From d2f6666e3ba22263a91f5084c62fae3d68b62299 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 24 Jan 2023 15:55:51 -0600 Subject: [PATCH 01/34] blog post QA'd and grammar checked --- _source/_posts/2023-01-24-jakartaee-auth0.md | 536 +++++++++++++++++++ 1 file changed, 536 insertions(+) create mode 100644 _source/_posts/2023-01-24-jakartaee-auth0.md diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md new file mode 100644 index 0000000000..4e71b341ad --- /dev/null +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -0,0 +1,536 @@ +--- +layout: blog_post +title: "Open ID authentication with Jakarta EE 10 and Security 3.0" +author: andrew-hughes +by: contractor +communities: [java,security] +description: "Use Jakarta EE 10 to build a secure Java web application using Open ID connect and Auth0." +tags: [java, jakartaee] +tweets: +- "" +- "" +- "" +image: +type: awareness|conversion +--- + +## Open ID authentication with Jakarta EE 10 and Security 3.0 + +Jakarta EE 10 includes a new authentication mechanism: Open ID Connect! This can be added to a Jakarta EE servlet using the new `@OpenIdAuthenticationMechanismDefinition` annotation. + +In this tutorial, you are going to see how to implement a web application with Open ID Connect (OIDC) authentication and use Auth0 as the OIDC provider. You are also going to see one way to secure an API and authenticate using JSON Web Tokens (JWTs). This will all be accomplished using Wildfly as the Jakarta EE runtime. + +This stack includes a lot of technologies. I'm going to introduce them briefly below. If you're comfortable with all those terms and just want to get to the code, **feel free to skip ahead to the requirements section**. + +**Jakarta vs Java, EE vs SE** + +Jakarta EE is Jakarta Enterprise Edition. This was formerly Java EE. The name and framework packages were migrated when Oracle gave Java EE to the Eclipse Foundation because Oracle still has the rights to the Java brand and did not open-source absolutely everything that was in the `javax.*` namespace. Thus, Jakarta EE is the Eclipse-owned and now totally open-source Java EE (You may have recently had to change some packages from `javax` to `jakarta`. This is why.) + +Enterprise Edition is built on top of Jakarta (that is, Java) SE, or Standard Edition. Jakarta SE is the more lightweight Java version that provides a basic cross-platform runtime. Enterprise Edition is assumed to be running on an application server and adds libraries intended for larger-scale, multi-user applications. + +To run an SE application, all you need is the JRE (Java runtime environment) for a compatible version of Java. Enterprise Edition, however, requires a more complete runtime environment and has a lot more possible modules and configuration options. To see a list of Jakarta EE compatible products, you can look at [the Jakarta website](https://jakarta.ee/compatibility/). A few examples are Open Liberty, Payara, Wildfly, Glassfish, and TomEE. + +As of the time I wrote this tutorial, Jakarta EE 10 was a very new release, and only three frameworks supported version 10: Eclipse GlashFish, Payara Server Community, and WildFly. + +**Wildfly** + +I chose to use [WildFly](https://www.wildfly.org/) as my Jakarta EE runtime. Hantsy Bai created a great example project that was a big help. Check out [the GitHub project repository page](https://github.com/hantsy/jakartaee10-sandbox). Thanks, Hantsy Bai! Super helpful. + +WildFly is an open-source community project sponsored by Red Hat. It bills itself as a "flexible, lightweight, managed application runtime" that is "based on Jakarta EE and provides rich enterprise capabilities in easy to consume frameworks that eliminate boilerplate and reduce technical burden." It is a modular, standards-based runtime for Jakarta EE applications. + +**Jakarta EE 10 Security 3.0** + +The exciting thing about Jakarta 10 (from a security perspective) is that it includes a new OIDC implementation in the Security 3.0 specification. Open ID Connect is an authentication protocol. This protocol is implemented by many third-party vendors, such as Auth0 and Okta, making it relatively easy to add secure login to an application. Jakarta EE 10 Security 3.0 provides an annotation-based configuration to add OIDC authentication to servlets. + +You can check out [the docs for Jakarta EE 10 Security 3.0 OIDC here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). + +**Requirements** + +Before you start, please make sure you have the following prerequisites installed (or install them now). + +- [Java 17](https://adoptium.net/): or use [SDKMAN!](https://sdkman.io/) to manage and install multiple versions (the Jakarta EE spec says 11 and up is supported, but I wrote this tutorial assuming version 17) +- [Auth0 CLI](https://github.com/auth0/auth0-cli#installation): the Auth0 command-line interface +- [HTTPie](https://httpie.org/doc#installation): a simple tool for making HTTP requests from a Bash shell + +**You will need a free Auth0 developer account** if you don't already have one. Go ahead and sign up for an Auth0 account using [their sign-up page](https://auth0.com/signup). + +Clone the tutorial from [the GitHub repository](need.a.link). + +## Take a look at the build configuration and project dependencies + +I won't reproduce the entire `pom.xml` file here, but I want to point out a few things. + +First, take a look at the dependencies. The only dependency required for Jakarta EE is the first one (`jakarta.jakartaee-api`). + +```xml + + + jakarta.platform + jakarta.jakartaee-api + ${jakartaee-api.version} + provided + + +``` + +The WildFly plugin is included and configured in the block below. + +```xml + + org.wildfly.plugins + wildfly-maven-plugin + ${wildfly-maven-plugin.version} + + + /subsystem=undertow/application-security-domain=other:write-attribute(name=integrated-jaspi, value=false) + reload + + + +``` + +The docs for [the WildFly maven plugin are here](https://docs.wildfly.org/wildfly-maven-plugin/). Except for the cryptic `` block, the plugin is pretty simple and easy to use. + +It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI in the server and instead delegates validation of credentials to a non-integrated ServerAuthModule. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. + +> If you dig too deep into all of this, you will encounter a lot of Java API framework jargon, such as Elytron, Java EE Security, JASPI, JASPIC, and JACC. Arjan Tijms has [a nice article at Payara](https://blog.payara.fish/ee-security-jaspic-jacc-loginmodules-realms) that differentiates a lot of it. +> +> Stated very briefly, JASPI (also JASPIC) is Java Authentication for Containers. It is a low-level authentication protocol. Similarly, JACC, or Java Authorization Contract for Containers, is a spec for authorization. Both are Enterprise Edition-specific and are protocols only, meaning that they are designed to provide a standard set of interfaces that third parties can implement. They are a bunch of interfaces on top of which third parties can build implementation frameworks. +> +> Jakarta EE security is built on top of the JASPI and JACC interfaces and provides an easier-to-use and more complete authentication and authorization solution. It implements the JASPI and JACC protocols and also adds some new classes. +> +> [Elytron](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#about) is the JBoss Wildfly-specific security implementation that uses Jakarta EE security and builds on top of it to provide a unified client and server security implementation. This tutorial does not use any Elytron-specific features. However, since it does use Wildfly, it uses the Jakarta EE implementation parts of Elytron, and if you look in the docs you'll see the name mentioned. The Elytron docs include [a section on Jakarta EE security](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security). + +The last section of the `pom.xml` file I want to point out is the following. This plugin block is used to download the WildFly runtime locally and unpack it to the `/target` directory. This is necessary to ensure that you download and run the specific `27.0.0.Final` release, which you need to enable Jakarta EE 10. + +```xml + + org.apache.maven.plugins + maven-dependency-plugin + ${maven-dependency-plugin.version} + + + unpack + process-classes + + unpack + + + + + org.wildfly + ${wildfly.artifactId} + ${wildfly.version} + zip + false + ${project.build.directory} + + + + + + +``` + +## Project structure and configuration + +The files in the `src` directory are listed below. There are three different services: + +1. the OIDC-protected servlet; +2. the API servlet protected by a JWT authentication filter; and +3. an unprotected servlet. + +```text +src +└── main + ├── java + │ └── com + │ └── demo + │ ├── CallbackServlet.java // OIDC callback handler + │ ├── ProtectedServlet.java // OIDC-handling servlet endpoint + │ ├── PublicServlet.java // Public endpoint + │ ├── JwtFilter.java // Verifies JWT and secures ApiServlet + │ ├── ApiServlet.java // API protected by filter + │ └── OpenIdConfig.java // Loads openid.properties + ├── resources + │ ├── logging.properties // Simple console logging configuration + │ ├── META-INF + │ │ ├── beans.xml // Declare some provided dependencies for deployment + │ │ └── MANIFEST.MF // Configure CDI (Contexts and Dependency Injection) + │ └── openid.properties // OpenID config properties + └── webapp + └── WEB-INF + └── jboss-web.xml // Configures context root to '/' +``` + +When the application loads, the OpenID properties are loaded from `openid.properties` by the `OpenIDConfig` class. These values are used by the `JwtFilter` to create the class that verifies JSON Web Tokens. These properties are also used by the `ProtectedServlet` in the `@OpenIdAuthenticationMechanismDefinition` annotation to configure OIDC. + +The `jboss-web.xml` file is simply used to change the context root to `/`. + +Neither of the files in the `META-INF` directory seem to be required for the application to function. The `beans.xml` file explicitly enables CDI / dependency injection. However, this would also be done implicitly by the use of the annotations. The `MANIFEST.MF` file defines some provided runtime dependencies related to CDI. Perhaps in some runtime environments it would be necessary to include this file, but it seems unneeded when running locally with WilfFly. + +## Create an Auth0 API and OIDC application + +If you have not already, install the [Auth0 CLI](https://github.com/auth0/auth0-cli) and run `auth0 login` in a terminal. + +```bash +Waiting for the login to complete in the browser... done + + ▸ Successfully logged in. + ▸ Tenant: dev-0xb84jzp.us.auth0.com +``` + +Take note of the domain listed as the tenet. This is your Auth0 domain. If you need to find it again later, you can use `auth0 tenants list`. + +You need to create an API on Auth0. The Auth0 API is what exposes identity functionality for all authentication and authorization protocols, such as OpenID Connect and OAuth. **Without the API, Auth0 servers will return an opaque token that the Java application will not be able to verify.** This can lead to some cryptic error messages and some lost time. + +Use the following command to create a custom Auth0 API named `myapi` with the identifier `http://my-api`. + +```bash +auth0 apis create -n myapi --identifier http://my-api +``` + +Just press enter three times to accept the default values for scopes, token lifetime, and to allow offline access. The scopes here refer to custom scopes, not the standard scopes (email, profile, and openid) that you will need for OIDC and OAuth. + +Now use the Auth0 CLI to create an OpenID Connect (OIDC) application. From the project base directory, run the following. + +```bash +auth0 apps create +``` + +Use the following values: + +- **Name**: `javartaee-demo` + +- **Description**: whatever you like, or leave blank +- **Type**: `Regular Web Application` +- **Callback URLs**: `http://localhost:8080/callback` +- **Allowed Logout URLs**: `http://localhost:8080` + +The console output shows you the Auth0 domain and the OIDC client ID. However, you also need the client secret, which you have to get by logging into Auth0. Type the following: + +```bash +auth0 apps open +``` + +Select the OIDC app (or client) you just created from the list. This will open the OIDC application on the Auth0 dashboard. + +<< image >> + +Fill in the three values in `src/main/resources/openid.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. + +```properties +issuerUri= +clientId= +clientSecret=ca +``` + +## Configure Roles on Auth0 + +Open your [Auth0 developer dashboard](https://manage.auth0.com). You need to create a role, assign your user to that role, and create an action that will inject the roles into a custom claim in the JWT. + +Under **User Management** click on **Roles**. Click the **Create Role** button. + +**Name** the role `Everyone`. Give it a **Description**, whatever you like. Click **Create**. + +The Everyone role panel should be shown. Select the **Users** tab. Click **Add Users**. Assign yourself to the role. + +You've now created a role and assigned yourself to it. But this information will not be passed along in the JWT without a little customization. The current best practice is to do this using actions. + +Select **Actions** from the left menu in the developer dashboard. Click on **Flows**. Select **Login**. + +Add a new action by clicking on the **+** symbol to the right of **Add Action**. Select **Build Custom**. + +Give the action a **Name**, such as `Add Roles`. Leave the other two values the same. Click **Create**. + +Change the code for the action to the following. + +```js +exports.onExecutePostLogin = async (event, api) => { + const namespace = 'http://www.jakartaee.demo'; + if (event.authorization) { + api.idToken.setCustomClaim('preferred_username', event.user.email); + api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles); + api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles); + } +} +``` + +Click on **Deploy**. + +Click on the **Add to flow** link in the popup window that slides in (if you miss this, you can find the new action under the custom action tab back in the flow panel). + +Drag the **Add Roles** action over under the **Rules (legacy)** action. + +Click **Apply** (top right of the panel). + +## Take a look at the ProtectedServlet and OIDC flow + +Let's look at the `ProtectedServlet` first. This is the class that defines the OIDC annotation and will redirect to Auth0 to handle OIDC authentication. + +`src/main/java/com/demo/ProtectedServlet.java` + +```java +package com.demo; + +... + +@OpenIdAuthenticationMechanismDefinition( + providerURI = "${openIdConfig.issuerUri}", + clientId = "${openIdConfig.clientId}", + clientSecret = "${openIdConfig.clientSecret}", + redirectURI = "${baseURL}/callback", + // default 500ms caused timeouts for me + jwksConnectTimeout = 5000, + jwksReadTimeout = 5000, + // Auth0 requires the audience to be set to the custom API + extraParameters = {"audience=http://my-api"}, + // read the roles from Auth0 custom claim + claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") +) +@WebServlet("/protected") +@ServletSecurity( + @HttpConstraint(rolesAllowed = "Everyone") +) +public class ProtectedServlet extends HttpServlet { + + @Inject + private OpenIdContext context; + + @Inject + SecurityContext securityContext; + + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { + + var principal = securityContext.getCallerPrincipal(); + var name = principal.getName(); + + response.setContentType("text/html"); + response.getWriter().println("

Protected Servlet

"); + response.getWriter().println("

Principal name:" + name + "

"); + response.getWriter().println("

access token:" + context.getAccessToken() + "

"); + response.getWriter().println("

token type:" + context.getTokenType() + "

"); + response.getWriter().println("

subject:" + context.getSubject() + "

"); + response.getWriter().println("

expires in:" + context.getExpiresIn() + "

"); + response.getWriter().println("

refresh token:" + context.getRefreshToken() + "

"); + response.getWriter().println("

claims json:" + context.getClaimsJson() + "

"); + } +} +``` + +The `@OpenIdAuthenticationMechanismDefinition` is the new feature added by Jakarta EE 10 and Security 3.0. The docs for this annotation [are here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). + +The first four params set the required OIDC values. I had to increase the timeout values to avoid an intermittent error. The `extraParameters` param is used to send the `audience` value as the Auth0 custom API (without which, Auth0 will return an opaque token). The `claimsDefinition` param is used to configure reading the roles from the custom claim. + +The `@OpenIdAuthenticationMechanismDefinition` annotation alone does not protect the resource. It activates OIDC and configures a provider. It could just as easily have been included in another class file. + +The security constraint is added by `@ServletSecurity`, which is used to only allow users with the role (or group) `Everyone`. + +The other annotation, `@WebServlet("/protected")`, defines the class as a web servlet and defines the path. You can see [the spec for this annotation here](https://docs.oracle.com/javaee/7/api/javax/servlet/annotation/WebServlet.html). + +CDI (Context and Dependency Injection) is used to inject two dependencies: the `OpenIdContext` and the `SecurityContext`. These are both used to retrieve and return some details about the authenticated person. They are not required for authentication itself. + +When a user that is not authenticated attempts to load this resource, they are redirected to Auth0 for authentication. From a browser, the user sees Auth0's login screen. After successfully logging in, the user is redirected back to the `/callback` servlet with an authentication code. Jakarta EE's security framework intercepts this redirect and sends the code back to Auth0 to exchange it for an authentication token before passing control back to the `/callback` endpoint. + +At this point, the user is successfully authenticated. If you look at the callback servlet (shown below), you'll see that it simply redirects the user back to the `/protected` servlet. + +```java +package com.demo; + +... + +@WebServlet("/callback") +public class CallbackServlet extends HttpServlet { + + private static final Logger LOGGER = Logger.getLogger(CallbackServlet.class.getName()); + + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + String referer = (String) request.getSession().getAttribute("Referer"); + String redirectTo = referer != null ? referer : request.getContextPath() + "/protected"; + LOGGER.info("OIDC callback success. Redirecting to: " + redirectTo); + response.sendRedirect(redirectTo); + } + +} + +``` + +To summarize (and simplify) the request flow to the `/protected` endpoint. + +- Client requests `/protected`. +- Jakarta EE Security 3.0 intercepts this request based on OIDC configuration and authentication requirement for the endpoint and redirects to Auth0 for authentication. +- Upon successful authentication, Auth0 redirects back to `/callback` endpoint, sending authorization code. +- Jakarta EE Security 3.0 intercepts the request to the `/callback`endpoint and sends the authorization code back to Auth0. +- Auth0 accepts the authorization code, verifies it, and returns an access token (and possibly an identity token) to the Jakarta EE Security 3.0 framework. +- Once a verified JWT is received and unpacked, the user is authenticated and the `@ServletSecurity` annotation requirement is checked. If the user is a member of the `Everyone` group, the `ProtectedServlet.doGet()` method is called. +- The `ProtectedServlet.doGet()` method programmatically redirects back to `/protected`. + +All of that happened above when you logged into Auth0 and loaded the protected servlet. Since this servlet handily prints out the JWT, I thought it would be nice to see how to secure a web API using a JWT, which is what you'll see in the next section. + +## Use the JWT to access the protected API + +The `ApiServlet` file defines an API servlet. + +`src/main/java/com/demo/ApiServlet.java` + +```java +package com.demo; + +... + +@WebServlet("/api/protected") +public class ApiServlet extends HttpServlet { + + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { + + DecodedJWT jwt = (DecodedJWT)request.getAttribute("jwt"); + response.setContentType("text"); + response.getWriter().println("Welcome, " + jwt.getClaims().get("sub")); + response.getWriter().println(jwt.getClaims()); + } +} + +``` + +This servlet by itself is not at all secure and would be public without the `JwtFilter` class, which is shown below. The filter intercepts any requests matching the `/api/*` URL pattern and denies them if they do not have a valid JWT. + +`src/main/java/com/demo/JwtFilter.java` + +```java +package com.demo; + +... + +@WebFilter(filterName = "jwtFilter", urlPatterns = "/api/*") +public class JwtFilter implements Filter { + + private static final Logger LOGGER = Logger.getLogger(JwtFilter.class.getName()); + + @Inject + OpenIdConfig openIdConfig; + + private JWTVerifier jwtVerifier; + + @Override + public void init(FilterConfig filterConfig) { + LOGGER.info("Auth0 jwtVerifier initialized for issuer:" + openIdConfig.getIssuerUri()); + } + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, + FilterChain chain) throws IOException, ServletException { + + HttpServletRequest request = (HttpServletRequest) servletRequest; + HttpServletResponse response = (HttpServletResponse) servletResponse; + + LOGGER.info("In JwtFilter, path: " + request.getRequestURI()); + + // Get access token from authorization header + String authHeader = request.getHeader("authorization"); + if (authHeader == null) { + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.getOutputStream().print("Unauthorized"); + return; + } else { + String accessToken = authHeader.substring(authHeader.indexOf("Bearer ") + 7); + LOGGER.info("accesstoken: " + request.getRequestURI()); + JwkProvider provider = new UrlJwkProvider(openIdConfig.getIssuerUri()); + try { + DecodedJWT jwt = JWT.decode(accessToken); + // Get the kid from received JWT token + Jwk jwk = provider.get(jwt.getKeyId()); + + Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null); + + JWTVerifier verifier = JWT.require(algorithm) + .withIssuer(openIdConfig.getIssuerUri()) + .build(); + + jwt = verifier.verify(accessToken); + LOGGER.info("JWT decoded. sub=" + jwt.getClaims().get("sub")); + request.setAttribute("jwt", jwt); + + } + + ... + + } + + chain.doFilter(request, response); + } + + @Override + public void destroy() { + } + +} +``` + +This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT verification](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute and the request is allowed to continue. + +Give it a try. Start the project. + +```bash +./mvnw wildfly:run +``` + +Make a request to the protected API endpoint (not the OIDC endpoint). + +```bash +http :8080/api/protected +``` + +You'll get: + +```Bash +HTTP/1.1 401 Unauthorized +``` + +Now, use your OIDC endpoint to retrieve a token. Using a browser, open http://localhost:8080/protected + +Authenticate with Auth0. When you are redirected back to the protected servlet page, copy the token value and save it in a Bash shell variable in a new Bash shell. + +```bash +TOKEN=eyJraWQiOiJqY3dpbGpUcGVZSG1Jajl6ODR3LV... +``` + +In that same shell, make a request to the protected API endpoint using the token. + +```bash +http :8080/api/protected "Authorization: Bearer $TOKEN" +``` + +It should return something like the following. + +```bash +HTTP/1.1 200 OK +Connection: keep-alive +Content-Length: 401 +Content-Type: text;charset=ISO-8859-1 +Date: Tue, 27 Sep 2022 15:02:59 GMT + +Welcome, andrew.hughes@mail.com +... + +``` + +## Keep Learning with Jakarta EE and Auth0 + +You just built a Jakarta Enterprise Edition application that used the new Open ID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2 provider, and you saw how to implement both SSO and JWT authentication. + +ou can find the source code for this example on GitHub in the [@oktadev/okta-spring-boot-vue-crud-example](https://github.com/oktadev/okta-spring-boot-vue-crud-example) repository. + +If you liked this post, there's a good chance you'll like similar ones: + +- [Introducing Spring Native for JHipster: Serverless Full-Stack Made Easy](/blog/2022/03/03/spring-native-jhipster) +- [Add Authentication to Your Vanilla JavaScript App in 20 Minutes](/blog/2018/06/05/authentication-vanilla-js) +- [Mobile Development with Ionic, React Native, and JHipster](/blog/2020/04/27/mobile-development-ionic-react-native-jhipster) +- [Fast Java Made Easy with Quarkus and JHipster](/blog/2021/03/08/jhipster-quarkus-oidc) +- [Build a CRUD App with Vue.js, Spring Boot, and Kotlin](/blog/2020/06/26/spring-boot-vue-kotlin) +- [Add OpenID Connect to Angular Apps Quickly](/blog/2022/02/11/angular-auth0-quickly) + +If you have questions, please ask them in the comments below! If you're into social media, follow us: [@oktadev on Twitter](https://twitter.com/oktadev), [Okta for Developers on LinkedIn](https://www.linkedin.com/company/oktadev), and [OktaDev](https://www.facebook.com/oktadevelopers) on Facebook. If you like learning via video, subscribe to [our YouTube channel](https://youtube.com/oktadev). From 80d04407c1967c79324d934a62918ccebb3861b1 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 24 Jan 2023 15:58:52 -0600 Subject: [PATCH 02/34] updated --- _source/_posts/2022-08-19-build-crud-spring-and-vue.md | 1 - 1 file changed, 1 deletion(-) diff --git a/_source/_posts/2022-08-19-build-crud-spring-and-vue.md b/_source/_posts/2022-08-19-build-crud-spring-and-vue.md index d2ce5a42cb..bf9cc552af 100644 --- a/_source/_posts/2022-08-19-build-crud-spring-and-vue.md +++ b/_source/_posts/2022-08-19-build-crud-spring-and-vue.md @@ -16,7 +16,6 @@ github: https://github.com/oktadev/okta-spring-boot-vue-crud-example changelog: - 2023-01-20: Updated post to add Auth0 and use Spring Boot 3.0. You can find the changes to this post in [okta-blog#1284](https://github.com/oktadev/okta-blog/pull/1284). Example app changes can be found in [okta-spring-boot-vue-crud-example#6](https://github.com/oktadev/okta-spring-boot-vue-crud-example/pull/6). --- - You will use Vue and Spring Boot to build a todo list web application. The application will include CRUD abilities, meaning that you can **c**reate, **r**ead, **u**pdate, and **d**elete the todo items on the Spring Boot API via the client. The Vue frontend client will use the Quasar framework for the presentation. OAuth 2.0 and OpenID Connect (OIDC) will secure the Spring Boot API and the Vue client, initially by using Okta as the security provider. Then, at the end of the tutorial, you will also see how to use Auth0 as the security provider. {% img blog/spring-boot-vue3/spring-and-vue.png alt:"Spring Boot, Vue, and Okta logos" width:"500" %}{: .center-image } From e15eff133bb93ecb8cb033b48a97c0c0a619573c Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 24 Jan 2023 16:05:06 -0600 Subject: [PATCH 03/34] updated meta --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 4e71b341ad..4c2d1ebe86 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -11,7 +11,7 @@ tweets: - "" - "" image: -type: awareness|conversion +type: conversion --- ## Open ID authentication with Jakarta EE 10 and Security 3.0 From 84f0c03dfc65389fab1ceea40e195f2b2c0eb6fd Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 24 Jan 2023 17:10:06 -0600 Subject: [PATCH 04/34] added images --- .../blog/jakartaee-auth0/auth0-action-flow.png | Bin 0 -> 82550 bytes .../jakartaee-auth0/auth0-create-action.png | Bin 0 -> 74093 bytes .../blog/jakartaee-auth0/auth0-create-role.png | Bin 0 -> 147186 bytes .../jakartaee-auth0/auth0-create-role2.png | Bin 0 -> 88435 bytes .../jakartaee-auth0/oidc-application-auth0.png | Bin 0 -> 77346 bytes _source/_posts/2023-01-24-jakartaee-auth0.md | 13 +++++++++++-- 6 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 _source/_assets/img/blog/jakartaee-auth0/auth0-action-flow.png create mode 100644 _source/_assets/img/blog/jakartaee-auth0/auth0-create-action.png create mode 100644 _source/_assets/img/blog/jakartaee-auth0/auth0-create-role.png create mode 100644 _source/_assets/img/blog/jakartaee-auth0/auth0-create-role2.png create mode 100644 _source/_assets/img/blog/jakartaee-auth0/oidc-application-auth0.png diff --git a/_source/_assets/img/blog/jakartaee-auth0/auth0-action-flow.png b/_source/_assets/img/blog/jakartaee-auth0/auth0-action-flow.png new file mode 100644 index 0000000000000000000000000000000000000000..a94cdce4556643f057d903b920ebb15879d7c9dd GIT binary patch literal 82550 zcmdq}WmuF^8!ikFh;)Z^Dy4uR-616*0@4kN3`lnlDvf{&0uCjuba$snhajEODa{PS zyT<3)``yRh`^We5`@T62#ksk2t#w`3d7jsK8~N<13K2dXJ_G_GdZMbR1A*KMfW!~t;0Knw!jtE?;1huRA_9D;^-wbO&~>);@V0V$33=t@?D&$`-Nxs^Zo(Pf7Q#PhG+aaLi~eSym2`&qZATS+(se4?tfE! z_Q3da`XaZU7FDeD*jZJLaiQa>ca&YB&U3biBzqyQmD`w#q)PH{-v-|!Epg*~^I>PV zxdpcSCGCqTr=Y*4ZP+m4^z93d_|si!L|?kEZEL>>%Iqxr6+F`-LHlOk^!BP5suD<|Q@*vu=v8uh4v7?az1!I(;N@Mwqktdtns-hFd^8xw20G0 zAspUy+FfPcj`$Uf4Y7B_J!Dc>ZKH&H!`Salqy{&UeUZhtF)m-a{)u$G$8oHpr??(h zkvzbx^nd)KD|sM;wBK^MSVUM3*YFD#?n@{EF6&pQv8Ga?j5BKpHfs)}?z^fpBUcT` z8v&|7{I!@(>DYzq(;(~2zlM)s6FpeTvau>JP~W0{AhqwrUuN^6ucr}wx#|NhS`Z=d zMV2igGhOlDhf;DPaq&O@oLDiuAp7^}7QYkppKY$Oq0Ij_X{XvOtNiDPjsI`n%`_AF zNk~%_im4!nivd;*MkbV0L996jy)Gc!7@6|84)hQV%_#_16qE*XFU0m&?-&@%aS!$* z7IuyCDjPLCIe75MSE#+c2RC~Tbi$qIcE~eIFpBq>&_CPKKkV&L z#s_>^T{u4xNk|#ymocoI5WYE5g+X~?qFXxf$su{eNJ5NEcDd0-e8SFKatiU2GGFpA zGWlKEA)Vi_A$B_9At6GV57H~Tgp02!G2tUciisRTbzgVvtslXXWtS~c{IHJp|8044 z{^fknOHtjTn;`Akfrlt82q~r){Dg%(7tj$<%C7y@MTm^OTs3{R9@pS9z)S_E{JxDc z`LT+l*m_(PSazQU?nYixy#L^b#46%bZgd#k_I%#Zh}p4SLDjLn5^~jP-%aUdQ2jy2 z$e@W)ccP0@r-O34;ij3a*k)^1iyOl^si`AkfLRZm_$Ro{1Vs=-F?~pF(vO$f_rY>A z(pZoCgkEWxW~(?`j0X3MXD2OMVp$Gw^0zS)yyxA|d|-T&(*Yhjq8k?+fU zR~C^G=+C!M7YuJU^e0QKwmYQ7dDuJ1g4H!a-P*~D!6E5QI1Z+;|0#& zAsp;1SUFHgaCN1X-=L<+bFid&gHp^)Wbr#&A9 z2>$A&HReJxB*Yo^xwq)@e(tlYCco^N;o=Z%3|(K4Y=45~(3>p)d#?Nv#f82AHCVzR zK6;PrKn!Zz@WB-BBSRKrqj1^Df`ff@?8toGid}^JawJ@fZ{263shlhiIql8b&F18X zJ?{lE7S)f`CXc(!=3zTl(F7Oh_@8moZH)>MnV=Y>GuUQ)bw3x6+sacoY|L^*Kr>lK zPIZfMwSX(xLPHe~dPV$An9mrhao}TyXLyqXW&hL=p|7FZR<(ktk+(uu2yo6&5Fhw# zk6@HwVRNBlj|$v4KNu2uba~>(&irY-_9hyl(S!OEk><|e-1q{4>1;`_;llAOoat8^PUyR#bVKrTRyh8c)cT?IGIl+5t8R5 z`$g8C|NojLIWMj$U;g>btCK|Wp91#c|L-CWloKc&slu(0-~1F2&G7CH(q1UHLj}8DV}Mdvzvw2>YY` zMRrJ~=rZFno8=zJZqLC;0CeE_zipnN>1Wo~H|I{Ff2xM3y5;YMp(@w0?esiBQ<(Z0 z{vspfs|T{gc|AKg8S|O=(|T0$cEcZfi9}v>oP*rPiA3M)Q8K9A7z1G8B!k-~Lt_Jw zLUc`3|BENdx{3Lgp8g+zQn-H_gsX5z!#(+n>qV*fBd+NvZb+6kSG?WzloK?3{ zj*4uR#kZO>K!rpj(T~=Xm>rXBwQzmi-Owox%i-xsRg)IX5g~Ss1A{*M4-pYV^5}B< zLmSTV6$-EYJ=cK-vbL&+StW|wl;l2n$hT?gI*d*sE1F4Aud{sG z(KY>To`bRGN6LJUL6d<7E9&5|J~nVS*7WF-ZlCb$ZeC}ugO%1#a)$t=k_2+5&JZh_ zRPF?@$0tC4*3@ap$bPYg1o!8*=kD+}b8C0o&>Z?`3=yj-Dhh;3qi6mRl?r_dO!P%CA$AIFf2`Z7c^3Jfb@DGC(eO{-QdLyceh+40R6O>v zMCa-Qh&UEFAd40pkma7-pWC@--M)dfNIGI4hY{Cnw>8Mh#)jVpo@bLG$AQk2j}h+W zG&n|!=afWjHokO3V~YJ29FG0(@b|NOZ=h00e^`+6{cO zsU@$ijXC20-o9Li5n<5+X>7uG%`ip93Ac-n55X<9?M;4M@+#kSz)--wS7+wZ=*!Da zMpn&m28O#E00fst)276S_~2RLBhU7ZT=u|IMv49VEw|a!$o=-gtcOu{aJfP((J8fi zY*`Tm*Pm6?AT3%vx#u-%)z&|7yNVd^T4vm()h&-;?oUKlBRa5dSzh>Du6h|gmgJUT zuQRhx8eO{NjJ57rxa_S@juL=Th5|6>Fz{i4iY5#vZ~4uL5N@VCe9}(|z8{wN{gQHA z*9>G`J2){e#yCI7Qu}TX8f|kM{!vns|9}weBuV)vQrzrPzw{sw%_$6SD>$~0W;ob0 z5(>vAjKfiYD2%h_;z89m8=MYm$N$SN=!Tgw+R~QZmTcC$%nYSTmb-5}rMz>;`e311 z%w-7@%OL)CwKp!iu8t-*H}~7OZ^6AbgYUQ8>OUkWM|kbcuyS+b_4V~_P8QSqo$tp4 zU0<;Z3sc>~A?|8>bIZhM7{2bdMGBYm{M>s~t0;AIi2R?-cXKd2@QRXUzHU`!^JR-???))#Ur6TADu0CkOAqzc;2%oT#F-} zB*!#Pc)FxxXc%$2GiB2mM)bQ1O7ZvjSX*0rv`9pXi9}6ZUEA0=sxzEK^rEh-OED)u z-{yCj6^*bxrE(lo%*4cmi+8(gL!Nw$b8bO52=6O6ZGMFG38K1tf^t@%rA?b`$63(B0kFJZ23OOj)!<`1ttGo;?e`Jl^R1<7V|U zfje2mkkqe`vJ4@DTia}9Fev4UT2Jb$qkVNTWkr_g3qJk56nBq_Px zO(k*QnK6If_kEB@JEHj-zM#ePb)AAhG7k@7tvSxrTF8^-EsL?dlb1-YKmnP+dWnX> z(Laz!`8&qXHC8HuuKjq7t8mp5dE~+4sXIT72eVaCS@|(7E#`~htCd*E{Wdf2`Owj9 zmD)`&_Iq{D^!D)l%e~WKJ}A70U~GOD+kEKdJ}7PKxDDn%pxO)pwEZoP_UVDu`hwj6`PhTI|?$KZ%82XZ|ywkJ0np%HfqS zuhOAMJ7>?IsH=D0B9RJ49JID}*RU3)%cjFtxNJ|-U~JTa3$ZWN(dtnQt<5EcA6g&b z&0;Uz@<&~69IeG`Wr289T2V1pQ^Q{$`0~#Gpt)9QzFil6n5out-a% zDOr%Zxx0T%Pmcu~6z`>%KwTOWc-52?75~Xf+LYs-L?yV*)2$on{`~Ii8a`6HdiaST zAO^k&x(-X9gG2grCChq%0+kjmHW44erKV($J>1cuFpw;8YiF`pm+3)z45Q>7BO@bK zO-((fXu&{oGHv%Go5yTfTz|a2TNFC~D$t{m^x}z@!6`DSCAR5}?Jm$OOz4eLbRs3w z4zL1qMj1Ni#0byxV(Oi;fH6{VKJ8lW4FB9Cp2Q#%K!g6eQ`%Z06q|=vH{Y~?uIgyM z&h>M%0XwPWO!NA9ST=6fxz!B%-hFznb}@D%17;2-Od8s`2BYs2(9OaY^{C*LQ>vsl z-+tqPOs)WK-9Zb2-+SLQS3s9Q3%mL4! zN1P$SvxDffeS@a{LXW{FJS+su(|IKWhVnf-sr~>)kNAASzqI14ut17mL)QoarV)V# zC`ys~cup@V8k$g7J570|q0MJA4#_fs4WDW>b+al8jGxScJ(>UQiIJpk;MF_{28Z8u zMUmZ6_ZZB$bw>!E+DyqAz#W9_jud3tyQ{*Wj`M2ZW)^Ke;Nj_F^q$MiakOud+^@S8 z8XBrL(ECkwpMex)Hk*UuyAB3o^ao?R)dTQeT7PRBpo+n>T6H{saydUU==kyZq3aG0tJK04?<{O7wgl<%o_6P zUp}xNrG5mFlPpKG47Pc%AWOT`l^2`YBm!0)SQ;5Y^j^Ea$@J&)4w2bB3>K{uN-t4j z%z*o>YrRwO+hDcSt3``S@be5}3{Szx%lq~gQWmd2hmZy#Hew3PQf8uPFPeY|rAt@2 zf4q&j_fH1-59MMUVrKpNf@65`dfz*?_Q}W0mEY|5?#WGgstn1_wjzjalr3VD%uPp% z98{8cO~M}Z##*xeXjKW z>c72!f093ft@(3qk%?L1OTD@d$sS=HJS>yU zjhZcoj;`)#rHU3vak!1%2g*;M5rj%9rpP|+0n!$JO z(S4N9m#eB8;m5tXOEWFKO#TB$BHR^B{<{Jj1hPr7KY#u#82OB>Dy|MHVQ4|?VF2U*~8y9unJ}i9n<%+Qb>OupQBv*z@I` zqzWJfgbEZJ9tOQcO>lMavAM^nBR+fO&uuH(i$z|IBPvr3X561L7ijB!Zy-gr;5AhT}qC!q{Ak<*LIQ` z{+ntv34o9=Wfq)8>p=J3$X`Dlw@Az6)fsCyf+r-xM`I^Wdyq$+$O`qX9jN5v;4gvr zjd(4YEuWN$N9h57pUeU55nJbB&~0Q{N-b#Q|s z`Sa%wB>3-Nx7V{ZR7n;=N~*IuCb}CLy7^C6mfpOx8?WK@JKK%y>gp=9xf+uF{P{E2 z{req9tGyp41n}NHY!Tb7p?}{u^^pDIDwp_Jg^2TSI6)l+nbNZz#a9+w>49fPQipA~ zz!>rF0DRSceZF{Lm-2^7kM(*16dsrBwVmBrfS$!%E5tUM5+8oDw~U~ zt$~uf)v`}BWQf|}L=!g+EtAD2IHn|sMG_Q#>-FA^2u)!{1vzs-8DaFD=C@kMe=$pn zZv`_+`z_7va4aX?oT{7pj4H)Ao#$r+MWy7=zgTQp4x>LB>nG4Q4Zw%_uHZEx|Ei1m zpYcGxnl*Zf`4z3hdm0ZKD42ul7$DEIwaNHtpDHL|l9SsHVPq@EbRhZ@MH_e(6`w}# z_7Vej%TLuDI4pJie$`Q@Uq}05s{y;y4plAfI8#MjXQr+F#<}$x`*9c{(e}A>-ExmI zEU2c45RkT0)WDSPrmop9m!pP2gx8$g@pF)K8{2!4hn*yb7k|}#*d17du6Guf&Pi@E z+c78k-v{p%03K3q)64Js*Yo$)UTw@CIfzoax%`5H`_C`;RD6Avn&a-W>B#S~Sg^5G zh?`yTnm5q^wt^n}(yw13(bNx}uHFoi+V7kBEQh+(W6ItQ+AWv$eT5%GT&Q2H(4)6X z$9skRk{8*E{DUWT)U`Sob(~@`46WF_%NAwJu>C}l5(85%tFu$8H-zt7nM;Eh;=^fokrsR_%fn~303#9eQE*C3b z-R7Y^+RR|;yiILtxyU4DX_>|ffBEtyja#23gM`PAmQqkNlaDGhtp2XikAQGbNRy7{ zU3}ecaq|}oaNL)&Lx3lZPhDaN1n8HV$MnUQR6C#V&(nt!Gronw?WRf?m17wqqxt9v zllnvBIki?oFK;TC8?8F2F967fKnPI6%!LM}H88JP$8p!y1n#rFp|r-OpASk2QFwRR z@Nc2PI_`)k5uVeA@>HosD-$3fu0_&OG8utqw1B7X8T#w}O8*e%pDyK#*%@vY2KX$_ z+{2JIJp;2)dZ*;Kg{Ae_fJRw4F0xZwga81G@LI@s5U}q0p$ywNl9dhXWxlBlYuuQED>F8>eAjQBWZGDp#99xU?MB&DX0ta}PXvgCaU{L>-x?$} zg*nYP+@5=w+XWYPI4rcd77a6fL_?jE7MF3eaTA`a?*2?)f4z%CbSv!n2aKiv;RT>~ z?$Xt|X3l$>76u^AN_WzoNs|+d$rl17G8cux2>7^7(4Wr+%fHx5Z=0O}{7H|NeaOCw z8(#QIG4U8xbd{fRN$?s~+_O~v;Sw7EE?Xt8J+D;MW_tokB(n~{nPJ76o<{2)=jLoa zHEQ*hV43&9!Ur2{n;#!CFG?*?2Vw4p1Lz z7yJmu^R>Klq*;qhg$74T4i8U}j=u21Uy%*bWkqmS= z-<*5L7G+bH9Mm`x)R~!@l206XZjNO3v9ka>CTWGLe^gR_7m0^R&cbh$>l#>&WCd7Ut(Vc)( zX|F-JaNSm3$}>~bqM%!MUvG_}H6@p#+JQdP2~S4!bZw5>93sMRfg=Xg-G z%&j{rxVPo{%mlEoZf0iRiSmo;z@zRB!zw#65ho=6;=vqknYnqLSXX?+3dZmYMa3v+ zN4@SIP*ND1_aDGtym(=Gy8TO@DzF;ne7ruWs-fZ4cimTW zuDx1E3;z9wTQi^;=Ti+ za*AO*#LP07{jx|JPz;FbZuV+Xdv>XDvRAlMS}nx0wa%r-l{q<2X#}kA@^8R& zM^9J2%C=|?!Z`n&kia4+Sh>(AHd$o!PS{}*e4_wNdh>UA_I2gJfCiYA5UEHNq5E81 za#mKX05UQ{wJ0##H4fNvyQ-j~w<+~WWRW<8%rb17hRy!xpvsx9%y}k*#p-&psg3Xo zk7X>ke#ytzbl8Cn%dg1lC`S)W7+Si<7oToKYfQZ}Q5==8hD+Qn9xG+ErlvAT{rz!Q zzM6U`RqCvLJ%kUNSTpWs{a}e(JoK9VbKQ5jQ`sB^%S! z)D(;;Y1qD>FY?e{%y%~>J|5(CqPpw#6lbjFpcMc~%0QM3Mu6%;>#=L25+{6h{IlR^ z@a&T`czWF*!1nPaTJU?3eq50eY%%EhW_zlY19TV;@K|@geEH(J@37wx0LB!fHvZEm zkhI8p^p%)7;{x3|7#jS0-UrY2#xi#1>;(N=u1g21+~pon;=Dz#2L*+NdkB+Srx^Nt z4d~&ygy%Mci=?;SDnHKxXUCq`Z1+ofc?_rKQ(NSov)1%u8O`x7fa&5mnQq*p zPtI~J{Ge@n&aIc&Uv!=O-)I07@oKq z&sgXKQUzPsW9i5UO4o)%N$QXaT>rpMiFeJ!yoq98ZVmPgf~;YPT2`sMK9htq_U?JD z*0x?-@C^9fZYUAG`YrzsdwCj$tZdJKUH(b(-1lF4V^nw4)6l6B$0!-LH(QHC87SLw zW-N7;-wQ84U3Qpn5H|O})~s?~Y*_%uyhNJSswy#1;#6FR$3-G)vtwERSuji_0Np61tIZXylRcs=Pip} z1nq_Lt(}0m!1MPK!<`Gw{y^rZJ8}fm8V{OVug~T>#)Lq(16SKUEf^~#PdrF7Iu1$~ zoDd9}ywya(!Fdi4%5EV-2)RP#whh!6Q3Q>F+0#A(U6VXUT_AE`gSn8Rvub9i z+i3+B??r^c41@zLWK}41ze@S4mpq0|Z8v zukp3vNa!ow4(XfcdU{riErDVlo1_x#?90fB365yHmY}242MnNR8rS+^C?rqFijE1_ z>h_~tJXJiiI@S>QJ9|3p9HHX0cV*RzfI z!~fkjv^~pE4a8ez3q9{T1_b2kwNO*h;w6L}1cqAzJ4nBYUQHAOI z`0CW0k-SZ4yf~?o({@9wdKh6l`{OW3*#eetLGd3d(7%HEb;#UQIZP2#Tev-WCtDhb z8V!-N-@dG~Y=dkzz_|&*!`{1hkA;_)2ms*rUO;N$AW;Cb3WcEZ@&D&0w!r~rocP@z zAMeIiQ#o#%gaj^kgeD6+=)Y?Pa~o3czA=eNzM6@~iCqu=M8N`@M4d;c>Pn#3|1z<;C)Z!;`6KL|88_^c98Hr*HvqqWiRCiW*a?l zs*2>ywYYc_59Ea_j!85hsOLZW`w8kw9)KpBmh80<7`cz1KZo*~)Ue3PGSkx1f-&W? z9Z1$bs15|ECb~b;4D!ld?#XoTF*p|xP{@H>PUxShrVRK@JG2!1dOsT{;TSt$Jo&Fx z&Zu(#gAnWI{F0FB6cpk+{Ip4pyU8MVr4BXxy+}L}A9y1s(5;IodL5KllFgBrQDiG9 z-D?{g|0(jXUcA7Po>n(EXR;kmFSgvtdRHm_bp?sO0kneiKdnSv;0E4jrjMyHwQ?F@ z*K<5m9YwDGzR`GjWN!_}IC{?Mycc-FWSc7x*yq3=?+v3uTk78T0h^R@#O3N54(v$g z*uvFS01QF-%l^aS?-1&I?U-`&-A6XADc1D%u(?LEJzS z2?y@Myj!3tXb2cb;_lvc|dgp0yK0LKIALjgQ7=-8NeWgFw7ixocA|0r2=PNGujBh+(w zzc<|KpP88fhKN3Vh<6)1i=6DE4LJpci66zcPyrm!C1Ch>W>+`zO2B5tr)awGak{gx zRTcul{W%^~UkjW#EJSxFmmOq^!{yG{Dk{fMpFZ(>Y(DFq>F@7%FDkbCl#sAy=}?5e zgz$gPR9c{kHu>GL)B%jdK%ieR z5ue^;)9G$M@&Ks}oHQ}v%a_Q(6wy^cSM(c}{6NC|?+OPS?@CLX85OCz3gL)N#z$?1MC5c|h~81AJx&`5L4Mp!vu3-Cjx?z(9Kh(){a! zCBYRNN?6ND z@V<6)=zW(is%mkJwgsTht*CfCfX0dj8z^lg5LH#xHYx)lXUUv|i<5Cr2*hkkz-xEY z_ByCZ!gb|djnh0fWYf>wz|_NP*Q`~&?bS|eaDD?_v2itkba90BX)ZTI5pU5gOjXwL zgb@Zh69GSu*Uiup=jN8g`$#kikwqQFVVu7NY!L8J-U{i#KWpWpgX>g52Tcej$k)f= zXRK5~EsLP32Li3MQziEIaR1As+{(jfZRUVOvY~Y8=$xEbE9#(SWE$wJ{R3f-7#Vbv z;P9xbDxuyP-Qt#xhhv>mtMbOi@N9K)u`ltU119-zJSS2YK3i&}ij9t*ab1ZA4x|k| z0Z~u%FPhx^*kT+?>U-*YxH!ao2h!4AfceN8=O3Te*qT$Aj_1&P+uz+^IZVZuL;$|H z6-jfte+2swEJ~A-aofVl8y+)PvU6})gML0*6UdVfwbxqH@n=0%EpRUP`9<(U65Z-o z)zI)LYBr=<_q{rS?#jB50)n6d-7@mnP6#RKGy9O3h+q6gkUfo?w>x%E()I5I_j5h{ zOduPoKG_Oy2}B4@PXY$$dbmUa2}WJ(j$}Ue2c#mf_v!9zBXho1hH_lGG(R6cXOXzy z360m@eYw7^@n9?okKJH`F`d!kSzp#_15?wtjFMg}6W^`v8p8JH8(7(MnI*h-A#KJP zmEY``Az!sJ7B=VVb>khGq~^S_$04cOaJmv8@uSWDqN$6r-Q{24 zDcMa~m_RnTjb2iZ{LVJ5<}J))9Ty#Y0k>e)jNF%Q$n-8X2c0zXBgdRgYMtd*aO|9a zu74{c`j6!BlE=8hX%PS&<%Arje*=Cb(h*O_XD2vzJ_Q&o{CVJ;@M%Q?dEWAO3SC?x zcu65};qYr_50z8G7j~(CTMD2}r4ijo;5iC*@3ow%f(mF~{8?N3nv;VCMh6S>;^oWg z-!%X{u|9k_Y~K11d^qr1K@VPhCjE2tki#Z&JXJdvJTmZ#JUF_fw&>u0FClv{mP^2) z36$Y*Guzt5k;@H0=YAM95MEv`PDoY>i`NryXf@nPGD}=oIs+p7d^*&1ec(o}_IRi> z`XO%@(7MW*1uf<1lr3b~?1y9lKWlFkKd@PBxjwD=)#&|jF2VQK*ce>~&yVvfJySQj zgY~AkVw2XwW2uIDJ`I|TH#;Sb*h)%>!@nI$kl?M_`LRvHB=lKkr^Us54xgoE01b-? zD2z*EC#;68D1suyt~;cyv-L(ZJ5)n^)V%3*@W%h@(=l+)aMq(n%D*tHP5fPe8Vo1NNk7YGVN4RJCds zHftv;$OlJD%p~XB`gvokUtRBg+c_#cKvKM}0;=IEkYeRsT_XcCN_On#CCGAfUtvHv zpQg60beCo~6)~*##6S;`?v^(gNC){lKt;r~{_UIqVUP{NEafqN3+lmgUW(IeH^lv) z4-N+^hck25Jld|$F1hfBWF4l0!gjqAC%H$E=ZLm9??5kWFn5|v3c8`L#=~ zkPGB7kte(G z_-L{6fW#hw6h674`srB<3^5E3+zqB0V|3Jt%xamG{Lif>ug?uj`vY!PzZnMJQ1pDi8DIZQ_DQ@JyovGFu^0j%=-(Pai2k3 zEmp;y1BfoA_F0zrchs@gcus=h zp>?9!iJ8YJi$=qK@8*0XbqFa?FWbV1EUcz+m@^9s@TU)Wx^GkGEH@p0(ncV4bpr5@ zZ%!Zm?0*1(aC2YtTXpDdPSuitV2=hpXI9x8`l3D)0&e!nwPGc=sWpyp2fmv_iiCtz zp!v_c{;3P_ps7N~Dv&%x;w4YjmpKopX-=(wMN}P@&5HbMP%3l4Zn!_ws6- z!BXX^#nQz0yd4XsL<8!{vXzN95X{2bHv89Fs-;{V&MHbFpK#^mq`0dh zr0VtS;4gG!OH6*7)qRXK+A-|7ve7;p1#iw207gUEO(X~-1l1K%2hx>w-eLC0oadBT zY|Sg8jOYF`-vUv1J?UA^XCqw`6URr#H%OzlXWxN&(A4vnn8(%_ErI#K+XV6qSPO=3 zo~gwK@_2GqeJ{&7pyx9XQu;6)b8}7}tEtJF3SB4wX)>Ch@D>_9gpsro7Sq=!{=GO_ zty}r4UFSPPIT6so*OXCLIQ9E7zp07Axy4BE1To`K+T%HeJ%lw25-##2c6Ma1>9}n7 z9SH`+x%HHfk3k3*SR}qvIM2VLcL5a|BG(!ec*rccuLzpcUmNEp0|OCXEf!_!Sa_)j z%uOQ>Y7Xq&m>2wSZZ&Q;u0(0qohE)iEB`naib0)Y)fP-JQfpz+bnQiaM!Dx$)%^3P zTGLUO-U$>Q2AY$%wzeK)G6~v^KnUrCAk44|^8O^)dyop;68So>TbppIEn1_Z)elE| z>%IJI=K?5{<67pN3V{!bM&g9rG~h_dXLYdl=uZ-T%G|~bUC_1tLii(an<}N|(gHhg z5F-V84-hDTWtY~WU(mi4@8-?~gCf(IewCOd1oQ19>mx9|2MRg0CdTkQZ^G7J(tPij zCdlkHC~S-C?q6D8_3AQ>JKtz5KBLXmb@q>Y*%oAM6Go+scFP0rEsbCkQh?}H-1X*Y zHb9exDziD8=%4SI_I7hvnY6f?DcT86k?tp(0tkdUU(2`l9UHzDAO8I&cZs0$M)8H^ zFK;$7-r*2i_YNIk7~Wn;;GPowJqgf^%P+mjMJ-=nanL_07g8C}W25{j=@_kd{=Jia~ zG%Bbgq!9kvspA6P`+DxeGcCh;wubSab)cV*F$y5?m>N;HE*G>SIocag?HYf5-4(e? zFD4>CImLW+QPZqfs9$$BQ%E0JM2bnl@#1%__wU|D4p_^jm&u?_uP90i=uL$s z3{z_&lMj)|tqJZvz85>$P`azr9f!plTa`Zu@LHqI9$0;$8SBk*y5pX94aDFbn5p?^ z!r4?1$=JMlq;ILS zh5MJU&ePc-!LxhHQHv=HVL%C+1^nINuK=p@ zYhps`GJ-kZre_n8F;a2_-j`{GYhRX`L5z#vaWXXN=d~yMh1lSek&gSB10hU7?&4ZN zc?G;gOlgJUT78b93Bwb*M&%eW`7B|ets6rkYP@RQM?x>>rM#X$-pF9_tC#fH3@$89 z4+gCuEJ&H3C)3}*lUcAEO2Rr8p!j_Uyu{>HR?5sqhRp(NHXui(&8UN~BD1xx6^)F( z2)o`h9O)h8*yp?q#I?HJ`mPEuoem6MaRghHgqY6jS(?nCvLd#8}Nk;TT#&F4v-{DjGQksTfL zpke}t%F@ft577dCCx5^I7;Kztjw>p?WQXj~RbPeiizur_{{8zm7?bPH#Y3Y}?g*vv z9sk$RVy4!L3O58IC-#Yab<)K5na`zhMVVK)_PB>XY)6Dkzf& zM|)9W_moV5%hV?@ZC3*W{5eDwIG^em4eTQVj!Rq(=Wb=8NI~=peW)z0Z znw5Sj8so1|TnC}!t%cd3v$Q$!{w?`8lY5Bs0>1)j`C5t@pvLirgKmX37VW|p&;qo* zTJS&UZbhAzCL3qRZmVf&^){a`?AWE~{4C?3Qd3n8F4+Mk8yG~mc%|tl_yscn_Ly0m zs(mfz2-+jPb*?u2PIELqQcSzEFv#uOp}(7a35Xf5FaS&)FpB~DJt^Gmt4}vZ>d}WA8wY0U8}nfbPOU8Uq`YvMbYMzq&%k3H$EDIkBo3Wi05uQy=^pdfiyB_D5b$AbR_5b^#)Ac${+9a%?prCApTnT>l zrUeKMZP}Ka^PMEJyFMwDM)zYgDeBi{Pxh8F9}ixc-55#4e|k%=u(9e^?-F!FY3hEe zIN-b4D&XrjSb+g5d&SUdAcb2hH?QO2Oqox7Du@tml{hBHl~LhXKLR(+aTj!k37X9J zc19oqH8uQJ-488SeMe_!^PIJh@)DAgR$tr=eeLE(jeu9@S>trJHfQ&~r5Eu-c14!0 zk}J^xH6sg`!0W=q9aspd#`84Yo6Mr#14e7LJ@GxZc1N*HKm-G^9 zUIcUEhlYhm zY8{wEf&pw1HNJB7by#u^K12z@Zct zWwRkbs4}@jC+t>teLYz`Tjr|kLXlr&oEF}^@D}(u37Nf&n&V9B-Go5{@z`f~80Jv% zOqiawMgo*Df80~x@&ZATHCjW=AQqu=bAq*i^cL|7YAqb?RTjKit$gII7r!HXMQxrG zN2k595r{acNeUHnUnfj#IhTLunE3g#&6Yp2P;*SSG7D=ve9UKO(h;mk^>=aC%i*0r z`c0-@q}*+u<;(2?F7ny6)v2}O?s%=iZg5>3Lisb=eY4+85dC!#^VGz|^zN{Sq9U~M zTr+5`&>n*+?zmGLhnOJ(cpAozyq*+;pX30X1M6|VTaiU;3!2cK?M;~@L>FMNdTCu7 zM^L7LAFHzb^>p}I;A&4Sv7y1hB6x{I`&k)1nzcqz71GVc0zcR6W3fh0$myYr3S zoumhJu4paeXBNAduCcMR3DA;yKCwHmto7-lWda6q1|)xStEY=#jmLy z-mjqL`)O*S%D?i{CkgAd9}S_*kQcTKmL!3ujc0-bH&g21C8n?QPQYafhLqsu=4P-H zs92-9>es!K`JfqjaTMop$7tB^k6zO`3P&smS!ebfJq{ZduiF+kWTF9|<_O1*V-T1N z8mKv_v6-$Qp+_!R4yUsPoGfz!MFYHnF!ehg`;uPR{@#pFDdSvqA!%vznQb$(P^wHI z-EeDJFh%1tjg>V%;A@vt`~D(qIGo83ml=i>0G?<@$D|4Lt36D9o2)bMp-`2p#D|j5{H+$7rJPz_Q z2~dJB_8S?2B`CcEq_>eqgNOGxz1u<0qP*}cDKMek9!f2b`f=Rg)eUeogMSI!;b0-q zXRliHT@dnQs}@^>_>Whk%T!wJ>NKng0&W^QZp$F+g%&5usd;4sE^sGHOq?IaeTCBP zBey&nsY_~(5&4!g6Wl(Mk~lhQuNPY=W@`^Z`u`{ZLDKc_+7roEY$Cegc51VbU2iwK z`F(V;*jys{eR66Gk#pLoTU#%Y2XAPM7U*FD{;}I@E_*4#Am&1P+1*W4WlQAVyfd_g zmNPnqG>Z)D@l9$2!vUp`1M=iZOQ0krb<$FbbInR&smOHqLIhdo2s&HrRYS+=Y8M_+ z8I?BSLw+CrQD%?~!UT&LZG~GBAl&7hiT+&g0L)A8`}x#+!9sFHij|&b|Ni&-K&TI4 z=TQd<1pWHT$;pYI?617dWw&~M=LIQtM@i{~I*?T^{=nwnv8yk%O*$@OK-ARKc14ef zXvN*coa%k;vn$2U_QvVGQ63U^TCXHD#uZU_9K^$~a9Le+*JJ87JLFGMO`r}ZpSCso zphBr#cYnL4f*KGfV?1iPYu@a)l5T-~mDas{cdIKhK4!?$Xx6cIUgwqm5>RRn0ga^v z7AagkJ-y$J&a!8GzS#?l-i`Cg0;~C|>gtX{L%^5wF=2uXXc*O{na4g-V#}i6`#!Kz zuMTBAC9(gVO^WHgAkHZ5=hX{>_}NzNKIlGRn@zc%{-SUJe?V_#g=1DjQ<_;2hGI5M zuBHM0U0{Ih^by^-#%2bK;3axx6QPh}>fu>yC(yOECK7ITuY-km^Nr^dzNUZ@y6zN@ zg8`FGnN!ZP>p;Jh5t^I_H*W>61FhC?q<4ZBcRrqzFE%%V`{k4Xpw2zh+q zAiGoSpc(a;k^ua#Ai2k-pdm>~sfk-i{otGvaJ@U`r6lTXN_q%Y2M;vNKiN&KlB=HZX(tG~VduM`c3kJ~evD zyCtoCn3V!C9-ATd=5K|Y$L?#B>GmWN zp8Fwdd}-iz!avkx{y)6E2UL??w=NnhHsrI?L@aa^q)UycfbBTdaZ`9PSmA)FXb>+aEBT!uLJ8PpA-9=>7=Rr9fxsK!TR4vLGDSg_flf& z&8S=U%fqD|p>k1{kF!8p7f3gM=}1l)0DgFd%NQ=zNZ1sZq(?yJLEz4ydO{#8bqcdc zC-nmfZ{1!Q<98@G)52sfNdZqW3=!%43cYRPiBIDQwWF0!1-M#Lb&G+wO8_w9v}m@`99kwO53G`bbWJEQiEUPSuake*Jg{%8$CM zY}zko<%rAWE9Mo*24{-+4b&`IoHcLRUcr?yB<27@JZ357b1q0=4`amG36_8O=!0m$ zFQmu@T-B5lV{C5b94?zR0hVLBX~_b=4)n*m-h2OnEg>J7(YZMR< z4tFWzb#-3{jE?IS-4QTYE^P@_q$WJhZ27@tE$Srt(IJCN5u<4RuEFY9Y~Jvd z6DJ-gYO7?aj0x|gPOcgwaCFecK%UeqFr$zUB#e%n))F1aOWA>2j~uTXODEg z#UXmIT#4Z>b(*d_McRVUiYdIpZ=e!g>${YrDo8ad*S(zMz#I{cYGHtkzTemoj+3mewCDiJJ4aQZ z=EunPhee!;+fXy3#j-Qy-3>i6HoWuWgS%$r*OTxyIQ;iFC1yN}XiHu}fl9y%y3S|J zd%no<9Cfu$k_CDo3*T5gjxuF-zmk5JY!QI(@*S%&5(LSNA?`Kc$RBc*XV zeUJYdUOf$MFeIk7{w6?7Ow72*|1p6M;u5|VP{89`w|x~WH{mJUpd0P9bn(p5oEJwSxNzE4K5uwTwWFylpk08k zslZHh^r@pmLnkyuAdu|WOS?xNu<98y@|>GM2>1>tb31}izUjPR)X8&9pM|Vj?z@q{ z_YG_vff#e-UclUV(iZ$Ge4WGE#)ZeIeW%k#Mxw#yeO?SYJ)9AK)HS9se$RHbCrEj4 zNTrNkIMaH&vrPI`O?DCb%*Fm1mi+mC@ag%^oe4F{nIFJtOjWV3v z-D~Pi!+l2N(OyPfsWVS)`@aQQ@+6UM9~sq9ylUHJmbU9p!kV7iF$JG_RF(E6C$i8o z$Gi4%Rd<)?zOfF}RV1IC?wvwGT5YYAz9Ig8_lJzIdJG9?BDGe(nQR|du-PN6>DE9p zkWXwJt^L8G^m=cPAY5*}zn_jUwFOkSaDJLtXFk2Suy9L^kYWo{5bg=CqisS(t%b=i zm7Cxv9DT;UCS!pKRqw^_SB)EU_bvintKYLT)=M4CE-+sXFnF^5xll9spA!hM!s;bmqj^ts~u z`fsP#gL@0n=?`-g5_(~xrmMfvS%_ z%_rdq0xhE;I(Igj(YUa7bU6u$IJmF6{2q$TORMM9f%bsecdqa_CpzS!Xu+6ONfR=+=uT-7+vW3TVaOKXiz>po0A+Zc^PRzB+6jH5ALM>osBem{GVI zu~naoge7-X>OvdW3Uz~$;`$BdK^_hcjW;g@vwm5o?oY-ZEq$5IvrFhiuQ~Qis`~Ui z0~Bc-r%b&p8bfvm|BAMp7(enkWnEVD%9T~d0LKnczJN+{tyM0!>*iBIq`Op42iNXz zbb5o5bw*B1rFi=12fBerAlVT#m2h)vM^F1@oLrJ8phbzGNL}OfT;HLIBq&oZ){tJQ$XKOQ zXNTOFa@dD_W`mvWPUDDRhnj-|lF!!>yOwt?8taGau(tq(iRH~r&R_=xe4{|qhBiox z!XXfD+NVnZNK48{W2kQDN}}y$ygVIS7Pxmk zP=P8yJP@@(>6zd+hNO=`+O9^hLt;-^hx74u%%HPZOI|Hvb73IS!5@5#1S;=o+rOZ= z*e80Z#?zjjO-c_myubnmxoE;?OdWttkLV%ebacNr`HbHOMaYAYM?fue{&>Py!V|Oh zn?-$3)SIZMo+70WqRMy>*du`ibEkv-J>xIWUVXe{lrh^GUkJ31tZhY6ks7!=gDTgF z!9qhp(#n`2m9m2eDYxivCs`f(KFhPny!djG;kxO}?M{uqf(tsQe=S2G6_;uE|9L~$ z!qyg1>U*s4!;|9$s>hor=^+p3`sL&Q(}y}Wqk zc)F95(Y>s@r-5xBl@h>1AUyZMQuA2mE8f0vuU60b-Hp!|=pdKX$Eu%SfPBrbt$kqW zpl?3cS<$Z#RgFU%c)xq8EeCm^-484Y-G$@nf8Wsa^GoOm&;6bM}4 z`4*Z2J{(N@>9-9{7C(GI|d@%}Wm63InwFX}?$637W^Mxxk+<95+op0_hU~pN3d{?<){j zYvVYl`ylCStOn#k0L`vC=s2BmxOJgz2OhU)9@22~Gui+^fWMAsOdW$%DAn{5N)2>~ zNGSi#;U)2oFDKfZlP^fmJ+zZD_>C`PN*Ij70$G>08OvvfWhy)?fD!dfk`}ZWZ!!F> zg+`y&#}D#;XhSb94U-5mF=;?4<);m_XCad9D$B|3jz0uXT|D#pP568}lcsq1N7VMd zhhJ)v=fjKM-euyk^Lx=kXI?*OVcN5u?U8#`Tv!-qGrQN1y?pXCGa+}zH2O@_gVgy>L4Mz8=HOR~duWr5~PtR+@w4j6kygZUzO^9IW>Ql*?_B-z?Z3c6RjU!`0@0d^z z=Z&NF+Br*_wVCskmN}HoCpsnepL)tQ(oBf0E?gu6M;y8Ry;Ed3hu{drKQ(t-oORH+ z@W!bt#)bDzrPP-VMvbW<4rXLOklhoNsMTOHa2&ZUy=^h`BQ~v$HjiTJrzQ@!X-1XZ zy8=9ftudd7|1pBt)8VhAy}Kq_uqd`|iaU@@4UJsE4pC92ZqMF47+mmhaE=AB9L& zCbK{b7h-g*UAEYBBMu0nsq@Ra$6*9Fj_>!>5Q#sFebM5LroK#E^9r5afzw`gd0V+x zEd39P%YV$ct8j^_xuC-BIciR4)7Ax8I1LfDK~2%P0X~Q4X+rIbP;oWnEjFo(qTL45S^s45*oRfv^Lc4U!6*0BfxYW6 z&dxPfOh`ZD?jb|c{Y+aYi8wOv11?fbD{Y?4S4q|e#RcsvcOJuHBo(70G&Y`-k4tns zfk*!oE_YX4{&Y5BvHJPh1LLc=f&EHUrrv*>g;3%C?>~?95V?1NxPz}gfmmE~Jnbh4 zGq4Td>+=tHNjk`bBysm&jHP3s{?GQq_HoF|?XU|_+MjvcML}0(2t@1Gzuyj268Qgv zcbV(Qz`rjqDgmhmU!0NuTtVd;P@CW@mZtE)*Z;r(wl#q@g z=W+JI(fZVFR2&C$ui2VY(>-#AWzL6iUay>YsV0nm-Sr=v+p_*(Nfg+m$urtejSUWB z2-(q=i=^B4FU0UvBf^5|Buyu*gJIF>MREIO9)6MM#h-8hFizMLZinA%X_L6pllt>< zhDLPU{GN^!R@cZcC`Jb6atEtYW_hD`b2dIsy5rmx4k8#rD76R;bjezL`>teMD~tBO z1^hon{hyy^G7-ij{$mU6=ze^^U~7?j?(p{?*-=FY_fxoVhpxI7bW7U77CBltpvU~I>Sm4}`gFHmni1_9EtmA7cTlsIedp9|(FRPr# z5=A0}v~xI&mX@&}$XyG&GQBZH`b;XRP3i90=Bm~)mVzkA}>wNf$&(%F5Vd=F*vURz~VXs1a6a!13FhNde`@ewS ze0HS|8GqJ5VBj(Jei&GfSsiHPt)WIDcU7~QP0Xf>x__i25n(7;h&Hff>WEQ3?-m>x z&0-f^R@wNp>0YdmLF0HAqlT@bk;(z{<4t$C{X3PET~@An9;K43rc2NB*>e-LKSm>U zpngELnF7fM*p*%B-C$Hx7msQ?G(WALmN;{9%$7QH|Cjv$w@AmQyxEG?kOJA>LW`g_ z_ykwTa~COWOkC%ccRC5tzY@+Hnyb+3=Ngy@<2sC&wg8|Ww^JF^oV=9JZU}}g2UB4N z)Gps2m*NRf1=4Hdko2ICyj5>A!rRgZE-#nHd!GFQEAeGOmjGUvM;fL%k;4eKR9i{sydR;ipZ;!;c@<`DPZTLjS&Tv%RCdUnt1( z2I0$dRMw5W7!E%iK(O>pJiSKK!Ts(mw|ie`-yG9Q?UgtqNe> zh0EXPr8&=t{<6PJFO(B{@`W{rAC zaNUI_Fg1M4CsY`yoNt#_`$sL&HYzvRQGXE4EwH1&r9J``t_(I*%$OvitlckLyp~Np zCvL`J)s+v=<;mF|T-KwC=acFRZe29qsyBv3BaK^Y=+ksf4vnR{Xgd{1mj@Wu4{TIm zLDa#p_rS2Rs?_`KuqaZDE+IZNDzsIV&Lkw;hPB}>iEc>)ZnrU`$J#-9m`5M>gg(`< z%2}9iFVT1h+*)1N4CA1t95#rM>0 zT^9^_oJ2TJBJjkJd7lE~mkVU<-L^5*ZnhxtVK@f(Nipv(Vct$m`Y+uLtKbIE+`{xL z8_l@&J>YLa8!SzA?)6Yk9PM91rk>#a=gVPn7cT;6jR zgNfq%4{W@U1TUqOd}0% z<3z4OZ`fRx(geZ)cCDXgCc-oa>|P)gzTgstYDDfe$HA!1K_5e?q!=RS+pEN*S3YDt zO%*ejPaWqeZv14*=(_cH;!!(s|GQVH*6!Q=F?sBG+TEEFTa~Yq2zLPFjiGTi0ICA3 zqp>k+O`Q=R(iKlMOiZ?Sa^Znpp%_P?Tz`{-$Xafi^0oWHqha6sNc3SzO7(1dD`Oqzg}#R$u#N8*qVhvY^;C%5VWcS zZ5=vqt(=BHRu~zd(;(gd1!$LSR8!D$H2{b(TW7uBCi=yCbkX&sCmdE)ogE!zducFs;aOM1;3+6Sv=?e<!vReX}7C5SHOqwlB%+{BUZyWIwikve&9{~Kio*{f@0`Ic%U+CY< z>Lz8ObHDy^R1appif|ceMOvr=H|pPdD(;guluAZrCzLlj_8X8%CWYTND_UqWob#hM ztsc0u#oz{LUTWqK13Y;8C&FKu+8?_Y2ZyoFCkEG?=un$&pAKV=Dngp;e;x$PD+Qng z7XZuo;>qrpM{ZPsByVDWW&m!=#N52Npg``fdL|-SVPmsZUjSIQGWp_veW08RNcYI# zZ#xIui1=hdXKWf*^?R1lbB~l;Kq#OnT*m%UwTkarKBLIFM}Dbe!YcHvA^i~xpHQ9p zFPuG|$n7z3O3JvQu;AW}X!-{z;kaQNDu`(sg3@G7jTEDX11bf*0F?ta+HNe59e9@f z;7#v=Is~43S${`^s&`U9{=_1R)n_Bog(GC8aqTtRQ{J20!3bX3>2&mSUqT8m8e%jcr> zSWAJ8%Skm;HYf{~^Y+$LCvj^f4zfkhcpbPp&1OE$`C!_k>neqv_!8(@Vk-oczhT0l z<`M`VaQhYJr`aK0DHiN%qFZt^$(o+=5|N1896e1?(QA!l;Fbw1zRDMd=y_ zL7L<(n)I$*0&eeT^(D~I0d${;bw0|xatv~VQPKQM^Wdkx4zfTW< zz_EBw0A$Vrr^oZf3NL^%%(oFMS{VZA&8iiAsCZ2hBk0WES~NM~csB7&47KMi6esHZhL zpzBrtKz64dc>nc@I@pT$NgLD2lMbg@Fg`avJaOpp^&~Zw*%lNnXS_Ow*Y3SO5!PS= z?)JIEB17laN|k4Y$1ERdVbW}=s80MgvW?lkz3N!lRRIkNIIByAoI0Qh9?kgrx)24>s0*zdab_7K<{&l8 zxY{B8qW3$iwTq*?EEsXu^=M8o4WN?LK8rR9$A}}Db)W-V@r_gH7wyqjYv=!Y8<<_; z7FqWwxDR4g3zdv`Z6-PR!PW=(4imIxr(IZ!H=d@mhz2HY5M> zjzQ91wGCiE9<;{!3$~$?KJbHSd5Qc92K*^|)A;p&V?(OPS)sr^8jP56iD$7LK58T0 z^Onu?l`wD)UnYC??eqq{5H$O3o<~ZML@`}FemY40VaujXI5(@}W`ryT#Eyb$eela6yO^EWe92kC25e#E~^ege?qAp9sJ2NMzFZN!Z;4UM$KcVXybbi?(_l( zx)}(lO%36uds^?Gv@x~6Xe^?)eZ)VtgKbT5+greRjEk_6IMUqrhg+?6n{oXA#ujFtViF8AWZI4=BX!N!nkaR4}y{ZzmfLZKPI&A(W z0ImZ#Cl8kO@-tV0)5Fo)t&W+N`UJloIfXCnd$qilOk7a)=f0Mnu%_XA?*GaA@hDQj zC;Rx=NL0^Ha);eURvY&@V-n{a|Kb0-l@8+wg|5-uB8pAPXI#jL_;8_qtx}=I*FOB- z$^BpRN?k*qiwHX&&;~ifwodgVe>(e-StWf8JGs%1oE_ZVLnH+DYR)mW?__SCVUzo2 zJ3Cu?4m$K*y6cW6N^bBTc6!M%yuIx>7{H@ndkRXa>{=A^PZcZ~FI)? zh#)5XYj^^4kV80&{pH(#=2e*verWo;>*3ZzRIiOYBN*X-f<5~mcWD02Wbk*+CKaIp zG4LT{s>p`ZI^0Ih-1m!|NNf?Y$_>TQ{$kbNkTtlUkzORiM(v0QZKq%J8s6!}skA(9 zco$Z0=bvt6Q<-(xk-vVn>A|1f3!EbHSTqgd^!9%{`R)zapfVO*H4K21&-p%bDf!8u za@mHAg^ImDAAia7XnRzItuZ%Ho{)u8QbdY9>q+oOgi%dqmll9SKphg=few5GmMlC? zHvp{&rv5)zH@?S(RxVP_SN}7vx%2Sa4KS3730>f!^Vz=mtUnRX!DLEFvawEPULA0v z2+q$j{QbEX0ml&&uFWHi7eT(jMnTH+jcZ8X3&&o<&@vi2QY(;CCc~eV`Y7XZ!W?Jcjq-aOb#TG~I z9n{=QQKoJZ=&#I0-CL29wN0Sxv1UMzRawaIgAoMK()GB5GQDADAk zbYs@8@j0JJhsRage4qcE*@!&fbVDkw+xO!q^ZVRtsRTyvhvyl;v_ArZ@HS03t&7Kc z0IO=IN!pSrL0ri=DyrE3SFyUif0>3Mhl;I=tDy-{fDaaF&m(Kpx|XdA*V=di5GBr0 zFgEIs-0yU9DDmS&lSW?XU$?ie^|LE~g{d z`&6V?zrbU5u=`++Kcj#TVC%Tm>O8zb{jb0sVj8)D4is#+!de zxDvtsUP%-Q26G4lqswIO(aeZR4EDsh3sc9a7T7IJMleo(=H3_~t|9%JN#=${R(3{8E_haN2WS)>VQZ zIyc?x@Wkx~{fmve?eNHtFJ`T-9q9C-P+5_PMh`t%W_K=XZsFhEz|GAJZhgBQ;h4r_ zi=j{fTw4_X^IbN3Pd!bpe7Nq-Ex-MC`vLSl2dv9hM`0#F1`v)(sC3W2h&uhwi=Hg& zBB8-d*hgXgd70QIG2#CAD53tpa>p@6+BwP$`mC@Nbz5~B6Q}##Qx@g~69b5H2#1@q z4Ol9YeXvwi?qgmlMk;iq?HBV(PGwLoWC&VU#k7)JlHBrjbI-U`OrP}Ygu!wUV(P6a z&y5YDR&b~!a6CkIgv6+p^jiJv^OCy{09c&$p~L@d*ntkVZ3?JNT^D{KBD=mu7gnw0 z(iCr@(f^u3w&2Do4rRt<5uMj3T`mWx{dJs0%6VrPzSbyf3<~1!vXRl_Q$o~1;T2t37d;vJRMYtR ztY(h^%tL!WQiA23Uhj2rxfUIesI-(-ExcKP z{)e423)O#YU9E|kZfNSar-C->9x8=RT{2r1fGF$dlXT7X7N4U;_@E(s2qQmv5dBF= z;B@-&A%wWui)r)ADh$|hEyza=f#%8jCMJxOx{spBLKwNAfSeaY;L0p;V|S?|8EA-% zX4D<}o0QX=G6nnZ#o@gP>Q%%fw?_3TsQUmT8Q*k>GqShyZM-r5;_!8pRamt%dgvZv(vYLojbdLYvsUxVN{EUY{ zp{8W57^728oMl|BnYZZ3-!n18O1vmnABeYpVCk2d+jL&`DP^Uu>b%?x4I~aWm^FCT?Zp#=si$7w)lO)0QesiU2#-!~Hm< zuc{zQ@tWT!K0aY36;IjusGJg)g@NqyVk$f^bQny_*evHUB9SO+-(#wtxRu?wH#b&~ zvg22#IYgj>0}X6Uy-T?yIPGI7FWw?-!uN+|Q;J=%W!@Ub;%SEiMYSfH=M_=ZZTFyag{FY+KGEoe4SU> zLY*RI?KB;*2G1++sks3U`2D_nt1E_~#GPW|jJ96hHX)b;nk>y=)tlqgQCZTKr~g4v zJZUw6JuA0SSw}%3D43qL;F9Kj1Ep(-CoOxCg)vV!wtmF)68l?I`@$2-(auKHqytb8 z28)q@?M05##Put&6_=ImAG~GX!AY0qc)up$u`iEMHxoZ>Y)h{Z*IUzYpCk@0!M4MN zMgup$N$r1`Ca>pn7l0h%yQ8b%q!RC)sa5<^W@`&eV}Tr8G;sGw?XEqe6ADc(sH`-2 zR8@ijjc0SusPFEkh`A!?ibni5+U-eQo`Oz2$u*^RCH3{DkE$k&l_Kt&LZzme;^M2E zosgcr?>K-l`4A~<_ohc~Q`CEPe2eq4-2TF)6hw<(DWxS6AykO}Ju+`TSW;5Y1+OcE zWl!$)!a&)UZi}_=sAI_RO0Qg67Hu&BWl-004f0Ytd^eqAMrtG8=>W({-xgXP6x12J zHM}aNBqk=ZzIkO(WSVdQvSm_+wpkIqp>h11;cxD;gQ8W@bhNob)_&$Q{(gjWnEo)!d$z8^P6boxNBVh)IO?SD>vCEGBvmh5F*2o~=mYGEJ{XzB3V?%RN0GsGOPxq$}6APq_<}h!ZB%>%L`N_c6qKG%Py9!nU zXXw|}gyLs>f?c3`z=}q((Gr8(o!HF-7vqL^RvPfD>f&%6FSDT*{FJk)H00&?%=Jg@ z4lbKYSiHDcqpSJOstcv;$XX-imB#(Wb8xYhrK0OlV49_@eng3q3WqdR5u~Aha{CEr zufO~sBQk^S!4-{6*^qXfMG>2gE~%`Tn$5YT>Ps5f1tB*((k{p;Cl+}M48~}RO)Q9d zHL<%5fw@WTeTOve3hk&w6udU5fj2E;h_Uxe|{b#dt z0da*7Unw@NQ8C;n`<`hc!vs-vt5W24KYPch319ug1F9%;GO&T#6HrSK+{sES2YH48 zX7Fwjd7ipcK^_LY25ELCzmyVuej;aROdX`jGVWtkg?pxDmiu0#$BLz4op*yBra?lv z=%T9Z)^F=YPZl7gLva}F`)^53g{Vpgk1?Qea{~^1ESBY_cD#2jo6xf`rwM3$Pnfn_If*z4zUNphpCJbIOf0kY`Bx zeLE^wFc9;6`j(k5wYzrZBWvQg>#b8>-+~zJ!_T=&c(JniE^CjzAkd?2+I7^EcZ06) z-abF{j{90+n(6P&t%B^Sz)jRD@~1`Z!uL(#N(y zJ9!(ZNYb)yRGtL}J+R|azpe-#A);bUF2L!B5O=mxbW22liHKd#KnttOaDjD_jGt4B z!^qVn2FD?B*4niLI_qwEz*u>8cH?1()a^*w)tA(re#hLDJXORxe}m+zi*i3^h4tV? z;dKNL0xr+%#Dm-%Te8{#DAEX7L%7QJNK0||BU{hdk5OSzQae#?!X zJ>*gZwNTZ1KIpoCo4nNgGS+(|-yYU6Si+&u+b)K|$oI-o9hNC{Zk74sQ-NQ&xRZA8 zog)!p)?ORRtr7v@5sX`sPCuqMa9_grK+5v3@t=XmRk6?)sM!f!g0P)Y(XAKIn&Ab4^E$fD{2SA^ms( zb-`N$I-oe9cBk=03=$iGw-bf)>chzkJ;$ZK zIgoWCWqxT<7w4ch4QsZxjjpxp#t|~08*J4?K%n&DkNf9aCT$+#&<`eWrwz z*!!0Wy5#K$!5JMhGd9-KAglEHZ3K@|_&(aqLL)U%sG%~a(g4)_W2>eRx$)+RyA59z zLxmLQli~h1eajUNsJqzGF~-CFhp6)HmqUo&FDoHVyWi**W)02bFPkM=ez(7bZu+uI zy2~n<(f@p_gtwL5H#QQwn&<2*%MTz>#002SGMucG-Hte1Kps-$KsnU0?IC%()vD38 z#s17Xgirq-d1Z~5R3XvQ5GOR@Ihbc?T~)_j&7^ewu`~oO?^Nh*-Mo)jOx>$qU?@sfUusfiq zv4u^OLTP9EV&!8Nsf?(rqy&`fK5m$-bV;!gYivnA^RI}Hq0Rps#2$}!im zU7tznjZ8`MJx$OT4srvc{8(P^cc!LQ6*vc@Ld+GvDU;$)d{?{5AYqGUzpD)z_Kr;b zVC~2$Zjxx!mSq$B^}9$QBj`DPg4VpM;(5YXr}FpAuh=!G1WC#HFp#VVEcA2o{cb+F)Q`Rp6g0staIDE znPiLB1WU_P*ox`_XhIA&=iHqlVKD`lPy#pypLFOaEnYj4+zU;+T-VS%_u8ZZO3wx# zoL+3v3}vYYX9TIMt2>KnPwj~Pdb`^^l7vOW4CCVCa~bbNXJrG+nz#mmR4Wof&ReE< z<8Y0X<%Gu10cXIv`t-e`ERvUsT{jsK<`plLmlIt;Wl-tajw&yc2=A3qef;6HQ-sV~ zZmA~(Lvf9~zB}LK|1+(>nJ6*-48Bs+>PkbgqmH?jer)unHGGpc`rzaTm$9>q0^t(} zRBvRLqjW^>S8-Q^>}A6sGq<0$cY6+}Lu~!$Mi{q%xf2C?ikW|)^2c|Db!#Ie^;Nfw zutZY`dmeuY8Sc+AZ{ik(2YvpBP$tw_or6u>?y#R{`115@r(`Pw zB=j9vQZN`cQTEWL?dJj_5%a5V!!W+(YWkC!`L!L`!9IC21@W}9s9ORaZN=|biDT#v z4_&TWoAlpaRN5*JLngSlzm7F3$MgdTwU8ddPFvxn;3Z@(e5bva#LH>{EzMtiSJQ#t z#J@;mu{c(ik@3*1-1%uh)w9RtAnbswKF}oZT+%Ge$+1I6kz_PMg{->yn}+o4h#cJZ z8eVXT+OCN2P+{}>dEmdg7tf(^b~&6`S_61Dcc`CCbNy8M^R~(qGe=}=echU`AA=Z& zfoHN_PI7YuCtQ$Sdt_FsdQ;Wqg6B$H?i03j_4_(RKggyElqa`51A_0_`pw2t8r({A!B{&70>T&qKg0+#K3c zCaF#VDTQ(;KM!ARSW7GQB)C?u8vr1EU0uL(DmfS{kc8dc|AKRHN{?y14u4>KcX-}; zuMxnS3FW%g+L(jqD{f+LlYyXQ&YnCIbDBkVPQ5!>OnQ5FY^_=qoN=Vo6XBpjuya(t zq^sjORA<;b%omSoAf8#NZrb)6akZX8P|OS>07#_@6owN)mm9`K)Xv$nd%&w@Zf~0t()jxhb$GCcNF>9y8)AjJ zJ-hL%FbDTb?B_(Ui=BjA2E{L%Shuu+{aexFh>B&rkyxf0Qz#VGUG3e+I*hApn zc2g<~3&;+DZ?ZGJQO{eLw7vKEx}tJfY10>ABF~SZ_Fl2If#b3=*i!-($=myThgj(9 zp?x{y7xRFXBf>2|a$ZdOPQ9)z>R+(z0Q2P4YO&hBB**Tv@XbH}Tl06fx|I^CUtb>K z?l-I?!rTVu(=-R>9-V}>z3;979*4uT*H<_Vi%qlX*!>@aHjaZ^2_onh{TCayJIeV4 z1>Jm-A`H#dM5XY2jITqSbAX=(s)QPkq}^XUyV5u&fSTNvr(4d2A&}O!Hv=383#F*7 z+^}4>5Y#pW2z4yr=-~aH5@3T?V9&Dvd|BFh&3E~f?DiTrwrajBCD+7_5+;CIo>zCp z8W$!VY|R%XjRxcC;)J1Z9Gn4`Do?ER`z=pdBEpI_55rAsx9DVl|GZuMd;dc>;0>M9rfv8oFH+RtL! zSmII{8I>W?cwk<9^4tP@l7|CoXcklNgvQG!OTsFP>kjPTd$X5m+!VQq9yu_>r8wX- zZb=E>JaOp1(@?u$A8%`_=?2_z#~DAy#WV)FXi{TIdCzF+Sf&!Dzw379+{!Q2;x?x` zeSNssmiGE$T-D)Tad>_^jycB-q1jmHKqn0y;4u@2r>eXXb7PHI z0WaqgRs~Ae1X-Y$O(R|hYj&U(Re60j<2&WzYxxE0p0<42S^*W<3)|AGPTTAAhcnB= zD?ss3x9sB=X{-ZiAesT4@Xzg$nm@|sGqX2IzU7lA}gdp~XR@cDSLmbm~@i;r$1+B$k#+&HK}zhF4hKYSr=P zJFUYfIxoF@1Hi$H6fdGtsl-GJQ_AzeeTpZVy8Xzy3fiel;8w=eFV7bcbuoDZfZrC| z|6=VuZ?W1xe+dJ66b^wxVbJbsXzBogiIm%(8P0}+^(Y}kvh~kY9(rxE4+2JE7~YGy z2O?c%Q9dIs(3C*p$f#`h*2nySa zYCxgH4f$j*NIC|tE;M6yNr}x<#~@QHb$)Tro*kQDZ}FGOsW}3}L5$GDjh@{d zuZ?_?`s`JcbN!uyazo3NYx_%6Te&8y4jXHrtK>;V!~SmjLP&vt|6R@PHV~{QqXjH zIXPTDu5RGC)rw95>BS*KrQEf;?Zl~t*4&iAnMQET6`j;(@}^-xBuux5%`c~Te<<4s z3XY=C#8cR9Qcd=fEG%+9%qRC}EHjJPJ5EuTl%7Wjk(XoEVaX@YKI@j-y=RPnwuCao zL>}pjP41zE`Nhw1S`&Kqb6YiZ8*j2kTh@q&Euu(+MF(r44RKwy{3 zbqF%=qPE8*pp3%;3i0M19{~S&WoSs@@aiS`&q=P0W;^5F0WH=MLbW7Ki3M)PeN(`k z*N(Ut=;nkTXIQ9n&Fq~2!YfQ+K|<$SueC|D zL;v6AGy$Z^cqzuD)Jh>H3=ta_x0qb6i3bKQnef48)H7;g5Hu~`+8Uy9Zrz`RbXnb! zB~=o_WPPUeqhtdyJ#|0lOZ#Pb6FY|WtZ6M$sZ(&@lJ#q4G}fgTN^zr3lasKS{t>{v zSsK(uWbq@t9dV3tYeR*(tF@a~Q(kl!l?J21Qd&>PgP2?`VLOSGRyEn~G!|X4R4lzX z9kPnuV>C}*PZn(k4yM;H_q&J*5M+8A-qO1%L-UmHjz)4sxNU8^_R9KXFCGic0!agv zmOR!ne&+=WV@DB8Cz%`GukT+?yOe?o1W~4jqd4Or%fEtH1dSeRYfBcS&s@6JQEnit zC?0;5|97B8>^zo{)<|V=r}TApeIF?G7FB=Ra$uRt7J5A0Eoa zHm(8U0pFUY*7s#aBsY>q;!GP@h;MW&n3ko>+r%MVK^cl$!|nh-U~`a8I+@KP zI^YyYukY(hOW!w@=BQJK@d7E{TiPK@-$JgdPwgyk3NA*c9b)QjodIvdBC%~tB^)4$ z@3>R@m)#CP?=hU2FI$TDoTJpDQmdUB!MR6~)%7!SpDLILj9E)0TP{s1+M}~s`Y>tY z;||AwH)C$>JK^myIxo>0IRJ`;^10Ix0-5r_bpoNScv?6VZ1M7|Vu)x_XG*%iXBW@J z<_?7xgc09+l^~=DJi)@^eUh!@&<>b_qQc^XN6w+d>vd}xAm0-;SC@$Uo$))`tD_z2 zv@Q;rQKE(9K^>cspU2>CJC}(1p!4WGDLd;KqFOC&A=OEs@ZkH6CnpoUzO2Pdv*w?< z=&e2NZ~pqb*hXiE^*q;%Zbq>pj*sdn&-7T+$EYSrf`~Id@ooWXM%ar+lRZ2t&IRPF zla^0iy0ywotYWibQ8hTjYvH(?u9WNM z1_&OOotDm?4H``k0&R}p{ywom6$Yc#8UuIR7=XwgIsLe-k*R&dfE5uL5Z@^aM6@|MzN}FsLvJaV5n4s(3tmwv>*cH7UF$SsZct9bGTs3uf0ZfWx z-Ad&UIHZ+JIZ=$ls=n)N)na>j!-v$e4u&Y$LG%D=4#u{|rW=gnArluy~y z6nr~@D0_gfcaDgHCVWn_@CZr`B-RvNKb%8OMotJQZW=v7Hg2vCuT0ai5C1w_Yyu+< zVoANU6G^>s3AwYjhme^ZnnG&Nk3WAYvuoJhI5*dEHuKP_S%w)@S+uH$y6gveBhQ#> zlLZQC2_-=}3~b-z0@g0D())w-kuu{KSxjL06q^`ijR9B>P4(M8VdgiqCT6!>4fxK& zl1SX25VBx=f64YQ5bPX;l|-peiMK3_UoD>DRW7NQl7ioSpshtGY>31N~pt(%M&=CrP#Av>YNe9Y`+E* z-c1V>@C#rbA0mD^Di8cnwr~K!Y<2UOjh{fA?5>1GiLQpU2|#}Fm+w}K5NGkC;2XC~ z1w8vunj6)+$j^C=rZPeQOxS3}A^=Z-p!c2-!#J*sTdv2SB{N1l9WR8~2Yh{?Z@tMbmPg3||HivII=pZWMp+CoZcOj)le8}5hTz>SqDOgEUtUYs zNymanarFcq;N@7NB(~%%p${ysH~uOe=lNYi{(t;E1y2f(YLMy^Rrjpj)59}p2?O-Ia}L0 zYn&RGIQ){ArzfFPQH+Fstk|w|-fT=vku=kovf{)O#wDvkKCau;f5Uv#?j|8oc(L)U zGY4q!^?lreYG8{>00Ch?+2ED;^sJ}UK5$*I zjpXZx#!A46S0}KOTjiDFm9H&D+Ru7APBTm_qcKVOm!7nvrTC@pC&4-IiNjr=zFe&t z(obw}znT6HkrycCK5+PPL#(;RtkZOy%Cj^8ynOUM4Y$!_f9>r(tCoJP@QP$!a{rfN zdjn3sg=Suhdhb`{4az|LWWXn}W5ubq-foVz>eEqa3agbO##a5uL2B>ice`HZi?K<}XIO;K=3{cwqT z<_X1eqJ|KQ*6oq7prA78Zja#aC)glFh+*9#tmjhn&tW28vbfu0K{ zC)3oT9p)(QXSrApwme4DfDEY_#Lpxg@)vO6D2waqJo|Cux~E>&?L;pJ$^E-=3nzDvfA|0P+;M zV>FDUjoUS>TEUFzfa};pCcufZ!-QU{DJL7rENYvKz=k?GKUTqzen|3&O zQ1Bxvk3T<;h$Cz`Vou*CKb&}dSdB~!RcPzOqOzRR6hiww`Xap=9*D?18-Y;RvbI2l z!aLU8`#7|x6D`&+z-1H{gTkOER+!6E$n(dlG;#uQA*D* zhnXk9RzMNuqrEyUkXoB3^W+|;RaD!rTKmW$Vev*^6AWV#;)RtnZ>}x0L(|fwJa-5u10QWaDC<#cf_;j$|EM} zeUYt>wi=hWMZQj_k3mXysLJMczLN0w)Az0E?u2pt=(+{k)8Y8enSDeS$!W1J^-#sy zaU~79h-JsdW7&`b?&zuA!y_XSGQ`n8|MV?A2)-J%{qg2emrh1T#t*AwI)>1RCc{{1 z87j5dnTCVT)uq#o+q(t^E1l|1_9PsInjlUT3on^9)>-3+SE~cT)@Lle_rOONDg`ML zVFLH_t2f!V{mYd3kA;4ErOWFLT<6TP|9tz_w-lPX%xv#G(0|T#&OilYvWT{tRiZTW z@nJ#K9(G61J=WgG$LY=;eO7Ljw_RZL-yD4vpxexKK1glXt|w`OgL#UL%0H|`bndy` z`RVUM)4KB>G@pFl6f4JIP`-WZ{XSwzA(Mx?cw`3Nim8IDq2hYDD}3)<4GzXv1o$+A zUqe^G`n&RUzrN2>)&*q}x`f5@taYS;5-AQ3 z96QnRN4%5cdh(>-XUzv6_;YWtn%Uv%BnWT$zZvw=nPTVRJ>#3I;=#<&|beR4xCT$N1?hN#|w+43?NSO zLD!0ghzB(wZX_XyEaC{nVED{_0RE)7I*)I-f01bY0);RvlJiJye zaK8a4to{J%%CiBtNEt^V<{8vi*C}FVqEt?i1bRf0g2a42q4uL;;-K%aM;?EPB>(g% zt|Y+mK6Wj{@)mvV&L=UMB~E;m%cj129p{C=u>ce?H(@HLWC}gvs02mK7_=s&I{>fH z1fS1SIVB7e@JLF1&GRB}i$eSf8#AQJ(3rD5nAbX!u$ROL>uY1IB zpLf8To?%$&#J1^Xi{OI3x{LGYpqmnoz~AH{v+bep^cb?+x2wsx4$4ALix{dNks+Q< zLgpjW01M0qEp#H)h!lmvqr1dO{mI0ya75r@c!}E4W;bo48sqj=>6V7m28u?8KK36Z zrIPY-ohIg<_R{4Aiy~CcOMoCH4R9uY09;AgKx&q@<%)w!Tm>Cv{57{o;L?S)AQyYU zo>%Z5>{wtzeHg3k>p}z*(glByU4B4QSU&#d5c;=$udz^8wH5q$R+9kqOC~|bbFx!$ z_`6S{aF~8#moRD8qV7<90=ywt6V;L}oUq~)a$k_YoCZt0f|3Z;ZlH=W%9hEX}^I<5s22bNOS|?cVArg3jBP^erh7?4q4N+TPGfOXc2apbJ2o04d6K z80Z!-1sws(22D;CprTw0$Pk83SV~BWk*r+x2)Iz3tJ$`Y>{Xm73FETu(;iMd`}Q z-*S~D-v5xUAp7azQ)z9nd^7#;tXYSoPP2`bc$iAyRx`~ufiPRylldt5C@0VXfDY3c z(pqrW38wU?bSHaWDyNK3{~$a#JRlj~d)6A!nm6IoC4nF{#@{8jlAlHgo^@Rp9soVz zX^{WmW@p9WMaosfx;^+wZLd6ub!cYk1idK=G{`_-bxB|K1^6!+{HF^^N@@{xdhcG0 zd&?%+k`3g0CpT~>7t7k*T+Kj1p{SJG=R=Sh{U7(M{=5Dg<5cc{fd3#+{-s$DDs z{T#Su&-b+J5b`^#4+|@bz)mZ2i`J@3ggFbsy zM1uc5`lI)*^!5~aBWQJtHLjV}fss?YY`JC{+9eIYbZDW@Gdk}99rlWp6V!p$MKBUC z0BZmxe@Q2T?i2tm0I|@eE}G8g|LOMz2D~CFI~NG!ml77oC3ftXu?CV>_>1^g{Zz!~F{*B{P4 z9e*pyflzHbjrCA(Ia>dKcxj;Wg4c(@!c{5lide8}e;|N4eHO^gaskFMVgQZ?vU(4+ zCIQx$_)9$V`AzD|c4UvdylI{8$6bkfazo{BJRJ7!0j^=5jfGGcTW2EbY~ob!YR$I- zRNl0Yu2zVtCaZ+iy)=mgwKQw1@MoaWB5;dPqk_M62q-FKBOC!Lwm%}_HIi3h|DZ+? zxBJV%=hYpHN2-53>oPu*a$nNqjfQY^&@-S>e^_aA?Th1!yafI5l2F;rhoi^Q zxx(ZE+ccQxwa6MvNwKly$<9?`yc_*;_q2m6->Hy1|f!Fs(j41QwawWrD z2g7h}wH9s`s?`uXYdC+^*e3*FAxLPYH3P~O-GQ;oH$iMFZlpEjm%{5KCprNQcV%Da zUY1jMiu2}w42*cKIsy~TG;SqAxLqwySfuulA}QOJYk6LHX@7ZJT;%t`}w|{XP2r;yrSlQc9jUeZ9+o~lf?(vF8Sya4ELVGPwcCJ@M zo&GKs6;GZ;x0}>CYS(}Nh>8aR7>P!@UJ?9Ht%xM}ArNDE9Jy%)^i4*Dl1~OVa1<6# zv~N@nprhspbRQpA9N6tOhVC!`AJ>Tp2}#R@Osv0*qZb@}CE&?5CEh5u=XsQ2pWmFT z`%-(Z<19(yYq}}FVuj^k_Q01hIixr+tbk#gq|K1EhQoVmq=uxeyht%}V`2uXWkTz; zzYIms+isis+s0(MpbrCJu*ltaq)FOstmd=C(BmCO>4KV`dR&pxitCO>H8}6Z*-J8^ zrxvG^4g5zHa@qSYns;ru-FDJyTIJ4@Rd(l+1G)_@!hm7#o=Arx^h{>I24r+i@A=X0 z>tZHrGoe*bl)3fSFQ6WPw4ZGl{=~&(L7up1-fzynIAhLf!ZXsVkRy61*k^Wen!Vx* zfl}IMREU`qI~1IUJPkNRE_(a*^jCmwORQqN^t?!J7bi`OwoUhrX4NBr%vBsribY_e zuyUTD8Vv_;cIikUb`)uq5zpA0M$zZ~`9f zC;%)B(_oZqEUfQid2D zp3mir0i#I*H+0!|o&=|b@ovf3`uh68k&%&B=p4`Oa~vloCPr-&bhUI(m4jXy5E@

*iQ>XQN zUZMEE_7lPMwJtejyCJP#xIU!OQt3UIBrLoqa6X7iEzN*HtjX{UV(e z*k)^fe*QG&dTnLpi8MuB zg}zbgd1FfB{9Vd|>doP0tAeGjIu&X0e~SDCAW?9oY)hZw|26QJ?s90*zRw3?hk5xlv2m@ox77KQ`a%$-~1_e;$$GV77WMU3Pesbq4>Y}ppsLPjk zViosh4|b!7G7GFtP$c`W2;p-t$NT$l9An)Bq7RslXFoocfW>#zq!;rrOfoFf@}hk% znC?&F)VJ|lnMG%H9hQ^gcaSLMN7J?f3H=hEurjRFv@1u^P#g$XG%V~Rq?*_!?p4;95YVG_Cl-XAlh*xsTe=@6i3 zLSMb}Dd2j~>UsWr6d1G)#r(|7g@Rh3FsU^G0dFHF=N6FY%1cC$!ORp%%nE-+6QKnfyL9koE>A}7{ z{1|OI>XD3f&!F`I(vtqAIy=G8{`><=CHHN)aM%cSaenUNhbjHKu}6$&iIMj%io-bE zMnH2H!jfovF3nALL!rN0gplXSw|Vntp7NVf8WN6*RX}~WSSOj$m8$1;=JxD*>X}Pt z{Ys?2)pShjh-qZBWV|bGFOm%zNArX6!QmY+56nzW9;?m87#liw%@aufI^?RYc? zCeag}C`|SbJ96nkNlwlgA&KgrM`SK{mjD34^wP`hkU-3VI@9Han(o<9gG3 zcBAFpQdy}fBP%2-xINM`f};ErP%u!~$!t-exz3<{xJfDP%v-@lF3 z^uJnh=S_OpQ7BtcMG3~eco;#ky%t;YS>HZRN4@h>g0P}MsbA&ce)p#iO6|2=_E2B= zq`n3jjd(97cMc)75OU^ zX66T?>DrV;-)cgN65(!7TRig2m)XV?v{Bq?ESsGYsb2>s{rngCqrSb8%Azuuy+J5l z9znyX#|3>**G4Rap%YfD?DY-`QWVnrLIxGNO(S0$_vrnLc-BkAG{j-ytJ}>W4S9>I z14{+U8wGRwy#U_1Pm+yJXHQ#zdAE+>ZvWc;Rr_a&vR7ns#SD`*j{S4A>Yp-Uha<`B z_hA(uI>Nlv$S0aBI3pkKNEZdsbHZ9}M|+fKiRVM7@9N5pG<6d}=W8~JdSA>$h@IJ1 zFAC5SEsdkw88CMcz7I5=2_}0A+~O@ob)9vVg1WJ!RSM>5m@7FHg;HF`UFlO=6O=O% zh`eG?vZ#wnw#&cPLRuE$-EXV7Rb zX_pWsd!93tD+*eMELaNDY|7rC$RYl9{3&|{l9Ax;>}lNG4VO(dB|Xwi2AuEO??@C#n>yd=9)GrY z8Ufcu<2O&@@3_dAw>zyJ2ZQpc?iKTd+~0vG`SWEZJgWKLk!8}AsRShr{*nak{QDW& z`3lFFuDUXocDPa0jmv;ai2PKVzbyca-b+1bI<0w_k4fSnS`}Q;lPUDpboub%=|<`A zAd)U0r#3q_=_vWrgl9>Tr%3zbvjOC^{=0_+9PX2S<-EQML+Jw9d(dSr?^ zqC)vFWI4xLB9fr_1)de2s?{W%Qm#3&!i-eyer!6Q%zfcG9dZXK}d4@9Q3RB zM>c3gtpV?%Mdm7^gmonya*9qJ0a;xj(~VksF=~u7m9-MGTs}&2Z!RyHW&7g~ z=eO^fMF9)#H=b{kZ(SfiC=iprTZDzj{~947e9n1+YX)>rmiBL|A}+tqwEE#;kb6q`%lZ(}h^Q#%|!LG`xWgf|AEwPvQ zmxns00dVYF%$WQAhqW6GThWxo#VN>szB~wWSNrKhZ~EDqSjs%HJLT6>&aq>i*~a^~N=cW+u<5Nnq6dW%|_MCXsi#nKVq9Mf{F zHC&Yub<*tTD>wT4bMy`q=FNTIn@d$_*33fghCAulB5mcN68-`+W>8aamCp{AQ}YS~ zoC%{()0%>r$N*b2axJtVRJc$Bs zeOWh86obL&TR;FEJ9l+D946^YG|^b$?nyFkgKyk{$(OqIt%0!FFJbT&C8zz!>!%n@0@> zeqR#v?y+W;C|m!E=PK!&`PIiBa&_a!#^^=n<|1t}UuugsLMQV3A%HcCwYH`&4^y9b zH4R20fKl)IE=oW&!}wCLUDu}E@YG@>JXWRd)$+q%-%XY11=Y72pPDw$1+<^62Z&8f zsZgv!1!aATv84g1bh71(ft%sDhgVhS%nxUJhvQb7gRPO@$8`3g=B5>XM2{t4UpRA= zulaBXs2&C*cTah(cPHB+mEoVu8V3cx73OCS?P9-@+th^6wMLdRhD|XgN~^>!@6O_o z@dCS}2lt#at<#}R&>n##W)TS!(lmmvy(YL@d8Ny9B82%QV6`tS;Ma&lde!&JUAqDt z-@Z3%co-3>TW}4eSEJRHFFIA!lO?BL^|T&)euF`wOx;qZB@3|+cG3b+bKPTFpm;S& zxcK`#@m%#d1fwY}L7TfZT5?;g$pBESK&9J+5-i?J&)i)ZF4jD+0Aa*{nO+chBKCZc z4y2WgEjk~bw`o$*%lo6C`+$=GBQ7A2G|;$tJAl;H2Wm)hmlqo9m&YH63ygg30XJcZ zY(dn~(_G}3a6bu5kIB|q7)N7JX$m>+QnNuDWB&5M$Ow}0^$5Bgj79^x+c^Sv@XXG^bOv^iWGsaN=^zpB6G z`tj#4ER5*#fr+RX8se~s{?(+5E5oVg?&+noohG+Vx>uQ&S}|}Y9~JY34yoo+Dw~U@ zDVf03MysrTA^LoUdh*Xi#;_BgC>Z))fTG@Bs~;c2fb?%<5*Qy1UYLz>M-mw*p%lHCKuhVqdwk`RbA+j04vHLWs8+66s<9nH%pUkXDq)%1rr^ zjFo*SEnXT;(H0MKwKfL9=#-JEfs|%?blRLluAB>K5$dj_bHOL!PiC&0GWq_ho~Py1s;^~GyIqo(IBQF`%6egsbAE>JfVTDPK=paE zvs~0a*)y;qTV8huSHk(}qCZyBOkAqDna_=jz7v5|HJ@+z_O;{wYZRHtT(_pDSX$*y z_=PMLbgHZr^_X;jA^?YdQH8vlANeW0@<)|99^eBQjLD7F;ze{0V0yaq=@Vg~sdP$= zB3KM84$f!+(V~dS)ug^nSM)s6FBriI@Y2SkEt50fcZdj&x$RT4@ zmvWn!?^ke{W4>dq-f!2Zh7XOon@~3ovFYit8CCa39F6daScwYAkT ztt&rreQJGZ*ts?E^NtPj$M@`g?fDJOo@@8B^n2S>wj?Y=CQ4_58T(Sv8`G?-Db1Ue z%QgA=VBegLW}n_a2T91LFE1HBUn3U5#Kf%F0%IEA&$++Ez-D?RI}Yu!(44c=uWCK zYxSGmKfn4Iq*5x7xiO=+0RSa`@d6~^NKN$Fo?+QwyGF0MZ)41jO5AhG_^-D0oJ^P6 z&tF1}UBkH>9oukN_Zk42C9hyMqO9tBCY5HD7yC!7*Bh*;9Vx>y!eEhk+{(_`Us`gK zu~}p@xm0yvcr__0y;;#KzC)_>KZ5f+n@VR;^@@aknvJb!)6MWF0bHk@AKz-g<^)jwhYP;7gg4G&w5tw zdt?znmcpL|6hP10?$>kx@f}VZwgB}zJ~5hgOIULp;YH9i-=X8>OJ~#N@Y(|FG@1!u zCg`pnYH&-?#Uhlg%CRAh)oyDkmcBzh$bb@+4U~*`*X79)e&0{XE9$_vQ+v7eJ`}2V zil%RFuKVeIW5sS#-9rSZlxM`tm&Io680J54_z7%CyV`_@~cGuFVsym5WWK6QAdW$qTAeM%1+lF@ff{7+Cyuv6CU+Ym%o5 zWK=iyG_Jp@Heo1z|LFH^B0uP=Lnd_(px>!P$XLWf$l&>@t)4&)%gN2l3q=7}GJiM;6C0;jz5j^!Kj}Y{Wz%4&wERqcHL0AL-(PU$ z=Nom%D1j{9Xgd7`sn5r+XQ;v7Jldtv7ulyre=p$d5c-twM35d_#WXmTbX(V@d)e*Z^Tk!X zQx6>o=t8hdJYqt~qotz>ICWt9xTU-`&fWC7uQRSckR@hr1#{Ubq?Y6kxV-IVYqz$L zmViZO9%s!ki-*!{&Snae2q1an?dUgr3&M4X7X&KKdc>JXA zs>eJ7wOqWT1DNr=8A}ndgBE{i#M3wM>^)=mc9DLuRcEcR5NCm2OoCYZ0N|IYn7#CV zsf|A;!*@JuZhgwiuW_MfWuaplm{<3IHoPBn!L?lmD=ro;z$|8+b1S=nn6AE9-Bn-~ zd$-f^L)wvPi81HSS~|nMw4aRG>`Il1fGTuKL%cGOjP!Zg;DCIUUoY4x1GLQX-XyIZ zFOO||_@_t>LFAKfb$kA}CV12(K#-K+$h;&Af{*`c0zQ}Yd`;LO_g`h;HPFvxj_Iz> z#bVuqx^$WwC~0Y=wox8|&VD;M8EmvUG#NN-LF?28m(s6Jt)YAW2i|yk+&e%?-+CP|SvI19SRYgI6;iIKD-Y z(E;2eHnX2Uh2%);TIBE}OvY^K{Lt9k{Nt5o_{zRJYUv={XMc^5-f&tD`PvYxovzDD zPR%eX(k=iUkzJ0WjZ0+3I!8FLX)S*^_N9H_uzgb4i(+dHosJmokMe8+HM9 zOmE-KMnsB5fd6bQC|!7=haC2>Ir(&yIAKXu2z_bSnaMkROl!E<+@v-lz|;>;J6>wl zoVhT9s9s+Cj>7ZCdP`EKUzVQoY_9nHPL}QqAimgbG0>EoXf{$MDwTg&xvUR_FOmn?_`da)0z=uD z+kNwNf5CJV#`Gj#_f#C)gxKQz)S9n$=`R?u+C$^yTrKePzh$(YR4%dJSfthAFpTcX zX5vbZs&&G}WvgIdmOH1#mR+HLd&kyf4|cm9v`?oRD_7rnD>QAkrP@}u`AG%1p2ppY z#pcy|4j~M4nN0+>≶C6y~*w;qCg&nU8XOUL z>gwt$7UyYwH&r%~mP^l{d;gG28Mc_Qdnm-l!Z~rB*q^Pp@=P?P}}9C;vcLaO?{(P8XL6kqzb(!}JV~ zGZzMo^!j0oX3X_qJC~tVmr|1^tM#A&!d2jR12PbM{(z5f5v5~y!+#7+DA!XgUb9No z-4@vRxNo?AGp{qVADF??B|iS^owNb4v$1N$CdR7hJ$v9vKuBxX>WcPxzTst?QJ~!c zw05y?=tYdV|3U}8q^~d^EjxF^3i7*doquo|rrP+81K3;iMNnAI&DiY6wMhlHFHpXp zV6Oj(nEy#J`IctQtXf`!RIy%fZMZIZ@EH^%z%a*AN=vy$l0D~wRxd*R4cL9md*C~- zZa_(*ic1kFQ%abvq2@~G{NambU$*dnIw|ojS9)-2%)arviPfg-Y%b%Xtw6UjuO=*&!n~zm!pyTkDCcQiNIxqm8 zV&3uUHKghgO&`dE@1UyhRrU`sT?NR|{e0dJzz z-=|wJfzR{9kwMxrpH4pQ<~x;LVnB|QX-JCk>F9<_99#$ z8(QO({ebUURI7VqWFn;LrohHpep}<_C;OhvJoYB$0FJcva09a%p6(77Qg;PMCeHjq zDoRgjJvd-ywV)Mdud=s^|)urr02|CAQkO01dGKl zwX6bx7S?Nv_ri{t(O#*;=voc^jrW>>7eDg~WB3NgA7P?AvTf zxg{`K%kY)DPY<(ad5HomidX#1Oc0v2UK3|ggbhIR8%V7Uf?$4=*JeWs+;dr_F{pqB zBO7Kf;l#T?wg+0*U2!S#ju?7|f~BD{6P0A=9MSlW8D|e07oY7e1g^2m`4=HGNBC4X zR$8ANDyU1knx$W$7<5a^{e;T$;oiW7_4G;P>QdeJW&G-=Y4|skL-Kq{Ju@2~v@8R> zCMogIm$hEi$A<&FeSImbL=_9_`0}izcUN;}(PHL`5EMlMYzKzyS8A?K(SIo_Erc3@ zdMgU>M33pIkk`_@XiclLrIMlgD`q5g(`rjOZtI-cYj0GH(%f##2VZ)??noT7EB?xi zRhhc4Db4+3F)Co+=ZcrkJWN^<({b(Ryo}0{0hNF<@^AQA)<&IsAJbpm>=mkcN73{OhBsxJgd=M0$IP&M>lc)5#4j15_xFtB#FSDGDQ zr#$7m*-RSKthLZHvG9En6Et6zM6xHOW&!fQ;Tj||_}9acNksLBn$Md8Q3033UqI35 z;AJCBalnF$H6we{W7Ql;F+1|%WB~gC{!ZAUk{)KGlzC#MCst+d`h*V+xILiM(0%^% zrIQL27x#_nAgG&g_MDv!aAuCckGKht|NYjcN?#~2d7P9hqY|8a{^ab5F5ruSnugfq z(%Ytr&E7RBO}2iP9wRrVn;Q49$iC0;n-GGHLin-<(bT9^!*{vznW$!sD;1ybrZw%2 zy28Eqh+%DQLKGX!6a!_6i+!B%vpD|=bmmD*-}XI-aPgSDYQGqQDh-_$$WjvPrAG>) zr3Vn-?sNTF35)+`KDCMSWu#;PRW?=taZ%?setdP$aPv~JLHZdOT{XYS+OEov zzJwyt$bh%8j&y+eI0!-$jcjruAOn!IU}p^?sW~ceV)b3Xlw4T5zwLz(VQ}pDzVFNc zA0Nb}Xp7nc^q9Ar;8VcWdpe{!;zBD2WkP^;!CRP3c)6JNcYmFS=&jkfz%~D8FMqDos(dBX$mq0(JzPY2f4d@TPkSy%p06u3+Wr?oj1@ni&2kFw zf~>LmHk#4U1YZsU`C<32d1`G4%AimU@Rl&or6-xMsIFSgp@=n>ak-h zxV8ACYP~P#XXtlDq_=K>9T>nOW{ZLjKGg|1Stj3eNEUW;-Iq3(abpqC`~D2OSFIV2+mES(%@ z$GL=)=N^PNxx;2&{eUXE23#pWRL!3oN{%7oyH1D8PeS+wQ~v;&)UNgZrFX{bvVu>S z2kiH2#k#QFK%s*wBrFhhv}FxYzq(OlcPmr=5cx@gDQM_pNnsuHKG)H+bBMFWAeCD9 z;ynMPGnX7>#l5Z6-k07~s&|fD93E`g7YWlKJ^cq(LHaqkk4HM`k2iXXQ^(H6meXBU z2kJmS*l&Uk&X9rteW+|pe$DuJixTghdHA9yM=!~kG|_v1c0F4x@G237cFQSfOPmP# z1se!|NacXfg4I;!P(OYMq9${T?=z81$7bYEzyrD=+oKc!VKaWTClqT3N!|G6KWxzl8 zmMRt1$X zmZ0*KVHeu>pxEZG2uYXA;x_}o!`Tz(ZtqVDlBhUkl(e0#wleZy)=JND*`5j2%DgdA z6-|SRAN8yz%?qc!Uw_u>X-rDzM9DBw=ouVl;Wyf=qmJcm9YnvECcKJ(qyQ zy+2cN$lzJthrgg$8pFS#ST#`kn#I=QpWs$zO2w3h*k2NllVXO?u?i-t=sxp0;hM(t zH{MF2jnzc@Nh;WzjpeF3WK|ZRnOx_}WcAvU*jHo|R`d+fz0de@jMcpy~yYBHSysuffuW)&o0 z{VNBB+&){}yot~-bo(M?@0(bv0)Q`HH^^xGUj?uifji9Ed4oTP77-LK09>KIz${3L zdsd9YYCa_dSMn4)MrqhrY;O=%(0Ozs#LeGcG9ar}ruO&K|K5Mr_P_r=B^)OVt2cr4 z!nIXJkoVg3rMF4U$E1}o`BDhlHJaBTrMVIw0P0B}0DPsiOfmm)$KOSu08aO@3#0`{ z77%ZRZ-5g4-1&@*k@XbrcO7XiKuC7!SX!o61tKoMpe6t|Q;VZ?5Wi6wpc?`zLctZz zRe@4Y2uBGjDZTwb>F8g-tc^hjkXFxNdO&_pg!lM~`?NFQCSTszyLVruV;^KAgStyZ z3BZ#g-a!{X&_({y2XL4WssJDpQ@25$J0Yy)yD+#Ts2v65rLy_e`4jk1Sl4eL{r%hj zInr|m+}nSO^wjq8_O1w|UWfqCbUIA!nxx4pgp>qGMQB2Y#YeW>OCN^HaH7ShaBsV8 z?ZHD&DmJDO$8s!U*y(-8L0RknjAV_0(4D7*;)M+y9P;bx>oYBAV>7OL5Z1_un5MV%M})FW#9Z-8Zw;IBxs z<+2q8$p3ZCC+D~hO0#;ZypSw@;-wdn&gHs``=CEebdl&plO_Hx6-U^m3A5ht$B4JL zC}PLX7To@ra)^(br_Q=v;rU@bGy*D)`RDqJzl+bh3ov`l-L)^3rKodhArx#7t7sz8v#kU4OQg;Gr=nxC8Mk=M8X4#Y$Y z9D)7}9@|Xc+&+}}`P16=p(7&ycYbzLyjfV6(=hGP;lpZIwGL=rb>s~_>?_A_n`WB z=Z2m~A6DzukYn3rm^RdL?RMB7JF-Ns^-Uf8OWlT74qF%`dvoo`xyEGoA&FKrAHC)XoW9~ zX58aq6c21?)BN#59Rrf99BRwD4Edeaj#2R3hEed*mQm0ZB|H>6sxTBA37(~+OYJFF4zRQ)4-AZRHEqC129XWVc*F%kAUnw2thcnYGynkjgT>>W^mUtnojvV5b zU3pGEM;v3EFJ~?SnQGzzaIQ zeT+Mn%4s-Fil~mfxw2O~EKeBk`T>`O$Uj32et?tBqF*m)y0IJ6hB!x#@pLyTRCz(o zIZtHlnQtS=f(O4f6x$Cv0P2J^9U6C$z-8iX)iXxZB}lcgL88|qEU8HP9i;@JS9nnO z$%2gQedSlqv^?sGP)Y{wsXFMn3+^0lB?W3i1IUhYLnSXTHS=us* zaX@L=ByTw`oPHgtWx!S|aECK3@zLQp%QA_9zp((=9V|l~xQL3AcO;bmOgWUZY5=E+9PG<9Gci+<8Uk;S}E*R0HBCjDeci34Z zFeYQFs z)~bh3et>}a0k)mk5G!4DE@G+<)u{OY;?p zif319j4cos3(s4)Jc-jDH<#cvyt# z^`(YZ{F3xpbU2fDK;o{h+*9d0y(m!~iBq}Wi_@EuF zuQ&*^%uYIRAl10Zf#;~`Yve7c7wo}H_^Z0ws4r*a;G=Iax`=g_yM`Qj4iVzsRGu3tYI^<&I$ zZ9;{)i8L_dIDI;Mt%bFQb6X4lFD+XC`x^JJ)?Kg!+8#fzNqlse_tfrO*&PSI)$LL< zB5L!NXlXjBIV!OL1!cMFryv-rA5X>=v78E)F7_GX*AwwK)H+_G#qv`nreF4yEPvg} zek?8ps3RNqsXMN43BkNjEV~>+-*J;md5c~9_N(S zJANQjCn;C9IQknwR+m#v^P9d=O{R|IACo$4JN1p!UsdHH6b=tf-*<&2CALIX>$^C`^V~v6GSkP~>m3A{IdHG_#Atmi3hc7P{ zB>ZUtk%0kLT6qyg0(PK_M4$--e9i;!d;X_m9;T{y&u8S1RW!wDy8jq!zbQ(nw@1tu z%9c@@->p>Ak5P;AnITE}uaV#3MRck8o7ce2!p?vj25M?~X1;Cf1C9xF{yJFKa$8Lq zp|aEYPD-*_{wFP2IO6n`e2OlgSlA^V=EuWQi8|CX5*{RT%*{aXdbEyXU4OH_psd0P zm|RsJG~@C9YfI*Uicw->vNnQM6DXzT-MdHhGOrvP2(~<*GUXaBRMT@dAtAwopvc2! zDGRhTGx_@5IO2KnBOdM}KZy|n=fEOMrjWGr&}^uae|@6+eb z>5i=FrsV=EL9UKgF|gKNy1)7CnfRH}YIjyk6EEl5L;U?oQQF|rrI5{PaO+!Lj4z-g zS8)S7=JZxL8I84pwjv$2&vNeXAKe}NI{8jszE@T3vu6cLkj@^JOT!8(H#WLXS2_=J z6c$QUMFTT9QT(s=0JivGdpqoItWfBy$_U}pr?rH)+rkw+J-0a_GgjdgotyiUPZK=b z^$)F}(d-htPA*MdUAA?aoUZ!DuOIg2l{$8k))`&Yt;!{Avtwr_wl zP0l6KzMB`xvlo#PcIqG3un(1Fkb1_^kP;H@*CxQ7JllS} zKeXWP){7p2z7`u$f0W&UJb;UBUmgtjf452y)dd`mEBntw&Oy*$4Ha6}SM~ZRf9`o# zI|tkb1DowDI z0QwRW0!cH6SOPUiR)#=nJEDcXTXP2(?z&G7^X57Mu;_&8qUk5KSzJ+QqNuFyzR*Wb z$AKT=r;ud%zVP+yosUAX=IjYhHK#)NhReWUnTZ@F9S2z+VdozuUeMi@hE?}dm|y?V zn~L4>e)jRZ=Tbf!yLQ;)LFCBn#G)YSd~xi zPS6rC2a^lXw0OwC?W&{P-2W%&w(0L99Ks@D{|{Sl9uIZ+y$=s6iKvjBC`pQJ6=EtW zWQmIGA^Vb_r{NtV}W?KG~oF8{!L5A3E95>uFB_0o(u$2`Ei29iM+Ni4~8KEXoe(s z)61mQtW@*PslEjKqYJhOV;rA(G;~VxXh1hE6D?6}Rf7)=iYErv$6c>OXvIzw-J|(y zkc=0St*ixkB`6-M-XMD=!~gr!{>Pe=fe`@x>h+H&*IInno)9h0py{A{nOAdTp z5i7=YcrlpNKhYI2p==?hYPr&V&X%0keT6sP8}xnAxI6S)Tmw zTfgHN^WuKqBM0A)eyIsxNvS6B#HpLyPCoNjf?ows8bPdn0S0bA8`TWS+)<4U$~iu#4L)z6iEM%%r()u9B7GvISDuX2G|{kT(zO0M0Xv-k+&^0+VK9^% zpMEOCX48C>#(~N*)|N8l(~XAW?W=sL(mLWM(wsGyiz7>ZpHq(%$_VJbW6b(=Mm+G+ z#fxqClSd*yeWJYdxM}w9%-?7OihIJtVI3Ph0Tqv-&nKApib*q^c3!fW(J|YXU{l zz=dAy(B|e#J+eq4X2)q%a7L=*R8s?tVicB0hek zY@+ zB{yZHq(CsE1+Ab-?k}sM>kEsEKlAfdl(dwU&y|#xIt?hW7;nuqvx>bt3oab}F0ec5 z5;L=~VrPsgAD`yG`JntO@!?t)WAX4V=#yo9xU+b$)yhx|+J>&9Dn)X;he|Ef7Zw&~ z*7Azlvo+Gbe*b=HWO19H|AmH5XJo^Li{HcmOQWfbd94f?g-*dbSNCqc6x|9KH!0ML2)Q)CkVGBJP8E1}ekzYtGP0l2EOyeTr@qhy<+nHM3~ zBzmPG=&s=z$LoTfk(w>9b!K~k8?<^j zE&dNbb%2a0v=Mc>6ax++Fg`gxd{gDf`#Cf;t^WS`!F(NYmDoEJi~?%Ezw*kb*5A+0 zb_w(?c9$b<9sY0VRICRz)`~0R*0=KgqR5#noNAMCl;#rM{=^6}75tN0@XJ%uZEjEA(fda{5XKW{)kq1u^Q?WJDaNkkr?5HjK< zd9?clXwEVICvZ>}GyMfio!SHEJW$np;aYx&Fct$3m3=#SYBXQRKZH>rRlCSAR@C(A z@QyCFh| zFKX?mDwhF}ZC`*B?D`T-7${$n^aT}uPa?Qw9l@bUPl@kt-`qe|GT^7ZMZES_K7gZa zo|>_JPn#z1j-sM~|dX^e(#r_)g5?4WXQsC=P*iXWM#KmaF>RWmh zbW~^Pnm~W%VmRsK)AF-!(C$Fgb?p@$>m5kEwX_m2DkIeGWD}fFF zqYBy;iT63xu1Sq>W*a6PANz!H$y~0kuKv^A9ct-ztFyaX-rimq99SNDe0==LTrXzT z@{RBAAs`0keNK#tV`O5HyzNX*8FoYfk46Jg>g@Yum`GgBLbL<*277UxhnU@j#Dkqb zS1)#pXFO5xG)s4j1$g2V8C2e&2cXBhPJ7F3eeA>0W-S9yTz^tDtn2FRY=)j}GwflI zB7B}fR;j6ccZ))S&HIu6w6eJyY%fruzckr zJN(I$;R8o)b-q+q;3+zl*3_3YU%c>BioDK0j5|m*9{Xh+d(VNJZ1*gpwO_SJ9PX$- zdD1-J5d`pb*Xj%Sco2}en1Gkr5^R3~tWU>rmrh8#@KrK%$i$WZ2@h_ZkxKGXL^{}f zLK=FXmy(jYaqHHr_@P*)%a{2C1gMMZ_u~gSRT&+nJ?nrkJsm;5|F8kq^YjKA2?Vej z=fJTYTJZz1Q=l{@R?0bZkS@4yo(P7-!>8>E-)GU>{>l5k1Q(Sg>DN|gC|+i%we77A zMVoKkLI96-i|h_Xf3LbcyiunJQ-GyV)WIS|LP2Q&W42~gfsiE7+f5FX&>b!0<6 znFJJCDJpB?ufvvl;u2Rwzq1&6P`IOgD@(S8ZtCArc{zRnE=nRt8Eu~yu4R=l*3|7! z*gVJ-=>j#P0o(H(LTo4r{w|@L(P3buLO%SP49EK}W*s&K`qh`f(<`@U2I&-=oPHY4 zne%R4Iff#p`-RwDa6KqDaGy+OkI$N^8a;YMaa|=g<(;i{6%FI{l$4Z*onvajg?k5N zgy29%2&p}@FYvD(SPfn?%n}I#V`(y&uGH18twW9)(Ff-qJz-LaztB}Ue$T9n37E8} zonuTjk~X7nyP^b@+ueZU?jwLm2lDS)e|}oB^aJgvDX==={X|4%K+3~n{gmZyK7}UL3;%i$H(K`Fk(2$#e!&n@REiy;nQEjMWyr{uU z9(ZshwaY`~26}t0OQ`5K=z(U-6SE!@8R;JZJsI0~I^X(4!EAw@1Qt8fW$yNGsaF-1 zR3GUkNW9x$4*?$Y(`~AY7e~I3$B>LezT1*)(L?IcFVA> zBo6Fc>=wL{#C2H&CcDyJqM9Ia>^dQ#66+Yc(JlYMAWr-efE2iC*!&m%s*@m&)G9D5 zb`Pp)FKPtPQ1Dyq9B(+lZH{7@*lt!N$s>*NG;;Sq=SX?s`cp-XC%XRTjOvN^!)34s zQuYWJjtE)1cR-HGU1l{kc!V9d$a?1e?GyX$|2v=bM*ZZ{h4{?%x#CPKh$iJ@{|lpH z5X$&MiWgB!@0mTDOfBu&juil^)xe?EL)Sd9*Bnb)4KjCm|6?k(lnl zk`ghjUF+F9w7p1?f61#yz_)xs2m*Ld`}obHObH6XpR@u2FG@93Tm7Ok%imwn;+21B zsZ;?^T{UJEhFpp-8|?&$Brs5jg7qms^dufq_9aTq6O+ukf0&Fmo&?sm)cxQ^zz+z_TK@=0 zHS@$#b=K$CbA2-oJ{G4ESRU&%kAgH81==<2Rc7{XMZ5~B=nZr~5ICi_KqF|)M|C$) zq7+hB_du^B9k`-#k#|fP)75=L*|V|SP<}67Edo3HU5XqZrA(ANWOU)_IPM=D0K8y zZr4b;n55;%``0_~2up(fdpc0nvkuxtcLuul^wcS$`_JX`1OnzRFm8W1;3-D>8;w=`e>D?F~cMI`0^G%&Dsre2XfUL1P>5`6PF=g0*!nzJZ^g-vewj zj=Eb}>WCJwjf$N+=o9Zd4JO%Ocl$dd1-3@^H-JCLcj7cnSw_swnXFG1Qvv&OUg+Le zK%~v(Z5Yk|`Ia_{nmF44Q=;LN@?t_Y63!j%GpAG?*b*CA)y%&Z8CmovD*%&OVTbxG zA535EzD+Cmt;p!J_~A*%{_kHHf%Jkayi+gZ8%U3dtu_w})w$Di_9R9&e?u@iazmx| z-#Y2aV1pAp`UW6GHwHY7MxiRs)P4S*X*=CIx)D7pD(JP3MMr?6CB~#PTa9}U0(DD= z5T5N=H-MtHhF`*I9Q!8_a8RJYx3CnBtHs-dUOp4u=#Djfa4gISI)LfqhBRV75b@ z)FL)l2CEslk6KByd#f)uCCf%v0c!H_nvmGrK(T;^GA${Os0IpbSX?j@rz_QK&OZbG z#W{(tbxSW?I7!A6?zZxmSEXT>-eq(6;#7@W^H<&&04|gN^gN)(quqHLWIZ0P?h?A9 zg|k=LnwKwU#b(?V)Vt%ZcJ1(A1>qC`2DGWYWF+;&2Sb_sq%a(uibrBL-~KUu&YG3l!o=@q0xo_7L;geZ^v*!l!vyRrAv30dIC=J2l{b zLF#f}B4O=Wn=RV8U)BOFNQ0XdIjui~_l{p`YJLQ+x&!NtN0S~l+3bwqkDXEJN-#Vc zG+#SMOKa16myW9O5Le{5tw6O^6esQk;yQM`)cb|AOZ|w5i!nw)g6^tMm6Vi{`cDNJ zr&Lvq9TnBpae_tsrdL8x1GQe#v6uJh6{2qIz77)=w@Xu&}%iO9X2jH1Sp@Qvl+#IHH+;zq?2JI%wsMh!W6tovP3OOI;3)1Hz=>Lr#T>@1NmmNW*hh1 z;5wR=-9?x6FR$$Dm-*MlGX9JzvH*26>)up{;2Rxw3Dw|Csi@88c~;UcQ?q?T`9;i$ zUy8gkwKkkan7FoR-wd_KYvHQS^_JcqQSB`K53+tY@e1m84@Qov8hnpzxgt{?&<(zC ze!cxrU@D!Y#4Ag(9s5PW%*;HE5)>3b7At>^|DbB7utvb&P=&uXGz@o| zf4{w6I;5eaql0~~ELdzgz^4x3-Wp5s)u&2jr=BOD4ECf!-9!Q9#T%vokTa!IekwtX_j2n<6G8q2^Y#sq*z;04O+ zYE!4x4Ee94chA?lZ?q&zIa_ls9Zx>!g$*C4no(dnh=NM^$=J(o4ggUK6Mm{4B%ps~A#3K_IP z1HTOFu20>)=ulTY=6!T>#M6YJ;znB_Kxtuc;y3LBUy*;2$jKRyvsl9W0%QU#L3^ro z2W?*x{v3=jlwciZP`^!;e`YNsW_eBkdYFU8)1Eu$IKE{p=~k_xtlTna=5SR&paXkk zp@wK@zWVGfvM*^GYi4E!#-xJ1Tcdt^*K(pvaH${8j0|UgJ#SG|UvaiQXgKx1T7Z|E z@$2`f;*(?{7&#-O`G$vEU(lufY8?(Rq7ZiDuHE1r@BKu-Zor0V93L-3Tc7d3R*2Jo zzFpl$;H}Xc&TGT9q7Iwg(J7A4?vl@4=JXxF6-$KHRQH##c${SLqzN{rl_&dDNN76(AQO?DTo%*9?{4q(w97s zudl1SeQ><%`Y6K4KtbVj@=-@A41I)bG#{yO#o+P|-6VO?{ckY;j!*Mo^SjqG=pV(>1;mF05@v(zyec@aBtdndP1!1@K ztA0IFmG^y|143G&MXhf6x#M<}@UsZ+Hh7E({%9K1aePispKy=7{CEajOsEm-Tkb1! z*I}CJ)e;qh+$&6f5JOQl?cA8tymdV(<&poaQW|562cI8fTXFb^{<7BXAji~;{ zt;hAqv^s$P27by@V>d?fv<|rt%1_7Xv;?ofVq0MsaGu6xgpL;Y;t zWsa77w|!_ivaO`gdewWskz3YlCf=r~0FN&zr5+wD5Q#OthN`ezM&5db%yI5z>r0mP z9`S-_4TT6B)ExL05eiew9wF`8RbfW+ZudG#rv`*>tb6Ew z5XuqVyz}L>u5ih?=I<_l5Dr`S<|RB_ONh%=MZ<_6YtW~OB3rffrXAY6ixf@mB1HAD zmp=QpNikMi_x0xBqIic!;@t(aZ2O^hRah@POD)M?_c{btTHq$aqQOT_5T?J8x6oPB z)Y1w9%xTt%jOJsH%6_Uw zn*(Ec8=s%*b*7ZJ#%<&BFfq5t0<2vyvZ0y4nBU)B(IC`d1yp8D9tF2f! z+;f4k0z#NcM|d+rC6ll|1!zJ$olM1TSz~1b5PaGAU;)p;YnJ@Ls-JFib!fl$6r#i` z4l)z8(#M#b1BR z+AIl+p=YBsKpL}-I(-0`zU@1|!`u%&dppO?eLK`0kFAIJVBXP2JCu70*rU@&WlA>l zc$xE3Pcbvi{;*1rwSL(xYdX~IPyNyQn4bH=j5})9F<^3`Lg{%c9u3EW{z0o*qVE)4 ziWnv`C!8|C{Blq0oxq}g1l=em(_nmo5*%4a=gyt`<$#t$wWl4BzcVp00WTtNUE;aB zBq=Pq1&|3*n2$R@#t=pWxsnlJ6~8i8oMr@!8<9Xj%)HC$Z~KcWb&etVf;2g5#w;vT z)_ebyYooykcO)2xK%aaQE$ppERD;D(*pKOvA6BS}6%j^_)PIZcYmzt&Ga3l{Y5v*4 z&HgB8bOD@Dw&L!+9M0vj)~|loG7RKK>P{y38nNIco8HoB`aHL(y559)r(I1?Ji&>0%pNZL6Nun1vo#vX z84#pSWBCOHOxHwUI`a+SIrE)*D^~j-ymV;aB_+8poS#bJTh%3Dz*wIe5?{? z3c(fGhTL?AHbz9Z$0IZU>?|oN|h=$w9l?;6IxJ6s5Ku>q>VYxqdR|43w^Nf zQNW_sNcup1Y%gL^bBY`>SSJa3fk)q-bS7;bO%EF#Ujk7Au24I_+Vfa-tVU8~rhl|R zFEpg`kVkL4+(uhp=H^~|5#S;ZI@Muo^|v#APrcmCb*>x&YhqTLbabP_Zt8O&tx+4< zx!a;E3Pz7At)?ch`)lf2-VtmCy`ZTS#+}#>&cmARhr=#qT8$E9B8amjK(bmK9Hd2% zSK)R?2ao*w_wSRWo_skEm@7Vo^@gW!3=L=Q1wR={@O`57Kbe8<2#b?w-9=H_#=!93eX(}?7Qt4|F@DMvWy)DDUX=V)XruUk!g*%_WCwsH?f6lALvCZbo&$sYnj1ibF-`gketq9MHXya#SX0oT_KVjNzJg|j|H9P&JSBRJK~gXACK zxLLh?=J@bGP(C+uME`Fi6x?m<=yqSC+!vsTIP%2?&wZCpDA?`CVBE!$)#ZqERMhl4 zwGqawmectmX#6zn$RLc(*)*wCx52)_lX9tU?|lKZQOx2RSbUgzVmrrkN8{(~7KZq45RSHi-W@y2UJJ1oprTgiS%`>zM#WckW>EyH8;7qxFQv$9M_ z*3_MpsMPcav($O=^>IoCsz&*>3*Vn_^~2?OhAXNUf9Q!~+Gf zk^zrn6;F}S0O0V}^bTose2?Oxwe`)*^%Yg4&((ak6=vqOx#+2X+|mg`!S{FlphX3% z33p~M*VQ;)Opr^3kePcyljY=Ox8y#k2Do|Ck=)mR{``6P^y!(WVXPN76iT9#BrmAh z?Qb9%u(#ph)GVTK`I`#;6nH#?MZB8PxFOw(qj*c_;L@e|Cz<2pT?V|f9=e9 z_OK13jo&=n-ki&c&T0jC5W#VrNN-rJPb3+cUN5~17T#Ey6hr0I-JJH#7HWFVY}~b5 zYFUi^P!grw;hwm@jP9jlU8lUF1&Q-rc)b8N~ z5s!|5AJ6mP(8b?&Bz%)~8i0I?Pex`dVcEkKWZP%QEfD2qw_5LLXsqUv!XE+3_Q}cS z)Qwv=TfSXY0P-&dU0uDs4evs9vFWU|%gTic2UJk%RfRj}sWwnq^OFs}7+Xz~*C__F zw6qZ(36_HV^qlwoWDgGyPLAX)k%h7Z;Bm#o#P}-0yz!fD)3V-<3yK$Af~nZp*jA=x zsSIjdwq>@J8pr|`f%(&2X;-W^WrGSH6uVDwvp*;Hlcx2)&wxQA6|~A1zf~}OgNcd(Q6k| zWn5(5mw*jB;v@kkx%m$PytbW0mS$)FsVKgrWNJl#B-k`9iT44i$2wUmmi{Tpp#TI@ z=JS>zKSd>d{pux~faWfHn`ZUF{Qt_!M{&;S0hyQ!k5xsiScM-dpT*n190Vdt48%|Y zq0cUixupe*dkhjIQnKEz|Bt|2f%@k2p#Up(piKPhf^yTy3n$C2p81SK_?Aa!_o`&G z>kUzl8Bp!ZVYd$jE+gPAe-$&f_;i=Wk@e{SA z5s2Em!qN!E&YspX7z5K`)&#kxY4#V}l`YFW{NH?tCd7aka>jtA2*=p|od#5}Y!<#e zOYzfj`C=m{7FzC|>jh}M^*Ukgjkwn&NO?q_O!>|J(uU6<{e2T?Wh=52e!_BvgoHvZ zldVCCVXTb1y}wBH-!}5?NzBB_`Q!;a{P<^q82QI8_lJsG_xP!ZOWgtxyu zM;pLZ7}hrq#exswwgw+`UV|9#pBg^Z3O?_;NHQktQ8m!7dTze~$NH|(SZ!#pP4~Z2 zX4KSG*Ui;Jc1aj3Q}AYZ^Jps=%f)@YG`MH`!luzOBW{!E%KsLm#9u3}T`EvfY%1H4 z?M}G^$~K(=<{h(T z?((sNv*ASRcDjV7QO?VKZRtvpl+!V)2>yS=YCR7glMmdInE3ZM(B`wNub(io2W)PE z%90$4OUih*Q5UYS@!pME{d>hPq|(;p&X%vKD83%bwLS}}+1xW%rg<3a*U~ZK{j0!R zPZy!Jav{D32Qu=_1f_gJjxgAyvuay&R(tlf8+RceEKbJuUIVxkvd=gCxgQ#WJ8nga zNWOtu|AKuqQrFPb<&JJh{B&a=l%LO!u`ki(A8W5|69fKJM-(#KxaA9}ABcho^mhb)Rq&y4K@&oB3_{sJ?Qf11o+ z+yj!+iZ9H0*Hz;e+*?@uR1qS2Hdh8MfIKZV`+rOUwxHH!)dc-kw5RgWbZEK1kNqwB z8OW&rGef`o7-ihC(^D12CR1Se9ov|-f34=V_pyKat<(X;XBAtl{~%l9>&~8@GKXLH ze|h27EJYsofSV!5Xdp5F&(&JZ*JASXZ=u>#58hdvAJa)7Keq=L`MnaVSEM?vP#!=! z3xrXnb`L)D0A}^Z?c3#cbvvJxW3L;XfG20{`{(oU`O0o?6$SGe$G^N$&fwD7+s6Ma zTGW0+bHhq%s4Yk6Txb%?P`T5TtU%)>iy;+x1^EMhEsJgXQ!})KgSZ^J-!K`SVc@n! zy=jKAYP@+9aC|Ilye!2@PsinDH8y{$#I!@0Q^t)Ba>sJ(VR~lzjm{93gu4!pwi((W zejlhroq92f6{7!oxrk>vSE$92s@*;>Ezge>b1ZXf@^% z%Tw4uum(b+?&Rhh!ur0rk%})PUm5Ai&<8~M1-Rv$oY%F#${o=301?u7AAb6z$OWSV zJ|$LA71hozY0bn*4>L!;xz9--#xB`avAv$J0J8leKKO^=HCDOw}ZD610b7--*wwzkxgOJZV=Oi2kI1OrDoeXub1o;u>?k zw@$}md}fG2?T*GPms9*18J6h6+koxy6E=`WxhH2b4x{|uzv_nf;14uJ_O zE4#ZgE?)Y`m1XUIhMCz|WFrgYZ;h*v3ud&uFVPHk_Y{Bk z&gEI9y@7mgv3zjDvq#PM?mI8h#ox90ytlXi2zgqgjI7nv?2%A~)Y#20E-jU8+gt;l z+>Wb1w{1nnY3|yzCmuRhN+C@1%9~`4}PtJ6OdSC1~P&8_|F$(7&=C@mxsqC09X`Ne*T=CO#?it?^v-Zi=k27 zDe@tbPUz`+uer>Gb|B)vy~k{u0&;aegmK;cH^t{H`hN@`cv>r;6Rx#oEv#P3l}3tB zI;n9&Kg2BeQA6~7wganhKekP%| z%zx2!3vDT;XYYWJKzviOaGO(l&-V+W+;*I@+SL9D>13H&^0G$RKg`mmGBizV9>H;s z9tbx|9UgvG0^eJ!oaSvg)Vs!Fw~xRjJO~a$Hg&vsyDgBq_D32See^7jWL-2{oD=T9n`I6*&4wf4!?*@HXAFHM< zUGBl%^&R0Dm-WWa77b<259bX1%s2Fp%M6hc>20mWHZ0qX23!DvOI)Rt&~2esY983S z@8qlSw3ZM4=sEBX5I`1`kAlJN*zP(G^bq>={Dt-8rO}F zHqVF*eXHL-q^Dm?eBgPB%;u{c) z2)YwF+1RFRCi^8+>+TMSfgF~qKXZONds+ada6k_hsQGxKRy`=Kw3&=;2#|!K###T!G z;DJJ?b+@%)!Jb4Zj*N^9(7+^YlT~Wxy$g1fSv6jw4X|Aib#-=ch@BQ+HOUddPrKR* zR=HbSIt90eM)-}jigQeitD)Q@y%vMFl(076P3pxt}n zL{_a)(j}l>fFxyLbo<8sSpAoc!sZus`vi{Z%p$;$RV^pyta#h=fO3Y1LlWs38ME-h zhD(vyW47;+krWU_5!&xq)|(@-+;myEC#ez=WbBd9z%46AIqklftL`|{^awJ_aYXXn z7Ddoc8EHZ6LN=Vc*)|YlN((1K~eN(F$^V9>BslJ*B{i z$s=9KpSjZ=G@ERsw%x~WH&J&QXb2p(yzT~cFSf)>BB&r_Zc?@}@#AhEhT5RgO#uW; z%SlLv#^W{vMb&cQlLq@KFSGgVEy5iCbS4%UgV_e}tW?tJ#+3}l6xacg4+`q2XN39U>xUwBIt?vk`(!+lKiK2bn2akR84{8mK=nio@9=? zp%t*Fk!oCZMV0EYB`5<0`rZ@_{aFPhMpQoTjIF>{vkRQ`q_e|pqk39fj1w5U?Ue+xikgJ{O8 zR)gu-J{q?M83S9ee_mPC6wq(1V%N6lo@Cz?x|t&ACH!@8H&Od&w;vd96YMl4WHfAo z3yN6qoi{K*$klJpb2v0%LSrBhEuXq`IwNZBCh?g#Jhs}dY9=?|FLQOQ)Sbr=<|zkK ziJF?1Hsg=QLGT*krvn&-JZ<=yCh6-Nqk0`_KvGSCMU|L2AA9WG=<)QVfV>^a9r?2| zozb_9ATK{4KBYY<1%iXOGfkmefk##4EvbBEb{Kd*BB{s-hza&LQzz1%odJ%8dkc0u z{$5)_W933T zev(7?y!LSAa!+N&`(Fb+}F0e(F;Y~0z!r~dkN76Ot>dSQ)L`UUgn zIlKh-H^+nP3Q*Pt4IaKk>l+QEkSRQrS1YdkeWul8uM;K4OKag=XJfMt%7!)LVSsCC zk!Y0}y%MV;NEFW)RJStgeb9yirFVA$+`cjpMELd#-fp(D&?JzZa$te4D9FzbFs`!Y zDy<Saan|3)t~c(2als0$^rL8YnAsE#N2Yt$qQ{6XNH4+DOl#ea+*fa})k33FE02 zL5D>GLM|`Pavl?dEpAp&cxEjN6zGigUdjIU2DOk)A2hP)Z3jjEb-Al)-WOD#`XM9F z$XVD=mW?0b0OM*P8+YmIQ##yqS3g>BzWg1gVq?1KnW2+sJ?4&>#S_`*tcW6`^Zg4) zpon;OgskZD0}617UV?xG*JH~IFWjX~cmrg*L0L2W=3$}f2vpLb&LLAkyK489@3{rF zGBL?|Ywz6u)IWmS!MM945yoRjd@h)R%2WVXD#DcpkO0X|df7~MgiA&lvueOk#n${WU>T7~2KmT9DgsDf7;LHHo-{3gsmioEAYiCGRu>Pm^Ie*Oaqg3W2PMmjV|oO) zbPA{IF(=+T4@fTSV-ygO@(EAtP#Y#3&$~zuWU5Ye_+%XRY&PNXd|@TvX4r5&cPJ@)6C^t&9|6}C%wx_;XfM$J!&|BY+xf1^^>AW{d5Vf72VuS#Npy4Dq1!kXKStG;5yGGv{ zYKPCAKkRTm)&(0>x9n`4&0ALx{or7}dvAKj?-jJW86Xb>@=OUm=bHA)igXH`r)vN&GvqA0l)xtMCnPVplKM7q}dh zR#SO>B09pLHu)(qy*JR~fR|DX@13N`dj+mxxT z%&@2^0eQkqE5b&md&|_PEbvRcZ~>}}{*KJX#l|9|pYL{v5#P&x{i_G7$+~B(toXA! zOOrn!Q&7)HFvEL|bre>RNkKyq&2vQ&ANg_l5wMN%nH6CVjxh0~=WUWQx=OdIvT`$y zLLSC%;N9?ctU%E86={Raxz z!ww16sA~0O4K!VB(Oo-T&&I;>w};rZYTG!H)uDEw{uf%2o~LD+q?FY`uz^Cp2u7Q@wVmW z^a%0}9X8|>&_KLK77?t5Y9#5okMBA@O>Bfo-iidmm1{u;P-E`xmBUjMUp24r)t4Vd zo(uWoqsaGUM3<(&D_8Z@q{tP`vk$#^%*u0GM5Ig*XNqCA>Zd?a{JR6P9F7{mRl=#yxQiT+vda71{N`lp<4^2ye_b-*KOb8<-v4fG`#c(uOMt-G z)_?|C`QEf#-kJ8rPmy(w-(q4czzXsNTvip32-|TDMUCpe8bRl9;wgCm0{|U!^r?~(;=K4rqnH87O%MrT$l>yKO#Yslx<(vbYL=E&?fmGCuRXa8MMuMc^y^qkb9^D7J7=c(Px6R2f{LiNgcclYIZQf`C|LVF?l5fSXsi{eJh70NM$N`UQ zA>0l%SZOXhFPUwwKKekd)S7Mn2q*Lg7^xs|w#7uJLBOv}=D?+sC%=gcc?T2~VhXPt z2L12O_HK2*@_lIAq!JxrGh@g0<$ubG4&wGlBf6I&>mW^7ILR9YG_IP(=g+r>#Vzyn z)2Wzc&{wRhQlR9Dv)?vPS>%)PIgf zz_z;jIz~4e%WfO8bMn*q9Z@^LV&jLKW-u;e2Npo{;mc6A!)E zYpY1yqTB@P5iMj+zq};KlrJnTO~?r=JS7*3073Lo)lKW$uj1q^kaSBX(?IbvRyQ8s zHY#ymwy!gL_oSirqZ`m<&bMpHCOZgwc6)!=XYY>Iam@(^0XR-ro9}CR@{{(#T5WZ@ zEve8&Jeo&KObrkQ^$t-O86itgPpNaEpV#Wt&CMCGNH^Q(=;wC%dGoDQ5rDh*j-b8v zS%IALc=I+TW7bD?=OxO&yST_I27Ow zD%O*{A{e+NwoDwp5RahU^|+S_*an$^4$^_eEtsj`4%Is&mjMVCX@e|$W+gih3MFd# z5RCs-<5#bvr^JPXXo2S`_0`w3nJBaR)74ettIsTXIUHozd1X*Fv7W#pCMSq80=P)y zfiB04njY>jK;D%4Y8yz2rT0vVrhWT1zy)z6>{$VYkoA|PM@UzF*F|PXK3o22+RL-G zSo+hP{def<8a!yu(T0AlbmahhrN9L#TpJw|J)c+PmI6GJLp>3zYZ1V}eSF!-x17-r zcVO}Ez=*NG&}e1lgJcnD!v_;BP74Vc9Q1o*O^HDw^|fC{Gv$L_^c|Z$A$~(y z{WH;rv^Mo+EugmLm*cDnkVBJ;1)gab_p)^W7@VRlVv|_|LhgPjRA|N{$arQXuxNg! z5PJKi-lTtyr)-Jt@!&c*9l@3d|81 zHErK@82^0rS^mBC7^A!S?K)S%831VKqqjp#w{M6Pk=3jk z05m!G;~dIrT``}js2S$K^aC^3Ou!k<1dBsc%JPT3Cr7nq+>Ey|&+AGxm6X&b?>bS& zpRRg~2a5LQ#rM3Ro>M!lD!;E|VIk+`*ss~=kcWWC{afjP@Z#y1@Hsg=ljvroJ6kd< zKQO%fThedDrwF}ux~p3VDB_&fC(1cG1v~!+1eKJ$_iovJ0mz1>-Cv~`x9 zj`0s{5b~ak>w=mT%=bqO9YtSX7k%7$t-$|W-A#*pFT5w{mA^>y9Te@4;LPtII440M%CltjrlOB zQvY-38o2ic4kNYPh$u&T1#8uN*Emp^=C27e31EuBxxr zqKN{;V>s+*)c1Yja)i2vDBihGN)LhBV=K@SIm&wasgjED)H48p{7{3UbSfK1{ zUq?V2meWxlAUD7E+}(bl(*4*U;FYh2aAGzLh_3I?B8|LO`D;vfjSySkdB|4`??sHb zZ<3z%_VuleXv2#@!So47!{)kK_ueWBn!`gvs;hbNd@!DUp$=jF9@S&^dMP)raImLG z1?|8>loS_F%PXwO#a8MuSvBLZPkV=l-}^2m*Y3?SkPg2K-Q_)1pzE5^;Ih2z+IpU6 z?fKGPwDwAoJt4GjnL+Mgi=%G_5Y#_a6XXg|P#lc`xVh)ked8nNrnNV#pKI$oc^Yk^ zQVR4vi#Ka9YM@g?d3<7`{*KM`VR(1hp)+D+13~yr!(g_7+)x~>afO2ho3r!=JNuO) z2Q?ufL8FF86m~~DTHtv5xu{AfYinhr>SbZyz4nNe7TTDG0|NPO*G=I$B2$Nl{NDG` zk3QzrSx8Q$Jl_ZfOFg@Y0J9_UWbeF1mbL~HMfJcbz79MuBhuou)sdX ztqWzn>fU&i)F+L(b=&AO6>?z!|{myopEUMz5fx8vh=3xVFw9Y^RfEiEPV z7QxeyCkM}xK#Lh&&ux^n05#=PE`J^f-T3b(nNN9O)jD0E=SCLL@>EaWttkafXf~#5 zk&6|(sW0**w>FJZ(sVJZw9{?V7%AV&rs=>Dw(0_AoN1oqaT{A>cLp+@6V30eH zbqgkOuDU=kYI?wt0=OC*@S}aDgSmD2`%3VtVQMfiVXQ@r^<^Nm{L(5%{np&P-E}4M zxRw%<%}@xUhO2*eCt!ByqiH-jfUhx6%yGj`ZxG_;LTvUaAZiRk;A1}O-fk@Qsj!=@ z((vA2pOuFDmc3t8-WV_K@LhS{$qG)S&kAg2fINLAgokg8lFzIMyd!9sI4YaB38db6 zZL|LIrstLcZ}-O)*Jo$GPy;RVy$%+F-T0_2=dRrJN1W+}pEQAd1GjrnLPj zAh=dA4OjDT3^o-GQ~(qST6+?$CD^Gt^ZcKt{XD`p8p*h=vnm=Uv)tqqIi!GO7j05Q z#g#TJI131qL#cEe50~b`PNN?DQL&&x$F%-QhZe@|b@09yPLpgh+P??n?Lft22~t*6 zog5YzWD)WM6?GZFwI3Fk1(OIm4-QXWrm4VS)#igd!HNX&+&F`zkhojXQ)XXi0x#%`>GjTkR}mFL5Y-e4FQl?FMhbhH zXV#5GU2D4)*%PJtlT{qNFs3K!9J6QPh4c&Jar`=BW;&zeo3J$KUKWdmHT)K{G=9=~ zs=`SSeb9c-1vKEKyXBDRL&O*%r`*x9zv|v)E^UtrlGc9Xc^XK2A5Z=w4F4hqHq>Ko zm%jg{cKx}Mxt4+BnERmJa*vr8luAy-fi-SpgR80ZkuyricfCerwf~{msyh5-@FXJY zdpNhO^j85U)MmqxJ?Nw=KJm-Ab>{K2NpSqaUXOS`oy&@NWPI@A=>RHX#aX zvi~vT{!s!BW0D2-u?8qUK@DK;&&l9NZ_2Hs0S7Hd{`&-Y!HZ4#(&)UE9g+wdUU%v6 zgnY9EgcA6 zJH!r=2rP6nZZE4bXRib53@$RFBg-G%(SPQ(u~tLjUmS&D)BvpB-{QZ!XL*j^$B6!F z^qaW0k`oIHbRl!A9y<{bH6G8Dh zAy|gpk2Y&(f#teFuyn#EYBC*|w@tfgsj&w*hXL!K3&ArJNWk_;z^(PBk3YiNKb%<@ z6pJ5#qG>fFRo)75yi+H0DL&;_BS8VnQ&0f*!~Ms9!rjd+Sd%wD66b%9zFIhb0Fu=7 z`Le4zB*Moh&U~0>|GwA4_vkSw8&eg{c2F&=T?i{cO$5hdcR6Mdyl&KRWi#Zg7K6#Z4PX|cnFB?bQ zb19i5?A_e+$vg+Kr;!;gy89HQGhIfB@YDY7%hdzvA;jHD?ayu?;|hu098d`TZknvk z2vV6>m3uD3C~1G)x~+**E^Rt>-&Syb*UZ7ByAFzj>Gi5Tz0Cr)qmyco$!gPYvD*qc zXM7kORCVDDV_K01t+!qL{=ne(5Ort3PD#2C6}I#)A_;jFxn1yOjU<5CE{2&%{uQvu z;CB#hmvJNk>YS*}UG;8*aiMwIe>K%zeHOGI0-3l4{E6UZ;`cb3#O&xaei15XjGf(` z0O~(%2N$QqN-Nsbg3%`8ox^$ z(A?I`BBBhKSl4{I5+vfpOvopAqv%j@4%bSL$yJlsO0HR<1sBxj-qiV@fgVsWZ&(hs znF`)vaLqAzN3)V){x2H|dpT&ZXbdjw6YB4*EM1I~E7AClxAL?edV|U2SA&TQS0}7% zhIBWWg+#Om4?-Ds-zF%B28ul9-MmxIx~5`tjjoAyUm&4K*cZ3mFTQ@M-4~Rn98l)| zKWU1|4Tpuxkm)!y#h_b+p9&)30|N$i`}nHF-*nKa0eqT;UOtSP+2$$HR;@Zqp)^#N zr1gND&JKx*n7>&P4NX&$8XJ)>)r;<9;7ocE9ibLB zR+PG4s~`1kB56TJi{dmXAiDf`a(r8`9&Tn0^5RGT{XgqfS%xc?4_n@OQz_zXU2wm1 zC3G%ZVl|8zfy*t5Bsihly3+L628|Cj>s0xBGn#c$MX!R5>ax@tufxir`HS;gBtr7| zTi=d#>*Js&@ZTm>oXKn0$Dk_^gcPpO65q#t-S%V!>tN*JU{tM0)9HE8$`>iJL(aeE zOFpp_xpOznT}iH}%vN-qQ0WB`t%yO0mSh1qCrNhFVjFa=t~ zDAIU!NPw&Kq_syrTK0TCUt-f8pe{0N(Qmm19Fi9mGLs9U##>6ghvN zFguXMWY5}5glIjBZLZQ3oU6YX1^5&KjdK@Md(dmPThx3{ThZ1MvjYuFqxo zIqkvWp{4O>bCT0xb@W5WKfPs$d#rG!h^uZaz|-O$6RPwJIEy+=hE!~y3l@Cb3L^h& zAh2g=8}3H4p?K5K$E_(Kj~1W5@tcbVq>Tkf;MrMYaKMxE4R#bi({z~J|LipVDm zcXbTdNEj7~mlIsgNe)oeJsPB%s)I`xB>Y6MAR-1^Kbkak{-Hi z-zrRhTRDgniZgk}&20t))tyM>LRGiQhWfLlgXh4q(?>Z@ny(s zL-ctGFyWsY*+?&-BgJ2zIJ$_R3LPkt zrVc`%Sbv+yMUm~`J2RwTx(A@yz<=gZ7x6Uy;=^$@ys3F?o+{7Nd9-)WE&(M>POz_h z?NTUnzYTiiDL>4hgSvkTmcqn-@|D)@<6V6pS!{DbsAsJXfzs+diVvS!n-hCE)RIc#FFbEu zgyQbJVcY`dtf*3J!6wY*xsVfNu?@^|*$C6PiI+vSJD$WQ5DH&@Z`ot`sa|Kyrv|~K1*5xfDx=A`HW$23@d;<`a<-A_7^3V4M6*b z>p!?%N{eqgTl~tQ3Zq{h+NV3Bc();r*Dcuk;fitCs?)s!c8G-^BZ9$wFnKBV$BKk) zY9G<^Ba}Aa(*DzW5+M$_=15-ahk}5B-v=s978n73t4g;H+B&2!fjd%wt8*f@T#|jb zcNB~*|IYi?6ISc`Y-AoqIT;CF*T%t^^OTeOj0wuEpcDk}O*2hrdk{e{^*xo@taJWn zk{q|8_Fxkg24`!NkCEg&%t55$u&!O2%R%YP0P!ovCJ)F4JR5{^j2!O>QpW7tKvC^- z5=gDm-FxZ{JqU*7dp#8*ut%uK95#}|&05MZhMt3W&Hn5v8OA|J&vkae;?r?~*j3(S2I;T3R6I2)t0iPuF3m;adq(z|5wrej1^ zj&h~2iK>=7d3*FZtrCMOX>XrrMlbXxf0*!L#~$>>;oYME^c4cty>MRK1E))^0sP4Z zK6D`d3r~>ka6Pq%GkX$$9=m>h3*BWf*-k$4M}_eHR^ECG<9W76b{~!&=)iw1>YA%K zGyq+YxrHYCiDt5WwI!cXEQBn)4FH5sW(ATT*$(5p4to255~z8^vZ#vsJDPR^K8xu1 zwA!Y7#Nb!|GCr}Q{TOee^bEXeBIcyw`f0-(lZ?|OE(<@^ypR$IOma6(YUN6;W$Xpm z05~dRuVdqa zTD^$E7sqmFK}rP}I7$n3D?4<$t7)XexTxlta_PI+K`8XE!r;_Z+y4esk_H2d&A_%J zMZQJ$;h()SMfi8#TRi&e?3ByHmME4gC-W&pY@UU3DaesY6Q*wJZ4|{=7bVkSa!+;P z7c6vNweh3wG5Za*kM;dF%$;k9w zTA+w0(GiA=sH%}o5qN0jS-48uYnld>ZE+9ixTfeboi6nt!|bl5c-4EZAMK(QkKNlP zXfqRLhn5`&xgr}VZ}NbvEJioea#NUmO~-H1aw)mF=ws@iuQ@fnSHH2~P)|YY;i&n@ zktFOiqE=c0Sb!qE3|OH2SzPO1f6d2u8zsK*AH(R$*W38NwCU5k{EJywnU29Wg5mt( zECB?v#T#|p5l`He8IEq5#VpJfFtOO19Tp*Gn&l#D)Scc%V>>Ssj`zApr63MIx+$gn z0DH;0r!+{X_Fm797s0mdv=qICxVln}_G;x6?`_YLv^<$V}vk4!zzOiUX=GUjdK;WQU(fM;0l37Gf)K6dVYyuid1U&M)u3 ho0lcje@=?6E9^d)#62Ky(I;yM<#g(JE%IFQ{{ja)m-_$! literal 0 HcmV?d00001 diff --git a/_source/_assets/img/blog/jakartaee-auth0/auth0-create-action.png b/_source/_assets/img/blog/jakartaee-auth0/auth0-create-action.png new file mode 100644 index 0000000000000000000000000000000000000000..0c717d29de9ab61dc13ddfe9ee7c69a1bd32d282 GIT binary patch literal 74093 zcmeFZ1yGz#7cMw)gFplb5F~+w;0c=Ggy8ND!F3?m;1Uuf!GZ^u-~1@>la6kR`=>42j^oB`(g^#P8VBU56-2?VwRGOE zH-?aPFDeM~>jPZintvSjU9_DNR6qPuj`#9T&2mz{8i~9t|1HI`3MJNma{6odtxP|4 zms$V8z8jAd&l>Uc?uxi9bn57C$LBlDs5@Y=XD_LUhntr#-a_o%u7>{eR!S8A*2UXj z_W!+jCa3=j1W4h(%5c6Z{;LdUV)*}B8ECheAd78n-NQ3}6sfhoc#0v3M-p~ibK3XM z7ipO~CnvYmXjdfoG$8Zk}dQ~@sFJ*N#)+zea z>-WK}cYX0Mo=bh!8re?I6y!+k|G>NT?)=_>%(Kr|&wJm3j`sfM!jve^XBX<5-FH<0yU5#x~G5Bo!k)YuXo5LBuKh+lLLlSS z&2EkQg?}pVe-EN8B75p}F?2HAkA^KRy=$<4C1h`CNI^yE?Myt}86xg1@AU ztwZoA&Mz!mKFXQg?xkY+eednLck=2Ev`m|$^p|?iV|v~KVn|JPP0-ML_R^K}zYhu2 z#g9etW4xRSEXE zB+Wc;K79beyL)~?V7^spoCqx7N56{;C8CBT3AY3d<4c(;Q2{py&s&vP=XG!{6O4J_ zziXC93SBIvSFrcXq90WLf#GUC-#qG*{BSSYN`9=ou4gDJfoGPZ9D!-7hWbzaEor_JUFfmBVJFepHh6UC@PV)8>9de07lZQGf1^t+XgvGGUrOz_ zpW($#?5~5yh4}BvJ`P{~g41>uMnND6;tYPK1C{jP`g3aEit*~%KX)?sr1C##QTo_84ktZ zUw&}(o|t!q_xzsAt=>iyp_alxj#89h*_SRJMfs4QtaO~-`$9J$kPIq+woBPO=UoJ5 zpA>&#_HL~(@c2h{7QfRJ89epBcrfHWmv`$`L2J?T#$H>Y=_UMN{-6K3bFz`)i}m|p zC*7l4SbA{Y2GUC&>S)h&HS|@p&_!VPt)kUx){m0q_tuMx7FR`K{T@Ko2txi*bYy5@ z$qleqyqJDpvOM>_@FP!o(S~Q48^>5(6yLbZRC7Ixb z%0eIm_x`Ug8eaZlUq};G@XtC3rV-!xB6j@lKLbu1AsF8IbMUzh8NURBvA;SYIlo|U zY)C~0bRvHH<;9x43$aYcQ2vLw{zJBn@=x#L%s)7UZ@+yYvup7 zi)U8z{I&dg70H`}a+=?FTG)49*gcxxWpCX?b!?&}!x#tyz)x6sctm{s&xrYl>1v9G z#TrJ%>T@S#ke7G<5x9Ts2vQLW%`-=?DygbYKjiT3e{VkK2qojRNChnaQ2{SP zWhJGY)FK63Tt>WF4$$XQdk4Lex_Y*KwB*W4e#PJ=N|%3co;5zs6&V?gWr;R8VP`v3 zR?$gWjU_QMHf)_KXsM=#=>5ATd?h41l+~39Hd%0-d2|Q}2|6O9o|kh|O)WrfUioKg zqd_fm^5Wt#tGtO$(fz6IIdnrKBlPt2iYmG6XYHQQPF?7=*B^OB#oUBz!s|~zTPkgC zo0=W%=5duDdKQ(-nNRQ8!d!2Jynfm1yeBfrDVZrYI;V;4F5)LWS9mF0k`9Z<-zo| ztD&ay^74g*wY!N^uAX1`P7PzsErOO_6>8*-nYO^Yg=l=&!+!HmWz- zJsQ#lQ6?rvE9*XRTH0*8?n4_4uA<|eC(q2ln5s5>HTP%NVr+7NQ>Nr$XD_XGxd(fh zo^B)|BcWiPLj}fj2;4f(>&JJMl~p-0ocL18%8}%rw!VpI6sw+e>e{wbiGGu+M&T?y z2HBTse`3?J?2F8o-<;w_By0RtwOeAA6BN|z#az4QqfvKqhYU9Q8>*(PzlC@u*+y(e0hJf%mu;YhMq|bI(%@3txblobF&hP8t~-?}#!(AY!J^ zo*Av%>cxII!gxeRL}XixOgKef765iUG%PH2W3pOY!SD21@N!oyuV}ects-9%d&dTz9l@ zDTy;I9ve^28U4~^;XdsH4!QDdGd0@plZSxq1_t}5 z`eE__GCth-5_EZ+CUH23Q#L^S=GcT?u}&|e;%1;(oL8u`-kxtn+Rn~x_kww<@LX}J zXl)jGPA$h$5Ys+ek7eCO*Gu;iL~B1>I#b5Lq2Xb$v*@ObN@C77=r1FjnkGZL-oUO#y$FMjpCe;Am($!U@@^J@`vzeJpdfFOY%iMMr*lnc_4q>`Q z<3HQQ9NE{cksMT&8I3dFx`uaN^3+emzkZb%8Xjs}+HW&1Z8t8bXCJz^t&hhpNXR94 z!l-##xly~B@~vfb9Y*FbKf|@8lw=Us~{m!RAt|$ECYiD2wIt$#lQ$3wkl3%HE-5n;83)EokxHsW9**X$%B_)-jvMcza_Z+YM%+K$O%0tA~$;dipOIqc}cPjx+ zX+!Sk)YNDp$~GfUE5VkThne_VmSOe<5ejSnN?17tb!U z9IHZ34?}bEauq#v92b_BX!+sQE(dG(V4BLx%GDUFJHvMhO45`phEFRH946-G??%i^ z(8uiK1$sYj-@dJ^qLSa)iL)?oXfe-6HJGc~_Ctv+;bbYF^h_ubju**jSy zx^mDJhs}`TUyt}cvO5=oEVY_+S!ZBSvXTFymCt5mVq&)3`-FtW>HR3bu5ryUH*AgV z@zi{Gr_xA%A1;>m#f!m_>7Pn^dMUSW2Y~1(GA`~%&BkQuw8wF)Rk`SpRe^@<{L(eI zmkMfXX+zW4url9@elkW&s{%b)F%eg=u@MgtG<0_MQBY7AESI%@laMWq z2oFE=33QB%(xe=xY2)J>AY!pt>h|`sC>M_FqhnxD=wjv-TZdJn57wW>b(JB*AJrQc zt4D?>r0>~B55p0ZAtSkA{VWTMi|tlehie*1J(=DOsoJ_~46Bp5G?VQQdOJ;wvoo5V zHo7e`q=H|3wq!Hyg-9ROi&yQJRbM_hGcp}f?io}fWP}B9ut+UIcX51nsvHN3(yQNQ zSgYpuYdc~UCHb}M5U;LWFM0fKczAd<#>B+pG|t*=C}&78#IBl^9errv(6m65ZJjjr z1c8&Dk|MZSi%m&%-{40dhRX_h#E$(Ct!qwj@@A^ra&uS-BQ2Vgjba*Uik7k3M(<9k zWjR|jOh6I$e%u{cTf&m5U=Zb-y>qhNy{V2<1H;C8qlqs2tJwqC4_}|l94b!uqU(+~ zj(z!CR#sNHR$ChvBqUjJp7N_#Y54$y$@`p2SxzpCCNVxmc(abE$j@Cwq)LW_Q{+K6 zzwD>$xHrc#h~fKPbOHrrpN*c*KyYw^25c*o_6A5=Y0B?#a+`H3v*?k=dW z%V=O3>*(mYdoHv8R=WT0vdseDD`;zzsURk+9VZ!I zT6UXD%O_3MAK=r`F^xf;>@>@WX@M_mXx@@jfa~xA|BVw;s-CwxoM$mGvf#R>Aub~` z{O$LZp<)v};2>x|OUc1|+y_3mPV?0|02eP`?%FSIfaA(5(f^e|S9oagE7m=owI>lD z|E;e97&*G@m4O3_7v+cZBwf3L`UWz(T>hqbt`txO z4@olD4~r;oSZ(mk>5ZKU&ypkVF5e-f(Q9OBcctr^b@}QzUy>}Itf!VJ=HM#t{$4So z%&xqSPRbb8S-d6Wjk4o}vvr(Q`8^A3CMQi%EG%%N0!e{hL?}P;tjo={*z2y|v^cpI zyA?>(oI8P*P>R z#fK1m`dP|;{lXW#lLRU~g2&8ynxCdA?0*M~3`aaPsuaR|RfbrX=KbWxmz0z9)-%jN zB(5(jE6dV_H99mjWl(AEeMu-HAzSdu4b$FVmwb7}!^6UWA7G*876d*@IgW$a@A*=K zt8uO`&61%BGD5LA+oXs55|#sc*OPBpgn)n`_QTAAJZ3`HbKXY#mD$%acH}d%yI>>7 z^mO(UgGC4n>o4eW-NfMSXYMlhfhC|~R0h#Q)%rm_vJ8PG->xi_1Nn?3({V8f{&fXi z+pjBvbjtz@E4HdSI^am?$f!trN8!HrWv0%CCOE1D>Dc%EK`<+ivDLTAXN_mM5LhG$ ztlN8+-fMl{W~QdSin9EK34-?VXSvrsf z5Hb#@@$3FTqtOMy@a*g%Bh^!33iq0lp%IXGF9z&c=LQG5Ui#zr=D|~QRp!>_Bm8Hj zuW$I!PY%t}_4Vf;m60eb`+Ralby_fCldtJI_`8K16wRrBhv&TVz%koT%zM|42 z5ZzJ3e_MoyhUQa+yslY6+R!AvcRG#M^&sohHwpq;@Lb2_GmCJ5^?~Ea$2ce_O-gf5YG8!5hdJv%| zQuZ_y86{busbsH0QQtn{4Yr25S{xQUp<`m|bIh$D3B%)`g1UH%Br#}b+#q*R8j-ri zr>hGh$ozV}9K9FM#cw<=fXk3`s<@-~!WuVvo0B|-8_Ee+>M4j(y|G;DRzbveZolwR zI=rsSHFiCgXqO`sUDNe(hf7O%NNWl77z> zR~6*Udjqok77IC>`=>W3NDjnYw`N2g{(d|r?!HE1vFnY~LGFIC2|M8#ZX{IpA109o?gh_2q zay+m?bh+gHC^T#nby@q8`Dvr4r)S`cL9puPR4o8SGB;JQ$>l_~7KgVyw6zoR$%+t1(|DRS1t3=hT*JdUa~jTg#b-a)+f!lo_xVv3!`MJoDUVrKP2|mHirg z_yV2p2;L2kjN~R4h=Kh0i7V?fbq4dB#U?&OggU0Cr5u_S={~Z|ou;fLT~{8)v2zF- zDl3|VUO_g9>1~Oq#t=UeJQ!GZ9s+Kko_MO%tcSltDklp#XX}$ZL_nsi`etm* z*P+`D76sCS%Vh{l4r$M23NF39!fGi0TEQoW1NBTK2n$G=))YbX6vD5OGkvnyI$4HC z%JI%|%0qHsgma3g>t#F_XxymdW;j`e>tb4EBU|n+x{-IhS*>~H`qk^2{6E!m>$Tk7 zf7Qf+kQjA3Cphq_l~J?oI@uz()!GIxB`~gRu+D9l#j&wVEp>d%MU=Kc!(5!ubH2w4 zieyy_8Ay9DlpA~Yp00iRlTN#AjRnWQZ%_=qF~P{w($=4Db_b4dk?im9qmldNk52E( zN=Woa)Jye8M(aL)nb0WBsgp~qstZ5McRoyINXI!$V+I@$d7SUGWDRbvz)Z|n8Ap(5 zHU_a9anqY4G?LLP? z#VtIwGJWn4t#q==1eoP@f&3IeW>5wx0o*ANEu3=!W>dxhJc72FbOC;W)8`xE`s!GC z;)a5ZOqt6;>j3ce3t#^dh1C0`Ac9Cv>aSBW;#Qwo1GPPiI1f)G&2=V_OZf)zXV=uk zC*ro1S|l9yTUIS~+s$vG zQ#H?$am%?Ct-D>@UVgTmz_vD`RwBZiudn3-Xj34_A@`5BCSEDjLFma*lc>Na4Jqnw~0cPxIbX=tG zB_)O~&pF1%X~visVy;>LU-)dJTWbzTj^*mjI=tg5Sw8lGm-8}UZ4_mtM&6iU`?ehS zZv6-u3J>A0(HtGk%BoNU5vJZKdrA7pQe6reH;iPXdIoL5cGND3yA;s{3WNi)7)d{J z+ix?Kb~-LYFKh5bWng7f?yiYv&ZK%$HlQgLM7Z)2vOdh-H3z)#_CCO`6n}XzZ|fU=6`=|xc{CN5h$|D(Wnif z{GO9z4xK7eMn9weP|Z5T-z;>kkE=@JeR(R?7H z$8D^;f;Y;%jHK8|Wp8@+%*8!%+o2`FsljSjf#l75th+_<5hp;toS0~^1yI=Z}hZ^jp)KF>6TB~`A;65 zi@Xv*;u$dg%9ZAN^S@rF(z>D~A|yWFLZs@a_qrbgTd==hn3RYs@ZsLIP>@_p*Shxi z_Yc;4>KdhG-dGoY)W#FKujg^U@8rQ9*E_q604QNw3)U4H8}^t5Yc~Gy?c(BM4!}*) zGq^N{p6lnvvt(wcO|E^4B{gi? zm7Ca*N;vQf*W_UuwO|xaH!`}XO9X*@?+Gl$kCk+++-s#mi4urhzw_h<9?5%++O8OP zYseZ?DrM18+$w{kae#G%`P1(><*BKuW_49^Ut@7y9Ws3G!p{6mzA^MVX&EB^4CGL+ zY;SMBLP%|TY9_6s^7n)CAKe1lTY-ep{^eH=D2NXVlibT1Udr7bM!x*6*XT=9jy?M7 zKW^3*t?T{+*hi}h=J?1eP2_-4b8e=nOT8~1>HPxe?jqxO*`yOw|M2ZHu^ z->Z55WC5Th4XdFQmSao42t2M2p15QzqaUUd4-nRAQH<{Vf2W1;CLRnQL1{;O{3fmN z=y5FVH{O^$vcgVd>w+t8oF;#~(s1W+px^r-_Gea>|8gt@k_>g?Wvpkm$}??fb@KbB zfS4eK)PFTCjD2Wv=ocO3qtj|Ei|bK;JK*aO@1L#iuV33UBI|ytSOoBPo(aRu%nU$| zJA#KtXpsRW0zzeIN~fzq%FMz0#v;=7`e`w6(fHA~ z?znnN)1F$9TouxuXT+A|T?ZS-l(jOhsEzEBk}Vo33J$iHSy8aO>$;V@I6) zqga_c-#pN?3c+x)ZWz3*gcSg6JZTQlY5ovZY6zccM3I*>8-B6o;n z?<9<}w#jw>wpKwV)y)H*{nnm^z9u zx@~jQ(v;#jtpP+1H#T{UTa(a59BpxefGxiyDG&I~yP!W0>Zb^a#0`S?l z9^{#Kr{(To%p9Qgn`DBIWiwc4%Ojwe0SglR``?Ck95Ba^u)R%ho)Wp#A|82*YqS7dB#4x?syc3K*n>2hf7s$6}Yd&6p_ zsYqO2U#2WGW^W)v+s^a|1Jal=cK!uss!H7W_t5$$?$4`CPx&9N zO$ishe++~$I{V69qTuCD5{mz68*@O@eH6ZezBzGno-of$a+mQy^6x992FG_JBd*^) zE<&uYPUYpYu(E;}oj@M(=FOM{@S|l=#1)l%@J_`_CK#amLCZn0U?+8eon$>dMMq1k zEU5Q!)f{;_*yi zaV5{(6Trr+)kFL*K!ON74ZRY67z^*(EEMB#wV8*!R?Bk})rzkwjfR#`lh6Ai29`@62)N z@-%;$9gWAyb|xJihqc3sBT+p(XLU7scgxtsD7%Jd%L6*~*oA%nfNr$MtM8;JMM+te zbc$2Fy^RAN%@3F&y0Zjj#6F>f0rM!$h}b9+AVN?X9@kK!Pa6HHvcEc{c&0L%s+s62 zmuECI9md7$94$)Ib+uGh+@LT3(6$^nTotOFFpugmFQo&Dwpvh73O!hVfIbE;Uf#+o zIBm=0i;+=fWMpJzZsIuCQ4QairOMbE4BXCdpZ86I%>L$xD##mh0zMcieYg1KK~ys##cBB4T1_GY7_2$pef_#xywMq*qp$ zDkrN~Z*hLcF{OI9DgH;az=u~Q|Ac8d=g*89;K}(uNuwsS|9dK5P8uwD1tc0;$8%f* z`A6spPMq?krKOcFPMzU-dS+bWw=O)}q{G}VT4|~+Mq(Z7Qy30TYV@^)~-RcB@y}z%RG%n8etml&-0!R{9qEj78yJBlS z&#gPw(Mgh}mA|^ec#F_hhy93U!LKmO zFXoAvt zs%ySNzIeRzlmH9()%2n6WXHlC(CQC=z0&fj0Di?Jo?VBzGxpxW*I&TDka+%1_Z3oo zwz5`y`ly(^?f2f=m{6@N3g?lP768gk5)<+Q8Xl9Jjw5$V&423 z0rOV~3&(9d_T)W?NOW6EA%q`~Bds5GM?YF`M}&6UJ^pfr>ue=|^yTGCa)y;PV^`J) zu`hIL(KpUYx-)eEu;Y2|080G9Pu{%A?jkC(04ZC2esDtcNY@AUbtj+DwzfQy7q=KK%r=pIwRVf}?Ls#biv?VZ*M0 zf}LbDwyh$182GW&JVaT!)9JxFxBUR4Xb*cRC9kX(WlY4nAl3U_<2oA!_kp5dh(U%4NGf)w@P!$-mw@$Iudy%uY~aA zi&9|At?Cx;YTLI_2l1}hlVK2rJ8Ol9DkUKP-v1pIf`bBJo0gKINFY$I-Yx4Xp1Iy) z$!M*FM}`ug9H*RRHqfv0CsNu8|MZS&ewNoUJT$k*3lWe|Z|$k(`!;4`jP< zI_I~{^?_18+r-j`*8n-m(|iaH3D`6Aok)+6{C?Z|`_pwc#`mlr1h5&HAU#7KU$gT4 z+DlyA-eSL~L7}66dNY>9-qS|>OMdl?N)Xr1>q*%0^nNp_4V{61;CDG)RcE9Y>m+9& zbMlF)@+9Zm?!0uIi@|`txH0$A8b2K?E7f~fK=)`)*b`-RLnb6Id0-n!5@5|qIDQb+ z`hezf@C5gJ*AVg}UnuYPycA$RT(2Fj4&d*FmScIBPe07hKSI4e0Zl;F6&N=SZBE4Fkw-nz(0O^M~m#2BN?VT<7JyZ(WO#>6P34Q~2YD z73U~VHvK6|c|b0nR~y#$u2IJe6=B!T!+_b^vfKZn|`W zT!7tRaX0qW?vXzNJ5Xr?U>R9U=`Z)h?YJC{p`0r{SfUCE7_f6p^*hXGgocvM)>?MM z<@f2;TH{3yaeQc}?9=0ES#RIhp0x*9oN|g?#E-rH4)`@oERY@Mw4~VKXn_d%3xiSy z-jKt3Du-hD=TI)ZYhV@?RkC^($VAX zUsnzW#!M2dDt1tg)9!Ga%=nb)(?u~{GOl+308#=xFpsGc^*e+$c|+6iS2bmmRwK&c z%mJsQ2%&;&hPJjv4r1S&aT;H3{ONN!`I331>=@(G1+ts`nv+>C_eMXwq4a1eHXe9g zozB2Ug(%i#jh4*$&&=w0X#i|(G}~I$BXb|gc{OitwO-1~=CuE8T?!EE0M#_B+M1=m z;=9Gk#5S43Bq@ zl2Ox`$4^HR6vqTW5&eug<$K)G-VW;HOycOBTx)M%#qvp)PjzUtX5&-{-~)h7p4_C@ z5(Lbq!*s3VyBa5{muH33odw-T8>Frc+j%4zMJWGT?>d;>Qk~hOcM|=js#x_T&%(F# zDsDy<^;ub?A2yV!L<6~`OcIlD0PyCBi}B6{l+2xOgR>+bYOhcth~h_2uEX{D7)5z(|+` zIG5h!9CQ82^JP9zCLl8I>J_}PLE*p{1_+I*q8V64nk2R|<#jexvv>KY0|jVT!J5ci zGYMXgPVs@LJNA=JNKZt>LtgBfA}A0KGnN%i*BvjnwNTtf?gtE6kmVt<9KzxG6=}*) zLt|spVLMr~di+}MOAvu2K(>^2-^7=`Ird`kCA3(bfpE<7YN&wbS-{zPxZ6D(h9X=Z zRBRT;i2kw;=6k!l)ZHiiprwWJa|BF!nFqQWRE63cNR3Tmp`p>_oZjP{v^V&RzsY;1 ztS)<@$Dg|AObn+%?d8A@8`Y>6Qc<=T%)jwy(xD}fF<6ROdwQFQ zwDIlrBIJB=$kT|i9!dr>ubF1;gl?66kOH7E&=oJ0ath1DR=JTVnDnKWyDKec5a_~( zcV#3sP5OPG?{p8u6D8iN8VwCqs|6cEjp0na_qINvax}~H?fNx|$i{S z#rD{GD3**Q-&CkoLdI9S4qnxlNgPyrwO~?<& zYCFEp-319sK7)umx+BG`NxcOrj7bA3-8^$_?j?qy`B=omphvH2nm*Wrs2P2%UA{69 zLWE5HGS^twz1-Kb`U8(>1)E>>)=b8vckZmvf3`TxJ`5h^ir&}*L zov&q70WUoRNlHgv0%W%3!}P>i%H{&NTUCpz{1$D;ci3$jlDwI;23r?wR|5G@1p}sB zv=yx@`IapRB!223O%rT)zM!`-<@SvZsuq9zXP$&OyncMTSm5&rU9o16+n3cD5HF`v*`836J5oo!zRI>OTbpgoG=(@On`4 z2|dH9{_fK9@@hLzR-1uAG5U(nWaZ=!s{+K0-NHl3Og-i?%nxM1ihw}CZku#ZLV{&; zmjK?ANrrGVMV76fQHub<1>lT|({=8tRU3eLwbvL+p{%Bq7B;H@_{R~T{s0ICrNEGY zx_0cAc8M-v@?-(9J`0dzo;^#q&3F^J0JCWQ_K}3o(p0KpK%~$E6xaYp<-WU42S}>` zxex=%MP=oi_6}tJm4j){oB{$6W$5U@Wf9V7fl|O0zC*;+FE1Lbpo242-|4)fj7!2M zaJ*S=jgxaH-?bd%zF#J%zxj73bz>b)59Jax0}s?=F)i@pMpE8KJ@UQ@#Da!_|1gm6 z%M0p-0zwC%alI`-Kv(ZKu_^lVdbf7_q>P;tujE^P8xo2N3QGy3%(QK(_TFNY zR{!3J8l+eK+WAh=_c&LWhyo%YHvh2P1!%$&H^PQu?{Bh<#}CD(0-hXc!{skt7hH5N zndhujR8!AND!UJPuYB?S_iFP@K}Y1U^P+@(dV1R#D;m%xsV~Gq&(KU*1cmJ906CyLhhi$8vY)H~Ox#+pc}Q_z=>% zAc4f^r2=flO05JF;Sb5Y;$Ivu826N~D*EHk*uFO6*(V;JH6364oAl*jQE@Y)0+)Y? zUK}GZ4Fl-T2-BOQ(jUS)U_Mo_wkMyj-hcc*=-or+%77_poBr$+-$Yd-whGo|Z5Cd^Ds4?_a|C3%^Fd#SEaMqf?ew2P}ZY zZZcp{_?J>|w(0=+9`cWz-Z22AEOvkvK9YIH z_!=I{29$bGz4Nuw1iogS1CS%%JieQrM%|L757|B|DxSSkqr$=%qUoiXM)C>DkpHU# z1e`t*XBbX^a9f+Wgp7=egzZ;_pR`5lc|~Jt7?S0ze-u=pbJX(l7f9fgMY{< z{+Y-B&Pk5{{WBl`ZTWvLPi)VWyC0`A(}%~{1Zn}Abg!R;a#xA(&VQX1kh781s-W?| zQu~z%1wrX#sS0o3_7BhVpRKt4LXnv0g(QBOCD&Dnj~q*|8JcGK|8bZn`02mr zWNaS(drJJjw}ia^e@d3Ug*@cWTQ)JIu z>Y$`8pQ2(rYVoc(&H;6kM3r=u>=9ZMI#D4W_K<=CPR~?Ny=E8atOG9#!f1s(oUZ$H zKV(%`GP$a`mWrO)ZmS z52)4ZkE;TkS>1dhj03*<2`} z4`pk%IBSIygwm~kH>{)^!hSXoHe5g_y)1f$I50uqt<2hG8D1bTiCWvq8KJ03o3-s_ zBAt(nF-k+kL7O7s&X*Z&Evp;DKWZWey7*vVH%w@*r}BdZM}tLTdFIMY=E!bsW%%w6*xh>{b(MW{k19q9G3= z)MiQiQ>Lmv^y!-%mnh0cwakS=5wUy*8Gz%MKQU1s5jFglCTT*bD~_F!x4Bsw(4|cB zdM1+R0S0X=#_hnn+DfNOWOsbPAWctVved0@{(W3P^s&eHV6IiMp*+oU2?K)Nw6qt{ zzm)8i;M4{A(Z{0ap4pSRDqQf*6KEoJwoa~!IZTM3{dIcuysa|*#rI=G1U zt%txqxcjC#zOsI``y=WNB7ms7zZuYoI-rg#sOgcb>&R`VLHMRa6?W=l5rd?&bM<~N zRfxrGS{q<{e%X?hmpuo3EBn`|$*e;F7K`o^k>XF>*eC zG01S0%`9h65Jg*PM}#?=H|Q4jc}AOJAX@6|oHa2ack^t0AO>m&S02s7D%lLTu9%Op zOge9XgFFM^z7{+OO9s!E0Rl8ovQqz0FV$ zp8WK`iX$l{HQ2$-m)DVB0kQYW{XRPv3zF&e7*oJHDSc1xHHK@{J^y$NyNYUJTu z)r!{@5_-Evkuw9R_}pr=Kpw@vl_lcw@@GRKh3hQw!s6+IW|#BYDRtrTgpydt%+81D2@YC`qce>iQD#mgddGjRp*ITi$L?M0a z%FO^%u-gvsHB?4CA7^KD#hM@O5TG|h1`;eRPER@*CS9>qE|^jxI*j@{qD(r5xi)!% zcp!c$EMz6)gx#XV8cCSG$D_{enULEsp#^nAN<%Sw2JFZY-JtI3CrrJ@}-12<>a?bIwxbIq%t2gCZ?)tq( zFxT!>0r{&s$G?TE0z4`D`qUc%Uf1~KC!Z)@D8H4cL%x}EKF$;D=}I`(^qHe@F%{+I zn@>rOYaGm06b-?1R@+C?+*m&z{d?n+gqXN_Uuq?}$5vwUk_ud1lWqyId78UGf5I6= z%yRfq;aM6ryXm*o6nI^7NeN-Moi!e*&Wz1NyQZe>BgXP7LiD^@^=KwNdL!d{zBJ`&jz^Kdx}4~3-{zgbVR{>?=a)C zhed*AMPXU#mMc$AzIId}_?6J_mPSONyXT%u-<30 z@7gH3Jg7sHjd-OEj_ZOg$nN?3DWh(kLav8y9xf@TIR=e8UgIoT+AJyN4CPb~>(s@$_bye}PV+e;Le`UIljQxy`()rze{&332 zXS21d)N(m$%5-QRBQjg+PS|m&t#a-C1h#q&Fy{2U-JLOZY-_c6djloJz%aADp4;kZ z>%KLvv)iJPcl2Y=fx07{OwLdxrXxLKgEt53aiO$EVADQK%gi)u{efrNTZ< z{MM4#cc+J6Jsah@z3_07eT$DE;sqsRheC0N^k7DpAmGHxaGj1C*iQzPe|A4*H@*gs zk&+UVt99AWVf&2ef`g-?;B_i<7|nzKELx{ubJ_#-sV)XxOTAM3YR+NYEK}*QE*)@D z&skmNy$4>GFzkPa<5Jm3&u@%> z>ulJ(yL%$OA0S?}-;*u<`Qq)BFBKI+=Te1kt(*D;PY} ziB{+MdhYs846uBNO&oaNgw(2Cn@{%~@bfE?s?!XP*vv#{K|cpRm6jx@SoHLc?D|-7 z%ihCt1VZ2uNNSEhijvpK=4qs>nol?4ZO-#dB}S$@`h~nG?E#3QJ@%8(-Y#=-14qjT z?v=C$L+O$xCdaiiRBVTZnUdNgMZoL9>$l59JojR#X<6+)&8`mR?sP%VXD(oG6D0PY z|J(O($*MXoD(+16Ov~tylz2A-*RWoJC=q5HJ!d=Z9Dnf?Vzvrjx6f;QD zB-p1u4?b2)2zlN4hpllH_?CUlAoCvlqvKVAu#Y61R%xENHA2(U32DJ(2vH~B^V?EB z{%K)dF&2D4ZT>9Wiq<0_8D=w-(Z4Nm3!JRrY_ z2q0;rtDdQjKZm4Y;!)PZ`d3wuN6b&nul@8cF+BKG{FO@5Fm|bDujf39f-3(x=iTCEKNuU!r?84|ROci25-;q-9#+-NvSvso zJRx8F`KvRQJh6j61B)j1$Yt~y<*M}A5D1UL45L~JMY&_*V=lfA=e_R$_VD)iaRm0Nu}0DQ z&4gI()Q(&$&t=-v>%=uSrAc;BF=2**B5&}uJT`OY9R!c{dBVdkzUSo6OHb?rt-B;$ zfp4*jI~${+-9OEuRaf&ba9s!l-|GKoFvU_KR5OZNv#y?@BaA`FtnB|_@4bVX?A~@! z?1~~HFCy>)ilEY^1f(}bLhndddP47=U_n3yB=io_dk-ZPE4{Y}p(q_fkuD|4S%LTW z?r+bWIe(n9XV0E*PG*>KkUV8Q&syuguj{(6n;RRe{TEfJG8XlYKbc*DKY6M89sgNtt==g{^ ztan>Dxr_5f-R%k;CPX>e*q{zIk8kV0`z}w^s=Con{t$wFru*}tHE}nXsr{-!4-6Tl zKJDhj9HpdiMlb8J8LULn;>N;eQVEKaE84}y6W+32mnh_)y1BVI=Zv0pK}UbMmfO&9 zWTQq!I-!}YtZXuX8%79``BMm@))eu9mW1j`!P-5h;`8iK7j&kC+-p6q9Vw4bOFwfu z6|npC;eSHKwy_pt7anR+sLYY?9Vc%aLJ3x7kDRi*`34Zci$uT^Zg7TTp?;`88vz;#T>m4;}U zZnSs=%YKG_k116bSAxc6f&FYc_n;t@m2w&``UA$qwP|25N#56hG-iP;jAAGa7nhIn z;fYzKn|{1?S9BpcYIfsy#InI{tAjKf>k+PA9pK#7VUE>wSW{I=l2oIhXT^P)Y`lM) zbfwRvqEjceX?NGM&r={F_6Oo~^J`qr{!(Oj!L|*V-BGNx=G8VaX}T&=#hq(TTH!tg z6q&aQiEj6yIyyTsE2Ed^cI18KrB~8J&cfSJz|){`))_rC*LJl(_1Nzy{j_oT%B=`2 z>3^P5U3zrwF{`>9irdo4A+~c>6E_0;_wR}gbKB=Uzy>eynDv?rh>UKoj8z-PTC$6X z+#b_9-fFdPiHOL=T7ramqCb`VnikjxAGCLNM(m!r#l?JU{uS8ve=_pQgvG^h0o<)U z)>6O8{)`6{_ny>a+ch|h zXpX(j&)tbxc+67y2A|O?oY&mWQE-W(QYqT{uGYJkEBCA1WfCIyEsn>G%uMb5j?@bP z@!4rSSARkKhS0}GQZ8dNnTQ?`Y_yleFoXyxoqJ4CnPQrcz?< zmwx7hQYyOk^+=t0`LitC8ssNC=a3}Wx6a1BppxjIf8)(+h_cW3%C|hLiUfCr;yRa> zW-m0%(2M^ z1>{hLWxcA{j>SwurqqG5@9v6*nb}Jooa;sa#7aiyg?#uy?YRH)P;utad5Y-N)SRzZ zajX$o`gL=0FtL{`z=<+1~A>%-a{kMhV^GaKS3Dg&*)|~F$+!Mz-T$)zoU5U^H znZ{ zLMeI3; zSSQ`k*Ll3CDQ=`Vjui-`^GSdSEA(7YP~tbOOnVLiQg8RM+SHayaz}CcoZl0>EWzo_FZu<9F47a%W@x zR`~ec{PJif8idal7ODID`y|Aa6b%=x{7rhka$+8Re64Oeva)_LEhN8?8@&1j0HX(d zupx-eIX$0*;*P zZ}6HF%yH@#;BT)M2(DS1x8Uj)Oi7}2rN)u{kgwb0m1=qB!EzrZb1vDB{k)KE>~=$n5kpaPRW~QDOrGp zDm9uk2UHwPIsqv)-pZTfK9#WJACFpfbx-T<1$8BRCVyQWJ2&K*Yy4ESa z&UoARb_{&?FB!o(HZW?-o(~8|;H%|I8+LPenx_vwJhm(cMXSp%FY{vZ`qLh= zSpcYHC@%xCvjBis_k~Y~f@ZT%AgN-cd6B*gwk$L4XYDs@T~@aTec2@?Rgr?vr{e(Z zP&DNAbrK&T`8Phl(tmYWZxQQw7e2gsE)m~J>2o+$S^&V3YLLl!9=U$l+?#!3sT>tx ziVxm;$X)!n&7aA4T3;ppPd01&j0dhn%yCeSnDSAllh$U5IB!G3n?QmK9q36BbC;Vk zte%gk9!}Mgd7g2w%aG2d#Lv2~dKZgMDdCA0Zln%V<*q|i*6)~~( ztPS9hy3K?dTXT&UKATX9?YXSpDwY{xypUskELURj=ZNw36=0Db6y%mvg4Rq)|Dc?!s$2h}7VBiH{LPeUXa|MFrGau|5W+sp$3uL+;| z{M$a$8^P`hXw;^cIDDiizejXS(0}`vld;RjIfGgo=eoi*2R*11{*Yhq4}^J}4Lieq{8(dw^zO!s{!9{$Tks((n5mSl5bo$B$Q>>dRm~e05hj zvFPQ;nDC5}8Bdu{t}leE*gJ!n13m(Mwjz?JuC}J6VS3=hp|?1b#NoC%e5?wp-69Bz z67=@Q_sU#zSAY*r&MQjEyrBTV(2aW^{lvd=>u8sd3#X-}&8;Ee3n~j-)*7Y+*D?D# zshG(|-<`?BJFL+5_I97un1$%Xv0JlEU>WkUD?_l&{@!~MJ7&GJ4C$E}RF$afVi-vF zSU?Wy&9xc=bv!p(-0i>D@C{OQi`mw6uM4&eY2`|~f|DP_DW2;Mn78`w<|ob8_7 zp9%O9Ue75}_vOVFTxp3@_}!MGa8M)*BfNZ^O*jH8vH!v7Q;D6fccL3v0^6&eO~W5R zHOF8&0$(}wu&xfVlnWDJg@PTzZHbLGHVNm99v1#tGDm&aPk*ki_m6jut9>^(hhEg( z3(;sI`@KDFw8sS{WI%#QD|_L)bCd19u$E1i)@A?CbtL#iCsp8N&P@ZL>b*Y7F9>)9 z--U`+Z2b~l{4|oiyWu4+y0;<#fp6a%151;s%DyhZ+r(zQMn^>q8s{m2AKUIKz#Edt z7o6awQ9E6(ym9;Wp?rm$;E6Qy)_>GI905*Zj!gt)_(5xAwn>uMy0CYn33LERW7mv= zE5+lC#tkE+_LEs*J>#Z@4{Xy$U60m9e!Vv5+)2H!mh$FBi^fJ za$@;F_&$dAECqXKmV6lfGRp8U|2Z5Uvv8btg-C!P_5Gy=X!p5=I1`Gc29M7oBpzqV zw?&PsGQ=n?VM$z7O|5X~?~eM&ckO&CfCGs$amhG8>74|8QJ7rPq((|ynV5gn>twg6 zK=Vt_Q)mJQJceyT2f28R&!59Pkmavx9DZso{6xjpqSaANF`}(X;@|05M_ef=?UX}q zulX`B;)(AyF`4y?BsS)UdBlhmAV?#(Z~4j9}APl6OWnM^t?gb&3;rlib>rydOp#{`&` ztEbILt=B#dg@*d<*2PsjPDuhW9eg+0J5j!&1F%>5x0dBp<9*@P1;f&3utaqWHe8C70oCuw&LtGL`6Z8^(IKx{@wT+U^%= z(*3A&&28G>y#UoTGD;3e71C+$Nznb31~?1_q;BcH9LR?`AP$8i+;bl26n_r$)q1H; z|A}w$cLkMIC=9swkKUDvaGp`(Xkw^l#e?c9#js|}PTkeiJsP7@;7XucQWiU%z$U=r z{9gK8QzF04{(h5IoSM|?U)j02`OY))G=#bb&w{3E0~sd%QUbtyYxpV~ltIXD2vBS# zPCVu<%J=u&sm&7y_TJbIXSJU~W_5K@(DQ9(emKNuc1CV``Mv9FPUMFyCPrG);Ww;% zX3WEv4CdG?Y2_>j6IFTLqY{P-F*YMBbp|yKjgwxk zPZR3yNF6;jtZ|59t+vO?1GK(S-1GRJQ*SOIRz77%QgvLFLo6b>rlf@45kA8hsGFR0Yf^l76IAJR^%2)0krg$5;v^MD1kNhg(9f4FO)usp~ef^h9`Kpa??v$RfS8HBvk?nhfH}2_twCqo$lxjQeXs0)${X9 ze$#xIGkNpiqbuz;5~Km{T2r{~9le=OJe>%!p%OAb7%4ilZPHUMcSb)pyRt`IWlEW@ z6jzEaXmKSant>gm*@V`s9bD^gKK^PW?<#^JY>ZteR8U-{ds(*#LwXGSN(Ffz2+=wnl~~jgE7xW@&yY$SWj%b7NyeQOUMMPR#v^ z{$@}o5a?8!edn;Wv}9+?2FT{%P`!@QaG_qQ;*16O((0I0HBd2mk2_RLmcr!Tq0ZaG${V-w#a_vJ^PJmo7Lwg;jSonqe~4%zDdJd-QstW!X|)VkCagF}4D zTeO0x<`{2haREf_yMc5&JwU-`{2qS4@a%V$%fjFO3)`C)E$WTf_>0nc<@t-Jdj)R^ zu+UDO-DT!Z6xMn--@SXtmst#ABGr`uzefT|!nOtTk39!VLf_=)!{ZYRc%Cp(z0oHH z=+Zm;hiTU_@FGimM0TLE64G9D5J}U*!~2ImGO{k!Y9E^;V2k5B0nxryJY7T(<`d?7 z@c%$lfh_+mh!pV(IdNM$#mg}?#mZXV{T(MXb%;*+0P&HiK$mf9E2{DF`gWL|zV42E z!C6C;1ue78vz)r1gr*tJo+v3T9`mUzegPFmYj3F&Y?rJ$x%nOYnhD&RNG&?ZvAosw zdh9m3VR3(9a z%-038nyYjF>7CfnMIiBb_g~Osc+%5lMA1iOB41M1@kCiP1=#225RdDf(~%zE_^HIM zQ_ompQ64L8?{>9Gn+h4tkMcWeD0@ymKFKjHnRvjDm|r+z{FPbsJiZfA;`v)9{@S0f z*W&3SwZ(oX@3xh_;`6-Z411tEN|0a@RFz$@#(r|p@r4ivzD7l#i$Cde63a#$Ng|gBI2d4_ig#3aq2i|Tom-j-CD#(}p6R9tds}CuS>uobgq~mz)@8qA?p~F9{50>&0b+w&ze4fS zC1>D_S!wjf!RdY5|Ex+RxSoNxRb)j+v+g`BFLZJ7usM3Y4*av{ZPbn>f9hWjc9MXL z`Cdo+Xa>_g4;@9t>zqI&0zk$upH@*r_-~oRb*{cZX`pfEiHeyeD`}iop78VQ+Ro-d z!G@nH>giAlI3n(vq#M^mSdSI6=VRF*3ebVaw5jY+gIcFL`S;0ra+LOkJWo8-0p9?q znUGB`(p0^LTKN%~TWu=<6fXd4uTT^b5gP)h0}jmz@K11sThkC@F61rcFmNKAl+gJowxVC zqVjva&e-nZd~-t}lG6vsrwf`}SN609$TMCiSVEa1vfofdxwp_wxF0M{SYrEAkGb$~ zcRM%n`JclAPQAYLnDtqRC0P7P$0Q?rTx)w$ut7%le=l$T->*bx8bz@xA&s}A=dgmG zJqT}~Sv@n6ZnETfK%U_7pE8Ld1HM7x>yD#CH*Y5Fe&1Uuu6BMwUqg>i!tH5GhlHCQ zS41U=7p&-x?v8r2Ta|$@n(+H%CHQt9K|7;kzlK=3)|fb|EaqkfIs6J}0L=e0yDxGn zmZpq+069w8!x7FE2}_k4l%hNt!q+5jLRUR!RI&G1VC+Vd@_;cCcV+AprQJe8o6*m{ zaCs~B>$EN>3*G~Ep#x^qI6c1>w|s$bUz2I#^#{MY?ze6ulDaCD&L${R)XH0Ap+B|Z zyZ*W2vYR->OM}lBgMu@pw%aP+^8A89QFRQ%3Y!a0$vXt=?S?r-OFmx2hId^bowm6b zB>*a$NuMq!aH3OMzK1}Itb}6B(5h5&^B!KMl=wb%>y>cHu4@TJeu$-k?r%yNRtF>d zx|eeAtu9;soSGqy+X_pvyhE{lNbo)d=E1 z?vAwR+>5i+M_S(RMp=_I6_LtJbdr0Id)6)Vf)x|FScGyivEdQR|$5KgA@!Xn{zD(MiJ>fk@Me0vDaYx~@6F1uWHt0f`9Ssfu*X9Y>H%0f#gxPoVG7X9$p1Gh zhxz|`-v2Xr-v1UARhM~KRxh%~c7?d*Fuv$Q(nUU$Kb}fJGISZQR>j|mEjb;rx}zA& zHrk}Yb)qZSo%_KNxrFR`)B);xn4UJhSFjj+obdhB<5s)6E8NoAizmwrU)L0|7Vb`@ zj)u`n!P;Hu#M(Yesy$x<`^GELna&@3_u`E!njk6gCrxFQu!|?F8OuHSgS3!6I4O*b zB-8v6MHRdAksO+(buAGXu zwyl8qA1^wF(Lw0s3?xMGP!*3F)%W(nPuXmNbU-I4$uV!$hAZksTNNTwK17UO+g>&&;q;laO0g5(3|9VOFFTkCm+TS;p#7hB%=07nsS<4@g z&dnKd;}BfuEDVr#g9*C*j1_n+WNB0U^DB%EJVuNE&Ok!-&P^(y(+MJhk7e&;;^Wgh z4~&df_b36nKHe;t9D=nD3ve#!rGs3!>IB!CFC^LQ+=8$B~$!1>5+y|mG=>k zx&x8jOkKL%9fDiLaEY^YQinjxHW`P*anA)2aoIE{yklVKxz0qY4 z%m$A)l4ppo0B~0};)x>>$o!^L4X}43N97}cKe|b1}^t;huaxZYX+KvtC^8I^fQryB{$W5PW`=h7!48rok zSD1exjzx@tH%T#UD6qiEW%gH}$K842U-aa>)RLXlW?!S|uRrEtUD?LyS37CHh(i2A zN93L>eK~tmTF)IyVoecYiN;fU7mU1Pj5Z!~vdm1!G+R{@{MP8^xb?Z9WBfkRi93z# ziG#=Q)-4XeP?Ht3@A|}y;k5PLm)j=MdJMsh*)e#B51yV)tn7z4c7y&spWN5)#qz?Y zu{9CX?~mW|5GGw9T&`nABxZmv0ZK@NYGq7Dutzj#+Qfy~rfa?rie3O4Xxlg8`EY%I zYMKpn^?1cP#Xe)5JX!c985k@s0t&54()HCc;7qZ*$65pUcx@yrY@&Y0phEELXfuXg z0wCoRArZilM6a~JOW(EHyYmLkjlT*=;@X`&9zc4&;wn7CdY%gq3JncicAnlqW`S%7 z)*(CvUu6acjYi9!Gu42Sh1HpRYidRdIekbpat{-VIFi9(U2_a6bh?U!%7DgM`~ufKfTM)?Gh zqbA8X(|~f@80T-D0@8+5zh!Tg1DCfe*M*Hi3XQR^namP9KVGyX5YYdMQfj_o7nclE z&A1uL#|9fIs`Hs%TB!Eg82C^Mz}@0CI=5U>GZFsQi$`|AN#hp&_iCJv=bwub#4m*; zx~+2R+(Mf1b1MBJ)u!)1AxtI@-a-VMI`sL*&QYBRzW(%O_-{aoE0d@{gNClLe!h3cosid-3lIT)*SoE|` zQFy{H*a4lLwubh6mfgY#WF+A3_7!{YL^oK{jR_tZuf{_vw{7W;3#K4-n{Y_e;`M)u zrb6`piu^Ry_A-b#IFJn_E1(txj@f+%v5PMlZ}!mkE;>5$+rc4x)t^5lQ6iGl58Rgq z^ugy~2XoE<)HF2Wdk&Y~6?^l*WdZFGSKjOG+KJ`MnwF|ZxOl24O^@vq%D%&I>D*jT{JeOapR({= zseY!vVa@&Qh4!(1oDt3ZJbcE`5su4cF4S)(z}+U##fUl_zYlQgw+cTUEdV98Svx`R zbjV$AE{!0;abxC<0xMDn_&rFEhk?Q6FfXD#;N+e90vwNg<4ycvi^Ng%`k(s+_^_E? zJE0(H1=;n+SNC_eV?4Oj&giRXV@_9*u(f0cgUOh!8E@@eQ|mdtg9 zgem5vlnIr4qXJ15QtKEcegQGxCTkA?AMZ60*X`Bq1S*(-goNDQ_+fhGRIx3sO6vB9 z-M_`}&o*Rt#^OL>93XECS)qFpze5PFD;kQb4kj=xAR%H{86le&fx(LkB=zko?O;*D zX6*jUU-6*PPs560Hj{f*Y_bPv7qtKT*Rt0RF`BUWwSy24`xa%d1zp;bJXr^XiW12L zALyCzsbUE0o1#G<9zTBUv$G?df`9$`Y$I_EH+NbNT5mTVR6qNXj|!%RH1XQdnTsot zWdu3^c2Ir7^Ex^!!2fVDv_0bf-MjM0D*ro!r@F+}kU5%BRuOscw#+Io zQ*QLvaP?-)r1rAL6D6b~x!-ehs7aHVAxg8xms!1LW3O=3L~dv~OUna&EWsfQJ0-)~ z7sz^7sK3^kcBn38|1!Z%{*2-PEH^oCSLdv=dF%TEp+AECIri9t-OMZ2vUt@?_3miPqOQrnjp?5MR7KpkEtaCXe@*t45#_&z#WZ5sy~ z_LYE2W%6E?kciU3zxK#SQS}phfvoIJ=G}Vdj#XFb<-o<`BdIc^lJtaPxec@rfdBwo zH)-|TMgeM2=A=<=A6v~WP&jaF;9|s+_B&TSN>8Ns6lY~vuLVud%p|WGqdoFLUCO0P zmvox$345Y(_ObpR<}NO--@QB>;XXQACwY0G??sju_oEY$*DKN@%S|MF+)6hka03Gq zjslRX?zmj>;>Nwn!j8S;=@)nq`W+s4AGm8zeZZ$J5OnAEfhS6$6e0s>zq?FVFT0D( z?kp5PY1%tv3WonLdY?}LpdD=uQJ_~OE(h-u zbW(ZuQ#tE^;Vb-~LWMQptMpMlNvPQU+b^QaE~dyh7w1r0{DsW1|KoRh#QN)yDt2gY zs>{bp3I7%@e=&cn?1dY&w74n(`F!FhfA?=~Gmu{yp^$=;ps;JJ;G_HBMdaZ@ayqv1 zwZ?P4JR8E6vhuN zZuOMxEF9w}Hqsy2h|XxM_)76o`?%<)K}^Lu@2-`PV`pqKjomBTM27e!v?M~}9K6GP zMX8`FCm&~_@oY#ISlhZ08$B2685~@5)Ok%BwBOP4a(k}zU7j1d_a7}l#^F*r)rIAZ z;CtXz0pqsQ_iDy{qqfk31PA}fFmym0s!8r7AMC9cdaRCtvbnGWSdS67uZQal57N_A zMfU%|rH)@g>94eHW=Eq+GhGOd5?Iicp-Y|`=r3HQ9{bPh)b8>p#4_kWae)=8l1pBV ze~zL+6kwjcaD?l7wKKh?#?eAeT`m+s?_HbfcSHrG8e*;dBaVIBbd}pJL!N>&X#Lx_ zXFuHbU0%)S<>cWhkzYL?8v1uO9f%cvsfp4CbVJjSc7-JrW$(6~7nNiX>xf0YG~qKG zPP=jep144n>HnE;t3pGH)Kf80#6QuhD?WQvickcsvhPbunoOYGhd*DS#DM)si+4iz?bnY4U`UJ|ts;wNJPrH;0T&oRQgFhdPUN=NC{uOYZA_}5Dh_W9A zmPZh-g?Nkh&9k&sXG%vuKk2B^)8QsE2*zNlowf#-2SLARDLDb04XQzTy z0&98jEQeddlC%MP9L_ja=(?Z^pQzVKIXE5{C!nr~Spq7`>s^sqEXq+AB>Ud?e@{ zCcR2SL#u@1F2xwmc`L>8xT4I>&0~X;Z66&1?cF{P>f83i;kS4*H5Lk}!xKq0>1K8!+Y@#2I8 z;WJ0CaW%Yp{^;mkWpgXj8O|ewp>ox+fLnU!BNy>f3Cs`fq24VzA8gV&a|w=F3D$A= zk#o8EX49`S2Mkx``43Bp7Q%T!4314&0!>M5P|%7!zoVD8ZwF(d@8Gjl+T1-zAv^(! z1pO9%u;0^Zpsx-UI-cu!s<(*Fcapa-Zc;?{8kQO?1Q*Y2un^vKKQWe?zofugG*(2w zDZn_5iXFCWD}LuX+Ipg1kkNIVy`%jS*THqL>b^L0K&s0f1DX_FVx>H%?h)f=6MlEX zaJ^yYt+*vI$Tm-fv?fZ=(3Ds|GC+&4MACUj%3Pzf0&P+ibc+d3%z0{+LFc@Z{(aEp zMVZ9s0(tK|Jc;zJz?RTk{Po(6$g_d+#ZUGe4yG&jwnwW<1$T-)1rdZaU|D@tO8u})JD)M@I9U{m-2)o(dM`! zs_)?g7XJDNEY}0?fIXdYtVRpy)0W+jPfwQq>$&BL3ji5e3)TNHb@|7K2;{r}*dhU+ zn13v#Kq4^^GI0id#IG9NEsE;8S&;d zSr$Ay3m+R!J3$!xY#yr+v^2WkM9q2IFUV~no+2&t_E0P7yzJ_Od-$6LbT0lcD7*Oo zu#I|*TJ#}O&Lj3uwuFz`x8AX9nD-!7$Xy_nkkz-gBm7ca!VvU^yk*!PsVgb?+#*ea zI@@A<%Lt2odDi*|2EF;u^kp({aVOw^av|FJA>EgUu56#ctROU+gLYZgB2r%? znSB)RDWf-&WyEa0dW6?*1h#QvP1iHaFtB~M2U8nAPlhk{C zRzGd|dwI0lEQZsqAJwOvtKSnl!S}CyC(Rt_Ib#l{H%EP(ogDtJbJ<4cZxlrSm1oYL zmDB&cPI1tyh=z zE0^6c$v-t!6_t1Gyw}JWSGmU7nT7_?6zDNY#euC<$Nn=&rZ&o)q=G zC>;b4fNIN5Axq1J`%+S-z*s(V?HGxFL{lm(4^{&WMHg4#94uR2UJm}}+As(<9&mDT z4S*`{YS`8d(8~tMB!DI$KK>>REww!9fd(>|nVDH&2S63nSd)LSkllEeP_ZFsOEmH} zjP2?vmKS1_7c)V016v()v$V406cPgUvTU3X$YT|1>V3*%A#rU{S($>^<|eSQ&R$tD zvMid)J32ZIG8<9|61m27&0Rr0@Bup)my2xMw{LezSu8T?-s5^h(o?xsZD!u62z4ll zo}KULY1c6@c*9>=!3G8AwEA@MC%;;j7@6RWBq4hb**4IK_nIu}s--26?}QvKt{Q~R-o#{iun zeMN`#l^+$BNuYaEOmgx!g=71ryjF09pwb8m1{rAg4YSZ^9?<}IxhoYFt`_>Snp#>c z6UX$LGz9z`{096U{N`2x=*s>aw7=r*tQZpH;~OwOex}-)Ftd+botgmw0a@tNCkFzj zV+*ChkcJ@r)NkTMH_=msYz_2M|B_W3PYfh|Pg?Ht)GxBV|6MDF2^M7ut(ZIfS^*d} z?PD55QK?pA5Vbl$uS&~GSE6qgH*&E67BeEK*{57dx^gly3Yn@|DU@+jj^#PV2RZ`E z`l))T;`IBPO}$;p3n}C%S@^+CC6-qKXEA~?sE+*SSlwq+v2~{Z6gk@5fb6R|b$@~| zT$Zvd{K!>`+Rt!=qvnpDZ{sfAPfAQIf}abhPdQ`Y(tP*$bkaki6-W2(ce)mP-Q1Lm zh%&A3v*xt9(`O&|u~%W}O8z63e`=OA-DahlxO$~74y>FVm;OQ8PB}+!e+4`UM|1*- z2e}CQIZC#6rCTQ8oUmgUkCyauO;)^1YZ{R^AMTP-S9fnt0&}-0{M*ia~AXDg% zAwF6&ur(aT`Nms1*}-|Lt7Yex(AtCKS8j6;((T!vER?raPU|Zt@Og%TC8T(XIm5@7$1iKo4LDDXpKs{F!`rZ4afTj*`vz5b_9!YrNd5#O80+oP^bSlyMgzeiBn_` z*m!wOu^@2;72$U#V(94*Q*vVi$6A+VLw)K@HLvwvl3`LE))@ zd(h?n#-ytf+v#l{ZDk zJoaY}GX>nbr#X6IlMQtSDCOZ)-?fYz`T5lagFl>0ht_>bxUKZp$JZ`B3Z>yBju`KW z-+~@A&xFIae|1FDnhpa1kqv6J6DTz7^eIVQ-D-C zn?A)>KlaU)QLVTzw0bc9@PomyZBeb>@?Ilp*wcSa(?yceXE*sDKEwjpcDXOZ|E#Z8 zBePX+B&+-Kkj6y42cJnVFv&;~HeHBd%mv|&9B_4|45X>#Eqpj zK?RCc6VgQNbK+yUE}iK%3|h}yzSAx?j>{QT713yK@4hpUtq7J?*xI-$8}vfh%^R^o zydZ#J^xvkkT>gs_pcI9=_{`GggbXQKJcy~biua;Hp_HLRy%1OR#5QJ{Em6c4#R_uA zTVEPs@$>^HckvuN_`drk7Q4FP<@U4e zj8Xp5hL_;(k*oWc4PxYMQUQL9!Ld&BIN!dOa+B)PEiRHXLfZV%$FL-!c2qXX-q7~P zsY8s<>j{v8@8I_;V^Yga%1ug1PO*)_EBT-hNdYNj_ajego;R9xmCq&+)EnH~B#e(6 zbrUu~>)qh1tJMoXW#-_1TdSVH`cV_)$M?v%ICw^i^ecDvrV2rmu1v7T=Q~cB&R zmdCudj^oi5uz7~a&dIr%uaV#!_kI|ZAl-!~3M|CYH{MI0+6iwE=Qb)+0F99|x3{l= z-A@z9s0Ye24)gUZt!OZ&_z2))b-R7f_ouM={2qL`BD)eXOGVUGR_=1xYZpA30{w4q zU6)QdI>3rg2oPjI3-`P)mbS!vHFLRfle+1X#%hZQ4Rg1I7-Yx}+7VgVs zc^pE|xB%Sm(D#`VB&&+oPluF%vG&^wIoXyEOVhl*I4AyDJTnK!ua6}GDSzQ-U!cWh zZq8g1uv%(KTJHlJb7zV#cpBS3@t(lAToqCup4iddJ^V$=zZZT5Q?)YDpXn?7{oA*^ z+S;eEB|4o{hMx6$k^@GAsE(SH*yDr*{W%j-^E~g&o&g=b@TeN)_=o-n%3;mx87}K} zJ1Ae--8ilTmC#U?g4K71wR)tN;SunSC#&A=DAaOqHQtN4EW_355{}=&Tu*Txv6=Ac z+@bd+)aju1Fs4dwJ$aX_-3=F)TM4@!YvcLA(?cGtE0=w3gh6Ua@B7OVv^`<>q(E*D zCfA8B|A-RAC#elL8DqIf}K-#zr46^!{hlw_u-!ARASj?>bB+W$%(9bN?1c7%4 zIL!tz)PRg5Es{Go; zRSsv3Q{1MB&`k-%@6-)SQLRAE3ea@X*sDE8wQQiy^_~QN*4*Gv>)*vs4}v8LzqySO z6FP4rA}|bEQ~e+xVMf`GHh8}SZ2@>d5g;x$sbu)QqvT+R<<`#Eu2Q#!RpETF*|Wl0 z!x`&|gy65bdgS8F{I_q*9Igql7TIGS0i@{|$H-@=QM*jJ=ZXLMx)nH^>yhJ-{5?+HV^iOoxgG{)Vs57(}TIDpK;!%$VV#G!sp)tXqq*$Ugt3a$dP5Zsa; zQ2w8%piggQsx!qH`)0dN7S}|SI??<9|{UVfju8w76lxV+0 zRUJxda+`|oTqVXem`su3LFC5h{HJ+)gn>8Tdy5r1FeEJZs;##6A;87JTL>*LfAInj z?M@VF1@#;74cKeuJ;gty8UC}$DHwR9lYvBP1tmP?qo=Pwip(P2m!7FNEPKI3Xib)p zh-g*Zl%U+$$#;ws1KnEnKzUFRE9fu3oPUoQbm!*guybttAmQFkr&O|I{?&ZSA?yc*3smgt7yq-$hG#{zfeo>HBAiFNZ z8ffrmF$&hR8$|oQWcTRZ%bt9jjwMjH5R;N}2TG#JhBN%p99Xfr*%?lXGB_?iGoom7 z$A51WJ8FXOO)MMQR_lz-qT;y_NphBA2mLXci6-1o_-I9tsuX_KWg+Mg?J&x5EwR|B zP7#F1F(~)nG8f?Bo>QniD5&-ny+~tuP2Zj3&ZXO@{**tZ2%JDBB^3h4BPFEI_F~Cx zUy71li8B{=^@st$aeT>zbRaChz%UDB*c)FnMRY;|pz2ZeDp);1%iA-cFK!xUn!H0v zfmF-ESRkHji|Og{@PQO6VWJTR9)-Hxpo8CfS=G|sKCP)(CO2O3?K{%0gCI5ch|8O=)SN>-Avn9qg=T0wTb+d(54*KGow#7(i$4?{`+{`PX88PjG@H zbMxr=>>AHAxr>)>#bbEbBmb?z_x~R?_!F^QoikWrjmmGa78gp|V-lNU9?97nREX!0 zC&F&zwT)H7df;^+p2*)gtoK+gV9UvqJ-!nqBbWO*C@6!6q8x~w*?Ukno^ zn)wT@cG6>tB1k)uw7K>mYz$nqY4n`bXGoZdqdN9^8)YMM?y?|0)QS>m95$u*w;+GVOz0(VZb``pFG1V3T=~pj zV6n9|LQ9e}6+bll(^po5z;$CtT|4f3inHe@RLZ)$gMkjX5cW`g3bB`M_fVbyaaBVbKP-prDpb*W@m4Ql$e@2fv_sDrJz0%40g!-#SR2lCkJD) z4MWnXkpYyj!t?k3^Pi4Thj|O#Y%!kbDx<?Fd>Cv1w=&jGH^fRxQiEh&7S zgd52ouJ!QW{z}=jAh)|bEVnvVP2qb8C|*Ss74|(fmE%EWEP_UzW%TV*036XH?)bf^ zCc@^Ou;v9JMwj1C3sSRF-A5)hQ+!P=)i`R>MD2^$5#mQ)yB>Li5r8Dyxt)6Yt!7N^ zJdFCV05}RDs29TCRL#ljpp8_vWS^W7fG~u~)sz?~KftZ)5QqNw6NVGa&CG@>pVWN7 zfNkQZU9ahH>##Ay1}|8cEk+nrf%km8Nk5y%}NL9{R}B0;m-q!FKmVMIcu$qx4yclB}XXhuE-C! zB)&Ye1|MLR@m*UwWWE7|EgdwuS(xes5cc(o4e$}HFlk}{;JEeMaChENx}tKyn?+7e zUSRL|`AcHykls`mehzFQ)k>Q9t1K$u*$(4_H$OeUu=vAVUi45Yj;j!bO48zmzdT-E z&meA!c>R7Rt1v{}A5DB@p=^-?>^C~^bXLqBF6GN<4Ojk^M{O{e+~*?$p$K>al3(3E zqe1D%suKH;tPk_8Q%i-&e3layQdS35#mdKVul8={fpsvJmDF_}P>>4Qg{xN93yVz` zm`YS?aAC|=ho^z%cwvUz-a9A9f*Wh=2f)L0_{U}5L6gHP7(inb+7;gAoi!Q_@I?rB9Rk^}=^{<1E26<JjX!n;+a9v|)t#Q9b|iNy(( zR)G9a1#g800GI?eaX(*O9ePfb)b<>AH|3Uk(KZTH46!_hxAOzkI(ILFs4UI=$?}U! z5pdAqD{%)OA-WV@2|87JFHe<50LCvSH8sOAw|6MXv9S;!;?Mz7D-|Jo1HB*3&*kdPF?9wtJoYuZ1OC4W=uSqg^?IY=-2OfH z_G~?NkhpKr9_cSl(*ZV-R9aS$^2Tp%l&Ev)vFZlGb!^hK`gOsb9d^-~uKuxl_oN$y{kW3a&3Z*! z;=+$iw~1;!-GhUs!z=yqTfM^|57z;^Q;t6&hV%m>@*c50We{AgPJWO5eEj6deu35t z=_6MqEMDgzwi1{EEGnA*Y}#6%O)`zTdx_qA_E$Y&jB~i$Jea;3G+H4JfL6DdE|A`V z^ngU>fw3E|eBw#LEUA6C(ij)2}NZ(bfw4|x0L1h$#^ z7NS75^JU+>6*gZ40%w39Px#G1-iC#7drp!p8@~@@j$7enWn5U%TYvItpM;6bMh25| zaL`E87QjvCIp|Mv?Jxj01^WDYKd9#XC5G12N5#}{qgqvLm30Sn!?QQ68ENTGs`eWt zZ`_y{1Dz6)tkrg-vJnyo(yZu4L!O(yso=*X3;p6e&;NYD#mw+NS2eYPYT@yMEgyZ|cOb*2J9&nsk$yP|jk|D*TA z|3|*(G6jo0Ek|teFAo)LP@<)6t#jDPDf+qSH`5e`i{J=huT|vr_6k-k<}F)ijbora zwn-G#F|@5od-!F?>QeEnXuu}~Alc-TX#tP=WG}(gHv&nxl{9&nrprXz?DlYkr9ZGHJ_Ud36$;o z$wqlg8`1gCgN`0(4sIfHWFRVPmA z-Sh12-C*|va+`nu2>ctU6Eu-YPwF|PwZV(|C0(cR#-@)s0Nx5$lE)Q1kM#)Zp)1Ko zmeva$xG)Wng0W06p70vi002NDhsw&-VKBOm&fW;OxZ|s{oSj?X4YX#x)oGZiWCi9dJR>0+}MC(>0)2vtf5p(OWtgZqE?oO|Z}zwbNqopa|h!)zxz zByU;oTF?5m=c+1o*uD9zm8VJHnbW>$Sc|57TfElp@6d+9pYao_dH1(PYkG22LU=Qj6D0&x7t%=vn(zhI}{LNXn`&} zmVA<%J{TG9AJL2ip4QdEwiubAgo63fjbT>OU5fhj#B^7a_Sjp7+|EA&i5U6?KlYq) zo=g0*gufbjA>LWQx!kzm6(uo|^kw4+7>@nvB?UMB|0~q~|7@(h`VR{bD)Q}>BYDaf zLq_{h;LCG*Z|PK-uo9W^aBsSezW)Z9cR7g_$h@m4cJ)X?Q7lU{?Y44c;$UC?qpIY~ zYC~kRbjx}YC+7Z%$$O$@-HQ5?*;0+zI7K0&L_9VU z9hK2jQY#3J8(rI_=r?{k_Uv?{%hu_H-F*_ja9fzC5w`HlqoW&l?Ar5JYjshh6sv1d z(Ga?8_z5-Xjt|aWq<{Y913^GT^02yQAT%UaFl%vd zT%>ulQM!Uw!mE@Jj6xu!TjO;NKNk-iIX)>o-Dz&QVYR$}M4dX!bc@ZAy8kBVp2|g0 z<<}zh`_@_~X%BauxykY4BD+>@S7COm>1OeRxy2U~ufD+ZjBJ=QGzCLwj{_blpcMex zDVHn;oegF*!ss8qy#Mh1{NE)g`ClA$e|&j?h%YZ4W8YNF8xiT01k%+MRLmKr^EV5= zoXOd%)4`u(lbrC@a^qIAJ%k;yUAd21(@x1-nU-(zFM_H?R+Dbb!%4B)J?UIL7b(AW zeS5AAzkP&uO>xf0Dj}EZKd$mNLEHKG9|$UO(63SNs)339g4|H2T@$5d9KZj%7z$<3 zwR6o?YFpumA6<~da6f&&1x4d}B*Ad*>_{LdU$tvu3l#7PeP^!5ho&FVdL~a-XfS+C zh8fJqAkKeJa?g$r5AsBgQWBwv32?!T=$sPa=&u{u)BdqwQ~wc6)_K&r+l~_(XY*MY zrbj7j$$PCX$9H$_%rPi|2P3oRrN_YQT5pSuu^#eHfcC7vsJl2HPlm_qd*@AC^pkHL z9vP{uhp!l>ip=0Q#?R&NjQMZQo6WF+kj=0|28?;V0(yr*8ri?r+NgHYBgwLd?PcCc z&p(x(rRHmze3|9IL`3vIjCud9`lJ7~;qqS@)F$Q0@*sDBXy-@^%F^yUdn06~GtY1} z$`=fF9FlKFG>0Ef>f1)97b;y>Q;n?Ckrip)AoxZ9f`ZTWoAHTe7;g_Tk)uru{pkjE z@GPT6L(C&;9|!bUd=`1FtIE`~S84K!ZP`M@#vjVZpK9`di0&*ev3rYgC9+1U6x;QM`KPBay-w!sixg5#TqtPPD_U`oC0}6T z!}SjS=psXInVUH_*$F*k8*iQ{n5XE0kTu)cY^Pe_6^r;%gA%X7dTI8sKMVf$NAP_1 z=N=jJ8cqGb16cpP#$}JDOv}1%$0eFdUx{O|E1kz=xGy`XiL55U3PURo5Z@^;NrrH={VIhZbQ2?;R+giJ-Xr4_n{>Kr|AS;(O5CgEkNJTz>L#GE`? zHqe!K>eQ)Lz+qz7<(N4&M=34RA_j;-0+bG!A~bK?(iVQU@TvX`Rx_M-5KT%pM?*q) z{@#f4_MOL7r?07M_dZ^Y@cGSc>(*$qcS49hc8WlZc(^myp1pFemx;AX@5YVv49BXh zx|7nxi`vd#pI4JUGhxRY1#?x6t~SB8?uiFabvlz^SxYe_Ha`1sK);uAhK z&GVvjj3IH4Pv!>&6;Y&YtaGvTc4SzxRPSzf1~i0I`PPyae@hj4p~nu^xF1XJa(V!NKq2m$>JkJ&h!1VG&@ z4r44hzoDwit|adgmA;#$&JlXqYkfU3Yk6`&jIul9;NnJr@Jo53yC?`m-vY|Lp;2i^ zL@aHl%R~`08fnuG4L>?7jqoay&D6WEoLx%LP2D-%b%!7r76cr%Ju*(;H-TGaW{Ori zE}W8Lp%exX93V_LN{a<137}bC9QZaH5gD0i*^J2qO||6mkDuI$xjd|g4gp*%gQh%> zXl(qZ70fw+7%QN^Zd&_fh7!UzfqW$Bpinp9$*hOCpofjr_{YT6EP#p2yY%wLY82Bc z4{9P%W@Ta(ix1s%4U(o8{9g00T3BYD648#tXB||8j!a1k0=f2mhIslUb}S5Zb6&T8 ze59)HIju}QGAZ}4K0Dja_~Hz|6|FlOs~!BFpxZlW)lt=H_BzgWi9n+!0lj|(S2~RI zCbeLS!jjJs;Fi$2;4HPZR7*Zen+^sC6!An`qv?eY?I? zy3C`apyiqtpj$l32t@+)ZwaV5qR`}#*RSv#B?E`|z0iYilXt9Mc)%IE{8-Gs_vTND zK+f}5#D`pSR+fmy7Df^If+NYiHfX^Mh9r~j`by1DyI zBElYSw)b1uEhN3(*}6w7Ohu*8eQm(dty#CxDF1`rhSvW&7YLKnw?Q`X{`{c~vu*m5 zw4!^@sLN)FJQ@D9s$R1n3_bazy0s^UFsfY!GrMTxrJy1jjWRhfPkpT+X#zBhwu3|N zpwFZNde}CN4nWe9>zR+UWyy90}u-VhnGSZ=n zbOyo!eImlc(?NLM>k-e5NGTi_sI6hVO)*P;>-KTT+#L%_8P@Ldr4=K&&tJpC%{hEp zop!T*H-)rMjJW@Uv2T>CVd3$n2?DugCR`P(Wm}o2Oo!3EV$&iy{xe5d?HAP0!8X0u znwR=adqk{G73&J{E>5NNm&yo`qe>gsEpjm|T#4%Vn`z&>?cK@4^c}^qcQAst_q{h$ ztamw3X@Uha(YnYs^e`dbU$^6ny!1sP_xjM?x(jvoecepLRhe^Sb*ER-luj4K*fsC9 zg|>1SR5D@7i;FKpj?LHC&~g?Ofw3;y}mr7yKfmkSQ zKdl^TL40^FNz{4dC+fE%MQM?2s+4`n=PcgI$hvVPX$gWxqoMGnDC2!H1?Ar_|iMgSUjII< zouQqk9ahnBdct|t7-dTbWA3j!1(XPye%qH(x-m}_0fh4M`SsWC!>uh&*v8480>%3J zPx%lA#Fif)7k9f%m35+{L_Y-^VZ2_JNw6#4!Pav_OY0rT+yedzbs=okn=KYptqGVh zwWx;WV(a2;)~x?B#G}p8>y2KL2(d`YLK|jm+LZK!MZM3{(oJ zdQKcC^%Xi8k4`pY#CG=xpFVxACsu`5EQ1nm9-KCROE*$?)SG5f)Z6pw*|RprL#8J7 zmDM!n3ah4W`!0{Xoei{=l6_v}T&g_%{;-9#9&3-(Aq}-m=GyHpLHDM}sC5e()x1Q@ zS0epSK?f)3;nQXs6cInmP8uV5p=^Hr1*~K@jIqpy(Rb>4dc_6Cpq+{LrxragXlm+@ zG)P<7F;FIu7`>`Jgq%ZyY*4@&pBAbneAE-bY}1{$S98CFSqMht+4t$!>Al5pnsH&K zxk@dJs@NPl3)hpr3eq+;M3xdG+(~K2&i9s}v&e&7 z&<&!yvtQnFq~D~jpwzXxof$SqdEF3_@z|@CNeok6*98k2@j4oqyzdX+0(_!^3b4fZ{-0|7>;~P(@ z=wFcIaIsv|QV}a@ze{~Kt9*od`Al17R)Mq?P8hR3 z9J8~foU}9t{LfBPMGv_vuOEl3zj#5~OH?!_%?yZ`GcG`xnF4g3u9u&eS3m%lPx98O z_wlb}=63n65eW{i^e64dQ#eEB41|+wiip~=Ye2CjFYi&@z>*&vDYikIqRTE#+u!v(#YK_x@I=xO8 zy1|4v;7MLDTbNmu!=bw}QxIkgp>8Qm=^r1|Ft^e*wT+F9-I{eV=}=Df>fT5Pp`jjh z;Xw&?vIKH^h2Xe+UzzwcluS@S&EZ;WkOW3>78uHkpi(ge=b7K?dT$YVDYTw zp`TF2Wvcec7_>PhI3)oS$Z6}=enl%dZA8zWdxsjhr)Sf{_Scj2&rg5W zxVAps61xsM-paK`_E8+PM(ZB%7%)7Ou&cY!MqBzE@iwoxqeC(lbr;cD%B{L{*8%Z? z5E4OD!+nV+UAXCz!2~AZ!_!lJ#W{#ZJuTihv1G{8w3;d=%=7pnAzQ??WuQdiT^4eH z_pR&wkLwm>t`B^?gSss3G)&SD%yuR%ziyE{!S#s4zyBO&iCEt2U+oKKlF6e$3nCYo z)V56^uMzzD}(Bgfgt>J3Q^@!cz85=uU$g1~lG!Tvg-%pvvXztvG#f ziGiHSAd6{R_I41dFg$`B0K@Jmx0&&v8&`Q>*i!GeCTx4&`$^Gu(BwB-+ca9Mrp#Ip zY$Ap8v#=FI7)kBQnE47|{*j?5#itLu3J?VV$&e!11B5%(utEokxvk5G)H*)5nf`O; zS6z@Vx!fG>-ong4&JLgq7fiKZWF4shsIMR5V zbo;>eXxJ*)($<%rxr!qn!C)PN=*Q_lAOAb7Xa5=K=QnL?z~kP5(ZSj|Z!z{`&yqu0 zjkZ^Q&%6C~(1b~B@#*w;Z>c5cDb_uj2N>UbeD#}pdgD5gzcQ*-j_u?ot+92pFngkT zd{4-_U#{x;0;$!txE^CtW3%?g>HRwk9wEZ`E5fko{=YFS0{$r-`4$FJcr6ZKSjvAf zZ>F1#`%SM(Q_x^Gmdh+o%~;JQ{>`v_p%lD%K9yoKCZmflY+Se~a&?-&pdz-3MW9k7 zw4ty+UBz$%D{n2ls!cTuTyw2<_VtYE)Y0;Ewsl@i$J%FAq-Nho7#4nnVexUy`kOm> zr-4A>o@zAd=xo*-1&NeIfBEF-pBcu}&zN}a@wOY7)JN&IP}=uR{$)Nwvsfzzu&l0;gbQ9CHGEr;P z$ZqG`+cQ`VI~ZkApc1A3#kZ$`mgl7kXcw@;YKHc_xM>>WTaeu<{D=t%mi_rB?+c*h zmKe?(zkWfVw;ANm`BR4#F6e7^tgofDzv_3u+uicBwwAfOaf=v!|5uGM2^nDa)Pw56 zd0}1`>Wi?j_CMyZchB+cNr;q~kC$I4=U*Hqf(7Z_y!lQoS`6JWCI}mu#=k9e5s~}; zX`$1Sl})5l(k?@<46W#H8$=6m$LyKheWf2m7mvL_Ea4DL&Ce&U0YZ2cRaGq&mHd6b zhACWsEOZ|}$TL29(%8_TYci;pV^pnq^=cpJt`wnTj9~k~mUqkz+xMLO`jxk8&w1#d z0gX(qYu#y5@}RTb@AT}l^&6C*si>>ym{9dBEOWKh9iXi?sA+c{-gL9p5_S2FU2kE} zp)2l_-B0$=5oxy2fvc4wlXegV`Wj%<43tEXWu6+yuW69UI%e zmy7VtB6*6_tqa&aluBf8b(b7_dD+V2J zq}m7mu+pWT6zF>ZBFfMiI&YM45dICX!0YhJh8^z|XwWPSRGtR^jq?>LJq?C*KG3E; zch&#%jmpXyJnx6;VA#}Vem{?_Wn{au5 zdPZ3ca2Y#_XIT!Rw{|n7JHF*V`~c%Vy}@-eh#CMeuA}RMZj}bSHRPB*5rkY2<8h-Y~=Jf6CviAZvJjwbp=@R}Sp?SmNx) z%)szj2)F`)^wb`umicu$=M@i}m*gY&j}NB3zr-@qIj_twS6*#=_{pn^)M0Z^R*_VJ z<~=MfIUg~*E2V?0)o69*aU5D;hP{tEK7iXiu!`Ft;N;&UsI``C)bl`YnZ?HZ#;D(g zJbnENsIWCRLB=joNywtC#?J36p2qFzdEQ=y`SxwY$9A?RigsbswT@>0%^;t)k4m)+ zH20K>=JFD_bnFqk{wk$=!wkEu`lGhCE0XWS(>cuJ82UjTdrn!1|KZeX-Mk%4vE^n! zv?dyuq!|B6xnwxj|6c+9|HI?q-?*)D>_lb;r#cMkErhiRkjB^m;Zbz z-Q-b&iRJumg~t!ZHLs zb+*muV#R8!&dLTI6b|Ky6&o2*I3n+WYn&e-*vP3n6v~wG#Y*ZVDaa6*xF>6%4~R!ij@RN`Xw{zf;kk5h5`$Lv?Q9w1c^cuin#5;R z2j&2WXzPkXG2(KjK1)^163dsB)yI9N-Ab&dd)N^B#Elu}MG||*L zd*oWKL)tozRqr}nd{B+ot#)r}#x=D44sCf%4xpbwIv$;#rehg(xKo>46&H%K$7Ha)peCv36*Oa`}?F#9`p~tT$5+8d(V?slFoS;R8Uvoei>c8?t=q&@#}2j?uDU-;KS-@ zsa{JRZPGsl<>2WC<;ME)R5=z2rMq{9CI$v&XlqHQW!5v1Gc#%vvoKFalQ*q{7lOQ% z=uU9o;%RormDCkQ44BLf!yD0PYX=V;oS1av zQx1D|X~Jn*yU9`xMp4<^N)`z}D)pdNEz~r&n-gZiP4T# zcsTa1w^lK1#Y;>~L5uwh!=gVU@VYvMIqeH@=B-x`F+(ROlf9x>3M66OTl`jFMuHqC zeTn?p&es~9k68M(XZ>&(lp@Q;#Sdd^6px4&t~^>*89A=6aP>ZwPY3* z>08pC^BPsnHn1uB>Lst&W8mCg{Q}vng@Q5UAhJKJ;llM`v4rUFRuu| zGKKAe7>p+LU!8@GXtvYVsRp9<<Rxh`75Fwk!=~G;3e6AB;%> z2kbX-*3yS{!lW<=l zg)P=`iTKoQ;}T7mwMR-T)M){M4!FJl+tlO`DRjq?Gg1y~0k1teaYFpkVc}vFFtKmsl z%;^^KA!q%Ui8qbGvO4}wHFy3=NJd7E=vqS{%B5GsuxdoO8AB~lVD{Gm*;FJCL}p)u z&GOZklZOVKI;N}k z638pJH|l1Q#)nV1t*HXK8FGx=Nd~+4nK25kH1YjEhMB1y-86;5x9%PI=*W^jT*-z&nO!f z-g_2zWZ_Q4wC`Ls)>jI+BjvVo$I5I~;i}8ieMP$0uD$SDtZ!{CP{)HYGz;>tU_D6f z>aBbDa5Fd<{dpxO#V*N=ot8%Z(gdH!1DGInpmJoET0B;{GJj*hdBH6#84ww0z7Z%s zUTKs5H7NF2zOlE};`nluNf+$rvk%o(X2UvjTE;)C*xU-eG$n)b`C`rCwS0F4S|^_9 zK^By$&!0II_Feg$4Qu@7{EK+{8n2}1G_*T^GxOSj`{|Vz^34erHyDQw~6!}!qNoxd}{BcV@5(=Uc1|V z6VDotwIOdu{Gj)&frU2=o$mUd!JQfLvz4?^n4u$ijNN;#u2k<2&RXh4V@t1iPnVYS z5XnPnXzJP%x6Hi`kgm@st{(=}qmeXe@v!vTxD!;FN?~Ow9$n`Yxe^_S#=h8wmZ8i^ z#}B%Ih2E84*@cV%Q@WGx1Fz&f7hhA>o0s;sdhS;@>K=`+PU_;R%&Yu5Y$wrP+cO>p zHk1{nzvB=+9+lB!T>&J}C_AMDX@YsLV;TzITn{Ok^^3X^66!bHmwyIkdSK&FCh=`T z#&t)1AM@~uMqi|)B@o2zd$XanypnVGjf<3#{b)O^#;l3t+HX1ZG@&lu=S;)fUp|02 z;P2&F7?iE$`>*2ssTQ_5)6v&&=!~#C$T(6rzx1;N6Ad&j=_njJIa$Y5)u}pMJC6L< zvDyc_g{6Op+`Em->k4#1dZAPeb3)!E+WN5a_8lJbuut69CCX0hq3_V7yHG=mq61P} zKL4C=qUNlV`xL_pZ~eUU^4>&`SIIehjK4^Ph`LmYI#xpD7MWnvVYO9Syx=16P{XgJ z3((5Q%FKKdaF+Lmdeqgl1_yt?J(#WqhEscr9A(K04$vkRn& zCbKSR(3XIfa<#^m488f$chd?wdX^EYSxWH+Fy=%hq}Y)$=ZpAmW=uRlzw-9rkqf!) z{rA)btmCRwQ9`sm?IE}iru(hGAVla(pKEn-P8jg|h&rqZNKVv$s&dLdqnB$qEv3%# z=J?ImxkO{1x~$D6!pd*oqJ8V!2Aa#Y>zGlOs%^X2fHqYL>&`X8g5y7_TTCETMim+q zs>iPEb%1W1ERrqbk-1V1%*e!`5zZhwuG zh7VR}+J#C6a`N-f4=lz@k*4*z1h}~q)v+x7DWzt0WsD{dKHaviKh$Z$v8C`;(O;pg zlY%Pk^P>WVK9uK@MMm6OvLg=V(=3|7O$}*{qB#1b=26~y>7N8=f=AV0)g`3RaV(~&(U_@A%f`^7jTj)tblX&{rI#z2L)ciadvTabvr5NM(ph=A*y{%MU_8)u!TI&A$+s&gF5yt^rW2qaOTrlxXjn}6WPB* zFirYyS)Tj+9Bw1GVpp*RJjzD-1#XkmWMpPURgHmPlf+R?!mYYxE-dv?Cz-$d4!{s2R6JzuF{zc9Sn|Z(XUsG0% z6wI1qQRnjWP+kBkVuHr<}`8YB_uieNa_roY<5g3A?aNRxYkIO$})ioBeMm?m^Mn ztQ$qafgZqX2osQK2}gR!)cxh`+Jt~`1m4KAr?*LXwPg0*B26|xGe~I zbY;X_#a;SRqTI~#I&Hk+r$*L?4<8!QRya(OW>P$UjlzUl`nsdbgs`DLE_n zn|OA;T$!tj7cho4f+s81$`qv6V`kq^Vk`NrlQ!}l`vEv%uq|x)Sm_Et{zMPKB)fxz z?C6wbuC>88odQvN4X#?}knx3Uin}i9*w|$B=0keF-^x|t>XlT-OfvU2u5>2h3nh(9 zNOg^4cP~abbeM`JaM0KmIr_#1zD&75cgTF`(123?u5e{0vYI2&n?+bC;};jx`CMo6 zf^@YEGYPe?@Z{Hiovn#!SsJr(03vk-kl0D2k|Fdj#dwOCrvwyGoh6R5UKQRyJ;sit z*|xLDOd#&U$SFHx*9Kk5`KL97LshHkkTd~(THpIoJu@v^C{1L{aIlnuRYdS+cx(X2 z(1Klc=L9rL?jAWUgOoZ&CJ?$(dx;#LTeW1VwsQM960C{T74Um=l=O&2>W1(|nX=k8 zFP47)5@(l%#jmugNFFty_SLfQ2-PQA#ia%bU#eD5BqEk&s0pxH*ixjUGg2UNdM!V* z#md;%H+UVtwIyE3YbB#@bnYJgGwk~?i#6f4_!k!`$@@i}mrtA_??I07ek0(~33?`2 z{iJxWE0E@b?I0mLiN|v-L}D7JKA3F)5%nfJu+5E}fDWsNV5sT4tiL(@($n%Wl&qa4 zmKF(LzC@N0a*asKW-Rqu18H1bmzMWHn5@kDWQ<5xzC{y17LpVyMVCr7k$QZ{p)a(% z!qWx$ggCARoruXxhLI`KmD}ylg~S40<<;2|kH_Ba7my7w#0%&{OapiwB0@uF`dlrn1aB7J zfQ?lf;^C4`ibl3(Kk{$=v|x|$ntr6sNT*gmTwz_VB==)d5u-HLy&%C zA9Fv()53#G(eEh1_JAbk$6RcAiP`;)rBXeK%9C~Rr06&19WB@NgoMo%kL56B5^+*= zFqL7CFOvF}ZPQn~m31rQJ>cS`wXWJuRP>J+Suh@DL?Rv=TtAdG{uAHMUE{Nsf7iB3 z8qx=&5{)g?!B0W2h!2e4@~1YU|5_L26{-7=ZY}dd0QLyGp5m0}iIHcng+)9 zw1^pX<=%*H*Y9|;V?0-FBN>$8sU;LgkIg-c?VS#!Pp?9ZRbG2;Pw2BoU<9`R`Cx<* z*k3xz;8FYzpZQ&_{)xKL&H>H3Cm22JZd=B6r=ryN4=tlNKtk(p`~)L45!!qHm#0NJ zc0S21?a2dqX3lP9HTp$kc#PzEIpBA>RI2>RtcCgDKZUYwfBojo8zm3=lW<*ejd|OL z;A8u?Z^7azTsQ9CRetPECmhn%zRo(ZRyS>O+J<f%iSlE1?W~8agsQ{L*#X{nX=P-C1XhB~`+lofit> zO}xBC$QBO3e^&OUY6s-H|49AyYai=@gAiGu@9Alzd-G;?_y`Xq=!Fio-QWIW2nX2-<@QqY_$IYyX1**|#Awc2b4q3tUhT%^@IhTGPfR=f?hhPtQJ7`WON`J!sL3 zc$)sc@(jmcHQR0sn17o|dFH~?LgVzqhBeceVkW4FKioyC0QmXaj!3NFtZ+AYYi*g_nIdh(DYxbN4oUibx_n@PAQN{o zmiAXyp#Ud5{VxX0J>$~yMgj+)EBH<~eJAYy#{AMzO}}V>Wy)^fm5uKu%PUidy>e6G zZ6*!Qo15pis=4=Rd2%%E+?8gr)a;yTIC?rKdT6)58vd6t{ZH5Vx zx>?8F0bZ|%;$Y+F#e$0abrrkw<)n!B)BFkzm>gUE=bxMTI^B5!{+4{lf`7xE zP9uT1r}g)7Wd|b|D`jVP8KH`HXpneMT;E{7j@e#SrkWYd6Ku|OG0TCpWO_vV zTwC9*p`7R94dhFu*E@!HWZY(42RmZsJ&i54n7CXP`jPBOS)*tuUBG_<3*x3f7DNhj z4|O5H+;i|pEqiBC*$%LUHm7?1^A;FaoQ&@Jb1G;5&4m1aAe8h!!when1=vH~S%VD& zGIezYv`}hYK{^|g+kIx9P=IPjik}LTH4B^4H*q>Nma!;^O*e2R0vki)akg`G+&vM+eODr zp(KV`{>CV3oott{cdI#IERec4)FB|voxXw?XKiE}GLT^ffo6ild1JA>H~6=c9Q|<= zlF%b`nO0Y^F__?F#ck#}=??}2-2^8KCO9X=1V`};I3eQ-COE;f#P)=)5b^pa+{t>@ zYKQ*nf{hvdqMbd_I3NEJlY6aM?*=%UM(6%2L@zbxU#Z@8#^;=%Mm+{RaJzc8)Vr#k zSKk_2Z_MLcjSQiuoc0eIln|MtLrgjs*%cKrX#1GmQAB!T+0wEpu>^GB~u zBq43a6W2R(*Ei1f{z(Dw4`tfUNE*c9mnv;o9V5+;OjHU<{g9i-yI$gwLp_>lp#>Oh zmEq}QR@*8t)A1u}BftHa3Mc^1qej>2a*yka7kisN||AyYjQ%b6qLl?5%nJcL+tfAI7RP79xKOj;8VCL9~1{)C2 z=>Ak=1FKf%3wgf59|}Guay-MxM%<|1piAfur5Hi%om$tFBfoCvB3gkG0;z;Zd-Khz zq}bf(6TwoyEBjq4Q#~@s*didN&BDGx&%^{wvCo0(WrNkzZH!cV3Y2U>52&cxr@+dA zUk$0eidhK~b<8ak)8-d+s${xc`Grr3LrQslo6iU_E^4jTFy`cX5_=jA4`UaLw$Z|D^7PrbsPS%OE z045m;%PR~&yYHnbEQWSQ{HIQJ%Fqs2LtM7)fTWteVF{4s_=ro_d`wp+nDkXP-PXQw zOvqqlZJ|M)`1p0QNPt3_{@Ks}Mar_P7lb%^*ajU3hbkx=V5gTHK4K0*aZQtMd>=P` zPK5fMkr8PAW;)GpiqQO5k*on&-Yv5oG!qy5McO}8YE>9=DHBXKU!94V$&?SvO609S zM_T+J*2pHIPJjz=28jg@u=I>@r)Py?p2Kx8-F^gi(|~=34;BT5h3(tH{k{pLJqTdz zg+DV9Id~Pik-$C^KY@A+2RRu zn*p!Duwq8{Y5VU$yIfBCLO$wrNR|iY5==4(*$g66!be7wJQ&aN^GX;1Gc6`svX{OjQ0!h)<|#}2!o=cz*6+$ND08R_Y#vZr&Kcm0na3ty>x$HPw4lXYnB z`K-@}0|y@$NhE0g@@D=JM4!df^lWVIJvx%`{ui{__|8f{eq?g{pDma7L@z@-ojx?GcdOs z=fUX9C?D!PC?XO|*3Dzp>9{TUY}fMM8yz~m{HDA6iq{Cm-+WJR%Rp`z8@Q9H zMRc!Z2!{24@Jil-CWev_-ph!$yWw}k20xWrKC9eODYEg&8{xfltl8k(`LklEs9rPVAcz9zb23^i+a%>*8{<7l^y0?PKL$aJcsspF*kebUxaKQklYbDrKZv$yb%_If zYkK6F0oRYz)d^5$12uFlxx8m&eSXprJTMtN4eXO$jD&T8&(c?niyTf&mzH!UCWXfc zdYYv?^iL*DCVve|{>qe+pRYvT$M6msd&0N3Dy>oQH>Kytoz~CUE4;+JO?{WuH}QLq zKv5StPfEO?JKjjLXfNM|-Lmo}QuKm&<=uQo6k(uGDt~#AF*eR3VD0 zU0xNyZ6MH{$x-riaK`Z~W7dW>yv9TM+-Ux@t~o82&77A*BjoCb(p2JoPFYwm$_&1H z;@bJXeU4A%?i|jneD-v#Z|)*4dS>wu!@DC)jmQAlo9{5-CB0bxy2_;~e{sBqi~v;F z16NeEu3UMTTRyh4a-sWi0`WVxVkOn`Tgn% z-lENl*nAoO)bT!8Qg5QI!^eNqv0g|fhVOV9GPmEPqxin)$nz%Q?mU;k?v=8EZHstd z*2WvN92cdMGLUHLIpbyYh4o9d9GFGa*yz0#lR#iBpB&3{MFlU4e zZu){PBW2JxdE`LDaOnJea!OEa#xQ9>knfE8M4yI=vYY!~!h+$>F3DG!lBcF7O!1{b zovAr4M=wZA^Iq+>lA(EyvDpjX`6MV)T@{jl(r(w_x+9`Y1+gU)ruzZw^&L9X zzP>_g(>J}=IqQE75ByIO3VmL{xVq(%x6PORECMHzjB>~Ywj?&``S06($pb9>S$E!7 z0mU-lw5}^jjw#5THhluPdnK8w=rut+*IQ`g5`jMoNacVV0aPAAx1GvCV)Q7@oG_{q zuVZ3c1Sx4sJw`Eknqe!mXFTsD=WEeWm0qe*CPbNPie!fGHew?>Ir15`&LuyK`M5XP z&3$eLW8%iuofC0sVk%G{X|+q;IYS9QPbf?R`Asa+H_aAn-6d+jaxK>5lLddSWl7Lm z5yJQ~O-hcoI<*CYqAGjc{Z>3Pb1NnS638cX5LwLXP#~#IF`hV3VyYQ*P&fEhf0b`} zZuw6=--YR9wpHqIxaneD;So0J31tqCDNU3~P;G{yMuz7{{H;cFtHL|RJ;jSl>{?!z z)j7F@*9(eP@P&@T1NVXsup4==^2Ln&6^J6XYL+c25VM4npUvv~8+(Zp%0|K`uygm4 zE4NBMn0S+x;^~hctXtVmSZ8=@@@Jk|o2y$)SV($xv0~8vsQ0%}$)z_Z&=r;-HIn5v zUl?mfC;)3nG*nSiYHhb@BH_xp5Mm*0u?bsk)4!~ba1Y(z9iYsfsaW-cawP3AJrUh` zf}pwCEk49~;0m*pM>3BnR+I$^g0^&3SM9E_9DWcMS@#r7>@6@;P`&HA_Dl z`*yH-$0pP0V>vfWNGMoKdurAQ(PApYwJHK~xwD-HWxv?0GD~=3Jzt6XVsvio@flE- zdni}`Y*y+7^A_LLBGHju#ANN*g~(^Pvf%2qk?NCYT?efE{r8lLX|Mbkn3$F5CvQ1c z_MYAfe$OT_TviQtcIvrdb{d-^e9BW;K=M`3bbfr`O?*O7)ZNL=o8dMo8tYG$s9JzN z^sC)**$sE=ICAT_S>W(coz0vRzGQS75gi0e8I}x<4UH3mZA3)9ai(4U zylhz?ogC19zk6S$ju4bjaA7Y!4v%p=ETCs_>U3xvhpt57>zK<6UkNcq9K3vokNU`u zPEz0SSCWfG%`l>#TBCdNKOc(Us-ZU9Q|>_4iFO)dxj(Kz544cK>|hc%d*SqZi{1J& z6|fPJoO^8M21XI$Fw0QpU9(8oRz1Q2zoLU))i?ILThxLmD-#x21@!dF#*%_%7C5|t zz8v1Iuis~4o26Gai8FE?%qwt%-v~@E|2PFwF%kJn)q>RQaxi9_!|tQMDqLFh3=K19 zeHz0}Gb<0i)V}hN_90;OYRyEsV{#5Eo7={qJ>k(h0Sd5gY!-Fp8w!^y!Mb(Igo4o( zNSUpQG&y{tQn%*gK-fO3j+mXNQQ3S3`X^_$U3N9IMbc*WY4YHITnmZRC&Z;8e^W%hQ|m=wkxJ_& zY{vH&3aV~n?yatck}(+4m2=|#;-EB=K)b)hC(Z3Rx~|`(FmYSEYvtJkNq6UNyX-tC z*=hS+lhLWiLdpZ)l0Qu;`?A~)vQOISyzZ9#@xE- zC#{eA05o!b9KWp3e zo8?YW@r;g)@bmJP2Ix;!ARa5n3Q`OZuGY~o2K8wIWdrxc2LOVxbn(UpR!@Txxq{JkAES2y*HQ+AyP!iIaO?1KuFl) zr@;8-SK8V}L})jl8Mwq9R23n>Z~Oh}mlb4Z2Sf~#{i)pk>+5b+aj(VSEk_1m-bZ?D zfZ}Ag?f#d2Wkv11*Q_e#m3zGtM7*2^ddn&=amz}Y=lLf^XE*O=;!bIlQt_DR&-;-( z#Bf^T7I{)wChF2k!pdayliQClmw#4qedO_{YG3+Q^=wS03Kg{lZ5a8QP^yU_vkS!U zqg;{wjfGPo_65LtI`%Q=5FaLBlApj-vE98VVZD%dzDzzcs5MPXH%r zrj&y2Hn&`P6?|c>)mBbP86%Em?)w?gldxqi=?X1QN<+l5yTXM8d&u-lE9VUheOmNo5o)f)SGHvSbaL*r#&*HJw z7IJ_25`L=Kh*a)Z;=tiU?HHNpv+2HOi?3SpO0?}AISH%P8&*hMx}}yxW^YBp8iRF0 zF_NcK8%Ei)?EWHLBBc~L6EfTg6&^D1>MoEc1?SIO#b_odd3N4UV?qtKV)7eCgx z!aQTplPtGRB40#)-NyGE&0L!5F-ByHvp${Ugrd8{skUe=Y>l^Zxo59TSH-JKPapMN zp+xQeuwTA$RyzfiwN5bZNQriMZEJYEbN`80w^yz=KB{b|c(#uy|0HVPN+_)}K?Qnn z2D|nRv@Z;&Y~y;ZE+eo^SzG(DVA-7IIQe1!WR=U(t7+=6UPhNG-xIPQLjjTz#0D8b ze(Pk&2x_IppB9%nk=48Z?~I_!WGWG=UW}ztS6ySh2YDkNe(!OiwqHGDn$q5`rHm6ct>bXfNm+6z z`^h$RS621`PIC1jzekHnnQJModfXYwH$Vj71XGu;YR7mLeBzvdP=tw(dN1dmY|<33 z^!ffHb8p&ejwBx95>D}W{py0Dm+QUXhR=C<+g*}U{EGw9G=_Xnz$&@Vw@0`Ar=lKi z$G&~ZS-CE$uf6ZY#2aw?Z+q{2^*1F%BnG|3AkuZ@Tzf-WcV+O~O+W1kXQ*oa7vmb& zcR~H`@buLh--TVSq%-U{z6tc?+p9j16Hptt@Ay5{z9};0$AcKltX@{M_KGcr_U55t zEyl+R;E}v6M1rqx!j`3q{h)4CBB`tdCyDqm%uL^0pPUSonG4y<+@IA*fR5J(eCLUW zfaC^w9saFc3tm%^Sq~Csip&(>A3S52ouN%@MZ_PK-r_<=#qS#3uhCWEt`pZs$0UOm zKw_o6x?A$5w3qp*B%`u!^V}{FIz2LR0Y&MympnO6pi7-Cqex}10_ui zTXkU2jb*_(Rt#H)+c62Rdc=j%e(XPrrD zE|;84iF12#sTU~}tw}MQi+!KO16%jV@PidPb`b{!LzZM({r!j$?Tm+12M^nHZnyb# zQ3QFs)quo|w1S?X4_4A*0#AS~%IP18RIL|wvlYgl^!pvK)Ngh<*0h74_p0zKjvVeZ zz4*eT?&Gp$zvhE{34lBxt{ktio^We%(4t4ASj7+reu|+3M6^VlQXc5#K&|m8*vW5efO}Jv zN)4CW=P%cXq54`Vb?1>|1KDpy!pF1v97rUaELT<|!+|B9p^i1{QaR_rs$QxogZf2jlSihy+Z`+0ctGO=^Ybx3HrL`N| zBZ_F-iV7&B9%YaKkui!00%{sikXeL)%m@YuQ&4OXWd;c`fhfu(lgx%u1sO~r3SpjQ zCWIkj3?#hTcL=^@nwy?4iahdQ#`BqC zVVTFn`y!p&Sg5w>(l4kfl&PFu2e`>Q{uUJ&-?I9V^u zpXqK@jht1Rzww)bL-)R*H*?Hiv{qM+l_L89jQCzoG6Mnz^{-q_`9S<4lfe!MCS}auRVkD49|g2j)<7wNI(22 zFZ;>eZ`v;Hojvaxjxi!b``?}PKYX{`{|-={fsyO9is_d@ag=)!i#5}AUHf4%%$HDR zY!p}G{Q6+7N|vYS>GbD`#M#KI{*uC#z5aD*MAT=)0=H&*vr27+89VBbPMFumHjw*L$cF)T;QFEiWEoMi&j z?p?4Se7B)xcd1*Sbe_$jX`AyPQW&1?1qZ99LWyY499=Gzw_=`(%d)Zdv4@C?LK#W{p5Ds$IE75W{Tw85)Tll9>FNL%BMy}K+HW)^J4EV6^XDb0`n3p2?DH&+=0JU$EE-d_Vq@B zqnF~wf+l}D5dcM^#c$`_-uRc0gZogs8r45wW~^Fh`6`r?HEn4cMpu#i#Jg8lt&5( z@VbM_x6VvU1G^@7|C*DQCJq(BRp@4SclWz8?AMca?)&a0uBGmT4r2$A^9dmO%vDN8 z=IwU0Sw4t1dl9+0nP*YxUHZ2@&k~8mEESL)s#-Va2Jl>e8a(^;F3~HVt+{Jhv`lcj z{UIooc58|x>hEy4?HSX2Q?MaBT~g-E$W~uvptX4sTjRq}Z?O~KzMu4C*CY&n6Y2T= zXW_>`={-DjBwFBCuM-zu@m>C#zV5h*-;f5H@;`TesYA!6Vu_7 zQs4N)KT?U~FSp)SR0OWlIHqVbgrI*bZ@&C3gDINoS&+~99-g1ka%p|GnD#vr!Ik8# z%=6?zSP5H)Ng*8P%}?^1Rzag(HKOyir1tS4ZuOI`WrPH;an-~_)RE1oEu4XW#cfUg z!uKI9c;Vx&#nqa{sI^arwW4DXJfqDiJ?udQZ*fT1oa6vm(@2;-BkuFnt2R11bc@%W zM+*w(KLholW9Q5nG3a zu#1yILmM9TTRgjZ8AM88&Txrf?UBVCTU%?9jdC8|NBdL10K`PkQ{;KZ_4AuK9b$a% z6LWs#&Ya%9#TR;?f7{u3K`m@MW9W&LZSNmnZ0nC8oGVU0^0vN#LFBk^h4S1g(udr0R6m`@H9;iU2 zS|*cwYp>bNDvnAqPl&Wodub-=&`WQ3pAhDob+-ur?I`Y86V9D(d@crO&INJ zj^5kt_^A&?n(dpJbJa{zP&TfEt|Z=>&`#}m-Pb3_pq>gtkh4+o_<}^{K(8zmEH}Ka z0cz*M{5FVqWoi{Vv>43bf)Jw7d1U3}?2oI~05-WvCF08u?TPP|>zp4L&Vo>h0Ct%%g~ z@l^YE`h*jW2`$*icx#&%BG)Fu3&zJ$UX^4&(;oRt;dc^o)jm7!H}_Za|AE%XU-*|; z0N)H@8St8gdS5n4w2pkuaciA6_O!nm=1CNjwniQY_xNr%{^#cFKRMlh)!gQF=aW-H zMqQ-8=Lo{+Oj{9HI3{c}{?PeLj=>w2&QOh#$5yb!8Xys*xt+Fko}*v(ie@A>yd5&aZuIi=ryJH$B;T0W7A zK6(MDjk3?13n=cxX}L+^+%UhH6xdzkT}9fQ96axu zjA6`G&wBXyC9^uJUsCBGRmB5oJ2ueJc97u+&7Mssr9-p74c-n}JDQ%095EMn8T`{l z{0`3KP9na-tu%MlRm8}ZBvnM1a?dc^CeX3&R;=mH6JR8xNymR|=vB)Y+ZpgJW-h zMBV58UsCU1P3M0N?-+2+Q#R0{-{Rghh&ZM1T&kNVR2V%KXYOk4&js z_b7MWJk;vFs48R7kWZsH6Tc+@5x>f2e5yUK_{F&U?-wU( z`266rZs!m|QCY9YiTJYJf%3a-o2|4f)ZrIM>EuEjxmh_9;xTvU@e>I2g7?BljCev( z1HQaPP{ypqW)6)^s&s-Ls-w}h=~NS3t+I|rD^funA08B7)(dsk^i8utf12!h5Jn^Uw=Zd)lekiPkDvPga{7 z)HJm7KRlaOPe>uG=6(Xy+)Jf6a?*Z3c|T$^r#3ZkI}W+kF=;VKKz#lpnJdj>RSs2i zb)l+i&We<~3MQ|_!kYeEn|i&awYuGRV$0dl^&>iR^^FML`I=?sJhgf|Xwj3?Szdck zY-??l3=eA+5I;PI?c5c*NeVdvlX_MfZ!H`8p20(T5}W2WMFHr5xfjL zNvHy@W|b>eFUDPj69yd_J%7UtZZvLh_dD&~7*Y9GaQ1He$;~ zZ;t!b9uo^*I=qMtSz3JX({0K{U>~>~)`U5tqvDGUYm%^43q0l;?AN(k>e~|xZQP)t z@=scvo=h3>ED9d4?-CFvePQ$;`*1yCw5};^$o32RQl+tYD~D`Yo)u+}vK>Pu znx|Dc{Nm9{y0t3~UA1>7j<{Z!hzmQMmrbA+RUUJ-*35R$EPy~(MeuhEvog<#36J2@ z&b8&3RS%!Da6Gy?Mn8tqt#SPhokYLN{YJ7>T-L*SG}FbnWGNHu(qz)Vy6E>Pzm6Z_M&)?Ca5J#SonGl;wtCNT?k9`Pq#~O~Jq59KLs?binDEDc z;?nbA_9^CRi7FcbZa2p!x=u63mKUiZ@0cO>Ca?SbNhxur4Kb4=*i#2gBy@8uCDsuS z2~;jmQf~%n>N1720UZO~Vk>c*Tj-=n`d3mF_<%2T(u6Z7fq+3_<;?ezL7MgBr3~b# zi0m${_p9s3I%>x)*}$jO!naECVspLp$q=>Jj%mKAK?b?FTzy&cJg4`UO7yy>*P6_i zh=Nix-Fe)VklbtDUC90c#c-_JW#16DDWoGbChmh>q(@i4m~@a5!GGYzktHn~oP_<^ zhzK$#;Q;2|1ZoI7TRAjC>+y+sRyMLYftWld){-BHvF~!OZadwHjVY zQ#+~tD%Y8mg~-NtEls9v*s-b!)Q(v@v}Ik-6@uoV`{+#BJcie~Cw0|x<>1oCraAoR(7=*DqL(xa=HUsQ^hSr< z3|12uoMy0YBEc9L(4jffkD!yN)Z+G|ZZ~`8krSz9B3@dL*H_ki>$?VAxomiaP7fj0 zuZc*coY*o7QDPHGQ6rvrTDM*mrJOFX%|vjbE)a4%-Zm|}dnm&FoFY03e2hsZUn(wD zGF6>MCa=ZGqe^VYKV>p=6yaQ9N5?sPo%$2Skwf}>I!JH8>%mMVR{hFteo7~m{IOkx zt~NjWO3DR&+*4hJz}fyuo((Rkc*~M5X5LH@9B6ypg3aG!B}PfbC&=|Dt-h$KzNA^~ z_{A#a?9z9mJ7L2TB&@56oIhq|rq8UdsYp~ewRCS(;w9l~nEH}4tH0_4weozDkAvL8 zt=2fq;YROh>Mx=cRmJ)5piKT?uc|j;eH@ez`=6a`s(J>Mcf^bz$NSv_Wvk&rq6C{| zkNN!7Yiolt*awFldq2EF*n63DyR}1YzSmIfThF?ThiqeQ=gd9RF99=%MhR$x*ImzL zPj2MNfh846L_rEiRW#+|m?nN?v6R!&g#K9h01_e#Ssq6(TyNdk6Cpf)N%3;ULA(jC z-1PF`i>iQ6#!{eyzoaZr6YG`X<*n?XZhBQKwTlc7RWY6PIBxTTSC0`B3|{}_b6Iro z@jybCi>2dvGf3)r>GVBoI3D!pI023wq!gJ;hc)$F%Y4|_@MP3(^v~0tn{E+LdT$?5 zrS@r%XTA4I19|t7)KN<@;SX`DlH5q@w?_mvJCPCmal1W)kErxNeSiO^1H*1?#kU+O z+Ai~Wnya+Rv{R01uUPFh7f=*?esRn?S<63K zljy;X`ZUIP4C#;`z!`hmDkSUU(W>j_a|sv6zKb03wo!<*%4=JC3Az%RdBfBUs7Jp# z=YM#5(IK9Y^lR<%(;5Cr^Yea3$lUnt(bkArK0Z7qIsEB)>?E+Wl;5Mg|7>ON%OB@w zzkK_M)+rB+f25d|-tY3Z=Od5j#V!qlJvO1J9s#kgolPp2n!FoUiG|L)imB3~Q8|u? zET8<)>eYin=eWFPrkiM;j7PwRf;?)~Jte;g62wX+qBAL)ZR!hAlL9AceZPf$PKQ0I zGGmZOMixi#@N>eZsj89vL9SIIAzr6c9WFpvkgcvTR(W^UZt?2!j4Uq&kZbK!fxy|1kK*}t4^Y-rdN=c%a3WNs%KTLpn6O# z2X_JAcjxV!W6j3~w`MsPF^mhW?wC|wMtLnI3xsEeIw>-yX5aoab`0T9aZHwwdw6jy z<%{(p;d?Gsn9d7|(LDd7G*$5U*r~idrnTfJQy(a`CZ?BISysyGARS$Nomo-M@+)6| z_3J|}=C-F9Yw%evgq=hi@mu*=AFX%Qh10Zw?`tks-Yg}Jhy-gLy$KA&L8F{^<$(C4y^w;gd*z9ahJ?n;tK z#q1poyK#tg`d<-jzhOQziJU>xoRehvQJmxIt-LbQH}zuQrhdvPxW<(-!7t@DY1XUW zgWZjzl(+K!Dd>TL>!+m*h{ZQHbdlX8kB#$s6WK91NZi7Z!Br4vCSYbpr2xb3qne1x zpEJSsI;L{`Bk-Jd6*j%m5E8-oodj&H;1+Ryq5rnGy64hl{K>JNKEIcUY@eqxOqwjd zV0oajO4&i0^!#B#=y4ZYMWz6PebSriy(0USKH2P_sCiNf?k7hShTjx>%x)8L5!z-$} zQzcDkC9jz{iZOdS%k>S04Hd5PDnDYe2ALaWk&2mp9q03O=oOTHu7_Ov8X~lAlTN*e zWx*OZvJlry%6o)3?P_M&cts%RU+~7p|Kv%gdlXA7Wuo(Wk^mlU0C+@s=Ck25_?QSE zCag@hog5pN7ak&QjloZ)F*hfv^%tEOf3CKVn-dD{pRK=o)^Y!S^DiiV#390i?>yRk zjkoxGTU6xYPVUl*XwHD8CB$~Aua9H4qDU3@x|cg?^VsEnoP#Z)QNson=|kP z)a+?zbb{)8TZxU`?(IDzg|o4kEQB+j5FDAjBIAcxmN^ZGA#)mOV>5-^$8CNM?s3|+ zu3=d$ZLGIOAohBtJHeN0p68o4xtwXG{^&Rjn~{TImk_pyDd$ti)AOI^_La*{gy$$1 zhD9+|=~TY8QgYYq)(_Ripg!GwnHBBUc|ny3Wu>*{r-JjV3Dg zMQcON&#~arTLcBrU`E_FMy5b;`JaAb&dzq%u6uq7#6;k}UA__RAjV}W_x-_=``t&$ zI|FYLZX$gZ=4lu-AWAfD3ok?Y$hgmE?!(K=2MX&+`^&=MlNv`HRj34_e34F~f5gbN z;6Ce{vrL~0HYGwvY4vx_VvbX!F=14umhUt&f_bR?PH?TR_k;~rv0#6B^XYHuKJ&Nc zRNmNT@Ra@rAkGhLT5^>;4WMDvj%68HV`#a^$g=f0Y-5`S?zFxQdxLu4Gs$Of*@6$EI-g&DAZ-;<%k+{Q)*j1N&JOVztuqV~vV3Y6UmPeJfuFPklt|AGVM!g;ri_ zS33L8#FLVOA8!^rd2`=3J>fo&6C#+b+7 z7snzk_DblLE3YlBskio}o(zMw)Z89Tx=1=HDa0RFTp4^s_})TQ90O@vq2`V4dn^Ef zl3|Pz*?T2U(4ywIzWuCwK#l+O0OulhOGNnIzy)uD_t*pXZK)Y^#y%EK{`}}>tcGY< zle$;m+a_jS{WqM8o|4Fw>+uEtpA@Tr;u*R!VI$)2#wQ#HdqfPxk|Tk*y9CQ;C_jk;`gNsig#*WZDTh7ebGN5_nnC0(Z_op z#|k!|V6~Qr=;~If#vTu%@Gf=V2C|i}`@9;bZ$o>6kF~~R{|f9Ce^lBz)Mr0%s9$_F zwjeXQfCC>G`e%R--LG?DG1s!<$;mN$fDcUE!{dY+Gom&GhXd}?*BZQ7M=ouPcrmk> zg?*dD(+_U9zWchLwI~e4=}KJ_Q&w4NeK(4*Rij^QtO>ax!55ila*uY3@GfvnI{&2II;n`nhWBG5pdkfHQZs zgM;gP9-awlaD4|la$74#nGSnoB?s=%=hJ)h{C7azyABJr(gK%O{C7eNA@tnNrb)Z~ zWIle#)b-)@xzHdj{kVHxE9qEXGK|_pIY#h64QYG%pCAdtoaa z2HOEf_tA%deV`fy^rs=9kA%unA`sAr%H%f?u-Amjxcd;$&xFeH(GbwT4|4x<*mvx+KHFE$Nk|OJ)hr9taRb?u5ipC>e#I_w2D??Nsiqj0wT%H13WL?XtJfPLGSG`$} z?zMy(V}Bp6;3-9>o;1Yvej{xH&i8NruKDtry_2iYO6Ep9@sG+nrxAQRs;Y#AhK=fatY;%PRrC z5ujiG_?qiLFv;D-TFAH$i87FkLud}$ic79{)yY*U%lF6to|BHw=L9IQ;!Q;$SHHTgOWL&nVVz_#zbqqP ztW#fU4R|~lLn~l)Py$SF7?_pGLSM*e46X*2`;B2n6iGfjHS%#@wuKvUP*bsCZUbA0_@`^oc2NQRkxW% z4*P(S>A`7g`din&N5=dn3kS%4Ry{g%sEIz*T$zOGy+nNA70OB;Pg073Gyv8fsTrg( zSdp}&K#R~W;=PfaL0W(grvo^cYnQ>3l>A3EEjO%9=N`xK9MyLEM|JcDe&5GJ3!#2Z zpG3NZ5Be@FQz`+3Y{az#%b9u;qsxmjB+) zOxHXk@wA4S0%HRmeS;ijm#8ObofxVGL(RT&w@@5$JwG4Dk4L5854<0wRa1@mNljm7 z{m(+n9)Mxu1&9cCK&9Q=MDPbh8UN~H&?c|yfAeEm9Ngvk7;hd^*6m2Q@D=N7I`di5 zr<~?I9&NBvE`! z7pcRrn6gqpuPZJ_D7Rddtt=1r^*FAnH{nH62TvQl%WdAhZI5&&pcRUDa+~-3MTxp= zmS(6U>=~G*=B{i4M`i|8&mzx_WP*JoG*V3P;pU zzs5&2;0e3Yjv>NV`+&miD86k@%>@&cg1@q@WdP0?;3VA!8D5(W=%hh>#1f>&6&(Po zsB*xdGYat-|LiRgJ{I~q7jFQ{3u)K^1N{6rp2L0zNC{BXKlrx{Fokd&W@vSQr0!(! umYV6La3J%5#bi1GV>vjM{%<&ex5Vt*54?hR_pU)QPXF?CoqX-v5B~?EPM9eG literal 0 HcmV?d00001 diff --git a/_source/_assets/img/blog/jakartaee-auth0/auth0-create-role.png b/_source/_assets/img/blog/jakartaee-auth0/auth0-create-role.png new file mode 100644 index 0000000000000000000000000000000000000000..668a487e9862c2e11dab547b1bf40db4f8c741db GIT binary patch literal 147186 zcmeFYgoilVw4lo0p zJ@0$;cm9R*eP^zVO9$rR+0Wi<-Rr*ZwFrH!EPMAh^=%v+oV#+bq~74*;4R_c-1v3t zCisriIOHSv=ep|)IrUrM<#+3C2zXEBCavwJ=4j#OY2spzW9i^%Z_epz=3;K{;A-XQ zwtKBv0(^)Q`=OUE<|b~|jt-3K*7oK&TIO#Vd4(9|O&l1X@I2vT!!N?a!}wZ> z@uiyjz_Dft4h|!ZoYZr5uavD>&jgL-TEPWN$}>`to&nYGfsKM3s?5ja{HkVxk7Qyf z)uLEdm%gv_c2GtRT5WZFYV;(sCchp{Fof>;$>Wye2k~0S>YL*$|3p-~ySZPN(3pPI z)ZdfVI5uS)P%N00nVHE1*7@JpJL){G@wB`?X&#qqI|NDO&#w%C7|GoK)^Iq)Vn^*7t-);Wirv2X$X&dA2*XFM~ zHk>Md{aX0Su3>Ad&}yzhr^0GbO!uiHeUV;un9q^N?AB6SXp9-=qg?D*h4rvVlo(=w zZiMJ>#Qz+-zEA9Qz**gXxXx!|k4Z^MnSeC=Bfecjg-!!y2P?hMaIU5&7npd_%)-LL z|KsNq*?3FaOI_XF$SBd>sP5t#8PQ`xm^b{ zhs}`C7?m@RrIi)+YK?za=Raq3#HAW&Ho~lQ7^zz)n|FsHE63-7<%(A_4mrzb3!rVhYufC z&d~k)d@^z8G~P&o7I$$C22pbqCn+T(Bhz&jTcFuqvY6%Z%<|tS?HE5-lL#MueeT>h zY5844bSaR~w)TG>SU{t>nC6>JapOw9m(L$pRYOBV>sj2F!7L)Xzkef9? z^Ii$^LZ_mTNEI1b9UUFr>B|28@b}jUq21h#tRB-vdPPTq&WI&SOwYj{CLAX9{JBYN zm3?|Tg=I>Be2RC+)PKK3C=4z^7=>f{If?C63?H`gA_u+cdi1I6K-@TXy#N?!GzJevMFq+7ol0uKMQ9 zo8|3QZf(lT0L;1<;N+UgRjJ(l?*(O1AwW%E}k-z}&z`_SIid zK`!Bq&c}(l?RO=cxuzT|UJs%uy zM%r6X{E2oR%3Eza62!XhenAV)tfGRw59!qZ404eMhzL3;ukhKBUqjTqe&uOXei ziRSctXGbzJvc1*j86uVxFQ3R?UV2fdBMYmh3%r4dMwH~Mw~Buk@Ql$h_v>hdwXS=6 zcYLn61=#kPll12B`HP(#?OGcRcfIMHu&^)?kO$5?p4_3oGBc&%#d#Eleh;}Y7qPtH zq@~~n%>n+HvySJ&(^56=uN7@blD=J;b}kQ^d9>kPfiG(M;w@qZ3$P3sMK9} z?_P7>RtX^59EZUwh0~}p`ugY?BX!&9dCd4Oa&pyBu_miGHa51M8*)C+>#_u|6#0ij zTeq)V)<1_6#w@HG;e>Z5#!-Bv1YzR@-o3WApo(N2X z$Ky>yzx7cNEG-&Ikm}hw>FVNCW^R}Phmj$%>uN958QCFgZEdYPt&%9hd9hgy2}`~_ zoM!7y{_1_O0_P4mO0L+X;kO~hW$=5pHRzABn$B?taUej>rAx{z>rXqJ+yBZoLhsT= z_Hc8Wz9mCP4V2Dn+1w4YP9MK+c6p2Uj zD4W&{z{AP-IU)Q=674*7aP{xWB$ISb|MtWDUaN@n+nxjWohUKM=67A`i8Q)6YaUKR z7xJk@Dl|c!A8t?k7OVnv!5(e6=uU&EX0dLpOCd`dEp0G^hf~VawT~66D!;Tm1JT~# zslSv}nTL}*_d<&!0KkeSJ+*G=O$v?4X}g@;9|zT{YnMkG#Pj6=IvEktY82sf#MaEa zoSOx2i%2Yga~vNNLjpPPR&wqclm$TBVbOoIGs?`wR9v_J#S7W%iRhTeaK&*v{^8bu zOYg%`+<-uI{+8SA3;X+EKUX+(>Pa30c#_1d_gjzdG@{;p<%iTCq-oc>n0M7}ZEc;b z&O*ZV98Zw~tzJY#MY@#{4EpZY4g32GYoq0|y5e(w-S!{^;xz5w82X+UQHuL0cGaDu zrdj3!Hrs2K5cpLz9pNWzC&xdVcf#h+k2^YhdJ5fo)`uk^34K+kPZC zLz(U`AW(GnoQ2+K{UDs2Gio&r@_1S3h>s7+0BPoolH5tCSlJ${R1iD+(>N$0$!)%k zh4~}FIc3|K?=uJeXtgoglFO#O6El=-K^*5WJ?a;JA4q)^Ol|CZJE|TV|3gV`J5io< zo_!JGxQ7b$&4%K>Z43eNK8bUv;5$mb|A55UHLh?L&re|Gpk`07Ih?yG;j^aybd^2g zb0A@1#flLqoFHdagvZ>+&v~MRFrO<{X1^&VkL^M0FQ{`j z-)le5@=a6>C}&*FhnZ}>jV*@0$IzIYsh?d=N1cr#pkNp7fs&awCZ@5s)|{@W<2qZZ zrM2GYrFS-|0t*$K_o*IYM3gKtv)^4RGBh~dm6K|lsXfS_(X+6yxZ}NBDIZ^R<8R>R zs{l&ly}msD=F{+(fg;;@q1~BswxYzR*76*Bnkg=Y-Q4Jarw%hUQ;nFlV6E>*;!w(? zJ;1!~GVtaPt-89pB4%9s3I}P$eYc3NouML2(;=m^NhYnb9sL0=y&ma~fTm(u)sVNL z&w6Fe{(d+!J9~lrIUe$F_&wXk%D>MkpYGCh%WQt7ofeYfQh2x#vOv_v*LZ0qy+Vxqp)XK(Gr9yUpJjfJ4X&g|etpwt%Mc$tRgv6pmR@zR| z=jUm`g%7&Ay7EU@{@(L5hr(FEwGo(+q(k%eijegHp7kg+o#(N+(&dG}?UbgJl&->H z+}E#dDYXZg3aiSYJ++)j35N7Ci@q7}P!4u6`?L7RwxE(bplXp&QGoz-eKLDv_}t9` zEm$aI_R*AwLzINS zPj+MPQ1&!op#4DkDm}loZ5Bww?;6!^>t(ukm&nL9n)L0Z+8R;f+O`Ldd1cQG0Z&JK z3Fi(0a9l5MMoz&Et)2_up7TLBhMd?;F3x)HlKbxRGak>`_6se2zLupIR*(97$T*`c zpQ~eR#*6Lsy-(YnTTp$G;JkAhXQwJ{vH9_MbAM{ouXZXVq@kh8dNiAaxG*%kJIvM{ zlg}odMgxSRi|>-+o;(zuP3mLlaeh|@Gs_V94mot7WYQOYuG9BHR3rtlcrv*6_xX&q9(}G3 zTv}R^>ZkYpj^SouVOiGB&dzq;ZKluHWB~NudX(Q`s74p*_!vNP(o<#evHj)sBMpQ0 z_HOJ`>ejkwbR}sP>2|28h>^|pm{^_sPDw0BC$3 zC2nDiIpP+~F7!RB6hz`mV&uB&a2b3!njnj(gBdT;Y)8?`3*1bmy&L=*)SkX&N5frLM02Km?A@-AEntNF|bm z9>S_naDB;mbjcsmxKz%n&-s~u+RYL>^Ev&r_S)x%eMhw|BVN;Bn= z4*mHW1(^*EV&(?jalIsoj=n&&l7q5eRFUI-U@`dZd7$pLSzyXmA=@b7+Polrz@Kz1 z2?U%RpZD!r$%)@q4J#+R!uRywYB?QbS{FiTC#Y+x%}ulauvR^Isds#U+wsIY1w9+C zHYR@gtK0cBn?icNsd1RT9z5dUcR8eXDuTcZpMq1~w?`hXQzKMVM_%b?Sw+tI2KNFa zC&X+aI(XEEfq%5rEVyQ8ssLGM3yX?n*XjUFp<|*n9iC8%G~HS?YWwo=#wa}+ND4SJ zRDy^Ca_Nibap&*W)DygKfMo;{N-$ytIOTpziTozmcmz~%mKrMVVieoq2((h6VdJ-< zq~9^Qn$|triBG-db=^7j#vB-7-UlP^8-D%zrMrFK8Zc+)w#DE!qF{!yz0y;Ba5>+d4`kfQ~gHz%r$=Kc(0BS{CfSVFYd zGO(yYU9Ym6_Sm)~lEx^Tw_3E1A`kw%uP-W!Zi?l}{P9*PeCM&PMXvUchvfh$?@j){ zsu5bvC)N#TLkpC9i_=(=6($o&on7e<^iKr6curjX_5Xd>caD$1qvru^X@AU;o}js% z?$E>!V04%s{VkB-mCnIw&0eXoNpF0SKVVh=B?{3x-JWkn*M6R>jYZI&Iu{+krkJYk zhi*cAlp2mY@UbGaqU!V{X0URG?BB!j0qGxUa5>B%dw!OuMV7{6@95@GrLRTX7A+YU@Z=8H5*D&k%fk4W-Hh>#@7vGyXMwxk4a{0 z)O+oH(cSrn9!-hY_nSIIJa;JP#V=DTY#eKk97{orSJk+l^Y2f`apqCyab3ihK^%TW#| zW7kx-O&Kj1Z^Lq^7!}EIEhAq(dcU>OlX<-h>L6+9QR>}=K!T7QrR490di5Uml^uT# z(02v~8`Ch=Tp;andA5*fNzq zRm8n;jJ7+D49-7p$N>IzJoW-K6JRdI_Q3(*Kav6G-Rbsxq~6Pf#o>?Da@!H@3RN^q z-F?5K3Sf1GU5(}z7Bb+9Lfy)`p*n)?g95RCX3YYDw~;TF4R>>22Iy7-Nt{;n!Fbwr z{UJq8CG8HK=NyS+@nZHeqo?g}m8#TVC!Rz{EUa#|pJenTi|E z>b_=FZl4bKLMB&iOI((_5=7j6uw3^J1FuWHCu?Cy*vWo3RqUL`ZYe~P3@i6s9Ak17 zBOfZ5Kj*2uz&B&D@$vuJ zkbVi2sV-7E<>|vFbfd!X?Ev?!iTgKGz5H~Mk21j7JFjO`WEav%2AHOJ_n}NLJ_K1q z4Rm#>B`@0{9UvN%b$s`~IXa?hUlL02EFZhB_JtP|H*o>tIJ^TZ`N3Lzy4SBZ2DY#x zBbfHdNr2=NVmQ5=9#Z9J;eqhaE5@(*vQRI`*KF$FV_wBVy6x{CbTI^k<-vR(-q5(JZ?T`20lU> zB_Mu>yW@hOc#++u;g1Lc#?1%du?!EIWtNn%Zl6M&md#^t&goWI(NpL<8P53kH@}JE zUkWtg1z*mcEw~*f!F05AQ>(H80ftx+jZH!9A&$>^vFE6yM|(ixjpEJ-KKwhkDqv4M zpnhs~Z~XEwspgoa`IQbDgU=0LjyELrM<0WDIJ0Jf|5?mJSVGea^p&8hQ87){`kW?Fp+7YA3O*7%;30ui+wV zC|a_)k@qHnSi_^D>>{}-H1m@)VrTgt5(YtxWjhSAbkYMFn=_rW;fkaCQByr z&6t2~9F6C^yWUf~2`5~)6+UN zj%ThwpXF*KCni!s&RQYx$mR=gLFxI70$zdF7M8=#8@_ zkM)h#=N>vD+J5hWl#!0L3z_&cW2u^RQYu47dsEx~|ypGrDw9Gj%m|KXTuj+H}k= zw4IlboP(^!T8;crja|jU=w44bcZcZi-Ox}HmfS`IL&JKZvmeZe@6TD<08ptfdsiQh zPw$3JJ6!r^^W)N0K*UaWaX}Fr%I-$2xAeFB?h-~qC8_AJ3f^~mr8l|#8wnITtRgCW zJngyL7XQltSSJk^9n*UV1z1NgLsZC6Ss9x>SO>SVu=(p0*Rl0d^v*2t_P^HQy-sE& zd~&X^3d7$mk%Gb-vDPjJWj^L!=u7smTjuSfy{ooD)id%yx`g4y2kkSBh%%4 z4PMhWSzhyv3RVu*h!4LqSvfeuDs9JQfJY5F05ZVEz_vLCn~mnNLR1wt7gf8y1SqZ9 z(D&cG0f_GjPt0{mx!I$>kg=P!hmol^2b^1taR|D&x@OrYkAdsbCtUk4qT|OMf)D?Z zi+Z;Ivlsa@sy3D4Z!+Tewc`E1&fNbUow@%HwwkNF18x4!0{k~5|9{g&e|BEyfP?eH zpUipb9QV?Y9BO$LXoM$3ZE zab7dm4>iS1scCDIPEJk^{!neLa|jAyWo3=P>eftYg-nyyn}az@n^@BE)OzT9vEKCZ zwjFvVwaDn*gCc`^F3m!1tTkM?sfmO0PK5DudCjsBtT|we;EreoxQ(9 z9cD#jL60QMJbcA{_ECKZR;PBVrb|gl0VrOZ&efvxY%4b2s95LqJ)V)b1)eyqFj!T# zLT+bo@9gtb`<(-4B-W`93BfkZno1%1Y+Q!)gp&JS;BLPxpqA$5?M2m?rl`6Pblju9 z7e&=`;Vu15_lSrrQ@w5cHYc(?yr81;a&mGre%;%pKs#9he`m(&9C{x8^uA~}uTv*( zYbM}~)S%T6Oy~1D_3)=)YjMS{;+uTbLW=N#DKJ}!hz9Gm`mN?A9A&F(T7m1(HjA2J zNRK=fqZV|am8?74UmMKwHK?xaX5;3D=H8TKc=^eX(%jrUSsayq>HHGwxymE4%^CDd ziNcDU01FGy!j#<g1_IOrA;WC+8Cr zTrF!fR%D_Y3BfPmz)}rfXK1w$YJV;PShg=+2rm<>-Doq z^zhdRmK-JUBAJ+)Npa=jXrYD6ncvf8M7}I!E`S0|NasT$c2+}fb4~y*+wr$aKY-T98=#2^q z$+}6;wRXgRcr3aLPvW;_VnUSjro$V&53p{PAkw4(OG^L| zrK@+}q_!O|j_f&8zGAFKC$a>uur>-f+CARhtVzzN;j_@cLnXoif=TrF$J%WDs)wzp z#{>qwIdH#O)7K15drj`wmk+;AP)HS7DXH{1aZjrS6U%weH@-vXTk~b+;Z{T6<$xn3 z!o(!v_QzLU3k(uWQnK{}qq@9bjQ@D10P=RMd*Al&y^w zbrU3dT9%e?yLwgyT=_BrY`;hdw+;A>6?T)EQKC%0=5ujyCQ32zHZQ$1QI;Q6J{tZVFCU*SvWa&DCpt+hn?};j$A(VU``eK+h z66eW>6l2l_^RM_U`=(BI`IIGvfgy8w>A&niQj*P}?`_?1u!AOwE>)Z3EC$NA1DZ}r zM1;Flt&&~Y=yMbT%mj`{%1N}1zNiS`Rd0omdkROr-(s~LFPuENaI6Z9e?B*fN*zga zlSEsZ^GBv%ZY5C)_^DS|&$30i;X+0D%wqZpaOr9ww2i-g>wxvhPcO;N&R$%9jH@T! z!>;0;9ZWL+BpP$ zeQY1iYpIk4F{}cY0*K)2F{$Uww%YGcpApt)|iWe-kA z!T@<9a^Zf-48}O<89;8|5kr(1u>H_ajw29?A~w^0{qVEFv`Vh6-?{R_r27-*I0bH$;8aji?& zpQZ3S5x$p4uY1zOv0*{gFNQYN515n=MU|CL{oRGGo}L+w8PH(Z^4S=5zb0A^${ZGk zBY^NZ;zQOkTpAbf%*7=M*b~Pa`3!c{lNRaMKDjB0eo=(F{l~rXG63Di3&&jIt7l1E zR1nmkuGma;J_*4w5{!C}<44DzpY?ELy3&>=-q6M5EwGTJ+JFx$CHFf_Wc@!1#^x8@ zzRkkX_&f+EHDwXr?Rp*T%nV5R2FlBBxl&-hP>LRhV+$~lhW47M<#;|b9qa_kR;A_T z4`7ZJ0-HewB7oKGl%Smwg~fgUv%{$!eS8Y8Fzn-$nYXK|suFSP2|(#Vx->L+Xj}w< zE9sCdieZ_V+1MIVmLw1v$Eha;`Z<|$F^{Ha9i|Ss%|N3s1dEE{ArmM5b^{gGF<-m0 zH9&y_(^sZo^gva=K@95xY)@5%8a5t>%;@STS%dHMx~^=ofT(sBVMaQ5o=aaGM2d2%oqtu4e z9f{#3oMfP*wQkfG0?6Ig)`S^!R?R^T?3!6e)bz;_=&4Pd&`-UQmX=n$bdl*v;%5nq z=Z4DMrIG2597fsprz#`4 z3`AtJ*ghE-xHf@mpP%s5+eS*NCy~z)iR82FjgpC^vB&rfr!U?#le}aCt;->aPa}ut zrH$im0K~DMCMDyH1dfj^8q=^glW_s;o)G zecWJ`W-s34yWY{Sv2s>S6FVw6x09ASu&5o(TBVORQh*;k=x=2Qji{BLNpLknyTVKE zsm%b7ZnZTT@J&L2uVOj*?ZJFOa#W>hdsk;)Uzo@Clnf}EStit1;vUT7n{`Bl?}zR8 z?$~H(Yu8M!7JArEO9c~bvv21;O80!TEh;E3;4syVRp>JmNI=7Qy1Lmj{m~6;GkIp% zsk7yj(aLpi{lJ@dnYdy0ZdU0G+f$WA``Yf#^t!2O*wL0ck8S;;GyytTMFj_FQKBKc z$;#8>@%cNJmrDIK=;QU&F?3lDtmPAOA?F-eM{v*(#%77>Xuif^vHi5w{C!Cg&yAYd zU2i=wyj1Tjsij@>6!4BrcQ9C2E{n37sd1h{s!O{==s^*|nw~_er?paGkLivRc_m>6 zTf*OrA};Lgu)lo7de|(z5mo4x%!%q%N)`xJrW0)gaHO({ves)R#2&?=rJ30v;-RXl zA^p6_@sG&y?W$@=c2?FIuUQWE0&BOO8Rz8jI_xyU3ukQjLw9}H&e6`@=>UU1SAhgx zGtHi4K}k@0WPtAkwimNDTVOc?OV?R0{UTBQN><4b%K6Y;tazuXB7Z!Dsi|(IbP?U( zQ%G@o>RqZ=T}%@nWmHut)Re-@$5hp9RMhL55|YH=TKyEX{t}+J`;dZs1cR<%ky_iO zRV;(eDx(W^o#Q%R#zAWAzC!3)*&Ddx;`{*ZHXC5iI%7eCi3!W?K=S4f9RtG++kt5Z z4Sq+l46*&rR)GTV^WJK+o&?y7>z*?K3W{JnY6r3~2!?c)JCevblN|Ya{(vHZ{GFQ? zNyTSr?|LDAJR#mEj6ST0t3hQJdFhYg_rY|!i-Pw#@EuXW9S1~7i(JXdR(O`FSBg)zh;BWecyjP%?n;VlSx z>bBp3${{4mLIO-pXXoAvEpUM*BY{|KYu;<|95l(es9H4m~I+w zQoDSG_&(6?Zz4$*b&tqR58ztqHM+;C`xJ_uNRx*vx}?9R0aSijG= zy-P8H#~QhpBMaS`#+VsmPm1zX74#I@r^Wi-zJ1$3OWHE%5efmtS63hiVcRgn5c#pfKwJzkI#|HmtJ=_!lggFIZ^>Zr+ z*mExLmk{?kUQ2uBD3=}#!OG#iY%Q~vU((Z5w&_BfJ!&NAbo(!UFaV5PVA!n}4Cvkm zjny$TeyagSpvOZ%Angr$#oX(T`{Kuq*?cbxDt~3NxPW(8MS__5R0j--9vgHXOU!jB zkAEPs`+dsO!N+c9pc^}632QnY)0Bh*hC%7IWa8Yh&LW#7Gkr;=sgZwBbLAY}VV#>w zN~d<6f_Y;_>}hN!P%D2HR)uF)091PHP4X{3cLiv11rM=3?Y+({6)ESv{URIRqb(xPCUVGz*M`6@o}KUbGPG?v zHk3~a@7`2OdK#Jq6=71ASpV4e;ST?~w_=LWV|xFsydwJfeSHM>zStSF=(OSJc?oXB z<;5#QZS9KLI(76Zw$H{ZOQ?9NKDHp5`gKsZ%+wxfgr4iDj1C(ac;~RuV-$eUlpd| z(0Ox@Q1VPl@uK??Sb zKe&GN{e!R9Z{2&fMtAKdP2gRDo5-+w=jvrcbvp&0%X>|6g&q%$ew)stz3J0rUyK7` zpPC4!OcGsrJo`8}49akp$zr7v^H((d*MxA~pLo6-Ds!O~^3vXU_7jJI;Mi+Fl#H5g z|M!db3sN!78(*pP{}kL5cn3$?7N!e?w3}|7p5p{eSE@LaGTVyX3vaJ+<|8pW zM~e=rNX$s`J^JsHKUA=|9wP(DM~-(y5N-@w?0a&M8^1 zWG^^*wRUZ325@}&F^a?E~hbC+2|(B9exfdD_fWhpl4i#j@5 zT-#Ht`T8{?4NO?AChy`|He~eA3`~5yOH-X0I$gMLNJp2djoOw;k%Y+gQT30EeAJ#% zctA`_I@4OcDVUM@!o4{@C?DngP?&793H`h!QCi@IysRaQa;ik|wx~w|rvg*7@orP# z!~yz>a8{1p?9M#w*QZFmSnBs0&zDoaaZ}#8nV`7tdVHL}Q=M(Te6q2*`#JVub4k2? zR#cQSrfHY4YImk+BqWzpy=uNO)6}orAuGk?=dWM-J6|2aW((NOgzfKlnT#9g9ga3l zb@I4ROlX@OT3J8fe*f&r>b7XWhvYCLcwL?iVkCx?ZNbrZ05%MKR^g?j2B=f9m65J3;Xt_2P$QJcT!C$BJnu$rC)S6(~`<&zR6NL49*kZXF5 zl4P6xIT%!sXH9)nlQQGycfPy(S@dm;11obzuuW#>zC_cRPwI!4xpt{FGZr8QaUpaf zGIHLP?ne`6!vwVA0b!ZBjL@dJ=MD}MRTmY36F=zd1RAu|BVbL2!BtfrvF0Gw?asY( zQ?kecTiz8Fah5tPADjxg3J{4x&go1`6J}l(v{0fSXiRiU?eA!mtrLDuUiB7}z(&#$ zO@R7_*tdvq3fMy1?{YBv0M6$A@`n4X2gE@aY6b@3yJLCLXsel?ZrcNfI&x3P#wK`+L!0h+kIZwmMg10ji-+d zYGP8ePVXP}w3-Tz++ai3N~{pr+hue(xaMa3=XH8XA@U+Es*`QZB;&qFtcjUf(Vo;e z4*K{KuT(pt)J%q1z=BCkZ1zg1)Z)n2Y>L>{tmo$wdIpNfnhC3uGoP1W11`>O9vCP; zcQCwihDHM%32+j!%T`T2@sse_nt4eXGc!9|V%4JmG3Z9?*ckbXjMvoJ$N}CF!KWX( z?K`5gSV}e~S(dv%Pnm*|T!HKi5`cLKu1!gy-GlW@JSbLmx7p|%jFCEIR8v#q(C5J= zS~U5yzyHkAk^=0f6Jm+#=~ID>#>Q)U0aNe$CBTS|wK11r-3J;$N1~%75qIJomE=2u zT3QJSJcCnXpSt5=OzSSU+e~>07=+*d7$my=I5@b>w?E*ImzZL*2$foHTT5#zonI4< z`7)W1+lf$8vL0jft3TrzW+Ar-HN2V5#tnS&a{0)^gJk2lJ3j82nK(KIcRb<(y3lE3 zMEGmG7UEAdiAZ&z$no|i2~%{4(BRVA+PkwenG^}vG;LM}N#~oMuKNR1V^KeTyyDR1 zp-4;HS=-%(H)ayk3i}Z2JMe*h+#5HN-CLotjh)*>HR9e1%&4s7U+GN@T1(h-a&h~p z%^_o8a4jlbC=!6r;qkHQ_>TX{emImr?c_VcUtN6$-XaOT7v2*R!qby1iXYI_R8qnt ztEDBl^LD;{&@8tFx#xuLGXQM#{v(SILn7IR3bGrOZU}S_l^U=A6lqPJ%K$)|{V;j` zCKs~y_UwsLGeIA(u)(XrF94vbOifMUnMIbzWDVJZ{V6$x8!_H{#oTgoc4j>J<;JZ$ zciw^N2VLFi&(Y5Kx&04bJRrW$&Q22-7w6^BnezRvdXEChgl4Rz?M|Q~MHB`Z1gp;1xu3x|+9z|$H&|^=pCXrWYm0MScqO^3- zSX4Blx|-1ZnyZcU!|PYC1kBXkP50j?j9mZzV`V9?+{$tHU2ZO}1xwGn_;_3nPL6@` z++-yG=)pKn-uO_ozaRw|sn9O-l6dhUaAA2FFXMFx=EDo@>Dk+FgNuJc^{SBvDv~1! zpQISfH^Q_zI^v3^RgV}elVfAa;<(bF-@ZNb@~XjxZLRkWA^#OI5z+eBZ{B>GM_ptb zJ`f{2`&1pzB4Cf<#$kN8EV4+u*Q3V1JQrI`M0v#m90QQ{MZvba&hi# z+a5{oebQsZLb~idV%qN&h0&iP?)229a#lZQAQ8V(PGa$Mc$n_a&1>%NcR~49l$yWT z9N?Xpn!3aOgfZ5~OW8p}IZXl=r=+ChCv!Iivji74IXU^~R}X#^7q>4mvpB(iP#)cl z1n78ctO@g>&pp?rFieWcZm#Suf2BJPj-H;L*jXoWMAV(&qN2NX_4U#5S|M3*m5i(` zlB1)$6BVbHe*1f9>a3l+o*aH?BWt(rsVN`7`T!Cf#zz)c)4XjSI!Bg?tl2hZg(AMZ zQP&v#Ir$q8Dp5z8C3D)^H%5LpGV+y@(o2^v{=5JUjmQz(^#lR;p^}|=aDV{fza2+K$wUh2O}?|0H7dYj1hee~cFv z=RBS}94DuzzdELF^YgoR)}=-&$o&Qn4tD7dL2%KNG6!2*nt+Kzz7s!d?=<=yZ5{{# z<{D;UZ2^ZXK77+!&>0-iAqs`WoGLgiIxR7k-?7|=;rTZP_Vp=mp^@APiKQiP_pVAs zM&W>lovogzi|fAARvXo=pcl8U|0mG68&6V(T%zbjgFfKm4$jQ#@2zDi5K$4`1fg(< z3jb{MI;8nRmNhVJCz>an4owo2+Xzwe&bVcllYV2SSY4{pc>BYnk@RlmHX}c_dB8ivsni|8dU1P-Sf9* zU-DL@F?Yl2k2A9?$s{BU69fgXT)7Bva&vp;>WW{SJ^Remlo({l6UW*2<>h=}8KFZi z|0%pj=x;Bug?Dm(9-0n0B{MLX#laDnredcz2rC&dPDo75s>`{F+95+8CQ9imHAan9 z3EX{1@FF(qWn~X1>_^*`alV^; zoA*U2fjUo;T$huR|CR9etKsc05J3uS zo14MlL|6Kgl`zd^k(mIgei3yH4qjovoO3Fs@DM~r5%BQxf>VDeCN{(4?Luo~vpG01 zah)ED3#zIy-LTu9m!I8yDUH9szwwhqFJxsrkEqGbt*!65Yk5Tdm_ z0mGDrjo=(s`wXr#y07`6Qpb5rFxuL>y028wlM_GT)A)mfB(K%=nLMZ9-QCxapNLir zj&(#tME3ghV5V>UH~=I5`SuC6@~?#=RlS?3m6Y^Dq?jryDwqHY!WtTqyd1$M@9a2) zP}98!3C~CzIxx}JJ|m2G8~Ni$4JnIq+6^2bVUYy}hK6unGbR&r>r=+0h{Gn{L6Xn$ zM(>V~3EWVJj2urBUg2i-qp-B;?rT%? zVDzFFx=3qbXXhs1WjvI3wDolE3$fn2a?u1xCw}y+j{pa*N8Ns%bSz&b`Jg9>z}A+% zc0SLcnf~ zE&c3{CfJKOSndA=`bm4!uX8p0tGKDCWXK7UBbUCaA08cL)Yjf8C&?*r^QuXXk+rkH z1{v?*{$nC}`K}Q4CJ^dg+p+v$f}0q7ZpJ*{U7}iL?6#zUpvuZ9l{=dm zIAy8ubBn&-rsVJq>UHad_2EbC-v#r3)Tn?y&f*@AxxCn%j~S<*f5W1&BcZLW?Zo7I zTz+cTsX|rS-AJX9^78h2$L6R|l8%;^7J9`;Bo-DNUOqmIJ_s+;Id&QF`@O{IAADvN zpZErS!XN29=^I7Gr)z!t@E|n)a{x2RyOEm93tz|kPoB^oAA5k{FDWbgn4V7fNRcvJ zuX^VhD`{p<6#)p&B?6Pz*^YOlx{OP;Ym79MMj(if&VNuSHQ_njv}_p6DEm%^k6&k% zBj8y%%AxQASmBl6-cN~%>J)A+E>imXPi<^$2L}eOhe}-qDB+AGrE~1=Vs~2Ex`8uP z!MxjWPEAWk8)C`N&oBM1nL$ikJVe6I#wH99%Am3zQVdT%0|OvfNs>rr6~G%ZkA;Ex zF#d`^XhpDs!a%I7kJ^bfo*MD0{Skl7%I8vja}h!-rYI%neGpk05=yVqBY5ZL%Y0cG zm1iabkDB@p`13#zWC_X1t<%#a zBppy`!+`rfK0fqzKX~s^6Mug#$OixQlX7*>>mz3GXz%%9+g_Vv+2)gXXGc*vwQ8CI zRn?w9K`N*FVI=(g8jP*2uRMyu6BX6NvXAWS8$>$wIXUFzv4=`!x2|8cn>i#Q%CI;s zYxg?Ki*<5$e_vZmrKqH|2#7pL_`!MZ7uMFoQcOfAepfo6T3_eYH|3H#7^xB~{8t^A zdXG{j`S$h|`dfjJh>Ih~f?ZbDHKt!LiAYJ`MJQU6cI@xpR!kSr$;)a7EI0I3JfN+M zMS@1}VKBkMqVJpHdU`Y;gM&dP(11ULx}S0zFwxJ6zV3Qx+b@G>ez;fP;}C~Zf@itX zAtn8*L#FPctg7rob29@dq0ZYa8F|3MX=|5ZAAy1I0S*7*)q@WJk|j>p{7=rjNNDOo zWI7acQ3CoiG|V?JJ`O#OBET*v!|-iJzIcM-qsIm>v}EN$7Q3!y3*5nXb?r&zQ$WrG zDV!qY{V8On+^I#sHc%SpGayXs>r^=3X-*-KU8UY_EJaW*38)8;QN8k#toNq z$$%Ca+ptw~o_P7*XSE_78sY;g?B}vTYum?AsH6`=G?B?igVv4?YSk>}fyv1rG%7oo zsHm{;9(|6XtfqkA>ud(qN{@$p@$0U1@s)F_!_3 zkUk*W(sV8*!HUC%hO117FKphj{&d z)Mls9keTw0M3#m1^^8LiFvli_+9LT_YP<0D2bZ>v4x;(;lwzzffLukg@{K*)V&X8a z%Ac<>uVO?*p6Hu@CC0~hiu|UOoA{R%RU3frv8Ks%Ey^yWnr%x7Xfh|H}sdw z3%r5@(iZgDp!eqcjb07q8LC&$zq=2PQ?@8uf!w%vLqq#=TgxV^Sv9n2IzHkKb9i1J z9#Q*C>MJVl@~IIK90=D2V%aiK4MO?>(ad-0vnTL^oGPr$c=P7=o`3I# zWvs*1tMAHVNaDEl6#e?^9;Wx{rk~x^SabE8n4UCQHtUWRx&4Ilj@ZS-0Y14$jp$yaXS-__KO1COd%Y?ILd1&m&=RB>6160q@)I>T39 zrHTXnt6r0nU-v2Gk(s4sIK_D3o71%Ko2=_%!*g>c_flWY?;7uAo;ta@tDYsppn?cQ zX6UZF{E%yPrRTk90!{?|&h~JrH?wb>ZN;d&@FB_b^S`Tl z+1cBZxjkDKOTU9tQc=+c=xNK8uJOMX z;P;-1NXXteA(_urjMAz-P5#Uic*0SzYIRNHEIMPX_-vfNlW>e{4T*bO#+g8a(SI_mr*4nT%<8}0vM z@2di;{F=Q{6bwQ{xK#6mD@M9?;_FAPiWHn z2VhJ{AlWg~P?hayYm;dR?SKBLVC4C|`>>ePDsZc;7ef-Tp&`LP!;?H@ZEgMWXW}as zp=q^3RJIh(QLX_+Q4HRA{}^KJsGqPZycBZJte))Z!Z6P7y{;jJ=}$ko@}<0-WA_iNao;%;&i z)zS+59lD^7}@rkWVmPW{u2!0)(z_OxjU6zx{?JiH=;zBx0K@UBKLzv*5% z^8V`TDn)&1yUAP%^Vi!hbw9?-SEQ;VBO(GgMKk?5_&=15;{y5?ek!l5?1jMnA)pLz zHM~75(R?JEC$JXteDVnHdamaB;Ex%txP_pSE@-7Ce6M z@lj39xop@=rx{~lsnXs9J687i95r?oYBlmpO9k}Ai$-?%9uzXT7`m>ha~9jfIV@g;D>P2dTm7{i|uu?^Av^rD^DEAW5WX zcw^8M?A(?grDEjI?ukP{fFXrxS*%&!)+uQB0wev)*Zgm{DOfJqIXLd3;)g)tGPB8d zbZQi*@U~RBcjgP<(x$m z-^@)-Ut3$?DRl<<)1?k5R~g$S+@j$5^|*&krSZ@SP} z>!lTc0<6u7dzn;LyyKd$NABF*$D*zvdPNcsok%Wvf23aX%oK-|R-qgzQdR_#Fwniv z@drsL?2L8)`(@G6hlTs9!U-o`VfeLI%2w-D=Q{%fy`8zQuQ(*#dn46dho0QlMiaX_ zI6nSmyvlC2GSBkp@frNc^ZJLhuh?kP3~q;Ep$n9s#Fu-9=hdn*-}yyZ$IY ziB(dguQ)6$WLeQs3EzwPmc~ME!b?{V?Qs$0`*_AOZ)*rL#FeN5trxMI{rjw{A#4Jm zF+DSr67b2Fwql7$?%U?}%tp$Hwacz*A!6D_-zzveg8W;I&EV7QufVybjg6jnIphg1 zP(`uqE@1aQW+8O)~FH;;LHuE|dQN;9uq62K&TNP)~|IO6`L{=s+u*XW_@Z%Swx zcd!EdTi$1^#EH1RoqHo!wDi7wl z!pqG3PW$Vtkqfc6lGZ%$GH+hHT24hHkY89hz=;!AiIOUZ9n3%G%Sm)IxYac>((IyV zfcHhHgGO3$=HyVqy+5m4fF`A05DyQ}OXi0VD`XgXV3D6=(fIa0Cs^R;@%@Lft+AYH!uES!D6uyyD=Jx(f!6Sd8s+RC9CR5Q_bC~)U^Xtd zQ3zmdaqZ}$qk1XevSW6$ps2VQJHAqs8R zVRRINR$5rVg|E=nzeBQdiZ2F8-QlKuLWv}&5IoCYgM;oVkDdiSSkTEfrHy|dI4OCJ00_c+Wo`|^Jl zq2Iv45x9Rxb?So87`SF2_b4dYZ;;nHZ|&{jzb!&j>ajf42~w-L161MMjdU!mFtYy1)^10!PJCh^&&ymQO zIf5~3qa5AA>AftV#Q9lcQ9U%`$!~}LwKNS6XN1=wskRaJvxKyA+S+m<2*SrwvB*e@ zRaVzUMXB*w+Q<^f>u%h{c=_CkOgmOH=@%t(dFRu{T~kH&q;_-TnQtj?D~wyAuxxU# zYVhIR+X6fT!KRy;nKJ}Pi+ntp84-ZyxHBe7gjc96tuM0>gt?t zU=TvtxlUXyr{-fHga$f~GNWzAblthR@7tgoq~h_U;_6nZi17)@9AXY*o9;kPQ(0a4 zZdzE>!?IU3m?*}_*gyJa%0BW|r9ZhjlrO;&G8XoN2iCFX+#$^OGUiXD(+Vt!#JXRj zj95OYR(GFI^b-t6dDTPNAn z#_1U3Tg23R9z@gIYdAZ)Pek>`^dxeHR|FS=R(McQU|?i2v)B+4Ev`5FGT*(C&yO(( zd$C)>Knx2hJS?qhD>(^sls-*c~ z@yq3&UyggPQ=aX$bPN!)vS3&@r5Pe&b|1YfG9sm=r8U|c76rNo2&-fpbx{IIex2WB zdQGX1MZGEdRZ#>Q(9cwPv6p*L@%g!K^!+z+3!!$L!|_p8(1uM$3yTNXZ1uH>b) z9|_>>Kx(2&)Z7;+*c|KVKx1VcY;cg0Yumpf)Ha!o3G4u|=;+<~!45`K>VXQk66s^! zw4i49ce-skEG;zx659Id?qZQo?t0y~yVD~ZU7QWYux6xU(TrNYH=4)H!ERt2mj;8- zzu_PKIoI!Hai||@Xp-C`dV5XSn|<=;f_*y2ySi}w{6?um+i>~0Nim~YFTda69BpmI zA}(PX)?*!?P{O)1?NLy03rJy^)Ql&B3)YJ4dhc|sgU0LXlovmwPPH_~O7ow1W+r4%MJML&&+@i+PhXQxBNf*qU#5^Z8ou-VF$hbgLXGPs`4H?6U;Lxky!j zD+qnw?XO`sjAr$rxRlaehwT0VJNq3$!G~1Oo(bC8qB0z6O>{k4!6U;<+}qS-i~f06 zDSoVsHLKV;1IB-K_3z)Zxjw||I_%pSh~Qt+y%!YHutNXV9@)yO2^C6$HCF;puQ;cy zu@M9b3w+Q67B5ifyg!jhnrit`ResY7fDsqYD3}NHlWq}b?wRjCnOd+j28i**G*~q8 z@tqL?M-UKbO=Nw1-Q+d-hWwj3hc_%TvVD0L>pBnCb4sKU6Co&o_%^0X4E@5f$F1Kd zNTLMa)4A0Lf}zU^b4t5h)30=+X@XO#&vf>x9h=X?w({|8LL}2_+WrZUip^fu9Er?aN{EZAs;Ti;5RZtQ@lGnMem>?7 zdq2La<_fx^JGw(2$#g_wP)o=QMYj~0$Kz@vwT{va@E0qRy|yhS1@;+;H<$AA@+Mu) zF{y#01hLZl-n^5jI6K34bR`sQ>HV7@<1qN8cHw5BriGNFp{PqQ_J1_^R)6vRcGE|^ zWjyV8n^3)bZ$KrKu;`b7pZUK^hrsFS=b-Yra)08;-#0SNoS?k?xTV4#59tmLj`Q|h z(~=??(Q2J6C1e0rpyV-ort73qvi<4_Xf0N;on8>A5nL-NS4xq?m4kLXPf)~?qR`2YN< zc2RY$@#jw}9xU71jL~oAbGye!4s*Em->~uVosM@uQP48K>-zQrWkgoBv-9_)zOeA) zeD=5RQ%D!C(HI-$HLtlYv)gVwK$-?g5$GXu%wiZK#ew+y(ma=tT#SC#%QYnMl|{_w z%8}&F15-=Wp9K$Z=j*k;fG`&lD*r7n??!3C#y5~{04rX5QGy3V)fTZkLp&NqPmLTF zBs)N*!Zg*G=n|^WT1G`Dez%?5=dEAEeVN0)ata7G$*oS>)@&j}E%t?4nCHpz9wFyNe@pQlx+ zxWR23uP{diB?UZs_IRtC5JQ14*T}O;e?dg>`Dr2ru#r?}Ik(EURkJ6wP3>1^0Bwn) zp<%z{)K8`SUdFxZ?CN-Hm$US+w|mp0v$OWxqaiJ_m3x}*kll>oc0SEc>RoP4F)QpT zSVwox@8*-cKZF|P5l+*FzfY+hOAElhnt_3z6z>U_=6rEc$?Gr^KN?s7(i$KzV?Xlw z>3UP09I89{DW~2bMvbXXL4GwXpxRA#Zy6Qc-h>`!f9(-4J*`%?H*5Mn{4%fDgH{|x zKsPc8O*gvkq!xZ^WNJ!c5qaqiaQ?FH`bpltroa+?6K$e-zUaZ;-g7GA3w|}g>gfv( z4D12H$FRI>nvk(AP;8KZequu=*Q#!x!!o~C_w=c1uqV>UxVVFa$aT3k#Sw?WQ6Yy( z!-pJ;(w!osg1{83>gasAaKN&$v07SLc@&Cki;!&1GDWha=bYP7E@HgF5B_&Xpdk4) zx19uFk>ZNQyl-o5MU|IeH-Cdz>9v>H0>d1zQ&JjseSaGbyBeodR9L*zyz=~&?h{Cv zk&yrq-15hqtm~)Vrtwv(SJsizXnVGiW<^?%l&p2fJ@@+VqAI}MKf1ex(`R1M;u7^o z)^`rL9gY8b{>(n**?Dh7S(t^((OHu&om%Vcb(%ieJsH*CeeP>(iuI8XA-Zl>pFa97 zB%G%B`Sw7P9B^0Uk_Cf<1Hob*uay!V6s36{FS)=(!6srvNB1qW;8B_{CdHH--rwI3 zwCK|QjL*yqe1`5DHi43OVCaQ}-RBUZdF-xn8@;iTtMb9nUH2N zHz6RDt3dl33xU}_q&HS&m{{j0^6U6fxd(ywpYjM?;`CvI#FoB=lYN+in_F&u ze*m*7IAOX?PwwYWaY{6f4Czv%PmGa`)Viep9taiiX0CRR$bQT>Ovq&OK&3Eynl8Ke zCgsCT3{pY6M}53kot@~vKoNY+Z)YgO;6#tlyr3R}%M*Ft7k0Vn>4|GKEA(ckGC*W; zH2L~oMFQv*wY2;?C}Y|M?@0?jcj8m)ueIm;Fc)(RW{-vRFDkdGkuJ$bZl&BhV<=z0 z*VORO@$6p--5rvKu=KlkI^)6q=(pV-D)e(<5bnJ&3b2@S?MBptBpQm8OG>c8$F=fXM8w&145laaj>!5eZh=Dus+7I?A zXGZ1`S4gNC)Xr3GXk!=4J(76#1dYClU((?_Twba`Mj8lK1u+=u`nuf^xX|Dz+vjHfDNSmF|#hpyE2g-aaC^ zK2g?nce{=qPp2d~7|~P=+LqAJ-^7P$Uvwgg*lC=OVr(RKs~kaWdgGdniO;~dM86^> zN^V-$BRkN*^*TO=#3+dI9p;Eh2*bDo?_E<58lRp8NrAs#T))v>I107uA>DRj&i*lZ z?igg!mYJU2KsV+X{6sih4n-hx@5eSmhz+uL7G+0jY637ed;qPuSe@~YNe6n8;1sP{ zljzsdX(M-#ksdwj6>%bojn!!{&ZB=UbHvKZN={8Js6H}QvWc(^fB?{||EeefMnQMB z+Aagfag^lYuTW=f9wZ>HXT=Im+@Se)ohOH_^p)UN$`|>%D=z2f4-_jM1lC#PD7b_g z30K0cS4*0BIdq%kW_QbX!~2E0DvWn=zk0u784PUW;8*F0;Kc!%A5zjTm^|e}l=1NJ z1lT!~6{}MiPKH5{U%$j@pm>k=>C@sIqR{nbQ0i{wCLY!1*8cR1we1g6r$W_G5c+PP z4oah_qnJqR=;3eq`T36)#5E(LU-g9}^>VxkHhy*g&a9XT&9*&4(8Yq#ZrK=p2?fD* zwe3%u_S4+~(&u6Du~@eDp19cacsFfdejUsc4V; z-1BDkXJPEoPIu2j3(@a3^$KTR5nSw6q2$#a?RbL%^q_>qQ$&^M&wFu~T0S?EivR07 z#xv`{wtPauyDvlDD8EjBeMv({Rt0JrQY=D@5NS6r@gj4Hxv7XDE;&Z)Uezf+>yxTc zU0Yk*{QXpt;e1mz3}Wu2JXSU#9&MR3)mYF+CQrX)4*@L_bZH46F1?hxM>9g@9ZpTh zF;7@gQPCe}3Hisz@x2UoX#tCMDHL@()PnIEQ@jt3qt1tum-y!9D?`(AOO8#Gq$iJP zXT$VR8tE{-D6o zk?k=i8r-~ZAW9#6Shv=9N;$7(fG zp6a!U&?e4d@}(`k#R-=yWuF^HOv>8k<`Djj z`o-DEOEW+0)UF2*T|$)}<+Tga(CR=mpgTaugL zE65YD;-%t6<*dJy6=f0Eu1^}K=`5r3sc65904EP5nQv?)U~xi>g58@MN(7#7kwv7w zXNcj*C@8qWk9*(2W*hhq$k;K>&CO?OS6LBY(b5|6IGV1u_Rj>0=50W9K|VMXu@Z%t ztPxRBsw2I1zYg)9J)%Z8++0}s;)UsRpPQ6ywRXw};FDxcWzc?NKkmL7z-jR;f=xKJ z;`N9FDBW9HLD3=c)L^PSv-dR^l&1UBO&bqi+ZfTvG>H_^y=fstrF*DEE@{`?C{8I^ zknypuYNU}RwL3;$TXA)5t^Nc(x@Ten83_a>Xxwj-goAuLN-U@N`!OP;5mWZ8Q5%q( zgnWmSFDpO#C;K&YLr}3naef_EQLSzzIcp^lPn&TEJb^kV zuOLXuv43dDqw_<_OlK+Ik42R;;l(}Yisx@pntn=B5+8zFZEH2BT5LWL1n)UKr(T{9 zLF?&iT3#ZZ?(yN>yJ>K!eAd?gdAy6)GdP%26a$7ZjzvDD#7U^KJ;L_;=xU+IlcJ^q zpTUHrT|6C=`<`#+Z4VJH<=4h4l8(e*^K&iJURaEe*Q&UYa2-H@p!|I*QJPyVBo=cf} zch|@JHmb66oLFw(ClFyH0>F*yFA#zpDNIZc3^LjBPia|MFC+~}UzdU+C3Zt=Z9TzI zTwL6{xT)?EP`N+2>y>AD$=^T3c7N4^74%)65_6Y=X}|o@$}Lz9YVFNz(&0;@ae{hs>foj9IxQdUvVF(t0oH)s~Uils_?#$Gs zfEfs9Wa5oOR4e@iP-mhSsw z3?Y;8>P1Xq9t*MLLVS2La62=@+kK6foiPldBI&&MGENW)XMuEjsZWx<=U?pNf+ODk zBr!9gmk(MqNCWEOL!hymQ+~|=*2LPa-F<#lX{5FFHK-Xu1}i8k8ack;3EEX9VQ<4e>*&1@oVQo33PIzI$Hc?geAXKWqpxcZmkWn}0|!^Ae9 z(yt%qV49g@c_ZI{PY9?exT(DERb{+8KVursGrp~}x&rdx?bAtQq$I4j zHnyjp0b7qAJpz4?>2S$8o0(;%MNFcJloYeLc)!eUo<>ctps+CXm2ILS+C+_9ohtnuA|@;^yr3Hm zc=yRTq;Mc$fD{7@7Q&lgtaNcC0g z#hubkjl^1&YhZ=AIPX04^g(m+sN@xHw*F9U*~c>mlB6)@fAuvq zU`9JOg|r&qxJ7s!>P4{jkw0c51JjTf=ToJE=j8i-kTsDR(jg$H?#0Bas=J7>3nIcj z?-K??$*cL+Lb&!mm^6_b>bDHWJHY7G1hRi=d3k?o*(7}`P?7gH3fkD9Y-lVZ1sD{; z{4amOp}p*4qah$bfp9UhWXco#CO|S_4EXtRCYhxhk&lr>*&Y~p-9VNJZu%`Lsr10w zoSZAI)ag`ox!3O7Pr_%GiQS?B6YaEUibxYdU^U=50pITx)5VS#zH1ug_oh$2ulfX{%^M~G?bK1M>DIdOyFo?%Gp>OSV@ecCUCLHY#bwcyGSvbRV6 z`0>&GA5)l6RRO##48#9HeFpH_Vb2uOin!JLgF&Kq6SU)EeTVZn)4Oyvby<oI0lR=&W)O1EkXrFxqAe9T4bteb60eI>*S)T(tOtytp=xJk(q zjT13-=z5x*r%0n&=dG$fo2pJ;*v&Ib`Lat(YcCz@c(P76P&*=dkd@=&RP)7qdPl#; z#Mpr;f+FVTLZ?K4H(Juurg2ht)uugaK-!^~GkH{0S?>kN&#wv}H%v^RpWC0O<>c`1 z46HU@ApoglsQQ`XbsEr&p$Nj0)?|E#y})D|*#;R9n0#3|Is&TX*}Qkb&u`?aj)$A~GiUmgn@|3Q?4_tSrJP0BT30xlfP2 zxLlo?nL!a27G`E+OU$Xc0z83w?FmSXM!-vf(z@odne83O!Ka{*GQvA`QpUu-f!eRB}c1P(tnm2C|x|L48^HwR@ z{31>DQeTPZg40ZVejoI|+h-Z6Ar}Y3Up1+oWd1nM&?zdlobImmqp3E4+~V4`qZxpV z30K)HC9eV`Us+7Zw(*v?1v3&C#JueY06^f%|=#jWN(c zpeI3nC+QuSY__Gje*2QKp)hHQ|AYz=EDtjvEGsj5%^+6|>`&ag;~T7oBcJjr0L-o` zuwbdV=(gE{!oxL(@hxu&F_@He%|7QB7uWIeTA?Bg#t3sP3f>6zEad$_(F6lOPWeWP zX7QRm#N52uo@9ji4(Uhn>T*OZJ&A!qj>(Y1hYvI7wY9!vtmm$e44A+HYP{5996JB( zJv*j1ZWqzpi8Q@h$U8x!jeUL$uIRF~2Rz`+;81p4fA~NmjvOBd(XU5k_>{`{;*4QlEj!*|Wk0VVs$NO?;a zsn5@c*t{W{LF{Eu~=oRAzr*sgx*EFki#)~m>DUi&LNm90S{T~QLTUx29B ztI}_cKGEH3FPRF6mPZ0y4Dcr!iovF4!6zh-Pkylhmy>sLthKdUqJjXeL6QVu57Lh` zBu7XF`VWk$$;jkpfnWilXnk(&x*Irfp<2~BHjodNfLLY1OUlKkUW z6N*Y(Cz*5@Pb!GtsGEPwk{`-xDp{`#2#)p#dYDpKBq*4x02D~G1MDjP4=syxv&NZBPopGA+=_F#oz3B=TELt8|%W z0gOUCt)QPLtGdKs)xRJB2h-l(-gHP5Gi*N00E(j`UHdEI}Rj`|mFi-%ZIvT4qoQ8%EzXk?Ch@Y9aJ2dr1na{YMomQnpWPVeF ze&K-r8uIShL9A^+a4;&|{g4pdmwZHD!IXgT(|~LWO;NT1p#W+r&dfj56j-6hbn)?v zW5*yNAwjsXAtZ^tY7Z5{JlNT31S_zgVeQzAM@|9a9)LURBl)!5jy_SBgEG1<|o7knwl=%i%%4pbVB&R3i9K~ zSY6HlH!><}7G|U%J3l)5Z9{c+UzmM)su#qH6(Qmo2B0ytTFjO=21gGVsvm}ogLf7J z2eq#rY~I2B@}=v{?`2bHPcB2x3Q@xcq6_plajlKdt)J3u2SxWbf~5eVohKDVfvcOF zDyYLDvrIT@Mgb$)?0k4!Gnlqwc%##ddi&ej?t0^P2)w8_OWwRtn`?di_Q%u|Ub9rp zYoi+sEG+zb9WS{{K5|5T2uWr6^%zp+c*g@wVm=2Hxb$1gS0=_4^X*0+z&QwMmhB}# zZuD{gcK64gdg~T2VgY5aWo^gK!By8Vfdlq9FEb2{1RY3Dv1Sr(px)-cGaPGU{?j2m*FCb_7R+c13zU~M8 zB@o`KFUN&y207Meov}>dwC82tTEqfp8MZ01_s{wy(foG>pGnu&%=|rHTtA7ZMTy|G zzooaXhfqxw6}6;R7D8CgBIu(xRQ~eToy|TZ{RxB!!GdD`8D5(_Z=9isu zo`jJ<;FiG#K^@q&Z^I9GPZnY$a4Z^ZlB zp-?i=yB9{Q@QqQaBk2eqq4$W2dJoZ6b>>UCds+pthNdcDA~k2T*fH$JgdkIW^Q#jo zvOgcAQ@N(~__5fEP$;Q^nwnp2^)4s0@&ITtqc_A5)?9=kF-0;m$zsllR?c_8xnR=j zTywmmrM`R@FEng^Vd3lX?p+XpF+Hfb7rpL-5Xuwt*vLH7Hy3pKK9_^MMC;u6oo=%PM_5So;&=zO<kcwtO>Tb`IVuemp{^lNHyX9 z53x&`4tIe!1=E;!`!2M}p-$ohZwNjQ=T+FgKrT^2AiTKt5fGDTAkB0K?+_;5Geseg z2qbIo+u7UanYCW^A#F;jrbQ%eKY(5^thoTXXrk`8(HqjVH)Tz|y?3EM4>`FSN{rk~ z*Ao?&Tjw|E*G2~-P74yuBRu$px+Np7fL8`F2B8EovG-}!_y}nwL_d5$fUUYO{o>Y+4bN7_dV-l zw=#LTF9#(SdGBb;$}8?OGvg`@?J!dZ zOj|d>tIp2FRp-_)=pBfP1U+96tvs@`Nnl_ZS(;w=Xc%m-HcJM1q@uy?late#g_Wyp zY~gCvcy+_eixcc4m2*;eq6r3Tv(&+9;$>vT8iM zdvnrekqqQ4Zo$D67pL)bBIhJ;OusOIsZ1I=yMQ1K#8+V7bSn+_P)=k52=8fj_Gf)< z0U&h{rcvV=r}ed@p(W)}`n&5~#Nh462JQtsz}r)oc2`hQZDZS(p+08piBM1tXA*Vfa1~cD74@WnBCg--GhVY1QG=R)J@oNz=7)bipVrrSo!$K zst4m~cG zzX7cX;AuIxs@DH>OJt=vZOEHUxHV$jz{uhj9lck*%*aQW83&Lsl7T6-LEt4`Tc7E$ zKp7hmP0fD@Hyzs90NDiQq=s_j^}>I&00Td-=j1%&6g(c%T$f65fb;_CIn~|-Z={tho zdU^lOHz*J|IV&NJP}S7F33vq5m>8K-G85hC9F}OB>^AKUpZ~$&84RF^fqEv&BLK9y zyys`SNKRn-<-J&(5-t;BW~LAZ^#Je1?@Ji1&@$g0BENZ3=H4YvM$Dp5w)kJA(7%61 zd4$H+p8NTrX;<`?PTGN8x03lkuai3V`mH}x{98=|)+*bXXH(N7-=R;S!{U_i__?zYY=S!ITKXUfs zd_yn{SH6CIl@C5fFqwL6vKiDx8)murmxlN1?(W`({Yn*PZ58#35;8;u)XfmI%TOO| zngB{UaeTf{uDXAxO#hI9@ONSyS*Zb{q((wCds{TN7}!5=o;vJ`eHa-@>w4|(owPNa zJNNim`Dx$Y@)QiA8E*Uj-aB?K$bF#e zdPk#`l_~NeQ>i1RIAi3)$gPKLkGdD}lgMRUAEodeENGbp|@8dJ+qJNf!cxhVeeUx;rt7s$Z4Ot~jPc?4l7}0=tENW^bun@EBSM`(W5jj#|q&X2A6r{8-&V4__6i z)?t?)RK%xLR&t5Zrx}5oys=OJWKcO z(UZ%&D{I+W^DXkVG#(@tMp4nxM9kDkNc0M!C#K!j$g06IxkH5-t-ZAGtJnv0SUz-* zLKn_;U((x%gF4j%*-`+z-GLlj>ts(mlEd_qPH~EmKRjwZB>w+wEOSpUh?$zg<|>`qy805YUcE{b9;K99*|(|g5zu=ExkiDVwPA&=4I_Qt1JT)? zfA{8%&J;@yqSQ9XNw#0<7mw@>(=l(iH_E)98!$OJNxQnz_2b8LclQvf_Y6*WWnbg-XL{&Vw7j7l=Zu4_4Ob>? zYs<+wO2jiO^ti<~F6`N=n5Cr@3My(}4=>C5x~y#Gz)P!t?!^z>MCDv9*y;_+2T^%T zDUb{IPV%z!adHvzj0!z$u_XnSN?}$e*Zzrgin)bGTL?9Lh0fl)e-40z&cMzdG2b4p zwOo)RM>Ak%p{HQkmdR@4G$jYMM}vPl&cFMkBT-67NJKJfiXo0G8#I%rh@$8mb%W*e@_qT2@l@9d685n$iBj03Hl8Yal2511e)=?hXmxp$?DHNw9Xp%_IvhR-1`&4-?mur-y&5X^u(Pw6GIK1mGxEM+ z5IosnN-)Zy$NjS_BqBLd)ZJIKE#|=fZyxaH#{GAR{(JoVcZvS{M*Me){`*G!A1u-T z&6oeW_y3)Y{~wdFpOELzr>lOE+HKWwA5FU`z_uok6AP;ulOIOiQ- zVi@*Jks9OaK0EoQXjS*qmlUxRnbXsVKNY@HXB(!&mJ4mH@w<%TK_UNoAy%z}Rns0p zc~%>+P9Y(csQ!g2us&g%v~Xlxo%bbmK}lmNPR`apMpvjn(Hcpa}!8A@(k)~D^i-FqfFUsAYB=U5~E?6{-#xITU(XfnF1?U(9hntAw? zg(R=>;JDp+pJ6Lr*9hNJ%(!6ZI4!X_+|~42M+Ml@v}cLoe|_l(pGiUgPm9TT^FiLc zY-bYyp~Y=%huY5av{F+ThBN-0()_KD%34| z_&YCrlX>OT1#_J4w&9V-Om{mTUlhqFd3W`y#kK0gNd=>3w%+spYSADYd#a}smcO0O z4@vTsq11Vg8s9Nj8mn^gC!cka2>a`KKNTuYf7l*o?pvN^nz`;i#Wpb7TdcPou__Te z8aW!GAQ~i=9FApluNUK@~RFMM9cpbNlBIix?gYr$dvRE2rMI$Lk%# zoBkerrDl4;4+Tt3cRShq-)(-FI(fUWc0O2S(V=iYKbYHP`K(&6(FT+6%qUK2GEU#Z z(S8IQaa1H$?P8(7uqL8cvZlHyDi@K&7Zt%KCm;ML3xiGzCbTm7w9&tEb--WG{=A(zWBUhd|vVN>iuZ#)Wyjc6bhprefVL8G8yW(}= z)!He%S25mh;^RkrMq|J^ble#mdPt5|^)d zBc&9rHBlYu!5raSyF$PHPa9TN1r0Na^}L9)P;DpwGga{$N^8tTH)>$p%FM2Wr1Uy3ijks&6eCOH@2fNX`t15ha|0hZ~y&-ix+dey1i3vWu7*R=nYwA(rtKY>s_NkP|fy;x~ zLWB3Ll&n+bazN!%>4b&u-a9>h-fhfyvCFS1#M@DcggkAy+R^%p4@GlMX9hS9$#^3V zFMpmAa$~`F{P_Kb=+8>EPGk|(j2vpGRAJ;sq|wz&s~aS}E4K;WcKl(lE`bbW)|jXO!)>HakJpDp4b*CDfd!3pyKBc=L5|5dJS!bv2ri zj;m9t%ImE^dQ*esgkI`pz8O3^WZzt&s3p^FU(haO>M!ITTelHPF|59{={#zwR_Vya zJCl#%`jo<3_A!RKiSuB1QHDUhDRehiQ6^W8QGI1{#MHm`UGA|>g+plNLVUD%da`3{ zeUB*`nd3TzlwG#_)PV3a{b*jc{WzQv!;MRc=6<~FA)nPu<=n;A$MGFi>rIoJXUCX} zb*GMjUD|zxmse1I-(Re{N&SZ4Dk3bbrEEN1ml$SgN!Q+OSiu0oBaWqjhOb>U>(?o^+m7c8 zWa{GNf<`u?K|mSVoo6o2Z#7`FhEVI5|DN654db)ZN|Dqjn{2kcoSR)c?5$>0Z#p>c zZhzM5ZXs7$8dkj7mz?WK5_n7NZ7Uu$4>9Q4rJbO2|n3pQg7{^=e5duP*u zshRW=wV}PTB5a;Wh55Dn6;aTN5k>BQnV7!LJU;@&8mGdba!43(9%Ka8*(opU?vpTN@`UB#5# zeaj>(W#4~3x}p&2nZ0V>UlE$5Oy(G!GFYN#d7^MU(99dUTzDXr%y`gUtF=vGopO27 z;V`G2p2WyKm$XQ*T3j%wt~vBxYvBn-d%Z1LTi@-R?m<&bf#b%Z)iO8sIDPE4li}vu{uYQ=mTq@Mwcyw*%d`HT>m*w3Uj+Ph4c)u@I9QBp0 zTV@ns_sD0b2SdA|x4X%d9hQ^B7leltBjsxsmMB~2!yPCV?YD17vg*GN(pZdDiFuN9 zX5er*jIF$NjL6Z3kIqz75JUE+ndMUwzwIE6W)jN|L6uVz*e5fLQlUiS^})Dl_sl%( zPS!CWey-(Uyg4Bn^s}2cHoV3xer6uPwepMRp@oxGhoZnPr{aCgXX1Ss_;l(1HYBT+ zUV|k05}LF6I_vA{{ZR$qYi-YtZQ{iB53)o%8PZ3dU>nMgsac%Z#Kmk89?Ylrf9j-R z>K+|3AsNcE9vocG=C0fzGrJ=7%E>$ZP|aB~W$Tw_vUbCD_8m!kps!Ra zw^V|&&`v-E0I3Ki>^v`7Q=nrDmxaX2_t#o*(@ZituyV7;_GtI~a4J4{>fiu$>W@TI zB&KLA$Bmn}c2eVPXmTAJZjRV@hf|7v>KNr@o3d-)+5t?L*k%}u@=w>`T8xz|>l%ZnoHnxlpWS)@BOXPJ*I~uMKATH|gspOzBdi)SK zwo*ev-QHoiW61Wql2|S}OrD)B&rKNHBRbl6|7ZbrgtcNqDMt)W@#YhRNlEgnfXz&; zR-fM?VEUAjn@jg9jFv!|*YV;k#-=HfZtFMV5}CgW4wE#Jq zP{nf>vV|hc^VY4MM1L-FP>=F&R3Fw9l}dHaPgT-5TAkRshu1Eosqa*8DhIjU#{0C; zK~O&1mTA&Ut!1UC-;j+~6?aIX+B}vLl(n?nN)dk&y|z>5NLajaB3YKO>oeYsznW#k zyjK6JCgxz`pl#0{lUUi(1RK{bW@B_rE-21}tc6KlB@C~6u6wA=VwG!Zm(Bjfr)t5x zd9kB#GIoe`pGzTc+KYC5qx}gc4`XW^`{v=)UP;VON$Fylx_?)pH}3q5Fj@DipZ(kx zub<;wE5}@{)_62~^?WKB;OVkkTLwqG72%87{Q*@H2C-DiE=m05gJ zbjzKU7u}}-kaAX4$)x{IlI>~<+Nk5+Ibu3)=$i^IDWRq~*tTu1 zI~aOa)$tr2?M_}yqF1;l!v>E}JV=gh%U5fJ83P7q@HaVP`%>o74LKjyT3PW|oX}8w zgt5wKt|Mu`7!P|{<7vJg`dW3IoqE#*aXGB&8-G~SJW>p+d2;M$QZs8HH+W6vq!D1@K`E(#`0gFkJm)P!Np=*rSbWxvgV<-EQ zeyji{(IrDaa0G}IU)iY@&I@U{|0pv8@ee)cw-fsMJewhGk(E{Z+&j;0NUP`y9Tp=( z$K+VgHVpRLR4ISK?(Wzg37W&o4+vq+Fgz0_tQI zoI|ou+d!?xwUu3EpAL4UTnAn*w#f2uq<2Zfq2c3@TbJ?bu4Tt5CNjDcv@&k(TG4F% zXQ>|R8vyB_-yif@7vvOY?aKP@;>zj`+lcmSL?ajrg1z9GudS`6U+b-5&rzStHz*st z6kfDxIoAmo?D7q?&>+eB20D5^KE88hxpgT@MmDZ}fiJz{aiewZ$_V=xxMQ1XsF`C+ z+&kGJ6*{oC3>%xiuwQ7xe9#HNi2M|Y#byk(ml5KyGYo-<$f1w>>hXumAqHlneYKc? z{9M@`u^Fp*!5w3ENlXDVXOgXjuv|bR)5bLVaCXfa-8cHeO6c_)7O6fq2*uTWXbK24Kd3bMHcF!z5Z!{H~&j?;a+Ze zVC^^%kXtCcdd@)nmi9hmp%6wG!R zX8Q|bV;HqLw#Pf9Q5EkOf4{pZeP2WNpv5-IXPGnI|F)bYrNXD*vM#%-;!gfx456o; zt3WE&fEJ81DUzxrd{6`qYXtMd2V>fM3ZP5*_*#;ps*P?#;O5G%jUPwdDs*jg|CXjH z%ww(Um@W=d!V7dEJb}KA-UhQX%iZm`>x(kH9C>auO(hmF38y4EYs-qpnesV?csRNW z^UNo?eJd-O3VGx+PMSy{b22?&vJMFR=J@mNHDW{PjaFM%BtN!^K|6b7Ys^(g=wQFH zSndSR9rCg<1#va_qB#ta4G4uZqA8Egs;Ju2t*}%>%hH3BSf=;Jg+X-Jibj?&w&@S479O0Rr%d@^E z{4HfDuU<=d?bEH~jj;2T3l&kKJ!x7qj3lNt~Zz3 zV<#^TnTcAgtmaY!Rc|TdbQ`0{4r; z!Xh^PsvQHbI#$Edl=}DmF=gNRWwtx5(Y+@SIR50Wd0`4}yw2nC9K!eUL82uln%Cd9 z0@UQSif>=_(_(AU7;1Q3qv*T;D#4>SE_gzI!oSM+&V^x-T21Z59ARVp<_ub3GQ}<( zmNVgV7=v7zobrcNJ^QG|E-c%J{(}q91SzZhQJ8>(^13hjpEzX|_!|x87p)%9&ybK; z*NY>y(>{OT?3w*=D;fN@^;T19n}^LiR7-i4UB2S(t~_3VpU1!_{3OS(ll2Gq?an#5 z>P>&}>$VSc{iIK`ItB{o8QI4#d62)Mq&a@j#V_l2Kg?KM-m*!GcIy80(d4p3!7y=8 zP(v}N>$0-Y+%WNa({9o={UYFCa%H+%?8!C{2&MkT3&?}5=zF39pT7F42 zgtbo5($Fxwou~cEW!4#nTOphG2c0_hO+>B>btP@qH=LNBF*Gp08`^Z^Vk<8npYBtG z!cArmrC-t*q%f<{XhTGBndPcF^l7%ZxVN);Wp{p;^_(@AhAMW*It!YJi*qEN$llLwC254OyR-CI32y z^OA`<&qkbuuIrlCkv^vxZ&l5@xpb@^2%49O?$fKp&hELhSByUUnc8wSFaeIZy0VsH zD@BA@pW6X#`H1=>96<=Dj(dj76YyB~%l_T;P)&*8@}x``&e+h{$85e&Wa zV0r#&Qpi$b#bUkydN65x-y9P)By5Y2Ojil*+CCT_!`Gzi4+%Cs=}(`B<-%yyZGL7w z8==P!Y4o(sEqid+-L1QUBfqPTz3%1;I^nf*b2QQvlm8-iiIeq)ClL}r``h9J{xSW@ zzZGYMi`P)+8DGOeu?hQxeznd;ZZq@3Z)dM1hP;d{3MyMVa{`GY`Y#{Lj!d707BUo1 zno|lHScdb%$s!a8c&&xk8|?TmX6e%%we#`B!L(N#NuIviLq6Tv{;XElrYavO_|#&g z0d~Rozc>>Q0mhPr|% z#vxfxz6?Y({gMH6_HDGbToZmXgsJ^Jp5M3ID>lAe*Mej_1lh8720!pc}?-%4_<=X~r`l=lQDTq#`c=)ATm_c_3Jnw!ejVL ze`^#qX@igI8-t{3j|)RzZzzP$Xc)5d>fu6N3%a(LyJckMvyt;9e6ipmRGQTJczz>; z7ty9$%#$|+3f*ErlQVRK^!7tawou{>-CS+LSC2Qo%K;q&$VfipTE)V}8$$7NONhMDwjrYpZxw%8a52Yl(9UYt8+`Tt;5mGP9g4u}26@4N<6urc$ND8YX~Z&^HbrrzxNexU@UkUWw=me*dgy99 zT+$M{Rl30xnAsW5PdZ2Ab6ojW&dzF&h-SX|+oZ%ds9&p(x&&t8(t8}vtNAD?hZ5VDyIXj2TdbP7u z(T6rYKrOMtHq=DB)Os5o$_yzs?9JrhnJCZh_A^HA&<;nj>G!pMTs3tl;e7DL_7ugo zna*4WP!(7 zP3Yj(2d`;yX$u+Fc$YmLtuj$B~oDF>_-_2Nrf6I+@o6P!z{6j2ny4~vQ zON5l9`F(|S=vTPgg zW4r#uF;!HZo9?)<{hIDlCKZY@rLE0G2u^W-UooY`J8;2Pc7@sh5g6!)wF4!-e{jx;Z>k{iLOpjFSR(2e$$xuor;m?ZIqoXuufz;#P5TO&-@Qs9m|fOjfsfV8jYxq#2dGFva@Rd~v(oB4WGLr%R8 zsrGuaA-mfNb0Q~cN*U;6I%=~nT8j0vec!y%E;S&|iZ;XaA#J z{+Err-}uS{`UdDIP|XBv!K*Yndv^5~?R&zxtdqn%Lo+UnOw^*zsxZZ9bZOqVi}n7Q zD-I4#C%R)d9391qmbS{r`Ayk;~tOlBX@%6 zKd*jG5RL^eug2o@iu*n$;JIP*q8r3WBeQ=Ct9z_|84lvw_<4$|go@LrF1Ld=Mp)Hk z@%NPwY8z%oyWR>uQ%2V;xiGQ$?e%_!NS9PoOFYK#aKXd=jOGgvvWSU39;wp4I>1)x$(oD{UpEUYf#m$E&2&yP0ZzPr7Nni zjj#AC`oPb7*$-a8*yBDA2jC@MTDC-2{h`!n?puGw=wisoD-VFj!Wv967mSKxf994P zC`vWH1Z6z;3SGPInO^(yO_D>i>{@4xgRoyQ#=KF{C!^^h&Z6dhkXvdOTPf>c1AIE` z>GpJ=O_Jn+2S%uh0d3>3B9_kKRAgK(mf{BJFahEsJ~m*yssaD{64&{F`>1nEETe4g ze!nn07Mu0g4GkS6{r`Ok+rBXO#*gBFd&ATY+8U^6M+H2uUwxA2H~f=uZtj%7K&yvm zUMFaQpu_xY%ug;ngH!x?lgFx7T!Y1?3oFP3O`fy>u2?g)Fta`F`Mts~N*}}F_{tNp zIZoC@2t&7%@K9}pswG}x_VVocn#hMoj**?ze{$65afs&D&t4jY6M8bfu0>dJl@MB= zF!Jvz*fVLxXuGxWw$8A2pOp#h+HQ&GPcSiD1Vvtw@NA4$3TtcEQ;52;ap5?Y_x0TB z2c|Eev?i~!qq|E(+}vWih=}w;71_h@m%nc^tPRUp)Q`;=Uu=cIB;H(ZhZq=e6`L{r z@LKxEyW9Qs#65%sRB)Yjq2bkpuLd%vz_u17v)A1GegLzBMFi?m{HfOBYP^jzT z1QTXp2X)7^0p|5sMH*1eI%fFjs*Q64r#ujw%e;sL$3aqw-FQv9AD@*O3HsNYeyFeT z*M0n~mG(f>e{&;SqlmS-v<*0@;B(kd}xCYK+sdR|5~Q5pqij!=^t<}BOIZh^NfW<-(%MR z@oR8om)U5`U1ji*PiU`|O-(Lz3;iYIWN<*O9_+n5(Djhj0_eoS$0} zaSUwjaL@<*WtVNjTYP=&$~b#{v1Aixf#cHsaoHVnSgmuiaI7uq!kmxSFnsX?)3oFk z@jcUBbMR_jPa$!l2i4ebSmD2-zHd~c;8SIVAESoQB5c%1LxcwU*p&S0Mzzl5u^Y%6tUa6R$jjuGPJQg<3 z9rqD%U1aP_Mz8y^aq;vO%Fm4Nhaxb&uTx}wXZy9sj>!@qd?fu-Z8Qu2Mj!o#t@8Yx zSbXihv2#&bkt3E%jP0NXKksj(@*5e_j^1gBv#OVEjKJ`P3QRp=^CaYaf`7)RPP!kY zg;hhpHCw?HVo(r=<4Sdq4$gudohhl@XT9Qd)3dmM?WYC7@E11 z^c0G^I^sTr*LS-wG+M@N_chExLpT0PRnWcHe+BJf>hV_|fcD5y6DtHmp9DuMM@73X z>PeJtzinpP-nKvq3ThD*if4d!R)gui}Kcgp9ySR+e3ZTAxU?Q?=vu68Y0Y;lem zPQ`3+;i3D-=L{(e3=7!ntb_b2mytWYchX_Ybs9yKf2wmBDUTQ%Z<@S1)lLAbq^4)w z$UwO{fTlh?E_Kuz(Xo6?-xhNZh%Fc|0+E^b!ymjxdD~GrJX=Coa*Kkd>&cb3;ELsC z0XdingjQQ`D7Ly7UwY3U&(yvd5LvJ2^W1gv{79i%G`eE zuUbuFIR1A_)02D<;4y&-Yw7~L*7Krz4}aY==EBf%hTStd_)_6a&8iI>spkoT_g1lU>mJKXeB!#acB8^?x7Y}9i}&tZvHn8Q-Z(E) zJH;@u>s3?dI2E1*S~G__W5wLK&4wz>F1MSNK@j-sXdTOi>@168AoNX(+IoeG2Fkyi zAt{{NrTl9sq@oX1mGsL~RS84zEfxⅈLLPkKwl7sp`&J)zQt9f;50#8_l&Rp@~o7scE*u<@Ud$N5d`pso7-ibQ(bzNsh zMmDe`>|Ie^#~Ap9IrO?V7ly(D8Glk`hvl1<(RfG54s))%t*>1QQ5)9b2T5;Jnd%rO!0rc_=xQpXRBqYH(*UDXADIc59x zhBRhn#TtW+E;0kcS5bNNMLHsfBR$c^L9Q2dE5>~PAik;y%vG{VeE7#y2k9%VP`LU3 z{7*CHa9lX#u08{Ed7FoGu7%IL$cFW_X(ZIpT#HHagqRorwF$2sB=tHp7x2EHK1-B% zC782>E)y~L8>NtkMkrtJwC@dTHb7Yzm~*;he7mYb9F>V>4z|Be;x&>pcI%9|5F%DX z+v)d**}5O5+P8Ytvxqf0YT+B6tRPi|wiayJmv-La{}pTU>4c&Lv$q=_&arys|9Zs{ z)@IL}`~+g?;O(%pyS}`MYPTJwNVmDs($h2ZSRk}|i}VfGcb{*w?LBMV%d|Etu#NJo z+QCuumt&8Gso8ThZQTHsDpPzNc3v0snxsSE$j>^Aemi--OUJgmQ2K4_GKyrAoz7aN zQ$%vQTDTEUfubXxC;QgwlP=ueSX0uT!wzGKX?{&?wZpn|_MQhyd{)NkOt-D*+OFVT z4(+78X$(5n-Yf6N+b1tVR~&X3&WIUth0xiScEjqoI!ee{tfw^$6J|Bqrrd}L4)Y@Z z-3ebtTTJYmOrRB-(+++6JM(1OwB8W3K|>M(Z#ICcIGj=tSlI=8(aa3JWabk7E!CqWZ(C z;Pgg1qdK@k$vO|hKTEcLRX0~lt~@WpR1@4WnSuIp*0%M`F55+^Sf&ld#1J}_E{M}Y zf_i$-SOXsJ*m1vYb!~UQP_l*dGk%-ABZw#T3dlx3v-9>;!3U^VG#ZCK`)Tt@FLAus z1fJl4>p2^}=oaB}Atg__CH2Hg$-3%bhmxxPs62VvlW2LY29%Tm3SFeubY_+;s-qix>}2A&6%S`n>FBst3{B3 zs%;FRnD5*6kV>vg!mfX@=|r(;C$LB8=#GFPYw~9z2eU;07(IQv9du=hy?rwbo>z$p%JPA@)v0L+%+d{)zZv{BdYzfkh^<0OV3 zm1@yV@TItedYOe923dE9d$OI$CYjjxG)dl}isEbS0^T)7L*t-aNDY-v_`ZYgiedxpykSy`$ zS(Sb6?42J4CPst1a-sY66vs)yP<*{^|6(`kAX<|(E;WtWpIlh&P-PuhWbM~{R;=0! z#xQgc3}qQb@Z1sRT{z$aeQ_NBm>NAkzuYtTcH{n&B{$D*2s`AkCQ35%ZYcf}D!?I9 zvVeXCUZ9r@+$OREI&qs@P*Atc{cM5svbmJRFX5|uCWXU00jKNJf0P6M7p^?}>CE(r zd5lxPGN^!|-R-A2CcbNPOfnO-Q-`aIWVURf3x$mCe?mpV5OQE{6X%x!WZ(?{B0&y( zd8OyjM!6@m=x8|zG}lIK2~3~T(afz+VsC4xhl_q{q)I9y(fs3%E*S|v#ab8PWtklfSTtGP?hJI_i5 zMp?o{nk+LC(gW0$n2QWdbT2)V#Z*t}#~jDifqts;Sk)`%tF|GxmLa0gde%N~YS*vw z$WTH99okl_)VRE=YK1h~o=eruF?Tx?NonkO+5Y)Di%nT6K}+?h<=!|nlJmgo%;R7y zb4W}8nKS{QvP0TbR&NfEupV^vRKm$rv=v2u z#Fxy0+|MG#T38l`wezTo*^X)tqXOPf5;f5fRJEMISbl7!M{2+i8-kGC!aCXa4=HK1 zc&O@!(37cjUdE#dQw3=;GBh+)aT?1~RWTT>j>$<2bZ^~MCb1Pp0=2!fZfTuoikFeu z-wb{e(XOY|6jL_rloUYX8>w_pZCC5KEna(9_?{_vc1!2!)2EMGPTl4c6Eg}V56g^{ zK1nU$;k_f~Vq%iGqr$lm-BEJZ$5L&dE&{#jurg7n;#nv2bW>fgC7utPWlQ{k_h1c- z%&dSIc#Bv?o(VXc?P^+b>;!GT`b6+0)}u=4uMX51eCrY7Ry{mTSM5ZOOfAQj>3cqE zxh^f@4VDfJd6EYv23$&I{b-xSU>JWx*FfXEl1hso)c(=kM@lMitH7m~*1%QjY6v%z zq2=Z4+@NynkbSnJEro78R78R%C6j?@nb&s*Ze!pQ$8(_o997J7|7Xd|=oi_~Jw7(Y zXS^f?tJ%pIufH=fO89ez0g(2gdY3do`kjpt82Cm{U6PQ`Oa3~$mm`(63eKa|+mg8` zlsOz+GT2TWwA(ExsdCj0dD_npHqV4w3?8jiP!1IqczF3~QVv~HDUwd)!vV|+?vJkKt> zpl|HslV}91GpF4l8d>7xf3!3g)YKRkndRmy>6MQ_7YfNIXnAkl>Luv8zYOzi$SbR7 zSoFfwfBE_Ir>~Wq`}8Bt6bW4-YBMs;d&-i-^T7Fp!Mo;a*yvT~(Q^6PeNwxnMRw*l zg&)n$+RvXz8i@TuDjAtzHljz!RTkrlT;&qv&_nYD~EOjpLXC{WPEq(oSTG!kx>p%Us_~Y zZ)#TUGE{M1Zt!idH5M`P5Z-Z=9k8PYjWj7wJ&7avLzV%iUSk398@`jcpcz$FRW&s= zJzrm>mfWGo_>0Z1y~$S>wx)$C1K(BgaEK@Pd_nWNP}o(+y+?||CAAVytr>1e8wbL; zOok>lgsWD`LvJI(n*}Ma5LcM2`_pgu>g4C=A8Wb%&p)wANd>^6M5=w&&ZAp9Afi2) z*42Jvz&^s_$nSnw@w5VY#33}VT}j1krj$dW`puo>BnkJYKZi6^r3?ic)>7gFw-Y0; z%MJuF-i|)E6Ig`fwpxl$#y|331{#++sAJ~&xr=`r6%n%8SD|e;a!TKWLR>x1(tQ3N za6{$qi8e<`Y7)_hYA3*F{`A&^qNYnEl&(vrFU5YuI zGffdL+8f5T#2WvKzOg%FK`+*_Hl-*M@Y-YRYxL>l6CXDhUy?jJG$8=X=FK1j+G8P5 z;1a9FIXszds{LqYI{(8SpOHv4%pqRza9e;A*R`yDLGH^+@*rU{cdPHs+q_eV~ipkE$UR}7((%y3tZyq@n^QmdEV9Vn*|cVtq(vi>Iw zUk@(e`V<5GA3UA05O)lbO{G|VZ&rL}7(dU==bPG{BGJ%@SJToO>=L*9j2b^#sbw^Z zaMsm(`aVZHO5-79`KKTcFLzII>gXMzBN&fHnhN8k%p>d)V8ll&t(qY@3{ju|gZGP0*2R z^j3r#$8**a(fdXf&n;Qk-CH6g6_)~y+1B0Nr=5PNi}?Tis+=qUETZcAn*uJ-m>uM{ zbe-p_PRq{90K#?RZRBW`BX}6jNK-a~~xVB3$&ccTBAek;^2qztMLp{s0WnnG$q6pSOvDQCT zR5UbQj8q!O{EY8n74hu+bec7A^6RmY3P+V!5m9@*k|=roZf5MlW_8>p>(~Yz1_gV5c_*%PpwnO2`tG?Q#v+E@>!Vhk+`@79$~oVt8RCRC=SOXhWuaC zD?}nqu~_<{szO7!kr0cM$Mq<}#_i#i9p&^P7X+`=y)s~KTp^K+OyWNm&YnF>&+_ZY zQL>AqGMQp!paYay;_TRqejBNp8AEu-!#l|7u#T#&4ke?6qu=yAyZARNZ8x71 zoPsIhKfxKyE0BKAuXq221dB`JvlR2E*4EJV%J8i&a5ylKKjQsam6|x~=^Sj}{Gp(rAaZuvesAyh_+Q3+<&#S*J^`|<0Icfm_~Ik2 z|CWv_VjmtQNPC-uW`yF{o(zx7f3fL^PZC*l;@h8Br&3HJTgmMArias^mO(TI|avr1YydsYH4b)iu=-rMFY=Kkq_mPyz_&-aWL8 zF$8QGvB4~hxxy8A;a`o)(%XLV7OJC>R?}u#%E@h3yrL z;587XJR)Bf7VOdjkA8UO_Fv?X=HWhxI0S{P>e)cw+veKyv=2@oGyl8<_%?KZo2Q{^ z$6&zu^)W(zW5ls1Y9Un|N9;k9dp#L@wB$#>0si(}p|TA1(aq!3wWU6}c#P`dQJ=h} zp{@&OerBcuo0P|AdHe%9#bmMK{z1NE19O9c&yZth(g6`$CD-%t@;aAF(lzM-6;MUH zF4+vTtFEPgA<(24JNREeEvUbn4N!(HVsY_T97YGb!Xn=3My1IBhxxreoxE89FOF`S z>S@-TSgP11@^EBVWj>uA$Z@8HE{`dtR@9079HWum*o<-*iga!tN2>r{55Wy5Kj+ca z>x>v5c?_v`8rHiYx23}O>(^yIvPbsL@^DsXp;)_9zvT+Z(+IdjByOz0@Kx7QGP&mp zRRx!}_TCAtvY+u?!POd`Qn>*5Lpv-&-XHe1K`O(;!w%Rp@<6o&S67N;f4zmdc_BTk znB7csgej@%T>Z{QKOwqbF|`~r00&!fk>Wn_0FSW&SN#Yjtvy~bms%h-Q81!PpMfct1{RsN0M^> z*+1(sX`oC6O)oJrG7|QQMh=@fRblVS?FU*fB?;NapT2Oz32Gnx<;$155!VD2?kK-EWS_$e)!--{Unoq#`}yp@7FmAtc7 zvH!I;rKYWoK#Hj9X=z2ic=5sm=Yv;`_9Wtp0M%%}vPbVr?D8QD*P-`z*z>ef>rBo6 zY?Gz=+D5e&5AXaeU8OxNoi}4-np-M-cUg3%-7hvZ)fs964U3H2IlJKevsC`P9L3xf zy@UG4th#UVN!CEVaL35;j4QKv$GNZ)=mW2kk*cn~Y$i?YCqe5%e%|}3Qc%5ItyGWS zPAA|w1G^)7!4voUb2lfz6UP)qpAIYv(KQi-j^sd#h04z?J>ph;gUwLK0lwUDmlR?3 zSEuRAkzX$N)p@yYua28VS9-5Mt>50MGu_#Ky3HNyHrQt)4lfi^uKv{h;t>=aKI_Dhy`^VvzNB2TXaK$Gg^maM>=m;g>||yUdiEB} zp=90?$p+oj6knWA{xW10s7N_jVi$S#%Pu0>I})3HL{DR?y?uDn*_c#+6}Iy+$HF@p z=e@%Cqou{nLhsemU{UfaWgIqA3&~A8!1SBeJ0v!ziz+cQCj#T{6Vwb1yHKoaL%tAJ zVlJ>>RsMr~=wrin=hyuPWucmFKxKk`3G6v2O#bZyk;+7k0*hnk9T=0W5cOVr3|Du!l3?lkj=z5E zAJ|%BsPC^}EBonTeNm_H_C^Uuy7BQ@s&c#Z7^uNrWu+J<7mCP`F)guaX)aLJ2!0UA z?1HQt+Nj7ho6@k66s;!&EF~}#o7%AGS3KPo`9Gsw=eW#^Al)qR41G|(>x2nmxFQ!j zcPb8uCI$u!=z-uvKUXX6E}OKs4zQ>L;vHhZF?$KnN@-xjkq$@pdxIBCH?D%6>alPm zyQUFC;}I+u`V9V)@@ z6H%G_tGf|^%WV&pjAsQFHH3~ilgZLsmjatoweV=essSbnS*UDi7+>;oT>XmK!5b-? z=7n$lbq)v2`l8QTWq=hLD=#mPjf=~6pJ`r9@WSP#g1j8&+T%<&<{V9{o+n%ZDHrLr zo)PB;PV5X~71nN?-gK16Jd)D)_YlMLuc2 zmI|4VAOQS@wGn*_oX~4yYr8ZZo{d6D!*=Hqe7Cn-V(VnI!kBYC+3uNHJbeZ7U-)3@ zyL$F;r(r@QdCtBmE+!@`!OGtfgI;@y3tVD6v>TZ-N;pCudbp^AyPkUi=c9QigkfMV z0Z@RkF-D%A)i~cx=s1*AVrcNGB%?{Y0+3L6F^}P5B!Ocov=e=AJ!iGzPj8azKv$K>*eIu`u%PkAA~;I!xJ&m2)+^dRr1rQTEF zB^nd8SGhTy8Z_n7pW8K>MJ*!GwTiI4tumyDI+QS=iop54iVxVV4uGm~ z8ZzSGhagHpc{I!@;i_QhCWFI@m-;pWEv}Sg(t7kcTwU@OgJ1SJF=>I(5lX*|@Q6dBnYP{D)*=wf zRU<27x`%Dki%1hN1=6_8quw1kF3Kd@(8T01)P(cd1a5q9K0In0uR?kDyInEok%f0H zlnfsMX?y6AfuW)QPYKB!5bMREdwEZiMC_xn*(uS$&fObqV+f0-q2g*}>`XLz*E#Nf zt!dz=e${X?DTN<3DGgVb;&{(0Zd6jgap7<;;e>&%8+>EavKski=EbkITYTngY2*#O zN)i8DY;0m;eqDfjXj&kF-6-KGiO}4;zW3hi_G-gY!bpX6#S4gb zDu;&p#vt6c%OXjp*m#0JKr;rD_!z31`=wtCq)BYpEG(`U(&E@fEE)Hz!PN^Az*hch zQIzlp!|xVGs^IgTY1yYJek}yOBV)mGlIl%9xH8L*9l`Q$&9J&wB4h7O;l0LkyetFT z2twapY=!0y!1rwGNu8MO7*<hC~+05#H5orPN!~v?Rsb+4TvWlh*A$OZ`JiJIn#yP(t{(K`)wQHOvmIXND z9Gfk|j6V30YD(^UI=tdZ_2}PnQ8h92XM=NiU%wszcix1n+v|19QB(jAizhBV-q=Dd z$l5P~=lP*P<>W31y32t#0cPnrpJ+?i#Ruem{~2mvLaxQmovd1hDBNH3xblv}g=2a~q`Y8qQXVO}Zn_a=W}FU(si zlzCABxL08#>U!VXOLq$SvsGCD(>~~r_(l*K<3Tih0nUP5EDH?;*t@F_6G#qBayJYM zJI{_lUO_{Q8Ks5iw~By@2(CYo!s7W)XB*i5j83E;19d{~AO#O6YwCSWd@- znzG;UFgBYj+bRFK_6L_lzc_&Gj!fnclprO<%wIJZiujeHD`88@zkN@FP*R~PJ|*kW z&&$N(C>VSA{XZ6X0!Spwzc)+dp>3;$;~+0%Q^gW zsPE;w>Yf6FCKe<@q?v13;pvk}Ag^kE)J;_t2DH5iy$S<9-@1h%zH7q#{S8>s&T5AG z-@>i`$y(`{>SY2um`yE|V+Mg(kWKo7W7`<}T#r|sj@ zaX%4VSQv{(UotQ>%CG#6)cK3@-KA=|Gq>8G>nkX{1gLKhz>W^XnQu5C$&Ty;Gl9sa z=-NwZb*o5SrBhL@Q+Y01wQzXB08g!97G`v;(s4oyaL=i+`o&9BCscupS0KSY30SBv zK=jQfR>aS#3fD=h>$I@PdfR7B^Zciu~@_Zv!R~lpS)q% zjaFJIiVEJ;;@r0fj~@oovl;=$5U^-Rnu_N2qrV(N)1|dtO(7JgcU2j@iKC3XD`gK~Lub5bpKFa=-GJ{Q3`7QfVBhj7QU@wz&Ex zDWLHYyyL681ZnJJLE*u7!cibi6J$!IX z|GfA_YMH0aA|C)s;p&a=HL#6lKAK$-oiHQvogeEzpq?Fy=*DtYEl)IILZ07=FDb!Av4GWXKw(bsG zn|(+2o|cBMa>#XtP^`^ScLV3CbWt@iF##gYA)p-_N<+QF=sn&{>!diPu<-Ekg->?o z0D|0(nYi972&4lHEsb(s9vr-l44(lTe<;}~*WqZ~s2;1UT_zu9L+R1@KaTQtvoiM#zGcch-HsfCeuhE%o_LW$r2a_`&7h_#i`I+Y7@ zZc*fIz@tt{ae_+zX_jXDsx$O2P{A2f7wDdA>AQ>eoh}Qt2@e}Ai0jzyQM|xg%h>oK zM9)MwU#8BBKq8Ihi#d-jpdc8mA=u&x)Wj|X>A9HMLf*+EZy;JK{YWm4>WsRXQ+erE?Op*dba$(x5`x#NKiKF9 zi;4mRp&a04+5@>W7Qv^lm7{JHE!dIU&JDJ8cMndGH}V+RWeWuwekoY_ufHiT7b@b1 zt2$0Jq$I3UG!ipt#7C;x-cP@g=ap)xM@$?c%OI4Si3%_Zta zAnKE#GgN4h`sCqBDziR}>Ep?NqXC!^o3Fstw>i@@GXUUt^j_B$YG)$c;}xTMNEBdE z9)JAx{oHRWK-Dox+*JE+r>D%o`sIBA5oqBm7x#E>wR1KQ;+g!F5Sst}CV+;22}o4p z0ik{n^mx$v6#bk<3iwrsr)?!w0Ul#Ds>}VKNsu&z;{0J(7){ zf!NqsE^%@2sZ*x_yrdd=JtYW$pO`~30uJ~7qt~|q^B3TQjyp%KB)tK4rskO;T&OmK z=JVMK6Dn4E^bQS;<}vD;QJ?((WDsgI|L+h*>aYGk^6T4bYBug>G@!P_!oobZ7If$E zcsPIyVX;`Fgg2+Ju(HBqW3OZbi3w3r!*}oAQRBU!=hP^IM$4zRwsvnexn!#m9A0Hl z(wZ}jUos9i9*#ESxyNhq+@$ty6SR5>8|yc^#@yxA;b%3ONXE0sPp}?qIgWr~&IS}y z-ZoCW33Pr;A3QV|;QH;*zcF$!K;VG*3X}MJ%`sxZ&TyVBHjB%OuOl+wdQ^%Gv1m#10}NN;dE^dGRY0k1H&doHx>@KuOIiA)Mce{|<; zr)`LMdKO@gSO@dG4;?sM_APDG1Cj!S4xi4=&K{*2X$I~1Yk80RY!8@|9~>=@)^jWW zI&%bNMt7zAUxTfhjIeHvm@D@um2Q?up58bpxj$U3+cJ;N=pC0@#Kbd`#dtkhPcI4>J--nCTba+FWE> z9O>Zydkis)_WxZf+{(GRxO%?S4mn`nWL+6AiuuwLELu@u8kuSR;!0d=VL?2ftY!6= zM@m&%w>~h<`)l%j09TY8gj4Jb58vLX-`Ap!P9$N>u<}2U9BP7q!TDr&p6p9h4^c2h^W0(6LP2k=}a zv3#;(x2-d#eniP=rx#lmY|i5{FQgxYV&{&g|M@I6BnXNbDR*Xtt{-}}c@AOAcRge_ z^Nj11oD*CIgJwN6St0RS`|I{VE}qU8xQ;5L+GV^zT-N0C8*Nku+xQ6gVqt$%af^s% zTp+@TPmHKHkY+AMovfb z-uspQhq#lJ;ktea-q!L9UrEf5AD@=@d?YV_^2#Gkr7PdZ?~^#xC(L=OI+tM(feQ0) zV|`A#{X!7Ut}1hPd8Jkvy^9|WAML={suM}CZVPuxLgFPWtib4xiMF-rwrlUNm-F`)pU+&v1!RtH9f`Z8Iygi`bnPU$|kg`UOL&-9fV}Ed@rtuZRTlmawt2 zj63(*tsJf0O1|9Xuiy3(bl5JpgZ7mj_eowU)DA{HdUQWv6D#50G*+|vlKoH8Su`tu zw)h-j?~m*7p;NLckQt(llRIb1WSGR8QqR?}M?UagAx0T7H+L9p&Uej3ff=IMozaj= zKS%#Jwco?7r<2v&rxVS{=C|G_ynXvUC-70Nfn}uwmd8bk68)USbf zAe}BR1^TIId1dchSqU^S-wl<+Zj1iz&~Ea`p67Y-H>@CZU;IpqYZmXcx_+pl8RqBO zz%hs0C!*zwfv_uflReJT{gOr0LE?&MaJN7DpUX)MaI4Q4Ys@spS$Md^)k;g|a$^fsnG|5S0 zyg(ue>SASIJUU}NojHckKPgJBZ)y_iy|IB)1DhNWjr`z`c;NtX|_#@O9W$ zZ+hrLf!ky-Z8P8%Gg>#le+RfCb>GI?<9KJfLB#j$hYMq^9Ip|*=LO!s#etSD%J^=* zefxIs$B*?{dU2ITs~fGg_e4vae(J6xRM<;hH8A6Qmr zh)6}Suv7L^g?UzdD2Jq(cr%xG0Mf~2Z(PCyq=%LKcZO}(zn(}|coDeUVKx2TH8plr zVC_vDFSuD+6zJst;^+07D&%`@F^Q})il7e}*&5|YyT0pdVfEXq3_7j$ zCvpw)ov9Tp`B5%w24(^7-l=nMw4Z>B$a<}g{c4dTUjmX8ux?x6rlB%H0OR!DUqM*o zP(Fh88?o2KoX{ytN{`IfJFLFHVY1xXy^vh*Sx2;dHM4B7^ByXIGA$C$W9F-KVyiGJ zi885pj@>r=J#)LDzZ@u@=6i^>lYG3dHe;rl#H#4UZeV|q=C}IJHDEItD@!`q#6+Pf zhs1RPyhMpYK7LmlTH)1BiaTwd(j6@~B6#+Vimen#)fY!m7%A$6h;3q#l?} zcpU=9T|I)_J7zlZ>Ay z-F1o55nBWxzyOwdSpc=BK*ua40V&mhQm6$9qwy*~(cq~;z4H&=k5`(R**q10TT(|kPaH6i`_n!NU z)fJcgwzCgU-2Ic#epp{>*PF>ToN1H2-j~gr>FA!UHlv@T@vZ^3|9`Rfo)1lKOW&~j zxYcbzL?lQ~BM4Y1B2tuILZo*PrGy$Qpfm*mAvEa_AoP|5Hof;=0@5MW&`Buo zx&r$?&pFQ@@ID`IKHv^JS6Q=W&HUy!vt~^#>;S7RjahI@jKpls%qOu=wS->?gSlGh zIgoBV0iPOH4|4Dk8ejuM@cC)hNtoSXU4!9yWU<5OCn;f-aV)soFQc6<9c8{=>E5^}pRG=B@p|s|1r7LPeGs0i@Iv={QS{m+ktEc7ZK^c}Zjc@udxe2l|FS~Z-R8mV zn>TN^XTq=zgyn17f5V)2h4w&opgqa z5AE%%Lv3dqD70he(M(SjEX{Fj)XFn|kw{{7>br_zZR){*x$VJV$o>Po+^~`xQ_WEq z00Hq_n|HfK?PHAd%p6?nVj^!~!vf((3%PJ;a zzM>vdb9$g4Ae@Wy#FFbek>0Ls*J+?+(54VJUpyUc(aWQib)_e>|I%O2zei9i(zSEr z6v8s)r_;`i-sIWduG-xsFiPRKf<%k$_OK9<;u$f1LCU5H_!B}#m1&dh*jiyn4;pBQ%vb&yBH$itHdsrl zN|a4CFY)%piG~((1q4cxQz{TKk{)pY7!SM7Wmv|*UcNjJxv!=O39k5ci2{P~R5J=? zB7&Q^0Gb8+_3C@vRN8NGF1t+Wtd{a+K;osqmchEI-Yd#IicIX3wI$u&Ug*iOf1Ib* z0L2cAy7v9?Vq|i)BoFWLt?_>z>rYfV6bp z-Mayc1Z*t;Fdr(&ckl zmTWiZhezG)W8u&nt2}P*biolT?84Y|ZOkPub{GE2kx%Zo z!vzGuIcQ%q3I@_LF%TB|w@Jxv79Ol(gSl3bk1239^N2fa7VTo3HJI52%~kYXmmedo z#_Z!>zT%B?TP)@P6{v=F->$w;Q@c3Vi}7s*{n{J16S7NqkC)iwI?m^|ek4k3*0FQ)oFo(&i;n5E+yPT9-F8JkxA07ZX~Dv4xfXeIWzH$-C=V|J5Cb_O%iv#r>j_y#|^t+nWCk8JbY<8T^{)KGim6fC|3fY)BFCd3w zt6j{6U!pAtCWCJo}ra#v#&%FKGB-3@d06);eQrvZOk#&UJQ&@UA zM$FMN9bP8sx-qYPUnA^>RWE40JkwEZwL=O-`T%xGrZynzWwbU>vVArQG27xv+V(gZ zgGlG$?H5|50{UN*Tqz41A&BuW97ax!73S^PMxV=qeWZ&gQGqu({Wv&xBRv&!bc$m% z_ZZP-(;3)J5&KU1FqvG_RP0S?0>0ssg0Rm(jyR-y{U&ozcuaGEkI&+u19}`qm4&`H za(`{B^*dH(HA75xdq!)vA!r6kS>+ommkU}1O_cnB-rbA#B+t$eu+D4q{Q`j8JSQU~ zll^+M0-PG`3Izd>hvSGw7&^>pkjh9nG7(K0b~769>QwUOrB$@(oB&ye@$xdMb1yU) z2nEBy)Xy>K77X%3_J6J?-Jh1jFEFUv%5eITQt}2t{so znGcu35@^yx)OSGp%j1{pxX}Hp4ESZO$dTkH?n@JPRQJ5yt@cLqUoP5~oa_+i^sZ#B z1-n$0ilo5OMc3Q<9z4|8n#EmO+u7Qpu!h87cp!+#2QsaY3H=coDhrTeoLOr$-|OFh zPqbFaR(+-C8bgijXbim_@wk(w5fzQvo=xU+X_)v4`j@8Px$|W#Zmcf{hMnm~n}J}1 zx07Fn=xv`4&^<yG)d)#eJrgRC&79mo#2$219PIOxicb*agPl-Im7{ z$zinaI~1B1*S3)QxOfu@s26|n+BD)Cd^>Cw3ZKLj?ID%?O*h?igxEuoTQOS=ajB$W zfim4*O-Pclbj!vzp%KsKpwgXpWJ6F)mc8HF;ve)jz+bKPM`jEkhigE@xhTy{-+1qN zMo?Dt70`1s1_lO+uAqUgpM3DG>Uds%AN$i&Rq1RIY|IP8_F6?xcs|yAFR+%M&}GcyzEG^?+1+nX=-ptbfufXH*#n5y7OQ7JEJKpnYba=EIpZrb<4r0d_Tg4SAkp1;8^ zkG&HDJRQc?x3yUnYD<|`F%rBjGb#*A61#}YPHpcUJ$Rt;FyB$`F-=X)Q-VrW%>SzK zW4ci0vbKjX8<@~)$H?Uo%bw)*mAc)~$=iCP*kJae^MN+X$ETb9xnHo9E~^w}BqpKg z(aJ?w0H!~Q@XfZdFWYE*tZeUoPvmN4$__;^io>dxJAxf-Jn#=XX%vqrHzQ?WkN`;j z2nK$v0FvoLf;nd~*LxhdPzWt#86Q5$L6F8St=IfSkk@++D>yn0hgTA_e<|8uEU>vy zO(?1HQb)(V{8y&+DnfU1(TR@k3$0{;)XrGL%peBd;aKmic@=#{pL}k3%Cu!iuyk|$ zZTvhJ{EO-5&v$rL__{*f6?0;^mY%L}X1nxdrU`|sDeK!ccU1FD?{3D8pB1kjFj0tm zHMw%>UMzCHShY;leP)>N)!*-aOhZ$n;`X1~*ro!!RW-32Z3J9lHi$&DzyU6h6PBS9c%ASYs@QzP1_3qEMdNS-Yi3{77jR!nOL*qWueVD^x+S+bKve6D9;Vbo#PZ0P2 zB=PGN*w1R4?OqwkpF1Z-=}!zlIK^$^=|Pg1zYXk(>N5#@Pg<^|wP9}J|D+jASmwNo zE+TtHH8fWDPA{M>}#(-uoc)e}>SZf9cmybw!L z`(Flau{@n9>SAU(0J-nDVQ=cI?Fsq4H^Nid3CkVUexS3!$C(oK!lIQ1u6R)J+KGZp z!4ZptW%)4l_}R;suxBn`QkLA7wmvo59dCDC1$pH5{diD8dT!Wtv>F&&4G zx$I6E90`!Wz)@3m@&f2HG>WhFw>*%G@bZG|x?veZC zbqtcVcjPt9x-aYMdK~vKCL`4rF`K6MdbIk54uk#fx`?q8H7L4r=OAK8@nXp=lk}o3 zOB;LDLRfy|*(j_?SmO$~Kh-Dt`|poqKaB$Xfjdiyv{pnP^ncgr=#1 zMODdcfQFZ_mMB%mt&yq2+NT9FFNcJo(^Z6xGTPegDI)lMTufklhtk*W|)efoG=|Aw^l z)C-RtT&QyNtk_I!pXpr2_;t?S)?LxD60QFi@AvjL=TZv3FHUi=XstsbSBzSo$}DiG zCy&5EE3%-sxB$pQ?@nsvmyAxX%MV<{c1*8ayEX>aYoJk}xa3{ja)lOvSUnt&DR^jf zSQ#KR{{e7SC&z1Ry~k_R%UJZCu>4Y1xxb#zE#`G9*^_Qc`N!-`aPWEVY^B>$=icA{ zU}1NCIL(W@674cId*fF=xu1rY1%Px?t*)&<2&hE#J+~**?Wiy6|M~EOpwUY2+Ooav z)}QxAgC z{ul3gx-W_&HQ+p(mwC6j{h*CF1If^(51$-vtZ@9@B+%;DjtTs_2^N22b_7r|&i$Y9 zUkS?%yD#dqYuOl8lNAG{c1CHtCF!9{nNJ{HwYBbad?=DBFX0@CXsLKG$0dG}>^q z;&V3eqFVWu>gih9*Psw}o!CuB2L-7nCN_+Ppxxv_UjP&6Pk;da3hE(&0zIJHbsD;J zR%&P2yfaCWo+AMq3_IyZbbN*r@Z`oxi1+wI^gzYY+j)6v1wH|hI!X!1-oto8q zYFF{;Bp=vq@e}M^d>$nx#BdknTuz+z>!3-@o($EMrJQAr1FUF!lFgu2nJo-Z2Ij*L zG}86x5)%`%-M7DL6~B?Wc;h^2(QQe_dxI6kyC6_*PqYe~8OF;wEDYQ%AUI+BT<2^! z*`gEf>wDe^+I?XYC_y&A$WY)DtR!|vnI4jp`P2XO(+}SO?n=pzN#ItE-?sBS;1Alf zRcmJmZr**i*l37VO>oOOnI8gZ1DwmM;bLSlpWPnrCphReU90rLEv3jy5^fuQr2u}n z>Py7i#gsxE4sJ(jd)`YkL~6udZXUP#PIRs9iB+r^G`H*8|0$Q0nJ*mCK7iZ229Z-> z3!^{Gd5{NeDpNOk!$VQg{mS~KHKsC3*wGR=0S*$W>IMv^BJFmi*q}Tcx*C@L8Q?;atcW9fHh}Y~oF_jbCZkp>*=w3b_Jskf2Y*7f1}Y|TAh>QTANOwA|}%=$U~f_$^4pLC%7H&C8k*{?r$y6Rn&a{%yuLQcaj zVb6|PiGR`@-q~Iq*DNdHT-<4dTh36kiCrT9nMX5k(07>(K`i9Iu-`d3;=?B4+T{!E zq)zc0lbvbc;lU!hpqixg<;mImf*YV7rWF~({7wEG1}8GS<&2}Wh})B@8GGwIplM2h z|EHR?sexK?;b>Rl>=tQ%7v8Z=2F5o&w{**?zXPzbx^^|Euj~6{>N@&A`gpt=9MJ{e z4bC|;YP0zM#A2Y0+nP`1S@HA%XGjBMJwXinf8tuzHNaL?by;+dpD>GoS!7B&SE5z! zGzaHFY&G5W=s<8PM-^0NEO*)77+^dz=a)i|%qj72$3)7u6`?ewoe*^E6y$%sb=QN< zp|^Zi8}p*0EF7NqdtN<8OqMq1If2?jaDa{~X&AdCvowq!|7jGM!GAHV^_;#-XOfbC z+1`3f(QFdRGC>j&#`=^0)Y*ujRMq5~<}wOw$8xKi?#0MQM6vhsOBb*|W(;&0kqKOs z7)uCN4&W*18(S?Ax>(_R+j&~LDp*;P=`)W`)k%&>6{BhBeN_q}7#o|(3q9qCiq^R8kEQ1f6gyO(a+6U*LV_6{S6wTH7p&9=S8l<8q(6fs1%p z$f2kK337WP*dCniVwP3%^_)J9bEU#WHj92@@cA##2+INDi$z7d8{&pzRbTAamq)W5 zW;^ERY;jYw=kFIq!Uu2;%x3Szn*(i zon=bc0RT47*`ti?*MMwhsPQe}OITb1@;H8W=w>F4mHs%Y%&~qw!g@=r2HO>S(G?cL^W(*ocInpdc;4kGm;%2xr+M z=;Za|csAW=*gYMe@65y#y9w^GL%)HIz671)r?gI8!I_6)_zn7t7p3QTbmXL)CFBR& zu%kESC)8ihXqH8I5R5;{Yp{84(UB&Cm1Qj~ENaZ45j=!lI3UpFEkQ8Xw6oTkXHX10 z1|+f49Y9x+Os{5lfmiuqi>S|a-rnZnpY;kOre6;fbpV*HGn&c7; zXM=9S_i%>QU$;PDWYkg1UTcnSp5w_SGur}Ar8z8!~JkytIlxH_`6{H$9Y65sGDLIi-O;mkyN1x4s3;t&c96b1Dbc(q{R&8UG>iUzchsm=Vl&;)F|LCh zw7UILU^5`SX;ZNMrkjZ_`*rz;pWr|oKg#cqh_!4vqd8k$IWQYWt&cuJ)Tzaiy4xch znWZzJfFf+0gkGkX~)#ME#Vn6e09MnST9l*v36|ATY66xyuvKUKy>`|^J#`E zkZcNdw1Ff^^adRJ`MSoJs@t!i&w|3x!fQfFNtN#Jvfl{Lh%7~iM?0cQMmZiHteYUE$8j&E6-N}YnffO>miqN16=##oges`{%)L7;$x zx(nWXE!tzF|2BBn+GrksS+88djb&0vzL(lkIhC*e3u&wW{RoV1c`HA z+4J>#DRlK85b8`qmTEh5@O{7N!F4|jo0HZ&AROxFG{{LEwD;?|KZWgTt7o>negkHW zwDY#LW-<&O-Q5pKrHd9|4t14YaFiC1e+0knP!VD}%DHUDFKlZEJ;v@5_Vh;SPD4+Y zLFE{E&d$f6(yMv|U@TyB2SB2MJnbmrd9z{n9KC1VZVO8DsSZCS_hqJ%ZraKO7##!f z`2IH)LXF)IZ4@hn*McIThtUuqnRrh}UMQmw*oh!__Z*;_rRvkyWu;%duy?2Yu#*GZ zDdWpQB#N*1@j_nO%z0Qh9=c(y@IhSF zHUs7CO`9Vi09)^N4wLklYDjm-P`{pR`VZPtRIQ6AfoHWyt^tQXM(7fnPjt|lsuea| z(cchPZP}P4>q(zIryuwD6pxG6LRMud zgY(WdFQ4tu3Hwfeks1IGJ9`y{e>#|KIJeBVHMKr-3zn{Wbb=is5?Usx5>%Nxv=wR) z2{Y4G{B~{7zSgog4WPu?3VTpMO|4xKT}g=_Yv95_pq$$Uys2dxi+;^j+` z(6DCRn#z%`haOl1{{|mMeIJaw$);s@3N460X9o-IKx(WI(&F&}D^FGs8;z*lv~j)L zNYM}qcXGa)n@Y>e$qAKCT(-lnYp7EhkXWTdt7;Ar*?ZznP$E=x4lmSA!|SqfmvYuI z)iTDtL*Aa4np_QN0=m{fgk%_l)19TrH*ujQqls_85uR1310UV>$Se%_cOQ zSHI*v!ljv^2Wjk9KeLn#f;5iNMBVprYlwAxr*ps;JdDo*54r7|0|gcG(^j0H7+>Tn zci0Zo@H+A@t(L=_`fu9e7YabO6g3WZHa4Z(=G4zSn=)23X0Z%UJ;M2)6@9gT3COGD z8l*ca=)-xwC<&lhpP?@gr+=@*U%W0NxCdQS9Wkk{uC^cd7pYDbkZQJ;iw3fTeKQil z84rRaAPev`zW3iw8Na0Ns+1o2PY^CM zUSS&Dgyon0puFILE(BH{;t%5ghw=B267#DjeUF6giaZkkB&u;Tb=r^?1VSWR1d;53XB<>jA8it+_h zi$he#{~4{Yb>BHwai?^rC;;F9rl=;bv#h)n`Ti!hgXRqyWuLlcU$g^=u?6{o=M1!i zc4dh5ZcTvJ0am0XffE`+m+0ZD{R}45WY^f{mU2f+l(>iveg0QquhZu=faMNU z?vPc#5FVvIO<2y^nd{q{v6&m|feK2XdMbfIYFV(*0Z05!)?gS{3>b9Zyty>M@%Dc> zwi>T`TzOO@yjY=x|E*&W4R3OR(|x-}goR&2a`P2iehI)|21LKvz58$P>Bu)tV%L~e6MR3wJ;49tiS*tBCa!eJub@FcK?n1XxIr@)kfX&Tx zH?5w(m(+5hy_bE(O1V`*;zxV3hT^H($9CF6YpG}V) zC_ z-@6WXhA@8yg#y(>_usx9(7m&yZX27I4&Kz9?u&H!6gmfk-IgA>qTij{T}Qepfli7} zAmlwjf?>gc{bqwGD=1Ar#RxG8?;ac$p}YXpj~lmc0r&WNJrIV%6qL6SeV(dCok!2wA}koYf^88fVvjYLB@}=}F_-uZrA?=)6l?T93br=e$zcje46EME z48bt|Php<-G&1yALD`3LM6E*jb@UV}ho+cCUuhN}nfcv44>T8OFSIMWBx0*)>I@0{ zf5y~)>E5g9E%S;`K6PvI15bsv5|voRYrJS!IMeIF!d*MP0<4J3Ul>!s$Zp-RVFRXX zKoqf5P67mhsS`C!tGj-vLH>UnCD#I^nu7=u_V7tJZjOL>zl%4RUxMWeQZ!)N;k(vA zYjya|+hP$@{bmAKs;Qs&e(2e1ewTk72Pc`f66FWdZd{8iN)ZK_Ds>mQ&|`!}p_#_D z*@}p>qmvh_8fTfq9V-X6{Pw6 z!MA1N+_$)F&S8lCuI)6uPlSMlK!raKwT@&Kb1?T~lPDold9!b3hqvPNzWnAXj@-cY zT>-3R@qxU4Y6W%-$4XAWwu?-Ucd~X0i#~CDv)}BnC5~m(KYqIW1pDRjn!r|sM}uE4 zP^uX!CBja|J{bzUGEjpf^v69 zwhv13AI7gP*dfK)kn`$IJa_5gqqK%=|i$OY{n}epCp88Q+QuUa<+2YzcmCm0}&GtGGy@ zEf`NSNQYRr>~8(|4A!p^#65trH1YTYHv&5x-!u3=xpzExw$o^5i$u@C|JP^;{M*wT zaSoMUpdE@Vd7)mxIPaeCPrU`8KCk3GKzM3t3Cf&G4hpxe4oyy;7cD!RCd|NIAI&6+}B!Hk#fFzS#{-XNP`GD?G61O}+4y*dR$yT~PVEp!#J4|0op{!It+L zsA8xR)P!uWPS*mU%$WKZAp{iq`=%{IX#IwbnnZ}pFH2xo)nC`0I~=e6>S0Mv*XL*n zx0>zg7?2^w?W(|tVGBe^ zG~W*EV-_*KP<LPLOs&Y=aN|0p+o0BxLutJDB3mxWkOKVnc_$7q6PODBgmKz9W^Xt0V0&9mN2$fq%DR z(c4#kocE1rc9OfS6_?jCQCkF;PBeXy zA`7tP9^YUI1bq06Y9^@FgGW*h*-c}EMxH{y_n^FcrN7e>Bq||*0RAbl4gE|s5Wyv= zU-$xr;GYlh4qfxy!OjsuMX1IZtap4S<~!)w7X%2xXz9)4jeEyRIeoxFE@Km(`p@3q?`?`R?PlsU(GBJ+=2J$Q}G^2X=kZd*p z2xr7V_VnSx!5+(4B|tQlW?~?XIP&d(Ds!kG&CeW|CF+MOwEz3ze`NqH>;L0=uor`; z1Z2ipj!1eYetUT8oaJ9nG5_koc6{ells@<48Y|t8Ygd}RPJOuY*D0SF6$gKh^;M zdh`R?Wy4uX!VDvM)M2gfWToquF&QDN8nxu;3oSyF+G6r(Z83vYIKN33Sx6zcD86fH z`u?hrQIE2+hetWCzX2tp+#xdY?%3%tOJW`qgB4)u+x%vOgNv>odFuXA>QX8UyPujOSZH13dammyEL+=$S&Q2njUKi#mJZHB}Fud)Z#TKu2e=RZZyUuodfz29%C+#~d^3CGe83dT~KzCGH_x81!(z`OMt?ygKe+(R6} z&iHdnq=cE)=Gt19cjfV$GnfC)HShY_nrGU4+&8}?F{U>%hTHBsU_d(px~+Pw)_!Jt zt(Q631$%qTop+*22+_HN27E!>LYmanm`_K=3?-=_THH=)p&x(jUhS>NaYoYiRW;`mW7|uca*Dn!=aoL|Y?&ubzH$+RIR;C-# zU{_GutM@x+oA>JiSjFitx_2A$I6u7Gow*wXTLp(h#+*8HCP(Y^U&|r{e$nj9;!clI zg|@wujqgvLEY7T}d%C^7eFt7Tt(IYF(v5-3E!x`34|L+)HbM7U_`v4o9ul(zT9Jm_ zf18BF*e8CaSHtVjo78<99$o!Jz@_@L6l$e!gO+kKt4YcpyFD3$I)$FWclArs!RmtH zT@{CihZ`b4~uylJQC8`2Qjal)-ww@v-1ve)fd!?B*MlXc$- zi=Im(Wf+r2O_rWqlSa#RiEa7s-@lVRrth+fBD8?CFEYD6p`)W~m=Dv|&NY7Ve#b>U z-c=p1lH?Fnc0%g{BV+RJiLpG|K z`UNJY)DUzJQ_qDJaigWuT`{)}q}O_hqt%@-q>}fPXHY*S9fd*<;D@KA;J$u-T|tRl zj$;!Ru%g#5K-c;2ftW&KPimqwc`a*hNPa#2Tc1+Qee}X0vNz=KE1$iF+t%AyR-T3_ zY3FR+aoey?Qz=bP(?pN8x%u({+mZ|x0&(X1_^FdL-3x<-^z=+OdF^;j8h*YgezT2s zNDbnImp%{L;Z_~QfB)HQw@~6=;z4OC+xPta`)ViYG{fEeqVpS#G(=8tYo{10Bl^wZ zpCvv$J|0hdoVM-TulO^y?xaa+z!41IOQ2(C$FxfBH>^F_9a+c#g_3Sp5B8`_Sra@# zvCKAK3k{pAzHxe@8nnl&&k2dxX?Cc57kguOZIzevn^cVCrIl!A5zB8g9t%>hpQ@Hc z{gQHCX#aSE_Ia&RFYOAjuD(KP#3)G#wNiI&Y%AksclAm+cjN3(4&}xDKUXsKPIj#= zA=_5y(T+>Q9=^5dI(VfRPhll`t{JF@_mxS({$!D?EB(T8hnd`(| z=Zi|CgjLIIhfRyVPJIorx*;!=rrG`b(XM*t{OOZoX727dVe6svnCX_@VLXK%luUKn zA3Hsvi4x}N&R<1o9F5id@ZmWIa#P*d-ocGLp4pgtn10+Yc_Z)sw?gL;PY-dAq`jTD zfoziQ=3*P@FRBwj>>CRMDQ25@>)HDL0_%Utw5f+EG`CNqsXabBn>vuMuePL5nD?X! z-#z>Dp65KWLQWwpqa(dvYHp&w(`$8itMdWS3rkYmr!>`X4k@Vg#+1zrUZQ9yc+3G zbIQu7u%s#5gql5009&6d5<3!~G555>i&C~3GzhN7)eS;oo;wK!_*dosB6g&HY~F2x zXG!yR+oqg^D`(Fh-H?L}9Qf}S&0_v}uSQ>@0u>tX>fsVXGX|}eztJTb;A(3(i2@HL z+-Oz&>NhG++JmWg-C&FDu@N&L+!#ssBC)wF|9)R!OHs@ia8Lno$eQeVIeY)_tN4x; z$6bD8w!x((d*qT-O0Par0j|6!{DLgM0O<~>Q}9Nw zk)b)gg)}4Swy<89XH=_%Ho(bUyLL_RZI5!=i&YcFaB>uA`eh^55)Muk5VBYi#H(Sy zo9>JDPTh-MYo$~r!3)z&<~E3{EfipVGgaMuzkF$TJL+xm`}Zi2gWR?FIKgeytR=a@ zs^m2(XjGJukue{U_{Ct?6j5~c@&jwIq5V(;>rCy*oVmWJgaadCkRh9%;xet}oaI9@SvCA&0wJg$H^OAB< zz-5WdUzKub`CMT!u+l0ee#*~o%D#b1LH_sQz~PRHjw70yn*K}@O%6>7^_>^#=ty0? z><dcx12m+(^NMP44FHJL|hf*(JzGoM**XBM1z0-6kpK2WxF zUg=`Wx1c1QWtFtt%w`d>>7g9;?x#1-sgBPYtWlhL#9;-^oTd&g^XQ4DLaW@~7AdDx z5AV!Vv}Gon*}=DzJ8NS+XS+OKV(GbhQ(DEBxWvQ;GRHybpWue?NwQ^yh*Qj4U|}uW z)1rWnH`vS$#Cl4o;VGrbvm?8&L~Ckm<<^Nk{ORms4pobrIemRvHUvwT5Mg;v?VL}i z81I^k)s}zs?#7v5|0I~vvOQ?iypWt?RamM-n;%~6wwWnb+6@Cr)-#or`Q33&Bvlr>@Tg*dfaDPtp1{ge;hMf7#cJiV*hbQHAe=AmLQ0Yx8nZ ziKF!(aeZ%>;);H&%%fY{P~c^gWjy=Lk=Vgi{wttsrel)J74MP!r^i#A<+@li#pHXZ z>i`f#rGbcot(P|%=AEe_rB>LzOW9m6&uTyEir=~Cc9uPDKW2GZmwC6n@6XR-$x5hS ztYy0ft6MgMNY(v6o>=Sjw=s}NB(mX8Dh8DJ6L&Mzf?@`P5zyS&4l9|>10z0Rt6otdSX%QbD?R^D0!LjiuO^ED2O#mWX;GVCmtB2S#& z1u%7?d0-|`%310yIusOg%;MiaainZS{n;wySz(MV_?O_D(XpHB?Dwi>-+KeNH$(X2 zi36!)^3P@nHQiAy(^OG;{lSfSwOtF1<_Y1|l$9uPb|J<*4;Q$(wR7i@^>e=(51~8d zm~zmt*gu=E%XwYLXLwemE-51v27`rMmvib|Fl84p?BXbK<*72vu#JiU4L{;Xvp0^* z2&4R*9UZ&5nweR8FnTA|Mx0OdUw)crGWk+o?Dg+&vH^QtN!ce!+hG^-%~~Zocso&nan?rTdamI=;Sy+l>jz~c^sS}RdzkivSZ5xjZZix)f64SOUbaC z)Jb@HRmiI2>9JE&VS$B(j~{1RwZbWDb5j}n$6XhPis#xk`~rOg0yIWEkJ2;In}}t; zNjwDwx*?p}k3nr|w|^E&%w^>V1CM^D1d<8)nhoID(%s{hlR4WU8i;x#ar^|lyURjg zZ#93Y_~@GZ7eh{sJfCaVu7hp#OswLb9cx0oyBE&r=DSAe+Yl;VKldl9L+Bgr0pg80 zti?W!;*Q`nV`baR_dDBb<=-}=$t64nN6f_DtQ7(KzZZj{=hk{y{gpuj1RWPWS3@EA zJ6@}-;{nqvLV(&0LRyVK^Unav%y_Hf^a_de!dqm3n6Ie|knQxu=;$w?crZLe+$5KV z)j(djSM5mgTg|eaoTnd;mr~StKpxN%gzuwneeB4^7XYRLBzkXQpDy|a(>a7n>UIzhik`brcZFDrDB*n0L1&X9@+~MbZ1`H;!;ic`v9u%6uC~>=AP(&#y zDS38XWbw=LOHetCL00U*R>ijvUd;G-^Ts>$0dLqQ;N&D-HCIhrKNy;3B=)X4&W3OSQ(oo zX)A9fJ;B+oW~ zyLC1>2FXVwJJm>u9Ck@g*1>g5NR>|lKbxUdtP!02yf=g^v=A=oNcQWo+foPojNn4K z{+-F;r!8|LZ>rA8NK5ZgmatCyiTB?!UfLivPmor!mi5$9Uj5OzM~&0#0}pBq68L~o zX$Om!O5~KfS6ku?tQO5GUm@>z%1sT*KI@YNhiD_d%#NE zs~yn4<77_Fg%#&UyV3%?_2S`OB)&7*J3`Ph_7*0OPY-6h-5|ug!F2pH z8vsQk&U>k{G;=H)n{~4SW{R2#*8Lr#H~5jG=UE>(RAue$tX8kDe`;07^&tyA)<~pw z5IN0OGk15T%RixEA$_l?u+@n)>JaHX&+|t#P>!CVYEeM4gL|Q5z zR{$=v0?Z&dI)=l`(HV5{TI$vHAUlLnjHE7T?p_F*TkB!5Y{#WS{^H(4xB0%4Hp4lD zWqp5O&57MLql1q>pE4(Xh~de6I15Ot-hn)|UDy0|9c-b)#{52aOZMybm&qqqURL10 z5A`l3GNSjVN3LIwzrl23g;^v$W-7)F($*^(hK)Lqd4Fp3Kte*uaO+j2D+vB%{kNZA zm-DbJ;hAo`y40U{zCC9W?Ffhx1H4{8vYrRXd^9Wd;9i;FYpKSHEu6a zn!4s4RlLtNT~XVWt->~%mbc^r<_B>0AqGENT6uGm6r)n2B}yV%RyRjZ&{WE_1_4o9 zuGXk~q5m*#3{}rHecr8WS0EBKjlm;PJtE5a}6%JrVw^YinvoA64Mi;LTdd^~-%=Lamw`WRyRXqPwyTJa{7a z<3~08A-flvA^v>&brt0P2A697_`ONq%)etT?mBT|KQq#-o*lrau95NMYfJI{xk=h* z#^qned#&f&@4ne4lOtMkdnbf!3dDN%j(R_@^bD-3s<<1B(Ok=sR&mNq*F zgcN|I=}xXd1Vy`gJ_Uf5OEaTW=;H$BrUkhWK1cAx?_HR3eF?T)2%4-Q^38|4UN=qH zC9(7XOo=M>a&=lVbQCw2Dr+Kp4j5PVwv|7Tqi1Ec5%aztL>Yd1vX{E0VA=XGb7!G4 zE=!}9Z+Wwl48Wu1GJROObQMfHcz3W{?dhnJF{(KqTw)e@Q&gUj|_YVYiv?`j>$XSsOUy*q0dr)`AN zbg&vqd9QEL)0f2tEVSdC@Bm?aT-JZH}hAQm)jU) zkO^m)I&@jZ5wDP)y#v6cK;S!TINpshN-`U+E1c2Ow3KXKwOmeImeuV}(O3U?Vm&Md zZi;fvRL}LYAl&vD9UF^dXhvOPE3~252_F*_LH)Tx?9MQ`v@)rz)35X0`>J8^YC<_;+a(nSvR~Gj6}^&%T*T-dM~`Qe;lk$!{R` zR~D#a02879%U!#YtR8&DpXVz*Pn_qH7JOUCtmX0nwe5YDT_|11Vkc*GV-TF5IZ#Rv zeZE##il+e3%3A6A(oU07B#bFgDRXXmq7bN{(0a;rq!yi_J2QFQ(I(oe%ZK&{U;O0e zr})}{xuN1!2CJ*RnWz@sqSseZE$|eTKWNyx;DCDRGK=x+pcN?V2Kfue-%C+quIA2h z=}nc+dsd*1nq=6~HR-JTtRrpLZPa&Sx|ugZ56=UgT8!duo+|Q|%!y zUaL9FbFZRWaQ6>0fbgN9S&O!A(yli&6S!q!Csy}^EB~OZT2P6DOK0YGi39PKPNCyX zeuaiGUMuD;x5&bP3Ye&xAC~=4{7WQxc*{;bdUTP~gl~gXA76_!A_VoK> z*WyPo$E6-^BPrI5?Nv_|ij$4?ycVa{y)uj4H2K?Y+*NdJo(hyb$yZ{4BEAZNttYE? zeMS9QJ@L9`^mp~z)`pZ_3*mq&{LyY`v$==|UDXS%By~+%qZLEA)K!2v7c^czqKFcE zaT>Y(VzyJ4)=|=ML;U)$_c%KCv)T8hdlFSobgCOR53}=|G^CU`S~B-!*pRs8QH9Kb zcR)b<^`m|9Bo{Gz9HhKLR?1a&qy#y#Rs7K-;)HnXpsTD z>83qTgot|esYz>QEC?DpUBi?LyldHJttWpHkPG>4EnQNhsWn_pDN@u#%h%7x0ih3g7ZkEkJ_y8drx@zYv+x#oM9N%W$18()9M*QMNE;NONhP0io0iIiqGw^Q!>?Pw34mzT zuxQs@Rc9XUl9vV=8XSt2^^SH4Kjx^pFof_wnbUVw;~<5wM2nD%mtwZ++$y!>S@`fz zEdUlEe+VskVMo~HO$u#e!7=irL**UC6!_zCGf_BkE zeGibfgQw{qYQVPBF!NVD>pi|2EfBpq)tms|N4D%;(Z8jIAcsjbR zu9i6QNNfJ7CP{9|88Z|)=b$1v zNzPzIMS>JbvXY^IB36-65s;iIp@<@}D3DO(g1a8|J?D(^eShx#b$?vPpnF&niv8@p z)?9PWwKm3Zls)=;g{VgNZyL()KQt8SYhfZtRC<<5GA|?3q`aIla_fBVZT7f>=J`gu z?roH^N00U~ihB<&i}(BxNx?fX9M%{b8j57GJPCVNRFCqqG}-OiBQt{7rAskUD-vs$ zahaKZdqbRonebj@zM$-WxyOk0(G-{a0#QIbxefKtKaS$i;V;Qd@OuT%+N7QAGb6tgwHf zk|dQUXxYKZHD{8NOn6zncuM1wX%DZVh~RNX`;iLcWPgF~`}Qr-9^hpxh=eE#L;o zictve&sI;};xhQ`d(6X9G1P~J&GlA=e&z zIB>t`7A$vRVD=F_ffc)tyP?&7abR-6BH-^E&N~Kr$H)i7E~FLohYh@#lHcAP+{T;0 zt$U?&Lj7e+5hZR!N7R`HpUJiI%)-RPl)*g*3S@y#yBz4c z!nx_H$tG~;u8ZeFWGjInHs;RD`nkX&B()K`Il2nY(a=o%un`oktD~i1u+{5`Y}%-j zuiUCysqs$|9DQ%LAC5*nxAN*r*eFBbtX_S{I%JIkC-fuhRV6g0#Tcg9O7piEeccnE&V%5=m_(TW%A>z?F^OPuhr5t9x|N;#;4lzOz}haa zt>Jt|#x6DH-;U;Kz??$u8F3WT23;gK@*lxo)d)oB+ze&I+|ZS^WsO*YbZu~$G$-?8 zkJ9qI`{(viPOx+Ag`#E@)X}{;w*~9`MI1*mL?uhM*GFmS-z~S;`JS3=iZEmeJcW~Z zQN42l7v!pS>(;Za8cBJeK?)>rfDX9~*A4=fQ`=mb)CTrU3uwji%Dt6j&dh-Ir*Txt1cxpR5D&-P>oL*!q~MUq8s!-=dT3Idw! zD|y>bo?^2B*SdEwTsS+gChPA%B}*E^5VVRO9I2cZM$%z@vsX9{DFne%1azBj&O4dv z%50ss^OJLN8w@hN7(+$C+2?d?i16khjO-2&lV1eG_ugX#yNfL-m6C$pg>_r9iYuk*gh zj1#txw9$Q`tPC-CM}XmQ#nJOzZ~s})cI4;p%Qn_@v)L`5_-by< z6$f9H;;2Ht*jDS$U6$4DWvdsrl@Qcvmwd+->)C6&#_7Vs8knpvgH6ruT zW0lr=0i?DygsGY9&9~OPz|Y6W_fZ4gmN^>Qgs`%9PQwaSrW-suky@=2R-gV zVF)$+`0;g-Fpt2alP$6RqIN@e>j_Bpc>K72gs5Xu0RDCHgO8us++QSvKv(jxOP~(u z@IQV+Ch_nJMp^&v0v#v_{iLRD#!m+Y2RT~_D=8Y_ed`O>thA+y$u@?iCDN>DC{JFO z0_RB{_V|$Dg;s?76Cq2R>oE&jlv)2hg&H5nCv@oqp+y~;kSY35N+tOPy?m(#pNDfG z-g8pAc8yOvM^EOoq>|CkrGhRlfm~`iaoIhGQ@t?dwvheYtrNc3PfOswAgC@;sf zs9zvcp7FOK_@Yi;(9(-|w9s~DxqFBBcBa?Vw9w|YK08t)Smf*nD(a?WYT|x`w3#KQ ztG)jd5m@f|fmw+>GUB*Ub@0eswt@D9S{=BF1}n&-l~Y8})~q`VD^L$7^#5j{i5TK# zEw{bg@VIME8}l~bcQcLUMVNRh8%iUJi}oi)ZchwN41z?3tu;9L9lB*zl@Cg8}$zkZP9w6G? z7L&-_Hf!V_;}H{+KuX%tM)tnya1B_yovRItc}Vnr6!}{s`*088SIt`@MRJ*CL9(6K zbNk+5?Blxp-MY@Zyomp8ev$<)E}qqIZBtjoey_}?%{$K+-!&&@=>lA9Ta3+xeneyL zXb8o7)v(Bg*@DXf*3qlDA%hZI?5_bES=j}#tMs3ejSsc%@7?jWHdg!5_ub)g)9u^C zg1P2Dn(q>fWOwbDx(i)vVA2@4#!`YE^ZAI)Yv}*HLeK zqGQ+{?j^Z%JG+V7e)UGV4VOvL6GSf;m8i+Pep99w^k6YJN=KGY1EB-%9i$UT!+Yfe z6q;G29!`W^*psWz0+>xd7YI`ejm*p z{7>s1uxG+{8y9-K&h*4H5@Y)b`NS;FQGZ9bB*+uJ)t0iA_((qu@*saUxX8dp34jlv zlWmU?4To|cqQH;p0Y|L<_&Pc6V`|#>)9O{o?oNZJZ^|0M3OJ0*ABhZ}Y zf}?lMOPnKELoQOYZ#L?8r!BR3FO*9KQo>}Z8U*YMa37vGRod~`0S}(r?#@9(YK`VG z&Ym4@6Yx7R*fPI`sI4D9)`_&aAcEoc$lvvYbT3i72-|wzG{>QEjf6EU^;|moy7UZN zP_|Y0r&j|8Xn9n}(IZ{Oa=LYcP@=6ui?>}836Oi-YMU!+Pb$EumMN!BF4VdwgLi8w z(@Vl{YF@Lktg?Kz^F7O8p;;yf7}+Gk%{`Zn9k8J)2Y6mWO}8h4h+A+^8j4Gi0RAK4 zk%+~jmIEN;+y1ts*x&=E)fu3E=V-^Dqz4C1wdljQHU!%guve%QFaGQhdUNLY&1|gl zbupxDKpue*!-ihsp!8NhViL+AGJ{}%r zjlHbkX3L2@bjzr87p?-097&z8cg;3sjAzm8T~SFu?dyg?_?o=MSuZP6Sn z_~M@5x3p|}@i|SzH|&}Oel~S*Zv0y%3PN;m#U%GR+fv)w2V#q0D@FFUwC9fxt2jmc&sHQ0 zh#;;_UnldnxZ99oU3WfnBH`KQQl`nUfeyY=nVTz;-_}6ZbLJ(oS06nxYJLMPbT0yJ z#(byUXMOVh@x@PYLS<3L<4_IPfyRnO4ZUG!#urGox>+D7U`X;@m3~FxT=Fu5Ro|$?HuuA3J54b zk${*JcumV2R!v-7TzbaV+ir@5X6fRi&+(U51@(an*H@t|SKWhu0T#x0Fw%@_SP3f) zta)E#_9)#U?;dmvLvKWk?x7z0IOb_!hd}OSch*I*ut{^X-a;raP}El4*J}car5#|P z#PsKCzSfP)xf7BD(oFj5tTfzC>W279!K{qisultVwL;_-i^Bd=7dgZVcw0`+Fn6!U zCB~-TI+rg|B1;8K7!i`!!1N11F}p?g&r)~tAzp)`PeQIbFgyW+IVq{B0c_#;mURBD zSNEHN99$SKuFAOwc9&9n0t(b>wR5$tM{C^-X`5sEO0sEqLq`k7bs1%xTYvb%qUN+a zR$q2>bi`Euq#Mr!{t|jGedN-)lKFW5XkW}kjR>R1_ZcUIi&@w_d}d{r!9R{auiM4Ps2V%v5;i}CLjmMcZBS28d)jo7EPSE2qNEWnzk6~YQopR&-zNNVi7W7I1aP}~W zeoE*!ZJAOQ-o-Qpj)!oFSER&N#>dwr3S3u?tIh#uQsBhe0&%fZBoN)3sViEkyHk9d zh|4>%->X~peU(4;a0}${U2&Hya4l2?9g~9-!w4Ae?FTD_gqN3_-@y^I>6>#C3BhWl zr#Np;D}B#Lt0;Ku$iMVIAV#b|08w}8IoTU-*l*e!VG=7PN^8W1f->1@5IZgD&q^|70=~z8r zBJK0mF?OpAeh*>q@0|w{1#P2wyaPT+9*JXle<$QZibi^p>JO=8e<=-r|5zF+)pN44 zR59B)(D9ST%9&!oE=1j^bIn|RYfx5RZr!;}otJ2s-@j3ExA)7b?^9D2ZblCtq_rne zlfl|)chz-!uUwP;C?N3gjpd-MYK5^`Y0>ZXr^&P+GzH_^*$&TI|7nG+=| zZk8C(-Z1(-cXS$IM{sV;2`5VUHQc|z51V4^pI1+>q4Km9iTmTN%_|2R(<3dPKcg4$ ze1u@P*%gZ~Z%jZwjjD|*7}#E{PKAq}h*H?Rdr~NRiSN?!qbmuVoQsGbD2!plM7Esx zV|y_ipviIF8}6!>e$;~=9{pB7F>2cH?!d9LP?K$apEyk~IS%eNn)q=M$N?RYiWB;KRyxiTn$1@d zai4S`g_hXV--yS#DcTO!^bcn2>tO+7U^lb}&=jVA*RIl2583_}aiH3x*EhSud)=4# z%9t9!Ykxcd0te~|z9rWv`-u);{9ZEIizY{LIy7#%P4`vB(aG~>jaeYWoMc`E4>Fd+ zH$PXOn($S-d8J!XI8s>g9A-jFN~*W4s|D4m-mQQDnem0G3`h15O;GFbF?cy}F!1UN z$xSxb+;sy_e7r?RLPj7z!DVn0xH_S=o-P!)6>%vk)-BE@``(WpiaDo z(c$TRwCnesJUQ8U5h@OEY=CK=QO&hK%6Afn?#+!sq;866n9U0%+n)@-SX4x7Y(tpp zJGbTDeBi~Wg2WN;o3ib@?HSr@7rSz;S>knQo%@3<4jwz#IoPMz3tn&}tWK<){eoq- z@W)(D4IH2_ef!JQ)RZb<8ExXAMp!U&*_`g}u6LnyzwV=XUmRHv*%w9~l}O}65^R3k zC3-|cfr)cc|MF#sib69~|1I+co@%whr8f}}h(_i+RY?7OrQAG-k7-mjIagJN{ymTX zkz++V*+%Ll0jpDQ`tAX z8fDW0(tPmkgN63h5>;LOu6QAh>4wkG~D{1MYy;Pjv(~;Spx~Y9;u*+9fl9{&r8t|<~J2dOXy{R!|g|{@k`xWowHc+n}RJ3TBmjM_ocxd z2+&wvqP4U>A^{23CZ{ZBs*0R=E_LSbH;Q0C!<-;Rb6oj5V({ykA*I*EJ{it*DQ;Gz zSHZe1r#|kgUlF}XE-)aj#u zTgTSkz@{lh+@R{m^x37xznYvJS*IyJMgYS~ye7EZ7J9G83R((WoSvG>sPtgr=?BJG zm`cPZ8!(E4U_>vKg|tGwefO(R3g_|)1TWPEc8!P+?=a{zsd5)K7Y^hJzwwsx-B9yc zCll&l#~^MNsK6tP((Lq$xxj$QrFJQqOPj}$US1&!_=iL(FN5nJb=_8`lwk?=y^>o} zeK(VeH|q$IV_hA~%~98$KYPYCHzIA`9yyzwd@p@j#C|>c0`%0BfRo<%RP}qvrLNm+ z_Mk=sPIzONVonX*r^M0yYpmow$bh`mr>c>lo4jm zE}#|M5G(=RK$i(OT({eep}4sM?NyUajPF1@Y8jQabjHV~<(nKsu7;q666D@JQ8z&; zBOr^L-(F31e$bHt)ymA~nR?CEqw+{Gx>$Q^W;NEO!jFVwx+Mo!KqeqD0byF7FPqcY zYu82Q-+4-pNBQj2Ue|zc^|x6Z1w-ToqJZU+`PlDIWcy7E!zYGA38YIM-M$7u|9E2+)t#fftc>-Z?zQEK z-=8e}pOOW>ZyKA=?qDV~gOQ$}S7;_Q%6-(uS}#;R2WH#GQwgMNxR{y9I)6sqd+6tQ zrbm|l-LL;JMc7u<3Ti-ust4t5jjmvz01id^DxxJc%(w8VCQNZf8N)p0nGe zW5$x*@8y%?HiCAKiHOQqy{!Mv-3XW; z_PDD>h+SVA&HCr^5w)B0DNhfics$G;95XR%tZsBaL(GnUP#kYpROwiRx+sa8a4<6} z3<+_1yzkKdLz=7yQvQ1O_nAK_CUWLe)SEK`Hw5FtT@N2wq3#H$0@N9jT$fotIXy1^ z^T)q^^bDr#|Ia^4*KRQV&%f{6$A0POn9l$4BF&p$-MRnu(xW5tKig>k>xF$E4zT_l z!t~#--2L;+&*3cp{mQ?89Qip;=)Yh2-+Vi@=ICkI;rmdxu511NCjYm*wg2~a{?GQ& zj<@%Jw!_1k;sLwCfJ??4s#Dn&6?fn!aC&K*G?+iv-E;Hjq1tziF`RF)a(1>gIt|L^tDDE)8NTEc zi;0Yko*S4p)lpVft|VkA#}DmixuN=x|IfhxaDnCLNxK$v_I%7tY(Uk!ohLW&_L!WU z)sbyx>*1}Ct)(#kcW)neS>AhAeN)}()ri;new0S{*IT?s|KeZBJxfBz#bsbc16WW7 zC3o{1LY3#?_nX?DU+HU>@>W8-j!NUXg@k$|{X3>trhP}&R^V1BQt*SSaF!ROsrY*skc&cx>8xPTQ zXN>B>E#>=&m6J8iQT4eF*uyc>C@xV(mzL~?(=5*6>eM=G&PG&{LQn& zgU{2_X3H_vs4guz*$>{9yUiuRr7_XSF*}FJ?{w*?&8^z`lNJ_!VA`a=!+(oqb9;OJ zGcq@FmA<~74V~86`8NyQPt)qYebao&Nk7BnBbSyK%wBrJL^(R`%a^~X%hO?a#Rf@D zSJ%iS-)~o8T9<-N_JLyS6}V^_E+ZK;I{o+Gojo^y?eRxPvVI2A4`wG$oY=CdV@ILu z?|1pFkG%i)RLni{Xl=4X_2ePyM0pG=3d}IQJ6jIgLEx0sl`*%=yE6s)|$ zK(*Y#=eLW9b_Qj4^MUV8@DCk!(6z9LE^-Nlfdv}7ySwxk7}H^9o{yA{99w$2f@+7_ z?c3>dBoZw>eahRnkLhEC?#RgG?}cgF*u>en$E#EBpcNDpB8z;&mVEEJMt=KtUvg(B zCx?qH`z9Za*3i#80fYPcUXIrZ*?oO;Qnps`=F{0>7r6Or zuOX-Y-8=cVHszpTMDWXn!C;I17i?{9qx`SjM7!>69GO^bEOI&fm7~*hq+(POZK{@a z^M!zxiTdS%^j+$w$TwmJPb&(l^LzXHX76s@L)nLQK9Ha2HRE3J=e&s`8DBjN%kxy#)ix`e)Qx zhL}t(>>^^F>TOErz7}4jJ$o)EElmkxR8VlR+Wk*gC@@q^)6dJylxQbHCI+Z&ZXV3Z z%j^3vV^!a9qWjIqr6N5Zm2J)|S9)JXc%jplmyb>?Zg-!&A~e6c{5^t0c}7d>-<2Kf zsKmt7Tr+VlZf;#GtC#o94qJci{CM=_$u&=-yw>3BmUGRx=_Il2PoMrlb-%lQm8m`u zR@On8HBetY7UH%34p^one)TA#4+9PFzzG&LZbJM}>gE z`OiN_Y;5UVoSfPw{?{v?JtmBLDwdYI!4%M!{wtW|xfTBY8ThzB6Mz;nYv^^4IOkqz zO!S!V4hqvPMg3(x2`%Qaf*G?AQnjtD8Y8}=UFY>eM|}2J7~3SKRw@4X?p1t8A9I^T z-&W!9F!A$?&DF7uuVs|*y#*Tk)g*ocF;%!oBd=#yv89= ziFSYLCs%TxqU-qcVq^9d*Z!{5#?{?rS~#HORSInQx#)N-q4V<7;WcE>smf4qY_BuB z4iJ<@O)%qif$rA1x9i!w$Lk4$R6l5>9xQMwUfMx^?h%>>aq`5M@Kl4{@kR-Ep2k_y z%|nflPq4c8KV|WSbg83I*;hwyADf_?uU$@cP`R2`=Piu^-fl6_F z(>K_;Kp7jm)RycK+v1YZ7kl-R+j!6(nf5$e`h zs_Gz>O7@VoTG?S%-Ak5x^(3!VEWiMUPR^#sj6S6AdHVFJTT2^Z_KA406n#wW)h|)` zc9j!_GJMv-OnXZ#4ziYzkPTL_6m%K}TaluCVw_N}Ta{Ik=RJZ?4%pOYbBScMrFHr0d9XdOmoBQvLF^(+b>`Y4<0yR zHCWPAvDrXMV3*1>sa64qgx@5_HrkOWX_6H_r~KJHuKIj?=2WpzfjPT4CEN6NSl2Q5 z@rVpR((hG&J`Mg7aCWE?~XF8=-ZyTHKc?=cX?^0wv` zVe*28tmlRd-fTWN*KELhikbgHQ&>AL6EGluZIPC~{y@d#6iIn|zM{gLI%=Bi6nFPw z21~3QW!{A!gX^b=adUA|rVJOY_ddD~2P_&dudI;!H^5w-fgkZ7oxNp<2@Y1G&UOS4 zkhDG9lTl_D<3CfdySplDUOW(7OPQs)^15EmEi>ogg9i`h995+=IhX^qSneDr^?$9r z4+qJ6ks3B=kDZWd7f-^}N>g$jYGx&P-v-25C)>vu^H=ZOsciDFgvdx)72FeI*Gmj3 z2Bd?L+15DRb82>pS^As$eH|13$4Oh;EB2vR8)d++z1oa%Uv>X;sUSWNhtqN7@snd?Gq2dn;g*S-oE*FxQ7cKOl`nc zJlq=>QVa8YxUO80ho6NuKzEw>*~i-0k|c6-NFmz^?Vs0O#S!gH6Ip`Y`jM9uSsuYv>8&?BwHkd2jE25j_yA7 zo)14Pp%f}qj2*eKzoXyls%5*<1QTSHv-l%km741pnrt=MRWMvAJp8^zAv|G#%ida&mLK3(dq0HfN`s`LAesc|A|^+cl@I ziOPCZNIlTeagRTcFDC>#0`j3Mwu>M8w~p9Dt6Bjv~!k?q&}TM!&+Iu6tqKmEuJ& zVwZJe>kzl-dKy|&0|s>686dmo8P=*pf?`zh^=Qb%)IcHj9AIPV-Cc9&e$iG-mT7ok zkNNiPjPy#_c`egXje`$oIxknO&DGNj+dTX8&p)*^3^JfycDA^KkX2r;-_(>1)kU|l z$I#$pA$g!uwPnP+!&Am`?RZ;~@J$G*(SRD=*PQb9=4{i+lJ7Dy*sFINh(SR?t_JC_ zKt{-;zB*g>@S_oAlB(nq0lwE zTMT&{529FS*N6@dF0EqmMoKEEzRE>EE2(60v$%7uwMtG-PahQOxh_Abfj-nM2u6{^ z4g?54Isnk*qFzZAatJFwzg>@%Kiqt#?;v;P>^<5gv#;2T#KTi!GjoQr$G>7Kr=DKi zxeUgMX{miJ>Ro77tyKdg6narSM>M)7?*(%OzODnClhe(O<yQiXi@x68 zT$s~jv$;&m#l_c^|9x0N>B6MY?115RMNyH4V|B67AAjt^F|LmjyO)rX@{hKGPJT)C z_Uck|hk2<1l)8O#+%kRp*GK!Ns4mkcxv%-+cv0SyrREBfQGc%_*HY7+R8VtTZc^Dk z(_yLWBYX0bleBTdE)`QI?uCF{n=Fdq#yTUvs%1e&X{bg^yxSz&Vx{ZMqv!?A-iYFc z!7eIjq0|FYjd>x;e~;8M?!Uh5JJrP#6&bC7z7s#OXIr~?KFmA`hed~*gVL-u z*{#18yazN5(8Dk}e@lZ-P5}8`bxn+OO!ww2`M7VzdL>E%$nAoMB!XUotmO*G3x;O} z{=@RAud_1?kgq}MoFag;jIAwisJG5jh@(3Ikns10R=4ZP`|iJP0-(NoOt z_IAkpl~N*(g+#LVLNY%?lP4hH**M$i3yS�)Z5tN2EYuCH%`?)F^B)gN{Z-2kBGo}QAmE>|HB<{3IvGS# zpo<00r<%h*!u7VLKM|P`x8d-M`+Fn@`6uM)6~Ok(>+9=t(*Po}p^dK+($l3*La`?{iQM4*Fxz4 zU(NmZ`LzoKirV2aek!UZTbo;S0UqW9 zhKqDGuE)-|_JxQV^;n>7KEJ$2fA#)bb|v}lo{p+_pkn9kthzvm7`7ixy28WNfBSq} z7vpGcdRfyy&Lzu1a(8JDY9gIddAVq-HWTt5rB=tu}|0dJqBwql+pI)@>0d(h~!xsLAB)E9VPT?dnL2YPFdj`5l_`{ zNz~TU%DsH^8|C{%ShnNn-HAm@zS<3JsVOHn#(WkBpx1ljz0aVpztQ}q`udaIX|E3IyyS!|6QX< zQ>7_K=6dqVdiz$UmE?*;XWJzm`s&ZOS+A^r{@evyI=NF*RTjItT4!Tt*E{IO;7ZIB zEhW{>U-+(~i}!1vr`wvtV8LAOk>UFG4Zi1U(>?cX*28iyPMUv#IYAzy6hC9n>%{b{ zG&FLgrf`8I|exD{fS2-?@`fIAnG0+9M|aA4wwG1zW2} zddt$TDqN7(KtN=+Pd9SbLqtcr`2E*B<7+NPco^!cmgwGJ6*=Ia~q)pR!8IC*$o^Fy3AynZ}-t5h8ZaQh>$ZkJ87U`f22A;VbXe!>3A6 zZ%!UR-dpBmMtNYAyF1~rmj|2DeO{?+-J$$_TXo`uPnA<^oZBfr6oo>uKa+*6T;t-^ zuPRWEKg|+28_qn04U^qeGR-&P#`J;vs~@i@AzI9z?a}a|m`)K2Fk$~8J+d+p3z(U) zT`UE5jS3O!4=_C*M`>(4+Eq}xIGo=$u&dmyo%E}I{xRG|*(*YB>lv%k(9|@OS~!2s zT}NgGN=OgMdxcx3q~NAXNyj~t_%u4XKmPcmf)u()cf^^bs{OY_4_tYi!r{O3CA%q$ z+t_~r_GC!T>AXHv1)zy%g*-nX!MXN?5Gs^{7$V-j+g#y`>P1&k+WN^VL^mB*tu%-2 zkq}1q2}a3iGo?_<;;3ra&e&rS8q-iXktMNjOsQCkF+D-luvVC>lE**{Yy3}eD%WG2s>Se`Yq2g zChsvODpE?-?rlwzP1e_-vALOhkaa?w9vZPMI%KL7W}B*f@l*;s%8Z7{R$KyUuVONz zr-gBPl2**#(*5{y^!uBK7!)~}o1}6yUQFI*EY<0ZFo@2bxAHLnZZ^+Yz=Rvl>aa%# zV5xnOfBf(Z`pYrf8v)0RO;UrC9c1f+ z2Q$}KzQ3X|^0$m&4<%67hqGmOc12Ypma4pxC#-!J$%H+@*weN7Rm;v)xG&&F41XLJ z{5(D8rO?c`O-HmTHE{d(z(iDTRNP|ZspIC9;e_lNi2lIHJ(g&#>zw0cD(tg%T;D+Oy6Wt!QP$z{CPzcqiTg$we@RY1 zHC~YGK7A7M(NWYu0rBJP>`W|$F;?mt z-4~2K$l7FfzxG}OxAelot}Itb8xEu9QZ-8rwnP5Aldq>3!k{^*m)sGPwnWoVp66d? zW?8i4xm%?;%%>|1z?9|4?AXVfDlv!MGTlZG96B^NhZ)oraRscUILv#G%6Fyh2Lf4t%1R%PSl zeT(s@N~rWF{(CPWoF~%%N}aVvZYq!}<;J@XT`4`pq$(fP7xvNv?8OrbdR8x&#DGIp zR&L|lR#2c%1=ubwyfxH|ZLdV8+9(FfJqUB-{3ljSZ`hJ1xP}oSftixnit~rC>Cn zzu#sw`&Jz2{}oCqb_fHuxxz1;1S2?yu9HT1Tkq8}F5Z<@>;^_cxbwC%R&>!t>eZsg zV(o5nQ}9OL-~zJmV$Y6n2`sx(dV-dlRf0>lTdNN5xo@kWc$YQ?F)^-RV}Ks#57>R? zzs_9SjrHH8;a~5QG#eX`;b&K-cic%*LJdqTk9=A3_ryggQEomDos~HW` zPyqn}w$gbLEMvJnGd=x%B`!BN!*-!BPn+iJ=;VSMT`uNWlz*F^CRp4MpOBx1z~cp#`bp^{?dw784h zRWr9H4FnnkttbKnjg2R!7#B{^e{U*$V=c9|dNEj*GTcib;IqGcYyJGH9iu8vFCb>p zl^Lxn?JtF|bLon(7m$PjSBL1aAb60<18Q=2e5bX8CBC)!krx*owN{qMvVlk~eASDL`k2b)!w4=pTc-~T*ziaM# zZ01iC=4_6#kDsNg36Y3E#_^q$XnWwY9YDSmhB$v6K)~?x#xf4^QLb7+nGGT!{VZbwsnO zsWEY^rq;-8{GbV8jDPp}Sr-&#>1Abl_$bAy_gQ71->QWLg)VRSK`qiO-6ddc1ckwy zzo%Pby_+Mg>X#s?v-mWS99-cfSOa`Q-m%)bLI}`y;b>xhdrcFq&7dsGu;Go;YeIC3(8%z zZ_PWt^UdFQdjouj1HQ!pj~`$jd3k*V!TTX}5$~Xhl#_!)_u#?j_FU1B6m31`OhDH2 zzeg`A(q*5#a7M(CLORbbD=Q2Cn4OkZ@}K33h^ldbcNtUXvA1BJ7(*0>acF%xC?j+&u=L2l)!QC%U*A0F?Vu>Ujly8jp`hATr z-~ZzUpp3>YH1J!(+=uKT8s2r>?fQByZeHDc>fxMCI~KF;(w^^cwz|8?j&c6lSM#q{ z?yt?$4VHLeSgoh?&jOOIX(Ls-lSLL@@ITaGRF&ASMOD=GTtKvgvC5~v*_F&2DvY~V^+Mp~eC@V*>K0h^sr4!7sUNAoos_3;$nPN#B#?bPYD!%y>7lzs5;-3Zin*(()?qOA?FCq~Ta8 z0anK>w&vJWtDWY(T;*DmA;QdCJQ5vZrF-;79>PKyyG_oTyRVaF@A52(`Sc$TYcKxs zM^gPiKx+T^g9^pT(1OvAezyg?`sFy0!g3ly?T?30o995iq+|QEuxh4!s+lbY1C^w~ z(o&|4jZJi$h3%_wx>$qs=yaY;mDn^zzVZ*&lh_g0e-U-77 zG;?G;qUhGgLf6&v6p8Lpv3``b3!b=+*P!NH;o{P`eY<|Jm_r%#ReP>5oQ|h-agH%2 zX+!zv1oXt~zjMNY0|&0~@#&P8b7*O3(So1h~wtr(b_MibliH9E1UPO3ncP3SD3!8Z>CWF!{;cuh=4Mo#fX*5U4-D5{o zhes;Esf

(uv~DomoLtTbVWfS#d`$$myJr30$?=98k?}86?kWK``ED!`a z7*%Bm;22I<4cn?*#j0@35z zV$J${rn0?!kwwZ>&7H<7#-~-6LBG+=ROtqGJTlqz-OvyX(71wVCRXb&Z#;obSk9{L z?iL6egqY5teQ7%>ymgLDO2C_Wy{s$6q?J*ftMbn#2dTnAFsY51$!X9;xh4Gto&ki! zgby7}&4^I*>6stnEO5~v-dQyP;Zb1@H_T^vugF*P!PC^Ss$KMzj>T|FQtk5LWNkBQ z5hShMl?vs<1Z&97&XbzbG}EX_QZ(H-PBu_Aih}lemQMW0U4gh@($ttWNiu9>tWA7G1EI&VFL4E5S4_4v$E2-(~rsZ1e>>cM| z?(#&XphC>VgFsNi>BCN4lBxBYtY=~fPyulbn3aalaqu{hay`4_7!Wd`m9v#9 z1x81Do5X%e3_YU+5{Bza8-bz2#YHu4y`1slF(e6y*u6}P=3+X0GOd!lh}d1kqTYy# z$*B0XcQ2Kf>Ms#qe%&=T2M&*iq;`P~0x#d6(ky8SE=YAolrx3+8=f~}d>wT+Ea zOZ*NG;fPg}tHSrvBJ>vXNJ9fJC!r1z{idj(kOS*8Tw~cYf z@xb)hssf@J+s8rV^?jcTiD^6>G~KG!f2AWitTP`&F}+nK%@<3@$uhd6Du{O z;)2&HD}qdTzKQ8(V7}?M-Rm1MgUa6$5hz=`MOmcu6BkKi`Uzj5t#(zccBJHXX(^-b zo3CJeDCE`5Py*F-n&vA1+a8T3kn~B39*bx;>KNU_n)uGT*#lhyWx3Z%|H&|Zs8WS(RduamrCq!^?kpw@II)3BifFf6 zO&$Ju5gaR$^O>m=ZN%+C9{-x8#;SG-X>)Vpghj)<_PIHnAFe-AYG1?htzox%+GD}Z zN4RzU-X~VNSK3wHo3LQZOyi<<-a{nEg9l2C4`E8VVp;8nD~zF%SJ@VK=aE~i+I}oI z!Ek}mTuH#(+#FL>)ND??{`5YAs8GDxVu%${eUqdFwmomZSt1uFZyyNFm5D#P=zts- zrfO;2035KpOt924F&Qr*XS9tX5`(-=_N~H=<$SjL?XiMAS*wxJI8)|;BH9N zhY8~c*5>tlXiuN!LrJ(^xrwc*X`Njgv=gbWS+yt2YTtJJ@M!nWx6XkvxQeGOCru5RQe+PsHTZY4I%?Oj{aeGrY{QE>7?C8S#7YeER<$sSX6Hf3Yc41 zpwL_EiT89L0q8-*=&H6e ziw_er7f^zEqwNW@BX^Ntw*WSrqEalsAMwIU0^jFX!7Q-`YyCbdGy)*4tP*OaxiO{Y zm{ZO1;WDO$#RC6Zq0)od&uyc1Q`A!AAw;KUXcDFkd11#|Kp%0=TO%+cQ@%8h(H zLM}R0Ece6-lcI`zR4YX!-C0Rw51EIC`a-qu)LxuoRtMdrX2UtJ#hsycBqd0*<>AR7 zx~#D=TuaK@s$YBgL#in81C05AK!k?oo9ncddPi%(eu=Hx%E;9rD1MZ%38BDFVbWf9 zYn=Ca*tq?_sCx^qD*LW$bSnZ%h(St<3KD{Vlu{~4N_Q$L4boi_k|I*lB@NQu(%s$C z-3{N`KF|A}Z=Ap29EbN9$j#nd`?}U|#hi1kmA1Z4Qgz-Y&C14BY^VoMXus1Y;6@E7 zf{HU+bageVn9vRf>}HQoKoR)uG34$&VW!2x-+@+VwKY@q-a2S9y~m>UpL8Z_Ys>kl zV)|g8qU%X$D%G|6`Zo@?kKq9DbqkA;WbgWlEc`8e?4hl<^yxxDV{N%t3+`9X&OG%G zNYrydLUY!x@buB6{s_lPNFppRtQ5-D9S(k4LFEd&hsZ%{o15F$kCO=$ zJq=Cz%P=QZC`Unc1d(fK)?WwKJbFB1>HRRpYVv^hV>Z{dGR zgKCVHF4OYyUfTJ^#rQK)HeE6I;;oSsur~}$zkOf`;8KA@uli}s27%|(c=3k)UiOi{ z@E{}?R!1=JwzLC0j&5GsL_KkyFsfZ3BU;$kemZCw@T! zMOIcoDGO%uXk;@g#N}*ScMkd?g?FhJpk+=xKMz|-U+k`sbvi4K`Ezt|FxZpub|1VR zB-AfI|4oyYIm$>+M^@@kd$zT5{ww7c$ej~Go^)%0(?WN(Pn5x^9}rC>lYNP@0=DM0dO5nhp`;NsVL}u3rkDX5Gs)Dju>xN$+VgYecU2cEP~{Ad?=)} z4wmvdI-%851Nnb69UZfNMQ7j+2Y-C){d7&S7(BC_j7;XUX~#_8Hd-iwfWrs;Mi%Bb z_QQ3VitVD^xUuYZwq>oHkjaYn#mfsslTzSr-~a`kJ38s?l~o(Y)5M7o^)f0e-(X`uyY<-V3~eoN+|_;*^IH0t9ZZ={w{5$0vjEQ8(zE~q_g#)Sp)Kq(_Sqcn&;1ZbZWAfG|kMu zfuJNyRO?m$Or1IM>94Ln7zMqs$W%7`Zjj;+Ls47!d0}a6`#=};=xczM&|OH1b`bKK z7*%|k0ZG;hs10;V#(~Sd8^aZ8y50aLjFeZzIqpUd<&0CLFW6gdO_r3TzZh)m05Mb( zQVhiyNnAsZ?*~bJs1>~m2q{Ixg+n2^J$Jkq=ov}VQW_o0V^Ko7d4SH4_(o@XiWd@& zIWAR9jZ*@>5?tQ*WNwFkSpX^KIm^VLL2>TM_!^zk^w~hS-f&*u<@_ zu7Ma%R!%Pa0=@5`DQb&wxE;8l6)*+1dxTZJ;R9!y$Uq)=9p!qVlOVE4eL$@8oheuG z#q>(w(#BzG>%V9&z2x#wmaycp_hhTB+vz?synkv(61tP-nP~3>K{}++ZeT14rDfkC zspMESium+>T-;J4^M*#LtB=3;I7CB}c1y>L40QKU{!IUSC? z&;IbC)4^UGcTQ^DNhpgU1cPGTnGY>;NA$9s_n0>M36dRlon zz&yvx_ro`GRX>;IsD8F9;jsX!7-=Rep5f}@AXEZ7n$T1im|Gk`%m zpeZ>$U3-T7PkbC59eoWc03I2MxP5l8w>LOxGxf{;{LR7w!Ll&{o;lpu&B}TC_Yu!? z#>eMcvP$Q+wsNWCY{guhR+S(-pn3I55E&ZVyJL8aeRC=fMZ)9e1DuS10d|KZn2-P@ zR5MSgQ)xLl<)8$yV5}%@4>^kAcB!oEARHi?oIHfd?}bY8ri=diyL)S@a&ge4q2|yT zdb%dlP5bDP3=vVJ`1rxbxPk=NrB7aEJ_~?W_LN~7fI|Iz5LNhDPBbM&t+hhs9$&PN zzkkntUT6M<1idTr2qzE;ogJC>LSIPo>1kM-r=GJ7ptwk)S8h%Bq#FjdEMJ~&4gfq8 z(y1#0p$QV8m|_T6NIfa*lt7<}#Pm`$=CDh_q~&~3TSteqb(eW)xWe+q0$p@*6ti6- z65axB-)eC;uy}^uQ%;~{ly|BcEWM3QbZ)p6e%P*IYbUqjk1 zj+6U~>+0(M$qDFV*0Pb}cYv_#ksKy;UOWi>16TjTFifvGc=Z3uf@NFQlJ}m-AP>#< zpS0jd&;q6O46lNgR!%`-IOqLzwUgDT4#5gK&SYwGGLuR8`*j06H_+=N;R>AvJn-zs zB_t8xC4leAs@N*;RHSW-takEXwOEvuQy5(S+gfRz+x!P>fV9L#f8DZK{^?WMbitIZIYIj*0R#q0lI*n4x^3bN3pM7s+RXMq0uW<3iYSH2kmY4 zXA6l!eZ4%z9}yhNIJ}m*RMy}8hX;+nclgmIBs~1d*8gJQX{S(V# zn$V-y(%-9LTp=k{N72i@iO5$+z_))(hWc>)N&WHJ859jGAT&8L{7`sitG{TKL#=5C zFc)AZpw^TI`Dc+Ic0xje^7AWZZnG;jhLF!Bc1dqy9}B$uVhB>vwr)m%zRL0@egixE z<<`9ARh11b)5jn183{$jDl&F)30?^a!*q-CU++*+1vb<{?TyU2$?UhuN^a@uI$fy+ zY*k&Hnp&SjYc)vLpM5PI9p&7}c?}-5NPCBJ(t7PZoDH^&cq`e5xeKT4!kut){{DT? zEN^8Mz@YIWS5(x_ex3~3rv!w00t8XKmt{d9)$T|31AqV~HLWEuS3>vjU%?nnkgZI| zNd_@eT9l;xuV!~<`_Gdoer9%S>3>ZjpSB!ZEAmIW&j}t`K0V@Z=SBO|Ty}|W4CiLX z5h=Lx-NlfTQ^=I~5Rdi+N3x^#Q;D#xZYJ2BwRjG|CIH`M0$&OZX4d7*GLT#S)AK1N z$H!9$2nZUOIjWWvHyaeuLQMe&0j38*K2W>i0LncDDf2v#D-6_V@Cxw1d&*3Cp0za` zII>}lEbRb613!(6kDpPulc%1IF)%Ta6&0_s6qOn&2*K`gIst$9WSGX z+~DBqFrygq5Sj_g+jNw79q`lV=Hy60^B_nRX((znfS>_>yjnpm=?OAy5QJ z#F_+k50JvhXL0xLrsdcDuH7c?(s`#JHF0r()#6PyUYP1?NN@SMaht0kgO!4avrSq<=K@JA@W~*AX*?&>4wrBoco1bsi{^HRPMYZ{YmDnsqyNh5_b*TPq?e0>WViVWf0B zRFq+BHuxHXBIVaF{e=uhT$uC(9e8O_7k#%JO(CG6rOo#i{KwKS{%@1{@$IM2p7q1t z!m)Fp#`usqiom;f`#os@^%{3iy?~aE{LX2RPo{x$ul9a-1Nmte|I;~(?A3&(->1+D z0H$Sc|Fo7f6{^mpcY%^}Rz*;|_HTcDTLgk|2$R<3j2gUf&c29#fAi)|2N^A5h6@kc zM}T}6?gKe>XDs(yWFOwF)V~i~MsHm)Io0pM5&k!}CFF5qGxq9iF!ERb@1NSTS$G7y zD=WyK|G)lhtNrgi{-5vuf48OnzgPJGmp1xpE$CwL^%d1F7=@>;CjgyhSwmj-ZO!%n zqXmd1L+koT@^;x5dRM`p9qd2nvd#(kH>m?YYnPleH}}8K9Q(@o{L5`UlHkVyq#

ZlNs`4?s%3Y~Wf$f0|>klJh23i4^_F8FDkx+xdO>> zkL+DeFpynJ6Q8AeZ}Eb z)hF@Dt=S2K3c|r&NUe$KOU~)KA1mMx@b~oGj}MUxWN$Y%PO{Bu+r`n)>k-47G5SS-3>smguV*_us6d z)(NYkaiA#`Ks8^pQaggx$6E*9_EHnD4hh3|ox6>;phx=U$`s4wBmI}(r^)qi3rCGo z>F+pC=Mv;9h>FKWhwO26bGGhv9-TFG-?6c-@9n*oN$w=HVNDWeYj^v~*&=mg%glUvn+X>e z9|bYQb=dQ}iz9QbDCAoW#%nch=kYvD#2uo$?;?4<@BR$BiAetSYhHCu08u-^$pRyl z+5R~2-+cJx&YPPLe+gW(`}f6{bI&i{-gBd=!<1+8w?PnkhYbJaKt*zi3TN3J41t-? zoDWJ03JMwxbE{qb!gJia=QU6FX{g2;uGAD{wP#8lpR5F8wOa@_$Ep%3hA z^>tHZ)zv&VZ{5BTm3?yd4Bln5)Kte%aHjnA&HfBD^W z$JV|aXBSVB=QbuL<{y4RgGqJT(8T!oo1l>UWTNkuN?2&VrD3t z>jisBd{Pn$bYh#?*u0h1E^Qj7tBJq!>{&L#b#s#p!KbH3Ep0NPT`a}L_}SC5@soiG z8iHToU2R*N^cs)+@Bk$>wZx%~bnR&C-Gq-1x6N$&R|w?}?!%q&?=XUM&-WC!zH<;S zR-J77Ua8%t-V*3;r%qv<6xn0AtBzoyCQ|fC2q|NwG9oVb+6qz%DURRUJD9(k1;9I zrMJe$>%HWoK82X_nD|-7zijhE`VCV`F0<4GmGqO&Py@xv@47o3S%EG2#A$m|aSS z&Q+H3^?7vU%uXp{pu51z>Y(GGwyO&tJ_4<%E$pm&#Qg}fsOY+-rO)i_CYpt^a4=l8CHc6CXzZG5iGkfY;0`IEH3)C z_&irsHsB3kJyrSmkx4|Py=PzmE6|SxcGAskZGm}Us;OT`co6T64GateY=O7PkV$jG|>1{9uZbrk#eDk>_$kye-o z2iSM~ULhYMuLk)IRMh3crE3kbrYR1wi};F)inX1gLEGDRs^m}A@sCrZY`(l!&0f6wBwX@!W}LKf=!d0ZGdmi%3qB*Yqp%-eLKx7AaYGAD8Pgjf!n+Lt|cYmWP&%~2vbl~ z;|vb6!a0MSj59hq8hq@p9kMr1ap&a4$q=K_)C#K77<7hoi#Cmyzi^zk^q86RdqxLQ zSy)*91o{k(RX>~xM|ji>VOgsZ?(qnRx*Za5dUT)+vbMB#3d+c^Bumq9km!B!y3sJn zzlZpbm&%ajBm4JN*?du9;fLm}3iCbPmj#IAmcG7wFfa5EH(gl6)RegKE7H5!)%mU@q2ax9GAmBA_wd1u*A| z!X7J5}WqYb(vl$aJ@H$@v47}5QC?nd#?6W6 zx~}Tw>FL_3`-qvDgosE9l664=9lS~|ZcCGbzm6;ZB-%}JVsy(~MTNKnnn^cE zD28nuVZJVjcMyrf&++B};?5g?4`TGTsts>hubn-l8orG%#qIO`9lc zzcWAIl;QLqt2Z#`3=^SgP7OOE++=Po^^A^QsVXZfei-V|hi6Teg@-?UwmLoy%Ah>+ zetD`p30s%B%2qYvZdx9sdt=EdI-0|qP8XL~!=x2IoUaTTQVl%xu&n-ho~~+mR=+Pw zc+D2tik#=Y;8{6$iP5X&^QFeOo_e93mpSlCOPd@TVj`lWN%D+Z--tmIVJc^*orU{_F4$Tdx?OspTW0O3r7yAO|2+E|!HS&U>L9|Kr3+uktwaKy+%WL{!OZdVIPI4RI5m&!6`q zrx%VUGYAa=`@@UZl07`Q@jHT={a0iP)ori`C9v#xHGLdTa@ibxCn_D!EA1-!ibfk7 zm2@Zq(-)PE;Y?dZtH+WZFFBZIOdkGe?dPyyyX(4s@t6AQh_Ps#Dw@+fgt{AnKw_ua z*X*bzV(Q#H1kVC+5QKN{dwP>q5->1yJs4l!+^lnZEBGzK_SVKmy>n23B0VgDncZ9v zl|@UxwYnPGRW=b>@U_DnCI1o@@T8b)$o4KdqkU7WSX(3hU})&UICK>^wt;m}{YP^6 zXPrN$)-*NE10$DU;*K4BeEfMZ-1xLoex31$4_}ua#a7HLttCMz{x9`n{v?|phD;Z~ zKx67I=60QT90kDKG#}oY_m+YQhci;o&ReZL#Pzi_D9I>Ci*wn@mVO>PHzxy5jqPIJ zuT8+g>U++U`P8@)raCSsf&!?6esA_O%Az$B{^X~u3)66J=#DC(dxrmXQ^v*yM?8+l z8;3{L8!Vv6IEFLI$12Xbmyu9{sY1v?6cdIt`;xPpFpV%R&v%USJDyH6o;@3(Av4ui z;v90hWQ8L$ST?!8FXp(n@s5fxcZ;(sG{g@Cuii~fR7J)@kMB9|O;V-QQsDcc0x>{k zCj9u`>~`?{$bLWLH=)Nbx8f3#r#f7P9uvQsZwk;o6lH={K%s^&OKj+<3CMHLRP}q? z$HqixLUh#CufZ>b@j`xs#TLig=I6k2^tp$`#E=$zdj=`Z!m8D|&BgF1;|+5DRJwFo zU*mBb%{9hXKiqe4yKRJpY2eiXZH;Fo%BDS91nXZ@)-*0C;P;KNOb<-k% z;pMBwk?lbnk-dPqJ!@<0xtWBdNt~Hn8_UKj)gmZA47n{cKIof z%2j9^-wiofP~vfc9+-wzD8E!fT4A<%E+CZB=RBX6m32MNx%e6>DJh3D<+U24@q`zP zf5B9dFCcw&HE?1lr*C3X*St0~KT(D$_QAKTEK=I*A+oqQwTtSbEXo_}6%ZB09CF&_ zgmu2@xM_*UrJ&5|by;I&D`Ju9U>7ArPPgAsqbwsC`=m~1KN0p+ZTnFR0&0O<) zmBK*dw=t&hv)MK4J+|GC4A&m;oFAnkb&&R1<=@{RtwIW;Nd~rnq4Szf1wK=8k*SD- z1cZj&WUe8I=XK5-#26nQUieHy(9i*9t+b=KTl{TUPTU9)(7>quhs7Wtkzru}yYMw_ zLqp=rks^XP(_{Jhk>~QfL>Xsy0l02FUK|ggt%>d%Hv4I)rWzgjAqnW_fTIh@|0Ci+ zAQtJLMO(5_C83+A=<{`mq|*AF|GM=>Sx}kYnnTQc(e6JrJg5BghT{|T#N@CYR~jRS znVns0^CCr>CO_X~Hl&*^K2699F%Z)vxh3jvmEEhS8nMgMs(2v~H~+rUjA#v}-55V7 zqj+Vr#&dFgIK*^$|NK9d3E{o}DM)PSgN42XL=`iWQ#sg{YW2F8`S{%Q^zcCWqnSr< zQJ+(lmXYHIwdSP5q1Ir-k)csZQ4wC0^B6{gq|f%YWJfd;p4+v{-z6n)<*cw_3wsbI z0Rzf6RR7YlT_)pI?EvF2NG==`>4mhR1|(#m#lO6C{*b2#`99Kh1&3=O%L=1YeYz>< zwXN+TX#>OOmlIXw;f(Df-=Gb!BOuQ6E|V1Gac+wAkfGhWO~U04Ie%ec;aq#JbFGSL zWgnxAkd)Ld>&xmWrBXj%-`dKuf|;!)bVEbB!s6oDcdPH$M;&gyNw@<~mXd~s$lSaw z5;acojPUWj(Yg63Qx`i}tP{-mG?@0a5G+U0pA@0ouAc^Fh3ad|>)(t?YO3 zANWHX9oBLYVH%xN+hAM310obrQBg}c&<1^06Ge`BLwf@wBVV>$MmlcbH+4sTg>}dt z4dx%oc&*QIyQ1HJQKWCeA!eVSCa*@fuwY5C?(1VQpXrf8xE2+$ZYoz3-lz8WfG^<~ zx3$r3FKu3wg4@ejeXu@KMl8XzGvXS^yHl_8_%P585y7cN3%t;Ec6J^}&m{a5G}f(qwj>)grq&Y@RiBvBh3t=UYi)I?iwC^whWA{Str zpMLiZjTc`9_Vs<0<3a7d2fN8X5hmYY_Yh zw-p8gP%=|u<(T9wLp37tekC({!tqB~SY3BF0o|s$JHo}qr!l|JxZ;R}PetX`g9lOD z7eP_MAtC5c%1k&7-{TkXY-k)Mf)Ws-L}S?=!8HT{qgrEOdI)P+tc)OS=v>qm8?)ao zQ*W?hx#dHdrgEs9kv~y=;Z1>Wqq($IAs5ELF8iu{d1a+8T;s|W#7YQPI9r>Le`zK@ znw|L&R9wsk6Lhq?t35uMn7o#gV`XzZA)T^2+fpvzG=`7$<;_DNCjHZ8sA~KBQ7EO* zF);jouXQ`6WoGIvPN%h)g+`8uu`cR$Mf=joXcO76T~uPPR1w8po@^3#aG~<)SaWHq znGP`hDcY-Vq=Uf$UNtq0Vb7Fql9QXlmX9O|!SLE<*uQzLrD?cmjmDrL859EZ?YY%Z z4$~9iQ97V!@~&z>$_@`Crl%8WxK!NTs^0tgTBLDW?7d)i{O!X- z>j+-c+fY-?tj}dJ-S6#4Yj&nC2|mR;K|%ED z(?#^kv#vE|QKQU$ICR(=&drWWPoCG3TP$_C*VK@&Zx~6btAB+gFIt2H6GE!YExo#> zz2_E91J1^gpL0(CUTH__(a~mXx9Y*zUvqPzgAV3^8EWF%Ix#!Ka=g@6daFlss>`-aDO==^uD3)ZFA4ypeNir z03ivHY-^jf^JuZht!Mz>8Y+*K2npC9kPr|+3L`5ouQh%7R;at>4Zt@r)5K_Mm+sh+OsDNXpcj<@ z(e6Jatc4V2Pw#b`h;H|VnITFjhb2zi8ze6-w)z)!d#aBBm0m_@rW>>F+@d~gf z0)s6I8zT4KVpmf;BM&C{ZA2}&FcBg(To{i2v(@%48NRPe^%>ePvB;Y^I5rVcQFZP8 zCSJ9tg{kgP(5>Ms($548Yt%zjs9i9t)h(C>ybW22^{2L8&q|R_ z7gx%brFlxPnSTi3akfk^&NVIZT9|(6jbwfmdfF0}?S}fPnwLa5gF(fujF_hM5s+>yG@-fr{z>CVC+`DAT z78TB)nWd$xrzfhTQ{~R`BOJ}vIn<6~!57hM+2hvF>ue#&*=`IH+#w~s19+tWh>;__Bz5dtE;cSuF8Op#GrVm z?64ob<3~Z~L|oyC zz_W&wj$goQeo!G+FQ)=fhT`+xan~c`@xvIg=jwo@+Fle9Fxkt}b1-!ME-d8#5YM}* zR7S#BvrliKkq;4wN-Kv_rb}+OI{Wy^T?-bA6z5#pwBZPgXe!vE_^CxNYlCUb?=}tFK z0X}@bFOb`DaZN-rAJq1A6qWk~1n4?gGlw)2b7U#qKy125%Io zMd3UhAKT8JEX8V9r%9^G_(2wwVm)GXxMBXu&VfW(S(*00)6KcJtp{1fM+`quYeM}{ ze)hQ5>_R8LdA#>w6XUpcovjfYu>^PCgG_PS-WLu8^;WUU`1^gCgt6VAr?JV@>cLpP#0oI-VkM4>F-i`@pI^cIXT&|Rcz>{T%-VQftu=2f|0S+!3OH0 zRFdYPNr@#KY^5rUIH%o*EY5g?`(c{-#l>&VEgIeE%q zzWd^*ingB|4AGN~+_~}XSr*TEPnFn*;GAd@QuFS%1=<3E--`4T6}t?JM{Tql7U4PI zTFEr3MACo6Cw}`zfy_l=S4wKv{`jwoiYO(a!o0k?c|-ZSt}byM2RK$o(tKK?)%JMyEJDCU0BWi}ISbe~_Yvlv3wBx};X@Ok^ZK;pU6VaMp6 za{Gg3e!+}RF>PaG&y*^^6hwqSpHrkk2hNYYT=u59nHkr!tqK+6rk^K!x(%&ThcAH~ z%Ak)@S5@_eV2#Lk$kB^c&y+1zm(tcQl_ux5rhL6%?e%iHS$v{;N$H@+XHG_Z7rapWgb*zm28Tg9|%^X?q;gV zRl4|ny0l>S<9f??xd|KMf;gPT!f%{1}=YcKYzBep{NH(*waP zy-^GU!USAv$Pr33Pn(neM+-plQAx>j$cf@#Y5zy^DMiqK@i!pMe$Q>DJZL{gAcAbp z-p(yjZA{;YBjy!dV?TlokB#Tij`P0`+3<=LJUew+rmN9if8cHyuZlj!eVAQx9vc$! zNcR(sQ`^$scJ9%16O6m@L?=@Od>NiXON$x3MzNyd36Y(37MKdvBfmTvUFDy|xhDr( z6`g~b!$l^%x`n4WSJ!|^`*u=h`jr-8CVSH>BO~XvjZM&4F}Rt#gfqDZR&0gs22kV* z2zar)R%Dm%kH8XMeHu8p`}qKqa%gA>l1%!LoqR^`DMWDKZ6*k8gT?a;D{c|XLPd2C z$5hK`F_~c$jdJsE@YjnSk?9I&!NDINh|2BQszT0jO>)v3%>dcR**^R}`gtIyhSDe} zRD_cDT(4fGvWJj9x9Jkg_OoXKlwtc@XlX?#Y>l}lJ?NfF1*DDv!HsLryRluBB4ipv zyS3Wx4`FSy+Q=@K=sY;(q`i-v`@WUKR>CTUcK9xizojw!g9QhAL|8gROmOgWCJ; z+-S+C+U}<7>+1u~c5eeab+r!HS30&7LS*$q2mboLiBrkbOdoRa1AooJo7raYDWl9F z-k-Z!-(KDBij0%_9Zmah+WSpGjmYPGH0^*1L5YT2ciov;_UMuC3snAA?4>gKDLsBl zsTxL#gZ=&IIxa~`k0MT>6vYI_RAgM_@jdN>Ko*{$Ov|f8XzecOvy#O#-V#PA@f}PY zD~WkoS{-9Vw(YlKaFYS81ibOh(9}fEmy1q)G{pr4@Mn`mP9GbwEzG(eH;o z{FFb!6|N(I7QcHZo(Cb=HQXG&F; z9~f$W{8;y6@ViLL)AeWX>B2LAyOQKk-51oDQqQM=)b(~s)?+8mmoGncJ{=4%Mm22Q zP5S9x3e6Yv4((akmN~FY=%f2-j%t;cTE&rmw1od;Ae(O;;yxa;gFzx8eII*7JR=TH z=P(XgQ2UJ=tOM+66HT~U&hh?ERZLV8IGt|7uDhD$8G9j7HWfFD7%rgLAklItz(V1R z^}T29#W4+1Sh1Ph9E%^C@{jByd+U0Jj;@XFv_QKrm?f1DYh zS=N1edbuTR`Q+Z$2*yl=>&T6*75~;d0Gc{w_a1N`n^j6Y5OV3Yt^~C1M`)`%p~v+L zt5dFq_O-*Rz{<*(|DjiZec%~*#rMw!eG))bnOK>44-Zf7&cI+oUc#-S>uyt+jF3<< zbd`t3{M{){!y9-_862OUu4LRqW9+8#SzJ8uIXkz zK)x+23xWZsw~s)#B&9<4p)LRC_xPMxr7tsU=HOo)e<-xzpF!zAGM>p$r*CSS%9`Zw zX#N0^Y>@9Z=`xLxb#-nilp?LIt2V|4hM36 z>;M8&b3k+6MKrrLK*dE0qY{++W&R zloptt&f4*wtbu{K*g=`4u9;laG+|GVrt@xxKG}^L=+YmrB8~>jVc+_cN`r1 zG_*ug#Q=S0_L>WzUJL|>-7eO>dtDEoK1IxaOt^`O{q942O&`g}4(mdxj<6)r8U5)E z0|yj^LG$0k6Ww6wEG7d7<}&^#U`Yo}5tctaI#|137Zv62nd<1=5)_c!yZMzr@rUr3ERqgz2$T`rdD%L=Gm)Y7U$qexc|2cfi%@Z$rD%*cyap=)YunH z;xrzKc|fYEzAslB%dD)t=Ws|WTb3=4jDKo&`ID zS~UhATcC_gfAG(rw-Ga?99k2lOaN0G)L=1v2G+}VFF@h9KG4er{6H!K5%234uDt=1 zRw)2)0w|j+K3~jtR3lo=60@)9_ixv#s;aho{taKthl>~)jt;FioEDRd565e$sSUgQ z(|l=~h9#AeCu+j=v+uK?vx$7qk`tC0H!!w%GYkzvuTxr?r%svv zBYMBRx{vzzzh8w(KKM&(1F49nmcq1(3?4eW5nA+XL8_ zH*ei{fS?c(?H=g)`H_Y!lRxo{eeVgz^xQD(bBo_F?09<%XIjAC9zRD-qAoj{i;7ST zp3kF4n4se*b>zHdD4*L`@neY(T7;ipb4Qp#P91Y84)Fcz;F=4 zd}Gs?a_+{~3wnG^;Fn>L}w0e~-^iWP2!9)M~K4pw%Re>V6h&+lAmk9?q#Fou#M(4-T8X zZd53GGhvkURj>K^H7_EMu&^-YcBjll17D{9$DVk$7z>MZR-KtuCvI678yR7NHT}@3 z?ke|$RZj^;Mc64-PuL*ii!@G3qKt?u$T$56N?;@iu4IQ=ke!}`4fJWvWickmN@y=? z07;mbIG!;tGqbRO`F1!)Mp-*6dKy2qYs5bGY>9gH7B$Hp3BMiFz*RQ|G{1EDxKWVP z$=&YOKYv9;kMUp0q)pa8nrq&ilZ0NCg8;;q8CdePwDc=SE~|w_MWDWtNi_|i3o|P$ zlF_&n+VL=ZUtZx5LGkp}qaQSKj^L_JUl&2--=6NS(Y@a6?t#MOGDX7w#hVtD85{4F zXUDUHgK~01r^yZDjTg}}Zwm?w|3ol7V$$spf`BS3FZYNy7Xf56h~7|uL)iDHUmrQ4 z9^$$5={*w6Q{CXZl$YU)MRIyTtN7@M;=@5ri2r>Pnte)R9Z_Id<(;qm$16+5Acph^ z|B3nt-|q?C2Jr(dzT!_|aSE>f9rS?bdnitPUHz%-cyu9gyi{Sj9E$yh=}bZ`#^gzI zRFq1@jK^$NLc+D!*fEditGJ7$)fSmC7aP;VJeM~oCMU5Ndd* z|3L{H-Ei(SpPj%H;Q0bcc~L=EsV_rKR7EPcj<;A|eu@^;7D#)D?Qp*uaZO1EAQzmqJbQO(f+ds?wlggbFV9q9fg5`|+_-1ds79-|gPzb-chD^=3nCGY2g2 zH>+0DPhRN_f&TY5V9T#et1`~IR%;_5EMgCmq>hxV-LRTjjxbihlQ{~RT^5fp6#T=_ ztdzvUQov+h&!Md|t?6Eom}H7R3sqZbMOk9`FMRM{u9Y2G(l8s55pL&(U8LCk^I_9M)f@5)axg6OZk^J<;aB76lO%I{gQ| z!uopse`tvG>V#`0pFuy1TsZ`w;cVi^V9^Php-d-`Er96jg~=n}G-T)y6lWC5{ghGh zIpV1Tt7FR73T|ro&)`dV(m!P_It{g1p<`u@xz&V;jok#uR2WTNvhT>BlmOKeE?_DW zQd0$UrP+3kAuE}fR0}9_c#x+Es%-mOz@Yn6k-kdR@nrA_aQxSR>C>x}-*LR05sB09 z>+N+TPS;0hJDq84)nxZmZhGZbzXiVzz421AvhJ=3-k7-lp&>K?WqrN|{sFo2Z%|WB zh_&-cNZs`p z&GXB7AtNPM&k-{qhk1#f3a*J0Aa>mjXuDjN70)j(_c|GsX+P+Tz~Wp)UloVC*FDwy z)h;GRFVI$y)uc$rtzs2kEn8IMEhXpY&%R=((@o3FNbmi3@WEjA-8RC^+vwgxvwQR*vJ@p?Q#nW<&wU7VM zmTy=3Rv4p`5RF*T=C7T)a5%5*%4LsFR7ScD4ap;*x01Z0V*ov=sHo^sm5rM~$REt` zh&T`T>y{%j7dOyOSp#lKJY~vJL_qCKbQ@q}r3B`aqTZCkeY5e!i&@|cn z!on{=A0d>eVzaVTl&`3$+2d~U?d}}97kw2m5J~xo!^TCAtMzW0AqX~x=?`28iwoFy@IXd{&sY^6E_Z*P zQiFc59@QdpO+icR{{6p3S=IwmSob(x)E#)y<6n>g+4jOnUlDxH&p5@4w+*ZIEG>ph zd|$k#c&^GjLLl@(7{1QO){SOZI!)AZavLDbHtxm0i!`B|B;qi*Ai|;G#}C=U5<~JD zU!Cjd%$K-VRCMEJdnI{Gv_;*SDf2jkBm@r?VvfAHdU0`86)9*;J8ZGAvAtl3K<^RWw@}tFJqsIa z>pntNRD@2|g3UpKvHz-XbH#;ca>lAbz&Jk4q@CFO0H#u67?8IWBG#+%A}>GRJuY{h zTljr8;sCo`59`T)5W0c?Md*T~qfPX7d+<9R-x*-Sd{{0bR(T`A%XCsSMVf@y?$x%g z`x}byFPno5Zx2Ap*X-$+ZyE(+KBPK#ermM~N(x{cZXl4lkchCEg!)8HWc(N@)yHH| zle#@4#f5(F+0qQuZZY_`uhn*lg`LEgr3kE*4eCPR?&uZ_it8Jj%G08bjH8aC$dqmi zh(b!1Y!|jnlk%na62CL}y^>BJpjeQ`Yaa|G&#f|TZww%A&~~e|=0=^I|Wa<*J)TJR?L5dJc_E5o%V%4JE+w0Xzl|%|)$LSPu zK||sq*{w$l{Rm=VQdZ(IJk9&5Oi64o?#f zuSt`qp8^_pwRZuihGz>7G-k=SoPA<5md-WDajw^h8!K|+AYx6@GJWuULD z3IO3@Vj+DK?Ad6pq_ij)cT!ggi%9^Nv^$obd+YvOMA_BE3Fd>XIK&L71gQ*%)1)4q zqQ(%eIs&JNWGz8{5_jv?QXyG8@(ND7YwC9H-+DP+f)y4T`ozMN3g2dKKXUIu$=326 zq|Ojj-PNg?!uL(%3b-9`n3vwhfaIm};1GQTgaIw`cWd=B%0z-A%QojN(iTgBtzNW) zp=H5gv9LSAVu?X>{?{|)Q-lW8P%>g)XJ*N!=pZlqoI!zgpHGWR9_T@dDFTP6Pwlp2 z5_@_+P@U~gU3mAv7WG_gEiFi&&3>cDUpQHTI&#lhj@ZJJF%$cRjG6{Ci!3hvAlCn6 zXsA%8rl3G@IZ>dYr2@D!GYQ1aN(p9pm)_>&ujUv6#}0F`p`aLnUI0Y&`_nO8B((C z{_gRJ4m>1y;MY&a6%N`j&^TtC^VNVV|NS9I9x}RS5#QFIVQAz z+0lyZv*YBnJJ#PTc7CntY80%qH>43fdgch!WC!|1)8oxM^Sa7tW8N(DLm-vvCxx6sKxy}M(hqhDL!^iMJH z+k5TS7l5i9rbbGttGhvKhxuCAs_S#e72!cK*Px@K({h^_8wY^NCqdo;N!6xVkbRHu59h(?%!(Qm48hUgVRs{a z_LIsj?LpR}md;M^_#869z*yOe$x#b}o(W2oWN7yB$j;7|8tVmBHOtaHMD@ibHLMcI zm?-|8MyTPm_h|3T(bLd3FXD3t-FJ;3#3)H-tE7f0mfglcctsRl(;*thEl*0v!)eA| z*irL&eD5m(D1PoDsxC~_9czrS?5dZ#;~KOX#$2{bv6evS%G}zbY+dbscdLzM~3=cE++7Fq7ZL?;W?tp07e9dk$mceHD*}?*o z&GZ8A02`Yl&Q@6GxkvgUtpJ#~qGC%I%-jCjXH}L9X~HSb7GMv9Q)fUi&bQ>P3UHivURXusWx# zOkm?6r=o)RmGx#HXXelFde(hiWv|!nESw|+RPDc@2nI3u0p=&9ME;1^s_ zwxtAl$yAx~+qZAu#Ml)yFnGzMUP87vr&q^Yi=%7A22#dgvqchEs2Opg2t1pZE{atm zWrLKOnjhpOQotpHa;|=I5_?i@^669h`mZ6WkvLt(#>P7{C`VYEsC~82X4M|X@F%tk z9U86j43Bsw+FBcZBA&uBuf)s>O!z=TLLANXKi|Fc(ppzsaOHyTr{h!Gq{9Eh-g|~M zl}2r&&Nw4>oN*MDW}%ECARwZ&I68`mfQo>0l_oXP2`xG*s0e82-GU%B^cskQl+Yp| zy@V2o)Bu5m5JJw{IP+fT*ZFt;eBbMJIU^;>-uro;Rqp#em^u%R*COHtJB*3eK;L@58Nej-0N_fwx@ z*f1Du>OFO=hV}C-+%0in73N}Smbl((C9Vw0XwaSQ zFjU7=Jb`2K2{Aea3m-8Q{1xISD01U}nB|!5_gVB+NHlbJ90A4J5s-^@DxvPxy*z$E z(e)S8gv2(PKVS~lb|^p5&_vrDfF$=r`&FcX2sB`aAfs#p(OOt{c0F(-0MiC0R!Yak z8@~dx2m(umu@hoqSL`g7@>bh|a@QGn0B?{$-J+QEvp&>&KxIX3!~ngTwO_QB)i}xWz=!4To|n&BNEIOHoF$Dyv=Sh_KGg~2^fug2iIKz|UE{_0Zu?Q3ci<9{@nilAO^`pZn1pr-cuUei_d zi9=J>zeNF z3Ja4!RSNJ!w~O76Fy~aBfctSAC`4}JA~;iTUraSn7?4FkMEnHoGz+G;2J~97ca(sFg6EQMVUn7VNrl28z$9KLCT<2X zE3zF*^WNXRdpGps$7cZ+<_9v)Irn|jERBtN1XqWg{n}{CT`0xbx^3G((P?~;dPCUo z98PX5&8*z&r@ihe_y1faoj>5FerT%9z%VaQ?xR7&-y+apgSkVn?Z$6c3>%WZ&yJIR z5sqt2(Hx828H$M7p>={B^rQt(^Y(4tZ{y>USI+wHh6PQe7;;v<5kTPR>#b1lxk4@2 z^=vEuMK4{YiCS`CV&eKwWdLA#Nn8Artc2bSVF2(CEZ*af4W}NQ6@qHQqsJ5k0rz$r zvpsT7eBbhNhF096DgWndw}TdqEvGnQmP-Qu2+O|!=bD&|-SzzMf8N*Y9F>;d94@K* z5N=RNSokYQoncp%`i&oA)P9D+te^Y)o8EAKSjlG+{}YVdmNGnf5h3(83LIZjcs=i3 zE1>Jr;Zt8lLFM~3-3-8X)$*yIzTN762f|lk25GMDUS96h2T`R3vF2S$5+HIK+%4mD~gq68fsGF>ao2cUJxay)FBT&NB#jCyEU-_`cy10i+nw5 z4w~j9EOVP5Z;TAJlQ(Xe{_{>cL(2hCG>{}kF2-Eg6DVf{UyMg5)nHM)L*T0aJbt`3 zH96o$1-D1efce??KP|xfTt5)vg)O&S?-^9geR%4FYtd%!N{z4=wP+R3x8S@cCygNd z3xXVnv69fMaCpzR5r|ijatta-!M@`Y&# zXEHFO3o{*I{AX)Ipti{zJ9}wn&0h)V#MWON=Y5_aa7n`0?+O?w+-GNZ5R|fKz2<&aaOUI}71iz_t8LTO z^?EE+{{VXY1tY=~T@)HD&R-BOAXQk-P51I1(AB);Vh@D0g~}lB72v8Eu;QWs7&ihg zKzYamQ*Ap2sH0W6-^L`G-0wHa$qESl@eKN^58tXb0$fi_GVLgo@4?;$HRG(Iy~m$; zrNAoBsU|4E#bTGyEB9(jfWdp4m$$9Lldf06efN}+3)60j!UPxnWMf46HN$@4+btY9 z$XME9onCz}4^cYGVQ`a;zKt#MDuUoVVG2dmU-LeTyG(Tr60M)tkBxpHs%_@u3;GF_ z4A0-3!wK%0ANKzdPdX@KBkwBg$&6zqb#Ycrxb7!XK#%-7G-_I&D$pJPyK}>kw>hH5m;j=FX2G#>J)fDMu46XDs(W^J&%yZIVJ|{UglqAyt2;V` z(ZuELFux;2D;l415I2@@Uw+*(Oifq#^SJbMcObwyh+Yvi9yOmo zn~yUdc$y)b~*Qee~^C zAsN0T5$9)uN>Rt(`%6N-&h3KLyWYOOqX7DS|Gq~`ZEkMjg}B!Kd#1_FF&T*cX4@u% z^j7J?%!+12r2bNW9k>ht89&YRD#ZM*hxLF?4O>8Gm$x_V0mFuO(+Lh9^so7Z6W?(< z>i5%7BasWiof}#GQKly8tj~-XWG)=1vAMZG1nV7rayC3l_{?%lv`N{$gQjL|C_p$6 zE`AOA89??2kps6_6o%r;Ee+SCw_+Wd&$#tw~tSRR)1cvBcvL^D=V>E=UE*K&vv0<9xRkX)j%=F>-cDX zpm~={p>zWgq$72=jrQ~1Lh50`h`LxONjaE7lYR47?R4{)i=4y6>1&DdH^$uJ;1my( zC{er*`Z9&CpLl+pY&F;ohZkxnz1PbmUB(*~g;ZX@S;SOUs^;CRl?QFBgA@51_iu~T zn6N-brP?L{2BBa(^tfQw@lBEBvFgE=eUQU#didM1LTqo-fjJ`j*Pnl0%SH1>0xaG^ zaahetY2NL!d*`4vrH8W{wc!9^rMhFqjr>zYG^Gl4^2CXQ56+7~DuFy`z!`?;+xA|y zc;({m{wcvoVUH+Ek9J4lB0=`GV537wIz9Ylo5j+;efu8qqrCa}_=Rhiskff}{Vt#% z>iX}1FdR-rR|+fp2Nb$#lU5(Au1aMQ9Cd7$`G2)Y(~dC(mk! zdq9=CkMs&*sWBeNf`9AA@2nFm&7L8xE;^My4Ylr9SBDk|flO$^^$6>~v~5$bQhs-q zd97*}M9fne_MjQ~Od|dE(|W+g{5uleeSLw@m=vN(q)P^HAMmDK(-)_sq6}{7cb~s5 z^$@c2l^oR-Z{J;0kI|S|g}laXtDI&7AS-l3kXa#Vtp4-v`g;Y>}wj`5m`_a=~e9yPH<>gzPW-lO`de}FhA$hMFtsZ!<8PG)_ zHs3+_2%XSS<;cB4{~jGgR3w#&G*mqcMy^XFk*U7nQiV_fl* z_nk!neSNdXNG29Hbn{-ESXzoaN-#rA^uM3~h+pS~{)=D18Gd{n9v>FA&OPqx##jKp z^0J*#S)UV-WC)rv!2-t_dr#m8LHggj$iIx?U*7!#CV+RW(ZBu%1${lP-$Zt`%^C-l zjC8ty>W9ckKj5?s4Z|P`eI4l$%&z#AG4|X3{qj$Ib$?weFuYjC&3A#4`>h%&b98g#M>0}8q!0#Wo zp1i$>-$Imrq))F!NLVQ5+;gY8|5vx4A0M_Jx1L`QPO=C5}{*uf>FuBAR0p5->C?`$nsq5>6LR*zHk%>vd|2-b>%lm0nH7 zVkUIH5hqf{nf|Q}be7$0WfC`wXYQLlKHcuY;YFN=KkgpC;U%ODa&&Mn52$AaOF>h# zH_$!nwAFN%Q!l|<>#CNPLT>qq$jC@Dv;7;rqX_S~dDI;D2Ix!o@FJ`VZk@~d0F$!K z%(id*e15xS$f1pYA^-XF=SQml$A7VMti)w3b*5LZztbAI*-x3~Mur=`%jRzmdhsr% z|RtD6!N7iV_x)EjK(BLbhOk63|?TD;h~fGHq6j`o#%_y%AG(cxkpx~NNs z@w;~HmytGE=&h~NxyJjgn!2(zFSZjcC@+&AI0o(#Zl9xp)H>R%!b?(9LN_jEZcwUEh%@6xP6HvB zru^Nty!5P@&WWDh0-BYslM{}*k{+&S(8Wyl=*lvR$1ntJnxeAp?%%(nug`mlV#e&8 zeZ%aU8LCt%uqC(jc}(k>n8d%m$Y;Cs@%6zoj^B@vJEP*_;+hjn4r}K7u^X#7S{ApX z=G4js%taNPudOm?`{zviOVDKGUdHOQdkfOe_;Z+~?>CMqI1j``M2VE~;>$6NsA|Q5 zY!kb{U4n5gmh~wXMCP=UF3bvsSt~dJ^V><;{ly=AFI|G*Qy$aqGTC3E+h%V;@U|QC zNb17(npJpOw+^s1aYr8WS;K1K#1s`P7H8ZF3hvg_&GdJ_dLMcy4nlsbuWug7mZg@t z(b88d@bJI{v=Xw63ScV3%r*F(gYs4n zB%qD$ix2>^xZiM-l8s4t$dK3ns`d_!-o&)+1V}Ox@w8~nO#=h zIcDcv`W9kOPnPa>fTqipz6$7}e~|Zu2|T(OjM3`ybhPGP$&~W)j2d!@fh{fzbn~zT z4e+enVT!@dgYu;{jC@K5Sv4BIOf|$OopY{U5ew;F|L51>e4phw#{t4Qe;-yWFk@~r za+dsT^`UYPlPGDEq@w9A+xk%9^o&E$seg<0+KOf9cLk(d1JenqE4Zow%L)M@{w9V7Ea$Hu{5BbWu4LJQk*2WhiRfSeTs$ z?`5p+_-8&*O`PAFrD(IJWYX8EQs~Y{MG@J9V0*kY+@a6e67-dUtU;4&I7kr z{994<1XE1yc-eTDifdCg_R4JVk+#&L%7tC{rhba2QMngAsb(4MrW?(SC80UA-qqwf z@)SKcuh4DI39c@}w$Ri&><^>KNqqx8{laC89FFm~q|@s*G{WR^8Fh3=`+JT4WiR*E zxV|b&jgd9&_%n*hYb!zhiF82=PIR+H?kUvDh;BZVSy#tEvwl&}!}zKIbO5$P8Z-PT zsKCuuJD4jjE*^W<hFfBiu7W50Mc$tIA=|0Qbre`9|`1Cl8D#csuJX7PXnSbZ=JHPQ{Vw|Lndgnw; zirl6ZG;blfY_?b>{^>$oQc%5ZbF)$vJMmj*cachW)7_DGwd_S6H@Z3DTxRb%Cu4e7 zcK_m7^4d`fcPPww7gi(`e9MF=Z_;TTSZguD<0@I zvQ2U^zROuSsGtI!s%q-0i!99aBNysJ9pr5Ki=EhwD4s^};kzBH(^FHf9AU5VdK0=DMbf{D9kyxxl2fObMDPoq;S^57@3qp ztS-zVlIAT%V#)q2wcA_AA|pMtlGQ7BSazX%V(7f#KAX1|u+|Un{cvmEy|aBqQao-Y zj|8g}ep*HrL%Kw>9sRNZT{U!>Grb)>>2rp}Cip-kvRIoaQKI_OE2o}yo@S7Y*lgJV zGjD&`YP1$wm0V2_zm}$^ra`uGxC*^oDNOy$F*v$q@OtDDOxz9QPP<%ynHG8g135Q1 zGog29OQI5r!<=>S*jAg$IK69ambIin9`8$DdpE!Oax%?k75>6B1aN;1J7iCiVfsO| zZL+UA3|Bh?{PW@MJV3WcwAPN+&|=Fr=xCX3`RU2F}4e%;$;hUCI#LL z?Q5$_N`-7;6$k3G5q2MTjVMNfM-)LZ$6Dg3YV-gN9hKShl388KIZi#fau&S0k^)~Z z%VFE4?>EZU@`GKQ56GWIP6BM zrO}o;bXz`6Wqj-EvTj>@f%(rkyMLsw4AW`5NKU%GGZLYzslD!=N=6>}^zHpnC4w_|~};ED5H$1}2Smz{vR zIyOt)bzAz4>@7<13aD@!y>J73?BgK&AA6hSNlJ{s#S(@xn0jJyGMs6XY@kBY3 z66dC=PKU)JJXQ+JQNs2*dzBm;kwkH=VGl*yNnUFK-Rgp|f^1PX`WoHApo_zbxI8$tmHilV7LqZwR_3x7GcGQ}7P@))~OOh>c z?0vCQ=ysx(Y}sMU`cTsFUz-c8o4T64M@a+o9Fva&Q52rCG%G2ch(UBUlYgCkfQjV6LKb&cKLgo+E~33zvt{wr6j7VSnj2v zv2k3OKXuBK`-o*T`eoZBwA+P7^$K?FF6`zsR8$ki)dg24bBE~s-l2c5LULmPxm5?Z zG-np;pw5~kum_ZEU<%lAY3Y{Sw-;TzVmlb!7Nru%1rjhjj1y_sq3$9TqI2XVG)nD$ z5(qmqT5db2IpN36H&Vfm-N@>OxW`RRE6Z#`$xXA zh98Gnf!~l#pP&pr&>J}fImoT`RlIt1xNcIEd8H3Dr8lX2c`z|pR#~=ttu{^1$f!4+ zQ3!72LP-ux5AvJZE81!uZ5{!!Rcc}3X*C~rGF7vFJdW(I++jWwQEIE}6tFawT$w_5 z{WD6&ENY}CXk2uiCEz-BTr$=EJTD^Bqv_d*#`vJ2S*({SyQ{j##JP+sEpw6S6n{MvtC_yK~o=Jg4KR5QWWAQ1O zcL`>pCx{u9*?TxwjfX}r3Gc2iUlv?^#NuhHv!Ch~L(I7NqU>yheO;a0WjNm~V* z=I?9E7XC8er+fl;A54IrOSklQHT+6Tjwh}Z=t87wu8BLSs~X!&COdgmL9AlSUW`1) z@vxBJKel(suZ&Oafsq1H4!&sUz&YD#Cv|E`evwP@@eU4GoKsrmaiPhznPC8aMzTW2?G-%A) z<33FxTBt89@Ta|dx9nioo-(!wznwk5TC6gsJTunyZKe?kiBjaQtt^C@CxQ_xRQ80T z1Wc2)lZCGKpeHBs>8#Yydelbr>jJ?nd!=4IW-22?j0C}Z!Gjz1KV{s*(0zwG?Mte~ z&e62-m=9L}s(PsW%t`s}>dj4&XA&^|7X~|wXL1Xcun3+6D;~7-I6!pRz zD4qQo!+GoliQBnxYPdXXYXJ(n_phlko2E`3r#xPpKo|vFuc_zc)7dVwn>X9Dm^9jH z)DVP&`QYfqLIw+URF+dbX@cr&AFsvArw__$-0Yyt4!8|{J(}g6tB{&(Tsj0vx#3oM zkqnv*%Hn&McOywM6;i&z1=~c757@?jVQ90cw~`Ijt8QJfvwZo8gPtox|49hQO8jIj z2a=^fpD3H?fvTW1DcowXd^yNJD}cLdGa5W7(Vb0sC18HP^08INxIOuPyFQu-XHMGv zX1u)h%|KDbtiiF}kVfX7c84TPl{3Hy(&vpRFMQeiLfL}1&UIY}g>f2)oN^(B$$5F)J7ChtFTtIG-Aq?r6tm)_@n8u5JnK&_+Y~j3L!oCS~WAgV_ zz_N5YblKF0PBck?OHa#P8-smo?B3HSN)S|GeqWmEQ~<{6T6@nzc4}%WyQeqA5}K|l zcr<>o;lQnizvmDO(%+$@`nKlIHC)2i%K|0QHEX}_ z*wLRYt>**95cvtNjgMZ9{G)TSsWbR2wWl1vzuH}YdRD!}r6V=kosdeL9#b&3DE8#J7Qq-!*hza$ zW-Pu^2izx=HE{}Y31STM%Kx+g{lCg~lnvq)Xr(=#FoaJ-H2#KnW!m1R$8>(_;xqz5 zwVrqu3Dbk4318<{#=__;7nXYOjW_}_VuNnF@tf1PhIDejP}_jQ9T z$DNDW7Q`c!zDo3mNJdp)McR>$r^J^r_Ww~W<;(nL(-zzmtP?xXW9Hl#p;f{WdVSf(B~vM-%KOZ_VbKUwLP3%(A9l@Q(Bc4xJg3nXJriXEN0((x9=s&jnJXwf6wI1_Q*w_6?As;N!b;tE7WU1Vr1D;21t(Zgd z-XZ7V4Z+jgRa|qDTH2n5cqQy# zAgsFRqGvwitpqz{X|`VyazpY=uiN%VgfhnNmx*1Cu0@>ak!u^y8vwk-9AZ(qSC>!> zJ|mp=t~|p5j30AW>Lk|4W2@rnU3J3F!)~@MZ!Hvr6Um7!IW-qo)b;gy%L*g_5<|ed z!3wVdBYI~F?9#LZRcUa*_lqIxf4W0}2Hm3fF~R&O;_VD8QsdUm6Dti~xFiyAs%s6F znEAIF1-XeiuYy*yW|tJ+t$r#^oK1kSe5;-rQnu}?J4-ETtvhuXrpztomn}puZ}!cfBE`?(tImo<-DU9IDIAnC`->w37^Fxo#1 zato5<7EB|E&G3gk8$Qt09D8DlAdYN!_4(=fAu4Ha{IBPs30Q=NNaAZG zM1(DRu+M4+hMUS;H4N`(u$)~70Bj^_sINWJ>88Y`(ukEG#N+!)?HF3h6C)?2rM1aP zYT!G=AyrO;c>sEk;!-J@Mbp^|aRJUXbs>`!BISs1iDG4Z5@%PU3M-@@Eo1^V9)@w~ zVCOoiF_v}UiBCY!%*JL(+l^oxPB%blf5M^G#w7&w9e3JtGJZ%>@Qm}+x5YZaxHa?2 z{!*e!W>xsxmSZDPCUbv2Spb~DZRA&)&FWHz{QWx~!FjSLO#-gCq5BGtYX~bA*0=~N zW5}~Tc?!VHrhoii+GN?mNjFp>>cZ|`OjSxsRH|H<`PSWSJGrAt90Bg9oZ(9wxt)17Cm@9h}{zIlRp`KTE?V;0%ig+jMa+-PITrVy8X-8_DAn% zwq#OV(RBVu?N`eBxHJEm`(Hm*+eXP+^iKBm%NJ^XN4LbaCI&Cho>cNn5mwBS+j+~- zFj_lt=aw9!0_G=L*dfo`^}@t4n&}rvr--(n2g&&eG=YHIt@Ji59X`2Zg96Y$iEw%~u_!Sm6nn93-GB z9?i!_J_m_PJ7WJ$zrNWYkkzzj2^p6(h2~6hO)qAio~`83X_O)MQ_?y7^JC=H9TThr6r) zsNEV@1cCWc4NB*S^qmH>1w{>cMK+>*w=j6JzsYPb%S?;%L=9q$w4SlE* zj(vwF?)9-C+b{F)`_^Vw7V7^frW1){(_(f3YDJ#Te7ltQ*qcfaAh=KGRO?7W*XUQquosH?ChX1X3VT-s`%Z4>8E^@J zHdt$XN`IQSV{s*Tkm$q8X)euk;;V1<%Tu@wlu`hbVNqh@g&V+hSF#sT>uv$Q+z=!G z>m^8hVKWs`cZfNY-hw1JbEaf9mY)IMykkU;|B_MogBFPS`-D~eSM8o|8u4eLfR<#c zL=L*qH$M$^l}z&X^I^_lZY$~}xtsbBOTPges8s-XfoDAhKC8FF3teGZ?uBn4N$P5~ zd(Y9U(ztF!=*~KTyg|1%ex&=|XCSajcTkQ8tRI)Fm(Dpxr>=dB4*gr%Oo z;$h7(x+2&J&w5#NzdP3;f|oCgJlsG0`SJFC{=&Um%nEFr3LrbX1(=7rzmMePijj#0 zQ3-L?6_&f10N+1#PID?_%yDj7P)e=nBuQ;8BO{}VF;VZ~5l{LU?7o5Zpo;ByB%}|P zD;e~(U08+s9$Z6lBfwUOYfiM7yrT2w`@VIT>~x*!FOfy9B`4c3gUyy;1f0dz zFGbc^uL=+VU3f4(JZ{hG=dCBH6+O){uGdYxxizt9;-!L))XCnJnSugF#WdQ!h$&`N zcwZC2-U0TMFQEh&GOG?m*iEf5T8}$Y+!?b@o=GO9_gwI-Hb}YC4DZ@gG?( zsbX-?RJU_X}7=` zwszbhm5K98q+fRki~|uK;m?T+s)#!2e}uQ3P4_skT?H2^GT7tc1~P}(<)wn`P+-f* zWb8sFpsrJ|XuKg7HerLhqt8{)n`TRt0%>pp7bld6c{OY#c|w4HgkhHQm}_BSA2{uo zHpZpMox~VR5xL+85NDJ{$(1V^SPk0GVO6lI_zFBsEWdjJhLjzcf?nZDvzwFs)v+!u z6l$!kt=DZ7?1}R@cTNy?B?$X{>ZrMPapg+=8^A5xUBuyM^HaAV{>U~dv4+6>Cisq6 z-PWsck{in-KNRQ4XhjoVAyf=f9Fz5ii zV6H-vx4c8wX&E`+xpU|%*4B*SOC`>O@)O_NFiUv{5iB3FA;ucRO%G~_U~fAP7E2@0 zxGpxpEXiLk;szWO1mHN>o}y>quw{v!j2gh`7ToELG$a%mrF{axW;&iThyAmti0{I) zXmg*t2+cmRHdyY_^u6u<_99u+(zBpQ2wz=Y1qf0SJiJk{BgUCHmSf7Ap5Eb>>{4fk zshK9*%UO7M=!2M`(Pjza`-xRE9xGZlPW2VNdJC% zQc6{wZ3D(&ms`&fe$~Y3>70|R3EZVN(-(K>^!+t&$?lH~8&JH?}<=ZdE4e&l)d^)YHDWQ|_%8NMt!eDbAKsl`w zE%602wbtg)9W^0V!PdHSN)bsh=1O77ur)2cd6u?0KHd8;P=Fl{V8w2`<-Y0fN@q>s zmO@y6=I{jKBp zbeFXF2l3uKe~pP&vscM$Gto~!5TG1&@ijl!F4SK9nev_UL_}_aZ1OesjshSzE+{p_ z5&{$Tp=^CMelbXeuGzkFlDNvH+jT9U(uDcp@$_|8So_znufW1Wn48;)-Js}NIhG`| zBI0E@p_@Ma_5eUU+qQS&n7h4;j==aKM16Ls3P>3a0wM#%91%6D7$T@7k-SdTSe&J= zzsb8e2zfSDBil<2#`KXjP>YYQ9l%}-VlV-|sTWa^aig7)neBmX@>1v=p)(Jmp+O#m zKp0{ni9MjL_&OpNs^)2`&PWfN=%;Y+0#F+snQ1^Px8UZqEWqXzr(-D<{R6zY%$(-d zM8&6v$;ZN48{qGKxw$L_U2;6x-_p5kIdr$fOcnt2rrdQF)r7(hfFL^mejDzBMiyvG z3b$_4H()kem@|6)mK}JJ9@9!zj0tIWCpri1wyq^pbvWA8@3U4;0l@$3GX=>FMC@|B zQKgTzy@P`rL%M`EVd9KFlarDnM)xOI03jcy)8hM?O-rrHQCAx1>1m-qkJa555cGH# z&`2oWjAVNn*@43!!&#o{ltQu~h2#W%Z~DvK%D3hW!4QUFm!|w^6{uzfAVClc8SKVD zK)qRZXfiw=L|9>8qB3qGOFRuq=4OEMai_PG?l#}DIvU*Cv{0|xO2)P=xVCFlgZ$zZ zl0_iVM0#dslQ6ba#q0F8##trs%YOwHGly~di`C(UF5 z?NeeNpsBu|$DdkA9p^A=AuD8jz^?Qs$Z@|JOlKhDt%2d=F+LFOihOUGq$(a%!7P69 zyr{01CbBh9$ZKFl$4fn46?3m@?E|r;7q9aE>#nIgkbsiv)qOm2)<5~`8TTXLFUYyjo%-5Ir#g z{wAIxCyyT|L9|R|VA-~1YtjM&*{y)XPM~?Kai)H4m~79}f`F^3FO$L$TpX2xku9VC z<2S;igOnU3OhRIL93C0feY=&yeWX=`6@e{iec2Nx;Kd#G7#f zcMIeA2|V4!Ua}vd)Aqa`qMV{&7w|~NI5?UlD7W^}Z|1!rEj!wxZ*ny>B6G;&lDhY@ zF9eBiYO7!r3BnOE5K?GWXq0zN7A}2*;$wDc?Pz+Xr0Cu->_@E;ZQ$^hbo=}#6!n2H zB@!kI;ANB2>Uyx^+xCXGP}Y_eF@r`O{fV@1dOD3X-XdAvsqdRX7=Yopa2?en$OE!3 zUUSz2ahvQw1>zVZ4NZsA>4+`4-u~6S@(<<0d*f4Lq-P`2(HD{L?jD>Q^v(Bai32H= zjJSBnNJiWH%c%qcVT@lCrt^6itybrQ-I3P32$Q0t--n5Gj(d320cVU5w2njh;>#Y( z=@}vb@9-6uUvsuaR8!O4=xb*F{sxHG#WHz>%nAl^g>qx;cMbDj%Y{Tel+8 z04jj;i0|&7CW~yqKC&B$eu|olfl34!I)`6;pQEy&>L}X;8JUrs)KOPJe z+PMKup9F3RXiiKIL+Cg-kCr&lIoQmW&t&vQJ_4M|Z{-FM;a+L96+9X%yCHI9*UMt_ z_Vhqu8T|5ezUN>$I9c0<;lC2iGginb*3)l54?X;e%ZS9T-W=g3syJ*&!g@-NS4#O> zQyYE@THe_Y?yL(>fqOfXR%l|kh5t|tC>c`Uz2klw4}b@8HEeEB&xqZ~(S{>B+&K{@ z?qy9fhDCa#g>btFl_jSUHaB%M4$(a1)xVsclHaX`#8|+Uywr4Qotz)hKxB6>&B*ADi#A z*{1~pM}vy5l{ej|yJnvaHbH^IB_bV>RRTsc0e`DfFcAK1sPPmg=97Xt_4Q>Zp@r_I zPokn)U5ILQ6W$vEaV^8hSK3PpXGXSUA>SOn@`D`OWZs6z8xYPP@x@{gcr*SLcHU3i zFi;>nO@OUH<8c{=9T2Ky85cq2`tMHSDhVc~B=m8%{OMaSfH+8pjtyQTgM+ysm7}yUN5xel|x8h6*_C$Ah z8QIH2e3R^8wi49tNhYs4wig&08X}zDeB;f&AJ;|b+BWtRUePTX?N_`3SSD=PmQTMe z#ZNz3c-Wmz zh@AbC{n@LcIH~4_L6nfv@z}G+4_=R4nvI_sN_6axJ82%#93az6fP5fD?QxJ;y{-ec zxyql^Dol!MA>nE@oo1W#O!NkQ#cYWqpQe9h-~^(o);1P-zVXN6pI4Af^1D;vbEmu0 zx0#7Tr}Q!cZ;-=M40-(YSnwDR48H7 zCSk1R-+$c-l%$ttv?lS` z6?NA4`FD?rld69u5xGQaoC}D*JpmbFQnprzr8{?-@!27#zUUPwxYFO zTy2Da>AheW>dlGcvbx2NI$b$V31~`H7Yev2`Pr1ZSvkvidi?3}^B-L(Rn+v@Sy5t2 zN?ynC$M@mu-0<>ptFbz(AqJ4|LF@i6#tl)rsb`E{uu7kkD!qz$u{fO7j2x-W5*NV5 z0cFWJhn{;q8`G19md9MZsdj3zSD`mg&8R#@?v$|wmKwSPZu-;f9|aGeGP?xHcBZbL zM8SZLQd1|}nZfu0U$4b=ei3i<)HdnO80=!z=DS6{be({OaO!4Joz!H^o#v#$Y`#Sw z<~13NmTM~}^-H8@ue0ft!sBK1Icjmdi6>vy_o324 zw8M~#K7+oP9#*Uln1S3T47)!(fNLVk7*Ggl`c>3V#A0`*p<>|XrY1oPL;Vu9;=HeDOt!#I1*Nd!lYV zJo4)9iS$>w2P}6Uh?lQ&`_LJ$$6JdK7mW;Ku1~szH)ss)? z4>H^-l{9tI>ig+wx5efiO>TbkmDZhvbazj2{8~1(I@r^NT!U+p(bZ8`WDi?NSn4_U zR#cQ%g!5K?#l_-Dd&yUHl*QRAyuRhDzD0`hB<5R#S0(r3u-utRO>-89bkMfduX0Q@ znZVY?k^NKu4)vWX>vZW~|W%BIDO5*etQEQd{L^U3cc>v#b#ko@4h!woJ(;@UkX5}(7lAi48 zvp5hOj`vGnPHMaC$}JlAo^2CP5M&JshG(0sa|w3ETHM+0;(G7Rn@Nc!(dU+!ks$Ls zSLBCJlf=x@B@EXtIRsNG@7kezw|fq_KN@$ymZ;SU9z4D<9Jnk#s`WK4el(;}Lv zdQj+!^Geqoc{au}TxqR@d1ao)l3)$Rt1|EBGh^}x=N7RR+4OH6O;=xvavJ6+dp916 z?#4rT@apVDj~U)MN=!1jU0L1F+I7;pB7l61UlO$zAb+-$!-&t+*N`wX%U&R3&+u5P zb1V5%1JT3?KX%;jb=u>L(IxfX-DdHo{?@)TUA>W}u6EN5HCK<`Q05N9A`6GwBcxi{ z`yryGDE22`$$A@$3KdTWPEXIj_PJG;GZskVre(xM*Wn4EQXW!T^wC?%{9T$(bN8#~!zX01L{W_Ye zV%bP?ctwCb3)LaE?Mtib zHcj-K+|hx>vR_aMw#9Wyln7IHI*ArCdnJbrV-V>xZjBCPADwMni9p|w*VMhDx;kg& z&W&sXXy@KkB;^cRXPqrb+JSxll3#`3*J2|$WQO_tA$yEZ^osh@=XA?2bV^j#?bmA) znN2Gx;oY+1(;4UKRwVnLR9X@Nu?*%!+D@jVnvWz`@~6`0{jk2T!d*W#o%m@7AQ3ah=zxc^&@Ni>0F#!$km<+*+DDsfz=pF10@zhZ#56BhNk zy%>e+UG`O0Hm>J3*{ZWX7LgXhv_h4YjVj9r#-8ajN-m6ip&b;|GUwG95p1hZxHow% zs46;9%nhPBQ-)Wmr3LyL#bLI4yJiVf!x_hD`>D&)4it0tO9ibvO5t;J%!Ql)Nn~&Q z_jr3`orVU~%?oU%7|i15ckf`ay{_&utDLj|E@205M}YrgR~Ex*l;Q5t!o@`CZxn}E797Ul-7G~OL5EW>_s=f^+~^lDQXnGnAp`HZ@N&GQi6X;t~kt|@*rL0*YOX@ z%jW1r@6t`sn(El`q!zpWVyoIC<12F&fa=RcfecWLUB9TD9O|o! zIPG|ws`?SBG-93OjL@k7cCd9Ta&1B}Hf-J_#BzPAqIH?{)km8um#~t({(>VweWpJ? z{h5#Hr^BLjE32=@s1b+CXhoqV&YDBZOzNsbc!;1xkc*m{ZvZh-+b=08$*S}9GCfbS zYN5!g<9+r*FHI~Ab$7~*-v3qITqQUemTJZ?#0;YCwSl_Ml|L`vtd`s{h_VyL-+nFRwU$G1Yk1p%MUVfMJ=Twn zP+k4LL=*8H$e}An#ulS1IXTP)M}rZQyrYxfdn(JC_20iX_1EV($oh|eqYW*GGZ&r; zwD`@|YT?on`wyYkzBVWG+$916C6kSFRL1-TB(;2L0iwvo?N9oVf^fTfZZDRR3yI9Q z?jrmNrO5YP64<4BP5P7Xlkga3`&oWEyhUvI>(^Z?`aI0U*;$gV=K3NY$N&GdcV%Hs zC0Uqm6&q2RPg?~ArH3V;AT9_7*%}2Dgt!C35Nt(I0%1{>1PI_ZjYvz_6od#U=}(p@ zVG#m}HX02yM4%-ENDv8|VND=#352QKh+jX<`Lol#oR734w}kG4NA+5wGn^a=BoWi{Le zorc8oj>S&7kq#;n*?i9EajqIY6DVp6F}KnfV!CS@N>OUhV*Lduk=qoqP$QWX=b{tna{mhv#5w97AH*UG z7>ttQsY>cTM?EagS>-JbN9@~{S-jXkGEk0SGKodjU9!%86O;u_pCot>|?BOlUqh_{2?m?AoVE zYUul>4h`GmU> zYlP00Rg!z56#Lu6m1C$g6z=r=R@_re9j@b?Z}e|Jv!pg@NvjdUc0KTcpA?d>du|%2 zW>2PL@%AE!M?jZ_fN=4_(^&!)L?uOeb`!gvSwk@CTt0vmgVT?De^Kr%bSQei$RDhmg8@?U-!dTGk?9^K$`CWDn*0 zW%^uMFllUvsf+2Kx%$&7%}Vbe>{j=c&-Fy&B{<3^lvn7Kt(^oWk$^{%J`?f1LG z14Q&4#NOUHF}MyR(qg-Dfi3y#h5(il{Xqs`?)(9#iL1h0> z_2+A`F*=Z-haF^H0nm|T@^NOmUnkekCfzF{P#RFg(M91xAq;{USzph(wfJOSQ}U`_ zP0y`XCu*waEM;1fk*>^U>_SQ(NYt^y3_;x@^?Cw)25gF9{A!!MEt*n%y}irxjC~i{ zG@G@F;u=(&R~#z|KxN^wJM!`bZz9tCXoF<2IVtZY_{?-?QJ2-=M?puQKB>(=ZNmf| z$NRna{h)O!(8xgOW*A2zHftOSsy2j1$f^6N?poMx_LyOOhqHG(eE|~@@pGG5kiQLs zYxG0c4A$9ub_>gp?84_)a*vKZw}L*o5lP)hY4snW<5s?pYxlCZ_x0~+2(Lvyf3i?} zk@^a6Gw&_R--JMbgpl~Iyu5W7@37NlmrmwDJRnA>RT;(sY=$;+WP&w_;Xa5K3w?bV zfu6!{#Sa;B0k^nX<4ruao+&aZaHQnaGlJxjf8}G&Jo!fMH{j)8i!>b`N8PMKWSeIi zT*hF=+5LA9Ha>}5SkP<7&-RvWK3A|?8gL~%!_Ol0YAeT$&p3CG+j#|L^slpajOJ!R z%B|FR4=*fuzwh-C`x{dS+@o?Gw;Hl58N;K_$;iUx(FFyp^Vv>H)nduZiW2XW)-!zi zg~s#!RKirt4QQeJB!QOcc2EvzBsMFZBYbbb@l@8jtJ$2QOI84oj>i9lF##8g_2YNOTt*WWMlm2Ml#j}(44h~|`F=KRgNJYLennvEDGGIa=j`Qzz zM>zr+yJ!E?chqn1d0^3iEWs2)A4PBo?dVmt(veRcmXzLK{mfeeh6mJgUi{x!5skI7`e zJhJKd@+ev!rOF&cZ`Dv&Zve@6?ND+t4;LTOUJHw?`1m{!8SxRNDk6_eb^A^fUf=rI zxs}JuVfyPVTXv26tiHWsX@pW=_((@eeEdsOhb_ZnW6hxFMw}D=hBnq5%uz`2Km(V< zvOu3*zzaYBi-wL%Q^)%I8+0ivx4nO#F7u5U9`qWTHryF^M1{Wu1>S{Gzq*lL6?H~nmYewC=+II?tE@(6sI5ejv zCnw*?{SwUWg?9^J229*bbV(A2!^!SnXxxaqj8E65Bm{OTgEeXczn{Z1`D0Vl#!Vkz z-)`e_)030`EnXruZka2Udz5+~?8n=QiC|^ro2}}B^Ot>VeH-UC;u7&W+7u#iB=Hkg z#+z=wlXPcaTb=)L+{T#;zyK%bKaGaZBY(Fv+cEosmcs?Rv%pD6TK&tT-4TUskBJK?ODh!cYC1A}0mMzbXy|AC&&T6-UCN+7{KkoZp=?LAZA%r6cyPhf3{y G68-}Q#ps9t literal 0 HcmV?d00001 diff --git a/_source/_assets/img/blog/jakartaee-auth0/auth0-create-role2.png b/_source/_assets/img/blog/jakartaee-auth0/auth0-create-role2.png new file mode 100644 index 0000000000000000000000000000000000000000..16570e92b472ba716a574bbe604e52c26cd6e5a5 GIT binary patch literal 88435 zcmeFZ2V0X_+ck_097M2zhysoxA|0eCErTd19i&KC={59F6FVX$BfTRcU5J#>LI{X} z5FyfqP>qy;5LyTXlDymd`R;MPzwo{fhsSt?WUg!Hy!KvuoolUaw6USiQBDC)Ha51S zcW&P_Wn<%Dv9TS(9cBl=(Y-7C1pIX{;Km)Z!{8_4u+vNM`b^-hdx3YME`hKI{?2T! zK2UFGsQ^cRXJ?-PH)tT`08RsZNb1*zwEUeP1iC|g&YQV=JF{6jJDr!ic3$^^&v|)S z`K#w;6;x!ERIbXMH#Ru0b=R!vD%T<#+j+J-H#N;dvVKmu!!GDF&#yUDUF3Vb6k%KW)pQo@bb znxbcppJ9DIOhPbGEbk*=T>t&4PnmD{_iHwxsA#Pd@>t*W2ZJysRAK{Ph zar}PSGJBYL;P=aE|AVZ3zhC-Ze*#MS&rkiiR>VIq*w}32|M#~4Eyw>B`M;H5`+s~& zHP1`8P&B1sg~1s0s=Ww}+z5E?9vru)f!n_i$JNGf#q_ybZedfm|a0#k$Use z{(p-1DE0X?>u}T5s5y3$--fA?YZ={j=TgESmrnlCPO7XFT)Naf+gpQy`9d?C{1g7Q z{vILuS`nw+>Qq(mrvp=DZYR9$dpSHZq5x6eH9;Nz=lX1H3u|hyeX>m+=)yWEqMx;c zV;McavDOgtFBAxIImohmKk7vmW^LQ6Vs@*%cmMzIi-PxiQ)+OCHxwM}^&kJb`s(Wo z+bmVT6q$t)7$q0O|NE^+u79nvU?RyXeQRr70jK|UyVXw-1iMGb_D?tO4Gav>3M-c@ z#+Kv9y!Fu5c5&JP3nWmEp}oDV2n}he-`9(fe0dD=Iz+8d8C4fWKa2N}$i!bsR5NT|MckJA7oJIfs$$8cO;HBc``bGWy-j(s1O_jF(S^M7Bn<`gyx%<8x#`oAMOS=WjE5QuGIYGF+|JcbYg4KH)sL$H~55 zSLDPi?TZ)Hw*o5P*RDT*k`ed9IyHB+<_9&5_we>CZCCL)w?w+W+rx+7yYM4!3g#7N zW+i4$=_&7nZI){<-B}NfT;GZ0Jh=Z=`@>i5Z!-=@^;zO&atvg74qSGan$e5c|1rNn3sVb=9~DFuOaGgsHp z>{Q(gok(baJKP!D5Rt-J+{1Jx)#;!^ViSob2civZ(g<9oO{tzi)j% z;xH3q{LsJOM0Qfa;Ly|7ybWc8yW!y+DjL`Q&h0gq4#@{aWDT$RS>Nq?W{({+mE=3C zk$-t`IXEauWtho)Jht5X6*1+74va_`?z&?g5KuifZfhwb-^hE+1KkMUp=Q5o-{6?< z^Fr4ke2W=RwWOq^-NM7~KK|>zlk>rU2D18}ahzX}yzgl>{I!*ppPv*QOdBKz3Y*sO zoO(4+C$Q*-F)rXZD85hWAkh1@CDo5W4>!qwk<`s%x1l_vW04brY>iF{oSrZRXS;z1GXX%CN@ ziKkLWaPT7Se7RxLwV;rYcK`$u)Z;(XpC@jXOg1yfnuuLIiV_%>amFvYqS~80pNj|` z4E_yJY&pVUS$Nc1$M^3<^aclQ&yLVkR3+33Z^tVN7%(<=g@yN&_KKaVuVce;y9%A% z+3pCIZ!xaxG^dJ&A+qG=$Y|{*iHPV5dr&6-Pkq>Yd#wWbWppd=olEPGeRp5>nyj5@ z;!szYujX8I^aoMVkDTmJJ#4%cGo_LxcsrqAM?8WU>r3I0Tjb2VcvbNpm%9+gUJPkd z2&vQMbmR5sXHOnKQkkf*E>8hZZ)mC4Lhjqd#9c|gq0P;t{7oElebR3ST-Dmv_A7v$ z8ROe8W=!(?jIonn-9_^~&`PpA12usmN&Q>Hg(TANZy$0U)b>kg$vbVwRp#dF=$C3a zyQhQQ6f)@Kc?Ut^a6do$G6@N=@`U$#6{HFVipGdjmPJ>$%bAIZHHC!<8M&E35ql;d zylo)Oj62K0uJ^5RQ>dOeMJXw%t|ctP)}l;t`RC6?Nd&9=kJ@(*Q`ixQLZ)P!?23Vn zc(OU{gW?my{LtxKL}7Y5nFoG4PFv*8(oz}N6E-(waNPzDcRD?fj#*h}3vt7^EKtULRdd?L}0F)M=@UR>h8(N}wVvI@vY3 z`{{v^1omc=DGzj#Mi1AQPT6;;X8Mil>Z|ebs&dDN!H$H!!CiX}lpK8NbF-@AQ5;bR z21HII(zl4vQ>(jz^O<_sURv9{svHgsf~_VjVLzm5&$Mc`n&t(ZFXf}*b?Ax?1ulT;xkPwYQ z8I_F+guK5!IJ(Gb+0)Y_-h?SKEXuzxTWl;_d|zyv$l`d)8KtE)|C`!R?;PJlTnHW! zs{hpNP3x~A3Jxs=f$`1u_L`Lszfc*T>lnkfdJ=1c5)661T;}I;^Y#uZc64~v=?Es8 zxl4;YEm_w*S@%|D+D6?s;l=H3r~4T_J#l%H+ctyeOrI9K&MGU~sjA`e<5iQi!%^s_ra)+h2U-;G!Sls4(%W2!&<1<) z?b|)rW_rwg!R0@gr(@=6%*pu;k5KnDlg^jg7r=<|BXuAv#g%zF^ zS9z;)RC)IjRimc(pZl@Fb%caQ+ha&;{PcA^fkWB~0f!@w?e#mRl91XLGtv(8=qrnf zK{x?FD0H64bP0Bu)5J5T6q1_|na}(iA}Hd=W>%*IEKtgu3?Ar^$I;0Pzc1cG5pHEo z{n7Tf#_s0H_J@6s-Lnr8No#3OTBq~zipr{2WqWpZ8oY?`&B~R#YBJpVCy_`O>SN85 zLSC4h1musJi6%yFR(eqBEeeIslRKEvQ7Z=BXMS>M zpLCFlouFVrU|>=LVg9bXTnXSiA!-#NYNEMFn{)qsscrsaX962;JKb=IV2&EMhIzKE z(@ddVOcUP>q%&Hv;~NXxx}_HtRkFrA&5m!{71(BIlvh-^Az1f|)riZr{;r|3z3YtJ zTNh6Lnme(b$@-##-fjO}pRFYl;GUT*|5y50X-aD9kF{%4*gWEL=>VC#7qYs2iFN7v zq)JQIvuB+j-f!L85FUO*z@Qr{9#$5cmh2Ui20em?Jc0@a&fGB-J2m*_OHB&jX`R}} z-yHDKyw2*>bFQ|pxvWhnC;I^{R{6mB-QtuOS{PPd~?-Q2VW`bCv!2I02;EkmX)ooZTa=i zbkDwO-ra>zNyOZ9$-np87JPdq%gD*a#rjwETLMSD3?X~lsK;c}636liNr_XON6op5 zpqns3ucOmRiA`DhVIf?(BdS~FhdNqGYYWu`jlT8ngkacKlFTU`c&xr?nKil)ieo(8 zgR?$w{JxPa{2WIxtp>LoyAC*M?0 zQSRnnzZUm^-%+abQZB5%i+k;!{#3*UI-{qspL}=r$gO0&^QfU=#epGfgDC_nznQU> zd0F-M?bx)VrddZeJ;L>-7>wKl1KBw)=-S58dyjIjpU$zAyjQE?S%qGjYa5 zqD}W{rjo2(-aWHC<0d{fArXPN($OZ!HpJ`ew)AW_gLwKj_R^|W-q+jluv9mv8|nMp z1)gpl@_h^-`|Hp5b1tq0-X)+<+7>BqYr7bPp`o_U-zju1F%y?~ofh$=|2J{q=OqN3 zW~++YBl=PS!HMQ3@d&K*&~=ArDa zxpVWOnI7oUFsxj?8u$JUq~aMQp47lvg4>JZtKL_p&R&1k_8@X?rzpNZLki~oyF6@< zrdct3+)*`6O$%bny(>BS&JzWbRVU;WnVlq}aJQ4(m| zylr%JI*}R{02%>7--*yfTN^9~?`rM@s@MT;n5=urx%#?bK|H#;`tru(lcy58o;6Lj z)kFO} z^6(6Be0hQfO49AZA+sYKr+q4>{Y5Y9Pd>hRbN&xCtUeRnn3yAATjf!C;fw|=7tvK! z!Lf(6N8QMKbEEamlf1v}abt}^`#WfmCi8NO#8LU7l|Uc$7bEjS9rUrU&R4m#>`}03 z*p+jf+}X;%t3D6byo~MnY1pZ+sbSEuDK3>MXYZi)zLfpD;T+xBvx2jsC8HkXDB(#J z-QB;>Z)r(=AxQ8yA*ObNi}Hox5oNuCk7=5dl%JDfM^&=pK?k$`{Ozmu?^p?$!KFCW z1FVF=h^!QEqE>3Tby=4J2TI@=r@GhoeeQj(5ewecU5-M}I@K|VZ|xvlmVfZ$ z$MKfHT0rbs1p@=I`4MG98B8V(p~5Xs=;=}EhMnSS^Hq5L*0f|1h1kVpl&6rIKsRCp zVZ2RD+-#}Y2!Q3%u5j3#SI9JoWVI3VMA_0(3hE$C1=;KeYCTH7n;JIlm}%UR5Ujno zSB0u>rmkSwsF#W^rm}Lyi)Y)=63U`hH?wARcq#XkaD8rWuCA6W(0r8GL$9eYx3&uN zhd8v|L)}gOR%gY-xxMNw}S3md;4BehP)tK(DA4R zUgzoQ3N!i-QmbA5_#l$rbr#DQA;fq8jh{`%&w?(SmpckHz=O3a9<>?q2bif~ud0!S zgv>rR*$BhZ*JB9OIto*6wPy!_8WwwCnIb60hrA*bbLH47el=v!13lNDs+K&7jN%& zKkI*{8k-CU;Kx9Ru(3HCzn@xEWK~{XA`)_bj^$um8Y? zZqQp1tb2)xeqbXU#LzJD{lo;Yb#>2nlj6@J-6vXW51d`{>~`{xxAYa`BT#H#Kj4?Z z>t*PQ3TOWoiXRnqRJc-t{1BI6jDc+9~g0nlt#{zYj3`6e;Y>i*zJn{{b26b{A#4imZfya zob7Lc9FkvSkJ3SG)Agie;*|M?ke!=FkjS#==+%2j(qK_;Q(u{7Z|}V0&5Oq)cRQh{ z4j(+nGLYo^b&o4xFYQR6iX{HQAl6N(?LPb04CT?OAvl8}C+Qo4b-2RlZHZi#IrAdV z2ojk;f~xH}anSx=8t(9;U7Z}7<9k&3;u5OaxCN5q-$NjfjS%$wk27DtB2yz5Qx0n{ZHsDaAB)^`XUa?HovuVL# zq63*Eek%iaii>@dTm-GDt$iD)l3yKRKjh(EjLS{W86MwzUzl*G6G6*rvPUT?kD#ln z-u=>gcAoSS^x`cI{}#bb6#>p6CHX}{Zm0eY%lyRyH}9ZZc)ghJIsa~_D)CdVw2ZzS zKJ+xhA#I@l`x8-7QEiJ~Hp>6^Lm+JDvX&5#^$DK{F3^tyoU`sJv@X0dP~&8k5@C + """.formatted( + name, + context.getTokenType(), + context.getAccessToken(), + context.getClaimsJson().get("preferred_username").toString(), + context.getClaimsJson().get("http://www.jakartaee.demo/roles").toString(), + context.getClaimsJson() + ); + response.setContentType("text/html"); - response.getWriter().println("

Protected Servlet

"); - response.getWriter().println("

Principal name:" + name + "

"); - response.getWriter().println("

access token:" + context.getAccessToken() + "

"); - response.getWriter().println("

token type:" + context.getTokenType() + "

"); - response.getWriter().println("

subject:" + context.getSubject() + "

"); - response.getWriter().println("

expires in:" + context.getExpiresIn() + "

"); - response.getWriter().println("

refresh token:" + context.getRefreshToken() + "

"); - response.getWriter().println("

claims json:" + context.getClaimsJson() + "

"); + response.getWriter().print(html.toString()); } } + ``` The `@OpenIdAuthenticationMechanismDefinition` is the new feature added by Jakarta EE 10 and Security 3.0. The docs for this annotation [are here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). @@ -299,44 +334,60 @@ When a user that is not authenticated attempts to load this resource, they are r At this point, the user is successfully authenticated. If you look at the callback servlet (shown below), you'll see that it simply redirects the user back to the `/protected` servlet. -```java -package com.demo; +## Log In to the App Using Auth0 SSO and OpenID Connect -... +Give it a try. Start the app. -@WebServlet("/callback") -public class CallbackServlet extends HttpServlet { +```bash +./mvnw wildfly:run +``` - private static final Logger LOGGER = Logger.getLogger(CallbackServlet.class.getName()); +Wait a few seconds for it to finish loading. - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - String referer = (String) request.getSession().getAttribute("Referer"); - String redirectTo = referer != null ? referer : request.getContextPath() + "/protected"; - LOGGER.info("OIDC callback success. Redirecting to: " + redirectTo); - response.sendRedirect(redirectTo); - } +Open a browser to the protected page at http://localhost:8080/protected -} +You'll have to authorize the app with Auth0. You may also have to log in if you are not already logged in. After that you should be redirected back to the protected page, which will print out some information from the token. + +Success! You've got a working Jakarate EE application secured with OIDC and OAuth 2.0. + +``` +Protected Servlet +principal name: andrewcarterhughes+test@gmail.com + +access token (type = Bearer): + +eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Im5yMWZwWVlkb3JkalEybzRlREp6MiJ9.eyJodHRwOi8vd3d3Lmpha2FydGFlZS5kZW1vL3JvbGVzIjpbIkV2ZXJ5b25lIl0sImlzcyI6Imh0dHBzOi8vZGV2LTByYTk5anJwLnVzLmF1dGgwLmNvbS8iLCJz... + +preferred_username: "andrewcarterhughes+test@gmail.com" + +roles: ["Everyone"] + +claims: + +{"sub":"auth0|638e36302e342504ae92b911","nickname":"andrewcarterhughes+test","preferred_username":"andrewcarterhughes+test@gmail.com","name":"andrewcarterhughes+test@gmail.com","picture":"https://s.gravatar.com/avatar/146a9ec7b0773b3edc6a299d7ad5dbb0?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fan.png","updated_at":"2023-02-18T04:37:30.403Z","email":"andrewcarterhughes+test@gmail.com","email_verified":true,"http://www.jakartaee.demo/roles":["Everyone"]} ``` -To summarize (and simplify) the request flow to the `/protected` endpoint. +Make sure you see `roles: ["Everyone"]`. This is coming from the claim `http://www.jakartaee.demo/roles":["Everyone"]`, which is what is being injected by the action you created on Auth0. If that's not there, something is misconfigured. + +Next you'll see how to secure the an API method on the app and use the token you just retrieved to access the secured API method. Directly below, however, is a summary of the OIDC login flow for people not already familiar with it. + +## Authentication Flow Summary + +For people new to OAuth and OIDC, this is a summary of what just happened when you accessed the `protected` endpoint. - Client requests `/protected`. -- Jakarta EE Security 3.0 intercepts this request based on OIDC configuration and authentication requirement for the endpoint and redirects to Auth0 for authentication. +- Jakarta EE Security 3.0 intercepts this request based on OIDC configuration and authentication requirement for endpoint and redirects to Auth0 for authentication. - Upon successful authentication, Auth0 redirects back to `/callback` endpoint, sending authorization code. -- Jakarta EE Security 3.0 intercepts the request to the `/callback`endpoint and sends the authorization code back to Auth0. +- Jakarta EE Security 3.0 intercepts the request to the `/callback` endpoint and sends the authorization code back to Auth0. - Auth0 accepts the authorization code, verifies it, and returns an access token (and possibly an identity token) to the Jakarta EE Security 3.0 framework. -- Once a verified JWT is received and unpacked, the user is authenticated and the `@ServletSecurity` annotation requirement is checked. If the user is a member of the `Everyone` group, the `ProtectedServlet.doGet()` method is called. -- The `ProtectedServlet.doGet()` method programmatically redirects back to `/protected`. - -All of that happened above when you logged into Auth0 and loaded the protected servlet. Since this servlet handily prints out the JWT, I thought it would be nice to see how to secure a web API using a JWT, which is what you'll see in the next section. +- The client receives the access token, unpacks it, and verifies. Once the token is verified, the user is authenticated. The `callback` method is run, which programmattically redirects back to the `/protected` endpoint. +- Before the `/protected` endpoint is run, the `@ServletSecurity` annotation requirement is checked. If the user is a member of the `Everyone` group, the `ProtectedServlet.doGet()` method is called. +- Finally, the the `ProtectedServlet.doGet()` method is called. ## Use the JWT to access the protected API -The `ApiServlet` file defines an API servlet. +Your secured API method will not perform all of the redirecting of the OIDC flow. Instead, it will simply decode and validate the JWT. Take a look at the `ApiServlet.java` file. This is what defines the API servlet. This is what you'll access using the JWT and a simple HTTP request using HTTPie. `src/main/java/com/demo/ApiServlet.java` @@ -360,7 +411,7 @@ public class ApiServlet extends HttpServlet { ``` -This servlet by itself is not at all secure and would be public without the `JwtFilter` class, which is shown below. The filter intercepts any requests matching the `/api/*` URL pattern and denies them if they do not have a valid JWT. +**By itself, this servlet is not secured.** It would be public without the `JwtFilter` class, which is shown below. The filter intercepts any requests matching the `/api/*` URL pattern and denies them if they do not have a valid JWT. Notice that this is a totally different authentication and authorization method from the client login OIDC example above. `src/main/java/com/demo/JwtFilter.java` @@ -484,11 +535,7 @@ Welcome, andrew.hughes@mail.com ## Keep Learning with Jakarta EE and Auth0 -<<<<<<< HEAD You just built a Jakarta Enterprise Edition application that used the new OpenID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2 provider, and you saw how to implement both SSO and JWT authentication. -======= -You just built a Jakarta Enterprise Edition application that used the new Open ID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2.0 provider, and you saw how to implement both SSO and JWT authentication. ->>>>>>> cf15c776fb952e876a1044d949b35dc261266471 You can find the source code for this example on GitHub in the [@oktadev/okta-jakartaee-oidc-example](https://github.com/oktadev/okta-jakartaee-oidc-example) repository. From 5944354bb85865613fecf443f39228052f388a77 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Sun, 19 Feb 2023 12:01:46 +0530 Subject: [PATCH 25/34] QA updates --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 551 +++++++++++++++++++ 1 file changed, 551 insertions(+) create mode 100644 _source/_posts/2023-03-01-jakarta-ee-oidc.md diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md new file mode 100644 index 0000000000..a67ae7f024 --- /dev/null +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -0,0 +1,551 @@ +--- +layout: blog_post +title: "OpenID authentication with Jakarta EE 10 and Security 3.0" +author: andrew-hughes +by: contractor +communities: [java,security] +description: "Use Jakarta EE 10 to build a secure Java web application using OpenID connect and Auth0." +tags: [java, jakartaee] +tweets: +- "" +- "" +- "" +image: +type: conversion + +--- + +## OpenID authentication with Jakarta EE 10 and Security 3.0 + +Jakarta EE 10 includes a new authentication mechanism: OpenID Connect! This can be added to a Jakarta EE servlet using the new `@OpenIdAuthenticationMechanismDefinition` annotation. + +In this tutorial, you are going to see how to implement a web application with OpenID Connect (OIDC) authentication and use Auth0 as the OIDC provider. You are also going to see one way to secure an API and authenticate using JSON Web Tokens (JWTs). This will all be accomplished using Wildfly as the Jakarta EE runtime. + +This stack includes a lot of technologies. I'm going to introduce them briefly below. If you're comfortable with all those terms and just want to get to the code, **feel free to skip ahead to the requirements section**. + +**Jakarta vs Java, EE vs SE** + +Jakarta EE is Jakarta Enterprise Edition, formerly known as Java EE. The name and framework packages were migrated when Oracle gave Java EE to the Eclipse Foundation because Oracle still has the rights to the Java brand and did not open-source absolutely everything that was in the `javax.*` namespace. Thus, Jakarta EE is the Eclipse-owned and now totally open-source Java EE (You may have recently had to change some packages from `javax` to `jakarta`. This is why.) + +Enterprise Edition is built on top of Jakarta (that is, Java) SE, or Standard Edition. Jakarta SE is the more lightweight Java version that provides a basic cross-platform runtime. Enterprise Edition is assumed to be running on an application server and adds libraries intended for larger-scale, multi-user applications. + +To run an SE application, all you need is the JRE (Java runtime environment) for a compatible version of Java. Enterprise Edition, however, requires a more complete runtime environment and has a lot more possible modules and configuration options. To see a list of Jakarta EE compatible products, you can look at [the Jakarta website](https://jakarta.ee/compatibility/). A few examples are Open Liberty, Payara, Wildfly, Glassfish, and TomEE. + +As of the time I wrote this tutorial, Jakarta EE 10 was a very new release, and only three frameworks supported version 10: Eclipse GlashFish, Payara Server Community, and WildFly. + +**Wildfly** + +I chose to use [WildFly](https://www.wildfly.org/) as my Jakarta EE runtime. Hantsy Bai created a great example project that was a big help. Check out [the GitHub project repository page](https://github.com/hantsy/jakartaee10-sandbox). Thanks, Hantsy Bai! Super helpful. + +WildFly is an open-source community project sponsored by Red Hat. It bills itself as a "flexible, lightweight, managed application runtime" that is "based on Jakarta EE and provides rich enterprise capabilities in easy to consume frameworks that eliminate boilerplate and reduce technical burden." It is a modular, standards-based runtime for Jakarta EE applications. + +**Jakarta EE 10 Security 3.0** + +The exciting thing about Jakarta 10 (from a security perspective) is that it includes a new OIDC implementation in the Security 3.0 specification. OpenID Connect is an authentication protocol. This protocol is implemented by many third-party vendors, such as Auth0 and Okta, making it relatively easy to add secure login to an application. Jakarta EE 10 Security 3.0 provides an annotation-based configuration to add OIDC authentication to servlets. + +You can check out [the docs for Jakarta EE 10 Security 3.0 OIDC here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). + +**Requirements** + +Before you start, please make sure you have the following prerequisites installed (or install them now). + +- [Java 17](https://adoptium.net/): or use [SDKMAN!](https://sdkman.io/) to manage and install multiple versions (the Jakarta EE spec says 11 and up is supported, but I wrote this tutorial assuming version 17) +- [Auth0 CLI](https://github.com/auth0/auth0-cli#installation): the Auth0 command-line interface +- [HTTPie](https://httpie.org/doc#installation): a simple tool for making HTTP requests from a Bash shell + +**You will need a free Auth0 developer account** if you don't already have one. Go ahead and sign up for an Auth0 account using [their sign-up page](https://auth0.com/signup). + +Clone the tutorial from [the GitHub repository](need.a.link). + +{% include toc.md %} + +## Take a look at the build configuration and project dependencies + +I won't reproduce the entire `pom.xml` file here, but I want to point out a few things. + +First, take a look at the dependencies. The only dependency required for Jakarta EE is the first one (`jakarta.jakartaee-api`). + +```xml + + + jakarta.platform + jakarta.jakartaee-api + ${jakartaee-api.version} + provided + + +``` + +The WildFly plugin is included and configured in the block below. + +```xml + + org.wildfly.plugins + wildfly-maven-plugin + ${wildfly-maven-plugin.version} + + + /subsystem=undertow/application-security-domain=other:write-attribute(name=integrated-jaspi, value=false) + reload + + + +``` + +The docs for [the WildFly Maven plugin are here](https://docs.wildfly.org/wildfly-maven-plugin/). Except for the cryptic `` block, the plugin is pretty simple and easy to use. + +It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI in the server and instead delegates validation of credentials to a non-integrated `ServerAuthModule`. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. + +There's also a Maven `unpack` plugin that is used to download the specified WildFly version and unpack it locally. Alternatively, you could run a separate instance of WildFly and load the application using the WildFly maven plugin. + +## Project structure and configuration + +The files in the `src` directory are listed below. There are three different services: + +1. the OIDC-protected servlet; +2. the API servlet protected by a JWT authentication filter; and +3. an unprotected servlet. + +```text +src +└── main + ├── java + │ └── com + │ └── demo + │ ├── CallbackServlet.java // OIDC callback handler + │ ├── ProtectedServlet.java // OIDC-handling servlet endpoint + │ ├── PublicServlet.java // Public endpoint + │ ├── JwtFilter.java // Verifies JWT and secures ApiServlet + │ ├── ApiServlet.java // API protected by filter + │ └── OpenIdConfig.java // Loads openid.properties + ├── resources + │ ├── logging.properties // Simple console logging configuration + │ ├── META-INF + │ │ ├── beans.xml // Declare some provided dependencies for deployment + │ │ └── MANIFEST.MF // Configure CDI (Contexts and Dependency Injection) + │ └── openid.properties // OpenID config properties + └── webapp + └── WEB-INF + └── jboss-web.xml // Configures context root to '/' +``` + +When the application loads, the OpenID properties are loaded from `openid.properties` by the `OpenIDConfig` class. These values are used by the `JwtFilter` to create the class that verifies JSON Web Tokens. These properties are also used by the `ProtectedServlet` in the `@OpenIdAuthenticationMechanismDefinition` annotation to configure OIDC. + +The `jboss-web.xml` file is simply used to change the context root to `/`. + +Neither of the files in the `META-INF` directory seem to be required for the application to function. The `beans.xml` file explicitly enables CDI / dependency injection. However, this would also be done implicitly by the use of the annotations. The `MANIFEST.MF` file defines some provided runtime dependencies related to CDI. Perhaps in some runtime environments it would be necessary to include this file, but it seems unneeded when running locally with WilfFly. + +## Create an Auth0 OIDC application + +If you have not already, install the [Auth0 CLI](https://github.com/auth0/auth0-cli) and run `auth0 login` in a terminal. As I write this, the Auth0 CLI 1.0 version is in beta. It adds some new features that I'll mention. You can take a look at [the release here](https://github.com/auth0/auth0-cli/releases/tag/v1.0.0-beta.1). + +```bash +Waiting for the login to complete in the browser... done + + ▸ Successfully logged in. + ▸ Tenant: dev-0xb84jzp.us.auth0.com +``` + +Take note of the domain listed as the tenet. This is your Auth0 domain. If you need to find it again later, you can use `auth0 tenants list`. + +Now use the Auth0 CLI to create an OpenID Connect (OIDC) application. From the project base directory, run the following. + +```bash +auth0 apps create +``` + +Use the following values: + +- **Name**: `jakartaee-demo` + +- **Description**: whatever you like, or leave blank +- **Type**: `Regular Web Application` +- **Callback URLs**: `http://localhost:8080/callback` +- **Allowed Logout URLs**: `http://localhost:8080` + +The console output shows you the Auth0 domain and the OIDC client ID. However, you also need the client secret. On the 1.0 version of the Auth0 CLI you can show the client sercret with the `--reveal-secrets` command. However, for previous versions, you have to get the client secret by logging into Auth0. Type the following: + +```bash +auth0 apps open +``` + +Select the OIDC app (or client) you just created from the list. This will open the OIDC application on the Auth0 dashboard. + +{% img blog/jakartaee-auth0/oidc-application-auth0.png alt:"Auth0 OIDC App" width:"600" %}{: .center-image } + +Fill in the three values in `src/main/resources/openid.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. + +```properties +domain= +clientId= +clientSecret= +``` + +You also need to fill in your domain in the `ProtectedServlet.java` file. In the `OpenIdAuthenticationMechanismDefinition` annotation, look at the `extraParameters` parameter. You need to replace `` with your actual Auth0 domain. + +`src/main/java/com/demo/ProtectedServlet.java` + +```java +@OpenIdAuthenticationMechanismDefinition( + clientId = "${oidcConfig.clientId}", + clientSecret = "${oidcConfig.clientSecret}", + redirectURI = "${baseURL}/callback", + providerURI = "${oidcConfig.issuerUri}", + jwksConnectTimeout = 5000, + jwksReadTimeout = 5000, + extraParameters = {"audience=https:///api/v2/"}, // <-- YOUR DOMAIN HERE + claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") +) +``` + +There must be a way to use the `extraParametersExpression` annotation parameter to load this from the config file, but I was unable to get it to work (if somebody figures it out, let me know and I'll update this tutorial). + +## Configure Roles on Auth0 + +Managing roles is a feature that is being added in [the upcoming Auth0 CLI 1.0 version](https://github.com/auth0/auth0-cli/releases/tag/v1.0.0-beta.1) that's currently in beta. What I'll show you below is how to do it in the dashboard. + +Open your [Auth0 developer dashboard](https://manage.auth0.com). You need to create a role, assign your user to that role, and create an action that will inject the roles into a custom claim in the JWT. + +Under **User Management** click on **Roles**. Click the **Create Role** button. + +{% img blog/jakartaee-auth0/auth0-create-role.png alt:"Auth0 Create Role" width:"1000" %}{: .center-image } + +**Name** the role `Everyone`. Give it a **Description**, whatever you like. Click **Create**. + +{% img blog/jakartaee-auth0/auth0-create-role2.png alt:"Auth0 Create Role, part 2" width:"700" %}{: .center-image } + +The `Everyone` role panel should be shown. Select the **Users** tab. Click **Add Users**. Assign yourself to the role. + +You've now created a role and assigned yourself to it. But this information will not be passed along in the JWT without a little customization. The current best practice is to do this using actions. + +Select **Actions** from the left menu in the developer dashboard. Click on **Flows**. Select **Login**. + +Add a new action by clicking on the **+** symbol to the right of **Add Action**. Select **Build Custom**. + +Give the action a **Name**, such as `Add Roles`. Leave the other two values the same. Click **Create**. + +{% img blog/jakartaee-auth0/auth0-create-action.png alt:"Auth0 Create Action" width:"600" %}{: .center-image } + +Change the code for the action to the following. + +```js +exports.onExecutePostLogin = async (event, api) => { + const namespace = 'http://www.jakartaee.demo'; + if (event.authorization) { + api.idToken.setCustomClaim('preferred_username', event.user.email); + api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles); + api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles); + } +} +``` + +Click on **Deploy**. + +Click on the **Add to flow** link in the popup window that slides in (if you miss this, you can find the new action under the custom action tab back in the flow panel). + +Drag the **Add Roles** action over under the **Rules (legacy)** action. + +{% img blog/jakartaee-auth0/auth0-action-flow.png alt:"Auth0 Action Flow" width:"400" %}{: .center-image } + + +Click **Apply** (top right of the panel). + +## Explore the ProtectedServlet and OIDC flow + +Let's look at the `ProtectedServlet` first. This is the class that defines the OIDC annotation and will redirect to Auth0 to handle OIDC authentication. **You should have already substituted your Auth0 domain for the bracketed placeholder in the OpenID annotation in this file.** The actual method does very litte, just extract some information from the JWT and print it. All of the action is in the annotations. + +`src/main/java/com/demo/ProtectedServlet.java` + +```java +package com.demo; + +... + +// This globally defines the OIDC configuration (but does not itself secure the method) +@OpenIdAuthenticationMechanismDefinition( + clientId = "${openIdConfig.clientId}", + clientSecret = "${openIdConfig.clientSecret}", + redirectURI = "${baseURL}/callback", + providerURI = "${openIdConfig.issuerUri}", + jwksConnectTimeout = 5000, + jwksReadTimeout = 5000, + extraParameters = {"audience=https:///api/v2/"}, // <-- YOUR AUTH0 DOMAIN HERE + claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") +) +// This actually secures the methods in the servlet +@WebServlet("/protected") +@ServletSecurity( + @HttpConstraint(rolesAllowed = "Everyone") +) +public class ProtectedServlet extends HttpServlet { + + @Inject + private OpenIdContext context; + + @Inject + SecurityContext securityContext; + + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { + + var principal = securityContext.getCallerPrincipal(); + var name = principal.getName(); + + String html = """ +
+

Protected Servlet

+

principal name: %s

+

access token (type = %s):

+

%s

+

preferred_username: %s

+

roles: %s

+

claims:

+

%s

+
+ """.formatted( + name, + context.getTokenType(), + context.getAccessToken(), + context.getClaimsJson().get("preferred_username").toString(), + context.getClaimsJson().get("http://www.jakartaee.demo/roles").toString(), + context.getClaimsJson() + ); + + response.setContentType("text/html"); + response.getWriter().print(html.toString()); + } +} + +``` + +The `@OpenIdAuthenticationMechanismDefinition` is the new feature added by Jakarta EE 10 and Security 3.0. The docs for this annotation [are here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). + +The first four params set the required OIDC values. I had to increase the timeout values to avoid an intermittent error. The `extraParameters` param is used to send the `audience` value as the Auth0 custom API (without which, Auth0 will return an opaque token). The `claimsDefinition` param is used to configure reading the roles from the custom claim. + +The `@OpenIdAuthenticationMechanismDefinition` annotation alone does not protect the resource. It activates OIDC and configures a provider. It could just as easily have been included in another class file. + +The security constraint is added by `@ServletSecurity`, which is used to only allow users with the role (or group) `Everyone`. + +The other annotation, `@WebServlet("/protected")`, defines the class as a web servlet and defines the path. You can see [the spec for this annotation here](https://docs.oracle.com/javaee/7/api/javax/servlet/annotation/WebServlet.html). + +CDI (Context and Dependency Injection) is used to inject two dependencies: the `OpenIdContext` and the `SecurityContext`. These are both used to retrieve and return some details about the authenticated person. They are not required for authentication itself. + +When a user that is not authenticated attempts to load this resource, they are redirected to Auth0 for authentication. From a browser, the user sees Auth0's login screen. After successfully logging in, the user is redirected back to the `/callback` servlet with an authentication code. Jakarta EE's security framework intercepts this redirect and sends the code back to Auth0 to exchange it for an authentication token before passing control back to the `/callback` endpoint. + +At this point, the user is successfully authenticated. If you look at the callback servlet (shown below), you'll see that it simply redirects the user back to the `/protected` servlet. + +## Log In to the App Using Auth0 SSO and OpenID Connect + +Give it a try. Start the app. + +```bash +./mvnw wildfly:run +``` + +Wait a few seconds for it to finish loading. + +Open a browser to the protected page at http://localhost:8080/protected + +You'll have to authorize the app with Auth0. You may also have to log in if you are not already logged in. After that you should be redirected back to the protected page, which will print out some information from the token. + +Success! You've got a working Jakarate EE application secured with OIDC and OAuth 2.0. + +``` +Protected Servlet + +principal name: andrewcarterhughes+test@gmail.com + +access token (type = Bearer): + +eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Im5yMWZwWVlkb3JkalEybzRlREp6MiJ9.eyJodHRwOi8vd3d3Lmpha2FydGFlZS5kZW1vL3JvbGVzIjpbIkV2ZXJ5b25lIl0sImlzcyI6Imh0dHBzOi8vZGV2LTByYTk5anJwLnVzLmF1dGgwLmNvbS8iLCJz... + +preferred_username: "andrewcarterhughes+test@gmail.com" + +roles: ["Everyone"] + +claims: + +{"sub":"auth0|638e36302e342504ae92b911","nickname":"andrewcarterhughes+test","preferred_username":"andrewcarterhughes+test@gmail.com","name":"andrewcarterhughes+test@gmail.com","picture":"https://s.gravatar.com/avatar/146a9ec7b0773b3edc6a299d7ad5dbb0?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fan.png","updated_at":"2023-02-18T04:37:30.403Z","email":"andrewcarterhughes+test@gmail.com","email_verified":true,"http://www.jakartaee.demo/roles":["Everyone"]} +``` + +Make sure you see `roles: ["Everyone"]`. This is coming from the claim `http://www.jakartaee.demo/roles":["Everyone"]`, which is what is being injected by the action you created on Auth0. If that's not there, something is misconfigured. + +Next you'll see how to secure the an API method on the app and use the token you just retrieved to access the secured API method. Directly below, however, is a summary of the OIDC login flow for people not already familiar with it. + +## Authentication Flow Summary + +For people new to OAuth and OIDC, this is a summary of what just happened when you accessed the `protected` endpoint. + +- Client requests `/protected`. +- Jakarta EE Security 3.0 intercepts this request based on OIDC configuration and authentication requirement for endpoint and redirects to Auth0 for authentication. +- Upon successful authentication, Auth0 redirects back to `/callback` endpoint, sending authorization code. +- Jakarta EE Security 3.0 intercepts the request to the `/callback` endpoint and sends the authorization code back to Auth0. +- Auth0 accepts the authorization code, verifies it, and returns an access token (and possibly an identity token) to the Jakarta EE Security 3.0 framework. +- The client receives the access token, unpacks it, and verifies. Once the token is verified, the user is authenticated. The `callback` method is run, which programmattically redirects back to the `/protected` endpoint. +- Before the `/protected` endpoint is run, the `@ServletSecurity` annotation requirement is checked. If the user is a member of the `Everyone` group, the `ProtectedServlet.doGet()` method is called. +- Finally, the the `ProtectedServlet.doGet()` method is called. + +## Use the JWT to access the protected API + +Your secured API method will not perform all of the redirecting of the OIDC flow. Instead, it will simply decode and validate the JWT. Take a look at the `ApiServlet.java` file. This is what defines the API servlet. This is what you'll access using the JWT and a simple HTTP request using HTTPie. + +`src/main/java/com/demo/ApiServlet.java` + +```java +package com.demo; + +... + +@WebServlet("/api/protected") +public class ApiServlet extends HttpServlet { + + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { + + DecodedJWT jwt = (DecodedJWT)request.getAttribute("jwt"); + response.setContentType("text"); + response.getWriter().println("Welcome, " + jwt.getClaims().get("sub")); + response.getWriter().println(jwt.getClaims()); + } +} + +``` + +**By itself, this servlet is not secured.** It would be public without the `JwtFilter` class, which is shown below. The filter intercepts any requests matching the `/api/*` URL pattern and denies them if they do not have a valid JWT. Notice that this is a totally different authentication and authorization method from the client login OIDC example above. + +`src/main/java/com/demo/JwtFilter.java` + +```java +package com.demo; + +... + +@WebFilter(filterName = "jwtFilter", urlPatterns = "/api/*") +public class JwtFilter implements Filter { + + private static final Logger LOGGER = Logger.getLogger(JwtFilter.class.getName()); + + @Inject + OpenIdConfig openIdConfig; + + private JWTVerifier jwtVerifier; + + @Override + public void init(FilterConfig filterConfig) { + LOGGER.info("Auth0 jwtVerifier initialized for issuer:" + openIdConfig.getIssuerUri()); + } + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, + FilterChain chain) throws IOException, ServletException { + + HttpServletRequest request = (HttpServletRequest) servletRequest; + HttpServletResponse response = (HttpServletResponse) servletResponse; + + LOGGER.info("In JwtFilter, path: " + request.getRequestURI()); + + // Get access token from authorization header + String authHeader = request.getHeader("authorization"); + if (authHeader == null) { + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.getOutputStream().print("Unauthorized"); + return; + } else { + String accessToken = authHeader.substring(authHeader.indexOf("Bearer ") + 7); + LOGGER.info("accesstoken: " + request.getRequestURI()); + JwkProvider provider = new UrlJwkProvider(openIdConfig.getIssuerUri()); + try { + DecodedJWT jwt = JWT.decode(accessToken); + // Get the kid from received JWT token + Jwk jwk = provider.get(jwt.getKeyId()); + + Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null); + + JWTVerifier verifier = JWT.require(algorithm) + .withIssuer(openIdConfig.getIssuerUri()) + .build(); + + jwt = verifier.verify(accessToken); + LOGGER.info("JWT decoded. sub=" + jwt.getClaims().get("sub")); + request.setAttribute("jwt", jwt); + + } + + ... + + } + + chain.doFilter(request, response); + } + + @Override + public void destroy() { + } + +} +``` + +This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT verification](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute and the request is allowed to continue. + +Give it a try. Start the project. + +```bash +./mvnw wildfly:run +``` + +Make a request to the protected API endpoint (not the OIDC endpoint). + +```bash +http :8080/api/protected +``` + +You'll get: + +```Bash +HTTP/1.1 401 Unauthorized +``` + +Now, use your OIDC endpoint to retrieve a token. Using a browser, open `http://localhost:8080/protected`. + +Authenticate with Auth0. When you are redirected back to the protected servlet page, copy the token value and save it as a variable in a new shell. + +```bash +TOKEN=eyJraWQiOiJqY3dpbGpUcGVZSG1Jajl6ODR3LV... +``` + +In that same shell, make a request to the protected API endpoint using the token. + +```bash +http :8080/api/protected "Authorization: Bearer $TOKEN" +``` + +It should return something like the following. + +```bash +HTTP/1.1 200 OK +Connection: keep-alive +Content-Length: 401 +Content-Type: text;charset=ISO-8859-1 +Date: Tue, 27 Sep 2022 15:02:59 GMT + +Welcome, andrew.hughes@mail.com +... + +``` + +## Keep Learning with Jakarta EE and Auth0 + +You just built a Jakarta Enterprise Edition application that used the new OpenID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2 provider, and you saw how to implement both SSO and JWT authentication. + +You can find the source code for this example on GitHub in the [@oktadev/okta-jakartaee-oidc-example](https://github.com/oktadev/okta-jakartaee-oidc-example) repository. + +If you liked this post, there's a good chance you'll like similar ones: + +- [Introducing Spring Native for JHipster: Serverless Full-Stack Made Easy](/blog/2022/03/03/spring-native-jhipster) +- [Add Authentication to Your Vanilla JavaScript App in 20 Minutes](/blog/2018/06/05/authentication-vanilla-js) +- [Mobile Development with Ionic, React Native, and JHipster](/blog/2020/04/27/mobile-development-ionic-react-native-jhipster) +- [Fast Java Made Easy with Quarkus and JHipster](/blog/2021/03/08/jhipster-quarkus-oidc) +- [Build a CRUD App with Vue.js, Spring Boot, and Kotlin](/blog/2020/06/26/spring-boot-vue-kotlin) +- [Add OpenID Connect to Angular Apps Quickly](/blog/2022/02/11/angular-auth0-quickly) + +If you have questions, please ask them in the comments below! If you're into social media, follow us: [@oktadev on Twitter](https://twitter.com/oktadev), [Okta for Developers on LinkedIn](https://www.linkedin.com/company/oktadev), and [OktaDev](https://www.facebook.com/oktadevelopers) on Facebook. If you like learning via video, subscribe to [our YouTube channel](https://youtube.com/oktadev). From e30c8836e10c0cbc83da0f7d7c65d0bc6b39986f Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Sun, 19 Feb 2023 09:38:55 -0700 Subject: [PATCH 26/34] Restore some code review items --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 75 ++++++++++---------- 1 file changed, 36 insertions(+), 39 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 848018eee6..2816932d9d 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -8,7 +8,6 @@ description: "Use Jakarta EE 10 to build a secure Java web application using Ope tags: [java, jakartaee, auth0] image: type: conversion - --- Jakarta EE 10 includes a new authentication mechanism: OpenID Connect! This can be added to a Jakarta EE servlet using the new `@OpenIdAuthenticationMechanismDefinition` annotation. @@ -96,7 +95,7 @@ The docs for [the WildFly Maven plugin are here](https://docs.wildfly.org/wildfl It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI (Java Authentication SPI for Containers) in the server and delegates validation of credentials to a non-integrated `ServerAuthModule`. This allows identities to be dynamically created instead of statically stored in an integrated security domain. Look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. -There's also a Maven `unpack` plugin that is used to download the specified WildFly version and unpack it locally. Alternatively, you could run a separate instance of WildFly and load the application using the WildFly maven plugin. +There's also a Maven `unpack` plugin that is used to download the specified WildFly version and unpack it locally. Alternatively, you could run a separate instance of WildFly and load the application using the WildFly Maven plugin. ## Project structure and configuration @@ -186,14 +185,14 @@ You also need to fill in your domain in the `ProtectedServlet.java` file. In the ```java @OpenIdAuthenticationMechanismDefinition( - clientId = "${oidcConfig.clientId}", - clientSecret = "${oidcConfig.clientSecret}", - redirectURI = "${baseURL}/callback", - providerURI = "${oidcConfig.issuerUri}", - jwksConnectTimeout = 5000, - jwksReadTimeout = 5000, - extraParameters = {"audience=https:///api/v2/"}, // <-- YOUR DOMAIN HERE - claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") + clientId = "${oidcConfig.clientId}", + clientSecret = "${oidcConfig.clientSecret}", + redirectURI = "${baseURL}/callback", + providerURI = "${oidcConfig.issuerUri}", + jwksConnectTimeout = 5000, + jwksReadTimeout = 5000, + extraParameters = {"audience=https:///api/v2/"}, // <-- YOUR DOMAIN HERE + claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") ) ``` @@ -205,7 +204,7 @@ Managing roles is a feature that is being added in [the upcoming Auth0 CLI 1.0 v Open your [Auth0 developer dashboard](https://manage.auth0.com). You need to create a role, assign your user to that role, and create an action that will inject the roles into a custom claim in the JWT. -Under **User Management** click on **Roles**. Click the **Create Role** button. +Under **User Management**, click on **Roles**. Click the **Create Role** button. {% img blog/jakartaee-auth0/auth0-create-role.png alt:"Auth0 Create Role" width:"1000" %}{: .center-image } @@ -261,14 +260,14 @@ package com.demo; // This globally defines the OIDC configuration (but does not itself secure the method) @OpenIdAuthenticationMechanismDefinition( - clientId = "${openIdConfig.clientId}", - clientSecret = "${openIdConfig.clientSecret}", - redirectURI = "${baseURL}/callback", - providerURI = "${openIdConfig.issuerUri}", - jwksConnectTimeout = 5000, - jwksReadTimeout = 5000, - extraParameters = {"audience=https:///api/v2/"}, // <-- YOUR AUTH0 DOMAIN HERE - claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") + clientId = "${openIdConfig.clientId}", + clientSecret = "${openIdConfig.clientSecret}", + redirectURI = "${baseURL}/callback", + providerURI = "${openIdConfig.issuerUri}", + jwksConnectTimeout = 5000, + jwksReadTimeout = 5000, + extraParameters = {"audience=https:///api/v2/"}, // <-- YOUR AUTH0 DOMAIN HERE + claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") ) // This actually secures the methods in the servlet @WebServlet("/protected") @@ -313,7 +312,6 @@ public class ProtectedServlet extends HttpServlet { response.getWriter().print(html.toString()); } } - ``` The `@OpenIdAuthenticationMechanismDefinition` is the new feature added by Jakarta EE 10 and Security 3.0. The docs for this annotation [are here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). @@ -342,7 +340,7 @@ Give it a try. Start the app. Wait a few seconds for it to finish loading. -Open a browser to the protected page at http://localhost:8080/protected +Open a browser to the protected page at `http://localhost:8080/protected`. You'll have to authorize the app with Auth0. You may also have to log in if you are not already logged in. After that you should be redirected back to the protected page, which will print out some information from the token. @@ -375,13 +373,15 @@ Next you'll see how to secure the an API method on the app and use the token you For people new to OAuth and OIDC, this is a summary of what just happened when you accessed the `protected` endpoint. - Client requests `/protected`. -- Jakarta EE Security 3.0 intercepts this request based on OIDC configuration and authentication requirement for endpoint and redirects to Auth0 for authentication. -- Upon successful authentication, Auth0 redirects back to `/callback` endpoint, sending authorization code. +- Jakarta EE Security 3.0 intercepts this request based on OIDC configuration and authentication requirement for the endpoint and redirects to Auth0 for authentication. +- Upon successful authentication, Auth0 redirects back to `/callback` endpoint, sending the authorization code. - Jakarta EE Security 3.0 intercepts the request to the `/callback` endpoint and sends the authorization code back to Auth0. - Auth0 accepts the authorization code, verifies it, and returns an access token (and possibly an identity token) to the Jakarta EE Security 3.0 framework. - The client receives the access token, unpacks it, and verifies. Once the token is verified, the user is authenticated. The `callback` method is run, which programmattically redirects back to the `/protected` endpoint. - Before the `/protected` endpoint is run, the `@ServletSecurity` annotation requirement is checked. If the user is a member of the `Everyone` group, the `ProtectedServlet.doGet()` method is called. -- Finally, the the `ProtectedServlet.doGet()` method is called. +- Finally, the `ProtectedServlet.doGet()` method is called. + +All of that happened above when you logged into Auth0 and loaded the protected servlet. Since this servlet handily prints out the JWT, I thought it would be nice to see how to secure a web API using a JWT, which is what you'll see in the next section. ## Use the JWT to access the protected API @@ -400,13 +400,12 @@ public class ApiServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { - DecodedJWT jwt = (DecodedJWT)request.getAttribute("jwt"); - response.setContentType("text"); + DecodedJWT jwt = (DecodedJWT) request.getAttribute("jwt"); + response.setContentType("text/plain"); response.getWriter().println("Welcome, " + jwt.getClaims().get("sub")); response.getWriter().println(jwt.getClaims()); } } - ``` **By itself, this servlet is not secured.** It would be public without the `JwtFilter` class, which is shown below. The filter intercepts any requests matching the `/api/*` URL pattern and denies them if they do not have a valid JWT. Notice that this is a totally different authentication and authorization method from the client login OIDC example above. @@ -424,13 +423,11 @@ public class JwtFilter implements Filter { private static final Logger LOGGER = Logger.getLogger(JwtFilter.class.getName()); @Inject - OpenIdConfig openIdConfig; - - private JWTVerifier jwtVerifier; + OidcConfig oidcConfig; @Override public void init(FilterConfig filterConfig) { - LOGGER.info("Auth0 jwtVerifier initialized for issuer:" + openIdConfig.getIssuerUri()); + LOGGER.info("Auth0 jwtVerifier initialized for issuer:" + oidcConfig.getIssuerUri()); } @Override @@ -451,7 +448,7 @@ public class JwtFilter implements Filter { } else { String accessToken = authHeader.substring(authHeader.indexOf("Bearer ") + 7); LOGGER.info("accesstoken: " + request.getRequestURI()); - JwkProvider provider = new UrlJwkProvider(openIdConfig.getIssuerUri()); + JwkProvider provider = new UrlJwkProvider(oidcConfig.getIssuerUri()); try { DecodedJWT jwt = JWT.decode(accessToken); // Get the kid from received JWT token @@ -460,8 +457,8 @@ public class JwtFilter implements Filter { Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null); JWTVerifier verifier = JWT.require(algorithm) - .withIssuer(openIdConfig.getIssuerUri()) - .build(); + .withIssuer(oidcConfig.getIssuerUri()) + .build(); jwt = verifier.verify(accessToken); LOGGER.info("JWT decoded. sub=" + jwt.getClaims().get("sub")); @@ -483,7 +480,7 @@ public class JwtFilter implements Filter { } ``` -This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT verification](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute and the request is allowed to continue. +This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT verification](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute, and the request is allowed to continue. Give it a try. Start the project. @@ -499,7 +496,7 @@ http :8080/api/protected You'll get: -```Bash +```bash HTTP/1.1 401 Unauthorized ``` @@ -524,16 +521,16 @@ HTTP/1.1 200 OK Connection: keep-alive Content-Length: 401 Content-Type: text;charset=ISO-8859-1 -Date: Tue, 27 Sep 2022 15:02:59 GMT +Date: Tue, 27 Jan 2023 15:02:59 GMT Welcome, andrew.hughes@mail.com ... ``` -## Keep Learning with Jakarta EE and Auth0 +## Keep learning with Jakarta EE and Auth0 -You just built a Jakarta Enterprise Edition application that used the new OpenID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2 provider, and you saw how to implement both SSO and JWT authentication. +You just built a Jakarta Enterprise Edition application that used the new OpenID Connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2.0 provider and saw how to implement both SSO and JWT authentication. You can find the source code for this example on GitHub in the [@oktadev/okta-jakartaee-oidc-example](https://github.com/oktadev/okta-jakartaee-oidc-example) repository. From 8cbc8946ebf8cebf1714b209b4e0125bc7b2cb8f Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Sun, 19 Feb 2023 09:43:56 -0700 Subject: [PATCH 27/34] Fix example repo URL --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 2816932d9d..966a00295a 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -532,7 +532,7 @@ Welcome, andrew.hughes@mail.com You just built a Jakarta Enterprise Edition application that used the new OpenID Connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2.0 provider and saw how to implement both SSO and JWT authentication. -You can find the source code for this example on GitHub in the [@oktadev/okta-jakartaee-oidc-example](https://github.com/oktadev/okta-jakartaee-oidc-example) repository. +You can find the source code for this example on GitHub in the [@oktadev/auth0-jakarta-ee-oidc-example](https://github.com/oktadev/auth0-jakarta-ee-oidc-example) repository. If you liked this post, there's a good chance you'll like similar ones: From f536638353f1f8f7bfea345100e72ad252f1a04a Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Thu, 23 Feb 2023 12:51:24 -0700 Subject: [PATCH 28/34] Fix filename --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 966a00295a..71a33555e4 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -171,7 +171,7 @@ Select the OIDC app (or client) you just created from the list. This will open t {% img blog/jakartaee-auth0/oidc-application-auth0.png alt:"Auth0 OIDC App" width:"600" %}{: .center-image } -Fill in the three values in `src/main/resources/openid.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. +Fill in the three values in `src/main/resources/oidc.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. ```properties domain= @@ -521,7 +521,7 @@ HTTP/1.1 200 OK Connection: keep-alive Content-Length: 401 Content-Type: text;charset=ISO-8859-1 -Date: Tue, 27 Jan 2023 15:02:59 GMT +Date: Tue, 23 Feb 2023 07:48:59 GMT Welcome, andrew.hughes@mail.com ... From 7badd978d8b24896f1ffc7c7265fed2c8c49a71b Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Thu, 23 Feb 2023 12:56:17 -0700 Subject: [PATCH 29/34] Change formatting to match my IntelliJ settings --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 36 ++++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 71a33555e4..b94f03dbaa 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -289,24 +289,24 @@ public class ProtectedServlet extends HttpServlet { var name = principal.getName(); String html = """ -
-

Protected Servlet

-

principal name: %s

-

access token (type = %s):

-

%s

-

preferred_username: %s

-

roles: %s

-

claims:

-

%s

-
- """.formatted( - name, - context.getTokenType(), - context.getAccessToken(), - context.getClaimsJson().get("preferred_username").toString(), - context.getClaimsJson().get("http://www.jakartaee.demo/roles").toString(), - context.getClaimsJson() - ); +
+

Protected Servlet

+

principal name: %s

+

access token (type = %s):

+

%s

+

preferred_username: %s

+

roles: %s

+

claims:

+

%s

+
+ """.formatted( + name, + context.getTokenType(), + context.getAccessToken(), + context.getClaimsJson().get("preferred_username").toString(), + context.getClaimsJson().get("http://www.jakartaee.demo/roles").toString(), + context.getClaimsJson() + ); response.setContentType("text/html"); response.getWriter().print(html.toString()); From 3c5b6d02d9af0931b500b9ca9391179e537bf4e3 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Sun, 26 Feb 2023 12:40:05 +0530 Subject: [PATCH 30/34] 2nd round of QA updates --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 52 ++++++++++++++++---- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index b94f03dbaa..27702c7d0c 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -400,10 +400,12 @@ public class ApiServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { - DecodedJWT jwt = (DecodedJWT) request.getAttribute("jwt"); + DecodedJWT jwt = (DecodedJWT) request.getAttribute("accessToken"); + IdToken idToken = (IdToken) request.getAttribute("idToken"); response.setContentType("text/plain"); - response.getWriter().println("Welcome, " + jwt.getClaims().get("sub")); - response.getWriter().println(jwt.getClaims()); + response.getWriter().println("Welcome, " + idToken.email); + response.getWriter().println("accessToken claims:" + jwt.getClaims()); + response.getWriter().println("idToken claims:" + idToken.toString()); } } ``` @@ -446,27 +448,56 @@ public class JwtFilter implements Filter { response.getOutputStream().print("Unauthorized"); return; } else { + // Get the access token from the header String accessToken = authHeader.substring(authHeader.indexOf("Bearer ") + 7); - LOGGER.info("accesstoken: " + request.getRequestURI()); + LOGGER.info("accesstoken: " + accessToken); JwkProvider provider = new UrlJwkProvider(oidcConfig.getIssuerUri()); try { + // Decode the access token DecodedJWT jwt = JWT.decode(accessToken); // Get the kid from received JWT token Jwk jwk = provider.get(jwt.getKeyId()); Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null); + // Verify the access token JWTVerifier verifier = JWT.require(algorithm) .withIssuer(oidcConfig.getIssuerUri()) .build(); jwt = verifier.verify(accessToken); LOGGER.info("JWT decoded. sub=" + jwt.getClaims().get("sub")); - request.setAttribute("jwt", jwt); - } - - ... + // Save the access token in a request attribute + request.setAttribute("accessToken", jwt); + + // Get the ID Token + String issuerUri = oidcConfig.getIssuerUri(); + String userinfoUri = issuerUri + "userinfo"; + LOGGER.info("userinfoUri: " + userinfoUri); + + HttpClient client = HttpClient.newHttpClient(); + HttpRequest requestIdToken = HttpRequest.newBuilder( + URI.create(userinfoUri)) + .header("Authorization", "Bearer " + accessToken) + .build(); + HttpResponse responseIdToken = client.send(requestIdToken, HttpResponse.BodyHandlers.ofString()); + String idTokenString = responseIdToken.body(); + LOGGER.info("idTokenString: " + idTokenString); + + // Deserialize the ID token + IdToken idToken = new Gson().fromJson(idTokenString, IdToken.class); + + LOGGER.info("idToken: " + idToken.toString()); + + // Save the id token in a request attribute + request.setAttribute("idToken", idToken); + + } catch (JWTVerificationException | JwkException e) { + ... + } catch (InterruptedException e) { + ... + } } @@ -480,7 +511,8 @@ public class JwtFilter implements Filter { } ``` -This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT verification](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute, and the request is allowed to continue. +This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT verification](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute. The access token, however, has very limited user information in it (just the user ID as the `sub` claim). The filter code uses the access token to request the ID token from the `userinfo` endpoint. This returns more complete user information, such as the email address and preferred name. This is deserialized into the `IdToken` Java object and stored in another request attribute. These are read in the `ApiServlet`. + Give it a try. Start the project. @@ -524,6 +556,8 @@ Content-Type: text;charset=ISO-8859-1 Date: Tue, 23 Feb 2023 07:48:59 GMT Welcome, andrew.hughes@mail.com +accessToken claims:{ ... } +idToken claims: { ... } ... ``` From 238321eeb6255e8b2d234bd666e35dfb6cdf65ac Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Mon, 27 Feb 2023 21:19:19 -0700 Subject: [PATCH 31/34] Polishing of JWT validation section --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 27702c7d0c..9ae606b45a 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -511,7 +511,7 @@ public class JwtFilter implements Filter { } ``` -This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT verification](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute. The access token, however, has very limited user information in it (just the user ID as the `sub` claim). The filter code uses the access token to request the ID token from the `userinfo` endpoint. This returns more complete user information, such as the email address and preferred name. This is deserialized into the `IdToken` Java object and stored in another request attribute. These are read in the `ApiServlet`. +This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT validation](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute. The access token, however, has minimal user information in it (just the user ID as the `sub` claim). The filter code uses the access token to request the ID token from the `userinfo` endpoint. This returns more complete user information, such as the email address and preferred name. This is deserialized into the `IdToken` Java object and stored in another request attribute. These are read in the `ApiServlet`. Give it a try. Start the project. From cd898f45d38819bc030207dcc5483fd5ba6a22c4 Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Mon, 27 Feb 2023 21:31:22 -0700 Subject: [PATCH 32/34] Polishing --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 9ae606b45a..5a0083a205 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -368,7 +368,7 @@ Make sure you see `roles: ["Everyone"]`. This is coming from the claim `http://w Next you'll see how to secure the an API method on the app and use the token you just retrieved to access the secured API method. Directly below, however, is a summary of the OIDC login flow for people not already familiar with it. -## Authentication Flow Summary +## OpenID Connect Authentication Flow Summary For people new to OAuth and OIDC, this is a summary of what just happened when you accessed the `protected` endpoint. @@ -478,9 +478,9 @@ public class JwtFilter implements Filter { HttpClient client = HttpClient.newHttpClient(); HttpRequest requestIdToken = HttpRequest.newBuilder( - URI.create(userinfoUri)) - .header("Authorization", "Bearer " + accessToken) - .build(); + URI.create(userinfoUri)) + .header("Authorization", "Bearer " + accessToken) + .build(); HttpResponse responseIdToken = client.send(requestIdToken, HttpResponse.BodyHandlers.ofString()); String idTokenString = responseIdToken.body(); LOGGER.info("idTokenString: " + idTokenString); @@ -513,7 +513,6 @@ public class JwtFilter implements Filter { This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT validation](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute. The access token, however, has minimal user information in it (just the user ID as the `sub` claim). The filter code uses the access token to request the ID token from the `userinfo` endpoint. This returns more complete user information, such as the email address and preferred name. This is deserialized into the `IdToken` Java object and stored in another request attribute. These are read in the `ApiServlet`. - Give it a try. Start the project. ```bash @@ -556,10 +555,9 @@ Content-Type: text;charset=ISO-8859-1 Date: Tue, 23 Feb 2023 07:48:59 GMT Welcome, andrew.hughes@mail.com -accessToken claims:{ ... } +accessToken claims: { ... } idToken claims: { ... } ... - ``` ## Keep learning with Jakarta EE and Auth0 From 6951aee12d87d83a9624ce92c470f7f612b2a525 Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Fri, 3 Mar 2023 15:26:45 -0700 Subject: [PATCH 33/34] Update links --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 5a0083a205..23fcf8ced6 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -568,11 +568,8 @@ You can find the source code for this example on GitHub in the [@oktadev/auth0-j If you liked this post, there's a good chance you'll like similar ones: -- [Introducing Spring Native for JHipster: Serverless Full-Stack Made Easy](/blog/2022/03/03/spring-native-jhipster) -- [Add Authentication to Your Vanilla JavaScript App in 20 Minutes](/blog/2018/06/05/authentication-vanilla-js) -- [Mobile Development with Ionic, React Native, and JHipster](/blog/2020/04/27/mobile-development-ionic-react-native-jhipster) -- [Fast Java Made Easy with Quarkus and JHipster](/blog/2021/03/08/jhipster-quarkus-oidc) -- [Build a CRUD App with Vue.js, Spring Boot, and Kotlin](/blog/2020/06/26/spring-boot-vue-kotlin) -- [Add OpenID Connect to Angular Apps Quickly](/blog/2022/02/11/angular-auth0-quickly) +- [Secure Secrets With Spring Cloud Config and Vault](https://developer.okta.com/blog/2022/10/20/spring-vault) +- [Micro Frontends for Java Microservices](https://auth0.com/blog/micro-frontends-for-java-microservices/) +- [Build a Simple CRUD App with Spring Boot and Vue.js](https://developer.okta.com/blog/2022/08/19/build-crud-spring-and-vue) If you have questions, please ask them in the comments below! If you're into social media, follow us: [@oktadev on Twitter](https://twitter.com/oktadev), [Okta for Developers on LinkedIn](https://www.linkedin.com/company/oktadev), and [OktaDev](https://www.facebook.com/oktadevelopers) on Facebook. If you like learning via video, subscribe to [our YouTube channel](https://youtube.com/oktadev). From 9e9e1c397474fa91e0874991eeba94a1de7b262e Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Fri, 3 Mar 2023 15:27:16 -0700 Subject: [PATCH 34/34] Relative links --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 23fcf8ced6..b90a877844 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -568,8 +568,8 @@ You can find the source code for this example on GitHub in the [@oktadev/auth0-j If you liked this post, there's a good chance you'll like similar ones: -- [Secure Secrets With Spring Cloud Config and Vault](https://developer.okta.com/blog/2022/10/20/spring-vault) +- [Secure Secrets With Spring Cloud Config and Vault](/blog/2022/10/20/spring-vault) - [Micro Frontends for Java Microservices](https://auth0.com/blog/micro-frontends-for-java-microservices/) -- [Build a Simple CRUD App with Spring Boot and Vue.js](https://developer.okta.com/blog/2022/08/19/build-crud-spring-and-vue) +- [Build a Simple CRUD App with Spring Boot and Vue.js](/blog/2022/08/19/build-crud-spring-and-vue) If you have questions, please ask them in the comments below! If you're into social media, follow us: [@oktadev on Twitter](https://twitter.com/oktadev), [Okta for Developers on LinkedIn](https://www.linkedin.com/company/oktadev), and [OktaDev](https://www.facebook.com/oktadevelopers) on Facebook. If you like learning via video, subscribe to [our YouTube channel](https://youtube.com/oktadev).

z1}pER>3#(!9hFXor70qfHU^C=6Mu&`(2FYu`=3&!OC)xsLTwQu!x-n=3^ zP|ScnQ|R91VYALJv=d0d5=?0jQUR@Ub>p4qWP z?VjHdKgSIrp8u=C^!2Fxr8`|t-(jkM5Bbz3114r$V!zukvNSZG8@aAuus>(=O}IuX zULrC~{LU}U^XHe%#MHHt8lpE)8%vxsK+6rx5~sg{Z;tn~&mB25YG(tK)Vp`PT(2B} z3u_cM1|+dhJdM-73n+cUsW@$3&O^D4FO3$br*9YdTY-;ep7nfn^8&%{9TJdM;09nR z#oi9P6HAsv&Zwwx7vM7NM9fSoym;_=eghCCiF4dMc5}#R;-YO`^67j_pb8WauJg^$ z7chThoLMP9U1Cw@4rLin_*f>c)enzY=3;JF0HY&5jS+lGTfr*vpZc+baQzL(g% zUCh-uUp@L0&0?wZ80O@r4$6n~5Xw_ZHa1Qi(7yORMQQbd=M#_rW&t)8@(qh5a8rc8 zB!y-jOI3B;zpCFW8=@2Z0O7(dO(XLA%t~xi2E$dQVJVllS+RyjS5@$cZ}Eo??0epp zm$y;vjbYgZe_Wz^h^K%3`IGD9N$5lW3?~nik^IRQ}hRIcgP1eC~s40Q3^~`;4}>Z zvk7SaDNwD~pFdrNKPfUVHyKgn%v57dT^b)=5dJlgijrU1)*kE`JhzgGz@bYpi8Z-Q#KdNk~p@y;nIJ# z)FCwZwx}rdJ?G|jV>_4=o&k)fxiA$#HKi0Y4R~M8gD+`;DaSGnU_-G6AAWGw4K?^k z$gsus?~T6)OiO>De{is~(iVI6SnkKpC)2Ep*;!dz9Ls7ibR^33gt_YJ42>Oz#;uFT ze=Ufh2+$)+5^K@GPO~K10Ei%%M6mIfVQAhz8D7D`+Vceo@!WT-hHPGig?TLIXPiRkHiW1WuBq|9P%lZTG{~*$6L!E(zyZmr+wK z6}hxBGnWob)c|7+JO(mPZLo@9fl)RE!On(Lj_z85CTHcQ=2R-+9N6{l9B7HrI(wKc zBs$0QYzDwo^iVRB&$+-9_%ORx-M@%*Juj3Axgi}s%wj#?x!wsS^S{U&N_J*!4#+Hy z)q*BUf57a#FJqY%hLy%Is{i;zk^{{IKy}lG_ZHO!pdkd}?7g2W>UO~6Ek#?)2-|QT zi~zt0c&HX)61?w$2Jkev68K{y47jP`FUXXXcDf2`rOPOw@ep=bwsM`<4r+lL#zVJWtO^gijy7e z22s8ETJIqbMMVLrAQf+LjFV+458JgTn7S+Cqeuhv`Q*kQ3#oLA1l$L(K&O)|y#jwx;> z`JHZq|MFz4_C?z81X3NB@7CrcakqTf#=CQVlhKKacM_&3!ru%P1dgV=P^>3{)vXIlT=K8n0a!qH275>8NTx@f)bks8uO*SY zY4oKEf9sTjFl-;D$h%8;Rbpk;HvS^vLHrr+C_%Ku2(dMO|KmqbS|5F!S^fHSj)x4j zW%Md$^e_oaaUE!qgL+gdm@r;Mq0*zFUl@KPii&_9co-BqcP*`fZwB^mo=5|ry$b+~ zU+V61FlvJ9ASl0R$FOK@x7JvT=kn{oK4Af9xJEZT1UqSr_bM5ZpQVO`m5J!<$9j|7 zO(x4MHyR^E!Q29wf%tWSS*&lUutTKHhGnjpOQAJ9@02!$9 z-3kVywbB~Ug{Q9HO&Y_dLb$YA?;GbCuWHhI0yedTO$z~nf1HU*CR@X6%fTwSf8Liu z`<_Q&TJFYG-W%-0ZhrIh4Q1I%A-##EW@U`##aWosx4LP}M8zWYg?{xAf_e1d{`jTn zsE~ynK#AgF!nd27KWR~tqYi_Sc0LqO##aq_BG{=j(BU4?^aJzt^~>r2IFXh&;ZtTN zUN$7}j355_B@h?iSmtxppc)|vT2oNva!0#bZ@_Fmd!;W1VmJ?lPgQG{J>e!g2%57N z@(2|?WCtYa`sVt4K0hsVQR9oAP-39GkD_6|$B3}XB+!zYW8uBvf#$hXUl~xC1(6EQ zL&6HuSK^wXGoKtQIt}tYkiyof+^X6l)DAWAkAc9%WRXyS0j%$|A(p0SIB}s-~aCugSrfZkGTcX+p80(VyO>r1EjhU5(AmE$DMw z1e`(Gsp-dcIRyx$Xms?<9V~^=*XPHAH;4l>(%ISSb@Z+J|r2RkHuB%jC($zW^-;%X4fB(!_TTpcayoiG0g!wCZ(JDAgAYhn_{( z)cZm+)#KGT8p6IL&lZH^NPzN=j;8~Ob1@hry!XpQ^$E5Z7`S@?myaYv(+We&AwgGi zWyEr2Hd)w)$}P=DEU{$MqJf~n7qQ=&^`QnAU%xahNwis#Kz8Q0KM&QJ^8S^L>M1dn zoTN`2KDcL{mTP&zkF{t^a8FbEU{NNK-HcJ^jJjcMYi+C`U(fnJD7HIOU}}}FzcqY^ z8`~s`-u@iEQwrcFl|iYle$u!V6&lK=HE?wRn9Nw%8;>N~#~G8wrv&rzA+z!!Ix8nT zefazLWqb+pd#J1NL@3(3Nm5TK^R7~O@KR`2PEP;#k9)T{cG;<<@0DqMd~@uE34iAl z39GyeGAZ0p?FQOj%?DX!-{c!bJI|kJ0^w<@G3bj{E(5i77Q*;J#V&UhSF}2-hFInJ z7rZ46c9jR&DV+GF54XID^CqgO;w3UwG1P{krM1naXp=(*Lg5-Nu$yC#l-9)L#)vM&5lp|O~FWJUv3)jvHo5l#bos0kG*wEI&P@mZIrG87BIO*qj7P3Cm{CcZ=*KV2+sYf2EyM#^?}uJ>F!r^+8R z^)cGS7OD3OlWbDCuWAFa>=zb@BSL!BU*x5ao&k)tw?%d!337!2`!#193Z>Fpbn$sqvgC+gEsQP zP}W~tQi44uZfO1Gl@-LX?bLS_-V%`+eV|>*Hq@a^QYHnqaT$c6$S$Zy9We}7y{j43 zBg13FYTbh5zoGECb0 zo0~!nrVcU)i%bgoc+YO!VPa)@%ClrdE&^t9d7|B;E?GsRuXUy`oAy~&JCs>Elrf2$ z!Vdqj7NWLpAG%sLv^X|Fq!4~Y>XKA&Z8Z;QYdcMhuKg1}w5RdA-n|6Gu4LDbsBC;$ z5YuisRwNmOPUt>5Xd9t-xi^XihI)H*NOe!L`GXiiey8aCK-_t2`iA*iPeEK?$`HN@7*$s?F_Gsj7pac}8m?jyI3fb?^S8;wk+!g2`aI}!2lTgkH$ryQ zg?TSC>cP5%QG(6Rd_{%C!xzp2{s!htL%<`0#X|?cbB}M@pH3HMg)W0q|MpDl0HCrqbsMZKY8I`oYB;L6*}Fi|8IzOgKPN5Ee>O(P-Fc5QC+R ztgS_pNRuvRjQpaAV8Ibss2NGaXf!I6?3e&-w}`i9i`%^fYaD-_Jmt(%c(Dn3i6lUQ zF9Pxa)SHP3hRp$%DO7Ujhe){=2aQm?%V!w79u`}w4)1pD(atY{QD8nt_w=yyv0h5F zH(L)*MV@ot^!8b6dN+}c{q_H%dLf|H8(C_X>SE7od=kUWlZsVeoH-Inc3dGmR%Qt= zcsL5gac>NNhel|iA~am9_2ZF7PGxoacjaFjiw)X*T$p?J6gb?2$uG{Q-xf>H`iYCP zMkyx|=0PA-M!drD(Ei6ZQx?mCDk^Gfi?BIhGtJGp?Bc_NF%wLpPLBo9)d6(%b+7lM zBZh}9=*gV~2&>evj+Qc-IYMM8zzlM(srPJ7y;9)P0v5unTlv64t$M%J?v)b@*y?|p zOfAr4GK$Y6fmkT7%$AL!h=GBDdzebeeOa+KStsk1br2WLo^{sKEi&Ro-s0$8RMDkQ zhGggHdU%MJ7>m6F-HR8dh`;qXvd{SJZx%BuNYpWf|<;{Y+K9yJwBG-)t3A6Z!xOa7H( zAdotmuC12QkgX3|T0O@Z_J4IpChF?rup zGWm*uk--&yuHuQ6Vtdq*q=Rv}#X#$W?!LB8(D(RNNv8;;2F{y4Ds=aNQr_fB17`C8 zUWv(bg*;2D?~ay*jY&Aj#uql>+j2vm1wi z6C!x7aFcu)6_sOK3#^*i*~xBUV7oKec78oL$2-C+r0cyKOEpIWE~M*ka)zgb2L1bn(Iv(fU%H5t zjFdgbf=6AL)Cj3+u!meak^XgWJnQ4k-&}3RARslTK%}_N6V`!Axf|4Bu)7<@(0m0< zGLY1QGl9pjWVt4p(}eHuz;T5Ye9RQXRCGy-3Y8>MsIq zF4B7KeiCC9fYgA#ML!f;eK|22J_Z&p@V$V53s%SF%kJgnwU+2@E26;3vJzf`W0he0l3|byzPa$dFU4D`&!zsY-s(rmAp|e@l-r5 zl@D@FpFFfRR}SUW(18RV!&lYR;ZTM}mY_TH#Yurwl!sELcyc$x`xan|AUF=I5P4vg zvbD7})UX|!N?@Hl`2f&mAXI@FS{(uPmCaPWd;VB`aJJCKPsr!`3Qf>{FJ6-Z6mjQQ zo=EP{{(V*{AUD$w)oGll=r1}`K4EHf8>_P6-@iM%csP~tIu%dKc{d<$pa*h07hZqQ zw}1)^?c5ek%xGG;h|HH+Gq!x1Qzy0IMXcT8ftSt8OmQM_iUKY-=#dVryzVTQL2|Hp z*~l+)Kz~%*UL^?-8;B=h>9oH+e&~s2kWB6MCIjkQpCeIi*0yOQpKjJeOm-BqO)vvw z^&>*(Nwf`lv!tYi1DCAyirIHp9ivMschHer*%*vW zOVtof$7kDRF377Z7LduAB#TgxLK74!92A^+mk&@qUx3m~F4?_q2_kj?u)u6{adlNV zz9MxJngMddZ>t(6hugu|-T(MK;D68_*TKjmm$f6+wTFZtL)C?VYhJr%hM71^Ito~| z?Y#x4!B-H;FE>x_`2nI_6uYDIg(g%#?TNYJrJ#a%Q-+eLK(uYv)ZYMiuzkiQW*{kJ zCLSc801}h~IzjmQ8LimGaE*$_HuAlNyIVHn&%jntJhbOs+jUp+WS_hNNRxRwMj9k0 zu1&(jTc^>zc6G#M*b}ZhOP*!cc6JsDW5ko4OUqcfhRVu{=Q|CPQ{T3-_kE9O{+inZ zWSY&zp_CKRUCa{}K(GhUmYI2$VMy5tB|lBK6G9dt_V8DNUktL+N0zWu%_=}GB@Tjc zGO)=N5OUl1`CowZE25W4pr^E1iz)Cj82HKR(E^b(c+}^=Ybq-XXJ>B#?F8<8Y;_l1 zU;lM#u@ykh0pDD}CDB8?AR$1dDX;BBfc}X(M=gUpJ7riPrnd@BO9pv<>@?YXdwXw6 zRN*5Z0XrJ7&;s9Uf%CD1&QfK8vGIGqP#vf(01U33>!;H_Sk{5d6{YBmgy?5VO2hPh z1(PYK{k**^XsGZ8(}p1J`)G^1I}dA9rYIw2mNvj(Co9uaJ14%~8~Jpr4a`V}dMky& zb+KN^aw<4IGrMoDgN}~Ok2sBYMpa1C26$IO&b}coiwCUz+%1XqRVNs4YJ(P7%Zvu7sGN>}msu zHkl0GFtCPAOGtTm#yzP4kcvaWb9F`O;ZHOIue6&CJ6I;;d4b9GtK#f}(qmo#t8YFu z1!8l>a&$(|T+SszRCjhZbxQt^Lr=luE~ByeAOCRV;2x0g`awC@9X3;6%@^=Yz7#S? zkk-}4n~G4w2kIs$hOryW;*ql%8M+?fo_G7)-c6m3)z^3P^vuuAEuUl~mCu%q?2cRj z*iNU9p`$IqGz1&m2)is35)P{+ey*JgWu89wq*~-vhO6^jZ)E(^KF-wx{2x$U-(>D@ zzcn@|3>@854LlGubaeB;sjsx)oh&TO&{SNJN2EPHcHzjYyf>fzyv-hE42QHl&Q?t} zlf5u(%|bIh>oLMiZbI7!r4IlAjt2VpykEMHAY3_;9pZ*SjJPA;ZG9^9gW0aBa>FP$ zeM9O|wm#@GLqn18DjFJrbo1vQNjD|t_r%Lg!|~(2H_ZkVs56X8i)snOT(J|;VwrY* zyEIDHz8pYY^>~8%-Z{@SWI?9%VA!u^dq&l`tDCzP;;%YM^zF5$7AdLO8v1HNBP+eN z!M2?zLmCiIYe@C;bT`icEuAP1>u#r0(Kk1;|J7Fz)8)ak9p*8ju~h0Lo4pJ3tj^bA?JfvK4GhhvkI{e3gd zCm#mWWduoE4E4yVE9y^yh79y5ha7rF_Q6c|3~L)anSr@D?`u5MX1R=X_H_R)wD zNZT0$VGs8!`7la+_WI(bii~zfnv0}dwCPT$Wd2AWTv@rU_wCC-@dBhU#4U(=T~h$r zS(9QjB!i3aP1xFrc(CBnWJuh=N5RHMCw~#GFAB-GKkeoy+Lf3k85V4UDxNgbxp2JP zr5bQQ-)_CjXZ}-J%W8Q$(lrc5wY%ZOV^T%nri4a@`ILEv4`Z>jo*?O%c1t+XOF^Lb z=3&=ykGhfiq1RQTyx?F6LDh$g#11S-UeXaAFVD=uDL2b>4B!NaLc~(a~wP$ zcQ(G8K#Q;riW;f>YSkg7d1D=+-&2%&=Jz&A6||^k?$i=6dF*Fdb{=TRdn`a`TiVk;YO`KGQdm;4_ED_ zPHbN1`4;1Q?LCA=&flWJ&=}0dVuYW{Z{$Q^eu>ygw(71JyeHqYemw4G8ciO2fbC7s);Xu5kG2kCMQYnHA73V5r0S|qtjTSi>u7vfIax+M5q;D09MQ9>jnN!z5w`VEJ74A7)JPPq zlirT*_cDvwHl&l8Gp%H!TNhqiVoFDAmt*5V=uhz6PpZL}OqUu@QCIs);AYqi9I z&ho8bSk@mY@YQO&+_@0i`|nw)H}bx=)P{p|b)g?$j`=O>!8`fvcXrhFJdmzKBVI<^ z?zBUyj79iJmcA&ayTmfF;~KoKq5XS)_4DvA3h25zB8@rcUv_}_#_Di?{Y>#*7@^1t z79x1W?uQ&L^ui9Lu$Rpi*WC-%6B2Li)h8H>Dfk+HaAdfPzI)ev)rGWHUt6aX#a^+Z zDGTXc09;*M<5FOM$zaPP%P?!d4F$G7aOy?Z_Qj1qoh|7cm4bb4gXyiyv$li+A)*1M zLG>B-#7vLNK)N$Hn1z=Ak*%kC^yh!G053a9y`$gYHUg_^<2JaozJ(T8C!?C-a#}n8 zI9TCVvUQI(6{dL}X|_`1DVg}-Do=hKT|K|#nR*;w8{X>?KzMH-klX{u!5Hl#G4_Qf zmt#vUpy2dF)3!qcc8EZY(?IN$$~YKh^?oxI%{N=5zT=}=)q8q2oc-7blX}(5JdqaHYwDgs>n`@){xS5ILD`UhFy9|h zZCaNv^S|g*JWun5>~MZIagskXb%K?Eqo&#n4hhj1P4~W}AD{3*zo=;WwY2i@McB7j z*Cd?@Q_}_bCXCp5gTzHF?7$5qCRf{P@H#5lLf1lv6%1TId~i7XQ%L_kx78mXs;b6e zEshxxo(Jrx$59ow~E`w{ld`}XY2X@OuR$O z{zMtN(3}Vd!Q_zevVG+65Dn8e#A5(PVw7{(fIY_Pj<4 z$gwbjd~fKLx(vaLeBabcdrZu>piS&Y)clNPxLR4WOY6|c!nrcl+e(>&4b9mK9c!2# zsaRv=?MXUr;6#mIo5>C}$EbQ`RfVtdv*XIfO|awi>dlizZ$14KrEnp|xnyj#kmRn~ zo0m&od=yx_&98&CrwDvocbt3JU<=ovT~fbBCLT9ZL*#ZJoa#IRczI%jpc-p*la0cn)$ut$k$&dyrg`)-Ov68>le zjH0b=a$d9HWT?Hx-x$lNIu^sNTB^v8HJ<%S7$O}AgF&{WFTpdn7=ptu;>6SSuh~eP z78VW{eYdgmB%t{|it?j*E_wEn(Nl#LLb|qp=->B%jQ0F!8O~mp=bCW8cM{E2Aon^q z?W)5W`4G{rQKqyIGIXrGAl2{tQHVY!BIM4gAogHM{GwHdDlu7ixwU0uRyT3T5VNd0^XvmPu5Mm<{nbe1gdcl@%E|7D zamr#bTYsO(+Em_x@0BG~hamZ2PetjK(3Bb1->d1L%}I(^ycXEM=V^1CYeR+%$- zZ}0mMtG5@vFffmzBU#&Jy)x3-{2JMYRDGewDNDlg;N3`Y@VVugjmU{JJK6C^%kUG9 zA_v$riA0XGy+QG9sBJfk$PqG4>$31K#3l`?b%=lv!QJ5RYxPA=uC6zJyxa2`!3qR5 zgJO`|&bc4wo5zia1CZYRhgl$n+kTbGxbdgCO(XV77hZX9{LqhX$dFBs#JiwALOE@n2F znUQsG5*zErHUu`)D|(mToS`$|xl=S~Xy_fXnJ%)Re;_mnvPs&zK@QXfzaR&C{M;a3 zR$SgyjZ?XZsd^iOml&-rk7!=?aDEofdk6Jcgr*oS1! z+D!W)@<=KFRu* zk_`)z4eRPgvn{`TANrv5Rq)~`eagv_hlS)XlOSjE>gEgBN7cgPQBWVBg+Fs)>;kxm zo#DykONkcZ$)@7T>ry_{>i3NhJpRX*RETm+m28RCFl2@I4CC3jbMO}jN<8VypIzLj z+{-=E+|*!$WqOx(vaxw=h5dr#ndH^VIL>bqM{L8>hODehEjUrtS$) za?G;^^b}OO?>$ug(+WD6eTz4NRoPxI8Yu*?>8xJ#Z0xL7M^cf-6?-rJ_Iv_V9ToG8 zKL^-4Y3B!wqQ%@uFY?!y)N@@XW`ZOGUw4kryRU@>?K>W=Z3eA*S{{}!XWFiMbjAEU z+B)(_`BN}2jqz210Rd$|tIV;%1wM=YyJ%?GzTxa9I0$Dlf5$-O&pb16^4wO%{HU?u zpKZP_?+7=_sC%(Z>|gDl;%>nZtT(`)dF(p7&EO6*M~wtU29!lb?X?WudpdcVhTEWf z9c?ofIYBFwDScR@{ z-N}5Bs4s42$rgIU1Cg15Hl3mC`OL5@iVa&6Wz zz|jumI_6KORxNKC-vUxsiP`Y1dH7!sz>;Vf`uWL564{1S^3CGcT$EN`;qQ-e|1>k> zdk<{W16^G(S6G&IbqQvdV?rGr9evYQLPDau+~sl@Y)`U`G|pOCzJ1zLnX~RzIbv^m zUiHIEKQPZc)a~w;IbYW?k9#{*l_hd(1hyIKpDE0@c4jldumIRP#grmf4>d+J=+eQT z%uJgz9u$|F47;@&%ngWUgK$1LI#77VTqPNt@K|g~#;#nG$wgp;sImhuPo9njOtxmX zLNheg^-No!hWv}w{9{V4@ecJMN(C3`IG;rtK^I9 znd6U)vx?&l-X5Kcx1s3t6f4Zy<%IvyUH@4`G?FlH2dkI*p0?ZcdQTV_Jb|?ZVyWHo z99&~P*1tgd(2Ds?t+iC-&ieAu))0td$qgjAYlDz*lKv%g>Es}|-}SyA+R3X1&$YAu zgmig42j?9lS@2=S5h*8r@b7>Cd)eiS*##j>mF#{8CLJTwc`jroXWwkl3zXm^wxG1? zYT-sKhC+ve`d6lbWDM_BM_myTXVgdf<_=yTRSr&y;YUz*2QV*0uJR?iYddEYo>)sW zElKJn$e1q#tdyx9=66=LL_wA;vt{E8^g$%148`2-?taCjk4!m_rhqUiIN?*|-AymA zIkQ!r_@#ro!F+z>&t=N82hcNVJfXat?G*vZAPQB1f(F9Ei?G=2Xm<8aIpnTtg`2|S zm&FLl_&*gXI0A)=p z+iFD&hOb))L(VgKGdA(GuapEn_14Olgchkp!=(`igh}Ogaa2^3klv*t zf=d~8f91W1LDMbG=u@s4qw4{=`Xv*;jKp46sE)<4Op1_jJUUNTJ(I#mg0s_*di!|va zKvaZC4Lw2#k=_XqNFa4~ych4g-goBP%!gU)&(fvjoSd`EQ-4p{#l=qi>Oji0t;?V> zR}WdWXPeGwZA{RIv{?po{Tb$^@2e!GDk^JxM%zk^byrKXskco*;9I!8w{gHHMUseGYml=PfBH(mk!{+Y{w{q3eb=-a z<5V+W_XLk(YGF~#nEJB=qAvC4g;loBDD$7t7ODPZ>-xR78-KYG!8o5L zO&9Rpntt+5^0S=E8JdBbMa7GUkxg<&lgpp5J4EB!KusSA4RzJNHAAG%Pl)1?ce*zX zbos_+mR%^Dug0)eB-hZ6eE+jgdlq=0;YN-=2H&Og{WZ>48phumdmFH|0x~J>zxGknR?eX9^jrrEn<@k19?CA#b=RPV^JSGSg6pg{%LQjm^5GvS=QoW)kZ zu8ss!&%krNTn%_AL}DIXQ(Yj{<8q*RhP3VlH)rRmj+Df8A=N(d)FHLg=uG!RFP=(2X_fyDz{J}4M)gTZhls|hVU!V;6V%Y;<>X!W=ich?#{sOgEN82ggF z(;Q&$o(H)Nn*FGmI45&;a z&#xo&$(cJBVuwLA18FvDXXo0q1#d4{s5Jq!iMat5jg&dPYM}O@i0-zWrUK(G4+m6+ z2k7101oEh6ie3qN<7!L%ix`BZd&(w;mSTQT`u*qGjVK=T(x3WMx#`N`v9kDQ={yixWTq8m<5)e+THk5nFs{aL^_>PtdJ$+8FZll-{dgZ09$PAh8h zGmuQE+&5{;{H`pGZjlXRZ0fsQ?og91bh|9Ey1}2u5pGzd=$tdlZH>zAyM1Lpf-?u?*I#}aziiq`zIw>>)*}(V;wQ8L%CJc&H{HT* z6c-8|O>LFBcth+^Q~oZ)B3*QLZ~)+I7J38D{hK(bB5`mml!G+Y*3SqERItyISSn|FmCI)>M2Bj zRC0Svj_RAvYl(+5`&#V+r3lJ99(1 zBa1J^wRichlnIHLr@V8C;BnI}(I9$f`6CUBmPbTO_6MsAjbA?l0H5AaJ0#MXr3cqW zJCgu9X!uyOttRoTM)UZitJg#*r<;UaIJpi4ox)cXaa%k<{7Ww+&nCP(#Vd5?G*L8a zeod}w#oY8aQr}xAo*K|NgO;kk-M(&-zdrBv%7y^%)VP4%pszF|IsTNu&DL5o z8kNlH#>9IjD5BC<+ycP2WEF5Xqez6 zn1@O)Pa{lqT=R^XKn`tnrz2`>2k;13Z*%ihL1OGO zn`aNv{sIy;i1sBcwwvPZ>btNz_^yA|LCzKw1#MfoK7kAhpwMD9jW=Lgu4kU6BWWA$ zZEb`~sQhHA4r}ytuV2~cJ>@Jw^D~c@vch5?XtKY;8H+Qo35w_icLhbFXdW~mCCbI8 zx`bMc7!kq{yA>5=%im`8SnJI==>l=&COhTkbvZ8d!0o-M%gf8|E^8)&f;b%!gf!y$ zfz{W(Csea!hF;~^ygQ0u!aGbLqTLL}skkziVVa5z{3h-2Az^3^t%rh^%eIuS$Q=Rv zC##^)XGUL34kmf8CH0`nk~9@yy0yma95B$NWX1|~q7s{H-D_CylE8Ro@f>OwO_2+5 zK~UHdUh0{HyoC}oEjKU>Xjhk+MySzuX`2Ce4Yrwt+Y6uX7@|P4$>BgHwX_ z+(~!iE$6Cn^zQ1|hgu=8&k^_(lPq!WJ-8_Y?WaS}rGR9Kp4Ty1TwyFdu2NU=|!xKHyz&1iepXz)2EqFgylm7!C|m98zi0Jl>RK_1fxZb#MgF{lUw!gtyXNPkS{p%ZBXd0V3$`iB?zv z4V>Hp0y6sg@S!TaxAhjt27>p(o}3vT8Fr)l`MdVHe!j*UCR6TWBz!kr5vG%c`bETI zQ$<9JhtoxEEc_d0P=_aGXds{D@+r&={}dtUh5FcCJyj2m{T-&$&M;a`tGuTY07+64 z7lDU)yZuKCIf-yRK~K;BWCvIP@Jww&{*tMw;XK?w!MAyfR9>#<9_xUqtEuV7(wauP z9M<7fpp{M^|pF25anwkhXn5kL2ciqvx%??mMnh_B(^L}Z4z0k=(B%$2|lOYV( zJ+0OkA|-ppnSaCKy6UxvwXr!J%pLptL24_)WQ-R$Ru{hANfTuWQGi&B~FE?!Zgs3F(VIf zasmr5cN-8BY@W5CmCX{rdpdEMLgGQu2va$FD2L+{+4@4cQ#nKli6jkX1)2XcSgkx9 z>XDPUo3AIXa;k(vkj3?s3H#I6itt@})zzMw3Ma33Hd9Z!FeY-s>C1$j9& z-Rw|!k?hHsLlHa+qGa0pDi17`s-UTbDCo74_~?Kk2M}+Aq%06i9`|(a**ebCS%$Bh z#jh2DAh1)Go}ONc=TzyV-Z@fv+J;H_P=A6b?&+3v@#Nn;sJybVP~C`|p^o>4%-qhn zkKUPm1YvPdlp4StP>BrKkZAZhI_g3;0V5=@ZGeobPp(UV(N|Zs5sX#!DNva!Gt9ai zy9QJX|A}I(6LUtDGrpieN>dA!Th@oacx_%DsSK=6^pVqG1>Br_ptT?Z?B+qdJ;R2I zRdT5vXjHvO0Zvxd@^iv<$HbYkCI{)%!!FfyL<0z@bucz{5U z8#aIh4&QSE(Q3259;2#3`pCuXmmqpirz%$s7X%*+$^>RGXm9}PwQR*XfZtGufIa7k zw)e=f3ig+PXC`BahYGdQ8?F8QHS!!yfpc*>EUK=yHrf&c%y;y_#(0X8+$TWa`&&S&dt7^wEkKK+)gA%h6(GJK z*#MMvrQvQOzE3z`7QrB=fLKx#AD++QN7>~6Cahj;>Y(pWS95hyFw-%x3=o2uq_aCDT$G)1)GDb?}qbI7eA`${>>+L2H3 z@gOUsqTR95aG-N3_2f?#-ss|2O%6V`N@ z;*t4J0FMc6Rs}l%U?rV`0)w0fmp~Sv1jmxYMf~z|DgZ=Ayej?2#K$9)QBKGmLXfuZv~Z~T#s5}J`KzRV!YpY|7|~a z|Ip~D--e7QiKKbf0Ju@!-Z?Z{L!uu`s}ZO5nb${-5ZC7jdP7xM#e_0lJ(2493Ms(s z)z#HqcMjd|rPG&ppERe1HEHzq_dZYoWyydNVAR#ETC?N(3x=#g&ECQ^vCBK*L4J08 zeBH^_td)X755)p~FSorX0E+!-#BkZhuJ;W`XD)YGl!-g2DD53SwUC(r^2o&E`X?;Z z0T93g^BZjID-}t+S7&E5sf@>OHeWr&be0GSc`mW20>gq!@G`1ffQuR!8K6Ow98!tb z#LBQv*gT~I4$pF_9Z3UaB>iSE%5A$^oeL-SgRIME1^K-e>ea>jn@iu%oi&qQm!q$$ z7Yr4~v}WJC{s}NQ1s+`dbbAWB7(taLlvtm3Mx}T#O2oc z+aP&9NHdin{utiaIPIMWH)Y)l=(q(yhFhg3DD?aWky2Op3CIn7ApuMkD3QnPYS*%q zfBLFoC@&mwI-vPCYP1HIUpVuu2Qv#2M6g(g)RYQAQydOjVbNQu(`<1K1Rq>#$M3z< zH!#($eXx4Ld)x}H7y(Qeko9e7VA`{UH9^a99AIZ|EgX(FyoP9~9P;$_|1C;^69+`; zK#pm4jQY}|{lcQE@0c{bMuvWi-Y~XR^zYV375q?M>jN>=-9dI6fEsOuZNam64vEZ zkme2WADsqMC&4wIyCxHvAf|#bqT%jBaRl#vE-bD&y~c8M;&uSv7XIbHKp|*_-I$&# z7gTSYzpn7I`M#V?MP=nwy9dKD|Iq_g)nKxR3+RXjYM1spvd5Yj44S4Np%95o*b*oN zj$Ku02BwCfrQmFmPCtrFPCC$>**0~@_sToa=HNt#7ivdf#D;roJlMK&--FHLUy9^B zJ*(hV9PDv6Ny9jdd!*%$nS*V(*?EKQTmX`_v8?)6pxZnBuG(8!QReJ>iS9sWuixV? zdZt%V6@Soe4aP*uM?N_^;hzpw6+1b)`xAWN>G~c0T|`~9ZGjEwOcoqWA=5}&K%ieI z)Fdn|2@8%%sR1*P0#EO(Dt#NqVBMdoADOU9y{ZAy1DT30nxYL z;8fi8u*|VL2=@}oRr-dp4FlOrL|bZ}$Mku#Sxo-b&X18%k$aEyC*=+eTmwOKz`J`C zs!ae^NPDSZV$zuxkfuT#h`uKfr^fF_oG>Plj{2j#?=ds(WY@(FoB-|-lGU`!pW=~u zYgHSlJQs3NeQR;yx{zSs8z}(06G^1?4I{WP5SW)0Qq4dky-JXDFlBdV4dJ)Rta1b* zK2H#5S-?Q*$^1Xpi(qq__y(N zGx*6FkeKMATcUG0uGl2R6tHOTVBlAMQKo2U8~fU*so7X?Ur2F);MwI%d?0;xaJA>_ zJrBVoLBx2L0nvnwW|C%k=;SL&A4_k8&ZQa3{mThDvfd3>9xxLVm#Y;0$>SJ2vA`s~ z#fv1*E>;0zb+#Y|nlHcNBPBV=q8U#DuJ|_;6aHJ&Gnv-`(g;*E@<6*%Qxjwl-jR(@ z0L|eM7*F}9!&G}$AiY<6G8+A80)WY!#8X<2nxvmRFt_p?M@rRHiO`;r5jk-n2qZN| z1EVUX(JO1{tk3QnlJHDy>e36#K9E2M0H0(t=XT!kqgx@92rXbb(bw$^fiU*@G2`n9 zJ0W(+GG2_SvLrst;48B?7LaCc-tIX7>@DIpdI988QPC7gFrEY5ZATGujz=A_BaOo# zpYMpBgK%C%#73jlJ0iIQB(#~Bm@qZUegOF;*<+Rseu3%6Y38|uhar)@1z!g5%c<8_ zRZXYFUJsd?y3hcF6%q(xX)`~w`z`?xu+z=5B6(H(Lvk&wdum{#fV~13UYrY@hDJt* z`-zWei_7+)d;9G8_`J?qzN=#=kvM2v_2inyLxdmoLwnd=EXmr<;&05lzFz!!J9{;d z*EE_5C}1hLfAOPXLH>YkYj{#9QlqG_FkIf|M~Uo{B(X#{-)YNyexu&4t(?fnBc`+z znHcW0~IvN4_HczZTbJ6!?^j;5NJLQ< zffaT+}zckvIV&Ye38b;cZ>=v$#QV`4V@Oov&S= zOjk~V&3DebciFjkxIpqp*#h=T!W9e9O_tFfoUR+6VA&WYD_6c=R$q|~+7>tNIy$r% zy1dNus0h62)l3;z8Cvo)mfOF(xjAkv=v#rbC{TO#DLvDJx#hz1+0@Xc+Zk_1xp?M? z#9}-56eCb23a~I>I5)ntM6}Hlthi?B=Svm}7Shr|IIW_zQIe>AFc!qict&{^z;FuW z*FTxD0!JwCoS~~)?Y$!_z3X90m7fmxp3Q44S?{i;u`+c&6^-Eh#5ySr~(=u z%)OvsC}RV({a|Krnke`qO^rN6EX6=R?pfK~YnnLNdjLCdt$N+#QLOLV=nE}0^J2syFaG0YG8?EI+%bF;HI0GwA`;`nIJ`P5_SQ@!)Hx*(-1QL`{j5IW9hQ{|6V z4oI-#YTBI28CeVcW%6^#XlAH`d3mZoLMN&c2$%?HhZby|Kuh>KCG(hpHy54^paO35d0l5j;ItnanN2V^BD+lo|U;; zEp!(|E-DQ*#D;@p64mal`ww6LId5Ajl=!T_Pr_YS7CeGo>}isAVy;YF;DZ=YDQ{bu z#1WCp+w*3;R3GR1U^)k+ZJ0X!C=+h(_}QmhNRUzW0X(f+qzf8Gq$xa0$}Qg@^IA(L zgX)w|==lS|O=9U)7m{*elxoIXOQTSgEHWWo(T6M*Ft9%ibVB(w`mw#tUYYmFh4Iz= z05&Mz4AgLBjot^q7~=Z1htI_8?oW9Rk~~kCHTvnSmh#{3O{cFHWcI8Umk-&4CUqY{ zvD(uL40{QD-#WmoK#mm9V)tB2)0~jm8|co?qU&-nphOC^Fdpv1Ted|4LsgkQ#D;a3 zqq(bzeGdxIIwb@B_6A~E%>H-Eyjjf`fFc|&wZ08ROs);tC5kG-6JRT8^a)zT8r!27 zJS?uE#nsm3JB9X73hJu*6!FZ;?(4^Ljq!@j)4`t0o}l2XV8CbC{FI1e#SY(x9 zs7j`$43}Qc18v%+<)!+Wi9`JneI$~He;Dadwg>xSziYe$Q(`seN;&qFek57w4r5x- z{q~io_6MKxufyN8!Q?%O+5F)!2q@YAA4*<6i|)?HSy-g`DjtCjZ`gp8IHMUk(EB{- zTSf?u6JZf{^B)I(ASa-vvC-KB`V)gmwPu-A2N8ABH)o%B>8-oYC44liK>gkKd*7$nK73a^9;wRGxFoRq z*HR*FogZ>T3s5kCk^BwwCG;Ct>NQA4(CTAnria}l`|GQWm>FJ>rQ1vh% z-}5JBeL>~e)LaCQAXhs(C>>(5U07V4A*X#0@-taL2)>|`Dbp{9Wy)UI|b}p2?sFg<4 z0B0j+plsL*0Ua8i$EyF+iITO|R&s%#;pFHPCwdB`S7-~dKIG@nF7J5+oZ=;H0|*83 zUpf&o`xxe#mT>qS1g!X%ouIubKJutLnRXAnDh3o!fj?w=@?u*VNa40}5Bc&9^bG@P zTqX<$U%R{Q?S6DW$<*l0xVgg7Ny8iXcZV^>iFi7P-Z+u6x9 z%PiPC-WvN{jy1k`*6`;)TdmK}TpD@|fB+ko@pv;~kLY2fF-SXZo6;RxJrO9_f}k$I zDuWqkAdk6$L;_h2hi(IuuQUB%S8ORRRHJ*R&1OEgD@@@UwycKfeOZ0y||GO6dA*p}Y;y(=Z z?^^tKDHYa1*%_!DZDcZlqc6b*VdP|}ou`v({!^EKWg{dF9L19A&&Yr=%orJrEhqyD zK;2GC4CHaf8OB-(V<3&B3?UFvjP)pTFoFU1Hv31DLLe)%3_6T%MoVX)8ShD!kT2gJ zPeB80LBC}N4MAh0ZE5k$_+Q!{-{akk6%s6OVuFw6#Go)TTx!Me?K=W%4|al4dh@Ps zOVk_BnP1$%F)*-1=0k6t+lopbgfjY|F`L^xt@iT_=lghXmI0f+zJd*CLH{VS88*o@>OTzpQ|OhvqQWrT$Nsunno+W`FuW zuN=2vKmt7Y8LJOLatNVuThl;(@wL!*P#6CnYJjNpNC(V+dE?bRlMo2CgO|_oD6(6SrmNF_7a&)Sz&NL)*S8n%*Gv;X1Onx(q9K!2#<%raU^-{*P6+g%E?q0c z(m;z*Zi$Jv)_WG!vVHPNU^+M>Zh_(nifn!r0kDtncYoHTqImnT?}Ylde;yAJbv^_M ztd0cO0Z5}LA9`nriNQKb0|We429c3-KJoC0KN^r)56bcL()pZr{SxK{_~Eni9NmIT zluL6wA+JGeJ%0AgrT1L_-u?wtNF;*Scb?yZg2rN?Z|MaLs3iZ)8+|pR`Rv<2lJv zuqp;i;5l$9NMiI}9a{(^4YvJs$Y@!D%nNlv$Y(Oojbm@A$mB`!Z}y~ZA@W6QZi>j@ zU)fRb4qpCNz~uMKWwxIU%}Y25@u5bLQ08lpz&(KZos<|$^zG$`WVcp>H!G{G@f@^@ znN+~g{=8NSTFtQ9!TbA~6Xf3ufpqE!od?2tx)oN>Zfb?Oc4d1gfz=_#I|9?$TVX=) zdN_@A|2!*jjA}?jecu5I3!Q|H?tZrR=k*~e;0tWvNnG2uHyHS?bu-#g$X77dgBByg zjKr_o{0tdUL2-TFfCm2J+ls1wq4S5kzU%_z;Z>kUpUC@i=+D9jh)nK*|d>>4m zwzN+EIeV)9`OK*nEE!DVFc|BrkY~8VTX`Le+f)BFBQCCbRo&+=>aM^&xBt6690l=F zh%LsA$UehvPh-V(A>qoIDa20Z{-{14s?y**w7mfW7Ul1ceZk!LACIZEkmTCFX&ySH?R7s{y_44BGpzq&!)>4{}razwhNX1Ay=TZ>)DdFKOF96nt-&%s$8t zz;4^``TxbqiuV4q{g4|_5IzJIRGlghI|1&cd$%b50??6|Dt>V6DM(LwE}ab!W;N+d zHF4hS9C0=(Gt|Qn$os?pZo}gz;>p4~1v)x*5&#wv{0ddG;tjMkuoX{=vF*ZvN9cDv z0^vA$Zaw}JY2yRCAXlOPI+tHYKz}n3qzB(LgQBY(bP6QEpG#)QWZ zvG@wSy`kn3i{qicdA!^i$SC3CF)O#B>G*uK9M=>w}N5IglIW`~Px;^O0#y}gy|fbl9Yl?{hH-tgFvKqLK0jG~*A z#Js4GT|}H`&P=Mj_nouU3BFh&jnKnl5fR|8=i`{9Yii0Z7vO|qjcP}sqL#6DGL5QZ z^kK9O^8#VSNh60^_(|urI=;tyiu9wtCaKqbDoNjK#D(15x;PmRWvf$ zso{EK^@8HHs9lI?|vzl~kq3E?Pro9o@& zc;7d{14BSvT&VFI4$l{RvMgr1zaAcD6EQwz<|iZ3NOdu+Uqwh+jD1s9N1_J@TMTB5 z&!C{!MO<86F?GhwStVtZx!C+oyB-e#L2hlO@<9=$;dj=Xq+gw9FlW4L2@=-(!pnh@$0tp<`bxGff!R` zTE8d@D!|3ASRQ0k2?)TuCG3D~*i()^eU(i2x?8_BjhPd9>G9w}uSA!;|2<>BvD!;0 zZ@-b)CH>>f(d7#P#vK@tm=npu>gb`rXDUz4iR^;Rd#~~Q*cYP2tI6T2BEP!Xq`y{OQdJ>gl%lfdZ@b z+0llcQouT^bKlj~DT8OFuhzM>I=T5ND=XhiR^+q6ea^Ve!G%dXBKsWSwYVxcUOQuE z+fBkT4$fnKZs!6tvWKyW+N_oYEAbx3*Aqj+xD@iLIeKS@% zXt>L$fU2YW@Zm|P#tqGT>56=Sy*cB6P>JGJ$aKOfmNt7zh5=6LHDPkf=Oj>u6{b8@ z-~?&>ST7$MdVmikIRds0T;cg~Hr=1DZ0s_pBZ0zTWi#%l6cHMhs0^T=XbD0j7M;T-#f@e{e7d9$o<&y@1J|?y0P~$egnS<3)!HsevST z_%BS`#6(&+m**&-NQ0k!)>oL4l8udl{K~J}r34ZwlpsMa z!i6|J)4M~YwN1U`v(P8E)>g9~^uN;tL%lO3wrMWRw0xD%)d$x(kiO?s;z z*V2WdM2TsTeBvFO=f?^iVRU<~^F*ndn6&GD z5Cw`)q-J()v$NGovi5D3gx_j&|4&9>(|EKhkDYT-I&9VQtk=reYIQKTL)JW)0EFX{ ze!aA~904zT|AOgq=r`M*Woae-BT;}m*EgZB5#Lo9JSB}Wfu541nMD^y#M;SC8=Wii-g}rAr z5*2(k7h&B`u1%Gr^n4yJDHE zU2>%GZ2u?)dI@uVs$1O!?|CVJozS{OsUCI-lV1LrH9lOL&|GVk&dtL8*$FgYyFOPd z8kK$wZS485t@eRKIUuI_=ZvPKP)C;qa)OyU7bI_({V{y0Dsp6GL}f-J_$ZVrZHfD` zgBDvQcp^l4RWI**{Z^~l!MCZYTsX#Pr1ShGL}Zw#yp*Q=m=zEdPcD@ZN(31vJx9Eq z+7CG8g33l|n-2DCR$U|6v<9Dza2gSNrAu+4qGma%ePT16hs(%`hRvQ401qGg9-F)& z%LI-Bb+jMGzR9^;&}*U+TD(CtaA zWoywjay(8WZ#Yyg41kURYc^IFu*Dz)6`Zr3GlT4si?Hq11A5ac-S-KVP%6l=j&)h! za_)}~Rz`6vaI7y$+XipaHemMM^gDc7M5(GN7)@rvEP^j!Z6e#hq>+frUdmDtFnjY> zv(Ks{+{g)W#l{Rj+K~D2<3$^s0!i^$34;Vvr>Gp_VU@yOmE3#O)H8_4R66qDv=!&+ zM8w@X4NP-_>1p4^M!WU7K6nr=)A^|U=JU3^4H9Ea(V319;531=O3nJN;k1y6R;lQ7 zvu1#I=x&6iRm^ow#{pTULW@HkI30`TG5CV7d2P$H#)C5jv&Uz z@0NsS+}?}aK$|t(ah1p|D-#P15MqwisK zSL1uBvPCxm?_F5^nRQg)Fg;-dw?Zi}$2E|wyQ`n7TaNg(bEzX8>RMH_AM{qcH*eL1kov1#dm1LW)x4!w>0)zj#pZN{ba5wp?1 z_T;SgsHTfsGiE2WVqbrI$x_0(i{*&5%jn>J6CEyKFdwETBOc$ZCylbKPR43A1Doa; z()G@G#4vSsuy~T(5k378oLnN&M1uAk`i!wn8sApCp|W5I@Agd6Q@# zKYrBDD1tF0%rOpCw$GQ_)lHAC*oLC_FN)g+XD>NCS=WMb-&VCB{DtUjEcaimMcs5B zSw%$pF8iPRR8a7+YjuK$>kN%j5?z50Vl&em9?jFj|8ympB@jNdbP=xAggzXuwZ^^m z6uw_cDclyh0@I1$s5MD}jT&5{n5map^YV_reR))^PB}n~DG1+{>{Y9}XknR?WY;d7 z%&>F(^<{^)@yPS)km3@E61l5)>5V+&PfYavrKE29%%PtS=>%H2#{CeoBx=X1k)m@Wo5`%>yH0xMJ=K z^>g<-(1DrPhEixy9$Q74>ysNaa`N)q97A5I&`OmR21=WI*WUFKr@KUP(hshxun5WF z4>u_VB@M@c9a~mj&Np5Vhb(CvzIv<+cveM*$0YOmJTQ)2u$sByA6pFkx&|QqOP(+E zoxXo&HL?4?^5mM$gQi-=%@#&poDOhJfFW0U)7QhpW5gdti;jyMSgc)JbK$J$Oj59l zn`dG~YB{-exhBQs_B+0ag7Yv0G?UIAHxq@_(8&eB5B~V|y&Dh=OP)@UbL?Z#x7y6@ z8UJY!84jgwRqgdh<5rMAy=Sybony|`%K$6rZ3V3ojZ@p|4``nj)flRt__)ORigDab zp*i5!4vNZmy(gFX4G;(53mGd;s$M>6(NoIUqvV?a(?NB`8KBIrBEIWTf@2*&<_V)IptwZ)4yc4@D z9<9bdK5ewDKeYwyUkl*g&Gue^#mz8bDScCoOxn)ncp-?I=L%0xBWW+Bv9*eEqeaHD zBjlR7S5sb%9nhFI9dp_S2DJ|elB{Q|U+*Erii*5>^V9k1ngdC&p1dK+V4CVe24&-( z7(aqW)+__|g*|R^W5%hvB^j_dQ~69t>(&Uo9dD-hXRU}SVKvUowjDViX=%hnp=!gdqrmP#2^ni1)|vVF^XHqCO})k=3^Rjef*3FhNgFdb@XZDie*s#??);s0b_tUP}Y-*wEDJSiX8u?Lxl9Gdo zLoY~^?ysO7{VRf&#H0~@gAk=^;5*A zzt^moM!m#NNeut%qnyLzTa7k^PD#z7gxJ`V7^iA?`7L~& zo;A}wyq7Ggu=mg`;@d-NyAY#-0gnDT4)#0}_>Y6tG*SdZ8K^%1hqM%w(5k;~R-z5B z4;uIu#cj!6aRBnUbSSqK-~57QkqxN+`!9)7I3K|lg;o4d3z7+ED%`g^=AD0EF6xb< zzmF8WYwr3p0SEk0mTLKo^}XulR#?Lnc=8Sk9&;Ie@v?2r2d1g?SSQEFIVCAf-LYHYiEi}W1v&l=cJ3vY=c4xN`gIi2t^`qf%NJk|#vaN|$~!dX(s;wM z<^+w2#d1xfd=4Y?{vW?t;CKnJBZ;F6EWr83nPxOFt=_S{3j;heGc(9|98I%+vv-qR zb>Z&iiO%ZL5N<3SIZ{jD=)jI@(WIuN1XGVi$&-H`ICv($mKthjjyCa#OiAg7xoyn$ zC|Kgw=dM2xkyUdK5X-+siJwn1FI5L?mf|{?zfs}}CIp$a?qz>2Xasp1cUoI7;k3yC zc(%l5)G_+5x29Dz7BSsC%~bP6odkZY2+Z;jR}3}yFD*e$+qkXdGQh&IRa#yfm0lAt zCm_cM4lDr;t>HFbG43=0%r_hvIu*~jRGcVcx4yus8mTB`gR@G99f#H8OClms?d@SV z7m8ym@J&&QHrm2G{wY-IhUy`w9{GH?xfmWG|A28Y_r0|UAl*QrIAx7zX8yEFSJ2%z zTwccOvoXtVSJ)#J5x3)p&wj>>@T%#gT@&@LDC@Y|sv$C59fM>1%KE5YL8A;Y^(XM& zY`YcdacFbu=4&H*)Y+k{H9UzzRN(Pt8_{Q`rka63sf-z@Niw>wdN{g^#u!0Xi`$rvw^EmzAap{>3zrAi4c20OY$XQNk&T?%(W~M2BM`1%_FsJ zc8!?C$!p#$xP+j(*rs@mx0V98+$1N5HVXOdbCSM`9slbkG0LP7(RUej{rRszeY>I; zhlgi65;>W+eEE#`CZ6%;plF@EW9?G07XUd{r<0wK;fdwEJ>h$H%L(jX&jU)r6YFaB zk{B&#kNMyL%#fZETxdZugVK_`S|XSZOaP{tZc;ZXW$@7V%B49DVAH+N_9slEqM+2d zDitLDvwsui#PMss#1w#7z$6M@W0q^=YUc0uQicDbgw*$S_UpjkcAYMiri_G*$77a5 znez`=ZNFBE+Y#I{h*>_%R06RRsu9EIZF~)ezMYOlb6yi7ug|5fk3{44Ax?%Uz0}+5 z=Ux<9ImK8D@R`(NA|>h+04YSi2mWSTDSVmSFpGmlWc%wGyPI?*OCfsfptKGG)3wnU z_WYT_qB_%+%E^U0;k#UFw7xjBf?n!KEFb?=0K*l^6f-fAc7IreT?zaWaK}fa$A3(W zQ{YP{1*!AzbPG;`C3x&TG&C2&8h@0|*XVP9B6p!A!pO1l+UrAfAJtAb5r`TZSPlEe zpew>XYtSL2wP;mMG0^^ptLa+L@=hH*Ec+LgN|m0|L#Pciy$54gY{Vtx^iwNj zscMwwu$05_y7Xi>-vr<_^P609ca}yGQxZim6DQ*RGeRV_6X<46s}p3RQ29Q zj3Yu$Q+jpsy%coIJSa(tR|GMhR5Mitk0COi<3L`YCYWpBl%#W;Qbp9?|+0m)>q^-tmfuTDF55gtayE zg`%o(;9X|)5L6^itl&S>s(>q#_pVY&X&sMHVHysWFxBTPUn$7W>XGBWEq44@1YH44 z^vxMrx97d3s%M?8sf1NnGlNdjec7l5O+5wt8kjx2Q@3>MS+bJ4I{LkgtFAm@@t}H1 zWe32zZC36C4Kjh#iBcr}G>`wt^PAr+q8L|NqF@ppKc8UETr<}{Wa^oE(WruHww#5* zCexX$mF*e{FdX8j9Z9$3G+4EByu5;Pg1qrnm<^7D^aKN-I};FRPo5Oih|S;c2d0K}Mp)OrK{TI&kK zm&;tw()#!eiF=YRL7`Ck^NF87?QpkamN~A$zW&7oNsvrz%z&@~kdR^qElxL)X*4(p z2v*ZFgQj;g+TC95fh>7DL4G9zl-I8S;6g1DdS)EJGahzwVl#QJ8Ll|qty4VnGfNe@ zXC`$Z^O~IG@eZekfq16VF)O3tK!bjYM(=gwXZrc}Wvj2%DQQ0BTA-5{xo0s52FGeO z3qDc;eYWO~#3G!;?c8_RLeC~L_Yg;gBXxr=r{`_;qS2r7{Ur&@-t_v2O->saAcUi> zz0)CKp@M(YOaNN~u`U6+y>%bsg;T09f|4pte9s4-vADQc^Q*pmJhWZpjcJ2Vm6spW zrA;ZzxYkLuN0+pVsow zW7y@ruwIiHhzjeOAWINnnkc-k6|zv=!0Un;3$8jWsV~ayzuEZHJt0-kmKvE=6~%%_ zTnCs(b=;NTR+zS_spC^i%gQ+kU4c!r+|oS|hf6>at*tTTZ4^`9$^tu<2^Rr*d!B{o zn5ZJ@X^J=b{mQxWhFnB}m2D_eEscp~tiR znFt%$pJF$MB?sVM-q}jU0nn1Em?9#X@c4*Z(@(E;JPE1ji;rGw6uNGWbsv8<5f#Cf zPSHCHY$6Bx%f&VF#sa4lV~*@KIYu$ZH+V$F#1u!QrGv8xSa>#@Hc_!rEveOvOH3oq z;}a7P)yKLok8F0mE3mbE$*_DN4DtH)HQ2DSYpQZXVMk!@Q!e-QRS?YLjeVpm67l8@ zmD*)fJc-FDF0MsT=NlCfj$855sA@kP)^l{EW8quqbXO`HlL3I_7oF}(=BWhj*V)*R z95iyvYtG`|Mu%sJc!ogqn`&HuRIX+!tLt=ESo7(yEZ-={9=Ki!lgWb*bOTLOPgtg` zP9;3F7zGhL-Kwhx4%9J)#u?eC&kGUsH$PA)Ezd+Sg)g=r>+5;%w6j(XQM01tMSv$& z|KKZQjWsR-`Ny+5j%Lt5{q!r>Fe>l&!QQD;(bk@pcOy8sZ_ZjQK&6O}waOX`rxg9L zxccCi!-Vs^fsbA>g!!pXCV$5Z13Ml92rsexS@jSV#4arW;9@a(1k=o6w{A4G#qG6{ z!IXN*djOV0BNIbXQWhnX)29IvQ&67b#>OOi2;^xz_;_|iMl@ce$ToH>EG(4iEL&G@ z8M+ofmG$g8N!|6?ZMn<^W^F6%yj3P}0C zq2J$^zO-GseEFW|ew!I?NVoQOurcm|@uM@TvX)E~f3E-1mCzst#O>HWLD0uJfUK3B zwYBTo)slhv_oL0wpA8D>F8%XuT>vT9*2*wLKEPU6a$cQ>uj~knRNeeL_Fo9-%cRfb z7TkynaUH^yyz+N^U;hG#TxEUyd=(2SxH7+e`+>rzfH2zQJ=^b%b6*&gSaWd&Aa-(l zduN0rR(|8?4J6+`Y1W3yq~#01YmQqM8@{KjtLugbc(EAd+@%;8K1Qdh;sH6W!u%YTTA?= zh9@_fAy}2|P_C}tqeq)XKX-fp0o9AlRb_{CXaCtqKe^MVS(QBUG_QfkBfwa4;3=%F zpg|vS9fsz40>j7tN%{WJ$sC5i4=KEUWW+6@*WSCfwkOY1>njw(uKdpmR^$U{8kBg~?61E>wDs?I=c0E65&_oq`xU*#AP9Wm;DO9sf#YB|wE>VRWMX*Q z-MxTl7+6?X$Yh2!U=jh->PKsLteUO%!s)>p@Xo2 z{2f7BKvxe5%Muf;tFfyim{TC8}`Z5$qggEhCNK= z7y{`Ap?9@pW<;+Gu~J5!$V&?lS?0c$2vC=E5Ot-Sj~XcP06nrD+(aod%!5`FjMwGH zV4NS*WcYGv^x-#ee(=aE{Ue3DcMK7EX0MuZL(el|G`ED(;exyTy3))2Iqfd#2RRh} zR^fr`Ko4`Z0Vwcftbm5PCwoDqXctr}*VNma|8g52Z{|b#+87LAdHk0zo6isEwag&o zjc%-Y_qHduX#i8{sPq`W6q&!!S`d$x{Kf%M8L~0Yq4{p4Geb+m< zgSBzp+|O?_%3_r7sOk^_rM$%$RkLXR{UnGIFqV(Zrh4L{76M=o>)Q2&E!jLHiZS+V z$Bz%V&a_w|6cifk7h}lud_5EHhh6f*pJqBj-ngKvw-}mt+uttsimqAL!RmIJf3E-YRW14-9H1hYlg+eZjW4R6xu~M=`ENL_fxPz)n zO3u#O_6V%x@#CeyDVE<@FTZBlHUr#V&V^#QhaZC?r~KsR&0d*NzlGHIG8VdpJqWWy zJd)y#iU)n?bTQaYIrD4POhSK(Nw_5DKMW}VW_ zmn4hnA}M4h+B8DBq`?q}m>t+}=1&rCy4t+aFu`lmMXiCt`XG=(2koPDe;2%fVChc{rp?Zh- z$qiYjewcpx4AB5-1xIb?wuss(S$=dlfE<#>gh=R#o(|P(wxX$3t2O58C)(k!uf^(W zi)U(U2g3wS-rz_z^lu-}WUAdO^xIU_o>xCozC|H?y69;7l+zN00Y6fTuP#J4e4- zVtEPp1&=_G-xLsn!-RLk`w)@DclPTqpjo3vSdh8URWf_zSL$B^<@{9?s~v8I_P%2l z{7t5Xwr6)&_hnd1bY3N0?~4ZA!gt)t%6oj3Ta=FVO}g|SWHN-J>@O7tTWYpuwmGkA2HEd=wLeLucx1ty$6CY+$=+jY(KJ$F^+3Eo251(i^jEoK< z5j%aJ?esE6JpA$FIE!ErRv@I0pJ4?%C##VAVC@J$Bgb!)HIiAcjWL-JcC-+<%V2xQrF%SmBh>{}vH3 zPpmNpftP3Ssra)ejvigww)?4!4%=mHWmaF1MNyv4Z1==7N1K`?A{!f`-+C;iO?H)g z7ENr5q+ic{2UC0(GSu7%L&02x9Ny@xr=(d{`O@<8XttPSq*asvf1+EB17k76X=6=S z2T-1V;bPxlE&?5YhqiJ^s})6itZMiNENlPO=|emz=(Qa#K-AWC8(MVS+VTa-<%LO5 ztXUoDnpU;p@w@Xqn_PUpVMJo~?gi?Dr))UTDg@CSL1xeW3mJ#75sx1uT0;CFrS}+K zJt$cZ7$KZ@W$9!V0C#T5Kae!Xe-+O^Am}AA8c4-C$M>U%|O_QkYlTLDEZmv z2c@j9HzxD|ksJJefHD(>4H)_Ml5|Y^R`ZE=NKMX7MOU1%N&pV(yorxl-kRHA|<7tp+HuFp}qgIuRZ53Jy8D+J)F`!>6 zLV7g%46nDPv(ELoZf#nbA94yEwb5CZTwWB#)`Fg3wGQzksa}^aIluqpzlvp3@MWp_ z`S}fJvbrRE1Y?PaMiU!^HTzT{pbM+v#y`z3Z(JNt!y_O@#XAnms4H> zO(I$pUHW-(RgQ56$p2QgIuHn!u{mUpZi^F0Cdn2orf1^ZtL=Pe1^ zbx7%WVcb9|JKhfK7ELqMr_2u-oU0k_L4AcZ2^=H5`OPOE>*D|BeZ9304DiohJnb@b zQIT9DhJ?;9r*-~J z2@re?%XojQn7H^eM4248H1+kJhVaj59no6wEB%!lQeX~_e&Y>wSk@OV`VFPkuA;@k zWl0&oc@}C=RKRbg;2n^~kf*JMw3z^L!0%>m+3>=<lH(b;2X0Q^x%S97aUSa5rek}*82c6p;%Krj~~ASzspuyb!LFv$MBq6 z{qqa%t;U&klc~WywlcVE!PzzDhecY>sGKPFkY*ghC_+}a77|m@Dfm9y#INQ+PA)Ai z^%p@^8}jJ*2r2=!>CQ|aM2*~{Knd>*=I*uhvB@o;_{bSVrBdA|qqv@`3(z!?^v;}= z=}=0*>;Zx@)0fX<0kkG&Nh?W+YF6LSj1OJSZryKzWC-B#vCOdNhPt3-?~21IJ!5Kj zXDLuton{SXU*w2}!}al&Sj)0N&1I5l4S8PC&2_?yDyt#<=OUHIvi9W(th%wWF-YN2 zAdrjQ`vxrq7%Xt%llmE_p4oTMOK1zT_c4&-2f;60^>Ns^o`d@a(`aX7lddFbY}w-> zSTnDqtgg4brC4qNXu=5aFb9k070v*!+hL|LQ{T`U86nsI*PYbe9p;;Gox{O)V6%9E zgQNcLFRJT*e*8Z@B*1P$&ggALg#xhGf=~?s;uR54Y+muv*qAyo;HDxa%quRHVe;E^ z45R8>TD0I-*LBvp(twlFY6g6Uh{t7Qog7efkX& z345jOS|U}d11@7#s)ghX2mf`RM(zCLN+N96^`Fli3SJkVLby#s90v68ruz=;TW{K^ zKWH1dY1n%S#J%~HV%SU5GDIjNlD3}@h$HYqVu;nKw*TQAcJS$y(bU0($zJ3 zf8LAR@TkvqU0t>BiB0h$d}rV1%V)f%SB$Qk9N4?p30IvFmcVf(2dQ^4QU&Q)9q^4?dTAt7 z_#HBCZFhb*uj%hT3+Yc}bh^8{rzE!D?|!u)Xzv52F)AV9(#x0o0ygWD>+MC%pMk4C z=jiz78J~H^y|}F(9j_su-%*G#k^6@#eKdVeY|KYaZUDs`LGupU>-Vyw1QFVoxBrVVE?LJ+%2cxBy_h#Kh={tDCPHDn!qit+`=2p6>yDiTIz} z(c3qWXpJ%>QFKE;xbZrU`@29G^#9o(Dd^cDzgL!>%xw!4YuiHd(Px*AD&E0~yu+r) z>i+%r^wk>`ZMsh4={rr*^Pv-ur$D9V9;OtvFLP_BWr)omQuj18rasQwvj@R|ZRIc|s^bPdKQv&97 zFfU)e9D7zdS7p|#O#99q50VFrbxxkF4oN$CnqSdtx>#w2pf2V9voc=M&7uO>{}$Q4 zd9Oci5Ej7s_vW&86hMc2e20h{8ji?LoB z<66RIVzn^$<_Awe9hYA!)@F))tIQn#9D~95*G2IwN`O%Q<}t05q=bYt(=wT&RRdGo zkN1NkhQ&0HQ30AMLp5xz&vqtnhm6unn~>jfOF=y3+i7d&q9NP3>N!<=+}_997{9-D zK_GZ+F&sV-pGX`R3H;J#0jYk>Vj6xf)YA)C9lx%$_S(7AO zK3VrMkD( zy^eJ{fLx+pO-VRCG89OmtBY#vLCyZ)^IUl$Kk*@2iWXVv6!eJe3%hWskdOLhRM*%z zzSL!4A|8!OnrKOsTlWJvS@2o;k!#82YOeE)8KMq}$1W+El!A7TXR1ERjqB8wKcgDv z+WrH0q4~7t1R2G{F6V?()hy!Z^XTI!73#{h6vl<*f&u4h{Z`gEp|jEl$4R<|p)T`` zJw%yfG$kvQmM2gnnl zdo0MOC$?^B0?TJ9G`Um<1CfX*m(u&$ZQQZNV|D^(0?9U!pgP0bvA6EY6>*V5LTM_tB1J2PP4B1{zYsBvpP&h}DBiXIZ_U-PW_6&>`ed3%UJ)pZ1M#A`$ z@=6Dl07zypCp=8{?pNVg^uB@_^kJ(aCZ^hRnEeqY?K3|p+~8U{pCs$j-!+W|v!tys zo*BB zIYTki6v)xzguI607ai8QjFD zFaeE1-*4;&QGP?a=CIN}{~SR3a-NGK=oT1o&!JU0Qk&|Y+_JTfjt&N^%97_HlLoQ9 z9a))Dzu(Y2`uCj&#=xEvRKBd4O?-b*Hf(XuqDO+W*DN6D_O=jZZ=wuJVfwK@Ibe*! zMF4p80$!5RS7b-Z#Ia&FS{REuh#^OKRT>_Ov3`rY+0GA z_Rc%=?0|Tqr9`EYMn}GRB}nA^pww&Fy!ba3J}`6Q!5AVzx68~DLQMZ>l=DJG0XwNF07En1V9i4B&}D4aTWSX}xsdK!=0 zW#3n5BWvoY$g(j`^(5V!DpbRam6I&&@6O)e!aSTzRz-*~+N!yz#u6b+P&{|ovLo4N zC=pD`F^#n$JAwk&NdV`HxT+-+OqwOWrVqq#yw&9AM`moQy|#&H4EtI+XJ}z9$lt+i zWB?A}O~UD5qYP*|N$al3EKw{?XT*2FWk#jy{i&Hf7G}gGc~2?t*$?9tn*icRbm5ZV z>%EyNfq`p>3kV(&E<+Xi)j>jPyTo#1@m^h%vy4!F$JMBcxyY`ru6?x!`s5BlkZYoa|TysaxO*I%U|k!yXK}3Pyq~mUdW`()tnqKZ1@!j-d8Lp zeWFFK4uB7tz@YBz$kuPV$gaPU8hvV5y@OR>#W-TswY0Qs zTNCu%jB4Jh%~tvZFAt#7GBS<{sSjC*F|e{h{)qP$ZUEl$`Gc)9^CwSRO{iD?zT#*d z%EAC!f8$)r@W)1W%xxfXLq`YHi6x(V<%*>@SI);qVL%}fNYHJGU9JR;5sETQIltEL z>0ZyCNE}^SYQhO?c(Xq5nfhL!n(U+*d(IV1Eoc5mS*BpijgIx#5<_f;OuJtZO{ z7-Wecj1D#LKaETVN?i=SH$y~@rj2g~M#?vb0TEF+%=pE1^o&dDPOIsi(BV+CGv9mw zfg*XPWv%aC^uh^lho$ZiZzJDB*W5fA?leYq56c$w4R`tqtMb{W6fd7MS1^&9vl$?V z{yJVm!dMyBM()~e?7>1Y=95;)M4y=9O%cwIQIi6ZaE`#Ezg*8X43yt~fhtUI%vg^p zPZ-;ZTcLWT6WfPp_aa%%=7dscIZ4- zIalF{83U@3u)fGGHNB>&$0X)aDTh^Zhn-AI9OEP8hW~2#+09@FepnX9aQn%JD5m$>MtKrSXOILHDT z8g%|x=Yg910p~JJ#8LWz{rmEe{jWx~X$S-`8qDZXhcUt-+jcjDQG$zs|6KkybO2Y3J?r2R z$rxFTSMchWs?!F*3NYm5HLy#p;FeXt(TD=EMZLhW<$*m~uxX=(<1G9yBQ;~f5#&41 zg}+dS#GpJCRsw5XPkvfmG~?~tx2+#wzw*IF{U)(d$BY@YzeNQ3jP!vFUSg7i6*Z7` zn2Nr42OwtO0Nc>OV4_YGn*t~CNhAInT*Tdx3rMK|(6st_BR4tk58myp2mP*RlX5Vd zxt3RA&L|B3?qdWsyRo3xvFXX}(@^o}KW_!4Lo4vQWj{7k!|%r@^u*4}`IwMB43kH> zcnjK!v0`UtOZ}*hN=!~ZOFiRSe1h;)uTOH|Tn=55VrR4$Kx-2Sa$}yc0v!-*eGYYJ zeK^8m;O*sS43-bRH4g7_{iK+f^it2j^4h?t=MOo20uo%Ar4y_E(E?zQn(XqQ*-pzV zorGf=NFY;5Oi4D#Gs(vgii)@5sojI@kE(tPZ`7sc^U8`SD%-|#Ec;MMnu&AIBo;xb z>1S|b**UBih898M4L=Qe`2w0>R} z+~Sb1hJ%B{+M!aCM+*^_mKl0(zx;w}m>u{~J1}+BAu3OgVsP~;C#ex{j>I|0o!=08 zL{3KT`i-*vkNc1neLh~X=9%aM5lZ=AM8%(zhy^65P%c&v%#=CzN%1g71*Ll90{OKlyu#GvmmKa0J%H~CWg<^uGBvX%bH{bhy$4z4U{T%8% zH}bZHAe6}={E+uRnp3Y#9Gx~?9WdV7E;qhD8rf)~Tp{V%-0wtbbjVD3br^>~>6G6$ z&fPos{KD34)*-ulB#YyGctW`5-ZM#_MCCFYNT4}@Q%q*TP}^c}2TZU6)NDwSvkMwc z=C|`qN}AK-%$}oItU=IpRy6T}nXKgVp1e@*xza)%v`x&N*s-yB?h`67AzVxgEj^wa z*AARAdL``8S9qD*a0&k=!`6?znnSe@Y{A&YqH9Fx`BeYp>yt7WFw3J0!?SruK5p@Agm?i=A*zmoXo>i-s zqPruXk%H5B*o=;jj!2}i0j2vqR-KpeO2YwYU5kLZ2q>cxhY{7mStxgAQu-a*KNApq zaG!7zPhs3!pSTdVKT`AR)oK2++!~C?9+hbvIr$>@oGH{il=lKwSlpzzKGrnQ)h4F&Dxz`(`|dQo!3J`0?11-v6!rdul|br^FxL3J z^t0~2a>`g`Acs|6D3UAW*dOLIgd4z++eHoexcq#&v3)sI0+4s_ppW^C^>FMcOW}9ugKH7o8`Tl-y`efx&t0MP~Iba}?JUZO_n9nND-qzpz zKrAAYHK+%8)PZxuBKXGJWxy70On&T#n=LGBIj>C`oC9l&yz&b8PS0;d3DJUevEYN{XxsNU`=euTwtfzPL+kk}Kdnuo|D&j^&u|qym!_X%fINr2{TY3$Waj&u zAXtP_LA3CUjYc*cKe!WBg4B?OS)fXX=k60ukD%W7drfu7Lz)5D9&dnRLtWz=*9~+A z=D8JWZS)Kb5+uwOYc>^dvop8g6l*Jme?h-vFmc*`z@2~KL72b zcjLy3d?#-WC{We|=GP7(asM>0%#YXRSF{Fw_8~dfs?Ftc|1AWOv*Cy3RA5o*WJdCL zl*}Y(ng7Xwb+^$n=UC{wX<-oy7Uh@*=v3m}M{6@x!@MCfvg$8(OeS0)n!TSn%SedEKeg7CqbZ?tA63wav^=Ri9h)YvLPQ**un1G-> z1=gpq2Hk&FrHw>ycE3cu`qU-pbE)q`q%w`L77q3b%=Kb z;4{^uTz^d<2gkl-Te#U@j|Hf0*hB!pC;n0xbNtVb|1%{2KUf4RsRzVOURKUm$Z@Hx z--Rv+i4{qlTJcgcLh2E%%aUN_(l>WW;K>*nuPq<#dQIJ;2uup9>&L6ox&DkM-sB=A zWbVdJtNGgH8l0jF7&fMxzP1RxtBqhJ>{ zSJvdS2Xzi$xmjoolT0Uc5)M3M3zw5wVN$`2zd_WJvpvV8)YP>+@81m321~YgH#>0M za*-7fzfOmf4oubr{}IjeiZHf4t?kO{^cd9=@>~{AEhMW1jE7^{!Vn2MP8UAy=&$zA z$jvF@3OM5 z0;qg5l&ha35@{-T?!d+!{RL`w>`^D&kQms@C(ADhNThF9rZZy*V03zs9c%xgX5m*`=nda~efmrd@Up4b3cX@L(Y4XK#| z^^WCNqn-XkUOSmBCZ&zJ>H@8Q6H}s}a;aRwH2cv|4wZeRgfxqd(fZMuWvs`;(e?_6 zLg$L9TIx4~PRrzg>lH$Z(|#JlZZg)YP_nnZ78+ibI$_sL-4cbfUP+0#B?sOargj^L zvbK{_lHEm@44a}&q>C~DF*e*JD2@43HvEd%_#hk}S3T**>z6Rr{A zbtCx?b6p}4ET1EEpH*FCQ}L8EP=y04ld}x(2E4hlfrg%c! zB^GMoG7u^YBsT`@MG;6Q2(^g2mY^h`-f|ToZISmwhUZ$5?J6p##X>FLatjkfofKFyrx+vL}aHcn)P(z>0K4Q}C$Y+Jc@|GpkstYxdN}Bh*T4(O4V{%jfA~Q-gbMyFRp(qh@|-a_ zDOA`QIUq;#Ln8Sk_a1q_sq`~VvzBhvpQwx5>#W1(Q21sRLfTdmQ59{hQ8J+g_H%JUm0^Vpw1)(5mz`(Bd6x?HXfIet3X*Gw~MGx{O z4~y5aChKSA?qE3uvyGPM@+;4`diH0DPPoNcCVQgkVL*{qwysN(QA(M~{uld8oD9iH zyB(@o&sP*lW%0f&H|g<=!%nMtXPmJs3KQ#T5BxV=_kDuwiGN*xxh7cP)?daxZXI;@ zNz8~QQmtRut76%38C`QP{u6qG2Qp+cD*_$JOljawImtnvpP(8RMOkUXKTsM7XTj(H z{Y5!7_QvkkRV2G;h!4I}eZdPDe#V7uXwgjeY_5OZsVuMwmh{>;yIZO5%;{dzxEzUj zJDz9-(GNm6%qlXRkU%>om^{8%xh&b-i>JPIIc{PF zn_SWim(QPMViEt4W5BO|7Q+OQZ4 zC_*Fp_3;u&Rt>mH7r!@WAUz_19>@R-SyJ1QEGKEnq#X&}Kd8|Gu^@<=@}xks7ml{O zC=f8)u+bV0vz`0cMBA6h=65gHNF+2fNFnf8#vXR#HMaMG!Z=I$TbFwHm5u|5^_wr} z@qmt?Hn3u|^7C5@>advIatAS6w$i%eXP%1T8steSmNSF?GkY3sff<0+F+L7F1*pQ1 zoGWGwnPdpf$7U?)9wEdQa8>#vTOMgAE7&f)egJS-GfH6Sa8>>pgh-vQni&?>zy}8v zL4kG}q>ue*eWWGEvSj*(J%&y0xlV~}tWV6>Fz!=F*_H}a*g#@CS{RL=pnY~a+ynA` zXaErU`NM8GzNLcc%2}M@MAfq7@nVR6m#8jftp{NBFHMa5*)->rgXFvD)~BD_c;K=r zeCUgQ!DyCzL@TqS$!e)tngF>G?k|s2dvvrMmzs+RqzJj%1GN!ABucQFh)W?tHARD7 zgrLRHYm7Phcs6b3na)|K*w)Iq6bGNd6yd3=x|H}}(&Q;$dR|o!Ei3-sxBIYoKNR=b zkB--D$~ZPHLmsHC-v65=33Me8e=6Yfb7dwB@idpbA8f@iLCk0r^EULR-AOu`lf4v% zvUo{M#`_M?xwZ~kMXD6`m_bxQT^2!$7t`}QMdgU=lzY=%1$SL>%07fGmI5zE=xAkN z9JFCBS>Duc`B5HJmQ1fA`C9!UyP$mvadB~^a5(l0$M@bc&mGA}5}~QywPaawjin+> z#z`RZ6oDnlr3CnaupMC~lh&fSivUA(E4p4DawjRD0LG>Pr6Nm|XFN9vlEgEv?ok-4 zj8~$D2sa>k`X=0Zz#iqXkDp(edk>$foUO9LSg-K=@O);2fu4X=Dg9DO_3GL>V`-Ln zpdYeI@?<%DvqiwXh0`FCY&*P-KlX%P#xV`GNZw>n*~(O+-Qze(=$}u}=~^>A@)U+= zA;ltKUu!QUv?b%rUr4tyyha9p=dnm42a(!LxKz%j89$4S2ZCM$6U(I8%yH{z_wkzV z7(thXa5eDKcM%lv3er1kYvO;mB3>&>7x37O41kZiUR>d2T4WFa3|UFPUdFYSlHQ== zP})Kem_j(#)c`mWoAh*Q`wjIm&45{hb3T2RxRbfomL4@wowC0_fLyH(v#7dt+ZsVf zTmHzl;N=|onea}}k6XS#l54D^$;pKa-E%0jdpj%Iy8ijJ-6uRO^RSYi!J&AxYZMY=jkMh}d`%loxjVxj6z<$F_TN#%d=mtwxEEs|P{iG!3 zGlfs+Lf>xIYOjSwPAkg7chO^L6bQ8J{S47(K0N1U+d>KlTorj*Td?@Q-0;j+kKSR& zA0O`>Ds`(6^f%%(_xCfwp@h44PVmrjNG&=ut36GxHQBNAVL_r!y9Pw_IB}JO%bPiA z>}~_r*2_7d-!18vwrkGq7Vv^h(fJR>#b;6StABHn=*R%Awfl%@*b-8b*-A`jL_F~Z zuazhZtLMaT{hF?nnqtHOSPtV|C$Xn2#DgK;*)^*coyg~{x8QmPP=VNLk6yIp zljo;~mEXRh#`Y|~>Q@xJNw7T1V3R{QL~LxPynmF%254{MxuS1io$bZTI}|lcPL=GZ zaqF-u?^exMgdkgolQcubyFsTjdqpNP3VAGOl$7p9^x83pn7n2-h3<_D6?vuPZkpgQHm&$^dc|SaRxi21q>`TL7r;QDLRt!x4*BP-%owt>$?k5|<~c)l$-@ynB}WzR z*%Q}aN8O$)36N39&>@#Nl@Nm{)%vzadKwh)N&$AorJepH~d34gb8@<={S=ay%ivF!HgSs!AMq!5^1%P)G##FY5obGvs9yp>Zm@9hRuh`tSNrJpicZV;u0n;K3H07tYFcm0)0 z^*nYJbM>l9aFC$7ai;dv0+nrAEw>qWJWW8pAe%+$3>^h5+`TW(%q>jIe51zY<8S8?IKe5tjXox?nu`87U|?Y?UUcVC_6p);w^e>Qt*{tKu{LyPOKRcW5%rvjZCnCIGqhfd9476d zPEIe;x2XLL?$oL>h1~0-AES5L{uaAmrmBA(yPAWmsp;a|YT&4~F(@24&^q9_0*}Q? z++YAPBy^27gG(g1nflBz+TIAxaV~t?rnmI@nPm5&qGFBcV{!_%BcDS7ieIc|A}X$$ z#R%NKelSai6xZ@DRzlQ)u#TZ?tFRl&JxM)^M938tvbSur#oe}SwfIt#B$i*1(avia z3Mqaci-78pZTltgOXQM%EXZ=yNO>laF0{iP5NVqbNnX7}W;3^+*_8im>?e-2y)g}b zyU~ma+I1t#i5Kxp+fgdwc5GVJ=W-}TPg;G}87m(QDe@FZdK~D_OrkBDko_$C-@(#} zH6_2&QYmw(p{=S;=l+GKk$Y__`MsMeRAmW~is-C`s}F4AQEtI`-ZQd!P9l+s@{6IXOBmB@$T$!{h~!QZ=Dj%g%4AK}TT& z`&-;|7K4`H2K^RyulL6|^?i|<+KI6!OGdAMoyyYWD3lV2?wFfnyA9-ar_x39H=Xb6 z6Tl4XM3fElB1^7jfq-W(Uz@LFzcF(km!S^tMKzMjh%%5}s5R+jjJ@P8oXR*X=~)A~ z64Cusw*^B7>g9;7Tupy(=bj0#CJk@%_^FX8s)6viWyAi8TWORW8CxbC)d?wIB=HDY zNXCzMqtc)xQ1BdrR2;Q#Rc?PjqM#?IUtDnGUs=63yWSo!A-UcuB0raDXA63!P)|T# zNaR4BBA|`WmDK`UL_M$@PYBkpSk4bv8X^lO1ADx`RUeX>{pi8xWWmK$6DuzITG@26 z9n)(YPh?%VpG;YJ6(sb`Ie7igr>bm|Tn%DPRH4R_JPEj>oR2PL#CXU&1q0DyT*O$| zMl>CvZ;nx5|4X2(I0O~QjGZ3CRGw44-=TJaF`bLG!SDUT3r$&~f}ht31V|B-*>^CY zlS!!u@lO0|5C6*xA)IN2g(oGe)^!mL%18nP!i@F0Iv|49EMFk1mPdPrj_N2a;)EN( zg^8(_F)!8t)iu>uqz*nj8nm?qJu|;U8q*WtOJ-VHT927|MeYkr_7aIYzZZ4#@1Z!$ zMGAwNFoS5x>>^r|mmvGs>woKDZ zFo6KiADUSC46N>?b_i5hW!=468D)eknIm0 zkMtsyC$=GwL9H$ppz*XA8}kJpa1#lzg&SZKFAXkB9uWA$NY~iGp;ejGjHm-`T7CLN zc*bUk4DSs+TEk$ur{~O{N7gz#lf5RU`sSAhP8FfchP+$JXvz#Ez)ytwbU{W26bC7$ z6QpxPm;26L^Ny)R!HO%B7~2&La&7E zuh|rAe9U|S9n^L5VAAi+em}ybkd3y zW7{Czgd$>s5a$QS*Rd}nF7L2gWD9Vo9W~~axz*mdmFW@#lVYO+c0O1goJ+f#&`ts#=PueZR1c8hjPK_>@1D!?2QC#ijq)gCIL*;P7t6J1bxNfJAOHP+2VjWGx*V8+~Ys0sBz{dZQ|D zj((scXmyWifVK&1Tr^?x^J~^rJM_8nu@r*zOL{zy_|~?s$Va_{k7~x%e<&Mn>dGnt zQ(;`;Lw+S;-k)h+*>gft5;E8u-^dZzxtnx(mcDBl_S`8g=~xB_E209aifa>TljpG^jF zk6T``v+)E};+;K2c)caZTwi~QMc3Q;iT&e~GUR39asCG6gk3nf=0W>!YCGN42U|5O zYw4ICN5b<3L8ClJM`Sc%>#u;=AQp7`=~{`gTIL&+@5dcZowkel87+x%+zl0G#xC{Ps1lWIn zGxynczm?zldqrc zG5K(h(s7ZJHanzi|Hr?j9z3rOQ?DwE&0D3b8pS&MaT&LgnEupno-0YDq~$9f^bBk&V`=8T0 zDJ`uBb>JI<1|WDvd@ucT^=mpHm1!dYNU|>Ks~u_uB^4ZYmDrNese=N^A_pqwGaCfO zKxACO@bdCzoMMy>%$ZdCm+0#1awg^EBeLit(ufeo85N5)491O9W$h_Im-u z^}nui{{qs9&Ndem^p_s8dwLA!ph{69PE$5fOFL8gQ);5ow{PE0N=n8F^Q#0Jff)D+ z|7O?=?|-Gc@dZKLW^I5ohd3h1nQ zI~b1WcSp2%;VvFN{FjCFn#1f9oHNx15`si&o+d4;ylg6ZZ1) zSw8)%$_uXC{!_>0caB?}+kgAl6M@aTO!z_{)9y^5ID}vIIUC%*{bts?ve~u>O0$uU zZjq6ZH_B|J;$LF1I6%zlX=!j|dR9@9UQ0_$H1B;oTicUza)zJ?g%i+YJE!=3uvXP^ zps}nk-CfO=iNAL8#EBj+S7zf+oE}Ci%nGQVtMkBSITk(D#>B zusZ6IeCt+BDsHNV0(Yfh%`3M2o6-Pxz8;s7vF8CV6LY#(4(GUOmPy zJdW?{7>z=y{4jx$`1Xv)sWnOds)oiB#hTh$wK*v5tPhi(AYgGnf8NpP@FXaU#x=>< z4^0*T+2jCn*^r(&!pPmPgN8T=<{jq;%U>+PBI<5yJN?r;pl@#N3O$TVum|+&B_89A zTex(;?qrA2`L;f|A1R=m4XMyZG9}92dGWimthjl_O)$n%2X}34tu&LE8z|F(V{f=S z{#o7}o!ena3D-j&v;+?Ix@ zC`*973C|Dp!u*;P+_^mXTpy#Wrw19LlYpgMzPcQnwn$s>HN;uuL22---jGkPcX6tY zsqEab<7HxEPQ+n3=vL!$k*0kh#~@Gl#*Oy(tGNa_z)WU_hljuFRef`PEa+_fHIw(Z z9)QbR0cx^-W;N2uxv#I!1TqV+xm>P{goyx1PoJH2hV2+&#@vK&92}>IV7H$Cm$kL^ zyR@`RFiQcHd3`6RoI%$zzCB^k3AMy`@y?+LHCW#EQ1k2$Y1yBpR;LdZ0~EYsG{5R! zf@TMol$JJ*dz=s#*8=qyvPe!Hcm^fP$XMU_eQ6OoLe>4ohHcT0N8|ek24HW4lp!5T z0v%wMVL-k;j%~!g3xG@(>F8($6gk@z7>zCZ7DMsO5xQkfpr7zMd1|U1S{vz`nuslLB9Wf$o{P3Tz|=nANa~jQ)C2GRYNK&D}^+dK;wK8 zcI4F5lu4y`o~-lt*SAie%P8n`md!J-G=Qy#f%C7Rj&e^{b+x&&vT|c{^G#T`Cr_TV zK7H`4+pto(nFQ2hIS0D^s?g`)=!DkO9Kz>qZ8N}zqqxU_rbwjD96_rIkX5qbnEoN2sNnu)WM7`Q&*;QaC<70?+?sH_Qh3GDhiGtKYrcc zzas7Khr|2~iVt|J`k-ARHz*xB<>kf%6?!gI)ur}Y1h|}kJtVeo$G7GKgocJgKE#Hj z`*t|M7glw>a2u>H^aVfR1`5A6O2?eHQ&X(?izT2DY-FQY@n4&po9jakLx0Sz583vx z(iQwy-lZ+9L1!tO)cJqHpZil!5li}Ubn#tDiC4WsJBfc!-Th@S-e3wbpNo>i2BfRs zytx1e7GOS04+YrGM;Sn`nX&bSkuM>fdF@`0qTdBPnOODrf@f|UUV1$I`7aq6uR-Rq zXZiUO^2x17X2wV)_0lc&_V(B9>`2d7leIIaXJ$k~zpTTVH#ef3;6`7JzIn*DXeZV| zN6j0Qe@N@*2IN*y>Q6Ha=%!3z?Q|2s8 zO%*<85;|%7wq%XT`{izDK3$qZ(b+yJ~HVkR)TO=Vopd?^&_X_)o^|}k5ON4_g;4g2 z?ty0_9%j0_Qqwa5adv{>mk;*EDf?6DBOiubVK#UBtL&xxsRI?qKu11GdLZz}Z`xUh z*r|J&^8QLGd(F9-%Di(V`_l)H2AP~X01H2Inl?NGjzKMGQ~e4z+_@VJKr;t`n$(o) zS*ULw(zz#?y8WZNo=^6?NW!OEZQwLHbI-MPb_!*7o+uj-&+N>C%|;DWNe-AVAD!k3 zdTUs6kg$t!{;$(-a!~&`>gUd&BK=F_GQnUN!kr{-QX1vZj!@VU)&)iY_|&SbX?L5( zMSohn6*v2E`cKBTe{De^80=H`xO_p!-$M#c^G0y@TO7TNj`Xe!x-?+A;wse6roDK~ zQlT+}UB17+eY5u;XmvWeISJ0K);`m|#n0Au;w8oDEU(qWflmi_J-R(3GHu}xruTAW znd?wClTP8Puwz~^IP(WGxs&M&qZ&Fof+NQ>@ssfsp=#Wuzg2uWkv>#lk_Q_hwFb8N z#^ZiG0+um1p*Cvl!|T_#8fmb>BKQb^p1;!&ADtLxVSnrfSFl@DrS^_c%Tr}~xx#B=wB zyW!Y1T(6kMNpW$0*-NtV*D5C8KD*arY!`97SnwJEvat_URe|5*=axwX!P1sXL(leE zC}SZAb0w?3|!kJh!YSJ~dUyL+QKnwbJXy z_fh#ore=!>2ClBIgB8^j;!N8c)iVPk;cyFa+9^sWPB5sTL2zsf6GU*0$N1I0Id3?j zmGDk{lfH%dJm~Mw$8pO<(R=n4fRvlpum1%uWT(W3^L0^zhJZN08CnCHj*kbm_0ko4 z{y%;zb|cofuU1;s?J@Tq36)B0fi2fTC1G)2!nhz9(Sk7nznuN<-F0p4NHd8zfEJLA z&vo#V#6WS;{_V|%fOtSQ2dWrtKsJDX!AKxT6_5?QoNrIv^EvrsM0au7mMLlU{ydO$ zj;^k;L^Ak31M41YYqDaAb6=r5QB_?%EKmiDz#0#ad&7Ptr0yJs7eJ-J;xy-|7h~NW z#x?8x`_oHz>)TV+0eQZjpLYdxyMN!lcW>WbJQl5?>pLEnsvZ?tPLLb+RfTBos+N{M zL=_ShlScs}T!Y{Q@IHWEi0D#)-x1>CJeRD^j|vVv>iW+)+xH!SBH+Lb0`^1DBV4oL z)@ggdy9tUuFf)L@AysK$XxRIKcCXy5zsj!&NI{{ZzEhP$0&*YMsDb^^DB*G3gwEIM zD@aZyl3y_c5OX7-cou`|UM6-|AsI3%W$-R(=S1**P^xV)cHzOw%E}h$7A^s$cMycQ zM_KMb{jmrMxEWXzvHL7^Q2>B-eMKJ9XteE9cEWIt15~~Uwb9q)Oko*WSx3MsqtiG5 zT_8Rw?8!G5gQq!VfOZmVogSe6UGi80QPO4bgDK|Tr{6P0e9snuOswD%*X@fCuB2yXHaV7L z!_c~xL6q&JYbS4d>Hs*Z26z@g7+?vA6h~d<_EPQu>;@nPu_}b`sPjnWI}3?DJQ_{&#tJUljL(%^ECH!9_5;o3%9{)Q+=bwh) z8*g|%){H>UYdmm+4sXN$^C2AJ+ok_0+d!VY;_;tKB;=pM@?g3D>w)3>zwZ0|r&`;D*Iv1cyd5651}iECcZ6PqU)h`%_CL#UUvK{i>i!9v(^vZX9CmQ3 zI=aqZ`#-!oAyIMvu17DElhpveUO5N@uGe_$`Hmfh*0PCR{nIy16Q$c#e}xeD&-^d; z-aD$P?fVyvqH?Ur5kYDc5Kwv%lok~fDS{$`(xM%H z`)>*G*~{O6@|$9KAQS*3BlFh<83L#ne#f{D+|7;8yW@d8_-QUx1a96kh=n&dkANKy z);Qz|KnpTBJ(0W*VkXtqcn{@zWw$p;zw5?UW&@2IIEaI^0nUHpqb8OxV4_CO8-(0=+%)b(=%wzsccd$zd6IWSP3*U(@Q9nCLS zM^So&g2heT{yqK6DIQifKR( z1rR^0ZjA4~MAA8^hGXPLdq-ae#?U!>#^)yGc*yNymF)YaIXSu7gziKSj}vNw5D0b0 zqwwppo>-?04F3eVnzj`B9_}Ltz@Jn-k^OsBAtCs#M{?&lUYJW&zSd6$?u*3C%-p|e zLH8x@fI8%Cbc=x5wsZJHDKaj}Uh|j9bG_l&zIA5QA~s>bnITX9mH6*|_V@F#d>;NM z7U12-1)lOs-*&5FP~7>>$o=~s7Z>HyD56TjtSGE>az{bMmXEiW7f>>;2*hgH z@lS1^dwEV?K6C=A-Rz_&E-$Zv^K4hBtkd(Uy}7iM{_$gBe9v5F8R8&Awto@J%dljD z#6A88b$k(1P`uE*kIBuAe30b73;@7rW99-j}9m`0ug^0fR93$c)?Y z2{n!feHZzBz|sRJ)IsOU3fup?H+)}V1KC`*o_}lY)yo)P@m(PWzpb)3G0G<+NmOHn z2!qPMyJL|#^w*cB18={0HIabt_B7?+&9?LF|6PR9tmZ#fL@=n7KW^Ua0+uqM5(9%* z3ECNWD;h0_Mh4D?U6tdB(&@RuTjCPiBMMHQc1h0r^JmZ6JP1s;0JsX+%0WQbjTbZo zN?BQX0E2lKceTBzBRWtL5(R+PEue3uz=gZ3~)&_=VLs4;Y&~Ng~ z6RVN`fZ@&?h)m#B5e03KPn@VT$a(*sb3jQ!+J$q0b9?9aTc)q9+gqkd+rTeT{s0jMEEu_; z;E-IAB>L~&3jBakFOz0(fmRmTpcj)I&RXo8lpvW^=Inn#Dl*nU>uPs8CjE5DOBqMn z&Mjkhc1E3BV*8R8`Cn8I`6TdSTU*=gMW4X;pIm`zp3tUXL*H|;{NJsi@+P@tT|NPpvY{wv5JmA3ZHcp;(fPB6DV7Q`geEA{hizN78j>3Z$u;Cn5 z=8te4IWV$RvBz8D+_@Lomt{_s>ReWJi4FYL`Um91*Vps^s9-7Pz#9@^({Jn?WK+68 z-~}EE!SKdH8cns}UW49Tx^K+$$U`U8I=NTA$6Jqr<^l0*IV-`*z-{#BMZu_-jc3vk zPZeAnUZ$QM;eUZXTdtrReoQCOSJ%?@t=7Q@GLn)7@!a%OZoGRkz4Cqb_vvHd)B@+F z^XDZZ(8hs*wW=;XGe`a0WF*Pb5LAnk=sFfDVoq%@~PDtYizLR9FdcY#Fo*;uUr`_PRh zp-F2iQs%;%L&Y0i0hA))vBfq~%;js(EHb{wnT zV-Ok6fA;2=BVHTB?iR#n`M`uA?}PzP8#@M3x&S$OmOimvN$4Zhc^{G8qLd!)dFBM|f6 zmEPfB;*a+X+fOMOF`TwcPEXHCN-_rCZ{X_4ThJ^A#xN(J+N)pRjJd=DJ7tte!l6TJ z1Glg;cPsZngm(0*UstCL@QV$F!vb=ELB-m#=lhMJ_LFu%B${+}Nh*76RDI0fHq-$z z57J{BHlX?0w2dvl_UU^6^A5+DbD(UzlOcwB|HSR1CjSu1)T}&Q6YydW;&jb9&YG9DQS8k9PulG_}ii#3_$OAb?l@ zdGp(~H92iV1B2MBXU?5Hd#&Yz=-+_X1J&-rBNbio@A8;&$@95 z$aqx!3Rma>W<6lf%MFBDume&+-j29-fd8}z|3$wWk(^Se)#70K=w3@7w*#^s*cv z-ZUyk-~b(f`ZHM;wOb$Z^6mrw%PXa#tB1Kd@7UuPZYLc0H~2k=}+)u`!7gA-Kxwt-WNjZJ{2jhAuV6~p> zq_#c&MXS)jkoGp|Dc0QP`e=;bD%-ZnPAI4HMKqr+`E>e_jHO#^+VAwYohF0;P%s3T3~`htUsOc;ik2 ze9>4Dj>i`yHzhGw(UYM}OXq?U;H)2oiLtMYaHHU(9nEUh$yp$&2YZ|pWDy)%NS?V+vkn+GOESv!hYt`nj5%uBM$z0L z+Xxnx8Egpx{QpK!r&Tr!eH)yA1W3D%WgEbQ>&;zAZ@f)S%{DPA3=>|h)boG%Dbc=@OrAmCBB&3<&$m~z53^-^>EQ8&fAVP_}QYS zI-kk?a}Jo%f%cxBJ46exR! zwYS?6H1C#IxL~9z(I@gq^(xDQXsnNWXJ2=(I10k)an|y36(;wTwLTyUSe0Kl#!{+DmWezxxlbk0PzWfzx%KWAa z+&J;VJIKSOVN;R5(dv6F5S3y%D;f8e%Xzrkdc*mrQS9BLqFDC? z$>f*U>BuIajvs3bkmnhV|`ci~oM_~=%yu37DpBriL z_=N@G1X^0_CK`{J@mwA?bgN-tpt3Zvx!*uUYi1~85D{_FS8px^;Y011rM|o)j>SAz1(FcMI~1>aT2X@y7|5SCr#PNLr+NAZCDN)DKiC-u&6mjCy(a z(As8xAmZ)G4r^>INO&~|OJKrr*R05Q;i9OXOE^QB(`uX98$YKF z>zWmg9Ke5cr2frxDcZ=zf?R=?LC=fX20=Qe4RYq{fzcaN0rt#>;Q+f&f57;D5Xwz* zwi(hsi6LAJN#_w^jGt!}GW1H#>f7N}=A(j*FW7Ib_W0lxxPbwd5bDolwGL$>RVCG^ z56EBtvb>(Ku?!N2>LtvjBwk4Qhi?owYE&MDe97xf`4_{ULJd|_qzTjyBoaZ=AcQSQLiPlptTjY%18vVS)#dUJQ4puKNLQc-UWRpY1 zLW8ufTVr8%0vFvrFmW%kGnrH44elv=HOwLuFZh1nwp3t|y7xe<5Y7aS&f40FNl|77 zxYQrxTO`c!!kK*`6Yv)xDswXdipjfQsv}s0SFc_gP4_VrnH&=ENzUDL5TvFaQ! za`Lx_j87xMI26PF!K$>jl!@Paq^>8{(G@xLC7^tuZ)G{ba`f~PRvfb(Nk+3QVubjW zhfOR$KYm1#e;uWVuRBa_PgB%kV@N83XR%#VWki$(JA&`m3;S#W6U^~Q=FQ*cWcka? z31xXT#tZWFL&a3D@oED2uhI3ErMj=aUUfs(!(m7Dtzx#0US$2c5(ui(1hRUF!7{0^ zHeWo=vapD$g?U&WVx^t*>|kA5nKlX1lu8!2jRJx_eoX@a(MyG&%s;W2Ga9a-0dDo~ z8p!T!9bw8{-1Z2xt(~39FJXBez+pGTT_O1)TJV`st1g? zIS>_j;vmVA_d)2)?;HJP;z%<8|!M$t2PG990)CQdkFVuj!&XLDfjw172mM&%och# z_U+5#m+j)&?H`u*bk434zD~@KF1YqiHB7&9XdAiUMXyPi4Ce`8Mx<4OCYX?rum7rY z@|S&l7R$!AVq&g1=)a~?57akU182p>>_)Aag+~_Y4i5Ssv$EXvmQHfau=%S?cClYN z)}nnnmLJA`M=JA<;(PZShGv0*oyLcHn1P`_D;TAwlZL*&i=+51$pY(T=$#&Xl%xuu z;hZp&r`kdz(>Gh&{&u9Fgqgsx^>C}=rlfxP14WJsPwo18&L4G^jLVe9&FE0}v!GMO zt~Cd@j$G>FLMhNL9MHfLZ;@EQf&ABTm$C=6ce82-@ug{H4Is?yBOF6garPtH?BA=Q zXC{y{AL1$jloO#=<9zQgfpR=cx1F^oSr1cT<}x(D_mBJi^dcBnknZk&gZ_d!o9O3n zK8w-hd5Auc;`cf$e#u_l6hoh_;Z`NiUbJ|2Zg{20sc7xt-hGe|?ti13Q}zIMdR|FX zOR`{cWY(;*Ub*w6^?Fl6&%CG7xF8bs1N%Vc!-vn8PoDJj9<@(2t(DO9vj)t*g!M%$E|Y7IPTYl5Lf5*WJE()Wbx6)&N#3vnK5PO7c% zd+fV0&kWLc_~xl@pV? z1@4%Q+%HCpnfqdLy)osPJVRue`hoP9H8oV*q|Ey30jrF^CMmZD)5YsaB@I6q4Ac!3 zOWy4ib9#lK-@-vWUbJOALpXTqPVrafv*|uh=F4LOalj@+uw-NrH&4d)pR;M85WF9t zHX5ONK|q~<{qaAp-nb*<>&w1PFOgfNa1d&R!Z71L<~xG$k9Q~T4t)F|7JG@g`p%$9 zVja06jr>>?yvbQ$Uabn4vvAMj+;#ns=19(#muv#ca|83#SFInDxDn zW(h@V>u_VNxP<_lW~-R zgEKcX<(MY@yrik%{X48h;@ZZJ7iVHcl}w(G@@o{;aaaZ*Wo$gJt9M(rJTwev*`~(G z%jaCeHCCo3s!`n`5V!OHnbaQ%ZP{k7jG#`(%xzjhz{FRr@Ve!RtVZhh)^FRcV+0*{5zP~FlC<_|mO+`=B`OhkaqOjS<#T@r&zVp;I=_QnrN zBQ<#8BdTA073DH(C*@^v29}%LYO53P4qdxBx8+wy-SS=eIc=cI@4xiza8E)Pr%DbL z{G%U$Y0Y*Lol2rol~Cf9Dn7a_fD>gh76s@OX=JkSz+i^a$ARH@VsI$CU`L}^6r z1{Qj>XEoMVPJ5-nsAfWP(!(WVh7cdr(4cIQZfNG{WQONv+5V(@llrq+2>QdTs@<83a=N9}iQ=v&|*f z;Jd&QWT3to``yv3!euC_03BXmQQ}dI@FJ0HA`+WCtTW&Bc<*$sOHSPk- z;3UI414~nki?~?|N6MN3x0k&)!a06h5|9I`YtZYGPi^YTTP@q80+&cb!8tSd< zI3heL)4fL6o|I7^9~cKB2!evQ)8NtQaRUUIrGC4w1Nge~04~SU89f2y_}07ktM37D zvvU`y*dWx{HJH@dc?9D|x0?bga#5}pwb!CA8h(V8W_WQQyi|%N|C$RP$Jp$7#@}C0 zx=|T?r$ptOH6=DOr+n_lfN1tp>MG$dmo|55@KBXS-?Y0i)DLH~qwGStICOwE9^h@} zHxSy{xoXH<=X}yLG^Bm4xiNNS0&(utd>~{>(lxOg8Od=(hZ$rVu#q)Pja8EXI)~Zq zhi!&AmBd-IaKiO5{zSTFGS!pbaK?$ak|Xzc8{h8%u1FTJp0t(W?icNA#Ii z--R_cgj0JXQoCkJT&d$UzCj5JiTfu0XWhoy7fA@P0B>}_X*c%or?{ifi>DQ^G8tOH zLh9%R%tgW=!A2K^xb@F=p{FWHbFi^o|Mgk@&aTsEMon{6T#^~s)|}FzsKr;8F9)p2 z;`2mB5UMw$`}na*>b?mt*Jqb`eQL`dYm;+Ph5Gnq=#$26hCraEXI>4c7aZ^?br~9Yfsh>zjT>iXH4N#!Uo~i^{k2I);E~AF7QXdmNmQ5&EM|Ki#}!N zE3TsA_}xc3pksf)#w5xC*iEOl{3pZa@WtWGkMc?Bif2f&oWNIB351uL8x!i)U2{Qh z6YgvNqS0l@uCQ81x)6DN2RxS4haH|JQ0y{)aJkSv>F7)ugm!my4D9?*M&On^NSAng zb(!TE&PNwT4coxDYMUvBbr8!c!;*`c3zB^&VxNXCw7HcS*DMXLN>B%r$ll5--{xGm z`@ZCm1NXD^F%j^9nJaD6+*rfZIZ>*8G zAc8;BAi%wTqg+}yja9uCkc285G}Z2?(P*L}T~ulI;^nJ$gvE(70Y&8x9kvG8uA$`C zw%+#8i6m0YXZSAyhNz<}P*U2;jsws4#XfQZ4AThv;|&NR2f?Mlk7Gaix4(NMG5$lo z>yO@dt)Thc8?f=ZGT~V-rrsVD*dzn5?PKO&p&*{j7$jTF_N3)cO}(u$qq2O7RC|AA&bW> zietR!e5o?uyKccDk!yqVg?MAz>yKJK_$P@y7sNLo)XCO-o~`*zxo?Ga-qKLDF;FbW zZ;F;lx@3?f$jOZL6CByo(zNsGE+-GM$7a4R--5$+pC8cIFI1{%%ZmsLo8dg< znBT_qm6J~^qh!9;JH#?LD5yA?us5WP!p5|lv#GkoT!1sv`dgFf>8_im?G5HP{U z=9}{S-(;5k@^gi-PT@M{h-HYTd#6KtLa{IqUkx%3Pk+G2fM~_YB-Pk>qkT>ux66u|3!8OIS zXKkQwV@I-1&PC<(*C^zR4&|mZhbgD{`J;P#<1WVzXTry-`uSWU?r=suP>O; z*0Sn$Mnt4VD4D?5#xEdny*dbV3#Dzkw`oxAh3*fzxwJQvv8G?I>J20qnb}cLxY$P4<7QVwkkd)F78-d ziGs4Tr&156&Jf9DKh^sIe_FqL$4{y*ujlW`G=3Z8;W1gRrwNi)n)>>tbt56hLxa}7 zzS4q%2q4m$84N^SFzL+s#CE(KC8)vXR6}Vguef-=yV3db5vG@fq#FL?A6W^e1)Sh! zadGv4LdErj6DNo>ZPU7k#R@&^!o$Of#Ay#c&Pd5hHFb4PgXD~+$6PR#Dudmv27ydm z8G&7lfFfyl1<)M+RJ*P9k311N7QgVZDbik$YuC4;|WUG>MC^I6PrI8KR@C?M9 z7H+YT!cv*L8%FgM&f^lusDPG#xTe|k?OTvUXHR-Xi*)8o>)>D^MMXuhms-%3D^s;A z2zQ?MN~V^U&p=dtgq{enhN}jYodUFxRaX8Jx2DYz*?iCP{xd`T#dc9q;%sguaY?!% z#%XJfQVmrPiZT^mTD7yYwR$9MZ;eD8sSOM)t}EeTX9wA4Ng1j!BO|H(OI(p!M0~%; zB9yP`b{+>5hIpPV4L7IM2QnEN9Fbb=@f@dAP0b_lsd%xO_1pOaQ}Z7LQ}poI+@76R`uI@2o-!vN%7Xb=`MScuzN`x*ojDZt_c4g- zPF&@$OCSmaq4aal#&U8^5vR3o7R{|w{HR{%z(hY4xn8Ht2ybm|fldF>zPho|>XWNe zM&UY+OWOL;%%`s4tT^CjvNvOHEo~2D(2>*A)A!7<5v{SD()`wV@Nd#QI!5b5P5+(28qOCu|%hJo}vsHmu@i31abbUR)fsGa*HNF53f-n@2% z>rifyom?t7yU(N>{7%AXtIEeBo57Kro|uqnX>FCl_$alS6&M?YGW9g;f+<bJLI_ z2?-};FI{5K&v)FR^nj_Pda&uUq6X^Qx#=(k(E9P$tXChr)M?F)?O~-x3&0Q@@7`I< z%F2$*Nx;p_Vn3Y4uw=l@91byfZAwS{7&LoY;|eO)p`3?6;3YnG&$1Eyt7aq>AM+JC zT?~Ss4u3^jh$K9l>&duQ9mEG{z+Zc;OkP%907b?57T4GFzq5XK^DEQebKTRO%+S!( zis;e=vB}z^($J+wS)yS^$Rt%Py-tN}XdNwGA)`yD7~f9PPNL z`cNo8f4PNJT31VFr&q@W$}q2KdE8P{Gs-}(X=dh8c<`*1kL|1%CV)Wmc`tRaqQ_N9 zF!dxdC}_;5IzE0f<@M`2k5zbb&zzOJ`x%jzR%r{DsyJA%xm2dtn2S2e zP~}r&PA)Ee=*r59uerc7%RfAxtz~$4L}J4rGs)W1Q`{lbZq=8t`q@vJfV7%gJ6-4U z$cwz;UVN`EXk>Cy7hc2*RjEy;r)45y>Q#<=n4C`>9vxK=wk)`-QrM68%O7yy3r6&` zv|g89dgWHr6<_Ks;NypyZ20lJm`Mn$HK_RlhH1^5IDLM=A&5*qr!HC4G}Gj#7Zuw| zZn_s06JuEuZJ6gp^+USCVt6wu`!BLIj5jo-yL?-Um>JxMR#9>HFx)wypqlEXwQ6%c zef=iDLZf11wXz;^B4CLfI5E!Hsrh*^og72HWP>R(`69@D?LjYi)#dcL|Ll;D>A?As zmV;ZJ6*;|LzcvaGIFSuX7ya5uA*?vCt#??Xle4J&PcWgy<>lt(WlK$ww{bnKV2wI^ zdbHG$vZ_T!-QQ+HLqjiKT$K7$q>{HG8YRHP^W3$8aUO6Yq;hS2kjI~CX6Ryy{}z3I z{>Ba~r;RO^qZwM7PR`D)v$Mv0fQwp)q_z26m`0gJulVM9@#Pq9oAH&Iqcn>5k8%Bb zre8WK^7drHqMMs3!{Z~-7!2m3`uX&3DG=LMTu~vwn}#ORM*344W->OyuAX`7QGd;a z62ug&xtetx8?=6xkB_fuYfFD|c}c0OL7Fr6?LG4tkZa|)xpoa?C!71jcQ{*gSHb(0 zqeqW61HlQxkdAOYwf1rnep;eIoF*uljQ7}hRGWAF9o4}RU@p)H8ock2OYIa;i8qc< zw1Dqj=qlNFBca7-CH)8+TkEt|B$3=}Wh9<>QFZ48AQl&wo3*R?26WDXZj z)cEkw?BrALnVUxdZY#!dh$~4Fv3&K1boEnGpjD8BWkXQ!&{AWtJAM3DmfGs&pVF$n zH3rhz_vxfs*~j?sVq$~Kv1MV@T&PK&Q6cS;nt}oc;4;N!8^R6STWKk;UPVP@r#x_W zerFFh{bYZuR`a`jHuBRM7`9@fIdYD;REd3kV57CQ6>tO39A_8BPBLva{vd`TS;G zG!XKwnXYH!dT>@A9#eg|ZMAh+T2}@_DiN?m>pib_aoHQ){{A~a*jPCR2L90ai?(NR7*;h3cR0@*=1`TaGs*# zZ+^a+O0{h*rqi}8>Jaohp9%^{xWV(FM8*ydAcrH#t;56fWlX|JQIIV59amGE=2u`G z*;T;E6z}Tpeyz?RPu^+84Gk$xZLc7saJWRV!~ki(kl(!gax&-aoM1BV^YrxkVGM?M z!|lzAk1xr}&Q98+I;#PTqOvhQ7o~-&w5?Dk5`p87n^JHD?Aq~hOFn-7=H+fn0M^PZ zd~7y9#XWEeTKqKH^iulP(uR_vqP3l!(iYn>D*z2jMhIG7Kz3JDR8Ci! z#|)HjidCi_h36T)dVZp%wPIXys@(ki0IbWut*ZPSJVXVPx`&!q`{%EG($i~{ARrWeQIyfxN|s}mtQ7Ppt+lxpu_x#{|1X9NcD994gs7+BG_rujSQ z$2!nM6y%#*KYDagF4gH}jBasxIe%c_b}m5;v35}|nM2Gg|CU%2Xk!C--nDA;7%0Mz zA5c$LU0pzM~%B*z7Hq&V4dIkp9q>^I+ z;sqO`xS@ePXL|aS6vtbypr9pdrQQ|sGDgYt~D);2JA4`u`wr*d9Edu90|Uq zQX2?H70g5K>F#d&{{05Lb+2#Y?%4@gee5m^i00(F(vp@r-m-3I0ECIhkH)_pM=+R3 z5>&kffFqzrPW4VrMK8|5X&n(tMM8|p6_-crGBPNd_u6*Xgc?9zm~@P8a%yHK05~2_ zPA=EWjUzWVqwm475&aj{PvpjyjyTl?Y?e4*`8hRp^`}Gmz55oC5s$71sGWAjjr8ZF zI6j6WEu`V9u|uwi=Kw{$G|-=#&c#)99Ao2}iZqcfGWU~FQ#%P3tGGD6&ef5?TU^o5 z>jB#V*xFtc9m zN15{1tb<8HQZh24Mp9ExL7@aHqDtm5fLZQ9{V_wMi%SzadD2r;0np3XU$Nv zcwSuGd(YCc{&SI@$ca+<{vBo-v#m-%_0G&_29cJet!%t6_*D45H7u~aXAAflC+Dnn z0M)_b*y#c}Bux~#Ai|}#qvC0TRbLI!@_>0EV-rV5*2-H}yioNmLyRKkG;+lQwIg;4 z5<5hTYbrP$9SJ*7Ku^Ro;0oYbNBq3ps)2?PaicJGz@hv*?&%ID0-SRE@hWzn$?&X% zoTf7<&{QIFh?b9}yXr&XoL))|KIT$dlqx<^oX3oZ#_dy5npwBVb$Y%J{euI+(g28h z@zSMddXL`T`mU9A>mt22FahvvJ}9)6=zi&Zq7GOhF^;FMGb;gr%^Bu#0E}UDJ`o6} z+yav89dOTzCwmE+}S?(4xB7edzDX!-ZB_n_d;0UdHr=q8j&gEeF6^c7aM-OR!X9>($t z63Qg@F#F$x?~!r)hBQ2zfM4nIVPG=pfxpud;|!4`5-Ju+vST(Bp%;BQ_qdroWe}LN zne?7e0nJxHgA)`KOzt@9CtTJ?VD$i&KGZe_4tRA0sL4P3^!n~|HqdYy4&Kb9qUhmb z$p$t3~bhR;|)z1qQZBdh0Jz5^J$^ z?@t9qm49Hixf#CD`NPb=YA=(qLX$`&CTA7ZrF(nHBMKCy%EwU)DoMKw_3G&Ps_sWM zwJP3QG%`=dA?BX$c?$yvo43JxE_dMMQ^oh=FhxUz2QDXp$V8OmFoZs20Xtdc`x+!wf$Ix>Y81Bm`5^O*(WzgN zLzhRZD%gJLk=gh+JQm{G$OgN0k)--N%Dsr{mr25jZkCbq2M0obeci3r)H2PtTHuZ3 zBn)tyqRZFwE$vay zUPDeFeZtJvXR4>9RrcH0)-MjV?HYCz2y@2GQ~zLUm!oO(OWts8?>7m%4-lx)>yckrSpzolTCfW*=M)6%_lS!A zF7@R1qwqKlyS@mSc>f2pI$3J_jWa^BpHZ$JYz!<_-yfCG(Yx;%^KUCBHte5{PF|6A zlJ{(LOfFz`LxC3-?FqVWH?<(jYIp6|fFN#23(<|9M{=R5I=NDiDpuk6?7o}EbKbA$ zNDQbGr^e|2HLwW;zIAgYX=p+^eG>~)W`Wr6n7m+v;&Jh}1~!pxSwc@}A&aZ~3;XLsF2(V{rOD zoKxEK-6)eP-4}#mCH4~E{$-}}wsWP6GeUTZ_zzKQnLfY6j zGu77I9DI}-{Cl8}8$^QBO6SoBm};F=CQ);&LonWJ>1XjfJ;mHi`YRG!v{^acm4n@X0~o9n>~G)up|R((V#4j;(8C#Mm@}pU z=>1YsSobp!!K>sRe)obeb$2Qm>SL@Q(0fCuy4?S)%SQx;)+auv)=gfqO^rcU>8qY$ zg)E<%gq=$adZUQ=Y&j=XL1C%6`7YD)Fl6e}i4fo_+_?l^Q8$THJtkuxGgT@HZ{;LO z!kMbaxl~_agScn_OQC7OU5 z@Xb|h$32L^p-C92aqd%t_aiJ$M2h1NultZ&a0TU+y1QpC3tiitfA*F92lcrh>bt&S z4lsjLH;WV@Rd!F9W85a`>DZ+JjD&9inB7#bM`A^!<*>^fD5e6&ntiXDueknXF$#M7 z{57NVp#tn*a8I8KJ`EQV5fQYt6_+<3Uf%;8mMVtSy9Ly~(RS1#mqc)1&9se;E(EZ@H$a}Vyw$mnSKVqsFC$-$OT zR6Y<9)*R7la6s++#Q6gOP>s)rxSuA-ObCD{N{=mq&DEiEsOJ3Mh>CpdsX0mT zC||9dKZ(oEO7FV<+)Oj|AZ^St6gjEp zhE1jPqon-%<`yW(`rm44_);HdsA^(*YMDd5!og#s;^X>&}9eeMWzGx+)j z&v+$P{~f_)_ssT9h}gFK)^@EgG0f^bgtqseQUFJ8+imhk@b~7PBG*F%R%T4=m)xmmm=@mX& z+9ul=a%XG04331a;aR=j59C`ool78|*-af%`ZPo!DxIXUWJjkmv%d}4F|}T=K#sHD z&hMeDOe#X6t)KnK*tI%S^M(%kVah2e;IhAZI!+O=#CP!hkele5Z_W^&%HA8YV3on; zwW2&(GXb3toP_0h(D#N!v`9g6_d_yK7)P# zZ4b-ODMg564Mfwt;ExF}X=nXo9J{#4Efb^Zhj2h{-{J`nA zMb{u)TR~w70{eHR>5*@5?7mhWrVF`7g zg?wq1_lRr98Mb=^zQWwFV23GD;SjeP+|$-BH0st7w+8vk;?7U!IRF_Z7(`dKiL6!9 zvB!PQ(6H{W+g%JBb{Y#Qel;@?H+u-8Px`S+o0YiPj-eM$0=pAC;jLaTbSeW7md@jIm=qGGY$(?eN(1x|9Z1q za*p^7E*cA47#QHnmJ7=dY5l9eW-Xl=b+Z(|pozNO~wW+o;l)vZhqZ0NLC)!LJj>mUgGZJSP6=e?(XAcZyx4CxI zcXZXQX~t*{2i*Aj?QK2fru7u}^kn|$DQPN!2)E<6RqN>P5LJ%7$dIik%pd=}ArD{L z8uo3XMb7&pkW{CPv^B37xt|S5Fx=eH ze$-FfILGpcdQ8MXV)pTgiX%2@trYybRp=Y+J_ZEC&d^|;GdRDq@Q^PU1yw#GZU}Qy z;*lJCzkFNg8fitaqS6Hs?jZWaW z281Hy2Ye(e!UV3s%EWo}A%g8x>{+pogH)%8hD}YHYpMy)$Wt8=P)4sLWVxg~F`__` zpXd7Z7hh1tZyw_9*Vc=STE$K*FSqn}1YaCa<QfU&WfVxa3pP8a`04G+d z&BuYkNu(k#k*qD(?Nrfx+yTTAv3Edg#rLM9N8U5n`^GeG$32S5&u=59Lp$=NO^Yfw z$|(03v#?5N<5*Brf+%}+5MhYqlVB$G8VPmPz>E1C5Kt#5-*6p0J))H%-^;6Y0{l|= zI=&*9E%(GUCDc^Jn=Y=*2wOQ{pzMW&SpGxywzksN0f(kRTUUas>)FydLQHK+Ib-pf z=PFiT9ZDQfvI}D=cqFF{QM;5n=JDpI%X@#3sgcs`h&TP9_};ZB1I;>rey&51LZO6b zew1t5KWbb&&W|wBnYDz|KU@>r@26l3PX^C=o@x4NL>MBpvPm|+-K1{shfF-&O^t}t8CksF!HCGd8Cc%>rVJBB_i1VA-nw5P zQi>KA)kbfvTdP26(Bv1g0{mx7QKITt+tY&njAj#dENDn4s~Yf=k2d7MZf3^b-1vwR zAOGk&BA72BK|4I8(mM}e`3ica*@%C`;2C*5^OOsy9+@l z!yBHHC$~${!edVtZ>>u(e46>B;TKq$0}h5CZb^uQ?U|nL3OlQ7kT8uItD+8Hzb@23 z`&fN?a`p7ogiQ6_Z{Huwy{D2zMT9KtZafEk;P-Y3VYPZxw*F};;?bawMOIu{!O9Hz zqLrQK+kmj`A^6>gWUIJ<{_CwT+=9H%QXIHmN~<{^V+kSNDe1abn=QS0ffrnYBO#SgiK7LN7V)%iIoMn}$UwK@Ufd^xC9um1OfW4eh>sUG zkBzu@ukN1Ft%7THfoYwefaAoExoouxjo(M)CD_4=g3eGJ%AJb3xuCR-8t=)*Wqre$ z)kXicpddkf67b8>WxeDsq>rt=xt))`tRSFUz)74Y6{zfUay`5MNDo}Nr*vdyu7AyL zqJys)dU%m#zt0K*x7Z$ox*V)16s-V11^94L*2}?`$!%V``Ic=07d(%MqCuX{DI3(Pk&RCmYJfrmwa7Aqiw}!dg;_cMWu8D^xZr5#-nFwTgKaF zESj25E+VZjdPIBd<_b9(J&In!Vw`4NXMYa3_S}+wlaiu`$dn4~*#kMf8x6dA8hrkY zeM6*R$koYD_ud$4e`|O7RAdnxWa6%V#JO(&mz(D}h2CoXq0;Mye)8^JM7#F3jnIq1 zje&*xpVib6<%%m|S3SS;xywqRp0}VcYicg~%2rs(T6xI%t12SsvYNt@^q$I1*SU$) zfYjp@>yfef&snB_{v4{^KjYE1#NEwx(o1f9RlsYLae+e@@QvPY&Rzx}Ru8l5GGMz* zsq#KG+CD96S1=vf95Gbs*Ry5$8il1%(2%hwE;Wabuw|-s&j~e9->)l2haJ}7kFoX> zPQ`zRe)wtE1;#^cI%fK`Z*GKjyN2#^VA$l3m)Fvj`Dm{4eTxqm^@_7g0av-tC{)rjeu z`pcLX6{`adC5tzepy>HqGqkAzhqZxz#X=dNjS2|t2KVH7e}>AcC8!GU-!z>{j;Vp8WcY{!L+-DBxVUP8 zj;P})`seMOM@b~1ahhNKQkV2Etk6U?Z5nrJ>aDg;e_b=)U}}G4JAWVowVlRTnf?gE zO5Zd4`e*z_K)3`4aowOG*;O@3Po&!BYV}ya2naZ#_$y)dN|_>Vs07++}~Z{IRr_sOWQ3ZmdsBj8MtsUg(O7B7S? zSzBW`=>B8Xm;a-^YmZ7Y+v4BkG)>JoWqGe!ra3Fo=H4`{?SeIztL!JDg)d5$lb180~SZun1^yYn3Hq~J$RG6oIhbz=7 z2ddY|YvSYGyMM8_XPqw<@Lnda8Yk=tkHfI+JP>AFTzEXS%v_~N0vX8R0{!DB z45^`r5oz!q>MiM953sjN;0PIIQFo*Hm2G3Rn}utHA9W@`^fqp}-_d45I?~z6uxk2N zFyjKqp5M5inj+hO*yVV9N2G^)an=-f!H2pxqy`IuGZwo%F=e#REVo^$=s1won?1;I z6~3k2&-kfduYXikownw3YR{d=dk&uy`%%XOL|Re1A}6HL;K)CdYgKZ4u~jsJ zD=c1b9#ULZLD!|`Z~ejlx}hp(U}t%GxQ|{sknb7i>>Wn6R8RaPKZ@ypy_jQ!iM1aQk1e;6FLG#!T& ziN_N>ecem5W(s{X3K+>-#`>azMa#}LXvD7Ho+7j3k2Di%GxIusgM-&CmSO5zo0_aP z7Zl?4%2onCGYUP_F;-S09oW5OB}n-m&K|7h4ZU{O)rYW&UbuW3(Z}XVeE%y#^yIUS z4Om+=j*Px0mF~WU{k!k3OGle6BB>V&#;k5sckbovxHIGB)y1JqCyQJK7}eTq z*UqP0b^dEnMMuw`_tP(U(p`$EpMVwLLIii4fEHkMtxijNV=PY4&xA#ca#NA6QzDi9 z6u@)!X%Wcz&&8=1{DZ&V;8BvLD{Q0tgi9p1cw9=@t79?V$5#ur&QVDt$-mPr)#?ll zQLn4b-}s>UIpfizV_rmqJU3r%Z9`b%q6F7IBK8#PARKiH2vQxaI_OB9N>hgc*&W>A zAK zkryKhhp}1~VOsALKcS?){6DgA~;gphG2M)PR?Fj1TkTyXxO7 zCGoO5z?XwzRjwj5G3{&$bhTC8tzc^ey>E3v_C?Z3ry#bCW|(y)n7~Xu;`N5zv-C<8 zLyBy3Q_*RHN$wh8%}d3Fh2SuxfA|Wzd+)4Hj?;ZlE*NQhG+fqLIPu|qSrg+pbQt-d zIr!ai)lz6P(!!I^lb@bN%_kOqyj=f}8%Xw8i`n$r0(yz1s~~9fi&>?3*W6~c&BT{b z!X;rUfTvCM#IhWJ|8I=AXt&fG%Dio21v{Teofg9G>EALl(z#sp4_R^h+y$*RQ_*In~4bdnEQ#gUtD(X zU#pn5Purek7I3YOZ+A@4x@6gp?mr4p3pabJjsAwQ{hWuGK0wO?=lSF^PY%tV4qzZ_ z#XQaRn(}$-DritdpZm?1PXDRX`84I9axHOnu!^q{kWImV2-2bq#;zhRoNx))(X-8E z2q~fnnT96#*TH$o(#+HdfsbUokDRAMl+lb|8|$TT_^q7zU7`Jp2(hvy?t|;c%i&iu zCX*bxD+aw25>BgXLTHKxfd3gq8HAN^NJrwn*!{^}rB94t;%w7cAdyego6wC5GymJ^ zu^d6#5(`!m_i@0~w7K9dbay@T_M)9+Tl{{wbiBdqC>I{_^qZ7$>i5TzgJxl40H@Zj zK%}xWGu*E62AG_Yak2LRN0L5C|?lhJv+&`|6XsUc^2tZ&uz(cbgmb zy{JX}xbRBiQ|qd}1JdqBe(1XlP0HLT^*c3^8y;%V-0qm`k>M%>O<+9q>DBtAQ^2nH c1Ip9@ZM?Z9tIO`W$heybI|8>iZasYZ-|7dl)&Kwi literal 0 HcmV?d00001 diff --git a/_source/_assets/img/blog/jakartaee-auth0/oidc-application-auth0.png b/_source/_assets/img/blog/jakartaee-auth0/oidc-application-auth0.png new file mode 100644 index 0000000000000000000000000000000000000000..a5121edcac250df5f759f38a12b5e28e4248d80e GIT binary patch literal 77346 zcmeFZcT|(v_b-g&SVl(}#{otWuuzn$ROzFRVn9GZnlzOrT}pruNbJmrf`%qFB28-O z9ilSQA@tBf=m7#mT0%&>=VAQ)?t1V0@B7|$?^<7$EMoGM^X#+F-uv_U?32H58S5W8 zbm9;nAKww!jX%x!`1W=1@$F?F+z;MK)S734KR*Usf!#g`e!>nq{{{YkJn))zpt-MW zVDLSE7d|&1UvC%r04IMJ7oUI!zJav8cwKOiJao`if0uiK?!G>!Zo7NC@EL&@7u8M~ z-19l5bU{h^)CFZt<%^mZRZiV9I(60jw)CwZg8BGP@xlJQd^;p%nG_uBU{P~mlI*N> zTKROtTjL*2KNI>vrceGO*7 z+RezW{VM*KA&33ccP=kCH`jgnjCJ{W^K91*`Km%KT2Fd7m%c6DU*tWupU|66Xok0t zN5ZS@0tRtb4_*(1I<*mo{k60nQxE!u`Ft^xx9=8uVO-|$<(_>++g_p(>-*$3JFzu1j zW#84k#MMt!_WzUQX_S<}Wza@@*!@FtG_lZ!d2R%sS4w-pnUD7W8js8F*5OUR64S{p z={R@8LfO@MybDh#P-*1kCwZGXtcf@ zpg5lzJkeF|-rrwnOAO;swK6+2Q-#xQ?5Zy3KdmxDzXl)W!m1ylUp=-G>TB%(}L6vkPr=#@ceS`-27Aq^rnDZP9E= zLGgM=2Dg*w0K*gvmbndSun)Lzy!Mqc3RBpfrhFw}AXf&D6EuNfG}QCB5ipFSeUJq- z{LQiVv_pyL);H?@Uwu)@lr(higgsUMPI>DDay9Lk$@V?XpygY%lZpZ;Rq3>_P!iMD zw?4LHMz^g*PxHJu>QdO_5~F0bE`ca*IXCv^>~DgCS@rd2+<0tZ<_uO0Hb@bBHBu9h zV;446GqRZMXgjTW{nhVrktl>s+V+^_J_IVn!7<24$K zvC2xm6ZLaxtVWi2H|l^`yjxoMy|*j&u3brSTKh?s zaI3BrIrYu9)of!r0$T6s=X|(7BGzcb?e6(mYbEy8_Sc%jKhD9-bORr}5UciWCc|?g zkWh;H)Yw_5FpZyZ?}Bj0(@Iceq4ArQq~`(bLG7&NYMK)l?MK0(zQ3G9Ep(YC#o zsN~{-ac+K<$eesCP)1CvQ&b^p(Haw4#CS*&Q(rthg)zZ8r4t%RD5_hIHBuWnr|j0* z30#%h{4;{n_3C#G8513jSCXn{yl5p^jm&P2S{!vreRWbp6PO3?L=M>?Ggm*ea$q`z zMlblo)ene;g}4%gZwZ{dbgGU=C>rsuvhS-2Xn7^BcY1D45QcesR^R2HR?{t%k&w&8 zKYt%bd}baGSQ$*z^0$YB(&H z0zzb)qC$1%YW+1E8=q?Kl2_Hr&|%UBGD0*?*fC54w!W!Mpv)XS+n?_i{k5CdS*AFP zBUb^OF61+zjNw4GxjR0P+wVWRsMm1}jZ}iI z=jiDrJrx*NwDsl0?GJBwNp#Sfqcxf%!8x^@?SINiTVuy-dAi_f$9$4~q_LP@E4z4i zf_7?qTa3BAY47`*-DujJex$=Aue$mYzGfN|8y6=9%gf92UqA2WY>8l+5iBh1Q?Y45 zX2!Z})yvgQl^V2hW#L2ZF{9jRY3_E!;d-@@Z=QxJ=$Y3niZCU$;nQAKLj!~L$PH9w zPmVSPiyZplG6EC0GAgO3MJ?awAfm>edA_<)h36^L8W|%`)d*UQPG}jq_h-Y4xLr6X z;MEd~>ZY#D|FMxyklaF*`_}D ztryF9@Z?#dU6kIfb~mPX=$I=0IzIF!YDFwqe8SQKR61cTDgb1 zVcYtLUn3^d^#(D&aT_ zUKN9xla9cYPpo;`(2{tDrsnv6pef+n4YI3~Pw5@%jg3wuraih^(S*CP80U}6HP4xw zw_UZKtQaXvIC+5qLhc!|C#lwgvE(Vy{ z@_uw0UWeOKp6pB9==)uLH3nML^{iDEbF%5)apfSd>#tA5nCKqI-`ofvm2rh74V1Ci z=GP3XgW3mj;Zze0TALX-u|t?{qG<%oD?HTo>zkDvs=lGBYQvZwZKQd^sg27U(CztN zU$Ji7zW}NZ6k-jbF&`l<1(PyPiB%?O>JfRX>V~R>NX5n!5fs`p4K-hL+rpyom6=si zu6Z`NDmx=unVs>Rm894m%ltym8p?#-@vUkqbrgWEtRi!ddE!3NKB&Eswfq*UFfg+v zExh;xVr(b+2r_!VJ&%HCt4gPah05p&V}u0-T~fPK`*KWZUZri(ho$l|wh*NwjHD>{ALwdg@qu zJcRUa!t+_5?@FfB9iU-(B<}<-;41DD^$61N`ufXjM*Sa0E8WXJG5uOZQ)f^ix6fMa zf{Oy5XLFu!KseH}vJ3L#-&sAHTU6BDnW((cG-K>A4HwX5Q}&G(jfZelNA9t_mqcwZ zA_b3hj8(!|^cAH=e0U2PL20;NbPyV)b*hT{@(Emw4P` zROr&*i&dA&`=e>Y>EWcc<(DIoC#}rQW2i-V_Zkn|L^?SbS3C35F{$}>vR&QqnlNXb zIO6=ts;rByMOkn%X-&}xunhVey5c7p1K3wHxwN{5<*>ET#A@0@Z*8R z1{kI{qa~Ah$5Vc5@8#V9ry7wq=lPM#Va-WPi(?H@@UOqNpg5jdncib+ySZ)_#DzFK zdk#0^k*}D8*r-_le4uH)4@@fkC< zfcTEN+USF(&BX?vY@_5fbOYM}xbf{^BkEA0|MX9K9`zq~2Xb9n&he>ez~&T`a9qC0 z;^c$uz#LN_}OZ;R)Qc{vcMMJk9nHIKELF^v1;%Kr&A1=s<#50yhbQol$KED=w z_|dS?2q&Ph5vkWbZQC5+-rK_wmfXomuucqfJb2i zS4xeY5-K`%*$+dmN1aG@@6X9G2X$|6hHY)2jr7;AUtimw*d6ARS10Vp+&>_zcGP&83p)Nx8PEheqoKOHl-v5EWe;R94~gT!xP@k0P) zYHR!7goSgmr4m*1wUynv+pA5QbIe=#7YA~k3=ICMc->}&7E}i{$*bQlYMN&o8^T~P z&Abim%?i1ve(JC?Jtl2z?BZf^r^?4& zf7kd0Q+KL75{C+Hvr9{5z^6XT{)aHdVS=i__>c)f9C>ZO3n#zrdoWgM^z!9PCGb(R zLe}o}1O)}p%g7i+mXbDMC_g7_XliOIBO`O7F7}CpoZ~eMOH0YWrOD6~{_%KQ zCk5uvhqIle%IN5hi$2G)xpT8@nWuZ^PBqas}<;Q zH{7UR@wtDW;clGL?BMKZzU6WXI`mv_E{r~m{My}-boF1Zt-#Eu@!sc+RUJ&JP=^{3 zNec^NQzBv>+e+ym<&oY6HUE-ypJZl8>A(fuC=|Qmu&E#f!k;_RmI>pf@m%A+akjJUN!q%Mtwk!PNG(@&zl>@AJ}fZi#_Q0~Zn5Z`iVl(1w6- zk6Ef<>8z~qe(o|i(Mym>)Ug#nK>o*!i<8u%^$lAT=Yb)2?)R#MLBCE3yM9+Z{@vOq zoc?J6)-JUlYYgv8pLtmrF&I&t;zA$w#8G0_j$tIUR*UW1+YN-ZP|dH7BX$xg%77rb znWQaQXj^4aRb;>Z8b^B*FK=7aGs*=Z2r?$dnFL2>@m`1&#MZiYzIzLphV!t#x?r5w zFpjRvV-mCw^CJ{cgbn|uF5iuyq|~%($jHiWe2G+~Gzmnwe0lb_jb~v6l%2frq@l%$ zhOsj^07NpNvKEH%o6*fha@umzU=j2cYB#=OL*2~IuHJ0O5j#@mMj4?vbQa%hQbx27 zlzR*+i7?0)9GUG2@!L9PSXhh{Wzj9IW1-hcDZgG@R5P$uDA_lD5AcQMTFV#hd3hj1 zcO2K;B;8EYmL$~$8J&_0X@vFu@(BP{PXdgJg7 zgM80{j~6xQ`qGlHDBY!RDgJ%Y0qwbN^SyXoQ}t|jKh8a7Jz~TEYaG7IKA4;U0FC@6 z3IxAOvJW){HQF}f9P?Tzlqb#$kr8%aQ=dEVMhJ@5lVJa~lceH~IU9XRB`3{43?!GvVby_wfm!YW?z@hn z>d?mm-t$CK8cr691ghbY##4`;}0v;mn)njzo+fgc=i}= z?Qf9HC;~O($zb+*Ko>K?vSJ6FI2I@9Q%&Gkv7}jEs!Z5cKEE$WNz_ukR!q zrUbYbENq!1X=|{Sc@1_OV^pDo?G&=N4hS=Lh`|btZ|`YDk!%8OOP!nQ%OgxMJI+SS z|FR9rQV2qCA2aDtRHzSZJM6%(s;a8NqTpNI^*AFxTxPN>>euFNnX8PbPH?1J$V6O4 zGZq_gdG%zVNnU=w@aPH`%d3y!@Ly5^)x|DlhE4M`w!fvz8(vyk8sBEw26Q8Y73mHT ziw4Lz|0NTG!>Mz=eY0h}irZFJ6bQlj@@TpUz_5zcLz>Kkk99OVKX7j@_s{j!9zi|D zdV8a9jY9?5!v{N;gI(86bpZ;!$;64EJwp=oSNKMd2t+qqQ>Uolf(-KcA~+T4)^ z>1I|Ss$eO^GG|KXg!Y!L*6JvGZR;b}z9s~W2oeEnclbl2(=BN^F3Gj z?=0g9rL|Mdw*Hj&$fa%p&ctPn**AOpa~QRWm;B6L)N@^ZYPP!B)Hy4E_D?yk^pp|c zST2PCIXZOP`U-TpCi|o)6SiS$;>9-Y9UU99df0A7#hNoQIXBzDVqFJNw)-%^_MoVm zdxcHIhz1X6$Rwrk;1@1tW$*3Sj!;{otV^MqxSZA z@1nntVaQym<6C6TLr{F|Y&mjI*ys$~bQ=V86h2*Vlb(r@81t@!b2oc*MrO2lG4vJB zy~{!_F3i!WvAH5GAA?9Cd5i>lr#~b2qqYC=HX^|u1uv@OW=ph%Qn$KEPknOh2*MUb zeevj4sbsHMG7LsY=bQ18|y>RbKVjSwR$Z?mj zc^k^m^HzOPg!L+(5w%>~VGI$qvGHmIAzQCBY$~V!=h_(t5G8_0_(pbK=ev?HeB3SU zMW>dzQrRLH2EYYMf^cfWVbofgS5GiU#d}nRTF|dSo`6%v;S{5hV64u1bF#0zACcW| zHq@(ZY_kdqR75q)30&4nYBCz_P4bo3-dH{iiskmFj3c{@HXuwv z3h~?7bWj(ze`wsuAnnBrtmdI-dt0atM7#q^vWmPGAyFZZ^r@dpN(r0xv#GKoKrrT7 zq|k_8gm(breeyrZ^a0RKGN87qGGg!{{~; zyTHW5TB1Z7ztz5sj11U{!y6>46$)#u<~wry9l};=8mvz9fVsH@XOe>sRg?&jc^D0O zU?^4K_Z z>E#7?(u(SGSGNn4jk_R{vS9`!zcez3?Ar(UT8TDDQ;@~++bnB>MfW~kmyB{jJn{b} zzRYZkMpkr7Lm5DI$*`XeGK@ZnHwo5J|3{VRfF;{)pUprSgP3n1Qu)fd*LRP-uSn7R`p&Us2xT=V3C z>hWD;IMEPO|82S>w;=D%B@&b@HYMYC}?vyAIs~xZtk?e1hFcMK0w*Tkhz_&A@TT6*R43dPsKyR*Hp_wGB zHLO;h9j)|^;m}E*C2&=F1&33Q(A!gZxgc#|h(DZq%2KYY`_F!?MUBDCOiO0fgkb)p zE%mw54xBLt)LmzTc~e9CSC;K<;DvZ@Xk<9rz3bh@vjV!CHpQcF=wh;FSBH4G1U=6q zWh<4A-aYjq^s!SkJntR=6p0Y)^0bjkY+$T+;3RTMuj{{3Mu`JC;dMcafK`RKRP~8% z#uXZGBiGG;P?f0qu}IlOPZHvP;1u)hn_b1c)x3#fNAk7RFKJ|BGCLG1bRtE|J`gYA znN8nzI`K1Me&Vsvf&#pl5~xW-$7nyJ<|=9mX-<`pMhUvfCT0C{VXVtWWe z0|kek&4u0D6%04Jkq8Qjp>+SBkFSnvDTt$0pd4V6hnTmpoDU|FVhvGSHs_dQo(d)j za7}d&`>l$`2Y+33YMv+ia-?aEEYyo5ymL-1Q5}E1%}@$jt_IbXTz`t86JkiuYxrC3 zOtMd-PVhK_@hk55PIn!=B}Uo^wu7QiL^SCdU{pLUG3Fw}W3{EFN-$8q4FC>#aBI#O z1B=O4sSbzqRpCqGs-b}-KgKHQgi1?J;dLRmYdAj?c6Gn+UrceKx^mr}?Xnl%kz;MT zc#y5K0I!m$2_OA|2*}z`6z^d@=0;OR3#}n0Ho+73Mfj?9w}C1^0zk?^uA(QSBagHi z7$&Q4e@+9$!JSj*OfZKPcPv&<1a6!`>YZ zF29LXMxS!Dv4~4lc9Y6oA#i%aRt!#j$j+AP&o(istMsNic#in5?5}Ee@4f$-M+M8L zaJAZ#sBk1Hqr4n3TH#&SDsaNG`GiOl+cEh?*dG^o!=U_j0Z@sSD|Fe zpjE^ysGA(~nD_>2H)3w^bmE13_qki^vNa3Sj+AjMws!$84}-(usG#nB5IK9eexlMl zd2_YFCp3_nq#GXU)^DV4+!62ThTqF?pU!Z6OU0st*PBHcCTqX$_@XBOYUGUAZ8SLC z8PyI?NG~)p6&jas=%{K;v~S$%%1V=lB?+PF*cPBPsBPDd1PF1azO-9AIXwV1E$<1Y!pFm6B@V zU283(F}}3g01z)5dWK(Awr>xlN1TjxObHHhK)`SCYj1zMZD~0Vl$q8?U21Jwq{MRnt*6*qwoAoc-F^WrxRhM zR?`Y6L&IdZLZC`a!NHm`@1TBezdTgW{G$N!d^^z@z|u1!DC#X=K`ATz>j$4efL7j0g@drR9b1 z5)R@CHgLCg!i1vm9Bg`rV7xR`>$JT&?d#l^*#^xzQ2LAQHsqtz8bUL7DMbsoz>Xaz zTK|>Z^g9dp*Bu_*1An8or;7L6D?{|1kjjSMfFPI?A(!X|&oNv*%h*gepI%Wa)K)pB z?qgq2!xqz){rcC@jHRe5GAdb8H*8}iou(49N~qeowA}Nwj4*+efI%8~MwHII$7$`3 zx9yLZT3Ez^*dYZQvdP)F|8!k~NkGSQxsk|o3ojjbmX1s_(pnjzVffP_5l!;p4juCP z15-;&MtTR3VmE-6tGJfLqB*X&kn;OZBn%4eRmUOUuK-Ya|E-?yhR9|FA*dJa(ujj% zoSZSip+eq@K3qp9bk{9db+-dtowWeCQj(t$eCvJ-O8dTZT6j>~<=JV_z@RY_GQ-_f zvge+~7#qTM7@QB(oqC|ymwQ^V9yaeRC6ghTOlS~Lc`yOk%Gw#gV#@iCgK-Cqd8fj; zBGqKxr>4VOmwEL-K3XpC2;Qxtbr`zEw~Fz!3FN@mW&Es_)zHeH4zX1eJ0_JQC`t-~ zjzFw3=LD#Fz62WEgtSI0;&JY`7z6yr&?%lR4zsYGDLp4E+r?Y996MPA+Apdm)E<<~ zxPg|3F<;(Q5);K*tudoQ(v-E(7k|r_y5U1cyCtxR9xLp6)JY3kH5lpavtuTFy#B8ZKNVBXE}ke5$AR!&^+) z4P1>FK|B{w#`F3u+*2^`ZFFB-4rQe(Vo0kJgm1SLxX%Qd*QC8elwJpL!hUj3I?Njx zZ67>x9tM@|8#Bj@J3v(>Y%^nGtfiHqAKeD&sN!Kg#X+YGop>C25!IeM4Je@jY+7o2 zsMrGy;D{&vhkFxski7y7_CQ``v&&Y7IQP9zFw=s__Idl52`Khb-eodj_PjYpqHeV` zV8^?MaX9}Nu*UoJO)%l-K(Pueln4nyP;4ddxx?&}EjOB?2+oGB!qQ>$!Cv)Jpp6FmF(6KYKyiUGbTC%iL&tZ&d@j})Y zCEC`c)8elRXq*EBFxL!T0?yhp2ik)=x~j(CPKk$)PqKVDgSY`vM|6|?@r(Cwt1VYu zewp;!-1bbAO)gb$^UYJpV%-p*2M$l6EhGNm*L;W%TQuC;AI#ZO0*z$#I-9BE2#O9! z)}!C>AbX(v+oP$ewCTw1t~W$-XSE-87Hgst{@yV#F)(GuNz%(#O;YfZC zxA!==w*}HvPyvHH`E{UXGCD-7Cfp6(sKL6XwVOUIroopx><_zqRKS zXDo-`W;!K*6a=-4`r>avwwzy=^+ZR`C`N0?S4|5<>nK5(52%-zXifUF zeLGjwE$uh7Xer77@!)R~i|mC$aR7(1XmwU%p_4`Bw4QHw*Orw{y7u9>Z2&TGWZVH| z!bHeM;lAd=S6c}Hf*PqiB$FM&Z6Ikiv;{)F5Kt9EZl-(He4UR>#evLXQXVD^>2WDm+jQTeYXeMYf^8kNn}V zb0reHHi7V7#Hx6#cjbf(&?W(W2v{PBF+#9$0$GgOh7;*mfI%L;IG@L4AER4K)@z5{ zz|6`ziVe5M$&L25q`hguZtG)a6LZ82LCcAdMi9`n5xl4OnBSW2LE;Y~O{cW2nbQwK zykg$CMQKrcdwbZosp6kS=%(2w*fcSnTDPVn>Ni+H9gVC?P~idDy=!~zSYL@#1kkO# z-#S?h?X*O(Bp@b9$|MaUPO^{;pT)s4ebARs=#m6J&}#+h5-7u)0N$O~sSP$^tlC?R zMjVe+c3rLpR5vnFt&mR6r|nR)Eb?DO%tn^VfU?3UO-a%hucHF$Qv-K*_gXj=^IClg zf2R;+xkrN?|NPW;T#vcT#&pE+izfJX*U@eQu5D#)zlfBcjwf^8_D=p)h3dQ$shrxD9sP!%-Lc+C<7<({gE+@ zNN~>aEgaS`G>j3)#>U1K4kK(TMr^vx#-=>$=0PVHwL4mG_1*OXsG;-GmEcK+#~AKs zgzE8<6s-=Hw{=~H-7SZZXLE8D%%|&51x6L?!jb#Xfx8-L{q}X}#s6uNUYMYzo!$7b<%m3Kd*9YP!Xd6Q~CG6^dVS8NT5^{hy zXF;;7!DZ05`(d=)Ck~L-HxrdA{#Dxe8u4#mJM$QO)g>E2emq(C%St?*?Z^J&*HjgK;t3w zsV01B7@SbB+i`7a)~BL_3^K&rOw^Qbiio~J9g^<{fCiFtVSl4{n@g=po&Qe(9AvpH z@8qGyk+S4Y+)=?nU?P>EqjI1RDDJo(>Ix)Ix3}j(I`YSl=U`?4ptcU~8uy3=KnD__ zOB)7klcXkZ48{*6Ed9$&{}ZaAUYJZ|l|n~g1CHzQJ~MN7-2wpUJpE5wqNaB!ke1DC z&Yy!E^U)v-^nyYcu(7d$%+D`6x@g+?5_I!iH!v{h%QB<{F80-YpAGAbkWbRPv;Lnw z4UifBv)AMQCueB7U%!d_3>8SqphNL{YlQXRNoqlRaNjzI1IfQx!B0ju({-)P0I8UoqnM9psR(_NSU*X9QAZ`*x+^H6^m zrT8j;J76$p3<|uuEJ5Xk;#A!L{bMB0-9AXr3;Nm`!liu0|I5CHBj% zKjKNILFq!IE_2YVe|mazxi|bVac6UpbYpPWUb4xlbNST-nw&4O(i;%CcY+**m zWsgZ4wF9^>RNDyJMrx*N^EcuYeVNY(>ZA}njzGYgWP%$I05rDWbNoRUs#*{Xy4C~Z+=eyCSU>dS~K?sl*I=!px5*p|lmwW*; zFVU8dYfJ-;@TUP2VDxnUcQvmNhcNetAa1=u1W>X-6g__7ZoilA-F^_myuW>KI76*Gg0Ga*5i@DnAgHdP9RsLg{?1!0jw-TvB-vc z)WbHq`am=05ss1sXiP*t;3{vDUWuqHfYKXAfonqL*sgd`T^&+F+jqS@ltKiShbXx}>Z`l<~r^g>*Mm_4m^f zNzY`K1dZOhqR>CrcD_FjyYa(M^IKus>wm3|L-OW$jW)ZHg6gg=5mrI%P6Quc!v1?q zL78*sZs6Hp(GTXfJO}LEDQkLqy>8ZxF4Q1SiwQdS$&)KMmbuyWMSZ>PC?DIZ>wET0 z_}+Zr;W5-i-f1l1Y-3URY-Ye#gE;%O?oNn#G~F=Xu8_& z9UIdbeg5Lb(g8B7QY>sTP50@l6%k+5B8E28fBCXu)x^-K*9sq+BZm5>yKf(YcN}Oh zhM`kmtt4Par=~Q+9t20L@z{#IB21q-CewF3IDt#kGBnVVi<>4|Ti3cM7^2p2#eX_s8=H__|YVT79-=a}=>d7K>kFd7E?Jhv&>BEw}h5SD(N$i*L}vzm*)V^bMo!%ixy5#_v%r`MB7Ncy5LkL$QOZHP0#0OBfrJl8yMzVmo^rAu92 zzKMu8Z*%)t?MkKU3H6|x(Zro5aWSGJ7BMl*f8@wuSH9Kx;HBTL{rTs@@Y=CZ?(>Af z@$oZlsxjP>7Hm(ISRAAO-j1MnTqCldbznq z5tU7JvNtzXqJtRZ-~>wt{PiQRUt=qhdvl?0HHpV(Uor z3~&@Qx5IG@tarC&Cp>!dV)#b7@3!2Y@3TDF_u=Ob!6M|nE}z%0jdVt}xfE%avXNIS zSRN6-b+BEM=(U*O7-DeQXX^`^vEURQby{2dCSW@qLw*Ea6Q@Wnx^{R&N34!ggahx8 z2)q#!URTETowgWB9fuY#HL9>4FIeZ>>pE4>p`STxy^hdD&!0bU>d4zkc(u~rE(2Qp zwwSs*Gc7y{QtWcgY*H5Qllm$>#8FgKC@wz!NSo)sO>=y|YkygnwYynPxq>n3>Jl5{ zkGSev&x|V3alQG%r-peQ%W(l#%CnGty#h9qQMcD(z%(pkJY(aNrs3oi4P~85D>=ud z3j6!_pImp#6d9AQe>T_KYg&76(10_e$Nm%7uwEeLVzQ}`y*ASv>Scv3S{tdvfBDi` zOQkx}Yj{Jd`8t&i4ZElYI7$=bByRBJiwZR!A$78Ha%P4dHDAy9I#vxi?XOY~9!KT3 z(4$i8kltk52cpMBS4vjAr9!GQGyj~SMe&ml$I<5oa{U`>xksW~LT$Ip@lrQiZ@(Wa zU~Rk>rycJBeaQSfs=G;ukMHLrhol^*YK2Reg@i?BO6<)-+nuzO1MINju4%$MY2+5> zm!_tjx^^*D+vY=FUcZbEynSZ+(=7vIgC#iH`Ojx9 zl}%IC=VrdU{KKh(9k_>IzqV*s5^y3Y)RB$N@&R4eO_-7C-MjB=Yiqmdy_Z@|`3r>| z!ma_1^8>%AW*E#d_zm^xf6dSJXLDB7I!Ff6i;%WrbC%66J)P>d_uIs!+FEVbYX|m6 zr8F%-0cR6XN%RoyOP8#VFS-N7Kd@PE2d!X7-bzl>1&C6Be$Mu`!Za?(O+Hc*qa^Vee5R@TOVBX;9pyZ&o~Ar6C- z^)*uXJheV_S{z;Ke(A+-=Rd$Q&(6rEOd|2y7dKqCH4@ z^}k*HZoh|#r{wTohP~8uxOkIA&tSb%$z876Ty;I><6n;*tJkG;YYiPo6V+7~OrmwB z%6Rg&Ri4yJ(PsLzrx5*wfuq4H4Of*ovvuT1=-S*?!u=cn+L2G;SnR!;&H*CPlSeu5 z+B>HyeW)^MaA?S#FcH49Fk=LoJhwu+^QgE%V6(Y00+Pnf0~<>afG;z|pqTmOc8`js z2#|L5Q)yKb6CcId3$#}&j~?-bGv500588^9yVsb*mxq6X^+kw>=QXf&iOV+1+M_9Q z=Le%vYzE*c#iLIDmy@I)>`+t|58M7*cl%omstQl_bR5#-ZIHJ{rB0uAz;BP>sh=b8 zvJp+EVLPOZ=*8y=4uhS?5r;tBefuFp6KtYw*=XEYIiTuB?>vk?Cfru&={xj-NXGOp z#)2&99UNxgksv=b+ZN+oHUiK5XgyZB65Hk4|Lmt3ID5OTQ492lLO+wjz~66~XU{I^ z>xKL&8?U%%#qzY08>FFGhT*&jwC8{vEd>v2xEMhxZX; z^(JU`KhFSjl0SkNdDzA#aVH18EkX*XU2VE}^WQu0o&5#WHK)#;xw5wAXK*~OfVnZh zw3IKrkXKXYqLirc5i4R@2>CvTfkWp6tD`>B=|Rz)%aC#QG8H+;1RdXS}rfI$imYz*-I_?B!A08f!%#;01)jvbnxIU5Qsi} zI1`rynsP?8$FDvCEADU*G6&?^fu3QBoc_~o60k!DFSJcP_*J9n*?HhM*$5fJ!KL7?7GQJ;N{RR9_Mn&aMt3m-tb{4GopcpjP5*AX>L2ZF-Y*8XtWNSV$_y)5Y%lxmJxJjwaqL^7r zb5Y;azdbWc_D)2(qn*b8ywW*b!%1q1j?7nufOi3ZgvX`*e33h`X`1PuZ5^BBDn79N z(B;g(`!D$TF5HhzIrw%kv`CkEHG1HP%y^~s51TDyiM-tNJ%hZqU%vQC@rC{%J);3Zhy;SERxIIzz*Jub{d!XTGRvp0x+? z|2DWIHoUyNd;zrbTbP@dVPawe2_(n35ihY;+aE*E>4x3}wLd2Fcz@1$6_vnN$Bcsd zD*)Me_;|z*x>|tkaDDy#v08AY7A5d_k7T2e?{s?lWGRP5KcF7EoRw>l>>nB`0-N7& zVL+$jZ9IQR@bYk0wBATTcXziKtCBXH_3Bk%p?%pMKfe+Ou=Ds*s&P1dM9rI2c{K=0 z$ZudV#BYU!yo*<;xenNj*3@Zz?MtGKu(j9lk4kD>}TolzgNf7^gf=w_7#%}K=#!W@#-onOBF|a^FDkiZE4(l zps|NVLubx)Bs`d~2zar)TU$>WIP(XDa6}%06=ioH!V|hY_WKgi-+%x3?%jimii!@` zG8hJs;hWo7>_7t}%m@biyGeBbwYap@XQ)_6>~(6<5fk9&k8g8Un&?kd77b;kGH#oj z=Ue1k(nn}+wv~%9CTd7+SEWQ}wdBFx-h1`*B75X*8=EW~YK|X!+Qr}B3^(?u4vc%W ziV*bD*B$*AI!)z3gt>hj|ph|_l}y-Mag({d*#?`otPTimu>T&YrD0@t;X z6Vl;*=?Go;%u+D0iAZ1PvcwTT&MCXjx&!09`lGh8(wIdT?*T)VfYmXU&DTFVccrN| zxnaTN0Hg;h_dAVYfA{s737$MzFh4IOC@ek*%0HPpQqlVQp@uE`^}@O>AsojjNyW6P z&^Dvb+$HIq>Sa)2TwNRTd+y=m(_1nlEdevnF&2xzXe}qy@NHW5`Yqkiz!yb$pXX-g z<`OWFi~vc}7cW0H_wZ7=FPUOsY}{uN;3m)!0;Qb0naatc?T*8`<4vCq>Z>9rf7J-c zzKZo3z3&C~`fAP*@CKhh7hRLRDHWsC*Iy2(j0_{-|CPREcw5V;V~z>&0V6HEnLetT z58qf4QSrE43JwMTpcTS_%Wh^VlB8nVDll8XZ=5^%^&G9N5=@KqF_1-(G)`@El&Djf z<;9D=Nm{`WndFe+inx3^9c(s`~$gwgN^n@J@L-HX`gkzE3!Q0=CLa7S#>#x&r z5?uDx8&23yKdseHy$F!B4_X}$|4iHSyL*9Ue$Z+l>F=Y!-Bmq(K*qcq9V984B@>+Q z;!|;_!jq9^sAdce>G#|`nWq;1O3r`qJUteeWXEsfvG+c|DY;XqiDGA-IB~+IYAo)} zFSvn$*vrK6qWpX-_r>!S<&_4;=QXA7IJLa81gM)pNzt{>c=6&o3}XMm({%xlaf<9EyK`--Ps663ARNYGW7EtQbCrPjETeHAY@gBx+(h8!f}c?$ zravRxbj?(w_M}ooqAF_KdM5lgA)(yHbW`Jqt4yZVd9@+Nm2{vQTa8{o&XZVMT|`)H-_W)We0z&sXo1U%=}pJNbk=G(31reA8o3 z|3}UxGbgwHgISA7%57WQx-)0bhL%&g1y7zlRk`SSC7J^?vFkUmF){KnZ4$u!zkE3Z z&{f<03K?l>+ha;CjGdEh6@NXju&7uPIq}=CzkYc3EX2jARmHVg!1C(V3}bB3TZydf z>~m^r*+e=ZrQVQytp2$B2rv=LWxU$j(7}PBy!1v>dwY9O7MTJrsikv1UFDrq4@axD zeTk!7IkwVFI$&!0w!QU+Ivp%*0QhAfBGFsh0YsTMZ+?Ng7=FgJB&f$h_V@^;2#_D* zVq-JQ%YRGkns>lj*@bmlv(*(9iPgyIuw*sgIEgMSIxcAWA?dN%ty>?z66KbN+dEAh zw#dof3ZDHFA}K9-{`6_?6ILG1_ZAG6d&hQcHr5>MUxHXVd^Z8Z*hn4purTd4RaH@w zxp3+haK85L?)BP9UofE-R#;1#y&F$uEZ; z(Yhl3rp|l183sajpIB)o3 zMuq>JKW>jhKtQAeYEBi_2P)95LEQKVg}O3aqYvQV8wvSF*WNcT=HT$H>mk^;Y1!|7 zr%lbzmrW4|BZXR>m2y9Bf0VGgF)J^J=4@5Dlvo1_=>v;~*T;re8YSzEEv@Oy&Ks|t zh!+P955QQaPEIkz5(#PP#ieV9!-l+8mzNTM685M%|7mxwc zi!Tt+|J3S9!wjhU)}y2%E;<>+nDYAT#Tks(xW0OM*uWR9Yj|DB=FfEZ-q;cu` zGUs)&j)+XGpA$YNDmr&G9?LrkoUMwCFafz*X9uL9p(pz`${*ZAVTJj2{5OaFGH!P* zC0n}BcP=(mqCvMY)FWIrQh;S|vvkKSEG?-0ATik$KU5Fud{9^&WP`u5%>8}&;yDEB zKy(=8-q)|p#tRS=J5&Eg`MhoLxL2w~-ci>fD7WoihG#&K~}4nxl@E4tCl?7I70`yAv~I8F+>ajc3K(7^lL z(k!Y)0$yC<+T}4*b;r~+_XrN3wX^d=EZo(_Whq+(MQeIKf)y`LBH!h~ z%Lmr-dq%e{%acz00Ou^lpI$tcaG<^T?kzc?Nbb(&#%L`(f(Sx0Ah!xAjv*uO&X0(* z=;1}+Yb%=FZk?_9@&V$$`NehnoE$AJvjOQQ2?N-9349Mlc%v(b{cFJv4nFvnQSnt} zi!7mo9d^%U$M%IYMQTi7sh*1Gz9Cs0mSA6;oSP+E)x> z+Ga0`lx1gI;)>9ujDeS0`CE2>2p;R_y+5z1*}h%(;RA&+*6@Cc>CGC;sd}`2B`(2g z;j6IYmW>rjB)O{yY=3FWhZkfC>06Y_VI>JoP{gQ<(^@*YEF5CLmgl^8n-XDHY0W2#~jiOL6 zCwuDDA7HY8)EG#nL{4l{*tTJt@5GSopG0*+$K6C=qYX$Lkgtwo0h=3&M{}qFqkel_ zVj-IX{%B#VYG49&ouJ1n1!_Ee>2@Ndo#4Q+wbbcEH^@g!>F!ohkycVbN<_N58>FSX zrMqJi=brAp*52p*`Oc3s&KO_JA8U;v^PTVeK5@r&UHAPYx~!}PG&yK%LtJ7L79Mpc zxi_^n&17w)R7xs{QUzQ(PsJIu$zMXO_F8aXr+@sKp&IG-F`H zM*%gM-+s)=D}jsnDxdt;%RP>B(gmdjDhDPW9%a95wG@cM8=IR`laiD!UGm;*NsdcR zPnU&lxjV11VKSasjOX%I97HKfY}F@G*GW3T1I%mPZ!WnE5|%XJP$3*}hy2!MuK%jb zZ$SbArw=CzlwRTtv<9JP^Y=tQ(X0*UBdOg_QfZbxkZ1K4j4?=-SII1yjUB#G*U-2R z$pK)tvMnvr@UUp23vvWAO`{>$b3Yd5_MM)_#KbgRdI$J!_M8OZ!uH!Qef0G7{7IML zlBP2l_$QHLJMy7t^o-j==ks!{1OAcDt&g8RS5Wu_?coZ|QSy}hip(&-XhzR<<0xv7 zbRL~cj0aGYjFy%@M~6tX_wGTYo(lU5M!FklD4J5Dvw+J48}@6M(k7;sgV@v_86Q7h z)+)9sZ3?1Jo|^hAEKFswo+J@$kliQFwvh7ChO~T#b<*+Wb26&hIszi( z7mA7_hH-F1%gVhh8kLU@qhyw!n`HSm#Ng!IT}~CQ4i)v&3a;fF!&_@> zYn+jCE>mZ&cH^ycFf}jS+`fWgcJ7lZQe_?~>sK&q9C z%nFCdToOarWB63ei(63`7#Nb7y3rl;*WaQPRa7iPEk1w8_e+wBepyU*U~u}ScC5c2 zsPop&%I3gWckL7i6~}FM0?Kv*?V~tprF?v@0C%{0KZAu)APuOn@$-OkZuetuTAGHo zmz)fAbn3W7?Sq3=`?Ry=^z`(7Ai%~J?o6Zf(J*v2Z#kT0*t8UOzICO>)Gbus zn;+iEreV=2Q$@SdynC-0goHF9Hh{2gkg|BvB!gEcf4E@J?1<5k$nTM5`TKR)vfniZ zCo&2OUI1Unz|O9an#zElVD%!q-0t-l$H|SIz`*cuWqW)6-Cte@jJ%G%ckXEFN5iZ; zPVNz+1-0C%nVHa%CtrE8Kn76mXNrp7E?l?(nuOGoBNgMlC+YqoxW|XQXn4Nnr;^eV zf2uM2!%~{YCPxOt<x-o|mk&>orSXAXA-Pa*s zzK*ldRo!YDvu>e+tgK0i(NuIvlS&N+%BIPz4d%12XQr|#w0DVHru5>aOMAyrmnkvR&UX0C z2Y718@&a%v7RZ4^Qf5Z#nQaV}nzD;iD6TtV$#q8l&L5v?^ecerJzeyk+*2p668&&Y zLSf9w)eLJNNPbN9 z!kHcj+s^xIyYJb@@XxycSc3f2v~6IGD(KQa$4;@R3$DL=OH0eT?XyO>$s>u9y3(8X zWUweq@C(;Dq}cZDk)Nm13&I{;ssU-M`H?U^}NGn?a?SXx^dU8!QBq;jX~b^^7Q62poz&n z7Zwh*CSJZ7Egf^GsFJfw@AjyoDK3A0tWLwn&|?3vA1FLib95kys0j;*nj`s?muH(V zWNVX$Vt(?M^ziUaH1!pSGUtg->+Hnu`uTWAJ^jFK-QI<%l9`Afe4hJZce0H@jKB+p z#p_v)f-kIC`?l^!mtQc_t+6OWA+Y`okfCSJh?O+5kzm%2qy)WB;%KHEoqzFQq7>Y3Hkt7yOz z4WU9N+V%K71I?tGHv#qM-lbgu@&hsZh=|f_!jGl;)+WL&mEB7$X#JuIF~mYEIAHd4U96!rD>Z@k(-)#G^-~v`;%X(ox@J!O!-% zkJOBFc?a-{(z-Olk$s+R}#3Ur_piv?%#mv0(4s#49&3O|yPS{W$hUFqM;ZnG#(&&+&6eXRPIgV?;&xZUht zQw-*9kqd{o9G^b%{fMi^JP_yuSuF910CD~AuhL|q78&y4p=bg(6L7y%z*OfCt;qx} z{Gsh`uc1%e8!}&gD;l58XCIoi6xf<0P+Ozc6O@Dy=67sZ`X(C7nw*RRp{;j636=*R&bUz2nF9Do1*z45~{ zAr@8kr{?AhBKMGfceKq;Pbo`~+{+|y8y|bO#yDp6mXnMAdV`64Y%{)O4Xm=1uO@K_ zWa?qjf{$z$+Lw3gR6OzaIGmE$qbuW>VC^Vry2*Y1{5i^g0%Cw2Och4D0HS z)06k(Zn+2joh&JVA3rL{*>#PgTxU&RSvpeMr1z(ZU-A~NvkAJvY_ZqT1zj6cE!}tC z;F1Li9t^LJ*IL-`850sxD}fbxg-RJ8vnu+L3*f(9%%TN00aee6WyRX{2UrkbaBw_C zlW#$`VLBwD9$!6B<)ZtgIYz~Rrnkm^Nm^d+O-o66fr{kv_5Y}#XcH`1-cgjDDOjAM zo2Ox}YZ)ATV=pXwECJA9$avF|3Y8LW-v;91Ijp&+)e(VWk&xrX9lfQEjhafW2Q@z< z_sPJsKos!|m$-c}LEKyEgSoZ zzi&NNQg@Ld*Y<21iWPB>n(vHE>g&4|m%q&RLZ&rEdxcUZmZkd!5z&0%L@qBx-6AV3 z<;NL3XH}|mV#hsWV?EjNRV{0dQ)hx@UjzgzyTq%0al7@IKd?KP6dg8%EEbW7k)Vmki^HI2W zhC5_4t$D~D>J_RhDcZ;cr?>m^nwy*FscUihBqnO*o1tueKmJUk(&Fvs+?~klPB}R~ z=E;T`iNV}5JLB7EvQ}s=<^2e*z;vO6pwdU}CSbO2!&xgOR|cyS03AU4)G~ALfh;xm zT6g?C4w6OX>N36)Qw zco4Oy!-ExaNDaWbK>id+B|NcU3u&ejK+mB3RU2m=xrmL;bZUlt@}xt+W9DU?dst{J z=i5EVFvQCw(O}W*HVu;~ts~sgLc2%l=z%_~b65_W{dSwV`L$gaUlciaVz$@mw1C%KaE^aRcb$%-W#bI3vaZG5a(Z#1;grxTC14&gxPsZ{Mk#VP` z*b}402UKQ2MVhP(PzGz}s{%37+pb-(6@?o5&b zgc2dNNtH#zrKZK!xjL<(6p8c4N03%_Jz}FBY#+A($XA3|e06oT58#Til`jBa@>Crp zob3)F{r&i=b{!Ks)&+SgNSF25Z=a3f{jRhi{?Z9p*W`k8S~TjQN1#US$csbZ?)VqA zajl|zlg%01ot^UT$4iDy`~FK+Y!85C+&_*ik4xk+KW;Y^Y}uo%27b=P{&d9!R*rDf zyf#lN%5gFpP$6>9uGQH)|B}TKGbd zggKrkTXb;=x?sIT#tRKay^3i#9nqJtns#UEBGA9J|3hZeyG56na_u zW6%znCR(ZM*o9RS?85TgI$^AhYjwDM(y$x?(OohjhqjiM@L{uX8t`-d_u?$}kI|*3 zd(a1$wDuq`$V`yN!gLl?F+7H4^Alp6r*0Y zOBU3ur|-h5GX~3NFS}A#^CMJ?ZIx~=!|M+`JzuHb+d-a4HcC}iCqrJ<7^_8(j<(UD zvMDJAU}U@#Zq0o2Ha2w5%*SpXNMQZc&qv6$MLoUi69y-pMoXMXDJlC`j?txwV7%n| zU?T-k3Zg0czKKc{8lW5)CAUw@&;(@d)=kRHz(9OTQ4d96Y!%_%va|~x#F-Bdn8wxC z)~c5~6vlcSJA;=nA1>2slnOF#@)rUqj)C)z7z<0LfZ~e`;OE)vB9?lS_eyj0&CD{I z0!cH0G;Wd`%VE#YyXTS}BiskvEL!RNhZG-OW6VzJqdq${d;)2hd`@6(SV9VXAEmlz0d-6BgE1%cx+bA$~@@LX26?%4xL zLMiAWR*gE<6Ik-WO@s(!iv-w(vzzG|1TW z7klm!1Tk>gR_N*Ly#VA}AF7;R%;JV>S1M>+~20BVrl$S4p ziiDTBs%U|NR{1^&G2NXzcM7a@J%T*&DGtS&14~WT2K)P0dY{DYrI?EJHR}Lv`>OqC z@7XCfjkHFQ#o*^}dI98ulD88Q(z3F6mYuW9&eVf&pH)<=2M}}t;pFv zfbuRK?GO^ZTF(!vjpF2&f_36QI}drxiq-UW^pAXg_8FbP!EgI-+y_XFH@m9V6ba~Q z)7v^U1Xg_-n^!%#Q$c*|*7y6xW8bS|h0lp@-GUoy!*78k@dxM{pmNY;AxpR^h7AHl z^*pD~gH;1rm1Bqiky{0`c;AIC?G{Qjees3>*+Fc-`XJem8FZ1GZ<3J;7m8bbyY>T}mV z)C~0l)3#??0g3PPR1Nbr=y`C+{N9@5`;Q-s`=f&U}*u%R5|=U%65zH`1$t z{Va6ZW31fvO&@ClzQKQ^Qwz8m^uu=v9|W86Xk`DPvW{1jK@B7N3^o%?FJ9JUSS)fr}xcubw$W?HAcAEgCnrkKsNgs5dZhNONi7m)6+Me zg&TK&b2BhB++$)!Gn6dFV<{2Z>TE6c#InP~4;<|zKXf%3dyla2PSS&e{&r{3QBzeF zZv2gEt^HL#6#6tRT&j<44&8Y4yxE@=4&%{GR?!~*3%(1nxWCTW=!(Zur@gQLZWZV0 zqQBjr>6wc_h5&~Sp)RA_n87VrJfj1d-6i>^f`3dII|Y6H+lT1L$$VvCF+AFGSJfyx zde{sdyY#{|rbftI6Mp&RXJ2vkUOW`mP1`0EcatumOHkCyU)cxUKvc;^2G3qk!*59(&I6}*at3n4NXl(M|rem8xz?~jIFM! zjtpoJ5_D8;;VjCJA3qK{1yWtzafJn4>rom0sMMiRah5BJ-?j`gG54a%olbkud#t!r zoCBZ1f-I6i9&J;eR(;G_K8DiMkH7Wu3WIdOoBH?zpr}WyhJe=1Y7$?&77se>ond90%-PLMOOdG^3PO;dpvBSU zK|-rLPD}Fwa5e}Nln0>q6-+`6ZTV$%o{V_SMrY`$VpdOEXj+^eZmF)m@vz}BfZORG znk4P*9YBzv4HN+m4%ygMJV2p9{b6EkuB2iZ0n3z-n0UpOXLhauHf~nc!%UV;oGVwK znaTMN`r#AH0)fB0ywX3?llC*^F)b|}{_$Rnd@^7}Xj1XhuWOBsO)fF--4fK*)s-|< z?(u8gFTZ*7ChOvnDC#I11Om5!P}uO?81i!q8~Zj8t{hq44ienwW@d8L ztaf&u=a3+t9YBTS~KjV=b@9Fp4RnRmJLQHbWKfvxQpAjs|NijiJ!y!L`6j# z8p7FZtlXYY-FucE?|yV*!J2oXVg` zozKMfbSJFNq>owCVriwr1J2*1( z>fPLywY7Tz8cl$5#Sq%TqUFkB&5$2y>2H;^?sKn1!Ec3Cr?@{puA6%kHHXMDg5?KQ zCoMzr6|ZgR|6Hc?yA3&%b%gtYrw{+C{c@Y*{hwwIc*fNv!(Y_kHhW{XY^iBw>T7F; zG^MQ%+T(Z~zexS7R^h|QUb;poSN}KAxGG(>d397G7rjkfcrz4r8#;okWNiD&s4-^= z7{EKC$&%Zd23P;wQ8LgvlE=hfUja0*nz`U^Zc&AQgYu(}NG{W##FSTqE~}Vjn07b3 zM)ZE#|JNl@qnJZcL%33ly;XH62IL zfTQ*2(CI$(cW6>Q=a~2(y9MI*DrH|LDJ5E>QCJyyRZ`)=-T=&+fxn`Q=JoP9kbbgqUA{}KB?(%Ar=k!dvi?G`mL z(;u<_Hu{<&5bpb4CWsh+1t*Yjas6rGfL2)fL);5g;3`k~ow|Bx?{{oP&|(Rybe-DT zhf(ahUo~_lppD)uwG3r`ioj{AKPMN!br_&=&ii_`B|1voKi;kGoi)I4Wb4yMEdQ=B z`6XCh`P{&O5H$Bth4blUFioUfaDDCIzYFCwSub3W6NvaJV8D5aUW8RSQ7ZXnD1oB$ zqc9qVyTbMlx)yq?@gTj2U^b(NIq`*(78KF)44d)1ium`)M38#drvk|I{@puhETx#r zAl*k#eH+Re?xIQ9<^Za7-G8l7L=B-gY`=eh{-;&R|Ie!K|3Ae6 zr0a5ZpDO-MYdP#Rh2fNc!1*ahO6;*1+2hAzQRCm&T8ztjVq<$_yRD--L(ZapFu96f z*3HgI-a>fQ@)T{=xQ^x-NDmyI-d@>a(^UPvW*;U_Q5)QtZ6 z^gbms(@QyB{PD*dK0aHjB|20@tY5GR2ndpkd$W{h^Sc~Au3g$$&>JaWP)5PgxYy2) zThrM|@HV%$YNe=8Ztg5}kZv~Hm5&_FQE}hDkBPW|iJ9x%+oX*O4Go_j$_>G{y!RJ7 zLRVkxIwj?MABL7sEib(|wf}kTyr!HJo=|sM?CO(#%g+uR_0t{@kU1@pcj>L%3=(54 z_Pp^XP3isl*->`mzURqr@5;Ju0+HieSY8;2_V2nh)(C@T8Ct-F)1 zv!~}mS9Q8gusI-lwyLN>q~WnWyHRh%J>A+*!L0VxH==6G3`yOTQ~oLZ4JhysuY-cR zasu?nN>ty`do>nyzZ8>|Wm;ZY0fFJtS!wr2O601Tg|^6q`^pmuNlCnBtAEzsx)ENR z)xetnLOs;jYP$F&FAO-+OD8cOFKWlqk zj`?Zj)sxxGgZOT{;yI@+@~#=5W@>Afv0dZmTd2vi8*J_?gj@N=6CTt%^PLW^cwu2m zKdXZ877??le*`sJa`SkFn*R=Q&$H(mxLy;lKYp}oj}|0{X?rV2XX~`u|J9V9E&C$k zA{N$E7OfxR%V_Xdepd`$9GvdHArRMH`NGXW`aD^#sQi<$g@uTW3=l??!9@4_`|tBv zZGIez<>M$-@!X#d4gUIWEw0MD@Id5UQ4tTKMsUOZqh-Y=UT828>)%5r(I<-6CdF4+ zh8gERFzx{hmtyjKy}HEhq^vLC7D`!wXyBD6nWU`=t)y_us-o& zsrLEWy63c*fX7+-ACY>mx}anOV%CZWv(h&;@>W7q>|paKO1EJp}4rX zt+{Q^=H$Th>>}HFo2=6jQoAm{OUP$nV4#*HZF3$uS(g|jYR*fK{TfV^({y9R)`;cV z;`W-hTvx+DcC`){{H49Utz@Cf`ejaLN}nkoxqOi?|icCWZvebzzUP?YSA4a5~LU`%g{i+OEqvSt@^Lw+sU zAzoLX?8SWy2(TVe{*jbKc)q`J{vP0b2`MSv&ecc-Mz7Ct$k*^{?2%BKoT==0ejIn+ z2xhT&`S4LH?o_wZlXEaok7PqiuFU2-tTE*9UcNpAzjZ$)(oQFtsP_)UC}I^e{-DnIm@fgFRu!b z+GkhYP;(oJIh%BdDV6FoVV*I^pn9rBLc;lpxyiG6+{1OI$q&$Tqhx)x6xV4hn>8W!jWKcKt?Td?uK%=v-?7PXK#PMN#oopQ3dQOoR2!y z<#}A0vTI>#THhRJ=IDZggX)^nMco=1VH#=uo^MsEWS~kG=EfIS>Pd3%+^x?nijIo% zHm3P|KqMTgKENc}%KDX1FfXYI_k59~TRpJ}8k#t6NPH|KlT&{FTbiN7aNGo@KXiv` z3=VZEU2Kx7={JdF!Q?^JLGMp5fEK-{Fo8asBpn`LZv`S^2gkQZuS& z0T656T*VREAb#Miy3>T%WM3XL4(Kfb=Z zMz?GGI;+GmC4x6-N@gaSS2m;Qd@}Cb*R$$0wq74tlSYFWd2iV97qLdNVh?t99zoJx zKe}^pK>Vh%<)xi&UvUIT4%5w(UfO{1`S<788}b@rDk?fwV7k7grVgjQb@{$HEGmeS z2^=l%9_lmWWsZ0_kZe6JZE@?Cy1A6ZyV2p0zpwr{)(B}+G?(iSCALjisH*ucjqHIx zc_P~d+M(mhTko;T#>X**x}6N29gQ-C*J;hh|2QWnW?80pD$>bd*<2} zkLn(Ip6o90Suf+g4~ke?tC$TNQL4=8E4C$9k%34v^zH&7njkrM#Px^pU7F>V)2< zhW&YO?0YYt$jdjt3e`g`=H8SKg7dD6$VROogsFEq&pK>Fp8I46#$Fo*Ghe4AOLTSe zKSRI%0DLAUf%({LhUauXYhS;vIBlmAE2!L%+1meG3!q|oKvG%z8hN&{u?btfv8%4G zX$nre#v9?|wRCx`DdMvFU8!a?1l;9ajo7;1sc-_clVd1_Hxc0c_ZF)s!c6%{=LOZ{A%%4V@=g%?B)*5nft6Nk;n^LM{KeR@c~U<<|; zMB*O?lnD`2NTf5N=+V}}R>N$NDhpy{Z0xOy=gIRidisk9_)i1ZQ%lMM>pgCR9*OQ& zI$mCCwbdy)*|5V_g%{RJAqk#gwxhc0J@5H(c<-zyYNQL> zy|x1!@yUK6aw^HP@yn3$J~ml)TOB&X0AoA9%>lZb!_nw${aG(^EbEu!>uSYhmM7Jd z_07#vCmDHZWKuyf4N}yW^-zJC`F0yBYiIIZ1e|@4U{-1c?=vr>x2@e+sEor%fhp(_J!PE{o;jtq>2(wlTkv2AW zctk6%2bmB1$H&*)rkr(O8Pwg+AU&)Wt@Js?#`lwPN|nC(eDlQisqU=TL2X-`>Eq^m zAuXE`qURW3qlHh_Ha1iP*m!w8A2;{dY63`c`RbM0!z;5^gEKEORI6@DOJAwyK{Hr? zKHs{68{`Ex&jeC0?)Eq=QEC)eq&VaQIofM{rv*jsY??=;75 zbj4D&^M?B0&+-3lj`YtwfBgR~E&Jc^mOB*d7@t;PJ*1_r#48p)Ozy2U;>JJt^pAh~ z`NXD_0&LS|JiG^eLss;+e5a{yywN=}Pso2Bq*2WHYp4$|q~-DhEX1ca19q|}^@4o= zEC-uNO;)d#mv5ER-z%p-6c@iMCLT({%ZjC~?QiORGw$@dd}8;vl$48WCifxfidQ%k zn@)dS96|is#-aN^4sM(zKypz)Fk$J}gY^D{sszYW$!O@B9wuy(u1^Q3%V|jEbjnv= zZmq1SjDLakFct4ZU9JqP7)b|YZVohzp|7Q;jS?;$J103DUHxv zquf4S>_#YdeY1DI%s;-+@kU(Mudy3nCd-sK#>B}ANuY@Z*oA;69h;k*4-|9|6+*)t z-hU6&qWtfDk#1-+$nQZ-QTgf(YE) zDs(wXpDAhaj@6Tfp>M#bM2;Z6RRx2L^LK!J{VIkn5&cRlmT?OD*X#r+5jCT2reCDQ z{&`gK+Tcs-c@N3dAtj+t?7ke?Uct%w&-LR+zis#-8sK>>9t5p6UU5eO^83%V-0!|z z!KeQ3ZT&w)FaCGfCb9Lxh<_IH9ak9(m&CGG+$emtxWFLUK3%g=DxCM$ucag%$^L8T zxMzNAJ=a-SsQqPfJWMg0a^%^jlA7aYuW^no>B#)wU;GANoa!YI$J*t2N^$kw70wLR zOtN32NrKq_1v!yDbFff>h%s>OT^*d_Gs?)aPZaT#>T1n*1~Q39j{Bx=c7}TY1z6pc zY+KSeTfZNx8PR zJWYjv{d)JuWC+L{ljW1i*Qc+++PR{nq&;Kvd#KX`dlcvW^^hM%4Mjh^KGP33wc6Y% zyPNXD{IGg(5`j28Je-os_5jWXmK1khjEFnFVV4%1hoRv@9L`b>>lD4zUeaC7M~%27 z-HXF0qb$qkU``fsUE}q92c`isI**gY4gPV_dkX?^JR&)Q-ErM)tk@%F^gvBTB?xd2 zb1(sj8nhQ(9~)++H06x6+FQQ=TeCb6l=Uh7l$+bzVlQ7_gf534hx1?6w6(P@t*s8b zA|hA~%7q;ehg(5a*Z`wIj@i`mHnF5}}jIiBrBE2CZ+A{(>DQ3wR2-4Z6t7t&YG zj|N;*GBPe8PByV8-(+W7#x-$|LGYb(UZWdvK!AtW;D|ih|10pPT;_TWG}bH|qT-^v zHF-9`ySg6t+4&0e^tdtVr%0>=2WEKjRORJqI2}|5ArM@K^37fZV}|ypaKBG6?u3ZV zx}B$Y8BH=uZGH9C1bk9!%HT;K7$?pyTX;jFns_QBTH zLj{GufN^8DUw%o`&|E6~&lWoAUpr-u{95CIH}r$0HdAGFB)i@|s?4oVW%9(Z_QAf}Rt;{Zo4sXw(B zp!7H$p++EpdOn<&?IJiPL7PF%gw6XS6>>C zL5sr1#^$e}PVD}OYrMo~J1@jd7Etf*9o6!(Zu)Ms)s~)Qb{A;WUvcyD&MxCd{451e{@nvnN&b}I4o)z#1-4|KD4 ztAW}Q^-Lmrdv$oI*`6dbhzw_Iv3Ygczx=|ej7tbEvl4-U1@yOjBC82N$S+)m;r06J z8cNDHsoTQKkS(Lx3%O4xtH&b!D% zO5#w=nvR(pV-;!_5I;LQn&B`Ev_fCD*}=g|B7R7Zb3r z-S}2u&4ji)zkjZlQu46flm?44D(T`v*UH2=E|OKL72r5=dO0&Q6M=a8^eN3fS~1dZ z5~ik17Gv}hhKBc`#m?5WRNVBiVXTCLLcDCTFvQADl9DAtL;$^~n;YctGxL%K7+I>o zf_$o}qM^Z5YDSqBiL#9rzdwh-GO2$^hVSC)DwtXKoE}SL(@x34qN*dOqOg$Az@Yep z9rMG7Z$7onfhjUt;~3WCj8ssW{Hw@SzUc8i!|w^MPa(u{J6>`aW6aJuE`>m$>D`AK zsRS#sPgj3bqVRq5g<$2(%+l$s4n0Q48wt7BFI{>B$%lk)_Y=3n>13zlrOe6+FT}O$ zq;Ei9QsP#vlBIo9sSpx^%B%?a2fJVKf~z7l)YV~04yG1(z z*dsH?dqQ&2JdNvTCWY!>mo6Y=QS1+`1QldNp3d2n_O?96t<(-85IJmEp5*)d`8tUp z&kfEBGi7b&B92db>oVATxq$?OewV4572byR75;-+fwC zp|3<-(}iVF+<7JBjbVam! zy~_)|DhL;Od3b#CDe2_p90XsqwUxiAs35nX>HQ|3X^m$K``(}Z!rT^;sZK`O@Tdk^ zn!gu&a|w5Traf{8@!EEwm*T@5aW7ZG;0gxf*)#pmU%w7{bNIV~U3FScy{GU@`wc+# z`1kH6;ZyU|y|ob)MP^hxQvQ(3jhzDhV{ITCy8iFFx%nEJ+Yvfg9kgsaz(WVS-H)4+ zkV{25p69n=WkENS1_`NBH%$-%WFfmSbu3i2hr*vIKjhcJkEZrqz5Z-mP1Wuup;l!L zc6239Um$)!f01@Jaix9-s!W;GP4JU)c)5DFXdkn#1S|}wZE?}Eyh4ke*x`LQJYFNc zUo5%TC+-06rK?48+2%1n;7FHSPfy%(?N^A#94CeE-l50-i_sZl>I}89Mi`1Yf3_ba zvVH&Ali2WZ-TOXMtbjFQVwbr_XKUs6yuzhXVQRzBP&&u7ZTfk%W2`5Zx!{7`X;i45 z8~9q0)c^JC*B$|l;hUT6X6|~pw{R{YY_B;b##_~F7}6geGqQVn97r@B*%~_>bhKB{ zr0pesYq~?rpNc#fk65sd59d}7EqjomqM)Va1z|%p%HF}@j~w_L*u-Bd?XO(NXU2E!$5;vav1NMru9sN zv2}PW^v>b1owqALFuv`MBoB~Gmu9OeTSlh$`?6Py8u}L$r+)@g^mS=Rvy=2(858(L z%>rjodlQ20c4Q%!@5Z&MpiEf9rc+;>2+i%7y96l>&WzTeWZU z!R|LE=4#mQDaWScc9?VK9v;u>S~g=RZ$3Oe);p`rKbu6#t zaiOZSqJ!!_5~h!SYAs?(#ILs@<8;5$FDM{jwfRd0(T>sA8rCM!n8?J)R3^UH@XpB_ zB_GZ6=-nJ`l7U4~A=~$dNd+T=c_qn!#=U)eq5Ib_bW@P)+iEJ|2l)MGhn|*TA#c-2 z_(Yt~(IOr=J74PI%0r{ZFVc9NTwQP95u$khL%!+jFqiqhO_3CYz1wq4C9%;#U}Ing z4v&stWl=!uzJ`p*Uad0WN^Lfx06ZLus5Bd|+SllyOn3STVt#XaDLK|kRhax5$?KGq z+?2F5NsBCdRge40t{g=Gtc~Hc+1g~?6+|(nnVKYY8%-@N_zew_v_}f#0*B7$aPr;A zHV3vT#HVVM*{j!E)$6v)vL4Z}=wr3_&xOw>Wm9XItM+iQ*6Ki)*YzsXt=Cv{9UUws zUt)dg>h6Fk7h{dM3$F>G^LN&-1dv*s%tTaU=xE=ZicBuvFAK1dCfF+}*^=Mj60vxj za#n4hUh!1d+1@_jvVgFVkk#a|y~Dv(9GrK6&bGYFGvVrk6&L9mGI_6- zRlEHf3)>jz%2`-$DrLbkZTRlP;6)UUIj_AMo>N$wI=oy4`nQVHeH1Wz^~SwFrhv_- zXDPn~Lj~TAS*z?~i?mP4Glh?E{6ON5A4CA;+@$lb2a?Tvf1?Wi{i*0F1>zbtwfDVZ z3v0fn^CRH!=TtloeN$$_w|BU(n-@Bx(_7KY?@2U|`dUbct(M%2N0O2{GYxNW11N=q zgd?#siYUNEVzB-&^ex0NFV>EP59 z3UO=z`MBYQcH4yh9vF=~%-Jbc+I(oDp@!iz$krECd>}`sBN)fX{LS*zuh5ypUHj1 zR26E#r#DE8)_hAh{jDGY9!t131Z?mwBFP8=4W6HEyBowR?<>hCiS?~ARmK)bnl7WQE0ToDk zO+TkcSlZP`j~e-0_b>2Rjw}`!c<*vxU%KkCVGr}UHtOgb4}HTgKecdgH;%pn|I`vf z2hGjNfFlPypD^TB_%$9nI8-9aakkzC33y)Ey&Djlf9 z2W8yGF2W*ykh%WAJb;FI1IGXsrJ0CBn|^TH9P4}DtTLB9GB^-pD4kFSLXEU^(@&qR zuMi03Of0SS@!GLzFJ}-tLX_+)E7Rzpr}3oXSUkxj zKlWnC#aU>&ECxN``n#}Z{IA2vxujuVx>RZ(&MG-`GmfG=<3Nt}U}BI{~qaTh(~UvyXXsHWh~fhTdjc-f*P%9pSsUU{8N` zv`K-!56U-ge8#FOY_Uw`_b87n&kFz7%DjM2-N+I9Y8kGGx0tB>h#`v37Y< z)5IPdGzVy=RyHDA^@#-&fSO^i#EBxE40^TKer%iZIMkcmN=Qt^1W)R8?)7xDy;p^7@=I}Y+vPcIjGRV_!UL!<>}ThHtz z4IIPu7K)hmO>c8S2HNH5#&CRub@AdgQ5`-Du$}OxWlz`Lq@g@(Cpell{e6xsy&Jy6Pj&0 z9Dl*ssrv%l7?ZYO_@KU(!nKiplhE++hndRyqeX0AC&GWM2;(3`@Fx->yEt@fjz~#g z!T*`mT*e5iEKDmi4*FJF4Qly)rMgK$!A$pwnK^_6VhN7ic_KGbL_J7ZWz+`UnYf4yPv%&C+5#iy+3_+mNsjK@5$NS zg5(p}@@Eh|L-f)}o8+`{8niW*k8~8^7d2MI85wbj3yu!49Z%Z0fcW;F7!l$66*I@V zN#bd9P+VPP{z7AsSi%D_F$y4UOsD209g1gTwjdY)C%Vg;BbkkyF#tZ&18rexzJK)YcOF zO>zypFf_Y5K&FSr649{UC}s362eQiTQiQAKZSn@Jp;24QyYmaL?KukpRVIUG@ul{I0)dH0SG9-vLiAuQn@eMRc-sv|{+ z2dYl0*`He6+yqBPe4o8|;V&DJzx8uIoByk7&yw9x@x~_-6*DtDfXKSjgdf7PgJ!PA z{k_BMYtoG3Yfs`e;cZX^6hv!}%_vuJz*)g$-WXjO%(hMSy$_xVrtn+;C$WUZ*o(LX z;u1~=G>T82#9SV1+;Uf)>NVo_<$7FEQQ=aVMFA(+5r%bH-)z#~UyZbw^hCZiL=r~a zlgpV@luCUu(`YGlm#7=kn0M}|j>+r5l{=l4CQFci1LHE27$ky;2n`=6%Sae4c)10r z@5@LHB?DyR_MGhWN_vj^u5G+am@L056{;s+vn(;uYo?;$Z!JK!C3^3GWDGz?U3L-x z#ITez)dK;m%B^|~D4%R)VSwaae5z$_3CEUTG|}2;($oBs6EdQ_!_$QY;;E(pvG3o9 zEE0kvou%DAT*AiI-TC3|a;X>Kr^Da9Ybn{556sOe11Ux4b|)#*m063AcF1{g9tAlV zj*OJo@4pek1fM;^NFT>#NCe#U$a21HlA>-iarrZzhK=j!w5nD?$yjUgS6n;=A~XRD zJOZJvvr?F=7XIQs52s3R;;D-JSwf38s)8wyAIw3gErtOyisZWCh2F1bo!H` zs^hv>m|1F#pq&KYp3ohkF~%49@5~vc4RZ2LRzS63Hk_A=R{j8PsT2j!1ZJUzu&b&CdSI_qh89F$7 zYiCP6crB`&t-PzNm)i>`M^p(@{EW5M5a zSx?D4MJ|Z(TtZH)LgR8Q0v3&*x3RTY?A>a24)WA`+t5h{5e3Npb3*0hLH1_WDvJh-|8F6SVSuBDp-?I9f)w{Hmlz)>go|Koa z8D~SC>2lDk7e^vs>kn0{0`v;iL7I1=?=YY7cC*{NL$_{jZa#2z)eHw2%B_#pw!)d1=A$*`{x`I> z`JC{M^`TEmcIr2%Vjn-Mj z5FtGW`SaPFN8+v_M#*3ECe| z^rdz6^co%I+LGlpZ&nVnC96_`3`#|k)LmcoGPU&}U^*arYGSC&96BwGPqqIAVPPS~ z-Cz2~DKfjq?&ghx{u5HvumMZl{X}9=byd~t=oFjY>=yo6e(2)^51-><}Mvf~C zR8mVt6z-fpct6Fu;o1B0@_j(60e*h)kZXQQIVD%gWX;_8a%h@(P|cQ#gZ_Z7{M#D; zXGc8ZfS@TJ&{0<&Jh)y^_@%Lt8ypU7=kT3dA%L(REXJEBwGH5@?^f$ZdwLE;sg@6B zpB*xY|Kbcd8W>6!v?AW>3z%@T#iinsd-+vWcs;)xH>6ck#DC82wte(kQJk7Rl26IL zefWvfGe+XB?&p0vF)0VeN$@4=%jF-92Rc zE}NH00TFySjBiZ2wDG$XRjm9xIyzmNH*l?=u-cg&G3eGs}=oeNmG`7zV}eRZ|Pv%$q@4Y#*#sO!lF;Qenr_O?1)QS_12 z`9o98P&~AlHz**$v^H39)Q_n#!|;b@(Bm&_*SCQco;ZE(Pnf6%rBz`-M4L;(Z47@v zAEQv#V`rA&z-kFSOMb*1VSZy+qBMKxigwt}=BzI8?o)+T<@t@{X&dO^Ng?8~XVr!M zH03RiKWOUxoas6sNeT|Y)8%%)%HH6*$D-lgX5HnKlrBIxjlg~gs@8Z^)qg9H(-9Qg z*2QnnmL|*vJbAkxE&z7*X!G0EB0*vKOV2)ce4{mdI_0L={nhcC;MbOWi2v;mE$!vL zm*xpY+!uk4gT`ukTiwlqioAvvOT?gL+e+p%_PS1Ll#D$A_V0(v${lCpvW>2m-sn9w zdIzWkx#2C0aKoIsY2})OF?=v5!FSb>_gsD)ar49iCzCheTx~*?$v5t>Fkd2U7w++S@$GyyQPHM?3!I zvEOZa4P*XSeFqVe9|iA`s#lk8-1rN?qN`3$kv-HsXIhzOxT+W{Y)N5mW99*2@or{v zQB)oYnq&0NXX|(Cb`VQGn=b(kqi9|sa1IMCO&rmG|6+qs?tPbt+NFpX&33eU{NVtN z4{u7Uck}E5M`Dvw=IG$$^ewB$ehU}O#B(Xz|LEk|hvMZU{RQidKO@xpgdOTITSmgIT5 zSNGe#yifRt_=2F-fa0oPh&txx1+F}hq<9JM-ya4V=DlR7i8Yr;n!P(0< zdj*wqL*&#;NN&ILZ;#iy0MXnK4C>4oB=$dm;>H_ze?!fyFTE;mefj}e;eCnl&^^;9 zhMKoFE$-f>f4{Gd-%vd#E32MiPX7*N&R+!if$Y#q25sf>4`K?4I0CBKXM3D^mgzJ8 zwm9~o8SQxS%Y7M6=e2(78sO>y02l*+78DEbYHGGX!`%wcGiEn~*Vyc1XU^=G`J`7i zJl^_Von(=!#O!OF+2hc9G{8Dl$@Z^?mCySKm9Y|PW&vU3Ba|;_0+K-Tgco)B=TPK1 z2g920T)1^Q^44n7IY$@nI*%g<5mL~9S!vbW06`r~Xm#U+1#p*cl{%)j z4>S$*>-e`%*4MWd?MwsWC3f;;8%CWE?%jKy=NUAQ)7L|a;^Pl@xtf^bY8gj|hL=^~wXJHkiJp-+d_tfk@)*dLc(Z8Sx>Z|qjz^=Z&eIN%O#-g9tr}=eL zRz$lK9N~_^MnHsjk_l#*PgI-B56%qJJLQzJCsvtnV zb&GnduN9Bi(ay9a&97N9rTloj2X+RGSlsG4G#YIv4M7atS}`N>`tkZKIcCDEuftkw zA-JbOKpgLi2JQUHnNHCEAEunVdp7Pfbf7QDu#XxMKYMt>lNtG@=58FoU`Le#e*~gi z?&TT>W6hYeyEAS-$5YEK2lO+0#_Zg7A%F#)rhn&7Kx6sy>o@=9v+_%^>C*S%X@XnK zURors-FhW-@Zi6Y$=)^U=i&kxu{pj3dOA-0YEMYhgmh(cn(tjj#UC$UPRV!-4fg`d z^I~Bk=ileAzJ>6*6tYr5*OEKRZjC2y$F(tJM8n2OTP{U6U!5Iqxm|wvNsYHE;jB3J z_@K}#{cl8p7xwD1)%Rip=l7LW8O_`HI=uM=-g1eXO0U{)>z=6tte|ap*i3xK=bl-} zZ7Q6fmwp=<9V>JN3FWkU%GMRHQ%?Z-o1`QPOrZ5^nZ zJqDe<#wk8(k0AxIHIRiqxX-v3QKW*Rn<;OfMn;N*j#1e>w^($xX6{vuk;)A%!p+lj zyP@<3XV7WA%NBI^2-^H*MEa{?>&wTF7v;|6mv+9{@wnVYZ*6Gy?{|&4uSe`|-TG5b zb^TqP_jx6)jEry1{3j9<6K+{rrM*V>=WKV4RMTgO7AsA+#bxW1dcHAShoY5#PM`iW zFYjy)vrIXT48g?x^R-{Ta3z>o26`<&TMfDZ2R<6T5s>hT-I~n#GXds@4vBsDY8W0C zfUGgXl9{QST0hm!i}MoLusvkT`^`p|DL9BDZ27rJpOHxX!-L@@tVtTopCe4bd>~Mo zT)cgMD;E^Dgu*~-{aX(#eX%7a2LRvmWvB8YLTJWZ4|Qy8iiS-7dU^ zHk04U#b($Mh3?I#vo$qD`@X$Dev`djk4%b&s`6t*&WRq`tq<4!*GYkX;6Ej;av+@&;9r5rKRjBTZhk|?(T>P<(If5bZ9zaK<9D5gO7}Y&7I@ApIJ~_hHoJ`^+|7(8Gi2;;el~a{k?NZ@)}WBZ*`So#RvWxKe~hb*sI>o`0d8orSfv`qpIGw zoeFAwQhT<$3+`IX9x2Gl;gdKlUJX+^4CcGx2HHoasAEojD`wHBD@Qy671TZWBvVAy z=;8)l8qJ!2t(!jm@%5jWkK_>jvH1@AY3HcP7HSQ&Q@tyhJRFT1z1*zyk8p)1vSG9C zh$7PYU$ok))1yq#oB>{2>UZ<{zmxbJn|n3*9k*?4o~?>Qp^&CSqT>@kf(-lPN0N-j z#wendJhE5JFz45JE5jI@eyG*3%xW-OE_b-|#h{1D-xr}L3i*dUXiN^E|0PdNnHgMX z*jzZ`HgPR|;8j%eJ+Gkq_p4gt9Q!@!&;*X>OVz;rn>R0TEjym?oX7dS554N^I{=LQ zwy7^AFrcYad5Ouy&f%R*4i;u-o0f)yJoynm^*T!A)Ty74v~c|dQAw^zbunop(^i@v zNSCeW!sVfa#J!^S!j-=T$i7|Dz}n^XaO~TYo&b$z;}tpyz5l)rH0@j(ax;4L=oZEw z6D7bWCP{(p{(bxis+g|d^sM?f zS0;Yic&OpJ(k{C}$+Kt6=OUJM@*Y(=-bXgBei%xuSAp3Vh5n4)RqVxZ zuE$WLlFWwH{nzUvRHgB>n&@{x*kV$8TghkfsrDXyGpU+~g7KP~njr2w;9o5SgA_mK z?sMUZGM}Eef>gzu?Y#91&coq>?SuU`LW_rY^h^OJxpzwBWW}W28PWu{3oZ#c*XmOTX?T5Q0G2ZGBb1fW};L6j=ovX z)t_~GSL?B%K(u%^!a`DTt~I%87pv}qF69~B~V-Z0Nx@>?ckHwr;h<^@4CnhTQn-4A%4 zS}(ih9@OIBkA4UBsF=Vt+*_5B&UuD{?~Ir^eoEn=l8X8KtK+oMAnsd(6D8c|j4WMA zo1r^n`PwjIrr(yUsN0}Eh+>cvf8xtEZGIoddiAr=m$P1{E)kes7a!MZ=b-@Dl$Ng4 zC<~R8Tu{7y`nTZD$O)t3Wp|y5sys(cuhR@LcrCDZ2S8f7cb%E__pnx5MgoM4a*fYg zqWKdO9!)kCSz^w^p^w~$dbSL-0SqMIv(=-#R&o=^X<2vdDY|J{y@CqeWfvvxS>Ei8 z@9g|DXL`Cbz2MQ*f?qO*4QL4>`+Jk%vyEEKaVtO*_8tzsY*iND@+3qPe40tJwUdiW zgFS}wC#f1}^JIHbgc(+=qtje}etA+?9o!F{X%Wrv{js})i{QM>}oew%eJ~6c0 zxGhCdkeP>)7q_10Hy_Fsr|y5euXjA{Fl74HfP>UOb??t7Lq+4x=H};rLtf%vy@iLt z1H{ak&C^klkzXSDS91PBip{@0JswLu8-63>8)4n)=GDEB|f2%_U{3#r?&VTdN0pJ}Uf%7rOddJa2xSPOyA8q&x0Z$I(9uihSJ-QGS z^@H^Db3sm{gtEl;1^pe|AD~N?({Q%ozNnp=Pa-0&hlPdR+o*OdvM*poMocv7A$lqZ zp^qgr-?Fr{l5K!<-n6WGwi!GvuvHOJ>Z3b=aYdBo8+xwCj~&|w{g7sE`MmpBdUu)O zebxQ;@u`l~mu+p@AjbIBXGT4C=KK~&b>S)=JaD=a9Q@?%P61`P?#2752uLhrjdVaj z8AWM?*SPzMgP`alBpuTw(*ZvW#h#7E+{>>nC;{w(PzbpZo^tkDG4Sxnq3fxX`uRmU zV@Pl>RPT+0z!>cQG@wKn(y9O`!hcey`+Jou_W}(LfHkCD7M2HlTK>UW6+L439R*b< zbEM>23cn`+AU3GxOM&ZufNev|iu8{kZ+6d#{h2K9?1{d(@mX9?OY2*%iOeGw?GS_^%6z9b}#; zfVt9wrsfBr-R=y_!aJwRNSg=Z-CWDEqjZr&mKu3kSz3|$XF-$(k>sNxnSgVQhjrsO zZ2i>zOPRf3_E6q5(K%Mo*_Hl8H?zcSmkQ*YBLRdX;RZh;<%?3^-04jnje>9q;1l44 zi+6iTz`Fkel8=#VofK>omEs}zvUeVV-&*ec_ zNsCy7zL5g3%e@1ZZfJ$Lf<`*$Dn;C1_lrWZQ=;my`Iz6&pZgIot+&@~J1xF3I;oNi zxoV|`XR8V->t){rl#_(Q!wZ6UpVq6K3=l? z&K=i+Z1+7V6bhmAkivy?Mpt$rpAY^i+P5_>wAR(Mh+Jq9mu@;kTRKEpWUy2~wfb=!cm(SV8) zY$Fkcz>rbjxS{`Xm}LRtRuH|(qOx_v1-SVmV-uFe3Ws)7ZxPi?eFEijro^s!A3=Wp zClHNu&?}27HH+CD!W=QJ5>Kt<_zZzK$ymw9w=Sl?JHC7TbL8rsk&E1(7X=$B^KwcZ zpF=u6&zxR-`cG5M>9eOL-~D_X8?^sVlcCEA2P-qQlafDb1*2m}``R-xsLp?^ z9i58yYV*n5(v18Y=}?g;yO9iyOa%HT?MD!wKjd+g#yh?eV3JUwPTCp%oQ; z_ppSe`H1IA<-BXtXaKdW$F9uKz1}U+dtL%koOVHYVWUuhN{(TkWU$L8yswsn+!{fk2m4i3a$_I4u`M}0fn+TN<=wR&J1R%-f+i;JshZxg0F zO~NN@*g{QJe)N(BoNEY-U-?+>Z447)V<5=4Ut8Y5&M|!;gL$RCX`s0NOT&Y+!8_HA zqjz_9f?PlmCa(;7MCm80S)1+)Ub@7uR65V|5=$vt&fCy0iE4Vn-PS~8jwFa;QW6e{ z8QN{EG5DozuFqZDOPD+pBNym`r7`ElEZsam>83_2Q!7R3)9P_$jskZK4C1PpLozbF zZ{O7IQ#~1_x_RY00R8``7Jw?ah3n$3GxNWQty^Y0@N&6Vm0dcp0rWLd|)!yz;t zlFfnGZCnd`y*>=xwjjQln&LrG@Z-^M64gpNTTO^!2U|Qy)gcj$2Si=#gsv?V!@O|i zK?9==6>eeoTT!hcBW}|c^*a44gZAr^!jzV=C zs&jkFwsvNyb6DjnYs^OXcG=n{*b_wCWNx8VM;929JiY{Xcfh1B;1WpAr{)~<+eiH9 z^qvSQLQ5QvMLBM~1(T8GP)FoIXIOjM$LGpE@3@8^fF--r+c`!mYOD3!D-#cpOIi3J z;4!JMEcYWHE>+9N<{iJOMEeK|)R(-wncPR;5x30(#>iZIc{CA>sN~Vud&C;-S|+vlRqd#EV~uPE zX=J~JBGK-lp(LBS9iK(3mv}Z*9zK?Ush(sedewRduTVG8PutLQ?_lsd!HrDBX} zQt4?DMX{ts*SUXlv`nSZEI8U1L2g5MDNjtnQ)}cY6e7pk8aA{dOTx9K!fm*GKlhhC zvx)X;?NJ@o?}jmYZwvKC{b|Y4o->`P3Sjx(@^Y&q-g2vd4AkEoVP5s)ut$?Mh5Rm{ z(F;rBpx1Tm%hdtNSJ|v zb#3_XuG$NKfH$9=8FB9FA#+t-cNZzvRy%JTpY}65`ip#L-i=~20yp|7#T^Knu>>K z>=)ivuLUTGXc?hU`%0_0Ou=&IWF28(eZ2mOd6?hQ zL(({_^^La03HV2TC7bJ}W~M!zg)MtMkPjGW2bpVTx|IR^R>rgG_06~E;H~b08`)-T zOMZ7VQQEEKOQ6@0BZe8BBPlB@E1UoI%q--A`+mn)@}%nnV~f2lnKu*PwzOQ@P_2qK z=z~FRU8InA_IY{pCHKC*&ov%=4fEqp+G<4?7k{iK4*zbNiGM+(6+7LqQNC?xm zmM2$V?c&Z>pJT8^6EC=3M)UqQsC!uJc6a2eBa-b(&Fa$NQ@h?10n1-$ePxyG}`LlVFK(8`YwN+>-B$wt%4B(^@Bfqk~g z7|TGvmA_@ra@M}ec+8z~)rS7$xv2Rd+5 z8@IS7;6Aopy{R)@1Iwz65!C^J$H!SIO~oylJ?ARSnY1r)8l;_UPA}Qltf{vCM6jDW zUeEBG&Z4$gvGf>2-mDjgSmP$BW<9AIl>`g_OECMbM5E!>iww zT25ZD(0=4{@W-uKl9P8hD;OLt8{@pR-j>)SHLB&u#wQzUHM6CJAlY6QrIJ)T60BK-d;>B@Hvkpvu_2q4n>%vM z`iv}^!?wn;;>}`C)`j=4&>{Q*S8cGX)n|W#xj*^vC04So(s|4(TDV1x9Z6jdw6?aE ztoRkZJ~M)`X-|^XidHACPp2@*1>`*(R-$udFo1A1YwD}ygatv`f*3Z++v5yPYga5P^~gag)}o3Hk?x;F%H97JCpMn2xRW|6Ph?u&6%g_?a3 z%dvg}@`80{f*QtkgKAX1vn9r6rZb(@$xTXVl~S$k=@wJR{fZt5A_OVhwq;CZJLXHM z<>v^z!K83PBtvK?2hnrExP|UL(!P&iqzh(aflq4nZ^RWpUQ9Hp*`q*Rj{wN?MI%+2 zuBu2*b)_(>LiVZrLsDS3`f+LlOIJr&eCrp&h2?Sx*2p#Ss;u5xTKznziDW+2Y4Sdc zRU>NC`6~2<5(hI?W>0GM*lGVj@=BLgitvj@&^)wHY8?m& zvPd?=dpjSNFf~_Ed$_WH(1W1ruL6g5m*QrH5m~;LWf5&Nx}FIKbKktQqK-}|d>AEB z*~ii_*XcTvVJ51aDTxYnn47z{>@Xt0##5v`(&k-l8(s<|pNSE*g#@dl@w2{a8lJ_L zfk>}voUAFLg#@1h!OUl=yEwzoG|!{$O9-75m4$_W|m`?zlm*>Lvq{>Us5+0_hwIc28y%I}&P53WnvNwgtCboa5e# zac!;V+x$E%axdCu?AujE2GQPgD6%wX6Y;4~RE3%v!dS#>9bi(tQeZ@c6g{Ioe$SjP z91m*CZ}g^oYHPC^z2!;nj*Aua#T0sb0r^>fRb@ZaK|m@Hu(OrBLV2+wr)Mb##b{Au zE+N)1v3F5$w!1Zd?qDo$_U9%s%cbI@o}F!X0nI;LD)TsrtR=h5!7_3DeBn+qpUrsm_5 z#jOP$U>Y$e4={uDElW)P4CuT>B*asjk%PG30<95^cu~K3W!+Y0%?1NbqoCxq;m>Zw z%BqQ2=D~#5TG2tM3&%7Cy{;h0n4XmJ+uC*VE5vhX$^9`#Rh>Y25Ty#*3a#qO7Yd5b zQxzDhervNjGIU2rM|yM}Z~GJOjwUFHrA>3#+HO;ukP7=z`Gwo0(7}EW9Ubw4)7b_& z9xMF>t>Q6NjDiDcp@gt{A=jzt-KDtHq2Td5nE8XT{k<mz{a%1qCi2mq|lX znTu~A2?4(^8WEL~lY> z_r6Q?WNj_&Wz`s?fa1op{L=9$`qwu5No(PaduPSuw-;hJY;{LDQo`*(6GVgMc?T@k zOxNf-8VI9Dioi2k$DFLijWMA)CQLtOF$sb911!CxC)GDM?yzdjIMIN>Y02gGZdM*3 zMOy>`R&x;piWsM%AiXxjoBXgekC;vIaTw{~Ksz#v? zYgK)#9m^AYf=$i!@Zh1QG0bX-r?iuaYR;TM<}m4W$Fe1yEf9CjS+do~o=woQ^ny$8 z+)6nK0m$UxufG7+FVB;*PL33+_6hz~?P?dL3YE2kU0rXIU2(FQ^=0&AMoCnAQDgNn z4l7h@dS#e;)65K}FG-q}s~DM=IaIH4s5+dtgw5ebtnWq$2%n0g0?!qoiM#5jC0Cn8 z%*2i0B-Qrl?d?AtCA!FdZ|=nkHT$C%42d;9t)2|%mwA-l`Ma#n!LO70V?o#?=OkT!T%ly)GCGGGWvYQ9x(_V~p9 zIy`E}hgvUB&&eT_IeW9RKPD?v6k`ta?C?mZ-N< zn!Iap!3O1lX1m&P`OQruzlrAs^R!P5BRINym!4GXu%4o-lp-w-_v^iONlkd?I^f2q zC5`Ur>%ZZwj%4~*Z8oaWzK%}-@-~?kKqbAeZQr)ci=Npq`-3U~bAF~{ggK9p5Lpo} zhumqx4Y@k5aUM;Z5Y~m50;|p${t!ieqbVdIgq|X)A>g;mFlMa-YYW4!P79ITTk}*c zp|KDbS9v(>wc$V+LcEJy`O%%5n*$RjxZ-r*z#j`I{8jDgvY#PLd@^1+L7a8y>8PyS z4~as)Z`C9Hpn`t%F*p#Ukb*VxYbh7LZ3n6ulCjj4Dk)EfeNsg|D9UsE*vQh9pB z&1Y$8d6vzrJTo7ACI-NOJ1W7!#=(uL$!j^exorZZ)i5Ep^4jMUbaKgN$!cxdQwmJ> zuuRxF6u7Yg0bZLLEkm^&xGMs{%r6?5BLS!=%6}f*xFqngfC=^t*Jy>%%0(d5)^!_6 ztVLe>#2(4H$|Vm7Obi1@y1S#x9Q(cT&nI6W3&D>Rx_bbOFR^1qP>^DFevYq0=)*Pg za*uBNY-VbbL5|^c->?e-BUfb=r`aQs{=3Qs|8K9Hx1A z)X%h_pST`Y2X0hp!)dfC^F@^Cf=qC@NNCbwIR2JNnGxIa*u98)}nn0;bq{W4v7g=^0c;gZ_tFc5&zv^ zM_=ntecfNX_zW^Iaz6xfHA}UmGcF^nA3b|uub@xyS^f&qoz8O_xZ6V(Gqho))P&Y2 z7x-X4-np)B^=-ALCX!OlYENU#_uF@*;Qb#|XT%W#R1s?^Jh2N-Lk)Yu5eJE1cq&e+ zQP{^x{nckj0xHKJqS>s|)ZsSrXuQ>+AfzXg!g_%guhiC>s>pd%$qu1fRy?QmTWCZv zK`r_6Lc60WKu}g1;VZMIva+f6{;oAgZ>D$B*CwQ%wW}Y4Oe9O-{CmA=-W&=m`S;|P zLRG+eM&4-FeC$~w6l@q^>S%Jef@w&SKTpIE6$fh@>?zU$^GHe;}IRh`Hp=r|9%5vSUIiY zdt>h@bB@XRwS)E_!PEJW{InD1amX#Xh%Wp(&4uOs*pPPSWYtfQIGdlKJx`2TP_RZ_ zwz(gJ0BF)Tm5t?Zr9Peuzuu{6tt3n1dX`8+K~CW)>vu}?+NgHKEJjy4dT1SYNXhZ> z@p($Fz?>)x7FgiRdzOOP&e^lCK2I+@B&%s^$E(D^R(JBj1QoI7p`Vf89M1N4rgiV1 zKjW!eJ65NAUPSd{%g7&uIao-t%jZT4(l*+4$0*INY7UybQd-hpbFm9Wji1MtAU47E zdl=?B4b0tRg~ANka$-=fvv~pnLqjf0F0XBCc19v%YlKL(siJ z933<>X2~8=@Td~gJX(}hi$s;4OJvm*ull(D$?x(tvZ6Ihd5W{`)SDjk6$zp=``-j_ zrJC6&?6QAHcSdXXXbmH|th|gtZOBIqYN7HO8UI*5bvXA=zcI+!;=Y(X|zHOXRkFgeB3c z^C)Gunbbf4O9S4ZqohkOuuk1(=Jm1q31JLcA3L^I z>7~QkY=BzyuTA#1W%Fl)#1zrix*gnAZ-J8C0ABw8=>tF`#W%5awrhGsxCAF!{ zi1Z4Tem>j46CcYlDrkoMUIB>;j(RMpPma)oZ#$u2Yte&ODd2!<+Xbcr^w36O zyanLxS3h7{L=r4<^$n>!JUO%{yuso~h~5XbQ`Cr=DK%v7ah_UssBc8Ghe`AZlqJSS z<1s10q)niD&7jfK^!{YC=rsAGeC>$@i(s!K{dx00RuH(Twr07viW!M+Ut`Qi5Nd&+ zB_59y0?;UPqvuTh1h-J&>C75-r1--9>LvA&)y%*(8H`@BRm0{wOV7FJLdUPMGC#sB z^{h~V`QU4GV9zje+F;QkZ zUt$Qsv#RDxWqJUG{`BdxkngYbqvx#G4pX9S8X_H1UlBGN6djzMb)t1;ku&^pTCA6f zdb7=!B>3xfI$Nz&$596ZvH#RZ`I_`rj09xOuN3CMI0!*2F{$yvTG6O=+FIbGHAYeh z#mUKW?|j1T)Yb2b_OV8SM#{n0Q3A@RKwR4jb8YXSI5#)l*@9;d%1NA%@t9g(r%fkh zLe_K#h1qPI_JGZDa_}5|?M-<3UITfbWiiV;d!vzD)nk#jmS~F?%dh(Mx40_|2906l z<*{b3PEXBzc(t&kWP#&6shtwcOiA;aPf}7v85+i`uKXQ0Ru`TLl{Bqn50H(-|8|2W zB!RN>@~L)FOcE^q=T&ovf9!6O)Y;TpR9}H>D@xd3K~Lp8wnvu0>g%U996({Oq7g19 zSx-%tss5{9mk`A-qr@$!AcGhR95r61Lep>+ZS{Pq_r9nO{>^!mbFgvYN4-jO*Egai}b_?hAoLKCEv zi5^X$22Bg3+G$DUqoR{HeYGX47qZuv^st`0TkPAF6pSpr#{h!bGwbXcwK<4!bZ}_i#;X>aQ^2~Kzftd%`jmF*&>_~8{AOnBJC(sdkE3WkbfvuT zG^YwH1n!Il4jg;umKxYWAX6DdI)0iY#9`s|rXkOf67qr2aj6m0=G9MnEmp8*vIx5z zBI=UOc@N@>JTTvZb1}k{VZsrZ(mb%s zuUhiu9W%4!R!K$m=|Fmp;?KwY7Ufy_`5nq6H}_!9FltIiGLA)r=*-X@%9CDOw7mM;UNx+Q3$5qkdqzG^$FjA=uVPc>A z2WBcOEs$-7YORq<0=S}9wUY8b$x6MnIKHBxp`i`K@kHRJsrdNFBeK#6Oe+)+IY&(w z87%CYIRStsa>N7d3G>R@pY3AX6jZM){C-xK6)i%TLrEd_Y67pew6*}Jq?WkjCI$fLf4H=+T)KPCDiAAg z>W{o3pi8GixchBLd^*>4+ROWoAnwbeaYeH3_BTy%uo&igAth17{1&_C1Gf z>s!J+JxfK;Xh+8;BxF=qe?W8pX5*a7fD?rB@sBv1Vtae2II8COhiiSdz*}bJ9_(Kc z?G^qBS{@bFp|Kf zhlgivT4J9=H;P5-Se&@SJXhaPWzFBQMurBT@?CrZZ~geG(iGYxzytr8Mx*_>Ym}Mq za%FBVEVDRU`sI8d8IEU|;U0wMEwIrt=PraV;e0qY>bh4M{>JYQRn7{Qyg>TmkH#k9oEIlB1A-uzi=I`ZjU%3s683m0%suTyn^ z8!js?J*ky_R*da;5_$4VN8$NBBX4<%Js`{Y47VvZ&Ut{J4|!@}1G3u8Tqg}6s70R( zei<58Ui)uU?0rJ~ zc!B@41m}LLtUc1nueQ6Av}YKn(4Zr*NsTM8j4=|zdb7D3T(tjF8tgqCrDh%@CdrS} zU{|p|4S9YPZxq7Xg|Dwk)NTCGSo+ECQKKA# z@uLcG3^SJ_@v|~}L`?4Z|3^4K4(Dkig(Xf>h*UD}C(&ybLTl*;90!DrPMu&x?gnBB8U%hp70zMJMZ8}h4r?htK4C8hv z;U)fCmIa&8%YMObjDPcXH{**R+Fo_3fs#U^@<~^JZH-g9E`wiBET|`k4-Qu@x6lo! z?}7)a|0B-tiB@vbzT(E##>~Xa5P=du_d)k2tNG}Y)(v^E_5pKzMxSuE;@8$%M$pWk zDkU~OZSw|VV(w#p0XA!Gmvxo=dR^pO12wbwM@Grk11bLz^xn~q1zD}zn0ptOM`q6F zDXvtMB?eziZ}pIq)R1;_*R~TTzFn)2!%dW@<2a)_8!BtpbtF}=$1_uLm+y^+nuN=G zvHq6(pEXbY$+`qB`7~bznpnS5bMk#JYT+Shy`U>0V;N^{~E#C#)!*CXIY=mSBC+j3>X= zkZ+H5k&K=GM!%L3>}Jbrzt!S=$?pwsd9mN}PQSwmLYK9v#~RxoC7E&Sw4RlP$=tOv z#=zpo7y;?~HfAn32jgg+C#*)b>e7=5Hd!e1#Hp!bXCw`g92h`A z>?;%EufiwOQ8gv@F15}Nu>H!Dg`ZM>h4t1?fG7-SRWeV_-yKSW7$t!68eaS8!x*-o zm*843yy2*6|DP8b_zJHu4`}~)+zoEU=u&>1YRBnX5VDy)nN?%{1n=@Lj3AlAdoio?NyZG^t$bXs4_dIHUDAnx1TN_1ERZophD6a;FPA$WBju2 zHY+0@QEJSxnmh?c#C!?JAVJw;51HzZeZpx)*4Hwts$9`51X3KdPxu6i7to$2K=QCx zQ0~G+!z(QV0}|((;{)S3+t&DuA~%bcmR4yH#6$|ID%FKCHu$2FvP^t#q}$C=WrhW1 z@02WlPE7K;+P=PTvEyQ1E%M|J_x1rf0`DU|We>k7M=R2LxK;hTs>;d}oJZr?H`U)M zf?h3A9eWmCStO^|KKyIbB6z7usQ-le>}1#vDWO>Vc&C9$`jkMpZJ(76p5iXfB;g&d zvEZI24@xNcTo%)pF)hb)@@L_fdATGBpEUFEH@=&#E zATGD*lXJl}+y#Lc@WO8^_n)X#C~-v8mKm+_u1kR?(QXqBAQLSzBPRSmTNC=UA^96! zj(9n_!;(F@N%kZL?dT~Wna$zbP<)$ zxolkJs}()@f7e~+aoB+#@m5y&JjaJEcZloTj%gh+%tO=~*z5v08&wp2EE6~vuSbJk z6%rQGT#+i{$5Tnplh-GKK~I$T2{y&!`sk|cg>FfXe%whxt-})e1mJ4$>nwT}7)0j5 zho3eDR@+>(+JEFKKm24z)R(CZ!Aswo$9y(M&E-RF`&Vz95-EsQzc!@66lS$wyZAqtzs?A6SX|j={i|NuN4*L@WK>I`Gc|X z<(2KBBHC%qkirB|<_9yhA(5dQnf1xZ*^ygDsn7Dwu##ei`3ptuYvtuX`lV*e3Qn3- z9O87ER6Oc3WMtSSm+6=2A{JfyoZw{tu-rsIcK%Ac+^v$1A5I5qLzD$RGmJ`fe&m)s zF_$SPwj4?}R2xZ?aV$;J>w2<$Azg^j47q)3v&7M)dgkM z*uf!3Zy(X1)*Am>yYySv&CHndFPxzzN9@YVDB3M+@YKU{t*jq6H{_QRgEnP*oleLO zUujPxB_uh2v`l&y4yjg2GgY>oACHIrJ zn97tBiW>7~59*=-xeo&)JYh8#>HFVo(E65Br!kKXR!-aKY@`B{j?pyN%(5HDs$9p$1ZsfIZ?gfEZ9Me z2qU@uv~W+7kx*@Uj%4&nMueCLMK)PYs<&6ructW&5#&U`A+DPolW%JB2EIspyL|5y zax4WgE5_>fXn@TMK&l+&)7u(-GpW=S=G|2~m*~SbUm0>F2n|OH%gf2is!~@|P9mDv z8n*5XG-n?x`>pGsh-sbD8IdQGiJUiCM=zX)cDtnPnjcQvWQT8`L5%uWA~8D2`JJ8F z?Gm0J$i0Lw+p*)}Mz7NW*?Fgb`Xebm-OW58HSXE_OA*bV#17c$Zx2CDPlqw^M)~ru zRcW6aQZ{Q25nZ@UPsdKb(7yJGg-h&*uct_9BNNMon~+c@^UG21uoqH+V|!3D)JugK zS0m&XZdS|s)UeHfk-GNs2t*N62X}|+s^{cqw*<3wbfKNPAyfYT_g^1##U1-SH}@2Q z;6N&=P_H49zq&VwM@U5hNsB>gY39^j%(M)!g9f~2jHm>gI(4PFYmwI{h8jxMT!Sj% zt|uya-6%ly4_`-oUB+!01~ZZJ0yz?X+-$G>U>D5oWBX4(3VCu{ncc$Q+=928G~n2-cgcc#7Va*+ z&Xt_6x?2X>9zx_0=L}MkPL^m(c67`YVs4 z?CXIXsTQ1FA5cWU{va*nyj!MUU;C7mb>`*E`QjSqAkfoArvu62J6$6RiV5f|b2A+$ z65{v}(VOo*a^XSp8qoNyLuD^v%Ha)AKm)dsG&eU&ZSjF*?gYF`cSZhrvMrfk+Vgst z3wh1QLcgTuPDzcxXW2U(bEir7vr6`X*#P5VGFV(w$OfR8x8o|i8|cpY1k zM~kiHh`A87?I8#lr0AzPy$#(QI$*?n)VF8_k(Igc=qFe0z%le37Ee$o8k?EZgGgEu ziW_a@VWK@sJlN$giZ)8xG1Jn=r|?l%7!!?guIl;+RLkDIzeDoJ5?=pDdv6&PW%z!L z4k)0~sC0-Rprj%o-3q9LNOucJiF8Vel!btFgS3d`5QBh-q%=c|bT>o1*YNxO-}B{s zIN#1$>%1(NYw5u7%=6s$75m!v-dE#P68qj`^L4eF-6(pkLx`ju%F&f8A5)+fjQ4pt z;~MFv#mr^pJWBUT@4wZru~}>Rzi<4pZn{m_h;%e5>Sft!CyPN(v{-0Cm+@U))wfrV zR*8)xl)-MauKjE{x7{}6R49Dx!@2o^De@Qp!&@I%JAyZlb`Pfx{zNw2St`k<_kO0{ z5@oxxc?4Ah^ioOK9sd6C7j~hq{*+9tycN3qccBI!#$tA{_@#!2koQF~o| z@xNVOuKiOzY`-)7KqwnZozH|8dBxD7C;`Y=_99d%v=RMGu4-!7a{osIp6Dywqdx-KC%_XQ5dcA7r0K3wFi7&>~Xr=jI$ zzS~agreL&8`^(GWtSjK->yW6v{eZFDOm<~)F{*ZEjPr^5pE_BLg)#qs9`R5Xa`y)@ zU6KSe){7O+mIqLn#vgyZFYR&hzl{Ex+OQ9LTt-c0ygQCC;*{}y^0=u0?;42SgDjlSy9q|3v)|k((l-GY?XQ|AyV+4CH0FDPhwY9zX z7K<4n5&-(d2Cacl19$Hh+-dp`gPtEw8dyWi1OH3JaEBGL7`#;s7x4Zxb%Z$pRYi00 z86{y4!QBgD#{wRs)er9(Ju z#KEa42xs@i6?NW2zOi=L+r?gJLs5EdEms1?a1{1f16(MaIxtkNOQPiYqVgU__{)Mx z#fLTiaG)Sw%wr;gGeY_JeHJM4+3D)){^r46g1^BdFRur`+S{?Gzp(X(s3ouMM^ZAF z?kPYS&GtC4d!h+@pAkbV+W%Rm|G(q>`=8b$F+|T7e-7fGD7*mnW=SL=lKPKm9OB}u zj~#58B^MVG9*;hMU*lG`w~BNdO*nr+Q9(!P0`o;O8yS8EqSc|67UUk!=vRGKB$GLl zIak|PZocr83HCOtyR-})iDt)LiKkd0F6>vNJJJ8;BMKgKt;YY`m+`+Z(!gdR06a6a zhDNU9D&~J)9&3LTQiGETqh>mu))tzqqJ?+rCT3>bVh+~U&Ha_<5&of}qSsNfk(&~3 zAHahmQ~#l?yv5bev7TV_GdebI@n&^->K?PeYaC#R5&|E!^!np#+3 zsPFwJn*vD|tP~gjb;gHbKJf-4kz)+c8FoUCk5*r7_UT-?di5NF@^?y;@xis9vnxZ# zW6_ngv4|L@eybVm)?N? z(mfFoba~@ud#RJcBPAR}1QS)`f0jcJf=^p{?_-Le@GH2Q0owh_{_?(;nb`)dy*CI; zT|15geN`MBc;OkJLul*jqT1S=x?PBKSRO<(^VX9gN=_D9O>9NKO}@aW9NF zudD0#`T6-P0VQyB->TD4YB|Qec5Bxb&Yj=UrMv(B^N7gu$?5}yl=~1hmrkwmPnU7d z<0IvVii%BDgs}+3Ln>Y=?V&gmdvY8&K~Cg{X>A2lK#CJf)9bGyBSEV&Q#J1?`~gqp zTfN0r(~{#}UJ6v}Bn&56TL0q{ysAv}X`-2)fnoi`%V7cSJF6sSs+@8T@%uAP@WGbV z64%n|s^#|Xn4K@$3jt@p$&+iUs*OS6=k@Cgfge7wd{n~w^2JtFTRY-IPA3TGlH7{9 z)T;8MVPF9NVJsJYAErpZl<2$Q0I0(?fnSOV)RP6#FCScu{Roy?j}TH1ta5r5A3y9O z!>s@#Fvd6Y^EWQ6?*+pY1>rJzOZdiBP<*@(0)L=SCo#NvWBj;@PBytmn4-LW7UgE` zV3kO7xThpp|7US=DR}Mri^abt_QW{;Px5}u>D5!>&id9#z++beF@70ViZoD%p^4Yo zcUr>%#kbTv#W#gU&zlk)YH`El?o94+a&s@a*q;e~Tu-l|3Y>Mjefjd`eayikIyotZ zQ_R(|WKeI{Fg7l(my^0w%=01$tdLy(F#amC0pWKZf8T5zt%H?2-93FtjVN(AWxgjW zYVzxE*g0Q^Fu4HGBP3oqht7C<>*}s|y^4FC4amdj(v0OKg5R2D*BjKgybq<;TXR3# zI%Exe#KGCZf2XUU=EGw)hM}$nLvpVhj5@=MTUK)J9EQFN!f|ovBe$P@eOF*B$#>7I z?Wde#*umQ5Z9;7H5a-4@<(jl7dFvfTYiUn!F;j-$_I#S!dBx;xyUN`?`q4CoNKbp; zX1@P#bS-$!b`Tv6HiyfXIR;rN!^x4)OW*p+gXVWvvd{e8=?EL#OP9h`{~&+H)z_yC zNL8^pJM)95mAcHy?2k-a)mt$Y$RzOVR%}fT78z{9f$Pb#tc=3<$-GqePJ-kp|gAeAWfr#AC!C8zz04RCU zPerBOzwrLyhp@{n(p-%DC;Pj zdP!7I55jh1S69x&AqX4w3}ueTiem~v%~P>$5L8scKtl7;=X;D(o|OHC1qCvit~}uI zmHH%a^6y{&x0Bc0-7A-T);@l`%b}rUGJzvyU|>)zuQ4{JPY^@sn|iFD^(3vNgj%D& zKle+~tExO2ef=bI>UmNt_8gr0dchW2f@-uUQCVqeNKFkLs;Q;n_oKbrAX7SZUy}rp z3W6s4UM6a{e{=s1o|DcvN6;_1bCZKZMn^~3#%9Ub!r~$vUknP4>hao8jfMDrg_1HO zPZ2~IaiFjSMQUa~V`Cg6v)$mdsGWiW`o2LS1R_0_d(myGX?EW>b@p zN@kGKahmK_L-^;1^J^BqZfTU2q}v`zqh74qQ;y2lj3?sh>|A$r3#_l7@IMuThz99T zO6}dDww=8tK07;D-vd2*VXBp`3ogC4=9vSN4l^t|?LJC~U|eH4UxmS}`j z!Krn3mjsf4=~H6_F76S&i#@c!vaZUE5G+gJPUM8v^qf|l#Q@qoYA*K1Hgzk<`E_2< z?_MjjJF2`OcCz$fa(=$sK^*$*{n??LiEo6Vq>PdnEiB+FeKzG?Q0cIc>dR{LB=6}x zpWWJZ@0GxOeErrVkFpXotJ??{-<4PR?MsV`8wUe^IEeIYmHq@lIk3#L(Z_|rQK{uv z9jeWB|L?b(?)zy3+dL&zb{L+Y=635_#!qbihYPT`*MwQC3+wx~v~M}ccvnCX^O2b0 za)8T{FP;|FoW$r8_2QXUAA-Z9W4%cF8AOT4j3oXJ3tH~Q78xAjv0PswGH~qI#{B6% zeDsJlPSj0MlglW*tj>&GnfZo1lI-8V$Wtj-WuB9AJM2NZ;5$)KB)WmK2M59XC!xov zM}2yD1ko)lq>{P(v%Q0(bqoByWnZ0xKVC+Zylj&Z`?iZySUhNT?O5#gZM;yD(}+uv z;WxzlCfdy5rB}=ZZz2Uq?EA;ZUl~OuHRQ!PLkjdF;ujETM&UV^PS;tKbYJk@gM4v$ zHzu3kig)t&Fd=G7%V^x+Y3BN&T{JTcb?76bq(nmW;FFEu`)55)B?)tYwt z`+61cCK4&;G~v_EXSbN?yL3m>h;Kk!MM)74@mlWsqv*sD2aNo6@??+24c~U_GE5B< zb8LR=49Kltf)mHm{bn3yNnQ?vm5aqbumQChk>|HS-dcFH9z;=OmSgVG-*bOz>qizQ z7kAf5Y@o=eA@w^>Lsq-i#-CSBZh;R} zd_qmh65KyT`d!z+fpKDGcy#HyJ}Ci#*U@56d7PLv%6|k*9^eakTU#07Kf`W{O(auQ z3apDeO*{fCBAX|hZb!5A2pVij)ds|FJ9>D`ba)6 zi8b3(5BaQhS&!}c2I&s}6h>hU_oTeG6+%l0)yqegq&%&LD?4r-K9H20W^Kgm%`Ikj z1`Pvpavs$0WM>()ep0EwvRJuOQ}Zq+^7N#AVtq~$Y1Q3KVz#-nMb4O$Z4jzIUL;U? zkGf?%1til&>kddtOPxfPmKL8(ZZ9}1C@7$6{M<7pbV|WnYiM&J7C-BKmEnz~~{ zTdAxE%F2vzGA+9FB%YnmMd|d_uPMjvc_(@?wAXF{9E*WdU_Jf){l`hHsbGcffIRpj zO?8{dq`>J~jMBzNOP8vy=J?Xu=N&K#oZb(k#@1p>#mMt;H#59L8s94=fIX_7s+JM& zQQ_Wgtq}2vHCaPL3E#34#iUnHK&)p)w5~ZO|042)ha$|_)bx60-Yw4JhFBxJ2aw>v z@-@HApk7)$)MJp^*s;n>#)2HB_~O9w$gXu+4vDg#?+S{mpy^4h{|!cH>placW&I z@oBB_>0}q*5fBtKS)v*RQ&zQ4W&-&F=wpV_PkVOb#?leYFY^U zAP;8+-8t55X4K6)d`?J=fBw6b?e92ZLI!=l^!nhZkroptvN9#DKYpCw<2DL-z0SA4 z?=F4I?!Jl1Z4yS2H^08vK(YjP(E1-t6Ml4*l$0V%ACn+Sy@?m+df(fyFd(+!0v_gZ43~O6W2o;k7=DA;#*q};voDEXG9%e zytwj0W~<2eo~R*=GZ^v8r0TO$m@K>x#{Qm@lRB&| zgRe9>RKzqlZdkzPg$hiw7Sl=R8F*S#r@^}{WN)Atmv`V+HF7GUr43-d_Ih{{CRQ(fZ*0{D&#Nn7#TF8U*m@Ue%vEvmmbBd7)HX z+kV_JME?e2_r1O((h(F2m$b+*j7IH`v55&*CvwLg*TFaBn1IrjYOqoQk2b`%NZst;e^aPn?JJa5!GnSv7>3a7 zpgy);zRhAY;=kq($n#}NK{%}4(nPvI8bH#&BCEbQ#0qV>atTdOflzDJ4|K881&LN2}udX)H33qVDAowptl zN_rY_6d?0+_Qmt@uUGxNPxl<1o%?ks!0OWr@7G*cLL_+3HjIs3g~$+7ohP74yiBXwCAWOw#1SLdG}dv|?3k#?LH3*oDg&VjcRXq73}ai{bEVouP&QwnO`h56$<rr z`xCzB+CwHL-bcMJ2w(d8rjZc=aMm#DQ1>QJovpE_2ZtgoQ?#Olz_R0wjI|DQhhLaK zv>C&&-sL{JbS9^Jco+|CJYtl>_9ndOpnD09jPx|p)6)Ux9RxXf8uqUEdkQ}5+qN$G z{+(ixJiM7tKp+_A7Ze}fLm5ttcpYU(1b$j3qsC!!*Uv{X27^zPk( z7I1M-&Cm1Yij_cG0(;M)exyP{a4?>s?}iTeeb9j&z*_}YfHguPR#Dsi~4{_8m0F8vDrKO{bOXK#>JhJfSpTB;+f~wR-L%^~#ZhQ&pRmU6uh;3WZ zPf`*qOgqH(j!4W+z*t*y0%=uTlDfpn>mc>_Tbm4-4l70D_&5n1(3ZBeq@<;#Q`6Im z*5S{<_o;YQ+9Dl|g&`{USrLod7aWiqw?G!(*xsJxox*v5VD}F_&7kd6s80?9iGLsx zBFJ_`PTt5}H}Rvo8hfEN8lDr}Y^fo^kMuvOcv{l)M1_0}48-Atb-0$1FQc!oM9J5$ zK?|6zh9uzm7DnD#kLD1jN++;-jd7W*D{+tK(-2cS^pAX(Gz+c;352J z)ZXdx-X;22+J$Uk)B-7JDAC*z{yCwd1sxSA?dbG@pX1~6@|<2;6kWUjG~2|Em0#QN|onO9sPK4h+ZC+5cpoFsdA|5KY0Vs z;P6{vT^f0c&q?{)@RJQA$$%Kn^k5$=2;V9yq;ii_-W-PDgSUuO8ldHXl9iZm;1*7_ zQ9)VZvFCa1Ati5vbC(1jbWZ>iNnL-}09%H9Dh)nnFg(%Rr?)_M9sm{{pUx`4QW6CH zcrrud1)N2aC)SDd^%I%jDZpmBq@_g#mdKQ@-@hv;E3U-cvFbs2=+;wVJC}5?m~UXZ zgYP4>(M@sxkGR=bwb6q9JQpkLh0E+w=Tc94G<7t_avs53C^skKVbQ8-p{2ovM}yPL z%Rxrs)tc_(Th)!-zt7n@IG}?!BNm3j)KPYWON@R`=WxT}KDlp(JqY$!>mpM2(JXom zDK}xj?!>q5^_$OZV!Xw<^pCbe!J(0^_;~k*37Zvcs?J2DfBo@{S?$Jv*U;gtpnffN zzJN*r4{XrZsEGmx2#s=bLDq#`KjZ?~2gTXW3ty&qzw@2n=CDr!XGPDT+8eK1&J-aSI_ay*Glgblox zJI|%o8M`cO_DfjY;V*+qX}rSTzR3N>n3>2@f{=rt^MBBAV)DS*^PoNo5jLwL;@@ua z=#YSgrRBxO&a7~%Z8`*<5Rc5yn_d}S*~`Yy{^6GQk}osa!(d0@u||&2MMyfOW=%Vv zKtW%&@1+YOy<8(?din`+Hs{d*gFfEj>FR0_;KciXm?orOZciKfWWYE4_;FYj1WhP|2Isz$a@l`O>H7BLCqM`}<=$(PN#l?Wr!%1=P^^~>g(pJV^Jyo(P)8u~kD!=!Xv(WCee|S6(+xtTSFNjk8(-W%N;{k_Yok1vThpM(jkxLg5i+6cN-SXPwKYzxS;r)8!)b@K-gVZx$=1eDl zgw0H@t>skIN z+sy-7#7?P8SWBq}-Q~++WJ3cF_~%YX%J=rX2-={^3u=vz*AW@LkjtC9t2NP^btp-2 z)-)`@=%caSU!GOK;c9Wd?R=TID7%U~{TDOJsY37C{zi@}eV)uhYL3g1qcJtr4v}@E ze`l|vfAiZ+*7YQc>!{}X{9{W^79TXaM5m<{xmHxS=H`|I;l;FLQDcAf^q8i&wic(% z^8U`}tehu#Z)1|eqlJ7zNF_(o`7c;4AIHbW@}6%5D;++Ll?X349#<7oH{|T$C{Juf zMy6==+PoSLKC+@>uj87%iHTGF>>6vw%gYH8!*3#f7xc=p(#IvWtqBNo#0+Sc;-v?!KKdPVLh;WM<&J>(>?h4mMUa z6xECTy8(gsXCzN&_E22&Af@~xaaEMX=+DOG+bE(*4bJqbY%~1w+hd*1#igzNeQn3Q zN?h+0CTC~C7b4owV;1Kc``*7&PsqUd2G0}nZr^uypviy-mAhD{-Z|P{HZdarV}*%R z?WKd?+1c6DSE;)lJYa-0Wsh$+hpDZ_o!WRR?#8%tfoNT51l4wi2C$G*?Pp3<*_Pk# z*REC8YsgSy5oiZDAg9%%X5S@9GE|I0wrEC4vdCz7lZ3IUU)3T<>!0F3%-mS2UU@U-LeT z1oK5GoWbk7rIk)H7?4jW0mv!ngWkSPl`d9EjlSLT%5r_E`&y1=)#B6Kn1=*5r3wSVf*6oB1`?UC5Y|xDe zpY!&4_|Wz=_yiOd+?yaF!Y!J?Hjt+#k^t3X5#Fu}`zE^LdUSqm>0XYdPmA_*hiiA8 zSK)YvtpTZ2N@G;QX!FPjt)KfGvG-0tiAjjLnb~C?gSuOPr+47~~y;*ll%WV=gXH}Q(6Q(5_$T?}@}0^)Wu_HgpkKB>7VJU*W0`SSvo zD7UO97oqT%N=jDbzY)$1eWm$VK@$^oICO<3H&IBf3oZNb$G~mwEE4t96XLhGamZB) zV}5rH5~SncU*h8C!r!U;Tybyi@9bWilc!d9T-@BhMcjwytU`A9%%w}cnu9jXre z>rYl#pb>V0bqs!S>svcjIzNA6)SdsC!%Q`GMEn_TN^@r?WmHrMfvo>4JeAceT2xj? zQ%QsGK70s;8Z6VOOA2}4GX#rjUyYqa1-FA=7|s5?cFBhFpJjquF(z)1@w_O*ce)yo z2Jk_k1~##`A9omzib^=v)8iA`RT6`RG`8dnK^^s{i2+&;=reEmkoiA{inL$90aWP;(m_k?QIze7Ad24yQF?ccWIe?Cp6f9S)vk zeD7%)(RHsiZ<9G&W;+wMFkl8$)f`Z7LIejF*Wy(!q1}_dN3-hc8D7k&QR%I+h>I6d zP~iGJm^gJM50kraQ7vZ#;Sa6z-+zCZk3I3P4HSosY|fR*9eE<9C#rGlm5_O4C#z zYQQ0*m-YaDlzjW<|7ZXodac^i)dc*Cvid`~S{Te6K8`$x*unQ@#NPAki{aRNzC*fw z7a^r+J3ic^c2a9MOaa1ONuRGwSYqCWn^B?WYy@Ng8ste$ z4B#gBp+Y&RT&154>HeLCMx#X^`$MSshg+f1AE@`twM5^*;2LE(G-qoIbyI)m{eS+v z`8pyop!(3$d%uSgXf)|y*6FmN7$?qYQ<-o9S`^ltOk4zL$`k3v6@UGzUcSMJJt!>7d%>+puY|h`nj!%6X^q2Z}C-q*)^wKv_}V<&mG(Br7^4j~1NT3z zV`IdCM9eQfN&Q~LSah68s1D9x`Bo)~SZ}RoC998~Jg%M#J|9WRXk~6b*0X2$b>Gt8 z3qZfOO2kHeUtki6{Y-P}Igjqxj3SJ;bEQo1%`{z=i}g@zy4C9BbdR_w&6Z+EOFi1D zhH7WSab{IIx_HSLCukGz?4HmI+>+9M&41%YN2+`eEMfALw_N98l7mLmL+69&dzCp# zKB-DG(@sC{wb*8{vivt_ww;o&>tXvZmruwKcLUw$x{L(p1?G6sTvYU8x+;q0qdNxr ztDQJSDgfBPc|f!7;kG=LH!$^2kZ#a9*01F#&b|BWor>`@pD9;*QCV5ppw>L=K@2y5 zC82LF?V!>DJ#%z(qkBOYVSTR)8FHbAn(Fh6d@Kwtez3DbE~bIb75P1q_9_Q`{)hKZ zJZI?#XODs(qGt43b78>l?cJB>2abJ?1~b#aJfBZ_=hF`)XyRp0l>_caQ!pA;4xLIo zQmVtR()WAAdbXf@Bl#gH1MJ<<*vJUzTP3~MRXA!OXY9XPTL?jaf1>_G(%r)o+;oV_ zER}`k2TbiyO|s(>{+#GpzBt8%n$4Qv?ryxEW9UsqPj0TMVl6hssDf4d~p) z@SM>(1e-E_XxQb}9ZdXoyf6y|Ua&j>c|amDtUcVsN6xA=C(6U<2bxrq`%g0mXqqWL zj8Duasp{&60Po?Ns3>XsCvFrpCoZ2D6zZl#Z@hfOmzYSe24xJujpkN!i%ED1DaAbJ za-Gc{1clmgTV1b;r(AUPp#r80_%$rJJZLG5Vu~hbR7sJ@>T)H(Bv55NJwBh+m5j`F zt0_H1t=x0%Ob{i+%JTzEf09CCG9BdP8C^WFdLn(HS0$0JPGyl2<`&)?2ltV7z2Dp> zq!Ym#0)Q(T`-o?l9z8*cw7^;;kkMTjFBjIneGuG+_&EeP>YMG z4q4jUv(e{|j*5c8ga;553d?w^Y8il?LY8b>v-JG%TOQbD;34QmeU;|!;rF=-)4VXT zf!-7Q%K)#y_=!Zo47^cB#eN_9J#2^vrbsg&yyTRE*@L?fp6+=p5+T4+@}YL!^V?hw zIt7|gTjyZx%t&LD@PcJIuO|% z>c#>Ac4uYFx+X4erXV>0BR%NOgUHrFK)vPkWJeZRhF_eOJ+pR-4uVXM@DC5?ACNr$ zkviI)GC$ue^LBP}Dh0N2LD_PA8P(gkj{$T#!+>BHY1N@e^Q=M`_)4DQ9&#DfO6}Y8 z8q@_KF(m2v5BDPa647GM(MMH|qesv;0@k;n-U-u%gRjk~h-USiPOPJ|?h>32Z;VQs zxY(7W%y^h|f!|W@l85)7-lCbDa}QpwW7*$j7rwp)LVU}fI=*9Zp9V65`{hh9|@vqt^naR1iKejc@m|g&aVG{`1n*%N7+RdAI z!Lw*;&;=kS#p(jc-+%`b3Wb8RGvQa~P3*WhQNoAceS4n8w!E`N!u9Bih-i(mwRI0C zairi5F>z&|I2{jP0}}utw%qI#;Xy9|M}=G?rC}iehMB}lx6>kFPW|ZdL0EEa}e93LB;5MxNsqgUYrdrVQ*y>PL*;B!1!V3;oaSnZvX*@g~>g$ zy8n+DNFlQ0*(4)_eFN7eBrbxlX!wZ8&h=CX_fS{-l4#7{4`O|)`6bW+V5z0OB1D)R zuAiTzeibdmf?zb-J2Nvg9WDmY5?~2PIXPX7N_pK#>P4EGA&aa;N6@?zp%S|iCikD=`}V&px!jdm9Hi<2+EiUf!%$ z)lmb~Rqpvj6`er&q7OB_7%j*L({AIwZ($^WwZ(CZM;cZE6!_#+Dd(Ym3Db^%V*aDn z(`m@0`>uP@D7+*vA9i2vDHjQh5)>Q&H1RrI2e>`G{!OQ|_>nYTXmV~zbUxhV3~JB2 z2w6K$fdA4Uzx_2>6VOuub_33haK-ze`a$M(!_a*UM!Z8-|8Au+s>kve$pgFxc}mSt z?dEU8!uSAId?~Ir8^~RF;gjwJ^{Fo08Y|2wN)%R_jSYetAVbHYus_FtImjob?#I z*l&F?HnqWp5M4du3E|loj+k9+H31YJn@Zyn687@CU{2E6*$GC&IH{c&UlvXRXk8%R zf@QfB49~x>?Nh?DiW79XBO=;=YBoPA3D((IHYa2v>|g-+jPOLd2iQVo^5o>@ubP?_ zo6Z%9=dLiGTV1txw;40jjSg*;&Tw4V)Hw5JQhW!?0@hZkLeQrHO>>Jm!Sgc!rXt~+*9r`sMx~L-dj{`& zfJjoif8^=C(NBV%q2)cDMpuR3b5q7}V>C52-FIe*eJIChxnM2VZtbp>_{`Ze4_ZIA zOX}Ps=({Pw=wsf&pmW8}W1E8GsuI1(CLuJDK(1wZ+`8-r^-QbpPIoG$H(fz$PezG* zk2kj4g8cySC@WjG6il$8EA({046u6+o8GPXc8%>H{YRx6nZ1_ulH?hC0*s8S?j}v1 z$XBdpYh8dr_5k<|JkqidTot*;w{7w8S z;!$1SeTm`oVX?3MyPi+4u|2zZfh0(q3x>dj_jNq*UcA^WfqEv%LJM6%MEI|(r@EuL znMOtYfExSeh@cHWPUywNYEBffiFv$swq=>Hg>ea>8~3e9tipc}ai2%$qTXxnEPiHSqr%q%OIBf`dR7jcg3di^=%>K^wWoe2O;yZeWO z14I4r5v;6iEX-;c1_BNnAl`lZ<#w$43c5*-+z^` z04(sfm*y2p?$5lLDSVW`4970Ow{PPj9>x|;-q%!4@sCnql`&401omo?kmSNjiD~m4 zsB5RX-xYPMMsZj(|NRvb!eP z$9eofTKb*ZXki-)MPFRMOMx9L0YmKBC64l`3}>7KWNv*LCqE1X@}f&uHA zm~vMFrlHzpo>x&A;qk{X6{`2c2w?dcK!)@A9ty^4utY#*JH!=J5_`L?5dW}HI1~gk(25k!{AwK~v>lW%?)LC# zeq(WgkS-9M#;=RAS9A$C1Dn>_va4ZpzFF7mU%RPe%=JY)NVf5qEaiiAgZjqXEqg3702&&zkY@25^XT)$u(k<)Jwz>bxK10$8zA=WAI|b(XPczgZiJ}oMi6$P&D*m-8H+mqMQ#i@nvj9O;EYmR zPX{$TOao$0_;@mrU<#g5T}=rmS5!G-uoTLQ*tt|IMY-C@-3=;|7fkl$|5 zBM7SphNDpAnK)Pp{cV;I0AfeqK!3*fY)U|X;9Ie8P@lp}PrpoHP+Yoa1w{=Ev98(K zhZIHGE6N_<9bEPQxl{kkqnSK$ijbM0XJX? zztcms}MvafJMlH*lfwGP~(93moEr4wh0F%t|;JX+&jUE6j zWNmHThOv(Rc`Adyo30>ViA7Q8vT1i zqfNujG=RMZ+E~F50Xm{?))-Xh0A+GAW1xs1Fll6_ zhZz3{Ji$Kb*RM}jhy}Fm(KqeR65fCQIt>91>{;uN{VSb3y79&T{?~QdjsNrF|G5d+ g_3;0Nm9Tbt&LWdh)IwtA%p^lmURkb4#yH@A0b_&RJ^%m! literal 0 HcmV?d00001 diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 4c2d1ebe86..3ab4a7b594 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -215,7 +215,7 @@ auth0 apps open Select the OIDC app (or client) you just created from the list. This will open the OIDC application on the Auth0 dashboard. -<< image >> +{% img blog/jakartaee-auth0/oidc-application-auth0.png alt:"Auth0 OIDC App" width:"800" %}{: .center-image } Fill in the three values in `src/main/resources/openid.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. @@ -231,8 +231,12 @@ Open your [Auth0 developer dashboard](https://manage.auth0.com). You need to cre Under **User Management** click on **Roles**. Click the **Create Role** button. +{% img blog/jakartaee-auth0/auth0-create-role.png alt:"Auth0 Create Role" width:"1000" %}{: .center-image } + **Name** the role `Everyone`. Give it a **Description**, whatever you like. Click **Create**. +{% img blog/jakartaee-auth0/auth0-create-role2.png alt:"Auth0 Create Role, part 2" width:"700" %}{: .center-image } + The Everyone role panel should be shown. Select the **Users** tab. Click **Add Users**. Assign yourself to the role. You've now created a role and assigned yourself to it. But this information will not be passed along in the JWT without a little customization. The current best practice is to do this using actions. @@ -243,6 +247,8 @@ Add a new action by clicking on the **+** symbol to the right of **Add Action**. Give the action a **Name**, such as `Add Roles`. Leave the other two values the same. Click **Create**. +{% img blog/jakartaee-auth0/auth0-create-action.png alt:"Auth0 Create Action" width:"600" %}{: .center-image } + Change the code for the action to the following. ```js @@ -262,6 +268,9 @@ Click on the **Add to flow** link in the popup window that slides in (if you mis Drag the **Add Roles** action over under the **Rules (legacy)** action. +{% img blog/jakartaee-auth0/auth0-action-flow.png alt:"Auth0 Action Flow" width:"600" %}{: .center-image } + + Click **Apply** (top right of the panel). ## Take a look at the ProtectedServlet and OIDC flow @@ -490,7 +499,7 @@ You'll get: HTTP/1.1 401 Unauthorized ``` -Now, use your OIDC endpoint to retrieve a token. Using a browser, open http://localhost:8080/protected +Now, use your OIDC endpoint to retrieve a token. Using a browser, open [http://localhost:8080/protected](http://localhost:8080/protected) Authenticate with Auth0. When you are redirected back to the protected servlet page, copy the token value and save it in a Bash shell variable in a new Bash shell. From 9023e3428e2f9bec51f285e3be614c00b6da45e0 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:52:20 -0600 Subject: [PATCH 05/34] revert mistaken edit in wrong branch --- _source/_posts/2022-08-19-build-crud-spring-and-vue.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2022-08-19-build-crud-spring-and-vue.md b/_source/_posts/2022-08-19-build-crud-spring-and-vue.md index bf9cc552af..eceefb7289 100644 --- a/_source/_posts/2022-08-19-build-crud-spring-and-vue.md +++ b/_source/_posts/2022-08-19-build-crud-spring-and-vue.md @@ -14,8 +14,8 @@ image: blog/spring-boot-vue3/spring-boot-vue.jpg type: conversion github: https://github.com/oktadev/okta-spring-boot-vue-crud-example changelog: -- 2023-01-20: Updated post to add Auth0 and use Spring Boot 3.0. You can find the changes to this post in [okta-blog#1284](https://github.com/oktadev/okta-blog/pull/1284). Example app changes can be found in [okta-spring-boot-vue-crud-example#6](https://github.com/oktadev/okta-spring-boot-vue-crud-example/pull/6). --- + You will use Vue and Spring Boot to build a todo list web application. The application will include CRUD abilities, meaning that you can **c**reate, **r**ead, **u**pdate, and **d**elete the todo items on the Spring Boot API via the client. The Vue frontend client will use the Quasar framework for the presentation. OAuth 2.0 and OpenID Connect (OIDC) will secure the Spring Boot API and the Vue client, initially by using Okta as the security provider. Then, at the end of the tutorial, you will also see how to use Auth0 as the security provider. {% img blog/spring-boot-vue3/spring-and-vue.png alt:"Spring Boot, Vue, and Okta logos" width:"500" %}{: .center-image } From 3ac223993c0be7432b84699c335f0367ba34f0ec Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:53:45 -0600 Subject: [PATCH 06/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 3ab4a7b594..151b286932 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -24,7 +24,7 @@ This stack includes a lot of technologies. I'm going to introduce them briefly b **Jakarta vs Java, EE vs SE** -Jakarta EE is Jakarta Enterprise Edition. This was formerly Java EE. The name and framework packages were migrated when Oracle gave Java EE to the Eclipse Foundation because Oracle still has the rights to the Java brand and did not open-source absolutely everything that was in the `javax.*` namespace. Thus, Jakarta EE is the Eclipse-owned and now totally open-source Java EE (You may have recently had to change some packages from `javax` to `jakarta`. This is why.) +Jakarta EE is Jakarta Enterprise Edition, formerly known as Java EE. The name and framework packages were migrated when Oracle gave Java EE to the Eclipse Foundation because Oracle still has the rights to the Java brand and did not open-source absolutely everything that was in the `javax.*` namespace. Thus, Jakarta EE is the Eclipse-owned and now totally open-source Java EE (You may have recently had to change some packages from `javax` to `jakarta`. This is why.) Enterprise Edition is built on top of Jakarta (that is, Java) SE, or Standard Edition. Jakarta SE is the more lightweight Java version that provides a basic cross-platform runtime. Enterprise Edition is assumed to be running on an application server and adds libraries intended for larger-scale, multi-user applications. From a22608b9d9cf57350dc72e650f665b522984351b Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:53:59 -0600 Subject: [PATCH 07/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 151b286932..3f963712f2 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -89,7 +89,7 @@ The WildFly plugin is included and configured in the block below. ``` -The docs for [the WildFly maven plugin are here](https://docs.wildfly.org/wildfly-maven-plugin/). Except for the cryptic `` block, the plugin is pretty simple and easy to use. +The docs for [the WildFly Maven plugin are here](https://docs.wildfly.org/wildfly-maven-plugin/). Except for the cryptic `` block, the plugin is pretty simple and easy to use. It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI in the server and instead delegates validation of credentials to a non-integrated ServerAuthModule. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. From 27b881ee8dbe7fd157fd3f976dfd45654b4474aa Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:54:09 -0600 Subject: [PATCH 08/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 3f963712f2..b5d1a312a0 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -501,7 +501,7 @@ HTTP/1.1 401 Unauthorized Now, use your OIDC endpoint to retrieve a token. Using a browser, open [http://localhost:8080/protected](http://localhost:8080/protected) -Authenticate with Auth0. When you are redirected back to the protected servlet page, copy the token value and save it in a Bash shell variable in a new Bash shell. +Authenticate with Auth0. When you are redirected back to the protected servlet page, copy the token value and save it as a variable in a new shell. ```bash TOKEN=eyJraWQiOiJqY3dpbGpUcGVZSG1Jajl6ODR3LV... From 4ef5a00b011f6c31c8b9ec3400e615ac286f7818 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:54:18 -0600 Subject: [PATCH 09/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index b5d1a312a0..617e132deb 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -499,7 +499,7 @@ You'll get: HTTP/1.1 401 Unauthorized ``` -Now, use your OIDC endpoint to retrieve a token. Using a browser, open [http://localhost:8080/protected](http://localhost:8080/protected) +Now, use your OIDC endpoint to retrieve a token. Using a browser, open `http://localhost:8080/protected`. Authenticate with Auth0. When you are redirected back to the protected servlet page, copy the token value and save it as a variable in a new shell. From daca5639003fa852cf9ab5dbf10d5c9b5cddab2e Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:54:27 -0600 Subject: [PATCH 10/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 617e132deb..e90f708b19 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -529,7 +529,7 @@ Welcome, andrew.hughes@mail.com ## Keep Learning with Jakarta EE and Auth0 -You just built a Jakarta Enterprise Edition application that used the new Open ID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2 provider, and you saw how to implement both SSO and JWT authentication. +You just built a Jakarta Enterprise Edition application that used the new Open ID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2.0 provider, and you saw how to implement both SSO and JWT authentication. ou can find the source code for this example on GitHub in the [@oktadev/okta-spring-boot-vue-crud-example](https://github.com/oktadev/okta-spring-boot-vue-crud-example) repository. From 8c93e03c9d8c874a81c6667ddf08dd5c6a35522e Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:54:35 -0600 Subject: [PATCH 11/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index e90f708b19..44ca4bfe4d 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -531,7 +531,7 @@ Welcome, andrew.hughes@mail.com You just built a Jakarta Enterprise Edition application that used the new Open ID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2.0 provider, and you saw how to implement both SSO and JWT authentication. -ou can find the source code for this example on GitHub in the [@oktadev/okta-spring-boot-vue-crud-example](https://github.com/oktadev/okta-spring-boot-vue-crud-example) repository. +You can find the source code for this example on GitHub in the [@oktadev/okta-jakartaee-oidc-example](https://github.com/oktadev/okta-jakartaee-oidc-example) repository. If you liked this post, there's a good chance you'll like similar ones: From 4d34d432e863e07714370fdaed535ad800545d3d Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:54:50 -0600 Subject: [PATCH 12/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 44ca4bfe4d..addfcf0bc3 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -91,7 +91,7 @@ The WildFly plugin is included and configured in the block below. The docs for [the WildFly Maven plugin are here](https://docs.wildfly.org/wildfly-maven-plugin/). Except for the cryptic `` block, the plugin is pretty simple and easy to use. -It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI in the server and instead delegates validation of credentials to a non-integrated ServerAuthModule. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. +It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI in the server and instead delegates validation of credentials to a non-integrated `ServerAuthModule`. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. > If you dig too deep into all of this, you will encounter a lot of Java API framework jargon, such as Elytron, Java EE Security, JASPI, JASPIC, and JACC. Arjan Tijms has [a nice article at Payara](https://blog.payara.fish/ee-security-jaspic-jacc-loginmodules-realms) that differentiates a lot of it. > From 84668ca2e39f71eb80090ec77577bd16c4a8a60b Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:55:43 -0600 Subject: [PATCH 13/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index addfcf0bc3..6bd10aa9de 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -215,7 +215,7 @@ auth0 apps open Select the OIDC app (or client) you just created from the list. This will open the OIDC application on the Auth0 dashboard. -{% img blog/jakartaee-auth0/oidc-application-auth0.png alt:"Auth0 OIDC App" width:"800" %}{: .center-image } +{% img blog/jakartaee-auth0/oidc-application-auth0.png alt:"Auth0 OIDC App" width:"600" %}{: .center-image } Fill in the three values in `src/main/resources/openid.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. From 31826112119cdf0820c310d18bd4db507e975a0d Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:56:01 -0600 Subject: [PATCH 14/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 6bd10aa9de..4ed73c8673 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -222,7 +222,7 @@ Fill in the three values in `src/main/resources/openid.properties`. Replace the ```properties issuerUri= clientId= -clientSecret=ca +clientSecret= ``` ## Configure Roles on Auth0 From cf15c776fb952e876a1044d949b35dc261266471 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 13:56:21 -0600 Subject: [PATCH 15/34] Update _source/_posts/2023-01-24-jakartaee-auth0.md Co-authored-by: Matt Raible --- _source/_posts/2023-01-24-jakartaee-auth0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 4ed73c8673..ccdc2258ea 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -268,7 +268,7 @@ Click on the **Add to flow** link in the popup window that slides in (if you mis Drag the **Add Roles** action over under the **Rules (legacy)** action. -{% img blog/jakartaee-auth0/auth0-action-flow.png alt:"Auth0 Action Flow" width:"600" %}{: .center-image } +{% img blog/jakartaee-auth0/auth0-action-flow.png alt:"Auth0 Action Flow" width:"400" %}{: .center-image } Click **Apply** (top right of the panel). From 9a0204554e36c72cf9220de0ba705e57c02a848e Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 7 Feb 2023 14:06:08 -0600 Subject: [PATCH 16/34] integrating QA --- _source/_posts/2023-01-24-jakartaee-auth0.md | 71 ++++---------------- 1 file changed, 12 insertions(+), 59 deletions(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 3ab4a7b594..0dd1fc1034 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -1,10 +1,10 @@ --- layout: blog_post -title: "Open ID authentication with Jakarta EE 10 and Security 3.0" +title: "OpenID authentication with Jakarta EE 10 and Security 3.0" author: andrew-hughes by: contractor communities: [java,security] -description: "Use Jakarta EE 10 to build a secure Java web application using Open ID connect and Auth0." +description: "Use Jakarta EE 10 to build a secure Java web application using OpenID connect and Auth0." tags: [java, jakartaee] tweets: - "" @@ -14,11 +14,11 @@ image: type: conversion --- -## Open ID authentication with Jakarta EE 10 and Security 3.0 +## OpenID authentication with Jakarta EE 10 and Security 3.0 -Jakarta EE 10 includes a new authentication mechanism: Open ID Connect! This can be added to a Jakarta EE servlet using the new `@OpenIdAuthenticationMechanismDefinition` annotation. +Jakarta EE 10 includes a new authentication mechanism: OpenID Connect! This can be added to a Jakarta EE servlet using the new `@OpenIdAuthenticationMechanismDefinition` annotation. -In this tutorial, you are going to see how to implement a web application with Open ID Connect (OIDC) authentication and use Auth0 as the OIDC provider. You are also going to see one way to secure an API and authenticate using JSON Web Tokens (JWTs). This will all be accomplished using Wildfly as the Jakarta EE runtime. +In this tutorial, you are going to see how to implement a web application with OpenID Connect (OIDC) authentication and use Auth0 as the OIDC provider. You are also going to see one way to secure an API and authenticate using JSON Web Tokens (JWTs). This will all be accomplished using Wildfly as the Jakarta EE runtime. This stack includes a lot of technologies. I'm going to introduce them briefly below. If you're comfortable with all those terms and just want to get to the code, **feel free to skip ahead to the requirements section**. @@ -40,7 +40,7 @@ WildFly is an open-source community project sponsored by Red Hat. It bills itsel **Jakarta EE 10 Security 3.0** -The exciting thing about Jakarta 10 (from a security perspective) is that it includes a new OIDC implementation in the Security 3.0 specification. Open ID Connect is an authentication protocol. This protocol is implemented by many third-party vendors, such as Auth0 and Okta, making it relatively easy to add secure login to an application. Jakarta EE 10 Security 3.0 provides an annotation-based configuration to add OIDC authentication to servlets. +The exciting thing about Jakarta 10 (from a security perspective) is that it includes a new OIDC implementation in the Security 3.0 specification. OpenID Connect is an authentication protocol. This protocol is implemented by many third-party vendors, such as Auth0 and Okta, making it relatively easy to add secure login to an application. Jakarta EE 10 Security 3.0 provides an annotation-based configuration to add OIDC authentication to servlets. You can check out [the docs for Jakarta EE 10 Security 3.0 OIDC here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). @@ -56,6 +56,8 @@ Before you start, please make sure you have the following prerequisites installe Clone the tutorial from [the GitHub repository](need.a.link). +{% include toc.md %} + ## Take a look at the build configuration and project dependencies I won't reproduce the entire `pom.xml` file here, but I want to point out a few things. @@ -93,45 +95,6 @@ The docs for [the WildFly maven plugin are here](https://docs.wildfly.org/wildfl It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI in the server and instead delegates validation of credentials to a non-integrated ServerAuthModule. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. -> If you dig too deep into all of this, you will encounter a lot of Java API framework jargon, such as Elytron, Java EE Security, JASPI, JASPIC, and JACC. Arjan Tijms has [a nice article at Payara](https://blog.payara.fish/ee-security-jaspic-jacc-loginmodules-realms) that differentiates a lot of it. -> -> Stated very briefly, JASPI (also JASPIC) is Java Authentication for Containers. It is a low-level authentication protocol. Similarly, JACC, or Java Authorization Contract for Containers, is a spec for authorization. Both are Enterprise Edition-specific and are protocols only, meaning that they are designed to provide a standard set of interfaces that third parties can implement. They are a bunch of interfaces on top of which third parties can build implementation frameworks. -> -> Jakarta EE security is built on top of the JASPI and JACC interfaces and provides an easier-to-use and more complete authentication and authorization solution. It implements the JASPI and JACC protocols and also adds some new classes. -> -> [Elytron](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#about) is the JBoss Wildfly-specific security implementation that uses Jakarta EE security and builds on top of it to provide a unified client and server security implementation. This tutorial does not use any Elytron-specific features. However, since it does use Wildfly, it uses the Jakarta EE implementation parts of Elytron, and if you look in the docs you'll see the name mentioned. The Elytron docs include [a section on Jakarta EE security](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security). - -The last section of the `pom.xml` file I want to point out is the following. This plugin block is used to download the WildFly runtime locally and unpack it to the `/target` directory. This is necessary to ensure that you download and run the specific `27.0.0.Final` release, which you need to enable Jakarta EE 10. - -```xml - - org.apache.maven.plugins - maven-dependency-plugin - ${maven-dependency-plugin.version} - - - unpack - process-classes - - unpack - - - - - org.wildfly - ${wildfly.artifactId} - ${wildfly.version} - zip - false - ${project.build.directory} - - - - - - -``` - ## Project structure and configuration The files in the `src` directory are listed below. There are three different services: @@ -169,7 +132,7 @@ The `jboss-web.xml` file is simply used to change the context root to `/`. Neither of the files in the `META-INF` directory seem to be required for the application to function. The `beans.xml` file explicitly enables CDI / dependency injection. However, this would also be done implicitly by the use of the annotations. The `MANIFEST.MF` file defines some provided runtime dependencies related to CDI. Perhaps in some runtime environments it would be necessary to include this file, but it seems unneeded when running locally with WilfFly. -## Create an Auth0 API and OIDC application +## Create an Auth0 OIDC application If you have not already, install the [Auth0 CLI](https://github.com/auth0/auth0-cli) and run `auth0 login` in a terminal. @@ -182,16 +145,6 @@ Waiting for the login to complete in the browser... done Take note of the domain listed as the tenet. This is your Auth0 domain. If you need to find it again later, you can use `auth0 tenants list`. -You need to create an API on Auth0. The Auth0 API is what exposes identity functionality for all authentication and authorization protocols, such as OpenID Connect and OAuth. **Without the API, Auth0 servers will return an opaque token that the Java application will not be able to verify.** This can lead to some cryptic error messages and some lost time. - -Use the following command to create a custom Auth0 API named `myapi` with the identifier `http://my-api`. - -```bash -auth0 apis create -n myapi --identifier http://my-api -``` - -Just press enter three times to accept the default values for scopes, token lifetime, and to allow offline access. The scopes here refer to custom scopes, not the standard scopes (email, profile, and openid) that you will need for OIDC and OAuth. - Now use the Auth0 CLI to create an OpenID Connect (OIDC) application. From the project base directory, run the following. ```bash @@ -207,7 +160,7 @@ Use the following values: - **Callback URLs**: `http://localhost:8080/callback` - **Allowed Logout URLs**: `http://localhost:8080` -The console output shows you the Auth0 domain and the OIDC client ID. However, you also need the client secret, which you have to get by logging into Auth0. Type the following: +The console output shows you the Auth0 domain and the OIDC client ID. However, you also need the client secret. On the 1.0 version of the Auth0 CLI you can show the client sercret with the `--reveal-secrets` command. However, for previous versions, you have to get the client secret by logging into Auth0. Type the following: ```bash auth0 apps open @@ -273,7 +226,7 @@ Drag the **Add Roles** action over under the **Rules (legacy)** action. Click **Apply** (top right of the panel). -## Take a look at the ProtectedServlet and OIDC flow +## Explore the ProtectedServlet and OIDC flow Let's look at the `ProtectedServlet` first. This is the class that defines the OIDC annotation and will redirect to Auth0 to handle OIDC authentication. @@ -529,7 +482,7 @@ Welcome, andrew.hughes@mail.com ## Keep Learning with Jakarta EE and Auth0 -You just built a Jakarta Enterprise Edition application that used the new Open ID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2 provider, and you saw how to implement both SSO and JWT authentication. +You just built a Jakarta Enterprise Edition application that used the new OpenID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2 provider, and you saw how to implement both SSO and JWT authentication. ou can find the source code for this example on GitHub in the [@oktadev/okta-spring-boot-vue-crud-example](https://github.com/oktadev/okta-spring-boot-vue-crud-example) repository. From 07a1796fc26a3a878bfc973601763de37be1e585 Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Mon, 13 Feb 2023 17:02:04 -0700 Subject: [PATCH 17/34] Polishing --- ...auth0.md => 2023-03-01-jakarta-ee-oidc.md} | 55 ++++++++----------- 1 file changed, 24 insertions(+), 31 deletions(-) rename _source/_posts/{2023-01-24-jakartaee-auth0.md => 2023-03-01-jakarta-ee-oidc.md} (94%) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md similarity index 94% rename from _source/_posts/2023-01-24-jakartaee-auth0.md rename to _source/_posts/2023-03-01-jakarta-ee-oidc.md index 1195822df4..0c0ef91716 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -1,50 +1,46 @@ --- layout: blog_post -title: "OpenID authentication with Jakarta EE 10 and Security 3.0" +title: "Use Jakarta EE 10 with OpenID Connect Authentication" author: andrew-hughes by: contractor communities: [java,security] -description: "Use Jakarta EE 10 to build a secure Java web application using OpenID connect and Auth0." +description: "Use Jakarta EE 10 to build a secure Java web application using OpenID Connect and Auth0." tags: [java, jakartaee] -tweets: -- "" -- "" -- "" image: type: conversion --- -## OpenID authentication with Jakarta EE 10 and Security 3.0 - Jakarta EE 10 includes a new authentication mechanism: OpenID Connect! This can be added to a Jakarta EE servlet using the new `@OpenIdAuthenticationMechanismDefinition` annotation. -In this tutorial, you are going to see how to implement a web application with OpenID Connect (OIDC) authentication and use Auth0 as the OIDC provider. You are also going to see one way to secure an API and authenticate using JSON Web Tokens (JWTs). This will all be accomplished using Wildfly as the Jakarta EE runtime. +In this tutorial, you are going to see how to implement a web application with OpenID Connect (OIDC) authentication and use Auth0 as the OIDC provider. You are also going to see one way to secure an API and authenticate using JSON Web Tokens (JWTs). This will all be accomplished using WildFly as the Jakarta EE runtime. + +This stack includes a lot of technologies. I'm going to introduce them briefly below. If you're comfortable with all those terms and just want to get to the code, **feel free to skip ahead to the prerequisites section**. -This stack includes a lot of technologies. I'm going to introduce them briefly below. If you're comfortable with all those terms and just want to get to the code, **feel free to skip ahead to the requirements section**. +{% include toc.md %} -**Jakarta vs Java, EE vs SE** +## Jakarta vs Java, EE vs SE Jakarta EE is Jakarta Enterprise Edition, formerly known as Java EE. The name and framework packages were migrated when Oracle gave Java EE to the Eclipse Foundation because Oracle still has the rights to the Java brand and did not open-source absolutely everything that was in the `javax.*` namespace. Thus, Jakarta EE is the Eclipse-owned and now totally open-source Java EE (You may have recently had to change some packages from `javax` to `jakarta`. This is why.) Enterprise Edition is built on top of Jakarta (that is, Java) SE, or Standard Edition. Jakarta SE is the more lightweight Java version that provides a basic cross-platform runtime. Enterprise Edition is assumed to be running on an application server and adds libraries intended for larger-scale, multi-user applications. -To run an SE application, all you need is the JRE (Java runtime environment) for a compatible version of Java. Enterprise Edition, however, requires a more complete runtime environment and has a lot more possible modules and configuration options. To see a list of Jakarta EE compatible products, you can look at [the Jakarta website](https://jakarta.ee/compatibility/). A few examples are Open Liberty, Payara, Wildfly, Glassfish, and TomEE. +To run an SE application, all you need is the JRE (Java runtime environment) for a compatible version of Java. Enterprise Edition, however, requires a more complete runtime environment and has a lot more possible modules and configuration options. To see a list of Jakarta EE compatible products, you can look at [the Jakarta website](https://jakarta.ee/compatibility/). A few examples are Open Liberty, Payara, WildFly, GlassFish, and TomEE. -As of the time I wrote this tutorial, Jakarta EE 10 was a very new release, and only three frameworks supported version 10: Eclipse GlashFish, Payara Server Community, and WildFly. +As of the time I wrote this tutorial, Jakarta EE 10 was a very new release, and only three frameworks supported version 10: Eclipse GlassFish, Payara Server Community, and WildFly. -**Wildfly** +### WildFly I chose to use [WildFly](https://www.wildfly.org/) as my Jakarta EE runtime. Hantsy Bai created a great example project that was a big help. Check out [the GitHub project repository page](https://github.com/hantsy/jakartaee10-sandbox). Thanks, Hantsy Bai! Super helpful. WildFly is an open-source community project sponsored by Red Hat. It bills itself as a "flexible, lightweight, managed application runtime" that is "based on Jakarta EE and provides rich enterprise capabilities in easy to consume frameworks that eliminate boilerplate and reduce technical burden." It is a modular, standards-based runtime for Jakarta EE applications. -**Jakarta EE 10 Security 3.0** +### Jakarta Security 3.0 The exciting thing about Jakarta 10 (from a security perspective) is that it includes a new OIDC implementation in the Security 3.0 specification. OpenID Connect is an authentication protocol. This protocol is implemented by many third-party vendors, such as Auth0 and Okta, making it relatively easy to add secure login to an application. Jakarta EE 10 Security 3.0 provides an annotation-based configuration to add OIDC authentication to servlets. You can check out [the docs for Jakarta EE 10 Security 3.0 OIDC here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). -**Requirements** +## Prerequisites Before you start, please make sure you have the following prerequisites installed (or install them now). @@ -54,11 +50,13 @@ Before you start, please make sure you have the following prerequisites installe **You will need a free Auth0 developer account** if you don't already have one. Go ahead and sign up for an Auth0 account using [their sign-up page](https://auth0.com/signup). -Clone the tutorial from [the GitHub repository](need.a.link). +Clone this tutorial's example from [its GitHub repository](https://github.com/oktadev/auth0-jakarta-ee-oidc-example). -{% include toc.md %} +```shell +git clone https://github.com/oktadev/auth0-jakarta-ee-oidc-example.git +``` -## Take a look at the build configuration and project dependencies +## Jakarta EE example project overview I won't reproduce the entire `pom.xml` file here, but I want to point out a few things. @@ -178,7 +176,7 @@ clientId= clientSecret= ``` -## Configure Roles on Auth0 +## Configure roles on Auth0 Managing roles is a feature that is being added in [the upcoming Auth0 CLI 1.0 version](https://github.com/auth0/auth0-cli/releases/tag/v1.0.0-beta.1) that's currently in beta. What I'll show you below is how to do it in the dashboard. @@ -202,7 +200,7 @@ Add a new action by clicking on the **+** symbol to the right of **Add Action**. Give the action a **Name**, such as `Add Roles`. Leave the other two values the same. Click **Create**. -{% img blog/jakartaee-auth0/auth0-create-action.png alt:"Auth0 Create Action" width:"600" %}{: .center-image } +{% img blog/jakartaee-auth0/auth0-create-action.png alt:"Auth0 Create Action" width:"500" %}{: .center-image } Change the code for the action to the following. @@ -225,10 +223,9 @@ Drag the **Add Roles** action over under the **Rules (legacy)** action. {% img blog/jakartaee-auth0/auth0-action-flow.png alt:"Auth0 Action Flow" width:"400" %}{: .center-image } - Click **Apply** (top right of the panel). -## Explore the ProtectedServlet and OIDC flow +## Explore the `ProtectedServlet` and OIDC flow Let's look at the `ProtectedServlet` first. This is the class that defines the OIDC annotation and will redirect to Auth0 to handle OIDC authentication. @@ -334,7 +331,7 @@ To summarize (and simplify) the request flow to the `/protected` endpoint. All of that happened above when you logged into Auth0 and loaded the protected servlet. Since this servlet handily prints out the JWT, I thought it would be nice to see how to secure a web API using a JWT, which is what you'll see in the next section. -## Use the JWT to access the protected API +## Use a JWT to access the protected API The `ApiServlet` file defines an API servlet. @@ -475,20 +472,16 @@ HTTP/1.1 200 OK Connection: keep-alive Content-Length: 401 Content-Type: text;charset=ISO-8859-1 -Date: Tue, 27 Sep 2022 15:02:59 GMT +Date: Tue, 27 Jan 2023 15:02:59 GMT Welcome, andrew.hughes@mail.com ... ``` -## Keep Learning with Jakarta EE and Auth0 +## Keep learning with Jakarta EE and Auth0 -<<<<<<< HEAD -You just built a Jakarta Enterprise Edition application that used the new OpenID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2 provider, and you saw how to implement both SSO and JWT authentication. -======= -You just built a Jakarta Enterprise Edition application that used the new Open ID connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2.0 provider, and you saw how to implement both SSO and JWT authentication. ->>>>>>> cf15c776fb952e876a1044d949b35dc261266471 +You just built a Jakarta Enterprise Edition application that used the new OpenID Connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2.0 provider, and you saw how to implement both SSO and JWT authentication. You can find the source code for this example on GitHub in the [@oktadev/okta-jakartaee-oidc-example](https://github.com/oktadev/okta-jakartaee-oidc-example) repository. From 2a6b83dd445642cce7e7b2cec4068bcfbd98c78e Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Mon, 13 Feb 2023 17:02:57 -0700 Subject: [PATCH 18/34] Revert changelog changes --- _source/_posts/2022-08-19-build-crud-spring-and-vue.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_source/_posts/2022-08-19-build-crud-spring-and-vue.md b/_source/_posts/2022-08-19-build-crud-spring-and-vue.md index eceefb7289..d2ce5a42cb 100644 --- a/_source/_posts/2022-08-19-build-crud-spring-and-vue.md +++ b/_source/_posts/2022-08-19-build-crud-spring-and-vue.md @@ -14,6 +14,7 @@ image: blog/spring-boot-vue3/spring-boot-vue.jpg type: conversion github: https://github.com/oktadev/okta-spring-boot-vue-crud-example changelog: +- 2023-01-20: Updated post to add Auth0 and use Spring Boot 3.0. You can find the changes to this post in [okta-blog#1284](https://github.com/oktadev/okta-blog/pull/1284). Example app changes can be found in [okta-spring-boot-vue-crud-example#6](https://github.com/oktadev/okta-spring-boot-vue-crud-example/pull/6). --- You will use Vue and Spring Boot to build a todo list web application. The application will include CRUD abilities, meaning that you can **c**reate, **r**ead, **u**pdate, and **d**elete the todo items on the Spring Boot API via the client. The Vue frontend client will use the Quasar framework for the presentation. OAuth 2.0 and OpenID Connect (OIDC) will secure the Spring Boot API and the Vue client, initially by using Okta as the security provider. Then, at the end of the tutorial, you will also see how to use Auth0 as the security provider. From 31833411ec421f9afe339cd0d3b7aa374a58254d Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Tue, 14 Feb 2023 11:20:01 -0700 Subject: [PATCH 19/34] Apply suggestions from code review --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 75 +++++++++----------- 1 file changed, 35 insertions(+), 40 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 0c0ef91716..2d53e7331a 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -18,17 +18,19 @@ This stack includes a lot of technologies. I'm going to introduce them briefly b {% include toc.md %} -## Jakarta vs Java, EE vs SE +## Jakarta EE vs Java EE Jakarta EE is Jakarta Enterprise Edition, formerly known as Java EE. The name and framework packages were migrated when Oracle gave Java EE to the Eclipse Foundation because Oracle still has the rights to the Java brand and did not open-source absolutely everything that was in the `javax.*` namespace. Thus, Jakarta EE is the Eclipse-owned and now totally open-source Java EE (You may have recently had to change some packages from `javax` to `jakarta`. This is why.) Enterprise Edition is built on top of Jakarta (that is, Java) SE, or Standard Edition. Jakarta SE is the more lightweight Java version that provides a basic cross-platform runtime. Enterprise Edition is assumed to be running on an application server and adds libraries intended for larger-scale, multi-user applications. -To run an SE application, all you need is the JRE (Java runtime environment) for a compatible version of Java. Enterprise Edition, however, requires a more complete runtime environment and has a lot more possible modules and configuration options. To see a list of Jakarta EE compatible products, you can look at [the Jakarta website](https://jakarta.ee/compatibility/). A few examples are Open Liberty, Payara, WildFly, GlassFish, and TomEE. +### What about Java SE? + +To run a Java SE application, all you need is the JRE (Java runtime environment) for a compatible version of Java. Enterprise Edition, however, requires a more complete runtime environment and has a lot more possible modules and configuration options. To see a list of Jakarta EE compatible products, you can look at [the Jakarta website](https://jakarta.ee/compatibility/). A few examples are Open Liberty, Payara, WildFly, GlassFish, and TomEE. As of the time I wrote this tutorial, Jakarta EE 10 was a very new release, and only three frameworks supported version 10: Eclipse GlassFish, Payara Server Community, and WildFly. -### WildFly +### WildFly for Jakarta EE 10 I chose to use [WildFly](https://www.wildfly.org/) as my Jakarta EE runtime. Hantsy Bai created a great example project that was a big help. Check out [the GitHub project repository page](https://github.com/hantsy/jakartaee10-sandbox). Thanks, Hantsy Bai! Super helpful. @@ -36,7 +38,7 @@ WildFly is an open-source community project sponsored by Red Hat. It bills itsel ### Jakarta Security 3.0 -The exciting thing about Jakarta 10 (from a security perspective) is that it includes a new OIDC implementation in the Security 3.0 specification. OpenID Connect is an authentication protocol. This protocol is implemented by many third-party vendors, such as Auth0 and Okta, making it relatively easy to add secure login to an application. Jakarta EE 10 Security 3.0 provides an annotation-based configuration to add OIDC authentication to servlets. +The exciting thing about Jakarta EE 10 (from a security perspective) is that it includes a new OIDC implementation in the Security 3.0 specification. OpenID Connect is an authentication protocol. This protocol is implemented by many third-party vendors, such as Auth0 and Okta, making it relatively easy to add secure login to an application. Jakarta EE 10 Security 3.0 provides an annotation-based configuration to add OIDC authentication to servlets. You can check out [the docs for Jakarta EE 10 Security 3.0 OIDC here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). @@ -91,7 +93,7 @@ The WildFly plugin is included and configured in the block below. The docs for [the WildFly Maven plugin are here](https://docs.wildfly.org/wildfly-maven-plugin/). Except for the cryptic `` block, the plugin is pretty simple and easy to use. -It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI in the server and instead delegates validation of credentials to a non-integrated `ServerAuthModule`. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. +It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI (Java Authentication SPI for Containers) in the server and instead delegates validation of credentials to a non-integrated `ServerAuthModule`. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. ## Project structure and configuration @@ -107,24 +109,24 @@ src ├── java │ └── com │ └── demo + │ ├── ApiServlet.java // API protected by filter │ ├── CallbackServlet.java // OIDC callback handler - │ ├── ProtectedServlet.java // OIDC-handling servlet endpoint - │ ├── PublicServlet.java // Public endpoint │ ├── JwtFilter.java // Verifies JWT and secures ApiServlet - │ ├── ApiServlet.java // API protected by filter - │ └── OpenIdConfig.java // Loads openid.properties + │ ├── OidcConfig.java // Loads oidc.properties + │ ├── ProtectedServlet.java // OIDC-handling servlet endpoint + │ └── PublicServlet.java // Public endpoint ├── resources - │ ├── logging.properties // Simple console logging configuration │ ├── META-INF │ │ ├── beans.xml // Declare some provided dependencies for deployment │ │ └── MANIFEST.MF // Configure CDI (Contexts and Dependency Injection) - │ └── openid.properties // OpenID config properties + │ ├── logging.properties // Simple console logging configuration + │ └── oidc.properties // OpenID Connect config properties └── webapp └── WEB-INF └── jboss-web.xml // Configures context root to '/' ``` -When the application loads, the OpenID properties are loaded from `openid.properties` by the `OpenIDConfig` class. These values are used by the `JwtFilter` to create the class that verifies JSON Web Tokens. These properties are also used by the `ProtectedServlet` in the `@OpenIdAuthenticationMechanismDefinition` annotation to configure OIDC. +When the application loads, the OpenID Connect properties are loaded from `oidc.properties` by the `OidcConfig` class. These values are used by the `JwtFilter` to create the class that verifies JSON Web Tokens. These properties are also used by the `ProtectedServlet` in the `@OpenIdAuthenticationMechanismDefinition` annotation to configure OIDC. The `jboss-web.xml` file is simply used to change the context root to `/`. @@ -151,14 +153,13 @@ auth0 apps create Use the following values: -- **Name**: `javartaee-demo` - +- **Name**: `jakartaee-demo` - **Description**: whatever you like, or leave blank - **Type**: `Regular Web Application` - **Callback URLs**: `http://localhost:8080/callback` - **Allowed Logout URLs**: `http://localhost:8080` -The console output shows you the Auth0 domain and the OIDC client ID. However, you also need the client secret. On the 1.0 version of the Auth0 CLI you can show the client sercret with the `--reveal-secrets` command. However, for previous versions, you have to get the client secret by logging into Auth0. Type the following: +The console output shows you the Auth0 domain and the OIDC client ID. However, you also need the client secret. On the 1.0 version of the Auth0 CLI you can show the client secret by adding `--reveal-secrets` to the `apps create` command. However, for previous versions, you have to get the client secret by logging into Auth0. Type the following: ```bash auth0 apps open @@ -168,10 +169,10 @@ Select the OIDC app (or client) you just created from the list. This will open t {% img blog/jakartaee-auth0/oidc-application-auth0.png alt:"Auth0 OIDC App" width:"600" %}{: .center-image } -Fill in the three values in `src/main/resources/openid.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. +Fill in the three values in `src/main/resources/oidc.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. ```properties -issuerUri= +issuerUri=https:// clientId= clientSecret= ``` @@ -237,21 +238,19 @@ package com.demo; ... @OpenIdAuthenticationMechanismDefinition( - providerURI = "${openIdConfig.issuerUri}", - clientId = "${openIdConfig.clientId}", - clientSecret = "${openIdConfig.clientSecret}", - redirectURI = "${baseURL}/callback", - // default 500ms caused timeouts for me - jwksConnectTimeout = 5000, - jwksReadTimeout = 5000, - // Auth0 requires the audience to be set to the default API - extraParameters = {"audience=https://${openIdConfig.issuerUri}/api/v2/"}, - // read the roles from Auth0 custom claim - claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") + providerURI = "${openIdConfig.issuerUri}", + clientId = "${openIdConfig.clientId}", + clientSecret = "${openIdConfig.clientSecret}", + redirectURI = "${baseURL}/callback", + // default 500ms caused timeouts for me + jwksConnectTimeout = 5000, + jwksReadTimeout = 5000, + extraParameters = {"audience=https://${openIdConfig.issuerUri}/api/v2/"}, + claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") ) @WebServlet("/protected") @ServletSecurity( - @HttpConstraint(rolesAllowed = "Everyone") + @HttpConstraint(rolesAllowed = "Everyone") ) public class ProtectedServlet extends HttpServlet { @@ -314,9 +313,7 @@ public class CallbackServlet extends HttpServlet { LOGGER.info("OIDC callback success. Redirecting to: " + redirectTo); response.sendRedirect(redirectTo); } - } - ``` To summarize (and simplify) the request flow to the `/protected` endpoint. @@ -348,15 +345,13 @@ public class ApiServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { - DecodedJWT jwt = (DecodedJWT)request.getAttribute("jwt"); - response.setContentType("text"); + DecodedJWT jwt = (DecodedJWT) request.getAttribute("jwt"); + response.setContentType("text/plain"); response.getWriter().println("Welcome, " + jwt.getClaims().get("sub")); response.getWriter().println(jwt.getClaims()); } } -``` - This servlet by itself is not at all secure and would be public without the `JwtFilter` class, which is shown below. The filter intercepts any requests matching the `/api/*` URL pattern and denies them if they do not have a valid JWT. `src/main/java/com/demo/JwtFilter.java` @@ -372,7 +367,7 @@ public class JwtFilter implements Filter { private static final Logger LOGGER = Logger.getLogger(JwtFilter.class.getName()); @Inject - OpenIdConfig openIdConfig; + OidcConfig oidcConfig; private JWTVerifier jwtVerifier; @@ -399,7 +394,7 @@ public class JwtFilter implements Filter { } else { String accessToken = authHeader.substring(authHeader.indexOf("Bearer ") + 7); LOGGER.info("accesstoken: " + request.getRequestURI()); - JwkProvider provider = new UrlJwkProvider(openIdConfig.getIssuerUri()); + JwkProvider provider = new UrlJwkProvider(oidcConfig.getIssuerUri()); try { DecodedJWT jwt = JWT.decode(accessToken); // Get the kid from received JWT token @@ -408,8 +403,8 @@ public class JwtFilter implements Filter { Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null); JWTVerifier verifier = JWT.require(algorithm) - .withIssuer(openIdConfig.getIssuerUri()) - .build(); + .withIssuer(oidcConfig.getIssuerUri()) + .build(); jwt = verifier.verify(accessToken); LOGGER.info("JWT decoded. sub=" + jwt.getClaims().get("sub")); @@ -447,7 +442,7 @@ http :8080/api/protected You'll get: -```Bash +```bash HTTP/1.1 401 Unauthorized ``` From 55fbaa45a569537769b1c3c1109a5f367e334025 Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Tue, 14 Feb 2023 11:21:43 -0700 Subject: [PATCH 20/34] Remove unused variable. --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 2d53e7331a..4f9c51bdaf 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -368,9 +368,6 @@ public class JwtFilter implements Filter { @Inject OidcConfig oidcConfig; - - private JWTVerifier jwtVerifier; - @Override public void init(FilterConfig filterConfig) { LOGGER.info("Auth0 jwtVerifier initialized for issuer:" + openIdConfig.getIssuerUri()); From dfb21ba783451ff4fac3c80ce8dcc5de2181d38a Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Tue, 14 Feb 2023 11:40:09 -0700 Subject: [PATCH 21/34] Polishing --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 4f9c51bdaf..79593209dc 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -134,7 +134,7 @@ Neither of the files in the `META-INF` directory seem to be required for the app ## Create an Auth0 OIDC application -If you have not already, install the [Auth0 CLI](https://github.com/auth0/auth0-cli) and run `auth0 login` in a terminal. As I write this, the Auth0 CLI 1.0 version is in beta. It adds some new features that I'll mention. You can take a look at [the release here](https://github.com/auth0/auth0-cli/releases/tag/v1.0.0-beta.1). +If you have not already, [install the Auth0 CLI](https://github.com/auth0/auth0-cli#installation) and run `auth0 login` in a terminal. As I write this, the Auth0 CLI 1.0 version is in beta. It adds some new features that I'll mention. You can take a look at [the release here](https://github.com/auth0/auth0-cli/releases/tag/v1.0.0-beta.1). ```bash Waiting for the login to complete in the browser... done @@ -307,7 +307,7 @@ public class CallbackServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { + throws ServletException, IOException { String referer = (String) request.getSession().getAttribute("Referer"); String redirectTo = referer != null ? referer : request.getContextPath() + "/protected"; LOGGER.info("OIDC callback success. Redirecting to: " + redirectTo); From 47b1639f390411df220bedc12a554468f6f992a4 Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Tue, 14 Feb 2023 12:01:50 -0700 Subject: [PATCH 22/34] Rename openIdConfig to oidcConfig --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 79593209dc..9b7967fcaf 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -238,14 +238,14 @@ package com.demo; ... @OpenIdAuthenticationMechanismDefinition( - providerURI = "${openIdConfig.issuerUri}", - clientId = "${openIdConfig.clientId}", - clientSecret = "${openIdConfig.clientSecret}", + providerURI = "${oidcConfig.issuerUri}", + clientId = "${oidcConfig.clientId}", + clientSecret = "${oidcConfig.clientSecret}", redirectURI = "${baseURL}/callback", // default 500ms caused timeouts for me jwksConnectTimeout = 5000, jwksReadTimeout = 5000, - extraParameters = {"audience=https://${openIdConfig.issuerUri}/api/v2/"}, + extraParameters = {"audience=https://${oidcConfig.issuerUri}/api/v2/"}, claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") ) @WebServlet("/protected") @@ -368,9 +368,10 @@ public class JwtFilter implements Filter { @Inject OidcConfig oidcConfig; + @Override public void init(FilterConfig filterConfig) { - LOGGER.info("Auth0 jwtVerifier initialized for issuer:" + openIdConfig.getIssuerUri()); + LOGGER.info("Auth0 jwtVerifier initialized for issuer:" + oidcConfig.getIssuerUri()); } @Override From 7b4be10a7e7cda76767f1ad1fe8b7fd2032a8182 Mon Sep 17 00:00:00 2001 From: Matt Raible Date: Tue, 14 Feb 2023 12:50:42 -0700 Subject: [PATCH 23/34] Grammarly --- _source/_posts/2023-03-01-jakarta-ee-oidc.md | 66 ++++++++++---------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/_source/_posts/2023-03-01-jakarta-ee-oidc.md b/_source/_posts/2023-03-01-jakarta-ee-oidc.md index 9b7967fcaf..833741f833 100644 --- a/_source/_posts/2023-03-01-jakarta-ee-oidc.md +++ b/_source/_posts/2023-03-01-jakarta-ee-oidc.md @@ -3,16 +3,16 @@ layout: blog_post title: "Use Jakarta EE 10 with OpenID Connect Authentication" author: andrew-hughes by: contractor -communities: [java,security] +communities: [java] description: "Use Jakarta EE 10 to build a secure Java web application using OpenID Connect and Auth0." -tags: [java, jakartaee] +tags: [java, jakartaee, auth0] image: type: conversion --- -Jakarta EE 10 includes a new authentication mechanism: OpenID Connect! This can be added to a Jakarta EE servlet using the new `@OpenIdAuthenticationMechanismDefinition` annotation. +Jakarta EE 10 includes a new authentication mechanism: OpenID Connect! This can be added to a Jakarta EE servlet using the new `@OpenIdAuthenticationMechanismDefinition` annotation. -In this tutorial, you are going to see how to implement a web application with OpenID Connect (OIDC) authentication and use Auth0 as the OIDC provider. You are also going to see one way to secure an API and authenticate using JSON Web Tokens (JWTs). This will all be accomplished using WildFly as the Jakarta EE runtime. +This tutorial will show you how to implement a web application with OpenID Connect (OIDC) authentication and use Auth0 as the OIDC provider. You will also see one way to secure an API and authenticate using JSON Web Tokens (JWTs). This will all be accomplished using WildFly as the Jakarta EE runtime. This stack includes a lot of technologies. I'm going to introduce them briefly below. If you're comfortable with all those terms and just want to get to the code, **feel free to skip ahead to the prerequisites section**. @@ -20,31 +20,31 @@ This stack includes a lot of technologies. I'm going to introduce them briefly b ## Jakarta EE vs Java EE -Jakarta EE is Jakarta Enterprise Edition, formerly known as Java EE. The name and framework packages were migrated when Oracle gave Java EE to the Eclipse Foundation because Oracle still has the rights to the Java brand and did not open-source absolutely everything that was in the `javax.*` namespace. Thus, Jakarta EE is the Eclipse-owned and now totally open-source Java EE (You may have recently had to change some packages from `javax` to `jakarta`. This is why.) +Jakarta EE is Jakarta Enterprise Edition, formerly known as Java EE. The name and framework packages were migrated when Oracle gave Java EE to the Eclipse Foundation because Oracle still has the rights to the Java brand and did not open-source absolutely everything in the `javax.*` namespace. Thus, Jakarta EE is the Eclipse-owned and now totally open-source Java EE (You may have recently had to change some packages from `javax` to `jakarta`. This is why.) -Enterprise Edition is built on top of Jakarta (that is, Java) SE, or Standard Edition. Jakarta SE is the more lightweight Java version that provides a basic cross-platform runtime. Enterprise Edition is assumed to be running on an application server and adds libraries intended for larger-scale, multi-user applications. +Enterprise Edition is built on top of Jakarta (that is, Java) SE or Standard Edition. Jakarta SE is the more lightweight Java version that provides a basic cross-platform runtime. Enterprise Edition is assumed to run on an application server and adds libraries for larger-scale, multi-user applications. -### What about Java SE? +### What about Java SE? -To run a Java SE application, all you need is the JRE (Java runtime environment) for a compatible version of Java. Enterprise Edition, however, requires a more complete runtime environment and has a lot more possible modules and configuration options. To see a list of Jakarta EE compatible products, you can look at [the Jakarta website](https://jakarta.ee/compatibility/). A few examples are Open Liberty, Payara, WildFly, GlassFish, and TomEE. +To run a Java SE application, you only need the JRE (Java runtime environment) for a compatible version of Java. Enterprise Edition, however, requires a complete runtime environment and has many more possible modules and configuration options. To see a list of Jakarta EE-compatible products, you can look at [the Jakarta website](https://jakarta.ee/compatibility/). A few examples are Open Liberty, Payara, WildFly, GlassFish, and TomEE. -As of the time I wrote this tutorial, Jakarta EE 10 was a very new release, and only three frameworks supported version 10: Eclipse GlassFish, Payara Server Community, and WildFly. +As of the time I wrote this tutorial, Jakarta EE 10 was a very new release, and only three frameworks supported version 10: Eclipse GlassFish, Payara Server Community, and WildFly. ### WildFly for Jakarta EE 10 I chose to use [WildFly](https://www.wildfly.org/) as my Jakarta EE runtime. Hantsy Bai created a great example project that was a big help. Check out [the GitHub project repository page](https://github.com/hantsy/jakartaee10-sandbox). Thanks, Hantsy Bai! Super helpful. -WildFly is an open-source community project sponsored by Red Hat. It bills itself as a "flexible, lightweight, managed application runtime" that is "based on Jakarta EE and provides rich enterprise capabilities in easy to consume frameworks that eliminate boilerplate and reduce technical burden." It is a modular, standards-based runtime for Jakarta EE applications. +WildFly is an open-source community project sponsored by Red Hat. It bills itself as a "flexible, lightweight, managed application runtime" that is "based on Jakarta EE and provides rich enterprise capabilities in easy-to-consume frameworks that eliminate boilerplate and reduce technical burden." It is a modular, standards-based runtime for Jakarta EE applications. ### Jakarta Security 3.0 -The exciting thing about Jakarta EE 10 (from a security perspective) is that it includes a new OIDC implementation in the Security 3.0 specification. OpenID Connect is an authentication protocol. This protocol is implemented by many third-party vendors, such as Auth0 and Okta, making it relatively easy to add secure login to an application. Jakarta EE 10 Security 3.0 provides an annotation-based configuration to add OIDC authentication to servlets. +The exciting thing about Jakarta EE 10 (from a security perspective) is that it includes a new OIDC implementation in the Security 3.0 specification. OpenID Connect is an authentication protocol. Many third-party vendors, such as Auth0 and Okta, implement this protocol, making it relatively easy to add secure login to an application. Jakarta EE 10 Security 3.0 provides an annotation-based configuration to add OIDC authentication to servlets. You can check out [the docs for Jakarta EE 10 Security 3.0 OIDC here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). ## Prerequisites -Before you start, please make sure you have the following prerequisites installed (or install them now). +Before you start, please ensure the following prerequisites are installed (or install them now). - [Java 17](https://adoptium.net/): or use [SDKMAN!](https://sdkman.io/) to manage and install multiple versions (the Jakarta EE spec says 11 and up is supported, but I wrote this tutorial assuming version 17) - [Auth0 CLI](https://github.com/auth0/auth0-cli#installation): the Auth0 command-line interface @@ -62,7 +62,7 @@ git clone https://github.com/oktadev/auth0-jakarta-ee-oidc-example.git I won't reproduce the entire `pom.xml` file here, but I want to point out a few things. -First, take a look at the dependencies. The only dependency required for Jakarta EE is the first one (`jakarta.jakartaee-api`). +First, take a look at the dependencies. The only dependency required for Jakarta EE is the first one (`jakarta.jakartaee-api`). ```xml @@ -91,13 +91,13 @@ The WildFly plugin is included and configured in the block below. ``` -The docs for [the WildFly Maven plugin are here](https://docs.wildfly.org/wildfly-maven-plugin/). Except for the cryptic `` block, the plugin is pretty simple and easy to use. +The docs for [the WildFly Maven plugin are here](https://docs.wildfly.org/wildfly-maven-plugin/). Except for the cryptic `` block, the plugin is pretty simple and easy to use. -It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI (Java Authentication SPI for Containers) in the server and instead delegates validation of credentials to a non-integrated `ServerAuthModule`. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. +It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI (Java Authentication SPI for Containers) in the server and delegates validation of credentials to a non-integrated `ServerAuthModule`. This allows identities to be dynamically created instead of statically stored in an integrated security domain. Look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. ## Project structure and configuration -The files in the `src` directory are listed below. There are three different services: +The files in the `src` directory are listed below. There are three different services: 1. the OIDC-protected servlet; 2. the API servlet protected by a JWT authentication filter; and @@ -130,7 +130,7 @@ When the application loads, the OpenID Connect properties are loaded from `oidc. The `jboss-web.xml` file is simply used to change the context root to `/`. -Neither of the files in the `META-INF` directory seem to be required for the application to function. The `beans.xml` file explicitly enables CDI / dependency injection. However, this would also be done implicitly by the use of the annotations. The `MANIFEST.MF` file defines some provided runtime dependencies related to CDI. Perhaps in some runtime environments it would be necessary to include this file, but it seems unneeded when running locally with WilfFly. +Neither of the files in the `META-INF` directory seems to be required for the application to function. The `beans.xml` file explicitly enables CDI / dependency injection. However, this would also be done implicitly by the use of annotations. The `MANIFEST.MF` file defines some provided runtime dependencies related to CDI. Perhaps it would be necessary to include this file in some runtime environments, but it seems unneeded when running locally with WilfFly. ## Create an Auth0 OIDC application @@ -159,7 +159,7 @@ Use the following values: - **Callback URLs**: `http://localhost:8080/callback` - **Allowed Logout URLs**: `http://localhost:8080` -The console output shows you the Auth0 domain and the OIDC client ID. However, you also need the client secret. On the 1.0 version of the Auth0 CLI you can show the client secret by adding `--reveal-secrets` to the `apps create` command. However, for previous versions, you have to get the client secret by logging into Auth0. Type the following: +The console output shows you the Auth0 domain and the OIDC client ID. However, you also need the client secret. With the 1.0 version of the Auth0 CLI, you can show the client secret by adding `--reveal-secrets` to the `apps create` command. However, you must get the client secret for previous versions by logging into Auth0. Type the following: ```bash auth0 apps open @@ -169,7 +169,7 @@ Select the OIDC app (or client) you just created from the list. This will open t {% img blog/jakartaee-auth0/oidc-application-auth0.png alt:"Auth0 OIDC App" width:"600" %}{: .center-image } -Fill in the three values in `src/main/resources/oidc.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. +Fill in the three values in `src/main/resources/oidc.properties`. Replace the bracketed values with those from the OIDC application page on the Auth0 dashboard. ```properties issuerUri=https:// @@ -179,11 +179,11 @@ clientSecret= ## Configure roles on Auth0 -Managing roles is a feature that is being added in [the upcoming Auth0 CLI 1.0 version](https://github.com/auth0/auth0-cli/releases/tag/v1.0.0-beta.1) that's currently in beta. What I'll show you below is how to do it in the dashboard. +Managing roles is a feature that is being added in [the upcoming Auth0 CLI 1.0 version](https://github.com/auth0/auth0-cli/releases/tag/v1.0.0-beta.1) that's currently in beta. I'll show you below how to do it in the dashboard. Open your [Auth0 developer dashboard](https://manage.auth0.com). You need to create a role, assign your user to that role, and create an action that will inject the roles into a custom claim in the JWT. -Under **User Management** click on **Roles**. Click the **Create Role** button. +Under **User Management**, click on **Roles**. Click the **Create Role** button. {% img blog/jakartaee-auth0/auth0-create-role.png alt:"Auth0 Create Role" width:"1000" %}{: .center-image } @@ -193,7 +193,7 @@ Under **User Management** click on **Roles**. Click the **Create Role** button. The Everyone role panel should be shown. Select the **Users** tab. Click **Add Users**. Assign yourself to the role. -You've now created a role and assigned yourself to it. But this information will not be passed along in the JWT without a little customization. The current best practice is to do this using actions. +You've now created a role and assigned yourself to it. But this information will not be passed along in the JWT without a bit of customization. The current best practice is to do this using actions. Select **Actions** from the left menu in the developer dashboard. Click on **Flows**. Select **Login**. @@ -216,11 +216,11 @@ exports.onExecutePostLogin = async (event, api) => { } ``` -Click on **Deploy**. +Click on **Deploy**. Click on the **Add to flow** link in the popup window that slides in (if you miss this, you can find the new action under the custom action tab back in the flow panel). -Drag the **Add Roles** action over under the **Rules (legacy)** action. +Drag the **Add Roles** action over under the **Rules (legacy)** action. {% img blog/jakartaee-auth0/auth0-action-flow.png alt:"Auth0 Action Flow" width:"400" %}{: .center-image } @@ -279,9 +279,9 @@ public class ProtectedServlet extends HttpServlet { } ``` -The `@OpenIdAuthenticationMechanismDefinition` is the new feature added by Jakarta EE 10 and Security 3.0. The docs for this annotation [are here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). +The `@OpenIdAuthenticationMechanismDefinition` is the new feature added by Jakarta EE 10 and Security 3.0. The docs for this annotation [are here](https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation). -The first four params set the required OIDC values. I had to increase the timeout values to avoid an intermittent error. The `extraParameters` param is used to send the `audience` value as the Auth0 custom API (without which, Auth0 will return an opaque token). The `claimsDefinition` param is used to configure reading the roles from the custom claim. +The first four parameters set the required OIDC values. I had to increase the timeout values to avoid an intermittent error. The `extraParameters` param is used to send the `audience` value as the Auth0 custom API (without which, Auth0 will return an opaque token). The `claimsDefinition` param is used to configure reading the roles from the custom claim. The `@OpenIdAuthenticationMechanismDefinition` annotation alone does not protect the resource. It activates OIDC and configures a provider. It could just as easily have been included in another class file. @@ -291,9 +291,9 @@ The other annotation, `@WebServlet("/protected")`, defines the class as a web se CDI (Context and Dependency Injection) is used to inject two dependencies: the `OpenIdContext` and the `SecurityContext`. These are both used to retrieve and return some details about the authenticated person. They are not required for authentication itself. -When a user that is not authenticated attempts to load this resource, they are redirected to Auth0 for authentication. From a browser, the user sees Auth0's login screen. After successfully logging in, the user is redirected back to the `/callback` servlet with an authentication code. Jakarta EE's security framework intercepts this redirect and sends the code back to Auth0 to exchange it for an authentication token before passing control back to the `/callback` endpoint. +When a user that is not authenticated attempts to load this resource, they are redirected to Auth0 for authentication. From a browser, the user sees Auth0's login screen. After successfully logging in, the user is redirected back to the `/callback` servlet with an authentication code. Jakarta EE's security framework intercepts this redirect and sends the code back to Auth0 to exchange it for an authentication token before passing control back to the `/callback` endpoint. -At this point, the user is successfully authenticated. If you look at the callback servlet (shown below), you'll see that it simply redirects the user back to the `/protected` servlet. +At this point, the user is successfully authenticated. If you look at the callback servlet (shown below), you'll see that it simply redirects the user back to the `/protected` servlet. ```java package com.demo; @@ -320,10 +320,10 @@ To summarize (and simplify) the request flow to the `/protected` endpoint. - Client requests `/protected`. - Jakarta EE Security 3.0 intercepts this request based on OIDC configuration and authentication requirement for the endpoint and redirects to Auth0 for authentication. -- Upon successful authentication, Auth0 redirects back to `/callback` endpoint, sending authorization code. -- Jakarta EE Security 3.0 intercepts the request to the `/callback`endpoint and sends the authorization code back to Auth0. +- Upon successful authentication, Auth0 redirects back to `/callback` endpoint, sending the authorization code. +- Jakarta EE Security 3.0 intercepts the request to the `/callback` endpoint and sends the authorization code back to Auth0. - Auth0 accepts the authorization code, verifies it, and returns an access token (and possibly an identity token) to the Jakarta EE Security 3.0 framework. -- Once a verified JWT is received and unpacked, the user is authenticated and the `@ServletSecurity` annotation requirement is checked. If the user is a member of the `Everyone` group, the `ProtectedServlet.doGet()` method is called. +- Once a verified JWT is received and unpacked, the user is authenticated, and the `@ServletSecurity` annotation requirement is checked. If the user is a member of the `Everyone` group, the `ProtectedServlet.doGet()` method is called. - The `ProtectedServlet.doGet()` method programmatically redirects back to `/protected`. All of that happened above when you logged into Auth0 and loaded the protected servlet. Since this servlet handily prints out the JWT, I thought it would be nice to see how to secure a web API using a JWT, which is what you'll see in the next section. @@ -424,7 +424,7 @@ public class JwtFilter implements Filter { } ``` -This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT verification](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute and the request is allowed to continue. +This code uses Auth0's JWT verifier for Java. Auth0 [has good docs on JWT verification](https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens). If a valid JWT is found and decoded, it is saved in a request attribute, and the request is allowed to continue. Give it a try. Start the project. @@ -474,7 +474,7 @@ Welcome, andrew.hughes@mail.com ## Keep learning with Jakarta EE and Auth0 -You just built a Jakarta Enterprise Edition application that used the new OpenID Connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2.0 provider, and you saw how to implement both SSO and JWT authentication. +You just built a Jakarta Enterprise Edition application that used the new OpenID Connect annotation and implementation built into Jakarta EE 10. You used Auth0 as the OIDC and OAuth 2.0 provider and saw how to implement both SSO and JWT authentication. You can find the source code for this example on GitHub in the [@oktadev/okta-jakartaee-oidc-example](https://github.com/oktadev/okta-jakartaee-oidc-example) repository. From c9accca01f5537f8bbac93833098ab9e1275e14a Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Sun, 19 Feb 2023 11:55:54 +0530 Subject: [PATCH 24/34] qa updates --- _source/_posts/2023-01-24-jakartaee-auth0.md | 139 +++++++++++++------ 1 file changed, 93 insertions(+), 46 deletions(-) diff --git a/_source/_posts/2023-01-24-jakartaee-auth0.md b/_source/_posts/2023-01-24-jakartaee-auth0.md index 1195822df4..a67ae7f024 100644 --- a/_source/_posts/2023-01-24-jakartaee-auth0.md +++ b/_source/_posts/2023-01-24-jakartaee-auth0.md @@ -12,6 +12,7 @@ tweets: - "" image: type: conversion + --- ## OpenID authentication with Jakarta EE 10 and Security 3.0 @@ -95,6 +96,8 @@ The docs for [the WildFly Maven plugin are here](https://docs.wildfly.org/wildfl It took a little digging to figure out, but the obscure command block *is* required, at least according to the experts I asked. It disables integrated JASPI in the server and instead delegates validation of credentials to a non-integrated `ServerAuthModule`. This allows for identities to be dynamically created instead of statically stored in an integrated security domain. Take a look at the [Elytron and Java EE Security section of the docs](https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Elytron_and_Java_EE_Security) for more on this. +There's also a Maven `unpack` plugin that is used to download the specified WildFly version and unpack it locally. Alternatively, you could run a separate instance of WildFly and load the application using the WildFly maven plugin. + ## Project structure and configuration The files in the `src` directory are listed below. There are three different services: @@ -153,7 +156,7 @@ auth0 apps create Use the following values: -- **Name**: `javartaee-demo` +- **Name**: `jakartaee-demo` - **Description**: whatever you like, or leave blank - **Type**: `Regular Web Application` @@ -173,11 +176,30 @@ Select the OIDC app (or client) you just created from the list. This will open t Fill in the three values in `src/main/resources/openid.properties`. Replace the bracketed values with the values from the OIDC application page on the Auth0 dashboard. ```properties -issuerUri= +domain= clientId= clientSecret= ``` +You also need to fill in your domain in the `ProtectedServlet.java` file. In the `OpenIdAuthenticationMechanismDefinition` annotation, look at the `extraParameters` parameter. You need to replace `` with your actual Auth0 domain. + +`src/main/java/com/demo/ProtectedServlet.java` + +```java +@OpenIdAuthenticationMechanismDefinition( + clientId = "${oidcConfig.clientId}", + clientSecret = "${oidcConfig.clientSecret}", + redirectURI = "${baseURL}/callback", + providerURI = "${oidcConfig.issuerUri}", + jwksConnectTimeout = 5000, + jwksReadTimeout = 5000, + extraParameters = {"audience=https:///api/v2/"}, // <-- YOUR DOMAIN HERE + claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") +) +``` + +There must be a way to use the `extraParametersExpression` annotation parameter to load this from the config file, but I was unable to get it to work (if somebody figures it out, let me know and I'll update this tutorial). + ## Configure Roles on Auth0 Managing roles is a feature that is being added in [the upcoming Auth0 CLI 1.0 version](https://github.com/auth0/auth0-cli/releases/tag/v1.0.0-beta.1) that's currently in beta. What I'll show you below is how to do it in the dashboard. @@ -192,7 +214,7 @@ Under **User Management** click on **Roles**. Click the **Create Role** button. {% img blog/jakartaee-auth0/auth0-create-role2.png alt:"Auth0 Create Role, part 2" width:"700" %}{: .center-image } -The Everyone role panel should be shown. Select the **Users** tab. Click **Add Users**. Assign yourself to the role. +The `Everyone` role panel should be shown. Select the **Users** tab. Click **Add Users**. Assign yourself to the role. You've now created a role and assigned yourself to it. But this information will not be passed along in the JWT without a little customization. The current best practice is to do this using actions. @@ -230,7 +252,7 @@ Click **Apply** (top right of the panel). ## Explore the ProtectedServlet and OIDC flow -Let's look at the `ProtectedServlet` first. This is the class that defines the OIDC annotation and will redirect to Auth0 to handle OIDC authentication. +Let's look at the `ProtectedServlet` first. This is the class that defines the OIDC annotation and will redirect to Auth0 to handle OIDC authentication. **You should have already substituted your Auth0 domain for the bracketed placeholder in the OpenID annotation in this file.** The actual method does very litte, just extract some information from the JWT and print it. All of the action is in the annotations. `src/main/java/com/demo/ProtectedServlet.java` @@ -239,22 +261,21 @@ package com.demo; ... +// This globally defines the OIDC configuration (but does not itself secure the method) @OpenIdAuthenticationMechanismDefinition( - providerURI = "${openIdConfig.issuerUri}", clientId = "${openIdConfig.clientId}", clientSecret = "${openIdConfig.clientSecret}", redirectURI = "${baseURL}/callback", - // default 500ms caused timeouts for me + providerURI = "${openIdConfig.issuerUri}", jwksConnectTimeout = 5000, jwksReadTimeout = 5000, - // Auth0 requires the audience to be set to the default API - extraParameters = {"audience=https://${openIdConfig.issuerUri}/api/v2/"}, - // read the roles from Auth0 custom claim + extraParameters = {"audience=https:///api/v2/"}, // <-- YOUR AUTH0 DOMAIN HERE claimsDefinition = @ClaimsDefinition(callerGroupsClaim = "http://www.jakartaee.demo/roles") ) +// This actually secures the methods in the servlet @WebServlet("/protected") @ServletSecurity( - @HttpConstraint(rolesAllowed = "Everyone") + @HttpConstraint(rolesAllowed = "Everyone") ) public class ProtectedServlet extends HttpServlet { @@ -270,17 +291,31 @@ public class ProtectedServlet extends HttpServlet { var principal = securityContext.getCallerPrincipal(); var name = principal.getName(); + String html = """ +