From 94609d9e08041edf0f5063b031768f807d2b759e Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Sat, 20 Jul 2024 14:33:30 +0300
Subject: [PATCH 01/43] fix(jans-linux-setup): kc-scheduler.service upon
 uninstall (#8982)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 jans-linux-setup/jans_setup/install.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/jans-linux-setup/jans_setup/install.py b/jans-linux-setup/jans_setup/install.py
index 79732c000a4..11cc0ce87fa 100755
--- a/jans-linux-setup/jans_setup/install.py
+++ b/jans-linux-setup/jans_setup/install.py
@@ -230,9 +230,6 @@ def uninstall_jans():
     if os.path.exists('/opt/opa'):
         service_list.append('opa')
 
-    if os.path.exists('/opt/kc-scheduler'):
-        service_list.append('kc-scheduler')
-
     for service in service_list:
 
         print("Stopping", service)
@@ -252,7 +249,7 @@ def uninstall_jans():
     os.system('systemctl daemon-reload')
     os.system('systemctl reset-failed')
 
-    remove_list = ['/etc/certs', '/etc/jans', '/opt/amazon-corretto*', '/opt/jre', '/opt/node*', '/opt/jetty*', '/opt/jython*', '/opt/keycloak', '/opt/idp', '/opt/opa', '/opt/kc-scheduler']
+    remove_list = ['/etc/certs', '/etc/jans', '/opt/amazon-corretto*', '/opt/jre', '/opt/node*', '/opt/jetty*', '/opt/jython*', '/opt/keycloak', '/opt/idp', '/opt/opa', '/opt/kc-scheduler', '/etc/cron.d/kc-scheduler-cron']
     if argsp.profile == 'jans':
         remove_list.append('/opt/opendj')
     if not argsp.keep_downloads:

From 56ae412d3a174b69184f75b72ef12769f7defbfb Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Mon, 22 Jul 2024 08:32:16 +0300
Subject: [PATCH 02/43] fix(jans-linux-setup): install with setup.properties
 (#8994)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 .../jans_setup/setup_app/utils/properties_utils.py   | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
index 15eca9bd0c1..eb71031615f 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
@@ -194,13 +194,21 @@ def load_properties(self, prop_file, no_update=[]):
         if p.get('cb_install') == '0':
            p['cb_install'] = InstallTypes.NONE
 
+        if p.get('cb_install'):
+            p['opendj_install'] = InstallTypes.NONE
+            p['rdbm_install'] = InstallTypes.NONE
+
         if p.get('opendj_install') == '0':
             p['opendj_install'] = InstallTypes.NONE
 
+        if base.as_bool(p.get('installLdap', False)):
+            p['opendj_install'] = InstallTypes.LOCAL
+            p['rdbm_install'] = InstallTypes.NONE
+
         if p.get('enable-script'):
             base.argsp.enable_script = p['enable-script'].split()
 
-        if p.get('loadTestData'):
+        if base.as_bool(p.get('loadTestData', False)):
             base.argsp.t = True
 
         if p.get('rdbm_type') == 'pgsql' and not p.get('rdbm_port'):
@@ -635,8 +643,6 @@ def pompt_for_jans_lock(self):
                                             self.getDefaultOption(Config.install_jans_lock)
                                             )[0].lower()
 
-        
-
         if prompt == 'y':
             prompt = self.getPrompt("  Install Jans Lock as Server?",
                                             self.getDefaultOption(Config.install_jans_lock)

From 7af36c9a563be16b2aa1fb9149d4d3ebc09cb2fa Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Mon, 22 Jul 2024 10:07:44 +0300
Subject: [PATCH 03/43] ci: add cb spanner docker monolith (#8999)

* feat:add couchabse and spanner

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* ci: parse couchbase and spanner docker compose files

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* ci: fix typo

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* ci: fix typo

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* ci: fix typo

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: run spanner locally

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: run spanner locally

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: run spanner locally

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: run spanner locally

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: run spanner locally

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: run spanner locally

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: run spanner locally

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: run spanner locally

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: RUN_TEST parse

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: RUN_TEST parse

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* fix: adjust spanner setup

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* ci: default don't install KC

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* chore: break out of setup

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

---------

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>
---
 .../workflows/test_docker_linux_installer.yml |  2 +-
 automation/startjanssenmonolithdemo.sh        | 23 ++++++--
 docker-jans-monolith/Dockerfile               |  8 ++-
 docker-jans-monolith/clean.sh                 |  2 +-
 docker-jans-monolith/down.sh                  |  2 +-
 .../jans-couchbase-compose.yml                | 59 +++++++++++++++++++
 docker-jans-monolith/jans-ldap-compose.yml    |  2 +-
 docker-jans-monolith/jans-mysql-compose.yml   |  2 +-
 .../jans-postgres-compose.yml                 |  2 +-
 docker-jans-monolith/jans-spanner-compose.yml | 44 ++++++++++++++
 docker-jans-monolith/scripts/entrypoint.sh    | 20 ++++++-
 docker-jans-monolith/up.sh                    |  2 +-
 12 files changed, 154 insertions(+), 14 deletions(-)
 create mode 100644 docker-jans-monolith/jans-couchbase-compose.yml
 create mode 100644 docker-jans-monolith/jans-spanner-compose.yml

diff --git a/.github/workflows/test_docker_linux_installer.yml b/.github/workflows/test_docker_linux_installer.yml
index d3214f714ae..11602a99b02 100644
--- a/.github/workflows/test_docker_linux_installer.yml
+++ b/.github/workflows/test_docker_linux_installer.yml
@@ -21,7 +21,7 @@ jobs:
       max-parallel: 6
       matrix:
         # add '"pgsql" when supported
-        persistence-backends: ["MYSQL", "PGSQL", "LDAP"]
+        persistence-backends: ["MYSQL", "PGSQL", "LDAP", "COUCHBASE", "SPANNER"]
         python-version: ["3.7"]
       fail-fast: false
     steps:
diff --git a/automation/startjanssenmonolithdemo.sh b/automation/startjanssenmonolithdemo.sh
index 89888cc4a79..5af5405a77f 100644
--- a/automation/startjanssenmonolithdemo.sh
+++ b/automation/startjanssenmonolithdemo.sh
@@ -12,7 +12,7 @@ if [[ ! "$JANS_FQDN" ]]; then
   read -rp "Enter Hostname [demoexample.jans.io]:                           " JANS_FQDN
 fi
 if [[ ! "$JANS_PERSISTENCE" ]]; then
-  read -rp "Enter persistence type [LDAP|MYSQL|PGSQL]:                            " JANS_PERSISTENCE
+  read -rp "Enter persistence type [LDAP|MYSQL|PGSQL|COUCHBASE[TEST]|SPANNER[TEST]]:                            " JANS_PERSISTENCE
 fi
 
 if [[ -z $EXT_IP ]]; then
@@ -72,12 +72,15 @@ if [[ "$JANS_BUILD_COMMIT" ]]; then
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-mysql-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-postgres-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-ldap-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
+  python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-couchbase-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
+  python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-spanner-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
 fi
 # --
 if [[ "$IS_FQDN_REGISTERED" ]]; then
   python3 -c "from dockerfile_parse import DockerfileParser ; dfparser = DockerfileParser('/tmp/jans/docker-jans-monolith') ; dfparser.envs['IS_FQDN_REGISTERED'] = 'true'"
 fi
-if [[ "$RUN_TESTS" ]]; then
+if [[ "$RUN_TESTS" == "true" ]]; then
+  echo "Activating RUN_TEST ENV.."
   python3 -c "from dockerfile_parse import DockerfileParser ; dfparser = DockerfileParser('/tmp/jans/docker-jans-monolith') ; dfparser.envs['RUN_TESTS'] = 'true'"
 fi
 if [[ $JANS_PERSISTENCE == "MYSQL" ]]; then
@@ -86,6 +89,10 @@ elif [[ $JANS_PERSISTENCE == "PGSQL" ]]; then
   bash /tmp/jans/docker-jans-monolith/up.sh postgres
 elif [[ $JANS_PERSISTENCE == "LDAP" ]]; then
   bash /tmp/jans/docker-jans-monolith/up.sh ldap
+elif [[ $JANS_PERSISTENCE == "COUCHBASE" ]]; then
+  bash /tmp/jans/docker-jans-monolith/up.sh couchbase
+elif [[ $JANS_PERSISTENCE == "SPANNER" ]]; then
+  bash /tmp/jans/docker-jans-monolith/up.sh spanner
 fi  
 echo "$EXT_IP $JANS_FQDN" | sudo tee -a /etc/hosts > /dev/null
 jans_status="unhealthy"
@@ -119,9 +126,13 @@ docker exec docker-jans-monolith-jans-1 curl -f -k https://localhost/.well-known
 echo -e "Testing fido2-configuration endpoint.. \n"
 docker exec docker-jans-monolith-jans-1 curl -f -k https://localhost/.well-known/fido2-configuration
 mkdir -p /tmp/reports || echo "reports folder exists"
-while ! docker exec docker-jans-monolith-jans-1 test -f "/tmp/httpd.crt"; do
+end=$((SECONDS+180))
+while [ $SECONDS -lt $end ]; do
   echo "Waiting for the container to run java test preparations"
-  sleep 5
+  if docker exec docker-jans-monolith-jans-1 test -f "/tmp/httpd.crt"; then
+    break
+  fi
+  sleep 10
 done
 echo -e "Running build.. \n"
 docker exec -w /tmp/jans/jans-auth-server docker-jans-monolith-jans-1 mvn -Dcfg="$JANS_FQDN" -Dmaven.test.skip=true -fae clean compile install
@@ -134,7 +145,9 @@ docker cp docker-jans-monolith-jans-1:/tmp/jans/jans-auth-server/test-model/targ
 docker cp docker-jans-monolith-jans-1:/tmp/jans/jans-auth-server/model/target/surefire-reports/testng-results.xml /tmp/reports/$JANS_PERSISTENCE-jans-auth-model-testng-results.xml
 
 EOF
-sudo bash testendpoints.sh
+if [[ "$RUN_TESTS" == "true" ]]; then
+  sudo bash testendpoints.sh
+fi
 echo -e "You may re-execute bash testendpoints.sh to do a quick test to check the configuration endpoints."
 echo -e "Add the following record to your local computers' hosts file to engage with the services $EXT_IP $JANS_FQDN"
 echo -e "To stop run:"
diff --git a/docker-jans-monolith/Dockerfile b/docker-jans-monolith/Dockerfile
index 7ea8ba310de..98568c68cda 100644
--- a/docker-jans-monolith/Dockerfile
+++ b/docker-jans-monolith/Dockerfile
@@ -1,5 +1,6 @@
 FROM ubuntu:22.04@sha256:e9569c25505f33ff72e88b2990887c9dcf230f23259da296eb814fc2b41af999
 
+
 # Don't start any optional services except for the few we need.
 RUN find /etc/systemd/system \
     /lib/systemd/system \
@@ -32,6 +33,9 @@ RUN systemctl set-default multi-user.target \
 RUN rm -f /lib/systemd/system/systemd*udev* \
     && rm -f /lib/systemd/system/getty.target
 
+# Install google cloud client
+RUN curl https://sdk.cloud.google.com > install.sh && bash install.sh --disable-prompts
+
 HEALTHCHECK --interval=35s --timeout=4s CMD /opt/dist/scripts/jans-auth check | grep "Jetty running pid" || exit 1
 
 # Ports required by jetty
@@ -66,6 +70,8 @@ ENV CN_HOSTNAME="demoexample.jans.io" \
     TEST_CLIENT_ID="9876baac-de39-4c23-8a78-674b59df8c09" \
     TEST_CLIENT_SECRET="" \
     TEST_CLIENT_TRUSTED="true" \
+    CN_INSTALL_COUCHBASE="false" \
+    CN_INSTALL_SPANNER="false" \
     CN_INSTALL_LDAP="false" \
     CN_INSTALL_MYSQL="false" \
     CN_INSTALL_PGSQL="false" \
@@ -76,7 +82,7 @@ ENV CN_HOSTNAME="demoexample.jans.io" \
     CN_INSTALL_KC_LINK="true" \
     CN_INSTALL_LINK="true" \
     CN_INSTALL_LOCK="true" \
-    CN_INSTALL_SAML="true" \
+    CN_INSTALL_SAML="false" \
     CN_INSTALL_OPA="true" \
     RDBMS_DATABASE="jans" \
     RDBMS_USER="jans" \
diff --git a/docker-jans-monolith/clean.sh b/docker-jans-monolith/clean.sh
index 1356f9a5506..04b7afefbb7 100644
--- a/docker-jans-monolith/clean.sh
+++ b/docker-jans-monolith/clean.sh
@@ -5,7 +5,7 @@ if [ -z "$1" ]; then
     yaml="jans-mysql-compose.yml"
 else
 	case "$1" in
-		mysql|ldap|postgres)
+		mysql|ldap|postgres|couchbase|spanner)
 			yaml="jans-${1}-compose.yml"
 			;;
 		*)
diff --git a/docker-jans-monolith/down.sh b/docker-jans-monolith/down.sh
index 017578f58b4..079877655c0 100644
--- a/docker-jans-monolith/down.sh
+++ b/docker-jans-monolith/down.sh
@@ -5,7 +5,7 @@ if [ -z "$1" ]; then
     yaml="jans-mysql-compose.yml"
 else
 	case "$1" in
-		mysql|ldap|postgres)
+		mysql|ldap|postgres|couchbase|spanner)
 			yaml="jans-${1}-compose.yml"
 			;;
 		*)
diff --git a/docker-jans-monolith/jans-couchbase-compose.yml b/docker-jans-monolith/jans-couchbase-compose.yml
new file mode 100644
index 00000000000..1ee690468f7
--- /dev/null
+++ b/docker-jans-monolith/jans-couchbase-compose.yml
@@ -0,0 +1,59 @@
+version: "3.7"
+services:
+  couchbase:
+    image: couchbase/server-sandbox:7.6.1
+    restart: always
+    ports:
+      - "8091-8096:8091-8096"
+      - "11210-11211:11210-11211"
+    volumes:
+      - ./couchbase_demo:/opt/couchbase/var
+    networks:
+      - cloud_bridge
+  jans:
+    image: ${JANSSEN_IMAGE:-ghcr.io/janssenproject/jans/monolith:1.1.4_dev}
+    restart: always
+    ports:
+      - "443:443"
+      - "80:80"
+    depends_on:
+      - couchbase
+    networks:
+      - cloud_bridge
+    environment:
+      #- CN_HOSTNAME=demoexample.jans.io
+      - CN_ADMIN_PASS=1t5Fin3#security
+      - CN_ORG_NAME=Janssen
+      - CN_EMAIL=support@jans.io
+      - CN_CITY=Austin
+      - CN_STATE=TX
+      - CN_COUNTRY=US
+      - CN_INSTALL_COUCHBASE=true
+      - CN_INSTALL_CONFIG_API=true
+      - CN_INSTALL_SCIM=true
+      - CN_INSTALL_FIDO2=true
+      - CN_INSTALL_CASA=true
+      - CN_INSTALL_KC_LINK=true
+      - CN_INSTALL_LOCK=true
+      - CN_INSTALL_SAML=false
+      - CN_INSTALL_OPA=true
+      - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09
+      - TEST_CLIENT_TRUSTED=true
+      - TEST_CLIENT_SECRET=1t5Fin3#security
+      - COUCHBASE_PASSWORD=password
+      - COUCHBASE_ADMIN=Administrator
+      - COUCHBASE_HOSTNAME=couchbase
+    volumes:
+      - ./jans-auth-custom:/opt/jans/jetty/jans-auth/custom
+      - ./jans-config-api-custom:/opt/jans/jetty/jans-config-api/custom
+      - ./jans-fido2-custom:/opt/jans/jetty/jans-fido2/custom
+      - ./jans-scim-custom:/opt/jans/jetty/jans-scim/custom
+      - ./jans-auth-log:/opt/jans/jetty/jans-auth/logs
+      - ./jans-config-api-log:/opt/jans/jetty/jans-config-api/logs
+      - ./jans-scim-log:/opt/jans/jetty/jans-scim/logs
+      - ./jans-fido2-log:/opt/jans/jetty/jans-fido2/log
+volumes:
+  db-data:
+networks:
+  cloud_bridge:
+    driver: bridge
diff --git a/docker-jans-monolith/jans-ldap-compose.yml b/docker-jans-monolith/jans-ldap-compose.yml
index 1be5a46d11f..8782bd46570 100644
--- a/docker-jans-monolith/jans-ldap-compose.yml
+++ b/docker-jans-monolith/jans-ldap-compose.yml
@@ -23,7 +23,7 @@ services:
       - CN_INSTALL_CASA=true
       - CN_INSTALL_KC_LINK=true
       - CN_INSTALL_LOCK=true
-      - CN_INSTALL_SAML=true
+      - CN_INSTALL_SAML=false
       - CN_INSTALL_OPA=true
       - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09
       - TEST_CLIENT_TRUSTED=true
diff --git a/docker-jans-monolith/jans-mysql-compose.yml b/docker-jans-monolith/jans-mysql-compose.yml
index 1636788d354..c8b9e40687d 100644
--- a/docker-jans-monolith/jans-mysql-compose.yml
+++ b/docker-jans-monolith/jans-mysql-compose.yml
@@ -40,7 +40,7 @@ services:
       - CN_INSTALL_CASA=true
       - CN_INSTALL_KC_LINK=true
       - CN_INSTALL_LOCK=true
-      - CN_INSTALL_SAML=true
+      - CN_INSTALL_SAML=false
       - CN_INSTALL_OPA=true
       - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09
       - TEST_CLIENT_TRUSTED=true
diff --git a/docker-jans-monolith/jans-postgres-compose.yml b/docker-jans-monolith/jans-postgres-compose.yml
index f63ab7c85b7..9974b463fb5 100644
--- a/docker-jans-monolith/jans-postgres-compose.yml
+++ b/docker-jans-monolith/jans-postgres-compose.yml
@@ -38,7 +38,7 @@ services:
       - CN_INSTALL_CASA=true
       - CN_INSTALL_KC_LINK=true
       - CN_INSTALL_LOCK=true
-      - CN_INSTALL_SAML=true
+      - CN_INSTALL_SAML=false
       - CN_INSTALL_OPA=true
       - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09
       - TEST_CLIENT_TRUSTED=true
diff --git a/docker-jans-monolith/jans-spanner-compose.yml b/docker-jans-monolith/jans-spanner-compose.yml
new file mode 100644
index 00000000000..26ea5569c50
--- /dev/null
+++ b/docker-jans-monolith/jans-spanner-compose.yml
@@ -0,0 +1,44 @@
+version: "3.7"
+services:
+  jans:
+    image: ${JANSSEN_IMAGE:-ghcr.io/janssenproject/jans/monolith:1.1.4_dev}
+    restart: always
+    ports:
+      - "443:443"
+      - "80:80"
+    networks:
+      - cloud_bridge
+    environment:
+      #- CN_HOSTNAME=demoexample.jans.io
+      - CN_ADMIN_PASS=1t5Fin3#security
+      - CN_ORG_NAME=Janssen
+      - CN_EMAIL=support@jans.io
+      - CN_CITY=Austin
+      - CN_STATE=TX
+      - CN_COUNTRY=US
+      - CN_INSTALL_SPANNER=true
+      - CN_INSTALL_CONFIG_API=true
+      - CN_INSTALL_SCIM=true
+      - CN_INSTALL_FIDO2=true
+      - CN_INSTALL_CASA=true
+      - CN_INSTALL_KC_LINK=true
+      - CN_INSTALL_LOCK=true
+      - CN_INSTALL_SAML=false
+      - CN_INSTALL_OPA=true
+      - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09
+      - TEST_CLIENT_TRUSTED=true
+      - TEST_CLIENT_SECRET=1t5Fin3#security
+    volumes:
+      - ./jans-auth-custom:/opt/jans/jetty/jans-auth/custom
+      - ./jans-config-api-custom:/opt/jans/jetty/jans-config-api/custom
+      - ./jans-fido2-custom:/opt/jans/jetty/jans-fido2/custom
+      - ./jans-scim-custom:/opt/jans/jetty/jans-scim/custom
+      - ./jans-auth-log:/opt/jans/jetty/jans-auth/logs
+      - ./jans-config-api-log:/opt/jans/jetty/jans-config-api/logs
+      - ./jans-scim-log:/opt/jans/jetty/jans-scim/logs
+      - ./jans-fido2-log:/opt/jans/jetty/jans-fido2/log
+volumes:
+  db-data:
+networks:
+  cloud_bridge:
+    driver: bridge
diff --git a/docker-jans-monolith/scripts/entrypoint.sh b/docker-jans-monolith/scripts/entrypoint.sh
index faa663a9ddc..93bec5c516d 100644
--- a/docker-jans-monolith/scripts/entrypoint.sh
+++ b/docker-jans-monolith/scripts/entrypoint.sh
@@ -65,9 +65,27 @@ install_jans() {
     echo "Installing with Postgres"
     echo "rdbm_type=pgsql" | tee -a setup.properties > /dev/null
     echo "rdbm_port=5432" | tee -a setup.properties > /dev/null
+  elif [[ "${CN_INSTALL_COUCHBASE}" == "true" ]]; then
+    echo "Installing with Couchbase"
+    echo "cb_install=2" | tee -a setup.properties > /dev/null
+    echo "cb_password=${COUCHBASE_PASSWORD}" | tee -a setup.properties > /dev/null
+    echo "couchbase_hostname=${COUCHBASE_HOSTNAME}" | tee -a setup.properties > /dev/null
+    echo "couchebaseClusterAdmin=${COUCHBASE_ADMIN}" | tee -a setup.properties > /dev/null
+  elif [[ "${CN_INSTALL_SPANNER}" == "true" ]]; then
+    echo "Installing with SPANNER"
+    echo "rdbm_type=spanner" | tee -a setup.properties > /dev/null
+    echo "rdbm_install_type=2" | tee -a setup.properties > /dev/null
+    echo "spanner_emulator_host=localhost" | tee -a setup.properties > /dev/null
+    echo "spanner_project=jans-project" | tee -a setup.properties > /dev/null
+    echo "spanner_instance=jans-instance" | tee -a setup.properties > /dev/null
+    echo "spanner_database=jansdb" | tee -a setup.properties > /dev/null
+    "$HOME"/google-cloud-sdk/bin/gcloud emulators spanner start --quiet &
+    gcloud config configurations create emulator
+    gcloud config set auth/disable_credentials true
+    gcloud config set project jans-project
+    gcloud config set api_endpoint_overrides/spanner http://localhost:9020/
   fi
 
-
   echo "*****   Running the setup script for ${CN_ORG_NAME}!!   *****"
   echo "*****   PLEASE NOTE THAT THIS MAY TAKE A WHILE TO FINISH. PLEASE BE PATIENT!!   *****"
   echo "Executing https://raw.githubusercontent.com/JanssenProject/jans/${JANS_SOURCE_VERSION}/jans-linux-setup/jans_setup/install.py > install.py"
diff --git a/docker-jans-monolith/up.sh b/docker-jans-monolith/up.sh
index 932fd8f8bd5..c071b29cf32 100644
--- a/docker-jans-monolith/up.sh
+++ b/docker-jans-monolith/up.sh
@@ -5,7 +5,7 @@ if [ -z "$1" ]; then
     yaml="jans-mysql-compose.yml"
 else
 	case "$1" in
-		mysql|ldap|postgres)
+		mysql|ldap|postgres|couchbase|spanner)
 			yaml="jans-${1}-compose.yml"
 			;;
 		*)

From 1ec68304c012f6e2451b18ed4c4166554aa178a7 Mon Sep 17 00:00:00 2001
From: Adam Albright <aalbright425@gmail.com>
Date: Mon, 22 Jul 2024 04:23:19 -0400
Subject: [PATCH 04/43] docs: correct spelling of properties (#8710)

Signed-off-by: Rehket <aalbright425@gmail.com>
Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>
---
 docs/admin/planning/security-best-practices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/admin/planning/security-best-practices.md b/docs/admin/planning/security-best-practices.md
index 58e16e6c41c..be9b1b4403c 100644
--- a/docs/admin/planning/security-best-practices.md
+++ b/docs/admin/planning/security-best-practices.md
@@ -55,7 +55,7 @@ flow, Review the CORS filter configuration for Jans Auth Server. CORS restricts
 access to trusted domains to execute browser application requests to Auth Server
 endpoints. By default, the filter allows any RP to call OpenID endpoints.
 
-Review Auth Server propoerties chosen for `sessionIdUnusedLifetime` and
+Review Auth Server properties chosen for `sessionIdUnusedLifetime` and
 `sessionIdLifetime`. Long sessions present higher risks of session hijacking and
 unauthorized access from shared devices.
 

From dfc910fc2650d899ef71f26a977f59f0088aabdf Mon Sep 17 00:00:00 2001
From: Michael Schwartz <mike@gluu.org>
Date: Mon, 22 Jul 2024 03:29:54 -0500
Subject: [PATCH 05/43] docs: more Cedarling overview docs (#8996)

* More Cedarling overview docs

* fix(docs): add links to navigation

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

---------

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
Co-authored-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
---
 docs/admin/lock/README.md                |  11 +-
 docs/admin/lock/cedarling.md             | 147 +++++++++++++++++++++++
 docs/admin/lock/lock-master.md           |  22 ++++
 docs/assets/lock-cedarling-diagram-1.jpg | Bin 0 -> 62314 bytes
 docs/assets/lock-cedarling-diagram-2.jpg | Bin 0 -> 53251 bytes
 docs/assets/lock-cedarling-diagram-3.jpg | Bin 0 -> 37221 bytes
 docs/assets/lock-cedarling-diagram-4.jpg | Bin 0 -> 96286 bytes
 mkdocs.yml                               |   2 +
 8 files changed, 177 insertions(+), 5 deletions(-)
 create mode 100644 docs/admin/lock/cedarling.md
 create mode 100644 docs/assets/lock-cedarling-diagram-1.jpg
 create mode 100644 docs/assets/lock-cedarling-diagram-2.jpg
 create mode 100644 docs/assets/lock-cedarling-diagram-3.jpg
 create mode 100644 docs/assets/lock-cedarling-diagram-4.jpg

diff --git a/docs/admin/lock/README.md b/docs/admin/lock/README.md
index bf39ab513c3..05ac2770a59 100644
--- a/docs/admin/lock/README.md
+++ b/docs/admin/lock/README.md
@@ -21,11 +21,12 @@ traditional access management strategies like RBAC and more adaptive capabilitie
 grain decisions based on contextal data. The Cedar Engine does this without sacrificing performance 
 or the security benefits of a deterministic policy engine.
 
-There are three key components in a Lock topology: (1) Cedarling--a WebAssembly ("WASM") 
-component that runs the [Amazon Rust Cedar Engine](https://github.com/cedar-policy/cedar) and
-performs JWT token validation; (2) Lock Master--a web service deployed by domains to manage a 
-network of distributed ephemeral Cedarlings; (3) [Agama Lab](https://cloud.gluu.org/agama-lab),
-a policy authoring tool for developers to design policies and publish their policy store in Github.
+There are three key components in a Lock topology: (1) [Cedarling](./cedarling.md)--a WebAssembly 
+("WASM") component that runs the [Amazon Rust Cedar Engine](https://github.com/cedar-policy/cedar) and
+performs JWT token validation; (2)[Lock Master](./lock-master.md)--a web service deployed by domains
+to manage a network of distributed ephemeral Cedarlings; (3) 
+[Agama Lab](https://cloud.gluu.org/agama-lab), a policy authoring tool for developers to design 
+policies and publish their policy store in Github.
 
 You don't need to deploy a Jans Lock Topology to derive utility from the Cedarling. Javascript 
 developers can use the Cedarling to secure even a single browser-based application, especially if 
diff --git a/docs/admin/lock/cedarling.md b/docs/admin/lock/cedarling.md
new file mode 100644
index 00000000000..de5668f150b
--- /dev/null
+++ b/docs/admin/lock/cedarling.md
@@ -0,0 +1,147 @@
+---
+tags:
+  - administration
+  - lock
+  - authorization / authz
+  - Cedar
+  - Cedarling
+---
+
+# Authorization Using Cedarling
+
+## What Is Cedarling
+
+The Cedarling is a local, autonomous Policy Decision Point, or "PDP". It runs as a local 
+WebAssembly ("WASM") component--you can call it directly in the browser from a JavaScript 
+function. With each authorization call, the Cedarling has all the policies and data it 
+needs to make a fast, local decision. The Cedarling's authorization function is *deterministic*.
+The Cedarling always returns either `permit` or `forbid`. You will never get an error 
+indicating a network timeout, or a divide by zero error. It is also very fast.
+
+![](../../assets/lock-cedarling-diagram-1.jpg)
+
+In a JavaScript browser framework, the Cedarling loads its policy store during initialization, as a 
+static JSON file or fetched via REST. Developers may consider the Cedarling policy store as part of 
+the code. Having the policies in one file makes it easier to audit the security features and 
+controls of an application. It facilitates creation of complex contextual policies without 
+cluttering application code with lots of `if` - `then` statements. Importantly, the Cedarling creates an 
+audit log of all decisions by an application to allow or forbid actions. In an enterprise deployment, 
+this audit log is sent for central archiving.
+
+Where does the Cedarling get the data for policy evaluation? The data is contained in OAuth and 
+OpenID JWTs that are sent as part of the authorization request to the Cedarling. This makes sense, 
+because most modern applications rely on a federated identity provider or "IDP". The Cedarling assumes 
+the use of OAuth and OpenID Connect--sorry SAML geeks. 
+
+![](../../assets/lock-cedarling-diagram-2.jpg)
+
+Two JWT tokens in particular are typical: (1) an OpenID Connect id_token and (2) an OAuth access 
+token. The Cedarling can trust the id_token and access token to extract the User, 
+Role and Client pricipals. The tokens also contain other interesting contextual data. An OpenID 
+Connect id_token JWT is a record of an authentication event that tells you who authenticated, when 
+they authenticated, how they authenticatated, and other claims like the subject's Roles. An OAuth 
+Access Token JWT can tell you information about the software that obtained the the JWT, its extent 
+of access as defined by the OAuth Authorization Server (*i.e.* the values of the `scope` claim), or 
+other claims--domains frequently enhance the access token to contain business specific data needed 
+for policy evaluation.
+
+The Cedarling, as its name suggests, enables you to define the security rules for your application 
+in [Cedar](https://www.cedarpolicy.com/en) policy syntax. Cedar was invented by Amazon for their 
+[Verified Permission](https://aws.amazon.com/verified-permissions/) service. It uses the **PARC** 
+syntax: **P**rincipal, **A**ction, **R**esource, **C**ontext.  Principal-Action-Resource is typical
+for most authorization solutions. For example, you may have a policy that says *Admins* can *write*
+to the *config* folder. In this example, the *Admin* Role is the Principal, *write* is the Action,
+and the *config* folder is the Resource. The Context is used to specify information about the
+enivironment, like the time of day or network address.
+
+The Cedarling authorizes a person using a certain piece of software to do something. From 
+a logical perspective, `person_allowed AND client_allowed` must be `True`. While this seems pretty
+simple, a person may be either explicitly allowed or have a role that enables access. For example, 
+`person_allowed` may be equal to `True` if `user=mike OR role=SuperUser`. 
+
+![](../../assets/lock-cedarling-diagram-3.jpg)
+
+The Action, Resource and Context is sent by the application in the authorization request. This 
+is where developers need to map security in their application to actions and resources. For 
+example, in the diagram above the application may have a policy that restricts access to Button 21 
+to users with the Admin Role during business hours when they are not using a VPN. 
+
+## Cedarling Token Validation
+
+The Cedarling can validate the signatures of the JWTs for developers, by setting the `SIGNATURE_VALIDATION` 
+environment variable to `True`. For testing, developers can set this property to `False` and submit
+an unsigned JWT. Or developers may prefer to validate the signatures in code. 
+
+On initiatilization, the Cedarling downloads the public keys of the Trusted IDPs specified in the 
+Cedarling policy store. Because all JWT's have an `iss` claim, this is used to deterimne which keys 
+to use for token signature validation. 
+
+In an enterprise deployment, the Cedarling can also check if a JWT has been revoked. The Cedarling
+uses a mechanism described in the [OAuth Status Lists](https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/)
+draft. This might be handy for use cases where a token revocation needs to be communicated 
+immediately, such as an account takeover situation, or an implementation of a one-time transactions
+in a cluster of web servers. Jans Auth Server supports the [Global Token Revocation](https://datatracker.ietf.org/doc/draft-parecki-oauth-global-token-revocation/) OAuth draft. This is how a client can inform the OAuth Server that a given token should be revoked. 
+
+![](../../assets/lock-cedarling-diagram-4.jpg)
+
+## Policy Authoring 
+
+The eaisest way to author your policy store is to use the Policy Designer in [Agama Lab](https://cloud.gluu.org/agama-lab). This tool helps you define the policies, schema and trusted IDPs and
+to publish a policy store to Github. 
+
+## Testing the Cedarling
+
+To call the Cedarling from your JavaScript application
+
+```
+input = { 
+           "access_token": ["..."], 
+           "id_token": "...", 
+           "userinfo_token": ["..."], 
+           "tx_token": ["..."],
+           "resource": "ChessApp",
+           "action": "Execute",
+           "context": {
+                       "ip_address": "54.9.21.201",
+                       "network_type": "VPN",
+                       "user_agent": "Chrome 125.0.6422.77 (Official Build) (arm64)",
+                       "time": "1719266610.98636",
+                      }
+         }
+
+decision_result = authz(input)
+
+```
+
+## Cedarling Bootstrap Properties
+
+* **`APPLICATION_NAME`** : Human friendly identifier for this application
+
+* **`LOCK`** : Enabled | Disabled. If Enabled, the Cedarling will connect to the Lock Master for policies, and subscribe for SSE events. 
+
+* **`POLICY_STORE_URI`** : Location of policy store JSON, used if policy store is not local, or retreived from Lock Master.
+
+* **`LOCK_MASTER_CONFIGURATION_URI`** : Required if `LOCK` == `Enabled`. URI where Cedarling can get JSON file with all required metadata about Lock Master, i.e. `.well-known/lock-master-configuration`.
+
+* **`LOCK_SSA_JWT`** : SSA for DCR in a Lock Master deployment. The Cedarling will validate this SSA JWT prior to DCR.
+
+* **`POLICY_STORE_ID`** : The identifier of the policy stored needed only for Lock Master deployments.
+
+* **`LOG_LEVEL`** : Controls the verbosity of Cedar logging.
+
+* **`AUDIT_LOG_INTERVAL`** : How often to send log messages to Lock Master (0 to turn off trasmission)
+
+* **`AUDIT_HEALTH_INTERVAL`** : How often to send health messages to Lock Master (0 to turn off transmission)
+
+* **`AUDIT_TELEMETRY_INTERVAL`** : How often to send telemetry messages to Lock Master (0 to turn off transmission)
+
+* **`DYNAMIC_CONFIGURATION`** : Enabled | Disabled, controls whether Cedarling should listen for SSE config updates
+
+* **`GET_TOKEN_STATUS_LIST_UPDATES`** : Whether the Cedarling should register for SSE updates for Lock Master deployments.
+
+* **`SIGNATURE_ALGORITHMS_SUPPORTED`** : ....
+
+* **`SIGNATURE_VALIDATION`** : Enabled | Disabled 
+
+* **`REQUIRE_AUD_VALIDATION`** : Enabled | Disabled. Controls if Cedarling will discard id_token without an access token with the corresponding client_id.
+
diff --git a/docs/admin/lock/lock-master.md b/docs/admin/lock/lock-master.md
index 5f00f673e7f..75680f16c48 100644
--- a/docs/admin/lock/lock-master.md
+++ b/docs/admin/lock/lock-master.md
@@ -1,2 +1,24 @@
+---
+tags:
+  - administration
+  - lock
+  - authorization / authz
+  - Cedar
+  - Cedarling
+---
+
 # Lock Master
 
+## Jans Lock Overview
+
+This content is in progress
+
+The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
+
+## Have questions in the meantime?
+
+While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
+
+## Want to contribute?
+
+If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/assets/lock-cedarling-diagram-1.jpg b/docs/assets/lock-cedarling-diagram-1.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..93a9520c6630d365722c20b28445cceb034ffcc9
GIT binary patch
literal 62314
zcmeFZ1yozz)-D_hMM|+!TwA0#g%T`KN^vMq+)Hr@?pi3cKyjydad%0AJH=fS+=>L(
z0_9K7`M&eM?-~EO_q+c;u8nb4M)sad_L?&@Yp*@moX^^Kvv<n?LV0O9X#g4;0Dy-2
z0Pa@NX5}O#4Bx6MOUu2H`g_H904iZT2LNpCT%1&8Uejyq=+a{?|NV;Jbw(!64!_U;
zBBA;{pZ?uD05HM%FWUUKig8TMoJ~*-4pCo5Clqs(u#ZvnV~fAjEWc^vztbYWX?GU~
z7gU?KziB6RRS6VrilSL8{zM!9i8gU?`rSSp)kehD#`QO^-|4r+56$c})KF(^)R!9I
z3{VBg0ABz8{ir-D*=GX)f@c5#dh{P<#>oHx<TC(3KL1A<<2L|+;1d8)Kk`S}A3AX`
zax(f`cNnPSJ#%va;J5$)z|#Q$h(`f{2YP?2LmmEwZ1kuqYLr~|sE-A}24DuD2gm{J
z044w~6vYd84&VXs-@ySA0Q7sm)9)iXDq&z^{7%@InD;Spupd0Y!N$RP@Q~o)16+Ju
z92`6%JbVH|LL$Nk4<8XfA|yu9gugpM`+X%k1~%$KLR=hNRO$a<x@!XvVc(Oy*MyGt
z6mX9S4V?(>t_wheQa3sP9qso}{Eu`W6AQ)X9?tJ-b3y=$F-mSsLL4kiTr3Q9G{8M{
z3{(@MM^CVcc^;EK6`z<SAtUD%P|?uTa*Iz$Osbv2VNf@6bdReW;}?9b{V}GV@dZ%T
zc$`no!pS8zE3dj{jY+~JAn;Q=vuo9%q^vWF4;704J(LvxDFf<^aUaDM4GUE%LIk*n
zhJNq<J&b!;I4D_Bm1rm-h@SA=e<ZGA^wg2~V@wtUFXm&$*Q!;ABrlAe0%Eh<$ErJy
z#_#3<4}XhHgiZty1Kg@fN}>@FVo1IsA_DwxB1!z1hO73J>O&XY1ccc3c@#xONUx;~
zd?F)>$zwKZ$7FS<le4KBjT$@dwS^{c*M)f}B;P)0x+?avHD25>_j_IO(%K)Eo&Tq7
zMyfUhrjt2ZGLrI*%d+TC*@FCO&V5abQ?`@MLfjNKi$AhOf9m<(=D!*JTXp|2%>F$X
z{^#6BrP_5=6yGa2dw=M86;$|g)Wvi<R%z+|{BGi76Eo=gh64;W;CtmSM{N>Y^9?)1
z|LIdeNXWgX^eB?eY-TQw?6T&=wMLQt6z}d{U)YUKt8einY92tf$^wOET)34BkR})X
zcsH-92K~j_)ze3PAyC!ZX}JZZ7R}(pm}i@;vTAzNg0t3>6DvR}8byc&Y}*sZsw|fm
zrV)cGOukiFo8m=ww?A|cg?oDwJi6Br%H3>Zvba&P?sx~lIM5@%fPt^5{o2u3{?Dzj
z=#J78KksIIABCLrnb+Q7k8u5_%n{x7z1ZjxD6GWv^O`^L$a@n;`&n#SMvUseDfdr$
z{x6dciek;{_yj_#ICMw31+KD42tH4^@}0hYBw=2ZWI+lX1_$a+!}dAdI?Z7n(?z=P
zdZyG&wYG2A;E{4Jk?wT*6bh<8we@~tynX(0ZiRS_1ucKtBX!~R#plUJ2-Fw1#Q#I&
z_I~gkz)$TqROZp(Y9Di1?F^i`){xUIy8#ZGzu>7@3ea9$RF(Wi=FnujtB(y%(d7tD
zNaCp#4h&eZ@}W%GX@HB$5P-K0q=3qwkwF6rr0{b`nntB%*$r5lHeymU1=n=Odt(&(
z7XIE_d#f(hae!f=Uog3A@mcz<^DBJkz&8&0)1G<@(ifj6K!1}e?YC4xekh^7gjChd
z2c{cXH?gHqHn59|k%3wDr0|pjkyr{ET-R=g5!aYA>i5;ChOEIAk5+XQzv)yQc34y3
zn(r3vzQ@2)ROA}s2J3GI1Bbx#`U^e7;P4==gi&J`BK6636)g>|=lNM#`IatcanZ7o
z&t<9hW**7mfpxb8{c+wleCrvXFoFCKp@h51fg`a9^mQ~;`*l)(K2&RpnOhEA#og!U
zZ`CT6()z>!J>!d4bbs$_ASGe$aC5^K9dYgENc++W$@<zUey6mDozs1e>BQEeM>fgT
z0=wt&X?zATveAA$t~U)+req4apJni6PNIo<Oin_@!Gm@p-{#QYxB08|?WfBtPMwJ9
z$P48#3(`W)sk5xb;Az!C)9eaoapxQ(2mHvlqxvQen`oTQmj-n(HP??3QHm8anl@~u
zljV(LVm}p&@^4)9=!m%9+i&4B^yKMHecsT9tAA3BljEygUHr1;UVbyzKUYvhxf;K>
zEx($!j?mP#XOpv@=GV0y2p65ur5mWIVdg$EzdbKeg%$s0icqoqt9_&XubQGcqpTpQ
zd9iV_)}P)l2kynIxJ8|QKKPX}Qr+fnlKJDxZ~JV?I)Pi$#O3)Ab%0P&U^w@lGqr~g
zb7Pke9XWk~IL6~%v9aSjz{GCL6kGf&m(qk-1ji)FNzhpxU)7smM3t+~XrK?a{U;w_
zTUTxb<1eTiMwfP1dTi<`^&*Zx)~P<Qm{4%=WsDQ1_jq@Hb_9JSaEP`Pd#c2F^R?D*
zl=Tj9JYRFuDP!#{s@SleBpfRC%5Ik9GPlZ6aI)T$tzofJAUODwz*iByBea1Y|KYkd
zu>r>E8#>Bv?z2<=Fq+K~nnRVTm&}txhN{BFo)WSI_G;)0RS2Rd8$*UW!s2>A95`yY
zpeC+F`aJA|iL7OKh4_itg|a=84DJN{ebd0U!wh|cMz#;Yu?gXCT^#CHm=e~|^~25j
z!N>!Bv-oOVdH#^KAOZ5uv=u7M_94rK;jJ|TP~tQ2keB8e`NnZZeV+^styJ9j#CJwh
zEnNnnD2KhX`@=YQ;BffKjS8ci4F*IOJe*}FfXkn>-Mm@f>t~x^!3t{$C_*L*W`$Qj
za5yJD;@4Sd^V<xp+Ea6O2@c9sIDB&+NM6`7W$x;7Uaz7uIE(0?seZM2@0T7<wzE)7
z<yI?a(gL^40JB=k2CTk(u8eFatj@)8{s}>>v<iGBoR|4hyond&F0^d7a6X#><{ql;
z<(t4-o84#CF(dt%{-yx7S~<elU7Ia$h4^XJW)Vo}{ObPaUJJov7QClx<6IE(`VB`5
zN>??r?>u2H0&ej8{lX!;g}L#POp$I7qnhF2`%O{iH|GhxXT@h~iL+IMBZ^$)L;O0_
z6;+yw1|%}?Hf5&C3nBt<GF}fG<u+z=USQeu>OHqv)TdH$)l*3~FMugWs%e*<U#nLu
z(ulHyDPAlv#sc#WTt3k%0?;79Z@QI=TK&g2(pN<Z<Wr)Jc)Qm0X8Ag~u^XC~UiJM)
z43tm65@Aqr$5n(g6(MHNe?CoF8vHgy{ci6?-2r&B<o}XGWBJcU|K&%)Kc3XzG#a)G
zgqS*x@XCwV!VH;7TmwSM6jf|WSMXxr6*acVn&MeK@rOm>yLE{qE{&nd3y<Y7HA-aY
zvayLV<Y$(bF3s<o+jHFkQUhIkBUKG~2lHT4zovl2K}#6%^&nr_dpSp+T<g^M9+7Wh
z)|G}|D%#VLc5jq5W#5a488_q+$(x%Bm;z1*tzfu727I4m<{X)xX}qnCrrit{stET`
zvd6;T_*lM9IhOaNQ87c8bw`Y$D6{A{TMOjh*}6*JzZWy3DBZ_-@ukdFb5FOIrzD4@
zvVk%z-2%tP=}c+vsFU0|gaB>C6I_qx-yp+N_wL7jtxylAG&>kMCa0idzxL48m-xG*
z3H2)Foc4KeCDh-CKUVPaGmP}w>ljiroan`OZuMj0;;49mZ%E)VgCoB5(G;)&tUhxV
zT%-7S8jP7Ly@*?`BVk@l+Y-9}Yo!R>WV@5U;wW|^j@2a}RbE~^MOmz;m>-l+txB<4
z4Ap1*=JGPc)sDan2%@VQz?~nz!p7sgU$(l+)bNOvrvdWq7t;e<<s2tPZdR5uEopeK
zO^gNjUBjj8&NJE~sr(!M^;2JmMDOK%1K(sGzc7J=I^BdJHLjMyudUsw7xQKEn<WGP
zu*Cj8EOJbNDx*7#+!`;;oI!{dncC+qTKm?vrXCOP!#$ok*LOxg`?`2slw@fB#&C7$
z8mXC!aR=~my94y?X9A}@`3@qNu0$s`8!DLdh|tKEXj+fG3x-_ZDf-Nsz8G;UAsnH0
zo~}DO8-4jqC_95RuHz6NUK=^`C{Yqar<XI$Ni?b=sx;;pR;ACzU{9Q;ze+jdFTj`~
z(UZQfcL!i;@Y&Ybc$`fySY-7rJ1;0QIgPNL$~dAiu46jFA8{fQup#-1>|N}F{Wq8W
ztgM23Aa8@`AP+D|hXA}#d6?#7dSdYD6&aos35{NsuL0u=;S6y;X4%egdw~Du!K@pj
zozMw;G9fiE-o^ca6-&wXlcIunhrY*S!BuPXoFbtcd+TIpe=M<ID{2q8Noj~Gikjr4
zgeHgk@Hq{RZ}tf}EJT2ax)zsg6|?Vgw}AZCFO*Yuno`_*?Qb%+PYkr;R73p3{!mo<
z5&RDDtifkSV|_B4{^|7^<d?F`Re4EY!5?}BvV>r_Tq5rPaSJcO#m82EC|3UIzj^#y
zSO5KS#S%9o;W+)!N!LyNxkQ8^<%+0C^dkceF#MD3sJ;j>j0!p63!z&4^AfDw^6zW3
z|9oIPNOnCp?f%8F)G}qQ1$@(R&1-xIAhlnzuA}F&M6K!~>kP{-iguqu6sGG##fjHx
z>xSXZ9X{{9t)&2x`Wi1DSbJJikFO9@A7e!sHJ~Su$&Yw^YZ;Yssvl$wQvNyQ9#KyF
zl*|<%`SwDjm9l1-wVW)3A$}hh^MDf$U%?8#eoKs<<$c_vNM0U!fWGQd_Q_`7Y|A#N
zH#6#5=vv+ijdb^fF~!n$dcOZe`AMkOEAnYzXRV{`W`Owmt7pde+drB+7waa@<6CrG
z%LE>PH7O)qO1X$+Bp#0^M)Yx6a)CZL$r*?jCJF#H#}VH}+8^6*`p2KXTRG6(zLq!S
z$OuD-?iz?$DQqMSB{A0-W^(YU%FboYwov5ow0=4Vnaqm`C%%&U$?b4a=5m|Iov19e
zPkUCLS(|s<uR=)l;UAaBjd=$*gA0(XKGpG(7>3yw1YR@B^Qu>-fAIP}d;TG=C>hjy
zy5Ylk(g3UEzZv|;-|=r1{r?+9Ji0=C;S1zTRM4UY$T`2N^7(y4R(UQ=jkh|~h(meF
z0w9jzL?1Xv=t=1Lc~-^E9<%y{*ppZIsAGw6HGr(~8nHz;E`RUdA3mFM>p#yBe1COE
z-~aQ3!JhIbn<SbHn6N{eb#`kT&@Q$LtIp30p1HO$I&ZF7+oNuDeO6V?SB1m}2Xzra
z8RoSY{ru&OVlKdM?0jKc?v>7b>z7gWOO}_71R>E3RUA7NkMaxi3%-SZQx_3Qf=1L+
zc_i%OPkJFzPT~6JvrkNNyf0^umAS`jO8xMgO-Bbr%c5b?P@WqnhZ6=@kG4aRK)UY~
zj?iAfC&}|ieG-xDPV4><b0Lh`p@bP(*0~p{3>0n0uQvU7M~Yp8Hq?|kL8X&JkE#Y4
zW%u<W5)MSFwbse6k<*)%gWKANwEIMrB3GsTwwwd>L2~P%sR8^+jaI?$sp2urSrcYf
z>ux9Byoo=ydFG#qDSZdHbU32B1K_&WEV6Ld5+TZJaGu2dsxept2Zwz2*R~OO7`Z&)
z+Q9V;l)C6^V|xVao!6@eMvR(}PQ!nQJHC8e4fRkJgTI{Fq~*STOC%f<Gr4w7&+_ia
z4w!C=S2{|Yf1%g+il*_wa8)?wTKrq}cXa9|@41NZ0+;wQUd{k8fAMN8X>n?hOp~)0
z!5OYYjkhVsphQq-N4l>cZ$A}^;HucV=}B-vf)uFUJBO?GEYj<4JrYO%N*{+rt&?jX
z__{rdn@?{xNGwZxHdB>mi}lOdo$kDBwb$@RUPkDuEOR!dEHbDw<RkRg?G#Q!(;P3R
z3`vUw*n`Nn{>0IKw~emAj@CEzU{zQ5Ub^Esn+2-V_B+7G;t}v2Kw8!B4uE|JIQ*;)
zy(W2a2bh0<2WXoTwSmF)Y;(cokJ~~RFevnX72f>7re6K@wk7UqPV$&0Z#^lNzrc#y
z5a&`4HchZ2d=92XqA~(5EU202y>I$Rtg&bWml5OV9l(;^34IW{2-))R<<DNQb^!IL
zz3)9yXk@pGHCQvs&a+v@{ucV$fIgy;mZ)Qtrc$)=jiIZF`q~sn@mQ2eS$U1BF-OB&
zfiZH1hpW4|Y`u@ox}cG?rEw6<U%>a2pg26<NyLlBvUGULJ9`029N{_P!nG0yo-fLn
zE1f^}pR{>=F?8J4G*QUpJyBM(^v&1^>JCQ?Y(%Sz^SypO_rxCSVFZ`A_$nvJ&gT^&
zyY`1xi?_zQuC@(UXBu|^=0W7yqwxmzc%la%F&qU)o~+<~sQ@EZL3-`=!;Gw<EpdEq
z-XwlLU(GZsSRjV1j#qm%THRCi`FTOIj6e&^F0P1jckNg3Psea$OPal%MUuoHJ=}_<
z+*}e-^9Smcl~c+HSC^P>r6rtOZ67DnSm_~pL4gmFA03lqfLz5<O#S7&#=tpd4fpI)
z*qn9I;CXSFF9$QrkAd}w5rWwx*Q~$}^hEeKu5&!u!E)%v&-zw*E_L_D=O$T@UOno`
z3+CpgH?BbKdqSA-Bd0^9wi6InhN5qip{vCG&cfniWO!a~CTpt%iA0XW=kT5P0Wy64
z=fYO{`V-&JM1$=#kX++sk`wbH^9M%XdN?$a_P2afY0b<O70ZLP=Oxx-u7U9H27}V0
z0I;`@YQj%&p~hrNn3n*E!;{}YLeZ+eIZhFA$`{k#w$^2`1`dy%{0_jUI`ht0@c-21
z`r<_x?FSRP?g|~#tEuCb;xY7{2p~!I4CYveS;{Mu0&p^UG#<n|7j#cOfm;rw|5f9I
zxJsxd|AkC6gd}u8S?lp;`R3sSwWHERo3_N4HINPEzD%^Jui_YP*;11%kGE~)nOSF1
zZnm44Z(%H(T>F=pZl0al!>vlbV{h5n^m@hv&AL;kNqH*K;S|cW*Gq;931jAoPwY*r
z-d2|jUed`iKJl*xh!AeZu6>WjUqQ2PaS3Q$flkY~51*!NSyuFBWf$#R?k1}#>)=T#
z&@ZwjR`NCHT_=(T-d;yyfzQ8%7tIpna(*|hd#u<nI@WL{|1>r@q;7oZ`9dXB1oO~l
z4TjuXisGDzu$vrIcvimwX>tot$g1xJ*QzQoY_q1`*H;_hsQKE^D|^^6itZuZ2}c+#
z1Q-m%YSg^*qekmj?JB=|EG*EBf~f?^2nYzUu;Cv#FOF=7&@^cnS-^)kN=NTIcfrRG
zd#sDSaEW)a{j24*gzA`emX>+KS6-6B)8WhKNbrQBvYoezPqlvOquJw!b{<AB_>vlp
z0y(n<HLuJI5wa>ImPsWj09%K|P+C7lM2pa~pxZtvO?AaBL&0oNj;Wy~vED-L<1ojn
zP5Ax1g5dYa3j|to>%9qIxpv3B(5)z4zT>f&#o{6Z1>4+g7tMKj%gF9(1!5|`ancqo
zJLEjIG@LKmKd$dA<5nT@UDX>bMRwjf9*-v}7kuv6+f+(s7F16|M2JN``!{~FMcTvW
zTsLR*n)kO9jV5gQD!y|COenj<)Mm6~Y)*yZ@YaGP7z~<vO_q`Mh|5N|okhMofEJI<
z4EOii;tHyiRDLs&>aeC7>1#86NAjPuo#ZR*vU3P7cn5lS%MIVWW63P7fyUPr2#8ii
zD|(*AvZ5t?@Tb7bhJ?@I#YSHusqdG&9qnNs5wD^pS`Q{KM!%gj;ze*k1{)4YxpAo#
z*leeizE<bPc0zf&sYmd!x+cCKt2g5fANSLE4OXSaJ%Q<SXq9ZN&X}3m+SJhuso8s*
z@<`JvqrV}cI);BJ^_E8#P*V7HbARpbebO{K(`y#F?ONi)gmk%RxB~cm{M_jJCO9I(
z(Vd9v*(Vl-3z@Xl8j^mKDpS(N4~iNYQybF{riWNeiIk?LO%fJ#ob^q11;DzS`xGNR
zfWlR;=G3X(cg|^2qCH0uy%GBR{2&JQ#d)jc?2@3gAu18(x&t01aXiK(qBT7quK_Sr
zpYP{_ab2Gwv#%nPkK`LlmLi5v@>h)O?)0!yyp2W()$!bG<A&EmLW3MI&^|wur_>%@
z5UH>k-E+cjO~n`2M0$w*9gNr_!#6#Kr(~Tvbg-`$4ISUS+m>_6sZH54!A!~8-#3z<
z|6;+#ZRzM^ZbiOW^=+TQ4eoyry(D$V+)A<d%&WxiJKO5S&C@%8%ooIuWKcIyMti2d
zI$s*S!{A|!<QNnby=Y?RRc=&DaX(W<DcR_!y-MstGgjm=EtjL}tJyad;la&F5fCZF
z_9LRT5+Glq<HcyTJYf{IelGuDuRMS01(-Xv`PkhhYuIJTaTW^PKa{gX@Y#W07q2BY
zTldt(F4=xNFy4*UtvwG7{n20CH>a%HGyP^-fjXP(Wlg)0gEK%xnRe`zLGJeRKIH7y
zx1XLa<;_cWb<-4kw-eOPZxO7zf~(#m{(3MgZUmr1UwXMtpKndA_=LUrg1C=I=%_S~
z_IX43$Fn!Z5r>20#)+&c0B>cSrD*zNk!dFH3B<v@ewSe?v;F~{<R#wJU*dX<+1kj1
zqLidi?bJ$cuyDNtmW?ckrb)qQLZ9k+*1)l%+$2TWo2GRl)v<O78}Idi&_n<-by~EH
z+dJ)8-{TdA)4ChLisdh%!~a~C{=-fA&oM8SMwy?lFYW-!7IW`aL%GI&MK`0I`E%#m
zgoI@O@L%OQ|0RO(Uk^`KBr`;6FFY;<&mQV-LhYytEE#&p#_69pB8;ObV`23dM9Nw$
z2{D<sb8zEPACvhzz)$t@rvRw+3Xm^Ot*(v2#2M`+XU{+~A(7xT(7uNgnU!TvoL-Zk
z+}V+^ICrx+dgSM+`aOgo=`Z%LdP!oeiAGI>mz=dFw9zD@eGm(d))w<q06srwFovev
z>v9L6>t(hz5K&dv5coi`>9)~${mKSw8~$O@x<ADKV`X(fD_vx#=5+s#pq`WldOMaI
zVBx#SIS7kj@U?qb$n{5sJAnEffaIB;RUIPCz_EUOiuBkjg|yXv3~FF^Ru$!)*c#J&
zLrCLsn5N1~#o@+g-uy`@7yWzW2xXdz@2&~$1*acF)a5g;+1};>!|!XquyG{+-^=k&
z<JFy}qzpJ2xeE)xsgH-l$$DrYgy6<kAiQ(rESDMCVm;4+)6B8p9U#EHEZiGWcM~bL
z>>n@ne_};+VL?DK4y$!mq@}r0r0lw-^Sg0=PWof|NJ;JuAP`6*;u7z2)Q-XVFp}jf
zWe=Yl0E?bX;$K9fp;9DNU>XNo#-~L`AqIlsuAlv5DGlJ2jOmR+<x&4oEzX}5gx(A!
zp^-e)P?mcbr<x>;Lr2aP0<}?)+gxa$MXu`i|KAt%{=Y0n|36t=297Fms{9n`UMkFe
z=MVsaO>7Paf$iIhhSzcdEfwXT;kI2p-PAt%H<CTF=k52Mq$1WTQU0k)cuq{P8?3ez
zgU*KVaR}Ns;5UE}Kt%R|?Z1Ft{I~sn(%%g<hxED^#2>1uyTg2_iRFzguw3RZM8wNM
zft{5rTd+<3*^i!5WD68xFw)jE(_@@}P=A{U#^SDHz*jxW^y&Yge&5jlX!P&q|JKaE
z$IO4__Q1ydGfaZ<pdwD2r_(vV;Nu!)i>qRQ`x|Od@l2P#evd=U@*V)R@6EsE{ZH`F
zzZgG%Mq2z0K0#!zS*jZLe9*ZeY+;T04ls8y%d%~p(`U!`wv!-Bo%gVw&2zTBaU-Vd
za9<&E11%qg-Bev&+}ZR~w14T65f6nlz%nQFM$%CMf}%fVpXG6J?w4DfPM>Va{>E<p
zk(Jw42=gvUz6Ca2jsFd<_eb_mJ^u|P`oD<LzzZAZxi4@|$N<d&XJolZP&eSkMv{EU
z0`-i%cAm*<V%DIy0d<rWz7>^_^*=>S{-tU9-?d%;<R1N}knNw*bEt0q6pH<;DSK}d
z74Xl0@7JF$b2)^y54MICn`7M+P5On8e%P!>focD4OgE4XoF!4#4|sg%il6?;;zp2>
z{i-KGsXgbz3~?pEnb9AOo#nL#W7hq|bJ-r}2tnA;3MU-&qv)-f&IjF&Jpo$&;-@~i
z<>GJ7ai~^Z)QyIc+wK5I1~^ClTJY!L*_EzILn<vVUn?EKt+p+f@s=v_%Z}Y_1bB%D
z96RzsOv>_S3}kT4JHTp+a;H^!7tm`5{5mbS@ki24imj(y0Rr~4Kn%Tk0*xt2%}Liv
z94n}BVp?+Fr!$pNU%&Tfh27F30bTZdQj~hgf#4awob5v{SJ(7~A@vUI^&Po1-F+F~
zIi6>q;V+z~vuh%h_pQ5IMtJ;=<;A#cTG|)oGcP7{lU%=WUqZMuxyYP$LfP8mXL&=+
z68juY_wyYh^Ra+q%5RPZ9;T3eWK@D@;?7S%zQ`9Qunxzku`#FoI5ll>eWJ<cGH-RJ
z`z<64{dq{p1M@OJros;|Ofp+6r-syk;44mvqg3kK6X}0`u40F6jF?~%BPemuo!mB+
z+WfrGw^0ag?RTsta|uhi8f%K+XSw{kTt9Zc&H|zxfO(Cry@Lr2zhRSq8b2H$Z6sOK
zfPU?T@-`5cqZ{e|(C`^-D$Q#R5vwc;R7{Ufik-PfIbYOkaoUg2Bq>QYOMS3SQjmQA
zxP?vE<GKEK;JBT~I<Ov}6d)9<9O3~H@n<p->PgezJd8;fb}j)br3`p6MkTr!w(>5|
z$;b^Exe~5&eV&=7P!0gxSZH+sK$$ut4gyqmR&U0`>koX(>(=JiO5-k=BvzJ%h(!Ps
zkjLdNctlAyvQ~#sw^>?nl%lYTY3zoBRN+Oxc4=h9s!XrM3h>$k>*#&P;-W!n*(TD>
z+%LG(yUp%IV_evz8?iB(64Hb8c6R^=^=2R-D-0RC8Se4W2rPEFKEZl~+F27<vOV_p
z?qOpjk-_VqX}Ym;3Is7`&8IqkGFzAe{Lw$rXQceLfu$rff*+j=IVsQ$r)c%+hJEy(
zz-fAkq8wY=DmE3fFLrJCX5bdGWjcjb8eJXzfw6q#>y8^eUNMz!%jg3ghswMQrz}Up
z3X%`wIAFat5krf@4-_-s9^Lx;3#@yHqx<QTJ^L^*3eTxECWYu0QS>bToVk!(8F6&3
zr?x}ya0DfR=4YMWZgsIu<gmO`SYd8v<=@JD`OCqAicPJA0xq-4cdMA26-B%7Ja40h
zK1z{SadAm`$S~pvT6Hw^VcDBnM5_D~5%PrQ6Kw|>Cv)<WNqN5OKrVmz17dnxg&@hE
z27X%o_h%rRi7HT(UTcI+-RX-h{t#Yo4R&9${5t?+MP3AgGd?0JKwrWW%kiFanWNRF
zkjw?-K2)69z&EFcB3Qd$oZYlICdYPuI-=cSs}+mxwkZqPZ8@WwrP7}fA=e~TAvCe@
z=+Vj)D|9M9M^r6TC(*}5Ye6)8mwAl3g0`_G;g-J6_Ou34mKVJq7y^lQHn=Q<STWQj
z4%<h$K3w4c{>(HYdz-9yQ#t}d!SIe!b_2SDTHu|cb0$*nV#l_>W=x33w|N_S&Ic9s
zCnW=5uQ)3cSTM)(W7s^gp)}EQEH&$V5};?QKD^T{q6#T1e19Y~1`Vp22ONEHb6$<}
zmiVFx3ok7ez}Zdv(O7!EXH{2Xr1U8Pp_<0m1N6-hIYYuSSAGILzUL<<7U<XI^3%JQ
z7W8HBNPIkt#1C|9G#0vdKp_J1_jJmLO3up`X4ZC{(dBZ|P$%DvH&r3R_4_6$oK?RT
z<0(QPAPey4^fVhjag5BNiH%A0_OX4=yM+4+Ew9o333b|{_aUSmZg23t2)-#313%`v
z<eb7Usg`Z)ccg+dG46qJJh?51BHFtbDd2Ih=HP_+5?{JU(}ji=+jG|wX<-8!KN5Ko
zYl<lKg^I_Du)A5AC-wR#$aVHl(m46{)HrS_oVaooy|-yfRxO+fC)UGP-k*o1<E)B(
z0|>w~;29fQ(z@I4omqd%f<;vKJgA)n5u-?$9R?r<=`XX5`?kj!*Ia=-^r_YE+Lvl&
znJ0&9ONq<pqK$U|xyJK|bCGyj`^?GtB@N>qhJwT+TuMVGEyAEQ=)Hxu&0}46DyQ=i
z&V<?uPR=qC3z5zir={EV;)uMd?wO9aUDqZ!T(?y>H|qoJe3W;9aFcNZr+3i}y?R>R
zZL_wJ<);|ujzXi4rjMCM+}i9RFCdT21#-y-KGV$5H=c$})$1aUfDvZ=GE}*)uMo`<
z&e>>)a9i|Gc3ZYk`p@Z0_9?p&rXvF-+yW9h>}|lu$F9+Wj<n>1CT+`0Ri7K3sgp`p
zD%Y=Q)AS0f+2ed^eMNw3O`TKH7H79=vx|ComvZpBthRdq^>cms0;2dl+rb3BBeE#9
z?PLp~BS_r0RsE+)xCL16-X?W{c?}zC?TLDxH*N{<nI}dN*DZaekQz79Nd`3$D|0D4
zb_T+UAvl4VCQZ!y6CG~Pj2nQrwD$bo;haq_#gjYMI2(TGd3}11yFY#lI*Ia69}zgF
z2@H0}E2~j~AB95coO1)VeLi-0(4S3CZ}W@riXx!vb8SKX*c%XnXJ3npVOxoM5#zN(
zBB>M>(H~n7{^u!JA^7@t03nrf=xO12IJoynZJsl?b!e-n#hVg&DPp10AKr>rHm}%f
zPwP-K!LAzTJf7A+;YK(EHm^{7y}ClfarFXy1K?Kg)~3BGfd8b-4IY#p^(k+gPqT*E
zCT8`P2^c_msm++O<n*0<1~abG!N&m!sn_cPp{=mL?%}wQErhGNrX&WEGv#}MbHszp
z?Z5N03P}nsw2~qh;E!hTLgV^AyFIh9rKPdnSMb?G1;4Uroag19B{Mco2fV3R_+}&I
zG;i?W!Vq5zxWOGXt*?7ljwlzL7*K#0<=0W!f1!MALieTG^Ym&{S@=@tgV$rQfOJ~C
zp6>OQY?(fAgj!nICniAf3NN|qJrkVfhBN5bc*T!ATGx=%5a_ZFziZN>6+DQ4&&nR6
zv}^N1PM-n%RhP0CpZq&My6@$+04K`s_-3m4eg5$B;BhWlkixTvxsNXF<~##;zXBZK
zpL4z<H4t`J649r<P<_r-Bl3v{vKe#6&eVPPr=9dhV&EapR-7-NsxQ)Y*?I&&%~2_!
zTkviczUU3!7jLP8R;#(bPf0r9N;ySlvd^XNJY~=R`t<3&KS#*_f}vqg`6npezcK+)
z7V}g32gx7r0Bo*wYkYLDvf|C6uXM)+D!*QcU#HCfedk07e){IFjB%}&As4}N9z;z+
z3j{$A5}emxgVE!^I*%sNBj_pKH_sFte&TY`?{ATtm+sFyMBFxyoeaZ^=HruN-Wc{H
z#PSE`B&oOd^Ykl#d|l^HY_b{PAyZx3u*)dbKDU>P{Zl$x%Jw-KE#*q(4=fk>DrPfC
z`RtTBlh+B1t3Ktuo)Y#;v8@o4vuu)sWL)+-wKzt2=NEs_X1p<jl$<<H1X+kinyP~g
zq8NrbPm@Wd5)5qPrw;kEsYHvVC-}*8(FSd5AfAToG6clQ4CG47e36S=dFH}P52%KX
zsCrEr_ZwR6e`!q$6<mvJ_s=heIh1Hkwgw3)Y$87Nl@Dd~Y_3+T<tdNf0YbIy*W+7|
zFSp4sP`*uhgzwD`x96wfBT&mgnoo0CPI}I@+k%fmpkW#3ZspDX5&9aUJ`%|TolvM0
z;qcyAbc?vwpA(o(znE)!>4U5D(@3M>7t4yTTHG~l!^PV(rC9I{@4!zW$pt9cob1PB
zc(b-0clA17qj1IwuKS~pEu)i_wli(+n;q^nWt?uq1~;f^|I$lQIS*ek=iy(~4+;gA
z3X8t%hk8Jc4&{3xesm9vu85rm%@<-GJR57N2V7abJKUP+7m_0mK|0e?Ps|M!MDM+Y
zqTeT31J=|=_v?S2=o(-3p$ygaL`dJJ4sakKzm{L=nNh}NseZN}QrN2*V9J;S(~v?J
zQnJ__E0mh)1~h!%31uHG;cS&mfS#_0gjUv|EX#cBnPc7HHGZM%%?SOe7n-fHlVTKA
zBTIbNn}4=CpK`~Z*VYQPk<p~!AVKz(zuNp@Xs4BSiC-h7oVtG0=-X|*>*IlSOG)vm
z5z%S1tU4@qTp}plQLbg^9YD&SJ*Yf3r6tjt^1BXDRMIX~dr<&9yHb-PQ!D-iO?He^
zK1{umk|RI~6JdlhTA)1(^|lg#RR>!7Wr?;UN81rI-*>OOci6r7z=+vAn|0%4s`;nR
z2n8LCsHZq`ViOVYsxDLjCLB3vyE}=MP)WBH6LSZ+$h@+7SM*M^%`Zb*<_@svw^8Ml
z_fMN8JudQ*_4%#pr~TRZ6#;>i{l(_19`^p$dydCTwMVjx5+~ORvkJIVHZn9r4f5Lw
zNzWh;=DChfa2j&h*X|=rD{b73uzEc0tH1c#?UxlugZkcQcI>a2c*}3<N#!542%pKs
z+$XWhC&`XAQPS6D-WkCnq>AaDYZ-w5^nLs_O6FR-DCThJhg>29?iW9uw+h*K^u%2T
z>;QOWf^*klsXcbBoKX*QH6=hUQ|J@4$x+Pqs?kZh4HdImZ<x`aAG2&#GtTRvC<rs3
zwCNRBd~yfi@1vxq7HpD;KFe{0s;3DA`k6Uv6sb)y4b%_a0mQ1t9hb(<dL}J9GM-R4
zTc3f=^7*{34plkHU&^>9H8AG5K6Zw_)J@qU<_m<cAex8o02#Wl^hKs<Y3BW=jBn5*
ze&*+D0^P7xPLovV-fHy8l1ZP;0@&%2%Rb=Nwb-mbVJIPAAaUXVwj3+i8?b4Ik9d_K
zRla20Qa;5md(_yIHQlXlTK`<xz%ticm+5P3+Q)UFp-9Dxje59P#&WSW59CvU(llKd
zjb2en$3kvxKQic0HnX>AfNf%s=~FzY`H{WP%PWNzT)a%afD_HV*VZ03rRDiNqwbHd
z<%m0#iPotgVV^$MubIq~eDE>evP<iW)q1O|$B~9#US0~m&RhG%;pq5X2@x2kw1g;{
z*BO6Jm0_k3CiSu1u3kTvuxCf$rB|Z7C-4{=u}=Hc4Flghy<Yd+FBHL*PzwnYr6@|1
zLDcln_GDBzZ9>VSg&r+SUuQf)vep#PGMOBuUQPtgnX_)?^OOslP*SqJF2HWSB#!C`
zpLUv08WHLk(LVuKs6HcTG~owzIjDItsfl(E=EXK>|16Y4oY@kgcVQ9HlSQ<9ZdI|p
z;3{cRGbhN6UDLe|WZXqY6hw?TeCdrbRm311Yov7p`Flim`)KIc@Xs_vv9|Ux$>HOF
ztCcoeO5&G$kz6By6)mcB{zZ#wUtG`Nvy4xVbtby@d1y8kb=7mbIjY8wn=>~0YqzAZ
zwsVpV7WFbKHj<S5l^vD9Gb6i{;ajIgCvXvqYD0vz+>r7(qE^S7?+EgSDVz@89Jv*5
zaykW^e0)lFF0F6Gi-m=m9wwNg%m8JWaY(Wq$v6}=C}9n%mY3zskDcMjMZB*FwA{d_
z65%OG&5$___V?U3_|DY=jFh21vY46gRZ$s>dpn=>eZQr^u>&{Fhk*(*i`VDJ83ZR&
zTHtcBn5Ni1nolk&HuCiTkw5=J2aBge*%BYa>805HHRIe4zVc_db5cF!v<wMDe2E8A
ztqYV)Z1D{2+CVnXX>FfM+r2t(ml+w@t#=uZw%t^U5y^`ZlcXSb)gC$)^jb-}<(SGt
zz(RTx{W*EaG5h_aF%^q=nqD=frzTuJE8KphJwp6wW6mhF3A&T}3h2I0e)8e8gdtjD
zMtP`2hiA2HhLBJs-8pH7OwWUK(^CrYAj#z6=z2|WJBc^>{zlRASwzCOOD+&{WS*Mq
zWtG<WYWdl*I7^?^;nI2%#ERIWbImqc4#s&kvlZ32OYIAC1=Z@hdjvD(<wN;1%EvIL
z9;qkRScQ2%by32fJ#t9zSu@YD1>L9e94O(^A^g4<M>x;iK#4ijGrMkaia58QJ!yTp
zNZ48V#A%-ULjS=5Ew=`7o)K5{+vmbE1KlHDs%{87oE3Dtg--kpg~iG}r6^eW34*C|
z?9IctQGj5scM}&WzF8z9eZEbG8|%}hjD4Fcr@o;3N*%|L+)92`gj)w<=I8@WN5Vmw
z;3^&`rRT8bmA6%aL;%t<>4h(sT(~%)uhuFT;mC8N0O^k%TQ&ruFd7J>t0^9YO@gYI
zlkZI_AIbUdqJ;hW<^YS0`UK6T46a1D?<Yq>gT6MRLF^qclEg*y$I6(35s-T|z`eI?
zr+l&Y(YPU1*eg*hgg^exGqd|{^~z!6D%$xzwFw&KBxlSx>!xOdj8YG|sOf_M?+!6<
zq$2m|Ime4^Un_^Our_(+)^Cm(vp0Hel+{T?Cn|KsieOOgg|MY0KefHYugbm@M}CE^
z4XgONJ0ZpT$L~W`I&s~PUZZiiwMBgAau-eWkvGK2ShFT^f4QH5OH+*{2V{wgh-(UV
z=p`VUi^NLCgNHPy9<*`^KU~~a#LjM3?e_l0=qMv-uRn^-U@Y@6)!~=`kVG@kGf=}s
z3yRY%<nZu0)r7IW`<Z1`Y@vB&xbj>CN=DOW6YM|-rB82qL_aT`t`O`A)*1Hj2+v?#
zl1f`CZ}5Jf;IKu>Hs1^+|B)6usJe61WGIzhla}s26ue$jpWj^GW2Y>l_EG>iSrdD>
zMFx65zKTUa)k&>TPpx-fq0Lr{icY~hp?c@Ze&Y6!NZu&)>*9=lF51x2*UcHcC>}_-
zjbeEXxodWYa8v$|T_0yGeqmj~PgC3?{x>GAk2||IBaMbcUOC=-U0~Jfl#xi%5<Kco
z!zk=XBJwtQfjv;qB?cjx(P6-Fg)d<z-}#w&KZpIhG_dk0f@<O-yY}5rF$`M9@w(Xh
zxCGG`>8djqre_}(^EPOsC8eg*3MD1)|7l<F|7VOTpX4i&7wEs#cf@)u#hmpthSZ*m
zZ7Aj3m<L_}>;CTTc0}#alu_g~Q_mKBZ;~6czX#S8VEpAzR>Xf8MI~pJpg$K?-1pp?
zuveJDCo$g<5}-qJU&ZbYkgbLryk&n*oA1eSW!odl36Y#*Eq}bJADUNfV_8T8weg{k
zSbD2_37<#TV-EoVtR34ErcEi`3zJHaZ^jnN;}YjKzzm@Q8O5RQuX=*`$ohMNf?@k^
z>#f0`2ua|$H*N-*lYPUo6)uxD?sd4f@lL?j*{coE`K6wHCBVg%<yUSNkcm|-5KPgL
z+3k3gM4jKjpSb(ME!}=be|aL@TJc$$S?>y~XGbEXud2O8T{{sOzl#wO;p0?Laphn`
z0Zs9jfZk~J5ku=j{5!x4y(her<E?&F2-Ec7-plE9s9tv;m^*K(G$^@@M$s&CPE+Zo
zt1P8lzzJ?=OLT%fR1ULksgpU<WH+$+@bGkwDXJ*iYtuD}&BJu|4p8^F`uQ)5m^F>C
zp(xJpb#7OVJ;%ZG24=mMMMW~Wra|(3%ozsxMn<dQmB4baK21$v(C~`07rU2ZW1jFt
zY!siq>7wJ;{tVh=uT7zoMCTdeggkAPPx>&^G}RtQmJxP+P96@A4xoz)dE%?V67srr
z+dNlRsA?~08?paP{0S|!<emVB8}gambOKi)n_2=zgR{2P%60b7blK^EBCPmnEtKI~
z`GPg2?j|woawzh{RSs%<!&Jq39YK$c^TiM)?9ZqWT;3Tx=0@v;>P0x0EN4PuvY`rw
zlgwoiBfX6Re5FSk5wdzq%afmtJ|OrDwxb!P-@{tUuX~-q?n7>!wz5Et=ZGmSyRQK_
zJ{!iW$^7EQ{b=y0bajemjiOOp4?Si4ylSoVbC-QPgSYm<pqAZr)EqC^B{4i;M$sWB
zI^c)JduMl=;1eQbBzV{}So)^oUim?*6nDZw#!Gt3bOtIFYCEj3fY-00J)qdDdz-8N
zqYZM~Ho6i1BU%!Q-QHDoQ}Ie*8R`i1qv&f>p&SRS)0Cx=CO@eNrGqte+n{Zo=|!H~
zqV=^82Z@<?0M}<PEsU0lk+sD0Stwvh9{H*GY)`pvGg?L9kzMJIsfpLH9>2CMSNP=s
zWaVb)!AyvyXc*-bII?K2f>%bt!6Y~TTmGy>)6k;omh-BS<0@FXji%`p2Bx9^9Y7=;
zwNJ6>4lrPRCSNhOOm2&*@X|ykN>$3MXmuB?OQ8MhNeu*a+4i9AFDs9yfTn};GmXc-
zPfx3L!8OQX!Hjpk@)Imf`Ndt>H*cSvoZBv6dvi;23+--*Xrwc^qy)(?Zn$dlB#Kj~
zE36+bX&Hm12f-nX8Il14a9_xRCCnp_gEo)(=zh{cR0H!q4F4OPqqbHHcYX43=KI#f
zq_iI2NP!6hV-=E<8{Dwa`)MYQd|?RVGcipzWoVKPIYts?=K>!Iri?IqxU!W9h9F>k
z8Ha#AdU+G&$cYU0u7umo5mqTCjqwL%B(j;$Nul0`MBDSI_qh<fmw5z3EZJce<d&YG
z%h8WC&JV)n%*YO!Q&3|9DcUIW_FvGfN6PWvd-e!t#T+hZ-&n6cW#u$-#CTYHQ2%Rb
z`qLa#nl^9S%EimRB?5_p@FJqC-dP=oT2>Bzt_awEGgCdM#~|xYB_n9M0c8j_o)~Ix
zc~(ne(C6g+GJZx)bK@c;)nKyq4q&VzY0X&jdAYV;23i*$9y2Tc?7fWnK$eDtj2+>W
zF8Lkc^+wVWzWZk;zF$q<tVd$Lh?zUU8)roN<g~bHEx2B6v3Xx}Y(sN4Q?vnMn+)>2
zrw@ReEC<)(O9u1Vc&H0clK6Fp8d8cS>{bNV8`}IhH{B=bVtC!UBM@=(Y|02imZ`dQ
zD`#B?F2W0ONgD@Ay3)KuS9u?+MJD)G?e!7YmUGwUA?>)g%%LtaQ{C}lDt;<Yt(=P1
zt3FWj5xF3fOF{6Fc*QL7N~HJUiO3aAQ>V?3)MD4%&<QI@6j4e^6ly>#mfr!cZ+A!I
ze_9wuS~Uj~R5v_;mA!DC;$oDva8Bl?u;7HOMca1CJQ+NIBR`Ljs^{-aj7hCc1T86&
zip6;MlnFjcqbbwx>$8}O&zaH6#C6Jg?ASdmql^=pUfl|tUByi$U9SY$>A$kU?>eE{
zch`(~*&rq1o-(95O{v$iWq}5HH;o*DubQ}Rp>|J=t*HP7_Z1`si;w0vYtuh|Da-WR
z`!dXM{YvLN&w@;!lI`V6tr9z9bYHjH!x(ZwerJO!z(IEv)$yUS^+wr-bEjRxki4Cs
zS1B-Ofz&BWIdsBpGB-7LLjBA@k%|?z$d#1R03HM1$5TkgW5?N9Lr<j}nGqdy5P3(B
z^ryavh_r67qEeC2VggE<3JdAXkBjlF%Y+1e4-iKhg#A)b@SXr`R!{0>zG2J-+c`=O
z4YzMZIE#a#84&~&Hs9iEG^lVV2ly@2fEa`d3feOtnA3j|Z&}dezM@`$!9Uq~^DlUJ
z=jf&%bZy$FJ__3nt{1JRei@dY)Ac;-YoCjvC2CbZw_~j;h3|=xa7x%M7pKw#DvqZm
z-!-8QOi{kTqP2aA3v+-;>T+nkiPah#dkY1YyJ+yLKd%?07Img2;5|6U-1@ro-d(NU
zNAbKs&CFBuyY7>0KmG54{_%H!>Wh1?@Ts9xFb8@&e59fKkW?A8w%sIBmt0^=#NV}=
zz)~O+aI@91H9JmH=k4vO_Ic^?sdBO2NDVmW0OhDq6h4dJu<yKm`vZl?%Um>Q^pwhv
zqive!F`q>W;YR4c!Y)R=fWtw+PkU5u*7iFY+2O%0JwQja-)gy{=v3D#Sx=eWxHPel
zf+^zD&t(B>MR=-&tksdXf=v6d^>)>KSfq*;wYp2xJbQxDC_hRY(~cnYDtgC=lmoH|
zod~A<H74NX__)SP{@@AqL*Pc4!;+g=7q;lPlE!j6h48m|Y^siOoV1Qn>|!69e<tv8
z7dsSBG3c@>LW+BSU0%B&8${~Lv_vK9rbdkg%K}#H>KCY~6b;d#JNws}7@~WCN;`ML
zy#**Nvb%Kk3^KsQBw;@Na|fK))97in9F!XAWl7nFyYB6_faF5|k`v|b#3h<GqjN@p
zN35Z>NTa3vB9O6y=Pbrw4y>%zGAj0!G3e_B-1h?D^5Z}YW!<<v*kL&)X4kuf>C>l>
z2Yzwx8uLe)j`}0^nD8VL9m>i&SOU{v0Ve~6%xF^WyQ1B2PT`FmgQ?WU+JKE<Mpvh>
zGsuDvC*_0?_$6tu@ovOge11xcNWDB*vHkNYGBV+064QU7(_qDoc(D0XU?nIHiX<C-
zJD*!VVeK}pE=3>Nk}s_Qba~PSF!_u`U^zc~PstDBL0oEu3M+IsEWK~v-L_NF@mNnu
zZ2+Wb(R^hFhv4~@Cxskg#_lh)J;?4)8rPIjT~o8I$X=8_D|<df5P%E8U)QTiZMm-9
z7g(@rD8r}FIaZP9HOv4N%p^3G(Y@hL+-&qxZO(`72ry;7sVW{$>tj6Ao`NhHd}(~=
z=vDABdKk5uA#&Td)oT*%T-<*`kMW3F8^F0vF<>&J?s5*MUf|;5?zOVED$LBUEw_1r
zehI;iuZr%3fm3U3L3P8_Qp@S>=*qoS4G%+S@MRM8=!3LSAm$v=HyUGv1crPD5sq7H
zn?e~fA7PuU&iRcloluRpYWxobPp30tlgsWmR)f+$(LTZg%)dhS(er2|>BY^{4PW~?
zCB-<C!#-8t(5#tSCSU$cH9=NUuf4lqxAXKMKULIgMGW@iv7`aT@F&Svf7wU=7Zk$(
z5X9uqRyfMv_=kc1mh891?yO3Cd3wMaD*%f!ON0$MD|Hc}pVOC6u9W5mwM2SR1|5({
z+I?9w8Y;)2T{QS?2PrI^{wz~%bxV=Inpz^SK8*yPNzpwwVXd-}&gKV(=QZo-j$#g4
z`iyl}owp9#h=~#W;4hI1NEvZxM!ZkaYPovXf0c4uZvt1iF9>!!a+s(+SxSD%ndr5p
ziST+U#bT1zU~>Lr-N(df&7rOzH+iIYW<2ry{2Wv@ppst{P@TfouOk^f+|x$|pGCof
zv2W>1*cZJX8;Br<y04#+w*0&ag>%WDX}qz=mh-M-x~aWND-0<b@DB;WZVGKzjMZC(
zXee^L32F&y5*CGU=NE@&MQp8defjpw*lo5@MCRzK-c=p+1gfIqw6_rdT;cW(uz{Xw
z4)<u+y8pVP;<37Rk6NMYK1Xgj48c_`x`@U%*{0TWn_fxPDcg&8zAi&1+FxDg%4Dla
zRS=T*i&dU`KkJ;`E<q46o;p_A*Lv8)YiJ<`TNt-rf5Ub3a>dzO`OA>2%Q_J<0Gs|=
zN}t4D5vh^*2D9B3_9CDG<ilNR*M+8f9z0M<Pbl0AdjD$HNmHsIL{4eHH2XL$?`Ezs
zxVvLK-n4Sk<Oa2#d-(M)hzRTC62m@gy71YpgA}0ip9hYNsle_B9<$Qc1^x5!w>@TG
ztD2PXZaRDCYy8yD6Fz7;T~W1$PV6T(`tB@=7VpaUr^qKdC=lO*;Ybp-)5P&skMpIU
z!I$6IGm4OGH{~100)CIrl&!Qj+__^KFH7ih>l3bf>+b-QV%?%lwH1q^kY8E9SRRy-
zYGtR4#ltO!ign?2uv@qS$K-xUZIA9MwfG$JP$mG`exBG?-OzuFKOP<#6Mw$LMpfHe
z#FcC0Tr_)9<x=4Lb;-ULBAS>#14I&-1g5M&>G!c;`KgdmpL8l<Bmf^_N)h8OuFXz=
zgoz>iKa~&d@$bMai%q{O;6e>*O(SLuCy1%;01<_^G5VS*X;fUEML`+qXR#itQY<S;
zestV)+f<*~7ZU~cMa3>2WBBDW3)}&yRIZ<9eEqs~V=J>48hxNZbwQhX9qOJJaUG?6
z+l|KhI3k7l&4})KFu|zS{FMn6Dp8`N-g)T}@bf=(ZtN9o6}da!DEp>OSeQfYd5N>a
zfIDY#73Mj<x9AYaY42BOJ%^Smm_~eDM!9&cG$$|NE56l~q7F+WsXUkiEzRyoAf(pg
z4j`_rOkI&`!eZ9P1Uqr<JWkmwE~u!{tfp+N2`RP$2O7Ejdgx!94mFwU^sQe(k6Et+
z*J*M)*jyqv>lawln}}70K!PC*VX1Nmr`f=HA;M~^=ExP7AW$M$Sw=<+u{Zy7v`<Hq
zW?1kiRD72aJv_L^sAHmQR1oK?pY!yTMAcNIgFXHJVs^eYf7_NTh%ENu@Y#(b0-abw
zX=RbhLsorq*XKTSPR^2OQ>o{1bDv>}lLFtFZT;EK1=xK;D!lnPjCxkhalXiUdk1-@
zy`U~FJTs$2Io;da_qo$aABP&B`Z8EFs{Ggc+9|>A3zXs9W}is4UQk>S`qUzybJk&S
z6${(0jWkwl+7jzaehh{uzlDmjxP5NoH`Vl<f*}4*xz|`_7<kF#9IMpzj#h{7)*3Zh
z23#OkMJX{eR@`J{Xb=A%*4{cQj;3Ar9zp_1@DLzqAV82HA-F>b5Ii^x9^3|Zjo>gy
zU~mZT4l}sJ;O-3WGPqmLyzg53?B{vc_wK#V`3`^8>YA?ZuI{3%@4D{aRjpRKlAX&c
zbd@57Fitmo{A-2FuJe74%8R5FO%_dq8@>A)Yo}Q$;<JrGl%~V4Qi)PHNeR;_n~QHf
zf#?&gxHPj%9gFG)vrTYrXJf{fv3vZgyY}cue;a}lE_~#}GJ?JL#bVyKX{oRnS};SG
z7dP~wUxfm9$eJ&3aDNjCTZ$6S(wsmFRqdUB7YZZK_o0%sGV&K!`HTzNSWtx<B4Tu?
z*WCmU?<w5mxpi1Z?jX9VY+0zOw%p|8sLb9D_zz&~>%|{{*!l`gr2QRVd|NzzfKHDu
zp_Yom3JL==U)gaf2!6tR_+uy@J3rO=WOc01V0rs=VZ-YKJ6pz-4{@1KeI8w-ipu2Y
zgWSTTO2w^$m1D4XY6V5)`(k%Ynf)=yhJ^XxZhk4mGNsR|z{(O1?2(xrqEB{6d*QZ<
z>GwLk0O_(r61nbLaJ2t%UdbUZfveY{$e+Jh^p04_(G?D207$LduIbyU!Q2dHr}-+1
zH;A^BKm$9)EG<x$y4svZW8Ud!qQ1wzAADmZE#SMwX5&hr-!Y?_gh5VSgo0_G*Ab~n
zLN6#gm9~~#QcTW0m4CY?2b^@6RH-hSn0ytW5ykn`8nuwzLYTAwbC>~q-gFZzCLvDO
zKWiY!9?VbHBj$N)1I|eZsu^v>!x^o8(ane9|DXfnL2gy=5}pOIv|GBQT?ebJ<4Y@1
z=yIKk@ODp&+Ge96snB~Zg>Jo#6Lv}P?;XQpsS74U`!;phSHTf0UKE@wctMD6BIf#P
z1~$#3#S^8IUY;1cCE?&5N2A#Bag+0Ds%?|eL_<3N9^guy^{Zz%)HspWbv81y+O|{7
zUY{IHNPjFm;rRnthl~uv)mlI_oxJO!GlG6lv4x^H@Os&mna+uq2~)A7b4<q3#rY{}
zF5^5er133Ra2afGb$yy5zs{Zt;z)My$;AS7ZzEWz_>4jZgnTqfidi?RzWOd7Hn+i@
z_UgWjK!1cE(y~Wt@Qv%ToKI^TLxU@tBCM^VYKriFC~9}~^~>c(<hSr&P#?O@cPlF^
z$TRXSP1%auep|%SYsdWQf!@wbziu<yyp%T9*Jt}4evgX>Za&qaDU5krHyBy$JGfL1
zscOTqKo2>1jI48bt=wfhK8M?^A+GLM6!sHx0PMDF?(jA8zq%%gUY&0Xg^j@@MTDk5
zc%LG67ZskM{{ak<L{~t>VGI~iJm(cKLrel3V&bDBTYj}7p=s+$h8n&<05<bczp3*$
zQ^nQiDYREiH(y}|?3<bOEy>f?slG<yCRrJfd-8(9BC=^REs0!jLu997D;4qK0CK+P
zkq6uJa8Q>=ITX?+Xsb5;v`fw_l=#zJAS9x`+y46|z7%r(v)~J&H^Vmh!;ae7b;NS$
zd~|gJ{MaS{Q4%ca4`fL2nx9Tr-9l@cTvPL5%BE6gVOD<N)3mF^>F%#w)rLpSS_qvw
z=SJ$tAs~NnUosVg%4T|}b6plg|C1`8c^?A8TY=QZ30hT%vhJ8y&K(m&!=;yX!{?QH
zBYw)9mBk>k9;Pb;B86x4`}TB?XkUk02YvU(Wvy-Scu}Gi!8%R-J0_j0lE)M1+RB(+
zmiNemXLg7kcWW<^ysjoM%m+@dRl7N@slR^q0jVlYDXJ|)#PXBBtC+qKWD~)*CWz^-
zkH3x=>E%iiw|MfrZU;oX3o3m26I}SS&R-~s{I$jb>*efLupk5#{wE|16nU+9p=P^5
zU%%nmg<8B#lcA6}-vKhmWl_GrhQt`0r`u(imBB_AnDitK07;nqV5eu)FQzeht4{qj
zh$3b!IUW+Gv20&fH525PtG$;$IvElyE?L2}?Rmse;lPlHh|Ar)oPSxN_Vs+)YL29z
zP>=4coK(V1FgT423u;e=PYxP~5xNInT_lZ-k2;r^=H=CmPs4W{UPccpZrNjyS9kmf
z=uGHgbzpf2OF1NEzMjm|IF{m2iB&x}H4`C2WUE<?RXN2bDU>Nvy^g&YUc$^)CeS9z
zK!sud9m7s{<nKIRqJI|%7t<Xj0H_V%U90B*0g(Q_AGAe9Fi}F>IDyFHBs|2_#FN2)
zvVm1Vu6IHBwd#oDWcDnGb#{!Jt}Sa^^x)&J>}D&FaKb}*L@Hs*i2ecfN<-V~7*_P5
zbrXtx_O+lp%tEVgn-cpli~N!cZ0*l*Z0z5V;Ita`eWil8=F7nLJ0y|A*40K+jV9SE
zNnxM&?#4wWD_ui|4Ds5eY%#)jrpS${7pw)kMSY;DOj(s~dML0@cXr%t%6WSu#iXFf
zW`Flxp=~XkAAF^Rb8^1G5aF4>#>cvy<$#FkfXwbxVw)iq9AWCPQ07p#Ag)`(tB!B$
zKv(MTPaiYUYpbN}$h2GISd5S6tylkC(_psuP*R&3d@MO#R{I5*pI4{%&T@N)DZw-?
zGgAsqAy3htvV~8E3DscY7h)aOQP%b%T2Sb-a-a~YT(bpRf?UXz=Zyp7&hcE-(y+ax
zM&zI(#Bf7*S30};Z`H<e+B~AxT{xl5@SyqMd4{3&`dAU}Kg+wPF$CQc8_+x)_Fm6O
zhzsc<Ory6hd$@@mXKl{J7xn_{2KPu=#4D$SgKm@-1|l6Aj8}!ie`3wSQe8R<irm?|
zlvw`&u<Pj>x?KDqiZU$OeZgP6rLt<1?|91NkEM(3s?#N}Gc)HqEZ)4yV?)7t{)Zv!
zr(q(Kcj-d#l8N_*P~YABI(f?o3GJz7Ok{(r8A7Pl?I*HzK0!?D1hGWc&bql0t(yp-
zK3C>#hZrL{ek5MN_NhJ)(>hNeKTkbhi?r-2&7A#6Sv`ppA8>~WIgy)vg%U=)IUGB<
zG6_j%O?Dq@A;Q!_<C7D8?%A1y@l8ufGAOZ9MbIBWqU}Y$UVXm=5p-M<hn|IX#YFi%
z_isP*$kX2+?$EOq1ta?AOO<Ka<Eh;{OpFfPQ`czn?pC(u4)le;Z8pr973ezdAFM<I
zS-Hk$nb5;sj5bP*Nvqr&p4vN{m#n+e9rl~vO?%H?4RQ5zH#_#-);SvuI^crQ_7G3^
z>7quF2ZxrjJH*(CcO>EJAEywdXul@YUQmofk>LkQ#jCUsMDIQ0vrwVc4!xM+kT$yR
z6{W83aZ>Cfsjc>hNsRpqjV-6In)A+TXD`6HBti}@V4=A!!v27cC~`+SUl;Z6rZl#e
zd%rsx?Q=I02+|UKDNf*`2Xj1lt-I}|bgw#m=0Gi4hY>&iS;3W^Grv%3tMCIAde6=H
z+?b!@Qie0K?m`@_j%8*o&SYn7hK+WgmA2OAPBpW2qy9_j1ZwK~beGQlpwBj=(C${E
zVkx5|eFxzlJ2^CJ(>Q*~Iu^<td?&t^?8hhk`@!B{hwY+&P}Bvu_ccGVTgwA>%IEsy
zI`n{LYRliCVy;E<ebTI)H19_fO0&Cb8)+=~rVvUO1zY8PH#s)KY*+m;>G$VN`y>8<
zR!2n5LXgibzc0A+@!Wsp*f!3Oz5aO?JmwBvh3Fcvfr-%?(oR*4XG<t^;OR62Wil*b
ztk!yCMe=e<&p-r;_@DQMXALP@%Hv9lMOY{V6Na8=>zY;xKq37&mEJE7BZobTL$&sp
zSnVeuBEh0zZVH_IA8`+88b4j>w&FhT(h1RK+=onWO>1qhz=8rtzNmeklfff(`fLq@
z$hZn2o;uLayQXfOG>KKO3A?a9mM^WV{l0B%Z>@D8;bE{!jn)G~Lf6rrn30ebRPII9
z4bzgkMm<&F_o}Z;LR&fTedA8qpQ3a1>6q71mq<Y=NMfW($?ny#{$aQ8=eTzPukHl=
z5?QMfh1dmMyiBimxHXeMARpIGLXw0WCskiR=0<DhC#AL*QaOquC-+}*?X0z{V@M#9
zZE(>`E7j5SVQ^AYO-+3rW<0Z*POfAj`Uik%&xajdlWG~Ak!;tg#M&Y|T0Q{WiC!y(
znL4XTh?8j8y5I^CMVAvc@K8UnR|SQ2y3QMpWp&AJYAxJ1HToGa=kPnossu>(t)8US
zPCH-r->%IA6+$TjOLr*viVB~!^I`_IyPAkOEvk6qcg$A7mdYQgPis53ccrfsm-M~c
zw&e{o<?{mhA9axTP{_NHa1ywg-L+AJy?&TB=yNo2*K|lq+OoQcd;QK0$n((WS@l}<
zlXG*RUmS6rXU5GicJ`rW(GQ&cU{$0(He;N4u^U7vkG%5tN*ZlwG%6!ULc4y)z%(+R
zen};+Tc6$-BKZSo@`_Kv>F(Q%HCAt9NVA>O5f%+VPTHmHyD#Pvw+Tg6x^H1SSi}fl
z>0Ng(Q?^uqh!sf38(Tgv#IDx;$Y{|?qAPRpE(v5@N9p;T{4NbqUz@k7!#gx}Z#4tg
zXCw#a9K$}HaZ~j3bt9vHM|Z+;70JOPY7%CN(IUjM7x1@T`?xfv^HmOOv-U5UKTbJD
zcxv}q<1yv>^zBB-?S4ru0qJs`luyK~-R2$E!HgCd*df?oTZsCQ$X-lU7OptL&x$J@
zhP`f^SGRt1GsqURg@<qtp=stYX#5iExY|tF#Hs95B?*6&5SS$558yYP7xKV>aRHKT
zw^d&Z)ZJmz8^n=z9O|u4OzxscVZ#jQ=*FEVx}glvJMQnM2Q?eNR~?%xEa)7SerX#K
zjn+Fz4M4MelJ{V>%|~9=X)QTXbU!y+yvgp8ws_qgM1P}94#Klz9L=~toswB$VpWyP
z+RNoE*tAj%(X{fcPf98J00puVDACyuC{a|t=L<%Nvl_bx!a;9P>pJG0cJ67(Yt^+i
zV6VZ|z=+|wOi)=XX5tFl@<QXM=zfs-SE)9~T{_~hLDsi+#wA&0wiO4NMUW(oK61hy
z#4)c=*z0yBjw;;~uSelkbG9S%^YNw)a4X|vgfrMKNRQ?`?HSTiq^4!;9Bu~oO65P=
zgGsd~ffJo<Yx<`vKj)NqsfGayQ$A)vYQM;^qu3g2dN+_gDR!&4!G5M)>oQ>*g`zA|
z^Y5236|8PQ$sdNF+EXy3hct3o2T;j4^n}BT^bG5#_@pU7=7ev;f^B*hd5w%EzByp}
zjvaUhb!{H%#i(EUEb=uzI@t0DY>t;l)QTU+2s<_U{RXfR%XPWZhC#RDCN=wo+wB>*
z&E2%Q48aO)f(<?}ui6kCiXe`P)73c#kSBrS%hl@~`fw5CmY%28eef=c5I=KC!H|9&
zN&QjMXwK~%yYJDg@K8KClo#iBiIblElmJqF0>e!%ZCJYndiXes_ehTH*^=o(p!pZA
ztafHct0cL5B~8vCJ+4h$hH7a{-7$I7RxT>@ngjH&B-}*4X_|{)n-!*kyNT@jSA|d;
zyeOFcrIWKQ&3u}oCHqWjucdIK5>|0;lPG<&US_>4&?F~6VEq{-1HLmDG;ce3#O?or
zY;2`&U2XTJm3qmrl&o@mj?vCj`jxza3;oZNR^vI+kV1!8A0;L;)f?_Um@mg{l%}RR
zF~6RiE3E$1&d58u-jhS`>3o9UcY&#f_J?$um2b5(MG!#=tM2_53mercKuRttXjAna
z$e0JT1$tZ4iUC$wA$J0JxtJrYEB7B5S>vDAGH#nVQBKNkcVq>iB3g7jiX=fT0Y9Py
zDKCTs3vg8G`VkYZWF8bl+i^AAm;s2@@Pnxz?K*=i4Pa_ls!?s_64{|R>ly~e4rZYl
zPh{2->BuxNPOf0A#!^aUO1BQ^p<`ZF_e>K5&#g{Ldns;+Q}bO;J~x-0F>spF-vk`d
zNI~t773Oa(b@z?AB>ckyiM-XW7k?%f*Nw3PC4cs>h$e%~m=g!Y_Xm;cUu(Fi#X7xs
zKJFa2kN;BC!bi)=BpqHk&vA9~wSwB62v(DdT7p)EF|)uZX$B0Q_bbEgOI?*AH=>@0
zY;PZ48c+6``_66oJZv6t+ms+zn`wPsxZi9;7S53qXQ6M{Iye3?U;9sP>fe*~{-!WM
zsc`>mEdF2B-Y7i`YI5}-N^q1D#y{WCYyl4zJNueUn{L<+WAc}juo;XOvWJC=#kvJU
zq8OwL!s=$`D)TSVvX7r`SRRC6AmEQ5X`=Ty*gw)~UR94H(O-Qzty%W7#%{f`2UZh@
z<uTzyoTf9%p4|RPkuWc{EmZ3;A+>7;d5}9SzR(o~^^~0@MHl172cZXVt#og%3j*}T
z&=lP|@~f$yz!g`@cJG}b$&HG8($Fcjr?t9X?s8Dd6cAEllOwvKqPx2$0<8q43_zO!
z7|2S3=--8cU6%9W^LQK^O}XaeJ|$bSmRn?XWZ5ac&)~&obqE*bv&>#ZW+!{C=e96T
zFi-JABi=*6AMvotG(9bVcwxSq+?cS$yQTD)wY*kPeBZ8hX|_Q|lK@ylZ49`><dw9b
zAn0S06EGCxR((NA1;qO~#XV2pDjBqQlH2l#;D?Wf(}|;_^*!Ivz~GEj)}2S6rL#MH
zP*PI#+??_`2wW>DcU+GC4g4*-mOq=guA!#&2NM5d9kWRKMCGVwZ#i>P@Z&QQQc(4m
zng`O1VvhvA$P05937&nl@MHY4XPwhX7ltvVL@&9C=7G~d(OIUBV$FA#kvaDxpCkck
z1O#Y*Q=b(6Eu-*X^vW)KMfu2BCtWroj`4BT@?Mro%A~1CQoVrqy#Z3wu@334a8@F2
z=X0kZ4H1H71e-;~PcO+K+@-EoQGrM4d64TG9hC$AuEj^T6L@%`Ok@-bw>05DdXB0|
zC|k189%9ZO{b;Z7v=JoBELX+f5^FV!vb*Y4;%!I|PQ9R_sZ0?w=9{kSLMZ{t{s4Zm
z#`-S<mr=?#ya;2hziduKivYu9PY<8gYJ;RZ`CUx@0PZT_XVEtr-B0atEgz%6e%(a^
z0ioEXtyeS_2XkM|az*AFZSHX?S`^`(wbf%frxn3Whi9DP^!&Rk-iTB>gHeQQL<9eo
zznIQnc<{t%CDA4-&H>{;!kdj$sR$FAHN*}`vwv!6xhIn%arcFSg@Q31Vdv2s=|g$)
z&9s{aw(uz;n&UTXr~sajQ0!;AK#OF$$HY{FflITn;0IHZB@tHTDCN~jw|YkU;#jF`
zGlyM6;jD;OeB4{K>kCA+lYT(ac(Dfb;&wywnbRiCxN4B?<Fcjcx@0E?_^`Qqo3>QT
z_Tn=~So67M3}i40a`>2l*G%Im5@>9Jf}8;!6fi+-3vgi%b0?{=0wp}k*XnEiJV(AH
z9eEzNE;5Y5N!z!*7ka?Uaa}7eEe+ntPl)fwHKuxxDV@(_s*&BTy4OFA{qU-f-IX@#
z=(~no-qB84cXgP}idT(GJ<zhG;3bI(@-Df)x2u?MXNcz*U<Tvg%a_4-jy%H<)A|L0
z3{peHHBtMnHsb_cZ7|l5O@5mLaVyk3RhvW0hoWb9XP3DEMV8^}{E!w49&0_&jXYZz
zj%TClVosGov@vt6M;iPAc>V!slW@d$*=KPxZrsEy-4$F;vlhGB>;P@zn<Oef=(egW
zyKwTzG6zb{<i&9IiCrPa0I1wKAfCuzlgk(!tX<Lb`blO;)Oj|k!QA!deKv<pZ!h=2
zJE$I0)g3VgDgD5{ExFx8RG1^bD=r%<O>rJ;D3!)#62@<_U+<JSj3}XS0cVAMD|2TE
zvaGEQ{sS=K!qqwOK#LpPfZ^mE=U(R=RHB~Ib?u`eESJu`!k4S7X(yIzSPgOp_xqpE
z;4Rv31G^&NbSev$IWdJ|6z;zR1_6(F<~yjV7T|!53VqX1CiCd>4)W~iEwh>|N2O|j
zhPT1XL2hFPF4v0*gms~=X+cry#$ZIl!B)@d?EH<4AWpA-);J}{xB^Y>r~anh7#L#=
zHC=v+FI#MM^8mt@`2O1v%@DaQbe&3aUSsW2r4CL<-faL*(>{xwF7f+ROl!7r%uJuc
zhP;RP<$7E+WOe7wS72_OYkZkm#gMW10V@PkqkZ5{n}+hPlD`mp{@sqmZ9dVASD@-6
zoa94tiJQhV!PMmD1(d`}_F`~oBgL3sV(&oRaafM-z=n0nO6E6%!z+L<n^ZNGdAlHC
zLvr(kxlyeP&Y}%?9+cr+!|C9XiP34f;lM`VA{I^FjR^DLdjwPx&N{{t;JMbg>xIiO
zG>e89XWhO!IvjgGsbNP;%22H9I&7X+)cnBvMu16ko!GL-hPR%HwqjA5k}1VzaR+A;
zUFN*ZY&o?K!sVNMVW6(#*juRQMDg~!bejV11GfCJsNH$m*fWt)^sXVMw!74qf&5yV
zz2tCfsxd5GQ9kO|`<k9%tPPx|EnG1L)ecaq(nEZP<TtByn7Fny2#K)jiuoV4R&l1x
z2$i;(aR@zedZXt(RSpS3k!%qD!$<)IQ?cck*7$v|@e*R&aAu#ElUQ4mr8FbcX-Vm&
zL;R)0EOZQj#)d<E^ldMN_ZVmS;BpQTy2kBda$L_NJdhhG9Q>WL0^N^1g->_wMo5ee
zxZe)F)|>{uOBc7!rj(@QrpRSYz(A<j6AVN^jn>;>k&ewn;%;^7swxPZ3GK&KJu_K&
zVflsYV`4U=5lLvP4o6}$Esl>)O5|k5ba@t0VxC4*g}XF|)M~SO=TaK=g{e?GGM1Gt
zy9f==g$*CvlH73-3761b*`vjBmpCPx6uiK6pOlLe5du2ymXyPp=cA5AMfUryNr7<m
zud#v3qg>qv6gbvidc)=14LHNR_K~(y)0#l%nNV`!X4&1M@IXs)RxylMKpqRHE4f-X
z1Q))Hu+frFUwB#IU_ME(l|`9~&fZ2?-5`-O6=7z0kYJIsot<ztUDTG{>dFf9*i`5W
z<g^AB<Mv@m*I3Y)Z-}^diQdH%{7}vIPO`|QaGW3RTm@bz2fnweJLH*O=Y5Xl?cx&2
zO2ie--84!lhT}kU$dEw&2-)2crEb+g3FBx`TRhfH0vB49zvdQ}aHq4dG35Q}PeD4E
zRu?q=tJ4il%LSuUPLT=mQtcc!G#d)mCY$b|`C*4M><Tv&TVACjfOoafC-mcR+faX=
z>L(8({46qqw4_Xlw9t2G*mW&Tjq4P7(`|Ax)ikc>He9=+QB~{In8PODNdI$6kn2Hf
z(niacuST_$J^AhLq|gN`qv9gYPqU;9m_MidWXdSQLO|=N9%kE6ZaY-3Baz$7nSz1^
zRCk;nD|hzFr?8Un<E}^Xp8~%1Lmoa9pYfYXejHU`HD*&|GtPp<G&R|2jYHRp&k=C^
zquTDF{TV<Z(1W$!H=fthmdDs8*EQ{<{3EeVQiZ9nTb#zr)!&D7xX_zBx}BC?N<3C%
zhqQooOzf)T^1{{EuZ}%k9$xP1O0$1T(GSyeOde_x31i5LCUDte{KrJ%FO=@TL3iT@
z|79Za@AMqm{|FsF`D-wF(&=xJW>oB%$mz|{e!{s8k6~X?>SngxlfnfOJ(c5!s=B~W
z!w+<&#-ejN7NZ3YY_f9fH`DEU`aP4t8bSBdNq2*(G@WgjX~aj9x>D9)9>S<aqnwzW
zwkR?5?6j|+EwDrUo9=ojl3W))N?T3H=bHCM>lt;In7cw3EPj;~MK@gZYb>MlqEB_U
zN^KnnMXOF>i;{HJPa9t_3ou#n9E7ZeyPQAvlhsx{j9x+t{kong`(cMtY*XnDSEIb2
zdN+Jt#>cRC*VY>Rpi*B%y~*C;?XKS8mkm_*m(LT9&uzVr5-hzIv>ib<!!0g+#A#vX
zpIXJ%54yB6yNVnOy(TYKzEI{9dzNkmO7n$!^3(X~p;Oyg8zx2?c?dQQ#tk|}K1J77
zD;^s6s6wnwu!#6i=`v-!yp*#s;hqM*m%*{5!>xa_RsX@uJ#Dbnchxj*-6NHmLv4O`
zV|V(X7Y5e0If@zL3|<fMGG|lQs80O^(*iQwj>?!P2^K?-Q_Qp&D!gODn5(6ovcW(P
z@!i6mw*V#SFC%=*aVVK*`iRuf<Ld9GlekI!0lU)bX{*y#x3;~g#k~_<+hMMAv94~^
zLOBx|a23vXNHHMDUxIMNs_uWAKR+|GUDYqy`x_%(k0q!?&`%DWrZs;ftvTmLjw{P;
zEh~g%I^k|K%TDsqQ1O7f1uaKQ9l+jzD0YyHeAUz5JQZpE?|L2e1e+G;4WSeI>_j%X
z*|~NvV+5UG!u|j!rx0oke;GQ!Giv6g3}BJ=RbeBXDkH37IHOW_Cs=g19vH-tjXOBA
z(mWsW4Ra$QHIj<*Y%`JDWmU(48@sqsiQFh#@Me28qB!IyVY%Bg-%i{&<q;)MYlfBO
zI#q42Ch1S7Dbu<g>r3danQE_p$*>FXJOIt>5m^Wu-lxZ&gGx=Rx~z3I?Jf2D6U8Z{
z1twmPUsfw(TfUG2lI>`>udN83vRDU<QKWy_k3GIz`2Jy4s$I4il&^@A`4K+8*Y(Hs
z3QWW+5e`65X!W!4Z>$PU-CL&xj*Fc*?D^>G5|R+tm6pZ*bl^C!?x!`HsR-y=e3|^=
zB5!Fidy?!ZJZUF>TaSh~ZB*~1auI3TT3%@@Fu}l>H;pxQGbB^8erx;*s`MOYG@&c_
zrq&Zn+`~lEa9Vh(uV+aPNH!*siXy?%SWsVy5#LIinkd5t>|Xa;cCkJTO4~;?&M?zh
z518A#Cn)jo5myIsea8~Vv?p>+#_i>J^=jZXEu=JtpnYEQ!fluYa9$i*WGp0z6L`3n
zTqQMth<}Bfn&Wqny?iUD{;(du$mA9+tk&=wB~)d$ZgloT+TLd`S;T)*Z&0+8R@bA9
zxds)NFJvR6<#b2ezDVDFLcV2cY9?+dMo&%{>M~Kb{!;K!w}x2s*Gbx-2k=FKW}d##
z#G+r)(bUeBXY3&GLGH_)8C=wRv?%Fsd8boZ7XKd>mdYhSFKxRCfq~J>R|Zd%w5!pA
z!W{sDUP7`be<Pxx;3(zyN<H}w;9q3sj%8qvSN6r-Z>6!&(=N&S(Pltm6yF46Fxl-4
z-JWbkxc&C&$X1N!tlzPu2_xv=NXyMte7X{@t`$UZF|_d;ZSM0v5?IvRo*e5YLFlQf
z?Lz=v<2Nm0%H|vu>JswXD#)fSjy#RR<4GqBVkdd?l#(J+$;N}STQGa&>@<ydqM7nX
zA+3cFD?_KaNCV6kev?zDS~~jm9LHCPlH$-Q^Gv^z$E6a}_NtcF6&aFe=xWdI7HL~&
zsU?-s5z}Mq#z!jc2-^6TeXh=m?r6M}K%2JD;PZ_->KW0+bT#|e44&j$6eZhtI0IV4
z^d-HmD7!q_z=yMb_EOK)6q58E(q+vBwYHXET5|xWy&*HPr%X{4LafbgQJEab9`jW1
zF1jTzGE^EAm{pF93@rC6cIA{(z+%(vTo*;!h7EZIZ&Sax=tw&>sY0Owo0pVB=}rm;
zgwo_*yv8W4s^yHM5ZvPUuqZ-Hvk7+PI@T><lODPE@ekn4IuvN%-xA`clq@Lc_L}b@
z9R&Y2)sW-!nq50Z*(6b|yDQ>-2wj>ZEyTTb$-SeFJ1;))K=+bD$EMmw>0@~WYa+~6
zx-{?)z;*3~@_a#JqfrJT4S2%WDBV7r^;L+rGHSrFG4R^atISCS%S43-DB$Vw)Y#bV
z?dJnFM^T4+>am3$9Nbl``0C}+jH~$imKB5hbS2ZWiYbSd@z?VCM}zvJyqc-8s=K$%
zb8nBd>1*e0UMepqp={S)>BG;*M*%lrMYN$ADxOn&O6%_V*N-m<)MDo4B$QR9y$Tk!
z7B>|X<Ve$``Cth#(noNVu-m>~qL%vfG1gF&B#YCuT634mw1!HTFspO90N)acMYvET
zsl6NPCHdi=)cNim9(VSKNnH!=FY=Kwxg~MR=U%@$cb<7AEid#6r}zu|KN(d_$y4N%
zQ|z^f5ixQRh%+qg!&P;+m1(+Zw3y#1^(NG6R(kR!lE77zWr{(9)+(o<%y~HAN2N4>
zTM3w_+LhOE9EK<SZP(!aY_YN@2aYo@mTob&skmTJ>j{?jdvZ*e?~Cc`AI+V_f?usC
zl+~w4CV|^Uo<*NNsUb=^xd*;W<J5|8)EOe4u2PZr;@Xq@&&s`(j{e-emJq=$X@c{(
z_lcT9!Vo2lATj$$f^^2eyDsZ1vezj@xo9lU;|W>frU68bRR6_p!{zjooYZ?SjJidq
z`tAGr?G~^3jS;Z>YC%k_679?wmcYW#VoO0TQII0}2_8ix_3|_oq2qY}w7ot~lFC8h
zrc5wEal9e`eg^7JMZLR}v$`9;jC_67#VvGs>%!s|e6@gZChTXlR>HTIpg<;#byVQa
z{ygCKC-Pmfim^)AE4QSy&;7tLfi%`N&rG3QBjk9%H*#{rbw@W^aXd;@$6{{$uu1YV
zDK>udr(4HyOMezzp<ZS|WmU~o%Cei)lF2sRr{&z#t~tvI&Z3z{>rm6i5(yxca5p7)
zwWW2nN76>`)4BHrg$Ch`Uy|ibK+}L*uU1^thCHl&94s6V(Dxp7@TiTt8LnrAw~ahu
zf~A+PuO2Ix_fwekNFc<pEddVhp8&3}XR79#`pE`zLZS7|^=<ZnZ$C{dkiX5N4JH9e
z-SVb&b#{NAN!RJmYbp7-DEsBh)jT};*}ZR`ppk5o^9nC}Kvg&J#(IrU=_7OLu#eYP
z1El_>uRf^m9C9sK0Cw%LO&Zgk@<$h2nQasVd5{3l`UX7fDz(?_Ibn4>eBUq&5hN}1
zM=5|Aa8DaW%5U;K*ePRirRHeUIA0Bn`FZ@OWxm>HZg`wk9!EiZpmyB(N6z7)w@Q(~
z_1dAK8iWFv@y8GO7`}bLQrDbfYt&TjzN<O~XHa{p$C9pi8=PGuY1%bi*ZUGty{cJR
zAj<<eQP~`q46GO}O}w@_<LpoK@hNDYnwU9IhT8>-D=2ml(t$xGixfY<%iy{ZN<Xvv
zj)t58GbbPLyBp)m876_VMIR_Fkw@8db;lRc!#=^kKn!Wpi4V{vf8Ai>{s0g^XFc@8
z^C(JrA>(QYZ}(s_tw-R=<{~>%pU^KikI1>?`-Z&no(?PRB|GRY*a*3h&4&^1iq9(~
zq<)^)xy7XRBf`pd3+sjc%z|+nPl^q77Dg%)3rmaK&Hm}BXdYf#Mbmh=zQy6om6Eq2
z9F(67Yrl00TME@3wpCcy*)4}kC67;zo>kVXYAO#aaB|&HF>V-HqQE*rAUxy1W$@b=
zT=-YDst%gkr;D!@?DJ+@sTi$j0Y6$okeKnC)K_iF0xqh0+G9h|+~#^<-i@vVx*j_&
z(wNPTmE0ezWrzxdNGH`kl7+;vXRax<=hmBZ%<G*SIBAjubh51Ha5L_dzP~)qx}hE2
z4sNIl{|DRQ-}-?4OM=zk<lKKn1pYTrIsPgH1Zm?^M%I-mfBPUVxRT4+h%qky3d1vV
ze6Q0GW`=7zY`BjIv9Tkm{#vb+4gH9+%O03?ag5px?d>_rNxTJJrlV3C$p97r@iiQm
zCDFbU>4?>g0~_C{<Cw8GMrr1O7mrK|c6*P{0X94c#AL)oi)J3VmSv{n$z0!Xa4tk}
z<9w`nN|Y+QG_SNox?Ks6%4FOF88EKpMJ!FZx#C$<A9r@nBQPq>DYH<98_I7Soo7_b
z65S9<fJ?<X(Vjc~Uh7<T!I6G2uNOI7)8ihA=Q2*B1VFEH`*_o?>;0wtUCgMPBEEg9
zXg_1#>72od5*5x=4Ffly+TG|c1J>y~;BX8(am%==`(PGhR-l&U;meoj$I@&F8<UC}
zq%{-)LiZOWVl24f-Iw@rrvvqYaNFzak40c5#b#8Sj9tiI^c5G)s}>1wyj*IK{Cb-=
zr878V;vA=bp|gZV>(V#-KGgD6>vFg3G^RACxCc!oM~D5QE>zD>!bLx_HMgIm;ip8h
zSLq;^>T4VR;|Y7pTQq_QfAS#8zS=iKyyvlM^da<_n=&h|3dK1qoX@nB9i6~m7t7*m
z;uo@ymLQ?ljNG0X5vEegp~?qnPQNQBWS4z1x>PXj!hfLh#2sdTw=(MJJej6zKsd_Y
zXogsB)Cq``rmiJ8fBDq?X&Qaz;nDF!g+{D?-$Rvx1i>Ewi;ACGRU|1vd1jK+K*gPk
ztq*y(_wt)JKjq&XTi^3&hR=Nn<ueUTI~G?mc<G4j?v^9hpK7q}UgkruFc^sW1Hk16
znOg5Gsj^JIS5Y1B7V{qKr`4K*`CZTdnjxEhA@(>}f&7A|?SXY(q@V1%F=+ApZI`)q
zl4bGBD*as`3bPU!E07dlesZK>bW{gwE2n$W&kr1rK+4*ki1+VMte6jliOBXWsKvzz
zgq;pb@3EM!b(c|L;oMSHnp|wnIbxX*O_b3r=$0%6tW7lq)kNA^>yJ^458$g&(K<Bh
z98A`V$Y?IOyj12XoClsZ##PfD9Wqd3kJe%|f<FoHI<iyisPif(^gC7DHHA~!LXMRP
z5tu(M3m2J8Eks5*KYZjroCNUiOA$M|prV$LLWB6udSe)8r-8gs6NE=!Qu)4=jPJpY
zV=wKlXri&0b@uMBnW=wY8_@jK{vQI3|HADNYnTj4VYfq=6R>Yx>mXD&h_I_TC?a{^
zgqshH%j6?2*0m)GuZf@8EB-R6Ix;c$;rX6gMVHF9o*>rtX2h^{1Q%vNXT;iLn@ofG
zh6c-#u#T9vw?p;NGO|H)>|qf5Z`*f?j@Zs0-08t~B&0|H?wE&Ne>(j$5^{3d9JbK6
z4WVqj4<C5IUUkbCKW4-cHvGQ^bqq#srA?CSU)xWZ%XPGMyU<dvt}OY$4i*Q;Cw#IH
z3T~MKk)3eN>Kl`F!J3Zp$dg6MFIv9fq2UiMAC^Xbbzl8hZH)S<W=xWD$a3W)die1^
zH(ow;<11C9s=PL#7L&EvY+0evQlgz5O~=YUA8hF~*|S$zK7pi#Rp(~1*ZcafW#@_C
zJ8hDU%cZ~id%5E*%`;sld6VgT2Z{>)v{|?#oz^_oF|n@e{GB$c{MX6Ih(3l+a9l@V
zcm=Bs%h7gpnQ-=u%2Q1_05166R})8Em;1wCKV>pdef#9FU*n<1(Lh9(+lQ!nY6Z_}
zdVQ`yl?2~SlPBNA4zzrL+g%&crffCSu9QS3T6ja%*3C^RRpZG!S+-aD;E<uob^QFM
zFa=cqnQ_@NR)(%pT$#dK0d0sS;`j0A<8n(ja+vGEGu>F$nhs5haX9_WhBC#-hcv2M
zX<7sFgcaI#V>7?+ddu7mw$Ow5n8b5xO91Yptpb1$My;o*i6EZ?rj1{}2l#FE1LVi5
z?t~s8SLwpLO_)KA2t-B<&zUSaT1pqwkiI6%h17o5T%$QqxgdloCupV78)Dy_P8+_~
z4u&LouhvaOkCzJsc8N*ktq7j3(4p8a`0RAQS^}sYXq>PiYeeiB5CLW{qH3I<T%Glq
z66F+*3iF*}<j55ee^Y<(nbepnT}*O!PW-?r9atbf>fkbMnsA}9_hNh^GJA2~%3w-g
zVylpK8oQ}rCqr4>`#OC%um4F+2{H~(T^6Kra2%QUutoXaSpv9lL4lA9Igas?x#+7|
zCZ4LaYOGw|l9aGB?lkH4=B>#Ce-S_W0o<yxZIHV&68DTgOJ0bOyXo)oKKGFuWtZK8
z$(X0z7L0w7rJ&34&0Uuw`R+ztK6RAZOLu})=5yO#-#;Mg(k|eJ-d?}eci7e)bv7cd
z%9;n&(yZ*zX3utz+V&Tex;jxxgcE+h?CfZlFj*AwI;Ay#|E)#1d$-H3N~^L~M>Fp_
zr*t14^N?xDXKLc}v$om+Cq-<go1b9V*9^A%a{KTAWPWyWyJejenSt?5XE(F-cixa?
zp`m*WQ^o}O>1*;f1b-<}@^`#&CZ`o{P&%@Z@Z?u`a}mnkytX9n$?fw3Je&gQ?Q;W_
z>u*NWI<|{mlbgx4OE1lyW`Ye@-lcZHX=`zZK!X+*_L%moKpso^e$F)VP6+dJ&*uqD
zTBBNX`SK;4e3%uDf)Qalt;p*iQ@HJun7byeP1jaSQ>AiS{aKo$uVwZ&iHI&s6bfRA
zqpoXs-+007N;a*%_34?td7N1$OJc8G7WVG_HUpg9!>#pvtK6t;-^Yx<o@x<Rw8-t)
zT{O`CT2@&bBUe(R=S?jLJGKK2&YYq}UqLAw8Fs;w>O?w$M367T{O1$Lin{{wLR1XC
z^z%@~v1NmDAw|lczoyS=cX%7f;?Luwu6M8fKC!-uMWY{A(I=A#BF-^k_$r8Z$6F&7
z^tgCqP%~b5EkSO#`j&8`yMR8J$+)_L{&M<2cHsm&FfK5Xr)#^EE4udk?wm2XG`=8#
zpv3A@IRGGN^K2E<lPY;~&guq;FsW2Q1@%Q0nbrv=<Y&W7cu5?NYWd+ophvvI*~os|
z(t+)cyyI$)#K7X35^?~yDm?(t`hg<H`BIGQP`)w=F-~>}&OCL<JQK++J&!?vP6Tja
zCD<61mU2QLw%k!k#H(%#+Fw@A8K>0gRTJ4)WqSPzjP7M`?mnhk;l^5?z-F5bF7_?9
zgG-*5qsX&=Gs^y}RQO-8#Q%+vBeSVS%G3?NThlD}>$jDjyy}#u>Z}wRJ2ZQVN<^ZB
zUYQW-h}p+pU{=^;e_l;4u`jIk+8$NV3<&b;z$%f;hsnVv;f$`69yg~DmuJGwY^?y)
zpWe{XNqS)M@H)iqy(X8otV;6cuYQhj<0t(@Kfka6wLKc#m};$w&1o_VOicv?gfmLP
zW_DHIY@Z7M{4V&^;W7T_zqcUG#Fe=i%-F?CS7Z8UFeg66cUZ!x8r6W3xNUAI7{azy
zEm{=F6Ufo1n87B<g;qzGPWty2WMox;#ir>Hgc}jPDyCBv?CA3)s}haTZfyHYQFrvK
z$-k{alRv~`y0RL0kTE-b{GY`qPAIeC|KTag+Ojl`BHn?j=eiOr3s)vD<x__(gnV?|
zwR=YPc`!RMw=~bR>#INtutd8p-Mu9}p8+C9`j;`CuE)7t$lSCp&PJiUl_Jh-`s4u;
z#p9g#<onXXe%C3MAy0vsaLz8oMc{GyMa2Barw{FA+l}El&zK}vvSy_?!@?n|j5PwL
zPIUs&@q=ppAm`YciFkAwAs(nSOY9`UFuq4<MC8ie8zUjM$KRlLlRE@oP5!df{{N@=
z|BB~A;Iaqexi$Id73U&Mr|1UoK7sPY+bGWenlBec)C*sHZN4rsV2!-`O&|T~ayImK
zv&I`Lx|;fbxIMFphpTFZo#=Wq`Tp!l36bi!v7E?@V}mrymL(;H2$n0kE?*B+8kP^5
zwWQkF%-HbHM$N4xyUX#v{7wuwsxJJW&770-v}_9tm3{ZIY0ZN05(`K6GIk^_yHfvP
zc=P<xO_=EUM+=gU!1VjKnI|E;KS$Vua71quBscKM9<lrZOg{T<fJ^3gmK4^<P)I1&
zOu_XBu)|FfD`xSu3dPrZ`^}pV^_e+l#m-nCcmMW=XYNXva0fHDIu&$B>8maNnt0w0
z_A<){_IlBOY}8c0h$`&$l#Xn3qE2I_XR#-XpSCUYjVb7)2S=S)eYaw};@-5nXeX|r
zpP>+*2|tI7mE~$2viMIb|I4mLH|z~<c{@b8H7Zm+1&&Fi8*X<qYf*J5VQvuhv;C+4
zY_4#7?PxUguBl-6KT7%kSKG5j%KStxP0eGJ)TsizuKxfU-U-E^t4qdt=AXS=8or;^
zUjH>IouU8WchEOX_s^3p6n=hrii#&{c+j0IZ)>)s-&R)jQgf?mYZkgm5Az-HvlNR!
zKilsOgu5RTH&y49Vs?sCgN=k$>m{!B)z98uZU+DJR8z-Z_nnkw@V0O%sU1W;XvX<G
zYr4+-=dtsggH9TYwiONs2`2@!MdLOMKHB+O{PXAqsce3CFCxFZgPt$6<&hE@VAga^
zerX8uBfdpRGs^P{brhQptjZ=u)Gr<X*;Y>V-r{EAz3PU68^ixuW%d!j&~teubt`%i
zsHiL=hKk*;0}>EUQFm&85x8ZjpP%Bkyr%B!zu+DE&m(0zEd7X3zd?67VcHFW`{HtI
zZsSb%{QhUpFi>9cO&a{>HF%TuU+lJX`v>r*zUa&e6`eyX%<O9t^;_3e_XYdyGUOfJ
zh3=M(4&Q&mC=6phL!~Q6>#5)H{{iHurMH~CD{PS#J;x_2WGNcIe2{d}+}?V~^z_uv
zKH3ow-YxkgJ=MGI(~P=+R!Bu8#kG^gMfcj*fA(h@Kgqe{q`@y><GrwuBm3?~VawYZ
zkDGs9ko&s9WWTzvg4OBS*>O)x5v1@gX>x1(A9rtOE!q#|aCyyLG(0|D#Fc#idi007
z)x|lAPh75gbZc-FmhG)`dftG93B$<0{o_*jxk+yFtjdP8%9faRdh=T*1=W2WyL_+3
zv`YVCq+Wq=;_a;*v?*`%9o=uiG8JL<_I5I0E_qS;JE`FdtKsj`0(;u(<3O-?$iB{t
ze<8j0)vzmaovNHG;a6LUV1hTCU)J8=<UZF~D1E;DHM!o_c8{z#X|o2wX1|K=6GFvZ
z_&1{ly>kX<t%ni;^)sG@b=8T~QRAEH9nFz>w`gD?H77G$*gY9*Od_(0@~kgLlh?l)
zTXu;&%nj4FQ!n}3eSgEQ*9g1+z32_6<oc9<Fg7Y9`tr8{+Ku0tSy*pg!J$|)`q>}A
z_8`eG;3I03>89%9H*d_HKY-CB_P1$yO^>ed#{U4axbzh)p85~pD|tRSdYy;z>a=J~
ziaX028~!1$xoKs0NmPPQq$KOZa>do<Yliw?=^)H>R<%4%be)uZ-(~&jiRxIooCpqw
zL1IA*;%~nLj-sjkrJa{4S|A!FLh2txRd5PhY-3Uhd}|;^D}cNQkV}9@xS00t&}{OA
z@gHtcd7-znHQu43%Q?~ivkK%0&{m^aRDv}&HWh^M`NSF-W_z*p6Xybf5;!3<|K*<j
zx8K>!5RW1<k6hav(o!WQab^7jG6BZ5m|ST70otx*hV^FbBdLvWYWE9u;ytzulj85T
z{M*-YQz}XoB-m-0*q%7GGSqDxK2D!$gUrXOUr2Sr+yLCw+I&GdrmLDl2(I)O;WZf*
zp@NW4n+=XK?0dGi5w$?fr~7P6>44j_x@mz!+`Ta#pfv0kxpC*V<;)7QQJpNF@Oo}D
zqEWi$pM#XqMZgcYC`Ti+^SFm6bTp!Su&I*1rVr&Z&u33=+g}}@BU03LRqq?CT^tRD
zt84A!p@1qw93xWW*HFU^nB}Gz>K&lB=?u<5fl{oS-)Xj#p4mO}ky<+Sf~+XO4Cj4r
z^_p+NBw4BS`$7j=xL6R08I!6dX4W{s#UrL&qnHnPmck=gUI0HU)Uf^4l5NHrDZuBV
zL(uPhJmiMHTjtuqTKNXeDV4r2VqCf7l?Covl12B>{I8^oDutSb63xD+r4YGP`u0#?
zw!&P9SwG>0gXM~s4CdFTf>a|P(V_nt1Nnc2T}A~_S@QQ3E?K;TB+ur`-v17j?zD@G
z#{iZP@|UvO=cOXOYiR9VA&e*kjL#m(;}Rkg>|YG+&Q__#wpAQS^?5WNi31;ijH{Mu
z3EU+M?UoFAA@jmNISxf$tr|@fFfmy$8D(VTh9)H?@pNFnFGtB^v&?ErDEv_~=yiaY
z8RhX=-WB;+S#d)oLT2f;tlzgL=9~W7`_3A5nRH-vWwP4NnWFblKw_6VQ)ytI#LZ>v
ztF8D*%pedk-^EoF{=eP7NFZ#yBU38Yv}$>Fs0NsS=p2*4TwqyXRpgcQ#g(J)#y#5v
z^w<Wtilt<MW!&k6ttkR$bi8Ar`Q5C|=5SsecSZ=ccneymB0+sMQGXW{e@q!ngZA+-
zGDoy^G0w*n;k&AMb)$NRv!gks2S1?q9;jk5P^$2PSSINgln@Jk!pMX|e@9bre8<?b
z9kxU_<fZe^tnScoUeiAQm9XQgClNgxARh}V%4S=(835G%<a_iK*K!67M_&`u5M0|)
zI^xYS&~|%W`>R<5^^~G}s-MR@+=f`?`}Z~c``RLb+#Q_E^Em!VO19rR8|m`PkUW-%
zlBoJ|ijN;JKl6F)zxg$FxF`Ea^lz>H^>}e`#hTa8CW{4@^2uDH#J%99sdf(2V(^+@
zE-KATJa}k`><HwhXl8LRcG16W1X7sETzRJ$M4R2Q=NKj_e6vE37BkIiBVU{!j``wh
zg>B7CEaI+}w$-ir%S)=i^dsG0J6QD!RK4SyVR|j{Byi&lCig(fm)ktjMG@hHoik)%
z9hO9<^wN&%nQ-X-f7vPd{=LjDnA!B-IdozyaAH<I_tGAK&z(3O^1&~TUeg*CWoGYT
zk#|2})Yi>ol=BbG7?dNXI#TB-UCSqg&Itu#pfP4gY9s3J(NRn(pNhUk6cc}y)qbJW
zlCy|zB1sE1TU9<5R<Ek68@$<(3o(h7lG8SLqRcTWe*soZdj5-0>*N`MlAznXt^d?0
z0pOFiNVS^o2l@18qlK;&(1C8N-IRb$^Y^_LSs}TehEp)NXW40K3^o_|@Ww0Ske_%}
zCA^4=6H1bCtH$>4Os@%=HFQa>s^vFpYueM?YEC91+UB$}oEf@kwyOSiLoCl?W2;}5
zkBp2<DkvzB8wI}7det*CS_PZ}i=l>}BY@2WL;bH~F7+>iQBM8Se^DvkTj}kDRX(-B
z?{X11Xb$Z(FDflfEpK~le52$Q4Dh?w7D+#w+%7BRm)Fw3DM`5RzEtLQ8Xv72Q*F*w
zfUW!-=nj!N#vp77L1X{FIs;jF0a;frP=YAeM|ObG2D^DG%%yHp*I<L24n%ABR0yRI
zt)u=>`tP1BU}5eqsKOEwp@W>ZRT^Nd*p;iXww+L!#Ej;aOVXWzKNae+juf>-)BWr7
z__qNsDpMk0pjTK^Pb(8Y)|;ZU9nhUSK>MpCG@%Ckg2evFwz?usajE_JfA?(uSHt;V
z275e?;_tJc<x=k)70@bmnMmn;Mi)!XK->iF`snL6+|FvLM#k<-t<xwT>J%pbJdQ0s
zz81*ZXb6ehpk+nn8ImfaBg5&=Y{8s>7L$}IGP7Yv=w^9LTnn1!N}P<bQeYwT%fCu1
zoSj8%-aF@XR({T+FE0C@pRk?lCC#AlL?)!z<8g3aY6B8FH}{X(1N@NpZb{=*?jUVh
zv%XQ4w42TpSNxZ1YcKO&5nZtG1kbc+Nc5|u3(`Ve_)$|k<9s)rx6Y#z)NG1U9Wv@Y
zSgs&zOP@GB__;r)1LQ);5#G{1zhLr0C4|Dw#RTu$Ab$GO@dRw6!H9b;a!{(pMaqtv
zy7}{N%bj<niZ65ze(_I|kf$^_K}t(M?iA87BszoXVw56uNAdr6lDX;S{j(~SVG-%9
z^HIwwRfcEW&_2a?K1LQeDAECp<G4+8nd|-M1JZ<%$ByN$yI5IX&Dst{l4j!33)>|c
z4c=_|#ib?rCNIy9xj;K~(d*n1=!tax_(V8#6JdcKGG0~dQzWyF#UIygrgwRc1rmm6
zO)4f-di;h|2VX|_wYz#rT<Mct)V|w2^^@N3ry2JAZ1te*P%$}I?1pXkBAE=F|8%nu
z`aBt-P>gc!8Fd+xd^a=8`>XK%vHeLzTGapM2mL=vsQ-i-(<p4bfRE6<!KOi@LswyO
z5$%KXjmJ&PK#TiYn7Wvx!G{6OS219gc={TkfkS+LmaU74Jz1iMJ3&x%_knQ~;uNd3
z?zL!#a99M2hjONtZdj<(qIeKSsw9IHhA)pdCIxmSuEf_Kx>_YY&?sJFL~So_)@%g%
zVg}jQ+P!*gvnu5@3d>~poNyz95KuX*7&z8}if_{vL+7wwf>@1p+ep2JHOaLedmCaL
z$CK*H*gbuW_txl&=eILU$&f=@H06`!DI3>o$FxjTUfSEKzBv^hcEa-y!E?x;DQxc>
zg*$)Ml6x5(nQJ<Gq<=hc_MtdTjF3zdT#q9m2Whgfmq0aSu*FAV1;*Nw{KeKuK;38T
zo0Odx#$jh#chpVfY^21jqcCmz#vho?n$7hgbskBwdrm2QZi3xMy02#DK08>4@zq0L
zh$C*W&tz-Q)LIX#XU&uq{Q6JHqZ$mD^H({>q^T`&Lh&W!lCZLcBufx2Q`G?cS1l`!
z6Cp$ChE3%A@m5yvAo=TD$CJIvj3&xo+E~0ubw6WU=Eq<<5JE><<`AlW7#lb6j3!2x
zUztQ@EV)f<Rf_CaO*Y)h!xV$YTA%U4A<deq3TUnfSgxPhJgc$B&13y~Y3Gi3P43OC
z*9|)g(C&Hlv^E*1lF+6DYhDcBlITF*Qb?x4T0)vK*LObXkEREl;IoEojrcvKPkbEv
zit}NUB<qm*uFbV~do)g0bh{K6L+<HHbjML!9KQo8!3SdIwIY?i1R~ME^wL_Yh}~Q!
z6X?#6oVJ{dwo~P}%l{(oy@Q%+*M4CT1eGRAZz4_UHFOZ9gMgG!5)h;bgisTzAfkY@
zP!y0*r4xF9(2-uHcL-ft=u$=GIeGRw`@GMy&zwEy%<S`hf38`Xtjx+<_kCU0udS4#
zitGV2LO8Y_QpvQV7WMiLhl>~VvKeX@TCyq&4RmXBUt&#1<^Uw~h0snn!!GAAvwaaC
z@)~j<15OK0uVEq!#>&;0uBL}r4&fXG_t@C4(%-zr{sNmbc?n*rQ_n58#csU-vnOG`
z78Ql4cVFMOnbT8skGp;iCdiSsIC-9&9jh!)s=M=pLCBn9)96dXBL6ni3K3s!t+6^I
zDcz8OEvGf*!@Qn|d8wegBny7qMB~Xhq?!u+HL%2iBl3c~lgKl$m21^}%6)+<SxuYx
z%6?9}_no*8mW@m70jj|+-tI+CfnxzY`PbCUg90>OgUU_~#yzz50&o$9Z;0>9vkw!?
z5GMB|1p;&|r10}y5L`-yEy@3Dd4o>|taS1j-*MEonr3OWSO;<Cq(y;Cyyo;EbGEIm
zm?Fcof)6n{E0EV5NA^9kw9e_79NVvaioULvg})F?JTY4{2O3&x|6D79P*{r)v{L9u
z;l71`#E>Q}Tc5Fg2GxeZ1h$SNoG7XoYjKj5Rzhb1a5V*F5+Y=A=HQ-k7b_PvhD70q
zv62*SK!42ww8=XCMFLcH7~zzkyHu$Qv;Sx;N^gdD@bd%Q`ciwVjQm3j-z$k*7EI@W
z(S)sDrvTO|l5oPb#W$psCHkYU)ZJ6*{9-_-5Vf*%<{H!r^G4FFXi;5DiFgT&L%lw)
zdWaIH>Y;wNt5Vn1NVioyPG-zkLxl%2%4t4%u1kk{3%=^{aGtAj%t^{7Ra^LIl+cUa
z2$yS{U0--94;6G&@)H-kV*kxwJ;d~Ee`gG$D+U<^E*wreEg&cL!CD&XV{23X5B1uo
zB@Sz{B=ZjD)H66h%L_!7d$LP$*EEBCnM@N=mgu9PuE8F<V&qt#xg&-tASyR6B^4^y
zYj3(nB|0tjTd8jIikVgPpqXvkUlC~M&u>>XQx>+aufPHfX*d;4F!eB*{BV0Yrb=3!
z*e-(((CQv8tOR+Zx)^V|7dS?l0DAJKjo0%T6=V2=`uPK|NyU#*VPDV<^cqw&rGh2t
zS#|2K>EvAP2*jItw;urW{hP-%q?^`0?|y0sc#eyd1n<INw1Ba5T_X;A-Djeb<^!3n
zWb0nNs~#+Ui!ngFtLuCJp3$k;0>Pl-)f$ExH4C`m3T4I9DGk?z^7=I&X4@TKodGJ|
zx=uGrF;_CvFYc}(ehkC@x|2BIk3Js3va$fd_G$SslTp#J2?exvABQc|8KbQ`ML-)q
z!FjLSVe8R&|8~wq^W8FJZ2|e1Ht4KxtC*uGu<rzl0+4^`wq>ypgR;j)6M&{po7ma8
zPsQ`_RG(7y?FZSHUZdrY(Q9W5pz(fzXu}tK6_aXe^6d>;>#(<BPcO3bzmM#bDn6`x
z*b{L6G{%3M(S4g0l}<0KW<T|<W%K<QdPT!OCo3$jKJ<w4-b_wRUYWhB9zktHuC#|V
zw0ckK>9dba+i$Wj2f`M1J)Eu+tz$Y_HGoD^*&k&-)!t$_t5CIZSD2;tijI+sknwi2
z8G8{`e@!~>2E>!x4j8UxhTu+-Aq!f%26Dx#@y&hpDTs*5ny=pvPSMiGZbGlD6`rEY
z5*B+*Vy8%MU-Q+J0_`oin-QfCO33eD0U=7xh4`lU@B5;;iN@9T$?@r%l%S&?{B-Xh
z!;-7LD}mE<`5f*oyfnVblCMy-=@);1(0&A#L+|$1a`eZwWm?Zh+kqgw|0xs=d9u8)
z)mV4|%w(>x@%}A^sx(#;6g+0h4aun4v(@ph&-2pCd~*|Ph?iq$g?q`(%0gl4+1ro;
z$zOsbPerk{j3rV6{`+Q|lDs<JuMOQZc)G6{`n+EAG)PL5x_}O(?3yY3U&B5zY^1?Z
zQ%y1re%7UtWpy(QmX>gs?R)8K4v`mTo7FPk0eM&lskj?Ah;qYq1+8jMKA^UygJJKx
zs~ZMG%(qiKzj^XQ_<5Qwi0?LcxaK=l*Yz*mEO9GI>FRW^gp0<uCl<QH<Ojw1ujq7=
z^41tB*aX!)LnsO%x?r9Jz8+O+jk}11lEZ3}gx)^Kn{Cc>9V2hdJuKgpOkYRRUIyu&
z4eL8JtoeoB&&!Rd=%RU+km(=~?a;qHb68&nsjn{=U~QaM($$@~j`Sl*gh-;y%Rr&t
zjU92%Ed<Z%w)c|eJ}_-`=@A>K|Kt=*@@{zA3ZAAw`bzq;>2JG1xAP!1j-mQmyF07{
zf>OH~k=rWV6y&f;6I45crIs*|=9!lc7xwOh74?-m0uQ$ZF@Igyht`@}_U=7P4%jb^
zBj%fE*+ydk%}H%k&3;f(>`GE%<*)?dfiOhN#rAEfBK0H3=%uW4{XqBZ@ehD-Agtd^
zVru2tW5?}GlMbL>JD%I-1lC^}0+T}_zABntL%VX}pdX6w6?j|%AD_~joMdv3GYWz}
zu}m*|`ZMD8lWu*VFWHxV=PNt4S9SXh8FGr0WH)#~Y`C3sjHe*Wo3{)D?m~~JP^fwH
z!%!i!<Z)AD=t$?c7e%16ip;JX;L3$?=-XMCtULHpzb%V_Vm=RVxx-r0vIx+Q#LOz&
zS-Y4ZA3fK)*8YQ_OWX&er_cv$ZfUwGy%$8D5myCM__DRbV^9EXdG0LpjTtnb?vWeF
zT)JN%`Vsru#^50_<-M`-owv*n^iO_lb!41mw;z^x5j4&So=R^3Z~iDckBrE+UA8k6
z!HCls-ut~MNlb{j8e!ZJO<%~r;%98R12x-mED~|VrI-v*FbnCuF;Mljvf$WHuIf-E
z$`zcEfG)>0&F80cf4wzTd15;xt2_fQrmLBQ;m}?NJ+Wgx@L^OKZ$Xsnmyyc&E`F9V
zCYDW^)<)}FXQ8p#8*f~;4?e;2Gmc^#X_{BRRgRCMv%TD1R{0$06~*aI7@MdzxE`hY
zdG9H0osM_`Pm;gzpkUBmw18d#&yX{Ir^jufP*%!!i?Z?yqP5RkX9=m^c40*ut<~q#
zTZx`bxTatJOmeK%h$2CthaD$=yL)ZpguINzwEgK-40$cNJbKxtBDlG~*O!yqvJh~E
z$RRz-6eKIy(vcpcudLwAY%OzTNvJtoWGXQKR_G$3mX(0G!Umn946~s0OX@HwNA)Y!
z`k}0oh^=$`kr?8w&6rKl@yqcAi*X!o4Y3$X(T*N4eOLxnc1a}9=b<beF7SO_dH4rG
z`pvw?`kKAlb<UJoK{UEDy`Fn6-8G&&&OQ7nq1xAmlBqzH&`Md%r?}qk8nkG628UI<
zyllew3Q^sIvJZbs3yAo(1$W_&zpbq^SBpWDCcrW93~uzYwe3llNe$}HbN~Sz)x#^W
z^qAaaxNwDm<<^5j^NA3q!gn29jJgw&>h}i|q`cbC;x;m@LokzxFsC!w#_J04uSdX9
z!XwE{2qpFXrMw2@z&bgF!eH#?4Q<R`?a%xL+r`r0yJK91Q1H)QD*F56RzYcui%%|M
zlt(O3iEEfD#w6xbGR*gVHX>Fl!KiRrejg`?MMlxuKZg;xf~{Y=0}m(3O!yzY0wzgX
z1U)}sCifwEx_mTeUVE3NcNPp~D#({1Q`u#TiNYc`lHY0g6nv(8SE)!e%<dPI=m_NR
zj@wpzy87!ndDZk0J?TetyZq0|gcXX+R3b7#?{6kWuDR8BzQRl!O?FPZ)3@>4IeNG5
z)hRSm|K2GF#?3r_1s8<=Skf1lTt$GAL<h01QpEc*cY$|mv++G`R9bdGvPPg-aboE*
zRp!0gUOe-C-izJ=Z|>s1Yk1<eb)-V%<XBCwSG3}ACE6ABys{L#?|nlsTuhrN>DSnO
zWsivOxxF>zH*1Z%9vR~N)4~#D8U|~rKYUA5+w2^XQe^)^rL`wsr_412q<e{^I|^g*
zqNy`c=5^w9m^|f3PJQdh^IVE@gXje~d!|y}ls-h(;uT{J=wX;*zVz1PoB{}A%N4r_
z0m(9JBMq8}D^+5fEKwn*{Um5I(m-q861ixGOY+rS7|g0oK^}ruH;yJ%_vSzwRe{rh
zVx`i_*_)EK#WL{e=j9THcOq{IxkNInl|eDWxmgj}B7T&NkHo(XHZhXyuTB~eCfa5W
zWj_Cd!1TiHfF;Jcn6Kway5g7X^24P?8K%kS|Lo8IW4JjrVWQoep-lZJrazMpSUm6-
z?8Uz(iWx!W$HI%!tN1ILTWRW=)o*)CIft|4?i|bt4#`>G-j{Li64w+$=C<7x)8@3*
zT6PoD++!{jyfp-%JO8}o(S$tq?i2WQcIiJSx6nhA)Wzw{axMvSE!}nWB>*hHts}M3
zCh|}VUuO);-}qVf(t3P%Y9VYEc6}?LVI2syhZOHvQN7su5D*;6u(m?!&H~1B$am`;
z@jK@RNIAxSwzHzow`p9l!HAsWai^#D`BSFR8De$OVb1`q$7C`1Nr_FjV8S9AJb5#J
zfzUCjtRXK>h0*IBxbr-2wDALx*S9ztz&qpW0lqrSXcSIT)VDmqVq<K?avR6vrG$;^
zmahwz$<X27wm0>tGjck+ZQrx-rnJQ#FSQ3TOBnbBvfgJkkhd_5Yo+{#t=mHni;<-P
zWP76flDBHuQrg~uT^XyZS}#G7#h++Kcdc!=HHa8)3%Pqm$g{gFs=nPW(bttYC#qZA
zzc8V-uQau*v7GlUtR2-LPQHV9)L5D_NYJ~_%O%(7)wr;i?~{)VK+)mA>Nzh>ERbQ5
zMK#qE=b*<p+psUCUSNLEp^`fUE5&l=@xr|mK5UK#4?X;(V(FDZjyToQH;>W?1&T$6
z%*tK(A9=pEEeT*S`*Hn{k!x34Ls3C}dQUa-z{<Pz_yU(5&Ji-`Ts`mMhbn~&!gfDI
z7N=F#WShDkcMyGWBK$Ipts~qCJ(^aVI%S2(F0v_7KJ4mfncv%Ut<e6K2?7|dA+aZ4
zr7$*0X=3XJc3EMld0LGe+LJw!pcbts-#WTgp`!TgM16KDE3G}hGPN-k*+EbFBwl6&
z7&^04RJ65*v)F#PUzBB+(Im-h$MV~&uKouBy8?MmO8nZ`Qf^oFS8%3(Sel8JE7XX>
zh#f0cD(cqFSWgrMtz~y@V7zv-8;=&-OZ_gE^n8vtU9Ocg($rf_^5FNQrkWVG`H&wx
zAMB=Zh<FB9Fwm>CXaIgA<cFAvzA{jkl`D;USRb$9k*wK`lxBVqY$4_FYZnxJHYd#U
zohh>%DC_qTA{g~t@FXcxz6?a}IWjLGF1x9<u$ybkorrCH6pbKY?d$w%L*!B)l;_-{
z<~H%{4+4^JduBsY`KPqiB4ZPC^CrJ0fh@0qH%#kWyBOcB&Q4ya?rZH5Q>mAw2d<7n
zkcf;;cusE8$`daGwBI~4if2U#w?@g{j1}})VNQRm$Q|XRUgTgJ@Ov_)W`o+Tvmy!*
zc;X}Bu?Itio{D{SCnT(>rlcO|sRgK3zM8%&JIa&Mdjrd|hlby4c{NQs5wEMwS*S3q
z(hVAKXX?{jr4W+4U#XDg-$tJ#aR37Fd<7o<(w&w?o;&tFcBP&6UHZ@msU6d}`NV8`
z)cDzyt{ib_jF3Bf^}8yaU?x%x=ArV<&%Y(}ok@(;p;Co>4_qqSpa`j+`zYxz8Rl&Z
zL)5jQrH(|Qt#!%XgjFTQxwVy(Ij3(!-b9u{faa!JZnni5J4D2P5YU1~{%i}#{$=4Y
z`P;m$lLYlo2rv7q1uR1l7^|{AxW$;RtG{3{%fj~PwWUFFOk?eP1W7$M)>?7Y!bCS<
zbT`(h%wODYxU?pv6e%@e=@9+3{B6nd>Lc&N^oDL%!bh1K{M`zQ(Cd%C#bl*VvhrRT
z=?G4KF5S-wqU$026s(VVMhnlJy-S)j@QvxwXZ`mlMV+!POZ#4GG0s6b4w6M_tFrl{
z3^_Dc!-}3jX~LGJ?>WDee#1NARochcX^!zGIf*X~-+faTXmKHF@-3k&>!Ib`O>##!
zB#Dnn=lGu7-Db>Y-2bvrok=wjr8X^8$rSHiqqGUHVBn&Dc3Y5wJJ#KaAoJIq!#B!l
zZI{ZU!Y};Y*AG<(hF<yBS@K@?xXy)lZer5YG=BTzigKQ01-)ITpf3r}QPj<16~rC)
z>%@4!3~Z1R&4zaKIzKMVO)V5g@<=!Ou_yS2-#s04_{AFcpoXcf9HfwC0($+<^mxYs
zpkZ>Zq0OhW1kg#Xy&K6ex6QS(>Ut$8=PEVto-F~+6AFff!!2axiZIv^RA@R>jRE28
zT(^d$tZ0*C6ejsjDYD4g%e?>ehsFx|NV84z&PM7<d|P$MM>A0ulL^N%>Gy-Q)V)Un
zWAL!dluw$oDYZm)vm;Uwxh@pKISzRz#zX!Nw&oNaYE`;7CVRK-zvTBkjJyM3?KbU@
zdojC8bJWWnz_u4*2ldK{&1AzW1$?F5R><<h<V<eU@fS^{B5YLvK!94dP{p%8r>OUP
zhe#$JGRu~pPSbPFZMm$^h<roGMXjPKB+FPsegYz6@R8Z8*OO}5>1jw1*~Kho^HMoT
zWqZ*0(r3K*;dH$CYEA{Dsjj(g{z9;zao8*3z-Pn7eE`p1`Qo`=Bfj}tQAF1tRu(8^
zTHX@;Tso6PTTabB`>~zdhCq7G9|Xy6_lVA7rN(#Z4R>9;;Z&4Wc9`U5G?KrR9R56l
z`72q69Wg1z&=5=a)hE~Vt*L}<7J!IT5OU3|u!MqEuX_GrexQ=;m4fZe$mU-C{D<^f
zIsOE8e3|)wREieo=vPiIoxV-~gCMdj3jf-vXWABj-64|0zjl`RZv5(SVn5DO(n~R|
z{y?1#@iUCpIk$VSIvMoxO>IaUSz%%BCq^($tXFi6YA_fxfBc<(%l|545EdmimD%1=
zY=)pHnWapz;OHrYr2ADKovX%+EkK-t4|N!qJpwFV3)Wh%?-6dj_@E#NALp3fJ<gui
z`sE<QW)wEh>H}RJk}YJtPtF4Un0fnVqNwIH!C<hj`x3MoWz`NC!BmMcNHFa<1NIB|
zO(tX!rPY+lQP9wrAB^yI{E_s<t?Psiv}^FYoO6u@*x=E#W4;NB=L3~|4NR$BU7ZtJ
z8jbcvk&@vu`>#u4+l2zK`y>RUA_sim{Ub&>+}d72+Mvz*mri1+dyg-}n45g4J%o{Y
z2g_@?1)V8^RbOA0-g9CXg7b~algNoCxdPXiEy*XIUmPAFL45o|6)o|xNm>kZ=&?Ti
z_oEk|e<|eb6)DDmmXhp|nPWE=3Xy}MRvuS3F1H+=N>9eev=I3Is=3_$b=9~Ea~h*w
z>x({aN0D9~40~fgjP6_6;5g?O!2%hmitvfQlRiZNpO3f(zZ1W*U21~we6L*4Yo(Ir
zlN1G4<_nF7o%3?2`Q%aE=j=<dbtyr0EyY!r93=ggtIL#1LD4T+6)zv+gy8!57l`V4
zi16gcb3raK1K@avk*GX}bU_kN`?+)+6H%XsA|>v;z>=fd)`agzKRKy%LA~*Em5-v@
z{cUI7OxKTo%J**PIIQ_{GuL`7vq6p<Zw)^og)XT!$gR*rWs`*`ZYxk_BciCI4HveB
zHQrYBneyAe?LriBcSH;=eGF!IMg0c+Alp=V@sX*=H0Jq4l(44!J>Q}(#X&pzJK-3<
zh`L(Rn7kU{^>0j=>o`)JV(gChXUK-Iq*HFa^w(MIlECIuXii~)+l%hXA;<gOJ#sHO
zWrEc=q36V8{oR)j9A`#e#MJR1^|jgSpU=$#z1^Hno@S+>loblXv{+j8Ps~OKph>;K
z{guO;`h{<bucXcq>NUWBDX$ChPHg{pm;QsSkbd-&P5pw*;;Vskgf#w&e=DyG@8}h5
z+ZP)ZLDjQQ;b@CpK=z7D185z>$D6+*DCbc#=w&gE&puYv7Q^efQvn!f|JO^xQaYhy
z$Q^j|B^R@mCyWh!+m3w3=<q_ph)9Eq-7o#*lae2&LG@RKZ|G;Z(byI94LPgiDIbY(
z!zCvYDX{hkhdo>a@ALrJV7J&}kmn$>tm6_^TLby2MOl=dCSgN<V!a!0Dn8M53N$-W
zh<~c=vU+#);s=3KTqa0zhTn#rpFTzby(Eqec)o*!Sh{!f?(lB0LuPpA7X%^p@q;U?
z!YkH}4_l#MIdagt>|N+@?FFLE6BaxPRZK-)ufE(9F>HzSIqLUbUc1LO#D3K4&EGy$
z<7Oa?41l$!xaNI9zI)W~<bgZa>uJ#JQh6}hAT~`vbzgF!ts~RshVY%O9h)wGC{W5}
zp1=QLkJEyVZEoXK#rXW1=;w1=4qNG5>V(#FSCE41{7nkwQ8}h8jF~`=!LbwcB5#N}
z50RkV;F=$4mM2C<phO(*BkiHpsia6bpS}*DvPk`aQ)A=RSHNWS*=I>bcW;}LqoV>P
zVyO)~7@}i)2Kd8T-&MV4AFK8+sb$ITUG7BfSE_jzWhbq(iX-=aAs+$CKQ+42Rm<$L
z^zN<CJZEhB&FJ3W*gWQ362<-TLDM3|buA;nBg*b{DB#7WLbhV%H(^`L$>c*<ImsES
zV#EjR-n8~*$s>ucBWfS*t5ay#TRvdulzPv_d#Ft5&5lG|Jd$LV37C9l^I|J(KnJ;g
zQ|ebb_lF+4N~vQs#2(Lbf~BK(kI4~^cC9X2IPAVsMr(QD9gJIniLMf=LMIMrD*N$4
zz1SWrv7u=7DV+M<Bx9SC*Ic{rI~61uW_5Mu=F#Wv=43$28Y62Uygi}uen}GM?MbYy
zZ#tKQRLzx(_nx4_JKH*z3HzlNCqW&_Qa2kmy)T5-9k<g-$q{x&^1Hq3iKU{Q$JfPJ
zs*UH>fgBb6F~<F{%Y1YOBI-UyvaDhAxm`?jnnJr7)}j?}@V6|lwn*(gxMWA1DD-Y+
z!k34;z}?g`)u~hHQ?0XGkGdTSdE1g7{M^4eV_I`{lO!xbX(n{@7beQVKU86y>Ofer
z^GhH4iJF+Klkh}>ZCv*&Dr9zA1^l>=(@ffiT@>&9W!+Yri{~nuOH3O(l;pK}eke1V
zpX-@WvPRxE>+zpH)b6gUxJV;p=}~mv3houBjFDb^`MO`IeDKFFH6D9?V)`g(8HT}W
z6Zi6Nw_oQb0Rw^H>WYu;TedqJz5WtTXIjn;<~z6p!I1UXc@NAfkh*%z@cF=0$HcYp
z$LP0ZKJ<6xIpdh$m1GmKzf%8YF^!Md>(1Rs)@cSNVA_mKjeyT|ikunSRbB3qsG7Z&
zOd?$I-xsYDPx>v>Fe_%kmedtcp3`}V=g8cMui3w`!i$i8dB1&%q;C=}^&~n&-+je#
z!zAp(js6Cm09McwGloYOs44tX14}xStq!UX(LVx~;(2`>1n833pX1w`xIYNQey<?}
zf%fJPjtj<zC$H^)^|1V7T#t9i`0#;B@nmCb(sLV_1-N{Lm;x2zkwA%L9R=ONA7V(}
zRX@nU0yEp$0rAJ`yW@i$UG-){1woW9;{sd!1%XT+^Jl{PpI3aW)HchD3JamcWBtzQ
zhTXk0th`PD_FCVbpO|+QFRoNc!%iEsrpoLWC}BO>VafIk>G_!t-~zLj_Heal9+Lyi
zEI<A6HdWtZ;Kpd(s>`ZI&dqOolT*WOyrYZ1a;G6YVJj0ei~hFnMjE?@et9OPDI`?%
z^1Mti*}dqDS*T2pdP|gW?#V9CjD$&S+Y5fxgq!LE655<57o>YudR(i2Od1c{HFglj
z#}9UHsYJ(yXh`Zwzvft}`fSFwAE>YuI`+<}L1WdDqruAI0<sX?tw2<@dib^Dlgz$T
z;=ZjfXu9snw5Emn;;p4O@NA-E^v;FUsl!3oNdnr~UK-}30Q~0YnWp|FG0{SThb+{1
zvmw^&9rHH;_q*bIE~|dKQu1e+ZG9+j9bq-p9f8!lfqF6afD|4}iA1<c<ATBvqVW9T
zzNei#;&atex~a&}>%IqH{@ct%?BC!nAk?3nlKuvXU#ymY5STG8U7)u9d>Z~bT127t
zc+$4_NSw@zXr$TX^pmjGG?U3&rS4*DMz<hLoC&#7r2#57(eBCA)h-W4naz?|$2D?k
z$8#QOl!OCI=$r%67ZXoTOtzfg#mG57iW5cav?~iZa?jt8{y>3st0VF-FMXmOgg8kF
z9^Qt@kwkIQvQ7y-s~EpMZ_w2>P3rEM9F=J%FZgr6Ny=qnxIH;)*|$~`DW6I)#p3V>
z0XETS<zlZWk@mUK(8%>&9LV8`_q+B@Npop7^_9Jw&axdB+M<^H+YdvX6nf|OW+tHx
zd?iDuO)ayzt02EDaW$gPqqX#8S*wI)GfnR*Nv#zEJjZwM94F3uHFi^5m-V@fHt@qY
z^5@BGCZ5TIF^t%8F6*PO?$d-Ta`XIa55{BUJNKmqy7}L(VVtirT(_Gi!F%pTgRta?
z{T;p+-Qjxsy!P_?TnC)PCy1XdH7A2xlcTs({TS!&f-z7zt*E5;{Bmv)p7El$`#QQH
zW`kWrw5RqiDRiP1m8`^?;{|&gZn!tTOf!t&i|VA-eH^0E-<!%3R~hE;1Yy=@`<X@h
zEjy*-Z5EZBvJj_h?W+Nj(KMls*Kg>i$>0eYw`V(Vx!caPnz7s_mV%ydHXLJWPxPl+
z;ui$mzjYY$yZ6EZboV*dU*#3tOD*+)!G37bDhUb*!c_?#P-Ll7ajasZA^F1UE-kU#
z^=orq?NPNWXP1z?{kqfmaRX(8y6{NTYLVtn_fshM%DhCiba2C^+_-)YTZ<j~<(w&M
zLJBg^@Dr>8VAZ9m5>3Nyg{pd-Hd5M&dlGQPynRejLw%RgMCNMyl<M?N*!5BG6bfD9
z^>ZBe0Kf83{9cPM1^!QqvHzX9Sl-_<zwnx(znTry|BdGE^$$lN#=jzqbSQM7B~swY
z^Xg-h;&nU8D2vIN!MVI43aB7pWc)+E-x0n`_~hcf`En|p?HLww>%R&=fv7yzjB~5J
zZ%u2GeDi~AOf8`DPsS3@Tg*3J0}PHx0Ks)}J@V;qXKt7@e4yg9uOl(H9i8L9){nJt
zJ>MM{uU<MXgr39}W!$0r#=Y;YzJT3O>RpYNa3x&jj5h$Ks1-4l0Rki|tYv^jhc;*5
zTsv;sH)uN-hteblj=r#s>F``_1-Hs`kb#tZLKK2OP(4~P-VOT&nb7_WS6qv70wNk3
z;-^z}S?feMK6N_r7Mbg_d}J#QT<D&e+nSS-E7zObAG10_>FhNm_?u!KZHq(hbdzXN
zCx~pIpWi0zaAzTuyBlDtusH1ebw0n^N^s)z1i*Z|2*r6%gPoF+a8N!?3Lm`H_<@St
zX#+nAzJNDs3LDSm&NZgbOxS+{O3rEX!^OMwExC<~bMw76JOpe%Ge7h?n~x|ZG(-Oq
zGVm<><|b7_#*NCAt#U1H8SipN>K*hrJ;ZG<G5fyhx1o$F_cHHP66Aso2GHJRq>Ysi
zbX8XLGtD-qWvH8ezD9@In745C8f&UQC`7$&E6dA4Jk`HHbajq5wy2p<CHzNJ3Ekg8
zmXc)90`SxKI+D-kE0Nj$X$kMR8$Gm@a%;hlphk9Hc*o}@BMLdjZl-qME6I9%zLpc-
zweIg_c=4mj+3b!}GJSw^i;0S3&7fuU0?J}}YHZw+LOSwQCQab9mU@q?H>;z^_rX@C
ze<!8?mpwRP2aH0eB@>L3$%`868znrqt99koq)FPb+e5h^AfUBI+{*%6=?*jf2Vv8I
ztQ}4KgGk1=HNFe?`EC8`&1!Kr9#a}En86)fwhrNuM^n65ra~y~rz>;l3AE33E+)4|
zHY!pR=MU-1&d6##Q~F6V$)QA+GTF=daBrr1cUgTP&;lqiF<Jd%bjqkl{(j}?08I&{
z?TmU?8EHJRCwtZts#BZ6Q4LMlRI;T%<4M^-<+uK#6R)0d%<}mJslwonbwG}tTeRxf
zk7wQLPlBuOcTd*uuo<YiZM%&=FuYVYoISdX%BQ;NZE4_@kH|=`87}ywwLrKG$kjZ%
zG3`ItdUW&Pm#~^EzNS*616z+gyR+mQqAUS`o!xOzWF*8YDx_4gUXLsB4Q4vACE`kq
z<8ZF2Yck-+ESrX8gQz=0S&gnjlr;t6fnmSAccqkq+?-4davEM<s5GcdoK$7>sF-@e
zKHApQbCD-}nqOjvxkUF)OGQlNr<cwgySP~&)mYEeNYt?2k+rg`OXt=VLN16i-|ET^
zAhUIZF3YUMu)C<<Ga&Um67gJ_4eG)1gl$cg4rmz^&4HuV#Ydz<k|3pJOcB-&zmh}`
zoV-B#Vk6#)B8|sRFFqSD?~U`N%XIT}%uI>aT_r{OfK|+nI5oWJ;9%0=qvap&q_s#Q
zJou339br2oyxcf;6|UnR5Qqt=_HAAguNxT!Bm$2H-4d_hMua_FHf7mDbWL&7GH)B9
z=<*fmeb&#g_z~G}Z*r&7EZwG%xZ8qsyUfH%2#rw<POd<J?aFLrJQ+7>=|*=7Sy)fz
zPPOll6r~K?1G*<r`!GJq`J5U|f~b1GNrh;|E$?OOFoKc6IwfW(8nrA-nk{PzD{S7z
zB-luIb(e<8p!Q6BdGld*A?DrP;UunvE2QCZ--BDS@d)SNASV+b;*D&e%5STcuT7qS
ze;}Oys2TrL5@Y-vtK6d&ynl9?syi2!feFLVk57yntIl#{JgTlaYDN&tlsU17NV3P7
z7=PmgRsS#(L>k4fC6}1ovZMec^9AbgJ!T^F&sVX!8~;O{@Do(R&4=uzqx)>v9PZ!p
znEzj$lt29hvC_J7lc-#lSYWBpnVkC#sei!^{c7|G!cmZ&gy4-vWQ@{vHms1|a-&;*
z5{O~$`HuWOR&_V`OWpT$8V_wgzMU>qFCS&WX-s55D2(R0%$|MC(DHrbo=(u1iVr(0
z21N1~R?YptjMg1VUkCDDlbjUq2(6vp^XVDOTz1oLLGM5D5Cq<3H2r^c5_Xc){3fB#
zX6#Bi_R!LlV&g0OYuoOPcAPfd$Kg2P8M@=urI(K5zojwO1{QpS{h0GN&EMvty3W>G
zA^hJRIV2m4A?7Rw)k!@xP<#&EjEBrVyyj0XGX0A+*V=`>Q_0jC3I!;Ii*P|veqjV!
zO<vy#vKGK{%gbU+nb<{{y{w&GjOQiOWI;lk%UD`0OS4VI(=DfxdLx{<fzk+gQjF>1
zeQbgVd5%*~KpmJ&C2UA&_y4P#^VfSma1h83Pv}V3dOzj3kuJ+87s`#?d>w1Bql=z}
z6+6NODOB_O*=F-79k2pkOm-hMH)PE^YDz&vKN{ivefbUc8no(`pEUP&cwU+7TVtxO
ze)oUL9ACkTF+{Ms3_*M-To5ibnd&F|!v*j;@Zt$@imVf^+t_9CY|PTGh-*?G`0y|f
zX(}`H`u)DvQc{OC|L?yj7yc$As)Owa^od;cL#Zbs)(bzWU#2PI)f%FHE#S{G<Aa=t
zgF2&N|Iy)+*f47?u`r0^ztyz-d&SHD<=KKf)}5;)9lGRI@;4#4Iyb;iqBS-tNqWQQ
z)funf2DR2^(*2?U-lY|MG9Kk{leWDCTkPiZ3p-fYWaTPPf^Ja{;e<3`YT~<?wOl;Z
zrz(Tf!|!Kof(`zB;OHJGs4I{DlKQ%c+Vin^r{|?pkX@cItIC~9QyxGH*OGtsaQI7d
z@lJF!B$H<7Q<DPvsHcwOhGJXXjMxBxM<dEg@H|!bwT-j(FZ{y9i(|a5_7q8K@|16T
zs41|-JtA=999Gs>LQ%hx0%#jbg6s>MKu-;ysdt-yCM-aC5N4e}Gkn*^$o_c-Ja*ud
z>n(m!Oqab{pU8e%+E+@IRkl9c1$?S1v`XMs!zt+z5Vj{6ljU59E`NpxZm)$OZcW4M
zwRUtW<uj(i^z;~tb`Yt1fX2J1psBZm3QuzK*ZoFIfwgiKh_eUa$|H)cB@sD%%1^~E
z7n|lk1kLentA~)oJz!qkG5JYlZvi&o^>YKw(Y5b-SNQayWRw)m$Bx`qxJfqWj@?OP
zvr5<A#l3OSwM-!>+YHu4^B>~fuRLYfx+kznveXAdy!j!sP}|h&##Atvyo7nLPV_X@
zi(F3Ve&R{W*S3e1+msKYNj*N~_5LX0d-O_ds(xa^_#kF!=PsXy5OtjpcQC{`A`_xW
zTX1@EvG;7!rzC%cB>`NSD)1Dw4Q?H=?4VnztniTXbAWkBeeh7o+AltKQZHUFw`&M5
zPX>YB{9Z4=Q>$j5?@Q@KINpzo96Y0hq_Z56lHOoyzfr$DXI0Pup|$W8dgxL$;OWIx
z2UNZVFul!i%Ow#=xd@6Nz278bvFRoMGmE|Y4SD}=0q5Z99cR5uFP(P~ToEtjA!wU3
zrqXZ(u=Y|kQbcEChLJ1bDS@>uI6M2l#>)7<{6Du({@LXJx7L*WuRP0$zp#+1|3={W
zUq(XsFDbFPOn&E(d=*aL_2X6<y?}|gk>v`4mmoiJeOW4Ikiu_K>Rqd4r4y-5u>w1s
zZ@a*kf30&Xug?A_aYm@^gorr8oG)YS+1nP$?$*r&KUb#PEZ`D;6-X%vSe)GG*NJ}S
zjUAMOj@7o@;s`^vpb%fW{c|S!*nJoh_qiI~eZ%Gn>(~;qCI=Pj7as3cGm?VAR^DZm
z<Ep%mSfNm69h5C`74$QcPtX;qs~)!n{ky$-g#-Octm&i345r2w(YF(Jaea?jZXDp#
z=~(pQ-c&JTSE)|GwK0%mGjR(d(+Ug2rD8@06_0*FA3rf^SK0-*I5Vr{(L~2B!s?s`
zmZ{ozu3)K*AuN?<_TiAin3P~-xUN@mnUQ-CcNBijP~%PSnvN>LTt<eguC<IcNOtKF
z_$Z>?T!ev67BcDz`6G)pVmk%^TxHebezp_K#`6@dPvh#h<;g=+#ov1_<X(*2t!??_
z&y2wCCq-dw4OrEXC~ete)}$84ETnkV%(m^@Z&<d4bo7{j&w#q_tDIf|`dg6F>04j}
zU4z>T3EeAooEP4q>*+M;li231t8tq{Ym+(oANeiEfbKN|Q$bkZEN4_64*bAmGc3-G
zY(Q^t^(YkEc?3xe=kIelLB__<9kMc3gSHnm+)#Hh+d#aN%$FaHw(a9x)iJJJZEcOg
zBX`;2yMHuNf+^s7Pe8cB(#cc0{%{7aXvut1_x{oD(Qcx84=L|VYF>E%uB6Uj>Vx`e
zhB8LtDizoFDx8;_U5p8OP$zQ2m`6T$<-rGieo;EEjMpVbAd%=|qaVzGhK@)hyX2ji
zn{Pa)r+`>1u0zpDVtNf?5oj-T*xH8x%ADw|2ML`m6ICguH5cR&E`TTQHjfRo&-Ks8
zyz!dPd~|#E03mYACpzZJo^aRhg?*BIs#*=R-a`Bik5<6`yxLf?NaUs&Pc|YcDO!F4
z%|1HuRtmqh@4tB|BoCh0oi)ju!YLxLHeYd^kG=^f80!EQvyq5tFvQLcX|}!hEJ>rY
zjo!3_EBpgdy<8p1TilKiIM&XTe=vX0eIHp8R8(zB_aS4Hd_%IAv2&Set^Mp{yWae+
zw|p{au#f?voM3gt48&^rbdz)J=y2Ur#Rb*m9X0w?lhzC}ABn`z4u3YstD#$k{QW%f
ziB;Zi2@7b7^f}IiFQckYG=Ss*LC_?sG0IcN-kRWbhDqRJEcx4sI=$?ry&s~Vesl?{
zSYlUx=k`?Cp`|>T&Z>H<f={RDGi;FI&PhMR7AX1`XpO4_C+7TYBh5MGg+*od920~0
zrDr?al?l=#GcDy5vZrI`iUg9hZ#kBph@dl&8FXRj$8(YpJlId~L13(FF}Z82Spus`
zjznn*O(SDfc1`+F^LjfmFNwq82&@LPl5m0{nQgQTJ_SjthBmPC$RelkAeE`c@>gn9
z;XY0pCtD_1SLfTdvJ~35H(zlU$7m8Wy(}AOTUPQ7P(|BY#gb4t{VZ%(=nyUA%t8dd
zDaZOy)UdsEW;HfQiJo=wynf!W&ELo=DfKzbb`pnURqQT8IaSDAjSN!cr^m+Z)eeC+
z>criZ2|{E-=uUzMPG1ygR$ckml7Gd)lLkC<3-66$dG}8$Ed-_+w8#tJH)WJLE_B}F
z{48wy7Lqo8^yPBYW#V&LUFgu>t5iTIE33j8nY}F^?<S-T$DieOn^kqs$=B&H$A`x4
z@UvFgN#Hn^<mdY(q2#6q59&;Y3mJ#OMnIP^b1RI2m*Z*xQfr2QWV3>xrkIC1bPcFq
z)+0(Lh|1UeCX9?+qM`D-O<Y|cLmV?VUhA+Npn1Dm^?$0+{z=;-G%53s4V|qjR!3sp
zo(d%V!uPUS**I<=bDd{qJc(m~eCdv7C2Y*8o%-)udfZ9|3`F)6KR$>OZi)){kvgd;
z=R|Vb9w2pl?p*B_Zf>7-o+dnEUcx=S_l536)YSb1SjtpDi(fL(*7sVW;4J-d*nvKA
z0ur2l?ZoYsjhj2@u2zh`j~|R#fTSK%IHwjoQRi!l{K%F+A(M+}Srw$I^>8RVVe=o`
zrzR6()%TMA*ek8o@pG~V*r4V_5@j-Ce*7)(=!I(u>=Ru8{H9v>nql`@bM?e%pD-zh
z^ni*Fv1?PMIb_O`sLIJyec?^l$$_y%GRN0h_b5CkLN*n;nB<G)%FW3BTtC`eiFD{a
zS6_ZjPk;YwXu%0@$oyx^ns;C~;m9hH7U!FbJ*EQh{Pr+Aue0yy_%5X~&CGFeCR2a(
znvo>Z?7jqUv6<)p<S8+S-=JUn>|-W&n>)KGEPrOJd*5!NJlYtrkVRSUb63S@R&RO-
z^9d{wBp6UKkmE|Ka8qGOu8Q~7$H)vH(MoDEGlx~LTw7mh=?+9!RtSB_sU>F6a3aRC
zxMSJ&2x>F&?7mJ;Y5s%AMqOo2lu!*j!cc?7L-sy9R$6rVfm=dp)k?}u;pP2euCer&
zRhCDWK19_Q7HA!x0OtC`&ijU1WU=gIsRP!*znS{Pz?2UVSoF8-?VEU3bY4<J1NsYA
zw2c^wrzZqv5h~6NYUogqy2@B3O*+ti@-B8z#O9azH`2CKqNZ>uyg6w#hotv@zI;P&
z4M(_<b?8`3Gd)-#Kt~U2cnk{L<F?(BpA3~q52)SL3NMe$_H;IXOw<u=B=%*!IkkJ*
zYi0K3&zb>_A&3~1BbmSX#ZkZp+6H9rl3zF3;DbR7>rw>HdFq$Fj*T?n#1JHfWpt8m
z$-B8!V$_dZ4q2p;AaBJP`JOHQ?Vwk7a~)&irbjHbmL3ssP;bu*Tw(Q(07Ye6jLpR1
z_$1N{Y{d#R;zlJo<;0_Jo2ef_Y+c)OuRqN%m|fm^g*EF2HqbH7bu@w>-C89&c55KQ
zTbBK^wD}Jr@&A}p{PTN>{?0G^Yh5Jv7r;LKU-c{;95*Pd?sU5{!W(7FF!1w6U4aQ0
zKp6RS&UbyjWH~mfn9{qI{_u!;Ah7=NRk@DHv&B`{p9;~FlMT~Adsu04#yv+A$+)Vj
zo8!Zdo;i6{J|8XYl63pYeukiIKF=Qnah8Q8p8y=bGdRD3Pb5hg^|&8<Q3UhJ^wi%M
zqV3OfO|-Ohg37yKNqDNXN@%CLk;(joh?<%a%To~2m+Z5y(TbBin1rIcBjpxZmutj!
zV0Xw*m$EJnWHRTMYz)>WP!%tOFqDXNkm|UyGHqF|dVf$A!F8kl5X#k7{i6)E84E^P
zd6q`R>ATmN>Vu6hz&kcOuL9Dhs7{$wd<ga$cBgRa{Lt~Ys9L6;aWe{(To0I2@{Ix4
z%UzZyJ8>JqOUxh0sQPO%pNl=q(K~9yQ232sk}a&)ZdlkgcCG=PzJzE;en2r(QwArU
za*x)<fi`dW5VHd!Es4hX1Z)Pw#$U!s4q7*2ekp4^KXOOZ=XGjt(jV#UV5MJJEMS;j
z2<YV|GnV3JcXsK0$tR@voE&jE_hiK`a$nlcv9z-+%xNy<Qm?X?xW?wDPvsXdf7Q=3
zWwM|bY*c<#W0hCe$;X}GL)XS%Sm!%?A4@qTycGV*{g`0Ozqn8Wk0xTp>bKL)jToQ`
z4WX$i{1AKjyGpGx37c`0t#Q(^5rj`(R?Z!za(`v19J>RCqmuaeG>Ovo%NS-Dx{suj
zS&;<T1pVklvTghK{!|}l0!e&49Dua6Qgy#jP~7(n$sXRdwN+~Y2)Mm{gy1{Lx((<-
z`u90kfb)ErOet`zfHGmpzYK*m?VnMzXGj?_s{UBT%xTdr+IYizhT_bGFC%Vty(|*7
z9_OeqH>n|rK>u{kfaL1CR2p@2dGXbOuQiVuDJeXBo)Eh#&yWRajUH=xHsBzkoAd#>
z`L#XHf(3QP<7j_;KK)>uI7fW8iBu;Wl{KkHpDEll=kz0geon0|9TO7>+_lk<O-B?a
zNN-euI|g`HquChF4w;x4UU6v21s8rcseJL+#h0SP+*PVUC$yHS&cR0(2}yGaLxp0g
z#~bo99`~48I1?ZQ+aNOw7ZEd#4Es%Xa7Kg-Vw1@T96913GBIddhTNu5jm6pQq|JRc
z8*#$guz)?}Y<tgGgDcEnRN9p|vgVeLOo2MW)jZQyf`M=~yD@_}4X+4?fQ;T&d1SjB
z;T}O*XmO5utocr9El577X?hN{wavHQY|<xTAS=%JUSTYOW7&i7T^rlf_k-s>{)S7!
z)ibVYiU^C+ixzwT$SxgN#txO)qa+Q?BTQy^%;??0fe6<{y0+FEdsLPJj3#P%K9}-L
z=bklo5+}dsp&3ihFYIB5@$6CF@pW+$-OB4L$1HJl{0@u=bJ1JwItnzOOhC@UDk~uw
zD6=IN7I`^I>-}mux9xBbx8cB_g_v!gv?{%Y+}$oG^N1G84S0RIFC?X_tKQd#@eO@w
zPghqL{$nM{cP3bpb5DbwSVm1-iemZtXaUe`G{VX0Rs8}v)T35~Q`0?!<Dk3g0o6wh
z;oJV)gp(L>k-*uUjv5i$9EgE4KNPL~(}L4h1w^)}ljcp-?!k4IpuP8xcCo*~><<D!
zjNNam?@t;FK&XE`Ci-{qgW7*jeE+$U{@K);lsYbEK!N}yyhU_USjWQR>;?lxrurhj
z$2&HZ)DtQa!gle!Bj+xlmA+2awpr6{Ss_O?p~S^%i)ETqvkWac+yTvGqS1uDJ1PLV
zW&|*f6>o9n5s4tXNNpXuC#^n*Vi#kT*(%Cmvi)e}kR+$Dx*n7jrVR;f$0uBrH4Z3~
zbr0D~!FAZ*d0%i<kkb9&LTHN%Z<&wI0|xeIo5%0g8(`7&9*gsiy+U;T0mYd4$oxA_
zYX}WCyMzU-me3=3UG|N*!TV!{>h!E^v?>}T8OB<`=y8MO@$vb**TSL0E~537O@~_S
zhjV*TQDH+HUu)Cp$H~KukAAx}*|-}!%+#=)(52QRP5N~8#b3-awocz#s!MuKHn+Mc
z<sM&eYNuq1b|Iqv=6bPy&Ry*Tb>;Se&kY^Rmp}pLVVeGnBz1tz;v^-aj^I@+ff7ff
z<JRw76aK*h_L@}%U?AcrywA}A9{4QXa_IXs29wt|M$MUfuZiGrx%GfRDq&=lFml$P
z`NXH<73&`a^M@MeFdvO2-mT3B;2<=wt{JOW92WWm>ASJI!7|h4w6Tyh@!wnmJmc*@
z<p2KP<B0!yIR3_c`|DQv?5{kONB;}?8~=-j00G4PUUK=jEfJ~4aker7Qph>ypSd42
zyEQnOHt0m>o5P+ik5_O}zI-L>SXQMLYcH#z<JH6KA)kF}2{w9TuiCxwm~UMeNvJ=0
z>R?0m`Gr+S`&w^YGnKiymRlaOp#{a{?Cj0RgM1YxCP`TDmF7o48eJIW>i6!2%cMDN
zrg)_(s4yy27Y^uVbXsP2_5BWs0#|Sb_TR`WK^iFfWS`ExjL_F|jgK=xWBGg=)0+nb
z@U>tXd&Uh83N9kduU+q1g9D^o@mx`Yg>b`1aP%DSgRlkB9ZQO`eE%E`bI?@fsW2?Q
zLYnTzEn-g!q99i}V1a0-+caOJLKI&W7P9qZ1y-Fnstb6c@Rgyvu0HLj7oqX#E90`u
zH{hrl(bqC5fM5LONeIN-^M|S<y<cGHeml`7ml5Uxw{7nqGjDaeVFf@j%0rjSEUfc_
z^>~jFP+9jC3Yo2w2bZw4lrLY431OJs=^&*Rnh(U>=__QC5h}*fq6?ltTN;Tg4Yatq
zGfU(8Ouas~iBCvbFWy?iijdy#+`M0Fv$J|Rnlf1A{ab7zkoVvP`dHb(5?YksqTvzw
zl5)Y;vV)mSlC(DCSL|4|j)U!o#j+Z2W<?-AlXt{z!Pt0mR7akfHP)Qj!ea4t{o6sp
z&8CiQfen|{*?hKO+cWa)0Vv{*RD;dUAw*@>J5C}^+>7qRWK#MYJ}ZiHCRPQPzYAwx
z*t+$4KJy+oc#S60MGv?oXgyxVOI*f>pI^K$3rK0Q1~gGP?Rsp~AYH~OOTX$wj;<#;
z9Xyw40J{K>WQ&5mlT}%}39eRNS4p?$_97m#S=qsVW_^Uv--<CKaD8*Xt7mq&s**75
zl_jfJ^ko!pQE_n(wC40;Fl@jsgf}0Vkv;*xfy(C9iYY+B1|gv3+kz}=Sr>eu-+6P*
zg{PB#LH0sYuNvo$ekGRE*FHDVm!~<ciDSqu$?&?bx6(ppHYI1RkI!wo%4CiV!E6hu
zxY*O8P20eRxVlc`v5Md`&EIFXNKInt5UGupM*|)pNUBSs3;@L+wQfg|8|VW4+<$gd
z`S$&hhfK>|W>*c-KEiaZ93PV^ja}nYZ@l=ieJ<*~TR>+G?cGrZ-psq?v-6tg&0Spu
zu7iE+g$p;^rsgnn<Q#Qv?0Mq%IPV>1P;wAHYy!Jg$Tz9M1R3*L<1Cza&sfldp5<9w
zK*KT9E{TcntRLcIJiKInY}~k>7iUpFg%?-M{wP)m9C{ao%g!&0G+&<C_3xcq-8f$V
zM(KFx?8Ek+dg8W;+*=cU;#2PiL%#L5Lom0(`27S^iMkug0SlGvtWC-<fNvxl*U!L@
zOWH*)Ji!quB@#v!^Gc(Pq!GU%pN|G!F7FM$`GzK=*NSd%x!eo4pVQHC{L&3YFL=t;
z@MzAzH~DOSe{rgpkw_)ahv0_DzF;if{EgtHQJa~TmUStMVX6wdO9Md2bfz*;A+qw^
zce7|EjP2`Hc1j7W0W5&^-9ozs;bzOcHhw1~FV2fSHk;C)yjJ<u0LQz!{OvGHtSm;c
z$Mnq<iO)4(1D-!;$rOmdI}DVNA6x-p|HZrd*ER5OUB_Q$w*NmjHVx_gLQ};g31e1n
zwX!;J%tG2rT6kijmm~vkR_tSptd?DTCm<T4?BT&qaQiXE+y5)W*S~tj-kH`aPDjdT
zJ`<2RHHLkrXg@VF2twu_jwyoty|`Iui7$Ah2I>WULVRV;T+u9;u;FCgRFmbYx;@{d
zyrrWwj!6SGQm-x#n3t?}KSo62Mr(JAC_Aw<X`CPJ*Wt0^?8Ik!AqBZ%A9a|Uy&il9
zTZ~^SrvxIBSZU{oz+<M`N-V*Qc#B$geqUGCDDz8$>G79l>zHw9mpjP+PLhF<q#%wD
z^({X9F!t7mqI2xAyc!(vfIb!2pgSx20UfX&$-+-l*eJPTpCOInK$WDaOde_W1hdlU
zJxcn;AO2V4+l;^Z<q{3e)_mn`6}mhYj1vB8SKCMeaL6rav@F<<O1vp((FD|u_(nky
zQ%SF>!?bvhDL{QQ^G1FrbQX}q-&H;pFq!kLg#ONDf72uCK>plFZI!!W&PC3aQxj}L
z)gs}nGe1_x>tDP*HG`SS$7=nTEAPN6WugL&lkMGcSnQaiEpgn;F&RXCvo<b;a04rP
z9jwLLsK+O&s}Up<y@=*FQGsM7WE?pb!zI#<AmnbM6N(x-ZIf~l-$PbOZ!LC288{(q
z?MF*Av{t?}*-e-RxEdr_ZfCEda_w}*CL78E>)t2y`x3G3_02%5p3ZMK7@p|mKvJ~E
z#I@KVX%;JNR!~Q-vyauy#W=P^RvO-mUzxc<AJwL$o3V_cHBEYW8+0kL;NuL1Ok0_Z
zh*hMHuEiWS)1b;>@S~9$^F`q-_u%P$MlEK*g2gjOC%HOO>bjdc_DP!jC-We{HDYY`
z2R}kX0X^^I!U{W)jP%RSPH>d*P~R^!zIW!LqO@6MayXROOv|~7yVP=0@lCVXt73M<
z{(5z^P`oo~J8Jz0!S#TX={UbnlG00LGC22Js~Fj|hRX{BtM_Y96XY`nNKLhSo%16Z
zS7Ff)C-0*vF*d)`ColAbD7n2)r0Ba3WQ)Uf-`joentFG$7O11(DjKP!MjVroS>ytM
zdm2mki3;CyKdhgxS;uniV;o>5TSYWBkN^BF45JkgFJ?!A05E)D<A3{?nQT88<9T<p
z>G`%o)c=_Jq7Cuy139zxr>+6syK-@NK^iZ^%=B{ZmK>SwH+D2``?jxty037*=&Ive
zs#Tjl@~%9)V)wO4-$Oz|&K~h~b?ML0pZLstQjOzo-Uh~6<b#|~A|K+cU}2JU*mXK^
z9CQ2Xr)I9j`#ghXr!8VMSi0@jk##u*!JEPi&lWc`PJG(1^Y&-m8*>ZMPI*So^x)Y;
zoCidgZ2Xrkb@JE#6ZPeOTSK4zn_LS#i~9aAvsZh&j$Y#T%`?~T<F8$^c=3|c8fx>F
zRcff^6uL{N0!PIjNl7uPOkn!TL`EM4sk?&8)SMol<`e(u?C-Z>ON&uf87=_t1%a2@
zTB+A>P8R>Mx$bx9%9yK2r|38ATm)J+jcTkB+FI+N&2QxnnQFbx-1lU$LetZf<*S!0
zT(c?Vy0y;7gF!E3ZTu!REfV)QzH8dtqwDpgk6bbf1s<vEH@Eun)%dkNtKW-&4oUuM
z^78sV+t6P(PVM{XKPpMJKww7Q7Z>`6pZQqHb;)LdBbr$cwjB%%4`Yozv}jkQ`pOlP
zmMx0Z(u!BPwD+^G_UU=wW$%SH!WXj=ar8a4?%jn?A%K@e5@9hZj)bTs{;a%YjYIMi
z<8pVh@<mo{xPDtRYXxxc_bvCY6Ry~?pSZql8E5qCm5US_IG&%MwRsWK%zJXdAFj^)
zGwJLzP6U(dSqE2oMWz4Yu=G#f<}=h0Ozl|;nsXmMwdakTe^TdO0upmwM#Hl5_9=f%
z)9O_=S2iIrcaB;^#X#f!9IbODHvWp<j9n*}i~hCY>rCFUHeYuAMXwW)z8b0x2L+~8
zI6P$8@h0~4kuC2UZIwzVJzrb3eu?G1bqCi-gz;yXd)XZ8(ztWn<N7g{oQeDPcpUdV
zd9H$Qc{z87^#t4Ph*W@-Ah^%pa{b|3W%fF*yyxXLnKO&D_jzg0-+HJ?LUH?XZ-0~b
zla~4I*t+mc;~yK==QAEXl)0L>|HHN~X-oEAarW-Zl07cDWS!X0Pq(~<W3y70^!5uc
z75ea|{Pya{${X8D*jH9#z11V2He!~;-~2;c)Fxi9TD@#x#LWqhuUBY3DqXdy_oJ`2
z%*|crZ13EvWRQ)|=lHm4o#GE?EBj|V)~$SI);Q6q+2h7Z{n%O=-P&Mzm5s+<IjAW)
zJU`^{NayRD`?(jS-4RI|DRt{8>;F-%Qte9Gq54TD*miGRsnosKTl>YgMk&vG_e$WW
z)U8e>;R4hCSM#Db-+9DnT~u~0*5c*;i?@SJcI#bTRnzq_achEW?@3Ml5WS{tcYc}+
zZv1Glzw>-`%&|6caoeSf=c}+S#Sy?&jz9dYth2t=r(fQY8#zxqa?%OK4cAh_cC38y
zZjyMx#tA27E>-vy=;jMB>`r@s#5w$P;C{~g?z{%)jdG1otSDxGQgQZ@w)4x(wHs~1
zd_Fmr@EbE8xZ5sR&-h{XhH?XjFZx)$Jer{gL-90qGUJMEPcEc}=e$<ffA!LZE4N?X
zEa+>UcvR+-!%q&8D;I?xWiI-9q=E72S;%5IvMU+JA3JBH{T2DpH!tdQ_@(VkYftHl
zn)9u@%4=%8%-~AXq3;5!{kb<!*Pgmi#dj(AiLHuheL$5}!cI5Y1y?I-eVqDUy|kWJ
zb#9rWL`F$}=HxY^LgwjvHkn)GUHEYI*O3nXv-$@wFPkd4{K12(I>r1;n|P+1)VXGN
zEqQa?*ZPGd4^PS5g|p}GU3lb?<)jTg;Y*&)dT8JLSmj0b<cHxmOq0A$?RMDcn=!?%
zYUS%A8_zx7-mH>%HX~6c^}+_W3FYxyy4L`=+J0TT)2?am)tt=aEFNDY)8$8Gw>_v!
zVSh5;<FDbBc|Cu{t#q<`t^miTtCE8<@&Znn)fise`8DA38Hc-z42~bDU92f{?lk9>
zSoyOi&9ay7Y8-yCL;8|E)A5(DZ>v2#zss{CHP~FbSch+E+P%vsJ^~Nbt-8qgGxhRw
z;fuYtSMO>af4{xvKZD1zV;ePeZhTu7kyPp`V)Et9)Qy)<vM_F*nQYzrXzDuN6?d90
zaU9pVRMPsA|Dt#7$I~A31J>+#`s`-mwx<RW)|2)tc4@8bd3a7IXR9BN(t>SHKO-uI
zyc^=Tnr;y>*D4Q+$yl(e@wT|DP2wBt>V!}6C0{-S9XeGNq1>i%>`b3o+t$Um7>YRf
zkLK|Cs$D;`+{NVE+10yV&rg{asd3jkJ$2nAs~DdnnMdXX+3-n7UNtX2euP;m?}>H7
zUe62fPG+t7qkLC={nQWv@7TPl6NAqEI9Q`QE%92x<g<HXqs?#MieF&z?H8A4+KQ!%
smbXQ<7yA5ooE@w9?T*8<dapO|^>e6=Y}5uiuAvr;w)wEt#{d5&07JN)L;wH)

literal 0
HcmV?d00001

diff --git a/docs/assets/lock-cedarling-diagram-2.jpg b/docs/assets/lock-cedarling-diagram-2.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..c8e808c5750ef4b7fbbfd548e0ec2b71addaabff
GIT binary patch
literal 53251
zcmeFZ2UL^M(kL3ch^T;wbSa@13011JKthwyq>F@-KtM`Bx{3-YHPlcQ2)#%sfk;v5
zO(68HG^HxN!wsJQ|Bq+gcka6Ht$W{E@2xvo$+yeQp4s0w``df=%+AU1$v40aC>R0;
zoH+vkoFRVzC(~z!Au1|X4`8}rh?d$vDp~<#IDZ!aKskH3!PJ%SJTx)AbLrbZC{F9F
zZQP%nUjGe{+ua^KZ5;sU6Z$te|D$3GxUIVl8R0ki%jHI9P8RkiIepXqA8Fpx^y7b|
z<xbOH9#1^TI1f(KZU!(FavDxf^V<KFe*9P3=84-Wei#`?4&{VC<#h_D5?{4-Hq<9y
zFO$E_0CxZkpbk(z?LRqB2A2!~Kza)RI2ZNLvd35efba?cxIOyMGOl+3!1b2^KxOwo
z%l>&!o>;qC|7q?#`S+}y9RRSN0{~E&006W-0KgTqKXv4ve<Rx+auqXKE*J909^eG9
z1>6BZ0L}m#fG{})0^9|N0whny04jiUXHVhu_Z%6{Up#*bmoHwtaFOEjl`9mNDJZU7
zy?*ry<uytQ3My)<Yu9hwpuTbCDh(~o4O(*g#%UvGPASiwzf2~)K}kVLF8#j=C!YY+
zm(Nt4>pypf18|o5%sJ{aCyfA>Q(Ys=b>=@i3jkcYaPj=*v*##ItF3PU02j}kJA39l
z6~#G<3+FFT0nVH~cmBe~OVl)%*=cXy<`AWz14&6M=^1&&CsYpHqUVGeKeVps6MNs!
zrR?hVJUTXxq+(zngnOLbI|JnA^(+;ayr-&f<No4hOj&sYnZ?c1QSh&DT1x%jmyQCi
zlI1*0eU2KS2-wg5SDOEm`#*Q!|G^!Q5Zp0*f|5jF+J%PZHfV54c|i;#mF``@@k|wK
z0sk41$QM`N&VYo!N%qi`e9g|E3`nM2SX};I@DYS}42e6x?+-7>2L-6WZP(=boT-<=
zFN8YNV{2g|eJ)_}T3%xh+zKQuF4|8uLz@w!z8=k|R-fBFcsBp6;hy?{;<5|0j<g(j
z_IkTQ-U-0Q$8bBrX7|RGTnghkHiHvDX)XVOX6fN&Mc)0KqwodeQH#iL_xaxetz!N4
zkDE6OR)kxA-#N@&Oy8EmSs^?Xp9Aur#RceX=^ikVO3FX7eF|ES%nux%jPu70AD{pK
zAXBc@AM)U#@`~=BtDbH>F(5TzPu&fpv1qP2<?u1*W_to|jloA{f<AZrEbyg|g;KC@
zPCP7D1Cdf(Gp%mA2V|y}zgQ(K(5NQ~QGLZ2>o5)0k#xKg^_QLuRtU%z_6c6ukS8F9
zGGPtoF}Cq3t}Z40V-QUT)6T&%sOB33--7;gW7x%ubUEmvF}po^e{uU1?uYkuX$%g6
z7g1ThIrJw0{0p(;bI^^%J~bb`g)M%4`$bRTgxT)$k}Y%RGdMG!NSkH2?GihtFI<AZ
ztr)5Bgd|utmJM^~u6xP5bXyT3(JLuIt2a8{0na^Db91%B3An19;opewD@jf&*w&2;
zU}kk2MQ^wp2DGi0G`unh@cEcXVU<#u>Nh@Mh4(A?{q1jD{&!~$e+cDRNl6$lr}H05
z%gvQ9&Cll_#mrd+U&#f;d3PX&y1EPxc-rf)UB8Et*{ja4hwmAG|B?>?TK>f+=&PAd
zoinmzM8R<PN&Yhm<Ny5(?KP7(b5#1T4A$Md<>MNyWUaV>-sM&D96w0U4Lee`GkkF7
zWkZ>{`U3}!Icc!EmAAfVxlCu3F0P+9{$&xDuW!tBc{=TIYphvRSEz8ljhpyZwa-wF
z-XZ2oTt!zaGE-8G^|)F<iVHI;6f)1wDiBs<nXae=&XUfc<6pXLG_Y3Wn8l$A3CmEq
zmN{NEN`gY)?lLgkzIOjFwfSF@OkRp`$2=~VNL)?Nmc?dU!v`c7G^|^&VaN$LZn=08
zj#le#0)1;=L*wtLOb+)a%z_O<T^k)(AODQOUI9b1JDG5-O&9@4cV&}Gk3+nuXLFSj
z7!b{Giy0mVVq>7AcZCGMY<|y4h!_;=;LC$N9RKPKD=aj?Ea!nz#9aIKE_c828sWkW
z2XpFp{Gun-C|{!uQAH>1nh!c_c<X9l4&F-CvhNrYQ@vYm;);;+{Wym3SOCCPC|lmj
zP}1*dJ7(EoRqi#+e;fw0gNSTmQO7+rRF+G!*+Q4=4ig51%nS0WxNti6Z9{3{An0m3
zT~$|AHbE$?I@%emz6fIa8ozWcamiBB#52xr04ro1f)d)*S<N;V*<ePgYNE`X{ERU2
zVUeh?;O>&gnP87@^C$kwi|0&SWt^5oKX%~m`yc$&{;J8l?#X5v6^zNkISa#f^llx(
zVxyy-RcK!}IN~DVY-S!CYJ>TO&JDUbR@p@_fXyX|<2N-C=5$1jsOc0g9ux-4EIIb!
zdfqby?P-5iUtl#s6SiMaI3TE$;!ESdrFh0eucmTdRwr6+u@x&xdcDV}5tSW_K&Y>V
zgqulL`2uA^qh|Jn!WSZp!x!SxGHia<w}E^gP8u?1h3?E0RbsNF&7PKW9c1x=!EMx8
zUC=X|yO%m9Shnw@<2!B)h0C@|aI$r-JDt0p8Z$l8q~?w)6}=jRP;g2{pukY?Ob*G8
zYH8?P>Fq%mV%oOq+GOH~<5EGi6}6n3`KGd^T+-#)<-r<zMxI%LhLtWStg9_*IgYEt
zW;{dzYvyPauZQ#pza5*8dOSbWtAj>^+5+U_FQ+OXM&vw4f@|$8zctR!ln6)V3eESJ
zFI6hu`ckPGHFvkXzAYzN@4bV3@|c?*L*NIrnVyJ#tgm3I%xvqU5$(Fv3b|ylspqnc
z-~GIHx92`I9<UOHvP=p2@>&H3;@u4GL+2zVr-i4Bu$o~BT;229d5zf2gqyz_I|6{~
zfPK+tiwYO=6PHY!Q|##O0cAV%5m+<6>y<h@&Ki1IM|AOXL|q%94mSq5Aoll-3*56<
zwNCywNrQ$Q@P!gwJZE{j>0kvG$YsTsxHr&~YA(dStxSB@qpcuO_Cn0O0BlYB#>^Ei
zeh5RACxvzQ@I?}q#6ZekVq>n!+m@@vPCv`Nz=>rsR*<wgBywavEc9Z$Aqy4Gel40g
zP8y;xRt~l$YFx7W5I~U8>-WQ@2wWSw>WS`8Xcu=V(2qWR-?zhyaDLC{(cP~aB;Q@?
zMSo_1#bR5MXw*+7UG#<T196#R(VoHFY+pL8>@obsG{S$2I$xbbVSXWZ&nZK`vD<8`
zEO*cU{x^Th&9PijB<j13-aOo-sfODQ;*lJNl*qfH+ygFWzaj>e(vQpv8G|q+di}iA
zEzh_3F^`!?Vn_#DvBa5Q*HwN%g>PG1&Y<(vqCLK<S~DU|dJsQEWV8Kp#Ac(Cr&m%M
zvLvtV%dsubSuuFVk(H00<vpG^(kNb@zP-rQpubrvRSe#P;j!Qj6-u`Me6eWH>+b&e
zxgVa@Tdw^pY3_X%*It_Ik)VTNFkn`dq{K>VNIzElJ-9-U<cwhe=BYxA11?kxRI{yO
zwoLjx-)>zhAo2`cv^7a<`1~XfTX0Kapi|id7qZ;;+l+fm$yMJuPgaN<ULM~rzTfck
z+4V5QHbf@tFjXFH^}y7tzOpg0%S1mReAZHg<<RO<BggIu;PBm018M58cX;_%K}3d3
z<j_?`B_Bu||6S#>hCB08^qx<W<CiGn=&Jc_-iB9UpbrixmLtG~>qMAE!%wQN0ZCaC
zj-@-5uS_hc<z_V#_Ze)nR@I1uWn5VVkWlBb=nrFriI)ZIWPG#WE-jO0@0^;qFn+_%
z3=>t3#X%H9TDRFGBv#cec37wvD`oqw$~V{7Aie!tGt|>ElO{UOe3YniP~baLOU-LB
zX-r@TnEt28sAcjBZpbiwU^5{|K(_t+1VNH0p3l|tGVzC%QSJ(@s5$6(0HG&s_k9Os
zLf?1}-w=w>H}pO;`jOZge<OWnx;eJp0^!RWYaW#Wk`D{%aNCN$J@@Q#%<YRN@2-`J
zX|#EoBF^%~b~1f2TQ6wiM(Ph-+cAx_8UJ3`b!BFs7Ny>VE_4LG?{s)Hce}RGm%o4;
zc4(p{fMHQOv|VRlorU`{kbycnsx9P54X#Z;kVP`$Y<n`H70sdLkjKF-fERx^;VpD)
z@&z|2*it+pL$?L3YCbFQ<imeXe{pEh1q99y?d5Fb`by2C-XzBjIXJHSdxBrj*`gz0
z>~?;rF>G?jkWJ$@&t(1wx(8=u7g-}8tjk~TLTtuQ8rs3PR2DO%=}rI_NbxV`M`^xe
zX|(Oqn6T0G!t<)<axFV1Rwh_!v%bR2bxO?kq9qqITFt=ay9#sQ7@>~c+i$n}Ff%6f
z7S|TKjlCyb-a3@aXms~*hYLu;WwOm+lcp4ed(<^<W-!v|pd}-X8NJ&lTO)t{tykI^
z{_^uIibxj!RXV?5d`j^u(+Yl?LN&&}iAaJ4aaZT=@peHuxM;#!JstBcREAdW4Izq<
z#@Y)**V0!Wy<7S=G!ym^QV@&EY?SgsAZK+X=f~T4#pPmv>q=SAmwg|hzU@CxsK}Vm
zAt8-|TVDnhWCaYgtmbnwR3gkuyRv{UvCJ>oSeZ`%;7pwbknq@2K+d2;UDVuuo|A_D
z?Jlj*1%x^wVjUJh$rZ>yE`F!}O^DwK;HQ_`dU6_ml^FWD{Oo~Rd2PP^J1KqV;M?Xq
z6Dn{7D(7-olp{pOPh$*Hsj6PRY*=s0Utqk&qw}QeJV}d|i+D(AWsuF=8h~*%1kt_9
zY~a(Wj8Wm0N=0?`+m@>9?T1{_BU1FIT9H_Bn?LRhGDoyqTzU{k3+12hFztcSi}rsg
zz9NsAPPfJj%h%is+4B_sy~Q#_EWc#Mw|T8zW&P^>=zes8^d(JE9`+v-uAA&HB2ZYY
z^XH@#pbwvz0#8f5o=?iQEHSPRCDJVBWM=7xGD*#Ldn_70^T9P(pQ9qk3<7M@bg9Yw
zmTiO0ie7zy6yt#W!VIQbf6YINs=YbrQ$*kD0=j_kb7a`{eKOcppde-hiS2W$N`r53
z5w1s!<wn6R;;OE-AcFBKR@fe7jo_Ht>XX#_q_6;Ibt$@Z#pup(2BzGoJ^U+nvt+nm
z(r{=$A2)squ`VCKq|(5THvAeb=JD-1lvi?u`XSd$Q*?La<;C9+8U^jaN=@wV<$!Ab
zyGIWPmP_)#;@#!>>iWi=`?OFC$VZlH1}1Li{M)9`T|Pb-NxMmc&y3N#Di#O*=Iby#
zh+B&AU-q4u;Id8?vh(}}FQMUIe|kfEF^~Gn1T6M@m4>+Fq9vrV4hi8RxI%SvFWIAA
z^r#bjIsNZWTJLcYN>egv+y-S#y&dfIh0E?W4`%NScajhabJeKBOX*spV_8WyxvB6)
zmJIjHcc0WGx74}~t|VVfckfua@$$a4AjoyE3jDH?z&w=<nKjpjHt^(hX?>C*F0h_;
zrR*>byL8q$ZF`%}{g<&?e8>h(d9e~#&j@3`IRvbZk6DlEK@cql!&UN@>TlSeY2~+_
z$C_(uS#(HWYk0hzF+Qw0!!Q&oM2vfv%%LX`%2b5KQb#{4d0f{X`{S1@6P4yd5Z{;0
z4Vk0|x$6tJSjBX(g;5DNM?Sp#{i}7iDw8WZ2?Cd_wcJ*53lr1Z@DtM{+O$cW&D3Vp
zAF<sR?7Ju@{+>HW8!u_TMsYrY(jBJNm2)|!)QzT#a#68>iP=~~#`%+sPE}@E^X(w@
zILmnh5ERdKyH!)+LGQY~Jym&fGM`ye?M<4UarG_ttAi^_LsZT!6*Fq+dObm0TkO|l
zm25Yahn+@JzMuT(-b0*{pmK2#F6_FVv<`hp=G~hCRX#tu#jeGAOc{w^6gCMSwDm&r
z5!RMz8a`y*#cB(eesOWP3d!Q@FANJIwK=QWshX{7=83u$6MWpTxu#wz)Aw+b@_e)X
z@z9p2&s_PRxv+Zepa|vuSjIL8x;E5d*-tm1c8>9SQNnSP4)ED0l3d$8ut=_m$wR$*
zHNNDtZ?ZZ$&{a!LDQLDiZ66It0`b?+0>^B1Ha&E5v2&8d;KjH0{ZH3Lt2N3EakMK3
z4;J`8vocp;w6Erwy@vpK!${NDT{NCK-}{AEi7wD9lVi(C!>&^qKhNQZfgD5PEwwr*
zl?vnIG4U)?l%6SEX|s-!Lrqs8ZVHyx%V~%SDXrVT^lw*QQrMQL)Cx0dj_x?G7Hurn
zmgWz~VVI%Ynh^1AVF>z)0uND@2P(4lad@}i!tP7qKB{Z$B0;>uuu{M^(x{p*6gqnX
zco{sdY)Ig$iqIGzd<6`66AFLN(J3Rdc<#ow9K!X-W(yGCfk)}t1ASTZ3p~w<KNSYr
ztgm>-(_}hyse+4It9FZU<_2KQwS{kWtzAWR#Az9oyjqDlA8)H%u2+w@xBD(n#OioD
zOoV^uN}eskz!Pp|F-BKA`6hU@sLKrW74GmZUBcBQ(0vwJStwnalSNruJ=_c#=-M+^
zqsfvP)xMfTHv0=(D<SEPHZ_mrLDQu&0zEjXE-Y1E4sCS;S8gR}{3Cg@=H(C$tNV2!
zQp2v@J(+Y@=90Nlqj_xp_SNpk%NE_!bZ7V%WWSYW2CDDwtj_}s@4GHLIW7v!j+yC1
zUb)I`%%O$7hO10OP)G<h6@gV_aa?wG_NCMeiI{Ju2U2=ykKdzC98Ox0PV^FS`88q}
zS;<w;P%hnYX@S7p_CvaAfotL$Qt62<@Kwlv&dL8vuIJ;cc{_a)3F-X8YnwAnkro$p
zFuLBA5lo~Mr;sC7L6wjfFoM{c1@tMs;;nL^smi{;&Jcs<a%Gvu4UF32w=m~alGw3a
zmSCNBsC=!Rwc)8$XEr9}Z=v1$bh75Wj%XHj*x4vMxl&q6Yr-ixo-JV4xH}q54Pt4+
zFnHKa#B?0c52BtzQV17AF*ivR<WdEEowk!HNqSt_JE!?lbN!*~SDDx>b|~~-o+T4-
zq#Q_r;#ERbr~6)F{c@h^Aq{eQT7sXs*_c)3`knZ(A|dWLc8EeV7z~F8;P0}r5zTsp
z%g`m6xAy~a#P=^h_c4F{V&<ubO7gySgQD6@?zPeDcuhouL#%Bz>mtmbMoe#8*Wf53
zr7l7ta^6B}E^*DyM-!ZMK`gdG;!|}5676V8iY<8&TMg?Z!EMW$@I4MdHqR$D^jG`d
zTy)hsM_15-$SiV}IE&}!{P0Q$jKi{@R|S)w_E>e|*Jlg21V~o;Bi9m;o7y(rAJpKZ
z&m-D1GjN&3TF^I<bU@;`KXu#8IO)YS#EJ&Ux+LMFi2b3;SQP8a_Ou=<v3HGo(oEyf
z3$E>Bjw#lY;u|vj{N>SvqS_aZiHueC<LI$2rG7aPs4K<Z>ib#I+_n8~%Jv_vz^6{T
z5x6Xu#;}8;MxKEsJqk58izBvKqv(aj{pU^B3~(_hZq--n%CYvP^ir_c`1wGFXIQPD
zGx~7!tBfNhj-A_rUOFFghbOXZ;y61jG2@6X#$om6-}CBV$sh@#OQiz6%c^d2Dj8F7
z0d=udXl+leEvY7e@Sw!1Jg~jS8+0ScdkgO?Ygvv%XfBS2bjcptSI#U@Fz|*#Kp=%#
zxZ-{E+l=FI=7mIj;gEEfF?LbXou^%RRr`u2JPm2}dP+p2OVc#IB5gb}GQ-^W2a&X(
zkXaDU2fjVm3$yC$5Reg2aTwR6q2P{_oYrXVs>s@w{}_!iQ1yG7dI<3Q)<(Ryt+f9-
zKZ7KULw8Vt(+t|J4=BW6<_HS5WsF?(ZE<O|Z1!b(jR7(UK}<2qktG&4k*}OTd^=Lv
zd>%a$%b>ud@l~4WIPKnQd*AlehhCbfIEM6>8BRTL%*bUuK7QSRo&iUr1WRO5bI5=l
zHQfI8A=mJTK9E2$+#9Qvn*s}$yBe1D!9Ui1U-?+pe*LhX@sn$^V8>m8U2**TSI|_^
zmEF4}f22{PJz@XyCC$yC_g!|{gJnz3HS@y*#d(YIB8p5e2TWv=M(3v@;xUdU?_zyv
z^?Foe+0ILrKpL!^wRD2FEFx`Q+iOs^x^i}AY4GSv<Jz`AgcR$^eoVXcw*F;|?zZKx
z$6G!sRf(2}w~O2&7D?ZY1<mxvBxb%OH6JsrtlGB8MzfAZClpLGd|(k!S2N8{)mrcp
zlRY$UE!VvjtR5vb2lF!#sbEfqWzavz_qKjydOfnTMxSf@OGdaIv|74FX$JB|N_=CO
zynM{M$<0+`6uOon%F@J0l}^DoLXZSK=_dO6Y_I$T>=gxXiVodMndx-!q|Qsyq`w&Y
zxSATD@Uv~H@^Mk0D{9yIZWcBv7WYIVy(IDtWZA&N_Gh1!YpPevK4w8tx;eScdZy5Z
zaM#T<oJv<kkd|wExe_4;yD|8a!wHieLb6kD{MZVRv5)X@E#C15AuCfIb*g1!e(Yx;
z{nCB>swHmDCr}M0Mg%LCISnEul2La;!uhzck})zvV4{1GsoMJiAKRi0R};_Mq;_KJ
zxVMW?W&tWbw1h$D{Y4jd9s&qL&&tL+J$w4f<4#rYZ723RC8?PNZdNL?FbL@`XlLBp
zD&}_b;Il2oQF_YUDC6Y(R*}%mXA@~dQ6RG?QIdy1nh99j1###BAs~6e?)F{QB-s!X
zDk1+PxA@$6J=4U`MREqHsu!kSA|czL<$GUjNryvD`wk>c9@5K?A{XBK!(V_Pe1^-|
zmHMXYHx8$g0041lp<igd&F3%t7Ype0_!rG47c&>moj({bI-5_fmgrLMc0Cen6cp3K
zw!ES8p|KmgJioEZry4(slCKtm!eDCEw|<Pb5<q=-<&m|m?pco*ij(W#4C@rSjaFEW
ziOOI9FiLubYjAX-_%a_evv6x{--_4pnGX7#k&|mplJJF~Z=?<8Y*nDC>;-I*3Q`bc
zbrwA|u?a(3E+}h+b&`s<ImY*V?&V(@s4)URcv{nbv($#8DpM0J@T9*DW0W~FT<M<V
z`D;}%;*(S<Q_VskW!<7L>tep)N}o6PJt$H7H<OvA@(jP$%cMbYkb68SVbO#>BW<#F
zZvr+S^MU13`>(}9mY_$uU0*^Dgp-{smsZ~wJLowfU=XApgO{*u)brul#F*_W9BUAo
zK9@nqMRJnUA(VUHph_SjW)9eP*;|3_wKmSaa=yf<4K(#=#V+TOp-)bZiDc45N8GJ?
zzPvbHzTIq$cXm2LJ5NJ`IwzVYtiug7H7y$4<Imi(A4qZv)DU$PpuAFpCL~94f7UPv
zrf3;|x|c)~yRDzChSw~;(d*`%*ZUyZ4-=^~KmJ{M_Lt*|+xd~ZZM&gQlF@pZ0)0_0
z`BcHRBrv>)z#+zfG8pP8k_i~qV!4a8*Nnsm7ovb85~id*u2_eV1eiUaYK+jXlQ{vx
zQ1F5B2E{d{l3T@QBCLHZ;^~Q|_Y1;ZoZGsQR|K$85l-c}!nn4rtgtq`h;e`wcfC@f
zX>h7zny8v~Xjfr#B)z~#Ft8Ox(4XVhK<T{eafBwj5^iWmM;EwTRS#d-1)y~Ta_y>b
zRaq0Gjia@~vq_-fyTqSbb>%IUPlmk(lFFmkTon}Gjij9bhF8s44}u*5D(<YA>x`OO
zi;{d<?jXh$h3Nt_6@ndCzy%f&8IAcESc($E>dWYZw0U!kI)*T`M4=z8pY4ONP1JpB
zNHaf?rDMnF_z*J{(t$Kf#!SJa^d!?wyv8p)JO5VKC+Kai+wYJMqI`O~ppvo*kPlS*
z$z!#rNvNi*7<`Q(gOh4N#Bl|cBkw?g{QZwjYg#7y3+6`I@>)xUnlM9aE2Gi0_zZC;
z_-H@IsjoUZn)S!jBbFCusEzdo*YM*3`9n}AM~8J^46ZmC^f|lm)^xaPaDsVOOc&no
z>YiY0Yo(ZOR_eyni{%zbZj@JKAEIXPr|W@t{|1QOzFdoM_<;JU_DWX+Y=@I$6K2N7
zDK@R7f1~I^x2V6|Px8Ki3#fpN2XV;8_=-AyOdrqP?pBR)7WaGrCZw4}uc6K(<-@jz
z!`c^RG<#Lzq|+2}#g5{R#-OETR&0v!F|2=%v4H+UCbEv2{^$2DO?YfgT=cy=eO=dt
z_$8Ali!3k1I;#A3J95eM%t#V^oumIKO~xpmS&5B)#T*3=b#aDgeE>U2l)B6ah9bV(
z-@_@SY%$Psw!fbw7|T+aa|1uWPkq$es=98P49f(4XE!%c$5)O=ey9eJokXiqCxFTI
zl02!v@8`Y-g7qd1SNgg9bhMj_9>43J1%71U6FWZdy9^Gbesk)K>iucloqhze-wgU1
zsa!|i=2(bP%=+WP(tdaOmjG<(JLj~UqezoddaEXy0+RllbLz3!ZkXI6(e<eOasAo?
zd1HxxBY&Y~yZ6lrpe0Lg$;Uz6+jQf_7xl*3vDUQ*_UkkgFqr+}<(=WMW6nR=r3*GY
z@uZSs!>PgRvaIon-YEY4Ig2CmN|lz^;(<r6-9o8ZKNzct=9_o05h`(2O>HF%r*1jh
z9<Oz6yzCJfd!2q{_v%QgM!UGA%pnmU#A*gH2C1w78!?rjDH{>X=D=UfY;AJJ^IgV=
zw1I~JWZjdb3kOg7P5^~H^||+MRP?D9PDl!%-(HGe)bH$RR-ta9@#2_z>^@MPaM0Ye
z$MfcJB>x2P!sP_;Y^Lke2S@JEx6HzC^buq(Tb)H*MPY>DzNO*rqi@nyso{c0xas<h
z#Hp>|A2ynbh^Hlo^HN9FdpV@;k!*nz0C)Ha;C=vNvuqndzC&%9fj#FY==D8D-51_c
zK5)&uE)pPAfnq@#HB~RG)^?XNL<G*+32Y=4981(6b5aVZi@$Nd@>UA^d+%zAv-U@I
zI)qV6wKF(8vYI+9FnRKMK*Qz<V6jtV;n`@tfT&f<fYn;j31E#m#5lInIhl@d14oSA
z5Eo^?#v4<8>wtQn06GCY?em-5q}*o9IRO}12Wq*_Zw~aOCaX5ZKU=7&#1zAW*B)Nu
ziYtvjV6v<YBdgQdsI!Lisic<GKAe@lV|@lIVnQ%rMaFPT^5gy;vQyj=DKE-dW0_XI
zNOLU3Zu4Neuwz!DeAK}9@apz>$T7!t3Cong$GatmXYU){ht>@ExE{TouK!JOT_Pea
zdQv!+^u?-qmaCY*vrfef3Jt4&o;DWE)_Ce}w{%RR+h95Y=wpu_Y?$|yBu?$8bT2+5
z``W!r9A5agG}<<~PkRc@1zpQIGG_9NO^@1En6<Oaye=ukegYucT3HmI0Gj^bmm;no
z_3`hocpVGMjd&EXOxLC=li3QXv~rw^TOq*@I=<-ZtQtst>dN;nUl{r-Z+P&qy`K8I
zWU9<wOMbm0gYopA?xGTz0#dZf3~h*(bKPI#HFnq%ddN<4|BqgfLtN=He8aOP&|$w|
zYkz3}(`hH1hkvcG83xpwo&X-oP3D_!zFW-BZ+ddTcmfdOuCMk>v4WAT=-q@4e740n
zPeTyqDNg{56~;?!CjddkyH>jc`SlM^0DF(fjaem{2<^K{bpM07i>Ys9$4{9r|Ha#S
zFQT>n>4f14Ae5}ZfIoo;|5Cz+WiG1M;em}7u#k3y-EgP$vgYM%&J(0SJ||y>3kK&4
zHl%XvYa__?9j;cNgZ?G=jQjxW#rETe7C5&|@^qvvv)c2Uje5x=OS``^^O#BS<I0k7
z^Wnha&M)~mf2*t$z~w(O6b$^D^yS~LhaBHfl$7ag$)V44%rWv07jw<ep(eDe_6Z3D
zP9s5M0h5_`P9rH?B!+g#!)4-j;MS%24U531B}cu%Cx8d1cW3ruoy5Mzk#eK!mo081
zCI%GSe&blH-U)yz-eP+z!6ra$i{-$pDd4@p8i4KrO-XBAX1()nNk1^)4jYCAN~Yca
z@k;u;PmF->q?!70sg&Jl<gOF`7oqUu?bGh@$mAU15ym69$eH(h_XZSKVxV<hf`Ke&
z4A1ay2jzPPLiUD9dA@<e$1YAb>nDKD?S-$hK1ZK_RZbAb(+0P6H#(qoMdSw-`G<m#
zADCupxP@#veCkba(0LrQo&d$IkYi3(Si%CV_R@@gu+#>8+Zl5nTU9coDPr1b8gj|H
z9Ef&MIRR8i9n%FaavCpyH@I4z(d_}2O*T?gNcSjP?(%Wz=G=bqWt!+|A2UW%&R=WT
zXLZj`SDSxeF&!WCo36iPvoBEkwSuEv^^OiPla$S#X{tnOIxMnrrZVtaXI!?3@866M
z#bdt9vOs-|-{MK;y;JF&!>u95<y*-a-o|<sl5?Z7FNY14iS;rYVMhhUQgp26ch~8=
zv@54OJU|&jQU0BTVFGB(;~b!hRCN8*W*>XZHMKO6NTs~QWnht$^oAggQXgpw%Y-E9
z+K6XuZ$$%sa=RDSIwPD*ei~~K^`iTvqD&VoWW_Qp)U3Bn%2jBhxivA;e0{&8=@V>V
z1}K-$eqoXJofRJo4?mi(DTIp8z}7|ur`Vb@N9;$^D~g~heb;0x+&`n7Ft8!|hcjgw
zdPP$kG#0BS1kLJW$k1x~mj1;VHW%6^(cnD022Yi_$1_XF&*!tpxWhBS8;q;YT-(qC
zPoXV^Oc{+Kx-E8#0RptzQ_Ldqz|_#o(1g)^9nys>bBc#58&)S#lqX$(JxODrIpuZ+
z)K`bwuZiKYBpP?Dw=WP|vNuKG4+k~R=HH_Wa^g$4`DIui-X1<U36Bb3V4y9Sa)<Cf
zS|#oecGhRD-0;-`J=As-&a#boygntfyP7q?(tv7u%CA%zWYYSqY=ns`#b}IjM?IBe
z(I|c~!mHowfypb0ZJd3GbTJ23fcME`#-0jxepB*B{qKhmdKxYuMp$#!PCxwowgg_D
zYw_3)KMMDt@tDqN9-X1hjO13%Qi&79ynGtQmxX_!VrScRjSuW3I!4G~4byy>^T@I_
zt*)hgx~H??(`HqP?TBdP{cuOIws-w93m-)*G3%tFLHKCAgHV*Jss^|xrQTqFe~~`R
zUuBWM1Jp>HE!m}25_p}zpM8Fb^j&;rZIb&?MKa!gbyCdubs0z=6SE5R0#_S+E!&E;
za9ffg$93ddUuldvE1pn`*9~Q?4c2bt!yx!TA;--LHv=%TUh?nm`kY%zVC!AZ!D+dh
zcr2G!wyUg9YhwCihvmR{G<843;qbil;tgjf+}dm%H(pHXbu?$8#r<BLBpK&k7NL%x
z9}2Vxtg@6^#q**XcKP&i#L=7aUDv2rQ8h?0lsX;;5$f!$ti82#U;<Pgk{4`4tFU%E
zKN-I^#n)Jt?=v`pR4ILogTKO~*eQp{A^Y0#?TAKfVK}!`VcGDnfkBTkRT1$MfJnpe
z0E(^H(6MW{d^X8UW6|IFsU5DY`!SEX2&6<KMd2q1NJY4^pqnojbZKBnqCn<TQq9*j
zS!Q>(mbJxxa9)9%R^Zh%^kxgs5nQdYMwtWFZ&wE53T7ML?~kZJZ&L}EFCJTm-OI*1
z=6rg4MO<?D13qOu{c5(5P+1c%<o*1%W{8MtWP_rI{|t3Ngt!&o!jJ4_S@kl=mcFy=
z>{mYB0pd)w@r;iD=5PHFls%pm!unHqHUK~Tl^k#TpK#WY<n`GGd>py<Yp(N3Zk$Kz
z?}xqhnTNi6?tko5G9J)E(|5wa|IVXypZq2RC^3GAn7e=fv%;1kd6ETCL_Q!|yW|hc
zL6LNZ#b}F0+1DASIQ1)D&obv&j=Ai=7xBw)lUI<!jlS_Y&mC6Lua6(h$0oi`v>6f4
zg}j0oTU~&>x?PP)F~>TfM2N@{g%=dO!WV`+JKI|lW<PxBgw2TH!?{(V8Y06Q&LCKh
zL7#?1VH6amG0?<Q%8;-RuJ<jx9U+U;a=Z{3@2kmQC-l<O48b3}rU9jjkBTs3dLu<+
z<~9}>`FQ+1y<)#CmEu6y22YdNGW}RW-Z!I>0So4M`!dn&aBc5%=Y#GcOk}I?#7#gU
zj3FVNi$sRtMPZ7dZ&l;5{n^z-!rZK-kqdvv7z3r$E`jjARA`98E>leY?c?1henIGg
z!RLCc@@t-_6sA|qgi;b~Lc+!*xcXHy6k3|VW(hWm58D7~i}Ps{NX}t%4bb~C3-wr)
z+H%b$6QOMzn*R7G3<N`X(qjh|k8j&LR2j<kad%HZ>ZI6yFf=vX4I3f-h*=e)p`UK~
zJ<9#`y(%0k1`CBkJVmUUzyKEQ&qS>@#Ardo`c+-6)VzW;Le}h?;`I(k=`_)*cx^(`
z?=e%1-_0^uRs6U{CqY5jhSZ#A8&?h2WUN)d6Nr`Ov$OHnTRlJTHt!pSbVcJ4FCk9h
zOz-+t)f!_K+=YAKBk_tMvRX~cIQ-mEvcYef*RkI}0vq!nkTuR}Gj=diKBRKhM*8fH
zZLFjJMeF2_zA-=8Rpy1C_&9`+?mZCB!CJ6L2&BF1;-vP`FBT)R5ptxyhmJtjCBgTD
z^Tet8XI&=x`#xo;W<<?aKqFL#UN31?Lb#*}7EcD_a9n=gPau4d8UU4mLFw`@!M>4)
z#hfTB6O{Ao?^+*Rb?#(>Et`PN6nuKgDfehDcgZq_?A@A}H*wLZ;*!2SJHgq^m*>Xp
zxmej&O|tNaUD6u|3JI9dboOTm9d)Cro#C?Q0qkPsViGZ#43k%zYBlfO@(KhEnq$2C
zBE~?rcluu#2e)=+yo*w6ake0gRbl2CDzceS`90+^QVm)4(cRkmhPuqLaM40WTT!{o
zy%cQO;8}B)@hHrMdPhXd#F?h;{Iap@sM?~pbK`P~e82Ul*N!ZGT?oI&&)>QjhHR#Y
zv5_)$TjgGNynDOKx4qIwSq{5Bv1SasjJl|UiEHt|W_6M*T3^euEPRCJIjrpl#-Xo{
z&g|A6KHb)qSxgaFlB(th&yP5dNR6d`<lN%&GytF-FD;bZYuR8?Y-ep0U#%!KY>9jP
z0IsmS#AD2$y{C^)vBz{{liEu37*>%Ajj0=F-}h^CHJAU=o)$AiSX<l3=;%sgqh_@6
zI9c`|W=}#Xpy4fMDDL@YzqfGSP;jya;PQ}m`OOhs^?mI~xI~vuaca)f4c!k5o_fCK
zpQBeTT3cJgV!>drDjW_63ugTNx&btNY8AVdW}1@vxXU<tVVYIM(JjyE1dsp&!Bs=H
z-za;cGnUoF4}KlhyRYf8#eE~93s}HP_988abtL|iz9d5{>Usq+2McT-7!M2Q--=#_
zKmH}mWwK@&BqIj1fuOW%I$DA68+j{X1~JQUxE)x1xV3Red-L2)QrKiS_m^zVU_F^M
zAysp~?i6Sv=-?OXX6K&dXdJuxw;g5OaaYdia|81QeUZyn<e-UX8s3E-n-Oas+3}|~
z575=fcAaq)_FpE?A4B)Q43^-e`B#3;CxHI>Km)`3=L@=gReL9eMXV_TnWFHNyak{=
zDwM{589qw$O<9UNS_MlLQ@f>x0Gg72F=m33h2t`7jLUL0cgJ7ldY?DM`n|5q#(}Lq
zb)#A%r`i7y{L^4zpYO}DlHM|2vEe^d{loj?B}dZp#Kl76>!l?dsnLq3_D9mR=Jcvs
zy^Cct+(pXCYdbQ(-l{0D@N^?!ekJ0#cguKbt7I#vYY|rhy_S#sL%U9LJV<D3+7be;
zk&S0Ui491GyrU5CsD7=$Frf4Vu->q7;RFzFTCf#)0*F6tYVQ?hDu>p5%SaZtYQDXd
zQ*~GuR48<5jNp;pZpPZombm<OCw#zaH>u<|dA=c=I{(a{*^B8I-F%0Z$}crnXs*po
zAFtC98LYzWevEb*8!E-J7y!t2iO<`E;l+|e0^Q+l#lJJB{oYW_Lj_<I4U=MLUM*_n
z7uueh4HKG3#qaozx=H-9OP6Iyz{ZI2z`pM97pL5lYAug`;7bZN)4!kFuqo{HarKEO
zqV0$Kq!{yEnf$V}K_tR4ccu_wWf625pZm9&^0)nR8uS}*-*Lt&E3#iuomm8CYh4=u
z$6~5^#rAu|cFM)XQ)<>qZ;Ie&yhu}j<5YDH-!95-|9W$zY&?BtkG(&WOk4a^KY~6F
zRDLv99=Js7iOM|zyzUS_@aZTWAop(FJwI@aJI+7p;js)`Osf9zh<L#=sb#JAR2>{-
za_l$LQ^WZa2uG3g+s%q1huzL8GlY_H)&ta-f7^-+IpSTeykK!4a(C^Nz|kjXZw_Z=
zR2bM29F5lMUQp!o$hVx@R_GmWnL7bs=bT-~hE}ipSFY5}o#G$&PwkRT&RnvEhIBdP
zCo8%d`FT{MwIX#tlX9wdejl3M+B*R(Z%h}<?h~eqYJJ&q<?)N@^UiVpwq#WSoNC8P
z0$B<%kAfwk$X&qp*dIIV91gZk4&^#5DUIwPSB?%zuPp6csvGm1ayz}{|29-#`Sbyj
z&jN7vxs%TVXy~GWsgN`r)(?&`WQ5tTQ|AHe3p)nc;#1WFzKB|t<R8kNs>pg@?yq66
zz}A*kaPVA<9#sGa{Cs9r(z3kiE5tc{KWkQ;>jV(7Bs{j?{pY4{1Q*wTEIHmG8){jK
z(mqQE#1p_T55@h{&euzi&PHl~O__kvPC)DhU;JUN2jmW9XAB{1VSO4l@(QLtUNhW!
z5p($Pv@bvOjq5#`3zjbM?0z_0LXzaAWUM-GzTAPC)Mdar>p&2G<Ub|<Gn!`mttMm*
z1Lq%>%&_nMmEkz;d>TqgH){v#lRsuV;kdqR?WZ}Tz*{9D;1bPc7f8*peZ4zE?VuW2
zawuW^k7xc@{`cXY6%WZb2W5!DuU71_Aa@g*{q)59i|SOPv4^Vm!+*xp0eOdvSg_@O
z0!S498ab<twJwgQ{kgm_k(%Gf%}p1>dNn@TGcB)qFVlV6?iJ9?Wl`^1BZX1;!SoV=
zbY78IPTouT&z0xDzXC0I{BDW6kauNSkIg@kgW4cd7s8qL6<g{P?*0e;S;Kxp?SMMz
zBE?RAp`mJ7Ubcl0>xXItt||pN8p-<<6Qj3F=h@3c^rd&_aOUr9tsFm%=!-J=^c1uK
zV^mp|31)QVDi^xK3B}k}GcfqHwt7Eno-OZ!Kb$L8IG$w5;`v?@XiU!}&bGsgW>YDi
z90;?y8ZgS)-dJv$m_006&Tw<A`9b-I!DfqgSzaC~&K>8hu&`ja*OKXsEuue#2Om5z
z8dULbs#$*O%4D0vZ1vF;^MXS{U`9-+d*)34K4n$BjBLjK!>{0`@NJi<CL#fW<s$fn
zWmPLcN<y(YHe8%GNBT$ljKK2bTG+daey0~;xs=!Ydy9uikCaNsTQ_yMl_XdNeRh`x
zY@@SceSM%j_i|gqI=x`Q(DD|##I6X5oTmc@RjWdSaFu-P98(wxp@&02_+)Y5nBk)~
ztk1{myfW4~bXc*G)Bp+<#;q+r=Z6)RBsd>(2RaX#!Vu)U2Yq+OFTx_GiA{t@>NP<&
zGKIaj8Z#AM<zbmMx`cr|#GAgq8n@-cf{i5Jj9R)EnS@_7p=JHh_<?a4oK#SQTYTE#
zslv5BpJa-H`a?K>zjYsBsT78?BsTnhlX7=8tpt`56No&j*@+!<kYas;Nv%|dsX~-*
zU{<P^k$QPhSmaO?A|hojL3Eut{lfdovXEFD)?HxKyC2AHhnda7E`#mh>WgAxcUV+p
zF0ZPRvdcs+aVLj-_r7I`Fc0PDE4`6v=m?R55a=3XV^&`nwQ>xTEOzAYHF;!wma$Ko
zTBLhROpl`VR_&1POK}~c0+z6<n(%Q-CWgdfB}y@uYZQP}(bu}Pnnd3+RhbALdRA&z
zI65Mke>{E<<9rWCn3_H5z-Y8VIXM(&?bj1q^cEsgY<N=!WuMJdgp{GQI<=t9rhHTd
z6YO94gdvIp3R9mhy5ULq#oD(>$J=G!+Lfdm6T5+fsY?5?aao<QR*hk9!HmR8V%mA1
z{1EDQUqVJrA{oUXh-@>6Q|x;R4z8@XrPQ|?Fn^7ne;qCp=u0BcpFP?cDZ=cQYFZxl
zaiDbgn%FNQP?vSHrU#4pptK8oP_6`b_Ln{8c1HB?iRfS*#9&s>G@33_a$Q?MdH8i7
z5=b4*z`&^M2I8EW7I{Fm{2%Pjlg9Guk{yKXdM&puWmgOul9)q5%r*FPBF+94jOK{u
z{slftXb1@b;v~b(QvQXU$;GLKbFv2m4rhMYkXn8T;jGLH>I+#t<pl%QM-8{yKkk1a
zzq>5|%76YF@${|tcm98#5NWEv8i{K8@n&i%@Ck)WYNRGxO=X<FTk-J+@8QkTgARo8
z5dW{GD+zxPo)#Swb^!5vf7M+2n<VcK!lnOL8^cP!Vr}$qiJ~z6Tatef{?woI??gVG
zVg3h%jngA`0x7*}?N17m3hv;NyW0wp^8{gm!&_M*K}AVX#RAG0Up8B=)`RG<4{;uS
zztAq5&r^>U%jq8c(FR5%$D)0a?8+iNq-2Tp!=jkAKA~JMueCdMGgn}k1lZVDAUFti
z3!`^y?7iCB?V-bEpNHgyOu<r|*H#eouKprh?=jP13)w$JQ}UNf=+VYszM}uJ?}(LE
zAh77@6R_^zDv#wU!slti{?zzcvwy2bxIYO0zi%vChh4pt&2{#Fen2%KKcj6lB~&`<
zC4Ca!*wzg`wKQ9y>qH!DPP_d+w7P)&-qB#iYUc9U%qI->*f7G6Z|gdF)}}hPiGG$J
z`q#A2kq<PL`t`PWO5?`yV$bQe(LaESRak2-4X@o~4R@<ai+GhsyV!mX{JEZe=C{Q?
z?f`bdsJ>U<scE!gp<-e}!Pn)7m~Ac)jl?HzK``TDw{tXuB8^g7*unDK=#2?JB{tgO
zuszm^kR72fA?IjA=fts<5@zu;n8R%RpbQY~6`IxmioRKWJgoNgG?ZwjBkDMdM9?us
zU;Esr;_1FjM^l4i3U7I~I1*X<-i&YLVmnL?A8Es}+j>Fnl2!h?KfGUaaPuQeCu4^1
zjr<b14({#R;8~4wZ;WY1vn}NJ12bn_N$8pwSM;sP1V)7nBzN==hIopUd0>LE;kR`$
zXb0bokx0H+{P*(QRa#YuJNnja5n+qIrS#I{XCCw2dRq~}(6yRvHrNvpw~kn&YNi`9
z$R>Wrb%PORm?U{fA$YE%Z%xj2xQ&MyyJ{9WRt|Wm6D(e8SxAnYdy5z?mn6Mw;qCn{
zHJuDE8ux~=LDnZ6APfxeE@WK{O<TIC_`<BQSzp^fdY0Cv*v4b??i+*hCdiup5-04z
zm|rD?G1jaA?*)>t7^!`LNRhK*Xoq!eX0KO+*p-49D|EhU#b0h4H2TcOVImmHbn6&{
z37Fjj6hG@hbKdE)An_R!{f%uYxk}&OD43C_5Qe;74rT<emf=a@UTLHW>jH!wY+vfk
z{UdF0j6s3!O*b))#?mZpTqt{X2sDO^FvfIzhH2x6Q@Gf_xI5eF(9=1=&wcnLGxLJA
z){zQ0?;q}%@l#-S(xglYur>^`N#VBAN4dLdtX+3k4(WDR7~8q6>NxM7{(WDv|7trc
zm19b+!$)87=7<e#3Cn~Vb$n4!Wk?H6kZ#M=V|l{3EbLr<=b~h}a;y8e3RQn2($#1>
zH||<Hot&~;<@bg29fE8zS!3=!^NZx*I1Y9HQ2xoOtaY)GC+j>LZ7>TMh#?yJMpYba
z9Ca6Ad(9Q9-<o3PECZF_(F`5y9lp5v9~%Czlk@-OTK3%MdDAG;uz!|xU#PecC4|u+
zMkp*SauBT22>@qQBzv5Y{|Uk)F?G`Gd5df1((Ph1=dlOP5<vXh&jVTWcSmx=uK;Ot
zZ7HEOD$3g4*YC+u)hk=_<d;r}cudU`xO^kq7Ah_{C`=si9;*!RaGXvH|GUqXzE(IW
z@Mmf&phw4)=2p;kN%sjPC~AQmmT}Hi@kx*(^ejfAs+=8IH;?0b>keYKr76bMuI4L5
z-PNr%d?cZ(u!=qQunl|wV*AbcC~vV0;<EVOve$UgFdP-;IoE)t)pQF^#59BgC6}DJ
zYe?mM+)yAjmVCU167cs9HsJ3=y#JdH*IpGm0rU=hH!YA++Q%M_S~X6c06+%dB;f;k
zbV7;yGT4@EEkE7#{#s(z^r4^G`)M8R8Avo6V>Elt{I~|^1ZC;(E^YA!Umzqbn0daA
z-xb336k7Nn+C#ql%gn3y_k!x|X&l)p$doKc+T+E4+~=63MqBas4HU44vW+=8SBu%^
z#`d**OGZXBlVhsp{SFu@OMi{U6#Jup)@$p|NJl&}k<^Z{7!s8rwli*O#B1?Z@=O4U
zFLR=CzFe_5AD%JiX`AJCKbmiWJ74Ng0KXyBH75Xxf(6|X+M=OaL>~SyxZ`eaG~deb
z>%7Y^*B{+&Z<F&)YIBl?LYy<SFh*myuSBZK>(0unpdAZ!jP0c)i2)OE#PF8WY%<~{
z)C{3VYiIUe)sIAWC{EdchFkpAyVz_>gbVtwRmnX6n!DC!fUZ8TI-(rR&)4GBHW~Y>
za(ztEE$2ZNF#xYf>n6rI?k{|%2bos8KEm31;dKZkzb)bUy4qFK*_om}eIvUKE#{`e
z$VOhjF65fl_P4Bpkf|;Gk$XK<psyu&HL6zK6YJj!X;0}iFD6A_t9H=CHCD|;N>#sC
zMd(Gla&iij<CnRx!tN?rbshDUBcr&XFI}z<w~qwo=vt_`onj(7Ae<1^HmMs~jI|I&
z%cgPleb=Edw)YM)YZ?9;Hl8cCo<=l4Ww8>oyjBK%9r2g$%c`T@Xq-J>E6vKk;}QMj
zM`CHJ6fRt5usErL-``Iz0rd8Q{(I++cKbHmZfPp?tw)kMLJniQ1YvMCW7y`n{*Y16
zyQECUqj7o)Zo;C1^qfY+jS@^?8X}~d*ekAb+LxO6NBBpOTwaz7BC*w#@jrZgm+h=k
zc6aRzTidt%iVHZ}m6Oql5r%Rdj^gCV-}&rY-~IAn29`_i6+dq&#%yAX7|VL*5i$bn
z74EE2g(`w(6xQxJvedJ8p{8M-m<pkOC-Oni`LLM!H+I$|_l`R*X+FUd7R<tvI^Ks%
z7o>IA=mR|#o^}s)H?C>RQm4%h&Z`k2YU2+oK9&ew>X9QbHM&cQ%-@Ua%U&%;iJ$KZ
zJD`+^;p2qv<>~O%@lFRpHk7c@&bI5pS3i7OJGx%BZ~`z!^O)wX!>7Etx<qrbZM8L{
zTq-Lk)I%(Pc~tuH?j=Q;YmneJ74E-{?ygqv%YDvKF6DwDHng(kt0nVX`#Z$?M_IoU
z<-lEhoYQuy4$J-_mt6L3mmD>G-nW*xGE060X0(<LcJ0M6T)hd#IJt8%<#CTcsf5P9
z%nfT(MG8;su!OS7i<^{7EVnwkF)Fe11gYy`G#`seZ@#ua?h_N;6#U0n1OT8!#14_L
zfB)<8mg%WO?Y~<%(-gXY*UcrLQE=H{4l`6O_?NXXxfK@Z;B|PQvWKr;v3R?Ye5&oO
zha?KGb<t4|$XkQdkbxPY7BfZFSa2qU4>(Sk1xJtRt+^OhI0xt!rmB6HiAkN4L5sE9
z4fa?+l>{ZOyY-3iaouba#5<y|KqRLJ*JE|K^<M{Z?cY%dx3zHJ{1x(3NKwxn@9ie)
z^r{J*ZznFnynun>aLqLB;c`Ynh%b715GB_gON>{G$I?)7D4H|Q<k8bjxrEzoj-33+
zMZAMhqxbN_w4>|AU}ne~FsqASya3f1LIT^&%lnxOOz?WN6xr)?oB(e0Q7I8Djc;+n
z*IIZ4A8ROE=;m=%Vqsn;7%x}+c#ZND@!@vOHx>tEgumgteF_?z<wungKL;Sa?SfUL
z^pF|BMkS#LHDcOus7}@{uE}*oz5!mfZAvuGYq!9uYEAkJ(E69S^9F0Z8lbK1cGDy3
z^2t)CXY`WQ2?JW?m025_eCZ%xbnBjY$p&TTn{%EY3Pc}jB&~gM<<6ecD{8z$KGP26
z05XOHJ03%#BVK##4ZMzZsE0;+G^9IRU7pe#ZD$EPrnEIesKtDRDEAPkwC|OLjPP<X
z*_G*Qa0o?42RNdcCn%OwHbV0VSkI8@Y9j`tCiyf5YS2gl`KW)`J)>8&@EAk|7|p~^
zVKjNA3S(e*?kAXUh)0(p;HCN2bxOV%dWIGwEi+MJz6_6h+*!EFo9)_WMRw&hPjg9r
zwL`Y3yajr^R0d;dsvcr&x6=33*qkc#-C<6)mYowRD=7*kJyuMOsT|?<<?3t=>Ff;F
zDnGbP8rTdkVN9UEI4Czn)rl&IfMb7#UU7QW9JP^O@mia_m4Rx(IP;Pa!-Fx)uU7Ir
zcJfB(uGRlsWq8Lpf-W3B3L7r!ZoxYt24vqT^W5fvjp6UbSkn3>OgF)9#J~xhoE&$5
zIluSimZ5xRZ*uW=n2ll^=QPMKlD#$qr<&B>(gszITFOWBZyLpMb;gup*=UWLWd(Ao
zkNNVSYD>QVwjElUQ6CZ-1;^YBGDGf$^K*#jhJ|y-2$3B~M=CSdO5r~KFObfqliy|X
za{n81?-|w9+O7-ZvMp3ls!~LSgkB_}H<c1dLXpr3pg=%cK)Oh=0-=*aNodl0hlC~;
zY6wWL0a2QZs&r|tFKfU1-S4~hcg`N?8|TkAe~>?OPR5we{gnH<uj{%=T<O9?j$1#{
zewXgApgxdS$<;LNK}=n<Cgf_OvO9k^LGW@}Ud1!)3qik-!{=BMS3JSoF*k`^yKlMW
zeQw?|2-3=<eKvdvvsOfY`HIuS^f~7U3QfGKXbK*0eSqCP!n@SRIYU~`8c>XlEG@TP
zQ!aE7w8c%6us@@s-IT>eSRgjGE_)kDFYAQ09KZd-gZ!l%=lMTv?QI5rQePyiBZhz6
zEF-uWi**UyBeD;<%CmW^CqxqfkGI9qQhN`<NlX3uC0_Td-3~83)pRItr>1VpW4xmB
zVx!dN)iQPez+tP2zZV*+?7#H0$m3lc4!l26o~OTrqW&`CG22iY?YSOdO!sPEvtus4
zV5Jlc)C(EGTNIslZfahM?;J`f)c=#Ia0ZszshGLs(M~w#P&lqpj2_~*A1P`C3{|pS
zfHL46o{OJvjY;F&&eft+Bwot~`O9#iyS%(|A?{Pwb7+y?3_>BiQ8Z2<ngOLFJqg7+
zTg{-sP|eP#ca~Q#^?dSFMW?Q)E&Ee(Q;8?O?0BAJ8-%Kuu=A@YF+S?acDWj3Vd-vL
z=!-QgrzgI2r(r&8r3})$KT1atI#mPhDy?}nlOIi|yT2T=iA^){VWWjU54fj6y9$T(
z#1my}y<9E?ng23Bg4qrK?AqMkRC6%wq8&*i1LrB;Z{6=aXkyDIMP1denK;m1b-xfH
z{ZN`z4Yo?9cjmYj#7X;@#C!>U3dmes4!j{Dd(l??(Y=WQDgBW+FGms2WpAKss5+lG
z8es@6r|^j&bo-kWp;=M=K7dV-EInO@`4RgbybgXPL%=cKkyndV$ZnGNDzK2}g;?bf
zuj0K1ohJQZdg$IM`lpnp&Y`f9leY;kblw${J8d*2SG??V)C!=^b@{=!-0!6Tq(o{O
z0kk2(X-ezmEcNT;h*0dW!o(qFW{|5hR0=cVb+h+RrXgqNXX~;%*BFccnZIoZ#^PNX
zoQIJ+&m#V0lI?!a*eoC?oBs6W-)_uUv;B=Y#$Z|gV*@(lel35*2C4E1oY2i>N$myo
z94-ja_0|Yal{RrhkBA%P-LW%w&S28PcZ|InNKQ|UirIFx?$m}CQYbhdYU~{o|MRy4
zN-pZ>za}RyDbTvTwW-)OZM-}iQ3Snzy^4ufI(?XKf9b>UlT^ps)lDi-7CLIdRD*Yt
zy~pPFKlT{`fipH^wX?}Hd(&QbnQqE^`@8GbUskf!NP+gr9(RsZeATb4iESIqlgi8P
z6wvB1qzc{h$eG5FcZo!i(<GNqWlIg7XoAgn=P{+<_yKIx4~i}(@tW#sPCx3j%FD1S
zY&VI>pu#|3kWY`4nB*m&>Frc<ruP+q3nn^j{#fiN_7=Bv-QlJSd;$V;rr(Ah#nmyL
z;r+x~{E#%B;Y?6*5|Vi&QC5}!2NE|^wYj>`uHKP-i}?(ey=Xf4p1?^n&tXH8RraLw
zjSPE3R2<m;^3|?#;kRy)d~=H@gc{S=*>9;RLLEfA6##)e5LmE%#dM1IQ#H%I>M`Bz
zCbv6c;qhPa^8-Z-HLsqo@878vM05|>@m{eRfg0tnt~vBDsq_`@s%s9op4Et*pSu59
z44A5+B?PEy!5n!Tw1LC4^mVP1DaulA_js^g<Zr9DNcqb{#k@qL-x$zJMg9BDOF$AV
zZ?aZE6JRN=tC*!=<O}<mM={RB^tny+K6rmlg1>#!Lxa84ThgrpCpbPQ7X1gh6Ah<(
zLXx{N4C@S@e*k!lc=?-N@+^bfWB60jWp?nF`f=ln{}2)WBc}fO_td}3Sj2Pwy$18&
zA7-z>w_fB`+<BJpO#0zj(|^9<-+%x22c=X0{NDnU`|fl{>9z!6vRWs#7&{SqCdUfc
z&W<72cJG096PK7+e8Fudr2EZx*H30Zw$@h{{c6Wq5l>1(aVx6W8%4DFTT0t*6({v8
ze=?0jHAe((?VXgl*@n;MEjA>zlS-pYt}c8`;|Z~~AEG+}ehHm2Ey;_qGP5;pH0s|Y
ztLiHX`$il`Dgp3wN^>#(O2MA_PkVcNgBQ&$47^hcw4#r&qkTy#gQ9ec9z1C6*&jE=
zx1@7+|71En=!tK_RF8VRIOL1bEv@xa7YQiL=N7kS8KOJNGo+{A=?<=UZcgk*mZELD
zLa~R(K3OvL?(m`-n`i9g*Te1i%>+Lx6N}q_Rg2DA{K+)@?9KV%OyJ?-$=CLGHt$+O
zwhE~Je=?N_R5rbQzq4vvdArx>_vd|5?p6CisobwurNqM6#MI(+dE1WXCVE@%0joL>
zKfM@}f28+qY{QgNRy^uy@fnf>N9n74k6ier@a-g-{xf`a)|1Y3*zSKnJvoLWk_VB9
z*L<KrYX=;oV00guFUkVH{X+0UUVl00On3FyxL!1cmr(D%Spw~Ohv%R0v69;7zsJks
zPJhXnd@{HPIeDuUc4|cn28)6?O$6Wl=g^-iEyxNkeU^9W`**W93_!#{W8eHwCOw|n
z&!zYNG47}Sw(2n`XVv}T8rdf|zP{`Ak^SqIQy=%pcankv@v@6*YIpcv_|CT;2ccVM
z-}~M@f89GoTa3aU4%DgntFjjop?-g5ZoDeBO0X-oM{$lW3II?Jevh&5W8%N;c8h<g
zM#;FP4EvRkaH+-cPALt&_v>_ztqt-VtK84(g_`nMdeE7=tfNb0{((~+!ij?%&@Y5M
zOccNt(|WHX+{nb5VpCBW$>nuJgp<a6uk4o@&(&vp@s97Nt{o`Hxho<L#$NkdJToZc
zQMO$s8*rn+Maih5(RC;RL4>YP3jAhT-fE8jm3YH!(PZRP;z(otj|GjcJ;SDt=Hx$_
zM!{0FlUGUq81XkN!DShbD9dSuF)X(}m48`O*0|&3h3zd5Nj&;IT9v#g_2{r=D*0;)
zg9I;YIBJ(CuWBxTCofKMsBGg?__}6MBw^9D^4Y5dO>e345lPxE2X|0NTFQ@8JIda<
zO?66hyw-H}fqW5PC?kC7Rl9G^e)C<U;x9;ihiK?G%xmW>JQLTa`TWWB@W5aUec9@|
z#D~r;_Eih9caNms+BzDiVTv*tJf9j1A^(u>7&86J_el7ZP<fNuhThwUD;mRQ93H9R
zcEl=H#rn>{<~iO#|4()zn9sk;TR^+tC#1s|v32>>GqKB0n7$mDTw3CaYKvP$Wu9SB
z9_&PJ;FIa=$LHU@f6$}#nMqyG6>2Qn+kE*yq;|~a%0CK6?&KaT9>hZ!i_-sh6#Ac$
z`M>!6cQom@lK%$gJ^z0{@IR^k{@c@kD{KE3mh-n)0&V4vW{@X0A3b|o{?`Kguf&p}
zSNN|xFJqtfkK4JPH&l7CoKh?r;Q8%x@6)uaqJ;ITHZ1oy&SE!cp&tn<4Gg{^S4N%=
z_2WNZ{H2>PvV6s%Sy*FXnC3zt@9%CJColebe?x8ibEeFiI;N*r=w{JV1>LCoLeidc
z5iFN=kY0^qBVy;5fghu{|6n-e#P<9Aj6}+&pBC;9jW;k`5&sH*CYe<9cq?^lz>b*1
zo0c#K=pWJBqGmL&>HX}Qdd3*s^UvQAp8I7@<h89$4Dh{0QLiwhAvT$zJCO~%2IyNI
za=3}3^|=BV?WfX%WpyD&%DB@z_b1ayFN1Ng1H7F5>pz2pX;1!ycv*JtH3`A63kv$L
zPw_v&W&g<>09t<gn05bG!jIV{WrktS--74Ozh0ywGm>C+&<~rj9UEOK5fO;7oBw6Z
z(#^%vwDJgNATD#YhTv*_5vS}44LVQm)Y9LRzHL$4r#7xO40uE2;~sV2pTLZe4bBVm
z;%{ck5%;X0^~BZ6ZDi_Mc?MrQyl!v7I+&Ya&#G3SPqpJ)#|<|!EDMEht?N5#LVpM3
zi%DS^WnQMA!vn0Cg`ju$dG_MncyT8IDGofs{8Of{zVt>7WyCMF2Orfuwg0}w_VmQj
zX%BFFx=?PMuZ6CNc9#NlUgW5R7w_b%3!3x*yjH-P7pyOPMYaFQL|IK?jKV9%RJyD2
zBv|&@FUMt(KbaUZus@kFhc~+pX4h_HGCs2a`sQHklI{E8e|?kxtF!5On|g2wbG>qb
zR^-EdrL%6;3OL^dCv!OJ8&!_?lN=-s1eU|Ho6aRTAjosUp8n!-R>jzyP5I0%p`;&I
zwbL49sWu~%Pi*??c-DJ+PdE=7J?+Zhdp%V7lj*93|CR#$r7ZT#PXes`ZhFK##K9&~
zWUR^{ZG+<od&^xIs@tR&B`zc+V}A0S>C}yt))2BE>~lo*Cx$z2s^u~0#J?voVkGNN
zCbB2XWeb(q)*;1pac|1b-t_=c%%;$&)s)zgyBv<~-RoYb8+a^xLt%$he-tqvfI40K
z{HB$8jr*loyjsb7*=dA&z<DcfkLB_BZji`0=YsNeF&7#UX8@%6;R4hTd;}#ubw)mG
zM*JX=w%fhkB`Y}-a20LhK|AL7cw7KxXux$Qm=xOwg96n;2Q%NR3Y<oEfn2{m*QC`>
zU`6wC>I$vNQF=j`7Gr7$M-dp7s13;hf!8-vSM1n|?$_Go-@a~V=V*5{=}{UTu*{P=
zTxm9{c;h%+MlOjr&ASUaZmLTU{5{4|=;rl_Q#?r(V{DK6Z2G2OFunO=4i+!zKEU>1
zuSXnk6w(^`Bbf!_XE3z!X*ifga};xsoVRE`mUMr$s^t_0@#S{o8G@xzyq8?wo6)vT
zktk+)fg?Fr!42n!s*fRzB3oE|v&*M@rM$u3h1QCs`Je4iX_Bs^x^8dB$5k%m$c+PG
z2r?Q{>+1*rV3OS?A=)-%=^~eH_!=T!SUuiyLC#>hX3xmTO5%NrN+W~R3svtPd1WD>
z2i>yBC3iF?T29~v5C+~^=n*VQe;|ip-BZ?lnX%DaO?6R7pIn@J8!__WtEa=x@2`Si
z_f^;^W(9TO7b<y8>qUsAJ1D2t_P3+tU&(zhceVWO)69(*@jJghwyuyvqqwD98oh>t
zBs63xQjid?CPhI6Gmt7y_mS#V1)MIQ$ZT0fHT9|Wf^F__mvn8@QvD_6+Hm}-(8S1O
z`nN{hl_Yk)IXfazw3nfT3tG%D>&f%!Gz;P79J8FsRE_SfNi8aa1-+c|TfWRgf(gOp
zvekYcsbw%oPF_{NSNU+GB)z%?tRBQxeJSNuN1mx}DK@^_e`QrylK%_c6(~WJI+wI1
z9lEzpp7}ljo?Iho;ftz@?X6V~$1wHM4XgUMgCA>7KaNQYpT*&{v&=g-Q$23}V-o)#
zkp2HP+Zjr-e?Q<ea?fI~;F5&AOB~<LEdRSw;O~1IgZ}uxxc&x({<liTX|5!cvA5*Y
zFer$hsy|-iC6yY7o3VOIhVtOx<1;Y1d|+eI5DqMbygsI)hO6PK6Gw7(rumUT-k_V^
zT3%u`R!W|_iF2Hvm-N7zgdDpCSE<-;#V_pc<+gQh^IS>Lm<1Cgxr&k>7ME<Fo}`Cy
z7kWH{Y#(+tdcM5j#U@J7sV*DB*2@;l0tZZH-*?pTgu8l}_Upv4vA(lD&>#z#;$VGZ
z=oCI{8*9$GWP08R1Y%El&P+BVe7o!x?#yz}!j--Lc1WvjY{0{&6vd!Awi~gB=E*q7
zHw`ILZ=YH);NUFa9K*n}%xvza#I?5us>v~VUbo~rRd$Ww1=QMVH6M;czv4_c6n2h#
zx;d{uj?cQ}Mo{GS4zC=uNnz*^y*0IqbyB}(eo6nQm(&Pu(rNrkA<~0D;K61tPm4ZR
zq1#p{o1_NhA@5*S1)YVWJG#eK&DMA=Nl;v)v89u06ZsAmNBCL1sh^w+8-r;^myA_>
zbY>ZejbUr*avIWh2u>`|8?T|vH|5`Ay){QDTCf?YBPy+M;svKMgje^y-iR32cU>bs
zw_M>DFSSZ6UgU@WJ`h4eMR3|&>eDz)L$BlJxN0S=6H?frWpTiU`Ed@JoBWdvGa0-G
zBop5D2}K5cO?{T_-;NbH^7xBmw4r@k^t2___f<9}Mhh7|y`XTps@SvI+#563B{XN)
z<Rjn;fSE7D5N?P#@kv!6#QLO@JZ94M)b%S5swk;m-^NaD#Qch1nbKrqr<SK$r0EJ0
zHdc_TRSFfE-pFHr8ULHrouUiTYY|QtCj`vNU)};`EEQ69IaA}kk6q9HGMVFZ6~p$|
zC=(^AqF@-N<l(>K_J4o)`p@wGpAMeUl|@YFh*2x|mO!@%k|MxxD|aqx(m04W)*Db|
z!@_zsVr$x~9Ug^XU%8SisNT(>4kn-W4i@664fqV-_jOxa%g%N|C)*K{Z&)J@J3i!C
z;q)jPVzZ6Jz}tKn=91m86pmr*mM-xm+5JMAnXhE`mXZ$uE^=MS-Cr%WTQ0xwQtu34
z)1x1In6M?>Y&?Z9p%2VaD3@*M>Uz_ntnY(5oycuC7HJhk$Z4b3Lj<^1iII;G2t09C
z^32%0h2;HMVQ0mc(^j=OI<1WKfnQrMqG8jiywj+ip(QJRD#if$tyx5UojhH@xwq$L
z>?t<(9>p#|v3!z&9$3aFgpn!i27qM}d(T&$tM*NVho?J^Xk33K>tQSsc)!=bGjRop
zh{_k8-b~EPzhJ)XF%*pDrL4)VHCq(qbXG`%wL<P+mWa|`AIEpv`bDah<@Us*Jo#U5
z-r>@?B}aHt&K{I`Br3sl`$vtuevjlP{!PQfQb*lHa~TNWW6~UnA?T;2Q>+KuhNWUW
zU3ND>;5=1!&M1A&Fvr+B3LDR>drDiFSnBWc#i9#gISYBo46BXi=ljp`onuABjjPF%
zUk0RCGv5>keS1WU{h-K7Wf3#HYt7;Y#!>U4M!e<n`V)jSI#$&ml4*4ZWfViAo2ucA
znHhvq{}S<VB1e14p>@Z35*KM8Y7#RE{{oZq#98YTerx#6Akq0S$?WAL95EwKNbm#h
zI7`gdWJ5Fa<3j?$;{y~nX+@%*Z>Ig~9VOGCB3VT|VQ-eFF9a`(R<u-Fs2mBquL$TD
zO5Ol@{+0@*8sDmKEto)<(Hw&=%9CH0b&K5<W?khBVJVPZx59Fzhevn&0Q6rE365JD
zgn};RYQg)9Kbmg}Ok{wdY=AzeZj6sdP1#=P*p*-E;w1%zB3|wIbDxP_->U2UHCz>W
zlaq(aF^NtcDE#!kMbX)7XNK(Hc(WC?yaiwB)#`U1f|}*tMY3iOZq7R8WwSP+yz<>}
za{~~hkPliI<tA-eaw+BkaA|#hpLLEozWu_%p6p~{kc^IYZWW|`^AqCg*9xICA;!zN
z@oJIkL`x>k9beOW3G*m}lFsPr2DxI>Z~R@05UgOx>kZl_?^8xzimh|CX6f)1nbvy!
zO4FEXLtCTVzkMiWLJlW_J!8eQBj?|t5s~cEdlNpU$%GLTC&QcbjhEwlrU~^=_vY+f
zPRR_%Qq)JD^3lgVR*UDvVfLe4d)TG&TX-l`&&TnyS|!W45pL??0L-<%&htq$80vld
z#I{O>J<cBbEODk}$=^eirOn}b+S+aCg9NdZWSVhr8q#eBc27zgl$RGb^5!M^ZwW^G
zz>0II?<-T=j!lOrdz5MsqpbKl4|foe4|f7A0|4@GhHBxD`i8(BEnHzu`cM5L#y;)a
zfFzm=SF)<BhFUI|cDdOq-Ynnk?KYjuEr&Q47(hZU_4^vqpEvx^{Hot=K4;c)`|uZT
zS(v@e>jLxX&?j!ssCrs<1-0kPaJsrZ_~T$xD(QV6-&KJl;<i79vkH>w^utSP>tZaT
zlYHF<_SB8goo0>7fi02_p40^Yu*L;@5G2MMQx}$=?ml?wR(9+TAljb4TF^1*t>Q3H
z4>kRUO7noYL?J~-UQ5|9pUYjZ#(FASwiY_+-=A8stL!NJ;C(&H|8XIE50#wYDGh(1
z!EF6Y_{u9QUQBE+&5^l)F!0SfykwWyQGs?$9Qrx}5;Ud5JFgmkECb|Akw~%2_;{im
zOp$*L4~8MMwVgwwIwZVGWGCbsHS_}a%H%uEh;5!Sgi2oxJ9c%>0FYG70&l)X>oUu(
z5yjssFVG>0@HBiYe%n(~YI`zyY-j+k3*Hrj0y4X1s}t09$EG>-=jchJ(X+M1Wd=E=
zj&=1d^PVdDH8_wopzu24J`OzFm`P_No(q5B*B=}g2D^_sOpNI@I$P~CmR!!o9KW(i
zN-oGq+{aXeu{C|o!x1)|A&=<xk-_<wK0GOp=N>D2Z-6R&)rd%m%SU(!DC-Ehet*(l
zI0Ta-8=ck=We5o|w9if%R`&;Fi)0)uV}DY;3!NO~dtqUHY{_$aLy=S){!nI%{2FF~
z=-4P^;1thTxBO&$4mj1Qw5a2DzPXND@ar1yWv?pFrpYX!C0C#vAzN(0`O)gy>5h}j
z$s26NN~KmQ%uO*)D(+;F2i<evTfe)c{y5g$WM&bHIL5ydQjZzAJsJOEDJ80*v)EtY
zqLTl@wJI(%cZ0>1QY~5PD<$DVL`0mck<iTfniIhd#gIUxU#)mo`4%apQ*3NNU@RVr
z?k<g_`)neE#H{tY6CC9Zkv!Z>S_~6Vb<o?6t=Lyrs8%(;+@)bdrv6pitQ>l1IIKa1
zP^@Pm&;#WWSghW^DKOoyD~LMuh30cn63iUUy3R>1G1vM}jt)iv7cxcU(n5aTB)rqx
z6Ow99-Ca85i(9Cb<>U7!^?I61V6~e!9n2^_a7i51TYt!9E(sSiv_qb=i;B0)T8X{*
z$F;WtaC_#Kp_OR$-kt_Ym7Lfla#GQlUDnH&^4>z;I^9QX#JJ=0c7=Y;Nmk~Q_FKE?
zvlz<-T6bod4tt2}nMR#k-k%w68u&&J2vm9j1_DV7$%hWVjnKNIpgsMy(hZF4DGf3<
zti)421xfO{iXn)FBo0wQ4Pe(hCr_ovPcaP*D}v{Uqb8bmH)I324CrDKih0%_A7<hr
zM&R>b-z2{l_(OdpX{|iQp``Tw<Ar)$YiVaxnHnL`{Y&fZpEX7j*!3E+2UWK#^sQa%
zd)aS=nZlLHrFR~CK2cg8(5?KTD(8luS7P`<&>BmlIVkKC_*M12Yb^JM(wpe_OZ`m@
zeV^1RR;{E!fyCX<R@^r7Duy@%K%LkH;Qj)BdQWf-`TYfXCGB!ty0t@+wuzv*!{r59
z#@7~{;{DlJ%&|d@pwPp(Pmmm`J)@@Sm|MA_kcUkPW^fBt$r80D15L@YTOIaGx#XOC
zVhiN?wCpe*A}&f=lolO(#P+<y#*Zc>(YcjN+y3@wNg0+cWf5m_E7_h?mwh3C6w}>J
zhvApm3C?f#!9sLTucbRG%{kQhC6yAQLeN>E5#y7}BGLLEJbq;FSz&lqL6FY7f_yBN
z2kW7AAv4D}63*Xm{Avtbs4RcPdH=yv$0)M@WhHdI;)kyvq<Hdr6W!!V`UxY!@$a7#
z-8`dYGneBG(}x#4=Re(NNWaiAvd0!e(!%ZGK(*oOO-4#)OPOt@U$S!?KDfhoDp3D>
z&OF|4xsk1u1JqIod8)b&q}*Q(!8zvwfHwQHVY;j8v>SX6WB~qfA+4U8mLlut6<{^_
z1I=&3sy>`AA87DHDHnadw*JX<qg{5)7G~90sn8Up-J#+wX-x__S`9)s<trRJH!A5N
zxT<f}H+-~c;w-0rls;mbm>NKeneDKkNKv5A=l}~o@v6{nR776+Yf(~co0yd_Sj;#-
z_$n9-C2qJ)Q!bt2nOayF_Jx+(xL)--(&g!1t83V0oTFb_L_DJ5s2yy@4Eo5M-b7~?
z!@BSHud#C6OGqyHX6juj<xb38aTkIi`S}GW=XAN0hJ~HAVS(`{ClH7ZiCCdxbXusg
zJ*)3c##;*Z;1UEkUz&(`SA|dlbPwfhxXq%lScVEE_T0{I!Df|*>Ve7iugxCaUZ87i
z%~!pa`~Li>Xy1TxbMQ+;&WUMR|D3>5{V?=%Z`ymF-nokPN%+eM1g&6@3OP>Q{Q1OA
z%)_ZIOX>*S!1CkFp541Yb|f2><kFXTJ-Kd|w#e135cO+!Zx^3=<s|Jze^Hk74oz7T
z=9x85+$`IcDyhJl`!z^8#v6KSE9;8)^itaeC8Pl@3ine&*iB+!l*K>xrn^-IPoI6c
z$l~09R<NYmu~}=n!P4exevIWEx=6di7)xyO5^fg#OE%;Guaz>b?&_(QlKdVd0cvV-
z-D!Ty)l0`;T5iP_4fRg~wiBh8HF~7>CiaCu*W{M%_({+@R0lTaW3YLRQ$|@XsWA@k
zs`VM+`6MqdKN*J<jd{t;=RG3?B%zAhy{Q%vbm@jc^6;gmLQG~*7dsuD@^ZL>;ReXY
zcB`I9OtCL=Z2AD&B1=-LQ5~Vmg0eJji(7lg8Sbvqz)tGV^@exrd_pj~`&fCLHdOw6
zZQs6rRP-1rCb6z5sAla=H^juns9M~Z*zK3G74MwC!I<;Y>5tzUN+xBb6g+v|^wf<D
zlG&@m2l2EoP|qtcFGe>MLcNqCnSGcIrC{FDq@k}xeW+a73UJ8*SC0FNs5fsh56f#>
z>Y{+o+~muMQl}tQ+7_YHy3Y+UB}dl(J`<eT4c0i9{-{x+2^nK2k1+42qb{4bnt1WT
z=CqW*lMOjmrt_r=23`X44pb?QKi^xNtCum{EN%=A8t!Q{Xg0_u6qio+>HZi(p<cyC
zM!kX(*@(QC2w`tKdw@iNTIBte5cF*?ws1jP{2=R@+J-M5Iv=MiCfz*d*b2mdmH7DZ
zfIogIoK0b~j!!>Sw$0%|vaZ0HJUxAiBnN*P>VVy;k=7oP^Ca_>O0M;YJHXQok+eZ@
z4wL6ah8s_EWrTX*6pp<_Vs~FhW_N4`ZmRwMNpkWLRt$Q=%TZ&Rm)xE!G%VYv)8J_3
zV+%?+wcMA{NZV>wrr8%&hgLkFOO0xF-%4Tb%CIIu^U`3Lkvv?Y?jIc+wJs)qtV!0h
zc782wA@AStA$wSg0=nXlx12gzBKRI)rW_P$q-4A<#@VKUc&_8B=8unUQaf84W*wiE
zz0Yz<-^&0eMB2SH78bO#muew56b*z4j^zstA_z$A_T=F4byB0hyYn2>z*I+B+IC@?
zgJYrMXLS_2jla>&w8wo=Kv9gpXumIl@?oCyV6ns8A7TAAF(}w~wydNo?5snQjjL0B
z_6QkMq!meRn@(pS2Oh{9-Y<(sTISL?>PAEQ4C<|8p43SX_oTKNui)BiUa15U<oU;z
zwnCiN^4UYq4V06N%K>~iKRA=Y^$Ha<>Oy3YJh#HRvdrGkVVd^|>~Y^kH`#5FkY!ku
zNPBE|FNG&~My(5^FKC!aSN2)gCQ}Pd(;ACXU4ghGeR%%O1ngBG-_W-=EbQOtjz&%8
z7g}}dL_o9RzzLwbw#=8VCeg^p!?%_II{52)PH3@qg}TE>jgk~-B5h$LXk^-m<CRgO
zr43E2LwIm}-PlCX#*txtlsnh%1kg@Nj}N|8GmV`MTe7F1EY;5$O9SH)$olZt^w@gA
z)*=0?AwZG=y4XYMm9_o=ei9PQpoZS?j%gUWbZ#FtF$y<<zZ^v+BWnr6COHZ)fUH=Z
z5)}6mSVs0sX%vI1Gt_E>TN09==DFU`sxR#^Od><4c<VagkMm(BmDcs#uuLEL<)2wO
zc2w_+Amfd9da<#)Wmz}JVgscfF{fnC2!coapcJarE6W9#ZWdmu&<R)%5#jfrj~#Yh
zcop9ty;=%Gyw3Yr3x@dZeOMJ^U-hu@nfS(EAMCFbrz0y_plMP&n+qj4E9LXCv((73
z8~O6p=;5?+vkp?tnM=aN4E~162#{H$v+jD_=<r4Fv#6T*cG0pYm47nfbDjHGpD?>Z
zT){vZL&(8ym=(XsoAjtO!6AU?f8wluRWN0tc0s$`Bv9NH|G0$bOTTcMmUE%`{A(jg
zk{tOhZtnR5CTQ6P`gWX&n|5Ph|NM6G`XlI5?RJ=(encE4%|Q+oh?+uWNi*!BovJ0;
zt#C26DaB7;h{!lmB@vEcldkK1GsdMtVu=QwpPw6N5R&AktPreFZ1K4{&ZMHK4)2>+
zt2oL*S&5mti9-uk3io6uus8KQoA&s*7q#IfIQ)~$mpG@f83nT7^vEkGZIm`j^v!?3
zPXBj^QxS`Kn*OGKsI$M0Cr!Hzn;IWzVkRH~7ZifChz)D;v3X=&!nsIy&)G(Xv!*ya
z>6H*a4D{iiB%8$G=N8CDm820jYdSKa*g$e57i{8;XIRlCtdfDjj=szj3S1roACv4A
z^v508K<)lG^Fk~1V)w(|*bzd@u$x@IEk)>7FQg>>34583lp0Oc+5v<DFZOm=^&qC<
z2DfLQAH6nesLvKdJ16lJQRuB7)?#v%IMw{0)XHweGxvz~iA}%!u*{anPN?LHoDP|>
zN0tYtxfw3xvu!|7%CXCt(o-t}{`5&B<B5tfjvB9TEp=2R%n4>yJip2DwcJ&Bycq>E
zr%H8F94iLht`w0;Ua7i`+TF5T1|Lu3-qB3w1e>Ysgb(ET*rr**zyUeYF+He{z*Tik
zhbOz<%7I3Y9(bCU6#68iNI$obiK&0!oIRU?vIYXD%ay4z#4xPbe(;-DsN>PE)SRdU
zP+zX>7t3yP^oq1|5F9kC7&p#wb7nJCMl>W&tzqqJGTlRK_rS_d`RmYp19Gf>lUK{5
zCn>}&$cYl>7MvCh(wHXXf_FF6+2joihR?jp8W@<FZqEQVgtOO2EKt#pM5xp9?EDHN
z3{!0R@{5Qk*)V7k89c+}TD!A_znx`~w6N*<75PCL4dwu5(qzY6<ubeN7vyr~in{wF
zebf`YI~oRAR9h$##XriUMkXkaBZOv+;<z{x>&o(kRgD;ZW!wx`Kt_3PR;6L?i%~uP
zhou}8N?F<qC!A$o=n|km7NdIue;+H~W+W!|m?}H{ZR4UZG>>9VRcl|jE_>mmK%914
z4`7qAAIK4hDaMHTAVrLUgtT_IhiOas5;YiN@ZcSm;Bz0&v*lOzl!KKz6zQs%!5o-;
ze`u$gg7VLhYlyyr{+;L<J(z)QBhQ*v7TSt;rNUNil&T$6R-sxFBR0{`&Iy6I1m!c_
zJ*xK*oG_scMp;Skak*Cwd9)?#w^~YPd5+x9p3AjjDELnMOMOBz3P_azN{(&Ez4=*(
zYzxwzgw7|HuZSmyN!$QGW1_9Dthw60EeSy0$E@X&`{V2C2vp<j{)_%NyB`NY@wrD;
zmlne!Tr;$xRpP~kZE=o}Ps(Dc`zC2xRo2k_Iuc^@YBUsV6#t+A1QxQwCZJ}xhbKQz
zv45f8j)|&TbE;?k^-<!HxER@^<+a=)VyJu4WyA$Q>O14U5Zd*QZKUDAAWfb_R`vL)
z>BNP)N}U=ZY#%1+mV~#!=}(X6yueh}$5u~@cS3`md}GPN=cBBb%;m`(*(N$Z9tCgY
zQXUBN2{8_?EYKxaC~rfdzW^OT$Q8WZVK}75+r^O)4vlhOx6O@LeTe>S=xI8tH2eCU
z075|I^UPap%`|B4_0?i#!9}~}RvDb*kLsB4nYZU!;h;&m2mP+wK`G3g1j@js$~Ufj
zaY5@5Wd5C7m(CfK?@aisT~y1u)=+|Xmo=7HErgfH3BnMwn8GN-9=OyS{Hh4Q=KiFb
zB1mYrf4o<Lo6jgsp)H}U5xHJBPByEaMtc+uYz5sBBhSp$6$^Wme^jRk$q_}{q)2~^
zkyb!NJ9KQpr12`sRG~0m17e(slz2>m(fqgK2l0i6+G`c!M)F(VW?esnaSz5(W6_OU
zhxo-SbDuv&(;ii0i8VB;D+HA*#7J731r{gVtj20PB4Z7cB8C<eSqpg~+QmuUxn-r<
zt&xUm;gnnLd<B(f=YNpk6&`~daU(Cy&hw?86sTG_i4J+eU$<@W!W|Y0sJhi5w!P;R
z%(EO#Y5=HVHq=g@MwIr)btisM5HldVAGoQ;3Y~-Kw$)&gHZZY5u6v4?#cF#eRDJ3x
z7z`-gY-Ci<BO8ujk6;;gZ53XPz-uC$`j9-HjwmMH0`-Dxo|2|OIO~Vn&YXAW>Wz@_
z#De+ewlug&MbT&7Kj?D#ZN`8Byb;H(Zp!c)V*7ei$D<E8v&oC`&8XDv1>FG6bb97@
zxw<AC2r7aqih04V-fv(1oW<IZG*<&_@2(JPbnA6?R%hSx3$)z|jiM-%w@eM!2>FIs
zd<+bcR16gqoWGOzL_eA=!K$9?o**0Wd**0w=bBo!-j9*F{QRL%WG;$F%o#$+SM?xZ
zJ@5YJd-1N^rwVnCr<jz{Un9~C6fXvEMcz_t9Q&M#f1KxQZR?*WNrj-`($GnW^X*ii
zf&Y1ga{YBRZJk#S3a{x~_6mhb)kPifB5<?s90aB3KK>0OWz-T~W?QA3LvLywm1;5=
zJh@>%o7Q(;T;3@E{jXBX3d7vg5HmJiXtAvypVQN{?lWi{rAILAf}dwswQ-Vz=uj!w
zrCKzn8@A^{dmXlqY<2p*<9KLbeP6{~H<CvOs^fvSS8tT_FjU*hiDxVshK7l7!U3W<
zLl0e={RD$6jjW@=*XB%|CpoGL4eb$@_M~M*asjSFxK^0&0sAZ^G*ZZDH;`$R>l1_x
zE$%&re<adbmU0C<=kv9?b&47J!=iB(-TZtN;)tPl4N4h|(vxc<)+L>XdNCUY3%&ZG
z(aTb4M&hb03i`ZJU03uhfJC4OJv2cT?^+PBN0cu$S89pz_&9vKq)$f7Qa9@6s-xsF
z?---wiULvYP#8&SF|t~d3HrtN%2r(1A`2QkwdRtfHWl`vvvdGWR5EHE6is_P;4&Te
z5hQ&QG0CkTR81nXEvU8q0WVj2H6x)J<70fI6QbL|d?wVguU`09e3t&>vX`WK4nBOM
z&4TG_1l^dUu|m#IwI)5(*(L}OC%T(?v|;?yjE9Tc1hW$69*(LQuv|LO&~apIN|_D2
zxB_z=Q`+%+GXu!KM9j7c_7(a`3!7tNedDy|#@T!+2Ep}mYHVahSj&vLpN~%hI-2Ca
zR@#=_AP(E}ACGO=zL$m~Y-IEaF$-~zsO77a^Y}jvm+lgSsK%T2cZ(Z<IBd3$^VM>k
z>g4F!Fe_3ppVLVpmyh7uC-+K{Sz#mdT%(<?pn8d;phIp~2~l#Or%yXcbi&oua49JO
zJo_{7R(JN;x-@lpMWzT;@J+L&eh<e!6@5@{(jXRgVX!R?0);Y+$)Ri>&Y`r&Sl8gK
zCeOHHvmj>~ylq!yQzYo@D%WSZ(uQpoa+=3y4N?D2^YWyo7zg7`8O*B6Xei0#tMuLB
zrYO7*e3E6vqJ?%5d7pc8)08rT1EI-ys!bB3ZECA*!=#DnG{J#fk#IX3>WT6Rt+A3j
zRQxihcLIZEGOYMC7N>og{1E}KmJSWP^AN5edU{i>Ko9cued}C%fqT3T{9>Tw`QJBL
z_>Srua%JGYvM<Q^488aABKq!f-@xVu>EAeDsD9VXEzv3z6kX$&1)3utXPnV#?{@$j
z9|9ZqdB&~n^IMOi(BvU^>oF7*rbhuYnBUB*8RmaznV4L+DrreVgv6Hhkd4QmOgC(9
zRbKu8nmwMgU}@euCHzUYrR0-gz2nYA{N0h3WM}2r(Q>W?agcaoGTnPb1v=*fsL)JC
z1&dImA_mKNpW#qE_@8^%V|x;iv996m*1DGV23^YAzvt#icm^1OTyg8~a;d_>tR1&p
zyqUf0*>O2SFwDM?(9iB5rq#0-%H<Vu;ojF$xs41GmU|w~%-(rqzNRB?bM5$A`1Ol|
zCM$}1Bdx&pD6tLa^2mo(Hm$6o7}F*HM3IkC-aMcQXJ1$J4!P3D4Q84nMRSyjJ>t1k
z9v&j$!st$tLlFl2)ty9I#7|{v$Q5DwfFXduGE97eI^zWR19G(O$=B?e(FJKxAWJr|
z8pt4c{&g{A+4QTU(S)`!exq~sDan&7@~eq+-7i;cqF8NoZ$Sby4OFuUPo&C5asX>N
z8`?RtE8TLB#0wHK<|clr2LXrj-+X*Cb#SqCuYHNORccl6HUSr;RBOEtg6@F@^)__k
zVlPA=n2+IkqAqYqV1>140EJ;aXt6sYp&G!biZHqz-g#&k>3U8*!>?eWJ$dMc{ZbN@
zRiOsRXjZU`Wn2tZ)pf@%)aS2?Q-$%c!O|AIP)`k)P9^M(l)O(-3-@Gnq%+ANPmT`x
zDkjpn5yF@qo;ED1-Gg!Nnb5eeTjG`9^4GlhA5jTCCl%pm8`cg)1cd;S)DRX`_Bc`X
zBeoQ0rt@Y~Vw0oihz_J@1<IVTazzs!{;k@IfQC^JrxX4Pj|o+VYh1t>H>Qos@^f|$
zW_f0~T=OTB$FfUZ3AeeQfvm<{D68XLJEQn1K4~#R2kA)Ess&*SGGaOMMI?-=CNil+
z#h6VxH{E;b!o{71s>cztF4#R#nJWIH?4$4vF?Mq!6>Y<o)jS(!ehREV44{QiohO>k
z-2U{9Zol9E%Vxzy!@7+tL0Oj5c%f#B{|9@fn^ELdpNVFCKE?5R4bzR+!Ppx;ckVL8
zdH>FE{~JmDp8|@1F#!J3^8L%~GP>yB$(^Un{{FCbY2NpjopC2O=4WZC|HWVb_jfU|
zSCB$C%6}z--@P?|$>5Uyi`&VBkaiWT5g#x9zLH~g7u(elCq`%*>JtY7`WU1&5CV~N
z2h$zfocK{^s1N+YNLAoPVZ*dFO&5t(;N$X8=uJV+f9PT-V5MB;ZVu&6cMoMGRI@s}
z;&R!#fOdQyP4f`CK4>LVFz6dU98I>nXxQY2AZTkxj5#~oMr6mYo}u+j)O_y1bL}i(
zx+JY^BI#TH<#`P$d?NE?2K}<mBTfQcX-$@A1B~$Ox(X+iyttOVTp?*%PE{_dFwpji
zC7#1Wn+$MDxIRYRm+t!)kDxagU%=}T-OU-dyr&So(ky5D0TW%o-itgVITnR}gYUS^
zuwFD|W5@I|Qi6;}#XJj#$8Mfr9at25&E$xJ>}QG<C=a5HUQ2<ACoPLBi=Lbz={M|8
z_kulg?|ZjQF$|wLB~Ax&)?~QboNSkAqrEeuT@}n0R^=NH0}&83879@p<AFP6!P`4?
zdl)I=VOKre>ui#|?Ko*EwUWAOO2zK|0H`@945`d={;;MXo+Ni7FRi2Y(C!Y_5Fm%i
zHBT*6&7^ix9s&6$)Ad+aSs#PD!IqwzerChU@gIwdlj$+F)&K>sx60B=1_Vc-=<%7t
z7tQTaH6W0@C<eUcck~<S$fv-b^K#2*u^oB7zN}cUM)+7T72-Ob_arPbX5;7HtY=$i
zf}z~@wak+W`4{u`U?+~^FnwO~HUA;+5QaY`vycVw5XR`m?7N|KyIjhwI3-D@T`s%C
z((B_?pS#mYS|yg0s(>N-VtIIRg~|ZzM8leh--(`Gx}~CWKt_96QHuF!P38-~#-S_2
z^)-drfPTDUpB=vl0tMTLd3hpBF{VXwt47tDB+FLj1d}A(6aB3VWT69C0R52?pfPz?
z`s;&2-e40gRj$(an-hLyH*XVn$I+^3E7*f(MQa%JqI^gQX8&hrV}VNcvkU_tsn4t@
zVE2fqK>*n#xvdB+C@1D)-zn%jbPuaI2cTiM)@L7m^jfd6mO)Dw3yngz8jX)LVz|Ev
zy)r7Vlj-n?QY{t(@~XRl<+6Nk3z%P%=0IC0#1FIP5|K`~e1+SvcC=V%sBTk+cRgUJ
zo_IKda(*T{|E^#vP&`^%M(A``dcn)D&D?LzVh_L<HIT*RpPTox<Tp?{?|>l%N{3~m
z(L1YxVFkZFW|~@0g3^-C&_$pIbqqke{DPnmqd6%iX^ZD+*A0+cz2!Y89<JSmYjXad
zto2o>pCHI0t#kR?CeCp4b_fHsK_2d(N@^NDz6>Z0hhpvJxa&t-)S~&P#vV8*vNSw#
zu{IE$?@;v?q&v_@?w}r8N;Y4-==#K#W4QcFu$euuXUTM}8;M@{R5sikho-j~lb$_K
zMJ4+5OmlGOXQj_3do}^V7sxfxCpG1L<O6t62itc1$6hLAW8LH1GIK|9U0j#&-r+gN
z!tKid62Yk2hwLA$!E67v9`%i|G_9s(ff)|=tQ7=sw?o{(EFC0L(MCsTba!0iIh7n8
zYaXar1lRkKp-VA?_kJ2|;3g8<j8>8-iVlOH>o8hAT~4S$lyP_*C|dS}SWztiRCDT1
zCNNOs@{rK?hGCHIcNc#)EA<bS(9TazW+*SAx84koUajJXQQbN<{LqFYNWK^nX9|Iu
z(=VwnE(Im5>^^lW*z6wX0h|4}LcGM~o+MtrP=^mWNb63de<C&TrQZ)dmcpD>z@Pe1
zU1}AWy1@sva8#RCMtmKwqxJKS_l1lRu%)<eLV15vbLO{chtxsa>(Q&<yM|)bDL}ck
zz+{pVy<s@Nww(B5BRr+asAzvf>v#G-L1obP!Q!~|u-*7X(?V43z;O^eZr%_?yCl*q
zz+orrJNLR+mAyrWDEd}TBotXpxfYTZv*a!^z~7DkX5@xg?1o2a4LK(F=sS31qT=d-
zqE^Mi5qnw@Z)Ro7R5{ul8qc$Jx-C1l<RIhjV(84)7_yM@&6rROCgzzj8(YAw)GLk3
znHDeRNtHEHX};H@rw=2_7KN!hpn14a@{@?Sak<`w=K4~oJUo2%CHL#X(4ofIW?NV5
z`5=h^Ghe&__3H4Tv~GOSS`!Q?H#Z40rI(k!vbm3!_aGeGH$VSthxy+VEB{Y8?{X{G
zfgd(UvmbxyC+Lqg8umz*JN0YbPXBQXxk6->#DzbR@}W2Wfby(q>n!rY9(V5!t=J{F
zY5=-_>5<Dko%P{pA0V6Jyh`QoR45dOt-%c8g?3CRxg6cXd<P3@1+1!seMmStp!NPo
zq=APb0xi}#C49xzN=#3E$dE632~{z*Cto(nRqqVj9b<~7TZ>0{%#ZT#C+<-AH!-P;
z;^5z94DxPf+-n#t?u)WZc)Z<Lr_i(!6>SY<j|&)BE9`E}QbDEQuk{%K*;&5x)N1w;
zUcqQDDTn}LVq81~_hn0b-dvb-kBilQ0<0WkWza7soWNpOVx>IakS~OiAdSH8v70sN
zVH~Sj44SCLAS<70%Yky2D{eYLeTmdo=YCB5BWX$hnk3OUK&{8%A4Lq10PA^ehCojb
zsF-6|lY+i!I>0xr2}Du*jyHsYp)K{RP)6OfZqJ;a;&>{mW;oVumfMlF%4d1%k1Zl8
z{QAPIxT1AP*1Zy=n0d*@JPIt?m67M!1hc#`+z!?sYDRb${qzvsgQppI_}uI#`*0c!
zs$P86>EblMl*I;>!nS@A_*Q+%*E%i(r7V3><Z^b2Pl{N()2uRY&!BOJRwgj$O)Ne3
zyPqH|rUpZBH(#(}cjjZMNO*YF2MwGu`xF`o5=fGZ|7?G&>-y`*Hj`(Tfy_#uBRR1m
zJ}~kU&iJvQYx=mnQ@K`SSmVSfp|qd`ofEPMAbgYI+UKqnF(>d2grlivwvR-Qof7xn
zVOLJMO_w>hmXLH#`(Mc?Wz`~Ovf-gSDs%T!X$!$OF*r}Q8|)jIy5!#k$P0#_k+KpO
ziVW1HEpD(U32JD18E!>gw3kvzZ8aqPm@*N!V)XUI85WCK0ndH$D0e-_XKMz1V9ZOs
z(DCgKTHovQgz{Gde`#F0zw<%)PHCqfA%z7B@^+%+IU08yK8=f67W!$bXfJZp_xiIN
zZttg)cOX|*wWr2<AK4n~0!fJa?20q_Y+kMH;CkL_w0%}CTSk=pZ<mO*x3tn1x<-mG
z#2X4QY^+4KoJdjmrES_tO$1z=3pBeu*S+iedU?f`IPHSok6e>pPdR0l3Cb-KK9k=c
zkCAaUxkNGN%!|{#40$5quIyBBA?Fjoxfa|7HnsU2aEyK<h|e`IbJ_V0L8;aW_mgxl
z|Li8)W#m(xa3Q0V{H2+p&2MUN($Rt2pWsnJ9Sw7444OnZpsyo^!`H!(DhR-`J*`p|
z*<zk#&4y>ri33~iizAT*`kdDy7`HlVs5Wh7St;2PdK|ObWgB*;apO$y`ibyL7_|k?
z+wCKw%qHvJz%ImYZqQI*W5O(ULFQ6#Mi5k^9dfVA%C$nq-PqRn_6Dcf<r00KaDOl@
z)!QZtf;fJ_-%WLc=ELPkMp4*2Or$^?wCYG{KnP~LS<*;kBPGU0d|)@Ht-@x|UDP@M
z_F{uKd)5h_0G;Xpejc9nGHW#j0a@+7j8-ES86CH=L1U7ZOMHrrNew$K8nFiw1k^d_
zE(8O`5Ya);-KBlj^dE7D$C+7MFR+8U_yT4nOrZAiffwTo)J!}5jj*@IqAo&tNJ!&i
zG5TXpK9;k?s^TtBj&{j?@1snkh0rla=gh<#`5Sa_b!u?jR8ScvLw?OrNoTSHN3nLp
z$Z=iyW0if&;jTSfsz{#FA+?T;9crkQFU4rN=+8quc9yk_cef=t)J>}9Mb9<DpvezH
z&r^qI2hdKFLmJ|8V(Q5m1lw3c>3Rvtw%WIvqNdmlQSXwUSIN4dUH!M*DwBaE2VG&C
zr3%?}3$9`UFBwqOJLYmxk2z;INo?flu~dmRw7j<VX+{i$)gI?m&+{!^GtQWU&#y$a
zoG7R{0+WgZpz;bu?va*K8Z-9PEOkQMTAmJ+E?8CkF;Y0xP}Yt1sL}Uyn>%E7wN8XG
zyl_<4_}*VK_+(%VH}dt{Nf3350M|Iz^F6ZjNOSLy`yqYY$HyZw7M#)}H>r|BypNzZ
z^*)Y%;&H%x<F)_6)ujAyGeKmMQyY@y3Cb;~)etLH$3`T@#`s>i%dGv@s{hMmvWSS`
z@@3#ww`7{sLVU^j7h;Vt^hexdYRFKLCyuTFM-^WHN?@;ia^=qJAL%(eZ8eWZy#3ma
zn+_=CuTk1^s0ZdE`p7>Upn=giZ4@N4$5`NtV)g$Z^1RJxm^b(?#5UmYZsflC>%Ym~
z8D7aur^XufMm=(iTj;lj_Nx_=q7mbchRR`#JjhDDr2}vG+i*=31ZN?1g5a^$%PRAs
z8T!o)gDZ1;d_t1O^Nc!q{R@Vz*i~ly0VyN3@;9>INewxp7(LFr_vo2KKkHwIUBa~;
z-^6=nw(;^yUS-!rGVW~0NwpGEsMTz2SBpF>f8icpYuiB-7hl(!7zRz0dM|GQ#8rTz
zgg==AZH$XXT%}j0yJH+c((hI3v&I)d;{FnFz7Y@dScS7=+`L?+r8VDo{$f#BK@H^+
z#l*%2{No4^cP2PMeP2&t@-A(=C4Srz<W{aRl;!>gf-2w(S1@(?!+%yxy-~?#2F5wX
zBK#eY*Gm@UM%uCtUnCuv)mD$Q5F1Y|N*6aXOEs=%r`!;QM?EIInxDYo0obRQNcj`M
zFx7HNCko1#RE3i1CrR!8tt%}h@E%yYFXLc!+3zOp1y&@=TX5pM?PGYKzL#~~3g>Dl
z6m7*3z)}8AOjyTFvZ1d_-gCxLTFIN;Q0z=51SYjN1JR{;YB$LkPWkEpYA!ifz=Hsm
zpd9U*EO!+c!3c!j4C&i2B-_SfyQ9?m_|2x#hr!|Fu48P_SEEXWjwV{3;<m;fg{C^o
zN>2ab`HJ+SKfa=-eB#_Xx^DAnr|BIFo^7>2wvzo9s$hhc)XUCkke@tCJx4Kpw9LH(
zd2po-3Ng;!|E0ZWH9ysr+v6`Iy``bwo*}=Jjp@rj|0k1k%0(3Ra3mASwkQ2*F4a@<
z^<6wN*8G4!$oD~2sPJ}t8cyJWBEP&+zG&~rGwF^MDU5?p24Hw?%&csh^nB?~p!KNs
z;(_COS{2>zvzE>Wr}r&d@;9!>o<N*!pZjmIgBiu%+<l^S>5>Ka{{4c92X~381R23N
zo8rqiiF8NnOLVAGuDlqd`z#WB^}>1|l>ENR)&N`1BOhQ?Y>~7nG;)_fFt27srr`}h
z&>7)jKAt9Lx9J4m4Xqkw@}-XcD7^95m}>I4nf?pdE-AxQp~Wu+pfto)oeg=-=-=xG
zNbyRXSFs)TARTXCr)~VWpbrxkO__1v<Xa9XltxC$ZQs+-PAvnB)Z<;I`yiQi3(wJ^
zmJ=!&8hITl^4(^W5oTry);(zFSI!qVcv?bYrm^|0BJUi5JU7aM53#}A?RCGcUQRH+
zc0zuc{`6&b1T8SXxz?NRRI^)rVG^aY^0gsv>6)i(*8I?>ekU;oR!jxFyS~n#eon^{
z@Iat;Fprq<Uy`th;z+-f{8V)s50}BEDD%XDf*g2l6;|2%N?2X(e7W}c|I^-khc%V;
z`{Fn%3W^E}NL2`-8jw&$z@d|b8ae?K2!Q|r0Rd_1DAHR(2pt3xdT*f#N)Md`kgC#D
z5KxdVIKRxCx6C}}J#*jRz0Y~>ANQ<3vLVmT-fOMB_G;fx@t7e-?5?4HVqZ6Kluw5*
zTdsCn7{{-~o>y{-g<JA^Kk8<;wn><;aJ1Ns7F<Y_3`z#=V=rFpe`!AK48Ipg@H<j=
zyHt>gQ;8akWNz0YHmvvxfBw?&45s<iZt0zm-BG*;plTQ`pWWNNbptYeS*f(zJ(?$s
z8L@H;ehqHAI*4pVFQE;QsjRH-np%?%K9bqBCCV)Z8VQTT;;y;5=RR@-M-(P;ooTWP
zU;&AF0k=e7YHF<tUgyusyy5-b7Fd*?Hd)^8orxnj(Y?1N+pc6=-6ZqbLose&DMF|u
z{tveF-Hzt5uz*w(gN_I9PNF7DYi@bB<Q&E`6euuCplw3C6~+i7tC8p_*E^b#+M3Rl
zbFL5SbMuU`S(>glQ12bf9L?@K)aH+Ji`#CRHG0o~7Gi^lLU44qT?AGnsnFUiboH6s
z`to>1(++GE`;)1aM;Dg8i=$6giHgget)C@N?gD1K0oPaSjW%+iG(KoM>7CQMS|&yd
z@^jbRk`)1+3>v;*V|78tt3!T}8G0m_8Yq01HD$)NSY+AkR(s~eQS!Mi**>=v5^w0t
zWnL$3b!CXj92k(0=+!+!7@%e`Eoe1vfDArK;+vmK7f`w)qbzAymubL2NWoE+NTaUF
zCo83b$Gd~tkIIjuJ#F4**W!A_uqg&z%4q5`Sycm?3ZU@gp9;c0M-RU?$&7A%v8VcR
zcHouA!=)g_lpPyHiR|R03`^MZfW{+kWQ(pKf|&gc0-ZwyBi6tGrg-~?w-WLnx}zEv
zDZL_mvC(1Q<9N1MgtF|?;v?O0f>1w5u%?Fm-?!%e%v}4I0*!w^_4nf+-Eg`k3K4vE
zT~6>1DUW>D<=HPLa#>sFxwh*G;~(c$s@>=vB+%7e3=pZL+)XySr;&E%fpSG$>2l|t
z0=Jt3Et5_6R%5zvvBry=GOZan39Vj1;fs3d{=YxaDd&FvGxc0)=bZkx%+u6|H-&xG
z$0e`*GTIXgUz3gq(s|B~uYKl)s?gof0d5r@Yc;N&tb74HJpZ<ml2_R)=O(x{Hr)%W
zz0X(ValXMwH$I94<S&?;CFIv1vwEqe7UG@%AqVo$g3{rR|5R?KhvaC6FUQ-cjQ)GY
zBc}yF;L-)l0<(S;1My6}!IsoiSlJC~E?kdFXQBdu;(+~_i2la&Lbf+(idVi>ec}#^
z?JBMHZM<w>W!~XV@oiP+^%8@yO(d$bh^q|5(w#Xkx!T!S%5&WYY=upFkt#bRmD+7F
zk}X@@o~fV@#yvQywrfCba_N}5eZ1SzQT*A=dtDzu93g(%X-s6PhaMBJ)Kg$9i30h;
zH*iVbFfl<K(gVck3gIFNn8fEd`CjDpzx4c<#nHm7hr~wfE;mrONoTIHA_gdwg(MOw
z2oG(X%AO!UXeBJIHdOv?)*=LUpT8Kw4&%#F%0pB|kNlv}_e+UENnEL^Tq&7OX+1tM
z_w<l1V|+5nVry|A4H;hF-kq(yW&yeclBs7Q^|R(`hB44UWII@o)>y<NuajxDs5rsr
zD0TaF>}>e;in85y4MUx9hk=5N&x~-%88QhAiiyD)@GH48J6x=cR=%m@cbH4%g#~`X
z@whmgH`57dJ53};BtYCLO!WOE`a*!CBU9l_*OtiV4e${>YG{E+pB3WA%qKrVcUG3W
z5vz%BY)Wk0RsGSrXwRBKwkj{G(=SzOrST|=)|QlDd7j?QFo2k7m!r4x=X5^3RU^*C
z9iDwDN8ftew^vh<q50lzOe!&~%4>c&Fk7ueP%c6RZJ@qfaHemfJ?1*f>ub~B-XP{A
z*`1El5Z|s$$uczWcw|6eYDcCo;NI&e4&R^gP!->u!G6it9lNn!rgb#=qUgB((KrVy
z!FQPFZsMtljn=$PIu{+b<aNNh21AI;H&oPfGEbC74TZQ(G&1r9aQraPx=_r*19dgo
zFjrlGV;Yu{**44S55$D<UllH|&?yC1jyw&%@+z6sc-;_>O4IlxpW$~pNDri+*2t}(
zuDidr-Ec_$LI<G7E$qJ)K&;D)soCnE><%=<y^0Cr-n8{HP-;CZC<(R3llW&+Q&S_3
zFz7z6&N6V}fjn!<%gg*&&vk=4d}FYPO;D~nAF%hX@CfXF20St;l{|HN1*mLo8$?-l
z;GEc6m*x_&Ifk=7=vxf9A}_2mU#^)iI0=)j?SplF@T^ZFA-L-CAnG}kTI^z@6QVX%
zpT&33XXatm4MDQN^YzuG=UBRH;<QHl1&QeKQG&Ep?09DZUER;7Q+_5!({;&dUMP}>
z-uQNRvKA1uZo6*7fMV7*@v7z(_5+xhX%oM0%oeBB*(1%`0>1e}^?;g%1*)6Vur3~|
z4sIGOd^5@34ZOezi(cFzZxOrFokLE4oC?EKd*q;qs(oxw+5N{vxCy0mt*kfQ(u0dX
zV`alpy7_$b$sSLjETvmx*UTN_bv|_igUf)Viaa_BLB#jRD$rWOkUTs`=lH6V%|jJV
zA0)XeFPRo3U#TS#2T$1~Rf%94uk|@dWbTM1%s0R|aVq)o&fKSCpRM;s%^0sORtZcv
zzT|>C>%gJvRw7KbSCU?2yM^qjHD`?t`enw>bvkmkcG*5z*SoEuKFGGLntDNzFcx-H
z_FRkvZ2NgqFPWoUQy+_CdR2TU)E-wYytSg3BtwqH%uh+4gW@xBXoI1&01t?aAU%YY
z%IPS*?s&Ot;ayu&Pmcso6YgE;PL#t7Vi}K6Lwd8f?BUt<*0+(tp}+%=8e0?BbW7im
zeEIvvXbTHLg;Q;c8Mypd8``pdQ~YSlGYFY)n>El44u^gHx;;&Jz&(X^(5=nM?<oU!
z#F%rO6EU%O@ipQo?rq_R$N*}}OF99|bW(VY2+N7Pq*pg>Jg81@Rl<xXEG>D$#ch;!
zQv-guerR=r>W)*iD2Qxdf0cniS6P~Y*S<MB-jd_?-3#M+4#5xWVr0ki;|ZU<m>_Jl
zm5Na?cspsPG15HcbG~Edax8pE>(oVe6S-RR+e?Mn@b8+gLaNj5HUT>T4@nWqBv_7h
z1GlrzZC{v5@C+`FW-Lxq_F!u7zceOdgt6OCzsx#OV2Fw&roT<ohq`K-Vb|udjGH>4
z^OIdB+m;{1j4f;>lH=KUg{Pe6s1Q{b2&=>ctVm;EMD&=(yZA-L4<dGEighd@nrv1L
z#xJ@xSiDup7FSp~K34hvI0e4<`@r(kA4d`Tn(mJ>Ku>-@BgrwFIYi^|PRHYvC5Pfa
zfkcX*j2G8d=!s@#91CYS>}*U`H+-|;$hr;1Q>hSZKG_$IBzkO{g23W*<Hs~+F6zs!
zHnq0rUpO7F^UQtPI-9Gh8$MP~YrCTK)Sw^YZB8-f;`m4|b$@d5^vRR$;wz=n)3fSn
zAloX%)UT;esaFXwozsbhLTmG4{E=ILIU%jpHL&dVj^d7{I5T%|-FQ;fOgJ;IIh-b)
zf)S#7wlfJrFX6GQLcd3ieHa+Ud#-eq-&mZRSu`^#wXfW^+*<0uyh(Lhn3@==V=WT3
zVr9eWR7byQ=%LV5Zl&s+yqfrn<B-X?NDTA0QfEqT0VWot&=YmGcOV9*sjZC+iE)2%
z@@^At_M(uc@YZ?BI0}1N`pr?vmjxz#HH*zIKp~3gHtVNkPc@Zhj>%vPsHpTn+RV+A
zF$qL8mj?wEw1cII3-Zb=_3=ZQP;o!<?j$cuw_MaAbcj8-@t)eMad|7OtiH)otr8m?
z66_BK9V1fCtJr0~$NOJcl5Mc%J*P9aHJi%)GCvERX;n7PO~t89<jLLGo70)y<KKT6
zCWR1Q^|d`O%C;rK^cih5CHiIXLAo$*v0R~gtXdt8GtOGlL~yywFr2*f0~n{<IsQzt
zh&WQ-HeK^{s;ItCBz%5ftFxD)tis>3%Kv%5hoAD96NWRkKv*;&-6EC5uQ_Skm5o%(
zX1(LI$1-rYZ#V06#*riVvlgAS`@4WmW8;-6Wi47&iiAjIc&_AZ1bNaevG$xHa*jrc
zjvdj=EkYq4C$5ibC|+z7=(h3NxjwUPyUbUHM_h9}&=O^Ez-;oG9~DRK@sw1Gi<Mc9
z;|pV(m%!;z+|1e*;Oi{ZJQpb9C}@nm<`tJpnnpW5KCrlB=vBmtTD7~)>6&6nQp{2|
z^+*fgN<Kvgl{AR#z%UsMZfp<Q^ijyOeIL-fw**&;m<V&v>f9xv*Fg2YlH38nkZ3C4
zU6ucu2G+P>pZ)Y$X<RhZi?aF*Qn~4VQfUovN5Vs!%!Y%<>=*dRsO%^A%Dg|xX%+2g
zTF)^twtxJ9i#(jKPmI_!nyJZzp)nEx5J812x=^@w*+4`@IAei9?T_cF*p-`sXIU)4
zUdv?eIs#1~@15TS1j2@$J-)m?``w@C62rtix;*oZcH{-dGx0hOr<SI*F!c9@APiJC
z5jX|ewiP-QqK86lBX)ULZy2(7C14g62hG$?`=w)V3MlZ#=Ic^vkAC6IeJUeVFou&6
zoOF7^@MqDkKWX05rHm@2enh?*G|PKD>OG-y0Xp<6!^hes=X+T_zcN%8)8<sGKP1Xb
zp#_U0RV!*U08(AP<HBu1Ik3qe>e@B$=aly><sgf#o$e3^iKx2=r2%S3Pb7ZtLH_DP
z_Sk`9*-@K)vri~c3!x*oEw3wA^pPp)Ax7X7(#`r!7n7Pl91oHFpmCqI%rT?oi_!h{
z)1?+d(1dPV{52xPHS2sRC?Bu=Oyjw*H8*l*lPwP;#f2MzLBhV1Qr0pw^t{d+xWQbt
zKrA6Xz1Gw^pnH#oD*zsH8B7mmu06gq{m<MnwxzBzvKRQ4&7clcLS&sYge`9wvYCDl
zU&RoE3OMPt@Kol<N$9r}npU9k%8s~+^Qxa@^3rf^#g2`~2@-;?7PN+R`h5L2^Nd><
zrGv)eHspcD{OgaPg1ZWG7Hiq!M~c7MIu9WXT0LAVrc}-L?+5gw-wY0#eHZC#yYQP!
z@izjkB0a5S*D&c3?;nNIpO|Jj6|sQAr!`^~6V*p*u_Oq1k}krEL<(9C#4G5P=Rrx8
zUp~AOOfdR-(BiLkW!zt1A|Fxm+OFT!*{n*W#Yc5uYw+L?ce^@}Y*YLAW=>`dG6hwn
zUsmm;r|V>Gl2m{*T!bdtLDeI6Wy^%2&<K1YT}GDUmy5-w7xKO3Y^=<cUMjSI;R%eG
zAOSPdsM1;AVxk@VE?=NKDSy@|CogiWVDc1;<sPe0awk63qtBSP0o{Z}H)@0*bO1G5
z(vnWu8J>x{zF!LUpVfPqFs;vIT%Bt&Bl9?N%r52UsDZ1BghK6DuG;GU8!P<qQ29^-
z1qwHtVf`)n30`Nf{BNk--`vobYd?SZP<))Yd^h||#!#}tia~fGds(pejqOFjr|pla
zpT8PCU2ojGW6X6JG4QnbBvUx5A@0Qp-Kr%fu5~Nl(Zx6Qem1Po7{p|)ySpdSg;o`*
z!itgw(*NGT{%ZMV41rQztRWC%cO+dO@646W`Ob#*`We5OrK<y3(<*%D`ymQD4+@=5
z|G0}L<0|vOQ2oJKPj4A8sIkBY4C)L^wkXbhuoJ#y3Hresc~QNnT>XNB?Q`};x_*6J
zmN%Q7pfz+~VCAd~7$O#wP2^+~gs{=c+FDht!5VZ=*4+=d-`wmGYmY^rQ{E_te?!M3
zM>nL+F`#l0bzh2pJx#JFuJP0(z2`%)3%3vD{po(_vY3S;aSJxJHHq<nu7XKM%O5&X
zW^G9}6Xq?=rb->)qa0MC12??xi@;!;R@21vOC*U%(PlSZa8WDGkYz0rqU#qnvL61*
zaCGjtqxa{mG2lE`tB?ITsZJ|md>Yk!@(uJ|A7y3p{Y_G0=b=&e?ASa|Um~@3#UuMc
zLfQDeI=NdIg6nMmEe>-pEbFjX3fUTiS0uBArQgx21}e6B(_Jp(9|7w-h4$+ao_C7_
z{O%;J8pzTl-_=GHTip;#9n$fx7ppZMYt+`xzLfbcS{rK34_-haGweW_$hz3&aRqC-
zGD_=n`4zM6FCAVoMwl`>9K23Xt}NF%itf1?a$1O@sWl6NsI$4s5+lZfN*s2w`yOvx
zi$Le&T+p>S!YC9S*E{<?HA3=o#Vuf~w1{w3TYH&f9&1v<fZvsXn<+i{wFG>M$po3-
zZdJr)c92C87c-x((~rbh>lcv&(z&=j){6MOlj=E==Wk8}3etFuzaeCR^0|_yf*wZR
z$01$SA-Zy>wa#j|z%X=XJC+Up+anFV>9?O`cD$~teKhqcNprE_Y97o4!&Tv6ZKLLA
z#U+A?-;Xs<H02M{bn}(|%*-3-`#k7eRMQz=@$X_4g=ukPPPdvUlFIcX+HDq~;W7JL
z(I9EsRm*Xq56e#S!vUwPU~b-tUeaz}2T`7nK0(I?;UjkWGgh31PmFa_gQ7!q@1B%_
zHuLw)#ykGX5O8r^fLXRk7a+^OA|qwIPWIg8isXOn`FsUvemV|9sVbhH{(MzBJ=Rwu
zG#LQ|<|fSKe|v<xB?g0!%!`h{bKD5LYob(pbYA0jp(CinRY0TL!2Rk(k(ZBDu(>($
z_USR@r#kE;F?HNb&jQB>T}j~=Yro_$R^K1dCStJ?9!ol(=_UzMdlv<MN-Vdsa!v)Y
zJc5KlJ#yckqI-q>oZzQ0D%2H0=VkM4VdoElVh{zknFy(ixFfn!vAqwtlQT(|w&(et
z@4Fnj;Zc=Aa!d-dm;U8d!(SO{<Z>YImH{USff9!DTQEPuAxoXo=;r-sM?tW$|15cZ
z>%2VQ^Rf9$`Rc`3Rh|0FnN_&$6<ETz_(n27uA+5Dh(1%t2?|a|M7)>=l^N7&7}2c!
zL;|3+`pvnb{J3wsNk$98u-HCd&8^rmu^X~D$jzrR_@2|H4e9CfDQ>IZB-~5*8Y!DD
zRIwt#S)B}M6d_HcI7Gr^u*zO2mSx|)NN1rwNExR}x0mC*ei?Le3=yLB+QB)QE`Tnb
znlwsM;eM7zvsq0Q;nf%}TJ~1K>-2P}<u!6uc<A&}e66buPQWtWTd6RwY>A!ERn@r}
zd)SMeg^s~(g&L-cm}M_Rjs@@Nt}1{*uZ(}zF7-uRkG8OmA7ad|j6TQZ{>V%mP;Me0
zhEO9t2lORq0XwYgr9@>}Wk32Dvt6`KFF$;`H801wcdFdW__OIZAAy$5Ud`q@bHSk7
zP<I*^TAnB%4v+zo_(ezq&#Hcwd#TvRH}KWfodCmf3cEYp61g<|T7-%UhX|qaAZ*m!
z1y>n^8Lm`p%GCe4-2d-=_SHIv$-e3bsJ@;OLjjMUifOK1#>?oi0;Y~QL(Fiy0$bA8
zckzON887@*CzNHe&lU7m#XN`ZvTM1q#X>S(oY__we*k#%Dg$oP)`$FA=K9}9f`1(U
zyqfxx?%_|xio0^-yE|L1m=`_ijBXO~!m?qwMZ?<KH1p|^Trk}{7YwFP0S02c8BW1C
z+6)cQ@deh|i8nUS00lX&;U-&9`tmgk<EC$7UUDL~jc6Ms+bavuJM1D02pz_axMW~q
zYW$M#r83twF4KSnRFB5yl5Fmje#3MxwKmm{er;({PraSTddr}7z9EOZMhy#u3=^4z
zFV8RGF>AB8h10!uxzu^!MzmN}O^>ujcl?Xf_){5m{nrb8jcQ`gj)^z2kR(jT?<1PS
z7EGP1>X+ooI>3{W5QMJrwUAhz8%IaWvInZsldZ+|^M2NM<gAqTv%77u4Ain#(^Tw{
zw$tqY_FU;d4d?Zl!L#FctAk6vzW;BToc&+9;e3(P?h6`=Ssnak`(wcy5(h_ijq5!^
zd+RIQkM8<3h5ush%ao;5SXmV~c(cGu%p!Se05$!^Q3fa=eRY{7{G0>${u0E{d#=u3
zkR{&8*F64IG9pfnZzh9|5>7))e{z))Pk%)<P((e7)>9Z1_gY@Vi|pXh>J5i#`MXz7
zYsIYP9{V47z;5}GC!&^Ldlp8D#<iQxH4Mnpoe}#zC~~PjUZ~*Ni_lH|JC8!@yn$19
zXYcP${22WrR-OH-Uft$lZ$o|N@G}sOTL*YwJ%IoFlfS<hEN<|cra|zl3Yi(d%s{yt
zauj(hbPvbjv3@PS{(0%3n=G+`q|@|LgYHq3uL6>-h$~<38@gFop8Q#ML*IHP@&^wI
z3hHn4oN+vXqs7XJQ_5Xc?^AEo%;dv;gj+*JKVQ8AksFnlyKFo?+m9?f((?8~ktDn{
ze$N1Fd6islf5A|?OsoYFQvfQqmmfqcAxPjQ<yk)h`d0?U1ac%QJ0`(t@<9+pCEop`
z?E|(mMhAC{o1Vtn_7}eiGB^aqUdr3=TF^$*7ChZ+zsiZ#y}%A5b2Q_1Rr45DoU%=)
z%SPWmnU__8jbuG8<(x2}8c!I(fX#lPVy9+?8s|5XIHP8?(HJ-Dv1bb?5|?|^={I;4
zo#ARe!HF`lI_iygd?nuN)8DNg8Fh>x)IdG(FJV(y5+iJejt9Xb^A>{6xIGDOd6SJy
zzdpWxb}X?y&}YaVz1I6>RBd<~j|>wQrRs}KP^W-6Ik8hHLs6<5#9xk0i&HPKwQ9sJ
zL6*6iYyeg<7^>;p<0>l&7l4?A&3s4#eH^?Xb~`;n=<rNy--c%5O}-x|XfNe=HB$PE
z>bx19a>-X8`4X=#wM5Z)lTb4hI^19oieY1$;x>GIo-995?<H*09I4-SmwasW;CnIa
zraoi8SCr*pNC4Q*d?}pwIY(E1FP1fVq|c}>%^Ws6@thTlz24i%a436n`Q)ufs>24y
zmvx7d(yT0}kvN`6!3qIQ@aD@}mqwU~V@nasp3V!X`!0}Ea+&Ppt1-pY+MyKPAL#Nr
z(7pHDZ1%NizI`1tRA|0cBYUJc9rSiBu^!*n`KD<P4o7f;CvW3V7Fz4C#iQT)ytuVn
z|6$*@{F;b9GM{gq`K?~^k^jX|zbQCwV%2MKW})^4l~|JOuq34LsJ~o4Vm|4h6+QYE
zp^v~ShD$f%K!cY`7wB$`_le?StT*c2si7n!v2?sQB0436=fr-JH$-9?)bokn-f*k=
z3IIbya#^77HOdV!gw1SNu?*7q%V%7THw2VB8Rx*d(9qwt@@@Nyt45Rnyu9)`<}UX{
zle&;*N}tfpRh9nOG9hAN+b>vbyqK3|Ci^FN`iFtAF<RtoKhBg+akK5OI#PF|4itQR
z&_k4Qx;40RmG5M^go7m1EQry$%1`p+Cc{6pA^&UG;!nkQuHegrpA+#(9NpRoY{D@E
zzc{82&<<yF0nbDxW7<ZT)h)=fxO$a-?{|&|Itlc`UA&B`xt}R3G=ZakzoGf4`rUD;
zqJ?Z_g`0>OY!l(p4qj+kJSRW*m9E?fvGNCO1aSqDdB2{B?^yvj;wwMp+!6cq)mqrv
zCOP)aL(W2c%|;NX$FB^mmp%%db#KTyg_|9w^V3r|9>2XgIbm^5%zM7UH~G>KVUW(d
z=&t(|`aPD!tYE3YW+x*u5Gk4WK$N1X9dvc@$zt2xpP-g{5yo?(<-iFh3`vtp)rP?R
zr8IkEcEMj}AGI-GNnWHRvL@R_)Og>HcE{(Nqh+}hoacnma2)C`8{Mu@<voM4{#iJ#
zPC%F#lnCCq`-%VOlc%-9CmhKN$q7!DprbH2YCvOaVo`Gyp`l5<{vEK5k<W~-?-fXY
zANNRvZOMrYYF^*Ec>TnJuA1lsL=YYkG3@a{i!O`5c~ip$ql{38BU0CJlVq9M;p4?#
zhBJ}!(+FW)DDG?nPPZAe<*xkXOl18toiG<j9;RV^#&i4Pb$X@$#X|FMe2Tx=2l^-D
z;^9|A$zT{^#*-Y<s<w19s&8II#`BC)|1-j}LmAZGyyZSqZ4)6jFR7<pglsIDwmd-9
zE~^K<LcOBr;m_$W?)R^42>$%@Km7Ms<d5G@I{{c7*1EQOtswY~?u$NG+3yXawn61t
zy?WjJnqf>jpP{CUy3iQ%l(=foDjz2;t2D4}<d`{@rk54}ZAvLR?v<U2nm_l;H!mKd
z=jw&7aS&!&ne~B99Qkiv#n5-rt{F3&=_@a6a#?K?r<Pq9pK~m09y=;v%N934!!$9{
zj@-QADZcrR0o-R}F*!*B9`aDxhH7IU^#D$hg7Qpp-*h7xo*0e%mpZh*=kvSU3E;J@
zANB*@dY>dazK*hY9-;*k78-$2D1^V-m;_k8$FTn`+Rj(z={6>9Te%!7_Y=xATm&%l
za2)2>)@y#C`Yp7UNZFHzMYwgq8#m(U_}0WeR}Rpa$F1BD=>^UP?aI1*qg7tIAaI93
zufzN01C#Lgt)pz_nKSbHms?Ecg196crOJOkxi}Q<5|`uHSYhI%L$f2<r~IHxvl(qZ
z<nZ-D-4^(0X^*M&epn_6^`~0Z!sLLc`rV~CK=t(P{DAd4RT54Gm+zl{%3<?EBoX{T
z%B*z`_s$R5B~PES?&sH$bY+wI2Jo59To?8)zPctVRg18EJ2Dh0&P8>n_*CiT9B^)$
zXo<cpa#@?Sl7uUI+Y5)Lk?-RWtl5QkAH*B@tbTFwx7y+FKiw7`Wi@ZS@T&Du)sjVD
za9Tb9Q^af-R+s#AlN+9QXS8BR&p(DCIQhj2%v$auOzCw;`l~N!j8x4-^22G+`{onr
zc%5u%8tj6yu10A7n2o7U2X1DzH{MI?vy`Rp8<`a;z3m=&pi}EBx34A4hdp1);Q7q$
zK9{c9=Py*&k5sT=fIU};X;f`|!DHi+HF~I4o4uUd*O%1v+@`TsVSrQws-Lf4&_4%@
zZFtVvXw4CNBfilCHyc9+e7+#ChHzO14&9QF9_KR{D!O^V^eCFQS8`+>sbSEK-xtNG
zMsmZ0ja;A&SW$dtZ%1P+HW3Zj!Cu<>y<Lm1+<sq`M>i<j+xqZlUymn$^ZsS{D>BnR
zUuy;id+Czql4MC%p9q5-{gCv^oMO{3K8dRoD2oiwSMzd~-*|J4UG49Kh-A>Wd%xYC
z;bgqM<6RS`&pcM6^PO>79&G|+^)u)LQxX>|=b`4?J+lh1gow2MMPek@vIamYl_E8u
za|^*gMlyWQ^qH*8c#1gsEFqI^?!{vRa~~YUy?ZFLQ$9FnRO1#!P5(3)WWm?IBd+2K
zqs)L+mlmjtU8|dVPn4Hs7ic4|9F`ha-yBCbygZ*;nJtyX!F%~se@MSiaKr#!Ys0MO
zTWT4&4R$8K*>e3_5l4UuLMr(X-cfPA8MAu-`<Kt4m{q;%F~5Wk7J>S7h`?EOUHUeO
zyQZdHt|0$Cp)aoW<zuyt<d<?tZ$bG)Id=AS<cjDdS&m0axrZLo-^IZ04@Ux-X9r$Z
z9ulbW?mPvQHOZS(8)Eg8((*W`+uC)7)X-c#LLwK9&cuo(n`@H<Zg0VLR~>1RLROo0
z&y-}~ju4DqOMfpgr&F|^zHD1VB2n5plfAEkp6EvZoc21(jPMLeyPwKzfmhHPAUakw
z=|Y+6I;=z&Ytb0uI;$QxQ?=~jEG(lGX2Wf#9eaB`>h$}AfTDasd;!Hwp#sF1C!Sg&
z6kvsA-JmAStn3u!8WQbI{;E0rt<(K0?f9<$Y!BmdFjPF@koZ{GrC4}5z-M58bn`G#
ztykz;qn}2!u>$)u)wdGGkZbf=i(O>cSK&QdjTN94G3sgnZ%o{@U}PiveiyQY!a55E
zz&r)ddF(TTRW%L1ZtIS3=nhn2YZIl16TEj8rFYw9zJn}dPsVAHoJR%av;2{iN>K0K
zrap_5&s^xPVD948EQwGP={Wn8L9^3(n4_!g_tT^K%8r8(?vY}@GT1YW+_}x2gFduz
z%Reeyy!POZKgP;-A-Ru$`(9o!fw&x@wrjp*7ccS=fS5YI5tjjMqN<3nUY4jptU>}Q
zwGEgY7<h**LtSro4gwk|e(@7DizF@H%0dqg6kgT%?4^(Kih%?wnPwqy`LD$;(b_IA
zHowhU?jbCRnR2l(TIpW~bX7=fxH{JxYG&UBvH^N^KFcqhr&h0p^bUmmtPch;yj}+@
zd<%BaDrd#_ZC=nHk``dKC6LlsV7T^?25K@T-!OfxAx{{WD5E2E75+*)-U7TXlGP>L
zYF4){v7waGxNHIyCs<;H&}L0$<hpW+@nPR?ncrA}1L@*N5HII0)B`RMBo<iP(mzm2
z2)~p&Ck~CS!qQW+BjCiwpF%(Mu<sx24*xYz^7mfgUw!=1B$gf?wuJ@FnTA}ymmOIA
z>hFEd8QqtJHAm6M`MuVu;kK3&mhY2CQ7zlI&Y^W!zkR);)7c-AW#i;O8-aT)y6S9u
ztnsnwS<zug(V@L3D6RCeq4d$#Xv)^CQ|(J7A07c@R(CK_!;n2#yDiav#~HD`AX(w^
z!#SUAALs1~@hvN}%g^#6T{iIFANhEia}#ngC4~1uddZv2TRYd^7O!mRTVU-LMyu95
z*vCya?*<s<HGCFBU$`FYvWW=8r|I@TxK{egnwDs|$~gtkjg7x+XfBX{)g~xF4}3`D
z)~JwP1d~{=u}fseIDTo{WxUH8SLvHw64+Cu0&zvvt;p-h#UKhO_;FWxpb`PHJs?kk
zVuT@9;`VnMv&+sJ`UrS_I%DWtqSh2J@iJ&Ywg>EEjOs$=KgId-;%aay#!Rdab>xrC
z<O}RDjO8Mqdgu>Tb^x7u`#ZO-7HayOQplc>6=Pb7QS9EA%9Z`a5^uGfWfDnGt`}oN
zfNaXk??G<7bZ)rN@%_5>eD>S}E|ZcpR@J`q%8h+R@`-K}wUB2fz@)OrL>=P0l@>;G
zq*E0La>ptzA5BPmu&3(BLwKMz;XZ&cHwNFDRvSBa#%-!n22!NA7SWlE_wdpQh5DXT
zOZDs}n;8~Nh4{_$U9w*JkhMaZQ^geA0^`R0wBiaAebj)GW!<>}aHfl8jm%!!x-!T7
zortsqXtLW5_^_^s)FGQa`H`~y-2`Z8@8=(`SKJ^S9o2$tsz%p>#Er4v9^!Hr5FXA|
z;diDin#NM*Y~WSTk@db*w+BB|rc=V@#$<K44u+LpM)bxbW%FkH8->VRhECUPyjk?h
zY3wT#YD%r=m6^)aYed0>H=?`V4q9<gSuTI*umfP{Vfa=;$!eQHT4c)3y8<)LhOXmo
z@JqhrNING;X^8Jz({)U#Z#oX5%FRJiezrhjBYUZk!F-Odo4i+{-||@=kcS^UQ!p_6
z=^1<brfZMaffm@5L-K0Kc8^=Qf>CHCHC7h@BHuA)I2@$5q{;-^Q<)Nl6pzBcDxI<Q
z9Zw@HjN83V!{=?FeoNwlXc|zz?2LYsu~v|kWK&=BncPS)Z@p>%X12#kF|Pt1W446a
zLb~Om;BPx}u>W`i{~ea|Un~OtIOS%%%-!5XN33!xhOS<DGu6z@P13ceR>k07(4^Z=
zyS|?ugbKnkY$VS#!Mxwm@tG>%<*r}YS7^jKZdugWw_)XKbslw?uNYLdldk=XqEqb7
z#Ky*kXa%Rcp-1P{Li?5=iS)SwjYUA1)KFL0i^CIR1_pKo0Wz%bezdsl(B;F*7P$@H
z9j;9~5uv{_99UeqK&Sca<BZzA%MWk26tXJMlQb!k0GPA>dtJS>sHwB>tz-&ii;A``
zJxa!sv?yUoRZ2)hF<~6ilEF*7*tO8j(ZqN{v-}s9YLv2N42fW+7KjTKiWCz(I9tzK
z`5!fSBDDW&sm`5zbCtBkq&>4fFR9CyE$Lcry&K_1&U55TA=CvueBvY(>C`az<ZKx~
zq%ci7fgo12#n*eENfMZ*JnF$loY<ga64z;;RffGa7q(4<;d`f3LH$PC{gE8O7B7Zk
z#!{#V6DjZ(lZzKK2%jYM{Wo<3>@HXuP@eL|(44g@J(+kr-{h@kpqtK|!X4pk>qyWW
z3f=ODg>J17jz{SiY4#0@ef7WK`6oNBKU3C!FV9bZGFYOM;{Sx%`E$4Z6C!b`J}o`O
zk<=9ACf~~L9T`&~@-!Fn+9KE4mUa01!pNgET3cd{W*KE%{%6IhFrQ3k&Uo}jSQ{HS
zM|UeYTsnb@)Fi?64!UDT55XS}g_8h}S)Lh-z169Ky}jvvl8e^&thmR%l&}>^ZzrX1
z(;WerB)U$-_FLb(+<50rI*MD<>bx6wPDkOrh5eVNfz!nk@J`E8ktlApV6CmxtPiLl
zI`WU6QYcUUmiLQ#4Or){!1JF5>0??Q_?y)A-^R2l2;7i9rloRSa|Ey=^qiGOV8R}<
z;k>)w^@ks0?x!H}kOC>qIDMrMN<E&WU3j`PW=~$;D&50|fl>A8k94v8$b`iSkU@FI
zyQq%!YfhYn{f--SyDaVB-!?D+AfWU|tH%!U?u`dM*VBuweGDc0PA6u`Tg7y26g9K5
zPIkC?d^4hR{cF>LbE;>kzAT<Gv|vKG^eRBEPddnQ*Ua47=Xo243G-68k>4#5?}PL4
z-oM#3#l%GP_MU$6w^IIlhyT?Q_+MV--|8~h+MQ-T#rZoH-16#CR*-6~Z0P(FGbkL*
z!xcA>XeLFz(%>zmTsY*Rxo|#hWA*H8eGCc~YxF@@rYbnMSS86UQQX1Qf=0RU;s=0U
zKt}-R_u}=&FzTJkN(9$ZZzX&Uxz{@?T<uPL-CaEuC3J;mv1_!(StU@Eet6cWT8N92
zU$Uf~{mDOyz<*JB%#ZMWBZoeBFLSewpwHbsP^d?_f+s%EJ%;=dw~K?Z>;|BUfh5_d
zHg)xNU()s52U>obaZu_eXu95kfX$ymJgBA~?ra$Mx?QxHLyc{CzSpem)ZEQ-No17z
zp!jnZyXx>Jy-eKQY2rQ@1vM!u(~RUeWq$8<%$Un)I_ySuAJbV36Nuh%(I51GU=aA-
z|H~D{KXOiAGhIt?+zxQ!J#rQ<ibR{B`MiYN38RVwVde<2bC6vySOygKGlR>a6mdIE
zpdev;h9_Iz2^0KT%xgAnH8VI-(r0TQ)WucQq1G$wW1N=M8LQKn^7d~x(5~Yv&DN7s
zQ~GRtX2u;gl*Mr;wNt~@rg;DUJHnBhC`Dc0Akj5jDBI1^xZcJ3b}g~dw!Er>ToH>g
zQBt0ivC@p7IyNP9hmeT)@JqF+I2<vRi;KToTU#SR2!7Af1sM8y+Oi}mAC6y}5ihJ7
zBX9PMl^akZXlNNf!7*2_3Efys>DXd0jwEox_QY#q3yI<?uyl2~MZ&t7(L|8<6a3Oq
z0E;M@z7&2&$C1#3@dGhF|9r6eGAingjg61>YM+0?RX@0|Usn>bnd7Kek-TzO5G;aB
z6*^KR2FDDF`#f_V=wL4iFn3Fyk<yYyjTS245QfW=+KAFB7fBIs_&E=Wj8(&J5ZB=;
z<W~PL*E8Nd_-<GQ0(HKyzp4e5SS_KJpIvhEdUFL;!0$`1&Nt>Y@QH<(F*>toV4$a&
zxx@7)l%vqqOyC&r2}=hdmx{K`j)|!kSUDBUL&kzw10(1|2gLd3KRj6m2L0_lwaO5w
zv6w~U`;(ualy0VNRhE0!niI9X9iu{sUusaR`DHMuF3t@o<zaAR=(oMl{~zfmt1+4+
zA>PuamO5)7hta_+)0L5qn44V^=TxE_u?p-cB*H_}sWGrGUzz{Ezy&e%59*>XR<81*
zJ8>hmqOsx-!V(>w1Q7TDFt#3Sdi*3xNzdTR?N^HpGrlnvATp-VksCLq^?sG=bJcxJ
z`#D?W82CBKP9R6PB|IaG@m-G8<#Ef6<R;H=2%JjK()RSz+G`%i_{RckLD>HXBXzy@
zo<HI$n8&TC7srM_P=5&1=PtNh*-`(==F*oz*$y(-=X}pd{qp4A-c%WGzY1n|L=(gq
zh;<1tqA_O;i3=0uV$jPgVo;%EAA!&j8<aU`PLprA0eXTsvf#@eFTbTPp*|T#`^}Jt
zi;LUP8w_~2AZ7GgCvV6%@GU6p#bSTg*A!;Gi2bohmOJtbYW$yU<HKCh`8-qNdPv2O
za+@Ym5J0=xy??ekMj2qY*IHkgABX@~Zz!m7GX9{J)^2CNJ3Nt;qlt9-mEn~xcT(#1
zI2%Z#&YvqQ>6KGg@hnl?c1Vgnzn4Nzoieo20RR>jgNgE)IHHo)0(&omgO^PS&yZKs
zTHB?jNKcq2A6t%o)I6wQ+SmgMN&X)55{X0xah<PBv;CAIU(Lh&Mh|TDkVDIR{<f!J
z6X0Se*@~0RrlFiTLO%P_P#)9VD1@(j5ql=q*+kCmM1@9R8>w1yupZ*tOxxwFidl%f
zU7BoHv(?SM(Lk!kC9wrHz^turmOn`~-I2;MuaC$Hf=h^b@EQu4At8Raz<wvL&FEV<
zT2MIkSWVqIU{%%(;XCI?N7x<o!-}I13di^4E7=Zg^<1#3g^E8sCTwr<u;n;N-)#$F
zbZTT9J#isD2#eil719h!#rpFKIdiXM4SGvn%*TH16S;hNBVH;9UzhBupB8p8t6MuL
z0Jb@i2v{231+e_e03PxJsTN8MbZ@C3b@=sA`h#Oj$z$4RC%XF-Inx+ugTRPe*Q-SA
zUT#)a5Pq{%KS4Cp@2)&mm~q1iem4Id#}azCze6Q020a_cC8qsRiY6L?r>t4}#f&%x
zFgbJX?lwNM(QoMYCzlKK<jT$qWuO51r1PB^?Wb};ywG@+kK7u<h#}BHGx{fqoA<h1
zWnBj8b77}be?!#S{tk+6X1%oc&ld8Z{)(DhDTn2Hmwi*s+6*hpnbEyPm}DLDIB&(q
z;R5V0_jQ`r4DQ8~YRghXbQ;rPb6uX+UL{wxi?yo#*{XfvpFW5;E!5li1N2J?IDiS5
z>wcuJ>M<UX<Fq0GHRx72L2^!mM13R}ft}4HlO^&o7}KRX?HNC#OKtQxXeWrwV{tIh
z63%T=I)c(f@)R;j$WMPS@K7zy&1!>JZ7XWe_FWM^y~y$vQe>dvtHlpt8ys3!nh6bk
zfunskj_=&j&%2}uP-v}uWor_Jq@|g{a$N{n2&^t)8qi=Di3O3bJm<o)#SBE8c4sU)
zn4}I*+e!S&a4Ys#2Fv!@9rhekPdt}(MJ%M!qM^JzEAm^$n$9P!IJbZhe75(qJ*}+-
zX3@pT$v0ybl=}Ki{wr7Y$~9BLd@#&SDw``J+Bzmu45~XYFzg^GBQ2g-n)VE@G+=vu
zlxK!<macK`^g~jHQJRa;Gq3ApVr$;hALYpA2Y@s@4+QqQX<q9`bvI2MRn3l04hd_>
z>i3AI962Y{meu8RteQU0(FH)48aDd2ak?t?7fnma5)*#xCZu>+Ugy$U<gMbw`IiD^
z$FgSN+Kn1x4;-OdII&Hba@_2(&zS9C?HJS3`Lz$P_M{L0Im}goAAdOPFQmE}Gx2Rh
z!WT52TIMPvBO_h)<Uh5C|HdyCtWC%5e)cQhs0N0L?C)2Rz{%EjeLzkj(U^ETo@(|b
zQd{m<hCx-rqe1Dr2eO`rj1vqh(hgcr+a20t#{7)iIHuJE#Af$YBAPjUWcc6zJ6Yu}
z_>c{|gG#A5N>eyKsh}Tk<XFmU^C+&hDshK=0n7#2li9f*@zRyP2ZKJ!yZ-N7@_)|x
RpBng|8u(w-z@1;G{y(L7ZK41G

literal 0
HcmV?d00001

diff --git a/docs/assets/lock-cedarling-diagram-3.jpg b/docs/assets/lock-cedarling-diagram-3.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..a8b8c8bf61c8e1349130618bf305b943dddad3b2
GIT binary patch
literal 37221
zcmd?RXH;8BvnVR(aW=*nn>Yp=3>Yv$<S;WPM}v?AB8`bgA{ay#VeGLn2n0h$1YwgA
z2$>*2fWRinWD_JZn2d-PIrHRm);r&K-(Bae_x{|q?z**?TBYu;>fW`xt7}(R>vZV!
zJK&a{maZ1y%ozaS4C?}%PM;alefG@uxv8<1u7T!%7JLP;;QUhnz|Gy;%T)W1U(GFG
zzh3(OpA<jKUf3gF{rvuKfW>!*{*yZZ&@cYq)cJqQzU<(Lv}aZL!TLP(Vl~d{>>U<<
z$N4|;$3Jnq|HM^(;(p$*yjgXg|HQq_OrNoE2NwR=`QLE6f5YuxdHt*(#j2y?=IZma
zt)K9-$JZR)!64T6FRTv_00}S!XaoNEdH<~6Ebzzz02H<XfOG%+E6)xK093sL0Pc<a
zEAQb40O00Z0HCtxUwQwM$*UJ$FaCqwc~*MX$q4}1$OizfTL1v;-vEFsmj6-4O8%R^
z{mLrhVfD*{bvXlE0gixQ0lENpfIUEhg-HXR0;B+Pr=x&pfOBVm!q4;^3(j9W{}X<>
zc=5u;%fDQ?a`~6bm#<vAdF{&88&@x1zRq_2#?4!|*lu09cANe7Ep`@u>nD>lKPk_h
z|Aj?(>+0pJtla;faQYd*_RE>_bH(S*2msEqojJ#L=Cm2W%M$n5b7xraf8Q<O(l4xj
zojZT_XR-Ayz?pOB&zwDb{+CNve_=I#32^4@x$_q;USj*@Hv5CicLbz3?%x011d`Ot
zDJ^gQ!jC2>qwojRGcmb>RQb@<?se?P^1geriqAk^zF!`_i7NwY*q53iz29bKH?r9C
zu$nz{;osV3J<>C0f3p9DRjS0s>f6~f=gzXEb@uXwpB-d1&UXI7?FSd7*nc;9At3Gf
z`qCYa*grnr6_hcJEA9Qkd}x>TW$JVUaP1t6mhBuHKpn7@@?W?1e;#tFI(OJOH!XL}
zeIM+YQ#rp&H|^Ym)C{}j!CaKBsmQzV@UeL!Pu9-<M~^Zz(WJG6Ha=cYd}bo4uI=h>
z6FTPkcW>!OVCZvhXW`bJR*9+(!v^kP2ewCUn$lFz@>40I_HR3i!O1%5qWFNr7~L)T
z-xkN8z3y3}xJ$YQ`RAhzG<y7ekGIK8u1$V9eqjkcn`-7Va@*&shEH1mDZm7%?>xBw
z{#_6Pd<r;cEwBw6B(W!YyMiI@;o<mt?u<rZu}1dS%{cNwaO;86xOta*YDbA|eS=YQ
z4Of8hT2Y1JoiQm((N`sQWJNo&GUdHMQT6PyTfE<kgnPK^qM>1MK7aiRcQ8-Vfhc*D
z9gm+46Rv+83+*!5C~fH85vF{NbS_eT&^$FYy)E$?G5e)0(h%`-d|7tW<K-qBcgAvS
zo}bk0m#?I}fsSeW!-w&_|IEs%7*Va`9R^_tNBr=)C4`u$gO=tsLnEsN#o(`RUz8ry
zGRi?Vw$Te|ULC)CzZ;J?X^f*Ao@?kzOjrqQt#_GSQ>p9RX)5SH6xJO_$V6_JWLr<J
ziU7fF+Y#4g3T8Esk95gKlWH{hW{)4gdTg8hVqM+cFUc8yKYBV>p<!7TddFRUxH_Cf
zT4hr^a4^#Ao-XH(X*e3ac<$4WjO?g>C)nY`?D}E+*nA6AZyQpSTBnFdhZDRcDI9Fi
zhr;7^rvufWEz$?z%Q-hbGeqzn8`hQ<%WgQemLSrN*oK%U`<Y?mht50!_eMD_D2g`Q
z8fhO7Z{S8Fn{34i8-q;`kq4t(gT>;n*&JezqY=Huh-A{&2IKoYxObWH?On(G7p+pn
z;>*fqajTs@Zf+bA;dRZ%;V11{<^=m`1C3>u3bs7#(ldRZGZ(yTGUf9rx~{9RcAxyz
zRDYB9g25*ssS*f2>re-sDKE5;?4(e6E}HI0&OHh1aIPwEE+iCV1<|tLDMj!u9-k#3
zoXSc>3yWvBx;<_t9>oY=FHG~~jkkz&56-T%M`g6u1=w;DipJTeQl1Wn*+(Ld;I&d+
z9u-Ll@iN)Cl1jYM*DN@hE1lR^f`o<R;P~)#eC*wugTi{2xA*xJqt^6I$An@9!bA@O
z(@;)<#Onxt5RaP|eqTUfqllV}t@gPb16Rp^KDlDqJ*Vy7Bx-R5N~1v@iM{YLplZyw
z<1>g%lZ?Vm;`OP3DPOj4WNY<;@6$dwH7gSo)N@!W4k5#)npmN=O7uwRP6~oe#JeKd
z5BJ<soLtbZDo*dE8zl#l(;l@&J`#5mJIqdGYae{oAf25$kC#jp6%`fum@1&6S)-pP
zkug;>o!Av)JySV2{(|tvhX5;Z^6Hqb)BrOf+BzBd$i`hD``ekA)L!~cBR}zA`(dBM
zKf3Hm4kr5I*Pwx6An?~%y~SMPGhiD^nN$}TE{duKYif$6ee?=Y^qOOsOV7@<>gEc$
zsP?Nlkt(2`lcU@zF%4g%NW~g9cEXmYfQB;1i<hqUyux6d4BnsVaJ$b@YEvo>E-O<?
z85Ix^E$y}=B4Rld;Xex7z228tr`jo8k8@2{Xj}EYYH$PLKp=z5aCgZaO_mee8gtM#
z_KBi3AbazyR_I(_JX5}8+}QUdb$4=D*c(wBaz9RdNk7E=z>P*iDIGf&*FL*ocE{7C
zk5U{|*1pC*;umki#)GeutR3^8qCmGMGbctd)0S!XN@{c^UtbrcKa@5WI83{(J35U&
z1$-R)gD<gASqTg|1x!06?VJKmq=_d~3r38g!)##kyS|#%t9@iIh`6O@p^QbQ(nNj_
z{oekj#*0b=B;}7@gu&Wq1#nHV)OD-B-^3xQ9hH8|Ou#=@&b;?HdM05`amwFDr4Ex2
z5vc3@zW*ZLqd$CP{A9#e@?^FGNpZ%+ydMbQaaB)Brr2*q8ffneQC&y^&WnKS@SoP#
zf5AEae<oLka>HigXQB6AibGN@5D0jlpX;mNxxqcC<VCHlLLUTTM9h4wr*x%dzE;>4
z;r|lud(q8-`hYx;`-mr5Z;_Fv(w@Epv?)N>g_bYK83%m6Q4*NY;G<e4R<2iN1{!*q
zIAFd_THDCU)(%jF;cT8nu2O=IXx!~2%uM<5ug*7yC{hTk5?B@3Oh2aIgl4edr=*8=
zfCZ$_odOgc-Yqrc$M*(X9;x;))M8tfcp}$@bZN^(4s7&NvvIc%JNs@7-#vdt&&)@K
zeBV;eyy+@0R=1o12ZZ^>ej8dDcpRzf=upVx2DafE*dLn%YiQ+*;tRsjInckh$$hPz
z_1dhb7&iE*J>d4^UrX`}K3Gf?HOc`Cqva?an}T3)$lp=Z-fH<hGn2{9GY<8lAqYqk
z32`tYV5c77Fe)ylTA31I^ecL2&@7NsbMmniq39FC6{?(}PUr_I#pU@a@ht!!`u)w_
zi-7{aqSq85M4lh{s;d0s*2@I#f80dmo%)J$DrY$cXgh-geRPPp#_=|vY{5`ADzyah
zaSbYfYzm2y$j=JBanNJEcvM3C`-Y(%+EDD?x;l4#zr`MsZK2#UL$kr*et<vIp+qrd
zld`{aY;8)JSiLunt9{TgR=B#;;ii)4ljw6>P~gp7pw%v=V-};K3AX+Ag0$BDd8b~U
z&$`45&ApwaYkL-KstPU?^k1`&HQ^{RGVwRloH7aV26p5@bLE{P$+O8kaigB};p_O^
z#3~UdpC^2UtJ-4eyE`?)z%DN@N(mxuQ<R_6V5CQX=@_c(`i&L~ovwmm-DAfDOY|y=
zu}50_cg;4y8WF`)3NuYJ(I!SA<LVeHgG_8Mfo-_NiLi|pdvf6xD|%Ae*!h!fMkhyX
z_S2~DwLXWZfGM%FYD34rF;t&{IWD#h)307|=+wQh3xZ5qKqSd0R|7)fKk5g00`8Ap
zb@<a#s}(C$+p%iFQBJY*(X7ucBgF{_6!BBjcpI~J$ZY;*8=Ft1z3Y7?WRV_WOmr|2
zm{NR_M9)7YM$+9z+2_j6N|Cqu3*ERY|ITkedZSY=hT)<&8C9(RFe&7oTk)>*B`x!K
z1PTzzsz-Q%rHDaeJ&A5^qDA$pajn`%5w4xzpDzKiR^d^46)~T8i8FpXC-KTR^8yD2
z1cv;vZtOa3(@B|MlxauWa~VeYqs_(XLo*Y-Tf6)D|D4Iz`#DQ*$;~W>=8LnXO4JWw
z6E%Sw3W5a%`MFibprw^qW$d()9A2Qv-_IlUM*%(@o!%pSCordpP%GRA_8QzBNv(F<
zm$0@gr*-J<RQgZhxO8x(MXB@Iu_ZPfumW_%Z2b)7gg+4RddWS+)mo2UqT)}8L;0{z
zBls0E6FLv20s;tOrLw!&{z9&XV)s;e4)42BH{C7p?mospK2*{D6M!J~qoL^n1h2qJ
zm_WQ#+eEJF9ltK0NcuvmjATh$;i{Ap9^d7O!4Q9#r;~r^a|u5363%qC=P=<US*>xE
zHDoOm6;qvS=Cb4*N3xinWuqsz%f>}*hy_WpF%Dj!_U+BUQU|-zcKjTi%n_U*XN~Ap
zm6X?Ou-c*uAzx7U8U8fJ?hb~!$|o-+Q)m$r@85Q>912pK)c)fOVWC#=ER8PgP|Ge!
zvZpuug(Y%cNopQ!h&GAR+(cDt+R(Fzar;~nS7|+lDAC=E@?q{zLTVUb;djQm4@>fr
z{5Bh<<vQv9(Y9Fbc4Fr%s}RfpISA#ocZ3?{2wuHYK?knaYQWWNMZHYRM`gJ6KX2mv
zMgEM-%X4CxZ_qZuF${t$q8<NpWe=Kj7{SF(B>A9wbd9kc$zvaFR6#s{(^HFj__yDS
z{b_dK9}C@*OqSk?eoa$4v3=dQx7*>7>E`5f(CHt3*x4)+FD|9Eu4M5;(^}4lEy72>
z1Zp>Zcj++b)?k+_K8LWv{IdX49GL%vwZb~Yk~xnhJ$F`&a%8pg$+_`%ZdQS9UJ%mq
zGgX*UF2-+~+$)nz;+zL-XzrsO7FCV;)s7`z*&zFz#C3{CdZpH<YfqTpqbgEccBf5$
zdundu6SiV`UeV}Mf~Dk6>N^P4!lTf&S1g{Hil^D|WGX}78E0Jg9k2HRj=EWSJ2pt=
zr^%B{a~;8iUlTcEi(sb!5pX?sIwm$6lAZW9a&5y#s<1x*E1Asubj10N!GyB2cX)=u
z2yo9%$WF-Fgk7w5nJeS4>W533r6<DeK@>G*RVDB0^(<KRqJ2T!eMbx7Kt)(<nGku+
z=H9O4<ynju@fURdy6EUZ!zC&~(dk9TaPbae<<m2_l488;tAQFPKkCTb#*}3Tc~?MK
zwBViRR<}DGB%~srI^jf0Dei>XPlzdPN>z_(r%c9qm}4U{oxcB4{&HKh|0KC&Pt4Ix
zOf~B}M!V)6$2QOazMoZdk87VRa#NI~xQ`jV)Xg#v(W9HLcaQZ0O2_Y&nL_#%!Eu6C
z1h0TBQN<EOD#1)s6P}eND$41^P&tvmn?5!qX(i9J>~iC%I9w8!Dr9aY3O*8dAIf~P
z_#ilgZfwZq_sEy`lW*>Y3riBW1C;_{se}FaEYXMcMDD&vQzj_e#vcWBp7S~^(K;<3
z7umV%mmsg&JadEkDg|=Ajc*EVC|x~rQjSp@6p&neILlhWny33SzRo!0ai3U@B%!;H
zNiG<plRhmNY`j#evhzB>)7r6aUSZ)<W!UF(`$7o1f(h<9tXRZtM+<EV_9_~I31&v1
zcy5AHT(5E%g`VM7;R>ydG%q`d0`2+eH6J-Yloqs^&rcS`Oet=P6SbD0)5dCbsP22G
z0Di|>^=W!T=Uzgj@0$FU?r-N{bwAbHMd2qMQgxi%)pPs7^Qrw#6`z+<+uM_OsMp+f
z@yB9o8X9w8FdG}#<Ob61rh$X3-$7)^2bz?XxY;^H+p8X2FFcSX$=mftb`E2sXtc2V
zs;~oAudT~C1?c+3n8AAcpLR{xZ&stJqev<4L+#8mp1LT1b(I>ME8M-3Il}5omOf*o
zdbjs8bo^z4jFnqVWlo!{=^u-|y<Zu8v#~sb<gsj60by5C4f?fp`6P285P?04d0wo!
zeU~XERd`5U=Pz5aK%`Ozb^sS+e`WcXlBfeags*<93wZ}u($J2TdK!3aA4t%}(WX_k
zS6kQ*iKFY#%ph5wJy+@^Z}+BkF~;iC;Lzk~7kPq*b!(NS*7D0k1C-v#MAcFGC%_8{
zmXrjnyI4$n@7r*{U!cj~D?$cVnSQHJ#Xdx5u&vm2C?~cJbu;dzlX&X4XWoKk0z-}F
zwyl^gQ}*dtAt5^wrn`vUg}D=swM5Zl$6W><eK_;B`ls~&A8;mb4SfoDQ?cgfy$}Ox
zElK1#1<dBgP9E}zGm@2;JkC%i)>NfOBx%X85uL>~$%>gm-=OD3hu98?$Za*NmMJhh
zj&o7@^#IZ_)L8lVe@NZ2LyoKW==q{0+xM$AjB`HV-tDDVsgmUFc5?1&?Rw6&*OdC7
z0z6mM{#v?Mqn>j>RF~kIM~~hyl$@^|YYvD}8y`JRT>}dX1ww>vR-fr^T^jH(K`Dvn
z(#!@Cj#+wPJ)V}$N8|2>&eLCbY!K%|bSA8aM<$!$`=0d&mXAxyoRwg`Xzhp43ywi@
zt)>l)C}E32?%P_kW-Df1^6%ypHg<WX6vr7dHuCF6%UjkCC!-p!s+X4e{0f8JntR#^
z2m`aO;pkF4MD6+!V!a^ZP%Ha+c_Ouh516GoZ;w1|>UgweVNd5v_h>lx#Ugo44{a`5
zxHMN?e5ZFHr?=+ipLXOZuO}{IZ2e-1;PDCSV@#Kaitv*GK6K2N37@l|$pVI3#r8jP
zkhbrtyW#mdwL|zpG4lc%1fL)G1OM(wl$t~5)bE{uZE2dJ%jnz3mzTd)odOPkd>Pxj
zmfPx<42p7*!(QSE@~$~{(%aJ0oDj5B5#wL15r9p=R#*R+rZ8I@u2GMVhj?$^@io@m
zoP@Sh`Od`BR5=$AePza{0Ovc<5A_L|v>Uc&Sb|TZYVdoC=(5NZwsRZbc4+b|Cb)Cm
z;c=O2{h+I7Rh!kI+>aMGGfvR><lkBlr+`bG4rVhkj`x)mLk|K#%*E8K5BZEYW%$G>
z-KDbBg#j{qm(`HV$N>2Gy4ES6Vnym863Zxgza;UovC7>wy)6f(x;&0p>)pz57YG3<
z?@KLQM>;m?qcnZrRdjPkEqdq?+)L;Kah9bcX|5HW+05DGCbYhWPYK3WFnw1T!=<PQ
zw)OkwsMK84u2i+m&ds>VLmv1xW8ULvz4o#{DX06L5bh&rY%cmz+2cb>pU&*A!iiIl
zFE`^gb)8+lQhCLjV7wKFc(&LZdVoEd;ZI$V+Hzs=eywz;mP2*Jo$0%kR})N%i+I@O
zE(Apx&pZKr8JZW^734vO*O7S1EzJF3Xawz(cFRJj9)ao6MZn2hTK3G>L7aT%ohN6b
zePEV6d&H3Zty4f&qf<zfM51(%S6rJz>smF%nyV@@w{lK!NeCVytrK4yTU*Om)zsX5
zh125f3*}Xl?_H6*;vy6z5<s$?_U;p#McO0A&<m1j8O=8E`t3~_ZvH-0ADt5(U3CAe
zyJD{QIKEvBe7@8d7>aqAcpbx1TXBBMI7K+J4IgN@{?sY>zPa=gmr^?%l`-Gz9et%b
zNpUI~?vhS#@0nIr(a<!;21VcOPdT;@HStCrq|F3L#+<N>R*zbrG(-b4SoJ7a&9%6n
z8l|Xqql%~$teBhJvSrf$?JK$taR`Qo7XF!`e*6zH_*$TvPyH@kYIXc$?D%|sNf9my
z-S3)Mv1<3nwta?dG$MTtD*Tx4`y(8UU-Q@357j8xvT2T!i3S4sllkYrX*Zq%$ahMD
zulq2vy^W&s=_t+_4%O~Am1Tsoe#=o6c4_D?uo!7OKEA#{CK&g5AM?jA>1_2th<UXq
zDw~9c_uN&kgG|H%pIyCu&;ExtD|K%ER(frSM|N(9YE!PQPU2zyRq^Q>BFERl`RIE~
zk2a8|k%NV~fx^Eq%<1)fYwWm%0AZDTE-MzcIex_|F??U8uZ*%5Cn4P3FS_cFM_%Tc
zr<4MN6L7g*NV+C`r<6nGkSj8k@ki~0r5<ABq?y^?s$mre)h_<?_S?C8MVd?A-^AjF
zEx^&<-5OvmykzE;iC3z^Zt2F^5`}W~igD?-n9+3(#5MU#jr;Zy-?|<qbbCp0wDEiz
z@DtqI*imG?s~JUR*x2yd%A_^t*cMNJ_dLuJ5clsu7&ujEcm#+U^}NjV4`(W+AVz@%
zx07x+_0hRQxA$9N-c9-5N&1DJ<J#!97gnjTCDhxA29W7KEv`>aK4fKA&}x!PbH{&y
ztZ4l3$z(37@dE=kszFtSkqzrFij9?c?eq^2Q(4#b-9ihBpsE?8iyF6#_2F1UY(v<<
z7Elw*rMNG8MPdwEDbP`ivJ`39j+d``XT(!SWDm_1macGC6-2C5@f9!$*c*oK<i4+w
zd*9mJictZ_DyoXc*yo?8zb{)L1NDyK(n02JnKfR1e(Mc2l<~>PE&*k~jTpWM!TCH|
z{!{{7wL!Cl;q>TzUhwml{U5brEJaw5WqaJF5pxijyUlxn@Hm!IPkcX|wR)iZGRsJP
zOy^RUwbv<t9q;9_-4<{Pm=o`oyhCIF05syiuYEV{13`hcm1B<^76%FIy#vhW#EvDA
z%ntLt%$4VU!f|B2iG4QJ_Ez~!D%|@S+}V4i0p@7QRT8aNU7Dt9O&eh5ljQ$q$3+=u
zC&Go*W)~7S6vlfYVVT9<Swyl#Z&=__2zFckD9b#@Ta5%Z+bw>cJyb9+HV19!*!x6L
z)cn33Iu)b$eY#3;U>tfJb6dbpC7|xmf4|dzb(0^Bn0wtt$v1ad_t+QIE6)DI)VuV?
zW!De&Jr#%zbE4nXw+T{maa=F6ad%CnZP_Un!;%rRJ@RCepw#y|s%!xZt$Z14duE%0
zcqx@PPOaUccaw54iIFGdVEf~@@BRstKQK<aR&VZU2-bD2fsW!`3fxVtSRUw{f*^OD
zc@K<Oe-g!HVoin8BDMvZPbRnwR2t@Pa0d;<&nAF+X&@b%uE?6)g3ig{QQJrh9)5yT
z9~||mC-n#WF+#GB<)r<lDx6Z<2*-y$GWZsOUbc<np*`kgBrfA%bEZ*u>7BG%dCf@q
z7TJXi?tM}HhyN~Cz-(1J$1M(@ALB)4WA<y6Xs)8t>ldnV$V{!9dStg$^sqhEeJD|r
z8{6fRHzzocliff%=w)(5gLij*vt#`?XW9@gMxS#Qi~1g=J8>J)tj0hu`ptBWz0r@b
z_HXjc^O-3T9XPt-)hrbIh{lu&XIOSIU)$CP@7lNDo=Hfd$n&&va>Hz8>U{y7l=@vY
zy|<Xcxt_9#1!SYBa9w$^-F6ILhFHX6`&{&sKXZ#*Emtb_wKgmtQm59|m{I`)!Gd1)
zIF)XFFW@+N_aKPGaspb620vW9zF^`?9NrUP`F`#gR+&O_8}T?_5D9D&9b_ustN~R7
zHPpUCCaNwWYd`W~W%DM+ES;|p@1fSs6pAN!%Q&iOpuNY5Agwj)^HIpUl;)kpV5<3w
z-%CllW$;ewmGBqUeJxNPAGTtz(lRL?3<}y+qG7|K<~Y0HoQ-AhLs18*cWf`i5n#?!
zfOywp<{DU5En@o;><h!aDy*(JF<pUa2t;W&Wk&ARs+{odN37EOHazXq_ZBKuI@hTU
zZ<py|{O=hPZ^~UI&y@b|Tx#j^nDKb=BQkxc50TEhJhly01ox5KOTa$?I1!I*_}q|f
zGg>yA>!wkuY`C#-?WPU)lZIcw{!hUBvE3`0CqD8qy5}X+vU%S|!O0dsKzqg?B@)t!
zhl-{uy@5M(mB*a2fhRpiF=T7za<MndT#I;Q;CChB0i5+#t;j4@w3U?ZP7YFOc=n>f
zw606qN9o8C<|kv(#M>_;)8K-|POcHA5p5~??Kt(CGmF%0?odc2%ain+@@!VVHqAp`
zcRDxhN&;GMIE@-<@+4g}o2_H26tg<h<i|8&Lmn&HZD$A^Xckpmf5U`ABb@HsbPxdv
zSCk%PFEJ(s1O$|HCVBqJt~N4Rvz1u8Ir#gr*OKak0#VudmBQ*7C=a}zuoWj>8PNAJ
z?kh1!!qpHtgN=I<Ua+P0gRnWr!M@ChX8J8{64M$$vUf#mLwMht>Rz~t$Ijy`y7S%$
zi+W9Rv^^;=G68c_d5Ceu9G|g?tZ1lhzE$yH?%+ke=?IM7<W#hJ)4pL<A#+ttyf8eB
z?{U*8+A}1$^`s#<>!!}Tst4^gv+;KtZ+{#dC0xgM8MOyM<U7O-)cC_nG>y3CJ4V)m
zYQX^;vttKe7M;zuCi@bzACd^*5Klw@?0oV>PC+cUc^p+Tg8kREA2S%<5yBMZNJ`Ob
zqiz*k@elpLaT>kMr6%+c2?DOpadfuUrWPLcXnKVt2pj8x^YmkMp|Dn&1kwb7<YD{q
zuI;7Foz94pGSNU{X1~(=+`yaM5BoWOFxP{PYEOix(4))d1A9B;b*<Ati!b{9YL;3H
zNVc6mB%^-YI(BQHAX%lD0d(|z<bunBN{T%!(&a}b?~k{i0*Yh9wX+b*(h~98@4ny`
zi*J1kEx~r@+wL|SQoC^3Uyg_tbKmK;UbC2BU;sw`o^vg)^C~Np;UNHUL%_!)trixj
zv3__zX`s56v;E2L+Z>C!hXpWy5yu~gdww2%&OATrkUdv?SEd`DSGObsx6%iu$Y8=Y
zJ#xp>z7pD(6N7Qg!&bynlv4`k^X(G@Sg-p5S-6HH?n+S~3CHqQ1`ldi1J&sV^5nCh
z+l`?Smy}mZC_5v*)ZB99g87^c@bwhLRotCT=`v!bAg;1ZuC^_RQ}JG_A}C=Eq6or)
z-c6ZWZ&_}|ly2|nA}0>zn!quYc>1zq^eC+72HvTCM@<haXbTt0(!#)%-z!r(8U=vX
z#oOYG$wj53V$vt+l0H=qe`6h5-QD2>Vk$J#)Q`$0OPR7B8eroY@|eJpT1*M4vQ@p@
zO;y%ye%!-bo-3DRIY&g$XPgS{l*1j?jCM6UP+;O_%mf+(uUJ(|-kJ!_*#~X`U0?<t
zK<7}-N|jRp+9|kdU51@|C8M-((u#RRKbh2SB6*}pngu&Lfh{**v_vjtm^|E}H;Frk
z9VEW7z5F5{?zNz6BI~6yhrw^7W#O*~@EmBlCqas`!;x*XC6*<v1gn81z#==7xyanl
zCy@@`$Tk6x22H~cy;~aM2p8FL6}K;9DKfHV8a_=(tJ<)eVeR)JX;3u37&KtS5SfcL
zQJ#%_hvbV@Bx;lVZ5?4%67CIw5565N>Dz>7qw8NzK}{{5?C7EIcBu0JY3#<_?2~&v
zVAS56zgGrTIIU|@Vejr%4`*z9M3YVn%wRCWda$d^*Z82LE6-{2ww+)IQ>qe(uqyY!
zyd+{L4=1bo)U}{}dgEB9#fhX*=VE*@mP8*hC@G08Iqt)JYMcJLrqU;GR(T^}V`@w?
zuFy<LxBfs;q_jr=;zXHs8rDjLj;mRX>)%US%!{oP1^F8Vd6weqJL9#YHI2Yuak?(!
zjQf=@QX4EC4?93M1TZ)IVEW#o-P#*2g-5O-pD<XH9_>mk#ryM=qVe`@?Dz#A1nHRj
zP!eiW^z^EmAd>Nb=>{@qwx_waf!jToZ+M%u2y%AujuCAXA%|8XZGp-dx&lQ)Ri@|r
zhUZLMD$Cr87SFaGA5U6OZKgW9SxhXj$k~aCJdyUK6QDS|6d(QM<gUr9G3DOPz8k36
z<*Tc$M}uVd0bt@ri@cAc?Q4C5`8_uTFE{vw*AHBuU^0$_P0U$~_kumI#&@vga>%5|
zphy|MJ$dx|oASmuGgqPm3DjOdM2(Btj^K2g0&Lc1wbn-Rtz50!7K@0D53`C2Yl`5a
zr9%$LBp4bFn;+2TMp2F@cuHGwYaHpX(mi8XCcvc};Co~GDx$IkdKI{Edpq1EPRyGo
zUfsBFE5;Vd4ZbhnSH$sf)!31<w#!6{**~Bn5kqVE=ujDw%hU5dO-NzFq6KzxKOEDk
zF(Dkdv&q*hUEIy>KxNvSt&V9Nx@~M3yVh>?4@!Jt_==5dHt`qd#KFBYzD6U5?|^0d
z@WSQOfptX0p2nQN?L+v3ZSSF$`U6nqTq{K(Y1GiqoMoB*5eV~TZ4p+9FnZ5U9>gvS
z+W8<sFH%RNTh1-IohS#5i%p|{vDXd}!?l|S#FL=!Vl!p_p}CJr@-VdfJW}Vm?~@V~
z=AY>b)Rc(&88(BTKNHo9@{m9V`KPz6YMPnZN(wsnv}6`+yBB^Ypvb$7il|a+gHc)E
zAiZX7N}f>t14k#3=%iD?H5;FUptzX48y{EuQosU=sE6%An#O%2y0Pkq1HGz`ygS?(
zwwjjQvm?HyEsdcc-R+<E1q)=naIwjH736V?M%#rQq-oC4HV4cs$Boand{<3pZ4GYQ
zSmE>rHWoT3RfRotm0tFl0t2+4NN64eRDB}mDA_7!L;F>XKB9-pg4_+d+}PRYaYA-M
zhdhyk!mT7>Pkgz8bM_4?I7@Qas4<xOcy#zWI<Gz=QC_~q_!%;eQ|+!;>MYZN$uoeO
zL#C80bVP%FqpnohZAmR|)j${I2CC+74S*|$pUr5h;|J)5Q=dy9ik*HQV$vjzpjgmk
zJ7-9D-N<7oBQNq4K)OO>JfM^Bb}-zxjU#)FEiGf{{kD*#o7ALVP^0pfkKBi5QHR0H
z!*lIF-luL&TKn9D`dIOD4_F8sxz?roRr!(Zgb>5FswAqEQVRV9wL9UsH!w4ko?_3`
zbUp>B<F7Bi|FG(l39oc_|5yyXZ@8)GoqR<{3?c0NT5ngh(oadA)Tb|>PFVv_l{oW=
z)}~2)3^byt3eo3>ovtJ6YvN7;JV;}GYqMdyto(dkzNpBs><nu7DFCjmI3@_nY=u5k
zeR`mw<dNN*Qm<Sp-O?giotv7}57h?NXF-e-dgX*V&V9suokf{P4$scx@vjQP=i<Go
zkkrv)y{J<F>`%G@8l4(O--9ezp0h`1-S7ReD^F@KtxW_YteX-GiW)^lg`A65m%DAn
z3PuYDfeO}4&WJI)5`{WnUymQ1+EWAlorgVjgqc%-7_7e><dHlW_}tnL*~fhfQ0+d*
zSyooi3ksIFkzF=pGN``{cAp_vFsV1!Ca$rm32k%_KpV*2#)w)f=!IPH3@zkA>{e+0
zdbQSrNbALA33<_ux7$)w9*~^w!^90m2Kyxc6Fu+P<D=s%YqBSq%#ieLwW+U9Cn`OQ
zj>X;8m7W=2y{r3}TZXrTV)vMPMu%oZE$swjR>5<4G`h;eE>N$=lU8kYugVajQ-(<6
zNT}>^ypBV-Ri-5ipmY{zyiUSeTh?q;`X^A51^c|v{7vyMTa)bS0@5>4{tHN(yH9*`
zGz{&^hXV$&mAWyZe1e9)_o#upP8C}D$dj#}Q-E#R*57CTvXu-_yBgzwl~6n6m{>;S
z5=uyv<L)e+PAcO8*h~{_pJ+KBUT-s_7UY=5@yVf5?2zsx3}WYw;S*9ZUgqPyV>I(8
z0P`GhNibL_Sks|4^i}^>FEOW}pnQh*t#_cWZ@*?46_{<R#?Fj;6sSet4_Pb|-E88J
zkk{qCfVj^7#<VNLuF@)7k^FgZe7T5Wk4GnV8!N$`zM|=+bw%LCa0X|htpvUDFK<Xv
zM`n&_9MQp$$B(1lX6asgvR6#aPB#J03T@z~SP}MVs~&vt_fFCVX?#t^K3F*@DystK
z#w@0RN#&LIUf2b#p%U5DcWnhn)x&wZweza2B=x)r^voMob%UOY;w~w>F*5T)KAU6O
zdoKvn5E<C;`Z^^foLhVALC!(wD5qQ18(kD^`K?TU-#74p)`7k^Qk7@tGX}%oC}=`h
zM<#N&2jDj}C>jTb1laNmFq{A+4k}PA@x0oWko}1fUmDOq=oXdRYM+KjNBfCuK=8tT
zb=Z$f%cgE_`sEwJyja2-<E{PRmHh{fJU<ME?;FZYp}1wZh=>fX9|TP!(7TxgvCJ$^
z8++uRWZYCyZgkP3!g{sl5ppd5lRLd%&aY{agZi6;P6qcU*hAjjh-u8NPG1KF_H*oW
z&IGCWv;>fZ=nYjtdleAU<|&{SNjX}Mn?zUp_p?#DkNcoH_5UbId?<%w3^S+H**EV}
zpHz5CJF9WEL~!)AjO=7jCla)kNvK#DmH4=@@yOcNCqH>>bik;#$rLv-Ca|D;Aw*NQ
zq9-Z;a~xjB(Hl;iyQ?s>uAu?;B3{wrg^r4N_UMMhQtV2l#Rv@7wHj%D$37`UUVaeK
zY!~03ozkFh_r3R6NTG}RayzZWCpZgImdCUsjS8UR6VR|U3<$h@z=o&Uenb0YaQ4}x
zEvaQqdCkP!+Y2g@FsP)uq-iO$f>#Wkf|k^QPQm$|h-QuZGV^)dP!!3Ht)WOf_5f6M
z9PH>DOssIcf>3s|cX?D?{hZdhW>p6)hiGiQxo?G@xIeN+^W$k~)Bl|uh#PffY+e~x
zm05B@ij<MU0#g-V;>9vOUiacDyw}B2cNNP7T3Ma|I0+mucMS?lJ>;O($8=WNP9^y>
zig%Q_4aH@};eL{C?a5f1LYC<^x8}89ln4%<?^;~WfGYt9CB5qfD!HSAj(Mv@^RhyV
zqSXhG$F`Dr<=)r$@);EAiab8E?<*vNIwybQdPJM@r0>z*vHa6y9;c}Cu-#4I#7R8G
zA1T*Se-QRz`N~}N%E7xw!-=bjWp*8oC9&ouS+0l^y}?}Vb)C3?+J%KNAI=;?6GaYp
zF0f7MJ+1R|5rJ03E3FomH!;kJlSSs3!*Psz7#k1;N(ymTFva85{_dBK?73F*e!s5%
z2`l(%<i*Q_qxKT>P@S~9%Pu%`IQ((pDuuZ(stpETSE&z`e&R(@r@Nm5!maB03(B|L
zF@L{{;WM(i@nleFRgP*og19%+ok!Z)T(Aw+Q+wnVChd@B(Bd?qR<mC;Z_AJw!bT&!
zS`HxJeD-PAbKB#rthJ$L2VsJVDv<tu`I^Tx6O`4iS0Pm#e)ur9FW<(ew#uHyFw8B6
ze+nAGT^0_zq@>}{!Ht@YVCvD^u7&rwu(1Ygw2ft>K!0?~Zsv2(rBqe+-n9&*B&b8&
zNIR*G-5Isy=(ST@ui>VuY{4akVS<mc16b}&@l$}#@wHi4wtB&2T8~PIMQM>;Vll*E
zKP$((cqLBTShz~Ii2oDL5CJRESlcj5quXR`#pE6MNxtu#v2TharOYgg6TebsMuqg6
zcTAIaX{4DEfsuC#`{esXONf*G!i)+3%ftE-(m~dEu;hHTk)eH)_@J9JEb_t<v~@0H
z8@?;{QJ2mCUC={qt)D6*9F4|28q36YiK7>nj6NXBQf6Bvya}lzL)9?+a3Uw#d}bjL
z%QFb<vTcTttq5B9d@7v}n#;soh}Wio%k2mCoJ};J@xy6!Fy8Nvb~D?<c}l@f?O1pB
z?khSz{Y7umiu{A&AwKbXkHI3Ry26s6j0wTfbC!aM(MXPtW)odmLx-~RF1F}RO%HMU
zf$+C+u|c(reC7Bzd(IIE&DH2yoS}fwF)1Q*hcxIu6C$K~r0Frc;nCU!EMBi24HY>B
zWanha_~_GY7MkSf6TY?C)kCXWeY$T)vhyKIfvsW<Z7DlH4#G$U6T2wdNr%E5Y($%u
zcd*2dm`%}~^n;&olJMW?`Qczx27Uerk)&gF3b4yvS`Y-s=3lp!V3{(3yq~DWa!+ii
zzems9t<m?%8$Tzq$Pf|Kdd7-g<)Q;sVignz8PTo@r-0Xo#Wn{n>n<mxZBF6LQ-CNo
zwCSdqH}2yyd}`Wz%)cnr?cTf)s+3;s#<e@pHQj*rA*UJa|ENlP|43n!H1D&%yO9!T
zv;-<Tt}2_S`az9t?=WNjo-1@4{LYQ3YD(l#k@ExV%y*2p=Oauw7j_?b-kbsRgwM0o
zXS>L;%CiApXe3=Rvy-V%F#|H;O~9s%1s!$nXRc0_wdmWIu)O9U0KK{Y?ic<~JVYo=
zG(6MTg#8g(tB8+EVm)!tJJvQ$7E9;(3lRsE>e2Y|lBWnh8AEHOfq@qI$7pQ1?g=tB
zJpBhwcS|_#Rap0BM4GsWE4ZS?jnH~zM5*Fe4N4gBc=6HIjUDex|2=Y!`_gUnDzXVq
zuk4ap5{jYCL8Uszh9>A=Cl<492D9Un4(kRpwr+bWrbk~i?`dg++sJblcN*mh33tMS
znmdi@LVuF%dW*E0zBiaZu`tXk;%_UikVjY}RYdWkOTNbER~B%Cty>VXqQ-{VeoWmh
z(;ezdiZF=J&VJ&Nt*^*liR_V+f#mnAs3*63l}45wyjLA1@nm$%J3+Xh3AzQcljTW`
z#SAL-oEu1KHg~UXb#aBfbPQU}&0jNP^3{=-7DUPI^)~RL*>K$KGw1V@-Ck-OpMvy#
zVRrr88HU+`*cg|Tu_fmoET~eRA~+WL+mb;!+<e#i6mSb&Bu)KQ59QMW7xH-93@t)s
zA^PNtAQl|>d3;uF$Jm67<xO+Mc=-!osWPdnPS0GSIhZ$<cS6HX0h=>^Gg|9uWL79D
z9y#v@$UMkbuH`rZ?xKOZYZ-k4PIh9-M^a?$0HU*S*j9=d>dpPeTeGjeszFAmMRpFa
zoM8I!Q<tTxX5b%NHYUB5dAeLwf&DBJ8))9trp?pUS*E-vdj8&O**?5*mAU9{7CX@2
zHd0VH&J#|s;a~$LY?w*^6`w}0NjB}VF_w=F!iudTZ0HpThK!8Vp@@}tjxSx{!BroW
zp}spq*~#R2zoxOFF`CwNO-kzC*P+-Q5&<3{An+<YVm2HSs-0=XCH!)$%cZUIMiG@*
zWg8|oL?U^Imn%lavJsH+?~o>{U+X^l?Fe19A084vw3)5{lvIa)gYW?rPDCY^ex<?5
z(Pn1a!YWyKQLl)0(EzTK_k9Y<#xVM1@za{Lci@^Zi+ot*TSCyLz8Gx{nTSCIFSEQv
z3L3_N8%2ZOlMt%G7A_>QwIk5W<7<gdYA5wO+R&M)(R{c}?TQKF-JjkGPhGa1A7NT)
zb9^cO$KKpV-nA6wQk%rZ?IR}g-HsgKm3@yD?~KP2dGJJ0xTSGEL9Ax{e66<Ch~)O2
z-r}bNom6cT9(di3+)G-SV8G@~?OU*IPVAYM?@LzQlEV9)_X$?@&h_F_ZasCo8tXkh
z9YQXa+OE{MK;2%df$Tjn)wY)r6)2`k!#Kho8p8@v&?HHMSduq{m@2B<E=uIvmQ(IA
zKJXA2yo=Ed{wz+~!@U1&=~EW6TbA(xUMUZ3U)%Nqc58Z(!Q<U?(8T#aE<%i-`vlP=
zXXhNSk$%lxt1_JQ+AP0)(oF57ja;RaeGHrVNe`Ev9{h^=%a?^SZ*VxdmTM*?uA!lU
zDT0Qv7t0U)VC7697Ms!j8{p@8rT+qdx=Ejvi*VJL$cw_<Ld>_G^PSq%C+<c(RA5j#
z?dO~MBTeASP4i`nwR=GYB1)(OV*>6bfp5VUv-2Iw@SYR1cB~T%0<3K%4UMT=!(YUa
zb9ss_mIe@?>dA<~%9#<L4Uh>XEZ=S5pt~!5aAg#7$v&q;BGw<6oboc;&8l-_j+aFp
zB%iojORC#!^sGD+qh=-blIjv(0rycF3l?7Hx3d!-FI>SG6LyX<QeD_EOKENt|Fkx*
zgKGD?Q^11O))ccgMgmq)7k~=iwe<$~%@ga(A2n4R<GIsW^Jf6kWn#0)hkLmgm#2GM
zUbvH>VRoQf&CMrovs9-BthRDD(zC0gh@mu{Lk^3L@(-V+o3FYviaoZjUj_8SvZ0Rm
z)tp~X4eX?~+Jlz;Qd8y=PfCT6nJc6<NGp1Q(oPpN0S8a$wjNyLQR&v^=QB_!gH^P#
z-3`ZvS7@vW^zsP_*n2j(Y}6yzrDXVe(3_6svk-g{-|z5j@+czP9A2>etLryouEUWX
zRgMzP0}h3|2=Po_lIalh5X@UP`i$$DzP9$c7jJ&)A8VBg#~?t98s86p=Wl6nZd}8S
zuUj%3O6nVsCX|n>F?}};(+~o_mYHybVJlNGb-ze34sIdrg-QayUSUF`*+&=J*wpMa
z8b4VnTiFln;Vxk;SL6c0$gJ#-uLUqAUK<OqaJ!=WtjW=!g#G6171(1k?^)P1>m?av
zc2q%H1riw+8QQB??Rmvid)X?}Br@nSD?@${s~suBxvHYQn*NYls;el?E-PSXb7;=P
zk9QnTScnl^9}3*PIWpwdW4k~%U#sM9c8e~H-B1nRLX7N)Dx#wisXM^01qB5JO}VGf
zj-MqnrRMi4*Qo_LyG9I-47!-|ILf&b0n2nmi4|f{q@zpcnzzIF5uZOHo{9U4$*Nu8
z73AB^af6B_C#!<H!ARCFz9?&&<I?~a)m(=a?~A7a^XL_wot<k=&a8AFi`|qi*3f_h
z&TxGIoXMp#f(<=~ybqmft%saDUCg7<TL(hoAb$^p^&~Ydwg96oS%KNm)Yy>!&G3C}
zT8xZ>2XM^5D9_$gjj6O7vELZarZ!a)as#+dy)%@_=6MRh=yLv*-0=5{?X8$-<)DyB
z_Gp#rh4ER}KdbnxQmTHeN>vXm`BY~n9M?BD8`naHxN5CdEkRGx_%D~wdYh;>qm?m&
zLO(K3yxq;_BB{yZW;QCAn;eUixhoPY9rNlrr76pHp%FYJ*=6Wd?L6|fV;~STZ>C|k
zACbU)L*8mBNQJ#+#>)%Db4ahMfcULfM-1+Zr<+ym8fcBs0|>9KXFKlImOfoJdgiX3
z6O~_WS_x_0I+5W3B`N>MWMaEs{(&!MRX(A<kHKw~`1lmSCWtRCD$HMC#a-!(WtkoG
z)`h(J^5*1bL12SHi%Q5%F(D;miVF%Nyd9qMPCSx#!ME7pB!;DzU_bSeOIBW9KBn~9
zH3KbaIiLapHn5@b6E-v+bS`8|r1+|t2sx*?9BMjFy95O+2_yxY6~r%i7l&y{gKaZx
zB71t;WdG)WO$#`dd@}!ip<b*L?vzAwvS-M!v*)_$O#okxvZJT{yRZM5-STSr`t{V_
z-+FGOqS1F-uIb?Mb-;S7pIV;+21C0HE#WT>m23aZd+)Nm4EbZ}A<`wkz#gk2Zi}*z
zg%5MlY=Lm)cV?R3C%-t|_}DqU5t{xbiPk~J?Nzi?scnw4Q+m36i~B00hhwhnBNy3o
zP&j3#qjy(HQX1X9kjZeyDb>#l<a-qF?orU_g5tGR+eb4AnudptTf6y{Co&FAm3*8R
z=snS0cXrxs%~LP-*U0(1!Jinzi%_bGa6AbV4Qji5hx-~Xe>tGczAGM^<QDCOkcry_
zVlf7EziMpwKqsm=N?}?^pmbs71W2$qiGl+OMr>>f8qW?`!P#$+HerD#L!8592FZr7
z@mB?jPB<7>YU;)I?Ok$bUThTWI1e80g~u1o<Mqt>sy~x_B2v2Rn%(@jOQY9efmfV<
z#vv<D6wdDkOL*aleXf6vdL8V7mv{o1ib3gEDd<Qgg<yUxCL_gPAz1Rn8@EIk2-SLD
z=B<@JcJ=CxQ+26>3`oj8EUP5(u767XPNmt@s&VF9Kc19~fW8G|7=E^cey&hz*}DDF
zyy!ZFxnyU%^(fJ5Cv*dU`ycUqt0n)vhBi=q+*4Mt4QG|dk@Dcam_ni4S_<Z`bC93G
znP<9iq+o7rEA-QHm9deozPQgsp;(C=zqun%DSdP7Ak_soUp^Y>M=n8v`S1lr<4u1C
z9LQ}&u3u?42zAKQSG^#(=cr|o_;4$s9cR5bc^8Uj9yv+17x?<~W%P%lk3I4|rI=1B
z8%7E=$-vHu($)35F)t52mMb~-6xLlT=jFE`?r}9djY>{UM99Hm+J@EpCpmh`bEugg
zAGbqzaKv+pbESv+9f{y>Gff*dHbTM9DuTZL+x~>Ed#^v(2=#U{pDBV8j~kmtnY731
zK9OB>_%r~F9N9LyxBh4+maw`M{xr~-$yxY{%u}49l`v;NyK|)Hh@m?*B-z7OQ;$e9
zwvuc`Wu780i%n5Z_5D}Q^w}C5uB%KY@>*<Lo?BeoDwr)BfpgK@haqaM>W%QCKf{C+
zzqU$N5^Y$qsAESB&ky9`4r>2k^edR@a+NbtCjFx)x5%XhpG*j<hR<?!d5<)8CaCh6
zt*pamW;T+)J#0JDTe1iw9Aq};XiQaJnF&wHQ}Hcs*0d82k#7i<*%|ml!8<BAEi-t1
zK{`CJrct7nGcV(PxH+MJaIEM_S%<FfIgX7US<zuEHy6$wnZYF>5P-)Eu<d5Q=jvke
zCAlVDTjwSZ6}gl^FM)c;Tr!Q7T_%+%Jf#%2E=?q^uw7WBF+VOVDTrrB-PDQ7SUy0N
z3G<e<y00roYC6@#B&Q7S=quQHwOa4f6Qr5>JMWxxA;aYYjqYs`pwYhE!5*+*q3@%Q
zTT7GN(LL;~UNYslbv6H)&T7lQ&4+g7%D$39w4Z$X<{)d78`LWxHWm7KaSkpSSHwqG
zWD82J82eowy6r53pZmTL9_2S}M@7fmhHfKeER9Y9E#zYrk(diEcVj{r*poHe?+|01
z1<eYY(!wu;kfX!f=-ll)M$w71Eyl!})nc58AWmX#6QZi1?Nxw-7gY=c*K;KCEdTcX
z26xdM+EAFPXV}crfW)>uWyMQ$@0FZ(=RSvOf<<~1Tr5#>6Hy~^gBW{c)`J_IhvqYj
zI_eCJUQ%V;I^k|?a;Yr~3rd**Ki()v@xQM}g`_>ti0{=}TC&F%C4uY9e)&%GRir&J
zO8|!x3$y1qDwwU43OsX0PKjfRU<GH9kz%Y8adGh4#DQJ><z_dzWsXg@JhSFG^g}e4
zH^M~KWV~?hS~xxH6p%WLINCGwiMtpn$-G)Js(w|DCpKCkmJMAIJ))HjlCe#n><Q|b
zAEQ<<o_I>Zd!_2veGrR$s)z7C#QXIl_p(9TsKNTdmvN-8B#t}R>`}_q;57vASgSgY
zr?o2Df6ZH$VLFhejIbbO2vvVs+h;E<@%aXRRG-){uAJ|BnLTG!bH#2)J-Ie4pAU}H
zT)&_cN+{o&G&=?4Dm*o<S|im8dK!+DTMTAU>v|d*M!$r}+FtsM%?J+h5H-)ZAp4Xu
z-W@GRf-=mE6jgsyD9q>{{uS`yzwG1x3E_gU_Jqbg<EB#b3{@?~HaoJ5cYK@9ejOZ;
z1IC)H88;gZ*vj~b63zLO-ILYL*-ruXukIH7Pi+2&jJ}du)b(<=w7W?J96{O&JqY&y
zi1{SiSh2OH^|d5^j5Y^)yWcf{uVp{!?b1GIXkd-CKmQx17ZY)AEAmzj)lMSu#*p@-
zjm2fvj8C7-fZNwG4rZu$COe6<b6l^8erawrw}*cI6fiUf`|v+>=U+eGl=4!rHi1n&
zTO`-5NQ`}T2A=th`%ew5sOUqa15|h2>s3T!Q1jBiDE<rMD3aOw>t&s=(pTV|Tai-r
zcqzK&138F2Y5?-=&UnGv<ZU(3Sb<%=>2>yPW%zM;@!?;j-|!707b6ZbNFmLT;HJ4>
zd(}ae#36J~^;NSgMH~OT%q$#*u4p=ssr_$6qzPU=x3Su{uzWUj#hw3Ox7W-uAZ!lX
zv|r`rPn=QEY7f46DM{bIPRaF;5_##2fi(;V26BiPE1dnyJBS1NZ?Xu=;Syf*r5&<a
z?4E(Y28aAh7Vq1C&kD(Rvn}PwWDU9heTmHSw&E7`{4-VdaDCB_M~JA&cMw6?fDtQV
zOC|Q!ryAC2ZDl_|=}NI2EaD0Ix+ug%EsF!Ki2<7^r!=7Jvi8qZu>RjdeS*8`0%P-n
zZ_|*M6}O9<!yW$FJJE&MeuK54k=UxP08@^A9a-an)uJ7N^0l+Hv-qQbN%m&K-x|k8
zBMo+9YTw15ixU4$vi~26Ou)Xv$Jwbd+o7SXkdrU}HhO=z@H2;PY|{D8)V%zJNvNhP
zM~u5}_bJ~h(v8c?(yEbl4Xz_AXwHTFsigM5ZrJ})^oNfK;UGGzp1#~_GrdPPZ@>Ch
z9)VcQLpzsKxQAHYR8P^rSks%f6GCnExqBvP*dl?%Hte|sE+z!4h&_qm5*64fRlgr#
zwsG#|1=II^`X5CF9DdlL^mP8O_TD?H$z|;u#;sUTbfY3l(Y+}mU66ou3!w@KB!rIA
zNoW#6Afc#RQ9yzO2-1SmNk}3fB~%L?0V$z{A|><=flz(3&vVM&=Y7umeCzw3^RDNQ
z?_P^_Pq=69x!24!GuK?#@A^#^R3pZf*OCMWs{n!8>%hBPe`pR)0w?$nZTg2H^3nP&
z*x?@?G4}tgkm|?1N`LCk$Mju+C=mR&JmdEzQ;mbFT2c+Z(eXQ{&Pd}{1O5A-+j_gG
z<qz{q@sl?DsBC4s?+-)l-#gvZJ;_uprwQGj+<K*TG^g1^wpa2dab9BCBFJ5^-x&!L
zj1W&=%ilNz`1@S?mjt0=nLYbccWU2<)dxW%iR2#~i-PoY;_k6M2<|^wV7Q2#Y(z1g
zpw)ZiO8=mB24N#?J76w``Q+H9(tno!&$a#ji`(2Y)bNJfzSg6IwqJSukL_`nXdR@-
z9EdbS{>6ij?>RUmDOta*or^hmFJHSDEyFg9h+cV}8peDQ{e#2P1N!)%t07chIk2n9
z+<$O;KRTNrNzwhmk?5WGgTwOYFsHv{=l#J!>G<wds<p9~zIxH}r&{Lr9(QTuL3-SQ
z2uA`!YqFU82S@kj@<L~d6#*L7?8^4x=Pr&8WGb;g=8qRAxG!uI<JCdi|Ls7k6$G|J
z{@`$*8rpa0*BY-n3Hm*&1^N9ZX6CccPU6w7AZ~1HK);n}uN6_Y_Xmef_|?)hXXvJ1
z)UwH&qU=A;>W5fr8<@~X*2INZwd-d-jb_2uBWVuKE<ZTll-%MX{@b43hR!0%M5Te6
zrDWN60D?1>myGMM6Df?q@#g0G{XUNj0fNAcP&i^wXh&D;CJDT$<FFkC;vm%iR;xEX
z%}c0hYW=}+{onRfzQkX*wDc;Y8(^i>Nh#|col!6(;XGy}%<z{443)!aI(}8~&-o9y
zh%=*m&nB-FoQm6ZVygjv?=`7o`T;4VN+jY2*tZnieb)|u8z3EbXG$pmm10hf%>NRX
zE^8hy&H8(R|5F0GYb*f;U>uI{XzDw^AG+8ePawl_X)`Zh;+bIKgJ+9<Cr$KFMZ<`9
zd6~rA_YKVt@*+B$1u91;r>H!pVX1ib%Xxq667r}R@sAG2b$SxXNl8;`H!^dccTq16
z)<INE*~k;|WD519=KuB`yuW2t8uboWRwNP1Z6s&kkvo1##_7L<3#e%r<qy?^#+o}4
zC0Z^7vkM+M)8|q#7BG9pgH8egcoPs8E?qi*epOXp6p2<(?#&=j*3W%B457suniM=b
zE*`PkDil7_Shxs++r}>d*`6Os3HJK;=d0i%XU_bYEGgKCYbm(sY3AX=yWHmQ{O*d-
zrFN71RtE{`s={l})BjS4>(9Dj#+BjZJM$$<7c##tZnYR(L^SA&tr0F|!qY4oZxymU
zL2J;ps<oP1_x@ZX2L~s3!{^|R-<jT{`um0TgkKL5{h#;UhS71C0&C3dT*=L{i4AQ=
z0&jYY$cWfNf?5YIV}-c%(}RC{52iSzVpmfyd7Yy^_bXia)?kv?N{<*osFV*r00^-z
zX};I!TTOzAChSQTDGRGKoxLXftP}xO3qioW%(a)pKBe<6f%Vd7c9uW${NP}s*zsv{
zU(pkE)Vf!5-gTkI2;In0S&Ah|naiN0plEnf8@%#1A1)FM=6XqH2EA#N6lQrR@H1}3
z|LwaD@p@KedK{cz<#sDr?$3@Js|wu@A(3kOCB18z{3*8b_2+$iyEc)*!dois@LDvK
z9nhOOKF!{dv|c3~kYu&WZYA924Yr+2-*%=s(6SphXINC4)><>6mS`BW_)Y9S(1A}i
z_rMAOVR}5;uh5i5nCulnDRW&DyZ$FYJdpbK{2v@RBk;bpZJ2jVRGRq@4(Vj#&WG}Y
z;h(@qz^iaV7$XiGW|4S>{(rGv-sF)TZ0`r9VBGF|CTWSTX^I(;y5@1+VCT~0(+OnO
z+t|+b`MS2~1uwH|UPqK)9neGp@wYbp@4g?tPY<FqORFmxJv}ny@>@;$UjD{NsD&+5
z%tb>;OG`PzR9c#$G2DpD?%fz{J?oNV-DgWdo=At+4ri_7rs0Xt@kq(-%%HIXw~Cts
zf?i_<+JNEjcxv1%{YZ^}pV1TkcG{L4!CDrv3g7ECt;^prJz;r>GF`5uR`f^!$D3eQ
zgGRK=anGNR68u)pD<s&dHwsm8LID=gfpGg?Dqp-3#}Q;^QR~v(NQ?d({5X({rCqzH
z_x25&!Gv?4do}sVqvJdE(mgbxn#om`iKyrui7)0os@Q?eJoR@44XZW_FY$~#oFPdh
zaeGfK_{3h*vx5I<#UtR@9~@jEK|8fyYpWi81`8L&u*~N>Xa_F)6PUAkKV|Relqt=1
z4R)WYnyGq%t7NoZWm*mH@T0PbIhdz}cPjyH0-e0AhfR6&Fw@U~#-P&hCnXy>zfvXT
zFBJ_&McIUpTD>;?Vkqi`$q4u)ttmLOsbY7w$Zaj!q7tu>wGQNR(z3I$Lt#4P`oHj9
z?O`qPfKeqA--_@jq+Bzz%Ru1v1pAZOn`cWw+DjIMy8O>_6^|+qpCVhsy$Z%ZIax{b
z_gyF%c~{j8isEjlU}z_RK0GQESk}fRk&%A8=75_TfN5>()>{Ma-qs^**l*m>s;A?&
zOWEKuMAdz)N-Q{EZGw;x-#j?2@+zW;4abTZX(aeT2k*XB4`}Xc%e=dYn)`sw6^oK;
z$|nIlv0U4Z2}I5#T}EdMJ}gG^yQ=WN0$WmH$&p8+vrrTLfe;fl{vRAQ=|{ux^HS9~
z)&7Fz>|E;>sfunC#qkrrHpMA7De`3x!%-Uyv^Uyh^fBlH87(p@FHHF6jp31#IH~ij
z3j0~8Xny1pg{d-@?-(fSw<#yT_L2qyhSk18n%2aq^ZoLrXx5)QT-ts$p6+!)wUV2<
zvAGKXY5>OZMFzP#{gv2!k?2KO=S*a(xQ|rx{$TatY}ZS6K40MXip84O7DffDCaIT!
zK`~>ZWi}%u*n@;vc@jGw<>1OGhHVYBO8A#hNmOIU+R*5c&yMx5l6Kv@AHLV!Fyy?~
zlPHSA*dT!S?1c<1NsF-;8<Dz$lZzmRX^=w{2vMJEhX^exb4qR$r3WqPzp^cwFEAp#
zD+Aqz=9C*6PDm;!0j0@k(^rw#2FYXU+x8X~bvwenZ|XzXDk}KRRNunW(WI-7%uy9X
zza*0xzFs$GGhOav9UtY4)tiKgz<Bv$U@;=6YGQ`nZohoU!iyD^D#>5H;#}@zI!sbl
zb%!loAPhdoqpXuO9N3YjDquo`yv_2u!}aR}=~?`=-xk06SdSt!5Zr)+oJOE%N#C3*
zx<q>GX8-0ol;LJMX2pYTBJ}8%H1+uT60^rb9F}Z`8)#SS-?B)0DMi!I^;d#FB=EG}
zHsUlK)z|X(M*du21WX1vWr5k02*Mf7Wj?wMS>+5fXaArYG&CDG>r$=St@|hkabuqJ
zs8L9<Be-YHM7;2<$eV3m0vTPd8$b-;GL8bI$r|rP_yw1u5FKv)oz^*ooRIU%1}~>v
z?(#<+3wt7tAxufpf?$Du;@93~d>;-oi5n^aSY3{&cCsu*dsPj+w;2YG;}KQa6?|=?
z@a~3@IdRRKG^-&Bka2T*#8XIvndUnjl%o+biLzLH_9e+Nrd6IWM=a5Bl2z<%7W6Bz
zIxF%HWX014Ik;h-phL(wb>*#$`7`@#u%r~XvM5)r+W}>cy|C<FiJ8JCvNT-MB34~A
z4Cyq~P(Tjjp1^~7%!59u+J6KrZaFwB+0@(y7?;*DzL1OvdC$Klv-jI}qBH%;<ixED
zD+LzHZ6WE%L)Ra3L{{MT(yX;CFN(7Wy#`s}p0dfg&Yh2+wCXL2z<-+N!69w4VzU%&
z&&u|^4oL;qQBT<?B_6ua)pt{tB1vhKW#f<tn~ucVc$wQBGB-}$*l{Y05|6+tk87X&
zG8mc4QZmUpdAqyAivMK(G^BGbwbURgn=G0~EP<HS;K(<Fv{y|rYiJb^5YF2~v&bx8
zGWOfQiI5_z=6sea-hV(Z_6nFUzy;Nu&GtOI^X1n_h;I*^>f^bvK0Vrz7;6Ym2}${R
zqY1WS=ca4qgI#{5f7Oul<k@SCq@IK&R7-D=Um?)o2Z!Q1+_L5e#|^#N`A1BL_#LGH
zZ@0%TLB?Qw=k%Ej40YYmm)b?wuox*u6{%GZmDQoP#btDxHpZHpgdC2E?TC&d%7mCN
zoZ>ZX7Qoozy+q+J0cf#&o9FO1B&;e|ynl2wngtgSf5x=P3?Vb_(hVHbED@%NQJ!yz
zCn@6=sUl+J$ZkW<&k#-PEGz<}Y>X|^lX%nrCXM7*HV9rcrY)U*!Q}11l+Gf#-gRuo
zCn{N!`79S!NHuZ2qRbcd(j-PzF8AV76U~sl5Ye1RQb9g@%XtnuvNFK~e0)R8<s(Be
zS8xmwQ&AE|4G8LN7S0fs>MS{4?||AANlfq~^e>eM7~ci=v?3PLOr~)sfi-RCKfH0x
z&nn1k5+%ZUX2s0vV(Zd|hcbn3BoufW>nPVPAI|zdDJxW7kxd_oIrW1>DaLzBaT}BS
zRY29&Ln<qal3yaqlMMtIW?EEe$20`DP{4kHw(!Z9hOe1??|1U%?&btb*|;I;LTQg~
z!h;t}ZGM{_Pug1t2;I@iAF0D7{5obn3}G}%ee@6fqs-;-br?eQFEW?L9+dYmX2G5W
z9453?4j!yGQh+=;9+Z2n#--!tdS~@S0U9yt|Ec@xhrS?Sscl2<n2JJ#;DBR#jeUc5
zgy~r+aMgN?Bz%4EqyO|Brcho5uAZQ<s2dk7q0ff!vm=MpzUO5nm{SEreY8Og_0Hy2
zNXK(~z6iw$2NM;eb;!nUuc8T|@*y2Zx8Zc@Rdb^2bN-}2))8?ZJ`y!pfU^##+I&G@
zISa5&U6n=1RVt0B%zWxj;jb@Vg9ShWDJ4KVR8B=3FTz?ASJ>ehClb5NaDq~#rU%n+
z2_35PCfPk03@{Q$w$A1k2V<hQPTHk)8Wi<(mt2MDVRVQ*JQ7n|RK9+P&W_E-3Ph-3
zu}_6xW1=~D%ChZ-<WeuLUQ*xiBo@F9g@?+Unz>iEJ2aSd!G8;yOHKTBBMXXFM90aM
z(HP}rU(WZbLZ2C=D0=3W6Z0i(Yoku?+wC{8Ez~@6U4b4$XLq0O=qZPcQ#_}XIr{>4
z*Q{slOn0jfj(*aY%LhxshtG;e!%TS~Th|UAtCpYEd7xC2UxA%%bz+iy=eiXed@T3M
z40bg&+{&9xpqS+F3vHst5m>;hCF7aFNZOi{Ju|M_ga|{}^l0{XYDh9}dN);!ZHL3K
zw(`3qmr`&zzLdaU0d>z!zOX7-00zZ&62Ym}ixV-wsCGTPaj%=V&yv)k+_wCo6vmsJ
zMg!AmvWu9D-P88!G&Zvf|4RY`#72K=t87su%W{qIu|vwa3or6KYn><5P73B#g3Er*
z56(Z?#Wf9ZjP8Itf^aXIofeH7Hwkjbv%k%mn9f(zbC(0J_BTltl&9=TJ?|>Qm8zPY
zmUPP+YL<?M+we>Av=Gwkx8Cw=rp<3<M=z%6l9`(gRur1XLAD_qbCby&sarxmWe5JV
zBj6~G1PxPO(;5Ts-O7B8yWL+es04%>&E0SYFO=EjKZxk=F%pRlp`1viiWu|o&ZXs%
zp^|HP@SX6dUwU=H6(MQT-wi!_HMA_u#J(sZ_{|!9UDUrBw7B~A604K_J>Bz%cdKIH
z{G(y>T~E40vw8<kb5kD)Z~|o^DQ>HzITCZdWneef*<J*l@M<%bZ$Nv8W9}aV>`?xq
zM(%GOulQ#R17tP@j4<72Th%-4ZJ7tskBUdO1#66)g23Q4rO$CY#whQepqluvWlOpb
z^7GmrsRu}^f#I-eXWzQPnn~buvffZtkKxo5VLSI*>XGRL1UzFUO)3U)IDV4mf78O4
zB~sceQ<|YK>i;!%HKSfYaC5C6U*o}OoE1qqleL>Eh}-sVl-^aSfbNoP6+wk$Eni1X
z5Bpb6Xxw>iMmw8p@tKl+l(drIi%cQ?yRlYzvi=2)5@LEVj{!yZNnK&Jl9~J#VM_X}
z*@unc7vmvLi03%wv8&21QC3j?<;U-nxeP9j=aR|+Xk2wuoldp+vm{>g_*IG8mA%gm
zixfQ*166a?yuM5A4Y7$We1L?NZ*(Z^k~YH_?Gk*?A~W_Tg9P@2PrWp;B!e+-7l+H_
z>U<Q-U@{{~3I2c&9ZQjc_|%d%hyBDhzIc1y(~8ar8?)L6h&V|1(Xz5B7VnyMU8@h@
zoO_5jy_Mi#Hpgj|T;#h2u1+JND;=M-^!NdUI%9Oj>@S&iVoG0dmP2~)o0)>{-k+Pw
zbag?J4CZpAOu;-6H?kItAzPXsZ>V*XjgwXVo5w$w284d-n-z9mvzf^gFTml&52P3?
zZ%8rm>pE0)0xvIrUS3YC6;0{MyRKE{3C)($y*o+yV|La9f<<~{3zp1tf$@Ujro6%c
zWbVlp@ssuLbKY$4hu$vV4SJak&^xR=VEC|C&&@Ogpv{DQQ<D?SNpJV<lU6}bFc_Xb
zFj(i8v1(j=Iz8YhW|ndXCR2a!!?$TQFP|+b^>)U!hgdEH_pu}u(CP)nv?Y^qRwQj*
z_fU_<;a;SP&^<e;1^)D#*7W+)E7o|rl`cT+&ZlAecwte=Ssh_^h;n3gb=%V7lCkTw
z3JFSW*Vblx6oO+<qZXlDg1TM%*>PtxpFZg;kPNV$oxRwfq9(vi%bU(LRT+ET*r>&l
z-uby=_qY2GZ0J8xdeO2pnbs>*%}bIV83b%vhrd~=4*C(5Y<#(a&Dgeb^qd7#B(F@<
zBk2KZLX>6Cc+$bEF}8YV83LR1kA?!}##_=l^&&}NZP2A-W~dhe!+~2SiKmjTq&k0V
zHr4gXjp$-|I{WGG7Smg_3H|sy%orr5>$&8H^LN%1Z%-JwVp=FOL?f~}IJ^UBJd5Ab
zHRN?^xGHbYU>l)cMhp>KcDE;KlBgh>of67?!<#R!;Krbr@~P0AS<_RrVz3lJh`S4b
z^e4k()r1{=+32F#`>H2uRHJ&Tl^ox@3c$n+U3l#bJtQ(B#ga3EczMI%5jEYhJiK7j
zo7!8u-(qKTF$BD19@s+V&A>%Ms$XR4yVm7<XN>t1FMQORJ>&8obT@T!0Kr+qu%Da7
zH$PzVKU>tZWklC9-Gc{v9Nac28p?%XEV0TT9J9av;8?izD`~rzVqDFR#gk7Xrc_|o
zeV<D@m34L+LDYSvD$T6UDiL&OAbYh0-eK}0a7<qWvZ#I-KISiQ#>)9a-%#izhKVY-
z-b5Sum3&2Cjt=$#8uPLzzmQ{E0rizm{?oHuU&}UiyGu<<Ru;A{W9S~(dZ^8-cr5FD
ztg5ndVO#WGxBeCA3K?T>3ZZ+%ZzvD3aVr|#-pLKSLN$U#{BLA5-RZ$=MIhV}pf<=t
z>6&F#hTMC+-Z7n9e^fBoY3+U8YU#int)fxJ>DuPSZBD1!l{~&0Yz26qrwiQERQoQ{
zU?wjwGO9(6YH~8VCVbH+zr=P{n2<?&zQO$2pa(7%v1mcX0M|euFwo?kp3`}@k#>d^
zUr`IQb<VB#NNtfeyiQKAGXW?Nl=!)}hZ)=;k2)_bP^Sk#0wJSDK3-i36~;-7JAZ2$
z5Q)v3(jd0l($;}M6BLiEOUYa@*G~1r4D$It+gOLWGT5Y`i4PkmhW6_aMxO<XK;Gn=
zg6Ed{G%oQ=J>KZ?Qx+dcF>(Buw<AH0f0K43e<}_Ljh<DD+fXVcSIA92uPb`+-czBT
zyn51@C;F~*039GD@nAK}N-Qp>0jo<%nM5aap!?d|;R(S#?T`P`R);vfQeBw|2r<&)
zrp)u#4{1E#x1Y6>i*Ebif-WYo)}&<(=AbVtd2KOZ9g%G(_6EsM?ZF=Rf<t>F^aqE|
zcx_?0?w$m5dhQ2@!oh0e3D9xk3R{}ggoyhBkp~S|o>WI|_b)ok3_&*KB_9h@K91Dy
zEd)?Dyrp(8h92FNn|3M*%Y5X}Uq|4GtUZk8TQ3}}?JTD(JY)&<*QQ};2hsImPHaPo
z<e%z%@!iMqAV3YWqs+Vi%HZw4sm>DbVUJ`dR*eR-5^?gq0@NVn$!{!NWj60qRcp)w
zez0d5Ay#xLt^|BJ4O=z{g|`Ml2h1erY}OF&`wt$Zj}xu_;-ve#OiIWOZUipacIPdW
z<+ZucLPl+d{aR2c{RgE^OIXXd7(8BFr?|8TfVQ1;)xy+`1)6B8*nHq14$Ev@iP)G=
zv=6`o-^<ajJRJRn2~EXp62}#kAB_h9I?$ErgFTSyWhBg$EzC=c;zu^1renj>&Kk-l
zm9kwlJB1f6{+Gl`2TQlzp&`~61q9w1ykHe9M(j6_E62yRmRMtC%YTX;3ymSg`49DL
z4$mp)Us4iH9@on*H2Z}4;*-#IXR3zJ<bI=6mQM96zs%Tnuu0<>B)PV$)~Hf9$l30$
z39%xwdS1LWsn3dXe&d6EiHTnp)~at%8>_4<g3i)L$*F6Yss({nSwXk;4Gk#PQ1=Wg
zp`n8Y5p?3Ly~Z4;R9p4M@`SCdJ-6&3Lzf=Q6qjb31jr~sda(e<u>7$8Mf`fHJ5~{t
z^m5c|xZpX-o&gSu@2@`YwxyY)a5_`5!;E)lu2`W=*R%F6Z#e%p?!2=!%Dh#iQ+V0H
z9V|p2Y7{1@n4-<bA4`-HX6d#Yhr5@0qdXU8{X&qTdDbbvO}?*DO%8-w4=Udke<4l0
zPth0lfm^ooQNcGITrY3jm?@oLHNa}-uR*OY=z>=+sL9w$2zHd+I@r!0<28>ETN$j9
z%thR&>KpOL60o?6w2hJvouJ#|LaQxxXra&RQ&E#O?xEw6H=R7MH}p?9idgsN9`7+p
zIyZHA^Y0?UPQcgNW*UZAM)TrS=mB+2T_H|_+5snKmN@xo)6gRf<7uVp>XsfPRPC9=
zl<HBAeASrF4l<%9cL25ZOS{~*%e-fI#i<xE;#h*QgV)z!Bfr`gqD7iu2z73YfRxM-
z7L`YC-1Ah=wWgP7TJ?gLY6Tkz!Jd9Y3mzA+5rULe-c=chKV}@LBZm@or)V>TKKuJ0
z0<%r^K$Xkg!xxY4^{J6F54ZZ-n0tOrlm1F^0jf$@ZI*PETx59NTd+5s$=ld^G`&NZ
zA#Cf@_WKCZCXZS@%Ut|dI-OY`dUZg$e%a1E+AMXX{(}6$5o3oTT2tPV(3f&UV~*)I
zpN!>)mNEl6MLimpBZWpLZ!9zk6R-4L4e~GciCE8c`CKAwz%6?vSK6llB$O7$!t87H
zWma_Wr+2IBSCmr(i)ZF5?A}G9VKCRqYPY9B7P_T+Sn+02IXFJr4=%aVqpdCT_NN-x
zYVly-d66S?eG^-RV1xI~&aB!MNW^@|0@){OUQ;137`3HQbFLP(wQJwrObZCFV9I2Z
zD^T?G+A}Uw8A(jUVwnuI=6II=g)7`*QO)fz75imBN#80g>!;}14&C<sZa`pt&6hso
zJ8$r6zPW@@6{A-&02$D!BvD*iAPEFDNNa;v+Ob*)k@rIEH!^>47_@2%c(8U?9mW$5
z)TSd=9LPI;FmMguWktKxb=FYjcGORQ5EGuh`#Vu9%<Q%5+p90W%e~t0&|irmp!$fb
zB3FjTkj1sDHz%q!4%UDiz=~0WUYK|4V)AAB8x}1f)!XnC-{}2?abUz(FI^%liba@2
zx<yPk3N<fZPy5Bc4cHZs`T}Iekce$vVdEuprr4qWW~-A4))Bjj5#mAxP68dMb^1Cw
z;=`dka1))-Ad^H-eiBa)qxDc-Ks>fm^u225ycgWX>Vl5^tdxo)s|#>0oXXFHQk(P^
zXUxiYKO;`pbXQJa{j{*tH4SK)YjHK$nq0yKy2h4h@@mV#z)rDwkpnyea>rA}OJE<*
zLts0~N=hH+6!v>C^0b5ik<f~JQFr3Y%c5mUk34^0dTq+OcQ@0AYZ4a37}0M@Q8M~=
z!L-<)JM`_aoq@x;XQcWQ>S--pkBz#-;@Q%pb^T^yd8p<q%Vd!LrIu>mn-&>~KOZtj
z1<$;=)>ldP&Oqj@QwFW-F4R6*1fR1J(B<V+%_wQt)~&W>I#Tl+9mOLgDX3biC_ZsR
z3I2Aqk{P2mf*ejaM^;o!nAjjOu9}fz(IjR-V97ZOR0=#|4E0+^wj2GzwcXvPpZ~7x
z>NwpaJy?ZhSrsg^686cSwBoi6yf<<sYC@}l%}ukp6;QmYGSTtO^K_iK>fE{m6TG_H
z6Dm9~>cKkpox<0rhAmV#v06<TTb)mj8mru@4J%<h`1tb`YYnMf$Y9QImV0Pc?woSJ
zoPG6*17(ZlYr^+@j8*ukBc=n1O!N_yQ_rRMgqcv=7wc9%eK<$@hCMVjd@)5irQPS-
zLq1=vD_FT43%Zj>1M3D+n;A>n%~glMs!wMRdrqT$Rys3O6Kh~Fnio|j(LmX}qBJr<
z#56+s5wWwdwvYtegd{kzQFDGoVgK~*3pcv(6xI``Dw=~VFRjQ<4w9S`VCYMV<?quf
zP7DC>H)PrjE!|{;iNN5bkAD#F-;++uTdH(GGI`d!k<2%k>`q&yla_N`emC?b2@u30
zMIH9m0P59~2$pkyZE^tZ09zmC`9u;Ah-XtISmnWHALi%eIb|eYdK2UP3N&UtMZspU
z;i|DO#^M|gJm`=eL*D%&ty3v{>uhjQmnCKKwMfB>+>l@SOfBtYObQnKH>Gj}5^RZH
z=T`zPb|T+M72FHg?UpwavnVCJJ2x<~1%Y>nMHTjY2G$es_0d-DGD?Fwo93P0x)qN9
z>hrCs|7CCPjJ6bljkR!#nKR@pSIaR<5YoP=X?60NokKKhoz2a|>Hif}DXrJks|0A8
zW~+m`{e2mF1#HrWKYrHlPRMYhsBJc!Y*rew*|ewN>CmReR=@NeYfIVw%V%|RTb{VD
z^z8ZL)#C`+*snH-aj1kOf5Z~10+SI~?vN6pvSWIx|My1avG}vP7Fnb<W<t?|Y$tAE
zZW_G(J<C5Xpq*i;F^LTYIJXCeiT$5cn}3w~uTw{Fh&Oq$aLNHKOY_3_2i)Dt!O~t!
zVb4!_$L_Nas(?YBDGr~kxh|W@+)%q=Q}caZnrUuY2+OZJ5v-TMbI>8hXxWzgMei+7
zz~P>NvH<}fK-Zh0L_qWP%N^loQT9#es!h**36mOK-ud~2Hvj3FkqTmNl?I$d#eI7C
zp(3E`^A=FFtH*c=Tv&hJ3qFZFPN>eS5|&DQ1_bpg9)l#G%+KxXno}Pr6L?NmOePPT
z8_LLl9!X}1MhHe5Z~Em$POZHpyksx-zbZVv-lQ7Wb8}?Au_CzKxoL0WYPdn9T8O%F
z;uj|otjREbge@&~Ol>4rRcO5E3P;rXNEY*S*+6+XzIo02Yq4@VZ82acFzrSsI=Q#P
zdnEV*)$R*;Po&bWaXf!zd4#y(bI-f5*pCr6kQSS5K*vfUfYvRq14AV#Pa6YPCv;gu
z@Rrq%lOGK~zS!WiP`!~)_3@ppB4@1aAwDdXi<S;1o1750I;*Mfs$7|V;$SIoqGRM)
zrQ)~ly6rhJXHy-vLb3I`B9crX?7lwJFCqiz@y;17q1s(0H8~*fsZOlewFG>e`dsX{
z0SpIjx;V1DLFgd%eoj5%c(?in#{UI5fLEuuIRLdMb=&L%Vy(*tDk<Tf3)F^-CM!vS
zt%+YM)nW-4UEjRCC$5Lqzd^nYyL*svEltpwd0`izhPIq;qoRp6+`dmdE}0#1ls}o5
zB~Xc)n5E>tYJPLHuU*m$Qq~FdH3%dD5PGkhrU8+ZNM!&o7_&B=j_i7Daw|qLV2`%1
z^Kg9{h1~}Xwi-Ez73niFk`v6{y^3D)aVEhM!&~a7F>JP}J8!t%Xr&SKT_@qL!7W+r
zeBAg-PsgK(cypz+f?WJfF$-go-sHHx<){k;4>pfCzV+tuKgl!D>dH!PUpjHGb+=KF
zJtUfba6H$n+IN_87`Zw2cXj^|uXEVvbo)@sy4<p$Z-O3C<ly|yIx{ROEO6o(;m@x;
z@@Kb<Fgd$c+#;s;=!pZ#66}A1CHr&ffA#C<(9grxm5%e#1JA~+qQ!c*pF5R7)%MTd
zi>16xp%E?(GU29tgOS<{LjJ-J4*9Q9u8r)Vr_S5#vouB(tH-zWOP_6EEv#W#*-0y^
zT)C=%U}z)>A|ILGAy}gMbaZJ{XUQRHF?G~w7N1E@UV7pB@x!)Vh7>v%lYe>S>e$z0
z&8g-^$-?FqsmZZ@%A(P{=mr`_pVkei!AkhGJ{P^<(KW6AS~Cf2w1RCGjY(U{OvX6j
zJgmmHGBSD3)y6N~|5njCXv6pOoOqUP*!d1QTvUKLwvlra6FDX-Z~M-=)d?+mk*1wM
z7!WfSj7-%SHF$III&AUMTpSyV7q&YXViBX0(?IUusdZmCAT3)(_gUMy6K3=0rB8g<
z*ELjEs5j!<Hj&q`P|ln}z9cWX$?SK~(*VZ|YM<gW1K27LYkMVkOp47fJEq0Sx^iq&
zg>Q=;4lp989`@#=X6SoBnTaypSf(5m(>yO@!EN=(rcLq0{kkkt9;9ySi{eRvVKcHN
z4=Ey5Dt6gKGngo@ceCbh&kM_Kq!rH2ONpCEl<u}%^umkg;&--m1*Iel@y5m%r)zX5
zP?f?$!7ad&;i0}Wz%Bct#lY-vjha0LdUOvM+;$HKELSQGvJr4X{osfP_7|2EWdy0E
zUm96XZ_RCwSDs4ikfC0H_1Xi|op5vd9_IY{g(R^Xu}%xorXf&msP1Im%Z{XTO<Y9t
z?smd#aaVe#Z#D2CzT2bRiOF_}x{{Lf?e5Qb#}X^E;i(Y==gvK|SFbflGm)D5I19Kz
zrU2NEWQQx&y5llwo9T~3xmH8qRH<`y%=Ak&S1waoH3GG0w$f~I>a?ZL<rJp4iCu{Q
z$S~wVUg=fSu#k|B1`0m6A+1Duta+R|T#H#29aC?vCCOZ(9c`I&15NM9{ajDJu%}A1
z6Ckdk-r$A}At0;{GdZQQA+97sAh{rVc66YHeeRIl(o%fbsgzywWx1HzBcUhf986an
zK7|&p#3&T*1&-WMzfw1WZ`^J3A)Jo#5lHlK64)~H8f^0_l8;oj$)GmgN$~CII+*_=
z#80gzn_RXaR%gNO21)ij_Z2mxQI7}Fs$1o%h<+AECc<-17;hb5SGc47G#M$`d`=W?
zj<-;`pj^^CIn~S}f$V41F3lQm6{5nTjG0M^2j`@$PzV~WC&9c6DPn4NbW10;azIzB
zb$EJxCD=}B!(jO2!+wZbPEUo4z!jH91-rF@{N7`qx3VG|@1E5o17QpZv5L*_DbVOB
zEUX^_@EEGpfn8fsAN8?UGHOfcrjgd>nyu85gmXP@4b|Jns^l(@UJjl7DG?>-KK^lG
z*qFX*jnuuY7Hh~|Dh7_V9t;3y88L>4wLJOL%iAr58Qy8PorHv3QdD1<%ndbKe8Qqe
z?tjH$4T#x;{@5c{D!REm+S84nGfLXvS;*7CM?Ez-l(CPIvR4v3G$83lfXsehNrabu
zUc4STVT4ap5ihq~h4dY*-wN7>EW~uW#7Qa0z{wS9RpUEw>B`bozc1LXIF^rY;fNqS
zkOVXt>W>CPePbJkuu>}baXH0{Ld=X0c$=<LxFJzmIy-|*Dp4U!k*LDa`M278Rc^)<
zE&w;ppP4-3UWz{1OA52v-kj;ac$E`?FB8c8V7+AJyaK9Mlm{AbKMYSJvsp8{3uiE~
z(LOK;-3OT#KB#fcUO`>Na(-B=qKMncwRf$%>`R$wSIw;cNf9THX@A7e>n-wN+oc0=
zOLbOI`Ob-U3cB)_k!p3sIXJB^wLSV;(M^#uR1ZR8u%SXP6)W%Lm*s_|g0HkDPp#!0
z;aq!d=QGULA;bB!^*7JdsH*`d=RuETgi6Epe~n%n7FxDM3y1k|ku92DE-RHiqg8N|
zzU^doiN%jw&uf<2KC=FLI_AoITe@6fAhjUiMaRGojyZiru#ZJ9R?0SF@;T$19hZBx
zRPGD{xO=W};S5)WO^Hh=&?Ps2b$-%GB)G6%QsY-2XHO^VNJ6wv3Ok^_JOueohuWuM
zIcaAwC=gvlgO}6;-Re9F-6duh!1r84EQ;_J)z$;N9y#__Cxs5oesI7>hc3MOr`6=Y
zKrj6*_x}K$@^7E=FYo`nBBx(XzP6L!CyliLbbVKe6VX-Sv0r{BPaD%r7~>5~I*<GN
zoBpgJXZ;hP>+jkAlKAP**1uSY*=QV5cm6OtvWM5Y`7f~MKNtA#`E@9!$!F8k_!GRv
zPwf@xLJB~zk86jT7;fHOS09X3+W?UKC^L6|xx0I2%<f&Wmue(^4pZ-`NqjwhR)2Wh
zsE#OBG<r6-s7AD>9rq6NgQGn9m7f&U^j4=w3E8f&05NQ2X#ws}l#E0#@!Uovbehu_
zuZtFBml45g`THoWhY%=gYJd>Smu?XgG0*XJvGNS}hpB+P?56_Rs(N!laS<M_K#Nur
z$>1)ah=V})6kIS}{{7FC?W0jcwFlnPx?V$CT_J$ttBXH4obQnx!x+q$VeNT8LI2u1
z|J--~_qD12s+;&j`};R4D8~z0U5aew61=edhF<ug9)w+csmIxy9%InGC3q}&WJ><>
z7FrstX{1~*(R(p!1|}X^EK<{}AKD@-kKDBN0dV^iv^P+}R##+TA~8cvnb8rf9Abo~
zQFCd|z&HExf=|94k}?<D)bBaJ?z2Z<ken~R3f<K|=aN@eSThNSLD~fCuiigen?8mc
zei1(WzO|s}6L(jdlb5zs-G^e~%#6H<P!HkQg4n2am1u`I{Tw_~32i<DvKkPKTf%wc
zc6qMs;z`depBI9~C3!Q1iRfTDueK~EAa@l#)E?wi{<;a~XC8WT4RtwF+Cl}29W|!w
zc<>5`&YM1jNOe)l4pukJBwNz8p6+BBgRP&{pXvl@H-AsS0!2(0(1MX{GMso2Xe;CG
zmH&ta_#Z!S2=7nCyYO@k0s^Y^Z4%u4jI>+&#XbG{7d>@KD^^A($6Af!?({0Nx;u<%
zo8T7g(Ys;AjsYj}=CMPLZ$Av=O_f7vU#k@G_^VQrv7_%uu!OKXJY-A}*cl87*?+C?
z%hJ`v@L9V{(o9REPC=JV!*33~oN>l0E9JZ+PEQ#2S7k|m7rh7JZCLU29)9U~!P*dr
z>ojh$mXx&YjJ<u%{29ztYmm6iww^FRt!yDZHtz127qMb;PV_(chuChnT&~EdW#Ap5
zZiLp;J$z-Z+TxmZR#|t&^7B@U+KL`aa8rHO(hrWRkn@qTavk4m5+Df>35D3Hxz7}~
zVCctw_uu$kFtVzgVu;A!1%oi)AsVaxyI^3C$*rOX4^*52Pn_aEIFv*WxGdoDb<x!D
zh%%dFv1eWUY}eOF5)KdA&WhBjQO^B3rK0Kd;P<ig(?9K-V*kl1@q3<sT*ry|KFzdD
z=98ykktAorpRE#qVo>=<ng6dT`K@`*6!B8cw%0Zp<aao|Y%JcHftB`C(h-ScH4ilq
zN`e#4v8kOv3V*HXP{e!3@&lO_tkY(Bp4qZ*^1O9Fb=;a7xau+nc?OX(g<yCf3G6dN
z8ION2@xQe|PGjFCCOfdJK}m_)Ubq*^h#6Sg)OW0&h_ic}|Fi}c+zz+l_L9m(3wb*V
z6H_CxYRxx+nhyU{5a<6Mr2DZyub<BqWFWO{ES|-yKA-vRf)7@lxLtE@3I{2Rkp6u>
zK?5%A++}~&Ib=B-#@l+11xtK3{S@}s{`v2|nT{lu9c^!|I2auq6>D2c6m${@*R}RC
zZyPqz$u~b~{>7(la$0<+wa#y_7<%7dX7<8h(9%Mq-0O!avQN6K<rG19bsu=zk*eHe
zq=;>^6WW{(izU(rCw<Qz)DEZc`xxl-(#jSN#>;tsJMZ!t->sp09u#9>2pg6Z-d28&
zgGm11$eB<aH9ThIa6;9J?KQt3K2P+Ck`Gn;!SQJ-Nn@rjD@v}i<9SSN%y@3%b)-R=
z0L4_}p-&A(o&-ad&+qIRlUu#B3mk9lw%vV@6%qdm%&6|t)ng*Ls_{}hBWqb@8jZ|Q
zg>BWqVJb6uYi0TAzH)-413bEmHC(;qSLn_N6BLJi_pHjuRbL?pxzC-UcnNja?{vJh
z8*3{1irLa>jRs_1c<180n1zxoawASU@d!ryWr!pUi6fx^QxnD+hcvC>3Pd$R-i=TL
zaeBi5v2FeSAWy?=A?@zQlOn-#v6q&UFbq)(V$c}a^#1fFBTA}g-}!d=R*hBiEIlCT
zw?WaT+YvTc*Kd8LbX{Jf%IC1y0_P9wC6+yqj6j3@L5BHQ+?l!uGa`BWxlauXp`P2(
z^OvEvesk7P{|Y1SVKO!+?KLF@47~|YY^@wHQBwI?)v!CpS`|qM{_U6dbKwrItTLdk
zl@-`dr~g-Q-tzcWG?ann#pwF=_-I8=izl7h(e^Wb_d%xh=Q*^QYa(@3Ftj2$QLf%B
z)ZO(({pM9Tn6IP=DSZaC2lkiMo~9Ze>*B@tIn6qlnp(R*%nrYIwbg7>yAG=9;hurD
z;)_A2Zc$rmRSEf)8e)~j;w{9&n(z<A6iD(y^Oy_6l2|W9ZD$l#H?#2KPFb;GQKw88
zH)GGAxtz46!<cs<v@Z45`whkLe`84kf%;IVy(3k<A}UU<?3%&0vsuO=I8hz~8k&0x
z<LDoPb=Ek_GzprC^RUNJc)m_WGG2_hIsyd~-~a*s%pm)ol)?voepM!iP0zg`V$vS}
zbr2o0ufWV#=3)}b-<;GgusLfXuT8i>duQCTn8|tL4)wvQ)WXK$brF1I{!~O`QsOr|
z=NaQ{8D$veeTxg8-1t+^kPP_4youeZYpE>!SxRYpaOE2|LL@^ng8(;EJzFw(!$I$u
zIhBks;&!!qP~Foxu<sKgnw`y@dnq_mSv?$k+wiQ0##iKVHW<ef(Q5Ah?!nv*(T)Ya
zN{vdtA!%@ErCU~wlFHmKA>t*X@!ZICIDaFtGML6QKRxx1mC|*od&rtsH5yiACC^*C
zXJbrvMD>vaL&cY&?8R<$0=~Q*C4SqAyCEDuW->em)^1K3N|pQl@L;wlEY<9b(os06
z`ut)OV$%-UDC<K%lY?*}7a4fq#7)<xkcFmbur&>|f7~F=j44!n1Cwv}t`D~G^~%XF
zj|RDtsn@wq%#jnhn)7C-*&A2;W;GRpQxH5MVr(s9So{~nW5K6U`R#eX%*6THC=^iC
zGpZi+&5OuaeXhXg48X}{G&UXumW4b6j}>MFu`M*pP^#(At)2!W`6z!kWBSq}P17v_
zykOnx32Ei@Trz}-B)v9xuXNt8ZewK<Ey#3Kv3<D#0<WEZ)4de^5L^QFf39hFZ*Ls)
zL>4~KB@t|4MgW)rkv?vM8hE>*?cJCdw9l!#xzT9z;`KqPx?V}immYJIrDmuvvwM($
zBHc3TO*d3Y>b{&$7kukVkJY(-*)qDdw|X_UlkU`#Zjo?eyvL07VLkXPb9-jjJ~n_I
zirJ%Tp7OAKsqV}2&8s#(E(mtu$X!59McQa%xCPPf^Iq%cwMe{s9{cZz50>eYU1*=~
zj!LGEPKTcJ%gw>#EPq+fPw1|`*l#8qv}(OHi4NKfR$gZje3DxqSZ$UbcI;;{c^h!F
zSkt1K=ZRclKOxO)+m)%Ql;fK#o7>xLG+*ijzMOsZAIw!lm%cBU)Sx|BjVM@4{#sGO
zztq>}<A1-JjR{JO5d5lBlK<6*oCLOOOoZioc;tD!%gD^daG?U}=S_8bU?NWDY)(wP
z-b?oN81=US^54DKaBy7ajR!&ak!H3Mzve$-^I4tm%<NyD2CkV85d)-@KGAK;U{>Y`
z7Z#(ExBUK>yN0l|2!17ZJlR-~Ht{_A=EUrMne&et&k3Br2fJ9OQ^IB^Iya-O>GRYJ
zX19_|_XvSwG@L&9L^XB}H)<{a!fhBo#j4q@nI-nN1t1<~HJ;r}VBU+6^oq+`jDC=;
z6C_ErC4-RZT=m-8OVih@AIwdr_g!dv6Ku((n6v0BA_ttSYP(ut)0LQIS+vG?BZNN)
zdHe#d2Fw4(?sEZLCx-34$`6ilEh&J?N3)xlO<H$6V&mtwqh0~Vc|QI7_Szc_`PbcL
zNl(@?%yq>JR%W-i#0xuQr-y>>Bj5x!BemL$Lb4k7XG)KI5vo!#)@sg`tz(h$926PW
z`K`$>Q{~i!<qj$RB-c^#wEq3QcP!_dHFohM60=q|c1F>I7A5Wv!!%;j(8;eDJm7O}
zfn$N|#z<)a<whk<3GcQ?lFK$Fb|O~4#99_0ix{xvDN6G1M|0+HWIVxhKA7u!=-I#A
zyBLxy2fnaN%4oHFW1o{_e|hj4KMAAdw}qr$PD@v1IWtMc)-utL`){O#L4l~Zk@=Q1
zhH$LSZdUNVG)jfIWBu0i?O#PjqIY*Av~P-z^UhE_x==Y6yjCN}H4hL{=rHo#v>su=
z*azF%zVboIp)ZqQm8L^fxX_Ia5#6jJ!D0_j?stg(${X^T*r&z6mftDxQa_`;<Y`J>
z_9JYvIq|esot!LR8BZce9Hwrl>(p7HYUxmRU^br|t8Znwp28k`pP6A6ObT<0m7ZBP
zt+e0$jjS8*Wf;2sZMS`*p!A4Epl6~%6RC}uOZ_D16-^HIMg>%s#Aak{m6%<l@nd}a
z=x;fd%Xc)$WlPC^)mP$~JlM%gSKSa<m9}fdHpK)|^tXH1(u)#8_wj<E?6Wu7_);3A
znZIEXJ&_SVTz>i8XRQ-qKOJyE^PnMa-+ioDhO{w^>_~?Y{tWU(hk7lBeM%Fy{juZ$
zva{4MaBixD7Em(`xJa_~?YuuqI_c_S<L!UF8ZXVA&?Wv1TQ6Wq>}No8{p2)(Z#lRY
zBQ~N|9SRm2iM5~46zq8x>$<b5S4`Z90bg|aBIfNCw$|r@H(5se>zEL{Mcw1S_Q=2E
zme+3)*Q<uklNq>LU!Q_R5N5p$fC$hEOJDRX@?c|gy~8PFZ?`JSk0aM~KFYOl7=271
zrmQ;P)6Pr-+m#N>nB$}1Q+iH%qaq2Tk#TBmt&OtVu{Y~0;q$X7otS&~Kiw#%%6K&#
zNM)ZNp{~4$=${S<*xjWjjxMk5`3NuIPXM(Cv&jZ}X4!2ER#?Sli+!Py1CCszAm6n(
zKr5n+p9DP65YYEnbc(e=g-bcXc|t}8OKduJbRM_j#A9b|E|=sDsZ`G`TL}rhV{!6U
zB&&=QBNmpT5<f;Z=xj<=4lRKNrU+GOT<QXMwOeu_3Yeok)z#!A5p8tJhE(<3V~|&p
zQf*@ya0eQlA3JyNGlq66A_ygBbQE~_p|<`7UZ1n7nhgykh`1zejMuc~o`y6d=&Dur
z;=pM;pUljp^&Xaacc&6YwZ%Uc4XqN@hN<n*0=0n?mD6I-R<DZjSBB3y0cP4uQ-Pg;
zed0#0#ANQb-zVo(Vf1UR7lf7Q7gY-C-C<5@#+g57H7}W4lNP+N__AJ-|B&vvTI8NK
z7@C<JF*QYn#Cgr~z)F~*@b0v=YAC@sDj7_7MWZjEL(GsRO(T#P5A;wf<)oHizVp9B
zR{rHXe<Jl4(2sd}50hMsXo(ZJ1&gt}+}twc08#gW3>5Vy9D=!^I1!U=s0Z?t(w`Tq
z?zylK=Q!S0SwZtJ%@(d81O|&@Pq23hD0I+tVa-9v$Stp(M2WW5kgbqz2q}4C?u$M~
zY*A`1=`4sYu21Lxr1)wL%%-i*Th`=_d>Jv^{t)$v)~rRANx9A{oVU+iE&Hy!cXAxL
z8Tx~x11U6OyNPZp(s<<At44V+E8{wCBeOkHOdyuhvkCA{@8ITB9s-kom8)iMLDWFT
zsDk*#GVhQOIla!=$ctA4kYc3r(R%-kls?U$SJecU+DF5X3cLFU4$+fG7`IdG;s^qp
zT98-`dBQ#Zlf(zXdGVdi^XjUhA<YZ$R_fMekdW<M#oUhZ&Z!*C7hfWiUm8zt6SY7k
zCA9RwpnPpA76iYk4Dpj4$D`_QKl<bsal^LEwv*7~Fwyw|hwoM4b<1-sRhH))UL=C6
zesE;DpQ1VjT}~*Rw~qdjGD2p?b`D;7Y-*FAiI*(Lx6e?6j~6)mI967-GfZos#3msw
z3Hv1M_IrTyr4c(CjqNe4Xa*SQAK5Yhg&)B{0AznZUj|ScI0jakq<%Qxp7|~}%b$|)
zAR?AHQbld)VMjwugTKG!KP)-ZJ4$e0ObL%{Q!<^Pp*o^n33w#H)vqB!+LRC~?jxwy
zx^W1)W7A&D9g#~Kxa@TUO2p;lBuo9~sD~XpVkULTwEyMHkwDOvxJK3Ll%X?cXZ6wB
zz$c?w`DMc-R<*@lu%;Lg0U>E$$X;BDdqJQU?C?NFFn)d*pw-5|l)it*15TSltJ2eh
z!<E)8DMYzOnSRpeaDILp+XcPOVr{0M?-WH)+N1G`!4r=&M=~<J%=*McCCsKarJMPY
z#8Av~7-w(~)z~L$xpFDF+OyBig8$wlIS&U=6E<f+)wsX+M3x(tP}0KC4O%GxX&W!W
zPxhWB>+e7E9C%S5W6jixuKh{tyTiHK;;jR8`O?~S@yL<MK&9}A1Y@#`Aa_0*ZKt5~
za!Yvzf~Fl0{Y|M-9HhJuN)bjmf!-+cS$y0!mB@_i4fNmJjq9IIgfFS*sZwbO+D6*O
zB_pBmG02>vm4;oiUIFulR6<^Fk6f}J3B+jAHs-_g@I6jB#4tDK7E&xhoY4Uu781oc
zz^x-%D7!xwpaxrucJL*j#o!m7j6iRdM?}1IK-(*@QuIPjq^=GYWcUTAOH7^wfes`I
zk^ocE$vel3_3wKJ`{jy!*-SGVS;SSm=@V+2#9rYayEkb+b+19K`pOk<AUrv(Wjct;
z!|QVW-_e=>>YbcApFiLW>BG0Zo0Vjx>6IjiA=FHYko)4Z{x5O0Te)R;w7@c(lhx)m
zr)rF?4FEIWuWD#T?QIQ37R(VAOJ|{}8#d_*clmX;1<8A$q!Dj>739~51{r#~gJG8<
z$}#*zT3R#ATY1&)S`M@0nYwYKT5;Lv@K<(3XjtMz5TEmkf#g-1jGx(^1X&-)ud%tP
zvYDl=6;8GC?^Nw1vJKgt29;Z#88kG32}Tz8$lD0KiCWsE5k|tg6pz{#s>c}gGf6sQ
zZOaf;)6C+TkJm^&ogKWkCT{+=HAgHIlnd=frv36p0pQ6Q)9-`)SHY^(cweRL#YO*S
zevzTkcXrF5!&8V1{wS_~*yZgEY#dDt-j}FBXz!Dxv=dSj!hqfjTDc1vgKB{mt*=Jq
zB_rR=PT?>?zfjHe6|o9|wheL;i|lSY7q7G0vL)j6WX$|7&}Lvh-q&PIjjjB+FZG2;
zbWm?aD!MkdZPrgne4ShDvRP5N8lHaM#Yp@&Q;2|d4Zx7PZlQt(rz<DtRuc?A{;S^l
O|NsC0t_2SL82Dee4gKi=

literal 0
HcmV?d00001

diff --git a/docs/assets/lock-cedarling-diagram-4.jpg b/docs/assets/lock-cedarling-diagram-4.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..a8616ba2b89bc90d8c2efeaab50c8a6c2b8245dd
GIT binary patch
literal 96286
zcmeFZ2UJsCw=NtT3Wy2<3J6LG5+EqOqqIOm4*?`JX@LYnlcFH#tAKP!2q0Y`p&F19
zLKT(Xqy><wROw1bK>hK2|94*BasKa|d(VH*z2l7g&5Z2*?6u}xYp%J<UUmQc@beSk
z0t^C$0FE640FE8~06(XXeSoT~+Ze(PAW&V+zj?F)j_Bk~008Ue?FH9TyLQJMdF}M4
zze)V^v$enH@$3E%=qTKsp<kf`00ZEE!1M1p(>plcvp-_^dh{3YI*R;AS=J-W>hw1(
z^b6bl4J-Y^e%>D5M?8kVuonWZeuN#4u#nSl*zPxM@8R`}KkA4_3G3?fE3RMkOXIVS
zZYIV@_cKTTD}Z|dI6w=a_AC8I&qw5*4FJe(0{|!D{&cfT1^}ob0KnzZKivdg008HM
z0f5S$Ki&SciHEJ1?Y{(f^5}XTg#rLJ@&EuPa{%CCF95(`@h^Tymw%w!wIi=9M|!y*
z{hR=<07t+z02JT`um^}8Aql`ufH*+r=NLd8aN_tc`gJ{VL?`J^{-QH<bf@U(&oD61
zpP{E`ID7sq1LHYHdU_^irgP^nTwuPyaF*pF%Y}<a_`<J1j{TB6aq`TO-~~o{#v|AN
zN&5K)z<lO-?<u7d$M^upnU9@dKK8Q-!2PSN9qD!K?}-HfPM@MXdFJ>D`d{9T7XW}$
zM~a_dU_5b#?$nvn^nhc>Pn<kOcbb{y4DUtpL00xlm-)=@_$4H<@k_|csT!FkQU>S=
zm1=NXC(piqnt-I8Z^aByM*WX6DP#L5!67)jpq7J|PiR)7w1)P*XYu9DN71nUstJFk
zU#`sm)^!wc_DI*`%qN%uw*dROf0g;?(?2cn-^~KzY!<~&HD30S_tR!DSsn_TQuENH
zO9SBC?pAq{pf;bH?zRyw5V_n&XGzC1S4&=2tqGtqsaG4D<hK$V_efQ4oq-le*YJ}l
zWaiMru&}PKu%m{|e#&eifs+h*cD#sPQ!Nh5y4PI;^AfL#UX2eILyu<)QI^H*-&4(V
zEePmcCX5jzuYbB$!eTz&NUGCWn(QwS)uTb|QR7#+E&oD}5b=_8RhZ2!alQ6j7I(GL
zxG_eRoW}x#rXVzkOAyPbu+C+^E3f`$d7k8WKI5zg!%Se+dX7w9#)D=S!!a}%LE_lp
z<KveUpVBQbUY1&*`0KWi-lcU2w8V9U>(%x5!_@j6+kVlH#$)YAL2-6d@h<}^rTO&e
zrffG#WPzhDZoICFpvp_7b6I)xB2pw9>l9}P#{!Pa^CP<<wT~>~*2eU+CTIoUd0TP4
z<l?wE3NHj|&QdWR;*7HFOvXSUCnNxJY$@C9lToyeIk*%ZPhdW|n)jWW>1KpL<p{@i
z0ZfAL#>+SN-kd(hwj`23#pW*I5=`tQ1m(}B@jo~Vf)J|E%K|C*Z2kl7Bd#MYZI}J9
z^==5Et-@yY7fCjW9_a3iI_9s}W%8I*pgjEoybz3OI9TCZ+}SsPCJR3+x>b~SY7mAb
zt)I!4%nNCZ#yh+s7Za&ODo!MEb}4>8>W$;CaR28??@Lt8s@S4ChkdP&pUKJr2)|<e
z{KFsGQ8|1dX?hEjUSj90R51DTdA<CR`leIY(7S^6O)@TP&9xh(O!WuR6Cyssvv)e&
z(ac4ja%B>|QBm7VG|ci__sI^oAoqHVpGCXrRzK)V12n6&fP+&pA;}L0B|#EcsaK)6
zjBr(+zUs02om}Q!((Jvhm4i%)GFy5BXz>|feJ(1UIC>^hT~cD8$dL0<bSxte{zK7v
zg5vhmme!D1sH@3dNBaJ|LIBWOMoH9P$F8IW@nz^d7Z1BKu+(fu*l(F3ACPeW!`IS9
za6|)#al;)Y*ZX(25}R$J3O>FResSDn#{OL^u~PWZQUCkh_0lQ(ehaoBiM*g!g^%gY
z{`*CTtz0v1k$p%|tJsh(LB=f+f+h8fTJaPRXgph>vRqQaK=Od``6ykc*VMSd{nGJW
zh)iXnMtbh(M^afH2VA$C5!+omhScqbB6SJz^YQ%iCp?aErazNl3M()8WSJl)d~w)i
zqMvBuyq0&*K^r|-0MEi-FmTn;k!jZ#h%Q%Sc`_>g+J<Pe%|I$qh%~M&9z9+;C?sv#
zem;vU8Wi`g9~Ca1=vc_(+EtAcimNwNef{_^<rQabkYU|saz!v)(%u4bS=?!&C?=u8
z=iH+77Hhe8TLs!#EiE8h8l*is8cpxfZi_Em=Lkb5fTY5PnbhiKxI()^!6{5?HMy2I
z2%{Ytjbo;k+t5w$dHAfq=R?QR;fb!IwTz{eDHsWkMsT`fq|YU@q#x&U=(=CZp(9%M
zWC?ZwFF=f3;p_E!1FQQ};M00ytBs#TNlidec?crt(QSI0s7i%{>V&|739B?7i4V(b
z^Cr6nKE58m3eJBkFA4UK7oJBfl(bTKC&UJpy~d177bzW<9ZGrOB3KFwXUc$%5q<(I
zi04=C7|_$+%8oMW#*8H;fI5H!n&HO5^Lc&Rt_h`(gzNt2$&7sPu*7&EdtO%D*?juM
zn?=Lqv0O@M@hB~#DMH}RHjK&Cd@WufZn2;uSM4WYRp92b4%W>XQUMAnG9jb9djZU%
z)O5_s+ZwVZOS43S@0g)O+e-sNj+O9)%!n*hg7y?B&+CBXlk_jL0X1TIj0QYc;elRn
zD~o)z_8(9fl;q)7ql7O$Erz5b4IDED<&?#I>BEV;e<@}E?!&R6$!n6QM(k_`%~q@3
z3YAMyxlqXB`RegP#C0k=s4jza5e*yXyH#YR(CQGHY1MRRZC){LxpG>Ndxl2}*#qSr
z05P==zu*IpN;yk&;HVY5&Q1lm%V%8E0?bKHbyjFo2~xXn9YMFI=+zP)zAV}n(@y2l
zVZ!UYP|FBx!ZRj@-FQh+>7$Rnamr#yV{W{vDaY9DnLV5GQoWC{3xk*7Z2qW}u!U3c
ztZX*bOJG4WEBZ;iZl@^ij&E%MQt}!Q`MOERTGuHtT>-yTcn)~FIIWxE#~W_*vW{7=
zWnW;)!{My=oxAlI7R-B{Mbn9MiJ4$md{`SXKMtGK$p0ZjLo@60&TI|2$F;AV4n$oW
z!>>G9H*_Y<n&cKb5D|svoVQFfZKU0tG6p0Cl5t+N?UjpZa(2>&A6{s^=nm)M)>~@2
z&Tm4hJe1c@i~&7^cCP|8hk}#&t^HlP92cM4aP)%^HByYWOf5M>7d;?DIvt)Sd_ZQX
zPowp2TAx#QquJmgZGqcYloFTPl3@9aAxBJkMrKO?R?es^2uL>>-@oM$!V43C;`$QT
z5*kOUp?m_ws35AZLzI))*Zf<iuT%4GmpLJTT6H2Gf>2EzPeJ|_S?)nH0fZthXb`;i
zyTW{rQ=gPty=!jgDRKceS>d0jn+S9UatkEtKqggL+LAq9Q)Hmhk3>ASZcpuAyj@v1
zlo!AdfA00nc@wJy1@*E#Pyz|-UB>!4K_fvRD!$g;9G#VX8Maz@PPMem?MkkxSHefj
z!g1E6r_?L*12x(j0~hd)IRY9`sk#~T_46kA+me!!;?<r^h=#=N2Gv)ChRIjbe0|yt
zs7q0r#f8TNdPirro|S0zXA+$IAZQreu^`!aq5}JQt!=lH_I<l5?n<t>z=U;lt0x-S
zuRT$248J&soybBLr-dH>)|e=xTGUh}Qd%f#!mDK|Ge3awx>lFpVLB&4DXU0{bLvsw
z-yYD@J#8^PJJvx_D_@^is@^yi1a9UdBhrNic$8ZiQn@F?Z-$SYTQLp~@C2=nRpPK>
zWjx;dKP;2j1!YK+eqgC(*#p*n%h71K=zg7?_;kUyRizn5Phn#hH68m<CyKvNh4QKW
z+Q#|oB}NOZT4d5YyJ55|+)O{^P%FE#tgq=JSu`=*Y=g>?oSd8~DanBp<85VMuAHGM
zB9(whC?VyR#&WRH0ZAZ<=2)x6UMA*ZJ$Fy#VUOXmpt?w6IQFvzJJ0Pp5kuR;Ns=)e
zypXG>(0i4B2R<Jh$cf(!7y~ovHRs(~4U9&szgp!qNjJz;aKLCdv^Xx7c$aWqq(Mqv
zMdB_Q34}%B&H`N+W-#A{DUgD(Wy^rj!ib66eF|z<yf88>RyyJ4;ClKBX96c2=_Te=
zyws^}OT0P4)6%c4UntEJjJzZ{|7i5C!g6XEc+Lq0r($a=;^Xg)Xz9N&?jBfB;qWDn
zL2=Y%H*6kaIw7ykxoM-jlR9B>S>8kO{vi8%@k-&?AylE-E}|$_?%-xlP0oB7mR=_p
znMs&I;x@Qn72J`Dw);x7p$Ln(59f>4H7nSqS(o-MVm-o7l0#7t#{yh3#-9UYfA&3d
zbLmP=qLSSJx;Cg(YDsb`S7&a5g^4ETVw}30Nf?!P8_>XekF}jfVsOG+E-9ZIM26Gf
zd^fv1y~otPSjZqHMiG<PhJ}4wF|QmYWRg)ZNfiy5s6e|3xrlG?DxaDk|NMLvnQUm{
zhCeJ*a5*bZFDyXi2Ju0L$5mN+OoX;2RZw7`749f83^}OWf_jNhufNMwc-DBfa=fC&
z0^@Yg*#i%WN0-sUqS~Tj;qb5>SuCT^L8bD>_N_oSfzzNUsBBta)qAiAlAfy)gHd}(
zuB`w|55&>OUKrH*=5DdY#biQ{Yj1V3Bpd|gHzAi^u;?)r-_rKq3Iu(FM6;p@Btc{{
z!F3AK5%=|b*^ut*+&2Z|l$0EIgq0lSjQHK_k2HBLlKNFT+tm!eWrCM_BbQc4o6kgD
zpPGexnAs!l6spBkVY_o_v#Jk_2;>e&7e}=8wVsS;+snBr&krGNEv~gLitMAhZX2UM
z5fXRso6fdW?eL}okoiR-nTT1G#rP*L7c6l*w8?(o_NbcpVsFK9c9c9J4q|VHvhWY&
zTXD_;iIvY$OOxr<AU`uxJn$+3s;1rceb?9|SL8tw->6^un`Ud$J>!?0oDu$&6&u4>
zGWqxhz9TcdQwL`6iIq!U(tZfG6*_e$2f4}ksoFVNf5JSa_>-rYcgXmx+o6%$yhFP5
z{&sIg2f~96RCv1zUAEd9qugh#hsh=&9P-TDjq-`IIhic=EhyCFgnulY?;5A$LE!k=
zd4`Y%*9qn<Y4n{9V2aaw!7O?6=Np_)#&e8t9Nz>SYcpHeGlg9C&XIiC4Kd^OYgfYc
zYI4RpQ!TPBZ^+7|8}7A?tyPItzK$l48jY~92lz0`2Es`%yfK3-1XATJI?9zjfo*jw
z9q1u!;%iQErWjStM3{qxjf%W<2~Jtb86mltmS!0@rFfYf)oA&p5KShEa3JKx;i8z#
zWG&Ys50XG&pXmejzODy2`_V>!K)MQ>;z}4OrS68#^u;D~Mst3mBL+2#S&7h9CcR2R
zmX1;0(IA3<t}FMMR}0ncz%<8m4podn-J-Z8Nd@3q4u~1L?WY)6Otp=?*O<M-z)XVW
zw6IPq&5gZxa>IN>DOGMYjAhrU7e0Z9uD3-_FzZ2z|Cn|}U$+?dUo|C_Y+=-Q3Z9ml
zpqTViRo+MCCq%fyG;%L2ld0o4giFi-8Wxr!AhgR|302mP>e{--?N=#w_!RBvg3=2r
z$Hia##8B@)tJ$L>j7;VTYe9P!28h^r3S=COrP{W@HAR}2KYv(rNPBjJ(_Gq>bPo=d
zL8QK$PN%cc;)6SBi_JTX8wue`6)Q7RNFXEjXITm1F`OQo=j*|yhr1-5ymnF-ej9Ty
zwliX%{+!fi=-M2y-!iO6V>?g17i+jqjyFg!Ol64dZ9tGpHSrbge#XHah{P0wgmniE
z$~{OZ%0D?7$8p-kwROYmWtTxvd*?23DWu0=EBAI@TS~?s2)E=J^LAB%81>Krm{C=^
zBp>`t#emTSb752SjwtJBSfrX@pMy;90tj@T(~c#1!2nmJbv{QDY&q_LLTQzVQ~uo^
z+5fj^3M%anOKSFj=MTkrgRkKM-s|L+&$zVviw<#Kd373E)m7b9IwL;;&J?LhQokEG
z`(0_l<sXxnXS&j_4<go5qE)B)<Bd~@#PlTIN1Z+>Jgp}`90X<|;GC-pL6aN?ypGlS
z<e@uhz9x*CCH5W#^O`refZi~8Aw%L*Bj%S83M?dMT;;^kJoMk`q*;{f-Y%1p(uBNq
zI(>M8vmWJKJon}vr8}^xVl>eT1C!;7fO2q#mxFbzbn@6^&!#<cs8c>4rX|;33)-!B
zOEEhoLvwVa8d&J_lN>|v+&W+~TIzxFduP>*0a{)5>W$SC@631tr%=mft{)u5K1Fyg
zZM8LY#H~2dW6)Pu$**xBu^c#FD~l(msA_ZP)l6Do<D5);jcaPw%Tf%SlltR?)h!pe
zQ>$w-7K0=}M)jajGF|$ja=Sp0n&i3Wua}x1zUSL>@e`QUvezIZy@&&19N{pe<BTmq
zdBP!hLlu+<$MEri+pU8&v(Di?zO;%xD)h8)akvugZHf!?N*^?(E^Lj&T=Hre)FTlp
z@!ymgW*cEigIU!*FFSiv92ehyS!t*$7$$&NQ-|fp86tTy_F2P?3cg4LS0$w?GYKPn
zuhL>u0t(8Em~ljx>c*#H(&C@#S%VH;o`3JWaVdG+aFG_GltPnk_q*32drpEL5~Ac{
z)3PC0&9Mr-9H`TNsBhn;llbzi^gY#LMXR<ih044iJX0-EG#!|VJjPQPiYfaBG8?)%
z{Ot1cmaeW#=PsnG)?T-)oG9BK<dxdL=U#beI(l8N(%U<c8ZD@y{XxU2)2NS!U$Wc}
zZ16NlYMIbp2ELDS^wJ4_TlM_jXdt1(J&DhBXO@%2pR=8WrpdTn-2|Ri4jM#%6YI+z
z<hR&n<ZUT1K-h^%#@knR3atfaS?+)wrUZVJL4A0Ls&87-9?cyVHKHDRQ4l4~wX6AF
zOGDq?fE-o07w^<dQ*{^~ytbmj?)TW@GA3F}c<Vmdj8Z~{?(Fg)A9z`<8<N|fG$~As
z&VhyV_=1An;$yhNeNfTulg?-jBrcKYA5&-BIsa63%004<5h?FcVmgOdV>8Z(nD%{#
zUFaLiu}+0*O!r#oZc7+(V33QHb!lksyYF##OsZa)V}%Nhfdb*TfWyeNJa!w~0)5f0
zpMcSuS1k-H<btb4!=XmZBn^KY?z@9hsPKTK2^k{Ilk2@V|L7+mnqT<uHRA-VqiWx3
zR~<d(Mg4ke1mZDoF<4RI=Eq8wlJG2p`=hSt=ldk^3=)5kfDHOe0I5T>pj&ZZ4H||P
z`^WOu$T|4(Rxu%cjUis)VmHunV@w%7qti>Rn9=D|tN_1(E`_c>YXY*kB6w?544(2O
z-|~uzoT@szwayxh<0)38zZj14e{j<r{1DIo^6xqw-RVuQ?u{p<&B}MTd<heWKeC5b
zIv2A%`j+9by}a@I9auQqB=m>pJ?hIdkKR>WU^6_{r!TmXbn#Gr-AT8DRZ;Muttz6#
zeOH9Wc?q`3EPN8CTA;1Qu2+JnD3fMp32$cRNYQ=lvrOk8+Nu5aA;$9ZQn`83J)`B9
zxoOi^JwIn@A=*Ls<ttsixiecu{Q9YSCmm^O29d6Am)*w$HEPAbTux#OZ^FbVC3~$c
z<@AC+gY~cHs_LlI1$a+7o9U7`7V8CI8v&|sclf6}I;L9X92F%7{NJ}zw;!+-`9@ns
z1e06Lee~r*q`t8?dSnDvcK1UHVXOgghb*2hpZ#M0=4Ua*H%4lGG~VM=QCz#43Zn=*
zeLG8-nYeyMhn}{%Kv(}fIq$)@0BypFWqoDMp@|ST*+AMNMFhv1Ur?l%o16wUrYFYt
zNEX5aIftvE8#=fo-pxll851KnZhjVV34JJOlGZf_A1Rn*!-oK|?w;al56-^q_5ULH
zoKN*CKcb2GJ83e8eTA{;g2&X|ndJ>L?_u!hMe#gum~0J@nKL{%#b;8F*j_ePT+3*X
z|M1}5xX`*mQ;<_fnx0-8HSt)HY0<eik0;bV1WJ+yk|<CY`{Gx`iZN`nyC+LHB!r#x
zYWrO8*V1Mqvs+FF58mg$Tc$kpanp-6kMQzU6xI`umjKo{kc)f>WmEb6{#-Q+cBZkT
z69`3#_yo%-mR-HaTiH)dt0G>+$Ff7d*YX!-31}ZkBS*lW%W>PSr4W%WCDA+M79Puf
z7MG+Bzz3W~#yM6IS#7bfB;Nd^d2VjyZlGJ)hBQ=;%yxO8nAD?JS!V6o(BM>G|4uXc
z-QZ_4|GE1(o$61jvITHHHY+$`s!Cf*X2}{_S-%7opm@Rz49~5gu8yi|wwl9wT6Q2;
zN*vT0z<2zl=`>l)y*D~+^m?U?qRW-frT{?!6sS-SdR5tT$mz<8=P6s%xViU?@T7P<
zyHEO^RK7?Bqq-bN@x*vfs)9^nLY9tmSM;g&CXld^OP=`+?coN-I=8Ri^s+xlma+La
zHW}XS&go|)CWyGOv6I9=92^DOK)DKHqzO>*flH@f^W~oa$<LNkO*ZTaEAscu5s^>c
z6pU3cD8o-gBZOH@jwNylNT7i=0sI&gRAO?;Fy3^aSCHb;|Lo!p!meXY$9JbF>+mTU
z@Ab@+FH>s#CxEz<^6^19*O&lFvmDJ+d)|}9TV-YaVyk^slBoKd`>_neUiClnPr=i5
zb34|&RqyuI3s6XT2$zxUu1aPW(~krc`7}&Ikg>bG!7)^<_0_A@b-ty%S$Rpv-cc&4
zIEzO<w;<=emf*gIOdx-d5izpUK*a&ffsrwrQr~$p{?M@bT@p&8?8^bV(6-vG36b~W
zb)ub&v$;U59rc}R;wsVk{!U6XgEm8Y^?{!Fw$n40B<c4pyJxwc(2AsQ=bO)#c^M(B
z_+@&N^gw&{7ZwXJSYZRT&v7UX*kSX>3c=4+UaS14=Xp4aMLm5cSgD1Thki@>iOFF)
z`c<Qsiu6D^Hn*1;+f5_+`1ytjE{ZmfD)<FG0uc2x_8dFXFtVSNCWM0C$T1smzo?&F
zeT`bMiuhKR;HvI28UlhY4B4T>#JNo`ao)GTKJ%Kh+=OahNfC#WCocdy(}j^K56Tln
z+_susW{@yFiwh1g8`B!PxyIOw$^Ab8ukVwn5+Mct?<-To&3zG$!#HwWXi7m*m4!5~
zhR!`(iG(agcrHC8fjwAgk3aIIPNUh%L1kGjEw#{6o`Q*1h}J4J<;;Yq-keiHCA8~^
zzDVU$BVZN|gK_MUMmP~@OXYjhmXVK9I_D_CUy?-~=UoO?_h%Ipiw8^z(#C;At|kiv
zHNwJK&8TYM;995Ai}zFZ%EOPGf<OtkTLzmZ@Aoek49y}3IbB|M<Jj8uMLab<@Kja{
zq>(JuBnviHumIuCYiX!Zn2ArqK2&Y8VH!Ntl-U<ZsFuO1*CgYY1}T-6K#9IANDfTi
z%?Rua1fC>A=*kcDim4@*>9Omr^uu~{CM_n=KEc}KFSR&~_*9nlp+1`2Ftk=5CNx|`
z8bdzc{#pEW;e*JX$DUV%1^V~=UW-qZM-@8VDKRO&!w{uyW56+Nj&24j_Izg(QoY_O
ztyrxMGejX`=u0!yDfbL6ZwC~<sdD~W9GTUc?}cHd&QKA~bAyAgB@*%1;~bW?3Z=nU
zRKGi%C>s~?<aP5je)h>Rz&Bbjb^z*sa>@G{bWnrPm$-E?SVIR&(l!#&Sb~AIW8uPk
zi;q^)Ub(-#*LZfHPOWTtsNTrWVG$H!o~O*9mW;UHltfR(CvfWaX9Lk$DF!Rty~nOs
z^I$Hq%BU~<oUPbVt~CR?7_s=48@=E>+w}t~km0xT&2m3d*LAFLqetRHt{rUn&4<N+
z4pM-oM~tSq04fARd?bCk=SSQ;er)|@xr7hrEw;<kwejWp3R%6#T*M`o?%KSz7lRo-
zh1fS8*DV(1ScZm*bYSq_DGrwS`owl;&vGQ2dy70n^27d1tP5q}j%{vmsd;7Y3dlQ2
zHwquZa<;cJq15VPcXGwFaUrXN)(ii_sx_QylSx-#EOzhfh;O9C6``o)>!b%Qta$0F
z@<BH+1d?~fr~oDjC!kRFT4fTZ29+;sPE{+0h`yLjF%c8Jp4hEFBn84s5rq1k?(j<t
zUe6_J<<Zmz#VqeITc<1N80A2)21=Wq0=yLh6gVMgRzm}Va%u|;Zv1V*=?xEu#EooU
zlbwX3G2W?ozWwWtHfUsh8P7jhgaX`mXnP$#Vm4}8;`%I9H*z68A&`XGY5PYDQ^$S}
z^S7w}(PGu<-^2VZs(-M6^-uNx>#XluJG$ZYwLQVE>R~%)Zzk>aL>D3r8u&13du}ib
zm-<^FYD{Gex4yE3<=Ptm9z9o);3{3}bK6sZd}fQ5zTDgS6A*Up(lf5ezE0sEtFWH{
z6`m_@H?%~H4k#jrdmVf4?%q&2di}0T-JqSntb6Kn<JBL6A^VTTt$*XX?^#uUrL1I)
zR<b!GGDH8kZqNQFpsBaPP|5b@rOdOB_EIh_0h)i~nwn~v-ty{bsD(H5M3qDd9^agb
z{Rz0J_WkyH@Ehxg;y(e?&Nlfc*nVSs_PdG_uWvqQ><PVfsK>Z{qUGYT2VYx%0>ZO`
zUYs@io$a3~`DdQ|vvmElp8PLvyH=aN-LSn<I2O|G{3Vca^pUxndTs)Ghu9UnBq?V9
zmj=*br1L|Dx^`exCR%PF9GK-yZjmYwMB;GxZ@4%no5nBOA_<SqJ?c7tzJXS3awz{3
za1(3IF7A|8Yc?j{(8BX4JYn+n;5%&2rZIE##J`GhnT14|e-<0u>2hCx_9uKi_)z61
z0A6kO_4DDIe-)z}oU&(s&`Aj_=Q_0g6W*1!`7?5*f0cVnxqqiQ!)w*XwdE(^^6!|*
z>|f*mr`kt`|KDcqEB>*}aRpM}q>(W^9Y)jYj$T)Nd_UvIoS_A<TTx4V{NmNW=hKix
zhH;C8c=Ti=2j{Tou#ogg-ZMq5(jYBv2MrCKdDLCGaX}#C6qTDc7CGLG%qq29*n&FW
zqY#|3b=xSiUHe_%HYJsHO`D2>zht*?Z9j4kvV2qc_;0gXXTDrYPM16VOl0P|B(Es#
zuCWOx9)(P%U6nwIFK**4Jw+sbU=WWC884hqy;Uv}E;@tk*cCfJt+Mpe1hXCBo9=5-
zRHUHeDL(Fap7X*Z8||iC%dx|Z@OR2*qn>#k%|5M9%rxnZHF66xd0ui%*3~q9aj>4M
z%T|^h<)A00&q*uUs;uT@u}tW}Vc4dctON<Ovx8T1H4shgv^HaqEZoLcL{I0aZ?pK?
z;d{1B^4*n^d(#S<ql2w>CJ8Qr>NJ!MMi~ly*vAXK&TiFZ)iDKf;p?S68S6>1E-$(A
zAZGp(T~o(Sde1%NZkfAK1#H#i0`n=h6LJ@Mj9U2yMecTk@A2IL(ILH#ZQnhO5Z77-
zPYv8~tda|gWM3m8L|{_AOKcHvd$q#t6s834&}ry9STx;?Gyi}-OaeM87t?04qW4G1
zN`lK9H%H{y3*G!ibd#HFI<{PjjOGU$W)iY#6oKaq{4XmGFpfKMGcI7(5Mor+>qh=%
z9t}K{1+H<ld4f4meP)N>FYIt8+Pv%jmz`+c<mXpC+rcvrq)oGBNTf~ZO<kq^%d~!t
zGL_E@v2ZOjg5q$1=QEwDBE}DcKR^ZWPqR9q!uIv9W8D-P-2(EePRCvR7Y)57qDX4W
zC2ayOr5do3eDj^PJiX(|rAYKkyhYUOZvWO-K1G*;de1T^ytLTZAc}hp2+sH;Qo7%|
z4PN7oC^EW()j{@t)ONO!N(nM|CKJiE@x=*h-wO|Atc--=tNv`?5PK{i{bvfwnt@Ne
z1W=h+5=n#FMku=uZTx_NULyoh*?YM=jtyJ1#;kBTeBE~O1jF@$^vL%++?XV!<f7%3
z4T^HdM^j~?C!OWi@D=7bPH(Ue@8j-A757fvJ*cidUaDH}vMX{EnQu}+;Ix2q=SWrd
zui>NJc|l0SGI%(H^~aZ;aGE0g1bJBN>bT07<t?}z!Oqc*f;L$S%O=&hN(sB73)Lfy
z4WyRC1V94)l#N)jV0yce5cW{f(>QW3%WW|=;s;w$I)=uq@9*8#?pWXgXVR!-^nBTu
z<wF)y3A`<O`)`%yxJi@jK9IemBne+=db_f+<Xif%q1&<Tdm9nxoTSa_Z;D|i8b#sm
zsfAiE887Y?CJMj!o8YhO@!w{KnN3(;%5Fxc*WXqD!S>?uugXZzw3+d_&kfdHa(8BT
zZPB#J8(O0HHRtB#P#x8(#JIdO-JhfBrCp)UNMf{xQ<htWZZy_Zyv{PenlVHj2Nmv&
zj7w*2<i4s+o=ty14BO@#PWGbF^&jWZpH}%CZ&fix^GL^}YQIKNd7c>sk+^j{N$i`R
zI~NO+C0xwt>6{9f6G>T-&zYRA-$B&n#T2``SR@I9RThaIIUPYDVg@>I)EIMQ7xcJB
zjsz`=vL9vpRpknG?@`mxk86}d6NV763GDn#dp?LEZc6STmS<B9o&h`Bfd}>CyAZj{
ze<wldAfV3+;$FQndbG-w%#g|wYZ*_^Vr}8#uO6D{0|W_H@F%;_EVp>yHzkLfq&g23
zJu|PlkpgVI$9;pR)EKXiC=4*pDU`MD?R^Ut-k2D$GekK+{4X0Wr`;IwS-VbN6DFCt
z=#3}Nv3bjV<+8APHzTYYoH7J?de0Z1L@T=iRI1r7JM+Chvrzhs>_ga^c#%f+%O5j~
z`4#O#1!>udTI2Hr-MH)OQbiB)!&3PqC3|D_nXZTDd!*Oq%+_kvKf^LuNTapbUpDJe
zDwevLDD~M;;PwrTc&8zZn7=cM{nG{i;S0&^ArNwRm4^u|tZL}6a9e!1kgPO7F0U90
zrz4=b`_-shPE|c<Vyw~YyGMJZO`CQmwD=?{%!q30Wu`Ov$jNaF{B$J{1T7HMDmS>E
z-_>Kt^@%>$yMCE{^*B?OV-3Ep#QfHY-p=J1RJzS`$KldYs+?2S<_Cyn(=f+8tXOVp
zJ`lO$MZRwacFDFXu22N(>*Yh`4=$uHA1%o9_Dk>&<LQChfR+3+MOU<{)e6S94omLB
z$|EMSr9FT)^pf&$zN+=IU=G<V-Z=%0Cy+Vj<U_KQBz*5l^;o@gWytn3Vc$ZLJ`&BY
z3x}}Xl07HM;L}`_*l9Y>ztE4(G}E>=0|StcVOgKy33m2l&7GP%nQbP{-XC5m=0_X#
z{@C_jvi=AHq02qm!fM(mVx@U^<W1M3u_kLZf%V9`kF_P7@A9L?Y)ctVNl5Ioa+O&P
z=65f3M8ywLz!vZv+G*Rzsut5E(j7y$hSNUuZ02SUM)Dvb@&ycDNbPPH+i5=aHa_S=
zi9pnkvKvC?SWL7p*}bvAvhvFtY1v*3PJgWeCil5&3tIC;Ab)4UDUVN5g0@9__sH`*
zX#I21LFXoy2TDSW=fy{gzupY{!?B=sD!!uMjRCWxjiw}X&eUbb3rf%kDIYwduV-;!
zjaWL*|0Zg3TXmVktprYSuX7}TrAMj30lxVw{OY;eG7W5J<+KDdueDJ**azjg9rVlV
zs4Q`4AH=x9ra9^-pmyua9;!71)-sf6UjEtq67f`fUbg|TY>~nzNh)sr;G<%!|Dp#$
zzFzRiHkrq6GF!7UpS9DAF{YX`f$6y}d4?Yu*H2F`&B4r^5f1j|0|#Xvi~F+)`Zws<
z+f?;z+QjuG#C`Y#%$Mb3%rjOftw&F{h9Y@1c9(y1;^Jg_(Jm_CApX%f_u^=SFWRPB
z_Isl!KwSA>pWgn-BJodwe_H9kq-cnj*mc?S4!-^&PZ{@Y<{YB*^QRDUly$qhuXJ@`
z0Vfb&4I-6Bk*`~#e*pf3$0(1PjNht=ZlW;<oU(f-{)BWx0BM7hd*$7vq7~<lpU(dY
zx$Xc4l`c;A$Rw7O<~(}*8^qrIza<)aGy0F3QL;-vCJ(FsFkvaa_&V~k`{4KbZ}*ND
z{;d&F!TuP8kp@#G^nssBxEii3n~64?p-8)|p%$|<Muerf1P+;CLHkHPSX4Mjf?xS`
z|LtSzJ&I#jOuuGkuAgVOR5M+PAYvT$D*MwbEPN`c23RrgD7leVXR5Gd8T=`@HOK#I
zJJ@-!YY^i>IxzGyMRa^EVnPmYXK|#QT)1E&ke4!&TOjO=4?^mB^0>g4tS7wrX@L+P
z>Sfy*wG2l_nZbHGB5u`e)W-JlH~L1Agw&ak_cD2!)WWj}Og~Z2M7#w7zXOjjE<$TB
z17A>?^GXoOOzMiWom$s^biCBks1&T{!=?wQWetv6`cQj2g#%T)3#8d2`PIXe;V8?k
zWq#hBD*sX2P<o9<Ay+~`terOHR>jt_&E*)*hr&)=b=OMu!^V9_UZ$b?N4-b;flUH0
z8b<gedmD(YKKC@OcV5_~=2By@+J4flbScYUh5FlQgQ`$4;w_GYGg^CG1Gy>5x8Je=
zP`NUDFt!uqkao)?=@x_8dW)aXmuAg#W8u8d9T7kfm_N%C)nP8p>6d56%{Q(AaY*+X
zfi-pSFqOZXNA)B`F8!gK)6bKODEi93wXG9izHud(3hnllAOF(A2ir0oiau$@=Y17z
z1|`YMOUr_AY~rV~9k@WU+OOZ4ru+o#$EcH~4q*Q>c;Sb|Rp3aPI~-T<oR8gGi;Q*O
z*-PqvzQ5VATiw!3*>{9}slMA9eVj;ntICTX%PI86cj)4YiQ%r%8pu5B$sgUR=V&EA
zdWw(}1x7Q)Y#-Tcc`68%8U^9L5380Y{U2!c0fqQ)6$scEuAOx*wY?ekYDTINoEU~B
zvcT~NXCiUuozF+4$;{L}4Oj=+duRo;81GEd*DX_}wliuSTCgpweW3Ci+n7N5QU6Wd
zxxkbRCqb6`0W<cJh)s5jcDXXP+0AVvliNrhpPC4><vpTM3kJFb1!kSf!^2$LQ5oth
zaWkEN(7gzzs$66-3}NX{N(JH(RuB!xwxi|d(@iU+*wtFe9Vg12a`bK;CtDxE7V(1W
zE71t&Q8mtVui;b|bnLrf%PjP*2t}G*l{`?k??ao;C9A#Y{UpwiX^^KC%c;nO=R#Lh
z;$d+7(Q=WxEbZ?v=A!`ywR@0%=v4Tji4L2Q@U+GJ5^ni;(+^=%ME>8Ij_wJz4QZCE
z%g3*NC7(PRaWEZDe|Eof;U^%(`P$Kt<3v%?>9fOWMJ?-IOqA%tS8E-O33qmxd|5~|
zG}H%lol~8`wRdfRU#4vcI&5rOvtVKEn%$8-%~;k`Rpk4<+V0_bIvgaW$t*@)f|dB<
zJ)BcZV}R~;G_WsE4Jg#3uK{XnqiN2a76&z_r8Ii;RY3=Nx!+gi{sgFIiTJM0zAlr(
zp|@kLuJc*!DsOwt_&=mC`$)CFSwk#GpQfi?1sidB7I~$O6h?(}X;*VnW{+QtEu`)s
zx^@m12P4Ib^jf{;4Jx-wK#Nk11=`NfvFEhm+R>=VZCB`32!2`8G~~mw@$1*ScXz*f
z#}{weEPgz7G2|kV_7gDZ{n~m$>YL>@?cR%lPw*K*Zke<9aeW&|TViGKPk`OgU|Sw=
zz3LH<spy?u@6<$HkThfN=S(Z}7Gz?u#3D(QQrI7_OwJN;%ne5Qb8Lqd)q$<ou_E;6
z;jXC>B=n$&*Agq{X>q#5J(JV2%vq541r`p8Tl|m|Tt;1m$`Ih(D}<a={Qz1s`gpSK
z#Q~R96OqbQ<&geG{8Ys#zDY7LH~KR^gsjg|6A$E!#j$9|h7L2zetGM6a28T3)b9q8
zQV0=L22zoa`#+UDXz_U+6>FQ{W2W7$BMIa*-q0!CA<wx_Mk78_Nn+~W5osw(BoOIZ
zgbu^#l5tg}C-cTQ61U)g`8^=m=FXVX?AY;5;<zlhRxio=DJPRyBz@~8Itlo`WuQCM
zSYv72^JMNJ0S~t^S}t%OGVwadw;JpKdqwJmsOPBVNppONZYYXR>?_nkd%lBNq8qN^
ziTrx(8ctP-!S2_ND;mF%T8YMqP%}_@{mZWm#}EgY=Sfx;hS}FUJcrM;pBku|TJmSc
z!wHFVfk;wqBRFV`T&|tlpcd(<(WYI`ukN^8<2&Xi){-oc8sKw1ynG-i6|PlW_sstG
zX|ugQN-ychKbSPLT2{+u8!@J$cRDxQ=bCK|sVZ1KxKR$cYROX4Iv39eO~!3pQAA}v
za$0`>qu8Lt!T=J2f>q>i3c1yN2N!H=)0Rf#h`2f;kZCJYm6;g~;**3X?_?mf%X6w(
zTv5cEOTJYD`M@m4qgIXoS~R<qAT#?F-{+2HqoJd!K+ug>VbvGT)%A(f-NPBZavYa<
z*><6Hj@?qh;S3A0O8>o_RafI$0hSpnR)2<~>XN%@8s2z4RA(*4)Jk-*Qgc9?x*EFp
z?0DT_h<b>Lap-JvzAZQz3gnCmODcs})@78A-aa-QWz;yg=*%t~?a@x{0OMrp4O5<<
zy8$h8T+?;B@KJ;CBJSB0a82R_b8g+%OS`4-AH6LYi>;+T#97Cy*mzL5pCwB^NkTkd
zM)GX5yQo1Qwkr{=Vg8|$0HE2`{!AYKhPnoE>L~=Q_!db;Y5UQGAbYo?gO2|~XMO_M
z2q`9ySemlT&^TeK(deU1yvgS*Ko7!2<-LtrX7pvUrN|7>6g@!*1ma+yG@bsgHAi3g
zkW2sj(GEA364o_#Wlm4CPosVd&m#O7d7|ZtzG4-(ZkybO)frda*+MtlJVk%Z<^he1
z`b$lhysh}scg*CN@Vfq#eP1415K~@I*!?_@(uIMD2D*U;jZ=t|Ma_yKv5+*AJ(=`<
z-v6`F#ZTP|c{2Y{+AjMiVB;uNTAw3g878Ce=Y92&Jxbymm=fZ?>6T0Lt)~SI**wBZ
zBL33TnQv(y`;M6%6IwT#vgj*e{c$e$N7()RujGZ{h)1W5A8DMjJekw172*!5Gu~53
zJxXHEJ8F(K=#X3Q$f6!Bv1~kS^_=SlpO)N@Ec%b5Q~KS!#|w{}{BEk>&C8HaZ}wZx
zsQ+f(qxS{S`nQ}p|66Vz%}XWxo-<0n<>vqX=-9$bSD!}T$G5YJ-m@RuAxj_d^dzn*
z0L7n+%I)WkgNzHYN2fT-VHe_!5^H#Y+ZSpc|E+-k|GNIiJ>h>Rc%Y@u!wI<Z-8-4h
zh|;5OH1M@s0naN@gXzLMf1iK<B~5S2^{x5+<SX8v0ES*o1gtdkJ5%!JsfO!q{v`<F
zgi(JnmA@VqX)vBy5#C`O?AW8ed`l?o$x%;SVXR4d@zYaj^AUDs`H@W#_6h5ck<3I8
zEI~A}5of;fV1b&(_u~nzMffAd-rhAm3L9BG6V(lo5?=k{-IKt}B&(9gd&Yr=Q9iS;
zf_rCh0LCp?wmKG?t~MZ(jtAO>7^Dj(e(_fI*F`AInmx+sCqSId_~z5k$4yyQGDSbo
zekQzDo=?dun8!ra1hW%C@ygPpF3`o|;76kxkBk6|+wh%gu@8BC<N1}ev(&gkdfjR^
zEl@Ws$M`umH#?0$f;r{M(9+=+v9n3$5nAWyvqz{*Uko+vhF&1^1T$f7smG^q3XE)4
zY;~zP-pXD#(ZoIwI3;Q@>#79bCE*yURv#D7B9$C_Lz}EtPXkGP6XoK0bR(SLqVAAh
zV3ab1a?tQEutCQFE!fNlg{|l&W1->tITqUx;l9PM*%D*I58|bzkggkN5*>0zDh6{0
zBw>UEx=Z1Vlhl}32?Kr>E`m#*{8C*`x|9X>&DHY$ZH@=ryd}x#*-h?;rQ}4cYqAz0
zZ*^}u*J4{CVRBApE&Wb{)sy^OE2(%H_~_Y5ID5Qwp4B9jLm<qLB}XsM^qMxw<b_r$
zg9Qeqfo1}>q+>O+NKhjVp{Sa+Hd}I?&)pH)H}6!_uIzr>9)6Ik#*;DUxTBU=pZQWE
zk|Xh134iZt{a4%RPHmb`W5lXo8e?mkNqmP@+Jy`;%^28h3V-W^fKJ5CQ7R|BhE_$i
zgFi;`>f=}rLo6zP@5csCA;~gXrby$dQ6Tg|zC#&SuLV27jc@>+ra-hdwrSh^T!=LF
zh};1X&HVZ3hoDR?<A}UwFT%T&2p7}2EoZ5P^p1^$Jo8Ouh-Z=8gdK^eteGxtd=IDi
zM2V=Ws?>$m-e(n!^s=CZ?JzGET)M__?YA0oOt|U?VQ+Kr``owaD&cJH!^Gt}lL3p+
zBrCmiTUv6;5{G%kz##N1`xxw=Ub<ihGO2F~CQu+OA%WB_y8ABy{SQ{EKO-HIh_((q
z!D*GSWMT>w!^(s!SfU3mkV@HxJ|N?k!(j*#ub>8r83=LE%DQU!$0ut+H0vZAy1F6E
zauAIek@xx#?+KsLjy<Oq&)Xz3AX?3xmpBDf;Do==MH?j&k&&mFZM0UBe|#Q#^eO!+
zml&O;(-WRc%YI7cEaEGSJJgSg&M-m<OP;{k(H_m@SK&m<sBamW{oG^KkDQey4yVoN
zN3JM3C}?_h*Iid+n870EvW;DUM0~u?f;t%!uYBI^S=NG6R?Ob{_-ek@sp7ToInNnv
z&Vk3=AdVlxiaMw{ykTz2{qlX+`h!V=OI!n<IG60Wcx9ukK)Yi!Ybm+4JdfI-J2GIY
zg?K?TRK<4F_zp4U=uAY7Hb`4$3z~`l3AiEj<HqcFiY~6@22)ky0M*^%i_qIY^lD#F
zjI-iBiP|^?kuYG^?9Bm;cO2U20Su-cwI#_vt5APn%Iw}>oWbK3v2x#4EjoaI3RF^&
zUJ&t&pR6$*Rs905&-1KP?_<A|;{4~P%AVC*ISyC)WJ2rE$THgodlNz6xxO(+!+t%v
z5DrkbI}v1|Tft|XZwA)xQVh48Zs7hnF75ELvvKf1uLN3w?MT}pxPnE(!Ox2oh7Gu9
zNlmx{&cs=qP}r8_ywu^PmgXd`kQH>ITtb^vp>)ume796$Ruv|3S(3-OMrZ}-(i<1r
z))lGO0p(cA=3jJ7;QLs;(Zl7J%j{TTmnWX?nf^6p;Zv==>$NdsG#}KNB&+N!0hSTk
zn#~p$p30eWJssq6(4_J(SF>bB@ej!Y-^09di|(=9@zyxEl(XSXWa?1$No&&ri%5f(
z>+R>s$?j1<IB!~+GMyHhJ43^eR72-vPgDWh@B=!0QU&wLXdQdFvbP65@L~1Y=Jsax
z;}z?Uk}{?nR?_U6wmZ}BUTR?%!3rDgD7{rj1|-6Yv#qTk5)Z{!sHo4ab|oWX<jXsg
z=Hac08Z}R2>d#qy!zP$Y?Hi|XX-By+lZ4lTg2Upw(fqI=Xxz{Zi=!iyL0#X-qa$p~
z?<Ug|a&FNf3s^u4Y8@xS9)Poc0zlAl{6_rj8t{_2&}mwcNc1FInV6<K>&SzcctrJ8
zWNK8SZkvvTsRqg!1xpp=HVtWuE0^4-T<Y6A9aZOZ^n%%atLO_X(8=N~)_#>{c_!c1
zU8-x;0HV)%CfeV-I3uq_x@c8=Ywypx`6oJAIKFQ@d&_LceO~r*VYo^4R$g0B$;!tr
zH*u3cx&HI$uaj6n%j<#cH$N5~1Z>QoLi~rJ!m1L#)e!yPl-`Ocuq*s)3-p^Xr;2*(
zHe+a(PQB>TJE7r_*GU$CfN2Guq-Gy&<FAgD5Q`5UqprJ`5=VPOUVH;FP6AFQq<!a$
zoB8S`$lX>!?`bIj_FncidCS}{1$3yi%B|c;v_`@MQdRNoj#(tdR%(j{ci?!(>&3O=
z_eY0Ign#?U#MA%PUZE7l7?mq%A9(^Y!T)QxQJ!2PO5+iarCvP;278Vq#%l=Gmc+IU
zX*fX8NQ3;g<^|ZRkMG5NxBoc5XZqxXP0o60<6N_e9>d4NNs0nKry6{7Y9=-Mb9X2$
znB0%Oz+}OahlCdCof%iX+5z@G&*AE`dr$ZvuclT`?DtX1f9=;Xlz6(RRzv-t>>fhB
zVQEXcDfttK;RV(Yqe;LTxM8x6m_q=kEledx=39!((JXUoC8ubL%W}TSM6o5C8G{~%
z!b_}N`TT7$`(k^pp;l>bSXbN=zCqYH1$*~z1>>)U<sbF||13q*gP>O~tRsjB;^j?S
zJx9;kmbg(%^iCoqA<Nl_10)Ph=HPI4KtZHUzy1(IwcX<=jUuD4r>Wiqx&r1tebc!w
zMrn3OXG2OlhTS_p4|lmeKJKJ7)p>f1X&?bT)yWqt7B*7`Vwth%qhER$f@8^W43Gsn
zQ8@EsjYrcBaA)bKqxQ72*7e{wj#>nG!yB-A%$NPfWAaW+sx{!#V9_ta@d-%zR`CQg
z=L`5T0c{wZP!{YuD5xW0omy88_U3(G<KfFwPsUiq`%N#Kma1k|go3;m36<P-C!AGz
zK{4_AQMha2z;eAaVKvWgqwAd4jl67w_-{n8`Qr;Kfz?yxdQhVgqlcFZ;GBUX(8LI-
zETMazn|xRs=eBj_1J$zn)W(c64dO~2{%%p>+BoBv`HKtqU_UM<L33a^Ee;>(#?t^t
zn$aL98l<l1MPXeOOqDCwC(3mxpJkTe3w`J)Sq2!l{xEb1s(1yMho>^HiD~7}ynk2a
zpXc<pH9^z>r9(l-`e_JrZOO$LPuCXq1Q^ktVi^Wo&m)Mjoo1u<1tam1hgpX8_w7o*
zMnf_=P3^*2D3->(I9}a>k3vi1gpygTmQVhVhKOG6y|ni~0To4|bV7rvLqA%|K)cdb
z-ZdCd#q@(F5p}q~J}#J<eL^0WdGqS+5}vC!LpAJ@Id_}beSB*8&qV6!jw<;DL<cWY
z5-A38Bh1XM;EQe5XGt~}W*EMc7~YoHE1HsAjrAz%*<Cp;{wM8KIj)VxRB$<u!i?C%
z!Do8(OXa5gaV<>XvADg$8rPIYx7_P*9I=(eR0!mYw|7n1N9&iX%S&cv!~Vw#$1lHs
zQ;T7RQ3mghQIdx`C;BuJ40FYKN9}9l$m@v}$z|kjDgPI3+t|~G_yNqHrS>;;Oqi-d
z_;!Bqd+N97mZJl4Zh@eUt3?O0n_N*Qw}0dN&%%>`*~b+Am!*pTFwDPJz;H8`kFto^
zJM7ojO+^2pa=*80e?8#G7`tc?t86oA^L*?{;a{g({;ekegD;Wa1&`6LP+FBNIhtoK
z8;C)2#wwZACiRfqZTkYCK_#>i3mX-&IysO(>~1bVnOA%$6@?2Gx3<PeJxq@Qj}=r2
zOKT{Ql?xbRFav%N5-vr$m(ts5#b|Zg`}_{doYqxuzb>&-Nt-Lex%7iv>xdj&(F(M9
z^96qn4q0%{fp*UlxBsW7m#oZ7L`-jLZlA?nx_HM7ThnoNTlc{r{dq0F<VA`_?ybC^
zfd1i^fyortPP^tTNTq0zUDEBGMj-2b*0$)Dn4w%0nOv!Xr*(C0iJ?#^Il@`=-O+?m
zN}tOe(^Z~w8;{8%1bVB5zaw9ihLKiTV$t#51;GYUP6f%^&(9MY%4$+Q=k<9DcF7+v
z(B5Ax?HGSd!L6Z(iETRc5)vD_$^IDcp8%(Q-H3?;yPtq175<-qhd%+|!@gMMM3sJj
zysCL{?hO@76*<ou5wXZx$y;bo#7J1Q^c(jJQHxS2w}gHST&2cHz4GE`=9^_?n5-Vj
ztDg|(dO2`8<@pzMp7w}B0t;InxH;?b$mJhq-y6r3vAob>Pjvpy@0s-*rvFR#g{A1;
zqCwnun~{d+<97e=`q^*H{|Wee_l2(cxtHSoByN+E!Tw7oR&vQYhK64>3dCwQIMwJa
z5Dq9(65OCD-=*%)9uM8EFv&gNndbZJly4?QZ&Tt|GbMb1%A|H5K^qkD!#PC8wSr<>
zVV=8Lh7sATZ&uEDf~-dRlDlxcqTrY$+f6KFKCe6z@-WgGA)geTV^FMB=`?}3KN#+y
z#gnl$j{{DtkfS-NA~p-Ww2{Q`ZllwjNq^)Fu&>tClFfx<vXxmznc21rWzwOlI{M)^
z7WtK>d2f|1Mmf~Fohlbwd(l<Dwlt+v#2Nq{UK4groO8D*fmsG$WRlVrSgr_*LqTCt
zJ%(S3sE&nA(2F0d(RwZ6LZ8|m+~X1)!9$=jra8(i^SPR@zAZT*&sq4u><3RTiqh<g
zy-~f(efSN%p}2ZqkoGVFw`v;dn6>ce?gC1mWG37-4-@7JQf6tXb)1wi&CnEcEuPaw
zHIy<DsBGVb-Hk@a8E@wwo`Sb0Nok6E%+foW69z)&n!~BCLZJ^E21}`M6$eVyi9sL7
zF^b=uI@fg3vB;DHwP+qajBZEv-R3_Ah_puJ3Ub^N4J}eT`aq#rpuZh@+|U9?j*y1$
zXVqd&h0P?$=B(8DvYcq(Iai+_ILH%AZ!c*%%`A*&4}8en$MU(@O4V9w&20VhUOXQ>
zPZ^dHp=VCh$q4&grWo3OEke!o2_#(YL1IYNx62!mMr70FDvp=ydXD>t7)@V_f>ISY
zb<>o94f}uC`_8bYwsl?XqN0KnDWX6^4{8WS6ch-7gdz!{B^0Ge0s%olrRZ8p?+Hne
zASjR!0t5sSI_gq-5eNY!fJ&7js0gT7*3CNQ*=y~6&)MfW_x?L4e=_GBbI#0+ImS1}
z_`dgjzu#2sg2V7?lCMvKfGqLMgM&6Lfr1!9u3yZ!MVbqdX?`&>%8E4Kh~pMH&5WX!
zPL>DQ>)tZSi+0;QGy1S2awxSmIks;8QM^Qu1{}4wFLFtc1Zc5JQsodo8Sk-Eb&L3E
z>d4a5EibWqHQFlbXl0M9M6fQH%?bmGyrqnKzwt%`t~NtmMFn{xX=g#TTTS3t#7~QI
zeh$+@^QT9OSw*+?PRi4w8eq}HA`u_UMxwbf2tDcMr`IocGfva)qO<X*k!LokpOEA=
z_^3RbsDXnu(yaJ-HYsNO$AeD`Us1!m^xeUeP3pt&%=2p{ADEnPsWF~M$?ARQKQ9<H
zMa)L&p76-g{~pA3_8WO9urHrqmV7y1gA3Q#=a6;S8nPsS1d<C){OwqLGVJDKS+8eK
zum=}^mFsCx5>UTE7P9kdq^|Oo+(J~Z&gxU-b()HxQ!Kf6bN!AvBHULwC)j64I;&;|
zzdiPS3w97ib}lsKB)*fcXek~J9;l_hR+|g|(SWU<EwMjdV8P%OqK}siWA4lZ^K%o6
zy=iEsr>S=8E0jcDBtUvDU<3;DJ<#dua9r@+W$4(G)kJcMbW8qXo5O4oFS<(<C@x|3
zyU08FlRv!_Y|_Zu%l*pO?3nE=d)D|!c%FO11O*m+t$UGbFG`Tuq;B?sC1H`cDoY^-
zY=`qo>JK|#sT5x99PB>tb&j}{wCzG4a}LxhQ781G<`BgX_?_x@df{4RSApr5m@#9)
znX<X;^3g$Uo}GW3Vv?)$>~aCkCd1CV^xo{sH+*pkB-T|{nc|Jn!}GDp8Fp^C%s%8u
z`W>7StT*ml9LQL%PJ10ihWfHLW#W>74X~%wD^Yo!)2a?~S)ebA%8S10+^Eo$ISrj4
z7_+}~Xla}CUrpq;zs5x=A)rs;RvW*1-IhYN{YPuLoqrCJDwhIXg5S!VjeMH$UCUJD
zFD@y^zaY8(`oqG#oqvIM7XBq(YyS^t|JM%ub$kFiz2!Yn+ImuR`*i((_;>zmH~zP?
z5cPIj+Lxa=Z+@QZ-IrCtd5*vN`CoNXOA-^G(0i?K{H^@JA(^ZAQL&`pm*~=I*4#~Z
z$tB4<Ha^Wkoaw$c+0}XSLz-TGUR1;bl~Xb&7mscMVXrI9EPf-rVDgpvK?}LN_(l_V
zRKWcEra33gRdi~WPLI^B+4<p9vcNlYf9{B2-1)v_W4K%d4jwLUPqxWnN0Y`awRtTP
zFh4)KILRtOCo9yqv1NPB_P)jieG4@iUQv5VGg{v*sK^lteFCZpMi=Vt)swgdGFoED
zD#k*0)Lby?$^ffg?G4e`?2}tB#{S`!(OmfrV`Lsmt$X`E65#aGl_W7{319{A`O%3S
zW1Ed`X9-!8GJn@~oD{vrv&oL(nCntJo`HURfN@$W5M1m9$ubb@5HA2ll2Fkbx}Y7k
z%W<Mz>i1@0j!M;o2XlP_;4!fk)rv!Al7&cm8eGU1@iBVz;_?d}*N^^?#nM}|tk)qc
zTOhB>;L`ioSnd6GGw-1oln)%h)`S4hJ+?~*Sr%4hhccrnsbTF17A&+Mei}T*bg|=8
zoJ#5uVPmQ}W`fin4Xo|L?W61i8^+-$RxVp!2H>p4h;m!z%J6GWjjKN=Z&kIXp$gE&
zXbo|-3lz=m1Ie*YlV%f_txZ8Ym-cSJS-TOSw%*j#hP}HgNuTUIvS8KfS@){&9|)Zr
zDaD090Q7UcOftPnw!U9h!T`809LBau>;m}2-28dO!Id>8^=)moq^*QsQAP@6s=;9G
zbc5r8P>o%zg}bZ1vNGQ;Xd^ZG_@<hNPg!QP**#Iz0MNN?u>>(dMOrH{f0%%}h!ajG
zkB^)YpRr8jxuhJc#a!$%_Xp6QJW32}&$>GI&05OM4JxSXmDZ@+_3DSmF;1yNux80b
z(n2!%jFKhqM4zY~zt*DA-jYSjAgH$FzK=X+32^!7=~WP65NcM45l<rnh?9f%%LotN
zS|%^j8O;djGLrpt;#jgAxx6mr#OMotE^&pbwezjnRkzYd*<F2BNj0WrDAycnlF5}#
zv9sshoZYkH_DO-?=r-VA46V#B%?mJKBCr)Qo5mW*jIwQ$eoczR@zruhhT6a69(i)b
z_}AB^u2pYNp~^lme)DqxJH3Zd#G5|$L=Qje^SP_?nh91>KG;#CKgmSr)~WO`EgmQ_
zdV;nqm??(POGtI_>a{cg9xlfbYBi;PP5o6u4i*bHLwUZ0nwMtVzIWk%0^)sZ_A=ZK
zYfx9u6i`h4YLf#$g<>ln(-)h(2?f?ewze8Nn2eaO#Lytk?3l6aTTuKvU&Bq?NJtwh
z=gzulX>?)r*pYK-`>{0YisS6Yn(nE0!>X0=%AukW^>9PVQ3)dNw5C>9IMZR1fzt)b
ztP|5OEd!~|Wp`F>94}2aY^NX#Ml>9hUocef@%<J-zumFR?aZ{~ohhKEU=uhSx`Ss^
zf)rEozy#rZyV}wAv58btxZ57FCAR>_dH)rMPAZp`oEkqKVO~Pm$woo5`29h#*t?t$
z%aX~d4UaT7TtXQRZq^R6zU%DH9uypIouo3n8wW;;FZjV=XYLq3SE6|E8$x&gBpT$6
zJC&WPSzh&NndoJDJ|Ze`{%H4?|7HRIcR2X>y4X3SJ6X4}J>q<ARUhm%6J2Rt(5+Ha
z7RD^qhFxy7fJKt2vRSeS*V285VL?Q3kY&M|g2!h==BKXY76CdcOjqrNj_Ag(x?h}{
z4cy`)c~$IRLuc{tZUzq#Fy{ml?S)F3G3_egy8G5R6e-J<u^S4bQycNVBRdf9uO;6;
zcdu-cVOeM1@<QYLnpb56MRD@bfgG8^vzp%!!z-B|x`;7Hsw+8ck1>(|J^g=c=KrA)
zz%<`oNsjUuE}wWMU4?#dM`KMbOi^q}eKAs%-;(?Im~rFEkozIq$W-5Gu#YG7UD=A3
zb1h8bbC;{hT=nwitfFM~-B3KI!9E8&eAXqC(#XrqLQ*dErZ`GBiswH-{?hj$Z{6kj
zt;&`6J@@4GzNWG2-hIQfbZXE{1h>=|9X~50Z@2LdqOl)X0L7uuK9T;>UuDIv{E1*U
zaZ(^P>RH5<8+`JL1E~IbZhfBhab8XUC`qfap2fjsX^!<No`4kh15X12p4LXy|2ARw
z1NLY|+3~^>>NU3Sx((AVIK1S(v!#%E;GZ=Jh}xUtelyYieNtu9tEwC0VOXOdT>9j&
zgV7yY1=O+nlYG*iGnm_SjW$kR`!g%96VF+Bz~^+jWf#cB>4ke|Lp2wb;!*NMF)!dL
z_f4t0OXhM~Ezd~5%ZCAMnfLL5TJ~9t7+}W}Z^wRgoH1#?>+;Ye41Q`+wAksg{zNBf
z-e^2zgpkAL0--gSn<c5FXwJ66*#p>!me5H^uIjTV{x$gZFMPu+^^KQl14~!Od_kwa
ze?o@!$>Vh4wPQgjluy=L?~D7<ddM6mW{+u$jy#@=x6cZu*rhJpR=BxK1Xw49?1wK+
z$@Q3lB-u9?Fn-o1GcO-4*G#f(vtYFn@oLV4M=7FT{R%H$J4Mg0Y{r9!K}v8HFvx0M
zsf`gL?`NA5(&YNkU3#L&FTM0TEhZ>uqB{Q<l5+<*tsS9)idgWotnW-s+!z2$o;%_@
zKE&3HGqH7<<S3R{UwTcws4(V$tojNjb7+&-&5=YB$)f(NKhz?j{zmY_Q60pFm)^&S
z!NodkVq_Dn_=WlDE9IG1y1FlePEbjMQIgmcD*cR;v$%BH`!E#Y26b}G#{JfQ%08%o
zp*{mEfe28Hb%dT=YL})8p9cqn!MejnA8w>PuF!HX)12VEmj*?q4Tb25ZsqnqTC}_q
zPi@!_cnnLko?ahaS)SjK?J+e!$#M&tkp3|iib={vc%>i{pqWG3y@_3N82Ebv!j!S+
z5&146>0DyxhVD2>;hK5%X}-;s3zRdoKy|G<y>XyDfTXCpGxa3+>(VsL%8+N-k~mH5
zbM%0&1sA7s?t+l3HBc(Cx>HJjKM;1Adfh-N7&bs`c#a731nJH7rq-2RPm-6Ot7oCD
z$N_~A&2P(TunHSGJDC9I(}%0F(NP&FM4Bp{PAORM+i?v4p#$fdhV<51Y6@6C>$v)!
zZjT3#g=$F*l_sr};C6FKX$ZIm7R6AE8)hDtn-O*F?YjC=^g1R~-Qh}y*DmQ?z4mNi
zJgM7$HXF_b?G5+AiUQcEJILeRbJcDABj+Zr!#Y0}IXX*Bu~ai`f1OxZT|9Eo?BzmI
z%eU|e0sod$F6zpU9kN<UJ==|K#gvKHtR9xq(Q)nvhV+UGk(EV)U|JF^KdW<5;x6n-
z_tw*3S^4AG99Vyz&m_pC<Ve!)Aj@k-H?t2HViX9Gio-y-iVn;ZNhIbdtOXx{1f-uk
zI<`aA(;16y&_=`#!wLr>JVA&SP);5Pm`(!_Saw0iWge5ok=fv->1&DtN@T3eVm8n$
z7kV!_#;@sOu{^)qhaxKj{WPA^t%4GT#+Knq64y=4UwoRzv{jc%xvZ6BTi87a?t~(S
zy>hG#-Z*$Ty-o?AY%9%bktf}8Wrm0okDpNNxtkDxXpt)^taL6I)|5GW{hA)^xIg__
z{y2_M9pJQ?3pa}(Nh4;9_!|Q~DX1xGU*)*LuH6d_ItWe=Ya!h!;82%;F+4~&32P&s
z<ue{g%33>o=jY_jRL7oHDYKMpofNp>7{a&;kI6tU>4BM9@x6VL%K<?7SQw8+5SlV^
z_A9qUt^y}yn-xbrQ+;U0{qsub16Z0vMQ71~U{R@dIY!xyEO4UULuHjF(OHN=)ks-?
zKiQ+rXU0!<lz*NKpZM&y)g~+0hSubbJA8Ok4?~zAlgF8%qtmP*G_r565Nt3tWO#*f
zp$x0H=nCF^V8X+_<kSHWss3JPQ{{K_u+}?czsljOL2nE2Mas%LF`h~L_wA$|kTW)#
zY5-0My?;Y0NDU@%w2+pV*r$qH=%;1$2rR0genRQX*XiJ0htyp^1P6rYls~&4^e~6k
z5B+9MXw#pTPP0jZa?~4SvvnRRq)7A@%`_PieeA_H92N$%q~c8ItYKm}%a5e2_lF|2
zxO8!J;+0?ieLg1q{_i;bHJ{%$Y#1Ned43ABw>0U`;IIpSiHuU*ZX=>^F8y5l-aaAq
zkIsjGIxh~HLZ3j>9M%`B=JXS!dDNaH4BTHALGrU45#o*9eS9CziijLkh-_1JTa@gi
zSY_BGF~ckg>#ULRrB@_lhsyQLgO^06hRY<AcNs5nBUlIXcAt^Rr-0V0hkPq&EIe3w
z-go5EnO_Xq=*7yO)!lgU`;-CIix;v{L1CJ@fCf&6d$ErXVo6s;;o+a^?4NA@Kg5?1
zHGiAoD!BZR)>SL}maz8rIXHUy%>$Ps=i>r?Ys(n)21h=rzpWGfUjPOO{Xu^k^T(@W
zqtb&68{P;GQ*;`1h?>U6<i_|ulr)cYccKPBO$M9zxtk-W&Ms8N|L`1toqbC4q0w6v
zg;y_^ZYfkC%df27qZ+rU5{(XMh>sKHyn7*W@Ze&MeM>ij$Cm0OU+IlkX8#g=KSfVZ
zYbz0%{IyxdDafS?FZR30Am`qxi68|%LyCC)G#Lj3vBPxvsfl$52Y)$O<ao8hB_(me
zWy_YSQ?=*#>pkEj;+iWKS<Z#@Nqr9j-w-y`Y48|Pdz=KbWF545cO=Sflid$0lZa6+
zxK^5XAvHO#cLl+aPMb_?0d-8?+~B~$a2h7SQM&Xi%)3@(`xVXJ%Kquy#PBE9W}uW%
zK2dtd?6NNd28}(EWbG4`m=vGYZ+244%mjA2ZuR7Cl`H!(1>u6L_*(Zmv;0Mc*;C(y
zfmK6+DC1O(p5jRED+Gj~GGxwo{$-Er$#li#<fgSFHy-yh$HVYHO^mcX-WY!LvM#xQ
z7sIQyFNBl`23zLu*u}Fiu6VgwxMg1x3~AkaTth&vsG@#$uS}}auNaH16C@26GK;YU
zxw0P2O?sCG;^w_~FGZGNXP%C2*Lxn;a_tCY$#=J7xbzX|mI9!`K73eVBMUF=4RK1M
z@P)#OsRhe|2XdnwUrpY2MCcqWpRoiP9cxgP9|c-`t;)lPDjV9ZBQv}CT#e6gEr(<P
zDY{aqOuhMwNO=FD@v&zwYFRF&Fk|MU3Ct`@Z<$sEN)j&>cO%cV*SeZ*Ii8zF#}ezI
zRssxhLvm@R?aYhs4>^5bGjtH#5XViQ5zo*if7WCxstY!3w9ivDwNd$^L1HS$S=T8y
zs!+tJD|&h&FU+=AvX-F6bDqT9l{U83onaKws|J;Z0J*uH19zhNS<1Qw=SZhlG6?fg
z7QKus*c)%=`yK~W&!bj-FQ!hYXVM|@xoRZ50XLoGl&Ct)+K|5AU;T9ZvDDKRZRr)u
z$;Gtu;q4DG=oGKfn-?M0B}(!4BTQ-6qn*C)gWrs@M(HjMw9oufPAfk5e6x?`Ayk5E
zPi8LdHIS&WVNN*o1Nd2xlCB_it_s-rjBMuL_4vPfasO&I|L+FDa6_U*^8tXRm7dhz
z-3_J#5&n6CC^4Tb70BukN=0SJ{lG7wfARaOU^<))j^rF1N(rqB_1cQQ8?tcijd2iK
z@||qCQL&GuEBVKP@$mh2)3b%j$WXBSW2HwG-}JtX)WtZLY#`d+h6s7lyh}~ex}p}~
z1Cq65qvd4XaS^H?e%W;mB;p<PXV^-PPs$Eu$2B0E__3`k$bo6^&!wrna}wG?+$Qsh
zT~uVGi~z#g#}vP&tD<%&TdCN?`TgM=Kc}kI!^^Ve_`V+506f6uFncK(U^tQ->D^`W
z&V%Qtb+VzJhnpY+VI+^~gHQjVVnqKE(Ed9u0_Crd7d!dM-Ci%(R#m%=Pc|M=%(ZZ6
z(=i*F0&2wA(>Zk#wzpZRB5?^G<180b_r6nx{W@T@6!P-Ddu8sh5unryS1Wj1HxUp6
zdV#aklf@xKMMLlth2dvO!eDf!rDL8mbI8}Bz&3h3vJ7ZHt>#7H8QIi-WTI36-?2K1
zr31}*di>6edpjydTD&&XZcW&rR6U5~xp$-_i(5nJNSj7%iZ7U<=}oMYrKh8Kg)!B7
zkijE(AhE@%wsZr2Q*)h;C>?nachT=&NtMrlqqL-V2vh8e9FCrRxr7I+RxwHJ(l9m<
z>lF!E(m4Y8YL{Cr2LN;BiDL%tup|?IQy`Y_iHaz57~q%`?C!u-4xE-k5o*hxS;U0$
zLMdo&w?b#%d1C|x7(XhOMP3BYRIY%phYpYge(cf)=KyjOK284(yK5C6V@$CkZMJFW
z;((=OACm4sO3s2i^o+z?vtLD*$X^57lVlktpWYi<5sG;j79P2VuoC7=`zn5TZ`1XI
zRu)fC>Qc*(V~$L@q$*Ek1u2zI_?MbdfCST3C~&>Nr(5FjyzbzrBlksO8s^8Od-IIF
zI#)34`}|kC2B4m0rCZqgQ&-6B4)ajIx`6`m;g+td@emuJT&WTH?(4Y-RkzMe+0`6g
zPWs5K3O(E>b`>R5D!)iA7EX<}dOH*9_c-$=pA&jp!{VGOHP0Cy-9j711&!4nEVVo_
zd{MnzzNP&W9LQj40kQy*1-r_kNZGnFKdpNCMj&Z746t<)uh%5a(ASp3l3eoiuv;)A
zRooh-!T30J%<76A5kOI-zj=2-gf!teUU<tX;X?6bHbpT(^WJ#bs<mk_1jXm9<22G+
zv9^GLA_Ix393m;q0gFbw9u9wIJ3pBo*8N*g=)F>wjb=cHNUk-@UvLH+sT}1fk;ESF
z1K@|u_@QN#CHE$A*6@|S;s@Ds`=jg`tYDKh3=RNSF$utgn-qd<)|GXSb1@q_DayGL
z1t$hJJT6~|71-k)D#HT8cu<QC{h<_Lo(e17Z92k*&AZZRit2Quvx^Put@7*aAYh}J
zMEomNIeZArbUiAGa-{uJ{L~WGfyHRCSblQybdVjzuD)`Nmp&2c2uB6BDhX^a<)_+o
z#C9tODD6`NlCtRR!#pV-lQj8G0mC)%H6!Tg&NrZcrqYYNQvB9eFX{@DOnp1BzSVJO
znNz&nht;Cg(!X1(aegbXXo&^w#dKi^#-$<E;8E18e7DY>L(=Fq`Rg{Nj;}EdnuDH3
zjo45oG)OC?8)#mTiVMHD0_a=lF{hRAt--p1B)F@T|DNqkcgA4;uZj$<0(U#Od5TaH
zvo1{&sV3}=OK@Yofz+?zIfoD4_y;5M4+sAHaE9%UIVK@jFP4iwc*cD*-LX)WW9&I`
zKHEe#>#fYrt*1HPwLA`L-%63q8vgP8>$Nw3)=T+^r}(!6f5tut8BO)*FBS4tT*%g<
z^n|8S%Cbu07!0f{oKpI1fM>6;vQ?D+Iehf*K|$iT7xmki7AGmlPU+%Ux72U6O1aAm
zF&5n#Im<%4qg!v>e-vi4Tx@xrQJ=v=InH8Tji`<;@lkM)+hG)yq3@27|In1z$}}IX
zr)!~>&Wa4`+7`Grm1|t_FR1vY9;Dn5$R0I<NTKx0eD`~<VXt>ze*U{i-?^z6@6+kQ
zG?>jJ!n-(AVDYXt+YF>{-GN3JoG+2a+}kJ&wH3gZfk0?<=k9iZll4G#yl(?o1vRKj
zyv+KhlN{U9vInVRwp3la%pp^<4)gq=ocp-wzC(uvy2oZrx;ln6<8~d>dw#x%K0esl
znYP7Y962o!$$(m^IZ^6s5J_SMZ6#^y_MP5XWgY!TB@qz#ix;+vaz`V)y8so~*BYaI
z(i$qrFu;{z1XN{9K%r36>R<l;_5G(KliE$O<yz33KYyhRyj*U{><Jgp7AY>}7H+<+
z<T1$1p&p!0c|JOvm@Dl3U?;kdUhZaG7XGFV5cBKBhVGp=$sC}1Sr%lYgD`9Oji#qp
zWC;Wv1is{n`HV@N(W3T{uDv?frWar09G0A{YHa((b#KbHj?S6SVJ<MXy=Cu%yrZd&
z>#k)bsmKc!^np<CF^XR2hoI1+((=0)&$5+Y68%$cX*6>O_*u!q*Mn!og5;B(DuD9n
zG+|mf*8rdg$<IN@5BFZzW>rJCG_b`c(`P7l$}Bxjp2*J<*ySeKZODlk5oOczk9p*o
z1a5`FjRDEtC4MOVl14o?r=G;`F(2L!UmLAlQFto%*nv5$`Q^nsy8U7X8n3&M<poXb
zNvo~P3!xN<0*&ZOMzj<f+2V&X0o`%k-D{##dMBPB7*>8$Q&eYniybPzq}e#A{va?<
z!_H(B2nCYDE^VF+qBDZ3dHD6ESxGbt1^?26O=I{_)Et%k;-r(6O%RBbpHsctl<NsN
zA(@#qpyWE*a^~ew0be!^)gb1es*#-=PT(pXaYNnI#{t-_2F+a-Jw0-@W?7KZ8=F~j
zX}3);3*t<3AQm1i9Vk}&f`Jn5dedVA%aJjX)3*R+1j&-KWuSd?`;WS+JeKOGMmJJ&
zpmSlz)fr2N7r{iO`W2$mxqjzkrpI4ma@Ld<s&$snYub-Bv%kF6)H?F^0&X!xtPV?*
za3DSaka|#q^9pv1(K^(&lMU>^x>s#Y2%Ldi-Hepuu+VKnB`AfWu6lQ4u9(Ms#-<lq
zA})e<6Y80f78(bom(k40n4UE3t?X;YItnk}x)?cz&})uc1p)CirtQ9a9acVA`@C+~
zf~cFa`_$W=g7!+Pu|kTE^xUdC1NoB1c{K+bA_xJdNFa!_)Z4q28HtY+kAGs6XENKB
zsgNT&zfgPMoAx~Y1TV?)j3^dLKMsN?{?Is%v6;(W%QZf%F|^zOE(qaInY8W?I*r1K
zhVLfDyycDa=F~h8cCX(0?pub}0UD_Wr?#CcsQ6vPV)RB^0?v(JAFeOjZEIHPkOG!J
zBC4~B!Ds|Ejw6s99|0B-c9KLq+N_>)@K@_fcP8}7%KYNXk*PGD8cZ`Lld6SZwJd7>
zt=J(Qa@WoAcac)F!%?|#js;7GkWdQs|0IjXg^b5AsL6y@2~y>X%Iqaom-wuZjy&ax
z`q2aX0Lj<XS24p~A9!=NK=ol@LgW>AZLL2PN|*R7zHS@1_R&>)P5MH+e(TFG?Tbvu
zJoaz7=)&i0(+vAKai+~{IKt*mAhouWmxY@Y)IR{#4EtAudrs5L#RcZJ`cSfxD1ZUn
z6qi9BI&~P4w_lS>kkZczc2~2Ge6(H?XjRdqT)9uf(pTMg6zOo;4%qPm)j14$k*3;h
zD|egqDc80~&-%C&*P}N0Is1aLg@6XUCF!hScByeFF~m|&;~Jef0MaxgPak2C#+?d3
zi0Cyq;A?v#CKVHKj?1TgyKFQ<rI3UUjnpI7&S54E2iG&CXBm4qBQ<)&Ps+M-?o+|;
zN8Zb2t+B2*k9epr7IxQF0G_6Z6(S;`Cf)P`t!oT5=^zbeIKc{Wlg<nOWt(g^Vb-}a
zK}{9JOU`)S_juBg_LF@6SJIL#^2N4J<weJ%)WNcbK6h}V*;SH7oyQ~XR5r98)IDh?
z^>wgLF=z7Qk~7Yha0nE>n;Dj->7D42XcTq7P6+WC|MDU;<I$VHH?4o(|0{X~!R}|6
zm~Y(n`{^C>7Xg7kU-B>8qJ**5W4nhsE4}7k*0o{khxMewq%<=o544C`1LR9Q)>HuX
zQIhUBU68c}-~}BLU6ldwM7s<Tx&{}W(;C-G_50jsHQ)&bm+8DEdmpAs<6Vb~29@Nv
ze42(j$}GyQsqBn_>NFJf(RTxp7Bop(mXhU0T3)mCIy1iE&(ihyG#_kz8GyO1wY7V>
zHSURPli`hSeQtwYL=2|JcVzK{G8j_<O?cQGKW_H~L#7jN!&9lJI@zA<Nn&V?<)R6`
zWz(Ih!e(FI(|Z;hw~Z6_&&Y-~81hJk0~_$5OF)m~w^?pwU#|VU^s>qX{c!%QRVCId
z*Coj&)M3!Y5utX0bxeH4fqe~(g|S<+_imQqa_|`0#fEK5^H&<>+D6<18VLJr+LVR8
z2YO@R(>N+lHRTv?-a3qGsnp8S#IX-&0UKeHw*Xd;lxub$@GF9)3S51u_EzTpaDOrb
z*qJE&q!7hLKL112|J?ym6Db3NHR)&TP-gtTERS1Lg?07(ARfL#$LU9y@}MpS>62+O
zt5lp)A`~P)qTOZQz<R+8-8@gPC<_@|ym^v`8Mx0zDMA$LZG{fW^B--SU#!BGMFaaZ
z!ttPyfhK>0$r`&RcG5z&Evxz>cq$Y;??VR}`-kiUD*2z+&_s}YV6Y3ifA>^>zq<q7
zHTvBR=hxTh&af`)2@Z@Ts7fbjvh<z{dY!DcM!2%lEpWRzEhxSBE~0Vv*^~M>PPtza
zi+Fn7;QhX8xK+sMr9(<cjkNkZ#$A})h=*&}7d#~>Kux5C;F0K0g-4pT;fh5bO>@^B
zr>^&Y!M_OsOMW{|*WfTt6@h#Zt1gRh{V`eTMvX{``^bHN_jEMJ8>y|3ZZZuT5MSVt
zEB4&aT)J;}fxCl_OgF*z;^mbxok;puY62_N*zob6QnCKQll~7<vHo|9NZzY+?XG4`
ziH8a^5cS_G*0|#!2@9S{Rv8R_yGqkM^mg@4VrXF0pHjz8oqX|?`nt@4{r%UBa+@;8
z=Bgj|Wsv0CcjalP(YaXb3?0$NxwA!<w#VMWH9Z0KRI(p7e4EAZBJj@d7Pr4+)LoL#
z|4e+D<yj&;HsbW<gQCzqr~$MWk`S!(ZGQ<LJ?Mv3?dsqQVj^F6SGwtLA-K;^eAF9&
z{lK8o7V)4H>Pb77`0)b>q!LFzHisc9U-_p>`Gfd914@6q>gyTy+4;(z|KCLi;_6ye
zl^eA_u2@~S=4?&W^4~=gLbJgc8q<hz0yMsu!{htZVd3<|{!q>k%6NP7zrFnblxXvO
zgs|Ufn#>n$G})C{`DUe$S9>$sfJNcVw4HvQfXVb{>q`^7L*<FqmG4YL-EZoH=A?;1
zInZ3|kfdrlV-%^V)p-*d*dX3k;8Sxw_*$nArPSbo$_P(H6&doJbAW+vF8Q+6e~&g%
z|LIs+^CGOo90{g+0wlb(Cv*|l#n%%j0x*tsw%sGz+80UcXOJ>+5y#5I79VMz*22es
z0%->Dj`{M>QRSGm3_u!#Iy!4qxR^ax(%IMZP$YG{-aV{G=y%+8*)^<`;3tKU!w;Zg
z-|yTUl{(HyMP_1vI!m|Z*rlct*Tq*)?x|X}syG|f&BizdnrtngOU;VfD!TOGZr1^l
zam`C!Cx#kwc9OL$&kqC0S@0E5io%t5*T_o}8r1TJ9}o;C;Lvp+85N+oqYm24mDZV(
zJK#fo;H9?&R;c^bE{z|puQdFM;^$d%atxMH4~J*EY$QMe;H$JNTm*!r0sn+b`6HM6
zX&2^^yeh&dXt_Gh6fKwM-k5dDyZYIHyS$Br<a-Obv#@HcD3ajA5oGCsF!#D<dvEn&
zrA7mDVLf$tHG93s$rdmy|BHlTgtOgRUIbWjTFg$PLkte5QKPqdJM!euUB>*N&6^eb
zM!|bRjbz<QNoA)8TFt`&bfpbiXO1f|o75sz3EETozW=3HTkV2#S`Uf+g@2YBCAs8i
zp(_Z5)VX^+gBWH(XcE!<mWYRmeK6<+gS90kre|1kY7_Mt8ye(2xG?-#@!rr*1OglR
zKnLuO3Y+lBJ|5Vh7;BA6<=C+{RZe+1s}y5z!Ui4oF)J#v9k8kXh8kDL(S^oaVSp()
zv3?Rl1r$Det}G{5a{RDHI5t~V5O&Y8ePBb!W{K}7cV9q4AYNidpi6%UY-9-o!>8mg
z9eM@^tEli({mIS0nX~4W@@3qgTs18p!g(GjbgRcfWve1#<9Z!oRKFJKMZgB!->34?
z?k_toa;n*RQLhYqi3C12$D}t@SI?sQn+_zwL+wDWiW$EUBgSChgh0eX@Y{mLw>xyE
zlj+ILMt&DLj3>d>v&l_1PDO@|QC35dvl32zJO>s&U?2s>-!0hgYCe5?_vF!M>}*2d
zueNM^b%^h1Dejj=W3U25pDD>K0&F=AbN8>IN#_AQrd*dZ%41!~(ls`v7h=DZj+~dg
zS9Tdr8Yk2j!quDUD>oI9p`)m+UkE35$cDH<zIkPT;9BK7SSmxHO4Po9ki|m<@%9!!
zhtdm-@?$Yeeo)vY@TI@A@_)a({Vz--=wJAxzx?aT%g%>f5TlQ;N<&(La(guU*lyA>
zax7%l6zXj-ll)!vet2JEK3Oevq-YQT7wRV}&#Ehe442<4I)1JSk4XGu5J<5z`qn{-
zdFSq4_&=fOkamHWqXuREQ@TE*!f^(Ar+x@$(`=(W&y+4*RkQh?6|)=fc15P^paxvm
zI;h@T9NmAwM|CB@dQVq`qu*C%6H2qJ$`&+EZq*h<`cU)i=wFQxmrIuIN@FyEL?x!}
z8Bgi^;h!@!zrAd1f_nLXSDe}(8G~Y7u)9!fTVbUU4nMW#+uc+10I;IwiBTgqwg^-4
z<ScgXl2@2%@{|%B4$L)EDIb~&c5P6aGgh`<)gD<-m~<))f2)9^a!WRZd0q68njdi;
zo;TJiTT;q6=55SlF*DtdH+3rhRfgt&T+zNlSNo7k2`9=vLBmPsMQ)Sg+ias_L2G3r
z_d>o5Ex<4H>rAY>2>v!KQQ!$uq*0-<1^?gs+RoB<9Ws=ru(PB`bHNWu@2xiQ1JpuW
zoyRrsul}BH8u304)?-PTEs$_7-r52!0$-^BlxtkesSTC2>X5-?6_#Wph~jo^kW$cf
z?YqvVr#Un#DTGo&88r0m+Q)ljNI}?YHf$5P2jxf<i2i8N#@R4NvI~<e8uqEE40NV)
zb*fd4sMfpw_J~9nAZXMsW65;AVCN-Bgg{ppyf7%XNg4z6Zj!8$<i4K0;3R@*#)OQ%
zI#>4IYiZ^1pIX7ch!g!!E3&-XuXl{`_*;oEBoTlaDFiS87-1G|q_}ACpRC%soT<Az
z!%8B{GG<2mxDo@o$v(7hi9%zPPf~>u3Gx84wr11YW3DR_mAF4>Iy|iT<gS}Kg%tUK
z2qCAJ-s-9tkHTA)iRB#cCe(zlZP8A5c6_OAIQYf`(Oq}M`Pl5IfFMnkTEdX}0Yf;j
zomtC9V{7U6Giw$VA<ISn0-k!6m&KiDUe8kb5y*-WfsirG-!R_WAfv0R_~zf6;lF%K
zXmx$+8QWJBJE$5MfWNz2`x`feSDRiisrvX1H7G|q4Yb!GBMipSkjEkmbYyiJfiAaa
zLOrf!zBQ14e4-8hBTaRzupa)q$o$Rcqm|v?_Hy<)YGxrG4tXO>!aB(dhsRaD+Y-B7
zeaSK?`&c3n;CWg4F7;o2+9Wtc-oCT>Qivd0jt2&M4Rma}D@j==p>ey%Kaq>&!u|Z*
z$dTRYJXA}U>3fgl^MK&`th*CGo>d-}gx_=4<OjKdjErRK7iHXCvQ-UwRInP>KCeoK
z4+5=Jd%p|a!}FJ4T{yP0;^(mIeqyNm%h&N|D?YSEq?x~2;x4qV`EtraWUR*B_mOaG
zq{4}%ivel0M&nkqjQh9!!xPd8=RzFXr5&AtZmt-xDi*D-bNy`DWf+;*=#wBBx1J1<
z5Z$MXQUF=w?j00}eEl`f@Ykl$_bUbo=q7@EuHqTH8lSdu%y5zx<as7PynI5K{d>S4
zBTb=6_*t@~X|nH!Jq4An%%Lkj)EhR<_uCHRAMCn5vSA@U88QSG_(}yXvWVF_*=D-R
zdg5!_)_3l))$LdTKD=C>jhk80QLKE`)j}}5t|z->Q@EO=Nez~~(Umf&0mJJH!9g$|
zYvaR3po887pA^B@AI0}bl_7%x`YDum9*!ED%?$^$uUcV`kO@WtUYb*uvWlL57QZoZ
z&tT?peM8r2RQGSufcfaDfU(gyFJM)aelLx1>#d)|+Oe2U;s$OV8b}Ll40U>L){lNb
z>8A=hR!|T26<i)YX(wH=d_~c-QddrD$mn67SQ`PzKClkRmV=j}oUJIJodJlOgl(@M
z9y9BoxZTr!v#NJn!Xv%s)QTlH0ADL)5tT-|GgzQQfGcH_r@QtC_M;hqASD1ENwfBS
z^C>O)iVUSU&YIyJNh$41Q9c4FO>J#ZMp~iC*;ZXA8h0@pn(0BFdbr9gR)U|fg?Uv3
zI88LO?2tM%ZNz;wJ(FZ}A9gZ?b#@@e-&KMP<>aVyjSs}5MQp0#JX(S#^~&`kM(9oe
zq;f~8J-)g>EQg<9Ys&!3{4Ro1O2A+Pu9@i-*nlwX0Nvsw$J^64m{pM`?xPv2FLHlW
zBo|#+_+6yNF6UK6%Y-of_rFO~{nLQ__L!LIrLf-coA#%FR0Td~Pe{);s_fB=<BCr%
zW){;jiy_w^s`;7}0d86h8RF)>D_wTnwVv*-35_YbeI}rT>8U@9-?>-Y%BXu<gF5>#
z&#lhOGMqqcj?*8?(<s8_7{VeC&WK%Cezhy3d_U>CyPU79^qi)n<5eYbg(Qv348!7a
zmDvC=oG3FAdH7)2u;GnqKlWX@HuSgKhXrxlEtGWXOz*9^v8$xGN*iZ1I(H-8F{Eb$
zoJUJTT--z!5_E3=*}LUWET{TXabeFoD7o>1PFoL-Gz0Bx6Q_CpdNKCVtjRklo1vY?
zm*ereFvOCE9H}*KtA);3yTJ=YgAfuUo2wH>3$eIIQGa_bKGy+($T5$PpTM$UpWvi0
z6s0pk^~1FDk(uUj!Yp=kJ_DW>VTO0t1Y>VG@c8w!9~s4C1Ut3{oXGNdl>`#Q;J2TT
zdUNZ9)>3WdKD~^%!U=Ig&z->%<UVveOZ#d5J7*R4K~*L83=TPh4;&|`2CMUYdtY23
z-jM5e&a25FjO<s`1rK*f_8eO(4M6pKSJg4v&PaXH>By6XTWeb5&2=RDp1ratOnxgA
zZ~d)K)tLJ};8k<q1I;C-6MkUvebySUB&=h$4#+nd$4W!*m0hz#2z(1|dbt7}JKzFm
zfo#-L<mX(`ZP8(75t(QIOFwkHytH7StV%#Dg%NqtTp%mc#+lk6iU=-3rW%#Li@EkX
z=^lA=y9j~no`p#!AZOXCV-2MTQZu?tDheR@;pv0y*82yBV0TmIURDgAeSLXkRio$r
zhQ=ZRzS^pEs*iG(tB4StOkhR(-4`aX@vOUg06UU}pK$WczYY>O_&)XBlGial+t8&&
znyM@U4+EBL`e3lAhJarCX=uuJty7oU@#p+k7{#u*ow53{)FcGT?GIO6VuQHIa#~!<
zmqhNTm2aeD+|%0oZ*3(=99d+JsA*#Hag$442*IlAz;b$pml4WfznN){hGlW1^WOW4
zKH6G0UX*zfwQKzkVOFtBD`sy*MK-!l5RSl&A?0qJa{y?kgD0a?`B}Ok`V~~QVd4Ad
z08?&WhwkDCx6QeH0F;~4eOE`7WzWcM1JxuyNWHvgqPmY;(tq<58<pn3ez^y0==b#c
zrglxnAs;Oj>6R-N4@+a$x14P@VAG%oiFwX!#JHJc_XP0a$Rdp#sTJ(rUWb4B9y7zR
zCoEy|*&Sr2S0e-F6`0^U_Hh-Gg@Hri2r5ZW!WyLlR+c|3@|#Oo5@f&PWPvT?La`MS
zRS1oc6xFdxlO<G>S;g+*8X@gG9~@$Ygi1{8P3-OTs%EPeIo7dWIAEz;i*>sc3*Y(A
zA{JlzUDLWA8a51#mB>?ulhSO}=A>CpLfGIx`TX;>8s+NW5conR+`nMv{&sW2jXl7c
z?bZWF)n*GQENbeyngSr7pYsEgA8Qiq^Ijm@0h6!5)Q%vgVEjUUB`)Bu>E&?JjrqqE
zPTYw!Cf{lhB@1%Gojh4dTwJF|FaBUXI3Er8U8LpH`5FH=XEow#^4<M<E8UxY$Mh@Y
z{dTr{553CrNJY{M{B@D6;d68bHpNV+$npc~74KU3y#6D%BlBa-T+rl4fAk`13*iW7
z1+MpjnW9WdUIs2dj-{ATke(dUaqw=;&q22%sWsPT?_*X@%od+xrj-QuV@aJn?h<J@
zNLQ3A{R9aAc`KpNw7~UV+2*gl2W~&FG*#?*kh;`ezsMQwdx<<|t7qqrkxQ(7G7#fi
zb&<WRK$iZzsTuUq*QU4G2z9L%okeiz<Kw}LORLEwmqZF@X&^SMvV@CD+8r6Np_pe@
zb8TK5?rYB)wU{Cc;cRjh<cd7|k`ZsqjMJKM^|Wm1YU@}W*cf%CvvVuqS+uPFwL@=`
z&e@^-I;R$!l8dD8zedDfK)=Yk_P$G5R}ZMuII`xEOT#_0qg#(wD_GfAoXh)WU2#@F
zCfC<JvqZXAe}yLX+BG!S+OVbL7=8gg$fUa(u2ZsN+^DxVeReF}Po<=LVL-3fD!&nO
z-KXJo*wE5vm$b?3B%Wzmk+I`!Hl_D#c>2x*Lkajg2PeIgT4O^x1_O3_R$dKKT@`?y
z5II*wpC9(-nofoHOz*ha+eh^$rlnsJZ@O{=2r{-$H1lj~%icQrWhh;vUIYiphN>Wr
z3KM<kg+)H_U^aa`{`{5JZ%2n>oA0Ksv?5m{DX7#HL}^b&*ib$eNtds{7lB$=XFz*v
zNvSE+SksMXv-KL(ye7xSfQ$0zEr{BZ#Dp?`pa(=7iHwN^s+wHq-S{$7q$be2|31Fn
zlM9@tX;q`S7xS5#!ItT;U=2VHh(;z;nN@MrVw~M4c*aB5-34a!mj)oG1?GACBD11i
zA~NxLj0#Cv*t|yu(yT+tcaY+EOwJ<f5V`iCbgjw^Z8i9fcY1eAocW#E1{4Te8mbJ;
z#;6zr2-p4Mg=XOXWj`Ebsp8QwZsU2J-mifl*a08an@l^3-L9D&I_oGX3$(#)@;O!z
z;R-&ymQT)KGsS1i>jH9Cj-_~9ZM_<(>0w>z(_}{sa?H$s%j#vf2PsdyZJ?VlNYWgZ
zCY-3)Nbj+=iZ1ML@M~&QdncgJm)8aVMvTUM7Ru%XBqdUvRlzjtbfZ`%lzEeOxEd~D
zYa>gPu`dh(23;O&$k=}McafA+oc)iRq(?&;R)zhQ%DYORqYgq7s5Abi_1{vkCyiQ;
znMPxMi{cr8y9>4}tp~x}N0S}2MVYvks{<vFE(cn~E<dA}v`;pyR+tc=Y_+HW78?5A
zK3}1tAOF$uqc@n4seKUv<wEuZMb3J)J$HARXDWhegi^%O&rPT8q!>|cTO|@xdC}Y<
z<R|ZVYt3w<{+Wo5#zp<+`mm@-cVxY!fiQ2EM3K1EuIgEptDog$UHt{Az3YgZ`LW(f
zSPo%d@VlsjN$Cy6{d(PfF9oYY#((1#exF$svhT+sca(rcUfz%u`E~@;sV`N#ax6Fb
z^F!1`y_+g-Z!XF=4((=4ho@U3!@7+Z28gV$xNlZol?TS+Kd#_G4Y%e}OeV@~0j1~U
zxIqxhNkj&eh7Iv4QZa!>`d{fOkNz-Ye!|t+_w#QcqtQkU3Qo)kH<Sm}u(~0*Jj%im
z0)#IUNRx(-R(d`DP5Z^Y$4?xm)y~ZxxP77h>wNNT!f@!&QkK)O*Gqyb$B>#7aG7A(
zRb9)gwOx@A?CtTmVAA<qxEz<t835|4LSlg<9=<*t!@D3jTnLf`&%?~w*3*yQUOd+K
z;hq!s<Qt2DTQXmq>DL<TKA&l-32K7yIZLCaGv5p=_wW8VWj7HeZyykbFxGc_d3^UU
z{@BE<bJ9>qtAPsM2*$mR&gU=I4>6TS%PN++<^AIllMx>pG|-v>5jgz@%9*sb%bIAQ
zgb-~agxr}374o;eN}ahmQU6}TU51;tooK|h{DpO@X!tF6pM1JFQQYWTg?{`{!2>db
z{)B$%<4*!pdS7kz$klr7WxZ~?{$&2==T&ypp=BgdpI<?-HMC@cDzqGCF-gI)UmcEm
zHY?37g{Ki$qLSUBa2>C_vRpDi?c<AB(2}(^k`xa915#&R^i}iOZI!EY&p`TPErFkd
zXpS0PrvjrG8+sB?cqVDNHk~=hRiAN`LWmsWnKJS?a1Z}&O@!8U#o_Ak{YqG=lv_ku
zl;VSfHOD&Xg(sD`=O}U#3@s>8cDXc>GnzU0#d5luKi#9y5RKI6wSQ|#eTPF^@W&~d
zV2MbjQBgn^!nr?)1&YXz_b&LZexaS4^6BiQ)CbRtq%Br72ZV+w$&U5ewsFZ@BY`$1
zb1iR2Vn}<QDdX*tx$=}?<+DQPKexO-8q(FoB9}&82O(-Sfhh0D>*nR0LjA*UjU$+m
zX-2<`7(TuJ@^9m=kl64SDd~SgMfmfD|MB*=|AhG9c;S!hqF1J2zrApSgjD21LKH!z
zK3Km6MxAxTB81AHtrgR*?dF){FkPzm1}D`-cjt9toH?nfn+LqJZ?sJh89ys=D35w@
z=<+`IGwr1xm(iP9n$>HWEfR6(y3Ul6IWldEd?ki#Wh9CC`oy*mtAeT3sb}i}MF)I6
zB(6z)yrEM*?Z37{BaaZa=#CPHtwU@WR^UNZwm^1)&hQy~*fy?t=>YpVVe)zK;Z4}V
zvJsZc&*ZS~A4QhrIS*T<piT;~m9)vSJO1Ou8k`4zNbR=b!y&Ri>_m>A3e@|kL^b@v
z3K2b?(A3=#XJ4f$&SnPi6XXeplqJT~CWB~^`V-hi-Gvb!pSzZ>{zc2c{^S}Ho98m}
z1|5f@&0gh{8hbaYj%vQ^jmW*2G*ocb>vYB2Nu)Z@AD~W((`e06QoJ~sx$TozN86aP
zv%-DQtF@{aLEn?$sRhX;Hq3pu!)aDcZZSXCa7{s|Y42g3LO3h!6Umm7A?M+)`x!r>
z{~R9IRqm+PS`~x@I(waWx6qq&phXL4P#&EW38{1}>e36CQ_BV)8(&&J{?NpH?C5z&
z>yJDI^D&94T}yo(*vAihicty=t!>77Reg;S;Z(85M7{*pl}3U=t&q!|Z6{N;Ey=5P
zd+L2SgmT}o;Q;Da?Ct#yCy?~>n)w8t{@Ec;teimbmc(wwXc0dhx4y9F#r{_r55Ayg
zUTnSCblP4y7l2hoA*JX8UDmhczj@~r3@aU!2V|=(mh!BGp&lUqF8s!=uCdR%JRu<$
zT^d(5OTu&NATmqnb}FTAH)d{_{4R`T#DK;LpUJX-6n^Y(-~DYfsZEquee36vZhM#U
z0)3z*e70s46g|R=t;KG@g}%#zy~d@08~_*o;I!#fO<c44vp$y5%MLOAY>NwJl8a$u
z;8uCY(|i)siOetpq;`_X^oE@LQdH`*=0BSC_P>aZKuc$~9A^5RKWESDzxl5&#zjQ*
z?&n5Zw7bkNbbex0<HZU1bKN~3z2zdW(9*l}Fv$AOIyw7De9R?7+4vXD@4xM4TzUDq
zd_RWZC=^k(&w&}y5W0yd1v6K*u|YosNTzvxXg0sO=#im&4>?)ySEIcAlDSB4d|3A`
z#qy?8>H9f32U-KiZprqd(q`{N)bq_dM?;7Ydn#%!&23pMDpsu6-CyC%foDR;aHaJ4
zOjb3j$BtPr=;1US)|s`II#6MLIpSOO(b(kNQHof75Zn!7<!C`7pu{USlVEHyoPg~x
zf>C62?y(IxUK9GM=`@9%c+x~g3C)f&74*R#97|C;?QT>)3=hdkH%w~oN?^$Gy5XSm
z6nu)g%EeG^P2<7fF;4Qa<#655kvDDTNAT~4vbO2EUDU~L;Bgr>;2{)HHh@Kqjg*n|
zgVvfHD&qTxZ%NtGW;YAWFq-d_8jPB48w1OGyXI6J*2GIwdxBll&Yld}aY({Voc&eW
z7SDNCYC1d~A(0Cp*dh+>GMLM`=~J3wcl-0<CzWQ~9`hGJ2Yj}bC_vOtK_9jTVetI7
zxc22wRL;X9R^1kKeWxJFukdBdY~e{Y+lz*VsDLnkM?*B6a>E9VhlgJ+JgX!ciNGiu
zh;d|BT~Cm+oMI#Kn8lL$Uw(0!0HL+Nvn5uuNRG&wm8G`Osair71IQS{OL<?N(+Ev^
zzKFeeQJZE7y9>8M%27C}i(j6p!ZJ+r)YOKLW;s4^exL*KU#X=o@;6K>W)l&nGFEi3
zEp3EtGs5@;2BaYdrp222m0on5(l%;#C1!=lOUyM2RIH3_UVfCBQwt^8RXE_`E4lzu
zY7c6Fps(ZcsB#>cTbLa-2v;xeV4;hOi+fUvfg_(+GI7prD}zu!_L%}<BA!VRfAN}P
z-P{!4xrOW6Y73_{G|GAwicc}U3v7=h;hw4KD-EdtNMaVH8MZLrcX??=ynR!|Om;EL
zZ>@+tH(XSFrjZ<sGBWp=Y`vo=e19?~59LpZg}WYCEPU;?;{G+LH~~0xnU*trR6V^B
zRtN!3j!Uvpg##I$fS=D5+9qp@!b%+9>fjL?6g62t$zj{Td!(6C0Eap;$;D$*lK?Qk
zBCs-lx6AJBUm9g_*j04lGY#&ZSAJqfvgHFPzjIUi-C|G}PM8#r4YjNi#iXW^yw_G5
zWrDsRI;fzWV_)HTlxdM36sV#y+%ci&A9+Lwt$V$hwlmL)e?ed5sMTkvhI3dM0+Jln
zZyKKjMonx|lqf6@gp5K)q!rJn&~?q&D*lOUZ!Ji5m5BjOtc#-ZvsCqLIZj8_7NNbC
z^xO<Ci={4j)`f7IEXFOX%*ww!u&XXp`)oJ#9yM;|LdAJ8087jPZ_|YZ2=gOW6JR(M
zF!=2TF{5YtT~Jp+;S*Kepf;N?NC2yAXSWOCt5|gqEj5*6T8|L&a>PHKkQWgPmA2{#
z*NXX8n|EuRR1)H@dYn~*z8oTVwGUwB(8^A7Dzj8Ej;8;hpV4Xw99cY7*3;zQRgBKJ
zxpB=d3fh{D_Jf-T1qrya3@8-l7kT{U4#<vQ%_|2g@Yljqg1Fn++h&jkng_@x-F>P)
zg}{e>Y6V2%r)8zz>fbjhzlhM437<1BXgEbJ>13g0Q<+I}!H^@#pw_&$iaZRp<&y5h
zQ@ZcR<+9!G2BO~^Ng~>8)zNZM8`9V;b+R8^pN2}ZR)Lh+(j$f1Zqu;t`o{#9lEZ5j
z<v(muXEO`*T+*3+KiczCih!%H8#F<U0i`yNAIe)D*x6G+ctu{;->ICrJn*Wd|Hf#6
zd3qK=k0q{H7XBP;su+v&of$>@-#S&TW5UvTIBB$1$Iv7RCiAKIK<#OzJ%#+$<S*6m
zHC-oR`W3O*-3)(U?Dox?oW~2-Z9!p_XMWKMj(QK)RVM=PD`(<d84QVwIkIa5Uo*O2
zxpa`VtSYlt1vbgDJ$~Z08UKg9_l|4g-S&U6@l_O+stJNpLQhmWDEI|JNkU5@N+>D@
zB%w*OP^|QxkPzuLkc6f{sA2=8E0EBeROu>31l!Ht`*+US?z8uApL<{T-q-!(=8s`A
zd6JoVcxGm;XRY=A=!TVh)hy!VlG56Mq#_=dfCO@=b=%{$D<bOlu=>dTjf1QNP#v@G
z@j+KVgpz9ypw1GYGA+253anbnk=x`LzDXnbZ0aQ)eqr;xWWKWfAtf@&iTNa4PDziH
z<OQrM?l2xO*4H>Av0so_bQ`kIw?9mHj|h_njgVp65bc6-?XtZ#xrTCWZYWtswQx*I
zA&GXjo#g+T_$lH#TPAacdGvDnx|t0@&CW=4*d{mrdM{W&^K^&IaFS`nS|q;*zu?GR
zyYrM~?vF{RS6zjSB`=>b8W+oX7MY^yt&g5P1}P0Oe&jxT@bKp%?!4&1%rs>>EO}Xb
zN?ViqjOamjM@p+`dV*(gDaX{*cCq<hBfWzlGg<O9udxkW{$Svig&TS}q~9OQ84p$L
z(o><SEzRhhJ*`9q#&vhePXy)w$L!CHXi0fOEK)r;5;Woydxt;=d>)RwbMDk7b&t$R
zm>=kR^?0cI$+AV&W|0jg1y*>k2bu0^O-Id?zf$l?k^7=Fh0N-Q=^NyvG!O0LX@74G
zNJVK;9x}NL*MV0H>7ZBX-?hbNQj+^1dX%g$7Wau?{+`|SPqHunhjJ1My4DfJ7gCG9
z#Jx-MJQ7a4soMOmdg7}Q=I(R|!iDJ6?_lK6haA#B0XjzN%gL;~vP<*rd7a64S%wez
zd-JvCva{AcR<Cc5`9z%+&y~3dU56v0K%Q1JOKf{|O@a|;U&Pn*lOub(-IKp)ws@e2
zYjaD*oDk&`B#1+RTyH_#mbkmop@f<2-i+W9%{kTgyOk6k9R|!@ZGFt|bjD@r@V-A6
zNdzy<9Mb}!sbsn+Co!gHu~l5FTM(_WDfK9Vq9Zk#bf$Y{QEWRts8*{)pJgk56*F7l
zesmZtaTNu7OPx_bcW0nB)YW-FP{{k;;FFJ>fVo#|b@(BW$gVg&v|j-_C5>0E4KwPk
ztXrn&S(o75%rtd^$*^rXsQSeZf;tHKZqI|RU(25h7hLjsviYp#wc5}ss5~^MVwA%~
zr-BZEPiP7)yhB>^oeYQK@h;4hc85zHFIT8M?07y)^2hk>c5Y2xXpoK$z~OaD6?ZmV
z3Q^%5I}&n<E2oxD9{qlC^y~Gg6WXCnaW*8!x-Cfr=rIJ*q2&s-8sn;9`UQci@3Q*;
zRMtKsSfe-J1b$Df(k-|Z-folZ)>Hk)Gs$R+?q&~%_cqKCHObWgChsnoSpnZ#o_+si
zwyGq?sw7$u9+KVhnHi+KZhz<Oc;XBV;4|~gO7GE~4_GK$ii4|4HSY}13H|z^=A%Hw
zQOXIr8_G@70?4hkm#$eT@V`CAwJL6Nbu}rz*%@04IG@4a(0F-8A}dAbPN(j})ynw|
zRuv?i*;d#X(ny3K12n&Z$GH+^edZjzX&ZdYQo56SB2FM|YFIiS0VcVu<$~`*cJbT=
z_b4^_&?HY}@?r`Ew+%B?X}^2{jGG1@{-eh6X>m}sg#FhlJ<qgB3*~AnstpZP-Iata
zC!kB2o=W_A8cZG?BoH8#Z|WGF?-SQzI~}p&(UMT(P^Cg4&O%&J?k^7d?-M-KcBdR%
z`kY$i=aE!L0svGiPZ$7iPw^08+n96FLzD4CBxm!Q<M~(>pT(IlBe!(-ItPT;GX%1V
zlhy&vY%pQ2?eb;cyROaO@3ClteH1?Anq$Ob+dViN5dCn1h$h0*)a_odx~bCgmPHt%
zX^=%{=Z~RlUxIIBq<Y)g32eU!T4L`@O3Hu5Y!65En-pvv<wO}WezHlz2}|mdaeTn>
zb1mWqpbBO`zi!o(4MQ{^DDyhjj4eSSqT=A{C@vkqgd<ZaJeaL3sP@)_x8my!b6<?w
z2VYEfJTw+G^}XI0aC{`qqtfW+S?T@YgG(dKAI{5sdYf*acD>e*vZ!_YQUF>#ek(+E
zo}K(tidjEq)77No$vau#`Ks<9p2-B(?CuP=+J2uE?hzFaeunnHriHiv;-~C<pYoQR
zqVc7#U?$fZ#sS*q0O&*{fG&>@6sMiqCHX2?_QsFKN49EB{d+`*#FC?;*5%r6;-dub
z&Bb{unI><_s2lmiQiM_fi8EIX#Liqe%qDJLKYVG{+q@Q*&xMH{I9*j)MQ0v>OZgBy
zB1bRFkpdRDP@~GfxGDen`uG0Ie>VLeul%D3&fl@*|3h<<&j54D4l+4;OZjt7)RMO7
z7JOf|)(3XG15F&+x^+uNLK86Wno2?G>+PJL7g+_WXKaSuMo;11zED|juWM#Qi+jYs
zS4$>NG?I>T+zpG`;pC_@109UcpIuh;Z)lw>9oln#6(3bExH;Hjy`%NOF;T-NXBR9@
z<v~?dW0V4N2vF2YdseZvGB$Yoc;n~U*M}|YZ$Bw#)Rec^I+c3|f&|8Ecmi5}@1UWh
z1UyeTjbT{Tqt%E^mqpTAFBBDPOO$Vx-Kh8`&j>T9KmYN3!oEXiLE8s)l^kvQcM^Ou
zHzaNZz@+GGf;IB-*3Zs^WinI2jpQ0==O)2=AP*Ym_Y%rHtmlS$jOPJIRX6qR?<z-u
z`g&@Dw-;KcV-C3dRMg3PbNp~?w!_WR3l&T+gzrb?LlJ}<1xgh+qEyy^0p`%#UD;7x
zFt6fTx18LGXJ>u%Ur&fW&Wogs(+ci{>_q1{s5ASUXduHvx}r;yUbsUrmwM*g$e|4x
z^yR_bcOEMbmdX3%QA?~0)~LMLGSaQ@n2endGxURxrbs^O(v4n=h9{JFe=aD2=h;d`
zT&-Kkqo%6arG&5GDS5DZ<j!H_6WI~!b&sfxy83dKXfj9KbS@v5nEAjo{sU5j3Xq0Q
zl7v*y-#b&ZHHH9pH!HsuPYR7r$IZ6cC)?uU+|Qo1$&-lI8bP(ufewRHHYM#wZJvO9
z3UyT^^Tb!b_HLgDF+1_3uu>KNffvg=8CsljxvFn{$40fr(a>bk%oI~HG6z^_EAa+4
zYQhXZ_vPw!`<P?hzCC!o@58a^r$=N^aDRGT$h%#>#}i?ru6NOCA~^vYc%7_rCuSn8
zx%r*NbFV-)tnK#blH-Zmc)drf)eFA38|1w1*pWns))$mOUm(PAvN}rn@{zCdH!n2N
z%7Se>P%o~H+1O{pb&onLmoJCI(fGJd&}%YVI2me>F2g>mKCgXMr4e|y_gRvDz3_{}
zZzAFd6af>TMf)xeUHLp*0?I)N>I?UqNWLDX0%)c$<}x2ly!_j>^$(IdzfC3l`PU}D
z7t{ZqC;hkIkb-DM*c4<KVZ%r~DI%gN4*+7ki#S@YLX}8OI?I^9J681l1kuG5KkXjd
zl+48k_m+@RNjtIKt~eo*`0G864J%RF`g{wO%$|jHi7fv7#?=<>w1qqvVT0UFJ;kL;
zK$Ci)cr#{zpfEkcJFtrm87~^Is%-f%CbVicN+RmbT$7hGOB~tzs%s}b-pQ_b8*oQ1
zcQl}TSN>&e*m^)W)1T!yW>|PZ9DiWl>F&b~iuqmD0=dFmBbO>qX#~Et4Sr+eB9FeH
zUw8hx7*N;tuttg-K`EeraK4+qrU^VsSL{wgnYYQ)2|0fHnkN!>m0(L!+3>GbrEV3B
zu9tc0`n4Xge35lY^t=ae3apy+MlMzCS=7OW{k>+@UU@EjyIKOzCRv>jzM3K*mSk0u
zu>kLThlT+yO===LqfAOOT>3Q*9uXf<9a!$Y`+<&#A>vq7qeOjx4;Adnn6oCw8?{xE
zOkw^(7rWf`XPH9CmwV@8Vpp|%@;hyBjA0i1!|caa8v`Z5J~LGVerb{_(e|s-#G%R!
zxqP;)L0<P0UF=vJ+uk|pFuukX7aBxPL&k3cC)Q*{uj@IH=J4>#@FbiF6J*X~C{l$Z
z(^XFKQEbn2dF23nqZbP#ojeJ)i=kPM<j#b_SLKY2a?^y<?kdrf$w|obY(>hXVkfl&
z@<pdi`^rdi@VV$Dc}H>o18VZNZeg0$BUh(<2%dC3(~)qKJTImfm>-&_Eyjw!&!<^O
ztx$U!j8a)2zp~)J|J^wOT|jD|&F#3n5R-za`9bZY8HYAkX#qT^Kn<KyuC|93X8GkJ
zQ0xqon|#!j=r-oG?Nvq+FPfhQf!+}`@&=|4#o+mX=zi+zoSE~Q$%wHf_;LK7%0Ath
zy8P{<p2S~#=Bo|$o8F`ioLh*gM)i}vF<6!d=6F35<yIvI4{^%aRqumfbXY|8rq~}O
z`$oyn4IvB?)2uehm~!<2dvm^+Pv2s_RJ`6knQ;=SYOVAP9obmC_X_;_u8L{o0<Xwq
zq{x^Bne`xhCRwK3F@2<8kiIz)_c86m30sfUA6sS)!(kY@wob`38f*w{dfw?`rVG?5
zHxeGIAr6<iy6uE1@*!BqtF~Bg7+jZ$&({W6-bSl5r9}M8$PKqPo*HiAXlaHrDicMS
zItfp>X0G1~qhG4J;W-#<|9;%@vmpbxY8{b5G8iW*(d@rMS(2Sq8R_)0X>(44S5d2)
zER0btN#S#6r@E{wM_I-}>j;>gB6XQ_HWZdohO>pgj+u19koKnAs38!Qhx_7Q8hyMz
z^-USZ3(&U|SZ#KNwUO+$d7K?+^r5^8XTNBeqZCr2xk@`gz)m5B4Xik0^?V1Y?n1Ui
zUzHn|>ZE1D{4WTb;M6zre324|p1d6_qjN!_%(LCOee5)MRDY7J+DPoDV~*&RcE=C!
zg%l=&kps(7t*v)-E)LDwu_}ORVR{o#V>~yz{wC|C&Za<|LDGT6IIRC|AKAj7vep1_
z)$rXuB~z%$kL)vA4Nnbd$eL1tXW^2pf$NIBRczFy(6=Q`F7mmu-J~LxHB#@}Fn~mg
zyMEj`a4Z5v46s^^(tNy8$&rZQ7me(R+>$n(0tO=H<H>{g<ZDTuB*iV^N{_T@-DY`y
zhr%m8r@xdE4!I$S0}qs+<?35h_U^GJ29XKfwX17^oss7aw(kAFzOKdAmhr@X=Rdr%
zfBx<lU!d+Wue!onLcwaFC$@Wr<J0hCk7RX%NaB?<U3!NELbN=9_Mh`bkd(NlHI52;
z0q32Etn^emN6BX-c#R8Ihpp<FRNU-QzSU$`?xj~5$c0HZD!B+4gH4TuCtDw{mrL|Z
zn7Z_y+R!8c1FR;z!#pZqfS(`xxHre4msZ4;D~?$N3A-}o?h%A3xJ|%j1g}8?`0cTe
z`=rlvlij%>)s7`Oasgfb-c=wOx0w=f|7~B%xwQ&@lA0sO&?GPdYYUg?>d9106BC<%
z!-+eQgnQ=^A=UtqO_6QuPH?pRE_?fhS%Gojx4c?C2`bGgbxaDcEzSyk%`<qWtv%-w
zGYRMrnZyP1p*H!4Cw}oAL0!4m{|rENvp-*WZ(g1?1~j1G>#=U1_{BHo?c1>g`y)>L
zP~6+821)k*=eW{#=u&X%X~wADBh@5)UN@Q8O>u>0ShU{9yI<Pb4lb@L`8F2^DEf26
zzYkeG02)dt5c!N@OQ=0ICTO&du@z_X*YuAVeYjYnGDi>Yg`_%;8Ab6^Iy!HOMvJ_w
zn{t}3GhRpn?=}1EWZj&Zx;~aYybwUN_1$9&2U&rPM84H2opnN#oHhYk6MK2IFA`}!
z1drFfA`fxKP1hcIVen1nte7o|Sudpu5Y*WQJ#-PQbL{oWz;fyOYI$jC!j$}80=z>X
z#`bClbzxF=Pt$|{z^2zddg@58VY=ZS8@p1TTa))!S0T8=2BrkgWmPY}-50Mo$FN?Z
z*?S$h?Xi(ubiu2Kopxv5r!_x?T{fMG+9%e~I&5hQKMF%GQdc}k)g##aC3tIsCrY_k
zxu65#GaOq}uqbC4;5xnLKu|GEsaYGn(TlLw%nUbn;R6=vuvMzUvIP2Tizvgr3-iXR
ztx*;Za%lvaky`fiFD!2CmT+WUtuOZrMOrYqznelzDKY}<rYv6n#djy=@fzR1MUMZ*
zwPO8yk(FI1r^+HDpFy0J?7Tv9Ak#62{oTBwaUfNty*%3SWC;xE1|P-|zUNBv;O(+F
z-L!ZEp{3(H4VJ|ltQgx6hKNKWqeNHwh}&GFeu24XqniGaRs-YthAn3tK&yv!>DJ0_
zF!6!iwb~DcWV5GSqNxK<3N052f}t!ZRJqvL*vO`!gP&wy&+V#j|M6z9@2nSp;<Qg;
zCj*vR!?1J9#b^4!3{x#Q&tmTODOS6=nw~tzvtI>@p6UA-CbGUXDZG`x{Y0WbHT87N
z0#)W5%AD*-96FT13&JYwSP&d8;cguh)D@qf%<R6u6g#^l)qbC2p%~dGFFf6HdSyW}
zLKeN##o38%87O8q#*4qD2D#Q#J;IABmKRiLCU?+sPkho*X{gvX+EFVZX7W4t(EM$E
zhj*7He({BmDo}jEWyz;I0IZS$S8$;sb)O}9z?WHA=h`{q*;F+*a6WfIxa82TBH@gf
zuijXl{COX6%vt|ripg4Ar0MwjPb$!&^Jj&+<mDf6_n=V|ALGn^N-2Jnw8{{8YDqI^
zRB)i_jifAZpTZz_7#+rqjpZSjcuPW!`ybBZCrgg0I+(bB-(!698g-w^>X0xyamt2T
z791h|96x-}a@cpqp_Bh#D4qPSdGmWr_;04=e=Xnlt5EE3X0G7g7ribpysB(p?rLrf
zmR5o>x)63GAz_qjU=|Ya!^p>XrlW4IZsuAr7!f6p|3eSB$+0m?r`z<~TOxZym6TJo
ziR6&om{2V^NN37|Jd)1B@;x;Wj`N-9tWSiPmx?UguKH_&ktZN@=(Ve65rsb=R07sU
zi3V46o@-pv|HY>qbqi55av^c0+L(b&y|p|)8rsNoTFqZkAI0NwDaUVjTq~<jxj3fZ
zH}smt2Xgwm64C$vBhuH*S6&t|yF)gjRX9!-w|UP4^lUF`I(qv6$bwM0m<MKlm{n;5
z+qR;e5itfT>e+2X3j&xv_t&hEFmWad<G{OKc~E-5aYU4O@Wt%6vE0YK_UO}UYX^8$
z$Y4>b+%^Efd&;k=odp$tn)tJz>+bYx>cZ`+=ij35d{Fd|#<azQJyZK2sU@<{UCr&h
zWsIY=Gf-FrlCkgp-ied5z)g6A{L8j4fh+C>YU!&cRa@4Ur7dO-k*DWPuUDHu^jb6A
zoq~FyQ_R1O&fT`*KYjeFi}&AqT`6QMT&%qwlhJU+_@`JlPXhVB2Jr7|zok4Nf73P1
z{%gzM9j)IPGxz`6qJITp+b-s`P}-rxqWShk`^Hh++z2(DZ(IbB>&WFR$@h>-%|b*I
z=JMa#|Mg41FZM*)7NHm#Lz=0xRv^8-T3rjm^k>O-F8liFC8jXgvEl34sbB5t%06xc
zOS=V29|*2rECaRr`_tB^t8>gVzL2UYYUPW;_faf1(Uw0=zQTdoRQPB3P=gGnn%tq9
zUB_iJ+LUCzS!@V@9W^p~HgaKiGWb=ZP_ND_?sSgm;yDP&_0fcyT^`*~NrBnyWk_-h
zx|3WhfIUjLV4BwYX81b(;&X_eydY_-)f?^c2O>ooq<=xUC;um+XyGIz&%ar9Z&dvs
zdgGrn&d1P@ZaMG(FsFEbmjbrStfC-8pXP{*I(MghG(^;FEpp=oBmL~vy_R25FYvjm
z3{N>q$8(RE2Qw$B%qqXppj>s3;&W9pPHIexB!qeS$0Jp?Wd51PzYw_0jgFH4Qtl$e
z!%PSrIrEo3lsclu4Nq=dk$#g7%W=b*_vWX#;qg4v;QY(I&np@Ygjw&XxCeMmPprIF
z@>mhBH!H^)%T2Y(Bkl9l$%9+;n&w@Q>pI`-nlzoP+j%pHm2|~5N^G!zlFb-+CSRZt
zf4$bCGddZcW9kb3I-QuYznhXBr)+YC4`%;%Q^j#BXD-<Oh8^=d5zapJ9GKIJq@jJU
zDHOP|Wo0mo&s%`}7+bKCp6%|*Y)6V4O|rzHu%DnlqL6D{*anSU6Z$?kYM6?3NZ`%n
zwI1lZcfdvt>oP7bhRbnw6meLX<uXh|HIcWrIXNZDaXdya*{f#4in3@~H*rZo@xaB<
zj&D-mO<gO3SgG-jUvNH7)IY30v_D|Yz8*+fOro?4C!rJa7)ZBcg1eXVpfxMRS%V5#
z=8(Q{hyk4Erzd>SnmW{5J`>#9c^}UcMft7P@}FpT?)oi%H`n&{t)6RwJ1?qVK(72P
zvFG<e{qNrW{+#*kLi`<rDqPI*8>Jq=j4H)1mM>`A&Pr|_b8uFAo_6<fPj<cqHa&4I
zDnvA7G;Y>wjojNCfIRv7Y>v~hfFEhG!^r{djmewBNYKIg1<~dc*Nm+Q&qjQS3i_L;
zcA%*+lf2S>%6(Oe{f^aEZ18-;J1cq%)b%KFG*6DE2{!9;M=sJ8w|Vpayw^3=zn#&Z
z4=Z%XlG<<1WjNs_b*iP;TSAku?m;c#()Xc3Q4Kdqi>`qSn~zuJ{kycTAGuvso9x|k
zS=m-7pD`3mMz1;Hq6F1?En4H;agi}-8D8jwrwY`4=#_2PSM@KHaosh}WQ_C-QIxe8
zZhtVh7nFVrQ*#zYmpAs%3-dt3VWf~i8koN&9TL0M^6^OZTXpX+#0MbObM4U$RP-cb
zxf;hShlfB3)@CmH3Z`^M47v|W*4N}da?bwAwSP#{>Mr|m_!vYrB>rQIO|<6V?8Um2
z`F^P9vnj#wjyw%UI+t2z#v;@9vqcY|()mh_^Ar9ge*6`6xi;w4eOtXsJ^b?rHL9t?
zlR`|e9=*(Y1ewguufw)d=qiMOlV?Ux{Q0>s^63Qu4Xb0Pi{NG6mW9ewrP%qUD9do4
zT*%p)FrCm1&s0bIf+UTyHiVnPq3!O{$9DD)OZB`}-@iHf%-1sM?uZBHYDaZWsr~11
zW1oZ9Sa92(EZ8wi7RMJ$Rq)B~-SeP1>p0~nNM|=|Mnwut>?-Xk1BS>vwZyRHp$Z$Q
zIHdpyOHW1uDHX*dU=hH7IDf8|5b|E`FrAz@JiVa(+O3j7tXs{uJrErt34N%5y53V(
zfU~F~2_=8fg!#g`nJ;`!o{aI5*4fYOQ!@~>)mtobI!Z@*1`!|e0-y_#vONnHUOun=
ze5p*J4W0~35nnmbSOx5O#{U^%S`9|1eW`ycj>_ev6<NiZ1>zWeyG_T*$nx<x32$cC
zEn)MN#Ot$4dAmlWE_`@faKn#so#T2z7@^^>RQ>qIh|eEmf_@<J@XK3=V?Ie_l|Hj>
zOgKs@YJUN-v>L0DapEd~+U=upg`5pHGMz^U(H$k|U!YX%v;@~IRjsPL2#uwA4*LV+
zh-C)k<f)g1CJrfT$2gTi_Jndx)eTww{RxbgE{~Ge6GzcXmrUcXUkiE_St}vgqgp?h
zngc`j_DL0Vys6DJ+tKQUUhC_%igLM!t>f?drdAI2J92T|wuic8JDiTdwm-n#m3}@$
z`*|j6ro8tAHbXh8DLV$WmSC&~x%L$MftSUg?NC0}KB_t<ZjzO_xc`Co=n-2U!NRh(
zDKFn%z@-9yFyAP)&1@zm^%mhR_NUsERZDxYv%_)wlVh0ZI5<^6pKjyz_?u#KyPTRe
z<qrxOQCe_Tzamc^J7qPYVmP2TF8zEp?Vk9!_?F;_KQX1Lny#_~&F_3(W$3mYAxF7;
zoxptbLAG{J#c@1hV-v#wOozt#n^&j5yl4BBxbM0OIjLN0R8M%N9QM)!YyY5I`zf2L
zDs8D#$feZ9`FC$gg;M?0qCRJ}9ER83MpTuXN>qBs90(w;P4+DoC5`$jzI$R)rQ8}x
zS;T|77I6Mxi8<UFSUoP-9bS8zR7c!)4=c_NpLx=lJo`EJxG%a-`{?k2_+`RMC*2Ju
zLLBL-a}@H`NX6)DOUX_PfBW&c*K;|=({W4io%mWDIv+JxzMRVOhiXuSz<IK_ztj~T
zO3c-ypLB-F84h&}Bn*$MJv~bmzPqPZ1#s_FGj4LQ3v-kySUyrj5OxX?EJ|t`sv#q;
zcif$}YE<7EyjO{%`3}}%UB)6+#N!Q{D21%eAiW%&>gTWbKP#B=hvMxiWPRLhLj|}g
zryru=)3r%0O;>4dD&Cc}C?4zXwo;VZ|1ctZ)W6S!1g?B$S^b$|wBtqPH>vD>2ueNh
z`s|1J8x|c2K%ZTtVlS~ZP^RrUV8HIs%{EMmUbPc?Ot?<tHBMV9WB2*|Rj{R!VUdZO
zWX0s^czB`sv5Pm5PXv3sa4R-rnVUVD?l*U{z|Yzb?|~#Kc{aN(_SN)LgHg{<TU}#6
zD*L`?*tSC=RMpenp?`E|A688N=Tf0{WKH>TAK&pCJEqCde8$%59P}>s#iixH-L!e|
zvukx&E4EbCqKFFzpVNdW=*vz;t5G!@ESbpuTs7lJ^$UzP7%DMWg9*L;-T2M`Bz13{
z$s*VE^g-;^o>K8C5<NmLXFm?4M)gCe0elL(lhidt>ILB_(Q84%L6sTh>npSX6C9xM
zvX2YS7EiX=A#`fYEV_pWl1`CFY_+-^y5J#{d)j{%|Mid#VAX%|<y074sh-(BV!KF5
zW9ixU&)i}n3Ez^wkaXcUVr%C^uFndIVcfQloa91)VUUfAqWyVJ;yaFBd#h3OH#D(6
zY3o<XLjdoqjf9F(Cwq4z@kcZHs@nI3v3?uT#tE-lAK#Mc1~uPEWOGV}F77om@1~N6
zZl;d3+ub3+Rz3L<pyY7MN2!UwQ*GXd*<18?BGi8`==^`nN5^-5@ri%+;^ZM}R+H7h
zz@%Ljfet(2XKM3W;uAjTOfAe%j;YPLLU*_ChKWR<xcV2@qsKRt=UN~-pS@MC!$us<
z?Nf$FXYr<hNF<u9tklQ<7mr@*h^u|+65+;K1GzeoRe-!D#*5{?A>hG7J&h?TTF_}~
z`f+FICy{BvUDEHrCoes-<=BVQ94#}ha#K<l0d|#~KG-Mm5xAdahI~7Y*0TtgV=Aku
z;Vg=-{hwE*{`aoQKQ+OQ{E<mKhX~<`$64n0vrBj-W#(*kb%R`)U32o=do<B2fpx_(
zYU61^6a2{+$A5qcutow$4I0%e_W8zReU=(Jq86Vt-#wZ9=yKqXXMRaV`B&{aa)*e>
zYISL0dmmJ5f{C^Xfq*)B;pga-mEOJOB)KhrfBPdRhim#DVpr(a_J_c;?UZjHOQFnO
zS|Lmxu?kEN*_^je_kknlc{N`+{)CePR?inL9a4T43eVlt2zNo3JPxhwR`SyBIyg_8
zwG5`XhG;w-=Bb1Z<J(MGzooSQuX8?N+YwHztfPfo(p&y0Upmv&!Qf!q^ShT0%z0^T
zs3T?6<E6rV^T<*I#+TtHPZqOx2V8gMUldd9ziD2bQGQxsOIV4VVgIQh#qSs2pP8OH
zDVf$3&qDWBh?hn@uE+F6@SwOCqI!&7Rv!p*e!LVJloOnQ9XDJYDJhXh5Sp?yY94{)
zwn?O@qJgl__v>@+VCj&hC$`dpFKeb=+EallX01sW&vFAQW%JfG0=I75(9ge7<?m&d
zq2wN#_&pKY^1K=@321e$eB5OYi!hF~HJa97Dnod5e^XPQ6OMiP*HivYACU1|;hhcN
zuJavs(^8XAGvDu2{ZR7)3~K>%31TkSd_Q~u1RvxjNjn*m0<!e=?%TY)orA9g1p;pg
zNkxMXy{L>x<m1b*11w3+s64kMdA2f2nPPQG@gkp25Xu!r-tHxX7?tW44>d?3cvF|w
zeWHBMtM=hyC1y7(bfdg;4y!eKK(CD5`H<lQ))*GPj7zReF2IuqY=J0KJm62DvoBR_
z7)X4|*esl5<+3ikTxo)=TFm747l@kXdg@6lUp9A_?*b|&;|c2e)RNrn-Xh9ZHvHid
z+Nt361E4ge8uXOozsx+SkwkQ_%^GWf$!PH^9lPYRM_&@X@FQ1pN6^z^rWi!=kfN~N
z{m<p(TV9QKT*(M|*UIF+l+%vESs>i)F#u4r@O+*XyY!E#q#jvTcGJzbYL4VZ9APif
zN7?QpZhzZ>i<&|KYrCrXxGpp8q7r!xDQAdGxNC)lqxoc(kBnaly?;6_b*a`Ir(q{I
zGMb;=kI;YAE{~{obu@8T<F34g2c|b|p3T?(pf*&ufjRAH*`!5fe9w3xJ_R!^=%<7a
z?s3eyESeU%6jk_|mE(UvK^)<GMXxblH5C!+nS+PpELFfqtW_4dmFi8<4u5@WHADbR
z95Z=gZt3gG@)?1|3vJZt<{@ruevJrDl0h!(@838h(RxUbdE2mF#Kto<#3)0JDwo?C
zrk`K64oABM{4v9Xp)eznNFXM}HK_-NLTCQd8^-_IC|vYE)XCmk6lNVaSucS}C@u4R
zU99-CLf4a$qz=hd*G@n|pn)V`ncr(c|1&k@U+#XlZPVo)&8LL^m|1lBK4uP09kNjL
zCOq&Ma*cuy+!RWosY%=ZHaR1}_-{Y9KSb<ty7^dlSzxF(`pPA0%ZaKq`%uqOTl02}
zU_}BL#VFQ+uc8M!eB^(op<Yv4Th$i<1&g-??T!gdBHcvt%1&`*!7$u3Q&PsQxI|A0
z(rT1gm~IqhsfIV1J)dM5{cpK}(Y=6c;qXREYMfbav)JN85!jv0%nodh^lO=LHb5#d
z>(2EaFkHrE;6PSlRn)Ovv9%>E!C7xi$+-fmRH0e1iLdCquSjk6ppQH?$K(qD5JgS!
zgEt>DQQ3RhR>^m&JwD&=)}arUL}qz!fL<^S1BIt^@UEt=#1M)^for9H_ND*UE&OHV
zV)Jb&j_=UjLYdS>1@z*RxidVe-nmzgJ6lVEqNY^(=@vKcqiq;S0X2Z)mZ-k4&F{Z*
zZFFfj)!ngA_pn*s3t>17Q3E^QW;1Fhl(VACQi<q2rVgtkk1OYi_zhQ$EtuXNubY3W
zOj!T|2gyT<Q6^m~u+1ET0Rd-0Ns{5=vSfE9?-DaXpZfGo%yP_n6ma;}wF2_&Jt7|K
z`Lzu^;-dCYfp{ptF2hA25$c3HG54N@tG2BU9`Rp#-dzGM>LGsaQ5GF66&?<ui|6O3
z-20@qB>NZG4F7*W;lK2NC1kXvyu#phGY0bGw2q^MZ*Ju;K4YtV@LM-M%4>Mi$u|8T
z0>U$o4CyepHfXkl$#x>x!QJp&^a=wUF1{wyd^P--3}yi_kQWCCZ?iJk+0ZYkqAG6a
zA2iZeuo%1;?;9W%+_%r)9t>BIp5~yvl<kBTX)0DZaN`fZ_y+BfE!IC+`I+MhSDt*@
zaoe0~0|-BfsW_$AKB&hU)XL=moYJN^*MJn{as7intLV4$nba1o{3P>T?>oR|ghOX~
zB?y(|qoHz9N-*(Is0kNp-1*=BvH!VY?=QZSS2{yt$|OoR%CkEj$b9mW@XOgk(F7mH
z&d@|gJBv{9aEBIdzAO|-A<B_b<Nkw;EnF({Jm$D}-;aiEzum0gq1}8}R}UKW)pdJ1
z^snf#9>vHUC~)wvb9^T)M;l&?{7xmK;E+5Su;~?Rwf@^JHAtb+7a;4a!b()-I$QCB
z<O64~NVD5eRYLQ4S|Z-@`a7#^AlCHNR=_*5tCNteHB<dmE+qYX6w<jpPl*fz9{2HI
zfY9ahnNw)5s-RJnMP<*mwfe9!crwmU)-2nORmgUHq{w*7Jt<GzPoT<968Mn`o+cUJ
z><oodH55AR%5r^T?E4I&J&v1LrA}HQq8AeTOU|<80`&s7<pbv(640_I-b=c_{@Ny@
z;_JRq<T{eiwrWrb*xNrCC!^^y$jVS04t29vf|;S+y-h?|hV06y{34TrZA8TiPHq;%
z__CrW%1%#0FPp)|LwZilTws#iKPND)R95U#6CTgLEJm|@S!c4_6rA$gEOeuWbLTU)
z>~AMAlOsNRYm^{RYn4l~GCj+&n+d*R6Y{N9Gnk8*=rLH!fv<-(hC~m1*bNir;s6DP
zK=bG2vT8GXK=I(fu<{?HwO_`>$+j`cj>s_d^%shBmD8R=utaNV{ez1d0HuO09-TKu
zvGbh;_3Opql@#zb|DN``#WZ7x?PZ?=phrJ+YSY*YP)w@nHq9s~sjnrPJ&6}{E$%w}
zcoPM+E4O(&5gjJhc3PF23lp~Yh%@W#Ky!@17M+o?t@0gJzOyo~h>u)2EA0WUww7>a
zSJI6O(z9=Hg4S^3#YegHk}jrPNoLdmeFVw~cOk^|WpVvg8>Z+tc#3$L+2iHN`M3ZJ
zm$TU1JN&=+Zc@BbHftg<ULU<}m1a{?DbR}H(N--ERzo#>eN6<$Fo{yuBK22~t!9Ka
z5(sicbPPH!N0C>wt{531m6K?f&ru>Tin9Y)aZX0l&^&s9!{Z7gEL*Yda2kPUE7F*?
zoAe7{m|=MS7rlm(82-+3RffNEb<mnKJVmAuo3uZ<%27eAhjbQX3P+Y%F7<&bV+T6l
zEcx5BC6X<xB8~xSG#2v$^pg15Dh2bYHwKN)lLtJKu8vt-Z-P3qAm=-2UfRYv7nQ(o
zOKx>@ynCF{gQMU3`v>3%89O>SI}z_%jR`HpkW!RjvYXhoxCZY&Kt3ji+q-QVr4~p!
zkvs;Df|L}TAm?JE;OU-Ci*erqHJLbR`6tH-{XeaXX2KWQEXQg{e*uEvAGuJ{N_Z1<
zRfIfotyb`~L6Y`?O8@*}1mXJ&@CAzf?u7{7mkDPz%CmbQdh`wfdlc4pMpsjK^XePR
zT%!X5nZNjwtrWY!)g87fUN@aAat!Ov4JGljC<X2s&D?mvmau{z58<U-TUt*E%QGQc
z@&t?o@fCyTbMf^zUAWi^u+`{HA+ysO4K%*%2Tm(9G1}yg@+vnI+D1Nm$x(=&1oIoq
z!;ar}uhl7E6azkxqFo}7MwY%V)|WB#_t0oZRnf#M3sIhMbp^3PnGgLA#8thbi-g((
zr>(=I!}@!j(M~ALl*}8V8miGNIjj~WjdIkWad%=a7hj*h*epM#H%0iwVmR)GHIqjl
zAAT|&BTt@`;GuPrli(f3oc0|y_|Rt|wXq{EJpM`yt{UmxE8>vOO265W7a9VIck3P1
zzbic<*GdUGVx)hFUxsl<xv#RU_>lmokn0WmEb>YJ@F8|<e0Ay-5};5D?Wx#iT|&ft
zDRg(e+{Hx__F*mMh27smeG8ByN=1=j(qR`W>x?~>)seC{>&-hmV=OJ+J${3ug-Sft
z<R2>JDshxhaMf1yFv44d&db!h3#U*)mNj8QbhCbfz9<!>`~E-g*#CXy-zNzE$9Mj<
zBe3h=iYWYV)W%-^;~f7Vk6O`j;L7t=l>Ag!lMpb`)zO6sAYSe@z1+=<zQ6}2L&O~b
z8cX(iGsAu&3NU7yd_HQ+oF?6;_ia`2eQNSlKV6ZVr+#5s25?Aj%qcE#W&}dNdC~pp
zye2V_u!?m(5w$;lQ#Zoe1aOS(#hj9r`3a-x=kf?(>mLRn_g0U5)x7_Hb}%3)3q0Mi
zujuVmcF&^!@W%FhuC<O=yTjcn1PsjtFTg}23=H!()%5Qi{apO1=!%17vupirJWu`l
zY;-7!6wDpyhPmLYGEK|wsK8@TNWZ0T7I?Lj?@DEV@$r&jKDqr9RW@E<?>b%osUxnB
zK2dYCvX6TEMQ>|TkBJe}c7Z=b=u<JCr1V2WW+BbqJHJ*WoIDu7w@W#H?&sFI_^?dH
zkjegx`RVU+OBvt>o5VncAL2P{65|!aBWh6*{lVnn)@n&ipi2`k?Am?Z^e<soCN1U8
z-b$S?@n|?Xm=|<yZQTYOe|#Ij8ho*!Benbyr>DDBX5)hPoTaS;5^5owZC{v)&!K#-
zJNj^zEDw08a%Y_G{(R&7yBM#7nyM=>Y!0mvqbs1c=w*T5=n~Jz!>LjR(;6fqovvV3
z4GHr4lz;XH?xLVtHG)F67h(2}BuR2pgh=!^oxQo;t=lL2_sIXpc;o$5xQGpT^QEh`
z2&if5*nBgIc%$UoU6~JE-~w__uScEE1lRz*<SA#yWW+ocQ0zM$n}fghcFuXWn1Eyu
zZIo<=9O`1HA>|2TWOV7mW-1Dw$p#!d%UXG>tI&4m#Xb$t8cw^JF=~CR-#*dnb;J**
zuBi*xGwUq-(%0v$Eg8K(*k-+XHr*fkT+i1A0Nyy7$)Mj9I&v04if#HZ8OWa+caneF
zcEurLZZ@Fb^gD#o^HI$8qZjwVD!^D@mrA<KLE?b7i6s1%(WrM7QHz79EdGXT%x-2c
z5ARjhR|ej!5SN7xA6!8$tnuXAxPeSFW=cwC-d`h-f7cEFVs-a#kuvDtYt6ClAJTty
zeYhGYSd=<eXlvtxH`M5ery*)*<jCKgkSEFIaF_`fZ^Gz2U>fl5(~WDY<{7S7_pVxK
z@qmM#PxWUDP8y-*D82%WDGzGn(8z%ct^8J>s=Sp_#K-DA>*3tQXhS{D`dpu5obDS3
z0zu21B-CX?RZWI^xn18BS_ft{Mz2{czdCXX?QAb83U3rX$CyzE8ZFGcgH~DeSUZI2
z=F*tT*k&QQN|<7Abb1j>&OMVx+<0=XE=O_*V&-U=4<l64K=eoYt8!d8jCnqWuy~$6
z{>9PYSyzd{$J{q1=0n|_%*<YpZvD)PTi>(Iol3|RjSg>#dIG*ad^Ugj+xck+O(O=Y
zG~z&XD4r#9sP3WBHK}zpPgLbIQ&s_Uy|WU#@;@`OKAC)UsrOOt_WGDx`YfpjQ~Azq
zmb5&PQ&E4fb*=8XwLwny^xad^GwzFyB&qgdj+L?se02ftF@$5XUC@p&Pj!9FlxXGJ
zHt3!4%pTVk@dl%zyQ>c0ykcO=%^eWNYi7j+#SiCG6`9|vkeC^^2|PsM1f|KqEhw(n
z3*KG4`J_wtgWH*_otYU82Sq?Eb(OUk$G6heq8SI#;G-oLk+ts3yJ&ZRVsC+b!o@J1
zg*BRhooQl()%j2%V2U3hvzeqMPtZTahB&<0qdc+VJbLfai>#ckVr?_RVV0;m?EGh?
zrab7X8pNJG7XrPa!M=8Im>CLA6E980>ur`}G8lyyK{6WU5k2H?-^31Y4XYf80;bCK
z5z2O!kUi~i`{7DWahfj)i&I81HVK^3@U()QU7qEic}YCg7#GQbBJgv|rQAR$IdTIm
zd<W-rH`jvRRHMu-yH9|Ov18yC?Zy3%p|_Z;2!i$EU0Bt0Vmh1`aiwG}OMrqP(`i0M
zUXG|w`Pu@@<eH7P7yHj3$A%;ax?bPthZcNcSNq<&gD||OVguClJ2d*?&z3H<i&>Vz
z+w60OiH)`?7%iy<T&$y>L-?bM&80GeU{AUEhGw>9cEs~ve2wg-VGU&s+OUtG+h?U?
z`);$=oEyLe$#lhd2}L=*pya7UVt`!Ioj`K0=}20}E%3D>VwqXq0AvRW8o1hEAoA|r
z)hdUp&lB1~N-j*5d~g92AE=Tg-IkX0l&w}7<CT|K!eHNWvhe@&Zt-h5W}oNqL$`q%
zZctASf%(yT_)pE+|3^)*Nyt|D!seVOVJk#jlW6)jJbmK}NvUf>!QHgvLs?&r--)>;
z|Ld%e_A9oN5GEiL9w>l6HKWzu1v8HJc5Dg*VxW28L%n!M(><69!mZ_l?ek0r3~_Iu
zqcg%+re5I5M%2EZCmbdCumiR?1IAYDOvk3jWZC%?)hw1c7R<;s7yy-z*~6kN@4(QJ
zF#tvzLa+`eK0^tE`S)H%FM{treX`YEUG{was*wUooc1Zs)EZXkClS9KJEUN(I66P8
zxV<gcMs%_}f(d$iZVUVhjymp2^Ju;rAdpl>mheJEYGc}#+VmwP53-P%X_vis`~^|}
zPZ(WIoYO>=FYdP*h=s5Mv>@GJxq?}~Y?=lF!a{mYEmN&&`u-oX2N<=S6Bt=rqNd8*
zp#n~}?L~_i{q`BZxbsPXC`nl>0NEO94pWl5UfElEy?=M;o(Qwzo>ibnVBhYd!-dw#
z8Ow<99VZv=QUL>Zs5h6(%g5UZFY}oVf_KyfO*AY~-0#YEqt#S*s7OX@ND!A=37zX5
zg_1AI>LZ*?3eSx3T_ql)XTVrSIelL38p>3})z=X+L6$ER0;>x1j3{s?)(lQ)F*u?$
z<cD+bVg!^qPB~5$eb#v`{D(>MghHmQR@xw4xLP%`ONnDEB$ayq9p52AgP%`{o3-Ly
z${X2T#ZVv53)VcHsWve9Bv_fCtSQIYBqh@~c`f^{xy0IO?K3Jm0>YKO&My(f$g%BW
z3v$84!O*&Lr?^y#DH#MHy5#sBS7|vn*#GlFjrWLCA^(O+O~(=VBSS_@;+Obhay)%L
z!@P^P4Fy}^?vCGsdXus*HpzsE%|p7Pg{;bK8S<lfFlNgsi<`3Xg@hCjbZjwabD<#5
z^B*3T|KGE3c?Sr8x<$(L<+!h53s$zsNi(jGq8DM%%U78P!GUae%;H&F;iA(El9UT$
z-!A{+6SLSO{e5TZ!jE5kzxenc@KVs2>kVNq#s$h|lK!RE7;i6@OQQzUz=lB2X|w#+
zN*?4b3hmzCMD6`xp*HY~PYJCjk92dz8PN78nD7ihOe#;3kL~QUkGKJ2R|FU=L^iq(
zH9uSV5|19ksniob02DR0&6sbTX2_^O6~Dr-<CbqlA<_D?jUh$_A52}p*F$Cs-$hf!
z!>?Cm*PKoP0M-yh><m-R)E-ke$Va{X2KQv!0V`#bo3ak8ziLabu3o~Whc|XrnQU%E
zTSGz|8sB6^<oi;oj3=~BZB0aU#p%k#MO5DD1sM)XZ70_DPhJGEDB`5Pc-hB=BY;jb
z1?p~>4xg0okE&OIY~;aj25K5ERnXvPbj74xvMU}gtH<E&_D0S1wJM!E?PAUs+kECL
zcbpF{qoRY~oRFDI(mzV<{s~LPm@IgiiB?-fD>+a5^<%5v<trUQ)XEbB?@3EGaa^5{
z!PPOTwwu7iReW-B@Bb(o6E1&l-{76xJ5;r)1r1lCR7Y;~K}_y*<aQ4An!1Hp(bP|q
zgG|H+D_87gVw-DS?KN2Y<h2?O2{_14wYWPqlvF_}zxYOt|5xJAKaALa{`P-s>>aT$
zKC`8eVw{@aGb_h~XO{nL+-Z3NQ-6zW`#O|-vPI|R>e^R<YTLxn5-#&}BZ1lypAm^=
z1&{iGHW%Ze!5f09%avt;V?)MeNXW3Hftc8Ulp>j74G-wk=^b_|EwIO%<ZhlmwW0Qb
z(a81DyczOyc64k=SWbcXl;|D@JQP0WqpHz<ps+G&^c~Yth-NVppc4v2J(4v#Va2B0
zZfH541u|@+MhkN6YC&(J!2ODe62Xs&2o{09;=|Qh0CwjZgdGMVQX?axKI>|pfMP!x
zUJaVMroq^VfY<U%SiP~nS+irg#rBaO#czP}!fH+3f~&+|Yx2J{Z|WO7wtg`<rb@x5
z0+WH#L7r;8lC{vib~NIs@5PgW!ixbRholDtpA%)!p>^=%SJ~d46p+(JHJH%4zV$D@
zsPzjALaftbU+2m)GA0*I<loaB-Ygeft<`<Jkf4toLB~s+lS1cb#vR0ArrqFC3YDGi
zk3YmJe8f9_#GDa_7qnEk_C5B6p&$DclKwE(+Fan-bf>?84@GXQy|gPXaxL?$_kk4Y
z#ep;fXQI<l1-$~hDjOp`$Wi=Or|VA28dVzvS@Lp;=+&96mC{@ZFKHEcEf9kvMS3`$
zJ?maM6wt;EVr9T%u9&tdWyq%{5q8dXRh7@zX^YbJGO0?aoAYqc9a9s=;HL{mZ&n}0
zu;|X*s#UlH5xw$+-Z!llKC=-yPJOa;xQ@ddDX7253Xnna$jg;uRk2GC^V~ZNG1*4M
ziIQN|Z>KqL%>sm;teb`c^d1uKNzs$S5k0Wea&H=r9Cz5*k<<-`w4)X`f-(zzjT8NE
z2_66T)KAbur_Eebiu=|-3P0%wKg8)z`aGq#{rqYCvAQ*@3votCHf$wwk#$QkeO7J5
ztrI+OG&2f@)WJWLOUcY~YnuB$ZQJy9as1g7Ze3ZRm?t*oV$iA1lZZxLb~$K2tP^%B
zHhnlud}^G)t>p5LTw<Swt=hOhSq)UVC@5X4YOqeZWqa7zn|y2KN<Mi6Dd7nK)a7<l
zaCe}DEXy}raTE6@Fzxx{?{mjQ6-9|nRGUOkF3yv7bfNK9p=Jv*orZ8{-jTxr&0{I_
z8TAP<ou!CWs&LfJ-cn!*>b<i?jg4Cm&ZqC`iEgXnxDPmZY#ru1PPFjIqG7CLM{{g6
z|JB@U`!8ur_Yaof+G<7AGORqUD&coRg+)2>vP2tex5e1j?gr*?iAAe6JRVf~_Qhzu
zeZ34cbOj5x^vN?!9C-^0PchW^LJrE<RLNCaNRKZ(`Uq}=cQcL}ma(_Jv@JltS*sP#
z@^8nufz7-U&C_Z2K7C477UQndrdC3rl2Di$l9V|OG`Xheq6oMX0~9~2q&2e13OHW`
zoqld{oynn_C+5m|$neU@D%L7B&8-Sd@n+D3TlQ<EZOO(W6c%^CDi?1$e?kU&3tOr6
zJdyKc6YUPp&r{>12my#EBp}0Ce<oaH*k&Zi@G^ieARkY|FPgnGovut$8*uj-x!Q0u
zdD@7U1B?yyl)%<{+TG(XDE#BOZus){dU|~IbZPcZR}0pBe3;AQcvBPtEy45y+^V=I
z?)@cg@>6Ly=oT$doTV*hu-(&@uG>>NoQ`_ONXW-=D(j+7yhE#<;!IAZHP@?YzCboG
z%83|Ooja!1(?-%uPfB6bpChA3FCMol1&9wwXrzFkL1a@6+!s)5C45Yc)l3w_(y^_e
zTl&fw?)0-t?#e2Z^@S9NJaiYMEkQ}eIFyLn@&%t0=hMJ0yH~}yVw7%%O<F(jvsE_3
zkg!zqg{h5FgRtkYNE(UFGju#J9CtOvvn8TOiIZcO7T1}0MvCxYz2{d2VC3eJT4k-Z
zxs<B))_~?DCb>6qOQSzZW*842tLfs8KEoF^cH)A=rk<_ZXtl3<BEdh^Q7Z$$EVc;B
z({VLLXiay<cQnXzy%r>p$>BUug0S}SezEp9wkafsGW*h&G(?m+=32H6T1Yai)xS-+
zp3z!eD~pE2SW3VMWfbivyTTIqmrTag^5iE&XX}>5aWM$X^Bn0E0<LR-Dx0r{;{jjg
z;$y2)Ew-fU1dURnm(I?w42zvhPXEC#s)YFpG0SJB7J<+Arh;xcXWEJ6QvuATDk>NX
z*ViTW{<$~0Fl?1I>PkgFW9&1?uy&<d+|;b8dJM&M#7MusL#BQXFP$bR4Hxu|7pcKk
zhwYYBjw32d1>)=$XLO$`|A9p17NmMA>2uH|U10GTQtIuZkHA`Rg$&YTE@|Q=e+Fd|
zuY^T!bXw|xAn()EWWii1Pj>F1fOhY?84-6`L=1v|jr>R!beeEdR$bzuc`q5p;No$B
z%+#!nwUgQZ@YwvHQV6EZi%>c5A`momWYcg2Y?PFKN9m@SX-3C<_jT46(qf>{yhEq&
z%YR+*bpM}E<Nf{N{1!mwl}iavXk!vCi7R}zRo(X=5wZVjzn9gqW9D*X>n_hoYew@T
z+SLY>?IV3Z(zfH??4landQ$!EmF;)(4OSG^c}>mqppO*1@2;f_9AfHr&Z#C3mNiH;
zI$~AAtH6%@$Enr-+R6X*wSV0c5B@R@d{njZRYP3bN2-%{#^>87E(XPp=4vd1jE(Z7
zN?3Yhv9&^?#5wkvb=SO|Ru9_15u36Tk$03yNgvbn^3<{p)3C1NX@F#wPwunzVrfo5
z#0f(>N($Ts<|o*ZvXE4~`4Yfb>CcYNOWjYSU{w<(Xyz<VL2~VyzEy@YG)zeLs)$#U
zOBOYUWfY*ME_0>_{Ctm3Lm`bh6diVNyoaa}{ry|GoQ85*x5PSSvcq%B3ec7~61pDw
zb%0Wt-AXR+j;$u%5~Q$fx9sYbwzaksOv<>RzQSQo%lK%-I!LqU`BdcN)i96)?aBBs
zV$OtX^7x6LiNGx7=B(ouu2kEOg~U`Tp@nu0Ou<4LA}RS2lFDh<@34DQW7@$-2yx_z
z`m|!J+B9uJkM07BGeLCQ(%eu)umqZ~^HAG@O9zVfC@I78jMce&ArD^C*?%U;sMt+_
zpA8MWm7gN@oznc|Db3@ofX%cf^Lz9Cc`ACqY9U54e1K-q@g|w}$C*X;Ip=}afgeU&
zk4M-SnHmfT_~6wF1QBza5!(pGSIFXQ-0f(T>p2ALN<YC0ze`p#fKCjf@+)Q{Oo5eS
zL6fXmCX2FDu}g{yQA$R!U3>3cgt(LmeC`lQYdI!45bGHocDEXefcD9RXu0UO^s`TG
z46nm(bmZAF;*`{83y1eu)J|zPH>BCU2?)gEo4JL9Xxn4y4+Jvn@-L3~6v}+O^M5e+
z-T_TzeZMa{>Ii}(RRKW>3DtmvDhLXMl7t$Hl2Ar^0s$!j0l`M^gaFb75=cT72pucE
z2qXa{6i1qLM~Vuzn>p`2=bd?;dEe(f=iGbl-Tx$eWw*7Hto>VS{l1^C0L)aaY8Xl^
zagjB`XMB0DCoKNt1IH<IvSG_s+XFn8H3deH%k2z(hA+Qxzwle0SuR>$<0I(jp-*}H
zm{#@_<dMBZZ{*^dKy`f69;#Ww-Mr&NP4O|eq2>$ergNqECKv-q+JiHjkr36nw}WYV
z(t@S65dz|f>Pk#Spb#o!<@R94-kIYv$luoPJ(MS+>^5`ik9@=g_sT;O4XA<qHW)uK
z*7~L{x4Dc761Hr`?gv60_mgL5Ukaam@{Ou7(XTn2rpIg^$3E7+r<=Nx3Ae6`JTXWd
zWK*(4$%0gNXK0uS<&8fg^=-4~sGWI*O>u=K_3^Qw+CG%CKN)3}n$Y-&QNzjpCuirI
zHrlsUU=FR^6MFPK?Fi|LbSvA?NpXE{J>N7baQrJ-GB5X=r%J}=YO)hk2|ueIS~_rl
zNX@#yM)#!zt{QuZFGIs3xDrILqYZ0IX#?AOyt$4wd$C`k>J>NDXQ=mVDs^n*r;oqJ
ziTCMuWXV?A+$szT!0*O-qSn0X|3yQ<ZP&Y7(OXpeUU>-j+)l!OgkK3>EA$zD59c!8
zu0K%S9Ihf$Vv=@fmB)jptaFTmCX*_aMsvI+HQW0~ljBF6-anf&+I>9mWSAat=8r_r
zKdoNoTXaF3t=yQt_V}*dRd~n0uRi$GR{u*o9Xp{j6^z&cyTT;`Ag74Bs4NlNYs8_4
zf#}2-wJ%B)d1v8C8GE7}0v(A8yIf69_a79i39*PYS81}}mL65UK4^H#2c6u{3-ccN
zb}}RyRq+i$Q`Im_v$r08^j3^`VlL(O?4_E64);-UVm!YhueC$!RG+?7ckxZ;LQ5Ij
zsJs%QT<6~mZt!=u6`i0@L1V6$v8HUp(mm^P9!55-!$(UYkng{Vs{C2|a?x^pOHx!U
z>2L{8MS!bTRV8X*Nx|G;%;Sg`sdL#6em5F_g;wMN{^}3UT;(tP6ZQVTl<CwwJT5(P
zG~ufqg7Z+BM=!5stRL?Bu0Z}f8Cw>*7=Al$?fdZ8o(0a<<=^DD&RyH}AHrV!lQ}!*
zgW>PyBXLERvf_Pw8xHsiJfJ+r`;I*oNw|ZN<FIr7KX?Ff9a5o5>wUI%Uq#9}&DT^P
zDMX~4#siA1WX@Lq5>npq@S(h=k}2w7m-S%Q=dEeeOk@7!-q`i>W>n72(p)Pold~0l
zk&_e4)h34d$n`;#bvxFsWF=fAH{b2tAg5nd-Lv$AE5Od8Zr&;5q|Z(6`zSQRTWwb*
z|7H{Uh|y9mex1Vbtt|b)<&{wRNqj~#%pUxCVi>SM>d}t4pimUJZ0X?}91ng)%H%%=
zcUT|lNlW-VLh-oWiR${G0$AC`jIJTwWXR6Age{sh2b>is#)hZIae9b&a>sp3bx}Om
z<LBKB`CVAkkYhq%GdvtJZ<rjduk@Sm1l-d2$+CJC1NErQ#zE{CBZ2Xylg^iWh`xT~
zur_G#+-IbLyLM)pn5wB7iGUVOW|{+slI#>Q)g}{V0GN#WJyjEdOJxGrYItfCO3-)@
zgBo@JaefrE9B5lMm?07CnAAv&mNMs;_gqeT?Fl6~2>6Knlp8J~vlJoSU`Bc6dP5<0
zT#L|enrP)FH`<^s3i7(J1Weuqz|J4EKE$2Y6*GV7$D&xR?}>@;9j`I*BU@+;*c!>p
zK-Z1uMed{UtY(lA6@M~VZasl7z6KtSoZ`$;ernoH&E@B>Mw=!D>=i|G_+EfBUyx*U
z)wCLoK8S1ew<|Zq>~p4yG(lD_NYjbuZDV<7)kO0`fxEiuQZ-A!CGumag={!+npP;K
z?qMqqBDj7!Qs!X_MhtAdh|N@9miOAj{#1PX^~hX*h16+s$o;(F@@2AGm%%mox)135
z<gCi<n%bVMUt3YzHZuh<(pv5z=JW>eAulN^1sX1B8{%x^ov-@|>5~PLA3L!!jgj|l
zgh+=mM;lGoC-4iT7F?mPTYKARN`UhgD%tV$VQX6>4IQsxIzWYbQt(yFy8nj1Ehzy+
z8$?c^v$Vbqgp|x>wFzu~1jE$e=B|TP7LPh2g<5awv<gu-iG;DqTv_hscm}jd=z)G7
z^HC)Cp-EcKsn%E#AIh(7r+?X+VR*CHID3!hVsBG;RGt$m#55016FlRz?ImCL?1?4t
zsG>~cUxmeMH4dehs+td6e`OSszPWE#_v_pS%hgzZ9B7f=1yuUUTiS!1kE`?NFG^w!
zYX@E2x_YvXdFydUtr)m2&sZk~*Z%}8exGi^;d*50Qv_H2<eS|tNpNE<W%J>n%y{WJ
zkFS}k58vwPDZ|Ot0gn3u*~1~=rygTlm%xV2&W{F-EJ*7(ql)?&s?sO)3DgLTioo#;
zSPp<h?#(@uQ0PDFyEKh`HJCDUrampX=CYd^*=#E>#iMN(MxZI>-7tcSZ3O{trgy&D
z(o4c7kCrOk7Jrb6ovGocUJ7CNwR|rOZ4PU8xAho^-N;kRrKXq9;2UJqo33k3dlE)S
z5bvf<ReO@e!Xc(<!L_BqwcNYg$0Qyxx4IU!Bkk1#$IVuLzpfCip&r@wD&Pe2)HL;G
z0x)xqp#OtQ(Yjr|``gP~OkdVp-*Z+SKFzwNNemASb6lb;CSB;AfvIM8OlGb8VoP+1
zJU}<rlazjP;O>g2=YnRuZ)gw;tM)|(DL=XqF1+0C-+{rOUZp*>EH~3G_(*Pg=*}nu
zJ6);|=clwuucSqdInMiQXm)jK#zjP}^(r^x%^x_CuDuehbd@;zdfUnN^t3$C&-V0a
zlW(pVa>2b>qhgVyll>Dl<Q;!2!CbF*Xgt9_ZzJjZXTKp=mTSS9LNH7B(u!~2rJjBA
zyU`|?zv?KEP?R3uH?69pp=TVaIDp)~kjPWrVC1AS#z#ObmeMXz*O1NU2JV`2D9sk4
zdzeQ&H~%JVINA12A@ZAa;$?NaUNuBiEr&4ksi4=@eqGt-44Nk-@kNTVstCN9P^`~M
z`Qc4)w)Tcb)ZV^rv!CDXyuGFyefk`uSTg)+$5WN&Kc4wd^yI$|&)0_GC10HU{JCOB
zGqH1t6><EJQQ-flKg!O`4BX{S!d>5&6?NEsIH?nqs>YUBP$+Mj6fM2UXmT#^0SlRw
zlNumbD1M*5U!@0RH2^j`6i%cZjRBFQvPHfoC|}q$<b_O$r)f7V5~XCyzG!zf>&@Wv
z(F*h7g`FPbeu;@QH6|&C4+l%*`{LmuUn&-Re<fn(w&VMOw-ewH*rvUnJXJNYLS{*O
zn&X3q%ex`fv|Bz+38+U@+2mXMS$tCqH2ALmrq)#rBNbEe`m_=@3(>LT1aT5c;qEdc
zzm^3xiy8K-s=;Vlb5z2IK($_YO6*8pn+L&u&M=xYUoO6P$3M#P*<WxS|1Wf2^LHy+
zB3;Iws!(|-S+afexx+=4=4oRL%wW_&Vw2Cu&ACp!;WcK}Gu5<ju3dU{qF-sH3Z-^M
zPn0ZFvr{d4`-EPlxD2m~r8D;Nl9T|CA6!x7q4)vX-~8hKcZ>d-cly`-CN8dVh{Pa(
zkziCM6QnY))Ozd)BkYJb8d)f}3ZC_b1WXJiKdA@k8ULzL$8|`q?DzIqxl8IZ-DYLi
z#zLNK7lj1n;G9^OS}hb^A3Bz~vq6_v$z_~zg?Dt|Wt9q^&sX>-7aW^(tF<q$Mf_q^
z5sC|m)Tj9<i;7bcSvdvJK!*&!6-K6BO$~>xC}Zz(@=TKCTz%~q_&q&gdmF->%s9GW
zLvEe;w*CC;*oA@A5z~2M*~+w~x?~>KHAP!o_zY5hyUilj2I284rCXz#CM`XNfgmjn
z7df<34!>=VOC_YUnUnl5;6a7TgDgo<tPnC&eo86RoJ1(xY9oWaN<=sa`jK@NBG(~}
z{({S{1<j6eL32Xk1fPqp3PrQV8IFZ8VoRd^o=L!Kf3*s+8PDn@RgPT_n0Le}B=lH;
z*0}4;MeKwS^+OHi6o&5UF(a&*pWX%WE?vp$gWzzP;LQMW$HiL30sE%9LrO|w7Y_pS
z_sK%x^UB;7QoZj0t2A=6hCsq`Ti47{am-w&_{v9qsxgc;bmM{_?`M3k=2@TeiFz*?
z-%IP2CT3q^$yPV0>yyDRJk8?7w;s&g5yQ;6Sf@8}9XE75^*ehw@=I2}c0KD|9;MgB
zC}cv+Q&qL!16(c&EyWSF{Hl$KARru~wt|7>Ktg|heRR-1$G5BZ@f>!x#Il*PLa~$W
zL)`ShViUJHb2p}6j&#xt&LZ2S;kJ{;B+|eHmv&Oz9k1~$KX}cxz=f1a1w5)#;W2-r
zu4l7EJVd?^uTrF0l(!f+JHA)kb77PK=avVnYnR@-`u5u;otL60JHIba#B}1?zpPgJ
ze!j|VCa>sJlrX)zH>MiOK6kcX&hX^o*S0)XaCx+{+OaX8qc|)dT1$bo9u2iOV=9De
zAcEtUMEwFlL%WN&2Mw36{PI9g68#80F>}JW+B^kY_f;FQ`=zu}#EsuMlpLZm=m*nl
zvTaaZnV^HT_kkHWu2XrnN6xC*S6s3xb{h}vv`m2E%l!sk^3TSIK1q4F?$HXv;mA64
zIKjOPHH^w*dG%#J59O=RD;mt^ZImJ3gtob?_$ibb+i6iy(t1;+`r=UbStN2g!U_rl
zSf-~m{dQ<PG4yconkN59z){nF#yp6<wvL;QFEg<{UKt>VSbibm8C!gdP#S1p%_uf)
zfRRmFLJI!&KYrvdCI|_C>7)K-hyMgE@HZoGf7z7-E~rfK&!?GGoe=y?%jPsuUH{&J
z`kRc$Lkd5*_RD{8eYx|4>l=p?Lj7(cv<v>D?OU6bDQMoHJe#VWZVuo5qFHItz%}yp
zo8!T=GS24K9DRw@6Qv{%go*6+K9Nb|+U4D>V{8|tvhkA_p1x<bW}NwtF(dzQ#s3ql
z|0!$w;-o}Neu^!rQ{7k9g3@4(I(1()(j4n;T(OOa8W+vLMg%WWh7x4L>VrJy27itV
z6h*yPF{tj<?J2Bb6=4W>*XXz?1j4ZV&gc_zq&|J9hsDmetMEW2zk8DfEq!WAeyL~H
zed#1Q(EYTY9~gXbO0o!URSFI*%D<cE;^6$)ea3g}VdHcm9P=<S$3Dt!#ZUo1E(N=0
zD9Tdv)(5?`jj4Yidz?@<W?bYulWX+=Kw>uSsv0S6-ot6%;g%ydEtLZDBae>mID}#~
z)jXllnA{8d{IOpTE2ae6vG1FSb&6abI5el;?x|}xFi)~=GsX&x_A4nHgf|fzO=p>6
z{qi8Hc&J?KYewHNQE}VJ?`z*vUMnY~fF?{ADOZy*&f2`>m=9Z<;Y(309++IZ{Yd!P
znG?vT_O+KBjqDR73v34(Sf9&>janmFF9aSS)`0xM3Y>fmwmr>)p{nPuCF&X%KJ##!
z4(+`rI_h`HT<W3%(B0{9e-~vW&(@Ivx9r!e6Tf-9blziH1Kg6B6{aa1SaQd{y)X`|
zkR&=_*iUIcsWWH@|G{M=!9VmJY|_~PP@S~tX9enhv-a%H!l7BQ#k84mxP<FjTK(w6
z=YTbCr1-7UYPj!QtPf}dhmtyi0j~jLem(MWr8Us(#N2q9m3O1;6xBxdscwRLs3^?T
zdtt@Y0g56LcN0f<EjBG}v!gHOIOAHu?WrHiRXnVhm{sAv*lyTDOG;}RH0-2Y+ws{~
z?iEo|iv;@xZ;k{**~Z0KcvKKOalI0$+=yCh%u}#t0c<R2yS<Do?S0Mi!n63g2Ow>t
zfMjHaNHw<{#KyC;Mm?(P+k3sKkOYY~UsP~diY-qmyAVHlHbB99f#2T%X$s4Xjj+W+
zlrR@Xe-kt3aUU!LjIV7BhN+=3nI%2AlcJgmfx{;U@la=Ye?5Y?#0leq2lljTN+~2*
zb_5BrhH_1!zu1ZaMN(cGF0)ea1@g&p=JjBy)CLF89YF~?DVgYg!{Lyug-4r1y^?q-
zIZZr4X;#A}<Z^EP+n!8e7qHn=h&Yc86<F1#>P^7Dc9QaEbv#<0q9a5rUkTTWo}k$k
zRg7WY4?LtI^ZcV|k+D*3U%mRlTI60EtPM0%Rwzb*kY34^WUKnEE4VVM(r;lUDC2s9
z`X{DR{f4?p2-x8AX>qunFx*<4Kp^EYrZx?lK|Eu!n_imEc8ZA-RFlWxmlWN@6&m^@
zZ8@UluZk~Ok;uoaMVbW}0zz3EFkkDu166ibO!|@WP=%UH*K77kSM2VIt=&#|{fiz3
z))SryL0YXt%lt|3Y41-W<>+8($og9me=7Vbd0MDafP>D~t{>-d(r>EBAAVBm9~2$^
zQtO)lA4`l#mDi0X6U>?jFKT{b<kn591n(j|koh>J>iaiSx=M`Qv&6#tk{PAaYr4N|
z2)23Jwz!Z=cWG0ju51ASjPh7L@kLR=!)izc((k1PKfN3DbERoOH*k-${bAx^!z-%J
z92TaLi-h$+q(RZR1%aiLfjkqIg-DTrMQ$xA#k|<+ArcIn3_iA&el4^t^!CKyMU*au
zj<+70OY$?$0Z%U2oxY@iz0hjyF1L513??uSHXS8m4G5m5_S8dGhg3YD-n#zzK>azg
z<jS?y8qsf)fV>TQP5|}Wt59uN`D_3z^#yn584T9Ck-Q1Eum7#De{$CEm|i7{r~t8Z
zZo#Ux6~OFF@?b)@n7jUgCHV<@1bKOA`E&q}i7{!%`JUq;l>vuT3)S)h`t%1H;SsW+
za(v!6+@~`Bg@9M9f~z={U51;77in-CPkl?A8llciZU+{eh)RH$^_TROD*41IkeVbx
znVVz;PzJK6M&<w!7fot)+fMO)J@!CT#`b(4Rc*7AcMQ?~E83#?1snu!^^PxpqaS>E
z!ik+SESkYD<%!UP-Zss3t@>`{I-H4V5Xpy>$P@~Y7JG*l!Pyc4#wpUFkhCBr*;09#
zRRMdll#U2726!yjt)N^fiJi9u_oaNGRVitMOwqH4bog_GqQ#Pj<z~pDz*dot#<S?a
zRnFX?-$6Grdm(crXqnoFsU*fuG(zH#)5;yONH#B#m~nwX%q^;@xG27Iywmcci|Pit
z4W}_x&hR@Cb=hmQE1`aRtl74Hl@Ic3(_8*vA7EvvjgJ~7A-n|Tmt(XPf|_U$=7`Wl
zvvMI!QK8Rx*&=U31kndnu4%CxZ$R|MYLEBr<3M1kHm>|uqJrH8R8o1CMUv!iw88Ks
zvlxcfj)(PDj`aC#1g-)mhve%;mX9`#PLoI(k9rG7OsVX~c7QtMef6$wTZ(q}_Svu#
zpN)7>;>g8nQ%w=hwB)ume_rxXa$h3{i6m)Xuj<hqYD8V=NDS6CaJ6|DE}CbW(q#|m
z1kd3pd$vd5?yX<R6_rcEI&aysFC#a;s{Z`;LBi}0uAe^{=v1^eZ>+X~LxUr}79L<~
z!T3X3E#HZscgDXh?WeSGLW_WJ@*mz+ei_^mzxfYCrhn~~{8@heH!;XRJpcb^R2Q6G
z;WQU`M8x<vuN^UO+P^e{{+ZupFJyG@o=+6^k3OZq6=ApO9p-Rf>*2xICag$s_n{b{
zA6&HU<fo*hD!TOl@fd~+nEUS7c#z@+Ku$VsqCJCR*Jfj(k7wP!y_{=^<V|l}D>pAg
z;@>S5#X9csZIRQew1+Y6skI)X%i|~;xY?@E$Aa4_W#eV5d^#NubZtiZ^*l<_c%EqV
zW*rQM3Ws+!uh|*fGpmPl%st+vHxc0&cRFy0_yC|rNkc-wYNHrUiE-P;`nL_&`!$9;
zah=fE#ar}j+oFOoDb~|5ZK`=0X$;3->DmaQQ_q2K=eJ`U9Y;`Qj$txW6-*%A%uYK~
zH%1+_9X#htcrhtQ@Ufw?J+spSGGxt7kG+9*zh+ETN`z1MHq9!KJn5m13O2mDt>N!=
zS74Gf)~9n0>m$~U+~$u%+<F?u-&`fl+WrzF!;qJ_a7=+We`^SLkbBv9OfjI1C?!5<
z-UYMhgz9QBkFqvSY&)&1o*%C~PE1^IdMPz&J0PfCLmgVl(ju+BG=8|MtH&`rmu4T%
zFr-)K-@wa)+r#tWcAgPg@PwC%u@>&V-13fbAsNA`l=S=Rm3E>)x}Kq&+D6c=_Ryyx
zjhioVc2S2~LDmdgyB4w`!W3g9>Aa&0k|mA17t0z+TUG@HURZA`_Ova2OjTm}Bq4ka
zab@mAMnM3WW}F5-?f}V>XX;a$Gd&5qwpSr|bl_a=70WEgM@*VB(w+GFBqA{`OF*AL
zLwk&pJng`r>t_*HQmm5tJ3j6Ekr1|dhQ1MK6<)9?WRr{FA&~uTdhT1yrL#QCob&1L
zYDx{0m3Z;0T)@h`ywGP=Gr}}qkYm=zEJ-wl3YXjHPmgmnB$Wa)2q_VbEJCfUql41~
zNK?>((vR0t7fYU^+f!In;rnT3dFz3NaA(9;aTa&%@Ug*l)&U68SYjzpy4yP38^ULt
zaFSi<VO30GW<5D8%w%gwD;kMZH#cL|K~-r6U>IC_(etA1S50hJr*ntLvvPA8cIvp2
zG%LOx0~`>D4pog#+016GmWZCd_S(QJRB1ZRXNomAeg3O5%>3TP-|W!^o{4m8zLzV@
z7gsL~_eX?kJtxC&9+=o>s!BsX&D9qKE~8J|*_O>+VBjjiEuCX^ufoY~NZ~W_gCTnx
ze#Wz=xj=!hF+nE)kH5uN#$3ZzwTVu!R!!|pe*4%?wjglV-<+9lnJ|T0!BtrV6#r^p
zkSKk#<<r^x&cvga+BW)9o@dxV-GwU3G|2Kzwp;ncXe!5yy(k*1lF4<J$A~9OzdQ?&
zak{nieHatYN$PD`PYmeJOCB~RgMF+iBR0t7Jyv+hw8*YFCSN@f>Q-tJorgWIotl-I
zNc5E<X05mCoG=9WQ1NS!yFXcb@w-0UU9x8PWIxuoeYj(Hc9nm)A^rK<%koU)*rpLf
zgSN2}+-Ss->sKFj>IS^`<3jbgY@vOi9l{M}V=jIY@x(HFwaiv*oR%WvQBx56ic4MY
zbCO_}hf1m230QXe;22{%_<BD~Z6|tx0svy@ejr6_JV$G(YeqjqOBHBP$jLl?nQbKX
z`9jHfq12k%HEEhnYV|wN8c8f+Ppbi$%@Ot#b$ZHO{mHR*!55EbNsreg9h<4LNF*Qx
zyciGD*P+l-fWbtjT86+R>(0P6w%dT8P963dj}kj2%ODGlGY6}mrfw?f%a@IlgJTP)
zGrnd{+U_v*>+bTpX>>MAE@Xy2zFMK_l*``&QSeT_Pu%rnku?SinStpX#ym`QG{sn}
z@rytoX~Lz28WJfYVGl1rGq2xe`nOd4a*cNexTR{nb4|}{lJe><pF@>h@|k-Y#8;P^
z_<2Z81-WOaDhKjBxQJ;@{stqlYfG}o#Trg)=vxr*Yrm#Qr5=Hqc4hWtTbC_lA?Xq<
zyLwPxfQU$sZfnfV)v699&~-zu9!hEf`(QWXS>mN{D(n{OKA3t?$E*%e!30ufJSbz+
z0ptU)_I8IuCUaADKC0&^yumV~7-cnyFA~g{uLL7sF%pbRk>X4&M-t=i4t4jUyyD_R
zk`o@|TzR#f(BjjAH*DA%fSxGA%jEj8q6M6s+9oisqq+@K6E`^&h<&|&ZnETR`NT#d
z?`LAU#pN^Gn4uPyry0R`8l$#C6y<b>0L(s1C8P2#4!OQYy%*1Zd5tgdWiw4(Lu4?;
zEXT~_T|OEPQX^HvR6*w%#+gc(KbrZ7U){b4<e&qW${m8Wvb-GeORrpunEupWv*Gc)
zex2qEtTH5h9JQk=`um}3WI&PTBU|?gx$6h)3d@IC05b|PTQqEu(r69F=*vUhp~l9y
zcO_{d^4+ZXaXH%poR2}8!;Jvih2FAWoS=h)chel)3OaArDrQF&<)d)@N}T{@nv`3X
zGOBqlz$5Jx%sy8=!|=i3nRFQbNTG-^r%~n4o^x`H<9+O@rU0|*I5++DXJXBJxn48(
zX?Z8nX69=1H@}x^{`=@KpGWMg$Hdh0u`d)1&RgB+!rpB@TdpEnk9k-bz+=FQ9V_KF
z&N*w*hK0`WG6UAvTdQ=$_Ou2%ss@B_y%nXYuvUi#R?LQyha~`(oDspw4dptot3N+5
z*BJEn$YxCANQ7u$BanmX04SB7;laoG+4v{EGV+8>I@fSu7a5@OEj4JepL{u5c~LrI
ztE#V!)u6ft);RzF&m8{0THJC#rovt2s_AcJ&(gPAXjkZDUDKP)A6!F&UbQZnA4S(r
zf}Z$MCF?F&&eN`Q;w3?6V?{sf+b!2TD%9%_QhaBGK3SQ3J4WI^H(A~>SoIH4;6DU*
z|7)xNB6CYp5l7E6_lBqZ+{$SLnQN>kuNr>B(ZNdc-0EdcG{`b)Z^f;TbLyWHt%&P%
zAUe%vv~6Tl@+#M5`)I990|p$<G1ml}_JwhAeLxCSYXZ{@S#+hcFIPu1IZm_2q&>-k
zKR)}{%U_dD{>q2>%ijN(6d!XZ;qBZDQZdMCWz&jS{FVJEw@WSZ39JsY-BIIwP50`*
zzO8??Ljis@YGXF)$V9JGEMH9Vyf#3R`31(sN?Dug>#X*)0L%mia7Fee&$GW=)*ma}
zcB{Lo-9NatzK#9hN_@zP@uR*P-{}^}81{SFQX-dD>H0c(HTRCi%8GJ>;WeeQ^8q?L
zhSJ}DYx=>Z6V2JW`{#@p+V;Vh*b<Y%=KXI+k&5l=2hF}r=Ww5zIF`bre>&m+cELa1
z%s<Z=-TfCw=Zy?``v|o=si>(QSZsQC<e=YXu~bLy`*>A9h;`>W?_F+S!3T{+-;5ZQ
ztmn6@W_(jir08Sbi)@ZwwA8opbZ{9aFTompJDG5M5IH$46eX)<q($pozu}<bculSm
zWtPWk8g++8c=n_D#F7Re>V^;&lV(Q1T({?fO+8Z@#GGi`@k7>_!A-NIPIEId+b!k#
zX@SzsB}Ek_q}?@Xz~bev4l0Jl`=L>EWy*KKr<FU+viot&A!o|^_AmX*w_A%!><%e>
z@aV>E-`(3YGx_e9lfHHQICBl0Y;F*&yqKNGaprAgT|Q>FdPl<R-R&&X^i*$oyoMsL
zT-!&jgpCgJc^1^u8+DdxThhh<kfV*(8M{^7B!>FUPG$2e6Q-`#^?JK{%3^z8F@0*t
zdwg$8=2YfrCSCizvT%TeFB;7rvLAk)BEn4Yu<`l8pdpfU+x{3WTXZiQkXFjYU0}8h
zbFa(*k9z-H4s2<dZ_wt=CiM{5&i}^lvc_hCjQajq1~W3!{%v~pzy3F}OzfYQ2E4h|
z6h0a&Yg^O_W|3ux3cO2%@<()4b*;pNe*6d}(dTSD5o&ku@{m1l7+t}vy&Ozg>D>G|
zM<X>s5okiuXe78Zi=AV=v4-xjIhVCr!;>pDNv`)}e{!r-PINYCa+|T8077rFC_9hf
zzSEhO52rT6Rr~ZX0X(d<HEVBD9)U#p_;1?hlO+>AhA9PM7QNK|+_v@7Y1{nrg{t2A
zyo8fB+g@Wg`ZUnQraW2u2K#R93ISphQH!If4@38!K0WOG^6mGvEFa33rJBa^2LBR;
zF)WqkWM<k^yb7NK{or!t#W!oCZoND1e%A6TX*qF1uy*Pr_n4e!)tb9Q(~_|&!oaBl
zX1Ml)YrwKhmOidc4&Ord1NGTry+UV>JxG=h%Pz@WmG!cplVh=oQ3R6^J<rk=6oy0{
zZ!?~b#u4~1YKlm3MTHV;Uh~-8>$$R=>W+M9rnfa~UP0YNQbRntQNY|ZQi)*C*hQ&v
znoZr+(X;@c(UzR*r{S)SL1AykuLYcCI~%nOydDsVIa-eEl?3w3kd=U$5QI&NA4oep
zwkaE{1~N9OUR2CKzvO!^!?SL$HE{Z4tW^^hzmb4JEl-~|S8uYL4Rnr%BR!M=Umng(
z)A;1SV?*yA$i{yrKF^(lzP?o~ZBx0uI!s<wv5LE%9!m@dF))i#Sl<zI5hz9%Q4E=M
z?-$iMH!p5)^gdH*AhO*sk<_%<UxR~HyMVX>;|Pb9a1aoy`%8|r#HHtZ3L4h)+vDxt
zx1s%mHeempqZxMA$<ZWBGBi#ai%L+ivB-YMH+&XHfDh}4c*2(5biY8)PnI~{0&oy5
zt4<AGXiaFh{dy%y7^x1h8Dqq&o=dGgKaGf<4>t;v(=^?a9!*wmniRUu^Lw4*l)+3t
zu|IpZ=7AH|T8eea5&(|66m!1FAGtPuv?i{+?aadU8Px9!g!iNc^yv#@m8S*c@jZaY
z41$NCyXU*B+v(<d7$9YcW4n-`pt@+Rtr#W&*=_jzXh7|9w{?HQg`2}CD*~WR(u|c%
zAo*1WNp0QYT<{ZS1c5BTOUMyGAH;{8QyRr+Yz{u(fFIRXJ7QA<eHLq`W-4>WNp#+Z
z6HG#jSZglMcQvA<TGn2)lutdC``BYaUvft{=gSAkt7>19t|^_yA^|P)8jogFVHu4U
znRyx6(QaO~0U0m1E<fOrv>gx%mv~0A<slB-fP6_KL$0sF%<I`A^fD-Ah}n+e_k*zL
zD`gHgLJn6Nn$O>y%|zoaB^GS@sbgourBhiRcByUzYoxAqWlBj=!cImF!_Y-B<5cDK
z+{_bi{UCm{El%XsJg##Fm4Trr3@euSn=Ut(1(PygH*+7imPO8vDw>-$9-85K%70xi
zCh4tbVv%{NrUxs9JLZ~U&q82<b*`W}=!j3iEV5pMk?9~NVr<m7JFalqdLf_5GuNuf
z?LG*HCfNg6UlYFwiY1xfF-HcKfw;5TzZl`qCv)<%Mte<s)f#Tt-h6+mIZFX2ef&~R
zZQfUb4DOx<#(5UoF!++PYU6Nu0_!sALchETJj<sv$tg}}Cgi(IRe(|M<ICA=8fR~t
zh_DM$@$5tiRAa6}M3A2-|K)PGJTx-1W)_LsIWIBXajW_553bYlZ59>-M3fV*?e?Yj
zFEP0%TjqfpWT_sMfzU!c1n0Gwk!P9|l9$~U>$vcg*A3-&v4vxd75UPzUpU&x$XInG
zH~`aSA;>)8hM2>(MK}2tjc-}+;UHo?++|GQ2lA~6(z6@=qXBlLF3btv6yK7$f*H8k
zeuiS1aT|V9YLe~bnQ-GRFCuu-9gyS0b~Lk{gdo!+N6h1qSQtnVBiYlB08CO+j6U8y
z2xeA4VMt=o>GLqymBwVc)beF9d^6i{s46>7fD>v_`t~!@{;jn<1falm-Y1CJ3Fsi4
zRL>xtD~AJ29YE@d_jQT@Hl4s2u^XSlsOEXZq7{A7M?_4h$DrsjT$=tC!aiTJIouxE
z@^O~Wf7eSJhLc7OwU+9j8O;T223Ocf)2|<tG~L9|CtqfOsN)AS-4k1=e4IFpYBvYx
zf!_BWI#84BlHyy75XUvHMc^;aUj3&)0bc)S<cYOH{~P|?x*1XsnhqZV@$dOM$$v5%
zJP0+>kIWO}KsJ6#yz;OzpVLhL;7WG4gH|T`OUF&KU0iN52SVPw+dWw_oA(XfgsIh4
zpEO+i*V2oBx}1Mm@SjW>|L4)8n-V&2uEATiCcnO!C(WcBLKT!XkGxR#(&G=e1&)Q)
zf@PmWVll>+>A@yCoKD%3BATY*n1yghOiWce$2{EKJMNrQFGHuK*0sN}rE%j78qG6N
z8OnD>+AAqmcPx-8X`5)SBqlP>6I;zLv0kXm-xe&nL)NA3EwdezfrmxR`f?r0?9b7!
z8J1L|dDhyg@9T0hOU}V~@*>5z1>A2JgqfY+m)DgK6jk^ydZM^y|Bw51S<-{b2aaPK
zrf_2Y(MFCHAY`<!@1U<Q>@GLhB@T6j=iZD~)Nd3w?f#Yu32g!X-+dd<6m;R3g~M4d
zb7+ofHVn?Fn01iLF0<P08k)3=-5G6(Yn(@0<+G;RF_xE<?yicb2ByCy6;$AS^JW%H
z4Q1%^@_3X;6W5{D1f>g~t6n_-QB_Dy9B54zVRT*y#c?AH<RJbakVSX58Q```<n!c3
zc<rx2(OnoqmPRGU)+x-&lM0s(u(J2Vl|OOE>I%eMq+?ne#ZneGZhZo?TlxGMW#vu+
zOLwPqkWGq5riH`9`HYFx69V*%rZQ!zWmZ$p*R0Bid@RoB_+R^bj(6a<!`8lUf9;w1
zr(dBUV&|6{YOp3TU<p5sJ%~H|dbJ;Jr(HJ&?B}Oh4`yy=6cgq{I_6>?M}$gUPmBty
zV!PXRd`R^XDVRXQoIG=c4?2&*2>g}t#Fw5etLWHys{~Vw$z$N{iTif(Tt4=5<~@^1
zeDFqyFx}DPTc;qA-54ex6p$;6X=;#W_4PHbkNTFG)xPz;gm2sVWFgbwbJEl%DGblU
z>%bFWAz34q;;n0LvQ1w<=xLuXe9>EGq3~7Q;@c@<D}h>}EfHO@fNQ_8Ls#MwLr+Mi
zXjT4>)7iahXCmo)TwU&+NEvs6nOxs+^EBwuP;17D$D`a^6*nKRFcY61V?KpmwrRP(
zi|KZGfO%7TxM)|40HB@t;1CGO7^7xAN;y_kU7opAvHQ#G4{nAx_+3pfv1l*_*C>D_
zd^w(!!F}gXXEf~AiAggqu=}i0cyL~R?EH(0Cf{eVU7oBmhm!36BUrtL(I*XGOz1t+
zVRW@MfyN6d3LMN5M6VtqF!CQ&!WPh-#2sxEBTCt5LP<5Ho5B$X$6HT*Onr3Y<OwaC
zj%u;tkj3X3q*mG!Wx443gfS4WNz2-Wi;PnbfF*qOOdMGr0DvD)q6BUD326OV7Vt|H
zd#p}40gx#+NLS#6QmoJ9#k%Wicf=L=SHM4tF(vNX&#KF0)LL_GT0;|&sTgCQHa-c_
z&bsD2^+~_2PW6N6t(fRl;_b29o}$9eTXvgfB&JijuCNR%@Bw4fL5?GNN!bim%g#qs
z1^oHmO3Ke%2v?i0ect$f><}^_+ZkhanIXbv(oK=343CeZkq@>ndw)0s^-k6p1ZT4}
z*f4omWVBIVbo-xftJGh<eCzoIT-yWO1f%gBilaZ~DAYkke>%%Af4Zq0$w1bB_^s0p
z+x_{tA1vOwja3Lo@l`~{^JOm$-69OTwfPMdW5=d-+bwXeIx-E`xj+KkL5wro#<8wY
zT|_+`XAkCt7{Gd8OaLdP^N7<q!jnAaGDR=qhZR;9w4)K(r4T)sAx`lJm!4rz)8lN7
zhI3n$S0txxWjkt<%NcIn*N9M);YR))0N~1oRQ=u2$4$VB*O}PU=FY7e?>Z`}`gU79
z_dpzD_OIE}jm3Zq?&tbEp4JiRT5qY{{*V4gqxbJ`Kn^zVB2L`t5O(R8<s>$GjKmLU
z>A4K7*779tb)x*6v9I1w9_SRCUzwhCMxD{39cV4Oe2TjEos$Vvqj)=243b>7f2vx$
zVDiMenyQ3fRnmdE97MU&=~B-1|MOF0|6Z-Xz5{-8*6&nS*!leF_~Wya{7XhH%G|)5
z^HwZ0p-H;TW~+4-@`KB+0y>t{E0^YDf!*_=EzVmk=DRK^u-c5(NTz|pV<FFPPDeFz
zNC=xs*{eYY0^#KScwMABuD<jpaUo<H%YHP)I-}893r{mA+c+TjUF!-dn4^2A*`DFK
zxodwIqIi1#s?sE*LsuErfS&Lye!LbPV@@53bh<E5K)>B8P;^Cp@)rZJUB5iA1V{wQ
zgNc8w1ZNH7@RP8Wa?bqB1;yVGFVfjeqt+5g>Q+Tw{GRcWNNQc#6(ya#rYFXj85lCu
z>X35JK4i=3`r`?oN6gJHL(QSQ4^L8UD^rL-R>g1fo<0T)n02f0OHCADwlXDGn|61i
zUglCGgk1BjBm&vqRJ4=Q=R3MK6{Qx-f@2MTIp6Qw!Hy@!opLAT2C6`Mr;crQfAZxO
zFQ5%lbghuN4a%AXQ@^)3pw~=bBLHCsJfA$21nq;H_w*4hH158d`O~B2@2sQ#sk;BY
z0OY9lb=L0NuP%4G?XLbwHG1~%i~qG~h;v|&L*~2FM-HClepPh-L+|4v7=8m4=Mw0C
zbpPC|Rd3<=Z+GkqHQujISAg;71Kf764;9sJof|9`wua2#7o_WnL1xusq?869`wX3*
z@PvUBiav<6MWP;-GRx^U6+P68S!Akj$*w?O0yGPlOlPi-J`3cW_Gjw8N|}I#Su7hw
zNzX*}Yf}#5>FX++TwLck;W_rF-Tz+aKfnI`R`i^8+9;>!&}U;~RK}VvHd8{m9758t
zypRI(oj@l)VJOu}{;|RT#BvDu7GlHmwn5xl+ng@$H%Xq}yOku37*(*ESL>qGp5HI&
znKdAgaw9qRo1zn4jQz(oJnGN3u66UOg^D)CuG?Odka2T-oDUX=p?u9Q*C;aU(?fYP
z^O`U=Xs49h)B7jiU>BOt1+z6zOPXQ$#346ez8~Ag4B^{(VRUSklw;p_21J$b?%!YX
z5&Pf5$z9>^rY5?vC8j+?S}pj>`+1)XWuDC2(O;jE0F3j;_nSr`FHt_J4J1ID#TRX{
z>L<@*1#p$v;P~qkf`dt@Y9qXP`^~l(F~@t{UAbazASfmZZfVD1yrwy4blFo`YmtCr
zu}s(lNue`lrI)?O*a+N3h5*da+rTtI9&Q>RpJV_4oIe{8^`?X!tR*ts082oS7z?F9
zIcqVQsnmfJ&=PJXC=_b+=#TN^zghT#&M&MZ<WV*oNppn67==f~_r?o<M4BLt9SdN;
zxpoY}K2E@$L<PFLyK7uLG&yZBIlvhz<!{Q8*$y}AHE8xlXG>^og_+6=W&$F4r(Ln9
zV1VrC?x3IqnAGA*Bf*X#C2{|6&iv;hPUv5;yjHt@_{(<%+R@hCioU4YjW<Jn7ypCe
ze+vBme6auf{UL={SN4)l9X#{erp0q4+xXA4CWV3;TzB88W)2x2!Q;ctnI&*o%>BWo
zf6igWSkzf6>eqUgFU1Z&xb6qz?2EtImEHM#o0C*Jkx}jSu=dsSRuLilPn`f}Wg{C8
zm?0Ym$J6zUhQ2?pa}an~=rJnO9TWkP4{*YvME&4-u>U4?{r0P>n?!(p8QT7v#e7~C
z2R$gxbO!F_iRo8EU6`e2?j|Q2VE0@|7A1C~t0lH>Is%CB)y@h53=039pnCokug`<c
zvkf;)1{@f9v;8-nFAkJ9gG_JcmKy}O8B2G=<PwNdbl{${91E+edIrCgbFon;;xKzk
zY>YD<9!$2#2%6nVy{y)a9@z3;F+`|qzc(gjc-O<ExUVdEqjh!SlCx*aClo8aG>adf
z@o8z#Qx|T+T3#LPD^;-H0g^IH`C!I0m}sE%Xb|?R?u^jjlgO6|?<pcx3d2f#3cm6}
zYL+Yf{0*2mX?Y)j0by!$4C*oARSW*<gl_=o)}l73(%><UCO%1jVKYl?UTkYKJ6`w3
zMll<!ADpT&-$!60EU*yuK-ON8i?j<19*Y>zR67CJeTE;v6JiFdWIzDXE(|<u2fu(w
z^d8=EF}`n8?nxws$qi)c9G)TO7rp6FnJ{(Iu7)?;`I={;@8gYz6a58e6_RKCO<=PF
zlaxKcXndn?lrj&!O;x0WrUXxsd3=>>M++p|%Xxqk7_t|V-`Ge%g2T800Q&{jpp#(D
z-HW^5<!d!n_P#k{`KklPafw+PImS7LTWJs0wq?NFGNU=dPlF;_SE_jrT7xcons(Nr
zaNGH5vPf@p%ifRX*ac5v^-l%KIkNJn=6mtuIAnot4S{$c=3O@ZvFMBbTUzxYm{F)S
zttR#R>nASw0SAq*6=)yqbqDfrg8qf{QuciyK@GUGMC@#dP@HQHVXd7G>HFlK$ggu|
z^~=F=+jrV_#-QMsTC-)Ex;HvZWE?}`Gd{XU^oA&0Zx>>V;FOBfsuO(^lg7Qs;un{+
zU(9Ls!EJqRHf4y45seFlu*ejc)JStsjaC2eE5u|MA2g*_X)eyC7FP9S|7vug>2Q1>
z0_rE<%dOxbx(!#`_jC(zK0~CPw5X8T1hOE|Tt(aOZ{Hn_lLqME1hg%aS4OkEtNU2v
zEYxxJ5sT{Up}MmM-FEG-;v5T2E6|$^o>9lr$^tEFnwZ(8u9`$uv@jjvurCHii4sg7
z)U}99%{bUd7<X>L)wIz&9)p;N9~^Ds5oR6b@xvzDX+hX!6hDW|0TR$Ed9rH1<S%QF
zi@;YZ=wfjv?|Z5Al-s)?mRWd#tPf_5XbGECxsgmPyU20#%&VR|=jLfgV?=Cl2r?2K
zPvtgV6e=u2M;9WHt9)=Ka&l8l*D_AP`E0{uGSAkQLRN-V(zS|l$GbV`5FeShR6i5-
z6^uj2+q_W8SdU?p_l*jxTa8(!g#o=!u_8v{V8D#sv!OvqP+Aj0p08KVA~-g@twPe5
zPz!9$CXZwfYAP)!2k}i0s!WCKXyh`ADOxneEt(y8cXP$nRMRYdZ3fAhlCKB8pL9AN
zKayqlcDXgwLDPumbAO<Wy^=xFXn)KhmERbzbo#?eU1b(P*v9NVd1G=0Keq6Alw*OO
z<310&71JuMI7GGeVSWBxT0ux@se+l1GbW`7wa9?Z4^NC@QCTevv?=4Nx}tJo8|%x9
zILkH}xBcMCM4|o85x?<kO1M*HMz)3ZtSEz_(HP(`#{h(X2ci@;qx&$!w^@L%AIHEA
z@WFfTNcV?8ictygJSlS=9JX<1UjRJ=zgB%BI~t8>QTW~>m&5DB1OuQ4-TVha$O`LB
z0bb)d7-(`*LJ9k2z=8xv_7ULLz$EK|&Re+V_u5Md;DeVLRFPmn1qV8CNnY5SVspYH
zN4O;cOzvAjX426~Ihhkb8RU1X&&43Y36b-t9I!<Ze#*j;S>P(6Ay{*#)EEhaE-+YA
zWFLSU2pH*N9Wgimg0lI*ef$eyrj%9Fzb6(n9-cX(6vt=9BIOqX)Q|~G;I6wTVINi5
z&-#RDKJE<J2KjyM-4_Er2{qHoP#7921%wkQt4Q&1?d*D>TsjBBn4+DVyWW>HK#%o*
z&B-h@s^7jRp`It^o%x&N@50wykqO<(?dHeUjxTZ`i^lF42rxSu3jHal`<n1%@KlD+
zX(C+J?q`XxBYR@5?#~|%*t^ffiomT2A_S0tZA8-g=sq_qc|Wk0XQDnuBh4%vJt@fY
z@w~KKc(y0?k+mqg$iBQxcTKn4XmNWK84z-r>{@v^BW;Bt5w0$uC0*_yV7p$4D!>n)
zAcShsDFny(<oMQ8sYoqM>t;k0gM6+2F>5oKgVx#Q;H?g$0<G&SB=oi4YGaZ82wgR>
z_8vUBk0FWQSjZ#2?3=X9@<mB(EDR7^Qgv-YV5SrqfIy%X!zuzv%2hVX-Bjghm_6Yt
zgq(sv^Hl(?O2=pPBwww0lJ;YT-_o~{8*vY1UkOFUH?E$V%3h-Eg5=`++D2@;TEwMi
zK9?SqJm^Ct;bsGMeyg^cChe+bSIo%f2qVpht=J=&+CI<@5)Tl^y?jYtk{{ek@m{j`
z78(D(PIw3Xe2N6S@lI4`24S&F1>oEXtfn>CHWG71?pU0Mhj`h!`ASzCRo}!TUq)$~
zICv%A_M_?(TXM^^xiQ8_YKeLRmKUFJ1h%fKTQ+SwuzyX->Sodevk}X?UjJB$EdL}M
zrm-fU6ktLnG0KwXt>8%Ep<!=}HlLc6+p3%gUn0jn9)ebTXs0cq7wx&pFW~vi6&QF!
zKK7sha6=JnUweM{8suFGhX?ZZBh???Yk4UQ8ksMd0Ev-`W~6ZE4K5Ni#q}Nz$Eg``
z!?&A*Ml)-o1ruvUcbw!;$It;?A+HmVP?;45Hc2P8wAaF1!SF&wzi;b%xQKBX+}xxB
z93sA>vxLd++>BiC37=8aV1(OU3S2{;Gh-(uXZIE-)wQXWoX{0)5BV0yx*h9t?&kYj
z4t*ulncJ-cjhj>_<}o1!xYQ7l;85K}hQWs>*k-$GWO>fKoMMhtQs#^CNrmy8WZ`Ty
zwkxC_Z@=1KDnQm^lZ9f8@jDR%#+z(WU{*`tNQUo4ifbhbpBszIxBtnv!MbA9t)Yw*
z!Q*0J++clLSKG$ActSfzVEi$^eu|e@1kdjc5Ocpr(b-pt1Lcq<n57>EH;5aivKnFM
z;|YXiufdyJC+&Od0y&C2w}a$QC92nNfIlHXv|N;Z&Z$mya2LYBY!Jz!gAq=~iPwFA
zv)kTd4JWPcIhR^3t6G`s6+-1qtkV0}m;}dF;l8XTac>}Lq&9<#dHrc%q`2%-CBrOF
z9sa-znqU~mzn1aBqyHFmO{C&nzy%G`?h^9?hj2>d-<IC9YRP#*1KrVAh}Er8nxLO;
znWBw45*Lp-86>AFmN$%dZ^DUieNtM6x3Q;DQO(VM7fNaU!(0)mQvA-Fj_W(#g*r!8
zNel`@ka^l->a<Do;^xXhnv3kfHNMkE$dgc4dKN##{wn#!-9_RUa^z+~kbMHCvAr=@
zjlyhL3Sv!^v4*r}^k(-@W-lcrY*m!nf=nAF+Gwgy0iQgia*FkhaXtYimH7q1ITNV!
z3EKQYZ#kCZHAZE~@>1Pa7<Q%AM{U5|ugbqXN0JwmcWUE-{+eGKDHoVvYAL;p3SzIH
zF_AKD`?A>#8A1X3Cx(2&DNPjan?qCTisebIn`c-P;lNLXsBy`>oAO_E--yH<j`4ln
z3gN-rlsjrjv8hzE$vuoHgv{BpOjZfR%h&*@dzrOZNJj3;;f%x@#hTRyz=X0K(UW#k
zdz*Vrt*ifm3bCrcmG=U%3<w6ofs{|DCplE~TjK$Kx}5gwSlX}F#Q~pLoV?sz4x4w<
zp02g_F$cI6z{yq&1V8|5;#PkX)c<`^o=Y~UA67Lu@Gypw&@L>&$MW7T);RB2ty$jl
z#sTESOC+W6!GXD?WWv0oFM-H-b}Tm;5+f~(1j1aiY)b4g{-Gexd-m?R#fZ#uQk)g1
z2}cH_{T{KV;~_|)QeER^*<4Ejg|8ue!&s+G-)VMYmQ2n~eec50bV*v0l6G>Y5`YLL
zLmHIj5=?D;01g2--vM*`h1Zv`=}8(JVWug3$a5yovp%J0Q&t1{P#w3EhhxaUkXrNj
zKpijg{;^i-mG7ldXXf%H%R=nJk6NZb4F2q^)+)#mL2O@7lBm~ox!ITeu|&q5NHr-%
zl23Up4JI8{WLChiYTm=tcST|D(Hha&G$iqMe0==S&_4gElm?sD&&gZyHy^RU9rnu!
zc19L7UHH29$4b*x0LZAKTE^X9G;;)GY$}scmKuTi2zrx?t=szAE#M?Dl{oK?tP)I*
z$xMP1n#gt&V|nLpCDY{+Y%-=H@Z>oZlH_nTVD-P&Rh9Y=x}pDg2mW?lphhgpkM_Mz
z`RP3E(Vs9WC;z_qU#IDF&LU9t<p<aJNEOeOA6)c5=qx|amt0rP8g6Ml{GcPL>cBzb
za4@F_7$$RP)MO%@KXyD@&qrDLQxr!)$ore?oxDNKZ*MB@ywuR0(oo!aOrPRWjF`(X
zEMj6<Nr71s?i^-@lGk3U%voaBhLPKF;_^p#bZ{@)J{C=&ROd>@4YhK>`#1kvZ3U+@
z&rdw^jL;DsbA28Hwl74|><jQGG#{o8SjF;{fdp(?msYB~YK%&}Z+9QZbNomw8$ai_
z`5i2)KgHfGMc2s*<p%o%LVF|)vIE^k!AF}3tmtjk<xFMD(WsrarLh`u_%wN(lHqxc
zrX-kbYqedF!5wSAct34yUmg#t`@|tbg2O~}PrbC!ihrq|%c(;9vRclg7g3KoGm2kt
zgqRMG*LUW-u%VvrW0ZY7ca(9VOQ*8%8@~Dcno7gcg?&=D%IDN)*}K$j<jajm!!npK
z6%_Jgg<TkIiJCsXd0dmOakQ&D`kLJchCN}ni%xZH8Z)8lQ^9410XMX9QtuG1$FpG;
zv)tTZv%aG{$Cmmo(fV`-c=Z-7L;K@>_r2)g7Wb(<j=&`^Ut@A{&FHB)UK&uqdjCr9
z?UI<MQi`;Qt_ImG^SWkYvGtUQDgu6d^20$c6${LcnJ`v3qg^m8{fk3m`L9E9Gr`xB
zwTAizQ@5QE?iOOx4gv(vdg~qKT5Giy@ZeT!rmF6gNh!;1<erBLj?Ewr<jMQB4A!63
z5Ge&%llL?VO?N@3RTqE4H8gCdD3C4dY6|Z84|Wtq-Yohob0K^6)gb6xSN%?O`LH|M
zbc`XEg38XzJ@vKpoi-ACx?u1H*`j<*Zqfi3uF}M;%+f%Lde7-g$&fEU$?6tBvXA!>
z!ZTJpLD@5!{_Qpb3kdYNnP4nFQ=`zi#lv=G#1I;K<NO3=b2mXc?467C8g6UR(`(}5
zXD_ig_Ik#T1GAX^_G`2!Jax1xhl?U_rv*W}OpOn+e#_bh09<#axu#-3hWAySqc^=~
zbbTCG8Y(}{9M5t?<5~s?^O+KUx1&4ek>0<KYy`lrRNeZ&+WYdTB-gfI-*(w-X=$lx
ziQ<4^<ye-M3MeS344R-;&Vp!;rDmh$JOK{ilnN>+SqkD<yV9J^0Y}ufisq2EGi|Wi
z9rihAopsK6_cxri&iDSc`Hu_My5U~Wb3NB}-M_*8oW&K9G}rWAgnR!qmd*ALDb_su
z-gLkfwO&3jelR*>!KYZ9kE!blCJjYvzG&7vYc^qhwXI{Zaw5EJqEYR}AvqventgVH
z!CrlZ&r?S@Fey%~<AcRvs0Sc}g+tgI<bwB*F(c<y+oxrwR8(rb497JwN(rLPv5mgQ
zFf=)$K8Sqk?0ixsqf~g=NvEH<UQh14e<l{5{0%V?hsVQh@b-UNgQ@?KVb-CjIb9pF
zH`7CO^`UuV0;95{i!weOa7xa2oe{w`RhmQ}U@zfGUCT$aX^n#YSFZ2%{1$#~o8?3j
z@^(&qviSZZ1EPN!HY=UUC2DrSAlAbW9~i{TNVHA<NPaFSk}L}0BLx0Vvk@z5M%Q)Y
z-?imOmu0B!JySeD0g#(tK@h_A5vzZcO-|q@X{xH+Blm5K(3(@ucGp;?ham4m3{=hM
z5I6b<<UXnCAZ`tl>RUE8RCfK|ac#~Th&ffDnRX%M(yxIdx(9UkJYAMmcA)@{HOMnR
zbEA_7q6%IJpZ4!;Ieha6_2uM>bMs0fElOk@`^{a%Y~0(@3Go7s(7gJyW(jKtAy5HE
zGozI01)exHmMyQ^Pmg(%u96Vp9%P~)y06wRLc__yt|hrxqV<@fg;59SV-nTpFBmSN
zFf*_sm#4>iDm@V4rY|G2K=Ljpi91vIU`lvT*`!i73<lwb&EL46)zX#o5!hb1tE+C%
zfoiL9q!g#Pu&Smz;?bd3q{&o`E2eVnS5#t%Q?#aEF5Ubo)%H2`Nj37L9*dB+EzX7A
zU;GH3i*7hTMrr4su2k)58kj!n>~<gy7UaS|%c&2yDRg479Q{9S1lC(ZO`qt2<X8=H
zwjNHk=$S5$EQn8x+5-OeXK}!X-=*CI!A8%_GgYnHLy9hCIwYtKB<<aLpQ5C>Zf`S#
zd=0jKq8z#8`>+=>W4pb#1X&00IxRD}xRfk<4J@l~JVq;JSOg5U*`?PQ_aX3MW*usV
zowSOna9<O*gCff(diGK4BJ-&QHHqO8<Sw4crD!biib8C0T4=o#{P&FZ`js!IbAhwl
znd3$Y!)|4P-S@YJMG*#f8R6WNOq~hdAg4JV0^pdj#8TW?x(wR?u~$9cr}NopbFt<<
zY5Zjb?IVg;zIKrJFgKY0FwbI%`JI^+8&#<1x#j8cy6b_;gZ7%w4XvY#@COtu^G5<#
zTKY|zk&CaH8jSPfa-~n^-b76ra)vs*gqI=Ds(-nrF=`J%Q+H934~i2fW&nnUvz;1>
zMb_Qj)DgA<Y)POO=Xb;EQu@2Z#*M}d;W#h8qpX1~rzTJ=Z#K{o)gyIK+~`3u-Q-b&
zR(b@=$R}Grb?CWVw1iKbOiw{r^2q@@${jDxb2X_Wmmd3%f;Q{)eZa+UvXAdbXAMVP
z>ubS+wXL>p4!rI}CwGew2Ynwg3IS?Kod+AZxi3?Qqda!#67@F`5OPm-YxpxYqA^AV
zWVs(!Vz@flUN2|&y4>GTd9`%)$nTC`o;OnLs;qdbrGuqdvS8ZUuJm$wy3g7=0?T67
z(l^)=tWF7Z=9hiQM$r?%rIVADW;zZGOMKX92t2%+u52oQW+MQ&I+Dd$Q^i$&jaw1%
z6^uMK@2OUo<tCR#oUR>@yrm{kMIcLuZ}s5ge@Z=sav3-B?vOmrUGlqVw5g%2A8uNI
zDchN8wypg2ON;VRcmr+yQNw0haEaRvq3`hdt6dvTr{<IoxL!mwVk;4q?YU9#%E7D_
z!{bcuhV5dHG#yni9AzkYv~plhR+cEQq!-H4EQ;)I0%4cPaw%b&BPGgY(|U}zT2_i!
zPL7D_T6A>;f*&R)Xt7lvcvNP}Q4ruT2`$6#*7xo9k6#%*t-O)qF{jL#;trv{fL?H(
zc>PL<3$UYowiC6aH0CVsNDwG+4JWv-phYs%e_2BPd%+iOpCl9S{>&iv+BtJR3X^a>
zhw;KybIRJ#^qx7n?%sU1<Q$;j0aYCg3y^}b!`|^@m5JH1Mond2)?`>V3%h?~=pV2e
z1BB!VVbUU2%WcmvT|;v80EAiI@f0Vit3#=pudDb*?J@@prt3r*^Mh0RLPn;%nDwRC
z|8+_D4kv~x<M0?{8SoovH$XVr;0CpvY`k3i?P_4sP5WRRfZD?nn4gUA`=GS{?&#(b
z3o?9VNJn2n5<MQ3Ci}_6W-{<jka#@A)fuXpxa7z82%3}CGtA6$b}kjK>g<taYnw5%
z50bsfy~l!~t!TG@Ea(2VYx!J$iED5^69tUaD7HdV?p==`9#a~h8e31HYj^k=N$hX`
z`-_yFW!*NqB#S*Enz|p@hNr}y!Im2x&cpM^V}l$6(J3GRocJd_=Cbjr-#+$O`v*N;
zk~lgthWX`xIy#p6_zEGGs9uk!?|qM^C7fJwvN~R8^Tp=_q4viap^{uNVFyO9J9;ie
zJvCN!P%q<La&*ZR9cR*8bg#hq=Can#SK8#((_uRrWc}P)n`4At#RkAmLWAl9+QaQ~
zPFFc^a6rP1^Msg>V7&t&ff6YJC!ySlZ2p?Qo5c&g(iuuRNkX&D-_zy&IM_}X<v8&f
z80aRt-X72o`i*UTH+-k#Dn=F$4@fwi{MGP{iyX4mwAs~cIt!mVaQF(-c+g)%Z3kQe
z6#?&vPb!a(%lY>%qyNNbnO6rthC6TEiIGq@a9bueG2-*ipMvI14*y&6zwmzj=Vda3
z<$p>!llNUz5X@IfkOINVA0k*>@C`;<I#@MBqHLt=sAR2IGt{>K(&wcc@!j`sHJ)GM
z`bvCg#JB$7?{$u=$~o@;$J_pAzcG}_y<OE{PR$-eflA2k1<U<ZBOTbdq?>B!?)Lv~
z+9XUp8l3dbG)^g`r<l9jGJb%WrzvsqYG`lYwns`zntNXBqOki8s+C&7CN5M!unSjB
zx7$r#(U@j5SlYu}>7g0rX&p;T$~KFci}<p^>&e;qOCQsFG{>6#KM}o;uiN>U@1len
zoqwDkX?lAF9HcoqyfO!E8;V*}tP4EI4O`fGWkg}k0Y-FW$oZ4a5%rY=)_gpvXptvF
z86d&k1D#^p<x<nXlVIUPN5s`-iMhM1?n`GM97iODCR)@j7HLw^Z}i1CUcK~mz4l|b
zq02j06P2G*GDjF@s3#$3t_f$1<iGTs5<krWgT1%$nu^bB4|qX~7`5fUMu@NK;FiF_
zp}8eEj~<*p{x>_#Bf!t+XmUv8342O4P@_AIPPD3Ul8^W)g@V@>d6TNY3RdxrLp!}n
zS$zG`N((Dg9l2F=gn!QpHa@@yBEU`EJ<!r@58(+?L|e^*Q`mAZ()olv$2Bust>;ST
zy_57{0!p9B1{Zx!uT2T0udW#Z%y!(q_Ha9r8tkL6XmsQjtYH;TBnespahAEx70`0r
zBCB6#^X?^r%n7tLggRO?;>kD)Jp2wCBIM$~;AaGWBln-9B_>SekHGFXdOoJ2MZtb9
zU=0dth%N`$fKcGF;ZhHip=A*cCz5W02T48HPOmBI!x+2My+4xB2cumPSZF<{ue&~5
zUznU69ut|h)cE0hbZ1&<PYS%P)&K_*zH&$3JXj~Tu(yyUp2*6gRR?>szmhDp>-X*M
zeAh4nK^|TWNWr?@Bf@YkbIqp`NdZG=^YX(x!VgUXO^e~O>)?l<K2FxX_LG_1$(n2N
zQGcR~0WWQ|sfDsrsQiN#r5!mr+WJD;CY=lq$~N1x(bv8{f97;l^Ti-(3CHxOl#^>h
z+y$R9hnyuN_m?ErL@}I5)KDZ95q+#T;`3s~0dU{RNY5ifWL=T6n?B2J5P-wql((?!
z1enN46kyiE0E-72mqb;^4w15rJati%OgE!w7WK|mAc*-{7X^<B*3tMAfDa13LBlT;
z;3e>Y)9ZUaB<b0@H($p*!a&VO5ScDI``>tfG1VCQkPP1XR$pBL&Mt*P*%|4S8e)Cu
zM8uERFY}*6OPr4@ZH)>@@^~g~l>vBihS@=uUX1j=+83pRWF)Wmb@TMi^w#T3z3gz2
z7}Xkf#E+j+*WVa+M>}WAVA3G@nx=jJF1lQ8Tgc3wB)S&HK)8Oa0aM3*&i8-fzrM^V
z{`k?&>bM4XoGv$9Bgxdk>tMSsdcj?umV#HHn&KlUa>L{ZCpPwYL12nZXvk9w%1-I!
z(z^hs$#8Ws4Ej3f*SGZoGJdh`aA#MeuP9W{lt-t6_9r($EaDUq;Yx~1_Q4Hf3N!kX
z0<@Ww%Z0G&ieN8^o|eyV&LOvcHQvfLUQsRE(!532S6|0(os$<gNe*J<8x~CN<UL#m
z2*3JPON#e5W$2}maLXlJy$x@MGef<Cn+1^d>d3&hiL7x2gaqdeq@arfC{Z8P{~>Zv
zxgx*>&n0bo?|e5I3a#bt1|{NjXl<Q28!)fh5jFjhN3)lEC<q$F%e$RF7_53|&%{?{
zV}n4?hRL5&m&ykH!?u%*Oqq%*U0BWmYJtx#<P5mo`oe%Kn&QO@L^Ujz%S=cuZg9iI
zq+Vctioc@q(+Oh!hP&PFjD5h4YVH!r2SU2q-tm%<N(Qnu2^6ZnS%VB7L`UcEJ2rNG
z<_p&qlyV(fI+)8IQ8ev(;*u=l!=}&ulu{4Y<Yf?HHgI}I;Go0GW0_nN+UgSS@sB5I
zdVB5}SA|S+`w+RoYGoutIpUeKM#rCiD;0I3BXXmAbWpRK>jqtpBp1r<;R^yTVvfv4
zlv<`hQes@Oi#Tag5ciV8c=}R;=ImAyS;miwx3v_N%Z%M#mLxa6X>7&R980LTCr&lo
zxNtuwYh`N5J6GQo-J@TEK%|(-Q8KkW&=d)E4ljFAf7>MD@w<lBNf(Y0DhZibCSzNf
z+hO^-BcMUwF!uooZIcdzmFNTXM;w%;WQxZQX<9t=Ay_nQgaY_-P$jlYUFSmKK}NP>
z`CI-l`yDr?g%SxZQe>`!8!DiO*B$z)IW@tmHWhP(=bJwkBYs8r`xmmz49D~uHbsQ9
zH&1CiS6p>0m_*YSAQ#SF({sHptD1jG$ZLrZE>}3C_fv%3KcybWx5-S@`5z*0DGcoc
zf{?})DsnUDO0&l52D-2n#C94!BjY1L#o}qjwN%)z0-0;Kv?dI*bw3ue2*y9m5%}0T
z66NZk%6!Dq$6i@e)`<wV*jvISIvX9}P(1!=NOSCdS?IvAC)@IO+pCoh#Qv1p)VS^S
z>pwqv|AUCM{%^Hl30f;GmoruBbeSQ@BgVqSMveYuZb|Ck2sU&`SaPD$>({M$b)Ky>
z0S@qz*m$Lm$*O^t5i;$P9w)Ec2iHEG>l5f&8Hc0FcwHD_uXdO4ReGy#LRT?f8Lp;<
zf9N=Oe6S2pYw<DBb(e@hw!iL_zx@x;d#ePPIY=|Ky1?HZk$v`P)2z6#e4vy=K9*hP
zl1oH2_))+%Q!=4>z2SQ5Zppsgof-bmFY}iGdW&bam*#u33!2*7n=)`xa#d2dc7JvL
z<k8^_TP2dF-`vT0yGHFFa6A;U50W*q_Xf3yz8ZS7)n_`-HqD2__L_|jNpr+wvx%qJ
zJ({Ezu1OfhaM9IZJRgZLFk^k%Kk@&*kAJbvh&unT4HcWeO5F4kId=kMbk>emd^7o|
zoP7G<i2ujpYm!y|PbwzR)h_b%K%tszZqf}GbpH8y-cS!Rxb+q)0g+}o9~C0}Rl*kd
z-#Lp3&O5)?5niqo0{K_^T!PQz72@}>{3S+GG#JcH0wekp{`QL%=W;g={}2m~;xZ=~
z-cG!^R%6q-^Cd&uDnh2vg4Ow39V0$@yutK0QquI`>F%Hil^Ex})e|r4XQ1~mZ`5WM
zFQ%4Ayu0Pv8RI1ru&F^|{A&#0a8!`Y_0()LoD+8pt=YT<sgF&_bO|{^mtPMEFY9UB
z$AXu!K|<;<MIE4cBbTb~Sr_(7z2DoJH1sv*Ijp1=?;vjb#7M(cbdY(>6x*v`HJ*Lh
z@ye;k`3I~gaP-zuS10c9k6D{ykcw$B>WofiVOaT$tu-uDF4wQGWDS0H-6cbDK|aZP
zi>ECJQHo}VGS4|U+g`ybG3m`+d!yuXybACMOhws4)S?AE@ig^xP)jJdL8UTGr?RCs
zFTB&Ldx%wxHP8Ox;qdj$fE-pb$%&ZU!PA4B++UYN%-*$eF4Lo{b}51&{B)!YmNyCQ
zc!adz7}&A5QcQ5A4+@G$+{R_;*IQ@&8xD3(>=Af8^F0eMQfV2n#(EUfW#QtQnozu)
zyNN4#>l=Lo=gvX;gRhX6IpY($*UPgSPn{i(f+V`PO@1jW3=l;QEmfuBDL#a}i5na0
z>hmV@MS2>2JPJjkpf0I;Vijg*wtQt0uBnei0662)NggpiX=b4!+I=oh)_CxTl5PEz
z5m@P1&m|WU`|$5i47%}prbMrJzV6*PZ^BA`M|k7$;RJcjG1Qk2DbbnWq0>=11WN2G
z*eT|McKYK8-O^b>Fhm(%N_L*qnz~It@tqXA<OT#!{s1-cw7AwC8imw$&sCWtPqy`6
ztQfAyY8+6hQr%42hNexp=)D_7v13mob7S3XMQla6BxvX!Qf6S+l;HQ6Ylk|EF|5H|
z708M<Hs3K$t$ESjQh<l637U!>kI}ejguc0zL-)1r!(V4r#?X37KXh_V`MUB=j$s=a
zYAxQoT&{WS)C?3<`tC;BG?k3FUBGMCu4vu~vf{Hp2*XBCIqu9V47NXNNn6oi+Zv$j
zL*{+74o)dN=7Vf?Jti3M4p&D%G6O;J1mV2<WMeRt@Sy*z>$)NR)`dGhkMvfT1&4c)
z_fl6IZ_<OiiMfH3@mT>Nt9A(*(}5<dQ-f9x*YK(t={&*4I|l0MUYW5?Es9^Y)f1qr
z`ma3qNG=s~tON&A5BR|;DM~EsMvQ@xBE!j52!S2!dL}h%J3Jrpfj!7Mr7K5=M24_4
zT~6Y_Ooari=3N7}eLS$eMCtoctW_uX<tH^RJ}g>^ToCK1eIk!@<6@21s|9y`eG?Pj
zj1#|LPLU0hK!#&{%R44MH@gqCW*)hJkstAzg?8m2m?nl<WQJ@rIjkjr&j2K<oZ`(^
zWn`bapPB3bQ);h>hJbGIb{ud0M_0kE5PDrh_!+QVdJTCex`2>mp0f8L-!bDy-b=do
z<tFbmlH2e2Fqi(aFpwwnW{oL2LKkW4`5LUWrWZx}q3%QVCk(9SI9D=m!ClHAQF~l8
zm)8BWv6-hSutp;T%NyKA9@uCQEhoAb&!}vi&+whP-V1#^baPKb?4kUMCz@7Z>mb&p
z@K+Xr$<cdw>gY7gc$A{9-6a`C1fP%=H12!=w{s&YG0yZ;rZKklw4>*F2TZUh3#4vV
zI+it{F40(DKk?WElqPdHiW_d*$WbV22HoHZHDTD1Z;5uyjdNnRAG=02KEgBTbh;uv
z=hH-<xreBFCO>4j{G-zk7rRGgiVS9!2limUtZ~rexSaw+0AL<}bfoGO_e<ByT&q&J
zpmGdH9BRX{e|?A^&l7p;pVM*@QIEvD&^S4g9uu900e~mEYri9DM>-rx+U26aK3(G#
zcvwT;HUxyJHel(5AdCG_YH$}t)!3LDPiyun+<OTWxK_EFpd49w^&6YtvoAtGm09=@
z3Y=Wm|HjJJ(iLDEodQw^7!1-wl(}Pfg742cBw#rXOjw3Y0hY$0J7h>@Z%sodSEusi
z7$?|TLmMGVDwj^b<Sl=Wc`cn1GBSM4+xS(29TW+=G8WtWSw>frVr%=QHE5z_%Fmv5
zcWE;Cfm4<H2(;gOGUAskzWW$ND~~j7T&6bc4I~D9uBB*{Hy9BMZjE0yHVr&otv!T5
z`cQ*T$su<!<}`Er*#3crI5r5se@wO4Cw7V3SRelJRMqfFX}!u*{hS27BeBCk=M3Y$
zD7#2xFZHJs%``iG8ho}rK1Cxs4A7TkIe6h&sDh=S#_07Hm1Btm)$cmw{d*6-;t`g~
zsFQ2y{%;=5JM|k{vsb5lOJh$TCK<a$v>rX`Qjh4ZxRByr1kdZ~a^eDP-*XHD7t?1~
zR4d5J*k~ll$e)*@GY>hq*knGFFnoigA|kg8PQNy-kP)0&?}E%47{OO5mk@ykWt<f2
zD!>u|aCBc?Ugg|qj|dc4AQs~eu4$TMWJ2t*9cRvNV#1!X0+;57+KJdeO)u=yu#lb8
zTV!AJephZ72OPYVB>nNdDZ*Hx&ig}3?fl?)iBp5050p*HpMljl-McclvV613I2+d(
z2*PdAXt$U6j+-!9C>>o33iSiBk)0vY-(M?x$<JD8a_UhNxTKlaOFtoGnqm{Eplyl}
ziEz^C)mZ~WHFHO{4!jCNNv09zW_=0Qe(+8E8rkvXXreYkqYW)g5ogK`NKp4Wnh1oQ
zWD=4bZyThi4jK;k>UGyG&#X&q#0JH(uu4fFtBR|+i|Q|~HaIgTZe+6q0TcK#%<-)O
zKczwmU$<*JRT0lUc-Q5&z{7i<(%^lo!iKBcB8}m|)60vId_Us&RL`Ex?t3x!U)}`V
z(;2@PrnuUZiONJ|gEzZJj%F%Y#VB(dX7Y`W*GeP`+s*c#wTtf}{(jA8l|S@5$hN6v
zrHEO0Ex>ZYbRV@5x-hn)?xKsT?)#cBq!s`6p|FCMS9IBi$8=nI8yI^4XAFYh+)dIr
zE-)%m8$eSCXO^ov2az%Rug5ldiG~QJPDe6SDLr*R+U&}W@IH1fU>+Pzj~VW-KHDhY
zMCEK~R9Fd<rK8U88TBy2$$O1gvF)&lPn7hRD80vByr$0#@Q<<<(tWCh?bM<y_Mks~
zS9;#n4;P;<f4MnPDVCTqV2Wuha{&R(G<^TcaGJ$qf$2qF1Vdr%$G7DrxBsFZ{8xr{
zI`2Jig1dF`(3=l92k>i_xz)xkpFcc<<NiAQS7s;w^mBJQA9!Y{e|~Cr(8oGU4$u{~
z_Htmt+=f^mbZ+J;Q%ydHh)@1QA_GP*bd*)REm3pX_00N6_#f{jdLJ(&+8r;d`rA})
zHGa7D`~O@mb1ql<TjeDubDOrGQd<z^cr8cocKK_QSF&?+29%9huli~b8ISA9^ROFT
z$bCm`TO&=2qFfFIS~ThKJq4^`P{`Po8ggwRt<xpB#VcTq?yYhnYevAxtUAwWmogRI
zx;h!@_BfDOlPbb28|~f%_bVKkGp)nu^m~3jyI)+;gZ3HEGXMa!+;+R|Lr=q}Bjzgb
z*;}*x>Nba~dLwqz7-ZEv_=A_hVzmtuO}MeW*#MgtC}FxGck07aUnkUBb#CO|d|x_C
zlJ3zhST27a!VzEdEj@DG0X=Op*tE#9E~<-0)0o}s=8y0XSl2zik7bfKS%B|VqCWNp
z`(XR3!{TZ~`G<!!I{Oe;#X7~oV=}<4cTw>HN$8P+=~mwzUeQWM8<wqWV5gPDIVYfd
zHnd=jonHz^TJCPgfGiJ3>hx=-AWi)xQzO^enc!S^VIyY@-xD!WF*aE8{AOOuC$VN!
zAp+aq8tkTc0$UMWhD1{g&Q~GwEq_Wq(b*=oG{TkM_acQgYSxeTe!66tgk^I(!D4Tr
zzc6{LXxo*<tn&?e(VgMD;z)u^foG2sc#46~_TCK&X3w$xEs;Y?Jb<Mfjdk9o{FUmL
z>8a&sA(`JIvCF(yI(*To2>y<Afx>rO9ZhK>T>36t>lOkJg!yC^Iu?S?eeduZtPVZR
zfja3ED_G6ANFuG1kSdC{_t<dM&SGj$Xe_SD5zSp+32~dda?8#!CVmO568yG7qxl<P
zgY;rIzVtZ2ibYitV)%CKLX%1G0mrly@bc6%&-^E;OGrD&4!sUrN{6KO$0TB4ncC}U
zQ))5Rw}_rIH}r-0I<qO$wwJ$qYCPg&nN#{~*i8DSf5zet^#OyxFzNZ(30_4zKp&s^
zXx1$HgwlFV=}12R$|TKq*-k?ua>HH$p?5U&Ams!Zht|`d&)KD49L|PiO&*<whcB%w
zZ9QG4{t##e>|sWKst_}2T*J2lq-~}2^9YCB1~9Rw`U5k!Vo+@1Qc+<|K<~Ts$CWK5
zSKnm#<*3#Z4I(gk&z8F_;`EB+@*$pg_UC$++k~Z~)Kq%!%a&)bxg+M2(9Uo5AO%(p
z;E4?j!olu*bumF22d~?aKAXzgT9E(3kh$(iS9m}iv{W}xdmpi0L$6cjO*Lxw3{Qax
zrJ!gi*t@iWdR9=V7jwaMylt<doRLqJ%R~H^sZl7RyPS}rHjp2q(gv_#CR$a6DT_}8
zvg+DvvjOV!Eb^|G^{L(UzKGUAvbi|dZ;)J9y;Rk1wf^$Kcppqet}S-a9;xFyhU$5D
zK{1tf0zWa~?pwhMoeOuX0@tNACG0&N*Mp>_kSSOnKRErN&`UC@1&mm*yaOhw!K{!y
znkRX9zJ85MiX{{IzNq#{HgL_rLfLFfO7)Pgum=W#3)h9x_f76s6r?CUznL94`Z<KV
z?7ARtiu<+ftOOY_m5&~EG%PV##7?V9gbVgn;8e4k3{npzSN@c`GjC)Cg?W|vBEKjw
zCJrYA`*zg!QPj~6cM&^DLqrj~&}{ce;GEV)#O1ls+Q~RP?W>7>saa?n?cJ;HBxnh?
z_J+_$GJP(joGFk~&q8r7%3Sa-4<p1d#G5sg4(%(brWv`;bpO7l2U*jVBSi}L%Z4q^
z@J<>{+i}LibsrQ#ud@YaQSa*ZzkF2Dpk=FdVE@>}__YAr0>_HL2b96!y`PVc%9BDq
zw;$q1Kuo+Qhfa4TJ7%%Mu6n|(?10gf{6keXk^&+U+P!hAp#0J&70s<mT&GVDU);wG
z)-l`J`XV%c5S2i5l-ukQ(>GF~9`AW8;`ddP2NOMz_o$T}Tz$8lIyxrj_=hMkUe+oX
z3*AWH!TNZ24LpSF+S5{K=~I~A8{Z|Dts`#tIPRWug2y}nqYSB-Pace7bh#Os8H{=E
zbXxNsSf_9<+=uyeavc0yU^P)@mRDH2!usH%{sY<?1&I?;bU!x_zAa~9nf3`J#MAJx
zitwqHoGRdOzWsP6vzvBl0A}P`k<q2(=pQa!{!?m~UFGm^ebbQD)O*aEw#>V0pDK{-
zi9hcgl-p&E(cHM)yGg;Kp`?aaufjCRr8`o>K#?}t*en{^YB_SA5&+bi%X)o$XgDh5
zU>-efl`y<oP2@GucJP*c>^76{-U`V(lbBd~g}Xz8fwdtd;RV_aNyu=slb{*Bt*$XQ
z-{6$}12|oEZwYo5#7l@d6h=?27A}p<csNN&05daJ!1kSek%jx=RIl0G2UPzf<Gt2Y
z)pMXT_TvFSxKVpJYTdVf4>MWlb$3KECr*bi<blNx4*4QDgwfB_yQ9Pj7b}LoaqJTF
zgG$0}2}zV$(^@<O*B=U`D{w3{5?mUoaYy1@`K0xZoqWwscN@2lI}_5*iHW(prl?8B
z8_p+vVF69GA|p+S(78R|#@-vBih;F(rf0TPP}q-f1D!!mDLRR9J8STn6XS=nydak@
z@<lbe;kz`>2vp=bP~?09`ZE7G3wZyhlwrOGGkYUcBYlV2fvs=WO;x(w1%B7Z$Lc}c
zQ*wJjxi(}6%uYR4h<ZnQZIpFXSO(A?C0qgT#!Os{sPkzmDDv{h;@zHj_BQ#Y^cVH9
z4-`h^6(&zCzb_ZT4<w?v%v=eIlfGu)n6t89>Xj(i`?<jXDp3{y%~VwepKGx`IJ+0D
z4L~cS6C_!*%hCX@n4!RQv(osddgEUm_%9)fx;lPub$#>g(05OOq+~*e{Q4Oa*Rj_`
z{;m9m+74Q0R>}GD1dTrrpkbH)tdZV!<7$3NNjQA3&i!9+{}(Uymx`~b##jke+^uX*
zX#=C==5!AUV~+eb>>3A(F%yP0G91-CC@3B8nl7{Oc|84)-}a&}4lJ+$2=Sh)j?TrT
zP*S#k$|!V@$umP&x#oORaa?OfcCz#;Xv#=Hg==iqRIcR}5J7qkOEKhbX!!?%v6%`D
z8B2zht<es8L`|zoOoor++w&&BDM;Mp-lHl3x-tSqy}ISpFzm2RQ}O7SMw-8D?gN<l
zZT1fL+yO-2h6EtKZ$(v0<(|o&(SV*wQ+ti3r})rsky49+(1=M^&ua`jLk-R$IHf4O
zDb=O};o501O)+8wc@sio4qHDG`afdqEpWGftm~p6O!G$NUaUQ}mx`%u)}(b*P8xXE
zrLa=Qfh4PFA<Vi+kxt^+CGne;eTW8@;f{VKgOyKTZdKb`1g^b{K;tFc=p9M#j;WlT
z-rTmglI}PDX<cNkhGsj=57X;)ejkzJS`*3*DZb#{##5MPP{tD&$v_<)U#rmgS@zmW
zQQ-VJYrAIB6E=@{qv8H@qqfgV=w&<Q;C+ycg3{Tf&1V$P$BsoU4>AE7P8Sh0qNDL$
zxMHD8LE**EQp;I3oyO*Pt|thWg#Qw?MX#(ve`p(DvEsM#IH27^F{+dpVSZoe!^~=G
zd9B15trXiLwl$iMwTFF6eY!Hdcz#>(Bil$ZqfpD+#@mOwFrjb38eHq{&{2nH<&UXm
zU1>=cxTVQwWvvNLGmlY7&f_I|HGlN&U)`rvOFTSW66sj<+@t8~gb_UR;K@#hx~?<2
z#<LZcLmF8P1{&cCe?YrKLmmiD>>n+7ZU4%;q_`{$74)@P8Pe@7kv&*WRG_hRgcJ(c
z9@F>q$>uN2eYkgoLd7@hi9MPsFX=(V4a*#c)rWx<nEK?Y8bxg*jh@oO-a27fJ~pVK
zNPOxxAF5N@wIO}*9L}`VBq<90PDEieFWNCNGo|`IHtr4FScFUYxEY$IxT-EbE6nL1
z*krOEbj)P{QF68+@eT2>E88A#hgN}@+t-{NaBrMzl`8>P2*T)yGNPGN0f*=UNX80*
z^8=~bQE8Cu&VGcWZ2H65iI{*h8LTI_tbF*pWk$mi%`>&j@dtpz6O`p<MMj^kEhKia
z{!bEHj3+Nn$+Xapb#kmJmVusT3S^JE$Zjl{-B!CU18KVUBHZ-tmjexjNw9L)l);j(
zDj-+Fz__=P#;2vsB4DvSGAgb7vT{4mTwPyAJH^j*V$=})Ii_6%!lVpp&_W?Fg=r=w
zaJ~05AyOCCgO`=*NF&(kKiAIj-b)dZ9Mv@N<(u8>o88;dk5_8Y&7s_tAYqXrK>_&<
z*WfmVFLp!0)#?)Zy8dX@j+wOis)JnK*k``0+$ibMIo+w*WTxd4|6V*+dPG>3GIU1Y
zQFcR-!thE?qpLxOVP^xR069OUeo8SXkYZ6$%PMia6wSRJnC(azV51L6I{ZY7!~EO-
z>YV$R>;2a>ukx3yk0kx^zVm-{qpi;UZ4!mG#<gdXb~M3x&n3fCKc%L2Q$N-hOY-!o
z8-0?V^tzsX@BDwNHU7)L@h=Yk*X)|Yd1!LS(jU{`>p$QQ{GmoBu6(>*?UqThSREgF
z?mO%swlE1&UYt9>b9g)`sz)0&#|3hdDflHHX!kZLD7f3XFyP{b5|Enx;hW(Z`Oaqd
zgHfzI#@L+pLWc~4hnOBGMazzwbTV^bU^nrAIKAt-SNqe1G3Rlos(`o$c1a8QnK3Nl
zr}pj9d6=)_R`(T<S%b=Iu>D)Ad^E58)570h|9fZtz6k!lJ^s!Ff9J@*9|wOwDF3br
z{;rn(E)4%Jng8AHVDG(s7mZv=Uh;gmIuEBM`(a(9dTKFdXj|OTa-sNjF!*s<0mjdg
zrL-eus32b5VBY9k=%Ri4k4t0Eawe`!QvsV=-k1FG&DE!Knh!PKGIal{G}k(^EgM-r
z{%KNfH?BUct&sBlOn6)&8neZf#@b5nZ%-k@=?tD8{`TX4aa;KJa{u3UVBgQN{|3cW
B2A2Q;

literal 0
HcmV?d00001

diff --git a/mkdocs.yml b/mkdocs.yml
index a9a441eea04..63e7e7ec4fb 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -400,6 +400,8 @@ nav:
       - Lock Client Configuration: admin/lock/lock_client_config.md
       - Implement Lock PDP Plugin: admin/lock/lock_pdp_plugin.md
       - Policy Store Integration: admin/lock/lock_opa.md
+      - Lock Master: admin/lock/lock-master.md
+      - Authorization Using Cedarling: admin/lock/cedarling.md
   - Janssen Recipes:
     - admin/recipes/README.md
     - Benchmark: admin/recipes/benchmark.md

From 1bde1316a3abc8f4e48462d0a2670db901c70aca Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Mon, 22 Jul 2024 12:07:55 +0300
Subject: [PATCH 06/43] fix(jans-linux-setup): remove/rename old variable/file
 names (#8991)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 jans-linux-setup/docs/README.md               |  10 +-
 jans-linux-setup/jans_setup/jans_setup.py     |  18 +-
 .../schema/jans_schema_mappings.json          |   4 +-
 .../jans_setup/setup.properties.sample        |   3 +-
 .../jans_setup/setup_app/config.py            |  32 ++--
 .../setup_app/installers/config_api.py        |   8 +-
 .../jans_setup/setup_app/installers/fido.py   |   4 +-
 .../jans_setup/setup_app/installers/httpd.py  |   2 +-
 .../jans_setup/setup_app/installers/jans.py   |  26 +--
 .../setup_app/installers/jans_auth.py         |  40 ++---
 .../setup_app/installers/jans_casa.py         |   2 +-
 .../installers/jans_keycloak_link.py          |   2 +-
 .../setup_app/installers/jans_link.py         |   2 +-
 .../setup_app/installers/jans_lock.py         |   4 +-
 .../setup_app/installers/jans_saml.py         |   4 +-
 .../jans_setup/setup_app/installers/jetty.py  |   8 +-
 .../jans_setup/setup_app/installers/jre.py    |   2 +-
 .../jans_setup/setup_app/installers/jython.py |   2 +-
 .../jans_setup/setup_app/installers/oxd.py    | 169 ------------------
 .../jans_setup/setup_app/installers/scim.py   |   2 +-
 .../jans_setup/setup_app/messages.py          |  41 ++---
 .../jans_setup/setup_app/setup_options.py     |  13 +-
 .../jans_setup/setup_app/test_data_loader.py  |  78 ++++----
 .../jans_setup/setup_app/utils/arg_parser.py  |   3 +-
 .../setup_app/utils/collect_properties.py     |  59 +++---
 .../jans_setup/setup_app/utils/crypto64.py    |  26 +--
 .../jans_setup/setup_app/utils/db_utils.py    |  30 ++--
 .../setup_app/utils/properties_utils.py       |  97 ++--------
 .../jans_setup/static/oxd/oxd-server.default  |  26 ---
 .../jans_setup/static/scripts/renew_certs.py  |   2 +-
 .../templates/jans-auth/configuration.ldif    |   8 +-
 .../templates/jans-auth/jans-auth-config.json |   4 +-
 ...g-update.md => jans-auth-config-update.md} |   8 +-
 ... => config-jans-auth-test-data.properties} |   4 +-
 ...ser.ldif => jans-auth-test-data-user.ldif} |   0
 ...est-data.ldif => jans-auth-test-data.ldif} |  18 +-
 ...auth_test.ldif => 102-jans-auth_test.ldif} |   0
 .../{oxauth_index.txt => jans-auth_index.txt} |   0
 ...-jans-auth-test-couchbase.properties.nrnd} |   0
 ... => config-jans-auth-test-data.properties} |   4 +-
 ...onfig-jans-auth-test-ldap.properties.nrnd} |   0
 ...ig-jans-auth-test-spanner.properties.nrnd} |   0
 ...config-jans-auth-test-sql.properties.nrnd} |   0
 ...properties => config-jans-auth.properties} |   0
 .../jans_setup/tests/sample1.properties       |  11 +-
 .../jans_setup/tests/sample2.properties       |  11 +-
 .../jans_setup/tests/sample3.properties       |  11 +-
 .../jans_setup/tests/test_functions.py        |  21 +--
 .../jans_setup/tests/test_setup.py            |  44 ++---
 jans-linux-setup/tools/key_regeneration.py    |   2 +-
 50 files changed, 257 insertions(+), 608 deletions(-)
 delete mode 100644 jans-linux-setup/jans_setup/setup_app/installers/oxd.py
 delete mode 100644 jans-linux-setup/jans_setup/static/oxd/oxd-server.default
 rename jans-linux-setup/jans_setup/templates/test/docs/{oxauth-config-update.md => jans-auth-config-update.md} (94%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/client/{config-oxauth-test-data.properties => config-jans-auth-test-data.properties} (87%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/data/{oxauth-test-data-user.ldif => jans-auth-test-data-user.ldif} (100%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/data/{oxauth-test-data.ldif => jans-auth-test-data.ldif} (95%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/schema/{102-oxauth_test.ldif => 102-jans-auth_test.ldif} (100%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/schema/{oxauth_index.txt => jans-auth_index.txt} (100%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/server/{config-oxauth-test-couchbase.properties.nrnd => config-jans-auth-test-couchbase.properties.nrnd} (100%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/server/{config-oxauth-test-data.properties => config-jans-auth-test-data.properties} (89%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/server/{config-oxauth-test-ldap.properties.nrnd => config-jans-auth-test-ldap.properties.nrnd} (100%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/server/{config-oxauth-test-spanner.properties.nrnd => config-jans-auth-test-spanner.properties.nrnd} (100%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/server/{config-oxauth-test-sql.properties.nrnd => config-jans-auth-test-sql.properties.nrnd} (100%)
 rename jans-linux-setup/jans_setup/templates/test/jans-auth/server/{config-oxauth.properties => config-jans-auth.properties} (100%)

diff --git a/jans-linux-setup/docs/README.md b/jans-linux-setup/docs/README.md
index c4d03dfea3f..fa98316584b 100644
--- a/jans-linux-setup/docs/README.md
+++ b/jans-linux-setup/docs/README.md
@@ -48,7 +48,7 @@ All files related to SetupApp are saved under this directory and subdirectories.
   variables are defined as class variables, so the can be accesible without any construction. You need to call `init()` static
   method with argument installaltion directory. Since we don't create varbiles related to services/applications unless they are
   installed, you can query a variable with static method `get()` by providing variable name and default value if you need. 
-  For example if you code `Config.get('installJans', False)`, this will return value of variable `installJans` if defined, 
+  For example if you code `Config.get('install_jans', False)`, this will return value of variable `install_jans` if defined, 
   otherwise  returns `False`. This is the third file you need to import if you are going to write another application and sould
   be constructed by `init()`. You won't need initialize this class.
   
@@ -85,8 +85,8 @@ Collection of utilities used by SetupApp.
    
    - `import_lidf(ldif_files)`: imports to list of ldif files to database. It automatically determines database location 
      (ldap or couchbase) and which bucket to import according to `dn`
-   - `set_oxAuthConfDynamic(entries)`: takes entries as dctionary and updates `oxAuthConfDynamic` in database
-   - `set_oxAuthConfDynamic(entries)`: the same for `oxAuthConfDynamic`
+   - `set_jans_auth_conf_dynamic(entries)`: takes entries as dctionary and updates `jans_auth_conf_dynamic` in database
+   - `set_jans_auth_conf_dynamic(entries)`: the same for `jans_auth_conf_dynamic`
    - `enable_script(inum)`: enables script
    - `enable_service(service)`: enables jans service in oxtrust ui
    - `add_client2script(inum)`: adds client to script's allowed client property
@@ -120,7 +120,7 @@ desciribng base installers
       So include these code here,
    - `render_import_templates()`: template renderings are done under this function, then imported to database
    - `update_backend()`: if you need to update database (other than importing templates) write here. For example enabling script, 
-      updating oxauth and/or oxtrust configurations etc.
+      updating jans_auth and/or other service configurations etc.
    
    This module also contains start/stop/restart/enable linux services.
    
@@ -250,7 +250,7 @@ class SampleInstaller(JettyInstaller):
         # this is the first function called automatically after binding database
         
         # deploy jetty application
-        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         jettyServiceWebapps = os.path.join(self.jetty_base, self.service_name, 'webapps')
         src_war = os.path.join(Config.distGluuFolder, 'app.war')
         self.copyFile(src_war, jettyServiceWebapps)
diff --git a/jans-linux-setup/jans_setup/jans_setup.py b/jans-linux-setup/jans_setup/jans_setup.py
index b1ee6967a10..ce4fbb60156 100755
--- a/jans-linux-setup/jans_setup/jans_setup.py
+++ b/jans-linux-setup/jans_setup/jans_setup.py
@@ -151,8 +151,6 @@ def ami_packaged():
 from setup_app.installers.config_api import ConfigApiInstaller
 from setup_app.installers.jans_cli import JansCliInstaller
 from setup_app.installers.rdbm import RDBMInstaller
-# from setup_app.installers.oxd import OxdInstaller
-
 
 if base.snap:
     try:
@@ -272,8 +270,6 @@ def ami_packaged():
 
 jansCliInstaller = JansCliInstaller()
 
-# oxdInstaller = OxdInstaller()
-
 rdbmInstaller.packageUtils = packageUtils
 
 if not Config.installed_instance:
@@ -422,12 +418,12 @@ def do_installation():
 
             jansInstaller.order_services()
 
-            if (Config.installed_instance and 'installHttpd' in Config.addPostSetupService) or (
-                    not Config.installed_instance and Config.installHttpd):
+            if (Config.installed_instance and 'install_httpd' in Config.addPostSetupService) or (
+                    not Config.installed_instance and Config.install_httpd):
                 httpdinstaller.configure()
 
-            if (Config.installed_instance and 'installOxAuth' in Config.addPostSetupService) or (
-                    not Config.installed_instance and Config.installOxAuth):
+            if (Config.installed_instance and 'install_jans_auth' in Config.addPostSetupService) or (
+                    not Config.installed_instance and Config.install_jans_auth):
                 jansAuthInstaller.start_installation()
 
             if (Config.installed_instance and configApiInstaller.install_var in Config.addPostSetupService) or (
@@ -438,8 +434,8 @@ def do_installation():
 
             if Config.profile == 'jans':
 
-                if (Config.installed_instance and 'installFido2' in Config.addPostSetupService) or (
-                        not Config.installed_instance and Config.installFido2):
+                if (Config.installed_instance and 'install_fido2' in Config.addPostSetupService) or (
+                        not Config.installed_instance and Config.install_fido2):
                     fidoInstaller.start_installation()
 
                 if (Config.installed_instance and 'install_scim_server' in Config.addPostSetupService) or (
@@ -472,8 +468,6 @@ def do_installation():
                         not Config.installed_instance and Config.get(jans_lock_installer.install_var)):
                     jans_lock_installer.start_installation()
 
-            # if (Config.installed_instance and 'installOxd' in Config.addPostSetupService) or (not Config.installed_instance and Config.installOxd):
-            #    oxdInstaller.start_installation()
             jansInstaller.post_install_before_saving_properties()
             jansProgress.progress(PostSetup.service_name, "Saving properties")
             propertiesUtils.save_properties()
diff --git a/jans-linux-setup/jans_setup/schema/jans_schema_mappings.json b/jans-linux-setup/jans_setup/schema/jans_schema_mappings.json
index 3f217b3f331..7c356ed1d2b 100644
--- a/jans-linux-setup/jans_setup/schema/jans_schema_mappings.json
+++ b/jans-linux-setup/jans_setup/schema/jans_schema_mappings.json
@@ -204,7 +204,7 @@
     "oxAuthClientSecret": "jansClntSecret",
     "oxAuthClientSecretExpiresAt": "jansClntSecretExpAt",
     "oxAuthClientURI": "jansClntURI",
-    "oxAuthConfDynamic": "jansConfDyn",
+    "jans_auth_conf_dynamic": "jansConfDyn",
     "oxAuthConfErrors": "jansConfErrors",
     "oxAuthConfStatic": "jansConfStatic",
     "oxAuthConfWebKeys": "jansConfWebKeys",
@@ -665,7 +665,7 @@
     "oxAuthClientSecret": "jansClntSecret",
     "oxAuthClientSecretExpiresAt": "jansClntSecretExpAt",
     "oxAuthClientURI": "jansClntURI",
-    "oxAuthConfDynamic": "jansConfDyn",
+    "jans_auth_conf_dynamic": "jansConfDyn",
     "oxAuthConfErrors": "jansConfErrors",
     "oxAuthConfStatic": "jansConfStatic",
     "oxAuthConfWebKeys": "jansConfWebKeys",
diff --git a/jans-linux-setup/jans_setup/setup.properties.sample b/jans-linux-setup/jans_setup/setup.properties.sample
index ca8f0cb8dfb..0d2c1031da9 100644
--- a/jans-linux-setup/jans_setup/setup.properties.sample
+++ b/jans-linux-setup/jans_setup/setup.properties.sample
@@ -58,13 +58,12 @@ application_max_ram=
 install_config_api=
 
 ### If you want to install Fido2 Server, set this to True
-installFido2=
+install_fido2=
 
 ### If you want to install Scim Server, set this to True
 install_scim_server=
 
 ### To use remote MySQL as backend
-# installLdap=False
 # rdbm_install=2
 # rdbm_db = gluudb
 # rdbm_user = gluu
diff --git a/jans-linux-setup/jans_setup/setup_app/config.py b/jans-linux-setup/jans_setup/setup_app/config.py
index d2d7b9fcf68..ef478926d75 100644
--- a/jans-linux-setup/jans_setup/setup_app/config.py
+++ b/jans-linux-setup/jans_setup/setup_app/config.py
@@ -132,11 +132,10 @@ def progress(self, service_name, msg, incr=False):
 
         self.downloadWars = None
         self.templateRenderingDict = {
-                                        'oxauthClient_2_inum': 'AB77-1A2B',
-                                        'oxauthClient_3_inum': '3E20',
-                                        'oxauthClient_4_inum': 'FF81-2D39',
+                                        'jans_auth_client_2_inum': 'AB77-1A2B',
+                                        'jans_auth_client_3_inum': '3E20',
+                                        'jans_auth_client_4_inum': 'FF81-2D39',
                                         'idp_attribute_resolver_ldap.search_filter': '(|(uid=$requestContext.principalName)(mail=$requestContext.principalName))',
-                                        'oxd_port': '8443',
                                         'server_time_zone': 'UTC' + time.strftime("%z"),
                                      }
 
@@ -191,21 +190,16 @@ def progress(self, service_name, msg, incr=False):
 
         # Jans components installation status
         self.loadData = True
-        self.installJans = True
-        self.installJre = True
-        self.installJetty = True
-        self.installJython = True
-        self.installOxAuth = True
-        self.installOxTrust = True
-        self.installHttpd = True
-        self.installSaml = False
-        self.installPassport = False
-        self.installJansRadius = False
+        self.install_jans = True
+        self.install_jre = True
+        self.install_jetty = True
+        self.install_jython = True
+        self.install_jans_auth = True
+        self.install_httpd = True
         self.install_scim_server = True
-        self.installFido2 = True
+        self.install_fido2 = True
         self.install_config_api = True
         self.install_casa = False
-        self.installOxd = False
         self.install_jans_cli = True
         self.install_jans_link = False
         self.loadTestData = False
@@ -263,8 +257,6 @@ def progress(self, service_name, msg, incr=False):
         self.ldapCertFn = self.opendj_cert_fn = os.path.join(self.certFolder, 'opendj.crt')
         self.ldapTrustStoreFn = self.opendj_p12_fn = os.path.join(self.certFolder, 'opendj.pkcs12')
 
-        self.oxd_package = base.determine_package(os.path.join(self.dist_jans_dir, 'oxd-server*.tgz'))
-
         self.opendj_p12_pass = None
 
         self.ldap_binddn = 'cn=directory manager'
@@ -365,10 +357,8 @@ def progress(self, service_name, msg, incr=False):
                         'jans-scim': ['opendj jans-auth', 75],
                         'idp': ['opendj jans-auth', 76],
                         'casa': ['opendj jans-auth', 78],
-                        'oxd-server': ['opendj jans-auth', 80],
                         'passport': ['opendj jans-auth', 82],
                         'jans-auth-rp': ['opendj jans-auth', 84],
-                        'jans-radius': ['opendj jans-auth', 86],
                         'jans-config-api': ['opendj jans-auth', 85],
                         }
 
@@ -424,7 +414,7 @@ def progress(self, service_name, msg, incr=False):
         self.mapping_locations = { group: 'rdbm' for group in self.couchbaseBucketDict }
 
         self.non_setup_properties = {
-            'oxauth_client_jar_fn': os.path.join(self.dist_jans_dir, 'jans-auth-client-jar-with-dependencies.jar')
+            'jans_auth_client_jar_fn': os.path.join(self.dist_jans_dir, 'jans-auth-client-jar-with-dependencies.jar')
                 }
 
         Config.addPostSetupService = []
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/config_api.py b/jans-linux-setup/jans_setup/setup_app/installers/config_api.py
index a4efe224ea2..e3f1c327f77 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/config_api.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/config_api.py
@@ -54,7 +54,7 @@ def __init__(self):
     def install(self):
         self.copyFile(self.source_files[1][0], '/usr/sbin')
         self.run([paths.cmd_chmod, '+x', '/usr/sbin/facter'])
-        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         self.logIt("Copying fido.war into jetty webapps folder...")
         jettyServiceWebapps = os.path.join(self.jetty_base, self.service_name, 'webapps')
         self.copyFile(self.source_files[0][0], jettyServiceWebapps)
@@ -64,7 +64,7 @@ def install(self):
         if Config.install_scim_server:
             self.install_plugin('scim-plugin')
 
-        if Config.installFido2:
+        if Config.install_fido2:
             self.install_plugin('fido2-plugin')
 
         if Config.install_jans_link:
@@ -177,9 +177,9 @@ def render_import_templates(self):
         Config.templateRenderingDict['configOauthEnabled'] = 'false' if base.argsp.disable_config_api_security else 'true'
         Config.templateRenderingDict['apiApprovedIssuer'] = base.argsp.approved_issuer or 'https://{}'.format(Config.hostname)
 
-        _, oxauth_config = self.dbUtils.get_oxAuthConfDynamic()
+        _, jans_auth_config = self.dbUtils.get_jans_auth_conf_dynamic()
         for param in ('issuer', 'openIdConfigurationEndpoint', 'introspectionEndpoint', 'tokenEndpoint', 'tokenRevocationEndpoint'):
-            Config.templateRenderingDict[param] = oxauth_config[param]
+            Config.templateRenderingDict[param] = jans_auth_config[param]
 
         Config.templateRenderingDict['apiProtectionType'] = 'oauth2'
         Config.templateRenderingDict['endpointInjectionEnabled'] = 'false'
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/fido.py b/jans-linux-setup/jans_setup/setup_app/installers/fido.py
index 2164868c91c..42f5ea5bc06 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/fido.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/fido.py
@@ -24,7 +24,7 @@ def __init__(self):
         self.needdb = True
         self.app_type = AppType.SERVICE
         self.install_type = InstallOption.OPTONAL
-        self.install_var = 'installFido2'
+        self.install_var = 'install_fido2'
         self.register_progess()
 
         self.fido2ConfigFolder = os.path.join(Config.configFolder, 'fido2')
@@ -37,7 +37,7 @@ def __init__(self):
 
     def install(self):
 
-        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
 
         self.logIt("Copying fido.war into jetty webapps folder...")
         jettyServiceWebapps = os.path.join(self.jetty_base, self.service_name, 'webapps')
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/httpd.py b/jans-linux-setup/jans_setup/setup_app/installers/httpd.py
index b4cc062c189..1c52a349ce3 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/httpd.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/httpd.py
@@ -17,7 +17,7 @@ def __init__(self):
         self.pbar_text = "Configuring " + base.httpd_name
         self.app_type = AppType.SERVICE
         self.install_type = InstallOption.OPTONAL
-        self.install_var = 'installHttpd'
+        self.install_var = 'install_httpd'
         self.register_progess()
 
         self.needdb = False # we don't need backend connection in this class
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans.py b/jans-linux-setup/jans_setup/setup_app/installers/jans.py
index 34235e48497..5c1d236dd72 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans.py
@@ -24,7 +24,7 @@
 
 class JansInstaller(BaseInstaller, SetupUtils):
 
-    install_var = 'installJans'
+    install_var = 'install_jans'
 
     def __repr__(self):
         setattr(base.current_app, self.__class__.__name__, self)
@@ -73,12 +73,12 @@ def get_install_string(prefix, install_var):
                     return ''
                 return prefix.ljust(30) + repr(getattr(Config, install_var, False)).rjust(35) + (' *' if install_var in Config.addPostSetupService else '') + '\n'
 
-            txt += get_install_string('Install Apache 2 web server', 'installHttpd')
-            txt += get_install_string('Install Auth Server', 'installOxAuth')
+            txt += get_install_string('Install Apache 2 web server', 'install_httpd')
+            txt += get_install_string('Install Auth Server', 'install_jans_auth')
             txt += get_install_string('Install Jans Config API', 'install_config_api')
             if Config.profile == 'jans':
                 for prompt_str, install_var in (
-                        ('Install Fido2 Server', 'installFido2'),
+                        ('Install Fido2 Server', 'install_fido2'),
                         ('Install Scim Server', 'install_scim_server'),
                         ('Install Jans Link Server', 'install_jans_link'),
                         ('Install Jans KC Link Server', 'install_jans_keycloak_link'),
@@ -117,15 +117,15 @@ def initialize(self):
             sys.exit(1)
 
         #Download jans-auth-client-jar-with-dependencies
-        if not os.path.exists(Config.non_setup_properties['oxauth_client_jar_fn']):
-            oxauth_client_jar_url = os.path.join(base.current_app.app_info['JANS_MAVEN'], 'maven/io/jans/jans-auth-client/{0}/jans-auth-client-{0}-jar-with-dependencies.jar').format(base.current_app.app_info['jans_version'])
-            self.logIt("Downloading {}".format(os.path.basename(oxauth_client_jar_url)))
-            base.download(oxauth_client_jar_url, Config.non_setup_properties['oxauth_client_jar_fn'])
+        if not os.path.exists(Config.non_setup_properties['jans_auth_client_jar_fn']):
+            jans_auth_client_jar_url = os.path.join(base.current_app.app_info['JANS_MAVEN'], 'maven/io/jans/jans-auth-client/{0}/jans-auth-client-{0}-jar-with-dependencies.jar').format(base.current_app.app_info['jans_version'])
+            self.logIt("Downloading {}".format(os.path.basename(jans_auth_client_jar_url)))
+            base.download(jans_auth_client_jar_url, Config.non_setup_properties['jans_auth_client_jar_fn'])
 
         self.logIt("Determining key generator path")
-        oxauth_client_jar_zf = zipfile.ZipFile(Config.non_setup_properties['oxauth_client_jar_fn'])
+        jans_auth_client_jar_zf = zipfile.ZipFile(Config.non_setup_properties['jans_auth_client_jar_fn'])
 
-        for f in oxauth_client_jar_zf.namelist():
+        for f in jans_auth_client_jar_zf.namelist():
             if os.path.basename(f) == 'KeyGenerator.class':
                 p, e = os.path.splitext(f)
                 Config.non_setup_properties['key_gen_path'] = p.replace(os.path.sep, '.')
@@ -134,7 +134,7 @@ def initialize(self):
                 Config.non_setup_properties['key_export_path'] = p.replace(os.path.sep, '.')
 
         if (not 'key_gen_path' in Config.non_setup_properties) or (not 'key_export_path' in Config.non_setup_properties):
-            self.logIt("Can't determine key generator and/or key exporter path form {}".format(Config.non_setup_properties['oxauth_client_jar_fn']), True, True)
+            self.logIt("Can't determine key generator and/or key exporter path form {}".format(Config.non_setup_properties['jans_auth_client_jar_fn']), True, True)
         else:
             self.logIt("Key generator path was determined as {}".format(Config.non_setup_properties['key_export_path']))
 
@@ -646,10 +646,10 @@ def generate_smtp_config(self):
     def order_services(self):
 
         service_list = [
-                        ('jans-auth', 'installOxAuth'),
+                        ('jans-auth', 'install_jans_auth'),
                         ('jans-config-api', 'install_config_api'),
                         ('jans-casa', 'install_casa'),
-                        ('jans-fido2', 'installFido2'),
+                        ('jans-fido2', 'install_fido2'),
                         ('jans-link', 'install_jans_link'),
                         ('jans-scim', 'install_scim_server'),
                         ('jans-lock', 'install_jans_lock_as_server'),
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py
index 7c555a050fe..afd4fe1d9d2 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py
@@ -31,7 +31,7 @@ def __init__(self):
         self.service_name = 'jans-auth'
         self.app_type = AppType.SERVICE
         self.install_type = InstallOption.OPTONAL
-        self.install_var = 'installOxAuth'
+        self.install_var = 'install_jans_auth'
         self.register_progess()
 
         self.templates_folder = os.path.join(Config.templateFolder, self.service_name)
@@ -39,11 +39,11 @@ def __init__(self):
 
         self.ldif_config = os.path.join(self.output_folder, 'configuration.ldif')
         self.ldif_role_scope_mappings = os.path.join(self.output_folder, 'role-scope-mappings.ldif')
-        self.oxauth_config_json = os.path.join(self.output_folder, 'jans-auth-config.json')
-        self.oxauth_static_conf_json = os.path.join(self.templates_folder, 'jans-auth-static-conf.json')
-        self.oxauth_error_json = os.path.join(self.templates_folder, 'jans-auth-errors.json')
-        self.oxauth_openid_jwks_fn = os.path.join(self.output_folder, 'jans-auth-keys.json')
-        self.oxauth_openid_jks_fn = os.path.join(Config.certFolder, 'jans-auth-keys.' + Config.default_store_type.lower())
+        self.jans_auth_config_json = os.path.join(self.output_folder, 'jans-auth-config.json')
+        self.jans_auth_static_conf_json = os.path.join(self.templates_folder, 'jans-auth-static-conf.json')
+        self.jans_auth_error_json = os.path.join(self.templates_folder, 'jans-auth-errors.json')
+        self.jans_auth_openid_jwks_fn = os.path.join(self.output_folder, 'jans-auth-keys.json')
+        self.jans_auth_openid_jks_fn = os.path.join(Config.certFolder, 'jans-auth-keys.' + Config.default_store_type.lower())
         self.ldif_people = os.path.join(self.output_folder, 'people.ldif')
         self.ldif_groups = os.path.join(self.output_folder, 'groups.ldif')
         self.agama_root = os.path.join(self.jetty_base, self.service_name, 'agama')
@@ -56,7 +56,7 @@ def __init__(self):
     def install(self):
         self.logIt("Copying auth.war into jetty webapps folder...")
         self.make_pairwise_calculation_salt()
-        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         self.copyFile(self.source_files[0][0], self.jetty_service_webapps)
         self.external_libs()
         self.set_class_path([os.path.join(self.custom_lib_dir, '*')])
@@ -64,8 +64,8 @@ def install(self):
         self.enable()
 
     def generate_configuration(self):
-        if not Config.get('oxauth_openid_jks_pass'):
-            Config.oxauth_openid_jks_pass = self.getPW()
+        if not Config.get('jans_auth_openid_jks_pass'):
+            Config.jans_auth_openid_jks_pass = self.getPW()
 
         if not Config.get('admin_inum'):
             Config.admin_inum = str(uuid.uuid4())
@@ -75,13 +75,13 @@ def generate_configuration(self):
         self.logIt("Generating OAuth openid keys", pbar=self.service_name)
 
         jwks = self.gen_openid_jwks_jks_keys(
-                    jks_path=self.oxauth_openid_jks_fn,
-                    jks_pwd=Config.oxauth_openid_jks_pass,
+                    jks_path=self.jans_auth_openid_jks_fn,
+                    jks_pwd=Config.jans_auth_openid_jks_pass,
                     key_expiration=2,
                     key_algs=Config.default_sig_key_algs,
                     enc_keys=Config.default_enc_key_algs
                     )
-        self.write_openid_keys(self.oxauth_openid_jwks_fn, jwks)
+        self.write_openid_keys(self.jans_auth_openid_jwks_fn, jwks)
 
         if Config.get('use_external_key'):
             self.import_openbanking_key()
@@ -125,7 +125,7 @@ def render_import_templates(self):
 
         Config.templateRenderingDict['person_custom_object_class_list'] = '[]' if Config.mapping_locations['default'] == 'rdbm' else '["jansCustomPerson", "jansPerson"]'
 
-        templates = [self.oxauth_config_json, self.ldif_people, self.ldif_groups]
+        templates = [self.jans_auth_config_json, self.ldif_people, self.ldif_groups]
 
         for tmp in templates:
             self.renderTemplateInOut(tmp, self.templates_folder, self.output_folder)
@@ -139,10 +139,10 @@ def render_import_templates(self):
 
         self.prepare_base64_extension_scripts()
 
-        Config.templateRenderingDict['oxauth_config_base64'] = self.generate_base64_ldap_file(self.oxauth_config_json)
-        Config.templateRenderingDict['oxauth_static_conf_base64'] = self.generate_base64_ldap_file(self.oxauth_static_conf_json)
-        Config.templateRenderingDict['oxauth_error_base64'] = self.generate_base64_ldap_file(self.oxauth_error_json)
-        Config.templateRenderingDict['oxauth_openid_key_base64'] = self.generate_base64_ldap_file(self.oxauth_openid_jwks_fn)
+        Config.templateRenderingDict['jans_auth_config_base64'] = self.generate_base64_ldap_file(self.jans_auth_config_json)
+        Config.templateRenderingDict['jans_auth_static_conf_base64'] = self.generate_base64_ldap_file(self.jans_auth_static_conf_json)
+        Config.templateRenderingDict['jans_auth_error_base64'] = self.generate_base64_ldap_file(self.jans_auth_error_json)
+        Config.templateRenderingDict['jans_auth_openid_key_base64'] = self.generate_base64_ldap_file(self.jans_auth_openid_jwks_fn)
 
         self.ldif_scripts = os.path.join(Config.output_dir, 'scripts.ldif')
         self.renderTemplateInOut(self.ldif_scripts, Config.templateFolder, Config.output_dir)
@@ -174,8 +174,8 @@ def copy_static(self):
 
     def import_openbanking_certificate(self):
         self.logIt("Importing openbanking ssl certificate")
-        oxauth_config_json = base.readJsonFile(self.oxauth_config_json)
-        jwks_uri = oxauth_config_json['jwksUri']
+        jans_auth_config_json = base.readJsonFile(self.jans_auth_config_json)
+        jwks_uri = jans_auth_config_json['jwksUri']
         o = urlparse(jwks_uri)
         jwks_addr = o.netloc
         open_banking_cert = self.get_server_certificate(jwks_addr)
@@ -194,7 +194,7 @@ def import_openbanking_key(self):
             self.download_ob_cert(Config.ob_cert_fn)
 
         if os.path.isfile(Config.ob_key_fn) and os.path.isfile(Config.ob_cert_fn):
-            self.import_key_cert_into_keystore('obsigning', self.oxauth_openid_jks_fn, Config.oxauth_openid_jks_pass, Config.ob_key_fn, Config.ob_cert_fn, Config.ob_alias)
+            self.import_key_cert_into_keystore('obsigning', self.jans_auth_openid_jks_fn, Config.jans_auth_openid_jks_pass, Config.ob_key_fn, Config.ob_cert_fn, Config.ob_alias)
 
     def external_libs(self):
         extra_libs = []
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_casa.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_casa.py
index 1761513b89f..caf07db7c0d 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_casa.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_casa.py
@@ -51,7 +51,7 @@ def __init__(self):
 
     def install(self):
 
-        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         self.copyFile(self.source_files[0][0], self.jetty_service_webapps)
 
         base.extract_subdir(base.current_app.jans_zip, 'jans-casa/extras', self.pylib_dir)
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_keycloak_link.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_keycloak_link.py
index 4f642ed7d95..9961ed6dc59 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_keycloak_link.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_keycloak_link.py
@@ -35,7 +35,7 @@ def __init__(self):
         self.snapshots_dir = os.path.join(self.vendor_dir, 'keycloak-link-snapshots')
 
     def install(self):
-        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         self.copyFile(self.source_files[0][0], self.jetty_service_webapps)
         base.current_app.ConfigApiInstaller.source_files.append(self.source_files[1])
         base.current_app.ConfigApiInstaller.install_plugin('kc-link-plugin')
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_link.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_link.py
index 256c0d7f9c3..500638c347e 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_link.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_link.py
@@ -34,7 +34,7 @@ def __init__(self):
         self.snapshots_dir = os.path.join(self.vendor_dir, 'link-snapshots')
 
     def install(self):
-        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         self.copyFile(self.source_files[0][0], self.jetty_service_webapps)
 
         if Config.installed_instance and Config.install_config_api:
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py
index 5c1243425b7..c7e7a8b5a4e 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py
@@ -62,7 +62,7 @@ def install(self):
             self.install_opa()
 
         if Config.persistence_type == 'sql' and Config.rdbm_type == 'pgsql':
-            self.dbUtils.set_oxAuthConfDynamic({'lockMessageConfig': {'enableTokenMessages': True, 'tokenMessagesChannel': 'jans_token'}})
+            self.dbUtils.set_jans_auth_conf_dynamic({'lockMessageConfig': {'enableTokenMessages': True, 'tokenMessagesChannel': 'jans_token'}})
             Config.lock_message_provider_type = 'POSTGRES'
 
         # we don't need to install lock-plugin to jans-config-api for remote client
@@ -74,7 +74,7 @@ def install(self):
         self.apache_lock_config()
 
     def install_as_server(self):
-        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         self.logIt(f"Copying {self.source_files[0][0]} into jetty webapps folder...")
         self.copyFile(self.source_files[0][0], self.jetty_service_webapps)
         self.enable()
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
index 5a1150d7192..7aa056f4762 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
@@ -156,7 +156,7 @@ def install_keycloak(self):
         base.unpack_zip(self.source_files[1][0], self.idp_config_data_dir, with_par_dir=False)
 
         # retreive auth config
-        _, jans_auth_config = self.dbUtils.get_oxAuthConfDynamic()
+        _, jans_auth_config = self.dbUtils.get_jans_auth_conf_dynamic()
         Config.templateRenderingDict['jans_auth_token_endpoint'] = jans_auth_config['tokenEndpoint']
 
         self.update_rendering_dict()
@@ -290,7 +290,7 @@ def install_keycloak_scheduler(self):
         self.copyFile(self.source_files[4][0], os.path.join(Config.scheduler_dir, 'lib'))
 
         # configuration rendering identifiers
-        _, jans_auth_config = self.dbUtils.get_oxAuthConfDynamic()
+        _, jans_auth_config = self.dbUtils.get_jans_auth_conf_dynamic()
         self.check_clients([('kc_scheduler_api_client_id', '2102.')])
 
         rendering_dict = {
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jetty.py b/jans-linux-setup/jans_setup/setup_app/installers/jetty.py
index 56337e0d300..bc0320f23a8 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jetty.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jetty.py
@@ -34,7 +34,7 @@ def __init__(self):
         setattr(base.current_app, self.__class__.__name__, self)
         self.service_name = 'jetty'
         self.needdb = False # we don't need backend connection in this class
-        self.install_var = 'installJetty'
+        self.install_var = 'install_jetty'
         self.app_type = AppType.APPLICATION
         self.install_type = InstallOption.MANDATORY
         if not base.snap:
@@ -152,7 +152,7 @@ def jetty_service_dir(self):
     def jetty_service_webapps(self):
         return os.path.join(self.jetty_service_dir, 'webapps')
 
-    def installJettyService(self, serviceConfiguration, supportCustomizations=False, supportOnlyPageCustomizations=False):
+    def install_jettyService(self, serviceConfiguration, supportCustomizations=False, supportOnlyPageCustomizations=False):
         service_name = serviceConfiguration['name']
         self.logIt("Installing jetty service %s..." % service_name)
         self.logIt("Deploying Jetty Service", pbar=service_name)
@@ -355,9 +355,9 @@ def calculate_selected_aplications_memory(self):
         installedComponents = []
 
         # Jetty apps
-        for config_var, service in [('installOxAuth', 'jans-auth'),
+        for config_var, service in [('install_jans_auth', 'jans-auth'),
                                     ('install_scim_server', 'jans-scim'),
-                                    ('installFido2', 'jans-fido2'),
+                                    ('install_fido2', 'jans-fido2'),
                                     ('install_config_api', 'jans-config-api'),
                                     ('install_jans_lock_as_server', 'jans-lock'),
                                     ]:
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jre.py b/jans-linux-setup/jans_setup/setup_app/installers/jre.py
index 0b77a1c291d..62bd6c6b9d1 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jre.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jre.py
@@ -23,7 +23,7 @@ def __init__(self):
         setattr(base.current_app, self.__class__.__name__, self)
         self.service_name = 'jre'
         self.needdb = False # we don't need backend connection in this class
-        self.install_var = 'installJre'
+        self.install_var = 'install_jre'
         self.app_type = AppType.APPLICATION
         self.install_type = InstallOption.MANDATORY
         if not base.snap:
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jython.py b/jans-linux-setup/jans_setup/setup_app/installers/jython.py
index dee5e470794..293c655bc9c 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jython.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jython.py
@@ -19,7 +19,7 @@ class JythonInstaller(BaseInstaller, SetupUtils):
     def __init__(self):
         setattr(base.current_app, self.__class__.__name__, self)
         self.service_name = 'jython'
-        self.install_var = 'installJython'
+        self.install_var = 'install_jython'
         self.app_type = AppType.APPLICATION
         self.install_type = InstallOption.MANDATORY
         if not base.snap:
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/oxd.py b/jans-linux-setup/jans_setup/setup_app/installers/oxd.py
deleted file mode 100644
index 5ed2fa3b799..00000000000
--- a/jans-linux-setup/jans_setup/setup_app/installers/oxd.py
+++ /dev/null
@@ -1,169 +0,0 @@
-import os
-import glob
-import ruamel.yaml
-import shutil
-import tempfile
-
-from setup_app import paths
-from setup_app.static import AppType, InstallOption
-from setup_app.utils import base
-from setup_app.config import Config
-from setup_app.utils.setup_utils import SetupUtils
-from setup_app.installers.base import BaseInstaller
-
-class OxdInstaller(SetupUtils, BaseInstaller):
-
-    def __init__(self):
-        setattr(base.current_app, self.__class__.__name__, self)
-        self.service_name = 'oxd-server'
-        self.oxd_root = '/opt/oxd-server/'
-        self.needdb = False # we don't need backend connection in this class
-        self.app_type = AppType.SERVICE
-        self.install_type = InstallOption.OPTONAL
-        self.install_var = 'installOxd'
-        self.register_progess()
-
-        self.oxd_server_yml_fn = os.path.join(self.oxd_root, 'conf/oxd-server.yml')
-
-    def install(self):
-        self.logIt("Installing", pbar=self.service_name)
-        self.shutil.unpack_archive(Config.oxd_package, self.oxd_root)
-        self.run(['chown', '-R', 'jetty:jetty', self.oxd_root])
-
-        if base.snap:
-            self.log_dir = os.path.join(base.snap_common, 'jans/oxd-server/log/')
-        else:
-            self.log_dir = '/var/log/oxd-server'
-            service_file = os.path.join(self.oxd_root, 'oxd-server.service')
-            if os.path.exists(service_file):
-                self.run(['cp', service_file, '/lib/systemd/system'])
-            else:
-                self.run([Config.cmd_ln, service_file, '/etc/init.d/oxd-server'])
-
-        if not os.path.exists(self.log_dir):
-            self.run([paths.cmd_mkdir, self.log_dir])
-
-        self.run([
-                'cp', 
-                os.path.join(Config.install_dir, 'static/oxd/oxd-server.default'), 
-                os.path.join(Config.osDefault, 'oxd-server')
-                ])
-
-        self.log_file = os.path.join(self.log_dir, 'oxd-server.log')
-        if not os.path.exists(self.log_file):
-            open(self.log_file, 'w').close()
-
-        if not base.snap:
-            self.run(['chown', '-R', 'jetty:jetty', self.log_dir])
-
-        for fn in glob.glob(os.path.join(self.oxd_root,'bin/*')):
-            self.run([paths.cmd_chmod, '+x', fn])
-
-        self.modify_config_yml()
-        self.generate_keystore()
-
-        self.enable()
-
-    def modify_config_yml(self):
-        self.logIt("Configuring", pbar=self.service_name)
-        yml_str = self.readFile(self.oxd_server_yml_fn)
-        oxd_yaml = ruamel.yaml.load(yml_str, ruamel.yaml.RoundTripLoader)
-
-        if 'bind_ip_addresses' in oxd_yaml:
-            oxd_yaml['bind_ip_addresses'].append(Config.ip)
-        else:
-            for i, k in enumerate(oxd_yaml):
-                if k == 'storage':
-                    break
-            else:
-                i = 1
-            addr_list = [Config.ip]
-            if base.snap:
-                addr_list.append('127.0.0.1')
-            oxd_yaml.insert(i, 'bind_ip_addresses',  addr_list)
-
-        if Config.get('oxd_use_jans_storage'):
-
-            oxd_yaml['storage_configuration'].pop('dbFileLocation')
-            oxd_yaml['storage'] = 'jans_server_configuration'
-            oxd_yaml['storage_configuration']['baseDn'] = 'o=jans'
-            oxd_yaml['storage_configuration']['type'] = Config.jans_properties_fn
-            oxd_yaml['storage_configuration']['connection'] = Config.ox_ldap_properties if Config.mapping_locations['default'] == 'ldap' else Config.jansCouchebaseProperties
-            oxd_yaml['storage_configuration']['salt'] = os.path.join(Config.configFolder, "salt")
-
-        if base.snap:
-            for appenders in oxd_yaml['logging']['appenders']:
-                if appenders['type'] == 'file':
-                    appenders['currentLogFilename'] = self.log_file
-                    appenders['archivedLogFilenamePattern'] = os.path.join(base.snap_common, 'jans/oxd-server/log/oxd-server-%d{yyyy-MM-dd}-%i.log.gz')
-
-        yml_str = ruamel.yaml.dump(oxd_yaml, Dumper=ruamel.yaml.RoundTripDumper)
-        self.writeFile(self.oxd_server_yml_fn, yml_str)
-
-
-    def generate_keystore(self):
-        self.logIt("Generating certificate", pbar=self.service_name)
-        # generate oxd-server.keystore for the hostname
-        self.run([
-            paths.cmd_openssl,
-            'req', '-x509', '-newkey', 'rsa:4096', '-nodes',
-            '-out', '/tmp/oxd.crt',
-            '-keyout', '/tmp/oxd.key',
-            '-days', '3650',
-            '-subj', '/C={}/ST={}/L={}/O={}/CN={}/emailAddress={}'.format(Config.countryCode, Config.state, Config.city, Config.orgName, Config.hostname, Config.admin_email),
-            ])
-
-        self.run([
-            paths.cmd_openssl,
-            'pkcs12', '-export',
-            '-in', '/tmp/oxd.crt',
-            '-inkey', '/tmp/oxd.key',
-            '-out', '/tmp/oxd.p12',
-            '-name', Config.hostname,
-            '-passout', 'pass:example'
-            ])
-
-        self.run([
-            Config.cmd_keytool,
-            '-importkeystore',
-            '-deststorepass', 'example',
-            '-destkeypass', 'example',
-            '-destkeystore', '/tmp/oxd.keystore',
-            '-srckeystore', '/tmp/oxd.p12',
-            '-srcstoretype', 'PKCS12',
-            '-srcstorepass', 'example',
-            '-alias', Config.hostname,
-            ])
-
-        oxd_keystore_fn = os.path.join(self.oxd_root, 'conf/oxd-server.keystore')
-        self.run(['cp', '-f', '/tmp/oxd.keystore', oxd_keystore_fn])
-        self.run([paths.cmd_chown, 'jetty:jetty', oxd_keystore_fn])
-        
-        for f in ('/tmp/oxd.crt', '/tmp/oxd.key', '/tmp/oxd.p12', '/tmp/oxd.keystore'):
-            self.run([paths.cmd_rm, '-f', f])
-
-    def installed(self):
-        return os.path.exists(self.oxd_server_yml_fn)
-
-    def download_files(self, force=False):
-        oxd_url = os.path.join(base.current_app.app_info['JANS_MAVEN'], 'maven/io/jans/oxd-server/{0}/oxd-server-{0}-distribution.zip').format(base.current_app.app_info['jans_version'])
-
-        self.logIt("Downloading {} and preparing package".format(os.path.basename(oxd_url)))
-
-        with tempfile.TemporaryDirectory() as tmp_dir:
-            oxd_zip_fn = os.path.join(tmp_dir, 'oxd-server.zip')
-            oxd_tmp_dir = os.path.join(tmp_dir, 'oxd-server')
-            self.download_file(oxd_url, oxd_zip_fn)
-            shutil.unpack_archive(oxd_zip_fn, oxd_tmp_dir)
-            self.createDirs(os.path.join(oxd_tmp_dir, 'data'))
-
-            oxd_server_sh_url = 'https://raw.githubusercontent.com/GluuFederation/oxd/master/debian/oxd-server'
-            self.download_file(oxd_server_sh_url, os.path.join(oxd_tmp_dir, 'bin/oxd-server'))
-            Config.oxd_package = shutil.make_archive(os.path.join(Config.dist_jans_dir, 'oxd-server'), "gztar", root_dir=tmp_dir, base_dir="oxd-server")
-
-            Config.oxd_package = oxd_tgz_fn
-
-    def create_folders(self):
-        if not os.path.exists(self.oxd_root):
-            self.run([paths.cmd_mkdir, self.oxd_root])
-
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/scim.py b/jans-linux-setup/jans_setup/setup_app/installers/scim.py
index a0c316081ee..a4a49acd6b1 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/scim.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/scim.py
@@ -44,7 +44,7 @@ def extract_files(self):
 
     def install(self):
         self.logIt("Copying scim.war into jetty webapps folder...")
-        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         jettyServiceWebapps = os.path.join(self.jetty_base, self.service_name,  'webapps')
         self.copyFile(self.source_files[0][0], jettyServiceWebapps)
 
diff --git a/jans-linux-setup/jans_setup/setup_app/messages.py b/jans-linux-setup/jans_setup/setup_app/messages.py
index 5c6cbbdce2a..5eb5831ece6 100644
--- a/jans-linux-setup/jans_setup/setup_app/messages.py
+++ b/jans-linux-setup/jans_setup/setup_app/messages.py
@@ -25,20 +25,15 @@ class msg:
     hosts_label = "Hosts"
     username_label = "Username"
 
-    installOxAuth_label = "Install OxAuth"
-    installOxTrust_label = "Install OxTrust"
+    install_jans_auth_label = "Install Jans Auth"
     backend_types_label = "Backend Types"
     java_type_label = "Java Type"
-    installHttpd_label = "Install Apache"
-    installSaml_label = "Install Saml"
-    installPassport_label = "Install Passport"
-    installJansRadius_label = "Install Radius"
+    install_httpd_label = "Install Apache"
     opendj_storages_label = "Store on OpenDJ"
     installing_label = "Current"
-    installOxd_label = "Install Oxd"
-    installCasa_label = "Install Casa"
+    install_casa_label = "Install Casa"
     install_scim_server_label = "Install Scim"
-    installFido2_label = "Install Fido2"
+    install_fido2_label = "Install Fido2"
 
     insufficient_free_disk_space = "Available free disk space was determined to be {1:0.1f} GB. This is less than the required disk space of {} GB."
     insufficient_mem_size = "RAM size was determined to be {:0.1f} GB. This is less than the suggested RAM size of {} GB"
@@ -71,35 +66,23 @@ class msg:
     enter_valid_countryCode = "Please enter two letter country code"
 
 
-    ask_installHttpd = "Install Apache HTTPD Server"
-    ask_installSaml = "Install Shibboleth SAML IDP"
-    ask_installOxAuthRP  = "Install oxAuth RP"
-    ask_installPassport  = "Install Passport"
-    ask_installJansRadius = "Install Janssen Radius"
-    ask_installCasa = "Install Casa"
-    ask_installOxd = "Install Oxd"
+    ask_install_httpd = "Install Apache HTTPD Server"
+    ask_install_casa = "Install Casa"
     ask_opendj_install = "Install OpenDJ"
     ask_install_scim_server = "Install Scim Server"
-    ask_installFido2 = "Install Fido2"
+    ask_install_fido2 = "Install Fido2"
 
     opendj_install_options = ["Don't Install","Install Locally","Use Remote OpenDJ"]
-    oxd_url_label = "oxd Server URL"
-    install_oxd_or_url_warning = "Please either enter oxd Server URL or check Install Oxd"
-    oxd_connection_error = "Can't connect to oxd-server with url {}. Reason: {}"
-    oxd_ssl_cert_error = "Hostname of oxd ssl certificate is {} which does not match {} casa won't start properly"
 
     ask_cb_install = "Couchbase Installation"
     cb_install_options = ["Don't Install","Install Locally","Use Remote Couchbase"]
-    
-    ask_use_jans_storage_oxd = "By default oxd uses its own db. Do you want to use Janssen Storage for Oxd?"
-    ask_use_jans_storage_oxd_title = "Use Janssen Storage for Oxd?"
-    
+
     notify_select_backend = "Please select one of the backends either local install or remote" 
     weak_password = "Password for {} must be at least 6 characters and include one uppercase letter, one lowercase letter, one digit, and one special character."
     unselected_storages = "Note: Unselected storages will go Couchbase Server"
 
     no_help = "No help is provided for this screen."
-    
+
     MainFromHelp = "Detected OS type, system init type, and Apache version is displayed. Inorder to continue to next step, you must check lisecnce acknowledgement."
     HostFromHelp = ("IP Address: ip address of this server. Detected ip address will be provided\n"
                    "Hostname: hostname of this server. Detected hostname will be provided.\n"
@@ -110,16 +93,12 @@ class msg:
 
     installation_description_java = "Corretto is a build of the Open Java Development Kit (OpenJDK) with long-term support from Amazon. Corretto is certified using the Java Technical Compatibility Kit (TCK) to ensure it meets the Java SE standard."
     installation_description_opendj = "OpenDJ is an LDAPv3 compliant directory service, which has been developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization."
-    installation_description_oxauth = "oxAuth is an open source OpenID Connect Provider (OP) and UMA Authorization Server (AS). The project also includes OpenID Connect Client code which can be used by websites to validate tokens."
-    installation_description_oxtrust = "oxTrust is a Weld based web application for Janssen Server administration."
+    installation_description_jans_auth = "Jans Auth is an open source OpenID Connect Provider (OP) and UMA Authorization Server (AS). The project also includes OpenID Connect Client code which can be used by websites to validate tokens."
     installation_description_saml = "The Janssen Server acts as a SAML identity provider (IDP) to support outbound SAML single sign-on (SSO)."
-    installation_description_passport = "Janssen bundles the Passport.js authentication middleware project to support user authentication at external SAML, OAuth, and OpenID Connect providers "
-    installation_description_radius = "The Janssen Server now ships with a RADIUS server called Janssen Radius. It is based on the TinyRadius Java library."
     installation_description_jans = "Janssen Server is identity & access management (IAM) platform for web & mobile single sign-on (SSO), two-factor authentication (2FA) and API access management."
     installation_description_jetty = "Eclipse Jetty provides a Web server and jakarta.servlet container, plus support for HTTP/2, WebSocket, OSGi, JMX, JNDI, JAAS and many other integrations."
     installation_description_jython = "Jython is a Java implementation of Python that combines expressive power with clarity. Jython is freely available for both commercial and non-commercial use and is distributed with source code under the PSF License v2."
     installation_description_node = "As an asynchronous event-driven JavaScript runtime, Node.js is designed to build scalable network applications."
-    installation_description_oxd = "oxd exposes simple, static APIs web application developers can use to implement user authentication and authorization against an OAuth 2.0 authorization server like Janssen."
     installation_description_casa = "Janssen Casa is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Server."
     installation_description_scim = "The Janssen Server implements SCIM to offer standard REST APIs for performing CRUD operations (create, read, update and delete) against user data."
     installation_description_fido2 = "FIDO 2.0 (FIDO2) is an open authentication standard that enables people to leverage common devices to authenticate to online services in both mobile and desktop environments"
diff --git a/jans-linux-setup/jans_setup/setup_app/setup_options.py b/jans-linux-setup/jans_setup/setup_app/setup_options.py
index e06d7bfd620..abaf7bcb19e 100644
--- a/jans-linux-setup/jans_setup/setup_app/setup_options.py
+++ b/jans-linux-setup/jans_setup/setup_app/setup_options.py
@@ -11,12 +11,11 @@ def get_setup_options():
         'setup_properties': None,
         'noPrompt': False,
         'downloadWars': False,
-        'installOxAuth': True,
+        'install_jans_auth': True,
         'install_config_api': True,
-        'installHTTPD': True,
+        'install_httpd': True,
         'install_scim_server': True if base.current_app.profile == 'jans' else False,
-        'installOxd': False,
-        'installFido2': True,
+        'install_fido2': True,
         'install_jans_link': False,
         'install_jans_keycloak_link': False,
         'install_casa': False,
@@ -90,7 +89,7 @@ def get_setup_options():
             setupOptions['couchbase_hostname'] = base.argsp.couchbase_hostname
 
         if base.argsp.no_jsauth:
-            setupOptions['installOxAuth'] = False
+            setupOptions['install_jans_auth'] = False
 
         if base.argsp.no_config_api:
             setupOptions['install_config_api'] = False
@@ -99,7 +98,7 @@ def get_setup_options():
             setupOptions['install_scim_server'] = False
 
         if base.argsp.no_fido2:
-            setupOptions['installFido2'] = False
+            setupOptions['install_fido2'] = False
 
         if base.argsp.install_jans_link:
             setupOptions['install_jans_link'] = True
@@ -197,7 +196,7 @@ def get_setup_options():
     setupOptions['noPrompt'] = base.argsp.n
 
     if base.argsp.no_httpd:
-        setupOptions['installHTTPD'] = False
+        setupOptions['install_httpd'] = False
 
 
     return setupOptions
diff --git a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py
index 36497bfd6e7..784218ffc66 100644
--- a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py
+++ b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py
@@ -48,7 +48,7 @@ def create_test_client_keystore(self):
         self.run(' '.join(args), shell=True)
 
         args = [Config.cmd_java, '-Dlog4j.defaultInitOverride=true',
-                '-cp', Config.non_setup_properties['oxauth_client_jar_fn'], Config.non_setup_properties['key_gen_path'],
+                '-cp', Config.non_setup_properties['jans_auth_client_jar_fn'], Config.non_setup_properties['key_gen_path'],
                 '-key_ops_type', 'ALL',
                 '-keystore', client_keystore_fn,
                 '-keypasswd', 'secret',
@@ -96,11 +96,11 @@ def load_agama_test_data(self):
         prop_src_fn = os.path.join(agama_out_dir, 'config-agama-test.properties')
         self.renderTemplateInOut(prop_src_fn, agama_temp_dir, os.path.join(Config.output_dir, 'test/jans-auth'))
 
-        dn, oxauth_conf_dynamic = self.dbUtils.get_oxAuthConfDynamic()
-        agama_config=oxauth_conf_dynamic["agamaConfiguration"].copy()
+        dn, jans_auth_conf_dynamic = self.dbUtils.get_jans_auth_conf_dynamic()
+        agama_config=jans_auth_conf_dynamic["agamaConfiguration"].copy()
         agama_config['disableTCHV'] = True
         agama_config['enabled'] = True
-        self.dbUtils.set_oxAuthConfDynamic({'agamaConfiguration': agama_config})
+        self.dbUtils.set_jans_auth_conf_dynamic({'agamaConfiguration': agama_config})
         self.dbUtils.enable_script('BADA-BADA')
 
     def load_test_data(self):
@@ -130,43 +130,43 @@ def load_test_data(self):
         if Config.rdbm_type == 'spanner':
             Config.rdbm_password_enc = ''
 
-        Config.templateRenderingDict['config_oxauth_test_ldap'] = '# Not available'
-        Config.templateRenderingDict['config_oxauth_test_couchbase'] = '# Not available'
+        Config.templateRenderingDict['config_jans_auth_test_ldap'] = '# Not available'
+        Config.templateRenderingDict['config_jans_auth_test_couchbase'] = '# Not available'
 
 
-        config_oxauth_test_properties = self.fomatWithDict(
+        config_jans_auth_test_properties = self.fomatWithDict(
             'server.name=%(hostname)s\nconfig.oxauth.issuer=http://localhost:80\nconfig.oxauth.contextPath=http://localhost:80\nconfig.oxauth.salt=%(encode_salt)s\nconfig.persistence.type=%(persistence_type)s\n\n',
             self.merge_dicts(Config.__dict__, Config.templateRenderingDict)
             )
 
         if self.getMappingType('ldap'):
-            template_text = self.readFile(os.path.join(self.template_base, 'jans-auth/server/config-oxauth-test-ldap.properties.nrnd'))
-            rendered_text = self.fomatWithDict(template_text, self.merge_dicts(Config.__dict__, Config.templateRenderingDict))            
-            config_oxauth_test_properties += '#ldap\n' +  rendered_text
+            template_text = self.readFile(os.path.join(self.template_base, 'jans-auth/server/config-jans-auth-test-ldap.properties.nrnd'))
+            rendered_text = self.fomatWithDict(template_text, self.merge_dicts(Config.__dict__, Config.templateRenderingDict))
+            config_jans_auth_test_properties += '#ldap\n' +  rendered_text
 
         if self.getMappingType('couchbase'):
             couchbaseDict = base.current_app.CouchbaseInstaller.couchbaseDict()
-            template_text = self.readFile(os.path.join(self.template_base, 'jans-auth/server/config-oxauth-test-couchbase.properties.nrnd'))
+            template_text = self.readFile(os.path.join(self.template_base, 'jans-auth/server/config-jans-auth-test-couchbase.properties.nrnd'))
             rendered_text = self.fomatWithDict(template_text, self.merge_dicts(Config.__dict__, Config.templateRenderingDict, couchbaseDict))
-            config_oxauth_test_properties += '\n#couchbase\n' +  rendered_text
+            config_jans_auth_test_properties += '\n#couchbase\n' +  rendered_text
 
 
         if self.getMappingType('rdbm'):
 
             if Config.rdbm_type == 'spanner': 
-                template_text = self.readFile(os.path.join(self.template_base, 'jans-auth/server/config-oxauth-test-spanner.properties.nrnd'))
+                template_text = self.readFile(os.path.join(self.template_base, 'jans-auth/server/config-jans-auth-test-spanner.properties.nrnd'))
                 rendered_text = self.fomatWithDict(template_text, self.merge_dicts(Config.__dict__, Config.templateRenderingDict))
-                config_oxauth_test_properties += '\n#spanner\n' +  rendered_text
+                config_jans_auth_test_properties += '\n#spanner\n' +  rendered_text
 
             else:
-                template_text = self.readFile(os.path.join(self.template_base, 'jans-auth/server/config-oxauth-test-sql.properties.nrnd'))
+                template_text = self.readFile(os.path.join(self.template_base, 'jans-auth/server/config-jans-auth-test-sql.properties.nrnd'))
                 rendered_text = self.fomatWithDict(template_text, self.merge_dicts(Config.__dict__, Config.templateRenderingDict))
-                config_oxauth_test_properties += '\n#sql\n' +  rendered_text
+                config_jans_auth_test_properties += '\n#sql\n' +  rendered_text
 
             self.logIt("Adding custom attributs and indexes")
 
             schema2json(
-                    os.path.join(Config.templateFolder, 'test/jans-auth/schema/102-oxauth_test.ldif'),
+                    os.path.join(Config.templateFolder, 'test/jans-auth/schema/102-jans-auth_test.ldif'),
                     os.path.join(Config.output_dir, 'test/jans-auth/schema/')
                     )
             schema2json(
@@ -174,9 +174,9 @@ def load_test_data(self):
                     os.path.join(Config.output_dir, 'test/scim-client/schema/'),
                     )
 
-            oxauth_json_schema_fn =os.path.join(Config.output_dir, 'test/jans-auth/schema/102-oxauth_test.json')
+            jans_auth_json_schema_fn =os.path.join(Config.output_dir, 'test/jans-auth/schema/102-jans-auth_test.json')
             scim_json_schema_fn = os.path.join(Config.output_dir, 'test/scim-client/schema/103-scim_test.json')
-            jans_schema_json_files = [ oxauth_json_schema_fn, scim_json_schema_fn ]
+            jans_schema_json_files = [ jans_auth_json_schema_fn, scim_json_schema_fn ]
 
             scim_schema = base.readJsonFile(scim_json_schema_fn)
             may_list = []
@@ -206,8 +206,8 @@ def load_test_data(self):
                 self.dbUtils.rdm_automapper(force=True)
 
         self.writeFile(
-            os.path.join(Config.output_dir, 'test/jans-auth/server/config-oxauth-test.properties'),
-            config_oxauth_test_properties
+            os.path.join(Config.output_dir, 'test/jans-auth/server/config-jans-auth-test.properties'),
+            config_jans_auth_test_properties
             )
 
         ignoredirs = []
@@ -218,13 +218,13 @@ def load_test_data(self):
         self.render_templates_folder(self.template_base, ignoredirs=ignoredirs)
 
         if Config.get('jca_client_id') or Config.get('jca_test_client_id'):
-            config_oxauth_test_data_server_properties_fn = os.path.join(Config.output_dir, 'test/jans-auth/server/config-oxauth-test-data.properties')
-            config_oxauth_test_data_server_properties = Properties()
+            jans_auth_test_data_server_properties_fn = os.path.join(Config.output_dir, 'test/jans-auth/server/config-jans-auth-test-data.properties')
+            jans_auth_test_data_server_properties = Properties()
 
-            with open(config_oxauth_test_data_server_properties_fn, 'rb') as f:
-                config_oxauth_test_data_server_properties.load(f, 'utf-8')
+            with open(jans_auth_test_data_server_properties_fn, 'rb') as f:
+                jans_auth_test_data_server_properties.load(f, 'utf-8')
 
-            keep_clients = config_oxauth_test_data_server_properties["test.keep.clients"].data.split(',')
+            keep_clients = jans_auth_test_data_server_properties["test.keep.clients"].data.split(',')
             keep_clients = [client_id.strip() for client_id in keep_clients]
 
             if Config.get('jca_client_id'):
@@ -232,16 +232,16 @@ def load_test_data(self):
             if Config.get('jca_test_client_id'):
                 keep_clients.append(Config.jca_test_client_id)
 
-            config_oxauth_test_data_server_properties["test.keep.clients"] = ', '.join(keep_clients)
+            jans_auth_test_data_server_properties["test.keep.clients"] = ', '.join(keep_clients)
 
-            with open(config_oxauth_test_data_server_properties_fn, 'wb') as w:
-                config_oxauth_test_data_server_properties.store(w)
+            with open(jans_auth_test_data_server_properties_fn, 'wb') as w:
+                jans_auth_test_data_server_properties.store(w)
 
         self.logIt("Loading test ldif files")
         Config.pbar.progress(self.service_name, "Importing ldif files", False)
 
-        ox_auth_test_ldif = os.path.join(Config.output_dir, 'test/jans-auth/data/oxauth-test-data.ldif')
-        ox_auth_test_user_ldif = os.path.join(Config.output_dir, 'test/jans-auth/data/oxauth-test-data-user.ldif')
+        ox_auth_test_ldif = os.path.join(Config.output_dir, 'test/jans-auth/data/jans-auth-test-data.ldif')
+        ox_auth_test_user_ldif = os.path.join(Config.output_dir, 'test/jans-auth/data/jans-auth-test-data-user.ldif')
 
         scim_test_ldif = os.path.join(Config.output_dir, 'test/scim-client/data/scim-test-data.ldif')
         scim_test_user_ldif = os.path.join(Config.output_dir, 'test/scim-client/data/scim-test-data-user.ldif')
@@ -258,8 +258,8 @@ def load_test_data(self):
 
         self.chown(os.path.join(base.current_app.HttpdInstaller.server_root, 'jans-auth-client'), base.current_app.HttpdInstaller.apache_user, base.current_app.HttpdInstaller.apache_group, recursive=True)
 
-        Config.pbar.progress(self.service_name, "Updating oxauth config", False)
-        oxAuthConfDynamic_changes = {
+        Config.pbar.progress(self.service_name, "Updating jans auth config", False)
+        jans_auth_conf_dynamic_changes = {
                                     'dynamicRegistrationCustomObjectClass':  'jansClntCustomAttributes',
                                     'dynamicRegistrationCustomAttributes': [ "jansTrustedClnt", "myCustomAttr1", "myCustomAttr2", "jansInclClaimsInIdTkn" ],
                                     'dynamicRegistrationExpirationTime': 86400,
@@ -327,10 +327,10 @@ def load_test_data(self):
                     self.logIt("Can't decode json for auto test ciba patch", True)
 
             if datajs:
-                oxAuthConfDynamic_changes.update(datajs)
-                self.logIt("oxAuthConfDynamic was updated with auto test ciba patch")
+                jans_auth_conf_dynamic_changes.update(datajs)
+                self.logIt("jans_auth_conf_dynamic was updated with auto test ciba patch")
 
-        self.dbUtils.set_oxAuthConfDynamic(oxAuthConfDynamic_changes)
+        self.dbUtils.set_jans_auth_conf_dynamic(jans_auth_conf_dynamic_changes)
 
         self.enable_cusom_scripts()
 
@@ -341,7 +341,7 @@ def load_test_data(self):
             # Update LDAP schema
             Config.pbar.progress(self.service_name, "Updating schema", False)
             openDjSchemaFolder = os.path.join(Config.ldap_base_dir, 'config/schema/')
-            self.copyFile(os.path.join(Config.output_dir, 'test/jans-auth/schema/102-oxauth_test.ldif'), openDjSchemaFolder)
+            self.copyFile(os.path.join(Config.output_dir, 'test/jans-auth/schema/102-jans-auth_test.ldif'), openDjSchemaFolder)
             self.copyFile(os.path.join(Config.output_dir, 'test/scim-client/schema/103-scim_test.ldif'), openDjSchemaFolder)
 
             schema_fn = os.path.join(openDjSchemaFolder, '77-customAttributes.ldif')
@@ -440,6 +440,8 @@ def load_test_data(self):
         self.writeFile(super_gluu_creds_fn, json.dumps(super_gluu_creds, indent=2), backup=False)
         self.chown(super_gluu_creds_fn, Config.jetty_user, Config.root_user)
 
+        Config.pbar.progress(self.service_name, "Restarting Services", False)
+
         # Disable token binding module
         if base.os_name in ('ubuntu18', 'ubuntu20'):
             self.run(['a2dismod', 'mod_token_binding'])
@@ -450,7 +452,7 @@ def load_test_data(self):
         if Config.install_scim_server:
             self.restart('jans-scim')
 
-        if Config.installFido2:
+        if Config.install_fido2:
             self.restart('jans-fido2')
 
         if Config.install_config_api:
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py
index eba4fa55adc..8d2b46e6178 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py
@@ -11,7 +11,7 @@
 PROFILE = os.environ.get('JANS_PROFILE')
 
 parser_description='''Use this script to configure your Jans Server and to add initial data required for
-oxAuth and oxTrust to start. If setup.properties is found in this folder, these
+Jans Auth and other Jans services to start. If setup.properties is found in this folder, these
 properties will automatically be used instead of the interactive setup.
 '''
 
@@ -105,7 +105,6 @@
     parser.add_argument('--install-jans-lock', help="Install Jans Lock", action='store_true')
     parser.add_argument('--install-opa', help="Install OPA", action='store_true')
 
-    #parser.add_argument('--oxd-use-jans-storage', help="Use Jans Storage for Oxd Server", action='store_true')
     parser.add_argument('--load-config-api-test', help="Load Config Api Test Data", action='store_true')
 
     parser.add_argument('-config-patch-creds', help="password:username for downloading auto test ciba password")
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/collect_properties.py b/jans-linux-setup/jans_setup/setup_app/utils/collect_properties.py
index bc6854b12ef..32e1938aa27 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/collect_properties.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/collect_properties.py
@@ -38,7 +38,7 @@ def collect(self):
 
         jans_prop = base.read_properties_file(Config.jans_properties_fn)
         Config.persistence_type = jans_prop['persistence.type']
-        oxauth_ConfigurationEntryDN = jans_prop['jansAuth_ConfigurationEntryDN']
+        jans_auth_ConfigurationEntryDN = jans_prop['jansAuth_ConfigurationEntryDN']
         jans_ConfigurationDN = 'ou=configuration,o=jans'
 
         if Config.persistence_type in ('couchbase', 'sql', 'spanner'):
@@ -114,19 +114,6 @@ def collect(self):
 
         result = dbUtils.search('ou=clients,o=jans', search_filter='(&(inum=1701.*)(objectClass=jansClnt))', search_scope=ldap3.SUBTREE)
 
-        if result:
-            Config.jans_radius_client_id = result['inum']
-            Config.jans_ro_encoded_pw = result['jansClntSecret']
-            Config.jans_ro_pw = self.unobscure(Config.jans_ro_encoded_pw)
-    
-            result = dbUtils.search('inum=5866-4202,ou=scripts,o=jans', search_scope=ldap3.BASE)
-            if result:
-                Config.enableRadiusScripts = result['jansEnabled']
-
-            result = dbUtils.search('ou=clients,o=jans', search_filter='(&(inum=1402.*)(objectClass=jansClnt))', search_scope=ldap3.SUBTREE)
-            if result:
-                Config.oxtrust_requesting_party_client_id = result['inum']
-
         oxConfiguration = dbUtils.search(jans_ConfigurationDN, search_filter='(objectClass=jansAppConf)', search_scope=ldap3.BASE)
         if 'jansIpAddress' in oxConfiguration:
             Config.ip = oxConfiguration['jansIpAddress']
@@ -140,7 +127,7 @@ def collect(self):
 
         # Other clients
         client_var_id_list = [
-                    ('oxauth_client_id', '1001.'),
+                    ('jans_auth_client_id', '1001.'),
                     ('jca_client_id', '1800.', {'pw': 'jca_client_pw', 'encoded':'jca_client_encoded_pw'}),
                     ('jca_test_client_id', '1802.', {'pw': 'jca_test_client_pw', 'encoded':'jca_test_client_encoded_pw'}),
                     ('scim_client_id', '1201.', {'pw': 'scim_client_pw', 'encoded':'scim_client_encoded_pw'}),
@@ -151,31 +138,31 @@ def collect(self):
         self.check_clients(client_var_id_list, create=False)
 
         result = dbUtils.search(
-                        search_base='inum={},ou=clients,o=jans'.format(Config.get('oxauth_client_id', '-1')),
+                        search_base='inum={},ou=clients,o=jans'.format(Config.get('jans_auth_client_id', '-1')),
                         search_filter='(objectClass=jansClnt)',
                         search_scope=ldap3.BASE,
                         )
         if result and result.get('jansClntSecret'):
-            Config.oxauthClient_encoded_pw = result['jansClntSecret']
-            Config.oxauthClient_pw = self.unobscure(Config.oxauthClient_encoded_pw)
+            Config.jans_auth_client_encoded_pw = result['jansClntSecret']
+            Config.jans_auth_client_pw = self.unobscure(Config.jans_auth_client_encoded_pw)
 
-        dn_oxauth, oxAuthConfDynamic = dbUtils.get_oxAuthConfDynamic()
+        dn_jans_auth, jans_auth_conf_dynamic = dbUtils.get_jans_auth_conf_dynamic()
 
-        o_issuer = urlparse(oxAuthConfDynamic['issuer'])
+        o_issuer = urlparse(jans_auth_conf_dynamic['issuer'])
         Config.hostname = str(o_issuer.netloc)
 
-        Config.oxauth_openidScopeBackwardCompatibility =  oxAuthConfDynamic.get('openidScopeBackwardCompatibility', False)
+        Config.jans_auth_openidScopeBackwardCompatibility =  jans_auth_conf_dynamic.get('openidScopeBackwardCompatibility', False)
 
-        if 'pairwiseCalculationSalt' in oxAuthConfDynamic:
-            Config.pairwiseCalculationSalt =  oxAuthConfDynamic['pairwiseCalculationSalt']
-        if 'legacyIdTokenClaims' in oxAuthConfDynamic:
-            Config.oxauth_legacyIdTokenClaims = oxAuthConfDynamic['legacyIdTokenClaims']
-        if 'pairwiseCalculationKey' in oxAuthConfDynamic:
-            Config.pairwiseCalculationKey = oxAuthConfDynamic['pairwiseCalculationKey']
-        if 'keyStoreFile' in oxAuthConfDynamic:
-            Config.oxauth_openid_jks_fn = oxAuthConfDynamic['keyStoreFile']
-        if 'keyStoreSecret' in oxAuthConfDynamic:
-            Config.oxauth_openid_jks_pass = oxAuthConfDynamic['keyStoreSecret']
+        if 'pairwiseCalculationSalt' in jans_auth_conf_dynamic:
+            Config.pairwiseCalculationSalt =  jans_auth_conf_dynamic['pairwiseCalculationSalt']
+        if 'legacyIdTokenClaims' in jans_auth_conf_dynamic:
+            Config.jans_auth_legacyIdTokenClaims = jans_auth_conf_dynamic['legacyIdTokenClaims']
+        if 'pairwiseCalculationKey' in jans_auth_conf_dynamic:
+            Config.pairwiseCalculationKey = jans_auth_conf_dynamic['pairwiseCalculationKey']
+        if 'keyStoreFile' in jans_auth_conf_dynamic:
+            Config.jans_auth_openid_jks_fn = jans_auth_conf_dynamic['keyStoreFile']
+        if 'keyStoreSecret' in jans_auth_conf_dynamic:
+            Config.jans_auth_openid_jks_pass = jans_auth_conf_dynamic['keyStoreSecret']
 
         httpd_crt_fn = '/etc/certs/httpd.crt'
         crt_fn = httpd_crt_fn if os.path.exists(httpd_crt_fn) else '/etc/certs/ob/server.crt'
@@ -203,7 +190,7 @@ def collect(self):
 
         default_dir = '/etc/default'
         usedRatio = 0.001
-        oxauth_max_heap_mem = 0
+        jans_auth_max_heap_mem = 0
 
         jetty_services = JettyInstaller.jetty_app_configuration
 
@@ -214,11 +201,11 @@ def collect(self):
                 if service == 'jans-auth':
                     service_prop = base.read_properties_file(service_default_fn)
                     m = re.search('-Xmx(\d*)m', service_prop['JAVA_OPTIONS'])
-                    oxauth_max_heap_mem = int(m.groups()[0])
+                    jans_auth_max_heap_mem = int(m.groups()[0])
 
-        if oxauth_max_heap_mem:
+        if jans_auth_max_heap_mem:
             ratioMultiplier = 1.0 + (1.0 - usedRatio)/usedRatio
-            applicationMemory = oxauth_max_heap_mem / jetty_services['jans-auth']['memory']['jvm_heap_ration']
+            applicationMemory = jans_auth_max_heap_mem / jetty_services['jans-auth']['memory']['jvm_heap_ration']
             allowedRatio = jetty_services['jans-auth']['memory']['ratio'] * ratioMultiplier
             application_max_ram = int(round(applicationMemory / allowedRatio))
 
@@ -229,7 +216,7 @@ def collect(self):
             Config.ip = self.detect_ip()
 
         Config.install_scim_server = os.path.exists(os.path.join(Config.jetty_base, 'jans-scim/start.d'))
-        Config.installFido2 = os.path.exists(os.path.join(Config.jetty_base, 'jans-fido2/start.d'))
+        Config.install_fido2 = os.path.exists(os.path.join(Config.jetty_base, 'jans-fido2/start.d'))
         Config.install_config_api = os.path.exists(os.path.join(Config.jansOptFolder, 'jans-config-api'))
         Config.install_jans_link = os.path.exists(os.path.join(Config.jansOptFolder, 'jans-link'))
         Config.install_casa = os.path.exists(os.path.join(Config.jetty_base, 'casa/start.d'))
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/crypto64.py b/jans-linux-setup/jans_setup/setup_app/utils/crypto64.py
index c496e1c7387..f94309f868c 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/crypto64.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/crypto64.py
@@ -227,7 +227,7 @@ def import_key_cert_into_keystore(self, suffix, keystore_fn, keystore_pw, in_key
 
 
     def gen_openid_jwks_jks_keys(self, jks_path, jks_pwd, key_expiration=None, dn_name=None, key_algs=None, enc_keys=None):
-        self.logIt("Generating oxAuth OpenID Connect keys")
+        self.logIt("Generating Jans Auth OpenID Connect keys")
 
         if dn_name == None:
             dn_name = Config.default_openid_jks_dn_name
@@ -243,7 +243,7 @@ def gen_openid_jwks_jks_keys(self, jks_path, jks_pwd, key_expiration=None, dn_na
 
         args = [Config.cmd_java,
                 '-Dlog4j.defaultInitOverride=true',
-                "-cp", Config.non_setup_properties['oxauth_client_jar_fn'],
+                "-cp", Config.non_setup_properties['jans_auth_client_jar_fn'],
                 Config.non_setup_properties['key_gen_path'],
                 '-key_ops_type', 'ALL',
                 '-keystore', jks_path,
@@ -263,12 +263,12 @@ def gen_openid_jwks_jks_keys(self, jks_path, jks_pwd, key_expiration=None, dn_na
             return output.splitlines()
 
     def export_openid_key(self, jks_path, jks_pwd, cert_alias, cert_path):
-        self.logIt("Exporting oxAuth OpenID Connect keys")
+        self.logIt("Exporting Jans Auth OpenID Connect keys")
 
         cmd = " ".join([Config.cmd_java,
                         "-Dlog4j.defaultInitOverride=true",
                         "-cp",
-                        Config.non_setup_properties['oxauth_client_jar_fn'], 
+                        Config.non_setup_properties['jans_auth_client_jar_fn'], 
                         Config.non_setup_properties['key_export_path'],
                         '-key_ops_type', 'ALL',
                         "-keystore",
@@ -282,10 +282,10 @@ def export_openid_key(self, jks_path, jks_pwd, cert_alias, cert_path):
         self.run(['/bin/sh', '-c', cmd])
 
     def write_openid_keys(self, fn, jwks):
-        self.logIt("Writing oxAuth OpenID Connect keys")
+        self.logIt("Writing jans Auth OpenID Connect keys")
 
         if not jwks:
-            self.logIt("Failed to write oxAuth OpenID Connect key to %s" % fn)
+            self.logIt("Failed to write jans Auth OpenID Connect key to %s" % fn)
             return
 
         self.backupFile(fn)
@@ -295,7 +295,7 @@ def write_openid_keys(self, fn, jwks):
             self.writeFile(fn, jwks_text)
             self.run([Config.cmd_chown, 'jetty:jetty', fn])
             self.run([Config.cmd_chmod, '600', fn])
-            self.logIt("Wrote oxAuth OpenID Connect key to %s" % fn)
+            self.logIt("Wrote jans Auth OpenID Connect key to %s" % fn)
         except:
             self.logIt("Error writing command : %s" % fn, True)
 
@@ -330,14 +330,14 @@ def encode_test_passwords(self):
         self.logIt("Encoding test passwords")
         hostname = Config.hostname.split('.')[0]
         try:
-            Config.templateRenderingDict['oxauthClient_2_pw'] = Config.templateRenderingDict['oxauthClient_2_inum'] + '-' + hostname
-            Config.templateRenderingDict['oxauthClient_2_encoded_pw'] = self.obscure(Config.templateRenderingDict['oxauthClient_2_pw'])
+            Config.templateRenderingDict['jans_auth_client_2_pw'] = Config.templateRenderingDict['jans_auth_client_2_inum'] + '-' + hostname
+            Config.templateRenderingDict['jans_auth_client_2_encoded_pw'] = self.obscure(Config.templateRenderingDict['jans_auth_client_2_pw'])
 
-            Config.templateRenderingDict['oxauthClient_3_pw'] =  Config.templateRenderingDict['oxauthClient_3_inum'] + '-' + hostname
-            Config.templateRenderingDict['oxauthClient_3_encoded_pw'] = self.obscure(Config.templateRenderingDict['oxauthClient_3_pw'])
+            Config.templateRenderingDict['jans_auth_client_3_pw'] =  Config.templateRenderingDict['jans_auth_client_3_inum'] + '-' + hostname
+            Config.templateRenderingDict['jans_auth_client_3_encoded_pw'] = self.obscure(Config.templateRenderingDict['jans_auth_client_3_pw'])
 
-            Config.templateRenderingDict['oxauthClient_4_pw'] = Config.templateRenderingDict['oxauthClient_4_inum'] + '-' + hostname
-            Config.templateRenderingDict['oxauthClient_4_encoded_pw'] = self.obscure(Config.templateRenderingDict['oxauthClient_4_pw'])
+            Config.templateRenderingDict['jans_auth_client_4_pw'] = Config.templateRenderingDict['jans_auth_client_4_inum'] + '-' + hostname
+            Config.templateRenderingDict['jans_auth_client_4_encoded_pw'] = self.obscure(Config.templateRenderingDict['jans_auth_client_4_pw'])
         except:
             self.logIt("Error encoding test passwords", True)
 
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py
index eb96aacd3a2..2e52ca08613 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py
@@ -200,7 +200,7 @@ def exec_rdbm_query(self, query, getresult=False):
     def set_cbm(self):
         self.cbm = CBM(Config.get('cb_query_node'), Config.get('couchebaseClusterAdmin'), Config.get('cb_password'))
 
-    def get_oxAuthConfDynamic(self):
+    def get_jans_auth_conf_dynamic(self):
         if self.moddb == BackendTypes.LDAP:
             self.ldap_conn.search(
                         search_base='ou=jans-auth,ou=configuration,o=jans',
@@ -210,47 +210,47 @@ def get_oxAuthConfDynamic(self):
                         )
 
             dn = self.ldap_conn.response[0]['dn']
-            oxAuthConfDynamic = json.loads(self.ldap_conn.response[0]['attributes']['jansConfDyn'][0])
+            jans_auth_conf_dynamic = json.loads(self.ldap_conn.response[0]['attributes']['jansConfDyn'][0])
 
         elif self.moddb in (BackendTypes.MYSQL, BackendTypes.PGSQL, BackendTypes.SPANNER):
             result = self.search(search_base='ou=jans-auth,ou=configuration,o=jans', search_filter='(objectClass=jansAppConf)', search_scope=ldap3.BASE)
             dn = result['dn'] 
-            oxAuthConfDynamic = json.loads(result['jansConfDyn'])
+            jans_auth_conf_dynamic = json.loads(result['jansConfDyn'])
 
         elif self.moddb == BackendTypes.COUCHBASE:
             n1ql = 'SELECT * FROM `{}` USE KEYS "configuration_jans-auth"'.format(self.default_bucket)
             result = self.cbm.exec_query(n1ql)
             js = result.json()
             dn = js['results'][0][self.default_bucket]['dn']
-            oxAuthConfDynamic = js['results'][0][self.default_bucket]['jansConfDyn']
+            jans_auth_conf_dynamic = js['results'][0][self.default_bucket]['jansConfDyn']
 
-        return dn, oxAuthConfDynamic
+        return dn, jans_auth_conf_dynamic
 
 
-    def set_oxAuthConfDynamic(self, entries):
+    def set_jans_auth_conf_dynamic(self, entries):
         if self.moddb == BackendTypes.LDAP:
-            dn, oxAuthConfDynamic = self.get_oxAuthConfDynamic()
-            oxAuthConfDynamic.update(entries)
+            dn, jans_auth_conf_dynamic = self.get_jans_auth_conf_dynamic()
+            jans_auth_conf_dynamic.update(entries)
 
             ldap_operation_result = self.ldap_conn.modify(
                     dn,
-                    {"jansConfDyn": [ldap3.MODIFY_REPLACE, json.dumps(oxAuthConfDynamic, indent=2)]}
+                    {"jansConfDyn": [ldap3.MODIFY_REPLACE, json.dumps(jans_auth_conf_dynamic, indent=2)]}
                     )
             self.log_ldap_result(ldap_operation_result)
 
         elif self.moddb in (BackendTypes.MYSQL, BackendTypes.PGSQL):
-            dn, oxAuthConfDynamic = self.get_oxAuthConfDynamic()
-            oxAuthConfDynamic.update(entries)
+            dn, jans_auth_conf_dynamic = self.get_jans_auth_conf_dynamic()
+            jans_auth_conf_dynamic.update(entries)
             sqlalchemyObj = self.get_sqlalchObj_for_dn(dn)
-            sqlalchemyObj.jansConfDyn = json.dumps(oxAuthConfDynamic, indent=2)
+            sqlalchemyObj.jansConfDyn = json.dumps(jans_auth_conf_dynamic, indent=2)
             self.session.commit()
 
         elif self.moddb in (BackendTypes.SPANNER,):
-            dn, oxAuthConfDynamic = self.get_oxAuthConfDynamic()
-            oxAuthConfDynamic.update(entries)
+            dn, jans_auth_conf_dynamic = self.get_jans_auth_conf_dynamic()
+            jans_auth_conf_dynamic.update(entries)
             doc_id = self.get_doc_id_from_dn(dn)
 
-            self.spanner_client.write_data(table='jansAppConf', columns=['doc_id', 'jansConfDyn'], values=[doc_id, json.dumps(oxAuthConfDynamic)], mutation='update')
+            self.spanner_client.write_data(table='jansAppConf', columns=['doc_id', 'jansConfDyn'], values=[doc_id, json.dumps(jans_auth_conf_dynamic)], mutation='update')
 
         elif self.moddb == BackendTypes.COUCHBASE:
             for k in entries:
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
index eb71031615f..8c313ca66a3 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
@@ -132,8 +132,6 @@ def check_properties(self):
             if not Config.opendj_p12_pass:
                 Config.opendj_p12_pass = self.getPW()
 
-            self.check_oxd_server_https()
-
         if not Config.encode_salt:
             Config.encode_salt = self.getPW() + self.getPW()
 
@@ -141,16 +139,6 @@ def check_properties(self):
             Config.jans_max_mem = int(base.current_mem_size * .83 * 1000) # 83% of physical memory
 
 
-    def check_oxd_server_https(self):
-
-        if Config.get('oxd_server_https'):
-            Config.templateRenderingDict['oxd_hostname'], Config.templateRenderingDict['oxd_port'] = self.parse_url(Config.oxd_server_https)
-            if not Config.templateRenderingDict['oxd_port']: 
-                Config.templateRenderingDict['oxd_port'] = 8443
-        else:
-            Config.templateRenderingDict['oxd_hostname'] = Config.hostname
-            Config.oxd_server_https = 'https://{}:8443'.format(Config.hostname)
-
     def decrypt_properties(self, fn, passwd):
         out_file = fn[:-4] + '.' + uuid.uuid4().hex[:8] + '-DEC~'
 
@@ -244,8 +232,6 @@ def load_properties(self, prop_file, no_update=[]):
         if p.get('ldap_hostname') != 'localhost':
             if p.get('remoteLdap','').lower() == 'true':
                 Config.opendj_install = InstallTypes.REMOTE
-            elif p.get('installLdap','').lower() == 'true':
-                Config.opendj_install = InstallTypes.LOCAL
             elif p.get('opendj_install'):
                 Config.opendj_install = p['opendj_install']
             else:
@@ -438,45 +424,6 @@ def check_remote_ldap(self, ldap_host, ldap_binddn, ldap_password):
 
         return result
 
-    def check_oxd_server(self, oxd_url, error_out=True, log_error=True):
-
-        oxd_url = os.path.join(oxd_url, 'health-check')
-
-        ctx = ssl.create_default_context()
-        ctx.check_hostname = True
-        ctx.verify_mode = ssl.CERT_NONE
-
-        try:
-            result = urllib.request.urlopen(
-                        oxd_url,
-                        timeout=2,
-                        context=ctx
-                    )
-            if result.code == 200:
-                oxd_status = json.loads(result.read().decode())
-                if oxd_status['status'] == 'running':
-                    return True
-        except Exception as e:
-            if log_error:
-                if Config.thread_queue:
-                    return str(e)
-                if error_out:
-                    print(colors.DANGER)
-                    print("Can't connect to oxd-server with url {}".format(oxd_url))
-                    print("Reason: ", e)
-                    print(colors.ENDC)
-
-    def check_oxd_ssl_cert(self, oxd_hostname, oxd_port):
-
-        oxd_cert = ssl.get_server_certificate((oxd_hostname, oxd_port))
-        with tempfile.TemporaryDirectory() as tmpdirname:
-            oxd_crt_fn = os.path.join(tmpdirname, 'oxd.crt')
-            self.writeFile(oxd_crt_fn, oxd_cert)
-            ssl_subjects = self.get_ssl_subject(oxd_crt_fn)
-
-            if ssl_subjects.get('commonName') != oxd_hostname:
-                return ssl_subjects
-
 
     def promptForBackendMappings(self):
 
@@ -525,17 +472,17 @@ def set_persistence_type(self):
 
 
     def promptForHTTPD(self):
-        if Config.installed_instance and Config.installHttpd:
+        if Config.installed_instance and Config.install_httpd:
             return
 
         prompt_for_httpd = self.getPrompt("Install Apache HTTPD Server", 
-                                        self.getDefaultOption(Config.installHTTPD)
+                                        self.getDefaultOption(Config.install_httpd)
                                         )[0].lower()
 
-        Config.installHttpd = prompt_for_httpd == 'y'
+        Config.install_httpd = prompt_for_httpd == 'y'
 
-        if Config.installed_instance and Config.installHttpd:
-            Config.addPostSetupService.append('installHttpd')
+        if Config.installed_instance and Config.install_httpd:
+            Config.addPostSetupService.append('install_httpd')
 
 
     def promptForScimServer(self):
@@ -552,37 +499,17 @@ def promptForScimServer(self):
             Config.addPostSetupService.append('install_scim_server')
 
     def promptForFido2Server(self):
-        if Config.installed_instance and Config.installFido2:
+        if Config.installed_instance and Config.install_fido2:
             return
 
         prompt_for_fido2_server = self.getPrompt("Install Fido2 Server?",
-                                            self.getDefaultOption(Config.installFido2)
-                                            )[0].lower()
-        Config.installFido2 = prompt_for_fido2_server == 'y'
-
-        if Config.installed_instance and Config.installFido2:
-            Config.addPostSetupService.append('installFido2')
-
-
-    def promptForOxd(self):
-
-        if Config.installed_instance and Config.installOxd:
-            return
-
-        prompt_for_oxd = self.getPrompt("Install Oxd?", 
-                                            self.getDefaultOption(Config.installOxd)
+                                            self.getDefaultOption(Config.install_fido2)
                                             )[0].lower()
-        Config.installOxd = prompt_for_oxd == 'y'
-
-        if Config.installOxd:
-            use_jans_storage = self.getPrompt("  Use Janssen Storage for Oxd?",
-                                                self.getDefaultOption(Config.get('oxd_use_jans_storage'))
-                                                )[0].lower()
-            Config.oxd_use_jans_storage = use_jans_storage == 'y'
+        Config.install_fido2 = prompt_for_fido2_server == 'y'
 
+        if Config.installed_instance and Config.install_fido2:
+            Config.addPostSetupService.append('install_fido2')
 
-        if Config.installed_instance and Config.installOxd:
-            Config.addPostSetupService.append('installOxd')
 
     def prompt_for_jans_link(self):
         if Config.installed_instance and Config.install_jans_link:
@@ -949,7 +876,7 @@ def openbanking_properties(self):
 
     def prompt_for_http_cert_info(self):
         # IP address needed only for Apache2 and hosts file update
-        if Config.installHttpd:
+        if Config.install_httpd:
             Config.ip = self.get_ip()
 
         if base.argsp.host_name:
@@ -971,8 +898,6 @@ def prompt_for_http_cert_info(self):
             else:
                 print("Hostname can't be \033[;1mlocalhost\033[0;0m")
 
-        Config.oxd_server_https = 'https://{}:8443'.format(Config.hostname)
-
         # Get city and state|province code
         Config.city = self.getPrompt("Enter your city or locality", Config.city)
         Config.state = self.getPrompt("Enter your state or province two letter code", Config.state)
diff --git a/jans-linux-setup/jans_setup/static/oxd/oxd-server.default b/jans-linux-setup/jans_setup/static/oxd/oxd-server.default
deleted file mode 100644
index cd1a11735d4..00000000000
--- a/jans-linux-setup/jans_setup/static/oxd/oxd-server.default
+++ /dev/null
@@ -1,26 +0,0 @@
-SERVICE_NAME=oxd-server
-JAVA_HOME=/opt/jre
-JAVA=$JAVA_HOME/bin/java
-if [ -z "$OXD_LOGS" ]
-then
-    OXD_LOGS=/var/log/oxd-server
-fi
-
-OXD_HOME=/opt/oxd-server
-OXD_CONF=$OXD_HOME/conf
-
-if [ -z "$OXD_USER" ]
-then
-    OXD_USER=jetty
-fi
-LIB=$OXD_HOME/lib
-OXD_RUN=$OXD_HOME
-OXD_PID_FILE=$OXD_RUN/oxd-server.pid
-OXD_STATE=$OXD_HOME/run/oxd-server.state
-OXD_INIT_LOG=$OXD_LOGS/oxd-server.log
-
-BCPROV=`ls $LIB/bcprov-jdk* -t | sort -r | head -n 1`
-
-CLASSPATH="$BCPROV:$OXD_HOME/lib/oxd-server.jar org.jans.oxd.server.OxdServerApplication"
-
-JAVA_OPTIONS="-server -Xms256m -Xmx512m -XX:MaxMetaspaceSize=256m -XX:+DisableExplicitGC -Djava.net.preferIPv4Stack=true -cp $CLASSPATH  server $OXD_CONF/oxd-server.yml"
diff --git a/jans-linux-setup/jans_setup/static/scripts/renew_certs.py b/jans-linux-setup/jans_setup/static/scripts/renew_certs.py
index f0f558fb04f..482c49c524b 100644
--- a/jans-linux-setup/jans_setup/static/scripts/renew_certs.py
+++ b/jans-linux-setup/jans_setup/static/scripts/renew_certs.py
@@ -75,7 +75,7 @@ def create_new_certs():
 
     os.rename('/etc/certs/saml.pem.crt', '/etc/certs/saml.pem')
 
-    os.system('chown jetty:jetty /etc/certs/oxauth-keys.*')
+    os.system('chown jetty:jetty /etc/certs/jans-auth-keys.*')
 
 
 create_new_certs()
diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/configuration.ldif b/jans-linux-setup/jans_setup/templates/jans-auth/configuration.ldif
index b7273a8c411..f0c6f63896e 100644
--- a/jans-linux-setup/jans_setup/templates/jans-auth/configuration.ldif
+++ b/jans-linux-setup/jans_setup/templates/jans-auth/configuration.ldif
@@ -1,8 +1,8 @@
 dn: ou=jans-auth,ou=configuration,o=jans
-jansConfDyn::%(oxauth_config_base64)s
-jansConfErrors::%(oxauth_error_base64)s
-jansConfStatic::%(oxauth_static_conf_base64)s
-jansConfWebKeys::%(oxauth_openid_key_base64)s
+jansConfDyn::%(jans_auth_config_base64)s
+jansConfErrors::%(jans_auth_error_base64)s
+jansConfStatic::%(jans_auth_static_conf_base64)s
+jansConfWebKeys::%(jans_auth_openid_key_base64)s
 jansRevision: 1
 objectClass: top
 objectClass: jansAppConf
diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json
index e0954498a39..0add1c72d5f 100644
--- a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json
+++ b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json
@@ -453,8 +453,8 @@
     "shareSubjectIdBetweenClientsWithSameSectorId": true,
     "webKeysStorage": "keystore",
     "dnName": "%(default_openid_jks_dn_name)s",
-    "keyStoreFile": "%(oxauth_openid_jks_fn)s",
-    "keyStoreSecret": "%(oxauth_openid_jks_pass)s",
+    "keyStoreFile": "%(jans_auth_openid_jks_fn)s",
+    "keyStoreSecret": "%(jans_auth_openid_jks_pass)s",
     "endSessionWithAccessToken":false,
     "clientWhiteList": ["*"],
     "clientBlackList": ["*.attacker.com/*"],
diff --git a/jans-linux-setup/jans_setup/templates/test/docs/oxauth-config-update.md b/jans-linux-setup/jans_setup/templates/test/docs/jans-auth-config-update.md
similarity index 94%
rename from jans-linux-setup/jans_setup/templates/test/docs/oxauth-config-update.md
rename to jans-linux-setup/jans_setup/templates/test/docs/jans-auth-config-update.md
index 84c889ea19c..d8c80d6a4fa 100644
--- a/jans-linux-setup/jans_setup/templates/test/docs/oxauth-config-update.md
+++ b/jans-linux-setup/jans_setup/templates/test/docs/jans-auth-config-update.md
@@ -2,9 +2,9 @@ I. Install CE with `-t` option to load data
 
 II. Client keys deployment.
 - cd /var/www/html/
-- wget --no-check-certificate https://raw.githubusercontent.com/JansFederation/oxAuth/master/Client/src/test/resources/oxauth_test_client_keys.zip
-- unzip oxauth_test_client_keys.zip
-- rm -rf oxauth_test_client_keys.zip
+- wget --no-check-certificate https://raw.githubusercontent.com/JanssenProject/jans/main/jans-auth-server/client/src/test/resources/jans_test_client_keys.zip
+- unzip jans_test_client_keys.zip
+- rm -rf jans_test_client_keys.zip
 - chown -R root.www-data jans-auth-client
 
 III. These changes should be applied to oxAuth config.
@@ -58,7 +58,7 @@ V. Update system configuration
 VI. Restart oxAuth server
 
 VII. Update LDAP schema (this is not needed for Couchbase)
-1. cp ./output/test/oxauth/schema/102-oxauth_test.ldif /opt/opendj/config/schema/
+1. cp ./output/test/oxauth/schema/102-jans-auth_test.ldif /opt/opendj/config/schema/
 2. cp ./output/test/scim-client/schema/103-scim_test.ldif /opt/opendj/config/schema/
 3. Apply manual schema changes described in ./output/test/scim-client/schema/scim_test_manual_update.schema
 4. Create /home/ldap/.pw with LDAP admin user pwd
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/client/config-oxauth-test-data.properties b/jans-linux-setup/jans_setup/templates/test/jans-auth/client/config-jans-auth-test-data.properties
similarity index 87%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/client/config-oxauth-test-data.properties
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/client/config-jans-auth-test-data.properties
index 870f9d39927..3ad52461118 100644
--- a/jans-linux-setup/jans_setup/templates/test/jans-auth/client/config-oxauth-test-data.properties
+++ b/jans-linux-setup/jans_setup/templates/test/jans-auth/client/config-jans-auth-test-data.properties
@@ -12,12 +12,12 @@ auth.user2.inum=B1F3-AEAE-B799
 auth.user2.email=test_user2@test.org
 
 auth.client.id=FF81-2D39
-auth.client.secret=%(oxauthClient_4_pw)s
+auth.client.secret=%(jans_auth_client_4_pw)s
 
 uma.user.uid=test_user
 uma.user.password=test_user_password
 uma.pat.client.id=AB77-1A2B
-uma.pat.client.secret=%(oxauthClient_2_pw)s
+uma.pat.client.secret=%(jans_auth_client_2_pw)s
 
 sector.identifier.id=a55ede29-8f5a-461d-b06e-76caee8d40b5
 sector.identifier.id.bad=840ef58d-a7d0-4986-af7b-71ed0089ce61
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/data/oxauth-test-data-user.ldif b/jans-linux-setup/jans_setup/templates/test/jans-auth/data/jans-auth-test-data-user.ldif
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/data/oxauth-test-data-user.ldif
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/data/jans-auth-test-data-user.ldif
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/data/oxauth-test-data.ldif b/jans-linux-setup/jans_setup/templates/test/jans-auth/data/jans-auth-test-data.ldif
similarity index 95%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/data/oxauth-test-data.ldif
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/data/jans-auth-test-data.ldif
index f01029a6449..7c63685c6bd 100644
--- a/jans-linux-setup/jans_setup/templates/test/jans-auth/data/oxauth-test-data.ldif
+++ b/jans-linux-setup/jans_setup/templates/test/jans-auth/data/jans-auth-test-data.ldif
@@ -145,12 +145,12 @@ jansScopeTyp: openid
 objectClass: jansScope
 objectClass: top
 
-dn: inum=%(oxauthClient_4_inum)s,ou=clients,o=jans
+dn: inum=%(jans_auth_client_4_inum)s,ou=clients,o=jans
 displayName: Jans Test Client (don't remove)
-inum: %(oxauthClient_4_inum)s
+inum: %(jans_auth_client_4_inum)s
 jansAppTyp: web
 jansClaimRedirectURI: https://%(hostname)s/jans-auth/restv1/uma/gather_claims
-jansClntSecret: %(oxauthClient_4_encoded_pw)s
+jansClntSecret: %(jans_auth_client_4_encoded_pw)s
 jansGrantTyp: authorization_code
 jansGrantTyp: implicit
 jansGrantTyp: refresh_token
@@ -175,12 +175,12 @@ jansTrustedClnt: true
 objectClass: top
 objectClass: jansClnt
 
-dn: inum=%(oxauthClient_2_inum)s,ou=clients,o=jans
+dn: inum=%(jans_auth_client_2_inum)s,ou=clients,o=jans
 displayName: Jans Test Resource Server Client (don't remove)
-inum: %(oxauthClient_2_inum)s
+inum: %(jans_auth_client_2_inum)s
 jansAppTyp: web
 jansClaimRedirectURI: https://%(hostname)s/jans-auth/restv1/uma/gather_claims
-jansClntSecret: %(oxauthClient_2_encoded_pw)s
+jansClntSecret: %(jans_auth_client_2_encoded_pw)s
 jansGrantTyp: authorization_code
 jansGrantTyp: implicit
 jansGrantTyp: refresh_token
@@ -197,11 +197,11 @@ jansTrustedClnt: true
 objectClass: top
 objectClass: jansClnt
 
-dn: inum=%(oxauthClient_3_inum)s,ou=clients,o=jans
+dn: inum=%(jans_auth_client_3_inum)s,ou=clients,o=jans
 displayName: Jans Test Requesting Party Client (don't remove)
-inum: %(oxauthClient_3_inum)s
+inum: %(jans_auth_client_3_inum)s
 jansAppTyp: web
-jansClntSecret: %(oxauthClient_3_encoded_pw)s
+jansClntSecret: %(jans_auth_client_3_encoded_pw)s
 jansGrantTyp: authorization_code
 jansGrantTyp: implicit
 jansGrantTyp: refresh_token
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/schema/102-oxauth_test.ldif b/jans-linux-setup/jans_setup/templates/test/jans-auth/schema/102-jans-auth_test.ldif
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/schema/102-oxauth_test.ldif
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/schema/102-jans-auth_test.ldif
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/schema/oxauth_index.txt b/jans-linux-setup/jans_setup/templates/test/jans-auth/schema/jans-auth_index.txt
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/schema/oxauth_index.txt
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/schema/jans-auth_index.txt
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-couchbase.properties.nrnd b/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-couchbase.properties.nrnd
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-couchbase.properties.nrnd
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-couchbase.properties.nrnd
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-data.properties b/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-data.properties
similarity index 89%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-data.properties
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-data.properties
index 51cdc171999..9a846d2d04c 100644
--- a/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-data.properties
+++ b/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-data.properties
@@ -12,14 +12,14 @@ auth.user2.inum=B1F3-AEAE-B799
 auth.user2.email=test_user2@test.org
 
 auth.client.id=FF81-2D39
-auth.client.secret=%(oxauthClient_4_pw)s
+auth.client.secret=%(jans_auth_client_4_pw)s
 
 ldap.admin.password=ldap_admin_test_password
 
 uma.user.uid=test_user
 uma.user.password=test_user_password
 uma.pat.client.id=AB77-1A2B
-uma.pat.client.secret=%(oxauthClient_2_pw)s
+uma.pat.client.secret=%(jans_auth_client_2_pw)s
 
 sector.identifier.id=a55ede29-8f5a-461d-b06e-76caee8d40b5
 sector.identifier.id.bad=840ef58d-a7d0-4986-af7b-71ed0089ce61
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-ldap.properties.nrnd b/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-ldap.properties.nrnd
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-ldap.properties.nrnd
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-ldap.properties.nrnd
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-spanner.properties.nrnd b/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-spanner.properties.nrnd
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-spanner.properties.nrnd
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-spanner.properties.nrnd
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-sql.properties.nrnd b/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-sql.properties.nrnd
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth-test-sql.properties.nrnd
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth-test-sql.properties.nrnd
diff --git a/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth.properties b/jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth.properties
similarity index 100%
rename from jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-oxauth.properties
rename to jans-linux-setup/jans_setup/templates/test/jans-auth/server/config-jans-auth.properties
diff --git a/jans-linux-setup/jans_setup/tests/sample1.properties b/jans-linux-setup/jans_setup/tests/sample1.properties
index 5f99a43a925..ef388a85613 100644
--- a/jans-linux-setup/jans_setup/tests/sample1.properties
+++ b/jans-linux-setup/jans_setup/tests/sample1.properties
@@ -2,10 +2,7 @@ install_dir=.
 setup_properties=None
 noPrompt=False
 downloadWars=False
-installOxAuth=False
-installOxTrust=False
-installLdap=False
-installHttpd=False
-installSaml=False
-installCas=False
-installOxAuthRP=False
+install_jans_auth=False
+opendj_install=False
+install_httpd=False
+install_casa=False
diff --git a/jans-linux-setup/jans_setup/tests/sample2.properties b/jans-linux-setup/jans_setup/tests/sample2.properties
index 34d082304fd..5c3c27299c5 100644
--- a/jans-linux-setup/jans_setup/tests/sample2.properties
+++ b/jans-linux-setup/jans_setup/tests/sample2.properties
@@ -2,11 +2,8 @@ install_dir=.
 setup_properties=None
 noPrompt=False
 downloadWars=False
-installOxAuth=True
-installOxTrust=True
-installLdap=True
-installHttpd=True
-installSaml=True
-installCas=True
-installOxAuthRP=True
+install_jans_auth=True
+opendj_install=True
+install_httpd=True
+install_casa=True
 
diff --git a/jans-linux-setup/jans_setup/tests/sample3.properties b/jans-linux-setup/jans_setup/tests/sample3.properties
index b6b8a569d76..9c99ac1fd97 100644
--- a/jans-linux-setup/jans_setup/tests/sample3.properties
+++ b/jans-linux-setup/jans_setup/tests/sample3.properties
@@ -2,11 +2,8 @@ install_dir=.
 setup_properties=None
 noPrompt=False
 downloadWars=False
-installOxAuth=False
-installOxTrust=True
-installLdap=False
-installHttpd=True
-installSaml=False
-installCas=False
-installOxAuthRP=True
+install_jans_auth=False
+opendj_install=False
+install_httpd=True
+install_casa=False
 
diff --git a/jans-linux-setup/jans_setup/tests/test_functions.py b/jans-linux-setup/jans_setup/tests/test_functions.py
index 70d606d0a93..744b85519e4 100644
--- a/jans-linux-setup/jans_setup/tests/test_functions.py
+++ b/jans-linux-setup/jans_setup/tests/test_functions.py
@@ -4,7 +4,6 @@
 
 def test_getOpts():
     """Options:
-        -r   Install oxAuth RP
         -c   Install CAS
         -d   specify the directory where community-edition-setup is located.
         -f   specify setup.properties file
@@ -21,20 +20,15 @@ def test_getOpts():
         'setup_properties': None,
         'noPrompt': False,
         'downloadWars': False,
-        'installOxAuth': True,
-        'installOxTrust': True,
-        'installLDAP': True,
-        'installHTTPD': True,
-        'installSaml': False,
-        'installCas': False,
-        'installOxAuthRP': False
+        'install_jans_auth': True,
+        'opendj_install': True,
+        'install_httpd': True,
+        'install_casa': False,
     }
 
     setupOptions = getOpts(['-r'], setupOptions)
-    assert_true(setupOptions['installOxAuthRP'])
-
     setupOptions = getOpts(['-c'], setupOptions)
-    assert_true(setupOptions['installCas'])
+    assert_true(setupOptions['install_casa'])
 
     # existing path
     setupOptions = getOpts(['-d', '/tmp'], setupOptions)
@@ -54,10 +48,7 @@ def test_getOpts():
     assert_true(setupOptions['noPrompt'])
 
     setupOptions = getOpts(['-N'], setupOptions)
-    assert_false(setupOptions['installHTTPD'])
-
-    setupOptions = getOpts(['-s'], setupOptions)
-    assert_true(setupOptions['installSaml'])
+    assert_false(setupOptions['install_httpd'])
 
     setupOptions = getOpts(['-w'], setupOptions)
     assert_true(setupOptions['downloadWars'])
diff --git a/jans-linux-setup/jans_setup/tests/test_setup.py b/jans-linux-setup/jans_setup/tests/test_setup.py
index 1ee340bc82b..6f523966f7c 100644
--- a/jans-linux-setup/jans_setup/tests/test_setup.py
+++ b/jans-linux-setup/jans_setup/tests/test_setup.py
@@ -8,40 +8,28 @@
 def test_setup_load_properties(mock_logIt):
     obj = Setup()
 
-    assert_equal(obj.installOxAuth, True)
-    assert_equal(obj.installOxTrust, True)
-    assert_equal(obj.installLdap, True)
-    assert_equal(obj.installHttpd, True)
-    assert_equal(obj.installSaml, False)
-    assert_equal(obj.installCas, False)
-    assert_equal(obj.installOxAuthRP, False)
+    assert_equal(obj.install_jans_auth, True)
+    assert_equal(obj.opendj_install, True)
+    assert_equal(obj.install_httpd, True)
+    assert_equal(obj.install_casa, False)
 
     # all false
     obj.load_properties('tests/sample1.properties')
-    assert_equal(obj.installOxAuth, False)
-    assert_equal(obj.installOxTrust, False)
-    assert_equal(obj.installLdap, False)
-    assert_equal(obj.installHttpd, False)
-    assert_equal(obj.installSaml, False)
-    assert_equal(obj.installCas, False)
-    assert_equal(obj.installOxAuthRP, False)
+    assert_equal(obj.install_jans_auth, False)
+    assert_equal(obj.opendj_install, False)
+    assert_equal(obj.install_httpd, False)
+    assert_equal(obj.install_casa, False)
 
     # all true
     obj.load_properties('tests/sample2.properties')
-    assert_equal(obj.installOxAuth, True)
-    assert_equal(obj.installOxTrust, True)
-    assert_equal(obj.installLdap, True)
-    assert_equal(obj.installHttpd, True)
-    assert_equal(obj.installSaml, True)
-    assert_equal(obj.installCas, True)
-    assert_equal(obj.installOxAuthRP, True)
+    assert_equal(obj.install_jans_auth, True)
+    assert_equal(obj.opendj_install, True)
+    assert_equal(obj.install_httpd, True)
+    assert_equal(obj.install_casa, True)
 
     # mix of both true and false
     obj.load_properties('tests/sample3.properties')
-    assert_equal(obj.installOxAuth, False)
-    assert_equal(obj.installOxTrust, True)
-    assert_equal(obj.installLdap, False)
-    assert_equal(obj.installHttpd, True)
-    assert_equal(obj.installSaml, False)
-    assert_equal(obj.installCas, False)
-    assert_equal(obj.installOxAuthRP, True)
+    assert_equal(obj.install_jans_auth, False)
+    assert_equal(obj.opendj_install, False)
+    assert_equal(obj.install_httpd, True)
+    assert_equal(obj.install_casa, False)
diff --git a/jans-linux-setup/tools/key_regeneration.py b/jans-linux-setup/tools/key_regeneration.py
index f7716397a41..263b1897705 100644
--- a/jans-linux-setup/tools/key_regeneration.py
+++ b/jans-linux-setup/tools/key_regeneration.py
@@ -195,7 +195,7 @@ def __init__(self):
 
         # vendor specific definitions
         if _VENDOR_ == 'gluu':
-            self.conf_dyn = 'oxAuthConfDynamic'
+            self.conf_dyn = 'jans_auth_conf_dynamic'
             self.conf_web_keys = 'oxAuthConfWebKeys'
             self.conf_rev = 'oxRevision'
             self.conf_objc = 'oxAuthConfiguration'

From d4a6178c06991566f6cae0e692609157ea57eb4d Mon Sep 17 00:00:00 2001
From: YuriyZ <yzabrovarniy@gmail.com>
Date: Mon, 22 Jul 2024 13:16:35 +0300
Subject: [PATCH 07/43] doc(jans-auth-server): added global token revocation
 page to mkdocs (#9002)

doc(jans-auth-server): added global token revocation page to mkdocs #8398

Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>
---
 mkdocs.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mkdocs.yml b/mkdocs.yml
index 63e7e7ec4fb..093a6afe38f 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -204,6 +204,7 @@ nav:
       - SSA: admin/auth-server/endpoints/ssa.md
       - Userinfo: admin/auth-server/endpoints/userinfo.md
       - Token Revocation: admin/auth-server/endpoints/token-revocation.md
+      - Global Token Revocation: admin/auth-server/endpoints/global-token-revocation.md
       - Session Revocation: admin/auth-server/endpoints/session-revocation.md
       - End Session: admin/auth-server/endpoints/end-session.md
       - Clientinfo: admin/auth-server/endpoints/clientinfo.md

From eb0a4e96cc2f70abe8abf5ecdde8a7beb9eff499 Mon Sep 17 00:00:00 2001
From: Michael Schwartz <mike@gluu.org>
Date: Tue, 23 Jul 2024 04:07:25 -0500
Subject: [PATCH 08/43] Mike cedarling docs 01 (#9016)

* Prefixed bootstrap properties CEDERLING_

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Michael Schwartz

* Edits to Cedarling docs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Michael Schwartz
---
 docs/admin/lock/cedarling.md             | 173 +++++++++++++++--------
 docs/assets/lock-cedarling-diagram-3.jpg | Bin 37221 -> 36712 bytes
 2 files changed, 112 insertions(+), 61 deletions(-)

diff --git a/docs/admin/lock/cedarling.md b/docs/admin/lock/cedarling.md
index de5668f150b..4cc077db0fa 100644
--- a/docs/admin/lock/cedarling.md
+++ b/docs/admin/lock/cedarling.md
@@ -7,43 +7,44 @@ tags:
   - Cedarling
 ---
 
-# Authorization Using Cedarling
-
-## What Is Cedarling
+## Cedarling Authorization
 
 The Cedarling is a local, autonomous Policy Decision Point, or "PDP". It runs as a local 
 WebAssembly ("WASM") component--you can call it directly in the browser from a JavaScript 
-function. With each authorization call, the Cedarling has all the policies and data it 
+function. It can also run as a cloud function to provide authorization for server-side apps. 
+With each authorization call, the Cedarling has all the policies and data it 
 needs to make a fast, local decision. The Cedarling's authorization function is *deterministic*.
 The Cedarling always returns either `permit` or `forbid`. You will never get an error 
 indicating a network timeout, or a divide by zero error. It is also very fast.
 
 ![](../../assets/lock-cedarling-diagram-1.jpg)
 
-In a JavaScript browser framework, the Cedarling loads its policy store during initialization, as a 
-static JSON file or fetched via REST. Developers may consider the Cedarling policy store as part of 
-the code. Having the policies in one file makes it easier to audit the security features and 
-controls of an application. It facilitates creation of complex contextual policies without 
-cluttering application code with lots of `if` - `then` statements. Importantly, the Cedarling creates an 
-audit log of all decisions by an application to allow or forbid actions. In an enterprise deployment, 
-this audit log is sent for central archiving.
+In a JavaScript browser framework, the Cedarling loads its Policy Store during initialization, as a 
+static JSON file or fetched via REST. Developers may consider the Cedarling Policy Store as part of 
+the code. Externalizing the policies makes it easier to audit the security features and 
+controls of an application. The Cedarling enables developers to create complex, contextual policies
+without cluttering application code with lots of `if` - `then` statements. Importantly, the Cedarling
+creates an audit log of all decisions by an application to `permit` or `forbid` actions. In an 
+enterprise deployment, this audit log is sent for central archiving.
 
-Where does the Cedarling get the data for policy evaluation? The data is contained in OAuth and 
-OpenID JWTs that are sent as part of the authorization request to the Cedarling. This makes sense, 
-because most modern applications rely on a federated identity provider or "IDP". The Cedarling assumes 
-the use of OAuth and OpenID Connect--sorry SAML geeks. 
+Where does the Cedarling get the data for policy evaluation? The data is contained in the 
+authorization request itself which has the OAuth and OpenID JWTs and details about the resource 
+and requested action. Most modern applications rely on a federated identity provider or "IDP". 
+Leveraing the JWT tokens to identify the person and software making the request
 
 ![](../../assets/lock-cedarling-diagram-2.jpg)
 
 Two JWT tokens in particular are typical: (1) an OpenID Connect id_token and (2) an OAuth access 
-token. The Cedarling can trust the id_token and access token to extract the User, 
+token. The id_token represents a user authentication event, and the access token represents a 
+client authentication event. The Cedarling can trust the id_token and access token to extract the User, 
 Role and Client pricipals. The tokens also contain other interesting contextual data. An OpenID 
-Connect id_token JWT is a record of an authentication event that tells you who authenticated, when 
+Connect id_token JWT, as a record of an authentication event, tells you who authenticated, when 
 they authenticated, how they authenticatated, and other claims like the subject's Roles. An OAuth 
-Access Token JWT can tell you information about the software that obtained the the JWT, its extent 
+Access Token JWT can tell you information about the software that obtained the JWT, its extent 
 of access as defined by the OAuth Authorization Server (*i.e.* the values of the `scope` claim), or 
 other claims--domains frequently enhance the access token to contain business specific data needed 
-for policy evaluation.
+for policy evaluation. If an OpenID Userinfo token is sent to the cedarling, it is combined with the
+id_token to paint a fuller picture of the User's claims. 
 
 The Cedarling, as its name suggests, enables you to define the security rules for your application 
 in [Cedar](https://www.cedarpolicy.com/en) policy syntax. Cedar was invented by Amazon for their 
@@ -56,92 +57,142 @@ enivironment, like the time of day or network address.
 
 The Cedarling authorizes a person using a certain piece of software to do something. From 
 a logical perspective, `person_allowed AND client_allowed` must be `True`. While this seems pretty
-simple, a person may be either explicitly allowed or have a role that enables access. For example, 
+simple, a person may be either explicitly allowed, or have a role that enables access. For example, 
 `person_allowed` may be equal to `True` if `user=mike OR role=SuperUser`. 
 
 ![](../../assets/lock-cedarling-diagram-3.jpg)
 
-The Action, Resource and Context is sent by the application in the authorization request. This 
-is where developers need to map security in their application to actions and resources. For 
-example, in the diagram above the application may have a policy that restricts access to Button 21 
-to users with the Admin Role during business hours when they are not using a VPN. 
+The JWT's, Action, Resource and Context is sent by the application in the authorization request. For 
+example, this is a sample request from a hypothetical JS application:
+
+```
+input = { 
+           "access_token": "eyJhbGc....", 
+           "id_token": "eyJjbGc...", 
+           "userinfo_token": "eyJjbGc...",
+           "resource": {"Ticket": {"id": "12345", "creator": "foo@bar.com", "organization": "Acme"}},
+           "action": "View",
+           "context": {
+                       "ip_address": "54.9.21.201",
+                       "network_type": "VPN",
+                       "user_agent": "Chrome 125.0.6422.77 (Official Build) (arm64)",
+                       "time": "1719266610.98636",
+                      }
+         }
+
+decision_result = authz(input)
+```
 
 ## Cedarling Token Validation
 
-The Cedarling can validate the signatures of the JWTs for developers, by setting the `SIGNATURE_VALIDATION` 
-environment variable to `True`. For testing, developers can set this property to `False` and submit
-an unsigned JWT. Or developers may prefer to validate the signatures in code. 
+The Cedarling can validate the signatures of the JWTs for developers, by setting the 
+`CEDARLING_JWT_VALIDATION` environment variable to `True`. For testing, developers can set this
+property to `False` and submit an unsigned JWT, for example one you generate with 
+[JWT.io](https://jwt.io). Or developers may prefer to validate the signatures in code--that's ok.
 
 On initiatilization, the Cedarling downloads the public keys of the Trusted IDPs specified in the 
-Cedarling policy store. Because all JWT's have an `iss` claim, this is used to deterimne which keys 
+Cedarling policy store. Because all JWT's have an `iss` claim, this is used to determine which keys 
 to use for token signature validation. 
 
 In an enterprise deployment, the Cedarling can also check if a JWT has been revoked. The Cedarling
-uses a mechanism described in the [OAuth Status Lists](https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/)
+uses a mechanism described in the 
+[OAuth Status Lists](https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/)
 draft. This might be handy for use cases where a token revocation needs to be communicated 
 immediately, such as an account takeover situation, or an implementation of a one-time transactions
 in a cluster of web servers. Jans Auth Server supports the [Global Token Revocation](https://datatracker.ietf.org/doc/draft-parecki-oauth-global-token-revocation/) OAuth draft. This is how a client can inform the OAuth Server that a given token should be revoked. 
 
+Here is a summary of the ways the Cedarling may validate a JWT, depending on your bootstrap properties:
+* Validate signature from Trusted Issuer 
+* Discard id_token if `aud` does not match access_token `client_id` 
+* Discard Userinfo token not associated with a `sub` from the id_token
+* If Cedarling is Locked, check token status
+* Check access token and id_token `exp` and `nbf` claims if time sent in Context
+
 ![](../../assets/lock-cedarling-diagram-4.jpg)
 
 ## Policy Authoring 
 
 The eaisest way to author your policy store is to use the Policy Designer in [Agama Lab](https://cloud.gluu.org/agama-lab). This tool helps you define the policies, schema and trusted IDPs and
-to publish a policy store to Github. 
+to publish a policy store to any Github repository to which you have access.
 
 ## Testing the Cedarling
 
-To call the Cedarling from your JavaScript application
+You can perform end to end testing by running the Cedarling in your JS browser application. If
+you are using a server side application (e.g. a Wordpress application), you'll need to deploy
+the Cedarling as a cloud function. Remember to run the Cedarling init function when your application 
+starts. This is necessary to load the policy store and to download the current public keys from 
+an IDP if you are using the Cedarling for token validation. If you want to use roles, make sure to 
+populate the User.role claim in your id_token or Userinfo token. Call the authz function when 
+you want the Cederling to opine on a security RBAC decision.
+
+## Cedarling Policy Store
+
+The Cedarling Policy Store is a JSON file that contains all the data the Cedarling needs to verify JWT tokens and evaluate policies:
+
+1. Cedar Schema - JSON formatted Schema file
+2. Cedar Policies - JSON formatted Policy Set file 
+3. Trusted Issuers - JSON file with below syntax
+
+By convention, the filename is `cedarling_store.json`. The JSON schema looks like this:
 
 ```
-input = { 
-           "access_token": ["..."], 
-           "id_token": "...", 
-           "userinfo_token": ["..."], 
-           "tx_token": ["..."],
-           "resource": "ChessApp",
-           "action": "Execute",
-           "context": {
-                       "ip_address": "54.9.21.201",
-                       "network_type": "VPN",
-                       "user_agent": "Chrome 125.0.6422.77 (Official Build) (arm64)",
-                       "time": "1719266610.98636",
-                      }
-         }
+{
+    "policies": {...},
+    "schema": {...},
+    "trusted_idps": []
+}
+```
 
-decision_result = authz(input)
+### Trusted Issuer Schema
+
+This is a hypothetical example.
 
+```
+[
+{"name": "Acme", 
+ "Description": "Acme IDP", 
+ "openid_configuration_endpoint": "https://acme.com/.well-known/openid-configuration",
+ "access_tokens": {"trusted": True}, 
+ "id_tokens": {"trusted":True, "principal_identifier": "email"},
+ "userinfo_tokens": {"trusted": True, "role_mapping": "role"}
+},
+...
+]
 ```
 
 ## Cedarling Bootstrap Properties
 
-* **`APPLICATION_NAME`** : Human friendly identifier for this application
+* **`CEDARLING_APPLICATION_NAME`** : Human friendly identifier for this application
+
+* **`CEDARLING_POLICY_STORE_URI`** : Location of policy store JSON, used if policy store is not local, or retreived from Lock Master.
+
+* **`CEDARLING_JWT_VALIDATION`** : Enabled | Disabled 
+
+* **`CEDARLING_JWT_SIGNATURE_ALGORITHMS_SUPPORTED`** : ....
 
-* **`LOCK`** : Enabled | Disabled. If Enabled, the Cedarling will connect to the Lock Master for policies, and subscribe for SSE events. 
+* **`CEDARLING_REQUIRE_AUD_VALIDATION`** : Enabled | Disabled. Controls if Cedarling will discard id_token without an access token with the corresponding client_id.
 
-* **`POLICY_STORE_URI`** : Location of policy store JSON, used if policy store is not local, or retreived from Lock Master.
+* **`CEDARLING_LOG_LEVEL`** : Controls the verbosity of Cedar logging.
 
-* **`LOCK_MASTER_CONFIGURATION_URI`** : Required if `LOCK` == `Enabled`. URI where Cedarling can get JSON file with all required metadata about Lock Master, i.e. `.well-known/lock-master-configuration`.
+The following bootstrap properties are only needed for enterprise deployments.
 
-* **`LOCK_SSA_JWT`** : SSA for DCR in a Lock Master deployment. The Cedarling will validate this SSA JWT prior to DCR.
+* **`CEDARLING_LOCK`** : Enabled | Disabled. If Enabled, the Cedarling will connect to the Lock Master for policies, and subscribe for SSE events. 
 
-* **`POLICY_STORE_ID`** : The identifier of the policy stored needed only for Lock Master deployments.
+* **`CEDARLING_LOCK_MASTER_CONFIGURATION_URI`** : Required if `LOCK` == `Enabled`. URI where Cedarling can get JSON file with all required metadata about Lock Master, i.e. `.well-known/lock-master-configuration`.
 
-* **`LOG_LEVEL`** : Controls the verbosity of Cedar logging.
+* **`CEDARLING_LOCK_SSA_JWT`** : SSA for DCR in a Lock Master deployment. The Cedarling will validate this SSA JWT prior to DCR.
 
-* **`AUDIT_LOG_INTERVAL`** : How often to send log messages to Lock Master (0 to turn off trasmission)
+* **`CEDARLING_POLICY_STORE_ID`** : The identifier of the policy stored needed only for Lock Master deployments.
 
-* **`AUDIT_HEALTH_INTERVAL`** : How often to send health messages to Lock Master (0 to turn off transmission)
+* **`CEDARLING_AUDIT_LOG_INTERVAL`** : How often to send log messages to Lock Master (0 to turn off trasmission)
 
-* **`AUDIT_TELEMETRY_INTERVAL`** : How often to send telemetry messages to Lock Master (0 to turn off transmission)
+* **`CEDARLING_AUDIT_HEALTH_INTERVAL`** : How often to send health messages to Lock Master (0 to turn off transmission)
 
-* **`DYNAMIC_CONFIGURATION`** : Enabled | Disabled, controls whether Cedarling should listen for SSE config updates
+* **`CEDARLING_AUDIT_TELEMETRY_INTERVAL`** : How often to send telemetry messages to Lock Master (0 to turn off transmission)
 
-* **`GET_TOKEN_STATUS_LIST_UPDATES`** : Whether the Cedarling should register for SSE updates for Lock Master deployments.
+* **`CEDARLING_DYNAMIC_CONFIGURATION`** : Enabled | Disabled, controls whether Cedarling should listen for SSE config updates
 
-* **`SIGNATURE_ALGORITHMS_SUPPORTED`** : ....
+* **`CEDARLING_GET_TOKEN_STATUS_LIST_UPDATES`** :  Enabled | Disabled, controls whether Cedarling should listen for SSE OAuth Status List updates
 
-* **`SIGNATURE_VALIDATION`** : Enabled | Disabled 
 
-* **`REQUIRE_AUD_VALIDATION`** : Enabled | Disabled. Controls if Cedarling will discard id_token without an access token with the corresponding client_id.
 
diff --git a/docs/assets/lock-cedarling-diagram-3.jpg b/docs/assets/lock-cedarling-diagram-3.jpg
index a8b8c8bf61c8e1349130618bf305b943dddad3b2..269be3a82f4bc4eadee09fafca9cbf639028e99f 100644
GIT binary patch
delta 31224
zcmce-cT|&E+c%0j>R8Z0M3njrMI<x<LoYKUMQVf)0t6DJ2qYBgC4qbFv;+Y|FG?pN
z2`wOfq(!<w2pxvrd+&$mylZ{$yx%(OoU`8VoNxbeuViIkd*AnU?fWXf>zC>D^K+@^
z3n=Gd*1xcwyYSPw^XD&Iy?piR&p%y0$9C@gg`X~7y3FzOEzV!B+?M6Kb5H1Z6LY`V
zE^awRxW)5cVR@xLh;b$K(ryuDQ(F(;S5aSz?>>4A^^7k1CTjP(5Uf>v;eyM#a|JOk
ze^S1r=;DS1{*IyjBnkveWEyk9)Q&%79`JtlcKh<z>^8EDyHrCB+IU~cv9dDwV0aH7
z5Ser{CQekw+JC$JpyFM+O8fjNTW(@j@#0Z^T@9FY%H~0h3Z!5LLt82oKx79kEf|Wu
zW1N#Xe&w$Ti1o3?WDvhw{);jrhdv$@D#u`iT`gu8Hh4eG4Y*4oD#2x~lMAg=#yGx{
zR+LqS>__??E{Rb=I|?vo#%krIF<sG`Fsg6E0;&Ah(A6*z*rpjS-~9mDuv5<AvhA3u
zl&q$P%=#gPi&vI)rnvG}zesgm7O)les`h7g%&5gH-zgbPz!?Je(RM|A?-`-}i$yMp
zi$*SV#J_?7BL@e=kndkY^IDT<WeR_ZP|$=2DWEZ}>%*IFmQK<iD~r%drdG|L{r2UG
zQX(z-+SO7RaS5sYK0JW^yej2|M=+g<sXWfQPb$|a{59K$FN9#9rzk!&J4itWtV~XC
zC`$%$$Gz^C+bpop<|_>e_k~R0n+_E@?vz%ii;V$>q0N@V=5`*tr)){j{_+*zEb&Nm
zX+_z8@*4splKV;XNK&sC`~%p;go~=Zlb#OZ<+$an2GN}h;u*x-c)#lB7X=%g7?3gQ
zuEmUgTI`o@#q~WG9L{V*$Ab}tFZ4<3A+DO~RR|W$FMq89Zw!t};pB8RDTS24x_*v3
zfSzFgOf^qaIo3LSb3Lkg&T?NZf2?cGq4{;Ws)W4W%5d8btIHxjyiIE_aw*dxjHMyc
zU|gE?JCAc}=A*KwzrYRhHUqKD*pA-(9IJr5oOgUAyl104&or7O)1+m#udJw6Dce}U
z=UXh*F0-Y8P_IrEHFC9Y<}*pBU1^~KbQp|-L#_Ah0yA<H%l7ie(WV0Kx*86JEG4!f
zyq5Wkd52fPlP!DIuE@Ex>)+nD$@3vlldu5-CMdJm(lsiR=tDR4)#ikKXHEzEcqKBm
zHeqI3(`F$B!R0EZ{c+#d+Z;WuV#gna-j;>;Fo%ZZd;KvM2l0~_BD|Rc;3gu~s@m&w
z4Y4NED(_F(Y)Ab-s=oJ3znj)jNrmEwYtb)M#1vp=%RpGfGKA>wey#Ib0pVTC{ITw3
z&iwU_iSWTnLUTlnWqjxoC0)@Ki_7*do?vYy*~O=g)w|To8$zE?K2nb52+ph;kT$dw
z$2g-#_;Ly6mGAbs`1$~_39ifJ%(&OPI3}dJZDhSy+52u&T>@A6OKTR{T{tP|-pBH>
zD6S$QT3C^a*0LFryF52pj1R{m6a;#eV-^KkX@hq#{A8gpODEe(rd%RbD-5m;^1n*j
zUXCK5$tKW&Iuc0SdgNM6b8DQ8{<k<W0XZY_Gt(w)f+;|HCE=uhxFP67%YkAmw8^0|
zc6=Q3;Gq%{`_=^`XRmYv;q;vnwjGM55Tlq)17~I;cyVE^L-JbT?~I|J)IFDaIR0{p
zu`h3eU<$0Bc_BnyTPUB_=p9I&(Or@lsOCv(FY0-2s+f@cDVx-zw9snb1#H<?U(HFg
zYKF}au+|pkZi?7o^te&T1AU894uf|=pEJS;#AUnbSoq7dd!t5LTArk}n$G8w@3&Ds
z!2s4xG1Se)wqjnS=BGzwi;vA};Y%)hV(ww&6GxAq1I;s+=3$6awt#5F&?(zC5!g}b
zGz`Ru2{WstiL8f6Vrz6EdQeI)v2CBVtpNlVFgg>3*^BH_7Vd;wIr@%#p?S22J7%XQ
zhKrO!hyQ;4g|i{Fs3~&Ek1t2O^IF~d^ps1cLAQaLMm!iAjMHJQ?)DS{yP_E>i)t=7
zjg0S;&yPx~7X>q|Y&Dw|RE_dDHGgBn!2e|X$GCfRcF<llN-FZD0YYEve@B;ew;~WQ
z`AWOjKMzu|!?ki?E(0<G*=5x<6BPME20Wm0h^T)IEs)3DS7z_X5`QpN0oOGgm@%6z
zByDTKCXdI&i?GIQK3>eM!@T8kn?zVedTPBEHJw4B`4L5VRGV9v8|(Hc!uIB-nLCK3
zNa);pm8@#J)d)~L%h4k+6KPE&U6_2z@H|L7%6Y~s?kFpon{-kG(cX4n+ttiG(B;nc
zl&MM(gHx-_U#OBfG?kf#kWn@N=YLN(;bJqfe>}T%O`)UU*c}g>xi_l&*sl0#y5u%7
zI@5y=^T$A^y@)Ulo@5d!T?iC~yug|@;Fa4KII|<bYaJ&(_2l#Giq!O1j)AnF`&rpa
zgS#@{@i5pvK|b`yL7HY{Fp3i&y_dI7v9ju=EjopU98br%l;rOW+KMW@mKd@znX}=>
zeQqkH)@K!3uXvx785u6<Ck)SFlbKPY*WGo%)_p<}U#G3Ayy}v-wg4YLDqZ0BlFX4L
zeJT(=^brn)522t2mKJo*U8a9`hAn;tT~7T_ZXMdmzF$?58hWI<sP31sQBiYU85}15
zDBrH?$nDU`alB18wcX9<&hbZw>B+|EuQPTXyR$>vKKi@Z5<B0(r86UY=9CRdm2ALR
zFy@npu%9h@y+(IsqQM+oFu>$}U!}waU~q3Zz_+~RfjcWy6n6#oWZOIwKUq%D)-o?w
z)*d(Eey6?vv`;z#`Dr9kdN$hH)4-L1uvZ|(nh$3sFbe{6nh0>^)n#vEOyblu*1At|
z%1lE#fu0)Idq9mI_(B$<HM-H|MuflWS`(cu<@fL#l6h04P)^G_55@-uU%F}XaRtB|
z+2e&GTGOX`L`;RtEGEF}UCwE;(f2i_tIKLjsy7u0Bfg7g0jkdYr=Y@vSKWc{Ng(!^
z;`}>To8zP9qO&PAMfoVZqdOZXz2m`(F`Vok7Yfy@Vm`3{dU=O7>9=!I97AI#oU4z~
zxbgVs_=#K$ztBl`Oy~`r^T*vWT{n1uU=Xh~eJ(XFDGNmnw2M(Lm^|95LT?=&>P+rL
z^2R4H^BK)m_7RrkyfpWWFV9$;BT=u=i=0I^p>czSi?*uu`r+>kY%ybu2Telz)x$zG
zj0wCMhv&YyFq>UX#J=IJSG=QX<4uaG%gKy}Lk(2-$M5mJz^Lh-owI596rd!nsk2~R
zqh5{+R$mUQ*$K14@a&GHg9S&3%Ho#G3HYqP13J}i7wAEu@<Q+Llc%Cqbm(}kX&4L_
z#i3zZ<O+GRYM|2Sn3>Zy-MaFWCXh$?ebERu8+lMqECAt-o{$gXS`z|we_KcaWd54R
zVW-PFON&*GU#MvX&Dh=snq%WL{8A+Mgs4d>Aq^EteG-Kp*L;F%e#Xp{!c5I~{0q!<
zSnAMNP<ndNli~0azk)+wF;gC4=x}#)p#oLizFfj;`%5Z?-?XW6-FhyebufGblrD7i
zPR?5(Co(NKPDw_2Uj9y|xvNwB?z+t>oBx`Qm67e?y7<5DO3J7J^}bTC`Eo9_NW~o*
z{Xw?NFJqQE5u5kgVQAV72$5Wu)AGL3ZA>L`xs<9RHx}R1o-~+eT0~-f)DQdKO94KS
z#@IV_zB43DTBfvj0%Yzo=d0S{S_$#4@?rPg`HL&GjI&*Nj$}DyIpuRhi6h&1<Kv;d
zN9~la^wN(_c5Q%fD)i#}E-7noS*G6gqWqX@K8l?sr}eJPb!^<*4V`lMTW#nr(e)Vh
zW|Ea${IFw*g$3_e{94*)4pUG<+sLa<E_?33q)ZPVa&QvO{`h*}s0bF15#Viim$zy&
ze<3Bi%9RojKkO#l=H9HBZ`jaT{PHKulECz{EY_e8O9YBaiK$&Lbuvc&2s=p32IIPH
zuCwFt+WTBq$w%*(-^?lznj2mBORoiIRrRk#Sc*$HCzF~vsOIHrU1u>I+-^=1N~fO%
zajt8{-l+g@xUriHH<fpfGE*8h7_@ySp1F6R9~B*2<^qZJ{-vg4Q7jv;8eMs#U)A*W
z>uv5UfI7drlo4jW*M#d93XY$@wU%2=8}~OuDs75L0mVKiy@iUReai1>zm}3K`PJF~
z&>OEE>fbq$=Vzp0qPVwjd8!CPCp?@xraX$E>}O$i*+APdc(9}?2XGdal5*>hA9`^q
zve+*;v&W3Njd=XbvXDvEw(=*<9uIm$&<ubxAZji-2gD+Yi8td}DSA#R^~goz(m@4@
zk;Z(>ARX}|l`Pv}`RIEbG%si?QD-fAKejK!M`B$p4XHkR9f&L%Nn6LDW^nr2m43Vj
zBA?GukpGT%7dT@b;zzIHhdqyKHjSK%t)BUu<=X~_cJCDqVZlB-LPDM-Qb-6u%Ke~R
z`XO76NA*~{_9;4^dWYmk7A{AD#yA&DxCt}gcs!eEd^ui+U(Kc|DB;YlQ?|?s21&|k
zKK{izDqvXKZn-=jf1J@da098MCYWj?bCG>6uA4J$TdHEkYD}SieG&E(D}k!O7&5g_
z6#v!RX>Q6p((?%cGrVF#F$2sGxzi-3?0inyAe+_TwiDf4bD@K9|M+<3@#JpgfUhLI
z9l3yIyYS>A8{1C?b_-bZDb=0Lo}i0HjdDYxLNLR5@u-p_nw`L0MoeXSCq@KKk}y%4
zeTU=@b!wm4T0t4nC0ZGel2~QbNdzUsrz9v_J<HV{abnre_ArjkoQ;h`dgg4^xd<A2
z{pLba1gyLok>`XmGK|(X4%v})NNJf`a`cWcwj!X=>vf=nYRw$a1FHYTT49G_45zGB
z(=05sWbaVRkW#()WTj-`)(^Hi>nM}kK#!j`P;TX?TH(dWn}q8VfHl+atH*>pTdgVE
zihqu-`Uxbsaxb(}Tt&S7xCcF$l^PFV$8FQ(+o6Kewrix&&TE_ee=R5%)#jvp{%$q<
zWJzu(0s|$&10#lo#5$fr{x~v5qz)z(Vok3JW4~@p+gMZqf9<6G=5yUfusaA2q{Xp&
zX}gBqkK07J*{U(p+?G$;{Xj7>>JpqZ-!GX57ZwzAt5fcDFOV?wqAt<Lj$bJg!ER;u
zi`SnKWWcXAMck#Amfa`7xUXYDQlH?K@+neIjl$6quZwDU?Zi>z>M{9De5kM|$QPu{
zTep!MfV~l)yt0)*<K4~i*{1?UfKj@Fz?<zzRc1};gyR&8o(+1j#IWd<5WI8(-eqbX
zXPD$#woLZj<mnRFlr29VpN>9|EL^;4tT^WJcYf=xsJ0}R*|z7f`BkR{Q>T$f4`r>J
zl<zzuhRhRNNGq$MEy7-i&MU3p%jp?weks3w+FejVxT@Q;6N~(B22B9s-O@WCdJ78#
zhLQ57sz6_WtA+F6cimflvDF+fp?rEZU>dk3b;@>v*UbqEVjV+R2kyoT0~(@0a%1d$
zzmYq`<`O6sitwlehrkPm`)<-|N;I4YtzPz&4e-7ExRF1m3%A?5QONky-Up(+Z?%;l
zbIMj6Ch-HM4_WvC$dC+K72^Um^`k_ePit*6fxY&}xgT|En*54xTMCTfhxlAK;NbSE
zyN_pqbW+w2S*ugFZ;b<7N|O^AV!ARXNVB8B`?<N|2hZ|JS$4Mq^RvshrL{KU3Ov4a
zE&ys$yQ+FUIDIA%^W`8s_a$X0Nlec9PGsP&)nQ4H7$O8n`_yq_7*KCL@UnZf%jS!#
z{JTjN-fl92Os9*)F8O8;Ny$Gr3J_hJi0<OYWWc}Asy9#S5R75)fz5lyg`f=r<)ESI
z;4wqm=aCXiegKY5d^DXW|3xn+*K9}G?$uJ5#;Sd^vN}OCp?Ku|!84D;hW2H`A-@Fl
zXe#l?!6N{5)OO1DDze=x{@~FTVG5yWH$cv8kYB_OU2J*4f)TDHov+amTaOk0d&!Ff
z8+Dd<A*~3*6MIKB<c5WQ;fc-KEc3mx8CEARg)+N|l#o~1lwaM@RiQ``aPV5_0nqha
zUQ>r#KS4uT&%Vgc&l*X^BO1GhJfpTb!J78~5k1zEk&(@_!u?PQB7ALLlaR(cx5In!
zQH;jzszJ)SiZj=Sav^<1+bgcUV?qXuLhmQwBj?rUG1ut2u!t!|zU~UQUI#AHYl}*r
z+NNmz_f4!r?q=1LPCmNwRImE|-FSJ8i2Qp#?EDU3^^Q%a3f+s=27GG_@S_flgQMQM
zK&p^X&i5MK%kyo))Y{w%^<$&;8g9lZ8+^U8Y^0){KDJkrdZLl0VD3EG#Fus%(U+o;
z+}%2H@L+z<UK<HMCebzf3yjlZ@OS@^oBE+!cXmE*Q-j!j<}<vFBXU?+?lCU)j@P9{
zl%gKQkQ%2Pd>5SWg&G-Io-L<9STX1B`JbhC5Yw6RMIk!YA}losuiftb#pdI-V_)Mc
z34}X417VYedVdGjc}Bp}w^f|Dn%B)?b}8~vTqdOO*}Agin|eczoO7)tBRWOVu*h!b
zu+gfX{o7iN#e}!Ko~V3sgtn)yB$)sEiCT@=gAh_)mlwIUzIDdS|5NyOvh@v3z*|e3
zcF)y0f)#>a6?Gn1=3M0v5QDN~U(hMF1MNA7xLVhOlaC$o-Ye0~KGLeW>z0xdF$Ok}
zmq~pKXp~Bkl}^*@Na_?OY4S-eHvt>-Y2%Of19%na29Z)?=+#U9H1xM^b<3=btGfO^
zX`i$<h9)L;%l8^54+lt>$C&`gnOfL$E*Q~=t0qtKHmRs41;J@<h8fK*875_5{msT(
zTh<j1OuZy@yt)-?T0Isbc?LdCu@+M#Lu&EYV+R>!X?^uQpZ2+~-;lmRk5kN~u`<LO
zBN7gC#QcH}56L4VdsW@SWx#{=i8CMG;206e${5<RT8Xu_2z2bd4xr+$71f@yfo~g}
zvXwuGI*W2<H5s4jS+^9+de;sg+0-h!-qvFrU18fNQ&AH>#zrUQGMYzO<&6`><A1U7
z(Et8N?Ru`wUEdw<JM@nGm}k5CKqVE#wI8G{zmE~*JQ2O@86Xk0yc)&XpKlj%<eQ_V
zknLwg2DY<dg`~MDa`?UC-VqxJ56-#jZt|8bZkTMMyd$PYi)va4D|vMM!iOuU**8MI
zZ*r?MuXg%Yqwtq)5-F$J_MJeZt}F^veS&IyH{T+2nS9E2JrI7Gt6U&^p?1kXij!lq
zeRhb^VaITfKZ2qpZ@4b2)I+d9GY`yx=T;1m74p)+;o?qE1}eG{`_)?HOK8c*9&Nt0
zqNwP-l!cCF9OQmLbxZgZQ|0%$@J{u$tyRCeoCJQ8&?!y@1+Tplx}-}!YNvHka79G&
zO;>F<uHRv!J`7DVaOkcXff_ybj2^dyii$p-^wgEdIU|$l3xpky=_PSgdfKCEj4_Z^
z<SO%VXeKjFBt4ZtO4K3gK|IP-ba!f}j9F4p`1bnA=n!R_nzUGJuq`-W7*orh@u<nj
zeRU`=#a#SONMzg!gF!g5-dgQT6SxI26OY<XVfChEwHmch!`bUN8CA`<a?t9+E<~6b
zmg{>YArb5;gBhOQQE%8xK6n@iz*=3H=B)y%z73=Y!yOokqPXCr^_-X_A+x=FPg+?e
zoiCh`CSZUB`Cb&$Mn*|aJ{<HV%}gZSNKDtqW|~O0@^Q&EYDP2|TkjM(*>Lu!-Q#?x
zh2$X=V8yy$b+2&#e*J6X%50K($IL0)>p>^`P$Anx>wVBIg`7A|uIdh8_N^Jj+0mkL
zQ9xY<&e=t5<+J!^VBTLg;1Y|UD%Fdu9~qgj-ON4EnPR8~B*#u+D!o>>_A#ey4aKDg
zdOvtO(g#q*Yg(0kRu7WgGARb{U}{S_Xi^5>UZ#6U2-PzO@Vhz-!kW$c{h==BY*hWV
zw1c;JZFe-+!?H@%UgEX~DQC?Dl#L&*xN>(kKsI!p81y0LoPaQo_SCFnM#8)x9D9&>
z8+8SZfpMR*vA55qt;J{v_yRR^Fn>wdK1aur_9>fw5+n09cY7D1?hH@J-xWU+Ym3u2
zh93{-2{=__J%@tB6V(C79Nl5+-Zo3+Zt_Y)bhhd{t&jAx8j)|WKbaPn;Al`IfcjD}
zmWO<ippp_SMNv)2A1BNwB#f1`wXN=&uY;%Bpwke+5w<P6E_^LOMg*O~?8q-0yd&*p
zNtx@W^%wQEMP1q_8*^igxlBT)*ZP}w*2gRNazn~bQe*==qJo5a2QPi|CzBhBuU;;?
zofk7H8Jv4i;rBfxgb=OB5P7h|`3W1>TKQ)C2Vh+h`2>9xuUrXoQ|e{#(8xg|;jXFP
zx%Nd8W7m>6t@nT#`*0zUI!BcRZeLsL;J~iR=AdeEW|i4~F^oF);W;z<_dgc014tD4
zyw9O6$z_e629gU*n9e#wVv0P^@28lXLF}9FlK{{Ae2e~?Zf8-pXBWA40(D)$VIkpY
z+h0F~J=~c{Mx}Yw(#D+LbpPu5-IH1_()jRguFuZmV>D0<ElP#qH(H@LKa7*3pzq6z
zb}G}Pdy%+uMU8^Md%fz4TUk!cQWzL28H#)`zv7n%647Ca6t+%ieOIkgn$-0r`?~|z
zjjgL_sxVg(a7}`LdPP%YXeb}E9UGwSB}<(l0bk~*5Z2rIdHs@Rk9p9dMU!W2Wp62E
zaZ?Cr{d@CdKT2~@8v@%raD2K&`+d?r(Y8iFeKoHSXgHEZ1Yvm61cu7uhjqwG;(?B>
zPQxp<8iU3`ilgKrjWlr9&a8ZPKDB`&&(xouwkJ9ZuX>)cWew8~_3pk6ykAo+G_Pr4
zeQzo38~f!$=j4U6`XfSX7&ow>CfKr_iUim(WztXjdf@Rr9`CV*tl%GP>~g=cu}z4X
z?^n`uGL28!3KLun!V7Wfo&NgTNp<?~a$d)xZq|PA-Sze8yv9&l%W><F*uEBF>4nm3
zH|8Z;joCQWI^I!r2m(FXV_7*T>GAfIhY`@e%J5hcNGwr&@hrMm+UA(fAk^HV07k91
zZWY5vkz+;!<$r8-l2OyLIOdw;5{OXL@FBn^Ed;n;)Un1nKgZUngi2t9F;#KjyrLrP
zh|0#(XP0RuB$w!zcI}fxL6m)*`f9NY*y0dPaVxc0rsuCMWV_Jprt+e}dtKmLk1!^~
z$|EaC4i3_?W1hQKwGCmw5{TOx$5JXq_*(DFdwH3Ev78}&>b)`;X|^vMC`1DIJI1-k
zw}N~qrLxCK&hr`W3X9k;UwfrUV^UaT886s?WB9R{r(cCMVvqtP2Q$quupDP*ZT9A|
zSTpSlS-;yZfULS#T{wFLm0zw6h>st$U&b3B%tp?X?Hp+ElX1Yez>Gx+Inr3t4M~*Q
zLa112={<~^A~XNio&mcmG)_f7G$UG9(iNU>k^y~(feBS7;hpiT1r(m$FE$)e-M!t+
zbSBdNYw!2L_lLZ~8L4`=67Q3QtKik)8xkgv;^!ECRIW;Ii{yyefE>8a%};-^`lr%z
zn7VChx}P3I5(o<&6S0<v-wJIHR43OR!O+9y6~}WQ9xvue1qu;B`x)<S^z4fVKo1a-
zM=$%#jMQ8p?vv`U)k)%biyvRAyW;1`zY#rZNL`Q^yD*otJW|vTrO-T}xhSKMkc86<
z!5=m>_4iUd+iSq-HIBe)@Ys{%dni2#Ux%cOK!huhT0|;((T8xBtEkYa+|^g87Yi5u
zy7^?pv|o9)^~1{={j8_+_Ydc$vYX~5c>|k$-5g%#SOqSY8bBrx>4`dPc}C;P>rG9h
zBg^}EzOZC+lv;F8Ww*RbJvg|ubvHJ<+KQwgMpIt@(KzzcqnG;q$Ip4?GEyU5B0S~W
zvG7VcqON?!)rCIHf#MF5T5bO9&Y;e0_v4Ad?7~T+!ay|n(<F;;E+b4wCQ-E<S>;LD
z8;*gCJO|S5akO?`4Ivh1+<09`NPh{UY}dM%Eq)q+IT$Rj{cbs~2U36+S>;We!K+t@
zv}K6McooghQ`pZHN>z}a+Jg0s-!g$QM__a=izPYbRw-?;lowhUUp+dydc$H8;&`<~
z$ykZ81)IOn%~PMV=u01hOT0_m3=M2})XY@@pks%h<7mW?Mm#AZO0_pE+Bc_Bdu7wi
z5a+#p^IFEX`<$gzTAr@__)IfFG1kMp_WfC}l0z|cw7QB>Vn~*MKOlQ#(W~mmp)rK3
z<{Xkfeze_M5NH#&Yx0t@C@zwiBIYTayra!!^oSI?j)TC7%fQdcv};p%Ee&eY-7;WI
z-*@<HU(T%|XX@fj%^8S+@z^O_drP4AZ)GQ$f#3U6teO2UN+%0{JKzNfV~YBF>96m0
zjfKq?#R}Lj!^Z6$zfXY?rL7DVldYtg^7l=y4mXrPc0Zw#!%})YxXgZOiO%3{O&${v
zlf|0AxVT%t4{WYGE~q0&FC~yGK?i`Vup}I+(9WNBtB_;WIg}P+X&GjhRa?)U5}YQI
zG5;nP>z&Q@gn(?8OXGlUmqyz|j?qr3(G?D5-n4WIe#2E&+;&{EtxPu8StH80poC_k
zq@fssUO1!#8KrM5>@R?%R&rk1t_gJT(98m9(hyN}fY*$BYD`&X$|GlSfTt=WmRsoP
zXs93F%`cPEMV?O;d)nw?siAoPMQLd0CWKQ~BZ#2A7&B=V^R?G9S-$Io9jS|ZDd)My
z<R{mq_l;1LR!dUSM9!D;=4)x!xY|Aai~I>_^^Nj2xYslTRH<_jQ5bl4E6_$_GYO5@
z{22`za{02Jp4N-T++X{f4=%wsqgqBxunMbrlD9m4t=19gdRt<%=PZfHiZKzpe~ujE
zFBSvfg_Bn}@;WCazNE$n3Gpj-&9$NU`x9&@;)YGz4V=jtiDM=bV){-=oDQ#kG);M`
z=W8!*c)?&wW?G)j6?SAJSC*&_KzWF{udQwL7=x4WqP!|>G`T*vhfNxswisz4(W&Dt
zOxQRV7pFYScY9Wb$aG~cCMHYog*U9o0&qU0s;c7N3*of|=b50{QS<dvHX_A&Ag`=-
zvHF2@W%>LWl$bgjWa^WWEUKXqciCjXBX==tn^fj8Jm^39Vb}fA&uN?ij%bOo;aRb!
zm33ynQJViYD#SiWaQ<+GBgD2ZP^A^$QZ%k^=)t(%9<3*eBLr&gGFoq?hyVbfDOZWt
z%sE2ks6)PbURR_fqtDP-L}bUup1Q_p{Yz~O&sB@COMBg5XyK9<mmL-sfKE@R4E3i*
zQ<Ht%xGzcdz@jA+XBr)(iUuA#CJwn~Pk&Fl$Is`6V)pk}w=xp35Ql9+Vba!#!&i-@
zGwesl+9Q&01yk2ZV1|U|1Ljy6l}&|a+11GgXKMZ3Rpb&Ygt-EYCY-V@?jS!tdw6Yn
zRqUI`Qj92L%(imG)tgRdmDQFrq0O8&A|O%-Dc_Tf>*8+hckGNPwk^FL+Xw`<H7wZL
zc}zAiLXYk0(?f?{*f>aRY*X%;ow@mO?khaOiQp|F*BxA71rMN-XoXU=ad$UE>(&L!
zY0;hxj>(MN(MI~)W;M+Vf2KT7f2nU-oNwOx$x%^>=dju*NYcl|w7hxN$Z&weils<I
zS99<SZIGu2SwC)sbq{!Ly)%U^g=P>Y%34Pr-!ok?*+mZYQedb_KQgfvR85&|f4bD9
z7h~7&LnyxA0<3zQha1&^6G^3|zV+87A;eD4bg`4gDXioAg@o^0eb?U28xt#f##y_G
zD`KJ)d4csATti0<Hsq}O0$1rbVG!!ayR@zgPA6|4r9lpDmrK|5WH2@_-v<U-U9AWi
z({m#@W~BCW6lUycp~2NFo*4lUF!D)UZkisQY~uoeD6nk$!7Mk~=W*^LdQ5f5crcrG
z^Yz_HOq$9WnBFm+8`i6}vJ>-2-3Dz$$@2|{WE6v|M;=B5j-x~*Gg7Z435#drWb9tp
z!Ir%;kX*TWEibD)-+68QvDkKozsnDUy$gHo>57d0B)FXL^y@^Wf2DlylS%ZCOq&FV
z<ACDKzvhlWh|rF0MT#scDp;|eVGU0*b;TU|b%twWP@0Ejs$(7HQhVeNcv;@z)e%we
z@c9er3)d8KnFA-BtD3Sdo~^o^_r1pREuw5BZD?o>aVw@*CA^#~KX4-~S*Edf*D3%o
zs@7Vp0*fzG>ZH9t!l$4HhWlvT6;LMd9<D<{n%EIEwzRb2pta2By+K8Bd|PqzyetV$
zp^DMij>U{$_oz|fHel81z#O`H3SZ;?5cj3XdD$j6Ro(m%FY@v&I#Ds4i#otLoSbRO
z97ZS7P)xiz=_C`HKUWjIHD<ESeJzg9pHV;U;ptGSYB(r6c-H*J$j_SW17!JS4LhXJ
zznas)4+kqp$WHiUOP9#*l-k8biQ?s;j0aH5Aq=mcltbNns-x%hI3=-2Ec2I^Df6|C
zK40?J=@We`_EzT3kRv4Ce11L+YLH+=%$H|&wQ8GKAL4G{VRLiN)_vveQFs1bj>1Uf
z&Ih&?%)WjqWh>aB;uK)JUd%9ZEc`L(?ED1-Eyuc<RkdtGngVGuXIPjuiM*`fu4}z$
z(nT%DX03A-4BO4lESJN;oX5!?C-rFy`$6EO&(F3sjpm724>xiyJ5ZeWzMgR7jP*tj
z%Vrt#<!`@EK5|G_tWBWqZlx^NCzRUkGQpQE;8F}nrnqz)Ky#tQ+(Afrhc)_e+M(9W
zt3jH9S~2ZoG8*-{)uL|v^CfG%EIp<M^~FUSH;To4)D~D_r_(ShBSom*Z1+h6dLw0_
zn!MprM}(Pd2_$?%`a5`Q&TZ@#pRx%?)OBs|6RitQq7<Z9J!%C^rU`TiJGo&-Adz?i
za3@+8(?B3lGIGlHOF2%{#Bpwf_wqFXwd5*3ORCYJE1|4}CCf-L!Yt2r)Es=m=?`7E
zZ&pYMYp)9O*@U;%b~_fz^RcGGw<w<%H%Yt(M3Ju*1Zv*)bzP7@B`4e6+k}+9Q@%0{
zC0O<DWkz-9Abl#!?0V;ovhvXdxWUvbV(%}<1WDfnB0{RaQ*>pd#yOlBhS<(rrEMdD
z(79dX^0>U|*c{<j`_SU*ZMkx+&6tovYDzx-Zqpv=#H1=+h!lI)f(d@_DP@wzbZ?(c
z)s*b-E!1a8+{bm9s+jxg3FpL2wu2b!oXr#r?0d?neoSC%PfgU;nDO-5ezJ?dr+G17
zkOM&9=dQxqH(R8(n4TPzR$;XePjdtng~5yHwl>@mT6kH|ua{M8hM;8~^<8Ps_jjmR
z&R;ZnR;|A`TwFszPJ4?B$^1fl8#32><}lVdOiVH>W40}`3T^oHnC!k#zWBxtVle{2
zeGP_?OJ6tO!)+7`C(e|U_rm%lh`GIh+1^2Y%T|r-=OU+FQmISeyy3!wT)SnfiWa)@
zoTYyFDVs|lU7!zpZ(wwVrxzNbA~*7WN>%kjV_Eybwo4xo+!<5ZfPIFs_blwNE%y%-
zzaN?(YaWm;JL*K4t{Brg;LQr0?J1e{e2KcgF6C5R*yq)psWnzwD1XALSRMx48yK}A
zl%rImy@70c$}ZM@T64=gCfhA9kUYHiVsNOV&)bieza~-dVUn5m0s~^v=(i^?Fe><z
zMduw|Mb}Og6JV6gAS-w3mz^5Dw>G=JpAF?^BPCB}v=&8u&YPFpzw6v1%D|O*^6^UO
zeZT#~r_1lvpBLKhs9g8EO9#3U6ot8a5M4bz9=W@==$EX*ys6M{9kqsD_Bls4M{IX`
zAXvx_Ew^0ll<mN*_2h0~M&|ZS1pFpv_GF`Vj}t>yeuO};cj~LjcIP^RQrZR`JKt3e
zD~mUc(Bx@A?Wg)~KhqS{a&?@7YDGohZcYR?P0GNn=I>$G8ot~-V7$13q^p2jfvH-B
z)XEfI3jug?r*y#q+Quf3`3Zr~3suO%wiCzD#vGo+kfqGFrpehE$1_CVojn$W;P=6}
zZ?j#(Kllec`5zxItUr=9(>e$YNsu%JTkNRk&XkjqK_D4Am&RknH*j!y?-tB_+2ajh
zv7U&YXJuzgz^;3@Cqg!oBeZ7UZa@;$V%{peG_W3UHn62+OSrlzPWUW;-Cvx_&cL!?
zvvW#;mKI${J?K~Z1jnTEn$t_2(@Y)((?I0}<V@2}sm`u8&rUU8a@oL4)#~S%(6*_U
za!tX~2Bzy@M_$<a$jWNiL1*sU1{VVI7s+?<Rtka_55C#9xN=#X7&&~Yv|3CUhnc{k
zMgC%rYCAQG>Gb9nvFM!dL4UuFD^=B=SBc-`6j%ox7D5_5awg@T2mg&2corMV>O%<U
zV8nx9ZRV2Vye2#m=Abe<CqXU3t(@gAkl7?u@6#l2U|alHV%Akk(=#Vzdm8A3E5kZq
z8=Ekch}Mn}uhRV!uc$T3n+Zfw&z<<;1y^2X8`iLC7OH`3Nhz$J7nriTZ0e9?%BWb~
zdkeFSRXz_LqDq*^<L(PpBStupQPoyO-zjh~jB6Cxw4T@>SdUyzx>ksf3PH&6+E$CW
za1~@6DW0;$@z(Mv;!@fHGb9%@P2TCJQ?_2^k$&1bt;&Q1@m`7Il;^M<8^^bGWFQ@k
zTlVqT!_UK<>C(jQ>iq--@f<0W;q)lc_vnEIiEi%n4FaAn_k^X)-OiO8mL?RvV-Rkq
zoRW(3d&qE&YlT7FBOiNa60%c`d$o<{rnJ#(xnapU(O*9Olnjj0nH8~t8v#|}Q_U!h
z)eb!arI(NpIiNq8C0ts_@iT%vh(`G74atSQPXq;`apu&!&qG6+bQ&V*6b!VPgY&Hx
zMC6a+1GR&fU8=g-7-ORXAEbIv#bF_`kwVVYPH3|a!DEt>B@#oIw9hJm!iNZfj&JUR
zyQ14~=~HF^CxVn>yk$=z=#XJ;p6Thz%F|pX&`-uD(C>X)8c_`ufvnQw=kJ)qAPQ5i
zU4>~aikVHcMAE#H^D&6!Gq@zLP6!JpA}g~GN>v;)H@Bz?h@O~WZBH%M3(cQQF`8lb
z#m0~tF4(_UJGo1=`p&w03VmS{N>q0HH#~LgK&3-ikI`_!kD)wE$OW#}R^r`;f3sR(
z{?o7ksOeyky0Z;yPIORZrVGf;#y@|b{X#`0WD+)8Sgb>d;_Xc19~L4VO@-W$xokS)
z5un-etQ|eQslM(U?iMs#Ar>4QY$>llsQN<fSCTP7<@x72s>(^Ep<S2dN<IeEB@_ts
z8Vpty202?7r_;{@hp`FFe<!bSG!W<sxbw9HZLo6AmDb>*aejyrvs?XX@fxhKoC^0N
zM^QZ`h%M9=KTs7-?iabDz&GTX5|o&PNE@Q&zPodL4Sj^Oww=a5dazC}4CnI?W9;~M
zn?j$O)<4#U@ZH{8FMVK(&t)|=0XghwAuPw)xcQ9Tu&r&yl<oYV|L`Uknu-X~lX~hk
z;|A<TQig8t{qNgqDBF3yoKYrE&5+LMIQt-R+Ot50&BCIOc82wH1#5H|)rXY(x=)*5
zRg?%N><V)zpP5PdjOrlv^ZSk~m^3Nb4$z=&F{SCqxEd%E=%Ga?;+MdxZaFMpmzmlZ
zg9WPm_bt7{zvWleYxAOK9OE9$b0}|~Ar$lx%4{kpzTkSm#(21ns-boUG><iTh9Dkt
za%e0=?9oB)WlPQkmo~Y9k3;>ZY`2sae_ipGIb{PW=G?>&2YB{sPqy~!Rve~N<G?}N
z3DW#I!1B}KiL)0ey%Zg```gy0t`<@5NmRLpHd-jB!|1R6^@?5C_&TL-($f>lRXvXw
zlu+FrvGvg$u%BRH{EX~?&rTMX!g_fsA2e^O-Mo=gGAhrLhNxmP9?`Z#Rg+KI!urY)
zJQAt95*B!E*iL{L@7%+eo63B+fQJ*!=pGS3%Sz~lP#5Rda4rA%P<+#IPRsroJ*N$;
zA<-V&8D&Mv54cDo%(_zX&q*2iuZn+H!z^R^x6I4AXUzV#%rC|H_8QnRmd$)yU9UT{
zOY!ruzyDbnVt2Pm2uy(_aK2go3Al5dcC7;ISMA<(QgLwHuCw!@RP%|tf@^;0fLjod
zM^WT$AYf+l33_?<Da}ik=9h~bkxG!r&S)Xr+t7E<zWRP;<gKgS<SFZS*&@wq>pniO
z&1*e9-7&6Cg>Ax+uwa<{=Z>lE)Qq-C=!fr9$TOOvGiDHj>MmA^9K6${VvbE0c2%%Z
z&37CqSkZggiY?X;gr$eAQTzz~Fo4vkwYfZ7*fP4JS_wmR3h0g%Y_AB?3x-l_JM#-i
zToglw_#K3&upD!J^d&Q|f0K=tFi~fGVXH8gXCDqe$V}L^ue**#n&_>hbW5n_oBLJl
zbjGvj8ZA3;D9<it@5bfO#p@b<ub#2qTP>M8;jXIasINX5q{3yS1IfuS(yVd|_3V9z
z!4%l8;|7X6<q!%OBZ_lELc(xc=h<~rUVg^GA|!;#b{_m2+XVwk_d()h!Te6UZ)HJe
ze0SkJuK6uPtL(K=R%LCZqOb`M0TmI`s&rqV_I7{jy2mM7kRJD+akXC0x3?k*s<_~>
zvw-w<b|B`avfMedm_L+7*r&X1IRt{CQ)Xvm@hdT2%HrpCV^WlrfFH4Nt-OOu|6}bp
z7moy=ZU-lX`5y_G8+xY&cJJgv7CB_EBJQYmEL$WT3q1PtspNLSj~_kSMn(``+xK_l
zBkWzyvKe~bRLI!~oeFuJ(5Ykda0!=g*!i$$C#<!hdvBAeExDCvBGxi*c|F3ObXFmA
zr^Q7(U(&ol+B`r4mhIm<aqxI%yA-;O(f#7SnEoKK3f)yI#?`Q%%=1k*Y@Efz3r>HP
z$`9tcEfsb*>db3maOG#JM4?F}T4G`;^GBke?>D0xJ$<bFcg!a<J&>miIe)7fR*_S0
z5tvkiX8K*t4gXgAx{d#FLgUmaoAMhea-7$HxX)*2{u7&)ylk1}%3mzNwK4lc?8&a0
z-)PHxl8uyNJ_9=0-Kpji)TV7bX1ThK<>E5292u-JU_1y*+G(9%g}5HQX#U`$CVh>P
z#-Av@{Hdn!5qple%i18*BDL3i2M3FhQ$?NIiHTN~xrAHsB+)uz7^<3=S*2#<%aFJj
zb~XOXo1#SP9bhX)R?QHYtX3WFQzk{i%wQ|y1!~8<f!e$89PVotK}AzvM;*y!NVY@=
z>N`NBx7@=edi_u2?@pVks@*i6uWbx2>-ieLS8Ny{#)pope&KGhvm35k5>&Q5boGeO
zuVl!J_dr5X&*sK+e);Ep<e;GTed))srlR~C)$4mt4{C2f;IEQ_js6q4jcJ${kpuo#
z3xig#wA!xxq2U*eC^^d@QpXkNkMxnP_GL<`OwUZyGju*d63lM9Qw@Eu+8itguC6w@
zbW`s{Xj__Fm>84Wot%$L9Sb!qtZ3`oXv5ePqhhNt(-UA{V^JxtFo;Xv;Pc;94Cd2<
zW|KBD$QtBlK>+_KkuMfu^w??u0b=ws_KaXIzcetE?>6o&Y_IxVP3dgizM0{h{doRo
zW+miaJ;qI`kzc)b<XRF>_(h%`CR4>MYOKKwzvLBg<bdQPYENvPH%x1wX2p@l@{T}S
z#=Os{N}*wP40M~8xscx^c6U?LRZIB86UIRK?&ygZ@ZbYEUudx~(7E6LUD$|vP)kv(
zWXY$GvM9;TKPU-Ng?Tfx%3bL~Vu_^mUj+k|Jo3jl=3g{F>sYT$2`f#Ue(9sm-;}Vm
zS(>s*?rP=j;$y;<7n0LGlR*I>amR0+cH8$|f>UdADuq0TBwws-el0P_<n9OH0sG?j
zVv-JHK#KEY86LpNJP_uZBqw=)DW0fa4YI*)!vo`NtptrJ>tC1F)f|OYl~*=r32LqH
zzJl?QUKq)6_>^ZW`=!TP3-I<^LN(kQ1cLcl%q(2Ci{fs^8Z~hG0OnpQROAi+5JvEQ
zN&h_X8O<0j4=!0fLZtQ7#jlx1Iqj|_qya0_Cl~Fv2;K-IDD@@Y$Gx-g0SRTIH8*dA
zGEP~U?g$l%R-RZvf$e(U`hh}cNR>u0$b&x)ay!?Pb|y$hHX(L>cil87f2=~WqYNS1
zhYR+&&M4?adfSwpiFICQl1<l3A6(=_Hg2a@u38h1w3)E=(os%wvx7Q?mat@iGrs#_
z=Ua|%AxG+)LtBGymr}zN;ZS~<brEIzqwXbgVMm^AW_rGMkdfd6N)AC`|F2n)*P}E1
zHLqUTxYxe97ts0oVz=jZys@xznFTE#FPAMQX(IBpC&Maqfv^mDV6Q{xK8h1Y&DLe)
ze|%&KgxL5F>{%8}MR+uXM8JSd-)=BZLgLZP33dihm{HHsvkMJ355@0d$*AAfSBK1F
ztTlm2pV*3{7u7qJT12XLZtiD0-hq)inwQ1OjO@|c47kdR;gt^2kIftyvTDzt2RGgH
z`<`OtMSYzowM9*E9#MVvBt;A@W5->1R6Pt<+BDmc@fYtoc1_DZP|rCQ|Mr?#>q8mf
z4Rh;F?5J8%p9wlX8NIfizNhh1+v4J8fN8^=_?LGpE8ZS-Qmsn5NAtqDM#B}~X10q_
zuXw@T#qHJa7bD`XH_ACL44_hN_#KN&@7~d=`BIo47U>x*<eR>qlm`p^>!{MZeEXH=
zmf|_|pHZ*)71=?HWd%bD1BK3K>3)yscZv@@?C#L{d<ls0luOvWIvxpAf_xg$Cl_iq
zDd(QhR!`YBEiRIxOt`@3vK*7J?0xs7?}gd-^cK~sRj712x;&J`2R*j4<Pw-V(puKu
zR5T@RzuNbm_gXv;%(+QDjWXeW@Vf<Jw2h|zeD=VqG*G*#aM-xl{|mlA$dJf&OSwoQ
zbEjNMYh2?GpC}Vf;A(He!EcX{oGJD^8>PJ|)^7ccwm+<^o14%QzlOOn{oF$Z#h1)v
zQCBX79`MtH8_a|Lvib}|y?vu~d}FZIRzhQZ?W0rLmm&C)w&U<c(nZ+blShyr%j6xQ
z;uXRFXCdIfCH4QE5dVKZRr)^_`5(6)bL+7<aOAUMw(*;a##Qn^o>b!&JLi@v`Zy&2
z@K5@0q}u;{()#g#b!k2>rS*q(e!XV)zb*v)@7wBs+6fw{=PjxRKvHoKXWiSb@aok%
zG6w}M1|pGCpM+T0JTF{Nsr=Jo$DCJ6E7tlwQQ|?G$<;=oCQ@!n8>$g$g8OrjjqRM^
zD*O2Bt^L=P&zF>?*-J``uHIa`s%zFZpY7-3`ebOPD(~u%2#?sDZ|@<8<?cE3D_HP<
z>h?q3??8I+2Uk=fSK7-vxm@snC>QsCC-n~@QYGh+U1H?I$tl|ziR{fkR(M^sQb3=c
z%~!kN-SwPT+#}zQvtnQ|)Av{N7*TC4yth;TVSp#_GQ8#JPjB3RYw!P-5Qq8O1t?;h
zUpt7>7f}r~u6h=J;{Mr<)z@WoyVEgHvG63g4t7@Nog*(DM@B42p5HGj7Do#gO)|-r
zRtNs(mbV_6X)oIb%WdRMUHWk~>t<%$A7)z3e>d!Wih9Dt3bcU=t!7A`VPT;&VINli
zp^yK|;|lyQ9CDw3cqWsM8(&oF`jP~l=8kCh>J*@J57mkgjpIGGTps10R&u<Z^3i3J
zG|!x9PFmgX|7kzqzi0LTmzoc~pyT5~QhC$7dN-KeD7xDw-^>Hff{x~I{7^3VzQR(z
z^&A48hR&Qv|D&!xQ$5UQY>%NZ+k5=x1k-8;v++BTZ7<&jo}IEKZuI__ssHDfbFe_o
zqe>s$?N^t#6k>Bp)q*EB6&VMAy*c1DFpGL60$j=~)f7#LJE-+I!T-wTeffx;u6a-^
zc*KaN_8-N*KrI|I4j#RQ{SaJJV4kuq908jG7ymrFjUW-hkIBH|1>TeR?p`i<_wV~x
z7$*g?wextXr~mV9aKST9*;>oY0E=IM$Ij?5a@Q%_^bkoi|7T6$O9}lqHnyv$Y<;t9
z3PXYmM`@dPEzZ|&?;o+3G7f6Rj+)Ma7J%j#yeG7w+6*1n7kPQ7Y@+e*2eob|_<Qs}
z|La~LYUL^0-I?Ko+5(_G;A|)ADO;0rnFei1a1(j)tfk1tCIPp=>Uuv{JT`dato9yg
zcBpibjK)az#$f<TJtxAr2#i(M-pToH`CsDOxjoe_LU5E7c`2fHRPashli7JLQqA|)
z<B4825bf{PZsh}QG_6SP>@PyWH;#qVGR;Yc!ZN$zW^AO|f6N~L=Q2`H&y#pg{xSQ*
ze_1C6t|tLNeUA7KbTyw)U^_af)jPT8V8G?zsLpN)SWr~lVf~ulJm0Yp9X@amsIvNe
z5%$l?H@}T#dToXEqU;?`*3o}*!T&i~^B=1;lGtFVe@>=*>z0<@pY8!$#$3`DRkpY%
zw#7KhD*lJ6&2L06D<XVX7G99XUC7z*E7e}3E$_c;b6MI}$noNWeh|~J&Us+D7WGQ>
z_uidkQznM5=4T;Xbo2ACvJrML>scw)E)EWL5=r~`$`JKV>c?$|ip9q!x^T#IeDpUH
z&Wvb9zuM+@Poea)W=Tx5zWBMqm`(j>n1d^SpCd1P&&pvbz2$7!n<mt|+x72|l&Si@
zLT5yAuG?pB|Gy6N>*srXK6G=@SLG3)f!|GD^?!Mv_oMvRsAb}DJ7#Yg1|f0;{L%U6
zzojn17B6fpch9oUP}LtXH3pA?{Od6XcHw4^kEQ3YQD66!Ny@F`GAr6`qHSdGiHVA`
z6bI`?VLLOwG%4+Ic>hm-{d<-F9Ow979Qy3wqQEof!Xfc9Zm;NaL*u#nXjK>K*&_4-
z9TS~E7{^+%^d$CR_HJ5UA4Q&OUvXI=`5r9H3}%Opjsafki^HTS&GzjvZ{ag0%EH*O
z=C7-fu8Zwu_doyTCm<>yfvc#tEg2REv5H##qB!7nud~|l>t-OK%HA0}zTEKf3NsAx
z{Qr0#e}WZl;B)q%4dB$`TH9EN@A~2PPHE}kv%HE^HYVEjCF8b9J;GpMWF>rfR=EQ>
zUd|0kCPiXXpeF%f_@=YRam7!hpUI=MW@iKkBiPZPHQ@ID<FCN~wv8pg)!U*JCzpMx
z-RFylky2a+f06l9!R}|oE&1k)O{;pp3umPCg(mU#4`u~|8n&iG!cy%QVqRUa04{wg
z-7H&l#rn18<sxiezKSv(oJ(F|=6_}Cw*;yL2SaY9TUfSWRU@SgDD(7Kkyb-GwH&#^
zsWA&w>di`Z%*tF-TY+urY}Q+J+Iti!4b@wOU@E_<dx`awUct>%lg@)v$V(`*66?i@
z*<((VhP;EWD;DQyvtJcdi#&K^wv6upc)r4Fo*nfnWg5mhyoHzTylU5g!|tz*5-#`f
z1|Ye7=~)FuTmofTKXe=;$PRa353-F#qX}cS{zqcbw|>1np0~iS=W=K!@RViePubCe
z*fI@7Sy8PgX*b5s17Ch2{`nuLI;==@975BeZOSb2y(B&%3!mIR*jza4NXwlRGOn1N
zGd&hYB>6bII)51TM*h}nvoReLn7<svu5JqJ(fu9vbWimKelBeKRc;tl*Q-t_2ZVV1
z+u#B8mto@FhyhpaMoPVV{`UvtS<wm%6V+$2f;YUeeAG}&`F$O-O{d^JwXQ$nJNwN0
zkQv3TI}aP1=^CnUVMvNUuqB!ET7MvS-nEy@D+~U5K3K@SB_yS#*Mg{|y<@Cs{8iTS
zWjj6DLJ}kT#%h99$y7`LMLqx8XPp~OiX|ur2jxchfIC)DczNiX9;CN+ehGW*`)SHN
zZC}0fPLoV5B8a-}l}+HSgSW)gsN`81rck}&zb6TSdHRp@19O1;luVTi43`wi!ABZ>
zRI(n()1s&<EV0MD`CqhHajSx-Mj~CHR^$FJ*>+L6jj-_8^4!l(gSu4p5AVD;3u%Y*
zYmWOXMU?|~l(3EiE1&%IN{S+BN0K8`e@7)CJ{NCnE~0G)n;LVo3AQP$kWBB1_g)V!
znN_0d*%m^=vw)S@bp3eh!YLaxl_ys0^{kBTrr-lSObdSK&+y@$+x+HvT~#{nw|?8k
z)q6&zU3TPxp)`nlu^F@nDZVH|@^%d`2SqE5vZ@6_^6Gpys?tWtKUB=06In-!k6Pud
z)1=$iTRRN?kJ{cluF0%z7sauSI_dxhl{!)-G^I+{kx&H;AqfzQQWO#(5;_55Lm?Ot
zVnF&x3nUO~KuTZ+=~a3M=@20FUOe%A-|zjtIcM*4&i?IhuRoIKm#jQ1&nox5*1E6j
zT2a&Rk4Ifb-VA16$vI1I-v0aCDHE&h&=%Y*wMO{tBsnLLO`&XCeIPCktFWH-QaAbK
zzGA+4n*qkad8X9dyl$e0jvpK3eCO*GL^J6%fnFu;()Fw@>-yn~2p`oPjB#o5^vAju
z+49<<AwF*%9t!Gpag}_Uh@)Ba9Q|5jDuKe{?jX%LxtgZRxV(c8t!!CFxCJ-L;P#@Q
z0#vBEHRmWS_?d34cx7|oUBas6l?dHJ<pQuDn<;+HX)}0H?U(zPYu98*1qETZ4#d9j
zMl8FOb>FvpMu+uCZ*=uEF^?$YoXxqg+xT&G{N9T<tw+E0<p{Yu1oRzbFJ`&qZ7His
ziqWdU-J{u0%jz3S6W~&64d)x*;bK6rR85+08ZpF1?gG0RFk>v`Y-O3V45ZFztOn53
zb0$42!s@&;(01S8AkFi0h&@uelPVxgk%Dppc#JCow3NgefJBkBwvAz^bg7ZdLSMW(
zK_NTE1{HB<Arm`Gj`r6Q)sJwPhEd8`69PlI1CnaeeO_hi>tapogSdr$%@hX^GM*B*
z`EV2{5=Z(4DJ^h(Dp`&CF%LSEJJFb!`X>C9_mP$<CcoD)Kzxf}Ke$}7f%yyVeHHKD
zw;nTZrx?{?%7@KL+?|3x#W1dZm`ZWU_uA?6{^C9Raa$s40a3zz$qBD5T~DRZdbZwu
z?$#6aXzq2?j|c%f;`Eg4cH2y#yp+&e!O!U?oPM8ZPu!BnWIi699vTg|q{Uj0QyYXo
z7qn(u>8wT_jYfL%7M2~VMEIM7jOR`*U^)6rM}yuEy6>IpRU77xy+l{0q+XRrO7bXq
z5!39E<#r>8ngWY)rQNFbpB{6Z0C>ynsTBu3dXzFmwFE}Nac1L0s$Sojb8OC4bk=`5
zU^b6-rrbuR#K_5pxnXx2aQYM%6l&h1A60is8d<ik*}`TuW>F|r`k_If2b-CrD?Y(t
zp0R^YF>;9bK|Q#%DNMDv3;uhg31r%r2++j$Q{<vwyv*7ByouKPU=VTet%;n02NBS?
zUk3%5ViSHdS}O0d*HhDNoe`}L5)GaYg2zddaEdx3dGRFDnVKzTa3fhlf*3!&Zg&*>
z!K}<{kD>^L-}Q@-AX??TtC91Qk!cahifetT6m6y328T+Ikl%`kS_(``l@Tlwfj$xd
zER}CY@Ku+ZHqSi79cDHldp*fX>>|#XEE41-^I!$bpWh;4J=?-%vLlt|>lv(2W~y{o
z?e!%yZ_`+Bp>COKo6X*5Ot@0jNYMcUb}#w~Px-lV-#3Kzm*SmY3&g#W3U)p934}E&
zsm(+L?d#*4w!Bv9AybyPh<$@jo*wEQsPi8B^1*f3#+WY`TD-X+=lx)Phl-Qz4zrqO
zVV>2i=A!G7Z%ql}6<*8(_rB7F^CRW)(vypK7n1~%>`6}XBrcF8XX99{$qizYO-G%b
z+~a!bFWDFSLnb#5uxFSZ=-I*F?PAoE0)3dD^E3Zy>5bAIN_T+iNm<sSOzKw)g@vEt
z7f&QEYQ#!zW`BEFigt=&CgNhRJxB#MBVQZj=1Y4=%aoknlZ>tLgi_ZHzjGvB%6=7o
zz1j?$7qFC+ORVr_JpkVh*pKHIuX{N}nJuMG24?d~*_dpLKpX4X@L)!BA;V9%K*W}~
zDMc@N@@=91FQPl2u{V#6ffA^2dcXOqnE@=nI+V#Hrn^l|^Hl$=g9Bky!JGijpZ@%>
zeUF3VO3mH^azR9pF(Q4HH<1BcCYg113_7vUVSK$26M?3RGgn*7=G20eKA4*yX+4HO
zy6#_zXr0nijY@;!{zNh;&y9Gh4WAnMCaMUx=XN<2B0T(Wrsjc)MI2|dR~&5!mUny;
z-RIhHch+S>@N0TemNI*%t82FqNz%~weuQP;w<4U&Gg_btNMm*~@m-NbpMY4uWBKHF
z4!d_Y(HpKIQn?D{F}RBzwzE6+S(S3liSOHcI(%avCK;hjqMtE3-=kW%pCS2Q9{Cov
z@3H{Bm($h~tE8+O$^aV5+i9JZReI{xuXQfq#>-0uul_-&_oG~|qeSutlT3!lW{{k&
z)Hd}SPf?tZlt>Z(BkSz^$9u+P)mqm$dPrCK;Cn<it=NRb)`pS@E7YZ-8yR`*fu@?*
z^Q4f81AEC-<}>z6Zu$t|FOUek8AFCm<nnZ_#hPd_JNy`=Ec-$fRWvDLjk~PrFWigy
zSYKDcTwhxO+U(Fy;>mNp7EUF=K-*4_m>9BHko2uD(nJGZ_R3^F!qb1IK+39irc3`t
z@07t{MVf`n=bUcW){^+z)|ZTu7G&F%ye&N0Kiy@5J_0;ktO+iP8vOt0J-Git_ko*T
z9sN>SZ1Q|C0WHzIG$<Ws_;{;i&?P2<jkT~85*U3?MGTwGXAo!@VI`Orm{a3D+h6ir
zAoNY_x+U<GIrdBADZL<oXg`YBxdqL00Q0z5C-+wjQ8(hg{%1EkLoVJ<#$C+3h03fO
zC>?N9R)1h5y`kyv*}q#*-+`LO>?sjupzy}w^QH@`3l-qmeTe*cnZV1;G^N_Lfvja{
zTV7Js7jEQ16c10C2xbE;mk>{#O_6`boeb@553li}Y4%)#5TRcuEY-h73|o{8g^5OW
z%j?yLUvc#uZm|#8BgYEiaw1%{h^%)Q#7qT$(NgmQl|_HnX;%OF=&#VdjDXt&mIatQ
zR+XD%`|DtUbp8NF@SV5VCD4;U%DRg9(@8gS$&Q_AQT(B-{#5c!d=)O&u)EtwC~S++
z$AjqM|2P^W<CKMB)YLdj-gLkxmwfAGS+U^(yjvz*j!+XwZ6@wJN5#ekz7oa_&6{i>
zTAKA!bzWV&o7R2sFZbQDbDX$Is>`Ic+g1@eQ!#XCQ%C#_P5UyKYNCVBNHu3=*Jw^@
zz!T`#zHaSu$;kjrzY=cSPSF<ZXMU$Ms@Ki%=tZBg-2>jS@q};iCKR_!rCs)?tqQbk
zc92mP;0dzn%P0=E?L%iR<IhTg8+&|pHTg+?PI|g(L;O4wc9!=HK;Vn_squt3(imNe
z@-Y`=t}EJ3EKs!@IpAnrF)34XUg(wxKR-CQ-))y3Mr=Z-{*hd0<(IOX7h7Xrq6KN=
zone`qo3k<82{KR3ht9k;YUmL?01mI5e?kuNW+UjDaKdGXZzWgI_#$87)Vjg3M7f)Z
za)7k#ic+H_ktOR6_fa=M+401%*TvF@lird5^t%R;8-!ef2<zopX^#RZv>nGDrOn}W
zYOQKP1H9^)jB`1q0Qv6wiOclrk(>?n51-!XOG>7_ah!qFT6FoAX@^fr!Q1%HKHR))
zIjZ4}yX}>ij|`kZp?L;^kXSb-{vOhWv%YA2eRGe&HGD1z2Hf6JsVFT|O-P)jvqR@>
zTn7}ouA{n0&${U$WV9Xgz%b(cS=;>VK~HkJgT3pLs|qYFnV>WG=DraBcaD*w+20pg
z7w^45yPmJMT&gfHl@6ZXb<EDhQw)7II}LGz*Vm>ztrIl~c48afei6@Q>Ve$@yXF7f
zsyARUT23Ydv0o-b#%TSG3%oseyE>A3Y81eV5}GA{DShjbO8FWqMfSS9_MN6r(Ww#R
zrra5;1C7(fou{QA!k`73V1b%Eq1^M(`KG_tTBWj%sow4Cy8Bo_^xnl}HnBsK6@iNZ
zw!C}5W-`+-X`I|;aMJch6UBUUgHrCgNuD2(16w>T9&*2SWZac{o%)0VH&^3JN3s^I
z=Y)N9YA3En%Ju!>#U1E<H9Nqy?oq39pJ7Zhuso&<0=i<Pq_YkL9?x+HD@1Vupx`??
z+XoM$7RV8lWMCE)ruuR48YK}!oUxHZh41$#Ck#{{a<Q?o%Qx6N7|-t`Hgau~0+5V{
z4(f0fZ-Lo~^X3icwA6T--#55VdZDPBIf0T@=?j#quo()kiPp^<@;ftEGp{UI*yNJ;
z`KU>Nx%G^`wA+TEw_*hefoPBkfQAGHHV|>P3b?7_<^Vnx+%Q~lq14zRC}RAQ<;4d)
zDT;1Y{+2+apM+C^QhZmWZNXP3C8AGszW+~?^^Yq~ZSabbpk(Ay>E8Xkb!_lGi<JY)
z>6LUE31{v_@|Krl+DDfIfx@Zl;Y*O3DfFib1k(+!rccRQd>o{y!$rsOH`!yMG>51_
z5<7$snKips$KHF}*AkP>8|uF<xn}iLKAfvnDgzE_dq5$)d0FM_e;>;0!RHtSre8!s
z1txd$&s7SAX5jte6y=rmr;)0W$n}1<f(;ll^x7!SEg+|+D$l~18lu!M3g6Ei+B?fV
zyyiEOB4{~n8YX6@g!9Lf0JgMc&(5gS&zFt$L@+^d#oN;7BU9rS48pz|Cc7xYvc`yI
z+7J|Sk-d%eKvs-+`qkqY8Q)N=XYY{L9ZCkXEsf3+gqx%jgB7DS1II;1XxOnTch5xX
zY^K*gtLtYe*C~}8YPJj-UEnJH>QYwZ*;a9H@8}DGMYzV=yoRX97&ycnG(efgP;Lvg
z@O_C=j~YJv4Q+oMqYmFw0UW)P|E~-7yZGvp*sGfbL)A^6^Ohd(@(omHMD!jT*Wnzv
zvVH;{UR<*4YCwMH5TC3rc>7=PV))0;)K!%NoRI+aFadvDFZ6<e3*Wa`wwoS-Z{G$!
z7tZ^0tnNtKCvV+d>fl=NnQgfR2Re@EVK-1q;rMSX^uLsedoBfA?u*OR4xj4BmOiXF
zDV|OqxTYP3DhFGLWMr|LmUB&Z%n&!?)S=*oL8)K`NHU@Y)*J=@pRW}VgS<O{;cH?W
zh}rFFTEVm;=3(ELj!Q6Ajl_N&VA)(xscE)f3849=kz)>p3*s3L7?0?2Ik;>Urzx9}
zlZBmWNO8q9eqa$9UopgVWW)v>sFVW-mO0o$&k>&lXg^!ZJJ}sS{!`0%n8nuViCCnM
zf!o%CyUB`cv|ogQy{>_1=uX)@KB>c&H#9Va#sN>xDZl@T3Es_wKkA^}5y!slEzc8b
zbpEtf3Gl>yoRinDh#O1lWK%vGb8UmNXvl@3ollhwJ<1nNAKDl=CGc+KOS6f15lA)s
zn_*K81HS1uv5d8xMuLgJP+zLA1ae0eHvC+*8$3@Qj9pd*rLHIEqcUr65B0;Q`pR7m
zc_0wOJ;%W4_GC2!_1OAYI*-Y<JT_`%lE~9Gk9&KorS#2b=7kI6m+RzngufU>_Nz$;
z(SIHJ6kcm!U9W{3(a<$j0MOR_K*-efG1w4?<Qb>=l>wjD4duptG!wr=UBU|c_DsW^
zbE}HO6!AL-Vj9^B0zy(EySm$DSu;8~eqk$u9Mwg!y`%_LZXL4|B~z&4w}WUyP^6@A
z;#ks3)Cz`jV4c->z}tg@3^r9f|GSkr?YsCi9k*}4*dl&<_uft#OKG7LhuD$mKeYWV
zM(%P^eR%247`7sI&2OsXLjlLnrqtvF+yXd*sdTwo8!M<8B!e#3nhRJFyg<SR%JFFV
z&kc{xY)JB;FTHff?bX}8T5i)Wr_x#VHA~MdGzZ>{kbdp&uH#NamdkOf^Jnd(uIGV}
zY0#^$&BmWg3Y2yxp<j_lW2v$g_>!3fw}d2te&JT;@;Rv#F-;UQz7OKpSSeL$0(F|P
z5v~{rt!<kQj`SN%a$%5jOTIii{9-<^ybUbhw$QZa+q{B%Un0KyK0_z?YGAMidbb1W
zm^BtG3>^9O^lz;UfrCqf$xjA_jE}&!TS1YICi{u_Hb7}#lz5cwf+(3J?vOU)i2Hf0
zUx_~}a_Y5libsI<{5I^xUz;;&9@C0f6S<a#d&R*%4m1+f+i0v%4OXrzmynEa7g*yY
zpfCMC!f^|D?P7v>!!xQ_xI%NkMAg@ab*3JbxgstxRX%ji4L>%_C#Yp^2%nW0w@R#b
z;t^PRJ0cgj>0-c&qy+R+*F=OyCwz;l*X~R)G^@IZ>rOIU%eRt#^J)Wi`6RwIH=B`+
zYGDy?KjA&Ojy*>-dE$txr++&yML*(8;CtkKJ(#I?joDnmS#2W@`ebO0sE--`>GuJ|
z6;BydP*iCMMyYarMRdkEL45wg&B5|B)eqfi8FG6iAi=vMZ-rWrGRarA!w@I!T_w4C
zG#w*%`hlYFW^D0^QedM{j%<dO*ZmKu(S8-MdbfZ7vh?HyyU*J=N?0x-4gWF;Y&9n=
zGDZt1u<n^E;I1XX8FnMlrbhdGs$cy^_ZyN{)L9+b6{9vD<lKq|1tAbuecyhChE-TU
z9Y9%;P*U|Rnh}40I&fhzz31yN(Zj8{gE4X_ZL8V0qdk%b+fg_a&O~3XTVqqL`mopv
z%iYAaxf<oO2Dt1bZ~we~%FYo}Yt40~_}~=_9=@2wW`IcK?6$4$ZgteHjvkDcPWfBh
zI(4=$(r}@7JNu75t>dGGeZuyI{yc2#;?Xfbcin_vu(Y-3)W+!O%y7en4$18;p>CFE
zg@*=$?=N5aj+JSowMb5OZgHJL%CoQnDUGw~&|fJ^Y}v&zcZ@$)%M8r{HTk3b?y&0E
z@S&n}M8-<|&=$g-t>{7MVdbVKh4$DR@gp}~(Mu?BFmOEw6=lVOI+_so?dt;|y~nH4
zzVXzVn(`8(4CaP;dy_k$P{e9(8^fwkv*<x#lN!!b*s18w-v=_sFG0BDImDA9=%~!V
zR?Pv#n72yZo3Xi+m2I~!;;mDl!zP?W=#pcLBdUK%xVmXFRNZWmxBOlV@&kuFVWf01
zNLop;_ZKh7eFe^?D0V|z_pY0pubZ3QI+S;{>r`huJxTlO61@qc{c+eZe9s7QRCvn!
z{pL!#FjMM6UG`QIE+V<k>kEcTa!XCVe104ZIqe<xzH$EvP>0gjYc3pUtL^Qpv2IZz
z@TTFNRrZoaZ_LYXw{*0Vrocso-(K<@wh}@K$l&zfOYOGn{f^V~5wFS}2f;n}Ud_BO
z4C&n+k5m`3djx+_XH;1Gj^N;69f7r_Dh3e(MDa~>t4#$soX#@!Fav))_!IOLbk}j9
zI@PE5*sKoc8u>-M?uff2Z#_op!10{<wFkd{=kRHAZ7a9U4<C~-Ti~xNwG~f|{*;y6
zK+R%Ggoo_iA*Lk#+V;a%o&Y%FYEo>2>}Kuy?o0rqV0wp=TXVg~PDc(ATz}h0;}GKD
z{G02{{`)4}b9OA`4lx8NfLqT)!CxzmUZ}byo3^#7u7IfewkW*?0T-aME6)Y$lQ_R~
zTqUi~1je$%T|ZZxV5%dQ2&M5058RF7r$1hPT5(QO&hgw>R@g)}X=VGc@l@)?vtDQ$
zX!n?4S>H&@qx>Nob(hE3)Myu^gfDPl60cmg{v!&|W6KF>sbQ-dpm<MG+fMg%FD`fs
zx(*X+`gx7v?%5eJF_b$bFqaOymta-RL7x6PP#v}}dmnf2nxlXLlOOFpHL7JT?-=Ys
zye|e4s7jVFnka~Bl3;b9CAp~f0jcUCw%S%)ejK2^6|;c1h^3MHrjC0mPb?EUnA;UW
z8YXe`j5d^w3J$Gx!J0NfIp!RtO|6;l`mR9tRWem92Fox_OYMza8E$N*dupzezJ@jc
z{+C0A-&)$CyXuVJT*x=EZ};~vPzA2{jFf)%8iRxVgVlz7t+^0x#uBfIIblMA3Vfp-
zufKCV)$o{G{@o_t*<~_ti>vTv8j`VsjbhU(+Mv)NT<F;)&X{<n3IshgLW_h=%T;6w
zc<ji|s6X<2Y*`i{{6+ZC(xQrwBsd0!gqVu`uGpa|l5}G+DFmFeZj)Ta{A!*n5Lg^D
zgvVP+c7pkv#0mIb7-f~!K8;L^8UX@-vwR-73D{Jz;zeZ?7V?&>HO7HW!52E$+PFLU
z`{}r*ANYRY4|wDm*4XEL)WVeflN0m}d;)ZN6Ku_uEM;tCCMvJmW>1|Yw1J=wm1T2-
z8-H+r6=@TwR>FZl2JVfeR~!2jcEg)oqy3#TGt9FbM6d~iQdTn)g$4dok=i|(CoQ+!
zQhkmG8jDL9E$QXcyOl}`Blb>L+Q=xJ<Xpr#D3NNWdM6sDGD+EJreMMvxqtn?8I+&@
zBX;$#(AD1~TX+8>_uoJMcfjjkKl+bc|9t<MnvHJiy_U9k^3-v!Rg*csJmxUTN-O`C
z=`u8jboa*qk$bhx!|WZtYVF=CalX|>wzO4BpaMKTpXx{mIyIL2u)UueA6m^T$sI!>
z*L~->N4)MXd%~Wm?=Fs8BUwz(0M?%!_itxzMF(iomp9TX><q4yIn_j8P+ag#Zxnja
zB)((d7_Ha73vSc9-J+PYde8}GOJOwo-gLHcUX}?D_2%x9)y6-KZ2?tCHaWaJ&;vb-
zzD9eP>r}vChYV5;dtIZ+mp~?hD@hM<`r1?1nQTcs_HN;#%NEW`lQ)64!hv~|R<vKr
zc%owC;+;y(B<JKyybu$RUTpy=+D&NGZdr^)#*GPAlqHt#Xh*6cFOhJkHFcNSGJPu>
zqoy_R5VjU>P|K=j#}Y<v<yfK8*6%yVjpu<!k5KN(=#oUlvn?TFpH&WT;bdvNGuNju
z1H{9;u(mhOJUEr|4C{Om1os`d$XIgV9?ayuN8sD+O9kt!BI)uWS3Wq*GP7W4Si`_n
zbBh&mhb@Grk(hY9BamR*<LO|p%0i9AoTLecvlvc8Yev6dgLa)t`LZa~_&DkCXKt?R
zCCc?%-#LB`FK|FP>8$%|DKJvxVoj57qTAGy5g6%yTux=UR)b7WbXTSl#KFq&sc^#}
zZ|Z(eXisDlm@`FK;ynOHCMQ9=pJr(5P6Xh;Xl8alYhb#Qer-c2nU#O~Iw}J9HJnrB
zE)<vexzazFu9ggMd(nk_YGaE!rZB#91VmOM)R(os9grsX=P)pduthC}KrKzrwLq2N
zo#ovVV?^XLR{>nrbnpeH9hhZT7F@uJlrK2+8&l8_s+~%1I4~w|Jd?y#$*a<qVR=7i
z@e1iO?z(9vVMheimIC#7YD<DSO=Z+&2abgA8LN{V!=g2_JEZu-`G%&~Jsl5W6gjV?
zcbjDF07JWu9MIbGo#PxShoQz~G7YmA)T6SpPh!*bN7uj|>)ZZ^l|omI8C<2m5BLDu
z7wEEax($OKt+9b6NSybJRmOsF!PnYosVJ*GD077q(5|~S5E>e7XKdvw+Zo@iaam=!
zpFs3<^4dZLmKVZIX7#g&uX1%Ld`4erXqf64cy6`=TIRP9NXQ-zmNJ>2YQRW7E~%vy
zN+C>|i^D1_NWPOw8b{TVFh%3;ENO?doT8@>7mg4gnFI2sI7IXH=q>}OSA|LR-EfJU
zo0B&acX!QUWi+pdiAI`QY*&Xt+d}4Yku18sTim^_x_rAphT6*&2I#7&nX4z(9qmN0
z_;#y0w1G!a`_hF@Pe3&9en@GeorzPd&zP(Q#>xzLaeiC<O9YxtoIgn5q~w}#-8qN`
zJq2?0^abJ4s)}L6mH=40i?>tAhhk`N30cXyw^S5Nzj=MAL4tEzGqf7O-p2WLZ2l_)
z*}s*N;!e2z@)5*x(W6`)M4O2*J^cW3|BCra%r%#xIW5&Bb-~buYkk}FV0CQel5*$5
z?`u&LybZPsN4@V+e9EOUNmT-6;-nozeM>$*Q*~Tg*4tz-o-*gVPJ=Fsv^9J+@y3o0
zp4nQM%1TJ4RnB_3fTI2qsOU?}HtAF9(wUA5=Oc-r82GGXwgxuo?r(ChUoHmESNS_j
z^H}paPFpJE+gYWBIWHH>8~lQfnO{ME8RS0jgJMc_^!(|S;<;bl+~4*JMoE*o`YpE#
zr*QbbM_ztMFJ}jX#U^J9hJ>`Ae&>)kNTmkQHKMGhO-1EoU(Q273pU#KDRKizk&pbK
zU87W~btxH5(?~m!>wGg2lHi34SP=)_9;i7gaD+{&`?6T|QmMU+*&xh>eI0R&p(fFQ
zQd%O$;rC2U?I{kDyz~$2bY@>8)mVNV*J!b_8heOFKeM{^ck|4_`M23k_TQ&I&;OPA
ze_=-SKb#Pq`Da*?nB?V%`}ed;%UBV-1)*7r=AbhE^c2^Pzz8$O<{hXtfr~Z3?;M}5
z#QgiO{;xZn|CztxAig{a$Nf_=zjo=W23h2D-948gaNDyyYMh^wrp5z!lSnnhsvmfq
zE`Lfp|EPC}Pq{lQw<>E1_Jvt?$wM@0OmxJs5FxV$41}(UXL`|p@jZI&>JWu6!=DK^
z&c!Sf9B52rO(Cte%p5ZQ41XbqhEE=Mc_HQ`!?4O8HC^l>;`Ev6cFJw$p_Ti^fu<H`
zp1KYAxses<An9L6CA;(>t%*iP^1u=+f5>#SB=7E6ipa<5y^GI7aDOV=&am<59`@?)
z6UUwlxp6A!gH$I^?(ZCzbM7BQ?{Yu<SC#$0J96o}|E}48T>RZ9>;J=J|GNVJ0q41>
z?dlp}1Ah&3Djbx(+Fa6fQLLoH9jQi}LnwyvE3VRm;i`?46^Cn)*eWT2DbaZG&ej{@
zecq<YoW>P;v|VBNJDa0ezP9^_MTG(y6sFf=)i|{+e{;${SdubnO2oKjmv~+MOuc2z
zYZ$JpV9I@6RH;9?4qv|16kmN^80Sjo*;W~da6|5;eN1oW=-)V$AI@JLF1hX<V{xM#
zlH-;Y;ujO+Xzm5&lxq?-Q;NPFtaqEb&c^&`bd}{Eh&52wTGvy<2J3H_mjn_%5LTyR
zeCPrIYmdAH`>c@8_MT%oY+Q%5FW2>p?uO{Uf=%!DIN=*)%n%F1&TYc!IMY$2G;k&W
zy8WGFNDB|Lgv_kknTIt~AAbB44-Add;40KlM`}hoMEw)Uo7`i5a{C`u`xCJ7J4c9C
z<$iT*b&f|3TcS5|7qZwvJ#5);;1~Ok=K5E22-7mEC18;`zi=NwQDSC5CSu*&dH>J9
zv`^7tg-~`wz-2%O4L6%bGK!JQe$l1C_UZUAQohN+Ou^6q!OeSu(ex!INjxM6y+%$>
zqOK9G{cl{!&P9=MW}LK$LZ~AY9(45H;Moo_%K!e!G3qk0-~YE0%fwxO;j_g-SMX7C
zEyNoEa4S)~Zj}nTaaL99{-Ym%?Z4+C{`Cwn+)1I}e9J<t!_wgCav<}%Bi>SS*2Ge{
zLB!EsRr_61E0PLt0^cz=hu;6~N9pWzE#Zt*<mA|bxHbwOBD-^rM$ZjT7Nf>S^4J3W
zKo~l}Zvx=Y=E>14{*nFfm29Rsus@|$J-1t5->=%I9f=z$IM5txl7?4eP{n{-@HTW@
zJL++6h8Nl)w^aw~8D*yDFYz<EWyO<%>ky|LyUA*o-X+}wU`LoK><C76f>Gph=l{l+
zxc@`<{r`Jgox6VnioDMRQFd6K07_^4@)1rcCj7U;apYtAH$X87a*%`}(;Oef8`ZW(
zGB$JV%j|I%F{_EI#*f&Y5r#Xj-nIR0aM0Io_y93o#^{=Q=kTm?(U{_2kv-oFe2nyS
z+tWy76A@kfA`mb)!%HCy;bBwF(T_9hzbH6;RWkz3;)x9emggU_A2v*;QE}2}WS~zO
zFM~nTJ0Z7tG+2<ineOI>2<~7>y|B2gYc08~(BlEp-%KxIbfwA>aekIgn7lofg7Id)
zS1*g0k-$IDX&+o(vRia@s`^mSg*ZeA&@VjD*tIy=JqG%Fp7o-7ly7nO@f<KWc>7AR
z5!HFM%%u{hRlVrt${ywO`f>Vowun(tuSoba>fmI7z%tOta|8#Uk|UA{!zq?|!K_`m
zZhvUV&Ye*?!Z2=ZPKqZ2zE<N?b*7~m=-F}pQ(wd%``ewP8g@CmA!GdE(v2%#uAjTD
zZX<bMCPR9uRPlf+-P@dv{Xk(=n;KuAH0YJ%hg*ByN5f=9KZGZMI^&}n0lf$EDFx})
zmV<kYHJ%l!)a-F44}N5sfsm!i04U%R&fTJrVcMs|hl|9{#L<#UpMKO#)tCE7Die3R
zh;=LWFdzO5E90#<GF68XKmii3DM>V_*7aM5x|d$ENyL7l6+D?8AIA!2Ga6(wGRa2i
zUq^=)fG&gQ_vo;+x2k~^RY3oO#ur_-i2<G649N8L({Ih?4^$ZCK(*#(3RC&7^SOFB
zPK7Bdj<f_*6=(rh9!n)AJ1Q)2HmSY&S}J`%d)Xk~cCOZApNX`t1{mypiWj;%`CyhJ
zhjL_D2xjk6=GjM~U}7$(OKH*?x~fuBi@$y``sJf>OvX}JXis2QCrGqVPOx8f#gh~a
zg_`9D82LUiCBYqnF1o;#^OOdOH7(5raJ)LsGpWS^OI*`1X)qA}&cSmnrP)LHrl6(*
zi_p?n4UHYm#m|%pDt%ft$K#`W8g|e5=jdYUTiIn(%DVLv4`HI5lt6FDA9}adw3_4v
zUj>jWHw}vOjNqZOo*>MZ6@}Zv5r$>)1Om7+4{1D*uc~S*@gghiOK*e8pFivj?#D}>
zjh^>tcY{&C^X;T?TpqPiA_N%JP}CLBX6_+3S!H59FvZ&A>;Rc>=uEY?%*z&fNtneX
z&>JkA<U8OFFOcp$lp$|2?adXFK+|*ZsiG9wS*dt@7CwuT*c0(O*XLb-*NGk$DhYDm
zGR8vAThRxHm^6@d2?|I(i&K+bdFuGktTxirL7)aG@);q3=^4Fgq4usx;ovl@!+oUm
z0>F+oxFAP}2nZE2SWAz7LEB(CSZw*C<5M*Q4|}w^1MaI~!+$4(bA61&g-gG4U|oh?
zO|7;%F4rC{+lCDeAG!xs-*B9ly7BpI_lV>{B`_;aL7f<~j1eYl<CY+Jizk1!dzYpr
zm0hZ8q3zDJ9X#G_&!P7j7|Yi(wXEB>fpSQy6(uG69E4(<R`SH7SE^WTIVkScgrB?m
zJqTR<#63-D*My~#fX1S9@`XW(r%DgdvX}x5EwFm}^rifh@4?=xy{81Y+%G(VlIA|Z
z-|-$fK2iAyhx81~;=KFzDgC$G*lQRTM$|e_)-y_c84eV_?iPmVl{0y_FdQ^mPHtVN
zFv2a}@OzJPlbYNdJ>}2A&eTL$Bq#GnIwa@lNks|b@m2S_d4oE0fF-#m@5wFMDT&~(
zV(nNpkQ}}ls!P$QEiX;IEo!Mq(SE$P;x-ZLwU&qU3C7|;e(`l|7=xyDOtYy)kT#yx
zr@y@;@yiOVC?#omuRVBbKU^4>(RY9{Zip?kQg`)-FuOi!SmEt>lF=C3Y8fF^m+bgD
z?^{DpR~3PQk3n;%THKasMRxN~O8X%dyQ|H;sLys$ezssp8-Nqi#z9!O%_%OC>R!GK
zfvX>`;A-5>H@mx9P6=$um;0viod<PjN!g4<qP4Gn!D-_&_i{>3r=T7w%S1+ktzFzK
z0en*Pme0tm65i^EQ`orX)kySZbV`DC@1BY3VnoVzi9=6Nb!SteqcOGLszWlTg$kxE
z2lnlNE(}zr?)gQv)}pKu>-QH(Q1%%^<uNgW@o(aJfogu=$YeqR=!zQ~R;qLdWyPk)
z|43(v1#YUu_a|@gotUr$fjr3GVl~mcABA>1jd?XA*aFCM(aAH!kMG2BYA>AABJO+~
zU`zV`P+CAf3r&%~v4JI`tX91GhK&{zJr)Ho1lnr3vsAxxgmECP$tra_qdUg7C8#3m
zMe#ea#d#D*1Bh#qge&S)mqHWNY6g>5xeEgdOZcjWES`mn9)B)z{W8{&8<0{p?jgjI
z3mYFi_|Bm@;_L4@xQzP=MNLine7Bgs`M#%y1#pO0#KMolr?E=84&Zl4rCbwE&O17$
zAKy4DpbEY32RAU+B{G!^UfuI{y-ebYSJiy_*0iHQOG2X}<?+nD-gYW2FMZ{YX6Gf9
z^VQ(gCgxHX=xKJGb*^s7r@(F!k}Qi9epa~}T6t>V=V~qH1s>dA@^2^JPwx3Z{Ky$j
zZr;i&E>^vtLJqgJyje(v4<K_>rKymqHr0`Q*Kz)V-HZyQS}Mc6*Nfoz5@cU64rped
z7-OgCY2B{`nFF2FIR95Kt!A)bJa_28#Fiqng8;=;++r9%sMIWesD$7Tu4AoWG}X1B
zt4)iDC&dW96Zi6;Dj)aYx9$PV3aHH>;nE%by}f}=Pxu!7?%>@YHjbSjxjXYmd2OZA
zqdLwP2Yq|?W&&*ieMmK@<oJm-Vrhs4Zl|BM!pJ+;3t=ATF4`@xtZBp1&29(ePu7t)
zhhmO4KJ6qmSi1h4vpOhCib5p7O+8=U8RoOz9oby=MTvkwE68*(MTviGru6Q4w8tja
z20f}c6QC{06cKBbf6%^Y;8QjOk9Uzm@cj`d=6cIa?UTlx!=w%tg)&FUi&nxBhISf2
zk`>Q1@4pV_I;uOo()+MyzvJ^*5i6GZh2Msetga!rayi)_$G<k$AeO`dJzPn1jaln$
zOQ9?Wl_PIkeV$1DRBgr6+FUX+{}`)b!6%h&dQJ?lTmUa<?lqaV4Gh1_0T||9xH?vC
zIT#7Yy%w_E8GI7axq=-@?toogeiI?b-B;<fGS{=Wyqa(@$A4%GtNjrHKoFn56+Kyb
zpg|<RmA%J#r>??taUnoA^1;Ku6pG4Z-0F`OGp>x4vEGIa%=!2nV9R2Mm)8%`!b{2L
zKsrMiG(&x}jJ74qXvG!S;po^Hktb9Tmm*-5J9jvB*QtfOaWgm4s>hvwY|A$%BI4`e
zPxw(|{xxXrwlApV8;HG23>alg+Ys35A|@e%7eA#sL8x(hCy};e{STs2HQV+`W4(8Q
z%B=}@Q^To8O1eFbTjG!Pkbme@GPp8d3BSls6%9XM8YUp*-~gi%Nyt@v){Hn#Fa}de
zl<wMIdMjJn+1a|s43u1$PtX%^QqyP9ZMlS%l8%v;!oq8#>(O+ll2H#`v6`3h*}}e_
z8qV>@y?fms)*<sc>}0~J8G8DDub=LhvFm~^)dfjpaHyH%j$|%uTe-;;u?Q=77YQ4$
zI2H!d!EHJlp4QZ+lFd-M_|Sf}>O%XTEggCX)COEG(qx2dR%NRXO{1k6>TP!<q-r`E
zfR^macPI9|635M%bpiO!cLg+{y-!z&4ty?hXVGnBvh`_{WTA7SFWJ)9W65LwOX$*+
zr|<cKGnzdE?SjU=dKaHmsO5J#gkcT$Gj&MHO<g|q`Nkp|Bq$9IRPP9}Ph~&QN85aF
zjOk+dlUB{8fd1@*<sHuB$=#%*l<JMq2H#lC<Syw*Vs^w$Tw_?h%y5dGQI}$X{hM=1
zNlhqsl@*(tnOhxR>=}%DQR(n#Yt=Y9cFO;R>cc1fj?6blk-gKV50Jz&FPQ^EKruy3
zK*yz&6#GCEe_yRH&9A6Qa2q>=@p~US2iyU{X&_?nU^>17B41`jaQl6a4D2<r?$Md>
zpWyThmAxbT8(16_vly>r6@D0?9Nj(CAe^)H3#@)t_&`gIj_BB{C#r|a;$D1BB`w6s
zC7guaOPU$Av0F>XA)2SZH}%TUf22R-X*H)Oamn2LM~o=hDB<1%rW$X6p5Y$s=Qv)*
zVoPGKjtN`A#`gS)KjdiyxBbkB!OzY)-A;m<@SNQ~WcHjV?5VVKbR92w(r4{UW%Waz
zyo}1lTLbX{qfxWn%9Jvs0n#P)v$ANI?5`l<0+K*zC}A$d)ZTNrL(sA0t_|N;$14^B
z`-TZYL*wDSj!KY8b2v1h=N{5_{M?-YYJ5i=ASi22;^s6o<wsz_?RRJeAmPz+?l3(k
zyS(raGm0O%`S?=?y}g#er)Ub7xWqpEs6NqSBa7$#sv%IkR|aGDJ4qI8-x@^@D4k_(
zufp4ilCM>8*nzD)$j&fJ<fv{<{XiQxR}rxyi`D$YMDLZebDTMI7X0T>Y$?54)H%{K
z*vXgv@a_D6r>nsI@D-PV@gJQRGN@Sr@;9$7h+^2_4ihMDB*dYw&nC8Ki$X?Ct3Q?c
z;?Y8|UUMjMwa+d_J1Lr}DMqK-@)v5dPb^F&uR+0J3c=axS5Um+E6*vCs-RFYGiJw?
z-c$dXr6>A+xBvW8;T`!Ww@2r9cac(wJuJ9-TVp8oC&?dHjIFS$3`pOK7-L@WF(~kO
zGCGPZN0>#~KsB_u3{E9|=U`}7ZVZg0wK{}Ho=f%wOb+Jw+WysL)z)5u*kC+`!re-Z
z%;!=^_M)$KsWi^`PNuhSVAfiybWCo$kL>T;Mx}LMx%FU)WrXmk4p;!G(6FB-eN;!2
zs>WDO+w3z{_;8IC5--7E<!n@R^p$K+ERQ2Wy|-G$xAeK>Xv67d(KgJer!EzYi`4D1
z!dgs2lRx3vCz0AcZGchzzjNIAdL2`{t|{ffmO6Z^!mwEsNh{XoNG*lvX+S+RlR7cG
zoED8^b-vi7=Cr_GIPuf}qiu2jYTV0leW6HcsmD3kS-hdCIjO_edYh_l%~t%OV4z2U
ziu~i0{2k}z352XdU@ZmcK#sRkoqjoEAljwhG~s!zlH7n121?u{Op#c+!zXJp-{4D&
z`fq+qsqtkyoz79(UU!Q9i!07;kqOJ;^^myU;q=mP7~_jtyf>TUP0ys#l<9%USkKuU
d%r;faRLK-&9{arL#`}9GqTXLVdGh<<{{>*}YtsM#

delta 31774
zcmce-2UL?;yFVKHjEW8-qSTQpgff8iHZwHoLP!FkjZ{e}Lg?-NbQB>747~@XlMs*+
zAV5HAkuD{ngY*uD5+Jn8ch36XZ@#<My=R?s@BQzr^{!;?_sQP-+0XOaPut7biwijy
zKN2p&Y<>b=xODl##fz7JxOU@*A1+_M2D)(Z(&Z~xud)7chwb5yclo8+?>+d<6qel2
zA){dN%%3VCtN1(ID=DRlSS@H~|1$1F<-q;NN}3RFzt2Li;w$8|9LmirFJ5xHaG^HA
z^Rm)aT{jO~U?QRPvJeoO@+4CX7kCt_x2y2$@}%a=zE!e^lv_wZA;wUv&)@H4k3{F(
z;gjbRk<_=XrLUp)d~ay^W(=NzOyvw*h7aGq2|+>6K$mRz_YlKGwj>`nD6BIg0@uiu
z)hq&TW_#I+B{4(WnaYzEJs#;@rH>n%j8p1314TCRRYrFw0BI|+7p3+jC3}(z`7J-b
zc7Dx0!T(v}eQYg$WE5J+*SO9V%AL#<BaO4+aP#3JjgR8sJ*L~`O}z{e@|P$VyxPOo
znVH!=$(N}4&mB=lsOOVwk9Rzu@33-Zt+f~UOV5A)LM#~Snsqo5OyK!zUS8FhVw2!F
zj6gZzMlY=bD6p8Lj`mF>W9ucQ&@Zo_l{4#CDj~LZF-sZVUBCIfnM^Qkj;9%2YU)W!
zTn}n*be-Q+ZRlpS6b&AU=uM(zqxMR3ZKgLw<)9sVku0)B^IB*jJ(BUXIu*Io=g+4R
z*Ws|-&~Wc_O4gr3zbsT~SycdcJrqW3BZ$NeR&^%eXsq8mTgesMbUc3b(#P*vx$g#@
z5l4c#jib1U#WuM99t@w}poGIj5WJ<x?5s~mA`<jwgETakX+y}hyj!1EL~)+mHddBv
z?pXD<5aO-4rq~vTxlt2A7w*9O;~bV`CEGo%j1Nb*u;WoJb`pf`;TAzObDVRyMB*i@
zV;pc2gX%9qr4YX~nLOaezR6DL>^b4PYMlyBsHl95-RSOfcV~}`XlONwIPKK2AUMn#
zYOT3eu@<DQY8v=nxZ+cntx!nTbK5|4`WB|A2bgvi4U0phOJTU2qbHbb1>vO>XT|DE
zF*GMq{%LrZOHE~KF`*<)0P`3+qXgZ@0k|A~k@WM2SaHexZm;L<q~lltmf{RAo&?J%
zkI>v|hv2OChCn+G0)CQhCiR!maEB<=F|uB|$FnLKB~kG>zO))={3QoT;>;`?C`BV8
zut;1)CNA#Y?O_ppt2>9hO7Aue%qE26_`}7RK^ei$L1io`J_xtFH|~(1e;dG4QqpRD
ze~d+{7CxO`x9VNc^=J{Zybh;QVM5?%-i8#d#ZFvS8QnCic&ChICUC}&^()Cnqv+eL
zFIL^!G#KtRDjkoKWmQY6(%C5UOzce#K};pMq1lcO+*6%hF>b2PZ)KXLhEg(wI--Om
z+`&h=Nvxg2FPda>(-(14K)RTi82^WKepT%{g96E{nY!7eo>-f?>fy;}gjc=<M3J+1
z*KD;Gln&E<l7)+E-j`#0Jr|qaPrGgGFA?f6>U;Eij|0)s)Ij1UJSZFj{Sv3YoNsag
zYD=z=?tvo3f@`7L+Te^2-hoQq3o8~f^K<Qb`NFPhgX+%2D!3OgJ<gRH+w|ofu|&((
zUc~AQ)KuYg_1cZT7tztqhHo!)xj$epw=I`|R#Ygbj`Q=2mG|10q2kz;kl%|tz2BDF
zq}wa9#Ji;^c5L|FFua9wB#@vL*n6a|7OSZ}tp#`o+Z29Nj;(cG2UsXbpevM4n)scj
z?@y14_@L^;9>fC@s|H~fOm`|VSoy@Mq+aui`CTv50dh%5Mdv2ln16yPD>tq|s(vD1
zh78}G&Yl{Np0&!jUs|Up^^!%5CMaXVf0S`YZ+sSa2Kq4ZJ8x34iZT>-2AXwDW}Jae
zWy($|mMgJFj`Kk&ZwBhxZw!#UVG>r_#j=*!%2S1XG~oW>j@GkkLp1sKew5+nc$M6y
zQn}mi;Gn5va%XVnPv-mqaq<@ZCoyx03raHqwyF)$iIG8iE^h~~;yec<#wJh4{G?9j
ztI%YZ=-9VIf!uBy$th%q-6%udLt%<5k>6z*#De?|`dhoi_t*6LNPhTS!aV#w@LU3x
zZizx63;f+){Kf_C3r<<q$tm_lp~k=#6Mg0DZHx6HcBp{oNWZJ@j+BR_p?o3k6#eCu
z4Ass|hMa8?rU9s2k~azbbgMKdvB_7h23)CMV-6X4o-|~!N8H@b%he53LSSvhqc+GP
z$5gIPV)R_)$<HpgM#$1A>rwzw12s2@9W<pHF8M3#V;m8InG0tiCC4|bO@#^lp;pIg
zeJkp5ZL8c-Tf%zOwKDd!nAKL3USBr0{aD`n0ZLxkLdCpaQ!l*gsVvd3nu7+0`^SA9
zSs!{7rRL;V%<T@f<s3SkSb%Ej6pG=BA~1RIf9#P4+PfQd&o?rB7!c|Vyz}Vi(!!$m
zmQ(m<dAZ^kd2-i|02CVb=et=S^}@cn>6F$v$40R*6fBvDVvh0KYXmxuOMum?QzMOk
z#xRD>gE+LOA4wDNA6MMqDp?wYL5OmEfxj~ElANIbpIrUXaJes-O(j?v_xD0IHNHuk
zHG=M6?xG6L1NgjZV4i)5$`~FRpur@xPWE^o7mefwr<bBWY{L1`En%^eg*m`2W}nUS
zacS9~w~XvDM&SEf8eENomIr9orAn(T?Iy<ufdO>KQl-=#@*(5I#*93*aeoq9|FCJI
zc!Sa9uA1bV<a<Ye|J6M?>wR+9e6*G})b8su;%4V3Mxz42Yg6it;o8g5v%3g2Q-c-@
z1Z+CQnX;D}n+BL`&zOe!$aNLK^A((<Nb@P&@#9{!Q5IZ&QjMsyuQ+e<hAudBpHU|w
z*W>L?E=6VRi1Be4j`bO=p1}3ozEb1hvo(k`kGKheQvIruv}2vad*<6vt;muY#krQb
z7*pf0NfV7|$_lBhvlOxI8ZXK^UgE`xU9Rd&?O@|eu^pctvpvk9c+~qIoq=Y+7u82j
zeqB-1gtA}l7^U5~;@GYCKo0_&wuDKMPHzMP$nTBA3G6Ihmq=>I36U%hukDx3`7=%v
z63SU(F3ctTdQ0<%k=Y^?5C3U+LewoC;Pg(#q?m14QF2_Yqc@~;ZzrhS(Z0MBw}2$E
zhbGF~p!(IM6!e>{cPYZ?XOzR00P4y<Bbu_os~{~~Y#Eyn&~d*K4pE=h{rxjxsb1hB
zl_ug?&n885ptbskCvjX)ZXIrlF@2}K6I`opOUo&XKjf6WLG3dN7Tdq75bgnpht;h>
zMc$a`36>Tl`|mW%$am8MV(ikmI?K9WScgRqkwSvK4~~P!*+Vz(R?+0P>a~y>^<v&;
zmE*Ep2A_7Y0iu7z7Zf<3TMzIKfr)4oXJjYtpQlR5g5wxAZYtRq)2C;W)|E2x!B!2z
z{U<FQ-^aK27W{`fGawGW3rMBN?8dyLDxccD95~qT^2~O3_GNYlL>zUuiY7=%>uf1o
ze%H2<_hpUrRVanq&)!=-3i)Zc#|@W9Sf~F{6kQTjD1Hv^j&UT86Dcpox^doPokCK6
zg1x(SP=_~+xTdLwP|lC`pC$FnrVu$6p<3F97{_Hb6F&75$rrW&dcaxYNy%8h^ww<s
zDgE2Ks`R$~S+ie%v9R?GU$?rfWPB~rN{W&G21c>;EOzS$C(zSzR9o(B75E#IEEd1X
zMqjyccWWP~Ch5Wq1)^EL6O{0C5_=pTaRw5FHgaV~$Hl;MlfFc4Zre&14+f@5rSSYR
z=5p6?O2x$|BFhjMlRK~%wik9WWdql*ab_LWe0R;T@<O>kd`C&$P%XH@l7pySb|{K}
z;AANhq=aa%5GHNf-rtw{aX#9+><3KYme@G6=^BNg<oqmaw1k0L|ETF+T7q+XF;wU5
zPZ?X-p0Vm8?emL>6}|D=?e#!HgjE&Nr<{qYCEW;zDKMbCBV9Y8n>rouX^|G0?fmVB
z%IAC9gQqE_2Vf_6uv*TyXx+Lu?0a&C$itkv`<#cIQ9EKprNij)YrW^@31)o9?cRw&
zVEN?z3NzTC5;R`Gn&2InBc@b}N++0WYa?@V#Kbt9S5!|G?qyDlNLee;t$N(qtBzJB
zq>JghNq~TmgvUs>`0~ThESiZCr@xRN&qu%fD_2$}?*u6aA<~BjaXDgwjb&T|LNlhp
zcFo_58oU;toO9QC?F4V{VNi;`VXNs5_frnye4Wq&G?i~0JFCR15A#bc3(lWIXY1@>
z)|WZQ0<Kf5v1Cl|3DGs$_;f%AftW0puI^?5_?$OS^a_fLSF6K6RXP;IFjaJD-%-^v
zb}vSFN1$KH7)mfVh9qzil;itV!pXEO_bNAdeUwE7^Bv^CSHJbxMNme-cCj!;EP6(1
zN1{w;6+UaC-Voe-{|v<ERIf2hYwA8ojPl!5*wy>>5~AUsXW&&4@h<5G4zAjTLm+f9
zebBk;(`tHWX9|OI(|sRz0^ZcpT7W`XS)r!4(C)Vl9UuEMqr%=(rL85*w_v*7jnGDs
zp&Timo>z|-qHUFom-b&2cOe>e^;XV6dcLvdi2lJ}dS)AUYB7{?v^3X|ZgvHC!@B?t
z)jHejT>VmcA{wh!z7xbo_qTI20QVz7*4jO`I<Mog+3(B!{a;pi=i|7CNfWt<BEr6u
zI{Zuf+G+Mu5Gw6B_GyXs-aWdsbny{oi?3qc5|vIKVt}s3{R{&AkW3k35We_tEEO=X
zXJDMF^|f$m0}ugMC);+leq9lNG?w;+Y7Wcs>bu?`b*De0XJw)>0|^IGVq6sno;K|@
zRyu3Xj|_wL$EIqID?fssNuD!`-=^pMU;7`}a=l%mD%{7TgKEsaHm0WuVzOA*?YmTx
zI!1a|?q?FY8~5g3LuG>i<AptIdfSXcW}2|DJu$i$&*n;JM5I{-)8ZywhlJi=cwPI?
z4ft1!v%3OZDA>fDfnHT@`ui-!LfT7{xX(cI`Ek=n+!8A(DyyCs$WxnYGGkKI6vWt*
z<xQ!oxnjSNr}(3^E|};Yb?denC>xezS>@#r+6gdG`Ry-aZ`_E}#(i3$Sn1w_S}l{j
z_t-ZFnKf!e1$#!`J)M28h0eP2fHRQShWbBN@7DnudCW2mNzO&g_+2BZ#p;RHz*zOk
z@sspTsEBY7OvH9WQ*Za$kf&*|vP3@Bd>G}FqaWVqWz~8->0#tD`<dGobvf+Gl+Eba
zbSv`EtC4B-sI<aG8PSi?6@*`L3XyL&YibS_u`K4gqcd;5Ztkt{W<ha#pGR70az)lw
zVGA%`+qH2#9oKSGySB#bUmWV*+Sfrq8JhQu#+2h=>MX~ot)j>yo!qCDNt9Avxg51c
z2lP=(m(Z@I1C2M+v+2@j%al!hjD=Y7>OyVF-TtAx{<`OX*puFQi@SnZ2f<0u$tlXC
z=pIj15%D2jOzh_=-;0pxq80b5y}#sP9l$rW{fNRR^&_}putgCShAWK!j(c+~M#-ab
z81zpecD2nh6|}vRAJ@LtoPn5fyjgquR(l#&D`XYC<3Z9X`kqDFw2zgS1tDa$DmI`*
zD=;lFt+w|2EScWkbdz#&GQxBFuAhna&NRG}!h0c(s>ZQ|8mKTi1G(IVzi&(gvZ=T1
z%+m<I&1#`<$zp4wGilv>xQ-*!pQA&&w;Uf;s5K6|dDV1S56gdlc0217gG>3f4Rr>(
z#^Go_7whyuSqWeULg>rsIqwTsURB_d-s!DYq%RGT*m|r-T*ro>CoDQ=psICgW>nfr
z>DyJw56v|mZkZi<2(`6I)Mh`ho8`eD22nYbUSdHzwHO3z`@N~^<#@O3sZa1Ir47Yf
zm5*h(Rdwgm=TllR23o$Q(RKov`y$btN=i^W|F2HUt@uvmnl(1AmD}8;p|5imeNHx;
z&j*w9dfy0RKR_lHVy;y@IwB7|ncr7Db?)=yT6sy?VpFJAS@$8B?8XBq&E<Z8nRYtI
zm%b#u>$<}8rP_m13D=8oq3u`SNHi_MbF;}`33+ESCl2{MvdF(Lz>SG$Ao7sf=!c>3
zNa{!3wk1HHK=<q+U=^&a`W72t&c2H-)AKRD2rKS`varJ4Gf+;mbJ#n{B$*KJ_zuVR
z&04YzXH8Uo^@6}EAdC!?d6G~PS6{!fp{>3D0;|I@0Pv_Q^smcbcNGp14J2C4`V4^Q
z(GI8y%#u__R;w+tac@VKi*F!!fX0E0!9V!op_K14iR%PIFPHnt0nvg<EYaua74NTt
zRYIaWa6v{}zc`0Ju#j2hRPICuXD#;o#9XgUR+@=Hx*BHEI{RkTRJF8C(n4Zx52l{j
z0H!{{%#67Zso2wV>&>&?Hv`o~4^=x3Rd*{Hq`Xs7zg1JF9IBL`(za_l`1K2>0d)jL
z0>yu1X(Ytl|6OMBt8Vidh;+9!l*M-?*T?u>AuX6=j$N(yRdofSV$f<_l}!e|FIR%L
zo1ENQA`wgm5-vUn074V7`8{ZwHj+`!u6o27mA>+O{lnG1vZ!fu^Mehe8g`0(!l%90
z3-|Hbt3F@B38R+K7@uA(s18ml`}))iH4*nrlU&JSd0N$^Oh@ea7CY*u!nNi@hsduz
zf{DG}((E1FABX$}4z?Le=jOL@RF<tRubpg0Yo1-n>^H9?ActQfpbKT_T&3k12sZ9}
zo*fWDS58HZ%Msj9d)+n07mnQD?uPrc6#66^6njnTVmh8#rz2K_Ur#kb%nqsX1M&)C
z>-z%M)12CjfF+WWiJ<s&esJ^q6~wp}MGZkRYP<@bDD`Fx4wa>!e^~a5Ey)6E<|{pv
z__Z`&c3=~=2V;d=!cDDK<3H=;!7J2qIVT<RYLrnYPNC+FF?T~58;~y|Q{|#2fLgEN
zEus_BZW(!y2EIfceC=>A2@X6_RZ}uad-`ei+nOahNdE*W6JpVkUFYrZztvPno}7;A
z;aBnBj^%wATF9*vKp`O2nzTz-oQ2*Ngg$Kp4!_rf&jF?=$L^#<E0!6QzsGZh@F<Sl
zSoU@_XM?HoJjYmL;>ooh8}Bm^8_wHvuOsjbv>?$db+>E<1frJx>r?@OZaD-&g6gX$
z9yKiw6Sn$?=ugYKRz<VBEDo~QpZbf$lX#~NS=Bn*6|yNvA5El-&sY<HaI)eojnS_y
z&rq|W4$%vV3V*U;-<jklAw|^Zmy)&>C;MUH*(JR>WhBY|@Sx+cv^|C69E&_3bt2S!
zzvOA|NYNsA0p8Sg@R6*f{cR7JiPir$TO%+u2|tOw!*8z|*l-kZ*d4I3!-qjFyzC(t
zTDWd`9t!A}<o<5vQx4qv(d~U>UlnTGqRjus>qKe!c+Tg!*n4I&c5GzJQK`uJJ_V9#
zNc!6+YOH}v?Yvo=2j)8hIBC^a&h5Rxz2yApq^MI;sKd$YH-7~wFikRUHd=TYLG|3~
z;Nv*gA`dg`^C)9pQHaNrMbBvPU^3ZsYEzZm2Hu4%rVw0*ssW??ZLW}^g!x2BKNa$X
zswcWBzx3pE__$-N4Tn6%Y7CG2HWCLz{a3<rPvm9%XR4f2I|wI7zOuMB{(jc&laT}Z
zbQCs=xii<SxB5m#y|Qksa+l;vg7!bF{XJkmjo*AjH_tsDR~YL}Vx<r2lxlATXErX?
zV$s<;xAjSYdpc&+f#NZeq|KGq<6E#Gu!w!Ujds+}W{-jH@B8J(1?<dqpxTT-<t^g}
zgfgAEjH%WWkY|JDdL}*?p)`kA1r~+$)W|L@&FDr>Fx!~cj44NWZV7M4?t7p5*IzXy
zrGrU})Jjs*e0BN*{wJx8`|A3yql*{%DyEju&0>H^LuHBmUMz1GIC8mjAx8X<e7u|0
zdbNShwv`}dW^<D+9XJ#!;O&4_?KSY0n<VWsLx|@=9?S7i!DW^uQ@66w1O9Wr{;pAt
z87#jUhxLOHp{6k*W(uuZa3x4n{Tp<W+A6yK18>^nf~g5B7nae3;4O2-k|~}F_F5{0
z_25wwL}%0H@;h`xYAYitl#+0TSAf%Le#s>_ZG{gW%uK&)_ahPo<v0UL^eks@Cj8Fp
z2Q>Wv4G@PO#`UgipZY4q>Rpz~$mMzc4oR~74mmLSAeoq1cBEvc+8@MNs6OF%9CX@e
z980pHua)?m+aHlahW^(hA0p5FMJ0N<lAV-HZ%T-2ljgG~vxXiSU*%&fgukq13(uge
zY?EtR+Vm!27S)kj*ooDsyRb~j<pN+p^|@F6l&m?gP@mzcpf{TzemxPRKbk>_G8NAh
z%Vq7FDUaTmYw@R>vZ7Cv?f0_yncDa&mREE*Jkt5@ZAVdvNL4vAcXef&pPyg($u#$0
zxwXcon|6|$w}*c_@m^JXSS0p%alN>94$h5iB<#jZR0j@xi2qU+BI#y?o=XGb#UqM#
zb-ojJ7TDR=R$}P>t2<>GO_0a;#OlL%-kRxMxq(Yt#8vecyb=-fo@Vb5uf&@|xhULa
z@nw0w6H_@caJxe5lHvT}tNOE%(e~3bF&Zt0Mm5Fs4Rwj)h;ZIVE#nxku+a9?rqG<*
zPu|o#?5vwlxZ8Z^!|*tP1=j-@cLu@~x+DzM`NB)JjX4*)#x_Ihp@G};6U@)cF6O(_
z14+4pL;^I-%P1hXkTjK76vt%|Pmzjb`+4*GTr|%ZVTODxt>nGkumP?5i^g=C#jJ6v
z3k#wlavKZm-R<@1#m9Zx-eHL%Ci>6<gIGN{qFpwTI7J|O+I_fZ2VBc$bVr_6hy|5p
z4=TUS54z1IILQ8;z7=X*e=0JA8DFy)I$%sTw9m>}el{3Xx6)ZcvoZ$ID~)?Lal3~E
zsT!p$IVV3MS8NVk3M`1%;|oqXoa{UUmBdBp=AhPOBop@De8w)9{PYzlP3tYR+ix|Z
z^k8#8AD3A!e52I^-t*C+a)Hqb_g(6FTsA<ULBVtI<@fc>s7C~8Z5=&G9;&V9=oH_7
zooCq~ScC`=b^3mE;P2`0!u`Dg-FMw@eYWXoZCi@mZsyPo2};<bMKQb_s^J59vC&Qi
zX;pD#mDHleLWiWlb5Axf2itVaRW0T#=~UUi!X3P?6%2IyL%et$7WQMQWveRdrDVpK
zA0@vMy=1XqEBA5+<|g66s{A8rt|-2`LcYEughT0myAmXE6Q%^gLf*`n+3Z^F#+L6f
z^w3jB@-5KVY8-9NDP|necMIp-$xzo%6R<-H=jcQuRo<$QyPEmsY)bYdmQ(QM<6xQ7
zOetTW#_`WI$94}7<PcbuYL@;%#dJ0Mv8NW)WR5h!f2<x`N~~_zsB~9*?7leZ>7&4z
zPqbPnL(%4(i|th+95;>kwY!3$WjnD`m}q3xhH}d86p(i)w=3t0F!Ypj0XV8v&p;UG
z(3&k-Hm>!o^5SW0`Z4WvTDOJhnJQ%-3OG4Kt#+QZMXhF;3NmOd5-#D)q*r!7J}X3e
zFX@>+_I|PujoZUKM!p~*^Wc?U1ZgsZJ=b;@oFk)*s6!+oqPkN!NnB5-(T+ao4t|Ih
zRm&f<UmoU!6lJ(cIN<lLAxPR8xC~*PTBF_-8~^vo!(xRckRjt0(S<lum3biQ4VpJj
zsZ5s`VCRIWk@RQ^dia&OYG50Yi)nm512?l2XXs<@b!l+RQQ1tm*rpHqpuq<V0p3{@
zk&K>Y#e;jheH?L}ku6W!5Qf8%Hp4v?ekRPWo&x9TJN5!$bm?k2ly#+N^z*W`>7(hI
z0Sz7afc|8f^YT>kxJwDH1V|&&#tchK<4R8kqCa-be%VwVP%y8)6}UY!Ar)V2uB_L{
zR1z((Gq^fcVUv+&ElR`IZNv{ABrg}lHHbk1j6=N2agE&xIx*VD&@Wg$*U6O!)z8wK
ztelRzAhrZ37u#^=!Lt44D^5irx3G`VX{LR;)jCQK7RmU@&fK&~$t%7n;tAK06x<g7
z%MEt{^vXlJJH&$Cnc>y}?eto^<zw0=z|q4qQD&<IJF-r&6MP0>2Lw{E?5toH9iA%=
zJX+tNR%>C?p2MOQxXzUEZ?7tw<IUa59Ep(5qO#ygu-zC|uO-lSb6#h2tkBxcrehgj
z)-0HVFRsHQ#mYw<(a8u560ta>%N0yMnc^;Q$8NG`zR2{7JwGI`<;lG@p>3e5OW`-<
zmhS9DxW<Eh0IEc7^PwG>HHr)RfZrd_F1TUh#8Ka4Dor08Qk9IQHhplc4$J56dz&Gw
zIAz&}IDHTi-K{kx62#cy?UyO(<#MFZ9n3c-w2s`jcTL>tcL#?hKd<<KC$(GnO7h~7
zK3QL4(4%*uj|Xrfm9s$&WvBzKg#bH2<ikCmk+w#F38`LaCo3k88~IzDTX4SzA^gs>
zBsHQd{THX1accthzG%p^^zoRsOUv%3Dj}2LS<DX(x?x~!r$t}_5&kAFTlO!i$G8;t
zitd1C`Xbi@Vxr=rrXGJ?shGb}EA*+RnEpFYNpwg+X4{6gxw)N`fJ<LncF~?k@h3ts
zX&+drdRJ~^IR4l#M88#+Tp--|(8*aeCix6>)7F<65+7S|>%+!CDwJO-Sg<oh+hkx&
zFHYlVs9#OUr^{o-PTPuWe$3CTtr_^>;qY`Ilt1g4t8LDU5YL~e)O`dqLwkX`Gh}Wx
zX>zgcn_A|1a%9ie8mm9Fz0^IeCgQ25{2UlClMB=pm(*qk)_g3>Q?^sdg%7G4f541X
zgm@VCxU;b>VukHPj<}<SMcRoXUbsp{m)u(vXpYpVadRl;(fB9}rl2u0NkO5_L=zp)
zp?(jXK2LX~a}NbCpi@hix?-Sy@2=O_?@BN4*1?zLhiVpo8iH1jYR+kE;D%^MyfdFl
zVM^Wpo?sawdq^B)x|1WUw_)rNe5D}j3`9(TiwIv>O9&H50Fb&$69SOzcDSb6FH9|E
z&)ojhMwN1zwl=BS{Pg5OxUO7d4$L^QUtYND(ue3T^T8HTqw|Y6+>4@!g#;f8EPcF0
z|J@k~@dwQigGmpk9l(~XE;(Rw9`t|TS0Hwl*C#<yHZ4g-_+~LNVV9DPwO%`L(RlH&
zoT3e#BXR<;FI8;t^Yi@PtvfR`*nQO3K$trNff0k15YLq1pr<ze=mD-XkXkP@Z%su}
zKO|K0R&K?d>9D~X)MJiRMW@`}oVv-XF1+141aBhsnxN__kZ1CtbJVbhal1g_R;|v%
zD4XRqNd>X4*L%_wZiu{|VA8hI3fnZFxV}%^32=OJee>~YHa#qJPkrXgFH_ZC_!9{a
z4P{M}8~5}camn&@k?kLG%{`$SQ_8!c(HqbO90pV4X&<Ct=S8ixzF%Vmds2bQU{9>>
za$>=v+^aKE_=BG;&v~DQx3_KDst!&COBEgRzzcUIKJQMmY4FR;y$e`E+ujrR%hNKl
z2P#JchtsO{VgX(OBftBUpnc~mokH~KZr>Tmu44Dk3;(c_3RJ%l>zF2~e#AbthRP?D
z63HjMIoK!ZD-WUO+E9litHp>$+d1_RrwsOwj@95JnzIOmjVqQ{Sk+{Wm*=kW+#jIm
zr=V*Bp~9isj`hHc!QK9{yrQDYIqKJbU}#|Aux>3lDA!D#jUF!)q(eIlTdok>X<?UC
z(Brv+Vqtq_){|vlZJnz``ZPSbhF@{OVUl`Hl#$L~FtqXpJajo?g(JyMl2-i>A6Rl%
zcAi*#nWGW6KYOF?>iy0X@7Ov<F9CU;HRU2(6Aq~xp1jDn&N7A>ye%cZY4QL(IHwBX
zPA{QCiIvs&pV^0O1}Cv<?Ar;9YeaDO>K4>mOX>R%XxX=F8iu`;BwSPXV`UeGeRn2w
z51tWbVX}zPtu1m`1efma!#pN1&f#A3N-r3(_F8su;45@UhiTx0R^w)TijL-M7BD4j
zp_8~e19970WG$u<0kQTBfFcQUWy6YOD;$rm73^?o%#SJ;5b_g+%leRt!^HSYXu)tI
z{tam#R@cnj-3=<YLwV8&n=7v!hOZw!bmIPQIQqayb|#ohma`0%#rd6}Z47xcmk7?z
z;jnc;|3Sje;PYefLdA{htz)D(KJmN#pD%CfkU|DqLr#Yer`Uk7SGQuD^J_D=AVGud
zha7Vus=jT3L}6M}O~^qNjJR_Ksz;NL*W#x!wE=^y<ld73_>;!JlqKI+BBPD6XEfM$
z?oq_6ykuO|Iol%H2inFMxwA<GT@_+*9D-8zsJQvq#?H4eWp{kYxW2^<J2t_;q<1Au
z`*BrYa^a_V9Pq@+2T5JHr#QEzr3LjayRO3n9~brN(+i6u+n39L2`g@!buxTT1JbC1
z!jLlaecWJfYLkKexBe4h#U9G@y^K=d&>UDr0o|TB&L5nRh(TmTL!fI+RvgvtE5<jA
zW570JRXu0MdoK3=K}e~jVKv1yLr3L2H*Vw{vZ?{dIfoW@qgu5d$SxLe!GnqJtW9`{
zI3}d#B-F_-w5-bMI!eXe!BwcF_9?Y{)4D;f5~j8L>VY+8>cQA1)t|em!{9ek5O&;c
zW#{^&n(V48TC{=~9+a;190$(!eA$m9^RR%^_mwL6+s}PbBoP|8a1)M5KVqjg#&*}(
z0W-+~D<uqNE+dJ@5=eh3_s*0w+v0NrW?|F&5T67MUF=z2%R(y44NLhn@>g@c3pwGb
z5i7_6@G%-g=o34sf=Zv8yoD=dnW_R_^Ka`!f(8d)^HyYs%Cz6{!HL2zDcsKQD#Q18
z<fcv&$N^~iu103~`?c!}wd>3`LZeB*MpA`+ms4q+MQM&3>QsL?Uw7+Cd|>_3(u6NZ
z9-)OSkG&Msq5PKG{RvN?;(27$!waTHSK=R|^DL0qmHW}Q5Hg$?=AmeY!>Ru{C==Cp
zv-Is@L!<b4eZ|<b=gi~IQVZZo#=SLHtOXMJsCa`+KNQo2LRnNB0U2>`@^cNE#~CQX
zx{<G_a@QmJ&o{BW#<sV_hlMxfDOO{s`*XboM8?jNU8uggkbAg{V}@ay^OSnsA%4+r
zMRp`D2Ibwxgnjirq_X69##`Iy!p)iC0!gZ{!9j((M^w{b>wWKHiUjh!B+5fl2ykUR
zm&zDht7iVenAH93r(Ub+YHa<RS!gLpmxQryatE7B@T!wHqrOqgT}{Q3Q#zUsJ<bh0
zkEBVQfu5Y)oJZtp6isLJsfJmW<L#45V1|b|c|IlU@wz4=HIMOpAF)O#M5)&1ws{84
zHfuMwfax#wwtLQ@C7zf%w<ZCUeId_{3+uNs%u@EL#JMs4u{Vl`qz7eIFlUFQIa9vp
zM~$UKX3k`&)MBl%kwc5bu)7N)>dGp-eIaWPxexxJ#~Sb^L{L}fpU4n_!9)v9WaD}y
zFw3jP?@<-0^X-y8g!HkIS_E!1i34LXx0IB|JuKH_*9s$96LfGuA%(^Z&!<OUNzf%j
zD;<XQT}-t#`H)l^6zBhYr@7tHBDsiBKhfK}|AL0geAb`5uJCYlgjb@`a~SX3P+S_4
zH6<{9$x0w82F>2pYO43x$g!fbhc#wL+f#zZ6!|&{9#+pPR7rSs;1Y?_-iWEk8u1IC
z5F@i0#9@!QFhE%CSle@c+q1n#u4Joz91uMN<>qC{`WjGems;d$Q-1ZiwIdt51A4E=
zatmR~LG9qCj#S2XW;n5EYCo8I+NHRF7}KQ|Fjx6d^Qqd?{>aNMk^$R&-yMxB;7^56
z$xp1$K=%2oO9IfiLKZv8Gmu6Q&qqp$ytpmpx0pHLUY&t&!Q>^;<rPr@9nJGvI8K_J
zYMi3d@JftZ;u+}WQHd?nb<6dXxW^%qeFhRs16ppI`(Qt;A!lZNCIay3?)MjkgUe~P
z?wtEWJ+n<1Us8tQ;rE)1w?c~J#6{n&{q58s<5dX$q^4q#;tw~myGxJ#bD`LM_#0Pr
zO$(63t}5>jeX`g!*;$A(<yhK(=yiJz${n$I4wRjuC#sr5Jn$%*Qg%08v1$%t%9EIu
zIuUZ*eVDy5Q_*JNP<kGueGlr-|9cSfKfi|whl@pIo0zf*VRZ1k6yo`=L*AUn*>ldZ
zEkL+zSh*2{n=A!>LGj8O*(eVUwIM&mq*dyjqT?bmzhm`wMdDwC_x^~=kPvl)R<*ek
z+K-LNHGFCzi9?>xKDfEF;rwX7MJ;e$yMx(4w;*ZNJ+iC9vD5{)bl1el6z$8@a<1)g
zZbI@=!*JH_9WSNKn5!0jZ5>Ek1+J2A;{sukZe&Pnw+TQK{)1@WkJoAW)?^`WX_SNK
z>nN#GK-r*G#c*P)ekPaKm$1X_yD*ZH*0%X!Y{O4x49at|2!z+(VM@r(PxPSl@v*a^
z)VCYK;&=L$$JQKuHk_nzBuv{I0i=K_rVYl(@uI{<4=eXw8cJ=o@ThHfb%Q;33fagn
z+%%{20u7|qB{5QGqb(9YAAz0Mbh$j;>#ffIF~q<RVL!-~Wt1C~7VDZivFg&72B}sc
z3rs})x@uU7wAi;f1O0@-%TRvS5B6<C3VXh8h2w*BPy-5hm?b-I5tmcnH8CY?b=v|p
zS^3OQx<dMfv!)w7FZxyWT_F4nv@_>Fr?UlQkj@L+aOg#MP&TtrrJns%ZXYA3x0yA-
z?`#iNIhH1+4WYV=NA0A`03WVbKH39~HBGX@ZI2glDv4%-AA79Sw1a-%wKeUpF3{to
z@E_(7Ss{yNwjEw>F0z$<F^l&%Dh`pw8}wxl^SGhGj<KTRN$v=OEjueDaob$xA3#C|
ztuDo^&(=gCE+h@SfwHAlp;lyNrH@3dee(Qh{10#V1{)c8tf)AfJ{{CHF*3nWTW(5A
z-~Tca#~>1rf&Bb0A|mG_V1RD6F{jA$-5%GD>RWh9S&dydc!WswiKtY17spCKC%i$M
zs(oqr;Li}g;V?QPab!E+_%XQwz`R2FLW-x}C6#}nB1tjk=DH%PIXE%z$WF09&eOL8
ziYX=t+H}b;bs2A<b>WtUh^W_ukR1asbrYQwjS5{mkBum5nFMX)hkd4D6vJI?SW<ge
zkhkZT(kJQNly4X#7rIvK(Hf;EHiYMJmJyM@X16#-x7KC<T=JKLg)N}qR*rD3Pv+$E
z1&e;OCk1-v-ajv)#No=gab;piE0aP3xNh=ty{`3`)ZX3xl3#|pDY~ZI$OeY|b83Y^
z;LcqAYp7jb+=aGptJb|zB8S}%2-b}*jS|xCeGU6sTYY_9!md`jZj{$@di@l`$M>NW
zyZ)7TL0~m%v=c(m1V9uA!;_^5;A9_IS-O~Br&t;9p1ew*3Dc8*_+GSL=qCx{LG;^C
zR=yQs`xRNwkktxuott~!a=qH#B<N)C0z7H)_p30Ir@kSysQCrQv?%}9o()+JT78cH
zA#tvL+E%_=+98(J;<S%bUmtnh;`#I9xmQ@MeA`V^BIn2mFf>EZGVwl-f<9coP@I;Q
z)%h#v>EFR5fMz;i?J80;A^NO1zc~79-{o#yinxa{H$^Tallo6TS4dlK{kFv#*~X)&
z3iVF7E7}y=ON9P}Sk5hUtiX9q&D)>XLi3;JGPJa2ej5EOfnF$3YO^wg`PNQH4g=M5
zW4_xEQ*wBr`w+9YCv$jx9CpniuS+s6KrSWqd9J&4_x1wMIeCae(tbU$VW-)v`a-O_
zwe)j}YeW^&S9u~-WR1_>USzU(J=%o8IEj|-Nej1<;R@!P)#Y(i>wR+uTGH8_q1VSs
zB8nOUgCq9se4qo1WsQ|WEmbD~jw|zAjfP-7rnbwx*yqdf1$uWBM7jxD=1jd>E?x!O
z)dqFBT5Atueft_RI9S^y?5M=J@JKw<V#8yl#B-PB2B;sA3wL^;?(%YGh>_9m09o@-
zPhCtpEf+y&uM;<6?U*HUCr!W<8ak!d&b-O3+N;aQYp7U(sOn(72SlVrRB3JU_wx$#
zJ9ss@Za1RXq-A;gFgs3_^DrEq_cvrNX&jYnfh=14+3l+d=g}BLjlEQx$*y=0C6UcT
zG#jBGL3t|1H90j6bagL1d-cQMM7wlEGzzk;_3h|4zP2Wp=1uJ6mKD9Jw6O_oO8&4B
zJ8;`51I6!Wm5oFJM(uQg^h3NrJknCcJ2)Boa-9y3VH;oSU{$x*YW`@gV(l<=fV~!N
zwJsk7Md##xc*!4K>b<@60=qAEc&;K%%4uI+yo35o7rlyG=Dnpt%#W*x8**hUmRY(R
zHyn7tYW=L$8IoBv+4T{B!CEKsXug_Qzjgqup5i7(wFhzn89O5jp8h<OIKon_z}866
z{_U|5_ddHNn#E={SF3wWMclSp#4c)#A*O_hL8UX~z7!P|5wzuh(LB*ip-V3wRBus=
z^7f5a*t2M0mC0b2ZWJQhDHvQF9ZWpFcByqQoDcQsBT7@k5BymD3XcHqex5rVoRXpj
z?S-NtnG0~Sb9KjMfUc^$jVe8m$dD_bRdsiFZ#ui2KM&K=c4SJlw2+_+obN#w@@Xrf
zMqVR6N6z&&BQD*p7Vj{-OkoK~fG5gknvxM$6s;>&l`y0z%uBgDlFjOM28!0>_(w|9
zpU?JoV`Ef8!lv0`RBM+e6YeX?T<}RSP!eQWMBi}=l7lRoYndNLCWI)7UN}f7P*Mcu
z4Zu0(Cp-;duRgyzy<HU4WZ0$}b{j0LY(jPohKcM&q`r}e;#u-5F+7buS8c>URogYE
zprA0iT=S-(j*PsVA__6It@Y2gt@W^bDOWPpPu*15CDrvv+iBJ{Byg2KImo;yVacZ?
zTt^0Kmt`B(*Vpm*PrjGbz!NDzeDT{-Be)ysoJ@3fSdnF8%XinGl6yYRhM5iMW%(nw
z?Zp}kOM3sWeYesvn0swEpWtu}a*fvigibOP3hyzpLOwTAssE$kt?Swv?Dthcv}<9J
zLz=3DU9jb2<R~ZAP7bN^#$5Z`^k?T=AG&9^fy~dz)GiYCpsKA#eaCK+jojDkS29o?
zGa7sS5WUQn7mQV*JNfjKCTGwbis>sZSmnk={zA`^{R1)vQ&h6KVJ9?~sBLuQw7Xwe
zeJbnNQq9Y8h1M6-bC=O+XOVt&uueX}9Vu>t#0RS-C8(;{UD!{^RFS$GD(Q_Y8%XF^
z(YVH_HlNur$xh%<<+-*ilw{2Swi8rT4T13>e^MzL%8M()PqzFK$duoW+PdCp2sjoP
zs9g~_aMH0%65LJf#M&%R--F}m$IjB7MScOiS%U!P#Iw*#n(mysZLCO@3hJIJ-`Khr
z`~1jrt(yHnam%%OQDGP65nspMtnA!U24fy&Y+Jt-&(l{~2%h`?VK0muTXsnaSSUX-
z=t_e2nrqv#vJ#3I8z|b=uZL559{mAO<KWlRg>=ziiTH`xVAIYxJ@Lnzjvt5QqQ>@&
z?{5h);s_h75x)eP&^d}<khn{-bP^XF<{8KOPSG^yrep`iM*1;v&Q6LIU*RSCyu>Wn
zxpDCNg#kOmqb=3xBp%B>t4qtk=5En^#Tb&4);S7OZ`Wu>;{OO2R{GK|Rb6I#UWPVt
z-1L;GfOJ&<E83uno+)2F_s(>1{PZVMdC^Bxf|`+Lz8=r9_LC`!LU#N4-3N19sb2*<
zj`de9g9yy*<~*&L>g#h6sRgQjC9T@_B4G+mfGlI^cSWCfp&8ksTT3!PL{MF`WIabg
z*4qdR!r<@(Uc919Pwx`@cHd*M(KIejtOq)alb=5jhvR46&wb0;L+4F)OTM|qMH<1o
zmcp+=`X^koO;lW`mC4-YWY!*SG`6@?M6|guJ|{VZo1tOmOj%iD23LsiRJ40+sYGcz
z*Ttr!4l@iC?Y-M=4gp%C484%?#w8y%TFKw+(Gdw5AIKl>gZdZy34PdIo#u+^V{7-8
zt;BAr2h4TXTK#D;vM*opg&3wQ{_(5hW8?ggetz%_@Mw7fDHV_Br75w7q*P7(rU2h_
zk;N^1TZ(w+KWk6HB-jCaXjv=cGf*4pL{&8QitD}Du$8n^VAJj!%;d?Eb`@25>4#z1
z@zEVj{@z{Vm?Y}%%G9Rya=fSjR&rqnrlzRtU4%vAt48Iv@}zL*QP2lX9%6aak#IGy
z@VV6?$vp+~y0_TD3whn{Lw2=9%glF3aFWsvs!sA&S=_OCA9i>VUP#AxH5eK{r^vc@
zBi&i$)7yZhCFShE@2?c4`QA1Lhh;p?O6b>FU3I|Wlc9|jKYXM5DN)7E6QL1h#kmXY
zRrL00MeYS-=cEZGsG^JLSV@|4+4AtsDW-kGkFD<VYwSC$1?H^_7(ooD56V={bh3Ei
zW&|zg43s{PIzBM>jlUWtMZZxxu5m-2J1#~sjupUE#f<6XLS*eSr~5+s7AGiGE8<?#
z$bRX@Enn0!ui6oE0QGk3*rQ_D?%i<X@bh@$7b5%Jn-0M$wa`rz&qTWhmb<+sCScP?
zZ^djVLj`3?%o48sym`o0T<ZH3D%6-XD4|m5_9I)~hW5HWLnEa=ypR`()!w?I3=k@J
zf1Nfz1LZ6JVpg+BtQYVy8mqJ%&Z0E*H8qWY4ts2O?NeG-Xqcy%Mb?$azmO+;W8{hO
z6?0=HwO<vBvwBB=2EC7a$tlkXI}f~1dd1JA78t2nfp@xcOBjAF7rzV-$;-u=Zkn_j
z58283ij`ULrFf)hSg@Ue9A4ZjihIecFi=__%u?x|aW9#GCCFG~hM@r;qCbi?SM6@<
zd?`(spe{gOANCC4>e){FdvuviP3Q9S$2qAfyZqH8toyoxwPUTbXo3l>^LTrCO)cx=
zrwX|}mS{)w-~>7wk)wN3A5XisFrME>yL<*3nLxacGv#>ns+@<MW*gMfw@Y-}jf!@t
z&BD<&x&F{f6B83eJHqw0ykA5%hqSK7nX&=wc-h^5JZ}(D{vx;Fj#sXoEXTCHCxx)R
z8-i)xoh;g%zM~GAD6(%fV`1A<L7qgE9Q}j%E3QfOY9up@7}g34ZCUuaUjtHIHiGG^
zy<vVGzx~(q?Ba3wy0*)N`hQIX{Ew*qza!%L*Q&IkYnQe+2A0+?0_z@p|FOUX4oy+u
z2sKeW{|}!KcKF{`8j{B;vg$`YVzu1AfP4uJ``1d}cK((VR_Jb5&YpcP1OM-dfd73%
z{rgDf1-tRf`T;<;>H&5j=FwPL@bnv)0Ak1(3Wci1{q(W!{KB4!Kd5}YL>>_-PGS**
znX2coW3;28rYfmTn1-Cg3soS{MU5%0mMbeeSNvK=ysf!h-5u}p&EJhFP8&4b92twN
z=?OGrKYa4oWM~7=;IG`gNWF+V{ugg=C;ka&ofwZb*@M-;Njw!R`x|rrAF2LDWD4~Y
zImu0r-2;I0y!hw8iRW*Y{uYSs9UAY2y5}FG6KiQIk&|wF11dk^_2P4Kbm|_vg*K2B
z0qupbKa|z~yMp~c7ttT^zx#?3m@zqxw6%8IS>S+V(Rt&w0t&TUfN`lLbB&zG!Mw!&
zaqj6+8DW%m-+LEAMlBPGtfOA5&=NwZDp)*{Q;eTcuJItyeEZV#D`sy83_ghQJASth
z)_;<RREu?Hw;-UQO4{05JKCE2e`ClM+!g5GxcZ+u0Q`rRe?q*6+9m$^zt}qSUs3%h
zk@BbGdLI(=Q}z*8lsWp(BIA$5Mar162Dtr2bRzTSZSiD!fX~PqYY!)t;z>?0CxJ0c
zf^_^i{5M6r0sOZy<-f!F)|a`;wN#$p=J(%eTrKEum86L&;@3pCV1duMM;!f8+>s6<
z>D$G-7v%o#S%W~hx~+4-CNY~n0&Rgv48HUXw81@|jX%0}3{Nil_jmvK>pH&wyz+1y
zr$M{SH!_CE!R-Qveyg#2FRwA=lh02IL4XC~7G@wTb)w;Q+Vhaz=h`s~QR6f__Eew)
z{(sZ)=_3dvR+jhYHe2lJN9m@GXo+)2RgmwmOknS2^cl#_75R_<>qKy5zEhjJ+><|k
zJBiN6iIwS|fl@q*&OjDF0f57Qyw83HD(m~^UahfvoK3%Paj|Ld@R+5Va+;lRDga9I
z)tIkjIRgzcw$}SIEOAJn!}&a)TDUPink#=ko4>a!&|!cP<K9O-`STRqWe&CRKLb5q
zoH(%?(U@(xVgAooVWl4#G0V-K%#^DGKp;zem*0q`Ak7jlNjn2sg$q|_IU*U}QClXd
z75RV1<_iZZyD?#22>klHrk&fLr}NM|7^<D4(-|n0`0I82|E%}t|B5)lTn`MOeUEvV
zx*CcEC_~5YFv=W+Yx=Y4$<h)#uJKFP8R(b)-+HBqKDyP_35R-ON+mZFjvUSp;s2A_
z;A?t*8H9R&Us>pjYUrS*4fZ!V@r2(O<^6&(AS6t2OG36JBvJez?xoPL$RlG>q+E>M
zWma`P$Bz^D+of@(=;W;BhzRT+l>hYg#_$c3CqWgHz8{Km@r57TJN_t&?C;>JpPpYN
zv6=#z3C;SV7f1=~`hNgBY@aT{sc{A-C0;*>MAEx>!lx+Z8|G;1#C7fSV6~X&Ir{&5
zE4hEAVC{Au7&YZw4Xt>Ud#PNL1@ggLQ(zo?ls-%!!(}V;Z@<a@52EY;Zr9}SO{V|8
zMwGvo+r6>hsej+MJ)z4$3ZPxpJ1K9&Jv>eEc{BVQYCQQtK%<$Bb7_ZUN_&qHS1PTd
z)Hkjir_z_4^Buo=@sEF>4=AQGwC+g#N%{_`t*{%d@atHb`}ZLsIi6|`^r&1Yg4kh5
zc|j(i1e1=%DirvYzTA1l|GL^2suJppc86$f0l?>M_D$%M>}BRwGwT^>FX;TbgH(6$
z+<4HAdq>ePJd{XX%(P^g1wrAuKCz@?a$XDi{e3Z7AOw0nqI54Xl_JJ};E}|+@N44#
zn%D()w}xET)4OyQmy)fK{Dhf?u#->%p>agaqiK&b!&<uS?hD!g!#{+7U#S-jGzBBi
zFN)>PE}a{>UBb9if}}>xuSvhLhgh#>A39R)sQDDe@&SpevE6}d!W+bHd=+}CZO5Tp
zcxovJ-*fdksZ*EqH94+8maPuV9r^rd&I)hqEj|M!8$nMH)__NBR2Jk6B%Y3ER@I(P
zUW8tT($P3zApr`&QuxMmf&YC2v!_on<7rj$A<0J{_XwNg>ZUQH;GZA4{-V!(F#l@K
zKkt29fA3mrPxQLG8JXQa$h%eBM8-Ga<s}Q?($n$4@x5wt{ld_YL}~4>Uy9v*jQx=?
zYow5q8jpsCLZqp<_=4IbB{`qAJJxl_sQ@u-UFQE|Ho9ptZzp*Po$?0jFLsz4I8)+M
zr#Q;(K2xG4H~9@qN>~}c+~_lG^pdlex-W%8Ncz&z$AhM=#Z1#5EiRNT)yk_>cyT4H
z8{Y$vN)ADC>%jqNTN;TYQ66;JKewW5QxgLlk>yM_ce1eQb@MoswHixeYo@7lmQK$y
z+r)>cJdN}80~0~P-$h#>L(1`^j3U(!CGB*p^$6@jQL+I+Am#8_CFIBBFRx4fQ-Cf*
z<IX_WLj##j-AxT%%~1Z5*aOH~9~C%tI+=^PQ*<$(sZ%4rIxsePyJ5NEWpe#Om++qD
z7?U$74_^@T3isi=Uk_J5d)FmX_M(`j*V@MB)!{FRy9EzPV$u&P#-gIE!ly0&GHo#s
zbdSmL`z)@`z06Ruxl`e?9Sy6;s^#ryUw6>3v9bw@>6031;Se4=*kpwU5$Axf71$ra
z&bj$D=Fr|G+Z*|eJJse|n=o8!akEsNSDo)?Ojo#j$?RtbOL5NOd&H>^4ISoDEbVm*
zT1n<rUgca{TFGgp{@zCrIYl+OB`rkPucOaB5L4-Apo9s!oBg3v&Da)P`T0zPP)M=L
z94;xbV{A$3U1Y_1l}79o1qXN|$28xo`gIKS<Z5mNtyaYs3Ppjx6cgm!;;$dtC*iML
z9x%F7Qni8MbXMYg2elxf(lJ+~^Md9^0^lYpoM)iM?5hBF4NOi}9x2(%FGO^L>js0$
z>_2mAl{plqVIqbW?6siUwnmJF;e~OooK6X)w<a8G#%RoZGWhNRP-nY>6fDMUmhCCc
z6x#<#dNZV?w<D<L+CbAgf78ZTRgRxqDpq`0!o_XriR13~l<QeYyNn|_Z8f>s|D(0{
zjB0Y*+J<#277!H`QHr=JB7M`Py4@10fIvd%D4hfdCO{woqHYBN2@;yLpmY+F2uKMK
zu+R~Z5?UxyLhm(HzwG@y=RD_}cf8;D#`}Kv7)jQTJFJ_Pxz@baoY%Y-zQibBZ=f1i
zC>pZ_?V62Bmw-vP91hV=<hoyXfPF<gC>3v6UmO#xnWEkR1jmkxRoIP^ppO#c6i95!
z_L1;8rah(>QX_IRObXT1xjsC0@{4l=w5&t_{>LBnO2!-ydXvSHuyz4}2aZC<)}*Dl
zYfVV~p{XSx(>&NI8W_-!?hp`GR^gJ`B*q9{HhgVgvQT6~dS3y&2g$26HlCDHR0YV8
z(dMtCZV!>iwRRn?tm^kf`rbB#vQZJ}?R5X*bIe%EttXbKs^OcdWTu~w(p<LNA30~n
zIN}VZprTM-zF26i=(*b15s!PX9<%V`CFQCLw}f3QUCc*FY8sx<<*S6Dmw1$IinbHG
zvPd07XjHIU*>L*px53ODe)^wF-(a?50onoFDo1%u0I{<Ec@1=#%+8&G?F|Ui!+P9?
z2ZL)S^y-&2_rm>%x#OWu%XTA;^ji(@SR{kAl9`u=t05l~dD`xoa2Ssn-u3rIUMw;J
zq^h{&fY{}*B3UgJF#X1yN~VRYe{d}tlAAQ=M$_ogf07rVv_N{&B&6IK(z|XZQG7}C
z?Jh5YjIPuVBnEPtMyq7VnI1&KL&{N@fKHErF55gpUg#AyqgT^z_xYnwW1dN13DeT_
zU}z9r;`aNjA0rsE_~9ZIn;Vfd7wdAgPtEWLyAi+yKA<MIimzP^(bG6OFQIdXZZk{)
zFz?KadJAc9W%!K*=V?byp{$l(d`)qVZBro36U($+<dnNw1mR^imqgzK+5dk#_(;hz
zQIC*yPWYXy<qOB#(3CWfifH${_W~=N`=GgflC#ClWEq5%Rh*U>2I(@~SVYEfPvSv5
zmcgGj96zZn?Krur+ST4uF)goWekGX@3SNFoWpDNz#AXLl$;mrcSBtFF+Cwvu$A5cz
zEUGH$Aj9^q^)(3=q0cA>)QhQ@n(x~C^!aXsRSD=HzV7c&P-y#{_#8#oySk&GQ%cc&
z%v<hRnU_9f?fta1Xi5fU#WXb1t~0qVLH1s!tkOB9J(r4TiAbE<gf7?Dp{R70s#y-#
zy`D}Rey+k9aMyf#xlwd3S*(Cq2DYe8BHsztT{Fk7qcQ400D`xfZk1iRYzjZT6Ch32
z$onE)diaP@>Jzw7loVWhDcAeb-q&BFz<#|5D$ILvV`i)~InEf77MgZ(vl+VQ;Gu5<
z!>znFyk*S6b?G)Ur8jXI)!G*fF9sO>Jf^&Xu&(`iOvzww;mMX$!k%iNug6ojU{esj
zYvw{07DL@I_M>()w5>)<Q6-wR;fi|Hu7s?9^X7O<vyjti@jbDzfC{0l2$uwHyG0PL
z^dMQ}Yam*@(C#JTEeWT=ncyE2gJvNFBwlP;WrvcP_Zddc8P);j0b@Mh1D>T#Sfz`K
zlcRc!Ilh2(Y;$k{ST$2ziGk$XfwvhXc*PI~v}8(OJ|D5g+lwuqLvp_F+)hYVwI%ae
zFRqem<NL(6A{t~!%$j`erRQckp$DO2c~7K+VFxP(PI_{(A%lE;!z-1e!?D6iOi^<&
z5>^uc>}nCo5|QpIJJaBV+7?YtgcAmqD+5jMgL>Nn7BkFdlDGi1?N>g&buY{*D!??0
z5fMCd;uiIB^%*0>*+NQ*Mc$@*YV|88a(+z72~}3*GDc(1{XC``>pQKyi_QNgpkePN
zos&Z;EED6&1*jNjTUF`CHiooPK=2@Y#MCR}H(Puk_6p|j=Y>eyc_0}=8BgvYLYB(y
z{+ydgIoMDU`a`d9v_2{E*Kx}cFcZ@x{mDP*UkxvhuhST8cx`KW{842ua}MN9NWzA-
z$s<AxMvIVK6T$hnYu!5UY;@5ki_igM{-1kpee4egl-oDvkE<(23JyAF);c!oMw(xe
z2Gwk|N+C85KKal5u_aVcmDE5`T+)vZku+qpXW9IE%^w9hm_$pefEY{{$kgg;X#;n@
zbmWUvo^&!(H`xGh?)NF15vm_Ek{EUzZhe|A3`34z6v=v`o+Brthl-MH!>M*((ZZKh
z?9<oe0_3YzN7ZLP_oVSRl&(Vq!9kQVfCDP8s+~8$Rwt>r(>q=?ZiVRrp-9gRW&SR7
zyvCR0@Ms7VXd;1Zn=330!N%-xIb?JhmGt(M-2xk6^@uz?lG8g>z5%DM&h4hEfH31y
zSQWe}*%CBu-L53H+?UiKWoXQWQ-P*4AqwUep0p09Mze0jpTYC#$-i#qK+wwQc=-xC
zv$Eprm3|G#3!^k;@BB()p`?9XG}ocSVKY0XiQ$p&4)PklwEuk1KrM8F;yta#(I2$G
zZae2-zE3+k_1RFq5F~{dxg-_?HRl2E+&+4$QF&hPk!o#W6>hH0WsBrD-=o|Jvp%RW
z+Sk$csBAHVU{k}dwu_lY;#6KQo6ZhJ(bruZx8iALL}-9rug*Z1wiNS@Z*$f7Za5T&
zu~*n9xs`*$@#O^mDu`!(>eV&DA`mdHiwH`mEltMW)aZV!^q_~g-<s5^*1qzw9Lk%T
zK?l+4a!c52Ju{A4bar_^|0@C$$fl3!s_#&wD)LS6al>l)ixCChb*__|T!IDFpo(7$
zLkhXNIcHRyV>%Jez@&&4mnGAtZ45#FOz!u2GxG%+BY!36)<Cm#QDxeJ^vmv&q;d_j
z^HLr;!!0r~2s?gho>oF;!_GT?os5N@+?b^_ee%|JqYZ_weUxj=&eLaajn*$CpU+wM
zv8zQW&IE09Uh`Tb-~H-B?fX67uBr!ynanG>f)*?63Li!G^qPpqg;LI@W2mC0JiPN6
z1!RcSdI4fD{Q1{DeNa_shRhFRuRiU&Ru<x4l>_)Kn*7|fz8kf=`}GlNss7%cg(Lel
zu?YS#%tH6Gp0J$0!SmeICjuM*IdGcC8fl)iwb44bALr^QicWmJ9mhAQyLW8<f2P^-
z!X@qeKfPY_&tZxKWw!-PusxUBv^pK_w~l0<l#cES)|$8kgFx%5U*h*nQNF#wwF%!U
zmh~SM7PLRn3Y5|WA)qs^e)U7OQ-GIbgW;N9<LPO_ZvOZ5lQW3{h^*BN>DYi12~%|c
zJ65JF(eggo@+?C!|8H??Sq%b$+v@}PS}$hPoM_sG9L#>UVA8H{lgz$i6=a`euM8|E
z-}Q6W@p63af=;@k%j{r_KD|(NjFwRqjK~%;ydP&%Am?AyBq?qH^%_+6oYEK3ESoKC
z6`^F#S$y0aiI@m=33!>bb^4Z?TeJ;?f92_iR8FI76Zxb{6?77<xn7TE`67kaGGR@!
zZuQ_xBW8(WU}mIYsZr2>y`wQMxs^{ParHX`0==%wG)23GJg~}+yTc@b;E3s0X4Yg7
z*5lepg?v3sxdJLXnv&?R^09L{DhQum*6wte+|HNa$a`MdHNeiI?omKIxaU+w#Wag|
z-L}3B#y9U7>dR;&I9bed*rb;D?SN<*By=^#`B`f(Tt%oWR$tulx_KA2Jc6SV-1pGJ
z9C-iX{B*Xv8<J!+pC@e&;)ztsSu_Rj=zLPr>>-<`YWTNId?^nM``AAx;<|1(TOd)C
zgqJvyX0E;^#U^a%QPGLKy!-_Pd2Kdy)o1U!*S5~;w3Z+Iky1GBU^^&SVnDWH$-cx0
zOcaeY7Ze8~^SN3jxEeg?ec6$AgMB_FMui=~7gHHHa>A$gPKFV{Zc?GS*#+uiu>bB^
zo1ixcgvcBms)uK-nU<c<3_OLMqx=DtZFunU`;4X!Y)4wFgL(Tgj?>6<JVhP2c2zlJ
z*=&LpMc>dr-m8704{0X!z(IPEKNEAumeEiyY>Q{u=&OkT@p*(XQCw1XNl%1b+80Hm
zwJ$F%o4U`alOWU%U0rs7J0$KrY6-$AsNa2<8-FSL`Lq5asX+U=xoZPyngZPPf|+b{
z_3<}NO?O!`dl#$r|9tq!j`0hn4=qQRZ4;*IT$l37BH%JQ{VmG%&`+pjQ_PJ<wvNy0
zsmoSdq6HN?UMY`IlVU7K=Ce*-?eVogR>06H{}>2Bexfy_%OHvb(gj{WZGnmq7zx@j
zOFow(obLL)#athjAKA_Fc7+@6moi#)2?O{7>^L~K`=!*T>krm6Z!ZQ^H6xTAsvXr5
z65a_gox|_w8}qs~-coSHFv05PuOf$ut^2!EbSYFY-9Z&)x#`PSP^2{EqjoMVZ_fN2
zy%Z!(5aRAuLHd&sahf8|e$h?Ia}PDn)@nre(o~&4xC=nVjoo-1jJ+hYqQq0Pf_Zr{
zh{)QWI38Y*`5oPz{qJ#e`B(y8ssLoA{&w&hAsrr-{=RMH!G-uG``b{DO^UW!F@_~x
z{qxw|uRo71{{Aazw~t~<W0$-rWDwJ;up53arCchyx=g@Ye$v$zHkVWhdUT+pW+Lwh
zc?mFXC<<QEI)NDX7r0>K`mujFYzn)Ds<hoko50Jyp>M>5zyPMa>=iEbbo^5XB@DwW
zVN-3GoOo5c$2YZcU#M2Fg#WFqjwd5zy#$za5}*sTQoU_mlO_KFZ*W@g_kTqP?6&Tq
zK20Vl?{3K$^L$;)(k_Qf-D&|}Ev^c5$kPq#ZLWJCWi(q*5Eb1jPc`F;sSRI(6_(l0
zi4d|$FE_U?8uelj;*m>MR4iZ}2m}Gl-W#}FVTTB3SqW8jP<z+>2Cwv18ROr`i4JBe
ziUd`D&fO6vH_)rz2M5sWRUrY9(W9Skt%ivtNlv(aZypqlE11?Mw%OA+001)-kDOcC
zd@1K1?Qs_QO22)a(|iSVO3)0}FbPM)J4Mi!K%!vG+d^~D{Bpncb$;omo4s%~iNQ28
z=T8NDlH`Q987B*;;{lMEInDS@)pBx`{LIVxl1CrB6&uKFT&6rR_hkYZD$<gV)^cpb
z<6|3f`joUObYdsEzr6#I7}DGE^zYF+&f$~pzLgjtPFmWQefj1wo#)5yiw<(hJy=rk
zHB2IFT}IAm9`dT1*B%Sf6Ww)T?{naqj}EvOojRHzKac56)D?&8A4qP^%>O*5c(m4Z
z7I=oZ$~F;AA>yGx)KR1GGg|cSz>?GKFnC)*>Zu6j(`duNVjyMHS9<?i*r{##8J99l
z_7kUpdcv`&x)W%=jpCuYu1d<{W0t@GrY-|ZKZ<F<xUl0MQvcRz#1EMBQJ^MxPmTBR
zwb8r(A3Ob*J~6+P`Hpy{y0B`sk<|fQ9~2=*q0jzgB~|D0KG(3tF5-uJR|3RKuE&>w
zZe-vph9HQxV920_)V$q#fal?(N0}2uo4?aM|1?ZVxuMOVMf;wD#fpM<H+txp-3YuD
zg))3p?y`)teuu^5CG<+mOH|PI^X_-CnELS`GaYrikH?53vYWz@n+wT~fq1|Nd4}-g
zv71|vbnG^9LQ(C>M4(D1x;k^H7ff40Le1GGy}TrGauZ@cJ|g3)t!7p&*G+d&jBxY6
zE?z!VzUv7IwY?@F@ZKnbRkRd&*fOD(5Z_j2i<PVVC2l+{mK5(lJfJf&uU3e;t}2!~
zVUSyF@frISme~ErbS<CR!zSq*J=$w{c3cO@tZ5vaTGw4?Qmr5C>TutTSQSNEkZ4Qk
zx1n6w{ODL_2G7CS^bhIc)bvHsIl3r$Ep2nnV2}nY_@1G$5yckbnPnq1eAFn4PM&kr
zp68Hmr(LT|+{roc$Q?Fz>%~~7xwY6Og2xClOGQac>yH~>C4MXS#3=()UXA&T6ul%l
zGC{!!1GF<9J34ua=d+bNEqM3lOBE~hz3cAthV$<xU2&B`S+<FGiL4lTf`k~uO(Fz!
zbF{_8Q^|6|9K(L|M9*?xwD;m1JQNvLV4L>m)Q4J))F6oMklKBT2#gHzA;nMxhOqA7
zqk`@@x!>4Snk}DXH9~6_ZbNLY>VsCVYRcM63U*ffezcoA&TAPdzB*JRl^>u~(?9Bu
zBjA#%GB(RTb^-562(7i&qlLa~Oh-@EdWKCz-Er~$t#M$|S=6>K|4gr0%H`=3+y68Z
zb_22AK8tA_W|=HVP$5UubuGnsNops8m|f-q*QKLJnWi(UG+Jvf5~BISX<Fmdu|kd5
zu1<15ZT=u?=VpieuG@llPu00tapHKQsguvQ5EFP^gjk6V2uz*dAt0r)M8p)3n-9FT
z@@*MqIyQZv<vPJeLWnnfc+u-BE>e)P#=C}*1^Z(s0DAH$F;9vvQ|ODo|8WpIKn_s9
z(KB-G)Iq-{Ir~JLpPi-mw+xwY6gPl|OwD##ciA<j&x1ur^Vx#UohLJUgjvF_A^otQ
zAY=BV&AY<Qf3?e%^|4P6s1MI|<<VtnAq^K5j!v374bz(omW94n8k-)QX@_O4JjPhd
z4(gTkYFm#Mo0z?|(jiQ~Hgq>Cyw)#jJKGJrPS`|P_ergGOskMkcd=F$-)J{jF@2xk
zuW1RZr3seKE>t<Zk3vJC?$tDp=fPI`<pwy37BP7QJ_e4ETJ6=<m3{Y1tvgL3#BV|L
z<b40+4k5(oLyIe`ZWSE45V}Z)VWJmw6oW!gJKD9E>rgxUjvX!Z!0@Uq*<5lJiji4&
z!EHJ#Wh-E*LKaecCdcrqFt>PgO9xclaRn~rSA%2y5;NDS-*MQZ64X%pwcqrQw|Gsz
zd_tJI$!l2^S>U-8v80S35)fjP(T=EgV6_sW9)vn>X8$~9)TSfg#oAvJaGFRw(wvE0
zbt3QeLqWBCH<TUHH(0~fyV1YIcez{@T8sE0|9aEQa5a{I>L;#=3XhB<OY7F|OwzQE
z*5gmQ%F3_&mT}X+9nc+^9s#sqO2)OVvWaYY)9k`mi?yjl+sOUoNC}}L7lBUH24e#q
z8UM)D6;lTNbOj9EQ&Uy_G_QEri&dZ}28xDNJ&67zp|T=Iw*2JF59PO~ZTt4KVVqOY
zVCJY{YnrOb_p9cm{@h{jMjVWsHoT*>o>9-=P3pDNl3cn}eyV=JLc9RgBD_Kd8eVUu
z@!qk@O1^m95*0EVal5~o?3;zm+n@~D)L*T8wuAv)wiD3j<<Q6~>(JGw*>5>h3!9uJ
zBBdy(I;t2xc~cefZmoJNR&x|Nl4*&os+u&jLt@=^qQqlJTY*7kmnjfw(5NW{zJly9
zxyiZP({EV#zT(yd!z(jHon>7UBD;$D>_}Sm*abWo6^@>~+sIZv*xm^&T~nXzeBpf_
z6K|<8zu~k6THEgp6B!)yVx9g$;p^AL6>FK<tfh^wEo4TISMSte%9xKnT@<#}md*zc
z<^5@WfM(^-s}0CI(pH@)J1jplzL(>y;wPQ4ok(OdOi*4cpV5mkqjoISuX)2bM*By+
zbhQ1jC3)pNS2{w!+^R2Hy%7ieqkxV9=?7C=n9I8@HOE03&*x5f&!AzeU0E8*wNNPC
zhbo(Fq-I%F9u+8R9x3yL*i~FtOag3!6J6NcBsfvTKeOkmQa7H$dgf9?car0!mpI6S
zQ}Y6i{YY{A{dY@~16BANv+ahL@32`QAW+Jue_eIhZ5PbSjs`;|l|1L$MCKbx^`x&c
zNGthnf5pgB1PJ0$VonF^Dq6Iu0G8`OU1}ix2-kq|ekO%iN$^kRv?+kjJub{EaLG!&
z{x;V2HE`T^nu5z>Q~ly1#^arjycpm;W8TA(yXVsQHrT9?ZfnZY8_}YO{Lo+d%&i?|
z&59N={@c=d0*UrSpDU|DR(nxzrHdYf>-Q*Fh+CBt-d`S^+yNsx#iNS{yn`AD_=Xr8
zPg&I=y=}{`?>&lVeuaH+9(dK4KdUPpz)qlh#LgRYRBGm#Bns(X)3M>Y?cfx{+F)xx
zaQJ@%R?8SP_o=Eh&#-}*{y=}0K@pB!51xkkp9lLZ)fR3Ny~`#8&B=hbn-3Jdo!T|o
zxW~}BuAH5vdr>dH<DK-4k-Kn)HW45f_suR~0wO8JAGwUG!e#|kI;BOb@0p()_-lxH
zto|J*MU~tgH>2DI?<VhH?-;%N>z4nze*NnM;9wkPN)j$QcliJW75@)N5zq5lJwCxx
z2(v+ff?p_)aMk`Mm%X*Asbp9CV?k!i(!3a2SaUYSAd%;&Q<~YjD}U4A9Z%qi-oT1M
z0hmhn+u>xDmfvo4hF?NCHeaThU;c`b9$VSFcvhGH{Oo8IF~3F|L82yoe*Cd2u=~pn
zK&-phbQx6KaK#5Pg*-!`71W4GC%*sy`!LF<!Kqw@`TgDVT7wk=FUiWO<Pl3_Sy|u{
zsVuQb!5GtRctO<k`YXaKwp097@%eAf8f<>{=t5IfNTqA@!Q`!QqbSW#Ez{($E}}TI
z5&S6oH?H5(MRL}JC5Wvai{2Q`**ae_SQ(CQS@-=`s+LJ#3fv3IQ0hXb_Eq_gVnVJ`
z9lnANM5`T|CJI+qMv0rS2foFnaAy2qMqI8D11B8-ux))46edM^-W0etsm~flw61k>
zeKP(OvB_tpp;SnP`OVdkv(^s+J}y^^l@Fzwot3b;q@(4oR-JkFXgO%IbM!^E^7o$l
z-Fb0Wb3L}>-TBL7rxFPJZ!Ta4L}gWaee=f3s17$s%}&S%8k4IIt%0AWzm&o^0pWmc
zH)obF5FO0k)MzE1>CxK6`bUrhdG$(L0#OIj_bfgJtasZ%q$EA_0lEmWR8?t^E%9r$
zW*h;l?^jUp%>DSrckuTSPcL#(YcphaLBtK9tt+qJq->^(aO`In>!-5G_=QsiIRe$F
z$vH~?>z22t`a7h2z!hBpKcgU$N`S$e<{6bJN|c%kF9^FnlZotpYW91qa^L~|Q19`^
z3<`IsGSp_`Bwk|3%t}qPc>g+P8RklYCWp5+%wX9nB!9f+_Mn$XGWK0Wx`%e;a0~Gh
ztG%61A`>iCGm7#t_&efOrX+)@2}A2KH!vP#nPB?++o%6!#{YZ=*a)xY_h%9h+V-0S
z*{0n5^VmzBnnR~)r_np(|AfcKd0jDIG9AMx8}ciHeu)M|(W5JS8(WwZOwi;D!ax7m
z-;I-?-oLXESN}U5Awtfrldy{IJ9YL*sti}aP8r{kzZmvq#J1XbA!hK!xJ`_B-|kD7
z3W(<6l?QQ@cWHFO^`R|<Ip0u}E|XBW`16=Typ*@x@#pb2-nTGIQpGK;(o^GylqHh|
zu}w6TF{2+?i<5-6y%f9Z)jebQMkfVlvWjaFi_KWgPQ|(;dD)EbWM%VSu1i>c_`RxY
z$d2#gyhM&Y=1Ql0Qgomtu8CtC8#OMbVE^8>%>^xWjjo$W7!)@Zj7rxYGkSaU2D5a1
zKAufK!t4))T47@K@*2qldv%_RN2C>-n0{LaPr_W`g3Q?;hWf@@iVY@wyJia7R%+SP
z$XDcL581;`Muy61qq^t#>_E0(XYH=$k4v+)@W$_Qu!K)<tMl!!iO8e!T9~(=bizKU
zRG6tTOl2!ku`LU-R@^pE?An#jKCI6n6@crfzbbPHU`8y+);y%hbm_PiGo28kgu$KK
z`@Ip?yGWZP2Om{#B2lKtddUYbmXF`t(HE4KD#n|dUYn`aqd?S)iv@R7mW_}1UjXbl
zmMjJ3hHKXzC^BMtL7?^rNq|b#@?bjw7u3&V34np(vXZP|&CKhgE17Ni9SLgF8J)7!
ztI$4-BOucyY2MJwlE1K+B(4<avKV6?3ekn=PZhlCOu5|5Nwn<gAk39^XJ-4+0FUuK
zUX?Ce?3A24DYeky;jC{Qu{sx#9yxgV@(V|;I-?9T>FG~%DoSLE3OkqSBuvwvkj>c6
zd>Y2N7K)%sU#{QEyk0AOgUYHEs6(?cUVMnJw@_@|$uO>YC-YUO&tb)@v5Lh9L8D4q
z!u6B*rv3JK4wxi{mV<B@B02IrRMv?>Jsm=8>{Mz546v}Wk=_R)c-ugS;yvBxsYt1o
z%VKCtyp{S@wX&9}=@u3V=s2f&ea>{J7=?*8-AYM5x-4yj3ZT<_6D_-uqUIK-cJ$(^
z2lel^jm&JUhB&Bh8jWy09sq0R^;WqF2)i{YI;;;C_F+zc*~y7&x_`-l41hAh#2U8T
zm_U=Wh=^gRiq~+p9`yFA))>rD)ucVKhfZ3bZ?Vx#5y|(qH`eMHuaUnob|Y-+mt>T@
z=ftPQ5mUyREmHr6W}Gp1xi~1!b|?^(W5OIJ*6|e1tn9WHXZdE_a}g49OVfxjn;&kn
z`iw)3Vjg}=!Wj{Bhx~CTZPfMid30x*zGRiPBXW@E0Z)2slTfBG6E&X{L|9;oQlRW%
ze_5oDV?lxeIdPOvM;R}_QiJpxYuE|i1uw>Sxy4H>$|A^B88s7o2$|~gHTYLtcRUNG
zUpy*^2qFQ@h6iFm5Wl#lVVt!3!=${@B_YgK)<?WucR9kCC?k`bMJAQ06Q)U2k(k2Y
zJNne`#1=0Cwk=<nJ>g!C;p!t{Y<9P2d#>H$P{CISWPh|>wsBnrHYh6qOm`oLXOP*N
zVm-yP*ti%N6wH7jGs1_oZ#yb#iCQm=+^s6%c5&}p@2U7&A=X_xXUHY$;x*$RfVsHQ
zssOTIJ_5DUa)K-O&UR4H)i+0JS^<|4^#1gYnA;_HL@Q9e0g^+FRR-xe1s8aZ50VNJ
zZcCkBFF47u{>A||!q+Lw@x1L%@AT+ffm{o~C$d82;fBA)td9t-SffQSFix^n^Q#rr
ziWl@MZqoO?>~8Ud3EKsoa{DK?m~ZD}g+JIc<cou-MS&5WgFlbW8!CffR{1z-`^c%6
z%<m4Io;2zF*#N-)<>JK)oK<#ZZeako{KB<`DHqX@;sz=0UtzA^F1AsG7+4y+=&~{t
z`CX6NuWdc$U^FBUQ$k0SH2^&7y^1|0=N3T^+(fNP@K!Y2L0+#sM;k7T(2>Q@W6-hT
ztFQlkZ9ewDBe488f8`%{|9^%<e|_P9MMGTw5@BJ(AzRFU`j5<8skiqE`(<!eD&0TS
z<3;t=c^p?>DA31s632NlDOZyI@gT?k9f;-p2mj`uxBcDt<=<mFabSzFc%uHoiIb;(
z9^<ub0shTaIv(2$+x9m7jA(^xz6M@RQxWXv+@mIkTlUm9gy1wcRY-8k?ERbf_b-e)
zyf5|9h+@oR8@zRhZ)PqTj!c-;6U9r$F6EchiuHCRy~qAMRvGgeE)6mNz00eN>`+`3
zFk)hD1sX_}ib5~*+zUwTvScj%CRUVNK?G?Q9-?p<FCk#`^dKRQFViYEa^cvwrRodZ
zAEyHga-R$2Y8cE1$47d(1FYK2q(Zs@qD}%m(+I&#g%1}gyQiXu>yCV7^nHf!c898z
z-dg&3%=H1;8N=Lqh3P2x1@hlx@t;HeAFf*Z--hfTzWRUbs;x2nVFLr3Rg^PDZEhv@
z@`*k;eq$f}aBqM^N4eLfJ6_|EgJnb<XmncP#tvErq+_C1G}(78dKM}XRVrHBXBgHh
zr-0nHhpBMGiaHvpARA#>sA%kPb9PK5D~}kdW71NdH~8IgqUf`qmz3<acC81lZ~7h4
zSEUw8Z$b7AFJs&aDvE2T5KwTtV8gA4r|L4tlSU%KM?SO_m3-#z&T#S3m9GC-Dw3U5
z5E<qr5?2%#y`diC^mgDF&vartY*0=cjP*#oV%nj=nOi#Lodb&yEG;XTB}~SIFnD$4
zuz~q&=;4lFm&!NIP`G6n*E;G(wv3fJ1UF{N(DULI!GtZCKL$&8Q!0+uHZ7!DGw(j%
z%P|GnzGyht1=MZ%k%$9`nlGXSqu3e(2|(aZ);r<<BI^EMPN9FypcCvMC3^~iWkn7r
z6Wn;Zhg1S<4DAv<;3m4Q0}|fwfhBLf@~YL*sqr?`_&@s8SUsJl^zC?G<gZuWlc0&1
zKX}O45|Aqh9D4Z1(2o_Ljl6$ih`16zhrD@wC7v@#<aABwm8dxR&UmFDuxw70UaeaG
zw`p}9mq&jY$}j(c2jl*An-u>DagA^5*>g-3$(8W$i@-znRI|b;>@0AkNtElfzp=|A
zzfUsA#o=9<I2pLAo@hL)Ww?=07Ls_GExZ6!{Hrhabv*KebLEljD$ZrQvcO`+FLl9o
zfI4AI4O(*>2fqMIn}e}D;KUsQf%){W+y9rR%WLYtzQv~RH>#>qJBl#}Va(XU<!wV}
z+GM=LyTa$S(2x#<9k-8kHd@HnS%jD#h0|=g1JH5$e`jI-pOP>!|F`td|I?2DyI+%k
z@=j0xV<G&nb?~L4EVz!%d$D@m4_nwR`e?(Ev~S5xIY!DMWd2x4)JBN7c01m34PD8F
z^0r-OL6cw1JcqJ>Q831QG`ZqbM_bj=*wC1G`*O0Ni$J)(t&e5<h?!oYC70z_So_qB
z#9muHe5e%i&|h}$>QM0VVw3!v$7yoUx^3l^fp{$#BI9IDekxMbzQqM?$$-WY8ADTk
zmyYU2()eLUdVTbY#iNNz-aoIneZlu=>t6xJ8W}@Jq(pYrUSg8KQa_L7O)8HWpEhwi
zt6@{z9&=S<fe4FM2-Ey|?DKSr_H2Jnw0w2v%h<ZuiTvc>kVX{(6m#vzuv&@&35u*-
z*gG&KxB2E4Isd-je*aNUWWs9@lh&<ou!ZEL;iY*-*K;bgo3_FfcQt}Ws9UK!t1HhB
z)e^0p5Ha1X5e#h^UhK)l2ueVIc-Lg*YpoK5Jm)V^e1v)$_BvlVj5n8j!|v#{#i(Ro
zeedSFl!KBg@gPpQ@Ce4hvqTezC6Evmb2H`zr;NKJRROdB1rI_k*ySw~$d2gw1HFxN
zg>-wGxI{zb<F2oyV3}f8#Ncs|`NNrQX0&wgq3b<N<xZ_l>Kr35_|GA+=ev=1IQQ@U
z<qUmZlj@hyxFXk&8)eqL;H)5{!Xc*Rc>IO>N3)^@hxyNqiy_{-F$*^!_V9UIh<}v{
z_Xru6m+^*@27=r{B)3%$nyIQ^)G+RewbeipLjJt@VLsf+omBzQx3K{^=neb|Dp;Ag
zg@$05XkM&7ycc#iYDOaE+@3Dn^!-QKwu|#<3-@H|nqXK}YO;KTMVP01M8ozi1c<M!
z1SxX?cmVR3)19FjpYG<x_q)tFnVZ{sKF$q)aI4K?Telvf<K>x!v*C+Hr|(c(>of?3
z*4pCLr4p^g;@a?!#58c~V#~N2)0)^IgrRmYi)k$^yo5_m947jl8S_rul?yjgcJ!DF
zPK37Qz6SVkEdO_w6aZidaXC0y(<iF#;?C|GWIvZ<8k!`=LqJ3Ff5$rehvHndPi>h6
z&&GQ>CQ*34O-C^!M%|qOf{6$f0sib@$KJH!M{szJ*$MN@5kzdp-|NjW410-ktimo-
z=VOz}-(57XvSr`EZ_GG>2NyhYwo(fwoEk#Xsl`nr8>0BA!s*DSl;rOYuCu1OvT9K5
zhgLT{x#^eQVOh|}1v7_px6@hpOO*1Ckm|SWoNAU-76D<Qaj9%b$;sffC6ydt!tHMJ
zh}PRRcnFIW%gx=Ie<g^St)`8{-7~(Vt^EyohMk@E4rsIVfB$G+Nvv~`uUfkrJ}d(Y
ztM<sLRaKwA87fgGmcWh7MDRBet3&8K3p3O2S!vzZdxmX!HDaJ8HVV9T2X>|mXH-8q
zC`@7nvT52eHi=l-jh47)!`&E;A2%Br2kEw?45!Qgb+#9qW@M3W@m2K{f<(Kr)Euzw
zfNYY3F)ri<xRFbYypkl$*Qb%i=4g;D9e8-gD8ph)s8k7C=<vQDy7*0)>+6#t&Q$7e
zoM-3B$($_(b2Dt1@7SWLPH+iEBu0*}M~+C`40tN|Ji4%>;O1<+pPgb6MJuc3QU8Ld
zLd};deBK}eL$08+GrrIq<OM{W2s4<ykyL|F%`dij8;usC{5?z=%S&_}k3`U-ZJRf^
zjl+A{7%H0b#^{6U6?pyT>J(aV%URw2)g}<Me*SIGa?E2;8N~mkj>Ch43G6dD#9+5%
zh?NCF#R7nYc?fFb9fo)JV`I^<bNBOO(3YheLm27$J}IeJUh`As7O1at2jIXG{R-+G
z4^&zDp**Y`u_N4TbNNuNf??~cMZ<M5Tv{`&63<TbTChHDgk0L%o!xhg3uKqk^lDh9
zJ+54?|GIMLmL1G3fK9W$uToo;G1e4rMRfRb(Dr3L3h!CKew~Ejw%l@y9Wy;qsnjvd
zOxR_3ejYx_`sPYuVh`=wfQ4M}n(guwI(R!oZG%OCrM5k?*)BifJiyxGZA_xanU~bQ
zOy<P=g0!sbP@|?(&TOx4@9wf`F6oo_O7`g}P<L&8#-U(JqwWwbplChyTU8nVa(_F_
z{~?W?cu$TL{H9k{_zgx*0XZ}!Lw_yw@+$CppOu}D<wONBu9)lfLPcFH*@9DegIDb9
zDe5n@&wqnA0SM+tTG&heTKJ5u^KhjrdthY-ux>dV-x_gCe(s^{l_yP?1+F}RUaQwD
zBboACp4HWXJ@<h+tfn%&LJ?SPm(Q^1rmm5uyDK-j;~7zEm=NnNiY1G&Dtg4Rrn!F?
zGgFOSkwa_$FbVJnBF|h+s>SiYb@)<*(2Hfqe+xrm-OGv~3Nh?wXUnUciQK%{e#$4%
zv;a16=%~BdSooW#9O>D5mZiQ#(dyjpjzn>%+{|$B!vF+<t(d4etC*_E{e{x&S%Ruo
zj<cC}2TNnjNd->IOxwb?)K}^9S|aktRezE1ta{$?;lX>B>z!JMgi*;k8#@P+m?5h&
z&&L?;*bH>)YbFoqa(mEt(1s~eMnJ7eRY%gd{fX3yU73TZ&CNLLB4h~@nmSEM{p)C;
z!p*E_c#cQ&{g1r|R{EAg^W{NT_eoi84sRXv*ju_AL$~=!*t_r@B=tr{rUuJ(i&SbW
z8}oEPDGdVwpx#9lTGN>#ad!JTA%`+3b>g1wJMVXYVI=k?*|)zL)<4Zi^375{wOBnL
zvR*6Cxu7DX*lFUo9bfaOHHOu{y3#;l8{wBNjMWxpYloGYT`{A2*z=vNpWtI0w)=g*
zW3s6Hq*ai2vQaasotRJkEa($M4)H|=R+q(PW$lz%+@|wmVQ|Jf4z<cXZF0qODx4;q
zu*HL$x_-+eAg9`Xo!G9NNQ(LX09SrZQs^OGFpPan51W2O2e)AO8<)_NSqUSRH{O4_
zdlvJ{5htVo66)~-X2UY3k7MOVJB9EUkP)3)by&9IJg(!Z)Dg0)+&E}{x|1GQJEC%p
zWbfDYaE!#|?q=uf{~HZ2!=2bI@dDQ%U`-rgLh|AAI)Hb_IF}+fqt~2@7MqB5UoI3K
zc$eyXvS_Pj9(=^WuljtE3yz9A8}lLCER(|xY$)EUo^8zb@h@JAojBO9i6_34yA^k*
zp&GF;hti9E@bI%zDOJ{|@kl!N$|!X;B646RFmQjLnmo1=|MMl^$wMKwgdl(Tjnkt;
zWp<r=dhx1}a+nNGErI*Gt@&U@?5SQFjhrH?i%#2=rp-SE`lP7VHB|uiATfn;^AEmY
z>Ayz?qr^>40Zu&DHN46TyQHDh*hm6PNYTf6&08O6%P@m)+2k$_o_By{XQyoRvMhVL
zRIwVZ{&8qXjhHS}^MD?t3z)2)5r?$-R871#e#xPNvCv(f4(d`lByQ$QPUV09Ys#jJ
zpx<yt5LRO%Y8174FfN*=*%xzKmMv{bi#|AfMIXt3SpRYz@<0~^$xe-&o~DB1edc(e
zWm{p0o{V)Ggy0vQ3SzjU(O1!-7Ra*ZQE;pmdN`fJbyu*^^>6e0pSSooCmb=qkOqnv
zr+s`!NNy(d<jJH(tMU8X+_L0AG0(v)6!i`QjJ>Kn8JlZt0Q8nNTo9u5UR{iLo@lSG
zqWhQUic}GTLd0-q*=P@i4xTBlJqjKD-DfXZvVARdC$tAlN?n})YKRqIlAcew1Y}4U
zGWb6$zg`EiCH)Fkba<m)VIoI59-}_fTkeu&(|%(WFF59}Rs7ID;F>^ghy6U(i4+>O
z-$pl=Xg~4p)1*9_lXai5lieLHB@oLQxdcR)Z%E5IFM%m|^_qo8Fg1udrYLc(!Z$Qj
z-k@tP>e{V9q&TT^tieAktzYNjnx^1##~22wxPN%$6f<>_c`wZY6HgG>z6*}iRv<j!
z=OR7|DM;vQS<uo53vF3Mu+JsC0Ti;IubSU8-8+|u{pv^D;+Mgb+r_L<DT%GUPzYbU
zx)lLFoh8B5c_zC4-jmPpNG1CU`z}JS(`47jBz&JbuSbD%xtaps$Py7$^Yd7a=Q*l#
z@QuXc1>2afX`^J!R$SMR@KbZU!fd=$CB9>p8giz{73N$`>tLGKLWs>moRW?yxZMvb
zuGdE$=yY~;x~fIR$nfNj5itBD7OX<{hx;)Bx`1(z`V{r!m5%K9`8ocS#7B{F#L*gR
zYcHGVIRpCfj{k(zY~L8cb15x6s$JE5l8)+(aVOxBUMlYJ#z+}+LYM?hP_u3GIAqVR
zqm(-`pEP*GM+rhq%F9cY{?pk2H-6GW`nvhRt5>5zz#R$gnzd<TSB@^)se6EDV>yKt
zBP15h>OM$E91s8|>0ZrUT8)n&P>c3>z@u0=91F17WN%n}j&sBhJiCQ4dggWEWLB1s
zMZdV1q{Z~MObb7f7=~TJaD?<yO<~b1)yt_g?|u&}{s&Lwy_|r}xV%9P(}BLTIUYDd
zSu0aNc(n+qYr2f!>N`(1JbdCk7|{@GyLC6F?w7kioG#au?i`^jm)B=XM^8=#sfI@;
znv&fFxeL)~2SvSCJ8GC&Fq(cQ>`&Ed3830y7)1o-0(`5?XZ2~<TrxYpFUbF3KYm~)
z8L_NYph2Yv&^I$SubT*kkAvrxZL}Ry4T`puq!SDJdgW8$Bp|b0*OU*>!}m1pIMdRS
zTS&Pq;DR3Dgpe5431J)AO4+|ygc@oq*~6CsmqH@EnL)nlz$Zk!Okn$KkZR0gUX;Eb
z4ru%}NuQWH1q2>R5u{YiNnC%NDK&iP8v@T4{kolDF}jpg^|oKAc?u`YKmK6Kar!}{
zCQVqF8-Pg7Xq^eB^6<L-#vWd884kTKAMwSEk$b)^s&X=nY7*EOVj)e)kN9GEGrn#o
zzXFdISeY4_vU|g!5%2p-67wyxQI?VEWZbQcat=S6k<kM6Ra<koowwEbf_(zBW@*LP
z$TxPK2PSzkn9p_9Na_|{7H;uJq8!ZmTU<V>Vs?3Fl|!@g2URzPY)AH_L*&<Hhm6gj
zf>EWt3U&f-qnEeogi%bl@+tdbtyrUhEt1}N`wAG<JiBz^(``~OrmK_J-ps?_zV@V*
zqFS-T=nTAIOa(MGYyM-1{}xDtn&79JyR_ur!Y?{J_TFIycw#yri$9uk0D5CL3l~op
zNAxFa6FT~(C>@0KL=3=p@oxU2_K;?fRom+^1*xdFbJI!K;G0wnLuH&|kbR@P<Pv+Z
zE+^=%weE=eJR84nc^_amxRBsyHm=F`Ql88Gp^}}{-=mb>o7%S<CMCbkFLm3ks^1FF
syy9je@uxXhz_wP!n7U!5js|6_rRLKJ#-B=m#p)i9dvor@@t=eL4<$+7FaQ7m


From f8b1662d7992fd5a4d5d3f25f8816f3087686162 Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Tue, 23 Jul 2024 12:39:10 +0300
Subject: [PATCH 09/43] feat(jans-linux-setup): overwrite minimum mem
 allocation for couchbase buckets (#9003)

* feat(jans-linux-setup): overwrite minimum mem allocation for couchbase buckets

Signed-off-by: Mustafa Baser <mbaser@mail.com>

* fix(jans-linux-setup): add custom libs to jans-auth if any

Signed-off-by: Mustafa Baser <mbaser@mail.com>

---------

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 .../jans_setup/setup_app/config.py            | 57 +++---------------
 .../setup_app/data/couchbase_buckets.json     | 58 +++++++++++++++++++
 .../setup_app/installers/couchbase.py         | 23 ++++----
 .../setup_app/installers/jans_auth.py         | 17 ++++--
 .../jans_setup/setup_app/installers/rdbm.py   |  1 +
 .../jans_setup/setup_app/setup_options.py     |  3 +
 .../jans_setup/setup_app/utils/arg_parser.py  |  6 +-
 .../jans_setup/setup_app/utils/base.py        |  2 +
 .../setup_app/utils/properties_utils.py       |  5 ++
 9 files changed, 106 insertions(+), 66 deletions(-)
 create mode 100644 jans-linux-setup/jans_setup/setup_app/data/couchbase_buckets.json

diff --git a/jans-linux-setup/jans_setup/setup_app/config.py b/jans-linux-setup/jans_setup/setup_app/config.py
index ef478926d75..456c8e9654b 100644
--- a/jans-linux-setup/jans_setup/setup_app/config.py
+++ b/jans-linux-setup/jans_setup/setup_app/config.py
@@ -40,7 +40,6 @@ class Config:
 
     installed_instance = False
 
-
     @classmethod
     def get(self, attr, default=None):
         return getattr(self, attr) if hasattr(self, attr) else default
@@ -364,57 +363,15 @@ def progress(self, service_name, msg, incr=False):
 
         self.install_time_ldap = None
 
-
-        self.couchbaseBucketDict = OrderedDict((
-                        ('default', { 'ldif':[
-                                            self.ldif_base, 
-                                            self.ldif_attributes,
-                                            self.ldif_scopes,
-                                            self.ldif_configuration,
-                                            self.ldif_metric,
-                                            self.ldif_agama,
-                                            ],
-                                      'memory_allocation': 100,
-                                      'mapping': '',
-                                      'document_key_prefix': []
-                                    }),
-
-                        ('user',     {   'ldif': [],
-                                        'memory_allocation': 300,
-                                        'mapping': 'people, groups, authorizations',
-                                        'document_key_prefix': ['groups_', 'people_', 'authorizations_'],
-                                    }),
-
-                        ('site',     {   'ldif': [self.ldif_site],
-                                        'memory_allocation': 100,
-                                        'mapping': 'jans-link',
-                                        'document_key_prefix': ['site_', 'jans-link_'],
-                                    }),
-
-                        ('cache',    {   'ldif': [],
-                                        'memory_allocation': 100,
-                                        'mapping': 'cache',
-                                        'document_key_prefix': ['cache_'],
-                                    }),
-
-                        ('token',   { 'ldif': [],
-                                      'memory_allocation': 300,
-                                      'mapping': 'tokens',
-                                      'document_key_prefix': ['tokens_'],
-                                    }),
-
-                        ('session',   { 'ldif': [],
-                                      'memory_allocation': 200,
-                                      'mapping': 'sessions',
-                                      'document_key_prefix': [],
-                                    }),
-
-                    ))
-
-        self.mapping_locations = { group: 'rdbm' for group in self.couchbaseBucketDict }
-
         self.non_setup_properties = {
             'jans_auth_client_jar_fn': os.path.join(self.dist_jans_dir, 'jans-auth-client-jar-with-dependencies.jar')
                 }
 
+        #re-map couchbase buckets ldif
+        for bucket in self.couchbaseBucketDict:
+            for i, ldifs in enumerate(self.couchbaseBucketDict[bucket]['ldif']):
+                self.couchbaseBucketDict[bucket]['ldif'][i] = getattr(self, ldifs)
+
+        self.mapping_locations = { group: 'rdbm' for group in self.couchbaseBucketDict }
+
         Config.addPostSetupService = []
diff --git a/jans-linux-setup/jans_setup/setup_app/data/couchbase_buckets.json b/jans-linux-setup/jans_setup/setup_app/data/couchbase_buckets.json
new file mode 100644
index 00000000000..96c90a92313
--- /dev/null
+++ b/jans-linux-setup/jans_setup/setup_app/data/couchbase_buckets.json
@@ -0,0 +1,58 @@
+{
+  "default": {
+    "ldif": [
+      "ldif_base",
+      "ldif_attributes",
+      "ldif_scopes",
+      "ldif_configuration",
+      "ldif_metric",
+      "ldif_agama"
+    ],
+    "memory_allocation": 100,
+    "mapping": "",
+    "document_key_prefix": []
+  },
+  "user": {
+    "ldif": [],
+    "memory_allocation": 300,
+    "mapping": "people, groups, authorizations",
+    "document_key_prefix": [
+      "groups_",
+      "people_",
+      "authorizations_"
+    ]
+  },
+  "site": {
+    "ldif": [
+      "ldif_site"
+    ],
+    "memory_allocation": 100,
+    "mapping": "jans-link",
+    "document_key_prefix": [
+      "site_",
+      "jans-link_"
+    ]
+  },
+  "cache": {
+    "ldif": [],
+    "memory_allocation": 100,
+    "mapping": "cache",
+    "document_key_prefix": [
+      "cache_"
+    ]
+  },
+  "token": {
+    "ldif": [],
+    "memory_allocation": 300,
+    "mapping": "tokens",
+    "document_key_prefix": [
+      "tokens_"
+    ]
+  },
+  "session": {
+    "ldif": [],
+    "memory_allocation": 200,
+    "mapping": "sessions",
+    "document_key_prefix": []
+  }
+}
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/couchbase.py b/jans-linux-setup/jans_setup/setup_app/installers/couchbase.py
index 1f622aeab64..78b462ada7c 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/couchbase.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/couchbase.py
@@ -45,7 +45,7 @@ def install(self):
 
         if not Config.get('couchebaseClusterAdmin'):
             Config.couchebaseClusterAdmin = 'admin'
-            
+
         if Config.cb_install == InstallTypes.LOCAL:
             Config.isCouchbaseUserAdmin = True
 
@@ -130,7 +130,7 @@ def couchbaseInstall(self):
 
 
     def couchebaseCreateCluster(self):
-        
+
         self.logIt("Initializing Couchbase Node")
         result = self.dbUtils.cbm.initialize_node()
         if result.ok:
@@ -200,9 +200,9 @@ def exec_n1ql_query(self, query):
 
     def couchbaseExecQuery(self, queryFile):
         self.logIt("Running Couchbase query from file " + queryFile)
-        
+
         query_file = open(queryFile)
-        
+
         for line in query_file:
             query = line.strip()
             if query:
@@ -221,10 +221,10 @@ def couchbaseMakeIndex(self, bucket, ind):
                     attrquoted.append(a)
 
             attrquoteds = ', '.join(attrquoted)
-            
+
             index_name = '{0}_static_{1}'.format(bucket, str(uuid.uuid4()).split('-')[1])
             cmd = 'CREATE INDEX `{0}` ON `{1}`({2}) WHERE ({3})'.format(index_name, bucket, attrquoteds, wherec)
-        
+
         else:
             if '(' in ''.join(ind):
                 attr_ = ind[0]
@@ -242,7 +242,7 @@ def couchbaseMakeIndex(self, bucket, ind):
 
 
     def couchebaseCreateIndexes(self, bucket):
-        
+
         Config.couchbase_buckets.append(bucket)
         couchbase_index_str = self.readFile(self.couchbaseIndexJson)
         couchbase_index_str = couchbase_index_str.replace('!bucket_prefix!', Config.couchbase_bucket_prefix)
@@ -282,7 +282,7 @@ def checkIfJansBucketReady(self):
 
     def couchbaseSSL(self):
         self.logIt("Exporting Couchbase SSL certificate to " + self.couchebaseCert)
-        
+
         for cb_host in base.re_split_host.findall(Config.couchbase_hostname):
 
             cbm_ = CBM(cb_host.strip(), Config.couchebaseClusterAdmin, Config.cb_password)
@@ -331,7 +331,7 @@ def couchbaseDict(self):
         prop_dict['couchbase_test_mappings'] = '\n'.join(couchbase_test_mappings)
 
         return prop_dict
-        
+
     def couchbaseProperties(self):
         prop_file = os.path.basename(Config.jansCouchebaseProperties)
         prop = open(os.path.join(Config.templateFolder, prop_file)).read()
@@ -349,10 +349,10 @@ def create_couchbase_buckets(self):
         couchbase_mappings = self.getMappingType('couchbase')
 
         min_cb_ram = 0
-        
+
         for group in couchbase_mappings:
              min_cb_ram += Config.couchbaseBucketDict[group]['memory_allocation']
-        
+
         min_cb_ram += Config.couchbaseBucketDict['default']['memory_allocation']
 
         if couchbaseClusterRamsize < min_cb_ram:
@@ -411,6 +411,7 @@ def extract_libs(self):
         shutil.unpack_archive(self.source_files[0][0], self.common_lib_dir)
         self.chown(os.path.join(Config.jetty_base, 'common'), Config.jetty_user, Config.jetty_user, True)
 
+
     def installed(self):
 
         if os.path.exists(self.couchebaseInstallDir):
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py
index afd4fe1d9d2..849b4219c42 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py
@@ -58,8 +58,8 @@ def install(self):
         self.make_pairwise_calculation_salt()
         self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         self.copyFile(self.source_files[0][0], self.jetty_service_webapps)
-        self.external_libs()
         self.set_class_path([os.path.join(self.custom_lib_dir, '*')])
+        self.external_libs()
         self.setup_agama()
         self.enable()
 
@@ -197,14 +197,23 @@ def import_openbanking_key(self):
             self.import_key_cert_into_keystore('obsigning', self.jans_auth_openid_jks_fn, Config.jans_auth_openid_jks_pass, Config.ob_key_fn, Config.ob_cert_fn, Config.ob_alias)
 
     def external_libs(self):
-        extra_libs = []
-
         for extra_lib in (self.source_files[2][0], self.source_files[3][0]):
             self.copyFile(extra_lib, self.custom_lib_dir)
             extra_lib_path = os.path.join(self.custom_lib_dir, os.path.basename(extra_lib))
-            extra_libs.append(extra_lib_path)
             self.chown(extra_lib_path, Config.jetty_user, Config.jetty_group)
 
+        # add custom libs if any
+        common_lib_dir = None
+        if Config.cb_install:
+            common_lib_dir = base.current_app.CouchbaseInstaller.common_lib_dir
+        elif Config.rdbm_install and Config.rdbm_type == 'spanner':
+            common_lib_dir = base.current_app.RDBMInstaller.common_lib_dir
+        if common_lib_dir:
+            class_path = os.path.join(common_lib_dir, '*')
+            current_plugins = self.get_plugins(paths=True)
+            if not class_path in current_plugins:
+                current_plugins.append(class_path)
+                self.set_class_path(current_plugins)
 
     def setup_agama(self):
         self.createDirs(self.agama_root)
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py b/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py
index 326480d9182..239276124ec 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py
@@ -542,6 +542,7 @@ def extract_libs(self):
         shutil.unpack_archive(self.source_files[0][0], self.common_lib_dir)
         self.chown(os.path.join(Config.jetty_base, 'common'), Config.jetty_user, Config.jetty_user, True)
 
+
     def installed(self):
         # to be implemented
         return True
diff --git a/jans-linux-setup/jans_setup/setup_app/setup_options.py b/jans-linux-setup/jans_setup/setup_app/setup_options.py
index abaf7bcb19e..481f9cdb794 100644
--- a/jans-linux-setup/jans_setup/setup_app/setup_options.py
+++ b/jans-linux-setup/jans_setup/setup_app/setup_options.py
@@ -88,6 +88,9 @@ def get_setup_options():
         if base.argsp.couchbase_hostname:
             setupOptions['couchbase_hostname'] = base.argsp.couchbase_hostname
 
+        for bucket in base.coucbase_bucket_dict:
+            base.coucbase_bucket_dict[bucket]['memory_allocation'] = getattr(base.argsp, f'couchbase_{bucket}_mem')
+
         if base.argsp.no_jsauth:
             setupOptions['install_jans_auth'] = False
 
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py
index 8d2b46e6178..1cd5fc6838d 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/arg_parser.py
@@ -3,9 +3,10 @@
 import uuid
 import argparse
 
-from setup_app import static
+from setup_app import static, paths
 from setup_app.version import __version__
 from setup_app.utils import base
+from setup_app.config import Config
 
 OPENBANKING_PROFILE = 'openbanking'
 PROFILE = os.environ.get('JANS_PROFILE')
@@ -90,6 +91,9 @@
     parser.add_argument('-couchbase-bucket-prefix', help="Set prefix for couchbase buckets", default='jans')
     parser.add_argument('-couchbase-hostname', help="Remote couchbase server hostname")
 
+    for bucket in base.coucbase_bucket_dict:
+        parser.add_argument(f'-couchbase-{bucket}-mem', help=f"Memory allocation in MB for Couchbase bucket {bucket}", default=base.coucbase_bucket_dict[bucket]['memory_allocation'], type=int)
+
     parser.add_argument('--no-data', help="Do not import any data to database backend, used for clustering", action='store_true')
     parser.add_argument('--no-jsauth', help="Do not install OAuth2 Authorization Server", action='store_true')
     parser.add_argument('-ldap-admin-password', help="Used as the LDAP directory manager password")
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/base.py b/jans-linux-setup/jans_setup/setup_app/utils/base.py
index d906878364a..c35f87f5583 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/base.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/base.py
@@ -454,6 +454,8 @@ def unpack_zip(zip_fn, extract_dir, with_par_dir=True):
 app_info_fn = os.environ.get('JANS_APP_INFO') or os.path.join(par_dir, 'app_info.json')
 current_app.app_info = readJsonFile(app_info_fn)
 current_app.jans_zip = os.path.join(Config.distFolder, 'jans/jans.zip')
+coucbase_bucket_dict = readJsonFile(os.path.join(paths.APP_ROOT, 'data/couchbase_buckets.json'), ordered=True)
+Config.couchbaseBucketDict = coucbase_bucket_dict
 
 def as_bool(val):
     return str(val).lower() in ('t', 'true', 'y', 'yes', 'on', 'ok', '1')
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
index 8c313ca66a3..49740f09cb3 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
@@ -186,6 +186,11 @@ def load_properties(self, prop_file, no_update=[]):
             p['opendj_install'] = InstallTypes.NONE
             p['rdbm_install'] = InstallTypes.NONE
 
+            for bucket in Config.couchbaseBucketDict:
+                if p.get(f'couchbase_{bucket}_mem'):
+                    Config.couchbaseBucketDict[bucket]['memory_allocation'] = int(p[f'couchbase_{bucket}_mem'])
+
+
         if p.get('opendj_install') == '0':
             p['opendj_install'] = InstallTypes.NONE
 

From d97d63e79550532a9f481283b5919e68899a3818 Mon Sep 17 00:00:00 2001
From: Dhaval D <343411+ossdhaval@users.noreply.github.com>
Date: Tue, 23 Jul 2024 19:34:43 +0530
Subject: [PATCH 10/43] docs(lock): add missing files with placeholder content
 (#9017)

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
---
 docs/admin/lock/lock-auth-server-config.md | 13 +++++++++++++
 docs/admin/lock/lock-client-config.md      | 13 +++++++++++++
 docs/admin/lock/lock-installation.md       | 14 ++++++++++++++
 docs/admin/lock/lock-opa.md                | 13 +++++++++++++
 docs/admin/lock/lock-pdp-plugin.md         | 13 +++++++++++++
 mkdocs.yml                                 | 10 +++++-----
 6 files changed, 71 insertions(+), 5 deletions(-)
 create mode 100644 docs/admin/lock/lock-auth-server-config.md
 create mode 100644 docs/admin/lock/lock-client-config.md
 create mode 100644 docs/admin/lock/lock-installation.md
 create mode 100644 docs/admin/lock/lock-opa.md
 create mode 100644 docs/admin/lock/lock-pdp-plugin.md

diff --git a/docs/admin/lock/lock-auth-server-config.md b/docs/admin/lock/lock-auth-server-config.md
new file mode 100644
index 00000000000..5f5a81f3c89
--- /dev/null
+++ b/docs/admin/lock/lock-auth-server-config.md
@@ -0,0 +1,13 @@
+# Configuring Janssen Server for Lock
+
+## This content is in progress
+
+The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
+
+## Have questions in the meantime?
+
+While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
+
+## Want to contribute?
+
+If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/admin/lock/lock-client-config.md b/docs/admin/lock/lock-client-config.md
new file mode 100644
index 00000000000..bac7bae700d
--- /dev/null
+++ b/docs/admin/lock/lock-client-config.md
@@ -0,0 +1,13 @@
+# Lock Client Configuration
+
+## This content is in progress
+
+The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
+
+## Have questions in the meantime?
+
+While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
+
+## Want to contribute?
+
+If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/admin/lock/lock-installation.md b/docs/admin/lock/lock-installation.md
new file mode 100644
index 00000000000..f13cd726dca
--- /dev/null
+++ b/docs/admin/lock/lock-installation.md
@@ -0,0 +1,14 @@
+## Lock Installation
+
+
+## This content is in progress
+
+The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
+
+## Have questions in the meantime?
+
+While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
+
+## Want to contribute?
+
+If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/admin/lock/lock-opa.md b/docs/admin/lock/lock-opa.md
new file mode 100644
index 00000000000..d8d45578228
--- /dev/null
+++ b/docs/admin/lock/lock-opa.md
@@ -0,0 +1,13 @@
+# Lock OPA
+
+## This content is in progress
+
+The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
+
+## Have questions in the meantime?
+
+While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
+
+## Want to contribute?
+
+If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/admin/lock/lock-pdp-plugin.md b/docs/admin/lock/lock-pdp-plugin.md
new file mode 100644
index 00000000000..3bb6cc618f5
--- /dev/null
+++ b/docs/admin/lock/lock-pdp-plugin.md
@@ -0,0 +1,13 @@
+# Lock PDP Plugin
+
+## This content is in progress
+
+The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
+
+## Have questions in the meantime?
+
+While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
+
+## Want to contribute?
+
+If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/mkdocs.yml b/mkdocs.yml
index 093a6afe38f..c271df65446 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -396,11 +396,11 @@ nav:
     - Jans Keycloak Link: admin/link/jans-keycloak-link.md
   - Lock Guide:
       - admin/lock/README.md
-      - Lock Installation: admin/lock/lock_installation.md
-      - Auth Server Configuration: admin/lock/lock_auth_server_config.md
-      - Lock Client Configuration: admin/lock/lock_client_config.md
-      - Implement Lock PDP Plugin: admin/lock/lock_pdp_plugin.md
-      - Policy Store Integration: admin/lock/lock_opa.md
+      - Lock Installation: admin/lock/lock-installation.md
+      - Auth Server Configuration: admin/lock/lock-auth-server-config.md
+      - Lock Client Configuration: admin/lock/lock-client-config.md
+      - Implement Lock PDP Plugin: admin/lock/lock-pdp-plugin.md
+      - Policy Store Integration: admin/lock/lock-opa.md
       - Lock Master: admin/lock/lock-master.md
       - Authorization Using Cedarling: admin/lock/cedarling.md
   - Janssen Recipes:

From 51eaf5945fe705482550186c88c642aa2eb50f4d Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Wed, 24 Jul 2024 02:04:20 +0700
Subject: [PATCH 11/43] feat(cloud-native): modify images to conform to
 configuration schema (#8960)

* feat(cloud-native): modify images to conform to configuration schema

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* fix: allow empty value for configmaps and secrets

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* docs(cloud-native): conform to new configuration schema

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* fix: revert allow empty value for configmaps and secrets

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* chore(charts): conform to new configuration schema

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* chore: update JANS_SOURCE_VERSION

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* chore: conform to optional_scopes configmap changes

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* chore: update JANS_SOURCE_VERSION

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* docs(charts): update configurator reference docs

Signed-off-by: iromli <isman.firmansyah@gmail.com>

---------

Signed-off-by: iromli <isman.firmansyah@gmail.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
---
 .../janssen-all-in-one/templates/_helpers.tpl |   9 -
 .../templates/deployment.yml                  |   4 +-
 .../janssen-all-in-one/templates/secret.yaml  |  48 +--
 .../charts/config/templates/_helpers.tpl      |  11 +-
 .../config/templates/load-init-config.yml     |   4 +-
 .../charts/config/templates/secrets.yaml      |  48 +--
 docker-jans-all-in-one/Dockerfile             |   2 +-
 docker-jans-auth-server/Dockerfile            |   2 +-
 docker-jans-casa/Dockerfile                   |   2 +-
 docker-jans-certmanager/Dockerfile            |   2 +-
 docker-jans-config-api/Dockerfile             |   2 +-
 docker-jans-configurator/Dockerfile           |   2 +-
 docker-jans-configurator/README.md            | 110 +++---
 docker-jans-configurator/requirements.txt     |   2 -
 docker-jans-configurator/scripts/bootstrap.py | 370 ++++++------------
 docker-jans-configurator/scripts/parameter.py | 165 --------
 docker-jans-fido2/Dockerfile                  |   2 +-
 docker-jans-kc-scheduler/Dockerfile           |   2 +-
 docker-jans-keycloak-link/Dockerfile          |   2 +-
 docker-jans-link/Dockerfile                   |   2 +-
 docker-jans-persistence-loader/Dockerfile     |   2 +-
 .../scripts/utils.py                          |   2 +-
 docker-jans-saml/Dockerfile                   |   2 +-
 docker-jans-scim/Dockerfile                   |   2 +-
 .../kubernetes/docker-jans-configurator.md    | 110 +++---
 25 files changed, 311 insertions(+), 598 deletions(-)
 delete mode 100644 docker-jans-configurator/scripts/parameter.py

diff --git a/charts/janssen-all-in-one/templates/_helpers.tpl b/charts/janssen-all-in-one/templates/_helpers.tpl
index 1588dd55710..d652e97a800 100644
--- a/charts/janssen-all-in-one/templates/_helpers.tpl
+++ b/charts/janssen-all-in-one/templates/_helpers.tpl
@@ -81,15 +81,6 @@ Create optional scopes list
 {{ if eq .Values.cnPersistenceType "sql" }}
 {{ $newList = append $newList ("sql" | quote) }}
 {{- end }}
-{{- if .Values.fido2.enabled}}
-{{ $newList = append $newList ("fido2" | quote) }}
-{{- end}}
-{{- if .Values.casa.enabled}}
-{{ $newList = append $newList ("casa" | quote) }}
-{{- end}}
-{{- if .Values.scim.enabled}}
-{{ $newList = append $newList ("scim" | quote) }}
-{{- end}}
 {{ toJson $newList }}
 {{- end }}
 
diff --git a/charts/janssen-all-in-one/templates/deployment.yml b/charts/janssen-all-in-one/templates/deployment.yml
index c4e402224c0..32339fc0325 100644
--- a/charts/janssen-all-in-one/templates/deployment.yml
+++ b/charts/janssen-all-in-one/templates/deployment.yml
@@ -111,9 +111,9 @@ spec:
             mountPath: /etc/certs/vault_secret_id
             subPath: vault_secret_id
         {{- end }}
-          - mountPath: /opt/jans/configurator/db/generate.json
+          - mountPath: /opt/jans/configurator/db/configuration.json
             name: {{ include "janssen-all-in-one.name" . }}-mount-gen-file
-            subPath: generate.json
+            subPath: configuration.json
           - mountPath: /scripts/tls_generator.py
             name: {{ include "janssen-all-in-one.name" . }}-tls-script
             subPath: tls_generator.py
diff --git a/charts/janssen-all-in-one/templates/secret.yaml b/charts/janssen-all-in-one/templates/secret.yaml
index 6dd28fc6900..d5f44ecf747 100644
--- a/charts/janssen-all-in-one/templates/secret.yaml
+++ b/charts/janssen-all-in-one/templates/secret.yaml
@@ -15,29 +15,33 @@ metadata:
 {{- end }}
 type: Opaque
 stringData:
-  generate.json: |-
+  configuration.json: |-
     {
-      "hostname": {{ .Values.fqdn | quote }},
-      "country_code": {{ .Values.countryCode | quote }},
-      "state": {{ .Values.state | quote }},
-      "city": {{ .Values.city | quote }},
-      "admin_pw": {{ .Values.adminPassword | quote }},
-      "ldap_pw": {{ .Values.adminPassword | quote }},
-      "redis_pw": {{ .Values.redisPassword | quote }},
-      "email": {{ .Values.email | quote }},
-      "org_name": {{ .Values.orgName | quote }},
-      {{ if eq .Values.cnPersistenceType "sql" }}
-      "sql_pw": {{ .Values.configmap.cnSqldbUserPassword | quote }},
-      {{- end }}
-      {{ if or ( eq .Values.cnPersistenceType "couchbase" ) ( eq .Values.cnPersistenceType "hybrid" ) }}
-      "couchbase_pw": {{ .Values.configmap.cnCouchbasePassword | quote }},
-      "couchbase_superuser_pw": {{ .Values.configmap.cnCouchbaseSuperUserPassword | quote }},
-      {{- end }}
-      "auth_sig_keys": {{ index .Values "auth-server" "authSigKeys" | quote }},
-      "auth_enc_keys": {{ index .Values "auth-server" "authEncKeys" | quote }},
-      "optional_scopes": {{ list (include "janssen-all-in-one.optionalScopes" . | fromJsonArray | join ",") }},
-      "salt": {{ .Values.salt | quote }},
-      "init_keys_exp": {{ index .Values "auth-server-key-rotation" "initKeysLife" }}
+      "_configmap": {
+        "hostname": {{ .Values.fqdn | quote }},
+        "country_code": {{ .Values.countryCode | quote }},
+        "state": {{ .Values.state | quote }},
+        "city": {{ .Values.city | quote }},
+        "admin_email": {{ .Values.email | quote }},
+        "orgName": {{ .Values.orgName | quote }},
+        "auth_sig_keys": {{ index .Values "auth-server" "authSigKeys" | quote }},
+        "auth_enc_keys": {{ index .Values "auth-server" "authEncKeys" | quote }},
+        "optional_scopes": {{ list (include "janssen-all-in-one.optionalScopes" . | fromJsonArray | join ",") | quote }},
+        "init_keys_exp": {{ index .Values "auth-server-key-rotation" "initKeysLife" }}
+      },
+      "_secret": {
+        "admin_password": {{ .Values.adminPassword | quote }},
+        "ldap_password": {{ .Values.adminPassword | quote }},
+        "redis_password": {{ .Values.redisPassword | quote }},
+        {{ if eq .Values.cnPersistenceType "sql" }}
+        "sql_password": {{ .Values.configmap.cnSqldbUserPassword | quote }},
+        {{- end }}
+        {{ if or ( eq .Values.cnPersistenceType "couchbase" ) ( eq .Values.cnPersistenceType "hybrid" ) }}
+        "couchbase_password": {{ .Values.configmap.cnCouchbasePassword | quote }},
+        "couchbase_superuser_password": {{ .Values.configmap.cnCouchbaseSuperUserPassword | quote }},
+        {{- end }}
+        "encoded_salt": {{ .Values.salt | quote }}
+      }
     }
 
 {{ if or ( eq .Values.cnPersistenceType "couchbase" ) ( eq .Values.cnPersistenceType "hybrid" ) }}
diff --git a/charts/janssen/charts/config/templates/_helpers.tpl b/charts/janssen/charts/config/templates/_helpers.tpl
index d2805f71eb1..bd1ba6d70ed 100644
--- a/charts/janssen/charts/config/templates/_helpers.tpl
+++ b/charts/janssen/charts/config/templates/_helpers.tpl
@@ -84,14 +84,5 @@ Create optional scopes list
 {{- if .Values.global.opendj.enabled}}
 {{ $newList = append $newList ("ldap" | quote) }}
 {{- end}}
-{{- if .Values.global.fido2.enabled}}
-{{ $newList = append $newList ("fido2" | quote) }}
-{{- end}}
-{{- if .Values.global.casa.enabled}}
-{{ $newList = append $newList ("casa" | quote) }}
-{{- end}}
-{{- if .Values.global.scim.enabled}}
-{{ $newList = append $newList ("scim" | quote) }}
-{{- end}}
 {{ toJson $newList }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/charts/janssen/charts/config/templates/load-init-config.yml b/charts/janssen/charts/config/templates/load-init-config.yml
index dc94fa1da91..e5741c72fbb 100644
--- a/charts/janssen/charts/config/templates/load-init-config.yml
+++ b/charts/janssen/charts/config/templates/load-init-config.yml
@@ -125,9 +125,9 @@ spec:
             name: aws-secrets-replica-regions
             subPath: aws_secrets_replica_regions
         {{- end }}
-          - mountPath: /app/db/generate.json
+          - mountPath: /app/db/configuration.json
             name: {{ include "config.fullname" . }}-mount-gen-file
-            subPath: generate.json
+            subPath: configuration.json
           - mountPath: /scripts/tls_generator.py
             name: {{ include "config.fullname" . }}-tls-script
             subPath: tls_generator.py
diff --git a/charts/janssen/charts/config/templates/secrets.yaml b/charts/janssen/charts/config/templates/secrets.yaml
index 53daef2d4f8..6e282fb0513 100644
--- a/charts/janssen/charts/config/templates/secrets.yaml
+++ b/charts/janssen/charts/config/templates/secrets.yaml
@@ -15,29 +15,33 @@ metadata:
 {{- end }}
 type: Opaque
 stringData:
-  generate.json: |-
+  configuration.json: |-
     {
-      "hostname": {{ .Values.global.fqdn | quote }},
-      "country_code": {{ .Values.countryCode | quote }},
-      "state": {{ .Values.state | quote }},
-      "city": {{ .Values.city | quote }},
-      "admin_pw": {{ .Values.adminPassword | quote }},
-      "ldap_pw": {{ .Values.ldapPassword | quote }},
-      "redis_pw": {{ .Values.redisPassword | quote }},
-      "email": {{ .Values.email | quote }},
-      "org_name": {{ .Values.orgName | quote }},
-      {{ if eq .Values.global.cnPersistenceType "sql" }}
-      "sql_pw": {{ .Values.configmap.cnSqldbUserPassword | quote }},
-      {{- end }}
-      {{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }}
-      "couchbase_pw": {{ .Values.configmap.cnCouchbasePassword | quote }},
-      "couchbase_superuser_pw": {{ .Values.configmap.cnCouchbaseSuperUserPassword | quote }},
-      {{- end }}
-      "auth_sig_keys": {{ index .Values "global" "auth-server" "authSigKeys" | quote }},
-      "auth_enc_keys": {{ index .Values "global" "auth-server" "authEncKeys" | quote }},
-      "optional_scopes": {{ list (include "config.optionalScopes" . | fromJsonArray | join ",") }},
-      "salt": {{ .Values.salt | quote }},
-      "init_keys_exp": {{ index .Values "global" "auth-server-key-rotation" "initKeysLife" }}
+      "_configmap": {
+        "hostname": {{ .Values.global.fqdn | quote }},
+        "country_code": {{ .Values.countryCode | quote }},
+        "state": {{ .Values.state | quote }},
+        "city": {{ .Values.city | quote }},
+        "admin_email": {{ .Values.email | quote }},
+        "orgName": {{ .Values.orgName | quote }},
+        "auth_sig_keys": {{ index .Values "global" "auth-server" "authSigKeys" | quote }},
+        "auth_enc_keys": {{ index .Values "global" "auth-server" "authEncKeys" | quote }},
+        "optional_scopes": {{ list (include "config.optionalScopes" . | fromJsonArray | join ",") | quote }},
+        "init_keys_exp": {{ index .Values "global" "auth-server-key-rotation" "initKeysLife" }}
+      },
+      "_secret": {
+        "admin_password": {{ .Values.adminPassword | quote }},
+        "ldap_password": {{ .Values.ldapPassword | quote }},
+        "redis_password": {{ .Values.redisPassword | quote }},
+        {{ if eq .Values.global.cnPersistenceType "sql" }}
+        "sql_password": {{ .Values.configmap.cnSqldbUserPassword | quote }},
+        {{- end }}
+        {{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }}
+        "couchbase_password": {{ .Values.configmap.cnCouchbasePassword | quote }},
+        "couchbase_superuser_password": {{ .Values.configmap.cnCouchbaseSuperUserPassword | quote }},
+        {{- end }}
+        "encoded_salt": {{ .Values.salt | quote }}
+      }
     }
 
 {{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }}
diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile
index ef05584c306..5f28014af27 100644
--- a/docker-jans-all-in-one/Dockerfile
+++ b/docker-jans-all-in-one/Dockerfile
@@ -58,7 +58,7 @@ RUN apk update \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets
diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile
index 3442f458019..215d1481298 100644
--- a/docker-jans-auth-server/Dockerfile
+++ b/docker-jans-auth-server/Dockerfile
@@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \
     /app/static/rdbm \
     /app/schema
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)
diff --git a/docker-jans-casa/Dockerfile b/docker-jans-casa/Dockerfile
index 8976633594b..38b8fa5b423 100644
--- a/docker-jans-casa/Dockerfile
+++ b/docker-jans-casa/Dockerfile
@@ -56,7 +56,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-casa/plugins \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_CASA_EXTRAS_DIR=jans-casa/extras
 
diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile
index 7f5467c1e3b..ada0a7bc235 100644
--- a/docker-jans-certmanager/Dockerfile
+++ b/docker-jans-certmanager/Dockerfile
@@ -25,7 +25,7 @@ RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets
diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile
index 38ed082c6b1..f83e7b2ac72 100644
--- a/docker-jans-config-api/Dockerfile
+++ b/docker-jans-config-api/Dockerfile
@@ -78,7 +78,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-config-api/_plugins \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources
 
diff --git a/docker-jans-configurator/Dockerfile b/docker-jans-configurator/Dockerfile
index a5647fdaa6e..95e40a81c45 100644
--- a/docker-jans-configurator/Dockerfile
+++ b/docker-jans-configurator/Dockerfile
@@ -27,7 +27,7 @@ RUN mkdir -p /opt/jans/configurator/javalibs \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 
 RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \
     && cd /tmp/jans \
diff --git a/docker-jans-configurator/README.md b/docker-jans-configurator/README.md
index 0bcf76453c0..011e3ac1589 100644
--- a/docker-jans-configurator/README.md
+++ b/docker-jans-configurator/README.md
@@ -8,7 +8,7 @@ tags:
 
 ## Overview
 
-Configuration manager is a special container used to load (generate/restore) and dump (backup) the configuration and secrets.
+Configurator is a tool to load (generate/restore) and/or dump (backup) the configuration (consists of configmaps and secrets).
 
 ## Versions
 
@@ -72,52 +72,62 @@ The following commands are supported by the container:
 
 ### load
 
-The load command can be used either to generate or restore config and secret for the cluster.
+The load command can be used either to generate/restore configmaps and secrets for the cluster.
+
+For fresh installation, generate the initial configuration by creating `/path/to/host/volume/configuration.json` similar to example below:
 
-For fresh installation, generate the initial configuration and secret by creating `/path/to/host/volume/generate.json` similar to example below:
 ```json
 {
-    "hostname": "demoexample.jans.io",
-    "country_code": "US",
-    "state": "TX",
-    "city": "Austin",
-    "admin_pw": "S3cr3t+pass",
-    "ldap_pw": "S3cr3t+pass",
-    "email": "s@jans.io",
-    "org_name": "Gluu Inc."
+    "_configmap": {
+        "hostname": "demoexample.jans.io",
+        "country_code": "US",
+        "state": "TX",
+        "city": "Austin",
+        "admin_email": "s@jans.io",
+        "orgName": "Gluu Inc."
+    },
+    "_secret": {
+        "admin_password": "S3cr3t+pass",
+        "ldap_password": "S3cr3t+pass"
+    }
 }
 ```
 
-**NOTE**: `generate.json` has optional attributes as seen below.
+**NOTE**: `configuration.json` has optional attributes as seen below.
 
-- `auth_sig_keys`: space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`)
-- `auth_enc_keys`: space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`)
-- `optional_scopes`: list of scopes that will be used (supported scopes are `ldap`, `scim`, `fido2`, `couchbase`, `redis`, `sql`, `casa`; default to empty list)
-- `ldap_pw`: user's password to access LDAP database (only used if `optional_scopes` list contains `ldap` scope)
-- `sql_pw`: user's password to access SQL database (only used if `optional_scopes` list contains `sql` scope)
-- `couchbase_pw`: user's password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
-- `couchbase_superuser_pw`: superusers password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
-- `salt`: user-defined salt (24 characters length); if omitted, salt will be generated automatically
-- `init_keys_exp`: the initial keys expiration time in hours (default to `48`; extra 1 hour will be added for hard limit)
+1.  `_configmap`:
 
-Example of generating `salt` value:
+    - `auth_sig_keys`: space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`)
+    - `auth_enc_keys`: space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`)
+    - `optional_scopes`: list of optional scopes (as JSON string) that will be used (supported scopes are `ldap`, `couchbase`, `redis`, `sql`; default to empty list)
+    - `init_keys_exp`: the initial keys expiration time in hours (default to `48`; extra 1 hour will be added for hard limit)
 
-```
-# using shell script
-cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 24 | head -n 1
-# output: NFAG5g4R0NSkAZXHL8t2DScL
+2.  `_secret`:
 
-# using python oneliner
-python -c 'import random, string; print("".join(random.choices(string.ascii_letters + string.digits, k=24)))'
-# ouput: HsPzqiPkRzNySWlOVui8Ilmw
-```
+    - `ldap_password`: user's password to access LDAP database (only used if `optional_scopes` list contains `ldap` scope)
+    - `sql_password`: user's password to access SQL database (only used if `optional_scopes` list contains `sql` scope)
+    - `couchbase_password`: user's password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
+    - `couchbase_superuser_password`: superusers password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
+    - `encoded_salt`: user-defined salt (24 characters length); if omitted, salt will be generated automatically
 
-To generate initial config and secrets:
+    Example of generating `encoded_salt` value:
 
-1.  Create config map `config-generate-params` to store the contents of `generate.json`
+    ```
+    # using shell script
+    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 24 | head -n 1
+    # output: NFAG5g4R0NSkAZXHL8t2DScL
+
+    # using python oneliner
+    python -c 'import random, string; print("".join(random.choices(string.ascii_letters + string.digits, k=24)))'
+    # ouput: HsPzqiPkRzNySWlOVui8Ilmw
+    ```
+
+To generate initial configmaps and secrets:
+
+1.  Create config map `config-generate-params` to store the contents of `configuration.json`
 
     ```sh
-    kubectl create cm config-generate-params --from-file=generate.json
+    kubectl create cm config-generate-params --from-file=configuration.json
     ```
 
 1.  Mount the configmap into container and apply the yaml:
@@ -139,22 +149,23 @@ To generate initial config and secrets:
             - name: configurator-load
               image: ghcr.io/janssenproject/jans/configurator:1.1.4_dev
               volumeMounts:
-                - mountPath: /app/db/generate.json
+                - mountPath: /app/db/configuration.json
                   name: config-generate-params
-                  subPath: generate.json
+                  subPath: configuration.json
               envFrom:
               - configMapRef:
                   name: config-cm
               args: ["load"]
     ```
 
-To restore configuration and secrets from a backup of `/path/to/host/volume/config.json` and `/path/to/host/volume/secret.json`: mount the directory as `/app/db` inside the container:
+A successful `load` command will dump the pre-populated configuration into `/app/db/configuration.out.json`.
+
+To restore configuration from `configuration.out.json` file:
 
-1.  Create config map `config-params` and `secret-params`:
+1.  Create config map `config-dump-params`:
 
     ```sh
-    kubectl create cm config-params --from-file=config.json
-    kubectl create cm secret-params --from-file=secret.json
+    kubectl create cm config-dump-params --from-file=configuration.out.json
     ```
 
 2.  Mount the configmap into container and apply the yaml:
@@ -169,32 +180,25 @@ To restore configuration and secrets from a backup of `/path/to/host/volume/conf
         spec:
           restartPolicy: Never
           volumes:
-            - name: config-params
+            - name: config-dump-params
               configMap:
-                name: config-params
-               - name: secret-params
-              configMap:
-                name: secret-params
+                name: config-dump-params
           containers:
             - name: configurator-load
               image: ghcr.io/janssenproject/jans/configurator:1.1.4_dev
               volumeMounts:
-                - mountPath: /app/db/config.json
-                  name: config-params
-                  subPath: config.json
-                - mountPath: /app/db/secret.json
-                  name: secret-params
-                  subPath: secret.json
+                - mountPath: /app/db/configuration.out.json
+                  name: config-dump-params
+                  subPath: configuration.out.json
               envFrom:
               - configMapRef:
                   name: config-cm
               args: ["load"]
     ```
 
-
 ### dump
 
-The dump command will dump all configuration and secrets from the backends saved into the `/app/db/config.json` and `/app/db/secret.json` files.
+The dump command will dump all configuration from the backends saved into the `/app/db/configuration.out.json` file.
 
 ```yaml
 apiVersion: batch/v1
@@ -221,4 +225,4 @@ spec:
 
 Copy over the files to host
 
-`kubectl cp config-init-load-job:/app/db .`
+`kubectl cp configurator-dump-job:/app/db .`
diff --git a/docker-jans-configurator/requirements.txt b/docker-jans-configurator/requirements.txt
index 4d08419f9d6..46cc021090c 100644
--- a/docker-jans-configurator/requirements.txt
+++ b/docker-jans-configurator/requirements.txt
@@ -1,6 +1,4 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.59.3
 click==8.1.7
-marshmallow==3.21.2
-fqdn==1.5.1
 /tmp/jans/jans-pycloudlib
diff --git a/docker-jans-configurator/scripts/bootstrap.py b/docker-jans-configurator/scripts/bootstrap.py
index ca16463334a..61fa93f7db3 100644
--- a/docker-jans-configurator/scripts/bootstrap.py
+++ b/docker-jans-configurator/scripts/bootstrap.py
@@ -23,12 +23,11 @@
 from jans.pycloudlib.utils import safe_render
 from jans.pycloudlib.utils import ldap_encode
 from jans.pycloudlib.utils import get_server_certificate
-from jans.pycloudlib.utils import generate_ssl_certkey
 from jans.pycloudlib.utils import generate_ssl_ca_certkey
 from jans.pycloudlib.utils import generate_signed_ssl_certkey
 from jans.pycloudlib.utils import as_boolean
+from jans.pycloudlib.schema import load_schema_from_file
 
-from parameter import params_from_file
 from settings import LOGGING_CONFIG
 
 DEFAULT_SIG_KEYS = "RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512"
@@ -39,9 +38,8 @@
 CERTS_DIR = os.environ.get("CN_CONFIGURATOR_CERTS_DIR", f"{CONFIGURATOR_DIR}/certs")
 JAVALIBS_DIR = f"{CONFIGURATOR_DIR}/javalibs"
 
-DEFAULT_CONFIG_FILE = os.environ.get("CN_CONFIGURATOR_CONFIG_FILE", f"{DB_DIR}/config.json")
-DEFAULT_SECRET_FILE = os.environ.get("CN_CONFIGURATOR_SECRET_FILE", f"{DB_DIR}/secret.json")
-DEFAULT_GENERATE_FILE = os.environ.get("CN_CONFIGURATOR_GENERATE_FILE", f"{DB_DIR}/generate.json")
+DEFAULT_CONFIGURATION_FILE = os.environ.get("CN_CONFIGURATOR_CONFIGURATION_FILE", f"{DB_DIR}/configuration.json")
+DEFAULT_DUMP_FILE = os.environ.get("CN_CONFIGURATOR_DUMP_FILE", f"{DB_DIR}/configuration.out.json")
 
 logging.config.dictConfig(LOGGING_CONFIG)
 logger = logging.getLogger("configurator")
@@ -99,9 +97,9 @@ def generate_pkcs12(suffix, passwd, hostname):
 class CtxManager:
     def __init__(self, manager):
         self.manager = manager
-        self.ctx = {"config": {}, "secret": {}}
-        self._remote_config_ctx = None
-        self._remote_secret_ctx = None
+        self.ctx = {"_configmap": {}, "_secret": {}}
+        self._remote_config_ctx = {}
+        self._remote_secret_ctx = {}
 
     @property
     def remote_config_ctx(self):
@@ -117,40 +115,47 @@ def remote_secret_ctx(self):
 
     def set_config(self, key, value, reuse_if_exists=True):
         if reuse_if_exists and key in self.remote_config_ctx:
-            logger.info(f"re-using config {key}")
-            self.ctx["config"][key] = self.remote_config_ctx[key]
-            return self.ctx["config"][key]
+            logger.info(f"re-using configmap {key!r}")
+            self.ctx["_configmap"][key] = self.remote_config_ctx[key]
+            return self.ctx["_configmap"][key]
 
-        logger.info(f"adding config {key}")
+        logger.info(f"adding configmap {key!r}")
         if callable(value):
             value = value()
 
-        self.ctx["config"][key] = value
-        return self.ctx["config"][key]
+        if isinstance(value, bytes):
+            value = value.decode()
+
+        self.ctx["_configmap"][key] = value
+        return self.ctx["_configmap"][key]
 
     def set_secret(self, key, value, reuse_if_exists=True):
         if reuse_if_exists and key in self.remote_secret_ctx:
-            logger.info(f"re-using secret {key}")
-            self.ctx["secret"][key] = self.remote_secret_ctx[key]
-            return self.ctx["secret"][key]
+            logger.info(f"re-using secret {key!r}")
+            self.ctx["_secret"][key] = self.remote_secret_ctx[key]
+            return self.ctx["_secret"][key]
 
-        logger.info(f"adding secret {key}")
+        logger.info(f"adding secret {key!r}")
         if callable(value):
             value = value()
 
-        self.ctx["secret"][key] = value
+        if isinstance(value, bytes):
+            value = value.decode()
+
+        self.ctx["_secret"][key] = value
         return value
 
     def get_config(self, key, default=None):
-        return self.ctx["config"].get(key) or default
+        return self.ctx["_configmap"].get(key) or default
 
     def get_secret(self, key, default=None):
-        return self.ctx["secret"].get(key) or default
+        return self.ctx["_secret"].get(key) or default
 
 
 class CtxGenerator:
     def __init__(self, manager, params):
-        self.params = params
+        self.configmap_params = params["_configmap"]
+        self.secret_params = params["_secret"]
         self.manager = manager
         self.ctx_manager = CtxManager(self.manager)
 
@@ -170,93 +175,36 @@ def get_config(self, key, default=None):
     def get_secret(self, key, default=None):
         return self.ctx_manager.get_secret(key, default)
 
-    def base_ctx(self):
-        if self.params["salt"]:
-            self.set_secret("encoded_salt", self.params["salt"])
+    def transform_base_ctx(self):
+        if self.secret_params["encoded_salt"]:
+            self.set_secret("encoded_salt", self.secret_params["encoded_salt"])
         else:
             self.set_secret("encoded_salt", partial(get_random_chars, 24))
-        self.set_config("orgName", self.params["org_name"])
-        self.set_config("country_code", self.params["country_code"])
-        self.set_config("state", self.params["state"])
-        self.set_config("city", self.params["city"])
-        self.set_config("hostname", self.params["hostname"])
-        self.set_config("admin_email", self.params["email"])
-        # self.set_config("jetty_base", "/opt/jans/jetty")
+
+        self.set_config("orgName", self.configmap_params["orgName"])
+        self.set_config("country_code", self.configmap_params["country_code"])
+        self.set_config("state", self.configmap_params["state"])
+        self.set_config("city", self.configmap_params["city"])
+        self.set_config("hostname", self.configmap_params["hostname"])
+        self.set_config("admin_email", self.configmap_params["admin_email"])
         self.set_config("admin_inum", lambda: f"{uuid4()}")
-        self.set_secret("encoded_admin_password", partial(ldap_encode, self.params["admin_pw"]))
+        self.set_secret("encoded_admin_password", partial(ldap_encode, self.secret_params["admin_password"]))
 
-        opt_scopes = self.params["optional_scopes"]
-        self.set_config("optional_scopes", list(set(opt_scopes)), False)
+        opt_scopes = self.configmap_params["optional_scopes"]
+        self.set_config("optional_scopes", opt_scopes, False)
 
-    def ldap_ctx(self):
+    def transform_ldap_ctx(self):
         encoded_salt = self.get_secret("encoded_salt")
 
-        # self.set_secret("encoded_ldap_pw", ldap_encode(self.params["admin_pw"]))
         self.set_secret(
             "encoded_ox_ldap_pw",
-            partial(encode_text, self.params["ldap_pw"], encoded_salt),
-        )
-        self.set_config("ldap_init_host", "localhost")
-        self.set_config("ldap_init_port", 1636)
-        self.set_config("ldap_port", 1389)
-        self.set_config("ldaps_port", 1636)
-        self.set_config("ldap_binddn", "cn=directory manager")
-        self.set_config("ldap_site_binddn", "cn=directory manager")
-        ldap_truststore_pass = self.set_secret("ldap_truststore_pass", get_random_chars)
-        self.set_config("ldapTrustStoreFn", "/etc/certs/opendj.pkcs12")
-        hostname = self.get_config("hostname")
-
-        generate_ssl_certkey(
-            "opendj",
-            self.get_config("admin_email"),
-            hostname,
-            self.get_config("orgName"),
-            self.get_config("country_code"),
-            self.get_config("state"),
-            self.get_config("city"),
-            extra_dns=["ldap"],
-            base_dir=CERTS_DIR,
-        )
-        with open(f"{CERTS_DIR}/opendj.pem", "w") as fw:
-            with open(f"{CERTS_DIR}/opendj.crt") as fr:
-                ldap_ssl_cert = fr.read()
-                self.set_secret(
-                    "ldap_ssl_cert",
-                    partial(encode_text, ldap_ssl_cert, encoded_salt),
-                )
-
-            with open(f"{CERTS_DIR}/opendj.key") as fr:
-                ldap_ssl_key = fr.read()
-                self.set_secret(
-                    "ldap_ssl_key",
-                    partial(encode_text, ldap_ssl_key, encoded_salt),
-                )
-
-            ldap_ssl_cacert = "".join([ldap_ssl_cert, ldap_ssl_key])
-            fw.write(ldap_ssl_cacert)
-            self.set_secret(
-                "ldap_ssl_cacert",
-                partial(encode_text, ldap_ssl_cacert, encoded_salt),
-            )
-
-        generate_pkcs12("opendj", ldap_truststore_pass, hostname)
-
-        with open(f"{CERTS_DIR}/opendj.pkcs12", "rb") as fr:
-            self.set_secret(
-                "ldap_pkcs12_base64",
-                partial(encode_text, fr.read(), encoded_salt),
-            )
-
-        self.set_secret(
-            "encoded_ldapTrustStorePass",
-            partial(encode_text, ldap_truststore_pass, encoded_salt),
+            partial(encode_text, self.secret_params["ldap_password"], encoded_salt),
         )
 
-    def redis_ctx(self):
-        # TODO: move this to persistence-loader
-        self.set_secret("redis_pw", self.params.get("redis_pw", ""))
+    def transform_redis_ctx(self):
+        self.set_secret("redis_password", self.secret_params["redis_password"])
 
-    def auth_ctx(self):
+    def transform_auth_ctx(self):
         encoded_salt = self.get_secret("encoded_salt")
 
         self.set_config("default_openid_jks_dn_name", "CN=Janssen Auth CA Certificates")
@@ -269,38 +217,11 @@ def auth_ctx(self):
         self.set_config("auth_legacyIdTokenClaims", "false")
         self.set_config("auth_openidScopeBackwardCompatibility", "false")
 
-        # get user-input signing keys
-        allowed_sig_keys = DEFAULT_SIG_KEYS.split()
-        sig_keys = []
-
-        for k in self.params.get("auth_sig_keys", "").split():
-            k = k.strip()
-            if k not in allowed_sig_keys:
-                continue
-            sig_keys.append(k)
-
-        # if empty, fallback to default
-        sig_keys = sig_keys or allowed_sig_keys
-        sig_keys = " ".join(sig_keys)
-        self.set_config("auth_sig_keys", sig_keys)
-
-        # get user-input encryption keys
-        allowed_enc_keys = DEFAULT_ENC_KEYS.split()
-        enc_keys = []
-
-        for k in self.params.get("auth_enc_keys", "").split():
-            k = k.strip()
-            if k not in allowed_enc_keys:
-                continue
-            enc_keys.append(k)
-
-        # if empty, fallback to default
-        enc_keys = enc_keys or allowed_enc_keys
-        enc_keys = " ".join(enc_keys)
-        self.set_config("auth_enc_keys", enc_keys)
+        self.set_config("auth_sig_keys", self.configmap_params["auth_sig_keys"])
+        self.set_config("auth_enc_keys", self.configmap_params["auth_enc_keys"])
 
         # default exp = 48 hours + token lifetime (in hour)
-        exp = int(self.params["init_keys_exp"] + (3600 / 3600))
+        exp = int(self.configmap_params["init_keys_exp"] + (3600 / 3600))
 
         _, err, retcode = generate_openid_keys_hourly(
             self.get_secret("auth_openid_jks_pass"),
@@ -308,8 +229,8 @@ def auth_ctx(self):
             f"{CERTS_DIR}/auth-keys.json",
             self.get_config("default_openid_jks_dn_name"),
             exp=exp,
-            sig_keys=sig_keys,
-            enc_keys=enc_keys,
+            sig_keys=self.configmap_params["auth_sig_keys"],
+            enc_keys=self.configmap_params["auth_enc_keys"],
         )
         if retcode != 0:
             logger.error(f"Unable to generate auth keys; reason={err}")
@@ -329,7 +250,7 @@ def auth_ctx(self):
                 partial(encode_text, fr.read(), encoded_salt),
             )
 
-    def web_ctx(self):
+    def transform_web_ctx(self):
         ssl_cert = f"{CERTS_DIR}/web_https.crt"
         ssl_key = f"{CERTS_DIR}/web_https.key"
         ssl_csr = f"{CERTS_DIR}/web_https.csr"
@@ -348,14 +269,14 @@ def web_ctx(self):
         # check from mounted files
         if not (os.path.isfile(ssl_cert) and os.path.isfile(ssl_key)):
             # no mounted files, hence download from frontend
-            addr = os.environ.get("CN_INGRESS_ADDRESS") or self.ctx["config"]["hostname"]
+            addr = os.environ.get("CN_INGRESS_ADDRESS") or self.ctx["_configmap"]["hostname"]
             servername = os.environ.get("CN_INGRESS_SERVERNAME") or addr
 
             logger.warning(
                 f"Unable to find mounted {ssl_cert} and {ssl_key}; "
                 f"trying to download from {addr}:443 (servername {servername})"
             )
-            cert_from_domain(addr, servername, 443, ssl_cert, ssl_key, self.ctx["config"]["hostname"])
+            cert_from_domain(addr, servername, 443, ssl_cert, ssl_key, self.ctx["_configmap"]["hostname"])
 
         # no mounted nor downloaded files, hence we need to create self-generated files
         if not (os.path.isfile(ssl_cert) and os.path.isfile(ssl_key)):
@@ -417,87 +338,77 @@ def web_ctx(self):
         with open(ssl_key) as f:
             self.set_secret("ssl_key", f.read)
 
-    def couchbase_ctx(self):
+    def transform_couchbase_ctx(self):
         # TODO: move this to persistence-loader?
         self.set_config("couchbaseTrustStoreFn", "/etc/certs/couchbase.pkcs12")
         self.set_secret("couchbase_shib_user_password", get_random_chars)
-        self.set_secret("couchbase_password", self.params["couchbase_pw"])
-        self.set_secret("couchbase_superuser_password", self.params["couchbase_superuser_pw"])
-
-    def sql_ctx(self):
-        self.set_secret("sql_password", self.params["sql_pw"])
+        self.set_secret("couchbase_password", self.secret_params["couchbase_password"])
+        self.set_secret("couchbase_superuser_password", self.secret_params["couchbase_superuser_password"])
 
-    def generate(self):
-        opt_scopes = self.params["optional_scopes"]
+    def transform_sql_ctx(self):
+        self.set_secret("sql_password", self.secret_params["sql_password"])
 
-        self.base_ctx()
-        self.auth_ctx()
-        self.web_ctx()
+    def transform_misc_ctx(self):
+        # pre-populate the rest of configmaps
+        for k, v in self.configmap_params.items():
+            if v and k not in self.ctx["_configmap"]:
+                self.set_config(k, v)
 
-        # if "ldap" in opt_scopes:
-        #     self.ldap_ctx()
+        # pre-populate the rest of secrets
+        for k, v in self.secret_params.items():
+            if v and k not in self.ctx["_secret"]:
+                self.set_secret(k, v)
 
-        if "redis" in opt_scopes:
-            self.redis_ctx()
-
-        # if "couchbase" in opt_scopes:
-        #     self.couchbase_ctx()
-
-        # if "sql" in opt_scopes:
-        #     self.sql_ctx()
-
-        # populated config
-        return self.ctx
+    def transform(self):
+        """Transform configmaps and secrets (if needed)."""
+        opt_scopes = json.loads(self.configmap_params["optional_scopes"])
 
+        self.transform_base_ctx()
+        self.transform_auth_ctx()
+        self.transform_web_ctx()
 
-def _save_generated_ctx(manager, data, type_):
-    if type_ == "config":
-        backend = manager.config
-    else:
-        backend = manager.secret
+        if "ldap" in opt_scopes:
+            self.transform_ldap_ctx()
 
-    logger.info(f"Saving {type_} to backend")
-    backend.set_all(data)
+        if "redis" in opt_scopes:
+            self.transform_redis_ctx()
 
+        if "couchbase" in opt_scopes:
+            self.transform_couchbase_ctx()
 
-def _load_from_file(manager, filepath, type_):
-    ctx_manager = CtxManager(manager)
-    if type_ == "config":
-        setter = ctx_manager.set_config
-        backend = manager.config
-    else:
-        setter = ctx_manager.set_secret
-        backend = manager.secret
+        if "sql" in opt_scopes:
+            self.transform_sql_ctx()
 
-    logger.info(f"Loading {type_} from {filepath}")
+        self.transform_misc_ctx()
 
-    with open(filepath, "r") as f:
-        data = json.loads(f.read())
+        # populated configuration
+        return self.ctx
 
-    ctx = data.get(f"_{type_}")
-    if not ctx:
-        logger.warning(f"Missing '_{type_}' key")
-        return
+    def save_loaded_ctx(self):
+        logger.info("Saving configuration to backends")
 
-    # tolerancy before checking existing key
-    time.sleep(5)
+        for type_ in ["_configmap", "_secret"]:
+            if type_ == "_configmap":
+                backend = self.manager.config
+            else:
+                backend = self.manager.secret
+            backend.set_all(self.ctx[type_])
 
-    data = {k: setter(k, v) for k, v in ctx.items()}
-    backend.set_all(data)
 
+def dump_to_file(manager, filepath):
+    logger.info(f"Saving configuration to {filepath}")
 
-def _dump_to_file(manager, filepath, type_):
-    if type_ == "config":
-        backend = manager.config
-    else:
-        backend = manager.secret
+    data = {"_configmap": {}, "_secret": {}}
 
-    logger.info(f"Saving {type_} to {filepath}")
+    for type_ in ["_configmap", "_secret"]:
+        if type_ == "_configmap":
+            backend = manager.config
+        else:
+            backend = manager.secret
+        data[type_] = backend.get_all()
 
-    data = {f"_{type_}": backend.get_all()}
-    data = json.dumps(data, sort_keys=True, indent=4)
     with open(filepath, "w") as f:
-        f.write(data)
+        f.write(json.dumps(data, sort_keys=True, indent=4))
 
 
 def cert_from_domain(addr, servername, port, certfile, keyfile, dns):
@@ -581,91 +492,62 @@ def cli():
 
 @cli.command()
 @click.option(
-    "--generate-file",
-    type=click.Path(exists=False),
-    help="Absolute path to file containing parameters for generating config and secret",
-    default=DEFAULT_GENERATE_FILE,
-    show_default=True,
-)
-@click.option(
-    "--config-file",
+    "--configuration-file",
     type=click.Path(exists=False),
-    help="Absolute path to file contains config",
-    default=DEFAULT_CONFIG_FILE,
+    help="Absolute path to file contains configmaps and secrets",
+    default=DEFAULT_CONFIGURATION_FILE,
     show_default=True,
 )
 @click.option(
-    "--secret-file",
+    "--dump-file",
     type=click.Path(exists=False),
-    help="Absolute path to file contains secret",
-    default=DEFAULT_SECRET_FILE,
+    help="Absolute path to file contains dumped configmaps and secrets",
+    default=DEFAULT_DUMP_FILE,
     show_default=True,
 )
-def load(generate_file, config_file, secret_file):
-    """Loads config and secret from JSON files (generate if not exist).
+def load(configuration_file, dump_file):
+    """Loads configmaps and secrets from JSON file (generate if not exist).
     """
     deps = ["config_conn", "secret_conn"]
     wait_for(manager, deps=deps)
 
     # check whether config and secret in backend have been initialized
-    should_skip = as_boolean(os.environ.get("CN_CONFIGURATION_SKIP_INITIALIZED", False))
+    should_skip = as_boolean(os.environ.get("CN_CONFIGURATOR_SKIP_INITIALIZED", False))
     if should_skip and manager.config.get("hostname") and manager.secret.get("ssl_cert"):
         # config and secret may have been initialized
-        logger.info("Config and secret have been initialized")
+        logger.info("Configmaps and secrets have been initialized")
         return
 
     with manager.lock.create_lock("configurator-load"):
-        # there's no config and secret in backend, check whether to load from files
-        if os.path.isfile(config_file) and os.path.isfile(secret_file):
-            # load from existing files
-            logger.info(f"Re-using config and secret from {config_file} and {secret_file}")
-            _load_from_file(manager, config_file, "config")
-            _load_from_file(manager, secret_file, "secret")
-            return
-
-        # no existing files, hence generate new config and secret from parameters
-        logger.info(f"Loading parameters from {generate_file}")
-        params, err, code = params_from_file(generate_file)
+        logger.info(f"Loading configmaps and secrets from {configuration_file}")
+
+        params, err, code = load_schema_from_file(configuration_file)
         if code != 0:
-            logger.error(f"Unable to load parameters; reason={err}")
+            logger.error(f"Unable to load configmaps and secrets; reason={err}")
             raise click.Abort()
 
-        logger.info("Generating new config and secret")
         ctx_generator = CtxGenerator(manager, params)
-        ctx = ctx_generator.generate()
-
-        # save config to its backend and file
-        _save_generated_ctx(manager, ctx["config"], "config")
-        _dump_to_file(manager, config_file, "config")
+        ctx_generator.transform()
+        ctx_generator.save_loaded_ctx()
 
-        # save secret to its backend and file
-        _save_generated_ctx(manager, ctx["secret"], "secret")
-        _dump_to_file(manager, secret_file, "secret")
+        # dump saved configuration to file
+        dump_to_file(manager, dump_file)
 
 
 @cli.command()
 @click.option(
-    "--config-file",
+    "--dump-file",
     type=click.Path(exists=False),
-    help="Absolute path to file to save config",
-    default=DEFAULT_CONFIG_FILE,
+    help="Absolute path to file contains dumped configmaps and secrets",
+    default=DEFAULT_DUMP_FILE,
     show_default=True,
 )
-@click.option(
-    "--secret-file",
-    type=click.Path(exists=False),
-    help="Absolute path to file to save secret",
-    default=DEFAULT_SECRET_FILE,
-    show_default=True,
-)
-def dump(config_file, secret_file):
-    """Dumps config and secret into JSON files.
+def dump(dump_file):
+    """Dumps configmaps and secrets into JSON files.
     """
     deps = ["config_conn", "secret_conn"]
     wait_for(manager, deps=deps)
-
-    _dump_to_file(manager, config_file, "config")
-    _dump_to_file(manager, secret_file, "secret")
+    dump_to_file(manager, dump_file)
 
 
 if __name__ == "__main__":
diff --git a/docker-jans-configurator/scripts/parameter.py b/docker-jans-configurator/scripts/parameter.py
deleted file mode 100644
index d711946b9f8..00000000000
--- a/docker-jans-configurator/scripts/parameter.py
+++ /dev/null
@@ -1,165 +0,0 @@
-import json
-import re
-
-from fqdn import FQDN
-from marshmallow import EXCLUDE
-from marshmallow import Schema
-from marshmallow import validates
-from marshmallow import validates_schema
-from marshmallow import ValidationError
-from marshmallow.fields import Email
-from marshmallow.fields import List
-from marshmallow.fields import Str
-from marshmallow.fields import Int
-from marshmallow.validate import ContainsOnly
-from marshmallow.validate import Length
-from marshmallow.validate import Predicate
-from marshmallow.validate import Range
-
-PASSWD_RGX = re.compile(
-    r"^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*\W)[a-zA-Z0-9\S]{6,}$"
-)
-
-DEFAULT_SCOPES = (
-    "auth",
-    "config-api",
-)
-
-OPTIONAL_SCOPES = (
-    "ldap",
-    "couchbase",
-    "redis",
-    "sql",
-
-    # these scopes are no longer needed; not removed for backward-compat
-    "fido2",
-    "casa",
-    "scim",
-)
-
-
-class ParamSchema(Schema):
-    class Meta:
-        unknown = EXCLUDE
-
-    admin_pw = Str(required=True)
-
-    city = Str(required=True)
-
-    country_code = Str(
-        validate=[
-            Length(2, 2),
-            Predicate(
-                "isupper",
-                error="Non-uppercased characters aren't allowed",
-            ),
-        ],
-        required=True,
-    )
-
-    email = Email(required=True)
-
-    hostname = Str(required=True)
-
-    org_name = Str(required=True)
-
-    state = Str(required=True)
-
-    optional_scopes = List(
-        Str(),
-        validate=ContainsOnly(OPTIONAL_SCOPES),
-        load_default=[],
-    )
-
-    ldap_pw = Str(load_default="", dump_default="")
-
-    sql_pw = Str(load_default="", dump_default="")
-
-    couchbase_pw = Str(load_default="", dump_default="")
-
-    couchbase_superuser_pw = Str(load_default="", dump_default="")
-
-    auth_sig_keys = Str(load_default="")
-
-    auth_enc_keys = Str(load_default="")
-
-    salt = Str(load_default="", dump_default="")
-
-    init_keys_exp = Int(
-        validate=[
-            Range(1),
-        ],
-        load_default=48,
-        dump_default=48,
-        strict=True,
-    )
-
-    @validates("hostname")
-    def validate_fqdn(self, value):
-        fqdn = FQDN(value)
-        if not fqdn.is_valid:
-            raise ValidationError("Invalid FQDN format.")
-
-    @validates("admin_pw")
-    def validate_password(self, value, **kwargs):
-        if not PASSWD_RGX.search(value):
-            raise ValidationError(
-                "Must be at least 6 characters and include "
-                "one uppercase letter, one lowercase letter, one digit, "
-                "and one special character."
-            )
-
-    @validates_schema
-    def validate_ldap_pw(self, data, **kwargs):
-        if "ldap" in data["optional_scopes"]:
-            try:
-                self.validate_password(data["ldap_pw"])
-            except ValidationError as exc:
-                raise ValidationError({"ldap_pw": exc.messages})
-
-    @validates_schema
-    def validate_ext_persistence_pw(self, data, **kwargs):
-        err = {}
-        scope_attr_map = [
-            ("sql", "sql_pw"),
-            ("couchbase", "couchbase_pw"),
-        ]
-
-        for scope, attr in scope_attr_map:
-            # note we don't enforce custom password validation as cloud-based
-            # databases may use password that not conform to our policy
-            # hence we simply check for empty password only
-            if scope in data["optional_scopes"] and data[attr] == "":
-                err[attr] = ["Empty password isn't allowed"]
-
-        if err:
-            raise ValidationError(err)
-
-    @validates("salt")
-    def validate_salt(self, value):
-        if value and len(value) != 24:
-            raise ValidationError("Length must be 24.")
-
-        if value and not value.isalnum():
-            raise ValidationError("Only alphanumeric characters are allowed")
-
-
-def params_from_file(path):
-    out = {}
-    err = {}
-    code = 0
-
-    try:
-        with open(path) as f:
-            docs = json.loads(f.read())
-    except (IOError, ValueError) as exc:
-        err = exc
-        code = 1
-        return out, err, code
-
-    try:
-        out = ParamSchema().load(docs)
-    except ValidationError as exc:
-        err = exc.messages
-        code = 1
-    return out, err, code
diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile
index ca2127a3283..34c46cb420f 100644
--- a/docker-jans-fido2/Dockerfile
+++ b/docker-jans-fido2/Dockerfile
@@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)
diff --git a/docker-jans-kc-scheduler/Dockerfile b/docker-jans-kc-scheduler/Dockerfile
index 9fe2dca869f..e6923e03ec8 100644
--- a/docker-jans-kc-scheduler/Dockerfile
+++ b/docker-jans-kc-scheduler/Dockerfile
@@ -38,7 +38,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/codehaus/janino/janino/3.1.9/jani
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets
diff --git a/docker-jans-keycloak-link/Dockerfile b/docker-jans-keycloak-link/Dockerfile
index 12a049dd1ce..78947acda49 100644
--- a/docker-jans-keycloak-link/Dockerfile
+++ b/docker-jans-keycloak-link/Dockerfile
@@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-keycloak-link/webapps \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)
diff --git a/docker-jans-link/Dockerfile b/docker-jans-link/Dockerfile
index 3d2634495dc..1f0aa8f474f 100644
--- a/docker-jans-link/Dockerfile
+++ b/docker-jans-link/Dockerfile
@@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-link/webapps \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)
diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile
index a14b0a0a494..4fb59653144 100644
--- a/docker-jans-persistence-loader/Dockerfile
+++ b/docker-jans-persistence-loader/Dockerfile
@@ -16,7 +16,7 @@ RUN apk update \
 # ===========
 
 # janssenproject/jans SHA commit
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog
 ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources
diff --git a/docker-jans-persistence-loader/scripts/utils.py b/docker-jans-persistence-loader/scripts/utils.py
index cc29ba722e2..bf01ba0b212 100644
--- a/docker-jans-persistence-loader/scripts/utils.py
+++ b/docker-jans-persistence-loader/scripts/utils.py
@@ -50,7 +50,7 @@ def get_jackrabbit_rmi_url():
 
 
 def get_base_ctx(manager):
-    redis_pw = manager.secret.get("redis_pw") or ""
+    redis_pw = manager.secret.get("redis_password") or ""
     redis_pw_encoded = ""
 
     if redis_pw:
diff --git a/docker-jans-saml/Dockerfile b/docker-jans-saml/Dockerfile
index 396af50f979..e511a1bb6d9 100644
--- a/docker-jans-saml/Dockerfile
+++ b/docker-jans-saml/Dockerfile
@@ -35,7 +35,7 @@ RUN wget -q https://jenkins.jans.io/maven/io/jans/kc-jans-spi/${CN_VERSION}/kc-j
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)
diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile
index c6ba1843021..8a7e11eb1c8 100644
--- a/docker-jans-scim/Dockerfile
+++ b/docker-jans-scim/Dockerfile
@@ -60,7 +60,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-scim/webapps \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=cc79f2b4c65b1e4361b6b790b576992866a21b8d
+ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources
 
diff --git a/docs/admin/reference/kubernetes/docker-jans-configurator.md b/docs/admin/reference/kubernetes/docker-jans-configurator.md
index 0bcf76453c0..011e3ac1589 100644
--- a/docs/admin/reference/kubernetes/docker-jans-configurator.md
+++ b/docs/admin/reference/kubernetes/docker-jans-configurator.md
@@ -8,7 +8,7 @@ tags:
 
 ## Overview
 
-Configuration manager is a special container used to load (generate/restore) and dump (backup) the configuration and secrets.
+Configurator is a tool to load (generate/restore) and/or dump (backup) the configuration (consists of configmaps and secrets).
 
 ## Versions
 
@@ -72,52 +72,62 @@ The following commands are supported by the container:
 
 ### load
 
-The load command can be used either to generate or restore config and secret for the cluster.
+The load command can be used either to generate/restore configmaps and secrets for the cluster.
+
+For fresh installation, generate the initial configuration by creating `/path/to/host/volume/configuration.json` similar to example below:
 
-For fresh installation, generate the initial configuration and secret by creating `/path/to/host/volume/generate.json` similar to example below:
 ```json
 {
-    "hostname": "demoexample.jans.io",
-    "country_code": "US",
-    "state": "TX",
-    "city": "Austin",
-    "admin_pw": "S3cr3t+pass",
-    "ldap_pw": "S3cr3t+pass",
-    "email": "s@jans.io",
-    "org_name": "Gluu Inc."
+    "_configmap": {
+        "hostname": "demoexample.jans.io",
+        "country_code": "US",
+        "state": "TX",
+        "city": "Austin",
+        "admin_email": "s@jans.io",
+        "orgName": "Gluu Inc."
+    },
+    "_secret": {
+        "admin_password": "S3cr3t+pass",
+        "ldap_password": "S3cr3t+pass"
+    }
 }
 ```
 
-**NOTE**: `generate.json` has optional attributes as seen below.
+**NOTE**: `configuration.json` has optional attributes as seen below.
 
-- `auth_sig_keys`: space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`)
-- `auth_enc_keys`: space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`)
-- `optional_scopes`: list of scopes that will be used (supported scopes are `ldap`, `scim`, `fido2`, `couchbase`, `redis`, `sql`, `casa`; default to empty list)
-- `ldap_pw`: user's password to access LDAP database (only used if `optional_scopes` list contains `ldap` scope)
-- `sql_pw`: user's password to access SQL database (only used if `optional_scopes` list contains `sql` scope)
-- `couchbase_pw`: user's password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
-- `couchbase_superuser_pw`: superusers password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
-- `salt`: user-defined salt (24 characters length); if omitted, salt will be generated automatically
-- `init_keys_exp`: the initial keys expiration time in hours (default to `48`; extra 1 hour will be added for hard limit)
+1.  `_configmap`:
 
-Example of generating `salt` value:
+    - `auth_sig_keys`: space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`)
+    - `auth_enc_keys`: space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`)
+    - `optional_scopes`: list of optional scopes (as JSON string) that will be used (supported scopes are `ldap`, `couchbase`, `redis`, `sql`; default to empty list)
+    - `init_keys_exp`: the initial keys expiration time in hours (default to `48`; extra 1 hour will be added for hard limit)
 
-```
-# using shell script
-cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 24 | head -n 1
-# output: NFAG5g4R0NSkAZXHL8t2DScL
+2.  `_secret`:
 
-# using python oneliner
-python -c 'import random, string; print("".join(random.choices(string.ascii_letters + string.digits, k=24)))'
-# ouput: HsPzqiPkRzNySWlOVui8Ilmw
-```
+    - `ldap_password`: user's password to access LDAP database (only used if `optional_scopes` list contains `ldap` scope)
+    - `sql_password`: user's password to access SQL database (only used if `optional_scopes` list contains `sql` scope)
+    - `couchbase_password`: user's password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
+    - `couchbase_superuser_password`: superusers password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
+    - `encoded_salt`: user-defined salt (24 characters length); if omitted, salt will be generated automatically
 
-To generate initial config and secrets:
+    Example of generating `encoded_salt` value:
 
-1.  Create config map `config-generate-params` to store the contents of `generate.json`
+    ```
+    # using shell script
+    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 24 | head -n 1
+    # output: NFAG5g4R0NSkAZXHL8t2DScL
+
+    # using python oneliner
+    python -c 'import random, string; print("".join(random.choices(string.ascii_letters + string.digits, k=24)))'
+    # ouput: HsPzqiPkRzNySWlOVui8Ilmw
+    ```
+
+To generate initial configmaps and secrets:
+
+1.  Create config map `config-generate-params` to store the contents of `configuration.json`
 
     ```sh
-    kubectl create cm config-generate-params --from-file=generate.json
+    kubectl create cm config-generate-params --from-file=configuration.json
     ```
 
 1.  Mount the configmap into container and apply the yaml:
@@ -139,22 +149,23 @@ To generate initial config and secrets:
             - name: configurator-load
               image: ghcr.io/janssenproject/jans/configurator:1.1.4_dev
               volumeMounts:
-                - mountPath: /app/db/generate.json
+                - mountPath: /app/db/configuration.json
                   name: config-generate-params
-                  subPath: generate.json
+                  subPath: configuration.json
               envFrom:
               - configMapRef:
                   name: config-cm
               args: ["load"]
     ```
 
-To restore configuration and secrets from a backup of `/path/to/host/volume/config.json` and `/path/to/host/volume/secret.json`: mount the directory as `/app/db` inside the container:
+A successful `load` command will dump the pre-populated configuration into `/app/db/configuration.out.json`.
+
+To restore configuration from `configuration.out.json` file:
 
-1.  Create config map `config-params` and `secret-params`:
+1.  Create config map `config-dump-params`:
 
     ```sh
-    kubectl create cm config-params --from-file=config.json
-    kubectl create cm secret-params --from-file=secret.json
+    kubectl create cm config-dump-params --from-file=configuration.out.json
     ```
 
 2.  Mount the configmap into container and apply the yaml:
@@ -169,32 +180,25 @@ To restore configuration and secrets from a backup of `/path/to/host/volume/conf
         spec:
           restartPolicy: Never
           volumes:
-            - name: config-params
+            - name: config-dump-params
               configMap:
-                name: config-params
-               - name: secret-params
-              configMap:
-                name: secret-params
+                name: config-dump-params
           containers:
             - name: configurator-load
               image: ghcr.io/janssenproject/jans/configurator:1.1.4_dev
               volumeMounts:
-                - mountPath: /app/db/config.json
-                  name: config-params
-                  subPath: config.json
-                - mountPath: /app/db/secret.json
-                  name: secret-params
-                  subPath: secret.json
+                - mountPath: /app/db/configuration.out.json
+                  name: config-dump-params
+                  subPath: configuration.out.json
               envFrom:
               - configMapRef:
                   name: config-cm
               args: ["load"]
     ```
 
-
 ### dump
 
-The dump command will dump all configuration and secrets from the backends saved into the `/app/db/config.json` and `/app/db/secret.json` files.
+The dump command will dump all configuration from the backends saved into the `/app/db/configuration.out.json` file.
 
 ```yaml
 apiVersion: batch/v1
@@ -221,4 +225,4 @@ spec:
 
 Copy over the files to host
 
-`kubectl cp config-init-load-job:/app/db .`
+`kubectl cp configurator-dump-job:/app/db .`

From 634e380d76217f1b7694631520fa33e2e0fbc8de Mon Sep 17 00:00:00 2001
From: Adam Albright <aalbright425@gmail.com>
Date: Thu, 25 Jul 2024 04:29:09 -0400
Subject: [PATCH 12/43] docs: correct typos in scim docs (#9013)

* docs: correct typos in scim docs

* docs: correct typos in scim docs

Signed-off-by: Rehket <aalbright425@gmail.com>

---------

Signed-off-by: Rehket <aalbright425@gmail.com>
Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>
---
 docs/admin/scim/README.md            | 8 ++++----
 docs/admin/scim/bulk-users.md        | 3 +--
 docs/admin/scim/custom-attributes.md | 4 ++--
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/docs/admin/scim/README.md b/docs/admin/scim/README.md
index 5e2c9c38eaa..bf7d6487461 100644
--- a/docs/admin/scim/README.md
+++ b/docs/admin/scim/README.md
@@ -6,10 +6,10 @@ tags:
 
 # Overview
 
-**S**ystem for **C**ross-domain **I**dentity **M**anagement, in short **SCIM**, is a specification that simplifies the exchange of user identity information across different domains. The Janssen Server provides implementation for the SCIM specification.
+**S**ystem for **C**ross-domain **I**dentity **M**anagement, in short **SCIM**, is a specification that simplifies the exchange of user identity information across different domains. The Janssen Server provides an implementation for the SCIM specification.
 
-The specification defines reference schemas for users and groups along with REST API to manage them. For more details, refer to the current version of the specification that is governed by the following documents: [RFC 7642](https://tools.ietf.org/html/rfc7642), [RFC 7643](https://tools.ietf.org/html/rfc7643), and [RFC 7644](https://tools.ietf.org/html/rfc7644).
+The specification defines reference schemas for users and groups along with REST API to manage them. For more details, refer to the current version of the specification governed by the following documents: [RFC 7642](https://tools.ietf.org/html/rfc7642), [RFC 7643](https://tools.ietf.org/html/rfc7643), and [RFC 7644](https://tools.ietf.org/html/rfc7644).
 
-Developers can think of **SCIM** merely as a **REST API** with endpoints exposing **CRUD** functionality (create, read, update and delete).
+Developers can think of **SCIM** merely as a **REST API** with endpoints exposing **CRUD** functionality (create, read, update, and delete).
 
-This section covers how to configure, protect and monitor the Janssen Server SCIM module and its APIs.
+This section covers how to configure, protect, and monitor the Janssen Server SCIM module and its APIs.
diff --git a/docs/admin/scim/bulk-users.md b/docs/admin/scim/bulk-users.md
index 2acd34992ae..9e678023f7f 100644
--- a/docs/admin/scim/bulk-users.md
+++ b/docs/admin/scim/bulk-users.md
@@ -70,10 +70,9 @@ An operation is a JSON document with the following:
     }
   ]
 }
-}
 ```
 
-The above paylod illustrates how to insert three users with different details each.
+The above payload illustrates how to insert three users with different details each.
 
 ## Bulk response
 
diff --git a/docs/admin/scim/custom-attributes.md b/docs/admin/scim/custom-attributes.md
index 4bd64165a6e..120a9cd4249 100644
--- a/docs/admin/scim/custom-attributes.md
+++ b/docs/admin/scim/custom-attributes.md
@@ -13,7 +13,7 @@ Although the schema covers many attributes one might think of, at times you will
 
 * Add an attribute to LDAP schema
 
-* Include the new attribute in an LDAP's objectclass such as jansPerson
+* Include the new attribute in an LDAP's object class such as jansPerson
 
 * Register and activate your new attribute through **Jans TUI**.
 
@@ -39,7 +39,7 @@ To customize the URI associated to the extension (whose default value is `urn:ie
 * Set a value in the field `User Extension Schema URI`
 * Save the changes
 
-![scim-extention](https://github.com/JanssenProject/jans/assets/43112579/fb5b9d5c-8b17-4be0-af6c-d36389de82d2)
+![scim-extension](https://github.com/JanssenProject/jans/assets/43112579/fb5b9d5c-8b17-4be0-af6c-d36389de82d2)
 
 
 

From f4c9e0b8a23a32e97328ed35cf9ea393487db330 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Thu, 25 Jul 2024 12:40:16 +0300
Subject: [PATCH 13/43] ci: fix doc check (#9022)

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>
---
 .github/workflows/documenation_check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/documenation_check.yml b/.github/workflows/documenation_check.yml
index f2c8aafbd12..642d4e84e64 100644
--- a/.github/workflows/documenation_check.yml
+++ b/.github/workflows/documenation_check.yml
@@ -41,7 +41,7 @@ jobs:
         run: |
           PULL_NUMBER=${{ github.event.pull_request.number }}
           echo "Parsing commits from PR $PULL_NUMBER"
-          MESSAGE=$(gh pr view "$PULL_NUMBER" --json commits | jq '.' | grep "messageHeadline" | cut -d: -f2- | grep "^docs" || echo "")
+          MESSAGE=$(gh pr view "$PULL_NUMBER" --json commits | jq -r '.commits[].messageHeadline' | grep "^docs" || echo "")
           echo "$MESSAGE"
           if [[ -z "$MESSAGE" ]]; then
             echo "conventional commit starting with docs: does not exist. Checking if user confirmed no impact on docs in PR body"

From 93571285c31d70878e6647f9f70ad682255e8336 Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Thu, 25 Jul 2024 17:02:27 +0700
Subject: [PATCH 14/43] fix(cloud-native): remove oxauth variable naming inside
 templates (#9027)

Signed-off-by: iromli <isman.firmansyah@gmail.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
---
 docker-jans-all-in-one/Dockerfile               |  2 +-
 docker-jans-persistence-loader/Dockerfile       |  2 +-
 docker-jans-persistence-loader/scripts/hooks.py |  2 +-
 docker-jans-persistence-loader/scripts/utils.py | 10 +++++-----
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile
index 5f28014af27..1f4b6b25526 100644
--- a/docker-jans-all-in-one/Dockerfile
+++ b/docker-jans-all-in-one/Dockerfile
@@ -58,7 +58,7 @@ RUN apk update \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
+ENV JANS_SOURCE_VERSION=1bde1316a3abc8f4e48462d0a2670db901c70aca
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets
diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile
index 4fb59653144..dac9f3f4dc9 100644
--- a/docker-jans-persistence-loader/Dockerfile
+++ b/docker-jans-persistence-loader/Dockerfile
@@ -16,7 +16,7 @@ RUN apk update \
 # ===========
 
 # janssenproject/jans SHA commit
-ENV JANS_SOURCE_VERSION=0538d19e269bb26ddbd81c7971251d6375d389c3
+ENV JANS_SOURCE_VERSION=1bde1316a3abc8f4e48462d0a2670db901c70aca
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog
 ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources
diff --git a/docker-jans-persistence-loader/scripts/hooks.py b/docker-jans-persistence-loader/scripts/hooks.py
index 9584e8bbf4e..1ac02d6f81c 100644
--- a/docker-jans-persistence-loader/scripts/hooks.py
+++ b/docker-jans-persistence-loader/scripts/hooks.py
@@ -13,7 +13,7 @@
 
 def merge_auth_keystore_ctx_hook(manager, ctx: dict[str, _t.Any]) -> dict[str, _t.Any]:
     # maintain compatibility with upstream template
-    ctx["oxauth_openid_jks_fn"] = manager.config.get("auth_openid_jks_fn")
+    ctx["jans_auth_openid_jks_fn"] = manager.config.get("auth_openid_jks_fn")
     return ctx
 
 
diff --git a/docker-jans-persistence-loader/scripts/utils.py b/docker-jans-persistence-loader/scripts/utils.py
index bf01ba0b212..a69c217208f 100644
--- a/docker-jans-persistence-loader/scripts/utils.py
+++ b/docker-jans-persistence-loader/scripts/utils.py
@@ -104,7 +104,7 @@ def get_base_ctx(manager):
         'hostname': manager.config.get('hostname'),
         'idp_client_id': manager.config.get('idp_client_id'),
         'idpClient_encoded_pw': manager.secret.get('idpClient_encoded_pw'),
-        'oxauth_openid_key_base64': manager.secret.get('auth_openid_key_base64'),
+        'jans_auth_openid_key_base64': manager.secret.get('auth_openid_key_base64'),
         "encoded_admin_password": manager.secret.get('encoded_admin_password'),
 
         'admin_email': manager.config.get('admin_email'),
@@ -121,7 +121,7 @@ def get_base_ctx(manager):
         "pairwiseCalculationSalt": manager.secret.get("pairwiseCalculationSalt"),
         "default_openid_jks_dn_name": manager.config.get("default_openid_jks_dn_name"),
         # maintain compatibility with upstream template
-        "oxauth_openid_jks_pass": manager.secret.get("auth_openid_jks_pass"),
+        "jans_auth_openid_jks_pass": manager.secret.get("auth_openid_jks_pass"),
         "auth_legacyIdTokenClaims": manager.config.get("auth_legacyIdTokenClaims"),
         "auth_openidScopeBackwardCompatibility": manager.config.get("auth_openidScopeBackwardCompatibility"),
 
@@ -160,9 +160,9 @@ def merge_auth_ctx(ctx):
 
     basedir = '/app/templates/jans-auth'
     file_mappings = {
-        'oxauth_static_conf_base64': 'jans-auth-static-conf.json',
-        'oxauth_error_base64': 'jans-auth-errors.json',
-        "oxauth_config_base64": "jans-auth-config.json",
+        'jans_auth_static_conf_base64': 'jans-auth-static-conf.json',
+        'jans_auth_error_base64': 'jans-auth-errors.json',
+        "jans_auth_config_base64": "jans-auth-config.json",
     }
 
     for key, file_ in file_mappings.items():

From 1a3bd72293c59ad77220550a3e95a6974453b4c7 Mon Sep 17 00:00:00 2001
From: Amro Misbah <amromisba7@gmail.com>
Date: Thu, 25 Jul 2024 21:59:02 +0300
Subject: [PATCH 15/43] fix(charts): pass correct indentation (#9033)

---
 charts/janssen/charts/auth-server/templates/deployment.yml | 4 ++--
 charts/janssen/charts/fido2/templates/deployment.yml       | 4 ++--
 charts/janssen/charts/scim/templates/deployment.yml        | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/charts/janssen/charts/auth-server/templates/deployment.yml b/charts/janssen/charts/auth-server/templates/deployment.yml
index 1a5274221c2..810354541a0 100644
--- a/charts/janssen/charts/auth-server/templates/deployment.yml
+++ b/charts/janssen/charts/auth-server/templates/deployment.yml
@@ -48,8 +48,8 @@ spec:
         env:
           - name: CN_AUTH_JAVA_OPTIONS
             value: {{ include "auth-server.customJavaOptions" . | trim }}
-          {{- include "auth-server.usr-envs" . | indent 12 }}
-          {{- include "auth-server.usr-secret-envs" . | indent 12 }}
+          {{- include "auth-server.usr-envs" . | indent 10 }}
+          {{- include "auth-server.usr-secret-envs" . | indent 10 }}
         securityContext:
           runAsUser: 1000
           runAsNonRoot: true
diff --git a/charts/janssen/charts/fido2/templates/deployment.yml b/charts/janssen/charts/fido2/templates/deployment.yml
index e7849ac2a3d..8f861fce7df 100644
--- a/charts/janssen/charts/fido2/templates/deployment.yml
+++ b/charts/janssen/charts/fido2/templates/deployment.yml
@@ -51,8 +51,8 @@ spec:
         env:
           - name: CN_FIDO2_JAVA_OPTIONS
             value: {{ include "fido2.customJavaOptions" . | trim }}
-          {{- include "fido2.usr-envs" . | indent 12 }}
-          {{- include "fido2.usr-secret-envs" . | indent 12 }}
+          {{- include "fido2.usr-envs" . | indent 10 }}
+          {{- include "fido2.usr-secret-envs" . | indent 10 }}
         {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }}
         command:
           - /bin/sh
diff --git a/charts/janssen/charts/scim/templates/deployment.yml b/charts/janssen/charts/scim/templates/deployment.yml
index 63d3512e28a..9fabcbc80e8 100644
--- a/charts/janssen/charts/scim/templates/deployment.yml
+++ b/charts/janssen/charts/scim/templates/deployment.yml
@@ -51,8 +51,8 @@ spec:
         env:
           - name: CN_SCIM_JAVA_OPTIONS
             value: {{ include "scim.customJavaOptions" . | trim }}
-          {{- include "scim.usr-envs" . | indent 12 }}
-          {{- include "scim.usr-secret-envs" . | indent 12 }}
+          {{- include "scim.usr-envs" . | indent 10 }}
+          {{- include "scim.usr-secret-envs" . | indent 10 }}
         {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }}
         command:
           - /bin/sh

From 3b635fe04dd1cfa82c0e8a34a41cac0658791c5f Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Fri, 26 Jul 2024 02:01:47 +0700
Subject: [PATCH 16/43] feat(cloud-native): import SSL cert of internal proxy
 service (#9029)

* feat(cloud-native): import SSL cert of internal proxy service

Signed-off-by: iromli <isman.firmansyah@gmail.com>

* docs(cloud-native): update docker-jans-config-api reference

Signed-off-by: iromli <isman.firmansyah@gmail.com>

---------

Signed-off-by: iromli <isman.firmansyah@gmail.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
---
 docker-jans-config-api/Dockerfile             |  2 +-
 docker-jans-config-api/README.md              |  3 +-
 docker-jans-config-api/scripts/bootstrap.py   |  8 ++--
 docker-jans-config-api/scripts/plugins.py     | 37 ++++++++++++++++++-
 .../kubernetes/docker-jans-config-api.md      |  3 +-
 5 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile
index f83e7b2ac72..4d214b4ad16 100644
--- a/docker-jans-config-api/Dockerfile
+++ b/docker-jans-config-api/Dockerfile
@@ -41,7 +41,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO
 # ==========
 
 ENV CN_VERSION=1.1.4-SNAPSHOT
-ENV CN_BUILD_DATE='2024-07-08 10:01'
+ENV CN_BUILD_DATE='2024-07-24 10:59'
 
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war
 
diff --git a/docker-jans-config-api/README.md b/docker-jans-config-api/README.md
index 101accbe53d..576682b65db 100644
--- a/docker-jans-config-api/README.md
+++ b/docker-jans-config-api/README.md
@@ -76,8 +76,8 @@ The following environment variables are supported by the container:
 - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID.
 - `CN_CONFIG_API_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details).
 - `CN_CONFIG_API_PLUGINS`: Comma-separated plugin names that should be enabled (available plugins are `admin-ui`, `scim`, `fido2`, `user-mgt`, `jans-link`, `kc-saml`, `kc-link`, `lock`). Note that unknown plugin name will be ignored.
+- `CN_TOKEN_SERVER_BASE_URL`: Base URL of token server (default to empty).
 - `CN_TOKEN_SERVER_CERT_FILE`: Path to token server certificate (default to `/etc/certs/token_server.crt`).
-- `CN_TOKEN_SERVER_BASE_HOSTNAME`: Hostname of token server (default to empty string).
 - `CN_ADMIN_UI_PLUGIN_LOGGERS`: Custom logging configuration for AdminUI plugin in JSON-string format with hash type (see [Configure plugin loggers](#configure-plugin-loggers) section for details).
 - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details.
 - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`).
@@ -215,4 +215,3 @@ i.e. `http://container:9093/metrics`.
 
 Note that Prometheus JMX exporter uses pre-defined config file (see `conf/prometheus-config.yaml`).
 To customize the config, mount custom config file to `/opt/prometheus/prometheus-config.yaml` inside the container.
-
diff --git a/docker-jans-config-api/scripts/bootstrap.py b/docker-jans-config-api/scripts/bootstrap.py
index f38312643f7..c78aaf97380 100644
--- a/docker-jans-config-api/scripts/bootstrap.py
+++ b/docker-jans-config-api/scripts/bootstrap.py
@@ -363,9 +363,11 @@ def ctx(self) -> dict[str, _t.Any]:
         hostname = self.manager.config.get("hostname")
         approved_issuer = [hostname]
 
-        token_server_hostname = os.environ.get("CN_TOKEN_SERVER_BASE_HOSTNAME")
-        if token_server_hostname and token_server_hostname not in approved_issuer:
-            approved_issuer.append(token_server_hostname)
+        if token_server_url := os.environ.get("CN_TOKEN_SERVER_BASE_URL"):
+            token_server_hostname = urlparse(token_server_url).hostname
+
+            if token_server_hostname and token_server_hostname not in approved_issuer:
+                approved_issuer.append(token_server_hostname)
 
         ctx = {
             "hostname": hostname,
diff --git a/docker-jans-config-api/scripts/plugins.py b/docker-jans-config-api/scripts/plugins.py
index dd7e954fe27..7959cf5eaa1 100644
--- a/docker-jans-config-api/scripts/plugins.py
+++ b/docker-jans-config-api/scripts/plugins.py
@@ -1,8 +1,10 @@
 import logging.config
 import os
 import shutil
+from urllib.parse import urlparse
 
 from jans.pycloudlib.utils import cert_to_truststore
+from jans.pycloudlib.utils import get_server_certificate
 
 from settings import LOGGING_CONFIG
 
@@ -61,8 +63,16 @@ def setup(self):
 
     def import_token_server_cert(self):
         cert_file = os.environ.get("CN_TOKEN_SERVER_CERT_FILE", "/etc/certs/token_server.crt")
+
         if not os.path.isfile(cert_file):
-            self.manager.secret.to_file("ssl_cert", cert_file)
+            # check if token server is not the fqdn
+            base_url = os.environ.get("CN_TOKEN_SERVER_BASE_URL")
+
+            if base_url:
+                # download from given URL
+                self.pull_token_server_cert(base_url, cert_file)
+            else:
+                self.manager.secret.to_file("ssl_cert", cert_file)
 
         cert_to_truststore(
             "token_server",
@@ -70,3 +80,28 @@ def import_token_server_cert(self):
             "/opt/java/lib/security/cacerts",
             "changeit",
         )
+
+    def pull_token_server_cert(self, base_url, cert_file):
+        logger.info(f"Downloading certificate from {base_url}")
+
+        parsed_url = urlparse(base_url)
+        host = parsed_url.hostname
+        port = parsed_url.port
+
+        # port might not be defined in the given URL
+        if not port:
+            # resolve port as last segment of netloc
+            port = parsed_url.netloc.split(":")[-1]
+
+            # possible edge-cases while parsing netloc:
+            #
+            # - empty port, e.g. `localhost:`
+            # - missing port, e.g. `localhost`
+            if (not port or port == host):
+                if parsed_url.scheme == "https":
+                    port = 443
+                else:
+                    port = 80
+
+        # download the cert (if possible)
+        get_server_certificate(host, port, cert_file)
diff --git a/docs/admin/reference/kubernetes/docker-jans-config-api.md b/docs/admin/reference/kubernetes/docker-jans-config-api.md
index 101accbe53d..576682b65db 100644
--- a/docs/admin/reference/kubernetes/docker-jans-config-api.md
+++ b/docs/admin/reference/kubernetes/docker-jans-config-api.md
@@ -76,8 +76,8 @@ The following environment variables are supported by the container:
 - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID.
 - `CN_CONFIG_API_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details).
 - `CN_CONFIG_API_PLUGINS`: Comma-separated plugin names that should be enabled (available plugins are `admin-ui`, `scim`, `fido2`, `user-mgt`, `jans-link`, `kc-saml`, `kc-link`, `lock`). Note that unknown plugin name will be ignored.
+- `CN_TOKEN_SERVER_BASE_URL`: Base URL of token server (default to empty).
 - `CN_TOKEN_SERVER_CERT_FILE`: Path to token server certificate (default to `/etc/certs/token_server.crt`).
-- `CN_TOKEN_SERVER_BASE_HOSTNAME`: Hostname of token server (default to empty string).
 - `CN_ADMIN_UI_PLUGIN_LOGGERS`: Custom logging configuration for AdminUI plugin in JSON-string format with hash type (see [Configure plugin loggers](#configure-plugin-loggers) section for details).
 - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details.
 - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`).
@@ -215,4 +215,3 @@ i.e. `http://container:9093/metrics`.
 
 Note that Prometheus JMX exporter uses pre-defined config file (see `conf/prometheus-config.yaml`).
 To customize the config, mount custom config file to `/opt/prometheus/prometheus-config.yaml` inside the container.
-

From 16b2c3f5d6905cf1f78616d4aacaea95dfd18e91 Mon Sep 17 00:00:00 2001
From: Michael Schwartz <mike@gluu.org>
Date: Thu, 25 Jul 2024 15:10:56 -0500
Subject: [PATCH 17/43] docs: Cedarling Overview edits for readability. (#9030)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Michael Schwartz

Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
---
 docs/admin/lock/cedarling.md | 50 ++++++++++++++++++------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/docs/admin/lock/cedarling.md b/docs/admin/lock/cedarling.md
index 4cc077db0fa..8c87b260bb5 100644
--- a/docs/admin/lock/cedarling.md
+++ b/docs/admin/lock/cedarling.md
@@ -9,13 +9,15 @@ tags:
 
 ## Cedarling Authorization
 
-The Cedarling is a local, autonomous Policy Decision Point, or "PDP". It runs as a local 
-WebAssembly ("WASM") component--you can call it directly in the browser from a JavaScript 
-function. It can also run as a cloud function to provide authorization for server-side apps. 
-With each authorization call, the Cedarling has all the policies and data it 
-needs to make a fast, local decision. The Cedarling's authorization function is *deterministic*.
-The Cedarling always returns either `permit` or `forbid`. You will never get an error 
-indicating a network timeout, or a divide by zero error. It is also very fast.
+The Cedarling, as its name suggests, enables you to define the security rules for your application 
+in [Cedar](https://www.cedarpolicy.com/en) policy syntax.
+
+The Cedarling is a local, autonomous Policy Decision Point, or "PDP", distributed as a 
+WebAssembly ("WASM") component.  WASM components can run directly in the browser or in a cloud 
+function. The Cedarling's main job is to `permit` or `forbid` requests based on enterprise-approved 
+policies. The input to the policies are JWT tokens (which provides the Principal), the requested 
+Action and Resource. The Cedarling rapidly evaluates authorization requests because it has all the 
+policies and data it needs to make a local decision. 
 
 ![](../../assets/lock-cedarling-diagram-1.jpg)
 
@@ -29,25 +31,22 @@ enterprise deployment, this audit log is sent for central archiving.
 
 Where does the Cedarling get the data for policy evaluation? The data is contained in the 
 authorization request itself which has the OAuth and OpenID JWTs and details about the resource 
-and requested action. Most modern applications rely on a federated identity provider or "IDP". 
-Leveraing the JWT tokens to identify the person and software making the request
+and requested action.
 
 ![](../../assets/lock-cedarling-diagram-2.jpg)
 
 Two JWT tokens in particular are typical: (1) an OpenID Connect id_token and (2) an OAuth access 
-token. The id_token represents a user authentication event, and the access token represents a 
+token. The id_token represents a user authentication event. The access token represents a 
 client authentication event. The Cedarling can trust the id_token and access token to extract the User, 
-Role and Client pricipals. The tokens also contain other interesting contextual data. An OpenID 
-Connect id_token JWT, as a record of an authentication event, tells you who authenticated, when 
-they authenticated, how they authenticatated, and other claims like the subject's Roles. An OAuth 
-Access Token JWT can tell you information about the software that obtained the JWT, its extent 
-of access as defined by the OAuth Authorization Server (*i.e.* the values of the `scope` claim), or 
-other claims--domains frequently enhance the access token to contain business specific data needed 
-for policy evaluation. If an OpenID Userinfo token is sent to the cedarling, it is combined with the
-id_token to paint a fuller picture of the User's claims. 
-
-The Cedarling, as its name suggests, enables you to define the security rules for your application 
-in [Cedar](https://www.cedarpolicy.com/en) policy syntax. Cedar was invented by Amazon for their 
+Role and Client Principals. These tokens also contain other interesting contextual data. An OpenID 
+Connect id_token JWT tells you who authenticated, when they authenticated, how they authenticatated, 
+and other claims like the User's roles. An OAuth Access Token JWT can tell you information about the 
+software that obtained the JWT, its extent of access as defined by the OAuth Authorization Server 
+(*i.e.* the values of the `scope` claim), or other claims--domains frequently enhance the access token to
+contain business specific data needed for policy evaluation. If an OpenID Userinfo token is sent to the 
+Cedarling, it is combined with the id_token to paint a fuller picture of the User's claims. 
+
+Cedar was invented by Amazon for their 
 [Verified Permission](https://aws.amazon.com/verified-permissions/) service. It uses the **PARC** 
 syntax: **P**rincipal, **A**ction, **R**esource, **C**ontext.  Principal-Action-Resource is typical
 for most authorization solutions. For example, you may have a policy that says *Admins* can *write*
@@ -55,10 +54,10 @@ to the *config* folder. In this example, the *Admin* Role is the Principal, *wri
 and the *config* folder is the Resource. The Context is used to specify information about the
 enivironment, like the time of day or network address.
 
-The Cedarling authorizes a person using a certain piece of software to do something. From 
-a logical perspective, `person_allowed AND client_allowed` must be `True`. While this seems pretty
-simple, a person may be either explicitly allowed, or have a role that enables access. For example, 
-`person_allowed` may be equal to `True` if `user=mike OR role=SuperUser`. 
+The Cedarling authorizes a person using a certain piece of software. From a logical perspective, 
+`person_allowed AND client_allowed` must be `True`. A person may be either explicitly allowed, or 
+have a role that enables access. For example, `person_allowed` is `True` if 
+`user=mike OR role=SuperUser`. 
 
 ![](../../assets/lock-cedarling-diagram-3.jpg)
 
@@ -70,6 +69,7 @@ input = {
            "access_token": "eyJhbGc....", 
            "id_token": "eyJjbGc...", 
            "userinfo_token": "eyJjbGc...",
+           "tx_token": "eyJjbGc...",
            "resource": {"Ticket": {"id": "12345", "creator": "foo@bar.com", "organization": "Acme"}},
            "action": "View",
            "context": {

From bb229b14e0a8d74c70f735a0e3941fe63d8f5e35 Mon Sep 17 00:00:00 2001
From: Safin Wasi <6601566+SafinWasi@users.noreply.github.com>
Date: Fri, 26 Jul 2024 01:58:57 -0500
Subject: [PATCH 18/43] docs(jans-lock): add default schema (#9020)

* docs(jans-lock): add default schema

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>

* docs(jans-lock): update names and location

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>

---------

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
---
 jans-lock/schema/cedarling_core_schema.json   | 384 ++++++++++++++++++
 jans-lock/schema/cedarling_core_schema.schema | 118 ++++++
 2 files changed, 502 insertions(+)
 create mode 100644 jans-lock/schema/cedarling_core_schema.json
 create mode 100644 jans-lock/schema/cedarling_core_schema.schema

diff --git a/jans-lock/schema/cedarling_core_schema.json b/jans-lock/schema/cedarling_core_schema.json
new file mode 100644
index 00000000000..83b69585589
--- /dev/null
+++ b/jans-lock/schema/cedarling_core_schema.json
@@ -0,0 +1,384 @@
+{
+    "Jans": {
+        "commonTypes": {
+            "email_address": {
+                "type": "Record",
+                "attributes": {
+                    "domain": {
+                        "type": "String"
+                    },
+                    "id": {
+                        "type": "String"
+                    }
+                }
+            },
+            "Context": {
+                "type": "Record",
+                "attributes": {
+                    "browser": {
+                        "type": "String"
+                    },
+                    "current_time": {
+                        "type": "Long"
+                    },
+                    "device_health": {
+                        "type": "Set",
+                        "element": {
+                            "type": "String"
+                        }
+                    },
+                    "fraud_indicators": {
+                        "type": "Set",
+                        "element": {
+                            "type": "String"
+                        }
+                    },
+                    "geolocation": {
+                        "type": "Set",
+                        "element": {
+                            "type": "String"
+                        }
+                    },
+                    "network": {
+                        "type": "Extension",
+                        "name": "ipaddr"
+                    },
+                    "network_type": {
+                        "type": "String"
+                    },
+                    "operating_system": {
+                        "type": "String"
+                    }
+                }
+            },
+            "Url": {
+                "type": "Record",
+                "attributes": {
+                    "host": {
+                        "type": "String"
+                    },
+                    "path": {
+                        "type": "String"
+                    },
+                    "protocol": {
+                        "type": "String"
+                    }
+                }
+            }
+        },
+        "entityTypes": {
+            "TrustedIssuer": {
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "issuer_entity_id": {
+                            "type": "Url"
+                        }
+                    }
+                }
+            },
+            "HTTP_Request": {
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "accept": {
+                            "type": "Set",
+                            "element": {
+                                "type": "String"
+                            }
+                        },
+                        "header": {
+                            "type": "Set",
+                            "element": {
+                                "type": "String"
+                            }
+                        },
+                        "url": {
+                            "type": "Url"
+                        }
+                    }
+                }
+            },
+            "Userinfo_token": {
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "aud": {
+                            "type": "String"
+                        },
+                        "birthdate": {
+                            "type": "String"
+                        },
+                        "email": {
+                            "type": "email_address"
+                        },
+                        "exp": {
+                            "type": "Long"
+                        },
+                        "iat": {
+                            "type": "Long"
+                        },
+                        "iss": {
+                            "type": "Entity",
+                            "name": "TrustedIssuer"
+                        },
+                        "jti": {
+                            "type": "String"
+                        },
+                        "name": {
+                            "type": "String"
+                        },
+                        "phone_number": {
+                            "type": "String"
+                        },
+                        "role": {
+                            "type": "Set",
+                            "element": {
+                                "type": "String"
+                            }
+                        },
+                        "sub": {
+                            "type": "String"
+                        }
+                    }
+                }
+            },
+            "id_token": {
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "acr": {
+                            "type": "Set",
+                            "element": {
+                                "type": "String"
+                            }
+                        },
+                        "amr": {
+                            "type": "String"
+                        },
+                        "aud": {
+                            "type": "String"
+                        },
+                        "azp": {
+                            "type": "String"
+                        },
+                        "birthdate": {
+                            "type": "String"
+                        },
+                        "email": {
+                            "type": "email_address"
+                        },
+                        "exp": {
+                            "type": "Long"
+                        },
+                        "iat": {
+                            "type": "Long"
+                        },
+                        "iss": {
+                            "type": "Entity",
+                            "name": "TrustedIssuer"
+                        },
+                        "jti": {
+                            "type": "String"
+                        },
+                        "name": {
+                            "type": "String"
+                        },
+                        "phone_number": {
+                            "type": "String"
+                        },
+                        "role": {
+                            "type": "Set",
+                            "element": {
+                                "type": "String"
+                            }
+                        },
+                        "sub": {
+                            "type": "String"
+                        }
+                    }
+                }
+            },
+            "Client": {
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "client_id": {
+                            "type": "String"
+                        },
+                        "iss": {
+                            "type": "Entity",
+                            "name": "TrustedIssuer"
+                        }
+                    }
+                }
+            },
+            "User": {
+                "memberOfTypes": [
+                    "Role"
+                ],
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "email": {
+                            "type": "email_address"
+                        },
+                        "phone_number": {
+                            "type": "String"
+                        },
+                        "role": {
+                            "type": "Set",
+                            "element": {
+                                "type": "String"
+                            }
+                        },
+                        "sub": {
+                            "type": "String"
+                        },
+                        "username": {
+                            "type": "String"
+                        }
+                    }
+                }
+            },
+            "Access_token": {
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "aud": {
+                            "type": "String"
+                        },
+                        "exp": {
+                            "type": "Long"
+                        },
+                        "iat": {
+                            "type": "Long"
+                        },
+                        "iss": {
+                            "type": "Entity",
+                            "name": "TrustedIssuer"
+                        },
+                        "jti": {
+                            "type": "String"
+                        },
+                        "nbf": {
+                            "type": "Long"
+                        },
+                        "scope": {
+                            "type": "String"
+                        }
+                    }
+                }
+            },
+            "Role": {},
+            "Application": {
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "client": {
+                            "type": "Entity",
+                            "name": "Client"
+                        },
+                        "name": {
+                            "type": "String"
+                        }
+                    }
+                }
+            }
+        },
+        "actions": {
+            "HEAD": {
+                "appliesTo": {
+                    "resourceTypes": [
+                        "HTTP_Request"
+                    ],
+                    "principalTypes": [
+                        "Client"
+                    ],
+                    "context": {
+                        "type": "Context"
+                    }
+                }
+            },
+            "Access": {
+                "appliesTo": {
+                    "resourceTypes": [
+                        "Application"
+                    ],
+                    "principalTypes": [
+                        "User",
+                        "Role"
+                    ],
+                    "context": {
+                        "type": "Context"
+                    }
+                }
+            },
+            "GET": {
+                "appliesTo": {
+                    "resourceTypes": [
+                        "HTTP_Request"
+                    ],
+                    "principalTypes": [
+                        "Client"
+                    ],
+                    "context": {
+                        "type": "Context"
+                    }
+                }
+            },
+            "PATCH": {
+                "appliesTo": {
+                    "resourceTypes": [
+                        "HTTP_Request"
+                    ],
+                    "principalTypes": [
+                        "Client"
+                    ],
+                    "context": {
+                        "type": "Context"
+                    }
+                }
+            },
+            "PUT": {
+                "appliesTo": {
+                    "resourceTypes": [
+                        "HTTP_Request"
+                    ],
+                    "principalTypes": [
+                        "Client"
+                    ],
+                    "context": {
+                        "type": "Context"
+                    }
+                }
+            },
+            "POST": {
+                "appliesTo": {
+                    "resourceTypes": [
+                        "HTTP_Request"
+                    ],
+                    "principalTypes": [
+                        "Client"
+                    ],
+                    "context": {
+                        "type": "Context"
+                    }
+                }
+            },
+            "DELETE": {
+                "appliesTo": {
+                    "resourceTypes": [
+                        "HTTP_Request"
+                    ],
+                    "principalTypes": [
+                        "Client"
+                    ],
+                    "context": {
+                        "type": "Context"
+                    }
+                }
+            }
+        }
+    }
+}
diff --git a/jans-lock/schema/cedarling_core_schema.schema b/jans-lock/schema/cedarling_core_schema.schema
new file mode 100644
index 00000000000..f7d37f85153
--- /dev/null
+++ b/jans-lock/schema/cedarling_core_schema.schema
@@ -0,0 +1,118 @@
+namespace Jans {
+    type Context = {
+            "network": ipaddr,
+            "network_type": String,
+            "browser": String, 
+            "operating_system": String,
+            "device_health": Set<String>,
+            "current_time": Long,
+            "geolocation": Set<String>,
+            "fraud_indicators": Set<String>,
+    };
+    type Url = {
+        "protocol": String,
+        "host": String,
+        "path": String,
+    };
+    type email_address = {
+        id: String, 
+        domain: String,
+    };
+    entity TrustedIssuer = {
+        "issuer_entity_id": Url,
+    };
+    entity Client  = {
+        "client_id": String,
+        "iss": TrustedIssuer,
+    };
+    entity HTTP_Request = {
+        "url": Url,
+        "header": Set<String>,
+        "accept": Set<String>,
+    };
+    entity Application = {
+        "name": String,
+        "client": Client,
+    };
+    entity Role;
+    entity User in [Role] {
+        "sub": String,
+        "username": String,
+        "email": email_address,
+        "phone_number": String,
+        "role": Set<String>,
+    };
+    entity Access_token  = {
+        "aud": String,
+        "exp": Long,
+        "iat": Long,
+        "iss": TrustedIssuer,
+        "jti": String,
+        "nbf": Long,
+        "scope": String,
+    };
+    entity id_token  = {
+        "acr": Set<String>,
+        "amr": String,
+        "aud": String,
+        "azp": String,
+        "birthdate": String,
+        "email": email_address,
+        "exp": Long,
+        "iat": Long,
+        "iss": TrustedIssuer,
+        "jti": String,        
+        "name": String,
+        "phone_number": String,
+        "role": Set<String>,
+        "sub": String,
+    };
+    entity Userinfo_token  = {
+        "aud": String,
+        "birthdate": String,
+        "email": email_address,
+        "exp": Long,
+        "iat": Long,
+        "iss": TrustedIssuer,
+        "jti": String,
+        "name": String,
+        "phone_number": String,
+        "role": Set<String>,
+        "sub": String,
+    };
+    action POST appliesTo {
+        principal: Client,
+        resource: HTTP_Request,
+        context: Context,
+    };
+    action GET appliesTo {
+        principal: Client,
+        resource: HTTP_Request,
+        context: Context,
+    };
+    action PUT appliesTo {
+        principal: Client,
+        resource: HTTP_Request,
+        context: Context,
+    };
+    action DELETE appliesTo {
+        principal: Client,
+        resource: HTTP_Request,
+        context: Context,
+    };
+    action HEAD appliesTo {
+        principal: Client,
+        resource: HTTP_Request,
+        context: Context,
+    };
+    action PATCH appliesTo {
+        principal: Client,
+        resource: HTTP_Request,
+        context: Context,
+    };
+    action Access appliesTo {
+        principal: [User, Role],
+        resource: Application,
+        context: Context,
+    };
+}

From 6f6ca6271453b9977ca8f02613ca627d6576cde0 Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Mon, 29 Jul 2024 11:25:54 +0300
Subject: [PATCH 19/43] fix(jans-linux-setup): client kc_saml_openid is trusted
 (#9041)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 .../jans_setup/setup_app/installers/jans_saml.py     |  4 +++-
 .../jans_setup/templates/jans-saml/clients.json      | 12 ++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
index 7aa056f4762..36b7340dd00 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
@@ -147,8 +147,10 @@ def create_clients(self):
                         grant_types=client_info['grant_types'],
                         authorization_methods=client_info['authorization_methods'],
                         application_type=client_info['application_type'],
-                        response_types=client_info['response_types']
+                        response_types=client_info['response_types'],
+                        trusted_client=client_info['trusted_client']
                         )
+
         self.dbUtils.import_ldif(client_ldif_fns)
 
     def install_keycloak(self):
diff --git a/jans-linux-setup/jans_setup/templates/jans-saml/clients.json b/jans-linux-setup/jans_setup/templates/jans-saml/clients.json
index ac09a77cefc..d95a90292ba 100644
--- a/jans-linux-setup/jans_setup/templates/jans-saml/clients.json
+++ b/jans-linux-setup/jans_setup/templates/jans-saml/clients.json
@@ -11,7 +11,8 @@
     "grant_types": ["client_credentials"],
     "authorization_methods": ["client_secret_basic", "client_secret_post"],
     "response_types": null,
-    "application_type": "web"
+    "application_type": "web",
+    "trusted_client": "false"
   },
   {
     "client_prefix": "2101.",
@@ -25,7 +26,8 @@
     "grant_types": ["authorization_code"],
     "authorization_methods": ["client_secret_basic"],
     "response_types": ["code", "token"],
-    "application_type": "native"
+    "application_type": "native",
+    "trusted_client": "true"
   },
   {
     "client_prefix": "2102.",
@@ -39,7 +41,8 @@
     "grant_types": ["client_credentials"],
     "authorization_methods": ["client_secret_basic"],
     "response_types": ["token"],
-    "application_type": "native"
+    "application_type": "native",
+    "trusted_client": "false"
   },
   {
     "client_prefix": "2103.",
@@ -53,6 +56,7 @@
     "grant_types": ["authorization_code"],
     "authorization_methods": ["client_secret_basic"],
     "response_types": ["code", "token"],
-    "application_type": "web"
+    "application_type": "web",
+    "trusted_client": "false"
   }
 ]

From 7df0c741735a6ee82942d71855150cd8f9126636 Mon Sep 17 00:00:00 2001
From: YuriyZ <yzabrovarniy@gmail.com>
Date: Mon, 29 Jul 2024 11:51:30 +0300
Subject: [PATCH 20/43] feat(jans-auth-server): introduced client
 authentication custom script (#9024)

* feat(jans-auth-server): introduce client authentication custom script #8081

Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

* feat(jans-auth-server): added external client authn context for custom script #8081

Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

* feat(jans-auth-server): added external client authn service #8081

Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

* feat(jans-auth-server): injected external client authn service into authentication filter #8081

Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

* feat(jans-auth-server): added client authn sample script #8081

Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

* doc(jans-auth-server): added documentation for new client authn custom script #8081

Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

---------

Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>
---
 docs/admin/auth-server/endpoints/token.md     |   2 +
 docs/admin/developer/scripts/client-authn.md  | 147 ++++++++++++++++++
 .../client_authn/ClientAuthn.java             |  93 +++++++++++
 .../as/server/auth/AuthenticationFilter.java  |  11 ++
 .../external/ExternalClientAuthnService.java  |  83 ++++++++++
 .../context/ExternalClientAuthnContext.java   |  59 +++++++
 .../model/custom/script/CustomScriptType.java |   3 +
 .../script/type/client/ClientAuthnType.java   |  17 ++
 .../type/client/DummyClientAuthnType.java     |  36 +++++
 mkdocs.yml                                    |   1 +
 10 files changed, 452 insertions(+)
 create mode 100644 docs/admin/developer/scripts/client-authn.md
 create mode 100644 docs/script-catalog/client_authn/ClientAuthn.java
 create mode 100644 jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalClientAuthnService.java
 create mode 100644 jans-auth-server/server/src/main/java/io/jans/as/server/service/external/context/ExternalClientAuthnContext.java
 create mode 100644 jans-core/script/src/main/java/io/jans/model/custom/script/type/client/ClientAuthnType.java
 create mode 100644 jans-core/script/src/main/java/io/jans/model/custom/script/type/client/DummyClientAuthnType.java

diff --git a/docs/admin/auth-server/endpoints/token.md b/docs/admin/auth-server/endpoints/token.md
index d15c281ec21..720cbadb123 100644
--- a/docs/admin/auth-server/endpoints/token.md
+++ b/docs/admin/auth-server/endpoints/token.md
@@ -113,6 +113,8 @@ authentication method listed below:
 Refer to [Client Authentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication) section of OpenID
 Connect core specification for more details on these authentication methods.
 
+AS provides ability to customer Client Authentication behavior via [Client Authentication custom script](../../../admin/developer/scripts/client-authn.md)
+
 Client can specify the default authentication method. To set default authentication method using
 [Janssen Text-based UI(TUI)](../../config-guide/config-tools/jans-tui/README.md),
 navigate via `Auth Server`->`Clients`->`Add Client`->`Basic`-> `Authn Method Token Endpoint`.
diff --git a/docs/admin/developer/scripts/client-authn.md b/docs/admin/developer/scripts/client-authn.md
new file mode 100644
index 00000000000..e477f62b425
--- /dev/null
+++ b/docs/admin/developer/scripts/client-authn.md
@@ -0,0 +1,147 @@
+---
+tags:
+  - administration
+  - developer
+  - scripts
+---
+
+# Client Authentication Custom Script
+
+## Overview
+
+AS support different types of client authentications such as :
+
+- client_secret_basic
+- client_secret_post
+- client_secret_jwt
+- private_key_jwt
+
+Sometimes it's convenient to customize default AS client authentication process. For this reason Client Authentication custom script was introduced. 
+
+If script successfully authenticated client, it should return it in `authenticateClient`. 
+If client is not returned then AS performs built-in authentication.
+
+## Interface
+The Client Authentication script implements the [ClientAuthnType](https://github.com/JanssenProject/jans/blob/main/jans-core/script/src/main/java/io/jans/model/custom/script/type/clientauthn/ClientAuthnType.java) interface. This extends methods from the base script type in addition to adding new methods:
+
+### Inherited Methods
+| Method header | Method description |
+|:-----|:------|
+| `def init(self, customScript, configurationAttributes)` | This method is only called once during the script initialization. It can be used for global script initialization, initiate objects etc |
+| `def destroy(self, configurationAttributes)` | This method is called once to destroy events. It can be used to free resource and objects created in the `init()` method |
+| `def getApiVersion(self, configurationAttributes, customScript)` | The getApiVersion method allows API changes in order to do transparent migration from an old script to a new API. Only include the customScript variable if the value for getApiVersion is greater than 10 |
+
+### New methods
+| Method header | Method description |
+|:-----|:------|
+|`def authenticateClient(self, context)`| Called when the request is received. |
+
+`authenticateClient` method returns authenticated `Client` object or null if authentication failed.
+
+
+### Objects
+| Object name | Object description |
+|:-----|:------|
+|`customScript`| The custom script object. [Reference](https://github.com/JanssenProject/jans/blob/main/jans-core/script/src/main/java/io/jans/model/custom/script/model/CustomScript.java) |
+|`context`| [Reference](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/context/ExternalClientAuthnContext.java) |
+
+
+## Sample script which demonstrates basic client authentication 
+
+### Script Type: Java
+
+```java
+import io.jans.as.common.model.registration.Client;
+import io.jans.as.model.config.Constants;
+import io.jans.as.server.service.ClientService;
+import io.jans.as.server.service.external.context.ExternalClientAuthnContext;
+import io.jans.as.server.service.token.TokenService;
+import io.jans.model.SimpleCustomProperty;
+import io.jans.model.custom.script.model.CustomScript;
+import io.jans.model.custom.script.type.client.ClientAuthnType;
+import io.jans.service.cdi.util.CdiUtil;
+import io.jans.service.custom.script.CustomScriptManager;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
+import java.util.Map;
+
+/**
+ * @author Yuriy Z
+ */
+public class ClientAuthn implements ClientAuthnType {
+
+    private static final Logger scriptLogger = LoggerFactory.getLogger(CustomScriptManager.class);
+
+    @Override
+    public Object authenticateClient(Object clientAuthnContext) {
+        final ExternalClientAuthnContext context = (ExternalClientAuthnContext) clientAuthnContext;
+
+        final HttpServletRequest request = context.getHttpRequest();
+        final HttpServletResponse response = context.getHttpResponse();
+
+        String authorization = request.getHeader(Constants.AUTHORIZATION);
+        if (!StringUtils.startsWith(authorization, "Basic")) {
+            context.sendUnauthorizedError();
+            return null;
+        }
+
+        TokenService tokenService = CdiUtil.bean(TokenService.class);
+        ClientService clientService = CdiUtil.bean(ClientService.class);
+
+        String base64Token = tokenService.getBasicToken(authorization);
+        String token = new String(Base64.decodeBase64(base64Token), StandardCharsets.UTF_8);
+
+        int delim = token.indexOf(":");
+
+        if (delim != -1) {
+            String clientId = URLDecoder.decode(token.substring(0, delim), StandardCharsets.UTF_8);
+            String clientSecret = URLDecoder.decode(token.substring(delim + 1), StandardCharsets.UTF_8);
+
+            final boolean authenticated = clientService.authenticate(clientId, clientSecret);
+            if (authenticated) {
+                final Client client = clientService.getClient(clientId);
+                scriptLogger.debug("Successfully performed basic client authentication, clientId: {}", clientId);
+                return client;
+            }
+        }
+
+        context.sendUnauthorizedError();
+        return null;
+    }
+
+    @Override
+    public boolean init(Map<String, SimpleCustomProperty> configurationAttributes) {
+        scriptLogger.info("Initialized ClientAuthn Java custom script.");
+        return true;
+    }
+
+    @Override
+    public boolean init(CustomScript customScript, Map<String, SimpleCustomProperty> configurationAttributes) {
+        scriptLogger.info("Initialized ClientAuthn Java custom script.");
+        return true;
+    }
+
+    @Override
+    public boolean destroy(Map<String, SimpleCustomProperty> configurationAttributes) {
+        scriptLogger.info("Destroyed ClientAuthn Java custom script.");
+        return false;
+    }
+
+    @Override
+    public int getApiVersion() {
+        return 11;
+    }
+}
+
+```
+
+
+## Sample Scripts
+- [ClientAuthentication](../../../script-catalog/client_authn/ClientAuthn.java)
diff --git a/docs/script-catalog/client_authn/ClientAuthn.java b/docs/script-catalog/client_authn/ClientAuthn.java
new file mode 100644
index 00000000000..d8bd8c0fbad
--- /dev/null
+++ b/docs/script-catalog/client_authn/ClientAuthn.java
@@ -0,0 +1,93 @@
+/*
+ Copyright (c) 2024, Gluu
+ Author: Yuriy Z
+ */
+
+import io.jans.as.common.model.registration.Client;
+import io.jans.as.model.config.Constants;
+import io.jans.as.server.service.ClientService;
+import io.jans.as.server.service.external.context.ExternalClientAuthnContext;
+import io.jans.as.server.service.token.TokenService;
+import io.jans.model.SimpleCustomProperty;
+import io.jans.model.custom.script.model.CustomScript;
+import io.jans.model.custom.script.type.client.ClientAuthnType;
+import io.jans.service.cdi.util.CdiUtil;
+import io.jans.service.custom.script.CustomScriptManager;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
+import java.util.Map;
+
+/**
+ * @author Yuriy Z
+ */
+public class ClientAuthn implements ClientAuthnType {
+
+    private static final Logger scriptLogger = LoggerFactory.getLogger(CustomScriptManager.class);
+
+    @Override
+    public Object authenticateClient(Object clientAuthnContext) {
+        final ExternalClientAuthnContext context = (ExternalClientAuthnContext) clientAuthnContext;
+
+        final HttpServletRequest request = context.getHttpRequest();
+        final HttpServletResponse response = context.getHttpResponse();
+
+        String authorization = request.getHeader(Constants.AUTHORIZATION);
+        if (!StringUtils.startsWith(authorization, "Basic")) {
+            context.sendUnauthorizedError();
+            return null;
+        }
+
+        TokenService tokenService = CdiUtil.bean(TokenService.class);
+        ClientService clientService = CdiUtil.bean(ClientService.class);
+
+        String base64Token = tokenService.getBasicToken(authorization);
+        String token = new String(Base64.decodeBase64(base64Token), StandardCharsets.UTF_8);
+
+        int delim = token.indexOf(":");
+
+        if (delim != -1) {
+            String clientId = URLDecoder.decode(token.substring(0, delim), StandardCharsets.UTF_8);
+            String clientSecret = URLDecoder.decode(token.substring(delim + 1), StandardCharsets.UTF_8);
+
+            final boolean authenticated = clientService.authenticate(clientId, clientSecret);
+            if (authenticated) {
+                final Client client = clientService.getClient(clientId);
+                scriptLogger.debug("Successfully performed basic client authentication, clientId: {}", clientId);
+                return client;
+            }
+        }
+
+        context.sendUnauthorizedError();
+        return null;
+    }
+
+    @Override
+    public boolean init(Map<String, SimpleCustomProperty> configurationAttributes) {
+        scriptLogger.info("Initialized ClientAuthn Java custom script.");
+        return true;
+    }
+
+    @Override
+    public boolean init(CustomScript customScript, Map<String, SimpleCustomProperty> configurationAttributes) {
+        scriptLogger.info("Initialized ClientAuthn Java custom script.");
+        return true;
+    }
+
+    @Override
+    public boolean destroy(Map<String, SimpleCustomProperty> configurationAttributes) {
+        scriptLogger.info("Destroyed ClientAuthn Java custom script.");
+        return false;
+    }
+
+    @Override
+    public int getApiVersion() {
+        return 11;
+    }
+}
diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/auth/AuthenticationFilter.java b/jans-auth-server/server/src/main/java/io/jans/as/server/auth/AuthenticationFilter.java
index 0b51789292c..cb2393817ec 100644
--- a/jans-auth-server/server/src/main/java/io/jans/as/server/auth/AuthenticationFilter.java
+++ b/jans-auth-server/server/src/main/java/io/jans/as/server/auth/AuthenticationFilter.java
@@ -32,6 +32,7 @@
 import io.jans.as.server.model.token.ClientAssertion;
 import io.jans.as.server.model.token.HttpAuthTokenType;
 import io.jans.as.server.service.*;
+import io.jans.as.server.service.external.ExternalClientAuthnService;
 import io.jans.as.server.service.token.TokenService;
 import io.jans.as.server.token.ws.rs.TxTokenValidator;
 import io.jans.as.server.util.ServerUtil;
@@ -143,6 +144,9 @@ public class AuthenticationFilter implements Filter {
     @Inject
     private TxTokenValidator txTokenValidator;
 
+    @Inject
+    private ExternalClientAuthnService externalClientAuthnService;
+
     private String realm;
 
     @Override
@@ -166,6 +170,13 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
                 return;
             }
 
+            final Client client = externalClientAuthnService.externalAuthenticateClient(httpRequest, httpResponse);
+            if (client != null) {
+                log.debug("Client {} is authenticated by external script.", client.getClientId());
+                filterChain.doFilter(servletRequest, servletResponse);
+                return;
+            }
+
             boolean tokenEndpoint = requestUrl.endsWith("/token");
             boolean tokenRevocationEndpoint = requestUrl.endsWith("/revoke");
             boolean backchannelAuthenticationEnpoint = requestUrl.endsWith("/bc-authorize");
diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalClientAuthnService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalClientAuthnService.java
new file mode 100644
index 00000000000..4d99e32e51a
--- /dev/null
+++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalClientAuthnService.java
@@ -0,0 +1,83 @@
+package io.jans.as.server.service.external;
+
+import io.jans.as.common.model.registration.Client;
+import io.jans.as.server.auth.Authenticator;
+import io.jans.as.server.service.external.context.ExternalClientAuthnContext;
+import io.jans.model.custom.script.CustomScriptType;
+import io.jans.model.custom.script.conf.CustomScriptConfiguration;
+import io.jans.model.custom.script.type.client.ClientAuthnType;
+import io.jans.service.custom.script.ExternalScriptService;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import java.io.IOException;
+import java.util.List;
+
+/**
+ * Client Authentication service responsible for external script interaction.
+ *
+ * @author Yuriy Z
+ */
+@ApplicationScoped
+public class ExternalClientAuthnService extends ExternalScriptService {
+
+    @Inject
+    private Authenticator authenticator;
+
+    public ExternalClientAuthnService() {
+        super(CustomScriptType.CLIENT_AUTHN);
+    }
+
+    public Client externalAuthenticateClient(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException, ServletException {
+        final List<CustomScriptConfiguration> scripts = getCustomScriptConfigurations();
+        if (scripts == null || scripts.isEmpty()) {
+            log.trace("Unable to perform client authentication by custom script because there is no `client_authn` scripts.");
+            return null;
+        }
+
+        for (CustomScriptConfiguration script : scripts) {
+            final Client client = externalAuthenticateClient(script, servletRequest, servletResponse);
+            if (client != null) {
+                log.trace("Client {} authenticated successfully by custom script {}.", getClientId(client), script.getName());
+                return client;
+            }
+        }
+
+        log.trace("All `client_authn` scripts returned false.");
+        return null;
+    }
+
+    private Client externalAuthenticateClient(CustomScriptConfiguration customScript, HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
+
+        ClientAuthnType script = (ClientAuthnType) customScript.getExternalType();
+
+        log.trace("Executing external 'authenticateClient' method, script name: {}, requestParameters: {}",
+                customScript.getName(), servletRequest.getParameterMap());
+
+        ExternalClientAuthnContext context = new ExternalClientAuthnContext(servletRequest, servletResponse);
+
+        Client client = null;
+
+        try {
+            client = (Client) script.authenticateClient(context);
+            if (client != null) {
+                authenticator.configureSessionClient(client);
+            }
+        } catch (Exception e) {
+            log.error("Failed to run external 'authenticateClient' method of script " + customScript.getName(), e);
+            client = null;
+        }
+
+        log.trace("Executed external 'authenticateClient' method, client {}, script name: {}, requestParameters: {}",
+                getClientId(client), customScript.getName(), servletRequest.getParameterMap());
+        return client;
+    }
+
+
+    private static String getClientId(Client client) {
+        return client != null ? client.getClientId() : "null";
+    }
+}
diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/context/ExternalClientAuthnContext.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/context/ExternalClientAuthnContext.java
new file mode 100644
index 00000000000..f89b032ff51
--- /dev/null
+++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/context/ExternalClientAuthnContext.java
@@ -0,0 +1,59 @@
+package io.jans.as.server.service.external.context;
+
+import io.jans.as.model.config.Constants;
+import io.jans.as.model.error.ErrorResponseFactory;
+import io.jans.as.model.token.TokenErrorResponseType;
+import io.jans.service.cdi.util.CdiUtil;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.ws.rs.WebApplicationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * @author Yuriy Z
+ */
+public class ExternalClientAuthnContext extends ExternalScriptContext {
+
+    private static final Logger log = LoggerFactory.getLogger(ExternalClientAuthnContext.class);
+
+    private String realm = "jans-auth";
+
+    public ExternalClientAuthnContext(HttpServletRequest httpRequest, HttpServletResponse httpResponse) {
+        super(httpRequest, httpResponse);
+    }
+
+    public void sendUnauthorizedError() {
+        ErrorResponseFactory errorResponseFactory = CdiUtil.bean(ErrorResponseFactory.class);
+        try (PrintWriter out = httpResponse.getWriter()) {
+            httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            httpResponse.addHeader(Constants.WWW_AUTHENTICATE, "Basic realm=\"" + getRealm() + "\"");
+            httpResponse.setContentType(Constants.CONTENT_TYPE_APPLICATION_JSON_UTF_8);
+            out.write(errorResponseFactory.errorAsJson(TokenErrorResponseType.INVALID_CLIENT, "Unable to authenticate client."));
+        } catch (IOException ex) {
+            log.error(ex.getMessage(), ex);
+        }
+    }
+
+    public void sendResponse(HttpServletResponse httpResponse, WebApplicationException e) {
+        try (PrintWriter out = httpResponse.getWriter()) {
+            httpResponse.setStatus(e.getResponse().getStatus());
+            httpResponse.addHeader(Constants.WWW_AUTHENTICATE, "Basic realm=\"" + getRealm() + "\"");
+            httpResponse.setContentType(Constants.CONTENT_TYPE_APPLICATION_JSON_UTF_8);
+            out.write(e.getResponse().getEntity().toString());
+        } catch (IOException ex) {
+            log.error(ex.getMessage(), ex);
+        }
+    }
+
+    public String getRealm() {
+        return realm;
+    }
+
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+}
diff --git a/jans-core/script/src/main/java/io/jans/model/custom/script/CustomScriptType.java b/jans-core/script/src/main/java/io/jans/model/custom/script/CustomScriptType.java
index 1511d70333e..6c664e4e652 100644
--- a/jans-core/script/src/main/java/io/jans/model/custom/script/CustomScriptType.java
+++ b/jans-core/script/src/main/java/io/jans/model/custom/script/CustomScriptType.java
@@ -19,7 +19,9 @@
 import io.jans.model.custom.script.type.authzdetails.DummyAuthzDetail;
 import io.jans.model.custom.script.type.ciba.DummyEndUserNotificationType;
 import io.jans.model.custom.script.type.ciba.EndUserNotificationType;
+import io.jans.model.custom.script.type.client.ClientAuthnType;
 import io.jans.model.custom.script.type.client.ClientRegistrationType;
+import io.jans.model.custom.script.type.client.DummyClientAuthnType;
 import io.jans.model.custom.script.type.client.DummyClientRegistrationType;
 import io.jans.model.custom.script.type.configapi.ConfigApiType;
 import io.jans.model.custom.script.type.configapi.DummyConfigApiType;
@@ -103,6 +105,7 @@ public enum CustomScriptType implements AttributeEnum {
     SPONTANEOUS_SCOPE("spontaneous_scope", "Spontaneous Scopes", SpontaneousScopeType.class, CustomScript.class, "SpontaneousScope", new DummySpontaneousScopeType()),
     END_SESSION("end_session", "End Session", EndSessionType.class, CustomScript.class, "EndSession", new DummyEndSessionType()),
     POST_AUTHN("post_authn", "Post Authentication", PostAuthnType.class, CustomScript.class, "PostAuthn", new DummyPostAuthnType()),
+    CLIENT_AUTHN("client_authn", "Client Authentication", ClientAuthnType.class, CustomScript.class, "ClientAuthn", new DummyClientAuthnType()),
     SELECT_ACCOUNT("select_account", "Select Account", SelectAccountType.class, CustomScript.class, "SelectAccount", new DummySelectAccountType()),
     CREATE_USER("create_user", "Create User", CreateUserType.class, CustomScript.class, "CreateUser", new DummyCreateUserType()),
     SCIM("scim", "SCIM", ScimType.class, CustomScript.class, "ScimEventHandler", new DummyScimType()),
diff --git a/jans-core/script/src/main/java/io/jans/model/custom/script/type/client/ClientAuthnType.java b/jans-core/script/src/main/java/io/jans/model/custom/script/type/client/ClientAuthnType.java
new file mode 100644
index 00000000000..7873b13de91
--- /dev/null
+++ b/jans-core/script/src/main/java/io/jans/model/custom/script/type/client/ClientAuthnType.java
@@ -0,0 +1,17 @@
+package io.jans.model.custom.script.type.client;
+
+import io.jans.model.custom.script.type.BaseExternalType;
+
+/**
+ * @author Yuriy Z
+ */
+public interface ClientAuthnType extends BaseExternalType {
+
+    /**
+     * Performs client authentication.
+     *
+     * @param context external client authentication context - io.jans.as.server.service.external.context.ExternalClientAuthnContext
+     * @return authenticated client - io.jans.as.common.model.registration.Client
+     */
+    Object authenticateClient(Object context);
+}
diff --git a/jans-core/script/src/main/java/io/jans/model/custom/script/type/client/DummyClientAuthnType.java b/jans-core/script/src/main/java/io/jans/model/custom/script/type/client/DummyClientAuthnType.java
new file mode 100644
index 00000000000..2c933e11f77
--- /dev/null
+++ b/jans-core/script/src/main/java/io/jans/model/custom/script/type/client/DummyClientAuthnType.java
@@ -0,0 +1,36 @@
+package io.jans.model.custom.script.type.client;
+
+import io.jans.model.SimpleCustomProperty;
+import io.jans.model.custom.script.model.CustomScript;
+
+import java.util.Map;
+
+/**
+ * @author Yuriy Z
+ */
+public class DummyClientAuthnType implements ClientAuthnType {
+    @Override
+    public boolean init(Map<String, SimpleCustomProperty> configurationAttributes) {
+        return true;
+    }
+
+    @Override
+    public boolean init(CustomScript customScript, Map<String, SimpleCustomProperty> configurationAttributes) {
+        return true;
+    }
+
+    @Override
+    public boolean destroy(Map<String, SimpleCustomProperty> configurationAttributes) {
+        return true;
+    }
+
+    @Override
+    public int getApiVersion() {
+        return 1;
+    }
+
+    @Override
+    public Object authenticateClient(Object context) {
+        return null;
+    }
+}
diff --git a/mkdocs.yml b/mkdocs.yml
index c271df65446..c8dd9d90f69 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -198,6 +198,7 @@ nav:
       - admin/auth-server/endpoints/README.md
       - OpenID Configuration: admin/auth-server/endpoints/configuration.md
       - Client Registration: admin/auth-server/endpoints/client-registration.md
+      - Client Authentication: admin/auth-server/endpoints/client-authn.md
       - Authorization: admin/auth-server/endpoints/authorization.md
       - Authorization Challenge: admin/auth-server/endpoints/authorization-challenge.md
       - Token: admin/auth-server/endpoints/token.md

From 093f63e38f223c1a85cd58964989cf3c65b618a1 Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Mon, 29 Jul 2024 12:46:47 +0300
Subject: [PATCH 21/43] fix(jans-linux-setup): remove saml_scim_client (#9048)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 .../jans_setup/templates/jans-saml/clients.json   | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/jans-linux-setup/jans_setup/templates/jans-saml/clients.json b/jans-linux-setup/jans_setup/templates/jans-saml/clients.json
index d95a90292ba..943ec878b7b 100644
--- a/jans-linux-setup/jans_setup/templates/jans-saml/clients.json
+++ b/jans-linux-setup/jans_setup/templates/jans-saml/clients.json
@@ -1,19 +1,4 @@
 [
-  {
-    "client_prefix": "2100.",
-    "client_var": "saml_scim_client_id",
-    "client_id": "saml_scim_client", 
-    "display_name": "Jans SCIM Client for SAML",
-    "description": "Jans SCIM Client for SAML",
-    "scopes_dns": ["inum=F0C4,ou=scopes,o=jans"],
-    "scopes_ids": ["https://jans.io/scim/users.write", "https://jans.io/scim/users.read"],
-    "redirect_uri": ["https://%(hostname)s/admin-ui", "http://localhost:4100"],
-    "grant_types": ["client_credentials"],
-    "authorization_methods": ["client_secret_basic", "client_secret_post"],
-    "response_types": null,
-    "application_type": "web",
-    "trusted_client": "false"
-  },
   {
     "client_prefix": "2101.",
     "client_var": "kc_saml_openid_client_id",

From 7106f6e5639de624911b1cba3deabce14b2a1ce0 Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Mon, 29 Jul 2024 13:30:27 +0300
Subject: [PATCH 22/43] fix(jans-cli-tui): asset upload (#9050)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 jans-cli-tui/cli_tui/cli/config_cli.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jans-cli-tui/cli_tui/cli/config_cli.py b/jans-cli-tui/cli_tui/cli/config_cli.py
index 4e913f625a0..81ebe94d707 100755
--- a/jans-cli-tui/cli_tui/cli/config_cli.py
+++ b/jans-cli-tui/cli_tui/cli/config_cli.py
@@ -884,7 +884,7 @@ def post_requests(self, endpoint, data, params=None, method='post'):
         mime_type = self.get_mime_for_endpoint(endpoint)
 
         if mime_type == 'multipart/form-data':
-            data_js = json.loads(data) if isinstance(data, str) else copy.deepcopy(data)
+            data_js = json.loads(data) if (isinstance(data, str) or isinstance(data, bytes)) else copy.deepcopy(data)
             schema_ref = endpoint.info['requestBody']['content'][mime_type]['schema']['$ref']
             schema = self.get_schema_from_reference(endpoint.info['__plugin__'], schema_ref)
             multi_part_fields = {}

From 731aaa6b1746bf8222927a1183105680a4bbc118 Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Mon, 29 Jul 2024 13:58:54 +0300
Subject: [PATCH 23/43] fix(jans-cli-tui): asset creation date (#9052)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 jans-cli-tui/cli_tui/plugins/130_assets/main.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jans-cli-tui/cli_tui/plugins/130_assets/main.py b/jans-cli-tui/cli_tui/plugins/130_assets/main.py
index 544d64d8338..754a246497f 100644
--- a/jans-cli-tui/cli_tui/plugins/130_assets/main.py
+++ b/jans-cli-tui/cli_tui/plugins/130_assets/main.py
@@ -276,7 +276,7 @@ async def get_assets(self, pattern='') -> None:
             self.assets_list_box.clear()
             self.assets_list_box.all_data = self.data['entries']
             for asset_info in self.data['entries']:
-                self.assets_list_box.add_item((asset_info['inum'], asset_info['displayName'], asset_info['jansEnabled'], asset_info['creationDate']))
+                self.assets_list_box.add_item((asset_info['inum'], asset_info['displayName'], asset_info['jansEnabled'], asset_info.get('creationDate', '---')))
 
             self.assets_container = self.assets_list_box
 

From fa9d079853a659587845934cd6ae1500c77e51d4 Mon Sep 17 00:00:00 2001
From: Michael Schwartz <mike@gluu.org>
Date: Mon, 29 Jul 2024 06:41:35 -0500
Subject: [PATCH 24/43] jans-docs: lock updates to README, cedarling and lock
 master docs. (#9042)

* Lock Docs Update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Michael Schwartz

* Lock Diagram Update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Michael Schwartz

* docs(lock): proofread and fix

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(lock): proofread and fix

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(lock): nav changes

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

---------

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
Signed-off-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>
Co-authored-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
---
 docs/admin/lock/README.md                  | 163 ++++++++---------
 docs/admin/lock/cedarling.md               | 194 +++++++++++++--------
 docs/admin/lock/lock-auth-server-config.md |  13 --
 docs/admin/lock/lock-client-config.md      |  13 --
 docs/admin/lock/lock-installation.md       |  14 --
 docs/admin/lock/lock-master.md             |  36 +++-
 docs/admin/lock/lock-opa.md                |  13 --
 docs/admin/lock/lock-pdp-plugin.md         |  13 --
 docs/assets/lock-cedarling-diagram-2.jpg   | Bin 53251 -> 56140 bytes
 docs/assets/lock-wasm-master-OP.jpg        | Bin 0 -> 62006 bytes
 mkdocs.yml                                 |   5 -
 11 files changed, 217 insertions(+), 247 deletions(-)
 delete mode 100644 docs/admin/lock/lock-auth-server-config.md
 delete mode 100644 docs/admin/lock/lock-client-config.md
 delete mode 100644 docs/admin/lock/lock-installation.md
 delete mode 100644 docs/admin/lock/lock-opa.md
 delete mode 100644 docs/admin/lock/lock-pdp-plugin.md
 create mode 100644 docs/assets/lock-wasm-master-OP.jpg

diff --git a/docs/admin/lock/README.md b/docs/admin/lock/README.md
index 05ac2770a59..3ccf124d3cd 100644
--- a/docs/admin/lock/README.md
+++ b/docs/admin/lock/README.md
@@ -1,128 +1,102 @@
 ---
 tags:
-  - administration
-  - lock
-  - authorization / authz
-  - Cedar
-  - Cedarling
+ - administration
+ - lock
+ - authorization / authz
+ - Cedar
+ - Cedarling
 ---
 
-## Jans Lock Overview
-
-Lock provides a centralized control plane for domains to use [Cedar](https://www.cedarpolicy.com/en)
-to secure a network of distributed applications and audit the activity of both people and software. 
-Lock makes it easy for Javascript developers to write access policies based on security tokens as 
-input, for example OAuth access tokens, or OpenID Connect id_tokens. 
-
-Using a declarative syntax like Cedar for authorization policies is a best practice for enterprise 
-application security. A policy engine that executes declarative policies enables developers to define 
-security rules without resorting to implementing such rules in their application code. Cedar supports 
-traditional access management strategies like RBAC and more adaptive capabilities that offer fine 
-grain decisions based on contextal data. The Cedar Engine does this without sacrificing performance 
-or the security benefits of a deterministic policy engine.
-
-There are three key components in a Lock topology: (1) [Cedarling](./cedarling.md)--a WebAssembly 
-("WASM") component that runs the [Amazon Rust Cedar Engine](https://github.com/cedar-policy/cedar) and
-performs JWT token validation; (2)[Lock Master](./lock-master.md)--a web service deployed by domains
-to manage a network of distributed ephemeral Cedarlings; (3) 
-[Agama Lab](https://cloud.gluu.org/agama-lab), a policy authoring tool for developers to design 
-policies and publish their policy store in Github.
-
-You don't need to deploy a Jans Lock Topology to derive utility from the Cedarling. Javascript 
-developers can use the Cedarling to secure even a single browser-based application, especially if 
-they are using OAuth or OpenID. The Cedarling evaluates a request to perform an action on a 
-resource by first validating the tokens, then instantiating a Person and Client entity based
-on the JWT data payloads, and evaluating the request based on its existing policies. 
-
-The Lock Master is designed for domains that want control over a **network of Cedarlings** used for different applications, each with their own policy store. Communication in this Lock topology is bi-directional. Cedarlings can send information to the Lock Master, and the Lock Master can push updates to the Cedarlings. Notifications from the Lock Master to the Cedarlings are connectionless--
-a Cedarling subscibes to event notifications using 
-[Server Sent Events](https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events) or "SSE". Requests from the Cedarling to the Lock Master are sent via HTTP Post to OAuth protected endpoints. 
+## Janssen Lock Overview
+
+Janssen Lock (or just "Lock") provides a centralized control plane for domains 
+to use [Cedar](https://www.cedarpolicy.com/en) to secure a network of 
+distributed applications and audit the activity of both people and software. 
 
-Using the Cedarling with Lock Master can enable a temporal improvement in OAuth security: in addition
-to validating the JWT signature, the Cedarling can check to ensure the token is not revoked. 
-Using SSE, Lock Master sends an updated [OAuth Token Status List](https://www.ietf.org/archive/id/
-draft-ietf-oauth-status-list-02.html) from Jans Auth Server. The Cedarling can thus checks the 
-status of a token without a slow and potentially unreliable OAuth introspection request.
+A Lock topology has three software components: 
 
-On startup, the Cedarling can make a POST request to fetch a Policy Store from Lock Master, load a
-local Policy Store or retreive it from a TLS-protected Web URI. A Policy Store is a JSON document that
-contains the Cedar policies, Cedar schema, and list of trusted issuers. How you write your policies is out of scope of the Janssen Project--you can do this manually or use the Gluu 
-[Agama Lab](https://cloud.gluu.org/agama-lab) online authoring tool.
+1. [Cedarling](./cedarling.md): a WebAssembly 
+("WASM") application that runs the 
+[Amazon Rust Cedar Engine](https://github.com/cedar-policy/cedar) and 
+validates JWTs
+2. [Lock Master](./lock-master.md): a Java Weld application that connects 
+ephemeral Cedarlings to the enterprise
+3. Jans Auth Server: which provides the OAuth and OpenID services
 
-One of the challenges a network of distributed Cedarlings poses is the consolidation of audit logs. 
-As Cedarlings are ephemeral, the logs need to be archived centrally. Jans Lock addresses this gap by
-providing an audit endpoint. Other enterprise management features are available in the 
-[Gluu Flex](https://gluu.org/flex) AdminUI.
+![](../../assets/lock-wasm-master-OP.jpg)
+
+Lock is designed for domains that deploy a **network of Cedarlings**. 
+Communication in this Lock topology 
+is bi-directional. Cedarlings can send information to the Lock Master, and 
+the Lock Master can push 
+updates to the Cedarlings. Notifications from the Lock Master to the Cedarlings
+ are connectionless--
+a Cedarling subscibes to event notifications using 
+[Server Sent Events](https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events) 
+or "SSE". Requests from the Cedarling to the Lock Master are sent via HTTP Post
+ to OAuth protected endpoints. 
 
 ## Authz Theoretical Background
 
-For years, security architects have conceptualized distributed authorization model in line with
+For years, security architects have conceptualized a distributed authorization 
+model in line with
 [RFC 2409](https://datatracker.ietf.org/doc/html/rfc2904#section-4.4)
 and [XACML](https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html),
 which describe several common roles:
 
-| Role	| Acronym | Description |
+| Role  | Acronym | Description |
 | ----- | :--: | ----------- |
-| Policy Decision Point	| PDP |  Service which evaluates access requests against authorization policies before issuing access decisions |
-| Policy Information Point	| PIP | The source of "data", e.g. about people, clients and resources |
-| Policy Enforcement Point	| PEP | Service, website or API which queries the PDP for authorization |
-| Policy Administration Point	| PAP |  Where admins manage the authorization infrastructure |
-| Policy Retrieval Point	| PRP | Repository where policies are stored |
+| Policy Decision Point | PDP |  Service which evaluates access requests against authorization policies before issuing access decisions |
+| Policy Information Point  | PIP | The source of "data", e.g. about people, clients, and resources |
+| Policy Enforcement Point  | PEP | Service, website, or API that queries the PDP for authorization |
+| Policy Administration Point | PAP |  Where admins manage the authorization infrastructure |
+| Policy Retrieval Point  | PRP | Repository where policies are stored |
 
 Jans Lock aligns with this model:
 
-| Role	| Lock | Description |
+| Role  | Lock | Description |
 | ----- | :--: | ----------- |
-| PDP	| Cedarling	| Evaluates policies versus input data |
-| PIP	| JWT tokens | Contain data to instantiate entities |
-| PEP	| Application | Must rely on Cedarling for decision |
-| PAP	| Jans Config API | Endpoints for Lock admin configuration |
-| PRP	| Lock Master | Endpoints to publish Policy Store and other PDP configuration |
-
-## Lock Design Goals
-
-Following are a list of goals that informed the design of Jans Lock and the Cedarling:
-
-* Move the PDP to the far edge of the network--the browser itself.
-* Make the PDP performant and deterministic (i.e. milliseond statup time and always return a 
-  PERMIT/DENY response).
-* Empower application developers to author policies appropriate for the resources and actions 
-they need to protect.
-* Centralilze audit and health data collection
-* Send updates to the Cedarlings from the Lock Master to enable realtime attack mitigation
+| PDP | Cedarling | Evaluates policies versus input data |
+| PIP | JWT tokens | Contain data to instantiate entities |
+| PEP | Application | Must rely on Cedarling for decision |
+| PAP | Jans Config API | Endpoints for Lock admin configuration |
+| PRP | Lock Master | Endpoints to publish Policy Store and other PDP configuration |
 
 ## Policy Store
 
-By convention the filename of the Cedarling Policy Store is `cedarling_store.json`. It is a JSON 
-file that contains all the data the Cedarling needs to verify JWT tokens, evaluate policies, 
-and instantiate the Cedar entities requied to evaluate the policies for a given resource and 
-action. The policy store contains three things:
+By convention, the filename of the Cedarling Policy Store is 
+`cedarling_store.json`. It is a JSON 
+file that contains all the data Cedarling needs to evaluate policies and verify
+ JWT tokens.
+The Policy Store contains three things:
 
-1. [Cedar Schema](https://docs.cedarpolicy.com/schema/schema.html) - JSON format Schema file. 
-Lock comes with a common schema, but domains should extend this schema to fit their exact 
-requirements. 
-2. [Cedar Policies](https://docs.cedarpolicy.com/policies/syntax-policy.html) - JSON format Policy Set file. These policies need to be authored in Agama Lab developer tool or manually.
-3. [Trusted Issuers](.) - List of which domains are authorized to issue tokens.
+1. [Cedar Schema](https://docs.cedarpolicy.com/schema/schema.html): Cedar 
+schema file (base64 encoded human readible format). Developers can extend the 
+schema to align with the application model, especially for Resources. 
+2. [Cedar Policies](https://docs.cedarpolicy.com/policies/syntax-policy.html): Cedar Policy Set file (base64 encoded human readible format).
+3. [Trusted Issuers](.): A list of domains are authorized to issue tokens.
 
 In JSON it looks like this: 
 
-```
+```json
 {
-    "policies": {...},
-    "schema": {...},
+    "policies": "...",
+    "schema": "...",
     "trusted_idps": []
 }
 ```
 
 ### Trusted Issuer Schema
 
-At initialization, the Cedarling iterates the list of Trusted IDPs and fetches the current public
-keys. The trusted issuer schema provides guidance on how to uniquely identify a person, and how
+At initialization, the Cedarling iterates the list of Trusted IDPs and fetches 
+the current public
+keys. The trusted issuer schema provides guidance on how to uniquely identify a 
+person, and how
 to build the roles based on a user claim.
 
 Here is a non-normative example: 
 
-```
+```json
 [
 {"name": "Google", 
  "Description": "Consumer IDP", 
@@ -138,12 +112,11 @@ Here is a non-normative example:
 
 ### Entity Mapping 
 
-The Cedar schema is like the object defintion, and a Cedar entity is like an instance of the object.
-Without entities, there is no data for the policies to evaluate. The Cedarling creates the entities
-from the tokens provided as input to the requested authoriztaion in conjunction with its
-configuration:
+A Cedar Entity is an instance of the object defined in the Cedar Schema.  
+Without entities, there 
+is no data for the policies to evaluate. The Cedarling creates the Resource and
+ tokens sent in the authz request. 
 
-* **TrustedIssuer**: Created on startup from Policy Store
 * **Client**: Created from access token 
 * **Application**: Created if input supplies an Application name
 * **Role**: Created for each `role` claim value in the joined id_token and userinfo token
@@ -151,10 +124,14 @@ configuration:
 * **Access_token**: 1:1 mapping from claims in token
 * **id_token**: 1:1 mapping from claims in token
 * **Userinfo_token**: 1:1 mapping from claims in token
+* **TrustedIssuer**: Created if Policy Store contains trusted IDPs
+* **Application**: 
 
 ## More information
 
 * Lock Master configuration and operation [docs](./lock-master.md) 
+* Cedarling [docs](./cedarling.md)
 * Cedarling [Readme](https://github.com/JanssenProject/jans/blob/main/jans-lock/cedarling/README.md)
 * Cedarling [Training](.) (coming soon)
 
+
diff --git a/docs/admin/lock/cedarling.md b/docs/admin/lock/cedarling.md
index 8c87b260bb5..e2fa9d1eda6 100644
--- a/docs/admin/lock/cedarling.md
+++ b/docs/admin/lock/cedarling.md
@@ -7,59 +7,75 @@ tags:
   - Cedarling
 ---
 
-## Cedarling Authorization
+## What is Cedar
+
+[Cedar](https://www.cedarpolicy.com/en) was invented by Amazon for their 
+[Verified Permission](https://aws.amazon.com/verified-permissions/) service. 
+Cedar enables developers to create complex, contextual policies without cluttering application code 
+with lots of `if` - `then` statements. Externalizing policies makes it easier to audit the security 
+controls of an application.  Cedar is a deterministic policy engine--if the schema
+and policies are validated, the engine will always return `permit` or `forbid`.
+
+Cedar uses the **PARC** syntax: **P**rincipal, **A**ction, **R**esource, **C**ontext. For example, 
+you may have a policy that says *Admins* can *write* to the *config* folder. In this example, the 
+*Admin* Role is the Principal, *write* is the Action, and the *config* folder is the Resource. The 
+Context is used to specify information about the enivironment, like the time of day or network address. 
+Like RBAC, Cedar is deterministic. But it's also less reductive then RBAC, and in fact enables 
+security admins to express quite powerful policies.
+
+![](../../assets/lock-cedarling-diagram-3.jpg)
+
+## What is the Cedarling
 
 The Cedarling, as its name suggests, enables you to define the security rules for your application 
-in [Cedar](https://www.cedarpolicy.com/en) policy syntax.
+in Cedar policy syntax. Optionally, the Cedarling can validate JWTs from a list of trusted IDPs--
+both the JWT signature and the current status. The Cedarling rapidly evaluates authorization requests
+because it has all the policies and data it needs to make a local decision.
+
+Architecturally, the Cedarling is a local, autonomous Policy Decision Point, or "PDP", distributed 
+as a WebAssembly ("WASM") component. WASM components run directly in a browser. They can also run 
+as a cloud native function. 
+
+A key feature of the Cedarling is to log all `permit` or `forbid` decisions returned to the 
+application. It can also log the validation of tokens. In an enterprise deployment, this audit
+log is sent for central archiving.
 
-The Cedarling is a local, autonomous Policy Decision Point, or "PDP", distributed as a 
-WebAssembly ("WASM") component.  WASM components can run directly in the browser or in a cloud 
-function. The Cedarling's main job is to `permit` or `forbid` requests based on enterprise-approved 
-policies. The input to the policies are JWT tokens (which provides the Principal), the requested 
-Action and Resource. The Cedarling rapidly evaluates authorization requests because it has all the 
-policies and data it needs to make a local decision. 
+For developers, the Cedarling is a more productive and flexible way to handle authz. The Cedarling maps
+Roles, and provides RBAC out-of-the-box. But developers can also express a variety of policies beyond
+the limitations of "person with role has access". For example, what if you want to allow access only 
+to people who use a certain type of passkey? Or what if you want to incorporate a fraud score, and 
+elevate security for riskier transactions. Or maybe, partners can view tickets for the customers 
+they serve? These policies are easily and rapidly evaluated by a Cedar policy engine.
 
 ![](../../assets/lock-cedarling-diagram-1.jpg)
 
-In a JavaScript browser framework, the Cedarling loads its Policy Store during initialization, as a 
-static JSON file or fetched via REST. Developers may consider the Cedarling Policy Store as part of 
-the code. Externalizing the policies makes it easier to audit the security features and 
-controls of an application. The Cedarling enables developers to create complex, contextual policies
-without cluttering application code with lots of `if` - `then` statements. Importantly, the Cedarling
-creates an audit log of all decisions by an application to `permit` or `forbid` actions. In an 
-enterprise deployment, this audit log is sent for central archiving.
+The Cedarling loads its Policy Store during initialization, as a static JSON file or fetched via REST. 
+The Policy Store contains the Cedar Policies, Cedar Schema, and optionally, a list of the Trusted IDPs. 
+Developers may consider the Cedarling Policy Store as part of the code. The Cedar schema for resources 
+aligns with the application model. The policies control the expected functionality, and
+need to be unit tested--including both positive and negative tests. 
 
-Where does the Cedarling get the data for policy evaluation? The data is contained in the 
-authorization request itself which has the OAuth and OpenID JWTs and details about the resource 
-and requested action.
+Where does the Cedarling get the data for policy evaluation? First, the request includes the resource
+details. Based on this, the Cedarling creates the Resource entity. The Principal entities 
+are derived from the JWTs--the combined OpenID id_token and Userinfo tokens enable the Cedarling to 
+create a User and Role entities; the OAuth access token is used to create a Client entity. 
+Hypothetically, you could also pass the roles in an access token claim. But a user claim for roles 
+is preferred.
 
 ![](../../assets/lock-cedarling-diagram-2.jpg)
 
-Two JWT tokens in particular are typical: (1) an OpenID Connect id_token and (2) an OAuth access 
-token. The id_token represents a user authentication event. The access token represents a 
-client authentication event. The Cedarling can trust the id_token and access token to extract the User, 
-Role and Client Principals. These tokens also contain other interesting contextual data. An OpenID 
+The id_token represents a user authentication event. The access token represents a 
+client authentication event. These tokens contain other interesting contextual data. An OpenID 
 Connect id_token JWT tells you who authenticated, when they authenticated, how they authenticatated, 
-and other claims like the User's roles. An OAuth Access Token JWT can tell you information about the 
-software that obtained the JWT, its extent of access as defined by the OAuth Authorization Server 
+and optionally other claims like the User's roles. An OAuth Access Token JWT can tell you information 
+about the software that obtained the JWT, its extent of access as defined by the OAuth Authorization Server 
 (*i.e.* the values of the `scope` claim), or other claims--domains frequently enhance the access token to
-contain business specific data needed for policy evaluation. If an OpenID Userinfo token is sent to the 
-Cedarling, it is combined with the id_token to paint a fuller picture of the User's claims. 
-
-Cedar was invented by Amazon for their 
-[Verified Permission](https://aws.amazon.com/verified-permissions/) service. It uses the **PARC** 
-syntax: **P**rincipal, **A**ction, **R**esource, **C**ontext.  Principal-Action-Resource is typical
-for most authorization solutions. For example, you may have a policy that says *Admins* can *write*
-to the *config* folder. In this example, the *Admin* Role is the Principal, *write* is the Action,
-and the *config* folder is the Resource. The Context is used to specify information about the
-enivironment, like the time of day or network address.
+contain business specific data needed for policy evaluation.
 
 The Cedarling authorizes a person using a certain piece of software. From a logical perspective, 
 `person_allowed AND client_allowed` must be `True`. A person may be either explicitly allowed, or 
 have a role that enables access. For example, `person_allowed` is `True` if 
-`user=mike OR role=SuperUser`. 
-
-![](../../assets/lock-cedarling-diagram-3.jpg)
+`user=mike OR role=SuperUser` and application is from `org_id=Acme`. 
 
 The JWT's, Action, Resource and Context is sent by the application in the authorization request. For 
 example, this is a sample request from a hypothetical JS application:
@@ -70,8 +86,13 @@ input = {
            "id_token": "eyJjbGc...", 
            "userinfo_token": "eyJjbGc...",
            "tx_token": "eyJjbGc...",
-           "resource": {"Ticket": {"id": "12345", "creator": "foo@bar.com", "organization": "Acme"}},
            "action": "View",
+           "resource": {"Ticket": {
+                                  "id": "ticket-10101", 
+                                  "owner": "bob@acme.com", 
+                                  "org_id": "Acme"
+                                  }
+                        },
            "context": {
                        "ip_address": "54.9.21.201",
                        "network_type": "VPN",
@@ -85,21 +106,22 @@ decision_result = authz(input)
 
 ## Cedarling Token Validation
 
-The Cedarling can validate the signatures of the JWTs for developers, by setting the 
-`CEDARLING_JWT_VALIDATION` environment variable to `True`. For testing, developers can set this
-property to `False` and submit an unsigned JWT, for example one you generate with 
-[JWT.io](https://jwt.io). Or developers may prefer to validate the signatures in code--that's ok.
+Optionally, the Cedarling can validate the signatures of the JWTs for developers. To enable this, 
+set the `CEDARLING_JWT_VALIDATION` bootstrap property to `True`. For testing, developers can set 
+this property to `False` and submit an unsigned JWT, for example one you generate with 
+[JWT.io](https://jwt.io). 
 
-On initiatilization, the Cedarling downloads the public keys of the Trusted IDPs specified in the 
-Cedarling policy store. Because all JWT's have an `iss` claim, this is used to determine which keys 
-to use for token signature validation. 
+If token validation is enabled, on initiatilization the Cedarling downloads the public keys of 
+the Trusted IDPs specified in the Cedarling policy store. The Cedarling uses the JWT `iss` 
+claim to determine the right keys for validation.
 
 In an enterprise deployment, the Cedarling can also check if a JWT has been revoked. The Cedarling
-uses a mechanism described in the 
+checks the status following a mechanism described in the 
 [OAuth Status Lists](https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/)
-draft. This might be handy for use cases where a token revocation needs to be communicated 
-immediately, such as an account takeover situation, or an implementation of a one-time transactions
-in a cluster of web servers. Jans Auth Server supports the [Global Token Revocation](https://datatracker.ietf.org/doc/draft-parecki-oauth-global-token-revocation/) OAuth draft. This is how a client can inform the OAuth Server that a given token should be revoked. 
+draft. Enforcing the status of tokens helps limit the damage of account takeover--i.e. to immediately 
+recursively revoke all the tokens issued to an attacker. Domains may want to use Token Status also to 
+implement single-transaction tokens; for example, a token that is good for one and only one wire 
+transfer.
 
 Here is a summary of the ways the Cedarling may validate a JWT, depending on your bootstrap properties:
 * Validate signature from Trusted Issuer 
@@ -110,58 +132,74 @@ Here is a summary of the ways the Cedarling may validate a JWT, depending on you
 
 ![](../../assets/lock-cedarling-diagram-4.jpg)
 
-## Policy Authoring 
-
-The eaisest way to author your policy store is to use the Policy Designer in [Agama Lab](https://cloud.gluu.org/agama-lab). This tool helps you define the policies, schema and trusted IDPs and
-to publish a policy store to any Github repository to which you have access.
-
-## Testing the Cedarling
-
-You can perform end to end testing by running the Cedarling in your JS browser application. If
-you are using a server side application (e.g. a Wordpress application), you'll need to deploy
-the Cedarling as a cloud function. Remember to run the Cedarling init function when your application 
-starts. This is necessary to load the policy store and to download the current public keys from 
-an IDP if you are using the Cedarling for token validation. If you want to use roles, make sure to 
-populate the User.role claim in your id_token or Userinfo token. Call the authz function when 
-you want the Cederling to opine on a security RBAC decision.
 
 ## Cedarling Policy Store
 
-The Cedarling Policy Store is a JSON file that contains all the data the Cedarling needs to verify JWT tokens and evaluate policies:
+By convention, the filename is `cedarling_store.json`. It contains all the data the 
+Cedarling needs to evaluate policies and verify JWT tokens:
 
-1. Cedar Schema - JSON formatted Schema file
-2. Cedar Policies - JSON formatted Policy Set file 
-3. Trusted Issuers - JSON file with below syntax
+1. Cedar Schema - Base64 encoded human format
+2. Cedar Policies - Base64 encoded human format
+3. Trusted Issuers - See below syntax
 
-By convention, the filename is `cedarling_store.json`. The JSON schema looks like this:
+The JSON schema looks like this:
 
 ```
 {
-    "policies": {...},
-    "schema": {...},
-    "trusted_idps": []
+    "policies": "...",
+    "schema": "...",
+    "trusted_idps": [...]
 }
 ```
 
 ### Trusted Issuer Schema
 
-This is a hypothetical example.
-
+* **`name`** : String, no spaces
+* **`description`** : String
+* **`openid_configuration_endpoint`** : String with `https` url of `.well-known` for domain.
+* **`access_tokens`** : Object with claims:
+  * `trusted`: `True | False` 
+* **`id_tokens`** : Object with claims: 
+  * `trusted`: `True | False`
+  * `principal_identifier`: the token claim used to identify the User entity (in SAML jargon it's
+  the "NameID format"). This claim is optional--it may be present in the Userinfo token. Defaults to `sub`. 
+  * `role_mapping`: A list of the User's roles
+* **`userinfo_tokens`** :
+  * `trusted`: `True | False`
+  * `principal_identifier`: the token claim used to identify the User entity (in SAML jargon it's
+  the "NameID format"). This claim is optional--it may be present in the Userinfo token. Defaults to `sub`. 
+  * `role_mapping`: A list of the User's roles
+* **`tx_tokens`** :
+  * `trusted`: `True | False`
+
+Non-normative example:
 ```
 [
-{"name": "Acme", 
- "Description": "Acme IDP", 
+{"name": "IDP1", 
+ "description": "Acme IDP", 
  "openid_configuration_endpoint": "https://acme.com/.well-known/openid-configuration",
  "access_tokens": {"trusted": True}, 
  "id_tokens": {"trusted":True, "principal_identifier": "email"},
- "userinfo_tokens": {"trusted": True, "role_mapping": "role"}
+ "userinfo_tokens": {"trusted": True, "role_mapping": ["hr-admin", "staff"]},
+ "tx_tokens": {"trusted": True}
 },
-...
+{IDP-2},
+{IDP-3}...
 ]
 ```
 
+### Policy and Schema Authoring
+
+You can hand create your Cedar policies and schema in [Visual Studio](https://marketplace.visualstudio.com/items?itemName=cedar-policy.vscode-cedar). Make sure you run the cedar command line tool to validate both your 
+schema and policies. The eaisest way to author your policy store is to use the Policy Designer in 
+[Agama Lab](https://cloud.gluu.org/agama-lab). This tool helps you define the policies, schema and
+trusted IDPs and to publish a policy store to a Github repository.
+
+
 ## Cedarling Bootstrap Properties
 
+These Bootstrap Properties control default application level behavior.
+
 * **`CEDARLING_APPLICATION_NAME`** : Human friendly identifier for this application
 
 * **`CEDARLING_POLICY_STORE_URI`** : Location of policy store JSON, used if policy store is not local, or retreived from Lock Master.
@@ -172,6 +210,8 @@ This is a hypothetical example.
 
 * **`CEDARLING_REQUIRE_AUD_VALIDATION`** : Enabled | Disabled. Controls if Cedarling will discard id_token without an access token with the corresponding client_id.
 
+* **`CEDARLING_ROLE_MAPPING`** : Default: `{"id_token": "role", "userinfo_token": "role"}` but the role may be sent as an access token, or with a different identifier. For example, for Ping Identity, you might see `{"userinfo_token": "memberOf"}`.
+
 * **`CEDARLING_LOG_LEVEL`** : Controls the verbosity of Cedar logging.
 
 The following bootstrap properties are only needed for enterprise deployments.
diff --git a/docs/admin/lock/lock-auth-server-config.md b/docs/admin/lock/lock-auth-server-config.md
deleted file mode 100644
index 5f5a81f3c89..00000000000
--- a/docs/admin/lock/lock-auth-server-config.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# Configuring Janssen Server for Lock
-
-## This content is in progress
-
-The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
-
-## Have questions in the meantime?
-
-While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
-
-## Want to contribute?
-
-If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/admin/lock/lock-client-config.md b/docs/admin/lock/lock-client-config.md
deleted file mode 100644
index bac7bae700d..00000000000
--- a/docs/admin/lock/lock-client-config.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# Lock Client Configuration
-
-## This content is in progress
-
-The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
-
-## Have questions in the meantime?
-
-While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
-
-## Want to contribute?
-
-If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/admin/lock/lock-installation.md b/docs/admin/lock/lock-installation.md
deleted file mode 100644
index f13cd726dca..00000000000
--- a/docs/admin/lock/lock-installation.md
+++ /dev/null
@@ -1,14 +0,0 @@
-## Lock Installation
-
-
-## This content is in progress
-
-The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
-
-## Have questions in the meantime?
-
-While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
-
-## Want to contribute?
-
-If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/admin/lock/lock-master.md b/docs/admin/lock/lock-master.md
index 75680f16c48..7e44e945a4e 100644
--- a/docs/admin/lock/lock-master.md
+++ b/docs/admin/lock/lock-master.md
@@ -11,14 +11,38 @@ tags:
 
 ## Jans Lock Overview
 
-This content is in progress
+Lock Master is a Java Weld application that connects ephemeral Cedarlings to the enterprise by 
+providing a number of [endpoints](https://gluu.org/swagger-ui/?url=https://raw.githubusercontent.com/JanssenProject/jans/main/jans-lock/lock-master.yaml)
 
-The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
+## Installation 
 
-## Have questions in the meantime?
+Admins can deploy Lock Master as part of Jans Auth Server or as a stanalone 
+web server.
 
-While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
+## Configuration 
 
-## Want to contribute?
+A list of server-level configuration properties.
 
-If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
+## Logs 
+
+Lock Master creates the following logs:
+
+* lock_master_config.log
+* lock_master_audit.log -- RDBMS option
+* lock_master_jwt_status.log 
+
+## CLI / TUI 
+
+Admins can manage Lock Master runtime configuration and see activity using the 
+Jans CLI or TUI.
+
+- Create/Read/Update/Delete Policy Stores
+- Total Number of Authz requests per day
+- View/Search current Cedarling clients by searching for username
+    - View authz activity for this Cedarling client
+
+## OAuth Security
+
+Cedarling should present an SSA during client registration. This will enable 
+Cedarlings to obtain access tokens with scopes for OAuth protected Lock Master 
+endpoints.
\ No newline at end of file
diff --git a/docs/admin/lock/lock-opa.md b/docs/admin/lock/lock-opa.md
deleted file mode 100644
index d8d45578228..00000000000
--- a/docs/admin/lock/lock-opa.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# Lock OPA
-
-## This content is in progress
-
-The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
-
-## Have questions in the meantime?
-
-While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
-
-## Want to contribute?
-
-If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/admin/lock/lock-pdp-plugin.md b/docs/admin/lock/lock-pdp-plugin.md
deleted file mode 100644
index 3bb6cc618f5..00000000000
--- a/docs/admin/lock/lock-pdp-plugin.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# Lock PDP Plugin
-
-## This content is in progress
-
-The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future.
-
-## Have questions in the meantime?
-
-While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussions) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover.
-
-## Want to contribute?
-
-If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/).
\ No newline at end of file
diff --git a/docs/assets/lock-cedarling-diagram-2.jpg b/docs/assets/lock-cedarling-diagram-2.jpg
index c8e808c5750ef4b7fbbfd548e0ec2b71addaabff..fc8ff51ef2459b4e9d79c0f2a0b540ad7cd1a5b5 100644
GIT binary patch
literal 56140
zcmeFZ2UJtt)+ibq0)hyL3J6NC0SO%`N(m%1Arv730-+?-(2-)JN)Mqo1wt><LKO=g
z0!j!SM7mU^cYX1k^PS^&-u=!U_uc=E|GhEpWURes)|zYWwfCNT&Na*8=g7}5fJ;y?
z1PnNJ3II4o{sa7+IW+=NQL(tEuM37~sr|j76F`Quw*UYqXAd`hb>*A)O-yf||MK@9
zzuGLV-Ccj3{{qP4?hgGL9RL^r{sql{s-{BNxLcD6zLN{L8~Nho$zCSom+k(J^Z&xF
z{*KH4!o59QJ;*foe&KEg`YL1`LB{#*e#5PP!>wK2e$hvgY2=+8J%3&67yOzrjg7M*
zjC`gfm+Js`fIdJSp#1Cp$-l|qk_`aJ>;M2~V*gcVl>z|N1_J=s#{N~u{SpA63jzS}
zAOBVNuV><F>1O%2;m(qer)_NkfX#dWfYt;6VEhCCP{aS$Mn3$-+-{Pau9N5GLjJP@
zI09?{HvtfUGr$@kLdHOVTL3YD)X#B%3gFD?U-0XAh74yZ&i(>Q3W{?SRFu@zRFqUy
z)HHN7)E6#ZprWFsr@csb=@R`VY8nPchD(fO{L-&MPW|e6<}4+-<E0B!7s$2$i}3Ru
zfS&R+<(cC%r#Jzp=}(=ZKlQT}!1jyR$n!e&$ISu&=g(1`r96Fx>Q}S*B>;fp6nW}Y
zRA<khJ3~Qx4nY2O_8i4|dP)XH4)4oXImKk|C)ErxUAe{ux~pfDKqYOA=N7lLN_;h-
ztdI7pRCyZ5!^>~y_MA^bQc4wO?d}<rokzsrs{3cj<6r*u3H%v;)zbgpYsUaI<Vl{U
zKSK{t0vzW3xzGPEfAJldmx&w4c7C{3qCYI&H6t}%b#vHbEXF+PLdtm&c(<l-YWzGS
zyl@tRQytCiQW-Ck#r2)Sd5?-nGZ$Xfa7s3GYTARGmx8UeN25$$ec<FXznl40&(RF`
zn(*+Nnt9f&*jFJ;D7&PfVNjn6pD>?{|Hp0*0tqKGLm=6r#DSf)BViP2TUjs82UaRZ
zAd8){Qb0BAZfv3_+0F^ANxP0!tK)=#po5M!rSC4#H@J~wO2a#6ix+QP{t0;hMsPRD
z`uoj4HLA`i(Wi0<85zGq@9@4NY}5$U=wSwj7d6>D`2x*hAp0n=s^6;mUfh!}$Fnn8
z`_edb;%ea88#4R(KWLYXs~c}Tr7i#@`2S_wfT#5R>K<_MN@<PKt>73{d}``foo=2K
z1s;ebPvtz<8VDLw`~6heUyVR>tc@fdj1^0(TG?zo=o6Y|icGa~>MPcZ;@6Ww&CiY7
z!4=zF<}Xb?fi|NzbdOny<w!53({$<nu%7^m?cy=Bn0LVju4T@J6=PjjP0m#dc7F|D
zj1#f`YLggWe`Up#fWb_3)`}m!)Bf>S{X>kEh9|ERkG+ya`XnjJ8j`p$6LN)1`nh6a
zgSn(<PL7zcPGUSrN!l*`9^gMs<A2uZxgmLV#qMi#R;PW_*Afy$SMl+8%^jMTN77q$
zW{tiP?!xO?sC2FVf$YW(#|_~!d4ukxnDOmyD0~7lTT)shP)~y!kUH#5$#>&g<#{>S
zM72;my*_u}`hb>>+rNrIGwJ@^jJWb>GEv)%i9a&t<)OY~Q`9cZnLno1`sS-AEz|W9
z!o!zx2*t70s?DWQwjYdlG2?4It#LmA&fOfz|NS5BDZv@|o~Pbt3aaBlBf)IL*4p*u
zoF*E^gQ60{J7mFk;WnYr;~Q1;M>oC(L!ULrG)TlzS0WttVthjZgHYScZ27W%!7tLS
z@y5x^a@$Mny$h(Olz4m73i~-hYP`>olM6``g=V;~*js-kM(o<rh4!HsRD1JR+A<81
zwol2}GFCHkFfuJgx5NG=M}RRyFsP?Uvd|vM3&wCMr%xQWx~{w(<!f<o;NoI_)oSXX
z4~xdyA8_p%DV&?&dBz!wf0Q>Wl^@~BoeJVE*wvX+Ju}(ia=D>De_%hrJH#=h9yxgX
z{G|cVbmg(1flL8AWiSvaDHXgAi7Tw(fr|$0af04GOg(A87_<=;_WhvshfUN1DK+8J
zRB0B>e8OP339-aOn`(-La-z%Bcs`hH)&(<!?P)wiE9E?z%DW#!ad;!y7VEfBBWo6{
zps=G7-EAdkELHbP4zZ=3Qkdz%my~3!30YGhcsXeKD9zZ3&18p$n*%-1T&(n_c;;Fl
zR1qYvEuYN?5s^t^y(^`fKeRB1(og7C@5aVmQ{Aq8@D?e0DLJoT?vYE;NU4)o#yEj@
zGD-bviz97rq0PB$-YY|0PG|kQp#~_Aupyhbycw<K^n3DpuDUraQCQ^&mLDSd*_q?-
z^^rECH0>T;ByPfiZyLIW#d`#c8n3c!oxY&s^RD;%8`Sd_+iWW)iM@J*L(PJ#YjsI1
zk~uEaFP2%|6Ku!xf}PERf>NCQoJO=dc99FE-z)MS(dHin%I)-tCMB9YwzQw!nC(V8
z)g>{!ml}An3DJHf-<r{Ny&YlqnkF*J+MV_Umzvw#3sy9^UzXbFf1GD;$=Ppj#jT#0
zpu^j(JWwmu2@A<=-F3u_q4OKw9O-%f1n5l6_-TL~)jXmnWmy^l+8+9{VsO_qllX5p
zv4{j`^`;>Ht_u<=UOZ+m;@^KZ_HEDeD>q@oT^PCI5F{I3f2vTFDRI3$x+f%;Re=){
zuj7cA&O-UgA1R}C&hP&iAOL@`ZvO;WY(TZeyuPlobUthp0nYg>EE`ozY2U;?*GrPc
z>#W+MbPX^$H(9f;`m3QiUd&yil>pv*Urn7j%W5@r_+jm<k(bkbprCZNBu)4tn^O$~
zd|7HrFwtRimy>H{FpKfgQJebd!(o=60J-b{)5msaOV+ps7?nf^njD~TUP4%kg-PDT
zBKOS$|9DP?4ogqJXKaB{t<4JMEPTFC5%XtQ!edw;#k%E{aYd^0$_shmP@XLiPq~n6
zV?BonEL8kDt;k8{*i_V#3w<g&V{s%nveXitVwiL*i9_&v-c-P6U%lQSTyCB7O+p$x
zy|Ex7%}Sgy@i7LKne2MLW&1dFn7$jj$X6z3yIP?kP7l{__z5VA>fyoVepdc8z0(<P
zt2rJJ{LN5u>V=ut>>18!ixBzs9Npqua+Mjrk3}j9%ep*>U4>M9mnu1VI-RJX5W!6|
zy@DP@q?F;ik4$ngABNJt23lZ{#l~_j2^E4DHgLUK-U8RcwDAe$?@2hwvOw=~P;P(E
zc=N2+kPiKRc$-XC)l5~8<6DL(G}eg8O9c|oL$sX45Vf5OtBaEpKH1oU?IlX9K>Fdf
z7%Dttdk4Mep+c*37Rsr{a=ATR-E?~H))!D>-pgE8L9`YNRnDktJT$x-6T9pUVbK~?
zBFJQ)ylU`k`J9RNi(L-k5@LRn!Ooc6VxYz0W~y%{p~MlOXeAAmi|k6G?;)uR(6fX~
zm0aERLuEKeIHW9^d{%HT9-A0D7O}d#<>?wZ1#8EcNcJIcCB0y6dcFiIs28Nrq}S%l
zbHg3Rr$D9YXGt8bBi(5AmB|#4LA^k^YqHaJd0zGFd^&f}+s<SD9nDid-a19^uhh7%
zvD|&d$W_ZBpd`ycgmNk!s|&mG-&8PEfg5vZz+TUYv!U*$<dT9Iw0Z(!oI2g#k?o`6
zpl@nXtm{7k?0fE~i+CRJJrcH`^4{NTOlJCJi2OGLLmAIoZ$q{(53_m=t;n;}3|ud|
z{qDU|YEhfP-=;=UldzPRxoCv-_RV9|^tFua{yv6;O-misY|6%#6;tam<I8N*6b35R
zgMOTqx(8qxV$5p@$Rp@R<c}DN$n@sobW$e~ytBMo!SwVE(>EhhY*o$j$H<ib1`K74
zZ>~tVG#>j+5~vFjTr<8_<OEF3eqMk0OV#~%1GFyjWYWO<>9fa@hA#>d(7>aHf^TQe
z{y-J~hqw4Yxh3^wpAsVcu)w(5@G!v|Zp~Kjx}Zv&c(uU&dIqB1FdkkmQA!QLgsa+u
z!C>Wgzq1bDP!l;k-)p$5o8T{_h#B)da5oHypSQTkbnlel|7rVQelFpyo2kN!OnJR%
z<Y!jRSmTcBvUnmqz^5Fa#Nr-@NXSpQ09noExpKrzzf1G_zm7R|cj$~J-&Yo07tGOi
zYwBCMSzb|XE6JEpy3P5)jmt%5c~LVmrdCmw8-vnY&lw4;y;gobHDWoV=xw3ZTV|RV
zVwUdhw}dyd(bNT0#?jhpJ350Fqza43(BJSEWQ)aTj$~o5W_Y5>wBPwVUi9QYbo(%8
zQpOtQqtrKnPmTX@aC~E)c@4bcw$|H4(sOqrWbAIaU!6Ily3tk8TsT&Im?*Rn`x_qD
zpod~Vh3%0$wv+8xn`h9rZM`7HE!%DGKCc|P%S!nlF8u#+zW<%w=B-RW%KZc=h33nO
z#4OaAB}B=u)QL>Kxwpk|KV%zh0X01Bk-&o}>?edHA<Qgz#ol0HXr&S~K%T4_Kzq?L
zr+#1CtNsL-S45=OLdzUB>YAC{&vklx#vRmaA0%v!rnab-?`rFSl_6$n%yH{*XQ@af
z;H!^fsHUE)nc)e>^zbC6xs$IZE|n1{3H0kw$SzJ5;m3T9=G|Y&P+B1qcdGk3>1L)R
zv1wzM4g(eqr0b`8FH!pJ+mQLm$BtdlIUeEIghBzm#CGyRiRyC%i}d6Vh4qDV1`eh+
zVaM+V9Cgo3<{Z?jpU&|Le7`U6Avt#-u)29$9<zEBLHL`f|7%fr?(cdA0PtYlC77Gt
z`#v7tlU<kg;BYIfw{Qe=rJEE3NcGP{g2?`W7?)L!%#*^TE87!{wU&AgAe!=o!hzw)
z!&G-`9_I&LAjSU59|O@hs>(R(90e7m%Wexzpf(ln3_hX>A1#$?S*;uJ+hsYhSmZt!
z?COT6#N9BIc`{hWyFW<uw+Qin9HjM)`OR(03vcmt&yFAMuUOXb1$whUB%bTn6Ndca
z_^{!&h=;eC64CYIYWCGI)$iKCtU|f?<Y`YM$6^1H7rVswZ6k^K6VQWnz1JI?t7hTi
zlFmr3(GAft+VD5Ia?cAJs&Mt@nIp*J)z;eV^kKtM26odlWI<UW5H|}eFr{;Y@LB2O
zA?tES9nLW-4jcmy?DY1Xda5EBZ?stx^CjLvhD9IN4WRD6&ZA2S=E?w;Dj?RXBDjkK
ztz^MeE#6m5-+btM{Y7u3ir8v3YJ7ibP0H1dy&G!XywotpYI0(}Dxe5)BxcOdDODrb
z@&;VSENz_9zwED9e;>ynGbr-vLN<g$3`2v}Q=M5D`b&9R9)#)D4JXDMwJu+_>GYrN
zkvPHaN<11*{>skWVgyT>+wV<%*sdnurl_C7HM%77s%{xhsV@H5t@Gf>Afr~Xcu6GE
z2<7FFH)5c8VJ8}xal1bOGhuUZE=aDyn?<T2x}A@{J9|`6-&9eJy$eF0xGX~Yo|bpe
ze!Ih)!M9oc>68&{Qob7n%o~z#HR+U&f`0c-#HirrazDm?B;1jV;uwk)*QyDP47iiu
z0Xm}E7mpq_X{+iSdvv``V!LWCY|IL$$6%WffKwPj9^VdNP;$^FXo=n!EcEAEpg|7i
zR+cBli43yw&S9{cs%~F5o7Flix%5-H^bImwxL5*=Vo^Q5SJ}(!aR(?kful!9t|}J;
zsn^d)M%?=te|R?qc-!Nkxj&FwVGNgZSSY;<d3fkxf*Uo6tmG~z(|Boxfv%eT$lyTf
z&+@Pt?DAu6ky}FUTTccb+neX0j7rc7d1IPp!M2;Xy2KbkMdxS_Z`LPr>|&O)?0czI
zz)?|eOQ4bU*CjT$E_R}Btex##-qBf9-S?e-%P|;{E(p@)_5#L%Q5V8E`L025N!o2V
zuv6x7J_#BwVBVrj0)j~4O%~td<5dP$6At}duAmeKpBsvnNjl)z5cZfQu7m_<1YEdt
zPYgFJUgP&9P++H#vtoKriln7$SfaC#In4Z|5S(Plu{Unn#+}gV*MqLXL}G2nj39c<
z*DlU~&uY_QYRgQ&ojy}jxwL51Be(LxH-blj0>Yh8D@N~*&o){z@0zlqk7Ln#F(jvZ
zbW7qkta{+W#~L9cvD%Ha0PSWWTl*=;F|X?$JC_rHIU}R`iATW$dJN(GI&<(<vynff
z)?Z7If2|L-L6deFce4ls=?>~!4~X3jnY0s&NcIAoFoM=2xG)biOAdssGGL}a1QmpZ
z-_COWkjQg?5vTZS?{Uac2N&Qs_4OxJW(Z*TUGLKUrh|Vixc-Z~>A{;qYei17!ZucZ
z0^E<^Y00~xM2ozNe&AjlBYwwWhd%)mKLNM?KTIa}<#@pwG?yZzqAd{*j|L*JuejkU
zDOr~ES3jS&n~m2CfYli92pi9G{DyM|>&6l1Zo%yCI#Bnq5Qr(4=3Xse$x4hN))tHi
z4D9dyueoDG$~{h{*3hs2FDyk;|995|f-nEU_@@oy4q;1+-Umrd==X*UCBLuv{!Vg`
zbYwXg%BSb!Xq3(2&<33u`KBM8FE+fhe9Rq@KmU!mc*JfzJ^uR8Ue2z=g^s1X^wB^|
zwC)qjf~K7Jm3H}vvNA^_7=s{gs62T*ptX=Fq3(YG=gEr4Pv(NzC<iJ1xe+WloTO4!
z0yB?uwo)A4oS`-^TO7G6!QY2EI3OD+h<NT)st?8)T=gu&9euS*<tgUj-}}RmTVLO?
zh&NOb)}VsC8afjjvkbYnRI~Nc0`hXip)p+$XWy(b+7Io1g;J^7Y2S}<HM`Quw#x1$
z7tefh$og&t6XEI!Xve%s{AlUU99J9=7D>?X%z7RLe^;0A(G$)z?any-0H&927IA6K
zPLlah^SohSvlTpil6PieDn3O}S7iBalD$j(PXG!v@ujIQG<TqGg+L$2bt&FpwoK%#
z$+D#`Hh~{+(gA}^#McX@AILV+TDwh$Mu>1#ohZjdE=M!x`(EJ?sUPjL9rH%HtrQJu
zm$p{j!mhkfZZ5P3DH<|hqg%MdStK&A?x$pbnO}9eMg-n)5N~*+U9(Hio-J2A_ntSL
z-!5bEa(|C9F=2;cMkAu)!X!6NR|fs1$Jl%(HOAnf>+1Tmhps}oZEs8D8|N(&v=_{s
zoT}sXN@A<fZ$4$uLAa75Nve0G+GP%A`HU-$x8QZ2{r+qxeD88QRm#j|4omXI*|I(7
zb7PNe2wJIT5)AU0ZV=WyunL;+7I|(iO7K(0y@3bH8T^CS<L;kKTyU;hF7>R1BT1F`
zp;7)l(<nhbW)^J<B-cbx+J*iyC7%ZaX5eWDt!=9++4jl<ShH%6X=BXw=^BBc*R{0y
z*CDt737l#I1|s6l%o+}w0v0M&4a3nQ^xN_D#G&O%1?7Q~l!?3#bio{n+|7sKC>0@(
zPYLnhajH?Mx}1I$7uP5+Thib~0ddD0QEQ^pn93JX$KEoyN8KKa<30<OGcbuRpnwP?
zBI|3xk%ry@bZyJ&Dv@1wzk2Az<qdK5j0)O8@PUf7a~1a+l^z>OQXos7!8C4(il<9z
zEWoDQZkNs$E4Dv`K^GQZcU!VxH0{bBlu1;I8P+I!B+U91V`%zb>=wp_uefh!!b@j<
z02+qLWxz`m7|PI2{{$Fpy9f;X9=-}oP<=2iYL*~(EGH2|6XFa}3`jxSMt8vG$`j0u
z)A~+p_y=x;78mzQ-Uu!Qw7V&YeGu+D6WzD+7HNxJMZswCN46-bUJ(!CSTFZX;OM%F
z%kYgc)~wms>f-an6QSqu!iFS+G+)Ef#-8UaPs_Yn^pr?2Ucb85C@hYv(>|d)$AlYF
z{ZT{7-kb8W>>}M59j-?9oD{@oK2ag{IG<h-psC`-+GDd5=f0il-~nXiL0X6!M27UY
z@llYM>T!rvNZB{*<lTB3pECJLUYEPJc^qQSm9Re6lEhvqBorry-Q`gu+B}F*w7U8F
zyG?tdMHx$Qvb|2F_5FFB$6>c%O<dR0rX>^UWz&=si4D<?NNH1rt~UDkOhl?ysEfMh
zKFg;laBEe1mch=2P_x^_YgL^7X==LQG4m>3qiSGF9LGhVe3n5}e1!mXqL-gLKds^K
zQtPkf8lWgVP$kbdTFK!y->20VMK5fsTl?^N_^`Pb#pg-6@#S$+)n(${F6ktE<8{|G
zQ)15IVgZ24xaSyFwG$|?U1UDB`}tOh_15F{A8PJNF4E%)yHiyG;af2;9)J0q;HO!!
zf9aRu+ove-6Y%_z;hIRtm%IN}jg%s<mVW{m#?VnYJXN2f<X$_CLmRwu?vPUQwlI7j
ztr*XmnHt=TDCVisON~HaVyb(rxAzBU`3C7O?-oq8gbe>~2i{Sx-ZS#SkV?+5kWfIz
z0V5%|A|GSdv7|yq;*lf7hE6JpAytw)5n@6gC!p4R#C*{H{`VXClN0TKCsg-WvBF>j
za*)q-CexU-Urj7}^Am8W{xO32`0Y_S=Kj>ikJq*1&b@oWiF|oiqUH$87xQc=yFosL
z($u*sn(Uzgjt?O3cR8tv*=QsP`q{JNx<nj~H%LH3?%Lm3gv$7LTN7HRvwgq6`P;@f
z?^~yf01_of_g$kTYYMZwbZ-WBugllFS`w|LymjkZZEht^!d$tU@;(JaqvQ3vcp3{i
zCn%Or8*V2Kl=q|-uVxAEy9V%7uWT+99r1NHUq4;+f7<>>&*jty@9g%dy~i<r^-m4i
zP}3`Lv_I>e>H+F**Ga=*&zR}$K`*f;!?|@29x<xCNtcXEmxJ9(sewe>_;ELJk^Vcs
zyCTmSoc#&7IIOMI=ay?}NZCDYreML@pFCXW*(Pc(bn(`BpG1AXiAs7z!gVY}T+dVA
z&uQ#e3J)1h8%95ZE#L6ocWH7HBd>wniCOoK-nInH#yu%|@;8cKhn2l+k48&a#KQ&@
zvLBg#Hhb(XpDn1hiI()F*`@DHo-uf)OsfgiOlj|N_GH1|jr$<ud-94o;d7o{gJCNZ
z_@eH^<W@qq+7EgK*iD&MqjArL9`EZs{AsRxAQMMCDPCuBG~oo-aK2QoR~lL-@r~NZ
zFLEa7qE_d|X}lI4R^I{f$re}0jc|IkTi@eZJ0$+g(G!hSI+r?S-Fn65agzPHD@k7-
z1?S^^ia2M7ULz`$>&5hm5E8DnZmSWG(*G39Jv8mL_LkqaV1IiyAJk?te0(Fg`$8#y
zoMWBvyJv1TW)0m}?DdIG4Yq#5Q54ha5*UnMz6(EWrzHw#8&^{I?c#(G($lODX{X$$
zV!L2SvMd@hb0|uDV4rUPX$CIA5~aBc3%|?#F(5}yH#l&hmy<YFMh+|L*rSI~BJ2+W
z?h5g{Sy!DJz2MuM;+;+c&qf%Xh~#s`d2}9uPfF#OTYp4tAkVxwp={w?jvJfR>PNV8
z_gc~9-*5^7<>SSbHIhDABAhUIeWQ3~SjCgM+efN3y4pVe1o!Bh+ozpHvu35y8zYx4
z%7@i>gR(T+ldk#p1$-J+i^XkExJF{81b<XVRy074?(BT1GI2GNn1Np$=-fHP=8Y6&
zg_&LseurJgB#vS+u?H@F_)j(sT2TlDiW795R&&}o@`pg(!!AyTK24)OkA-`E>MyK*
z0{ZD$%EUEd$Fc=gJsiogZo_T|c&^zMUu--q<o@LO>9;23JE1hy-7=iSD883%Q?{PH
z4N-+vyiiMssSbmwFPIpG)M-Z`AuKT&U<f3%ivJ|X^d}(J;bK78*IiK@dc{>p9hH{T
zy>>mqFK||;ZXlB)-nUx7uiB2tof_YuaX{D=JkK!UyBrep<&g#fc&o5=t5j$Ca{HEa
zx|-AJ6m(wZ3b0BUn`sA8ZMNdBt;DL=UwVqB{qT)}x!J7XlDh~U`i*LBBj#Y{U{}_i
zJ!)i0(F(cb$b-~MqKvB2Q^aO2=`oPt{4T!v7mf{Qj%B{CpR&o9NvwX~HlDCme61=V
zJNcu&@&xi$ejO6s3^vkAO*LPV>hDg-dHuZN0Vn!Y*;u1ZfLe*1Z<IJg1@^W{vgIy2
ztD37{9FSI)<lfC`dfD7${lOd}UZ;clr0VLU1XzyG3;u5I2YM4xIcc(mI?@W_-4dA*
z5bhN2QK`djy(||H{YlQ$kwTrx5F7un{FGtY_UH-!yLHs@=~@~;P9ZzmSvWPH!8G$0
zgPe<FK4qerHN-iCK-QeqwRa@>!kXDFXINnRgQfFE5Qe#zWtv)oD*RR|LeMMAm}h!E
zcZIC=oFO2Q$uNrik|wJS+I;ctx1q-l+G4C`J|8&+5uKTrHw%k%b~02PAX_+RcaEeh
zInozmQ}tF$J45(rXZG%wRhr$KhP|M<`0V-Z;E>VLp}v>smS9;-P(JPTV$+Yw<9a2D
zP|nRO@lb<|80Jz_v9>^!f<uM&&u4N6dr^v__Zv#$&puiTcB|BZC>xNX5%^{=L<4lx
zziYt-QEo#A&T?I9?W=a^^K8>;L>>zZqP{Qf?+QdpA_z&?l}|}*6!{D}Q2MGEX9o%9
z(%u7o%o^n|#e|hjok+-1D6PEw^k98p!JM>|OSctaQkA;S_NaK#SG$m}w=>>#SBZyG
z93-x<am3V0$2v9`zVbkkx!Ux(Zi%>Qs+TY*tt8R(r6Fi@R3&eK@<9-b25}Y)&NnJA
z<zAaBR4Lo9U0s;r((-WE+40kK9W+>3;EL}|A+Pu*45g*0ld6<VhQ9}3u=E0zX!)-J
zM56^&<>#$esZ)EU!w_gqvlb?b{JXsc95r!YYOlm$c7PbJN@CQ-_zY=Te>PT`(egk$
z4WcUICF^yiF=Wcf_nHFJ#7I`Q&_X#o&(qm670&gX6?0t}C!XD?S}Ol$m9CL=J?GII
zpm0@{7_OLR;qMM__y{$ADzC=^qy~*=#4fzclV6Jmz8L`dYA&bh+lJ~d!(s4L4I&C!
z3wk%<iY^~MzP>D_IQ0C>eY|Jtgu$Eh*V>ZU1yi42F@_x)Bw0uqRr1s!RHs)lTd7#2
zHeZAYOHDaUA}v(Qj`G6~{mOTXg9@?Yn~`9DTAFs7i#No}a3YSm{LLjKyIR{Xw`XEr
zXYF6wWamGk`U!YSck>?#=agXQiNN+&<8jYtnJ-1*M(Rtt`599S<{KUVbZG<r<l-kM
z@ceGd|6`c{;pwl(2K>w0MecdFINW7&P~GPm-<IM1qHtq|sm7w{@3(XpiYg3G2~OYc
zw+0`*?RYcsj@<V9TI$~~`up07Jk5Wp{U=O%e|ek#oXYv>%vQU7x{D1;XV^85sL2m0
zCM}&CEt$)5wS~Q8`RJ3lZahldm;)=6*6ujpmp&^T@1$;e-xBz8Z-R&@(}xb$uf3+r
zRqzO;U?Uerr44wyPQHVL*^Tl}4;2v6n0KBYxWfHLp{>2X%ml}abkFTdNz$v5a4V=c
z0^7p#AD7=$IQd6!IoTt_nqp&#=iov*&9vrxAt8f(TbQxsm!AN>&8u<D5Y7c-cnUe9
zs%pkK70_wxUZ&vak*2xbFG~@IxWZCipaGMt6L<eq$gAO(oirIhY1FzGTTL&Oqv$Tu
zXUKfst>No2jU2gn3f-xji7RSIL%)=(&)FR_DR^BxtSE^X#R(J=aFwP}wX&=r3y!Tg
z1_QDXL6mcMdWt@amM*Sl4Nl$}zO}x?dattN&_Gb$DZJawF(g`EVk?!TDIrbBfofuV
z9mKhltVpqk1H<ZHEXl>XK(4359Fpg2E1HvBOShX+R{D96bFAe`aV?MJy)g{VO;$j-
zxS*0dC9@Z!fmd{j;w_VsJOZP&VnQd?2e$^`rW0AvDO(ZskiKMX4a;E!BPFN*_>ugi
zvZ8I5YF=VI#EUr;eMr7B-?(+v$6*Jn-_}erVCQN3HrKDXEwf4Wm^ll&r5FiF;7*!r
zv-`!XI`86IAgQ06d8qZc@e(nwC_xh3oqJrIr{?~_UOXl@aEh7Uk5l|QuKyb!J^336
zm67a{Zb87*bn`}Mn*p@qBQ!vT91o-2iw2Wd_<z8e_f9yw`jnWyXG)Ch?@q0J<=VJK
zE@G<y_U2zzLQa&xBi-5!_UV<!t5=WjSeCezm}d4d0r4tu>JMEH$kFuFaTkcf?r1fC
zm!<+C;&n{*qa}A5C2kaKe^(b~KfySUt%HpP2(!2Q34gNd4hUTwCs@DocR%$1p8pdt
z)B6+f!<|#c_wM)b(g{0c5u3p^6J8!6&Q~S}{F<AW)tG62$miQv{{*bl#8f{CFfJgx
zUJb!(_fqJ=Y)&&5<U&Ig@>3AROdE!w=Mwpd6z27SAiqfEo#z^<$l3|gF@&}W>{MzT
z2NB{_h_PN=8#%gtz9Z^dpNkJ-x;9*!qsxZXDCvHPwA20fS2=s;lY6CaM!2s@NXlZw
zMc*U@oCJ>tD4k@n(7C_gWpXGQ5#QQuc))RV+P?$`hS5P*bmmN1(ER$bwFmOqimmis
zae(!7Ae`tRP_a_HBYrtv5LRFlV$v8{%Z3K4VsYGWNIBx1oFW6_tTA_QgvTT*RW=5d
zo+q8~J}n(BW8YrwVC%iou+&wB?KY9YF)v6XYpH77>TCn`bsvkZn>}BSrL!RS3;osi
zAz){lem~iRTy_C;AAn&I-*3G9<Gud12Y{Sp`wvJ!1Y!?;Cx6&{yY6bJTFkYbKhXDW
zOVnrf*}wP$aOO<vyv{T!)U8h_AhsYw#r&KmGhLUW({Y($>A7yWSJtf*YkxiC`535k
zjM@&Eyiq~cL~@P<*5`sac4jCaAX3(&dfYh0k10RCHePqK(j)0KW;SaKZe(CL-%^Z2
z3f0LX?b>q5<w@dqa5vmztV{9=6e6TEm!E~ts$dQ{+P?l1u>E9Bfwrg|dDBd=ECBg2
zaw6+YX1^q_k{rZL`W_gOka#3;JF^|Ea+OiGFe7thY0iG&s-+>Ey$?1Qv@dt*D4GL*
zP+#8=O4P^Ck0&`#9-Y5`qnuc>%l<fSg%=_gYQL%eeZpKA8FM`q+aUq^Fw^dMki^kJ
zldiW}9H{>jfWS)bWp>#tw`GHFBTJU>#>wsPOC6K3d5a$dn{V7re1KLcupAB#P`R5+
zLb=v*ZiV`UFgRP^wMaCwWUwhI1I~1&Fb7rR=qtNkrt4$XDm6WGBiw->33BjMnIQ{l
zy)}@%PXiLo3b|IMz#a(Wt@{eQ-r)3x<+7KNbKOk65p+#IO1=;nKYouW&)&Qe21y)!
ztP`mFbUJy*ze^}!0Ja<5p`VFSeG~aHPXm&Y+uY9_$4@wKcju3HP1a_=zu(`b$0@^q
z5|NSrl(cl#FU0RYR{rLa_WU!fo<sH63-|(Nq6@z~s*e}#uo8PZpfwP_IumnY5U2KT
zvaRZLu)?ZIfg5vWaS;{+cR9|kr$(u);j4j8KH^9ta^@yj)vnUDhC$*7qsNQ0?fR>}
za^81(N{b2Af;G?dZX9b6Q2V;HV^I+*Z4!rGHMP>(w|pyb2BZpb!EWWX7iIRY3pxUV
zDkUJKLj?_o4kLsobE5TS_vD7d6KnnQ@y?A0?PWlq+T;WhvjTT24jbfYY6$^<yGMwq
zp;%_o4Bw1J>DrH0S3THRGi+$+;IKLXE7)l=(57Zj4d-!T9%?P`OXP(mmX4cr_}&&u
zXf34BRMvg%dFZlwQj=P2y^$6PIw{rBgz%1DGuqvyUz?Tdf1_wgSi~L)!XKnDu+AwD
zbjF(+Od*gSALjz@*N}b!5*ywM%+y@__+(#NRQDaC?{PV4LE+%|c2YdH{*m97P#PlW
zD&vg1cu$Sn-WhLGiO?HfRZ?kDt?hZ%?pd`7%;5?W%!+B3rF80^tt!R{+;9;{diXhc
zR$8Mo*JSc;7g8)I0tqVTttf*EiNMR1)3NBw!G(j&QsWVKfz_V+!L0sA)a*&fw-NX2
zg<TQ@^$yywrik><bp2m_tlJmW*M!pI1M101;+sjys^(wtAC8!<wYC%>!MD$K2st}!
zT)S7GBXKx&(Xw-`VLL&?^oD^gI~rea>JaEO{5JWVx0Ymc63l6}0yiV8!xLaa4a`Z9
z<>sA*y3r)aByzt@L${`0&NG9=6(k1V>_S4;-dxl4Xw(#U^b@NiMZx-tD$_Ij^3Gil
zH6)6ZN!W`$2q2E)I{is2WnHEd#$tS3P67}HZ@Jh%81_Fov3_UqKP$+8O27?^5#wVT
zf5#3V$gtzo(^B2m)B*q0D(+I!X7@|j$k3aM+9gKQ+s2<%3L%YiO*Q#W2T^4P>!o1<
zSkOe|TL$*B(7m64&hwpp9O8W(bw%0zsD@1X9o}c`w4QYHUAmu|vkiLF?rvX7>_SEd
zRWB9VVjwKB32rG@rH7{1zCM0@9F+Jm=m)#wDq?gLnc%*;&{R*?;QXdx!ZZr1x4QV*
z*7mgYkzVzbENPv|R)1+%)H>GWL(}tzb&~z0<Am4I*+#ii&m@I=(j&XL?eL3xlv4QN
z<&$>1mMOMm^XCggVikhl;@oKDv{3_SD*8FaDfoN5{w`Xip;|b81cHRlbFChp&mU9C
zYcPQI=vLTozZLXo63xaH7Y{7VO=YMrEQ|K;N3|dxH$C159CYP+$d$G!vESM+f8D>D
zrR$n5#P$e(3URAXxL7*rii!Z_W@nULQ-=Xc7X$(F@RpKP<;ro_S<#I7EMmrOM(3X`
zGL01mEzDus7Kj?oszsH^OykrSPVwt;4YOgc5nV9wVp{CpQD~*oXQksa|G27jYe?$+
z)h3mGv`zANa)R!j54&Gvt2RzYKE<^hy>ew1hkLyRfj)rnXeFWQ;U+RD9+!$6BF{sQ
zqb(@q?;u9JX=L-5ty82e7_y5#`1inj5>qQwihMgG9Mc^;V*)xOhv$n|;{+^>J_VKR
z^4$1wrsvhkPr&A>t*a4hHwWcob{)QgsUneqhDeM7^p#nZ1T{poFSH8=yqHGdpqTY9
z0}2>}G;R39j<f>g!obNT<eVVHm`3MMz!x^UZ)A7IZk(g4#Z$n^Ke+bKVa7ix;X8jL
zIa_>vJD;TZ?faC^964|Fw;=kTMKzh2?eT2BntPP*bl(=`fF_e_w`m+pcS#ff?B!5q
z^JT>3L^v<L7Xh|~EX<R)rhrxf8>Un?73*gf0@J@{F*oeBM#n7k(X$vD2Ys?X29FzH
zN2+J>qE+)e5M_2W7+04Vc|>&<Tiz`Wf-F2nUOj7C+$vT2C8Zr>y(pRD8hE!mQ!U88
z`2u~tfM*gmDP7&TVlf865VNc|x~txAPF_G>B$rcLE>Y2EB!x`(3*J?hDz#x2&VcYm
zX~5XYNS_}USmfJ0X~yB<XyW(4B*A+LUey+X;{kwP!Q9b@d)1y|n0kgHoN8pZHb0kX
zivB%}I5|`Amv<th>y!G7CAmD5OF5FLRxyw`6Iw4LQf7VQ=4V+9Av3v|mEC9+Sg@pg
zFk4scmF57fuU*~pie0PQi5KAFnm9WD`X4XkkJDeP$baUc{<ZD+FT0eyi7wmYno(@7
z(Wr{m16e0vIQ^7ky3+y)oWOxJn#)aLj*Hu6zBYY3VpjBSX|W$$i5ru6qyn5-k5%fG
zOqXN#D0o~d_o|gPH#n=&5({8iLJk4aQ+!`pN?3@NbPggn{md`hs#V-DPD%^F1NWw^
zIFCZ#9COhm7!(P}L<!XtW84jCU0Gn%u?~`H?W6hFAqR0|squBcZ*{#-Xf01}4TQ@=
z$VoBKt8Qltg@h!BtKEEwst}8N18>FX=^2{l)bO*s?V?d?o!s+r6^9FD3!r48upSc?
zW(zWo01`!Pxa(mfcC{Fbr!+7BczEP9)t}7tKbhyhSsY}-Kc_<fIsKP%n0C2I{k+_R
zCUP2sTZVY9+*}V2D|P%PT!GUSgYZv3ZW?E1A78auWWb@d9~W#?Fp~_T+6rZ5ILrkY
z=Gx<~EDVj(Dp(K(!WXo>#!VWCT@VYy>H=)MzE01-Z11P>#pGC|`qIr2Ba)@w47jF8
zFGEWOWT9)iL5DxINx|%`dL|AIh!$^p&CiQ-U922Nx0J}9lbCpWl{iyTlx5~;1G}~X
z@BDFk(od&(IA}zk$N`lFs-w?p0Travk+&Njw8Jycv`hBopen1sv3IOoW$6)emc0D2
zMCn2Y+_nw0n3Ysf2wLX36)(yiH6#t$a`q%xgsic*ROW9U3ZtMl_0t)YM4(OA(=#7P
zC@h+zVL3TsP+Tz(!&uLpluU?;3v%7cd4yJCt^V*mY^QRAMY^KF4yw6c1avRwS!6zJ
zD^Bli#ncZIng{8HZ1^L&SWXHKapB9hFWX`sGx=obWRc+D62x2^CPmj&{zHa<a8m-0
z`T)pSWIQ)EvlokMT?W^!glNBF$tW09i`KW&B`yq-BA$!w*PnBIfzPWXRe2XcOovt_
zi}Q#Kcnz|H-mPF@ByvEtdib7mRwt-ifMEezC<x)5#1^b|2I<BxA=}5${1!sFC@2=3
zyCr1JsTcRf_Iu5%L@yJbs1PpRyYr4FVm3_PuxJjZXS9szR!VRj(=ZX|$!5cE8c8^)
z6&I(h&XjP!KqK{*yF;wt`$YGa^aizzxIIwVu}JTt_(y2G&1n`L=x5XW3(i6s5L_+U
zG#?r4N+zD5hDtStGNi3$#IH?CO!$c&pfa_EzeZ%9ct&1Z)3#wabOD9Zb0o2<lx}f|
zXeiecK2;lSHnV#8iDfvrI7C6Mx@R1P1Q=IJ7w%#vMj{KtHdD}{_wsIN3c<iD{>5-V
z4%^%~dUvtjGsGq+SU{YuBlm86a9*3FZY@%H0+gBk;3Jh@gPrhaG{2`ES7Boq^hZDa
zlUILyKYz-5R{ecr1K{6$TfgfMz;7WMI+dRQ$G2Y;W^u<JHu9QCslp|%N+gezS;Ch=
z5rrGTc6)=F!+8QYxPi!!1CjuK;Mq*o&m%%X3&0QbF|!BY(v5_+-2~On5@P+ne>>_D
z>^iqvS}(oc&@&$2+j0=a-bQKBCXKNn!jb-4yO6Z6d7=SU3!YAe9ifaburr8;Q5GCm
z3c~+5w-BxOc0vPm6ly1Pw#8Fjd<Je(SJJoLd~~*m5F2L5v?pAcGzm>tCS^m32`N0n
zlJlDwtqBmM7`vN<RHsT!dJ#Ba!pB9^2`3)Xgp7-k{mIr{Mbb8{Jos^a*+<}Nxmn=m
z7IV_`f~Gm!GwKA-v|B^YG%^<bG%kD<F^RUm*41uv?U=;}Y0nPYTnZ``onfk->+Fj^
z-e;xoT0cI?zRvOKD?SO4`V$bcJe0%Pr$$0>7LErUXSTT1ciSuL2bF~L?0TCVG<siG
zWUSL6t-9<!wb1DPp8kR&6S>o@;vLnSX1ZlqY0UG%R#x5Do*M`rkE*Yv>5O`QOc(em
za9~vk^l@Liw&Ru-bdekH_PK_1r{KwI7qznaB$Rgyibbf6+0{OzW2dN7@9;=%ygqy_
zH7j$<bl%6&g1WrEQsujeLA82pjnp$oEI5HHffuEK$(eFrV|&X&@pSmUfqiBsY5Z;+
zwTG~No_sQq1?K#EnNuPGU(Fvz%q@tFjI8D2;$q$ZgSY;pX#Phs)PD*CMyVSEg^?0H
z{P@!7TH}k^@O6(8!*g>IiAD}^QCvRlMT|!8`JP&_t4P{9tI7wuOoWw-Nw?aI${k2$
z?%_7H^;)U*+P61lz!|&x5dlrzprdyWcUYzCTDXQYu83~Vg_i?G@H)-l7XG`b8A~0O
zdlMqoPV6dBPH9F0QdF`0acPq0K3*C_w4{ME4T4JZ;$d?#6KA-k5X0L(F>=i|zz=+v
z2kb>&)RUe|<nGDJS?6u8SPno2j?tY=3)3x;MR+;AhS0_giOtn$ci<p?Vk&TUcUWtC
zVIvt`=6c=B-LU_~WeJTEo7RqKcz`AXxe4Ed&0UQjG0S)&&)!pFhzwUR$qSZh<Z@cH
z(H63eMPEujF(M7v!n?_-Tn$q5qWnh`pTxvB<jsknvu;*)2=SQAwr>{kD$rjDY?^e*
zTY6n3Vp~71sOFa9oY}I<{E$KGj8xCV5w+|$h0ca*d4_(P7O44#&nbkK0dwUCmfG};
z5NE+L9#3p3F^11tT*pq+%}k@Suq4msG6^CD6v<X|Q>cm-K*d;dB&M4BGo8iq&|)41
zq4YN6Qng5aj`Z8Jx}37iU+dWAdSXl1@R9iC5lDqB5#$A>iJxn#6z7pK*IV~XiSck`
zy$~8(pQzfpG}`Dxa=xF<h{WXR(ew9y5OE@@s@gR#sFL?>-{F1j>7dvl!8U0~*eH_K
z86K=s_+Yg?{vG>mr`t4%2|o%FA&QVv*1@^-&f?UAj(KMtLulLS%!`*bb}CaNjJ*o=
z5VewvERNyx9Znz6yge^qNE?&{YXAuCz<ouNyT3%_bJ=GglY*^+C3%;7A1&fBC7O5B
z94#oxNA~Sy+Rz^mdez6rK(9RpPKQSD(HdQik<~{zEl%_1-A0=SP(!<BEd`dgwq6Nw
zjlb@UY-&AoUbk@A=<sozjic44zL}@`EC&K!&T5*`_--~Rn-`p>Oj-=c*I3GjC=^<Q
zhJ6I4*%)Dy_3eh#Y-G<Bik&VJOd51)nR86+0%zgJZEa^rSw~V6#>t^F->+ZWK>El|
zZ|BF{mskNUH=TQXE;dxDgpXxB!GAnUYR>Q5m~2FQL3$u=tHg#+86`)$83k+;w;!9N
z1Y*G2g&JJr6@q$KT5~2OY2Me5EYNA@U)v$<Oqj*XY~Q|`DcS9Gwm&_k$n|)=maR5}
z=Y~}VFY&Qs2>7$(Sji$|fwOq92~WM)xaSoI9@Z{P=)C81$1W0vb<@Zh6Ali99JIHu
z@xb@cm3-L@tCnq#Sm{y|b{w1XNHZF><J~YIbLRNLxiK+gQ*?d`uuA%X{ap0eXvauO
znpA1%l#7eBPz0m^Ke0RV<2$313TYMR(q_gcPH+Fk&LDYfSD;DCwscY08nmf%Lo>m#
zP*i|bU`8+ZFeoZqP%%)Tw4P~u*Vrc5K&{A|KP%kRa*j^~W!o08fUS!9@>L`yjoReI
zP7bc<t}eiwxa5g@WQ}<s#L-#3!dzXYhexGI6^4EmcX3Wh9f}v1SbdPc2yB$PPICeB
z^;US*x)Dj}cHtJUreRf0+*mRs_HYW$yJF8HaJH7If_e8!+a7>mv&GffRw?tziMHN#
zWlH*@aJ2fY@Tla?J;)XZ+%bDAkkdVE#q1Dm>L)zRR`kSMra`pmhSgG6^VN!W$J97t
zRHJj<TxToxwZ1I22BQszEaqmO4-!;6uCd%M@)OcTzCqt(ku>GOH)sg(A`fRYZ8}xo
z?CRPjqlF}DwU!=!EXf}rplEIzcr2>N7_>M+zzhCmJOZ40&N%jVxO0w@Y%(qQO3f%?
zfUtN==L)3iy}@44&~08VL?`cbmGHq;P9Yuc-u$pIY!`h2ehPaK@hG?MjiEu>gQ3jE
z8=CM2Y~H{J2%d`D|6|FxGOLLf1`}_3!MUxV5iF$`yCiQ~EGTnm^MbQs?vs}uG*t<T
z&IyDC$fwEK)UP^B9O-T_Gkr-`Nv<woz8@gk+f~xYu6_58{i~+&w4F<N5cv@3#2%N(
z<k211N&<eSvODwnW!zH-q-*G$6s*LU8pI_&uq;{>VlFA_oi^_nH&0)%$9XsT9h6iu
zI!eDJ;EFPKF)erNBXY0CzaNS0lE>fERt#H@U)E1GpF`fg8CKuRo6R)=d_4g^ECaHA
z7KJG`(7)2Nf`p7m-Llseq^;)1-^FNk;>WGTMQ_cFEVXBjzk6!v@N9OA!!Rz7#%{#~
zuBY$kto?GJl5!W=85XvClkoyOr`vOzG)F&e4rpQW_(e4@&&?UgVR!Htvs{;&Ynnv$
zK-frPx$q~mAe25Zj=NThoK(ugaKlL?H(`<dV&LR3#4V!4Pr&IUDK%^f@6#pBXVnyj
z>!mh2@|(<XN;FDh9mkV&-5wi|8(hdUVyhxXeOYeA(b!nkR#>ByC*+!CrHYdjh7-zw
zS%qqZg@rXzhMjNvr}q8dv@6dxvXW@@b?R*HS8lHA7?yW=I<;GIXKT&QJ?h953X>kv
zgoA@i4(<ih%lWq=AfPPEv4#bkVpE^_A&U?Zn>Mqwp4@UimdZSzamT*1Rj{7rI<O9R
zm-g#2pE71CKmN4U*bV5VczsMzT*;nZobN}cTBW0~Cny&8<i@18iPh^WQKrYwG0=R7
zercN^i>V5ff0LYefz8ZY;Xb%6z#1^CHOrJf*muoS;6$;rWXXkNw#rtFv!={fNK;$D
z0a<mVp-+t0m6I~{p5&{)RKY`~b6m)|pzzUZD{DsniHEfDP7g!Y`{sbIc0)xoC$?Iu
zG+05<fP0pVrf(_&R~@eje_;bg-AyZ;s&)RLFmCLVrk%l?&@(XUpZ(!hWKAPO9Z6!i
z!kS&UGwQYW9Y~WpTS7xEyEqKD5RKGDMo)6!$8@<gpp5mIT|jbd=N1}2c^AKeG-X<Z
zMz|>*J@IcHQt<9Wm*i-QuWA|>Id6u#_JmZ)f6mUyD7bcD(TXfa3^qadFc{6XI3B)U
z!ty5vC`5&$w8?d)U8qQOaB1B=rn5s}xd7J>dF_?Q{h&X8)TxW1SO0RTK|;v{QXuri
zG?uIvFcuI!%TrxtM$%Gpd7v>fH(8l@G^Jh&4>)6wQydb<yvyFPPlp<{X?xYdqMSII
z@(PR**CB^TPTt8OQ&4OR=^No5>yO)L(nXo8bK4h5vjc)T&4ZN}4M<89QcL>vU8<Sh
zEL<MP9ITn0F3v56A7>;VJ*ykOpO;qi+y@bq?fBrCUt-7Q`a^1&?w~|S%VD#}PCcvv
zuTS<Oe6134Jop?eDDn23uOm<!DB_U;*({~7c`F#U$0aK38~Lc;7dqdPyybl<0o8Mk
zr&A#Id2EQ*E+6figK*w}^l_)Ui&?Hm1&{8(F`T)2s-F!UibTuI_I2cxt*u<m3}|SL
zU+3t$fOdfL@OP;Z$UZ5!qeS0T5s84WwL%ebV|PBliQU6BMg}YO{ll#Muw}ku&btjd
z<V4~W?t@nlqxPYb^qjAk$ebG0EAR*RoLO9FElBoKKT;YgYpvn~3T#BC3Ncp-@yXA1
zj;y56mzl`SFb#1RohpSIODzn`e#6i9C&HI*%U@bi&EKqbculc+Vb>$$LsJq{{RK6<
zZ7=Im5gvVJ*{<}wRK3zF?%V?{Oh$9?LC1_fmOC~GqmLO0i?HH61|Sbr(yUBF^GM7_
z^l^8a3gc*LrKMO~XEotA18DiSJseVBt9h1-HSC{4;J?H<^1HwLyxFFwIr1}88<U^x
zXKmR_n*=Y3wD4WN>5Ag{cLf5)nw{K?s^fH>5~)=3K^PDSG~vbd`*!&!O|UB#J={&s
zg%&bD0SDGTPFdX+`iYNoy#l-kIcN|34yd>f!otq$m%A3YF70Cn-Y5}7zPcXLpql-!
z6ao!<FLtij3O?|tYj$@Ma;nn-3P==?ri<MqnTzAy&tK_v11h#jnvU*@CCh<!@6w8l
z)H6NLj1L<pk`3#vMmF5dPqublL;4ZcqbgNC?a52+Oc9+Q#Awd5<2r11{5kW^SqrQB
z6=fRBjw(Z_7j&&^xh5LvUO%er<t0vRmQ}_}4@6r1Xh^Vk!}DZlGMI$q=3+82<mCA`
z7*%t~RZFLZQ$zlqC4HlPv^(d;2$j<7&ev=eO5KT_ubK}x;8&A)hQhf~u_(?-s9u~`
z9KExxbOak~*y82OSCc1Ar+Z2sq_=Q%=Za=}Y%7LNx91{N)v8t3YYl>(vD???xlBpb
zQ?~v3_q)q7EVU^NQoR#+>lbrgIfQJc!lCE{X6Lb}+Us`<Z!_aiy2*s6mkpvO8!@%I
z=cK;1IbXn^V<Ue+y`>H+g5J*7PD1E52CZE#)5r+-Ti3t*lVkom#{}?i(c0fb9lyJX
z*=uV0{I;A%_vs!2wzrku{<!<;2l-Xgx&GU)omXWlQ)z)8-}(LX;$-Ac4!nQ!LHwQW
z_heD>#(nEd>|yBS57uwjBhMKiQ(q<BpON%*HXb!FIL=3eiNeRL^DT{Uj(YYLck!7{
zVDm8D-sp3Eo40jWi`{R$fReKsiBM>SH5ah6^Q@9WZ$+&~1KVfs^l8y9JC4YraemMX
zd1LLuHNK2^&$b(Krh4%~2_<2@HubT6%Za(u*sm?*REBGALbmWW-^vUzZZ}r_E~+>-
zQgcuoIqySUqAq@-=`$L}$q5V#eDZAZ(MjAryUhX=G(_P6#k2;ZBr}9qcHdV(KQr=Z
zh=zrAGJsS6zE4A#@r)`6v=g#RVG)?LN#HRsFbOsnEZ`;%D4<eFFi7ESd}rvTIh-#W
z*MjB+QSKv{Elj&q!*m>qeJ&13aYmB=m(v&dcaZNBm7hflZSQ|JER^ZT8Gm&yOBlLL
zm<JVgI^Rr|>^Az!wVZ-69o5t<5-}sh8+r~UBVC$j;7--4Lp7OQP|a!r;kZ@7EvIlH
z<GVLi_ywdk{wIJ#KszPLay2j@#+sbhK=IZj#x~BbinHThdImG~Wapw$OMvpRZ2XwT
z9w23QtWBGdrq@wyHJ+{!Ur?{t`F|1j-ce1h?b<JPQ9y}`QWPnn2PC04m7YK-0jWWx
z6CfZ}5zwX5LQhD*(3BE-=!B}SMNLQm385DS0!Xuff+)I9-u>=x?X}Mt@80L^?;GRH
zKQiVRb0*IibId%?bKm!M{q6@1H}gDIwkKhmqQ1|=QC>xn7McSM5@vFfqk9ijTC5zJ
zhQf8<Ub+NlRZb_-O!SKLpUE#9zI+>A9J!=;+g7a^$nh#bLChi*sV_QK(;SG;GytFN
zCYkJhRcJSt9pv@xxHg_jAvHxzH|X>Zk`O~j<20sZX43*AV<aGRI&&T9*S;*(j$7oW
z!P&^_`|BWuEf+lAqvqpwY9_jlR54k(4wN-JZrB1xfz|e4=6PywmW^a#08@RaEHuE-
zsGk4fkuN8lA-t|wp~ge3fY7VGU}3?@<&=sR)iqZd_6}|_FZr19hDd_MHP0GvW^w2<
z3d97D+8GQL(F?T9gr!#}%Qr1F?R?%{3voQk=(teRO$heKiovPs@YX-MZVjwzhDh$W
z%>KB_C6SeVDJ1;IrK-kZWJ0(UE^7PzNVX}ume-8Xds+JAb1BBY$bDwP^DG#Ga$Td(
znldxJ>`|uRmz-|W_b1m*rNS}KhTC~<Hkg$IJ_DCPA9oYA{QEi9+kbLF({M0uoVw!g
zhq+19KQh-9oo~esR3)4;Gz}Gfopm=qP={m$P6eIK3KDDzUd<`4&K~kMRlTUl)~O@5
zf>x9&GwR9q$ay1+BpXRD92)C<eo+FuC@mUV8e3sz4~}??{}H9FboKDLB=w{j#3ZXZ
z)5_Lk@=I%0gnDa!X7eYX(5CHM7lNAhWl0pzf$<m{AP^pC#6X$<QrI8+e!W!iifCm*
zXmFN;y(U*Jg!n#j^DTBf+cEOXtClN4T~5;H{}AYVE#aAyYCx%gSs}}zk{y=rpacMO
zzBEm2xV;JEdO=Pycl)^+9G9{yzG96H^ggU~n2+bBKxT#m#DnOxR8eR4IYj=#AkN<J
z_E2}QRI^xf-V*~~eVte!REnaXI9B0@7v9v{I5CPexmHkN^$A)Z$S(}UUg^E{c}T*a
zaO%{>(Fehlkai1&WIT<t!I*)a@V#;L$gK}wKGpk4*Ui3)?^{c(1KPC7ON79So7ci9
z4_dRDYs||cY*2{w4O`D_yOIys<gqzqWEJ%*W&feD)u3JE&0{Jy+<hN-pX0@M;AV5~
zFlQV8VCOLS@nN+O{5iM+Y7T$|z~dmC3BJQrlYf}Sw$z*LoQc@_7I^r`%}i_Ojbo2~
zTj!~Y#0;PpI(q}*R|k)GpA)i$j`0P|C{L-B;I`FO+v7!kC<#8la{{CG#Ie;B3NkeG
zn`xqU_P+kP`X^W7_WzoZ|DN^bAYA?~-MR7a_xx9J20tu$%PKRcFI8$rS~h5Y7~^KK
zd<4$YuYf(5*(T-$1eWohOlg2*eAJo?mKxB8rl=hwZji=iopgp8rOL>~)pZdrOg|yS
z2iKI_r`CjlBKra%ktN1bIK!Qzar_#_+9$cRK09Y^ga@8uxm#FbJp~-XPLl{(+V6me
z-3#=AlnD!QgaxU&b<w>&+XdpK2g8`W7Qf<Cd6J3T?)eY`wR<BL{vN2FM$6P$7KW)b
zj%c-3L|!%&lQMNP#yQc<pg6et=icVVr<_-MWpK$`<hTeytV^FjWdi&VZ3ttZdj5hQ
zW1l^)=kUgtk4prl4ExYousRt)NxiB=_Luj8q(-IpWAWXAT82dsgFpa_OilGu9C<z3
zzVY>}Yve?JFm({*|4_4T5s#99*mxVF%YS{@nv8jV*T#8*ec^0SrKtM5DPupRJ^Yl3
zwuK}<E~Fd-os%-D#|p-<4fr4XNeNf50zIFBra|&KMDdsXIC^S`shjr<IR^=|g~6!Q
zA3E&AZk6Xgh;67G!35`dd>!a32sA3y#Z)r#2n*b5muxDN#hN}8G_*m5KbT55sl$*<
zNH3wG@~xN32l3e)d+3qou;wOHq7CW}1<-;8TizTqftso|6iE}==%cIPwifuNAGrCR
zS)t!i7a3x?3eSp-^Ll>~a(5uKe63=TIdss^7K80XCNhpDHLPkRR}#BWq?L@pP38$&
zvs@2r&M5B)<`5BQuT1SDW1!hzF)<AiUX79(FiXdH^?UM8OSjrQkX>s*wF=S`t&7&~
zO|RN|MmL}o|L{1Ii0T{!Qj%Y#NhTHkB6G6t(6P}i(=qvgt?-@l5a7-FlINPw#>a-m
z%Fn%_@ad>ambPod1q*|4uP8SKDab0l?$Bfj36?}5M!dx;9Jp~}w#JW^U8e%H8vhz=
zXsSkuYmpC7w8wew(!?Fx*tqP;8;8dCz+3k#`aVnsT381GrFo(Ga<Rp)`JXiAUU8Z<
zv$D(1GKcVYSsHQF%@&2HZjvM({SFC8YlMGn$a`NC2qUbWfxP<)$g3k<;3*ukZG2~K
zVUX9ihzO{IS_4jp%i!IMxTM?Tq9SQ&uU)-x)(8vfE4g|_x!uxDt8%>Y7cWyk=EAG-
zYh>^FH5*@xwbfa_mV0e<b6aKgYeQ8VL(LP@l**p72OZq;+f*Xqg7s~Uo-A51G(;s(
zIBCvQB_zL&D?DoyxX9n9u*tUydg^~MUsUps-suP2dP&EZx53+svVoLP=8gz^J#lXh
zhw;0aMmLE8cr*i>T1~^bouGZJX=+M~q9^B7yxx<NNdG9d`OnGVUl*$XQWpQ)jsHK3
zoK1ME9_-Zst(x}p-UmN>wu4Mkv@5VFM<ZuK3fA42lPQe0DAN|u{*&+<zg#Zbg<Q~$
z^Fl9;TZ^gmtl5pY#$rI4km`*9k>>UR5&a@8K*(anh=H4AJV`n%Ru<M?;h1OM*;-DU
z;QqdG0_i@^&VzYr>{zJKJ&Co~UM6P6g7}wkXH8zM6q~O2MrfBe*^NGoXvXCM?fTJ5
zx2J_aDnezAU%nwWI3aeg%l3_47T$yg&^M2z+*MHWt6Uu)w<IvJcfT*`Lko>9+Ox9O
zu?$XKUc%oVmBr4S^nY+uXhrJzL_bv??6*&Q;EK?LdJo1uF<sX3RTp)Gp;0P1@S`w2
zTOmM{ka@zHTc7C)1$Kg`fN(~6@HQaR{ijQkn>OJ3V_HyoV0g~G?0gmgQ>>Z;cRtIz
zyq~eyaTx<9qG*A_%5Rop2|5d6W-3?Hx8$*>?RsY#Y#+K`LsC;=ey4Fn!)#`A(?FJC
z3m~;ERd$DX5quB)55AB%;!`JOMzE*U(_zJX=UbM&-`?Y9T-fH7%3#Q|#D>U<SW8*Z
z^^2k5^R;rwx8bseofNMm2Bo39@kn>$J!kS$@GB!vg^Z<Pk8-%Mf4FH*{M?o&4JK_@
ztomZC4Uj74a%h~s8_H8=v!m7N#c1x3sHh1kR9JD5`L>0dawO9-GNrLS{CS}&B(Sq}
zAt#gCEIU`Too)kMUq}1D^L#DY;(yvpaWdz(yBVV{UX-j-PK@Uf8ZjTgk?bgg@kK*z
zZu(wYt*xAVjY(<UKPXm{*vawDC{|3CN1gtM%rd$xS6o7OICSQr&CKn`0t;Hr!OGK{
z1Xcgy*cos^qgS~6{et`B@$R^G@+(7>YAZ^zLh6acoJ9Yz$6D}GgXi=5SOJ%w^dkwE
zSMb>m)rq9S*qrDet<BdZIHl|Ju`lRhXL+$5>n%ZV`-C$5>yvpaJ~o-^=6a2_#<NK1
z`cT<2)8v@p(%Rpn<Umy){fW(0(ep{aR;C9}8UGM0`ElORYuaR0jI_{9@$FFzp|@+R
zD>jU^c}cy}CSCDRs5m<7i$UZC<OH{_q2;D}u)1T8f<i4qJ@>yq*M?1&XD4}|Explb
znPBX~Ml{xwKgB(_(CJ&QezTy44kWctGjJt1nlbEZ^{x3a7wtQ}0X0<w#MohX-cvUl
z_Qg)K!PXal@TnDnH^J6|g4neC>*n7XbRiD?lAsrEeeNo&pi^#jCt|9hxk4ujYknUF
zBvzoXymFGA>$XOtP%UJCb64u-&hgO-$eHt<v;h7)eznE78qYXDxTm;b&JoB2C?C0$
zRd(Jl*rYxLFsp*Y3wPXW4s_{Ald}J1?GBa#W$Gud+ZID*@LmJ8vYe%qnC<-|(4as(
zr#O|pJ6-SUmj}^k?04v&k6-#WZaV0c=Jytsv$~wsO@~=!pWL$-6HbJ{c31q5;U_+y
zVr&MQKQMEa7s6Xhc_vi>49+p9r(BY<5)?e@2r_B<+;T~)%EI1eTT?GKZ*Uu?JOVb1
zx9yaTu2TC5r#k+)oQhTHb+bT)@UG&!LukKjZuZ@58C|R1PlcD$^MdL>)a27kt+X+4
z?@Ap3FGxfMk4U5v$RD;uYH+p1KjC0V5!_N{;t~*vLpg^8`#!(C;pQK<;PpAA#5i|B
zAWQI&X<?=+TqZa8>;bUb;P?W`6wO2Ng$C3xr<}f2Ya@mVoWstyXY!Vb_4)Nl&h~<(
z%ySp&@j>0uD?}6hOXdxZzyOlxh9~^FlI#h$-=SZUFAXUNq%9<`Y}@+-MdqLGPL#RF
zX4)ZOvRCtBdW&-aOOZI^7|8lhpMtvoUJm~E=$(^Z_zwlz9l2toap9D-=YmQ1J7+G1
zEL)-pw5JYjNvI-&H2G(5deWX)meI#-_^?7aWQiZJ>;V_Q!@gAE_4vgG@M-f`gbIWL
zj5)w71a!dVW|Z`x%|#^GZsTo)F%5F9rz#^0zkt0zH@^x}w(6Pf)~c=5nsD`-t~zV5
zy(uM37x%WkWpsZD;4GC2q>i)(%7<Sa8Ho7((D+p3!&c2l!N{-UW&*!dk0A#Jk_JvP
zD=&s@hRYd3!R@D=t!XUv=@v&l69H7XNxeFen7tvS`oPG4pzf)|;H<;Qozl}E{~$Ot
z1Z3^Ej(H@o^nA=2E0nBpJb(%P)zEw5T;E2}s@GXLiF&j*zR0tQANLk!ijl1CcZZ_?
z<T`}atQ%FnFpxzv3nuBr^LDMvHW2|?(48Dp77nt*U;g^6P~K^OlW@O90^Of5QEzg}
zz$&ju?VZ|s!F~Kv=zc`_7ytqDd2|&=KrdgKk)nPw4Whqq|7b+g97P>(u62h@$tpGZ
zw7A8r=(yHB7BKY1mG*n>Cm|$MmN2k+1j5hyYRaB9&Xhsz>@oJpI8uA522O@3r!*rJ
z!I8UngIPnhxOPB_S-}&;cbT+<<L3#Q1NhvdA#hoUVx=7l(b@PCHgvm;R{d!vdi=aE
zQ9zBMp4ZFWVt)!rDIPSm<<Rj?E~5iM+JISUKsqH;YGTqlkru2Is{CZk+tT_<pFCI?
zKV!+CgV;V3rtrF1dfH@9)c0hdL6%=?fY7nVZ14A_bqv0?b9BL!dkDWY(%R`@E5i8{
z{A?*)R;3>{*kHG%*<jZ>x;LGblM@m6F;uAC=WPSzRZYJm_U;mzT=WEUZ9typQ%Rs&
zmlu}>CL0!^EQH<bBQYM4k~ve^O`lg@TS|1j&{z|!gv^!}go(~ZmwLT^=Y88lIr|VF
z6-+iuw=S#5zlUeh>oc~M@+!OY>#hHIZ)#%+l1W>4hayHUhCK%(0$U4mItkKZ;X=db
z#-x<cI|_4mC9VEQdiq#@mTmq}`$KN|{o*dCTm-GBoTjV0pG~X3N>e+_b@sB>fU5Bf
z&;|@fHVnR>@_HHYtTFf-gB6{A#WTw}1|pPJ;Dg~+a|VuDx3$UQpgE(6%rY_!zgf)K
z?rX1+9m<WU<dh{oHkbu=DYd>nMCe!62|Al{pyOSj8w&8$lwFyUkR&gcvzmzy<*bRs
zpDW%ELk}sA9;92ZxQus1q41rXiC|IMdbRSGdOpIUiL&}(eTl2=3dQGe*>%%(^>!+i
z+V<_zQsl1}s6I4+uF9BedZ5}HCX*TLX)9e6^eWLpl5GfW-zK6()?w|BoL|EmRkrSN
z@pm!MSJ%QwOS_SCFLUMMnIy{>NWrtTZjRT=Rf-5Yx$Jsf;T}HCV`UkH&pV&e4Wxbx
z;{;_6zbv(;0-Q&?0zMOmV7Wux34)$XF)#^$fhrbWi^XF3H_3aP9qPMLq~WU?KjvwO
zlh>#<5OU`=@8TpQomloJ;oP)KZb=L19|{%#+JYMLUaP{z;EWPu{XNO5Ll)I9BjE^w
zAii6TC`<@`rNoge0=*01GZq^`jAgk$xz586ve;GPFKgF|GjXqi>*6AaA2?c@m{-Al
z<(#r?<y0Of;I-bmwp`j=-fHTUB#rpoGVf2WsqOT}A2&>PVvNWA&Myrq;`Xb2$8I6e
z3wCzeV39Tpg-&JO!e;<m)J*`D-ZgC<sU68|-l~~fwsRU)dtBXkjod%;)LC5Kd=aKm
zW3Fnt(YWxz(8iNSnK@ph8j72pQk2*{MdiY|(ehK*OMQe^#Tl;h$t<&{{I;I#6AoHb
z)cSohWwo1PXpN~*9TzfIK3qQhPB2fg{iTG%K?%#6m*d8GH$J~}S$Zzj@7@I=<E3VU
z`JFW8Y;$8{yaHY~JrM`RvAGOXiWOOA=V!9K!m(`^*>QShSBkL<8D4-k^JgYB<y^<j
zVm&NA?nA6#s3c>o>Ag{!b5z{#uLeWRlfrw-l^<FqpwjZSgMncfi*s;L{G8rc07+=P
z!1KA1SR@ek&%ok;GY@h3a#z@CCqLD$Vo73|8n)rSW^?M$%?dv{VpE$DIYzZnr9B;2
zKfRupHsEL@i_Y}Om*3j1`)<^=>qnoi@=ZNT3tLrb3A##n;@Q}Esi7G04H*s*62F8|
z9z`REH5Lh@h<h;0P=v7f$2VO2Q@_t^K7}sUj7P|pDt`|1aEcUAVH?wz*u0esH17m<
z#pG~jtj7A;qN#4PWT`>#*qy)_`l5L1!E@7~&!s9|-Y?_^OHB6p6ux~LU)#aqR_zSP
zVv^HL!q1n(+3pfMJXwxK?YDB5R+HHGRXxU}mDNsMh!wG|)JK$LCXA>ER(X|oSbn_p
zQ+Hw2_)Fy$Bi)jt)D*Djw>5f&QEK&O;t4_#!G4OP`j&&Q@9;GaGGF@BzdanugIIkL
z_}<lG;hbup?Iw-Cf!-vvewB42qB|J{nW^Fy8}D^C{H#k-sJr4i6KAGPvKI~%+3i8)
zNG&$##g42%cx$60(rDn}>2WkIttgMtuyrRTHO2%`rgaKL7_Q$t%XLEkK6YdtqzZBV
z*!=WlSK7tohBBW+v3s=in$4*kOIkSKf^Oq)7BU#cbE(AEE<k=;%Z-n9T<?3wV|@g@
zE0I1zgl=!^OxIa<_`S(pql;=!FKEn#!h5X8TAxOL_Z&^7n#FcokbV`V%5MQnEz6Li
z8<Y##OM=bEpUhYx?b=+F5x+twbb<@y_Xo0IH{l4R>aCaD+5sq)Yo*lvbdT>3x%47G
zg?9S@zPr{mO<5F;&v%<CS1&Ewd2XH%yG>@v!nKxY1#F_+I!++2M&9pcV5TH?)0NYA
z=06?(x`^@nU!rc#7Y+dyl?;mfjx-CUJ6d!^Z9?TCrO4H#{?6Zu=iVo&;q#x1uh@n^
zcX!bxut9eqB7a9Y8#b+)X!sAluirB3`g{}?zcjK{<$@J=lO-z817D2O>2rKdJ4WpS
z`EMwUltilYjsIi_F0K(OE{Rt4t+^odhmhUo8d%b#q(AsOT~OxXP*f}`{gf7bQ9tS|
zNw9#1rp!7~U_A6kZ_wvzN2aw;2&~%eNn{Ym`&ec9n9H8Vrpf2?b(!6U-gqJw<ilv*
zhv`0f@t+>YKeX3>gJfI(-NyWX%PJcF%`o<x+>67)jwG%0Gxke9f!)0WLS*Sm+KQ-G
z0_pegGh(qJs<*R|2-8Vb;F>(N;&{~VRjQ%^pfgQ4(#9bf%PvJG?I}2hy>YoHjP6le
zggSp@WQG@m!QxY1^#%P+X&umTKHU_jNvv|E+;_&qohu2Eu9{;Gl-V+?)-+20Q<98S
zyQlYCXLm$8eithAa@vO^s3=_#yxp_5!kxq-92rAQ7B<FAh~fep7ED#-<W23^Qzfk8
z^#JG!;s^JkfJ3FI<4SJvYd;@qqf(h~XenQsE05{yt@QZj;WscUI^WMOra~P-hA43u
zz9ef+9P-Xz?{rML?b!J+o?F*8)cH#l7tQ0;!2}Sos{5*R(V__cc>}&<V4QBRsZrpa
zCG15p;meuE6(J+#LVnrQ6>CkOoG~a*+xVfdH`{{FRs&0bM(elQcmi!IG-`xV0$H0M
zE`U8vR>8AEvZK^VFF0u|r?{c13_lkXVvXJR+T%8x=Ff3PrOB6_krwTP6)?k+1;ZlF
zv@O6DB`H=5nJIvAb{rIF3T-9u%g&qNi($#`HGQg11;(N%>&K|CQTW!caklNP_n3}x
zm)Fi1Iz?X^IKJ+iB$qy*e<mCovBhv}9ALq9t2!#sl$Glc8LyT*@R~v*h?rWTvv&QI
z8=<8|JhGFNMVlOUpX{gDRlobRZ2nk090PqCE_x*rKRRerAo2qh+$1JBlAEZafDe+0
zz(^LWVu8;7*iX@aa$SzHTz~&!iE^to_p&CAJ@t}%!mfPXE9TPslywAd1qhT{i-^?C
z4Hea!;C`7+ZX*6Tf8M|9v9;VQ!!nSod9zmY)yZIG%u|#x)4~~L-42tahb6lsa4(8@
zeMDL2{!*{%`zmch7slk+S%~s7Bd_LwOmXP~FOUo)i@*;wX}hxA#{Z1q@%<R_*1F_r
z*%lRxg<Fv#Kc3+e@BAvso_HWnE-N*}aAVbOD$tyTtryYLgtIReZ#{@RqByWwvsOR(
zbwa5{T(~|^G~=@@MaWAwm}G>Om0+t1W+u(lbwsnT43O<h>Us$IaMH`FVl{DEs+2i6
z95IvO2^UuAw@E8!u+k;pz_v%HR%fpCpLKE*SE)doQzOL&yw6qG$@^t%4bhQ?Kv14L
z2YOPXLP=p7L#_D*vzA|<;TrW9d0;*v+FhR`H_VlOIZ12gqE|OomXtFpHdGQpYnG&O
z!*Fpj^k(DeRNP&)2lnL`om@RqEc-vl2X2DX@p&OvOh9RVOYOI?6dU3A?3ue5KeQx%
z69#bvNlzY$xM!`bz3ZB7ls4lfU(ptk|BxF&&dFlh2IdA*rKS;QO9zjy3!tP=XFhx+
z8EH7Kqx_zLD2uMTeeZNZJmROvhM5U(Z_&-p4X886=rx^!C*f=hSj3Fa-Ji{Ck9P;u
zRq9u0H1pJ`NiNmahSf9Y;=LquwxJ}ViW#((M2W4q?N}9KqyFYm-q-tlJn$l8<&<jy
zgV7&c6F@KnZge&`Wf~#5kCHw=Ga$t($p+gQdmceY*#~#`$nUfdq@?xXy3S>JiB;a4
zay~mFuBx|z0L)+%Ih8As(#6rX!qegq!Gl~ma&NsE&w$evf{Qb6=)4A}Ts#Sj#5ZAy
zfW!>rTD=vcskTi6gF$5%^TDvKJPBZ5y?;W$)i!|zHrwW^N)UfYAq!aEM=JDcA0H{l
zNV5YMA`Ps^;U^i5?Xyo_sj7))I=FajjZMtELL(%TG-bWuWa@iVLL{PD)P9{c-Ns<n
zc;X`U$^Mo1ZvnptcW{r|D6I66ZBoYuA|MEMNSH&2zOY)xB4&J;U?w5%#Iwtxp!;TO
zCiq3qj?hD^`_}~@j-Oxkv46`5B@33+S*jeIxFmHY(vX>B_Jag9fg25!(xf>p%Q(ls
zPWb*WXVQN{0C4L0|ABqFcEP%6y*JC!<rKcW%z1o*+PF67Xlqv*JsEsTdjOW}1#dTo
z#VDwe!t$13tmulZ;Fs?`K86VC+-}|4*1k{3fUZc0U@S7xnYCK+PA1B`fh{8X0M`e2
zqrKl!r<Zex7mpT2+B*g~4zm?|WCz`b%(LZQ6d+)R<s4=C({^-7h4jEk=yv(^4DpFy
z^M@k$Z$BC<wr3}cd;0Tp?bQUd1(3<7CDaAXCsoQzo(+<Y{=vT`Lb2)mAO@AVcr%fv
zEaGu3X;!2(4Onf*@{<CpS*Vcd9>A*y1paI{EEfBlJKxZw^Q8}mLPvoehZ00Hw$BpU
z7jq>Lcsx*60s`TP_FmVaG8@8wA0PO><0F-M3U1q4D^ri+Gr&mB#|8kT#T9!9B+H8E
zVc7<?ACd4Q?)AUV)aQNqm_Ma+yP>UJxtcX&`m3iTx$bpcKrr!>@0N))@?J@7aei+o
z$XQ^f{MXL)&fmkQy>^4OZSTgpPzNQipHrzb%7+DCs4S(Ncw*@-nYGd)l0q|X&20^8
z&D_xPLl?m?Nh{JpC~dtVdEg9^hH();EN+~wUmom^TO^suFb5@VpfCu6WgMd#m^K*S
z>zXk#<1lS&=iEck!mcbinxL3A*vr8sI<XqKt(z4s!jAm=%%ba^o?Lg8GVR(OsU5YS
z*1wwEB^iBEHQP`fh^D?L$=P&dEmNV8>uP;kKTe4JG5Ug5i6PlICgrtL;Bl@DBD!@4
z)rlItyO`(hTwxvpQ3aeg#BuoHl*`yl3Zt6cVXLB#<cC9&7!PygG7`!rX=XfXBvCn2
zj?F>>0v11Xd@#6O{aP}vh`F!i0RYcFbkSAlL^zWRcT4I*J;hI5vZ*i5HFXrsHI;DG
zBc~Jq6$#01n&Yxb&8~5?ORB#vD(|mj#Br97yHWEthW8ogw#X$VG?=ygP;)g6gxwa{
zOJmz=hMyOCez7&d-^RPkvpbiU-Oh-|JCl5!qRyLq%b@<YQPc3QWhxMDBG{>P@ilEU
z(dpXPxHNg$ft@h6kqx{>KGfVt%`i@l@Ul(t<J4eVgNr5W6mfF9-Y@U#t$IBpcY|}j
z?Dm8A8{tJ+KT=wpHe#Dp%DAIwp8M0Y*oKV2T^X($mj+bfKjHL>1<xr@lI?PaxUKz_
z>zCFqS4OB@B!#btrFmAoK1rZ=47M81IIDgBIQDb2v&<IVU<8o>4s6b+W;u^jF<MU`
z7epociNLJ4=6%Iw#6<&m7A=ew7zp#kc{fe1)$0UZeva~iT3!*UDm#$-V?2?DxIGgX
z{!6;Wn<E_LkLgi~_ONcf*Bk2dCF=Z8@JUVcigb;yNByNbWkXoT8ztya!LJc3!O$Ph
zg5~s<yFzJcD-XI+(ZeaXrcIp3m>1D@%K>pM&dNHK%PH%AQ~J2fRsF~k>UtT$6tSx+
zpPk5l@Kot2J!o}Bvv~JYCQ9IyPUi(`&j6oU`BPctA^AXhSdM|eqgss-#}$fgH%0z-
zbiydG(d>Q;iq1yDWSBFCP&IxiF8KI}5T;SXibW>8S_#<37W6a+6v6);QTHEP*#D};
z{qJ}E_Y>iN{M_Hq{`F7)o1{ueDxB=Vcf>O#BzixhO=4sWloF99oTXM%m){arR0nf%
zmH;aj(PU<+Z7pDlu5Y~)!s#`A8j+u*E=)ch*lun9P(I8kHk4Y~F8-*?$TIrX_oL(q
z2aWi5q~zZ_*Zl*V_&>RJM36W!^S;#gSGD`do0W6-_iS{kjF;b8gpjT)Hn_YjH$WL?
zF^z_%&b>yH&Jj*mcMJ3fqXe4=4`iB@-SHC&=huWU9}!m}%YiuTVJ|xUwHn)~jmUfY
z?~VV&07Y+ZORg(bxI_O48wfmvapt661bgyW+KPmLoh@JdXC_fw2%Kt`ELw_lgGm4t
za=k!tEoS8qh38l6#^$VRKM5l8Y&1xxdyJQP9kXVK(QN#bD0(a9JBsaz_l%Pbx0d^R
zb3whoF)|Nv;7k7}uIc#rA5;30(w)$8LX3k(`=InlU<~~zGT@ap(mLYGPsvvDps*yB
z<$J1}*Yz-~Qwgy#pNl~j8N9(~Rr}AQtyjl&N_Nhj6K{n+fOJG`YvHQ`=O|$1rhmRu
ze^+WAv;BL-cewKJa=rftnIPHb{V(IbT4}vp%QWyG)0PA&eNQQK4F9axii2d%B5-$t
zTH5xeLf%W#40bl^#muR>xhh-R(VBvkgZOtQA+YH?iL*{tnbtTc2d+^cvtlsks->HE
za$MPbkZ4}G%b<HKBcMiYF>~?yz%yp5S119#W8eA&X62$EZpWX0O}HIs7|(7`5XTl?
zV-QhCrvMpduCiogNf9)3=Zk^Khp=rU=bg{dmRDTD&(H);zrb&-#z+%0&1q6gyz=?F
z(&njt;ZXzk!go2@?`teod%J7A=ex@Mj+d~lE7sm+^(|E@-kY5qRA@-oPUHCf^zT6?
ze=S0;yu8}Gd2Q}`Z9iJM-APcnAglRCS;4_%>N#9~uvEfxeG%&ld0=^}Bou+i%}E+R
za21%g&+|7<qmRy>D(1^|b5oN~zHJFy@#sU5zVh}BmR_-L_r@8|Rw&wET#o4zL|(+`
z$_zFwknOM!$3bbPdF{JiY@EdJ=m}g@K*IS2N&{pznc&k#GFpXZ%qo4oXjyL>KCWqT
zFWttl1z~ghXIwG=%rif6l}tIO#5@R4lAay2r_>X^W2F%@rckIAN;DeH7tRb$=xu+j
ze!5^YZYkHoIl5s<%UTon9Y6zMf_JU;)=la4u#tzc-;0y2mw0S%GGE@nUgRNS2Fdiv
zjJa@Fi6vHvjD(_=g?(j#qNPRpspZuHO$F>D^=+&C&yE*(*VW~=?hdv8_*!3TnR@wD
zg46QTb$5WMQx-ueKUhxO3>plDhE`{!;&na+N~%29rqx`F0GqPfj8tcHE{q@t(gpg=
zHYqbn!HGW&oXJ9$Z<0J+UcQX0+aR=@(2V6NJ5q+XC+eav1S$z?@^D`m%!|A=n>v7`
zND(<ryG)WO*~0nkoZA5m++ynOD!ntRwbDa7Yxb@48QpQYt5)DXFm<~WN<|fSM<_SZ
zkCv0Otwt{~C}Fs#F<bjoYKnG@eTC4y$jqTGROoC-w|Mp2?n?3LYnziDSNg}?<kb1=
z|K#d4)M(0SBME{!qaTT|HZ8`Pj#|MB`t2zP2@hPyx7Ffu2((}0y;FOeTKUPJa(nWX
zE`&{Qc!kGJPK<lrJ4bp>2TO>w?^9z+faUNTQq$q3`8TV|cS_f1<}4zxS^M46e2%Y(
z>wGTR>v{xVwta{^k;vm89bt>Hvw9nbi(itc<;EGvq7bKvrzPfkFG^<>ADY@L@YXiN
zim_Bip{itmYoIJtV8z>KMO>-V&$hk4#1Ryp-=|&qEUx;L?amY|F7m>zn{+5>-bnxz
z&?2#Ao&AhcFRJwG%l8v#dOuEDLw~76#vEWE@-n42a0jt9hcnV}By3@${&-E1h=F&J
zq$sW!GFc>ehWk4)$HpA@E6ew`1WEwT6JI4KlJhh0MiNa?E0MyjvBe2bEJS62*>=YG
z&>Y;8n<u=a{Nt1DZO7j_`29L3)UcY%o~rfaKie~Z3vg@X?(A}?m#k!TX_O!~X34Fu
zq1siYB9H@)rOAEtzk+x(J55U+aPx!a*cvW*qaYj)Dd-1Jf)PaVNOLmSef$yC$-s8k
z^cP%n-Jy2CC|qLay^Z7f#YYBuMT0DS_Uy7hU0eld?EKvGoBhb<uu(mu;Hi8<vZ4F*
zXZ5oZ9^03L6KP19L9Jo=6cwm=cwA1T={~LqB3ZybJpI>7{J&MHEV|rhm!e(cbXomE
zP0ti{>yFdd?2XzGgh%eLGpYnCicc1*Z^w4e7!hJY=elO;L-uD6?Q|nsqsGZMdOitl
z>AsOyxPGi3I3sSs7oj?iz%Q|x#gibCrJvS8aRv@bLrg<}{G!U+4}hNvE2nf6^c2f{
z=b=PezY0hDAz%|Cv@0s#omD268!S^0Jp>-G#oZ(N0(GWSqh1V(8vS-+Fy{8iZRL=I
zx2J~}e0#>&8iU>nrP4Q>Dn7M{B#(sjwn0Sm3UcGubnvA3!IrZ{s+?6wb}rys6syPo
z%B|`zBD(WNG?B5Chl>ThnxJ5%m33#7T4(vEAw%G(w+X}#3VJ9o;kGSm`RdM*auuQD
zySblHS?fSoUNfrW!1g7(F-Om+$&pEt7ZncCnfIE&ENhN`N`T6sJd45-@%ic577OY(
zR2z8~!Nw%-91kzEQvvdx)9{zA31BDJjPD{Sif1>jIByDIjzM@(N=NH~#!(p`?{kfO
z>B>@7Ng1^MB&^`E%v0()aZ!y?dZB%MMly6-JbdV>MF<X>$yUkrj>fEP6?`sEUH=fn
zF`>UU4aTT}IsFILYsyr`#r4c9Y%rRE!Xc8%6RW=X3Anrj*r~&2()|mU-oqPjZUgVU
zv-JIiCT%y0oB^;<_P(_>jgL)JYLd)C?B6j=0{!!kPv$M&HorHkZ#P28Tt@H$Ir{tK
zZ4_8AHvVo!<}FrtX}#7r#7@%Ql?337Z-}6moO#oiHjkD&v6A>jD}?pecrs1Yg6jkw
zese)MDY=yumhg10mcM`Ltu520C)ZhZz45`KZ6a=3I>5oe>s^o$itk)fc<pgSB*56X
zX4kDPA}H?0$d(ihrJ%H(TzNtMYC|UQr0vn0Ni<X3ehbSWP0@hSGC<fQY54&KB^ma=
zbA{#dkC1(_HJcWXpf$?XE(d+<8&};2el<)8X9}5x3d=T+FebD__Gs*!!AA74v8a$K
zZ|q#gp`B5IH*<j{jeWsu(O@Js4&yeJC8jsmS<pzj+tb{>6&g?&!dy^`9)N;SFkHnI
zyPl`uqPvlWk-Hf0OWi>z-cludx6-?A%iFUrF`x=fgERXUpeAUrA0l^M$S!spAfm6%
zk$LZl{Po}b>*QbWmH$er|G(LW9|z1G&^nXia^%+Uy`Muq>3nG0B22h^bR_qLU=yW8
z%kQ4MBgl8z5)~?XXYjYbM*r*Nzx31qzY_?n_L@iGASO3fY*x2%Z~q8G%IrQH)N(UZ
zZc1?=YO`rN-7_0f1q4bas3YGhkbnQwaj?SPeVjHnK*2|CH7ZZrRBip}#9x{Sv%kPG
z^A8h3`rhQ#D&RYlB~*w+@#xqWotNdn5;nm^1Abv^tju)MRC!y=A>8Pka(7r?^EVB$
zt0eKm`D8OqdG$?@XUs=B?&WMu_bi?09ZhOLK%oFLe=aW3cu%9Yf*yk};T^lltD1ZT
zcYP`}1wf#0S$qb`PDF+0azsC5pM+MCeZCaBvq3_UsVXoN`MWph+lPhY$+Gu&nkHsl
zs*FW!6mc%W)Ge}f1FnJ_+K?%+30D2t|LsznelFjDuz)IaiU6=dMJ7z$&6**Xx4@W1
zn+S6bETDrYB`hkg;Mjd%#(jm}tL&U`sNRx#Uv6VQPLsEJ+Bj48RUrs-O2WqFiYG}H
zihEc)01PC5;k(+bF8wn<=Xz<U%KNOc7O99^{tA-=+Yvb#^VeO+{GYX*jg!Xb$C%B|
zxXJ+*06c@*Cz!zr^z8%xLwx~_3SDzK?N0F*<ih$}*ls2JEOO#-(6_Vu^lr<o6GP?U
z{&GyR$5>vd-Fx}Z$vn7P`JyM!V30WekomNdb8zYJr3G7vdq6Qg1jZ#3`P%l|_r;5`
zF$Rlrba2nPQnf+z+DB*PSYj(1%mtOD&+}5><IxJkTb<rDISlG9%v`T-A+l7d{MpM0
z|2Skl+9Y7&_W5!3wO8{iNZM@T?rciu+q;A5&ptJ0I(=z;{NeJuHH#MuPEjuR4y}A>
z=uES<L8>wLw~G|)+X!OLvb_o!Oa?|qN%|S%!TpCz-AHid6|rD>xFu;w5;cDeh4T=^
z%c*p!&!^1yG@ID?>Sr<*c`)$EH)Kwbb!5%r7JliQvAWMQuZUE;Q5&O>fVH%b)b5j(
z;Bn4FaTkYdioKvOCf_Kuaf{^1HzUIX3kPf!+;6IFW4-q^vQl|B)4Ep?Hp>Cd&)(|^
zSBUs+d_3WVA#1&U=D~-m&ex^BGl~-u4sdX^2w+W_J30FhWT1sByJm?>lIf+7e7`>1
zA1f8@PB?P6sxo*gv5i*J7ZcHRZ4>ErU9JJiP&6>J4d3@!ZsNd;GT+ibPd5_J6c8zt
z;NtS=`+oMPb1qj*e$X_7!UbqVyQXT>TOQJUr)GnT*K+cMEe9mAnhcy-l5Qt{i;POx
zIyNC<60aNlYHW<f&Usw2H}ZKBVsn9~UeP=|s|(Ijfs;_EfcBS6ywDp%lll)YM9sOP
zapQqvuTk;8`5KFn1=Gljqkdoc-v{-o$t=owX%(bwZ1p0dFN1`T{sR!bZ~$=<Z^ZEb
zK0cL`K@iQOrkvo=;zl8JibaDi-oKQKvX#hQ@KN?>36+YkKMGc!AQHc)$o!f)J=dI_
z*CGz?MX9}D+ifd^eYA0iJFVLfATSK|5fV;+An@@DizMS{vX-y4Y>k&}HlUQ{!v=*t
z7G2bmQ_k^Aeeh(4<WmZ`=>9!d1*>bkCk}GBm-~xRTvD<dk(n{2$CQ9Q`TgIfuK!^P
zu9)|tN_XiTtgp}u&jh_AnGp_EY$=*?Tg>)RXh@p)Yzstjkp5W^E0tWlpZg%$F^A5I
zHODxj)qXEBO;sIhr*FNQc2GpU;-gU#aCma-a+~_}ZR_7&7!O`s%LibxY_2a{v-cjh
zh=Q#f+{DW1N7&;z7)c>IO#-|nRHRDhri?~ihW4QSYl_Au2qmp#hsLpVQ4d6WUVMW-
zhWjoxy>3uD(53Wto~wDocb@jjaSNYY;%V4q)A~E=u%!??R?AFSD(!^iDB~@Zd(#(V
z#E81647k7D)To|WX0LU}u|V$@c)g(fx24t}L!F~$dI+08xtPps^BmQyG|49jimO}T
zRQ!*$WrtU;$0F_*nAnH&w!jJ0nrE|F%mseI7py5FfP%0L((7|gT=3ESC10kh{9$|J
z{@7>9VT{xC+ZamXe8zVn6aOS=K&Go!$301)N&Qw`cj3w3!Sb7pax}L}z8mG}{&XP{
z8^qDBylHe|F6CRGTa?5^N(_ztcG9&ms!rr|)5@NYZy4o}s_L^pK3%r)jnJX6DKP!i
zMkm|ygR+4lu!J5{_czZEjRU8qH7?c#a?}U@U=>q&mnsE_tVKIsP-Q)x&<lY3NlJ%W
z7vnq3m70|-l$}L!U{2voxcvF3bf-W}75_Y2&jT0&G9;&Cov+M9N`Jf5z5Fb`XxSlC
z#f0dQv6@FIq2U~MJ~WgxeZP!8>E8_~A%^hF8aIaqwE^|qes5wjaz0A$4|-*d%8se)
zo1xpK0WPq$S{ef9hbLpYGD@%!IlQuV8(Yx$F?s82C)HG&c0%(W>io!>iJ-_+0>swJ
z@9v__UyLypWPSip5)wb+t?BLFHG=*5EwRat{1c#Zxr`?nODC;?fxwshsYgkYsfNz{
z<%tJuacd2qwwg57rKt_D`%4$s!%<+z1~jQsn71yD!iqYcfv+gVwhNd|4SC@x_E#$h
z`pB*<t%J6<rnMT3jnonBgq2xA88W<?<VzgxK=WUv!9xUP2Ibz;#1A#3x{5G-Twmi1
z?p+|d$~|#?QiuTvB9{5<60923SS2s;X5!+ifvykd-KUS|Vit)6Df^7ub6zT=?{4d1
zPGSTIlf&0aRAx-)mSMs2ipD=4lC_B+ocROXx*nHLU61F;Wl=kc^`&L$0nfs-WS_Cq
z+TR+O^H=be<ROY%oj;(IG|Q8lLe@fOs!Z>F&hILTew_~UlT4ayB!;)(H{e=vO+VtN
zBcXiQsyti++m2@UUUh%4Yx{WN3RpR>xstw_|K+6sZG91+!!(b0rjMYt;_haSI>#Cp
zS!!28BtXpQXl-tK-GQB#h<Umwa_@@t(x4nvTh<S(j>HoNopCOXJA$>9Pq!4iXFSfp
zDb>BTqXCbs`CTqk8U)^HjM}UgNmvgcxV^@rnMF{^^rl_i;a?KD;RTMj#+C|Brz?Ae
zW<oXU#rx}_y+A4LhV#u(m6)_#xk=_z2qMFoU$8<);nC4S<t^31E-ZejF~C<aS+EVK
zyr(0$;^3Qsvkk@jnH50g^YS;rN|N-tZw+BM{koIS{1Nq2AwmtDxH?(R==J3mw$2Z_
z#-_Ob`4J#O0H1B`tlrKu)<#TdU$Q?XRbarHjt*O~(R5hu92=<f7B2!%bHjX^SZ0r!
zQIa3vAEpy$Ei(r*2E&hATowW`KmU3u*D2cN)uzm&RnQn4TbOm;xFw&n5u-%MdwQC#
zx@KI9XxCP#J4L?Mx2fE;^yY<#tiqfJN!Oy*eL1E9z2b!O^lnCvs_e+LL634`o!m9T
zitAxMwMbql(<qG|V|FT>-t27<Q*iN$tBb7HFPBusFnozZ8+CZ|w}H2-p~{Scnxbw|
zm_Mkr#raB5g8D>={){TNNSVI^F3?Aie}>PLuorug>b3QhXxT<zSz<NGM!YIqO!e>*
zcT{ccV<OpUBS7OlC2h}U!9qztummEbsZ1EV_Vt7HGrKuQq*W=Uz#sA=tU|!9K2@ZY
zf>n8|LgLGT%S$#P2W2^}Cue(;pB5?0hwE<s;u)YgKAgH|A*O0*!}`9E=LHVc%C8@O
zHn)}=^_Ay<+;LLwpNq}^8BRFYwP)zLaig^U7HTl}WY1pKHnJ*LEMeX=WBpB>(4^B0
z*a?w++Dj0tkhlv5EBw`2@~^%6-%kFEZTtU+&U{>4Jiw0q%*YF;Rc^69j<mNOyMIs-
zs4l0)U983jL7`2<SRZ;CoJIx;m@9gJ<o^5khtxY*GgTXr&mz)oP1>5CY!^Gs!GQ#j
zO}TC!y8o<a1sD*Ma5-~MdUA1U6T(ZE9{8LhM?6SYqROvTNubBFwe%fPQZcc}0WgU1
z<7DSbOk5j=vm_2Snz#l*RV;S9Ag7l1ofU%_-Y<VLsO^#)ij2FR1FN490n8|p-*w6D
zR_}x*mffcJRNlTIB`|j1@mLptWCBqYEIJ?Zy&QfKjFI)lc;~k#hdYyPe*@I!cEWD|
z3@<2MaOm*cF(~buFW7kWIa^8}@w)Z(w+3y^&J|D8{muzjhuS~6e7iaJZVuiSCl_?#
z(u5WXu~ze70BK1$Y(5)kV!9uh%JXtzknGi-h%1|sm`q{i?<yj%Tn)Y?aQAb*<zu%p
z;?arojQiQ|Vd8WrXXhl1#u-(^=r&=eHfUG4?DD$WG#+~4P)}1uW#?~OE_0q{CoQ+X
zdceFCn_l8!ik>nl=^o<X*-p0ck*ve2N@hEAvM~ZkT}G{oP>D+DHM4tKswqZLQL9Q3
zw8)#=*V{;;eUME_NL#Bq2s{S6Y*qEp{1iP&+u@X?<D1((pUhxm<t$U_sX1q$XPl6T
zK7J<F*w-mB<@n0KPN1JS_uRRp#_s3%zLc^>(T^0;{2wWvKC9y3`y8j3_$<9Ck)v(@
zds~O!IPb;i*QaLnWdBi-OjyJ2tX5vu;RQX)?mD=53f`XjLvzN-s_A1}=+zbpu~x1#
zIb(U3e=$YQSoqu>d$RHB<gXla^F##)ni+Z0xHi&c3<Z4SG_wM%rNSoY49{$UGrGm^
z#AYAXrC7`6W|1H{Ao>S%^`&2L+${Xv95kkH?orJYaLDkhU=UWyf?q9DzpZ6e@#k-R
zdA`{^B1SH3q7g^cI(3_8?DF#Y%1hr$FWQbOzac8*Dt5N829VG%tOWqnY<6~*fsxEi
zy!q}-8uF1zL%{{*L9fvU=8WtaI!4h9VRPrR5RGMG4J>{y)^GJR)JrLw7+u-`x%pF#
zOH?D&a%#1<+GF<m%mU?ma1?Isf_qhf?6w5%s{-L0Y~FyXhy`_RQ}Hm^8R|_eF@xqd
zdpsC&Mr%T0LTgZEk$JlowUq`QCD5~Z&z4c$@RWjtr{$R!iUX#B09K>ERimYH&gu7e
zxYj8JcdN=BvNsR1yHW{5S}RV!bi)zEYSZWq%o@(Koyj2$=PygXdSd;hMFJRLGU=m0
zd3V~O3>Cz4-#}AQ$fn8Z>x}l^1+cxb87yy<ZEg9-o>QAJc&aO)Wu_%?<n8Z=#<p}8
z?&<Y>+h@I!Q>aniQ#PjydS@M#5{<Ou?Tp_*_=O)IQNsrvn@d%cIVg#UD0rig`BdY9
zO%c*+Xi?ircI`9Vlq%smKEpK5_52Dg4IR41PF!=7yI!3!V3)O@jGx`c88P(I`E<UW
zMc<)TH^%l*L#A!O60fE-M#<$AgaCmbhx7C{Hg*=gbmnR2P3QGMw?Yn&Zbzf`kFOR-
zqf80UN~Mz<nk@_@yHg?JLDpFXC>9{sjaMtvI<wR>3YYThi<nM1?9pNIbJ5!IX;;Gb
zt{U4veV@i}6v9k3AAV{gST@PY%&viC=3Y`6>DhtZ%KuR29>UONo((8F=Xu+JbOv8W
zC-SN79weKQD~=P;Gxa!%?yH3?u5-Vx)VdC+oQ8u@mRdXG-(pnuM4|%2D<<IzEOLiB
z#BQ}^Ugq%MI+Q&A2O9o=%AvS)KQc|sBTD*W?LfscvRlG7X~jpSO#vHV?C(n$%5Tej
zwY-<T2ssSDXtJaBRiIHdyW%7f&@hdDY={-|uL{qeiD{}sjz(Y3M4ti5ItSB3f|@#u
z552s};^7-wvCwqRwKAi`w+Lq*N|r)q42<kDDKz7foQN$6#o^9K#Oi%Ls5YB%4_w?t
zeDkUHM4UVQ!<R^mu7$14aAv6Z$_$#3=>M(e5N^q|ruw#lkzx&|%&AgcW^ADxc$N7y
z;wBaBM7ds#u!_@)DMiih?V-H6@BL;sIqo#`X4r5;bDVa|MQ9_vR?(*6icKE#%DP|$
zQ`{c+&@xEv=i_FZxlzwsgELFJpQ_*K_?v|kQVkf@Z;JI3v!1FDak!F#{z*@-Rk5Xe
zF(#?@n!(uFKPrEtmE;lB^e=fGFBXRijdOBBME;0fVnz?D4-%BH@agjp8f#RlKLj@W
zpx{O2qD)>)KfpA_Lc<gcW5V=2R;*<?6rPJ^)^!^q%o-jcx`q`pK@)PmLfPeB9&QvP
zNuk{K8W(^$*;-H<tO0OsK^f|Cm=rqRAv((nyzY2iQMlKBq=0##G5xmc&6KM%t$ruu
zBfTZCTTt3QtU#E5*^JXoBi=jon|7LuG3++mk@Ctwb+hIc398#U0LAWNQ;(>3ha9+?
zqv~f}HvIG2c^gW{U3%lQ&mEc|$yY9w$1KaDOLfZLc(#ZH_mGVJ)Oqk~nmIR?I3<|=
z8vljyF?YL5J$ArxMdyR<)Tf$!x)UavL4u7=notYD^1&_$#~=G@xX#=u>_O*q)xvTP
zx-K$tXOoz=LB?+S!|aMwCDR*2KrL4+eH_fAiJhQ>K5S<k8<$(*@)W4-iBjdyl&T3;
z<V0xm?vNkx1^J2t?kep2j_}i4j-y?btww2jZO|BVwbDVfBpWN%%n>Zuv!H@GEfB>1
z=i&EW3B$xTk?6Yoin^Dn8QO>4tL;kJDy1pRCxQOKgW3&GZ<6Ce(Dj*^Nu01zY4zf@
z#s|@dk1eaF_QtM?nLX((HUXbe@DT;pXbRTiX${bilsUuaflKJR`r7g*KS|Z^KNa?(
zEw76kRG>>UaI-9u3>9bSQtBPWt?XN1H*S(lOU)fAO$H43cz!DCNRy@2)HnePSCE+t
zk_BDQC43Mg3d3c?!;Se)#@<9l_lszQ*n>7cd#Zu?HN!xyMzkT6<Be_Oct~z&5VSbq
z_NF7WXt<s(fO-=+*#;O($mBgX*j}JgPHWh{I89Eb*}wD1yr|x_YHd0o=EZ7|Ey}_C
z5GZSEB@0EYtcDS&`7NM5y+JChE?<lx`L4;!=b84cAj?z%ZA2+*;PjiK3TkCIfIE9Q
z-%kcEkso)>Fw^=)t~Cj|GV1%#(KT&3tg$htf=&y(id3sm4fQM)FD?b2f2+MSzReiD
z&}e`OZdO^@uq4WwT8)%z06y=5d%VA#D)H*_qKh|pE*5r!#i1RX;pd>BmbalwJ$I|a
z#p9I*J5KG7jjKc+ZByo(!faLQJWO!}oL}H1J2Q+fu*x|T_`#oC52sr&v*|0jVSbDv
zQ{wi*EP2fu*a@|~F=GbO2{`~Y<J#;j^Wv1Yt|sP!(K=D&LpsH$`aT8Zf{;|(-AuB#
z*0T?!HUG#q6pGvFxi!w&_T_L*&{s^6S?9q9gm>{_*&69qIJ&pAaOv7RB!6YQ&F;vI
zx0}FBt~`RK$RFtHIXq-Qysp~qm+d)M>TJdvHZr0}14}neb-6`tYkihA8r7%h;>n4-
zy0POQ4R@mUFJzCmCm%Q3mQBJ<^|?9x@mRTu0}mqirQV5CA<x=t*)Cxm0j6!5rVqf;
z$NTzKyOsUE)72^_YXduE^JYV2)UJt_6r`RX46K+Nx+xT06Y{<T)GU}=VSTKy%sHk>
zhmHwu0l@T`QMkk(rd0Zn0fRH|bB_Nu&wog+Usv|)nT`YXdCg0lK3)IOa_INJ_0l?i
zj`tB5o7Nw7y{7E(egFF<%GMy7HR4IQ=SX3{GuqpG!klINWXiaR1N0kK`{&UA{8ZM|
z`@h<I52&WLeO(+IiV8?ossahU2!!4?NK5E}fT0Q`K!AXBQHq7$2@pC6B=p{!pws{X
zrFRQenp**pqWF*d?tM3&|Jmofd+s>zjyK+0W5Aj#YpuD;{H;0XuYI3Ml(o^zC3t|c
zl@6T6rL<{;b^t8C`5TUi{gm3O_@)ri;kuHSltDlNq)H@?pLO%#CH9tAx#xGXXN)zT
znm$MLhj|4=Tte`aHKeY-IHxSZ!`Gg+`K;vN8ZEvR3rC(?g-+xFaFL(Hr*s11uXTSX
z8($L^!K_2aXToo9g7VA2-^u(XF<9bN&DbIB*2UoCcL$;TCBNL%OUy$w?Fg@vgBd#f
zBmFWdwTv__5euW->F+%V+@pN@vL<EBKNou%w!KPcVyVrhF#6RR?@hPo%UZ%S-0mvc
zV<Vuc5NR`o^G?l1(P~Z{Bz38UPEK#sD_OqVO8`y5IdFlVL)s0AWi4_(x~s$oG)yEu
zs#E-*e9POatd566Ni+r2@%x$h&Cras326U=EAt^rV#Vs+vn?2=#3Lv19ha2%oI9Hp
zqT|1uE$K0?vHea4&u}<X&6WHab8{{_{jqDHSag$4hp(!ty2dElkqfk$L{kLrU$}pO
zlgWH%lX%doc|cRI=NIfeQ0M(jT+!0?G&Tf>9-MC1Lm$a6Je2r4t9MrioNp;tcpJ^F
zb$c}nSjvc(Xt(|VzDvq=Ads93ngr4x`Sa7Tg_nw>Zz_f}20BU%W_R=i6L$;c0-G2E
z29hrYbWE%9B?1B1DUA#SuSET0HKMkXLQ&-lvG8(FPUF{@E8~&vA6}%8;OT0_xC}tE
znVto<ZuwuI^FAf<m!2ek`#C-74^jFFE=Bc3V#A+IM`tKp&j`lH>kr}yPdoC%n$CNi
zTVM2DTQgMGPSEqBH5jCFCMoSh?!s0)L*jRSRD4=sC$o*K94#scHIYm+)bwuQtV0WM
z5)eF|Ef$m=Q!!%Ho&<kxzaI4tr7iln?S^dsE)}c17u!s=%$}ji%mbW{+cH{%Fo<L>
z6KRVwb){036<nVqX!FI^=WbX}RWYk<2$e|WxJFrV8B$O!qQh5z<kAO`F5(w)@j2pe
zORpqAvy!uh{IXr1dejUYiPhJ<MM^17!~>^PNsHQ)>aDpy-oa_F;zPygUjiEVdfa{Q
z1-K~_Jr6ERLO<p3bFD=41v7D*!+vc}HAr^pS4oG{_D7I`{4VJ)S=?55VpnN9YR}+i
z$nEt&3%b~UXT0xSTn3!x8S8k}b$dBS1C9=Gn$B&(*pX~Kxpv~S#Td#w1J6T6A1j*o
z-dcD<k)=$cNmOOBWqHCtzkPpsFSDukEGhkihXoqxna!VYwX;rPb24Jn>Pp{wo5rBq
zWokj2!)JVVrwrt*V?DXm+)!NJ0!y<YGxc-PB$qglL-q8dlSIz{e}(RkNB(*J*9hys
zu@juWo*&3}_eil_t$KsKjeaM367_8$deZ<7*scMKl4#1x(E!bu^{{3Fm_yz5>ckwm
zIIw3;{36p-5BL<FlXI#e$po25N|t+_1nAQwrN<`W`baP$7z9H74EITml~r>l=s2vu
zwBvI&m$!~W(Bmh{sYGYY=zziIm;evmk~r@`l}KUS=!(^*EMlg~_fMX;lh|&jf*N}5
zrk9MQN|8PcL_=YfH)Rp|5TR7r;T%4U7FtWp`DG@XL|(s$KuQa_^Y3rsp8Sr%jM=Zv
zAv0+1x-v&j2$VD<Nd1BGmqNiQo%}+K0$Q@0TX17+?WVaTUVtuQ^wl(+sUU8Z;FhA^
zW;69Fc@Q<1h{O2hd^qUt!mmz@tzj9W)lH@kd;s^&JHC_6+5kLIN}&nB01w3>i$n%}
z+KO*{?Vn-a$-dC685eCR$_@FpQyJ5y-3kZyb!_t{Q*xXiXbA~NlB<NvWi8DLSgt8x
za;Jy_cR;0bw|9>uvx=FI+Q|s;DV*)ZApg0V^VP9ls`oH!Py48tEx>$r7<!x#O4z#j
z;eQw7oK(T@%VlnsGlFHkwjD!ayi&=$W<6iu!+Osp)4G(-a3bdJj-Z@hJyG;n0j0G_
zP1W4_<E+!J>5dzfA~@9RG~1Gaosd*?Zw|+zO<RsIdepn$ia$b3hi3>olGL^U%|qkk
znXnf-mHNDjVfjqCSobwlj&!4U>L+z{Pu#Y4xLfh8hiBit7BG}P!MbKs501b|sXQkE
z)G~|;+9~pcPL_ih=?jb-vdy*utu^zmZ95?@^6M|_v`nKl_75JS8hb*$wnHRXZi|Uz
zGa1R8=f-73zbbhut|vVHi4p=3K@;A%>B{@JnHnx78U679Ki0Nl@{Xaxg#n?!;#lj`
z5FKH$Z6Dzgu@x{WZv0IZSj^x$is@S4!wW}o5@zbzQiTDqu_&M}2Su^(aoINkGhdfn
z^JL%BbP*+;(T|Tssuz2!&z&KE`Eg#Wcc%ZYb_lTBwp=KyhWtVOHnlyo+eJ<@UBD6j
z3?VULQ;ds+EP18bIuPz5V6ZFWnK&IZ$qcL2I$PG<8eQuvUn9#WQGclaKuU<hFnn3X
zIN3}%h59GH5wE>igA(x=-pc!5a?7*13r6QED@51yI1B|?-Fw-WB(|9_GgdmC=%o*#
z6c<4xUSFQdUw(h~)4nCm7UJ@bd4R5p$ymFoydiK-J;XP@CMc^_hL;o^8g{@z;l}R&
zYBqctePckV!1UpSmz7Y_*fwu9vwZ~HykHV-<`b^ulqO?U)tyUv*wH>=818GIfe^*4
zdTi#}XoL618luVz`svJD{5GIbE=itlaS2wYLg7i<wAhrW)_Sa6J+Z;mnB_UeN{W+^
zdd_Y5f~4n;ThuH&gld(wdbYfuJ`aK*`K-lqrEw+sNB*Jp{oE4}H0b8<k3dF7Gi~|=
zRfc7hwv3t83|2n3e5-Yc3zs-zoJ1o-TV$smx)gXjm>@J8gWIZ!p~*S5To|*&+=mna
z-*qavXnJjk4(_dI`AKr!@Oa(`h+TmiTTQfPHeWEH)t)!-Tx%SXxD~QE-k2o>W3SH2
z61e-cGbYP;%DNV#AC&x7RaIWp+~j(P+y3ox0poEm3lD$kPqTA-bAu3QVxEMMqd^hG
zG-?db2Qf&CB5ptb&zt^H5RJ7p5?PA(IA5GsyndO9A%2xPpsul^aUiBv<9I!pEr}_B
zS7hrA_dleK`KiW}8-E>$`@5}K^nhGR18eZI$K5dnn<N=ON$bpqri&sVk=1dv*`)N5
zROcIwD|CScUt!kw-XXI276ehRO?K|fSDRrOmbWvhjm0tac^j2MyA%lqUbL#UWiHMM
z!rdp0+&@7sSqptUG;56r<;yZ`Rbnv@z2WJ69hv#YVaB7lpHZjHykIGz$N=yax9Okv
z+f?{8I0e~+#ldw)pE1-s)?GpHQ)#5|VZ55_uJXw+UW6?vNr!7JGx1^R6V_?57Ic(P
zM8-91zwme5J@j#J?afct&E@JE;gqbX-kl~_4=YRcPL}*2*j|F}<l?B9bcmXJ=Fl>^
z8M*2=DPw-n+AAkL#|31@1l<xp#-dhc%LFpUP(b|UJr23oluv9AePiolY@=j#=py5}
zwL^8*#1V~tLw#}Utp%2DW+b>lR5nQ%%*d$8;f`{e)**4TI=HwX4geUUS<lHSB1%L3
zLtsyp*&RAPa@4*(ES_Q9_U@*+R8I4el?9EXP-4D??hwdPcg-M2l@y1l=Pu5bJrG>V
zeDjdKd#ZAb2y|yg!=U-h74H|F{Wa2(IlB3W&#k_1M#VQwdo50%?kAHdlOK!Xf_?H9
z7gB0>oWXx#MPzEZfa<f*>dDMr1+>XbZv0$8$pt7bJ0r|F7hcqCfrYfV8iH(&8OYIW
zye?*RBQ?c@JPv+<TBR1k30#nI=zc|gQQdxO;qt6P-l?$*@K!ht?icTL&f>KOuUmXw
z{4l2yE)b^a@<{z;e;#`5Lny5}N}*3xxp?WH5Nz@stYDJ{kM5@i4LBz23zQ5svnAv&
z<Psyaq%N|q=;!iGtwN(>4|@{p`04;-xg=|xgQ;uLcJ(x^oAcyV%j@aJcwJ)deH$cj
zYAF|j?2H40AyMTBe`_E=2^nvJ#R?-eobTw8U}IWlby`s+wMvi=Pk;CzqK}8MquhkA
zpoDE{4>!n70xOQb1Wq$f0uV!RuM6x<bq|a;Mh&j#nMJ<0_ll2@K-ke*f=%li=nGx0
zzuxxE<9+ENDFq;_B-`yuX7n?*SH_H`jF@Q=Tl@PQ+%5`{I7mn_MgI|5^x)x%ukq}6
zGNp+O+w)CNLOO!26IK{AE35jAfNLSK$4xs>%$)J1UwxN3uDdZORclMmC3E*y&M-~u
z!hJ4gWmP3<rph|4AwyV1WU+NjG*`cqZGv^%1s4<w6Sl6pg`pl4t;*Wxl>^(fp8#p{
z?L{%U%22(-=<wCBuQjN%=%%E+k<9{$hDYg6UHgW(4wIk>8;Nx(K1cSs0}E4ZVsQrq
zicsAt(sBUpfCfluRV8H7pU1~PGkhv`ywe*@PRAR|4D!azYJ-9>`ZHHZVDC^2Cnx6=
z3GLne#1sBeBp1CmB)_6LWU~waTJ}EPvNcxk@B`AYx={%|_Hc1YB>^L$-k?X+#qRuZ
z25Ai%R3GIh?#a<DOc8pw(`p-wwJ~QLWa`R`xHAb@_0Tkhuk~y|(6h)?IgEDgOtkqx
z?ZSiG*;ne&s(0ohPuIv+pfn6U4@avqLJWz;1v2%*CW+3x#Bge+)ElLFqrw3AC(9?Y
z;!s;KTDx_C0L<y)t%n+s2469fMR`-~Ci`1jqmSRNUP)Xo4_)57c4i*LLBAzw=r&2o
zT^8Oyo(8TKgF@{YrUsT#INCmnWwGjGKvkQU)%z8Rq#mvCB_H~}W^u+R%PYr`cSeN(
z177HFq|{o*ujzZ|9L~dQJ7YF^U}D<6^u4t;`fN3w&U6<Mx8ts*)jplon<&zjudm;r
z+rrJdb@2%SJK*@P2%ebI>Vb7p7j`d3kN!;_L6%2wwwj~CZUQD*a>u)VHgtAMqq<3@
zSc14}aPygD;eo3pfonp;G`jvuu3<H>rG9D5n*}JxF?y7a;x}#WN?;b8Y2)7Uju4D`
zLOZe_VIun)CxMW3RPU|6vQ&R9sw1*;5MrauzJlSL!j>gd54Unr*B%fJ0G5aiFn%s#
z>sQKZI1>{ybbVl*MNIrKA6y^lF@3I)(q}1Cd7`lWV4kY;TnE0Pf0;%e(^QXCn@M#A
z<?-sIviA(|OKG=_mL2Fs_``Hyl+KQhvV^2p9QE40ku-_b1H2+)`a$tPfYl?$PV5PZ
z_`P@<_HR&lNOhl7OBf8qCIqQ()>l3q8x+ZAiyEcU&d*az2^<#M!1E<(mwSFWtnpmv
zF=ZE?n6s`?AW>5*>zpdT<GW0itDm$*LvWb!b>mUSzJVY;yU^p2z_OS5>z4=I=Lm!m
zTv{BiaPL2-DkRmVbIoO&pEciC_v2TzJL{w2N`I`6e;#V6gcmM(;GT`q#j7T4Csgf4
zksQfMj`=#Nh<eEIx9fEWQk<Asm-!{0YgzWJ4_A&&!Imm3jjI0Su_=*tlNaK^JZCyN
z2Du$cWR1A{Xy<w^BY_t+f)T7S8vM}?E4(yDS#PLJwWG!?;$Qjo_^U}K<SyPGr((Nx
z{%ZGn-o&_ZHI}p6TD}l<?#tB$y9cSMAMAcxY*`AJeIiKULuQYyy^bm1rqg)&{#D;E
zMt(zzJE1d+LxN*<jpgHf5b-V1>W6=}A0?eZ?H+o!5Z*?^547}9of$ThR2F%$T$#t^
zezrp+v2h5!&pQL>7^5j-Eq?v{yu~N9K7Onm__4Ov+N)vgny$S?oB_e>Vv-@KRJ4vo
z*Zqg<AXTV=u9;QkhYw+T>QS+P_RYL;a*6n6<Fo;$yg)YdJp!iSZS#@H?)+4P73U)E
zm0f_IT)KZA%k4jJjKVpZy}66Kzh#*9#l3~))*`X0BlSsZHNMW-lvjOaA}R*)G&DVK
zlmOybJ-gzIWjb@4#qCu5M5))jVwG=KC2<W3(YZWn^Z+Qj*~f?G#xnsaA*%Kh54J(M
zTMVbxl4%9^E0i;tibQes`Ig8f+E)woW_<kMJth*;+z<9cYDr7STbll%`ir^%Y;cY$
zX$T@A{)oshQHydqg|I2~;#dcHYY4mDi;#rjF6WC9zAkxIQhl);GsiBr;wv8mTt>OX
zg<lXp2JpDG7l%se*3=vBG2HPG?IYLtBE86)Hbbm`lPYv0X|RFc*Y`I?ltnhj;5*q+
zIm<R)(xM#FTUH`C<s4Z_e6_d<HgQc!x3)vhAQI-n7fGD1(B_h3RuVHg3HSnNDer3M
zuXCQdImi0O5e3zYC#NWs8poEJba-54QVUWDkwiNb(D5+4tocpB%!9xp?-`SDThQ&V
zS9$sZe&r3&#yyQh6ufxa>BXIAfIU(~t_U6JXkL0hE*`Dl0or+y(&r*sRXO(*b_?mg
zY0u=_FK-OiZE1Lo0%QEv#e|0^%4zE8I2Y|TQ^rb1jX!K08nTzxbyq2Ujp(GRM>wo&
zD;M9#=8w%BMrm4;JA$@-x#a|&tQlvZ8iJahyz_$5+HZQ~SFy$*manF|BT9S_B1a#}
zAf$9;$M&z1>sH4lRjW!z;nVa%frkq!Z@!ZeOG(V7n~4_b#;5T6>ZxiOJsf&(w}o)`
zkhlYC8E$l9bo~Z6ZmnoCxxtz_@xfJVXR|9a&;Jyye^eqbDo#A;Q7iD-KTfym%Iy>4
zD5htD1M0Y2=fzZ(@Vr}w(K%XXs7)?6ULX@qDt3ZQ(f_W;^RdA*lbbDK&n0xV6Bm58
zY<w#1o}=@HO5WsFWUar_AvM<ml8Dw+cEQ{NB#>-l$B)B}qmMs%&9+_$?62iK!Djx`
z&HY0f%5QoMX<C7>i+d66&{8L7+Xi7)LYi5kd>57#%-3M%Cb5!~LsE!&qeu{21ovai
zjMsq&%s*k-ii(Qv86(KG<?Dla;>AJ=lMyrBc45bgYQK_qFLtq`6$5D{o7w#PcZ*}%
zA(IyOLyIxBJ?dd^2}ZJ388Jf&%1H#+YubF@CPna@k|pNm2ixD~-b%j2)n^8nk6R%Q
zOgf*e2^Cl+OPEY6!alxRD_VG>nWfHU^#J=k*ar(6n`&U@1ZqXRn8HB#uL`C>n0buL
z)uXqOx_i!##g|1cON9?gv~{OE>npdmt+|+Gr)*6zId<q&l1FfR5_i<~SW6R{ZX%+@
zSK6l<<D%xwn*CQ-4r^HWqQPN2GCg*C#w>Rh7#h{sNxx&je>wcZD%!Qz46xw<awhfs
z=4%SWM3t%2u#*q(53JqTUMW7}>2G7@e|m;4d>I5E63|Io7;TkIzEKg2vf#nhAAYhz
z3xifU`vmmF7!#&dAwqj%T$@bRCqZjY@E?->69eCGZO@a6rS?C=ty{2G^4{e@5FdFz
zG-EkDPEDDF+A6+j2a!@tjBf2gH$s$gvwdsjCDzR)X2NzN5@XuMad*r4?P{HG8x4rm
zu^V38PKSGM`WM2TaeNM-!Y`*}$0&I%p7pKkW)6kNtOGOyD42&Q=$FjM>4qFa@AMlb
z1W3sas#Rka9k<g>eGGVcp8{{&HT-&iC}aKGbz<qub=ykUrtf6&zb^5y_8)MX9{35M
zqXv_J)KA++ANXqgPSSqrMN2Ebr<fbT#Ma7R+`I?lM66X`>AJTCXfTYCt^wo#NG?N!
zDtDkvO*AU<)pI)QFzb=oWglQVgWDDlD0gR~$1`l2G}}wy0Qk4$;ITtj+^e5yR};1`
zQSuM>832(teOa38z1m7ykph6i=xr{}`_ObNIfJkxZ=f{#DPg>k#9Akry|`t&JCMw^
zah2PAy21<pGV$Gx9PkUZiw|S@s6sfv3<yZX^N9%ZkayKCvc`tLqjy_(%q{A@(kYiM
z9wRuh7)de*kp3m&h14CPQ6yvb7pAvAeVl)P;}mETP4;3xs%PV486@6uPm1wH3x(Is
zC616%QUWoTYon$V=CSz7VKTEpcBZ<;V=S3$(eqF$Y3_tO^!Jk=$|+XvIJ+=c6c2uu
zW7N(ciHS<2B@Wi%T5m*!?ZMmZ0+9eYW1u<zq4e71*Y>N&@xQ<Izkf4-^DAxH^}{l)
zN$C&X(kpJ{P_0j>+k*lKQdCw^@+DWLgncGg7|qwZ)(Wl9@Gbq)q87s4uh?fPGD7|c
ztBdi5+#;gARd(VC*FIp5BXVL!E9QV^EHMq5D~$T2*XcwF9MJK6u{Ku62N>+0yT3{#
zdCJytMVDrgfG^8aUv4nmq^-cmUShAFfgOvLe<!=Gh?N(-KY%jX?{E2b=Z78k|E9fE
zz;+)P+uJ+YgD{(7*_JLnI&&FI)Rw1UU>I5~Rg|foNhCfh|IEs)HX`Yz{CZqy!&?2U
zlbd}Lt$r{sF)V68d$?jI{poawft1c?$B~)~eFFA!7TbBoyy-D;zPdEo;Zj=FM9DTo
zI7?R$tr3QY@s8Z76Xe1$+VYcw09mpH%3B#(x_21S)xSIO@_8&H8sAv$htFtWUp1hW
zx$jrPIhW}8CXnY>2AZ*`$q4i60(c#@UgpFg$MbhKjCb!mkHpv-uIgY%$K!!~pQXnm
zFU%HkbkWcurykD{kA6Xb213iwBl%Bljhvnr7|oB_h;D=Ts0qIBq5Rf8p+HeCekDMV
z?3htH#0|~j!lwli*vv}3`bcm)^7Oz>XD9vwJIP#QzOQlFRcU_7@y>oE5GH%t$8Lg+
zefx3*a03B5Ylgskc$j4`6i}B9W<4)hn05|zs^(1zj^4bF<HkpZ3sx_A>vYRI2^SGi
zeAE1ZqAuD&`929P#HU`2cmbp7<FcFC>_~q`Er%%o6&5KR1G4oV;5%7RJ~)RGkfoR_
z>j*Cs00|_W)eRM3dzWr>qjt}xIPHS3c&eS8+govul7SDk{G<1xsiyU`VrYqYc^pUM
z8pN9fyZa_pp_VqSjjOVRGn`?@X`gY#eb@R@VG>(zN;f7qv1T1eRm2ABQEV#XSGo~J
zh&np=V<LPqC7%R_bF%TsXwk6b_!anyQf|s?HM#5I)~9uj!S<H#>LetHjiWkUQER^1
z(nl5E&DnfHm1}^JIu2B6xMXn`;p5!S^@&zjw#+!yibvc}0Hqbq^J&Ga8K{Zn9*5R~
zIqQiBrh19_Z#+jJruxC>7c+Q2?qexoX|^x}2Q?BAVV{9;TzgYTm2<yAX>3EPF8c}z
zEZIB4YWe&QiPj)J*!=aKdWT2b)oEHzH4k?v3E{vlTsYuYu8`3X48&-WijNOsq-uUu
zy8PWI?KA-i#p2hm1`zt=Y4~}eKo6w(G;1zA+nzsNDE4LLsso-}-%92)k4ynfV#UiY
z{5u(-XsofBaJh2sUVH{rd&Fg1(xnkB0TfnTfZ~AwJNoB8I=r7H`==rImmmB8W3h4f
zGhrFz%kHgizKu;9k(8(cl46b`>jc0DuWGX$jT3+Xl5aRFtZPdaUA#|Uz=I0Nm-D@i
zeFg6Euz#HrOu{(dEz`;}BS)?AWRCT7a*x@~U>C5kr>Cx`SNO7XF=~I)du6^J(smvD
z8E<3r`j!?z)yV_PQi4@|EH2@pE>i8+`YnBb#O*<6y@mnRVS<4H|Jgn0SDyqEP`HDE
zi$+zoy2gHdJQMp8Lj9J>V(t^O&zID=9gc&bUS%}__ZTNC6t&e$3n4xjM-xYEL&L4J
zBUkE*s9F)0%Bc=-YUCIv%A{URU8BnHdLqXXa9KNn@>zLWD$V>Og=+u1V+nx9nHjU7
zXJc6~uW<sNmdvazf!RuYy$ZJs7fkZzh|ty@vRvKg8><>|{V+FYdZ9s=ly~+fR!U-l
zPQ)P(b&OHzlu2qX6K^866JGaLHIUbRp<j<0s1w$V?N8vE8*jeYOvVjszG`5NqUISl
zn{N8Nc{M^C2B(oQJ2%3`X=J*4U70-dWl}H2WMqwxo(=u0KU(IWu4&5|{8>FWj;$iU
zlW7)*n_O&*k@fmcCPE5}z@3Qc_^0*!<pF0CBIx@qQ%pE74T=NdE0?t!chncIv}a2A
z6+<b&5;W{R2naaU+r`qY#3A&IDMRkT*=QB_%((&mQe+cSNtn<_YgcYtBE{;PNDD4p
zmngC)&QJ^{BJd?clE)`I{+}Zme->P_P^H|%Nwvc138(z~qY<MftCDU)R^{~_?A7ja
z#L1rEYAdzKv$!HrXjwC|s&K$#*3FHK2J9yT&OW^&KQ~{e**q4Zpz6D_egI9HEUtq@
zXiCLab(U><1ag(_!TOd_)%Qd*6(eu-7C1iOVeAPN>fJ~jXTlSr=HWFqNzL{*`j#s<
zT)6tU`?`db?u^)#4~4J5%TngqTBc%z;P&ZA=b{VVk?glz6|SZXAhmp*RPUjt4%(h|
z@u_MMl1dOM+8@8M5jGoZtH-}S7OWRQxiz|(Lvy)70_LeY<?@ld(JV2tL7cQ^cbdlh
zW419^2ZNa2aFf0a&E?k?Sgp{tISFr8(|hGsdSXXdLqNi1P+){S%?Q_yG;;M`+RMq$
zAKY|`DH6-OrHO)Wynus23KR^Y%=isw2k~&}gvb3*Z3eSAMP1kEWs_o8w!V`!oaZUw
zpM*7_+_fJkXg%1&9ppAuG1FTVLM?W3CX2h4K2|E|c5i-U#ZDM>7TF9scr$e3hGkKq
zqIr^YP<@1Y@b2Ug1b|0m*;4<cL;c*zIKjKVfgdr7?atEmR3OSa`Gj60#Q61RBsZaq
zL_YPJH#N2p&Bz9i9ZIF2Fl%6BY*tU(7c?6&Ls|CV-Em{ci%%dzOqog+mgP>tn_X;Z
zfZ7jFRVzff9;3`r0~E>VYqlCv<oizc<UVXmxc9A!MAv!x6pf3f<AqEUPO(e%TYb+z
z?ti*nSmw6G($2f2s`@p7(?*o3NY0B9V&LKV>Rpbi>FR}6-`5*seg#l3YGy*wdzOr}
zw2Q1(<SlKt<ioULmH0aVQu>Pp<7f&M9TFs3w2rUCZK`)Rv^(J1zCgvNxcqu4dPt<6
z%T}Vh#t}cyd^8h@<R)1&teuXjivLgxHMu+p+tW+(lU6*Tg8snB`Kx_o@8pJU)sNbH
zpUpilj;Z+A*TsHbtJ5XXQ2Xgv0pOPx@AG6E(~ua5wU#P5$yL2_hp)h(iG2VKQHit#
zr!rl`e><VO{Xi-DE4}W2&pyzBrIvJCapSu^4tD-(Pmk+!<^vDGB-YG`sIayj&aG2A
zRh7YpR@@UkDqLM5{Y#4L#{=jbZam4YTNxJBwGn)HP$v&U0bz+=y~)()a$=6Oj&vF$
z_DKGrz4-XJiR!3y#YxAeH2>f`Oza{t(|m<K2kemkbqfpIg4%p1+r2&+ey74|+4XC;
z)T`b2?~Z`wU|xRwY5U`_;bC@wqybw<{GJ(_0)Pj83sO}*6Ze<>;@{ap>cJ}VVlo2<
zJ_W9kkb>Ts4EO4`FYmYSMil;?qyNi4CAkS5H5dMR=IpU!390%8voBr-ugNLCjvMno
z<$OO%sX0Q2*yUVTh!J4Ga^;;P0HvK(QI~{sCWlPqh}Sj4>+@s=*;oJx!^+NLftu!l
z*N<b1r}DKPYHDB#%I>gy9)SCoXY4<_edNAby)IOjcA5Ap0X^0LBct8h$G=ORV8@u>
zS}Qh-9+;F^zN_!d9Bacvp&S47%jUEh`x0`My#g0=#`QC^D;%><-yLW?A+EnTJQnE7
z|KJ-hB~t(uK{=~OtqI$awWL|0NG!+$HRSDhnnN#)y%BXTH{8K4Pd)JMZ9E(P)e2q*
zFGw8{PA<4M+b;~saO|4&0g}Qi6A&0cx3~gfHVk6mte&cnucp#<vs8mDUsoa6Hfgu6
z&rOfz%9IvjabU}=L~P5gJKHhCAT99$$%p-gsgm@%PsO(P7K-(w?yVSVSa}#K)YzF{
zx<H6$S5caGtBc1Yrz}F$Z`~jh-T!<}l1CXHX`3|oOHqEvpx=ckEFqQ+N6Ug%no7h2
ztfojuk&#Idzmv(3aLVn})f}~a5xAZw=MqFNRHeP!uA&Lbp7HA5OibSUK#Bs4bJ+dF
z`EtPndS@t#<azV_l^VHXsVqdrVa&vF(#krp=KXNZCBke;QWh42m7wGCDw1TlVh)<v
zhg=vaC)&=_OrXRd;pM7K94rN%@!{2=Utu2`iJz{_I|_Z)eIe-gF*jV)DV+alqPkZl
zCU1GYOF3=Y!$!({W5-)l(QHBj^J)cj(>=;^LLmv3z!xBx&p-^-5A+Qn*Jxs5?@?D*
zS4AMsaQ_g@e>fQbIN)DgD1M%xsFnm<X|TzDCre%+r4IjRI@!Ni`ERHFSDY^-n+W4s
zlLB4Ln8R?o;Y<1Lz6)pyAyO>&(S@)uA}L`kO!KDWn(1I_U8yfp3*7S_A<{kPm73Z-
z8tpFUzM%K50fXmwEH;0csig9?LVcOh=yY=)WBcXmq$`z8G19*BK-zw_1PV^cT%g(%
z*0_D6?K6jb@KoKk*G$O5EshZ8A3W45S4gfTz8|j1)-KgEL^b1=!#i>tFG6YAv3BC@
z35c~OLR7%vEqu+hXJL^-j$$TrbHTJN6wB^2A>!OUg&rik0bRdi-t_34nmhe_cRJ$i
zrgQ@2RqofzQO^<29n+j*mZoB)cI*Kyj?=|`m!b_t`eiPafoU|f@d8_Ii64Tcty~im
z1E7hLq;KS}vq%2GCH>dh=IqZ6P14~0>?!sCwJLu)>(o!(VeU^3xL<xcl8nsFd6TKA
zEExq9Fw~!NzZLYD%K%Ry!Nj<t*4DirO)lALLtCjMImW%=a<RoItH>rZ4_V%Fu`<e?
zN#@+xG8lLk(WWM1OJZblcvJdT!pTgy>@#m#N@x58Y6oMS04B|?++vFET;p!g>jf#P
zxtDP#Xi#g~o3y(nv^Y`B95I&Mc*ZR9FsC312=R49cGC??5HN7|)qzHDXblwfVQnL2
zZ2E(Y!kkAS)-2kgv$$+3>SYH7zqq{(I6JxF2RK!)dg+>3%B)P}{nQBl$G6IF4i>xE
zvP!Y4FfP1GZaSa@-*Vw4#JWT1?Wfdb6<04eZ=oJ7O-U*|G<!AKpvEpPT8<nhBu&_?
zuy#*O+y<#PU9qrE1z7P(?IrdJMsu%gd3NqQ4QvZ+267TXhu;nxKFcy{pw5c~Jbc4j
zC3^75EM*f?ZyNUGW3o-XrgG~-c>P2<lxs?^I5?*Z*fWuogMdIV58~qwqN04MJ2=6#
zP*qinAhj>lul{#RSfJ~r`-<=O%I2toR~f#PIX&#h<|(xfs@vJGii?Z>S8RoUBS3#{
z(w3jpV1D*c{CU)GrLzwrge;y7N1ZMKK5gjbXRGQHKv`82IG*v-a|0S3%mz@&sisX@
zwULFl^t&6gZSt7pV+F=8dl(Me`%|+P+v~c8i@sJ}P4n%lT?gm}re~xJB|=mTW}LRQ
z$0F<+)`CA2Ehc{6@3Ej`sm~z@Y+v(0j`MeCm6}kZRHn3uX_!34`3#PSy7B8nU^%wb
zV$+%!3%{v8j-{K1dSP<#c8GkvIkMCJ!PmKC+L>^*1`)7Yb<>w$P)yWJWgaj;Quh)9
zLhYs^2ACw{OxK48@c{e;LR~v3J)=Z?m3wYlHNT0`uLoy$H%1`Oe4TZZny*9Haq(-D
zN$mJMozOi%5p>;8f&3j^zZswn24umsmm;G2AY#J8dL0(gBdap-!cXstN7U`#S=_(n
z7a{yh5N1}HKFE1d0F?(!O%)7Rb<kZxmODvN!^`X_(mP)W0q5qHe_eE0>?W@h(!{rw
zAVa1q-65|*+@kmB1WfPybvKW;WGuz8g^fP@C2wrgd7Fq%4KFh~cy-NNOEvbwN4T(t
z*<d`=hmnbq=!*)`U{Hz8oO7qeXa;+p_D5D9JzlUC&!U%G@nVq`$^luMm#Oik$h@^D
zz(ZV|<qD}uf6{YQOHPt?|CI~tZ$#qnZ~nW6-aoGPkEW5NW6nTc)`eaeH8V{UOx!-d
zS-v=sOwPtFZtr;%rEW;!KQ47zt{;8DsBld}5M$Pi5$b6_sZm@kyzsBP;{K5y^gpog
zdeK4+*mXU}a@b@Y7LAVbUhYh#({c|@!E}ZLB{y8STSsd7xFJBARFa#V@(I<Xj?$1j
z&Kh>1|DA<`73XluWTRKNh@}A4&DkMP(=hy2Mr0CeB3RtO3;F;(bNb;wVs|*{DEp(~
z{@2(4F46qs4u0<FAdT2>^F}_89tTRme$#aRLH@=+6Yh^@#CjYl={Z>1uMo%^HWv6O
zfa~|{rk{<#On=7NpRhiVYpm%NWWHIk{M1W|;&g(Hm0qZs*llVpezsY6chaWWj%@>C
z!|&_kzcSoZIi2<@v24hw2m-(nUs_i`{5QR|Guq={_Y~9Dw%Wjx%5WAQDh!`{dOc$W
zO)jgtejcaWq$P-hZ!U~@q#YJTka&I46EVJ9L#dmw7Q<0c2&K=k3294-z9fO`2YE^~
z@e-m22s^1X*>7(-{Lw7`o%KH%$^M#{<ps%janeQ+ZbI=ol38m0SmDFUZ*xY^6>i|u
zrmfH`GA6W1N#f;hf>?x){Vc{$>~VCXw%j?d4U=RV?wRPZ#+Q6$i+8_3!yFZF0^Z(F
z_fLWv5}Kr^pG;hq@L&>#%e_6cW>=xb7dFlK+l}ZiBvi+yq7*yD*dC3ue7Mkhr-92<
zWLHO~O=);ZJ`D|Ze!E9k<^p9HcdbIXv1~Pn^0ppD)Le_96z*m+ceV*%`?c@DfKfB3
zKg(SuH_`P14_LmZCQ9|C;!(P)=9}co^O^$EQ43+8yeW>xdr}i77A9_@g{}2@bK0!~
zttdJoY1?dvTF&)wxAYgCO{PT$!il+nt?G);_bsd69R|j4u;E5K>k`*s3Tf}%Oq@=A
zRrU^ZG(^|yq~_?#4!wtHj=U2|%ur#>dSQV2m9o((0p&)N(nU?WRJW1Bajt1+<OKt3
z_#9O<o5I7nhZEABXY-?@`Ndd}S(&JB#NdI37gYxpO(^D1E`%~<cX5yGl{w!KJb?HH
zT|cYBc7%e^V#GK(PgOqrAr&V@TW>#k)UU=^;t6F(Wtlkv^m@cDdqqL6Uwy{xy-1?y
z$dZXDZ6CQEL>$>;K2I^-p(h6W<wOIYpt3%%D=qpq!Rp@q@u&|8pfUNhoQyPav5g%;
z9SOs{sdU}ac^i{{eVh{8vRB-yHOD28V6;ox735qX-TlZ7+v4{8g?4fV{Zr$|OrUJ}
zs&@?#L5@#SMKHJJJG*)k<bca)Z8eprVkl(IeY{H=tvZ;?&B?OMyx-u1z1AnG!nS(Z
zl0z4Pk9SVoT=B!Cd+B3VW^Ax;QVjbyPnL@xQkaB4Q~O*sZZ+y=_2m4CG6{m?|DE>#
zUda!M`R_<crm_j<3qxA*qWx6uJ*t~AHb(=g^h>y3_i==Q4`PbLaXq^{l(_zxmoEA9
z%T0m~Ytf7^IWs&ME=T&0Gi74BkR_Gad^2UzH1uV|ecu00XMW<`zn$$lt?!mKt?mhk
z5p{=Oc4CB;Ef2pa?P(?D&08X{t6xZ;0;#t+@r{!JSh#izMu&dg5xKYc0|Eb}>-BG(
zG-PD&pXKKnTDNL!;4Ufhf);fc_q2?*o!lM6wwJ&n>7RoqRpt`=Fmf{9fK-<!3P;|8
zWrIWJ#}@JH{w}4<B{nT)Zl$`_)e_D9xV3`ZoPt^D<t3RR!+BGq2Wj*q0`3Fz`BAd#
z!mC|qS&r1Tc{^krB=pSXu_kQgv3cCia6wn!f;;ey;KcMUy%v<(1wk+!(-;?5?6Ntq
zbo|gh{_)$bOiMG{^%`444$I7h>LE+cyA<^c_uxeq2;osz*_WvaM}%INK0cv6u=ifJ
zeTEbLeXp2dyX3ToF9s8Q{JQSBDhWd~c|S2p6g3iWe8rjqn-_=}OK5U))Sm8(|G<(z
z+0}|ELHy-Ed?yq85+lv}Cz03XKXWh1iXT!@F6S9})?d}z_AFUw;q%)7@FZQ3U|(0N
zHoKbr;gs~r?k&8X66P}eaTV`bvGdvKW14iys&bC`;BzETv)*Rb^2$;0jT3GEKU5^I
zD{8c5jxLZ<KLvap>B}bHU*qG!<?tG*lMsX?;ggc0@ctvs*cN0a?_=P(QoKia6*<*s
zVW)g8U2+K6iewRogP2lrnC+_rGYA|reFCV6U*RnYFxfdBT*Jg%Qy@Jy+y7uSU4E9W
z0xYaGpoJJUu1wto_CcVtu3Y}}$XfUK#t~>`)x+LbR-;JJuo&z8?xOM0^!3Ukjj7xn
zCTD*f0)aq@kubBlIK{-6$bL>l&R%E7$Ym@W$&{(%k@t`jN>;YU#5C>=^NsGbB@K4;
zm~J@my31J)Fb<PDt=1I3DQe06`RYV3EKsLA;POwQB{bT4p@Mnj-Kfe^vj_!PuvYA3
zZ%KLd+uNO)7fL0uGp?DQ>!wZmLD+S1gRQ32Y=?o9gVqnX-HCzf<e){8oWC5j{tc(y
z&3s>#=l^E$^@lqrrCL-vn+mQ@88K>oyMg|G$;IUB6|p83EYGV#Wod4sg=*i(l7gVz
zb4W&2yS!NsamC?E8&gr)CrY7()54W@P52})`E^YpiyHj_nv|4Xjclml>B~qyyFyVy
zw4(tHZN2dPb7)shSU8sPHUw0`=IhWt7Mc{JYUs*`SC3e9G&)ePjW4Qp<h%|ww)BY(
zqQUC|dfsK(?+>NF%2G}snqFBXgi{GzkV4+pvi!zdl`6uwI)OkW^3?8;KncW!OteJ5
z)*lWIT8#618Y4X5@fXvcX7W&lWRBOile>Y%A-LvzCU+H#qn<cA=OU;UqHnOE8hKja
z=A9l#ki#IJ1V?Z-NHPdZ5<Cl%yXc3NOI6|d|Il~$^JP!FVjQ9c(|zFqS)>lay{Lk2
zM{o`L*sl9QvglAywe&WLsEY^I<u#JkGyluGz%>n>Z*29u?LxN#?X+I%<(T0ta1gZ6
zAVmAivIK2ZgPtf)|5|=A8PH04zu=g1&7`*F`lItd`CI>w-bsDF<X$#m#vCjone|SH
zk2_ciP7Yhjn`;||_$`7)B0sF6miD|08mcSFcv4)#ZKis(%YJFjw8z@Th!w8Jy_VP0
mw8qnT)G**Mw?l@vvG1*GX<Ii|4boyler}ilE4P%sPyc_D6wibJ

literal 53251
zcmeFZ2UL^M(kL3ch^T;wbSa@13011JKthwyq>F@-KtM`Bx{3-YHPlcQ2)#%sfk;v5
zO(68HG^HxN!wsJQ|Bq+gcka6Ht$W{E@2xvo$+yeQp4s0w``df=%+AU1$v40aC>R0;
zoH+vkoFRVzC(~z!Au1|X4`8}rh?d$vDp~<#IDZ!aKskH3!PJ%SJTx)AbLrbZC{F9F
zZQP%nUjGe{+ua^KZ5;sU6Z$te|D$3GxUIVl8R0ki%jHI9P8RkiIepXqA8Fpx^y7b|
z<xbOH9#1^TI1f(KZU!(FavDxf^V<KFe*9P3=84-Wei#`?4&{VC<#h_D5?{4-Hq<9y
zFO$E_0CxZkpbk(z?LRqB2A2!~Kza)RI2ZNLvd35efba?cxIOyMGOl+3!1b2^KxOwo
z%l>&!o>;qC|7q?#`S+}y9RRSN0{~E&006W-0KgTqKXv4ve<Rx+auqXKE*J909^eG9
z1>6BZ0L}m#fG{})0^9|N0whny04jiUXHVhu_Z%6{Up#*bmoHwtaFOEjl`9mNDJZU7
zy?*ry<uytQ3My)<Yu9hwpuTbCDh(~o4O(*g#%UvGPASiwzf2~)K}kVLF8#j=C!YY+
zm(Nt4>pypf18|o5%sJ{aCyfA>Q(Ys=b>=@i3jkcYaPj=*v*##ItF3PU02j}kJA39l
z6~#G<3+FFT0nVH~cmBe~OVl)%*=cXy<`AWz14&6M=^1&&CsYpHqUVGeKeVps6MNs!
zrR?hVJUTXxq+(zngnOLbI|JnA^(+;ayr-&f<No4hOj&sYnZ?c1QSh&DT1x%jmyQCi
zlI1*0eU2KS2-wg5SDOEm`#*Q!|G^!Q5Zp0*f|5jF+J%PZHfV54c|i;#mF``@@k|wK
z0sk41$QM`N&VYo!N%qi`e9g|E3`nM2SX};I@DYS}42e6x?+-7>2L-6WZP(=boT-<=
zFN8YNV{2g|eJ)_}T3%xh+zKQuF4|8uLz@w!z8=k|R-fBFcsBp6;hy?{;<5|0j<g(j
z_IkTQ-U-0Q$8bBrX7|RGTnghkHiHvDX)XVOX6fN&Mc)0KqwodeQH#iL_xaxetz!N4
zkDE6OR)kxA-#N@&Oy8EmSs^?Xp9Aur#RceX=^ikVO3FX7eF|ES%nux%jPu70AD{pK
zAXBc@AM)U#@`~=BtDbH>F(5TzPu&fpv1qP2<?u1*W_to|jloA{f<AZrEbyg|g;KC@
zPCP7D1Cdf(Gp%mA2V|y}zgQ(K(5NQ~QGLZ2>o5)0k#xKg^_QLuRtU%z_6c6ukS8F9
zGGPtoF}Cq3t}Z40V-QUT)6T&%sOB33--7;gW7x%ubUEmvF}po^e{uU1?uYkuX$%g6
z7g1ThIrJw0{0p(;bI^^%J~bb`g)M%4`$bRTgxT)$k}Y%RGdMG!NSkH2?GihtFI<AZ
ztr)5Bgd|utmJM^~u6xP5bXyT3(JLuIt2a8{0na^Db91%B3An19;opewD@jf&*w&2;
zU}kk2MQ^wp2DGi0G`unh@cEcXVU<#u>Nh@Mh4(A?{q1jD{&!~$e+cDRNl6$lr}H05
z%gvQ9&Cll_#mrd+U&#f;d3PX&y1EPxc-rf)UB8Et*{ja4hwmAG|B?>?TK>f+=&PAd
zoinmzM8R<PN&Yhm<Ny5(?KP7(b5#1T4A$Md<>MNyWUaV>-sM&D96w0U4Lee`GkkF7
zWkZ>{`U3}!Icc!EmAAfVxlCu3F0P+9{$&xDuW!tBc{=TIYphvRSEz8ljhpyZwa-wF
z-XZ2oTt!zaGE-8G^|)F<iVHI;6f)1wDiBs<nXae=&XUfc<6pXLG_Y3Wn8l$A3CmEq
zmN{NEN`gY)?lLgkzIOjFwfSF@OkRp`$2=~VNL)?Nmc?dU!v`c7G^|^&VaN$LZn=08
zj#le#0)1;=L*wtLOb+)a%z_O<T^k)(AODQOUI9b1JDG5-O&9@4cV&}Gk3+nuXLFSj
z7!b{Giy0mVVq>7AcZCGMY<|y4h!_;=;LC$N9RKPKD=aj?Ea!nz#9aIKE_c828sWkW
z2XpFp{Gun-C|{!uQAH>1nh!c_c<X9l4&F-CvhNrYQ@vYm;);;+{Wym3SOCCPC|lmj
zP}1*dJ7(EoRqi#+e;fw0gNSTmQO7+rRF+G!*+Q4=4ig51%nS0WxNti6Z9{3{An0m3
zT~$|AHbE$?I@%emz6fIa8ozWcamiBB#52xr04ro1f)d)*S<N;V*<ePgYNE`X{ERU2
zVUeh?;O>&gnP87@^C$kwi|0&SWt^5oKX%~m`yc$&{;J8l?#X5v6^zNkISa#f^llx(
zVxyy-RcK!}IN~DVY-S!CYJ>TO&JDUbR@p@_fXyX|<2N-C=5$1jsOc0g9ux-4EIIb!
zdfqby?P-5iUtl#s6SiMaI3TE$;!ESdrFh0eucmTdRwr6+u@x&xdcDV}5tSW_K&Y>V
zgqulL`2uA^qh|Jn!WSZp!x!SxGHia<w}E^gP8u?1h3?E0RbsNF&7PKW9c1x=!EMx8
zUC=X|yO%m9Shnw@<2!B)h0C@|aI$r-JDt0p8Z$l8q~?w)6}=jRP;g2{pukY?Ob*G8
zYH8?P>Fq%mV%oOq+GOH~<5EGi6}6n3`KGd^T+-#)<-r<zMxI%LhLtWStg9_*IgYEt
zW;{dzYvyPauZQ#pza5*8dOSbWtAj>^+5+U_FQ+OXM&vw4f@|$8zctR!ln6)V3eESJ
zFI6hu`ckPGHFvkXzAYzN@4bV3@|c?*L*NIrnVyJ#tgm3I%xvqU5$(Fv3b|ylspqnc
z-~GIHx92`I9<UOHvP=p2@>&H3;@u4GL+2zVr-i4Bu$o~BT;229d5zf2gqyz_I|6{~
zfPK+tiwYO=6PHY!Q|##O0cAV%5m+<6>y<h@&Ki1IM|AOXL|q%94mSq5Aoll-3*56<
zwNCywNrQ$Q@P!gwJZE{j>0kvG$YsTsxHr&~YA(dStxSB@qpcuO_Cn0O0BlYB#>^Ei
zeh5RACxvzQ@I?}q#6ZekVq>n!+m@@vPCv`Nz=>rsR*<wgBywavEc9Z$Aqy4Gel40g
zP8y;xRt~l$YFx7W5I~U8>-WQ@2wWSw>WS`8Xcu=V(2qWR-?zhyaDLC{(cP~aB;Q@?
zMSo_1#bR5MXw*+7UG#<T196#R(VoHFY+pL8>@obsG{S$2I$xbbVSXWZ&nZK`vD<8`
zEO*cU{x^Th&9PijB<j13-aOo-sfODQ;*lJNl*qfH+ygFWzaj>e(vQpv8G|q+di}iA
zEzh_3F^`!?Vn_#DvBa5Q*HwN%g>PG1&Y<(vqCLK<S~DU|dJsQEWV8Kp#Ac(Cr&m%M
zvLvtV%dsubSuuFVk(H00<vpG^(kNb@zP-rQpubrvRSe#P;j!Qj6-u`Me6eWH>+b&e
zxgVa@Tdw^pY3_X%*It_Ik)VTNFkn`dq{K>VNIzElJ-9-U<cwhe=BYxA11?kxRI{yO
zwoLjx-)>zhAo2`cv^7a<`1~XfTX0Kapi|id7qZ;;+l+fm$yMJuPgaN<ULM~rzTfck
z+4V5QHbf@tFjXFH^}y7tzOpg0%S1mReAZHg<<RO<BggIu;PBm018M58cX;_%K}3d3
z<j_?`B_Bu||6S#>hCB08^qx<W<CiGn=&Jc_-iB9UpbrixmLtG~>qMAE!%wQN0ZCaC
zj-@-5uS_hc<z_V#_Ze)nR@I1uWn5VVkWlBb=nrFriI)ZIWPG#WE-jO0@0^;qFn+_%
z3=>t3#X%H9TDRFGBv#cec37wvD`oqw$~V{7Aie!tGt|>ElO{UOe3YniP~baLOU-LB
zX-r@TnEt28sAcjBZpbiwU^5{|K(_t+1VNH0p3l|tGVzC%QSJ(@s5$6(0HG&s_k9Os
zLf?1}-w=w>H}pO;`jOZge<OWnx;eJp0^!RWYaW#Wk`D{%aNCN$J@@Q#%<YRN@2-`J
zX|#EoBF^%~b~1f2TQ6wiM(Ph-+cAx_8UJ3`b!BFs7Ny>VE_4LG?{s)Hce}RGm%o4;
zc4(p{fMHQOv|VRlorU`{kbycnsx9P54X#Z;kVP`$Y<n`H70sdLkjKF-fERx^;VpD)
z@&z|2*it+pL$?L3YCbFQ<imeXe{pEh1q99y?d5Fb`by2C-XzBjIXJHSdxBrj*`gz0
z>~?;rF>G?jkWJ$@&t(1wx(8=u7g-}8tjk~TLTtuQ8rs3PR2DO%=}rI_NbxV`M`^xe
zX|(Oqn6T0G!t<)<axFV1Rwh_!v%bR2bxO?kq9qqITFt=ay9#sQ7@>~c+i$n}Ff%6f
z7S|TKjlCyb-a3@aXms~*hYLu;WwOm+lcp4ed(<^<W-!v|pd}-X8NJ&lTO)t{tykI^
z{_^uIibxj!RXV?5d`j^u(+Yl?LN&&}iAaJ4aaZT=@peHuxM;#!JstBcREAdW4Izq<
z#@Y)**V0!Wy<7S=G!ym^QV@&EY?SgsAZK+X=f~T4#pPmv>q=SAmwg|hzU@CxsK}Vm
zAt8-|TVDnhWCaYgtmbnwR3gkuyRv{UvCJ>oSeZ`%;7pwbknq@2K+d2;UDVuuo|A_D
z?Jlj*1%x^wVjUJh$rZ>yE`F!}O^DwK;HQ_`dU6_ml^FWD{Oo~Rd2PP^J1KqV;M?Xq
z6Dn{7D(7-olp{pOPh$*Hsj6PRY*=s0Utqk&qw}QeJV}d|i+D(AWsuF=8h~*%1kt_9
zY~a(Wj8Wm0N=0?`+m@>9?T1{_BU1FIT9H_Bn?LRhGDoyqTzU{k3+12hFztcSi}rsg
zz9NsAPPfJj%h%is+4B_sy~Q#_EWc#Mw|T8zW&P^>=zes8^d(JE9`+v-uAA&HB2ZYY
z^XH@#pbwvz0#8f5o=?iQEHSPRCDJVBWM=7xGD*#Ldn_70^T9P(pQ9qk3<7M@bg9Yw
zmTiO0ie7zy6yt#W!VIQbf6YINs=YbrQ$*kD0=j_kb7a`{eKOcppde-hiS2W$N`r53
z5w1s!<wn6R;;OE-AcFBKR@fe7jo_Ht>XX#_q_6;Ibt$@Z#pup(2BzGoJ^U+nvt+nm
z(r{=$A2)squ`VCKq|(5THvAeb=JD-1lvi?u`XSd$Q*?La<;C9+8U^jaN=@wV<$!Ab
zyGIWPmP_)#;@#!>>iWi=`?OFC$VZlH1}1Li{M)9`T|Pb-NxMmc&y3N#Di#O*=Iby#
zh+B&AU-q4u;Id8?vh(}}FQMUIe|kfEF^~Gn1T6M@m4>+Fq9vrV4hi8RxI%SvFWIAA
z^r#bjIsNZWTJLcYN>egv+y-S#y&dfIh0E?W4`%NScajhabJeKBOX*spV_8WyxvB6)
zmJIjHcc0WGx74}~t|VVfckfua@$$a4AjoyE3jDH?z&w=<nKjpjHt^(hX?>C*F0h_;
zrR*>byL8q$ZF`%}{g<&?e8>h(d9e~#&j@3`IRvbZk6DlEK@cql!&UN@>TlSeY2~+_
z$C_(uS#(HWYk0hzF+Qw0!!Q&oM2vfv%%LX`%2b5KQb#{4d0f{X`{S1@6P4yd5Z{;0
z4Vk0|x$6tJSjBX(g;5DNM?Sp#{i}7iDw8WZ2?Cd_wcJ*53lr1Z@DtM{+O$cW&D3Vp
zAF<sR?7Ju@{+>HW8!u_TMsYrY(jBJNm2)|!)QzT#a#68>iP=~~#`%+sPE}@E^X(w@
zILmnh5ERdKyH!)+LGQY~Jym&fGM`ye?M<4UarG_ttAi^_LsZT!6*Fq+dObm0TkO|l
zm25Yahn+@JzMuT(-b0*{pmK2#F6_FVv<`hp=G~hCRX#tu#jeGAOc{w^6gCMSwDm&r
z5!RMz8a`y*#cB(eesOWP3d!Q@FANJIwK=QWshX{7=83u$6MWpTxu#wz)Aw+b@_e)X
z@z9p2&s_PRxv+Zepa|vuSjIL8x;E5d*-tm1c8>9SQNnSP4)ED0l3d$8ut=_m$wR$*
zHNNDtZ?ZZ$&{a!LDQLDiZ66It0`b?+0>^B1Ha&E5v2&8d;KjH0{ZH3Lt2N3EakMK3
z4;J`8vocp;w6Erwy@vpK!${NDT{NCK-}{AEi7wD9lVi(C!>&^qKhNQZfgD5PEwwr*
zl?vnIG4U)?l%6SEX|s-!Lrqs8ZVHyx%V~%SDXrVT^lw*QQrMQL)Cx0dj_x?G7Hurn
zmgWz~VVI%Ynh^1AVF>z)0uND@2P(4lad@}i!tP7qKB{Z$B0;>uuu{M^(x{p*6gqnX
zco{sdY)Ig$iqIGzd<6`66AFLN(J3Rdc<#ow9K!X-W(yGCfk)}t1ASTZ3p~w<KNSYr
ztgm>-(_}hyse+4It9FZU<_2KQwS{kWtzAWR#Az9oyjqDlA8)H%u2+w@xBD(n#OioD
zOoV^uN}eskz!Pp|F-BKA`6hU@sLKrW74GmZUBcBQ(0vwJStwnalSNruJ=_c#=-M+^
zqsfvP)xMfTHv0=(D<SEPHZ_mrLDQu&0zEjXE-Y1E4sCS;S8gR}{3Cg@=H(C$tNV2!
zQp2v@J(+Y@=90Nlqj_xp_SNpk%NE_!bZ7V%WWSYW2CDDwtj_}s@4GHLIW7v!j+yC1
zUb)I`%%O$7hO10OP)G<h6@gV_aa?wG_NCMeiI{Ju2U2=ykKdzC98Ox0PV^FS`88q}
zS;<w;P%hnYX@S7p_CvaAfotL$Qt62<@Kwlv&dL8vuIJ;cc{_a)3F-X8YnwAnkro$p
zFuLBA5lo~Mr;sC7L6wjfFoM{c1@tMs;;nL^smi{;&Jcs<a%Gvu4UF32w=m~alGw3a
zmSCNBsC=!Rwc)8$XEr9}Z=v1$bh75Wj%XHj*x4vMxl&q6Yr-ixo-JV4xH}q54Pt4+
zFnHKa#B?0c52BtzQV17AF*ivR<WdEEowk!HNqSt_JE!?lbN!*~SDDx>b|~~-o+T4-
zq#Q_r;#ERbr~6)F{c@h^Aq{eQT7sXs*_c)3`knZ(A|dWLc8EeV7z~F8;P0}r5zTsp
z%g`m6xAy~a#P=^h_c4F{V&<ubO7gySgQD6@?zPeDcuhouL#%Bz>mtmbMoe#8*Wf53
zr7l7ta^6B}E^*DyM-!ZMK`gdG;!|}5676V8iY<8&TMg?Z!EMW$@I4MdHqR$D^jG`d
zTy)hsM_15-$SiV}IE&}!{P0Q$jKi{@R|S)w_E>e|*Jlg21V~o;Bi9m;o7y(rAJpKZ
z&m-D1GjN&3TF^I<bU@;`KXu#8IO)YS#EJ&Ux+LMFi2b3;SQP8a_Ou=<v3HGo(oEyf
z3$E>Bjw#lY;u|vj{N>SvqS_aZiHueC<LI$2rG7aPs4K<Z>ib#I+_n8~%Jv_vz^6{T
z5x6Xu#;}8;MxKEsJqk58izBvKqv(aj{pU^B3~(_hZq--n%CYvP^ir_c`1wGFXIQPD
zGx~7!tBfNhj-A_rUOFFghbOXZ;y61jG2@6X#$om6-}CBV$sh@#OQiz6%c^d2Dj8F7
z0d=udXl+leEvY7e@Sw!1Jg~jS8+0ScdkgO?Ygvv%XfBS2bjcptSI#U@Fz|*#Kp=%#
zxZ-{E+l=FI=7mIj;gEEfF?LbXou^%RRr`u2JPm2}dP+p2OVc#IB5gb}GQ-^W2a&X(
zkXaDU2fjVm3$yC$5Reg2aTwR6q2P{_oYrXVs>s@w{}_!iQ1yG7dI<3Q)<(Ryt+f9-
zKZ7KULw8Vt(+t|J4=BW6<_HS5WsF?(ZE<O|Z1!b(jR7(UK}<2qktG&4k*}OTd^=Lv
zd>%a$%b>ud@l~4WIPKnQd*AlehhCbfIEM6>8BRTL%*bUuK7QSRo&iUr1WRO5bI5=l
zHQfI8A=mJTK9E2$+#9Qvn*s}$yBe1D!9Ui1U-?+pe*LhX@sn$^V8>m8U2**TSI|_^
zmEF4}f22{PJz@XyCC$yC_g!|{gJnz3HS@y*#d(YIB8p5e2TWv=M(3v@;xUdU?_zyv
z^?Foe+0ILrKpL!^wRD2FEFx`Q+iOs^x^i}AY4GSv<Jz`AgcR$^eoVXcw*F;|?zZKx
z$6G!sRf(2}w~O2&7D?ZY1<mxvBxb%OH6JsrtlGB8MzfAZClpLGd|(k!S2N8{)mrcp
zlRY$UE!VvjtR5vb2lF!#sbEfqWzavz_qKjydOfnTMxSf@OGdaIv|74FX$JB|N_=CO
zynM{M$<0+`6uOon%F@J0l}^DoLXZSK=_dO6Y_I$T>=gxXiVodMndx-!q|Qsyq`w&Y
zxSATD@Uv~H@^Mk0D{9yIZWcBv7WYIVy(IDtWZA&N_Gh1!YpPevK4w8tx;eScdZy5Z
zaM#T<oJv<kkd|wExe_4;yD|8a!wHieLb6kD{MZVRv5)X@E#C15AuCfIb*g1!e(Yx;
z{nCB>swHmDCr}M0Mg%LCISnEul2La;!uhzck})zvV4{1GsoMJiAKRi0R};_Mq;_KJ
zxVMW?W&tWbw1h$D{Y4jd9s&qL&&tL+J$w4f<4#rYZ723RC8?PNZdNL?FbL@`XlLBp
zD&}_b;Il2oQF_YUDC6Y(R*}%mXA@~dQ6RG?QIdy1nh99j1###BAs~6e?)F{QB-s!X
zDk1+PxA@$6J=4U`MREqHsu!kSA|czL<$GUjNryvD`wk>c9@5K?A{XBK!(V_Pe1^-|
zmHMXYHx8$g0041lp<igd&F3%t7Ype0_!rG47c&>moj({bI-5_fmgrLMc0Cen6cp3K
zw!ES8p|KmgJioEZry4(slCKtm!eDCEw|<Pb5<q=-<&m|m?pco*ij(W#4C@rSjaFEW
ziOOI9FiLubYjAX-_%a_evv6x{--_4pnGX7#k&|mplJJF~Z=?<8Y*nDC>;-I*3Q`bc
zbrwA|u?a(3E+}h+b&`s<ImY*V?&V(@s4)URcv{nbv($#8DpM0J@T9*DW0W~FT<M<V
z`D;}%;*(S<Q_VskW!<7L>tep)N}o6PJt$H7H<OvA@(jP$%cMbYkb68SVbO#>BW<#F
zZvr+S^MU13`>(}9mY_$uU0*^Dgp-{smsZ~wJLowfU=XApgO{*u)brul#F*_W9BUAo
zK9@nqMRJnUA(VUHph_SjW)9eP*;|3_wKmSaa=yf<4K(#=#V+TOp-)bZiDc45N8GJ?
zzPvbHzTIq$cXm2LJ5NJ`IwzVYtiug7H7y$4<Imi(A4qZv)DU$PpuAFpCL~94f7UPv
zrf3;|x|c)~yRDzChSw~;(d*`%*ZUyZ4-=^~KmJ{M_Lt*|+xd~ZZM&gQlF@pZ0)0_0
z`BcHRBrv>)z#+zfG8pP8k_i~qV!4a8*Nnsm7ovb85~id*u2_eV1eiUaYK+jXlQ{vx
zQ1F5B2E{d{l3T@QBCLHZ;^~Q|_Y1;ZoZGsQR|K$85l-c}!nn4rtgtq`h;e`wcfC@f
zX>h7zny8v~Xjfr#B)z~#Ft8Ox(4XVhK<T{eafBwj5^iWmM;EwTRS#d-1)y~Ta_y>b
zRaq0Gjia@~vq_-fyTqSbb>%IUPlmk(lFFmkTon}Gjij9bhF8s44}u*5D(<YA>x`OO
zi;{d<?jXh$h3Nt_6@ndCzy%f&8IAcESc($E>dWYZw0U!kI)*T`M4=z8pY4ONP1JpB
zNHaf?rDMnF_z*J{(t$Kf#!SJa^d!?wyv8p)JO5VKC+Kai+wYJMqI`O~ppvo*kPlS*
z$z!#rNvNi*7<`Q(gOh4N#Bl|cBkw?g{QZwjYg#7y3+6`I@>)xUnlM9aE2Gi0_zZC;
z_-H@IsjoUZn)S!jBbFCusEzdo*YM*3`9n}AM~8J^46ZmC^f|lm)^xaPaDsVOOc&no
z>YiY0Yo(ZOR_eyni{%zbZj@JKAEIXPr|W@t{|1QOzFdoM_<;JU_DWX+Y=@I$6K2N7
zDK@R7f1~I^x2V6|Px8Ki3#fpN2XV;8_=-AyOdrqP?pBR)7WaGrCZw4}uc6K(<-@jz
z!`c^RG<#Lzq|+2}#g5{R#-OETR&0v!F|2=%v4H+UCbEv2{^$2DO?YfgT=cy=eO=dt
z_$8Ali!3k1I;#A3J95eM%t#V^oumIKO~xpmS&5B)#T*3=b#aDgeE>U2l)B6ah9bV(
z-@_@SY%$Psw!fbw7|T+aa|1uWPkq$es=98P49f(4XE!%c$5)O=ey9eJokXiqCxFTI
zl02!v@8`Y-g7qd1SNgg9bhMj_9>43J1%71U6FWZdy9^Gbesk)K>iucloqhze-wgU1
zsa!|i=2(bP%=+WP(tdaOmjG<(JLj~UqezoddaEXy0+RllbLz3!ZkXI6(e<eOasAo?
zd1HxxBY&Y~yZ6lrpe0Lg$;Uz6+jQf_7xl*3vDUQ*_UkkgFqr+}<(=WMW6nR=r3*GY
z@uZSs!>PgRvaIon-YEY4Ig2CmN|lz^;(<r6-9o8ZKNzct=9_o05h`(2O>HF%r*1jh
z9<Oz6yzCJfd!2q{_v%QgM!UGA%pnmU#A*gH2C1w78!?rjDH{>X=D=UfY;AJJ^IgV=
zw1I~JWZjdb3kOg7P5^~H^||+MRP?D9PDl!%-(HGe)bH$RR-ta9@#2_z>^@MPaM0Ye
z$MfcJB>x2P!sP_;Y^Lke2S@JEx6HzC^buq(Tb)H*MPY>DzNO*rqi@nyso{c0xas<h
z#Hp>|A2ynbh^Hlo^HN9FdpV@;k!*nz0C)Ha;C=vNvuqndzC&%9fj#FY==D8D-51_c
zK5)&uE)pPAfnq@#HB~RG)^?XNL<G*+32Y=4981(6b5aVZi@$Nd@>UA^d+%zAv-U@I
zI)qV6wKF(8vYI+9FnRKMK*Qz<V6jtV;n`@tfT&f<fYn;j31E#m#5lInIhl@d14oSA
z5Eo^?#v4<8>wtQn06GCY?em-5q}*o9IRO}12Wq*_Zw~aOCaX5ZKU=7&#1zAW*B)Nu
ziYtvjV6v<YBdgQdsI!Lisic<GKAe@lV|@lIVnQ%rMaFPT^5gy;vQyj=DKE-dW0_XI
zNOLU3Zu4Neuwz!DeAK}9@apz>$T7!t3Cong$GatmXYU){ht>@ExE{TouK!JOT_Pea
zdQv!+^u?-qmaCY*vrfef3Jt4&o;DWE)_Ce}w{%RR+h95Y=wpu_Y?$|yBu?$8bT2+5
z``W!r9A5agG}<<~PkRc@1zpQIGG_9NO^@1En6<Oaye=ukegYucT3HmI0Gj^bmm;no
z_3`hocpVGMjd&EXOxLC=li3QXv~rw^TOq*@I=<-ZtQtst>dN;nUl{r-Z+P&qy`K8I
zWU9<wOMbm0gYopA?xGTz0#dZf3~h*(bKPI#HFnq%ddN<4|BqgfLtN=He8aOP&|$w|
zYkz3}(`hH1hkvcG83xpwo&X-oP3D_!zFW-BZ+ddTcmfdOuCMk>v4WAT=-q@4e740n
zPeTyqDNg{56~;?!CjddkyH>jc`SlM^0DF(fjaem{2<^K{bpM07i>Ys9$4{9r|Ha#S
zFQT>n>4f14Ae5}ZfIoo;|5Cz+WiG1M;em}7u#k3y-EgP$vgYM%&J(0SJ||y>3kK&4
zHl%XvYa__?9j;cNgZ?G=jQjxW#rETe7C5&|@^qvvv)c2Uje5x=OS``^^O#BS<I0k7
z^Wnha&M)~mf2*t$z~w(O6b$^D^yS~LhaBHfl$7ag$)V44%rWv07jw<ep(eDe_6Z3D
zP9s5M0h5_`P9rH?B!+g#!)4-j;MS%24U531B}cu%Cx8d1cW3ruoy5Mzk#eK!mo081
zCI%GSe&blH-U)yz-eP+z!6ra$i{-$pDd4@p8i4KrO-XBAX1()nNk1^)4jYCAN~Yca
z@k;u;PmF->q?!70sg&Jl<gOF`7oqUu?bGh@$mAU15ym69$eH(h_XZSKVxV<hf`Ke&
z4A1ay2jzPPLiUD9dA@<e$1YAb>nDKD?S-$hK1ZK_RZbAb(+0P6H#(qoMdSw-`G<m#
zADCupxP@#veCkba(0LrQo&d$IkYi3(Si%CV_R@@gu+#>8+Zl5nTU9coDPr1b8gj|H
z9Ef&MIRR8i9n%FaavCpyH@I4z(d_}2O*T?gNcSjP?(%Wz=G=bqWt!+|A2UW%&R=WT
zXLZj`SDSxeF&!WCo36iPvoBEkwSuEv^^OiPla$S#X{tnOIxMnrrZVtaXI!?3@866M
z#bdt9vOs-|-{MK;y;JF&!>u95<y*-a-o|<sl5?Z7FNY14iS;rYVMhhUQgp26ch~8=
zv@54OJU|&jQU0BTVFGB(;~b!hRCN8*W*>XZHMKO6NTs~QWnht$^oAggQXgpw%Y-E9
z+K6XuZ$$%sa=RDSIwPD*ei~~K^`iTvqD&VoWW_Qp)U3Bn%2jBhxivA;e0{&8=@V>V
z1}K-$eqoXJofRJo4?mi(DTIp8z}7|ur`Vb@N9;$^D~g~heb;0x+&`n7Ft8!|hcjgw
zdPP$kG#0BS1kLJW$k1x~mj1;VHW%6^(cnD022Yi_$1_XF&*!tpxWhBS8;q;YT-(qC
zPoXV^Oc{+Kx-E8#0RptzQ_Ldqz|_#o(1g)^9nys>bBc#58&)S#lqX$(JxODrIpuZ+
z)K`bwuZiKYBpP?Dw=WP|vNuKG4+k~R=HH_Wa^g$4`DIui-X1<U36Bb3V4y9Sa)<Cf
zS|#oecGhRD-0;-`J=As-&a#boygntfyP7q?(tv7u%CA%zWYYSqY=ns`#b}IjM?IBe
z(I|c~!mHowfypb0ZJd3GbTJ23fcME`#-0jxepB*B{qKhmdKxYuMp$#!PCxwowgg_D
zYw_3)KMMDt@tDqN9-X1hjO13%Qi&79ynGtQmxX_!VrScRjSuW3I!4G~4byy>^T@I_
zt*)hgx~H??(`HqP?TBdP{cuOIws-w93m-)*G3%tFLHKCAgHV*Jss^|xrQTqFe~~`R
zUuBWM1Jp>HE!m}25_p}zpM8Fb^j&;rZIb&?MKa!gbyCdubs0z=6SE5R0#_S+E!&E;
za9ffg$93ddUuldvE1pn`*9~Q?4c2bt!yx!TA;--LHv=%TUh?nm`kY%zVC!AZ!D+dh
zcr2G!wyUg9YhwCihvmR{G<843;qbil;tgjf+}dm%H(pHXbu?$8#r<BLBpK&k7NL%x
z9}2Vxtg@6^#q**XcKP&i#L=7aUDv2rQ8h?0lsX;;5$f!$ti82#U;<Pgk{4`4tFU%E
zKN-I^#n)Jt?=v`pR4ILogTKO~*eQp{A^Y0#?TAKfVK}!`VcGDnfkBTkRT1$MfJnpe
z0E(^H(6MW{d^X8UW6|IFsU5DY`!SEX2&6<KMd2q1NJY4^pqnojbZKBnqCn<TQq9*j
zS!Q>(mbJxxa9)9%R^Zh%^kxgs5nQdYMwtWFZ&wE53T7ML?~kZJZ&L}EFCJTm-OI*1
z=6rg4MO<?D13qOu{c5(5P+1c%<o*1%W{8MtWP_rI{|t3Ngt!&o!jJ4_S@kl=mcFy=
z>{mYB0pd)w@r;iD=5PHFls%pm!unHqHUK~Tl^k#TpK#WY<n`GGd>py<Yp(N3Zk$Kz
z?}xqhnTNi6?tko5G9J)E(|5wa|IVXypZq2RC^3GAn7e=fv%;1kd6ETCL_Q!|yW|hc
zL6LNZ#b}F0+1DASIQ1)D&obv&j=Ai=7xBw)lUI<!jlS_Y&mC6Lua6(h$0oi`v>6f4
zg}j0oTU~&>x?PP)F~>TfM2N@{g%=dO!WV`+JKI|lW<PxBgw2TH!?{(V8Y06Q&LCKh
zL7#?1VH6amG0?<Q%8;-RuJ<jx9U+U;a=Z{3@2kmQC-l<O48b3}rU9jjkBTs3dLu<+
z<~9}>`FQ+1y<)#CmEu6y22YdNGW}RW-Z!I>0So4M`!dn&aBc5%=Y#GcOk}I?#7#gU
zj3FVNi$sRtMPZ7dZ&l;5{n^z-!rZK-kqdvv7z3r$E`jjARA`98E>leY?c?1henIGg
z!RLCc@@t-_6sA|qgi;b~Lc+!*xcXHy6k3|VW(hWm58D7~i}Ps{NX}t%4bb~C3-wr)
z+H%b$6QOMzn*R7G3<N`X(qjh|k8j&LR2j<kad%HZ>ZI6yFf=vX4I3f-h*=e)p`UK~
zJ<9#`y(%0k1`CBkJVmUUzyKEQ&qS>@#Ardo`c+-6)VzW;Le}h?;`I(k=`_)*cx^(`
z?=e%1-_0^uRs6U{CqY5jhSZ#A8&?h2WUN)d6Nr`Ov$OHnTRlJTHt!pSbVcJ4FCk9h
zOz-+t)f!_K+=YAKBk_tMvRX~cIQ-mEvcYef*RkI}0vq!nkTuR}Gj=diKBRKhM*8fH
zZLFjJMeF2_zA-=8Rpy1C_&9`+?mZCB!CJ6L2&BF1;-vP`FBT)R5ptxyhmJtjCBgTD
z^Tet8XI&=x`#xo;W<<?aKqFL#UN31?Lb#*}7EcD_a9n=gPau4d8UU4mLFw`@!M>4)
z#hfTB6O{Ao?^+*Rb?#(>Et`PN6nuKgDfehDcgZq_?A@A}H*wLZ;*!2SJHgq^m*>Xp
zxmej&O|tNaUD6u|3JI9dboOTm9d)Cro#C?Q0qkPsViGZ#43k%zYBlfO@(KhEnq$2C
zBE~?rcluu#2e)=+yo*w6ake0gRbl2CDzceS`90+^QVm)4(cRkmhPuqLaM40WTT!{o
zy%cQO;8}B)@hHrMdPhXd#F?h;{Iap@sM?~pbK`P~e82Ul*N!ZGT?oI&&)>QjhHR#Y
zv5_)$TjgGNynDOKx4qIwSq{5Bv1SasjJl|UiEHt|W_6M*T3^euEPRCJIjrpl#-Xo{
z&g|A6KHb)qSxgaFlB(th&yP5dNR6d`<lN%&GytF-FD;bZYuR8?Y-ep0U#%!KY>9jP
z0IsmS#AD2$y{C^)vBz{{liEu37*>%Ajj0=F-}h^CHJAU=o)$AiSX<l3=;%sgqh_@6
zI9c`|W=}#Xpy4fMDDL@YzqfGSP;jya;PQ}m`OOhs^?mI~xI~vuaca)f4c!k5o_fCK
zpQBeTT3cJgV!>drDjW_63ugTNx&btNY8AVdW}1@vxXU<tVVYIM(JjyE1dsp&!Bs=H
z-za;cGnUoF4}KlhyRYf8#eE~93s}HP_988abtL|iz9d5{>Usq+2McT-7!M2Q--=#_
zKmH}mWwK@&BqIj1fuOW%I$DA68+j{X1~JQUxE)x1xV3Red-L2)QrKiS_m^zVU_F^M
zAysp~?i6Sv=-?OXX6K&dXdJuxw;g5OaaYdia|81QeUZyn<e-UX8s3E-n-Oas+3}|~
z575=fcAaq)_FpE?A4B)Q43^-e`B#3;CxHI>Km)`3=L@=gReL9eMXV_TnWFHNyak{=
zDwM{589qw$O<9UNS_MlLQ@f>x0Gg72F=m33h2t`7jLUL0cgJ7ldY?DM`n|5q#(}Lq
zb)#A%r`i7y{L^4zpYO}DlHM|2vEe^d{loj?B}dZp#Kl76>!l?dsnLq3_D9mR=Jcvs
zy^Cct+(pXCYdbQ(-l{0D@N^?!ekJ0#cguKbt7I#vYY|rhy_S#sL%U9LJV<D3+7be;
zk&S0Ui491GyrU5CsD7=$Frf4Vu->q7;RFzFTCf#)0*F6tYVQ?hDu>p5%SaZtYQDXd
zQ*~GuR48<5jNp;pZpPZombm<OCw#zaH>u<|dA=c=I{(a{*^B8I-F%0Z$}crnXs*po
zAFtC98LYzWevEb*8!E-J7y!t2iO<`E;l+|e0^Q+l#lJJB{oYW_Lj_<I4U=MLUM*_n
z7uueh4HKG3#qaozx=H-9OP6Iyz{ZI2z`pM97pL5lYAug`;7bZN)4!kFuqo{HarKEO
zqV0$Kq!{yEnf$V}K_tR4ccu_wWf625pZm9&^0)nR8uS}*-*Lt&E3#iuomm8CYh4=u
z$6~5^#rAu|cFM)XQ)<>qZ;Ie&yhu}j<5YDH-!95-|9W$zY&?BtkG(&WOk4a^KY~6F
zRDLv99=Js7iOM|zyzUS_@aZTWAop(FJwI@aJI+7p;js)`Osf9zh<L#=sb#JAR2>{-
za_l$LQ^WZa2uG3g+s%q1huzL8GlY_H)&ta-f7^-+IpSTeykK!4a(C^Nz|kjXZw_Z=
zR2bM29F5lMUQp!o$hVx@R_GmWnL7bs=bT-~hE}ipSFY5}o#G$&PwkRT&RnvEhIBdP
zCo8%d`FT{MwIX#tlX9wdejl3M+B*R(Z%h}<?h~eqYJJ&q<?)N@^UiVpwq#WSoNC8P
z0$B<%kAfwk$X&qp*dIIV91gZk4&^#5DUIwPSB?%zuPp6csvGm1ayz}{|29-#`Sbyj
z&jN7vxs%TVXy~GWsgN`r)(?&`WQ5tTQ|AHe3p)nc;#1WFzKB|t<R8kNs>pg@?yq66
zz}A*kaPVA<9#sGa{Cs9r(z3kiE5tc{KWkQ;>jV(7Bs{j?{pY4{1Q*wTEIHmG8){jK
z(mqQE#1p_T55@h{&euzi&PHl~O__kvPC)DhU;JUN2jmW9XAB{1VSO4l@(QLtUNhW!
z5p($Pv@bvOjq5#`3zjbM?0z_0LXzaAWUM-GzTAPC)Mdar>p&2G<Ub|<Gn!`mttMm*
z1Lq%>%&_nMmEkz;d>TqgH){v#lRsuV;kdqR?WZ}Tz*{9D;1bPc7f8*peZ4zE?VuW2
zawuW^k7xc@{`cXY6%WZb2W5!DuU71_Aa@g*{q)59i|SOPv4^Vm!+*xp0eOdvSg_@O
z0!S498ab<twJwgQ{kgm_k(%Gf%}p1>dNn@TGcB)qFVlV6?iJ9?Wl`^1BZX1;!SoV=
zbY78IPTouT&z0xDzXC0I{BDW6kauNSkIg@kgW4cd7s8qL6<g{P?*0e;S;Kxp?SMMz
zBE?RAp`mJ7Ubcl0>xXItt||pN8p-<<6Qj3F=h@3c^rd&_aOUr9tsFm%=!-J=^c1uK
zV^mp|31)QVDi^xK3B}k}GcfqHwt7Eno-OZ!Kb$L8IG$w5;`v?@XiU!}&bGsgW>YDi
z90;?y8ZgS)-dJv$m_006&Tw<A`9b-I!DfqgSzaC~&K>8hu&`ja*OKXsEuue#2Om5z
z8dULbs#$*O%4D0vZ1vF;^MXS{U`9-+d*)34K4n$BjBLjK!>{0`@NJi<CL#fW<s$fn
zWmPLcN<y(YHe8%GNBT$ljKK2bTG+daey0~;xs=!Ydy9uikCaNsTQ_yMl_XdNeRh`x
zY@@SceSM%j_i|gqI=x`Q(DD|##I6X5oTmc@RjWdSaFu-P98(wxp@&02_+)Y5nBk)~
ztk1{myfW4~bXc*G)Bp+<#;q+r=Z6)RBsd>(2RaX#!Vu)U2Yq+OFTx_GiA{t@>NP<&
zGKIaj8Z#AM<zbmMx`cr|#GAgq8n@-cf{i5Jj9R)EnS@_7p=JHh_<?a4oK#SQTYTE#
zslv5BpJa-H`a?K>zjYsBsT78?BsTnhlX7=8tpt`56No&j*@+!<kYas;Nv%|dsX~-*
zU{<P^k$QPhSmaO?A|hojL3Eut{lfdovXEFD)?HxKyC2AHhnda7E`#mh>WgAxcUV+p
zF0ZPRvdcs+aVLj-_r7I`Fc0PDE4`6v=m?R55a=3XV^&`nwQ>xTEOzAYHF;!wma$Ko
zTBLhROpl`VR_&1POK}~c0+z6<n(%Q-CWgdfB}y@uYZQP}(bu}Pnnd3+RhbALdRA&z
zI65Mke>{E<<9rWCn3_H5z-Y8VIXM(&?bj1q^cEsgY<N=!WuMJdgp{GQI<=t9rhHTd
z6YO94gdvIp3R9mhy5ULq#oD(>$J=G!+Lfdm6T5+fsY?5?aao<QR*hk9!HmR8V%mA1
z{1EDQUqVJrA{oUXh-@>6Q|x;R4z8@XrPQ|?Fn^7ne;qCp=u0BcpFP?cDZ=cQYFZxl
zaiDbgn%FNQP?vSHrU#4pptK8oP_6`b_Ln{8c1HB?iRfS*#9&s>G@33_a$Q?MdH8i7
z5=b4*z`&^M2I8EW7I{Fm{2%Pjlg9Guk{yKXdM&puWmgOul9)q5%r*FPBF+94jOK{u
z{slftXb1@b;v~b(QvQXU$;GLKbFv2m4rhMYkXn8T;jGLH>I+#t<pl%QM-8{yKkk1a
zzq>5|%76YF@${|tcm98#5NWEv8i{K8@n&i%@Ck)WYNRGxO=X<FTk-J+@8QkTgARo8
z5dW{GD+zxPo)#Swb^!5vf7M+2n<VcK!lnOL8^cP!Vr}$qiJ~z6Tatef{?woI??gVG
zVg3h%jngA`0x7*}?N17m3hv;NyW0wp^8{gm!&_M*K}AVX#RAG0Up8B=)`RG<4{;uS
zztAq5&r^>U%jq8c(FR5%$D)0a?8+iNq-2Tp!=jkAKA~JMueCdMGgn}k1lZVDAUFti
z3!`^y?7iCB?V-bEpNHgyOu<r|*H#eouKprh?=jP13)w$JQ}UNf=+VYszM}uJ?}(LE
zAh77@6R_^zDv#wU!slti{?zzcvwy2bxIYO0zi%vChh4pt&2{#Fen2%KKcj6lB~&`<
zC4Ca!*wzg`wKQ9y>qH!DPP_d+w7P)&-qB#iYUc9U%qI->*f7G6Z|gdF)}}hPiGG$J
z`q#A2kq<PL`t`PWO5?`yV$bQe(LaESRak2-4X@o~4R@<ai+GhsyV!mX{JEZe=C{Q?
z?f`bdsJ>U<scE!gp<-e}!Pn)7m~Ac)jl?HzK``TDw{tXuB8^g7*unDK=#2?JB{tgO
zuszm^kR72fA?IjA=fts<5@zu;n8R%RpbQY~6`IxmioRKWJgoNgG?ZwjBkDMdM9?us
zU;Esr;_1FjM^l4i3U7I~I1*X<-i&YLVmnL?A8Es}+j>Fnl2!h?KfGUaaPuQeCu4^1
zjr<b14({#R;8~4wZ;WY1vn}NJ12bn_N$8pwSM;sP1V)7nBzN==hIopUd0>LE;kR`$
zXb0bokx0H+{P*(QRa#YuJNnja5n+qIrS#I{XCCw2dRq~}(6yRvHrNvpw~kn&YNi`9
z$R>Wrb%PORm?U{fA$YE%Z%xj2xQ&MyyJ{9WRt|Wm6D(e8SxAnYdy5z?mn6Mw;qCn{
zHJuDE8ux~=LDnZ6APfxeE@WK{O<TIC_`<BQSzp^fdY0Cv*v4b??i+*hCdiup5-04z
zm|rD?G1jaA?*)>t7^!`LNRhK*Xoq!eX0KO+*p-49D|EhU#b0h4H2TcOVImmHbn6&{
z37Fjj6hG@hbKdE)An_R!{f%uYxk}&OD43C_5Qe;74rT<emf=a@UTLHW>jH!wY+vfk
z{UdF0j6s3!O*b))#?mZpTqt{X2sDO^FvfIzhH2x6Q@Gf_xI5eF(9=1=&wcnLGxLJA
z){zQ0?;q}%@l#-S(xglYur>^`N#VBAN4dLdtX+3k4(WDR7~8q6>NxM7{(WDv|7trc
zm19b+!$)87=7<e#3Cn~Vb$n4!Wk?H6kZ#M=V|l{3EbLr<=b~h}a;y8e3RQn2($#1>
zH||<Hot&~;<@bg29fE8zS!3=!^NZx*I1Y9HQ2xoOtaY)GC+j>LZ7>TMh#?yJMpYba
z9Ca6Ad(9Q9-<o3PECZF_(F`5y9lp5v9~%Czlk@-OTK3%MdDAG;uz!|xU#PecC4|u+
zMkp*SauBT22>@qQBzv5Y{|Uk)F?G`Gd5df1((Ph1=dlOP5<vXh&jVTWcSmx=uK;Ot
zZ7HEOD$3g4*YC+u)hk=_<d;r}cudU`xO^kq7Ah_{C`=si9;*!RaGXvH|GUqXzE(IW
z@Mmf&phw4)=2p;kN%sjPC~AQmmT}Hi@kx*(^ejfAs+=8IH;?0b>keYKr76bMuI4L5
z-PNr%d?cZ(u!=qQunl|wV*AbcC~vV0;<EVOve$UgFdP-;IoE)t)pQF^#59BgC6}DJ
zYe?mM+)yAjmVCU167cs9HsJ3=y#JdH*IpGm0rU=hH!YA++Q%M_S~X6c06+%dB;f;k
zbV7;yGT4@EEkE7#{#s(z^r4^G`)M8R8Avo6V>Elt{I~|^1ZC;(E^YA!Umzqbn0daA
z-xb336k7Nn+C#ql%gn3y_k!x|X&l)p$doKc+T+E4+~=63MqBas4HU44vW+=8SBu%^
z#`d**OGZXBlVhsp{SFu@OMi{U6#Jup)@$p|NJl&}k<^Z{7!s8rwli*O#B1?Z@=O4U
zFLR=CzFe_5AD%JiX`AJCKbmiWJ74Ng0KXyBH75Xxf(6|X+M=OaL>~SyxZ`eaG~deb
z>%7Y^*B{+&Z<F&)YIBl?LYy<SFh*myuSBZK>(0unpdAZ!jP0c)i2)OE#PF8WY%<~{
z)C{3VYiIUe)sIAWC{EdchFkpAyVz_>gbVtwRmnX6n!DC!fUZ8TI-(rR&)4GBHW~Y>
za(ztEE$2ZNF#xYf>n6rI?k{|%2bos8KEm31;dKZkzb)bUy4qFK*_om}eIvUKE#{`e
z$VOhjF65fl_P4Bpkf|;Gk$XK<psyu&HL6zK6YJj!X;0}iFD6A_t9H=CHCD|;N>#sC
zMd(Gla&iij<CnRx!tN?rbshDUBcr&XFI}z<w~qwo=vt_`onj(7Ae<1^HmMs~jI|I&
z%cgPleb=Edw)YM)YZ?9;Hl8cCo<=l4Ww8>oyjBK%9r2g$%c`T@Xq-J>E6vKk;}QMj
zM`CHJ6fRt5usErL-``Iz0rd8Q{(I++cKbHmZfPp?tw)kMLJniQ1YvMCW7y`n{*Y16
zyQECUqj7o)Zo;C1^qfY+jS@^?8X}~d*ekAb+LxO6NBBpOTwaz7BC*w#@jrZgm+h=k
zc6aRzTidt%iVHZ}m6Oql5r%Rdj^gCV-}&rY-~IAn29`_i6+dq&#%yAX7|VL*5i$bn
z74EE2g(`w(6xQxJvedJ8p{8M-m<pkOC-Oni`LLM!H+I$|_l`R*X+FUd7R<tvI^Ks%
z7o>IA=mR|#o^}s)H?C>RQm4%h&Z`k2YU2+oK9&ew>X9QbHM&cQ%-@Ua%U&%;iJ$KZ
zJD`+^;p2qv<>~O%@lFRpHk7c@&bI5pS3i7OJGx%BZ~`z!^O)wX!>7Etx<qrbZM8L{
zTq-Lk)I%(Pc~tuH?j=Q;YmneJ74E-{?ygqv%YDvKF6DwDHng(kt0nVX`#Z$?M_IoU
z<-lEhoYQuy4$J-_mt6L3mmD>G-nW*xGE060X0(<LcJ0M6T)hd#IJt8%<#CTcsf5P9
z%nfT(MG8;su!OS7i<^{7EVnwkF)Fe11gYy`G#`seZ@#ua?h_N;6#U0n1OT8!#14_L
zfB)<8mg%WO?Y~<%(-gXY*UcrLQE=H{4l`6O_?NXXxfK@Z;B|PQvWKr;v3R?Ye5&oO
zha?KGb<t4|$XkQdkbxPY7BfZFSa2qU4>(Sk1xJtRt+^OhI0xt!rmB6HiAkN4L5sE9
z4fa?+l>{ZOyY-3iaouba#5<y|KqRLJ*JE|K^<M{Z?cY%dx3zHJ{1x(3NKwxn@9ie)
z^r{J*ZznFnynun>aLqLB;c`Ynh%b715GB_gON>{G$I?)7D4H|Q<k8bjxrEzoj-33+
zMZAMhqxbN_w4>|AU}ne~FsqASya3f1LIT^&%lnxOOz?WN6xr)?oB(e0Q7I8Djc;+n
z*IIZ4A8ROE=;m=%Vqsn;7%x}+c#ZND@!@vOHx>tEgumgteF_?z<wungKL;Sa?SfUL
z^pF|BMkS#LHDcOus7}@{uE}*oz5!mfZAvuGYq!9uYEAkJ(E69S^9F0Z8lbK1cGDy3
z^2t)CXY`WQ2?JW?m025_eCZ%xbnBjY$p&TTn{%EY3Pc}jB&~gM<<6ecD{8z$KGP26
z05XOHJ03%#BVK##4ZMzZsE0;+G^9IRU7pe#ZD$EPrnEIesKtDRDEAPkwC|OLjPP<X
z*_G*Qa0o?42RNdcCn%OwHbV0VSkI8@Y9j`tCiyf5YS2gl`KW)`J)>8&@EAk|7|p~^
zVKjNA3S(e*?kAXUh)0(p;HCN2bxOV%dWIGwEi+MJz6_6h+*!EFo9)_WMRw&hPjg9r
zwL`Y3yajr^R0d;dsvcr&x6=33*qkc#-C<6)mYowRD=7*kJyuMOsT|?<<?3t=>Ff;F
zDnGbP8rTdkVN9UEI4Czn)rl&IfMb7#UU7QW9JP^O@mia_m4Rx(IP;Pa!-Fx)uU7Ir
zcJfB(uGRlsWq8Lpf-W3B3L7r!ZoxYt24vqT^W5fvjp6UbSkn3>OgF)9#J~xhoE&$5
zIluSimZ5xRZ*uW=n2ll^=QPMKlD#$qr<&B>(gszITFOWBZyLpMb;gup*=UWLWd(Ao
zkNNVSYD>QVwjElUQ6CZ-1;^YBGDGf$^K*#jhJ|y-2$3B~M=CSdO5r~KFObfqliy|X
za{n81?-|w9+O7-ZvMp3ls!~LSgkB_}H<c1dLXpr3pg=%cK)Oh=0-=*aNodl0hlC~;
zY6wWL0a2QZs&r|tFKfU1-S4~hcg`N?8|TkAe~>?OPR5we{gnH<uj{%=T<O9?j$1#{
zewXgApgxdS$<;LNK}=n<Cgf_OvO9k^LGW@}Ud1!)3qik-!{=BMS3JSoF*k`^yKlMW
zeQw?|2-3=<eKvdvvsOfY`HIuS^f~7U3QfGKXbK*0eSqCP!n@SRIYU~`8c>XlEG@TP
zQ!aE7w8c%6us@@s-IT>eSRgjGE_)kDFYAQ09KZd-gZ!l%=lMTv?QI5rQePyiBZhz6
zEF-uWi**UyBeD;<%CmW^CqxqfkGI9qQhN`<NlX3uC0_Td-3~83)pRItr>1VpW4xmB
zVx!dN)iQPez+tP2zZV*+?7#H0$m3lc4!l26o~OTrqW&`CG22iY?YSOdO!sPEvtus4
zV5Jlc)C(EGTNIslZfahM?;J`f)c=#Ia0ZszshGLs(M~w#P&lqpj2_~*A1P`C3{|pS
zfHL46o{OJvjY;F&&eft+Bwot~`O9#iyS%(|A?{Pwb7+y?3_>BiQ8Z2<ngOLFJqg7+
zTg{-sP|eP#ca~Q#^?dSFMW?Q)E&Ee(Q;8?O?0BAJ8-%Kuu=A@YF+S?acDWj3Vd-vL
z=!-QgrzgI2r(r&8r3})$KT1atI#mPhDy?}nlOIi|yT2T=iA^){VWWjU54fj6y9$T(
z#1my}y<9E?ng23Bg4qrK?AqMkRC6%wq8&*i1LrB;Z{6=aXkyDIMP1denK;m1b-xfH
z{ZN`z4Yo?9cjmYj#7X;@#C!>U3dmes4!j{Dd(l??(Y=WQDgBW+FGms2WpAKss5+lG
z8es@6r|^j&bo-kWp;=M=K7dV-EInO@`4RgbybgXPL%=cKkyndV$ZnGNDzK2}g;?bf
zuj0K1ohJQZdg$IM`lpnp&Y`f9leY;kblw${J8d*2SG??V)C!=^b@{=!-0!6Tq(o{O
z0kk2(X-ezmEcNT;h*0dW!o(qFW{|5hR0=cVb+h+RrXgqNXX~;%*BFccnZIoZ#^PNX
zoQIJ+&m#V0lI?!a*eoC?oBs6W-)_uUv;B=Y#$Z|gV*@(lel35*2C4E1oY2i>N$myo
z94-ja_0|Yal{RrhkBA%P-LW%w&S28PcZ|InNKQ|UirIFx?$m}CQYbhdYU~{o|MRy4
zN-pZ>za}RyDbTvTwW-)OZM-}iQ3Snzy^4ufI(?XKf9b>UlT^ps)lDi-7CLIdRD*Yt
zy~pPFKlT{`fipH^wX?}Hd(&QbnQqE^`@8GbUskf!NP+gr9(RsZeATb4iESIqlgi8P
z6wvB1qzc{h$eG5FcZo!i(<GNqWlIg7XoAgn=P{+<_yKIx4~i}(@tW#sPCx3j%FD1S
zY&VI>pu#|3kWY`4nB*m&>Frc<ruP+q3nn^j{#fiN_7=Bv-QlJSd;$V;rr(Ah#nmyL
z;r+x~{E#%B;Y?6*5|Vi&QC5}!2NE|^wYj>`uHKP-i}?(ey=Xf4p1?^n&tXH8RraLw
zjSPE3R2<m;^3|?#;kRy)d~=H@gc{S=*>9;RLLEfA6##)e5LmE%#dM1IQ#H%I>M`Bz
zCbv6c;qhPa^8-Z-HLsqo@878vM05|>@m{eRfg0tnt~vBDsq_`@s%s9op4Et*pSu59
z44A5+B?PEy!5n!Tw1LC4^mVP1DaulA_js^g<Zr9DNcqb{#k@qL-x$zJMg9BDOF$AV
zZ?aZE6JRN=tC*!=<O}<mM={RB^tny+K6rmlg1>#!Lxa84ThgrpCpbPQ7X1gh6Ah<(
zLXx{N4C@S@e*k!lc=?-N@+^bfWB60jWp?nF`f=ln{}2)WBc}fO_td}3Sj2Pwy$18&
zA7-z>w_fB`+<BJpO#0zj(|^9<-+%x22c=X0{NDnU`|fl{>9z!6vRWs#7&{SqCdUfc
z&W<72cJG096PK7+e8Fudr2EZx*H30Zw$@h{{c6Wq5l>1(aVx6W8%4DFTT0t*6({v8
ze=?0jHAe((?VXgl*@n;MEjA>zlS-pYt}c8`;|Z~~AEG+}ehHm2Ey;_qGP5;pH0s|Y
ztLiHX`$il`Dgp3wN^>#(O2MA_PkVcNgBQ&$47^hcw4#r&qkTy#gQ9ec9z1C6*&jE=
zx1@7+|71En=!tK_RF8VRIOL1bEv@xa7YQiL=N7kS8KOJNGo+{A=?<=UZcgk*mZELD
zLa~R(K3OvL?(m`-n`i9g*Te1i%>+Lx6N}q_Rg2DA{K+)@?9KV%OyJ?-$=CLGHt$+O
zwhE~Je=?N_R5rbQzq4vvdArx>_vd|5?p6CisobwurNqM6#MI(+dE1WXCVE@%0joL>
zKfM@}f28+qY{QgNRy^uy@fnf>N9n74k6ier@a-g-{xf`a)|1Y3*zSKnJvoLWk_VB9
z*L<KrYX=;oV00guFUkVH{X+0UUVl00On3FyxL!1cmr(D%Spw~Ohv%R0v69;7zsJks
zPJhXnd@{HPIeDuUc4|cn28)6?O$6Wl=g^-iEyxNkeU^9W`**W93_!#{W8eHwCOw|n
z&!zYNG47}Sw(2n`XVv}T8rdf|zP{`Ak^SqIQy=%pcankv@v@6*YIpcv_|CT;2ccVM
z-}~M@f89GoTa3aU4%DgntFjjop?-g5ZoDeBO0X-oM{$lW3II?Jevh&5W8%N;c8h<g
zM#;FP4EvRkaH+-cPALt&_v>_ztqt-VtK84(g_`nMdeE7=tfNb0{((~+!ij?%&@Y5M
zOccNt(|WHX+{nb5VpCBW$>nuJgp<a6uk4o@&(&vp@s97Nt{o`Hxho<L#$NkdJToZc
zQMO$s8*rn+Maih5(RC;RL4>YP3jAhT-fE8jm3YH!(PZRP;z(otj|GjcJ;SDt=Hx$_
zM!{0FlUGUq81XkN!DShbD9dSuF)X(}m48`O*0|&3h3zd5Nj&;IT9v#g_2{r=D*0;)
zg9I;YIBJ(CuWBxTCofKMsBGg?__}6MBw^9D^4Y5dO>e345lPxE2X|0NTFQ@8JIda<
zO?66hyw-H}fqW5PC?kC7Rl9G^e)C<U;x9;ihiK?G%xmW>JQLTa`TWWB@W5aUec9@|
z#D~r;_Eih9caNms+BzDiVTv*tJf9j1A^(u>7&86J_el7ZP<fNuhThwUD;mRQ93H9R
zcEl=H#rn>{<~iO#|4()zn9sk;TR^+tC#1s|v32>>GqKB0n7$mDTw3CaYKvP$Wu9SB
z9_&PJ;FIa=$LHU@f6$}#nMqyG6>2Qn+kE*yq;|~a%0CK6?&KaT9>hZ!i_-sh6#Ac$
z`M>!6cQom@lK%$gJ^z0{@IR^k{@c@kD{KE3mh-n)0&V4vW{@X0A3b|o{?`Kguf&p}
zSNN|xFJqtfkK4JPH&l7CoKh?r;Q8%x@6)uaqJ;ITHZ1oy&SE!cp&tn<4Gg{^S4N%=
z_2WNZ{H2>PvV6s%Sy*FXnC3zt@9%CJColebe?x8ibEeFiI;N*r=w{JV1>LCoLeidc
z5iFN=kY0^qBVy;5fghu{|6n-e#P<9Aj6}+&pBC;9jW;k`5&sH*CYe<9cq?^lz>b*1
zo0c#K=pWJBqGmL&>HX}Qdd3*s^UvQAp8I7@<h89$4Dh{0QLiwhAvT$zJCO~%2IyNI
za=3}3^|=BV?WfX%WpyD&%DB@z_b1ayFN1Ng1H7F5>pz2pX;1!ycv*JtH3`A63kv$L
zPw_v&W&g<>09t<gn05bG!jIV{WrktS--74Ozh0ywGm>C+&<~rj9UEOK5fO;7oBw6Z
z(#^%vwDJgNATD#YhTv*_5vS}44LVQm)Y9LRzHL$4r#7xO40uE2;~sV2pTLZe4bBVm
z;%{ck5%;X0^~BZ6ZDi_Mc?MrQyl!v7I+&Ya&#G3SPqpJ)#|<|!EDMEht?N5#LVpM3
zi%DS^WnQMA!vn0Cg`ju$dG_MncyT8IDGofs{8Of{zVt>7WyCMF2Orfuwg0}w_VmQj
zX%BFFx=?PMuZ6CNc9#NlUgW5R7w_b%3!3x*yjH-P7pyOPMYaFQL|IK?jKV9%RJyD2
zBv|&@FUMt(KbaUZus@kFhc~+pX4h_HGCs2a`sQHklI{E8e|?kxtF!5On|g2wbG>qb
zR^-EdrL%6;3OL^dCv!OJ8&!_?lN=-s1eU|Ho6aRTAjosUp8n!-R>jzyP5I0%p`;&I
zwbL49sWu~%Pi*??c-DJ+PdE=7J?+Zhdp%V7lj*93|CR#$r7ZT#PXes`ZhFK##K9&~
zWUR^{ZG+<od&^xIs@tR&B`zc+V}A0S>C}yt))2BE>~lo*Cx$z2s^u~0#J?voVkGNN
zCbB2XWeb(q)*;1pac|1b-t_=c%%;$&)s)zgyBv<~-RoYb8+a^xLt%$he-tqvfI40K
z{HB$8jr*loyjsb7*=dA&z<DcfkLB_BZji`0=YsNeF&7#UX8@%6;R4hTd;}#ubw)mG
zM*JX=w%fhkB`Y}-a20LhK|AL7cw7KxXux$Qm=xOwg96n;2Q%NR3Y<oEfn2{m*QC`>
zU`6wC>I$vNQF=j`7Gr7$M-dp7s13;hf!8-vSM1n|?$_Go-@a~V=V*5{=}{UTu*{P=
zTxm9{c;h%+MlOjr&ASUaZmLTU{5{4|=;rl_Q#?r(V{DK6Z2G2OFunO=4i+!zKEU>1
zuSXnk6w(^`Bbf!_XE3z!X*ifga};xsoVRE`mUMr$s^t_0@#S{o8G@xzyq8?wo6)vT
zktk+)fg?Fr!42n!s*fRzB3oE|v&*M@rM$u3h1QCs`Je4iX_Bs^x^8dB$5k%m$c+PG
z2r?Q{>+1*rV3OS?A=)-%=^~eH_!=T!SUuiyLC#>hX3xmTO5%NrN+W~R3svtPd1WD>
z2i>yBC3iF?T29~v5C+~^=n*VQe;|ip-BZ?lnX%DaO?6R7pIn@J8!__WtEa=x@2`Si
z_f^;^W(9TO7b<y8>qUsAJ1D2t_P3+tU&(zhceVWO)69(*@jJghwyuyvqqwD98oh>t
zBs63xQjid?CPhI6Gmt7y_mS#V1)MIQ$ZT0fHT9|Wf^F__mvn8@QvD_6+Hm}-(8S1O
z`nN{hl_Yk)IXfazw3nfT3tG%D>&f%!Gz;P79J8FsRE_SfNi8aa1-+c|TfWRgf(gOp
zvekYcsbw%oPF_{NSNU+GB)z%?tRBQxeJSNuN1mx}DK@^_e`QrylK%_c6(~WJI+wI1
z9lEzpp7}ljo?Iho;ftz@?X6V~$1wHM4XgUMgCA>7KaNQYpT*&{v&=g-Q$23}V-o)#
zkp2HP+Zjr-e?Q<ea?fI~;F5&AOB~<LEdRSw;O~1IgZ}uxxc&x({<liTX|5!cvA5*Y
zFer$hsy|-iC6yY7o3VOIhVtOx<1;Y1d|+eI5DqMbygsI)hO6PK6Gw7(rumUT-k_V^
zT3%u`R!W|_iF2Hvm-N7zgdDpCSE<-;#V_pc<+gQh^IS>Lm<1Cgxr&k>7ME<Fo}`Cy
z7kWH{Y#(+tdcM5j#U@J7sV*DB*2@;l0tZZH-*?pTgu8l}_Upv4vA(lD&>#z#;$VGZ
z=oCI{8*9$GWP08R1Y%El&P+BVe7o!x?#yz}!j--Lc1WvjY{0{&6vd!Awi~gB=E*q7
zHw`ILZ=YH);NUFa9K*n}%xvza#I?5us>v~VUbo~rRd$Ww1=QMVH6M;czv4_c6n2h#
zx;d{uj?cQ}Mo{GS4zC=uNnz*^y*0IqbyB}(eo6nQm(&Pu(rNrkA<~0D;K61tPm4ZR
zq1#p{o1_NhA@5*S1)YVWJG#eK&DMA=Nl;v)v89u06ZsAmNBCL1sh^w+8-r;^myA_>
zbY>ZejbUr*avIWh2u>`|8?T|vH|5`Ay){QDTCf?YBPy+M;svKMgje^y-iR32cU>bs
zw_M>DFSSZ6UgU@WJ`h4eMR3|&>eDz)L$BlJxN0S=6H?frWpTiU`Ed@JoBWdvGa0-G
zBop5D2}K5cO?{T_-;NbH^7xBmw4r@k^t2___f<9}Mhh7|y`XTps@SvI+#563B{XN)
z<Rjn;fSE7D5N?P#@kv!6#QLO@JZ94M)b%S5swk;m-^NaD#Qch1nbKrqr<SK$r0EJ0
zHdc_TRSFfE-pFHr8ULHrouUiTYY|QtCj`vNU)};`EEQ69IaA}kk6q9HGMVFZ6~p$|
zC=(^AqF@-N<l(>K_J4o)`p@wGpAMeUl|@YFh*2x|mO!@%k|MxxD|aqx(m04W)*Db|
z!@_zsVr$x~9Ug^XU%8SisNT(>4kn-W4i@664fqV-_jOxa%g%N|C)*K{Z&)J@J3i!C
z;q)jPVzZ6Jz}tKn=91m86pmr*mM-xm+5JMAnXhE`mXZ$uE^=MS-Cr%WTQ0xwQtu34
z)1x1In6M?>Y&?Z9p%2VaD3@*M>Uz_ntnY(5oycuC7HJhk$Z4b3Lj<^1iII;G2t09C
z^32%0h2;HMVQ0mc(^j=OI<1WKfnQrMqG8jiywj+ip(QJRD#if$tyx5UojhH@xwq$L
z>?t<(9>p#|v3!z&9$3aFgpn!i27qM}d(T&$tM*NVho?J^Xk33K>tQSsc)!=bGjRop
zh{_k8-b~EPzhJ)XF%*pDrL4)VHCq(qbXG`%wL<P+mWa|`AIEpv`bDah<@Us*Jo#U5
z-r>@?B}aHt&K{I`Br3sl`$vtuevjlP{!PQfQb*lHa~TNWW6~UnA?T;2Q>+KuhNWUW
zU3ND>;5=1!&M1A&Fvr+B3LDR>drDiFSnBWc#i9#gISYBo46BXi=ljp`onuABjjPF%
zUk0RCGv5>keS1WU{h-K7Wf3#HYt7;Y#!>U4M!e<n`V)jSI#$&ml4*4ZWfViAo2ucA
znHhvq{}S<VB1e14p>@Z35*KM8Y7#RE{{oZq#98YTerx#6Akq0S$?WAL95EwKNbm#h
zI7`gdWJ5Fa<3j?$;{y~nX+@%*Z>Ig~9VOGCB3VT|VQ-eFF9a`(R<u-Fs2mBquL$TD
zO5Ol@{+0@*8sDmKEto)<(Hw&=%9CH0b&K5<W?khBVJVPZx59Fzhevn&0Q6rE365JD
zgn};RYQg)9Kbmg}Ok{wdY=AzeZj6sdP1#=P*p*-E;w1%zB3|wIbDxP_->U2UHCz>W
zlaq(aF^NtcDE#!kMbX)7XNK(Hc(WC?yaiwB)#`U1f|}*tMY3iOZq7R8WwSP+yz<>}
za{~~hkPliI<tA-eaw+BkaA|#hpLLEozWu_%p6p~{kc^IYZWW|`^AqCg*9xICA;!zN
z@oJIkL`x>k9beOW3G*m}lFsPr2DxI>Z~R@05UgOx>kZl_?^8xzimh|CX6f)1nbvy!
zO4FEXLtCTVzkMiWLJlW_J!8eQBj?|t5s~cEdlNpU$%GLTC&QcbjhEwlrU~^=_vY+f
zPRR_%Qq)JD^3lgVR*UDvVfLe4d)TG&TX-l`&&TnyS|!W45pL??0L-<%&htq$80vld
z#I{O>J<cBbEODk}$=^eirOn}b+S+aCg9NdZWSVhr8q#eBc27zgl$RGb^5!M^ZwW^G
zz>0II?<-T=j!lOrdz5MsqpbKl4|foe4|f7A0|4@GhHBxD`i8(BEnHzu`cM5L#y;)a
zfFzm=SF)<BhFUI|cDdOq-Ynnk?KYjuEr&Q47(hZU_4^vqpEvx^{Hot=K4;c)`|uZT
zS(v@e>jLxX&?j!ssCrs<1-0kPaJsrZ_~T$xD(QV6-&KJl;<i79vkH>w^utSP>tZaT
zlYHF<_SB8goo0>7fi02_p40^Yu*L;@5G2MMQx}$=?ml?wR(9+TAljb4TF^1*t>Q3H
z4>kRUO7noYL?J~-UQ5|9pUYjZ#(FASwiY_+-=A8stL!NJ;C(&H|8XIE50#wYDGh(1
z!EF6Y_{u9QUQBE+&5^l)F!0SfykwWyQGs?$9Qrx}5;Ud5JFgmkECb|Akw~%2_;{im
zOp$*L4~8MMwVgwwIwZVGWGCbsHS_}a%H%uEh;5!Sgi2oxJ9c%>0FYG70&l)X>oUu(
z5yjssFVG>0@HBiYe%n(~YI`zyY-j+k3*Hrj0y4X1s}t09$EG>-=jchJ(X+M1Wd=E=
zj&=1d^PVdDH8_wopzu24J`OzFm`P_No(q5B*B=}g2D^_sOpNI@I$P~CmR!!o9KW(i
zN-oGq+{aXeu{C|o!x1)|A&=<xk-_<wK0GOp=N>D2Z-6R&)rd%m%SU(!DC-Ehet*(l
zI0Ta-8=ck=We5o|w9if%R`&;Fi)0)uV}DY;3!NO~dtqUHY{_$aLy=S){!nI%{2FF~
z=-4P^;1thTxBO&$4mj1Qw5a2DzPXND@ar1yWv?pFrpYX!C0C#vAzN(0`O)gy>5h}j
z$s26NN~KmQ%uO*)D(+;F2i<evTfe)c{y5g$WM&bHIL5ydQjZzAJsJOEDJ80*v)EtY
zqLTl@wJI(%cZ0>1QY~5PD<$DVL`0mck<iTfniIhd#gIUxU#)mo`4%apQ*3NNU@RVr
z?k<g_`)neE#H{tY6CC9Zkv!Z>S_~6Vb<o?6t=Lyrs8%(;+@)bdrv6pitQ>l1IIKa1
zP^@Pm&;#WWSghW^DKOoyD~LMuh30cn63iUUy3R>1G1vM}jt)iv7cxcU(n5aTB)rqx
z6Ow99-Ca85i(9Cb<>U7!^?I61V6~e!9n2^_a7i51TYt!9E(sSiv_qb=i;B0)T8X{*
z$F;WtaC_#Kp_OR$-kt_Ym7Lfla#GQlUDnH&^4>z;I^9QX#JJ=0c7=Y;Nmk~Q_FKE?
zvlz<-T6bod4tt2}nMR#k-k%w68u&&J2vm9j1_DV7$%hWVjnKNIpgsMy(hZF4DGf3<
zti)421xfO{iXn)FBo0wQ4Pe(hCr_ovPcaP*D}v{Uqb8bmH)I324CrDKih0%_A7<hr
zM&R>b-z2{l_(OdpX{|iQp``Tw<Ar)$YiVaxnHnL`{Y&fZpEX7j*!3E+2UWK#^sQa%
zd)aS=nZlLHrFR~CK2cg8(5?KTD(8luS7P`<&>BmlIVkKC_*M12Yb^JM(wpe_OZ`m@
zeV^1RR;{E!fyCX<R@^r7Duy@%K%LkH;Qj)BdQWf-`TYfXCGB!ty0t@+wuzv*!{r59
z#@7~{;{DlJ%&|d@pwPp(Pmmm`J)@@Sm|MA_kcUkPW^fBt$r80D15L@YTOIaGx#XOC
zVhiN?wCpe*A}&f=lolO(#P+<y#*Zc>(YcjN+y3@wNg0+cWf5m_E7_h?mwh3C6w}>J
zhvApm3C?f#!9sLTucbRG%{kQhC6yAQLeN>E5#y7}BGLLEJbq;FSz&lqL6FY7f_yBN
z2kW7AAv4D}63*Xm{Avtbs4RcPdH=yv$0)M@WhHdI;)kyvq<Hdr6W!!V`UxY!@$a7#
z-8`dYGneBG(}x#4=Re(NNWaiAvd0!e(!%ZGK(*oOO-4#)OPOt@U$S!?KDfhoDp3D>
z&OF|4xsk1u1JqIod8)b&q}*Q(!8zvwfHwQHVY;j8v>SX6WB~qfA+4U8mLlut6<{^_
z1I=&3sy>`AA87DHDHnadw*JX<qg{5)7G~90sn8Up-J#+wX-x__S`9)s<trRJH!A5N
zxT<f}H+-~c;w-0rls;mbm>NKeneDKkNKv5A=l}~o@v6{nR776+Yf(~co0yd_Sj;#-
z_$n9-C2qJ)Q!bt2nOayF_Jx+(xL)--(&g!1t83V0oTFb_L_DJ5s2yy@4Eo5M-b7~?
z!@BSHud#C6OGqyHX6juj<xb38aTkIi`S}GW=XAN0hJ~HAVS(`{ClH7ZiCCdxbXusg
zJ*)3c##;*Z;1UEkUz&(`SA|dlbPwfhxXq%lScVEE_T0{I!Df|*>Ve7iugxCaUZ87i
z%~!pa`~Li>Xy1TxbMQ+;&WUMR|D3>5{V?=%Z`ymF-nokPN%+eM1g&6@3OP>Q{Q1OA
z%)_ZIOX>*S!1CkFp541Yb|f2><kFXTJ-Kd|w#e135cO+!Zx^3=<s|Jze^Hk74oz7T
z=9x85+$`IcDyhJl`!z^8#v6KSE9;8)^itaeC8Pl@3ine&*iB+!l*K>xrn^-IPoI6c
z$l~09R<NYmu~}=n!P4exevIWEx=6di7)xyO5^fg#OE%;Guaz>b?&_(QlKdVd0cvV-
z-D!Ty)l0`;T5iP_4fRg~wiBh8HF~7>CiaCu*W{M%_({+@R0lTaW3YLRQ$|@XsWA@k
zs`VM+`6MqdKN*J<jd{t;=RG3?B%zAhy{Q%vbm@jc^6;gmLQG~*7dsuD@^ZL>;ReXY
zcB`I9OtCL=Z2AD&B1=-LQ5~Vmg0eJji(7lg8Sbvqz)tGV^@exrd_pj~`&fCLHdOw6
zZQs6rRP-1rCb6z5sAla=H^juns9M~Z*zK3G74MwC!I<;Y>5tzUN+xBb6g+v|^wf<D
zlG&@m2l2EoP|qtcFGe>MLcNqCnSGcIrC{FDq@k}xeW+a73UJ8*SC0FNs5fsh56f#>
z>Y{+o+~muMQl}tQ+7_YHy3Y+UB}dl(J`<eT4c0i9{-{x+2^nK2k1+42qb{4bnt1WT
z=CqW*lMOjmrt_r=23`X44pb?QKi^xNtCum{EN%=A8t!Q{Xg0_u6qio+>HZi(p<cyC
zM!kX(*@(QC2w`tKdw@iNTIBte5cF*?ws1jP{2=R@+J-M5Iv=MiCfz*d*b2mdmH7DZ
zfIogIoK0b~j!!>Sw$0%|vaZ0HJUxAiBnN*P>VVy;k=7oP^Ca_>O0M;YJHXQok+eZ@
z4wL6ah8s_EWrTX*6pp<_Vs~FhW_N4`ZmRwMNpkWLRt$Q=%TZ&Rm)xE!G%VYv)8J_3
zV+%?+wcMA{NZV>wrr8%&hgLkFOO0xF-%4Tb%CIIu^U`3Lkvv?Y?jIc+wJs)qtV!0h
zc782wA@AStA$wSg0=nXlx12gzBKRI)rW_P$q-4A<#@VKUc&_8B=8unUQaf84W*wiE
zz0Yz<-^&0eMB2SH78bO#muew56b*z4j^zstA_z$A_T=F4byB0hyYn2>z*I+B+IC@?
zgJYrMXLS_2jla>&w8wo=Kv9gpXumIl@?oCyV6ns8A7TAAF(}w~wydNo?5snQjjL0B
z_6QkMq!meRn@(pS2Oh{9-Y<(sTISL?>PAEQ4C<|8p43SX_oTKNui)BiUa15U<oU;z
zwnCiN^4UYq4V06N%K>~iKRA=Y^$Ha<>Oy3YJh#HRvdrGkVVd^|>~Y^kH`#5FkY!ku
zNPBE|FNG&~My(5^FKC!aSN2)gCQ}Pd(;ACXU4ghGeR%%O1ngBG-_W-=EbQOtjz&%8
z7g}}dL_o9RzzLwbw#=8VCeg^p!?%_II{52)PH3@qg}TE>jgk~-B5h$LXk^-m<CRgO
zr43E2LwIm}-PlCX#*txtlsnh%1kg@Nj}N|8GmV`MTe7F1EY;5$O9SH)$olZt^w@gA
z)*=0?AwZG=y4XYMm9_o=ei9PQpoZS?j%gUWbZ#FtF$y<<zZ^v+BWnr6COHZ)fUH=Z
z5)}6mSVs0sX%vI1Gt_E>TN09==DFU`sxR#^Od><4c<VagkMm(BmDcs#uuLEL<)2wO
zc2w_+Amfd9da<#)Wmz}JVgscfF{fnC2!coapcJarE6W9#ZWdmu&<R)%5#jfrj~#Yh
zcop9ty;=%Gyw3Yr3x@dZeOMJ^U-hu@nfS(EAMCFbrz0y_plMP&n+qj4E9LXCv((73
z8~O6p=;5?+vkp?tnM=aN4E~162#{H$v+jD_=<r4Fv#6T*cG0pYm47nfbDjHGpD?>Z
zT){vZL&(8ym=(XsoAjtO!6AU?f8wluRWN0tc0s$`Bv9NH|G0$bOTTcMmUE%`{A(jg
zk{tOhZtnR5CTQ6P`gWX&n|5Ph|NM6G`XlI5?RJ=(encE4%|Q+oh?+uWNi*!BovJ0;
zt#C26DaB7;h{!lmB@vEcldkK1GsdMtVu=QwpPw6N5R&AktPreFZ1K4{&ZMHK4)2>+
zt2oL*S&5mti9-uk3io6uus8KQoA&s*7q#IfIQ)~$mpG@f83nT7^vEkGZIm`j^v!?3
zPXBj^QxS`Kn*OGKsI$M0Cr!Hzn;IWzVkRH~7ZifChz)D;v3X=&!nsIy&)G(Xv!*ya
z>6H*a4D{iiB%8$G=N8CDm820jYdSKa*g$e57i{8;XIRlCtdfDjj=szj3S1roACv4A
z^v508K<)lG^Fk~1V)w(|*bzd@u$x@IEk)>7FQg>>34583lp0Oc+5v<DFZOm=^&qC<
z2DfLQAH6nesLvKdJ16lJQRuB7)?#v%IMw{0)XHweGxvz~iA}%!u*{anPN?LHoDP|>
zN0tYtxfw3xvu!|7%CXCt(o-t}{`5&B<B5tfjvB9TEp=2R%n4>yJip2DwcJ&Bycq>E
zr%H8F94iLht`w0;Ua7i`+TF5T1|Lu3-qB3w1e>Ysgb(ET*rr**zyUeYF+He{z*Tik
zhbOz<%7I3Y9(bCU6#68iNI$obiK&0!oIRU?vIYXD%ay4z#4xPbe(;-DsN>PE)SRdU
zP+zX>7t3yP^oq1|5F9kC7&p#wb7nJCMl>W&tzqqJGTlRK_rS_d`RmYp19Gf>lUK{5
zCn>}&$cYl>7MvCh(wHXXf_FF6+2joihR?jp8W@<FZqEQVgtOO2EKt#pM5xp9?EDHN
z3{!0R@{5Qk*)V7k89c+}TD!A_znx`~w6N*<75PCL4dwu5(qzY6<ubeN7vyr~in{wF
zebf`YI~oRAR9h$##XriUMkXkaBZOv+;<z{x>&o(kRgD;ZW!wx`Kt_3PR;6L?i%~uP
zhou}8N?F<qC!A$o=n|km7NdIue;+H~W+W!|m?}H{ZR4UZG>>9VRcl|jE_>mmK%914
z4`7qAAIK4hDaMHTAVrLUgtT_IhiOas5;YiN@ZcSm;Bz0&v*lOzl!KKz6zQs%!5o-;
ze`u$gg7VLhYlyyr{+;L<J(z)QBhQ*v7TSt;rNUNil&T$6R-sxFBR0{`&Iy6I1m!c_
zJ*xK*oG_scMp;Skak*Cwd9)?#w^~YPd5+x9p3AjjDELnMOMOBz3P_azN{(&Ez4=*(
zYzxwzgw7|HuZSmyN!$QGW1_9Dthw60EeSy0$E@X&`{V2C2vp<j{)_%NyB`NY@wrD;
zmlne!Tr;$xRpP~kZE=o}Ps(Dc`zC2xRo2k_Iuc^@YBUsV6#t+A1QxQwCZJ}xhbKQz
zv45f8j)|&TbE;?k^-<!HxER@^<+a=)VyJu4WyA$Q>O14U5Zd*QZKUDAAWfb_R`vL)
z>BNP)N}U=ZY#%1+mV~#!=}(X6yueh}$5u~@cS3`md}GPN=cBBb%;m`(*(N$Z9tCgY
zQXUBN2{8_?EYKxaC~rfdzW^OT$Q8WZVK}75+r^O)4vlhOx6O@LeTe>S=xI8tH2eCU
z075|I^UPap%`|B4_0?i#!9}~}RvDb*kLsB4nYZU!;h;&m2mP+wK`G3g1j@js$~Ufj
zaY5@5Wd5C7m(CfK?@aisT~y1u)=+|Xmo=7HErgfH3BnMwn8GN-9=OyS{Hh4Q=KiFb
zB1mYrf4o<Lo6jgsp)H}U5xHJBPByEaMtc+uYz5sBBhSp$6$^Wme^jRk$q_}{q)2~^
zkyb!NJ9KQpr12`sRG~0m17e(slz2>m(fqgK2l0i6+G`c!M)F(VW?esnaSz5(W6_OU
zhxo-SbDuv&(;ii0i8VB;D+HA*#7J731r{gVtj20PB4Z7cB8C<eSqpg~+QmuUxn-r<
zt&xUm;gnnLd<B(f=YNpk6&`~daU(Cy&hw?86sTG_i4J+eU$<@W!W|Y0sJhi5w!P;R
z%(EO#Y5=HVHq=g@MwIr)btisM5HldVAGoQ;3Y~-Kw$)&gHZZY5u6v4?#cF#eRDJ3x
z7z`-gY-Ci<BO8ujk6;;gZ53XPz-uC$`j9-HjwmMH0`-Dxo|2|OIO~Vn&YXAW>Wz@_
z#De+ewlug&MbT&7Kj?D#ZN`8Byb;H(Zp!c)V*7ei$D<E8v&oC`&8XDv1>FG6bb97@
zxw<AC2r7aqih04V-fv(1oW<IZG*<&_@2(JPbnA6?R%hSx3$)z|jiM-%w@eM!2>FIs
zd<+bcR16gqoWGOzL_eA=!K$9?o**0Wd**0w=bBo!-j9*F{QRL%WG;$F%o#$+SM?xZ
zJ@5YJd-1N^rwVnCr<jz{Un9~C6fXvEMcz_t9Q&M#f1KxQZR?*WNrj-`($GnW^X*ii
zf&Y1ga{YBRZJk#S3a{x~_6mhb)kPifB5<?s90aB3KK>0OWz-T~W?QA3LvLywm1;5=
zJh@>%o7Q(;T;3@E{jXBX3d7vg5HmJiXtAvypVQN{?lWi{rAILAf}dwswQ-Vz=uj!w
zrCKzn8@A^{dmXlqY<2p*<9KLbeP6{~H<CvOs^fvSS8tT_FjU*hiDxVshK7l7!U3W<
zLl0e={RD$6jjW@=*XB%|CpoGL4eb$@_M~M*asjSFxK^0&0sAZ^G*ZZDH;`$R>l1_x
zE$%&re<adbmU0C<=kv9?b&47J!=iB(-TZtN;)tPl4N4h|(vxc<)+L>XdNCUY3%&ZG
z(aTb4M&hb03i`ZJU03uhfJC4OJv2cT?^+PBN0cu$S89pz_&9vKq)$f7Qa9@6s-xsF
z?---wiULvYP#8&SF|t~d3HrtN%2r(1A`2QkwdRtfHWl`vvvdGWR5EHE6is_P;4&Te
z5hQ&QG0CkTR81nXEvU8q0WVj2H6x)J<70fI6QbL|d?wVguU`09e3t&>vX`WK4nBOM
z&4TG_1l^dUu|m#IwI)5(*(L}OC%T(?v|;?yjE9Tc1hW$69*(LQuv|LO&~apIN|_D2
zxB_z=Q`+%+GXu!KM9j7c_7(a`3!7tNedDy|#@T!+2Ep}mYHVahSj&vLpN~%hI-2Ca
zR@#=_AP(E}ACGO=zL$m~Y-IEaF$-~zsO77a^Y}jvm+lgSsK%T2cZ(Z<IBd3$^VM>k
z>g4F!Fe_3ppVLVpmyh7uC-+K{Sz#mdT%(<?pn8d;phIp~2~l#Or%yXcbi&oua49JO
zJo_{7R(JN;x-@lpMWzT;@J+L&eh<e!6@5@{(jXRgVX!R?0);Y+$)Ri>&Y`r&Sl8gK
zCeOHHvmj>~ylq!yQzYo@D%WSZ(uQpoa+=3y4N?D2^YWyo7zg7`8O*B6Xei0#tMuLB
zrYO7*e3E6vqJ?%5d7pc8)08rT1EI-ys!bB3ZECA*!=#DnG{J#fk#IX3>WT6Rt+A3j
zRQxihcLIZEGOYMC7N>og{1E}KmJSWP^AN5edU{i>Ko9cued}C%fqT3T{9>Tw`QJBL
z_>Srua%JGYvM<Q^488aABKq!f-@xVu>EAeDsD9VXEzv3z6kX$&1)3utXPnV#?{@$j
z9|9ZqdB&~n^IMOi(BvU^>oF7*rbhuYnBUB*8RmaznV4L+DrreVgv6Hhkd4QmOgC(9
zRbKu8nmwMgU}@euCHzUYrR0-gz2nYA{N0h3WM}2r(Q>W?agcaoGTnPb1v=*fsL)JC
z1&dImA_mKNpW#qE_@8^%V|x;iv996m*1DGV23^YAzvt#icm^1OTyg8~a;d_>tR1&p
zyqUf0*>O2SFwDM?(9iB5rq#0-%H<Vu;ojF$xs41GmU|w~%-(rqzNRB?bM5$A`1Ol|
zCM$}1Bdx&pD6tLa^2mo(Hm$6o7}F*HM3IkC-aMcQXJ1$J4!P3D4Q84nMRSyjJ>t1k
z9v&j$!st$tLlFl2)ty9I#7|{v$Q5DwfFXduGE97eI^zWR19G(O$=B?e(FJKxAWJr|
z8pt4c{&g{A+4QTU(S)`!exq~sDan&7@~eq+-7i;cqF8NoZ$Sby4OFuUPo&C5asX>N
z8`?RtE8TLB#0wHK<|clr2LXrj-+X*Cb#SqCuYHNORccl6HUSr;RBOEtg6@F@^)__k
zVlPA=n2+IkqAqYqV1>140EJ;aXt6sYp&G!biZHqz-g#&k>3U8*!>?eWJ$dMc{ZbN@
zRiOsRXjZU`Wn2tZ)pf@%)aS2?Q-$%c!O|AIP)`k)P9^M(l)O(-3-@Gnq%+ANPmT`x
zDkjpn5yF@qo;ED1-Gg!Nnb5eeTjG`9^4GlhA5jTCCl%pm8`cg)1cd;S)DRX`_Bc`X
zBeoQ0rt@Y~Vw0oihz_J@1<IVTazzs!{;k@IfQC^JrxX4Pj|o+VYh1t>H>Qos@^f|$
zW_f0~T=OTB$FfUZ3AeeQfvm<{D68XLJEQn1K4~#R2kA)Ess&*SGGaOMMI?-=CNil+
z#h6VxH{E;b!o{71s>cztF4#R#nJWIH?4$4vF?Mq!6>Y<o)jS(!ehREV44{QiohO>k
z-2U{9Zol9E%Vxzy!@7+tL0Oj5c%f#B{|9@fn^ELdpNVFCKE?5R4bzR+!Ppx;ckVL8
zdH>FE{~JmDp8|@1F#!J3^8L%~GP>yB$(^Un{{FCbY2NpjopC2O=4WZC|HWVb_jfU|
zSCB$C%6}z--@P?|$>5Uyi`&VBkaiWT5g#x9zLH~g7u(elCq`%*>JtY7`WU1&5CV~N
z2h$zfocK{^s1N+YNLAoPVZ*dFO&5t(;N$X8=uJV+f9PT-V5MB;ZVu&6cMoMGRI@s}
z;&R!#fOdQyP4f`CK4>LVFz6dU98I>nXxQY2AZTkxj5#~oMr6mYo}u+j)O_y1bL}i(
zx+JY^BI#TH<#`P$d?NE?2K}<mBTfQcX-$@A1B~$Ox(X+iyttOVTp?*%PE{_dFwpji
zC7#1Wn+$MDxIRYRm+t!)kDxagU%=}T-OU-dyr&So(ky5D0TW%o-itgVITnR}gYUS^
zuwFD|W5@I|Qi6;}#XJj#$8Mfr9at25&E$xJ>}QG<C=a5HUQ2<ACoPLBi=Lbz={M|8
z_kulg?|ZjQF$|wLB~Ax&)?~QboNSkAqrEeuT@}n0R^=NH0}&83879@p<AFP6!P`4?
zdl)I=VOKre>ui#|?Ko*EwUWAOO2zK|0H`@945`d={;;MXo+Ni7FRi2Y(C!Y_5Fm%i
zHBT*6&7^ix9s&6$)Ad+aSs#PD!IqwzerChU@gIwdlj$+F)&K>sx60B=1_Vc-=<%7t
z7tQTaH6W0@C<eUcck~<S$fv-b^K#2*u^oB7zN}cUM)+7T72-Ob_arPbX5;7HtY=$i
zf}z~@wak+W`4{u`U?+~^FnwO~HUA;+5QaY`vycVw5XR`m?7N|KyIjhwI3-D@T`s%C
z((B_?pS#mYS|yg0s(>N-VtIIRg~|ZzM8leh--(`Gx}~CWKt_96QHuF!P38-~#-S_2
z^)-drfPTDUpB=vl0tMTLd3hpBF{VXwt47tDB+FLj1d}A(6aB3VWT69C0R52?pfPz?
z`s;&2-e40gRj$(an-hLyH*XVn$I+^3E7*f(MQa%JqI^gQX8&hrV}VNcvkU_tsn4t@
zVE2fqK>*n#xvdB+C@1D)-zn%jbPuaI2cTiM)@L7m^jfd6mO)Dw3yngz8jX)LVz|Ev
zy)r7Vlj-n?QY{t(@~XRl<+6Nk3z%P%=0IC0#1FIP5|K`~e1+SvcC=V%sBTk+cRgUJ
zo_IKda(*T{|E^#vP&`^%M(A``dcn)D&D?LzVh_L<HIT*RpPTox<Tp?{?|>l%N{3~m
z(L1YxVFkZFW|~@0g3^-C&_$pIbqqke{DPnmqd6%iX^ZD+*A0+cz2!Y89<JSmYjXad
zto2o>pCHI0t#kR?CeCp4b_fHsK_2d(N@^NDz6>Z0hhpvJxa&t-)S~&P#vV8*vNSw#
zu{IE$?@;v?q&v_@?w}r8N;Y4-==#K#W4QcFu$euuXUTM}8;M@{R5sikho-j~lb$_K
zMJ4+5OmlGOXQj_3do}^V7sxfxCpG1L<O6t62itc1$6hLAW8LH1GIK|9U0j#&-r+gN
z!tKid62Yk2hwLA$!E67v9`%i|G_9s(ff)|=tQ7=sw?o{(EFC0L(MCsTba!0iIh7n8
zYaXar1lRkKp-VA?_kJ2|;3g8<j8>8-iVlOH>o8hAT~4S$lyP_*C|dS}SWztiRCDT1
zCNNOs@{rK?hGCHIcNc#)EA<bS(9TazW+*SAx84koUajJXQQbN<{LqFYNWK^nX9|Iu
z(=VwnE(Im5>^^lW*z6wX0h|4}LcGM~o+MtrP=^mWNb63de<C&TrQZ)dmcpD>z@Pe1
zU1}AWy1@sva8#RCMtmKwqxJKS_l1lRu%)<eLV15vbLO{chtxsa>(Q&<yM|)bDL}ck
zz+{pVy<s@Nww(B5BRr+asAzvf>v#G-L1obP!Q!~|u-*7X(?V43z;O^eZr%_?yCl*q
zz+orrJNLR+mAyrWDEd}TBotXpxfYTZv*a!^z~7DkX5@xg?1o2a4LK(F=sS31qT=d-
zqE^Mi5qnw@Z)Ro7R5{ul8qc$Jx-C1l<RIhjV(84)7_yM@&6rROCgzzj8(YAw)GLk3
znHDeRNtHEHX};H@rw=2_7KN!hpn14a@{@?Sak<`w=K4~oJUo2%CHL#X(4ofIW?NV5
z`5=h^Ghe&__3H4Tv~GOSS`!Q?H#Z40rI(k!vbm3!_aGeGH$VSthxy+VEB{Y8?{X{G
zfgd(UvmbxyC+Lqg8umz*JN0YbPXBQXxk6->#DzbR@}W2Wfby(q>n!rY9(V5!t=J{F
zY5=-_>5<Dko%P{pA0V6Jyh`QoR45dOt-%c8g?3CRxg6cXd<P3@1+1!seMmStp!NPo
zq=APb0xi}#C49xzN=#3E$dE632~{z*Cto(nRqqVj9b<~7TZ>0{%#ZT#C+<-AH!-P;
z;^5z94DxPf+-n#t?u)WZc)Z<Lr_i(!6>SY<j|&)BE9`E}QbDEQuk{%K*;&5x)N1w;
zUcqQDDTn}LVq81~_hn0b-dvb-kBilQ0<0WkWza7soWNpOVx>IakS~OiAdSH8v70sN
zVH~Sj44SCLAS<70%Yky2D{eYLeTmdo=YCB5BWX$hnk3OUK&{8%A4Lq10PA^ehCojb
zsF-6|lY+i!I>0xr2}Du*jyHsYp)K{RP)6OfZqJ;a;&>{mW;oVumfMlF%4d1%k1Zl8
z{QAPIxT1AP*1Zy=n0d*@JPIt?m67M!1hc#`+z!?sYDRb${qzvsgQppI_}uI#`*0c!
zs$P86>EblMl*I;>!nS@A_*Q+%*E%i(r7V3><Z^b2Pl{N()2uRY&!BOJRwgj$O)Ne3
zyPqH|rUpZBH(#(}cjjZMNO*YF2MwGu`xF`o5=fGZ|7?G&>-y`*Hj`(Tfy_#uBRR1m
zJ}~kU&iJvQYx=mnQ@K`SSmVSfp|qd`ofEPMAbgYI+UKqnF(>d2grlivwvR-Qof7xn
zVOLJMO_w>hmXLH#`(Mc?Wz`~Ovf-gSDs%T!X$!$OF*r}Q8|)jIy5!#k$P0#_k+KpO
ziVW1HEpD(U32JD18E!>gw3kvzZ8aqPm@*N!V)XUI85WCK0ndH$D0e-_XKMz1V9ZOs
z(DCgKTHovQgz{Gde`#F0zw<%)PHCqfA%z7B@^+%+IU08yK8=f67W!$bXfJZp_xiIN
zZttg)cOX|*wWr2<AK4n~0!fJa?20q_Y+kMH;CkL_w0%}CTSk=pZ<mO*x3tn1x<-mG
z#2X4QY^+4KoJdjmrES_tO$1z=3pBeu*S+iedU?f`IPHSok6e>pPdR0l3Cb-KK9k=c
zkCAaUxkNGN%!|{#40$5quIyBBA?Fjoxfa|7HnsU2aEyK<h|e`IbJ_V0L8;aW_mgxl
z|Li8)W#m(xa3Q0V{H2+p&2MUN($Rt2pWsnJ9Sw7444OnZpsyo^!`H!(DhR-`J*`p|
z*<zk#&4y>ri33~iizAT*`kdDy7`HlVs5Wh7St;2PdK|ObWgB*;apO$y`ibyL7_|k?
z+wCKw%qHvJz%ImYZqQI*W5O(ULFQ6#Mi5k^9dfVA%C$nq-PqRn_6Dcf<r00KaDOl@
z)!QZtf;fJ_-%WLc=ELPkMp4*2Or$^?wCYG{KnP~LS<*;kBPGU0d|)@Ht-@x|UDP@M
z_F{uKd)5h_0G;Xpejc9nGHW#j0a@+7j8-ES86CH=L1U7ZOMHrrNew$K8nFiw1k^d_
zE(8O`5Ya);-KBlj^dE7D$C+7MFR+8U_yT4nOrZAiffwTo)J!}5jj*@IqAo&tNJ!&i
zG5TXpK9;k?s^TtBj&{j?@1snkh0rla=gh<#`5Sa_b!u?jR8ScvLw?OrNoTSHN3nLp
z$Z=iyW0if&;jTSfsz{#FA+?T;9crkQFU4rN=+8quc9yk_cef=t)J>}9Mb9<DpvezH
z&r^qI2hdKFLmJ|8V(Q5m1lw3c>3Rvtw%WIvqNdmlQSXwUSIN4dUH!M*DwBaE2VG&C
zr3%?}3$9`UFBwqOJLYmxk2z;INo?flu~dmRw7j<VX+{i$)gI?m&+{!^GtQWU&#y$a
zoG7R{0+WgZpz;bu?va*K8Z-9PEOkQMTAmJ+E?8CkF;Y0xP}Yt1sL}Uyn>%E7wN8XG
zyl_<4_}*VK_+(%VH}dt{Nf3350M|Iz^F6ZjNOSLy`yqYY$HyZw7M#)}H>r|BypNzZ
z^*)Y%;&H%x<F)_6)ujAyGeKmMQyY@y3Cb;~)etLH$3`T@#`s>i%dGv@s{hMmvWSS`
z@@3#ww`7{sLVU^j7h;Vt^hexdYRFKLCyuTFM-^WHN?@;ia^=qJAL%(eZ8eWZy#3ma
zn+_=CuTk1^s0ZdE`p7>Upn=giZ4@N4$5`NtV)g$Z^1RJxm^b(?#5UmYZsflC>%Ym~
z8D7aur^XufMm=(iTj;lj_Nx_=q7mbchRR`#JjhDDr2}vG+i*=31ZN?1g5a^$%PRAs
z8T!o)gDZ1;d_t1O^Nc!q{R@Vz*i~ly0VyN3@;9>INewxp7(LFr_vo2KKkHwIUBa~;
z-^6=nw(;^yUS-!rGVW~0NwpGEsMTz2SBpF>f8icpYuiB-7hl(!7zRz0dM|GQ#8rTz
zgg==AZH$XXT%}j0yJH+c((hI3v&I)d;{FnFz7Y@dScS7=+`L?+r8VDo{$f#BK@H^+
z#l*%2{No4^cP2PMeP2&t@-A(=C4Srz<W{aRl;!>gf-2w(S1@(?!+%yxy-~?#2F5wX
zBK#eY*Gm@UM%uCtUnCuv)mD$Q5F1Y|N*6aXOEs=%r`!;QM?EIInxDYo0obRQNcj`M
zFx7HNCko1#RE3i1CrR!8tt%}h@E%yYFXLc!+3zOp1y&@=TX5pM?PGYKzL#~~3g>Dl
z6m7*3z)}8AOjyTFvZ1d_-gCxLTFIN;Q0z=51SYjN1JR{;YB$LkPWkEpYA!ifz=Hsm
zpd9U*EO!+c!3c!j4C&i2B-_SfyQ9?m_|2x#hr!|Fu48P_SEEXWjwV{3;<m;fg{C^o
zN>2ab`HJ+SKfa=-eB#_Xx^DAnr|BIFo^7>2wvzo9s$hhc)XUCkke@tCJx4Kpw9LH(
zd2po-3Ng;!|E0ZWH9ysr+v6`Iy``bwo*}=Jjp@rj|0k1k%0(3Ra3mASwkQ2*F4a@<
z^<6wN*8G4!$oD~2sPJ}t8cyJWBEP&+zG&~rGwF^MDU5?p24Hw?%&csh^nB?~p!KNs
z;(_COS{2>zvzE>Wr}r&d@;9!>o<N*!pZjmIgBiu%+<l^S>5>Ka{{4c92X~381R23N
zo8rqiiF8NnOLVAGuDlqd`z#WB^}>1|l>ENR)&N`1BOhQ?Y>~7nG;)_fFt27srr`}h
z&>7)jKAt9Lx9J4m4Xqkw@}-XcD7^95m}>I4nf?pdE-AxQp~Wu+pfto)oeg=-=-=xG
zNbyRXSFs)TARTXCr)~VWpbrxkO__1v<Xa9XltxC$ZQs+-PAvnB)Z<;I`yiQi3(wJ^
zmJ=!&8hITl^4(^W5oTry);(zFSI!qVcv?bYrm^|0BJUi5JU7aM53#}A?RCGcUQRH+
zc0zuc{`6&b1T8SXxz?NRRI^)rVG^aY^0gsv>6)i(*8I?>ekU;oR!jxFyS~n#eon^{
z@Iat;Fprq<Uy`th;z+-f{8V)s50}BEDD%XDf*g2l6;|2%N?2X(e7W}c|I^-khc%V;
z`{Fn%3W^E}NL2`-8jw&$z@d|b8ae?K2!Q|r0Rd_1DAHR(2pt3xdT*f#N)Md`kgC#D
z5KxdVIKRxCx6C}}J#*jRz0Y~>ANQ<3vLVmT-fOMB_G;fx@t7e-?5?4HVqZ6Kluw5*
zTdsCn7{{-~o>y{-g<JA^Kk8<;wn><;aJ1Ns7F<Y_3`z#=V=rFpe`!AK48Ipg@H<j=
zyHt>gQ;8akWNz0YHmvvxfBw?&45s<iZt0zm-BG*;plTQ`pWWNNbptYeS*f(zJ(?$s
z8L@H;ehqHAI*4pVFQE;QsjRH-np%?%K9bqBCCV)Z8VQTT;;y;5=RR@-M-(P;ooTWP
zU;&AF0k=e7YHF<tUgyusyy5-b7Fd*?Hd)^8orxnj(Y?1N+pc6=-6ZqbLose&DMF|u
z{tveF-Hzt5uz*w(gN_I9PNF7DYi@bB<Q&E`6euuCplw3C6~+i7tC8p_*E^b#+M3Rl
zbFL5SbMuU`S(>glQ12bf9L?@K)aH+Ji`#CRHG0o~7Gi^lLU44qT?AGnsnFUiboH6s
z`to>1(++GE`;)1aM;Dg8i=$6giHgget)C@N?gD1K0oPaSjW%+iG(KoM>7CQMS|&yd
z@^jbRk`)1+3>v;*V|78tt3!T}8G0m_8Yq01HD$)NSY+AkR(s~eQS!Mi**>=v5^w0t
zWnL$3b!CXj92k(0=+!+!7@%e`Eoe1vfDArK;+vmK7f`w)qbzAymubL2NWoE+NTaUF
zCo83b$Gd~tkIIjuJ#F4**W!A_uqg&z%4q5`Sycm?3ZU@gp9;c0M-RU?$&7A%v8VcR
zcHouA!=)g_lpPyHiR|R03`^MZfW{+kWQ(pKf|&gc0-ZwyBi6tGrg-~?w-WLnx}zEv
zDZL_mvC(1Q<9N1MgtF|?;v?O0f>1w5u%?Fm-?!%e%v}4I0*!w^_4nf+-Eg`k3K4vE
zT~6>1DUW>D<=HPLa#>sFxwh*G;~(c$s@>=vB+%7e3=pZL+)XySr;&E%fpSG$>2l|t
z0=Jt3Et5_6R%5zvvBry=GOZan39Vj1;fs3d{=YxaDd&FvGxc0)=bZkx%+u6|H-&xG
z$0e`*GTIXgUz3gq(s|B~uYKl)s?gof0d5r@Yc;N&tb74HJpZ<ml2_R)=O(x{Hr)%W
zz0X(ValXMwH$I94<S&?;CFIv1vwEqe7UG@%AqVo$g3{rR|5R?KhvaC6FUQ-cjQ)GY
zBc}yF;L-)l0<(S;1My6}!IsoiSlJC~E?kdFXQBdu;(+~_i2la&Lbf+(idVi>ec}#^
z?JBMHZM<w>W!~XV@oiP+^%8@yO(d$bh^q|5(w#Xkx!T!S%5&WYY=upFkt#bRmD+7F
zk}X@@o~fV@#yvQywrfCba_N}5eZ1SzQT*A=dtDzu93g(%X-s6PhaMBJ)Kg$9i30h;
zH*iVbFfl<K(gVck3gIFNn8fEd`CjDpzx4c<#nHm7hr~wfE;mrONoTIHA_gdwg(MOw
z2oG(X%AO!UXeBJIHdOv?)*=LUpT8Kw4&%#F%0pB|kNlv}_e+UENnEL^Tq&7OX+1tM
z_w<l1V|+5nVry|A4H;hF-kq(yW&yeclBs7Q^|R(`hB44UWII@o)>y<NuajxDs5rsr
zD0TaF>}>e;in85y4MUx9hk=5N&x~-%88QhAiiyD)@GH48J6x=cR=%m@cbH4%g#~`X
z@whmgH`57dJ53};BtYCLO!WOE`a*!CBU9l_*OtiV4e${>YG{E+pB3WA%qKrVcUG3W
z5vz%BY)Wk0RsGSrXwRBKwkj{G(=SzOrST|=)|QlDd7j?QFo2k7m!r4x=X5^3RU^*C
z9iDwDN8ftew^vh<q50lzOe!&~%4>c&Fk7ueP%c6RZJ@qfaHemfJ?1*f>ub~B-XP{A
z*`1El5Z|s$$uczWcw|6eYDcCo;NI&e4&R^gP!->u!G6it9lNn!rgb#=qUgB((KrVy
z!FQPFZsMtljn=$PIu{+b<aNNh21AI;H&oPfGEbC74TZQ(G&1r9aQraPx=_r*19dgo
zFjrlGV;Yu{**44S55$D<UllH|&?yC1jyw&%@+z6sc-;_>O4IlxpW$~pNDri+*2t}(
zuDidr-Ec_$LI<G7E$qJ)K&;D)soCnE><%=<y^0Cr-n8{HP-;CZC<(R3llW&+Q&S_3
zFz7z6&N6V}fjn!<%gg*&&vk=4d}FYPO;D~nAF%hX@CfXF20St;l{|HN1*mLo8$?-l
z;GEc6m*x_&Ifk=7=vxf9A}_2mU#^)iI0=)j?SplF@T^ZFA-L-CAnG}kTI^z@6QVX%
zpT&33XXatm4MDQN^YzuG=UBRH;<QHl1&QeKQG&Ep?09DZUER;7Q+_5!({;&dUMP}>
z-uQNRvKA1uZo6*7fMV7*@v7z(_5+xhX%oM0%oeBB*(1%`0>1e}^?;g%1*)6Vur3~|
z4sIGOd^5@34ZOezi(cFzZxOrFokLE4oC?EKd*q;qs(oxw+5N{vxCy0mt*kfQ(u0dX
zV`alpy7_$b$sSLjETvmx*UTN_bv|_igUf)Viaa_BLB#jRD$rWOkUTs`=lH6V%|jJV
zA0)XeFPRo3U#TS#2T$1~Rf%94uk|@dWbTM1%s0R|aVq)o&fKSCpRM;s%^0sORtZcv
zzT|>C>%gJvRw7KbSCU?2yM^qjHD`?t`enw>bvkmkcG*5z*SoEuKFGGLntDNzFcx-H
z_FRkvZ2NgqFPWoUQy+_CdR2TU)E-wYytSg3BtwqH%uh+4gW@xBXoI1&01t?aAU%YY
z%IPS*?s&Ot;ayu&Pmcso6YgE;PL#t7Vi}K6Lwd8f?BUt<*0+(tp}+%=8e0?BbW7im
zeEIvvXbTHLg;Q;c8Mypd8``pdQ~YSlGYFY)n>El44u^gHx;;&Jz&(X^(5=nM?<oU!
z#F%rO6EU%O@ipQo?rq_R$N*}}OF99|bW(VY2+N7Pq*pg>Jg81@Rl<xXEG>D$#ch;!
zQv-guerR=r>W)*iD2Qxdf0cniS6P~Y*S<MB-jd_?-3#M+4#5xWVr0ki;|ZU<m>_Jl
zm5Na?cspsPG15HcbG~Edax8pE>(oVe6S-RR+e?Mn@b8+gLaNj5HUT>T4@nWqBv_7h
z1GlrzZC{v5@C+`FW-Lxq_F!u7zceOdgt6OCzsx#OV2Fw&roT<ohq`K-Vb|udjGH>4
z^OIdB+m;{1j4f;>lH=KUg{Pe6s1Q{b2&=>ctVm;EMD&=(yZA-L4<dGEighd@nrv1L
z#xJ@xSiDup7FSp~K34hvI0e4<`@r(kA4d`Tn(mJ>Ku>-@BgrwFIYi^|PRHYvC5Pfa
zfkcX*j2G8d=!s@#91CYS>}*U`H+-|;$hr;1Q>hSZKG_$IBzkO{g23W*<Hs~+F6zs!
zHnq0rUpO7F^UQtPI-9Gh8$MP~YrCTK)Sw^YZB8-f;`m4|b$@d5^vRR$;wz=n)3fSn
zAloX%)UT;esaFXwozsbhLTmG4{E=ILIU%jpHL&dVj^d7{I5T%|-FQ;fOgJ;IIh-b)
zf)S#7wlfJrFX6GQLcd3ieHa+Ud#-eq-&mZRSu`^#wXfW^+*<0uyh(Lhn3@==V=WT3
zVr9eWR7byQ=%LV5Zl&s+yqfrn<B-X?NDTA0QfEqT0VWot&=YmGcOV9*sjZC+iE)2%
z@@^At_M(uc@YZ?BI0}1N`pr?vmjxz#HH*zIKp~3gHtVNkPc@Zhj>%vPsHpTn+RV+A
zF$qL8mj?wEw1cII3-Zb=_3=ZQP;o!<?j$cuw_MaAbcj8-@t)eMad|7OtiH)otr8m?
z66_BK9V1fCtJr0~$NOJcl5Mc%J*P9aHJi%)GCvERX;n7PO~t89<jLLGo70)y<KKT6
zCWR1Q^|d`O%C;rK^cih5CHiIXLAo$*v0R~gtXdt8GtOGlL~yywFr2*f0~n{<IsQzt
zh&WQ-HeK^{s;ItCBz%5ftFxD)tis>3%Kv%5hoAD96NWRkKv*;&-6EC5uQ_Skm5o%(
zX1(LI$1-rYZ#V06#*riVvlgAS`@4WmW8;-6Wi47&iiAjIc&_AZ1bNaevG$xHa*jrc
zjvdj=EkYq4C$5ibC|+z7=(h3NxjwUPyUbUHM_h9}&=O^Ez-;oG9~DRK@sw1Gi<Mc9
z;|pV(m%!;z+|1e*;Oi{ZJQpb9C}@nm<`tJpnnpW5KCrlB=vBmtTD7~)>6&6nQp{2|
z^+*fgN<Kvgl{AR#z%UsMZfp<Q^ijyOeIL-fw**&;m<V&v>f9xv*Fg2YlH38nkZ3C4
zU6ucu2G+P>pZ)Y$X<RhZi?aF*Qn~4VQfUovN5Vs!%!Y%<>=*dRsO%^A%Dg|xX%+2g
zTF)^twtxJ9i#(jKPmI_!nyJZzp)nEx5J812x=^@w*+4`@IAei9?T_cF*p-`sXIU)4
zUdv?eIs#1~@15TS1j2@$J-)m?``w@C62rtix;*oZcH{-dGx0hOr<SI*F!c9@APiJC
z5jX|ewiP-QqK86lBX)ULZy2(7C14g62hG$?`=w)V3MlZ#=Ic^vkAC6IeJUeVFou&6
zoOF7^@MqDkKWX05rHm@2enh?*G|PKD>OG-y0Xp<6!^hes=X+T_zcN%8)8<sGKP1Xb
zp#_U0RV!*U08(AP<HBu1Ik3qe>e@B$=aly><sgf#o$e3^iKx2=r2%S3Pb7ZtLH_DP
z_Sk`9*-@K)vri~c3!x*oEw3wA^pPp)Ax7X7(#`r!7n7Pl91oHFpmCqI%rT?oi_!h{
z)1?+d(1dPV{52xPHS2sRC?Bu=Oyjw*H8*l*lPwP;#f2MzLBhV1Qr0pw^t{d+xWQbt
zKrA6Xz1Gw^pnH#oD*zsH8B7mmu06gq{m<MnwxzBzvKRQ4&7clcLS&sYge`9wvYCDl
zU&RoE3OMPt@Kol<N$9r}npU9k%8s~+^Qxa@^3rf^#g2`~2@-;?7PN+R`h5L2^Nd><
zrGv)eHspcD{OgaPg1ZWG7Hiq!M~c7MIu9WXT0LAVrc}-L?+5gw-wY0#eHZC#yYQP!
z@izjkB0a5S*D&c3?;nNIpO|Jj6|sQAr!`^~6V*p*u_Oq1k}krEL<(9C#4G5P=Rrx8
zUp~AOOfdR-(BiLkW!zt1A|Fxm+OFT!*{n*W#Yc5uYw+L?ce^@}Y*YLAW=>`dG6hwn
zUsmm;r|V>Gl2m{*T!bdtLDeI6Wy^%2&<K1YT}GDUmy5-w7xKO3Y^=<cUMjSI;R%eG
zAOSPdsM1;AVxk@VE?=NKDSy@|CogiWVDc1;<sPe0awk63qtBSP0o{Z}H)@0*bO1G5
z(vnWu8J>x{zF!LUpVfPqFs;vIT%Bt&Bl9?N%r52UsDZ1BghK6DuG;GU8!P<qQ29^-
z1qwHtVf`)n30`Nf{BNk--`vobYd?SZP<))Yd^h||#!#}tia~fGds(pejqOFjr|pla
zpT8PCU2ojGW6X6JG4QnbBvUx5A@0Qp-Kr%fu5~Nl(Zx6Qem1Po7{p|)ySpdSg;o`*
z!itgw(*NGT{%ZMV41rQztRWC%cO+dO@646W`Ob#*`We5OrK<y3(<*%D`ymQD4+@=5
z|G0}L<0|vOQ2oJKPj4A8sIkBY4C)L^wkXbhuoJ#y3Hresc~QNnT>XNB?Q`};x_*6J
zmN%Q7pfz+~VCAd~7$O#wP2^+~gs{=c+FDht!5VZ=*4+=d-`wmGYmY^rQ{E_te?!M3
zM>nL+F`#l0bzh2pJx#JFuJP0(z2`%)3%3vD{po(_vY3S;aSJxJHHq<nu7XKM%O5&X
zW^G9}6Xq?=rb->)qa0MC12??xi@;!;R@21vOC*U%(PlSZa8WDGkYz0rqU#qnvL61*
zaCGjtqxa{mG2lE`tB?ITsZJ|md>Yk!@(uJ|A7y3p{Y_G0=b=&e?ASa|Um~@3#UuMc
zLfQDeI=NdIg6nMmEe>-pEbFjX3fUTiS0uBArQgx21}e6B(_Jp(9|7w-h4$+ao_C7_
z{O%;J8pzTl-_=GHTip;#9n$fx7ppZMYt+`xzLfbcS{rK34_-haGweW_$hz3&aRqC-
zGD_=n`4zM6FCAVoMwl`>9K23Xt}NF%itf1?a$1O@sWl6NsI$4s5+lZfN*s2w`yOvx
zi$Le&T+p>S!YC9S*E{<?HA3=o#Vuf~w1{w3TYH&f9&1v<fZvsXn<+i{wFG>M$po3-
zZdJr)c92C87c-x((~rbh>lcv&(z&=j){6MOlj=E==Wk8}3etFuzaeCR^0|_yf*wZR
z$01$SA-Zy>wa#j|z%X=XJC+Up+anFV>9?O`cD$~teKhqcNprE_Y97o4!&Tv6ZKLLA
z#U+A?-;Xs<H02M{bn}(|%*-3-`#k7eRMQz=@$X_4g=ukPPPdvUlFIcX+HDq~;W7JL
z(I9EsRm*Xq56e#S!vUwPU~b-tUeaz}2T`7nK0(I?;UjkWGgh31PmFa_gQ7!q@1B%_
zHuLw)#ykGX5O8r^fLXRk7a+^OA|qwIPWIg8isXOn`FsUvemV|9sVbhH{(MzBJ=Rwu
zG#LQ|<|fSKe|v<xB?g0!%!`h{bKD5LYob(pbYA0jp(CinRY0TL!2Rk(k(ZBDu(>($
z_USR@r#kE;F?HNb&jQB>T}j~=Yro_$R^K1dCStJ?9!ol(=_UzMdlv<MN-Vdsa!v)Y
zJc5KlJ#yckqI-q>oZzQ0D%2H0=VkM4VdoElVh{zknFy(ixFfn!vAqwtlQT(|w&(et
z@4Fnj;Zc=Aa!d-dm;U8d!(SO{<Z>YImH{USff9!DTQEPuAxoXo=;r-sM?tW$|15cZ
z>%2VQ^Rf9$`Rc`3Rh|0FnN_&$6<ETz_(n27uA+5Dh(1%t2?|a|M7)>=l^N7&7}2c!
zL;|3+`pvnb{J3wsNk$98u-HCd&8^rmu^X~D$jzrR_@2|H4e9CfDQ>IZB-~5*8Y!DD
zRIwt#S)B}M6d_HcI7Gr^u*zO2mSx|)NN1rwNExR}x0mC*ei?Le3=yLB+QB)QE`Tnb
znlwsM;eM7zvsq0Q;nf%}TJ~1K>-2P}<u!6uc<A&}e66buPQWtWTd6RwY>A!ERn@r}
zd)SMeg^s~(g&L-cm}M_Rjs@@Nt}1{*uZ(}zF7-uRkG8OmA7ad|j6TQZ{>V%mP;Me0
zhEO9t2lORq0XwYgr9@>}Wk32Dvt6`KFF$;`H801wcdFdW__OIZAAy$5Ud`q@bHSk7
zP<I*^TAnB%4v+zo_(ezq&#Hcwd#TvRH}KWfodCmf3cEYp61g<|T7-%UhX|qaAZ*m!
z1y>n^8Lm`p%GCe4-2d-=_SHIv$-e3bsJ@;OLjjMUifOK1#>?oi0;Y~QL(Fiy0$bA8
zckzON887@*CzNHe&lU7m#XN`ZvTM1q#X>S(oY__we*k#%Dg$oP)`$FA=K9}9f`1(U
zyqfxx?%_|xio0^-yE|L1m=`_ijBXO~!m?qwMZ?<KH1p|^Trk}{7YwFP0S02c8BW1C
z+6)cQ@deh|i8nUS00lX&;U-&9`tmgk<EC$7UUDL~jc6Ms+bavuJM1D02pz_axMW~q
zYW$M#r83twF4KSnRFB5yl5Fmje#3MxwKmm{er;({PraSTddr}7z9EOZMhy#u3=^4z
zFV8RGF>AB8h10!uxzu^!MzmN}O^>ujcl?Xf_){5m{nrb8jcQ`gj)^z2kR(jT?<1PS
z7EGP1>X+ooI>3{W5QMJrwUAhz8%IaWvInZsldZ+|^M2NM<gAqTv%77u4Ain#(^Tw{
zw$tqY_FU;d4d?Zl!L#FctAk6vzW;BToc&+9;e3(P?h6`=Ssnak`(wcy5(h_ijq5!^
zd+RIQkM8<3h5ush%ao;5SXmV~c(cGu%p!Se05$!^Q3fa=eRY{7{G0>${u0E{d#=u3
zkR{&8*F64IG9pfnZzh9|5>7))e{z))Pk%)<P((e7)>9Z1_gY@Vi|pXh>J5i#`MXz7
zYsIYP9{V47z;5}GC!&^Ldlp8D#<iQxH4Mnpoe}#zC~~PjUZ~*Ni_lH|JC8!@yn$19
zXYcP${22WrR-OH-Uft$lZ$o|N@G}sOTL*YwJ%IoFlfS<hEN<|cra|zl3Yi(d%s{yt
zauj(hbPvbjv3@PS{(0%3n=G+`q|@|LgYHq3uL6>-h$~<38@gFop8Q#ML*IHP@&^wI
z3hHn4oN+vXqs7XJQ_5Xc?^AEo%;dv;gj+*JKVQ8AksFnlyKFo?+m9?f((?8~ktDn{
ze$N1Fd6islf5A|?OsoYFQvfQqmmfqcAxPjQ<yk)h`d0?U1ac%QJ0`(t@<9+pCEop`
z?E|(mMhAC{o1Vtn_7}eiGB^aqUdr3=TF^$*7ChZ+zsiZ#y}%A5b2Q_1Rr45DoU%=)
z%SPWmnU__8jbuG8<(x2}8c!I(fX#lPVy9+?8s|5XIHP8?(HJ-Dv1bb?5|?|^={I;4
zo#ARe!HF`lI_iygd?nuN)8DNg8Fh>x)IdG(FJV(y5+iJejt9Xb^A>{6xIGDOd6SJy
zzdpWxb}X?y&}YaVz1I6>RBd<~j|>wQrRs}KP^W-6Ik8hHLs6<5#9xk0i&HPKwQ9sJ
zL6*6iYyeg<7^>;p<0>l&7l4?A&3s4#eH^?Xb~`;n=<rNy--c%5O}-x|XfNe=HB$PE
z>bx19a>-X8`4X=#wM5Z)lTb4hI^19oieY1$;x>GIo-995?<H*09I4-SmwasW;CnIa
zraoi8SCr*pNC4Q*d?}pwIY(E1FP1fVq|c}>%^Ws6@thTlz24i%a436n`Q)ufs>24y
zmvx7d(yT0}kvN`6!3qIQ@aD@}mqwU~V@nasp3V!X`!0}Ea+&Ppt1-pY+MyKPAL#Nr
z(7pHDZ1%NizI`1tRA|0cBYUJc9rSiBu^!*n`KD<P4o7f;CvW3V7Fz4C#iQT)ytuVn
z|6$*@{F;b9GM{gq`K?~^k^jX|zbQCwV%2MKW})^4l~|JOuq34LsJ~o4Vm|4h6+QYE
zp^v~ShD$f%K!cY`7wB$`_le?StT*c2si7n!v2?sQB0436=fr-JH$-9?)bokn-f*k=
z3IIbya#^77HOdV!gw1SNu?*7q%V%7THw2VB8Rx*d(9qwt@@@Nyt45Rnyu9)`<}UX{
zle&;*N}tfpRh9nOG9hAN+b>vbyqK3|Ci^FN`iFtAF<RtoKhBg+akK5OI#PF|4itQR
z&_k4Qx;40RmG5M^go7m1EQry$%1`p+Cc{6pA^&UG;!nkQuHegrpA+#(9NpRoY{D@E
zzc{82&<<yF0nbDxW7<ZT)h)=fxO$a-?{|&|Itlc`UA&B`xt}R3G=ZakzoGf4`rUD;
zqJ?Z_g`0>OY!l(p4qj+kJSRW*m9E?fvGNCO1aSqDdB2{B?^yvj;wwMp+!6cq)mqrv
zCOP)aL(W2c%|;NX$FB^mmp%%db#KTyg_|9w^V3r|9>2XgIbm^5%zM7UH~G>KVUW(d
z=&t(|`aPD!tYE3YW+x*u5Gk4WK$N1X9dvc@$zt2xpP-g{5yo?(<-iFh3`vtp)rP?R
zr8IkEcEMj}AGI-GNnWHRvL@R_)Og>HcE{(Nqh+}hoacnma2)C`8{Mu@<voM4{#iJ#
zPC%F#lnCCq`-%VOlc%-9CmhKN$q7!DprbH2YCvOaVo`Gyp`l5<{vEK5k<W~-?-fXY
zANNRvZOMrYYF^*Ec>TnJuA1lsL=YYkG3@a{i!O`5c~ip$ql{38BU0CJlVq9M;p4?#
zhBJ}!(+FW)DDG?nPPZAe<*xkXOl18toiG<j9;RV^#&i4Pb$X@$#X|FMe2Tx=2l^-D
z;^9|A$zT{^#*-Y<s<w19s&8II#`BC)|1-j}LmAZGyyZSqZ4)6jFR7<pglsIDwmd-9
zE~^K<LcOBr;m_$W?)R^42>$%@Km7Ms<d5G@I{{c7*1EQOtswY~?u$NG+3yXawn61t
zy?WjJnqf>jpP{CUy3iQ%l(=foDjz2;t2D4}<d`{@rk54}ZAvLR?v<U2nm_l;H!mKd
z=jw&7aS&!&ne~B99Qkiv#n5-rt{F3&=_@a6a#?K?r<Pq9pK~m09y=;v%N934!!$9{
zj@-QADZcrR0o-R}F*!*B9`aDxhH7IU^#D$hg7Qpp-*h7xo*0e%mpZh*=kvSU3E;J@
zANB*@dY>dazK*hY9-;*k78-$2D1^V-m;_k8$FTn`+Rj(z={6>9Te%!7_Y=xATm&%l
za2)2>)@y#C`Yp7UNZFHzMYwgq8#m(U_}0WeR}Rpa$F1BD=>^UP?aI1*qg7tIAaI93
zufzN01C#Lgt)pz_nKSbHms?Ecg196crOJOkxi}Q<5|`uHSYhI%L$f2<r~IHxvl(qZ
z<nZ-D-4^(0X^*M&epn_6^`~0Z!sLLc`rV~CK=t(P{DAd4RT54Gm+zl{%3<?EBoX{T
z%B*z`_s$R5B~PES?&sH$bY+wI2Jo59To?8)zPctVRg18EJ2Dh0&P8>n_*CiT9B^)$
zXo<cpa#@?Sl7uUI+Y5)Lk?-RWtl5QkAH*B@tbTFwx7y+FKiw7`Wi@ZS@T&Du)sjVD
za9Tb9Q^af-R+s#AlN+9QXS8BR&p(DCIQhj2%v$auOzCw;`l~N!j8x4-^22G+`{onr
zc%5u%8tj6yu10A7n2o7U2X1DzH{MI?vy`Rp8<`a;z3m=&pi}EBx34A4hdp1);Q7q$
zK9{c9=Py*&k5sT=fIU};X;f`|!DHi+HF~I4o4uUd*O%1v+@`TsVSrQws-Lf4&_4%@
zZFtVvXw4CNBfilCHyc9+e7+#ChHzO14&9QF9_KR{D!O^V^eCFQS8`+>sbSEK-xtNG
zMsmZ0ja;A&SW$dtZ%1P+HW3Zj!Cu<>y<Lm1+<sq`M>i<j+xqZlUymn$^ZsS{D>BnR
zUuy;id+Czql4MC%p9q5-{gCv^oMO{3K8dRoD2oiwSMzd~-*|J4UG49Kh-A>Wd%xYC
z;bgqM<6RS`&pcM6^PO>79&G|+^)u)LQxX>|=b`4?J+lh1gow2MMPek@vIamYl_E8u
za|^*gMlyWQ^qH*8c#1gsEFqI^?!{vRa~~YUy?ZFLQ$9FnRO1#!P5(3)WWm?IBd+2K
zqs)L+mlmjtU8|dVPn4Hs7ic4|9F`ha-yBCbygZ*;nJtyX!F%~se@MSiaKr#!Ys0MO
zTWT4&4R$8K*>e3_5l4UuLMr(X-cfPA8MAu-`<Kt4m{q;%F~5Wk7J>S7h`?EOUHUeO
zyQZdHt|0$Cp)aoW<zuyt<d<?tZ$bG)Id=AS<cjDdS&m0axrZLo-^IZ04@Ux-X9r$Z
z9ulbW?mPvQHOZS(8)Eg8((*W`+uC)7)X-c#LLwK9&cuo(n`@H<Zg0VLR~>1RLROo0
z&y-}~ju4DqOMfpgr&F|^zHD1VB2n5plfAEkp6EvZoc21(jPMLeyPwKzfmhHPAUakw
z=|Y+6I;=z&Ytb0uI;$QxQ?=~jEG(lGX2Wf#9eaB`>h$}AfTDasd;!Hwp#sF1C!Sg&
z6kvsA-JmAStn3u!8WQbI{;E0rt<(K0?f9<$Y!BmdFjPF@koZ{GrC4}5z-M58bn`G#
ztykz;qn}2!u>$)u)wdGGkZbf=i(O>cSK&QdjTN94G3sgnZ%o{@U}PiveiyQY!a55E
zz&r)ddF(TTRW%L1ZtIS3=nhn2YZIl16TEj8rFYw9zJn}dPsVAHoJR%av;2{iN>K0K
zrap_5&s^xPVD948EQwGP={Wn8L9^3(n4_!g_tT^K%8r8(?vY}@GT1YW+_}x2gFduz
z%Reeyy!POZKgP;-A-Ru$`(9o!fw&x@wrjp*7ccS=fS5YI5tjjMqN<3nUY4jptU>}Q
zwGEgY7<h**LtSro4gwk|e(@7DizF@H%0dqg6kgT%?4^(Kih%?wnPwqy`LD$;(b_IA
zHowhU?jbCRnR2l(TIpW~bX7=fxH{JxYG&UBvH^N^KFcqhr&h0p^bUmmtPch;yj}+@
zd<%BaDrd#_ZC=nHk``dKC6LlsV7T^?25K@T-!OfxAx{{WD5E2E75+*)-U7TXlGP>L
zYF4){v7waGxNHIyCs<;H&}L0$<hpW+@nPR?ncrA}1L@*N5HII0)B`RMBo<iP(mzm2
z2)~p&Ck~CS!qQW+BjCiwpF%(Mu<sx24*xYz^7mfgUw!=1B$gf?wuJ@FnTA}ymmOIA
z>hFEd8QqtJHAm6M`MuVu;kK3&mhY2CQ7zlI&Y^W!zkR);)7c-AW#i;O8-aT)y6S9u
ztnsnwS<zug(V@L3D6RCeq4d$#Xv)^CQ|(J7A07c@R(CK_!;n2#yDiav#~HD`AX(w^
z!#SUAALs1~@hvN}%g^#6T{iIFANhEia}#ngC4~1uddZv2TRYd^7O!mRTVU-LMyu95
z*vCya?*<s<HGCFBU$`FYvWW=8r|I@TxK{egnwDs|$~gtkjg7x+XfBX{)g~xF4}3`D
z)~JwP1d~{=u}fseIDTo{WxUH8SLvHw64+Cu0&zvvt;p-h#UKhO_;FWxpb`PHJs?kk
zVuT@9;`VnMv&+sJ`UrS_I%DWtqSh2J@iJ&Ywg>EEjOs$=KgId-;%aay#!Rdab>xrC
z<O}RDjO8Mqdgu>Tb^x7u`#ZO-7HayOQplc>6=Pb7QS9EA%9Z`a5^uGfWfDnGt`}oN
zfNaXk??G<7bZ)rN@%_5>eD>S}E|ZcpR@J`q%8h+R@`-K}wUB2fz@)OrL>=P0l@>;G
zq*E0La>ptzA5BPmu&3(BLwKMz;XZ&cHwNFDRvSBa#%-!n22!NA7SWlE_wdpQh5DXT
zOZDs}n;8~Nh4{_$U9w*JkhMaZQ^geA0^`R0wBiaAebj)GW!<>}aHfl8jm%!!x-!T7
zortsqXtLW5_^_^s)FGQa`H`~y-2`Z8@8=(`SKJ^S9o2$tsz%p>#Er4v9^!Hr5FXA|
z;diDin#NM*Y~WSTk@db*w+BB|rc=V@#$<K44u+LpM)bxbW%FkH8->VRhECUPyjk?h
zY3wT#YD%r=m6^)aYed0>H=?`V4q9<gSuTI*umfP{Vfa=;$!eQHT4c)3y8<)LhOXmo
z@JqhrNING;X^8Jz({)U#Z#oX5%FRJiezrhjBYUZk!F-Odo4i+{-||@=kcS^UQ!p_6
z=^1<brfZMaffm@5L-K0Kc8^=Qf>CHCHC7h@BHuA)I2@$5q{;-^Q<)Nl6pzBcDxI<Q
z9Zw@HjN83V!{=?FeoNwlXc|zz?2LYsu~v|kWK&=BncPS)Z@p>%X12#kF|Pt1W446a
zLb~Om;BPx}u>W`i{~ea|Un~OtIOS%%%-!5XN33!xhOS<DGu6z@P13ceR>k07(4^Z=
zyS|?ugbKnkY$VS#!Mxwm@tG>%<*r}YS7^jKZdugWw_)XKbslw?uNYLdldk=XqEqb7
z#Ky*kXa%Rcp-1P{Li?5=iS)SwjYUA1)KFL0i^CIR1_pKo0Wz%bezdsl(B;F*7P$@H
z9j;9~5uv{_99UeqK&Sca<BZzA%MWk26tXJMlQb!k0GPA>dtJS>sHwB>tz-&ii;A``
zJxa!sv?yUoRZ2)hF<~6ilEF*7*tO8j(ZqN{v-}s9YLv2N42fW+7KjTKiWCz(I9tzK
z`5!fSBDDW&sm`5zbCtBkq&>4fFR9CyE$Lcry&K_1&U55TA=CvueBvY(>C`az<ZKx~
zq%ci7fgo12#n*eENfMZ*JnF$loY<ga64z;;RffGa7q(4<;d`f3LH$PC{gE8O7B7Zk
z#!{#V6DjZ(lZzKK2%jYM{Wo<3>@HXuP@eL|(44g@J(+kr-{h@kpqtK|!X4pk>qyWW
z3f=ODg>J17jz{SiY4#0@ef7WK`6oNBKU3C!FV9bZGFYOM;{Sx%`E$4Z6C!b`J}o`O
zk<=9ACf~~L9T`&~@-!Fn+9KE4mUa01!pNgET3cd{W*KE%{%6IhFrQ3k&Uo}jSQ{HS
zM|UeYTsnb@)Fi?64!UDT55XS}g_8h}S)Lh-z169Ky}jvvl8e^&thmR%l&}>^ZzrX1
z(;WerB)U$-_FLb(+<50rI*MD<>bx6wPDkOrh5eVNfz!nk@J`E8ktlApV6CmxtPiLl
zI`WU6QYcUUmiLQ#4Or){!1JF5>0??Q_?y)A-^R2l2;7i9rloRSa|Ey=^qiGOV8R}<
z;k>)w^@ks0?x!H}kOC>qIDMrMN<E&WU3j`PW=~$;D&50|fl>A8k94v8$b`iSkU@FI
zyQq%!YfhYn{f--SyDaVB-!?D+AfWU|tH%!U?u`dM*VBuweGDc0PA6u`Tg7y26g9K5
zPIkC?d^4hR{cF>LbE;>kzAT<Gv|vKG^eRBEPddnQ*Ua47=Xo243G-68k>4#5?}PL4
z-oM#3#l%GP_MU$6w^IIlhyT?Q_+MV--|8~h+MQ-T#rZoH-16#CR*-6~Z0P(FGbkL*
z!xcA>XeLFz(%>zmTsY*Rxo|#hWA*H8eGCc~YxF@@rYbnMSS86UQQX1Qf=0RU;s=0U
zKt}-R_u}=&FzTJkN(9$ZZzX&Uxz{@?T<uPL-CaEuC3J;mv1_!(StU@Eet6cWT8N92
zU$Uf~{mDOyz<*JB%#ZMWBZoeBFLSewpwHbsP^d?_f+s%EJ%;=dw~K?Z>;|BUfh5_d
zHg)xNU()s52U>obaZu_eXu95kfX$ymJgBA~?ra$Mx?QxHLyc{CzSpem)ZEQ-No17z
zp!jnZyXx>Jy-eKQY2rQ@1vM!u(~RUeWq$8<%$Un)I_ySuAJbV36Nuh%(I51GU=aA-
z|H~D{KXOiAGhIt?+zxQ!J#rQ<ibR{B`MiYN38RVwVde<2bC6vySOygKGlR>a6mdIE
zpdev;h9_Iz2^0KT%xgAnH8VI-(r0TQ)WucQq1G$wW1N=M8LQKn^7d~x(5~Yv&DN7s
zQ~GRtX2u;gl*Mr;wNt~@rg;DUJHnBhC`Dc0Akj5jDBI1^xZcJ3b}g~dw!Er>ToH>g
zQBt0ivC@p7IyNP9hmeT)@JqF+I2<vRi;KToTU#SR2!7Af1sM8y+Oi}mAC6y}5ihJ7
zBX9PMl^akZXlNNf!7*2_3Efys>DXd0jwEox_QY#q3yI<?uyl2~MZ&t7(L|8<6a3Oq
z0E;M@z7&2&$C1#3@dGhF|9r6eGAingjg61>YM+0?RX@0|Usn>bnd7Kek-TzO5G;aB
z6*^KR2FDDF`#f_V=wL4iFn3Fyk<yYyjTS245QfW=+KAFB7fBIs_&E=Wj8(&J5ZB=;
z<W~PL*E8Nd_-<GQ0(HKyzp4e5SS_KJpIvhEdUFL;!0$`1&Nt>Y@QH<(F*>toV4$a&
zxx@7)l%vqqOyC&r2}=hdmx{K`j)|!kSUDBUL&kzw10(1|2gLd3KRj6m2L0_lwaO5w
zv6w~U`;(ualy0VNRhE0!niI9X9iu{sUusaR`DHMuF3t@o<zaAR=(oMl{~zfmt1+4+
zA>PuamO5)7hta_+)0L5qn44V^=TxE_u?p-cB*H_}sWGrGUzz{Ezy&e%59*>XR<81*
zJ8>hmqOsx-!V(>w1Q7TDFt#3Sdi*3xNzdTR?N^HpGrlnvATp-VksCLq^?sG=bJcxJ
z`#D?W82CBKP9R6PB|IaG@m-G8<#Ef6<R;H=2%JjK()RSz+G`%i_{RckLD>HXBXzy@
zo<HI$n8&TC7srM_P=5&1=PtNh*-`(==F*oz*$y(-=X}pd{qp4A-c%WGzY1n|L=(gq
zh;<1tqA_O;i3=0uV$jPgVo;%EAA!&j8<aU`PLprA0eXTsvf#@eFTbTPp*|T#`^}Jt
zi;LUP8w_~2AZ7GgCvV6%@GU6p#bSTg*A!;Gi2bohmOJtbYW$yU<HKCh`8-qNdPv2O
za+@Ym5J0=xy??ekMj2qY*IHkgABX@~Zz!m7GX9{J)^2CNJ3Nt;qlt9-mEn~xcT(#1
zI2%Z#&YvqQ>6KGg@hnl?c1Vgnzn4Nzoieo20RR>jgNgE)IHHo)0(&omgO^PS&yZKs
zTHB?jNKcq2A6t%o)I6wQ+SmgMN&X)55{X0xah<PBv;CAIU(Lh&Mh|TDkVDIR{<f!J
z6X0Se*@~0RrlFiTLO%P_P#)9VD1@(j5ql=q*+kCmM1@9R8>w1yupZ*tOxxwFidl%f
zU7BoHv(?SM(Lk!kC9wrHz^turmOn`~-I2;MuaC$Hf=h^b@EQu4At8Raz<wvL&FEV<
zT2MIkSWVqIU{%%(;XCI?N7x<o!-}I13di^4E7=Zg^<1#3g^E8sCTwr<u;n;N-)#$F
zbZTT9J#isD2#eil719h!#rpFKIdiXM4SGvn%*TH16S;hNBVH;9UzhBupB8p8t6MuL
z0Jb@i2v{231+e_e03PxJsTN8MbZ@C3b@=sA`h#Oj$z$4RC%XF-Inx+ugTRPe*Q-SA
zUT#)a5Pq{%KS4Cp@2)&mm~q1iem4Id#}azCze6Q020a_cC8qsRiY6L?r>t4}#f&%x
zFgbJX?lwNM(QoMYCzlKK<jT$qWuO51r1PB^?Wb};ywG@+kK7u<h#}BHGx{fqoA<h1
zWnBj8b77}be?!#S{tk+6X1%oc&ld8Z{)(DhDTn2Hmwi*s+6*hpnbEyPm}DLDIB&(q
z;R5V0_jQ`r4DQ8~YRghXbQ;rPb6uX+UL{wxi?yo#*{XfvpFW5;E!5li1N2J?IDiS5
z>wcuJ>M<UX<Fq0GHRx72L2^!mM13R}ft}4HlO^&o7}KRX?HNC#OKtQxXeWrwV{tIh
z63%T=I)c(f@)R;j$WMPS@K7zy&1!>JZ7XWe_FWM^y~y$vQe>dvtHlpt8ys3!nh6bk
zfunskj_=&j&%2}uP-v}uWor_Jq@|g{a$N{n2&^t)8qi=Di3O3bJm<o)#SBE8c4sU)
zn4}I*+e!S&a4Ys#2Fv!@9rhekPdt}(MJ%M!qM^JzEAm^$n$9P!IJbZhe75(qJ*}+-
zX3@pT$v0ybl=}Ki{wr7Y$~9BLd@#&SDw``J+Bzmu45~XYFzg^GBQ2g-n)VE@G+=vu
zlxK!<macK`^g~jHQJRa;Gq3ApVr$;hALYpA2Y@s@4+QqQX<q9`bvI2MRn3l04hd_>
z>i3AI962Y{meu8RteQU0(FH)48aDd2ak?t?7fnma5)*#xCZu>+Ugy$U<gMbw`IiD^
z$FgSN+Kn1x4;-OdII&Hba@_2(&zS9C?HJS3`Lz$P_M{L0Im}goAAdOPFQmE}Gx2Rh
z!WT52TIMPvBO_h)<Uh5C|HdyCtWC%5e)cQhs0N0L?C)2Rz{%EjeLzkj(U^ETo@(|b
zQd{m<hCx-rqe1Dr2eO`rj1vqh(hgcr+a20t#{7)iIHuJE#Af$YBAPjUWcc6zJ6Yu}
z_>c{|gG#A5N>eyKsh}Tk<XFmU^C+&hDshK=0n7#2li9f*@zRyP2ZKJ!yZ-N7@_)|x
RpBng|8u(w-z@1;G{y(L7ZK41G

diff --git a/docs/assets/lock-wasm-master-OP.jpg b/docs/assets/lock-wasm-master-OP.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..27b8c7a5f9aeea9f2d61050962f606e742dfa332
GIT binary patch
literal 62006
zcmeFZ2UL?!w=Wz;MFkZiiWEV52MHZ1(n)9%nh=UW=!9ORW1;sDN<ct5q1R9arH9^o
zkzS-Iy>s!r=l=h`-*?{c-gDNvcYSxQyOTW6Z=RXid(W&Xd-lwe%dyMv03wJiSQc>Y
z8US$Z>I1l(zcvPzk}`M&RgncN%KRgu9dJcAo&x{~8z%>-oaD3D+B(nhzyBl0?>Iwa
zN4wwme?eD#4@Q1-2LJ{+{zaPqug7=bCXU8e34UJv=pC+vUnxs+g-Oi*fti0}qkmwL
z-`Lg3&gm-6tKZl`9V&H&;a8a1><?`82R62I_?<rVDvb!j+WEJv-}GB!LK7PewX6H>
zs~;u65da0q0VIEy|0;Y%wrK!>;64C=7y0)yBQyX|=?4HjnfUt|{bvB+!AAf9+xz#k
zzw5-#(82KE*xk6gUN<!b0CutgfP2~iz{5TO;4bXn;;t_LLbqpEQIuDD*<O9j0M-B#
zz%u|CU;{7)a9$x0;5mRBz<)UjkOJUc|4qNIcvp1e){WnE`_`?Sx9;4&d-u-mJ9q99
zJ|MhHaG&7LoqNRh?mr+RA||>^2z&@6dU%D2elxlDJ15?a+gBNh2<{MEJ^fG8<yQdl
z?Q45@XL#3W0oRGI;SpcEYz9zWRX5)6@9(zw54w2^|2E!@JJ+w>y^1#{0swAZyV4#1
z4&jx;w{PA9T!n62r6Ilzq<P3q^5`)st;C?Jrj`pTCU$7}&J#Kizks^NYs0v5NvQq1
z=n8rsKBFis1FwTqnV|9e)RM;j0Vy>{=hAPCOw7_UW*<Hx)6#!lNg}_};7>KKl(~{~
z{o1XoIBw!=fa_OsZ{57AgMVoGTMJ?!4foB55~_ywB(xx&sCVCf($Pz%LQDEDCjf+3
zrMgaxM+^`LoMiob$^P%{dY*l5f~yRR#sQg^eYXnd&jq15kV2x3!Pkne6}>|)xvJ39
zz_!el5JItn){bNqjP*Q!&$CNF2{;t)Gxdh^I}6oYyGuYH&x6!BYK;dXf<CKc0ezhj
zxxTf&8E$h;mw=aDV*a{b>LNeqE&-oSsiio@a<6Y)k6H<MaE|x<gv@^b)oxS3#k+Vf
z!m5)Tf~vc6$&})IgiWg^ZNpN%_o+{A8Sa4=)<6GWN&kCl?|}~QFmk!HT?-n9V_Yh~
z!?y}XZ<fZ;lmp$-#9JmMXyX0nq;^!d9SvW%N_QMvcZ4sWg_q88+#Nd*Md>}jkonl{
z`u^|hSGPmUSh5>S)~ZE!e^`=`Feq$H@)cM@gKkR#_0%gkz!3S`Zt0gIZu%MzAAg(-
z4q$9_%5-^^mj+ZiR`v*520@^D>pG!G<a#=drUzwhr%EGFEgwowIEDm2jF`w^*sYPi
zn*Mx1i_Pp3FnrS69Wbnq@?kE6hStS?W117YpRUGDzRV+Ss(1-Vdp{X}3CJpiM$`r7
zzY%2(7S_2P_)bdYE|$%tBbHW9iX)?vXAFs?<;?Q=#l7`Um2_Wup-6Q%M`i88-=cf6
ze8fH4;ycK!w1Q?NUVz+!nSm)6nkiZnTC;;SnM$7$ZgUVfu)BYKWafc_|Fob7%*j|C
zw0bP|9Lw<f1tatx4@@mcvJ3f<2@&RzplJpE9L7|gyppB+YvPkpp5ndp=f&-2>-PvW
zMPsCqo5b9*h{Ss!a~}O|CfimzTCpWEYr~OeLY?wexPtC7!VfAHFI4iK7HHbOi&}12
zu{_OvM4SPfQq7r^$dn#O9xQ=)qtMh6a$Ge}j@xz?x^5}!m@Ql{+WEW~d%BD09&_<*
zsI?hIoY*$Jd>V|GxNi_zrQ?PX97$Txv9L&}j_sGL$@R|F0pp(5Br`_FhT*TGc_Dne
z?kuV)EIa#tZB>}4{CKhAH`TXNwBJ;FGlh<eosnj_thB36sc>^eRWN{6(@$QIu`ohJ
zPw+JW$HwvSY6>66g`4HF5^!|5nFEFH``9_*3>P)ghnlBoC(gu^Kuh=2CKrh&s^mOf
z-Vj(>T2cfquv&FvC3ATiF&f$LB>5_a^hMw_0R)+W-omT@s<BrK+6~GYt9P*<e5$oi
zY^`g;RLxtd13|qP*9L}mo(A+%YCZVsEUv#_&sb>n1xrjG&6qS_rYzY-|Du~;l|3+J
z3MEfZm&QNoGxJg`5pevY$pCn)9BbiSGBu_1dYy{TS4XQt{tT0gaG;3hXkY2r!I{eQ
zW@dva$e0{CKQ&pjR;}cee%%p;;`WN@+Uy~3qe%7m!DL74uny=WD((c}M74TKD?>_p
z4GKK@=BXqeGDmQuHo!GBTdSOW<yLFiqtr(N5h|M#AOkMiPvG(y+&EY@`4p+*0FG15
zoTF5b!tvD#^|ObNh<Lk@kvaBr;}&-qo57z?_4T_&Q@&4Ic-RyMi`9oOQ@pzWV5E>f
zXTQmBP3MEpJNQsJciAmAnn(ICr`(`Jv6QOS6Re;C6e%}xHtJCGBFZ88^j7XK%Ou{8
zl1+xeP43Fxo$-qNZkKxc!uEyd=F6NW(N=t1QH<%FP+D*ldVdUG9`L=8Vt-zwz-5#}
zy(@S<JQn*o8=PAL4O`zYFQ;h*r;7&lIALzUh|y@`D6$PL%aoeiJ5MulJYjd*?F+=)
zvpxxLB(1^MNj%WNky$vBcGc7~PfI#~u(#ul@EJb)x&fuio0{sV)!|zq`b(A0_lk4w
z<RWcy9i|MkBU~Z}Vke++51dKG=MRagmIi-PyQn|eNeR!{svDq$LADXH(x%Z{>vDbg
zpZ<NMQ_o&2p#E5G8(ee2Ws`;a*o|2-N11}hrp=5kHpA{+2rG6)f@k9##C^y*cLX1E
zEResu7CWtF+Dy^DPTx}Q8keh7(5;%ZcI0mfso7!f?Pr<$@p@DO`+gsRg3E`|h=lXk
zFL0e_z&*&woatym>(|?_C%&H?Z;oTa$C(wHgx>fRs76W4(Bo@4PM{hm<y;0rbO%<7
z$!zGQ66^lcQ1icVY<>mW)tAWOeLZ2IV+4Jkciax9$F<#)9g;?Gb|IHp2xgtOtfQ<;
z`5b0jonNBBLn1p(QH)sAmjx@6MQnBnp3z%-LYCr=gQ7LNfQtWzp7#wG9OZb<MyN=0
zC)Ds;$&^27AGHMUWuU4#cFUL7=s+vb$Bl%Mdg>7U$>e4)5r80%mUEl_+xTxHIKxl;
zOI7<}r=dK~!u<iTkVm(5bfMrD?0ZQid5)nnx+OX=eYZ@xSb6`Xxmb<ezEqHLuSwZ2
zLOV1ww_5w=`$Pc`Xa49}lbl+ajGE+AQZ;JHR*QIZG42G*3%dLf{*lm0!>+0>!7fZ`
z_!?J=qg~jobn!-Nhma~?hZwQsbz72&-Gucp|D@^f>dJ;?zpC)vp4un7OZ}V*O@=4P
zkCxQUqu{b&dWIM14G^I%WD{dA>y*tp=csP$XqwI97p+-pJRsIzW2sQLN@qb2i*h91
zaa!SvgHmgJ#V4nVHhH^EuEWGwd#6H~FXX#CCi+dYYsO3eANJO-6mwOx;~e;~GF|ZW
zWjPi3fHWPiWKtld{EQp1&-~;RxizFZnZu(v`6R84)*?X2O;0;PT^fZ(qp6iYU|-^Q
z)s@Nb>!@6dSEi;`bZE0pGaX=P&y!(~QMCAAqx~=s9@T>)!-z%2&O~`+@NyXSyhYA8
zkcFiS&fcqLe5h>*0&Q%TlGJp<C#{xg&*(U!7+4{irpeCKoXsh&b-p+5-wcxaS{&+g
zyU1C&^>coh&R{SHYF-<`yevNBS(|bY&fR~X)ZFphbCf{IW&kGegAzv%PK`F9(v_vB
z!IchG6qoWc3?+EbO@+ynWSo0>6ayT^Nou%NBYwukT3m#z;jkF4uWmIRf&^~I1S}=p
zR=l6XY?vd%b49z5DRv)kVa-h~FuD&61!aYlXzC)K=A;)3$Gx(yU&wD_oG}FJx5nN6
zq`i|@1mfT39{G;9;*HU<oFy$McT1}{A&!|Z9PBjwacX6`Bo{)|*9%WaC_r2!7;LyA
z4^%f$NX3@2@B*%3@-Hv5hm%NKwh9^bjdy>+T5~^(ax|K>q9$~8bm&ycuseaVUUw8L
z&jY4>@dA$``>az)zef`eSaXq-*HvOl-k+@wzxsq)Pf=4TRQOa7l^0iGujeIg!DaWB
zrzT0RPnpf|$DSxxdl|bUeVef+&L){QL;mBAF$k9)8Q6Vy+P|xEiQ!=|t!R6@>l487
zaIghcnbj?DGkxAUPi?cwiqj?zW7EnyW@5vrpi)L%$%`Z@lQM@Khz0XG0$o6?${d->
zvx5r>1~2@=l#*iQBI8HGCt#fckZ(+AF`(a00+FnqN6-s0q>@MMB>?&rpTUAZ*@Q&b
zV_i&@i?}KxygIlwz`**9RPEj&aM;p~!VA2pgGDrsh4%JoRT&q&{G+d{^HE7G{G>74
zASXKDVF6O>40lBP&Le{?R1bHeWo?M9y%Rb1MEy~$=toAJC8xq>M44Hh0_iL)S}bUe
zTS<ZEdglvcgH{4I<v$)*xowT(_KM*JJ^K3293Pp7ONbHmr<)~!65l^0{x5_*zf?N!
z$sFOR&yuUmKfGuWXXhhbp!eBv|Nc1gzap0CgzY%->jnGpC4hA-{+~hw@&6Tu|EWAn
zw`&A4gaZo5C!JH)G^wLs^Ppb_57h<>mg!3|gbw5+LZ&5A@(diNV7f_X=5te~i~S37
zAG0vf34_5#Ky@~BzGrCDHs-DZluY0GK}>6`0tDO2+<pLB^^$Klf5yZ0#m7Hod_l23
zNbB_3>FANgc`|S3YK%`Qx%u*u_LkZ8@1^;S$ik5(wH=G%H=kB?5#=x6<I0|P4-O$^
z2aA}oq66uZm@Pc1Kl48LgDFkQ;uHj4!CzTCulV)Jj?9ggP#7EO>liC;EDlP1hvMW8
zgCotYQq5(Vt>lr|eOHm5Ee!&B`xAi$EwxeD80WfFLBU``e_fYpEeHfT1x<|<bUIEN
zZ9k9umlEaEhue0@1Y<udHX7q9qXP7GXow&Gs?+<B!-a1lGL=2y!1RT&;9$}w!za{3
zyMjQhrAV(Z=>wRlWbNU&9(+ZO5wn<4X{tt`Ds0w~3DlJ!2KEnOLD$^>rNqSHAKqHQ
z-%ngaAXUxrUuse<yC-4C5dy^V(jOnn&Lvb&N7mPFq;U+SZ;2saRRwi}bh_L*DZ&>H
zNMp4|o@^BDwUGj*!@mhbwVlPHN-dzeqV2t?Fosd%YcBs%Xxix8rj}oxHugQPMiF-f
zo71c+mN>nYZR+YKHyiY@Qyu`JQ%zoKsp1Y@TZX1RtD9++0m*aT4-8@9O(6`)p2%u~
zMQ1DyJbf3cV!RFkZE+9NJs6#BuThDpk~{0w5xDXKN)3nE4~mlb88E$axG5dwu%50y
zDigd>J)*)C=d#dd!fHQkQ%<~*6oP(%wz+<Uck^AdixzdG<EG*u-at32FV3YB?H6sW
zUB4TmU>)@m9ydlml13-+iD94XrJtYYYrA>>Uu|0Xf@^eKbQ)ww5}P8ylIbaCgGF<Z
z<vtT&-x0aF(FDUxk<%PRIVmW%f|!9}3!P$@{-$O-{REAK86MsLJfyFu3he11kyBD`
zS#&JZ5<(1`oQO|6KdZz~pXUiBI2Ru_?|~T#TZCx7e%U(fZ1F+3!y{r>$tz9u;qs*Q
zfdvC`CSxYmBzo(q`e1?BguY30)kLQghN+s&BLgljg>tZ*7XAK!Wax`hBZqpOgETYf
z``WA@lCG)5ekVL`%)SMq2-*$LF5h!gYtJOLr_Vczpz6#jug@L&vB}jjXb|w)q<?v>
zr8Alw@#<J<;&5OMo!J5$K-AVi3u0E|a$dY};Pm(UE|}27F;B-jqEEi%{Na9+<=S=;
zBTVZE36JS0vUiFmOzl*_(HD3ne)LK=1ur8kmd-S&tLg=KEcKwR_MWNk>PqnAyeDx;
z4YzAOI98Z9B;HatvpBPr^GgD%pO_pB*PWU~N|n8|qpJNuRbhGI_oHOWNU%coW&k{z
z`}HnG6pf1}$Z$p$kqsS>GxZND1!*UQ4z0{1<wNy(!d&YH@-G2enHKf&eah|ALn1H8
z3_dDF_D>0k)qq}QYg$6Jb?%rWSS5wzk+K;%hf^<z@EP^(_3~;U7oX>KYW<C3$4zc}
zQJx{{Or`zPCOAio=8Bu@iE9#h#ojM#Q)h&AA)`6`8dRJe1DPjI@ud0k9)3g1gtG}S
zgxQC7qOj9yAUcpWg~M&s2Z_3ZUT0unpGoH${fAV5;Yn>?O)9l!juW-iI(I;6$Xy{J
znV4`02LIMgD;1iL!~&GKHcIEEowy7nn7-G<^)Us8%-_l)`PHI(Lss89*XK2=G}?iX
zCiOibuwi=;9b%DO(^_l-EOV3x(Va|<{r(~lpQv+zQ&TWhT%r7=Q~qbfqc`fVj?+Cw
zR3Sv+>gol-t6&C~5MC@QAxS5uBPQKJ^@1;idj3>n|6_S9XW-nEbZ7+|WhFL#^Q>(u
zLh;-)YoQKqZS4Ttyw^-0-EPUpUkHyPd*b~4{*&5~i)Va~59LJey>1nE)XLR*Z6o(s
zBq;kXe3d&hQ&u{LxR5mgoFDmRNZG}#zS+3?E1ttF;v`(6!}-@V_t2(J?$^DUWKAod
z6r(XeSa?UIfBs5Wj!82v!K0|m!vEEmQ+g&REK(dSo63~t$fvJD<~B**q7l|y8<dR-
z1s#a(cKY!Pgfg)_$mAk5AE=HkCnp>(sjOyhZ^zg0{pZQ+w%4Px?(aU2EiVBv){6fW
zy4m$R=}iT;jvdRXg!D%(_8px<E_P<GIb0qWN+Plrgvf45n}`3xK!m{i#KiO``&88A
zKbY!7c-E|o$|Og3aUo~g^%s^ox?j~qtn!n8{_M>xt?z#DcN&>4z`u$~L*(CGqN#@R
z+Yj&{GH4X+;V|2dk5M_NomBw^OHX}P4^sF#4&FTbj~Po}0#MGEfb<E^QMU1bzoD=1
zufkG~rY5o2j#J)0vOc^}9leOK*wrmErTPn9$7`*@Z9gD9fw67${gF@QSkB-?G`rj3
zOT61(==LAQlKMMezxZFe8vcd;57XMUAcU67=?8rj=|PI=zp50NQD>MCGKzRlWFoW^
zjbCk}x9B|=wFlaN@cgb>m~-?D71<tEYdm#94}KWn@5K>wU|#L}|Kph8EGwk0M6^MO
zk?O)1AIAxnn07ifqV&p2E0&?CC=3f<D*by9ABP1;do@bp$I+;^=-gb2f{9lG72k-;
z+qY%|;|8V?9lZ6t83%{s$p*%Jdg`aHrEfmRT>RkHoRrp|BUj0GOL@Dm!9_oqD6crB
z+g{g_4;Q$dr9gjV0uOl9F={z4A2gy_rT|apbYcN7^F^UEM0@}4JAXDZx`ZVlckWU5
zuvUy;cRuP{zQ5I?LJ^ugOhIc8CJC&343~wYsG3dTa=_L^NGSs3s5?npnp{d}msdcq
zA%oCgP?E8~yTqksUioMX?Yr|I7boxs9G;*%ZqQa+T;GzOd|=N`I@$TYXQ`VZ?u4V6
zABI6xccp`w2MRi4G`mt5gF^d6-LbmpN?JO(aJY?vTMLlf;!CeFbR;7qqPB3Q&o$y{
znLhV`06HnPRWYUsjB}fy6+kil$BpGzb0b$#g5t(0Yx&POFD}x7F;N2`3$+6fs~(U9
z+Tz1_Fn2mY6h8lYy>P7gxUukgt%pL+uSy4{r=Kzvbo~QsP;U3pH3455b%y-NfQr!#
z+<IYD6tJ4Y*9!*|^-~6Q&03>2mTGz3I)~U65vogoK*NL0hx~i9(QQ`fb$#JLwNgR~
zGU+>yo%ef%9xz7kb|0x@(-|xfcCTU_F!QQW1uvqgRX^Xol?r=V|CPmNeU>S;x1BqP
zP|#pNvXF+1dTZ6I@q&2*o0)|T%OcIQoGG#F`SlENU+<sC<3B@q;zMEZ^sm;R=QZ{<
z$;8YY#;di%)j!8E3^{X7FXiB>N`k;3ff=Z3H5n6Hro#|{bFlWfmzsoHinGJ4{UB2h
ziq5K!eQj8}4IN3RrM(2qi)sIAYAVdKf_Jc=D!eiMSu#~b`%VIe$AV+0boqw6C-^=-
z-a#lvk0J(1x7k~+Whsj&1uq%&DcZ_zf!M<vpcNA%3<qGH6<ZC3Yc_BF{XC*FRVVC%
zpzv(llSv%Ib~V=j_AvqM8txP4n(~X(6^y$|a8!~DUyN3>LN1sAs<)#brXsIRDhVsZ
zv}sf-n<O{ck&*MrpSa~s)VG2I*01+F#x#}|MQgp+n~;g7z^(h=GmpAYS3uP(=XOhX
z5}61B(QvO!5+A1LHZ<m^Z2Tm(YFD$yu(Rb^dtTSgDJ*WT?=Ao7O7eley0hBR0Ufnj
zZCmMf*Au}QaIITJ$t&BK8h~h>wEA`^1g{E?s7~Q_pw8?uE3FjmJdAjdVl6ilo_h(n
zTk2ER)QhFtmecU@(-t59PQ%5kz{<7}Y<e#T@oHo#;z%RpzIvL%uSFL6IK9wc1&kB1
z(t3-Y*+XAo>bqm%YX`2PXC6$Q_DeebO#!S>?n+KoYb;UL#D>1a)>KADXy_ED+A;%~
zM~(QOBHQvuiJ#mE$Y?XB9vXe>KgUB;ZsDzHY0@OADX&d(Z=g^n6-KSEk#QR8tLZc<
z%`w(kyi!oaIH0XLKbZT}RQMi{u9_P@Cm08oX~$wY6R8cf5hd+I<|Z5Y=(<F)&b$H>
zX-pinX@76&&hbr}8-Ah;@Cuh)dK>AaYWX2kJ=Ynl-YwE?n0kXBT6_ra4-C*sU**@(
z!h3{PO8F)$6FkZp1DwfZXhrL-9$44lYD^&#8KJQ;&Z3804h|7=)^C(sI5~NOG)JDC
zqfWufU!EY*%3wpq1H`kqa+f{`9Yi6%hT7#cf-7Z;YX*z)AprU0;QxUE0|3(tAG-$k
ziOe&0+{I_AKk&7phA5{LYP*Qz<Z>H4G#?$5jqg?&_0>X3Ty;8m3lXGn2~ZfUJyPUv
zwmJe*JGU)LNhzfgmd|%9XcGe!oyGt;mYR`ku_bDiGMFkQeJP-Dcl*rao~;(UgXz|%
z$~~ZZzcv1hyzIA?zJwtvyo{$xATgZ+c!#Z>b8$HpM|7e~{rwf?Zq*e*ec(qrW6tgt
zLAeGgjzCLq);zJUa4gq%pW%y}VgY(5PHUq%2fq040-qZTR;EiCW>cOy)0BeqP8Dlg
zh4RSpQHwfJumT-X4EWowxpQzv@?t{y*yxm&<3XUQ!YynUYSQ0QDo2~S8YNdvt&{_B
z<gF(l>*iK^sa#}feU>ON#Q&y@i8kaK5iC!dG-y>xG8m%DKWP)iA)Se?^4KM_p|^Z%
z-0KkQAn$&fk67Y6jGy{sSW|PCcR&h}-5xX^PQxiQ(E*}e;sHr{$FX{GCJ_OI5}(W&
zYjlDJDMO%q2mDfa;Mh~ApGL-FH>&fi@3d!CtGtCAr_f`{7*gqxiw0??D<I35GlF#n
ze(KQgBoq4@k3;Zq^Cqu<fSaNx!DuQ&oWz7M6bwCBu@?(~o0`VtbakR!o&mmc9I3JC
zJsR?&7TGP`eHS~nB*y*AK;Ye54J6~i(>TPDvc9six6^im0E;&>{EWp-E^$#iF0TH;
z!rAGg9#4uE&+~|&1jB}#E1MyS*bRYAeokdXHEE^Z8NlHZKvF0Et)0&DabC9%Yq>@&
zkAeny-s3#!kk<}u8>1YUew<B|n7LX;CQpZ~xdl8LiUL2PqD(V8@oS+@N}Sp{<i(_Y
zolSLE)+eST{fM^hHf(M+;*Dq&Tw@4`-Ti2a<l{vyjRm^c0b2Ksr9k=V&>ZJPNClAd
zDOz0}*Ot*BoY)%0G+aNg#~<5kIe^4YOX^Av)Su&|;a;rac0R)D@(hT4EmD5=xno&w
z{*Do*kK!Dsnb?YsOMng%L6{))s!_p4SsfYOS-tlbuuMitxAL~&i>Xq&aFccfERQ(1
zxhMt^LfgalPOEHO?$aQ|jj?GB604h4@wt6KR*!Jly-Co;71;HYuvIp7LSOvj{K4xV
zKgz7I(WV=13w6~B9w~j}ip)W!kPwq7;wYxVc7RZ$*&QuzPpZ);L(7JGFNa@<Dg@D-
zh)tui9G)V^*sLm5_}ks2Re*y-fycKEJbzk}Zsg?}2+m&utnbMK9F?^jt;3|_qSqg4
z`}wn>;Ano)WYx@*1ASMD^1>n;kanb!JPbMjS7vBVg-0mjShb0nH+8_Dk4LEU+!)K(
z#V{=$whqDa>f0@Ta`Q)#gJh$RlfQ-?YP7@WY+}e##D%M|sx&X&{5eDZ#{aZt`43kx
zpg)!(Eq?~SUL6e6FoJG=X^zPV8%ePNJ*tFSqY<99r=NP5F9CHv6!l)acJsy~T-eDT
zo(URN94qv(xn^^={J}KSjI_80^(H~X>4|vE8}8l%kA}nJ*=}LHUrRtTR2Pi3x>)2{
zSEBPp`y`)@Oi7~Em8Uf)u=2`zYx9d!RC~X~8pgkv(G_;rHg%6T57FL!LPpin*WOkX
zCb&?wq*hp<pfmS8lSQsNr@M5j>)aG?u-$QklsIxov4}S<(`(NqjL*=h%cOwfYLm!b
z+7uQ$8M(VK?!pvXx)G|zgsHLkKwndHT!4cRo(9QIL>RAnU3_nHwq7O$3a)({%qr6o
zK}KH!WUKZ}gBa!*j`SAE=(1g=FXB{Q=f7IaYj#fI?`Ge_g+A7Q;Va5bLOe2XX8Ez9
zcaGKh{YHo}gkr6Fe|t|cQ1~nU^EVSMdBDx*Kiphms~?i_j&)58W#5gy%K-xtq<1Ou
zTF>jKW;;Sr5HLEfM)aP{XqaT{aP;Dy_JXEG+h#bcMILuRh6c7#A0lM(y5P=|YmA=T
zqYlWPf>-C8^||9sip>|CPP?1koeg?lroVg(R%sXxlOAI4rT$uG{<@ry>03H)92-S!
z9*a%cM2fYIvqjn}a&g@Qy*+4nGg!JO<Co0cUPfG+0Q=sF2<BI+9Kt?Kj3k4@e@a{-
z8p|M}aAs4NxbadT4#e)2*IE)_Yt?VJi_cQC50L=FUZ7oqth|kt*Hj&e5q;<1Xa%9$
z&{dP=(klN5;g-(ejgqYIZ8Dyj&zJcJEyGvXzN8q%2rB4wg?SN1jCkBTn79O}JL(x>
zzx@o82#DyHO7*i0GS4%$>aZVXN6K%CK9mf>ptp}Ow3G2&x2Evozgun<n?(O)XRWy?
zOk3}mq)DqyPS~p-3@L<=sFY7cq=hjSgm|l|?sMw<Wv+3mCKNsI<{cEOGTPB(t>S8}
zv|%-7RRd1y48)PkeUACuXHt!*raA=-z5Lx#q`x7mj_)NBrZP+A%c4qYCtXQwQsvGU
zC&cGYn~Ostj#b1j<{n%EfG<(MlmAI1Ijyl3$?cimyq}CneYdyxI8{DwUa%`&0`_Ev
zG<QY78&NrG>()JmJE_CsFu}x4pdX7!9%9HwFI|B%SaxYDnvQ{iQ36g<V9uM2S|W@)
zH<EFTN<FQAvXV++J3GnprNR4aXzi;v+20UOX`X8=d!Dq(J;3=Ze^tQ+@&_k<M1zeC
zV!HY;C7e;{%Dj!V-OZ3G`k=lBE=mtR{&Ep14Ub!_EddT8Mf)ZcVp#X8W8u;AZlH$>
zItBh;*e(i}oSRKuw|=&~W$mxr-q49TpK4sE0d44T>Z#6;E{Wfl;-b}MDd`GYMZ!e;
z)&*8g<*Lb59H2^I5J)xhy)oTTuIAv~OMpsJgL5hUk=Kp(0_-K=blnuzO(E-Dj+~;s
zDDf?y#TEF;n1ELMG&ZE&#yu|qA!C`htY!}#qC#gV-S&^fA{ft5kO0P#JWe0Ajsmv~
zNAF9(9hmrRaeRzi+&V=Ucbrz4R9NY{zB>j8K6be)86+<qKzzhMK}XBS|G_}4SvF01
zO{3viS|JXT**D3X*^)4hU7_tJP{~Kdkg8)Cr89DBqN2!L34}$4za?;af139^h>u4{
zybhWX)u?z|kVrU?<fdpl_%=R1Xb&Bh-T&-*6tE4-?Gmkr2p5V2jiz<`SqE-F?5PUJ
z14bs{U$E2ijwaMlh(|zhE5B=Uaju)QRWpWq`l0$FcDfYVAD1!c6^xp^k+y2{FhsKz
zjs$O{CBG22vbB!+zB?bZw9?c-x>l}|+|Fe1#ij6t{jpt_<IenK!2XPJr?YMtTmO3Y
z_$44uzB?~N>QIEZD=D*W^3VlhYdc*$ev?9NUiO{e@VAeRWD(S~tqB$xk8zR@?Fo@c
zE>&V;qPpOdy8fIY176uFHJ;<75#A~@mG|+cu5*DA&DH=wVey|W_z!$0va31)+ph7S
zKrmJmSkgkEGSz7GAu&<mN=-n>+81tJc<J=AS7XGj8?qX-h)_Q#1>$(wA8t)NXX<g1
z(-7VaR9a8`*D?;bV6}>o?B>^=;c|2qr?$}{k<xOdh4j3IT8Fbfc(yK33(kJq<mNH&
zd_FdTkvk7w{X9B*OOh`-uF|{Gy!kza6>FcH722LH3}X)4y&8)pLyQDa3JB6K!UG!$
zifl`*ZN~EM&gm_jGcz75jExgooULcs!)t;CA@J-pqNK=)S06JO%z}XIxAVV!Aj|1b
z=a1DkK>>*-fG`FYuoLZXT9uaiH#gqz^5gxnl{S|~xJ`0aJY*0WbqT=z@YQ+wM-BZ?
zL#frGWm~+XGOe>bqc?v9-f+J8&4VSjAz9I2zWZ=jLvopU{BCBt<}c@$CfONoLT_~=
zgb{Snjh2UEMvw>xF};wu!j&QH*hW2Z^hHkIaZB%;>#uGYe1u;Da#=6z9mnwhh5&V+
za?VS@_UeVkyHz!Ve#tOe-p(9Ck)U0-L>CA!W1FFgqrKN*6>cP(%)U%2ru4y@e-TIj
zizZHe9*VRm_vX$N^}-X|evQ0Fx}?m#9bU8)b_w`J2-`7AznG)G1l*&21<=fRqrT&O
zmnu_;(NMcF&m|KZWU+BCrb?MSOr&mVGEQoF()QI}ky8<Q`>qN{!PEGKE!Bqb4!^F5
zn=yBm$YTS5=6u`Lhne85i+%?HnV3LR3&+hQwp~Zh!mT1Qr<Ba>k_5lzkMr`l3TqTF
z77?`(ZY%~}6(vw6<$j@)r>oc1%VA7jhTI#-h~UnUF+6;1#m8h?J%lPUVYmxLLO8lY
zt-s^3*3X^ft~=EVjxTGgftGK$pRVLBmiA9EWE}$+nh|6SgUXAR)<_sx6tRtH$WuV`
zqOu=<?DD~fuO$`pNlDhR195C!SMF|?u>9kJ%mf@9?%6Es5ylJ9G_qLcd!Rg+xhZG2
zI;ie^D~8M^7(Tf%ln&yk?h5T1u3VrxC3Hx9Sukh$u{C$+tTnbY{Ye3)@ap92jg73n
z>^s&~rv0h97{&vT1i1@%d$vK^_r7PR6H&T}uxi*``0S|KE7r|p*XN5-o#Cei{N=(6
zd0-@J;bR(z7fnW%ZN&LOeQ=WxGq_V8+madcrDEeFuB@WenG=jE&yKmn1A(GaZ&owV
zOM~ggU|)Z?Hoy&CpANT6z~OD5Bjk<GK~Yq5Apsj~^G#lr3m{zdfaU-)gJW=?zo7k8
z^6*8#k4BKs@FO3=>J0z{5b`rLWnadihtmV_Hv;-zoxNZ>SJm1LN&YJG7rOEJcEfGl
z)y%GOHosE*;BR=1`8wBMO!59g|EI9OmS=$M^X4&5S$W>lWp<LV*%`m@Zv95mFoMN?
z%cP9MCO@L}*VWz-A|o^mMw}ub$s<;4?f!2y|Np*({ttao*A-3BoMkV}qIw1qWCam1
zCdDLK9P}(rO3K1zvTN#xNbl&x1jV$9+V%Zt^XZ`$k}v9`1UChAUEDpgZ)9K|-{CQ)
zX#g{y@cKR8?~f~Sx8%Co1?^{EhL_|Rz4qpK*VoeWbK<u8{;R=`uGe7?&AFWADi@f0
zF*%3O2uB_s(XZ;|KV(yl9v7Kb+emQn_LyL?`tA7>l3Gvw*y86KO~gJ5PHxsB_O&w^
z=RZNgGHJg5DCG)1<*>+#`o1g)hg%o7dz}G&kO~Z@q9==mnW#G>M>09}Jhm{F?#8XA
zHrCP>S7R`cN^-quQw!6;cePeB_9r+V9_5O7)v)Bw?RiaVhg8GI@{7`O5$P$Vh~Kcm
zM3I`eRm(*i>DPablan4$JR$5P`}H<uXh<Bv09xj1Il>(jF~p8DSUXcN{j|m=g&6I*
zPCD`kYw{FUTi5MUz2mHbuM^fcP9LdMUb_)%HEvJX3e{y`>Q|wQ5Y7aKB6s+CI06e%
zXA*O+{4xD7OuNzWRF~i**V4RG;k5w)5QM@pG0~ZfjD83eg{Er7o7}a>q*U-{olS;%
zMN--D@f>6g%_iDMl-{7C&d)KyJgVkJyBs?1OzI@$5E)|~?(+cEKjsWvjRKPrq&y*F
z^XsNYkikGj@~jyr($BLmv^AdR<=di*pg(B9%k+shqV<awS7RFp97Ptp4D&sxo3b?9
zRKhgyFHpnr6T=kGF%<&KQ^p(b)|MzGjNX1(IuOfuWiF2n&8$Sk!C;eo#4+V@;H9GY
zz^IP&OMpk8fl`Qly2iL<bwQB5&apVq@g6RGjW~*<A_EoU{9`CI^d@O{YnJ!WMB=Uu
z_rXiIs-fPAL^W?jt5`ev6F_TOyl`IjtDI8vDVY^57EQg-;r4eXu!tkx_(7Z0CNBbh
zHgcy*OQ}S1N^sPM$KF%&=jUE$AsI)fAAP#^)9nBNDj^_Uvmp*Ti-^?*7qn5TGBAT5
zFPob61%`~^wd3(L9fc1(mF}4xoEGU2!4!WS4DX3kA;W3(9lPv3P5792V{W_TS*+!%
z*KG@50A7ljJ-1jyaA<(s4!eVw_fx5ld{OOn?hn|wM`GI526TPO$I=dz7|K%^&r2ye
zH$(9y08P)sIg2T`E>fN<GbJvFX|}q{vYAB=9MQ8aVn;2_9`!g=EziyY<De5L<W%5^
z?X@PKhy7)gco6QcnhtNJ9JDw8^mJuNYAN^wHHH;Fqb!@wo4yB?mbMZL1pBT%dm_f&
zYJ*&Id!zv;ud5M#EMw{9r0rBAQz2t3js`1mFQT{7bs{rTA(F2uh>_~1bWHYx8LzAh
z<Mp|dYt=&G;q%qEUJhT6(NGlvdQzLsuB=CEe?GL1g~t(hf%%95tHn<aNrf>;^R@?M
zS)b>LmR~p<=+3=#7g3j26hKAOw>uN;dGJ!J@z8N@wznTV(wSlU{08-8i_|%6-9Oc|
zdtqZ*|H{?>JnxC>NG1bUw?zfElT|y@vw+`HJM#rnB{kmZHQ@t>1(<A3-cR&iN$IC*
zoe*u>L9(#0K~C$C8>LwT3-mK<(5IYzhYU!tXyT{VXyrDx7VlJ(6N{{2fg`1ckZfFM
z$w{T&PnYE75XNs=$#QH#Pz7{FP9^PB<y2@y&b?1JZh0gb)tLBCnH_&Ab4IDFYJr?G
zGa(z3DpjZ`4CLy3J1Qz6v^_Ai%iko>-Xa@)v%E&6jH1hF$J$+Pho3lp2z8??|4ra*
zWXC{72CkGBgUA_}mp|mSmMcd13ccSAQ`DmU=Ab@bu8n1I6CkW@FYcuD_f40rk(Rf7
zn<34YFfd0ScHco5g-$o-O;D`-vPMcoqFtVEpxn3bccGiFT(e6bcbE14Q|N4{Uq)t?
zEQ<F>t0gb!J)gsgE=KMZ#k2de3p{}cmA-;E1CQoMZyOUtI_C43TLw4zpBqEplvaYR
zBtJ=%qZJ(cpsw^O{EHGTKE&jSAMLNDyTh(}=eMHb`Wz2lyZPcvfR%w*cf9=q@RMXM
zk7KO%R=9@s%wpPPj&nQV)h0z~5=UDph0eH>P~wo2fJGZeY1Lk^9z6w}8zH4Dy`v*p
z<|uFig<@e*-7u9kX-E;9KU8u$WvXq<TByz}*Hu0Gwd0W+EYne#3hT~neyf&|rrA6(
zkV#?gh>92(I{{1q9KBz(B#@18ShqUgMS9&Q%Od*RYq=%kmYTt9oiih#s}L-3Z`itO
zO;SMT_KBmlq$|bMxUF0yV&2`#lw_p#%y^(QzIX@1AmKhx3UW(!XI$saAJDDErb9ZD
z7%gbmC8~XUoaFSl5ngT7oyEEA2@I^76GlB%xw?!SzzkrReRZ$vt7smH{E)c#2-J|C
zEMDFxWlI~jmV2Jo?jE-XC_xi(k9vSP-OQsVb^&2=K}+-_{tLFZN90wVJ&fsQKf64;
zuR6j$scv0Wp&Z#~|8%*M+*mms?(fZ#8$HJpV@50dMW}$e)1@y$hIO)U)+WpBQ`fw!
zcCHg0jH+<hva7yR3AEvzkSJQ18|ZI6h6VxQyjf6%&}<!rE#6F;7w*z<X}B!jm;XMk
z|6$qx56%34vibizgMZwwlZ$kAsuwD`r#1&$fehOw)H>X54kpI1s<4o4nGE$JDrv8Q
zu5*3c@fq3o5fIvJ`U`#iZJ~Ll?0+%n?(wku8~wJ>sF}`fwRRnor$qijzb!QUD+>)a
zd^WXG`QUH(+d}(`>HlSaRXNmE50_c3Dq>Y9r8cq3sUs0TZJ+fTgXq?y=~hif>ms~A
zv(;1_bKo!V3tc!8>bCG`HZXiXGi?*^F%0>S&QAWz#dVvtGd17vezii=;#j1`cw`nk
z53c{-5nNssIGJmHptvIbl<_#_12zL~vlFD0!Cn)Uk9vC#MG2|TZDQ)$f(fv3cc6fa
zHQ||)broa+kGWYGWluXG0(A7d%+<<NALQ6~L=tMD`;8r<%Q89{4I1D(!@0qJ1N0kJ
zn*}UFpgYoLbGA&MLN5Wg{1y5iPm2yJ8Yo#A1V~O*^DtFGIXLp+tV({LB47j51{r1R
z9`snr+s7~nku<Wx_aDtSpwp33<$7uiYI&T&<emuqu6&X)3-OqBgZl^^mXcH3JH(Tt
zgU(6F@6VI_rP1GCpz9Z7GQ3?J7hOVaaku<bV3EH4L~tiwVh`#8UB#2b?bI3H&GMn`
z+_`&V**@t~x+1T@LEoE73JMKz6#J;R>_y;6{roMqL$Kbj;BBZFMTLqwt#M5@yynci
zeiIoCMutndDMn{Fs1dW+#r4u)yIB~>96wiwtY&eijkWM~l6fofH-S3FrY36Zbqris
zQrx6XSQLobPebDox6;mxRrg7?AMvR%HI>I{6CYQcXTJyAqcCIVX>MBM`JGOV#MT~U
zHhP5kTt6p6;8lv#uUg7P>P^*r3}QxUN9J{o<M_4bhb-M1S7CHX5PJGfr_V^a>evNy
z5)snfyg~!2RG*GLqay%YLTD&@19-qsLAW@Ld%y9Pnd#LiTOlb87ur->_tVt*C7^$-
zQZ(@O*IPVsYhhh4^aKlA)}Nx4<kXDAyWO%U5ba^$@J{CFjtZtv(c>5hJvwiSj^|NF
zmz26q2_+qv<0l=)_;K0${jgd8;;JH9|1#)(AqG86)i$fgK(ZRoY@L%lV1@iCWsjX=
zu57+BZ+L?j6LT4x@L)pE2#EvS@!2FFd!%1FyattkG&O}6&dd8or&Z^Z7|c<<)X`%c
znL8%tAVt-+NT!Kw3l%DA&Paxt(~S+Fw$iWs42a&mm$wwC0qqN&!@Dx7F50}BPjbY@
z%YG(928?ZTrzr$wQ&enSYjbKX3S`2?vjq$8)p<8MBj}$X6ILL#0*Quqbli}pa;1Tt
z4m@0TEx(UA-?IIuJ<fkV(|Ik_p09~d4v118j@6E-csK-%;ip6J4%MtFr*PtuZqD;B
zVP)Tgz*p0}W-Bay{42ijLXCayq56+LQS-qr)wgs}IMq^->%%AXSnC1;i|l8g2R59U
z2dfhwaMb(DN<+r9M;l!tIqLK>nb?<_Zx3o;0#*>or<8v3XWR#ufPgdF;fu1w{&DeO
zX(?j>*>cLNSjt+gntl9yi>IbQMk#u3bl0?Ot$Kpmv~vrCJ?Gq#j&13yaeC5Izv`W_
zPF1pufEuss3*{t8ZvnM%2^}y@iH&sIq!1wnzCPhtiJ&Nt*)a8pB2^uJh8LA*k8mEI
zoF-50D%X+4*Up5BAe@aE2M9Km6Pod9OQ^2XRaIazF-sf}yF^-uJeFsbg;K~aCijzw
z)|~A^{Kib%EAFy3KFtD`U(+syh75xtmW@N(w74{TMNF2a&j;QFU?y?=HsIRsAXrd;
zXu@f2Id(~hE{f%~$s$<OjW0aCD=M6mU7%Jr<6D7^Hknwx`VM~<)PKm-l8&R@LR;2%
zy&~Yw$x>Ei39TbTSDCK=d;)2JEEhot<5-GePv6u=e^<Ywbp?YAwpH2-|BWwUdhirA
z^H3pW1wLM5?wPTNoBW<U@e7yn%_Pl9rlb~zI~T*uA%~$ejd8Eb)eLwF6q|Wn+EjD-
zsKR4Vw1qt+T0hvW5}c7H+jpHyHz*Z8*7x5k)BskhKzY`FUTdEc|2dd5p@CY>LzCQg
z)M?>n&&(U|Pc}yfSy&h~ml|e}2U&t0#oj|7c9sgG9Uq^_J*g6NOR*rd>=tOzikjAf
z55+MTNVn2r4$_nmE4M#+nIo7wK5T29$<70W6ts<g-D$=~F4bs=2Y{<c(8P4wBV)So
z7{_@?;(aGKjwbu6A`ZCn0Yrs6j>WyVN~=N(T#+8K@eb|A7~eh6vEg_d$1=}3-$R+5
z4V!4Q5vPUFh5MwH$5x{%$dx>C<M`O6@vnHuMcMfXRVUmgZ*gDll=4%Tl*s`Vcdt(@
zDmpraRSU9~6^eE6CdM*8mNwjr4BQJQWA5`SchBb4N|rmb?U$m9dbfD@uhr7h*yJ*k
zQTvT#5hsRmih>@qgy>3|XuWLKNpKvS$Ne$@<t3o7=BaI7!eD^7a9pEZFP%e|`+<Q?
zKc(|)fk)WDL}-vD591UF3WZ05ZA=C|negTk1KWPq`OpuO-(oad!i=eh08JY~$Podl
zao!-x^K4dBK}I_i=((I70Vh6TnE8sgVp?jB4|ESONY*g0C^U{;+%n;W4eB-|3s5|@
zOvU85^AP1dq>r9V<T&swDwmGQ8Oe5Cni(x5SIZyOzR-$W>j^Z8KX8mpdsua07Pyo@
z(gtGQBsKAR<e)y8Yv`4$o;6{YgkYiH=V)^R+-Donr>KZlUH)+a3^tt#!;CHSaON?v
zgjPK26h_Kf+*<~FmFboC_e)1h&=1!Hwg=AT?2)QEDiDNZJ3U};S=4+px^Fkz<xHh?
zR=H``%zu}cB-bjG_uKx8+W;pbaV)ySRBr;nJRu=r|K8mDQOMXpqD$2Qo8EO9M^3&P
zcnNVi2P!{i{6biX-gBz{%fY&ke!6dns6=0ArcMcJS;IXf$3}ZmK>g=VTyRWYz_eNk
zbWt<beumMFHlufdZbQMCmVR^U8D8Y`WNOekbfnH0`ZlQ_LLvL4|73!IUXQlEJFAq@
z+5mPIwp&|*sW`auq7HU!a|v)W`@d_x@c-h`bZ-V}ZiA<GZzX%M;cjw4&Tv1DeWE3D
z2PumvPfE0Cp@#A-jaBl{ik|&rZoj(zSB>2H3Lwx5B#MM3H=FwW<jlfr1HpBU3cC|d
zv<*?a9F}4qB?*W+&hj)q#>Q`?%eiqB%N?~QRW567i#ra1HWv8fPzr*Zz_B7jx$#o3
zd$I-t2HWQ|MMv@e`Rz6s7)-;3vsEgft5hOR?OOk5ke6Twh`<_6w1F^)#Ffs65r8Hg
zIN#6Z9H_0^$8;5<s<t0?XT*k|ho1Nr_c&WiMxJ^&Vh2W&&Ijl~MDaEz1Z;lQ4rP2u
z&grnzh8dNbt4-kHDerU<udZ2k=L+7XjTjoZg(_JbRO}M)Dy*P1QH?L}?%`19M)I1f
z&xW{D#K=qGSKhkz*u<+nYG%pXLz&D6^ii(pl$?)@)X{XTIf_>nmKtZOULtPn*sZ;G
zz`OLvdFCY`|2v;|%MnWTdub`eRJ1HfF?0YqYjd%AFnj9jjd1o(rYyoQ^xYex?~2_P
z;!jQ)UiFAO!~b64pV}UzV>K%sBaCvf1o0vtAV#|fYl~FQ-}B%Nu6G9CglW@Hxo8Q~
zAuE@x1G_~g8Kf;m+fTb{8|vI0_gwZr%+z~o%U}6|T&`aKx&K>{TVL7iH>R=%S6#w*
z<4DO%{E#Fb#25Eyb;5X5RqoV24y%?oyzR!Arn(zNeAP~7F}5>ovEm6CK8Fg_7dL!&
z%dArBJ8df?MjQl@I<6?MR#;q)Tka0p&urd0mcR~P;~{5Xk&xgFBTf*CsP-VEn)z}G
zSm4vT=nA?7j0s!<=4kYWm`l#IsK6kkYtzD3DM#ozN6qOM(Z0vu)<&k(r$}Pd$D0#g
zEmq%`XmjIq;lg@wWbUAM3Yhu^yc9-6zv1|h6=oEze73KiZ>-<bb9s@d-^rTI3X7Us
z4!|k9M6l?#)6vn=N)VqgjTXK9!Q-5!jkRGyvn=y&4~0x$d^?xyo4?aK0)d1$fUe$d
zb2zUfY<M<8*g8`w<WT+4X+LOjG~~5wOu!5M*Qa?WxyxGOZo7ynX;IJXvl^cl61cOE
z>Rrhxw3XP$RXV*faT>rE?4{Vg2^Axq=o%zMb$?}A+JoqR?zL{LPD;U0Wa$PucM*ME
zvn}gFXKi7Q0uqvC%=&g#krz$VmbgT}lie?7B#Na|9pB4--nrZ5%8`W`w(Ja%C$M;Q
z0AhJ`-|3NHG>>9CM3T5~03O5SpxMDQiSV_4xS6{?{D|L0)rfNZPSBGSH;%;ZoX~**
zq0p<{-xxCbn&h^v2OBUQ+<-~r2jj=mf%h3O2;Lpdsvl6WbR1BwhHxNFm3XtS{oI(j
z;ZvgMn;g>}OH#e8s@?IM<*2BKa>9}%ow6C10J)ghB|-fa?z@ESi3}~z6^;7q8acTv
zFfOrV48e(cE+gHIZ-cCPfUGbbjgDTU7>oz-4$Gw1!L`BfLjHOBe2mJ(v^g1{cZA#)
zo@h8{hJl;xV`n5a(Ok_uv`oNcTd7nVi)m59a1Yg@{Za5w_QF<8dyPm=I*r1i*VWhJ
zcOrk3C76sP8QvVnlu4ejV?k5rUh={Ke33#GB9lBS3z2QjO@7}}zKLuKc#=P=-kS9V
zM?yC%IA_4K$C1r;;|E}c2z|D}q>}4tq;WVd5~9hz^=3fm4Ho9R9%*Gtd;54~88@4n
zDHgR8g(!ArCQO&y4IN~PLiR7^6eqN>{R+o!nLMn3l$b0s4?zr@GlCG9ThY8%$A&Tv
zI8K^-|ECXRyrD2Bq^)Hf;gIWEc~dbS=JM=<MM-zRIfsZm8M?v1Z#7;xnfhEhTFkGz
zLD?p=!sS-c`V9Pwcq>bhC1wk;S%l$aMBQi)pZ_dy^>+_`WX?-;s>IAl%k4dPz*^Lr
zj@}@YCV;ab^`&%n@Qb^s6LKa!5FZd|30hV~s(X;?A-%sZgM}K1`t9>Cj&;!L85W-o
zjY!Y0kMfP0g6;JhGRqj+%cCAj>nWb>O>GOQZwtBy=yni!Ukfxsg2-6tmch!OIub(t
zNNZxFX-qBw<`JjY&qm73Pq!FioniOwTT)n|iDOxo;&ve^IaS2SKvXo{m5tarBG^Fg
zz7$S2Zcho4s18kF>e_x91Ly{i`>ctgZH^PfDU4{f()&8=w8w`g&s^e^%CjGIW;KP^
z3G+>Lj=kN*?r7rB{F6#@5RG<NrnIGwiV;1j)avK;&y>qErIzHp^@@2vs;V~A$v`Ym
zYRf*y4#pCpblaoI@o5Thtei=)%@HzkU9j8oXOfopUnr$C$1uuF)kqJeh3gHI4b@dL
zRv{9S-vo(&0H1)x)OQ_HYGC+kEMQ3`D^&&-j;^i)TAJ@@v3s7R1x(#Wyn@{<hZ!Ps
zG+7g1M;1%f<Ypu-4-d~+;G2YKiGsZouLR9S;S`vMDjl#maw9s|lpULlNQaI~neS<K
zh8+Yhiz`t!!#(13Mtq_;;{uZS2R){O6$2bKt;WzSfsoDk97zi23)y%GDqYHSQtx)R
zw5i#TYlFkFF>!WJDzZvK#7I!PWsGb%=WMmDObZ?c(rr4bz9lcFA=472=fj~Y50cjv
z@MZk!`4{8Ec{9Gc-518WsAR-my>?Zq1#%HH+J90e+2tHUv}+%4N|x!hWa?^oE7wFy
zL#d6Kv&%xk!n!7!uLw0*T75{zaX>rkaR2?aj`EYl!qvW`DaqGn8p!!3X9XW>R{uol
zDom{XXxA~d@Y7XO-C8E2tG`d;dHTu^IG{iaVt9N?X8lH7l2dL;<iY93-ZT06S2FEq
z+3zj^cIZn$5ao?q1>Oo0N8RB*pPERy6^Dy(=Hg@}y}R*7%YPXq{|?x+w^HX%Y!$W0
z*el(xUY`5*jyOg>(U?XL*lbE%Gh^3v33$ZNR|yScVPMV``cLetolZEXzbYZnD$}ie
z7MEZKnuKw|H4!vy;f*m}_J*Jo$^XXQdq%aftlOe^Iokva8?eBD2_gq0au6(&C6dVo
z5p05p!sIODWfO!ENkkD1h@4E$V4Dmg=VVMY8Iv=<TKny@_geR^ea=4PjyJ}8W1RXS
zRkgaSyGzy8^?fzx{2n0>XDUw%2BVzRIa$;13_YZ_EEa&d*A5?tP(*etB4v=fPR_T`
zhq^6+F<qBu+ux8|U2337-o5d}31<0_U$~#VAo`K5doqd8glqmH{;{1z?U-9=VyXq)
z+xy$?9q=Oaa_lUozZ$d@{YF;iEuZ@e6l?I*BiBw7tEI3-B=_e?OnKxPZCKynU+~@v
zSVB#`l1~RiF2quTCCw{mHn0ZLTQltaH}dU}x^i%~<=tM8>n&vBAV|fFr?l&CgUatx
zHT<r9FJsh4lFpuqGyOP2%O~F6?DPtR#bs!h8jBcNud;TO%oepxly}By`3-|?%VqN{
zqwV8#wn5*IB8}J=@_NeCE3ak_$51xN{ANAq_kQh6sk?ecAoESP0Pip90Vo>j;qGAC
z;KUYvDR_STCMd7ZN%%*<u|Jrv$sbC$#sYR4lR)OaA>J|RPZFX|#jj<F69(#bX{UY>
z#%hZ{66sVC4{9`anK+ari$pT>V{XAzTvnnZX=ItGj<Ov~&V*L=`zN=}gr8lBL9I^n
zyzY_E-504F5Bi$?rF~;4(^Sr`0X_2T4c$NP%;DKb`bemwtE^-D$4-{IF!@EGd1XDU
zez4n0_X@%vP*JMgTaj<JN~mD;ieCjJ&!@)HhU{QvP9TnVs=nrb`AM=do7p6{-hf7}
z)$?EWoWl2|>&8QsNi3VZi|_s<DSI7zK~Z$bbd>j_=}dI>RsSjR0v}(Az4*i4L4T@e
z_{|L`-DZ7qSG|aBj{TeJ+y!=cQNBkV@dY<b!_I6$BI|Z4@_1e@W=#$Z27~Uf{`R*n
z@^5}H?d$J}{&sGVf2mvY<PU|9G*5o7;X$`)9~=J;;_M_Z&E-#pE2*~BDKTl{UW%O$
zzU-&I1YI^=5PklBKS^F49*sEKQ}XFkYwu<?05y}@PM%>QN4%$7A|>kzg#mZuahlIn
z>|)d5(+#&_%u|W4JZ6r5)pJS~3&2dW4TP|NHGGD5=Dnscc6O~-ExasBH?Q#IuH_v=
z{oc1M(y5c6H#h9~mGaHyy=5I(apgoB0W!O&wL0(RL-~R{eTSbUg2IG+D`UQc)PwtH
z7efbrp8^;6lu>aHU0y3uTI+qCi*1v+H`iMHewafQ6bsbgx`$nnze4`V@VHRc{|nIq
z*-g96=Pz56Q$2J-Ps76s(wgV5v=48vEWt*Y)}Q)$-79}XDo8VY7o!$1nxwa=1j0qB
zZ^eido<=g}pOM!6Bx&+<$QJ0~cW%oZ14yh5swL^f5~AdNQblWKkK4zJzRr=EG}EV7
zcvO|-gfI>9nG7HS`L8y&8Cqz^sW8V7S2lAItC~zarE=fQ%GC*~+lAFzv6WNGTBCWf
zx3JjhzJ84ycng{R7{^?duH`QVY)tMvk_?hq$_41kyK`FAjuUs{Ty{-q4Sa?1CM4VJ
zf%~H%tKKPP*~-AiU1k<Qjk@-YQ&P`+OyhLf0s*H^dRS)A!5VMMKWKb^AoM-cysPAd
zZE@b<Z!S2$E0`+X=98R{%6CwKOtXbYS>T(}VIZJ4p*6Kjg6Nanl(vi6X#QvRlWt5#
z`Sm#YZd`ShWt(*fLkt;(=(oLe5I3uPYiAEZu?#Gf3sG)>M=py@%NXb{o!W&zvjjTn
zm^&ef_%`W2e|_4B&)_}*5oIAD$Yx1P!&#X63|YDT4`SdSD1w5!bKhyySUz^MbcAiL
zyP9${>)`2s>y;(DWh%<f&h)s4K9!xH6Ng-9SYiwQk{1+J!!F(hGFd7t9X?y^LIxM6
z;dd)z$;v5dStC=ORZmmS_9s{W>O@?xR@xw3Aw2j<56}5M^-k)j7^br5tVB!FOnh<K
zR9xf@rCOp%cdKkR7rE3^9+u5lnqL2#4>ELep-_^6v@51OfK4(OMg-T)Q%9+H^47Xa
z<9YsyPI*;0yjg_0Rc%BPN3F(`kK5V0eUz1^WoA$g_q5}8cDdgron^bM@w!Fchl1<a
zxs8Xbc;2E$9qM6@^`u1@c4G%R<upy@dcXtsQHjXC515X~F_-n3%8<XhE6CN)Tojtx
zx!KHCq4!~~@?#RdjGudUeG=p15>w;RRYdTX-i3nj7JUh;xodfh=-5G2N$21OSCP3g
zQqWu+WDD<DUR>0+U0xDO@W!JtXM}x5j&-6bP<~RRUq<oI>=ju4z@4so@8#TrS-zbj
zInH2rgS+mmGf{cgLmh7&BfA1SITsgMH@h-v3Ox77Ze@18+AO8rr~|dlc4UZBZq|CK
zRnCMU@q_OScq?f2lm#`ws^QUu1_ZzKU-jSs(V%m$;QoRiz6ob!QPhPA`ZUk>e4ywt
z#lbm=fXG5n&HdESvE0<BObThoCL)Iq4`erhyN|x}0q8pQ{cCv3<hGOrp}Drw=6b6_
z8&)$VlnPb<?BRdv?29X31-OEQ+mn*5HOp#Vsg`I;%u1>_l{3kA?%HD~u2%_g7hNbd
zgxSR05c>M7CP+Qv5IT`%zDxbiiMI*}m_pu&22g7GJHR7T)-<<#HndIt>V^b?Lu;z~
z8Vfe{H<uy$w0G7A7uKQmS+Ot{K`kxl?4a~w<m)+gmms6p!s@~_j0CWukC7Jh`nTye
z6gGBIfn#J`$`~iIV1a<sFd<7AmVIz5DSvUEtJ1_OR60Ffor-sF*v}cI$j<yE31I5J
zK8|zFT_U2Axm`D+H2B(}{HB`gsEu*o?Bbb*PG`F&t{2So?HEvH8Fs<JrR*^#kp<ay
z$o!PW0s!!4A475fb>lr-+rRT$F7;3;rkJ%0F*yVYPfD~=)>`=Nib;}_pQMz}be%yc
zW`HlgH`N5JB$Ly5Xhtw7pj^Q3qgP(gClU&I6h+04nB{EF*`^EkUL6NBU(C<_RX-PO
zup0ENAtg-}!*hcc!(SdgJab~<q>mn*hDH1HvPEg;BoX0s91ZX-xzVA98v)vMl$D*%
zn3M_6MZM(0+|uaD^f6@-DAy9~Sq#TOP3EIDeI{3aSDVJaYQrl74v$PCvmQ_-1bM}@
zV{m-xsqY&=rEjw%LALg>Vd}35og4;LeO<QF4m*Rg{D0jvuv;~Z(LZFi?#t}3{DGMr
zPT;@&u~JegO%fQtktgNskv{!hDA!i#Cy9K+H2~mXdpczFp5ec>64`gaV!-i(jzcU4
zr5mV$o33=wGmqf_b-K~3RC(Eg9eB*NR6~!Vqa75X%bL#daA%`LhGuIkOL5C-E^qHP
zU1p2b;>_5G_I1M*IUVSxV@yuwT2}RQ&f0~tp&2m{Nckf)5lD6lRT{u^R25+wLWVRw
zwXm;)l>|Y-cgP-<b?n-1s*K&`IKolcVlQ-A+4b_cXq2N$7b?r~iya_9YCwI8v*0-`
zkYC=8glUIIhWgWr+59o`8kcvD%@Tq~F}R$jHe+fh+G=>%Cs&DxO-`AAK|*qK?t4Pm
z;4ErbWXMLi&`y(53rjT3`l``^u$0FvR@9UnuJ;*DJeVb7hmQQ$GRz|%!D@73#&<cv
zkDx~tRQw#_>1WbEXovcQ=`$ONY8+XEc7~(rteLEE94^%fKpHz_#Jk(>tJ%EFfSEhs
zRI7`CMmz3wC@PiU2&}nU!-{@u^Gt&?T(Hs34f9DW`I&BGh1lxF^&VqbaElhxyWsG4
zO@^g%O09a<j>G*--c3vuRCHSShJmf5^2@-8DK&hAKNBlaTC$RvnQxx?N~EsiB__5@
zM7M=pel%l7-ZAyvm6h9}Pqn_k-myE0RWV>_)98Y4vkn@C*kd|~fbPGis}yCUg(iuq
zi1?H%nGaFPuj!Bs$rEEheBO6_{gS<S8~)>ng@5KXT*p&jEdmk1&{{(=mh=_Wc-^)8
zIEwg$gnjmts9oAwqd6~D<bT7J;^G;5Of|$muNE}^^1Ep8tKW>lm#pKcK;9R><o>bD
zT_Jj|qC0Kj{?*2{bCz*J^yS1!%SVlu-Q+?JYUj$nQ^%qrXEY0&RcgJRDTuXZc$O`%
zrh!^rxoxGC-z_$G7TC1gkY?mYw8-Qz3L+1WJqwo>PS7_t--J(e<rhZ}Q)fSKbr`^L
zybZvQ)XqHJO%MSA`O{U=gjy2x?l$ql8o-w<<0v$P@ec0~(Ja#zABvKjH7RQl5voA-
zZlE_6cB06=>ydnqEV+v^l%uBtKpfTZsRESfV1=#Vw%t1}ZfIwoxf0>y#)t9w5pO+8
zrt(fykA&i!@{w<J&+F#l-(IOUp${3&ZpQhl_>!&0?JzWNJVoHU1d^gtrCgW`Dmd~t
zX2rl$ex>@R3Pypx+5M-C)vTX1>;KiUUL?SZ(NeoGmia`|W@Se`TlU!@%?|G>DIAvy
z!;_Nm+vI6+T!t!1A=nsNwH61cbX{o6%hR(H8tBf^t)C>gb;WPL|Ls!b>i&eR7Yzdb
zP%KQFC-)1e8oHJN^XWr&qw1;{97(REjIQlNz3Xr`zNc*;6q|Eww@s?NZSFfT8)i~s
z@wCc`Y+anVf>8^L#>L$OvRl{9#&leJ-xpQxZfgp>Kb?wVF2r$tl~h#|oN{Pw<-vaU
zdQDs|za3b-l3FQ2&G$hZp{Xr4#|$GQI=6{dwoe($@<xxm1#HS3Jmtu6e5au@cQy37
z;Wob;9ZgZ8gW)$mi#pGZk2qz0t_jfxrBJaLSD{xmjB-q7L12)-qSdEpLi`|HrJ%m6
z6ImTVy{e^SOiDC(FtraU{${HDy|4epSI~ed;p@#EMDdAU%cnmSJ{f)beQ#}EKdJbp
z*2L}Qya2+V3V%`8zq9H3pAa8ewquLsjF|E7Cj<eP|2X{0vDb1&dDW~NS^1=zo#C*2
zG(Logu-#&2GVXJupc(QutM0U{Bb)^=klw=N$xi|Ati-ZB2_4-Fv^vh^3#g5@fpRJ&
z3;c#K+<TC1SEzyhc=9Mrap-WCo#rt*+|o$d#;AC^@$$yk4g8>S`Ya^)<L>yHv|awX
zb6iko$>X6iCe`OwQR#F)IwI0RRXPJ3xZc+iYI`y_kx=l=5@n*=x`yiz&5+^PTz?gx
zYUkF25EVP%ov4>qETj8DW2-!;DV@9#Z>9AH{Q;~6CCm!HQN=$o7p4_L40iLBzLlku
zRk6tA<nxy&CZg-Y>kY{bUAq=GQPIay?^YFb8ss|7#OzgVlNIJCtCXvjQq3&v6=lu`
zXlG?s%0JNNbb}#oVdrBzh4ih9w$k#=?F_Qqi&+p|mw+bG!10{uA;siMkwo@X7V!D)
z*k#jHp$R?IWn|%rABKs)7+cQeOfR8wihVSVS3e?6(gGTIe3XOb<>sXohN>wUP}W`(
z>5Sho0~6gV*QcY2<13V=THzyUOelHNFe+<@J5qlsva<!k2q?f*kMHZU`yKS;DsDz@
zST+R!OA$t$FUx4pl_Os$AV?qfD24*dOS^eKL<II@Cpcj$X#irPk!5Ch@%MlFK|!CP
zYnjGIVtSX0;qj4%h=#D*qY=KI<qHSV+i#5mKGgL<pGFe#t@6LDU1f&ojGUJbh6?rL
zN?3AX{J`Zy&Mfm7Ze~GML=>|@LIlDFR6c9+UTE{<q15o2G<?-Iw!*Loe9D(W8s@n#
zoLygo2esRacM#Qqhby&;4ewT8&yX2u5FD&ll6<!J-kUX%8&zoug({<NO~p@GR5=at
zcBfNjtQp_zQ}bGo4B2EFvn`NQp5gs9qxY-f&ijqBJKl}XdKHm$oN@}lv3SMBtl1@^
zpcg11dJ=Q#|Kjv%7Ole~PD~x3s}FYZ-|y^r5eJ6*hp7*&-kllK?`|YY9{1rC5eTcM
zk6Q_IyKYQ{&v81z;yi}f%plHfjZX`7Ax>W`!gn6b6$IPz<*8Wn`72ewsF!I<?P?ea
zmdL)7!0`Og^h&q&@Ven#>B;;)!rDefP!p?SMueji!p*_scJo1RFWua_7l!#yOfaUz
zX1}3^MMkd;@9!I_-hYU)y4*Nf)ucI0FfT3MU~lp>0xPIt>`m3ubjy#-bH@uv)y)!k
zgEK`r<H$zN>e`)Qejl40*D)yxigMw-_z)+y!p?$3X&NAhb|~N|0cv40-R-<)(&YNu
zNy@f~yp5{_mMM`F1E3A;N(Kw(azI(5iMkQX5F$7y#AWO8qe#liQIoql16$8_veg8<
zJneO>O+vcG)eF@#rq8cBX<r0wJxmF?Qg2(P`7znR+jk@AF<vcSbc8^OS1;TcR0nt4
zX|leT2v$S_vT<}NGq>9H-;g`?b8|HhAFbu-qZc_|(LGI32y1Z$L|N?KChdL^ZGV_I
zPQZjD1>Z29+8k(ZYq1`HLPP1Zf^CI4BHpSmqn3TV+kc15ApZQ;_}_ro53?WW8mUe$
zxT*bEaDkI4N0c>L%-BMba_ZP)?lDFTl}vhEAePre)}lbH-9@7$V$Cp{Cvr6((>~>w
z@!Uj1BaS3zbaJCSAjgH(@38jDqP|qiq0(Uk$+9Z(;ZbQ3Q#1ii^2qsB#oBorBT8@w
z)#6K>L8?EeynS4NU&bX#|Lpz+Yr=(ZCQ%7|17SS#>8jMw`75|BI5GG%Ja=E5iWF=5
ze*N1*_LUW%8sY+Co#kO2%Ycl6WUA@3*zEgrQBAPJ;{)*aL(|X_du^(gV(^CeEd$Bu
zF#)ji*u7-gU?{T<f5E_Tk|q<I(zJBI8;XR}#Ds6L=TFs!;e;tw>mQGTG`NgDBM`?f
zV^n>5SmPfZ{ex2*X+eYY=p;K!F$+9vu%vylTf0NGVgC%-yje|RU2}U*;g7Rxs(E5A
z79$#>c<svS<@G#dCBA~JJhD1t$raOqIn)@i0Wf#7X6YbOSUF;`PS=WbX`Es&+Rs|A
zYP;Gp<j<OGl^T`KJv@|zgjfl5tiF7*vE1&OgjtNqEpt;w+JM|`47D;?6VQj_H)#;3
z+9B4-h>#J>)1WZ38WaL#U87ZYN?ovHhZ|x*o;}>E&c0U(qU)s%wj5ET;q;(Y(s49(
z9N8ulLq^*(Gq6)3VXC&{TC9-!C7iD)8NzaJPTePuykD4!(hA4~twfTg7>T(|{_q+A
zMvN{NDZxS6&RY<S*YEylG&&>=@b`i4Uw!@8Tyr`m%T9@^kdK5aGycx*)<Xi8%;!Nu
zsnAAwt|Y^v)sUZjC3sEAaz`PkF;U~k{2Abi-N|C>CC{v%unyk~=5x)L+gU^BVvQ|Q
z|H#2eZZ$o4?z37>T)*Zoq4;N(^35;&t<(&sNSWr44Y_~h<Uf#v{G<MR|HuJ2NdBk#
zjsM>?4pIDPoHBi3WV^{j#OyAp9X;ViiY4v+$^^irmFGJX`3?<>@GW@c$}hM-^0t2O
zxz`XXQRd@F(v57Mx&RH0=UsT!Wa0hNX0kZ%*a{$k<|oNLN^_o0H{6s|n0umikG*d`
z@0&~k8zyyHTc?o(QCN0;)PB<Rpe0q|tbReF;#L;Nzik1B%277&*pmnH@dx(HX6FT_
z=$W-xCqDJbgERpZQEE!H(LOjFZtIuKY(wF@_bPmZyPa=)Wx4QHlpZP|1}UpIIE~t=
z?{n@mwap@@Ugh<0iawYpk{uu1u!&pWq6%Al|H*08UQlX4s{Z&;q7xSRAle7y@@N|O
z_UliQp@>T2WFdp#0|<;2^c^$eC^=JddL)7Elj@$*6shI$D|K@0QK;1yK6((#Bs%R=
zTdEm1&(ypE;eT8qs_93TSMv(Z^=N&uja^{0X6V8|&xcvAsey-0!e=nUu{QZ9$-`Cw
z3>OaLaj$)SHJ|0xg#0^tp7JQ^EZ<yaUcxEv2zLM>+%OE~9&XTA33Iv<`6W2KLqnC3
z2DLoTsHFvS3qEva!@04@*@S&TAHp5tGz*@Y4?j#6QgxxuD9*}#Ga*QM-Pb}XoStz6
zSq=bQA3g;DZvSm8Vhl>Ll~h3;JtLaYqZNhnL^HZdP*8fF8Q4&K@6?pGOI-#t+1>Ms
zS<GHWKUmIrW@VekMN989XFS4c+BwNarv8o13$Szjyr_Via@H589?2ptEj+A)NUV(9
zLcm~YUkuI5@s|P|SyE9eirDEMX^wNLiU_6m-tD<w4j-huw6a-bp5(2KZgXZL96v-U
zyH&6ris0!w$NNSzf&N<>#S;4Or<+0`QOC0^p;gGI;VrM{2e8shl9aTM-0(zB?elr9
zw+A`?_iLK&d4;fgvSCNfNI4fXnq3kf<UM8L1Bl^2zsbHWZ!<m611f_wu;MFcmD&WP
z^lxREKWY|8$h#9ib@+s9PLx^_ezaRTL8*Pw0(xVylrByVTf^HHm04DGIB~-ARu;MG
z3;DDm(a^y3*bK1XcNJ{x<b^eng;zUQ>y$m|c3bzD8lVu?ZWvurrEfB9=43mCvs)yt
zWGhDFa*hPSEP?`mkD&DMVvKy3ZP`o2Ds=tz2ebTcc0tRRrg}XrCBC3)%{1)5TufhW
z@<d?o(j?FYfCIex_~T;R%VSe5uZgKmx}EL`N!#nA`ntoc5z~kTM)RPrM{z`=S^n-L
z^9`pm5>l&epYA4Gr0xm1z@b>)pbej&B`Rj5spT>&GmjhbK}kq|fi<%-2fzv}_6`j-
z+NCzW6%rjagd&{&YV~|R7;`4$pRT2|nZ&sWgGMIko6=)7eR98oL(a5{Hy&r5g!IVR
zLbOh9{LX6oLw=0phSD;>&_&LH%HqTJi7S7|Uo|2DGRD^r9cGO1N0<`{cYnx}Ig*%T
ztKG_~UVkhNdtAYAcpce*91F>8`(P7H@i~6Dl5##{RAigoz8PT=M2V2MY|{MisYU<6
zl5KB53gz1_KhGIdpq32B<zTu8ps8AXjcLb&9bEZCk7P^a)5W5NH-H=+giwM0lq_S4
zy5V2?e}7JX!TsTFYWBy%i@!Za|IWwN{$P~SOM$gxnkN=r;g=PG7EBIA(3TCWPu$VF
zo_U62lB<6^*Wc>;&#dErZ5D_9x6D^%1GoQ<Lo*3-Bg|mYOV~YgJs{eL@V)~2IuCn4
zUzh4G9y;MPWvJzBL5c4B@>N3|cu7VYm(E-3lNH~XFxo^;1O_5B9Px(m=N&qUcf}d1
z@X}3CtKmbay+2^LGWu~ah%Uv>{mL77Yb#q{<g1u*_7rkK*yo-KY;s4<*)_jBYohey
zky@peu}*p1GnxVUzKSTorzNV}qAw$tC`8oT+N^=9bxQqKCH$q!FoRb=Nu*AvtSi?_
z?=?OiHHPi)t~ZHBllz^e1j0<KQ4EVAWHl^X#$*63JC-#Z^LpTmhYl%vHM)W316&iR
zW^dU<7VW`g=_6A&MF*+5(`hG|<|*M5V$)1wE*~bm7TV%_^FE48F1|=uSbb8}M&802
zXP+Wx5uTRlhz(#p;=gU^vtQ4BtyyS3puqHM>pBM)PP01xBMT^+v-P#$`z3z0R-i*>
zz8l9W4tH?>1IaIf%$+;+vV|Tvgq(qj(I7T}P!c<hpv+|GWPt}lSp-*%y)h$2tQ^kn
zYKAiYmbK`j3DxNLL^-)@#nMV-<T=^B+JIQ)DO952aA9|J%-D-DrQ(<7rrNjH=?n(u
zTEbF1Oe5Cd$nvv1Eety3Own>ajCoJya8x(crosD^OIo6HW)k^TMRg)n6qs>9OMZW8
zOAIwf5s2h)_A)}mR020~E=cYtAKj-Dmtjy;v<GJ4BTQ(I*1+aAi?qK&$vwt-xnD}6
z-D+PMN7zaYe%Ih*zxpLT(+14f(|z;7G_@X){2yoWxCd0@k?r@TFIZ|oEy}v3e6(=H
zelAy~v06kmJeRsh{{0C<Yt^YaO7#d*3DJ!;3>$p-5>IqWvohU+{_d0}PNb{RK^r%e
z`^Y?zW#L^TJnulmah780b&PB!qIP}&PHme)i^QM_96qL_Qg;==a2EM+m@CgV$Ie_^
zb5x!P0x3mEJ;x9sBTqd*zt^d-1+a&F{68PwE2*ZXdAwT1HCkRw7BSgcYbSkXIC@)e
z2`?Y?@DR3vWxB6S*4uUV>Ae$#Sew4$h2$U&u$8ka18R>Rqm{D*m9HtE^>D*992Ulj
z`b%%lN#3=BZ__w_4M*Pn<X~qkHu|K`?{lqj_tVq`p*j0<?$H=~AC71RvH$Z@{);VF
zf9w(3EuC2<0uyY07ad{E<Yb;E5Qy)0?@u}v;?UAGyIV+ZBTUWy&@R&*Qywdsb#)Fb
zQML1<y0`J&_<o~KVagDw?7czCDQnohx5UGV&0L2@TUGPgpQo}$<<e*_wuW`l7k&s_
zNUY3BYOzhRo^q|;iS3-t6^cG`$q7XN?F#>|21r45=7XZ9pc&@6k=q9j26@$qwn9Su
zQB@IZon-itiw9dixHEqrKuQY)P1N-4*?v$kIm470-dt4PZ0q)&a`GNL7e@3X%m@nX
zYQ35vUr^FX#(s@oP;GuO(qY2dJ|^C#F)duJ&hEFVQJ~P&JUc@*&#do{$nOf{UW4_u
zk1pL|@%c#t6$qA>hx=&~LA8#F)$ylUOmUEW`0nSh(F<|usI{BaM&hec4k^a@I=oT?
z4o+s$F071OY&Z}%5zo9t20JVA#IU$CM6FhYrVk>b)oR@Y5~LdzhY*=S?`{|98D6$2
zJJp%iwocrzFrO3z$JLMra>XkBB-#7Qn);Ju{c>l-+u&0+X|3v+o-nNk?R-yhYqDoX
zQhBP}42S8r2n)*r=u@Ci#_Y<_$nr%-&MH9py!(y4u+r9BC(KWhH)bP8B{`{(x;qG8
zeG@3;C&?((5NpTV0CVilmYr6eLiLz%?Vm;_o!#pB@O+6E*ThDq7FDu@?>1*a9_-%F
z+n&Y@4cEF*6!4T1+y}eKm?{V1L{d3`<`6(J?knHU)z*I~$rkrLVb9KMduU=;n`U7>
z<dQKvgJ!hA=ByGoajjSGiY6NfG&F#^tzmPK55k>gWR*{C<vCu&xH}2ft`oqTarpI}
zUJJFOEl^oq>W+QLQCMB40FOSn$T^j-EpO{Xtx<mHOF#`7N0YanqFihR-PVgABe=p<
zPXf2S1U$QkC}z{GT>v=kEA>fywE>N!$w7<ln68C3r1*+dX&gE`DaAA$G|biiY900g
z>x&stMGV-1nQanpboTU(bYy@4mzz~IyI@U9tc3-tO>QaB?TFP)FD}JB!B&@QPDHW1
z1X5+U2#j-nhCf6LUM%D9^)at*&j9B}dIv*8e+{4%m33&e3VnR=lZ23|E<}t%mQn4Y
zQ#EA1aPaW;CGaTBudjO}o&sCFJp-PPQ!9+m8^P#ZFA?o}rBqU&Yu}pjI=dFis?>id
z-G{u8TMGk5HTO8ts(xvR1BQB;GPK4{pSv=R4wk|y4<fnE0kc#k2S$VIPPRwyU)6iU
zEJ&`|y&xg^qpzGD_dUMxs^LtSiurg_+-<ZI5UHV(baEsJ^aoV$1+B?aT2+4UM-xho
zT}GCz>XX4k5(^!>o<KI~ME&ke%U^nX=`hDGQ*l{kA{`kOy*rt{ZP6b>EtlLR3_eij
z_6oa5dT<QezpDtnqcT9nH7IARS@2DJ?1{R>&@~Hqd6!P6bEXDwD{Ji2&60oL&0g1N
znfvfY^jLFY88#4K+h?iyRR7^@s!*bO%dj#MP-r19Z}Q$t3r-u#3Xkz1+FuStc>OtF
zdlC^h#%`en_(^io643OMWVnE6mYsrVRP-n^j}=oqRgOobM@8r!of(Al8Dkds79u$p
zw2L;^KpdTrPG-J091LVF)E`|-^%F=HE<-}-m$R1c8%XaL?$f4^?y(Xu3F72&a&m<n
zwWj+=Dne(leA9wYPM$H!@pBN7r?e??knPJ#oj5fOsEhejxtpEdj40`XuIqwYJ+OX3
zC@&{U#`)dtlWQ*Q9CZV<U=MfMpCr>ZcQjAY+Cv2fTQ34>@Ta^UB9D@zXWDeO(M;|z
z=x%MSk?eB*;N{y45g+Qa4Vz^$d;L9#>}R3niaO#$4aT=KNzH+W4x<t<aYoY1{SH8v
zf(xkn^6T^m@~f4l2#%LC%A-~`xRol~C)PG^CozLI+UjbNlO0ZUj0$Dnx<SBv=Y6P%
zl$?Bd{>_iZGdE~%Z6!mQ&g!o7eVLSn%HyNT7IQoKB7uN7$)L*C%1_+EV~ISm+7Yf*
zN-jpx*hy+V?K#i)Wp1=lRd$kPUcPxymqXQR3#A&$aEsK<Bo(w&E1tnFclcP|jWx96
zq3X4+XyV!xbbLI`8g9Eja4*3SrS3XyM{-r7z1nwB)q5!^?Rjz7?hQJptgT(n@agfi
zyHm-xq68eoCMjOEJk7jb6UmAu1it@IUwhm*2Y$90&Z_pzGSdio8|7fm(H^8&)cSa%
zKaO@%aJ>Y`$v(oS)OhgRJ8;IR7_i2}$hJwlktj|9JgzhwHVvhQp|SWqAbX5&2#AwY
zXbZoc6@IPbS%Enpy}zQRl8b|TihXQ=y-)0_bkH#RCrS0S=eIyBm)!Ig%c6YW>Bcd^
zc_B1FjPVo_sF-yZi4H+@r&0PnsANnPiL==^7$xl~r*Zb-%G~@(g0F^Y{v`2=zy0GL
z1G1DN(7tbRnE1k=5Sh5yEMm25>z6~4dgaRU)Z=3W;ZjZGfMgFD;VX#nW6M5$^FPP@
zf3FR$oajXf2)deBO~hnyK{M_1Isudohtq_4k*?a<r4k^(!3W?v4$0pr3V9@AP!|81
zirqPsEO2-~_lEJ}6bFkTu`@*4n>3)kKMG6-@g>ZJnKV0cOigs`qp0`RS!TH7O9j<i
zOMu|eL8TE}Q~9jVp>q#oAHOQ5`w(<}0s+IG0_p}I$Sc%^<-1j*B!>|`Tc~CB|9D)k
z|51hXf0rcvkDdO-w+qb-Yv|k~X3Jh=)4Pr$k29GeT8+yes{?(euD?)b|9F>EkS3YH
z-0XLjm`qP(q(Q@WcI$oe*A`Hag+ag7FjPmch5*o^#b_zEuIBXchuD<giIOY%?X!r|
z{sz|G7ub&BUd5@bRL3~rHKmL5pr0gHzBU)kIzKzK-^OQuBoS8%Yve22qMm3`x&0*{
zsq)yUEJ|d6f=dz-$r6K)f@#b>aBy+3J=XyO7?y3qDiYQEE8=*cXgQnWMU%}&2r_c}
zmqVH^Hp!Sf%Y^<x(mDeTpf_o`qGjzc>h8!o1dVC$PQG@QW*Dy9qCMfBZ|UyrSf8R5
zpZvV$uDh^`3M9cPurK{~lTu<ddN{=#()aT1dLQL!SqpMVuQuE>pbeeLMP(sG_blDT
zBY|$3(C3iUCCvTmdH3}VZ_h#m@2Dw%!KU3(w?T6k_vOXx%4KES^;Tay!(2>vkO01k
z{!kAlSC~@;!&>%tbR13lu*`k^&8e?w8Zt^P9yal%?t|h*sP2@5Gy&D;vY``@iH!40
zhb>JXjiXHGxQ&WEg9i*}R69x#E6cDbX6D3~FtJ@ps$Dw5p11rvO-@N*N|$Vi%eZc5
z;P^?O;&OPolby8TZsiOe2g$7jiWo+>xp|2BmyAg2l{PiMpCqo?L^W$y6x%>f_Fd&C
z*0#K%7>AOw)pd@-$nbbZw-hhfJXaXAYWSxeu^t?a7cIWi^s@EdX<f(|Un*^Gu4APR
z2alqrPhj96aq{}OBx-XcDn0Z7_kDtmMBtLi6F<21h}*7Pp!7%n*_adq_AT?Ei&d>p
zB#^bQ|5bdATJvfRRtsj3dDFOH=)c5C$w>^`6=d>^8!u@IHLIp-+n71mjCYn=RSEv^
z)I3pJDdY);KyM0s5x#G2HQ@T=utIT6-{nqyh)83=ozpZ9oG}!x&;2-6-2vHkZYZ`{
z*fz_e1U<BYCCL0Fu?T~KA#s3aH-(zw#pfb1U(y<)yKo*)M(&zb*1L?AGJQ6TK(9fX
zt_4S8-^m<Yul)4bS<g*{>C?K?h0xH-r0`qz$LT8CNS5-$r%ZO0@1dx8P;ZN+dte+{
zr>$4(0sBK3hG4R0GM5@;X8?$=MPDKvzwS|I6RCcDlri=hT7W6_2>*icep$83K4;i7
z<7<jJD=|F{yr`^9I|fTEW4QGKSLLJV!I6!FdS=b2C!ORuL#ytH^<K_vmaDWON%qHx
zly3<xhD*{{0td|_QXId!y|3m~R4HQg31RD~8GT*B?IL6FCZkwWIF(NuX|o*47kjsB
zX{Q$nx!1{y17;rPFVL0J^Z6?dt)UwTb+tIp5XG|d^32#mJJhB>=llI!C&c@=cYs=y
zFsn)%m8A4#7HMbfyKzG0I3e7agi4hWR!*D)fe4Iuf1d-HCkvw&f1d-zvB9c-p99Uh
z*%JLHhM)e$u=D55*F;pXM0rXf`7g^F@fo(H)R^E-a%9bcbnsIeU7l0c+B5%`AQ5}6
z@vy#<Si*Ax>*#u)m@=|F&MQ}`KjbJrvsjP0*OZL~ZDDXnyauKX(57V$L3Y}B!xB}3
zrSY&=Nmcxsz=sEO^Wef+#P?@QinS#+sC+=gK=iGfjf<+~g(suNGo?ocn>EgWU8)b)
zkw8R#y?<_@Si1oPJ&ZGu%LUI48z+GxH`li=rozXfC+oJaQk)uaZ_JsIP|b2ycznIV
zxL>M2@p(z4=<HMTWi0GW?D?DP9$iS|qu+uqcw!D6z0~p>e?0j~l8J5XrG9+HcsEfW
z_3b55Tpol<V$inTt|ygQwJ0tNK$GbEW{u2xKJ**xG_|_<Kd1VCs{xx&4Z<?p*Co}s
zQ<%4R+-22?JgSM!c#H7tTFbE`H|l#=?%vlcamJ#>S*Rb@$B}W$I>fWl8Db8XR93a(
zHTUe3v2$Ctic@>pJ~_oILF8W~<~80EVjoQ<XGf^WRzkX+|2~h@9e}%KcZrWX(+DzJ
zf+iQ#Dkq`-+pBz(l`Jq~eArKYk;a`Hgrg^ezk2Ib>3WeF`Q#bo#N5#mpLC;(y>JJE
zrE@ibKw4FF2QgtVLA8H-dj4;mFC3HKgHApTU>5Gcypn3#zqeQ&No7$@q#p4{6X(4q
zN;^>4ptS)YQ=ugCw1e5*%Q{59rO^`AVU!C18$bPQYLGVJWHz2w;VLK+TRAdx<nAw>
zND-0XWY&1Uaiu&@McR6Jx0o@{cVq?sZ5+TGBzl>rvv5~t`W@53cD+W5v;)70mBp03
zV4(LPf_(1TFmzID8N{ZT3u`lKr`2%SEz;}Cpy79Jx;^x|j(Wxe5>oFo85F8P_^5KO
zp0~N?6?@S4#mq-0oZjK_pbBs8{_L={y6FXBi?0hhf?sv`Ag7tdo#`z<#+mB<Y^yEw
z!m{dI>ESBeEjd=$Yj+O4wX@@Z--#-kgy){H+Uv`Ggc*{GM79>*XC6rx3W44ns?glU
z4i3=BKR%Ss6Ltf$?xFiD^5tBNuXeJ`)4n-?IWUH4#Zi(Dcj~wk4mGT8_;eB~1zESO
zN*pZYEgQXsYyeaz-qNDl_Ho^Uu_CGb?8qP71?OVCfc-MG?|p!LR?1J354$RN4r^4S
zeU7EFNh^6VeKD>3<0m?nB^3EOR-v-_L09P{M!6&2I<P!ZD=$@Mp2kjUu54E21bu<f
z%z5Y^zs)Z#8%#)8cgcx}-y?>NK=+l}LOJgWN#VBw+?X|iv8$S{<F0|fUGz2bav$8K
zFX_g|(km%h5WZ9E7dFmi-kFi_b{Z{R)}-Ob+wexCF1}RSYFWKzo3&c25Gv5F{mR~+
z&2KPq;7cOA>}9NX7d^e~5q9Xd?`WF(_`)~z!?1;E{o#1X4EVvUf*^pdd&v|~LOc4C
zq*lc^;BlR2=*;l2GSrRvC02G3c@exRQ;%|B<b3^|THK@Xk&dO|dPKPj7dFZU)YCwj
zEN;ivpXy?9*k&@v^76o1BQ?6!Hw`!8)DHjtlO#FIPr*f#+r<aNyj-SMYW@6BgPAK*
z-%5lcPyl$D$Z5Z2)LOYThN_y4fjg&m(N4>L|5f<q;qj-rygsec{Cw85q`B#$F1V=r
z?qLgoBXX`#Ba;(`nbgvX#)tCx?b|TEkVjoYp2ljcw1X2Q&Ju8&iQsR~73I;pfD3&(
z16n=fyJ?XTzvX-?uR~AsiglMfQM=X<s{K6EoiLZ1U5@TvwiT`#|1~<7w5EpJwTV7v
z4+It314PuL_Gvk320Fnw&wQdiX@p5hL5jYMJ4n)LgTnw@VpbimGl6cvEtf9|>kc6t
zLphGc%;m9I9S>@-*|@xhgpcKzNqI4OSW#!?;Ivz{Q-2mt$enf4-3%z5p+76|e$G3S
zX$lWo<^Lv8bzPt^1?mms5Q*rH8NG*)&n6;IZ+{1W=f%DyyU#z&b5pAM1MG7d#*f)z
zmj^lToYjM~5uzUkgB%8<;je~X&*g?eN6&cqKen5VJKb!S^jr$@C@-~`QArPVxl+#6
zCTgEvf(ghiLIe-frl{ONL@AjJ6pg933u!BXxdOqwY<<pX-9aoYl%KlKp1#<LO&)<4
zm?M|h%)wwr)e`E$9qE20&F>M((RmHqVT$1_U70ot%qr~(?5K^ToO&6|wf@yXx(vLc
z7&T6mT3c6B`Jo$6G^D?Zjfwmu5!>A*(&t3a-UvSf>L)|sdHcKSbh|eb&b3__8VWxy
z>DOAL#=C`p`z$b>qPkon$vD+F_R7uvu9dw4W6Q7k7?Gap)ytyYsh3VwGFm<+ucoi+
zUQudu>r-%1;H+2Ccbp2M(`N~lZNTh>79)G^%Iew5qR~e%G=?~ef2jZSWaTeP6xSvq
z^V5_+#(%eB;8yV(*{~u8mrDpYTSMJC3v_$aT3X|*hhJ1}pzUTxW|;jltI|>QHuQ`-
z!e#|#z-T)c=RH=XC9Bkwj|wQ~G6EcG?HNEaoR%u_F06B<G0MI%vt2RwIj#E~j?f{|
zgy_V3e{l)_#il#vVfh+@vAhXRCd>px*)R6a<5847mR$twf&Dg@fx)Yqf(h_+kDNNy
zql8clHqeb_O$(;27%fH&N0ogy-+}c|S{GyyL)14IRD{e(cUV|@s_{J)ZtSw?K<1hI
zQ2KDP8Wlh8z?`V@Q4U%*E?SlxJf{BJb^eJN`KQ8vaml~`d}Xg{tHhcR_s!h<OpZ$a
zKr<_4Vl--mETP9KSu?J>f>-h<Nh9{?<}*iRv7^{;{ipVk8mz@!Q)<RjbO-WTg9?2=
zNi17-3z{~89+9CMGGB6q8E@Bp+7;`3U3qx-qXkHzvC~ksCS+Pm!xC^r)Vg<LWZRDt
z7}ltnXel6wK4Y$}HyjyOD$$}u3|A`_e^w8BUBQAP5P6LBH%m4w&6-Bqn-@rZhki&D
z5q*{XT`2axleJTYmbeFos4oX(kS&j2=Dkc*b(Bl;CXnrzh!m?w(gW5ST*`x{p*0CZ
zB_23ulY)yeQZJpY&jV^Q6_V_ULRrm^Rn)5JmDbq|4bRk?ys@U$?G|ey@zzHVYLS#p
zY@sxd+czjf?sV?Z^SMXcfK><*##%nW$TK`b(Ik!FBE1+G)Ob1_oQeP>YHr1zEEGpK
z^z<|kT*91`#zy!`Yo|00haL%@_?C5nlY)dh*q029>q8{%L`Rs7YVIt<i#U!1Wi*Mn
z-x7emyu2(AO4DOY&W5XMqe7og>9Fh}Q4;&+FOIVrBeXNc@t0V`Db?Rh9nagQ<A9u^
z5wYe{YpTKWHfu-#<6(TAQF*!gSBk{G55q4T%-P}U1AVO&>E3fW5?2%3ddm;TK4*#;
zC&l;DNO@rx7lhVi@KFbh-WujanS=HLDaozcRr&W8+|on#dDru_<mb6yQaS5-Gpf<+
zg`A+K9HJYzynVB&h62yY|79)Ar0k-njsM~^r^*p%pP}({u3k+T+=l*UZ3geCA?zoK
zQ|_&0;)==JlP9xD<@>cJ1B314kjjHNxQ#=mIqm1{{RE;!36mR5$vLx(zwkuuI}qnx
z*`b<9PHq_1hxj&yV7kqv<<4>wPVSQpJxt(L;r6NjEPuW$+q8Dj!-45EZD`$%^s5b$
zalc^9qs3*`v#qT0WR+2uri3xS7#x0L5zy&$Yod~tZ%=S4uXY2T)86})&b3`rY<~Xf
zrq_r>(G=h}F}$i)_XW__8a@7|OZ7<W?!fYay;9Ez{L%A#x}82{Yr8Vjw?gILvC|D1
zZN_m&lI510%yXlay5(0x-QsFJqM$7s^Ke5b50gph#P90~v?J?+^ineZ@>o{<-$?S8
zXrxW~HZQ4I2Dw<fNhApg1?4ZrsjFc(^Mr3glNTa4#$kG~#^2#!bC*cU=$61x{wGAx
zuCPdXzC+>$FUi&90~5ZFtFIyY;}Z?JVv!cZH%{3^ro^w?LCZ0vLSh4;{0DnXWS|O>
zp|7dn6yGCC&r6Ett%|0XIkc~}c8qF{fRZPk=W*7r7L=!wGT=`JGHqSVA(OEI`xElU
z_tN_->~;+)+U#A<mmlufiiE#Bjdt4Lfgz>kuCTs8k0nMIxLWl#%-Jx}R!ezgf~VWE
zv<NY3{2+#;xTqLC&8e1`$lC74R&i%${0I{xTt$SAtU%vSrq|BJaqcD|?)R$f560ae
z&pVE2X6Xpl%-tWWwRGV%LI=mRstCjunLWMl&Xe0gP8*BQ<WzlUkkGIARu~^Xre~8k
z`ScgL(_(|ABGLPm5r_I=EsHpE8E{;ESNe>tob?0*uOMBqS@UrM5Z}LZ9!ENyWM8l|
zWk`4%+nUm2YXkMlzPCUOOy82~lt2wnBL;S;jkxWJo$q^3SOFVG(W=;Z#o-Ki$(a;t
zbz*4bScr))P*JLxy?m~TG@RMEG2ZCwY7C*mrO1Snlc&wFCKTbIFBSJ#%+@eElT)(?
zVP}Bt7$u77i-mrPo_BDn_t3I?R+tc}xT6hsw~&9GWTVc-T?BNY5rDpwS`2^6>12#H
z*|ooWqem+m@!XPX_gRX3OtK3&m~$2tQV!jKM=~BpWL&IIGBRGgLwC2iugpf##6Cd1
zM_Ir6#AsFa^t3+|`?{22RJ=tx?yHGh3$oC1-T)F3VoOD?OV))OQe&^&i8uj)J5Ct|
z?>N?V5HQgSnQyx4yOv^1Vi{XR(nqo0S-kHecozz~tCPed;~sZ}WObl!pq3FRwRsbE
zTbY{_GD8KS;jKy-f!vruO4CuNQOnw?EYuVz7Tx6eyEeg6-#wifXZmY-RY-_eiBxMY
zUm>Xf(BU&03hS$noTOE*o1Ser`l35}DxMO%76>j~X`H$rW$n*B3Ukl@G6@B^2`8LE
znlk&_@<;?>M3o2fK|{NNe9vL=Fyw?nX;M5zEj-d;%2}Mcbh@Jo3UshAUXUv;DX#SI
z3DsHIV^-FX)M$6(6PZU1=dxK?Uc75|Qc{WdBC&po*3%@DFEg`nm72(@3y-m|thsYN
zh;;I*wB2Z^4WGFFOD3ajjV!dT^NfDZ=(&1NE6^i$4HBMfkNVZ-1K7h8rOJwZa$z@u
zvB%<brD_DGfy8uB<$zd3DAX`4D%4Q7Ae7E_xzX>N)Z>gx&LFjPUgXpoF06HxM&eF2
z)Tp*HSkyXOclC|Dt6aMw!QKwBhQ@CfRcU-ifJSI6X<zkwp?JjC)^&aVt=IU|cYQIN
zereH;XL(e2`LeP;d@h&8nqtb6ZfoS59Z+K9Nb4fkuH?PxYCMJ94mp7)ov>`3m>LMu
zFCB^Qgs38WF6e)f(2Z0#EleP|;}mo@v_W~bm=qJM{H!X_bpkxwO$1@AlKc7_<)?qX
z@}HbRY)4jW4sC+J(P{=wjLlUJtj;7mCBTZjReJTBlWbMU^ps)Gph^CK#4Loh<_0|C
z!mEeKDbrVN3Kn5}`DW@3aV`E|aP6)-TtT1wVdtPf687$f>7gp~%ml)B;MukD@B==J
znk%KNTN|gfXNhqI&jabKuui<@aU+%{*881J)Ovlz8&dPn8ExkHT3u2TTav|nX^@qW
zle2DzQt3ZX=Sb`y3vBZp#~#xW$$yZb@!ytaDQB;GTb?U@JiB+}%T<Pd#knIM_+-7%
zV(gJps|YYK;#<M6MpITs#DRksSSMEMr8xs7y&NAA0wqoZ;u1<kPh(LYbpH?h;-9Vg
zpXF{rn56rt6K~aK(O(R4$Q((%IK`Sy!&ombjW5g`pRV$skuNNO+V{dp>fZcbPnO}O
zmw;c0=xmSf-S|Hh{<E|E$8W8kIddVD^L83D?S)#?+{d@!!?7*NBUB6gt$H&$gO$u$
ze)YAHWH~oW1P#7EvS>G|NH7r%_KlpI3MPB@4X(Mk;$AgG*nNfvHUQ;qjqV%l$59#g
z3Ki`^U8S?&9GLL6M$Xs;gHgy$?iRjzxX$x(4TU(WFK`D|;u4Do&;!V*1qOpzm~cDn
zU$&B+_}_CSa-%i*m_>@IjGw&yfwq&;KikA@)>5RMR!V1lXN4xgQN5&9C6NHVYNO7Z
zwHnE5!Aniru<im6Ovn-U3<z-dK2=|@xIq+rX`}O7y_4CG)Q3kXl)#>fKf?`TRA}Yu
z=!{|2d2A_!UN)N!OZyQy!e1V?t}OJS_CPr9ka{7<({G_pPIxhWxXcw}#qNs^OBnfr
zR2N@Y;Y;c8D0ZUml35E2isIuD>s7^pvRKNa3}>7yqCrF^Z9;e&_1BUIY9+5sg{RCv
z7baK+&jxygHhIKb8Lk$c`ZX`#yR=K0$i%xjJYeMrlmC7=onRwfcBD}Q8g3VLx__iD
z)UHl$B8u0X=-IvIB0Oj9I0UEf-R$|oJ3D@%JRW|!_=Jpa&I;WqvO8W|)na@QqsUVc
zg~^gb3=KY9W)VqOf&|A78}|a;wwX;m*Q%Sk&eO<IzG`*JLQbX^O7&?!Hu&MMR}mli
zMS2*W6R%`O*e4`T#|M5+6@913LWJq=hQ#5lX8QY1IT^JbAKiU0^hmMl#ur=K!t6W?
zTv)T;jxfjBa3;gDt#lRw@sQzquuTg0)jOY8Sw^%+t0qc-(HjcuzweSEos~h1_V7u(
zGb%jVRSiF=n8J3HybZBB`9?w#>iB!_yYeT^BhG|Bu)9CqaPv#oq2#k%en?djcsp9n
zr7F%+-dawN8287}RX9^K6BkLTHb%EOnA}+f-=^gtX}5C==O0>(@c<leaIqO!-tdYM
zkXV*D3$*>dsb<tW3gTotGAd&Wg$ZRY0jW<Hp-xt<2v;C4G!#@`-%Tip4Z4?3BsYho
zMG{k-91FwCNCy9o&-Sw&uJ>6KnKy#)UAQn6ORbXC?Z#4gZys1Lh($UBN@@JkM%F9Z
z)^etYjaE+yW9}6ocYFyC*E1gJf~Fmd2+&2*4-@0ra8}(KOdluI#uZpGypW0snOJGV
zTU7H~%(75jG==5?hRlDG$i>@jbR5DeU$&uy_Fk>ls{1@Vtdq5456!O44^#f^oLd@o
zqo#)6Q^9y>d7#!3E*W|KaWE%jaKXM-seft>zV<7apTA=0hTCWb1<ZV@0<DcKb9*a8
zI6Z=dwy!M}@;ynuQ0<6K2T@<#hH)#>7t)%hXy}TF#<l3y`M5{#JzJy`X`o`vz5|0t
zgts_`<F1!f&THg7P;jFn45>TvD*6*h_sFvw5#Z2{uZ(0Ae1bt$b3nroT=uQODA0$&
zbRqoj?#}C&8|uASt7<uAMXc>iqN6#!PC}|W&WrR!#Z1<c*CuI#*4rU_2ByZL`S{R@
z{L*M-^VctWNZYUBlV#V7<hdWW=;U{BY34gvw#nXyV3#J8j&IT_Wx-rKIpMz*k`&KP
zzI(U!;JU$!6Qu5<`yqQ6DPAIrihxg`hcXJPfS7EAc!K5eoNV$oVD7&Ua(%lDjIR9L
z(TQ{ykDHgqSrSWATnWtPY#Gx%HMgM>6S#vJE*4r6lFqSa6ACi5d_ZT}v>Jy#I6kYp
z002ah*0#BgJ%k<z3WKg?Krn<u-lo^~6|t#<ZDJ7>iQOY)mhm%g@1Wo<=rJXe1RgnC
z7g#1;e{r_<;VQdP5toh5glDRX^KyS-3fyIb<B`)frB$X1VR6<BNTqDjRJQKHj7*cH
zVWR%3#k2^5K4^hUjXqQNJ*`H;=p?@UB=xLN=(~oa?T4#eXUjs3G-)yHTrJZYN)${j
z8{eKp9Yn&M-eQ(phkL4Yh{|;xRn$i2&-a5wH>8NTDx!$z7b6ja9pgm<<Gk($&W%yu
z_Op<j>N}$vS%%0&_e+D-En&Yo-YEX#!7Qnwk?Yej?r3Q<e#cXi()T?G{7d(VnKqn4
zy`{LqBX>kszK8p)j*?cCd@Q!GPR}c*!-2&$)51oOWrefgM@<G*Aybmx`vpoBC~IXB
zoV7GlRykxq!;0*%A0K(JsHH}?MU1Pr-ICD#i5Q^ubfT3M0{i3we<T}p7x9ReC!eQW
zKE$d&rh1`R$ujUv3uffjtGJjz+Cex$$8|-ltNu|{Twse~wanLhPtV4UMaYh~(+u$}
z($aOr`7xVaqv{}|_>+kQKnaj0ql95<1HJ*jMY8{@=%snIyZCkN3A3JpyZPD?9r8w|
z-x>?UkDh~1BTgzR+4i_ZTr$CSESPIT;r5MJ-I}krT4RX%kDC#<CwUdpaQd>#P)l7o
zH=palp+lXeufE)$WR2;->T|{ZFZSLutf{SS7sW2p1O=o^2@skRdR6HOO}Y?@lmtTW
z(sfDiBqWs3q<4@OIxguYfP~&edI#w!;M!T=`+ocNz0P&M{at6D{p+0hBXi`+Ge_ne
zbIdWvc%J*YZ&+KmP3EC6&^CEVAE#4X;T{!1_dxu+4+>s8I_&IE&+#xvw_ZMjti{9g
zhqSQ~tOUc@_uSB!1#^fY;+q?HxF><QQPQX5xGO1r=!XIHK*fB=cujKQxWP<^cF9v~
z{wGzbkGEcZw8=>0=2&K@-HdBR+w1V+=5Gg-2oAqyk#I>_lKh#j{7X;Aq@YnoAyukC
zllgKk?WhR1wrcowAGkYbRh+uD!|Wi^;aY-oD1*T&c?Ty2W-Y063KPHQL3!tNf5fDL
zorVw~PKKfMZ<w<tEKZCgOt8G%`<gPNf+M5)TKGgV&5u-m_jM7K?uuW;sC1Wy+PCK)
zksX(f->uaGN~&+3R#ap7;SU$A#|GXidWc?x!C|;>()W_(Dm|!!(Q6>Y!2-F-tf-W0
z#}2?|3570r!N3l;$v72S77;oWejN-mvm<1cWidkSjB)uNw@e|1W}715Od`SRi=LlO
zJk-UuT7oBVQRSsOv9l`gc4M4pm<;W!-PG4OiEhM#2UU#G6|?l_yV0RudX;2-%sp0o
zg1U#>%Fkh%Y4Euq&r`&zk^W9bwDlI$@rEr42}4`kFJ(eNVEeN*zmW#=XBKZcHs$3P
z*^cDw=KdZyeAu-@t(o(U@K$=a^FO4++D)Vqa*3R&n~gv|aB@-az?fvNURA8GhjbIB
zi$cpEi?CX4D48-bdsZES7kQ>k=W5JdX2ZZ!5?gQP@@Zs4#qU?*$ox!ItWAK7y%3Lf
z4iIJ+98(o8Ij~}<7m;9A6PNAuq#fMFn=~vTEP!cDO`*8F&BAtlY4g#_hOT6I2Xm9R
zjV*_k);$CwrBAW*0^-nqB_;@Y-51c+ugQy(4;<ww$6}Cnsuano-7joe*ZGU`mEac9
z<kQNb1D#2acBa;J^7#{%<gSY`P-p2)-Mk%l;G$eQvzxI|YpSbkFRb6Rs@#E!?XFCV
z<ysnqs_hWexNWE<Mw~sUkNo6%O8NCY`{;Fq>$ZfRruptmu?pO%kJGi0o*5)lbn-Y7
z1e@q5a&Qu7bMkqTDu(E77g8}lo>Hm#iF?0<^C#p1O=hxEF+<W9g{Zmd2j*U@L=8=W
z@cVl!A%1Xs!HCm`#@?nf{UdVzpW~`=hPCrsDle8E#VW3~U}SgDDU|KTJheMt@-nv+
zB7vf<ZL^t+$2t4@p2Lh-gGSbzWm?^Fz|(%&S)UzA_lM{r?5auck3oKgNVyB%c;`G`
zsmlA}DQmE-#fK@fOu#8aK`83!%3Ns41P>qdka34@yZqFxPo8RU1_<F?o3)ztSZQY3
zV>s9~UwYphk#bDqUMkMFq{M&M=IDr^kL=T!OwGf8-JM8Wb%E^_XpgBFXf#y{=8tF^
z6c3F67;eh5ek^dL=E5&HjrAs}g!?v~Ms7eBDuo|W<r(=!zq6)0IX~4-UmiQ1$ZvV{
zp!|`Q644)dqFJs~D2@CDWOMzs!Wdb2jzLR1mP+>&mkB)ELJ9~>#T~~Ht?b;C^3T}Z
z*xce+`*wW-dyd*THhl`a(wh3*8AdSi6OA{&)->cvpCT!+!Jst>(v=oyZO)2^wNBn>
zqmE=$V~=BHT@77OGkJ&ez@tBm=x(cmc^(fODjq;I(Vy3l(_ISM@C%juZASO&(~l$Y
zcidK6)GS}E70ztnRV^U{AC`1M5eIotm57cl$KfQ#bdyG`7ns9!P)#&HSAr^=Ok}1e
z)Vd+;8QR|5D8{nCEs|wS!a9&az<W;|15C03f)y_d$|LPIa;AE5AZC7Fx5DZQ`$J#t
z(N-SdqI-Z}8m)L}NnoD0MwX(B)24jb%W54Lyc#6BAtq!ZYr*c6p;+>2^1*gatnxEu
zVffQcU#7e6Ei;PuWVjh6XzacRo1}`o@UwqGoWwn58F*9lh*gB)fxGO?`x5D;^p#fW
zzNGs_od|FX#3UlNT7pR^Xm=vBRSm2=KWgLURw=ygV~DAto>5J`r@&^pvR@Bkeu348
zB2PHk<Rslj`O1>zzT6vB>$qoNBVZxX)KgMvecD5FZ#U)Ot&H>jc~vI(1KK=FlZl#9
z-8tb~!A)sLJw3Pnlyargf^o+ZiU5_DYW4!2_<2Eb)CQWm=#*mv`Yt}Q^J^<CmCpZ$
zx{qaL-_}Q2Ed1$Zk4X22-eeAGCX-llsr$Y4ioGCC4=4OUTEVjNXd72;v-F6gznQ=x
z@1vw=K{F`zULFzh++M|K!~|XaLp3o#ce=LX_CUkB=7TQ-EC&5vzpVY%iyIuD$r!yf
zujtyz>9kzp{W9iUtflHka8s%V7xQc9gzPB!r~VKj=T~a*S-Jyp+g1L<NH6cvuWPmj
z(Vqgq-c91q8)F-OX1WnXxfQD#$J7nydS<Ad1Mf<!i%($jR{I*;#o5ZAf{P`hisCKl
zKFcLipm|mjH$?N54%jUFl^|e0|0B<-%k#aemxY=oCsg`nRWU4dl#>0UoZOMzOwJEV
z74ApoArRw0-nD5tHT>w;L}tr8B$M-`hLhVlW&7tnpWxn|k6{!wPN+Qh91Hl0H$J*1
zZn-aEnJBflYRup%Z1iPYP`2yqm$J$TPXkWPkzm;U&HS%VlO3#W?zOmSp?(nT)Jww>
zxjY>0xr!1S&+ZT)m!<SLY}8B{s=}t;vfwlIGTy0&mX^3wID}~6iK=qQCkGn618(aj
z%>}Kn&4)?f%NXO?dn<(mLZp)x9DkTPsU(5`c|RGoi`jg>krRhCip9T3?u@nxdCF*k
z?l~G>uhuY|K~#+;uRQ<gcJ{3y44tc|6W5i5o}qF=^0v}&3O1dE1wKv8{mBsV4QDSQ
z#QEZTb28e$cw353Vzq31d;ZLH>Z<)Q1K)Y`_$=O^bKFUKu}g{$YprLiViu3yt#PpG
zlrWqt7S8tO<Ai9|Q}99~P5J;;)R`T+J?F`z0?7vUo>5J`i5^~2B1y_T3$Pk-Gf^xj
zFxSFPS4J$cCH>RZmEb9}fi-4B(40TXwjrz%&Mdio6Or`9cyot;64vAXJ*iD8!(q@}
zU2%(h3<C<u>uVQEV<0Wp@E5Kb;xw~)wPWIBIwa|m6hTo>o|??b#R*V@3-97n!M5p<
zTos;$Bb-z3-UP`Mn|LM94)+|$UNAS+mWTkqJCwgl<X}hc*lar$jV<VL97i<wY_aBS
zo<xETg1q7(yl#{MiSWVDQ(-U!+|r8KsK;aIrH<#hp~u3VQ<`ldu*O1i&p8q0BH3gX
zH(d}wzYD@Op~q3xy(R+B<BBDNZXskVGPgWDI7H;S;cLnIBd%m2@P_VZdK3~;7j%q~
zF5Dm19~_s>s&h(}*XGG^aH?zQ>2XyHDe*U)y`;*YYO{`5r!DjdUDZE3Sy`-g-&z*~
zX1ecd%h-$VL6bGFtX{h%-=WZ%-JS?cwq*FqpD<R*QeIhOP8}hX#p-U);-*oQu3re=
zw6ht*9P*$O3L?e_zg&p^b9F*;lNI$B$;Ul;km*~=Z|V2_)PHp}ocFn1F257{_P5Qy
zX=?r3m;bEczuMopwxk`QQBTra<@9hw15T-0GQIBD)No2ENPF@U%em_aFTQENlK`vY
z!ilBwMx1d#s^=Bn?ESIvKz}BEFK2SwOn29+yR8H0s^5)d<qSi(O*uc!Z`&*^G&mOQ
zQ&B<bknCP#3ydFG6{E3pheRZKjox?ajRxj5jYdAxMOB1}44N;+hhN>!peZ%<f@HB}
ziQQa&nl8bHa!TFNV$#TWfJhKop=kWr%)@I}uAB*ct)dREcDxwF<Y_K=69$*o9_KV*
z*!aMF3k03g5ia_Cyh=v>#?9`_{2srnGk#(6B&D)6g(vC^nTu(e04&i5W$_EqKHpvc
zOy`K&4<{6SqvYFJe5?w(9Ejf)ayTf-M;TtVE;gI>2X>FJ+e<XjyHW3s2I)*4NfJ7}
zEM6UZXf-&FnFPG&)^UOFX)Oy6YAII)lh2C^Qs(p9)|sHtWd!J9DSFtNekU!C@`3AR
zs}HwwMampB%!ZG17d7XVGR%cX&l2tj!!XoHWMVX!=u#-^9LYRj(iV5t>L2|&XYjT8
zWX2bg*ikumJQ7H4FZWfEf+15kn1?bjTFGr$pjAWooS034Fzr7hZw}W((x{<O92|lX
z(PJWJkR@#ePrp9VpJ~No4aYtFl&d(nWR6}!-_UTaN@u`q<p@{Omd<_^Yqv1}SH3--
zt)MCq<t*#-Uv~<B`s#q>>T2&$q)g)aBrMh5j_mq_oHVIx`c>fm4Ac?3h?afWoTTvP
zc1N6exG70Txn#jeIekG%x7Zo9s>nA+Hi!aKb*lALcWepF=Nm@KoeP<R3<~DO+MwnJ
ztVHMq_$@qbUmkx|sa%qd))b)#(@Jj+H<!dK@ASsD`{TIMxKX+qeKv{HN<r1k`4)d#
z`B*Rp2-pK^A><+^8v?rm0??93(i%6aPXL=-$jg~85M6Eb6-Y>HU%i;(A1Q$URnG0-
z&%rgew?y7mG~obW5ZAU=;19<)&`~2fWJBH>bWf;Yk`*>=Y(UeDZ%Rz81$IO&xRfVk
z(Y2UGU(rcZMJ_E5*#>d4T{eWuw7Ue$sJ>?wkf#dFKoLQrBTQk_>7IsOdNA{`>u}Ub
zD^nr?lu|Pm5+pq}4Y9XI%r$04Ee}#>cDMc{n<`!ZY5m7m><fae&x*e|4JJR?cLJX>
zx1y9U%$}=`=k1M%)hy?mEx5R+U+Z9=SR#X|R2!Ft;<(hTbVQig%i^oB8Hz<*HCAXO
zjcy-qbiHkDdrR(}!v{XBZ}F6K;kZx_ZS6Xe9!Y0_dg=ITTt4r}M|P@odTN;ZO?D^p
z=YTs%r0!ilT>44=kCo%Om6Q-=X#FQ!H&W*pH4Y<SzX#U9#=Dm)_(nr0lT%SsHn%~+
zcR`oWhFY%~3nnZ~GrdaEr0imsb&AkxZ~~{zvfBQW4pnr{+J--Xm+=cp-`B~tDwU+x
z*P|`DcM)jpT(zlHO$pa-lg4Vtt_+d<oag(71FSH)QbuJhI?m?&tL4k?7m+q%$zJY6
zx+5=7+zK)1r(}b0s}U{2f#k!tX{@C`eG!ysXiUcF8>x4Jr1re4_YNW*N>c?@M^w3{
zK}zKVg^Pr>S*`&X`#m+g4<N7c1Ex@5ot{m~Ufx7Dw3+n)Re;;+jcFwnhUy!cf>!1A
zV%mNCg0Q+v{%nG8s2|xFSsU8JoVwGXeY#8<ruiXNEY7@rTuJM-`R$&Aa5WCawF;QH
z3QB@$jY8v27*|8hQjIiuQeHP|#vHb0sIC~H<BS0)6H(#4y#v|E_^1CGbjfery4>1M
z?kTc3Y<<*rm%oB#MH7GMILtJ0^}Nd{NekZJ-d2uPwK`XK%~b^CcJOC;$<$C}4Ag?w
zI6)i>mWvl(5BF!%41yG60^_cCUvE5XU0tXXFS!hVbipkD8;QWXk7;&diD4mFf{Idk
z6O!$%&Lxywa*5Rq4eUN!G0uw_{S?%*Mf(>?>%I_CEZ1m7vS(`X_sWRQIVZO~sofwi
z^%#+^+XW?pv6|>J!;(vzId$aMkPsS;5^=6nh({n%KwYaF%6iylb)-ELuiy59sQ7zh
zIQ8{uBOrty%Y3@em_?dj)gs@wu`gc3DL)d9$^$A7Y?NAo<}P|#gBLMVfa|;ttB@r4
z5n*K@sTz8iCtU-rXs}T-?bnU@Nlot>bwrO18uQCPB)8sq_j{TC`NL1bzJ<H0B^Hl~
zLcCPJm9NqNn=l$PrlUNg`6LwWcB|;@BfrzObBmdf*bNP}AoA|~kIA&GRrS6ya3&Eh
z$wUyR;Lq5Yzi%0l=ZEgkzY9P{qx^?h9X(qEJ&@8;O<Ub3Jpw9jq~5kqKO73qi~a(5
zVs)~k+_tnw0(=BV>sqEJxnR3eIZVrzCd68jvLF=HW^g7QT}?+Ql97>94nOS0R{DV$
zlesJ|NLpgivlFZT#1RwixxY~LGyMBBOe_BgaeGS_0T~3~mHeHRf);lyzO#M2cCJq3
zTtkb7B)*MMLJ3*yoZVSddR0w8_s5L(DMTW8?nAhWnq%tsKxeAxzt7tzuPatK*UHp8
z3jt-w?xaEazws1aCAm%{x!{<J2r@+!CiWg7Ox|!#E2%({d#ZntQ2!)h_*$?rCTG;v
zoo~|!YZu<}_NN=NMiSaBrw8LUr5O77_263xGX%&Ep*CNIsJy%TafF1#Z_mi6S+H^M
zb6le!Js+zcSc1lUk>9D;caT&k9|C45EYTQfzPNKt;*%OpCq3^KF(_V-8QMyC4=y*~
zifJCcP)+DXt6-=Z*c3V0zFb?1r4tp`V`cVELCEZceF1}A_NYBsU;cef|FQix^LhXO
zcASfnw|eMfE9j!&%n;k`M#gH(J}T)dtgdbhgmZ?Z1`uT$4Q)aM)gkx@eElkD-vn$D
znoQ@_Xx_9m!}fuE%yzh8sSy6={+jm};hD}e#!LrKA;qY9UPm+$!-J%|5^Gf?I6WON
zS>qFXrhRZ(z-5qzoWWJvgP+zApD=9i;62a=JR{z6_w`S&cL<Es@=vdj5o_9l8ZR9_
z{+S3u60E8m?8F5jhE0oprchx`*wWW&U!K%NTm%LZVpN7k`D<fQN&|N3A8|3A2G~dM
zL(l~iPBh|*j)2?t&r}H@jwcRk9|bIKj|VXyzj+0c9D400ygjIx@4Q87ppfdtXEN5o
zA909JXxQP+P@wbASC`+jW<S37mhvYBBK-%xdIT?RsPCM(RquzDUIh{aBgX|s8_Oc1
zVOe=ldh_>2FOTEZ>ztV(SK6a<Z~5Y{jRx_1kMBab>HMAT);U+_A|g)rIi}98b<|7G
z=k+cvKz&NPI8}OqqShK5FTqH|+B9z?8dyUfBdf}aKR}++neKu{AJ)hf##44`{2)Ne
z68m(b%x*|buVhk8Q|ymL%-2Vk-T;W=I)_<Iq!5sMX7F~QZy+F<PdhoVt#A@Sht?a1
z>Wm@cfVZ1|@xOGkQZ9%Y6<MyGv>MgU=H>9Z>+l@`iRc3!t6OdGfAO(g?5<~iOC6jo
z$s|h16BAP6T0ZdS$#NX7af9`30%iL-MCN+YHfH3#x5@I)SplW8ep_uH%)Tg9hvtc*
zUm1!QYv!+|1a_Mu0d@fDon`o9{oq%nt=5qtiMvOYp%&s!911?MOY(Ajq;f;cV$Mi_
z?Or}BrGN692Kf(!r4*b5_Yhnr*1$lmDXI9>xjk%_EDfln<RY6#%~ZiaO<hiu4>MEJ
zG*8@wF+CJ6_8fg!X-nsIwviUC$&fcL{Uf!dArDRcw2%U_F6xeLj1N4!HYh8uyKEBN
zWkDUFV%izWdq5<}A+l=VFg|s(U%u!y1K5_1%GJaeyk^}OtU=6`5kg`65K%4p9I#ci
z=E;D`A@eM|QVln|<NzhxAD<I!t4Wj7Ve;>r*!Z-6a=}jI3rRb8`O6R+Rg5N6^fYYA
z)^uFAQ{mS8M8Q0-6#!Q<-TLuZj)+ki-jZ=Q*QA^sZy&GvG?u5=vm19KVW)PMy9_So
z_jP?fQYR^5DAC>}<%$B85rK~wEAIsj1Z1gs?e9fyD$}L(=Qp~jx<xlf`!iz1cbsie
zV|F8?-B+~UWUlGc+%_1QdPM;Bo5$<s^yhYsg!C-lag84_3UoS&J@G~~iT8uQ)i#`H
zcmXv#qEteF@VcUTFE|=m*~q2bc>Ir{<sSUMA+&NmzGy}+d`qY2V->LW2l-7D|DlQM
zCFR$9QhoML#b8b&n;OBS{>C(8PhEY!twAxU+GDl12HUcA-AmpC*8YR3^hEZaHQlpR
zeQ3Fw6BAEuMBzkhy*Lwx2oniOc$Ww{R65_9qho&&I;jTHkECV+<TWN>PzLq-r5J<=
zBmxahT2Xin|G^zW=&Q#hZ?59!?(ks`o`HriyxfjPjULP!>YVX{5U{&<1!q0PPkiep
ztx7dK<p#{66DMX7j~hTNfbt~Fd${;B{L{K~BpgV2iP6p^n_<u(&=;<ZXX2$I|6c|@
zUte2HrV%)=e38LWES!fcFo&(sd|7%3B|5y1K_C%M&J7!DJP8PD&Q$fN#%2Lww)!=7
z{#n!5Dd;Ek{ZaZ=p~y)Ez;%8eo~zr;;d-H}k%SQ#lWh}Q;v_p36pneTvpsvP$ANmG
zH&YCl^ioFGDZ9Zl2yk6va5)eJdAXR#SVS@??96`r3DDv|o#ya_zHh-zQ$#UQ(Y?fD
zO$9X{A`jL;$$R6`{pnAL%*gTXf&xk_Q<?l&11aT{Wdoz}iv1bInvl5y`X>Fvd1BDj
zKOds~#yzGLE;3omFz1zDsd^&9+iu2{DnaV5^|dr*0LIXn;;_OgZ{XMw^AoYQFzT63
z@%pwhz5JwxuzGwkR*wx3HuDnP{Mllc!X7j=*gvhVK1eUj;5b_C4Zy+uy`z+KDJNo|
z4D*zvF%2y7&9^o~e2d&E(#)gcM?(REy{b!+s`&R)vu-@&_c+Lk{^LzY{)uBrRb4ne
zXPFXP*6x&lV^_IaQ=Y=t9{(miZY)H+a7oE4*TR||g9XEFw0HvJKO6`B4CK2qD*n{o
zlDqSr@jH3=ej%Z9+%N5tzh8cssx1rh$zaRndnNCM?Cq8t>=&EIr6=YEf05ifjIZhV
z-SnDe-zS-d%C6=GB1Le7<ypEi;&M>sLtE^N;?m%Is2L(usIo5_xt{f|AhF+7LXOZ;
z*hr0ZKLO3vr(Uep4xfk<YbA4kTl1&=H&A?=15q48&)(&GJ<o-#{Eu>xD^21l&Seo#
zv4K2yA3OSNY$okeu<sY~6n{6pU2%iYHnNq^bn3oMU4~J~PynQ1e;Tp(;<iLce<1nO
z(6&o1(FK_b+<UQNKvQ(l`15~E5&m1Bzd>Y3Ki|pwv?CKAlgu_Gd42Ei!~b{EaEM1s
z020ONWE?<sU=19*{EmmNZ$!E}95L4#sMbWvzMRm{^>O75nWuEHLi8C?07`Q7?lPPB
zv&N(N0}5n4&8&`lJ|r(Em{C|fnygSDPce+Z$jL!u;NjO*8}P)n#=EvR^y5p~);rQw
z?WHaIhhKUd2q?!tN{AF+eSP^V7LdoVj~ir+l-pFmzs~aDjyi(oB6c+1H?Fz1u^89x
zFnNBuWr=>Jg*r5QqMOLbA3?lr>T%S`%2XDikW}eUWvuof-kt|q4eo>Pru_$--01E^
z$Hx7F)_WpykplT3*11!`$aeX(N0jB`PA(G}%!|vnKVYLS!y^P0xcT@TX5zx8_$AcR
z6E<;~86hfT0RxwMqPb~SI;q;O$(=Uy`ir-dEl#-gSeaPchRn8+uebp6H!n6#P}81*
zvoOA?){%Fw4dz}Rh?I?<4-vqAfo8GQb9m_Wc&uXj&qTx7kYq;&r_je~rr|W3jOc*5
zwA=%=m~CcJhv;;H@5N=9negzQes!%n!yqY->on*wrB3v=pdbN|Z9C;1<<rNfod*HC
zG`<^uDi9tg#C<%{8aSF^-ywQfy$FI?Hw62PiqF@2Pt?{%)+E*FvKSW<c1AY#%%ikD
zF)k58B0i|m3aZ-Km(h1@X~yvt-B5A#=(f?Xcp5VINx)&;S>AiyM=%00QxvtYXrw3&
zZ?&tu>!(<No9Ss^xbHnhX#mV3>*4#3@6t_e&1{X0=ps+5XI76AEyUaggBkV`!Hmk?
zTWO+`zc_1yHN7CfOx3UrucQ~KS|`-Y`K}h5N!b}fmQs=myh3-wY;)teG~_Ij(UCv&
z-Vo;@UBAw7S7~{!!fTxAkE2J9Q!z8@9&2vvx)~AiRzxa5Va<!onSpZYqnrtBczLA}
zOLQt%|IgEJo$3@h{G?9zF7@QCcbh%;8;@UjF}vl=U~J1|pDm}t%8X|IJb(3h#iS+j
zu4v9I2o{bs9ifSaaf^Tv?I8I$+4sbN9?RmNZP!g4+QpNW@4cS(^(3EBQ;3EEHVcZK
zX+HS^kDkoqzJ6f(_|K>Fcjgn1hl3`UNx=tcM4?@&FrnA~H2KHw85L+OEU9Ccy*nM8
zZD*oJ$V+u3GQO<XJbQhEP3wK@yP1JLQ8KPW@N_koW?GzvBI;oCkWE+rsPIt|rps65
zJ%_tAAq1P0585nNs<eJIxuKfaHQH*_1^>q2If;$Fl^RDx%XDlbw6Oe+q(G%a$jcmE
zy08q+sn}L@qTxr*{evy?YOJ{wdSr5LY}j!+`FcBuOEn>Wt6`>>P`yDUWq+qe(%mv=
zUy$_byhF7*i&yx)3kJ{6ja|BUAmNK{po8$R+QNyf@DUZLsg3uL6b=y?6{hl6a5L{R
zaf`5JDSw1+Mz;%A14@BH>5lagyDW|X0T)kI$c}hWGoEc+|M?$H!EZc-Mf@sw4zGXK
zu~nHGwJ68bVGZc&_C#YI#8e*47&FoY^n&CFW`1P6Bz;z!lpkKl0LpnL$Skf~dx?Ql
z@{N$<oEroH&@O%2osAu+-2@gDuTXYeGW*^?5wlEUk~Sg7Q5S96VN(dwcscn7TE!0&
zoVXt{7-w35$=s0)aa?2yL(@!tB)RvCrASgf`?*09RnoY*s*9D+w|>PEOH(48X$*NJ
zTCGc$sL+dsD4=Xq5;@MuxO;}V4H>;h5`A7m@E?HwvJGL2I2QoVc^?1?P=Ov|k%RTp
zZz})$jwlP+x>;?>y<VTtp2Id~x3a^TN-ZvRtAY#RWHahbuAj5t3!>|GO#K+r{CVmC
zlC{N9h7So~%8uVv9fDaFx0b~}HIJ7Ds&$M++YGP0Y_Zjy>t4-~+3ZHp1jOO;0ctwb
zf^tMSlv1EtcPH^4aGLiP=dMt@*}|QOz@ZxBIL%@eN6|chgBZ1YUZmFJR!$<vr%Tl?
zm()6_mtufIVc4XXXS_VM?p#?kY6^jr>Jnd+0;X)}qB2K%%=K(?pQ%<aw94G;uWliN
zZ7arp(i+1~b|;r&p+-5U<Hg?88M+gRt{E_hC=G5QVZ71llLF}4_<Nx<p4@JXNm^qY
zrT5WHS@^kFWgTjf_e;D|e6l;FDYFymC5*Obed`fxGi7~(qmozaa&gL6;L%2zOh*jF
zq(yQbw{n>GTnt+(1fg~f{KPWn?G1M4TGF_RQ-yB!k(w$sZEMNkJ8V!p&2ocG^ona+
zO8z7p*nl&tHs`wjfeE@dlo0q0XH=>?WElt!NC>}+4hX}zj5ZJ*5W@0O>U374!UMJD
zKaYT|-quHl#KCk>$4@xRSMA9a7Yb@|k_OS6Q!IV{zYwt}x@pbFSe|zrS5nlCG5^|a
ziV4D?f;=agpdkbbCDbt!Bq>)6NTjo8NKK`_f9B?x87|&kQp0T0*L=^vL4%mPH=~dK
z#4<)RYfM9&JLfAAz1PWZ$VY3GV(zQ+w$jk-s;8#mV&QzF1EvM2Fc})IRz1_&Q^E4W
zIj1_&ogM~&hd>i3XUm^@*@v|RHbq6+xQA&!j3@g<NIyk2kvrU>8BBNd>tEyl*mtBb
zfySozu4$m^crZ*fG4BHDX<MRoTzB+1^ExYchr}wBIyY&n`eiD-cRQSf)Z}fr2$@QP
zJk>F=(4CCo535>2l79@>hU?a>yS9WLn$g7;e3hkTL$C^*?af9+me}<Y9GvQk&D5?Q
z5=TFOX6F}$$tF6TxVY?j7rclO_fliPkm-AOK!s@1_Vjup3qnDE))^c99S%pQ!3MUk
zO-yB$AWmK9`Kr=$1Pa~x;@KutT$4IeX)k-hz1%EZO=y~Q1?^NoRZ+yL2y53`_9D?A
z8}m)Vh?OcZ#m6Pm%15U3d*w~L4CH1$cZhqoQV=$=?SjW+L$WfQ@1ktoy!Oe<>VPA@
zG#6M7rKyHqQk3|LY^rOTu3<(KuEuqONK6ezD6}d%Ob}D5KAzkD!Vh1Te_(lZ<N8t}
zSO3soBoNO;rU6GcwWe6Kl$n#4$)<>Kk=tT3yUvtn?*$L59^!>SbV}1MZu!<w-4p#<
z`+eQx2am?nE*MYCU5jXa1?S#>tnMCp190r;;gW<l_lNzMk&w`p(K?#KQ4&24Qc+$m
zYF@z-1Uyrudh^Xv)%*p$Og9&n&T$i=zKFq=Mt%joO?qK*=RL44+9JxIwmCE)m#cXE
zf<kK8xz0QDr?<Fa#nO-Mo!O_$gYqGA;<%CIhrxES?FuQYVCTGIE|k`v(%)|TCfN&p
z__76%=Tyx;o4!T+M>o({0LrVWT)E34D(Nh`9qAj0RZ9wpl<Pg!TK{73&B427pr@jI
z)io_eF~elVMxo68uvlv<zl%3r&p~}H<be&k=m)+YkSuiZh@$NF3;I`HPTMW!b$gGh
z3pmVjq|4Sz);`YWNw5*E`*<4DcfO#T0+IZlWfAo{3{+aT>m6iU{I<Rtkv4`%jaR5B
z@%236L+?hJ>PB{n*S6Wc5C=oz(+Av*-S?~B&HU-XT>xXOk0kU=dQ3nB1(l|Xfm7VM
z=lmxKU#2|NTtg`j)=NpL@^kT$h|v<mF}?F6uhX*#W=N2tZvovDs&w@s+@>vA>sFKa
zv*Q#Y*-@>AzTK|{iS@$tdJC_Q4_U<;oV%*|%XAmSaQp(^4w%!3=qOW&y=d5}ShltZ
zty3zJfgzQbNMrYa;SMeKTI_3|y@FTv4|IjgaNzcWG-C@P;v|Zz9O5L{jp(7t;ht;+
za@in2a`7M52kDbLj{^oGZf<zdr3{uG6+1gip{Iwfz#8Ax{87-j_AdoL{N-XM5=F#_
zaup)O$3Bs-*eF2o>I?d6ugo8FVKNa4)U0E(RY1X7G()~1K)G5izWHqLMs00n#1-8{
z8UvA0FI~ja!DL#F52qpZl)H91b3VHVJ?nhvQsqJ8y=CT?bX@sqI8;}sd>4|+3WS)7
zX(z_airf;)?{HEoR*%xii$sWGWBr}Yme|Y~OWww?vh;^`BQdpW&sUCY{vsh=0##Z_
zJsTkE3Z|`%NDPnGiin;7C_P5!Y$Gqz{%}N<QuNh!bCU^|)z#-t8{w6UI}T#@$+Sb6
zO5#FGzY|GPyuplbwp2c_5X#*MdG_T&k(uV7*Szak<w8x8SV71;Udi_1eJoL*#>;+y
z17^8~oton3zt$n*q)L4DqD)r>dj{PbDhG>7c!$e%A0a3O9VBRiovOL2_vW^=CD@V9
zfp><>x@W3Y3YTOxULPN23m0IGgJB~}((sjnO?n|y-ve}cbe5fVQ?3qO|4t+^t)<7a
zC$DF$P4f6G!rMZr<YH%-t4p}?u91vGQE@hUq=^unojo0=VZQpM7xh}&h<({13~#|%
z-6L2tebX~B0P0}XC9uBzSbdG_^vR$T=IKnNYQKM_P3B52Cnpn8+Xxu8s_a{z>U(q9
zSv*JAFj25iiO9(_P_Z0*P-6D7qn4hi*35CF?UnVSqW^SpMk9=?KMkhfH90QM$K}*t
zN7L+?+BQSm=!fHA`6DNlPAb`Mk1BDAmdZe9#(Mm)^tEiR?vjeBCzE5biY?wwt8c+$
z!Rbuy?3(94CZ~UY{-5+n6RQvD{224(TDg1L%}$_j|5=_86iHlSh4n9(&+TCuA-WER
zT}?6da?x&^orEiqKP(dTKaaLp$ud_>W_^koSMn5dUhcHnTK#~m4HZD!<hr8m=gt<~
zY)M!#VuIpQdX&Me#i2&VrtO@Hp`;;CJH1~**>STkXkHRS$y`Wk>iZG4nx0$Ipxe3M
zB$w3&=n7p3Q3W)H13C<h`Hoo~smN4@M!Y{m^kWkI)35aB9-{**FiDjNOZ|EZfeHKu
z8qdB)yN7Etn<e(@DRXP9S9!81IP3vKvDL4388>c|deT~aLWgY=quY|U^p`AM4Se(%
z;N2}PA=IWmGsOGG9gPFE^RC=zKQDg$D&%#&XporT)Joi-y$D2O5G*1B_J2RjC~BvJ
z4X2cGeA-Sksww&&^1B?5V*h{Ms()v}*Ax3!Qexw~|FrqnzI45b7@hU<7yHpI!P=Pv
z)KWyLLmxbD$U7|VC76h|GIVHdiq+QgTZ0y?>E2z78<uk?sJ?Qqq7k#8*~L1YTIdN^
zOLvox&qycJs9Al+5!AS9?VJ@N@Pj>*ReUFZ*qhTAd+lp>R_L&AK-3Mz_Qi{iwpn$3
zBO{TfT&)cAO^4FxQs-tz8>=t8CTTfSK}Ae-dYLsjeXl`|hN}-j0hC``@0l3pi9L=u
zb5eP~hCo1x7-uydhIei6dRA@ya`UJSPfH0utYdq2nLYTrEqU`5VO;sxwQ*!|K!k$#
zu2uP}pjiM*4x<WZiq-U<+#P|ACyS<|)1dGreAuSsY=kZtEH}__3fk~za2boZ`R6~|
z=Fg`VLlunyexZMn@Q*})%f|nCa>g(gtN5wCO7K}rKHkM@Ud4M<C=CkCghZY5BOL3E
z+1cW6K>!cJn+%~yhDWEe^igl$xAOhse03FeedBuaw-&ui+D)Sa#-5$0-_3!)?j4t&
z$6B90qOyl4zaBl1_?W7nenQo6Ixe;-beeg;K6X`F>&QE#ZA7KK&rGJd>27~3`6yqc
z?pjxNU?1I6vx>}>XwoMo4wON{&xRIH3+okh>p?;xe{)d|zdz9aZj^7)>A?1}<FilU
zIX|ItNi2TqwVb1c!tp1{+UPgRagveWQ{4HfKFMnYE0PK6IoLAmFy3vV(ZC4~JH_CK
zCrcMEAi$kPllC499{bgECl7~ebiwQ9L407e$~wp0@iBsO)$wK(H5K{x5I6s!^rhu4
zU=#qU3KjBK*UEXtgm9KYeyJwv1h3>uY3^1rI6{cHh=uvx^AG2|goP!+_^EetW1Ey&
z5_EB#qUx|mbL(Xe59fLa4f{=t4Vy=(A81T5Wd5EA7`cm^zt#EDKZsZUo@o7fwDsv@
z@5`3~4-qa0bUi!I>AyW>U5KK3A1nBaW9lk`<<mp9Ta3_4<*JMOcS`>)NJ`T0#>y$O
zhOn!AY9?7&5u0dzrpK)`SU4C+ZZy-Cz66CC2m%~*tr_pecG7JTX{;r_6KChp$U;d+
zmggVGC68xe;+Pn{zK^EihPI@b;_hk4!(2rKpd2Evls9JER6iB^MtE^q<>-PrXYxsV
zY84WzSEcA@pUi$YjUt(%TQ`rrUBOgg*s}@6^PtKxXDTd)MEFuQB#6zmP|!yIwK+A%
z&(t};@e3KLBq6OzSAxCeGHUC`=muAGP%+0U80pC>%O9e7>rdxzE9h6{(YU&Vh4Nrf
z&*Q4}omW~orxFqP#rCRALN3P(PpvgrbyI8t34A<Vdh?dRCF4*Uy&rjo<h!O8w{C&e
zyk$jQU6qb3V)s^a`2s#{9UkWjyi!dxJP#n4c?6-%3zpr>@~rI>O6qe>H7nhP+t7gB
zWZE_S527Yxp6!<=r^fx9cjT58R6aqr)Ttqb_p9BjZO$k1+(9x@G}fB&gHyfn?9=!B
zWFprM`w@saw2eP90zVu^ZdIyuI4@0z5n-vxK)2va#gD*=wmGYIZf!32lAMLWPikHy
zI@82g8w0@FFIq_`)xPZA=TyME<Lh;ftAkkzd)*W|Y2zgl2YVM%I^rLoSTXXtFBg%C
zj_kP6PaHapj2ccR(2gX`#?@F^B2@*>dq$tj(8sHFWk6#3J?5x@AA;T*EQo}%@p%(d
zV;8JuHUII%KQzWN<$3!>lpELoY42D)iYPFt&72HrWS~gu<tFXWeI<W2SPjlxZ_Hde
zCb`}izPZNshgvVp%8T{-o`L)63+KwaUJIm|TTF`aLDY~HBCOT4Xcg>!OhnpkNThSR
z{zZa(nJMNFs$uX3jjA3KA9`Waj;%vMcov+xR{&0^M$EY=ZyKjgDpw4?yPZU&TxfA!
z)f4Wy?IhE|R9Ri)n3`<O?U;IGZWr(FqzjN-E_g2&pPc3#I+}eC<U_gmI@ZoSeaKs+
zni;i1Umg9%Qn0IRqDCJE5!Y9#V~pjFt(RZ?L~>7~oR+Ye<UKLGc;N4kcWP1ayT2S^
zIpgV_UPX#7N>d=ixz<C#P=2RV4vyo4K@x%hM2M7(rDHav8|$O9w4u~@`z58iI^yU!
zU4CjJ+>}$oci4+D8s^1#pQOD~60kV&>nmZ%5a_@vwo^A;R}_qVrBsr|uA)-N5;D*S
zQ^|dz)~JS=beF?B)t!8|f2~ql8rG@iI<4e$Fy)vqE6C1;ChBxYg8wPF_MgM?-}mUQ
z9N;e!%eerXhF@-<B_AIrUxm9Jpq791keL04*}sYW{o9wnkN$tK{jcy<|JN$7rLAB&
z)w#bKS`;RWxH6YGbY2cf>wieCGGE1eWDCT})&T*1GYxU`z>V1=#^)qG_J8N<ofrMl
zSs-)o-Hdi&if&@1wRRS$mB+Bc)<F%~YcCa0hC(CM_gH7Qk$|o&+SD&Lb=;y!grg^*
zY7=IKXwPCkV!l0bBf98<zQT$r1jA<(V<i(6zSJV~!Jw($-izK|oAM2fnCtCMr+?Vk
zbtcQ}9j#l}80+JMJj2ltuZ25+{NA`ybVM>sCr%|_(6I?_V_EU8zsk%vY7a7$Wsehl
zqJ20mB*yySK^9M`kU12-m{a|hk6M5L2I<)=x^P|0a)_pGefU><@ES|3zo9*^_rDx}
zS#@tu^T&KwkRVZ*MoeGe`M<3GyQS+?;I~t6*cgPKrMqhV-V6Sucm2DLf1_rhjmf=h
zuIvF#crhSUWILgZp{OrSqz=pl(Y4P(Mgie^=Ob7Uhy%1eS#*3E+#keP^9-dI`1}_B
zmPoH`;bN)C4}iqjjeiwMO#jrA{g>Tu#sB}1|1Y=L4Z}}>50~(sXG50JDLH+k{4xL~
z<+TzR&W&Rz^0gZqyquzG1wqj^A}|vcdUzW9co?GuSH@i_Z~Rx?UUgx4i~%Ov;sMO9
zY%I>4t`WKwVxtz%&Nl8=hs=k4X<}d?Qc-o6AYkz^qW-|c;78m)Oxvpw6;G-}-lVGk
zVUy#w=I!#`E^1RSE`qE0J*UX@^IK#T6J;Vo&4x@*I^5D*Ym2p(B?h?#!}`ELdz(mz
zJrn`p8rv~qwQG!s^*^T1_04Naq8NKn3Q0mUMyC+*b#S8WL@|-B2;rYomr3MXDIVXM
zTz@p@PZN<ZMF|#k)Of#?*k8yAwj&(dQpn^@5WbYh3<Smm5SE|4l8o>0a-gal=^um)
zWN*Sy6-;e)9V;Jy0G$}w-q(MbMWj8N25H+lX2Vs==L5!v61MD`B=V%g%Nb|AvNjFb
z5?_g=K93q}j*_e~R|LcmiqatS3TQQeARNp&>&1Ho=lON=i}9^(Ea)e|VkhJdc@yTw
zD}a4mzTw!baS{LI7YRjl<i*9pECO&OW%ZK2l7Dt*xy)`gZmx-e;^S@DS>^Z93t2?+
z2p^GJmCcWsu<)#=J2jA|@>H>}jP3X&ld15o+-RVC>SzM2$>28W!|=O*k+^4Qc)s0?
z8C5+h>uR~9Ejp}~tyi+9C4YtQ^S&y{Rf$ODL&&h_0t6jgPcN-FI8OGzh`w!o8<sV_
ztkD)}bn*CN@*HuMDLSx$d0S2E)3lp5&*Ds_8K+m1(brs+m*j5dWl%LlX6LqfYoI1d
z0kutZrNw(OFdT2+$l5YkV?%zE@~#@GdAaw@!FwR8LN^ocCu@#COpux*A4Iz*fQ^YL
zYdwxV3Z{LF#llmc(I+_uzk20=Yp2j;&Ar3)WZGyH?B%v)vz@XK*DE2WJiGxCm{&fJ
zPqzRfu_&d?W@^v5Wv}FyYnz$O=~1`*pET@jd`DlRT$dFTqo!7#O(QF7z;6zd*5Ig<
zcQL<T6xDB6%WjZZ$>1fQq19j5-6d!^*kZpXgeVYF)&U(*m#A;NC_jy?>@uM$E*c$Z
zWL^HjAHl!#Ry%LSC`ff0@3$l;ri?Mj_9=lZs7lx!V9_h?2%vET=H%FqwFm#g;s5qe
zH#X_2H3vay8mxyMbTwJG$-FhDtaT@jB~o>N(1p_A$HMPdn1|Um^2S@8Y`>PeFcf7|
z{Mc{m0_Zq)xRp~Mp1BxAWeJVzhz4W^pc=_myl{Qs`FpzB)>{zJp71y))#O5NlXiTA
z>gBMB1aX;=wbk8>$c&aSiP_p++i{^=)<3z=E+^eR*y(=6Aq%G|WCpEit=9uR=+>T#
zk~|Wn<UAzywtK@~Z?u>Qflp%k#K&>Q_A`Poh?|`{P*Q_tl;yVR#c7<!{=i1E9-ZP+
zVYqu%tU+eQ@>lwl+JR$%)AhmEvz6sxW0P8Wg=r>aXL*0xf8h1=t@!z@RD1$$;!-5W
zK>kyK^J6^esL8T(F4!Y!UXCmEtt(zQC_T_NBv4{hTI9)Bb2foH%I_8fMvbbSs3uu~
zCsg-)I2LA9-e^8nsX%REofTFAQ)_XazxZ%IIQcx)ez=O+t-navmvZ$*xtF;Lmt<(W
z%y=7Y@cnUyK#mt;oS#jd3LWNwGNpCvftf~Xk+(6<2+oZc<1$Fr?!a%7t(U<O4sqN*
zE^kc^G^CpVi9c?I&@Lb5756&x#i_~?MQr6!ef;3W2zfoxvPPmJ?5|O``ixw?19Ej9
zL$tt=KyqJ~)mZAaDGTehYEP`6Ls_{SraJ9~WQbG00|$WjY?X5O+Mg-551LAIOmxx~
zwg3eH7mqh(hErkktFh@R<KF?yJ(qw!?G}6S(kXS*!TeizH6imOPJROmHV^))j2Ds4
z6BOw%$y_nMd}Odm`OngN$2=bqfxQ~tDYyF5T^f6%4>_X0zVEUO1lDieKpv3JES)j=
zq_a2|bWEYUGt6bKI}39|memy2CQoC_8%Y7#PQ_eMB-Rj<H-J6^dvP25c;ZIXY#}m2
zg?*rTC-3EY<pIs5bX_bHA4>OgtW+y^D}7TxjT<*jthI!kcre+aQP1XJd-uZbq^w~X
za{TZU+Tse8b!j)O_3W8Arkza8!0u$bk7Me^vfWGLtp$6>CqG$H6}^+Z5ou0Q%cSjT
zq|JQfp?|6}q#U-K<lUC#AeK2JYZPfah#OGQh_@0tm~Jx5ZGz?0qN)Z3IzB98Y5>fW
z%Zh6&Zbu3)9ptS=7BF|8>^-I%ABY;=h+0WXILd>Eja379qd!^g3$L<?9|?+geE-pu
zaz=M4yKaa}uAk7`K7mI`@6MFJ%g1KRCL+GhTvO2&>g96($;7(iPZ3VqFD9-1;HQ~c
z%$AwAb*LJFb_h6B0byx^QMD_q3s$(><(GFoCgjugDa=D~BG;x~OZHGNL!W&dyL@)L
zmur(e)wnJ_DvRe}=MQi3hUGrkc&$eU0ur}hFwNds-`8({tO<Q|d>%B>YTJ20ZZ7Y_
zjXE2UgV%Rz{+fWsE5FXDa@#YIt~u6SvB^iD0V=|vNRr(T%!8%OhN~vdzi<x)K(x6g
zmMbHQI!qVt#++|f)W!Skxl;ru0<jXSVB*Wr<lJ^bcGNI;h0<oC$s^&<N>iBOilkU^
zZ@8dPJ{)HrvovvOixuT@H{Qu{ZG20sM5Oi^YSQ_OB&n?}z@p>r_rklo@Nv)0pk|ow
zE%_8Nq{Z@#^wl<1kJn);u+|t0VdK-7<!=0R*PeTj$Vmv=xKZ$@>uNoXNlyv0oWrdo
zIn1VJ&C`#-$)_&gw<AgYKK5bKM%bd3Gauq>>+m@9Y2Ni09yHn`EPB}>&?Z(aOnoT-
zd7{sifDugY?!0(9KwKr%c@sMb4_1{*J+Tl@)_iCF?w@m${~9;+Urk{Cw|{#|{yVz?
zNED7dJ~FBcj7g*#yOp!f9}2VJuDsb?8_g||I8M$u!ojR+B9|F=NZwcv5Vx^WupY*7
z?yDNS4K;o?{f%dUVtq_PWK&#aGbg=-Lum)6;Vu!|lfJelZ*82YjO(hB*j^}jtM?%}
zB|z2?PMzKp{Wf-74szV+6}IDl*IC;6P%y_69Sj*xiAf6d|M})sz=f6kv6s=gLE=>=
zYhV?dpLFRZ9}&}a&B8i-8lz!gt^?n45UIdrd7iXH++2RZMtqH;D})6id39e-b45Z6
z6JnYo?_J$Tm6|Y>)rh|3z(8TvFfkEJWF7Bn_l^u*npo;n0+}_}PqR0B3+@R=yAc;7
z;}(mC+NVCgr=5WtTb18Si2$=Z!S{1Njm&s-@@=}4w`bF^`h8q_$c-^$fQV=qRA|%!
zznTrhX#C?{bg2E`48r|_jlYSxy35`RAf?cZmA1-OgDWI9GEs`L>JD~~LF8>pt@el<
zMO2z!**|h~i<zIw6_@u1*0Ul)5kVSSk~0)H>+*SSctA9}d+|-w<uYdphrU<sSKIc<
z-)ne&zPrm;PTFU`Y(DpV*m`W`Ea~YE-IalD@Sk8+CpC4l*cmqa(8M^#ADFR09^9tj
zmD2aAM$DN<*`b|IHB{Y>UZ=od91!7Z(*Z&C6$qCr5!IqvF8hxgf1Z)4X3ahMiYtCg
z26|g`=eIJ+*>`d#z7KU(y&?i55+d;0Id5yl@Ncd;wZS6tDv^*ilbAEH)cq>zH}_j&
z7KZoe_o4cqLQ|iO-T19cB6fBtl(@V{{TGSIL@Y5bm}jpH|1e>F-u5JXOQvRiunPEg
z)9=k&(y*!6x7QW-8ZIO35Vh<{>Bhwl930@dG?Isdnj_^x6Oe8`FA37JHhYfP-nd@J
zQ4Ypor%9G$2I=<Jhd(uodA>9q(?7kIi0BSqk#<Uu9%bxHT$xfw8irN1d`PQy=Zdqz
z(&0~#M3w=RuD^ula5pD_UZ|(=yrL$x&ZkLe2l>Eus?d`t?=mm#wf)8a`Hj!4<d35D
zkd`0&lh6B|s==if-usUxO6^#o3HBK0hRxggB4KbO&?s(5YW$Y%bwb1ZZo+8UX?Zc3
zVu8JSq~Qevk)X!u-Hj-(fv|vFI%1Bll<y8<_UV|JD!wZ9%=acA`eW?_aUDkM&r3K5
z?wOc=jb3#A8z97Ro=hpVU2ZKO(kJK>G0t5>diE$iUHncI@PQsHj&l#tW0PMeeNY0K
z80A|Nqft*pqim$rNIW#}keQS|d+E6^J)RL@&83Cytg0-JG>c<#&#wVpUy?l9Lu0Z+
z9G&<xxWGb#N?=aoqLTBon~bq>%RWL(cgzsjyium}<f)xk=OzqNTGe$srL+awqTw<U
zW-owkz4b=Yk*Zbn79^Cf>%aBSv{wQuBTGr6wy|Mr`HP1wN|;7fyQ6q1_Trn)hl6o#
z(_k(}C`ju98}HQGcgejvy+?-C+4@!U%;62X<OZf1XrE|i5idhZ@Do8=c}K5XI4Tv=
z)g1{$Ae+?cS-44_n%)S%()y$Pi`T5dN!)F1ryGoz7!fmQoDYtJ7%VpDiT0%|trHWi
zG0sx<_z;nx`SWdt$>M?z$VshsY@Tz1cgidd94iquFD(6scuXTpJu6h#SZF%e>DYUl
zV{R-_uwLlu?9Xe1O|75B1&c2w7U!gm)*cisF516;x!W%+$KDBQUv5!{7*0DMX-h+<
zeyB};0wNuG#5zJQZB0ZpfdlkDO@_7YgETF-Qd)Dp-Dp<c=uvd6Yx9v#l@-PG!M+S6
zd(73pzLw#TnebzyYfJbOZ-Dkv8LIH{Zp(vq8SU$+@C#ORPp9F&fx*VZ{kEPt(U&C5
zU3bDLTt9C*AJ3|thm_@wUZi^DDF@p|76gX!>&`*rg=v4y-!+k%a~+w%<!VcqJB8qd
zs27(dB*_}M-8f3JsN2`R8B()_&-PZ8CpZbrIV+f|2KVxq0FF@lW*U)P()UT+wVr(T
z&R<Rtok^)9BzO7gxG)Aje3W9sDIt7UVa8+~2-4K*6*n`{U7{cb0PS^6#r!~{4RZJg
z(Q4T}bs5-cFUF|T9Lpnvxct%5z;zqJjp~;!yMlEO>vbVQ_<`&le@E$eBpxuTdwxjW
za&TYf5?{wapdv9dd%5>vWY`?3SRO(#h%$LBIj6kM5ZymMe$ytOcN}l1NxFD=q*>F_
zY~T@-^nQ|OAm{VDpTb*I51%7a=Ce_;72{pfhhv-A43qk4Aklm2HT&ls`Bhn2`yUQk
zMrDlJm6(S2HFs$fY$pdh9ynAfC`LMg-E?PWgT~=R<ciQ$_?9+>)XDA&ei%53P{j=X
z`L)BqLsfIB(8OoQKsdFW#^y<4LbLc_IX<~RSB#pMU`9eB<wteLms{NzyNYct@}!e!
zgp*mmD=-&}<}S1weKs+WpmG$>e$~gE2UpYTsq&hu59IHv7GTq=x|HGXvs$6^{D{0Y
zz&pNvtMRVOh~ow8$dDp;-_4*@BvEPB=?7%&f4<9q^R?dm7EG`>W$Ecwk6&lL_U3<@
z{2wk{Q}`XLZRGAUw8wwoeD<Rx+v>M}CN9EGTM=5JV|9pPV^90>fw>Q#UjR32&`^4Q
z>MtrwKe1}#^?aJjcm(Gh?9=~f@4BLz(6T7#h+?4|3{|=T1dVhxJ~|0KRKWm`5PFd+
zf(VKtB^n5wh=BAeC`IB!)C3YB2!;+pkP=7?Akq{hPTtH~v)=odubH>je9Zki_ve<q
z?l~X#-o5v2DN7YLw(66(D~c*N6b4_$c^lxi&gS)o7fw?!o-|AlX7pfL0t#<UY|RLe
z7^@0>d}kb}YWYK59RH{a@L^jG`SIc_kQWqu!R}U%tZlGY98cLFR`YMe{{c9Ed7nM2
z_aJdn$JZPT>n+L~>5VJx*V?sP1p*D7EO%(wSSeCVdW=}M>93J!+%Orw0$MyDbf}qS
zvQej+6PQsnw_Ua5OKDyHwA&`LSJ|2vXUE5ES{;?A3(91#G!=*#q1t0G&){39`2TT5
z`#Tmq3dE!rOhAr{hx0ZLDUzEr(NVi)(G;LSUMVMDm^|G>3~BvQV-24QS1U8}07)n!
zBgC50>AyLk9M0E;9Zys&L|~xlcdw4Z3AUz>ra+DhLrFn(qs<v&=p9D;+Hhi8gu2*#
znxV!v<jF9Dr)YwN0eij6kdt=-_^0nqYp}9bn#3q+dpvg*$E1q5#ez0V2G}-yTFrDI
z<JNQpA>Y5$rg_4*M_CP7awgKKr??2UG4-YY?7eEm`w<ZPjMYMF{hkQf6ZNtK;>3N_
zD4<G^1%$ooY2!Gx$nEc)d7#Qnjb@CT&?9d$Z>KR9PEAM#Y&G=wD7xfO5&C7rSPho9
z>uwk3{yuD^;sr=T&;N-6#vb-&U3tuA#fv0gz3_z68URnmn)Xgq^~lGg5$4F#l4=L@
zA<G|2yeHk?HR$L0ty=0OF*Wap2fn|zBv%DnC{dBUa-HgJqPc$n-$LG0u?iEPSnYq_
zOsu9;u<NUBGhyQ9p<U8-!{xxDwR56xB;MA~M5r5W+Sw@j#Z-k$49L}ZaTIL2J_~|0
z$&0Y;$!d~-E7m>};^t|!0MjVa5AD|J9XwvEzqAfKrfwf-P}YwV#=gr`mZ%>zJ{edU
zu8pPzVxgKs?Nl#s)0Zb+9zNr{G_Cw;=W3+TGmB3Sbe)lMc9+GfzRQpx%i?=GZ%gY2
zPOM*9z92=ubVB|XsTVwbX#OPSu;N^%%G@#AI&Y*iB+wz^98Cky<b|^Yk~72^lyZeE
zz!VD_IP49D<{usuIC(;GxJs|%jssJ{N;?jU2%8DvO?yekfV%nDC0T<lUrSIU7xRHR
zq}Fbec#X)t)Q-p@YrJ5Ht+4It)X;AMGQ}5N!ZO&&BjGH9(vEc%`lIdIJ}M(&7k_Y3
zo#TXAi8zOdi4~<vn&L^I^ZxkpC~`x5hVt_q>mJi9Yg$4NJ6T2ei%N)Zn;-fQ4fL7U
zEr+W<Q}UPfvAlzJkad}DEW`F#i_rqp2EmR!^l>zLo0brf%oqQVbcJ8&WqdX<Q&)bd
zONOFHx~k(3`Y64eZ=`sG$-q*dZnocap!myY<U4K-tfu(3mM(mLyD)c?t%TJ@$c`Rz
z)Hk!8dH!ffC3asTeXa*)7gR?z@uO?x3l>=ts=2O*@H~!jW4<o;@8GGu=-VZ!(e7xU
zDGzTGx_s8|XnLFY6K0gwv?6uJctdLC*)u~xuQa}zaFTu%kTRZM?x6a;(p?zTRB5is
zuV-T1={Je1vbKN13~V>sxq3S7x+MBw?pEb$>X-dud|HOz?dWbBTwT;LVW-*b6+H^!
z=83b%8%rb5w1w!bTMPFxWNzn%N}JB-hCaU*^Gq&jsNS?Ci8zXjNY1&Zch?1KWP)lJ
zN{d79CUB&@|I`EubTZwz0dG1-CI?=$dF^w^`D^4r@;-{pi~=vChVejtCmSV8q_l&v
zUdDXvlAYZ(b2+e5p&b1>$76;%1dUt_^tx5A68uV_ooa7TTye+n+9R{<CYR)QQL>9c
z%|dWjK|xUiwK-Yt)r3FI{1<kPZ(I0$IX0oLn*P{ognIMnS#k}%-gHu^!-!A=wpA&S
zA-L@WuHgmNUlYJr!!&YiKC6`t&Idq2D$ty66I0H2ui*oy4;e?__PYmF@c4Qw&SaxO
zXUnp#OC%YWAtZcaLr&Hg(@}Y2yi?G)>GX$4Qz1D|h_TEMw}2mIc{f&~g_BxtD+`qu
zdCy@+ChBAJ&!pAZ8v$mej^qfa3Qqn~K+Fn+(NV;@R>(XJGkR&31BGr|s{4RCU%cc;
zwyj}V5~qBl{Q=dJ9#{ErUYl7_<Hohyb)5mgo)gtwFD8mpnuA``dY$a1!Z`1d9$JGE
zQw!=+MSQzKn}`9n$5&B|^@BLAT{Vs?$~iu)#MIrNT#JnApIkzqE9)Xs2J4J3YZWub
zw4Ypbp%}TRdW4h!K4@)0I}UmCP?A1WtoZ%YV@<lThb_%)OHBMOQ%gDOYCr5ZFH_#w
z+-8#4Cb}GF`kN#1TI0PM;j0bT`|dCR{E3L6C0G+Fw6{0k-?K)qK)bXnsJuWV>`4D5
z@?|s`ACnv>!X>TNOmGf$<B5Jd$NgTGxhkVs<g6Qsxpu*A;a*>AHC!4duCWP;AP1uR
zKETE`s)ic7R3a`qf?pqMakV>h?z8glr3V-9WI7IMOPaI{H|B#v>A0y#jm(^}GK4M?
z<epkMuwvBv4RFRhN&wkoAYu-4^Hceq#-7|)!d_<y3Id1+m*|C|u}^OqFd?aat@+nK
ziRw0&rvMo_qfNrn<gDiw1&>iCgvZ^9zUYT4L5j^_tZhMulo};MT4z{wEv3VUprox3
zV_5|bDk_ZuL1?2+$n#d0{A|Ah!AX`JenNwn_<iPtd${b_o4dh}Pub4n`c@=aIGFCp
zJ}MAly_2`ig`#N$R9q$oqvt0pG36B}JxE9-@6nkzKHAUSJ@#W25OAM1u*m%&20sqJ
zpYWYD*NKji2M1r_w>pJ?1hx9SB6Cus9_z-)RJOKaBh{UE>0A(gW(02E^pmjSoVI!h
zJO6!T@YCi|Zy!omoIFvU>cgDgQrdIfC+b~DmUPb=6PtXH#55`KDzG${YRVf?N}Tsq
zp;e70@t%kd2m&qQI-rW>;;0Fkzd_*^1I*%eHF;Bc?X%>1&~|c9oBdtQV$5&JdwtiX
z0h<mwVQl(#ymirRJHU{SBZzFYU<;YLu#D+ir_vV7hgDNvN6}EOWu2pE+RmbTKfi0J
zK!rxv53z*JA{)l8HGa2@r}8c64E6VrJcXR_@XaSTPO<u`L6yAaKx`DmQ)Y|uFD}1S
zvsewjxn487$y4|N<@v8!t*|Q*-_6>%zs6fQ$$s2;cw4-<>2jfde_g$j&1f{Z#}0>)
zMLs&6gX+z6kqFGBc)^s+sNRO6qzXn3veY>$(Q6mepsjlWP?JWd))ZVpx$ER?uWC*S
zin@J>&H1qqte%&g%yC>~UDbwe_(_(Cg4DCxTX(djG~V1z31~D@6b2EofbUvHb65n?
ze=7X6^u<k#z_YX+XE3bRmo3HCtc+X&GQ4snjgn>^n<m$$-}|}V^H={YjfbQq{IUM=
z8+5Z%3)`ex@ppKSuS_aiWNDer1hr`bgI+Ik(w2J-<2X8s$Ks7!n!D!+sfnRWk1u2I
z<^JT_CL-u@N1R-T&p5>=ys1Tbt*Ng|r)CCoi*AjaHRkBe&^md7RZ3Wy<D@pj1lm9g
zQfb)L#K!_%_KL4Uu(qpF!fH?F8WEPx2x-^(Bq+aIas*5}oGVyX6dJj7fUTMrU?0L$
zQ<v_lEUs9p37Lz3x>w$7f><_yXO8!K{ZlCFj~n?*<4bVQZk%MOx2fN@q?$u3lh=&n
zF=;wT%HncR^i#`rR&Q<`x&(*qXog?51p2h^JfUNpw|?|4&%9LwZX9>_R`WQJPj@n5
z^Ijjw^V~bPp;8+Ex0gPY^Kp6Y2}gbM5#rwz2#{aXSOiML!yiJQiq3Uyd(yc;Pf!sd
zv$@B=C#k>S2jjKBm?zyLh)$&CaaG*R{?K{%+6DTl*OW{DpXR>^+WECnMr$D)KQ;V~
oPxnyw4c3@gbyC*D9l3ETb}DXwt*H8^^!ZCq-G4avm7f!T2e)R5ApigX

literal 0
HcmV?d00001

diff --git a/mkdocs.yml b/mkdocs.yml
index c8dd9d90f69..bfe4bf81018 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -397,11 +397,6 @@ nav:
     - Jans Keycloak Link: admin/link/jans-keycloak-link.md
   - Lock Guide:
       - admin/lock/README.md
-      - Lock Installation: admin/lock/lock-installation.md
-      - Auth Server Configuration: admin/lock/lock-auth-server-config.md
-      - Lock Client Configuration: admin/lock/lock-client-config.md
-      - Implement Lock PDP Plugin: admin/lock/lock-pdp-plugin.md
-      - Policy Store Integration: admin/lock/lock-opa.md
       - Lock Master: admin/lock/lock-master.md
       - Authorization Using Cedarling: admin/lock/cedarling.md
   - Janssen Recipes:

From f809e454c070ede9969cb74ebb709cdfcb60bfe2 Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Mon, 29 Jul 2024 19:05:54 +0700
Subject: [PATCH 25/43] fix(docker-jans-saml): set kc_saml_openid client as
 trusted client (#9044)

Signed-off-by: iromli <isman.firmansyah@gmail.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
---
 docker-jans-saml/templates/jans-saml/clients.ldif | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-jans-saml/templates/jans-saml/clients.ldif b/docker-jans-saml/templates/jans-saml/clients.ldif
index a4bf62c77e3..58736435c5c 100644
--- a/docker-jans-saml/templates/jans-saml/clients.ldif
+++ b/docker-jans-saml/templates/jans-saml/clients.ldif
@@ -24,7 +24,7 @@ jansScope: inum=764C,ou=scopes,o=jans
 jansScope: inum=10B2,ou=scopes,o=jans
 jansSubjectTyp: pairwise
 jansTknEndpointAuthMethod: client_secret_basic
-jansTrustedClnt: false
+jansTrustedClnt: true
 jansRedirectURI: https://%(hostname)s/kc/realms/jans/kc-jans-authn-rest-bridge/auth-complete
 
 dn: inum=%(kc_scheduler_api_client_id)s,ou=clients,o=jans

From b0aaac74bae7cbfbae2cde728ca1804240ae9c8c Mon Sep 17 00:00:00 2001
From: pujavs <43700552+pujavs@users.noreply.github.com>
Date: Mon, 29 Jul 2024 22:42:25 +0530
Subject: [PATCH 26/43] feat(jans-lock): lock audit endpoints (#9034)

* feat(config-api): lock endpoind wip

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): telemetry audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoints

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoints

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoints

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoints

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock telemery endpoint - wip

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat:(config-api): lock telemetry endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with origin

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock telemetry endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock telemetry audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat: audit health endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api); lock health endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock log audit

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api) lock telemetry endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoints

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock audit endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(jans-linux-setup): jans-lock client

Signed-off-by: Mustafa Baser <mbaser@mail.com>

---------

Signed-off-by: pujavs <pujas.works@gmail.com>
Signed-off-by: Mustafa Baser <mbaser@mail.com>
Co-authored-by: Mustafa Baser <mbaser@mail.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
---
 .../docs/jans-config-api-swagger.yaml         |  24 +-
 .../plugins/docs/lock-plugin-swagger.yaml     | 265 +++++++++++++
 .../plugin/lock/model/stat/HealthEntry.java   | 104 +++++
 .../plugin/lock/model/stat/LogEntry.java      | 138 +++++++
 .../lock/model/stat/TelemetryEntry.java       | 165 ++++++++
 .../plugin/lock/rest/ApiApplication.java      |  28 +-
 .../plugin/lock/rest/AuditResource.java       | 101 +++++
 .../plugin/lock/rest/LockConfigResource.java  |   8 +-
 .../plugin/lock/service/AuditService.java     | 249 ++++++++++++
 .../configapi/plugin/lock/util/Constants.java |  28 +-
 .../default/config-api-test.properties        |   2 +-
 .../profiles/jans-ui.jans.io/test.properties  |   2 +-
 .../test.properties                           |   2 +-
 .../profiles/local/test.properties            |   2 +-
 jans-config-api/server/pom.xml                |   1 +
 .../main/resources/config-api-rs-protect.json | 184 +++++++++
 .../io/jans/service/net/BaseHttpService.java  |  22 +-
 .../jans_setup/schema/jans_schema.json        | 274 ++++++++++++-
 .../setup_app/installers/jans_lock.py         |  39 +-
 .../jans_setup/setup_app/utils/base.py        |   6 +
 .../jans_setup/setup_app/utils/db_utils.py    |  20 +-
 .../jans_setup/templates/base.ldif            |  15 +
 .../templates/jans-lock/dynamic-conf.json     |  75 ++--
 .../lock/model/config/AppConfiguration.java   | 366 ++++++++++--------
 jans-lock/lock-master/service/pom.xml         |  12 +
 .../io/jans/lock/service/net/HttpService.java |   0
 .../ws/rs/audit/AuditRestWebServiceImpl.java  |  88 +++--
 .../main/java/io/jans/lock/util/LockUtil.java | 346 +++++++++++++++++
 28 files changed, 2310 insertions(+), 256 deletions(-)
 create mode 100644 jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/HealthEntry.java
 create mode 100644 jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/LogEntry.java
 create mode 100644 jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/TelemetryEntry.java
 create mode 100644 jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/AuditResource.java
 create mode 100644 jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/service/AuditService.java
 rename jans-lock/lock-master/{server => service}/src/main/java/io/jans/lock/service/net/HttpService.java (100%)
 create mode 100644 jans-lock/lock-master/service/src/main/java/io/jans/lock/util/LockUtil.java

diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml
index d1a23211fed..18357d90c32 100644
--- a/jans-config-api/docs/jans-config-api-swagger.yaml
+++ b/jans-config-api/docs/jans-config-api-swagger.yaml
@@ -8313,20 +8313,20 @@ components:
           type: string
         selected:
           type: boolean
-        adminCanAccess:
+        whitePagesCanView:
           type: boolean
         adminCanView:
           type: boolean
-        adminCanEdit:
-          type: boolean
-        userCanAccess:
-          type: boolean
         userCanView:
           type: boolean
-        whitePagesCanView:
+        adminCanEdit:
           type: boolean
         userCanEdit:
           type: boolean
+        userCanAccess:
+          type: boolean
+        adminCanAccess:
+          type: boolean
         baseDn:
           type: string
     PatchRequest:
@@ -9162,8 +9162,6 @@ components:
           type: boolean
         lockMessageConfig:
           $ref: '#/components/schemas/LockMessageConfig'
-        fapi:
-          type: boolean
         allResponseTypesSupported:
           uniqueItems: true
           type: array
@@ -9173,6 +9171,8 @@ components:
             - code
             - token
             - id_token
+        fapi:
+          type: boolean
     AuthenticationFilter:
       required:
       - baseDn
@@ -9939,10 +9939,10 @@ components:
           type: array
           items:
             type: object
-        displayValue:
-          type: string
         value:
           type: object
+        displayValue:
+          type: string
     LocalizedString:
       type: object
       properties:
@@ -10729,10 +10729,10 @@ components:
         ttl:
           type: integer
           format: int32
-        opbrowserState:
-          type: string
         persisted:
           type: boolean
+        opbrowserState:
+          type: string
     SessionIdAccessMap:
       type: object
       properties:
diff --git a/jans-config-api/plugins/docs/lock-plugin-swagger.yaml b/jans-config-api/plugins/docs/lock-plugin-swagger.yaml
index 140a981295f..08c2847496b 100644
--- a/jans-config-api/plugins/docs/lock-plugin-swagger.yaml
+++ b/jans-config-api/plugins/docs/lock-plugin-swagger.yaml
@@ -14,7 +14,146 @@ servers:
   description: The Jans server
 tags:
 - name: Lock - Configuration
+- name: Lock - Audit
 paths:
+  /lock/audit/health:
+    post:
+      tags:
+      - Lock - Audit
+      summary: Save health data
+      description: Save health data
+      operationId: save-health-data
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/HealthEntry'
+      responses:
+        "201":
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/HealthEntry'
+              examples:
+                Response example:
+                  description: Response example
+                  value: ""
+        "400":
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+        "401":
+          description: Unauthorized
+        "404":
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+        "500":
+          description: InternalServerError
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+      security:
+      - oauth2:
+        - https://jans.io/oauth/lock/health.write
+  /lock/audit/log:
+    post:
+      tags:
+      - Lock - Audit
+      summary: Save log data
+      description: Save log data
+      operationId: save-log-data
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/LogEntry'
+      responses:
+        "201":
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LogEntry'
+              examples:
+                Response example:
+                  description: Response example
+                  value: ""
+        "400":
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+        "401":
+          description: Unauthorized
+        "404":
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+        "500":
+          description: InternalServerError
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+      security:
+      - oauth2:
+        - https://jans.io/oauth/lock/log.write
+  /lock/audit/telemetry:
+    post:
+      tags:
+      - Lock - Audit
+      summary: Save telemetry data
+      description: Save telemetry data
+      operationId: save-telemetry-data
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/TelemetryEntry'
+      responses:
+        "201":
+          description: Created
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TelemetryEntry'
+              examples:
+                Response example:
+                  description: Response example
+                  value: ""
+        "400":
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+        "401":
+          description: Unauthorized
+        "404":
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+        "500":
+          description: InternalServerError
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ApiError'
+      security:
+      - oauth2:
+        - https://jans.io/oauth/lock/telemetry.write
   /lock/lockConfig:
     get:
       tags:
@@ -100,20 +239,134 @@ paths:
         - https://jans.io/oauth/lock-config.write
 components:
   schemas:
+    HealthEntry:
+      type: object
+      properties:
+        dn:
+          type: string
+        lastPolicyLoadTime:
+          type: string
+          format: date-time
+        status:
+          type: string
+        cedarEngineStatus:
+          type: string
+        cedarPolicyStatus:
+          type: string
+        tokenDataStatus:
+          type: string
+        inum:
+          type: string
+    ApiError:
+      type: object
+      properties:
+        code:
+          type: string
+        message:
+          type: string
+        description:
+          type: string
+    LogEntry:
+      type: object
+      properties:
+        dn:
+          type: string
+        lastUpdate:
+          type: string
+          format: date-time
+        eventTime:
+          type: string
+          format: date-time
+        eventType:
+          type: string
+        severetyLevel:
+          type: string
+        policyResult:
+          type: string
+        userAccountId:
+          type: string
+        clientId:
+          type: string
+        sourceInformation:
+          type: string
+        inum:
+          type: string
+    TelemetryEntry:
+      type: object
+      properties:
+        dn:
+          type: string
+        lastPolicyLoadTime:
+          type: string
+          format: date-time
+        lastPolicyLoadSize:
+          type: integer
+          format: int32
+        status:
+          type: string
+        policySuccessLoadCounter:
+          type: integer
+          format: int64
+        policyFailedLoadCounter:
+          type: integer
+          format: int64
+        lastPolicyEvaluationTimeNs:
+          type: string
+          format: date-time
+        avgPolicyEvaluationTimeNs:
+          type: string
+          format: date-time
+        evaluationRequestsCount:
+          type: integer
+          format: int64
+        policyStats:
+          type: object
+          additionalProperties:
+            type: string
+        inum:
+          type: string
+        memoryUsage:
+          type: string
     AppConfiguration:
       type: object
       properties:
         baseDN:
           type: string
+          description: Entry Base distinguished name (DN) that identifies the starting
+            point of a search
         baseEndpoint:
           type: string
           description: Lock base endpoint URL
+        openIdIssuer:
+          type: string
+          description: OpenID issuer URL
         tokenChannels:
           type: array
           description: List of token channel names
           items:
             type: string
             description: List of token channel names
+        clientId:
+          type: string
+          description: Lock Client ID
+        clientPassword:
+          type: string
+          description: Lock client password
+        tokenUrl:
+          type: string
+          description: Jans URL of the OpenID Connect Provider's OAuth 2.0 Token Endpoint
+        endpointDetails:
+          type: object
+          additionalProperties:
+            type: array
+            description: Jans URL of config-api audit endpoints and corresponding
+              scope details
+            items:
+              type: string
+              description: Jans URL of config-api audit endpoints and corresponding
+                scope details
+          description: Jans URL of config-api audit endpoints and corresponding scope
+            details
         disableJdkLogger:
           type: boolean
           description: Choose whether to disable JDK loggers
@@ -186,7 +439,19 @@ components:
         clientCredentials:
           tokenUrl: "https://{op-hostname}/.../token"
           scopes:
+            https://jans.io/oauth/lock/read-all: View Lock related information
+            https://jans.io/oauth/lock/write-all: View Lock related information
             https://jans.io/oauth/lock-config.readonly: View Lock configuration related
               information
             https://jans.io/oauth/lock-config.write: Manage Lock configuration related
               information
+            https://jans.io/oauth/lock/audit.readonly: View Lock audit related information
+            https://jans.io/oauth/lock/audit.write: View Lock audit related information
+            https://jans.io/oauth/lock/health.readonly: View Lock health related information
+            https://jans.io/oauth/lock/health.write: Manage Lock health related information
+            https://jans.io/oauth/lock/log.readonly: View Lock log related information
+            https://jans.io/oauth/lock/log.write: Manage Lock log health related information
+            https://jans.io/oauth/lock/telemetry.readonly: View Lock telemetry related
+              information
+            https://jans.io/oauth/lock/telemetry.write: Manage Lock telemetry related
+              information
diff --git a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/HealthEntry.java b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/HealthEntry.java
new file mode 100644
index 00000000000..af8be3429ce
--- /dev/null
+++ b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/HealthEntry.java
@@ -0,0 +1,104 @@
+package io.jans.configapi.plugin.lock.model.stat;
+
+import io.jans.orm.annotation.AttributeName;
+import io.jans.orm.annotation.DN;
+import io.jans.orm.annotation.DataEntry;
+import io.jans.orm.annotation.ObjectClass;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+@DataEntry
+@ObjectClass(value = "jansHealthEntry")
+public class HealthEntry implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    @DN
+    private String dn;
+
+    @JsonProperty("inum")
+    @AttributeName(name = "inum", ignoreDuringUpdate = true)
+    private String inum;
+
+    @AttributeName(name = "jansLastUpd")
+    private Date lastPolicyLoadTime;
+
+    @AttributeName(name = "jansStatus")
+    private String status;
+
+    @AttributeName(name = "cedarEngineStatus")
+    private String cedarEngineStatus;
+
+    @AttributeName(name = "cedarPolicyStatus")
+    private String cedarPolicyStatus;
+
+    @AttributeName(name = "tokenDataStatus")
+    private String tokenDataStatus;
+
+    public String getDn() {
+        return dn;
+    }
+
+    public void setDn(String dn) {
+        this.dn = dn;
+    }
+
+    public String getInum() {
+        return inum;
+    }
+
+    public void setInum(String inum) {
+        this.inum = inum;
+    }
+
+    public Date getLastPolicyLoadTime() {
+        return lastPolicyLoadTime;
+    }
+
+    public void setLastPolicyLoadTime(Date lastPolicyLoadTime) {
+        this.lastPolicyLoadTime = lastPolicyLoadTime;
+    }
+
+    public String getStatus() {
+        return status;
+    }
+
+    public void setStatus(String status) {
+        this.status = status;
+    }
+
+    public String getCedarEngineStatus() {
+        return cedarEngineStatus;
+    }
+
+    public void setCedarEngineStatus(String cedarEngineStatus) {
+        this.cedarEngineStatus = cedarEngineStatus;
+    }
+
+    public String getCedarPolicyStatus() {
+        return cedarPolicyStatus;
+    }
+
+    public void setCedarPolicyStatus(String cedarPolicyStatus) {
+        this.cedarPolicyStatus = cedarPolicyStatus;
+    }
+
+    public String getTokenDataStatus() {
+        return tokenDataStatus;
+    }
+
+    public void setTokenDataStatus(String tokenDataStatus) {
+        this.tokenDataStatus = tokenDataStatus;
+    }
+
+    @Override
+    public String toString() {
+        return "HealthEntry [dn=" + dn + ", inum=" + inum + ", lastPolicyLoadTime=" + lastPolicyLoadTime + ", status="
+                + status + ", cedarEngineStatus=" + cedarEngineStatus + ", cedarPolicyStatus=" + cedarPolicyStatus
+                + ", tokenDataStatus=" + tokenDataStatus + "]";
+    }
+
+}
diff --git a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/LogEntry.java b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/LogEntry.java
new file mode 100644
index 00000000000..803ec37bbd4
--- /dev/null
+++ b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/LogEntry.java
@@ -0,0 +1,138 @@
+package io.jans.configapi.plugin.lock.model.stat;
+
+import io.jans.orm.annotation.AttributeName;
+import io.jans.orm.annotation.DN;
+import io.jans.orm.annotation.DataEntry;
+import io.jans.orm.annotation.ObjectClass;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+@DataEntry
+@ObjectClass(value = "jansLogEntry")
+public class LogEntry implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    @DN
+    private String dn;
+
+    @JsonProperty("inum")
+    @AttributeName(name = "inum", ignoreDuringUpdate = true)
+    private String inum;
+
+    @AttributeName(name = "jansLastUpd")
+    private Date lastUpdate;
+
+    @AttributeName(name = "eventTime")
+    private Date eventTime;
+
+    @AttributeName(name = "eventType")
+    private String eventType;
+
+    @AttributeName(name = "severetyLevel")
+    private String severetyLevel;
+
+    @AttributeName(name = "policyResult")
+    private String policyResult;
+
+    @AttributeName(name = "userAccountId")
+    private String userAccountId;
+
+    @AttributeName(name = "clientId")
+    private String clientId;
+
+    @AttributeName(name = "sourceInformation")
+    private String sourceInformation;
+
+    public String getDn() {
+        return dn;
+    }
+
+    public void setDn(String dn) {
+        this.dn = dn;
+    }
+
+    public String getInum() {
+        return inum;
+    }
+
+    public void setInum(String inum) {
+        this.inum = inum;
+    }
+
+    public Date getLastUpdate() {
+        return lastUpdate;
+    }
+
+    public void setLastUpdate(Date lastUpdate) {
+        this.lastUpdate = lastUpdate;
+    }
+
+    public Date getEventTime() {
+        return eventTime;
+    }
+
+    public void setEventTime(Date eventTime) {
+        this.eventTime = eventTime;
+    }
+
+    public String getEventType() {
+        return eventType;
+    }
+
+    public void setEventType(String eventType) {
+        this.eventType = eventType;
+    }
+
+    public String getSeveretyLevel() {
+        return severetyLevel;
+    }
+
+    public void setSeveretyLevel(String severetyLevel) {
+        this.severetyLevel = severetyLevel;
+    }
+
+    public String getPolicyResult() {
+        return policyResult;
+    }
+
+    public void setPolicyResult(String policyResult) {
+        this.policyResult = policyResult;
+    }
+
+    public String getUserAccountId() {
+        return userAccountId;
+    }
+
+    public void setUserAccountId(String userAccountId) {
+        this.userAccountId = userAccountId;
+    }
+
+    public String getClientId() {
+        return clientId;
+    }
+
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+
+    public String getSourceInformation() {
+        return sourceInformation;
+    }
+
+    public void setSourceInformation(String sourceInformation) {
+        this.sourceInformation = sourceInformation;
+    }
+
+    @Override
+    public String toString() {
+        return "LogEntry [dn=" + dn + ", inum=" + inum + ", lastUpdate=" + lastUpdate + ", eventTime=" + eventTime
+                + ", eventType=" + eventType + ", severetyLevel=" + severetyLevel + ", policyResult=" + policyResult
+                + ", userAccountId=" + userAccountId + ", clientId=" + clientId + ", sourceInformation="
+                + sourceInformation + "]";
+    }
+
+}
diff --git a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/TelemetryEntry.java b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/TelemetryEntry.java
new file mode 100644
index 00000000000..2a619e88d66
--- /dev/null
+++ b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/model/stat/TelemetryEntry.java
@@ -0,0 +1,165 @@
+package io.jans.configapi.plugin.lock.model.stat;
+
+import io.jans.orm.annotation.AttributeName;
+import io.jans.orm.annotation.DN;
+import io.jans.orm.annotation.DataEntry;
+import io.jans.orm.annotation.JsonObject;
+import io.jans.orm.annotation.ObjectClass;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+@DataEntry
+@ObjectClass(value = "jansTelemetryEntry")
+public class TelemetryEntry implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    @DN
+    private String dn;
+
+    @JsonProperty("inum")
+    @AttributeName(name = "inum", ignoreDuringUpdate = true)
+    private String inum;
+
+    @AttributeName(name = "jansLastUpd")
+    private Date lastPolicyLoadTime;
+
+    @AttributeName(name = "size")
+    private Integer lastPolicyLoadSize;
+
+    @AttributeName(name = "jansStatus")
+    private String status;
+
+    @AttributeName(name = "jansCounter")
+    private long policySuccessLoadCounter;
+
+    @AttributeName(name = "jansFailCounter")
+    private long policyFailedLoadCounter;
+
+    @AttributeName(name = "evaluationTimeNs")
+    private Date lastPolicyEvaluationTimeNs;
+
+    @AttributeName(name = "averageTimeNs")
+    private Date avgPolicyEvaluationTimeNs;
+
+    @JsonProperty("memoryUsage")
+    private String memoryUsage;
+
+    @AttributeName(name = "requestCounter")
+    private long evaluationRequestsCount;
+
+    @AttributeName(name = "policyStats")
+    @JsonObject
+    private Map<String, String> policyStats;
+
+    public String getDn() {
+        return dn;
+    }
+
+    public void setDn(String dn) {
+        this.dn = dn;
+    }
+
+    public String getInum() {
+        return inum;
+    }
+
+    public void setInum(String inum) {
+        this.inum = inum;
+    }
+
+    public Date getLastPolicyLoadTime() {
+        return lastPolicyLoadTime;
+    }
+
+    public void setLastPolicyLoadTime(Date lastPolicyLoadTime) {
+        this.lastPolicyLoadTime = lastPolicyLoadTime;
+    }
+
+    public Integer getLastPolicyLoadSize() {
+        return lastPolicyLoadSize;
+    }
+
+    public void setLastPolicyLoadSize(Integer lastPolicyLoadSize) {
+        this.lastPolicyLoadSize = lastPolicyLoadSize;
+    }
+
+    public String getStatus() {
+        return status;
+    }
+
+    public void setStatus(String status) {
+        this.status = status;
+    }
+
+    public long getPolicySuccessLoadCounter() {
+        return policySuccessLoadCounter;
+    }
+
+    public void setPolicySuccessLoadCounter(long policySuccessLoadCounter) {
+        this.policySuccessLoadCounter = policySuccessLoadCounter;
+    }
+
+    public long getPolicyFailedLoadCounter() {
+        return policyFailedLoadCounter;
+    }
+
+    public void setPolicyFailedLoadCounter(long policyFailedLoadCounter) {
+        this.policyFailedLoadCounter = policyFailedLoadCounter;
+    }
+
+    public Date getLastPolicyEvaluationTimeNs() {
+        return lastPolicyEvaluationTimeNs;
+    }
+
+    public void setLastPolicyEvaluationTimeNs(Date lastPolicyEvaluationTimeNs) {
+        this.lastPolicyEvaluationTimeNs = lastPolicyEvaluationTimeNs;
+    }
+
+    public Date getAvgPolicyEvaluationTimeNs() {
+        return avgPolicyEvaluationTimeNs;
+    }
+
+    public void setAvgPolicyEvaluationTimeNs(Date avgPolicyEvaluationTimeNs) {
+        this.avgPolicyEvaluationTimeNs = avgPolicyEvaluationTimeNs;
+    }
+
+    public String getMemoryUsage() {
+        return memoryUsage;
+    }
+
+    public void setMemoryUsage(String memoryUsage) {
+        this.memoryUsage = memoryUsage;
+    }
+
+    public long getEvaluationRequestsCount() {
+        return evaluationRequestsCount;
+    }
+
+    public void setEvaluationRequestsCount(long evaluationRequestsCount) {
+        this.evaluationRequestsCount = evaluationRequestsCount;
+    }
+
+    public Map<String, String> getPolicyStats() {
+        return policyStats;
+    }
+
+    public void setPolicyStats(Map<String, String> policyStats) {
+        this.policyStats = policyStats;
+    }
+
+    @Override
+    public String toString() {
+        return "TelemetryEntry [dn=" + dn + ", inum=" + inum + ", lastPolicyLoadTime=" + lastPolicyLoadTime
+                + ", lastPolicyLoadSize=" + lastPolicyLoadSize + ", status=" + status + ", policySuccessLoadCounter="
+                + policySuccessLoadCounter + ", policyFailedLoadCounter=" + policyFailedLoadCounter
+                + ", lastPolicyEvaluationTimeNs=" + lastPolicyEvaluationTimeNs + ", avgPolicyEvaluationTimeNs="
+                + avgPolicyEvaluationTimeNs + ", memoryUsage=" + memoryUsage + ", evaluationRequestsCount="
+                + evaluationRequestsCount + ", policyStats=" + policyStats + "]";
+    }
+    
+}
diff --git a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/ApiApplication.java b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/ApiApplication.java
index bef3341e958..5432433ade7 100644
--- a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/ApiApplication.java
+++ b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/ApiApplication.java
@@ -13,19 +13,30 @@
 import java.util.HashSet;
 import java.util.Set;
 
-@ApplicationPath("/lock")
+@ApplicationPath(Constants.LOCK)
 @OpenAPIDefinition(info = @Info(title = "Jans Config API - Lock", version = "1.0.0", contact = @Contact(name = "Gluu Support", url = "https://support.gluu.org", email = "support@gluu.org"),
 
-license = @License(name = "Apache 2.0", url = "https://github.com/JanssenProject/jans/blob/main/LICENSE")),
+        license = @License(name = "Apache 2.0", url = "https://github.com/JanssenProject/jans/blob/main/LICENSE")),
 
-tags = { @Tag(name = "Lock - Configuration")},
+        tags = { @Tag(name = "Lock - Configuration"), @Tag(name = "Lock - Audit") },
 
-servers = { @Server(url = "https://jans.io/", description = "The Jans server") })
+        servers = { @Server(url = "https://jans.io/", description = "The Jans server") })
 
 @SecurityScheme(name = "oauth2", type = SecuritySchemeType.OAUTH2, flows = @OAuthFlows(clientCredentials = @OAuthFlow(tokenUrl = "https://{op-hostname}/.../token", scopes = {
-@OAuthScope(name = Constants.LOCK_CONFIG_READ_ACCESS, description = "View Lock configuration related information"),
-@OAuthScope(name = Constants.LOCK_CONFIG_WRITE_ACCESS, description = "Manage Lock configuration related information")}
-)))
+        @OAuthScope(name = Constants.LOCK_READ_ACCESS, description = "View Lock related information"),
+        @OAuthScope(name = Constants.LOCK_WRITE_ACCESS, description = "View Lock related information"),
+        @OAuthScope(name = Constants.LOCK_CONFIG_READ_ACCESS, description = "View Lock configuration related information"),
+        @OAuthScope(name = Constants.LOCK_CONFIG_WRITE_ACCESS, description = "Manage Lock configuration related information"),
+        @OAuthScope(name = Constants.LOCK_AUDIT_READ_ACCESS, description = "View Lock audit related information"),
+        @OAuthScope(name = Constants.LOCK_AUDIT_WRITE_ACCESS, description = "View Lock audit related information"),
+        @OAuthScope(name = Constants.LOCK_HEALTH_READ_ACCESS, description = "View Lock health related information"),
+        @OAuthScope(name = Constants.LOCK_HEALTH_WRITE_ACCESS, description = "Manage Lock health related information"),
+        @OAuthScope(name = Constants.LOCK_LOG_READ_ACCESS, description = "View Lock log related information"),
+        @OAuthScope(name = Constants.LOCK_LOG_WRITE_ACCESS, description = "Manage Lock log health related information"),
+        @OAuthScope(name = Constants.LOCK_TELEMETRY_READ_ACCESS, description = "View Lock telemetry related information"),
+        @OAuthScope(name = Constants.LOCK_TELEMETRY_WRITE_ACCESS, description = "Manage Lock telemetry related information")
+
+})))
 public class ApiApplication extends Application {
 
     @Override
@@ -33,7 +44,8 @@ public Set<Class<?>> getClasses() {
         HashSet<Class<?>> classes = new HashSet<>();
 
         classes.add(LockConfigResource.class);
-        
+        classes.add(AuditResource.class);
+
         return classes;
     }
 }
diff --git a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/AuditResource.java b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/AuditResource.java
new file mode 100644
index 00000000000..aec9c2722d8
--- /dev/null
+++ b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/AuditResource.java
@@ -0,0 +1,101 @@
+/*
+ * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
+ *
+ * Copyright (c) 2020, Janssen Project
+ */
+
+package io.jans.configapi.plugin.lock.rest;
+
+import io.jans.configapi.core.model.ApiError;
+import io.jans.configapi.core.rest.BaseResource;
+import io.jans.configapi.core.rest.ProtectedApi;
+import io.jans.configapi.plugin.lock.model.stat.*;
+import io.jans.configapi.plugin.lock.service.AuditService;
+import io.jans.configapi.plugin.lock.util.Constants;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.ExampleObject;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.security.*;
+
+import jakarta.inject.Inject;
+import jakarta.validation.Valid;
+import jakarta.ws.rs.*;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+
+import org.slf4j.Logger;
+
+
+@Path(Constants.AUDIT)
+@Consumes(MediaType.APPLICATION_JSON)
+@Produces(MediaType.APPLICATION_JSON)
+public class AuditResource extends BaseResource {
+
+    @Inject
+    Logger logger;
+
+    @Inject
+    AuditService auditService;
+
+    @Operation(summary = "Save health data", description = "Save health data", operationId = "save-health-data", tags = {
+            "Lock - Audit" }, security = @SecurityRequirement(name = "oauth2", scopes = {
+                    Constants.LOCK_HEALTH_WRITE_ACCESS }))
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "201", description = "Created", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = HealthEntry.class), examples = @ExampleObject(name = "Response example", value = "example/lock/audit/health.json"))),
+            @ApiResponse(responseCode = "400", description = "Bad Request", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))),
+            @ApiResponse(responseCode = "401", description = "Unauthorized"),
+            @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))),
+            @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))), })
+    @POST
+    @ProtectedApi(scopes = { Constants.LOCK_HEALTH_WRITE_ACCESS }, groupScopes = {})
+    @Path(Constants.HEALTH)
+    public Response postHealthData(@Valid HealthEntry healthEntry) {
+        logger.debug("Save Health Data - healthEntry:{}", healthEntry);
+        healthEntry = auditService.addHealthEntry(healthEntry);
+        return Response.status(Response.Status.CREATED).entity(healthEntry).build();
+
+    }
+
+    @Operation(summary = "Save log data", description = "Save log data", operationId = "save-log-data", tags = {
+            "Lock - Audit" }, security = @SecurityRequirement(name = "oauth2", scopes = {
+                    Constants.LOCK_LOG_WRITE_ACCESS }))
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "201", description = "Created", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = LogEntry.class), examples = @ExampleObject(name = "Response example", value = "example/lock/audit/log.json"))),
+            @ApiResponse(responseCode = "400", description = "Bad Request", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))),
+            @ApiResponse(responseCode = "401", description = "Unauthorized"),
+            @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))),
+            @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))), })
+    @POST
+    @ProtectedApi(scopes = { Constants.LOCK_LOG_WRITE_ACCESS }, groupScopes = {})
+    @Path(Constants.LOG)
+    public Response postLogData(@Valid LogEntry logEntry) {
+        logger.debug("Save - logEntry:{}", logEntry);
+        logEntry = auditService.addLogData(logEntry);
+        return Response.status(Response.Status.CREATED).entity(logEntry).build();
+
+    }
+
+    @Operation(summary = "Save telemetry data", description = "Save telemetry data", operationId = "save-telemetry-data", tags = {
+            "Lock - Audit" }, security = @SecurityRequirement(name = "oauth2", scopes = {
+                    Constants.LOCK_TELEMETRY_WRITE_ACCESS }))
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "201", description = "Created", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = TelemetryEntry.class), examples = @ExampleObject(name = "Response example", value = "example/lock/audit/telemetry.json"))),
+            @ApiResponse(responseCode = "400", description = "Bad Request", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))),
+            @ApiResponse(responseCode = "401", description = "Unauthorized"),
+            @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))),
+            @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))), })
+    @POST
+    @ProtectedApi(scopes = { Constants.LOCK_TELEMETRY_WRITE_ACCESS }, groupScopes = {})
+    @Path(Constants.TELEMETRY)
+    public Response postTelemetryData(@Valid TelemetryEntry telemetryEntry) {
+        logger.debug("Save telemetryEntry():{}", telemetryEntry);
+        telemetryEntry = auditService.addTelemetryData(telemetryEntry);
+        return Response.status(Response.Status.CREATED).entity(telemetryEntry).build();
+
+    }
+
+}
\ No newline at end of file
diff --git a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/LockConfigResource.java b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/LockConfigResource.java
index 30ce8b43ff9..a9c0ce1dc50 100644
--- a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/LockConfigResource.java
+++ b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/rest/LockConfigResource.java
@@ -43,6 +43,8 @@
 @Consumes(MediaType.APPLICATION_JSON)
 @Produces(MediaType.APPLICATION_JSON)
 public class LockConfigResource extends BaseResource {
+    
+    private static final String CONFIG_NULL_ERR_MSG = "It seems Lock module is not setup, kindly check."; 
 
     @Inject
     Logger logger;
@@ -66,7 +68,7 @@ public Response getlockConf() {
         AppConfiguration lockConfiguration = lockConfigService.find();
         logger.info("Lock details lockConfiguration():{}", lockConfiguration);
         if(lockConfiguration==null) {
-            throwInternalServerException("It seems Lock module is not setup, kindly check.");
+            throwInternalServerException(CONFIG_NULL_ERR_MSG);
         }
         return Response.ok(lockConfiguration).build();
         
@@ -87,7 +89,7 @@ public Response updatelockConf(@Valid AppConfiguration lockAppConf) {
         Conf conf = lockConfigService.findLockConf();
         logger.info("Lock conf:{} ", conf);
         if(conf==null) {
-            throwInternalServerException("It seems Lock module is not setup, kindly check.");
+            throwInternalServerException(CONFIG_NULL_ERR_MSG);
         }
        
         conf.setDynamic(lockAppConf);
@@ -115,7 +117,7 @@ public Response patchlockConf(@NotNull String jsonPatchString) throws JsonPatchE
         Conf conf = lockConfigService.findLockConf();
         logger.info("Lock conf:{} ", conf);
         if(conf==null) {
-            throwInternalServerException("It seems Lock module is not setup, kindly check.");
+            throwInternalServerException(CONFIG_NULL_ERR_MSG);
         }
        
         AppConfiguration lockAppConf = Jackson.applyPatch(jsonPatchString, conf.getDynamic());
diff --git a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/service/AuditService.java b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/service/AuditService.java
new file mode 100644
index 00000000000..562ba1dcfc4
--- /dev/null
+++ b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/service/AuditService.java
@@ -0,0 +1,249 @@
+package io.jans.configapi.plugin.lock.service;
+
+import io.jans.as.common.service.OrganizationService;
+import io.jans.as.common.service.common.ApplicationFactory;
+import io.jans.as.common.service.common.InumService;
+import io.jans.as.common.util.AttributeConstants;
+import io.jans.configapi.configuration.ConfigurationFactory;
+import io.jans.configapi.plugin.lock.model.stat.*;
+
+import io.jans.model.SearchRequest;
+import io.jans.orm.PersistenceEntryManager;
+import io.jans.orm.model.PagedResult;
+import io.jans.orm.model.SortOrder;
+import io.jans.orm.search.filter.Filter;
+
+import io.jans.util.StringHelper;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import jakarta.inject.Named;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+
+
+@ApplicationScoped
+public class AuditService {
+
+    @Inject
+    Logger logger;
+
+    @Inject
+    @Named(ApplicationFactory.PERSISTENCE_ENTRY_MANAGER_NAME)
+    PersistenceEntryManager persistenceEntryManager;
+
+    @Inject
+    ConfigurationFactory configurationFactory;
+
+    @Inject
+    OrganizationService organizationService;
+
+    @Inject
+    private InumService inumService;
+
+    public TelemetryEntry addTelemetryData(TelemetryEntry telemetryEntry) {
+        if (telemetryEntry == null) {
+            return telemetryEntry;
+        }
+        String inum = telemetryEntry.getInum();
+        if (StringUtils.isBlank(inum)) {
+            inum = this.generateInumForEntry("telemetry", TelemetryEntry.class);
+            telemetryEntry.setInum(inum);
+
+            telemetryEntry.setDn(this.getDnForTelemetryEntry(inum));
+        }
+        persistenceEntryManager.persist(telemetryEntry);
+
+        telemetryEntry = this.getTelemetryEntryByDn(this.getDnForTelemetryEntry(inum));
+        return telemetryEntry;
+    }
+
+    public void removeTelemetryEntry(TelemetryEntry telemetryEntry) {
+        persistenceEntryManager.removeRecursively(telemetryEntry.getDn(), TelemetryEntry.class);
+    }
+
+    public void updateTelemetryEntry(TelemetryEntry telemetryEntry) {
+        persistenceEntryManager.merge(telemetryEntry);
+    }
+
+    public TelemetryEntry getTelemetryEntryByInum(String inum) {
+        TelemetryEntry result = null;
+        try {
+            result = persistenceEntryManager.find(TelemetryEntry.class, getTelemetryEntryByDn(inum));
+        } catch (Exception ex) {
+            logger.error("Failed to load TelemetryEntry entry", ex);
+        }
+        return result;
+    }
+
+    public List<TelemetryEntry> searchTelemetryEntrys(String pattern, int sizeLimit) {
+
+        logger.debug("Search TelemetryEntrys with pattern:{}, sizeLimit:{}", pattern, sizeLimit);
+
+        String[] targetArray = new String[] { pattern };
+        Filter displayNameFilter = Filter.createSubstringFilter(AttributeConstants.DISPLAY_NAME, null, targetArray,
+                null);
+        Filter descriptionFilter = Filter.createSubstringFilter(AttributeConstants.DESCRIPTION, null, targetArray,
+                null);
+        Filter inumFilter = Filter.createSubstringFilter(AttributeConstants.INUM, null, targetArray, null);
+        Filter searchFilter = Filter.createORFilter(displayNameFilter, descriptionFilter, inumFilter);
+
+        logger.debug("Search TelemetryEntrys with searchFilter:{}", searchFilter);
+        return persistenceEntryManager.findEntries(getDnForTelemetryEntry(null), TelemetryEntry.class, searchFilter,
+                sizeLimit);
+    }
+
+    public List<TelemetryEntry> getAllTelemetryEntrys(int sizeLimit) {
+        return persistenceEntryManager.findEntries(getDnForTelemetryEntry(null), TelemetryEntry.class, null, sizeLimit);
+    }
+
+    public List<TelemetryEntry> getAllTelemetryEntrys() {
+        return persistenceEntryManager.findEntries(getDnForTelemetryEntry(null), TelemetryEntry.class, null);
+    }
+
+    public PagedResult<TelemetryEntry> getTelemetryEntrys(SearchRequest searchRequest) {
+        logger.debug("Search TelemetryEntrys with searchRequest:{}", searchRequest);
+
+        Filter searchFilter = null;
+        List<Filter> filters = new ArrayList<>();
+        if (searchRequest.getFilterAssertionValue() != null && !searchRequest.getFilterAssertionValue().isEmpty()) {
+
+            for (String assertionValue : searchRequest.getFilterAssertionValue()) {
+                String[] targetArray = new String[] { assertionValue };
+                Filter displayNameFilter = Filter.createSubstringFilter(AttributeConstants.DISPLAY_NAME, null,
+                        targetArray, null);
+                Filter descriptionFilter = Filter.createSubstringFilter(AttributeConstants.DESCRIPTION, null,
+                        targetArray, null);
+                Filter inumFilter = Filter.createSubstringFilter(AttributeConstants.INUM, null, targetArray, null);
+                filters.add(Filter.createORFilter(displayNameFilter, descriptionFilter, inumFilter));
+            }
+            searchFilter = Filter.createORFilter(filters);
+        }
+
+        logger.trace("TelemetryEntrys pattern searchFilter:{}", searchFilter);
+        List<Filter> fieldValueFilters = new ArrayList<>();
+        if (searchRequest.getFieldValueMap() != null && !searchRequest.getFieldValueMap().isEmpty()) {
+            for (Map.Entry<String, String> entry : searchRequest.getFieldValueMap().entrySet()) {
+                Filter dataFilter = Filter.createEqualityFilter(entry.getKey(), entry.getValue());
+                logger.trace("TelemetryEntrys dataFilter:{}", dataFilter);
+                fieldValueFilters.add(Filter.createANDFilter(dataFilter));
+            }
+            searchFilter = Filter.createANDFilter(Filter.createORFilter(filters),
+                    Filter.createANDFilter(fieldValueFilters));
+        }
+
+        logger.debug("TelemetryEntrys searchFilter:{}", searchFilter);
+
+        return persistenceEntryManager.findPagedEntries(getDnForTelemetryEntry(null), TelemetryEntry.class,
+                searchFilter, null, searchRequest.getSortBy(), SortOrder.getByValue(searchRequest.getSortOrder()),
+                searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getMaxCount());
+
+    }
+
+    public TelemetryEntry getTelemetryEntryByDn(String dn) {
+        try {
+            return persistenceEntryManager.find(TelemetryEntry.class, dn);
+        } catch (Exception e) {
+            logger.warn("", e);
+            return null;
+        }
+    }
+
+    public String getDnForTelemetryEntry(String inum) {
+        String orgDn = organizationService.getDnForOrganization();
+        if (StringHelper.isEmpty(inum)) {
+            return String.format("ou=lock-telemetry,%s", orgDn);
+        }
+        return String.format("inum=%s,ou=lock-telemetry,%s", inum, orgDn);
+    }
+
+    public HealthEntry addHealthEntry(HealthEntry healthEntry) {
+        if (healthEntry == null) {
+            return healthEntry;
+        }
+        String inum = healthEntry.getInum();
+        if (StringUtils.isBlank(inum)) {
+            inum = this.generateInumForEntry("health",HealthEntry.class);
+            healthEntry.setInum(inum);
+
+            healthEntry.setDn(this.getDnForHealthEntry(inum));
+        }
+        persistenceEntryManager.persist(healthEntry);
+
+        healthEntry = this.getHealthEntryByDn(this.getDnForHealthEntry(inum));
+        return healthEntry;
+    }
+
+    public HealthEntry getHealthEntryByDn(String dn) {
+        try {
+            return persistenceEntryManager.find(HealthEntry.class, dn);
+        } catch (Exception e) {
+            logger.warn("", e);
+            return null;
+        }
+    }
+
+    public String getDnForHealthEntry(String inum) {
+        String orgDn = organizationService.getDnForOrganization();
+        if (StringHelper.isEmpty(inum)) {
+            return String.format("ou=lock-health,%s", orgDn);
+        }
+        return String.format("inum=%s,ou=lock-health,%s", inum, orgDn);
+    }
+
+    public LogEntry addLogData(LogEntry logEntry) {
+        if (logEntry == null) {
+            return logEntry;
+        }
+        String inum = logEntry.getInum();
+        if (StringUtils.isBlank(inum)) {
+            inum = this.generateInumForEntry("log", LogEntry.class);
+            logEntry.setInum(inum);
+
+            logEntry.setDn(this.getDnForLogEntry(inum));
+        }
+        persistenceEntryManager.persist(logEntry);
+
+        logEntry = this.getLogEntryByDn(this.getDnForLogEntry(inum));
+        return logEntry;
+    }
+
+   
+    public LogEntry getLogEntryByDn(String dn) {
+        try {
+            return persistenceEntryManager.find(LogEntry.class, dn);
+        } catch (Exception e) {
+            logger.warn("", e);
+            return null;
+        }
+    }
+
+    public String getDnForLogEntry(String inum) {
+        String orgDn = organizationService.getDnForOrganization();
+        if (StringHelper.isEmpty(inum)) {
+            return String.format("ou=lock-log,%s", orgDn);
+        }
+        return String.format("inum=%s,ou=lock-log,%s", inum, orgDn);
+    }
+    
+    public String generateInumForEntry(String entryName, Class classObj) {
+        String newInum = null;
+        String newDn = null;
+        int trycount = 0;
+        do {
+            if (trycount < InumService.MAX_IDGEN_TRY_COUNT) {
+                newInum = inumService.generateId(entryName);
+                trycount++;
+            } else {
+                newInum = inumService.generateDefaultId();
+            }
+            newDn = getDnForLogEntry(newInum);
+        } while (persistenceEntryManager.contains(newDn, classObj));
+        return newInum;
+    }
+
+}
diff --git a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/util/Constants.java b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/util/Constants.java
index a1c4aa60e7c..d170248b556 100644
--- a/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/util/Constants.java
+++ b/jans-config-api/plugins/lock-plugin/src/main/java/io/jans/configapi/plugin/lock/util/Constants.java
@@ -8,12 +8,32 @@
 
 public class Constants {
 
-    private Constants() {}
+    private Constants() {
+    }
 
+    public static final String LOCK = "/lock";
     public static final String LOCK_CONFIG = "/lockConfig";
-	
-	
-	public static final String LOCK_CONFIG_READ_ACCESS = "https://jans.io/oauth/lock-config.readonly";
+    public static final String AUDIT = "/audit";
+    public static final String HEALTH = "/health";
+    public static final String LOG = "/log";
+    public static final String TELEMETRY = "/telemetry";
+    
+    public static final String LOCK_READ_ACCESS = "https://jans.io/oauth/lock/read-all";
+    public static final String LOCK_WRITE_ACCESS = "https://jans.io/oauth/lock/write-all";
+
+    public static final String LOCK_CONFIG_READ_ACCESS = "https://jans.io/oauth/lock-config.readonly";
     public static final String LOCK_CONFIG_WRITE_ACCESS = "https://jans.io/oauth/lock-config.write";
 
+    public static final String LOCK_AUDIT_READ_ACCESS = "https://jans.io/oauth/lock/audit.readonly";
+    public static final String LOCK_AUDIT_WRITE_ACCESS = "https://jans.io/oauth/lock/audit.write";
+
+    public static final String LOCK_HEALTH_READ_ACCESS = "https://jans.io/oauth/lock/health.readonly";
+    public static final String LOCK_HEALTH_WRITE_ACCESS = "https://jans.io/oauth/lock/health.write";
+
+    public static final String LOCK_LOG_READ_ACCESS = "https://jans.io/oauth/lock/log.readonly";
+    public static final String LOCK_LOG_WRITE_ACCESS = "https://jans.io/oauth/lock/log.write";
+
+    public static final String LOCK_TELEMETRY_READ_ACCESS = "https://jans.io/oauth/lock/telemetry.readonly";
+    public static final String LOCK_TELEMETRY_WRITE_ACCESS = "https://jans.io/oauth/lock/telemetry.write";
+
 }
\ No newline at end of file
diff --git a/jans-config-api/profiles/default/config-api-test.properties b/jans-config-api/profiles/default/config-api-test.properties
index 990186180fc..b08bf6d38c1 100644
--- a/jans-config-api/profiles/default/config-api-test.properties
+++ b/jans-config-api/profiles/default/config-api-test.properties
@@ -1,7 +1,7 @@
 # The URL of your Jans installation
 test.server=https://jenkins-config-api.gluu.org
 
-test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete 
+test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write 
 
 token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token
 token.grant.type=client_credentials
diff --git a/jans-config-api/profiles/jans-ui.jans.io/test.properties b/jans-config-api/profiles/jans-ui.jans.io/test.properties
index 02eac4024bf..bf72142fb26 100644
--- a/jans-config-api/profiles/jans-ui.jans.io/test.properties
+++ b/jans-config-api/profiles/jans-ui.jans.io/test.properties
@@ -1,4 +1,4 @@
-test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete 
+test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write 
 
 # Test env Setting
 token.endpoint=https://jans-ui.jans.io/jans-auth/restv1/token
diff --git a/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties b/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties
index 077b80ded60..5e63322174c 100644
--- a/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties
+++ b/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties
@@ -1,6 +1,6 @@
 test.server=https://jenkins-config-api.gluu.org
 
-test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete 
+test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write 
 
 token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token
 token.grant.type=client_credentials
diff --git a/jans-config-api/profiles/local/test.properties b/jans-config-api/profiles/local/test.properties
index 7ab22911b30..00d84095938 100644
--- a/jans-config-api/profiles/local/test.properties
+++ b/jans-config-api/profiles/local/test.properties
@@ -1,5 +1,5 @@
 #LOCAL
-test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete 
+test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write 
 
 # jans.server
 token.endpoint=https://jans.server3/jans-auth/restv1/token
diff --git a/jans-config-api/server/pom.xml b/jans-config-api/server/pom.xml
index df51e1ccb0b..04768957cad 100644
--- a/jans-config-api/server/pom.xml
+++ b/jans-config-api/server/pom.xml
@@ -314,6 +314,7 @@
 								<package>io.jans.configapi.rest</package>			
 							</resourcePackages>
 							<filterClass/>
+							
 						</configuration>
 					</execution>
 				</executions>
diff --git a/jans-config-api/server/src/main/resources/config-api-rs-protect.json b/jans-config-api/server/src/main/resources/config-api-rs-protect.json
index 62b6a94c1c4..73228b34040 100644
--- a/jans-config-api/server/src/main/resources/config-api-rs-protect.json
+++ b/jans-config-api/server/src/main/resources/config-api-rs-protect.json
@@ -2937,6 +2937,190 @@
           ]
         }
       ]
+    },
+    {
+      "path": "/jans-config-api/lock/audit",
+      "conditions": [
+        {
+          "httpMethods": [
+            "GET"
+          ],
+          "scopes": [
+            {
+              "inum": "1800.01.78",
+              "name": "https://jans.io/oauth/lock/audit.readonly"
+            }
+          ],
+          "groupScopes": [
+            {
+              "inum": "1800.01.79",
+              "name": "https://jans.io/oauth/lock/audit.write"
+            }
+          ],
+          "superScopes": [
+            {
+              "inum": "1800.03.4",
+              "name": "https://jans.io/oauth/lock/read-all"
+            }
+          ]
+        },
+        {
+          "httpMethods": [
+            "POST"
+          ],
+          "scopes": [
+            {
+              "inum": "1800.01.79",
+              "name": "https://jans.io/oauth/lock/audit.write"
+            }
+          ],
+          "groupScopes": [],
+          "superScopes": [
+            {
+              "inum": "1800.03.5",
+              "name": "https://jans.io/oauth/lock/write-all"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "path": "/jans-config-api/lock/audit/health",
+      "conditions": [
+        {
+          "httpMethods": [
+            "GET"
+          ],
+          "scopes": [
+            {
+              "inum": "1800.01.80",
+              "name": "https://jans.io/oauth/lock/health.readonly"
+            }
+          ],
+          "groupScopes": [
+            {
+              "inum": "1800.01.81",
+              "name": "https://jans.io/oauth/lock/health.write"
+            }
+          ],
+          "superScopes": [
+            {
+              "inum": "1800.03.6",
+              "name": "https://jans.io/oauth/lock/audit.readonly"
+            }
+          ]
+        },
+        {
+          "httpMethods": [
+            "POST"
+          ],
+          "scopes": [
+            {
+              "inum": "1800.01.81",
+              "name": "https://jans.io/oauth/lock/health.write"
+            }
+          ],
+          "groupScopes": [],
+          "superScopes": [
+            {
+              "inum": "1800.03.7",
+              "name": "https://jans.io/oauth/lock/audit.write"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "path": "/jans-config-api/lock/audit/log",
+      "conditions": [
+        {
+          "httpMethods": [
+            "GET"
+          ],
+          "scopes": [
+            {
+              "inum": "1800.01.82",
+              "name": "https://jans.io/oauth/lock/log.readonly"
+            }
+          ],
+          "groupScopes": [
+            {
+              "inum": "1800.01.83",
+              "name": "https://jans.io/oauth/lock/log.write"
+            }
+          ],
+          "superScopes": [
+            {
+              "inum": "1800.03.6",
+              "name": "https://jans.io/oauth/lock/audit.readonly"
+            }
+          ]
+        },
+        {
+          "httpMethods": [
+            "POST"
+          ],
+          "scopes": [
+            {
+              "inum": "1800.01.83",
+              "name": "https://jans.io/oauth/lock/log.write"
+            }
+          ],
+          "groupScopes": [],
+          "superScopes": [
+            {
+              "inum": "1800.03.7",
+              "name": "https://jans.io/oauth/lock/audit.write"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "path": "/jans-config-api/lock/audit/telemetry",
+      "conditions": [
+        {
+          "httpMethods": [
+            "GET"
+          ],
+          "scopes": [
+            {
+              "inum": "1800.01.84",
+              "name": "https://jans.io/oauth/lock/telemetry.readonly"
+            }
+          ],
+          "groupScopes": [
+            {
+              "inum": "1800.01.85",
+              "name": "https://jans.io/oauth/lock/telemetry.write"
+            }
+          ],
+          "superScopes": [
+            {
+              "inum": "1800.03.6",
+              "name": "https://jans.io/oauth/lock/audit.readonly"
+            }
+          ]
+        },
+        {
+          "httpMethods": [
+            "POST"
+          ],
+          "scopes": [
+            {
+              "inum": "1800.01.85",
+              "name": "https://jans.io/oauth/lock/telemetry.write"
+            }
+          ],
+          "groupScopes": [],
+          "superScopes": [
+            {
+              "inum": "1800.03.7",
+              "name": "https://jans.io/oauth/lock/audit.write"
+            }
+          ]
+        }
+      ]
     }
   ]
 }
\ No newline at end of file
diff --git a/jans-core/service/src/main/java/io/jans/service/net/BaseHttpService.java b/jans-core/service/src/main/java/io/jans/service/net/BaseHttpService.java
index 8c800f40405..7d6e2a6b950 100644
--- a/jans-core/service/src/main/java/io/jans/service/net/BaseHttpService.java
+++ b/jans-core/service/src/main/java/io/jans/service/net/BaseHttpService.java
@@ -55,6 +55,8 @@
 import jakarta.annotation.PostConstruct;
 import jakarta.inject.Inject;
 import jakarta.servlet.http.HttpServletRequest;
+import org.apache.commons.lang.StringUtils;
+import org.json.JSONObject;
 
 /**
  * Provides operations with http/https requests
@@ -144,10 +146,18 @@ public CloseableHttpClient getHttpsClient(String trustStoreType, String trustSto
 				.setConnectionManager(connectionManager).build();
 	}
 
-	public HttpServiceResponse executePost(HttpClient httpClient, String uri, String authData, Map<String, String> headers, String postData, ContentType contentType) {
+	public HttpServiceResponse executePost(HttpClient httpClient, String uri, String authData, Map<String, String> headers, String postData, ContentType contentType, String authType) {
+	    
         HttpPost httpPost = new HttpPost(uri);
+
+        if(StringHelper.isEmpty(authType)) { 
+            authType = "Basic "; 
+        }
+        else {
+            authType = authType +" "; 
+        }
         if (StringHelper.isNotEmpty(authData)) {
-        	httpPost.setHeader("Authorization", "Basic " + authData);
+        	httpPost.setHeader("Authorization", authType + authData);
         }
 
         if (headers != null) {
@@ -171,11 +181,15 @@ public HttpServiceResponse executePost(HttpClient httpClient, String uri, String
 	}
 
 	public HttpServiceResponse executePost(HttpClient httpClient, String uri, String authData, Map<String, String> headers, String postData) {
-		return executePost(httpClient, uri, authData, headers, postData, null);
+		return executePost(httpClient, uri, authData, headers, postData, null, null);
 	}
 
 	public HttpServiceResponse executePost(HttpClient httpClient, String uri, String authData, String postData, ContentType contentType) {
-        return executePost(httpClient, uri, authData, null, postData, contentType);
+        return executePost(httpClient, uri, authData, null, postData, contentType, null);
+	}
+	
+	public HttpServiceResponse executePost(String uri, String authData, Map<String, String> headers, String postData, ContentType contentType, String authType) {
+	    return executePost(this.getHttpsClient(), uri, authData, null, postData, contentType, authType);
 	}
 
 	public String encodeBase64(String value) {
diff --git a/jans-linux-setup/jans_setup/schema/jans_schema.json b/jans-linux-setup/jans_setup/schema/jans_schema.json
index a251e5e8d59..da7e73d0eb7 100644
--- a/jans-linux-setup/jans_setup/schema/jans_schema.json
+++ b/jans-linux-setup/jans_setup/schema/jans_schema.json
@@ -3911,6 +3911,203 @@
       "substr": "caseIgnoreSubstringsMatch",
       "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
       "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "Policy stats details",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "policyStats"
+      ],
+      "json": true,
+      "rdbm_json_column": true,
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "Request load size",
+      "equality": "integerMatch",
+      "names": [
+        "size"
+      ],
+      "oid": "jansAttr",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.27",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "jansFailCounter",
+      "equality": "integerMatch",
+      "names": [
+        "jansFailCounter"
+      ],
+      "oid": "jansAttr",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.27",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "Time information. Seconds from 1970-01-01T0:0:0Z",
+      "equality": "generalizedTimeMatch",
+      "names": [
+        "evaluationTimeNs"
+      ],
+      "oid": "jansAttr",
+      "ordering": "generalizedTimeOrderingMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.24",
+      "x_origin": "OpenID Connect 1.0 Standard Claim"
+    },
+    {
+      "desc": "Time information. Seconds from 1970-01-01T0:0:0Z",
+      "equality": "generalizedTimeMatch",
+      "names": [
+        "averageTimeNs"
+      ],
+      "oid": "jansAttr",
+      "ordering": "generalizedTimeOrderingMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.24",
+      "x_origin": "OpenID Connect 1.0 Standard Claim"
+    },
+    {
+      "desc": "memoryUsage",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "memoryUsage"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "requestCounter",
+      "equality": "integerMatch",
+      "names": [
+        "requestCounter"
+      ],
+      "oid": "jansAttr",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.27",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "cedarEngineStatus",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "cedarEngineStatus"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "cedarPolicyStatus",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "cedarPolicyStatus"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "tokenDataStatus",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "tokenDataStatus"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "eventTime",
+      "equality": "generalizedTimeMatch",
+      "names": [
+        "eventTime"
+      ],
+      "oid": "jansAttr",
+      "ordering": "generalizedTimeOrderingMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.24",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "eventType",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "eventType"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "severetyLevel",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "severetyLevel"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "policyId",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "policyId"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "policyResult",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "policyResult"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "userAccountId",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "userAccountId"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "clientId",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "clientId"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
+    },
+    {
+      "desc": "sourceInformation",
+      "equality": "caseIgnoreMatch",
+      "names": [
+        "sourceInformation"
+      ],
+      "oid": "jansAttr",
+      "substr": "caseIgnoreSubstringsMatch",
+      "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
+      "x_origin": "Jans created attribute"
     }
   ],
   "objectClasses": [
@@ -5226,6 +5423,81 @@
       ],
       "x_origin": "Jans created objectclass"
     },
+    {
+      "kind": "STRUCTURAL",
+      "may": [
+        "inum",
+        "jansLastUpd",
+        "jansStatus",
+        "cedarEngineStatus",
+        "cedarPolicyStatus",
+        "tokenDataStatus"
+      ],
+      "must": [
+        "objectclass"
+      ],
+      "names": [
+        "jansHealthEntry"
+      ],
+      "oid": "jansObjClass",
+      "sup": [
+        "top"
+      ],
+      "x_origin": "Jans created objectclass"
+    },
+    {
+      "kind": "STRUCTURAL",
+      "may": [
+        "inum",
+        "jansLastUpd",
+        "eventTime",
+        "eventType ",
+        "severetyLevel",
+        "policyId",
+        "policyResult",
+        "userAccountId",
+        "clientId",
+        "sourceInformation"
+      ],
+      "must": [
+        "objectclass"
+      ],
+      "names": [
+        "jansLogEntry"
+      ],
+      "oid": "jansObjClass",
+      "sup": [
+        "top"
+      ],
+      "x_origin": "Jans created objectclass"
+    },
+    {
+      "kind": "STRUCTURAL",
+      "may": [
+        "inum",
+        "jansLastUpd",
+        "size",
+        "jansStatus",
+        "jansCounter",
+        "jansFailCounter",
+        "evaluationTimeNs",
+        "averageTimeNs",
+        "memoryUsage",
+        "requestCounter",
+        "policyStats"
+      ],
+      "must": [
+        "objectclass"
+      ],
+      "names": [
+        "jansTelemetryEntry"
+      ],
+      "oid": "jansObjClass",
+      "sup": [
+        "top"
+      ],
+      "x_origin": "Jans created objectclass"
+    },
     {
       "kind": "STRUCTURAL",
       "may": [
@@ -5323,4 +5595,4 @@
     "jansReserved": "jansOrgOID:0",
     "jansSyntax": "jansPublished:1"
   }
-}
+}
\ No newline at end of file
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py
index c7e7a8b5a4e..df7b3a994a8 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_lock.py
@@ -1,6 +1,7 @@
 import os
 import glob
 import shutil
+import ruamel.yaml
 from pathlib import Path
 
 from setup_app import paths
@@ -8,7 +9,7 @@
 from setup_app.static import AppType, InstallOption
 from setup_app.config import Config
 from setup_app.installers.jetty import JettyInstaller
-from setup_app.utils.ldif_utils import myLdifParser
+from setup_app.utils.ldif_utils import myLdifParser, create_client_ldif
 
 Config.jans_lock_port = '8076'
 Config.jans_opa_host = 'localhost'
@@ -50,6 +51,7 @@ def __init__(self):
         self.opa_bin_dir = os.path.join(self.opa_dir, 'bin')
         self.opa_log_dir = os.path.join(self.opa_dir, 'logs')
         self.base_endpoint = 'jans-lock' if Config.get('install_jans_lock_as_server') else 'jans-auth'
+        self.clients_ldif_fn = os.path.join(self.output_dir, 'clients.ldif')
 
     def install(self):
         if Config.get('install_jans_lock_as_server'):
@@ -61,6 +63,8 @@ def install(self):
         if Config.get('install_opa'):
             self.install_opa()
 
+        self.create_client()
+
         if Config.persistence_type == 'sql' and Config.rdbm_type == 'pgsql':
             self.dbUtils.set_jans_auth_conf_dynamic({'lockMessageConfig': {'enableTokenMessages': True, 'tokenMessagesChannel': 'jans_token'}})
             Config.lock_message_provider_type = 'POSTGRES'
@@ -73,6 +77,39 @@ def install(self):
 
         self.apache_lock_config()
 
+    def create_client(self):
+
+        _, jans_auth_config = self.dbUtils.get_jans_auth_conf_dynamic()
+        Config.templateRenderingDict['jans_auth_token_endpoint'] = jans_auth_config['tokenEndpoint']
+
+        jans_scopes = self.dbUtils.get_scopes()
+        scope_openid = self.dbUtils.get_scope_by_jansid('openid')
+        scopes = [ scope_openid['dn'] ]
+
+        swagger_yaml_fn = base.extract_file(base.current_app.jans_zip, 'jans-config-api/plugins/docs/lock-plugin-swagger.yaml', Config.data_dir)
+        swagger_yaml_str = self.readFile(swagger_yaml_fn)
+        swagger_yml = ruamel.yaml.load(swagger_yaml_str, ruamel.yaml.RoundTripLoader)
+        config_scopes = swagger_yml['components']['securitySchemes']['oauth2']['flows']['clientCredentials']['scopes']
+
+        for config_scope_id in config_scopes:
+            config_scope = self.dbUtils.get_scope_by_jansid(config_scope_id)
+            if config_scope:
+                scopes.append(config_scope['dn'])
+
+        lock_client_prefix = '2200.'
+        check_result = self.check_clients([('lock_client_id', lock_client_prefix)])
+        if check_result.get(lock_client_prefix) == -1:
+            create_client_ldif(
+                ldif_fn=self.clients_ldif_fn,
+                client_id=Config.lock_client_id,
+                encoded_pw=Config.lock_client_encoded_pw,
+                scopes=scopes,
+                redirect_uri=[f'https://{Config.hostname}/jans-lock'],
+                display_name="Jans Lock Config Api Client"
+                )
+
+        self.dbUtils.import_ldif([self.clients_ldif_fn])
+
     def install_as_server(self):
         self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
         self.logIt(f"Copying {self.source_files[0][0]} into jetty webapps folder...")
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/base.py b/jans-linux-setup/jans_setup/setup_app/utils/base.py
index c35f87f5583..6676292e559 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/base.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/base.py
@@ -365,7 +365,9 @@ def mylog(logs):
     urllib.request.install_opener(None)
 
 def extract_file(zip_file, source, target, ren=False):
+    fn = None
     zip_obj = zipfile.ZipFile(zip_file, "r")
+
     for member in zip_obj.infolist():
         if not member.is_dir() and member.filename.endswith(source):
             if ren:
@@ -377,9 +379,13 @@ def extract_file(zip_file, source, target, ren=False):
                     target_p.parent.mkdir(parents=True)
             logIt(f"Extracting {source} from {zip_file} to {target}")
             target_p.write_bytes(zip_obj.read(member))
+            fn = target_p.as_posix()
             break
+
     zip_obj.close()
 
+    return fn
+
 
 def extract_from_zip(zip_file, sub_dir, target_dir, remove_target_dir=False):
     zipobj = zipfile.ZipFile(zip_file, "r")
diff --git a/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py
index 2e52ca08613..77e3d89f575 100644
--- a/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py
+++ b/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py
@@ -43,7 +43,7 @@ class DBUtils:
     cbm = None
     mariadb = False
     rdbm_json_types = MappingProxyType({ 'mysql': {'type': 'JSON'}, 'pgsql': {'type': 'JSONB'}, 'spanner': {'type': 'ARRAY<STRING(MAX)>'} })
-
+    jans_scopes = None
 
     def bind(self, use_ssl=True, force=False):
 
@@ -1252,6 +1252,24 @@ def checkCBRoles(self, buckets=[]):
         return True, None
 
 
+    def get_scopes(self):
+        result = self.search(
+                    search_base='ou=scopes,o=jans',
+                    search_filter='(objectClass=jansScope)',
+                    search_scope=ldap3.LEVEL,
+                    fetchmany=True)
+        sopes = [ sope for _, sope in result ]
+
+        return sopes
+
+    def get_scope_by_jansid(self, jansid):
+        if not self.jans_scopes:
+            self.jans_scopes = self.get_scopes()
+
+        for jans_scope in self.jans_scopes:
+            if jans_scope['jansId'] == jansid:
+                return jans_scope
+
     def __del__(self):
         try:
             self.ldap_conn.unbind()
diff --git a/jans-linux-setup/jans_setup/templates/base.ldif b/jans-linux-setup/jans_setup/templates/base.ldif
index fdf0b9009dd..80dbddc5469 100644
--- a/jans-linux-setup/jans_setup/templates/base.ldif
+++ b/jans-linux-setup/jans_setup/templates/base.ldif
@@ -162,3 +162,18 @@ dn: ou=document,o=jans
 objectClass: top
 objectClass: organizationalUnit
 ou: document
+
+dn: ou=lock-health,o=jans
+objectClass: top
+objectClass: organizationalUnit
+ou: lock-health
+
+dn: ou=lock-log,o=jans
+objectClass: top
+objectClass: organizationalUnit
+ou: lock-log
+
+dn: ou=lock-telemetry,o=jans
+objectClass: top
+objectClass: organizationalUnit
+ou: lock-telemetry
diff --git a/jans-linux-setup/jans_setup/templates/jans-lock/dynamic-conf.json b/jans-linux-setup/jans_setup/templates/jans-lock/dynamic-conf.json
index 9be1bf134bb..7f3f4d15a6b 100644
--- a/jans-linux-setup/jans_setup/templates/jans-lock/dynamic-conf.json
+++ b/jans-linux-setup/jans_setup/templates/jans-lock/dynamic-conf.json
@@ -1,37 +1,42 @@
 {
-   "baseEndpoint" : "https://%(hostname)s/%(base_endpoint)s/v1",
-   "openIdIssuer":"https://%(hostname)s",
-
-   "tokenChannels":[
-         "jans_token"
-      ],
-
-   "cleanServiceInterval":60,
-   "cleanServiceBatchChunkSize":10000,
-
-   "disableJdkLogger":true,
-
-   "loggingLevel":"INFO",
-   "loggingLayout":"text",
-   "externalLoggerConfiguration":"",
-
-   "metricReporterInterval":300,
-   "metricReporterKeepDataDays":15,
-   "metricReporterEnabled":true,
-   "errorReasonEnabled": false,
-   
-   "opaConfiguration": {
-        "baseUrl" : "http://%(jans_opa_host)s:%(jans_opa_port)s/v1/",
-        "accessToken" : ""
-   },
-
-   "policiesJsonUris": [
-   ],
-   "policiesJsonUrisAuthorizationToken" : "",
-
-   "policiesZipUris": [
-   ],
-   "policiesZipUrisAuthorizationToken" : "",
-
-   "pdpType": "OPA"
+  "baseEndpoint": "https://%(hostname)s/%(base_endpoint)s/v1",
+  "openIdIssuer": "https://%(hostname)s",
+  "tokenChannels": [
+    "jans_token"
+  ],
+  "clientId": "%(lock_client_id)s",
+  "clientPassword": "%(lock_client_encoded_pw)s",
+  "tokenUrl": "%(tokenEndpoint)s",
+  "endpointDetails": {
+    "jans-config-api/lock/audit/telemetry": [
+      "https://jans.io/oauth/lock/telemetry.readonly",
+      "https://jans.io/oauth/lock/telemetry.write"
+    ],
+    "jans-config-api/lock/audit/log": [
+      "https://jans.io/oauth/lock/log.write"
+    ],
+    "jans-config-api/lock/audit/health": [
+      "https://jans.io/oauth/lock/health.readonly",
+      "https://jans.io/oauth/lock/health.write"
+    ]
+  },
+  "cleanServiceInterval": 60,
+  "cleanServiceBatchChunkSize": 10000,
+  "disableJdkLogger": true,
+  "loggingLevel": "INFO",
+  "loggingLayout": "text",
+  "externalLoggerConfiguration": "",
+  "metricReporterInterval": 300,
+  "metricReporterKeepDataDays": 15,
+  "metricReporterEnabled": true,
+  "errorReasonEnabled": false,
+  "opaConfiguration": {
+    "baseUrl": "http://%(jans_opa_host)s:%(jans_opa_port)s/v1/",
+    "accessToken": ""
+  },
+  "policiesJsonUris": [],
+  "policiesJsonUrisAuthorizationToken": "",
+  "policiesZipUris": [],
+  "policiesZipUrisAuthorizationToken": "",
+  "pdpType": "OPA"
 }
diff --git a/jans-lock/lock-master/model/src/main/java/io/jans/lock/model/config/AppConfiguration.java b/jans-lock/lock-master/model/src/main/java/io/jans/lock/model/config/AppConfiguration.java
index 017dde58570..b94b4e76606 100644
--- a/jans-lock/lock-master/model/src/main/java/io/jans/lock/model/config/AppConfiguration.java
+++ b/jans-lock/lock-master/model/src/main/java/io/jans/lock/model/config/AppConfiguration.java
@@ -18,6 +18,7 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 
@@ -34,7 +35,9 @@
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class AppConfiguration implements Configuration {
 
-	private String baseDN;
+    @DocProperty(description = "Entry Base distinguished name (DN) that identifies the starting point of a search")
+    @Schema(description = "Entry Base distinguished name (DN) that identifies the starting point of a search")
+    private String baseDN;
 
     @DocProperty(description = "Lock base endpoint URL")
     @Schema(description = "Lock base endpoint URL")
@@ -46,15 +49,31 @@ public class AppConfiguration implements Configuration {
 
     @DocProperty(description = "List of token channel names", defaultValue = "jans_token")
     @Schema(description = "List of token channel names")
-	private List<String> tokenChannels;
+    private List<String> tokenChannels;
 
-	@DocProperty(description = "Choose whether to disable JDK loggers", defaultValue = "true")
-	@Schema(description = "Choose whether to disable JDK loggers")
-	private Boolean disableJdkLogger = true;
+    @DocProperty(description = "Lock Client ID")
+    @Schema(description = "Lock Client ID")
+    private String clientId;
+
+    @DocProperty(description = "Lock client password")
+    @Schema(description = "Lock client password")
+    private String clientPassword;
+
+    @DocProperty(description = "Jans URL of the OpenID Connect Provider's OAuth 2.0 Token Endpoint")
+    @Schema(description = "Jans URL of the OpenID Connect Provider's OAuth 2.0 Token Endpoint")
+    private String tokenUrl;
+
+    @DocProperty(description = "Jans URL of config-api audit endpoints and corresponding scope details")
+    @Schema(description = "Jans URL of config-api audit endpoints and corresponding scope details")
+    private Map<String, List<String>> endpointDetails;
+
+    @DocProperty(description = "Choose whether to disable JDK loggers", defaultValue = "true")
+    @Schema(description = "Choose whether to disable JDK loggers")
+    private Boolean disableJdkLogger = true;
 
     @DocProperty(description = "Specify the logging level of loggers")
     @Schema(description = "Specify the logging level of loggers")
-	private String loggingLevel;
+    private String loggingLevel;
 
     @DocProperty(description = "Logging layout used for Jans Authorization Server loggers")
     @Schema(description = "Logging layout used for Jans Authorization Server loggers")
@@ -66,202 +85,245 @@ public class AppConfiguration implements Configuration {
 
     @DocProperty(description = "Channel for metric reports", defaultValue = "jans_pdp_metric")
     @Schema(description = "Channel for metric reports")
-	private String metricChannel;
+    private String metricChannel;
 
     @DocProperty(description = "The interval for metric reporter in seconds")
     @Schema(description = "The interval for metric reporter in seconds")
-	private int metricReporterInterval;
+    private int metricReporterInterval;
 
     @DocProperty(description = "The days to keep metric reported data")
     @Schema(description = "The days to keep metric reported data")
-	private int metricReporterKeepDataDays;
+    private int metricReporterKeepDataDays;
 
     @DocProperty(description = "Enable metric reporter")
     @Schema(description = "Enable metric reporter")
-	private Boolean metricReporterEnabled;
+    private Boolean metricReporterEnabled;
 
-	// Period in seconds
+    // Period in seconds
     @DocProperty(description = "Time interval for the Clean Service in seconds")
     @Schema(description = "Time interval for the Clean Service in seconds")
-	private int cleanServiceInterval;
-	
+    private int cleanServiceInterval;
+
     @Schema(description = "Opa Configuration")
-	private OpaConfiguration opaConfiguration;
+    private OpaConfiguration opaConfiguration;
 
     @DocProperty(description = "PDP type")
     @Schema(description = "PDP type")
-	private String pdpType;
+    private String pdpType;
 
     @DocProperty(description = "Authorization token to access Json Uris")
     @Schema(description = "Authorization token to access Json Uris")
-	private String policiesJsonUrisAuthorizationToken;
+    private String policiesJsonUrisAuthorizationToken;
 
     @DocProperty(description = "List of Json Uris with link to Rego policies")
     @Schema(description = "List of Json Uris with link to Rego policies")
-	private List<String> policiesJsonUris;
+    private List<String> policiesJsonUris;
 
     @DocProperty(description = "Authorization token to access Zip Uris")
     @Schema(description = "Authorization token to access Zip Uris")
-	private String policiesZipUrisAuthorizationToken;
+    private String policiesZipUrisAuthorizationToken;
 
     @DocProperty(description = "List of Zip Uris with policies")
     @Schema(description = "List of Zip Uris with policies")
-	private List<String> policiesZipUris;
-
-	public String getBaseDN() {
-		return baseDN;
-	}
-
-	public void setBaseDN(String baseDN) {
-		this.baseDN = baseDN;
-	}
-
-	public String getBaseEndpoint() {
-		return baseEndpoint;
-	}
-
-	public void setBaseEndpoint(String baseEndpoint) {
-		this.baseEndpoint = baseEndpoint;
-	}
-
-	public String getOpenIdIssuer() {
-		return openIdIssuer;
-	}
-
-	public void setOpenIdIssuer(String openIdIssuer) {
-		this.openIdIssuer = openIdIssuer;
-	}
-
-	public List<String> getTokenChannels() {
-		if (tokenChannels == null) {
-			tokenChannels = new ArrayList<>();
-		}
-
-		return tokenChannels;
-	}
-
-	public void setTokenChannels(List<String> tokenChannels) {
-		this.tokenChannels = tokenChannels;
-	}
-
-	public Boolean getDisableJdkLogger() {
-		return disableJdkLogger;
-	}
-
-	public void setDisableJdkLogger(Boolean disableJdkLogger) {
-		this.disableJdkLogger = disableJdkLogger;
-	}
-
-	public String getLoggingLevel() {
-		return loggingLevel;
-	}
-
-	public void setLoggingLevel(String loggingLevel) {
-		this.loggingLevel = loggingLevel;
-	}
-
-	public String getLoggingLayout() {
-		return loggingLayout;
-	}
-
-	public void setLoggingLayout(String loggingLayout) {
-		this.loggingLayout = loggingLayout;
-	}
-
-	public String getExternalLoggerConfiguration() {
-		return externalLoggerConfiguration;
-	}
+    private List<String> policiesZipUris;
 
-	public void setExternalLoggerConfiguration(String externalLoggerConfiguration) {
-		this.externalLoggerConfiguration = externalLoggerConfiguration;
-	}
+    public String getBaseDN() {
+        return baseDN;
+    }
 
-	public String getMetricChannel() {
-		return metricChannel;
-	}
+    public void setBaseDN(String baseDN) {
+        this.baseDN = baseDN;
+    }
 
-	public void setMetricChannel(String metricChannel) {
-		this.metricChannel = metricChannel;
-	}
+    public String getBaseEndpoint() {
+        return baseEndpoint;
+    }
 
-	public int getMetricReporterInterval() {
-		return metricReporterInterval;
-	}
+    public void setBaseEndpoint(String baseEndpoint) {
+        this.baseEndpoint = baseEndpoint;
+    }
 
-	public void setMetricReporterInterval(int metricReporterInterval) {
-		this.metricReporterInterval = metricReporterInterval;
-	}
+    public String getOpenIdIssuer() {
+        return openIdIssuer;
+    }
 
-	public int getMetricReporterKeepDataDays() {
-		return metricReporterKeepDataDays;
-	}
+    public void setOpenIdIssuer(String openIdIssuer) {
+        this.openIdIssuer = openIdIssuer;
+    }
 
-	public void setMetricReporterKeepDataDays(int metricReporterKeepDataDays) {
-		this.metricReporterKeepDataDays = metricReporterKeepDataDays;
-	}
+    public List<String> getTokenChannels() {
+        return tokenChannels;
+    }
 
-	public Boolean getMetricReporterEnabled() {
-		return metricReporterEnabled;
-	}
+    public void setTokenChannels(List<String> tokenChannels) {
+        this.tokenChannels = tokenChannels;
+    }
 
-	public void setMetricReporterEnabled(Boolean metricReporterEnabled) {
-		this.metricReporterEnabled = metricReporterEnabled;
-	}
+    public String getClientId() {
+        return clientId;
+    }
 
-	public int getCleanServiceInterval() {
-		return cleanServiceInterval;
-	}
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
 
-	public void setCleanServiceInterval(int cleanServiceInterval) {
-		this.cleanServiceInterval = cleanServiceInterval;
-	}
+    public String getClientPassword() {
+        return clientPassword;
+    }
 
-	public OpaConfiguration getOpaConfiguration() {
-		return opaConfiguration;
-	}
+    public void setClientPassword(String clientPassword) {
+        this.clientPassword = clientPassword;
+    }
 
-	public void setOpaConfiguration(OpaConfiguration opaConfiguration) {
-		this.opaConfiguration = opaConfiguration;
-	}
+    public String getTokenUrl() {
+        return tokenUrl;
+    }
 
-	public String getPdpType() {
-		return pdpType;
-	}
+    public void setTokenUrl(String tokenUrl) {
+        this.tokenUrl = tokenUrl;
+    }
 
-	public void setPdpType(String pdpType) {
-		this.pdpType = pdpType;
-	}
+    public Map<String, List<String>> getEndpointDetails() {
+        return endpointDetails;
+    }
 
-	public String getPoliciesJsonUrisAuthorizationToken() {
-		return policiesJsonUrisAuthorizationToken;
-	}
+    public void setEndpointDetails(Map<String, List<String>> endpointDetails) {
+        this.endpointDetails = endpointDetails;
+    }
 
-	public void setPoliciesJsonUrisAuthorizationToken(String policiesJsonUrisAuthorizationToken) {
-		this.policiesJsonUrisAuthorizationToken = policiesJsonUrisAuthorizationToken;
-	}
+    public Boolean getDisableJdkLogger() {
+        return disableJdkLogger;
+    }
 
-	public List<String> getPoliciesJsonUris() {
-		return policiesJsonUris;
-	}
+    public void setDisableJdkLogger(Boolean disableJdkLogger) {
+        this.disableJdkLogger = disableJdkLogger;
+    }
 
-	public void setPoliciesJsonUris(List<String> policiesJsonUris) {
-		this.policiesJsonUris = policiesJsonUris;
-	}
+    public String getLoggingLevel() {
+        return loggingLevel;
+    }
 
-	public String getPoliciesZipUrisAuthorizationToken() {
-		return policiesZipUrisAuthorizationToken;
-	}
+    public void setLoggingLevel(String loggingLevel) {
+        this.loggingLevel = loggingLevel;
+    }
 
-	public void setPoliciesZipUrisAuthorizationToken(String policiesZipUrisAuthorizationToken) {
-		this.policiesZipUrisAuthorizationToken = policiesZipUrisAuthorizationToken;
-	}
+    public String getLoggingLayout() {
+        return loggingLayout;
+    }
 
-	public List<String> getPoliciesZipUris() {
-		return policiesZipUris;
-	}
+    public void setLoggingLayout(String loggingLayout) {
+        this.loggingLayout = loggingLayout;
+    }
 
-	public void setPoliciesZipUris(List<String> policiesZipUris) {
-		this.policiesZipUris = policiesZipUris;
-	}
+    public String getExternalLoggerConfiguration() {
+        return externalLoggerConfiguration;
+    }
+
+    public void setExternalLoggerConfiguration(String externalLoggerConfiguration) {
+        this.externalLoggerConfiguration = externalLoggerConfiguration;
+    }
+
+    public String getMetricChannel() {
+        return metricChannel;
+    }
+
+    public void setMetricChannel(String metricChannel) {
+        this.metricChannel = metricChannel;
+    }
+
+    public int getMetricReporterInterval() {
+        return metricReporterInterval;
+    }
+
+    public void setMetricReporterInterval(int metricReporterInterval) {
+        this.metricReporterInterval = metricReporterInterval;
+    }
+
+    public int getMetricReporterKeepDataDays() {
+        return metricReporterKeepDataDays;
+    }
+
+    public void setMetricReporterKeepDataDays(int metricReporterKeepDataDays) {
+        this.metricReporterKeepDataDays = metricReporterKeepDataDays;
+    }
+
+    public Boolean getMetricReporterEnabled() {
+        return metricReporterEnabled;
+    }
+
+    public void setMetricReporterEnabled(Boolean metricReporterEnabled) {
+        this.metricReporterEnabled = metricReporterEnabled;
+    }
+
+    public int getCleanServiceInterval() {
+        return cleanServiceInterval;
+    }
+
+    public void setCleanServiceInterval(int cleanServiceInterval) {
+        this.cleanServiceInterval = cleanServiceInterval;
+    }
+
+    public OpaConfiguration getOpaConfiguration() {
+        return opaConfiguration;
+    }
+
+    public void setOpaConfiguration(OpaConfiguration opaConfiguration) {
+        this.opaConfiguration = opaConfiguration;
+    }
+
+    public String getPdpType() {
+        return pdpType;
+    }
+
+    public void setPdpType(String pdpType) {
+        this.pdpType = pdpType;
+    }
+
+    public String getPoliciesJsonUrisAuthorizationToken() {
+        return policiesJsonUrisAuthorizationToken;
+    }
+
+    public void setPoliciesJsonUrisAuthorizationToken(String policiesJsonUrisAuthorizationToken) {
+        this.policiesJsonUrisAuthorizationToken = policiesJsonUrisAuthorizationToken;
+    }
+
+    public List<String> getPoliciesJsonUris() {
+        return policiesJsonUris;
+    }
+
+    public void setPoliciesJsonUris(List<String> policiesJsonUris) {
+        this.policiesJsonUris = policiesJsonUris;
+    }
+
+    public String getPoliciesZipUrisAuthorizationToken() {
+        return policiesZipUrisAuthorizationToken;
+    }
+
+    public void setPoliciesZipUrisAuthorizationToken(String policiesZipUrisAuthorizationToken) {
+        this.policiesZipUrisAuthorizationToken = policiesZipUrisAuthorizationToken;
+    }
+
+    public List<String> getPoliciesZipUris() {
+        return policiesZipUris;
+    }
+
+    public void setPoliciesZipUris(List<String> policiesZipUris) {
+        this.policiesZipUris = policiesZipUris;
+    }
+
+    @Override
+    public String toString() {
+        return "AppConfiguration [baseDN=" + baseDN + ", baseEndpoint=" + baseEndpoint + ", openIdIssuer="
+                + openIdIssuer + ", tokenChannels=" + tokenChannels + ", clientId=" + clientId + ", clientPassword="
+                + clientPassword + ", tokenUrl=" + tokenUrl + ", endpointDetails=" + endpointDetails
+                + ", disableJdkLogger=" + disableJdkLogger + ", loggingLevel=" + loggingLevel + ", loggingLayout="
+                + loggingLayout + ", externalLoggerConfiguration=" + externalLoggerConfiguration + ", metricChannel="
+                + metricChannel + ", metricReporterInterval=" + metricReporterInterval + ", metricReporterKeepDataDays="
+                + metricReporterKeepDataDays + ", metricReporterEnabled=" + metricReporterEnabled
+                + ", cleanServiceInterval=" + cleanServiceInterval + ", opaConfiguration=" + opaConfiguration
+                + ", pdpType=" + pdpType + ", policiesJsonUrisAuthorizationToken=" + policiesJsonUrisAuthorizationToken
+                + ", policiesJsonUris=" + policiesJsonUris + ", policiesZipUrisAuthorizationToken="
+                + policiesZipUrisAuthorizationToken + ", policiesZipUris=" + policiesZipUris + "]";
+    }
 
 }
diff --git a/jans-lock/lock-master/service/pom.xml b/jans-lock/lock-master/service/pom.xml
index ee2d6b03ff5..82878af796b 100644
--- a/jans-lock/lock-master/service/pom.xml
+++ b/jans-lock/lock-master/service/pom.xml
@@ -63,6 +63,18 @@
 			<groupId>io.jans</groupId>
 			<artifactId>jans-core-service</artifactId>
 		</dependency>
+		
+		<dependency>
+			<groupId>io.jans</groupId>
+			<artifactId>jans-auth-client</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>io.jans</groupId>
+			<artifactId>jans-auth-model</artifactId>
+			<version>${project.version}</version>
+		</dependency>
 
 		<dependency>
 			<groupId>io.jans</groupId>
diff --git a/jans-lock/lock-master/server/src/main/java/io/jans/lock/service/net/HttpService.java b/jans-lock/lock-master/service/src/main/java/io/jans/lock/service/net/HttpService.java
similarity index 100%
rename from jans-lock/lock-master/server/src/main/java/io/jans/lock/service/net/HttpService.java
rename to jans-lock/lock-master/service/src/main/java/io/jans/lock/service/net/HttpService.java
diff --git a/jans-lock/lock-master/service/src/main/java/io/jans/lock/service/ws/rs/audit/AuditRestWebServiceImpl.java b/jans-lock/lock-master/service/src/main/java/io/jans/lock/service/ws/rs/audit/AuditRestWebServiceImpl.java
index 5c3c047184b..ca5748e143e 100644
--- a/jans-lock/lock-master/service/src/main/java/io/jans/lock/service/ws/rs/audit/AuditRestWebServiceImpl.java
+++ b/jans-lock/lock-master/service/src/main/java/io/jans/lock/service/ws/rs/audit/AuditRestWebServiceImpl.java
@@ -16,9 +16,9 @@
 
 package io.jans.lock.service.ws.rs.audit;
 
-import org.slf4j.Logger;
-
+import io.jans.lock.util.LockUtil;
 import io.jans.lock.util.ServerUtil;
+
 import jakarta.enterprise.context.Dependent;
 import jakarta.inject.Inject;
 import jakarta.servlet.http.HttpServletRequest;
@@ -26,6 +26,11 @@
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.SecurityContext;
+import jakarta.ws.rs.core.Response.Status;
+
+import org.apache.http.entity.ContentType;
+import org.json.JSONObject;
+import org.slf4j.Logger;
 
 /**
  * Provides interface for audit REST web services
@@ -36,43 +41,64 @@
 @Path("/audit")
 public class AuditRestWebServiceImpl implements AuditRestWebService {
 
-	@Inject
-	private Logger log;
+    @Inject
+    private Logger log;
+
+    @Inject
+    LockUtil lockUtil;
+
+    @Override
+    public Response processHealthRequest(HttpServletRequest request, HttpServletResponse response,
+            SecurityContext sec) {
+        log.debug("Processing Health request - request:{}", request);
+        return processAuditRequest(request, "Health");
+    }
+
+    @Override
+    public Response processLogRequest(HttpServletRequest request, HttpServletResponse response, SecurityContext sec) {
+        log.debug("Processing Log request - request:{}", request);
+        return processAuditRequest(request, "log");
+
+    }
 
-	@Override
-	public Response processHealthRequest(HttpServletRequest request, HttpServletResponse response, SecurityContext sec) {
-		log.debug("Processing Health request");
-		Response.ResponseBuilder builder = Response.ok();
+    @Override
+    public Response processTelemetryRequest(HttpServletRequest request, HttpServletResponse response,
+            SecurityContext sec) {
+        log.debug("Processing Telemetry request - request:{}", request);
+        return processAuditRequest(request, "telemetry");
 
-		builder.cacheControl(ServerUtil.cacheControlWithNoStoreTransformAndPrivate());
-		builder.header(ServerUtil.PRAGMA, ServerUtil.NO_CACHE);
-		builder.entity("{\"res\" : \"ok\"}");
+    }
 
-		return builder.build();
-	}
+    private Response processAuditRequest(HttpServletRequest request, String requestType) {
+        log.debug("Processing request - request:{}, requestType:{}", request, requestType);
 
-	@Override
-	public Response processLogRequest(HttpServletRequest request, HttpServletResponse response, SecurityContext sec) {
-		log.debug("Processing Log request");
-		Response.ResponseBuilder builder = Response.ok();
+        Response.ResponseBuilder builder = Response.ok();
+        builder.cacheControl(ServerUtil.cacheControlWithNoStoreTransformAndPrivate());
+        builder.header(ServerUtil.PRAGMA, ServerUtil.NO_CACHE);
 
-		builder.cacheControl(ServerUtil.cacheControlWithNoStoreTransformAndPrivate());
-		builder.header(ServerUtil.PRAGMA, ServerUtil.NO_CACHE);
-		builder.entity("{\"res\" : \"ok\"}");
+        JSONObject json = this.lockUtil.getJSONObject(request);
+        Response response = this.lockUtil.post(requestType, json.toString(), ContentType.APPLICATION_JSON);
+        log.debug("response:{}", response);
 
-		return builder.build();
-	}
+        if (response != null) {
+            log.trace(
+                    "Response for Access Token -  response.getStatus():{}, response.getStatusInfo():{}, response.getEntity().getClass():{}",
+                    response.getStatus(), response.getStatusInfo(), response.getEntity().getClass());
+            String entity = response.readEntity(String.class);
+            log.debug(" entity:{}", entity);
+            builder.entity(entity);
 
-	@Override
-	public Response processTelemetryRequest(HttpServletRequest request, HttpServletResponse response, SecurityContext sec) {
-		log.debug("Processing Telemetry request");
-		Response.ResponseBuilder builder = Response.ok();
+            if (response.getStatusInfo().equals(Status.CREATED)) {
 
-		builder.cacheControl(ServerUtil.cacheControlWithNoStoreTransformAndPrivate());
-		builder.header(ServerUtil.PRAGMA, ServerUtil.NO_CACHE);
-		builder.entity("{\"res\" : \"ok\"}");
+                log.debug(" Status.CREATED:{}, entity:{}", Status.CREATED, entity);
+            } else {
+                log.error("Error while saving audit data - response.getStatusInfo():{}, entity:{}",
+                        response.getStatusInfo(), entity);
+                builder.status(response.getStatusInfo());
+            }
+        }
 
-		return builder.build();
-	}
+        return builder.build();
+    }
 
 }
diff --git a/jans-lock/lock-master/service/src/main/java/io/jans/lock/util/LockUtil.java b/jans-lock/lock-master/service/src/main/java/io/jans/lock/util/LockUtil.java
new file mode 100644
index 00000000000..6d9bbad4ae6
--- /dev/null
+++ b/jans-lock/lock-master/service/src/main/java/io/jans/lock/util/LockUtil.java
@@ -0,0 +1,346 @@
+package io.jans.lock.util;
+
+import io.jans.as.client.TokenRequest;
+import io.jans.as.client.TokenResponse;
+import io.jans.as.model.common.GrantType;
+import io.jans.as.model.common.ScopeType;
+import io.jans.lock.model.config.AppConfiguration;
+import io.jans.lock.service.net.HttpService;
+import io.jans.model.net.HttpServiceResponse;
+import io.jans.service.EncryptionService;
+import io.jans.util.security.StringEncrypter.EncryptionException;
+
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.client.ClientBuilder;
+import jakarta.ws.rs.client.Entity;
+import jakarta.ws.rs.client.Invocation.Builder;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedHashMap;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.Map.Entry;
+
+import org.apache.http.entity.ContentType;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.util.EntityUtils;
+
+import org.json.JSONObject;
+import org.slf4j.Logger;
+
+@ApplicationScoped
+public class LockUtil {
+
+    private static final String CONTENT_TYPE = "Content-Type";
+    private static final String AUTHORIZATION = "Authorization";
+
+    @Inject
+    Logger log;
+
+    @Inject
+    AppConfiguration appConfiguration;
+
+    @Inject
+    HttpService httpService;
+
+    @Inject
+    EncryptionService encryptionService;
+
+    public String getToken(String endpoint) {
+
+        log.debug("Request for token  for endpoint:{}", endpoint);
+        String tokenUrl = this.appConfiguration.getTokenUrl();
+        String clientId = this.appConfiguration.getClientId();
+
+        String clientSecret = this.getDecryptedPassword(appConfiguration.getClientPassword());
+        String scopes = this.getScopes(endpoint);
+
+        return this.getToken(tokenUrl, clientId, clientSecret, scopes);
+    }
+
+    public String getToken(String tokenUrl, String clientId, String clientSecret, String scopes) {
+        log.debug("Request for token tokenUrl:{}, clientId:{},scopes:{}", tokenUrl, clientId, scopes);
+
+        String accessToken = null;
+        TokenResponse tokenResponse = this.requestAccessToken(tokenUrl, clientId, clientSecret, scopes);
+        if (tokenResponse != null) {
+            accessToken = tokenResponse.getAccessToken();
+        }
+
+        return accessToken;
+    }
+
+    public TokenResponse requestAccessToken(final String tokenUrl, final String clientId, final String clientSecret,
+            final String scope) {
+
+        Response response = null;
+        try {
+            TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
+            tokenRequest.setScope(scope);
+            tokenRequest.setAuthUsername(clientId);
+            tokenRequest.setAuthPassword(clientSecret);
+            Builder request = getClientBuilder(tokenUrl);
+            request.header(AUTHORIZATION, "Basic " + tokenRequest.getEncodedCredentials());
+            request.header(CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED);
+            final MultivaluedHashMap<String, String> multivaluedHashMap = new MultivaluedHashMap<>(
+                    tokenRequest.getParameters());
+            response = request.post(Entity.form(multivaluedHashMap));
+            log.trace("Response for Access Token -  response:{}", response);
+            if (response.getStatus() == 200) {
+                String entity = response.readEntity(String.class);
+                TokenResponse tokenResponse = new TokenResponse();
+                tokenResponse.setEntity(entity);
+                tokenResponse.injectDataFromJson(entity);
+                return tokenResponse;
+            }
+        } finally {
+
+            if (response != null) {
+                response.close();
+            }
+        }
+        return null;
+    }
+
+    public HttpServiceResponse postData(String endpoint, String postData, ContentType contentType) {
+        log.debug("postData - endpoint:{}, postData:{}", endpoint, postData);
+        String endpointPath = this.getEndpointPath(endpoint);
+        String token = this.getToken(endpointPath);
+
+        return postData(this.getEndpointUrl(endpointPath), null, token, null, contentType, postData);
+    }
+
+    public HttpServiceResponse postData(String uri, String authType, String token, Map<String, String> headers,
+            ContentType contentType, String postData) {
+        log.debug("postData - uri:{}, token:{}, data", uri, token);
+
+        if (StringUtils.isBlank(authType)) {
+            authType = "Bearer ";
+        }
+        if (contentType == null) {
+            contentType = ContentType.APPLICATION_JSON;
+        }
+
+        if (headers == null) {
+            headers = new HashMap<>();
+        }
+        headers.put(CONTENT_TYPE, ContentType.APPLICATION_JSON.toString());
+        headers.put(AUTHORIZATION, authType + token);
+
+        HttpServiceResponse response = httpService.executePost(uri, token, headers, postData, contentType, authType);
+
+        log.debug("response:{}", response);
+        return response;
+    }
+
+    public String getResponseEntityString(HttpServiceResponse serviceResponse, Status status) {
+        String jsonString = null;
+
+        if (serviceResponse == null) {
+            return jsonString;
+        }
+
+        if (serviceResponse.getHttpResponse() != null && serviceResponse.getHttpResponse().getStatusLine() != null
+                && serviceResponse.getHttpResponse().getStatusLine().getStatusCode() == status.getStatusCode()) {
+            HttpEntity entity = serviceResponse.getHttpResponse().getEntity();
+            if (entity == null) {
+                return jsonString;
+            }
+            jsonString = entity.toString();
+
+        }
+        return jsonString;
+    }
+
+    public String getResponseEntityString(HttpServiceResponse serviceResponse) {
+        String jsonString = null;
+
+        if (serviceResponse == null || serviceResponse.getHttpResponse() == null) {
+            return jsonString;
+        }
+
+        HttpEntity entity = serviceResponse.getHttpResponse().getEntity();
+        if (entity == null) {
+            return jsonString;
+        }
+        jsonString = entity.toString();
+
+        try {
+            log.debug("serviceResponse.getHttpResponse().getEntity():{}",
+                    serviceResponse.getHttpResponse().getEntity());
+            String responseMsg = EntityUtils.toString(serviceResponse.getHttpResponse().getEntity(), "UTF-8");
+            log.debug("New responseMsg:{}", responseMsg);
+        } catch (Exception ex) {
+            log.error("Error while getting entity using EntityUtils is ", ex);
+        }
+        return jsonString;
+    }
+
+    public JSONObject getResponseJson(HttpServiceResponse serviceResponse) {
+        JSONObject jsonObj = null;
+        if (serviceResponse == null || serviceResponse.getHttpResponse() == null) {
+            return jsonObj;
+        }
+
+        HttpResponse httpResponse = serviceResponse.getHttpResponse();
+        if (httpResponse != null && httpResponse.getEntity() != null) {
+            jsonObj = new JSONObject(httpResponse.getEntity());
+            log.debug("getResponseJson() - .jsonObj:{}", jsonObj);
+        }
+
+        return jsonObj;
+    }
+
+    public Status getResponseStatus(HttpServiceResponse serviceResponse) {
+        Status status = Status.INTERNAL_SERVER_ERROR;
+
+        if (serviceResponse == null || serviceResponse.getHttpResponse() == null) {
+            return status;
+        }
+
+        int statusCode = serviceResponse.getHttpResponse().getStatusLine().getStatusCode();
+
+        status = Status.fromStatusCode(statusCode);
+        if (status == null) {
+            status = Status.INTERNAL_SERVER_ERROR;
+        }
+        return status;
+    }
+
+    public JSONObject getJSONObject(HttpServletRequest request) {
+        JSONObject jsonBody = null;
+        if (request == null) {
+            return jsonBody;
+        }
+        try {
+            String jsonBodyStr = IOUtils.toString(request.getInputStream());
+            jsonBody = new JSONObject(jsonBodyStr);
+            log.debug(" jsonBody:{}", jsonBody);
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            log.error("Exception while retriving json from request is - ", ex);
+        }
+        return jsonBody;
+    }
+
+    public String getDecryptedPassword(String clientPassword) {
+        String decryptedPassword = null;
+        if (clientPassword != null) {
+            try {
+                decryptedPassword = encryptionService.decrypt(clientPassword);
+            } catch (EncryptionException ex) {
+                log.error("Failed to decrypt password", ex);
+            }
+        }
+        return decryptedPassword;
+    }
+
+    public String getScopes(String endpoint) {
+        String scopes = null;
+        List<String> scopeList = null;
+        Map<String, List<String>> endpointMap = this.appConfiguration.getEndpointDetails();
+        log.debug("Get scope for endpoint:{} from endpointMap:{}", endpoint, endpointMap);
+
+        if (endpointMap == null || endpointMap.isEmpty()) {
+            return scopes;
+        }
+
+        scopeList = endpointMap.get(endpoint);
+
+        if (scopeList == null || scopeList.isEmpty()) {
+            return scopes;
+        }
+
+        Set<String> scopesSet = new HashSet<>(scopeList);
+
+        StringBuilder scope = new StringBuilder(ScopeType.OPENID.getValue());
+        for (String s : scopesSet) {
+            scope.append(" ").append(s);
+        }
+        log.debug("endpoint:{}, endpointMap:{}, scope:{}", endpoint, endpointMap, scope);
+        return scope.toString();
+    }
+
+    private String getEndpointPath(String endpoint) {
+        Map<String, List<String>> endpointMap = this.appConfiguration.getEndpointDetails();
+        log.debug("Get endpoint URL for endpoint:{} from endpointMap:{}", endpoint, endpointMap);
+
+        if (StringUtils.isBlank(endpoint) || endpointMap == null || endpointMap.isEmpty()) {
+            return endpoint;
+        }
+
+        Set<String> keys = endpointMap.keySet();
+        String endpointPath = keys.stream()
+                .filter(e -> e != null && e.toLowerCase().endsWith("/" + endpoint.toLowerCase())).findFirst()
+                .orElse(null);
+        log.debug("Final endpoint:{}, keys:{}, endpointPath:{}", endpoint, keys, endpointPath);
+        return endpointPath;
+    }
+
+    private String getEndpointUrl(String endpoint) {
+        if (StringUtils.isBlank(endpoint)) {
+            return endpoint;
+        }
+
+        StringBuilder sb = new StringBuilder();
+        sb.append(appConfiguration.getOpenIdIssuer());
+        sb.append("/");
+        sb.append(endpoint);
+
+        log.debug("endpoint:{} url is  sb:{}", endpoint, sb);
+        return sb.toString();
+    }
+
+    private static Builder getClientBuilder(String url) {
+        return ClientBuilder.newClient().target(url).request();
+    }
+
+    public Response post(String endpoint, String postData, ContentType contentType) {
+        log.debug("postData - endpoint:{}, postData:{}", endpoint, postData);
+        String endpointPath = this.getEndpointPath(endpoint);
+        String token = this.getToken(endpointPath);
+
+        return post(this.getEndpointUrl(endpointPath), null, token, null, contentType, postData);
+    }
+
+    private Response post(String url, String authType, String token, Map<String, String> headers,
+            ContentType contentType, String postData) {
+        log.debug("postData - url:{}, authType:{}, token:{}, headers:{}, contentType:{}, postData:{}", url, authType,
+                token, headers, contentType, postData);
+
+        if (StringUtils.isBlank(authType)) {
+            authType = "Bearer ";
+        }
+        if (contentType == null) {
+            contentType = ContentType.APPLICATION_JSON;
+        }
+
+        Builder request = getClientBuilder(url);
+        request.header(AUTHORIZATION, authType + token);
+        request.header(CONTENT_TYPE, contentType);
+
+        if (headers != null) {
+            for (Entry<String, String> headerEntry : headers.entrySet()) {
+                request.header(headerEntry.getKey(), headerEntry.getValue());
+            }
+        }
+
+        log.debug(" request:{}}", request);
+
+        Response response = request.post(Entity.entity(postData, MediaType.APPLICATION_JSON));
+        log.debug(" response:{}", response);
+
+        return response;
+    }
+
+}

From 6d5dbf0a7e014c89749c4f9f9a35e7e4dea92d27 Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Tue, 30 Jul 2024 13:07:47 +0300
Subject: [PATCH 27/43] fix(jans-linux-setup): set size of acr in jansToken is
 1024 (#9055)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json b/jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json
index f134fcb5a37..754c165cf3c 100644
--- a/jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json
+++ b/jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json
@@ -444,6 +444,12 @@
       "type": "STRING"
     }
   },
+  "jansToken:acr": {
+    "mysql": {
+      "size": 1024,
+      "type": "VARCHAR"
+    }
+  },
   "jansJwks": {
     "mysql": {
       "type": "TEXT"

From 382be5c00e8b1b6b4f457bfe5aef780fab182f1a Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Tue, 30 Jul 2024 14:51:18 +0300
Subject: [PATCH 28/43] fix(jans-linux-setup): auto convert varchar to string
 for spanner (#9059)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 jans-linux-setup/jans_setup/setup_app/installers/rdbm.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py b/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py
index 239276124ec..8272856bef4 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py
@@ -197,7 +197,8 @@ def get_sql_col_type(self, attrname, table=None):
             if table in type_.get('tables', {}):
                 type_ = type_['tables'][table]
             if 'size' in type_:
-                data_type = '{}({})'.format(type_['type'], type_['size'])
+                dtype = 'STRING' if type_['type'] and Config.rdbm_type == 'spanner' else type_['type']
+                data_type = '{}({})'.format(dtype, type_['size'])
             else:
                 data_type = type_['type']
 

From 9cda8e84ab97a877b03f614355640b99b2f54095 Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Tue, 30 Jul 2024 20:51:02 +0400
Subject: [PATCH 29/43] fix(jans-lock): fix lock startup in jans-auth service
 mode (#9062)

* fix(jans-lock): fix lock startup in jans-auth service mode

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* fix(jans-lock): fix lock startup in jans-auth service mode

---------

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
---
 .../src/main/java/io/jans/lock/service/net/HttpService.java | 0
 .../service/src/main/java/io/jans/lock/util/LockUtil.java   | 6 +++---
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename jans-lock/lock-master/{service => server}/src/main/java/io/jans/lock/service/net/HttpService.java (100%)

diff --git a/jans-lock/lock-master/service/src/main/java/io/jans/lock/service/net/HttpService.java b/jans-lock/lock-master/server/src/main/java/io/jans/lock/service/net/HttpService.java
similarity index 100%
rename from jans-lock/lock-master/service/src/main/java/io/jans/lock/service/net/HttpService.java
rename to jans-lock/lock-master/server/src/main/java/io/jans/lock/service/net/HttpService.java
diff --git a/jans-lock/lock-master/service/src/main/java/io/jans/lock/util/LockUtil.java b/jans-lock/lock-master/service/src/main/java/io/jans/lock/util/LockUtil.java
index 6d9bbad4ae6..d0483384f88 100644
--- a/jans-lock/lock-master/service/src/main/java/io/jans/lock/util/LockUtil.java
+++ b/jans-lock/lock-master/service/src/main/java/io/jans/lock/util/LockUtil.java
@@ -5,9 +5,9 @@
 import io.jans.as.model.common.GrantType;
 import io.jans.as.model.common.ScopeType;
 import io.jans.lock.model.config.AppConfiguration;
-import io.jans.lock.service.net.HttpService;
 import io.jans.model.net.HttpServiceResponse;
 import io.jans.service.EncryptionService;
+import io.jans.service.net.BaseHttpService;
 import io.jans.util.security.StringEncrypter.EncryptionException;
 
 import jakarta.enterprise.context.ApplicationScoped;
@@ -48,10 +48,10 @@ public class LockUtil {
     Logger log;
 
     @Inject
-    AppConfiguration appConfiguration;
+    private AppConfiguration appConfiguration;
 
     @Inject
-    HttpService httpService;
+    private BaseHttpService httpService;
 
     @Inject
     EncryptionService encryptionService;

From 649c747ac3da6bf59b5e07f0f022aa14b319abe1 Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Wed, 31 Jul 2024 14:32:26 +0700
Subject: [PATCH 30/43] fix(jans-linux-setup): removed trailing whitespace on
 eventType column (#9066)

Signed-off-by: iromli <isman.firmansyah@gmail.com>
---
 jans-linux-setup/jans_setup/schema/jans_schema.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jans-linux-setup/jans_setup/schema/jans_schema.json b/jans-linux-setup/jans_setup/schema/jans_schema.json
index da7e73d0eb7..cebbc8f49a2 100644
--- a/jans-linux-setup/jans_setup/schema/jans_schema.json
+++ b/jans-linux-setup/jans_setup/schema/jans_schema.json
@@ -5451,7 +5451,7 @@
         "inum",
         "jansLastUpd",
         "eventTime",
-        "eventType ",
+        "eventType",
         "severetyLevel",
         "policyId",
         "policyResult",

From 1566ca2cfb2471b62dddb03f2c8b1b6053fc4075 Mon Sep 17 00:00:00 2001
From: Dhaval D <343411+ossdhaval@users.noreply.github.com>
Date: Wed, 31 Jul 2024 13:38:09 +0530
Subject: [PATCH 31/43] docs(config): custom assets configuration via CLI and
 TUI (#9067)

* docs: create custom asset config document

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(config): proofreading

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(config): minor updates

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs: fix format issue

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(config): fix add and update sections

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

---------

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
---
 .../custom-assets-configuration.md            | 401 ++++++++++++++++++
 docs/assets/tui-asset-data.png                | Bin 0 -> 26048 bytes
 docs/assets/tui-asset-screen.png              | Bin 0 -> 20337 bytes
 3 files changed, 401 insertions(+)
 create mode 100644 docs/assets/tui-asset-data.png
 create mode 100644 docs/assets/tui-asset-screen.png

diff --git a/docs/admin/config-guide/custom-assets-configuration.md b/docs/admin/config-guide/custom-assets-configuration.md
index e69de29bb2d..95d56f20faa 100644
--- a/docs/admin/config-guide/custom-assets-configuration.md
+++ b/docs/admin/config-guide/custom-assets-configuration.md
@@ -0,0 +1,401 @@
+---
+tags:
+ - administration
+ - configuration
+ - custom assets
+---
+
+# Custom Assets Configuration
+
+The Janssen Server provides multiple configuration tools to configure custom
+assets.
+
+=== "Use Command-line"
+
+    Use the command line to perform actions from the terminal. Learn how to 
+    use Jans CLI [here](../config-guide/config-tools/jans-cli/README.md) or jump straight to 
+    the [Using Command Line](#using-command-line)
+
+=== "Use Text-based UI"
+
+    Use a fully functional text-based user interface from the terminal. 
+    Learn how to use Jans Text-based UI (TUI) 
+    [here](../config-guide/config-tools/jans-tui/README.md) or jump straight to the
+    [Using Text-based UI](#using-text-based-ui)
+
+=== "Use REST API"
+
+    Use REST API for programmatic access or invoke via tools like CURL or 
+    Postman. Learn how to use Janssen Server Config API 
+    [here](../config-guide/config-tools/config-api/README.md) or Jump straight to the
+    [Using Configuration REST API](#using-configuration-rest-api)
+
+##  Using The Command Line
+
+
+In the Janssen Server, you can deploy custom assets using the
+command line. To get the details of Janssen command line operations relevant to
+the custom assets, check the operations under the `JansAssets` task using the
+command below.
+
+```bash title="Command"
+/opt/jans/jans-cli/config-cli.py --info JansAssets
+```
+
+```test title="Sample Output" linenums="1"
+Operation ID: get-asset-by-inum
+ Description: Gets an asset by inum - unique identifier
+ Parameters:
+ inum: Asset Inum [string]
+Operation ID: delete-asset
+ Description: Delete an asset
+ Parameters:
+ inum: Asset identifier [string]
+Operation ID: get-asset-by-name
+ Description: Fetch asset by name.
+ Parameters:
+ name: Asset Name [string]
+Operation ID: get-all-assets
+ Description: Gets all Jans assets.
+ Parameters:
+ limit: Search size - max size of the results to return [integer]
+ pattern: Search pattern [string]
+ status: Status of the attribute [string]
+ startIndex: The 1-based index of the first query result [integer]
+ sortBy: Attribute whose value will be used to order the returned response [string]
+ sortOrder: Order in which the sortBy param is applied. Allowed values are "ascending" and "descending" [string]
+ fieldValuePair: Field and value pair for searching [string]
+Operation ID: get-asset-services
+ Description: Gets asset services
+Operation ID: get-asset-types
+ Description: Get valid asset types
+Operation ID: put-asset
+ Description: Update existing asset
+ Schema: AssetForm
+Operation ID: post-new-asset
+ Description: Upload new asset
+ Schema: AssetForm
+
+To get sample schema type /opt/jans/jans-cli/config-cli.py --schema-sample <schema>, for example /opt/jans/jans-cli/config-cli.py --schema-sample AssetForm
+```
+
+### Get All Current Custom Assets
+
+Get all the currently configured custom assets on the Janssen Server by 
+performing this operation.
+
+```bash title="Command"
+/opt/jans/jans-cli/config-cli.py --operation-id get-all-assets
+```
+```json title="Sample Output" linenums="1"
+{
+  "start": 0,
+  "totalEntriesCount": 2,
+  "entriesCount": 2,
+  "entries": [
+ {
+      "dn": "inum=36014ca4-0978-4d95-8858-964b815ea770,ou=document,o=jans",
+      "inum": "36014ca4-0978-4d95-8858-964b815ea770",
+      "displayName": "custom.xhtml",
+      "description": "custom page",
+      "document": "",
+      "creationDate": "2024-07-25T11:40:17",
+      "jansService": [
+        "jans-auth"
+ ],
+      "jansLevel": 1,
+      "jansEnabled": true,
+      "baseDn": "inum=36014ca4-0978-4d95-8858-964b815ea770,ou=document,o=jans"
+ },
+ {
+      "dn": "inum=b5ab08e4-17b2-487d-845a-bdc6b48fd5b4,ou=document,o=jans",
+      "inum": "b5ab08e4-17b2-487d-845a-bdc6b48fd5b4",
+      "displayName": "a.png",
+      "description": "custom image",
+      "document": "",
+      "creationDate": "2024-07-25T11:44:38",
+      "jansService": [
+        "jans-auth"
+ ],
+      "jansLevel": 2,
+      "jansEnabled": true,
+      "baseDn": "inum=b5ab08e4-17b2-487d-845a-bdc6b48fd5b4,ou=document,o=jans"
+ }
+ ]
+}
+```
+
+### Get Custom Asset By inum
+
+With `get-all-assets` operation-id, we can get any specific asset matched 
+with `inum`. If we know the `inum`, we can simply use the below command:
+
+```bash title="Command"
+/opt/jans/jans-cli/config-cli.py --operation-id get-asset-by-inum \
+--url-suffix inum:36014ca4-0978-4d95-8858-964b815ea770
+```
+It returns the details as below:
+
+
+```json title="Sample Output" linenums="1"
+ {
+  "dn": "inum=36014ca4-0978-4d95-8858-964b815ea770,ou=document,o=jans",
+  "inum": "36014ca4-0978-4d95-8858-964b815ea770",
+  "displayName": "custom.xhtml",
+  "description": "custom page",
+  "document": "",
+  "creationDate": "2024-07-25T11:40:17",
+  "jansService": [
+    "jans-auth"
+ ],
+  "jansLevel": 1,
+  "jansEnabled": true,
+  "baseDn": "inum=36014ca4-0978-4d95-8858-964b815ea770,ou=document,o=jans"
+}
+```
+
+
+### Get Custom Asset By Name
+
+With `get-asset-by-name` operation-id, we can get any specific asset matched with `name`.
+ If we know the `name`, we can simply use the below command:
+
+```bash title="Command"
+/opt/jans/jans-cli/config-cli.py --operation-id get-asset-by-name \
+--url-suffix name:a.png
+```
+It returns the details as below:
+
+```json title="Sample Output" linenums="1"
+{
+  "start": 0,
+  "totalEntriesCount": 1,
+  "entriesCount": 1,
+  "entries": [
+ {
+      "dn": "inum=b5ab08e4-17b2-487d-845a-bdc6b48fd5b4,ou=document,o=jans",
+      "inum": "b5ab08e4-17b2-487d-845a-bdc6b48fd5b4",
+      "displayName": "a.png",
+      "description": "custom image",
+      "document": "",
+      "creationDate": "2024-07-25T11:44:38",
+      "jansService": [
+        "jans-auth"
+ ],
+      "jansLevel": 2,
+      "jansEnabled": true,
+      "baseDn": "inum=b5ab08e4-17b2-487d-845a-bdc6b48fd5b4,ou=document,o=jans"
+ }
+ ]
+}
+```
+
+### Get Services
+
+
+Get the list of Janssen Server services that support custom assets
+ by performing `get-asset-services` operation.
+
+```bash title="Command"
+/opt/jans/jans-cli/config-cli.py --operation-id get-asset-services
+```
+
+```text title="Sample Output" linenums="1"
+[
+ "jans-auth",
+ "jans-casa",
+ "jans-config-api",
+ "jans-fido2",
+ "jans-link",
+ "jans-lock",
+ "jans-scim",
+ "jans-keycloak-link"
+]
+```
+
+
+### Get Valid Asset Types
+
+Get the asset types of your Janssen Server by performing `get-asset-types` 
+operation.
+
+```bash title="Command"
+/opt/jans/jans-cli/config-cli.py --operation-id get-asset-types
+```
+
+```text title="Sample Output" linenums="1"
+[
+ "properties",
+ "jar",
+ "xhtml",
+ "js",
+ "css",
+ "png",
+ "gif",
+ "jpg",
+ "jpeg"
+]
+```
+
+### Add New Custom Asset
+
+To create a new asset, we can use `post-new-asset` operation id. As shown in
+the [output](#using-command-line) for `--info` command, the `post-new-asset` 
+operation requires data to be sent according to `AssetForm` schema.
+
+
+To see the schema, use the command below:
+
+```bash title="Command"
+/opt/jans/jans-cli/config-cli.py --schema AssetForm
+```
+
+For better understanding, the Janssen Server also provides a sample of data to 
+be sent to the server. This sample conforms to the schema above. Use the command 
+below to get the sample.
+
+```bash title="Command"
+/opt/jans/jans-cli/config-cli.py --schema-sample AssetForm
+```
+
+Using the schema and the example above, we have added below data to the 
+file `/tmp/add-asset.json`. Example below will load `p.properties` file as
+a custom asset to the `jans-auth` service.
+
+```json title="Input" linenums="1" 
+{
+  "document": {
+    "displayName": "p.properties",
+    "description": "Valid text description",
+    "jansService": [
+      "jans-auth"
+    ],
+    "jansLevel": 142,
+    "jansEnabled": true
+  },
+  "assetFile": "/tmp/p.properties"
+}
+
+```
+Now let's post this Assert to the Janssen Server to be added to the existing set:
+
+```bash title="Command"
+ /opt/jans/jans-cli/config-cli.py --operation-id post-new-asset \
+ --data /tmp/add-asset.json
+```
+
+
+
+### Update Existing Custom Assets
+
+Use the `put-asset` operation to update an existing asset. This operation uses
+same schema as [add new asset](#add-new-custom-asset) operation. For example,
+assuming that there is an existing asset as show below:
+
+```json title="Existing Asset"
+    {
+      "dn": "inum=48f2e07b-b879-4db2-816b-36bc4d69701f,ou=document,o=jans",
+      "inum": "48f2e07b-b879-4db2-816b-36bc4d69701f",
+      "displayName": "p.properties",
+      "description": "Valid text description",
+      "document": "cHJvcGVydGllcyBoZXJlLiAK\r\n",
+      "creationDate": "2024-07-31T06:24:55",
+      "jansService": [
+        "jans-auth"
+      ],
+      "jansLevel": 142,
+      "jansEnabled": true,
+      "baseDn": "inum=48f2e07b-b879-4db2-816b-36bc4d69701f,ou=document,o=jans"
+    }
+```
+
+Now to update level of this asset to 6, create a text file with following
+content in it. Let's name this text file as `/tmp/update-asset.json`
+
+```json 
+{
+  "document": {
+      "dn": "inum=48f2e07b-b879-4db2-816b-36bc4d69701f,ou=document,o=jans",
+      "inum": "48f2e07b-b879-4db2-816b-36bc4d69701f",
+      "displayName": "p.properties",
+      "description": "Valid text description",
+      "document": "cHJvcGVydGllcyBoZXJlLiAK\r\n",
+      "creationDate": "2024-07-31T06:24:55",
+      "jansService": [
+        "jans-auth"
+      ],
+      "jansLevel": 6,
+      "jansEnabled": true
+   },
+  "assetFile": "/tmp/p.properties"
+}
+```
+
+Now use the command below to update the asset with new value for level.
+
+```bash title="Sample Command"
+/opt/jans/jans-cli/config-cli.py --operation-id put-asset \
+--data /tmp/update-asset.json
+```
+
+Upon successful execution, this command will return with updated asset values.
+
+```json title="Return values"
+
+```
+
+3. We have changed only the `` to ` ` in the existing asset.
+ Use the updated file to send the update to the Janssen Server using the command below
+ ```bash title="Command"
+   /opt/jans/jans-cli/config-cli.py --operation-id put-asset \
+   --data /tmp/update-asset.json
+ ```
+This will update the existing asset matched with inum value.
+
+
+### Delete Custom Asset
+
+You can delete any custom asset by its `inum` value.
+
+```bash title="Command"
+/opt/jans/jans-cli/config-cli.py --operation-id delete-asset \
+--url-suffix inum:36014ca4-0978-4d95-8858-964b815ea770
+```
+
+## Using Text-based UI
+
+
+In Janssen, You can deploy custom asset using
+the [Text-Based UI](./config-tools/jans-tui/README.md) also.
+
+You can start TUI using the command below:
+
+```bash title="Command"
+sudo /opt/jans/jans-cli/jans_cli_tui.py
+```
+
+### Asset Screen
+
+Navigate to `Assets` tab to open the Assets screen as shown in the image below.
+
+* To get the list of currently added Assets, bring the control to the Search 
+box (using the tab key), and press Enter. Type the search string to search 
+for Asset with matching `Display Name` and `inum`.
+
+
+![Image](../../assets/tui-asset-screen.png)
+
+
+* Use the `Add Asset` button to create a new asset. 
+* From the screen below, select the custom asset that needs to be uploaded
+and select the Janssen Server service to which the asset will be uploaded.
+
+![Image](../../assets/tui-asset-data.png)
+
+
+
+## Using Configuration REST API
+
+Janssen Server Configuration REST API exposes relevant endpoints for managing
+and configuring the custom assets. Endpoint details are published in the [Swagger
+document](./../reference/openapi.md).
\ No newline at end of file
diff --git a/docs/assets/tui-asset-data.png b/docs/assets/tui-asset-data.png
new file mode 100644
index 0000000000000000000000000000000000000000..2dbad5876b9ff264be823de00cc4b12a5a48a2b8
GIT binary patch
literal 26048
zcmdSBV|XQ7&@h^bZF^$doOoi}){gCoC!SzpO*pZQ9UBwdwym2vXU;kAd!O&#`}?jR
z-Mw~qtyNX4x>l)on1Y-H0xT{p2nYy*<Y!SO5D<v^_v?LV$oC^FX?5rO3EW9oQU&_G
zc|)6geedHqi)lD3+nG7L89JJRnA_Ufn9@5LJDQr>I$78`pMe1d-XEg>{g8;GsiCu_
zoh`A7rHv_wxTB?sp$9Pw2eFh3;Qh?R!bZ%*%EQdb!^A<XAUg*lmInet3?eBiq~e}_
zyyE7pqPo<#v6dnkdJXx5>_-S;9%s=cdL;;^ioho!z<lKsXn6P+R5;@B9B2|MnrxL=
z64`?`5olyj+=Ic9hu6<vf)ZhZ3hwG=H6uojYn~c6S><n;Wv19r{%cKQ8n(_*qW?8m
z5r3QiaXX)?lAh$fy`j3!^I^4PLk!EW?2mo@-3Hk6I_iI4=%C?Do%MI;@(P;jRA4G^
z_}zU1svD{bXU^5E$49RdKr@a6O7k1`jRbV_8rm)2>>uAK2W>UKTGRX<+0g+O5b=As
zQA%r=ARd3ibT`c(Z$!Z*!!lpEBZv>kp6ijT8P%xpAZPq1RSoA4OOCvT?2rKv-JrVd
zEzZO*%~V|uVZZTM7ES+$7KTA8NLlT`tk|aj2rCGT>Sz$`S9VcA5W~3t75PxgZOOp_
zcZ6R^JS102<-P>h0~0td#F|?f`b^_roUkPsn#X+SLTp-6J~;dnjPDEk-6KxsPmj|V
zS$(0a%k@*l{KM|>Qa;YKbDP5Sk%Lqup=qdJ8=3=dk$ovFV@%Gp2B8-x<ECF*)}W|^
z5A124S)kJKI^Jdiw#AtCTCdvC<~mskvTKpJcmv%eEuN{4Yca}Y%-CA5h=ZO2N}v*~
zp+$T{N359{ey>GrS_DhI*gIz1vk7cO&DVhzya`1R?UaTQ1eLp(OxXaieWTz6{`0-r
z2o=YINC;QDkc`5QwI4-y&4OE|8JF!wEQbxo9DYs`dFFR;;u-dVx^D|H4RB-bEVLMG
zDnge-(g%FB6$A)C6E<nCAb#hD^wI9>0aKtsO>OLYWM|qI_^c0p#!0jIhtGg_85-n%
zkWXUJZFWAG%$H6oFKND%dMj!<I9(lmW?rFd9qBF5oV7~*_U70!#}@B2{Cxez5;xgw
zp<kADf=!lnkgcULg@U1g+fn}Y(KUui)?8+)EX`7{R#3Cx!Hj*X$0#*sv@HN}PwPC$
zQmeG!;hJPh=4FKqjK1K&3usBP-JaF9z($%OJ4I!ds@O8Nl9cX!x)z<Fc~@Y`W0;yx
z#4=jOT;Oq@ZOP!xZ5~Pflwu~15<@$eKYJ~H#`_P}47zU_N0BuixZJ>)@V_N!OwjlV
zP*8>7dJH-Bg@?Wqu47;@yxovxqoK*5St$3jy>y_~*!dobMk1`6=a)KEJ`Exc`p~_S
z?j-sjPl3OVe5n$(W&KTMH0nt9J|>5@hgz-eory0Cedf4Im-an5cq9KUVB4Ndkxsy^
zLnP$CR(029H}a$p%VRV5gMqM`S?3M5N5CpXuR#Ud=d`vDyM&;uc%JvdF|2m!0Znfm
z8T24n?j9ee)4=0>L)I`mvpvo?%$dAU*r-oG;UEo+@mseX8Z(tjzkX@219#UY`&qVL
z^P9Nmi2aS&zuq{wYT=t=Zs2J7J&X|`iScwN9__h~ASkfObZY7fovEXnfaxQ}uFg3x
z`N9Q*O%~i!b!Q8#^C_rq^QU-wCP1aVuUrVbW#tVqn-_k2Dp+XF#>M5gTEzBO+J>Bf
zAq`>{mOZKqpOVfx#AO%tv6*H8w(@vNpM2;(^1r4>Q|kLmZ!EVSOKi-PKg7&X&7!sw
zfY@aDrwVq4tbMFzQMnB!NYS}g*8z$vbYsjuBgmGBd__QA>WF4u2Q>&D&@#{j^Mn8L
zwQ4;UHk8EhO@&I&K*DfBcz`2&C+&P#gqu;q5B_^rU|Yn-7lNU3{}wG_Z^@tNh=d1~
z%((F8RQeoynRHM?Y#xNo&(J_X(CtpP5{7+vsE>r<Hlcg9iY>6*Rp&RdB%G9{f7H{k
zj6cw<D-vg~d~GfO!M+5l#xGDJE#L;abS2ISULqq=p_kT=f42C1#==4e6ZN*kAMjI~
znKOb%eW{bFk^o%G@J#KiTu5;~@r*wy-w2mRC8iAJPxYteqx?f*OIj0~AaY9oPy4P!
z2_qr0v<5qf(6-=#1)UKyj&_dOk>u#@`iMl={)Zpz4Oou_APjFhdHMa;%FX_uN!`sR
zJH-UgfBsvdM8j43uAeS^dQ6O-*_xYI_g6nF{!0BV;sa3$oY7^G|0fmy7r7)2=mcVa
zU;TCD<o{pY20Dnp6w&WF-o-dE=kFchw|KqlUnTUvwC3O2N33=@=+b{9IZ7)UX#WlN
z`)Eu3x7Pm~a)4g!|G4Y?gVO&GCdD!?s50Lm>l<H)I$4{ZE!zjO3Ep;>CSPIzOXa&-
zCw!U`%bjH_W}cT}y^f{&d}$-4|8Qd)7DLj2*XD|o@9sRemB;4{NcJUeBsv(#WH(iH
z#FTlo@IIO#n_xW{-IE8$8@?29g1@P+++Ma~;d%KhzZs?P7MnQyaewZeTdr5kD&NbZ
z#0al_7@^L@{F_J?!QZQa@-Xhu{754+8AG&b;fTr*x;c=;H(OG1J!>G?QHzyje%an?
zNQ#Bq$`m`7)`DfDZN}2#`<7Z^R%)al5GL;~(#$s-%1evU&!tRp1x;HhXK<J!i!Z}Q
ztyc{zd-@<qXo(Th;?Ok2NPpD<2tj&{b7@Dq7#y%oXb-3mW-(5>d}zsCa9kqpyDjpx
z^_#ChHw8A_p9H-Gc+qucc-R4min*pUB`;TlWinXORF{xYlXj#&Y1k|ZET?%{KRO1B
z0I%oaQq3j$R1=8egv+1E`(60&u3XIH2wS2bfNz~c2)tpERKuiMh&gR*-%p}xSMkg}
zojkeqBk%n)zMmDI;nhJ`=Ed5RKoDgKdv}y~dSdkM>Hf0<o>T!H_5OAxSYKgzLzEBf
zm&@C`v_n(mtWv*Atw3Hmvz{$u(Yu3V-q0nd-?N6hwXaG)l)t!_u^cDgAm{_pf}ehJ
zS`Zk3-~b*@ZNwQ6wpZH&v5}1&?GH@)VhF=W&sZPl7`(FpRdCqc+fX?ONwlztOL4bV
zn+-%M97lGD=E?V2`W;G{3>AJICz^YR>P+%>29DEga-!l&LlfDlFVGRdj3Ko(UU!2I
z())#&%ESJ%<ZB^{*IfPlVEGL%zk@1Xrg1TLhER0d6~>l=IU7NJyA*t_d+IZvmQYmL
zv-M~RUSw3{Pm<%ba8~*=s{^Kjn6fgS#Ih|e`IbExzQc+=M=o_)ZhwR&_UND(bjfTJ
zH01gr@<x+eu!W6qU|T(PGp^#7<*eTuvtViD?m&@f9BbKqLXl(%Va$a=TXy=f?$d{Y
z_H$4tnzxvX7wa8o8f%DdqQ`Id68)EYg~Z2R=9jPiz{;D?G-I8rmI~cb{Is0*BTe`=
zS?*z(E|(^|sbQtBoAd&DR+A<j3YkC8d`$fp_*vbb4jAWM$PgM(RV`=BkYehoB90bZ
zl|IYWAtS4W{rVLF6+hC05s7n+L2JAvIq2F~Vq%KBvJ~-VjS;P#DW_XcugwN$RvIeK
zc)l4Zd(M{aN=_U46l1g-V4=l_9X*5D-R#m2V<GSbDpk|~qH9>7D-*-6+VBYlP}l9W
zyC`GSe=I4ZSsA?&idJ?1z3?=H|6rvER?mY~O1a^3<$RFL%{#-lQ2e}eOn97-*-2op
zMK=H7yep!|=L)4{jM1nOO{E-FXpbU7m1x|!<u0Rjr9@87PX=nYAGIqZP@phyCN&K~
zFAZ0(s?^Jgo7V_XdrrN~0X&{3NO>1{h;I&G^W*ziT?W;n3z|?=J|+Y3z|jk8qRYL6
zwgO02#t~iGvd5D|uHr|FWNRKa_JT{7Fr>Xh{9D{$ikDybDqO~JymrTkurF3Dd0NrL
z3KizAS~lGMU{ggTW;a^_uOb!8!|)*KU-#Kl4c(Fk9_+r88oL>^g`51nv%KqI&L1VP
z0K80D_uY7!yahDP$HBMzot*qh?p7E6mKEO1F6o<dl4zS6pz-1WRcmg@WKo{+LCI~S
z4<H7iU}{|;LHmKad#}Z5?Z{5ibD_}tai@YU^0;@QN8$;Eqk?zfz(fPcjp^lcM$1Fk
zTic}EZmfSweb6(3F_nBhh&;)c<6h8iE_Y7N8XLr>zHD>RQwX`awc#uTvO+~DS7R$b
z$=3np#v0}m(Y{qO(d|HcL;Z%ev8|v@c4{C|8a#A2P3-Zi04X!Lp4p(kT`z_Cx>^-M
z#)_{WAxIvW!Bux)=US*n(bY}-G~nt=>8|uc$^P`7b)ManDR7r->T%<hPh%`2h`#22
zx5X{Yk*HVO4Se@{Ez-Pqo=Pp@WVrH)2K8wNLxxbTtHrOQ@d*KbiLm{tV4Zie;iad+
zZ^80eiL*G}Elya-+Atl#3M@G<gGVg24*a7~u+Bq3-{~(tUM2?CFkn9dh1GY?GOyMF
zWAf^-6}GGcUf4O^(5J0|RLl)u*B;Zk=^qcwVcM@S6~2wA(%Tu!SE5K#PmOWk?SpDj
zg}9NBnc^SJ`}h!fp=to4eg&CB9o*TV2)uXOu^c<+O!&t!q)z(-S{k$yKKtgiD_3wL
z5;l3WS9XqW$rw!bH{4ebPWE<Om3m?<e>ok0`5nJz2*ivoIs|*bWZb+NGN56;uxGQ}
z98LE?{6t9{O7zvQaaBfj`+n`fm$rERLnb(Udi3X){$~>@36*@9nR}}P!{|H_(JIy`
z)!o$(J`PI;N+rfU7+DV|DoynKJiBJu5+QLu=QtEE^^t@(JnME}_^H9HvuU;4-4j=H
zkI`v$BRG%*`b1=f$4tw#rIl(V2Wwmsk;V<K^hxL2ugJ_q!)lCyI@$s-7i7tVqW8_;
zns=~aBvbI^9dhfl@OCrZQBT&bZ*q5x<tuMi#vj&dcr6qvz$xGKVjRwBugkYSd`YQ{
zEMkpOZh5mHw98EE)nkr4Uh(;=^^8=wxGed_(9!CEtM9CQl$8{3!+buht><~3b?WnY
z^&Xij9%lN=vcupLf3P7}d;P9t;&bDdMk%DrPhjJ4r?eLImqP-Vl*a9vp>Mi@jk%()
zoQ!McP<^)OeB;rP!+Z}|HLp^6m!u*dmt*NZ3M~b}Wi<_`etH;5Cp9834glE*M?tJc
z&c^4|M{X9ug{246O%^4qThhZ(SMZE7;B1pPz-zvi9RWBL)p%6?S;}jXtJw-RE5;{H
zWnA8){70ckmXM!>02X3dFx)D+l;U$OrCbPFW@kRNF3+3a5BwE8#4>fo|BMg{6>xI^
zR_2CofPq{5{?uSHI!UEZJt!C$+7viE9Om)7lP{MtNLDd{`%f!HSDvpls-RW$;k(%g
z&lw#`Is6q-mPpBYS&O4XS$!A15+VcVkvaOK>C-x1n;gDbY~O?Na=Bvxo2Mt@;vtd-
zW|$sc-c9x1W9=KF51|6<!?&*9py~6COlPtb2M!WkiM#R{uA@bOrCw@jnx{m16Omyl
zHiT-Uh}FT>Ym+#E1Ca*#t7XgKK01d0F5dgX*KRj7H^sJbDl07D^3eSJ?dVkN&6DIY
zNFwnm?jv`MdP{W$$}!Zd!I+u(A#gqwH2$8k8q+*aVthCE$C_j1qcXg2Bh3RE@O_D{
zYDtY5-7^Vrl1_g48Ua4khC|aCykW78L)`UOIbiJgwg<F1tfqSMG70Vu>K^l0e$3G(
z1!b%<AGuaem#RWmYM__3-t|sFBYfnlvW7a}ii^r)2Mmd|M>l2*`dW$sIT?B<+BOC}
zF-HFmHvG1R1;o(j8AQ!&Z9O6&WTr;$YF5mg&RyX!BX*hv*N<h~7y)w~qd-)8BCp7o
zqg8{0OWo@tO*qOcY$rkQP`l{aZU0QLrZQ)Tk-Qu4w@xxt*onm6ek>x=?~V7)GSUvu
zU?5j)7Y+y5tL^UEUq<L<UhlE0&+vPt@4oj*d7ZYlu<HY#G4;LIzBG@|bPuvI(|6W-
zTp;iyjS|7IrSrkm3NJPX(+Oh4oa73WK2tR?)&l^$=#YH1QNG4+659G;mB_wx!>v<X
zcVAr6FOYzfg(QpfEzZ=;nF#K+at@)hH(hm1k}EH)XKh!cl2Q5w`&$U-K;mfk2LWET
zTO)|^tEQ=FM$YnOM)PBcsM;?ct_CY7h!qD-?Yb+z?bU6uezF89S?O<(*nRm&9HnDi
zIIgJjl*VyS>ad9*pfB_$<mBJ194|U<Jzl6E+Z?!~Potc67@PIpEh2r0*1tTWcW-4^
zS=8SKOGg)eBmrGX#-190-*evAKP)^HtARSQ1WmQ>Tev8HaWb9mXRcoxB-vH(F|uk<
zsMe3Daz!1`5qZLt#zEBIqysUeM{_Z0o9QuYXuF44>Es6a<L-LBox;><?0Hm<WMHAu
z+u*6S9{y}dG-y7h#TJd49#?r8gw+)7$aRT&rV3RLGPw}Rk!m#sH6L`Gu+7L_CEF^Q
z)=4gtxECB)DV5;#8lUmR0%N7~@l8a)iF@v-zdwtAs3|!$YGn%YLerU5&#ws%Wp%H5
zGa^`}!1Jp}jhjb3wps<Z_{EZ^V%Zl`8^<C2MohD3$G%p<s337Lk3xN22EvFI@2nL9
z>=qpTbG|H}ubZZQrlYzMvUo-V(a^vVsEbP<SBn(_y{Rjmi$5~X!y+jD$z$kgL9^Ns
zgHpS`$$hq7ntCYl3xak-yt`ddx{o2R%!nagFU|LnyDyW&H-!UteWqOPoMTR}p1LC#
z|7jO96*hmH?u=jOar5S5JE4NlKhM68Fne(?vctL@ds}x$Xx)^o^Szq)$=u{9y9m+^
zws4t-(hhy7KiN)->AyHq)QH0zOBPTq-%q!B8eAz|*%qmaGzMs%lLC8!emN*iEoWO|
zw(QCqr#Xprf$~@85g0FZ9gOgzd_JQ1?np7Km3nC?SE|91v9NLSbMq{O--U>>h5=si
z-8Qu5a&s;pO=sSE_?ZwT_uX)>6s9zfL%t4X7$;30qc~}BbMLI5dG3Uv7^<VF40zRj
z2pDoL3#s@JV#nIN_P`tHOE|Qi;AN>#iB4n<c~M14tycl&5&#d6<R^TYU%B|1%C^`3
zl7x%wi&3!Vw-M23d|Bct*MuGb+R}k>4?b0NggNp@U)#O0G`ab)dJQ-X9`$C6%C_~o
z0kge|cnwLP%vREGdC6d8JFDgnNZBe1%%QijBJUPj=6K_BBm7#y@|-PXU?GxmavSeS
zG1Nv}b40u=Y@IrS#O%rscKXGa<FCWzMWk0-D&HB9W{e*wx7?lfg?Q>pg>dZ50Ywh@
zxu7<9iJevmg{CbuBae?>;%~>JFAW}!&J%MZ0&1zZ<I@8T3`r;QC}&Z_4uHQb1or<d
z1O*gRfHw79J`s{=jOi@aS<Nr<FPCoDg&y4s;TYbm2FTO4AdHmWojo489_CgQnCkM+
zLn^tFUyc1*vtsheX6$IYiKJyotb=rf?3bgy(accST+8Q#jF1g0MP|d^xbK%q?CbE~
z9c!^hO*dkz(WQ(d^~=ZaY)dLMr7quTA)RtNwU?0xMUNwqd33Rv`8;y0k(nF1(1sN1
zL)g-8Wa7=cWYfcgY76#jALui`&M~(>q1`7~f2!al%2hS6tsTJ~YpZA#y$vdoc`_i*
zD%7UJM3#yg13U1svpB_XRNRSe@SwDZ6&!i_UIm9bz{GdXs2jzgx}@0n&8iasWqxtm
zLB#F88<di($k#B?(eQ%YcPHqk5<q`TT;-~tn$SGYOcq@#hTr0vLHsn0BH-a*+1`?I
z#MeD%S2s8~LJx~LT0^?!Sm-(4@Q^hwS}>B;ah|1A$&J+ylwnT|*4gylE;$}I#aQrl
z4I=egjeTH-wt7JAZZl`TnG=&Cy5fa7peSD@|M{yJX%si%N2B4#?J@t>ln0EpF`QoO
zHS;YLrNCRpHqn?NhT#1euy8ASe4G~2BUP0x)IZK%6AVs)Won4wHuss<ABXt;w7nb0
z8Lcadv-I{m$lElbi~Q$t6qJX#RA%Eo)s>3>6-GLsHh$uHn4!9#-e@7X7w(Mp+&<*4
z#{4$|<hX_L+7$k8_uZ@b_Wv3mdK>F-o&BJ8k}<ldl9599FW{x!yBa^q^}dQ1BqWV+
zdOGx(k0_X=P4sbu=lAo?v<$1qTaG^(xYM&b;~Ue(;W(`~ouED?F2j_|HabGS-k1E3
z4o>R0j(UDW8Z@IcmOM+=dcaHOiBv-SYx;{l(hY^70@`aNpyLv1b^T`>y{ccvXN`Lx
zE3^K;JbFzFC*HI)UaAiR&|VR@Sqprw2|7!0X5-a|VRZu2AGH>#lW(&pIF-8iiA*Es
z9oB>sOdIGChhhCRaeJiTE#bNT=ArCat~WNwdbX5wevD0-4kQ?3SYinAJBnl;>A*H4
zw;1DNxw<(72aZ;R`Kh=(o(YWIg!gI-<0?ExF&14JwOQLEMrM=-YD+G*MmIj7Exayk
z#OYXVC@&o7psa-i`LLx>Si4P}ilS!JupA`Vf9o4p6G&P(QAy37EBwXB<1c4<QLD?H
zBITAa=Cc;OULp6(^3=F7GYeMl*!Pf<h_t#)dTcy1HYoZba8@F2KmEH<VWY;W26vo6
zMJpQWm$j)ai`ESgw}OI6hcgyiuW}d$u?#cYDB|O*3zgFeXwC+b^8ccK<+OzX5$GN5
z!C9`NQ>}))&wSO5Ez_*<YfaG&(zE?IU+B~rj-=jncRb2Q;ZLt`dJ<8FPr<Qhn$wGV
zVp)ow+e!&eW}7bkM*CT~<|DS4iCFC=%{`k-&DF}PHRx_Uu6~qV^Yg^X)x2iQ7HYO)
z?}KA=HGLmD8Bg&&Gn;6)>B;YIO<plkhaY<LRjhVbY?Vdodc4UW(XF$0VP<m6G+OH~
zsZb15D<!v9x*U8u=emYldL86>ibh!u_*K~4q0U&nQ?`;vX=;3d7{Wi%)ak<r8Zw^S
zxwU}rTf@23pn2};jI3%l+F$1*!oes<{&J4;6C*MLf+Zd7g39!x@fq{6Ke;`-ktClH
zSo#ItGg{s0!f^Rsvprzk68;Q1{QEE&_l}Gm-#GzaOy3LZSC1M&-dXaEMI(@zwJgbu
zsXEOYRhd|y4FgeU@>VyZ)~A~S$7!=@pF4;NeVN_+=%Az9{E)vRs_#eis1ihgdDeZ{
zfut-p_GzI1Ai>Vj`N*RFyuFvtp(aQ*cdR4qGVdhawd<jm#s>@Z)QUvV;bdxM4|5kb
zo28TWcq@PIg>G`|Zysa`5)EV9_M?T=#*Jv($~f<_O&$BraozyvH);5Z$!|$#&k05o
z6gIZj&NcyydaBe9+gAx*&%U5t{LGcHZGJG!Yd+E=JqKhaSUO@GjY^kG?#<rTot3!X
zs)JvU5O>{|AAT&c#hJ;ipD&NVl|VOTN%_!zV`GcEA+qZSk7is9$-nfZ0ZwMDNVk*N
ztO-$R;&PS<i8nA>-UM?l(KJvro8T-TLw$~_`oPc#`6RLokb7xLxJTpO%jkbeDJ)xm
zDtgwz?thY~w7d*UpHs8zQ#u22Av}#-3L5`Rn*+8qdO~z1za)}y@IYmH+LjSF?k7I@
zf#}=g92;WfOR~=t2d1pZzZ%GKRCmV`djYV(9+>=Xtk#7S1dhC$SBcbtf;BoTY_WN&
zT@oEB8O`F&gIsIGGh_Vjgp69hv~Hb6lTxjUgVsN#W_Vqo3!wqUwlNBNH#S3ZUalWm
zd%sp2uG94K%C&~FscpWFJ8)5{4QVD+K-{1a4<|y<L^lF<r0iFmOCWG#yM1boSeYvx
z&5q4b(ZnW^?X2f<qMz!ao5jk_<@rNg;^ED?YuLv0CjZ`JQd?Sl1d_pYaYSK_<n3#l
z$zx*g%5YML+-Rl75$ZArw)6s%PRuC<IR<f*@flygVJ=qG-D%E&+ZoDgJByr0!J<;l
zM}b~%s)rjPp2EUCz5bt06<Fd$)r}ZC)${W4)%SR=*H*m&-!7kT_Py{U9J+En7)ivD
zI?ht_kACNM|7xEVTbd(noUnjrE1d_%@+cge2g_I|CQHOlYjPn8KSMC=Z;l3g1PDAF
z&e#e7SzTVhNE7?PxfIWF;?$PCARRb5<J4qvt~TD$^@mT^?Y7uzf<wD-0l0`zjuqsr
z0;vh{Dd=#non;SbqOIBiMr*#^okVYB+*MzdVy_xL-~O;6v*AVnkiAxXpD)4BzE!@f
ze%Z?z@EwD3S#q-@T>wZ{X%SoiszX+YxKMn@b??hzLv?}i=}#FUK6?$NW$bDE1kK8i
zuTVv7FXSX@!2ZLh5c|snm=J%%rEz~k-T9i{L}1Yf*JL<f?n;MNJ@dzy>%0-t6=--D
zh$(T`>klk0gny-|e=}o%eyiBg$Ofk7;lu=d+)Z~pWEIb`!bPSWr>nlrDQpant`=Mg
zqZmQ@pIU&DO=b9_)=1qpf$YVJI}e*Fy~|!LM&&;4N`bmEC`}i>D1|p@l1rWMJ^}XQ
z+A%W(oO1EW4o#oSGmN1G&41||Yot2T2aFilz9nE7ZqRw`(;FpbbktplsJuD~lo{Vm
z9S=)T+0r*gm&ALKg{_1f7_85>o3e+cm|oZ^ejM*6qecBig6_1XC1?JDvOd;12mW>Z
zrt2(A@)+-l|Kf)5hwzbOp53aH+G>5Z+&3;KHf=99(@vX;Zz_B2#kVvuALcpVM1;+7
zo=H|Dm#PA{Tj$!h<{9=^zO!~UD;amnEuK9^@Q4smQqg7f5QSE?%aZTT;0b%H`K$gd
zJimD+yGg@Re}W&C*)2X70uNInC7MZW^SSA<5s=pXyuEjDmeLsq%rb9x!qb8b-7uHk
zJKtc(uWwSE=w{_~PgOI($-M__)!buUEI*Way7uQ&Y=;y|REh2*=&2C)<8jZ5nBaYw
z&S@TY@YUlES~@9%sqU}lZ^3*awMxgU^uZwY^-D!UGf*<4cdfN`v>98Fiy`+NQrIkP
z9p5cJp`L0WGDK?VZwdNdN)l6u$CXqpdJ#^o@hp6Ca*M0FWM;ov#BIWr8jJq~*3#~t
zDQ+i|@7lM7ziQigwehCdw5yl1Bu}~mUfmGaxDb3vU~OM{B*PNT<zRmReYk49bDm7l
z<gs!J-pUr9JuS#p^)a<nhI1Krrgw!rV>`a7zY_n!KO;*(Ha^LGa^4*LX%9d_It<nz
zWjc_~o@fjeZW}P-Zr@ghFMdse7)jLsYUfM7u`f1;jrETy6q~lH3SPhU;It-)yd1c=
zXG)00IPn#C_bu6pIGVCpq@F%n3@>wgtA}gSp?|yuk{(aiP_%A+xx+Oa%rtx|?}3Q!
zny}~F4bi0E7PAsOqtpZEUN6hbK$7>VBbEp+{QCVSqsMdM#=Nd@5f*od1c}wUQ$b`t
z3H^}j#*qz$&9GYQW1$7+fcR|v+QQxP*|Ap}TW=sL0TKr<32k(3w`GE_9lK4)LKS5e
znadF@;;l{hm|YH>L*|{OT>Ek&a7!@f5Kdp2=NFmrm5!^6N0@FzykmGW3|Z-FSlgje
z&K_9+j70l$SS@b}8jyjzFj5h|dnV?KuQ3(TVQ4TL3ld;=+Y71M^s;KXJ}%5F7h%{q
zMByO}tLR39N$!?x(v{9|Tz@MY8f=Md%uKrmn&Wid387u#Uz0fYXpl*EiVYrYYNCdw
z#}J4Mk#+6U0CsiyncwjSUlZ;hKBF`-U-ng19R5$kIrd2Qf9F2;ss6Fd-@%#=4*ply
zl=|;_oWD1t2K4`(8FgF%T}p|7ysYzMiVrF4_ASHZ7RW5Jh3t+@w>D|8G|?}q|JQmI
z-41DN?r?pU!JIA`v3N6zw7=S|p&3oScr=No%y=V~iZ2D@{rpu>ayeQ9pgyy2dcP*|
z<dSw!WBD-(k4wKq4Ik?cL9ki#;r=u%T>x)%oUGXonv~a9HZ^mO`ro}$$wD1#evC(M
zdDp@l@_DS=Pi`-|@F<p}2`OHyeXO&mRZ%<8h@W!G>qhI<ZbVn7=3C7S)>-ikOsQJR
zW^bhRjMT>k$)^+g#L+0=#6P*rcfLHRQw8LHrfd9OAu`x!^YeLH!dagy?ps@~#{B`N
z43`_<*WR@8quJev%p@+t?Q2L5frXF@@;2;^<DpRBkCE2bs84Z@Yn<{`Z&8Te%2nXG
z%jr0$C<BeVZTIFEim(~?-p`b~;)&$N$#6uC=zCK%Hp!fZq$%b!;b|k|dJNtVeT#hk
z1$k8s>d4(CZG#hC>2^jiIWlniuC2EpC0NT#1#ew)?~BB##Xa0FCF>AJe41&|q&(3u
zR^!BKt|Hfb<GQnMwn7IKa`^bZ(yS${<s|AS<Je{zj4QK;U6zcsru4%xC-bS|hqlMA
z>%*t(WQ$_BJA#s7nK8>G-$727L9g1bZ+`fm+8r9foit<D)!LBlzz%&0iKR}Zi?^B%
zq3Lln6asN3lIysB3QFj!P{$0PD!*|T`mah|o(_MGw2=<Z6s>pK>S1K%HU)cbnQ)kL
zC0wfyqCn7Pa8Sn#g>o}pWmKb)7+v2`9rjo+9Jib-MDXo(j7X+V*Se*o1SQ-VTYFpg
zKOj;Zy<<#t1q^Qj<KX5b*FG1wUU1(r=tz!}Pc^lPfoeawm_HPcEZ;3Dv=_0$z+uJN
zQ*@=ag$2^0Qn`9bgJ!@^C9{4QZ<Vi0V5ZAN_PHRo{_w(V%xQ1o#^qwpnCEjO0(g9c
z-T^*j@M`r|n{|9PssT|7BUp|u65-fd^P^iy94XvFBj<kBGWUJrq3~;2XbDSch`PQf
zIM#1{3LoR+^xp92T;B^mzeB}d1f{qMY*5F@K}B<A2ps)zK6=LF$8&ui%*oqj?YBc+
zgFcHMD)0A&8`!axza9u>IFjk4O7DZggA{!J%496?{K)NI?k~24@n5~eLj$$S*IDM%
zdo`NCCJRAH4ru#}zM44Bd4B3$ha#_PNq$$@XC9@3nUe(gT2O`JnPBp$Nf+w5W^TDp
z3$yG$41Hd4IHDe9y|&H|NXIasPt-P!W5})YQLegQ@U=XUYZN`;Nxxm*v2|aL(B1a6
z2I)6Kus$*x<?vHGN%)ioryzEmTS?~5;a<$NkaC@${}jH10+D9=aC4|EP)At4wRLW{
zoB(ZWzLAj8Q~0SUvWPAwoWlDU@pK<0*-5?)cV0b|#d=ak?#>gpf>qy`i!-k?NZvuu
z0QFWSm-flE8%N89_s%#&tMVR7qaF1)3id84ET65`4&n4u#Ox;#Y;Jfx0BmQIX{qTC
zr_gj3dh4z@Sf(d=_j*u!bOCHARXu+@s5qx-S;)wSt_fP4wEroGe8#*IhE66c)OTv=
zs-rM6^!j0EL>?J8PHu6E3N%&HszY@Q(zlN@=>s&`fYnukw+MEhrAwD4RM7`W=7L+e
zV`=uP{0wf|9^s1?B9ajo1YUDdW23m{ZF#xIx@_Ty&0u_OIiE}<B$CM&FE!a#ChL~<
z*X^<)5SdCaOgKnanU*k{DVpd4vdR`W9P!4c9lg$xM{bxad-%bJ-AUmpvlq+T+xP^S
z_G)?qUPPk1-~q?=J-8orhI%x4g}SC8wQ#l82slTE!{oEmsNfr!$Zj;|xYZop&F~fr
zA=YlbE&mbARxZ@%ihI$5D3rp~dRf4M2bm=OvtI3VP#2F^$#0CUUN)m^=t;b~boIzN
zMc`}oYf|$RNCd=)aFEi;ljhqmUAo1&@B$(ka=tDsxv{;9a=UMF4LYC9i`Q;YS%F#N
z%Tq7h%y#5`C%Mp9ZC#;C&9nKZ(y|X$_ZCKYdP06<Or;v7m<-7>Q{dKI?3Cl#dN<G9
zJ0TH7dSXqJuGn|Tt*uCqJ|HKg9lofLF7&DJmfc+o^Dp@tWd?%E9gquOuGr^C|5fge
zSJamZ*-d^dczgM1_rm7Sm%ZvM4vw5mXq%FpKkj=syT|;&U3|l{$K)rR_o#eJpJ=2h
z_(r-JRU6$EmI+6Hm_k*mlmz>&#$q#Qyocqtr%Y1U6Yh3PNAdOI#n+`pEa%I#<l0gw
zFC1Afq2dsThVJ~ZD>&9FEfu-ru+oBj-6;vxvF9M+dWqaq4!cjyURq_o(wX=<YA*S7
zvKBhM+6+H=Mm>VJcuOCLu(h_#(i<3_<UQX&9AVDGcpZjyncJ9m4zVk|kh|yOaZA*g
z2>)E_1zYNW4Pb`LzEQUKIv0c8KEoYO^jBv8xw(GoTnzmkUgL&y{z$(@P~^YeKTQ+`
zy#6HbOm}!<Mop=H#Jt;!$dT$<vzcF;)bGp0IT=$m=<ZJkx+j_-DSsHUc`GyzI~Te<
z6xK_RTd&%WY%K7cNzQTV<r~fgc)lMp9|9KZF}5@wQzR`Q%ux$~!<T*mKUvy%Gd=KF
zy`g_<!CnnBYFy|_4tey)4%kc|Dq%z@V@OTgo9*3oYiO4c<x69A%jk?BM8egyXW-rx
zx~@2sx&w&kmnKigzLccV+)+$>RP*3v>U*9xMhjo>RZ9tc+A<d~K0F_jk;VReg2;Yu
zFGp@VC$!9aQ>bH+2{WYCyVjPuo7Gmy-h}BRXr<I>P>Hsz2Il)nC_WcJk>8mK4aMl_
z2&>7IgXP_bMM2&j9mBxKKxPfmdV^D23i4FY&HL8zGW8=Nc(~AJuR5qZ-c4v+=sW@A
z6ejd#c>RnHnttTpWY~LInZ1j@%^vY{acDJdF)7-bQx|_Jg=us2)`mJE#r)p$v>Bxo
zpI~YM-c!xv!qfb*S}JNxRQ@6Vi~}izmpDH2R;J0QKUcLwKYuNxseYDl3E_jXH$oDb
zk)TJo%R~`ZlC{(g44UP{!rOB+%H^c_^cvq6gqKsZKrc%vK7mA<jFL^WvH_d5mrsu!
zKT17HNh3B{E77ky`STcdhP-ww`n3GDDpto28P<fe7=Nz2^&TuX(cSYs;(uS&?~AUn
zLC+CPQca&cd+iJ~g{nHfLQ3I$#n!}R<ReX025Jfp;LW=he_n7^ooDMMYZdG5GUw9X
zC^{qdCH8*CZpBBE>+KK(UrZ7_OF*Zzm_TgL1hvuD@$SZ9IKQK0;=v713Y4Jis2sz}
ztap^ebl<1tdO?kJM{Ab~J?Ck%qxShX-nOmZ|F>0I!?dTe27QY?TU$D?nSJJd+J8E?
zX@4HU;ud9~lpz^JuPIWqbZyZ^Vj3#1)kQ0Wd`H@dWjX_uZE6bridf)6+ZFyNhxQ&9
z4jI7fpWV7;ps-|=aLWwoVF$QB@W-{t=h@mo)QvNhb2z+^ls_L|f;uyb?l%0Z`E;<<
z)6B~{ZpG$jV@%Zw<s~Z<De|7EnxhYcT5@vDF*F_h6ioq3hE{&=FXmj>NNS8<Ex^YS
zgWpQZ{;M$@0FIV9q5tbizt^;y??f3NO?dvRl1TnP>I`=T@#e>L*uGV~1g5Y72yRP?
zsCGcAfaAOSVbWQOdL}k6+W8&DYlbIbcq_5^g;+v)f@}nknw-t7|4!lPUjhf{A2$(d
z8;ZPT?1SdC6DXOC#Ho<qb)Ou4{lD4Git#>2*uE`i9<Ikg6?(C`S)l5z+P(*o%#vTO
zR~+dM$Z<rdE-&$wxSRODmN~<^v#Ogp0i~@In?S|*)+)yWSy|TT<AzT%n;qQBt9J~`
zsyK>E%}*TkBkq({_FKau)UYdH0X;P=xo1}h?z#>{_&+uJzu7+k5x!1^3TL}>q)_dE
zM<aNHvVs*&W^zV_>DwG!<FRxbkN;XqBq$n!y0amq@=)-MS(jeh8n#l%S$Q$Y5y^Pa
z3vI40a1CdulbbZ3l+aKnBgcr}yL?-Ry>&EZKW8NRy{J=O5pRs(0tFb3z<9kL%JUtY
zVE-KoOZ+jx@Q{+%>CwrXPk9ACM6>mw)z+qcpF8UKD%2#?=naqHzQ71ZyosB2ne>~(
zsMp2#X6{~JLR}EV4>@={ru4>0-BPRd5vFc~WW$~K{=FR&Gu}zePq!a$fp^4fArDNG
zD@j#Ro|TTBKb(wN-mUpEId66P1o_q#oYTYJ{YAGL=UIQa7!GFn%Dtjg(FaxY)sZd4
zvh`kkEoh%55lwx22M8d`FYfU4*QNE7MdV3Ad2uI5XSdKL!CgSs$kh2vyh0gSBaeuK
z;LmyJ-Av6XI(H8A_e%b9c<faWc+x#sPd@pT1*SKC3uMUCQ{+|XRqc+2rV%};4682<
zP~hr;?eg6=<ei-OkYjxtTlyngzg7|8;Sws~zIzHUdYIzd4D%uSkahy!1J$3xXwJ96
zKaaKS)fjd@{rZXD*zzTmNW}&|a5sLh28>o9us(ME=)>#I4|DYN)`d4J;eRA%8@IVR
z@+6{CWna>yg)`-5SVpc*EfB<-rYdlW*`<`0JtR7R!A38S?loDg!ey6p{Kol288eU$
z5$SZORexxT$_f&L#@$FhlH4~7&evSo?1b!XK24I}x36)_5;xKp>J639glI{`tf{gF
z#q(<3h$A}lgO5Po4KD`u?oJT>1-1%wH^}*!c)zUdU@d{U_8IT}lTjd(GFRQPyc{@u
z_VAwDW+INrNaIJklljC14_b?bQZBB!!oe)<Fdg2wEW(Gt$}=-XU;&ze!3A~H%tZZX
zlHDCwnYYO>8WCWDhbnJBCE`YfoQ-5gOZY5(tK(yhvw%dnpkyJ@Y1ay0*AM23n$1p$
zi}`a(7g~*R)%T!hvd7Zrn9!F9H{&yWm3=!#Bfp>m{tizlczgsDa^fv)vhQHloef!a
zj!f5Y5PA^-ytH5FQC!ag!_8->aaNzv9?OH}Vm_svt@oyK+i^eGbF}ze4FB4ZZuFyq
zFM~~^?0Vzr3~OR4hL|@pe6V%5Wte`&X^sh1_x1m3`O6$+*$axzkyv&0JoF-scmYz`
zv-><E!J(GE8;j5#%rn7%lcF>Wn(;bt6NRZ&QBGG{KX}Y|BeRn!kI)`})e{@jCRE6#
z6XcZ;{-m$#4I#L*q4T1b>70H40H)^gITUH|pU_S0TP+C^Adt8H`;Y;{qI?_zsGOXs
zhYH(<v75a_Oh-D&jg^5u!BD9rEBDHgWh>o69w9G;F9G$`p{o?+Zjiim-H@`)F6^tX
z3k^=0K<?a#uX|QhWqp$c5h(8+Nlx2vu$^YxMd>zzt9-bJjxU+`L34uj3O;2v;3)N1
zrNA3}n)pjW8?{;EmSQ`LZQ*kzE<<Ce*gBEJsx!}|+Odk7Z&hdqC+9E2PZ)HcG=_`k
zU1!aDp{6W;Ju`>zVb&$si1s3uIe-dVQ#e$1!5zO`k-5-<XO)aMeMF$}4!;78uPnsH
z5I9ePA=L}+QLFT&2*RL<^T|Z(2NATGg+1J3@X1ws7zY0i1yo))`l65hzCrn|MFtz{
ze;Va9eEyP-;3XkFFb{L)3&O|=B?tniQUpby+-c1x$`)eV0jF%>2FrHokln3Dr3+Ij
za=vpLLTbY;QewMjTciw!`35qq9?*t@EwK^kps<5+?`mL+EC|-8y|JHCMHJ|klYOFb
zpC=)go#y$i370SfJk(1FN9^DF_-(;`+~D4^jCg~k+VEUznB!C35ENV6CUvG7U%4(m
ze35E`jtoaTF~ynmj_J$q_ph;Ynu2bWI38o)n2=s&k3Z6WTsa#?n{JQRDOM_X(X5`U
z*cDZqP_<sFPTfi|rC!SEYU;Hw{%jGU0Kl8GzeKgc5!yMwWs~H^ka$(5rbD-$%`&qS
zluTLgVyt)}e)fUJbqW1dlD>Cq*9k^Z%ZNlz=s&(E9GANnusyU0ipR2Xi|NrG>=2Mh
zPwYercu%I%aepwF%Dl3JGhj4HLu`@JuHQO$(EmyY<=c*|g}0k8?5Q<YNNUYmI{YQk
zrg6LJNHfjA26p5a;na3L(To3*bskaVxDGezA0uEu_7v9yP>2FNLQa6`9)?Y((C9AW
z_JF)8-it}VW$<<1x$V$uqI9!4{`|r{HP7J!OM8YlSnXLcW%@`w^oVDm!35H+BwFR(
zooyde&(>iyh%^3Bp>L|4B*5_C=%!hz@xcp)s2;ElZUL8SRsvBC2Yue677~WH(aX(b
zO7osFgD;0tE);QkgG+786OQ@?Qo_EMeoAY`Ra=~7JB+wR7?5<=nT?d~13oX`m0iA9
zT~)P{j&kbVB%cjafZ-`0vR9HdR|}WW2AQSzPfRaXTPW5XkoH7b<DkdmugkM#4q^S<
z=fEd(6~SFaLAl>+dLDw<i7DlULY;n~){@Z^UvnWsuDtb0l$no!!OlNYAnEDbH~_|(
z(1vF=Z*AKeQ1rx~e%_w`9}bdSOVgG~CI$b6<3Y_krdn-;oea!9bgNFMA43;fxGV2L
zX0=?P?biYOS3FWf`dL?VZ+-UX8XL-<^!Y#Jpi9#cp%~f6F`*HIdiWI#(8d%>SmD#)
zTV{po>dqH~t_b({A#EwhDD<{(4;7Xm5*Y;UDnC~nP8iu2LClP$5hc0WU$b4G)3}!=
zZEYZ$fs*N%+38f5(P=b67T<-aH+R~wXWODdyYQ;_6p^T~7|g6C`8MV|MWt6&EQ0(%
z;qI?ZZ=y*8yDP!V`BxU`OQ0PE{vVtsN-Mp~54eI?ILe`JW>#IFtlWP3hdR+vw;*n=
z776YM(|^KcCe1PjO5h2TcH28iQhMy*%9%HBV6CUb^B+wnc#7~;<=#zsuUX>V5ZZ+K
zeWSh2BPCM`)pAp(*GX9YKRRSLH8=BWk;Vt+6hAQ1C6iwnhTmXvhOSTDcP$4{^&&o1
zY#rlr1Xb71x|{Sn(zIdLwajwOWewM1T!KVBMjI`*+_5g*_^Ff`?e*j}XjT>R#X7Yp
zFK63R4{Mg(x6DmF*I?CC%;lU($ii|mGMslI-&b+g9)pkb!>R@l^TOPM#jGL7LDn9?
zmxHZ`xvei?8bk$(+&<%34Sr5O`#?|HISzqX5!9Wcz)b8XUaQQdau<*l+IhkOJrr_s
z@C!)G72Hwc^P{`vS3d?}DX2C@XG_}pMU%qhm&mTjaTLhuui#Hq*q0d2FhM>X`)(D1
zcf32`HGcoYgS&E`Mn#lgh2V$kR90)G#J^<>1lAB=%Wz6{rHy}D+V~~#A#)!@Xw2Rj
z>)s^*@duX8Ki^M?ZtI^Nf-a2--K!#*s;fv)wC@FZX~+&a6ZCgi@X1t;r~EQ?kODqI
zAte&@RF4aqtlk@&Xtth5TFAYay%0}>n!(;iavAmU52k`Sm~2IRSs)Cx3k0k2kMUto
z1l;8+yOZr3C&r`?4Ebio#u;tmt7OK-_=<jKP<;codBu!Zy>4;6wx4E<Q!b4drgb}}
zh7>__*8<{1!uG#xvwas;p~AR{7g6NSl1eaEgeE^&N1llMhQ9|0sam*b_w^ew95OWK
zaBItq>3?BzU0FMFT3H+3+PGNl--~l<?~|V|xsNbb;bc%d@~T&Ab)v>N<CFVNgg6)6
zr`64@87knehIdym^aG$9ET2{mIr_#S(!KR@h4TU;zm-RFjg5$6id0lcx4&4bq`2v@
zsjmqh2?9yGTuq>@?yyZR)o=Nm_6+un7ME}x-twoVDxc(lTw2Sky@DY&=$0Re&);q*
z4?!%?p)D;q4=lpBafxRDjQq30m+X1J$|uuvCri-s%>v0IN>p;<rg@INEo`JT4<?6T
zCii`mQpwhkiwylN@6r75ZZ<w5q)-ufsUA-1RC|7QbNQZWMec#86lgdJN@UsLr4+HH
zWT1Mm6Fgah@E%#d{P`F$dE_v;pE=n-retD%5EgnhPi{lW|5W5$UBT8|Gkun4az^p+
zeISL?_H&$=r+2vXF1h9XCrhbR6$+NUlcxTTX%B5J6uLHUz3>dWe2u&~jC_F`XX+17
z?;l6Mw^w8MDK^<|CX-iV*K5CI7a#{4{1noMtm3(4js_!S?sKGBAEj<srS-ze^jR@o
zgukKey#_Ok;}<qrIB$N5p+|Cfc)OGTea9fzwthU-059o>1Mr(h{z8?~8)IHjd|XDM
zN>%-|)7R-Lo=%QGgV0BkGzD*NZiY7pX}|k*IX~ZXt$($1qIll^_E>W`&_6#Ym_XOZ
zLWSIVYig}{LLTh(<dj4FeXGNdfVJL%0P`dhtMv5kYO)Go>4X$9R34X#&Uo1T2mD$6
zrG%$`bb2rx$94ca^~zC`Nn$U&nJUd}qP*$j;j5s$sk_;*(O}|~qF`NgY$753;o`rb
zD<+jTGyYLg+iW>eyQWw&LY&?9miaL9{j{$s7`Pf;KYk8VI}iHZTlK)X{T%dBbx|*)
z@%-uYwcyo?@d%+j35Doq`<drJ-GVQI7mcjznECWxV0W?0XV2CW=j6SpKO|CtzLhJI
zg~SMlKYZR5df7KXcVQ16KFsUQ1-sF%B6IPhRsEnwS(dD$L)4}s<*$FLstkN)Jizvq
z5m^-^1$rqbFxMoL4VFzh_&nIayd084yz~ng{UM?uv<pYfh{Ec|Ze`lt>Z`YS<B*-V
zu8YQ71Os2_`Sor6C4rh;8<NScr*eILY5B)O#S=C`e!HXXaR+)W-@<3{U|QEb<^}Jo
zDso+$e!yI0Lrk$)AZzgol_De1S*cf97o*__63v2C`}<LbYWB)bR<uNrv)}$`68s+w
zICGE#PE^XCxV0t(`%8qQ9JHQ$9A%3L^JYp?OGK7^HOW0f>J>yn!ReRkG&QkS%}%Ft
zGPHLv7nP#YFYD#nHQcOrP6ZPZ>UD>2&sv@J@XY4Zs)ui$ri~G$s)iLl!=%NWeE55=
z^&D-1@E)0zvd*KsVux#2ABA515Hbi=)xHhny0ypeh^r6jQoNkAxj$?V&*y}D=OR>G
zA`*Oz+II=Bl%^JCx8vtrE~k<KMftw6f(c7{%8Kk(M{69hUMepZ|I`BTvUaKmN_bFJ
zuGrSmsZP)Qq4HB_(@v-B?nT`r{Z#^LQbOWzoV1^<7OTn4YK2IF%HsJ{pla%nS0`4g
z-?57-BSWuUS{c1<*|n|axOZuM)({;m9YINh6xM+0s@m9#rcA{x{N(8Xc$61|m@Q}3
zY)bsC<3&?z){0D`9G7Hox^21KpNSh$8eTVI3#g~4a^*%b55@dihTBc&A878Mnb0d(
z2xf-bigp3o6>|}$hg)U5D&?2xGY#WwJZ~=4+Mv@%51%qT4S*DF-dg^ybAID9CIC1U
z0H;30%|h<!USUe|psgppR;r%bqf3ZNI@ITXB-W&XZ{GDBs6BHcFtKR7hptprpi}N?
z0OnGnr8u=oVHv%~?USe^4OT3shmR7s=R!7UpAet%k##F_OiG=5wm26Cjor0E^=@vz
z{An2=h|@sfX>FhNDdX#6VORxO$-JyyobkLQzh1w3AY{@^Y<NLwitA&ZIgSlK*$oi|
z1gaI--_%oqLZAWC1{eLjBkH#g5jp4tU~g%uk?!hou^(b_D{RV>YugX?%8Nniig@A@
zh}SNwtTtUf`qa&3pzy2s`7rkSS`V=U3NkO-6Gm`7^d#b1Rf{wvP2U6*?d)KbB9-HA
ze}*&%skS?J&eq|!-*ZRtk&h01{dN0vG=HCNBXThnVIAzD1x7UXt7v76$K{n5vq2^p
z(sb`l^2aTXr~NqtjyQMQYgBHvtfjPY_#>n1RN4)hqs^bC6YKmdIw(?Lx!SQ*##6~G
zwUbz((zk}?>L~^1C8y5HD`}Q9`zr9+&Q|LuJ7qLY@41R3@bPfUIXV+*Afqg6reU~i
zhHOmwg%|Kk+utuD^{O@6g#RfDlFm~I4e405*oRt74X;oPA!o<u;_H@HZENh}o8e(q
z!J0Kd<C8yBor8k|MC&HI1_67GlNiF<{dkFeX<GIU5yjw>I3v@r;u<_nA*b)iq;jsS
zwNatH@IROb)3`<Z#CLL(=PLxBXpgcbWKwf;|Ngw0>d@*BanJqRV^wx9-J}<12FZ?&
zbcZB=ZhU$mYWYVud{Q(*hxzmSdVLaae}OUHpRR#2bp4;#8ib=aB;bT~5n1q48^=rW
zNDfz9lgO3dY1xJsYVR-1KLAub_3yGkS?75LEj!<!uBpyT=2C4Gg2xiF+p2>(GSL*k
z17z2$nTwv7qa4Fjtjx%dst6wLWHP}Hf$t^(7Glx9z)BR@JZWw9(JOclVYH`IiDrZ^
zWaxK)+fWb#^KDtA{QVy#zgt6A8hrixf>p()hv>n^JL$R7R2}o0qRT{im^Ic;1{H2$
zyp6yj&}}FTm^0$vZurz)b{G-}cxx<)iwz#Y_M7y}&q=pYS{wIakhu3#MLlkPLnIO?
z1zWpOByZ8yWBGd)5Ok_1P|aQjEz&I9AAMLNN+SPPcV8OLX4kddxsNLD-bL?fahEDJ
z)(~p$q~<YVCRMXgEkaSD6D>u}HARh)gv1mvMcOJ_#2oWbEz-nHBF1>ryPoejp5yzz
z_vicLUH`5tJK4GRUVE)`oonrVam(gO(mh93%=P4jziN~S3%>cJ6*gTSoDN?7F3Dov
z7&YoUC#O|5Tckc;_eI@OYbHBJ*rqV?XfgF6otMjRx**&1vpM|m)3uZo=z#IYeqX}D
z;C~=me|#e%ufew<j9H1rN}|3k1!?JN=DBGr_Y;zD^R6_-UW^Vy4OFKIYz{SbxVvQ`
z*9V~9<-2#)+F|b+VoYN!5=f8KcJM$qL71tr_{nzPTJ(`CfI&`syd;3g$b4<LXRiW)
z3y9>N!K_^XTMG{E=YJk=bA8b7A(aoJ9<^4DTd{s=+gv>vTGSE`>0MKwRgrY4P*32S
z*!6|v_i>%vQ(f25(bl>d#tqAlmzVpQ{1~lZ5kDVObYKc1x#}5;H6-3eJsS)ccf!wR
z{#ZIm)P>v<UNGr6?BrtV4%X;=h$*gN#t)ra9Q2$xyAHU#nc^<(TY%?w((3tKU5~yS
z#{*dI%?Kp~CTZD@-|1e`NKCk)3Yv$-ThY5$QD!dL{Mr=`K-5Vu25OG>2Y&y_q3n{E
z9WDd%TKWuH=fDt8L?Pw5Mrue=@_%|Q+U~M_*Ah1_ECSwSudHvHzHaq8sl^i0>{@1n
zyCJLri+*?gz_xyy%D;Cv(Uk<6pRRMa8`jS62EW7B)VU`Phmft-E14ZS7R`~aWdc+7
zh8toigy}sK4}4Lh07yDwb@NMPz_#<4%l7QOXQg5tjz-@E4T8wu1bk;i^z%TeiGN|9
z5=p(^)+!`Zqbmg5+kLp4h}Llh`1$9OEL93O3iYP>k~fhdCD^#GnyR5_Sb!G<mTgM`
zv?@!blLVqiscmuE)Gt%#ss}8H#lr2rSY(L+jx%D{;K9{-rCM9VxK0|H9B`3b5M-$7
zNi>q0Ldh`mOF0j;`IOmV(lG2sbMD3B5>9H>bXgCi)aQ{5S|PqzIoB`=^t3WLC1*QX
zYx_}o@!~}3o|jcfZM_tr-}0f=Ho2i9&WwDOFTZs2x^I<1(OOShcF2=5ScgW@XR)H$
z%9+00tijW^1m^tPtH<H5`uQPVQ0ep8(P=@kM-1C&Wqm{1Oc{!WQ?F@jJGzw<1w-Ua
z?oV;}*6wiE@k1RC{-IgqsVl?EjeG)T#^g1P<xe8&v95q_-N88_<4xKnhB{gAxj?7Y
zo7{v_WC!49$Km~jw@q)Z_A7}so56FRdS)ubDbNOd@|@_z#(T|O)*t!x6<iZTkXrW6
ztH3f!6l!p5YLK?I)PnstTwzc3v&Ag8xS`Bu3NNht4}wF5L6^qQg*z{YFAQ<lltp;A
zG_kAdOOPw$=W){#;_A2EThHgD`nRTKQ@%yuQDfoxxVEmVh4)DvO~Fq?SnrmZyLoSt
z&iFS5t*T{SGk0OyK_lXp>bn;Q6J!ohf8>7UGmaXP>!Nm(j=lfOj;I#hk1(;>#B`>;
zBr=Nle9l)8C4YFrvaQ*8kZx@7h2_y!4cM{{uTn9av<;)*9v>4({Hs{VceG^FO*aH>
zQIXWn3eTUM{Il>c#N|bEE+_|DI_$r7z;21ttanaGR#X0vR=zH2XaE=ZDq9f-dWMYX
z>Z!qyS6aHgX0CeOz5AkO3XJfi_#CY84@8HL$HqoF1}Hz=()SXl=_&jh*%<c_uY1a$
z=ss1pYIXjv?#hLj?e+D!E&r6!W@g5$u6{YMc)yk!Z@~aj6HEtSOA<vFCQosN>iOYd
zx`b!@Lb>WCgA>BkA{RN&?|o^R_rL~;<W{7kjax{EBa{|_;B$ITpDRv`iBm`MHUq`>
zXlPUFgCyxB4NKxjyxqcf%;c*uec!=si?o~sgUty<P?J!4f@Z}F<joO-%<X7o>qlq2
zKBvZkhV6zO?DXhFwfagMUI3$u)nZ3~4sl`8-f&6=*rlcRCdwQF&)mC+z>B_~IZ%}G
zCV$FsVMfiB`BIaMs`;WpQPQ%Lr&j#iDM!v5Xa!jyt$-u1ueN`uoImKt=d`I>wY;r;
z6xtd2_wnP$krvqH6!_F}g(e`jU5uBPx6r~|6eqJ|W%+OKi{~!TJNWV;JYif_S#a#%
zmsz*U4`RPV<yVi5Man29Gv;T~8RPG8?b0;6-_0U#-6{{yx?Y9FqT)_jPT($ZNMI$6
z=O;_W_U{7#E9nFIvc)Tf3;m-lhV-#jsm_lore2GP0;SpLy>`jn_Jbc0d9?nqW(yHz
z9GoIQP)iRT0(UQTNkpzaNL-k(Tlpbc4=KeuM5%VHH(w)X?pN|(wvR3O8+i5W7*1Wr
zJOX~baBMSK>ONJiJRFgf6y&wT3fRVKEGa?eZJ?fv{JDj%vNZPjV!tGE?Ae|%_TCE=
zaNRicnxeRSH5{HV-jw~QzhhF(cC@y>X!OA~x((r~fO%!1G^GY&{K;!e^&IGEL*93g
z2Q7Gi!hZ#Q1uug7zCkI{z2Z9%)l}SW%}h2QnEl<sA&EbaznxJ-y$j}hxf3lluI&JN
za%6T5FWNZ}LQ@0Sz(fVzv^yPJ#C4EubJueSk3VzB>{Mhd<y_2<WIE1V9|sl{;|4wu
zHyoAInmacgfoVF(_Gq}jz}#h~xfrkVo|uerw{G3snKIS#+i41WfDKGEi1>K|WsM<h
z10FjuE(Qpvmyn52;1A@bwe!=G#8oKSc~8!uGhA=f&e&%4h0x|EcdF3hRf==Ge>k!F
zzVd=uO=17oSbMOIDnsk-j$|dy4a%h&=Z)B+CS|DE$~SYJzfG`Q`a!FAS-qIkaDV!|
zS~)Wunj@I^&0N<1;?k8Vc@X)@-g5d~vzffPi)}d1t(>(Be3;>!wg<+PDkzpeE(5h3
zoJ-hZn0A|Sp1U38{N?)@lt7{zAAR#&J7ICIB7|lqV*`5-Ul|-|y=q`ilb12^kjoy|
z$aBL2`U#+0yx(R;bj3|mQIi%&iL5crpt)dU>X{<Rn{a>she-{7952Z*eZ%B+>ow^7
z*Z3iOa*n0QMuVZ?Hg$cVwMCy9Hz|d_?1r)E{v%9vT+t|^cpvG^y#D3d>GM%JN9v^;
zN~^SgL|gNkkKgX<f=iz7wZO`lNJREtrmF4EOUJ?a+V&4%><8c3IrW<L4+n_iEc~gz
z%2}LO$03H(=-nmQs(@9WxdO0S)VWUiI=u%WBV-}JUJjca2H)ndNsmA*GoB^n6dILn
zZJD>QY)!CtWh{ZhJZ=c#zAj+=ser}@9Cb0PKr!OqZhNYRil$0HYwaPaizz6mwysoY
zL9*JQFhb>sCe&x&li^5q5WJ{Doqu)D_OdMy){_#)={Bxvu}tO!J`xXeD-=$po|RPB
zhv&%*^h|U96J!^O1ZepLAov%@CGkD!<S+UPor9UXMvggv1nPPVkLNI7Yz?hv!vwWM
zK36HVp1rLsR2uUDV_>>v_;pg1(hec1b}SCGPee#uHMXmXKvaG@GV?Ye;hJgJQg6NO
zbEV25!&7lEg9(=gbhwdN$QZjKUx)-yevmbZGpH0Ad=uX*z`)-=o$Kwbey<TO5zZ3I
z(z-!tz$J#YJmx~PFLxf*Dc3T45LI1ME-pI|y@rjo{k<@P8EaQ_qqQJruQJ<75NBrG
z5hk%izqB~MSW^C^rWcHdH$JSjKT4cJVTf^NRfs0w00NBe&e=#hJrb5)@6)|tp!Gg|
z%BM)7OT0R?Qz{fa(SK^R(LwXp`hJy^A~YA44KV-FYD|7cvPBKEL^a2+-1=xV^V@NL
z@Xa@S=4;!IHg8!w7jfbILlbSEFeBncqqjKMy4a`a9BW^ITo}>eGT^k{AZnF>a|P#z
zZXatmON&QjzjY9@B)r`T#6wJO*{NS9w$zq5?`?%@mlZg%Y8$VlFPC7*^|aNuW{$6F
zNhu=&jWDc$uHVo}&~Ct8r(^%gUtCBZ<m3snE9+n>mMUdmnC~@Hfo?+bzR&BR>UG++
z<iP<6AxN*qD{G0Dn+=Pe5H9!Merj!)US$p0<f($H&4~JjR%hLkgR9fNU)n;ASQzeQ
z!X)s7;(YG`*-bP1B#jH+E2d!sQm~3*)9gZyMYLCBup@3>06lCXV>zKM?16iXnh}Jn
zg6$pozWKkrbeVgWTmr>}Nq^6Vy<@zC*(U!DS#)69JoE+l`Ll!?6m8M%%)zAPv*fDX
zt+0ik9AB9?$&kR@r48+f1i&_hTG^e`J3?PzA060iVzMOU|5b35QUQkqnBS;7wWc{O
zrQ2-Yl*b3E_@27oKKgP3+h(tn7F&2C)znjGtI3YO$I%kB*8SrPKiXu!&Oxy?p?}jf
z%^U0Ci(68<C3UXaVlk;J#O}b8N=U!#d!E6DnRn%UOTB-@b_82S-YRAcRvH1lY^m0Q
zK<D3xG^tB$_Kn-y*!#3M7WM&|_gkm(PJo$1n-l6OPmTu2o<`_tj%k?es2N*ZFFOh}
zypNIW6v)r*^XKo-XtE-@!TYQY4LaOvtFoijJ3=16hmR(fE-3CmCAul}e~6%+&uk({
z+R!5HJDxPikGG<k4Jvjs?7B<)>lK4gj>yzom?Voitov{H8mbwXJ66_sd|}oa_tI(i
zVPehYg@GiP8*Vxx0qM?g+HQ*Uuy+;S(JyFFw!&4m%+8;E|CUC;Ns}!{>mcJUhuuJ}
z&6a(y9hk!q%5sH&aLGsD9sow=-doSe&)7zS`L?z;zqGaKYQaE^cDamn!AGJDUS7j{
zwyCS-w9VeL?ejm(s_;C(A1EGL(aVj{wSJOX`TR-a@I{V)a{}XOr<z>Gs@o-hSfrQK
z>7H#0)!Q=x^u0e(#rK0E3ZeOPZTm;YI|N*cU64*9H}W1;+Y0KTdk9(PItI|UYPuO+
z>7w+zW)URV<F_<0GM1?}AGUo58L%e-Em3w{EDj!2gydJ_oMpZ$xe2%pAV+QyenxC9
zoNn$?0gIk*Y!9@QVisps`4XJu(vS)GC9}GApymE@ZX>&DrfN_m_Hyi_xU=W(k&a8*
zBWh&&-{_wOQ2YJp=^nnCBR`xSi&i&VZJ3^)e()ftmhKABmwZ|*>4|_xbtg14qr*B)
zD(wO$T=>*HL&u-f)=3w`wRQps{oXGoYtcmaZsEdh*twuDPUO(8-WV${ih4~BNK$0z
z_$(5hy`wIrD3@H0h59+XCM+z9p#j*68dr`O3yQ3^=jS(AMi=MTQHGH<baD6=AeQ3M
z#q%3Km|Z`mF>GQwS@gUZEA&t`x6tkfZf-^O<&@$bIqT9SMIJSE^Gh48&|7Wj@=Ym`
z1zVjLnrM}zN$dUua4$M5cc7b@LY&?RIEj^*SoZ7vUg&55l&Ra9Dx(GEdM;K3oI={H
z3-dI0PJQPZDD&1aj?F4mg;D6X1~ObF{2?z_g=PJ5Dz3#j16Qe)0d^W9d{lVZd3An?
zOO46Tuu88*!2o-xl5>9R5{||anD8?m3Yt5!rxu*lYMhO#BW9beo=8BCy#O-;tNz6&
z^>ai#W7V!|I{On?AV1wcm)NH8C*Suc&zbL@6Gbw$(XZyZX>o$fXfKjAomMT*ST{Vk
zB!7F-8E2`zaD`T}Db+KT-yg9!U=Dd>0ETd8JI?sPd#U{)JgD`K6%<ldSca^)yf6@~
zDDFAFDOAslgV$GuoP;h;8k;Ih7DyQv90WfxpGe2Y=5CU9Yw*fj+L*Z(!!Or&Vy~2L
zJLqe5qeDJy70IMpHc#DLui+-Yi+q6kF?|KHeMQWb68v|wYMC7~KTZ7(()nJ=lf}Nk
zm2W2mJA<s=p>-$K?MTg;`#<bQX?$h%tfCoT{Xy_fD~)h0OlJ^#)mlF)%%1Dbu3p@b
zvbB*N7%FECI-F)HsBiGrZ_5U-+HU%X4^~|?w1l<o6tg#&0vR^aoDDBxhLw2V3$YzC
z?a6v1Ht>m&5@e4?+rNA`GDZe1hmw?nR|CASGkF-OQL|KsoRn0UO&BjyHrO&P9OnIh
zMN!`<J{~@ODR>I)&JV3j_35iR)+_bU0KWw(<XzB7(vD9_>zzPgj>UsY_+;S=`i0uI
zyNxBY7;|qM8Ox@4FST0t=iKhsrAlqImMR(tTzG+&>-GMj&hP4ZHh|qH#N5*9Xl|SR
zt@OSoqZgkv6R5Fyezc~A9lp0vy|F$K-W^Z!k^QeJEs92QF1jU;nE2{_ifX1(P<B+D
zBqCZMC=mkN2Oj&a_zz>pU1i-t^1-@$^-Zy@xds-+x8I_U5#M(Ua9J#J_FsE*O>@jA
z%>;8Xzt>R6l2{!$q8{4OO(?$qWbF*Uq>k-~zTH+BPn=dxp;FzKAv8*0kmb;fJ~ro)
zqoiun<w^F_1Z)qS5wp*kp$H=1g>o{w9Qpj~A+s1Y2C@GX_GV~6zg|nLASh-UnFM2y
z5rHbR!Af;4>l_5j*$D4HDMja&y=14Pgxs*S;JDuTw)=qXF{|z2rW6s;R_g0h(`#uu
zm!@+exOq=57PLM}c27@N(WtII6-ZiP(uW08XR~rMWt_duYLbds&ZtKZhs#2qmDs;&
z_45)bxc14c;hN?SRXS%u{SNy)-x8R3zuWSh4Dn9@A5d0Xo33YW6`Eva@-we@hmDOc
zfym|i6am&9_Oxh_UCcd)yfOpmAq2IGtV}K~@mMt0z_Q-7ta)5cJH73;fWqo=!7yl2
zJv$?c)_t`^Q?oL~p(K|zBJ{RgYb9%)bh$7?=6<%MPb0d&=i={#gA`#VemgPf#^Eol
z+kR7yj=}?*1{}%xEyvhdkzewSc!|vi8)ibEK64?nww?omz~{-R8AJ->2S9%EHj`jk
z@U0E;yX~QJj$>oBBsbb-p06DM*4QeZokYD*yp8P~_}R9*E)V;4>@!<F5IO!cA`N1}
zpZ)9iXNPW_5gk5gcW9XR*}rM&NaIWY3vWjnD<l|Oy{Wp?{3WEW8eR~f<H*Y%hsawu
zf5qjIv3*Qga!)*$rF_qA*(KJgvemav?<#L1I`c6Lxu=O%ndS0Mt6A2b-!!>(9OD-a
zrpk^V74CJs)a3stFwJB28rgfRl79iu4|V%B>Y$Nx&|g@oR?~Gc6V*n8_VciO2ZA4i
zCx9A;(aQVpLE?QguDnpF^*u_#+jgxa#(P*`gCJ-1aof?&AVZv>@6U>lK&AX3eOnWs
zp-d2BmSV{Bi|&5_-i7e7JBTV2wnNzZ1)J|A&ZpYG<;-dWFjHZ6-~05dth#z4H;nnn
zwJ%4B^rm7uS}L70S}+TNAwQd?%t?gl2J>Ngi-h{W2X5Tb#fRMLaDo(vp<hUR=+KEb
zflGo2MJHf{Wj}`d&kr$7GJp-<wPgJR{geHuC~qxVu$$xc&zU7;VRl69eQE6xG!<M|
zPrF7tC&sVCe7q54yfA6|+ym45vHF?gcG{wslTCsrsaxIk^%Ay%AY`={wq!*(IfkBU
z=tjeLikdO_WdsGs-u<S^V2LsLTp=BA1^m~15nEr+bup)gf$T>f4?XsaM8T^=Dp?L%
zCgJuV>xUVm-YO3(wQ`lfS(TXm!A6DTH19!`uQ5M&^MzIjq0Fjjpt0}CH$&&7*c3Ht
zOQ7#tihCfW06*xS4VKVRhdE%lme}OBEt}j<cOe(e+$D@*2(7Ht@aboPo)5&yz6v*_
z7V^o#ojx)w_q<}BFe_h3bh}9sJ9PBBBehL>40<JqXhEkz448kH!EkkIMibaiLP?2)
zaCoa}PX17CX@NqK=s+d&ukfn9luGRWpp?`LP14!eTuBhO#bBmwW}OTJ747IZrFj8o
zb{l_8#=df^kLOBduy?ODJ8Mg}h|?&H*n_j#?Dr2dioM|bzq0lCGxOB4xpVvTKFX5w
z&UU9W6c&sUD!DqjpBHCLEgL9TajrOITmUOJ3+{Fz(hDieaaX~arjOM#nen?)2>3$y
z+|Qkh#uQzTEF^{JtI1z3%7Ok07fi3;w_|Vm?2k|gOU0=W3fi*5Dlv_vj4zf|$Y|`=
zmp3k|%ku07rWsZCVHqY|T1rex)8@j_xp#NdbE`hMiDyNWWxF@^R^-`s^>-;<?k}&+
z$YbOxM|W;d7*#q&aP&)$Ym%hqsa$iq3DH@Tn45Es2?TGGZCFBvKS5<Le5&mAoJU!s
zarDYiXIzGAw5#v=`-2bZD!IFBfn6bMRfv~)ksH6(>Pzw9c;hy9@xupSNk|7TL-4xo
z)UrPC-gB+Yjb^YKeaIku_pUBLdfvQzpV4(cvE^DIL7zO*2J8EYi364SJlfhmCQ%sb
zCu0am4U%=V&bs2vA%Rv9Do!%F{8jR6X1U2c_b@Uj%j#4`!&;bv3YP456+s6f`uraS
zrBzi`W#=4a44nJgu2l<;KGi@N`kv>{rRLpJy^LG$k=?saAZ8x(@R~w-h3<{?+9kK0
z7kOEa2yuOUmo}2|X!M+lqhrTn->@>sGH>;dy_7&NU2Ma0RIbpId}L$rlf130s>^Oy
zVH-Za96m+dz3?O!A&i|Vi_HJnEXp<|4}ko+W~owhB@?=efv)7o1o>~TShODVMSGP#
zL8s#vo{pxT26^qc`i|9u2d~UxFP7W=zj3(Q4P8vQSY=gm>EQZJq;sN9Qj32a<eG6t
zklTRQ+%3Xiu#j!v>)VpGdMrMOBy`_9e2Xf+J=0%jS10FK>@1G$`Gc?HN0k(3fa!Xh
zNcWmKZ8s=IEieZYgj1W($TJ^RD^0t&R=e!fD@aB?29ma(5S*~t$OMlCvpVtO5?0IM
z#r-Z#3(?U&_6rFZzupnRR_z<T?|-E%zbU&}Q$u9N8gwCA7fR!yd#SbCiiC+GcB)09
zpx#l7oO}HG>ERUun1}pmAnL2IH<^m2J9)H1NKpZ&mX+?v;W1bN(6S{-4Z!<7n|Q3p
zLee5ptP<zWIwIyUD{v7tSw@TJu-n;DeQ8-*5>w~I*M7p`$vZcb)p&n@C0Dp+0QFMZ
z@y_~Sc&Mh?O|kaD{^X<L)CNKqYH*v+czelItW>zLL6BWf;k-nR^Z!?T-yTTXU^5`S
zuds2s0df=?R-eBSp{yUEC5-5fAGE;BCf2X?&Ol5#Z{A$I%GThR6aNsxcty&e^@xcZ
z6a7n|xLp^dyHWQ0*NSP9OL{epoRvBsE$jrNHiq8Z#Ueq?$)Odx0TX<*yn*lw)sm|Z
z2qVjfL&mHv;!xa~%n`G=*FTHZipE_v3Hlt=Eu&<?c@#5?q=fGe@E%^^VR%oOr5?#n
zNqzDUtd)`K&?+fAp|zhVzyra&1BR0c`k>?23u#|+Io5pn(N`|j$xg0V6}5|{YI@~Q
zvXu1Xo%BZw1ZaKv{!jN@hQ5mmPSn~D_C(Rf>$2*hKFG`#K|i00Pow>f<wAqILz8`j
zJ)UGPIWfNm*FDCb4S`uj5Sc=<v3vV^)7X4hm!{?Zo>NTtWC|oUBNWwH#HsLWdB4BG
z{AYQ0{Z8boR^izS|FA(3$m7{2F9-S;qjt$?;R&X6hNK8^?eQep;&e`S|FtF!MJz2}
z(_1D?-YJr{Xr06Y3YY&N?LNxlh8wXf=kdD+Db}5kDkY4smu=||<7V?U!o?M2(p=3~
z>L-#72J?|bA6w6&&qubmpTCueAsFgHR$fu<>REDv#`3cQW+s3!A|hlzHW7R2Yi0@V
z><KDql@sUQW?p2Y0jj(o&d5;K?bdY=vbE=lC^#(W)blxaLy}ySBGT}tKR>T`O}3mz
z0<^=ret9`&7AkcmYP?>P5Wk?gO(P8{g?>!f4j(!r=Arr(>r;3i4l`b+*MY^lOi$M>
zHGv&gN}J-itdp-g(TES8Poh}(8p@LeYFRMkpMg3q$F_t2C!0{aINMc0HD+tqKk~mG
z$o&sI<qjwKuPE~r=)sU4dMmz><eKSjK6Jo;9l8O(7IP429r}+Fi<kG<X6zsN|K4Wt
YP{%Fr>*DJ=eznurF}Z`eb?@1K0e{9bPXGV_

literal 0
HcmV?d00001

diff --git a/docs/assets/tui-asset-screen.png b/docs/assets/tui-asset-screen.png
new file mode 100644
index 0000000000000000000000000000000000000000..01e2da5df140e7b0af0a88ff9cb4469748237b4d
GIT binary patch
literal 20337
zcmdSBWl&sAw=fC`4#8c5TOhdG1P{T2L$KhkgWKRPL4pq?XmEFTXOQ6TI=C~y<vGv$
zojO0hf2Zo!y{l?Zuf6xG?w;<odTH&5uS&A-&`8nX;NafLeU?&%gF`@g#m`ZYUVru6
z%`{&d1fYbRI?5~fpqPfg-jldUYrCj9n7g<eIh(;**gM#neFT~~o0-`IEgf7=-*$+-
z5`FxKNYdHN$i>RRo=V-y&J0e**~-+&lZuOv>Wi!GYs<mKL&d=*#LXkb!A<p5(Py&f
zGaMWhoSc-nx<}^min|Aa^jiP<=?U{e+mGN?@ksw1lt3mv^-A}19PiVI`4O8_F+yzb
zp7MDXCXL9cc*1Y~SF1qh;dT(+r%wue*l$uFf%+;53T_tW78VwM!Yu>)M2meAQvbp?
ze4vBHr~llfXTNzv^Dlh-0UQAkCKsNJ`Go%qpYaYUXX{qigpd5DzZ&EG3k$akO$QaS
zNdKodDnx|;ExNZl?*BSsXZMA}jT_-j__I;&Yx~;kHl=0AKW|>)GkTu?f1|ah2nf-R
zi<qLxi4|hmUC<k_ZN$H1Ff!iL(IrRR<f(Xja1MtX415VU?hQqJ?*TJL%4edYx;Wj-
zJDRDul$;e2^YCF(0UhC!{%&uVmU2_}L<F{vnERcqj{nma53e`3gM}bgtU*sV_Z$cC
zGc#vPEerC>>3xD#5#VC@qwnqh62@3?kl^W#`<)MzW|x57LUR#+^=aQ;>5!rt`SyX`
zSo2~H&nEUZ*02NXL(e;6REu+G@ek-DFVDQEkC$>hUE%M$z%_-OycUR;^2yx5CrInl
zYFXxlu+O8M?q}IpzkLF+FZzR-un?HYDX+a?3A*=@<$@hRg)?6dG;iKc+7|0sSYdWJ
zI3}{v5RF;T_CS4Mngvlddk$qJCN!uSJ5$Rtu|BXi@8C~Z-(~l@%o3KNYm23jDhVfU
zjuVM?YguOIF<hI%U$(1G1@4kQ3l#X5*D(f?s0=<9Rv2{^Es*DXSoT0GyMP07FN}UB
z&r0JRAv;B^tZBp0Fk#MRGZB|fq1`N%>5eC-MIk={KJd$tj*{-cDhoi9z#;A-YvP9k
z@r{pQKwByS+?wIhJ>)?C-n6YQ1^CKy)ppCZTOvCt@C1!FZoAL@tEs)d!!N07$-|U2
z75O$$;@)F7#8aaDYN|)UShQ-vj`@7@MeKyH<JkOnA5j!px6Xc{w4d|%SrklS(CW()
z_4~jW_{mA5*&QfGEX=mztYznNkrQB`8E?Ormk$gX7ZTdKg^MDH<LO;Rj9~gT<$}c>
znu8xb2l19)Yi$Xm_&m-&E=3Q#(Q~Rj$dX7ZNs2bhIAd@xIJMH6xJ{L`^6d_3t^b7^
z?IF{8g&CI(4pvDXYIgmxyoE9jY9or6WnR9wQo6(pwX4r=Od>a+RF^<T_7Gv?OCk;q
z_7b2eN}o$vETQD44$wwUb?On^4d*BToth4k^n~-g^Fc+G%J?yp8RBpP9Qd%k*K+!6
zrZ@{9^vDPDboW&on`-!cSviSGCg#o>nG7*KY&cIvi086IS=s#keMlkMwlwsUSji<T
z$D3XxWXG-Vl35vVre*i`zsOvdZ&&`I8wZmqts11hMdr)9oNd*9@6)+ib<0<?*?e-f
zm;sN5gA?x?0qKK9b2!_CfmGrNuF%)Cf@b*!=+620%q*Vk&}|VASdnVk82i!8Rnz;1
zC|F41xA&HKkO@CcREgA|)5l_c>uT&OJYRGUdRB&YAI%kfJ$ukrYBb`b-cw#r(TeNU
zZ|O^oS~Xpju3J-o8l`}iZxnvKe8(N3a;ms@)%e*b4a5lzk@dKkp-)<1{k33EEPI0m
z53$V>JEjpE`je*8ltbf`bk{)d(qO(n*5JGl(zBm@T=2n!0La+hd#S8UUqjkSReEa4
z)_f?1N%1!d)6N(L-D#bjg$}qYU@!J)vYC}OdN+d0?6b$E)aoVl9&QfK-rx-0WO488
zVBf^UrMM9F=9<ms3B+=kWg(c_Oc!Bs>0XV}VoHd|mWn8YQRu^&_!!6g+4qvoKJ7=H
z>zj`2iq<F(-z$2B5B6iI6~3L47UYBTVM<#|DtJRDeuOERS;0Dd8H{0i-Lf{np&AYs
z8){*ko5?i?A_vl{zGLbJ$90rF8sqQYe%b$?&Z?KyJvI`=Tn$J2Ni|%$9x*xQ!KuFw
z$4*^U8@qR14H<`zKXXe)fO)ixj*B`r)f^LLUd-JwLEu<~t?Aq)lwvU=7zH^iP_Yzt
zD1Fj)pv(0Jn^1pPT7Ou8XH_!nE5Ha7y#pd{ZqLdOiDbBKg+3y%*~uFWUn`W8S-QAv
zZ#%^~KW{+gqT^^rH59wj?_m#9HLb8!=V8{M&%(a)g2eG{0z1zcg6=M$MaEDGGx)R-
zi}M=-_cOD@Re>f_a~6o=--cuPYm-8X^mkdpewwX7_J-ECsbvC3OKXjnC{cgsPS<z&
zofn)1IRmX<j1bRHPMH-hK50w5Kc!HS3QNL`MM2xUEH?ir_PxqylOY)k+D&Bg(Oj%O
z{g%jOt14jW!KkD*mH(wB+Jcdwnt|P)rCZVYmap|r%^^0fHaqkaZ%3T&_}dDL%Yj4d
z(QQkm<`cNAChAy^w`aRfz9~Abja3ExSt3^~SqPm}8&f^=ux~W>EswZ3I94<P!;V=Q
z`Ylq}QO{3&7hZGC?#UQAGOJ_q%F%gt#ym#iVv+o;M*YDS9)8_4ksmuJ<0sk0It7DT
zCYoJYjo8@ft>o{Z_p+Wh(4C|?OhPwM^tMG?3}-}(Y>#d=cgH-zyERRqy0d9Q_9r=}
z><TRU6*R}MM`*`}TOWNg2sxjYm|;!L(Qt$_WJFxhr6GkUH!igfLxmGJJTYYZNI6}#
z@RBDu8PRJ%x#05ird3IvKTTZ7#&LJ$B~m=TDtGt=VanG!SA1efJbN1ic$@iIYtKA+
z%s|db!6CNk$jqR%5Cq-srZT^~hwXLK9!!6XKf}f|%tw|mu`)|eq&%y<Te8AOP%sX~
zERcmh;LEP%5-*O6QyuX$K+bt4+ii(JYnp9ol-YNw>J{Q=zi==jxg!K^slZ^QRRCx`
z#Z|0xU{?-sro}7JOfed8KK3Zp2)@C~(i>KxUT2Tnz9*>bf`c2OE9nkcS<l2Fk!##A
znoI&XQu@9b$acjI<4Doz&@$@p#a$TXZ?gjn3s`dRBCfvdz8@E=XXI?Ron_M*+TBD+
z2pVQCwJYI_=z|rS2>R0a1PgcW@po<%5+L2rCW{$yse$D4@3I#g(mut}K1|p7(yi9g
zv+8Jmwv02%yu4@;@zp_AXz`808LG4}*veuFn_5j9swM&I)YnI*8Vn(5o#alM3VYfY
zx0_LxPzpmGm9vC*q{Z_PJ2_xdEo4e-+dlL@H#&&2nX8fW!BR>jszWK+L{)aFc;9c{
zUN%}Mbdf-?jQcZ<U>7=olQz15a-$fzEsK-49l+%vdY6u3$~8r@Q8F#0^G7i79+L5s
z_bs{>#w|=JFrTuaFi1E_9v~J;z#>y=+=t=^Vk&pjDFFMvS~fh4Q5V(LrI8A=Y<Gzv
zQJ0SHVo7RQq!4JX^%}n!!^Gtu$%6%Y(zV?kRzrP>&wG-BP!PM*^^Zkiq{n$;D`hLk
z5P#wJ%->x<Qr>r`(?m(nghVSbS^Q!N9O6s4(^Q}wu$!j1YCR=eeRQxG2KmM>m8W&N
zf!cQh;ywvw$C32a0BHp_f|x}_gwm*Kz1K6VP=xs-%V4LT8?m$pSARc;irn$7t+oc-
z8~P3rZ82VqBpAQ(&pk!d1G<q#M>}|UT&clytT&FGsUd!@B>Llkm}e|@Q+qJM)J)>3
z$zL7H_^ql=0wulRY-9A&1pqhgo`RAcf9CJDY~yo@ptnlGv2IF$g*6{Y&Id>Gd7j5b
z77TWi*l#1LAJ>orJs$@66j;};6_I8u=*t#!yuacOF)M8*Y&j7VuEHd~*o;^a5PaRQ
zp<;^dmBOn|KgBfbfez3J=A?h`)WRP<TtS%?$e}^y{pGW$o}B3-Jh!$Ln1*#Bs{>Ms
zj%FA}<=IkWa~r4V4s{+1qW#P<qJ1`KwtTVe6KRbVXG9D_4^_9I=djkq7liM`z~19w
zLMlDjYP1td1+(u!?_ctjeM!(wFMF;{JltZ%2aeXvHgl1=&q6N+&&p)AEejo-=qAhD
zF$y&LatbRp9#Z(%;YTa6Gj|>>YsYK_Ac`|_P@8L$609}Jz1W_ETu=(`L&o=eJ=<d2
z!ztd;2A&|uv~d%Zm?+f9X%ux*@79<h>V2fqFZ50t{uWYWUCygN0+@1tP*cg>)K|)Q
zGW&;>_I~fN2)Mye3<Lmw%pG|+5)J`=yWO|ka+FIE^#wt_;~TxZEly+%RTMP)lO_XH
zWnkDp_AvWeG-H$Fj{sWMgg;;Tp%uPSbN0~T&RopS`|D#nlfF-cYx=Hk;3f++N#*?^
zAUDxQ4d?que#>>SNa@pUw9R*k1oz?|Pxi?KB<sc7XLq6^@^xRdTSS837$#9UW9|fk
zt!LYO-&$OWCJLY2`>$~u3s{aSits_@-wV-_;04V~B2A2=njfi%h=7Cu<yl<~YlbrX
zM5&x|wP;IzohBN|D)l?RF&s$l5r6XHWnVPG&NK+&Es$eHni$8|g9OiO>r>lZeQuw9
ziZh%Iy+ej}VPDNnLuY)<LVm0w0D(Pl^-05jK!~3%Q`$CeOmq~hth=b_MDTkYKXtL1
zkGkXH9GINDb2D=)U~mTxhVS|r`bnB0%QnDY#c)>*7o2yYF9pKGC12m>n%yf7*I%W;
zC&CUpkl!6&Ch#2~YkG7k9Ei^$WV8i>M5o1c6p9GCsg->oaiI1gU-zv30M3Bj=ms98
zAW!@5cC+k~>`+J-1HgS0?S!l?6rjA)Y176M(QP_ZOk4o%_x|V>(^oB*W=ozlTIB?X
zG&I04$@np`BH3OLNKOuNpd7E_bN1OA!l10l)beA^HEnT{>#=H;M@uz4**S^=(a_!5
z1O|052;3p}`)u@O8_0!1onrspW=6&`<@Q9aWVY}2H`xjcXTlDvixkL6zj1yGzep8>
z$3$<NIH$5yUeMrsdN$<56j)<LTqw}7RxZ#1VGJ4@!x&vrlpTn~_RH^BE0%?DEWhJ6
zhRkjCyiuq*KLV6+6J1UNqwWttkjckcr|6Db?AVq|z15csPc$&EgT+M!EI8~GtRTKZ
z5($X=nNK+XaK?odCH4@jn4%{Wrl!34Lz<I(rN5W^mb=|x^Q{88Vtqwhr}Np;<~F!P
z@;i}W^UbfIrOpfUA6X~4RNRyRBy(E~9HedC@4daaTRffF%J$={BpT1aN6+MFG)4oF
zMjBBUu5O)nd2YR+AK_my$OU3p3q&5UyO6zguI$7(Wd%AhXnB@{k9R@sZSB<+e9`H%
z);fxKrB$q~-c`TTx5X&MN*J70?0-ME_l+Fxv27mTGXf8r2Dp5-sg#;5m>Aa_;T<x)
z;J3`RjtxjiN4U=5m8KUL;mI)38{oD7mIqriK{OQS8;(t`)k@mMS{sWX6eFf;M%W7m
ziLh#_UHi!G7Cnng!{aA2pId#B{3xPnYSZ&s%E#j04`HhB$+08eq8zTqx)U{QCR0w`
zpKZCk7xjIIg>l?JkbS!z-k9ED#Sw#;Oq&$N_<mTit-*mYbm^%<`RPvu{lZXOc=%w}
zCWkeWc)()G&omz)_cozq$v{5tr>cQFKPw!Zfwe*K%Yo{t+q2lMZ9iwinjyCshVxcw
z+dipy7w=Y&KV<gHy}rh&!cuhUcgIxe&LeXJ8Dcf=?$qSH?zePwnty#vHGhS7x55di
z?yoWytcnK}=AfYmP1G|>+21#oRenvs;T*$O^{QvIl^=T3XRBQu@uf37f_fO^M~5k5
zlOKohReqEONsZrK%mDz_A6+DWXEV;_OscZAdY^r<6KEYBTj&hgqK(K;J*ZGHuA%&8
zbz8TFel%=#n<Z^gDBTxrn5u^T%kd=J_AJ0={d4TWHbQ2ts4HFD^1AL5auhJbJLZ!l
z6!}X{kM{msSt-;xm+ML>r%u%Ty8qZ&toUb36eNZM5-Rt8+197!J=S6Lzb+CoC>vwX
zFuNYJ+X{nGLuvTva9V-W^tTa<W4Gkm^z^*!7_M}QQw8RMHb}@&>>?g(3tEP%p3sRE
z!~ocJDP)C^wYb9pm7&Oji=YEE+E~K2QCi;9bY2#NJsHK#PCkE3sk~L;l3)=)qN>=i
zDEl`jSCozn`;T*i!@>|y?dId7<`d5{=51$_3F77K=&T-}Xqqr#FPD`A!dtkP2itai
zoN+}%%Ap)--S$v!CtHq@4v3ND%H1E9@VBz=o97XdI&Hs*+IA~;#~a-4!n?hu8XtNm
z*7S!mrQsKE!+*(wD^9?H^)K^t-;ukL<2E0%3~Lf8U!6pTi4XM&N_B7Xdk!`#Jpf2Z
zO$3-Q|Al%{I|+=^V=D!p2Ry&$2cm*;Nd9@lLb^lrHe{Fvf@S_ixw((bU)*Iai%yv8
z$4|xQ_pP$pr)UA15kFnHx)Mox$~t7fqNN&1x4QYff7{I>$b^xc^3kFnl9uT%O@;}2
zwh`<2K&jP|2UduLnX>7~sr<q^mtE~)M2FC}aHaOnvUqIzliisSiS;{LL<es*Lgxkq
zORe7)vD7g0n;f`&b;nfz2qqR*FQcz6IB=dU#lzP2-)FweI7BPx%f|u|@-R{JR(S(i
z49DsL;pYzP8K~35kBgji4Tvv?x1KK<-DU2q87_v8*tE_lDRC|S@7ajtp2+>h=b|Wg
z(sD)al6`x7u#|I6<&Cur`;{INqJ&-YU8C_>Kz!_L*YpeU-|rb)FQJ|yF2hF4d^TK#
zc3hti;uS2ZQVg^18y5ijT}qFr>au6uk+@#B<;G_L8TUmQQ85}w)LjOuttxs~KynsZ
z(&Fqigs`yh#7G6XC#8#>Jc<~!slV2D^#zR!kJXiTVr0!Zx6^tA_uG~44$>9#>{zL>
z$)z)Ih3((pu#S-8Y*(WZRj*fAW0E;iX(>NvZE-2$(t`HNpKrMxj?fPHGM~=lFcdBm
z=Syf+LQ{D0045u=V!6ND^Z8B0K-t_T&I_5%X{~7dL%zBu+G1R@X2;!qMz?oS-KnbI
zdglk7PsI3QfFG!tr{o2YiZXh1?BL5oFUc*7+xz<4(-XmN^KO*F?&+c8v+N73v5`An
zI5<}*i#HibTgHx{)G<gJxT)CH-%6Q%XKz9(_L%5P>5}rpvBXq~VspQ+O-0)?(lqf<
zS<_y#EBWI#c`W<k@K0J=IhXsPZ~EfLe`2F;JIXM@6uJ8p2OCiXT3n;qpK>Z92{csn
zTxIB#$o|XA`w-faS%PfgtokD;S{2zmJjJvjM1x{DPtpF3|Ig+mf>-XZ6U&eV*$i}R
zNDBzL_n`6|T6LO})841R29y3q5ieb$oMhc{@7adtWkFE~<PY<*wV^fqFN;6jAv1W`
zXFx|5EG3Lte59%!QRjf+@5x%-{v23gba$Q|r3rwOj^u&B(+vRQZN6_dace$e-cwTo
zV9(rMOGQJ?VEy-AVx!Y&S1t7K&xz_c)yd{tsGPrw-n{8I-}Ms!YYyBNj;zNvmVJoi
zXEPtxI^}piXHL@g|2gh%0?9cmwjl<te)V!aQR1(O47`?~*CzkFE>>?5|FU!B<2s-c
zeW2QPytihivr>(a?riw@<Jat!=!PZI9J7SW>2HkFcdOxPB4%)_Z@6Z6R9BgkXWN8T
z)0>h74M9D<jB7@-p^J|W0k(dPn>5i^OHKP%K?f6vky=U?Q`5>EC)3O3SjqF&0OC@;
zwC?!}3AQ8Ee(FhsW<-)C^~SWcor1+$H2_lA?=IrXp1l5E7dQkQ)0ZCJ^x(GY$N96v
zpL&%i5^U|ebeO`8cwkIh$zM7C(b9g)Y?go18D2=m8V}(YVW*_A?<ca9$`v$UngfQL
zMe8->#&^FMx46-i`iRyriVT><v96wA+CTZq!^<-~NyXtIO|`j$7Rfa5?X?G$+1tiP
z*z@>6pV+WRgLTR{Fj=?rdaawK#ih-#)uxO+?LEKRRoQJf4Lv0LmiUp{hmHH5EL)M<
z`#n`*KQ#P)!5rD`#){3410ezw&YgFN&pcaUd`6rv@+Adm$W>5U!He<$k-D87|KyGh
z9s!bzLF|HB-L9aDJm;CCSG7x2=H2TwG7&q`u7pIB;BhxIzP+5*Z<ecuDizFicJY=3
z=tVa<zmW18=f*>AOs%8NjD>zUAk>LD09G@wL}MlQoohgYXFk9p7$G3im!Lh4JP5YT
z6}*Edr(j8PwY8jyCK}Hc@lZ`Ls>NFH`CVNmPc8R~m#(@go5gT1k>|;Iz6X5IILwCV
z%^R7H2{yvlSiAZ|n5$j-n~3mZwmE8;`$0=)V#2uh!25w3;J2wu-YMLVtS{yc7DjRV
zlzi3>7UEJ;dD7L~0}i{&LPY<j0^)rG{zvxUJqh-|kMC0^Y2W@QsZgzkhVtq>`~$V0
z{`cs3^BOCw@`~>Le};-TH@!lK8bhH9|Bey<`Eu&N$Nu=^f6VUxyXgO`Sr>~QIa3Ql
z4IUT{rtTH`%z$9ze=Xc#d;Y3_XHF#V*w4791T)^uevV_`=iL8#_gQV9vVbhXIPSkU
z*eU=Y`#&3C74Yl}4^NvQ$>tlFQce<V<FF_FZ#u{=CYP4>q&?~-I=pKh%ySX<90DI;
zi4@ZmFCW@4O@{X`*^Sot3Ay_vBE}KU10>N`*y@JJsO$g;bM)%xH<TmAL_u)fObY8*
zkE?z2p`?Uq=!@BSin8OE7LXz9D?|PRH`ufRli5#QnK1fRC%dIKkh>S<NL=pTy~tIU
zKKat`d*`XntW1o?M|rX4-`peFEx}u1m|MM3l$%i+8AI$SJj$5=PQ|ptq8<>Ch?NDo
zlYRa*(v-Wu|JCoN{^9K#bKEeBRdA<rob&Z%Vk)2ed+v5n3ggQo4fpV2L6pT=9p0U%
z3TX%d!FC0BNSGh<_sJJz+H(v8{n~igg|*L&nQ2+-Xk!&Jt^vQ|C{?+K8%@Wk;aI^k
zZgK03I=<cJz)?#LbiUDwdy~Q7$%&H;ou%j|Nv+a~*>G*%p+y#9xrfriNt0PagFcV_
zIU!8R_VHF0B^p7=%M<k;afBEk<n&@_{I9@Or!*yEZ8t7aZu~xaoJ|W7+;_Pta!J4b
zXxM)H5nVWTx7Sa2v{O=;`y!$tHK{(y)ARD~B4cE~Zi{YQiBy+#JPv0yQ7sD;2ATV4
zY;f-Er~Cr00JQ{l;l#)Xk@N&;iS^zIPN!xyBo&Q_ZT_~wqVXC*`0I-DqW`MO3iV|k
zf5qzY*wLepsOf08M;aQw|8{9FBFm@*+E8H=ZUIDewWzLwOF9nU+?Q%+MO^*`3Uuu8
zw>IY(Ge$@VUIk>|9eluYSOXGZu`*FR-MtgJo}X(~Tg+B*u%(034vD(kk7r41WX|BC
z&3Yyh>#o5Q`)zARX`ijHucllU3LN5PG--1}=U>bCq8WkZuFew8OLjJwN3}D`pC)+D
z1M6t*RhwHL87@T&{N_sSypqhr3p?mI>wU_uY5x%0H77FeOW7`MzGgzw@Oyk1$wDhu
z<OI&xWW8}i-^mXg<bHdo_Fp`gx5L?E1$vDzw``LukuC&jHw1uOaVX<-ySXUWkB27<
z>&>5QxS5847fZ*Fjr&Ok(HR{Gl>Rt9XM3yLFETrq*DovGiAVaifKAqZ%;Fj>VXI?n
zCV;?!_pSW0s28onsvkY~Y_f?A!&G^0N{nt{pW9UM#NJ5*vAYhhA;1Gr!TN#LZ6DNl
z(52<^=gQRHgE7e89kl|?kpOu#9DXsN99@>LSYOE(>+Ckn48h`Pp@5JOWy!_KkFQ_A
zG)7_TCSu-~Hs%#<M((pG{MhnE+YK#Bdj+Wto|_O}y@#=-R-p|Iu{*oBy2BQ=LK)r;
z$DI(Z>-C3-CT%znYo91bj5|BA;!%Tvu^QZ2`No{`obAd5tdAN4uxAoVK1&F^SriKS
zW4bWsaDEUs1A@eQb2Nzh@u_qe$iGbD%~$fi;kb8@dn!`9TQA8jLMUL1GwDq)6gc=J
z(BGkxAq#g(o<;6Wu`@ud;OAK%2>&l{$9$J^*%%xdaK4$x6Ks?uX7C&4AKl8p>R8Xf
z@-y}vJ0_K_*dm#<hd)(d?yAPvh1EvC7`U>oyf~nOJiBaxxO-rnfrLl)^>{5l95{33
zYwq>PfZmyt5hc<V(qSxt2rGhjA!<4t*I3CrGYVoU3MDN+L#K%&7#$aQ%hG&%oJ8)O
z#K-hpo<HazD{lP;%KW%n^)^K;X3}oR+MG9TO-|XYt+UnEzjfo+E?M2ESJBDz=qk!|
zx%d>@c;Xk^xa-Dc;S0%|TiZ>9XsH@cTE1&9>->-g8QG)!{P>oAd!`QD^sxUVD*JzG
z0TMg3uP;S0V#;*Z)(?flgSvA_o^}~NlobCdF3u_bka4RN)jQct!CdF<NQb!-ss%Ei
zY-UA61Af-MV;u+~MF>M!FerAY7fq5}x=VW++RM8qQ|geW@}@YFSH%6+2mQJZx4_*G
zT=U&Z%_?)J`B#PVgyznrExWwvkWW#E2Oc;$zMRtv)I$)LZwHBBRqd@e{S`rMxp54h
ztN7+b+MoQFnWwd<-4J@bXIQ7*T~5V`WEtf5%wby;4#HNpyUks&PXrx+8x#Pk1&93t
zd+T%m$4n;$+3xy`uY8&P3oVqQJv1cG!x+2xu)gKMj#OQaurOuJf%pW4z?EBMq~QgT
zEp!Gw&d^D)tm9DrR$ASV_{GF@(_vH8{?TGxdgXnsw0{C`qUY1eQ0wJkh>yUY>uRG3
zSDStI+t7dwLrBJ6_9$?~E!<e0sB#iHm7-}g$icIEx<ce`t>)gzjM^MlC33ewOUKL5
zpy>~Xjly$t_IP&R$#Z+-P5ZB2couyVa$q}rJ0&zJy*zQ*c=3#|s07P&=t!0PCI@XD
zn~eWG;LcDBdFzu60znPa1y<HY>hZRS@&nCqIy-ren)GcMV<`A8@ZgHoI@VVu3olly
z7#(3Gj7~$yDb72vbJ%SwQJUdbpm2K^&+DAmMpK9khaN#tN3A7Yg#w3`H>xj+enIQ?
zZv_sQ)ks`VJ|oowO|<=nr>2+}LuTN=3sY6bxNn&jzzEiR?ZK$#m}c^ORh16_j6))c
zMGKH>Qw_lRdZRK(Qv2pgROI}?kQegMvL#niO-g``Vw(klVIUJ_`k~pac_+riXwz2$
z8OlNp#%Bgn6+G_=%5eYH^j5*0#qLebdvRAJzDR|J&I|*X@B8wDWS!2{(pc}e1>ZM5
z%k#Msk5``9c)pC1-5Wn83#KHV@V5;I4ZNe>IZ&T^`PN;0I87{&gI?am;{G7e0FfaT
zRv^1yXx$lDeWMAw6)WlR&em#<-RVnfaC%CuAb#wqwJX6tl&hhK_&y>f3R*E|J#cAi
zNY~*gdE}wm0v33eC?Ox&*ShzOps4P|+F5#<KAZuN)w|T}0*4&qI0S@IQzg*8n3vsM
zMA`_S+IC#th>8~Qazku)?V6Fm|K~jpR)@z&z}hn}KnBpq0$`;dAp4@)P>=7!okcnI
zW?i={FyCNY;1si5M<hTeV}vvJVVdtxd_4FtO~m_!Kl6T99(FSZFY<EYP&#<N9<5M7
zd+7-s*|{TK9p)<+U%r`@U!EdiLorl{%dj{Qee<7lOyy_KlyZO7RU)d$k_i)|o)24L
zws5q4nZlR14Ck`%a&?Dj`jz#2LWQ_Dmxtufz=F{|39Fma(Wf4lF;&qmX5`9g?B{)>
z7$Wh$a$E~SvNhGDO4A%I_fEixckV##9oA><1SL6FY}BwD>Pe`PiJvDF3|mK<*4A0O
zSY$CF22CUMOSknG0xEJk$s~N{Od~s9{B_70R+4TUw1?8Cv}KmPDA37km>n6WI6dgI
zmA-{^U~fLu^?lCh$!h>?*4%=OJa0}Q21i&Z#9bawIOI+%=*ts=5uXdgV6K<<=k1A2
zN1zgG6GF4m=0{5zTc00~6|EuXDfKk0UnL%ftwgv@-n=H&vWG`Z#;JFUyc;*JPd&L9
zPz*hB?nyuwTZ>aj$<lubsGuuAl1$*++f^@WcZJ4eO(P@%L7V%_m5lqlk{x`Wf~$7*
zg6G=6C<yPJr?vG~AnLyhtQwY`@Kf!6|E9<X_6Zk?_l21*0WVe%n-DZMOtDI4*z}#c
zD3*+bOC%B^#$@{3_Oj8Oxzy-<3>NX!MZi=>Z7O+QANczb@64IZiuAh_*MyRv7=r9q
z{I~3$KQ0%gae~7(V@mF}iZVP-wp!DDNvPiy{tlGJ(i_~#uwNgRXWux9+C)W7N~rOA
ze>(o)_=u78G(0lbE_obe0bDCgF-gk5oXfbqTuCWm`k2=L5-S!Prd6mi8;rgb<M&&i
z)&I4^<_hbmd4-)wqjceb64gJ%EVqvYsebC;A}5{@iapmUE~ss62W^{~@_$(*QhA7~
zpZ-(Sm4{e-OY!DOqJ>9G>_#~1gY|plN=bRQf9XsOr}yJ1l1QH<c!&OV<KmxE{_mFk
z|1k3Ze~HF}QNB8T7dt@KFoMRckj>yz#LFr%zO2r-yt>&@>$QnY6V!2kxxa8)6i%3F
zV)ti_{|pbGpJIIiYNOgX4F3MBa#_|y6S0~d!jc1Xus~os)sph_#2&g_@LXC<wCgD?
zuyo{HWmcgp2lDh0-h$XDcPNTErzBC!<~<XhoJQ*byE;<aYu%ckIw^Ph@Qw$fFO7c3
zev>kdLt|rnf{8>L``j%fjZ5$wmE>6RvIJs7ZsaoZLFFigP@66U3_u8@*^d^+n@M77
z`qCEWut?sr{bwr#HuTP%t6-j4**@pau=pD``$y)}t^-y|o%@ECoAP^R@-tt{OM~3o
zy86l9(tR}NPy*G7zMwg~^-(N_Lx^?)AyO5;1iq#OCmDp5_7Lh8ta%Lke9B_NS7JdZ
zugp$cS%aZ2J8^!XDK*3PJg;@ZN;8GKK+4@j*pMR|OGL~5***Bx>Ea2?F4hzaG%uKN
z0!zE9BHjl9KSR|O_ii^)O7QS4lb;v3oc5Z#&NePiioiTs6*giz;2z7C0z`u}*za0D
zmaK50l7pBp7MIF-H<R^~_@$}1e0oXpI-UX%iMgmB-#V0h8I~yZ_3Cb}h+c?xJ$K2#
zMn}49*{L=srfW<2l!T0u+IUpE;!6*qq4}ut1P`w(5C4>e385|tLsrhC?3nIMBa=9;
zMM%(`!&Hj4u4Y@2^7Fc=Zy}21;#<y&asMLRJPtIXC#v#u!P%*TkM91SGo|psOZ_Vp
zo#rHrPIcC@=~s9yYiu`_1b;@bJtn<1ILb9;x9a`}O7obb$-I6s^yUZ1<$cqNsE5SI
zXlvwhnBzC)XvV3x>xEZ?wp>_e>k(+!l?uxwM!kwLwA5phjS<S)BpKt7T&7v&P98^m
zBpgxUtR(5WAlMJpS;Oog3j?y|m--#HU(!SS?@E;;@|H@Rf)Q*_Mx3$hC&edKLVC;M
zXk9Gg()fQ+F3nN&DBpM8n_gG^q8Z1^7ngd%Q664iZ)?Eq;&R$)L|r}Dy5=h%nK(ON
ztS;H6nbl8|m$rqg;RsGmJEvoJ<+tB7FT~WJ!GE77>z4gR#2(K*6mJAUE0?8^`Hq=1
zUO9q4F!q!lS4Zb@%hjlNR*_Io`nl3La#2HtU}u2H*2se*SW)r!w1_*Dcu;16Oo-5&
z{$Q>kkxU~|WG|s^`|ooR&<L%q{axJ}W2)E}<h^*oUxCFOj^=Zjrx8c>weK>Zh1BmE
zyXxd+U_%VwH->?DdOD0TF(RjPdqv@ce!rf@s%bLa@B+`t{32y6Y}@W^2P*$q8;XbU
zN8T6)Z*<E3^XIdZV=iZA>G0=A<r>2-1Q=2Awonh!dP1KWBC_+aeLnG##j(&?>x&q<
zAxF~Cyl}~gBRJVy${iWRS`=h_7k=U<+>te{YHEqn1Tf<1d^bkCKkFq%&~R9&l-6kZ
z@_{Ay;LMi^Gc2we9?=w>66;`0rpm`>yr@MYH99I~97&NHnmycppO^h3ByBD>X$(m{
z6t@Y7&%N}Qmo>IH;dd`48@$dY>ZEm<>vJS(P%n<N0%6({&4CDrF{LK-!sMvgM8!!8
z$p(un{OMzS9xI;VBMn#Vu&IfwuF%J2<U&%nijj9S5JJqLi3L<TLSpq>Rw|$ilAp5f
zVp%=ep9Zxszerj0%Bq&2`69Vmw%RinR)!Wuytx>CY65&$RBSHV^zdPjl6i<$0?1L2
zH8S^Fou3U0A@J$z`XcFB^^6~>5MjXgZ*6n2jjtR6R+Z~b8KV1}btR(#rCZU=#{PA@
zk1=~2w!eleHy%{nj%b>d81T9V-wM+d`O9m1l(JsR{@E<CoagsbuT0nCL?V{?junw7
zGAKe1FA!B~8-b~XFD?Po4;PKp$zshJHwi}}kA+wk1n9~Lj9>`9S~U={M=7c9V8)3D
z5e5D7VRSiDwUek^Gk7^hzmzm%GCGp9Hk2Tgnhyorw$X)$U-SBU+<EcqwWeiKo6*_Z
z_Fmq>6K#w%tU%t4)iWLal=dW}v~`2Wq|plbPHw0qr;dRt{asp1<-HwlyFF1B*-h|-
zwI&A(7JH716^v~=EVM#6R<#=Q8t2?sc#*ZNEz69~INz44Oj&SMTBYuk!_s{G^{}Wj
zU%G8~Tm*on6u|Wp>#hq*PjLOaObO4WZ8j~dF+VHgM<s_pE7j@TaFDqY>&V!%1AceZ
z7eFa_A7iz#%#gLJ__L%cb6PzV5+`g^V%)5-TR$Z1*9ps66&@4v#Y&I0NRd<Xmbj5i
zvjtwd&1Zu-b)`ra-nJq@EajIL2{3TTmJv4j;zjeKdus>FSh&(n_2#f!wnm?>MF?;f
zu#VGyST&(HAQwx(w0WF|m@BUp<z&V>V$xq;m0T{d)c9wr-BP_-eJ%0%V#k~m8SI+z
znB4ZRsx`%4FUAF55p|*Y6T#~TZKI#t@7VKxC59b-cTCDa&|7!@rv2AttNbU96ggN@
z#ho1$sDHPl_4NRqTFh=Pi`?yF1pUbbhVz3=;`|`YHoNiWMOe?hR8vE}8FnXQ_x=2j
z(7`+ONFR@PH{()0lwXFIoTO}ZG>p<3eXsM@hFllM&mYJ}<mMR|HP@_*6&x2V$=nVn
zNKStbJL0x@QZ^+nN%dg1KrK>Y`^vW&e@A|qmOBm=3W)WOI^$u~d7ZalXI;%tp%&qC
zn-7mmo*!tcDJ$J~Rzj5iR(5i^-L-RWiHg3bqEQVCVH`*9Q(6vy`suOL0s`IeB;@v0
zWsE9Rt0Am3EVQAR+5NZ%5LL_Es;Bl1`j@{7T*eZg(-Wjjv);1Q29|PPG<5Xn;>g$*
z4~4FpsXyUJYZQK%CpJ8-KK8l~l1s(wF7AnBR$dE%{k_JTqhML5aZ}|&6>gPSI}>&j
z^R&iHjt~|O$Ij>?o!@9~Wx1{~n`_}9v#rEDQo6c<mnp*2qVi|#Lbh=`{fP7~*_S`I
zZ`{36ci~A^IQA%A-Q=Pb04}7Vd4$jS?SVIqu31S5;CX&mnf%rQ@y_J+Sd_Agsf)Ps
z%ehe|YhiztBWjlBB-l7%7qHtVt8Hyq=7ro5yILsn$BYVHA3@d0ln>XV^n~jTK*0rr
z(hTZD+;jrXK5D?g0BE1U1yJ0YX{u!z<A?~y_U_cNs{!wv9_NizO>oaG5KcJr@m(A@
zpl~=H!O&S}-nnW^V<e0CwS~aa{@ud*!57CBPUk?>cS)-8rW*$5>|SrZXpbzG);yVQ
zPJ0H?7N0{xuWR4wx@u<>)T;5$?)t8q?0t}oST_B!+L2m~cpmIc`kV-^(zxj-NAC!T
z2mv&<w><;1zi%Vq;WFiy1`)Bexf$xlTDd_vS6F^JIAkttj;rCsn|}vlm}4hE1104L
z4^QceX+G8ANG*S97&{6L3ZJ1S9w4Z;`XeWijwd1Far;1EC}p~~6L<bK{!M%Dmy0lb
zRRiKS=-7_#%p5>Bi6U9Hh(Gv@l}M>0q#*{mqKE2_@gsH3OhIaC0JZ^KR#u2<p+NXE
zk53p}xtwD;9#Ybel{vZK0cBqC-ZEzsgyrDfPfn*27uC5aESyw>lGjS*T)VqWo7|B@
zLd;mvUl$8bcDaYzv2mYW5<#{*^>Pxl7ityNj^D;u%%MhUrRcE?_Az9IYu!Y9Jyk-H
zgPSWO4{Y3TJn%}2iiMf6QX4NbZx|$F{!p@1M^43Jk}I*BJ)sZDx!}Br-(fnuR216H
z7xh#-;_eYuxqT))iXq<QZ{`TR*%at<#(lKG2r;?P0sYPn2K1nO<f_UMO$tGXzw&0P
z|5gUB=HJvN4iQK2_QA(urdmenvwHaBjD*vXW8d*rIr}TAQVF7Tsjx_tV!L+E<*#C8
z_=PgPUd83}RK7ycc+JPh!++(E5<4~VlWK{ca~ve6bC1r&=nW^!$_-n%zqdFIMYr=1
z`Hzw2-|%OGjyoaP`o9Fq!w219n1Rlj_>}45hZ{)aH2g*^xCam32-G0&CTrg(Al%4C
zq3tKOCKW$c1@b=oZVQI^YL~FpCCXp0A9@!#Z&IbHd;L}-w>#RTSE+2>-b6$+ZG%(g
z+97g-fe6N$O-|Zun;i<>AQ$SUS6dqA)oxMDd^MKv)0dDrS&6D@Xa)sa5C~=LA3ry&
ztQ+7e{@wVAKeHe!d0*A=W{mE*0bhuS=!frDoQ%guRBeXx*6+A{G7{$o=~Y4>K6kim
z-2g77CJxdxr51JG+wFPiAc<#4pq%J`S!|NlPJZhy!z4%9AAi>1F7|ht&vxdw++7mB
z(9gZZ89?^Cu*WJG?^bYX8;=qPx5@rhY~nF(B$GgMv@L%sy|@%BD$Vz=FWv(6cKI9C
z{JYCVnDqB8mOipSD-Vuo{*)K(%@eo|m|S0@GHfKO?Q5sW?*1a54GZ8FPU?-@vZ{+Z
zJ+~x%$+YlpT9k#nO39P|BztWXVr8Ys&u638_@v)!E>Dm|%$Z$*wx)Gv98lwfRkewx
z1GHksIjyH>Rts`{&E&-wm|Mhl#I=rVNl86l2ezvBBEB;9^JIueN&}5S7u-K2Z8Gri
zujSK(nyRnv1am*0BW|-umJ;A}bp+v`;F;;IB`X8XRDzBY?&^Vp1o!dq=cvK~yz{Y2
z#(z?URgw-@c>f@;UHs3K(*NGu%)EYbo@}#8XQBKzB0y6e^&t8;e-fnT@ael2AJc!H
zK8lHQQT>Zgy<w*M-=cy?k2{xD*U#Vnb+x5#D#_4&yiHraQUBk1o}t9%=nfaSlxdDW
zh^i_CPGvqWQr6`?IJwYm><U{7vzj~XnL-w4OqvT1EkKqgEvh$9zxDoWw%+1z;R8O?
zK-yEcshP*Hu`T<3p>f|-p9GrY9j`rmUEi%N2`<#QU8kNDJuI-;jRtt{YmlFfK`;!O
z!hetWnXD5jCoK1zV-30gKK^*H{O=9~7kJwI%4LCeJOyI59odgdu3k&t*{FIZ9vidJ
zCJaWM{JJ!wMN#JY^K65bLFtis71Fmfg-}QP+`nW6>Zj`7RA?n5{2~0zJPWEv>!`D7
z;cdwtfyX;#;M<daCg%-6dttN9-I8<hy?hDJ@*=r>p9z^Q6+oUc+tsbLf4Y_XQFlN=
zh~=HR=?@kq7I@5*dCVB6eg2_@&{T3(nkv1U7+2$@X|ToJO277^eiM4QpwyIpu|gap
za`K{GzH18^8}FQSVj3a>E5Rn-qRK0nJ%x`94X)PVnWQZB6LJnrnl1B6jf2wuGVZRQ
zhiuwY$hnr6AsL!rkyjK5tV!P>Tn1Z^Tnv961xq&!cWhO(Hza7S94|Z&ReOrsIVw!u
z9bMR81K#Zv4waAajm&&{S)RXv#ceT>ru4H34;atIr6jK7q)cxNCx%0pkP214%uJD(
ziku^4>=D?@*CY4W(o|=o9}bx%0yc`_*|^r4Gl3NuN<;Qn$clK_91>2!kIcRsT$;XM
z!^a-D_UK`T1sETLxP_R~>7$p*!$l8_my(9P>F2luAQZG+XKIGv|2^l_<L6tY@$Xx{
zDK*w@;`>AV6FWoasSAu%US86<x7IEq;H*=9NssSyGCDH0%DDXo;w|zr*rdkm3!DKU
z!3=iMIC6I|i}5J7kQj(wd>T~I)HvT%cVH=7(o)VKw8uSV|1EG}GAsDVKCdU3N~EWP
zQMls#<4*R7eQp*ssbq-fq;bw$A)`!`zkx~u;+1OPeqC^w0U7jxNq*q2`NO(g_ujN&
zu|L_a7OJFeiPXg2CUcVALQG-3xmDM)*D{!epZZL98TUTU$bW0z`@lW1E41b%4u;!l
z_~oa&!`_);_w4oG{?xqqxt*0GknMJ1QTd45KWlH>Aj&TgTb)+Gc}yO)B5VL(`knuo
z#G&#b#03_w|G9BfNJx?659y8J#TO&xXe((`(B7{tf?Fq*m+u%<o};3A=jTNtye4xF
z-xkqOh<yj9_U639kFi4mcJPAiV*SnRvz6EHvv49<Xg<vh_a#+4go%5=oLn+IkWneN
zoElp__*rQjV2P!VE<0{G<6gHr$1)c?VLez4H5X}==ik0o4$AJ=GFk$a_^Y$^BX*9z
zjGp0(B%aVgmqN5ZEfnvC3vAdKBh~k$wpTNJv+c+B+=y`zaA(2+8&g>b-aCl)Eb<es
zmwEff3Z%wvIdop1)a5aV4#2-9)$POVW^2ukm7I-tda`Rg^-H*;NYvg@|EMc5Gy5f+
z{<(=eViY`>5LP(1Jy59vc;=ZJAeRk=Xp!M$ORI=`8;gl$4W1}fUy=%{mR20Q{Ub(j
z5<-a{kKkIsHI+p7hoW!QBt7C=Y`bo8-jX|k40aGV9uL2TVoD<Mux!~!7G?T+5b`oL
z;d84ZeutMZsLepl4cN&`ezr!;H7@q^N<%}~yvNUvv{>?0D#BXSe<vnSA;GcJV}S>|
zwfGm<Tfkd0_&e72ij)1(mc|a=37EN<R6O*g++QVTHj7L}E?Ez1F0IE=Y18L*DRZ9&
zPlD+NHZd+#+Pp9qAR@z|hFpiGrq<G<KO3etT8)Ak!z4V#G;ER+ACL8IQw?fmi$A&L
zutr7B==cZJI0z=2se+qBFLEeIrT+%dz1HHQ20dUe3cc4d#a7={xw`6O^#+P2=aNA?
z9;1^GwK(?57kCF2e94hnL1?!ov^rNZUSn>@1}raj$9l@pXgN}#{_4u}fRf*_K}trB
z->;451x@dI&e-ao=DKNH@BO0QGiGcryWkXcY`=)cfK7}T726)s*6&X|RU7;OVVj3y
zbghd&D`zn;G#|+L>v7@<yN*2w8&){|zm|m0M9Ckxd`BMl*!|)svPqJBve_o@oz1oW
zq3{?Sc7K$!^f`k_y2QdD_lR?H$&Zpeh^6$+NSeQJcip8Oei_wX-{bvJCQ#d>|JpW{
zLau}{EBDEtVrs6TqVZYE4dd&@kzVFrjKxG?gC&?FE>Id?0`nwl1P->KZhx^U24kY>
zwlSZS34506B~od&1lkRdC~S{aOy3sRtGC|5$wL~GG){MLJqHB5GQoO<Zn&R4u269`
z0o@l)BW_Ms$=TH};F0C&6XWT>V+gjkJx+rJE~HSZ(;`&-6zJJVXl&nX6t{l>cM*Zo
z8p8*E-U~M$NwWqG2;Z<-FZRos&6NO4<mR4($pHaYeET1a+$t>ZrLj1$$zl?8A@(7*
zsO*8$Df<fLX|*Mu_(g$l#g|)tKyPeVR*cHR&kLHzp3pcl&X6aR-g^$<^0?Q-%(y_(
zha5zh3^d#SiQ$!AI{QcuJywBvUR$VpP7k$u@qoxZX<jd`5x}^u)IybeYkH2}SQ+zT
zDvrb;br1^sUBb^7l97ZFO2(EuDxvmABnm9lmE_$CYN@0biNhJK>Z_?2TJ91eJ43I)
zBuw38f-oG{y`!u4c1DfURY>(Eo6!Ooun9PG%xMYb^_(=jB|#1Q;WLSn8MSH*Rh+Bd
zek~$zIYH%9mUrky=-#cnSS$X0R0QUX07E}bUjf`M)nwbYVnXMcQ&ygv4BYxvUe;FI
z!elkxdyv0?(}qImwi$46-@wxaetEm<YB$sDTOX+}Ui7f8-`eTbg|4YXpyhpj<KmRB
z?@$(~yMl%_ZznCCB;&sIhK9=aD;^5<_7@2@1m}#=%o-3KGj>9n`zDX-`0XVn9dO)x
z<gtB^-(p;<a_(Z6={gW^Tb`uk3J8pCg`du2S9oMuZo+)dX<e}RV6(eW9SKk|v2rKF
z{9b{$PP|J}UZlKIQlrLN2fMxWTCZljQfexjPjr})1S+c@!(rLDg!$JvrF}6poVix|
zCSFy#?9SshOTSpRdwW<(&mt<WWEQ3hx{(E6wrT}X*l5(8$w9yAxSg#ublUTlEkC80
zoV;);6-{TU4O`LX#q7xJU09eh%?kb66@^}a6U*jn1^NnWi=328N?S4dJm^8cG`-)0
zB#J7;%7-Yy#cejj1h-ggKMh)C=|Lw3&``yheO;O2^Npg#^RUqJmnBtJn+sCK)=iqe
zkKSq&^|DUWgqE<RHv~^x*7tT558lyf1ldduw(j+t^VPb#rj%Y!P$>>GZ<+nOCT{%4
zzKS}V>-f{=kfW%cVP5lQXG%dsiYN!Q>ysW3aq}pWt2@TxLY{$+8n5%W=Jf1#l|K3A
zesPn4vLrHyfbrKb)*2Ph(FdONEx}_Zo|AGoILzvQz6&t_HC1ek$1*!rjrTCSaQOBB
zQtLFUTKBSZXM>g1%P(hT!8q7)FR8(1P%?`Yx5?hF+oasa>M(8g;H8nM<Eik>7X6T;
z4>rq3%i|q#5+Yz)E1IQfBkgyzCBD|;Ipm$k7)V7eZ2tNVk<3)y`U6w)bFD(|NvjkA
zndYB88LdL+n#0Svq2#}J8ab-yyGM<esv1ot2E&coxfNq7N9bCIM=6obYl=#0=4a{f
z>|(?iP-~s1`a`kz>w75Cv%~v8Z!Bl$ysSx}a@~{zE_MkL70fs(jH7-%rcY@4?3ed~
ztcku!2L>#a(mS^=5?z=1{q%-c&42g~qEKd|e(W74JEtk>yyS(_du;QRY8|}mPys^h
z9OF;w;K+Me^9^r)?J6mz%+zZ{QGP4Fc<_IIG8FrZSYc3_cnVU`df5<qDi^qbn94q5
zz_+N5Wor#RoFmYC<YVeO53f$uqpu}w$MXXdLRXqTZ4tH6I7|~P8cbY!BH7Fz3_lD}
zke;`pMk-g~FE4$7V9QgSS5@b=GY%Q-3EiQV`QNa&${ej-4I0iA)s|rT#?zmkaYiZ^
zt2~jh%#bG*Mt@I8U~AE{VyXXAPQ!GRH$<Awq0ae|UUB+#@k7hYByS}x^71nU^V;0}
zy{GlV0fF_tFN=8vgMz1N{)Ij1<WCq<iMr=CR-MUHrx=!<V(RZw;8StOkzHNL5k%}E
zC+s#aExqv$p1xf7R~f|q??xD!+AdFGbC`ogqL<DV<A+Jz-1Ha?qYq@|;CI6&>J^r;
zd+^aQt0t>?zSS2=nI!6$IWu9w@NIOMTDFm8^}Hh*x)ZJ=n*lk7OdB~bQ~L*d!!3ut
z*Y{JaCZqeOG}Tp;l+#s4Q-+g8bL*rNnN~T#Fj7F7=J-xx(!MS=$Z(~qK>~`*N?(va
ztlGxIsVwKjTl|q}gMyie^BapkHcGI8a{h!jZqOESx#F%(q>iV=DgWqP#aAfzulxIo
z@#L49HJdpLU)W$Cd-NmAXp`45WG>c9tAxfoXR0DQm(!u0W-K%RLZTz5F6)f|p|<Ld
zSJ^jF@x%^T(<<vR+T)RyNC{B|d7->DKs92G@wzP+%L)#Qpq6grkTIf;pmeoZG!BrT
zhi*7`p0aBt+x1N_%hv4qkRJS_MyVyMRr#H8x><g9At(D9+3rey4`k=>%+M(vv)dgu
z^L%OS2RY4R<1og-qP3FoUwMr+JZ>9f)r61<E%xK2+y?dgizT6rxTv4Prx5E#cEfrz
zIkyn&lXf)%={7g+XJ2cq&+X{!S~9yFI#CzAw*OB%*Z$9h`o~wDN=X+|hujXiM2OSO
zU8kIhVlitO8KI836~-8ol;d(DF`{PG47s*ts0@|K2w{dHYVMc0WNc&WE9b8`uh;kU
z%jf+(&-?XxJ)igchtKQv{O~wO`qvpz%if~FU#B^^cY&}z^M`lL7ddo}$kU_G&`fzo
z5c*WE3U1$H0K3Lj#7}^ZZQzix-b{<}%Z><RccTTXV*T`T=Z}YGBd3gy^~NFv5!RTd
zgZxk>Gpa9NnB@K4`0>hHzo8<l`e}?xOaD}Fk=8u7KlHd+L=qwDDKw3nVW{txJ@eLJ
z<_-{5Nf|fenF=k%j;ep>Xp4L_e&JHONJL4>Wjbp2k_)CWtZ<JVHRztiBTZi$(^83{
zQx89oQ`>JE(H|PfOxZ(`Idw%ZJ?L2<lw_6s?$&eK$SK40!?*@-DlT^p6m4s46NkMh
zdd{oUsXV%hLmv);+I5-C>-Fo0NCFh2+Wku~7=ls)T_yuCdZb#><Ydo#RYQx7hJ<kh
zZk&ve$fPMnsf`{Zu^QSQ(#tRDiyb#qW*3XTtvk6ck6~zaD|M}K-V_3Gt(*1b>)kIy
ztJZMwQIr8+XZC&AxcgH4_Oybmuq=}SQgvTVxYa)GpeM3vYo+wD2Y-9d8?x#vIe0wq
ztaUnTiGNvn5dvRkE}`OTUUm+$=MKbGbQ&Ts=Ye&K=4(JlQ{h$l4!7qMqI{CY-mG9}
zsK204x-F-aE3tNuPbb1Mndg2J&7^YUisg_(ZAN`0vD#9Uyb<fEk!TRsSin>GI%w7(
z#@n>%&AK{&V~J{#7;WnGD8ghql50Kh*T{_m_>ka4MH+-}qFlU$60lTtc=PfzQvs2m
z>!JF7E*!U_6BGAbgv$2y6bGeAnAi7UG-qZ#S)JZ0$EO^+BkZ3dN5=8})cA@Q54Gp2
zF!IrOYDW#L*7wEgyi8AReujhf?-!h$GnV8Sgl<`ynN9a+sNH#_E7(I>>E0X|ZPLGd
zpXppS87GP<8Zp{5)&DCSn)%bzPm{z`0V)1b#}mYf??ir8BU21toTPL%uH*D{Y70A6
zYVyX%Y$fJ$xM9mK?6FM#VZd3V_3ZdEOLAO|XS^Vg-0_6uEZ6Fa9xka!-OJDw=9xLH
z9xWk<He_X$kLiU#FJH!^z6^83PQJ<eW0Ws7uMB4KdyRqc8i#Wb7mvA&(z7jLJ5yZ6
zk0E&eN({mE8*E(5e@frRIdQLRT~+O@2NqQN!qkbRa^-0m8^m(eXAr{5n>QMZvXLQk
zh?l659v-7lcOmU)R?c!s$#QD%fSIik7p$|`<&G+TN!|fO4c@{)89eEhB~S^y3cUHw
zGEmDseO&vh%7_l5$&K1g#hZE)=L#KYJTqU-4pYYy+`#!C^K2Z*^VzyOnE7e}nn(jP
zLSQGfKya({#ajpz>oR3z?s;ngPisEVrIND-lQcVuItZ!ZDU*M~Dk~onR+Jf0>UEl&
z0!whL;_y<Sx-T)W3Non$JNXITY^d6s#n3LkCXA-B*Znm8bUX)L#eXC}Ig_zk_u76y
zn#WF#WR=cwV--Ug=UNr7mXz$awkSiM&DQ4lXdEU{ygwtmO8UG~eE$(@1+d=R;RzZt
z5S{KDHpAgfBWdX7UPWvsx$x>X282L*azdtrE*4j$p2@Up%Wf!bO%LvBit0Q85>QvO
z*AK@{?9*H?kTg_ow*wYA-!BC*ao>&*Fpx~$K3+y9XLg~@x7_l&LRpa(RyLDs8z3>#
zg@6*o&7feS)Wqb=i>uCs*z!wZh4x6>ZsfC$afQMa_X^jTb`u(###A(SVg4QrzkVHG
zGBR+jzG&y|5S?(f(W)0gA9m3$5-XB_+)A)~Cq|8kC=tVgC%SBO+-jRcRwSmvxDZJ;
zBDst&fnLN8BIfI3Gg`6Msz**j$A{L(vEgY{VyqkG1tk>mSiT=xoJh^Cu<so6p!QM%
z>-Wk{%-$V<Ol7?-=y(s*eJwoE>l)FS5?=|k#^#spjQndw?*b5)RPKeQ<l!tJnue<<
zlgc@3b0>pd)VZ7Wjg$@Lei)-2DE9fd3l>v-dggv00Yldk`&Y|GBd{wy=CO(TKNf<m
z1Zc>^G71;i1TA_)h#jiG(QTd2#an7Z*-2e_i@fyx*w=&~#q8l)^=PD=AFE>*-z7CK
zKac#L{yi(KJ;7X9@r=6BKGQFGjfw;>3g1h$%DGfEzuL1o4!f<ZIXRs@6ZAg48>`{>
zaT5r}K8kPO0$VcPSsZ~*-tKfM=mHP!Jrr}F{#C&-_h_ltbTn+(2=dm1W_L+tN7syW
z=9|YW@TwW$BXtFzcgDb2DpaG;4Rytx9l0*bJRQ#VX;qZ3^cv8b&s}>Ef&29xd?$xi
z66=)~BRvtoN|44Y^gUnwF&kZ-&@%#UzM1u^S3*26+xCy$=~a&Q>FIn^v!L~{5y|Tr
z2W<Ud%+0=5Qc71e>ZP{AC-i`CI!k}$O<-ezr|~1AOzs@%;u-=RcD?GZc@AC;8Icbj
z!VqM^g)OL%OW3an{BZSod16EjgvEveriegI?>Y_p$L`g$tfrw4I6=tt4onjOFgi8L
zWVQII{x$SvH-GvGtcyNwu^#Ox98(c4ygq}huyja}2LNvSG;NL=o4TUPfQ>J;-*yA;
z9x8g)b3>Qn^OiG%@FS-|MP=^zIzuE<91<YN*|Ax-*j5bykZR8?6oeT#cW8#m=g8_!
zo*^JWxToKa;mB`x1tWF>00MXUWsObxW{ifUGlBKY@8oSiSB*xAXMSb?;Hdh+t=xD|
z>gT6p0Km=Pwr^1Y9!Y1mHvV&zWo1!%yZ&H9dFa;tZ~x)zX#eX%%;3F$+et`G-?xQE
z&;GJ~3)CKr|M$q?r>dKATl$dH7WhA9ONRffE@GPl+ic0b?Gp6QKJ5Q=vaLAlb?1Mt
Ca-wqp

literal 0
HcmV?d00001


From 9c79a6158939b232281974694a4c78bd69d52b4e Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Wed, 31 Jul 2024 12:59:26 +0300
Subject: [PATCH 32/43] fix(jans-linux-setup): apache config for jans-lock
 wellknown endpoint (#9070)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 jans-linux-setup/jans_setup/templates/apache/https_jans.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/jans-linux-setup/jans_setup/templates/apache/https_jans.conf b/jans-linux-setup/jans_setup/templates/apache/https_jans.conf
index 5687f8bc7af..fedda79ddfb 100644
--- a/jans-linux-setup/jans_setup/templates/apache/https_jans.conf
+++ b/jans-linux-setup/jans_setup/templates/apache/https_jans.conf
@@ -118,7 +118,6 @@
     ProxyPass   /.well-known/scim-configuration http://localhost:8087/jans-scim/restv1/scim-configuration
     ProxyPass   /firebase-messaging-sw.js http://localhost:%(jans_auth_port)s/jans-auth/firebase-messaging-sw.js
     ProxyPass   /device-code http://localhost:%(jans_auth_port)s/jans-auth/device_authorization.htm
-    ProxyPass   /.well-known/lock-master-configuration http://localhost:%(jans_lock_port)s/jans-lock/.well-known/lock-master-configuration
 
     ProxyErrorOverride On
 

From 3c1ddaacd138e82cdf92988951aa02c518755ea6 Mon Sep 17 00:00:00 2001
From: Dhaval D <343411+ossdhaval@users.noreply.github.com>
Date: Thu, 1 Aug 2024 12:09:31 +0530
Subject: [PATCH 33/43] docs(config): update instructions in LDAP configuration
 document (#9056)

* docs(ldap): ldap config add-update document changes

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(config): update LDAP conf instructions

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

---------

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
---
 .../auth-server-config/ldap-configuration.md  | 295 +++++++-----------
 1 file changed, 110 insertions(+), 185 deletions(-)

diff --git a/docs/admin/config-guide/auth-server-config/ldap-configuration.md b/docs/admin/config-guide/auth-server-config/ldap-configuration.md
index 8d0e97e9f89..273b814d640 100644
--- a/docs/admin/config-guide/auth-server-config/ldap-configuration.md
+++ b/docs/admin/config-guide/auth-server-config/ldap-configuration.md
@@ -1,8 +1,8 @@
 ---
 tags:
-  - administration
-  - configuration
-  - ldap
+ - administration
+ - configuration
+ - ldap
 ---
 
 
@@ -13,184 +13,133 @@ tasks.
 
 === "Use Command-line"
 
-    Use the command line to perform actions from the terminal. Learn how to 
-    use Jans CLI [here](../config-tools/jans-cli/README.md) or jump straight to 
-    the [Using Command Line](#using-command-line)
+      Use the command line to perform actions from the terminal. Learn how to 
+      use Jans CLI [here](../config-tools/jans-cli/README.md) or jump straight to 
+      the [Using Command Line](#using-command-line)
 
 
 === "Use Text-based UI"
 
-    LDAP Configuration is not possible in Text-based UI.
+      LDAP Configuration is not possible in Text-based UI.
 
 
 === "Use REST API"
 
-    Use REST API for programmatic access or invoke via tools like CURL or 
-    Postman. Learn how to use Janssen Server Config API 
-    [here](../config-tools/config-api/README.md) or Jump straight to the
-    [Using Configuration REST API](#using-configuration-rest-api)
+      Use REST API for programmatic access or invoke via tools like CURL or 
+      Postman. Learn how to use Janssen Server Config API 
+      [here](../config-tools/config-api/README.md) or Jump straight to the
+      [Using Configuration REST API](#using-configuration-rest-api)
 
 ## Using Command Line
 
-In the Janssen Server, you can deploy and customize the LDAP  using the
+In the Janssen Server, you can configure the LDAP backend using the
 command Line. To get the details of Janssen command line operations relevant to
-`LDAP`, you can check the operations under `DatabaseLdapConfiguration` task using the
-command below:
+LDAP configuration, check the operations under the `DatabaseLdapConfiguration` 
+task using the command below:
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --info DatabaseLdapConfiguration
 ```
 
-It comes with the following options:
+It will list the relevant operations as listed below:
 
 ```text title="Sample Output"
 Operation ID: get-config-database-ldap
-  Description: Gets list of existing LDAP configurations.
+ Description: Gets list of existing LDAP configurations.
 Operation ID: put-config-database-ldap
-  Description: Updates LDAP configuration
-  Schema: GluuLdapConfiguration
+ Description: Updates LDAP configuration
+ Schema: GluuLdapConfiguration
 Operation ID: post-config-database-ldap
-  Description: Adds a new LDAP configuration
-  Schema: GluuLdapConfiguration
+ Description: Adds a new LDAP configuration
+ Schema: GluuLdapConfiguration
 Operation ID: get-config-database-ldap-by-name
-  Description: Gets an LDAP configuration by name.
-  Parameters:
-  name: Name of LDAP configuration [string]
+ Description: Gets an LDAP configuration by name.
+ Parameters:
+ name: Name of LDAP configuration [string]
 Operation ID: delete-config-database-ldap-by-name
-  Description: Deletes an LDAP configuration
-  Parameters:
-  name: No description is provided for this parameter [string]
+ Description: Deletes an LDAP configuration
+ Parameters:
+ name: No description is provided for this parameter [string]
 Operation ID: patch-config-database-ldap-by-name
-  Description: Patches a LDAP configuration by name
-  Parameters:
-  name: Name of LDAP configuration [string]
-  Schema: Array of JsonPatch
+ Description: Patches a LDAP configuration by name
+ Parameters:
+ name: Name of LDAP configuration [string]
+ Schema: Array of JsonPatch
 Operation ID: post-config-database-ldap-test
-  Description: Tests an LDAP configuration
-  Schema: GluuLdapConfiguration
+ Description: Tests an LDAP configuration
+ Schema: GluuLdapConfiguration
 
-To get sample schema type /opt/jans/jans-cli/config-cli.py --schema <schema>, for example /opt/jans/jans-cli/config-cli.py --schema GluuLdapConfiguration
+To get sample schema type /opt/jans/jans-cli/config-cli.py --schema <schema>, 
+for example /opt/jans/jans-cli/config-cli.py --schema GluuLdapConfiguration
 ```
 
 ### Get Existing LDAP Configurations
 
-To find the existing ldap configurations, let's run the following command:
+To get information about existing LDAP configurations, run the following command:
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id get-config-database-ldap
 ```
 
-```json title="Sample Output"
+```json title="Sample Output" linenums="1"
 [
-  {
+ {
     "configId": "auth_ldap_server",
     "bindDN": "cn=directory manager",
     "bindPassword": "m+OTwmlCEho=",
     "servers": [
       "localhost:1636"
-    ],
+ ],
     "maxConnections": 1000,
     "useSSL": true,
     "baseDNs": [
       "ou=people,o=jans"
-    ],
+ ],
     "primaryKey": "uid",
     "localPrimaryKey": "uid",
     "useAnonymousBind": false,
     "enabled": false,
     "version": 0,
     "level": 0
-  }
+ }
 ]
 
 ```
 
 
-### Adds a new LDAP Configuration
+### Add a new LDAP Configuration
 
-At first, we have checked the existing ldap database configurations the janssen server have.
-Indeed we can create a new ldap configuration as well. 
 
+To add a new a LDAP configuration, use the `post-config-database-ldap`
+operation id. As shown in the [output](#using-command-line) for
+`--info` command. The `post-config-database-ldap` operation
+requires data to be sent according to `GluuLdapConfiguration` schema.
 
-```text
-Operation ID: post-config-database-ldap
-  Description: Adds a new LDAP configuration
-  Schema: GluuLdapConfiguration
-```
-
-
-Let's get the schema file and update it to push into the server.
+To see the schema, use the command below:
 
 ```bash title="Command"
-/opt/jans/jans-cli/config-cli.py --schema GluuLdapConfiguration > /tmp/ldap.json
-```
-The `post-config-database-ldap` operation uses the `GluuLdapConfiguration` schema to
-describe the configuration change.
-
-For your information, you can obtain the format of the `GluuLdapConfiguration`
-schema by running the aforementioned command without a file.
-
-```text title="Schema Format"
-configId           string
-bindDN             string
-bindPassword       string
-servers            array of string
-maxConnections     integer
-                   format: int32
-useSSL             boolean
-baseDNs            array of string
-primaryKey         string
-localPrimaryKey    string
-useAnonymousBind   boolean
-enabled            boolean
-version            integer
-                   format: int32
-level              integer
-                   format: int32
+/opt/jans/jans-cli/config-cli.py --schema GluuLdapConfiguration
 ```
 
-An example of the schema is provided in the ldap.json file.
-
-you can also use the following command for `GluuLdapConfiguration` schema example.
+The Janssen Server also provides an example of data that adheres
+to the above schema. To fetch the example, use the command below.
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --schema-sample GluuLdapConfiguration
 ```
 
-```json title="Schema Example"
-{
-  "configId": "string",
-  "bindDN": "string",
-  "bindPassword": "string",
-  "servers": [
-    "string"
-  ],
-  "maxConnections": 117,
-  "useSSL": false,
-  "baseDNs": [
-    "string"
-  ],
-  "primaryKey": "string",
-  "localPrimaryKey": "string",
-  "useAnonymousBind": false,
-  "enabled": false,
-  "version": 116,
-  "level": 179
-}
-
-```
+Using the schema and the example above, we have added below data to the
+file `/tmp/ldap.json`.
 
-You need to modify `ldap.json` file with valid information. In our case,
-I have modified as below for testing only:
 
-```json title="Input"
+```json title="Input" linenums="1"
 {
   "configId": "test_ldap",
   "bindDN": "cn=directory manager",
   "bindPassword": "password",
   "servers": [
-	"localhost:1636"
-	],
+  "localhost:1636"
+ ],
   "maxConnections": 1000,
   "useSSL": "true",
   "baseDNs": ["ou=people,o=jans"],
@@ -202,72 +151,46 @@ I have modified as below for testing only:
   "level": 0
 }
 ```
-
-Now, lets post this configuration into the database.
+Now let's post this LDAP configuration 
+to the Janssen Server to be added to the existing set:
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id post-config-database-ldap\
  --data /tmp/ldap.json
 ```
 
-```json title="Sample Output"
-{
-  "configId": "test_ldap",
-  "bindDN": "cn=directory manager",
-  "bindPassword": "m+OTwmlCEho=",
-  "servers": [
-    "localhost:1636"
-  ],
-  "maxConnections": 1000,
-  "useSSL": true,
-  "baseDNs": [
-    "ou=people,o=jans"
-  ],
-  "primaryKey": "uid",
-  "localPrimaryKey": "uid",
-  "useAnonymousBind": false,
-  "enabled": false,
-  "version": 0,
-  "level": 0
-}
-```
-
-
-Please note that `configId` should be a unique identifier name for each configuration. 
-Otherwise you will get error while going to post duplicate configuration into the server. 
-In that case, you can go through the next option to replace instead of adding a new one.
+Please note that `configId` should be a unique identifier for each configuration. 
 
+### Update LDAP Configuration
 
-### Updating LDAP Database Configurations
+To update an existing LDAP configuration, we can use `put-config-database-ldap`
+operation id. As shown in the [output](#using-command-line) for `--info` command,
+the `put-config-database-ldap` operation requires data to be sent according to
+`GluuLdapConfiguration` schema.
 
-With this operation, we can update any ldap database configuration.
+For example, let's say we are going to change the `maxConnections` from `1000` 
+to `100` in the above `test_ldap` configuration. So let's update this value
+in the `/tmp/ldap.json` file that we created earlier and use the command
+below to update the configuration on the server:
 
-```text
-Operation ID: put-config-database-ldap
-  Description: Updates LDAP configuration
-  Schema: GluuLdapConfiguration
-```
-
-For example, let say we are going to change to `maxConnections` for `1000` to `100` in the above `test_ldap` configuration.
-So lets modify the `/tmp/ldap.json` file as below:
-
-```bash title="Comaand"
+```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id put-config-database-ldap \
 --data /tmp/ldap.json
 ```
-```json title="Sample Command"
+
+```json title="Sample Output" linenums="1"
 {
   "configId": "test_ldap",
   "bindDN": "cn=directory manager",
   "bindPassword": "zHDUXV5vAPc=",
   "servers": [
     "localhost:1636"
-  ],
+ ],
   "maxConnections": 100,
   "useSSL": true,
   "baseDNs": [
     "ou=people,o=jans"
-  ],
+ ],
   "primaryKey": "uid",
   "localPrimaryKey": "uid",
   "useAnonymousBind": false,
@@ -277,32 +200,34 @@ So lets modify the `/tmp/ldap.json` file as below:
 }
 ```
 
-### Gets LDAP Database Configuration by its name
+### Get LDAP Configuration by its name
+
+When retrieving LDAP configuration by `name`, the value of `name` parameter
+in the query is matched with the `configId` of the LDAP configuration. 
 
-In the above operation, we have updated `test_ldap.json`. Let's check the updated result 
-with this operation by calling its name id. 
+Use the command below to retrieve LDAP configuration with `configId` as 
+`test_ldap`.
 
-```bash title=""
+```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id get-config-database-ldap-by-name\
 --url-suffix name:test_ldap
 ```
 
-Here name is the `configId` of the configuration. If we run this command, it returns the 
-configuration details matched with configId.
+Here the `name` parameter is matched with the `configId` of the configuration. 
 
-```json title="Sample Output"
+```json title="Sample Output" linenums="1"
 {
   "configId": "test_ldap",
   "bindDN": "cn=directory manager",
   "bindPassword": "3eFs1t1aRPsW4xtxvCiGQQ==",
   "servers": [
     "localhost:1636"
-  ],
+ ],
   "maxConnections": 100,
   "useSSL": true,
   "baseDNs": [
     "ou=people,o=jans"
-  ],
+ ],
   "primaryKey": "uid",
   "localPrimaryKey": "uid",
   "useAnonymousBind": false,
@@ -312,75 +237,75 @@ configuration details matched with configId.
 }
 ```
 
-### Delete LDAP Database Configurations
+### Delete LDAP Configurations
 
-In case, we need to delete any existing LDAP Database configuration we can do that as well.
+To delete any existing LDAP Database configuration, use the command as below.
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id delete-config-database-ldap-by-name \
  --url-suffix name:test_ldap
 ```
 
-It will delete data ldap database configuration matched with the name.
+It will delete LDAP configuration where `configId` matches with the `name`.
 
-Now you check with `get-config-database-ldap` operation
 
-### Patch LDAP Database Configurations
+### Patch LDAP Configurations
 
-If required, We can patch single information of a ldap database configuration by using its name id. 
-In that case, we have to make an array of operations in schema file. So, let's get the schema file first.
+To patch a single configuration element in a given LDAP configuration
+by using its name, use the `patch-config-database-ldap-by-name` operation. For
+example, changing the `level` or `test_ldap` configuration.
 
 ```text
 Operation ID: patch-config-database-ldap-by-name
-  Description: Patches a LDAP configuration by name
-  Parameters:
-  name: Name of LDAP configuration [string]
-  Schema: Array of JsonPatch
+ Description: Patches a LDAP configuration by name
+ Parameters:
+ name: Name of LDAP configuration [string]
+ Schema: Array of JsonPatch
 ```
 
-```bash
-/opt/jans/jans-cli/config-cli.py --schema JsonPatch > /tmp/patch.json
-```
-The `patch-config-database-ldap-by-name` uses the [JSON Patch](https://jsonpatch.com/#the-patch) 
+The `patch-config-database-ldap-by-name` uses the 
+[JSON Patch](https://jsonpatch.com/#the-patch) 
 schema to describe the configuration change. Refer
 [here](../config-tools/jans-cli/README.md#patch-request-schema) 
 to know more about schema.
 
-For example, let's say, we want to change the level of the `test_ldap` configuration. So, 
-Let's update the patch file as below:
+Create a patch file with the contents as below to update the `level` of a LDAP 
+configuration.
 
 ```json title="Input"
 [
-  {
+ {
     "op": "replace",
     "path": "level",
     "value": "100"
-  }
+ }
 ]
 ```
 
-To patch data, the command looks like for this:
+Use the patch file above to update the configuration of `test_ldap` LDAP 
+configuration using the command below:
 
 ```bash title="Command"
-/opt/jans/jans-cli/config-cli.py --operation-id patch-config-database-ldap-by-name\
- --url-suffix name:test_ldap --data /tmp/patch.json
+/opt/jans/jans-cli/config-cli.py \
+--operation-id patch-config-database-ldap-by-name \
+--url-suffix name:test_ldap --data /tmp/patch.json
 ```
 
-It will update the configuration and will show the updated result as below display.
+It will update the configuration and show the updated result as below.
 
-```json title="Sample Output"
+```json title="Sample Output" linenums="1"
 {
   "configId": "test_ldap",
   "bindDN": "cn=directory manager",
   "bindPassword": "Kn0cqLRFzk2ASG+kwAuY2Q==",
   "servers": [
     "localhost:1636"
-  ],
+ ],
   "maxConnections": 1000,
   "useSSL": true,
   "baseDNs": [
     "ou=people,o=jans"
-  ],
+ ],
   "primaryKey": "uid",
   "localPrimaryKey": "uid",
   "useAnonymousBind": false,
@@ -389,9 +314,9 @@ It will update the configuration and will show the updated result as below displ
   "level": 100
 }
 ```
-
 ## Using Configuration REST API
 
 Janssen Server Configuration REST API exposes relevant endpoints for managing
-and configuring the Lightweight Directory Access Protocol. Endpoint details are published in the [Swagger
+and configuring the Lightweight Directory Access Protocol. Endpoint details are 
+published in the [Swagger
 document](./../../reference/openapi.md).
\ No newline at end of file

From 4076d81b6d6e2c06c15288894208ccccd1936a6b Mon Sep 17 00:00:00 2001
From: Dhaval D <343411+ossdhaval@users.noreply.github.com>
Date: Thu, 1 Aug 2024 12:21:40 +0530
Subject: [PATCH 34/43] docs(config): updates to custom assets config page
 (#9076)

* docs(config): fix format issue and add new outputs

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(custom-assests): fix format issue

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

---------

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
---
 .../custom-assets-configuration.md            | 204 +++++++++---------
 1 file changed, 108 insertions(+), 96 deletions(-)

diff --git a/docs/admin/config-guide/custom-assets-configuration.md b/docs/admin/config-guide/custom-assets-configuration.md
index 95d56f20faa..0795dc6bf2c 100644
--- a/docs/admin/config-guide/custom-assets-configuration.md
+++ b/docs/admin/config-guide/custom-assets-configuration.md
@@ -81,8 +81,8 @@ To get sample schema type /opt/jans/jans-cli/config-cli.py --schema-sample <sche
 
 ### Get All Current Custom Assets
 
-Get all the currently configured custom assets on the Janssen Server by 
-performing this operation.
+Use the operation ID `get-all-assets` to get all the currently configured 
+custom assets on the Janssen Server.
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id get-all-assets
@@ -90,67 +90,80 @@ performing this operation.
 ```json title="Sample Output" linenums="1"
 {
   "start": 0,
-  "totalEntriesCount": 2,
-  "entriesCount": 2,
+  "totalEntriesCount": 3,
+  "entriesCount": 3,
   "entries": [
- {
-      "dn": "inum=36014ca4-0978-4d95-8858-964b815ea770,ou=document,o=jans",
-      "inum": "36014ca4-0978-4d95-8858-964b815ea770",
-      "displayName": "custom.xhtml",
-      "description": "custom page",
-      "document": "",
-      "creationDate": "2024-07-25T11:40:17",
+    {
+      "dn": "inum=61edc29d-45f8-4ab9-8c9a-7b39e4cbe440,ou=document,o=jans",
+      "inum": "61edc29d-45f8-4ab9-8c9a-7b39e4cbe440",
+      "displayName": "p2.properties",
+      "description": "Valid text description",
+      "document": "cHJvcGVydGllcyBoZXJlLiAK\r\n",
+      "creationDate": "2024-07-31T07:36:08",
       "jansService": [
         "jans-auth"
- ],
-      "jansLevel": 1,
+      ],
+      "jansLevel": 142,
       "jansEnabled": true,
-      "baseDn": "inum=36014ca4-0978-4d95-8858-964b815ea770,ou=document,o=jans"
- },
- {
-      "dn": "inum=b5ab08e4-17b2-487d-845a-bdc6b48fd5b4,ou=document,o=jans",
-      "inum": "b5ab08e4-17b2-487d-845a-bdc6b48fd5b4",
-      "displayName": "a.png",
-      "description": "custom image",
-      "document": "",
-      "creationDate": "2024-07-25T11:44:38",
+      "baseDn": "inum=61edc29d-45f8-4ab9-8c9a-7b39e4cbe440,ou=document,o=jans"
+    },
+    {
+      "dn": "inum=835c7a68-57b1-4e39-8d2a-2a3963f2a92f,ou=document,o=jans",
+      "inum": "835c7a68-57b1-4e39-8d2a-2a3963f2a92f",
+      "displayName": "p1.properties",
+      "description": "updated thrice Valid text description",
+      "document": "cHJvcGVydGllcwo=\r\n",
+      "jansService": [
+        "jans-auth"
+      ],
+      "jansEnabled": false,
+      "baseDn": "inum=835c7a68-57b1-4e39-8d2a-2a3963f2a92f,ou=document,o=jans"
+    },
+    {
+      "dn": "inum=fd67d07b-c874-4bc1-a9f0-860fc4f7a091,ou=document,o=jans",
+      "inum": "fd67d07b-c874-4bc1-a9f0-860fc4f7a091",
+      "displayName": "p.properties",
+      "description": "Valid text description",
+      "document": "cHJvcGVydGllcyBoZXJlLiAK\r\n",
+      "creationDate": "2024-07-31T07:40:03",
       "jansService": [
         "jans-auth"
- ],
-      "jansLevel": 2,
+      ],
+      "jansLevel": 142,
       "jansEnabled": true,
-      "baseDn": "inum=b5ab08e4-17b2-487d-845a-bdc6b48fd5b4,ou=document,o=jans"
- }
- ]
+      "baseDn": "inum=fd67d07b-c874-4bc1-a9f0-860fc4f7a091,ou=document,o=jans"
+    }
+  ]
 }
+
 ```
 
 ### Get Custom Asset By inum
 
-With `get-all-assets` operation-id, we can get any specific asset matched 
+With `get-asset-by-inum` operation-id, we can get any specific asset matched 
 with `inum`. If we know the `inum`, we can simply use the below command:
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id get-asset-by-inum \
---url-suffix inum:36014ca4-0978-4d95-8858-964b815ea770
+--url-suffix inum:61edc29d-45f8-4ab9-8c9a-7b39e4cbe440
 ```
 It returns the details as below:
 
 
 ```json title="Sample Output" linenums="1"
- {
-  "dn": "inum=36014ca4-0978-4d95-8858-964b815ea770,ou=document,o=jans",
-  "inum": "36014ca4-0978-4d95-8858-964b815ea770",
-  "displayName": "custom.xhtml",
-  "description": "custom page",
-  "document": "",
-  "creationDate": "2024-07-25T11:40:17",
+{
+  "dn": "inum=61edc29d-45f8-4ab9-8c9a-7b39e4cbe440,ou=document,o=jans",
+  "inum": "61edc29d-45f8-4ab9-8c9a-7b39e4cbe440",
+  "displayName": "p2.properties",
+  "description": "Valid text description",
+  "document": "cHJvcGVydGllcyBoZXJlLiAK\r\n",
+  "creationDate": "2024-07-31T07:36:08",
   "jansService": [
     "jans-auth"
- ],
-  "jansLevel": 1,
+  ],
+  "jansLevel": 142,
   "jansEnabled": true,
-  "baseDn": "inum=36014ca4-0978-4d95-8858-964b815ea770,ou=document,o=jans"
+  "baseDn": "inum=61edc29d-45f8-4ab9-8c9a-7b39e4cbe440,ou=document,o=jans"
 }
 ```
 
@@ -162,7 +175,7 @@ With `get-asset-by-name` operation-id, we can get any specific asset matched wit
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id get-asset-by-name \
---url-suffix name:a.png
+--url-suffix name:p1.properties
 ```
 It returns the details as below:
 
@@ -172,29 +185,27 @@ It returns the details as below:
   "totalEntriesCount": 1,
   "entriesCount": 1,
   "entries": [
- {
-      "dn": "inum=b5ab08e4-17b2-487d-845a-bdc6b48fd5b4,ou=document,o=jans",
-      "inum": "b5ab08e4-17b2-487d-845a-bdc6b48fd5b4",
-      "displayName": "a.png",
-      "description": "custom image",
-      "document": "",
-      "creationDate": "2024-07-25T11:44:38",
+    {
+      "dn": "inum=835c7a68-57b1-4e39-8d2a-2a3963f2a92f,ou=document,o=jans",
+      "inum": "835c7a68-57b1-4e39-8d2a-2a3963f2a92f",
+      "displayName": "p1.properties",
+      "description": "updated thrice Valid text description",
+      "document": "cHJvcGVydGllcwo=\r\n",
       "jansService": [
         "jans-auth"
- ],
-      "jansLevel": 2,
-      "jansEnabled": true,
-      "baseDn": "inum=b5ab08e4-17b2-487d-845a-bdc6b48fd5b4,ou=document,o=jans"
- }
- ]
+      ],
+      "jansEnabled": false,
+      "baseDn": "inum=835c7a68-57b1-4e39-8d2a-2a3963f2a92f,ou=document,o=jans"
+    }
+  ]
 }
 ```
 
 ### Get Services
 
 
-Get the list of Janssen Server services that support custom assets
- by performing `get-asset-services` operation.
+Get the list of Janssen Server services that support custom assets 
+by performing `get-asset-services` operation.
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id get-asset-services
@@ -240,7 +251,7 @@ operation.
 ### Add New Custom Asset
 
 To create a new asset, we can use `post-new-asset` operation id. As shown in
-the [output](#using-command-line) for `--info` command, the `post-new-asset` 
+the [output](#using-the-command-line) for `--info` command, the `post-new-asset` 
 operation requires data to be sent according to `AssetForm` schema.
 
 
@@ -259,23 +270,22 @@ below to get the sample.
 ```
 
 Using the schema and the example above, we have added below data to the 
-file `/tmp/add-asset.json`. Example below will load `p.properties` file as
+file `/tmp/add-asset.json`. Example below will load `p3.properties` file as
 a custom asset to the `jans-auth` service.
 
 ```json title="Input" linenums="1" 
 {
   "document": {
-    "displayName": "p.properties",
-    "description": "Valid text description",
+    "displayName": "p3.properties",
+    "description": "text description",
     "jansService": [
       "jans-auth"
     ],
-    "jansLevel": 142,
+    "jansLevel": 144,
     "jansEnabled": true
   },
-  "assetFile": "/tmp/p.properties"
+  "assetFile": "/tmp/p3.properties"
 }
-
 ```
 Now let's post this Assert to the Janssen Server to be added to the existing set:
 
@@ -284,48 +294,46 @@ Now let's post this Assert to the Janssen Server to be added to the existing set
  --data /tmp/add-asset.json
 ```
 
-
-
 ### Update Existing Custom Assets
 
 Use the `put-asset` operation to update an existing asset. This operation uses
 same schema as [add new asset](#add-new-custom-asset) operation. For example,
 assuming that there is an existing asset as show below:
 
-```json title="Existing Asset"
-    {
-      "dn": "inum=48f2e07b-b879-4db2-816b-36bc4d69701f,ou=document,o=jans",
-      "inum": "48f2e07b-b879-4db2-816b-36bc4d69701f",
-      "displayName": "p.properties",
-      "description": "Valid text description",
-      "document": "cHJvcGVydGllcyBoZXJlLiAK\r\n",
-      "creationDate": "2024-07-31T06:24:55",
-      "jansService": [
-        "jans-auth"
-      ],
-      "jansLevel": 142,
-      "jansEnabled": true,
-      "baseDn": "inum=48f2e07b-b879-4db2-816b-36bc4d69701f,ou=document,o=jans"
-    }
+```json title="Existing Asset" linenums="1"
+{
+  "dn": "inum=fd67d07b-c874-4bc1-a9f0-860fc4f7a091,ou=document,o=jans",
+  "inum": "fd67d07b-c874-4bc1-a9f0-860fc4f7a091",
+  "displayName": "p.properties",
+  "description": "Valid text description",
+  "document": "cHJvcGVydGllcyBoZXJlLiAK\r\n",
+  "creationDate": "2024-07-31T07:40:03",
+  "jansService": [
+    "jans-auth"
+  ],
+  "jansLevel": 142,
+  "jansEnabled": true,
+  "baseDn": "inum=fd67d07b-c874-4bc1-a9f0-860fc4f7a091,ou=document,o=jans"
+}
 ```
 
 Now to update level of this asset to 6, create a text file with following
 content in it. Let's name this text file as `/tmp/update-asset.json`
 
-```json 
+```json title="Input" linenums="1"
 {
   "document": {
-      "dn": "inum=48f2e07b-b879-4db2-816b-36bc4d69701f,ou=document,o=jans",
-      "inum": "48f2e07b-b879-4db2-816b-36bc4d69701f",
+      "dn": "inum=fd67d07b-c874-4bc1-a9f0-860fc4f7a091,ou=document,o=jans",
+      "inum": "fd67d07b-c874-4bc1-a9f0-860fc4f7a091",
       "displayName": "p.properties",
       "description": "Valid text description",
       "document": "cHJvcGVydGllcyBoZXJlLiAK\r\n",
-      "creationDate": "2024-07-31T06:24:55",
+      "creationDate": "2024-07-31T07:40:03",
       "jansService": [
         "jans-auth"
       ],
       "jansLevel": 6,
-      "jansEnabled": true
+      "jansEnabled": true,
    },
   "assetFile": "/tmp/p.properties"
 }
@@ -340,26 +348,30 @@ Now use the command below to update the asset with new value for level.
 
 Upon successful execution, this command will return with updated asset values.
 
-```json title="Return values"
-
+```json title="Return values" linenums="1"
+{
+  "dn": "inum=fd67d07b-c874-4bc1-a9f0-860fc4f7a091,ou=document,o=jans",
+  "inum": "fd67d07b-c874-4bc1-a9f0-860fc4f7a091",
+  "displayName": "p.properties",
+  "description": "Valid text description",
+  "document": "cHJvcGVydGllcyBoZXJlLiAK\r\n",
+  "creationDate": "2024-07-31T07:40:03",
+  "jansService": [
+    "jans-auth"
+  ],
+  "jansLevel": 6,
+  "jansEnabled": true,
+  "baseDn": "inum=fd67d07b-c874-4bc1-a9f0-860fc4f7a091,ou=document,o=jans"
+}
 ```
 
-3. We have changed only the `` to ` ` in the existing asset.
- Use the updated file to send the update to the Janssen Server using the command below
- ```bash title="Command"
-   /opt/jans/jans-cli/config-cli.py --operation-id put-asset \
-   --data /tmp/update-asset.json
- ```
-This will update the existing asset matched with inum value.
-
-
 ### Delete Custom Asset
 
 You can delete any custom asset by its `inum` value.
 
 ```bash title="Command"
 /opt/jans/jans-cli/config-cli.py --operation-id delete-asset \
---url-suffix inum:36014ca4-0978-4d95-8858-964b815ea770
+--url-suffix inum:61edc29d-45f8-4ab9-8c9a-7b39e4cbe440
 ```
 
 ## Using Text-based UI

From f04774b4d71d2f03da939d827ee64458e3acb5ce Mon Sep 17 00:00:00 2001
From: shekhar16 <shekhar16@users.noreply.github.com>
Date: Thu, 1 Aug 2024 16:19:07 +0530
Subject: [PATCH 35/43] feat(jans-fido): add interception script for
 registration (#9075)

Signed-off-by: shekhar16 <shekharlaad1609@gmail.com>
---
 .../extension/fido2/Fido2ExtensionSample.py   | 108 ++++++++++++++++++
 .../jans_setup/templates/scripts.ldif         |  16 +++
 2 files changed, 124 insertions(+)
 create mode 100644 jans-linux-setup/jans_setup/static/extension/fido2/Fido2ExtensionSample.py

diff --git a/jans-linux-setup/jans_setup/static/extension/fido2/Fido2ExtensionSample.py b/jans-linux-setup/jans_setup/static/extension/fido2/Fido2ExtensionSample.py
new file mode 100644
index 00000000000..8b6033b99d2
--- /dev/null
+++ b/jans-linux-setup/jans_setup/static/extension/fido2/Fido2ExtensionSample.py
@@ -0,0 +1,108 @@
+# Janssen Project software is available under the Apache 2.0 License (2004). See http://www.apache.org/licenses/ for full text.
+# Copyright (c) 2023, Janssen Project
+#
+# Author: Jorge Munoz
+# Author: Yuriy Movchan
+#
+from io.jans.service.cdi.util import CdiUtil
+from io.jans.model.custom.script.type.fido2 import Fido2ExtensionType
+from io.jans.fido2.service.operation import AttestationService
+from io.jans.fido2.service.operation import AssertionService
+from io.jans.util import StringHelper
+from org.json import JSONObject
+from com.fasterxml.jackson.databind import JsonNode
+from org.apache.logging.log4j import ThreadContext
+from io.jans.fido2.model.u2f.error import Fido2ErrorResponseFactory
+from io.jans.fido2.model.u2f.error import Fido2ErrorResponseType
+from io.jans.as.model.config import Constants
+
+from java.lang import String
+
+class Fido2Extension(Fido2ExtensionType):
+
+    def __init__(self, currentTimeMillis):
+        self.currentTimeMillis = currentTimeMillis
+
+    def init(self, customScript, configurationAttributes):
+        print "Fido2Extension. Initialization"
+        print "Fido2Extension. Initialized successfully"
+        return True   
+
+    def destroy(self, configurationAttributes):
+        print "Fido2Extension. Destroy"
+        print "Fido2Extension. Destroyed successfully"
+        return True
+
+    def getApiVersion(self):
+        return 11
+
+    # To generate a bad request WebApplicationException giving a message. This method is to be called inside (interceptRegisterAttestation, interceptVerifyAttestation, interceptAuthenticateAssertion, interceptVerifyAssertion)
+    def throwBadRequestException(self, title, message, context):
+        print "Fido2Extension. Setting Bad request exception"
+
+        errorClaimException = Fido2ErrorResponseFactory.createBadRequestException(Fido2ErrorResponseType.BAD_REQUEST_INTERCEPTION, title, message, ThreadContext.get(Constants.CORRELATION_ID_HEADER))
+        context.setWebApplicationException(errorClaimException)
+
+    # This method is called in Attestation register endpoint before start the registration process
+    def registerAttestationStart(self, paramAsJsonNode, context):
+        print "Fido2Extension. registerAttestationStart"
+        attestationService = CdiUtil.bean(AttestationService)
+
+        return True
+
+    # This method is called in Attestation register endpoint after start the registration process
+    def registerAttestationFinish(self, paramAsJsonNode, context):
+        print "Fido2Extension. registerAttestationFinish"
+        attestationService = CdiUtil.bean(AttestationService)
+
+        return True
+
+    # This method is called in Attestation verify endpoint before finish the registration verification process
+    def verifyAttestationStart(self, paramAsJsonNode, context):
+        print "Fido2Extension. verifyAttestationStart"
+        attestationService = CdiUtil.bean(AttestationService)
+
+        return True
+
+    # This method is called in Attestation verify endpoint after finish the registration verification process
+    def verifyAttestationFinish(self, paramAsJsonNode, context):
+        print "Fido2Extension. verifyAttestationFinish"
+        attestationService = CdiUtil.bean(AttestationService)
+
+        return True
+
+    # This method is called in Assertion authenticate endpoint before start the authentication process
+    def authenticateAssertionStart(self, paramAsJsonNode, context):
+        print "Fido2Extension. authenticateAssertionStart"
+
+        assertionService = CdiUtil.bean(AssertionService)
+
+        if paramAsJsonNode.hasNonNull("username"):
+            print "Fido2Extension. Username: '%s'" % paramAsJsonNode.get("username").asText()
+            if paramAsJsonNode.get("username").asText() == 'test_user':
+                self.throwBadRequestException("Fido2Extension authenticateAssertionStart : test_user", "Description Error from script : test_user", context)
+        else:
+            self.throwBadRequestException("Fido2Extension authenticateAssertionStart. Username is missing.", "Description Error from script. Username is missing.", context)
+
+        return True
+
+    # This method is called in Assertion authenticate endpoint after start the authentication process
+    def authenticateAssertionFinish(self, paramAsJsonNode, context):
+        print "Fido2Extension. authenticateAssertionFinish"
+        assertionService = CdiUtil.bean(AssertionService)
+
+        return True
+
+    # This method is called in Assertion verify endpoint before finish the authentication verification process
+    def verifyAssertionStart(self, paramAsJsonNode, context):
+        print "Fido2Extension. verifyAssertionStart"
+        assertionService = CdiUtil.bean(AssertionService)
+        
+        return True
+
+    # This method is called in Assertion verify endpoint after finish the authentication verification process
+    def verifyAssertionFinish(self, paramAsJsonNode, context):
+        print "Fido2Extension. verifyAssertionFinish"
+        assertionService = CdiUtil.bean(AssertionService)
+        
+        return True
diff --git a/jans-linux-setup/jans_setup/templates/scripts.ldif b/jans-linux-setup/jans_setup/templates/scripts.ldif
index 32045c4e0c8..62743a9657f 100644
--- a/jans-linux-setup/jans_setup/templates/scripts.ldif
+++ b/jans-linux-setup/jans_setup/templates/scripts.ldif
@@ -627,5 +627,21 @@ jansRevision: 0
 jansScr::%(introspection_introspection_github_claims_introspection_github_claims)s
 jansScrTyp: introspection
 
+dn: inum=9BAF-90D7,ou=scripts,o=jans
+description: Fido2 authentication module
+displayName: fido2
+inum: 9BAF-90D7
+jansConfProperty: {"value1":"fido2_server_uri","value2":"https://%(hostname)s","description":""}
+jansLevel: 1
+jansModuleProperty: {"value1":"usage_type","value2":"interactive","description":""}
+jansModuleProperty: {"value1":"location_type","value2":"db","description":""}
+jansRevision: 1
+jansScr::%(fido2_extension_fido2extensionSample)s
+jansScrTyp: fido2_extension
+objectClass: top
+objectClass: jansCustomScr
+jansEnabled: false
+jansProgLng: python
+
 
 

From ddacc32e5c705c59b694e40436b644e50ffece43 Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Thu, 1 Aug 2024 13:57:10 +0300
Subject: [PATCH 36/43] feat(jans-linux-setup): updated jansServiceModule for
 config-api in post-setup (#9079)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 .../setup_app/installers/config_api.py        | 30 +++++++++++++++++--
 .../jans_setup/setup_app/installers/jans.py   |  5 +++-
 .../setup_app/installers/jans_saml.py         |  5 ++--
 3 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/jans-linux-setup/jans_setup/setup_app/installers/config_api.py b/jans-linux-setup/jans_setup/setup_app/installers/config_api.py
index e3f1c327f77..dc08e87def6 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/config_api.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/config_api.py
@@ -11,7 +11,7 @@
 from setup_app import paths
 from setup_app.static import AppType, InstallOption
 from setup_app.utils import base
-from setup_app.utils.ldif_utils import create_client_ldif
+from setup_app.utils.ldif_utils import myLdifParser, create_client_ldif
 from setup_app.config import Config
 from setup_app.installers.jetty import JettyInstaller
 from setup_app.pylib.ldif4.ldif import LDIFWriter
@@ -55,7 +55,7 @@ def install(self):
         self.copyFile(self.source_files[1][0], '/usr/sbin')
         self.run([paths.cmd_chmod, '+x', '/usr/sbin/facter'])
         self.install_jettyService(self.jetty_app_configuration[self.service_name], True)
-        self.logIt("Copying fido.war into jetty webapps folder...")
+        self.logIt("Copying jans-config-api.war into jetty webapps folder...")
         jettyServiceWebapps = os.path.join(self.jetty_base, self.service_name, 'webapps')
         self.copyFile(self.source_files[0][0], jettyServiceWebapps)
 
@@ -247,3 +247,29 @@ def load_test_data(self):
         self.writeFile(out_fn, rendered_text)
         self.dbUtils.import_ldif([out_fn])
 
+    def update_jansservicemodule(self):
+        # this function is called by jans.py: JansInstaller.post_install_tasks()
+        self.logIt("Updating jansServiceModule for Config Api")
+
+        # find configuration dn
+        ldif_parser = myLdifParser(self.config_ldif_fn)
+        ldif_parser.parse()
+        for dn, _ in ldif_parser.entries:
+            if 'ou=configuration' in dn:
+                config_api_config_dn = dn
+                break
+
+        jans_service_modules = []
+
+        for jans_service_dir in os.listdir(Config.jetty_base):
+            if os.path.exists(os.path.join(Config.jetty_base, jans_service_dir, f'webapps/{jans_service_dir}.war')):
+                jans_service_modules.append(jans_service_dir)
+
+        self.logIt(f"Config Api jansConfDyn.assetMgtConfiguration.jansServiceModule list: {jans_service_modules}")
+
+        configuration = self.dbUtils.dn_exists(config_api_config_dn)
+        dynamic_configuration = json.loads(configuration['jansConfDyn'])
+        dynamic_configuration['assetMgtConfiguration']['jansServiceModule'] = sorted(jans_service_modules)
+        self.dbUtils.set_configuration('jansConfDyn', json.dumps(dynamic_configuration, indent=2), config_api_config_dn)
+
+
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans.py b/jans-linux-setup/jans_setup/setup_app/installers/jans.py
index 5c1d236dd72..4ff07c07888 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans.py
@@ -511,7 +511,7 @@ def post_install_tasks(self):
             #write post-install.py script
             self.logIt("Writing snap-post-setup.py", pbar='post-setup')
             post_setup_script = self.readFile(os.path.join(Config.templateFolder, 'snap-post-setup.py'))
-            
+
             for key, val in (('{{SNAP_NAME}}', os.environ['SNAP_NAME']),
                              ('{{SNAP_PY3}}', paths.cmd_py3),
                              ('{{SNAP}}', base.snap),
@@ -560,6 +560,9 @@ def post_install_tasks(self):
         # write default Lock Configuration to DB
         base.current_app.JansLockInstaller.configure_message_conf()
 
+        # Update jansServiceModule for config-api on DB
+        base.current_app.ConfigApiInstaller.update_jansservicemodule()
+
     def secure_files(self):
         self.run([paths.cmd_chown, '-R', 'jetty:root', Config.certFolder])
         self.run([paths.cmd_chmod, '-R', '660', Config.certFolder])
diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
index 36b7340dd00..03f9aa91ed7 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
@@ -12,7 +12,8 @@
 from setup_app.utils.package_utils import packageUtils
 from setup_app.static import AppType, InstallOption
 from setup_app.config import Config
-from setup_app.installers.jetty import JettyInstaller
+from setup_app.utils.setup_utils import SetupUtils
+from setup_app.installers.base import BaseInstaller
 from setup_app.utils.ldif_utils import create_client_ldif
 
 # Config
@@ -32,7 +33,7 @@
 Config.kc_db_password = 'kcdbuserpassword'
 Config.kc_jdbc_url = 'jdbc:postgresql:kcdbuser:kcdbuserpassword@//localhost:1122/kc_service'
 
-class JansSamlInstaller(JettyInstaller):
+class JansSamlInstaller(BaseInstaller, SetupUtils):
 
     install_var = 'install_jans_saml'
 

From e153479441e2175a6c17db5bf59e4b3687460cf1 Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Thu, 1 Aug 2024 21:42:10 +0300
Subject: [PATCH 37/43] fix(jans-core): register DB document store in Store
 factory (#9084)

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
---
 .../document/store/provider/DocumentStoreProviderFactory.java  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/jans-core/document-store/src/main/java/io/jans/service/document/store/provider/DocumentStoreProviderFactory.java b/jans-core/document-store/src/main/java/io/jans/service/document/store/provider/DocumentStoreProviderFactory.java
index 6dfcb95cce8..3df3cbd6d95 100644
--- a/jans-core/document-store/src/main/java/io/jans/service/document/store/provider/DocumentStoreProviderFactory.java
+++ b/jans-core/document-store/src/main/java/io/jans/service/document/store/provider/DocumentStoreProviderFactory.java
@@ -62,6 +62,9 @@ public DocumentStoreProvider getDocumentStoreProvider(DocumentStoreConfiguration
             case WEB_DAV:
             	documentStoreProvider = instance.select(WebDavDocumentStoreProvider.class).get();
                 break;
+            case DB:
+            	documentStoreProvider = instance.select(DBDocumentStoreProvider.class).get();
+                break;
         }
 
         if (documentStoreProvider == null) {

From f01c038e218d454d0bfbd128cef2e8290020919d Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Thu, 1 Aug 2024 22:38:44 +0300
Subject: [PATCH 38/43] fix(jans-linux-setup): scope id permission to role for
 inum: C4F5 (#9072)

* fix(jans-linux-setup): scope id permission to role for inum: C4F5

Signed-off-by: Mustafa Baser <mbaser@mail.com>

* fix(jans-cli-tui): default scope type is openid when creating new

Signed-off-by: Mustafa Baser <mbaser@mail.com>

---------

Signed-off-by: Mustafa Baser <mbaser@mail.com>
Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>
---
 .../cli_tui/plugins/010_auth_server/edit_scope_dialog.py     | 5 ++---
 jans-linux-setup/jans_setup/templates/scopes.ldif            | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/jans-cli-tui/cli_tui/plugins/010_auth_server/edit_scope_dialog.py b/jans-cli-tui/cli_tui/plugins/010_auth_server/edit_scope_dialog.py
index d00f24917f2..7c47a50e62a 100755
--- a/jans-cli-tui/cli_tui/plugins/010_auth_server/edit_scope_dialog.py
+++ b/jans-cli-tui/cli_tui/plugins/010_auth_server/edit_scope_dialog.py
@@ -58,8 +58,7 @@ def __init__(
         self.prepare_attributes_data()
         self.prepare_tabs()
         self.create_window()
-        self.sope_type = self.data.get('scopeType') or 'oauth'
-
+        self.sope_type = self.data.get('scopeType') or 'openid'
 
     def prepare_attributes_data(self):
         self.jans_attributes_data = []
@@ -132,7 +131,7 @@ def create_window(self) -> None:
                 self.app.getTitledRadioButton(
                                 _("Scope Type"),
                                 name='scopeType',
-                                current_value=self.data.get('scopeType'),
+                                current_value=self.data.get('scopeType') or 'openid',
                                 values=scope_types,
                                 on_selection_changed=self.scope_selection_changed,
                                 jans_help=self.app.get_help_from_schema(self.schema, 'scopeType'),
diff --git a/jans-linux-setup/jans_setup/templates/scopes.ldif b/jans-linux-setup/jans_setup/templates/scopes.ldif
index 6c6ba73e7be..469a5199bc1 100644
--- a/jans-linux-setup/jans_setup/templates/scopes.ldif
+++ b/jans-linux-setup/jans_setup/templates/scopes.ldif
@@ -203,7 +203,7 @@ displayName: view_user_permissions_roles
 inum: C4F5
 jansAttrs: {"spontaneousClientId":"","spontaneousClientScopes":[],"showInConfigurationEndpoint":true}
 jansDefScope: true
-jansId: permission
+jansId: role
 jansScopeTyp: dynamic
 jansScrDn: inum=CB5B-3211,ou=scripts,o=jans
 objectClass: top

From a6a1850efa7b4a3f1336a054a9aa1bd8f4415a00 Mon Sep 17 00:00:00 2001
From: pujavs <43700552+pujavs@users.noreply.github.com>
Date: Fri, 2 Aug 2024 14:36:07 +0530
Subject: [PATCH 39/43] fix(config-api): asset mgt error handling and SAML TR
 spec  (#9082)

* doc(config-api): attribite spec for saml trust relationship

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset mgt update enhancement to make asset file optional

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): validate asset service dir

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset mgt validation

Signed-off-by: pujavs <pujas.works@gmail.com>

---------

Signed-off-by: pujavs <pujas.works@gmail.com>
---
 .../docs/jans-config-api-swagger.yaml         |  18 +--
 .../plugins/docs/kc-saml-plugin-swagger.yaml  |  31 +++++
 .../plugins/docs/user-mgt-plugin-swagger.yaml |   4 +-
 .../plugin/saml/model/TrustRelationship.java  |  41 +++---
 .../rest/resource/auth/AssetResource.java     |  26 ++--
 .../configapi/service/auth/AssetService.java  | 125 +++++++++++++-----
 6 files changed, 178 insertions(+), 67 deletions(-)

diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml
index 18357d90c32..631f5154e0a 100644
--- a/jans-config-api/docs/jans-config-api-swagger.yaml
+++ b/jans-config-api/docs/jans-config-api-swagger.yaml
@@ -4475,6 +4475,7 @@ paths:
                   - spontaneous_scope
                   - end_session
                   - post_authn
+                  - client_authn
                   - select_account
                   - create_user
                   - scim
@@ -8313,19 +8314,19 @@ components:
           type: string
         selected:
           type: boolean
-        whitePagesCanView:
-          type: boolean
         adminCanView:
           type: boolean
         userCanView:
           type: boolean
+        userCanEdit:
+          type: boolean
         adminCanEdit:
           type: boolean
-        userCanEdit:
+        adminCanAccess:
           type: boolean
         userCanAccess:
           type: boolean
-        adminCanAccess:
+        whitePagesCanView:
           type: boolean
         baseDn:
           type: string
@@ -9162,6 +9163,8 @@ components:
           type: boolean
         lockMessageConfig:
           $ref: '#/components/schemas/LockMessageConfig'
+        fapi:
+          type: boolean
         allResponseTypesSupported:
           uniqueItems: true
           type: array
@@ -9171,8 +9174,6 @@ components:
             - code
             - token
             - id_token
-        fapi:
-          type: boolean
     AuthenticationFilter:
       required:
       - baseDn
@@ -9939,10 +9940,10 @@ components:
           type: array
           items:
             type: object
-        value:
-          type: object
         displayValue:
           type: string
+        value:
+          type: object
     LocalizedString:
       type: object
       properties:
@@ -10251,6 +10252,7 @@ components:
           - spontaneous_scope
           - end_session
           - post_authn
+          - client_authn
           - select_account
           - create_user
           - scim
diff --git a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml
index 275f281c5ec..35af61863a2 100644
--- a/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml
+++ b/jans-config-api/plugins/docs/kc-saml-plugin-swagger.yaml
@@ -1062,6 +1062,7 @@ components:
           type: string
         signResponses:
           type: string
+      description: List of profile configuration.
     SAMLMetadata:
       type: object
       properties:
@@ -1075,6 +1076,7 @@ components:
           type: string
         jansAssertionConsumerServicePostURL:
           type: string
+      description: SAML entity metadata.
     TrustRelationship:
       required:
       - description
@@ -1087,36 +1089,51 @@ components:
           type: string
         inum:
           type: string
+          description: Unique identifier
         owner:
           type: string
+          description: Creator of Trust Relationship.
         name:
           maxLength: 60
           minLength: 0
           type: string
+          description: The alphanumeric ID string that is used to identify the Trust
+            Relationship.
         displayName:
           maxLength: 60
           minLength: 0
           type: string
+          description: Trust Relationship display name.
         description:
           maxLength: 4000
           minLength: 0
           type: string
+          description: Description of the Trust Relationship.
         baseUrl:
           type: string
+          description: URL to use when the auth server needs to redirect.
         enabled:
           type: boolean
+          description: Indicates if Trust Relationship is enabled.
         alwaysDisplayInConsole:
           type: boolean
+          description: Indicates if Trust Relationship should always be listed in
+            the UI.
         clientAuthenticatorType:
           type: string
+          description: Preferred Authenticator Type.
         secret:
           type: string
+          description: Client secret.
         registrationAccessToken:
           type: string
+          description: Registration access token.
         consentRequired:
           type: boolean
+          description: Boolean value if consent is required.
         spMetaDataSourceType:
           type: string
+          description: "Trust Relationship SP metadata type - file, URI."
           enum:
           - file
           - manual
@@ -1124,21 +1141,31 @@ components:
           $ref: '#/components/schemas/SAMLMetadata'
         redirectUris:
           type: array
+          description: List of valid Redirect URI.
           items:
             type: string
+            description: List of valid Redirect URI.
         spMetaDataURL:
           type: string
+          description: SAML entity metadata file URL.
         metaLocation:
           type: string
+          description: Trust Relationship metadata file location.
         releasedAttributes:
           type: array
+          description: Trust Relationship attributes that will be released to SAML
+            server.
           items:
             type: string
+            description: Trust Relationship attributes that will be released to SAML
+              server.
         spLogoutURL:
           pattern: "^$|(^(https?|http)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|])"
           type: string
+          description: Logout request URL.
         status:
           type: string
+          description: Trust Relationship setup status.
           enum:
           - active
           - inactive
@@ -1146,6 +1173,7 @@ components:
           - register
         validationStatus:
           type: string
+          description: Trust Relationship validation status.
           enum:
           - In Progress
           - Success
@@ -1153,12 +1181,15 @@ components:
           - Failed
         validationLog:
           type: array
+          description: Validation log.
           items:
             type: string
+            description: Validation log.
         profileConfigurations:
           type: object
           additionalProperties:
             $ref: '#/components/schemas/ProfileConfiguration'
+          description: List of profile configuration.
         baseDn:
           type: string
     TrustRelationshipForm:
diff --git a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml
index a23d9c4e828..9113a738b01 100644
--- a/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml
+++ b/jans-config-api/plugins/docs/user-mgt-plugin-swagger.yaml
@@ -863,10 +863,10 @@ components:
           type: array
           items:
             type: object
-        value:
-          type: object
         displayValue:
           type: string
+        value:
+          type: object
     CustomUser:
       type: object
       properties:
diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java
index e4b033ca46a..7ffeae0030b 100644
--- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java
+++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/model/TrustRelationship.java
@@ -29,6 +29,7 @@
 import jakarta.validation.constraints.Pattern;
 import jakarta.validation.constraints.Size;
 
+import io.swagger.v3.oas.annotations.media.Schema;
 
 @DataEntry(sortBy = { "displayName" })
 @ObjectClass(value = "jansTrustRelationship")
@@ -38,98 +39,108 @@ public class TrustRelationship extends Entry implements Serializable {
     private static final long serialVersionUID = 7912166229997681502L;
 
     @AttributeName(ignoreDuringUpdate = true)
+    @Schema(description = "Unique identifier")
     private String inum;
 
     @AttributeName
+    @Schema(description = "Creator of Trust Relationship.")
     private String owner;
 
     @AttributeName(name = "name")
     @NotNull
     @Size(min = 0, max = 60, message = "Length of the name should not exceed 60")
+    @Schema(description = "The alphanumeric ID string that is used to identify the Trust Relationship.")
     private String name;
 
     @NotNull
     @Size(min = 0, max = 60, message = "Length of the Display Name should not exceed 60")
     @AttributeName
+    @Schema(description = "Trust Relationship display name.")
     private String displayName;
 
     @NotNull
     @Size(min = 0, max = 4000, message = "Length of the Description should not exceed 4000")
     @AttributeName
+    @Schema(description = "Description of the Trust Relationship.")
     private String description;
     
-    /**
-     * Default URL, Home URL to use when the auth server needs to redirect or link
-     * back to the client.
-     * 
-     */
+    @Schema(description = "URL to use when the auth server needs to redirect.")
     @AttributeName
     private String baseUrl;
 
     @AttributeName(name = "jansEnabled")
+    @Schema(description = "Indicates if Trust Relationship is enabled.")
     private boolean enabled;
 
-    /**
-     * Always list this in the Account UI, even if the user does not have an
-     * active session.
-     */
     @AttributeName(name = "displayInConsole")
+    @Schema(description = "Indicates if Trust Relationship should always be listed in the UI.")
     private boolean alwaysDisplayInConsole;
 
     @AttributeName(name = "jansPreferredMethod")
+    @Schema(description = "Preferred Authenticator Type.")
     private String clientAuthenticatorType;
 
     @AttributeName(name = "jansClntSecret")
+    @Schema(description = "Client secret.")
     private String secret;
 
     @AttributeName(name = "jansRegistrationAccessTkn")
+    @Schema(description = "Registration access token.")
     private String registrationAccessToken;
 
+    @Schema(description = "Boolean value if consent is required.")
     private Boolean consentRequired;
 
-    /**
-     * Trust Relationship SP metadata type - file, URI, federation
-     */
     @NotNull
     @AttributeName(name = "jansSAMLspMetaDataSourceTyp")
+    @Schema(description = "Trust Relationship SP metadata type - file, URI.")
     private MetadataSourceType spMetaDataSourceType;
 
     @JsonObject
     @AttributeName(name = "samlMetadata")
+    @Schema(description = "SAML entity metadata.")
     private SAMLMetadata samlMetadata;
 
     @AttributeName(name = "jansRedirectURI")
+    @Schema(description = "List of valid Redirect URI.")
     private String[] redirectUris;
 
-    /**
-     * Trust Relationship file location of metadata
-     */
+
     @AttributeName(name = "jansSAMLspMetaDataFN")
     @Hidden
+    @Schema(description = "Trust Relationship metadata file name.")
     private String spMetaDataFN;
 
     @AttributeName(name = "jansSAMLspMetaDataURL")
+    @Schema(description = "SAML entity metadata file URL.")
     private String spMetaDataURL;
 
     @AttributeName(name = "jansMetaLocation")
+    @Schema(description = "Trust Relationship metadata file location.")
     private String metaLocation;
 
     @AttributeName(name = "jansReleasedAttr")
+    @Schema(description = "Trust Relationship attributes that will be released to SAML server.")
     private List<String> releasedAttributes;
 
     @Pattern(regexp = "^$|(^(https?|http)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|])", message = "Please enter a valid url, including protocol (http/https)")
     @AttributeName(name = "jansPostLogoutRedirectURI")
+    @Schema(description = "Logout request URL.")
     private String spLogoutURL;
 
     @AttributeName(name = "jansStatus")
+    @Schema(description = "Trust Relationship setup status.")
     private GluuStatus status;
 
     @AttributeName(name = "jansValidationStatus")
+    @Schema(description = "Trust Relationship validation status.")
     private ValidationStatus validationStatus;
 
     @AttributeName(name = "jansValidationLog")
+    @Schema(description = "Validation log.")
     private List<String> validationLog;
 
+    @Schema(description = "List of profile configuration.")
     private Map<String, ProfileConfiguration> profileConfigurations = new HashMap<String, ProfileConfiguration>();
 
     public String getInum() {
diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AssetResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AssetResource.java
index 7743025347c..1543b04e30b 100644
--- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AssetResource.java
+++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AssetResource.java
@@ -18,7 +18,7 @@
 import io.jans.model.SearchRequest;
 import io.jans.orm.model.PagedResult;
 import io.jans.service.document.store.service.Document;
-
+import io.jans.util.exception.InvalidAttributeException;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
@@ -56,7 +56,7 @@ public class AssetResource extends ConfigBaseResource {
     private static final String ASSET_DATA = "Asset Data";
     private static final String ASSET_DATA_FORM = "Asset Data From";
     private static final String ASSET_NAME_CONFLICT = "NAME_CONFLICT";
-    private static final String ASSET_NAME_CONFLICT_MSG = "Asset with same name %s already exists!";
+    private static final String ASSET_NAME_CONFLICT_MSG = "Asset with same name %s already exist!";
     private static final String ASSET_NOT_FOUND = "Asset identified by %s not found!";
     private static final String ASSET_INUM = "Asset Identifier Inum";
     private static final String RESOURCE_NULL = "RESOURCE_NULL";
@@ -178,7 +178,7 @@ public Response getAssetByName(
     public Response getJansServices() {
 
         List<String> services = assetService.getValidModuleName();
-        if(services == null) {
+        if (services == null) {
             services = Collections.emptyList();
         }
 
@@ -232,7 +232,7 @@ public Response uploadAsset(@MultipartForm AssetForm assetForm) throws Exception
         checkResourceNotNull(asset, ASSET_DATA);
         checkNotNull(asset.getDisplayName(), AttributeNames.DISPLAY_NAME);
 
-        // check if asset with same name already exists
+        // check if asset with same name already exist
         List<Document> assets = assetService.getAssetByName(asset.getDisplayName());
         if (assets != null && !assets.isEmpty()) {
             asset.setInum(assets.get(0).getInum());
@@ -249,10 +249,10 @@ public Response uploadAsset(@MultipartForm AssetForm assetForm) throws Exception
 
         // save asset
         try {
-            asset = assetService.saveAsset(asset, assetStream);
+            asset = assetService.saveAsset(asset, assetStream, false);
             log.debug("Saved asset:{} ", asset);
         } catch (Exception ex) {
-            log.error("Application Error while creating asset is - status:{}", ex.getMessage());
+            log.error("Application Error while creating asset is - {}", ex.getMessage());
             throwInternalServerException(APPLICATION_ERROR, ex);
         }
 
@@ -267,7 +267,7 @@ public Response uploadAsset(@MultipartForm AssetForm assetForm) throws Exception
     @ApiResponses(value = {
             @ApiResponse(responseCode = "200", description = "Modified Asset", content = @Content(mediaType = MediaType.APPLICATION_JSON_PATCH_JSON, schema = @Schema(implementation = Document.class), examples = @ExampleObject(name = "Response json example", value = "example/assets/put-asset.json"))),
             @ApiResponse(responseCode = "400", description = "Bad Request", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "BadRequestException"))),
-            @ApiResponse(responseCode = "401", description = "Unauthorized" , content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "Unauthorized"))),
+            @ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "Unauthorized"))),
             @ApiResponse(responseCode = "404", description = "Not Found", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "NotFoundException"))),
             @ApiResponse(responseCode = "500", description = "InternalServerError", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = ApiError.class, description = "InternalServerError"))) })
     @Consumes(MediaType.MULTIPART_FORM_DATA)
@@ -288,10 +288,16 @@ public Response updateAsset(@MultipartForm AssetForm assetForm) throws Exception
         checkResourceNotNull(inum, ASSET_INUM);
         checkNotNull(asset.getDisplayName(), AttributeNames.DISPLAY_NAME);
 
-        // check if asset with same name already exists
+        // validate if asset exist
+        Document existingDoc = assetService.getAssetByInum(asset.getInum());
+        if (existingDoc == null) {
+            throw new InvalidAttributeException("Asset with inum '" + asset.getInum() + "' does not exist!!!");
+        }
+
+        // check if asset with same name already exist
         List<Document> assets = assetService.getAssetByName(asset.getDisplayName());
         log.info(
-                "Check if asset with inum different then:{} but with same name exists - asset.getDisplayName():{}, assets:{}",
+                "Check if asset with inum different then:{} but with same name exist - asset.getDisplayName():{}, assets:{}",
                 inum, asset.getDisplayName(), assets);
         if (assets != null && !assets.isEmpty()) {
             List<Document> list = assets.stream().filter(e -> !e.getInum().equalsIgnoreCase(inum))
@@ -309,7 +315,7 @@ public Response updateAsset(@MultipartForm AssetForm assetForm) throws Exception
 
         // update asset
         try {
-            asset = assetService.saveAsset(asset, assetFile);
+            asset = assetService.saveAsset(asset, assetFile, true);
             log.debug(" Updated asset:{} ", asset);
         } catch (Exception ex) {
             log.error("Application Error while updated asset is:{}", ex.getMessage());
diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AssetService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AssetService.java
index 80736344058..423b91f49a8 100644
--- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AssetService.java
+++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/AssetService.java
@@ -155,27 +155,51 @@ public PagedResult<Document> searchAssetByName(SearchRequest searchRequest) thro
                 searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getMaxCount());
     }
 
-    public Document saveAsset(Document asset, InputStream documentStream) throws Exception {
-        log.info("Save asset - asset:{}, documentStream:{}", asset, documentStream);
+    public Document saveAsset(Document asset, InputStream documentStream, boolean isUpdate) throws Exception {
+        log.info("Save asset - asset:{}, documentStream:{}, isUpdate:{}", asset, documentStream, isUpdate);
 
         if (asset == null) {
             throw new InvalidAttributeException("Asset object is null!!!");
         }
 
-        if (documentStream == null) {
+        // For update request, asset file is optional.
+        if (!isUpdate && documentStream == null) {
             throw new InvalidAttributeException(" Document data stream object is null!!!");
         }
 
         // validation
-        validateFileExtension(asset);
         validateModules(asset);
+        ByteArrayOutputStream bos = null;
+        if (documentStream != null) {
+            validateFileExtension(asset);
+
+            bos = getByteArrayOutputStream(documentStream);
+            log.trace("Asset ByteArrayOutputStream :{}", bos);
+
+            // get asset
+            try (InputStream is = new Base64InputStream(getInputStream(bos), true)) {
+                asset = setAssetContent(asset, is);
+            }
+        }
+
+        if (isUpdate && documentStream == null) {
+            // update request without asset file, get the existing asset content from DB
+            Document existingDoc = getAssetByInum(asset.getInum());
+            if (existingDoc == null) {
+                throw new InvalidAttributeException("Asset with inum '" + asset.getInum() + "' does not exist!!!");
+            } else {
+                asset.setDocument(existingDoc.getDocument());
+            }
+        }
+
+        // update asset revision
+        updateRevision(asset);
 
-        ByteArrayOutputStream bos = getByteArrayOutputStream(documentStream);
-        log.trace("Asset ByteArrayOutputStream :{}", bos);
+        // copy asset on jans-server
+        if (documentStream != null && isAssetServerUploadEnabled()) {
+            String result = copyAssetOnServer(asset, bos);
+            log.info("Result of asset saved on server :{}", result);
 
-        // get asset
-        try (InputStream is = new Base64InputStream(getInputStream(bos), true)) {
-            asset = setAssetContent(asset, is);
         }
 
         // save asset in DB store
@@ -193,13 +217,6 @@ public Document saveAsset(Document asset, InputStream documentStream) throws Exc
             dbDocumentService.updateDocument(asset);
         }
 
-        // copy asset on jans-server
-        if (isAssetServerUploadEnabled()) {
-            String result = copyAssetOnServer(asset, bos);
-            log.info("Result of asset saved on server :{}", result);
-
-        }
-
         // Get final asset
         asset = this.getAssetByInum(asset.getInum());
 
@@ -268,9 +285,6 @@ private Document setAssetContent(Document asset, InputStream documentStream) thr
         String documentContent = new String(documentStream.readAllBytes(), StandardCharsets.UTF_8);
         asset.setDocument(documentContent);
 
-        // update asset revision
-        updateRevision(asset);
-
         log.info("Successfully updated asset");
         return asset;
     }
@@ -307,9 +321,7 @@ private String copyAssetOnServer(Document asset, ByteArrayOutputStream stream) t
 
         List<String> serviceModules = asset.getJansService();
         String assetFileName = asset.getDisplayName();
-        String documentStoreModuleName = assetFileName;
-        log.info("Save asset for - serviceModules:{}, assetFileName:{}", serviceModules, assetFileName);
-
+        log.info("Copy assetFileName:{} for serviceModules:{}", asset, serviceModules);
         if (StringUtils.isBlank(assetFileName)) {
             throw new InvalidConfigurationException("Asset name is null!");
         }
@@ -317,20 +329,18 @@ private String copyAssetOnServer(Document asset, ByteArrayOutputStream stream) t
         String assetDir = this.getAssetDir(assetFileName);
         log.info("For saving assetFileName:{} assetDir:{}", assetFileName, assetDir);
 
+        // validate service directory
+        validateServiceDirectory(assetFileName, assetDir, serviceModules);
+
         for (String serviceName : serviceModules) {
 
             String serviceDirectory = this.getServiceDirectory(assetDir, serviceName);
             log.info("Save asset for - serviceName:{} in serviceDirectory:{}", serviceName, serviceDirectory);
-
-            if (StringUtils.isBlank(serviceDirectory)) {
-                throw new InvalidConfigurationException("Service directory to save asset is null!");
-            }
-
             String filePath = serviceDirectory + File.separator + assetFileName;
             log.info("To save asset - documentStoreService:{}, filePath:{} ", documentStoreService, filePath);
 
             try (InputStream ins = getInputStream(stream)) {
-                result = documentStoreService.saveDocumentStream(filePath, null, ins, List.of(documentStoreModuleName));
+                result = documentStoreService.saveDocumentStream(filePath, null, ins, List.of(assetFileName));
                 log.info("Result of asset saved on server :{}", result);
             }
 
@@ -407,10 +417,20 @@ private String getAssetDir(String assetFileName) {
         }
 
         AssetMgtConfiguration assetMgtConfiguration = this.appConfiguration.getAssetMgtConfiguration();
+
+        if (assetMgtConfiguration == null || StringUtils.isBlank(assetMgtConfiguration.getAssetBaseDirectory())) {
+            throw new InvalidConfigurationException("Config for asset management is not defined!");
+        }
+
         sb.append(assetMgtConfiguration.getAssetBaseDirectory());
         String assetDir = getAssetDirectory(assetFileName);
-
         log.info("assetMgtConfiguration:{}, sb:{}, assetDir:{}", assetMgtConfiguration, sb, assetDir);
+
+        if (StringUtils.isBlank(assetDir)) {
+            throw new InvalidConfigurationException(
+                    "Directory to upload asset [" + assetFileName + "] is not defined in config!");
+        }
+
         if (StringUtils.isNotBlank(assetDir)) {
             sb.append(File.separator);
             sb.append(assetDir);
@@ -428,6 +448,7 @@ private String getServiceDirectory(String assetDir, String serviceName) {
             return path;
         }
         path = String.format(assetDir, serviceName);
+        log.info("Service directory assetDir:{}, serviceName:{}, path:{}", assetDir, serviceName, path);
 
         return path;
 
@@ -448,7 +469,7 @@ private String getAssetDirectory(String assetFileName) {
             return directory;
         }
         String fileExtension = this.getFileExtension(assetFileName);
-        log.info("Get asset Directory - fileExtension:{}", fileExtension);
+        log.info("Get asset Directory for fileExtension:{}", fileExtension);
 
         Optional<AssetDirMapping> assetDirMapping = dirMapping.stream().filter(e -> e.getType().contains(fileExtension))
                 .findFirst();
@@ -505,14 +526,14 @@ private void validateFileExtension(Document asset) {
     private void validateModules(Document asset) {
 
         if (asset == null || asset.getJansService() == null || asset.getJansService().isEmpty()) {
-            throw new InvalidConfigurationException("Service module list is null or empty!");
+            throw new InvalidConfigurationException("Service module to save asset is not provided in request!");
         }
 
         List<String> validModules = getValidModuleName();
         log.info("validModules:{} ", validModules);
 
         if (validModules == null || validModules.isEmpty() || !isModuleNameValidationEnabled()) {
-            return;
+            throw new InvalidConfigurationException("Service module not configured in system! ");
         }
 
         List<String> invalidModuleList = authUtil.findMissingElements(asset.getJansService(), validModules);
@@ -521,9 +542,49 @@ private void validateModules(Document asset) {
         if (invalidModuleList != null && !invalidModuleList.isEmpty()) {
             throw new InvalidConfigurationException(
                     "Valid modules are '{" + validModules + "}', '{" + invalidModuleList + "}' not supported!");
+        }
+
+    }
 
+    private void validateServiceDirectory(String assetFileName, String assetDir, List<String> serviceModules) {
+        log.info("validate service directory details - assetFileName,:{}, assetDir:{}, serviceModules:{}", assetDir,
+                assetFileName, serviceModules);
+        List<String> invalidServiceDirList = new ArrayList<>();
+        StringBuilder missingMapping = new StringBuilder();
+        StringBuilder errorMsg = new StringBuilder();
+        for (String serviceName : serviceModules) {
+
+            String serviceDirectory = this.getServiceDirectory(assetDir, serviceName);
+            if (StringUtils.isBlank(serviceDirectory)) {
+                missingMapping.append(serviceName);
+            }
+
+            // check if the asset directory exist
+            boolean serviceDirectoryExist = isServiceDirectoryExist(serviceDirectory);
+            if (!serviceDirectoryExist) {
+                serviceModules.add(serviceName);
+            }
+
+        }
+        log.debug("missingMapping:{}, invalidServiceDirList:{}", invalidServiceDirList, missingMapping);
+        if (!invalidServiceDirList.isEmpty()) {
+            errorMsg.append("Service directory to save asset [" + invalidServiceDirList + "] does not exist!");
+        }
+
+        if (StringUtils.isNotBlank(missingMapping.toString())) {
+            errorMsg.append("Cannot save asset as service directory [" + missingMapping + "] is null!");
         }
 
+        if (StringUtils.isNotBlank(errorMsg.toString())) {
+            throw new InvalidConfigurationException(errorMsg.toString());
+        }
     }
 
+    private boolean isServiceDirectoryExist(String serviceDirectory) {
+        File dir = new File(serviceDirectory);
+        boolean serviceDirectoryExist = dir.exists();
+        log.info("Check if serviceDirectory:{} - exist:{}", serviceDirectory, serviceDirectoryExist);
+        return serviceDirectoryExist;
+    }
+    
 }

From 9fab110aea73a7f74cc932d008a1ecea2f294bd9 Mon Sep 17 00:00:00 2001
From: Dhaval D <343411+ossdhaval@users.noreply.github.com>
Date: Fri, 2 Aug 2024 16:11:23 +0530
Subject: [PATCH 40/43] docs(customization): update the customization
 instructions to aling with custom assets (#9088)

* docs(customize): add intro and management sections

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(customization): add location details

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(customization): add web customization instructions

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(customization): fix proofreading issues

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

---------

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
---
 .../customization/customize-web-pages.md      | 184 ++++++++++++------
 1 file changed, 124 insertions(+), 60 deletions(-)

diff --git a/docs/admin/developer/customization/customize-web-pages.md b/docs/admin/developer/customization/customize-web-pages.md
index cd36daa8d1d..a7a93244137 100644
--- a/docs/admin/developer/customization/customize-web-pages.md
+++ b/docs/admin/developer/customization/customize-web-pages.md
@@ -1,83 +1,147 @@
 ---
 tags:
-  - administration
-  - developer
-  - customization
-  - internationalization 
-  - i18n
-  - locale
-  - css
-  - images
-  - header
-  - footer
-  - template
+ - administration
+ - developer
+ - customization
+ - internationalization 
+ - i18n
+ - locale
+ - css
+ - images
+ - header
+ - footer
+ - template
 ---
 
-All web pages are **xhtml** files.
+# Customization Using Custom Assets
 
-### Default pages bundled in the `jans-auth.war` are:
-* Login page: [login.xhtml](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/login.xhtml)
-* Authorization page: [authorize.xhtml](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/authorize.xhtml)
-* Logout page: [logout.xhtml](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/logout.xhtml)
-* Error page: [error.xhtml](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/error.xhtml)
+Janssen Server allows customization and extension of current web page designs,
+images, web templates etc. For 
+example, extending the list of languages supported by Janssen Server or maybe
+customizing the login page to show the organization's logo and align styling to 
+meet the branding of the organization. 
 
-### To override default pages listed above:
-Put a modified `login.xhtml` or `authorize.xhtml` or `error.xhtml` or `logout.xhtml` under `/opt/jans/jetty/jans-auth/custom/pages/`
+All of the above need some amount of custom assets, like custom CSS stylesheets,
+logo images, etc to be available on the Janssen Server. All these are called
+`Custom Assets`.
+
+## Managing Custom Assets
+
+Janssen Server configuration tools like CLI and TUI provide the ability to add, 
+update, and delete custom assets. Refer to the 
+[custom assets configuration guide](../../config-guide/custom-assets-configuration.md)
+to learn how to manage custom assets.
+
+ 
 
 ### Directory structure for customization
+
+When custom assets are added Janssen Server, the server makes the assets 
+available at following locations so that they can be referenced and used by
+other components.
+
+| Directory                      | Asset Type                      | Description                         |
+|--------------------------------|-------------------------------------|-------------------------------------|
+| /opt/jans/jetty/`<service-name>`/custom/i18n   | properties                         | Resource bundle file                |
+| /opt/jans/jetty/`<service-name>`/custom/libs   | lib                                | java archive library              |
+| /opt/jans/jetty/`<service-name>`/custom/pages | xhtml                              | Web pages                           |
+| /opt/jans/jetty/`<service-name>`/custom/static | js, css, png, gif , jpg, jpeg | Static resources like Java-script, style-sheet and images |
+
+## Customizing Web Pages
+
+Janssen Server uses [xhtml pages](https://github.com/JanssenProject/jans/tree/main/jans-auth-server/server/src/main/webapp) to render the web interface needed in 
+interactive web-flows. For example, password authentication flow. 
+
+It is possible to override the built-in `xhtml` pages or to add completely 
+new pages.
+
+### Customizing Built-in Web Pages
+
+In order to customize built-in web pages, follow the steps below:
+
+- Create a new `xhtml` page as a copy of the relevant built-in xhtml page
+- Make changes to the code of the new page according to the need 
+- Override the built-in page with the new page
+
+To override the built-in page with the new page, add the new page as 
+a [custom asset](#managing-custom-assets) 
+and make sure that the 
+new page has the same name and extension as the built-in page. 
+The Janssen Server will automatically use the custom page instead of the 
+built-in page. 
+
+For example, the default login web page is rendered using 
+[login.xhtml](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/login.xhtml).
+To override this page, add a new custom `login.xhtml`. Same can be done 
+for other built-in pages like [authorization page](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/authorize.xhtml), [logout page](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/logout.xhtml), [error page](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/error.xhtml).
+
+
+### Adding New Web Pages
+
+If the authentication/authorization flow requires new web pages, the same can be 
+added as [custom asset](../../config-guide/custom-assets-configuration.md) and
+then can be referenced using a relative path.
+
+For instance, if `enterOTP.xhtml` is your webpage for step 2 of 
+the authentication flow that is being implemented using a custom script,
+then upload page as a custom asset under the relevant Janssen service and then 
+reference it in the custom script as follows:
+
 ```
-/opt/jans/jetty/jans-auth/
-|-- custom
-|   |-- i18n (resource bundles)
-|   |-- libs (library files used by custom script)
-|   |-- pages (web pages)
-|   |-- static (images and css files)
-```
-### Adding a new web page for Person Authentication scripts
-1. If `enterOTP.xhtml` is your webpage for step 2 of authentication, place under `/opt/jans/jetty/jans-auth/custom/pages/auth/enterOTP.xhtml`
-2. Reference it in the custom script as follows:
-```
-    def getPageForStep(self, configurationAttributes, step):
-        # Used to specify the page you want to return for a given step
-        if (step == 1):
-          return "/auth/login.xhtml"
-        if (step == 2)
-          return "/auth/enterOTP.xhtml"
+ def getPageForStep(self, configurationAttributes, step):
+ # Used to specify the page you want to return for a given step
+ if (step == 1):
+ return "/auth/login.xhtml"  
+ if (step == 2)
+ return "/auth/enterOTP.xhtml"
 ```
-### Reference login pages:
+#### Reference login pages:
 
 [Here](https://github.com/JanssenProject/jans/tree/main/jans-auth-server/server/src/main/webapp/auth) you will find several login pages for different authentication methods.
 
-### Customized resource bundles:
-1. Resource bundles that are present in the jans-auth.war are present in this [folder](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/resources/)
 
-2. To override the defaults, custom `.properties` files should be placed in the following file under this path : `/opt/jans/jetty/jans-auth/custom/i18n/jans-auth.properties`
-Resource bundle names to support other languages should be placed under the same folder `/opt/jans/jetty/jans-auth/custom/i18n/`. Some examples of file names are :
-    * jans-auth_en.properties
-    * jans-auth_bg.properties
-    * jans-auth_de.properties
-    * jans-auth_es.properties
-    * jans-auth_fr.properties
-    * jans-auth_it.properties
-    * jans-auth_ru.properties
-    * jans-auth_tr.properties
+#### Customized resource bundles:
+
+Janssen Server provides language translation support using a set of 
+[built-in resource bundles](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/resources/).
+
+To override the defaults, the custom `.properties` files should be uploaded
+as [custom assets](#managing-custom-assets). If the file name matches the 
+existing resource bundle, then the custom bundle will override the built-in
+resource bundle. 
+
+Examples of file names are:
+
+ * jans-auth_en.properties
+ * jans-auth_bg.properties
+
 
-3. To add translation for a language that is not yet supported, create new properties file in resource folder and name it jans-auth_[language_code].properties, then add language code as supported-locale to the [faces-config.xml](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/resources/faces-config.xml) present in the same folder.
+To add translations for a language that is not yet supported, create a new 
+properties file and name it 
+jans-auth_[language_code].properties. Then add it to the Janssen Server as
+[custom asset](#managing-custom-assets). Janssen Server will automatically
+add the support for new language using the new resource bundle.
 
-### Custom CSS files:
 
-1. Place the file in `/opt/jans/jetty/jans-auth/custom/static/stylesheet/theme.css`
-2. Reference it in .xhtml file using the URL `https://your.jans.server/jans-auth/ext/resources/stylesheet/theme.css` or `/jans-auth/ext/resources/stylesheet/theme.css`
+#### Custom CSS files:
 
-### Custom image files:
-1. All images should be placed under `/opt/jans/jetty/jans-auth/custom/static/img`
-2. Reference it in .xhtml file using the URL `https://your.jans.server/jans-auth/ext/resources/img/fileName.png` or `/jans-auth/ext/resources/img/fileName.jpg`
+Upload the custom CSS files as [custom assets](#managing-custom-assets) and then
+reference it in `.xhtml` file using the URL `https://your.jans.server/jans-auth/ext/resources/stylesheet/theme.css` or `/jans-auth/ext/resources/stylesheet/theme.css`
 
-### Page layout, header, footer (xhtml Template) customization
+#### Custom image files:
+Upload the custom image files as [custom assets](#managing-custom-assets) and 
+then reference it in `.xhtml` file using the URL 
+`https://your.jans.server/jans-auth/ext/resources/img/fileName.png` or 
+`/jans-auth/ext/resources/img/fileName.jpg`.
 
-Templates refers to the common interface layout and style. For example, a banner, logo in common header and copyright information in footer.
+#### Page layout, header, footer (xhtml Template) customization
 
-1. `mkdir -p /opt/jans/jetty/jans-auth/custom/pages/WEB-INF/incl/layout/`    
-2. Place a modified `template.xhtml` in the above location which will override the [default template file](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/WEB-INF/incl/layout/template.xhtml) from the war
+Templates refer to the common interface layout and style. For example, 
+a banner, logo in the common header, and copyright information in the footer.
 
+Upload the custom template `template.xhtml` file as 
+[custom assets](#managing-custom-assets).This file will automatically override 
+the built-in 
+[default template file](https://github.com/JanssenProject/jans/blob/main/jans-auth-server/server/src/main/webapp/WEB-INF/incl/layout/template.xhtml).
 
+ 

From da60eab30f20fe0576eda29bd106143141255be8 Mon Sep 17 00:00:00 2001
From: Safin Wasi <6601566+SafinWasi@users.noreply.github.com>
Date: Fri, 2 Aug 2024 11:46:15 -0500
Subject: [PATCH 41/43] docs(jans-lock): add latest schema (#9081)

Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com>
---
 jans-lock/schema/cedarling_core_schema.json   | 216 +++++++++---------
 jans-lock/schema/cedarling_core_schema.schema | 167 +++++++-------
 2 files changed, 194 insertions(+), 189 deletions(-)

diff --git a/jans-lock/schema/cedarling_core_schema.json b/jans-lock/schema/cedarling_core_schema.json
index 83b69585589..8e6aac710f2 100644
--- a/jans-lock/schema/cedarling_core_schema.json
+++ b/jans-lock/schema/cedarling_core_schema.json
@@ -1,23 +1,9 @@
 {
     "Jans": {
         "commonTypes": {
-            "email_address": {
-                "type": "Record",
-                "attributes": {
-                    "domain": {
-                        "type": "String"
-                    },
-                    "id": {
-                        "type": "String"
-                    }
-                }
-            },
             "Context": {
                 "type": "Record",
                 "attributes": {
-                    "browser": {
-                        "type": "String"
-                    },
                     "current_time": {
                         "type": "Long"
                     },
@@ -48,6 +34,20 @@
                     },
                     "operating_system": {
                         "type": "String"
+                    },
+                    "user_agent": {
+                        "type": "String"
+                    }
+                }
+            },
+            "email_address": {
+                "type": "Record",
+                "attributes": {
+                    "domain": {
+                        "type": "String"
+                    },
+                    "id": {
+                        "type": "String"
                     }
                 }
             },
@@ -67,45 +67,40 @@
             }
         },
         "entityTypes": {
-            "TrustedIssuer": {
+            "Client": {
                 "shape": {
                     "type": "Record",
                     "attributes": {
-                        "issuer_entity_id": {
-                            "type": "Url"
+                        "client_id": {
+                            "type": "String"
+                        },
+                        "iss": {
+                            "type": "Entity",
+                            "name": "TrustedIssuer"
                         }
                     }
                 }
             },
-            "HTTP_Request": {
+            "Role": {},
+            "id_token": {
                 "shape": {
                     "type": "Record",
                     "attributes": {
-                        "accept": {
+                        "acr": {
                             "type": "Set",
                             "element": {
                                 "type": "String"
                             }
                         },
-                        "header": {
-                            "type": "Set",
-                            "element": {
-                                "type": "String"
-                            }
+                        "amr": {
+                            "type": "String"
                         },
-                        "url": {
-                            "type": "Url"
-                        }
-                    }
-                }
-            },
-            "Userinfo_token": {
-                "shape": {
-                    "type": "Record",
-                    "attributes": {
                         "aud": {
                             "type": "String"
                         },
+                        "azp": {
+                            "type": "String"
+                        },
                         "birthdate": {
                             "type": "String"
                         },
@@ -143,25 +138,23 @@
                     }
                 }
             },
-            "id_token": {
+            "TrustedIssuer": {
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "issuer_entity_id": {
+                            "type": "Url"
+                        }
+                    }
+                }
+            },
+            "Userinfo_token": {
                 "shape": {
                     "type": "Record",
                     "attributes": {
-                        "acr": {
-                            "type": "Set",
-                            "element": {
-                                "type": "String"
-                            }
-                        },
-                        "amr": {
-                            "type": "String"
-                        },
                         "aud": {
                             "type": "String"
                         },
-                        "azp": {
-                            "type": "String"
-                        },
                         "birthdate": {
                             "type": "String"
                         },
@@ -199,48 +192,6 @@
                     }
                 }
             },
-            "Client": {
-                "shape": {
-                    "type": "Record",
-                    "attributes": {
-                        "client_id": {
-                            "type": "String"
-                        },
-                        "iss": {
-                            "type": "Entity",
-                            "name": "TrustedIssuer"
-                        }
-                    }
-                }
-            },
-            "User": {
-                "memberOfTypes": [
-                    "Role"
-                ],
-                "shape": {
-                    "type": "Record",
-                    "attributes": {
-                        "email": {
-                            "type": "email_address"
-                        },
-                        "phone_number": {
-                            "type": "String"
-                        },
-                        "role": {
-                            "type": "Set",
-                            "element": {
-                                "type": "String"
-                            }
-                        },
-                        "sub": {
-                            "type": "String"
-                        },
-                        "username": {
-                            "type": "String"
-                        }
-                    }
-                }
-            },
             "Access_token": {
                 "shape": {
                     "type": "Record",
@@ -270,7 +221,6 @@
                     }
                 }
             },
-            "Role": {},
             "Application": {
                 "shape": {
                     "type": "Record",
@@ -284,23 +234,52 @@
                         }
                     }
                 }
+            },
+            "User": {
+                "memberOfTypes": [
+                    "Role"
+                ],
+                "shape": {
+                    "type": "Record",
+                    "attributes": {
+                        "email": {
+                            "type": "email_address"
+                        },
+                        "phone_number": {
+                            "type": "String"
+                        },
+                        "role": {
+                            "type": "Set",
+                            "element": {
+                                "type": "String"
+                            }
+                        },
+                        "sub": {
+                            "type": "String"
+                        },
+                        "username": {
+                            "type": "String"
+                        }
+                    }
+                }
             }
         },
         "actions": {
-            "HEAD": {
+            "Execute": {
                 "appliesTo": {
                     "resourceTypes": [
-                        "HTTP_Request"
+                        "Application"
                     ],
                     "principalTypes": [
-                        "Client"
+                        "User",
+                        "Role"
                     ],
                     "context": {
                         "type": "Context"
                     }
                 }
             },
-            "Access": {
+            "Search": {
                 "appliesTo": {
                     "resourceTypes": [
                         "Application"
@@ -314,65 +293,84 @@
                     }
                 }
             },
-            "GET": {
+            "Compare": {
                 "appliesTo": {
                     "resourceTypes": [
-                        "HTTP_Request"
+                        "Application"
                     ],
                     "principalTypes": [
-                        "Client"
+                        "User",
+                        "Role"
                     ],
                     "context": {
                         "type": "Context"
                     }
                 }
             },
-            "PATCH": {
+            "Monitor": {
                 "appliesTo": {
                     "resourceTypes": [
-                        "HTTP_Request"
+                        "Application"
                     ],
                     "principalTypes": [
-                        "Client"
+                        "User",
+                        "Role"
                     ],
                     "context": {
                         "type": "Context"
                     }
                 }
             },
-            "PUT": {
+            "Tag": {
                 "appliesTo": {
                     "resourceTypes": [
-                        "HTTP_Request"
+                        "Application"
+                    ],
+                    "principalTypes": [
+                        "User",
+                        "Role"
+                    ],
+                    "context": {
+                        "type": "Context"
+                    }
+                }
+            },
+            "Read": {
+                "appliesTo": {
+                    "resourceTypes": [
+                        "Application"
                     ],
                     "principalTypes": [
-                        "Client"
+                        "User",
+                        "Role"
                     ],
                     "context": {
                         "type": "Context"
                     }
                 }
             },
-            "POST": {
+            "Share": {
                 "appliesTo": {
                     "resourceTypes": [
-                        "HTTP_Request"
+                        "Application"
                     ],
                     "principalTypes": [
-                        "Client"
+                        "User",
+                        "Role"
                     ],
                     "context": {
                         "type": "Context"
                     }
                 }
             },
-            "DELETE": {
+            "Write": {
                 "appliesTo": {
                     "resourceTypes": [
-                        "HTTP_Request"
+                        "Application"
                     ],
                     "principalTypes": [
-                        "Client"
+                        "User",
+                        "Role"
                     ],
                     "context": {
                         "type": "Context"
diff --git a/jans-lock/schema/cedarling_core_schema.schema b/jans-lock/schema/cedarling_core_schema.schema
index f7d37f85153..68458676f5c 100644
--- a/jans-lock/schema/cedarling_core_schema.schema
+++ b/jans-lock/schema/cedarling_core_schema.schema
@@ -1,118 +1,125 @@
 namespace Jans {
-    type Context = {
-            "network": ipaddr,
-            "network_type": String,
-            "browser": String, 
-            "operating_system": String,
-            "device_health": Set<String>,
-            "current_time": Long,
-            "geolocation": Set<String>,
-            "fraud_indicators": Set<String>,
-    };
+    // ******  TYPES  ******
     type Url = {
-        "protocol": String,
-        "host": String,
-        "path": String,
+        protocol: String,
+        host: String,
+        path: String,
     };
     type email_address = {
         id: String, 
         domain: String,
     };
+    type Context = {
+            network: ipaddr,
+            network_type: String,
+            user_agent: String, 
+            operating_system: String,
+            device_health: Set<String>,
+            current_time: Long,
+            geolocation: Set<String>,
+            fraud_indicators: Set<String>,
+    };
+
+    // ******  Entities  ******
     entity TrustedIssuer = {
-        "issuer_entity_id": Url,
+        issuer_entity_id: Url,
     };
     entity Client  = {
-        "client_id": String,
-        "iss": TrustedIssuer,
-    };
-    entity HTTP_Request = {
-        "url": Url,
-        "header": Set<String>,
-        "accept": Set<String>,
+        client_id: String,
+        iss: TrustedIssuer,
     };
     entity Application = {
-        "name": String,
-        "client": Client,
+        name: String,
+        client: Client,
     };
     entity Role;
     entity User in [Role] {
-        "sub": String,
-        "username": String,
-        "email": email_address,
-        "phone_number": String,
-        "role": Set<String>,
+        sub: String,
+        username: String,
+        email: email_address,
+        phone_number: String,
+        role: Set<String>,
     };
+
     entity Access_token  = {
-        "aud": String,
-        "exp": Long,
-        "iat": Long,
-        "iss": TrustedIssuer,
-        "jti": String,
-        "nbf": Long,
-        "scope": String,
+        aud: String,
+        exp: Long,
+        iat: Long,
+        iss: TrustedIssuer,
+        jti: String,
+        nbf: Long,
+        scope: String,
     };
     entity id_token  = {
-        "acr": Set<String>,
-        "amr": String,
-        "aud": String,
-        "azp": String,
-        "birthdate": String,
-        "email": email_address,
-        "exp": Long,
-        "iat": Long,
-        "iss": TrustedIssuer,
-        "jti": String,        
-        "name": String,
-        "phone_number": String,
-        "role": Set<String>,
-        "sub": String,
+        acr: Set<String>,
+        amr: String,
+        aud: String,
+        azp: String,
+        birthdate: String,
+        email: email_address,
+        exp: Long,
+        iat: Long,
+        iss: TrustedIssuer,
+        jti: String,        
+        name: String,
+        phone_number: String,
+        role: Set<String>,
+        sub: String,
     };
     entity Userinfo_token  = {
-        "aud": String,
-        "birthdate": String,
-        "email": email_address,
-        "exp": Long,
-        "iat": Long,
-        "iss": TrustedIssuer,
-        "jti": String,
-        "name": String,
-        "phone_number": String,
-        "role": Set<String>,
-        "sub": String,
-    };
-    action POST appliesTo {
-        principal: Client,
-        resource: HTTP_Request,
+        aud: String,
+        birthdate: String,
+        email: email_address,
+        exp: Long,
+        iat: Long,
+        iss: TrustedIssuer,
+        jti: String,
+        name: String,
+        phone_number: String,
+        role: Set<String>,
+        sub: String,
+    };
+
+    // ******  Actions  ******
+    action Compare appliesTo {
+        principal: [User, Role],
+        resource: Application,
+        context: Context,
+    };
+    action Execute appliesTo {
+        principal: [User, Role],
+        resource: Application,
         context: Context,
     };
-    action GET appliesTo {
-        principal: Client,
-        resource: HTTP_Request,
+    action Monitor appliesTo {
+        principal: [User, Role],
+        resource: Application,
         context: Context,
     };
-    action PUT appliesTo {
-        principal: Client,
-        resource: HTTP_Request,
+    action Read appliesTo {
+        principal: [User, Role],
+        resource: Application,
         context: Context,
     };
-    action DELETE appliesTo {
-        principal: Client,
-        resource: HTTP_Request,
+    action Search appliesTo {
+        principal: [User, Role],
+        resource: Application,
         context: Context,
     };
-    action HEAD appliesTo {
-        principal: Client,
-        resource: HTTP_Request,
+    action Share appliesTo {
+        principal: [User, Role],
+        resource: Application,
         context: Context,
     };
-    action PATCH appliesTo {
-        principal: Client,
-        resource: HTTP_Request,
+    action Tag appliesTo {
+        principal: [User, Role],
+        resource: Application,
         context: Context,
     };
-    action Access appliesTo {
+    action Write appliesTo {
         principal: [User, Role],
         resource: Application,
         context: Context,
     };
 }
+

From de37d9df219beb9d7978e2e74ee2aa536fc0e52e Mon Sep 17 00:00:00 2001
From: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Date: Sat, 3 Aug 2024 00:43:18 +0300
Subject: [PATCH 42/43] feat(jans-orm): mask password attribute values (#9104)

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
---
 .../io/jans/orm/impl/BaseEntryManager.java    | 40 ++++++++++++++++++-
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/jans-orm/core/src/main/java/io/jans/orm/impl/BaseEntryManager.java b/jans-orm/core/src/main/java/io/jans/orm/impl/BaseEntryManager.java
index 75597e4f49b..64cc46b6928 100644
--- a/jans-orm/core/src/main/java/io/jans/orm/impl/BaseEntryManager.java
+++ b/jans-orm/core/src/main/java/io/jans/orm/impl/BaseEntryManager.java
@@ -86,6 +86,9 @@ public abstract class BaseEntryManager<O extends PersistenceOperationService> im
 	private static final Class<?>[] LDAP_EXPIRATION_PROPERTY_ANNOTATION = { Expiration.class };
 
 	public static final String OBJECT_CLASS = "objectClass";
+	public static final String USER_PASSWORD = "userPassword";
+	private static final String MASKED = "*masked*";
+
 	public static final String[] EMPTY_STRING_ARRAY = new String[0];
 
 	private static final Class<?>[] GROUP_BY_ALLOWED_DATA_TYPES = { String.class, Date.class, Integer.class,
@@ -136,7 +139,9 @@ public void persist(Object entry) {
 		String[] objectClasses = getObjectClasses(entry, entryClass);
 		attributes.add(new AttributeData(OBJECT_CLASS, objectClasses, true));
 
-		LOG.debug(String.format("LDAP attributes for persist: %s", attributes));
+		if (LOG.isDebugEnabled()) {
+			LOG.debug(String.format("LDAP attributes for persist: %s", maskSensetiveData(attributes)));
+		}
 
 		persist(dnValue.toString(), objectClasses, attributes, expirationValue);
 	}
@@ -1520,8 +1525,14 @@ private AttributeData getAttributeValues(String propertyName, String ldapAttribu
 		}
 
 		if (LOG.isDebugEnabled()) {
+			String values;
+			if (StringHelper.equalsIgnoreCase(USER_PASSWORD, propertyName)) {
+				values = MASKED;
+			} else {
+				values = Arrays.toString(attributeValues);
+			}
 			LOG.debug(String.format("Property: %s, LdapProperty: %s, PropertyValue: %s", propertyName,
-					ldapAttributeName, Arrays.toString(attributeValues)));
+					ldapAttributeName, values));
 		}
 
 		if (attributeValues.length == 0) {
@@ -2482,4 +2493,29 @@ protected void dumpAttributeDataModifications(String variableName, List<Attribut
 		System.out.println(variableName + ": END");
 	}
 
+	private String maskSensetiveData(List<AttributeData> attributes) {
+		if (attributes == null) {
+			return null;
+		}
+
+		boolean added = false;
+		StringBuilder sb = new StringBuilder("[");
+		for (AttributeData attr : attributes) {
+			if (added) {
+				sb.append(", ");
+			}
+
+			if (StringHelper.equalsIgnoreCase(USER_PASSWORD, attr.getName())) {
+				AttributeData clonedAttr = new AttributeData(
+						attr.getName(), MASKED, attr.getMultiValued(), attr.getJsonValue());
+				sb.append(clonedAttr);
+			} else {
+				sb.append(attr);
+			}
+			added = true;
+		}
+		sb.append(']');
+
+		return sb.toString();
+	}
 }

From e157cd4c8ff92c04e400fea29c51ae54f842a678 Mon Sep 17 00:00:00 2001
From: shekhar16 <shekhar16@users.noreply.github.com>
Date: Sun, 4 Aug 2024 01:10:48 +0530
Subject: [PATCH 43/43] fix(jans-setup): corrected jansscr (#9100)

* fix(jans-setup): corrected jansscr

Signed-off-by: shekhar16 <shekharlaad1609@gmail.com>

* fix(jans-setup): corrected jansscr

Signed-off-by: shekhar16 <shekharlaad1609@gmail.com>

---------

Signed-off-by: shekhar16 <shekharlaad1609@gmail.com>
---
 jans-linux-setup/jans_setup/templates/scripts.ldif | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jans-linux-setup/jans_setup/templates/scripts.ldif b/jans-linux-setup/jans_setup/templates/scripts.ldif
index 62743a9657f..95421c3c36a 100644
--- a/jans-linux-setup/jans_setup/templates/scripts.ldif
+++ b/jans-linux-setup/jans_setup/templates/scripts.ldif
@@ -636,7 +636,7 @@ jansLevel: 1
 jansModuleProperty: {"value1":"usage_type","value2":"interactive","description":""}
 jansModuleProperty: {"value1":"location_type","value2":"db","description":""}
 jansRevision: 1
-jansScr::%(fido2_extension_fido2extensionSample)s
+jansScr::%(fido2_fido2extensionsample)s
 jansScrTyp: fido2_extension
 objectClass: top
 objectClass: jansCustomScr