)%?Y$rK*6GcK}pprgeZ~tr-|Rajv*9M+?TUh?NM=E0wV?pP1i zzeojIOn{TS5SjP}5i5B$TzC*pPMjQR@+ImwpYKc020D7 z?ir-;(ko)0aWV_xO;_e;*gFpTc46DP=}zoC#ivlmyoCZDBvxn2rv?Of_=6 ztYGBanGt?{@x@+F=nO|A0+6EC%NAxs_kw@N+Xv}&8R#45#aSl)OpK5mXhbQo;Ost2 z$ri9zkhz3I%T`q=<-l)5(9phH=f9dO$l^1~l%J`k43M{n&kHN%NjJiAfxnccKX#e4 zx8@rGgUb$SpRM@h*^(`?1=B^Do4CzdtAZ!`UtXNE2Vav8DYrXUP!2PiR1$0%13-U2ebwVbs1vySCwfUu90urAy9Ljmild3 z`CFjbZhA|+5E_UyqiinlRLDp*0c*(p-Dcn#R?s0`xkz44HVEz4&n&f{7$3o{OGx0zZ7lqJF_beR9zb8_l}M&}i0@csZ{xawwA$?+JWG`J`q-5@N~%!SH4_XPn)c2i zN0(%YTs7UU0Vl~|KJO^t+`N*El5q*aS>?+Wd~_)SnL{+xeS6u=5H#!%wB3jw9BN*g z<`b4}06k(l(Lh?TRS-n_PUPB5#pM+EplpcUB-Xk6i#`2LEu2@ZV~Q)!ak12Mo0lJ@ z4#5?!b~eIe;u*{|b|@emdUnRCSFbhhdFHeehqIt!&pVe>Hp)p{IqY9(W2R0NoQV>` z?_F|@qyM&`bffGdoSOLTU8ZbCm^Z$Y%Ey#brq>P0j{$8b+9fC-U$i_5n7~IDM>ZVx z;j27cvH;9siyBSP&9xJ%lKqSFJmzT0_uv9nZ;?$74e#DkNR3})1k4auzd=Wm-oA&r z(MVi`haEHp(vQBswpbHwvg;6j`yT#!l(*3KHIxLFe?&&9(sGCRXCDXWuNv}T!(jM* zJ+XMzlrbm?!nh-m;VseC&2{M2q9=!0G{fl}(}p56$E=pqY*3TXOuPc!{CWjuoB<1ku(XQJ zZ^QdZ2aI5mX8W9%9GnXD>NYZIS@wP8 z*q%=0&RMYDg4N>gI2~@O)G9z0Au5j;N&^QtiU7`ycOO=mWD{DRQd;l{keOei`VJo- zgZetnkLw)*JZMV~oE_VgyR=Hdgr}=twQom4d#qc`Y6d?%w8-{k#!Vfg!nHgTXT(?S z!1oj?1__kdbBG|#x7kyfl#RgxG>i~1je$b_!B+lB)6zrt9}%;7&u0tY(7fLDPaFLC z!L(#|i+Qo5z2h6^oG}~IHNk|_$8DtD9%cz!4<`wR-so$aLdH91nih(i*5|?BT>VJv z(#?HY7QTjOLvg$*#wunD9%3I#n^oo2MyK|gozT_$_5IjdoQf%h zd4@?uxZtSw3=^lqYo-M9IJ6DXP&8|r5d;x^_t|&5@=2PA!9(b?>kYxBzc*!`v(Sz+ zcS$gF-sR>N;|TzIBn*9PXWRfS^R%jZGYGseuq*lv{1Df-yAFeu(Y{z+Dp;z9kD71( zxmcv}H%Bo9^tlHibUD1~*Sly$TwDX-=Zuu*K#`+uvzxgRbh}vCZwm})yHvO9{fLcn zJ0z6ABSA9YO@^;lA6;qUE$!BKCG?WRr!TFr;a|_z!>610mB`RD$C}yQ%bKywNnQ&1 zvpUaVs20^baeKepz4&+W)}i!=hjzSDtt!w)o{%iA*f5e#KJPbQeViTaMiG@i4uY_3 zGi^C*(S?aIJWtDvMJQl?$cNa&K_3z~RpgRcDn9TtQ5Z?ZIywsML-u_{Qqb9p`WEg+ zQpsDyQyeX*a>7owB}MEWO383v z=3<;z;-w}9QHzmL+@_!lEU24L8}7KQn2ct*5Qu%B1qbkDW6jA&_4}Ba$}?%I5yX#( zSb?waM>}9|fCOH=N^=wU%!((w>6^1fiXEO2mDY@bI~}9xVU~>uP*R(N=*{jyBh?N{ zH43F2U2H*CuBvATj)nrH0G_~UI_{8@Mm}f{RhY9O)T?YIfiryXrv)}>mD!-61ut}i zj+Zs~TTigAEDv4WPI?!xmSG5ZC{MDDuc23}q7pPLu_?i|)m*K@K21HH$K7}S>en5+ z6oIw=)Jb5t;&wg@MKwq&EfoO>Hp_aZ9G>{-?<~3bVDom6>&IedD0oYCbYC*#s$3pZ zb-#r0I40#^g!7=oH(Fn5DfPLh{QSkc!=?K$h1NB-|M7!oZODxUvjEbuTh4J|s_Eo% z*~Y`Sr^43l@rcr}z4Pw;fdSm}<~*YqOXY9A`s-JZEa;`=1pb$Ab`Zv`^|tv*^~iNuL?id0{dNc>^CPtXt)-s@3<`w&A1 z6gJ)~mc1LUR+^qfir$2{@FZ{A(N(qVZ?hmPe%|^f)O=MLyHFm+JT0QCkBgiwZE!#s zuM~@t=1`RZaGijHJhy~T>@!ZW98Kad@fwav8jD6;5cCfF2)_Oc5@c1C%PqbC&d_BR zBBjz{qcXqoWJNLOv^H+01}g-zXjo|J!Cya(8pPMq9%l4m$7DR^10^ywv;yl_gp#H! zL$zaC?vGt!$!M6ikY>JSr38C-bv!U0`D76k)z?b5`-+u0(5&qA**@trGS?|Rm+sgQ z)pLWsR~}#UL$jmb5?zH2Ws3){b5*LDZU~MNbDU3`^#RB0&pP;|;UAqH`K0opYEx&d z{L>%I$r|7lp|dT@iYNUa+s#=wJa=UM=UOf3Q&nV>OUs_F!&AtFyBZ(?Z*v2HcqK0do9Ukay<*83}*>C&+wH`D`p9!&!lJ19jzbaejQmH~}jX68f3uc4# zlKCwPO6q2y#3DubR!q#F#`pA{#aI|Uk$T~7_|!uoR4<497YtZNRv^{E$d?NFfNn!W zA$^S`mT5qV3So8$ILT6FbdS``m>?hW6U(Y03VkwNql#-FDIvDBCHnp}?5F*RxV+(Y zbAvydsWp@tFF$giI`q$y6n|D~$X0rL<}`aGF(eMZ@`lv^NbCQOEnNGdF4~&Y zPKEbzA9;Cz(&wwI9XBxo-5+adwr*s#Bbu?`fpF`fTQDRE11TJN+Ni2&CBN2PiDW{I zVj?nD>ThF}>!IR2_ljPV%I0F7z`cNf__9FT#zOcU;t0U{Px(&i3naD#Xr8V1XEq3# zs1_9{WG}pJwK>$fXkIq9@kopK9nGA{Kl+h_8xp@vL-DN+hPiOYVIRp*PUYQIR4p(+ z_dJFZ`m+U-BS!){Saq(UQStD*o;bWRQU8#;o_Xqg zfiSC21G-xWoY~HU>sP{nztua=3lP`$*twyVUkJOp{p+YDcTkqs^;iA=Uh0KQlAsRG zag4%pYZd_-i$G++&NexWqWtwJl37$ixEjM=TdP#t;l_9n+#Dszn}HkFv+~;w|*UoY~6?PmogyH2`-9D#})Bp=r3v zU=ljwI_hS8!7-#!e8BY$ldYIdkdW@qPl~Bd!vE#Io-edeJBS!3a8{q&H5BJDHN&__ zwSY`=qgKJM2mJA9u?A&*nWZ#1Qo0iNv@kbw3lV4G>kVF~&LLZ8(uiEU_SAGSHT5}9 zfANjC<29rB=kq4-`|ws{Um@OUQc<+`C`!1QWe?MOmOYG5nUyUOfUt~K>*j^~*Y^k+ zSsFiIqRH=rWK2xL!R!9L!?>>|fmiS3a>mOB_sBlx%sJ7W2CDMuv{?2b@a!0DM{L4Q z-SFl0eHMQ_Y|n6t!F{b$9Fqlh{B$m)t({`xW|M-`kKv}3LNbff@8iImSd&b-Rhch- zXSbJuxfzW8)Vdq4Sa!zofccB@`yMs;V2-Z5FdwpSSfHgotfFtYK*X7`-;DV8;M~V6 zWL-Oog0&Wpe;RWM36pJUY$c^Rr`3T`WhUU%Q%8gVw}!}%gm{1i;A1HjNNFoYfj)2^ zADu(J>DQdpp5$Rh3+_X(ZJY_Se4)!sfiCp)ljDpfY=L=nLqAY*Z09C0K1yKq_)@oO zakG{PNJrQHMSEr{`OPOvXPMdtHNSPEy3hNWdw!Cu;PNoogA$QuV-e-sYlhkr+CllR}bMp3;mQf!?^VB>4Z z9P9sA8v-;AP;-yOMrlAQHDfb$HV{8tN`kM z3-mNyXe6|(PUWE>E7y1mUwCBlTUSLTwlx`t&k#B|Ut_JS@@WE17WRk!f3mY1m%Udz zzwE5V|E8T~`MvY(Hl5=LH@|t;-i%NX9km`}+<#FK3gEpp8JE0D;X^cZvYvTC`>AXSMND zZx#p$D!}UBzTl1ZKY<%t(}VN9OTioS<4eP%154u@r~otLW5L;h89*Q)q}N)62%zqJ zJ`+US)BwX-{5gq&WVDJddSt(u3>0{f^V4UOy!pU{t1rn z7LN-c+#ZOz1ag#bC*O?#K6D^(bem;JvJH#EtnW&rcFI19-;h8~Ae$n)9j-;k;9Ghz ztAyGuU#L#D4$H$$hHh2=%Ss<&1w|a?{$n>neY}suc4vL~(P3L4a2n*sYt|26e%cf;yA6wzg1-2iWk^%^97plm6*$gE>o=+qU^uKC*s(Y7lsE8{1gdfBo z3CLtrSM`n%_THTWFnvD!TzWmb2Jb0pF#Bj4Y>j*v(3_J zPYKEB#EW4FSJL?>H83K73sC$DT^gk0e)8Xc01vG**n!vIKi4GN<#CzuqSe{Of+I~_ zLJboXdbcGmd*F5n`_>U(XSgN#Y)Gr(4cSv9br8|<5DXAUJmQPJ*?%w)vX{leNUhm@K>$36rd=^N8b6^ zWz-RNSH{mqS)XffW))1WC1Wnl7%aBdlm}%d-~4SdoWli>BNRrQjm6--Ztti=4@WzY zqXA%Mv**{!9{eOO52~$cd+~=d3iZu74?0a^g_FUjVD%+a*T+VK=SX#IcGcOtSfd77 z#&c`EYcb~iBcG^z>@#-#t65c?3zxhr`ptec8kZ#t3*`05^mI@u^fm>`#SL5u;dMA|qgv-gH5CV_1DjI~!! z#RCp=<~|Qh{J0N4?h+s+$fk`8B;}lN_{A&__gdGY8AW|Ck9{)(e&gfs%|f+4-73s{ zqxL&4Y+`L9 z%2oThLThaw_zjrf_C+1=bVN-;VSr4a4d=*5f^M_uhse^@!ZJa4rk>GrAmWnM80yYR z<7#|&rTjAuu{TH1GQULpq;*nDexsRp3X132^et8#b1(KifHM&y z&iw7Ah*T`M8M89a;h0jU5aL#y$f9vVZZL2McvZFyi+U%tEX#&$5b5I^UFf>gzYRhCTX@};cgPOaJ?0dFIADiCHE_s+9um?(^%Wt>J*Ihg zLb0LSQGDr(T6dd*k1El^>f=)!h@c=-4Xi}?NNC%4+=>(P{UnNE_j_JS0uISQx^&PT zg|T_SIWPCAC|_>Q-O0_HZX8?HIC*;eh5Dy9H*YwGsTGbYOSao;3I7d1dPqaV(bPoMfT z9~n9C<{FmIF1Wk%h8OTA)s6)R;lS=PgjPCT62Azy*P`^^`!puh@tbMJA#R3-)?dt! zn|t@%Ovaosim>pVMW4AX1Pi$LjSc)SvU##%`JKpaQdWA-a#8g;n^+9NktHi43!r>g z5r}K_P|q+6$XD>#W(Hrnu=_H@Epomd+{M?4X0(oED9efjs6Zp0w~QwC_)}_6T$J>U z7^DB{{0WGI^iy`8b*5>Rr*tF?oguZ)2$h-8G5y_F$?!4YtAuGA4(o{=X?$3X-yCQ( z+P6kpsu|ZBN2Cr7iA( zOYX^l3PpPcm{~&#b7LkQ|EK@kLf^sy_oDP?yy6zM{!c+W2q717QLVTkxf=FaPZ50%QaBk15cL+Il?z>M=+`TEji}?5W{n98@2jgIA zl&~5q&W&(ODAFNv+Xt3w-p>-N2o*QHP;37vS3~Kka3EvS?Q|^~Kyi(S@EBn$x?ndW zoNCjmf3kJP^Z5*{09)vMa!Jxd=$G>rtA>h3at*$ABZZ0SiQ>+k(5G}y%Tn~PxE6n( z?TO%7d54!k8^V_In@s#5=w=r9%`S8QcF)uyXDDS_R_sAekey>I(xC=HHkqeLjHmD5 zL{8*TWj(-1Z&LWd-y?vd^v@+<=^?t5B(asQ&$FnpK&*YdL$|(q6h;vMhiEw%|Ax73 zpgsk`p);AyuBEK5vo7D<0ruFT76NyHP;tgX<-#@oZ4Z({1ue1!e#~BMK|^6c_FPbC{-kGONgIwm94tlGC2JhV)f3Dy@ zjUgE&2ZiB)UTow>_nO!iGw5UR7Y;7%WoR3$6w{P^D7p;zcpBNUO9=BgPhDjtNo1)+p=VYe<6 zrL@a~_0Te9%;$638;EksOW1F+mq(j%q(ohm&w}-91>ZGYCe>$EFt_h zRC2n9NKUTCX*Qf*a@9BcHR|<%0{68(dNuyRP zktc`_Ep40^80wxGa-5oi!c*8a1?1D=vgxw}|MqJ@;0<9YV&t_m)!RXC8g)-0R{nAB z%(evG)7d+Vrd0dhH-8*edl|O}E0zx(X3gqF_UFcBWy58HUp#=lg{7Bz)pD%xEL{)5 z+!fbr`8(cQYmY^b(xWZBQ4E^=eO(Qz!T)867hqP{q?wc?zbI0fIed-NT0BphlR)EC zV1d{sv>RCM8VfO68*N^}PP02cELoBDf`S~f+|7eA6c8fOKJKp!zm*6kN*$eW6)7E6 z13o;kR#%r1qD$8&vIfyaZcz#T2oP$apm#w88El+>w1!46Y%azf(-h047<@(hMyV$n z+FJBnYcVVN2%logqg7LV;flIubGK07IrQYFV>+?>XWok2P-eq;V8FX{HN`(o`zPk$ zq#JO9cL8g-t@_H&*^*iS^i{W@ry3)%T8lms8@EC&oTRn@$5|j*)Mof*aD5y8IXRT_ z{XF*2m!m=VYVIYlTR04-*2#9Rv#d9c`q;|+&=SzclCnOuALs(koeUO6t;)@Aie1-n^9aUo4E+knnt77^aG+JKPHVUmp&%#`Muq2q zFKlBU^8EM7`QMqYvY-aOKFd#GB4N+A60m#21WH1j1asaQe(K^P(_HAo1Pzyt!x17( zRchyP51w`+j}+)((8V!-C^M(Xl%4XZiK7wAfx|If*eCq~I`CqEyK&tScu~xgWZUtx^I;%u=PG5A_=+! zkWud8VA0b7>gVPsqUj;I2I_)ci56`}$|_Z0WDce>`R>opuPY6;MU(da(pxSpGuZ56 z?k*kQT;;XIQl-_Cjg`f+!E(t)0kVqR39n6^T6x64QMS93>9f~f9cwsnpzatiP79W zOEr0JrK={Au*8cIR`ER=}&bi()U{!ht!=0k`k2NjE0ZbTArtkKMa~N zOb-fkEJS#ogFOejt3Gc;W81Ybf?}@%P@IOJT}-A?i|)Qum_s-dM|A=7{G2w}+oF91 zxT%`0*C|PxzMFN^w8mlgkMwceT4$|>%SAU5Z=;WMKA>7BF#Z>=V>PGA3mYy5fgFvkK_E?M0R<}pq=IWXJ3seHm!_Do9yDu}q!cSa!77-pa;Arnk&>wP z77#%wr#4^gj?Zldm(-xkn9jCz#KV!O{^}kLLLM?<+;Cu5A9%0tCs>dYEf=dskLbl4 zt~{D_g)rZqTYE%cIFZ@?Uf4PLZ174zdV%?6tz2+dW6bfFf9uPf`WAJE8=<*y|Cndz zn_9=>odG3P_#OzUoks2-)c{YgB3??>|j9N zJx#eWLNTvG(;hlplfWSbOu=El8jK0f1vFhlxPcD*L_z03-+8wfes1F&pHrNH;u0(v zbNYrozf~J*H2GVff(jM_=W(L;lU{5Hzq@vSaHf&BF_cs@OL}rx zr2D~vQw)0-l+qbK)jr3#nvETT@?aMytOE>F9c;`uFyaMBbpMifp-8E%ybOdo*=iWi z#2YFEaEOn-!s@{8Z=Q3LqQZ zb!IB3z|twxmpTZf(RceGRbL507RX^xyP|I`q%Q-7R`Pop@s;IoEvr#4IWols^j_rF z9-vkL+@&<{buwW@JG;-*|IR6LYfx|!GPzr zM(D_lMdqip7cSZT$5r;2t;T8K9-ylV<*$8S009m+a0I~_!D4o7MMh}xH8SJdg!3ZD zMM024R3lqRG&f}%Yz}uy$GF47-k&H(z3$YcK)yT%-=}I{-WoKC3&P7gE)L9T9TF9@ ziQzy)c%0NvFazUlrL%U7?8Fr9$u{&7`_92g!wYW1`3^Cs_OqAz^~i3ZfL|wDrH-M( zut3hJ$2EY8CB3@kXp(p|i0$}-$C+(~D=>l3TWXIAQi0>$%8ct7)2B`y1six40#ITk z28B)GE7)^mniR(98co)*m{h@K?pnF%e*9=`|I&Ei`62bz&tabS(0#Oo#GOl_$kuUC)0*O=pX&D+f)Z?B(vAH4m@6YZO{J0%4|NAqrZ0&M3B%1$fJb)z& zJbvcevPWJJie1&TW{NcLtUTl&=JILjYkU5fQF%_Lx{c}KTLWbIE;_`^%X-&S;D1gB zSOZZ<4=;)0ebgTvYhZgk3$Ivk)xAwIo{zJjHu^?qKG*|O)^x>etl9lbI-|*LumP%W z^7=GR$u=L&0DZeuMR}tv*}I55dXCoE$n~uQaOD&Ce__Ota+>)Lvi>zQ##h?iUE)@# zyts*UPZDXYy*xPRIBZMLLi)@lk970^b%OK%;V_AjVTAFPpWIAUzPBxwl#<-V%Cx|d zPso~^V8r9_b(XSMYi*^$@#$ z5hYC{42K#)&<{|+qctFbk#*VP>jfUaFf8I(g+&85zawk3Sr#u-s1n~LN}dcqZjkLP z-gj#$a)7Y2a7pI8^Ar8_o8HL>CT0*?tSN2nG(TF7Us$g6GCDKudK$H(v(E&Y`6r~~ z$cC=p8XRqaS%!MnHskNhTVnnGFoWEnGZG;|)bIN1JonjvT(GX_WEEV%EV(EB*5pXM z-K3j_NnVpa5oTz@`9rG~gO(ENSgX*n+H)TjK?%jXfLY+h>@j@(xkUM4S&cYg#OgZ> z$KyN!z1kf=uDC%ZG&Y|cA8Y%a0C}P_0jjyEH{%*fd1+t%Di|kB(jSSNFrIpbG!Vdc zmv6QOlBiMLlvAneBTYpxH6};WKgy|0=Ubiv80&4Ra3`|A;$@>04b%$~C6#~vo37k< z!xxTZK$*DR*aTeXCoSKK@${yy(S?8P)?~J34tnk&4Dir{Gy&uO(}K(!Se&ovNJAU8 z_G;PKAIAp-y(k#&vz+Il55|&tn!{t`1;+0|smPj6UgX-*!e_ zi@tV$9I=&x{x>@XZAX@;sU{sqRgc$)P0!WdVg|AiAPAF~N&hWF{-q*VHF4CLNXZUO z&KNFSSL}COQKUv0gci~`?+`D=Am~|cYrNC-xA;(;E|lHOw>Au84kDX{I3hK#dIteW z5UuwCtGhok3*N&;TD}`nzBDpZ715P=rzL!a1YTdFIq=GbQo! zFMTgguM(V%JPFm#eBCdhLr~4Or$Wis?#S_@D~JgBg2$-U=;Ti0+$iPmaHZ}k5xOtot==*`l$IQwWo~qp-SXFSB%Bqdw#rN~4wJ^U&=(O3>?utI9P% zB^S)3RI~Lz`;m>Va)m&_kuRMCp!%Jf(EcLDK`_7<=Eyi$u+flL*Xs(Qf`#iQElv-{ z6;A9cTOP!48z{4F!h+~Z5$owmpEQdV0M#q(E)K(iF$31`#lMx1_u6u86`YsN6LE8S z5=E}3ffP=maJbDVe_kD3I$W5gQd!l>)xA^C{)7Ln;d&UPbrV*nl1VM{Ko%_uE zc0yk+MSQHO{A@U=EE}#FSLn05gz{DP@j9r&rR4(XgAJckpr zSmyN<-Pjtc4h_|OnkMRWXmZw%_0t>#HDX(u|KjoL>*adH1-zb}2Nr@W2ASRzuhQg* zq2#0Io*4+3*ouJ6RBHr%_J>ldp!Ih2pv0x;FBFHM)3;b~oDi2CeP|D|8mVAaEqSmQ zq?uhhOIn2Fi_Rt!gqqT{*6{%it$%bHH>w+)Dlq>JL4RA~IeB6i}t z#A3w|wg&iBbOft(1z2ug`0IqC%f`#qKSS`V6Je24t_J{FvzRAntEz$LtgXT&DZs&F zIoMozoAGxBrjyCC!yrITzty$V5BZgBqG`oJr=}aTWouzC872e6K6O2@4|Nxzhez0g z4sf#arK2;!?iepCPZoP$e$Lw`L3|J~Tol<2v(L~mg*sQMnvNrzxzq+a#0Q?UXoB>| z4`C!z;R7Nc6@&uO8@Z-M?HiR#n^jH})_r++zXd9CbA$11^xX39Cp*k8@{TtGfOAf8 zrXGvtM?3enxbe90e`yjWj3-29$aywQyF)xsasiu&<1;DvTapfY2QXhUVtgc=ZO)#A zYejR#tZqn4E|d4BI|WZ2uTq!h$1+o#+^=wPEy2#;RkB>uEfU^aVtVQf^@P7`*R9O? z7yA1JL3Nl~KAKVg1-s4Z{I zM%imd-p?7wmiNKc4nn4S4ltNYsuZfb5AnAs8ZpE(46C2q^8(5Dhgm-a)i9L0WJRvo z#?`Uls^b(ao~S~tzgFuwSMwIVYIo&F*FzX1!!Aun5Q8KhtPgc8l$P~9?0)hUl3{)`~gcm^06Iz1p+ zo<&8)oZ6f|f}OIOyoACIc&rF*0J@!t=IdzkBg$+k!Ye$Oh1~>P2l0%Q%TX5;Hb!ti zZbkWYyBsE_fAbu1G`Md=1ov;c+;TPEKUusN(L_&eyl16Dd1<)jH zDXH8CPqPPV`|7dn%T%E}O2F69;ESrvL2Qtx3_yLvTym+1@Z?7GSNNPPiRVt&?biuC{!FbB5<;}oZ#ggTkXwY zWkF{DZj1?tDlMY5UqBv55wR2j+)J&vy1ECm06>FJM2x5^6RQgL$uF-ezsG&xkXn|$ zwX(2P_CFEp5h!TbH?zs(IB3tuySMjGHIAfweFv2NBIA5mA5QSfzK(~L&g2&|sZpL^l$M9J zK8IF^mylO<-j2;VzIJ$D{F8CrJ&Na*I?A+F%+{EGpf^mDL_l>u9*zz1$oNupR*D~{ z6}9e}#>X~ycZpiZ2&6_^%*2o6{(AkWUO^N?UwG`MyHi>6(#Yw1#ZKMXvhr3keHKYBlk z6F^n@j|DD^2vuzLq_?r*D7SPo7a?~{vNTkx{ZxK8OivKkHF&r{Y=$^6Pz!EzZvLLd z)Ij&bE@@(0i(*t6eCk9L>_}f;eciw6b>y>pWTvZOCrhBzCFB(u?GTVEOcJiqG&NeJ z=xuhZ*sPHBhGsj1api3J5U#ZShPNCtxffh_p0R1v1bF!kDaX6numJceN8|x-C?HC) z#2_}MyRgI4%>G`de}>I0dZ@7UpO|N3nlR9scd;NhZl<+D{i6zvBW93Og6(u z;PE2|8$bS)bPfdbD0TzH8)3$Bf=Cp0wwr$(CZQHhO+wPw2 zt=gBZTD&DcAh%MlnI-q6Z@BV-+BJ^`)~c?1s9Uu1HIKjITuXBs=q9RDjsFK(*DKrHl zOIU13h;#Ke)7HiUNOar+4~C#uz2d$L{HS8U+9Z?ur2Dp;1|(CcE3_ebH&lTPs6|jW zqy6S2V9xR;LEl^Kt)dYT93QliML%HIRgL8|aYkmFo0f4JPG26i(mm`3PmB$1_jaH|t;*ESOVy{E#oQ62 z@;XFdkZZ(q_pH8-7I}VgxsOfLnP{kxu}j^$$|7WuhGmeZY|B>Mnwr|= z1#YUeYV_wuuKvi1uPY*@Me0&RwTL;~i*zd*B2~+ZP99o_vo+ui>2_yY7NVXmE!YFw%XGh!*iMwa8r=WG99L9c_ zoC_BG8*a9rUH-VSg0D9KHXaurxY|3u7F$-JkfS*-cLy|*!`s=5{Mzft1WLgA+ezSe zk4tH9sqswxPb%-1UjGJ;_6?=fQtmx0Ta}l2Lrr0-Ju@g&%+P8q_d3ARnMbqtVQjcQ z?M*t_xN~T|GGmL40-wyS_^}N3VJKSkM*5_T_wn>dWTYnV-z*i)Rv9Ty$X?fGN|hv^ z(VGzhp!0kc5GZ=i@`l@IqZ$r&XS~XH-T@@X`Q!voQP&!hUemgEfh`3}w*D(hUBsSOrYWfdv zj3ZxG&tGYb?hC;kVm7{4@G_5X6u5_0`3@%|@63_fD0{Sd17uv>rrew26 z0ya1vc6s4y_T*Zwko~$)pSHjP^Z-xsEFExa${|!#s+luxyUJ=m6@5Kr4J4SsJmK#T zGEP&_DE&~B#)z08xTs!AQwsu!-FH_k{0;K95r^LCv?WGg~W@ zx}B7)?c76x;Ei2=;Lb_hiVen}YD!6lkWYkd3%xISiLuE(!eXcmp~{D9gdaQyjagS% zF9XAf#15CGz$)0MW%JM&+KO{-XR!p`&6;Vyz2Ei6yZtFBEOq@&jP;HR3H>?A#rt?i zH3dP~2+z4nuOwWOK6-er-ZlX|rt8Nmy z3`}7qA)BHUfKj!~@xG~heZJ}|BhG%vH+@+kO>uIsgl!;H>(0-QpxZkrJ0}affRN^E z7cc|u&ah~&jDN`fx<=yJTQ4J!gF{uEKG8qAg!(3Czhfj0c|(`QxXEQW{^R@a!ZuYx zQK0Ep*h>CS!j}Gj6Sf8>`t1&G#t!K3^c49j2wpSM$8<{Muz{F zuvOkLv?Akg1>5u8wz1w^bFtj~CAKZo)&F_-do{BC+C4tKqwBy(=9uu#I9oan@D8|T z0F3DR{eV>NNQ;(Yopa!4^P*z;e#RIS;yc_Y;%QNWf2?_uYAi2AIUmDnRDT`(( zNTvxkn(HzG8*>sP^T8?uVC8K%nhQNe4FJ%0Yum4PbVIA*+fw|abrbmKYhjEnavLjT z!58zkgx`ZODcC)_mc%INTW|I%sk|k643L+0pTUdSapv*Zg>j2_EV_0wM?z3>Lz+Elzo(FOnz; zVVo9(Cn>I-Or20pmJ%VGsa1@6sVx3Nm#`Lka}r7HQy1Tje>v-?=juVihb_WyC!-$_ zQ9{3SR^qdr;J6HCsWS-v+XZX7!6l{&EP*lj(L3vC-6WADq!PjS=})foU0EaUGD8t%$1j9T#2KF_ZV1d5et13jL+Z(I?uz2vuG?lwmRlR@a1FCyF21RHpb#*s@8 z6wW{%R3RQnd+JkY6EVfO^f4=hx1%lg$54|fCEeVEqshg00Y31QG{A2@@M@SY8z4X!ip>ij_>e+*kXSMQm-w}v+ zFPifNd1MLfhmWQKNPv{N9}@nfb;G9t?4Yde-4aOgQV<2^eUlE^#xw94?J;QWbfQH& zmgz}lrQ5>iVnxUP#V>0n2p!yU>e%Hh;M`gf#Pl@0N#$H!FWu?N3?C`-&M(??%Fc>z z0%J4*Yr2_@oc{tBxIS}y18k4|WY%%YM^K)UeqxSwC|Q^qrCK*(?fpD@sJ7eMb4U1l z2!Rb-{N;Rxtej8To;C|5g5GoWyfBg4!)X9ZYG;bGF0`2d*ufL*lv(r+3}+4}3XR}c zMOnIz^JVo|XHCy8pPLtF07}!azEPSj5KUxdPN+*|DYC&9&p%q8EN~okH7OGPt}>Bo z)8xs`8ofdkZkeZEZP8D`-~Aj*kQ(LT)~F&=P2QHaaHglV5Y@m^z;i#Yf!w$mxEo4J zYPP!&M{V2uL}u&~5w`6oP8rED;+3O6uiqBK7HL;kAstD1A3lkdEhvkp`i-f<-9*-c zvR;7fr`JLAuqG&k*q>KWvDYX8f5j-G8J&@j6o_Lk)j`Y!0m)eg@2Bwrs|PRKa-BT) zPy4t;$RuTfbR?;Q;PvjjTA!^02m z(Bd){Xnd&&H7!ncN;zP-TIzYB)L_udY-Z0i;N_TK%w?JKjN^@NwDAwAKw9Cy|D6dO zmd(v!Y{2X-f`U#AWDFj;8nr_A^BrC~dZqq@Bc~a=06^OSlM2O~zTjGqN(m$7XJM`ZboKnIWT$vn7#KDpa%8|9x!iy3jn8;~%F%J@is%CE_BGCqm=#sb`-#%!qXAvu|;6=QKolQa6B?L924r%jSMA`?cVO6!g|%c}WkoJpw(_k@Lf zy@(_8H>{Zob#h+z4}GOKXmcGjot%%9zR5uSdt8#aXCVr`pU`6Azvq z!lT>O9;L5It+6AFuz&AGmXx>2QV{XC(*>6il&h1;)=9>jm@#D5Z>?50j9d?Mki-vy zgWM1gwHq#(%RC#N3;Sv!M^>1U0PJSl|i4^ zsr0rjni;}33*bjAoLsf+!V#ObmRuN}Hc?RMHrh3_1Y$hd%!m_GsnH;=b=d`i6Sg@8 zPXr~jzs zru;e2IXIFRUo*GJk1E0j=d5SDX0(#U#==!k{F}D8b#8#w9I9R$sUa7MwkY0st5ySq@YUQ|QoRSV^Ypp&LKq%>$?YYBjwJipCeofJs51oSP! z_yBNuU{zLmc*l@CGSZ~fUQ_%Wt_-B**7O!so)3fx=_5l-qPoM2CX9h=)pT;_@au=( zE}vMX<0c#jP;Z^42I0x?4N&r(uQOjPfG@Fd^mJcS952%)eU}k1s|{UCoqpZ#1<^YItQZ(7X5kQW?cpIHII^j zFV|&BvhSTO7<1#y=+U|nS<1kwD%B^Utb@Adx97T;@XAoQf@KvPTBh;abGXKk3)VH# zY80SH@8fA!Lbo*Yd}D{SM_Je%&a9p!RQD%CixVKFf@5Xf)4H@W9J?w!UOVaW?b8#L zU;!3J@GKGo>sq{9@gN2_2C4MAa=Th>91MlQw!Yn0&BZr^=tri79eOa2gcBmpiqfa5>ce%**{Fp@n4M4chhD8q49 zlJKTa5@wtGI1SE#9e12a(*zGnuc)V;CuhX7h(Etd+q?sJQqB6%^CpR-f##m*cfmp$ z&CdDa74*{dEQ0LV`>hZ@nX@H^LhE!-Z7W{ImA;%nG9i|47(b>2L`KnbiR)!72V>q1 zS=p|`A<%Yh2kE{}pRI2blgkzvt|Q|H5;fpI9nBa{>Ms+K)sF{ompqmmCaH{B*Iv^- zwQLeU5B7Oe;*y*_;LdqqFpie-XeWtdN9-pK;h2Ch zVk9ZIU#z$0=#Kh%vnH|@c#u_Y(PR`#Aswlx_E4~4w!theY{?F*F z=Yas7Uoc8%h6*|{T?<&$*3?4qu7?U&0^Ie_tHFX5qTzHqdbH%%FL4>0gIFuxs4Gx} zoUBo514=)AgDdkzPG5rzg9Sh41$Ap8>T}-0bo}y0--nAueJ;QaMA)ymQW1EV1Tiz~;ifbgF|% zU@PtA?1}C(cUxYHy%885rn0AOR1<-gndZ7Y2v_8=0PkWoQVI55->L?K#NBabrap#D zT8sWh8wc>hLFdBIm)@Lz2r{Q}c0k+4D<;UxTFJE(jh7{PdJ?jmc11Hxyb<)NQMiwF72t8UFITryQFPUP)jG3y=QRnYP z`m_W(_)T6+=CBmNC8KXkx6t!m@${J2y|QV>W@HJ*xO|RX^wA#L-&c0u(tL&MtG(qF zT-(>;h(NB7)=K5pe{d#LYKtUrl>yl{eH2YeQPNyI|6#&qwb3EfRIupkDK=A$1|-o6 zEtr!ft_o?7>vI2Q#u+;ZV-SRSY;UzuuiZf6?x-%?1y0CZ6|x zY+X@%sudGjdx{mZ7*O|y6&byHzqap)hq@RpoQltUK+YA)KpzMP%G|*T^2E{RF1*DU z&$O2yBRIKHF=$a~E>?{7IIo5fZf5%wy0n}^C1^!<^I^tGiHJ;dOEs3?!C*CxU;|n- z09l)H+lQy<{=sb+v{Yj4K(t>vL|@=nlV47RtywLe+Lb;i-=%k)i3 z13YX}6K0EY;Akow1J$l@&YBUwS7G)HL9N-w^V*%6mos{-<6>z%*0b#V{yVAt zM3nyd`)PI7NWay>Zk*Ob+^KQt&atj3#pGB+Gh2B-y0=~7l%E5LTv+@&IDY7c2Ux6< zfv{DypTTtV6=b(H+#&kwpzM=-Ua1^zWfQ;KX&7WQ7>1LrP!quA7_%loCWlow{c;}y z{0f;Qb&&Go8BFn?H6@Y!nl4h@uY;o=z0jsC5#_BWNNn1S0+BAN=uzhIlcY%SLi;e3 z8EPrCO<>WJ4>T=f2W9GnS+|Nglnl^z?9*Dz0KyErh=wg6&U7o(6Fc2&Tfe}0lk%GB zWg%ih7ls1=REauTB-+_0z|r{jdb&v88BNm(6v}!9y=A_h z`$z+c5ZFk#ULUfGws`s0L&FTR!}##}sJNsQVn=!EE?4zaM?>;MI6xM2lF3N+KfiVU zxt~m2ac!Gvg&)I-0s)Q^RG#p=dLi>5-cY5lj5Q_xq|Ii%s$7$mC=l`CB?sq(%ECj%^XWR za)Uc8!Ho)p)FM&Lm1ez zsbzTJW2`S?MluV^cnzrUl*M&^hS1!+rjbA9rxET(7ZvZgq&k?9u! ze^28!+7-Tq(`2XddqlA|YE!m4xq5TR7`t@htum=-B2FZzD~FPeW=&Q3s8O9>0v9St zptNBUq)HC{efJl0-Vmu_;8C}2B8*OaBU|iaHzFb>gR6{a;mtzHd2uQ9_CEHKMVG3M zZ@+DsHEB&(Tiq^KL|Ei%@3{TzQkdBFn|!?>v`XyXNQ8q}ipEtD!j$iZlr!a#KPCjl zlb}jj>PNCczXL}EM0ITMI7gh;2T}8o_k1%WJ~Z7kk#LtHT)+|Q!*se`P&n>UYjX2G(A|ZvhR*w;2 zATZ%Mjy*!P334%!AzVuZU*F#%X^mgE$v}n;+F;&hSgqZooqn06bjsB(#>H3q>uq#2 zR$H2)IU(2y5LI`YQRdnhmaR4aEV@zCWD^L|--fbex(km_ui33jTmHpLI%*dDg6Ssz z(9yY@%6Cjvn6X!S;{D)9VqX8afComF?v*G>J+L=3?k7y!Qr9CgysQ<*U~p_Cux=31HEfzu0a+R-~|&S z>bB<(^qtU26FCX}Ay>^I;7y;_dB*~bX4Ro!^Nx*3=^s{?VMlS{Cc?r;QUQp+=LFt; zLjEY^Re0;;Ejz92Z*l`n9N+SrZgCV*gdur(?FVKcHpk1%mu#2(4q^YWM%FzhosfVd zbP!zB1$g7xqNSXGi`eA%?Y=f2YbCb?=8{8Ep-tRiQL6b+ePY?r*fi=r(@&4NAx#dz?~q@1lBQL5=M}Cf6xwlo3Cs&X>_ct5 z<-|Na#zMYjm#}}W{(1ThYL(k!y-?+}LNq4Nm+HYB2`x1j*_tgTv$2J~d=~7biAQMAg%Fmqdjgfr-T{Y~?`L!%s6axPs2`hyaC1q;KM4Z% z9{67$f>Ke@v^MT>-D1)`oM<4;lpcQ*zMH^=@6?oaDnAzIplFsxDqRq9UQYo?2xiU9 zFnfV`t)0$*qTpzFoUR}!;s&3jDGwU&U7NgQS%AwtG?n=YX-avgMC7`UEmqUc{oqT{ zmWbISUbmrrC-fxF1i(nqBS^_?h0`le$xK8Sd@b0<;|2Kw>4Uxt3R)-1fO5XPpq+1r zo}z2}PmDazAACryJY`;elz8RY%b*LL^5oeXpuOUAJnQ3D$|&%HY8Ab9%(HWBz@I{0 z^bPP6cH$Y7K`PxLN@GOT#Tg$wdAVG!BR7H_%1q_8oyl2JGDr;-5)v5Ncq77j2H@)j zhrVUk(@`rUxv{GMR>5}wkmG+KiMy{vgYUNRi9A)r6~Kbg%lGW^#EpMIc=L6O_4N;Agr`)o3BxRZjB8RRx9xd9-V>>x z0W&`dj&Ff4EJsODVqMRdu%pCe|;$~WX0xh*kLX}}3+A$>A0~j!W-*bk&f!10f zfxJV{*ZKdnp7{Zcx_Y6kMF33(KT@cHIX=1*cv6FBC=PBsAsnVphk~*m@kWz%6|{>t zCGX-5)A?4X55emko9*_uB20WhOL7EYaC3AjcL(HT!J5)#Zhf9Cik=pL3sXEMr8gOR zdz+q%l?i@0?3pB0mKYbRontlxypq?1?qr=`>78^Zw;*-3xV9IbK|w?4$xVElK&H&A zj$(4Lm)|*2^rG*FNhTj^2?B=(6A1+btb_8|rO?phlnRS)jvp3K9fU|*7XH}GO&%UZ z<*cL&+akL))zg2zo4+|Qh@Jo7lg=3G8xxT471mCoAyEY-r(#s0jtv5C4+zATWTU## zr4%=^#3`mv>{>h%xwN!j)-h%1+=s@GWP@BlQ~JaWa_}=p1{XPnjsfTuSBPZQv*M7z zkfEao+}3x&C3+0KTkoL>VkaiWV3lTA0dFgtiXT^t1Y#^5X6_bZ-K2BM*S z35vG4psXJ2@Elh8^0_=cr-%tlXQOW>{3Erx2+JV_Zoc*JdHYr`6SJ-rO)e6L#n!wZZbkM zDyYV|J^|rMGRM+yn}jk%{xRU`wo`Zq4dn<}ZaF>JjR{7}`jakZJ`d;iXuGW5L?nzG z7A;4cQ)8mcU?e0rCjCYxyaF-pla|5Tm4Tj+o}BC|wXd?x;9})Uo||x_Vs}M#v~t0e zEjkW1GQ!5HU^UljuFMNdabb`32!^W;OSXQW zObYQBZU!Uoz$CO;_cBVy8<%TXkJ z1!lmg984nO_@FN{gS$Glh&sPL>(fNC999`dsli4?bTMM&%BwA31YNCDz_#BECbiZz zH)v>oqO4lh`Q$A5NqUHe31yCanQJWJx8d`KXb*Ur#Q^=(lkTo{Bs*sO@$v>@`PW1v zGIsTD_0JX`@1EMi00!Y@6Z1H}7PUuMqaAgPc*WyJztWwdjI=wXuyRDE(|hRmCWO-t zq!q~ER79hhrNuatN}@JMOePCQWDSZ-r+jO3B{jJXl1VVgo|t_5m}^Yivlqxx7Cd0r z({f(27$Vqk$_)*+^OJ>o%sO9dxN^U8T)G}omLU9Oe~-Cq?;?=Gfn+8h9j~-avlEwN z7Hiq1z=TN99R_!zE+3d{2pbw+OMj6%{mV2KSD{;#ZzbEAn#hAR1@^%L!c~!OE)7$}M0mpwVMfWm^n4t+(%1QH=lcn@xgY2FHdQq`y-Az z2>Hvx)AhqQ!=`g~1w!Pg(|Ehgjr%_DtAJX{S9V}7Y8MVSgIG5_{&WbFF&nJmjRO7F z%i2EoU@C8vYr`%)p;`iXZKn^^Pi1*urHr6L%_`3WyV3F8Ee%ufW-Ce{7*Z zBB3>t7#PrpW}kdL)VhQO!-p)194*Qt8fB`WB=!B4l#j6}D0oC95}qEeyJZ#A`zR-g z{NYwE5l>59Fq`y8{b*&BroobysL=jzV{U)5GIsi{n=_|^m`Q;@WXOIo%?id&w$d*4 zIns{7&EYnSe2q^;*0c;HA-%(zn1l4pavMzU6A=uV-w~9 ze#>kk$ovlMkf$e2YbYOzBb*niaqu`1`XF%RiTz-2IJF<^pIQ>RdQcMNJ-L(J&h5ew z4lK!tmkE&qW_L@5LoVHw z98vPz$rRU+ueR=Z)S1chwR<`y#-JlT*I;yhU_WAbjzi=YTG-Um_Jz$umy@w1&hPE< z($KK%6*x^{3C!MBUTfm7?u&+<7aZ*(T!z-Jlv@(PmhmvO6;HPJ9=eEjQcw3#i4MMS z-meUQDN8_lj?BgV@$OYwJZglNFW}A_sHM@3Bd}(QG$spHWl|cXbWL@VZ+b2brdB_E z(~Qa|k9s%ustT{%K8oTGbS>lpTm?x`KYh?fILi|8x|K_H2{LHFC44QLQu^oR>@x+S z6PqiL6^WM7jP+I2Mj@n0p?EbZOQSe~s}e(%v!hKg=ZMcRp;|wyz){QTF%Q_a^D=`A z-ZLNVnR};c%Xpog|5_%gu$T53io5vc0$H$l@h*hR_!)O#Z94g8yakzm0+gFwDp4Z7^z%Gg<8+ za395#EjV=oMY6bBzFs{4I*OM5Q2V(|{&4X|u7XhJd^i zYw9+>1j}WjD@e}CweuYAV?^JcdPXeZ8LLHYWiF?vQZ6#cRX0&{!!<^DE~zkjhz&H) zgo)0OLq1mLp>n0Tk4hSl$+rW=cL-n1H&saUD{o(sdHLt$^mV1Yrnxy{#f~P%3hQQ8 z#Y8-+pW%sR7!deJ-XFk*hjD47-k&%O(y=;1N+jYP(U>r(^W~_y3l`!tmz52vL4h|} zrX7b!!8Oj*PU<6u-Xs5FkS8MO6`D4VJhqc+?nyiREZB^?iS<(GAZ zz)YZ?HFTg$TfK?%a%wN;sj6eP5vPo=a<5Vx+Wa()3-m=wk0@IdfE|Qx;2J;JAeth=Ul9N_~ z85oY9Orj#%t9P^CtOqeRW zD2?DM@agfFpPU7*HeWqJuHqO;Mm<~dM1*`)k`p&Z%2#jv_=ZVcG!8MalbV5X&8imYGm~E2z(vYRez6N2}>I&jtS`*&aTW; z08yJW)|5b!@Y+ddVUUem(4)uW8u;S4YgQS4tKCk)8~u9aW}eY{p}hu0haNPQnfE4xb;Mj)oT+L`5U}BZ6$<(A9*Ey?lh3i%%_LtJw7Z z5{~>7kH>4i*ViVPP$<6)k0!#dflUb+Y|Aw8ASJF#abtBSC!RG59B>STn%BrBZW=&B1fLY`tlWTKDYie4`qtZk=8e<>OquQ(qI_3o*a-wy*EYGy)9JQaIl@zo+KwOG8s}? ziPQ9!fKFA#+twxm_QhLxR)`R*`Tf2GjV;ONa}Bi{b-Wmkabh7FD-xMC3#7Bm)l+ik zE)p(jMtzHR>40G6n3MMCnOZo)2{J{Z9Fy@oTv=me|An`1+ewrRP1La8o5oYkA)b7y z0$ak59Ul52Nj^BF^HYDMH4NtrLnP5{x8Ua1%Hf?PuU(eYi2F9jRi z2IHS4KI;kAHCt*)OuzaW`k4V|gNyKmSYPdMUghdG3<6IYjXjx{m2v}6Yr>16AhYJl9Uupc`V5d6qVYWS$fhJoFZ%e*-AOG1X zckqxcd(O691kRt;6ogX^k&iXoUaJ@N_NI415@%w|X!6 z*s~JbSuN?ane0TIUX9p-K#!NP+_g^bJ2)!>WbUM4Erhpy z&rq9Xz5RY*i<)UbAkH94qz;2-DVy){76%m}8Z|3}t3oZ29*~gVJVeT|RqoX=yAT1V%5vSJ%5td%~E8kM2SZTFu3^{x-k{MS^a&EWNU6VsF>O zM*W>2f&x&+I-%AVo9^}TGtcHXS%I%VVW7VFQ3hi=u-bPvqRF;wxs|`fMPhL+x?e>9 z?LI%2(V?U^UZ`#-E(R)Z`Z~+JQG5#~=P_bewWhZ`!(M;!p$A-ef0@jJAMbSv-4@M6 zhL$m3YLV?b$QS1RHL=Z6=w|Yt+PZ0#Y`kRQ7smN#p>|YP;`<%pW$;Xvpv%Ivi@rQN zE{R!?vHssrn?L%?viS<%sXoi$2l1pj8v#@sgRiGjAthfvXu0#UZbaDx-6o$AiI-Ez zNwG)r&6S)&>Kx9JtlE;`QlyGee?_?~X_onmX@ zYm4@SMW<6A5Qve9$~x;2@+r9<)6SyxNRBKdk)KSBB_E2V=4|ObC$;`%*7zZfIUJ_p z@uLIGw3A+2us*Z3WFKVdhW`*G{Uiofe^=uE(M_7bntf&8f#adsR_KS@reZi%$~@XM z7c=mHfUZ_KBRZ|(DoiHYi+EGo^_&{nNZ=7~hlzo!zW3}HC0h?OR`szI15CG>A@aXSY@d z?mns6ciEd2CrAq30%n624h0)KKvP?lQXv?ELfPmukS@OyIo{$2jog#~M6e(AqYs>N(C} zG>k|hKn!+mSo5Q*B)hhSL>W=y_e0FeaUgmj=K?_J;U>SYX5jV?Toj} zSW|4-!yW_|=F9s^@%4rG-`(sNW2i{YubUP8pWG}1Gb@d;p{|v&jV>dNp|!QHkg;JDzwR;Rffj0rrbG9TvA*D>Ya2{nEmzFUZm%u`H=%~MUu$jnQO%oCq9PBwLR z7R+_l-#ZxT>@)Q>4t{?AuYa&Xa^p@vYH#DY$CV$+_)5O)2L_QUdHYu7WMyb>By{=? zU5E$<)kZeu;gW}Q>kJP4!6m9F%D8>}KaQw>j(Q*e2_G`nwlUrjihiy0rrmxIecd9S z@onbe%MEoS=rZAjUS4uL)~ORAgj(yZsR@I8qe$#kr0awtqCpxiSxpYuqCiiT$UHXa zA9vzi1Zk$Q%9jmWao66Q&gm1V`yg=q296K1ZSImHt9Is)Jtegr<&+}9x%?5Vk zBw|RwZV09xFv`w?PXLjF>jvG(R@maEUcuwNT7r{&C5UwuWdMY}FZ!iv_Nh*)z93cR zSlmrB6BMCRIr{dFAm$683%tz~Fk8k$4J0>wmP1D$Rt>YE4ufWBiwHTB@#BH|_AqBZ zmCE5P3@-8_X7L`XY)bM6!-n_B2_rJa1A*PA*XPM>xrjMQ{Pl3m2!k0ti!1Y%f&0-b zOtw9D*gz<(IZb0Wle>0+v!7wlU(g;O!pG)V@ir!CPA4JiFm0Y$MeTtKjPT^xizl?P zZ~(%N##_3C4(*`QVEDGt7h7jj+QSdfeeKXhwEm)?r6Yna1N$HL0#7S^PEs?OM_P|U z=f9Ps=d)>9Q8*m{$4Xz}Ny2~fP6WPxT4c(e(&PSuq!rEd3aVkHf)=RQi#>R@WpJ}1 z%q6a5?3=aNPLhzQp!5+Z*Ad=qpcc%>kGJY4m5vP_LvWPmzB%=`1Xh4Q>lLL7!H>0`8t|CMRo8Ci+bgK_$Yy3vlUHO)N+dD}Td*UD zkQN2o>gV``BYtG%l)X(w4JANms;c;qY>={Kn)QpvH1koR!F#9kUMD~i@_ z;Hs5+R)d&u@CF~7r%EkbWTN6)#R@0l8pj=+B|+oNU%7OTK?e0 z>X7>PU*_?A3QIu<;R-BbIb%0)wC(+*eAqEw&j+T5(jo7}aJr$@?ecX)o4 zSo3b3(WFXGmA`qq)+=z+G4`a2Y1Q+Fd(_u@-wm$SKiS(+C0Aqn*dYbo8DC(EE^8J*A>^O`pl%05Z zL8(+>B7gWKjlMvErJw8?zMGRe^(?6$3bF%Tq`iM{0I`{+8*cvs;q{~t6cX76BjM$^ zS%EnxdXuzOr}XP2@)uy_R{;9-E?&9t<3Bx=k}8Nhkoy{>!oqm+@j37+IS43C1bsi! z6Uq9eTyeX2QRgObok1K9U=gLUrx^HVK)~;fry<2j*%f>%HwPlpnFeJ#K%Cu_%bL!} zT>KtFZ7x2gZG0lcFL2w-o7sLyBR477%ezAg)f*R|)#wg)OSK4Y?&)#y93!D6xgJXo zBf`sU7(KTVDR6v1vXDyqYKl~+h57cxkpY|OJGl6wQqaGM0g5j4$ANT6X=9H-Vu)5* zp_}biPp8H@SEny9wxqM$vtFNv6-Qmp8?LX}A?7bMFY?qvwSaVDz;$f62cNCZKQCZD zUv2383Hyz^^9Cgvq9mr&=j5Ft1I4~DpLRYJEVq&;bRVwfW@;p2z+!ZokTj0?@3}}w z?MQF9B9;{U@6BYD+ffxxa2sQ-vGOCFfoWts?~+e7Omq6pNN&M3zIo@U#5`q@c@)@5 z0&VW`)}h3-{b629D3jS)wqpd8UG6s!2DfD8?=SbdAHMZj?$DdwASUEg=ACcR%Lk68 zw5OF|gJ0hTjOx%+5S!zIpIzt#I2FY_!>DCFJQvkTZCK9o_A$#9R8PY-j__0M`x)qE z1}9UuA`_LoAY8N?o8A#C1Z81?s>tkRbhlU(5GX|Z!fB&DsmsWuFbjG~@qg|C5ZW&MZTSY-(xSlc z^bYqT?5Pc>j`m{&wuMKRVkM@OC!ypn!HsI#EjUZ{{Cjrgnv%4UJyDx$uEK>E+Ix#X zxXyadcn(fhRoYK0y+k)m8K>cy_>7FbH;K1Lh&-}04&_I0KDQQ)B?@nmuBX-~SlGuy zZ(dKO1x4&wF3Md)NLV|L?#h^{W{S_iWln5!JmESmI?`&0$a`N3VM*(kD*_Ht!x?W< zQ8}*~cmlBA!lmXvaE8V*^nDjEfKwv|$Aq&gCaKZeUnD#gsllJee;&^Kg;06Cq z>~)dIwi$@hyNv|)8!G--^u9PMU*u^%FV<$-VW3~G(?Qso7}(h#QKw-+L|e{y-A)50PW3fD`^@Yu0*|mgVI;~k;0u^=hWCp!MZUt7 z2u1Vy@)bB6qO(~=RdnaXnnk!hSeoYE*ECdbw|EHS;(w8UB_-m4d# z>uoPw7AMEycV=k(jJ1|)H-d;23EnY<-HgIlVqE7;>|Wf;s(4YYGB7l5E$3UY<)|Yp zhE5RMr>WT?aB4!gm#*2ktg2CK7>COaBFtW8@xU3LJs=5SRlybXN(%~X36A$1zFag2 zlXjqlAl?rt3l_b9FA?$W5B*L4QUi+6KFh{M&f$&sIcg_U=vv#2$S;aA$;9%B zqblNF({Cb8aqtg?y{QpsP<_r`x;?9DJu;=}s}>Mjvqdh38J2FH_~8U4(C~&vL->X+ z0FM)k7{+Xn>j~?Ie=A}lr5st*^1XMpfNhcN5>DK1*gE#u8>xX`1^*agXuDWU&nKeR z_~vrjkj3h?h7uuG_R{!;Lt{a+dP1;`r`_SgUiGPiiO7T@iIo0m%spuMuy#ldFV}c7 zwqfOyrQkALZLbE7Cq2XOeRN#& zT2PiE|0MKe{U8{5ttGlM^YdfF>YY}h3Al9g6s)U#({JzZc=jA7Lzt@AiK{9iPkx>i z+Nql~ij)q6QMu%e&<-?(&1W{$T0Gr{_|96x7z2!kl8Pg3r*BN;4tlI|q!JM~oYaROlRgMrl^`Wz6Hc!+8+qkpm0coF6`la8*qwzf zDkDBnra+bNTD>P&?pkUNw>z;gd-L18?iru?ids+EzN>m1%ESe1M3KU z-=h+_bfB-O90=jAut8+(*HP9u6fPksWBOAqOeB`sAjl&)pso~f1nMob9C3h%PW4?wubQRGw+X_w$M z{pIT2iKf+hi)Bp`vKcLpPcQW?SKc|}u-P0{bJ!Ofu@uYsOpA@FL?=#Cx}TzXTv&gN>X{Eo|@t9r7qKduUti zBup8HIgQ&5_o%w>pskXo@)9lY)fP9|MGqmOr_1xNA*X?jAq-%ggkn1;ey%;#&MQ=! z+!;^Hn~I9p?>0GTqAOoOf+NRe!5~l@y<;eeH0u9 z>%D_PWuy4V$yf+T-<~M9L_!>m?`sX>Mij4^HKEpk5d(ISX`=C&(l<}>+VZxG#M1_F zWQFzd1#sUkV_pK3pAORu%6QwhbC}2XYBW6BU@=T~7dicCN+H{@z;B5W$6zww%O}AjSG^upIF* zSZ}c;<;={1G%5%gc7bqnP88aj5CvR`Wj^bPr zo{r)LfPN`D-3JvsoqgaWIs&v57eN&s|8d7THktxcCozZ65*2dQlKHu8B^2Q62OeHh zm!RVi1`E9BT2W;u$;uH1qCa1d{?fVO-%m*u>}Ja0S*^(Xkoe~&7EHhO^ce9# zS!ISIsG9ajBB^qKDBZ6k)=eyv|JBOr=;z4xGdfn+XA!H$REy<>{pa0l`W`Ps=f}bf zN+6I8YIRO%ZGr4qw3=6VbB=j1WqQGPR^LqzZt-a7SpQiN5`DL4g!T~3O|2$%z3l1 z_1ql1+wpY5j%u7n=*qZBpnkz27gS;fB1a740CcaMh7mh6xaOw0;BC@X3sQGUa{;*a z@-4#NPSSx>JHMoH^Zr3LCcBeZoPW)mU!6NG$5HZQn2Sr%dm5i0%TqVbYA6_?u2=6! zu{lf#qeLTC*NC6rL{kUI&%8{)r&N;BRdVbEVPsbz%9l&#yo%1gUs$I$7z%>n#~mh9 znR8rysXoV}{T2JjuoRGqx%;&dh3UzeMcwQmYufxFkLhFJu;o&?G+2Q?yw~ROE8U|w zX`sBIYN&?ij<*`ooic=olL^7LjP=aAa4*&RjDk^2ZzeG%*1ep@U$^6s+TybGa-pJ* zQ+HCp43U$b_Du|;I^sGTAGkTGm<|F*mWJSP9onqbZN1ig%2iAV?YCjggKUdEug{PO z!5X@?7>r9vVt+mhF7d05Qqestn&tofSOVSPasNZxI~7uqp`wK zvo@@||Dj;T%C9Ym_+>8Mf9zC^8+WQ(ER{Hlf>PnD9q?gC2U$g+&F z8Yb064?wReyfB)ml>%xtfh+aSCL$&q{x11|U)c!KO))FWW$AS8i)B#d^X@!9R>7(u zP>$y=Yi~?QdqRR1wr4W0YG3)zjmWLdG~7~cbE5h39z_R`o*gx{x85jmX$2k6)kt)U zyyy}7D#@7Y$XxyMK!4E_Ib~C&Ou6s^H=PXV#UbGpN|rNV2#oeG!|zww(j`1aOt8_1 z(7kLVV^PP`HnV6V#}c$6S{(~g7zC_NKCa9V(&A`=%Yerq5QjGJWTU(1^r;|q=7*IM zPZk4b5`w`RulmZo+uICN>5jfxz%lkuyJVR=o--2@IHxtRIF^p$GklW}_1Z+^Bso3P z1;|71oZD%DHnZhlItQy=jB+Co=g~^_7#Q<@k3Z&VNx#Mu*x8*aGT5Rtil{D05uT0dz5YAuIZRmkjZD@-UTB*wo z(I1ZbqcE1#Pd``7O>#>b&s<1F*U4#qIG+CG-u%f~^Nspf`WBr;m1bW%le4p?9gN-K zp;S({J*YD4W>waFE7GWy@r+TKD9$W}3KLhR(tMH{);$8O1jn@-arHyYmkIHEXQ5bg2vbqaSH8`?qZ#o3Z@7)`&%3xbA( zlRp4&M8b~T^(kwoEtcQ;$0-%*Xz+TI-v!bN1m{gh_urjyDAGiHCeSe)coy5F*VsZ! z@>OKQT>*U$;h0yJi&IGm^6YD!@cK=39liYIHCB_bVaN^oq1SBQv1KL7ALl zyxAZkka9rj`GluJaN|+?)D(-W;bK61l|r0Q=AO>RK)5l!$|kXMX{I>2qu_vGwYL!% zA_g0TKChLCCjPO!&0hzCxj+cwMjkJw`#exJM;eZq_?{`J#uZ7AYZ9cHV4;rIVMluy zj^LMkaTIuhfx1tH1sii-q?@FXL1hb1SDk<)$3s&z?SUGcveFw&vgt-)3lB(3P%IEl zymh_7i$#j~f4CBK^X_JL+?oLKsueM}M|`CW@nW++fl%6vuF1|4{qgAI_v-uGK_z2{ zKvWn=E-HQu8O2BIDqOf&jQw8s1}29r&hNlwxPb%lqxZ-5!w&H zh@l0|AAEg%sVkq1H)G2$=Ysatc-9Y9<^{Sg4k}{|CP$On_W+mE-W{eWEfq;$mYNZs z>BeC6w6sz;jeO1gTk?e!jJtZ%)xXxyP85A##@OESG^~DLcr}*kk9Q=f9c<7E$V~0n+)|>J1!@!tq+yXM z<*`5RdL*?z+Kq8%#^65b!{CJEshY_%SkROt4K1LVeDa6Wx>Y!@l85`bjJ{G8r9jIM z6HgiMVPb<&;_EO)=@`B%0syV0$ULHd4+p-&@k)T{lS&n80`?evGM_qY7b6pnMe$Xw zjfC^i{l?Qzh}tTJhvV#G@^vubMm;dQLrLH2ADVI|^zjT-@<6oPphHX!g_;B*GQtfY z#Ujj5q4pQ3t60(G9+unwZ9Bh2{GF07x}!P)e50-u9Y2D>?GK}d{wnB7R)voqB^n+K z>x`F}aDP4D8&2>m6u0m(SBNF6R%EW(wepgXE zGBscsbMZY41|2%tj;&nRje#Vh0v$?evA{zm`nlX(Fi+-sHH*^R>DeH%jR&%1MU-U= zHyPEAFD6?azzV*Hg<=z!GoP}lk?0$>mcPDvR1?0`)BG?BIq-h@ZS8i4 z9RqER?xUy_Q zIc#Wi#4WoqjC=}xg^BZTL-l9VdCDK^_Yu8#+L3yj2{|QRYIxR%iRt}gvDNBU(_KL# zBFuWGg%QJCNCOt5$3V6LDhr>Uz0K3Pd2leWsd`?mnDM`0OLTMw&Hl>}FJ>>+EByr8 z58o2hRg0vgD&=99wr^!FhNgLBl;*ojAO+(>p z%iFX+Tu;2&VJdl1cw01-PZ=#XIc&AksH>e7L<(d5tyZ}(O)+jH$%;6VcZMD(Z!!Qa zOJ}v4UCV~T_@KmT3qpvJ^W2f!(6kU(loA7Nh4KEQlqVHzD?0s|b*u%s|Z*Z^eAKpGuZstgO|YT74C zKu1Oc-&Cay9MHLxEo%5)WkB;YTh(bdzNCEz9pq+7DhOs*W`lQ$oYf3rh+Uu8A8`18 z_00z%5ZG=3z{WwD6jM!J`hP;a?N1!D36lb!u%e@PGhk!*TgdImhV)EqClYEc^%3aU zRxhDjwZ`IGxVoe7*cPQGwBq33uV!%EGg~+4 zcJiYj3YF6F>e9_*iduz@rM+7qdnXVuS#dTp9HkkA`D`-sq2J;}3-)=w9%~_we#O+e z5m8aC@JzC4Dl=G*iaA>}_}l_m#gB?ew5okRMM0oFS}d%_#c?7WA$6FDT=t&X^`wzl zgmdaKS?%%q*29Tzg;hZYPHTbk7beEDR(x~N)dC+2YVBiih(Bn!-Z+ z{*UDYE05E|VmZd9UsJDvZaep@6CN4uc$JWz?!dig2$e(YBdmXWvSrYM*LVL$8=+fd z-u(--mDWm|x)yev6gA|dmze*lF{^MgicGmynbbehchc=R()uej%hR5qE4+x+6fmad zQHK!|JdASXJsh!UeG!s~`%bs|mk;6TOXDR4aV-ZUG-BTGTba+(aZ0xB4Ns zbw49i{`(>EMEnGJ&W1=TimPUweQu4*BZe7*9_5H8KNXBYbsE&~eZ8L5H_^&5wl<>xW)j`-kTHCn?uy##Jx zxN68L6Q~A3dE2XPcd9eXEs$14|Bav~v{tw?-6v;9Q_p~0i(!@RurdEwpPVR>Cxjow z+;R0?*>M!Xl(&AKXZ&FN{Jo0Tn|rwya>BNmrdhIs!|LrV`u@W%2wQb|2aib!2@Mec zfTa)N4WK#y)@7W-mjCK$0e{ynPGJ*jxH6FHf0ia-K{ge6P)cju04CH!Lnn!6YsB?8 z>C{6zPDlf!eS|&Zs%czNW*!c9`xJ>RLELgwe*#>Y<6lC8GR!0`mDnc2t#vA@oO><5 z|NU@eBHJ*j+EX@wo;p3p=@lp;t7o;`rUnvbS?r#*)_IvqWVgkv{0@_nvu9gwfb?Sm z9U8Zj!uQOPnc`{69Hx(R=yP3NP|w@ZgQh>=SSNfA#b;oBO?)p&afocRzCSfUOP;G6 zRN|8~W^J-4%3I;6miv|YGao`uCvqM8?H*wz9z~#~F(;p4*%$=0yz?!z#|)oJfj`T^ za}*_cp54q`617IK$6r~EB1wf}i#q#x&ZlusnHWI!AfpTpg6#%!7H7azXDk8D8!4zs zQQo8=B9a`q7%Gn>87Z#FM@{bNYVEZaXD4aoeI+8!c3rl&Cb7|~0Z=Vxr-IE_pBLyx z!-Ek(ZDP;Uk2Ed7Ln+L_#Z|DJEg!;v?zzI>qu>|$j~8k8gTh$#z1(}Turv0aeVy9- z>c$1pE1zG*QX$|P4Z78KpFEg9+g&0{St|frRx1O|+3QTY$7d@4kOx6{ zpm{$W7fm6TTpXp~n2EL8q~363&mUNRJ%)1)K(-30nqytZ1X!67ovvf;V6gF6>Xzld z^MIrlTj#fvhYg}esxVubMS8JFwDBE|l0EZ~m0pnOFa`WBW-Yfw+4Eru{!o6<{9~Bq znWugDMtLxpe#TN}5#y>;2)NQPiKF%~=8lueFo^*c-wi%L^|s-`0{&Ipiiw>D)qf62 z{vdghEBaVv>r#Jdp9GW0k!2-+EWiH5Q3RMf9iiY(K)*J9(ALJ8fw5G06cSbTQt^Nj z8zFB?ra#ECp7C<{9L}vxNy`Ih5AKIf9A*cs=SuU9Ffr~|wG4ysUBT*FQp7HUvoABb zPxD+Ki07O{=~M2Y(T?@2=z6?!8R~oesBnM40J?cX>sq|GPeX*yYN-k}>puImJn35Q-T*!GTo)s1Dmhr3b9xR$lKd@DP zAjG1~9uXoMlM+b{1>tW;iAf|}3(%I9-BfKPH-dplwfXACK!=37-=EJOA|MlD4S$Mh znM;cow)qDlHc+%dZhi6)xDYV3qe4dq6vYhgPvU2X{UEr>MND% zBH4%z93V{yQ@<@lr{xWxj?!a3R852u6qQ=XcJEt6r*FkruNN%Bhq5XT1ub2;jN_Wx zJ(K7<1w_m~69~o+Y|5s92t|T5!#!7X6_V1b)l4E2&z6=i*C1FT3GqBG49B~yL(qf~ zW=DQDlyZVg#AK2R7Kik3qdXy>*`rx4wn%A9O2R$aYkSNl+@X}7i>EQs2jz%`gE%+J ztt8W#NS#pYddb|Dzo(`MiY;VLAXZ;RYu~mUsOg*(Re9zJVYp=2Mj%qxTY^r>s3cY6 zd}@MtFK{&#?~lfo_L&8x#tdn0vvlBgM)ls@3Afr}{G|i$HwO+Q-OQsx!}%6$2;Up3 z#KJRad>)CN7~L1Gr^)a-sgK9gmt&et~Y$jf61l)O!yYG?<4hRy)HHyTn zWy#@uKB%YsT%2Mooa8haoue>atrfXD{EKDr5W$&iegcTzK;z+@6eagCm>)-NeqK2v zr{(Eszm+8jWEp6SOv83RHMc28auBXwAFei_%EsF-fSh8utjg(VHHfUkZ8zKI8c{XF zgO=0KX36E(T!kkqj`*YRN9sN3b;>$+d|+bg2m-P>nibE67*Jd@ndVkwc^!vaB{K2J z<$Yk@q(tQ4+gU>H*8=63Vgj}l`WgTD0Nt=K5)C6CKiWD8?`hZ1YH4?2+U!r>_Wr4Z zTpcqsUsuRp$Tei)=D5{t%@-Xjl6SQja@b<+pku}(?vGi=7lX>f!4Y`v>}LaR!HTe;oGnP z{Q0^I-f4v^v=L=}F%xyVGor_Noqk)(6ZXnXi@L7bd*)u0iLbuLAv5A!MK2P%mRcdf zTIKiUK)|6T)m3UH(k!`*aew>3_SM$=`c=*H>rSZkM|0Y8(>WeB4(dxc;J}eJM?$Hac^ZmBobwZB=09s$y|8-qJtz6jbeG%YG~D zCZK!l4BbqWjvtANgtYSZ&vwGj)SuW=%yZ8t>x5HXv z8lUn9MyYGI%6GeTG^wk(S8XT|_M2B%0M}z6N;*evBD!zrpm{&u;MRtoDbdD(f!T#9 z<$!Pkrl5YL6yrivRxr&DMsn5R$tmMh#9{gD7O_%{ePDku>#ISMm`m4zv^qFE+(&au zQr}`jARa)D4eDP#kgk{obV60(AZ@D_B9KCYH>Hn^^X*X3z#%4v{XO6CfV=xt+))T= zpXB6CGdzd6zw#~h#LaKS5GrfSu7i1I!Y%ldT^2c8ZS|Ly&X!5}`OgxR%Kk!Du3J&7 zvYG;Q#I+aMg9{%;^8)aL(CPZL+K0DThdi(-K$HU-a(~-)Zb-EUZ&EyjI4-|-8tFx> zy;P|3`dm^Mp_bc`>ruR% =h1Qy7OQwnU7ln3o16HFT0Saz8Li={y*pmnnIKJ}cq z9PhWVs0#X*Or&)uVe>QUBrP#@0b#L@k?Y{GWsAE2>86!BfiiGpp?E<)vul!pi5-9= ztSQx00oexyMY}WqbmKk2hlFc)_`a%UY(=8S@n5S_L)FjW;D>=9@c&E9zVR!~)BV!2 zPG=l8&DYW3fm*$u~AvP@s&hHgE82=C+PqqZ7tjpkdU|RrnRco=nkLu?WVtF? zItn#Ph9ziPT6%d{d##IucYE8o8|Cv{?TJC$3#z?DqM__ zR;+2RG2Q&51^h9^o@+jFaEI>c^s_3q0Byt>v@C1dT00|15xyu)JfhJzu!}Uvf&Ta^ zBo^1ItZui&_qDfr`Tgl>^rA zj``%Q&FDKH75R#L`EeI5`S8#>G`#n|b|jC}Xmn_FvxQf!L+q=;pV-?kmg^!y_x-b6 z{0(AsN-$)l18=TxJf74v`iP_`G2Psfm{D7j57jO>pa)AgrV&{?Xg4poFNmKK6Sn^H zuBJC9AYwH!XUi`d+4fc-eJGjU8Wn~Pa#t7Z^|pq;DI7EZ5nPA5KCp7_^p24j|v^fx0p8%gRjO9D%UNW(kMc)YMIHoFQRq^XIn;Nit z0P#%4A%Os=daRsccvlwj%uBXXs(v%zd9#;X0zD!*@m^X3pUl&Mo?>dcXuc*oWpvxv ze8H)SFQQq|qg9jxgf?;*u%VEEuAnD0o+T%9FSEh{2}lS8Fk;K45NCP%&(&cOQ>NLX z8k@P`iO%eC+kERWpW2}?!I{Ey3H08tnf58PhD)8-ip0Gz+w(G&L;~gncC>0+u=aRO zI$p(*QZG3)jz7yGHK>!ogWT}EEotZLL%1vVX~xeE^m$V}a{NJm+}B@K;+-q&4pZYVeiT z5t_foM=Gve;%*Vr?Q(R)E)D#F0+#Z`@%fQz?Sg?zh10W@1rELt;hF9GA;D=LX*8EV z`TnZZ11*P~gC>YblO+4sB?Z;?D~|ENxOr%_>Dzol9bmnT4Z6K8=DMJT_3!8&I_wN zRl5#Y0wzNWkl&{nKzHdsh%i(8TBjuz#D_-(3;PlXpUUQy#0H&`U`$06RVHe7%ywyT zwo*f5dC>F(nc|*u1w^eWUG^HG^ux|g-C7m)L2OQ6e<#7zzp&JYnYR7w<$IDObn1>* z(-uMxswKhGu4LR;`NLs54k7|yK?DUUQuL>;nC-bu*B|}liI?;!)&|55eGCYzsT9%- zXsQzERqe1@;ls3z+K&}5E2i3VFJ8wiFnf7^n#=GbqkEVix$k$keHE)+`R&AT6|Z@- zrC+926?gZ?p{v|Jd0T7ipvp1j3Kc`C4BRWknd;z%0f~v5F@=dn=n!jKa z+@pFxKS!umH0-_u}Azk`=MSG3Hu5sLc1KE#FW-E@^|6MYDlVpOduQ zBNpW&8m09G=){8!>tW^}t=)y8|BBR7Ze$uIWp9WLg(&n9 zzZz|KH@QW(Jg^|+HM#uc?8ix#(ux{!EK;D!s&5Y3Uos+h+bStoU|Ny0b({)87!{WU zrmt+ZAXTKH8}{?Vrb7GF$rW_+fGBautq)~}1h0Ye#QOO)`X|!WDNwCBGdwTo0sU@o zz-W^W^A^4hxb?SS3B8*qbOz4}d=ZJebnw2ye7|+tISPLY^(jeHWBAuAZHaRj%Uf%Z z<24T{x{;8Iy0>nXjPwq6KcCdl#mGDqu%qiwVww^FwtI+0ox7 z6i@S0-X6Y|ZAf1um`OBOur!!CbaYeZRYH){b~OqxuiO4a2AK2~txR0HdY>V%BoXy@ zEVm+*1DkttCQDo-6p?c*h#z`>GN-CFs#kS*mdUtz+*Q)KIs0~ZQWNQC0)o7ag-L#7 zg5R+iI9bymlnx=o(Qt8Rr3#qIDx<*z(aAP#k46~x-@;l5cj^lqAZ_Xzn32iv#uw{~ zN#Ct`BFYO^>%B1Ao`q~D4R!0}+}YksCyhOeD$jx~DXc&4tsYQ3CRxv7o#}y4;4Z^T zXIBwfhmUS}dBMG!ls40!eJLx8Qa8*nebggFzm0Ot-4qmDqSj-f%HQ@L!+kw)(}>=a z?MbQk;w;Dxa4ofT8=m0xR(|05@mcl;eT{H3a0Wo3%S2mhz}$I1j+>y0TVd>9N0H+? zHVG^Y>etYS&#`p0f>439ka&_hd<2b^ch(c)Gt?Yd_v%~t8caqhf+z^#6nFY+WcJ(8 zgp_b*uR8QHLqEXF`!}WKAMG3Zh!NzEkJTKU=OC+#bakqAv@4atHDK-d35;k)SWaE3 z(EYs$2w#D{Lo!oBauIW@8?tlW3-=Xn^e4waXN0lO<;GLs^Oc&Dz#{T!rdgt2kUf(0 zuTe5aWntpGml=m4mWgs~W!PjeII-z>RVbxx`cnRW=Zb*kmbTu3YbzRbQ8`Ax3f$H4 zM|ap6M%V2UwW@G3`@GL8)l7txL@eqnqGUv1##pC-YCOhV?P*AH9b1s>Xc3@lu*ETZ zOU?1!aDW$BTO#lUl1A44Fut1>gJ=@n8J7Gslxutmr4}xb+6blgLh;$#AjzrgY(-w6 zyJri8mls<Ow^&+}{%U7{~Lz}ybL0|Q#9pK4H<^xebr=?K2FO?P#LCo0xZ&MTNCjSDgL8hx{98uxde>7ZJc? z=j7Y`Leo$^TXPPX=Gxb$kE!Hiyb)HuGXHyLAz{&HwD5Z2eHZD_v5p- zG!)3A`mNW7=HIcyVF7sV_qV9FM*ays!>Ox~pfqy5TY5%pMK0_YRf4a2f4~K1n7ErM4 z^gE02HG5A%D-JB+PdudM?oqKFapR;$w|3GOu&RW0 zmsXnQ;O|F%bM~PfH9X~*KcArEmW^;}o_wL4Tx(thMH0?nIg9-z($fbiqMdQ6`j|kP zK<6Oge+uA)1!l1Sb(AF@Y8e_AgH9g7QCYGJ&RN_Ic}|f`SYx?(Q}x6im_Ux$Yqd(! zl%^wpKdLfIjq39XW>fN<4ZJHrk;%i&-BI!F=R(%~j)kGmn+mkMDHaCNll^pVsh!g` zVCPCg#9@hq(TWb!m(V0D3CQWKG{5d9M4VFm5@{78>0z)@g!JqW!^}8rB+FBh#8|jQ zKs&h3@^~2pkMylMAcwOpjx~Me`7ReR*8Y`2sdw12h(dBnn>L#GGU{C|<`?ZQ`Y|#f zu!7X}Q8o#TJjb6*r=vFS4395K)JB5GM8mk$7O#n{N2&ttcRwVp750?p6=t6Aowhp3 z4;VHmvgfV=J>_uHOL3b(T$q=|j%82svk;1jlUY9h*wB*z1?pIiAKbe3EY(mi(b5V| zwx7-$Wvw5WM;v6*k->@r0nJb^Qa8+xeA|9?1O>LkrQ@DO_m*b8aQ5x<6LH$bOD|qR z$DGq+t;)m}^{2+;aY7!Y777@wkxfEgWyrolupM#f+`Ufxg@wGau1(_ph6zl}PNVEx z&F#~3Wxb=bSFW4VjoWnyvXPB!5x+=p29z{9f{ z!z8}N)>o(cr0^1Ycfjn(h~RZy@ksr&sT@#x1jtJa5cChNdBUpEsX9^2@4FV2AT468_)>0>))6fdmfb~c*5*XQl)kf4T@|2v zs*DHDx}+cWWByGk9K1F)z+Ym?Wp!B)9DUmMT&PA19E#}StCy?%Y+Yk17aQ+oNb`gj z<>k}wktyv;Q3tEA8cw$3gu^qW6jH9ZN4o21k4%ooM#SIHYpKX~TV20jeK z@b4w|fptRT*j`Uvo+=HdJU_~7Jt@?vXWf0%R)9`Q5@m$$My=AGOV9Nfas9Y63`>S1 zOyN@iR$@ShWDFPT`WB6Br}L!XY+j_;!-q@OC2}plY*VP9tH%>;Ll>zN+8IX+z}$KLm#Nu1JU&E%e(V zjkm*^CThweKR%*jikoy7ob z;Ov+(JwIdR<-gZJ4QZOKME0?@?Y8h+!mzYzb+que&vWs7ZrUAq&C(ut8;4s?^UG7D zCwa&3_A2u(HmEc zmve(Pcc$c(x0YL)@VOXP^)P-?L$Y<3+-cPV3kNoXp`x}R+Vq)B?^n?55#1A{9x%bK zQ)W%GC(!^CN=%;eawLx$8Bxx~5*4<>&|IO8<=Lsn+>q&HT>W;7B9eaY2DHz+AF@$J zs)AukRwBu(Vf)DpHNcy;4JwK0ArT2+aLPV8-U0{ zc3XJN`$9Xf!bK~={lXbTZ1u?hT=I8BLY<)}Hj0@~`f=@tsAzdZTIr zP;-e=B$TeNzz2g;ucCbNwF;*T9=@0X-|_L|G-<*%a>PCCFQ``p3J26$$gg{Kw`yTT zF&^VN%k2Mx8n%pr2zVh7%KO;uf(_IkZs(GK2&_}th}@*-#k(Qnwe^LG90(ov+4Mt% ztH!J(Q*-k*wEPJq(?q=AYm|REtY=jT_W%r#K5*gb`z3x7#zVam?jXd5w0<5rG%@g! z&Ju^md(41~SNlk3ZFj3S&YpdfxXhg5cQmol-2`a)m{T%^UuV;!-A%Yk-vc~BeOX)Q ztU7;ODcGCXj~iH;8Y&$~P`&k@unR^+E7DX+z7;IRwyr$|^eG;o06@Rp_xL;bNZUu} zk(<3e{lJCIZjZ9_dbF1j&l%)?n5XKo+N7-;vw)50>fm;5aL>eM-R{ z-1^8q$8(dfc;7gKSHKUV%PgM=IjHl5+nJ>0Vh!XXM42@hTtPM0Gn*QLgK)$47;4P5 zbUDrG@@amfpf93@wgGm2JVMyMId#BIOuz5A%+Qci?t#e%F{uIS)1f+SDpH z=_cpjaVTrw8Hf8|B7?#=_?P;#$*u(yalpDN8YE8@ATVN+xZi|$+%kR2JJs>3lMiX0 zQ%niEJM`mng*T4N(fM$Jh23gM zt>PM07mY7REfL-Dg5J*XT9_L@zbnEe3Vb#_hKfvo*SD(U^lt6H`iYZIv`!{kVVn*`HTkiw}}vZIkk9|T~sts68YT{)37-AuK_5)W*_-(O@lvMt6UL@UJ7hGK9JTG9+FOtV%A#C@9s=QRJ`+nO<=oNC8s?x~Fs5nXRa)`*0B1j|E^fjnR1J}{h{-D@? zq9%Sjek|TX!(sgM*1#yJ!lBsu)C*V8=4xBnc{azqFpX%O@)MOH89Rp|sx1hyc~n|y zq}T#wZ4yv|5EaUSUR{!ghcdui5lQRpP}<_BSx`;KNxR%Ai#0QNm6>-}fty9LqJ)gr zklHeY=PzTl*p0r#yc&eGKzl&^?LgzU{q~+6@9fCuH4c=U(Ax%^X!cyY1Y2v^JY}e# z%yEwGB~5F%HxI!S^i?Qlpql=1KVEFMul5Sjx1fJ5=D3c-5vE}f5X;i_nUfDuJD(VL zOUYR52)n=A|BwrM0~c4xFRHp&dg>(3Wmy6Xbg{X&@$q6SAknn_z7-L6u!>u+jfX{H zS#K_!kJ#a>4uGei)BS)Tv=b{|d-u${E$=c>19BMm)ZSXsOQ@9)Gga&kcX^iGWMrbi zSR#KA4z=4eCUWg$9boC>q5du3r298$hD5aHebMSb4+dJZmo^i4b2g$WL;mr%lCrXIdKo&c1Hjubn5RMLD2twVQ%-9oS9O_NiF3Lx_TyVi4L#!sdms=a-XF+z**fvK``l07@ zu;XHsHA$|MZr~YdcBJ6uGgq2odl#d%2z> zn6!NTY+~qP$5$&Kwfh&hGQjDYypV}2-hmr+MdhY0^#-}0n*?Z<*`IX9Z7 zCB4D@w3D`z{mkx?M{o~JP|>pJ{i%nXso*USp$UW*$%s#qEe;~`AZ%JQaj)k?MM(XDXeCGg zlT?u|8c+mggw+EjlL)7a)wO2=P_R3M=f>`&RQ{#={RaNjNN;n!J>R#3_eM;<3T)MQ zMXt8MeqG8+j)PGp9##t?DfSs)Ix;x3!vvy#X?`ZkmflFcmQR?bI{2zy8r!Q1!7bw3 zh-~@2(I+~_vu<9Thx0FUq}{61L)y-6C*Ku>sYx-HV^mL~M(|6Cex1}S73+S{-u!F8 zec8$>0BLvlPTyLW`sK@8Ari#8z;7@eKkXg%ZQ_OY+ z?o1?;`Z!mPkeour{@Fw_0^uY19xUbh75sBz6bhTKb(FF57--H;e%>B(AV&}aRwTu6 z+Da+8Dqf+c82U( z(c56^?$NbNc@^y`DYN;9V4m|QbLQq(1K#CfYxZ9vYl*|yCvS1hLP0473HI@&*jWOB zqp$-HUXw?NLSn`&n%f*V*0Vn5rn3V-!#*MU@*3=pgj3(g4sOW;gOwh<{$mDw{f+RT zv^}Q<9QnQ%R0Ob7k=BY^Y|64W(zO9FzfI%kbzFpJOBMK!`Va@ohU0RSnwelln?Gr@ zWIR{5#9FDz41DoEgoX01Et6zrj^|SP++qMAhb99u+&P@`-P#HqcgFA##xvku?Mu&%fv|>v#7bWMlsgWT0jjG;i|E>t$<%_W+MxSUC=X%+pnk3Q5d;P+Pac(zYz`i!^5rW$bc5LB_YHg9!$X68SBk zD~Bw0a18^#K3E8G5Oo&Zc?rOnG)+~Td91X-I*+_Uqzf>95!jRAxU?ntiipwRkT!z7 zV+Rj^Xfr?~TY)D6HA!FQ)p@a2Hr~QlsdS>hI3b^bZ&Vv!L)!b+^P_TOUif^spC>a2 z(*LkwyCYWaZ5HIq*Q-ysG|qD_0Wv_@4|iPpJb5GjKx$ruw_=YYo(ASE*$SRc7H=J} z&HuQu`o!6b^ev{ff5~d5mSV_1-*e;Er)bIVyR)>(ktJtk%L+X&;G`4|JPy|6`_JF* zNvmZ3E=3|d3IX^A*tc$}4lp*{IGUR2VjJA0ynob7(eGB+#h!3AlHyN4)47G3xiYxS z*(P_QODv1`MW!SlS1~tWD0Nus__Ycqh8&|N-{Ai&kO~&$XjjJ+r~)&Q8WQ0(HYbfn=dQ9n9k$=C6Ho81etGre@+D8 zyTE(o&T&h)3EGKTru#RDyS+uuLLEb&v+j{dCveSj(eV8Uj72^-ahc@Ig2iPc(-{=uHOMk^fg@EseID{IWiG^XVumZR?n z+Au|!mOr!-mFtgw-R4Zrb0oTmJ=LJbN+9r3yS_=r9gLOvq@93cCA8KmPV#&E@eW6Z zB>U1w0v=yKvUo;IWuJd-cP8R^7+&*0;NucSDeN`r$ALo>;n)jnsYX_7*0~voK@>s( zy`r@?GYbWLF$3c{e0Yfx^mW)ly z5U{hJx;bS-iCE-ZS}0kG4jT#_&rx#OeEDHSE?|P#=h(oM_qKENa^648`(IU_O!ePR z&pZyz-8%x%)hCWSutKks$jmEtP`9>d6-I!ur4b#mg=iwq-97D}ZJ&-Wrbw@)$YN>- zjH-uy7Aai3(r4hDFpkWS(6}Gowes(9b8s`ku`>NXGbL;g03Z~K zqtnWl2U|ZUitOPFS?l1Udi_jg-5_=82~G*dO=A8aZmXmNRS&>Uu8-6Nm6O6Zknv-g z{}^;!{S$l4J5SkrUgum!rEvrM8Y?yvTe+{~r~OC5Wcd>Q7++qUUQGa=kJ8r=8=Y$Q z(luvcmgD}bM*#A{HF3&VjSbGYaS0W()L@)YoE5e(n6S*cXtAdj;7mq$jh!|}DtG#Z z(jC`W6*fYNDl~^@mdLl9RWt&SPLjeqAB52MuQA>yF6V-OQ^&*j&V?NM_a+dMl@^y4Vg7SNKl3o#SPbX#gDKhe4|Dp+SK5#D`I|V|G3iNDVF5 zgFEij%;O`?e6$5$8%tBgg=ic*@O4gtZ%? zx6|pvy6f!dwn49w5u{BO2O3Xb;I8o5y6M!)>m7bc<-kJ5lL2*O1Oy5^MDBaphCV=0 zb*Bp{+E0M20WG*kZ)j+yrN9o?*>rxBBBeo6cH=3s>UF=sN`?(msd_)a*$c%vXLdAhAd>fce#ElB=SK&AP_!qT9dVKF1g2 zitSIyyh4`te35RCRkdtwt^P#)cJ);fXi{1P^jH>tn*6Z$D1tuGKEV-{3`sTi-1h$> z?3{u`2fH=hwr$(HZQHhO+qSXWwr%aUZQHiHr~fl`F3!}{%th{!s#L0ym2Z8|dfrWm z4?fhGA8CT$#)abX^Sl1I;cQa^tiiWNfpl9h4d17k(SqHHG-XAJs6Qk}vql?-G`|u#=iVFvy%KY>d{8!x z?9i5vpoOB$t6O(ygs^f-ba zVE0pwj)Tnrb;XG;W?V21I?$Vh2|9n4|P*0FkBSgZt}2E57%TL5n#*jLoms^C5F1c7)_9GZj{idMDP9np5f z`YA1b+T33dkysExA!ykjye3{ea9(95J044S1U?eXk>7wis+l{YM*4uwVdIp&Ra6cS zQb81tya&v`8P?XHEU5zUwhQJ1ck%Jvs17AHEQjTney@~S86tJ%u3G*)Xl{}?q3qq4_* zn`6U9wqQiyIt_|jCP6Fb^D^CNys#x6B6GD-%hGH*96ekVnqqk_s^%nZshsdvP{-=QK$ zmr&UfL3FDId|4)Vyn`~@@p5w!a9oeT2ybY5#t4|G4ldW(p=f8@w_~rZwBhBFieB6W z`kVqt6JkCg1o9xL-%GT5xDdH;O8pR`Zbp&4I6~FFQ2pY>uO~o9|54MPNNLPcC-MQk zHoWA99DP|r-wWl_e-4a@sDPa9sqM{c2uZBQ;E68OKRo}Kun`(q!mr5i#TXH zF+%W4hiKEjK___yhn{^*t6is7Ker&eS~viZBl$|fwOV2~afmRIq2hVLU9A!?h1Lsx zL$SJX+O_~JCibDjs@n`{;!@pJqC>z=!JD3^P>n^y8X$2p-g4+GP{LL#5gS*-B=^?C z81kYZzNA~7sJl+B46y)BBgLqRh5;fw))m1?M@KK3U-g!SEaQC7W*ATcRo8NBvp}U> zDq^SS789Z@G@{0QH&PHx=txOq3WxA#N^Ff15_XM*k_}`K=8>mC1I!mHf89aws?>Ty z)&=Be`*O-x!Xlt1Xs$yyc7|;;_16&l#ac0u!_+?9vQUVdcv4_88ELo@T&r&)^Qz}` z>_4!G``=B^STs0vKm6I}BtD5hv*ktQN^GexYkqQiga}t*UVO7Xz(P)Dv}2n=bu_Rg z3^0S|MWbvOkfzy(=7--`^L#8Qn)tbg^GzbfKUni$rXmLJXCh6P8lcb-Q|V$41!I(h zLX^t@LbfEGZ3c`bq6x=G7G}e(RVoFw?w6ubG=4&yOPY9RsJ1C66MXKG4zc_pI3*LC z!c`j!+RrQ3#CHk@Rhkil4Emk3EkIy+f|l9a8mC;6nlG}Jt&Z7tz1|{Q0bYrv+<=9g z(7Xo@X9@>G1bPe)7V425eUgXBZADaIqHa}n1GQRf6D3fd-x!2ngaJgPI9kdr;k2>F z3fXJz%sAK1b{rY|v=k#H(joD#v`5bU`ac}Eq>F)o`M-|aKmRvkmw}D_zlmLj|KYf0 zHDzWqW@KcfWnwa7qh)4h`6YIZejT^$M(hSgjK8?9A*0FvhuF2p(_W;%WtY1jw6)%F z4I2Jsbz5v&B#bs%wpLp_-hIuExp;okSw2i>GJNhj*R0UW_`qg|K7ZkjN ziW{rYQ3`bCRT-vVeY9!^q-is%Q0w=TgSrD~WYZ57FhC0=|k z0d_AEoBGXS05VS3Rdb>*J?;Veub$fPAS3XoN0;;}FDJJF1>fIrf~#nAHzAWM0q*=6Z1 zsQ3b>nWmHn|48t8rOUwPsJ6?qW=bcXm;a8E>NUpK=u`H^Gg9r%XzrX&EZpaX6)xIp zUct$DH+gDN1Y$i@&Jj|TG0}%e<#GJ5JOv;B{etmw5WAa3Xd?y4Zp}9Y_`xc>?#P%o zH{L?Jc^Q$G*AZ;L@ohQiGN%xNHkk50R->ZY7Uk7?G27_G>gJ^Wxj5%o=jnGBAqE`% zfrpqZE!+?D6}kdq$-gRo{*I~!_YC?Yt;+2}j)l;LJV$wC;|=BA`VuxL34olBp}2_1 z*f6N$gRBuupR0u< zp3UY(-1RE0EI;v~_-t=o#+J-_ojYBpjlUCIG3=-3)Xr^`7k`(D*AfP^w z2XzSt*WjKgVl;R)KLY74dVZhT!?AgbMvW_1r+-esdTU zymb)dB5f|&m({j>nyeDy%R-VV!5A7KVX4IzD#isZ9^?#>$OBpeNJ|7synwy?SN`OT|WFQZB7Q(@!XHi*;vaZk1 z+f=|MUF^wZ?W`tu=J=IC?3|R%$5|rE6zZf6cnKRe8G~C@#(_ZuqUw^|r?d=~+k?FG z$YRk4fZ_u(s@tlLh=@)J!nLGGdp}s$E;;sHj6~+;Kq=tM4ydS9JeZT ztrQw_&xWIF?)1Gf$NfvI?H(3p_V^Q`hYcHSiKhs&SRf}oMZ&+dTBX1Gluh)3v&qtj zgiFBfAdQ{+@!)Aqs-vPS!~YO($%?v{ijdmo?byAS4KgB_m2SU0?{3C@+;Ol?24c&Q z60wi8D*-7-FzhNrv~rVl9gwIjAwJKCgIEW7E#7o^=XZb?R0WUqeBk(YwiB5rvGl4! zu&s-Mx|rPFzDH4W(wq}$H@Du8DPSDq#067XaS|?0qC}vG?tqa0_}Mc7j|Cf_h9NjE zxJb?ckxChuq6moZ-O>3YSm=UZSBu{EW+adoKto7|c1lEsf)9S~QcAoY*I~N3I|~<| zp$O~Bi$pi%!@#Z4;p1tnn;77Ea}fdVhjddCV#NY%XxVYOGUZGd=tXm09Cq$PFK#Ys zf})jRk7AuhQhX?R@z4JGx5Uyaw&i#a7BcIcHRucb?Q&(x8LqxyZ{PG~EzwyLJR%p9 zzS1K(^J^WdJ*Y8l<%csPeJ_I5uXH;De_wY-8WZ88jrgfOcQv*v-t| zV!>s>!z`2rSAFcAfC0xv*=71&%La1_acRwiA#kCKjr%&tg>lV~NkF~B{U56ECcTSb z+jdzas&5UO;o~;3a1Qz3m-eb};n9Y7j&7+SszheWP(ea_)z!6I=b6{FXR~!Sd>NzC z9X}?D1(A;z?i5NavqU}iDFObiG#wtoya&DEc|!PTBJa6C?Z28eq8;coITSX4~o zjJ_PZ&WE?gwu`nf3 z>c?Zcr@ROhW^-Pkvs1dVc2>t{lqPu^+(`0WU3d=AIVuq~u57G~5XTVD zNaq}Sx919kK3tQ20+f_BQpEX^hK~^1T&`FkN7od??bTZ#SQMlM^){#VnlK1~XAO=+ zI%4R7iaowHS`{V{h znqrs|0dd%5$itW*ICxPeJxd}7Csxva;`|W6)m_aI(E8H|gnBomu&--h!emRx3}tC~TvjEtt%e+P|j6@4|pY>{T(f zb0=9!!S0#b=nA{282ls=5~oB_d)~%7Vwx#0?f6OGxuDcIxX(*WeN>tb;Y z*&Y>&2bFP5V4@MEyMj@j8*MrJ=tLib8F_D^UU9u!juUYI+hS@$*U8(v!)$U7vdTB! z&n~@L+zmNxs9L1pYo&g{17=5yOpPo2n(`H~J^<&DBS`2^sj2TmqZw^i7K}P>LT8?Y zS8NynAF!JRD1{LrW7^62`7Yj1;xlN`hOfJK=tHk9-GHVNo45pKtV80S^ZYQxT}#R) zC3`e)|sLUzfT6XMrtC7R&vSIun+n2lMtOeGJnoi zJ{#^KXk3fxcaL6VSLY9>kSH>v)^6yLR|zx8x`t(R=Tz~1Oq-9=O5}s4!%BC?XDF~H zZN~9kS?ip!$g_l5TV}4k*Kfau?w+hDh;N3=uS;lYkR4=5mgEh}g%;@5f8;mSZ66;8 zXRP^U1$2&&FF$wG8xLh>r~fD>TdBsppUux|iNFG=hix^bUrHR-ufP z+!YN=M3-O9N{L)v3w*~8KH6fE;GJz^5qOdij5xw4evQ7un2*`J%0ICHf8on?XMs|t zi^}~x;uxM(N){S?1c}BZloR2$S%rr2T{e=m&m$Fl6pHIdTXA$|;L-Q<1!-x-d+$9^ z(W&P0wzQEH^~6GAm3fhFyuW*{?V=HOc-{~9Y53z{8crK7-VhB_VUCgbbYZnXG+E%> zfAGXChTC0^a(fP1j0Lx~!!8z#Ww)=pn6Sm6x#>zZ5qq-^0|EL`PX(~ETNsr z;)Uzx23`%un!D^qj9I`I1Gevv(e&y#MSA{2r8 z{$SFZ=q(FzI~{jy5*_She6&*<&~iKp9{?* zQUwfbiAK&h=~5BuavLohEX4Y`g*kim4^1t0v=b{R zcGm|d6aA9hZL2+TOt83}p0)|!|E0A(&G6ClPIlm6v46vBj)IA+#;tBdfPq;d!rQHO zt$Vi_Kz26nXC?ItwJNd2hL3b$1*`5C{Co|!<)V9uhVWd>^>Vq$VYP|tfG=Ve-Oe)y zOMoAmexh##zc&+uRJceqK+6K~xpv{_&}bB_YrmKentk!Hg@==n{_Df!#tF6?NHOM2 z0&ZPPr<)b@hNkOim@9@hZC&$p|EU3Ev>!&CL?g{z%DC0nDY5tyT$lyuww2wjvf5 zosPTbZiU)9PK;GRVR}7Dr+Fojl-60sz?D6O{*f=SL-xQd1NpObzl{l2RBjWI3VS{T zm;cc47oLaTji1mvpdAnMjfDIAUJeE4Z%tvursv_w2JTEr(nvb?x={d&8*H%rbQ(ND zMsM$0r`UbneQl~VJwv`};c$SSrf-d$W1{x@w2zP6c5R7>3=EyKf z>yo;HZhz;^UiWH{^avMFr}jzJW&FQiI3Sewt_y)O$uk9ti3mJ45E!9xn~QEeaZL-1 zDFo*$jx3^Pfk3@P-IZ}ORanNBNhL_2t+V`c%mha)|;&P zYL&IFpED*vBX;jcg|zTAhzR@A38 z*%agF2qh-#uR?|!Oz~$WDWgD$&FN)nuW8VV498xBYFlpZZ5?fdrYJ+@Z3kq(wS*>( z#mj0}oON2>R&KjB{JjmDYKm~NFS>J4F5#q`ovV^3Aeiq@)vN z(IUVBx1g4D<^u}|h7h`?;5fe;avjdrE?p`>Ps_juW*X4WsN>0FhkvennSjO_;r3i3 zQL{A`c%yp9`@%vR=^5jKbB}hszuyi?%C+MLPvwKmJqYgdSnGByx#h0cZe-pS&Xy;x z51_dfhe%y(nlymjnW6pMP7(Fl8mnUVz*s|a>ibt-nE4D0*%RmDY!sV#gB>3pjgjE7 z|4(561%>9Le<&)Pa3CKJXb@dQAJVig zZQu#{S++0t6D>TX^~LAq2>CH1)l%3>v8sCdrvB4JGVV^WsoldB(MK3JcC2D*qFfq% z*c(^M3f?`7Fx^*+L#);B)ybJp=bcD6HM_LGD(8i{+Q1nDG@%K)Ya$Ay_{J}xziG{% z2f(3)0mK@SYi7JFQ?{-yFK?5f_pb*`q)%mFs6#NHm1Gm9P1x2q{E%ZPa#0Hq>o1G( z0l7B)ZWrv8OQI{}K|AMbmJTfewoI9*|>$%Of#l1}`jHV*~CJJNvY1>^M z)>M`(ge2BRGjTY{YvF<<<_TDTHMlCNDp=eA1l+SL?eGT74RMRz!7(XzN{L(ipPRx-e6thq|46OCQaL_R@U@c;r z#SdPkh#jL=k0zRaS0W$3q!jixLBS2W8sJ09HHbCzCBwJ$P8k1Yi74*Hk(A_IAK_~| zkp|2gPU46tVrS^+h@yThCS6N?x1+rh7DO6Na0zO{DE*}}RRmjMtWiFRw`!H!iRd3a z>o}=w&|mkt*?3sUmUCR<<}DLsMjsHSeskRRLfXZpOASg22N#`59{Sa2r}iK_XJY0! zgyaW5j2!gQRE{+}!4j>2wS-|fZ%-7~P0Xo32OVplZ?QP{{o4kONc;8#ue8)Z0%z|+kF=H7-8#Kw=6oGG>cFhGyqI0Na0H!@u;a5% z*o4)pIG*j{2;IDtWkK9H6@jq&@4=PB#O-@rC?e27~o$ETkvKa z=1A)aQ5v&>dAK<0Sxm)zUQu+x=KT|~!-Nte!_2laZdq$fe*G~ZrIIAWfavK-N+Egv z^dMA~uc)Yedr=(P^@3}YnGQ!2f)qm}hU?Lv0DsOkpy>s^HMx~lZYo|`5;7*U##{vX z`Abz15P4l#xjFkh-JboOY5mOHS&SNd$p)vmVYYW33bVA$Vf`x&QqC3i@2Z2Y^c!5- z!her_+I*nWNu!e`WXe!64u9LkiPGSU4b*>&$nQ#I7TWSKp4x8OMNiZHO@$BAW|xDD zd79gfzOGX#=bBaQLE{QfhO36{7*fz*2LX$Y7IQ-$d%#ip<@;K@K#1=0q^=v$6#oFI zhb`rKOXXl(4H@VrAhir7<(>#$D!?TLpJp`#RG1ii*t4p1c9Wd-`xs;LFu0xnb6bW0 zcJvMfWE1lqPInv929vlqVhN^R1mvp+2Jl)ifAS>xg@^3k*DrHUd7q93z2+MP5pFQk zN~r|*hV+yE(H6vFXR+W=H?EkOl8KG+u!u?T>XsXwPpuW^EfL%6N&c%Xrpxs}kQ2ZGn@gZ9SX6Npf-b*f zq_g5Fl1g)fem;X7-GK})?nOAP+bk($RN)0DlN@|zkT*RZ=cS_Z0lZv!;7Yqc_u)~K z{AYr1y&Oez6~IkK<`bcb0GwTR$4Nq^G}MmtiV(>k` zhuMfPRhz9EP*dtGYJ(s+)N*lkBa{$SNiCWYXknATE&a&Ujpc`0Vee;p_lM0sf|}dW z$!A~LFRM>I?r}fXU-n;DjU@v4V6~ejU_t@mq`$W1B7ui-cgu*~*6w*v|ZOhDG)bg%^@uym&#$ zKht3b<9lRZPC1&hS0{UAAk|S$y1*x9vyG4ktqK~p_q@>1OjO2-#Sxv=b4^TmGq}!d zNkpQ{bR7T6&1$1m223GkE_PKy7A|TMM3W^M&OHk zKr<<(UZM2}6B6by$HS@a#iZaSP?OzlpRl>G{w)->dOkYbctAx)|7xR`#;WleZ-U`_ zbQr*S@?u>g9J>ZDN2t< zXqw-_Lu~u^#*Y|42ESN2$kuwy6&d719^(<<)PFi;n{RNQ9`8exN->mMcBRf6DLLX= zU!0=+>|CP!C){0B$c$qh&=HRu6Uyy)&hWIr1#OqJNtd|9Jb&)cKz#J6^)1QFwg z!zM3M@Ukomb29M*?NXc-5EH2TP_QIvw`vy<87SU_EZ;@@k$QAt}U z0#{n(xX6046Eb)y;Q-dXv+n6KE@=cz`P~x|jTaVJ!^BK)0-F36MhzDmTIG_6fjvsx@_*udrtQMIld&5BIqx_$~bGs6`0;po+MB zWD`_}bQMAIKV?#zXYy7WvYK9B!aJ^&y2s3id`c<7eHc#y^MsFncG&!fFP&nLpQhdt znq1-DwxR3-da5Pe5793f(Q%_g_^1fOT+ym!-`;Jke)xe$rkpWvI`aQBa#uxG9Va94eR!#J&0B+NS1_hKxgS8*PhDSIzu`f^{{h;*D z+b7rzJiKJ4o0qsawmY7KCCRNH*5|Chl{a3Dkr6cO97O%T=~Xw91ly2O1dQV+@v$e^ zgwd8HF=+8`CMR=j;N)A%_0HVO3P?X6F9Kf4LBBS(i`WDM)I<*yt@~{-(PoB9{SX-f zjW%dHV9`31b%U&J@TQTbigCuIw=fnxO}SsVY;}irb}whWa{W3;SEhkgE@v}$Dy@;_ zzuaV%Xrj*V-G!QzYzO-{`R-mXcc5wuBVP$mlElrlZTX4=J~LmMh)>!G6Xvi4HDmpj5)sZ@}$@&;dRX z=bJjWE2`$Fh=dK39DYoDY zZvw|dK4Kg@7+?a-BS;fq0iMT|ags)h(i1!?!GBl%T*;cR_La~!>VHX%n>8z9S|iaa zKReQnqb*MxE|%usIbL7S#`Yf!Xie5>~piv(<)(rXm^*wYPC za4Ze8@l-?sFK!zsLq&+{wDQ;Vhx=HB;JLlJlIrvZ zPgWaF^2l#l5?&-QM&PdMmCap_n4XTfT3%-l0WYtmal3NxnVzC{8=l%+&x-n|B`D+A z!~CNHs3eC0PEa-Wc?iIO`2t?DocC$qCbFU9W2|5Ynu$pjkL4yjkDWm9Yc0^-)c;Lw zKEv1;?l)aXAO9WNlj_6B?G_g>&S?5!4drw6w|(sU9BxLCSq0)pkiEbnStq6SJlk9` zmg^05SPp!@S3{uC3Ztv<(9|0Z=r~bA?GJ{?T)Gf;x{<+{DKu8|S(e!x;yi7{tWQ%BPSB&((?qkJ&^Dods9U-dol;h2W2x@T6! zUhrFe!yHEmuBn}L!s-~MC zOZZ}-gY(SK;reC0`gPGx zsBAQue0xH&>&CIFf0dVM0y1)he{pjBmJ(!#Ifa2G0OD#OT5XdZ<{)*^Wa#W-jv9Sf zGE@GA`lc?Sd1>`2y(oX{vi26`{^hZ%Z|AfrI)TVh%l35 z9NMi$eW=O8tJ`aeheN-I6*d(buj`P<3eT(M2}-SG#E$y0Dr@v&;P&K(W~UH7q6ol& zI@zhc-Bqwfm@A+m;?5lMCxEP^d;>g!>67x-O|EYy+H)Ik2H?@dd|=K53DZ}eiS+q_ zyW{$Fi=12>cq0BNa%s4oi+nZY5)8s%i+=ph7*ALiX}^U^e=94WxOq5h%QzM78G~R5 ze2p#uHe?v&`F(LmLra`XxwqS%_YfQ25k0TR2>3E{tEVU%%ZtN+wrJwjVcAOiz3Q7Z zQil%jq7`RgEb9h;t}_0U?cNR=p;vp&J4ODnbk3np>lIYlW7Wm+%v3q4#t{{|j_$8X zMsh_L5YXMZu%wU!YA2id$F;J${@+gz@^RyIy^)q!BFk3KIgOeZSp*mK0le) zd(X7%=Ll^5U&V}7>=dl_;h#Xw?Ff$yuJ%9TNz@Jmp6TiiTmuW))x~W6_Hzf%cOAp< z-Q0j6f}70^QiIQr;QdRM(%tf8j44-`hA{#PZiIAXP}S%@zSMJMD2?*_o-r!+C+lu5 znp9Gm6(revNSP|Qyz=nSlq-rrV9AkD_;z?MbxU$NkY?x-%Q{b=o198>K6b3m6>J>6vW>+l1LG@f7Op;wf#* z{iwG$2gtWKfavVOvm7=qE_V-LX`=3lOb6wnHKOZ|#x)cM3uH3G34TiBjl#+&(_#A6 zf`$LiCVC82z1BOAy^M~=sv^A*-O4G6qv@VmsFryP;DY@4-#+>`L~eX+zJxIwukP8!M0exx zJ+YqY&&xA8lU%%;{9Pd+@UMz#S7UJhmtN_F{ghbR7m;N z^{JYHFLhvc#u_Xd0xQ!tY@)l}BA%m1LoIjXSOK3B*GiN2WQ{VMs;C)C9{@Xiz5OkZ znz3pnBD9p6z+hnH)&ePdP*!#AnP@u3IO8`1vckHJv=_o*U{)ew{w~7J)outBVuBf} zOm-@HBr(yE8{Xa!vaS&*`}KcnmH?Y@5qLB-O7l_wSUHW%Zdio zoW#%v3kVD73uQzKW^o=2@^^VcXY<_3vwgr2XTy3Z>uejho>M)wA{+E!ZAy*dPJ}$) zj+;d7DZ!mo8EiU(+=-$4)X3N_j~gS=;35$_|I2Ek3eyAp)3CO+ui=p&e5$)d5z*-7 z@jl2TreoG&4@#k%=TA0S}zL<%;lW zYgZ@bumcJEv}yu)YU8FeaD&&WoQ*7SW0!DTrSN{z;J<=6mQ_&Pjp~>%2gYr*OBc+@ zB8IU7BptY?0dj*+pZ>pm`>vyw1=jH*Y7?#_ctX9rcEjQP*XvJicw|IswBmA=?1|=O7JU+Qo+8 zy&lvm|15eam#vv0$_7n~^vEMRGJJ~1mtZX@&G=B<4KHsEdZ(hwD+QRK4`4Vku4ClM zmj2;{xKIYhV@B-eH*HQyCe{3kOK5^a3RpzSflMYu7RZbphXOk51Mx4-4F7aPZT-`Gr{hcz=(j4(?RB#>M*)b&ZZ zdHiefc+iHj=sc;tNUPRQ_zV%1Rn27iMchKW3LB}*T^`5Q!D@}VRKg~s#O!J7YMCa$ zjCVnd10GTOcGde-ZT3REQ*BM(ukNy>%KAylSEZyGkZXs{=}b4YBS=ZNjHiEPYJC0v&skFI(5}m~;rhHlMRekFP1DOy}y#tnhv= z&X?LDRpkdUd9A<1eO&|mug~u$ztBE~%XQ-UQ9@--5YeH|Ej06QV@0^45&mRbFLPAV zgb*nQt9h-Nz>BfV8A0`6ip0)+zM&`RSR?W0vrxSc8~5k5ZQjis zFg|@L18!i&a?IgAxE!pL>v?Dzh zN}#6xq(i+}HVODQO+1SY^{L;N3ny7HnrklxqaBR2rv62VaUxGGmqk`Hg}rA9Uth>y zl23?G`}zJQDYmsrx>cLO5_TkZ{fPslA#wh_2Grv8#ZnTgrB?1bN2*M(O_cLB*>BgE zDUtdGxhV&+-Nt=Z|D;8sBLRKwc`v2vQP6%%5FrUdyW}Q~bMW1zVorIAGKR`L$K{HG z{DS_ceao&`A6PlghK3YCikBSy8N^z~uK3Zd+OSz5rv{!X9_36qGgZyy&ktdhTq|nr9C{coN86tZ^ZX188HHKrTpH$iMIz1Hk zqfHBlr(#FXCUe1xl3)Fw_Ic0|-V`a~;LJHsqyNtw0mZ%^Df`bp@DHA{>Aw>1y)y$- zYvt`UN1{ODn-G)BEQg3r>>Dk?P${Q!9q(s9fd8qr_5O)e)&B)#?|u($02}}#3wv`D zM`sgvXD50FCT7vHx#Cd`IxjI0bCZ2xa;*2tP%x{Yo3dB@diqouRiW@B@`rRBfS z*^T4n;m#Sa#3Y_xW5zM*<8NnDCo{%>z61rXC&@F$MF13!=+qZAptrUJJOug#%D`%3 zn#AC4T;y7sTxLSlPQ;p0Ms5TKfMQ4gkuXXx^NEyWW}yV*u42ZJOv)6erBzi8RpU%8 zsu-u!tWBa~Mx%1jtW~EAFBz*B85gAmSK+3m6~UOu=y+nIYf-;%|55fHf};)lo+ zC*xQ8rTYJ@fsrvF?^T6G2~cB4P9Y_k()0>s{B(8G4w++C+g11-MOo2d#t3tOp!eTm z^?#fb1iNz}oIvv#JsQp_zaROGA3xQoalPJk`=fG>gCwRaXQq6~%%bCHQ zurjVbZ@T`AMi*lve!W<0gMhBj9Ui&kxuB6y!PW&A$MV@;OL?Lld0v)Gb(P6|v6A4dWMUg}>f?DNA z$UCn)s$KHNdRBYvJmj!n0s>${bg*fa*aR4PMH(B9%oB3+&*E_@n?*yzT8ofKB{XHR z4b`#DZ-?qlgIpn{uvyszf*{~hp8JQOPe$b8`sK4O+#$lj0)!=fItR^gz-rB zsQRS2l;9^MnJ#|5P+Cjl@{cBuUIl-Av~m8schja}L}F&NkZE2~W`EOtEv}A%laTSm zqF%k%(_rfUtJQ!o(=|i4LdS}5=tqXM4Jt$nNM*>K9_bSmma@A7In`CC7@Fi%XgH-i2-6KH@YHNx4Qq|!7oTU zAPr@wil`i2ygGMF$4*5BX~YAJ7>C2ac}M}URx7Wg+|t%pQ{eal(8==B5J~s#;G+(m~vJrfslpFleTbXKqfB>iE3Ty^T50>J2?M*= z&`isyq$<|Qz??2pJ`~`Nu=7-sm^5>+qv#PV$y0E(n!et8VN%G0lRRdL&b0o$ z?d6fV(PO87j*r~rf@HG)OS|GOHI;NV^aHLu$6!PS{oU!jkAsgV+~K_;(lG8q(SE&X zRn2#~tvQtLqja^SNq)QkXJYkdbGU2^P3032=!U9p%eYp;rOM3Cb>HxhQSP%5T^HM* zImlkS2)lChKu1}vmU)4nPRZ7jzhP~=dNW@I3}P#i3HbBdZfl9VuBWN)UNH(6tyYC+ z!?%wC)4avb?zJkIQ#Ul?ZhDvabSM$r(toykxTg1xj8Mm0=-?N1l{m#j&>a2yO=o)`XA(-7 z2vKE@UqA(Zk~~-;ihQ8+7Sx3KdJX8W!PY|Bteh{|t{n4U4$+&W@x6~!#WG-L^(IRj zDu1@R>u=|?UxX<)&gdFDCIrzb7kX}Djr0`D_g~UO1vc*tJYL2G#^5v>GhbAMb#GuZK;*je{=_` z&m(cM$8^kEFiC+)F9>pBU;!0l`f7vDfEPxWyNznX_^PYI`rwxh=NfX+q=uTR=rn_m-W=X zSCWpMD&~iO*P;x!syRH`ePs(d!xn`zb98x(N@jkde1288jD(o*#fG9oaMK0fU#LwI zHV9iKJ4FO+z=U}+VXrd8JIDK;duro^rhacOHVmqZk=^|&eb-ZHblj7iPtNtUM!6L_ z--Py1Q#aABPw|mRHSriTp0Y#OgL1+#as8QP_N>-FaG(*xe*THUbZPRIKoMh(GTD2z z1U8~(r|>~|&wgOin=w};VLm4w7f#!G36{qrd-sU27y6MGQtnoy%}x%do)9z4oaxMX zeT@Lf0H)o*lc1L!%vWaioUp~15Rxt3SwR@g6IS7U)oC~4g0MZiNYteA1P=;@xr1^> zKTf2hU6!W!zz2ZMaaYZYQ$5Lv;h3Kpp54R(SHcmar>D<4)=rYRTfody(V*K6Epocn zJzyC++w0?=dS69Q(h#%<^g_Q>!?QgYM#`Zoj6E?rln(WT_&7NW17BjM>{80mWhHNj z0!A2|n*$8Ica}xZSdxlh$f_mVmuQH|X-oj4oT*L5u;QbQX3Iv^g~rZskus(@kbczx z=SL~yK$@sT5&xPl6G_$Pq2;RR0n?#X83la=@YU~@ujDWv>%ObJN*w8i}o9&)v<>QvImu1XZo*YbJK5chJZvhd{@Bm~ zO{UZ>7TpTQy2VQOfoJX^T7l*l1Ywe!HHwp+g(POPugSWKShT4w7+^;>RURwL144x) z=Cf0I`e+)t1Fj7hPCFdw`4x-g9r{=t23xQ2iNX#zs}RlEeXF?{d=|(&JxCyTdyWel zh`HMFHGQc_-@fO9G%M8+Zx|1UJ@_Ts?EODmw0z%pcR?!EcCe4jC_QVo!-e=+6+{u+ zTut6g`cMQm>wyNPHap+n68lJ^TEI14QCGM5ylcMYQAfP84xGU8mShQXofFHgzJYq1 zh4K^I&8ZN=5cs9rH>xvwliP9Tt-bxvAeF^}QUJI1ijx2jTI(?G%2L$$PNx>DLl7=C-4A(Od8N_ILd3 z=#3V%0=K}%c94!DXvsv=T8|ufImXURL?Uo!wvB=AbE?lb6=?YwY3*0W96WEyR*JT& zYQ3&jhbsNHJ$B)|30;FKz5Jhf9|}S_Sa3zf`K6LhVK*b2AnxhTIwRbxz-L5x+ud~b zKUvS~{6`84EUc}-Ji^=2%{V#H^*yp1f4Z4w`h3DMpt0un*j)=;a4b zIcNLd?%tWreVB~P&!l)h!Qpc+-hZcIZ3hcj2uAnenodGZ4pHk&bwL3i1 z-hzE03XwAyjGNenyNOa&f2r-u?MdWGuES$CKmn%dWwwmcX$6Uz*bgh9Pkj8{hh>Fs zNrF`PTB3?U!#i-;URC!B@%0^E>))tK+I)U~fyGH+H%DY$_HS#kru07^AU|1&XGj?r zJ1g}-;@74sri8=}Y(Bo?crG$S3@Ad=$oEw5X$&>6ZgB-Bln#C|A2{@k=ND(qXK*3} zu0pKU*5$THG{M8sr*8vR!u0+>NJn1&?S-q|M;1eJY4uCbyLbBavJr(Yaq?gFb5)EG!vJ5}Fw(R`XBN>m35kT{*4! zZe?h&|BJA5Y7Zsq(rs+p*s*QfcCur0$F^bpMB{RkP+A?|5TY zszr#k^{iPbum+$o6NLtT1-1LnFA0?52V@;{@0!E{K~yG4!U-DsET#wk4@RvldIM=g zopN}|2VVOavwjq~lK~x_r6#a8ZK$!%^nczW8|BI*)XNDJEQp%*!}V!93!h}`)|dv+ z!SGCWE!Lv`JvT{oa6g>-Oo-`B!=R!M{GzD6;2@J4hNkA77Kk>q z4CY?b^^rh>sBl4lW+rxW^a%@D0^EV1D-wPApFF*tyHv{bc~KeNyj{rI>q-SV#YFB` zKnD4E2?Wv4vCM?^WEzBYg4S@brB35?*QsS&gn~-ta;Mz~5i(e zI6USI0)5M>hJN@Jf1g8-I^12`LOO0tu4(TP+7LGsYVJE=!Q)(ryBmJs?x@S~ZeGG; zN91Qqm0>jdVGkE=YT`l#6%Jzu%ki7%Ra_kS<772WQ^d|zQQD5pIxBSyAwJm7)YYX` ze{?PPRq~VXU+H#uV!#s<+`m^b@!J}af*@*k&1!S~@qkLZAW+NXHD%ZWZW5Tbih#m@ zRMb!3X@tk*g+#fb@?#F7v=X!|qNO!>Wt`11U%y;OFKb>W;V&7rC?)*R-Yn2v^dW$ZX82Z0(-l4ZGo0^VrV+yBcV!1r=;Gh0-z1V~h8^ww+WAtMPC}#PfAcK);an9;NbULvfy{wXq{w zcpw}hO;i|K`ZgTj^*^eC9QEU~MBJ&-FvgMggqjjGAu}X#7x=z8%3w`QySbfrbFCYUMFQ zm}FUwYCl^4!lLg*h!`OUuIJTKl(3f@{*hh4LUcBD-6e_3hBER&4B>=XuJVChyN=aYnc22#J=Pzg^trwv&KZBvi-9o$?o{ytko_z8NwO^?OCvFl$D*J zHTsNN#||hWzhVd{8rC;adxvf$IMX_6cQ0(KUkko!B2n3&v)|;|9fJnDq+`&=`t=_- zm@q-5<`Ffp2nBjmf@gWG0&Mfhl#BWHo4mJgD#Hagdr$X`~^H%hw5o+`CS!`^a~Cj zQKDKIriZr}HIPqLC>3+mZ>rB`kVlBNX?7|1<*AfUyrRfSMqnkEcwcLu=Z&r$1@cW@ zX-+2G{Q2z=vQ*x(HxQA0Vyy!T1 ziZE*HxwA!9+;YENRSuLc>EsaG9c!SJ%@RdG-HMiVmtjYQzz%<`GI))9a>F1 z&X%H*co#4V8|Qn+ILZUGJqMzH>0(%(h@b8tDIVbe>X%t6w56Q*hWl_>(l?&E*wy#J z-w&>$Zq?2;;^xYOsJ7i+WWTDELS(oYw*oW+HLqPg35`yM&PusCMSB@LOd*RH@GcOU ziyG2x%hVRQ?LSEeTXftXYyw0csT;)NK`bF#>s{RQxi*7^wR=#bnP@h!ps9d0a9C{( zOTA9h`qgG$Iz6hxYxiPY9TU$=&;jZ8F@=-4R0(n`l1O@gZEj#|2lp9Z{C^UOOs4Tu zl0WAz!gnI(sm3nYc8V1}*Sk=OMe+WSwCfhSdYS1ZJ2yVC%~)8*C=`}E1OJJoO+o^i zEtoVfsECjrn@Qq;doW176H;%3lBUjh~dSy-msbxp0=Dt z2_i&jo;dIMLqV!&u0z(U+)(Xhs8|W+>O+Gu{=7^(-siLzTxU0i1rOX^F8#Js7^FSt~?0YOeeF&k1p%BOf2N;hXXR zW_>VEk9pN77502Q`<>%bn3*s%;k=@k)BaDEw!EzGyM#)XyX8wx_3j-iF-Gj=jizKH z)pb#o{_H|5f3dnn;{uf^F5#sqPw0^B%RP1tS)uEGyXwFuato*{=d})SJX_8BYWhjB zq8_B0hB*}~5-#XnWwev{(WLdjP2uC-b;vB5k{9|VH;gFRp%?TY{B7Y56D;^-2ud|*TDau$h0asDyHyseZH09Tavwn9Jq}bInnp-VAnk{cm zn}UQt1VuTiXv&-Z1pd%UZXJ~7et((tiIJHdnF+h7+8HcpJm5F-A zpn!d4#u5mVV0E3Fs_HH^&rZ3>sux2zP^p8Tk6NHfWDlaS)Ot~^G(!)I5s)sYowGr3 zrb~-xL%>#ShQ^7nrS1t(pfMD39S;vfpEXodu9D}Z?kfv*be18yf71YZlxM=myhuV-AY; zZ2oGs;K6LpR|8Pc@M*wq#^F>9IG|``chx?F1Rc%|h@p-yAy`%k^b?80JvuLVMy& z;i*;hJc`l_RTyJ>0TH}em8_5h>3ohmO58XCI>DheA`=3Qi|8aS9=3d?sK~w%pX|rc z0598^ec2-=_ODu$fQ&Z((KCgCNcWfsJ&^JPACBKST56SJPoJEgi0*?dzt}LfqUE*#CaJt!JPb1tr9VyBgaR zvU7;@I2S`gy)zTT$0iC~WtylQ<^RQkY)`WO!1bUL zf!sg2DFsszNTeD{q9F3C{eoCm{3mQvo9e^PN>n*){qI*%@uGqk7& z(9NGhSm~s^T~E(7q$!2SNMa2!$#Twd;OX{I1UGA?CKG|n@3jW9^;dEF^koF*VSKF& zDGK~rC7K7Fg$lkLIXG5bbfZUErteh6WN-&>)}8LS(fcf$r;-X|#sl+EoJ;Mm<&x=& zu^u*#vwfE;kmKEx+P;yl{897zhNy}@?2+RiwY5r<&I>&sDkgFRjJz0r5UY~PrQP4i z`rdivG1nU?SSJ^MkmPsHVehG=#CJfPJN7XVWdo^<-gi9NO+6jyYF@$p_iCZy<<>{dt(nd{7oQ9AU}{pu@LNu+*Tw>ej*r z;l8g>_`n*buvfzY+hZNH4=~JqY|xNxwn)^qSf(HuopE8#E10<<>9#wl5PlQty>e!& zNfKBGekslD?b5kray={_{!BLh{cC-50b8cN38CY=a`Y>0`Y>H#s%$iyT3FK=(s)@a zWpKCW*<>cOvacef!ou^AEk^DMl_?u$&(t9SX&Dyjc$3?#IM42t*!!DY1=xeqv6!`kgn?<02^1Zy z&uT60A|gr<*nv)(U?O8*xndlsq>TV%N-Y9}VI$|^bSV5JJk-Qy0~AuWoUKe+u$rv3 z#&FOeC~ab4$&+}*m}Zvr@Kt1_>O={I{_`eT{kbbn%|ZGB#h$|?x7yZ^XL`D&wwQ5) z0tIjxf3dIL#?sPYJ|=k?>HWmmJX`eSOyahRQr|+ouOaJTW7vgSDeS)YaK^crt$WhZ zhm?mTOM(0*zO0P&FCP=Y*YgP~qQA#jrLU*saMOoddNk{%Jfi$aHBHBm$AlfRh!b>F zM7p5-OY(43<40R{)c>Vuf=ekQX5dcFwX)GbT>nz8h{lKztl_9Nl30;y@kVIt8(umh zbu@a48Kyvq;eHN^1V{;ekf=x)zioFBmi?>H&+5r#HJ(fQUPeQO&Ty!V)z`0N3OFpr zJb|D}-|DTuj7L;KI`zTeAg4|*vrrw=ZQ{|39>}3Yh?P>Lx znKc^0ZbVSG{ID^wxGqWUyBV=Hfx{pJuo#;S|KEv=c~o8X4!jLNokpAH?uNVnfcqddFw5#UsJaTV#hN8CEOFh>2zB4BCgzGP$9nCLA}=az zXLCow33;4AI2oi~@a`D_<PvqkmsC1rz(^rC4I7N@7~o8(#LS>HEZ zo|DHRRBeCaz@e7;-qS8;>zX=_m3@ieLk<;W^%7fHJWhe};!viZhCem=_et~@8ii3g z#(I9SkmXumApa~mz)Znf4~qrK)T>O-r;Q}BhZNygh)hm*t@*)de+lkD?iR?hFRZGJ zj8j3ol`H!ZTo0O<`5YV;BGZPWiE-~IdURK5>1|5`;2s=}apC};sA|je zN{&>^RtU3XA8u~sFeU;p8yh+98P3{3d5oC8Dwfuv8U;@P=cMnmRS5}*_fdPqBeiOG z!2CsX9^Q;cxk&?!Jx?@4KViD;YCfOMs9l(CzJ<+;j`cgGbDLUQlkUU1Oa=opry};3 z#%=?gg%JyeV4G~Sqzm3QFwf}O+&m59zQb^$2Ch&SJ29@fjx}Nrm}`0sLrPYf-C7Eh z%}K#FX102Ci^e-RN&J0zBc>zw+_ENOCuk1bxy^M;5DcYkG;&e)AsyPo*~n&v?!R~* zf$kc(Vdy!aN6%pafNj;m%#=7a$B5Cv53TAjn-t(c$Yu zPzWy9Qu6M1UtUWNsWz)H(^BBg^j&E1QsRT5cURa>@d})ItELudwZ3j$Xvthmo$ABKUkk?iggRKOu{ml%Pei`-e9l(D!2nWS);V7KYn| z39YDDG7}TP-)ja|gqR&ks(bx=sq(A74}GhZJ=TOR;(n*CviomkPK!qS6uncYXu4yG z)Lfcjru#!eH}3Od<|AWQuR5kJ;uR2}RZ!r?YKRW^x7CU>r+?HO=2RjeNW?R+q8w@A zV&}gwoeV?Fr=?LLIITZBz)Lf8JodA4=O-NOOi_tgQRpOem=k8aLcmHF42&A2S`|CX z;2F&(rOF#zPQdto(Sg!+@DnER77SWJgZnHNZhXv_*z)dw}gbaUQu}(=O?~ zPm;6ILk&Y1RiL=lV)z#k6VBBBfN(?jM&-KH*j_>ODt8N4LG&O-h`h^7$0@7b9bU7B z)oq&pxF=J^l?5ND`QNKVd}N9_WCE>CxgpgE*3NBJJqOutxR%G~LGs@r)___u+T1t7 zHm(t}Vh=u5(w{sm)6q(UT&cO8DR8@`$UW$k)~^i@+j9!@yIKTmrp-D78k2Q>j3w$t ze}E`YhxTUQ3W4ss>DUs2TAi&2{=-K57`A}&XrJOrRq8Bo7sM#@Y&dl-AR9WG!jYSr z-z)tnv8<#v5NdU-OxCztT>O_R2K|-pxG>ylBVXnA5N&U&%~oo{H)i!X9SYrZZHMjf z*+ASLH|y7`}_)5zWlAbdUojP$m%^r7)(*>_R`N1^&E* zjCL^*!}F^?yZ?PGKDev-cs8$yixj=wYP})N>7IStT(HJ?OF$~ZVTEk3A~Z=mM$0GL zUJPJqjKKc_dLpyw?SQu=(=G%iJ>IHtaK}A%^)Pxy2&9(8wqR=%aTVqyaoEUW zE_tSOy#Ut|*&i8fT=}c;ff7;GiU$hXD)l6q)@FF;xoGY|LwodTu_+xYh1?n=)2Rxs z%B~uWL<=J{`0{)6cNgcpekV88I#)6VJV99?#AZS?IbnA%Yd{Na>3&{i!1y5rYIybA z*WAijCmHT_W6GM$W-(dG4Yn$(r~yKxk-PEX@0ZgnWFw!;-JUwsTJ-0HFQw>nq&j8U zlk(HBy7Kx*Ec~tFw0d0-iGh$H2<~B9u+80(J;OiT17%Msf7o%IBy2H%YYQMMG0x+J zSene9@?IpNso6Q-S$L_=U_{Zxz%!)j_&Ie$Sp=123mg+46 zotW=4VdQpfb?D@spuf@nHG0G1;=q#4{tWk2 z@T?`ES&Oi>eT}28up#>-KNaxV;P9sB?E>fspNRa&ivnBS6ZmVP3t^49eAJD+?|Q@0 zx6pmFAwc#L0BfF)*`n3XTNp!u*;r^3NDiWsReVoJ@#fNHE@zfLHu6Nq{1BEHPPR+; zTP7}xPKbS^jP$a0v!M@FpQ1lXR?KG<;njE%Y4hrhBush|n?@%nHAqXEuiKN>Xh+Sp zqz$E1rGIbAgsFqrf~+?j8(UHpsCuhdNogQ4A2k4v7Dy;9`)!K~?65xX0@d5#A;VIF zMtOav-?GAm`HtAyR=t-R`Mmli=?mHuAx5nHfKA>W|87FAe>(#_+VLvQ}bS2b)lSpE{Uquwhg(}s6cjav6S@3z7F(D$0rR3 zaMlq+vxKe00_1~+W@c3fU4KBf`;s3M?jsF%pKK`9XNxvntiugOLOL5t4)#;4t&!Dg z3YKkxYu&^8DlNU6bDz$$)K83p;QsDSH%CilZ*U6FFXjAhK%RjG2JlJon-x>*+-;%2 zezS>)xovyl-g6wFv7ho@tfn2&Oy%824bI!U!TSpol=-41s};PTsy zp5Bz^OiYQ+i4YbcCsUrIe<$PfzIl#pf8&QpUF|(R^zi+;1lI{T(D1|n_1RT6%9BP& z6Uj7boefj;wL|3_1*-QiV|mdna5$x9!v^9mylRv&)HvNpc=X66WxFGg(YPLr9!U7K zE`bYmwNLk}Jj$^M|AeFt$<`79R3Jkr=R~p{o+5N z+ZgR0lAp??3n8kd2d!GPVwgr3HTfu50unazNiM&F3Zn1-2=P2Ysk#E^~I(D46Y zd~Hdj(P=Mne}jc%(PY_r2ESrlE#!@6hB~G?o;qtTu4%R#mvUL2lj`&H^6T@bi}!|h zY-#{OEBB-9(uGOlGiDH3q7oS<GGVVN%Vs4Vu%Le#(Amh@5+l3pn+=*|bV`l`xJE_Nu!CUHtC%0^Dbh6nZWP0RKz zDs~2_YW4_7XljfnM_+1qH$F#MFk6_L(ox!%S(%tP(pi}_S=umHe*s>Di>H4(EpY$< z2zGb)sj1aJX~&%9YEuWxVRF5%sU~ny`Jz0m*#A1#Z5aBDbH0@$x>e!OU9tf8J07-2Tk`uzAkx=IrOlQbI#fDdahPpDCF{I~9%fuuXMvt$lIyM^JP34MAXwaX4Kj37pztyt=Xr7^Ki*-R6zj51{ zfrrTzjuM1|7%c5{L3`O%Cl~cH5ER(Vrphmn{wqZ?QvbmiRCXjqxmvmV&3Q=HqRHpq zlWKD^>%Z@3A$FJZ_%&c8Q+n9EnkCT8mz6Au5}RE)qRuxNW4zNRKkY?93oSLP+1yiD zh=J$T#SlCpuj@6Y)DC4cQgbaU3Tv(!AXoCUXeaUGq-aq+o?J#-+W*_Y$D(N!LDTNy?_<*EI34>a?} z?~fq2#bcU+RzNXT0KM@K&RP38^Y9HjW?!lH-F;d}hFME~U!G@J9vyu&0lJe)R$L zgD!EVcgUDkyJJKCU`G#j!csmvO|G%el103Tb*t^P*oM0!&u1W|@0~1#!Avr0xKx#` z5C@6!I*hP*y(pz>gZMNum1}+U((JtK{-9+V@^A>map9%+181fV$kjbEA1oJd2N!zY z$Bz^}U0-U&wnyqb0H|PXafN`m@P`K8+b+4gwL!r1Yzo93e?&~pJm>)zCBU?F1$SDN zDRA`LPze7{J5!2cRd4&Gx8`lpPJ#Pq6ocHyb9=%6my1KwP$p&lS47@v+GzNECWuAJ z74|fG-eSEDV9G#vt6GJ5SHyh0u@=Ep2&)V!Q>6YYDg*;XS5xwZ*LhaVyNX>1g4gBW z2&!GMLSh)!x3@4}Y`sVvXGcbLYEhh_Ka58H?K;-25}_mxl6YWx&4WV*L$P)copStf zc9PA%kZ9*xZI3?He&pH1TKq$>g;IfjmzoH@M~MWsuA(0E_?bvkaP_y-+1Y_f|8@D# z3Eyy?#JsA)s&m#f%FE%AhQtEPATLDlP(C*!4rkv$+lX-F62PH7+f(%D3cA>G^3UxL z+cN>7`&#Tj@pyF{*ddI2l5Y^Cd(cZWI@5a}tP8*DSQdVLXs;J;exTO%RrgTpD{Od} zia#Ek8?{&?cs9Maei_e8Ym+{%5_d)#sN-q|?}K57TBH&Sox#3H?ymM%o;o9;)GKVEF$W$+)4m`KcU}vXtt;Xq z_7Vr9(1SoLsy=0zQe$}Y%kq-^0A-% z?RxdPK>5h$z~z~tbwa8H%(zpSLW`+Fyb%*9d$D#a#fn;^dq99bq%7jEy9XV79|T9C zPy^dm&bAG!V@Mrnh8ClS-NThS*=k-R9BU9oegfzz)&EuX?ygq!7J+Y#oRCp$r+x!z zoIEWnAtX4JegFB?-CneQF zzCj^S-T(KxM>9}z&dv(U{J_4+Ez9k&~L!$TXd^`{E#kll9pm zSN5~*R{SNHKq(2MjIUjPXXAE9z7D6>hV)Wq`L+Za^NbHezCc%T#+C;g)@dfVs6m?*D0xe;DeUS3w6n!N)7!uQ#-C{Ffogu$X(o zs@fzBQeyW0L^1J?cPMf=scq{KN3B2eMbW;a(vBVCCsj5UQyENFS1xnQpF74ShSkJF zq#C}>JnRN^Xnq;-m=PZK3Na1b>-9_u&Ysw->~$i73=KVuc`B6rqkJV>|9ZF3t@-?s9D4T9=OVu+H&btU&2?M(FWuI zYGc}D1HbJIChjTKZS)gy3PP1Y7+3>D}GVwD%y|DL`x_*-FvJH3vFkTR`R`pZD-DC5IURLXlzUq z%c|0vL9gG#k=6IU;g=Y-VcRbbd)>jqkWXqFL4_7|a18GfdK5a~BvnaCTt&l;N*b%; z65(VPM#VU{z76^U!fM?lVmP?ptEoGSw`tL7-i$AWE#*;Mm0f5w!!1pzEJf%yvog-5 z1+_+ZLD+a-+h5JNyTIsuTs`HQy6@Z#>aRdH?R{IeeV9wIqO*l)E1~Ku)Z5eUE;C#yQ;Dpp0w$T&l z^R=@chrn=+>1;qv_5Yhcm12Qw%hSi3b-zY>UxIF}cdBSv`63_cr8a^L1=A#pTh;bM zbI{9&Jo|fC&=?pS^0{Ci)WPR{4j|I8Lt618zXTG5MOBc7_MO)fZ`MqsOHK${)BJMH z{b4zAb1enI0Jz=z<^_E&`?mdD&o)nSczLfWfHTXWF=UIXPiS2UzBBqCA6efy=Fq|A22kyxv21-EL9aa zxpea|23$Qs?KBZ(ZHsawub1M)yyPHbSl*O~R!Iy|CEqdxdH}<8B_DVQ`d-D3y&>V7 zveHSNVzJK;*l5&n#iHH8O!J~kVPSd-V<}7ndLu=x6X(|#&pt+<355}sbt`q49F1kW;D+tb51x|W)*~K8w z>8N!isxdGI=f-JReBQ(m*TVo3Mw3jfNz+YSS9#gw$DMOh`YN1YtH`XdbzSHQ?=VPQ zv=b|x`Ala=gu2yGt47`aocua3ep5;_>rfUo6mSj{OA6(nDj0A^N_z_nZrNda1>OFl#YQLTJ5BT`>^UFFJEo2}T0H4o?5@gY2ndwunW_~0SXNvQO z96(w}x3m?(H@*9w^;VLzNbVHJlmS9n*SIpxl#rkgF*q+b%(9a)bw2idQyU#P%N3Sq z2~HPCy2Lt$CiE>Ym*8lfc0bHy&6w%ox_Q}^R)`0MYgERojwhtkEB#jkJkWr9so+j~ z-dr-9WpBF={XD}>b_j1>x4HG=1l!~CEr!3E!7jhBwlM!B#IecG(msP69QVr{us>@N zDOtLZbX_LENPXI;*R`xqpp9-C6ykeKB|u9$yIz4&b8=jE3@nE(d^`Q2OB(v8?%};( zrRjAEVD_2~vKv^I`;W zbCN_`t~td391fDed)dmW?Q%V)0(+ns3IY8Vf-a6RYrhB?kXK+HWr51Y|l^U zhOjds=&e__W^KW$ho{WLOM5t>Q}ps6B0&~mVpfxZ63t3h%Xz1WSoe_D zG^=r4lZ4(i+&(s!mf0f1J7IGCFwk&X(u?|`apl+$3`JAMJ)uyC zFr0(BNi)ZqFFF}ZRnXSFO&B?kXFD7AImcGaIL9E~O2IySj_LtG((fHO7f(}sKCkp- z@1i8Dav~6n@zW0mn4O`#^)Q(6ah6{ZM7w0Vjj(-azu`C-d)th+Rcv~_g~MXWqq4Wi z8{D{jX42bYV&D~u*Fz{w^=eFm7i-U&l)MJ zKb=x_pXDWi`h~#mEjrg088+ardBN_CMnHzR3opVnL-96OO&|F9nRZn2FJp1+@+BB%RcBy%04H{3Kbaz z%SogzDayAO)N29?9c_?wQINlbA5&ktJ}aeKdn}%|w#dBkA>00b zL|()_mW^f-uwXF-Y|%A9wdqw;+TXOKB;qUdRJa^u$=W79qElq6-)%T!D!6-1-9&&~ z(@$`+1b<95kBS!Qb@zZ>NaBDbZ{-#2Eh%Tx@et_LO3XJIYLYL!O!^=d*#Ub$Y<)$= zO~EmHXUf{dajfEH?pO!Nu%Q&*Bbca6eOiYoR%RCpESKy(bOP~eWTUbDn~~fJ z^dzf)-$~*iTSPL86I7k-1ZqRbCm@3b;VKZ-VZJ@jTma`XGD%= z#F~RQ<05jFz7dz-6)Ruo^Mjkm<(((q&SnnpyMbD}i#yJbv{NL~>Hr0E!DjAKop0|vBGc5{kp2=qk z*=1NqQ4E;)4d|~}_Us}Cv(LS|DOz`MmkvxP3wpOAxQG^*>$08!sn3Sq9g1oSblm(n@L@sBJ+E?V*Za%5 z*QMS>!>cMQ}7;8-ZcVCd9GGPQWC-;62#)Fd2Oj6u2p$NP~DVpaMdo$=lsu_C*{CNwH(bM{y9qoy*mjOw$w~SLG%z zcQ@u$SznY?HelGpmxHwTJ@V9@A3Cif($+t`HhsiyS98Y>RnCoI)x>g{{qI|}>N3dX zTx9+s6*|IM9k=uJL@WC<$b9wed%AZ(La+rTsMAS?NL?On?FefSn)I0vYmQE8$yWSH#&Azu`wp4_N$3 z-|dKG#3>j_>-8xs_3h=w0!;@0p@( zp|D&|5TQR4Bw6t8(VZtB#$uz5UG@2N9n5@L*&!toE>i8fX_H++`J{f53L0RVEbV~* z2GB?>eCNaDz>94+o7kUz5;Pnek}N5dGmn^U%=DB`V8A?jxA8cEQlBE>jw4&@E}%Q! zBB8ucuA#m=$ga3#E+Q8c?aEZz!$>Sajpd|xnRt1cId8c+&ho|kSruOtS_ZZ2$zbsdeY#$AmoB9F?%uaapf!5?@JAp z25Qu`uWI@-(aV*O&A>sfsuNw`Wd|Fh@baUO*HsgnEQ$$}8I{Ykk)R))s}=SjJSI7|*D=1#L&E%hpmQlae<0Tz|u3iFh+Jb5!9pI$X%N zBqdJ%ZE@_d4749yY%0kN4CwCU0Rg|EC2gK#1yXU``g4Y|`>dPkB9wX99aPRXPX?m~ z9Q9E})xW2@T6EO|lAMTK*fysOs1x@75}9_8H7hK&716WwWe;LlfyZE>h_+ifUX@nI z_UVTx>|yMWu3j^C2XBf`cRD__YpSC-_Lgs!n>=LTlmy=kBu_rqyFdRBkjamXs~!rD zQ8lP#?`2t+wJd^daopnXl(n`AfWf zT&e9%mJwnn!zJTs<8Q#=rcausZ*1E|ic={x_M>uOk$g-Sh`9Vu@{SjMzYiOG^;ij@ znQ>t^L|+yt-KBs&_S-#_3|jWKT50U^Oyfi!0?=?vXq=n{`KGs7&&yAqPOo^*|A?fW zlpkbN(CwUuhVp`jMIRQ8T6eh12%dm;0dwIknfGe@Q;wU=E%qwi%MX>G8&0vmMm-Bz zDK!s$yc>+s7`(qGHKP+yLK3EO;NQoLVF)nUY()x}K?~?68fVf8`q1Xm@oW?$e|~tG z_?sz9vWtJb1bv7k6CH(}6x1@H zv6U=sI-L_Qe$k2ABMc0t36~PLk}-=SUQx#tl}W-ykB^!H0H^j^pb_u5sKY;}CRtWq z4K2Ai*8DDTd-7NGz*!NCGLjpCxV7`;=Tao`3Zs)iVR2@aFST(rcCjt=+r>-T%oc^d zKKOoRiFba7T`<7o`-SFpc^-@>Va)Oefaq_I-etq4+ z!XPUfxV zXHZF5W=>`{sI_I&pOr&*)b>6QCwEJ`)AV#}dt5@v5J zU+K~t#JKSKc_r`Ih2fo`MOA9WQrA3Marpk;^Ihzbn=pl-GMr|HTS<~WDR7j*;qEwK zGN|^IGpdxZ%T%2#y0ZA{Ggw)&8NJT4W{Tx+PqVuTWuo4!@IQ=WZBv6kfqbxHqADN` zqzg60j2i+^u@6nt)f*9v{IN3LkaQZjB5!>y`)x)szWSVhgnJKmxRNscFq$|m)qUIWMvW82ZO3*`rcuq*Y{?4-Kz@n57b+%pRYdxz)S`nFkopG>vfv!{;XBhTU`))3T1%+9QGwIrF`5wANrlO^JtT`^F~{r3-J%d^FJqBO=Sq_^OZNuq&@O*DKveT$s9B%ro3&J%!S4E&%QGc-t?dpG7s941^tshfnb&w3Ph;EeLSA! zU)UJik3v-eGTm(=re7#k=p7gzNhr%Opd|ljm7=9Mf*+1fZ)lS>m?bv-VWnVuDEE|P z369C8@--2>i0GN@u$U6HfA6J6Z?@Zkl;#ZP~nnEXF7{X{yRMgCmoX-d+R2-n%A*nm6g>^kq)Gl2PppnhcfrkTpGE zu$-RcV5TOxQBVO`xc#3Ez`28CmOl9+uEV5EjA5lle{P!Rt8Uo>2d&Z@NT)T zsa}s{u!Vcph!Lys-9|{JV4?Ny2x8{UpSP6BD7qMv5NjdMuanY&J1HMCo@vjWxqH7uCn3vZYE@d4KLf3lX(X zXk&M(!k>>+RhX48MzfaL7r=FuN6pSXu&cxU=D zZZ$JFr$z0N5#SaPlb_WSK{GqH(7N9mFLDd?ogvY9_qX13-EGogGirZx5R;?%1jnHx z1K1rwdBSmZzJlS4!n{k*22u&u3a-b+*^qI?oO_Oz+@t`dm%7cDnU~;MeCqHLHn7IHdo0qU;zgX+_u<89Ab5?p3Vo`>=AQ?6ZFj0-V z9hZC5j1c0gdwSfbLjts1fy!*eA_S2|RH;UNK<`gJn%G_V|2(pR6 z-N+%eqEzvDnHa;hh*nF^i`~clr0`pBYVkl9em4D8qF&*$u^I7Q1DeL}k!gGfvX?Sm z@U98(8Fh4vF3v4@X$op7n;6_sv=P)tRZjy^pc!vo$T9}C0T@a&6b$DDN>)A{vCG^8 zaYFJsR^`jwrfVS+M!(&RZ&s38OLi7v`S;9@1UmyHS`(_}WnD^lA`Jf*W9Jkk3J|5| zv2EV5ZQHhO+qP}nw(i)rZQGv7-E8u($yOy*{nGDUr@Q)m=len0Z-m>4GHlFRyooA} z6mtQRzNh25(sH%GZ^VcI-9*qTy6;1DmUX^QPYLaSn?TF_U!P01@Es2S_GSWdYap0Z@q0u~7Qu$^UqE7bTRQsRWfotBSaGPWxlH(e~d>V5Gl%kFxvs-)dOXZDGi@fv+6 zdy$|4~&mT9B8(eF*LB1)pd+Gnm|}N*yugrh>xM z#UyXtn_q_qb=%pm-gO@Bby{&FlZKc(p{4l~dy!tcZUbAfn&q`Ue#&@#hw~#_V~VsF z;ELPo?D}T~_sB-;$l;}{qq3=nUM^KxpDdB=fDcNXu+(DH-o@P5@V1+15g1*yGou}I zIs@b3aIn(YKYKfQl0Uj z2DVFqMmRD~AIxSNDmSKFuGV)WWR^NX)*lT~9&h7>-XWeEs(-z*2H)b~qwz*at`Wbh zmlf+k6!1dwhwc6p%9o|$tYq?PpEraSd|VN|0dW{0^0@)WK^PKS&2Hnpdr!DMia?*M zl&$HO5HNx!{CN=Pjw_wvZARFQl%|lpF{Ow(denukSlHAmbe%ahk>LH7;D5?mg2ncv2XT3jiwe{=0&RPW{8i-T!#OQ^M|RI< zYpJ(*Yo-?8xe{`UQXRB0NHj@y!4}7%3-J*UGE+pwmouXMM!MIp?HBLsjyDp95&+M4 z1HlEEpC^U(Aj0;JOJL=usfRnM*bX6n!X*sdJ~hiPsj}IJTe{<F`oEhNA9`wD!tfb~QaF%*J%7(g|EUAvCn3=D@ z58nAUzr=(sE&Amc zapQg}>DAxrSD}&dgxC45_!_j;{6`?e`du)%J$zPM?7hpA#XD-NkXQfWU#8)%2e zXk|DD23LO`cDw)rGHrf+{d~wrF|k(&MXa98nFU?TeR7M{_G!6X+_G|+Y3n4RQvzS7 z3CEiLpc2yH2^n)~U2DOOMo8vALwZ1uJi|olp ziZ>Ju;R6|a`)cgKeBd%7`5Zg53|umbz!8^+<07?fXoN~} zvYvdAH(FPxuPSg=-3)LHsXUA;YM$BU4VuoB5y%7#w<4@v9U+Xi)$m$F$SqnYz;fgc zSUj*1ai`=(7XsdL;U3M+!}qK zz#h?{vv2701C(+tR}enBEeOZ}y=>b)kM)c9U){dH(hQTilmGw>|485ei}Gb)WB=c7 z-~WU1HKI4*Ffw4IF*Pt@r(rf>WTD|;VPm0TXJKGsr)OkkH()XTe^9>Gq_S(YcN@Nz z|M1@bxmsFmY^H0vTdr-ln|@!3Z`YkjlHM6Jw(xvAm@+W;`1R#f8s46i1FvsVyh>SA zkxxMI@&B28t%=~#In9XRIo+6$)xgcrImMXF(5cYXh`iMBafq1EIZat#dZB@T;o5^D zzs0@yC0mwg!+8;kzWqH(Ngj=R7P95Lq!Fw(FQaHCGy4F99#k97XZy@{Ux5p(iq<9* z$c@Cbtaw!!5b}Rt0DwO7-u;>)V+|9j9Dcm63q|b;rx1VqB0u~9!JKx&zlJjJB1GxP zjEUKam(95IG%{W$Wa;`m3Jc55?o`iS{(LqgW7zejo6F`w?qoEH4+6kZY#Nkz49PMl zhgAv6!d!Yq(yv_=zJaYPrE|nSf}yXR9Js0H=|7Fcm@wtBN+DfG)o|G5Rd$by9mc~R zp;px!3PKHUn0?ZZ5`j1?0(5!VZv82M#WD3E9cxMw4#d-;sDDEdH}G>j#XqJR#cI2` z`ggr9)rd(86Rr&KN@rUQ|4@LaLOiT2pQzH8mMBm|Gmef#N#^v(N1bF6>R=VlPRjN* zJ0XQRAJofJX|_YFxb33L_qG&4E;yxgzL|1OL)2gcnZNQLr@G}AGOeKZim+w~cq0?m5ww}wkLI*-5LGWX^?pc{4jL(WzpGVI=;8ShuoMeV9e&W|xZ|}>uuTTu7xu3IZU4)Lh%pxc$9v{_oAj3}xDiTCL-(BS?L`S88 ziGaz#f$Q*BdbXBx!LP%Be37OQkpcA!XN{c67+zZtM=(u(I!4a=5hZO26$^9&K{%7N z^unHvD4zC`gC|OR)I_yBg4-|#dvzQRZGDhH#?a-=?RLj;#7!e+7PHp3fm+x7JU{*d z0tM_p!%g=8L6aPvpXZMIEdJEx!LeviWXOisgv)UsYjIx%et{nv$TB-h?yfSVs)q49 zE*-r~3GSG-2)X9}yF^}yXJ!L=$~k8Me522DsIn8mF<`S+zSn+^bAidBQT9ZEn5{@; zm0#0yBeZ|e2Ly=hvlY1=ck6t0`b0D5GtU$37Rd?}KZ<9l8llz{nd7wq(E-F*7SdQs zA{la+j%~dxM4m?*Fe36{&h9EW5O7LW=$K+X(&_@xr%NA$($&lTmk?%m(??c5Lp~*S z0EHwuc+bFJzNB+QeldEqGg?uu3Tue(85NSOEvDc3R~_TEYl%?dzGI=&iZyl!zA#03 zV!j~qG$42Pboa;IavgDKs)#G`hUVPILxH@UeM&y8Bj;#$vqk{No^2sjayHvIkHp17BZnQ~k??alfD>B%CURNeDr! zVB)@~C1xdL05;ZE3dqW#oxLUFNFteUKzP;fI2WXP#Le3xDh_AW|7tEVsh5?ZrnIV?B+U>KIiUq zoYkmC|BxOmEv>C6Vc$plAy&LK60U)H=_B`<#8>68B}QH#USWgtdRNkC4B|0^NH5;H zdUUWmn(sz`qvC(LRa=|CV}gST2F~$-X@!B__S*)yt9S|{;Ip}GZPwee@bZ%zRDoU6 zSFVF4`afxpH|4E?qy1gT4|Obwda!H@B-Kq!V}LZz(3T8Co?wJ&S^PMN!O;)fX%K3& zA#2U_YU%2SnUE0l|YFElZ1y??_1nF?9q1 zx33xBkjr>m9y^Kek6hlLDKR%6A`i8qrQRbRY<@Jj3kg#If;;i`ea0jZ%v3I=I31Pu zJ2k>nC$S+BgsFPF<2{RIDUpb{o^^0ovP?%FS?3GMm}yxjzRF}r0?~+!*n>j)t&rw| z6F^YN`cJvj;Rg{geFx00u2oYO^33Zc?qIg zX_&2L&${OWMpf%5eN`Q!gD}o>Oe(skVUFL z*jQU40QEFs&_RHm(?POAV#$IQY1!R$2D^!Hz$~bBf@r@Thhp(`MI|xISVV(PCZ$$_ zEV6IJc#OwOU;s^3?4yd|o0kEgF-hBsUXBq)w`p)UJ{KmrAlVYfu>(C9M>EUpr}>9) zk%BUmQxHcN6l%nA(T-C^nMFDAqMKvC2L`|wx49g7`R9}u^z`fBh^KD{WuW0*?v8hJkETAuHns--bj&YgLuw7 z3@nA0@vGd~mBkeyI1exhUK%$MVrU2JDEE2!VZBhbWF!q-5YNc`V&t*NpcU(Oz0(EqH8%qU6jz&kxk^Vc1}6SP1|JrkYGHy^%THE z*ngRrs3utCvb~O2OQ300Q(K;ys?I23r#k*ZrpS}J{ZmARd1yLccjBs%^S6qTCmT3F zq;uhmw@*p?HyH}n@a-UHGesV;MfuwT7sXgd$q-)YOVZYkZ0t$zUJezYl+(={!}X{$U2+)GIA1NQ>DXmr_Pz-2U20ozI|sSKejO;XLu3>X!WdIX?JqE4eTZy5? zo%Hu#kOtrEMbYJ3#>Tgk?+i_2F5a7Z)G1M%Reuz;;s$+EksvPlyL&^myuN4Bi{dQc zSL(pS6mK=oyhC%fURD3uhjAp{P(B+Af(|54h7zYAANF|jqQ*Psg5%N2U4SvX zC>|@z7K)|EA0^ElvOop3HjZO116(`qpB6HYwk*^T8cxtbp!Bz#ul7z^hDg1asZz;> z;=w@zglcXx5jo}T0UYw}WRa+=s7}c(s${yI2wzN-&d6_%D!jWtn50rKLuOzsF5_N+ z8-ydYqGVQg`~{)P@+f7KM8n(r+j`VSlEK;KGH2!PxBJIxIj6szvAZZ%Q6FUA{bcz6 z<(3z^vp#}=LCL-W@5gL7jn7e)r>?cuL65tlNs9K`aQfzXzH_zU5BVU+++ZuP@4kcy zX$&2xM5;MThy^(6J>qj=$oM3Ljxx(`Ne+h64QQm7O%BHGKi8e*(Lak+(t!TNPY5a- zwpW%bk_5U~I`F(s4C3E30f`r+l5<<|h4=hj38SB<$uR7kg>T9^08ZT0DFK@bInA^P zz+;7WTCIX?xJN?nfv8bC3weRiC*H{$3Q8ci5kuvU^9<0i-N~!zA+8N)40T5CSJi@( z&g~FA(}3=VzcICiH7oNPK*0Dg`pnb^nsbJSha8b&k47=LOF$`oBD-^nj4g;lzVsD9 zmpoA577$VJT@yo>sI^6!yWr1c+xhztV0-FK?(k|V+S#Jld{TVvWdA#^_t=&V^j1tO zA@~%VNz;7k0b92NKI!U22+SF6qOp3G^}4oJo+-zM_Q0*)xjX0)J|o{LWtdJ7JOV?# zFuWsomqrJYbwn^?N@?ZY%FU{{UU1%8L z9e+P2OAQJcj~}0s$zAdmbzJAMW#*PZ1(%&2C;x)CQ^>&t0Xnu=gtv{7g3$n+DiT`r zSQ(=_X1E?RRRkS_FpI-|*-V{yBpy@^G>tTLm4C7=mohawbOMdZ7V}2T_3Aq+Lt`&D zfp^U~zRiTRZm-mK$i9P4^Kx3@=Z;24B(1oew6A!cY7@Xfi1`ML$NEz)cNnreO?2>1nh52+p0F+>z295ZuQ}xR6W>x>?qmKmRYa!$o1eQVEUxSmO(*!K-XuQ<; zY;>0ftVneKi_;=KIh!YRMI3#`su?YuQ4i@~wfH^+rW`jg?^()56jCxN*OhIz{w=04;rJIIo&%kiwa?cZl=h z(o#iHzD(Uitm{3$d;i$gE3w2@st=zQSJVL?xUk+LwpOC*uzoKZ+vE`7rz?}hOqQEP zkaM;O*>)1>e4`JX_EIL9@6mTrL06@IU*V_mwm2yajc8ZCtMmPUU`&H5x>4lX#x@^(9vc?=&t)z4Cx zUZ74gq_ROMW{1bB<5K}L2Z*_ixjyKgS2$FfPkO8P*Vwjqc{B~T%Au7;sNngghC8a^ zh0XH~@@h=K&Z|gkBxfgCGU@;>1j);-9(qJ-DXnx!hHS|iy>>S>RNcr9;S*X&6y~zy6{YT|Yw2~Q5A)lrV zNrz@gU#Wx-28oOClYSOymKDBB?RF9y!m9P^9-`h1 zqdFqNEqsU~kJXjuwY%X_`yaqm+PlEpd=C+2um@{RCFmF+L;3*=|Eylp{C_AekDPSO zn%J7camT<}y9GYaat+1%Bb1?Tm$Iily2|jN90o@Z*(Ciu_m4!wRe+j@ocj)o@zG5< z#&2UpJY6?<@dLnp_khVas9Zr8hCmJQwPdo3Q6$LbC5WZ$Jv~wv=_tnKTo&c!M~`r7 z-2xMvJ|`60d9wG<9JH~GvUrPny-Yjyou`Lkp}Thl0_CA3a@9@Og!|~_oI^g^52u2- z1)#^ZJ-|=Oc%BBN>an5j1D5FE@Bxd!z@^*_0fIcam_6YwrLKgg72hiLH+WQ=63yNH zHZP4ISODRUL&ee4`HooFen~*@+=C(ycT~beol~jT*VvK$r_JxtIH!x1ghjHk#^k2; zT9dK{S@!Sof#%9JLcH8-?5>>VzO2ah{E!)<7c`9ysh3+K51GnqVuY<7rLe+Jl{YA> ztqgVZ0*T+(5NH4DS$Ewd`0cS1K8Le$=FUVdO?sp3REn4E1?Vyvf+P1tWnaGKF238f zN}|HCK@feT4Ha1ANQ;iP^34OG{cuLxdqC-B*3&%uUx3XiiCffM%<51_WxR&QH=J*q z5enRwefOg!-pAWV_Ixn%?4A+27-cUaPG=0*-hqW6Fc1vXTlMD#);KG%oU?&7&C7pS@+V&fdTUBjl8lY(_W$hH=X*+ zi|4yajLpEMDY{&PUx8+3ELB}&-RLDVTRhd_r-tTBl&v;Hps6$nN=?EL(IIsFy=+zu z0NuTgdai&6Wr|fA0_hCWYy7beh z&oHha&+~Cu+bIWZzMlGhYhSpL=;y9sz2N{&0Bde6M;7E2A6T<7uq73n!8K$J@Dca}lzP8j@~Vxvx6T16$DL=1Bdx`zu> zIUvHuuQhLSE#|)}BIIN{g+O@T-$u&nNx`D;=sLc0&@1(*FGs~)fs z{rs(24$IaSodQ6gFO7S+R=Au+!-Uys$ymyz@%RvjeK#%q{+yQ*7(j#@VsKc+a}E} zMqEkFTUHVqn_|G|D8fAskp_bk5zb91_ zWW@Gn5>_*R`d$z~>!LogZd- zXq>Ls8w5ix=1*k6C|4`u2G*#+UpID!T?PMGgYJUGikq9&$BJv}i!+3V&xZ@yenyWE z4k43^8GpckiKx`Z?a7}Y(e27J8_c}JKiWcKa723LrvfZiIHs#nPit}8JVP}9t$5;{ zPK?9Mz3M{Y0-mJpI-Eb8&TQTyL|ETnV@@i(yI(dniY^}p++m#O@YkLKUd^w7)#!JQ z(E@E^!ohiAf1~VYIh@`L4jSZ_PxDhSiz~d)zXby*?B7wr&W$@6Sc_b{dzuJ7N=?W8Gw!? zoCvtN0f_>=J*e8Mps_v#lKOciY8<8?8pWrRPm$&+)cd{j+a2_~+ZRx|vzQ|o?s?2+ zc^_Jmjy)IAmEemI*aW34S8ni3n5c<`LXAL!CBD;qAteLbKWi48zKdzU+^0qyZ6%kK^8qY}Lw@|(iWQa!XVNVbflwYe z1?aIGEZ!tA$=E-|orR-`+iZN7ymKR)Mzl|Q&MtGB>u_cv)JJP!&Zh)yH9vpSD z6jP4SAy~{o7`a(M_1ZMoY|>2u3fI75fR`fWQ3#8$*>=C$sX@2mGiL$zd~1}bpI#o0 zz!+WqKl^9V2O_#NHH-nEr;El)N7Kj3I4W$Urb0uD86@8kWtkSrNToLEfrsCrUd|q6 zX#7a4AGvTHokTffra67!k&}D(RyEq)GmCcQj}5L#2INSp_&c+mT}@kLi$N^rb?3Q=e3*(k5o7-W~9`-$e&ih<*rLVG~~r`}^! zAJ(Irc{~(?FLM(xivDUA_r8oNL$`@B!`UOH1lpp?b_N^e(up`@S$F{!5k$p!uvp$% z3>!m5I2UGwvgoEU0)`4gfZC_wMH>o>C$V#WAE?QEEz-Ys&S?8B%UFvidh0Cs%Do~^ zeDM;GQxqgFQE(ARvE={*zMa6wtuHG9vVCq%`zkDj)dEbCpT5X78lHKix|&ek?(e-t z%#x(}Tak@PS_z{{*aI8n*oiq*s4#5b!yDl4lQCn3;rdx;2;5*CUykT-d9@R$n5uFP ze&}*%n?eljF2Anm{O0f>{M-ll$DO!FT1&ha%Tt|aJPX5pvIIU4M)4sLn3~|t5vuGQ zRCf@LkBzyBisZXrO8f&)%LyL)6EcL%m`|xxl!36;w zwr4?DKRV(@MLZ=r&KE)a^Pc-S8$tiQJ%1*ZXM%y>#eDlf0EEzB*VTDMmTM5)AW=99 zoFH)Cbeeh?Q^ntSu*$o9RhZ5=bC}*7nG}cA(7fK;saoY>?GWWdZ&TDE!GL-td*U>M z`S*rREf&(D9g=r^*C?J$p_>>vr1j~f4Anx1b#7a6o$qdZ@GJ(*IF@Uz>iZ!y3}is- zz#k3ph-grVr$mZ5cv5JhhyBLLf(k~H=yj)FLQ!O60ja29i7kmjkVOZ?+Fvv?cor4S z8cEJQA1b#DDp+*eIy|L_G>M!Sdew@yttTv}c)hnOPnY@?%X*b8c~}~fY2FZn+#~BM znY&Q&>d&=K9iQ!n0o&YknJx8x&rFG(#?n83ocI}+Yxi+}kN`}v4{ zZXzHm_-RAxc}^#3yq-KXpzba77lGIp_ZYol@IMWjV`#2040yiG{!~w;nu=5cN>gZo zI^Q#VW%Nr#HjzZ%hXT1hl;b_n2P?gP`qh=SBJhCchu%!&@gq|NHtD#V5H_0{* z!A}ubf<4N+u$+g8j&EXs>Rz03#7f%u?rb0=Ms1hJEqqz2oknV?hws)@F#Dz8=n?z( zW!y>_mSG**G7e?1oiicf0ttjo5z+R~NULk(Q7>rf`8Mi$2P3fckUR|}4WzwNWBZLX zDKL=K2#$7i0fc5W$8@B(MO@!{P0?j=;tFtq(0*%(*BG9vojjw90vir?@9Cn1{u8a{dG`V`yUZAbp^k`(_HecD&O*fO%1^GN-}z zK6gVCRQteRFNOSFC+6Q{qB&7pBJVB%_PAdzdesMe%!++(r+VWa zpZ?`%3m-;Ngsw-GL?fnKsOf$KHU4vl)uzW~(Lb)fyZwq-2f;8aUjFXvsW`T_M%~Qsdxqsih%)>!wSUEnmlCceV@RBbioE&69 zS`Rtf=2L<%NKpU)epB{4{g+FFZ+AZv$6{>!aS@f(Dp)B56L7?h+usdGJ8>*qoNrv^ z?&)X;MDIQD@VZxRW(N!=8W^C!1LFDj`d6}sQdrUyeRh`kxz_PLKRY_{f3fA7kk3~y z)>+hBfVyt&3;Eou%M8yE8a=%X7yKNL!0YyiQ5l)a#9dy)I8`7JXKBSA?N%u- zb&6PYAKnA!@-(N=i|u31LhaPjarZ^m_OCfjT3r>BNKC-IuUexhc3_rG6WjvUbBt)r zsn4)eA>`KU-JF>@w2K!0Dig!aT; zcraD!*nJF0V=p4jfH|jh?rHgS-)0S^H{Q0=6EA*bJLNOBDhV@X&Q{pksSxw)U4y8l z%$MA49*!kjHLxjXd5bwRi{-zbxj-VI+0*2{afLe{Qf|%a`HY!F>mzf258bcJhSYc? z5h)kzfRj}0Sz2TKiTE|fP9w*Odsywm#y>4WEgkP!45remO&Bivkl#o%o|W zHgx%jII4#{_U~MPc}dp_8)eA{WF_(Qs+J_TKSb_~<3_kw6GaXkigJ7=QBeNf^Jn{l zW6iGt1fKTk4M=+237Sw3fK%a21pK?JHFJ&q2iMmquO}`4bSwQEOBP7=sHgk!+|yB!l>JOsui|NrXFF zog|0*@Y~jkCtaSd1Z}o9a{eyy6EN6%Q5*RuiYGA6G(J6f^k)it&8iwf4B^aS@59%3 zL?(T{HA&w1pkiY(=JWzJL;recTjg`jS=1ztMkeWx^(Ze(Qo96?(E?u%nMu?KII{i& z)r5&E4mPV#$7k-j4)}>x8%?Kq!P()$r}oeH1L0$2FVdz-uy`|6!ECF~PvB!tZhPt` zfcLK$TH(C9$oq;>{)aOVz=r2LDkXg9&@8>LTrL+MDek3Pq$Pv4_<9shB!evdOC8j8 zfN}G1vGkAvW0nwgY>g#sdY**)sQf!KUr|rES);=g&Z6I+oJrCgT}c zAGkJW$4FyX^sM=M^y+pURGXL9nOVM=Bz#^N>0U_{6J)oVQ>yj@Epr1_szn%!_7wHD8K!Lt>dEp-ZT#IAxb)`{o^B+;c zt7UYl#yX}P@Kr82>KavrzfslAN-&m&dhMOUwPW7Af_-LP@Yn!GakzH##iK*tQ0RXtSwCFxQ6pP815JARHxFyC z!yfk$SnO1qjp$M7lPTyR4IvO2D~mc|dZ@GEzDsHYz|P_J;pW=zg6ZTLoYhUw1w!6m zg)ae`p)h)rXrA>svG{;ZKQ%4Y6CO1*k;h{P_@8`Ro6&Tz+ki2&L=;7FRe8=yr7xQI#(ooKslP6vm-Sct6>u z5j6n8Qt6)9t=#GaPh1FHz>=l$=ywzxObrdaj79-NJkE(gBmJ^eF_FsctuZjdR7Ik) zd1Cs|Iw=!jG>Xm)r(nUCMUGFLx>#FFDHdXr21gz|L<3d<`-fZnI~INE_9l@IQXbr_ zz|=SftMx%9#f?t>t!|mt>D=}p3at+o74P6nPm?{Y-cbgyL$7IpZJda8IFyCCiLJZF zz|bw5E-+Y)`&6nNfeJ(7io$=aVAd#*;_rxc%0Wu;_zPDDrG(_?4aN@6DS_rOj#tto zqX0|nk?_$p-^ot$0er1o-wup*+OE7}&lf?h*{LrNN0EM%Tmol#U|nVk+KQe`oT=~# z1Xa0fr{3M*u4qZv6*}Nt1YYE(Q^PVFa?0>8W%F$DmZ6v(t6To6a)81DUh9+)c(H>l zvYD&3SYbVKI2lO@j}S~&M^SuX7rr1U;M-1u1SpeQ4}~(q!4p>W3qED&J#OeeKLi># z7PDtO9}Am5pV+IE;4C`m@%d1_E;?7Q6Cc}+eYE&2X6M6QdC0su$P(eq#@`~PbrD8^ zgq>#wNe>Pt!(sBad*;`0uhvdc8}BOOIy%Rqj9eelKt zGxkkPz-8yD^bBe3Q>BE)cYePsuEI6)0LM+DYF!Mp$2NNJbhi`fz<6A(KEMD=r;2gT z(_o7dE0wV;^ZNdt&aEB+BqiEr|4}{+OXBdcPHA>1!AIe8 zPnFwZT8-of4l#y`BJP)%T5{_oPd2@b(l?rUjc^g2AC0mQ`yJ9-vURKDEHscTpS{5_GWET}`9Gk%)twwUR*Zm6Yh2@aFh!D&6fg`L+ zF|ZPd`v_*FWkl<~^s;KE?}<~s&-I1P3cAzq{p*^H!@SVO`!dSfVbnSXm}t{+Ic~nK zR@=L`#oF*!*_rWCpQD2J5>5?e9-Z~c@ z-z8P!83U3jYQ#K`nnJX8PSz~53P(r)D}Qc%5#bT6ZNeYuFR@74`A_)do*eZ3x(FEc ztVrJQgw;9aXu=pZt8m;%M+6e!GE_npy??G;Fv>(qqI|bf|eK^Tk4k|_KaA=cbuA7vj)ea(rzCNg{QfZ`SpC6|6EcZ$S`Vu|D0PODQzz}0*ynYplIlhY3~w54`)C)x zduc<-XmRa23D3QD{9H$u%#RPowaobi{;!0r35!J#{y#dl;lCqf85x-WdqS3(!;qep zjh%tUgySD3%goMUNMpce$VNlY!ED6N&d$PNY{>fmMaaHX{0AP}skOPHWNo9hS@Rz| z+nSo|T%TEqov+yxY0`}GtvuiHoD3Lq005o{FeMlo9lpyyq0YU@(qaI@P#`EEgKOI% z{Y&eMLo@x67&k`p^h+6p>4+w0OPlfm2B z;}hemGaD)y(B*?qbuc%-$quZpW^Wd@7Z+z&1AE3dSBBRImREaFfo9e>1APW35-dMDqY1b+m}4f~=%i&KaXG&kBuY5_V%MdLL^w@ZA%k9g?`I)M0p zPGKO%esg}=486<1xn_w?)BuKgpoy@VFAPZ7Iw)Jijxqmom zC%*kn6zB&d_`A=fxc@}Mbv$#{X$6oN8fZ3H40Erx_q?(> zf_*g!f_as*au|LS?ZbR=SQm5fA>@4k@|~`yn)I|#GdHJe|81ApBo!UIH16gJ>2Hv` zvIr+G6SW z$@nBEv~<=f%yi|BNFjDZKc|R=0sW~jjq){aBV=bo)5P$OWSH=eVwTE-Ic4JP zN7+79Igjn!Yjev$-4npH>+Nxfo0r~Z5wuM?2#FQNZS*LIkG;=Eb~E;2|^SANE+}1 z6rdK{nRygSz~}}z7ozla&({NN%6`@38ke$<`h8u7>OP_2oU^?k@Z-l1fafZQ{q6fH zBQ_B`k1ZInM);Xza6GLRqnaPg+ne^?P)6iV9=zgIbXKt06f8XImu5eIZ7on`Vu8t8|J}Pp(?VT^@2+d z#d$j|ROU;kceqETF+2^FcR;)%+FZ_;vK;7}bZ13Mq3)`gtpIWnP)-$a-1WMJYtj-f zARZuNu=iUG_QF`E{?>zeOjbto%Bm$cNH8CQ%TsU?3yE`>;2RK;D`lW`hS|qu{*V(N zcx(B{$%*p;Lnq;>4T)Qw0AnT8lf$gnEUGL8d69IJYbdlUXP^X;Jzad>m1(kpd47PD ze~%KN!yVUGqfI6VYo98+qy@U03dsd$o1t#8AWq1L;n>CQ@K^VH85xxn11K7 zhv9;G187R*@kx!Ue2xL%&VWC>|8V#O=9es6enFUlJR)roMuIjdu-n&B0tP-5Xi3@j zEKi6FIJT;seALAlf942XfAUYYvV$0LgNg5@ILD)#0b*<+)ZyvzA37CSkv9}HVtycG zq)^n2I>2sSC-XaFuCnQip5f)duYUqBkA%l;jmmElsgD@gWAALb=rCtWxSpKAdGzGu z)AsR*gX{i&1TR}?PD6Yj#)bn#u9x@tsAk8ttS~d$8_Gta4;ipJxC)mcJZ#+#LVai{ zyb2xTE^AGa<4MNrL}Fa$LEino0h}sTkj3Xfn}Rb61J-RBCy|`?CQxKgmiGzv9e-7N zJT{Uo)c2)=e|rTo;;L4DPgD;h5+KHmzQ%kX6?>H*Wy+j?LlEdi;Jq)*KQ5>0f0%NP zwDN1@4=I(f)(mqO^U4{+b*w7oo?l8`ztADShNdvuD>JUQ#ucY#rnPc>#&R|5@6S>Y0Rj8H_OW9K5MczXF94}Ys6&VrEmAMVeIaeV#rdAY|GM6?q z53*hbnsQHy|9VbVTy`1XpmjuQCRy2`rB5S}2A*bPTuxZMH8fbL__$h}3q)WG{8$Rp zwKduY?j(k`kCVPlLlpJex&c5^Xy3TsZJu>iCJylcvQZ40=ig&tbCqvHp~-mq$U)i1 zZu!#5SoES+=%29FB_M2+9;e@Cv%S+U8mU1mh0E(V_Zg7s1b`1)8o9kZG?OC+^C@VZ z+G{BnDUf`>mcqK*KeY>-O{QQ$N=e@e;4F!G+f*7U5E+UDdp@ZUvCz!j(Toos+2pLC zSJefr2WY>=W7{==IC2zH$#+C3K856*0p8$sp7W~6Fuz#Uc{a}yV2T=5cBq)2kxMpk zHC}3VcU=rhQxnLR_@ZV_nZzOyWn9auqBc8LfWq124sB_5HI z$Oku$`4G!2$HIisM>>t&9QS%MR0Sjh(toJgRF8LVlIl3)LBb=LDO83|7ofv50hVB)-bKBge1*VihpoO@6yC4 zu2$4qewSl!bfphP_80FOlI?7ip9VsDYi_TDvR9K9$hKI&Sobec4{{n@lwiI)OLp|X z9NUx!Xon9N4TG-j()be@fX)XQ=XWB(!5w@Ga^~v3 z%84pHOJ{pMG)C^LiU{ILN-HYbRw*V9#0?Dz?*lKH#?Md`tmDG^-z98$NW%FqV|=o` zBop{WgEkdsvw&A_?m$GQl+{);@r1CuP#Hnee6LM+erSA(>4lCQ_F7io zx_t4S2uroZnR2;<`x9a)to_*eg6z_$7&jO&Nm-1_5~2DcNHB%^vh;?%zy+@Ba|W zy^{~05g5(T=%~qNJoyiaLkcBpX8_;gzdxtnL*Cf3$|*ZsIN#z2s&SFBu()$rM&#Y#u(Lr^+qV z$Utq|@hM5yS8Qj)uv^mVnJ>PGa_JbE4EiA!uF!<2T}|ioRA;lUE_1OJadTq0@*4B( zn$ovS`b1_)urwtuav-5w4)Qve6WkYUn9AD0@KqLUJBT*fAn2WAAF>R;-5zYDh3{gd6A6&&s7aMi!(3k2xSIR)cI3}T%&oz$T(TU=$ruF@AB6|-K)RXhyVEGu z=m0LKMH8tXCi&IN1mFU8UzIg39@(QdY&>a|#~ABElBf*gpvvKlogW1d>yU8c#Yu~p zUZ?&t#_IRVA5Ec=cykubA@&nJ0-VpVh@D7pKgi6&T_RJ@HiX1ATLkiip%@(Q87Fxk zo>21?`@q+JdcnY5)9yscn?L^PnFqxgB4sb8w80Pgq@1Etjnvu&w{we%=HB(?`J96e zvQIi>(+J`)gAb&^^&9*HCG3**O3Kxx{J1SO@;6N-3*A>UQC^YNJ3DE@e&tQjhOF*U z0NVQrRS?p(;-BR984pkXRl}S``UeAyuZ~Li==ACULX*$r&MMYN+qP}nwr$(CZRbt~FH<#D^9TLV z)phFh+H2cjE5Sy`KTw0e5`HbG`SY~5a?GqpL45tWDi`^26(!gtUL9y7k#A zfE-LxAg8hj=$NF4v^?lXf8oH9X0{L5uma=01EhU&C<&G#otd~HtS=uf_q`W#r};<{ zni3~4mT;sZI=j4?mm4rf(7|?*RQSoZ?7KeFzt@DOe(AGVG~{HdwHhYo)Xq_xy}*l; ziEiQrzx4oDo`ichxS~1Lz71n4_+0PU&)%uMFA8j4Lu6QW&|$!@azuo(;H?GeDZ`Ss z@P8S!`0n}aWTQ^d2Zs;FP(*^k-10)ab9j88qcinZJ>V~-Xk#lUN33Gyow!eANTem* zXiw3nuFQDM!S-X#J%Q%CvFUg_i$Zj#9=x`7ORVK+OnGq_i4!!qomzoB4hqwkV9E8b z&hjP^hO0KwX7`Czy?kqjbBBR{q z$K}d(1V3#_CDsg~NmfWnxg9x`uO45}YaByw$dH{rqUt*-3jxbkOVx}1ryPq>7*WkEfEKwLMBwdG9F zZ&=F(mp1WnXUurk`o=k!-Tr$*JNx(Mhno&N*$4m3qlBf1 z0mWUwtmj9l(IG}p)1BG%)abeckUxV+n`LuXPIZ^|d{oh}PVYJ5XfB;tJ%kRbz@}(l zC61dxQYF6shBiF~c9jWltu&oC3xRVhHDH%dGWN?<+;@78+ce zrSN(;ILxLg*%^?=V_K9H?tv>p>8$|k_26*t<>tIDLL7~(fX^05E$s!=_gVpE z6f#|nQf`W>?UXmmT{m!d(cv&OiFW^ZG$XXYAd9Mzbn-L!_JEfDn1;u$TspXs5?!fT zWAT-Q`DBiO<;=xfS>|S*>j68uSIvT2Kd_!Tg)RKy9(q$USoPxyJ`c5G(97XNQ03l9CVCf~xzEPMz z$lt9V!FF~fygk8zxb!zKtrkwf(b0SH#~zLN{RBPui=iW>MJN)uC^g*d@J9%dUBk}uyBKto6$--wVkCLQ>8RTL>4~YQgXe$ zB?#vs1|z%rxqJpvgKD`s@*XeUGSB2$V)|m%oPjy#9#oDW8)3;Uxm*i5OU)aV_d^hb zeTQhT$4}t-OfKrZrWCF}v2o+v{-M13>_6>PXNc@bbZZd3g z{fRhI~yVe9!C2-ue*9O z&)Un`z#l-35A3?ggC)X1w_SM#mf}n03B)Lf4NOOBLtEb?^H1JLRCLEL{TK_n6Q$(k(WjZmj5`XB=G-i~)=2hUre*&$EBBDS zkfdw2lf?2 zfs+_T7nrLCDgW(lX0Nz##gLbKAe&fj-;JF%WhoXeY_so}`p1w?l9I;9usuv8rbjm` zFn(D;%#T5pDMqipGY02$3qggjnOf>vch|o>OsJt}9u`_;Uvk4=bo9B59SuMWcy&1p zu&dJ;PDlWG#{Y%MA6CZKU2-dsK-L6H1h}dCg@%RKil38x#RFDT8SB+~y(eDfH^mO3 zyWvjD7!4uSsZt-GWRGHC^+>W`j_n%Ou?tfk^Z9Z)fix>z)5qPup?Nn~eA_qqnns4hogk z`>>Q}mP2>|_a&5wzCXDB+I?uM`Ia?aTcLjcf`x!N0!pcQvqy{M&{_II|LJnd9TEk4 z`Z5&f&5o4XVgplX7-{4&QSl>UWI23l%|rMSArVU|o{n18Ey@6X<_irlc?5^+Degn$ z)?B-8*Z!srwjop(0`Y84wz)7LghkeNtMONfBELld$S&^}@5t5=Z&+E3NIAYiEA2)F z16aclIss$QO;q1zavm0AX(?#U{!|W-3}uS(yxB?Al8p+Mq5s=1!ajnG`A4wxMh3o1 z+|Y0ot4j!rF9O$8X=0nG7x|KJ5NajOXmT2?p5_feYni}71ospT8`i+H#UF^5#eAqx zEL=yv)M~kXX9rrWLDiD05K)6zbYmpn56f-aMSJpgVC~(B=MM~9+3s%^rm9*?go1=Q z=-q(ni+@RlcWO2Z5*aX|soC(tL$r|p#E6)LR8JHuKLxiqlsG_b{o$wEE?AdK&Iv~s z&)MBF^^_fuwFX^1GQ}xFgO4MpN+HC&9c(}R|12^t>25*^D?Kq zA*ABRn8;%-c5j{2V}nRroU812Rp&`?rW&4&GVIG3tqc^vX9q;|hdic{6^$=X+dwx1 zwT!&X`h5%leB*h9{Hfjm7eO$dfGm-D^7=#a(}XK7o zBUMKYap`WsKm~AQr92MRoDpy)prUN1oAh>w1&_9lMVlh(-XNiSz2(a*hFQ=3OGIvQ zDJ4Ufis(qW-w=B&l*{Y38O`?%aG$#x3~K*Q*e!W^N`?m1se!^Q5VWy`_0~SJ-0Z}o z^Pr3sYy9cJorAQqJ>F0vH%?-T0h5_;q)N*7QnxSh=~ZDmWQKD0g$&^3ERS?bWYV7D zbVw|V3fv9$DFT?shS}a?g^_2scvc)eB~ln)f)QU+!}w={&~4xFg>)s={I*ZpD7yRA zlPrq_m;431r2KxaJrqy-;PzxbofJ?H2Bm|4qIN6mM>-pOVXgFi(c9|l@_59I-eZ)_ zYfUdL_JzEKXoM`p*FBb;eSF@k+*IFIgjQcF^4&O*6Ps?)pJQCo0~N+Haaz`pQUD?D zDclbK#l5-?0l&mn+yW&dQYaJk!NSa-slcWaWhn`pi$;e&<040ElX;Q#d#11&Vrw`nz zkSL2IU8MkkoJ0hdF*0~nd0~jgNPG~e{(-~1`cP+U;*WU|L4c%&T7jq?N0r82NSkG$ zwxrCB{Gmx=RLQ@?47R4Mo3wEvb+ty)?p8+RReY2VmjdRuGaqO1JSV@b*O`MWsCFRD z4dQBw!dm}UIvyYX#=Kkvr)5UYuXOjC{B8y6xB(eb?kztHwt&PKi&|_C68K2a$K5@F z(hi{Qm(3wDPVZnu)(V~owC6qm%L$11V{$(m-Ccv(ZF-Vc9%hHg!0M1hH+qgqS6jum zgpZBz*NB$+uHFViDzVmKPhc!`6l&_Ag)Q*gTF)iMy2-N|$*rxun8~j=<{4hAcHheVl(IN$SjK z@Vjudr%pI&jJ* z0|IP?QbB_93UdmR&TR`)V65^^^d~UFu+xq}z~PZNO|}-k=gwMf3wFxb40k-BN$O;joBMP^@VszOAwJ^`tIA zt}4B+^MKuQc}@>830&~5!_hUI4RS7WWrVx#Oz-<5+}-6cOwiS87MOx!5>$;B2WDEw z$Lg~=QGEYq%pqVfJX8hqq&w?W)Nqm-3#jU1*@%TfAtk{44p^;QKD>tcAKMOjx| zAk7q%MsQ=Q;N|A^=Ctq|t#hcm5kWhB;6a{d`Ht7Un@wxs#osy1&hN%=RPy@E#>gDU zh>o8Anepqq0|W9boTw#J%G9d8I4i7UiLkIvY&#wq+_Oq=2-mcGLl>lE3EnAX30n7m_Zp{(>UG3Q1ZWwHeg0%rM9k$$gF=xrC z48KQx)SGDTtoHNpBN0E~S~vPIFeL!cEa7lI>&>p+CN!_97lkjiD-x5dmCg)Kz-tZb z<<=T*ou=WXlu~gebf#!(+m!r3^K3lju7^X(NNZVfMjRKyKc~+c5QS3Tjj=fmL@lht zyCKNztYdAQk!f5=?)C3!n=&BJjx;dsmyHG6VXag?7)O`$Dvm+sl-S?@&G%z;IPyY& z+=_9jEQYaC=H{{;tYxRr8C~VW0Kau&cf@rVB%AP$tl%)Hbdi~dk=n;9o>J0n3sx?G z!yL7ka7p^VHP`Q7#qCOip6Qp99{$?t{$QU1~KVN2v-`E)&H4b$*xLh?WlN{Tme5@LQfXh_09{TfU!K)% z7ZmvJ&#;{3umCs!L5JXkZF?nu$@pXIUo6R=@_Wur=GqQup!hkr8S4)K>!9Tfo&gJh zK&g=^#ZZb4x(2e@1`3d9mBzi+1lFWzI^JQoga0WA`=r|(DJ@;Su1_*6KPxuOm%$9% zQxuh)m%4WnPC2K6w&hRApYEN;ig)wBef)may z%){fZeQCa5dh_W#^teQy%DMo(CQ1B$Nn$H)1SJLOgmOA2|NI3x{PYSwW3U0CCZv9~ z?5CQop$1o8y=1bEXjauGe$WxyX~USv#873;Q}||N9E@006QY@w9^PP0;epdm!7=Jg z^uC~}M9vK?wv0nEuClyi(2h#ui%g5J+t=DogtNa=jv$6B_e! zHawbK_5FEu)Ii>CC-7bG;l~+zbt6BRDaQ~jbT*#wH8+F^-kM@WqGn`>>})U&4BVCZ zBWueet|p)`URFH%S~S$R!;4(@Yd_x5b?X@LzL7!?BmQzw9`09I@GAVLy5<-5fHd$8 zrg-#(wV>I681cbn@KG?K5X01Maq~SulM*-xln?0iM=ZN;$;ZKAtp2c(ZX(8s)mq1i z&4FGN!e(&^QQ{V$qTsNNzKWBh$h@qU@unV&)QI5=SZMkQ{rpg=2u#x|WfU|o^f?{h z?@lU4^j%c~C!B_Ca4blw<{1cAoe;eUQ)flQ-ZZ z>R~4YcGj6!6^1)LZz%4#^2?meLQ>v5nX~eG0YxPlOo1`sm;$Q5nRwbpvw~}zOqWR1M!5HAStAEr-N}s*Ssno|%}8Mg z#ut|Mjwz!pXpio8H_Q~Xmw8#W_ON{E+D%C2CI3;xk15dgul?9bD4oP-g~w(Z7EF+Q zikx$1>VB zA%FB<`k1M=K7J>6Z@^%s!eorQgYxi=_m9Bty(}mTIKqeMls@qZZG?DM&{LCtJw;Bl zCr{p#jKM0s#W#_jha(liyB1N5es|TtjHt`d5O&N$8~^#?y@p5mdAD<_IrZ~OwU>=; z@WPnyU)o^2#PqN`Ivr#vdE0> zT9f?WM6DIaZcl(T7;c^2>(*T=k-OW%tC}l|F+gr%(saq6f`fb{cX&vqD(KAuojP40 zPMgiBpaG5t0J5LzGf6vHWMM|9m0_1UvXJSa2b{~gr!uljt|m>TrzcY2$T?+MFb2W< zC!6=TFIp?8btgSV8VxhUMb)?g_2s292rZr*1sqfy&XOlIZik^4|#@?iq zG@fW@m%2Cc@bgK@Y`uamVU3P8t6YfKyyq(V1t9y=?QeQuNYs9o3}a0KH07+zzB&`P zk@bB$1L>v8_wO3vzjHY)9aOn8)?%F)RAzXG^hi0geSYw|3!-sxi3 zjPMYuHYueT%O8K_Vjz&M2zn&=P7}dGwFpvlDbZPL{bwX!+FzUpLo^7e5@HlpqA>uU znVG@%OGC;@K2@hWv`Cr%0ciO)Y1O?4ox==KE4D0_it{}%CbK>Q*5Ed3tv17uVoS!! z&IP}83*U8b!AqvmXY@Mdz>aftMHhOrX0{z~~Am<$Ks_PwSG zY3kP?a-Q4GI7YON2JuszMIJ*HVyp1#_; zg4@^t#Q5i-GA4%!{bc^JtyogTy}TNIp1HG<4C*-Q;`U!dg^WM&|C`Zepv6A(|yy`8OLW zn0PztZZV1BK|nxYKy1!!r_YSfWzS46tqt#tr_b~+jju1P56{hjLX6HWrN^X4fA9AB z`NE=E^OY2(j`&7p=`A6JJtXpddOhnYJs0O-f!ux=qGZBZ`d`M5p z!#U4)VS$|ao&W)U-~RjqYf@zqQ7YMON4;sWSN39h_N6`f2f9WmIzH;EEFh_h^QQCO zpz@NbSeH<~COA9n4!Mc&*d%|11>i_7snBx)=qINUjSU_4v0aKc?l6{DSmLIIfDqhK zN<@YZyg`EnZnjsIYnP~xL``yoF})}Ep1p=3?ckbl5(oJrs!q3O_T4b%0P#o;UJJr$ zr-3fKwfCCP)k{DzVVi3SO2@F7xMdHC>wu2_|+w zNMvO1*_yNf=HLL%DWpvmD}4&%A*C&In3S2Q)kuGmSh!!9tyI+mOkho~!Eu!FRc}sL z0;K&>LB8s{jKEzXewhxAEcQ5=k`LdkgHu+6wu8GUi<)a7m`!56+w`)*#<@nRAWr2D zRN%J6pZ-<-9eE+@X9nH!rV?@7w)s!{9Dl=`-MBXR-QK`3S@*>x6ItU#a9n7ZINLU3 z-vIM=1o`@nP7w)RA+{<#Gs~K=e3luma|%dOF9HlUFES&7=72+Y$KD7F`8HA{A5yeV zpIGvCSJ|(c@eAmyH58i>mZMx3Ud#tGIDrPPRK8Su4nt`s-lt!W3J zCH8a7j9Dl&47YTNt7RU{!}!K6b%w9^9Xm!Shd&(pMsCYcGE5AO)O7=LtqA8p427X# zPUPFSQ5sCbI3Y>vVA2=Sv(0JFVY=TP&TUku)k79Jn|zqbu~4xr1?O za@{d}IkA{8R4bhuF{`S=lOgC(S~O5~#Bs~EIM^V6en8$I)w|1FP>MtiQutISVetZ#v!|+=iwcxJUrCEgSFvbtakAc1Zp3mQDF5q}*2Z1Ax(L+c384a> zI42`7FG&Vw!c?>~n%mD_nZJqw&*=~+CX_6+WODE?l}@ITG0;{XH+J=uZ!ubtBSM6J z*ud)Ul^1;`1w*^-QMUt#U7oA|-ldidOFl@tfd{t}Om+5Qa+Q;e@0X!(@lYVPj#XdY z?Hk+KL?)-0q6M}_R&o;h!)W*aumrwCUa`D#4t%aI7+%>kW}>9x-RO6TO&G_9oW!JF zj8(^eun88BB&)M#knwjebWOuRNvJ?43W}bX!Hw#>@f9EI+`IQIkjsv&f`r+PdCLM+ z9FJawi_Js>8;P=<$iOo2+$Te*CLr2CZVNh}-deDkI4?mE zxmUl!z9HYj)Za9uE+`WyTUPN0(_oxqSGX)CXED@N7SC3gOmVLt0_{0e8TtyUDD7-IfjKv z7uJPBRrMK-5Un2gm=TWbZSVgZ2iShC@Z6BYpn^hIjzNT1OZau*m}DN8-%TRQ4Sppc zED4k$YqFQZ$~m|R&HgX?hI*^cZ{Sq!i5FS#_h*|WX;AEM%LC=pUk@e$Lv)4XTF)%} zV8b%y`7|zglQu%0^*4Hi7HWphjbiK^o;)%?<1RqgC3tpA3{23gLaR$Qn);D`%n6GN%-01+lq$Yw!oATk60u~Bo5&fXE7+-g&{PJsjRsw))KW2ugB z+^Rw0N}$-#RxCssLW

JZgz*Fh@NwK82gQJ1O15ru9E>>yymZudtO(4k%yul=&^F z3&3#+EPkAE3JKa^01YKSE6a=cFStMbRAZw((rhF`mVF}a;)hVIO0OtJd-*xxS`pTT zIm&D5#*Vs{#V&pMJghK0|I|LFBu)D#>hv%o@~vA8O{-F0RvMj86Ss}BkzK4@6a(Lh z<_p2Ozo*%BMqXR5c!2y9|5(;tyWL2t*rQqI_FmZB%km6$!R616lXV}#x00~dmjB@Y znhI=Vy?X_d*{e|pyqk|N9*d(x=dnWtLHQ8a7>!d~soLj3P9}MfoCm& z@;f<$RoVV%8nCkejG|fkX>09_Z@lUy6?!2EXIJy8nd0~yV}2LT^CIv4UW*-{=t_;M zVET61j+aeGiiZ1UQz&kqsG{E8n1idqmtrbWVLsg-P|9ue;>;<);ke9F<$_VB+8uPX zLJuu+ji;HujFOo)mA11@FQW_n-X(mZ)IQX>_!FaA(;FQ~c{NMjDf{{qC&?(w06O!=G=WU>TziwWG+3Zhk=faVXoYA zsFy*#IqG10zT0g>ML}?pu07OmbG!8~#qnK2bkvs8JzYS-xIy?zI0uGF`SWTk!M-dkXA_H!xNoS^DDrGin zw!EkgFneJ^(H!`M(=(%CDvJg8but%A=a}Pse>AoityEt#&ZckI0lfVfRKjAAX@chhVji?bfBfv zO=M0pRv!5;P&W@XbSIcQ0?!bQPjMmcr{sz(@Wf?Ns`=C@4`!$XmPJPx0ytXhpMQNc za_PRyuoAt0RuK{lR6I&o%%|ytHK{{8hhpGIx0|t9>fPFk1hfcu-oK?yC4QI-&CUxG zEm^t)5sFgtXpPLKCS;+83>oNN_ML8Y7N|WV^spALB$k4OeILQ0)(3!VWa)@sqSzEb z)k2VOhN4oQ9!}NLzR35bD}fX{uE&3%hT$WFjj(UsF|VD{#1i0&&(Le_5HYjcSG1#Y zOeMRje|*NnBXQGf+k#sk+idY7$Njz*6bHg8umsOatFl-s>1O|^-b>x3V(H?v-*(@T z*M6h3hlB*ZfyhJgAT0%0eMWAwQZh@!X=CRHx~Nng=O_e&TV}4;c?Dev?7uf3NF-tp3*jJ6_nz}(329{VYn@M}q=h@#4UvI*)h^m8E-;uq zCu{3_ruWNVd;QTTD=&u2f5;!Y@!D`6kv<8F%sDQf$wGchc9Tsbtkgqr>|Ld%AWG&Ujk9d)`^y?kmQ0LG3Crr3kHT; z4P%Yejapf2D(G73xTo90&|0;owNdi3r)vt*u(c!6>ejoe$bWA^yfV|zAhT|XI#9sy z*=SwLb8~EZtG(#rLc&0GtIY+C6Q-UcX&lxH2td!b(}bozh?<)rivY_kPz`BPbq8*a zotn3(!FKvhY`ogySXSvN5@$SordXzP#tCALb=cj5g9)xUJZZ9pOx&clY+-VE70!wR zq5X*Le2lekfgj4}G6%3!?6!kQ*wt8R=-eCy3 zH)V+wlWWo3Pi?!SZv)!JBmz{8oBwogAS^gjxVEiNe|2%2pYiqGJQR`m`>f=&B^w7a zcV&3plr%+w?!2EZS4TeM3Wx4MNF#R&%Y~ba}I*2a{Ua1VN1X)GC_aO?_09^Eb zM=X2tNYplqc6moQF)4uAlTB%MWRekbEfP(6^%;}-cV$?F$rPFPuN$LUk%Q5Hr8hO> z$f?J66}QV5#3GF`3eKN>ojfk*x1gFOdl}O-{tci9-iMZ zRHfp(ZhpP}z)VzK!AwYrmP!_yj^%CKm_y3XA|0r3BDJla;smImtI|RYY@KlsSGLP7 zAGOBAxK)6bg%s9>wz&E1z))iqdUGzumn&uLD#62QLF)xb9wlByW}+KYJ%)9Niv9v@ zuuw5~o_k5+LqKi2u8GbJq=!CZYbbjcJpgFIF=6KV<6ka*3S##d2q@1ok@cs|lPvH= z^00X?{5i%{0uu{~ftqUpYr4=l%r=Y{@Y z)z@u-olCktQfY%-3C%|d+CMw!JT#aZCv>HKKu}eUIS5SeS;h}E-iLYamwd&Ui#l<0l|L15zx&Jo8ZoK{}`vX$SKv` zeJz*Sr22qMWPFXA%xf%k1Dcm`C2U(w+5-b2a85zQ`NAlyEK-L!OiS4?dLWj_vD+GTyDfQk zAWrGBHx=aT>lN3wXV!DqXMv}By`!AW5U`5nF(PEj-{=FKA{8|ZA*YyRWgj9Ba6lmh zkn+|v&XEiBTs?Yvrk+nWt5`|~y$`4_9jmoM{APr04#OG&NSs!k0ZK}o3=jcXIGt;v z_Dj_bru%tLK+A+!-{u+@HX(Lb6Ss<3Oggi?Ie`5W;k_s}{7Pa!f`=+35Tsd#PGJH{ z;u~thAsnS$`hn@uP zard6cAfd%*>LinBpNruAy9|=e7zOvJEepy)WZFRsi6R$MrAlgbos$4*!*4h8x8)X0 zJymGe6H5)jh(x^WEaiNA3tA!HIdbo~K z#W+M*9f(t05qy5BaHAhU)t9zkVRqxcqu{U$EtJ@T$BZ-x$ZOyA?LBeLzw3ymV2zIx z@_o-;D&thu8{-0r*3*^99A>6Xt{H!FJ+6!jn`BsR1mvj3v+uG0%tz%tT=g|BiIFQ^ z&c{BNp-{73@n&E^jp44>W>f{=FAFYRb>?d6oc)nr*k3$RA^QmMNFxjL923tUaS*X@ z{)6BmDHhN=PFW!97kN=?ID*GewH-0r*yA|{Xv_)+1ZA@-4%1;`YBu99Rdsy`Owf4N zJGx^=@{AE%?1`ctF9y!+W2FWBo!IILqMj4Ko!9;d5q6GZVA_C;6)~KM=GFR9L-9n^m8FW!$REbCNa5M~uFXE(+)C)S zHuuTL%%BVH*oz`kjc2sWSfP|2!TZ5-M6Vq<2b~T^VbKj4UDQRU3OXuYb28!f0Z3Wk zZ*W?e)5UrT4RNsdW|U_4MwZOQkhlXuN|}O5lB;m3Iis|cBU8Q(*Fo8hB%dD&$xJr~ zxGb*kp(x=`fN?L?5%wTw-FMRTH;95e4_EnZDD=l){pD}pU&Pi{kCFifnU$s7MmWKP zq@BJ1fo<}=8f7dp$R)Bq1srmPN!21i`r8>^k7N;j-HNH^55`h7U)n0)l>OspQ`o)UOMtRO*0T5c0D{mdLs_=9AfvIejhXB}eC-Y+kFb>M>TRDbuESc)cJS z<^3rcZV%rYZXQKAe+TRab8v)N-Ck`*M-32#XKruJBZ1m*D!(8k^@h2VUTsF0K+MjK zGiQ^*u-M}J#H9987mMBl%UmJJ=j_&gGoEj;+BuR%>uKnWG!0InB!eoS`E z7qMHc@56cd1OXyCY-X6B0qVpb&Y)J7=G)R(q(T?mU{)1+#tzW*hhl1<-~ky7w*IC2 z{fY$G2)zw?-Fva434B+?8d%tN`(xk$cavo$rE=uBSWtwkPzz$?r2Z7ghO2}eV#XtuKev1-W758)M0z`|LI8a)`RO+{ES zkov@Vy=9Z703g2l8GrQ#lttHu*MYA^HXc1-JSxu{lek5&3Moj(+g`sAAA@LgK3~%X z<2EaoL6FJ4OP#z>bS2tY*>C=Ee{l%(mu2_to_=#)DE(2X8yjO+SG5WrM`HZL)RG_z zSs(R&rYnvqQoF>lDd>T>k>t#vpPxp;Qp*u;DlrLf!+4sM@yF1BYzrgIOA}CAxPNr- zYfW%DP~^@?AumJSL2NERx>*cYPEE69ZuiRnOaMyd&F&}LyfVrkP1~t}(PGeOR||3N z6uo;QqTJtip30%HjtxK35C$W-kJCP0EIDd3^NADmamWR6#?plxSBG=Qsln$o=L{1=5UR=F@f;RY@o1vbSUSsvya897}0%-vsgX4$- z;cu$@yo>TMGkM-Q1B;Un-c`sQ2JuEM(fdaI1iYpRc)~9c;KPU^g{LK{T=QpR39HHIwxjQI%DB8LhaK{L52bAx^*#Vo2ve@3yI6b_2 zqW_w)Vb7Ux3J+;@rSwUUYlm?{5U`YIz9q5D17b@~ShFWN$)VTA=e6;pK`V?+_IPgD zB_`gYnIeIOeePj>d;CeE;moTxQzFl>oBX?^V(_p_-Hz1g& zg&4bkphlp737COhc!FM5RV2YR}?!f5Ss!}H_2Zncdhzxf9V&O_QmfDx3*3dzum zU`%qj#d!PaASL=d!k{wQS+HXuxH8ooUCFxTwNXJ?+o(4%G(P+(AIW!|Us-T-^FF%OdtiGtr?>T!sW+o|uyl2s|)& z@mbR@oKC=FdqZ1IEY>ek>ZUpESRC}PAoPSJ*y;^;0{wC$u{&W^fx-@KYe!|yP%nok zj6gw&IkmE(-S!(hRq-_Md@iei5+D_1)W@H7S4g==y=GmMpO)#BM{g9dUO)GTK<|2i2d8bcPG(Q_Z)7Rhu5^jD&^aN zKIxNbA}gA1it?2-3<`UAWa-v~(R?GbN$u;doIbnx+9p};GYpS#cAx<^`zW)Ld*o&V zf6^{D=E~Ys8!EeyJS5q!4X1$P#b)cj0jT~ca!P`{E^>_tt-OixZB|9A8~ku;t-GYG z_nrc!O0n4xCR_{LtKniEJ#T!&vuehbx(7jY;SO90o8dZ5^f$pKI>O)jl+AWS!gd&I`Yg z#^Rk|dAnil8|;OqQXf-!w4~ep2)V2gkF!bcaZ8i@r@cu_dSa0Ei|{9#?OvbNk`*lhY+*n*(NpUX8;H6o&cFf8+Srn`zN7 zN>^4Z#&UlR2ZDTlwCV!wNa^ux>y{%LzXJ5-hdW~zMK>;R*wpwlHnOtaWZfK}RbRG+ zJQ>D_oaCM|Qm24;mwvV?Y7Vb7v|HAfgXgIbBG5BjXLC0VBN5J)P=_GxM1e;3aI^x0 zZUOfy`h4Y-;C#2VnTzz%%N%EAgk{hGfdcJ|)xjIIc4;nEkz#L`wAHx1+=jT|;yB(@ z*OnJxcoxQqW&=bY<96q?*1^R4<`*=iI~h!(ar$zP+JrW3G6pGG3V|Aj^aeOHwt8uM zJoR5xr1>IGpC<^H2w9kDW=M)_c4{|Pyvoof$W$E;gFo-@~3gPx5(3i2i zmn~Wu@BDR2J`mTzTK{TcYAC2$E2^lcsuA*+64s0WhbXS-%v*mN}Li)^VdSo;TvoXf!%S>l)M8 zXjS}I^2#MgzK~xW1`O<7GZ_yeQ&&kE2_3cJvwHNHb2iFim*09Je6KHGTumqF0GG9) zoHXMv5xq3)WkgSX%}J%CWPCA#x~rLyQLKrz&!@pqW0$-nUX33srua`V@5KR%$#9hGj!D|7X4w4tH~$U$ z)<#p^fWwn*-@ODxRJ*vb+-)VIXLb`2snHtrSJ>>qWA{Z)MG_03+}wh`EtnOSgGoL* zMKFCv-o=zyv@|(UkSXBSNnqK<7@d&b)i~VOIa=_v`S7{Q?_#jPPDvy6=U@cxKNvfw z7*T?DU5{l*ha*};I>7+0EvbwtJtLJ;(WZB#0 zqWhK(DZHVQ)u0+Gaq`;cUa3yzNe+j}ki>uKgWB<&CZC5Em)G^L?F3%Jis-7O~cdLbhr}Wl}z+J{z%6e3}xzkkK9(qu62!j^AqxJ6?J9h^G zyr9Uz??izNvE%1`ap48CPdKM?Qcl0GTH|rp0c@HY;miBq3`nE3JjvOLfOi&vq!G!` z&O%GkzaIdb`HUWEh)hS?BjaZd-R>ea8%;%i72hW0A(fq^XcTC^3DM`LJIg20{!L7x z?{(ha`4mO*HcG%J*h^0b#qmnqXK%qfEX3CjF+eoFL!9BWfO(9`a?=uIr&ZeafP$t= zpE4kH^EeE>xTzRnp>ZiD+Z-z(>u4{O`Ke%!AW94{ zlsas;u-&e2m+gvlgbcFiCh8GZST@7Fy`FWY^Pk6}l%7JSm7Ro)S|{nBgb zO2_+E=z;1-S8tb^rTc>N?g%K@??h86>g zmAhh-5>hv&VQCmVUUgc1)qL3}{cTXHTZOI?^^+SJ5Yl!>%*91-m_>I8Kt{`Ov^Y1D zI<%kBqXG~u6efifamHZ-eUdOZrxZkH#v;@fW*)O{BZKGJi2E_BKQ?|Hg z@K3d7GP<;R{EwW0v(Eq0P_js6`EW*&bLR4`{YWh!iFikk?Eq;rps~TpI)SeAIjwtX z9P4yqr{SmH*fdpHBXi`@6YFOR1afsy>i!9mu!glV;rW~a8Ta+d{S?x(`IxTO9q{pw z43NX2nZso27;USC>Y7Xt2M-fWNZY7bQ&(K}uGnf&8(6u)b}2`tar`j|>`0_Rx-#jR z@2q21E7qYhGf%nZGnkHf#IbxtUb+Hhr#h=-3Jn1MaCbPc64emDyl0Y#vB-`5TC}uz zjK7)~@O>bjlLiUxTl`>1_?+?_DkaM_!@N*hKfBLeuszTjLN z(=IDe#Lz!hXjrWIAr`v*%78$!bZ!Ad|$2eB8JDjB~Jy z*OIn-Pr#F>L&P5&#AEXUq5I_LB)^udz1M=DL6e~2d5HvqSW~<>E7+~2;B|vq0JUGO zwJW#SaMN~DbuQLDTyrfZ&o```r0lYh{e6@*-DO&!W-Z%T6U@hmq5+r0J#H$vru9DE zIIL|3lM?}iWDY5o;UX8s{KR%Vx1r0dW4yj?i|+<$233a`3d#;psjGyX5ZTnsxnQU2 zR$qNe%GybN!HJQQI^>HULs}DY-E^^0gNGjXi3Y-Z*u%#Eu?adZ-5x}mU;_5rF~t9K zKLdL18#mSQ zS#_X32R19@2dU7`^+14l%0QmQEF5i09=tk-yO;-we!BMu><0#`N*iX~tnoTO z5^*@(!n_%HOc6favnTHC9VMc!pH!-w@{4?*^>5hMw;4`w)h-|yRA3K@`{A1P^bia4 z$rA?AgpwzTa)`mG-h)|g=Hq;g)uiPgoD-e`k@|-3i@34ZC=Iu42 zoj!)H7giVz3$#VCe(g}{hqrF_Nd}zD3ranB$`p)_nP)0&)@%_N%P(GdB*s-x&D^1X zc3}J$>4U|b_I*>F9T`*Ze1|3Ast$}@{h^It0V?f2FOzyUC_us1hxbT)BwcA{rs zX6N|7WGoY{k&TU>qKSixg`<|ZO}g9X>R(c}s>;UBW~V8-qxl!3Z>npuvE8z@ zY1#NMr!CKk)OWfuSsUM1_oQ)eAVDXP(Asfa1X6ptknxb5D?fa1RBvxztqhM&`lR3X zw5^=X^mXwwo2iT|+P41A;OdZao4@J36j_4xHC_Uq;(1K@x-Qwi2cNcKHQf%1jdjnP zI_E@d`+Y{4#%NtVpia?|iZkn5unph*mmFEf_tLn2rQ`mzSaD>=pA9z4+np(O zE*#9iP*y}A1o&^Fb`WWc@p1>#dB}=DG)=1Z5+esB^Z@!l3xHtHzAHbn?dL9CU$ch! z#uKF+4LX8HJ+!w!IDzs{sp^KQqa39JzV%s6q5QAmZaU*--_M3)~{=KmL%tq&O(76#L+i%y}no% zWB3E1=7~T4o5%=Q&pHlCPO+X3BRn$u+RruE@(R%T;TnBV$aQ(@8i-8zNdk9VaaJ!x zJLq-wo9ups2$0*J;fMn(1t@nIYT?fhwXxzO_AUxY?W~>gm#r{g9a8sDp>)Nj55%vhQ%Ld6laH_z_&T*9V!)Y?^!Cx3;23bYd>mu% zVA!tD%8;%0l9%}+RPqcPkQ>F_O?~G37R548JH2Vu$%=b%aB?|t)9s8iGCgt-#xtpS z?jg9S5;C0 zH<~FDRlIjMX??rqJvCxPH}j>L`ka{IQ0D?{*^$GRcygEU>9>ws$SyosfmzZ%ftjyD zb=GLi<2|lkt;w2i(3^h))=sat3hJ-U!OGMfi{)ycayK|gRE=s%jI7(q#sL6IQ9aw+Wm;lcYlsZJUO;wi z7!`J0c7XFeKbHfGYGOW17Eyn@-Vkh5tQH`CqB7c)w0evFz z_pj|b28zZh!Hop0t&D8{n!M~j__=IGp*5hhY@ZV-bWGjWv_|rwo2&cpNssTW3hQ`Y z4NT3Ycb#wbW%oojB{!6A)nr>vc%M2<9(E4ly#`9nBf>&4%%=x?w=#6w%wSB>i|5_E z5{E~j>2YX*@JXY@bm$b>bZ_f(jv5T!PMN`o)Eu0<|IH&4_+bXT!^cNR(_uL=QB>0{ zlVvq)(vuxPB}L?(d2dI2G=eaW0JF#xWLI_0%8g6zqBAkN;Qg_2ckv2I0)cKh*wq79 z!=&o{g9U+~EjmPsw=s(i|6Z(IG9Z_xy2lxBOHQ`#bsPQYN@%n*P-6nYZxghHp@tZ= z>me%Tgp{5U|Eh7GC4w4sKw&eHN6(Q(&>2J%{co)9iM_3X0gt871=*HTbK^)ai1lI; z!;UIJcIOmn3#chqpRet(wMjk7P!5HbS-POF;#!cgJ#rPn?k}RZM0HGY!Ax>G$6VCB z_BrNX3$2_$q?)&`LS^0h<`FFR77z_uRer$A*e+o22^iz<**z||8lEkM+xc-RKEfyG zqSD)&*N^K8A711(-HpCjT@}BRTXZKjAkHN?ntA}tbbn33*M44ObqTWRrY54him=i5 z7d#F_@nTz68XqBiob;V&dkM3FrJ)ns%vaGpe_LzMKiD)6nwD zzqaPmRx6_(qJMN7z34^tW*jy*FV~r|&k<|1mnT7(Y{fyDBU&jLL5vrYdvPY>CqGgr z%j2T<11qI8aVaIHgcotSvqyI46P)rXuibL$Cx#)zJ7kS= ze}~0?Y?cGzngE;YS0tRfEDxNH(}YK%kZ^(bhtu8OUJYfmRvi_3^_B|!O3}mO!_|Q% z0=e@wCN=owNWRsT1e89OMGerK5oD}@!ncM)(|pvllwv2RB{^KX{rg(NKGXMrUR7?g zt_(7+x;PhP{a{De)sjtR_1#+Ridh(({>68ilW`^ZJ_8S2p5I`sr-O?%a_3`lNl1Ek zj_L>?w=hYiaQb!JbR~gE>G}0kt>fj(F z)zSF}k4b(}*xyy4Oe%{ZaWsnX?xitt@IOv_%c3hEa;^u@c0p4L7X$~81zihm`<#$; zJh@X#yyN)OL7VNzNt%#V|9C=>6tdzzrk*7MF|*eNt7~zzs1q1^@;3!okYcrpvCiL= zH0b-pty1fFrGOw&Lf=;OaJm8EX2NjhQ%Hp>>lw!h$P#KbDvuQK0IRa&IE z?&9HJlJ1ot*5R$a1LBor^9ekLc_$$n>a;StN=J;XNd-uJRyGsTG4Z)fB@cx0Fz=x< zt+f1s+@r*N=@i!)ss z4Z+AlAOt{uk1N~d94Rx3gw;mQ%1q`4qP{lV9vA8el@IFi+(qTyl?HW!1oRnjN})=w zMZ{8iTtT&bmP}Kezibi$;6AYWl`{?_)~ju*2lk*Q&p11UI(tYt{>-vJ21&?g0hUu- zW~HoKO^gI*4EGJKauo?lTT|2N0@Q93#tVgfkU7K_U zQ0i~4Gk-KRd?U0LYM_XyIr5gvYCJ%0(%G6@$kk`cUPYT;6p9>)~sD5%J7BL%h z&~>=Et&)QhzQH{+Z;5@MQe>I-Di#bbfg$wkiav{yn~RDayeF%xfDF36501_1nDdiS zqY#|ZK8P*|(B!*oc=2)T?f5<+e^TAIvo^6AMBOD>v<>U*`ny;Qi9n&*pr`iTqN_r~ z;WGy)^yON0;ZQOusIbOLO6jD-JOmyy=!L~Tf@l^S(7~>XKmX9O9JYAh23_x21 zOwAn8s={fI^?vm*=WQWYH3z@0LbO{xED%0H@*!*gyEb4q9mIUgnPCavPlGE`k;udi zi;?hur&RuzI^E6axlMPE(q-H1+zfGnZXtxca43&r z-HcRGTyz%&#A{gkjA~3vAPYzQnWl$DPkGX*~%CUL4;l0h|qw#DmQcYD=4~@Du0Dm+<} zQWM!tU0QQBblWSD>8n&aMY{Gr@LT(l&|wSBzA;3&-$1Px>w-bJ066huZ~nFu%oDbG zl?wqX0cXNHEOr+U=V`#q0<60xtj&rmo?nz?IXnB1{hs<%oW$-}ra^9U&RCqFXwlBn zNw1SAYlP9u(>z+sq0{JCKOCQ%qEy#Z=hS*!b`gdc3&*);dEo$Me@trfm*>vt94z03 z0dlKTs$R(?2~+?f4zua3!ulZkcAQl%xJxI|5Rr2UE^hjE%SGw>Fm^Yy0Pk~g69!dq z+Y0?%S$yE**NP1I>EOVmuI5;!VH!hp1anFC%s5 z-UKD?4JMO%c?##`$RG2WlMLPQ5bNe{FBxW9T|cswoizeH7_eAjH@KjOLfthbn!(>L z?er`U;_Plh+YLv|vx$cKN@z108FY#jYg00= zMP08Kv*Z?Jwcu0&pDMUYpo1Z-+1fJ>2(PIQ1Z71ii~vtYLQIb)==Anf#O0Bwge;0I=qQBRiY68?E8c&ce^|J7)X z%nv|N(#M@Nl(AmWysF$INPe-tGT>g5CCfD9f{AP&&cPUfiBp+) zhnMC{n93~lgJVDMAc~q8$d-3_9-n4cTOn_AZ1O@Y+I|_(re^5%hGglXUy-mhb_vt& z`SchtpXzbIfx4+x)O|=9LNdxnu>7v46a7lt= zD!n%!32~wCb1!B%^jQRVtHZZ$>=rWaq5cOz@qX4bN`?w0hn}x%!xnt!Q?MKxZHMbd z2(N`jxvcb8qJ>X;xD%gq$4r{fxV}0Uxe``i05W`{J<8P!kmnA{Z^JURN0ORNvq~*% zYzJ?B6FvNYhih;~@^{VZ@+OPf%=kB|tU-e159QS(FnAieOMj9wGH(Z~h^l?y+%7l4 zyKqUtV^W(|8cjPX9jNS&@XNZA2eFda4qH;b0~7~8doiGqtwSe-6@ zD!Tt>?N8N!oc@&=-uKSwu)@>)bR+;vB=K{Pj4~2`;S?3MloIZBo*-C04^EKaDz0Sw zD992-(W5I;Wq#Ua^Jz&|S$svu>b_MDD50(uy6QhIzs`Yt{r!d9xM(ztB7ZA_$$PZ* zmGY(b-N8FTz&{U2Y5wHZSkD=;uR-sVYHrosDW--Z0%0;o|6*n0f^b)> zr7jqalUKAouiuC{ghmy!3oKQy1}?Qht>9oRw)S8ez~p=>zo(l`@)7RGKJvlP`6OoZ>(%^>Z7W~B_b3E0hh3y zoULP6({J|fa@MRi8mmGj_pF`-7+6Qh#-5qT%;jnf)Ek#UARa;o^*0UjjUF|eTZV^y z^A*hU?#1re*X;%bm!~t0j5L}&)|#pInG6~Er%2%7oWp1WrMoj;S-xF&9U~9ibkaPU z{G|0c?$8roN};yBqWj3ynKzSZLpDBF`K$k&B^5fQ<~x0)LNVhY0Lpso9mRq*ZEb~| zq46xn-XDapR#>+xSTbbHHpo>*Td~s3r4EBdyGTjO&|JBMJaca%vmU52-UkS$Ovs!` z|K)T6pe3c1!H7X6&+|kDjrhWAE6lzYYt;NnamPAw#e2J2){!q-CpRbIBK+dFWcObp zOT$Z+0tg4fcOc-ELgqQp2uVL`&|)2a7qO{I(aiUP@H)*uN)1wUmPkir#eCh-#7V^b zjL2OH1}pgS?udyyt|78_!_BpagKosdl(YO!%Jv*2>9nSkJvIrrS(Hq)yE*tgcNgH8 z((c&A6u1}S0byLH?PJBgB(t?2tFSY5B9(@5>-Y20@?tNfc3d-fOG4PiLw6E2<@sHA zUmunr88Y4!n9w8r-P>RDPUUu{&gzr+897xsJa9LLs?I`>uV%f2SU4uEJSwZHBIi7S)4 zCa8Rn74Ic&k<)n;_b(fHwwa(AWAAV0G_J&|`XM}F8|cGLR9A9w|mzeSJ}jc=3oBo zmf(fV^{9RFh5YkT{i<-2&h8sl?>~!I!f}c`F4B2!ih=CxXdqwgj)NQEa0SdEx%%0F zNZmFz*0w?|3sWr>iP84YMFfqO*8@H{!L&4{MIGRtSom3(j2ep%`nf57p%WiFB!rZ^ z7{3#bNK}1t%X)k14##7Co1mLas{Di>6{~AinHmG^E3k*ay1|w}*;!@ZyrqC6%5dqF z#g>2*$_uEC-WfqUEZ9q}lWMiwVx?d8A;Ak|Rv?X3x+ye$;7VLNc}QlIzNGiAmTU#c zp0L17K1@U_auZE=BGLvv`a`H(r<$MNu5jAgbz2ZBJLu!lRl5lfWSfbgvvF#%xGe=^ z-A-P_bZ;8628uhK=KpZpnqx)xacmCiC~f?`c4`;Y2SFdj-gOZ8DMV*4$598|^Y#JY zs6*>!&UtqjZZbqP&TN6lAP=M?f1ZIjq z5fMZ)+EevcK8g3T;p(b(MhzomwBH_7HV3<@I^?CK85s3sz1qRU+Y1V~aCmnu**(H{ zd8|42PapS3e{HZ;k4?AwTfBPJRskr07RI}vrHfsa1f$%_c*g1t1MFkpAcKu%WdCI& z{*!xM)$NYCe>QNjhgxKIR|r>eLpu1yW$`{+ut|LS;S@ONM0iDAdw$#CuC^4(YaCWI zxfrlbUZ{x7ZMX#GPIDk^$dBhqDABnN%!B+ce!Oo#pU&v2|L6qtHz|*V?q2F0BPk{_ z8~!yAtTJ}e7HeUT;oldc?dnq(cT|8sF~jMJo2!ENw~_4|_K!u|_}`J56$OklA53@h ztd4vT&awf3*l&tpsa9POYuhRuiR6_-?fZx`*YZHN@8zWjxJkK4FRMiIrnh8rt1H8L zNdL;|VXEQ|e;~8wS!j{U8q)y5DQrNaf)SOpzBqXImqy>#=QNEnK=Mj0TD;{%Q?0`! zQ&UHNhsk9+6u?lHY{-tyn?N7r(!un9D#E!3{mWBRP)(!7AC}|%vc4KEXDbSu91D%h zjIo6yt{B?x&Q)H4Z*J=Mcc@XT@m9sc=o8U@WJ(rK3r~U}7?GUT>dWXD_C!p#Z+=3y zx*7f*%Clv==ctLATnBUQKo8vQ`tA41QFu;xq4lF{fQQc>hg8TIdH$pee8<8YXVnM7 zvF}rZ1R^y;gW!15mC@32Sa=p=RNVeNJpIav-H84jKT} zVH;!)N7&hPV-a;6HJCt$a=L2LRFsixTj%TygEsLHQdqNk7v8=r39JQ*y_nNAbj391 zcfdz$7&o~|SgiBCV;Xt22gh2+O6d5~ijwQ8inbEtdca(*7&m8OG*HXul|tU@;eSG; zeJ>0Sgj&`BoAT>TTYAKCjP`{$#Xr}JaBj1oUwwywSx76pxnh`Tdzj#D1Iu+asAv5{ z;5buB61p0q;9aDVze)_tn*LlglPEq9a#qplW)BFgZzY!pEyXk$QtqR)M|rJs60+=P zbVlZPos?`8cwBtf%%3jIk7Hk*Cu$WaG#7-j@?B6HUhZy1)nv&Eqj1PMSjg_PtAGDU z^@yd)p|p$lW*9&PO9ni$Y6nQ|8yDPst^GF)?h#U@8HIT?c>OwGN+j_(U5Jvz2!3{p z3j-MtjfAC$xnzn)V^!i&E-QIfG>0Lt#YYbe$eUb*dUjak1JmvJ8%x6lMvCoiA)X3L zDoe)&hgRBTe&8S9cOtJXNWDaLOXJ_ zu>>~v{@>sXi@DF#l1ZEwk5t!CKV@W?^6zQ7PrWqy3nfmuHc1+?!UApqqcNyUhaoF( zG9EUb_wqT^IP=029qQ(OT8EJ zI_r2LT!_H2DRm7;r!iG&qBVZ?6(h)q?%;Vxii(l?m^80Z6KAs>fC*5r_DF)R;druh zVpY9j7Fojr-|A{bc#LdaN|`r}MX0*!eetWMEz~CW93nH)B^mKICHh4Uacxi&0SpE( zT$u;8A#>?l$e&IPx)mA5MchleH!PYj>Hn6&Vb zG5f;fplRDWKB6=5x*|FAJJ@&c1ksz1LL1buF8f#q+J1{t?uB`(ud7Q#YeAh8iI^#U zO&%(C6ixkpIPvOF`MpVCbp_64x@NuHh4q%}*MJufAc*~;ZfuJfiD9R0%6h%=c8rUt zrzq_)7z8b>ZHI%Dk^`0`KwgOy8^Gcx_bglvGuB-t5*t*?XX9^@wGQCpDGUBaT0apA z(7@CV4efwtDTlCDwGdr)=pUKf?-6h+$lDHxJ&QybYavSsaSQ5Es2)kJ5Z_N+?-|Xm z=hI5&i^Wxgsx99#MBh*~YC<`u^qMAOWpG<1)mjqrr^2S`-3)dx4I5P}`pxp&E&-gE z=-jCn`Ws7>arjA+$SY&85>GnY2%;OxHqT5<*+m}9P6CG~4+5k+@yfR-nV+o?qA__O zLHT3=xet!FSc!T88qaQb$_NLjjStJPT-uUUfuq8q$B(;ANk+q&0(UU|HEui5V}+bm zFN(WSK-UaTLe(VnOvrswaseW&vo!&Mc4pvahRb5h^vNGP;L3&Vi^?%0T!#zn6_S%T z*yzp_-Rh$=^{KjG7l!xHl{cclIeK214Pxt#4oKPa!x7{XFclmsnOg(BtbJQy-eA{U zDc3^_b^@x(1{Cmrk@Y=k<#53ds5BfX5Un(EjY^54T5Ny{5s~jbF28-gmPjQX%U5U+ zo`&tD77$~18C2jSfo=f z3^ZuXL>Plu4f_Zw^;l`WF(=>*GfWq5L`_a%WGpG>Y~d%wgu@;tk^xDp)6#I74bDs| zRw`Z_J~tpmUlY9|CJrhmjp*IxgGKbW+(CrU3Flg`fJE~mMkwi-YChLu&FV~6DC^};^Uj4XFvW?FHtU*%nN?F?ZrS_tPADv95 z>wM54rjvSE9ZHsUK&45qmT^iorS)PkANVKT?6j6@MA>qyr2aeV*vz2>n>ZAvL)6DizF?3OhLdba(g+GR~vdMGg;^z|ael(pw=cyN*j%+F0Q-%_N@O(q@a}TSH4ValTOyeCSn?dKSXrId4a!nQ*p~gjIYn%pS9B{&o^sV zI8@3R8esq)u%D!EMC#F9tso?{m$$v|If7B3k|u(u_OXNKg!3=e9tjdmEl7SFe!hPF zrfn~Gho{A+71#AeOe|{8DJ{{prv{2D*)1ePRVOmpJ`A~#jymCXj+8j9Jche)bdcCq zGSOx>gw|t)yO6bwwHvM6-|_bHJ}%x{6@TtyU&}Q1YI%AvofrXZJ-g#B@|6*I9d zkJ9oSf<9A^qKUq`gx@TPa*$Apqv=r%hwe`mE)K5uRkfdoUDY|2qu00xT`A}wil(Hv zOT4E}gDcUt1!Mmxrm0JA6=B6PE<`+@%I`K5E9Sg|I4J`}ov$UI z%tQ&;M`ErlE$|S*DRkqMIOywBVM|K+?0uwW@WOV{yy`YC@aEqSe4;mNL+BRlgiL{A zE1PztWw5B|zn~j?(MwrbcNrpGxUj)!fJIi z^ckBdvn)(UAkbaJGxN~pts_zA(DHYyAG_DRfI&gAcHXjHQd}9bgc^rBq^LBhQFtu` zOT-Vjn}5y0xz7wGu>WKvA1O7Gf$I2;I$aC@ZnpV>KH$T zs>c9!PNjx92c)dhtaiiYXdxDsmBDKS**^kyjJ+Vf!m-mafJ*&$sVs%Emom+%E5oj}35poWVVz(x zXlk)0UJ%cGB=y_b@e5mE2o5rGw%>q)4q7PUROx}b@V-LZdQH7 z2<2hJuHNv=a9b|i+`(1!5uX4lnkD&6i0M69enUwV#>D2kum@UnOM!5nQNYJ_(WRzP+WZ)Lj#N;38Xsl^YFhC z#Bp%=7PyD<4e2G-0xMr#E@70^B-7`4aHn9#4lwkDwYN@Z2EF7%Ax*J=y*<@{sY^&Q zMvYwzx`+O(`6Au}GThOr2sJV!Y$Ca;t)>{r`3m!K|J zPYq*D7~Ftnu)2NT1xwH7?j_kw>`|`lcr<$dfpU+1qx65FTqXwx5ZqF9JuW7Vg?b;H zD;sGhTW2grSltD3>DXo8Xg?=cA}MVr;9|yW=>3`KZWyO8 zGOSHChsCnrF;NGd$LdMeJEb4R)>}-XEUIT?c8|dtSpJ8?O$_L?gdeI{C6o7tgEVfP zUt)+n4F|c)Eow$_N@^ybJjH_`f1fjjgyE)3KNjj$7W4C``!!|D6R9Y zqauxaK+^bFivAS~hBFEEk7GOVKbry3+N!SoCV~_+`$ezs@%aW0j4-8ETAKMM>0s$L zKzN-Prr$yAY&1mvt^$Jip1(5fg~|i!UNSxz4~9;ZsnW)QGslYAr|*^$J4QQwF#(kM z+UJ)oYHiHTNoAu}ej^0%i$2whxA88jVZHD21+8eLIQ3mK>tN@A_@5cZAgzPU2JwrxThVBubtWs=H;)aN12&L&YQmS;>BMI?UhwlifTsDGLVo>>M`7`$?o)39qqHDPUWD(!VAHe@f z|GwvaS8ul^e-bL%l|L^%gM;hX~@B1M9XH#&O*z=ZpcW>$!^3-Yr@XJz{<*G zWMpJw@V}XI>17_tZ`Xf4x$R9GS{uzaTfff-Y8%a0&&#$i-+vRg%zDPgI@2Y|(q|$Q z69M4>#E3%;tIOM!g6mIJOWWKO`GI~fu-_f)-{QYa&Lw}DSzYV?Iu`$BaB*yQc4cgI z0_5E6_;Ea*gB{K)a&^iBvi-OYC}5ZwYH|~tRb`)=}P`+gmb@_@2!7=XYY|L`3913!3s$u*%y<)hqb&T zT14%6(2(UYCDyGg`f6=)eg6BjIfyN>4`?`wq>VcnrNL4TdeiNuy&PNcFs49Q?sL4#S+{97ET1nu-lgKz!ZD0WJYp!_ zgfTPyuYGtKRMmBg_#xeDQ2!Q<#r?N={Ge6`L{=7y6=+DUd9VeM9pBzyd>}%74w)yk z)73B4B+9EhR}#YFPUp`B1C}Oh(0;9;vN?$O8V&WFUTr@EN_hG&dN}51Q$wnO6;|xG zl|;PIs(r3)Xj}(7i*}tebzx(o=w24Ry5L z?r_V86I;~K@>O681JqDEMfp+NaacD(R&N0{6j&3BdttK~gyQ$Ho8a3tC{xkKj77Y{ zJ|M%+wPP`x1Zob01A|~q65gw;c6qp?y0&sOyU&$7K|0`?sYOT^ictq)kLcJEsBFkl z`d8UIy+>_^9`ynS>oEm+i4$WoyR#EzHPzedJ{Gc2xJxM+2foiyNuo#9Ds@h>ujUi< z{RhzBIS0w1rOh#we8gAaCcrQ*hu`ax--_?bBSqe(iNzdnePqW6Ng}S{N+v+#sMGbU zBo!Oa01{KJdnYm58LT0R^!;`l~tThKnJ6OVsq)JHt(DOyV$X0&u}1hnINj;l$>-G0t`Q#q_EYsx2}d%$|eZs zXxgw+2qqY0#u#v@m&`r?uw6!DBD>vU&bw^)rSDyIPLXA1CogiGOBROI_D@wd9%DMF zm0Q^^!)l%i_D&8Zm+$Trh(&RgId~$IK+A`7L`0uheD?Lfq|%sfi}EIaj0IZmqA$oL zAq!TRPB444_IBsfKwk;<1`Z>HtXZ~1ogY_NZ|V~l({mAIN7eW@+Hc6-e%|<5GTZ=Q zyN9A#cxw`|DA6Eggk4$T)Sb^L8>dHF>OqULis()Wz6w}?hj}bK_qQgK)zJ{D>9+;w ziZZj%S@RPl0^0$#n=^q&)FYaAIKHyJcq%xzQ|mllC3;N=D;@<7}t~b4rjcM%Zo4A$H|bYbs6v* zIsoD&NUuRvJMlFPMLts3+SqxDRCRD-6Yfc+O^Y2yUy>E4l>oODHd!ZV=?(zvBnRGO zz89p@$)NB2;OH~n=b2yCwwK?qbmd1oXJObv*^>N&=hl9T1e_{k+Ap-rujAiN$c}k< zp%swff94jjO5Yf&b_eGR;Ls-G3C4@k&GyDUM76wiw+S6P* zEKMZe*B2+EfqItVc4FwDC^_9o#QCW)TGc+Zq3bzknki&ZESi3XXYg-k<0Ldx*vN9r z8zv8^CBTD7oo;s`446cp&7i0dSCz_soC;C;OhmWn;eF9_Ci2C-lg#eO%X#N<%(xlQ z;sHfttNHl&MV%#KhouY-Hz(DS}RPiG$ z%^~h&#@<$eU9G<5OMv&PoF3QAdV!H5&`LY~%IM-H>``PTwlj~oU)AMRUO~BcWT2)l_|g0)W02gcZ!Smd!{h-q)^0-7~D9C)!jB2fL; zu)UbCLf?{@PUo76BY%vH;}cetU)95^&hyg9ktnL7Q{?#pgDWdM@rB3B6z5A_oHU&U zfZ>$q#mHLB!N1_?ZA1!O?PHAKPww*Wk~)%2?k`LYb51tzuuP}+=F42Wn~s`(!?h}f zo?6Ka$QZTd;%(!2ddhd*Ns2!8)P|^=-hiLctlZdT)l~~&JfX9x+n90cl3Vgd)cXPN zhyovY9YBhLrKG$i?LezZ8bv9CcM>ocT5Z&y9LU~Qx=Z4JvtlRz~GcdCll`J;avVxS7V0f4a9B}S$9QA=N2UBvn*uow zIm=8?lN_s2mQ4o&%m$gjF}8yuE;D2UlMD&7RxyM@KU}A&g4^v%aX7MqO+#`^5mvCV zGx|I&U#9Wru*G2B2Z^&9h%}bLWU3j?mphZ{2}Aeh+y;lUkmg#8>ZAXmAuBP+fH`%n z8OXdWc~?%_tEyVpKMt(du?*oTmltmp%`{HPvz&W9dN%EpDuKz4!xw}RhEzq&tpDS- z{Ok_&QUbV;r7 zk6x`_TwuU$5oVG^a7`V2-y1r%N!X1+!=DJwG5m8Qn`;B&90?=J)y@3po)iq|y;wg% z$%jtQ;(E#{q?EKvk0lzwDD129qMm9DFGe2$*E7|eZKL;{CP_~Ru6g}y2ITd3w%7>m zR-|xeQ{L=PKTWrOGSUp{f=X`6L7UEyTs3Es5=P>0+vlnp4*JZ1T^H#Ew( zL%Xf~8GQ2%){;@@a(r}jrhb)m`z>^^g62{nUk~>%w3G&MB~f^GtzuHxKc?=;bOoFF zYrJa}bC-;*u0N0D$4=5}gbqInc<#y2;S?MBZ%6(f#_=bF0dof~$sgPcK?ix*RdD$j zMJh!om|aYVH$Iu8dsl6?kF7hTH{s^vuvGSs=l9}r7p7c z41XVr1v#sg>t*S^O7`BTu>G}AYHfT~cZ!?)iPl+>4PFy&&Lh0ay^hg~CfH6b-2>Zc zfzvFRX%08Cmo1*%-|!F@*PK$GL?yf^N{C9LwR!MZ5{56Ys=IqeYtV1PQU>?wM_Vpd zgq49g#@dxqUlBw1s29OLm6X*sBE6s+Ia-+k>>GCY+*uk(nG#J!Y>jELp43V}uusHYh&m4*@qAy=}-Mz|LMlKx`4xw76Yq?lI|iK92;e zN&N0U_0cCu=&eU$8*o4!_TJjjBH4xc9M46n;bZy7~?5?#N3zsR46l>Xm0VuP2k?pW^l?_5~IDt~O!|$rD*@%AANwm%kIh04zcI zP`NBVB=MDRPfMDl0WMa$dyxBy?Lny=`G4Qf z@y1~EW1aue!%z0;tbohjR>$wuu&qy5j$Ozz-fONt5^VPTvCwroYA3X9WcS**i#6q% zY2K{gaQbck$~IGXZkPLH>Lc{MN6ix1BwQt%G{A>i++@+?(u zf_yg-n?;Im`a+-Qc~lVH#jgGp=)kO%R`LqI>xLogR(9b7@9&40=kEI$HvzwU_J0UF zr|!VQEsMsst%^~xZQHhO+fK!{ZQHhO+fL_>?w20@(Es2(?Q!=0)|ykj@>Yp(9+vLN zZ5E;}ZqyHo=`flCL*18=CSgd@rwSE5%<*$ez9mXCb9U>Ifwz@zN@HWn{~2Ya;o)g~ zHYt;C%c*>SSe+we?%(nGk15bSFAqUDIiBfq_qgx7dfPmLf47OzCKod4bvn@oXs zG}J7B`mqITdipymkLe6%EfO)wGrrbG=IWFnlH94JH^l&`fKXZSFc?o7p(~?0-hpHP zp2g^{>1RpflmKyODgBC@uBi*I*B-^}5)IufHCXwn;()8d?Z>VeT(0H-!(Fx^_FS*D z{j_uCc3$UlH)N+n*ZDQB3c*7dB@#3mV;@Ux#I+vw<>L1e{j(eb76@cUP97q4X<|pI zbNs8IE*4yfUY;%wcd>p#;31m(Cus#6Z4hPqBN12d^x~5lQ_QfBi^HZwwruENtj~WN za6O(RqN4CZ(Ul`NQqB-Poi?S-^urDH;8b9^JdQ@F(;SnYRAATfr#Ao`(|J)6*8IR| zr>1E`g~BS(gX{6pU|-lutjyNK=0$Ln{LoOfB7*w_CNi6=m=y+4AW8HE_*BxQW!z*pS`|O zlCB0M@0%rK`MDn^^$xf?OxgaLB3XE`IiiISWZ4c#a5lvn_(PGV<()Iig7_SvuH*P`|3)UqFbZD%T;z3SA;?y3Tj znTWXJ_HRKj!lhby5BTBC^HlEnTw9;@lEA-OxenH0UmUPAYhZV;^0J{Uve(%ow{3k9 zFGq^2n@F+u9WE;ca|539^^C2^y78gspa;iho}t((ZA;U-RyH+~OBXcorG&N*ZO zXF4Xjv5-42ODOem}p6+;?7{ z+&M8k+pEnRE@WWRVDJB(#wdZy27$!u=(JE5`UJZ@won^3JuvCyFUgch}1LGkm2r$ zxb$0MjDU%Mpw`@Ay8v>3?2tJHoe}KUDk}1a=f${_1M>hM*RA>UvYcCFE>6qZfEZ3@ zQ-}s3df+wv0l)lC^LvYhPqi2h@?J5t9LEdyDOZ&kqyU-W`3@GW^EpY}maC+toN<`Yz24 zw(2HaEAp%)DgMaDh8xV0PiVz!m~-0|FjXb70%dI#ZG_>`4mnMGcdWA+1lIh;HCFn{X`A%m^V z`CUGBx&gE6w0#7b+P(xcblhHwhu$PTli}(%0#7!x9aGgf@M(2k2Xm*SE1bUTk_ovZ zF~5oKDAa9#;E}?sU`&u|AuCPiq{4IS3#GJ7E13R}6zH%V!Q3R#t$zGk$eL(OpEPms z!DzSBvO?ykgfgxBl~wh?nO!}UOi9Mj36va?Rnzc}%;5^bXnc{lS6Vyb7S23H%jHoF z36~MxWq<=+Wm&IL|A+C%?<*F5m5b@BTHWv&8#8E)8j6PR5?G?v z5k%FN0qhq2?Jp|)7ONd;UN8U~i)B>GvCt5S?1M`xY*4$^oAp$fT~NVS=zf5Rs%#4y zt%YYlhiA6`L-~(YXO+*tp5~OoL7#sR*;*Cwh)_qCb2YWRY3$3vZrZ2&SjXydVI!&- zJdpq+lTk)sr&cv!QH+3xgcV&F9}GLYcEi@^bq!@6e^96lyc=fRx4N2u34hDiA^n8( zR~lo+N%u28py;j%|9Y(UvQ#pYDT)*7t{ z?+hwSbPtMuOkqKrN}dnq(3Jp4l&}C}?~y7xW#B4Q6D8hU>{EYC6_fv?{wCgF#Et#B z5Hg$i1Ix8`en%FxDjxOr4E@)o>NiXlv&hXdrr&ePkSTSkhmcin4pQB z$xqAWQ${KGfo6f&Pce#|%n+w?mKu{|0rQx%{LuF&0UE_6 z$T({QKni)3-$xG$Zf^M1G`6AEao;j0Q{PksC&Twrk@;A&^nRV)*hDGxP~-^{$Nr># zIqT?(R@=;C^l}1y!r8{@Ojnf@MA(!zB!p_p1{4`h)eTYqoYh*>zOUSwCX}n6u$TxT zD|^zK-Bn${9 z-z|L?f_O?UWpN2bYa z?al=x3Jz9j^1-9^CN+!}&JA9Siw4-o+?T#9r#DhWjSKHeoP$l%iyp#k zalizrU=mdSy#1)Yfjy^4%HQRtsNp_Pt}9SB?)8bX`$s*Q5*+fNAui5U>rL6*N8g!( zdLAt5#9}3dz~5!_DnHxhMS`j8(WbBhpOeum)XBruPwWyu1hfLwXkXtlz3(MK> zLjuSj(e&0}{5~V-oO_2Z?sme9)K1Wv`A)cQ(AO+fZL+>3vU12#bv8ju6&{nMs=q{% z;yse`1;DqQ_`-Mz2Bo}zJfs_Ug0MelEQ)4J_}!|cNb3zJBap!jORvWIwy#Se6K*v@ z_F5HHTKM&gcV_r<)KY8u&@BqH*Fnk%vA?bXx(%R>VthABoyP)~x8n{e%#oRq)vNiZ zL2zGsS2rqdDj3&b8{aixQM561RKZPgzR@iVn`%*f$gk1(&;ZGd_HUdA>8d=V4Il@} z;UP|XPTcB=!Vr5{57H5@`|cAPYh2>=arH3xBZScLt*eUelK{nzHG# z#?rL0D{l~K5nx%18YB;Vu6{p=cGc{8xqSsCK~J)yYq4w1l0ZX{^B@OHgW^4VvP>dY z2H@~7=v^C@8&JbLV8(-=+cvbGnd!fjx7JK2mH;vMCZ(U@N619Yh-RPC3w&%^tb64X z&FasNiNiuY^peZ<02VEinTrbtbSeSHQK4zcX-As<2}8-c86sr*0?N*u9w6VY(|oBlY0IjF&8C|U>10Cupd5Cr>iUg> ziA9MAZ6QB zZvr>pRkB+&8xuO}spm4OxybPU@XnAO-SPM@MrCkmB*;ezK-9Z;R=^kiQ4EPverVHU zl}ogc{>rQ&IXJM*&J+$Mq7$v8+SE~I%+xn-8z29qAP{H&j zE9tY0_ld?@$p<=zo@=!che2y6NvnJI=t8^QH6LZzv9bFkoE{25)J|eLxIvWu;9rhf z!&MG)ukALx@xO~4ePKfA05uKgQVj#yeCjrVIzz@)lQ;e4?+^Yma&g8k6N*L=gB*SE zc%v1QE7gj0r<7i3^8Dnv6j)dUv2YKoo7%r=VA<#7H9|ey|Geo((bOdgLRi9mFiQVm zrMdV~r3P`XkcsFO%y1!%?p)`3pEk8=JS0k%^G-!Cc6CtbDJDPQlJp7RRPKncb8#G?>YV?t?(syDffJaqc_CFqgm~n6t|tN@GR?rTU?&oFnFCrrmu&W<_UU zqw~%lNo~jrX-rIhI8dJ+Z3!vh<;orK90}Wg@T)=HlW)F>i&~P_bv1?HCc}~H>aR#m zhc--bKS#$5AHr9^WE|md@`0oKa1K+`SqugRYj(#sdHSHZm9k)IG_KQ^RC3Oozkc*D znc%tye1$~ptN6AaB;xb_;#-Q*%xYEwhrdp%p1U!K1hvZdv2C1&AoeVHZRN4sNJa{+%SXcO9Vi-4;_7}?<}j*+gdF%p~;nz{_rJL zp106$dP?{92~FxrD}+tiwIEpUf`NzK3(JTQHxjA9_gpYM?M*@8{&k4?#u@jaJ9)bh zp^08&IJI7!C@OUFX&w#N0A$b>!OPYPYdv`I3y>6Ho>!Rf^=y@d2`2r*F%9`S+~kZC z#uo+X_rPw`rEVcvCq{AsZDuHmNT5QoVyJ@hM$C@fHr% zk{63~>kU=<5q!*1d4E4DG2!rWe3a1KLpotoSZ*+tgOo< zCQJjm#Hu~woyxbJV-yHHKhJ{e7d^wou!WcJLoN&z${W>Vs&Te**9{H$Gv>89`VVR3 zp8j!i5ozZOMad$F@b*ZUsp>-}0N3Ob>=v<-uV6b zWccCm6^ze7zR+JgaA*MVzPG$$W?@{C`6jBvlN-7s%||H5g;WQxmjV{XQ^9-tTrSaF zok1J_0ni4B;W}I9@~qXpX+jM~4IDBPPSb+`pTroDM2RS1Pi~?`KuMayIN~i zB&u`=pvA-Z7wI3msT&;|?CO)a8NU?yP=X{!Sl8n4CmLq|!X>G#cIN^1e*$2HZ%J-c zW3zyK3}R~=m>RquL%_aLdFF(fEJ1w4byu(GzrUR1ztcisUjs?U@Re;=MU82u6=8bj z#R8@rmB?wV9NBg3FCx19s9qbP^UZ`#Vq*FvP-ghQt2kC?_;TAQr2}aEdU@6gu~_Ym zDX@IPh>G3XORf8Jsa0{M8dNCH#PT6KQlLj!xh$wh9};G!gIQ+m8M0G)TS&57Qje%{ck!8n@DFDhjoWK=3O)7rXl&_` z?()8MFlxQEqiW}Jro&LB-s|DNzJ0-|P*~$PQi_V5=zjr6peWDuN;I&aIR=0)T^Ujk zWts1Xdu9JJzjXl-Ql~+k*yzVrrKm(gE9}qCnL)mGamu^%>|eNR3qGd}%pMW}C083M zgdDV$;%!nrWP^xV>hXLqhAEd*M1G{7&}wmY55c3yN2^{r`hati*k=|YrwI{g{A0b= z1rEwKRS(z_ub8piVC27;)L|Y#$?B{J-yqLu`NNDgcgeoKmgPGfk`@Z(nN2AoNf3_)ju&vp z$Jg+>{HOf%g1vx@C274=B3tgnz>10fOG}h4ES5EYu_{6S*N{yETN9WGYmvEf5Z(uSetQ$y8V`Fxi>Qmte?Akx0iSG$bOvTH zaX>sPe7NB0v`n#KC2oUseK2oKM2ckeL?wsvfp<$LX^4Xik7MwetUT~nR(>hNs=hF# z(sycRqVuJ!cu@}F<@WY&{x$U{&3||Rv!d9sNZbB2hAn4Z7pRc&{35y^|6o>=hcO0h z6j0O*+KxG^{d}#N->RJaA@0&4trWn@i2K7A!1^ZM;!%&$^@ifcP66kI z`}m#w;0qNga{&wCd)Xb!Qz2{Yn;vLD)*jHe?HRnU zthnNpU+STMJ|}q5&3@t=l=hySX%crZ1kI0DI38-+Y96S3xfe z^Tn3s;4&~OGYNMskL$;Te5tiNcYD=$_JN7Dhb3iOwWx^(6kc(iOffB#b7G%rvSH5d zie-gH9?^Q8i?T4}ts9rUr5N8r2UssUUJI%tj=M z)!zsRV8m%xgysY;Xkq5LhjR*SHJm&Mb=?&#MRu{8=-$&}+n;R#o4}&tF{c|b@2Jmd z3Zxqmn~hhKP!*NiaiR7xjZ?htOX@LNmoL{AdIUD1`xyd}xC*F@yh$Ww&eCE{Z5=I3 zVcue%xeAlfG;G6^vM(Y{+~PT{U>8tI|7?=B}o;re7@Xm32o`)s}{)we`ayN0arz^~+Wo=Z&`sgF9&&@y{ninh_8h z4B?olHsInVpTB#*SL80q5eQ%>00ICtGA*kJqbk0sE18HXyrL&IqX;K7zF%utM_FTM zSaD5kbW}xJS!fDcMOu1INK->a02XIpXh&olMr<@WZDdGTVt8jsT0<5vbOSbUXm~_T za%>A+XhLCiN-hDw{f<&4fS4?@=km|g+Bd5yupi*(2WRsPKWr1>Dgn8>1_jUUc2SyDsvo zZ+o8#isa-J3EzqwG$ZTVwlNk}F23G=$pFI*#u>WLr)X8SfcVdHMV8#7)nV z{5(T-<4JJ(o%4<^B^f+!#p0jQ@U#99p&sQB#SyH?Hg zfO7gXP2HwuyiB51Xl_c{hw=%2|8)|2Ag8to6Osx~A7`vRG4&^lRA1hgWtaWT(h20( z!G-6?um}c(ekcj48-x1{otjRZNiQyi!|t<)a0hL>Yh`qKpl%EmRa%Vr(4ep9U}@s$ zH=VE18tK)R%++on{NFm#gC;uj`Yi*c+Nw8oa(y?Ea>F9+n6uj*$me#if`yhp? z3wB|T0Cmom0fpdD`nxC^?$yIc#B|v}}F!a{rRe#txJ!2BmzW z-2q7SL-yf?V~Yj1%N*>;a$YpKtq`UbCnkZW_1SyEq{QKf}ym zEZb9`E58Gor<%EUf51V$N#C_FoAeWbw81lZJnIc~Q;k^TpUMuvzO%yLJ_@oNO)Xq` z=1MCN6mVm!N4DT>l{=om*xjH4opt6RNv^~u+_0)ASZWDpvy^OyBdXtLF$^l!qB0fj zrM=(ubFu0QrpAjDKHwh{=_!=b!Fjb5n#)qX6)?+fxR`C&s9n#CtC>s-8S89%MhcVhs<;s5tyo)0GZoL>t&X=^ zq0HGj)Z3;PR#fka7OgjQ01LSg`8QO)dLtkI3G>n$<^%A>5#OWSd7V-L>x^U(rW^^Q5WzSj?uC7 zX)?9I9~SZ19C1mP<=I<57qnAoWz=5w|48wDj(~%>?CndgQ+YCh@rxd*yx`faRv)N; zi`nTi9qU)Xc$u6d$@&694H%qmHt-TH93tg`toco@s&D9F zHv%Xs0gDYSAv4ETiutu`7d#4s5>pZrE@G`}CG^%4Is-14i(8E`WCIkZ@UWKk8rZLu z61XFhD*o{SFU_k9D`$(q%1Q>UC)7&jobEPR*^Wmb*2E1(uv%01c@2>OBAJ@Ge6tPh ztc<(He;?mB;zMQSS+{*L4Zk{VWaMayZ59A2E!0Tr zTnI{G<@T;~e+o;f&`xIvorP-H46ZAW%CpM6&3)ce*u~>&FWP9kwsy2p=(^CGW|`k? z>x6t_;aY7B!j!kfF=;Ev8_Zdk^pvzocY3e`fQ~e%(PQJ^z}JY-`m?oqiH_skqZdDZ zKY-{S_7-~rw`HH;Zc@qkpN3`v9DJ~zcg{x90bLsUUh zWl+LEofv}3eM#)a8jJZ>a@9^Fw8my1vWj4@2}ViJ-+wV1Cz0(uYgS4TxiW~4w$Kwn zeWFb8uZK~^jl~J~WMDdJN3}3nUm#0bvxe*$96E{~4$@%N4ZO%{*xL9z!i8sKDo@pr ztcXT`b!iwms>y4)GkV`jEoq(WxKxzJ_EY-q>`J5Ro>06s{|oO4^r5d8UkrJ)9savR zBf-4cwi)L6>{$M3IPS&V*k57p;c@6xX!j?U8{P_UW)HSxs~CcUGWYkU`fwrl5W$|#tSt+3~}2^j+vFG0V;UW&z4{t% zrK}xB&->(=UaHpV3L)KcG~#4o+c$a*A6=Oj{8>i|hdni3B*bJ##L*RZ86y1o1Z49N2Spl8=<#$m^5rut3GRe5tr zC_BU=o6BHE1km={;QQb2fh8h(gM*NQosfk%kX_kceQJ-j!QsZVG*jIH4tR%zHC|j{ zZl3--Mm6u3LCmX9bz+4~Z;iQFGwJ+#8O55j6!jiK{(~6Ah38qjF^NeHp2m@y(MU{u zKi&^2;VEMOTzVj-9>8USIV8Ye7*!y&vwV1?1(=~OWjvN55a00EC+ADKsS_* zy^qYBVv?^la_{Q>IwF!IGEasV5jL$?Q@Pq{bAkwo__#?%S|dTc>uG39bZ;lB%s9u& z6@zbc?8%#UMUU=UHOSO+6g zE|$%M7ro<7++XXUF=meyRVsUAsHHqXHbL}{Yg%Fly_6{pIc zBO`5Nb40bk8HpzK(CDQH@ir{24|L5%F>X|XI)p3VY0)#mLrm*6ky3!WCb2J7?w(bT z-H}NZa%Lp^alv_!qUtp8-(=h=`CAYRep$kH%J);NO8>0K?lI30%2^T+9{PrcUi`*R z5K7glDSv%{hAW5uyEoTvv`FvajdJHqmW!aBVuU;^Y^sSk@+^%|;jBVl`<*xRW(?G9 zV^NVGw^GIN%SnuAg2G!limqc}9!VqiR)|~^!B=g365W4y<+zO0xE~-B;Tg#3D_Z?T zXlIR>hwx0q;10IQS#fk^fks>M$=lhDsMcdxoKx8KQ8b5OvLqIMoQ1)HH$sB^oDk- zo`@Lbmj{u18dG-WSHC%=WCo@bk7-v97$Zq*XFWX}o_D(2_>MDG-WvjU@Lw@N`b&>W5b%Cxj!s2`B5{hD7}I^fg!oDM0C4yS||nT#R(% zpk)n6j+oDSS~xhidMr(F*4DL%yuUbJ1HlCvyH4LX06op3v9H+)WNs_TGNbka-bh>`!bnW#YB(6 zbCh+J5KI*o*0z7ckY2sjFeM}&FqX4Arf;d}uYjA5mr?uG#n*~V6N zJ{HTX{k{OnqGl8tIx!?5JrEZi_eD7!O8V$x7r_8f3NgxO6jhtTio^FD0bQE7J znN-@oPY_S(5LkfYj+0iG8YT54_N9<7VW9uQn(PWbwjJMtzo0(uv!UQ7MgWd-GJj0> zdna5Ph{q9cVH7@S`C{k&8=?`+F)g6R9|5SG2ib$3#@6aVM#Gy9Fd zcKVReav`}n^;a=hc%RuJ%P19})cQJjC{5`kD|KTzyQ@`B(6C=VOxUEFCU!h`xPZ7= z44T7}G^-M)u&UV52)(MdG@2^LTh~;h!j+wz|7$T6>tm$peCC@0InK{NUU123mt9Xg z0|Hvy9;|Td2k~)bNCzN#2J!u*c;^|CDZ!g@%6+HtU94UVf$~$+rMk$0T>Z`BIy)mK&&UGbZh9p1Z&(F;HlJnL&W^z^=mH0r2SdD1Zzi>Ot-#cW;$JT3msXs&OY zdG~288(#I=7&Pmg6dS4d6CCr$_t|E#cd_*8NKDIhei7I8E7|TQMo{*Ax3aeA^~mXw z?`9x(Bj!TK*xvLa|7b1DRhDE}#{x5b$*ZsU8&@f1Z^E1a`t7*5UxCsfhpd*rmXzdfbT@($Earbt5k#h^>vv_2$Q%ohk}c zEPaRj`-02WhL)qhEO>ZW;h)kS+|%N`4Gd`_G>l?O1!D9Rhkk*g5S7Vpj))IMosm+& z7S85)-GR7uPw7OouJpwYyee_wIo&xvNgZ>~UYjUdPBM^}%fOriheF3>qNf#!Fo6AU zm_!)*og#(`gwV#wrZRUG-QC}9wzJRBsO%|63E?xWBBIpHVwYg-PXYy>>YnT7tUw)lB?qbO8e{F zz*4aQZ%uX{mpWT(X=);Us&AWSpFJ!V(90c4Qz2aYG=M;qk zu8kVoNZ|^8hWN?@_`Q8&B0`!?by@0_qH|RNKC0?ioJ;@ZT-ran!OK|6}- za=Im@T}HNJ2h7D&{3SzZ)n^5O4kF%>0`fCYzG+oFmSXD7~}s}-@%qV!Bd z)}>N|dSMs7_SY6W)OfL?^wNl?Yre#pDiVA*fpg=obph;Y-y->v#NYoU`cgS`&>zk` zWM|lpl2^HzxvEN1;9R3PN&E-`{;a0c^+|G^kVVwiI|?O(9znbo_dIvXd5UcnGNQ?D z``H$5BZrY9lT%BvSD-kCokz~g+|Gb}`g-*OpLW(39i!8~oROXP0A)Wye7%WuqDDA& zT(*{eqL=SC8l4g zcRb)skf!HT>XAbfHUuqpiHoln+l#@sAm)MG{J@H#0J&fFq{y>mOBF;e>(OYoc@tHc zD@`9w^CnSyl?>jqXH9F#ue1Uf-Y-_2XW~uJN!nS5 zDmEZ;;ble@GlkPPqpPZ5)aGnJD$%5xM@3!2(O8dJ+VgO?;Q*Dv_yPJ-P9aSBPPaA+ zL%qSBuF#2j>drl{VP(qTDN~(n!-z+<{k*3_M=5$B>m_2U*ZWQoI(n|o>EuS}s%2~q zO~$T!OPH)N-7%-{#QUp21yQg?y1=}g=-x1?!$xKZ-MZ%7i-qG03e~diV3;o?AX2QR zbJpP9ITB{hU_YKflMt|yRZxhiTKolOX{CV)|uNzLyIDeNeJ16;cQ(N_&>z z3nedQ#~^jI6VbdY8F)VvM$i5HA>LDKp@O3uq!H)g?!ftE$J8kH&t-nZGbdgcG;)BZ z?3XZJXW;82X86GUabU_1siyd_s}YjaS>J9b!OE%ykl2s3PPTy7Udo^7T=1s>pFb3x z&2E)Sk#_?>wq#DQ=>%_BZ_(lrvCw=HWgpT@>I=XP1fA~lDr#aJf|Jhpl19|4K6@#n z=GBWgdiE`H8n#%^^(uL;P(rBhnA=GGs|7A+0kM8y>mLLb#?8>ji%!XWEF|cJY)f zV!JyVZ4Upak-)``hvOTvGJ#slZN&ar8%@1^fm9P+Dl(Awb`$Aq^n4Vuez4PZ#jM$U z@36l9pocATu_O>PM@Y2L8`B{Co}}c5!BNLv?A{34OS)ueqYKIM%I3=+KOCXNcQ;Ju zThxs;K`VoHr+TtR6BAxEr4$s)_R&E&YMxsXj;&lNAXbp(R)t;z1|u09230KiPi?%Q zt=v+w=sAcH^910-<IGLE{aSUD4_u0MoH<~TJT^oz@DZ2H*<3(jSQ(Hl~u09!Tw9{b@^H%gJi9=znomrK z!4zoGg>Ap|GtPAU)NA&OiK5!{oA8=YAw7ycLBA~6Hdg2IObN(P7>e0fcb{x5ty`9? z9H$St*)XZCG7~L*#$*p8`j`#XR(uKE!^xIvaO{&uAvOb0+4~>clrWHl z^!t}ns)hGFBU@^8zzF}3RC-&FtlFe2VB)~0%>FtPT2cX4&xrCDY}H7+Y51gxhs0^J zo^Dz%dTH2kw%p>_r*h&cWH_a^>SDG&vKGXc!G!h7_$kkGMG`wTfCngpoX_!BNcb2RK zA5z%g+2a1I;jQ)|896MqhnmAiw(ae7O}rb=T|#BH_GuccPJ7bFXYx^nHM@F2bV2}G zPcGn`4RSbd7Q|8*%VYshW$sk&Vc=O}N6n*85IuB;L=*0Q=IBQ3K+WSMx}@7?%j`&@ zz=|d7F3$e#6_Ni<97Rbq_R{pg!M?Rn2>FxDVZ5Zu$^TW_;*UE!lbn4qa%TuzJ&+z` zb0Nm79>AD3KIsKunWxW)e9=M(Q&G)#8)0r~dc7$ZQ;m$-2P{YoaXk6ugdpoP3&Z!K z2`b0;s3C_7JKHvPZFMaJEdozBYE=8giVwV(g<*TU-EG^C~ZsIv4;PxdcMFi*DocJTG1z z)@{H2(Z>J^;*8f{RPuZxN0B%`+N#xQr0AK76@&aQZ}xoc*@7w#v=*ayB{|U**AqLcP>NCc?5M zvCG|KZq?Qp55ulkxqXOwJVoC_CYtO;V@y$QlA8)d%eeaaeMly->(iHy5zUQ>j7K4C zw6x(3&x5RNQG?NQqes2wmF+3V?u+$y2Ufihzr``i`#;W?3!(vLWVC)=W5w-D_lLF0 znGuK#MX*h;flIIob(j2DZeW?p#1pnnIApi3SL9CB*xHQanG8qfZJ}QyluSA@o=x1c zH$7H4SG;)T8BAFRZq{Q!dVnU$QM_}kQ!u!vU?Dp^Rxw0$%-LakR)6B=eqG0BodaH|5=~MC_I;kCGa@Z&faM!}M3ZILdTs z{+p-$eU`biXO|?@PM!qJvq`zW=LnM{#NBQDVLci!%+x$Ven(MOX#c5Mi&Cy88-K{b=v(kwLlOXC3-Jm>Md0*`}v zS?_BzK@xK1U?mzVTS0x+*_jY(_Rs?$|HCN}mX)7ZZ5d*U#S1D3OyZEV<@nd!8x3Is zOqGWel}kymY}1`ZYQK}CV*N&!NUT4^IgJ6B-VAeeJv+P2at@2&iHSOd1ar%Up_afp z&N7e#Y@Uzl!sy&+kgnfxY`g}0XXL0*`Z<}HfgUrC&<5)l$>f9-zr^I<`d6aqF@6~0 z=jh|e`(zU6gTw=IaLh;Kc2f+Sv3n}#V@$`Lz`mXFJY-Kz?76FMN8}N_+4NXu?yE>58!zQh{GeMg7WRR0!P%toS%?Y)1zBAv>D<*3Hr^b& zXiAz^4mK-QHrEr!$G?BA?j;)mUtnlNE$ifJ*2%ioXmf7JeI;!}62G^8`fl8KowFxc zQp$266&1HPFiGI_e5y(kzX96JLE7FF6+)AioD-`CF$(M%D{;#$>sfZp9Xg1iQZec> zuIKi#ZbFMs()A?8qzo2SXwPFPM1zKG~}o%lss!g24vumA}(ty z`EXdChM=)&y9}$IEwyPcNEdfko(XvF6$b8e`{3r?Wf8`;b9-&CG2J+!O?~K0$A|!2 zHZgAG3tc;3?>vj@`RN_Z<%6Ik$gICBd9lct6MOm~J3Z!CQ0{r=I=wR6wzpzib=C^y z8W{Gz&48T$LQvCdbg#4PqAi{w^_I#OM1_i>f5s%*mpoj3d)j26GO^S#hw^T=sn#`C zv^&z3bsCm%2>ohxNaE*nm`W?_s-et&2rCgL4Pe6q!i*?Ba!2U$VK)?nWP08bg=k4i z2_xPT;DR5oak0zr6?mDS8I@!>4!E`*ANS6)(xpB}tN_h-&%%?Y~n`xnmR3=1* zlC>FV`~R7ewGO49uf4UZxmD@Uw~dnH^ze5kte;+2AS3fU*Qjd~QXCu%II)JuH+l+7 zveRzp^nHg^w=j@oKZh$ChG6izOQ9%LVLKFsjO-EoDQ$5keDj@Z{Ab`xu^19?y0a85lp6OXPUHQaU>I;1YWf0&Dox9tihi&U3Gj|lW)g7`Zt4`{nVVE4VAE6vDDKr+cm)4c`) zIc=~$yKdGsMRo+a?M8-?KTR>MqbnNNNI|Yl0X{_q{KcpBYwXP7^sBFV3iT!c!^2q5 z_;%YUfJv7=&!k!_7s3CGjsK1zxizRu1IaCr6w2;z=`FnAph7~fiSmR(n$i0CCt;l# z7K%sN(diGJ=!B;?=l2)i!g2kR7x};VItL!nf-u3hZQHhO+qP}nwr#w&_1e~J+qP|O z&(2PEC%f6?CO7vFRBqLG>Kuz->M|@qW#nOkP>ubfib@bQYEvS>pv;Rk@3aG3=wYtj zMa;|oY~5f#dqf$rrN3D$^ZB!3>JW(Auhf21Ffm%`L>`zDVT;H=SNq9Y6}Hzd40*iM zA*4YOK(U~=gdjY_RQhmAOX5xq1)nj@L=G@`T%xD(d(R5mvB50;D&T$sU&&!Tox(CjhS#QEv^JU@Vy+V0P_9g|IyEXrLI$&t=ylJulvl)0@uOG9 z5PDKJNmm#eV=|KJm~J4}5|176edcv-&2V~%6o#Z5xsIqNT)vrw>(Scyy`c2MUxoX!1SO-Bo89vMz+PsSIvV>}_sm09nl>51MSz5t zy|ifO!+DDtId;FF_7)h1ev6-jwer(*;MGO)+b(U#>suVp!$LQ+3THNd3!fif9z^p^ zs4tTgA<6IZJ(0?_8@rB8RaYw$;R^->zmeL*3S52-A12ek7SwNi{8P=;*E|M6BMsv}b|15H zw`WpvjVz~FW`RQ)x~qm> zTx%&g0HnV6QjO&mx}!Qgv`3+vM3B|wa2Q0!z3^V1%2jmX?`t5n-fP2AcQ1Cx*q#n; zb~73khp!4CfRTI?d5Lmuha~umCEwO9A9B&x({TK-R~fU>zO^uc*E>Lz$RKry3av+b zxs$#auE9YvWJFMv96{r~uSFtASK@>&*m0$xyW0b9Odg46*J(yW8@zdp;wzs@fFdX; zizdg)X72ERd_cb5D`nYRWF$*d9#I@i`*jxhek00!8#9Z7L`$&})3kkOssc_B746T~ z%R|SV7d$ahqfZ3W1jrVR4WG=#$1TzBfeE8K?t&z0xf1+_nQ3MMMa-_|OP~ zZB8<&0^QN{yU0ak{+RXh#p*m6{xQxat`-`SOh{=@#aMuxq<#f|o#_%<6_}GCA^uE# zXoxPFGS!c(wKJ(o7ywBgzSzn|CtH|i6Oo-8Fj#;?myD||>sMlct%D_BDm`1<#uoJD z1Fjt_kXAZ#iRUh19ZV22>2=#jt?}>hAsZxEXQUNqyPSfj_A-l2&9x=oc5;3FryMtn zBG1s;D{hS${3-qF4QOot-kN4;blYY4^*923+M;FQ;ayX>BHbhS`uLR^wV5&b=!&vw z6Y>^Q6mN;<3Y04(TEcbboB>+Y;|LS~(GXSu`S7LSxKK!=3d+JkeaYE<<>rjPK!ZoD znN17w%)nRy2{G)tcR%GZySehK0;(PESsR+wj}8rucueXm4*GYtwv&j-3}CP;^(bC^ zcUnj@mN9BTVC>$JsB8ej%HKMWB+{ka6BS!>l7pBt64e`fTlzu!kZi2N%e+C|1-4m? zpVBa4x6PXcTrK=~ebJ=s>2-qgMoJV>NEs>7!S9qYYFG!6Jb;lhgMEdEzx7fXs3+CP z-&oyI^}4BX04l-;>ZIW|j1@RW=i-XPy3`>jRz+=}p7+%J43X zm-kYm$$&Qz@OUN)XHCAM5%ldAUlijjEpTzGgEDdG4F-*$yC1oqzpEgkHQt`-#}7t{ zO)=n629wV=K<;wXj;PShE5PkSxgq@H3GX<`=Bqhu(79G|4|+r5kGafWIGZ2RNm@x0 zM|Jl>{k-{=AQe-_%aor(zIP-lDYpDM*)An|^rx^1&bxufJVbFYnAxDfT?b5kf5;x} z!g^@>#rgR{|I<0}4WBsU=b^OP%KlRO-OZ=kil?xYKtQRi3#4$UI(E;yiHAi3WgVMX z-R2n4opkpNiBF_QtJ@MVqISoGENPu#{w%a0A-WqsN9x%9AZk6fI1bKJ*x)=OguiQJ zcO$|y_A;hJCxw!t*s3hJv|vKnVPpry5n#!b zww;4vj5O#}<9boDWl~}?{j*Xy2JxjKkaZnB?~0w|)fw>;eg1@?4BH>^J63pueQcbS zx9vsXf`4m>SrA22sq4A*l~Ns4%eW{!Xs8&q91&F9g#^8z<2{R^6<~=Uy`Z|IE8KqD zVW6oF(#YG^J!vhs+#1>jxa>aNwayJ?NG;!3hC0@&?&+V6hc>iZuT+Ymj`Ix|Q!N`B zNJVD{Y?Xzunyr~AGc%Z(0}a=4`~w{Kd zSvbSke!u33+jybvPPPmUw!#LMk9ZikDQ}Rik=G_EX$K=aeQP^bn=FE+_SmOFWbV$_ z*`t+AMx%VFM6AT3q`wa~qJ-s!5<$;No%*$RGB$U|R0m(vCA6i4i)M$efXu_qxO8it z$LT19OiZPIk(ATkH9ujtQXT;IyXi1&Hob1v3G)^U|cE$EacC)~DqAcJ8e!0Dh*YXT1kydoi@&8T%`jS8uS z!F5V@)3)LqeQAc+c;b|H95dWE9rkdS{j)UD@N3X%sEi*vvEmq~F#wZah!W#LT+oxGe9!;;S4u{Gt zUId#W9fV^dBjg`*1*E$=e({>C$4XJTY%$=6W-L2+0zEPQ%qhlxf$tL-h_N5NAN%_^ zJhtxXuJU!!&)iANPnqu*(r{v_;r#dAKq5mcrU<8& zVxgCF)A^0;rB-{7qqiq-oA@~@oB)98XiW3EyBo6zv$mGk`&!YCBIHs}gtI_h+OG$X zxj!I9H$f6g%>GWH(*(JaqLN=D8?tPND~=lnyAL6Gz4O$BLaa1pr0jT2^Cz6w;x`Lb z3bA#dvk)&ov|Z)ENN3L@RUacodMn$Kyn*cefaH^tP zDxGPxcAUc8ZlVk6T54EW{+WFq0)N0Vt^rQJnAxz(BAO`HjHn-D_~SD#;U-AfDTrCf z+^ljMg9{$C9q5kevwrx*P1iOp=v-PSa43p5OA0vUr8Xsx>qm0XvMZ@_Vd3H(tsPQS> zpY&*r9_ZVz3-@f$+wGI_zKi&@DctE<%$=(E zwSQ{=CuW#iLYr9PyJ^Q>sXPKkHa{w7MKa*cgK%2Iu#d-1ckpDYVMUClIXIwj%?)Xre2Pl(m$sl#iM3N)j&P*QwM}Eauk$eUSp!> z?U2bF0WCG&c@65t|MEzDBSiA2W3v)D`{z5R%0sts{_w7=JWG$>4V4p?%8zNgC%sGjTSFHW{>=+qUoLtd8yRB^-vikv&~3%KxK5xM3N*y&^BRWV zWx9-Df>3DSv+i%0 zAM{klOX^81On!5ZfUA(LnZj8U1@HrPxWjIx=?v}S+p-gC>@=Z0StqDh8TSbh>8<#U zOIItWgr4+^T;;_&PO61j@$LHK)0=P%3;q1UG9ISPoB<)xv`>lk6;%pdxzO$1BLY=Jdbz(} zNr*}Gbo(M=nK1nSF{t zrAoOQpE2u5WAAGKQaM7qu{SN z1Ab^2$dRsR67he`ZDfh^v7IY#Q!pQjqyDJqT)^9la66Fjg?ESQ%{%AllQ77NE`wS& z!d@-VKy%nXsa?+2J9FK5MEKKx}DcuVF{RTEs2OTFzvNbOf)tBI7+-a73t@bV0 zLbbDtU!@)&NuhhN>$4=w zo+~>6K(c9YQf01h6*)rcQd{96`MbaQ%rgwW`iq_MS9eff@0vKB;;*D=+h?N+2_9|f zxi$26BGGs(h%D;)bkt7lZ6E}C&p?-q{}3&uBicyD`4RaQ@4NJv8r;=wa6KSWI}hk; zPN~uR5)Ikyyh7$43NfW<%09wusVD@$OFU`FYG`ZCimgDUQaIm%o zr!r*le9v1NQVj;1VCnDhAKSmHc5d7;q^d3UCZ&sE3>YCxemwUbb7v1)=sS1Xdo2f*#T7x z(zt)*(?rK0>4;4afET#@GdGwULUXeZ%i0_ph2$ zk9uGDh+fTZ6fc0g9R|DiB3$5soh?Trl-3H3on8uTO1VrpHm%eoxYhuoZc05hP{G=y z1~Chj9vk3GhM%bn*jFa+Lr-qBa6w}$JTh@SkZqNvu?%l0slG-R60=Q~t&vjtSG9A!?6(G^2mk=Ass@ty?|$=wb#QW$FSkGx5c|;=r0>d32Dc} zhVRu;gzjq)cP$-vpfvpUe07U6Zzl3FG9&9%z)2$_%TJv9p=aB&LM58plzkR6Nl zA`m-_9Sk_{Cvw#4p{p?|Ut*KL4_r8~tAj<~!*z%7TCKTo?I7#Q>5jS3bG}?n<ysWOB2{3isHgiLzR^ z1;?uNAB05*T1tvX2jA$eyg`ta@mPn@!j0JVy_ z;W})?etzr7r2vzj;!Jiqa{W^t+Tbk`>L#9#?mmFqf@(nT()b(Nut4E5%3=4cH@3~m z>rw}kGd_*3W5QJ-r!oM(^baI? z{NXY`bcjmX$cHO>VTFQfs1;t62!S&cNgq;A-hFX=F$Qe-t0&z^eNJz=m-qz5ie@Pv zX>|Z)Yww+My%`Ps$azW!KUTz=G)!SIdbE=L*@h_-kOh_Zoof}c1Sg4?fyB%>xvwNyk4;yC&kDrCykx`BQIv= z56X#7%>QXET3!$xDmrC<>I5XNlFkmQBN^Rg&o)hKjt~sv_fPumia+7wD=gakZRNbh zTReGw)y+X@6p{kfvP_iHYY+~q;pyA@Tg1~uR_rLVEWk4Ata7Rpm;?{07fu%pfjY^% zBhCE8#QG|jU~n7s5_Q^m=1u(NCKAv8r=4#MufXK8(~bE;(NyJ z&HS<+A7uB`hZLfU!E{*Z2Ze|5{D=C+gn!mH+zx+YxK6fDOJjNMAm@SFrHCZ>-z^d( z5d=UTvHOd`SwO;Ej;yEi%szWQ>-pVyWyHxc14qtqS{x~VoJk7ndXsvNxZI!6U;=Ku zoP}aFp(aKPN&<-ei{KA&e42?x-!AY_8PylrjNY@Pwcg!iXb zlWRn}{9Nx1%K41w_>D0J?GM`g@8r^#*m5k8H_)uiL>hcCtZ;4>A{)dATw@+I-;x$^ zz9}$mKSR%SUN9GqP%2O`TQ{(lCtDv6|4Hy-6+A;9YV zur45k{nji7Oz1^O4ObSG7KDR;k|SFVZw%}>X^?fkApINdWZEj?Ah+P@#?p~qlBOwX zj|K_!5x;F1ha}G;oJQs&>wAF(&2eR>Qa*SXMYxRKM7yK(2dtiPSKu6bfq_$X?87B+*&$x>RJIE_j z&j5UT3{#&51^EOOl0-P<@9Wjvn(jA8f*ev!A&TNFYf!JDHOi|&P3B;Uw?yR3auo1g z+&fwCO#!b?gNgNp1MW7Vg)P=Ia+d2bF9q%p;umF5;KqG#S~pj9o-9SOX&qXwjaMe# z3#e}2?~)z?S8p(AWrs|oQUxYEY9dIwS^ z)jP3V6SHVNU@bzMjKZKHNIJwYQZv_!4LyA|%AaWFSeosKp*6s;@jRi5%LeNeg8fCM zfqej9lDekoaDj*?oKj_Fj2qjMkf(vUTAaId#Ks`{ByQ#MVP+{i!9#|w}y78UJXm_gKr**nYK9ujr3!8K-|I;liq>^?lWECM9Z;w}tX%qqFNp)t7RJ3!UkPafB%i37 zcGLG?6B#aj7`>f=s&Yp6$Nb0)zo;c})Fo=ON|bcq#`Q+nov*n<#b8_XJvxgVO=#p1 zqjdH>>`KNTX9CO<^jJa}TXL0Nd))Woe@l<^`MvnjuhT~zj*+QG0WhBi$%Dys79j;` z9a4N`ISZ>WdOXp35IsVJDad~+9sFpUHw42kE88(AS9#6~7lwuUM^*l4#L_oT@T|qe zr&q$4dg_SoeF2w5YCS<%)vd6c<-yE;D5h7DYEVwWwK40@b0A_}y^`vbMd`V!E9IW0 zu@e;G|I0J%qff>Q~4Gs zt+_I=+<{V&w7&R_fu{D{s+QM=<55G47~l?i?e~EZ^qvftPHyS+mA&;Rx_1DLKBNb6 zF;*Wa2gG$&Usx0-S4s){fUac=a z8G4#H)jxb*L=viuJ#||W z{k0P?ccCasm~BF9!A3+2WdM|DO#o@NREtf(2ysbg2{KfY4oJ7v_;lwjS#okg~Lo3&^6lc!Y@)A7(uu?ueLKh4$h!84Gp=uf8^hSYp4L<;v+z zxi>1zkx(LJ1jY_gq*y%nwt{M$acy@TnI;k>LhD`m)-nF4e$P^O96SI%W0j%nYHG4V z3*Q{oMO0veF0J;6NSD?yJ<`eOX9r~l8#*iw$d*MF5PJFV5S3w#CUo%ANyS}9KE@9n zK?*~KIQ#k#j{X$F|4ol!PtHO*YhZ9+`V7yYU_4K>^?veBy&ImHS+(GT;z#+t(NiV;mA&^cA)4up>iIs>UQN{uj=xOshI(!4+i49CeJfG`BOKF(u=Mmf@B{z(kp zz7I?~>D8LXDj~5&)TNj~vPi3!yt6@fRQ^-G>lDv?JM{^H`G1 z)}%S~8aYJ4EVa_$^HdA7zcA9;1H_~&9@w#>3sD3j@d?_CrfoM0yspF_q4PY8D)(JJbLXjzqt(1sfx<^VW8)#3XrY5#x#*#+gT@^{i zA5kXTy?MlR}K!Co&|vNKo_?EEXpq|z8T7gJgvT1_%qq%~bK{n-nGY;~Q+ zqDApXF)axXBWbrnC`d-TIufr}RY^v6=7AjhuAqf~hV=X(Wak16=Nc0khNgSgW{d$r zH6&=$X^7H}Y(34Q4=-D(WgY)y_wiGMh|8b=MlVHsxGaiF=}ET^-?gqjTzPh(j=PYu za@X}5Psl>5`VM|Pu35kMVw5yF?nNv~Dj%CcSEyaYxcgkDTVkz0(GJ!$*_onmp<1cw z4geW}`xnTs_L#IIxi`DMecZev8m?3%FQj|>0CsP|c-bQ03Jo`XLKzNhGUgjQoKQ^B z&y$lPdDathQu!PT3O6cfH<|b!`Fm<4JTOJc_#|}ZP$^qY97*Asp70vb0^3ZnsYsGL zg3!!7LJTxOB}(P_CM<=sN^`#N=dBblQ0&d}=%IY(1`zlYE24Sm-Us#Vh^X_?bOOY~ z+}y2z+W5buDO-qjYoy9|0jb|78LG|L?nHj#;XSDS^xvjQwhKThar?cg#f%xk;kP1uhmZMw_na%-Xeit@ z;^@wov@5hdKu}f#(l{d@*kaoJTNzw9d9!oh1?v0;l>t3~C!=!e%-6A0l*C9g6szY6 zq@uozav<0Sp{oNk&jH1TF^@pkn;w{IQt ztlX04goBOdlp-|bV~bXCzy!0Qe@Eug?j407P82_N|Q49b2(i#(Y+^ICh zuKL6ew^z8Q*!hha^=KW;3ZUg@-LJyc+g4Gt8?0`9Lf3cCm3E5~T^Obyno)>66-kql zKJit~Tjv=KB{JP%)d@+h394yVS=OgI^i_Q8zrFiokKmHgxWhz%G%PMT%s&q2f9VHf zk@h1asyBWUQ4WOo??&;Oc6;2~f*f=$i@#!VZIhw5HG0oV+kC7&gFYOKh{JNfEl5;c za)G(4;8nmw&!%2O5jXe(;)_2}5 zxxyL2?y!>=KifmS((y;Se&pE9ob7s`VGU-l+)NL0p9v6~3tXo4mKeGmQrWN+b5|da zZ|Lx^rDEli{veE#QGxfF8dKDtBz8FwAQ-WnWQg=5IiDHCd!o67g|b2gH2jRdrk^T*L%RU#i()gQ4Q#2zPD~7mIz| z=xdf#SZvQ1RoM=Bas=iurtvG|6N&uHfa?M>`qI=-gC0&GMwIcGiX$~x z7BlMg^&k1|Za5!9nm9;ho5b-xk ziF<>a**)2$3Z6ZJu+qo8k}4kB(d!G)N)?;m{|2C&4~GV~(X|0}&kQ2$A`cXt5R*k? z?f-j9A^J0bLi#{yw#8Z2d>cH1wz_RDS?eVkRJ+YN)g|*g#$I{NyR_tfY`+q-DSUN= zk0#h=P*GQ`l}X_X17frR@esOZ%2Nh07l5?LK0W7PDDL0-9HRs5Q6D}n$ku|fBo(~z}ch61m zS1@jGqJQYlD^Nz_Sv3WqF)f_L zOU`>U2Rh^DOMp_Dy~}zEG3N3{qFEyr_=6G@Xd#0ZmN)7ag=;UK`T@0Cr zE_)B3dKbW333#cf;L21!G!)O*8JWh|6#ZZhU=L-k5Q-W-7*qt5>NR;Z8=LYTFs{Vu z(*(RKIv3LUtvh1_<+T5o62o^)-lhaEtcELb>9mqHS=UCfUOubFsWFp%Ma)L-Nj;Tf*O6kMcA2b*G>3O=Bw zdmgucGHs6C^f|^NW{JQ@k!^MHP;|-h<}&ko<&XK`cYyITdYQ>X+q z+lyQ^vOISt#R3Xl9$Fa@-Q(McE{Pcj+j-inSt+ISLXk63z=nTXGUh*(B%&?>c#K`3 zG)Ro~NpL4?vuU+nxcpIEHtJa@s2gF->))9I-|_G!b@mvkrpW%BOdLrD9;_irpC zh;7w~NanVEl=Pj|StxMDU%pIv@GlMO(^gG5aC5;&YolU!5GzWxKJZ!^0wFKFNF_Eg zXvI=^u^EfiryO^x7oF2^n&~NCR$!{HMrH~JzX;}F1@Vs65z;gb#U&-&hWcUdpT1E0 z`pL4sGAEX`WHp;+b~PpFFz$8rVhXrje|@+<)UV&2Yg|#$=BNq=!W#* z6fbQMWgZ}@>2PGAX@T3PrR7wAm=`n6CoZXEpGa{zV4?fDlw=T?4{|>84^3`B2%aXD zOKa?`4LUipfJL)vWfH=&8C&Bl()Kadeiof_PIR zpRakPq-!!ESyAbM_*<7t49acfXRVczeZf7Ym9B)({mB%*4}e8&CEh&?Bmn?WaiGyEAzDdf@GsYboz3e^OEsTf<*hUa>yTe!rE*F-W}fem zETDd9QpT9O&p{Y`bBwIvox}u@>OLW1>&(4U>PV6@Aa><-E17S-iU#LTceClwxiMZy zacRB8m}qSbi6K&a(%=R)6H*5s;Y$TcDz&wu2fEM1X8^O#FNYi5m8wv!wNLh0k4JDP zd%fUCNwF!1?`r*MGX~M!04+Vtm7;lu7^Jmj_*422(3?vr4#lnJR$^9bp1 zOW~SoGn>wnMWqHuJL|;q4awPgOj>PeB>1R8PbhnZD?O4eZ5A2aAx;zv0oc-}W;rx# z^zupw`CT3~-~eRb8T?vaF3!E>sBVvxzYbQ43y>~5ab2(prRV4JwXv@?ycoZ17`AL) zMn`){L42r*Kr(XPl=8B%rEB?(w!!3y>i-%cv|h5~puCw>@)8B37vxvjljX=pl99OS z>w}`+Elj7XZDp%4l82=%a z4R^i+`-oBAd!-9|B}JK@7k2NH{)d2&)xA=wULL0$-paAiN=HU$;U|Nx7naGXS||qK^=(6AHqCVFA<^!>D1-bz_ahjw1qh1 zPBRBHv00rgG%_f!0Cc!s-SBqS7Cf;P(cUd}mB=dVL63Y55=t$K71opCS$C7g?g+tupMGawC(*{?_NoIHOC0=g>rmM{FBRVO@b@pr2yxgnx4aDw$nk@9KtFUUZ5t zQb@OxvVgA@E)fbRCmJwHd{8(6(R_l=a(g&Jm}letJvfcc+ZM~H!xvR87qAW~w25`s zk&v0vuA(!LP~?n@JgRB}_8q|Ske8yx7pd_oN7Y9Hp-0w1`F`)(>9Y1_P*n4eWpX1P zw6!VBRQn=&Zr`GpSb46K>9a~;u`=(VEZWxde5|_+gm+)mobQn4W?+Q+w|%R~1Y`(1 z$T>gLU?50wwfMVO{2TzYs%()=Bj~e=12Z7M4SQn8)BA5ae<?fL9+$}<|4D(}fd~!x+LyxFht=2u3SxH? zlA!1|-w~NLy=i?~O7d5vW%A~t?G!^;VepFxDp5jJy#&~Al**<#1DL=#LhJ*2uyVOn zF=AfgK%DZvFX8p5d+nv|-D?x{B*KC}Rzj zk`M40Bx80yD%n3U8mCn0zqL}IQHNT!WLt;F9JSY+}2)9Ah(K|WQM06|f zQ)gL}bRuza335$CY~n+6_vl&fff#S_BVtY|Kcjdf7{p|88D@CN;4C86DW?e!AobS9 zRF=JSh!AvDaCMq;Y<)GXD^Z8N5>4j0%96_gTPG*WW^lZc+AC)iUKm_Xf3g9CZy_{0 z08fcK3fRSQH!R^kg+IaN$8UK{-l?*A;y+paKR004WW}}XE6Pqr~A57T=^e-D_8)Z^Yt7k+fZe%vq~{h5_*x7;$G_b zA>?7vi}5<}x-|OV#Jyxk8;oBj0K`H{D+cdYbydU&Yj*fY^RsJEf}!;YO2M$bpJ+hR z%=46+Kk0*W1n2<|0Xsx#CxkA-G=Ab}C?W#}Z(c-B2z3uAQ)My+TmKg3>*`_*Ry0qOgbkli#% z@Ddf9b0A4^wf?9u=!G1{yEZqUOJq> zH=@C|(g_dR6np28KESG(WDL0hHE{vMT~$q* zjzwb%G%AM z;w{%XT|HUW5fH|65eu&TO;3#f)^LJzYE zAxi6P9*0~Ib6Sqz?l+=V)}cJv7e{a{ZvE#(#@J(Vbi)uHFBHU&rUJ9dcY~E*DD#C? z#xhh1O1$DHObjxg<@NLV&EvvzSwu$Tw8YcBR{%0ooisY6{L&a=`Xg%BYwY7{%r!&C zO!gpx%BBc>4E{4=%^%}CQmiZa4TYT!y|RzgMX!kPS$03sO#%_|b30j*-rIuy`d9NA zbn9-Uoad)Tp5lS2sxJ=hDmu<}+I8yVh^Xnf8p>v4v9LwEP$CA7IXDP*&WoN}`;g>G zcXoXSjP3DA-qAPa5}RD9JP#PFjO4kRDoWNWqqv51UMQqnsVy58iYP6{4q0~@-bu?xz&ot;r@3fmWkEKgq4;3mx*OIG@@ns{h&28 zWczjEax$`*ahe&Ma4@m||Cm_WbzuiGs3x%8)z;X^-qru0VrwFK8-8EOk+vJ-x&E#* z+DjYPQ%z^JV1O?amXjmXEA0&iaGsXlBR2y8FR2-3#(fu>o8#9`o_^9KZ{#ob7>{w{e#Ohq- z=3L;+;NsNg>cm)Y2iU{P;#y#AXaocV1pTD`%XR$t#TygCQlZaSE&zZ#Iiw{M6eVEk z^MwAV45c(Q7NRm;b35 zHO4^bVS=MRgmWv;aDb(vhb_ji6Q1@yLV>|=Z|o^N&5iPSN~42dFPb|Td|5L7=|OxeC=&->Gm z6Ma{a?dQM^K?||?AamUrzkW|zPt#mJ$(j{~f54l%7BCL>KyNpECB>5hEE+~Y3*I4k zG)nU`NSpnGvZh+AC9oD1g=}(TM^$UoxKA@SEQKwlD4mLMQQb@s{Ld|~oF3G_bx29f zTv;ATrd!&09;BV+SS;_C^*~MJsGwRoSr&MxBNN{HiFL@Hp{~DPsWH;30wiQ+S-}cE zZ})~=W~5^J(G{e0yn-_F;>pdUwU$2^hOo0}Rn#vb2xOpa`IFdX_=~%CrHocxBQK`n ze)993ys`O$0+9$)u?KW`L_mM&`)uxqk1Xoc&{T)=D&eY)UC(1Gee0`P=~tdk+Ec$3 z_)|C-JM z!_fpJp!JH}L`rMT(CmjUi+tcYBIzBIHHg&k7s}3>#PA1xSS;qWVh(|RFg&a2C4AW# zi3+y8K1`+*XCw*y$_i1B$u1fVE#1Xcw2cNOZ67=;PjCJ zYsb04KJu&l;3t^w9ypdM7H875>a&@w6eKQu?oY!8b*t^^24n+Y#i>g4%x9r^V#)GN&hFCX2VE0{4( zmM8)i>dZh-V!c0jK?*8dZmgqH zbZj5*p(e+H%=VNd&lm-WZTXIjYRGt-zJM1Jf}*UigDHeSZJnfbuga+6s7}Vc*|Rr{ zG8Hd{0Y9j#^J4<*$T(CG<|w0^mIu&<^q$p&s2cszJCu|U0_zmI?;TK~C=M2obbIgC zVV`)G3nOXq&TtJoF;zqpcvk~vH}4TqP{mA{>=N4p+T^)xLtVDhGCUolCo^59br2dp zA&t;nz44PjrfNc9EJ@T{MLE>l1F8`Xw!|Tt+VREgOWdpd=_dQV+P{ZC3G;d4CX2Ony(DayoLs9!Lj^9J^Q@W$sQF>yc^AU5Pv-oIy zVbun^d|(@ED(i~zM1PoB-MK!!yo`#j2E37)MGxpw4QSZHEIry!sNr-`Cjj@aupbtT zxO#XqkVfi=1d9Usd!9<($`sLWCian^PvBzC>w?v?zX;I6mY^4!5!#5`P9tK!wyvdE zNv>=(yvYIm%ELY zAHPE5OxK3>teX@s{q)?hwJ4)k<{Z3~=wMIW5f(!~)@a1B`xVM*=}b?d=_GyJ0s4xF zb!UWZ;O9P+_2cN2saTc{B3*>qh&IluK@%`;3}WEYI6tHRiQtk=K30bIf_x9cpl0MWa1Kgn4M!IPxf7$cb44DMw`3Q5vk1{mmv@26#o@lK-C1RlqCjJ$gvKSdqv( z&ZC*3qG0}5U(?EX2!rL5u2=q=oFcSaFhXo5{w6c=!T>+afUNra1h9q-_DEuGm3JkD zR>TU1eyFi3>7SU{GHk3dPos!BlmU(_Y|Mu2nN{n3_q6J9fTAzNz*qmlXGjNzJ6Y6ng36)Q_f2(l1{5!xU^fWH3@7IQJ6$t@c zxyTFA&Qm=YL4Or>YH92gjI#|(x$X%dmR)#qM|?PsEqQ(YoAM2&ekQi~o#%AUuRg z7*59{5n^eVv*xjxN|@)O@`9smSO$|J0~)0bLs!Lkc+C|N&YgS;6lhDWd+dTosKkuD z(e&1pp0kX0#sHnaj&=4`?qp5{1YAsRu{#1ZrKIot1DJic1Zfd3EYV>J&Q8j*y%rk zehz4p%v@tX%5>e5C@!W{;p^gy5#1b_UpCpst(9SRARqvUB!Q3X;cW-QVM{ zS#m)21aMW#)4^;|LTmj#;d&8j67q&I?@%H9iZFeqGZ>OGxpoF1WHRPbyl<3=Itm?# zlh&{U-Pr0Pb>;Z*_nRZnGmeT$LojIi2A~AZ;Ga#Y_!6`^1JEtOPu$3>5Xos}J(%c) zo|`7t3i3z*UWZOZU zXLU}{KwUXX3%qd#p^h&JR!oL%K%U979`2a1r!0ZSQ~A;0UHvz}0H=|vUvUB9lm=NW zeaAv+s^vZy^K>T!)t8rH*K754Z@(f66fr;whQB|>>+Np|IM#x`7N zlYc^Bw@CSB1UuqN#fEi1CJ>+^$-<~MY8P+We5&8Ne1kyqDP{Q=+x%q#4yEJ@MIm+q zLDTA*!Fyl1MSJ7-Lt2y5$z-Tl2AUPDbWyKI!^L^o$)W1s!oTYk&#DTPTNZHnk-W)K z;<$_xE$WUJUfCIl69f&h;~tJ*J&_@7`V%Q}S-zLGug={l+0gxy#yrA!Z?aiaLuf#W z+;~&rj@44c5DCOP92K4iP`l0?f{^Jr!EaT%*tbfdbvR=D5!)6+R8*CEavsEc6_Xr zCt9I)A){!2A=N4&fAHPphRhF!gggyNXrndkm<2c~EdFnD<#BNck0UGf&1m^ha|6V^;ltl4u&UJ16Hu9BFyVEjx7E-?-7gu7B}_b27a zTo>E_hCLEh%2*?1o0QIdV$QOgH)b&YM`Py!j%E8le6sf**_&{4?@Q$_#n0uNF5~d%eR>SO5l}5>gd16>!e*Z!-s*Zo1&C|^37PYtCuW{C=xcZ(s>k~SrRCSTMGbV)`<32_g508wY%7PG`dr9<(#-~MXtWx$p4GQe)I;OFxMM~0r83>(ejO)KFtaC)g0Gw|RQ1PR zlb}@Hs&gNc9wieo;(wxEHK@*EZ25|UC{?^MuAB+Yb}0V=YT&)mZl#bxu(3(fR-STA zR8PVNQR5X2W1}9W*fGVtM8r}naR|`Q#vQviBublW@%j^4TiPj?A#sFI0TCJV3XW{w z8lwEwXq|bvfaN1ZCXRqFl?Y_8Ula?*n!G-jw%O2I?EXzmWw17(QfTPukWGWYn2TsN z?dI@eMWchoqNHQq&4acIqofgtiK5RbFKLB@J9nex@^Do29@Q_|nbfb!vw93sjhFkm z^6X!_0Ocsj$S!|lCYXOf_l$s*SZUwO*I(6FRFosUxX*!~oP^;|Jq70R z+L=4}mPIdsIySrcPrlXmzBW&jrg~?7iKVmQb6O2w&N=WcmdMR8ir$)0Eps}HconHn zBEc(B?>$d6LG?Zc49h*C{&8`_jx7iFtnmlb+Gc`(qa?I+4Q@&@^r@2WW|TyZ!?hWpZnd%_8`2_8E0=Qb3n@a*r;6Ln>qHP)vt#0`#B zZ@GRJK^8HMacVvG(zn3lVB(-Xoio}uC7hGt1^zdm zrOjSFN$Vw$_M;|b+fXmn!KHTjoiflz{tNk5qIObnDg(AVZsNR4QtsQ+g)a*7KeK<5 z9l5v=Xnlr#*rpjLuIDp%6-}Dgo|@Z&mp%5OVQVE?HD5<)`0mc_%qqQy#m|o&Vs}vyRcFdrbDq#i4cg-Yiw`OB&c|vUxmNC06;3 z>g`6g7Vm$ zo#>mY{t=K}c7NEL@6PldgG4KH%C1l9JbH=;G?LJstMkB`V~qH2E}d=osY=C_jSr(6 zOxE+CnGFKAsB*|w4Q^aEz-c}ex-lt2T_PSePH*tD(|26htZJNMZh8?^+!!OPBy2h^ z!mt6kmgpinHI}LBmMAQ*{%V@>CgTd-L~^*y>W#IXhltM!8?%-!Z6iTadBCR{CqE8~ zV+%>!oDMf`M$Sg?-5gedP3QBEkW;-{xT&bKpqC$*_t>|`EnhBV&P zeL-|x>X9A&+CKZh?B@KvLZ&yDk=)rYH0#Ok)~D15;ncV{9Y)t2viY|qBfrt7zBtb6 zL^`g~>Judo{#Ff3K@~Q<7U2cDG7C}f z;~HavF3YhGrU)}y_p3~;T{fRNGhw2tn|r3~K9$<6jX|@g8m@h8OAz$oL~HoSdA;wM zvMQx3Hg)CeZf`!x*~)ZD;T>5E47tOCSY8kY_Yp0n+$GE{KUgvv<1+7<_0QCA?sr@* z6c}u!Pg4Kt8lkXf%y~oio!c?Y%{sm$mXHZqrU-sFV=o)hnop1%WWVe7#zeFr_k*1I z7dR(PlDFVPfqp!~kk7G#$a)rTClqFbZcfyFa$5bzd;7^d8G0H5CF(gg`}5cop$oEu zg{9UT^((E$z4gs+B__P8LZge`(98Rh^m1BK%~|-(664c0ThPL4kHsHPu7R~`abJgs z%A5=R-*0D?@Bwo%fre!nm7_lRR)&^Z;ghL#-zg7LM?cN(HsMlpH?FK^JM8)!1h#dwzXFRlLn$Q*wmnotC&3^9mWgkRX@+ ziayN)@ymn+3PZjiV#Tc6=$Rg~;yrUwsX3lIM$KAv9rFcpk=OS#2@Z?;qz*&XZ~?aJ z;1hk53UJPpGD++z*mw!vf3VJhr}OS)FQsQTYl|pLj|s>ho{m~s968Ra?dpgxITMw} zuF*Yn`4*RL8;7gPf|@`mU0Lm8p)FggJ4bO5ee5I$2Umr=NtqIfziTX|f1@mZ-^an~KLMf?Yq$7cO2V_yDebM)*#}Gp3(RJn7tD@7_q~2fXL|G0Qp}4{p~Uk%`vE$W z90|hgiKWHB#}%XXWbCL{={)Dga94FBNA5U%`=1H@4`siFH)&n7zva*9skC)YBdXq( zdDovhA8um$qlO=Og^j(jt4~wg<-N3q)7^nr^X<|R(<~XM18n3jP=Pzq){GT~jPZt# z5|tY$&t|y@9J9`PTU2nSRwI(AlEQYnnIYKEeP1=A?@f0=_or*hfiv{qmAc_W5M%+j|}A=RUG1SB-te^fos_gmgt>(y^gFpZX*RHB}T|3olhY zb^SD9MD^`%dq>fXQD6r}j@|%S45vnbYc=K8C@&Q!^)B<2^xK&sYDs<%)enl?uTOc( z61q?f$_549e5Y+jGd05%WrKb02}k7;sw;AMW+k5p)T+91OnMoH)Aa7dy`W?=k4;pH z@TtJ9S0iXbANgB8Hr*UVHVuyX-M8|nXG-ehwoUKga#m~GqEZ6(s*l_4&7wa46{%1H ze@YvisvWr{%DmXpe(8g%y#$H07L>4XjGpE=r&MGnIVQLOU$;h$DwEO5HTn`mE2(8b z|76Ihm5IwX`vO0W(H>Wu*9L3F`I3@WGtsDGH#YyoaFJySZjw0H(_R8w=y`{h-$xxYiQhl{3RxcS||A)A{h@Yyyv}&$n9Nznhpi#*A^f;x9A4 z5y8$!Yc{sA^zPHE+{djd1J-g37-ss6H&F{TT_22BHyhJ+LYVAYFQ1h!W&P>%8ko6_ z7TA_oqb=`Hb_^=M*Ck)frl#hhlkc+20n*yb!b5k1d&hiSQp{i0Yu|U6@wj;33JTu} z33Py6V|)E*5^2V@=V5y>7;Y8>Y8VoaPvjbT{ycYp;b9~De)mIaj>ew;H^DMi?Nia* z{pVt%PYn8L2 z!-|=bsVn)}S4hu;q)$)rvKo8SE}W>?O*|eFR zky+}ULM8O$07CzbmkQ((jk2i1@x)Pyd|f@`_TKN!7eDe=K24lw)L1;DC?yqjw!8b< zZMvd5e{DF^K}CG@^mCUr(1#iehQ`ce`LR1ZMb8;t&6Yq2%`uk@g;-egx+fQi9LOax!zaHFNTtX_Y2M+ylJ#F+7?yJi!eS3^^>}I{#^PwZ){&EnFM^Dy)E?S$Vh$H zweQCzItqiSJM=MDdG`5Y->=va=H`Z9i2a}H0D-Ycfgl@*}n09zmI$^)AV`Mq=TEAJh|6)Wxi z&`}Jwjkdur=o6eDO$)X^$+bxQx*&cbaB(BR6?;Y22p^yIl(+$+iI&SG5=lNI?L)f) z<>SH+Q>x$E$~LHSQe<2l$u!U{Wa1MkU%N(GaLQlR>Kg6l9eIv>M&}u)J`XPm2W%%^ z>p7vG%K*+&1bROZYZJ7J#2@nM(ZjX&1t9jD+F%oF{ZMw~m z$Zx-XEecvil4rVyY5DP186eCXAD?$ng{`qjuA<}}T<;52#T zhIM+wFR+x8L2a@Ql=wdVZ;#H!+`&_mHI;{LGP!2y_Ah~N290wSSQL++T2bd6m%8-w znM35G?ytztPj9*o;=Ho@JGUSEP?^kU3XKZBq`&@hfTHkfvE)$06X%JG0zo`7;8P`| zbqlqoNqoz0*9tsj#1yqEju)R#@WrY$Y~|(M>%YYxm#{+s`jxE<3)9x-0 z%9NFXnW~wKQZ)J?HFnjcJ?;VaiG^+uXs5qYsr6((N{lDvw3@sT zn`DIe3Hgx|Pd9+K>MSg~>h2B)CGQgP9e4OZ17U-HbeQfFd7DA~@-R)sQ;(guTh}K^9N; zQoS)X+ga3U3aw7dwJOD>(=qz~gd8a1;cP8bHs$h(ZDDKmo1#l56xM25HiJ(5V_yd_ z(*$|n+i(X937VM1L2s%`$>$~a~ z2k&v*hW`Nc>l@p^XM<;`J+-c7^pY~J5{5*iDt|t%?jppTf)+!n=4QUV?fCp9{Yeb# zYln^}0d{MO!8X~A1{5}!np8xxq! zD$@D4>yrZl^)guP;`CEueZH_1^qd(nVjO!mwv{k1abL0Gba8hBczrH=Jz&Y7+r#U_ zw-fR8XBaz9k7r%nJ)Mw;>Mt+NX(|`~aymFn>^w+SbOV=YDn%1j9zPc!pP8l~uK%f5 z#rpE8x-^Gihfx{UZZ=_DH2ucOiU}icFEY5fCWhE(>IGsFBFYwQd zs7GV$-OU4vR#O{9Z&#kaO&Qz7yJUG%gNg3KX1uEErL2juwkn@?TS)R|L9I;vc#0Cm zm8CHVD%Ds#x1S?iDR7rK)hd2z3#LemSgT5xNzvC~yS?hi*) z1fx;0CPnzTE9`_KiukMhYX>2l!ou1@>|FJ+T^|v-g%A34)xLg~kzI|j zbNzl^(?%n6Pp0@8gumBg{eju~Ta*5^2qNL2GpSQ9eOX_ugd@01di1i6dpS&-F zF{RziF<9c2wBPGxm1%a~F4wP=iN`C~rBp7R4ePaa;MLUp0P46ffOzH-!uGJ9qNkcY zmet@b`$eiR=#@fj177b&G+#ZM`{kq5?T6DV=XcFSUM3@nmh10xFr~V7)aGlcEs#sw z5oFsIs}k7`_V(8(i`<~rE14;L4QEYOu31GmZ##S>L6Wa~8I+iWZwjV!#i%2Wmzi4V ziprhR)2|<18OqT)!(&1&2k(Ax8Kx(2$7(2z`NmFn4BfHfECO@t?Q4q~GQKl~Q_tRa zy4RiVj@v0g^_uccfjOHrwAE5XJntA%v(UPn7^;-YuSE|cQ0@mOpY{n-I8*(Irq3PK zK`2;!Z-h#n|3YP-=g3>tOCd3O)_U5`!JlEsTCC9PYJC!=yO^(w-hQe1ts9R^aaM^= zRuQy6+S-EXPm}Ys3qxr;MwB*Y&-Yypvre|6K=~9?>c)2oYn1O9PSt2737H5xDIsG24?iX ztD^U@yq>@L^|876_N$S*kA3+UHJ+c%E_=Vre{pVAY_|87xzv0()1BD*t^JGVaxU~{ z0v}RT>%6*1R~Zg`BfDgic(KUj>+vn= z=Am)UZ@H0{Z!|alV30kM~018w#yL%%B%cB z8r!uj^i)zT8hg6$>%8Kak>IOquSSX zeV(5z7tH+BTfD0HAjf&buf(yni^+SAwb(yV+5l%`KEJ8x+qtE@wLo#dwTf}rdk4!f zkY?eSmZM_7GXF$Nr||tH$m@iY8&sZb5_5h_vo4yXS{lMrpJiHeuqt7(X#QJ zINdl?ImcvE>EoUZ8_^xoXFrV52cyBj2>88Dvj?qu=%{qPmUsxgu0I^xjCseCc)TOT z=36<-m$pQXna;oxrO&D4X^b^tezO%Ft?fyWh`v5u_Aued?yC`dh=g_Ut5O)0;&!ex z<6r1!Tm9S)*_N0XOR?(uS!ECR z(=V1od+HlBb}$b;1V7y?c`l*f+xR4JH`;VCzh)|_!Oi;rx?r!=dob?1t(<^-M(hNIg5Wd+mS|dvJx+_|8PKkP@+bbf0<_YOeNNBY4#C= zQUIFD`{K*brtIQBBrM#Xg;8yr!(WELx!O)`7A~nuW*D>QGcZWaNL`JJLTgQ@=Bp}1 zXDu+4N0QdElf|DPPltG?2^BcA(##g~-J{@9C3+PO9~jSkir|*BR};C);BEP+V4#Vl zzV?`}nm#x;kzQ$idc!FPismQFw0PoRfmpQ#PuT6jLVgGf7uUSx@qAxDe}_U{fx-P) z{j>fY@!V^^7EcFEhhT!=RTdsM+l7QOWyGpyH{B}oxrdbbA8^*g7+6ShhM2#%Cvr?DeJ zVLAn8f^WnoyIm#Fyrst{#F}*3e6ij8O#6M3WglPrVO*#!fdqZh`N=a;F>x*5KhdP0 zr^W~-2R%_CPKq|gnbRuVN~LNL`Qnonk^(lhyL~GlF?8R3+Etm%{9~|b(;cyg%2KzQ zSj2sPa>ohD?Lrv0<$r=EPKZ0KCI+3m$We~DuH5t$`nlhCSrwx6@&WLqtv%}9?xT-y zi)~(vs0>>3H9MBumW&$(!3QiiBh~}!UZ{gt)sCM}>=R-`$-)b`esV<(()Er#-8V6R zE_WAu-}&6!fpPM&*!pD&gBxax$0Y1mpEPMxRT+$0<^qr6M-@80Z>MM-P6rSkq7jDX({V-u=Yom$S{6RPt z)pv3{5w)(lXPm5(Lk>C_QFXtpU@ERbUoTuT{jGy`ZBWVQsD!b{GU);C-#^%XV}Siw zvOQ>2*^Otb``MggB#y|~EHu+K^{Ix}+}gB+L`PKK(0Ju$>L6M)PwBU!uT{3>6mx<3 z7V~9IBHZ@tn)5k3`~44l7+>|siIX>+!1V5mh#Ormc9vNUo^i#;B<8q2g0XZ;kACIs zGn2{5*S_Mo7tSosS8-ymNB^=yr9mw7l_y*!5bF{lB1~*C8T;abvV3BH(dITMv3-4= zw|3#mVx5$ibBSJO1Fdzq*Zq{%Fq5CuFNoYUv1y|8XST^AcS#jJOnpzWnl zi{|3^8pW~6v##kB%PqG&BKDZ8+wATag{H?Qjxq7m!dQyKu7iqu(^1jkOI34D2>RiD z1sQmpV(&9kT}}_KQ+)F=Ypm7vI)n38eo;K(Es?E1L_j=qi7)W+`HRpS~(FPKJ>xkd5o5|k3| zjIPhiOG3%cgYJF(sxX{n>Evd!tx_yETO9Zv*)b7XYl&r+%{+-|b+;e8n^LjzT~qdv zYQjrbdv(jsEGS**?MaJ0o^p;*524^&aX!>|H9l>EXQ>LuZ)4q(*0*t;1n1&9=MJZ@tUW? zWluNPzlIzBH^~1x95k&FVNOLxCJ)>t)1l!qPmqzhU|k(aL{G0H4Ef&$$@stb{Y#K2 zMKUtH;}r*@$8VB60;Kl6rxAU!WMqcGd~MzT9r4#a2mCQ282)cFw+SdD7K%Y(L3kn< z1A-$FBoGDzg@C{?BpggY!l7U|=BPpoyk2%G9pE_u@K_z<>A!UN4#5yO^6#1C(7(DX z8x!5V9X*Hy4OhI!wJTnZZmw!>e;F3gTp0p~!l6hI&~+K;w@kueK^O>>1VX^^1S|}L z0AtYDqY|1sq}1gBgs1)?v7H-#5CVvY3IFc@498#)SS%C|!az~L40jR+20|kdL=XfF zLE|wL5v=)lp2KtRVF)Y|io$|HU?QFX%)JLgKxh;a5HE%R zMqm*DEE0ZH`MjjQZsQ2B?EHfV{PqtX*uPm69EKwjVR$GAj6;)v6##f52uH$!K^O!9 z0VW}FL<|vjRG#jM$BQBWOAT-wwkSbb@fT4g7qS0_T8gf*LG3PeP75-NX|77zg&z}RXGl0XC~9u9(ov1kyE z049QvC_EenBjO-%%#ke$iz|6w3Gk@>!=iYi|KI`t8592IA;C!m0ul)W0VhPD<2nHk z!eIzNEC8d?NHiQtK!Sme>p=E7LdRjQX1g zjs*-FM}&c}Z~z5PK%zkyJQNTT6a&TqnuHLE_@nYnvs-zFCG{X@HjXM1-KoQh(uukZ64j@0_AEA8UTIi{X<_aOves;9OVB-fWtgk z7#{F0Fd76vAVF{<916rrJP8DY6*mt@fOq&m2!G4M zhb0CfB5@=<5(+|~NdONPg#%%*C=#GS43Pkb5;15z^r#X`*EKm?_g^)r8UF_l_}?^$ zBVoa40vHB@AxID)LP9aWb~}K8kQgWik0t>APdKuL??EFp|9b=oeEbK`ZxQmad@yhl z5(5F_Ktu!y@hisx`T|1{K#l{nMuGtwF~ETJWk-tu+sdXd6#!lJ{6k;Wi+}L^Bd7cw z0Z0fu3Q!UfgvJvA3x{B^K!hYF|0Ec~$j;Mgb*d)#mO zI-Eg}Bshuyg+f6v7#;=a3rHR~JRl!59*qTj4u`}+iAUwR{xkZ59Uz-8z;W2)B9#8% zf&Ce=|J~!jSO@}#M?pYDC>~fL2m$IR^k4suh7jR66cosON7kV57LP0LKZJ)R7U1yj zgoh;tRBJ$aLIQ&b5HOHQP&gnK5MaNu3kpkulJF=v{>T>oQy{e$N>3qQ;Q z$Kb$76dKSM27rPC1`PrX9t8qp;CM6|jld9&ZsF+DPZ$4tjdWt=51!v@fWtfx0u-no zfpw*52n@)%U>r~b05t(%L}&z%;s8?u!~#Ja3q5j7_>src`1j5bk=`M_X0>Z#-1gz~c`xQQ*6ajf^aKof3HUe*nmK BMCJeh literal 0 HcmV?d00001 diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/valid-Net-4.0.0.zip b/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/valid-Net-4.0.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..8361105917044c7b7ec683d107ff6058705a1ff7 GIT binary patch literal 68110 zcmagEV~i+3x2D^+ZQHhObGL2Vwr$(CZQHiF+kN+Uax-(!N$yM~t5Q{|ygydz&C04g z3evzJPyqiK{^kzq|F!skCujg10DEf#3tMLscV{PhRTW48V1X5N6M|KB6Bl=A06>s; zKmY&`lz-P1{+o!D*C`_a#lPc!f$-l&oNNrNt^b$Of7Jem(nUHGp*{oEoLG$vO8&2` zSTY;M<;S-biRVKis<{$dTtB53(w37eR?;JoGu~L})}cH|{2YdAkWCOhkCrip1*Sn~ zds))JG}-1Y-RKjo5mV5zcR1Pad?6+Ugr8r$wyAL^dluJ8sxgLIjrJyI$$dZq1G%E! zLd=(RzUp~k8MOW=36Tx94JrXZ*Jy}u)Ur}p)rjKnABOVA9sIwd>VDj$NzfTtq3UZl zNVrrl`cL-6)tJLY1CSFDg-9UYzH_dKzCWux&cJjGLEVzYZyp0Q{R$|q4Y>Chwj z=Y;0Qj3%=%&*;yvKP1GCDhIt6r}{s2n8$flpuWy;D5erz?-Kh=L$V6epMt(odGMHrpV4xjLeN&w23F`8sdxVWWka<^XP z0U+_pP)_QK{I#6O<{li@>V#BvONP=&XAF%}=i8=#f&d33icuH(%_^Kkvl)o;PA|}QN zXOLqAhoYX^zn_r|!RU&scG2C^S}5~1YaKg^<7#kxZB^l0kH3&g_Dj=&!_BI@Qi1{q zevjPofNktjk2c#Nn3{da*^c_aRnxqlbuBF==f$V2I2|Y=Ax7*E4x%3s&@Kxf>Ctpz zs}%Uz2_Wd!-j*OMx^1GfjsaOOobWDH0}(gDq_8x1=#0RK`^fKpRwRC<5t^^3{N6Zo zKJ9S5sy3<;LRat2HIQ)FoQl?Tnx=I081rg|wP`DBEN{V&|E70k3V{3;J{|N zCHh6ypP(2l;Y8glHO`ZUoR(Zcky4f_{u*H=Y6S(M`Cwmh1%{|QJ5OQ|oXG42tN1I^ zwCi>gS549cn9hzpr|37ZcgyFEE0@wDl=V&&We$59TJ*5m+SMXH8s-(77izPy8S=xv zP@ss%B(7XjakRQLhj2B#K#HbB%ss_L*MfbS9pIBw&iH@Oun_2FokN`Ze zx+tx2dy>PDu3h82?|IIKm#IOI%isFMH%|mk;m{tTJ{L-6kB`|n6LEM=B%dP)%9+RZ zCX55@`~|#N_x@ly%a*~z{LO&fFd#yc*ViNmVFWUW_8!)G^HzRDI@}dURW94)rLK=v zdIHzQ^g(49hNbMu$K|;mA`n*^k2hYeR%xB&LF5z*V|@6>h|lID)~1qGf90_@P+}HW;`E18E;z}p3&h}pDV`DJsq}Nia0%fg zq`JYhnvv+vEjL$Hrx%)@JnyYMQyTS4i6@V>o$G60Ur>?xpTC8Xk&$;Pw=2hyr;F%f zRdke)Bb%ur!(5)x>KcKP{3-r^qI9FQTk%JyIJm`|>v>K(@^$ijN%u~tG`Op~w7A5} z)yCD#U%0??4cCM@#-(Z5RysrkSc~MOTBQOBy6H%@)5#c?=TF-}r|dI2`5H5ssmP_2 zu=v8{ATn1egGBf%)|73!dahGrk_pz?m_#}EJd47QwrN}`L2?{1V7cyRi9SMQ-*lQ8 zI(6mYfY@`24` z@C5Bu+R7HkpF#^)V`7LAkX|Dzxky*gTyh9wES7yR=LH^pq+tP!^>ApVN9OCHQ+O0A z@Q>Tq0if~Q)N-x)r%qEb;XjP;aey4-#o4*F&NC8IQ7sdXjXj{C_$8xmSWghI_I)av zAe$ zNq^c&Y#Ytxx%B|kenk6cQ!=v2-3^ML#2=47zD`4oKXG;s9I{e;rvqBSR|m?n*L1vv zry91GLWIJdfH3-$PUDic-I{e{Pmp8{1X<^IK88*0NLy!ku3&_gMP?TWTIbi2H4zhW zTvSSH{GacoPXt&g@+{|@hI#FUT9m&X1$SOsrs8w1~WH} zk4?kNBP1ctwP^FK`=GVPPJ+BWsZb{?e+UwZ(j$?xW;OI}K(udaFQu14K&PCv{Rn|@ z&xpO~V$x3ektm;|2Qhko;MLvW$eN(NNb<&EFQ~c-Y1H2HY>xRE3W(AV+b`u3#Y2{@ zGgHJ%V9?+J{&+b#kVr!cZ=NW7a^p<=!Bw{Hqr*1N&YO65&sY)>3Ak^Qj7)z7n8-HJ zCnB*q&(DG$12v>(*U?CMn^822{Y?SyRH?ohlV2LN(@7uzQKXTn?SD@0uNf8Zeo`kJ z2Iu7yRF7^X>*$D#L{RcmC-y-Bf6f*DiB*e}q=qxKdg?q?-g>5p21SM4Z*savGx6Sf z9&aWjf%yUn@z1HUbef;Ez&3a0BcKmDbKG_R1T8HgpFfjD1nawZ4G zcXYGxX7y_4UH~sQP#*7G5USLo5krvi8QUP4aGzjh2LIgiFL9%6ZYw-N<#r)=j~(%i1C&-rqs4Qhn zT3p_XKpac-d*Qe5V&W^TyAYF)Cu6*EckNNT0kbKaI{sBJ;==kHp$9)s`=8isQ@EUIs(t2nvHpI{7_fF8rm5QELlzUMI zCq5_Ol9T;ZY~1qvH0UKOI}mg9mQ2Fw&A^!`$chb?XXfDkk_3qzR<%y?vdp~4`6`d& zdJ>p4;^ObguDYx@bq28KUZ(i#V_TS=vOV)y58tSPD7ll|y+(h^+3E0HXP3GdP#pYP zoBsGf88N9jb4t;jGJapNf3lTuOC^q8qlQQb(fdLbhg*xsY3CR^#?+moP;RSQ!HWh< z&d4R9RE>c`BqU-z(v?{#y-S}&VlwCK=Jp7=Vx^X8)xTfO)cxb{CpLqfje*^CFn4cuou*r^~y$%OY>Gk%%-8_maYf7PPB=Z9D*t~n7z$=zB(Ey8 z*>2;F+7lu|c`MpLti(JshGeyoy2d#SMum8+b2pNUY3n7yod&bMMH~)GyEU3!M8w2_ z?Kcc)3qZQ3wgw6v8(?Fg&;l;d*1_0=z$zcA1_FE*oF%2lEFVe&?KjZopoNx%qD^p3 zO&z6iW9#-npTvQw-Wfim9NFX@iN<#97&67R$7cQZYOA`5?Vm61Ku0C?dAw+mVw*=q z_XuoxDSUf$*THTm`Xmr}CsH1&;BBz>fBBS+gP>DSBp!)pP(!Ax3*1q3v6z(G-sYtqUkuRcN}=Q(7U zhm4Il=~!gq2C{%WKJ!+sQ?ZyBrr?)skceAlYgjztEiy{Gtk-#3LGVn2+ctXASOfIc zFiT;Sz~+p&ohQWNvT`*utVMRW7_8Wf4i41c=^FO}qSc11bNSKx*PifpuT{emrmdO8 z5I?V8a0`a{RjwVQRhtCLGiis{OOVAd@1G0yjm zRg4b;iOB|#=n#Ebl8&!?E>9%Fcf&uQ^Y{uysMIJ(s2blL{M-V|T^s3+c@?(q!0|S; zfW#BK_&?TTjEfN7*3ztMuSqza$4- zGqMEu!g9hX&SqHt1lV;t(QkKZoc@mSzKYdzN<`7NHe;7Z?PAp{O*C2YR3R9BTlkdF zRng;GI+6>+Nt!%lRu;ju8!$JP9H?JemG32I;vQhj*k^7rs8a>ll^`n2?1=eVA@wPOXj)t%Jjx5 zl?v$60la!kZwYrSUA2fp*D-a-J4_4DIQ`$u;SIJ-8T%N_725FqBH1x3h+X)CxA@k1 zEwWAl4Z7xRNtFePoncH**(%aAGT!c*2#zKr2Pze^hDB23xxVxxF+cCq8(N<28cFyT zmNhXCjiwkF=ic-*b)Q#+H?UUH{03Bbl3mRzSs|wFSPiiWZscYtW;4w$OZcM-Xgdz< z7FTCh3az@JoD@P}Nfy@?{NTC>$1_^;e+QMUR}<#qoRZN+9~FSnEchT(wo0iE4e4)s zoaV?L(nfKJ$l^T4q8FcyodqgK)X?4~Xuce_Dp zp4DvXx=pwGO_r3q8E+kf4j_L6F)SbX%fh1OJbj4z?CZdl(Es%M zK`F6DBrQ4X=?=gzb?Bmx#0KjtD@+E4Yr)h~_4bp&!&;|GNM)n%{^7WF!OjV+sRoaD zoa9gww_13epk(~sW^(|dD+uRbJ!QguJ`Vgu9DtW;z?WA2l2e4qYMK<*v+Qei(H3=7 z)EdYMMR-$EyDIRlmrRaBFW#ejg7qovF|TnoryOJ$+2wwRqWMs3*z2dwykrSBr~mQ( z#6X)3RqZ=xdU%ag05F=v^TCtoo1)Y;RQ12o$OXC64Z66;p%@h_fTLj`O2SiUnA12S zpSlOd#JdOCc+aE82*IHpB3hUb|AY*Q_^u)I%c!WR(|OYFRiZuMl-m7fMs$KGkV6zB z_uoRFYjxwj{~$4$%00N4(N=IV00m9F<{XB&Ozy6puEkjYl=vu}8LN4lPoNMt1vzYv zO%V(X`B0)lRWfQt>ef4S_z5%uiE9TrnTd0eqH60#VNZbI_-!bQI*muBawzfJmJlEf zn5G4|nZgpWy&P!|xdme0NaJ2)a?)$I> zjSGr`rx2Fjcait34Oq`7dZ;rR@LI>7$tzI-JgF7^u87JMFb$%y5qTL^yvPR`7rVMX zle3yZ@VqX-P~H(|Pu1ab2wlV{Ez}ScoLy>^e%i|7K0Kt#3;}9U*gO%3<|X#P{HldtY`>I}rofNOJ^nJGG=w1|22m#`JXb2gx0pkXH0@?_a$5>lSRE zH^dyN4lC`4A?a64FwG(M?J?y#_HckI;>mEvW^1{3I11b*$g^?NP@ea8K@yuN z)KRLPU8T@LM1`kpt>a!3nRqVQJ5g2l=rZYf}zb?lIIBu@H4O*p;(C2Q#!J}Xm zCQ^Tm7tf#4$kRH=gDk9+stVpeTG5IAouGU{rAPVJ?(8u9W6!}yo29Tj;~2?A-XB2(=6vySO4O+( zD9|=$MH3JFbQLp}2kd*7dPC8GEbGuHtlR7HcTG zvI2EDbr0dko~yv+EO<^EYLVQ0?@>IT$+6_RAR?+rkhQ{#e2;+)=T5Gjez2wh%QJ6+ zTP0>K*c3K=!qeYiZQk(W8@CiBfxb-k6uDf~M`4vaRp7b=>l(2VDg|q<+crH``pM)h8Fqi9 zZO(VNiUqf8H9e1dz`FuJw4Q($Z)J0&3v$1-WyR${QjkGW!qTZN0>hLP6bVQ=m1P{H zR(Z&_#c)lF%Gn_XD<`z<5mmU>W87s!W7e?Fl)8K{WIZ{M$;p@a!RJzlM=yoJpcc)Y z-(|C=5Ry{FN|u&pBx`=rUERAq0?eC`G3I*+SdYDsZrin%EQO>VQ>)+U_J!CsYUyRc zN!n{7hQnJ4Vcn4VJJKFXeb|mC&~HHAY^tv}S*Q5pCHi-0&|95RNc<-;J6YbcKwP`l z!-REuWCMXAt|0A(4_=!w4jjMLm93*H?K!l*iZrl>hm0PTK>nwD7;R4?ysKx0UnF)j zV7sd@$C3Oy1vIaet|yCADJ||AuRLD~2t0Zv4Z$W+G^pz)Q{cJ4SKcC@&ImLh#Hh*l zpSagE$Zz2@>#keIdfswk)(#8{wQPvTqIomoRfCRc3Jb|>*w7PAa~1cY+x^H(^+$r2 zAcv!f)~TR4Iw~@QcKqu?o(Mf4Y3fSaJ;d-<=i;D=#66sHN(mDV(Y^bO6ORUa0;?*e zAf(i1XmvhS6nUSCw~~6*Wiw&;7mf4rl5`fRv^hVpb;}tAEShwjefnQ6zhi0cD(ti$ z;eL<#e9qS;uNHBnV zDczIi<$YHXM%>luxby_qe(tmQ{*zuu2B0L0j~N<^R_2eSW`ENzL|6&F$<*IXU39g) z@noZL)$OVqV5zp6S%s^|k!+CnBk5`irWKdmL2&)KwWM}84K6~F9$?8CyjvVm!nzEH zhYVjQ(jPW}*5qdOp<~l_lnOaJ5>khPY+HL%P1H-#%u{Pe-*5p^OCo916ztu9ZKVBk z2aZ&@EI~l%cKf#tak}Woe!4n6RC~?)i!HTK6J6t5D;B9kaps3K6Lx$!A5&AfVo}Gf z@TR`Va`Q4Ev~JSYAsme;k_;SNXYSCn$#_ZHM!epQz@ zOKq*&QJpVz#2t5)gQjjwlzb}|irt#5&f3xs0H|hsQk`fe2A3nZV<7Z(^rK}$o|;R8 z{e<|+fzu2^8UPbM^@l8B+lc2LJ|wuG0~{pfdRn*xa51qA4uJ>e%+AHKdM$DCE#MJXWTqdavdzp-V5QtmY!MULN!iF+moG zn|L?@Ufo1!jOn`5P_34OeIgHYH_-Axf!jLGEb1&hoEw!4avFd*ooEN$KtURi520KS zdMr1idHoVwJk=_(7En&W7@aeU|<+P+>99X|2(^=EG*Sak6zVfQ|b25bIHD@S-V`AZoh6 z*lo-_YOaOe0@-gtI1m>o7*iWFC@U2NnoqJC>uQ2vmNSK>gwZI~$Gwm-yk|#uR9o5p zcA7BRvH&1^g;}m_dqD@?grAea8+=$05;Z7kbkZ%D@8SJSUn^Sd#Lk?q2Y8NbT`837 zz<@7eKBo!@%{!^a>ZSDw{0nIA#ldZGdgkB463hr-{yfNX+s(j>IJ@Q1S6CgQ(FwBV z>Ad|mBi2hW4b*V}qm*Uf~fZgZJ z$pzuxY$|c!SzPh0Fu4@*sv8?$N-qOraq8w|Hxdh^&-q)T0Y#mTWMFZ3aN-`lEX;CH z9_J-p7`(&6?O-Yb76xpfP*l=)bi3nd3}bg$pU8)ncWv+rZLT=r_qJQ2GyTqrj5K4H z!-|zCM&sa^%0<&x-&OnVB|S(!H;Ao=TeAskzQZI5RAQGU77)V%M6h7Xuq!^c2*OTmSmyu^R3}(+#VZgTAn2#8y_))?120zi!&8fP=c?#S9?AD4kQ3HR+EMwBoV-No z__K5S{L9;XA~06{7^u=Z{2wot!k~|W=^ctGm*!<(okqtah=w@Nwf3RBt(d2!jI!Sn z!wvm~b~fb%lO_QZvMC8*?Ux%*^3f-g$QwKc^I^F?}Rc@aalb_qf{O* zmx!Ejo?PAt##jK9x>lGB)y;V@c$!0eB!m`IvES?UgLTd@^QX+Is!Rld_B4IEng&IG zB)z(W`PweQVPB!<1qj^(@8LMN)6x>sPFEO3tLIHMg=0o;!Lb*B%YiOhN6;Xf`s-($ zo@oq9rwlo4Iq^+SK81F!`u z<2K?^hwdBg6mCJ5&n386m>B~wlHy93hzLj6)BF=$0{5=0Ub+rRylQh@Fl6tJzlF65M zL7>|#KZpZ3OuBMA(udnzoth0I3+S;K24bG!zD!spPZq8CAfQrL+>&< zP*MOHfyur=JR8)i=DMt>enM6;2{zpKCXD6cnM|UtH zz>2st9D|oNFN-~;YwWW?uz)pnqMr|Sp+p$I%+;%=8ZiwyW=Gg#OQ^C-3HRta^|D-f zV3LpNwCJpwqOYlC_J$g30{gaWOsdlI(%Zzg&jJF6i7u!yUHPo1-zq&CtcR<+38%MQ zF$ffDY>0a6J<9qN6zd19KH>Ee8(B_!H938g#L!zwe;cL^-4j<)=1b`&!^GvUt0b^W z{eBoej}*m=pGtO3V1EdM*JRdw{wXYfn0rJAa_d40eGbe)sTdjSTa4f)F$FG- z>j02y)Gw@LmI{JaxzJm&>xYyBtbN__H~r>01ZDJuNGpxC1$&bvEV}SytZWt{B&>|9 z4FbVp_h$>^CccHws#V1Vfa`HjpjGzR^ySfZMD=pT>{49+Pxk zTuv8lLdiLv8H4-;zAq3m%mc^t9=(T=ip8*CEbyE{pLJ>j`Zpk>5Axt%b-GkIHXBty zdfYFNgNBaO;wcqe>ku(ht&sC&P2fo2;~nHzZkb1^p0~=b2je}K-zT__A6cf!D8g!* zZoJA{m@1B`FLq*cnH#?H6X_;jWfBvL9{OPzJarEOmIjGqS@)7i`DKEn56W+v&eM)UYj-K&mRA%wMJ!ALnfeo!!&|>k1XB ze3u`pPZFmiaV2;G)vAxh2wIrHr!jEMHv2u0Wj40 z%5F`wuKR0t5}YB`8|Nw5e1+@MB0z)~;ctTcAOJ;#?R_ZXrugj;15G;9^JwHWYsRG~ z`t_uJu?ZZao5uYo`*?K_$7Ie%*=PSH%Rtr-8X5~>)DaEjk`Oz6qIQTKLCFJEeGZ}SFqa(+|?(kTe0ntS3;zF?6ge+AQdc5 zcv|QYu}qU8Q>8N!<=8U~m0Ff5V?dz^2b1Q*VzrDXADC0;sD z%C=;n%mQ;;gqAQn`k=s|PTT)J64Shk1pmux(+m5`VLBw7d`#+eSz)>D#jNlJakl+U zDr{!3a@^DU6a|N$KHzL+k;T#E&)~CZdeYzUj%TudDoG`Izk30r;pkO+U$Ri^DiL!< zn^uhCd5g?8$F>NV{ai9_gyf&~2v99{xnMf3!IxM<9nE3-r!IO-FI!#~@$>>4p%sTN zfQ56tG;e%gNW%XRg%AJ%|8T@N z`f9_me>w)$1DuGDj z9!=c#f?0o#D!_UQ?D%^J3AQJ;u>-_FkF{G&n~vG-!C+qWc$T3?FeK!hSg3Z67YD}+ zOjO#5V9Oo{`ChH$R5G8OKiWDd&1Gd?gF)S!?6M6YvkxaZ_TYhk8@8$?@IWi_LeogL zipPdrRTIteb&d#(8i;Hf;nL1q^4a?gU*!LLCIAP1!J&Zw0Nh{!0AT-R!p6YX!qmjc z`Tv@Y8}%vMEe3?{GisQeCN{|j!uQM%mHe>Qwn7F9%N2^1Dx#ZZh_5?RT+vo!lzKot zm^TuKRPLrJ-17%V_6(60+ex6BsM93$zSr05JO#PC+TXsjoNH=^@Is5;82ghNT8lQGKRl+lLA^I^O??ez#*Z}C z+OC-XZkzB;qk8jIFSNI|&4)B-lwrGNhZ+gzSLxa4b&h$?hmZPf9o(L+hw&%XU-gYO z-n|L*!!*1Lb`_9gm9KUdf|r11!*Y048FM$jnyasHm%5&Gt}vp_mMoe)*{%|snzgQ~ zzBDYYUFD-AI&|W<8%lu65=bvj*R=HhgL9i?VJy0DuRVlH8(BtWAGFyjfLdBV5PG~T6TRJWj-V>t>Lu`}(K zV-Eez>AK~`PXl6LIml`66-ii8o`UDF%2;#!yw4Z zCIE!i6qP2$l!Mzr7B~mN<&Ik+Y8v3@)7FAljVBSSD(^@P`+lzg0KZ;8eH((hc8eQy z_5hVay=d9I;^d^|zw#0|qYoos}OUM>bnnbc&x{;-xg!c!O`h>mpO z!~(hon+RPf{Zda^nHYozeP`-VVQZCdHj=^p3T48$o^j0#T*h7`^IVR~zulnI(t5_$)xWCB3CM)aDm}^$}ST!mpWm3z^Q+P(Zlf2#c8Oc6|qNrlx%m_47;^F~bnzYfufjyI=S* zWVy@gkFIBfmA+ksY&&{#)R;W}dv%+0qfz$VM6){!v8@Eo_2(7Wx5x4NYlIOf9*hSO z#@ESqC}2YHa-PSE?!{maVTuhzZ+(}$CdBZDxg3xcOw~PFTVBHZ*SI9St}lW!#c?}J z!ZxxNT_8)(si!k$25(zF&%Q{!RYz5=-3rV4=RpeFnR)Yk$k5AZUcU4=-VGF*qzB3B zV13aIUy`c(s;I$rOmv%`LD>dOL=4wK`l_wlJ}WCmSy>MHGbth#)D$rWpxTpQ~AvyZvbHlsXN<{35bF^5yO<4WP^ehl`mu+=uvPOu>v4AkMygF6g!pTC)6_&WfzzeqKrgKLLr&nk3C4 z9@TgG=)70!-MIoD{s(0Qm6YM#-1*UH8d(fYJR9k{co;|4*)1E} z)o`oPw+zPfHdSDumdOGXS`qjOP$E0f%$6q0(JW*MKLgejMaDB;8oZBYylf&x|E)Ov zc0-|D7ePB1+$SJ#IYAwnP?&SDD(>}M6{`F7lS#(E6@SN4W+`TALMPogNOg`CVd?Gr zpp}k=z`7H%sK|iRlpI=%#dO15na{{wrv)#6_iLa2s7WLpVP9|X4cWQ`C|ji4dM$bE zMNCX(>9|e^sKSqUx7}2b)Uq-$5V}fl#_5rvEEDr@9 zahzX#k%i5m9^NJmVzuWMAJ!qr%C=?LTZ}DpyhxS>Hl=Q9fsy5C~j-~ z%=jk^Pnj5Lc*~BZ*F73)9(#9toXn=Eziy(eF5jpE)3MB^6 z=^($Q7AzNg%KQ4b1@y9hhF-{95}NTUf2XAARl!(UX|iMxi4kSf@Q=3BoO$4f6M68P z;^z?Mji#J@$S`K!1aMU&#~RR4KRC53x*pUg_Es&1c-kotDHwET+8dBv zuHlmv24L_37UT9Rf-By$C2SoD#;XsdGNhQLqR7UQD=twDbuFT;~it#a?_ zQyqYzkL*I$3S(uf94=wRK1aiV?gD?ZnEK%rBtkqlq{fTEwbKglt?M2cMM&uaX=vjv zZ@7)gz1=7pzP70`sr389Icl@c1rj9xdN8H(G8>UHR7H(r#3>1dAL9-6{BBf~h2EJP z|9B%{siZURVd7aM#x!0&8~+ZVfyfWEK=M-z4fu0Y?LRC0IDdsiw~tkhsc!oxxMb9G zo8y8(iJ?wqs&#qs2zBd+>nlB>;hBZ2w{7vZLAf20Ztpfw2lHbxFlM!(QF@r6UDXl@ zR``+ge;)udIYT3Y`?ycKxf22@szxW|-3y1hAh3C*78vupe{NzR^;~4i8^{xd6~u;k z`YAX)oGr4{(I$#1QT>{?KdiS3c)WUE!wk>9TIhNd4`JjsJ#zZv--Wex~Wt2s`KEIAkZw zYnPE=6Lah$bbLFin06jp8Vv0d*B^Z|dEPGBu|QT_x^I&upmR0JgwTlbdJ;2@*ojQM zNoLXY%^g?6&;BF~2S-lYbNi*Ti(0tN)Heowby1-CzTIUTs?Yi>9u|}UP1zEZgDDo@54d{)N_ya~=pGKnE32a7rHsPVYDrf^;j}Mp`EvU2bA#iGOSo za=ZncOay6ARTvUd@C-Fz{#VBTdklOXB9aR6@+~p1ewh9_#kZu^wjy9F*x$PZo#*5< zOr`?acNgE)SYK%LNrnDGfc|mTV;Zv;Xe7cz1N9nHB5DFgxUXMJ)$)-m6!g}V05Iuq zcE#Fk!s6Hc67)P`meW~OEi$TCfB@=bZa(u_201mZkfQnH9OO{jC5GnmNY)s!@Bw?( z(p;~l4?)~uJ!0zVd4C3a3f+29Z83M>X|qtph2WD7lmcfruN)=4^cyw3V>hekmMLd6 z2|?g!lQev6qjr&*T0MM=)?m7Qs-8_XG3a!It^xV8{o8z7be=%S_XAlx)oy|GL+i{{ z;`LuJVP&n6P1PfkV9y|HQ=ZvRLtgb+TT68#S1TgkRBN1QO*VYSeMi6`;K}xlS-xuy z-9@aA{%vD5@sRhBf#O(tM(d-DYHXQa7Oiwt@A~27CI;)Xw!a2X#r+tkU%q@VX}B>q zRfdy)imBM>1fiJg1v*@mvdsrQ;;`*0;v1~pYc`l@sdM@ZeULtnJRgX)~4S)jcmPA!z<9~WWaWc74#n8Zm zKHMlW2)Fp;BF|g0_c}94JC^7Y-#gfZloLO7j5J>Rh)q5g^}>m z9z19FLeJ3&!^qnQug#tiNY|pKje^^kB!b;rPcFBUX#t$Nhg*Voj>T2kyeBiI1irH` zqmKr}R^08IH>*APqPq^ZO*r5ag@^`kv3SM@wHFHDL)6<7l*~(gIVpvkgt5O<*d^R8 zKAnLjF3#X!83N4fg#}rHR&>gPWAGE$v={u9nuRxR^MV7{R!!!1<1+*l4?Hf4aM6*j zz^@8%{^b!Abd44RMkPRVs(9BpQ7it+2e#v73GJ^MU6S#okceT`xvez4Fh>vr=q*=54NTS)=nDKQh9< zB4Q9o(+^72tA@Qtwfb(j>FmN|kg?iDHGhjwetW7^d0>Ua#3th}&9bsD1k#Y*I~K1) zxEOPA7v-z%TV43~g526#fG07#=XQI3 zA)v*PnnD9GxtscNl<%*BTcv%|LgvehX4IZ20w6KB%>j*KAhK zL_&!g(WQ*%NhC0chXS;t|IH&o7S)%`kh#Al5_4S-h0IN9)G(Svu)o8E#&vKRT@@pN zYCJw>Ht*r!_|KoyP}k+-4=E}o`dnBpU>XA@2Z{YwNKsxRktc9ezK~00oyb>O*!W{e z560ZrI(n_@2&B&W@6gEGFxGw$W@jY(L{H0f3_MB>zYv*<=H9Nd7G*1S`S zZ^Is2m6sY0%*-Ddf?Dlh>3g(mRO0Hprsp5({B|KCrO~uZ%+38lI3uth4+N&(pltXW z6t4hzUUb&+G_LPCkYhh@fl2-t<1Yi=WFx0Yky1y^vO)>Xw4$JPd&cT-R+PV0GLl}! znmv9#44I2&k}e7(Q{MU{InZ9O6B=$=3t3uro$#@&M+`~Uh>7fr(o?R@=VL-;&fAdP zV#^C#Pql$5)uCP5R2Q_oF9WiFWV>AiLL#@q;L_wVl%*Mz-SQ*l2*zbhu{35r6-$NZ zkA;B2Q~|&nC1U(q5%*AH7k(R7MmOk!W5L2R3!yv#eAp>hBne?a;V{uGo`ABKI3`Ae zTli!kFihhYp{ugU{60Cm9NQ}v(9d}6(ND$04OXRVwMxV9DE!G%UU%|L_iWc?gbsT6 zfH37PG9e8TSP}#`Lud=4v#|8sA?4HCxN3G4i)hP@qi8ijnl^4&UmPe5{D4KtK1Nq` zQ9;77SZJU7Id|8YF@eN9U_$39uy}!}fbN%~*t)T5VT7hZD?=8iwV6^t{LIfmtSYUqdz>l%o5J$0r zxm@5*d<3tkQX-}6x?+4Cn*^-Ni_gTC#X|ka@_&wir5IfQ+|uvb12a?nnn;(EN&qcP zTSnd_`LZ-%haTrbjhMLzCf0i?nJ4D=pY8YFP>n`-Lm5|Ew-_i-?R>$ir|WrJ=wIV; z$Lg82939vSbf&#J_}r-Z5iv4_!wVQaFW>D5YRx)a+qC3eFL0QY&LGDuJ7ErV10Q$c zh^FcAPRWnf#8?nb#yLB36lsyU6v;_}#b4&{0}CBZ6HMG$wT9aM}fei6-&rrHMSc-+riV9@5(#S1{LN%8R9 zD|=S0s@!8Z+urlOVzoy;J48BAlRZ2%pM}5?VmcCVh)~@-T5v*W3>J3F_X5hXAP?vn zh_AXrO6Y6JOLVHEX@ze>vHch7NhK5|1Kx06=4y?5tX-44yXijQbrxy+0*UEQ&li2&YzFcyO~-bJ%P zMC*B=cxFvFPx#p@VskzW;a_jXOhDD1vZ~<4ib>No!SY0D#+oZ9TvtRtv_I$RGqruBef3qj9Al-+#M%eFynBBw)L`z~^pbzUVQQCa@HP`91DBgI_DKHCm4FuIhxsa_EsG<-wmL(Zd@KXhHi2<1|_zMgv8O&JPB^KyJ zVfUJ|f2J@0``*RL4t0k8;1RZJ`JhtBd**_;3r{bj0z|c1d!XHP z$|N1<|HL3X-!gj>NY+IizZzV|XLHOZ)!X~MJJ-C)B#bG#FX9-?OC}#p-0(?PA_J!( zS`?c4+&s4?$Q}S0J(pL~gw|5QCmk?L>vV%SeUnNzLUqjgum$Ajugfz^h}?cXcfBVg zzkfNCg2l7$gp3N?=0xUWzskHvY+E!UAZh&5r=NS&Pp+;NUbqF8jDdR=t?A$_&L{Ev zn4C2)8FmKT+OnMrPcYYX4nDF{pR%~bgEN=G7o^q(AL7#k_sxN?0(!~WKHb!dqc0{p z=4c;p zq`s_~;@0l^G-LUh@APHBR9n`|V`s?CG&ztro|@%0$k!9EWIwkmwXq61ZZQ&~!}$M8 zi;sBt3{C;!>a1HUU5?9+SRuX~v!&ZF6O3svaHAM+sSOBm{bkC{{|0g`fn058WX7QZ zho|Ck3=GhKFQQ)K^3P^A>FaCnO^U_Pds*&?m)|C_$7jDQD;bm-QC|%lR-)9?=H*Ke$nPPAVdP7g~$w`Q8A1Nfs# z5IwpquJUUhj?Rb2W-;_pr3)jUs5ksl|Cuh>{3e1OzbI+F2umdwi4!3!3?!qZVO-n2kUg=NG+-!zWzQ?4s^;VDxjKM(wL|+R$uuk; zkH{w3cEu`*y1b(>jXAP9O~TSF?*;sJ-X-#J86gqlgEU9uf-g|Trp}RAQnEJU_42!D z*ALc9YTdNQ`OG4ow}@LQRpRR%PzNG>(=FAzI@pTEk;Y7Nkm1jKHg=Ar>$8$ZWsKbq zor1>i7K!k)tW`)7YB1L=RQg>?lH|TZU)K#(2T3IaZm!X-rlnbCVxeBFHc+& zC%WYFTU+}O#BK$;*s96dgdC;&lxfxtT4h%{Lnwu~;b2%LlCzOj7)_QZFyyXHXBDxd z&3Ugsjf2TIkgAZi3|dN1gDSY>v0-X0O$b@s?m%dMC^Pd*eTE+2xXS}s;~NGP1$sMx z+87u)T69(H4g(F0b^qqDzyDxufGk$kQ~`0OqRRyRGPqWDw7^W@bB{~HX=Y6OqWgki zl6Xdk8XW_1LL7SADB0b3^}$Eff9X`8=l{_+7BlN=u4)NQY3$d?jtaHC7P zdc#jv8o}1Q#`oTNRB|#_)l)g$`4@*sWVL8`u@w>VGAt?+HHc>9xXMWwjrduHF}4RD z&AngkGF@>wgK#`n-`V65v|cx??M9HZ+x#gBIf$I&A$TKOAL_>w(7_;zrikgtN~>Z$ z2Cx^x3Mlc}4UDvshG;_1aM_JUaSebz+}nCV=@I+f2(GKYa*;vk-UqVw_kFi)NM6=W zH4fmQ|3rpJs)Q_C&_G&zzv?b~jq)Hkh;!0~_RVuTpH5Ft#ZuYnj4VBC3PWrUaw%

tXXr0;!-d@ewhK^@bMiKHml^IClBR--cZ?HrQT4J?P$oHHu;xBog)?Sl%>&z4by^b@j82h;50bK!b#B2;F zkY{#24p=bKW~E|1rNZ%CIPX*XMF>ikX26TS4qBS#k}ZRzEJ)p)a|^l5I;73M)c0tk zgG~Dh%Ama+jP=et@8*Jq+S zA}~1I*+d_UIFuZfb8m433&VWAtB3^k*OPoj5lxA|=wo~bi8Z1bnj!r#=juNl#4)VH z7NneyNJG4UxEAZk@s59Zzfix2&dXCb9eZh))B-F{ncZoE0MrI{S@`kr|Gl9hVPK(oBy%{{) zY5VZ_m&5DSwE_u=-j8?DeG4|}p>P%tYf=lh#40P1kg=Ok;+=M)B1%lLQpn*!kOn zUtJegWk8fvavR@9U7}1qxmqL{jgTwWubSqx_~mbgLTF8>*}M_i@YfO_R+sZ341?d8 zD%3H2V&8IGi;8Knj8laBr%vrG=@{&5t;>tI7nFIR$0NmAi!>jv{7}IQ-ad4}3=}b$GUR9s7Kj@lR8^5wNhfzr>1TjLF4@ zzfyVYtBNHnJUHNC5p_r6M}5P)*ejbWK zqRJ+yN*yP=?C99%LSaf!Fuy-KQBiG6d#Awk`96^7Z#|53s)V8r3Rg}YCb%S%nYd0A zfe$wnkHawBV0E%7$jjNQ6)^xFT$8Gb&=>flY$V39r6RqG|4 z8C_2V_@l*PdNO1R3*N_0mgOV3t8HmRfdp5DUHTHYopZsc1BODCPHy!s?-drEws%1t zQyeN{2us88D|PohH73nh<(S#|4Bw2goX42IJNJY?J+0NcJ#B!hHGR6jtxG{Ac+625 zY%a?|H!_G$Xf_9!nInzS4S+TfMF=qG%K`P@3*O{3+ESc%*DAO7NpCD96quYP{p3c} zN@VXz-+g_9tvPiKM|aC``iLOmsU4d~;%rg%oPwZ#^x2_(X=1md`k~<`oYU;5i`#@9 zctzah+B#KcPBXB~!d8>?`pkB3|H^Nsz;`_Suutk>7q}Ch3DwgMBW>9{^Ze2*wU!=N zA{c3m>5?&1E9Jh%!RQL$GnEKk&Pjy?d>2^9l5DNP4~de34jw8nL&5?8=>yj2o{gmE zh#>-=Y77Gux1*x)@#MALmc`C41SXd_8Ck{5iT~5k{$_zllViYjx{mZ*q~+Wr8-t%UPo2{umkhWRiXZ&i5+!QqTAS2zDb-1g$u{<3f5A zYg40u$8c77&^hEH$3R34egNPHh9&|2j-OcrL`Kg^N7Cz5X!$JQ0Zdy8PqSKtDyVxM zWcDIg+%+X>|4d(yHD7Sgs@3g25-S@6XBvPRkpWDNuX^gIw@TA}z9?nZT5TboxOwy* zgxi`EOjb0-snNIy@D}$x0!|(eKe4CUG7))4RGtw5nbi$m=?m5SbBMp6xFNdH*U^Tqcoh=Q~&Eqh9n2P+N)~3yOY$f+rrz$X4PD+$< z4$BGlGeHKSiAF9-e~CDRSJ|cZ~4F8 zl_yib-e+AHIy%~jMXo0EWy$33$}4c~Xe+K|qX|JZPb9jq7k{#Z|8xsW9f98XZ+YR9 z-jK7A+KVoNW;UCO|6D_+CpCESAD>wgP&+bEQ8d1`C88aL0-3T{^GXa5Ze^aXq1tH6;a4X z9$U&nRSRm0=jzZYXlon!(LXR+1A`3@i$BT>vZ?%;-R-6@xPI{UrYcD51-w3-U!BkFT^h%=qZ=9ao;1tc$h7#0CoEPIA43 zkH~`1s>ejpCJ1U@9IyM(9tEW+Dw!TqXt$X)#@HsR|V_A-vl!>{>3AG!vO3e8$3$~TOPIH5ZpUPV#G#OYMW!N?77Hwmv6PXAF7 zotnB|HFYsFgte3b|7MW=;2&DTgf6Yd2xuGH~M~d*AcRyOO^gE_AdmQ;}cV{ zM`HKa=(QdW`T<(AJ^B=j)X_``zC7#b+ZG0p(MrB#z%c|`6Lpe~1mUyVV;UC_z`dCI zq6O!2D#6MLJ#xFzLIvq*V*<13DWN8J%4*E;Vqkk?dD38~a?b>l9|$dFm?z}V0eqR8 zalq8^;5&WC;KmSvkcs>oYMc8K0_FxFCUHM==?lemfTca1DmKQ55JA3i=q8Xx>#PtTayMuk#* zdDl(_$XZl3R|tnGk`-iv z%BYA{G1AlCvQkSX!gF>=g}WQQ-`)QXV-G~;#4_W2S~<=EiY^2s{ec7ieXy)%08(bf znvU-r(XNPoV(mj}qQ(F%=K0Yx**lK2)*JphfDi;KTc_p|nZGc$i0)X{3yvc1#h~~M z-aQTQ{R`T}57iwAxA@RQ6R1Og?a|Z+XqJ)1*uu=;{2!t#Z z0m%R&?wqe4HB~%%Qdk@j8l!j=JacF z1JGalYzA`#8BPlec6nEfk%V%8r?Rr8NXF->ob`7xRQkodrP89CsQ zkzdBjw5oD@R0I(&q26XK`lZ#kusv)5L1rJEDVl74&d3|$vM3p$d%W${?{mbnR*8Ti z2xlZ5HxomcvY5tD&nKvkM*$x@YcDozDDO>-QDePZjnyyH!Tue3NoL$_-2)vmyp1&S z41;7Th*vN3rE51I)?R#zO7l0zeT_ZFI$x_*7o`y%H2ZPhzR*aNCFyXvAZm`M9Cw*$ zrzyl{{QH~~>ke;x4`ungjW!u7sbY)hLZ%Q54*z?u@7p=>6Q8)^@2Rwg#ZN#>@jvyK z?J_wLC<)8A_};D$uO9ob667Us$yZz__d&`(FOqXdTuf0T#NcjDtOaT8JJDv1ON%{T zDDoG8$I{Kpl|pdU$2A;>u%VCy85|#UYE`4!u&}yP^j`ubB0WNY^`p5FOpFGrXT`-; z)rvbK0X+Mr59ZLPUE`U3;jFV}&YOCs6Kn{qthGEiyv3#fFO(C6rYy&U z7Z&`K6vuucy!+0lcd!vdJjX_8K}b3s5CpZnTubE4H<&-JDZ12cD~G?43xh}`Ag z2jy6qLs|UF7yD!@+lx}65VCh9o+}YJBRTHUw)N>cv zc22Ragv0;(NXfz}k<((wPEd`o-E^a^9$_uRjZYV#*+&O%VmJ{vJD)QJ>%{^k8hvhl z`~m-8a@$0O=)b8rm@bVZi$lmH=c6@Z=rJnIvpAd%KfgUqw`~*-=%~L?5 zzpssB5Ty$dKz@&4cT-2A{N=_908l?yHjvWs?%j>N8g+tIHqgud$K7McjrLHR0Re#l zA>D5T!$E+7oa!g-Hu#F&v%7<-+bldnN(rZ;=VDs4SuSKKRBcV7$UhDg;A#AP|8MR; zxYqYKCi*)UhezrCs@G1eqyS9rqyxmV`q&ahbT2(pllA#d;ypQLX(6=$*=7WE-NVz! z_0+*d-Rfw=hCv5{?Q_%w=3E1E+#a5Kz)5-=t;3PHmXZ=ME5P8QEWf*@)=vuQ7jisG zHG!*;7t1B6-9)6X%mBhDt}Y-JrJzuMoX3d7odn+q{j_sk){Dex+5D`B|d?}{$?#+U@CcZjzp95ObysrL~2UU!b=vGTRc1bFEhP-GuEe` zKd?}-K;13df#9HjCFy%===#a*qi8B+R{d2-WKkFID`IhDCarq&bELn}koW6RDL7C- zC;Q$sBxov@pkW*J8PZ5Q=*JyOA~CP;;#qL-)DFL`8mu{hoiD=#4_JU-Cq!zQkEOIS zH3qrN#C7dT6Sc@zPnAhmykm)FJq*$%aNvsaV?6CetFR68ytKtPRT{uufLYSEGp)1K zRc^q50=#8xsz=5ZW+QcwfW@t=K0y~oY}ub)`WUVnTVzW}oV`@?2>MHsT5n4`L*iap zJv}bxj1_@YUa~^O0Sz>6-spfb+(#7*kXIw~d!yoK2f?mERk&}1aIh;kO2h@g1^X?s zI$UOpn^43^q7%*dpTduRKMJt3H<lp7#ABx|$kwWKM<0eMG z_`S;mOr+c1p`$n~BBPUYxC!ueIn53qyghz^p7b2Zij)gu@u_w!yh{krTc!3|A=Z$t z{O=@~pm|j8`W`Hs?!V>LnlO$x4R9yb=t?b8VvKgJ4H-5*W4GNQ&5sq{h@l_~D=UcB z7dgi--8@i=Arv67dEEN3!N9`AV;)djQ`T-m#4tDmb39_|bYUe0ez)qsB1K;>FPY{_ z!F%pjWFVUY51dIYKb61#>i>|#1a($2j&`6qiXXbhlCX#gG*#h6Gk|g=m-nu+4eoNkKQ6uNcM5 z+_JHqtQ9qfT2wzc`1_ux?_}Gw$S9) znzl%A`Edz0Qo1O;2rvokHv<}k3I}HY4oTXbKMv;uz!QG<(S^tU5T^RP^h!f_aO)zMG*ulj$imR4# z91uMN2yXp?&dM72W$xVVFGH`g+1d~X_lX?*hVpfq)N{x1$m9`AF{F`^7!?HR-t4SB z5BWx+Jn4-}z^$>;gayh8d|#hU0jNz`8AxB(%BX?04dl_x?S39~Dw;OJO~W_Dy9Hvn z%85$m>v7L=!&|mAJl!((GBWbK`{>i5NHbmq-tXiwXu=W*1nb=2%z*cJ_y|}qI8hD$ zT&?j6VJ)zU%?z8Y41S_Osmr>LFg5Bm3sh+sVskgI=j68ny*(&6G`;W$>Gwkmbq}Tr zCLC&o7Q62fXRj->VC9pHA4~+XqNm*yzpI=#-GBPnY6Rio!Gv|dI{@Zw2gFEU*VvRRN5XLlMb0Wpp^ z8 zY>a4BZ~x)#?09b8PkSawuRIjt(Nni-AR&LKEYsGI^PaBL&3f6h8Wn#_tcZq|@aCrLu32c;V?n8-w)T zE`I`-%%7wIs8@pNzbGvyT_c?Qrw{WfesqCRN!}YuJ{eQ103`m*P+BBX$d>=ETpx?F zxM*>nz=Pt}TNf1xCTrf2Amx@nja`tn!!BAjC5feKJE^Cx6XiLSdBCD(~enVD*U&N;D&pi@ta0dW76ZgD`YB zV7NiZ@an9((_XvW44_~lXQq|%7g5K=TurC{Vd6ZxYaSlXF=kwK6~&$wP?}?O?A&;J z48`e=mZI2DOs}BR2>X=}@J^|$1^Q`~O8X&?M`dPd&4p7PM15>UTUgRpH z9Boo1&rE?Gu+i_rsP~2dji13CJ%gO?YWQnke zogdvwpPYRyQ?r27D}Fw06tmhm7}|f-`DC8-YHdkQy^&$#d%8~7$*#k&f7U4N80mVMfuA73h@ zJ363}wX@7Y!y^NQVB$S6T>bnIaRjfldL{)H;tTY{n-az>8>p60DZpfj9TXvAXVat-C3kKM&O8LM9v>&CX|eqgTrd`Wc2EyZ z9$^a!6x(Tsk%>t(KKUx0pV2rQ84ywLN z=>cRM*$uwSecqLqKvBAW2{;Bg#eHn&2R_$~)giol99)a%7N);e$ z=D&_bmP0|1QN5|4a=k447N&a{jIfN zG7)txfE2#;`}g+t%AAGQ^OqI3oM(MPFgN>eG*@gckc~ISoLf1c^UgSRGlt5r&l7O&@N0g>1T!B|%G(u)+`9Bj6 z<<9%)5$XbZ)Z-zFeh1?2@jTz`a!xw`7&eHr8JG4VBk^YisINQ=4N9x+ zkw?N0s^(^5=6J6X)vR*S<^@NzW+Unuj~s5T6-BVHH|Im)Rx57OTH~n;PF`@ktOC?# zYhc@%kszib>GLrV9$n4u+^5QiLH;&o8^CP_$o5)R>~UH{4?CL%NjgCt{9hjGYd&Pg z-+MshOcoi!*rI|mJdzB_)D~zRWYO&DSd6x$Ir&jjUGoemJQ>Eo->ruxm9;$huFk4Z z+|zn6hq_LV+!B^RHDt(*XcRo#LS`vBr!jq2+eGe5i(osw6Dpg!50yIL2(d-modltebz!S6 z6(9P&FyMp!y}=dYvdQ4YlNUWmncL+K+rL^jqJ_-?8@m1|GWvsBGfAE6uU0TwE40Nv zh=e8Gn>xF-ixR_CH_97=1Ob<Ow1 zQugdYQX7Zc71<>Ztw}QK5%z+2pc-kzSA!>b zVTP;Vm zWpM1ipmlsD++I_GDRpmJgW&QiwW&Nc#W9TVQAkBT^Q~p!Re!GAqDBX)g3Qi*!rmwW zmzB}Q%$9Maa0Y;XZ%{?QsHj6ub90HU|DcI5-fs`hEc(F=EpfB>hjO!V@!d5axKX+x z@Z7nvR)Wxw{?vQvPiF9U1l&qh#%EgMU)svW?)K>ft)3bf5HsB;y{FQ_ohz$m@DY?W z^_ho4g&Oz~L|Hdm&+xiCq17DZa29i3hj%bdWU|P>Y;`}gls&L?v3zh~Zghw7fwu<& zcCu1vr4f&eu*dYblVCPveJ~g})(wZokL)I46x=tE!Q(ZKEh3a_;;1|}NGQLGEWiu5 zRm@ZuG13^8P}&xkGbYOYIMt$BvRbtMCGUevgFmfteUS$|8!SJzPCblU2Ua$Zs+1zx|mCgo;ZprfW*jvDZGhCLZXl z1Q?Y{aBKE~Q2<@j-*s*Ujh7}C6E}86&`KvlR>lg<%}{Qnj`Ewa^tI&XBu}6-VYkkD z_J2r~XNY?+tmG55vX>}=VthHO96Vtpc-rMx2pHVcx%3zPB~95_I<|qk=F0#wv3R~n zb~&5^jGqhKdlyZ=Kz*Sx-|2o!F#_v={%4sxdeMi;ut$|HZ)(!9lVw2Fs}9DCB9jvS znPMkT@Mg_M`FX03`qUM`D}LgQnVPaqclCu4bjLCBinha@3b7n%e%&~%dJWmdtxBaf zd(_(qY)D-(PXf3nZb+c7etBkAT2OpGDtNp8Wc&ZkE@vU8@P;gU4KmVS7|`FOcfNu; zOct6|sHd!UaD5b@eWBZZ8+=AXbkQ=8B<7;)!sXDTN#ygubAW~Vd=iev)lJp>4S_Wa zPljLZ1))al{8^{7TR6za(BUd-o`C@337v*&VB%Sp3TQQ^T@p0CoAzK*CwCf3Y6#vA ziaU2-4bOWgQVghg;e`|DF0sz2Mm-K^a}j<)UvE`2>X#v1ap`QA@rk;?Pz*MLb;P)B z9b;8p{iJS9zu`aGH;J(DZ5A@*0=3$MNv+nl^EbjgWI8&#IYZNE>@qi&2{Z#&D_7%r z?zLvD>($`4wUQ;r$ajQ+N~ZDIakRT$<5{&KtVV| z%9(+^78li$_Jd&>e*2bp6%DzreP>oo4JQJXe3@?NCAsRhupgb&{bZBR&*91E)EPEd z@}97Qi+(6}2A?u4)t1_wT8Y_OWH2w%=xo!2*%xPir+I<(q`ZMKadITj%27~a!l8up z$t1)5-2JT$D*Am>E#^!@w)`K-U8yJ0?}GW-$n0t5aY*e_R#vI()>x|niD46nr!VF$ z94WBqMyb1sl4NBgZEHBjY_y*KIZGsvln>~y^ZwU5b+lm5aCjx&PBQH;x_!lG#m}M^ z#5ZZzD!dDAq>7Ton)#XytV0b3JMZ<$2>cS%NhsZ*GB~kgcB#-K(f>!w{o&)^52$Br zO)NHE+)FuqT#Bx?UgD9=hW$P=I!>bs7nxowP}xt_BRfFDQlZ`5<)hYv{T_J!TLi=X zh=Hi;A*%I}P}CKmIyQ4YtcLN}jmqbx0bcnJK>` z%YMT+*~<*{beI+m8kxQ%Z!MP=`VFQ&y6ed*1lC~xC;@{&zmEANmW;GnPf2-{<15-M zRb>5)EZVEs6c^Z z&^JkYEc(lR`R@@CtRDt8Y2}uv*u-e0KdBw#ktmSS{UYe zlCExKrSwy<#mhwWVjm9tIzhRu zhTGueXMeya(qtwt`Qo>ng?mZuzkT5-okz9E(^G0lb=R>$dcMyHr23^??lXBceB~%# zIWwF!?3xf`Qq4J~&U7|L=&ZOO_Pm(inIFgvIt7L%oYyUsTLN3=R~Xs_^cAcN5^gj` z&fmUucU6f)&qL{`fIg-TIb)^UwuUG`*#g3Vb{BHf12ooV`=e~)Tj8_l)^kKy6; zb#=|BUm~kQ{@dpq;wFA*r0@LbEN$12W?MxqQ!-^aO0Y})_epz2k}mi{lCtorJ0r}T zgQyoU%_c`&YI}~7imlMAo0gUleV>C4$ z5Ag;$VauT@7zO4HV<9tmyc5jJZ_Sh46Iw?x zWN8nTzC|ent{5yGnXG*LuUf1$>4!Pc13w>vqi6TSkRdK7mTQ|MgMrtRY&y@lTW=W& zf;iZc+k}5MBy@vRs==#9@oiry&w&!(SK1S(qWN=lb(DZQ;dQxr#=1~*H^1^oo~}tK zq;z@v3R(b%74Ns<(V1ucH5(+}W1WOCM$>eFr_%M`quiiyc=I>cLTE-AjO9^AOUH^s zbu2!IA}G#7?0#`liq;MlC=x=hx`nq&MTr5Mkhrku*6img)xzbnqBjrJV&l3?PJHXZ z$RuogIQ&d!@)gCx%Ho!wRy&>ax5{c6@D7nUIYZom7*tQ7c=*alivS=l zYDgOPWWM{zrUz)GtM({_M^+Ao;zod`^$W-k8&bQKn3i87^M^!*FVR=?)0>n+A@^8@ zp+ui*m6e>rx;;A%67^n=>1!?I=MzmmH{UVg&QT#0!kikx((uN%Puhdtr`Zd&6$E-N zzP!t|aB?55sH*60wrZ`zBaJ-x9%)?+B`zmXv5aGNs)p4QX6>w&MfVwk1B4!QCF2>J z(FhR0mx1!VmYr$z4Xkcaxu#NFgg8h;e_{wugSX>4pmce`t9;0kzjpzrn8SeaRNcNB z>6VI&h1mURVdYRp_(24`D6M_%G3=Q_jS}Q4pT-tqlgoVL_};6K|MoP08;UTEg65hw z8fCAJf!G*e#L+ueJrk<`=Xg?&tczO8%P>FUMs6Jp;lFkET=+U5IZqanq2hL_b%g&@!N8`bQ{Z2Bv)?1TkuqA4`mIs6CjG24OBELQamuUu9lSZbdVyyePlHqg2F%8 zPdcU;C&9ZZH>|EIHMV?YnkWk1OJMVLSV}|d?HN+rsd-?8`4C9J8;36<%-X@+!0$C1j+KnPIpfj}>-E%F`@xN-KxMItItEk^BO zjli0FsmNWIe^$Ye)=(Ubg%hbqIi7A7*-vdZ!PGp&Lvak^>UmG4rozJNzmK@5+K|%h z-=y@UR}|(pE?k(kb%pG%mV>QeZ?O&^MmIA+STa1vD=Y=GgxAPMB$bVGc;d0cgCUx( zEx`qL2%#eJ3HkiE>y~2jX`}JDwIN7!cXQ46O9>l5A@3!&$e0MyB8>MF5u(hk3OlYU%zs!YDgRRc!`bzW^K$Ewr{Xp=*L@B zoo!uHbL%TKt0K;O0dx5406mM5ESsKhmQ$GEL?Alir>YVXVCQl`Q*)Eo{+%ACk2he4 z_NN4@eKsz&t|Ju3N-ft(HzK_qhb3aZpjDF1t;@QQUjjzvO1q(__MQ~iC2!Z95KMzU zjgLfy8Qu<&)+xhXWD#h2S`^YlHfz#^KG$DWyL!?4!D6_q@3Jt8bcACV{uQ%(f;>fm>%e>%foY}k1^1Svz4E?Mx*Us$Foh^*uu9MZt9|8e*x;k+!m z>%RY27YOZjJ!@DX|HaP3IA)Y7+M;Z`QN-_L`)<#`nC5$KJ<{(ea|`Ivo{vs`k?14^ zBf2hh9y{H=Hv!RCh^9Z!flT`Q6d-`N`v{I~?TQ3qY*WH78e#KUIWnKZ$K*}qtZ9SC zAi+xDvNz${nihApVz)ha%t3)ogXj zT$Hg1Bw_-ipwtzztZS>Dh7Q9X0MWu~7-B`?XiPh(Aj$0sm0XLyJWfI?kV@q3TSDYx z@OU$#pLExlR)lZBgH^@`tkf9Ev-w<4q#%N1d^(!xNIEZi`;1|BUCu{N7GLnP+*Tf` zk9PZ^xwDoXo`Woe0|D@acbN>ZJmPd@kDZiWtmj;{BM&;r*2(K_x%`}w`F?twuX(GO zH*D12=-wXA2YQCU!lU+_l}YF(nLT$$11?6-knp|1oPcZt9vR6SHh^9KRt3W2h$--r;LNjsgEIgm@NL67rBisSK`lRZtxSeNvGZdBeh@ z2B6g)Ry-@JbOa5DJ5fQS|>eU7N7RMkuI-$lAJqXZ=2 z!2!_0sCfSlTrsd~3^P#rMsLFuP38N<3*)g$f6swj{+AWInX5EX;f(Zh&zI5cW6&CG zHk?IEyixaB4N})6tvU@?v>$v~fKv$@PfFL{zHcop zdXqB5#6|l}P;pfg%3s=hS#qOcZf~_%pi$PbRTYV`xNfj&lXFKPt_yL) z*hYKk^V%a@l?10FaDu*D!n$jmgxU?0));M~z{r~~H}uC>R2cJLKoB1<<(!YTaN7Jr z_^+_al=yJqO@%E)D2J_@;?ZrVpkBUmkuNYqV34<h$c>cjMIkezrez`G@ zt=33i=jjmVVMXSb9Hvce=wCt%`1IQWfnz656~u}&V^T-x{#D}g9z+A&)N!$nhPDn> zCRD>{nFkZ~L`&KO^)vH*qtssiUikTp_+``zD|-aU*rOzO=H7B__vDL4znKGH@$oIL z9_y@Z!8a>K=cDh3TXf9iQ}fPJ{uQ7$)(!^frw_8kM*N(6hb{$|b8VCd>=TSGjiB=m zYoBu%|Iq9{4tw(SGDqR33Z%j3TY8VbW zD}J_&+kv%=EL|^h0WYSJ4GXz3SQzpSo-bJY*TH3LCARGB9SQ6>StP?WX|`U5m>Dr1iSJ3k)G&j=WG)X3^N4#gYhYgZNzHyvX%G55 z&)r)Q!)d`rx9kP^2o~!LliEOzMZ&6LsyepTR7V`rYx^S_D$_7;zC+236U=+F4lSpH&q;OZ=}t4B)>Ho?z1ZlW3-G?guQXLi&J#hTYM;CO5{yS0k7T@aI*0p zv%i5gnoKcy=QineP(*5@M1I>?9JgU~LnC(mLqynrG0|O(?mYI~u$9K_v*Pq732O{_ zSjcD$;#57@FgI(}ku5=D8$f-vK?pifd2p-5GdX&&v=WP6^7iOtnoKOMAt`&0=x@R~2#(lGMgD0h*a3ZVY|>>kee zbiDBxZ#8Rpm;?FzuUzC`3>FV?*8+i2<|V+my})_Wr{1N5 z|2QVFY0&v7>o}MyPWh+b+ENz5-&bR3Lz#v3v2!2cL=5k>e8uXdnh)_J%|%J?wH5~r zAiYGpH#?GIZF_PBTt7`|xzr_Uy=u;BYb{EVJd|E>W}7G9s~L`7Yx-9T!i<4w{Hyyi z{!PEn&c`$Lzs$%!nr9=@K`JOYB>-5ne`iwRHuD*3+F(9RCok4fw_>`U|BqOVYxeb- zSP@|>6ew9D6GdzTwvgZ~I$^@bhLXqDm$wIvav85}wL#IG$t<9AwjFmywjxAovINVH2K0E>X^cOMYf652ilo zY-R)-kW6=C0Y?z;<1@}+4J9&CP%1<6W~*4UX^~$5^0$mT@Hi)#otAo{h?H}}h;Ka1 z@Az+Syh|ucB0_U3=Y-&}uXP$f38=SilOsr6$CoDFuEZGju7eH|vT5FXS`|CllPE@4U1-)LGfv$4t( z)Myt~0v~E!{S0n7&^EY7A8xf@s&0_Whf%V?7lVasu+T8w&kls#7*2L$a)}H-2O?LA z8hG*$MDl;%QMOThf{LVg%AT++lyv`EYP$;HnGZ?~+XC`aU+MyF3{6V`#IF5Qa>_d}w})WtJ^`w1uH2_ko)i&f^NLAi*DH z5NtCa+B?$Hi9MKEb|VEP2w&iI$!zT(Eu5tcKjm>pO>7jqt5El9;^Ua*Q$6ss==MT7 zCF^-{323snXEV4&sN(AV{vXE9DOR*7%Chh3UE8*8+qP{R@7lI)+qP}nwvE13)k&w5 zN~J#b$NAmaCs|n;b4(X?Qp>rKY-vGsrU?MfIBm9R@5AzCA63}11e#sRSZmLv96B=t z7vQ<1Xn>O->AUZ?@p=g2G=L1)#2Sl9F5^TJnUGziW~Qi}jW@FIqk}PL&Pobo<@5?} zs;Rw-Obf}MPX!#P^UD)T^H+1mSj|Un+cfazU-mYqhr49_-b`y*2CmBO?(eDJK;e%< zM%o6Ya`b$KwA|#EEwUd&^s$JN1Qn#{0Q%&~mL}SW7r9?r<`b>ZG*q%io3Z?_R`Jk??cV*{(QHihneu|XQ(vFug(8=*-)4XYbij$=3htKDKN^Jk1e)f-s zDqQj}Tuc7n!L@WuEdN`$mW5THiPeOKjhcm#m64js@K;>RM$gDfZOmY3#9+eAX3WlR z@;||~|EZtVS|r}B@38t$xc1_z-umC#e_*y(utxH3SqOV)stYjg613jc%iZjf_r) zMW;o5?Fj$)fWpWr%1w&0se7(6^@0hdHJ_RsWwT!vSpUO$(Ue`=l3=|q9Gie7aINTo z7h(3d%Cd#~_zwSz3w-Lc4G8dc^X6k1rb>x+aN*R9mM?!Q7|i+H!~5_9h-Gdg^91L5 zkYNiB_>(cTj{jN7RVy!$tNb!fgE7qg9oJgk@M<}9-*dhpZ5JPVxO z3h~)Y*V(Q5k*S+kNu&dQ5FvFvH%voUSTkgY2vzY-nt?DwS!D$792oRAzP?Fx7@7j- zd(x!iafZlUXgP{Jzg7Y*mcqj)7qe04DN8_o+8I5hiWu&0;`b^?9etLCdl%yn2-AYW zQP0vgQBFlc2sga-kWHo3^C<01LyqG8O)+O?C)MrndwqKU8ORqLMLmY_qt`$aUL=Yn z-1j=W$2vY5HOWMV%XRKqPzLOI-o9_jR!T6Gh1@$*fW5To4M?S`(fxAB4H7?DQ!gYe=C%^-vXGG-S^QIo;*23$zWz5st zOi(tZ_bc>>8wN`E)xiudzm+WIqU} zbozb!@Zk*t2-!1u|8os*C{@S=bEGcgp7QFbjpMD_Nx2@X1+9 z)e@H-h+L^vZTed`QJ}ofQ=2-ZP(tv+)Q{pDgTJ%O8Q~2)n6`8?0QPj6T0(iL)+HKy zmu`ZPlkZhsFU;%LRrw(Oj3$viJQC?&tF`?Z`--qhbwu-;PU4;8%CYs86-7k`P4yt@ zKr(tmIMP&Z729L4V6^r%bRXhQAgSMstIaXbhjM;)gsRoh;BxaY?Lzj(34>G#otF!m z-;C=ksgm0iDiS>r=&Yv1oy2%E!-C2#jUgIY>A_@2Jq2rJ9!pan@9{=RFP3Z+5nIR(SwEo8BlWaF#COHpxh)Ug;Q2A#s0xCe`#V(CfW}Fx5 z9le?$Jq@Cq03`i4@9pDDol`F*^Tyl+r<>GGDHqwN!cX~P8aI4d#HPTqGWr?La`L5i z;(HrTUrq<_+2yGCruq$a(`Up!)gy(@>qqPBfnwj^Y~+MyXHg^z=r&4Z3uC`Awo=~u z7#q93nO>oG3_M?=mKzuN!wB$>i<`^j5yTuOIDtgk#xx6d!Lxe{hQDoG!o+VA_W0@> zN8zB?RD5dDMy|4oT5G=K=X}8%C?OJ5lUi7#Komv;uWHpJA zh`Q4=IRxR6+hgmU&XR`pAi1q^bC?ZE`3k)sgfbN2kwaltq|?|b_E+ynhz+rbrnkuu znhV#&3Ph8tD*;mNOd1_FDCfz!jWV^dE-sLGm@(<&Z_4$C<$-yKa5id2h!rlImRu(i zPPCq8x3@0TeUF2qec|qkH2hz0+|fFT3KKstgXMx}N;Vu%`u$CM zf;2GGQO8Q#st~v;j24@+GQZIZRT7L*Cq1nJ65>VK9LSw?z!T1DUO#v@?d3qz|C2FC^PcCZVmLQj) zp}Oa>xf_dgim#G8tj-Yfs#?lEgHIP;--ra%QiO7uGGWH}K>B^d&K#G2}%Wwf;px^hKpz z7AI?YFsp$e&t<_(YA<^63%j%JNzxpFp}eD|r(^QQj{GK?nV{ie=I*eObP6 zMof1y$d>)>4mOC7+G)sFs)1k3z?evqux>Aa} z!(1Y7F{V<>h$$pq#?l<-=F#8b1PKzH59LQS;rG_^Ar28m{AL7fs7o?`)mEF(5uJX+ zz>Wq93X+zdB}P4%BGnlXJOY#@1JjMvd4VQm#@sP2fT*X;AeRC8ec39#16%_d+P3<(CDwZwzd$S7tpB;xp;KHCCe;a|dFDi~w&`|DeQ0>FEs? zZmpzK{uxdhbOID<=p)Fb4jFWovnQDaG4N8aiSCi%1Q^)c;k-mNwRWW(ykFY+I#u96 zPwHwb(^v!W57))Si#ew@Vd9t@hw1gPi_YU1&EXQ{hgaD5H)+k`jbHHJQhICt3nXk zPa7U%v-G{j@(DF|vM(Zk%evMm54>G)$BoGjy|8(1Q0AT8ooorSqH3%2q69^y+kn6 za-+(c4%X(Rt>${LD$4~V)kJmca|d^FrODy0)Ig^!Yi|Chl{*@NyFrLpE;l}$<2 zK@Lkz+y^aBk`iDg7|ytz3lk@^Yt#BjXIgQ!J8XLFdJh8EP~ovLJ`OIsTFvvJ;#VtJwHb2$I)7J)Y%L!kF&9>2pj;TPNjluOWBOjpu(PiRXLj-JWFo6Fu;nMzKH90KWe4d$CRdmvKN?*IS_&ehtjZRm%0$0W zJojrm>40PvSVjuMUurXHpD9qwF90xVY{^EX9`|C42pK_wN0ujGBqp!{B0r(&%H-;F z#Gq}Dy!a+FUX?q+&uZ5(+X1Tbz#xa!uYpxh9WQhZiXM8SHq?_*0gl4dxe@8ODCl7K zte%OYfex*XcaXGhQYr%i^Pl3oH-od^$l<2_#Kd-~@pg-^uk-LyMnq7^Q>5Ne&HH2g z`kt#{_rIxunzDjaauWTSW(Woz*_TkkTaR2%_#qIb2y``<3$|?A4>PK|R8a8vVSFL7 zr$HH5byi@I*T?Od3d4~hG>X39NHcb&NV`Beut`GuWqc{E3#Do6370oF_HS~FuNY>4 z!Z?@OT?>9!BC^wSf)m1>j_=We1RN6~^TdL`uu1$0lXhZOhpD)WE#$u2+wbPh2A>ij zxVnJ20(%@<_->Pk+;T1-1D1F$E{|e4MP>Qv=Fg}R)quN0E>^ZTipl?A@GACfRB%{( zV#q-pc?|X}vWRj(fSMsd9^g$vOC1!PCOInYO2W-kBC`IuP`6~T)>FiEA zbsqCL)N7h|LR(Sw5?edx$*#EXzTK2^15j+RdUd*!=^w!)e4)k?f7gYJzb0B|o57i@ z;c7Nz?WiFi`3j5-=N-jsVrAkg{Xcc<`3Y5si-wJEtMM0GH)+7bZPkPQ5A67yD#>bJ z#rfv9t*=@Z1fqBY-Dvk8Z(mDG`#dB#;-{l7KKXyDur}@hRH}8?ui9@F(~#z8E^^im{)=Sev=W zOtS^}<~%=2A4FMWst_D-YqrS)T@H-6itukJRzMOnMnnCa(U@-#kBj}QG4iIQ zALHcsj`NZTQ*pmt*o!0lc+R_^L77Mt^qR=aibbMplPxD&Mg9;hkJK{brn$9Q?v=12 z`cQHp>P(+r3LsB%XsYNGF$ z(gLZF6 zFhh?u>?vEkXRHN3ah_G5Hh2{JE6dupGU3!}q#Ck&=!a(9wpj^AcSW>q zjw&rAlCm+no8wM%mJ-mnF+7--=+Auo_KJ$3VLL8K&Gf%f^!Xq%TNOwsFl|^WN@uSW z{s-vp0;aEtx1nI2atAUt&+OsuRsjkn=uRe9_kL}sn>pR+W%F`c=oRoCt_c%&B&2#A z>wPu4(=>*f_~=k}Gm#Y80qYz@L^1*eV?9hi0Cn|SsemZDB4_=N7Hu5H~|>AgWS|ZW;k7h_}dbg zJZBX$3f@zjJ0Q5=>^)wc(|w3wvgy?gRj@PcXcc&@D0YHFw#hJyM&QV>T%69Vg>4L5 z8uM$JV!phEul%vc?*S}bpi(K+!Xs{|0cmJ%@L<95PwK{aP-c7l3uK;~+0B7}cNzQ;UfFDFwc*U&x1Im-Ut~S{^^2CChWA%d2H_Bn+O7=frUTSUYarAle z!g^bnOuVM+wu+lnEA=AWDqBs7v>Unk!H1gS03k!4nr>etWA?BpfKVQM_I~Ex3(;i{ z37Ym*qG51`d|H_VsIkQt%Jew^nrDRp`j#($pll6Rb&0+cp)5Gapq5Z%quw1VtX`AV z`nr2bMFhOCibNsTZdr;VO%m*TEZ#)mJJY)-`JQd43v05wtVClr6lJ31?!wQ$4QPNh zVC20h!t_(tWo_(i69u6oo;==xBu$mo8b9c{9DKQff%q?>@n+*}$9}qcPxeu; z=0e+bNuQR&+OUXh|G2R8dBJnW)_LA3sRQM2-DMY+%e~DJndI{06)hps!zv0F09=QI9=(P?MAW2sZ31r7kU}g0 z>VsV7ne2YN=3JlL_ws#0toyCI8xTK%;FwR=Fw35huw7InX zf)SCJuVVom;W~%$0eD|^s;~Z$Tf4Wbav%Tr@IKZjCc>7}dY^kl`p^J6hv0VHBGd-| zOxyve?R5?2`u_`<6ZMjI;&9b6q64N)g%ue?C`24WJ&WI4ch=f4ivgG$Mnn3FuAzkG z7GB>~G^kU(5`8+@Q>$f^Hn9gfiso7=4bQp^1Hk!>^#%jKG1Kq`Cewr$Ul}3jJAL6} zZ!Iy8a`Yb36gYm#R3Q63UE#D8wn=0-Zqvz{i4Q;@+12(tb?BmW%R7Re` za@iSwwp*-|NE&SqZ*97Bu8P#ZTQKGEUGQ$X(`3(L0SYSEy=@9keub4%Z6&$iqve%C zN}GagH%?7c>A6=MBEpPkHwRQDNV+Pa)8$$lJ-mMr2RawbTdHPzLb9p~rh^c#Sa!rR zZoDydjlEXUWm^gX7LP{r_Lg|P&z*%*mWa%cL%v^9D&-fX5W(*N+p-vWy|lcs8wEr~ zk=xv^@OdxfcB<@J)A*b=y5_<2Op=&_y{~(Sf#q=U{sZJuL!K;OVt}81^lL}R0{@G| z7UnPhIm5K+^QZvQ_Le-dH|bP@fdvNuVr|}7Jd=Rb46pdE#~bt6qX1JxC{Oky3;N>& zbi&pBc0H5*_u7Ny(lFhY7eJ{~SMt5qZlbSyDU@SyH@^k~0-Vhx zVeA-LU)Fey%Jj%jcq}!#-v2Wc>S1$&6@n0o$>^v{O>a>SN5dvrr5>Y)s64`0>TOR_ z8O5|ty|>H6+>FDZ%&McmA4L*)+iqMb=0O^|F%p5VxKT4q>Kn?ueys<(ZWdd#C@Me! zTKK8{+Nsdr=CbMrNUX=TQl*^6wCi@v=t(uDBxcUF&Rn4Zv~tS9$ds%bfTxALK5>Od z9}`XNIw;?tqp6Bh!*nE3U7@rHA!h z_4@Rv*zug<%OMML{^%L&8|q3F^%+Wim15$rLkn`1yA^gdp)TgKM=t&uT{bE6DR64rMjR=r4&$tgWCzE$c+? zQbfx+Jdpj6zIOJL*%7XsMCK9|X$%S`%t$p(HCr$0!5vi5Y^qYEy|xRAI@^ZtL0E&l+vI7}~a&Ga0j7D+Q~6$NY9L_?DOJTh5*ByBKJwux?nU_(ENi*bTI(1}^M zTu-hk>fM1tRNXVXqkzU{wLUt7f(dyihlvEH#?SpI}K+m(GH$FnX2+PlqT4ZSm_ z=FUF$C3VT@VgyF@>~Cg$LT9`ItGTuN8%9`QW~X~qU%t+lR}t2?Fs$3gD@&&EF^ePQ z8MaSML0VqSY-)JnQ+jv@pJmDaNaNjjMpKHmegN|SkW_Z(UhS3(Bauu((%c2(CV?TB zc}oW_UKYr^hCgez{C(Zpn{FGLVWsUgwXHvKIF#lJ4=+p_d6nMx{H%by~$h{>(wpc_Oi&KptVu-&UWyQs)n*@3Lrg0BN5fXHZ}Y?npW#9#;gG zocKBUbw7p}kzwwVs4>!zUN+ZUdfZyV+Pxu%7wawxXU*?5o2X@4LmXon7sY!@pcYh+ zLi+sSFz~{oOr(0YpXBt7CMV}2g^y2ZQDgOOi_q6i-)TXu18A)t^iRE6DaZ!Lb-d$+ zt5ZzIC89^$sFqk*eJYTYY5FRsz8{Tp`J-7fTBpozh>QCIO8^NJKKLwdL!xmS%$|bm zXaq`RH?8xt)@A!T*%EF$kw z%FO7FwCfdPrZpv=3&u!RfZ3`(r&JA{1)+;*kyG{B3RJNX#(rYCLP{p~fy>`y%f6bD zCSyw3kR^k>qFkGMZ{HT%H8Y~2MOMq8E8haVD+CMT_g4UbPM2s@6c=i;m^62zUk|E4 zdbpZhTe8hd>jH`Y$1=Lrs~8*lFR}xl_0BA7FQ8OCHAQTWKvS>l(Cmh~J0qg$)T zs@J&=DGMF}Sm`WBHI(9mlnEkKXext@Ila9-5JYVNSCIlK;{;qG%tZqlOGb@rj3j*1 zCLb;q{&+=m42H=dQ(sTyQWIOcc@bMl8z^2p0S&+l8%Tt zgxoXVA!y@zC4GSoFtdGmE8B6;3tsur-6oZlkeT18(b2H>Pp3?W4Wj+s5dlO_pE2Of zhPE&{ADOVen2oSdE#JP2b=G9t&(ts|7?vQr1bX4O$Yk<)ZjZ;& zm`7@57fZkB3I-w$V|nMw7XNTkrHc4Pk5K3aeL`i=2`;0Ul&1qK3!vm-k)pfab%(R` z=f5qvC^S*{HreQM+nMPb37kweeSR}-3!9ublE3zrzapnR96m)!q%bS{2{s4tNNNhs z5%?we!`m0yp!_%z>m0SR@gkrA10gMeZDqpMF>iu$?$}ym8wn{1qhLHf2J4o}GNV~tWh~|c@OP2^6@9j~K5>NB=e>F0swD_C{ z*HHAUUr!y+u`YCw)g}$T1p+WR}dV#FAba(mNg{d zhd)D&EY^X^EatwFxP$e&0HwD(L~y_8uLQ8<$UWV`lHCSOT=gb4q(z`}0l@_V9;Opu z#xS|xtoqt30)EBl-I0)4c!Np*plV#y=9sfn=IFLuEjnOdwV@tR#_o#C=hGe$(b&Q4 z%Tio3teH#m!qirxZgwt|q}=D3Q+H7H{Ov!lrtNk)@)j)Au0u=^4q{Iu zewJGI&hjAo2`~#(fkY)OZea^(!bG>WUwFom4Tsx(k?|YLIzK${=c?4CLUpuHL8B_7 zs7m1hf|p1sMI5{d69DZp`~;E#vnE!>G@F}JvCx|8W9tcwB4J_>ll)^R)fQ^K_FQmj zTlYEa?B3s*ILI{g%xcr8ZlQy*C~8)CvwC}C!6{NB$|ghSW`)W3Idu6MkwAA;(b;dL zK&eib9%@Hi(;l{^!tCbenHfY!2Yuz(ExqoH!0Cxu!^?wn=x~|w*B2n$ZAR8|K4J01 zO#us9x?NM&P?&r<^WSzw=KJ?Vh^;oYiara# zvHjba@%5d1z0KlL4E*aHmu{=_Fu(2vTQ6zse)NcaXLo5yo<>-#a#!)ltp|xCaBl>C zYs_Es2h*=EdAWH+e(^eikrkHR|H@k!XzoPgRvaTbMoZBTmvN2}s{HVys`F)W)Ts#S z6)L;t0y1Ha!|^t4c@2t4DV6Q43j7^l2UFqJfh;^Waa|)^pJ4k2);U|F&2#fHY%Ovk z*VhPJiTMi~*KSu1A(swhD{AW4g51k?6f#e-W!6!$)vRkkyEa9$cp_J}vgZOy8s5K( zgM7R$Q>r`02O3kOyNkbv@(R+yeVyF4gI13(J_~uhnCq6~`h;<|t6v7^;u&LDv}w== zBJsx3HXEB+{n4kxDcTsmcR?H;yu++WcdFDeDN`HCibpl5iBbCNK|YVIvXOG~9q=Lg z>T~33Ale?DEzCw+gIRSEG5#201v4z%}Af#A!rIKt)l!di{E3-rUkct@- z?at@`V=M@F3GC2p5X@<4HzlP?@eAD+)(MI9vkz5BwEry}5uv&6WBBt`DMIO&!EuVa zWaDT6Yxpx4LDodKaVxj>N>*s=P^cRKDv_`PEQVCvZQ(?OHJ}lg4WgyPt z;$LW$3nMJqid#1P+OreA)ZTnx{_h~V4ATd;zb=!Z#KWK$=mYt{d%8Y@<2`d(2+8XC zPYfT%>Dq;c8W`eXCk8tNoTv&qC8qB>s|Z9~gy#>nc906vTCasF!n?P-;2&^ARv+&2 zxHtO5IW8Ab&e93Yx3zGH@-2aE<$SLlb{Ezl9vtWtVB|A;il7ZA8-*yP-|70RuuKi> zM45M={{pjwo&PQ&Tq?QrSruSHIf_RXrY;s|L+K`t^nTHO;nEg8IQ0kFYqE z=<5RKv4YiO?=B9b0SZK8xpwG{Q$r z-`D{H%PyL3^BgTE&l;=XtY!53HgA^amVL4e2b}OyEbFRg8*VG6frlcrsGVL-S3-WHj zuC6)>dz*RJOWiBDzpuGO)P&PtWtogDaP;d>44<%q$;>%U;^S`MYc}Llee3F zAsUF8X%$y+5vo->w6_^e8z*%#`HjQ}C!p<0<@b70)q5sPIS4LN}+jHd* zN|+h)3tt2iGZ)r?34>~)lkaSBY^Jc4m}en3B-DEvFztXI{z+)M;~4a^)|ZH~c{F6X zEuW!Bv~bL$W^z zIkFF4Fs3%4O|@3Y)OPs*ds9oHLpvJe4jLXqvjZo0IvMg%)?Hu}H#zjt_bbh!6jp>C zk~!@!i^46fy?>zn(aQZE0XzSxOgu9U0qO1&eySDuAe}7@M~U!%xAe)iTRniZeRd0`=)h!<$B_X z7|bLdZEo}!I7ahC;z||GoRPa?&2nqXV2%?UQ?G7lpF=N#>%zy7VU_s8;*p?F z3Mt<>wq7}AKp@3NkI^?rq}P0ADvOA^ixb!p;Sa3@&E1=a6&9N)&G=aQ*kG(PR~U%K1?$kHGzIe1Bsqq@F}(yW z8TjlCzjIkvOdx!7HTFW^Q#`F9=U=K~sbUc%o8p`9|1YA&IP{~<{bgn8|65k}e=njn z(Pv=QH(+6=W@I*Ip=L5*GN3jv_*K&C(;56yw2Vxw?CdQ6Gb?KtNg}mKvin~i+U14j zD|5s3>+Ijp%-^&6=8~}W@8+=ZTZtlRF)2Z!$QQ_u>%bT?m0->*X9rKL-<|b<-p|+9 z*Uv7JTkA9{iu-g6ptu@ln&vV3k0~l8s;Z%fDxQ|1FC;f4=SWYO-w%Y1;Zd+;LKoB? z8ps58sJI@o`P*XS{LujTqw4wg+B=t;yKrQ+W?!6nz+O;Zn_Qw8`Z&pc9p)&b_|pus zEg;zJPbC2GW6#JBX8zYE{8^6`!!w|6mJ?1!{*Q;^4{a|64&|~2m82MOa#CK#^VTY$ z>;x3TT-eu?^B}J1e<`Nt@2VYmx87mYO}D*v{rY{9Bi_HEjDuH$b=@6X7L` zm$XAe0H){DMreT~EQ%b!&G+)_YU?cJy!-Scwfi`j{4W8@^JcMh;wC-BE$Iw_|}bn=%jmktzK57-I?p+YdoSt9}2g!M%^0fLv3}auroy5usHva zhA?!WF3RcflTI(rzMwdpmS)5$Fg@D+UL2~F&eM3^lO5O+z{0c0HQVEhZ&^3EN%~N8 zC1XJhGY6>!tf}6x%YLa{ZlPxwXDVLB5Wd`htYJTr6U zrS^piYJ3F)FG?oxl8=-rk^NH`@9ysqPgb{@POS=)@-969bIFV#or8)BCpVA0nw)X< z)ND&Tre<$-gdoLWL^s*+c5vx(Y3*$NRCY6lG#ki0YN2W72w~2 zR>S^hHgN4Q`PaS=P015*?M^ih>z%`4clt)=dB()06f1#WMD!Jiv_iAruz_nYhf*Ij zrE}iwdd)`JmMO2*mztP$2guUN9TI;(B&m4d3DRVQvk$v`9E+d+QHg;1;>`iU8F1C+ z9-tiB1oQi`UI)t>G^c^^vlsSN2PZX2m|O&FVcimP0$j~$0rx#(rYjQ;28i)dsD^r~ zFZX!T-Rkil_&T_f{6N?fs>91Vs{v=VmRbb8xTg#bktoLzTQB2O@)V$)M4tLpM|xVv zS@X#A9az0^M?mz%UU+2{(KhS3>OQRF#qiasCj0fc?ZHz-x~w5MD;&s?OVX}6yvWZ< zN@k=yt^~digLg0T!_;xOtttM2Qo>_H7VI!Y$6A@HlHqmCg!yh5s<>8*I^UCgrv^DA2<)^x{Ire&x*?QGP*cd@xPW*9K43O#y#+2=_-p*w zIP)_w^)@eJ?ynk9!?(kxQXj@`=|=~#!fo@oOF;OH^vit6ABy4rm1FUKxKS2S?qm#3 z9*{QgV|A6{B6oWap^G9Wx-58T5(8Kk@r$}nr!Hv=LZJ#pPKc_quA}0{hri&o4GmdG zi0?eHvuQ8N2wPG6T)--~>r;idy)G*aySxHy^#dso$wxzwM~_EH&g&>Mk?=$ZhM0}w zs^4b+2z!2>PoVuSJ4(kd_p4j`GGmfIrl@Od4kt2Ax7iE?dlODOgIO7$BeM}W<8Qj} zHd0)}%qNzTgy4|?JP{8z|Cg9OGnwMT?KkDxl?MB5uaqIR4osPQb3g|y2Luz}iI?Gte#P$dere3o#IujQl8^MSm zGI$N!k|Qpg#BH46LCZ4>$FymOxFi{0UHB?r+CE!_K5mSn!x1snxGa8aqT-`K=p%s< zDpM$K)4ql{wDM&tESCuc{KUNy-*4xV*ybwrNh}*DMZspd-?+S#HFgWcnx;8&C%-0K zs5-ymRU#11-wg01K}-r$e}EWLKB0F>>+a-xXs$?;{(<@hD-K6{yi)niwb?JZnCuRD z{Z`UZYLFgBuJxK1?fX<}w1gkAG|$l_NO@*04L!`Z=iV!?q_%8bf2mPp^dgY#H^nkW zZg)Fo7?0GgQtdUba!<^+CyAGcptrU*MFX4ZNGu9 zt!&64`-o@i1@rde@}Qgmw<+vwSov`FPo_8;zPe)r%>>3SbNpppIZg0ImuZt6MM%h% zm^cF`c@yWIPXWe6<+lWi^!d>pnQ1vX?pM~QK-&lJG%Wl(y48(%8?p*{nq+Y6g6CMu z+eaw-aKj7b7$la}A8o!e4nc{I$=+;bL_sn<6)KZMJ$E^h)1I^p$K@P^?*V4`3W`gK zJ9V!c2Cq`}0FvpVoL7=*2kfT*wR0N ztEo(@3I!T{Ih&W_52?yVn*_4yrV?pwf%Nux!Dog|S4wHl0$g$%j=SHH5GQTh&YhiIK(J_FL(I_zJ!m29<-@ ztEU&FGdo%>$z^h=U8AJ$^*W33mko1NBo_?@Z4!19jXx5ECHb<)qtVp6517 z-4+_%%Ag;*;KUmZI#Aw_6d~ZPtZpfpVV0|k$^dNMx=;Ji`9hp*(q;{=xZqS@JWay@7oXTV>rzu zMbkeEc{6rh-IQadR0^;;`iDBWSq(;L^~El97_UMu&lntK|+PHo<2#pj>+ zIc_RWrd!1}qtkDXU?;V&>wBjVl<;vTakeOFf`M$^plZ477O)haDn`V93R{`s2%V&1 zocfYxp#7+|KAqJbh2Y7*L>y$M1>_53@1l#ws{2a`(i0f%^Q9KRu>f1#saA{jNno+T z)5i`}cz)#zUMHrqxTmXi+)_SP&tk@!X2OMGq0p%G1FF~+DVi^MI3)vIC{kqFI~vXc zE)3vfGO1-*iABMoV@>b{+CzE`%~O^Z_(r}DJUZtig_)-!uPW%u_@OtSxuXU*DiwCd zO#>|CwH!$G3vEk0ev9Zt%0L z=gUY36n!P=ZZ!izJD5uI;_t`5Hb!~Myn@RF(>v>oJx8Py=&{_$4)kA??Sg6@X8TNx zPY@g8RErMm}H~um!MXBo-!`QhI8C>YU92MMr5Pc#P5~b zW@E70I=x-q!cP85%75GL#7N!E6eT;b?4GlFv@ERne`hgYbK4noWf_O2gIRnCtT0d1 z;E|CAUcr@8j+o5Gs2=y!HfYX0;p#=J6?*OHZ>dZHrfja1pR`Zqk*X0>$By!#$8$}x zrr^B}VAZQqg01fn;YahUzr)Ls*$*DV$X4H>8B(KVSbXEg4$m8sk`AwOH@%oYl5LZA zpfaSUcALB-pwcZsaW%jke?+eyvw4{W&gV|!!UHRrpzX(>z!^5WN}r>&uN znn;@_{JaiBX4dGs<72s{*Ziv|P*x~gc)7cw8J%~lA0FIn{=-7I1d1R2p81*m%hGM% z1q%q&AdRg89g-wQgerzSr^MZg%S)#g zUUeKs1KQ1yNy;AI86<(EmgqY>_d{W=1fA!TlA6p+vXfNYZncM7ZarY9HtO}Fc>O!d z30)1Qt2Onsf5gmPTrrM=8dG2R@>W}Lkia3{oS<+ zdoe8sQF$ZiD5$^kGw-6PC-SjN>@wrXNCt~Y@w28^;gk`uOV?ph|WLzRO>c z9;lZ$?H7CNTMd;b-mmeC5As4>=P9`|n6rVH+t3`;n}pnlk=*Ap7Aziv>_WmiN?(mWpLOfOk-n zYGqL>BedaAJ7W-QZvNr!VSZ_mdULxlS4G|Z2h1CoQNQIJ-sKzjkxCB$8M$7{h0S9< zFJS8^hcQuj6|p2T@QgaC(Mko48YtF8S%-VLQil^sVm}xi+HY-!ZJ&WOW%}6A*Wk6j zi$Eb-XviEAaLtP*IQi+MyO;I{GW#xB3nkk!$Ep5CmN4x}^-oy^h5*VR9T`bqSzCYu z7l7FY&j7lTGck!ar#d7}!-C{6s`_FiM^P6_Qv^k@c$=)zAjSeR%;~ZKF6EI15QX4f zV}o8xGbVEz-^RYn#tljgRYqz`A|>~-iZE)qKgcoyvzxi=E1v)Yzxtm4U}k3&eUGBo zk@*kz`ja!kX4-%l&bj(VlGPoyt*+m-s;~(A1?eg_ONOK*R3A*i$C<`)sg$XmMEzsD zQhGN!0(MbsL$_EWdANniweRPc1l#goYSkZQL#x_mbI5OaOC!NzBW<=dJ<^jzq5cA- zV`Zi!y{)K<_K==!>Gtm%vXQ)daA7OHGiiM31nww&x9^stfakb|m^jI!N<6|I7S_cm zJd>}JYXt=!AB(||{F@AU%{_zV#e-fxv2a@FlT)WI$rKkA5Qjj8SrmxVyjX=RJ=Y@Fje&u6^`~ zODK~dj~@Y7_$bz;6EE8-AxT_QuRceK$1Nj{R@|YIIqPx=9ry+_m0Rf2cT|(0nLxf7 zU_IL3Q0D_KE*;jqr&p4<$?T((eQ&;c6;v80L2Zd*M>dCpyzQ-O?*~FT@f}iWPStE^ zw6{RJ`lXAfWBiH*e5IwxXu0E?NWnjY6kWDg@j11tNJb9O6dalH6TPquIR z;+MeY4w*ou;wzHPkok>QkHY#f1YAC9`rr0WqU(ZvuE4OR>z&}lZx?vqNQ?HfUDq|* z%|&vJV0GvczsP(D9n3V0nHLNv)P;fO+Vgt)A0)0IEl5v63$+RHL}ro?^S>H+A~o*e zn|%IByY|5*$}WoOLU}t0{JQ^#v2*GUEn3!XY}@9_if!ArZ97@9ZQHhO+qP{dC;ROC za$jz{t<9fMZH_UjzUm!f#V5s!TIU~V+$~#GXyvFQWD?IW$0x7)BquP64*W06oa{CQ ze2IeTZCVpT>YIrG;E47o3tV0=X&&092^ME12^jqRY(XB35A;DsP3Z0r9%|)ZH*FFEa>%lqSJ`xvTHt+ z0-)G%N6&m|Bhq(oFIf8`FLLc~--7De5UxG%T}=_c6(A{5sUd-W zC6^*$oIWurNSS*Pxvh`uIizJ%>q~YnC$M+>!f|kl2oCt6w~5SG^=}d-fy)@b`?1oD zk!48s!`Kc9$zTUYt}oMFIgYt%OT|>+>g9qrw|-$QN<*0lpb>9x_TKgzXH6pIBa8oO z8s>IcnG7&s6`w;Kdha8)RYRD_3}SXu#z~<`C;lUhDD`&FK&dAC9RvRk${iUa^njsx z+%RkbtfD2y+6H2oFnA6$gYC8KVxhCxFlc?4tTGY^Tystt86aUtmC)Vw=_S|E~cBT!HoTg zJHC@VLCV5()!W{}5M=%Vjz}rF*fL>I+*mc~#2O zL2u<}!qsxT>=4AjIMQ7UxdasUmv#Gla@9iI0K~9u2G}~T5e>ViSwR+DB%}%|C34DT zmGP`W%5)g(E3M(&LZia^NoUP4>WIH2e7?;aBW$if+T+zUI3mjaU$MH1R%9%^d?BRv zyDt>P*^8EkBER<(jA8BM#fTum`BFPVywXa20_5j?R+MsoT`jI6@jgSrI{)%_Pq`v) zaCqmp$t5RA{6k&f@VG}{8VflyuRro8T;Kx~q6lz5C$Qf?U~r6lCbt2NX0v9VF-X)#qv5_Gp!&C(d^|ldG~Ps);*k(rVB+M+%&l5!7`=l@nDM zfntrvt2rfBtMACL3wK1rBcc7e7Ka);3zwO$&15xg3j-7mm!(cU!=0wzO#aL+&+!Rz zYJ*sXHRF88Zi162&uCGoozEx)C9)bYH6VMnolIpi7+Fja=!C08{wvdv6-5Sznl7%= zFL*rU1E=mK17tBv3c-KhPEOYh2pcBh2s_FwC)}3V$u(g7gAWPTQvyWdojajb(IIB3 z4}wW0C*BI|LU7roFp6f=nyaL3nOem1ToO2{<_=r3A8|esc+9T}?J>v*EfXfJbB&gP zrmAs>;6`v6^2H0TfsaDj%|)&)nFs3^MK8VPAOh|OIdO2hEavayx1RcP(fR~BEGHq+ zuB3#H_3gcXQ=U^jE)pMSj_!G;+VZO1-F~GRc1b11ZIS6wSHV~e7btp_&9^P|$*166 z{?ByBMtC1Q+ppoA{5+Y@4WPc(lPZVd2jeG|LA8-Bb#|ZDIzMoNJD94ncR( z>#6c17F){my)6Z9>E%wH)<`SH-kK=22^8I_Y03s`ABE0Q=#i|&5mHI#^Xbx0c{ER) zhyuJoT*6P02_5?2&G}1!B2sVyYb@Tk&;VWO6bz|*Co58Yv%p49&y1`<@S!spTk=@} zFxpJ~EW+Y?2DWcB3?drhadKl2HEN0b@FNTYAf_Kse)k`zscZ?%dv(U6ui+s#j+F{4 z1|83y=GU1qMriWoe4w!XZ1xBzA-ec(m}Uc2CS-lZpdy=FGW>l3`+RR@-u8or8W8xp zH}Q=VzbLqkoOfkOEkUZxwYhjJT5v&z!SNHh2Uyf9iXSzzL4~4fUg)FI@%B%#!muxL z&+bz*z<}mWtlw-_9+nZga6vnhIOhk0u&vOK;^xUItS4IV#y=`ae7s%fJ>*G2h<1|+ z@*$=;Q7E56CbJib5>O`V8=D{kwp&ok`#VlK19MqEsku#rU8YTN2F-aPB>Tja8HrUj z$ZDXGhb)k;KHwx0t#oA0f`qJmn`uJ1SfE1XIhI-bT@wMKDJkmLu7A)iW?ksQQ8QPF zV0)!vBK28#zC~#`CYf7&%}zk31wyj96=r9`QZO1ddoggD42d$PhMD*6kF8l1vK|~C z>w!r#?Uqm?$O>;WApJgG1bmZd4}d0UoJa}92D1Y7=NCYMBv6?hBHiCf4u)Skp1&H>3UEyv{SF+oQ=XXv%53W)?c;TCljreS%Ex#IL z(o#b)Lum-tpTP%%y}1=~DrdI}mw}MjD7!>_aG{I^>cCpRwXv7C>A7XIC@XkJI$^63uQsAJ%N1AZw3$2tZ2S z#GFZMp#^cJm*RB-ux8Pt^0>GwA~^yL8O8GDrFt{5j&%%4D}}8;0=>3GQD1J~6b|k1 zvg(i#`*eHRe)ZN{vk*8WN3zo%6s4$W=3KR`+O=EBcKku#Sylh$8)jLeAG9NarFPN0 z_=-g3i))RZ>JL-(t=-xeZVPYEuP3AH5sVB`DXT%6d*JP!(<9;!cDOmmT?5qXR-Tdh zb^QGB?v|*p^@rebO>ZmRSx*!YtRDWkm7&JOcd_wXBB7gsoH*V9W^pZ{YYsVh)Kvi_ z6PRd_3xkFqhl{52d`>m2L6!wVM>+YbhwISJV3SecYe}{`c1Hwnhr7ic(RiOi>D$1N z5XnnF^f^Kzz4$7BOXzIK(HSUSlq-e(>GC+C0 z!^Ca8&=qeg{?q9k2G|Yno(^YH5N@!6B=>{4gpar4J$AwkFgW(|dLnvMVQqM;IYcT# z&RDrc41csFDVJ@4KM?MikPZhgfa_!9ENu}udbx=O`}(_IKp2vjHa#7I4UO*J6el0d zuQ0feiXTVil(~3gDkV)}$hh|6<(jNMt+6&AP_DfE_XQapw>P1BvcVUU+R?=?+?3D5%dGJ@wLf&JK9)nh`>#x z-AAkUQMN(jDl>h}7D+!T*`29Fi3m*a7++u6Y{<;5ec&({!I$9m=oWp!yabU^0p zZkOG=i%OhM70VpTwGQ5!_g8&7?Lx$r)GP&m7nV02X~oc9fl=rnInHC?_Zg4fWl|sY zeLSbaKElg&mAQ{UxYxYbO)yOx=6THI-;YM^w4^YA0Q5H#Flfq~goad$Yl)stwT5Pk zx5&{K681)7RmQREy+f8`?&)v4Blu^*52?eRZS;b)RWcGGc#dVOsnf;5Dq;2lK&m9e z==A=H>~`znNmAt_tq|$Ox_$sY>zZpoD0QTyU+(bPFL(GHg4_=R zDdc2zgqiaYtnI^QR_OD)n6=Wfmz`Idg&IT#k$(R&24`WS@CJUJ#xRgt9r-b7OV%%A zrG}pBlM4@a+;hE2C42I# zl|sw^E~B=ghe0{~++hnRdV?Z_KH_}(0wBl=#p|2e4YFIgH*cDA#J47-P2uw93pg1w zTRtuuxB_)8Q(_quT{?=)agyUQ1sB2L3RGR7-A>z@_qcG@{E`QP@^cJ`lhZr|WzVck z_*ON3Z@Czruk+Ims`KjyE=6$FSL+v-*CoGZEv_xG;8#1XE@4g6b=Q&p2PzB>gSYfR(m88GsS$Y4SRRX<+nu?V7y2ggsW|w7usflWW$5ES1(c!aDC4K6}y$ z$Od)1lX|GI0vJ&+YVBH5^Jp4ecWjamaYHP`-C_H!k+SCE?THvh-gDk9kO)?RtBOee zj(^BaFWSru4A8?VAsc=>CTx^>fa92b0lUzKXye$H|P25E7@~Utn_kZ|Se%Ag)5bQ?}j&M>&zyZYB1BXK{ z^+OO(pJ%C5;LjfN1Ab?`$P~X3djl8Dq_)s5U3N)=sF*ZWq)!G#GG2r%);J3*Pg7*h zKMX)|AYiC_dRgHLW9KNOtK@CCQVDbcrXSu`;w*~@F&pe=@5{D(U_F$b=?@_Ve}TV& z3kNILOF&+kc(31TKbXw~n~4u`QR1&FhK|YqTd?e|eG%=+j{~Q1To-k3t z(3_5Y*&LY9)E5Mb;njaLsML1<6f#K9cm=KUcUV-*kEKdLZ_@KCD>e#z?(RQux-~YR zG3njB5jjK+y^mPt&EAr-?~wDwwR!E1MS*4;bICa^VsuV4E=o9ZN6++0n$dDm;39Mv zdU30cn;)3bevD78>+uZ9s|fOn7iDKz^b0ioXen_N%>Y?~e6LXyI=)qw+bt&%p$*Da zf4J=E>V!)1KBW)+PAQ>*acz9$0iMDx1|O{B6k@FP27K2FjuUFO6JHTB#8O;Dg; zvNKnpV2&gmGuQ-rk#t@)Ew=Ri*t$KkTke%)i}joVy-hqg1dY4GblZ&ZQwHX zt!Gr-NC1#g_L=Y<6P}%%KypmsPTWBh`uC*<`BiCeYio}p%)@jwep|(2Q-pb!WB9U+(p4#{w@xs|)AbTvElwrdwohwqS27t8PYm`C;rc!qQujbGKwctUr9jxd=BI zHEfVUAjPQXszKOZYRdP*M0m+*xUA29m&vfP^yqLaE#3G><{2Y5MXOia5F)Hywppfc?PlBHtZ;fd_criLrpNJZ z=&VLT(ZERFKdAXmrKms9|95KEvqnrm;x{pi{ucm13jhbe(A>_<*ulxz&B>9Lj`{yT zHOs`xU`)?U&qi&)#%@5(#LC1<&2G%bO3lc?&dS6@&qU8a|NkV+O0Nsr5ok4l?XEUo zNm*^UFx36BW&itSZN90#cvg69bh)E>x5FWnVlz&n>W#nxzz3-P?WFILe7XuPFa(32 z>$;IieU7q_WcQ^3AOI-ut{{%e3+Tv7ppMFF@JnhVj4G<*^sNPmXbttPi0BN43W=<5 zFUJgl2nmQyjV0wS2MRY<tbNC~a&y%F%{><|6LDdxUr){Z{OCtOe+`K)#^l`x^*|Zzt z9P=_J^rENE7vKk<5A%!qu_bF~q#|fOj@&c{l5w6vWN89t>`P@qpnmrzR?t*+9jzeY zK;4+1(V0_6dP;J%+IJ%TM&mram4XPO7*=__E15b%wY#s^BwQxRJXH_1!LaJ#8+V?0 zOoK*|CSrFq?UC^77bAJk9XaCMsVX>!Uv)#n-wD;nzlEUTp$47f12k9+36>g3HOCB9x#v~cB@LI>S;b51w)jUYwavc z;lVo5-=}aEB7?I92SSBG4$N1K^BJC!Z$nf}*`Aeo5kC%Ld#o~e(WN!En}g6y6%gom z|AbT?dM9G8P=pXTEsXHRNQc^pK^)}`M8vCG)-WCSN~^K4nh z7b%K+Q_J+lMFVo;WiuXTrOkQpaGd4cSK2!eYn z4KJv5*ISDTEo|5X;eC!->hBUiSLM39( zZT$tW#pXc|(A)l7`hPLZIkT#Zrr} zH1GalOl*@LGlsW_0Vc+bzRok$3EVhhU}o&yUP1s7qeELekC=P}qA9X_i6a4mIDZIN zVV@5gx_Dg9yZ471STpFw2!NL1z$RihiZ?mY_h;^byJR~ z1VF}Rqo16~&$t#6*%@A=8ow5~w+t|PFxhd&PHC6HAzwZmHq&%yf5_dcr7!e_;!^fq z;PftM;3&nYN%(Br@z}3Fr!Z>e1;N{3R3?&nt_09E3MzQwV?9QM zx)eHvSIW6Vs&>n^mj62NLo~wEp2j~*H|_>;u^Mr2>h0DHN#|3?boX9V2NR5@P9I2^DU zQlHRfYkec(Xq4cCzs)Tc6ITGtwb8R}k=A`=_*i~=aTcK_$UCxiDAkOVc@mt1hm`$G zlo&E$7hcTe)WqgetQc=oBW+yoDW#8j+c~^%%OUT*TXAOA^T?p6i~Udkl0{Q2pE=80 zCAK^Ks|YTc&f^7h2u7vzyvr89b<2RKxk$G6f{|tyf45J6VcL>ZFvotOT{f3*^GYCz z*4DDE6Ott@KbvYfEE1_KCJS96oJxv)4zZveR(nSdgnv{ZPF} zGYN5}5E>ef>;`4_ArZ$B3A;OVe~vM2G6wT4PPzT=HX zcbL${t}oGDIj?0^7ngm@29Jro;V*kLP^H+Ikq@2VwIfAOUr!D%bqV(8tfWB~v=u9$EQ5I4s8uDnqOfV2BY z^Iw&tFQOsnNZHuSvpmuc@I&%~oSmWE^O+jL9Ep~L-6E2cK0zIBR!^P`io@{~5j_J}>rGT`46KJ!Y#w+VeA90OeWmwr%Tj?}Z zXm(XQSCgO_A4itk3)&4t*p|Y?}Cquz(7E0?t*zr zFHZ6MKLQjzW|KRa1UTRAn?aAWm_5bYJ;P$Ib(;Znf=OQmUf56-NP@`CH)DM#C|_NG~k0Xz-l9S~tAnpTk>47)&@ z?u3_NO3-nU{nSkbHzrOl;4sMYI5a{qh=I)F@yke#VJlm#1u+?P`PL&vxTMkJoWszF zt}_YGgg~h->1|ebP}a-;P5FmcMP(5G8!v^*JRL_hTK{WAYiN^h6utH&a~lXnEc7e! z^`@@KI>LrIszbU80tHJ`w{8KFh(Fi!M7>lS>qK3$h70hdOdtYphS z9c>M?MV;sx!vl@_VdnpySVL!;GfXfxGx*pC^`5qw%w#}aKX8x@X7q}gdTtCr!xK*G z=OKsmq_hTAh_iJMzdD?9NeA2q9Ky2j2^|;1@^FzbBn`)dsAh%z^ChEEzbP`vF=Ojd zcOU8AvY?RUmqVRMEmQ5AX5MwV%2Z3#t-W=B6dy z8ejVoCYG3&E*sv3@0wnF4xN=-VYbWPrXT`GirH$RF7y(in92?tyMeG@ZJ(CtBOBl( zZX(C_&b#28dEY!;MBxE_`8;Ubem3BN_1_M-a)(6h3?Hws;uVYnypX933;t0On&G1c zUUr<|E{71HovHmmi9zy1VDOf*06z`}gE9qNSqRf-p9hK<$fXNDvtcNCyBDF9-62t$ zFOkry5Mjv_I|krLAhC|Vas@ZuEdQq-4$ao*KN*|MFShfGZ{RZ=v^KBp-J~;&kxznG zjQXYS#7a3@A(){&Hg*avJ+Hypb7?W2pI_#44rJ}mD*!fqgAt5G%BZk2(rF4KJQ0olOCUu>Q0T0 z*K>Ma=X61b>oTrx!QLWLlEgzh&)#|~o1b^}3AgSuDga6~;p@!8szvqmX?ykcTw{~b zs~nenFL_&tUX7fvT+<$*sZA#00d8_R7qE5uCOIa9AP*g)fabAlhfw`upYG1y4qY73 zsB*DWUG2tgX8NRe5A!$(rzQz5wSK#N@pFUJ*i=Rj$rNIYn`!H!^JW!`SCPam?a!_X zD=s6)ejDFX8{3L8j8YLuaE4x|+s(~Ko`EB>8YtG>KL~PZ&Hd%t*jzQ9H0eNJN&oC! zlkRmxN(Nh3k>7rWuGx#D`)zTF*+j`;yryiKc`Rs#!<6lY(DuKFnXc*w!G8##By4`MWYpZu=7}6ypNVlP)W7w-T zwd-mo*f*QWtcX_9@wVvZt#8xv`m(c-?r;+?nEm-kqaQ<+*?%G@w1z(^4qv*s0C-`% z7d!N;BwNH;s}4M+*T8$oFHx1c{6*kweNu$M9+E^ThIKj7qb@Pof;IX9m;MB3)J0zI zbs}wrXJ{<78j16}l)BMT?B;A1SRYvx0-nE!8;1X_wQ($_?Vuq?+jEbGq>Euy64%d`xmTL=K^MW zfU0(dovWclqsc#0$n6Ho#klLNiU=pPv&1uu_28dy;Hk=JSu_919>v;CVK=Kp2X!Er zj6>o8J6JI0hDWroR9C2M$>0)7ki#P&>r*59Ul(z-!?Ssny4dDjRw0#zw21K$bn|LSNdo&6Bnph+*MaUOl z!{SiowSWFg#->0bsSGz+?u0(hQzgQrfgW|f@V02~UehH@jwV6kHtDHr?s@7eC+}Yk znuyFpAmz}vn)Kv_kVJ4Lf}fvmvL3^JS&>8GQ5?+UolMA};2L4g>o-~dX*~gWx#lNW z9Fa2d{oOgk*`qrDsGjanNu9`Iue#oUGX7#&a(nuV^nM(MrIKk;3zq##eE_xKXiv;J z(!CSvHR@xH(C%yN)6FKbWdwj55_o>YqUKsN{4~ltm0dMp^|T_m#IZ}avuqLuLl)=u z=j>e6m2+uUK8$QoBL+2ufwmAg9{lUjz6ONb)5xBYSJ@oy_?3WSI!0* z7`ap3n^97SzRJx54So3{tjLZ257tTQlwGwZx5rgQZ*yJ)4+Mc&3xPB%=UpjJ{~j;B z2Vl2zg^f?Vme`c#Auua+hU7N(E2wdcQxOBiUyL5z@6I9jV(_Lr4Z%RdHMhMju|mCQ ze(j9Ri~w69P|VY9eDWW_qKV%_Wb~IjX2dssrlm7;cOfMkggxL4CXAAotoc z_%y|+bn$f$gaRrS7G{X0+0H5atn4-w!XNDd2;kRUhC+@mvOE*vP8&bV!|(xr6L7{-Jt$ukPzUjmvL*31A7PrO6t zLBbxv0M9}*3`hPvdV|o%r{rA0HyC#aQ70u%NZ?&XkYx{R)t=id6Z` z$`*F|ojH%Amb`ig&x9!@j+z!}2O}S}ePuovJ~?35mr?pBZD|gl11;Stj@mIr@_C+x z6~~8{CCoU;%-xj7Gde_e-_sBTS$KXHdCn>#G+nh=xsTImr(3I999otLjQ(kIkSYPf zQdW3O3K+J9zXt9n3f=k62!|+LSSc$8dhA$aI`R6CB+k!n-9*&_{6N zmM=)7)Av1=#grO9{OX$PLaYY$WH)?Y2>DjhA~Zc2Bu};SdA#634)$&yf}dx)G|YXF zNHR8gz$7SVR|JDk#Y9^<^KcZqs3vR0L`+aP_(IvE-j}>1Rp^vp`?QAoSg9lG5E0^oUFgv*^{t{{n9d1T*tgI{rk5l{VfZJDkPk4R6yy?+p;$H z?h4HlTGmxYjAz)*Vt;L=uX6n(wbQGUOnH#^)rDiE8BNu2y~TG!!wj+-FQ|u9!cJJP zJz8*jj$N1_y1l=&6`iYS-G9hScc(Edm*9|IC!X-$BhIjuL8(TaDm41#&9n%dWy?i@ zr0ZtoP2PUBrw|P-(2DQEE&48|2Zb=0Ja&Q-*mV zm{$IQtdRxwR^WS^6kpduP(I3)-Swl9dL*>PR3sO>@Qu&xt)kj++;`bhh!k|s2cbz_ zmM-q5af$073v6MQV0By3y^tOFsG}c#7v@D@jzHn~()tUqC+NuFQgc|b%UXUFC4Y-* z@sCiRyj3Iy8C?7V8u*#^gq?> z#bO=P3qW2)_Lnz3Desd7Z=(nk|KZUuIS`3XVvjHHQiq2_>2>E8VAJ(%IRSJpC%Pj; zI>L)v44YL2H_J$Zhv}k+0+S1`K}Se-t)zigrjXSdP7XVTqklOOeK}?%CIcH64ZX4A zS+Ke}{L^}n96I=#9CtwzJ4dT#nMcS_I3_BtKJJ?rVKH;J9iewB#zfOw47NuN5BCFi{AFPQ?^oad8t+U)^_m741wbAUl|o&$OM zTNWbBOKRYd30{!xxVcu2cw<{hDeU(`9EDOG3_drAaDk^8jg3?SCDE2~Gs>^>W$RV% znhj+i-^sZWyXdL9TkcNXD&O%$i%Adu_Xj7sV@9%9dor#R=on$r^g=Ji@QL{QSNB%Z zyLT;W#&uzCzRi;+&Pe*V{9}j2Q;7SFg?~14`a4fZnlbh<9#vK9=Kw@pAB%#Y<4MCDVHe-CWw+l~jgnZcv zQmI;K*i7+D8>@!@P4grF;dxjkTV%0E6!I&KJ;Ek^0@gySw$kE>k0 zXL(mz7vN3!B~_3`af;ZkAmUK>!-7T5E*Az%i@=PxDBoab^_N$JA6w(J!stJXkg0`J z?Q)0hJuXAd^NcAjKpp5^Nki;2)wtfhHM+ujy+X}nyXhvdSy*Mg)x#ZVhFlRZZpuDD zfUrBz)+Y5r%9suPOuzs3Ee7<0^kaT8WX~H;KDkhT_84?c@QXw6ff1foVCx|N+37yGt^7sH z1>1mShwHK-GLj9FJw#OJ3$L?Y!=BFYe*BAryzYtq!=}fg&R`}24+!;JSNY0hKrk^> zZaAYhK@S;(CgAo{>lieh50a+4i;s1=8ulLQWizL;Yd>jouy$c~oL-6s`9mI&4yrqz znYuc~71_v9ejbCg>2G<`ZE3xKs>9K|WMsJynclB;gXIlzK0Fk4tH|oezfz|cot?po z`Kork4=N*DIIk{0m`EjbEyh6LZ;jMCuG5rAR~oZ?*8mGR-)li=Hv5co0-G@)T^<(% zPJ1+D!4w!RhcnIN_hDA2J;>v2_+gjF?3=GZ2?RR;rxpHNCK5CMSwR>r-Mbdj^v_6; z0&EFgw!Xcp_m@=NxTzpfzN$@nBT7buAJx_K*k}3x16NZNFs3<(jtB>G@4rJ7rfsug ztr=-8?{b5>Ikkvl>xdHn+XP`NPU3zeoAcUmYs1@=ZWm}lC#B$@*+Mjqq|{S@?!OgJ-{hT$^zeNta_GXd+`H^f4l>nsWV5y zeH5V9@G^!nrXoB#l5gwHoB$og09sOCRTqpN<}&W8Bo}^6{cdz`W%N!2Y|-8f3$Qow zNR)}2;E)=6^Di^s?Jt_+0uoZ1`K+Gn@z&l{C z9e8EJIZ3bY8J};5ZcSWN75J89NbYmi$6)uWT3*--<7AU9CG@JY335)b<0XAffqwUk zayeZSZE}HRP@%EpSgL@i9NK-tVvQjOW6ZzI+coLL1jo=cS_-M>7N(W?@VQG)`FsFLePYBVliyPQ#4vm^0>0qm+c_*h z!BU19N}^>JF1D3bG>HED5JfvVOy4BdF&UbcI9&uCwT;{K%_9oDG_-St7}!ShiCh1~)qbnKC2;mP9-Eh0Ta z=pvXzY!D1GSoC>LY)yS|Wf*StJ)2@{rS6q6S7njBPV2gc>VEJJBlpzd6-c#r9&D&P zAV0E{9#ru^nyZ2;Vkywe1k8Df6MB`jL>7j8_8g=vOYx4<3#5T5kh}b9$Wt}P{7Z9C z&wwRQh9h*et^E#L%3|ZQ4S2U2q~FlbkYELkd@+_Jf1UP3cB2E$lh}*g9YSaA?=ejiMrJ_!(9;F6rMqWDN z_o4yL)sb(QeNc1OXJ33$7f}JQ5(X@vlKM-g&bhRg7*Kr*AczRD1VRXq`Io|hiRl(U z7BbA+nvu89yPXyKCwT2fY6-@7oRPPC7kx zWw=NjMtpSHj?cSp#r;bzy@abY;R50dk^G`bDls8`fg=c5WgWaZjpztWr=-4nW)JIS z663xPZ`1Ft*bhGb?F%@mOzz*b)7Aw|6o8oq{UqLmlA6B{aM0QDs#o{~wG%U$HhF#w zh>})uDkXd_U<>sPLjx<}0It>W=T1vpgSnq$_1r9@Z(M)>GE1-xz@Qo(m)H=vf&6NX zb?|X-@(yZU&^wd0H;X@TxllTMu^=myF$T$RtKfRkAhJdOP964ti3cD1ZBG%(ckDq- zVZ*66m2Jpt^$LX=_Ec(1hS`aZ9tzIq?-1C!;CIn1o%ollOn~rJ!X7#%wgMjCytBEi ztRSb@%2IP%G_I_6#PIs?XF$v8yv3LuuOzKEv*2ZmD!+Sfk33Q7(5{{$3AP=ge?XGA znH=POC6F$h4S~`HED@W!zq`6155omF=8azn(UM!u?kgn(q3ejhc9eFqn-0TUV=MDigOKaAIjJwP_y3VE{2}}3t5HYA(5YjWJ@<33;H^HjLiaXIn8XtC zJA54HqI_dmU6xY*!!Y=R!}j&v%_KkSKyZ^fkTFot1D3FOjE`>3U$lyt-X%P+&0MSO zy^)2})AM(*h40p|v)RRMMB*F0o{ z{gf6h6rkpLUTS(Wd1qbD?(yPcx%Khil>e$Np8x~(0al0(vU~UupTdEUw!sVc(Kg#} z`fxV^U53&b5yNl}T_>}gMU$|{L#n%{Q`S2v!tMfXi@FZ#CIGo`NUjHNMa6}q|9JOB z3IcT2hFOFU@{qylBm`aMnR=Zg=}7AZ4qI)HfzVxf_yDfklejB@#`#h%OPh?=)Bi%M zz3V-uE}Pt~;(X52X(E@T&)G_oo|+E;#?2`%&wGutOuY{ZvSclakZSv4aJX{1m}#sr za7?X2|J(;`dE(k>&DTxHazl6k`XbW|=Z1MSH^!Wp5S2ID#!y9z+nlYfPBFH?>C<6U z7$tj!|B#7a(a|z;H>gWgnhbs~Yh*yEPUA3V2}HlebvgS>p5@`NsM{@SirivTeXI>Q zccF66IsmxK!WRwRC0J$bvk(>XTS4gCVv zHxHwkFoyeuF<#U-(@N5_@II!b8Q( z@0Ij!_B|lNSbTec2o-dV{FZW;>_P^7)3lFnD^-*e9k^?y?S`)Kqf0+$$cwqfEA z--u_m>zUlIbhmY)itdt59j4qx+5qMqDjrtew?JmMX?CmSTJgMyhVTn7hUoqiT#EVM z$JmIOb@D6&MNqN--)3NCxIiWZ9z{(%ke zzd43RAD+wJV&p1{|9VPb?XHW^Ah0al-CdUr#Z59NBR~!^hjvC{p>#L6j~Ry69(y(@ z=YPvW9p8*23HBokN_RE~B;-$1=k(4A7<`8mnI3fAG*|1gJS}1y(ufhAA#W)jG#Nxz z!R_JjT5j~!auk&vC>5C;6wl{4t?+1;eB%30ucO6RAv)MCC^_Y1l|U4t_?8Wpgb)?e zoE{7$WxE0de-~r9A8Fc1H?88Co*VAl7wlYz;pv(-UNxo;$d?wq25^y;uer~7Zn|V+ zvfJldfdqpOU={^)!MMTC=A!{j%S$J;afkgNG!343rI2_Y@|#U7d}Wa$i_?s2;x;@$ ztcR~EO7Kv1dB98G-*7<$#SSvARvKNf{umsp+^@UE zjbaq+j2${>OPR|2yQ9*M^RU0{4Dpbd2MeF3-jO_GpUrq%4!GV9`L+`TS#E1 zW2Zx|h_xO@mbF?Af94>G*}A+Bne9(BJtkGG&$#5nq%J`5(T(;pnXdl1lh<$tL*|)5 zOS34aMq=-PB^+!adl@Nk8}!4+pOo<4+}z}9@(=9R{Hq@?wphPPBu|V<^x)uWn^0uc zZ+Q5-Fg0FxM_xHSoWdx=w)XbfkQs4a084K8xeP+VG)xDgy!WqW6JkDLRWt0`^rH}{ zV2gBPftjBkO@*Up;@xjSAf1_L#cmXBtL0^MEM9&^=_kGx5bT5tADLwwTlyttHiK1$eLWJC|n!HkvQ6h!66pYBVTMs73z z1o&v#^W3Z?E(KiRHTP!OSLYZEhi3PJ#j?1^W6iuPo-|YMf{RW`J*=IXb>Fc#?rbt$8pIBF3$z$@_AiVmhJ{k97xjB%y0=@wPgUS1?g70v0r zyjISOeXh~&4~Q43*9^?C7fM_103I8roafd$70r8eJg+Lg0bxF{Ds$>fy4CeG)HTdx z1;`@}Bwashp3Rg$9b~w&I$?q|(-fnY_vOun*iloVR+C4}1LVZ#HKccyFvNWMzBWRgC?zhT>*jV`z-#`6ff2%vOT;BK;9>wHpHLP- zb?WXx=BFLW7+BSrJ0W?i5cy767<|bvc`bd^KYaWLcKbO3G5*t?SaoL1we;zP^sJy~ zD(OlLc7^bP9Keo{ZDKUxvo%(ySubRb?EIL~e*GB04mX^_WJOvJ%<#YI-d}To4+r5hLfq{ zyJxA|H}1dR=bO`0vmJP`d0mW1!QRY2W>=T|vMuJBQgz`ofBo*0k5|RYw&rR6n0m{{ z_~)H!=UJC;y~`?MD+(29QG9&t-zN2?doSO7`rh|wr^8R>{-F5QMQYoYNR$eEIn4Ke z+1>5Y`{R7B8Jrg7_1d!SbvDzh`)V?ap0esrl2h!mklNzEh1v3vmvQ&92u_E?g(v?U z+_XN>L*nbwk0*H;f~%4hs_cAU=xpOtxjS#A?6G&77aN{yn{svkERVF+u0_cyZ|4i# z{o+%9FPOpV@V=5m>*grzZIoa*_LyC@%Tmk8`fx|F@e8$2Pi8#YF}df=pZZhZ{PU04 zueRHq)g$&esn1SLuTD2R&h$TjfHxzP95ZnFDiAbe6o!KtP=cF50?HC#c5{5-I6j<_6&Fplxy ze|B!*>f3T&1_oXf<7R3yFytoYWu~PTmk?njBp^X91Ud!|c;Nm91>|es3T)(+*Tgz< z!VO939^jeBia`A_a1%j(HUzHcMmEvFz|cfDH90;fH80*sH#s*qJ}9-YG_xo*#WgRv zsIs6WGe6Hc9~_aomKMndX2zDLx<+YfCb}kOh6cd3+(rhvW~K(ohA9>)mZl~q#JVsg zMCIjipbPymTo?=t4-^-g5Wm{o&>}T4*&xMS7wA9>U6T|8Gu=dUQ$yV(<5WZAL`(BT zQ&Ur7UC0m>E-($~LQM=8ZfHVtp@E4Rv0-QiJS*Bf&CEjA%-Gym*CZJj`WA-9=DMjy z$tgx@rWUD|mcaG!!2Ci)Qbax38kPY;v3zGOx(kU9L*mZ4CeDSZy9kh7D0CCeg;d{D XfXjufY@p1>1%yXg7#NIML1h5|HLgH% literal 0 HcmV?d00001 diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/AWSEncryptionSDKTests.csproj b/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/AWSEncryptionSDKTests.csproj deleted file mode 100644 index 8a77149c0..000000000 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/AWSEncryptionSDKTests.csproj +++ /dev/null @@ -1,84 +0,0 @@ - - - - - netcoreapp3.1;net452 - 7.3 - false - false - - - - - - - - - - - runtime; build; native; contentfiles; analyzers; buildtransitive - all - - - - - - - - - - - - - - - - - PreserveNewest - - - - - - - - - - - - - - - - - - - - - - - diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/Extern/TestUtils.cs b/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/Extern/TestUtils.cs deleted file mode 100644 index 0364cfa1e..000000000 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/Extern/TestUtils.cs +++ /dev/null @@ -1,33 +0,0 @@ - -using System; -using System.IO; -using Wrappers_Compile; -using icharseq = Dafny.ISequence; -using ibyteseq = Dafny.ISequence; - -namespace TestUtils { - public partial class __default { - - public static _IOutcome WriteFile(icharseq path, ibyteseq contents) { - try { - var pathString = DafnyFFI.StringFromDafnyString(path); - var bytes = DafnyFFI.ByteArrayFromSequence(contents); - File.WriteAllBytes(pathString, bytes); - return Outcome.create_Pass(); - } catch (Exception e) { - return DafnyFFI.CreateFail(e.Message); - } - } - - public static _IResult ReadFile(icharseq path) { - try { - var pathString = DafnyFFI.StringFromDafnyString(path); - var bytes = File.ReadAllBytes(pathString); - var byteseq = DafnyFFI.SequenceFromByteArray(bytes); - return Result.create_Success(byteseq); - } catch (Exception e) { - return DafnyFFI.CreateFailure(e.Message); - } - } - } -} \ No newline at end of file diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/NativeWrappers/OutputValidationTests.cs b/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/NativeWrappers/OutputValidationTests.cs deleted file mode 100644 index 627685a23..000000000 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/NativeWrappers/OutputValidationTests.cs +++ /dev/null @@ -1,142 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -using System; -using System.Collections.Generic; -using AWS.EncryptionSDK.Core; -// ReSharper disable once RedundantUsingDirective -using Wrappers_Compile; -using Xunit; -using Xunit.Sdk; -using static AWSEncryptionSDKTests.NativeWrappers.Utils; - -namespace AWSEncryptionSDKTests.NativeWrappers -{ - public class OutputValidationTests - { - private const string EXPECTED_FAILURE = - "Wrappers_Compile.Result.Failure(Dafny.Aws.EncryptionSdk.Core.AwsCryptographicMaterialProvidersException)"; - - [Fact] - public void TestInvalidRejected() - { - var underTest = new NativeWrapper_Keyring(new BadKeyring()); - Wrappers_Compile._IResult output = null; - try - { - output = underTest.OnEncrypt(GetDafnyOnEncryptInput()); - } - catch (Exception e) - { - throw new XunitException( - $"{underTest}.OnEncrypt threw an exception: {e.GetType()} with message: \"{e.Message}\"." + - $"Should have returned: \"{EXPECTED_FAILURE}\"" - ); - } - - if (output != null) - { - // Weird way of checking that the class is right, I know, but this is what I can figure out - Assert.Equal(EXPECTED_FAILURE, $"{output}"); - var e = output.dtor_error; - const string expectedMessage = - "Output of AWSEncryptionSDKTests.NativeWrappers.BadKeyring._OnEncrypt is invalid." + - " Missing value for required property 'Materials'"; - var actualMessage = TypeConversion.FromDafny_N6_smithy__N3_api__S6_String(e.GetMessage()); - Assert.Equal(expectedMessage, actualMessage); - } - else - { - throw new XunitException($"{underTest}.OnEncrypt returned null." + - $"Should have returned: \"{EXPECTED_FAILURE}\""); - } - } - - [Fact] - public void TestNullRejected() - { - var underTest = new NativeWrapper_Keyring(new BadKeyring()); - Wrappers_Compile._IResult output = null; - try - { - output = underTest.OnDecrypt(GetDafnyOnDecryptInput()); - } - catch (Exception e) - { - throw new XunitException( - $"{underTest}.OnDecrypt threw an exception: {e.GetType()} with message: \"{e.Message}\"." + - $"Should have returned: \"{EXPECTED_FAILURE}\"" - ); - } - if (output != null) - { - Assert.Equal(EXPECTED_FAILURE, $"{output}"); - var e = output.dtor_error; - const string expectedMessage = "AWSEncryptionSDKTests.NativeWrappers.BadKeyring._OnDecrypt returned null, should be AWS.EncryptionSDK.Core.OnDecryptOutput"; - var actualMessage = TypeConversion.FromDafny_N6_smithy__N3_api__S6_String(e.GetMessage()); - /*Console.Out.WriteLine($"actual is: \"{actualMessage}\"");*/ - Assert.Equal(expectedMessage, actualMessage); - } - else - { - throw new XunitException($"{underTest}.OnDecrypt returned null." + - $"Should have returned: \"{EXPECTED_FAILURE}\""); - } - } - } - - class BadKeyring : KeyringBase - { - protected override OnEncryptOutput _OnEncrypt(OnEncryptInput input) - { - return new OnEncryptOutput(); - } - - protected override OnDecryptOutput _OnDecrypt(OnDecryptInput input) - { - return null; - } - } - - internal static class Utils - { - internal static Dafny.Aws.EncryptionSdk.Core._IOnEncryptInput GetDafnyOnEncryptInput() - { - return TypeConversion.ToDafny_N3_aws__N13_encryptionSdk__N4_core__S14_OnEncryptInput(GetOnEncryptInput()); - } - - internal static Dafny.Aws.EncryptionSdk.Core._IOnDecryptInput GetDafnyOnDecryptInput() - { - return TypeConversion.ToDafny_N3_aws__N13_encryptionSdk__N4_core__S14_OnDecryptInput(GetOnDecryptInput()); - } - - static OnEncryptInput GetOnEncryptInput() - { - var materials = new EncryptionMaterials() - { - AlgorithmSuiteId = AlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384, - EncryptionContext = new Dictionary() {{"test", "test"}}, - EncryptedDataKeys = new List() - }; - return new OnEncryptInput {Materials = materials}; - } - - static OnDecryptInput GetOnDecryptInput() - { - var materials = new DecryptionMaterials() - { - AlgorithmSuiteId = AlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384, - EncryptionContext = new Dictionary() {{"test", "test"}} - }; - return new OnDecryptInput() - { - EncryptedDataKeys = new List(), - Materials = materials - }; - } - } -} diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/NativeWrappers/TypeConversionToDafnyWrapperTest.cs b/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/NativeWrappers/TypeConversionToDafnyWrapperTest.cs deleted file mode 100644 index 07890e362..000000000 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/Test/NativeWrappers/TypeConversionToDafnyWrapperTest.cs +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -using System; -using AWS.EncryptionSDK.Core; -using Xunit; -using Xunit.Sdk; - -namespace AWSEncryptionSDKTests.NativeWrappers -{ - public class TypeConversionToDafnyWrapperTest - { - [Fact] - public void TestInterfaceThrowsException() - { - const string expectedMessage = - "Custom implementations of Keyring must extend KeyringBase."; - var expected = new ArgumentException(expectedMessage); - Dafny.Aws.EncryptionSdk.Core.IKeyring output = null; - try - { - output = TypeConversion - .ToDafny_N3_aws__N13_encryptionSdk__N4_core__S16_KeyringReference( - new KeyringInterface()); - } - catch (ArgumentException e) - { - Assert.Equal(expectedMessage, e.Message); - return; - } - catch (Exception e) - { - throw new XunitException( - nameof(TypeConversion.ToDafny_N3_aws__N13_encryptionSdk__N4_core__S16_KeyringReference) + - $" threw an exception: {e.GetType()} with message: \"{e.Message}\"." + - $"Should have thrown: \"{expected}\"" - ); - } - throw new XunitException( - nameof(TypeConversion.ToDafny_N3_aws__N13_encryptionSdk__N4_core__S16_KeyringReference) + - $" returned {output}. Should have thrown: \"{expected}\""); - } - } - - class KeyringInterface : IKeyring - { - public OnEncryptOutput OnEncrypt(OnEncryptInput input) - { throw new System.NotImplementedException(); } - public OnDecryptOutput OnDecrypt(OnDecryptInput input) - { throw new System.NotImplementedException(); } - } -} diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj b/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj deleted file mode 100644 index a77235921..000000000 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectorLib/AWSEncryptionSDKTestVectorLib.csproj +++ /dev/null @@ -1,13 +0,0 @@ - - - - netstandard2.1;net452 - 7.3 - - - - - - - - diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/TestVectors.cs b/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/TestVectors.cs deleted file mode 100644 index 317849fc5..000000000 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/TestVectors.cs +++ /dev/null @@ -1,159 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -using System; -using System.Collections; -using System.Collections.Generic; -using System.IO; -using System.Linq; - -using Xunit; - -using AWS.EncryptionSDK; -using AWS.EncryptionSDK.Core; - -namespace TestVectors.Runner { - public abstract class TestVectorData : IEnumerable { - protected readonly Dictionary VectorMap; - protected readonly Dictionary KeyMap; - protected readonly string VectorRoot; - - protected TestVectorData() { - this.VectorRoot = Utils.GetEnvironmentVariableOrError("DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH"); - DecryptManifest manifest = Utils.LoadObjectFromPath(VectorRoot); - this.VectorMap = manifest.VectorMap; - string keysPath = Utils.ManifestUriToPath(manifest.KeysUri, VectorRoot); - this.KeyMap = Utils.LoadObjectFromPath(keysPath).Keys; - } - - protected static bool VectorContainsMasterKeyOfType(DecryptVector vector, string typeOfKey) - { - return vector.MasterKeys.Any(masterKey => masterKey.Type == typeOfKey); - } - - public abstract IEnumerator GetEnumerator(); - - IEnumerator IEnumerable.GetEnumerator() => GetEnumerator(); - - // Simplistic method for narrowing down which vectors to target. Add any permanent skips - // here (e.g. for unsupported features) or temporarily update if you want to - // test certain vectors - protected static bool TargetVector(KeyValuePair entry) - { - if (entry.Value.DecryptionMethod != null && entry.Value.DecryptionMethod.Equals("streaming-unsigned-only")) { - // These vectors specifically target streaming APIs. Since we do not - // yet support streaming, we cannot test against these. - return false; - } - return true; - } - } - - public class DecryptTestVectors : TestVectorData { - public override IEnumerator GetEnumerator() - { - long count = 0; - foreach(var vectorEntry in VectorMap) { - - if (!TargetVector(vectorEntry)) - { - continue; - } - - DecryptVector vector = vectorEntry.Value; - byte[] plaintext = null; - if (vector.Result.Output != null) - { - string plaintextPath = Utils.ManifestUriToPath(vector.Result.Output.Plaintext, VectorRoot); - if (!File.Exists(plaintextPath)) - { - throw new ArgumentException($"Could not find plaintext file at path: {plaintextPath}"); - } - - plaintext = File.ReadAllBytes(plaintextPath); - } - - string errorMessage = null; - if (vector.Result.Error != null) - { - errorMessage = vector.Result.Error.ErrorMessage; - } - - string ciphertextPath = Utils.ManifestUriToPath(vector.Ciphertext, VectorRoot); - if (!File.Exists(ciphertextPath)) { - throw new ArgumentException($"Could not find ciphertext file at path: {ciphertextPath}"); - } - byte[] ciphertext = File.ReadAllBytes(Utils.ManifestUriToPath(vector.Ciphertext, VectorRoot)); - - MemoryStream ciphertextStream = new MemoryStream(ciphertext); - - yield return new object[] { vectorEntry.Key, vector, KeyMap, plaintext, errorMessage, ciphertextStream }; - count++; - } - - // If nothing gets `yield return`-ed, xUnit gives an unclear error message. This error is better. - if (count == 0) - { - throw new Exception("No targeted vectors found"); - } - } - } - - public class TestVectorDecryptTests { - [SkippableTheory] - [ClassData (typeof(DecryptTestVectors))] - public void CanDecryptTestVector( - string vectorId, - DecryptVector vector, - Dictionary keyMap, - byte[] expectedPlaintext, - string expectedError, - MemoryStream ciphertextStream - ) { - if (expectedPlaintext != null && expectedError != null) - { - throw new ArgumentException( - $"Test vector {vectorId} has both plaintext and error in its expected result, this is not possible" - ); - } - - try - { - AwsEncryptionSdkConfig config = new AwsEncryptionSdkConfig - { - CommitmentPolicy = CommitmentPolicy.REQUIRE_ENCRYPT_ALLOW_DECRYPT - }; - IAwsEncryptionSdk encryptionSdk = AwsEncryptionSdkFactory.CreateAwsEncryptionSdk(config); - - ICryptographicMaterialsManager cmm = MaterialProviderFactory.CreateDecryptCmm(vector, keyMap); - - DecryptInput decryptInput = new DecryptInput - { - Ciphertext = ciphertextStream, - MaterialsManager = cmm, - }; - AWS.EncryptionSDK.DecryptOutput decryptOutput = encryptionSdk.Decrypt(decryptInput); - if (expectedError != null) - { - throw new Exception( - $"Test vector {vectorId} succeeded when it shouldn't have" - ); - } - - byte[] result = decryptOutput.Plaintext.ToArray(); - Assert.Equal(expectedPlaintext, result); - } - catch (Exception e) when ( - e is AwsEncryptionSdkException || - e is AwsCryptographicMaterialProvidersException - ) - { - if (expectedPlaintext != null) - { - // Test was not expected to fail - throw; - } - } - } - } -} diff --git a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/resources/aws-encryption-sdk-test-vectors b/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/resources/aws-encryption-sdk-test-vectors deleted file mode 160000 index b6a6c91e6..000000000 --- a/AwsEncryptionSDK/runtimes/net/TestVectorsV3/TestVectors/resources/aws-encryption-sdk-test-vectors +++ /dev/null @@ -1 +0,0 @@ -Subproject commit b6a6c91e62cc67f891b5dc3d11b0f047d10baf76 diff --git a/SharedMakefileV2.mk b/SharedMakefileV2.mk index c589da7b5..e52d16d1f 100644 --- a/SharedMakefileV2.mk +++ b/SharedMakefileV2.mk @@ -307,20 +307,23 @@ transpile_test_net: _transpile_test_all transpile_dependencies_net: LANG=net transpile_dependencies_net: transpile_dependencies +test_net: FRAMEWORK=net6.0 test_net: dotnet run \ --project runtimes/net/tests/ \ - --framework net6.0 + --framework $(FRAMEWORK) +test_net_mac_intel: FRAMEWORK=net6.0 test_net_mac_intel: DYLD_LIBRARY_PATH="/usr/local/opt/openssl@1.1/lib" dotnet run \ --project runtimes/net/tests/ \ - --framework net6.0 + --framework $(FRAMEWORK) +test_net_mac_brew: FRAMEWORK=net6.0 test_net_mac_brew: DYLD_LIBRARY_PATH="$(shell brew --prefix)/opt/openssl@1.1/lib/" dotnet run \ --project runtimes/net/tests/ \ - --framework net6.0 + --framework $(FRAMEWORK) setup_net: dotnet restore runtimes/net/