From 74d0cdce5b31525c6bc60a209a711b9733b0450c Mon Sep 17 00:00:00 2001 From: gbrodman Date: Wed, 1 Jul 2020 13:05:21 -0400 Subject: [PATCH] Include the registry lock email in the JS object as a sensitive field (#658) * Include the registry lock email in the JS object as a sensitive field * Change wording of exceptions to be more consistent --- .../registrar/RegistrarSettingsAction.java | 11 +++- .../google/registry/ui/externs/json.js | 3 +- .../ui/soy/registrar/ContactSettings.soy | 4 ++ .../server/registrar/ContactSettingsTest.java | 60 ++++++++++++++---- .../RegistrarConsoleScreenshotTest.java | 24 ++++++- ...it_setRegistryLockPassword_contactview.png | Bin 0 -> 44658 bytes 6 files changed, 85 insertions(+), 17 deletions(-) create mode 100644 core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsContactEdit_setRegistryLockPassword_contactview.png diff --git a/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java b/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java index 59b4cc522..87b453e2b 100644 --- a/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java +++ b/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java @@ -454,7 +454,13 @@ public class RegistrarSettingsAction implements Runnable, JsonActionRunner.JsonA .orElseThrow( () -> new FormException( - "Not allowed to set registry lock password directly on new contact")); + "Cannot set registry lock password directly on new contact")); + // Can't modify registry lock email address + if (!Objects.equals( + updatedContact.getRegistryLockEmailAddress(), + existingContact.getRegistryLockEmailAddress())) { + throw new FormException("Cannot modify registryLockEmailAddress through the UI"); + } if (updatedContact.isRegistryLockAllowed()) { // the password must have been set before or the user was allowed to set it now if (!existingContact.isAllowedToSetRegistryLockPassword() @@ -464,7 +470,8 @@ public class RegistrarSettingsAction implements Runnable, JsonActionRunner.JsonA } if (updatedContact.isAllowedToSetRegistryLockPassword()) { if (!existingContact.isAllowedToSetRegistryLockPassword()) { - throw new FormException("Cannot set isAllowedToSetRegistryLockPassword through UI"); + throw new FormException( + "Cannot modify isAllowedToSetRegistryLockPassword through the UI"); } } } diff --git a/core/src/main/javascript/google/registry/ui/externs/json.js b/core/src/main/javascript/google/registry/ui/externs/json.js index e808201bf..d398baa7a 100644 --- a/core/src/main/javascript/google/registry/ui/externs/json.js +++ b/core/src/main/javascript/google/registry/ui/externs/json.js @@ -180,7 +180,8 @@ registry.json.RegistrarAddress; * faxNumber: (string?|undefined), * types: (string?|undefined), * allowedToSetRegistryLockPassword: boolean, - * registryLockAllowed: boolean + * registryLockAllowed: boolean, + * registryLockEmailAddress: (string?|undefined) * }} */ registry.json.RegistrarContact; diff --git a/core/src/main/resources/google/registry/ui/soy/registrar/ContactSettings.soy b/core/src/main/resources/google/registry/ui/soy/registrar/ContactSettings.soy index ac0f6412c..15ea07132 100644 --- a/core/src/main/resources/google/registry/ui/soy/registrar/ContactSettings.soy +++ b/core/src/main/resources/google/registry/ui/soy/registrar/ContactSettings.soy @@ -176,6 +176,10 @@ {if isNonnull($item['gaeUserId'])} {/if} + {if isNonnull($item['registryLockEmailAddress'])} + + {/if} {/template} diff --git a/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java b/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java index 9a43b05b2..beb39a73d 100644 --- a/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java +++ b/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java @@ -67,26 +67,28 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase { @Test public void testPost_updateContacts_success() throws Exception { // Remove all the contacts but one by updating with a list of just it - ImmutableMap adminContact1 = - ImmutableMap.of( - "name", "Marla Singer", - "emailAddress", "Marla.Singer@crr.com", - "phoneNumber", "+1.2128675309", - // Have to keep ADMIN or else expect FormException for at-least-one. - "types", "ADMIN,TECH"); + Map adminContact = + loadRegistrar(CLIENT_ID).getContacts().stream() + .filter(rc -> rc.getEmailAddress().equals("Marla.Singer@crr.com")) + .findFirst() + .get() + .toJsonMap(); + + // Keep an admin to avoid superfluous issues + adminContact.put("types", "ADMIN,TECH"); Registrar registrar = loadRegistrar(CLIENT_ID); Map regMap = registrar.toJsonMap(); - regMap.put("contacts", ImmutableList.of(adminContact1)); + regMap.put("contacts", ImmutableList.of(adminContact)); Map response = action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", regMap)); assertThat(response).containsEntry("status", "SUCCESS"); RegistrarContact foundContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContacts()); - assertThat(foundContact.getName()).isEqualTo(adminContact1.get("name")); - assertThat(foundContact.getEmailAddress()).isEqualTo(adminContact1.get("emailAddress")); - assertThat(foundContact.getPhoneNumber()).isEqualTo(adminContact1.get("phoneNumber")); + assertThat(foundContact.getName()).isEqualTo(adminContact.get("name")); + assertThat(foundContact.getEmailAddress()).isEqualTo(adminContact.get("emailAddress")); + assertThat(foundContact.getPhoneNumber()).isEqualTo(adminContact.get("phoneNumber")); assertThat(foundContact.getTypes()).containsExactly(Type.ADMIN, Type.TECH); assertMetric(CLIENT_ID, "update", "[OWNER]", "SUCCESS"); verifyNotificationEmailsSent(); @@ -272,7 +274,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase { "results", ImmutableList.of(), "message", - "Not allowed to set registry lock password directly on new contact"); + "Cannot set registry lock password directly on new contact"); assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException"); } @@ -323,7 +325,39 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase { "results", ImmutableList.of(), "message", - "Cannot set isAllowedToSetRegistryLockPassword through UI"); + "Cannot modify isAllowedToSetRegistryLockPassword through the UI"); + assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException"); + } + + @Test + public void testPost_failure_setRegistryLockEmail() { + addPasswordToContactTwo(); + Map reqJson = loadRegistrar(CLIENT_ID).toJsonMap(); + String emailAddress = AppEngineRule.makeRegistrarContact2().getEmailAddress(); + RegistrarContact newContactWithPassword = + loadRegistrar(CLIENT_ID).getContacts().stream() + .filter(rc -> rc.getEmailAddress().equals(emailAddress)) + .findFirst() + .get(); + Map contactJson = newContactWithPassword.toJsonMap(); + contactJson.put("registryLockEmailAddress", "bogus.email@bogus.tld"); + reqJson.put( + "contacts", + ImmutableList.of( + AppEngineRule.makeRegistrarContact1().toJsonMap(), + contactJson, + AppEngineRule.makeRegistrarContact3().toJsonMap())); + + Map response = + action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson)); + assertThat(response) + .containsExactly( + "status", + "ERROR", + "results", + ImmutableList.of(), + "message", + "Cannot modify registryLockEmailAddress through the UI"); assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException"); } diff --git a/core/src/test/java/google/registry/webdriver/RegistrarConsoleScreenshotTest.java b/core/src/test/java/google/registry/webdriver/RegistrarConsoleScreenshotTest.java index f176c64cf..f8aebe099 100644 --- a/core/src/test/java/google/registry/webdriver/RegistrarConsoleScreenshotTest.java +++ b/core/src/test/java/google/registry/webdriver/RegistrarConsoleScreenshotTest.java @@ -14,6 +14,7 @@ package google.registry.webdriver; +import static com.google.common.truth.Truth.assertThat; import static google.registry.server.Fixture.BASIC; import static google.registry.server.Route.route; import static google.registry.testing.AppEngineRule.makeRegistrar2; @@ -32,11 +33,13 @@ import com.googlecode.objectify.ObjectifyFilter; import google.registry.model.domain.DomainBase; import google.registry.model.ofy.OfyFilter; import google.registry.model.registrar.Registrar.State; +import google.registry.model.registrar.RegistrarContact; import google.registry.module.frontend.FrontendServlet; import google.registry.schema.domain.RegistryLock; import google.registry.server.RegistryTestServer; import google.registry.testing.AppEngineRule; import google.registry.testing.CertificateSamples; +import java.util.Optional; import java.util.UUID; import org.junit.Rule; import org.junit.Test; @@ -150,13 +153,13 @@ public class RegistrarConsoleScreenshotTest extends WebDriverTestCase { public void settingsContactEdit_setRegistryLockPassword() throws Throwable { server.runInAppEngineEnvironment( () -> { + persistResource(makeRegistrar2().asBuilder().setRegistryLockAllowed(true).build()); persistResource( makeRegistrarContact2() .asBuilder() .setRegistryLockEmailAddress("johndoe.registrylock@example.com") .setAllowedToSetRegistryLockPassword(true) .build()); - persistResource(makeRegistrar2().asBuilder().setRegistryLockAllowed(true).build()); return null; }); driver.manage().window().setSize(new Dimension(1050, 2000)); @@ -165,6 +168,25 @@ public class RegistrarConsoleScreenshotTest extends WebDriverTestCase { driver.waitForElement(By.tagName("h1")); driver.waitForElement(By.id("reg-app-btn-edit")).click(); driver.diffPage("page"); + + // now actually set the password + driver.findElement(By.id("contacts[1].registryLockPassword")).sendKeys("password"); + driver.waitForElement(By.id("reg-app-btn-save")).click(); + Thread.sleep(500); + driver.diffPage("contactview"); + + server.runInAppEngineEnvironment( + () -> { + RegistrarContact contact = + loadRegistrar("TheRegistrar").getContacts().stream() + .filter(c -> c.getEmailAddress().equals("johndoe@theregistrar.com")) + .findFirst() + .get(); + assertThat(contact.verifyRegistryLockPassword("password")).isTrue(); + assertThat(contact.getRegistryLockEmailAddress()) + .isEqualTo(Optional.of("johndoe.registrylock@example.com")); + return null; + }); } @Test diff --git a/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsContactEdit_setRegistryLockPassword_contactview.png b/core/src/test/resources/google/registry/webdriver/goldens/chrome-linux/RegistrarConsoleScreenshotTest_settingsContactEdit_setRegistryLockPassword_contactview.png new file mode 100644 index 0000000000000000000000000000000000000000..47f1f7e739720059ef35584bc24fa17483f07971 GIT binary patch literal 44658 zcmd43XH-+&+wKb}pmYVq1f^MMQVckW$!5p@DnQ~Nd^)UZ<0HTa$3%#OYxNNqO@bn3BolcE;l+?I@3o)LvB5$ z^Y%7XykdT)Ek!x{!WBR7lcaJ?4CE&jFDrN7G7le5rHFk$eds~wws2fc{M10JrpgY$(j^uK<=`2z3#&v6LFKVRVd z*YQI*$3H*Ek^Vj(@sIPgf6o0s95qYNO`O(Yw@EG-Hs5xC#INaOJ zQ^z4B`Twi6Vnb+TVeIHH?HrvE?nL)TgE_htc%0JM&u^b?M+0HD6O!i5MyqZdxMXm( zr};7A;imBtPL2Tzj$KyBfRKqxFrmNCcJ8Vuv^HH8`&DB@W`C(9?w3!iQKn|b>lzc* z8&<8+2)|OVW6vDjf&`DF-Pw^}(vEYzO@x-G{plzRnXwAniaU{4f1-T;p6u2jI$S4L zZ`$H!$VG{*ba$TiC+Fel@QV_T*T$f3HCE~Va6@zMt zA^+PQKTL5=lw&Z~fs{_a_5?&rvp+S#zN?GC_)pL9#GI#Hknb(GHXP==xOn5vojZ;@ zYtyQUixHQU9*OI?ZpUepx=7~Vx`gm6rg$U@bx;$DOMW)jn_M{|Ce>29g*}7gytGR3 z_j(WEW<_|8u6Ng4EQWF+qT$*W2Njc^miOXrU?2=sRB@t~GZvDWAEic*2BqXKJ=}T9 z%wW}@9x9=WIgOmUSl{)%Es_9>k3qD3sm53iJicaJJ+QaAI7`KC(Qq#o{tQE_^^K#< zy8igcZ4q>3u}epckkfFQe2C}7K$hk*E=>CQzINS7460Q%JnjK*daSPs6m#d(wbXT01(=bcUt&|7>*Ug0=h?ceCtl4u*XRo{OtTBm7ofCSngb=yYwFZ%N zF3cfMvDbLmp;QFCqD3g4t( z=n!gf_~g4v!LcqYm)EW7lhdt#6(PK)m6YRcM2gzqS~g~gH|Wh(r!S=^e?N*yZ>fCt zZTyD#>|1`_bZF!L`mfQV$AM$R3xhev46jcbwcjEf8&ZUw73@?&Sb|QM3-0~YqGD^7;o^Y z1@yLYPPy-_^5RaT>sYz9AbQ&;XE>Zw;r(tBhu2W9z72s;`l4jd{Y{K(9f)zX_Y)p5DczI_t>5;pKwZiHU{DZG^fJyM+3ksf4L zj4q|YvcX)q2u=hw>dD{iSjWDeH+L|7dXH)+fiKRkl-Sl-^|ac`)e zb){@B;LgiuglR_oNU=I;T+n&FVQDteiw>)RU&#oex_Ifph3jujK`5LfPArB884vr@ z?+J!$tGHY%BQ?9x8Xm-?mxHQtTAdK=r7>AKal7mhKMB1US1P;L0iOIrJM5H6`g({? zft*iyF<;+fc;=wt*!(!xvMxrT*>Jo6F`UPF*dz2ZMB2E<5o1i}pyrpZB20a|!|bx+ z;-}2L;`Q^PA$*yWbg|Om^k}4Bv?AvoSpC&AeYkjg0*d55RCqb8FDf)_T^E)?X6( zh#!Sq+iz-vjrchsH!@2ylpei*2-daZ5ZHT&7!UiCY)n0WQnsWJkGD|J1S|u z+c9Pr@6j-2&@%U`>*ZG1m1x8LGb0&4R|9WTT8-Bpo~PA+2%o#Hqw>ryA)UFC!Y~Zi zMwvg2@OdDMx;96Dt;~aW)5NE&n3YRlvKSRyQyxNt%QPU52nY;$0&hKqwDc@pp@7gD zU}PK;qmJ0`RMWRVLaxP+9{%#FEk4&Lo&XbaxR;G#crWz$4ut)wwUGVnw=fyU{h&eg znlaKLp=dl(FN9)QNL2F<;hLFZnvTQs$$F2KgpBB_KM`3NYIZeB&{$mG7>2p1i}aET zrMRg1SyLev);VaJ^K=lou1~0sd*&ztb>zNKG8tp|&}AXF>}YbesGf1_i-+jYm(}+C z!i)Q_N9z6V+<5*;+We+jjQO#VA7;z5!TNXedBQJTf24>u$m^!+d_>FSH}hieYar#2 zcmdj{#vr@wzQxmJDvmNEFRl5y87MzM%;7R?A4&S()8FGHmO*w}Lbq%5L`SnFyb-jU7 z&y~LC@!R{W4eb5O+`re@xfxMt)XTidwx-GCb_Y5r?JLU-i3+2t=lQ2VOd2D&qgWTk zN??inTAAU^Xe91wjpOoovD2i7n0|b95{NxNU=UwyZTs3*5mFc@H=Am&X@#@L-

^ zShW=uUvMgXoweR)j(Is$>_yUK5y+oBuJuu67y6S$kWGC-hqKl(a!%u1Bh9vw!DF zk2{$%^#%nQYKbeps@64DBgOAR0|sFHwWYQwDKme3QWTFsm{w%73WUDhv)APlS6;yi zdD9+!L}$#v_nHdOCB1bQBph>V)L{3c$lt`eoDIe^WR2ZJDg@GD0<=?6?VS-Kon9%w zJB0`IdH&R%ZbJ++HTf)Wrfxc>?adWqpXaFO{Dr#LzSXR^b0GbazJ}Z3YRl=_lmJ5kP4`qp>l(%v;Ro|9%lFL5d4>%2h}F@l@C@TGF+%uuD-nbo+#zR2 zb#PlxW%lkBOzw_$4=20L#yh>gm8|}Kz~izMgce47ggdyKb3Ee6Dq-HREVXt_8<~U; zk8)^UDX98%G`sxv#-lyy9D;eyp(U1CCv`W#EWkV6JolzqLFxEhx~}z|5of)mHdk{+ z_sxFk#qC43{aKBUyisn$emHa{xBf{;)N1W5LzMn^DqK?>)gJCNMPJsSV$jvi?U)*t z@%uta?@Q48eeC9?(p&ftia}wd@d@&NDxFQrEScvRTBKc;tl?O|FjvqM_>NEj>qGcX z^{MKxEQr)|{U2ItoO;~yCgIP0H`x>y>KQ->z?-@5 zm^4OI>(0rX?9%nQd&GGAcL#vWg%;{&Xr7|Jk#Fh~oA zlO}EYHca~={9b+Af2V@|W}w@!-_mm%JD7bvV{)=y`o-(%k_bOU%S=}s;kk*eT2Vy$ zpy-3oedZ9VdO1yFg<5=)CH0N1cB8d@ybC{Dn{sGCRSvx&eu#B>vOU*MuC~*Ue$Tc9 z_xUxq2-NKST*+#=o$&QGPebuEJO`tEzsdcv+4KhN+u9uX_#YN#8y^{V6V*#9;Ps5{2hxuAhd>4wJ5}#s?9%OvM zAZdxDYn!yHT(exE&_@&vM>C0{&Z8yB4<^0@IX+m3PL|(nf4^od&IO^ZXRWP%Z)tEn z0UG5|LDe9G841THIV*IOCjR=-Au&Jh;aJ@*F={)9Mkr+NyM28YS2`!l!}##afJa*h z1&Vjh{&RtofBEjWnj8(VUOz~lU!7TT>TfqtKIbPW_3n|(>c*F^Gs_c+FYtDkLMY0t z_#3I|o0$tOO!`yBY z6ou#Lmn$2OdOBTZIh@Z#amN*mRl%P&J$dENK1Y~A=%{8SLdLP3XubOR(OG&*tFTyn zcr?DyaV&!AiO*KDD{VV^$N9Tpg?rPerT;f=YBC%rbtpyJAWyuMp0;QvD6^`hZxyi_ z3YC$~t)+zNqu`ltenxer20uKceBXn)wtx1i1NERZ@=T1L(#e;XJ@nfyhN6tqY``tf zsc3CWmU(0e#ch>=1gMgg7S_6PAMJH?i}#0WI@7Vw@9ZfVj2KKXl0zuVM-UC)aiz7G z>a%@ptIVSu_5_ZWsb6UZSuR2HUPoo`s`=rQ&7zl{vu-7_4g1UmZ5+slpEk_kJmvV_ zciDK3#|rBp%H`i4VXl_`sKf5LlU$SEd7f70TI~}G^uWveI7j_qTc;6w+Mz%iza+ff zwfPqWZA{tW>KOm>B4j^TCovBKgI;D1*9xV;l*~!lR2*uy{m{u+6NbX zodCm~??aZoigoJg_^|TRf?+Xuj<%vrV;{4=%wD?VKe=bJUML0o(moyn8ot1mIfSi- zWpbo?(&vo%Ae4ijz~@R{NoF^uz&Nx_)z{0|A@neQcNPcHH(8%zzmh;m_u_M(h8je$ z;hN0vELK!)6*#NxZy@{-@x8Vv$eA~Yq_rX=L@33bORAESrt$n#S!Xyl^w&$TxeuJi zVqS=8}FHwk9j zf=R|-^E7hL8}rDM9(%)_`~ltSjZd1ofBW9XbN*8*mII{ZnN%|#oA`l+)2&bY*=19w zxl7v7y|k;*dmW8Xde*~BC?-W#U#&~lV7x?OQ!KUR?rch_ zEKBv;;l#@|DmHGj2IG^2#5}N|qU8N5y?G@o7OIcOG<&$@=}m9_s3C9LnUYcaoyI$e z+$CIzYFl~ChvjO*&%v_wEZ`ram=m4Hu_uSSS6_&nfRml<5oCqZE@)n6QSDQ?GJCHn z^8&m~HOD!{p!qRGUH;PxG7PyDUvY-&sYzJA?1QHFzS_&W^Eb1|hd{QAPVhCm<<%rk z@qF5W-a&ORxVKaz!d=|sz6cavno73479s4AZ&5eAo6R2c9%-DD5XLuck&qA<@@k-1 zC#oxnOK2f3&5d8TU&au7>TY7+7PLi72iN4Z9DbT>d$_^;u3Y4FvN`AHn>isA7u8l@ zRFmIn`WblUcZOe$On=tYojd4M@pl);ixfv(molHXIJe`eJ{t8K-_YWa0IT!mH79+eOes97d{P z0@0F!3CuH%+}zrK&Tmxl@|?-i&W{6Un~`pG?;MF-)(^eBp`XrJcfLbka%!XA43CT< zdKn%p1Bj3JN}ed%)s7703y4N4j`h61)sLZ8=U`UEX(EU9z-n%z6oJ#a=#4Dxj9UKDJ%8L_2^B^%l^~$XvJ?H-QzhF>M z+@S!9vsdu8*r21;UH|!+y+$9miS%E^Sv9dEB^~ufs1}rhf+N6O_Cc*zsIVp z{1X6~;-ka;vGjX!&pSn1jl$bFN_@;;{kh41^TU51|1bFAKg0?=fd4tl{5QV*_woN6 zW&Zn;|33cTx_mNN@Gf7zeEv_#4DJjm=@3i`*e~((;dBTQ0~0?%tmkR}9FZ`H2?Ip@ z`@>;l3jcd3JKl)?d+1&1ga3O-^6Uiezs~lR0&(K+k3Z1^XuVbyS;|#C8jIEyIgPyIg!9t^AlkSn1LIXGz z0`zip@@!r?NeB?}Ei<21p`mTv;L%>e@#xV)!BM+MzE;+oF04qPkOJ}YAr#)7_VayL zhyYc)-~j3+Z%2&rd99&}FW1yk&rXMgdSZP=!x7uid*P*4;O2+;8>a58c zkPv3)}~wH zH}tWzo-Q9>G4Co6F9`a#^(LVjV^7fn5cT`Eq@Mll)v(I^V)m=|-=hT#N((`?tY7k^ zYY9-xazHoD(RBcC)|l!%T{c)f+@7rHj+Y4ZUE}~2_H)u_I7H}pH7)CnQqmI?Unc6@ z`s*H~LTUXdXrHflC(5k)E?&JCtJf7PO7QgDo9C`^-LxqFmTO!yB_JH?B_b*_!r~BvdG$3=K&1IvNR}yJ!K*_=>|HCP!%m&;8|<*cSYuHcLbx zyXP13H(u*vUXRtJHlu3l2SNf~Uz9*ddVc#9s<1d$MWNr|S@)J#^ONUx&E!ad=O+Jt z*zpd%)9P79M$ILqS&!Aa?dtWTg5y0Q%Zb{m_?yqTN>_=*;HxNQ*IR(_4FOqLZlYu_ z^*Z?M#^k|e%+U^xNMy<3urp@&dDiaqxJHCf#QV+6j}Nxzm_G0cP8T(4N>pl! z?5>gXqp&$%*cNP==~t7%G(ECta;*&s2$MOw`G`cy^I)fUul>FAdY70&hZ*8v+w0f~ zU2QvAKM#YNrS4z`20!84mJC~%Z}RPI8#Av|etT`^a|{S+!je04?c(H{D=Gmq^HMLL zz$upXwUGp+r4C>8$5_;VUUgY(A2j*T|<~D}d zGo!j|NAr6Jr4vFuF(#ha&KExushM~fHmkh0M$A_TZ_eBR>W8_h^S4znMwOqOZwtq} zWGB2jx{vZ~i|Vb0olQv&A@{lu+tg4%Jnmh?OMG7qKFXJbW&8H1Qv`iBIi5UPo)mAn z?wq(;@eHtzbZ1+3=P4hv*@y(EyPH?w$8Fq+rSkq%KU#BH|3r{h?H#W0Bc-anC;U9> z99bNkt;ML0@#;yBZR6ry*jczqlOtj%PTIq@c#}zsS5uZWqsRLl4E4&;sU?86ZRqX8 zB$`u`*{qAi?kM|WkUBOs}fhDtW#Y0^!C8O+wOK( z|Jk#q%KbN(FM11+Wi{Tvy)9{h(Lr9i#G%~ac{uK#$UKEFr&>BZ&>Pm2&DeZ>;nr7; zX+MprRFvgV?z6@0%^S6E#m*Mxvvi?@qI3k;Z;za3D_h|sNL{dYlLEbBLwQ1nT(2G@ zBRLi6pe6;lJzdvu37r_U*%A&^xf}X`0ju<=@=$-Y&A|BX#F8wqO^04-$Tvvv;|UKN zMEAC`$Z1|i2W9Q6IpbSF4;ja)zF0HQ+P9o9FTVWMDN}?XPzJw(r}QPFxvB2VE`W;m0-NhIUM;o!8FSYa6_|o;>6% z0~WqTrqxHe2)_ii!f0>loVP}DmX{-W&f%s<%o9VMdr+^lSR)cLEVPu5_ZyB`N4qJP z<#3#6vNZpd;9{YH!3;zwly|~wlKe7y>Zvj2vAT|IE>3|*czc%R0r!=l*R#W#0p5B5 z85i#{LZLbV{xC7KYnc+S(=h@d#GlSvT+BVWYG2uOS)o@*^Qye-WL6TM!|%nk3NgRJ zkxo(IO06fY-hG)eG7{}H?OaTp<}v`o<8-H`6TZtdMJ~)TH^Eggv}HP zZS@fv;kSDCOv0}fyeO&+&mg_1@{_tV;Uwx7PmSDq zlzOr_$KJt^p>5RODA(y3*HqJxu zNeGkP<1t1kIFsZ~8Qi{fhzzf`nY5NAXTw2gr$wbTTAb*q3e>s4h@O5Di_l(s0(wQ` zCN#M@F;TT*ApGU@Fm>-Ba|^~B3!vw7mhXx#nXH(BUYNK|pRcgRAD@@FmKig%rKIha*U95%Oy zT=tTy2SH&=TpfHCT&f4cc8EO zaN8ejLHeA=v@MC|BJX;!hClC%y9ji|xdTxyWrjiZoy6naL?&ZSUxdQiIF7uL@7H|H z{DkYqlAk}n$Yc19`u*nMa|;CBm}oG-lzNb>X+!kvbRt2;=MQ$D!UL6CK2ro%Xz2!- z&iM7fdRtk;B!30%*MbbMqSIV1bN}^fGj0~Ej^mVCW%^w*fVpqR$aF1hQ=OdF@AgXb zPlPvnmK>>U>QMhJ`-eHaJp9?uk1QsYE__EBM@L0aTF(zBtZ}gbxoGeOebtDjJ`XjB47Wfn107?caa+ zyJkh4kiF3uM^Y3bQs8Y&TFuu*J;;G%NR{4#(J}3Sii+#@E2rE=-kpduNgNMIt9@0; ztM3leD+x4E<+_tfX-~#PoJo*p?{LL}ShyfnipFy}(2%=P6~YBdz9U#^XDI2+eRV_#MRK%Pov!N~DNGohDqkKZcjf`KD_-U+*y`Rmx+z zdGz9eg_qyw^69?=m6F2=3{P2VV$91`kSZ_V!$F9?<7_LFLvNgX$_R>Caxd~ z;zSxn2jma;CyysKe{Q!hX0!SBv?6s+F<&`J{6;0V2~ARYdIZ=&R4i?KlYABzk_;FY zpefR83y6pzG^rT>!XplmreSj=ff6HkYKW5fEt1L+;@9q|cabo!XqvceVr>U9Blruk zQBfbdUiwmbW;-V>NM_3Zu=QML1?6ZWzx%1*-}?{GQ2Ia0Gj6>CFu*|mD};aJ=z?3} zc$87HJZ9!geM<(R3>83R0H8Rv>WCJolCM5z%=r7>i2*SSk4)OK;_v;HR5!YAksqF) zHsw|#VhvxKs2c;{cw*lD{`CCDeE%&+abDgw;7a?bLQnj%H=ZOMV^r@xf+DT$`*t_~ zP5zzXXh^y3WWqIc4{e|5A6x@wM>H#~kW<6^93~-v(ocSm_NuTR`}Ci4Y$94z2!cQO zKDMBd$b>jmibIvZdfr4A*{czF+5h~M77nFys(Y8iR1iWzK38?;Zx?{S zhCia6i#q&`u7pthB}0Ieu%h8i3+~dor*WizArf&Jgwm2r#CK@Fiox404Dhlf&4L@V zA+-Pd#uR*Bn~S7j+zJ%Oy~=ue()65`id7s}QmT3sW{eybndhHdk9b2^mdjSmMLeW` z3PYKq_+`V+)hZcCn>LaVYi?!WZz==ss*z{`!$+gi?z??yDg;kZmPRHo`}P0#`=0(L zf_)PbaN={pXkbgvmHrN6&3uU`^FVe?G+Ffg)V?9LC>^uvH59MeCQZDa7z{UE(j#sE zsS%jjtOv8TZ+PrExNQ#V=7EbsMia%LGu`q3d6u%>!q8t%H{*HR&|h43?tVZC9i%+# z5E`9dZ#cP1S@31ND<&SFgi7qGpX$b0O^UR2=M43hV8s)i&Ecs^(l|~|&Zc{-<5m3= z?(6p!zZBu(Ccq5y0C1q&okzboHI!XOx^#ICkIMt5h%JDP^w(#)mO)L_27^X1Cwpuz zkBKSF2K*s<#KD6L2_R!nynj`|61MPOLMQPlOYTO7xzUV5C4TKuM*om?pUZZY(WD4g zI&sMqeo`BxwC2L-UEpuabK72VoN6Rxy=j-kENJuv)H08V2Dn9V&^J_IVhbv_5^0aU z7a;*{k=%x9ci-j$L!;xb?|1$)D3&bY-z~lPGz}`aQOHEQrEJ3+4&9<6)0->9L)wmh zK$fI~&|Xy2&sZ&hoW0^2-@UO5)~ttsos>H+8*JNdE(|UcEgAsRi~%H;2jB#F4#w4` zhTEXbF9$@gvZwvgsg)j9+K<63^m%a+>&<__CWv;GHVB0YM{bd{GB?4o`p3F?qf`By zby8EMhBwT*%T)b`tK*;dGwK+Xmauerut_eC7R$3ImcC}phtPhMx%GB_{bdY(N`$g+ z-L`P?MPk7<@~*L3mlDv%E+VD|KG;Ir`rS`mx>7++ev~ym?GC+;FJHa{7R%&td~d$7 zg!v7Jxn53%*)*@gO|svS0EDjMakO*&@=Mh_h?b+&938j0c{5ks{vFGM&9Xh}Lr-yY zl#CQAQ0)N*;aASO;e}9WqT|jbR9b%IV10e_u~2Ex`0j__b2!3uf|Zt!A}b^SwA?Th zDmp&L2<(*k6n+4XDAoeTVM8G1@|znjz+qYb>>I-ETc}tr@D7#(3@PTdwKS5S;3wVT z-WoLWuUQXbL4u{dq^3a)_jBara$rex#WGN_7kv3CvINg*4jGjOH{|9oQ*_lve?%r7 zKI1=XJ1w!}waIEhFZDKSy$$r|15i%C0WN{d=&DXKEFG#n>e-VQA(WWp-YpnpV|R1d zqykJ-aS<*(8V!AhQC%>p2XFw&L}vKY|p)ab*LbsMI`U_559+R z5L1aC;;JQ!o1TwWvVSWK{kt-Nzig85Yg)mVs_y=TLESID82=^opSVVB;lY)gJ@;Oj zBmC(5>Yo3C|My>_6W--0B2Ga5AaoEufTP#Bc4Qjd5tR1daZuj|{=Go7gYD2XSZZhk z38MP#;V6CFL*Q?Ue)sM?RiDQb+57R*&%X!NT>X8!L@29)d-&ti$qqyN^bWFC+IC(0 z=)5oC;ZJeXV9J$S4ug^E;ie2ATSrkpsQw*i{!n=08UoQRcu*!{-d!2J4-n&bs(Ay4 zd(}67pO}cM7p>sR7Kc6eehvQy&cvnT?`O^H@8cpN`9BH%KM8>85%5pIEAMwu} z{_hD7Ht+D^Vzv(q3r*!-?cRRHR0N!@FS-B972zj9hVkd)T^W%V8UP5WK0xwIU1F1^ zk3PQAj~B;S0i&IbKF|Vkfhadr`cyLqne6*k$YcUY5-2d0o+koYGhfaUBWPR<@-+hx zkCxx+J}3&HWgP{v&SmfK1;irpy#*#RZUCkz1jvCrJ@4*Yz7=}_l;cUKV}N_H?QV>q zHH)B8Au($hDMncX+HW(GB+_SZaNRVebnep znmi9^{+Hfl1;XsX?z#k{0^w?{!vPp`YyTxMeLsie1kTheD$%99n&~g1FG@Q1LTJHL zz8ix_W^3`rU4KlW_M2LgkZ=UI4IvbOM>r3JO~<1H7cl}(i9Sai7qI`H4JRiG&DJeo z%bpbmw)e%MJXSUKKljYhZMLt@tyQUh>3-(g<2u((BOO2GFnp3A3n(44p8sekhO`9f zKmS?weU-oA-?ozcB>VqI#rk`_|4|;ZYpL9xaLZGCc{X_-EKpzaDkdy|R5Ua5`~QDO z3PU-R?00{mSb_hJI7Haomaf;VcS|g1Wh4{>pgT&mu!AvEDL5Meoc|vCTU|Pz@rTIX z70j4*#fSpElo>JK0Ym2t7@IH;X_e?}MW-3BnmO+iB^}TS|B8c>N?~keVANMNZV)97 zsHlY=NEnDcVPmjfb^x|M=z9v9cpa8m#`oO+9D%n3L)mb)J3e0AaS07v=jEWVs&um- zHg+1(HSqueKFhEoUmIA_Y=#5>NiysdDxd#&Mbu!()4=R0*37tn#W4SA*YI-)y?&Px zyN81@03;Wb5G|L&B+otr^PppCcQ(;!TM5Dm`Qgv<0K`S&$9w4^{Cij2aDwyK({8`o zxZ@LCW+439*-?i(-@?QQ3dmPpRnLFC2g*a_g6rKlFTi-0L8^BqrU4+qa_664%@X~_ zQp-HddSCtBkUwSr#W#1Htx=%Bk(?K=yK?51+Wnqt17KrKV@l z5$Qw|)_H2sJsgYAGZbSn>H(S#6*He17@sxPll6o=vB#fi#MI>0z{*7sKXRG#7^=t6 zVBF?_HJMKIk7*L?#5eBH5J zLJbGSv=_w(5MgY~oo5G~!(BK|%z}8vS)w$XwLVh#&~MChzAw$j4Z?Z2zg=nzL7BN9c6^2TJ453v%2;@npSZ!+`7SwIUVwOimnY?pE%R%JbB7#hgPm~t&KCykDq(-}0aF&DFZ>fnh zZJtaeSyl&oj-2|OL*6&g0+sb~rd&SdL0Ej8L6&9?W0I*R!VgKkt|C+yl`<$cj_y6g zV=N`&YiM31RfWgm84e_$eO1&AS_KmJGl8YiM6!oH+ml|a-6nYp7H#Z%XdTIfe+ zK5CN`?46kJ>h2Zg52vj^AwQhHOZ7+!>~W|qw;sD{s4G`BLw{bF1Fp8J?;H~VguUv0 zmfC_x2RlD)+{mZcCc7Skl_lAwoef#Y29M#o$Ss0s0TpJXaYd)#q4k1P)Go847ps92 zsFRW#NbdzY#qS)f_bd7c)9Y69HlcV8Z%&3llfh&%Io!^Hm{;2&@YXSm1R`WuEq>TCIQ0{%F*5RjM^S z;?_@K0Z7+NcLRHpreL;ko=DDC@BqgTz|6ZX3gx<}u$sM6RX)5wZ|Gt+;1pHw0OyF{@<1O z)Ya?IfnkH=yHu~Dt|#f3h8Ya_kyh^&@{{OPml}A#Fh7k2}7!`YX|>vv~Zhu;X4d|MhRQ9mJUYoiRH=e}{BD+bKr*FV%P zYivXBgVnIq33dHs&+QIij-NHyemi)k)&?s&(uPJ_lh?`2%eCC%L+1gN|HF?3zNGxK z(|~{9cvW4F_FOZ*(?x>ZrXc@XT`?_6d$8py7_0N-jsa+Mcv0G8{xMk|!>b39EkAlh zKxw=hTzqpwEXjazdW>?hFck%F-EajWC_%C=62{gX`e(&%M4tk3Pzc55^j6brZm*+* z?(@jrrL^U!XGvrp3&(laNYY|*-kQiA0Uv))9knbE4Y zpdGLYC>Jbbg6H#18tSRvHRE^rspSzbs||LT+_0?KSBP^+^{H+Jh1X;spq`P)U~hcK`2Cdnfm?GLBL=;y`floVo{j7yP&C;XK;)^mF11naWdZ+r1KeaaWUC;A z!?@z88(jGmM5_J#FPxb&tlpRW)*ldq;{@LO0jn}2is1b=MI>o$DU!Ou*FJ5BU%-&` zvGY`aotx9PzA>%4?y2NQ&T?S4oRPfoS>L=P7(>*J0uufqd(CjZ$V++=lQ`3fRfXXK z&t>uYg;R>ntmI7=`+OJXdSo7e7%sx2O!J^(LC%aDXg&*6HwOtV8w*3NljU9ciu;VpOUth z^PggJ*zs0c%;Ku^ZJw&%UY%TpvAHjw7}V}{l@~qFWRwmf1rKh4WG7k^(}6taSAb`j zAAeD8vEv&p-T2B3?yxdG(xrQhAz$Yc%rrF#xC6(@?XS-Yefz*N8ytgAYSfd!V(OOV%F$#`0a$*;g9obPWi-GZMx zJv}C~)_CH~u=ZA0;lq~klGh+|KreVYoSHmT7UguX$@V$>`e?=1|1NkCM-!Qrnm60& z+H>(!SP}ErhC-uug};{(Z~T<6)F5B@^i;-SE1d?=xD*85QNfv$c&KGH>{d^7GxO_I zy3&Kp6!UnEXJ^PAdlHyo?3?Nfo-x?KcRaFY{0z{53bJN84n=YBN9-OXX?sH$md z6N(cbSVL7$#z*?zBkZp|l)%^yqOR2Dybz;@!|pI(C1MNmc|cz}Bo4f7k)clB*6?vC zbPFsWtYOa$W{`{)3w1XwFu%sw9A_KxI`RxoPG8D3#-Y>n$?KJz5K0vFi(&cR$+Ti- z_u)(Ne&zJ_O4X~e84Yha+9mNAG*;*<$SINxh*<+bUzTGNiRB#!!1j+92_+35~#r3!Nlxt@(lt>-_5TU%B zN3W(^Oc6j(#>st-z|N!@@VG{g2GRttC5!p{x}(JB+#P68B)sc0477*|uA);dC>1k`YX& z!8VVFV7(LEm)+M~6R=l!^K@-MQ?1I|01K~Y?FJ?|LJ$p9W56jGNs5GAqFNK(^WVyd zQ1ewJwu#gI10|M>FO{c7Za4zkZh+iA4Y?s6T`U~6oD8LrGmD*rmYT>wKLUf7{4i%0 zPjs z?l}^Y|FbpIpPTq^Ud3@?+%(Z7SYcyKtOb@Ml-P>Q6I?!lJ=RaazNgnu_rYduqW^CH z{kwN)&2-ggiNL#JSux?7V_fa|_lpH@msiGDG zJn75pvpu#Tk9SD?9LBz?O8pEJW)ki@!fNOK+|m?j z*t__RDhov}=Nnah-6{c;lL(Uuo*+g)0mdwP$VGmgT)WTi)BY^P8mR)LDsQg*SzJiM zjls5nNauyDj3rRTRDhh?-`A@LR6xtgfoxPLflSL6)%r%Y&Uo?z7~?@Pa1Q#zpuPyA z0dRa4IIXHsL=++E^6Lw5CXYM#kda%hO*O5o1FZ30A7AF$wz{P3LRfkY0Y&3g$_KMX&rn+FTd?1slwRu*ck+WW)5aB~s9T^Wt?_;R zs3$>6utP50r`mWN*cQv5bU`a}0jS&RmRL>gK=(=yFt@}}vWnR_V5tG3uS${+Z+Bh$ zgaBt)&MBz>8rnvYY0C4*&|9TVa-J5Vcu6{w!goO=^At{%oH>Yw?q1fTkoL>H$Y|(w z`4&Cbs3tq2rSZ{g*oA?-uP?b1>_#YoB|?6aO^ZR}k_y@@&!DUr0Gvt`pLEt^>Fsg* z`|KVYXN-S4mq7E1bMWEDr(Qd9iX?+Vy_WfJiy`0BZ$SC9v(3Qld6uXxCa=#7SmXD+ zzrSwf5G%tMT94h(Wt1<2CU_mWED~zOZ2u$&B(hg4|L@>0w?3hHOzLYvB?%v?CBBlu zvY;;7Y68rnYhV$Hj*2n^l0peEux5PG1r`2yc>)09BS1gN17@DB?~!VwU}o8tSquV3 z5$!(&3=1JrdviFVjk32Eyr01k^jn^+583^leMf<7qcf=tS9L)hb14F#bY<AW~0 zlltDjupdN;k@q0-R(Z>u?@W~OnxMT6nIPu^1~B960W=VR`qc5GB?v9RXT`wXuMdF2GC+%kz`Hv_bfE)U11Boi|Su(Z!4V9~(nU`X8TUNM{C z)(whW>BWh<8Zh<8h-1(VD7@B0^#0hQ2CP@30F-{+0yb6dn&&^L=udD2CN(SqLpI@% z0Qy_HYZEw;O+}t`wr)Jztiyeq0H#?-uqYUS=`_9#RwOrP9?%qTeE7xIII#lY_U9R? zO-;Ql@%+0o+7&E);59GTSzbf~#REjfa|T33kjPmr$qV#~Qt}Kdy1Q)qQtuQeJqNGA z&`D7|y{+$qCPLH3Y-@K!OO|Ga5#l3}h1%9_M&ElU+;k|snYSoELI^12Y^CXqQK77(vWNrzeY9Hq<*9WA;uz@MaXfc<)YL0 z8P|&TXaP%LX31F0zW%iDa?Nu27%@+gr18G+0qlXW4Z`P1m=_d ziP0*1ZhE5dB@DHJFI-hmRX)RVbK$drbMP-991~G+x!bmlSRVV!g(t~VCIK&eKc}h0 z1kjvrxE6~ScKK!IHiI>{0z}nD9JrB5v$~b$j5coVv}nmK0^ZqS7=0Vz=UH1|P}c5Y z17ZvnPEO{lnAMl5V&n&aeOFb}lkiFA08#0{mM_GC)i0^ zs}O$mEvUO4TD_C&;0+^hAhclPLsi|+Ppr}0YHY-ebg`Zrdc$h2-ahJwR=&}#?Yb0? zG!*<~MBDDs{%T-)!@)0=nB^po`S%CMx8x`7VWop8%xWM4*ZwWXTK6 zh;x^{$w|9d+>K_~EBXz{v68^n+jGCkPb2z@K;#)_U@^s^xZli@~N7Cu5wuw-8S5YBP||2-_Zj(HL*@aX!{C zzJ9P>LvtE(X8t|pZ4N<}P&5*Vuqwz`XaUdTe?prbD9Z2*7#?=*fj>XUb zprqWoB&Sa?fv&Wh_KnN9b`C2Ii(UZ;k_N0k4~Q?7m@2;POXmIlDV)b{8*)DZM2c3( z&;**uq~tp`JaB>zNBatkt^k>S3klpfPYY`tBv&EIaIs>x3074{tFhvkY#^I-dxVi^ zfn7tJb9g^W;_JH3(_(KoCHNlMfjvIo$-EBjmPX5R7Ax3a0*87PlU^7MVy4w9+#B`@ z>|YCv&N93Wd|;d+3RnI5mOKok&GPV5ek3wy{Z+{ZdwXZO6P%mVE_Ns*`KN#y^qs~R z+==|EHw*$07UeM6-rizC&A?NVRxF|gFb@qg&bedy$#~9MFaR0NtlV&NlaPen_1PMl za`46M>2;9yRQHHl4yiu8keTx#=*%UfB13FC3|32&rp)hy+Xwi^?CfUfAbl?JrC8kw zQj0SerCbLL%B`LPg~G9)iU)+g+c9MP1ATe*rO+dd`2q{(Urh~tI)m&wf0R+c-)-vm z)^qk1t|3}pG4mTy_*1#N4D4-y9boA^G^h0~;d8qSpPdR9KbR+a%xFZS1UD82J3fU# zzEw+Pg0K}zQRf9>+yk&0lG7hao$y{#DMaT~%VlNetOjJP&U5T}HL?cjTfjdw5ub1!`}cxhM7kJyZ_5fPqx zWF(E7x3S6#;u$Mi?PP1l%UZ{>>B$S6ry%{XD;`Z#xx&z>I~jtGqhZB)#9cNsmfu+q z8@_g_m^4fSjiX!fZPR>@=BKLa{ay7);^PKEj4bL*GFj9@A4vYh&Y_Ch-s^;(!_qX3 z@8ku)ky-IF zUY^4rFS!p~A)Y!Uz^D^QyLlil7(Ye)0Wjt9Hlc$U@BTmSeR(vM{ku1jB0Ez9J3}&+ zBAI6yDj_o=Q$>`qZOX7Iv{T8DIdg<988gp$%8sxzCN?QDQ>L9^^Imt)@0@kk`^P!& zIp=rQI`3Nj^YpA$_P%}Z@BO_#({KGHp#7DKhKM4XnX-8lZf?qSJs_N=kFOj-x3Q+by^il)jPd=~Vxm;TBi zK6-v*EZIq-(7L3)=beJYHSfLwQsXmI=}@!YyhkFg79DF{N!Rwx#FzPcX$?gzHh8vI zFwTC981r&`&*>oR%sEW@-e~jgd%x(_S-;BieXWuABZBU%2VD7FTG4_38833vv}M2O zvx)Ds?9JHSmH$}BCdaDgxpak&-E%{Y6vY`o@q@2Na9uT@K9;vTV;dt}<*)Whcc|8IGHKlXl{|6?0Kg zR!O$G*WoWV)$SvgY~-=sE|qmIBp8x0t?i&^Gql*dIK0xlTViaRJI{lW_$XvS(Wgkt8yPb18}w%zys-efJKRBK^S^ZOWrn*c;>ylHD%G;dV; zmi{AqxQhMQc$VTXElcm?U%F?fgCuTsR1u^I%FHPAHZWWgy=mQJuS$?5mY#d^vdZ4c zzx;NOINz~%sRGWK&J20_Hpi-f?UdyH8qusw z(t~MfwB%AKBi;PYn}__DcT~&S>pm8*KX#JhdMaJy)dPb9^4MpD|LsSoq_;BGOV4Of zv77YMgWChAEW-~wCj_&uTBUotTHu^aIUC zbhqjTDX&_5gs=P92V#Ry_>qP0PMc*9)|M;&g^~UX zhdBGsI4eM9{a1v~vij+I2I2ObXV2BsBb^ct3!(4 znGnVMeg$%6t&}^Uw7dpV{JX!#Uyzxk1nT*#Jm5xTZp4ZwPvS?GarL z0rnNHq+3X;0>;t}j0Ejq!7YD&B?y#TQvhPM5T>&-)c`~>2cXWC1Cn8K2|%{ZAj;Zp zsTVZKCGQ#5er6Py9DKdyaN!u_D*D0VCzDo@S{yVAdcf>xVqh8xBEaug&3JT%)QiH5=j_woa)8L zB=<*pUOH){O0Xq*0tK4~Ufrqj3$#j-czOO!B#-+0+rbIkT@OyiYb0uv6ag@yLdkzE zbi1=0Q3KchV$-YgLZp!RCma&*gpKoTK`Hdic@d9DH=c~;pH+6YmR-{U!g>t?V*6C- zmM$SpIkQ^-^$E4TF?Q=`YbWO&@E~6S0Oc(+o*K3b=9c#)05ZFNy5ZOJ`mLpQQyBCK zZMgSmMf)LelrVVob$vrRs0Fj)N1j{7G!}x>FQ;y5&YCRawjbL%;?bofZQDfE9wQW~ z(2z~p^ypKnhgi#%9Z1_QprvdC+kr|>cQ%h6N&lGffsy3FrAO8tf;2_Vw_z-qgy?}t zD=|shq6lj1f;B^u&_sKJ&yW&jrKca}OOi?R=_M5>4YM_;6h^YbBO$O+qa)>#JF#77 ze`>Y{VRXQVyvaSw!ya9Oh&52(gMA62(WP`{5|-?QCW7? z7t+LbQ;S>BWXi}9VO8sm5{WVJZRPT*S_v!(r1+7QGAW$0?oC+hTJKj^auzdzeJa^W zI`W7g4W>UfR&@6}LZ)H2rnz?3F>+curpfO^L}WJsgtJtuA<&xX zc4JO@#qgR!PLYv55b9(x$dLw73u!xx*!9vubNMjlGf zy)fF*T*%jUM_(|su`}Zyi$-g*hx;GxTvsw`C=w7O79i_&pYRrhu^`YiAH zK04oxO|o}L`mG`m%4bdIR1?}T}&h!I$JGAWFuPt5G1&(YD0 zN?tA4pxJ;-2L3yrKnBugjvAeP{REblGvG(Fef~T58Sg^r zj{(4(+9n=Kd3`vlIHnfYb|03ZLGeaKEj-qgVp#3v&c?1&Wgogpo;{aBW?A2?gy0@Z z)$5dBd=n#l@MzLf6hn9@Jr=)|r^HQ*q7viUjgkva#hE5ucqZ^7JSq9}X}7Jy((7f@ zImx=-^&cK`sRV8rtJr)mzVYB^Z5vAwOo1($GutJ$o-r227jfLEaOMQB$ALOiRKP$6 zZ?i*=LT_^*T{*{r0dCZ~ig5kWW0#J498juf`Z|>rDH>-~?x2x#p!c3@jz=$^E$K}$ zh$abq>%OO}EhFcE`>%!!#Ci4bJda<|n^7V`4Hsa>_wX(y;xU?4Vv>$|G@G11i@IV| z1LupPtXUQ2iq-LEn(Wa7(w0QAl@F{p?aciR3mUgKNFce(&P`Gv2bC}oGr|%*gWKA< zykqsCp(|8IF79?V&w1r#oj$_T?@#eJG>OrVBG7{49-46)F7YRzyK4HB<5WWZ4TsYT zob+5d-apd0>gVq0=z8zEl2V~Vr23JLLYJm?8Ek#%=o+RN3-)zW7SWO#IpX}kbk7-c zt6Y5tm1fV-3Gm6zq1u<6tH3{)xu`sI2qA7djg~VTFu}V@kd2&h`56Zm^*_osIo@Ww~XZL`=qtMXX+^5Yj_}Q$- zqtbn%RkpH5I6HXn~tuKvqWRfiD+dOoOEP$u-DhteVmp=1F$T7T${i88H!*xRzIrEGF69xK(Bf`V_cSA9sed$< zb`*N7Uw9t7nfu;Fm>QF<+^oLcB@3QhyKy*Aa6kk8D`CgToV89!Y!6&0pP(b5NlB$F z+w+Wqq+ITuxGxz&8>O-KH@I(gqS9vWgNA}~)lM3R+bqmwXcgr;qV6-kp{oA;y)Bv($N4dtKV>9I+NpNaNx1Plm}wG*a4oV-L+ zARI^4vKw{NG0rzVsWI7>&xr36+vm8aKwV9T_I;MgHS(V*KKf-y%=B zhJoL8e|PIx!{)-tCnbXY67VV2O7~R1e>J^q`cRQR6GfC)fZQhO}SKhylFc!}~tg#D;c_zXm z#e;kh@lgiyhvRu7{Fh3S?{`}J8O!e$oQ}N+%es35iUM?(NCeZt9~m5~2r(pv|HnVJ z{Zh3Bh})=3-OqQV=Z{4{i!}WDN`mgsWQ^6m!&aUjjaA-(7t#%VZzDE{(yf!ZV?lHu zv`_HTK2@Tzz796KCq(zI`gBMQ#Lj|RC}9#wd3VIk^JG!ol5yiZ5J+Fwu5@ct;^2py z4r~$mowFAXeg-vCqJud-X~ zq?f`%)phdPkQ-Cla*9Xiw5gR>pX=L$m*>1;#0h2y=46jhR&rJ5P0g;}Ux2|;voh9` zFw2QVnRg31V%Y$Nw8mz8DPe*eTpfz<&(mY7^?XA5h!GW1gemfn*D zlbyS<&?0X?=so08t3sL9o2XD&tSh5s1hQyBh9I!l15S))<$$$++>kT?gNLS)I_s>1!K2ME?*-aDA7r}Lul6q#lywR>7L|3%lgbCI6{e``~l4kCCHSgHkX^?zVA337&kY1PCv)( zp%?4^Q9_4O?=p=h^Ex^T?U+h@5Nn}r-?i_QzMoqi&}REoh%D4u20_edqX`xy=RpRq zYtzG_guhA_{57+a4y|8PZ-z`;9nAQTR*q^HrUJBHdKeM<2D3leM} zs~qiYwPSs|<-gMW7uKH)AcQYo>mltS z*n=MUH=2465q__Iy)A`u%pp~CRfCJFN7Rup`r)Ebs&P(n_T>4(E7zY$we=oEPMaoA zcF86mgAkl?&Wb>I+iKE=VF+$zRP(M>E2l?n&l5q~N5)0`p=Qn{Z)?nNB)!=BFcEqn z+WiE%aiL~bi)uBChmtpRBiV%xd(KcKrst&~e==;Y_CW)9CY5$%#df8_Q9*(SS?(i4 z#R+qnF%RK|?_l5=UX2s3uy~S?(={;xP)Dj5cqfCz0PEnI)XyknB>? z{M5xH?j3=?HE1a&J$AAn_gWwfeG;tFi+7&9#h%U_1f}^jHp=j0!c6^TYhU{xRZ0Dc zLrYckQ$2_AZBA_!-Xp$~BC~M7z2jkqr{DH73XNgtvD{hd(PIk6&BZ#*XrcDA%4?|I zx73x=Li^^-@FzHpMy-4yOw8Fi_+83*H;&OYL0{nV>OD&M1^dGwhg!gyDlk#}xE@nR zrudgmZ(BG-Q=Exnc&{?0&#GU_if;$~~hkr%uAm&(q%UXU%--HdxT`5Xxb{m%Gg__%=d?IJK)<*!FBhT`O%7pai;{hZ$F^a8Y<=I1qXnLJ1L` zq$C)f6*MgJnyAL6=o%d2XN5w8?^c453kkKLW=VP!-A;eH)b4^}f=4J5yPT@Jlz?hW zY+*7rRv68y%oz8*70)d@SKLB3U{6f%IeJ0Gks$d*N6!qb`5MSSR2iGS;4wg=Y4Fz) z!uF}5xh<>N7bjHF$8v=X<61A>jb?Zp$~idFhkHwpHmv@bkbhr?PXSOvgTce-Nj>}B zzi-1aM*>R?=q>RA3Z(KNH5JFH#XIB>+(A>b%upJ+)SKgZwy&NhKF#12=p0<{T%`yI zd}w02AiSGZEhqQv#({D2DRsS~VZh-l!7G4OrUyCsOenQp5mWC%D+8NnrU5<)V#bq2B)tF;c%QXSG87K}~g**c66B zRXfXgbb={t|%RNgFel+Lk@WUXvky_={&cjDIozymu z?91wO(=G2~AEf*|?!d2gJeoO!XFm|-F@9TcLp=vwUp&i~E`EZ51qG0Bgv?ax*>N~w zU+iGK0Q;*ax7nom?}izRW@}x8s(X4&t@BIlO*VQd9F8GLI=XBdsXd7cA-FlqNli;( zHgVK3(x;v;1hzoY$Hk|%&v&Di>zU#tY6&`$mmQ?B?xeKSTXyy#JMwb@y^cVT?cz-!WBHZlQW! z)&pB#4>u+{e)|+ijJk&n4wb}rP`aDWj9rL(bYI6_voTS}gAn_mL1(wNQCnvBGB5U6 zw+?3dMMBz_RXgGHpr>{zF2}ZB%4&rOX^{J|JolD z`&#$w>thllpn*Be8+xH%cj4FEeoTuBmz8ofyM=#I15q8X;0b6HT%!i~xpkNx&3^k9 zu^7syu4gJRQ!hX-7#X;=31`0ok{2FOL0|yL(8Is6=n^t&wF7E9Nxc134;FBrvLz4) zJinvuUwG9P3#V5mfs3aRY)*y~+^4KV`bs4XuuNch0Q{ga`Sv@GT8Mw=4DTdfkASKT zdT=d*hm-B&&5hOIS|yLc2PGLt;^36>hWMf?85|@ph%4MO-+_RGXe9zvCzg;n*ee9e zS$cH5C<5Sc_Ifbg`4qHdLDkns0%lXE5n(4v>ppSI|@X+Jb$ncSbAKl7L8+q zX^0U_5Sh(jQKjMQ9QTvt^y)R3ScBJldD&oBP4H$@dr$}+sT_Z*?cFX~>nt-{Q05J= zGwa{{R4{IovfwkZ2AXqS?Y9U8EhB=T9B&K2purBw9-SAbTOjOi?s`PxMmQ7X5;LfO ze^)RLuDx3F(TCSzaMqO}+_Ki>vQ@dIG6YoHu}mOql`cSZqF)4pLL~4Il%}R(U7CD^ z{)v3;fA9W1hD8uPLaSbtwh5Eqgc+fX3#m*8{(NlX2^7YqZ1N6pry2x@Am>lcMhW6U zEWkohIxA^LM<9jzxkIdlk>p&~VHz(tnNoJetIwnscJ`$e<=RE)^PN=L@qM;!iKu4y z!0!$g)TKLs~G?0Vm;~G zp7}fuAmT1`s_X;=+5Ilc>U4YQsScUjMK3@EjmL5a;lhm@eML2}rwT0*Jl%GdkNPi= zbqxc*WAb^gy%$KBi?{L~EG?`161>kF%BveWp>gZQaK&igX53_6`$U3`H60Hm?ydlu zS&n0Pgs>xIZU|jh5MV=uRAXcSPuTa2LQ9fItAe2RJ_G4ytw0MfY&uh__AOV+`F|K`HtbLeO=-N_!9m<>&&vxXa}31RSyBT zY?}w>b=mjTpy&t1Fzf2(TCJ?w)YJ3Fy-3jk#FIB3V$poRYR z++ElSpC^_eB59x&4t4vE`_9S2s^?p2)S7lP>Y_z})Jd?GmUNs_?01mE0g7n(+}zGL zo}J^WXGe)cHog;a;>@4!e0$P9&rxuy?#CMevs!ihW!ZGk=3qX(LuiY>R7se|8%-lxPC*{Z>{Dh_n+}7b6SrlC-CIguJ%(CR zu4q$nk=~UIGmx5Rw03Po}$RQLl2ZJ(e; z$2>!ySy`i{@tyZ|VN%(0_nqU5ki8b1F$P-Gsf04!9c-T#j*;;z^lmTS027El!tl)s zyQH01>LNKZa3yO2_%N6Ao{gSYpw~7y;n8`B4g~Y_Hc4MFbR>xMU0YY8*$z}mFlHYo z1YuK*)lE2>kcq7!t7Tl(W4I#?KR4K}Wy|Nc`N)rc3+1d=#Oh&GgtQkP2Q>E#Ng;(fR&FM2;E=}gcm;~RA z-CVP$vMy?;;xjs$KPO4fJ;eyL(h~zh6{lo;yGwc7(dM(Fdd?%{N)&p@(zg!E;cL$M zITddddgI9_R;}K98ab}xYmyD^Plqsa9YeN$`_MO@-OO21>U!FYjhJ)TP>-8G+bB0q z%;1gNMHyPc7I=TU`apahvyW_Y9*%FFb}M3K=VwNoUhQ*6IpP{%#CB@IsGS2nuwpK#K3i0c#X zHqfEumJ+-qnB*~@XOs?zdyUo7qU72VyP<51_=!>F-6HC@mwJSj*?f%3%JQ}0IJ=Ty zaShdDL=+qDeb@juw~uyI0QlU*G1Z^*;1MmgT^7@3r zyFq-XLGuTp&fzJ){)c|g2%ocfCpzJpvpgtehB_dQ96g%gVf+&+nQ&t+`dA$G;KMGg zN3VFuFHYW$d652G2cwI~^^k0Dzuw1}4^us?$e^_ae4{Y>_|x%}V~%CMh5OX37V-Q$ zWdiYrtz5ghER{j=Yg=~M_N7zu+AqHs{h1Ec1yyLhvwnMHc48yobdO}kjx3l<&N54s zPH6$`Rb0$XX8eaXZ{EV1nS9k%^&CTcf1}0$d?JAyP&GOGVBesi-4&x;m+ag2^Agb` zlGCaNFOQd!K5P;;wX6Jys(a$*9kVa!q)P8Xl#XZ7IZ+(W4)Pk_DLr{24uN^4*Haqy z$-POR3E`wxoJ{c$WVZ!jQj;k(R%o(ekflr4ORI=YG<)n?j{A7^Y$vw=eeWa7gvk%D z9|(s8Tc&S1TA`unq&Lm&ds9o)xpmOt#`-k5>3 zd#3YT)WNtlRds&$54M4QCYME?pxGR6%ozHq!Lz23bK9;~@&vps%uSGHTQXfIWRO5s zLJ5?;y4a`Qxi>l=_kK5uUc4-|&3g_!j9J8}W9|O#m3`4(t;hMn68mjnw(+_X=TlNxc2U_{@HyV)Ni^oq z*6_=EA}xGRt?{YEy3>IYHspB2w{P$+;p@ z@)s*xiWKr0$NrZ?!=|w1@5yc!rw%=Sd#%LmRL|V5-v-0o9ld|P74bh0ZN-j(jnOc4 z?XgJB?n7o7$)IP|rf;w0BJVpG!2W37GqHw9ugO<&90=Q5RoSRP(At8K%KH1thS3)Z z))v-_h%?db1>%)WJHoh@zSJO^y(Q9B;*IF3>l6ZCWXhKkWH=y(0-u2SZEPI)Mm1Z^7-(9 zon;v;=(T$8*oGqjIldlHdUx=$XFJb z)vcVJh<@*is5j6Mdyl@b3#nQ*6+B);u`YiRyJUakSAeSAmVtmX+q~t6W)XeXxzPtq zo&`{_*b6*bP%^QzFX7Co+XOW8Nd$xg5~MVSM5?|7lK@rrD*>Y4ZlVTqK99Ue!Tx~< z6qN;C#h-sIl(vh`A{D39s2&c$?aLuJh&(+s`I6rNL&%z^0ek%v|pkTuPooWC~`+W9rdFuPXy9D;D-3JWh^C{!EG1*m%I6iO^ z>G~F?Q|25d)&SoTd3eFl1w<;)wgfJ5P;SOmP#6|~=2g3`)`8#j{=j`Ukm*dxFq0g6 zTD1lEojKjwXn)OY;Si{_25ipBh{Vi_Ua>DucWIBMLm|WXeR%+s+S5M*Ev#n&!Lmbh zNV>uwJ{yPn?SddEYT6oN5twy&CC&^o%HO;FRGAK9>8$hZ0UYr9Cs5+})FmiPx7@9~ zWlzIGE)>=-JUi+r3l>RRgiFM@LxyE!uswxQt@K+mpVN9$yWAV(%?Ama(5g$aCn2xG z2oVk@e5|z8ecP;0dGwo}7F0s(t|vl;$cUn@*!2k+UuiRVI}Mccb`W7Bw$iem`-Y>f zoxxd|Sb`laeoj^0xyQmtGlUtezbv}S+votXODQHskY|?{v zF|PO*@xu2m&`rUBrth@WYA7@isjX5j0vTyGIW-iVsj5yl?3+e=v|71KX83L`kF_1M z%8+weT$EUxt#2eeWXr{5?LI@{r2M*sg5*hmXuWOoqQ6jzt$}f0xw4Lg$+$_b1-YQr zmo})1BBUBlI%OD4tiv5#rxz|o;FnGuC;b)2%=>M+D_{)Tc&B;T6%+xIVbMEy*87@= z98H8g)%%ILv!f8gAp!WkEGlFNIh9c(5tbxORO@?NJ}@|qT)QN3V7JIUOI&3YOF^7G zcsX-hr*HlloB}54>DPiC2+eo{Nd1w4;f>qvbwR;|o+GT6`fR^BVr{DLm$NIja{#nM zPq*Zs&yJHv^aGdm0KioAJWF-H^KyQP&1y=|_wt=^)VvwEtJ3)Fgysf<-}bC`_KTh7 zwQk75>$Z_4M<0%X23=+UBaPuDp-bmX+gcWnqgJQ*BWWX-5KCGGsDf zp!7*CAiG8uNo3@-Xxv4P;>oFPIHO3gS`apyb{Or6cq_6$LV_0=;T<0UHT=)fse^*4XXPQ)5% z9Z#V4Q*o@C$$wch0X#E!^993+Oj33*&dff}q^&}*+d&}Hj^f&v!8L&uIvIR!q~;v5UdijMP_r}~*|Nd(=1SC*gPq-}R<_n2Ih zFHU-jXTygP7U?hG+7#!u4Lae8jO$v4*0;qqFyS!%-b+`rVcTysAhO`SAQeYVqn1pX zRb$?91=;EhUTW)9<>(VEzH{(%6$YRkTO)Tpu2{l|nw1@Z+RCQp_};*L`i)up88t8t zv@32>a3v5oy0v<4eD#IlRatu3QZ8RO+uNieQ4%$f?s7Hlbh8$G&xC4PZlhf?ER?g1 z(K)FUW6AM)9SD21A1Fj@b9;G96aMedBQN&AqpwGR3#kb7Bstl=h^vP7N5pJItSHjelhc}7+)1&%v0jA*p0$l zXdX1l!P_U+EN=0`^HDTfAh$nM#gJjgJ=7 zz3_E`6UV~0)A+Yn;h3|=M7a4;oS6`DGoNXOr5RYjplX+`yhoW)@D;spvYtZKqbnt8 z^T#f9-(q{+4~NqsfcQl*f>G6lf3s7PZ`VfxBX?D7bJO3pkD!EthRz0QL*GUSR|ya2(Y9Ql>TGQ25a?V9X#bkyP{)NVM}lRn4cIq*l@ z&iW%f8T7$0zW`4eRvknM(ZH%rw z{*-T{`OE~&9sS6&D@Fi0C=++lqeUS#*E|7sWj-?PN_*-D;2tLbbYN2jo1mv(nDcJ{ z4Y&rNb%%=b=c4+ zpNkuM0+9ZOS;WIy0DS(NCN}#aFF^D8c#3L8S2^Ah7zPLUVabXq-P*1fsE{ zV0@TcJB>JvsK1H51MH^;qK-9nU3HxszT@>1HN!%Y2@Fxjmr{W5kPw%me-n({_T?1d zyY}?~bVvu9iu~`a*2-Z?ep+^r-`15vCY=hab2gXSPq$B?CE?N(NDv26%yT7lSq1{Z zt_1_ATw%4>s1|XKhP~lscX6%ZddlnB!)x$E3GMg{&9La!t}a9=4H>u%@iHIyms4c4 zBC35mQ#zDg_L!V_dj)79t*UEFIpv7FZMC_we}QaY3mCYBmT}c% zbD(isYA^5aeWY_(RXt)s1-{?jJ+&FbWj09&>|6X8_2Ub|yc;J2SM!3nLN7x*!Cr$s zi-#@Uo4-_Wu6I!>845(}^RXI^E5oeMX}B1EM$JzK_HCMPf&&iuy5Vi7+9#viB7_ef zp=ZfAwukiV5fbPUR=eV8k$HF}D$;*16m)~=W5M-`n*h|eh_F9l)(x83Ko0t=MFO*+8`-xsq#+clE-jSN*F`<|MgWhh`p7a|xcRR8 zHREMq&ogNeqsY)9F?Ctij$)C@;#(kpiGN^HY5XVa)QZaG-%m!59Z{^BdoPC>Ir0-k zevFlRXC7=7#L*+}mk;;^u}!?HGQ?bmtGXFWw3tFZS01fr60g#Gp|)|*PU{@Bdoc6%FpJ9; zsjBCo?S3e~J~K`}2=B;HS2-|EHcWh$!Mn(pu8L*4dH00l?_0GOEyyOB9n^yKaHyIz zA#npMaP3|kR!7SN=TDx%aG$gW3k-9GZbYu-+>SFNy`Ul2Pi$&1#*rBHBP-48n6|L+ zl3%Vg^xQn1)M9#&;(KgS;_BbmyB*TaDIT&c|LFnGuHUz2FQOa7;u(La{}xf%uVT>c zItm2ih?JkyftvrFGvz;@qW<%3f9mLevyT1;b?(oeL>A}|aezhmchJzEUGh)aC0jP$ zb7sgV*+w<4@_QdbhSwCcAPqK6=YNCSBfnq0;H-f(Mf~}TKT87J;Lm3G^L)TI_;WJ+ zITQbsi9e6QA87CgE&Ztme?ZY6Q1k~B{ow|GxHCKje?ZY6Q1k~B{do-jfTBO3=ub8H z&x4|~^PftPGTL-BX!hdVsc>7q-;=MN{EoUwL-QdO)u%9I{MDbo__HMcA8rQPeV6zP U#A4$Sw~6ZFIbDrHHQV6-0|H@b{{R30 literal 0 HcmV?d00001