From 7f87a021f59f7a0487999c7aa9987e004d045b2c Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:28:36 -0700 Subject: [PATCH 01/11] chore(ci): Bump starter workflow to `v4` --- .github/workflows/keyfactor-starter-workflow.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml index 6d8de53..bd5f384 100644 --- a/.github/workflows/keyfactor-starter-workflow.yml +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -11,9 +11,17 @@ on: jobs: call-starter-workflow: - uses: keyfactor/actions/.github/workflows/starter.yml@v2 + uses: keyfactor/actions/.github/workflows/starter.yml@v4 + with: + command_token_url: ${{ vars.COMMAND_TOKEN_URL }} + command_hostname: ${{ vars.COMMAND_HOSTNAME }} + command_base_api_path: ${{ vars.COMMAND_API_PATH }} secrets: token: ${{ secrets.V2BUILDTOKEN}} - APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}} gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }} gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }} + scan_token: ${{ secrets.SAST_TOKEN }} + entra_username: ${{ secrets.DOCTOOL_ENTRA_USERNAME }} + entra_password: ${{ secrets.DOCTOOL_ENTRA_PASSWD }} + command_client_id: ${{ secrets.COMMAND_CLIENT_ID }} + command_client_secret: ${{ secrets.COMMAND_CLIENT_SECRET }} \ No newline at end of file From eef6e25e80aed6196fcd22b02d75392cb5ff12b2 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:29:29 -0700 Subject: [PATCH 02/11] chore(docs): Convert to doctool --- README.md | 2443 +++++++++++------ docs_old/README.md | 928 +++++++ readme_source.md => docs_old/readme_source.md | 0 docsource/content.md | 54 + .../K8SCert-advanced-store-type-dialog.png | Bin 0 -> 37377 bytes .../K8SCert-basic-store-type-dialog.png | Bin 0 -> 43441 bytes ...8SCert-custom-fields-store-type-dialog.png | Bin 0 -> 28089 bytes .../K8SCluster-advanced-store-type-dialog.png | Bin 0 -> 37362 bytes .../K8SCluster-basic-store-type-dialog.png | Bin 0 -> 44542 bytes ...luster-custom-fields-store-type-dialog.png | Bin 0 -> 26641 bytes .../K8SJKS-advanced-store-type-dialog.png | Bin 0 -> 37362 bytes .../images/K8SJKS-basic-store-type-dialog.png | Bin 0 -> 44358 bytes ...K8SJKS-custom-fields-store-type-dialog.png | Bin 0 -> 38143 bytes .../K8SNS-advanced-store-type-dialog.png | Bin 0 -> 37362 bytes .../images/K8SNS-basic-store-type-dialog.png | Bin 0 -> 43821 bytes .../K8SNS-custom-fields-store-type-dialog.png | Bin 0 -> 29121 bytes .../K8SPKCS12-advanced-store-type-dialog.png | Bin 0 -> 37362 bytes .../K8SPKCS12-basic-store-type-dialog.png | Bin 0 -> 45202 bytes ...PKCS12-custom-fields-store-type-dialog.png | Bin 0 -> 38809 bytes .../K8SSecret-advanced-store-type-dialog.png | Bin 0 -> 37373 bytes .../K8SSecret-basic-store-type-dialog.png | Bin 0 -> 44839 bytes ...Secret-custom-fields-store-type-dialog.png | Bin 0 -> 32652 bytes .../K8STLSSecr-advanced-store-type-dialog.png | Bin 0 -> 37373 bytes .../K8STLSSecr-basic-store-type-dialog.png | Bin 0 -> 45095 bytes ...LSSecr-custom-fields-store-type-dialog.png | Bin 0 -> 32983 bytes docsource/k8scert.md | 7 + docsource/k8scluster.md | 18 + docsource/k8sjks.md | 33 + docsource/k8sns.md | 26 + docsource/k8spkcs12.md | 34 + docsource/k8ssecret.md | 18 + docsource/k8stlssecr.md | 17 + integration-manifest.json | 190 +- scripts/kubernetes/README.md | 2 +- store_types.json | 35 + 35 files changed, 2952 insertions(+), 853 deletions(-) create mode 100644 docs_old/README.md rename readme_source.md => docs_old/readme_source.md (100%) create mode 100644 docsource/content.md create mode 100644 docsource/images/K8SCert-advanced-store-type-dialog.png create mode 100644 docsource/images/K8SCert-basic-store-type-dialog.png create mode 100644 docsource/images/K8SCert-custom-fields-store-type-dialog.png create mode 100644 docsource/images/K8SCluster-advanced-store-type-dialog.png create mode 100644 docsource/images/K8SCluster-basic-store-type-dialog.png create mode 100644 docsource/images/K8SCluster-custom-fields-store-type-dialog.png create mode 100644 docsource/images/K8SJKS-advanced-store-type-dialog.png create mode 100644 docsource/images/K8SJKS-basic-store-type-dialog.png create mode 100644 docsource/images/K8SJKS-custom-fields-store-type-dialog.png create mode 100644 docsource/images/K8SNS-advanced-store-type-dialog.png create mode 100644 docsource/images/K8SNS-basic-store-type-dialog.png create mode 100644 docsource/images/K8SNS-custom-fields-store-type-dialog.png create mode 100644 docsource/images/K8SPKCS12-advanced-store-type-dialog.png create mode 100644 docsource/images/K8SPKCS12-basic-store-type-dialog.png create mode 100644 docsource/images/K8SPKCS12-custom-fields-store-type-dialog.png create mode 100644 docsource/images/K8SSecret-advanced-store-type-dialog.png create mode 100644 docsource/images/K8SSecret-basic-store-type-dialog.png create mode 100644 docsource/images/K8SSecret-custom-fields-store-type-dialog.png create mode 100644 docsource/images/K8STLSSecr-advanced-store-type-dialog.png create mode 100644 docsource/images/K8STLSSecr-basic-store-type-dialog.png create mode 100644 docsource/images/K8STLSSecr-custom-fields-store-type-dialog.png create mode 100644 docsource/k8scert.md create mode 100644 docsource/k8scluster.md create mode 100644 docsource/k8sjks.md create mode 100644 docsource/k8sns.md create mode 100644 docsource/k8spkcs12.md create mode 100644 docsource/k8ssecret.md create mode 100644 docsource/k8stlssecr.md diff --git a/README.md b/README.md index dfff94a..977454c 100644 --- a/README.md +++ b/README.md @@ -1,928 +1,1709 @@ +

+ Kubernetes Universal Orchestrator Extension +

+ +

+ +Integration Status: production +Release +Issues +GitHub Downloads (all assets, all releases) +

-# Kubernetes Orchestrator Extension +

+ + + Support + + · + + Installation + + · + + License + + · + + Related Integrations + +

-The Kubernetes Orchestrator allows for the remote management of certificate stores defined in a Kubernetes cluster. The following types of Kubernetes resources are supported: kubernetes secrets of `kubernetes.io/tls` or `Opaque` and kubernetes certificates `certificates.k8s.io/v1` +## Overview -#### Integration status: Production - Ready for use in production environments. +The Kubernetes Orchestrator allows for the remote management of certificate stores defined in a Kubernetes cluster. +The following types of Kubernetes resources are supported: kubernetes secrets of `kubernetes.io/tls` or `Opaque` and +kubernetes certificates `certificates.k8s.io/v1` + +The certificate store types that can be managed in the current version are: +- `K8SCert` - Kubernetes certificates of type `certificates.k8s.io/v1` +- `K8SSecret` - Kubernetes secrets of type `Opaque` +- `K8STLSSecret` - Kubernetes secrets of type `kubernetes.io/tls` +- `K8SCluster` - This allows for a single store to manage a k8s cluster's secrets or type `Opaque` and `kubernetes.io/tls`. + This can be thought of as a container of `K8SSecret` and `K8STLSSecret` stores across all k8s namespaces. +- `K8SNS` - This allows for a single store to manage a k8s namespace's secrets or type `Opaque` and `kubernetes.io/tls`. + This can be thought of as a container of `K8SSecret` and `K8STLSSecret` stores for a single k8s namespace. +- `K8SJKS` - Kubernetes secrets of type `Opaque` that contain one or more Java Keystore(s). These cannot be managed at the + cluster or namespace level as they should all require unique credentials. +- `K8SPKCS12` - Kubernetes secrets of type `Opaque` that contain one or more PKCS12(s). These cannot be managed at the + cluster or namespace level as they should all require unique credentials. + +This orchestrator extension makes use of the Kubernetes API by using a service account +to communicate remotely with certificate stores. The service account must have the correct permissions +in order to perform the desired operations. For more information on the required permissions, see the +[service account setup guide](#service-account-setup). -## About the Keyfactor Universal Orchestrator Extension +The Kubernetes Universal Orchestrator extension implements 7 Certificate Store Types. Depending on your use case, you may elect to use one, or all of these Certificate Store Types. Descriptions of each are provided below. -This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications. +- [K8SCert](#K8SCert) -The Universal Orchestrator is part of the Keyfactor software distribution and is available via the Keyfactor customer portal. For general instructions on installing Extensions, see the “Keyfactor Command Orchestrator Installation and Configuration Guide” section of the Keyfactor documentation. For configuration details of this specific Extension see below in this readme. +- [K8SCluster](#K8SCluster) -The Universal Orchestrator is the successor to the Windows Orchestrator. This Orchestrator Extension plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator. +- [K8SJKS](#K8SJKS) -## Support for Kubernetes Orchestrator Extension +- [K8SNS](#K8SNS) -Kubernetes Orchestrator Extension is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com +- [K8SPKCS12](#K8SPKCS12) -###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. +- [K8SSecret](#K8SSecret) ---- +- [K8STLSSecr](#K8STLSSecr) ---- +## Compatibility +This integration is compatible with Keyfactor Universal Orchestrator version 12.4 and later. +## Support +The Kubernetes Universal Orchestrator extension is community open source and there is **no SLA**. Keyfactor will address issues as resources become available. -## Keyfactor Version Supported +> To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute bug fixes or additional enhancements, use the **[Pull requests](../../pulls)** tab. -The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.x -## Platform Specific Notes +## Requirements & Prerequisites -The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running. -| Operation | Win | Linux | -|-----|-----|------| -|Supports Management Add|✓ |✓ | -|Supports Management Remove|✓ |✓ | -|Supports Create Store|✓ |✓ | -|Supports Discovery|✓ |✓ | -|Supports Reenrollment| | | -|Supports Inventory|✓ |✓ | +Before installing the Kubernetes Universal Orchestrator extension, we recommend that you install [kfutil](https://github.com/Keyfactor/kfutil). Kfutil is a command-line tool that simplifies the process of creating store types, installing extensions, and instantiating certificate stores in Keyfactor Command. -## PAM Integration +### Kubernetes API Access +This orchestrator extension makes use of the Kubernetes API by using a service account +to communicate remotely with certificate stores. The service account must exist and have the appropriate permissions. +The service account token can be provided to the extension in one of two ways: +- As a raw JSON file that contains the service account credentials +- As a base64 encoded string that contains the service account credentials -This orchestrator extension has the ability to connect to a variety of supported PAM providers to allow for the retrieval of various client hosted secrets right from the orchestrator server itself. This eliminates the need to set up the PAM integration on Keyfactor Command which may be in an environment that the client does not want to have access to their PAM provider. +#### Service Account Setup +To set up a service account user on your Kubernetes cluster to be used by the Kubernetes Orchestrator Extension. For full +information on the required permissions, see the [service account setup guide](./scripts/kubernetes/README.md). -The secrets that this orchestrator extension supports for use with a PAM Provider are: -| Name | Description | -|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| ServerUsername | Must be set to `kubeconfig` if used. If you do not set it to `kubeconfig` the `ServerPassword` will be ignored. | -| ServerPassword | Must be set if `ServerUsername` is provided. The service account credentials for the Universal Orchestrator to use. Must be in `kubeconfig` format. For more information review [Kubernetes service account](https://github.com/Keyfactor/kubernetes-orchestrator/blob/main/scripts/kubernetes/README.md) docs and scripts. | - +## Certificate Store Types -It is not necessary to use a PAM Provider for all of the secrets available above. If a PAM Provider should not be used, simply enter in the actual value to be used, as normal. +To use the Kubernetes Universal Orchestrator extension, you **must** create the Certificate Store Types required for your use-case. This only needs to happen _once_ per Keyfactor Command instance. -If a PAM Provider will be used for one of the fields above, start by referencing the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam). The GitHub repo for the PAM Provider to be used contains important information such as the format of the `json` needed. What follows is an example but does not reflect the `json` values for all PAM Providers as they have different "instance" and "initialization" parameter names and values. +The Kubernetes Universal Orchestrator extension implements 7 Certificate Store Types. Depending on your use case, you may elect to use one, or all of these Certificate Store Types. -
General PAM Provider Configuration -

+### K8SCert +

Click to expand details -### Example PAM Provider Setup +The `K8SCert` store type is used to manage Kubernetes certificates of type `certificates.k8s.io/v1`. -To use a PAM Provider to resolve a field, in this example the __Server Password__ will be resolved by the `Hashicorp-Vault` provider, first install the PAM Provider extension from the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) on the Universal Orchestrator. +**NOTE**: only `inventory` and `discovery` of these resources is supported with this extension. To provision these certs use the +[k8s-csr-signer](https://github.com/Keyfactor/k8s-csr-signer). -Next, complete configuration of the PAM Provider on the UO by editing the `manifest.json` of the __PAM Provider__ (e.g. located at extensions/Hashicorp-Vault/manifest.json). The "initialization" parameters need to be entered here: -~~~ json - "Keyfactor:PAMProviders:Hashicorp-Vault:InitializationInfo": { - "Host": "http://127.0.0.1:8200", - "Path": "v1/secret/data", - "Token": "xxxxxx" - } -~~~ -After these values are entered, the Orchestrator needs to be restarted to pick up the configuration. Now the PAM Provider can be used on other Orchestrator Extensions. -### Use the PAM Provider -With the PAM Provider configured as an extenion on the UO, a `json` object can be passed instead of an actual value to resolve the field with a PAM Provider. Consult the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) for the specific format of the `json` object. +#### Supported Operations -To have the __Server Password__ field resolved by the `Hashicorp-Vault` provider, the corresponding `json` object from the `Hashicorp-Vault` extension needs to be copied and filed in with the correct information: +| Operation | Is Supported | +|--------------|------------------------------------------------------------------------------------------------------------------------| +| Add | 🔲 Unchecked | +| Remove | 🔲 Unchecked | +| Discovery | ✅ Checked | +| Reenrollment | 🔲 Unchecked | +| Create | 🔲 Unchecked | -~~~ json -{"Secret":"my-kv-secret","Key":"myServerPassword"} -~~~ +#### Store Type Creation -This text would be entered in as the value for the __Server Password__, instead of entering in the actual password. The Orchestrator will attempt to use the PAM Provider to retrieve the __Server Password__. If PAM should not be used, just directly enter in the value for the field. -

-
- - - - ---- - - -## Table of Contents -- [Keyfactor Version Supported](#keyfactor-version-supported) -- [Platform Specific Notes](#platform-specific-notes) -- [PAM Integration](#pam-integration) -- [Overview](#overview) - * [K8SCert](#k8scert) - * [K8SSecret](#k8ssecret) - * [K8STLSSecret](#k8stlssecret) - * [K8SJKS](#k8sjks) -- [Versioning](#versioning) -- [Security Considerations](#security-considerations) - * [Service Account Setup](#service-account-setup) -- [Kubernetes Orchestrator Extension Installation](#kubernetes-orchestrator-extension-installation) -- [Certificate Store Types](#certificate-store-types) - * [Configuration Information](#configuration-information) - + [Note about StorePath](#note-about-storepath) - + [Common Values](#common-values) - - [UI Basic Tab](#ui-basic-tab) - - [UI Advanced Tab](#ui-advanced-tab) - - [Custom Fields Tab](#custom-fields-tab) - - [Kube Secret Types](#kube-secret-types) - - [Entry Parameters Tab:](#entry-parameters-tab-) - * [K8SSecret Store Type](#k8ssecret-store-type) - + [kfutil Create K8SSecret Store Type](#kfutil-create-k8ssecret-store-type) - + [UI Configuration](#ui-configuration) - - [UI Basic Tab](#ui-basic-tab-1) - - [UI Advanced Tab](#ui-advanced-tab-1) - - [UI Custom Fields Tab](#ui-custom-fields-tab) - - [UI Entry Parameters Tab:](#ui-entry-parameters-tab-) - * [K8STLSSecr Store Type](#k8stlssecr-store-type) - + [kfutil Create K8STLSSecr Store Type](#kfutil-create-k8stlssecr-store-type) - + [UI Configuration](#ui-configuration-1) - - [UI Basic Tab](#ui-basic-tab-2) - - [UI Advanced Tab](#ui-advanced-tab-2) - - [UI Custom Fields Tab](#ui-custom-fields-tab-1) - - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--1) - * [K8SPKCS12 Store Type](#k8spkcs12-store-type) - + [kfutil Create K8SPKCS12 Store Type](#kfutil-create-k8spkcs12-store-type) - + [UI Configuration](#ui-configuration-2) - - [UI Basic Tab](#ui-basic-tab-3) - - [UI Advanced Tab](#ui-advanced-tab-3) - - [UI Custom Fields Tab](#ui-custom-fields-tab-2) - - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--2) - * [K8SJKS Store Type](#k8sjks-store-type) - + [Storepath Patterns](#storepath-patterns) - + [Alias Patterns](#alias-patterns) - + [kfutil Create K8SJKS Store Type](#kfutil-create-k8sjks-store-type) - + [UI Configuration](#ui-configuration-3) - - [UI Basic Tab](#ui-basic-tab-4) - - [UI Advanced Tab](#ui-advanced-tab-4) - - [UI Custom Fields Tab](#ui-custom-fields-tab-3) - - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--3) - * [K8SCluster Store Type](#k8scluster-store-type) - + [Storepath Patterns](#storepath-patterns-1) - + [Alias Patterns](#alias-patterns-1) - + [kfutil Create K8SCluster Store Type](#kfutil-create-k8scluster-store-type) - + [UI Configuration](#ui-configuration-4) - - [UI Basic Tab](#ui-basic-tab-5) - - [UI Advanced Tab](#ui-advanced-tab-5) - - [UI Custom Fields Tab](#ui-custom-fields-tab-4) - - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--4) - * [K8SNS Store Type](#k8sns-store-type) - + [Storepath Patterns](#storepath-patterns-2) - + [Alias Patterns](#alias-patterns-2) - + [kfutil Create K8SNS Store Type](#kfutil-create-k8sns-store-type) - + [UI Configuration](#ui-configuration-5) - - [UI Basic Tab](#ui-basic-tab-6) - - [UI Advanced Tab](#ui-advanced-tab-6) - - [UI Custom Fields Tab](#ui-custom-fields-tab-5) - - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--5) - * [K8SCert Store Type](#k8scert-store-type) - + [UI Configuration](#ui-configuration-6) - - [UI Basic Tab](#ui-basic-tab-7) - - [UI Advanced Tab](#ui-advanced-tab-7) - - [UI Custom Fields Tab](#ui-custom-fields-tab-6) - - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--6) -- [Creating Certificate Stores and Scheduling Discovery Jobs](#creating-certificate-stores-and-scheduling-discovery-jobs) -- [Certificate Discovery](#certificate-discovery) - * [K8SNS Discovery](#k8sns-discovery) - * [K8SPKCS12 and K8SJKS Discovery](#k8spkcs12-and-k8sjks-discovery) -- [Certificate Inventory](#certificate-inventory) -- [Certificate Management](#certificate-management) - * [K8STLSSecr & K8SSecret](#k8stlssecr---k8ssecret) - + [Opaque & tls secret w/o ca.crt](#opaque---tls-secret-w-o-cacrt) - + [Opaque & tls secret w/ ca.crt](#opaque---tls-secret-w--cacrt) - + [Opaque & tls secret w/o private key](#opaque---tls-secret-w-o-private-key) - * [K8SJKS & K8SPKCS12](#k8sjks---k8spkcs12) -- [Development](#development) -- [License](#license) - - -## Keyfactor Version Supported - -The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.1 - -| Keyfactor Version | Universal Orchestrator Framework Version | Supported | -|-------------------|------------------------------------------|--------------| -| 10.2.1 | 10.1, 10.2 | ✓ | -| 10.1.1 | 10.1, 10.2 | ✓ | -| 10.0.0 | 10.1, 10.2 | ✓ | -| 9.10.1 | Not supported on KF 9.X.X | x | -| 9.5.0 | Not supported on KF 9.X.X | x | - -## Platform Specific Notes - -The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. -The certificate operations supported by a capability may vary based what platform the capability is installed on. -See the store type specific sections below for more details on specific cababilities based on Kubernetes resource type. - -## PAM Integration - -This orchestrator extension has the ability to connect to a variety of supported PAM providers to -allow for the retrieval of various client hosted secrets right from the orchestrator server itself. -This eliminates the need to set up the PAM integration on Keyfactor Command which may be in an -environment that the client does not want to have access to their PAM provider. - -The secrets that this orchestrator extension supports for use with a PAM Provider are: - -| Name | Description | -|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| ServerPassword | This is a raw JSON file that contains service account credentials to interact with the Kubernetes APIs. See the service account setup guide for permission details. | -| ServerUsername | This is a static value that must be set to `kubeconfig`. | - - -It is not necessary to implement all of the secrets available to be managed by a PAM provider. -For each value that you want managed by a PAM provider, simply enter the key value inside your -specific PAM provider that will hold this value into the corresponding field when setting up -the certificate store, discovery job, or API call. - -Setting up a PAM provider for use involves adding an additional section to the manifest.json -file for this extension as well as setting up the PAM provider you will be using. Each of -these steps is specific to the PAM provider you will use and are documented in the specific -GitHub repo for that provider. For a list of Keyfactor supported PAM providers, please -reference the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam). - ---- - - -## Overview -The Kubernetes Orchestrator Extension is an integration that can remotely manage certificate -resources in a Kubernetes cluster. The certificate store types that can be managed in the -current version are: -- K8SCert - Kubernetes certificates of type `certificates.k8s.io/v1` -- K8SSecret - Kubernetes secrets of type `Opaque` -- K8STLSSecret - Kubernetes secrets of type `kubernetes.io/tls` -- K8SCluster - This allows for a single store to manage a k8s cluster's secrets or type `Opaque` and `kubernetes.io/tls`. -This can be thought of as a container of `K8SSecret` and `K8STLSSecret` stores across all k8s namespaces. -- K8SNS - This allows for a single store to manage a k8s namespace's secrets or type `Opaque` and `kubernetes.io/tls`. -This can be thought of as a container of `K8SSecret` and `K8STLSSecret` stores for a single k8s namespace. -- K8SJKS - Kubernetes secrets of type `Opaque` that contain one or more Java Keystore(s). These cannot be managed at the -cluster or namespace level as they should all require unique credentials. -- K8SPKCS12 - Kubernetes secrets of type `Opaque` that contain one or more PKCS12(s). These cannot be managed at the -cluster or namespace level as they should all require unique credentials. - -This orchestrator extension makes use of the Kubernetes API by using a service account -to communicate remotely with certificate stores. The service account must have the correct permissions -in order to perform the desired operations. For more information on the required permissions, see the -[service account setup guide](#service-account-setup). +##### Using kfutil: +`kfutil` is a custom CLI for the Keyfactor Command API and can be used to create certificate store types. +For more information on [kfutil](https://github.com/Keyfactor/kfutil) check out the [docs](https://github.com/Keyfactor/kfutil?tab=readme-ov-file#quickstart) +
Click to expand K8SCert kfutil details -### K8SCert -The K8SCert store type is used to manage Kubernetes certificates of type `certificates.k8s.io/v1`. -To provision these certs use the [k8s-csr-signer](https://github.com/Keyfactor/k8s-csr-signer) -documentation for more information. + ##### Using online definition from GitHub: + This will reach out to GitHub and pull the latest store-type definition + ```shell + # K8SCert + kfutil store-types create K8SCert + ``` -### K8SSecret -The K8SSecret store type is used to manage Kubernetes secrets of type `Opaque`. These secrets can have any -arbitrary fields, but except for the `tls.crt` and `tls.key` fields, these are reserved for the `kubernetes.io/tls` -secret type. -**NOTE**: The orchestrator will only manage the fields named `certificates` and `private_keys` in the -secret. Any other fields will be ignored. + ##### Offline creation using integration-manifest file: + If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo. + You would first download the [integration-manifest.json](./integration-manifest.json) and then run the following command + in your offline environment. + ```shell + kfutil store-types create --from-file integration-manifest.json + ``` +
+ + +#### Manual Creation +Below are instructions on how to create the K8SCert store type manually in +the Keyfactor Command Portal +
Click to expand manual K8SCert details + + Create a store type called `K8SCert` with the attributes in the tables below: + + ##### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | K8SCert | Display name for the store type (may be customized) | + | Short Name | K8SCert | Short display name for the store type | + | Capability | K8SCert | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | 🔲 Unchecked | Indicates that the Store Type supports Management Add | + | Supports Remove | 🔲 Unchecked | Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | 🔲 Unchecked | Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![K8SCert Basic Tab](docsource/images/K8SCert-basic-store-type-dialog.png) + + ##### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Forbidden | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Forbidden | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![K8SCert Advanced Tab](docsource/images/K8SCert-advanced-store-type-dialog.png) + + > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX. + + ##### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | This should be no value or `kubeconfig` | Secret | None | 🔲 Unchecked | + | ServerPassword | Server Password | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | Secret | None | ✅ Checked | + | KubeNamespace | KubeNamespace | The K8S namespace to use to manage the K8S secret object. | String | default | 🔲 Unchecked | + | KubeSecretName | KubeSecretName | The name of the K8S secret object. | String | | 🔲 Unchecked | + | KubeSecretType | KubeSecretType | This defaults to and must be `csr` | String | cert | ✅ Checked | + + The Custom Fields tab should look like this: + + ![K8SCert Custom Fields Tab](docsource/images/K8SCert-custom-fields-store-type-dialog.png) + +
+
+ +### K8SCluster + +
Click to expand details + + +The `K8SCluster` store type allows for a single store to manage a k8s cluster's secrets or type `Opaque` and `kubernetes.io/tls`. + + + + +#### Supported Operations + +| Operation | Is Supported | +|--------------|------------------------------------------------------------------------------------------------------------------------| +| Add | ✅ Checked | +| Remove | ✅ Checked | +| Discovery | 🔲 Unchecked | +| Reenrollment | 🔲 Unchecked | +| Create | ✅ Checked | + +#### Store Type Creation + +##### Using kfutil: +`kfutil` is a custom CLI for the Keyfactor Command API and can be used to create certificate store types. +For more information on [kfutil](https://github.com/Keyfactor/kfutil) check out the [docs](https://github.com/Keyfactor/kfutil?tab=readme-ov-file#quickstart) +
Click to expand K8SCluster kfutil details + + ##### Using online definition from GitHub: + This will reach out to GitHub and pull the latest store-type definition + ```shell + # K8SCluster + kfutil store-types create K8SCluster + ``` + + ##### Offline creation using integration-manifest file: + If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo. + You would first download the [integration-manifest.json](./integration-manifest.json) and then run the following command + in your offline environment. + ```shell + kfutil store-types create --from-file integration-manifest.json + ``` +
+ + +#### Manual Creation +Below are instructions on how to create the K8SCluster store type manually in +the Keyfactor Command Portal +
Click to expand manual K8SCluster details + + Create a store type called `K8SCluster` with the attributes in the tables below: + + ##### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | K8SCluster | Display name for the store type (may be customized) | + | Short Name | K8SCluster | Short display name for the store type | + | Capability | K8SCluster | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | 🔲 Unchecked | Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | ✅ Checked | Check the box. Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![K8SCluster Basic Tab](docsource/images/K8SCluster-basic-store-type-dialog.png) + + ##### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Optional | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![K8SCluster Advanced Tab](docsource/images/K8SCluster-advanced-store-type-dialog.png) + + > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX. + + ##### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | This should be no value or `kubeconfig` | Secret | None | 🔲 Unchecked | + | ServerPassword | Server Password | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | Secret | None | ✅ Checked | + | SeparateChain | Separate Certificate Chain | Whether to store the certificate chain separately from the certificate. | Bool | false | 🔲 Unchecked | + | IncludeCertChain | Include Certificate Chain | Whether to include the certificate chain in the certificate. | Bool | true | 🔲 Unchecked | -### K8STLSSecret -The K8STLSSecret store type is used to manage Kubernetes secrets of type `kubernetes.io/tls`. These secrets -must have the `tls.crt` and `tls.key` fields and may only contain a single key and single certificate. + The Custom Fields tab should look like this: + + ![K8SCluster Custom Fields Tab](docsource/images/K8SCluster-custom-fields-store-type-dialog.png) + +
+
### K8SJKS -The K8SJKS store type is used to manage Kubernetes secrets of type `Opaque`. These secrets + +
Click to expand details + + +The `K8SJKS` store type is used to manage Kubernetes secrets of type `Opaque`. These secrets must have a field that ends in `.jks`. The orchestrator will inventory and manage using a *custom alias* of the following pattern: `/`. For example, if the secret has a field named `mykeystore.jks` and the keystore contains a certificate with an alias of `mycert`, the orchestrator will manage the certificate using the -alias `mykeystore.jks/mycert`. +alias `mykeystore.jks/mycert`. *NOTE* *This store type cannot be managed at the `cluster` or `namespace` level as they +should all require unique credentials.* + + + + +#### Supported Operations + +| Operation | Is Supported | +|--------------|------------------------------------------------------------------------------------------------------------------------| +| Add | ✅ Checked | +| Remove | ✅ Checked | +| Discovery | ✅ Checked | +| Reenrollment | 🔲 Unchecked | +| Create | ✅ Checked | + +#### Store Type Creation + +##### Using kfutil: +`kfutil` is a custom CLI for the Keyfactor Command API and can be used to create certificate store types. +For more information on [kfutil](https://github.com/Keyfactor/kfutil) check out the [docs](https://github.com/Keyfactor/kfutil?tab=readme-ov-file#quickstart) +
Click to expand K8SJKS kfutil details + + ##### Using online definition from GitHub: + This will reach out to GitHub and pull the latest store-type definition + ```shell + # K8SJKS + kfutil store-types create K8SJKS + ``` + + ##### Offline creation using integration-manifest file: + If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo. + You would first download the [integration-manifest.json](./integration-manifest.json) and then run the following command + in your offline environment. + ```shell + kfutil store-types create --from-file integration-manifest.json + ``` +
+ + +#### Manual Creation +Below are instructions on how to create the K8SJKS store type manually in +the Keyfactor Command Portal +
Click to expand manual K8SJKS details + + Create a store type called `K8SJKS` with the attributes in the tables below: + + ##### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | K8SJKS | Display name for the store type (may be customized) | + | Short Name | K8SJKS | Short display name for the store type | + | Capability | K8SJKS | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | ✅ Checked | Check the box. Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | ✅ Checked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![K8SJKS Basic Tab](docsource/images/K8SJKS-basic-store-type-dialog.png) + + ##### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Optional | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![K8SJKS Advanced Tab](docsource/images/K8SJKS-advanced-store-type-dialog.png) + + > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX. + + ##### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | This should be no value or `kubeconfig` | Secret | None | 🔲 Unchecked | + | ServerPassword | Server Password | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | Secret | None | ✅ Checked | + | KubeNamespace | KubeNamespace | The K8S namespace to use to manage the K8S secret object. | String | default | 🔲 Unchecked | + | KubeSecretName | KubeSecretName | The name of the K8S secret object. | String | | 🔲 Unchecked | + | KubeSecretType | KubeSecretType | This defaults to and must be `jks` | String | jks | ✅ Checked | + | CertificateDataFieldName | CertificateDataFieldName | | String | .jks | ✅ Checked | + | PasswordFieldName | PasswordFieldName | | String | password | 🔲 Unchecked | + | PasswordIsK8SSecret | Password Is K8S Secret | | Bool | false | 🔲 Unchecked | + | StorePasswordPath | StorePasswordPath | | String | | 🔲 Unchecked | + + The Custom Fields tab should look like this: + + ![K8SJKS Custom Fields Tab](docsource/images/K8SJKS-custom-fields-store-type-dialog.png) + +
+
+ +### K8SNS + +
Click to expand details + + +The `K8SNS` store type is used to manage Kubernetes secrets of type `kubernetes.io/tls` and/or type `Opaque` in a single +Keyfactor Command certificate store using an alias pattern of + + + + +#### Supported Operations + +| Operation | Is Supported | +|--------------|------------------------------------------------------------------------------------------------------------------------| +| Add | ✅ Checked | +| Remove | ✅ Checked | +| Discovery | ✅ Checked | +| Reenrollment | 🔲 Unchecked | +| Create | ✅ Checked | + +#### Store Type Creation + +##### Using kfutil: +`kfutil` is a custom CLI for the Keyfactor Command API and can be used to create certificate store types. +For more information on [kfutil](https://github.com/Keyfactor/kfutil) check out the [docs](https://github.com/Keyfactor/kfutil?tab=readme-ov-file#quickstart) +
Click to expand K8SNS kfutil details + + ##### Using online definition from GitHub: + This will reach out to GitHub and pull the latest store-type definition + ```shell + # K8SNS + kfutil store-types create K8SNS + ``` + + ##### Offline creation using integration-manifest file: + If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo. + You would first download the [integration-manifest.json](./integration-manifest.json) and then run the following command + in your offline environment. + ```shell + kfutil store-types create --from-file integration-manifest.json + ``` +
+ + +#### Manual Creation +Below are instructions on how to create the K8SNS store type manually in +the Keyfactor Command Portal +
Click to expand manual K8SNS details + + Create a store type called `K8SNS` with the attributes in the tables below: + + ##### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | K8SNS | Display name for the store type (may be customized) | + | Short Name | K8SNS | Short display name for the store type | + | Capability | K8SNS | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | ✅ Checked | Check the box. Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![K8SNS Basic Tab](docsource/images/K8SNS-basic-store-type-dialog.png) + + ##### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Optional | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![K8SNS Advanced Tab](docsource/images/K8SNS-advanced-store-type-dialog.png) + + > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX. + + ##### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | This should be no value or `kubeconfig` | Secret | None | 🔲 Unchecked | + | ServerPassword | Server Password | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | Secret | None | ✅ Checked | + | KubeNamespace | Kube Namespace | | String | default | 🔲 Unchecked | + | SeparateChain | Separate Certificate Chain | Whether to store the certificate chain separately from the certificate. | Bool | false | 🔲 Unchecked | + | IncludeCertChain | Include Certificate Chain | Whether to include the certificate chain in the certificate. | Bool | true | 🔲 Unchecked | + + The Custom Fields tab should look like this: + + ![K8SNS Custom Fields Tab](docsource/images/K8SNS-custom-fields-store-type-dialog.png) + +
+
### K8SPKCS12 -The K8SPKCS12 store type is used to manage Kubernetes secrets of type `Opaque`. These secrets -must have a field that ends in `.p12`, `.pkcs12`, `.pfx`. The orchestrator will inventory and manage using a -*custom alias* of the following pattern: `/`. For example, if the secret has a -field named `mykeystore.p12` and the keystore contains a certificate with an alias of `mycert`, the orchestrator will -manage the certificate using the alias `mykeystore.p12/mycert`. - -## Versioning - -The version number of a the Kubernetes Orchestrator Extension can be verified by right clicking on the -`Kyefactor.Orchestrators.K8S.dll` file in the `///Extensions/Kubernetes` installation folder, -selecting Properties, and then clicking on the Details tab. - -## Security Considerations -For the Kubernetes Orchestrator Extension to be able to communicate with a Kubernetes cluster, it must -be able to authenticate with the cluster. This is done by providing the extension with a service account -token that has the appropriate permissions to perform the desired operations. The service account token -can be provided to the extension in one of two ways: -- As a raw JSON file that contains the service account credentials -- As a base64 encoded string that contains the service account credentials -### Service Account Setup -To set up a service account user on your Kubernetes cluster to be used by the Kubernetes Orchestrator Extension, use the following example as a guide: -```yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: keyfactor - namespace: keyfactor ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: keyfactor -rules: -- apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests"] - verbs: ["create", "get", "list", "watch", "update", "patch", "delete"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "list", "watch", "update", "patch", "delete"] -- apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: keyfactor -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: keyfactor -subjects: -- kind: ServiceAccount - name: keyfactor - namespace: keyfactor -``` - -## Kubernetes Orchestrator Extension Installation -1. Create the certificate store types you wish to manage. Please refer to the individual sections - devoted to each supported store type under "Certificate Store Types" later in this README. -2. Stop the Keyfactor Universal Orchestrator Service for the orchestrator you plan to install this - extension to run on. -3. In the Keyfactor Orchestrator installation folder (by convention usually - C:\Program Files\Keyfactor\Keyfactor Orchestrator), find the "Extensions" folder. Underneath that, - create a new folder named "Kubernetes". You may choose to use a different name if you wish. -4. Download the latest version of the Kubernetes orchestrator extension from - [GitHub](https://github.com/Keyfactor/kubernetes-orchestrator). Click on the "Latest" release - link on the right hand side of the main page and download the first zip file. -5. Copy the contents of the download installation zip file to the folder created in Step 3. -6. (Optional) If you decide to create one or more certificate store types with short names different - than the suggested values (please see the individual certificate store type sections in "Certificate - Store Types" later in this README for more information regarding certificate store types), edit the - manifest.json file in the folder you created in step 3, and modify each "ShortName" in each - "Certstores.{ShortName}.{Operation}" line with the ShortName you used to create the respective - certificate store type. If you created it with the suggested values, this step can be skipped. -7. Modify the config.json file (See the "Configuration File Setup" section later in this README) -8. Start the Keyfactor Universal Orchestrator Service. -9. Create the certificate store types you wish to manage. Please refer to the individual sections - devoted to each supported store type under [Certificate Store Types](#certificate-store-types) later in this README. -10. (Optional) Run certificate discovery jobs to populate the certificate stores with existing - certificates. See the [Certificate Store Discovery](#certificate-store-discovery) section later in this README for more - information. +
Click to expand details + + +The `K8SPKCS12` store type is used to manage Kubernetes secrets of type `Opaque`. These secrets +must have a field that ends in `.pkcs12`. The orchestrator will inventory and manage using a *custom alias* of the following +pattern: `/`. For example, if the secret has a field named `mykeystore.pkcs12` and +the keystore contains a certificate with an alias of `mycert`, the orchestrator will manage the certificate using the +alias `mykeystore.pkcs12/mycert`. *NOTE* *This store type cannot be managed at the `cluster` or `namespace` level as they +should all require unique credentials.* + + + + +#### Supported Operations + +| Operation | Is Supported | +|--------------|------------------------------------------------------------------------------------------------------------------------| +| Add | ✅ Checked | +| Remove | ✅ Checked | +| Discovery | ✅ Checked | +| Reenrollment | 🔲 Unchecked | +| Create | ✅ Checked | + +#### Store Type Creation + +##### Using kfutil: +`kfutil` is a custom CLI for the Keyfactor Command API and can be used to create certificate store types. +For more information on [kfutil](https://github.com/Keyfactor/kfutil) check out the [docs](https://github.com/Keyfactor/kfutil?tab=readme-ov-file#quickstart) +
Click to expand K8SPKCS12 kfutil details + + ##### Using online definition from GitHub: + This will reach out to GitHub and pull the latest store-type definition + ```shell + # K8SPKCS12 + kfutil store-types create K8SPKCS12 + ``` + + ##### Offline creation using integration-manifest file: + If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo. + You would first download the [integration-manifest.json](./integration-manifest.json) and then run the following command + in your offline environment. + ```shell + kfutil store-types create --from-file integration-manifest.json + ``` +
+ + +#### Manual Creation +Below are instructions on how to create the K8SPKCS12 store type manually in +the Keyfactor Command Portal +
Click to expand manual K8SPKCS12 details + + Create a store type called `K8SPKCS12` with the attributes in the tables below: + + ##### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | K8SPKCS12 | Display name for the store type (may be customized) | + | Short Name | K8SPKCS12 | Short display name for the store type | + | Capability | K8SPKCS12 | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | ✅ Checked | Check the box. Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | ✅ Checked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![K8SPKCS12 Basic Tab](docsource/images/K8SPKCS12-basic-store-type-dialog.png) + + ##### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Optional | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![K8SPKCS12 Advanced Tab](docsource/images/K8SPKCS12-advanced-store-type-dialog.png) + + > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX. + + ##### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | This should be no value or `kubeconfig` | Secret | None | 🔲 Unchecked | + | ServerPassword | Server Password | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | Secret | None | ✅ Checked | + | KubeSecretType | Kube Secret Type | This defaults to and must be `pkcs12` | String | pkcs12 | ✅ Checked | + | CertificateDataFieldName | CertificateDataFieldName | | String | .p12 | ✅ Checked | + | PasswordFieldName | Password Field Name | | String | password | 🔲 Unchecked | + | PasswordIsK8SSecret | Password Is K8S Secret | | Bool | false | 🔲 Unchecked | + | KubeNamespace | Kube Namespace | | String | default | 🔲 Unchecked | + | KubeSecretName | Kube Secret Name | | String | | 🔲 Unchecked | + | StorePasswordPath | StorePasswordPath | | String | | 🔲 Unchecked | + + The Custom Fields tab should look like this: + + ![K8SPKCS12 Custom Fields Tab](docsource/images/K8SPKCS12-custom-fields-store-type-dialog.png) + +
+
+ +### K8SSecret + +
Click to expand details + + +The `K8SSecret` store type is used to manage Kubernetes secrets of type `Opaque`. + + + + +#### Supported Operations + +| Operation | Is Supported | +|--------------|------------------------------------------------------------------------------------------------------------------------| +| Add | ✅ Checked | +| Remove | ✅ Checked | +| Discovery | ✅ Checked | +| Reenrollment | 🔲 Unchecked | +| Create | ✅ Checked | + +#### Store Type Creation + +##### Using kfutil: +`kfutil` is a custom CLI for the Keyfactor Command API and can be used to create certificate store types. +For more information on [kfutil](https://github.com/Keyfactor/kfutil) check out the [docs](https://github.com/Keyfactor/kfutil?tab=readme-ov-file#quickstart) +
Click to expand K8SSecret kfutil details + + ##### Using online definition from GitHub: + This will reach out to GitHub and pull the latest store-type definition + ```shell + # K8SSecret + kfutil store-types create K8SSecret + ``` + + ##### Offline creation using integration-manifest file: + If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo. + You would first download the [integration-manifest.json](./integration-manifest.json) and then run the following command + in your offline environment. + ```shell + kfutil store-types create --from-file integration-manifest.json + ``` +
+ + +#### Manual Creation +Below are instructions on how to create the K8SSecret store type manually in +the Keyfactor Command Portal +
Click to expand manual K8SSecret details + + Create a store type called `K8SSecret` with the attributes in the tables below: + + ##### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | K8SSecret | Display name for the store type (may be customized) | + | Short Name | K8SSecret | Short display name for the store type | + | Capability | K8SSecret | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | ✅ Checked | Check the box. Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![K8SSecret Basic Tab](docsource/images/K8SSecret-basic-store-type-dialog.png) + + ##### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Forbidden | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Optional | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![K8SSecret Advanced Tab](docsource/images/K8SSecret-advanced-store-type-dialog.png) + + > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX. + + ##### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | This should be no value or `kubeconfig` | Secret | None | 🔲 Unchecked | + | ServerPassword | Server Password | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | Secret | None | ✅ Checked | + | KubeNamespace | KubeNamespace | The K8S namespace to use to manage the K8S secret object. | String | | 🔲 Unchecked | + | KubeSecretName | KubeSecretName | The name of the K8S secret object. | String | | 🔲 Unchecked | + | KubeSecretType | KubeSecretType | This defaults to and must be `secret` | String | secret | ✅ Checked | + | SeparateChain | Separate Certificate Chain | Whether to store the certificate chain separately from the certificate. | Bool | false | 🔲 Unchecked | + | IncludeCertChain | Include Certificate Chain | Whether to include the certificate chain in the certificate. | Bool | true | 🔲 Unchecked | + + The Custom Fields tab should look like this: + + ![K8SSecret Custom Fields Tab](docsource/images/K8SSecret-custom-fields-store-type-dialog.png) + +
+
+ +### K8STLSSecr + +
Click to expand details + + +The `K8STLSSecret` store type is used to manage Kubernetes secrets of type `kubernetes.io/tls` + + + + +#### Supported Operations + +| Operation | Is Supported | +|--------------|------------------------------------------------------------------------------------------------------------------------| +| Add | ✅ Checked | +| Remove | ✅ Checked | +| Discovery | ✅ Checked | +| Reenrollment | 🔲 Unchecked | +| Create | ✅ Checked | + +#### Store Type Creation + +##### Using kfutil: +`kfutil` is a custom CLI for the Keyfactor Command API and can be used to create certificate store types. +For more information on [kfutil](https://github.com/Keyfactor/kfutil) check out the [docs](https://github.com/Keyfactor/kfutil?tab=readme-ov-file#quickstart) +
Click to expand K8STLSSecr kfutil details + + ##### Using online definition from GitHub: + This will reach out to GitHub and pull the latest store-type definition + ```shell + # K8STLSSecr + kfutil store-types create K8STLSSecr + ``` + + ##### Offline creation using integration-manifest file: + If required, it is possible to create store types from the [integration-manifest.json](./integration-manifest.json) included in this repo. + You would first download the [integration-manifest.json](./integration-manifest.json) and then run the following command + in your offline environment. + ```shell + kfutil store-types create --from-file integration-manifest.json + ``` +
+ + +#### Manual Creation +Below are instructions on how to create the K8STLSSecr store type manually in +the Keyfactor Command Portal +
Click to expand manual K8STLSSecr details + + Create a store type called `K8STLSSecr` with the attributes in the tables below: + + ##### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | K8STLSSecr | Display name for the store type (may be customized) | + | Short Name | K8STLSSecr | Short display name for the store type | + | Capability | K8STLSSecr | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | ✅ Checked | Check the box. Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![K8STLSSecr Basic Tab](docsource/images/K8STLSSecr-basic-store-type-dialog.png) + + ##### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Forbidden | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Optional | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![K8STLSSecr Advanced Tab](docsource/images/K8STLSSecr-advanced-store-type-dialog.png) + + > For Keyfactor **Command versions 24.4 and later**, a Certificate Format dropdown is available with PFX and PEM options. Ensure that **PFX** is selected, as this determines the format of new and renewed certificates sent to the Orchestrator during a Management job. Currently, all Keyfactor-supported Orchestrator extensions support only PFX. + + ##### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | This should be no value or `kubeconfig` | Secret | None | 🔲 Unchecked | + | ServerPassword | Server Password | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | Secret | None | ✅ Checked | + | KubeNamespace | KubeNamespace | The K8S namespace to use to manage the K8S secret object. | String | | 🔲 Unchecked | + | KubeSecretName | KubeSecretName | The name of the K8S secret object. | String | | 🔲 Unchecked | + | KubeSecretType | KubeSecretType | This defaults to and must be `tls_secret` | String | tls_secret | ✅ Checked | + | SeparateChain | Separate Certificate Chain | Whether to store the certificate chain separately from the certificate. | Bool | false | 🔲 Unchecked | + | IncludeCertChain | Include Certificate Chain | Whether to include the certificate chain in the certificate. | Bool | true | 🔲 Unchecked | + + The Custom Fields tab should look like this: + + ![K8STLSSecr Custom Fields Tab](docsource/images/K8STLSSecr-custom-fields-store-type-dialog.png) + +
+
+ + +## Installation + +1. **Download the latest Kubernetes Universal Orchestrator extension from GitHub.** + + Navigate to the [Kubernetes Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/k8s-orchestrator/releases/latest). Refer to the compatibility matrix below to determine whether the `net6.0` or `net8.0` asset should be downloaded. Then, click the corresponding asset to download the zip archive. + + | Universal Orchestrator Version | Latest .NET version installed on the Universal Orchestrator server | `rollForward` condition in `Orchestrator.runtimeconfig.json` | `k8s-orchestrator` .NET version to download | + | --------- | ----------- | ----------- | ----------- | + | Older than `11.0.0` | | | `net6.0` | + | Between `11.0.0` and `11.5.1` (inclusive) | `net6.0` | | `net6.0` | + | Between `11.0.0` and `11.5.1` (inclusive) | `net8.0` | `Disable` | `net6.0` | + | Between `11.0.0` and `11.5.1` (inclusive) | `net8.0` | `LatestMajor` | `net8.0` | + | `11.6` _and_ newer | `net8.0` | | `net8.0` | + + Unzip the archive containing extension assemblies to a known location. + + > **Note** If you don't see an asset with a corresponding .NET version, you should always assume that it was compiled for `net6.0`. + +2. **Locate the Universal Orchestrator extensions directory.** + + * **Default on Windows** - `C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions` + * **Default on Linux** - `/opt/keyfactor/orchestrator/extensions` + +3. **Create a new directory for the Kubernetes Universal Orchestrator extension inside the extensions directory.** + + Create a new directory called `k8s-orchestrator`. + > The directory name does not need to match any names used elsewhere; it just has to be unique within the extensions directory. + +4. **Copy the contents of the downloaded and unzipped assemblies from __step 2__ to the `k8s-orchestrator` directory.** + +5. **Restart the Universal Orchestrator service.** + + Refer to [Starting/Restarting the Universal Orchestrator service](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/StarttheService.htm). + + +6. **(optional) PAM Integration** + + The Kubernetes Universal Orchestrator extension is compatible with all supported Keyfactor PAM extensions to resolve PAM-eligible secrets. PAM extensions running on Universal Orchestrators enable secure retrieval of secrets from a connected PAM provider. + + To configure a PAM provider, [reference the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) to select an extension and follow the associated instructions to install it on the Universal Orchestrator (remote). + + +> The above installation steps can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions). + + + +## Defining Certificate Stores + +The Kubernetes Universal Orchestrator extension implements 7 Certificate Store Types, each of which implements different functionality. Refer to the individual instructions below for each Certificate Store Type that you deemed necessary for your use case from the installation section. + +
K8SCert (K8SCert) + + +### Store Creation + +#### Manually with the Command UI + +
Click to expand details + +1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + +2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + + | Attribute | Description | + | --------- |---------------------------------------------------------| + | Category | Select "K8SCert" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8SCert` certificates. Specifically, one with the `K8SCert` capability. | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | KubeNamespace | The K8S namespace to use to manage the K8S secret object. | + | KubeSecretName | The name of the K8S secret object. | + | KubeSecretType | This defaults to and must be `csr` | + +
-## Certificate Store Types -When setting up the certificate store types you wish the Kubernetes Orchestrator Extension to -manage, there are some common settings that will be the same for all supported types. -To create a new Certificate Store Type in Keyfactor Command, first click on settings -`(the gear icon on the top right) => Certificate Store Types => Add`. Alternatively, -there are cURL scripts for all of the currently implemented certificate store types -in the Certificate Store Type cURL Scripts folder in this repo if you wish to automate -the creation of the desired store types. - -### Configuration Information -Below is a table of the common values that should be used for all certificate store types. - -#### Note about StorePath -A Keyfactor Command certificate store `StorePath` for the K8S orchestrator extension can follow the following formats: - -| Pattern | Description | -|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------| -| `secretName` | The name of the secret to use. This assumes `KubeNamespace` is defined or `default` and will be the `secret` or `cert` name on k8s. | -| `namespace/secretName` | If `KubeNamespace` or `KubeSecretName` are not set, then the path will be split by `/` and the values will be parsed according to the pattern. | -| `clusterName/namespace/secretName` | Same as above, clusterName is purely informational | -| `clusterName/namespace/secretType/secretName` | Considered a `full` path, this is what discovery will return as `StorePath` | - -#### Common Values -##### UI Basic Tab -| Field Name | Required | Description | Value | -|-------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------| -| Name | ✓ | The display name you wish to use for the new Certificate Store Type. | Depends on store type. | -| ShortName | ✓ | The short name you wish to use for the new Certificate Store Type. | Depends on store type. | -| Custom Capability | ✓ | Whether or not the certificate store type supports custom capabilities. | Checked [x] | -| Supported Job Types | ✓ | The job types supported by the certificate store type. | Depends on store type. | -| Needs Server | ✓ | Must be set to true or checked. NOTE: If using this `ServerUsername` must be equal to `kubeconfig` and `ServerPassword` will be the kubeconfig file in JSON format | Checked [x] | -| Blueprint Allowed | | Checked if you wish to make use of blueprinting. Please refer to the Keyfactor Command Reference Guide for more details on this feature. | Unchecked [ ] | -| Uses PowerShell | | Whether or not the certificate store type uses PowerShell. | Unchecked [ ] | -| Requires Store Password | | Whether or not the certificate store type requires a password. | Unchecked [ ] | -| Supports Entry Password | | Whether or not the certificate store type supports entry passwords. | Unchecked [ ] | - -##### UI Advanced Tab -| Field Name | Required | Description | Value | -|-----------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------|------------------------| -| Store Path Type | | The type of path the certificate store type uses. | Freeform | -| Supports Custom Alias | | Whether or not the certificate store type supports custom aliases. | Depends on store type. | -| Private Key Handling | | Whether or not the certificate store type supports private key handling. | Depends on store type. | -| PFX Password Style | | The password style used by the certificate store type. | Default | - -##### Custom Fields Tab -| Name | Display Name | Type | Required | Default Value | Description | -|------------------|---------------------------|--------|----------|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| -| KubeNamespace | Kube Namespace | String | | | This field overrides implied `Store Path` value. The Kubernetes namespace the store will reside. This will override the value parsed from `storepath`. | -| KubeSecretName | Kube Secret Name | String | | | This field overrides implied `Store Path` value. The Kubernetes secret or certificate resource name. | -| KubeSecretType | Kube Secret Type | String | ✓ | | Must be one of the following `secret`, `secret_tls` or `cert`. See [kube-secret-types](#kube-secret-types). | -| IncludeCertChain | Include Certificate Chain | Bool | | `true` | Will default to `true` if not set. Set this to `false` if you do not want certificate chains deployed. | -| SeparateChain | SeparateChain | Bool | | `false` | Will default to `false` if not set. Set this to `true` if you want to deploy certificate chain to the `ca.crt` field for `Opaque` and `tls` secrets. | - -##### Kube Secret Types -- `secret` - A generic secret of type `Opaque`. Must contain a key of one of the following values: [ `cert`, `certficate`, `certs`,`certificates` ] to be inventoried. -- `tls_secret` - A secret of type `kubernetes.io/tls`. Must contain the following keys: [ `tls.crt`, `tls.key` ] to be inventoried. -- `cert` - A certificate `certificates.k8s.io/v1` resource. Must contain the following keys: [ `csr`, `cert` ] to be inventoried. - -##### Entry Parameters Tab: -- See specific certificate store type instructions below - -### K8SSecret Store Type - -#### kfutil Create K8SSecret Store Type - -The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. -kfuti -```bash -kfutil login -kfutil store-types create --name K8SSecret -``` - -#### UI Configuration - -##### UI Basic Tab -| Field Name | Required | Value | -|-------------------------|----------|-------------------------------------------| -| Name | ✓ | `K8SSecret` | -| ShortName | ✓ | `K8SSecret` | -| Custom Capability | ✓ | Checked [x] + `K8SSecret` | -| Supported Job Types | ✓ | Inventory, Add, Remove, Create, Discovery | -| Needs Server | ✓ | Checked [x] | -| Blueprint Allowed | | Unchecked [ ] | -| Uses PowerShell | | Unchecked [ ] | -| Requires Store Password | | Unchecked [ ] | -| Supports Entry Password | | Unchecked [ ] | - -**NOTE:** If using PAM, `server_username` must be equal to `kubeconfig` and `server_password` will be the kubeconfig file in JSON format. - -![k8ssecret_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8ssecret_basic.png) - -##### UI Advanced Tab -| Field Name | Value | -|-----------------------|-----------| -| Store Path Type | Freeform | -| Supports Custom Alias | Forbidden | -| Private Key Handling | Optional | -| PFX Password Style | Default | - -![k8ssecret_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8ssecret_advanced.png) - -##### UI Custom Fields Tab -| Name | Display Name | Type | Required | Default Value | Description | -|------------------|---------------------------|--------|----------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| KubeNamespace | Kube Namespace | String | | `default` | The K8S namespace the `Opaque` secret lives. This will override any value inferred in the `Store Path` | -| KubeSecretName | Kube Secret Name | String | ✓ | | The name of the K8S `Opaque` secret. This will override any value inferred in the `Store Path` | -| KubeSecretType | Kube Secret Type | String | ✓ | `secret` | | -| IncludeCertChain | Include Certificate Chain | Bool | | `true` | Will default to `true` if not set. If set to `false` only leaf cert will be deployed. | -| SeparateChain | SeparateChain | Bool | | `false` | Will default to `false` if not set. `true` will deploy leaf cert to `tls.crt` and the rest of the cert chain to `ca.crt`. If set to `false` the full chain is deployed to `tls.crt` | - -![k8ssecret_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8ssecret_custom_fields.png) - -##### UI Entry Parameters Tab: -Empty - -### K8STLSSecr Store Type - -#### kfutil Create K8STLSSecr Store Type - -The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. - -```bash -kfutil login -kfutil store-types create --name K8STLSSecr -``` - -#### UI Configuration - -##### UI Basic Tab -| Field Name | Required | Value | -|-------------------------|----------|-------------------------------------------| -| Name | ✓ | `K8STLSSecr` | -| ShortName | ✓ | `K8STLSSecr` | -| Custom Capability | ✓ | Checked [x] + `K8STLSSecr` | -| Supported Job Types | ✓ | Inventory, Add, Remove, Create, Discovery | -| Needs Server | ✓ | Checked [x] | -| Blueprint Allowed | | Unchecked [ ] | -| Uses PowerShell | | Unchecked [ ] | -| Requires Store Password | | Unchecked [ ] | -| Supports Entry Password | | Unchecked [ ] | - -![k8sstlssecr_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8sstlssecr_basic.png) - -##### UI Advanced Tab -| Field Name | Required | Value | -|-----------------------|----------|-----------| -| Store Path Type | | Freeform | -| Supports Custom Alias | | Forbidden | -| Private Key Handling | | Optional | -| PFX Password Style | | Default | - -![k8sstlssecr_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8sstlssecr_advanced.png) - -##### UI Custom Fields Tab -| Name | Display Name | Type | Required | Default Value | Description | -|------------------|----------------------------|--------|----------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------| -| KubeNamespace | Kube Namespace | String | | | The K8S namespace the `tls` secret lives. This will override any value inferred in the `Store Path` | -| KubeSecretName | Kube Secret Name | String | | | The name of the K8S `tls` secret. This will override any value inferred in the `Store Path` | -| KubeSecretType | Kube Secret Type | String | ✓ | `tls_secret` | | -| IncludeCertChain | Include Certificate Chain | Bool | | `true` | If set to `false` only leaf cert will be deployed. | -| SeparateChain | SeparateChain | Bool | | `true` | `true` will deploy leaf cert to `tls.crt` and the rest of the cert chain to `ca.crt`. If set to `false` the full chain is deployed to `tls.crt` | - - -![k8sstlssecr_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8sstlssecr_custom_fields.png) - -##### UI Entry Parameters Tab: -Empty - -### K8SPKCS12 Store Type - -#### kfutil Create K8SPKCS12 Store Type - -The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. - -```bash -kfutil login -kfutil store-types create --name K8SPKCS12 -``` - -#### UI Configuration - -##### UI Basic Tab -| Field Name | Required | Value | -|---------------------------|----------|-------------------------------------------| -| Name | ✓ | `K8SPKCS12` | -| ShortName | ✓ | `K8SPKCS12` | -| Custom Capability | ✓ | Checked [x] + `K8SPKCS12` | -| Supported Job Types | ✓ | Inventory, Add, Remove, Create, Discovery | -| Needs Server | ✓ | Checked [x] | -| Blueprint Allowed | | Unchecked [ ] | -| Uses PowerShell | | Unchecked [ ] | -| Requires Store Password** | | Unchecked [ ] | -| Supports Entry Password | | Unchecked [ ] | - -**NOTE:** `Requires Store Password` is required if pkcs12 password is not being sourced from a separate secret in the -K8S cluster. - -![k8spkcs12_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8spkcs12_basic.png) - -##### UI Advanced Tab -| Field Name | Value | -|-----------------------|----------| -| Store Path Type | Freeform | -| Supports Custom Alias | Required | -| Private Key Handling | Optional | -| PFX Password Style | Default | -![k8spkcs12_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8spkcs12_advanced.png) +#### Using kfutil CLI -##### UI Custom Fields Tab -| Name | Display Name | Type | Required | Default Value | Description | -|--------------------------|-----------------------------|--------|----------|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------| -| KubeNamespace | Kube Namespace | String | | | K8S namespace the PKCS12 secret lives. This will override any value inferred in the `Store Path` | -| KubeSecretName | Kube Secret Name | String | | | The K8S secret name that contains PKCS12 data. This will override any value inferred in the `Store Path` | -| KubeSecretType | Kube Secret Type | String | ✓ | `pkcs12` | This must be set to `pkcs12`. | -| CertificateDataFieldName | Certificate Data Field Name | String | ✓ | `.p12` | The K8S secret field name to source the PKCS12 data from. You can provide an extension `.p12` or `.pfx` for a secret with a key `example.p12` | -| PasswordFieldName | Password Field Name | String | | `password` | If sourcing the PKCS12 password from a K8S secret this is the field it will look for the password in. | -| PasswordIsK8SSecret | Password Is K8S Secret | Bool | | `false` | If you want to use the PKCS12 secret or a separate secret specific in `KubeSecretPasswordPath` set this to `true` | -| StorePasswordPath | Kube Secret Password Path | String | | | Source PKCS12 password from a separate K8S secret. Pattern: `namespace_name/secret_name` | - - -![k8spkcs12_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8spkcs12_custom_fields.png) - -##### UI Entry Parameters Tab: -Empty - -### K8SJKS Store Type - -#### Storepath Patterns -- `namespace_name/secret_name` -- `namespace_name/secrets/secret_name` -- `cluster_name/namespace_name/secrets/secret_name` - -#### Alias Patterns -- `k8s_secret_field_name/keystore_alias` - -#### kfutil Create K8SJKS Store Type - -The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. - -```bash -kfutil login -kfutil store-types create --name K8SJKS -``` - -#### UI Configuration - -##### UI Basic Tab -| Field Name | Required | Value | -|---------------------------|----------|-------------------------------------------| -| Name | ✓ | `K8SJKS` | -| ShortName | ✓ | `K8SJKS` | -| Custom Capability | ✓ | Checked [x] + `K8SJKS` | -| Supported Job Types | ✓ | Inventory, Add, Remove, Create, Discovery | -| Needs Server | ✓ | Checked [x] | -| Blueprint Allowed | | Unchecked [ ] | -| Uses PowerShell | | Unchecked [ ] | -| Requires Store Password** | | Unchecked [ ] | -| Supports Entry Password | | Unchecked [ ] | +
Click to expand details -**NOTE:** `Requires Store Password` is required if pkcs12 password is not being sourced from a separate secret in the -K8S cluster. +1. **Generate a CSV template for the K8SCert certificate store** -![k8sjks_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_basic.png) + ```shell + kfutil stores import generate-template --store-type-name K8SCert --outpath K8SCert.csv + ``` +2. **Populate the generated CSV file** -##### UI Advanced Tab -| Field Name | Value | -|-----------------------|----------| -| Store Path Type | Freeform | -| Supports Custom Alias | Required | -| Private Key Handling | Optional | -| PFX Password Style | Default | + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. -![k8sjks_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_advanced.png) - -##### UI Custom Fields Tab -| Name | Display Name | Type | Required | Default Value | Description | -|--------------------------|-----------------------------|--------|----------|---------------|--------------------------------------------------------------------------------------------------------| -| KubeNamespace | Kube Namespace | String | | | K8S namespace the JKS secret lives. This will override any value inferred in the `Store Path`. | -| KubeSecretName | Kube Secret Name | String | | | The K8S secret name that contains JKS data. This will override any value inferred in the `Store Path`. | -| KubeSecretType | Kube Secret Type | String | ✓ | `jks` | | -| CertificateDataFieldName | Certificate Data Field Name | String | ✓ | `.jks` | The K8S secret field name to source the JKS data from | -| PasswordFieldName | Password Field Name | String | ✓ | `password` | If sourcing the JKS password from a K8S secret this is the field it will look for the password in. | -| PasswordIsK8SSecret | Password Is K8S Secret | Bool | | `false` | If you want to use the JKS secret or a separate secret specific in `` set this to `true` | -| StorePasswordPath | Kube Secret Password Path | String | | | Source JKS password from a separate K8S secret. Pattern: `namespace_name/secret_name` | - - -![k8sjks_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_custom_fields.png) - -##### UI Entry Parameters Tab: -Empty - -### K8SCluster Store Type + | Attribute | Description | + | --------- | ----------- | + | Category | Select "K8SCert" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8SCert` certificates. Specifically, one with the `K8SCert` capability. | + | Properties.ServerUsername | This should be no value or `kubeconfig` | + | Properties.ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | Properties.KubeNamespace | The K8S namespace to use to manage the K8S secret object. | + | Properties.KubeSecretName | The name of the K8S secret object. | + | Properties.KubeSecretType | This defaults to and must be `csr` | -#### Storepath Patterns -- `cluster_name` +3. **Import the CSV file to create the certificate stores** -#### Alias Patterns -- `namespace_name/secrets/secret_type/secret_name` - -#### kfutil Create K8SCluster Store Type - -The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. + ```shell + kfutil stores import csv --store-type-name K8SCert --file K8SCert.csv + ``` -```bash -kfutil login -kfutil store-types create --name K8SCluster -``` +
-#### UI Configuration -##### UI Basic Tab -| Field Name | Required | Value | -|-------------------------|----------|---------------------------------| -| Name | ✓ | `K8SCluster` | -| ShortName | ✓ | `K8SCluster` | -| Custom Capability | ✓ | Checked [x] + `K8SCluster` | -| Supported Job Types | ✓ | Inventory, Add, Remove, Create | -| Needs Server | ✓ | Checked [x] | -| Blueprint Allowed | | Unchecked [ ] | -| Uses PowerShell | | Unchecked [ ] | -| Requires Store Password | | Unchecked [ ] | -| Supports Entry Password | | Unchecked [ ] | +#### PAM Provider Eligible Fields +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator -![k8scluster_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8scluster_basic.png) +If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. -##### UI Advanced Tab -| Field Name | Value | -|-----------------------|----------| -| Store Path Type | Freeform | -| Supports Custom Alias | Required | -| Private Key Handling | Optional | -| PFX Password Style | Default | + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | -![k8scluster_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8scluster_advanced.png) +Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. +> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. +
-##### UI Custom Fields Tab -| Name | Display Name | Type | Required | Default Value | Description | -|------------------|---------------------------|--------|----------|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------| -| IncludeCertChain | Include Certificate Chain | Bool | | `true` | Will default to `true` if not set. If set to `false` only leaf cert will be deployed. | -| SeparateChain | Separate Chain | Bool | | `false` | Will default to `false` if not set. Set this to `true` if you want to deploy certificate chain to the `ca.crt` field for `Opaque` and `tls` secrets. | - -![k8scluster_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8scluster_custom_fields.png) - -##### UI Entry Parameters Tab: -Empty - -### K8SNS Store Type - -**NOTE**: This store type will only inventory K8S secrets that contain the keys `tls.crt` and `tls.key`. - -#### Storepath Patterns -- `namespace_name` -- `cluster_name/namespace_name` - -#### Alias Patterns -- `secrets/secret_type/secret_name` -#### kfutil Create K8SNS Store Type +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). -The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. -```bash -kfutil login -kfutil store-types create --name K8SNS -``` +
-#### UI Configuration +
K8SCluster (K8SCluster) -##### UI Basic Tab -| Field Name | Required | Value | -|-------------------------|----------|--------------------------------| -| Name | ✓ | `K8SNS` | -| ShortName | ✓ | `K8SNS` | -| Custom Capability | ✓ | Checked [x] + `K8SNS` | -| Supported Job Types | ✓ | Inventory, Add, Remove, Create | -| Needs Server | ✓ | Checked [x] | -| Blueprint Allowed | | Unchecked [ ] | -| Uses PowerShell | | Unchecked [ ] | -| Requires Store Password | | Unchecked [ ] | -| Supports Entry Password | | Unchecked [ ] | +In order for certificates of type `Opaque` and/or `kubernetes.io/tls` to be inventoried in `K8SCluster` store types, they must +have specific keys in the Kubernetes secret. +- Required keys: `tls.crt` or `ca.crt` +- Additional keys: `tls.key` -![k8sns_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8sns_basic.png) +### Storepath Patterns +- `` -##### UI Advanced Tab -| Field Name | Value | -|-----------------------|----------| -| Store Path Type | Freeform | -| Supports Custom Alias | Required | -| Private Key Handling | Optional | -| PFX Password Style | Default | +### Alias Patterns +- `/secrets//` -![k8sns_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8sns_advanced.png) -##### UI Custom Fields Tab -| Name | Display Name | Type | Required | Default Value | Description | -|------------------|---------------------------|--------|----------|---------------|------------------------------------------------------------------------------------------------------------------------------------------------------| -| KubeNamespace | Kube Namespace | String | | | K8S namespace to manage. This will override any value inferred in the `Store Path`. | -| IncludeCertChain | Include Certificate Chain | Bool | | `true` | Will default to `true` if not set. If set to `false` only leaf cert will be deployed. | -| SeparateChain | Separate Chain | Bool | | `false` | Will default to `false` if not set. Set this to `true` if you want to deploy certificate chain to the `ca.crt` field for `Opaque` and `tls` secrets. | +### Store Creation -![k8sns_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8sns_custom_fields.png) - -##### UI Entry Parameters Tab: -Empty - -### K8SCert Store Type +#### Manually with the Command UI -The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. - -```bash -kfutil login -kfutil store-types create --name K8SCert -``` - -#### UI Configuration +
Click to expand details -##### UI Basic Tab -| Field Name | Required | Value | -|-------------------------|----------|--------------------------| -| Name | ✓ | `K8SCert` | -| ShortName | ✓ | `K8SCert` | -| Custom Capability | ✓ | Checked [x] + `K8SCert` | -| Supported Job Types | ✓ | Inventory, Discovery | -| Needs Server | ✓ | Checked [x] | -| Blueprint Allowed | | Unchecked [ ] | -| Uses PowerShell | | Unchecked [ ] | -| Requires Store Password | | Unchecked [ ] | -| Supports Entry Password | | Unchecked [ ] | +1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** -![k8scert_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8scert_basic.png) + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. -##### UI Advanced Tab -| Field Name | Required | Value | -|-----------------------|----------|------------| -| Store Path Type | | Freeform | -| Supports Custom Alias | | Forbidden | -| Private Key Handling | | Forbidden | -| PFX Password Style | | Default | +2. **Add a Certificate Store.** -![k8scert_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8scert_advanced.png) + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. -##### UI Custom Fields Tab -| Name | Display Name | Type | Required | Default Value | Description | -|--------------------|---------------------------|--------|----------|---------------|--------------------------------------------------------------------------------------------------------| -| KubeNamespace | Kube Namespace | String | | | The K8S namespace the `cert` resource lives. This will override any value inferred in the `Store Path` | -| KubeSecretName | Kube Secret Name | String | | | The K8S `cert` name. This will override any value inferred in the `Store Path`. | -| KubeSecretType | Kube Secret Type | String | ✓ | `cert` | | + | Attribute | Description | + | --------- |---------------------------------------------------------| + | Category | Select "K8SCluster" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8SCluster` certificates. Specifically, one with the `K8SCluster` capability. | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | SeparateChain | Whether to store the certificate chain separately from the certificate. | + | IncludeCertChain | Whether to include the certificate chain in the certificate. | -![k8scert_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8scert_custom_fields.png) -##### UI Entry Parameters Tab: -Empty - -## Creating Certificate Stores and Scheduling Discovery Jobs - -Please refer to the Keyfactor Command Reference Guide for information on creating -certificate stores and scheduling Discovery jobs in Keyfactor Command. - -## Certificate Discovery -**NOTE:** To use disovery jobs, you must have the story type created in Keyfactor Command and the `needs_server` checkbox MUST be checked. -Otherwise you will not be able to provide credentials to the discovery job. +
+ + + +#### Using kfutil CLI + +
Click to expand details + +1. **Generate a CSV template for the K8SCluster certificate store** + + ```shell + kfutil stores import generate-template --store-type-name K8SCluster --outpath K8SCluster.csv + ``` +2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + + | Attribute | Description | + | --------- | ----------- | + | Category | Select "K8SCluster" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8SCluster` certificates. Specifically, one with the `K8SCluster` capability. | + | Properties.ServerUsername | This should be no value or `kubeconfig` | + | Properties.ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | Properties.SeparateChain | Whether to store the certificate chain separately from the certificate. | + | Properties.IncludeCertChain | Whether to include the certificate chain in the certificate. | + +3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name K8SCluster --file K8SCluster.csv + ``` + +
+ + +#### PAM Provider Eligible Fields +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator + +If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. + + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + +Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. +> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. + +
+ + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +
K8SJKS (K8SJKS) + +In order for certificates of type `Opaque` to be inventoried as `K8SJKS` store types, they must have specific keys in +the Kubernetes secret. +- Valid Keys: `*.jks` + +### Storepath Patterns +- `/` +- `/secrets/` +- `//secrets/` + +### Alias Patterns +- `/` + +Example: `test.jks/load_balancer` where `test.jks` is the field name on the `Opaque` secret and `load_balancer` is +the certificate alias in the `jks` data store. + + +### Store Creation + +#### Manually with the Command UI + +
Click to expand details + +1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + +2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + + | Attribute | Description | + | --------- |---------------------------------------------------------| + | Category | Select "K8SJKS" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Store Password | Password to use when reading/writing to store | + | Orchestrator | Select an approved orchestrator capable of managing `K8SJKS` certificates. Specifically, one with the `K8SJKS` capability. | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | KubeNamespace | The K8S namespace to use to manage the K8S secret object. | + | KubeSecretName | The name of the K8S secret object. | + | KubeSecretType | This defaults to and must be `jks` | + | CertificateDataFieldName | | + | PasswordFieldName | | + | PasswordIsK8SSecret | | + | StorePasswordPath | | + +
+ + + +#### Using kfutil CLI + +
Click to expand details + +1. **Generate a CSV template for the K8SJKS certificate store** + + ```shell + kfutil stores import generate-template --store-type-name K8SJKS --outpath K8SJKS.csv + ``` +2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + + | Attribute | Description | + | --------- | ----------- | + | Category | Select "K8SJKS" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Store Password | Password to use when reading/writing to store | + | Orchestrator | Select an approved orchestrator capable of managing `K8SJKS` certificates. Specifically, one with the `K8SJKS` capability. | + | Properties.ServerUsername | This should be no value or `kubeconfig` | + | Properties.ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | Properties.KubeNamespace | The K8S namespace to use to manage the K8S secret object. | + | Properties.KubeSecretName | The name of the K8S secret object. | + | Properties.KubeSecretType | This defaults to and must be `jks` | + | Properties.CertificateDataFieldName | | + | Properties.PasswordFieldName | | + | Properties.PasswordIsK8SSecret | | + | Properties.StorePasswordPath | | + +3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name K8SJKS --file K8SJKS.csv + ``` + +
+ + +#### PAM Provider Eligible Fields +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator + +If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. + + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | StorePassword | Password to use when reading/writing to store | + +Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. +> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. + +
+ + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +
K8SNS (K8SNS) + +In order for certificates of type `Opaque` and/or `kubernetes.io/tls` to be inventoried in `K8SNS` store types, they must +have specific keys in the Kubernetes secret. +- Required keys: `tls.crt` or `ca.crt` +- Additional keys: `tls.key` + +### Storepath Patterns +- `` +- `/` + +### Alias Patterns +- `secrets//` + + +### Store Creation + +#### Manually with the Command UI + +
Click to expand details + +1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + +2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + + | Attribute | Description | + | --------- |---------------------------------------------------------| + | Category | Select "K8SNS" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8SNS` certificates. Specifically, one with the `K8SNS` capability. | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | KubeNamespace | | + | SeparateChain | Whether to store the certificate chain separately from the certificate. | + | IncludeCertChain | Whether to include the certificate chain in the certificate. | + +
+ + + +#### Using kfutil CLI + +
Click to expand details + +1. **Generate a CSV template for the K8SNS certificate store** + + ```shell + kfutil stores import generate-template --store-type-name K8SNS --outpath K8SNS.csv + ``` +2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + + | Attribute | Description | + | --------- | ----------- | + | Category | Select "K8SNS" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8SNS` certificates. Specifically, one with the `K8SNS` capability. | + | Properties.ServerUsername | This should be no value or `kubeconfig` | + | Properties.ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | Properties.KubeNamespace | | + | Properties.SeparateChain | Whether to store the certificate chain separately from the certificate. | + | Properties.IncludeCertChain | Whether to include the certificate chain in the certificate. | + +3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name K8SNS --file K8SNS.csv + ``` + +
+ + +#### PAM Provider Eligible Fields +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator + +If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. + + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + +Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. +> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. + +
+ + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +
K8SPKCS12 (K8SPKCS12) + +In order for certificates of type `Opaque` to be inventoried as `K8SPKCS12` store types, they must have specific keys in +the Kubernetes secret. +- Valid Keys: `*.pfx`, `*.pkcs12`, `*.p12` + +### Storepath Patterns +- `/` +- `/secrets/` +- `//secrets/` + +### Alias Patterns +- `/` + +Example: `test.pkcs12/load_balancer` where `test.pkcs12` is the field name on the `Opaque` secret and `load_balancer` is +the certificate alias in the `pkcs12` data store. + + +### Store Creation + +#### Manually with the Command UI + +
Click to expand details + +1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + +2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + + | Attribute | Description | + | --------- |---------------------------------------------------------| + | Category | Select "K8SPKCS12" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Store Password | Password to use when reading/writing to store | + | Orchestrator | Select an approved orchestrator capable of managing `K8SPKCS12` certificates. Specifically, one with the `K8SPKCS12` capability. | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | KubeSecretType | This defaults to and must be `pkcs12` | + | CertificateDataFieldName | | + | PasswordFieldName | | + | PasswordIsK8SSecret | | + | KubeNamespace | | + | KubeSecretName | | + | StorePasswordPath | | + +
+ + + +#### Using kfutil CLI + +
Click to expand details + +1. **Generate a CSV template for the K8SPKCS12 certificate store** + + ```shell + kfutil stores import generate-template --store-type-name K8SPKCS12 --outpath K8SPKCS12.csv + ``` +2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + + | Attribute | Description | + | --------- | ----------- | + | Category | Select "K8SPKCS12" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Store Password | Password to use when reading/writing to store | + | Orchestrator | Select an approved orchestrator capable of managing `K8SPKCS12` certificates. Specifically, one with the `K8SPKCS12` capability. | + | Properties.ServerUsername | This should be no value or `kubeconfig` | + | Properties.ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | Properties.KubeSecretType | This defaults to and must be `pkcs12` | + | Properties.CertificateDataFieldName | | + | Properties.PasswordFieldName | | + | Properties.PasswordIsK8SSecret | | + | Properties.KubeNamespace | | + | Properties.KubeSecretName | | + | Properties.StorePasswordPath | | + +3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name K8SPKCS12 --file K8SPKCS12.csv + ``` + +
+ + +#### PAM Provider Eligible Fields +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator + +If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. + + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | StorePassword | Password to use when reading/writing to store | + +Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. +> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. + +
+ + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +
K8SSecret (K8SSecret) + +In order for certificates of type `Opaque` to be inventoried as `K8SSecret` store types, they must have specific keys in +the Kubernetes secret. +- Required keys: `tls.crt` or `ca.crt` +- Additional keys: `tls.key` + + +### Store Creation + +#### Manually with the Command UI + +
Click to expand details + +1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + +2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + + | Attribute | Description | + | --------- |---------------------------------------------------------| + | Category | Select "K8SSecret" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8SSecret` certificates. Specifically, one with the `K8SSecret` capability. | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | KubeNamespace | The K8S namespace to use to manage the K8S secret object. | + | KubeSecretName | The name of the K8S secret object. | + | KubeSecretType | This defaults to and must be `secret` | + | SeparateChain | Whether to store the certificate chain separately from the certificate. | + | IncludeCertChain | Whether to include the certificate chain in the certificate. | + +
+ + + +#### Using kfutil CLI + +
Click to expand details + +1. **Generate a CSV template for the K8SSecret certificate store** + + ```shell + kfutil stores import generate-template --store-type-name K8SSecret --outpath K8SSecret.csv + ``` +2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + + | Attribute | Description | + | --------- | ----------- | + | Category | Select "K8SSecret" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8SSecret` certificates. Specifically, one with the `K8SSecret` capability. | + | Properties.ServerUsername | This should be no value or `kubeconfig` | + | Properties.ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | Properties.KubeNamespace | The K8S namespace to use to manage the K8S secret object. | + | Properties.KubeSecretName | The name of the K8S secret object. | + | Properties.KubeSecretType | This defaults to and must be `secret` | + | Properties.SeparateChain | Whether to store the certificate chain separately from the certificate. | + | Properties.IncludeCertChain | Whether to include the certificate chain in the certificate. | + +3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name K8SSecret --file K8SSecret.csv + ``` + +
+ + +#### PAM Provider Eligible Fields +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator + +If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. + + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + +Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. +> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. + +
+ + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +
K8STLSSecr (K8STLSSecr) + +In order for certificates of type `kubernetes.io/tls` to be inventoried, they must have specific keys in +the Kubernetes secret. +- Required keys: `tls.crt` and `tls.key` +- Optional keys: `ca.crt` + + +### Store Creation + +#### Manually with the Command UI + +
Click to expand details + +1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + +2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + + | Attribute | Description | + | --------- |---------------------------------------------------------| + | Category | Select "K8STLSSecr" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8STLSSecr` certificates. Specifically, one with the `K8STLSSecr` capability. | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | KubeNamespace | The K8S namespace to use to manage the K8S secret object. | + | KubeSecretName | The name of the K8S secret object. | + | KubeSecretType | This defaults to and must be `tls_secret` | + | SeparateChain | Whether to store the certificate chain separately from the certificate. | + | IncludeCertChain | Whether to include the certificate chain in the certificate. | + +
+ + + +#### Using kfutil CLI + +
Click to expand details + +1. **Generate a CSV template for the K8STLSSecr certificate store** + + ```shell + kfutil stores import generate-template --store-type-name K8STLSSecr --outpath K8STLSSecr.csv + ``` +2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + + | Attribute | Description | + | --------- | ----------- | + | Category | Select "K8STLSSecr" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | | + | Store Path | | + | Orchestrator | Select an approved orchestrator capable of managing `K8STLSSecr` certificates. Specifically, one with the `K8STLSSecr` capability. | + | Properties.ServerUsername | This should be no value or `kubeconfig` | + | Properties.ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + | Properties.KubeNamespace | The K8S namespace to use to manage the K8S secret object. | + | Properties.KubeSecretName | The name of the K8S secret object. | + | Properties.KubeSecretType | This defaults to and must be `tls_secret` | + | Properties.SeparateChain | Whether to store the certificate chain separately from the certificate. | + | Properties.IncludeCertChain | Whether to include the certificate chain in the certificate. | + +3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name K8STLSSecr --file K8STLSSecr.csv + ``` + +
+ + +#### PAM Provider Eligible Fields +
Attributes eligible for retrieval by a PAM Provider on the Universal Orchestrator + +If a PAM provider was installed _on the Universal Orchestrator_ in the [Installation](#Installation) section, the following parameters can be configured for retrieval _on the Universal Orchestrator_. + + | Attribute | Description | + | --------- | ----------- | + | ServerUsername | This should be no value or `kubeconfig` | + | ServerPassword | The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json | + +Please refer to the **Universal Orchestrator (remote)** usage section ([PAM providers on the Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam)) for your selected PAM provider for instructions on how to load attributes orchestrator-side. +> Any secret can be rendered by a PAM provider _installed on the Keyfactor Command server_. The above parameters are specific to attributes that can be fetched by an installed PAM provider running on the Universal Orchestrator server itself. + +
+ + +> The content in this section can be supplemented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +## Discovering Certificate Stores with the Discovery Job +**NOTE:** To use discovery jobs, you must have the story type created in Keyfactor Command and the `needs_server` +checkbox *MUST* be checked, if you do not select `needs_server` you will not be able to provide credentials to the +discovery job and it will fail. The Kubernetes Orchestrator Extension supports certificate discovery jobs. This allows you to populate the certificate stores with existing certificates. To run a discovery job, follow these steps: 1. Click on the "Locations > Certificate Stores" menu item. 2. Click the "Discover" tab. 3. Click the "Schedule" button. 4. Configure the job based on storetype. **Note** the "Server Username" field must be set to `kubeconfig` and the "Server Password" field is the `kubeconfig` formatted JSON file containing the service account credentials. See the "Service Account Setup" section earlier in this README for more information on setting up a service account. - ![discover_schedule_start.png](docs%2Fscreenshots%2Fdiscovery%2Fdiscover_schedule_start.png) - ![discover_schedule_config.png](docs%2Fscreenshots%2Fdiscovery%2Fdiscover_schedule_config.png) - ![discover_server_username.png](docs%2Fscreenshots%2Fdiscovery%2Fdiscover_server_username.png) - ![discover_server_password.png](docs%2Fscreenshots%2Fdiscovery%2Fdiscover_server_password.png) + ![discover_schedule_start.png](./docs/screenshots/discovery/discover_schedule_start.png) + ![discover_schedule_config.png](./docs/screenshots/discovery/discover_schedule_config.png) + ![discover_server_username.png](./docs/screenshots/discovery/discover_server_username.png) + ![discover_server_password.png](./docs/screenshots/discovery/discover_server_password.png) 5. Click the "Save" button and wait for the Orchestrator to run the job. This may take some time depending on the number of certificates in the store and the Orchestrator's check-in schedule. -### K8SNS Discovery + + +
K8SJKS + + +### K8SJKS Discovery Job + +For discovery of `K8SJKS` stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all +namespaces. *This cannot be left blank.* +- `File name patterns to match` - comma separated list of K8S secret keys to search for PKCS12 or JKS data. Will use +the following keys by default: `tls.pfx`,`tls.pkcs12`,`pfx`,`pkcs12`,`tls.jks`,`jks`. +
+ + +
K8SNS + + +### K8SNS Discovery Job + For discovery of K8SNS stores toy can use the following params to filter the certificates that will be discovered: -- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all namespaces. *This cannot be left blank.* - -### K8SPKCS12 and K8SJKS Discovery -For discovery of K8SPKCS12 and K8SJKS stores toy can use the following params to filter the certificates that will be discovered: -- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all namespaces. *This cannot be left blank.* -- `File name patterns to match` - comma separated list of K8S secret keys to search for PKCS12 or JKS data. Will use the following keys by default: `tls.pfx`,`tls.pkcs12`,`pfx`,`pkcs12`,`tls.jks`,`jks`. - -## Certificate Inventory -In order for certificates to be inventoried by the Keyfactor k8s-orchestrator, they must have specific keys and values -in the Kubernetes Secret. The following table shows the required keys and values for each type of certificate store. - -| Store Type | Valid Secret Keys | -|------------|--------------------------------| -| K8STLSSecr | `tls.crt`,`tls.key`, `ca.crt` | -| K8SSecret | `tls.crt`,`tls.crts`, `ca.crt` | -| K8SCert | `cert`, `csr` | -| K8SPKCS12 | `*.pfx`,`*.pkcs12`, `*.p12` | -| K8SJKS | `*.jks` | -| K8SNS | `tls.crt`,`tls.crts`, `ca.crt` | -| K8SCluster | `tls.crt`,`tls.crts`, `ca.crt` | - -## Certificate Management -Management add/remove/create operations will attempt to write back to the Kubernetes Secret. -The following table shows the keys that the orchestrator will write back to the Kubernetes Secret for -each type of certificate store. - -| Store Type | Managed Secret Keys | -|------------|-----------------------------------------------------------| -| K8STLSSecr | `tls.crt`,`tls.key`, `ca.crt` | -| K8SSecret | `tls.crt`,`tls.key`, `ca.crt` | -| K8SPKCS12 | Specified in custom field `KubeSecretKey` or use defaults | -| K8SJKS | Specified in custom field `KubeSecretKey` or use defaults | -| K8SCluster | `tls.crt`,`tls.key` | -| K8SNS | `tls.crt`,`tls.key` | - -### K8STLSSecr & K8SSecret -These store types are virtually the same, they only differ in what K8S secret type they create. Both store types allow -for **ONLY** a single certificate to be stored in the secret. This means any `add` job will **overwrite** the existing -`tls.crt`, `tls.key`, and `ca.crt` values in the secret. If a secret does not exist, the orchestrator will create one -with the fields `tls.crt`, `tls.key`. Additionally, if `SeparateChain` on the store definition is set to -`true`, then the field `ca.crt` will be populated with the certificate chain data. - -**NOTE:** If a secret already exists and does not contain the field `ca.crt`, the orchestrator will **NOT** add the field -`ca.crt` to the secret, and instead will deploy a full certificate chain to the `tls.crt` field. - -#### Opaque & tls secret w/o ca.crt -Here's what an `Opaque` secret looks like in the UI when it does not contain the `ca.crt` field **NOTE** the chain is -included in the `tls.crt` field: -![opaque_no_cacrt_field.png](docs%2Fscreenshots%2Fmanagement%2Fopaque_no_cacrt_field.png) - -#### Opaque & tls secret w/ ca.crt -Here's what an `Opaque` secret looks like in the UI when it does contain the `ca.crt` field: -![opaque_cacrt.png](docs%2Fscreenshots%2Fmanagement%2Fopaque_cacrt.png) - -#### Opaque & tls secret w/o private key -It is possible to deploy a certificate without the private key from Command, and this is how it will look in the UI -**NOTE** the chain will only be included if Command has inventoried it: -![opaque_no_private_key.png](docs%2Fscreenshots%2Fmanagement%2Fopaque_no_private_key.png) - -### K8SJKS & K8SPKCS12 - -The K8SJKS store type is a Java Key Store (JKS) that is stored in a Kubernetes Secret. The secret can contain multiple -JKS files. The orchestrator will attempt to manage the JKS files found in the secret that match the `allowed_keys` or -`CertificateDataFieldName` custom field values. - -Alias pattern: `/`. - -Example of secret containing 2 JKS stores: -![k8sjks_multi.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_multi.png) - -Here's what this looks like in the UI: -![k8sjks_inventory_ui.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_inventory_ui.png) - -## Development - -[See the development guide](Development.md) +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all +namespaces. *This cannot be left blank.* +
+ + +
K8SPKCS12 + + +### K8SPKCS12 Discovery Job + +For discovery of `K8SPKCS12` stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all + namespaces. *This cannot be left blank.* +- `File name patterns to match` - comma separated list of K8S secret keys to search for PKCS12 or PKCS12 data. Will use + the following keys by default: `tls.pfx`,`tls.pkcs12`,`pfx`,`pkcs12`,`tls.pkcs12`,`pkcs12`. +
+ + +
K8SSecret -## License -[Apache](https://apache.org/licenses/LICENSE-2.0) +### K8SSecret Discovery Job + +For discovery of K8SNS stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all + namespaces. *This cannot be left blank.* +
+ + +
K8STLSSecr + + +### K8STLSSecr Discovery Job + +For discovery of K8SNS stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all + namespaces. *This cannot be left blank.* +
+ + + + + +## License -When creating cert store type manually, that store property names and entry parameter names are case sensitive +Apache License 2.0, see [LICENSE](LICENSE). +## Related Integrations +See all [Keyfactor Universal Orchestrator extensions](https://github.com/orgs/Keyfactor/repositories?q=orchestrator). \ No newline at end of file diff --git a/docs_old/README.md b/docs_old/README.md new file mode 100644 index 0000000..dfff94a --- /dev/null +++ b/docs_old/README.md @@ -0,0 +1,928 @@ + +# Kubernetes Orchestrator Extension + +The Kubernetes Orchestrator allows for the remote management of certificate stores defined in a Kubernetes cluster. The following types of Kubernetes resources are supported: kubernetes secrets of `kubernetes.io/tls` or `Opaque` and kubernetes certificates `certificates.k8s.io/v1` + +#### Integration status: Production - Ready for use in production environments. + +## About the Keyfactor Universal Orchestrator Extension + +This repository contains a Universal Orchestrator Extension which is a plugin to the Keyfactor Universal Orchestrator. Within the Keyfactor Platform, Orchestrators are used to manage “certificate stores” — collections of certificates and roots of trust that are found within and used by various applications. + +The Universal Orchestrator is part of the Keyfactor software distribution and is available via the Keyfactor customer portal. For general instructions on installing Extensions, see the “Keyfactor Command Orchestrator Installation and Configuration Guide” section of the Keyfactor documentation. For configuration details of this specific Extension see below in this readme. + +The Universal Orchestrator is the successor to the Windows Orchestrator. This Orchestrator Extension plugin only works with the Universal Orchestrator and does not work with the Windows Orchestrator. + +## Support for Kubernetes Orchestrator Extension + +Kubernetes Orchestrator Extension is supported by Keyfactor for Keyfactor customers. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com + +###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. + +--- + + +--- + + + +## Keyfactor Version Supported + +The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.x +## Platform Specific Notes + +The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. The certificate operations supported by a capability may vary based what platform the capability is installed on. The table below indicates what capabilities are supported based on which platform the encompassing Universal Orchestrator is running. +| Operation | Win | Linux | +|-----|-----|------| +|Supports Management Add|✓ |✓ | +|Supports Management Remove|✓ |✓ | +|Supports Create Store|✓ |✓ | +|Supports Discovery|✓ |✓ | +|Supports Reenrollment| | | +|Supports Inventory|✓ |✓ | + + +## PAM Integration + +This orchestrator extension has the ability to connect to a variety of supported PAM providers to allow for the retrieval of various client hosted secrets right from the orchestrator server itself. This eliminates the need to set up the PAM integration on Keyfactor Command which may be in an environment that the client does not want to have access to their PAM provider. + +The secrets that this orchestrator extension supports for use with a PAM Provider are: + +| Name | Description | +|----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ServerUsername | Must be set to `kubeconfig` if used. If you do not set it to `kubeconfig` the `ServerPassword` will be ignored. | +| ServerPassword | Must be set if `ServerUsername` is provided. The service account credentials for the Universal Orchestrator to use. Must be in `kubeconfig` format. For more information review [Kubernetes service account](https://github.com/Keyfactor/kubernetes-orchestrator/blob/main/scripts/kubernetes/README.md) docs and scripts. | + + +It is not necessary to use a PAM Provider for all of the secrets available above. If a PAM Provider should not be used, simply enter in the actual value to be used, as normal. + +If a PAM Provider will be used for one of the fields above, start by referencing the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam). The GitHub repo for the PAM Provider to be used contains important information such as the format of the `json` needed. What follows is an example but does not reflect the `json` values for all PAM Providers as they have different "instance" and "initialization" parameter names and values. + +
General PAM Provider Configuration +

+ + + +### Example PAM Provider Setup + +To use a PAM Provider to resolve a field, in this example the __Server Password__ will be resolved by the `Hashicorp-Vault` provider, first install the PAM Provider extension from the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) on the Universal Orchestrator. + +Next, complete configuration of the PAM Provider on the UO by editing the `manifest.json` of the __PAM Provider__ (e.g. located at extensions/Hashicorp-Vault/manifest.json). The "initialization" parameters need to be entered here: + +~~~ json + "Keyfactor:PAMProviders:Hashicorp-Vault:InitializationInfo": { + "Host": "http://127.0.0.1:8200", + "Path": "v1/secret/data", + "Token": "xxxxxx" + } +~~~ + +After these values are entered, the Orchestrator needs to be restarted to pick up the configuration. Now the PAM Provider can be used on other Orchestrator Extensions. + +### Use the PAM Provider +With the PAM Provider configured as an extenion on the UO, a `json` object can be passed instead of an actual value to resolve the field with a PAM Provider. Consult the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam) for the specific format of the `json` object. + +To have the __Server Password__ field resolved by the `Hashicorp-Vault` provider, the corresponding `json` object from the `Hashicorp-Vault` extension needs to be copied and filed in with the correct information: + +~~~ json +{"Secret":"my-kv-secret","Key":"myServerPassword"} +~~~ + +This text would be entered in as the value for the __Server Password__, instead of entering in the actual password. The Orchestrator will attempt to use the PAM Provider to retrieve the __Server Password__. If PAM should not be used, just directly enter in the value for the field. +

+
+ + + + +--- + + +## Table of Contents +- [Keyfactor Version Supported](#keyfactor-version-supported) +- [Platform Specific Notes](#platform-specific-notes) +- [PAM Integration](#pam-integration) +- [Overview](#overview) + * [K8SCert](#k8scert) + * [K8SSecret](#k8ssecret) + * [K8STLSSecret](#k8stlssecret) + * [K8SJKS](#k8sjks) +- [Versioning](#versioning) +- [Security Considerations](#security-considerations) + * [Service Account Setup](#service-account-setup) +- [Kubernetes Orchestrator Extension Installation](#kubernetes-orchestrator-extension-installation) +- [Certificate Store Types](#certificate-store-types) + * [Configuration Information](#configuration-information) + + [Note about StorePath](#note-about-storepath) + + [Common Values](#common-values) + - [UI Basic Tab](#ui-basic-tab) + - [UI Advanced Tab](#ui-advanced-tab) + - [Custom Fields Tab](#custom-fields-tab) + - [Kube Secret Types](#kube-secret-types) + - [Entry Parameters Tab:](#entry-parameters-tab-) + * [K8SSecret Store Type](#k8ssecret-store-type) + + [kfutil Create K8SSecret Store Type](#kfutil-create-k8ssecret-store-type) + + [UI Configuration](#ui-configuration) + - [UI Basic Tab](#ui-basic-tab-1) + - [UI Advanced Tab](#ui-advanced-tab-1) + - [UI Custom Fields Tab](#ui-custom-fields-tab) + - [UI Entry Parameters Tab:](#ui-entry-parameters-tab-) + * [K8STLSSecr Store Type](#k8stlssecr-store-type) + + [kfutil Create K8STLSSecr Store Type](#kfutil-create-k8stlssecr-store-type) + + [UI Configuration](#ui-configuration-1) + - [UI Basic Tab](#ui-basic-tab-2) + - [UI Advanced Tab](#ui-advanced-tab-2) + - [UI Custom Fields Tab](#ui-custom-fields-tab-1) + - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--1) + * [K8SPKCS12 Store Type](#k8spkcs12-store-type) + + [kfutil Create K8SPKCS12 Store Type](#kfutil-create-k8spkcs12-store-type) + + [UI Configuration](#ui-configuration-2) + - [UI Basic Tab](#ui-basic-tab-3) + - [UI Advanced Tab](#ui-advanced-tab-3) + - [UI Custom Fields Tab](#ui-custom-fields-tab-2) + - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--2) + * [K8SJKS Store Type](#k8sjks-store-type) + + [Storepath Patterns](#storepath-patterns) + + [Alias Patterns](#alias-patterns) + + [kfutil Create K8SJKS Store Type](#kfutil-create-k8sjks-store-type) + + [UI Configuration](#ui-configuration-3) + - [UI Basic Tab](#ui-basic-tab-4) + - [UI Advanced Tab](#ui-advanced-tab-4) + - [UI Custom Fields Tab](#ui-custom-fields-tab-3) + - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--3) + * [K8SCluster Store Type](#k8scluster-store-type) + + [Storepath Patterns](#storepath-patterns-1) + + [Alias Patterns](#alias-patterns-1) + + [kfutil Create K8SCluster Store Type](#kfutil-create-k8scluster-store-type) + + [UI Configuration](#ui-configuration-4) + - [UI Basic Tab](#ui-basic-tab-5) + - [UI Advanced Tab](#ui-advanced-tab-5) + - [UI Custom Fields Tab](#ui-custom-fields-tab-4) + - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--4) + * [K8SNS Store Type](#k8sns-store-type) + + [Storepath Patterns](#storepath-patterns-2) + + [Alias Patterns](#alias-patterns-2) + + [kfutil Create K8SNS Store Type](#kfutil-create-k8sns-store-type) + + [UI Configuration](#ui-configuration-5) + - [UI Basic Tab](#ui-basic-tab-6) + - [UI Advanced Tab](#ui-advanced-tab-6) + - [UI Custom Fields Tab](#ui-custom-fields-tab-5) + - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--5) + * [K8SCert Store Type](#k8scert-store-type) + + [UI Configuration](#ui-configuration-6) + - [UI Basic Tab](#ui-basic-tab-7) + - [UI Advanced Tab](#ui-advanced-tab-7) + - [UI Custom Fields Tab](#ui-custom-fields-tab-6) + - [UI Entry Parameters Tab:](#ui-entry-parameters-tab--6) +- [Creating Certificate Stores and Scheduling Discovery Jobs](#creating-certificate-stores-and-scheduling-discovery-jobs) +- [Certificate Discovery](#certificate-discovery) + * [K8SNS Discovery](#k8sns-discovery) + * [K8SPKCS12 and K8SJKS Discovery](#k8spkcs12-and-k8sjks-discovery) +- [Certificate Inventory](#certificate-inventory) +- [Certificate Management](#certificate-management) + * [K8STLSSecr & K8SSecret](#k8stlssecr---k8ssecret) + + [Opaque & tls secret w/o ca.crt](#opaque---tls-secret-w-o-cacrt) + + [Opaque & tls secret w/ ca.crt](#opaque---tls-secret-w--cacrt) + + [Opaque & tls secret w/o private key](#opaque---tls-secret-w-o-private-key) + * [K8SJKS & K8SPKCS12](#k8sjks---k8spkcs12) +- [Development](#development) +- [License](#license) + + +## Keyfactor Version Supported + +The minimum version of the Keyfactor Universal Orchestrator Framework needed to run this version of the extension is 10.1 + +| Keyfactor Version | Universal Orchestrator Framework Version | Supported | +|-------------------|------------------------------------------|--------------| +| 10.2.1 | 10.1, 10.2 | ✓ | +| 10.1.1 | 10.1, 10.2 | ✓ | +| 10.0.0 | 10.1, 10.2 | ✓ | +| 9.10.1 | Not supported on KF 9.X.X | x | +| 9.5.0 | Not supported on KF 9.X.X | x | + +## Platform Specific Notes + +The Keyfactor Universal Orchestrator may be installed on either Windows or Linux based platforms. +The certificate operations supported by a capability may vary based what platform the capability is installed on. +See the store type specific sections below for more details on specific cababilities based on Kubernetes resource type. + +## PAM Integration + +This orchestrator extension has the ability to connect to a variety of supported PAM providers to +allow for the retrieval of various client hosted secrets right from the orchestrator server itself. +This eliminates the need to set up the PAM integration on Keyfactor Command which may be in an +environment that the client does not want to have access to their PAM provider. + +The secrets that this orchestrator extension supports for use with a PAM Provider are: + +| Name | Description | +|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ServerPassword | This is a raw JSON file that contains service account credentials to interact with the Kubernetes APIs. See the service account setup guide for permission details. | +| ServerUsername | This is a static value that must be set to `kubeconfig`. | + + +It is not necessary to implement all of the secrets available to be managed by a PAM provider. +For each value that you want managed by a PAM provider, simply enter the key value inside your +specific PAM provider that will hold this value into the corresponding field when setting up +the certificate store, discovery job, or API call. + +Setting up a PAM provider for use involves adding an additional section to the manifest.json +file for this extension as well as setting up the PAM provider you will be using. Each of +these steps is specific to the PAM provider you will use and are documented in the specific +GitHub repo for that provider. For a list of Keyfactor supported PAM providers, please +reference the [Keyfactor Integration Catalog](https://keyfactor.github.io/integrations-catalog/content/pam). + +--- + + +## Overview +The Kubernetes Orchestrator Extension is an integration that can remotely manage certificate +resources in a Kubernetes cluster. The certificate store types that can be managed in the +current version are: +- K8SCert - Kubernetes certificates of type `certificates.k8s.io/v1` +- K8SSecret - Kubernetes secrets of type `Opaque` +- K8STLSSecret - Kubernetes secrets of type `kubernetes.io/tls` +- K8SCluster - This allows for a single store to manage a k8s cluster's secrets or type `Opaque` and `kubernetes.io/tls`. +This can be thought of as a container of `K8SSecret` and `K8STLSSecret` stores across all k8s namespaces. +- K8SNS - This allows for a single store to manage a k8s namespace's secrets or type `Opaque` and `kubernetes.io/tls`. +This can be thought of as a container of `K8SSecret` and `K8STLSSecret` stores for a single k8s namespace. +- K8SJKS - Kubernetes secrets of type `Opaque` that contain one or more Java Keystore(s). These cannot be managed at the +cluster or namespace level as they should all require unique credentials. +- K8SPKCS12 - Kubernetes secrets of type `Opaque` that contain one or more PKCS12(s). These cannot be managed at the +cluster or namespace level as they should all require unique credentials. + +This orchestrator extension makes use of the Kubernetes API by using a service account +to communicate remotely with certificate stores. The service account must have the correct permissions +in order to perform the desired operations. For more information on the required permissions, see the +[service account setup guide](#service-account-setup). + +### K8SCert +The K8SCert store type is used to manage Kubernetes certificates of type `certificates.k8s.io/v1`. +To provision these certs use the [k8s-csr-signer](https://github.com/Keyfactor/k8s-csr-signer) +documentation for more information. + +### K8SSecret +The K8SSecret store type is used to manage Kubernetes secrets of type `Opaque`. These secrets can have any +arbitrary fields, but except for the `tls.crt` and `tls.key` fields, these are reserved for the `kubernetes.io/tls` +secret type. +**NOTE**: The orchestrator will only manage the fields named `certificates` and `private_keys` in the +secret. Any other fields will be ignored. + +### K8STLSSecret +The K8STLSSecret store type is used to manage Kubernetes secrets of type `kubernetes.io/tls`. These secrets +must have the `tls.crt` and `tls.key` fields and may only contain a single key and single certificate. + +### K8SJKS +The K8SJKS store type is used to manage Kubernetes secrets of type `Opaque`. These secrets +must have a field that ends in `.jks`. The orchestrator will inventory and manage using a *custom alias* of the following +pattern: `/`. For example, if the secret has a field named `mykeystore.jks` and +the keystore contains a certificate with an alias of `mycert`, the orchestrator will manage the certificate using the +alias `mykeystore.jks/mycert`. + +### K8SPKCS12 +The K8SPKCS12 store type is used to manage Kubernetes secrets of type `Opaque`. These secrets +must have a field that ends in `.p12`, `.pkcs12`, `.pfx`. The orchestrator will inventory and manage using a +*custom alias* of the following pattern: `/`. For example, if the secret has a +field named `mykeystore.p12` and the keystore contains a certificate with an alias of `mycert`, the orchestrator will +manage the certificate using the alias `mykeystore.p12/mycert`. + +## Versioning + +The version number of a the Kubernetes Orchestrator Extension can be verified by right clicking on the +`Kyefactor.Orchestrators.K8S.dll` file in the `///Extensions/Kubernetes` installation folder, +selecting Properties, and then clicking on the Details tab. + +## Security Considerations +For the Kubernetes Orchestrator Extension to be able to communicate with a Kubernetes cluster, it must +be able to authenticate with the cluster. This is done by providing the extension with a service account +token that has the appropriate permissions to perform the desired operations. The service account token +can be provided to the extension in one of two ways: +- As a raw JSON file that contains the service account credentials +- As a base64 encoded string that contains the service account credentials + +### Service Account Setup +To set up a service account user on your Kubernetes cluster to be used by the Kubernetes Orchestrator Extension, use the following example as a guide: +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: keyfactor + namespace: keyfactor +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: keyfactor +rules: +- apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests"] + verbs: ["create", "get", "list", "watch", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "list", "watch", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: keyfactor +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: keyfactor +subjects: +- kind: ServiceAccount + name: keyfactor + namespace: keyfactor +``` + +## Kubernetes Orchestrator Extension Installation +1. Create the certificate store types you wish to manage. Please refer to the individual sections + devoted to each supported store type under "Certificate Store Types" later in this README. +2. Stop the Keyfactor Universal Orchestrator Service for the orchestrator you plan to install this + extension to run on. +3. In the Keyfactor Orchestrator installation folder (by convention usually + C:\Program Files\Keyfactor\Keyfactor Orchestrator), find the "Extensions" folder. Underneath that, + create a new folder named "Kubernetes". You may choose to use a different name if you wish. +4. Download the latest version of the Kubernetes orchestrator extension from + [GitHub](https://github.com/Keyfactor/kubernetes-orchestrator). Click on the "Latest" release + link on the right hand side of the main page and download the first zip file. +5. Copy the contents of the download installation zip file to the folder created in Step 3. +6. (Optional) If you decide to create one or more certificate store types with short names different + than the suggested values (please see the individual certificate store type sections in "Certificate + Store Types" later in this README for more information regarding certificate store types), edit the + manifest.json file in the folder you created in step 3, and modify each "ShortName" in each + "Certstores.{ShortName}.{Operation}" line with the ShortName you used to create the respective + certificate store type. If you created it with the suggested values, this step can be skipped. +7. Modify the config.json file (See the "Configuration File Setup" section later in this README) +8. Start the Keyfactor Universal Orchestrator Service. +9. Create the certificate store types you wish to manage. Please refer to the individual sections + devoted to each supported store type under [Certificate Store Types](#certificate-store-types) later in this README. +10. (Optional) Run certificate discovery jobs to populate the certificate stores with existing + certificates. See the [Certificate Store Discovery](#certificate-store-discovery) section later in this README for more + information. + +## Certificate Store Types + +When setting up the certificate store types you wish the Kubernetes Orchestrator Extension to +manage, there are some common settings that will be the same for all supported types. +To create a new Certificate Store Type in Keyfactor Command, first click on settings +`(the gear icon on the top right) => Certificate Store Types => Add`. Alternatively, +there are cURL scripts for all of the currently implemented certificate store types +in the Certificate Store Type cURL Scripts folder in this repo if you wish to automate +the creation of the desired store types. + +### Configuration Information +Below is a table of the common values that should be used for all certificate store types. + +#### Note about StorePath +A Keyfactor Command certificate store `StorePath` for the K8S orchestrator extension can follow the following formats: + +| Pattern | Description | +|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------| +| `secretName` | The name of the secret to use. This assumes `KubeNamespace` is defined or `default` and will be the `secret` or `cert` name on k8s. | +| `namespace/secretName` | If `KubeNamespace` or `KubeSecretName` are not set, then the path will be split by `/` and the values will be parsed according to the pattern. | +| `clusterName/namespace/secretName` | Same as above, clusterName is purely informational | +| `clusterName/namespace/secretType/secretName` | Considered a `full` path, this is what discovery will return as `StorePath` | + +#### Common Values +##### UI Basic Tab +| Field Name | Required | Description | Value | +|-------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------| +| Name | ✓ | The display name you wish to use for the new Certificate Store Type. | Depends on store type. | +| ShortName | ✓ | The short name you wish to use for the new Certificate Store Type. | Depends on store type. | +| Custom Capability | ✓ | Whether or not the certificate store type supports custom capabilities. | Checked [x] | +| Supported Job Types | ✓ | The job types supported by the certificate store type. | Depends on store type. | +| Needs Server | ✓ | Must be set to true or checked. NOTE: If using this `ServerUsername` must be equal to `kubeconfig` and `ServerPassword` will be the kubeconfig file in JSON format | Checked [x] | +| Blueprint Allowed | | Checked if you wish to make use of blueprinting. Please refer to the Keyfactor Command Reference Guide for more details on this feature. | Unchecked [ ] | +| Uses PowerShell | | Whether or not the certificate store type uses PowerShell. | Unchecked [ ] | +| Requires Store Password | | Whether or not the certificate store type requires a password. | Unchecked [ ] | +| Supports Entry Password | | Whether or not the certificate store type supports entry passwords. | Unchecked [ ] | + +##### UI Advanced Tab +| Field Name | Required | Description | Value | +|-----------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------|------------------------| +| Store Path Type | | The type of path the certificate store type uses. | Freeform | +| Supports Custom Alias | | Whether or not the certificate store type supports custom aliases. | Depends on store type. | +| Private Key Handling | | Whether or not the certificate store type supports private key handling. | Depends on store type. | +| PFX Password Style | | The password style used by the certificate store type. | Default | + +##### Custom Fields Tab +| Name | Display Name | Type | Required | Default Value | Description | +|------------------|---------------------------|--------|----------|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| +| KubeNamespace | Kube Namespace | String | | | This field overrides implied `Store Path` value. The Kubernetes namespace the store will reside. This will override the value parsed from `storepath`. | +| KubeSecretName | Kube Secret Name | String | | | This field overrides implied `Store Path` value. The Kubernetes secret or certificate resource name. | +| KubeSecretType | Kube Secret Type | String | ✓ | | Must be one of the following `secret`, `secret_tls` or `cert`. See [kube-secret-types](#kube-secret-types). | +| IncludeCertChain | Include Certificate Chain | Bool | | `true` | Will default to `true` if not set. Set this to `false` if you do not want certificate chains deployed. | +| SeparateChain | SeparateChain | Bool | | `false` | Will default to `false` if not set. Set this to `true` if you want to deploy certificate chain to the `ca.crt` field for `Opaque` and `tls` secrets. | + +##### Kube Secret Types +- `secret` - A generic secret of type `Opaque`. Must contain a key of one of the following values: [ `cert`, `certficate`, `certs`,`certificates` ] to be inventoried. +- `tls_secret` - A secret of type `kubernetes.io/tls`. Must contain the following keys: [ `tls.crt`, `tls.key` ] to be inventoried. +- `cert` - A certificate `certificates.k8s.io/v1` resource. Must contain the following keys: [ `csr`, `cert` ] to be inventoried. + +##### Entry Parameters Tab: +- See specific certificate store type instructions below + +### K8SSecret Store Type + +#### kfutil Create K8SSecret Store Type + +The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. +kfuti +```bash +kfutil login +kfutil store-types create --name K8SSecret +``` + +#### UI Configuration + +##### UI Basic Tab +| Field Name | Required | Value | +|-------------------------|----------|-------------------------------------------| +| Name | ✓ | `K8SSecret` | +| ShortName | ✓ | `K8SSecret` | +| Custom Capability | ✓ | Checked [x] + `K8SSecret` | +| Supported Job Types | ✓ | Inventory, Add, Remove, Create, Discovery | +| Needs Server | ✓ | Checked [x] | +| Blueprint Allowed | | Unchecked [ ] | +| Uses PowerShell | | Unchecked [ ] | +| Requires Store Password | | Unchecked [ ] | +| Supports Entry Password | | Unchecked [ ] | + +**NOTE:** If using PAM, `server_username` must be equal to `kubeconfig` and `server_password` will be the kubeconfig file in JSON format. + +![k8ssecret_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8ssecret_basic.png) + +##### UI Advanced Tab +| Field Name | Value | +|-----------------------|-----------| +| Store Path Type | Freeform | +| Supports Custom Alias | Forbidden | +| Private Key Handling | Optional | +| PFX Password Style | Default | + +![k8ssecret_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8ssecret_advanced.png) + +##### UI Custom Fields Tab +| Name | Display Name | Type | Required | Default Value | Description | +|------------------|---------------------------|--------|----------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| KubeNamespace | Kube Namespace | String | | `default` | The K8S namespace the `Opaque` secret lives. This will override any value inferred in the `Store Path` | +| KubeSecretName | Kube Secret Name | String | ✓ | | The name of the K8S `Opaque` secret. This will override any value inferred in the `Store Path` | +| KubeSecretType | Kube Secret Type | String | ✓ | `secret` | | +| IncludeCertChain | Include Certificate Chain | Bool | | `true` | Will default to `true` if not set. If set to `false` only leaf cert will be deployed. | +| SeparateChain | SeparateChain | Bool | | `false` | Will default to `false` if not set. `true` will deploy leaf cert to `tls.crt` and the rest of the cert chain to `ca.crt`. If set to `false` the full chain is deployed to `tls.crt` | + +![k8ssecret_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8ssecret_custom_fields.png) + +##### UI Entry Parameters Tab: +Empty + +### K8STLSSecr Store Type + +#### kfutil Create K8STLSSecr Store Type + +The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. + +```bash +kfutil login +kfutil store-types create --name K8STLSSecr +``` + +#### UI Configuration + +##### UI Basic Tab +| Field Name | Required | Value | +|-------------------------|----------|-------------------------------------------| +| Name | ✓ | `K8STLSSecr` | +| ShortName | ✓ | `K8STLSSecr` | +| Custom Capability | ✓ | Checked [x] + `K8STLSSecr` | +| Supported Job Types | ✓ | Inventory, Add, Remove, Create, Discovery | +| Needs Server | ✓ | Checked [x] | +| Blueprint Allowed | | Unchecked [ ] | +| Uses PowerShell | | Unchecked [ ] | +| Requires Store Password | | Unchecked [ ] | +| Supports Entry Password | | Unchecked [ ] | + +![k8sstlssecr_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8sstlssecr_basic.png) + +##### UI Advanced Tab +| Field Name | Required | Value | +|-----------------------|----------|-----------| +| Store Path Type | | Freeform | +| Supports Custom Alias | | Forbidden | +| Private Key Handling | | Optional | +| PFX Password Style | | Default | + +![k8sstlssecr_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8sstlssecr_advanced.png) + +##### UI Custom Fields Tab +| Name | Display Name | Type | Required | Default Value | Description | +|------------------|----------------------------|--------|----------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------| +| KubeNamespace | Kube Namespace | String | | | The K8S namespace the `tls` secret lives. This will override any value inferred in the `Store Path` | +| KubeSecretName | Kube Secret Name | String | | | The name of the K8S `tls` secret. This will override any value inferred in the `Store Path` | +| KubeSecretType | Kube Secret Type | String | ✓ | `tls_secret` | | +| IncludeCertChain | Include Certificate Chain | Bool | | `true` | If set to `false` only leaf cert will be deployed. | +| SeparateChain | SeparateChain | Bool | | `true` | `true` will deploy leaf cert to `tls.crt` and the rest of the cert chain to `ca.crt`. If set to `false` the full chain is deployed to `tls.crt` | + + +![k8sstlssecr_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8sstlssecr_custom_fields.png) + +##### UI Entry Parameters Tab: +Empty + +### K8SPKCS12 Store Type + +#### kfutil Create K8SPKCS12 Store Type + +The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. + +```bash +kfutil login +kfutil store-types create --name K8SPKCS12 +``` + +#### UI Configuration + +##### UI Basic Tab +| Field Name | Required | Value | +|---------------------------|----------|-------------------------------------------| +| Name | ✓ | `K8SPKCS12` | +| ShortName | ✓ | `K8SPKCS12` | +| Custom Capability | ✓ | Checked [x] + `K8SPKCS12` | +| Supported Job Types | ✓ | Inventory, Add, Remove, Create, Discovery | +| Needs Server | ✓ | Checked [x] | +| Blueprint Allowed | | Unchecked [ ] | +| Uses PowerShell | | Unchecked [ ] | +| Requires Store Password** | | Unchecked [ ] | +| Supports Entry Password | | Unchecked [ ] | + +**NOTE:** `Requires Store Password` is required if pkcs12 password is not being sourced from a separate secret in the +K8S cluster. + +![k8spkcs12_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8spkcs12_basic.png) + +##### UI Advanced Tab +| Field Name | Value | +|-----------------------|----------| +| Store Path Type | Freeform | +| Supports Custom Alias | Required | +| Private Key Handling | Optional | +| PFX Password Style | Default | + +![k8spkcs12_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8spkcs12_advanced.png) + +##### UI Custom Fields Tab +| Name | Display Name | Type | Required | Default Value | Description | +|--------------------------|-----------------------------|--------|----------|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------| +| KubeNamespace | Kube Namespace | String | | | K8S namespace the PKCS12 secret lives. This will override any value inferred in the `Store Path` | +| KubeSecretName | Kube Secret Name | String | | | The K8S secret name that contains PKCS12 data. This will override any value inferred in the `Store Path` | +| KubeSecretType | Kube Secret Type | String | ✓ | `pkcs12` | This must be set to `pkcs12`. | +| CertificateDataFieldName | Certificate Data Field Name | String | ✓ | `.p12` | The K8S secret field name to source the PKCS12 data from. You can provide an extension `.p12` or `.pfx` for a secret with a key `example.p12` | +| PasswordFieldName | Password Field Name | String | | `password` | If sourcing the PKCS12 password from a K8S secret this is the field it will look for the password in. | +| PasswordIsK8SSecret | Password Is K8S Secret | Bool | | `false` | If you want to use the PKCS12 secret or a separate secret specific in `KubeSecretPasswordPath` set this to `true` | +| StorePasswordPath | Kube Secret Password Path | String | | | Source PKCS12 password from a separate K8S secret. Pattern: `namespace_name/secret_name` | + + +![k8spkcs12_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8spkcs12_custom_fields.png) + +##### UI Entry Parameters Tab: +Empty + +### K8SJKS Store Type + +#### Storepath Patterns +- `namespace_name/secret_name` +- `namespace_name/secrets/secret_name` +- `cluster_name/namespace_name/secrets/secret_name` + +#### Alias Patterns +- `k8s_secret_field_name/keystore_alias` + +#### kfutil Create K8SJKS Store Type + +The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. + +```bash +kfutil login +kfutil store-types create --name K8SJKS +``` + +#### UI Configuration + +##### UI Basic Tab +| Field Name | Required | Value | +|---------------------------|----------|-------------------------------------------| +| Name | ✓ | `K8SJKS` | +| ShortName | ✓ | `K8SJKS` | +| Custom Capability | ✓ | Checked [x] + `K8SJKS` | +| Supported Job Types | ✓ | Inventory, Add, Remove, Create, Discovery | +| Needs Server | ✓ | Checked [x] | +| Blueprint Allowed | | Unchecked [ ] | +| Uses PowerShell | | Unchecked [ ] | +| Requires Store Password** | | Unchecked [ ] | +| Supports Entry Password | | Unchecked [ ] | + +**NOTE:** `Requires Store Password` is required if pkcs12 password is not being sourced from a separate secret in the +K8S cluster. + +![k8sjks_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_basic.png) + +##### UI Advanced Tab +| Field Name | Value | +|-----------------------|----------| +| Store Path Type | Freeform | +| Supports Custom Alias | Required | +| Private Key Handling | Optional | +| PFX Password Style | Default | + +![k8sjks_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_advanced.png) + +##### UI Custom Fields Tab +| Name | Display Name | Type | Required | Default Value | Description | +|--------------------------|-----------------------------|--------|----------|---------------|--------------------------------------------------------------------------------------------------------| +| KubeNamespace | Kube Namespace | String | | | K8S namespace the JKS secret lives. This will override any value inferred in the `Store Path`. | +| KubeSecretName | Kube Secret Name | String | | | The K8S secret name that contains JKS data. This will override any value inferred in the `Store Path`. | +| KubeSecretType | Kube Secret Type | String | ✓ | `jks` | | +| CertificateDataFieldName | Certificate Data Field Name | String | ✓ | `.jks` | The K8S secret field name to source the JKS data from | +| PasswordFieldName | Password Field Name | String | ✓ | `password` | If sourcing the JKS password from a K8S secret this is the field it will look for the password in. | +| PasswordIsK8SSecret | Password Is K8S Secret | Bool | | `false` | If you want to use the JKS secret or a separate secret specific in `` set this to `true` | +| StorePasswordPath | Kube Secret Password Path | String | | | Source JKS password from a separate K8S secret. Pattern: `namespace_name/secret_name` | + + +![k8sjks_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_custom_fields.png) + +##### UI Entry Parameters Tab: +Empty + +### K8SCluster Store Type + +#### Storepath Patterns +- `cluster_name` + +#### Alias Patterns +- `namespace_name/secrets/secret_type/secret_name` + +#### kfutil Create K8SCluster Store Type + +The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. + +```bash +kfutil login +kfutil store-types create --name K8SCluster +``` + +#### UI Configuration + +##### UI Basic Tab +| Field Name | Required | Value | +|-------------------------|----------|---------------------------------| +| Name | ✓ | `K8SCluster` | +| ShortName | ✓ | `K8SCluster` | +| Custom Capability | ✓ | Checked [x] + `K8SCluster` | +| Supported Job Types | ✓ | Inventory, Add, Remove, Create | +| Needs Server | ✓ | Checked [x] | +| Blueprint Allowed | | Unchecked [ ] | +| Uses PowerShell | | Unchecked [ ] | +| Requires Store Password | | Unchecked [ ] | +| Supports Entry Password | | Unchecked [ ] | + +![k8scluster_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8scluster_basic.png) + +##### UI Advanced Tab +| Field Name | Value | +|-----------------------|----------| +| Store Path Type | Freeform | +| Supports Custom Alias | Required | +| Private Key Handling | Optional | +| PFX Password Style | Default | + +![k8scluster_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8scluster_advanced.png) + + +##### UI Custom Fields Tab +| Name | Display Name | Type | Required | Default Value | Description | +|------------------|---------------------------|--------|----------|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------| +| IncludeCertChain | Include Certificate Chain | Bool | | `true` | Will default to `true` if not set. If set to `false` only leaf cert will be deployed. | +| SeparateChain | Separate Chain | Bool | | `false` | Will default to `false` if not set. Set this to `true` if you want to deploy certificate chain to the `ca.crt` field for `Opaque` and `tls` secrets. | + +![k8scluster_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8scluster_custom_fields.png) + +##### UI Entry Parameters Tab: +Empty + +### K8SNS Store Type + +**NOTE**: This store type will only inventory K8S secrets that contain the keys `tls.crt` and `tls.key`. + +#### Storepath Patterns +- `namespace_name` +- `cluster_name/namespace_name` + +#### Alias Patterns +- `secrets/secret_type/secret_name` + +#### kfutil Create K8SNS Store Type + +The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. + +```bash +kfutil login +kfutil store-types create --name K8SNS +``` + +#### UI Configuration + +##### UI Basic Tab +| Field Name | Required | Value | +|-------------------------|----------|--------------------------------| +| Name | ✓ | `K8SNS` | +| ShortName | ✓ | `K8SNS` | +| Custom Capability | ✓ | Checked [x] + `K8SNS` | +| Supported Job Types | ✓ | Inventory, Add, Remove, Create | +| Needs Server | ✓ | Checked [x] | +| Blueprint Allowed | | Unchecked [ ] | +| Uses PowerShell | | Unchecked [ ] | +| Requires Store Password | | Unchecked [ ] | +| Supports Entry Password | | Unchecked [ ] | + +![k8sns_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8sns_basic.png) + +##### UI Advanced Tab +| Field Name | Value | +|-----------------------|----------| +| Store Path Type | Freeform | +| Supports Custom Alias | Required | +| Private Key Handling | Optional | +| PFX Password Style | Default | + +![k8sns_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8sns_advanced.png) + +##### UI Custom Fields Tab +| Name | Display Name | Type | Required | Default Value | Description | +|------------------|---------------------------|--------|----------|---------------|------------------------------------------------------------------------------------------------------------------------------------------------------| +| KubeNamespace | Kube Namespace | String | | | K8S namespace to manage. This will override any value inferred in the `Store Path`. | +| IncludeCertChain | Include Certificate Chain | Bool | | `true` | Will default to `true` if not set. If set to `false` only leaf cert will be deployed. | +| SeparateChain | Separate Chain | Bool | | `false` | Will default to `false` if not set. Set this to `true` if you want to deploy certificate chain to the `ca.crt` field for `Opaque` and `tls` secrets. | + +![k8sns_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8sns_custom_fields.png) + +##### UI Entry Parameters Tab: +Empty + +### K8SCert Store Type + +The following commands can be used with [kfutil](https://github.com/Keyfactor/kfutil). Please refer to the kfutil documentation for more information on how to use the tool to interact w/ Keyfactor Command. + +```bash +kfutil login +kfutil store-types create --name K8SCert +``` + +#### UI Configuration + +##### UI Basic Tab +| Field Name | Required | Value | +|-------------------------|----------|--------------------------| +| Name | ✓ | `K8SCert` | +| ShortName | ✓ | `K8SCert` | +| Custom Capability | ✓ | Checked [x] + `K8SCert` | +| Supported Job Types | ✓ | Inventory, Discovery | +| Needs Server | ✓ | Checked [x] | +| Blueprint Allowed | | Unchecked [ ] | +| Uses PowerShell | | Unchecked [ ] | +| Requires Store Password | | Unchecked [ ] | +| Supports Entry Password | | Unchecked [ ] | + +![k8scert_basic.png](docs%2Fscreenshots%2Fstore_types%2Fk8scert_basic.png) + +##### UI Advanced Tab +| Field Name | Required | Value | +|-----------------------|----------|------------| +| Store Path Type | | Freeform | +| Supports Custom Alias | | Forbidden | +| Private Key Handling | | Forbidden | +| PFX Password Style | | Default | + +![k8scert_advanced.png](docs%2Fscreenshots%2Fstore_types%2Fk8scert_advanced.png) + +##### UI Custom Fields Tab +| Name | Display Name | Type | Required | Default Value | Description | +|--------------------|---------------------------|--------|----------|---------------|--------------------------------------------------------------------------------------------------------| +| KubeNamespace | Kube Namespace | String | | | The K8S namespace the `cert` resource lives. This will override any value inferred in the `Store Path` | +| KubeSecretName | Kube Secret Name | String | | | The K8S `cert` name. This will override any value inferred in the `Store Path`. | +| KubeSecretType | Kube Secret Type | String | ✓ | `cert` | | + +![k8scert_custom_fields.png](docs%2Fscreenshots%2Fstore_types%2Fk8scert_custom_fields.png) +##### UI Entry Parameters Tab: +Empty + +## Creating Certificate Stores and Scheduling Discovery Jobs + +Please refer to the Keyfactor Command Reference Guide for information on creating +certificate stores and scheduling Discovery jobs in Keyfactor Command. + +## Certificate Discovery +**NOTE:** To use disovery jobs, you must have the story type created in Keyfactor Command and the `needs_server` checkbox MUST be checked. +Otherwise you will not be able to provide credentials to the discovery job. + +The Kubernetes Orchestrator Extension supports certificate discovery jobs. This allows you to populate the certificate stores with existing certificates. To run a discovery job, follow these steps: +1. Click on the "Locations > Certificate Stores" menu item. +2. Click the "Discover" tab. +3. Click the "Schedule" button. +4. Configure the job based on storetype. **Note** the "Server Username" field must be set to `kubeconfig` and the "Server Password" field is the `kubeconfig` formatted JSON file containing the service account credentials. See the "Service Account Setup" section earlier in this README for more information on setting up a service account. + ![discover_schedule_start.png](docs%2Fscreenshots%2Fdiscovery%2Fdiscover_schedule_start.png) + ![discover_schedule_config.png](docs%2Fscreenshots%2Fdiscovery%2Fdiscover_schedule_config.png) + ![discover_server_username.png](docs%2Fscreenshots%2Fdiscovery%2Fdiscover_server_username.png) + ![discover_server_password.png](docs%2Fscreenshots%2Fdiscovery%2Fdiscover_server_password.png) +5. Click the "Save" button and wait for the Orchestrator to run the job. This may take some time depending on the number of certificates in the store and the Orchestrator's check-in schedule. + +### K8SNS Discovery +For discovery of K8SNS stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all namespaces. *This cannot be left blank.* + +### K8SPKCS12 and K8SJKS Discovery +For discovery of K8SPKCS12 and K8SJKS stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all namespaces. *This cannot be left blank.* +- `File name patterns to match` - comma separated list of K8S secret keys to search for PKCS12 or JKS data. Will use the following keys by default: `tls.pfx`,`tls.pkcs12`,`pfx`,`pkcs12`,`tls.jks`,`jks`. + +## Certificate Inventory +In order for certificates to be inventoried by the Keyfactor k8s-orchestrator, they must have specific keys and values +in the Kubernetes Secret. The following table shows the required keys and values for each type of certificate store. + +| Store Type | Valid Secret Keys | +|------------|--------------------------------| +| K8STLSSecr | `tls.crt`,`tls.key`, `ca.crt` | +| K8SSecret | `tls.crt`,`tls.crts`, `ca.crt` | +| K8SCert | `cert`, `csr` | +| K8SPKCS12 | `*.pfx`,`*.pkcs12`, `*.p12` | +| K8SJKS | `*.jks` | +| K8SNS | `tls.crt`,`tls.crts`, `ca.crt` | +| K8SCluster | `tls.crt`,`tls.crts`, `ca.crt` | + +## Certificate Management +Management add/remove/create operations will attempt to write back to the Kubernetes Secret. +The following table shows the keys that the orchestrator will write back to the Kubernetes Secret for +each type of certificate store. + +| Store Type | Managed Secret Keys | +|------------|-----------------------------------------------------------| +| K8STLSSecr | `tls.crt`,`tls.key`, `ca.crt` | +| K8SSecret | `tls.crt`,`tls.key`, `ca.crt` | +| K8SPKCS12 | Specified in custom field `KubeSecretKey` or use defaults | +| K8SJKS | Specified in custom field `KubeSecretKey` or use defaults | +| K8SCluster | `tls.crt`,`tls.key` | +| K8SNS | `tls.crt`,`tls.key` | + +### K8STLSSecr & K8SSecret +These store types are virtually the same, they only differ in what K8S secret type they create. Both store types allow +for **ONLY** a single certificate to be stored in the secret. This means any `add` job will **overwrite** the existing +`tls.crt`, `tls.key`, and `ca.crt` values in the secret. If a secret does not exist, the orchestrator will create one +with the fields `tls.crt`, `tls.key`. Additionally, if `SeparateChain` on the store definition is set to +`true`, then the field `ca.crt` will be populated with the certificate chain data. + +**NOTE:** If a secret already exists and does not contain the field `ca.crt`, the orchestrator will **NOT** add the field +`ca.crt` to the secret, and instead will deploy a full certificate chain to the `tls.crt` field. + +#### Opaque & tls secret w/o ca.crt +Here's what an `Opaque` secret looks like in the UI when it does not contain the `ca.crt` field **NOTE** the chain is +included in the `tls.crt` field: +![opaque_no_cacrt_field.png](docs%2Fscreenshots%2Fmanagement%2Fopaque_no_cacrt_field.png) + +#### Opaque & tls secret w/ ca.crt +Here's what an `Opaque` secret looks like in the UI when it does contain the `ca.crt` field: +![opaque_cacrt.png](docs%2Fscreenshots%2Fmanagement%2Fopaque_cacrt.png) + +#### Opaque & tls secret w/o private key +It is possible to deploy a certificate without the private key from Command, and this is how it will look in the UI +**NOTE** the chain will only be included if Command has inventoried it: +![opaque_no_private_key.png](docs%2Fscreenshots%2Fmanagement%2Fopaque_no_private_key.png) + +### K8SJKS & K8SPKCS12 + +The K8SJKS store type is a Java Key Store (JKS) that is stored in a Kubernetes Secret. The secret can contain multiple +JKS files. The orchestrator will attempt to manage the JKS files found in the secret that match the `allowed_keys` or +`CertificateDataFieldName` custom field values. + +Alias pattern: `/`. + +Example of secret containing 2 JKS stores: +![k8sjks_multi.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_multi.png) + +Here's what this looks like in the UI: +![k8sjks_inventory_ui.png](docs%2Fscreenshots%2Fstore_types%2Fk8sjks_inventory_ui.png) + +## Development + +[See the development guide](Development.md) + +## License +[Apache](https://apache.org/licenses/LICENSE-2.0) + + +When creating cert store type manually, that store property names and entry parameter names are case sensitive + + diff --git a/readme_source.md b/docs_old/readme_source.md similarity index 100% rename from readme_source.md rename to docs_old/readme_source.md diff --git a/docsource/content.md b/docsource/content.md new file mode 100644 index 0000000..100074c --- /dev/null +++ b/docsource/content.md @@ -0,0 +1,54 @@ +## Overview + +The Kubernetes Orchestrator allows for the remote management of certificate stores defined in a Kubernetes cluster. +The following types of Kubernetes resources are supported: kubernetes secrets of `kubernetes.io/tls` or `Opaque` and +kubernetes certificates `certificates.k8s.io/v1` + +The certificate store types that can be managed in the current version are: +- `K8SCert` - Kubernetes certificates of type `certificates.k8s.io/v1` +- `K8SSecret` - Kubernetes secrets of type `Opaque` +- `K8STLSSecret` - Kubernetes secrets of type `kubernetes.io/tls` +- `K8SCluster` - This allows for a single store to manage a k8s cluster's secrets or type `Opaque` and `kubernetes.io/tls`. + This can be thought of as a container of `K8SSecret` and `K8STLSSecret` stores across all k8s namespaces. +- `K8SNS` - This allows for a single store to manage a k8s namespace's secrets or type `Opaque` and `kubernetes.io/tls`. + This can be thought of as a container of `K8SSecret` and `K8STLSSecret` stores for a single k8s namespace. +- `K8SJKS` - Kubernetes secrets of type `Opaque` that contain one or more Java Keystore(s). These cannot be managed at the + cluster or namespace level as they should all require unique credentials. +- `K8SPKCS12` - Kubernetes secrets of type `Opaque` that contain one or more PKCS12(s). These cannot be managed at the + cluster or namespace level as they should all require unique credentials. + +This orchestrator extension makes use of the Kubernetes API by using a service account +to communicate remotely with certificate stores. The service account must have the correct permissions +in order to perform the desired operations. For more information on the required permissions, see the +[service account setup guide](#service-account-setup). + +## Requirements + +### Kubernetes API Access +This orchestrator extension makes use of the Kubernetes API by using a service account +to communicate remotely with certificate stores. The service account must exist and have the appropriate permissions. +The service account token can be provided to the extension in one of two ways: +- As a raw JSON file that contains the service account credentials +- As a base64 encoded string that contains the service account credentials + +#### Service Account Setup +To set up a service account user on your Kubernetes cluster to be used by the Kubernetes Orchestrator Extension. For full +information on the required permissions, see the [service account setup guide](./scripts/kubernetes/README.md). + +## Discovery + +**NOTE:** To use discovery jobs, you must have the story type created in Keyfactor Command and the `needs_server` +checkbox *MUST* be checked, if you do not select `needs_server` you will not be able to provide credentials to the +discovery job and it will fail. + +The Kubernetes Orchestrator Extension supports certificate discovery jobs. This allows you to populate the certificate stores with existing certificates. To run a discovery job, follow these steps: +1. Click on the "Locations > Certificate Stores" menu item. +2. Click the "Discover" tab. +3. Click the "Schedule" button. +4. Configure the job based on storetype. **Note** the "Server Username" field must be set to `kubeconfig` and the "Server Password" field is the `kubeconfig` formatted JSON file containing the service account credentials. See the "Service Account Setup" section earlier in this README for more information on setting up a service account. + ![discover_schedule_start.png](./docs/screenshots/discovery/discover_schedule_start.png) + ![discover_schedule_config.png](./docs/screenshots/discovery/discover_schedule_config.png) + ![discover_server_username.png](./docs/screenshots/discovery/discover_server_username.png) + ![discover_server_password.png](./docs/screenshots/discovery/discover_server_password.png) +5. Click the "Save" button and wait for the Orchestrator to run the job. This may take some time depending on the number of certificates in the store and the Orchestrator's check-in schedule. + diff --git a/docsource/images/K8SCert-advanced-store-type-dialog.png b/docsource/images/K8SCert-advanced-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..9fc6c81c63662a580078d83907d773ebccb156d7 GIT binary patch literal 37377 zcmcG#byQp5x9CetTc8vuQYhY{rC4zd6nAJTuEn9aJCtI@i@UqKli=T^-t*qmumyn}g;r45IH z0=U$1!uD@Q9;lGmm4#o%Aq!(yFB0%lzE%Eq<>|4&=WL0ZHw`l+eWYXe92t;-37#2} zDkAu+wH4)=Q@RGi?+mY8OpG7`=M|Yj{=a@dtQFMFp~qY4cAPLL5u7*#@Bukl#9a##a7_kNP#5sHnp1R=9MywXag#G_lmFX(5rdm%cD%4++29b zFX*H&+nlRwMz;sZe>d**^mFjXw&TAqpP+R;)kpLe&WeAZO*Ztl>ZOB#Qb$H_N%f{nq!J+g?QBx$^P3D;7+Bww5T@WsiRzU)@!LxUYq# z@?2S^^7Bp|6g(ccOlfJy8>qW}Zss>5KWfxzD^__Kz2sByby?+_iinhuG=+b&#bJ2Q z`%R|W)i%EGv-h#FbO+-DbZPElMx6b5)TOy_=KuiPFF)(TC608;*A-MF&Yg0)Y{b2hB3GyZdL$9BJ=kam91^uf51atj-_w)_ix#EJXB{=^HMFyAd<-J zDmnC1c3)E-9gEltrU4;~QB?%;t_^EvQ**X2Ud*UN$SI=FpX>6@uq_TcD+$C@tJ(-| z!?cfwD}R9XJNh@@0{w*BAMaON)MJ24O9zl8t%Cr@Hz1`}g#D*1R*Jm*We5%^*Ip-! zwdZSF)eaEmPQ*8GE9kH82%_aSFb6YIG|K}U2dI~?MwEJx3>eJ2+vFc38mu*!stvZpL!2i^ya25X>~%Ut%&oxRrj-BA<*c6>1lZWWQD45 ztaG<}*$bA`m|J_1w`u%S$?43I?aenK%xa+M%kU5@_4J1?Dv?631S(u*_FiP=l50_3 zk0k-0yC&b+Yh8RYa~fbK#5LVDL*nU_a0(oJ{{BN_{bV>fh_G(|)aGE0?QA%gYE2DC zKrz6b9GmU3y^`T^FV}3zj$6MCxeGnRfAQ11zwWmy#El%p1<7vn`}yJuJDsX^tBav| zbpn2Dc_PL8b(e6RFaZmHhYVvt&@!^PU(tFDSHH?*uivCH;Nqy!&{EhZ_wtv>#a+^V zN&9jOpx&_~bN8@@Ur0yjf`gCp32GRdCWPTYaWbV`*1|-LUiQ~3^Qqc!4VnlQ*;m|E zmNIRQ2!*J4CDmNDi^uVWy5`ZQ+XXxtF(f;pb`2hqzhkWvjHa7cv|N(^-okyNb$I>N zHCUG%ubDS%Md#AZv94OekY7-j6MYd4WcI>GX1Avh{>|b(3QC^l_u_*^c`&kbO>d#} zTlI>=eAosRk?_&oM}CHf8^kc3IPsp)L_TzLKnPyN1qb*{2-KEx=zKRE^ePp6xPf4} z#PSKvEnZLJE$L29Kl16~cKY5oAryOz<6QRRmG4sbY#Uwh_Gr*Uf4ZF*p19`(G1w^l zc^>tAL@ETj^Rg*BgJ0|ln-R~D-+%4ov@DVbscwIaiQWYW9Jq280`coVlrtMDrnafl zKD!FsY+5lEN|(NRzBbD9K}4H`keD?4(Ap|KdVAZ-opD-NP-Fj*6I<1u)%tb{xrP|5 zH>D&-xN5J!?(U{PhfC8@@n0fCukgrX=yA1myzN#0ymvn^d*l?u(rxY^yZ`knV)^U+ z0C|74DP6VZ-NtbS$6#mq@4kwSWB;2qL^1A-Jj@%udyw>bmYe?%nF%GMHQTej`jN7- zGK1y1+oea?Ez-zeC|P;+!DsA7Yaddehz6LOUTY~6m! z>STJBo;l&X_wtc()JH?9UmjqqQ?z{1nflvuq+z4wqgwZfd9A}rNeFlf zqzo8}mR%ucr;XPaLr;p|86cRAQCCl-lvTZ9oTW+7xyRXq2=$;jsN7au_u_eXridKH zbRtgN(VLN`O|VL{ruN2eKIOMW*#(5~!o1wdb6;}EWOh0MI35-#8SAz=)RZz*BfGV| zLfeY97`*srqsPP0#uy&!lF7-b*yJ}DtNFB)FSIrQ*>z$Tq)O^|UbJX=d>hgwB`LlT zyD~m9BwNV#FfCz)ZmbqSY(s-|19>Or*6sFpG_~ZlYwH zyfh@aFtCL0l2j?InACZEe9v?(yRiK>)yCK9&fNbq9>3sxq556~P`G^XY77<1+5GqYO( zi#r$KvWJP4O&L1@A?{r6Jt3haYC>|KjpYhnTiHw*8XAu2b2u0dfpqeT@JlzdI{akU z9uTcUr`&lkIhzg}K1J%{GKduHSCo~}_Uv|n>iF<5s#HSSC*3i#J0Jj*$|v9Y%Omdg z{E_1-2Yz5j?^<8xRDdAZx~!jra)5l?%qgld64sK)rx%O z@C`(VLIVbz6xZ)|Pfa5uVHE!Ly0L=;A?Qk1IXUl~oO`2jL;Zs-!3nPpnfL`6y4^9B zwXTEV0al|ihKVdu(*e;Mk0gFy6vgi)9gVM2MUj$Iw*%XK7P9>i_X7PC`jX9%wb5K;g|1XiiR$nrvn=s!y~ z1%Ig`z9obsY&S3)cGsADMF2!WiQuXeEm2 zeps5CeyCOPGl{{$c^1d`ft%Bk^ZlOC-2?yU?bk$tptV|0z=JTaaMtNWTIGJ)fdyW> z6*H&jNG242x^AklozSnM)4gLI{~NOix@}A{$ZrOGji7|$hSs-Vs#?pG_b*a&PI+-!l$#9s^a`C04yb$pEaHE& ze})+z8U2a|XoBS8V4WzU-mhIdWxe19U1)7YQnqBmIh@+@n4Zm=D!&4LCuQjQhSqwp z7&AR|_Z0nl>>QH#x6|# z8*}+Y=DKV5t|m2|jFODT$mo2fKZX6Sm`Ir41=QF=84twAKX9jf7B0!`+~{rRm_9@2u8Tr7y*{D{4x1boaPA(8mmdB|NMER!QfZ zA`*jlE~__~%_l;Z-FWa@h;B=u&uZ#X#GybZt8ZsjowjAg3#p(em^VaJ*er7mi9BeN z@&y1v1DcNs)h%H%8TKq%sVxj`Gph%qe?s84)fKI9X7`fzZK+-k49Y^q$q{gq$Omqk zFLbU8tz2A5RMm91PS1jwEX!vF^4BHcaJ%NmVohVBO>wio+D*Ha>K6CzaWQV1Hc*#} zjcrH_CdJYhU+vL!$Tq_AX7`JKb$&ZU;I%xWyqMQKxXIm4r#D#MsKToY@X05T|7Fzg zR}EF6h~QubT&^SSU21F=g7!O{M1dCggz$p*0#B%8??AOA76S>@Eiq zLOv2i`{VVJS0|qzPd<=#9w~e5_-`FNYlG6hLUR}8y+6QB>A1hDzP8l zth?x2ziV1fRJ}@~f~6gMTy4f=Gx=OAsa%RBJ~q)CT4KZc#bWon&eegGBn(s|Z~PKX z@9h1b$$UseepMFC@v-`TZ{5+E-+EbOJ6w}eX?2QBz8ax0>1{wPgt9G?UcY3WGujD0 z2iZ3S-TO|6~C+CA|c1 zccOnU_Kzj@y2$c>xiGLe*tB&6MSJCLVuLEe6_TIyf%%IE=>q=cDRgL^>}(uDpG(#$Pbi)L@YPaqWULC|eR+!%i7SY$*#?F}L$ld{`?xl!L3r`1YvGPrp<=i`-)e7c_vSo=8x>+hy4xdQ~`M`5qOLUH}hMMkNerssb0%FwjGP@uSLfT$f7$3D9*&}eL_SA3X`&M+_M(8Cn zy8<&jdeK6?v4KKG;rA=yX_t6EORxbe5)~q;Q_3pHM`}tUny85IE0twOK3d=B6#DE> z=06{ei-6e)ckqY^p7>Jk8^SXLPM9s7Ulw_PR8UcS_VM-m2!p?XAKe_JgX4qs7yHA5 zVDWjmP;%Yqj&yBeb6o_w0V-P~37ofYvJF zBzgV`8i>33{<{82-$!oM+!N>&Ntvu-HK(T8yV@t8^&IfXP-HR__c{j!Eq`PEe}S5x z&CyX^(EsNy0oSYEc>ltmPpx^d{)2%2FE9RIL(~7iyIjW$&6nicAvPu{fWngSxB1W_ z)^g3tHs_Z-F1Nc}|nrYo2wa*BRqV9=ef-QE@O4_78IZ4#9o zsEmeKF4c%@?UpLjzQWZVy(cFfYd?YgOK*Ly zZS^RXAMqUKKhAH20A(hHKr;tpQjc_KEBQ$!_QEvCE=Ux@_?HZ#U3W4)no1;tuz;Id z+h5_9oT60kywDdT=1OPM^%ZvY3&Av9s8=dW%1ZfN<#UK(nWOZZ3X>RWWWipv_ zlh#ZOHLQ6%Y2q&`s7wooH$2O9;=nUU#l?}{xUO8TgPU!vis9EE1RhC??oEqlTvMjKj zKIA`Bqt8>A$-QqcbGwQskcRC>&Rb@QL!Di+X6YUr!0XYps4r+(yZE|Ur_s^7`}Wiv z!!~d#ECzAKv6X^}LH|j>ZUdgbgB~vf-N6o$s13KvZ)o(7WU0#?<&jaj8ldJ)hY82k z+MaKZL)g`yb(`R&|agc_#$<+JEs%(0z= z3dO6nZ%zG6ulex<@-(LM?9@tk&vw|etCxUVse>C-Fk>64N5v`iX3WQKOzJN%D-bgN z9no6JWBzBpILf6q`wj0HbMkeyNg_QeowL~|@01lpvjCfx02n1%r+~;W%ts?Co`qL* z#M!rhCC+1S0@5;mIdg|wDpHj1Dfw)Tg;Ika-RwH@2edq`_7`0{FPBzTi_a3ds2kL5 zX&Ie4t%*H9r%GS7M%PZ=Y;G15q~xqchfPtr>P89-vP{(O2K9M3mFDL5CdZDA1et=3 z$#(f+M~IPpc1v1-c*>G5Cu8xzOtqqr4?j}_Vx@MB0(Ncnd+EQa$C7SNLuHK z9?2hXMk*;OoT-|RFE!OA;fY%M&oZ{X;EpmB6S)}7Tb=E-)rK5zF%^x2I^GB*IMzl#LdUu>d8ajP?I{Pilz)>lJ9rX z_}aAhCg_yOcb8_Y7SXnzBHG(ETIjieIipr?;`of$fXSA>X77IPw`bO<@gFJO<+g~+l@cAZ+RhO$U=tdqap)@&F znw&V1?~Q#gg-LdBw2P_i-M)3SlCo9}cR^d3M%h!JoQ)-h{@Skecb5xwd~rURWN)sb7Q~X=qWwEfZ)9@4yU&SvNP$T;pTyPAdO9I}XFJ7^ZKItqik3LOng#!lb z2fGEgK5OC_w(Yw#gKd-Uum0>7Y~BpjKG9b7(onr`Y8W3`8;Zte&vb4O3~`slh?X21 zwWop=QMCKGD5w?!+j}_@6a~p9W>?gUH8b-}FdlZWoj$fBD1i@~DBOc7Kg24cI9jX3 z+p*Ulzu*kjj)ihVJRVm>vCfr6;ePxsf9MLEjjlYB;Rd!<)=YFTX^J16G@Pop!fM>IgyMLelA zVmUtIktda&84IPA^+G6)t1eqi|FJ@fGo3{PLa$#=rf*x%>oBl4u55zt4<_l6Lo)r5 zg0&@Jd5sE8LCZoy7T=^)Of(^>b?12A^v;WA*S{7r!n|^K*a^}6Q^^bfy0QyO71#2t=E)!HdUWQJZ}n5B{+D6@yqb#r6gMQSVz~;tum*LMZK+_>KOulAuN%4kwc+PP91kXh)TwI$$l58) zRDVV~MSen!_4W-8z_Rh!%7tRj_U2|^&`r==v!%Rf-~`1aF5$qMF9|PUBe4NSRMdEd z`)hz{ERvA0Vv4?BEvv!BqB7=G>T2|~j&xL|-Lfe3-QE&;E3*60D75iRYy1}1;&10? zuT-)nsRB+1nq7Y<=(r3sIa`C^11*NwsoaLt%fe)JB%x$*NEA%t^COR-B0F>i9bI`e zB8EpfiH>_3@JTRrIll*MKhy7J;QAg77AR_z#)sVS4z=$|J92O+BrJ;=jqqR{1nYhu z^3p$RD#+J0D6>&kSXuD5u@6vB)iqaE{vAePw`%PHZT8R_i{|qKR>G#Iy+CWG6CC+0 z*JGy_QnvDwM!&DP!F!#>TeP;Xrlz7ne#^t`v!5-So0{AhU%6b&46Q2Cdha@It&Yii zyUeU@SaIJmJ4frMw6#@-X54_*s;Z$CjX2>d?CBlQaKF;3!(&jDa0DQWlBfuiyxwgJ z6rlU#?}XcnYbnKv>#eD%$=%As{X6feU5luzS1MG=Ilucj>!(;bT?=y+zQLZ4v&h%j zoX2vdJ42IoD|g5Y{HOUVsySz?Ue$TrZ!9;r_vZ|o5K&YrL|0evFUCr<>7@bc7}?YI z*1{5)5@G`y5$V{RF#-g*YH#eLHAAizfGrQ3k*<3;5gf%%{H-@?+B8RCCn{e@Z;aID zFJLp5?K_APq8Jd4PXxS7XuWSktQE1>T@<5#&Hy#+)DMQd2noTUh+f;>tl-vv^?*z2 zG)2YdzZrSej*tnYO+1LdPR#Z~e14@gy&CrEWf2KX3_W_aYg}9+Ib8`SndCSCj7kaE zu`-omv{9NolY^zb78|g%6p{&)Fcas+6e4*s`+@=rXX+;q_pX3AofXW>X_C-*yL2r> znQg3f&$cg5M{;V@89qWKxTBf^3_|Vk9v1T3adh1@^%$l(1wCyNByZrl;rL*!?gk@5 zQYFKvOQDsX>9>W?_vs^;`MrP!0^dumQrt#AKNjXgn%_>M@OlO>CSw^7@094FKNo~F zgA@6o!6p<6eF(6PzJx$cj0nfubU8Pu8hAKjyJy|Fx3h$m@+BS~X5qd$m3QxQmjc%Q z`hoEPytRKVQ*6e!DP>lD+F8OHc->b@RctXv3F3X-HM#X@PSY)XyT<*e4@HGXhBvr2 z;SQ1g1xJu3gB1QlOIN(H``@@if-7QSd)mX+mUx1;PVPbj+n#1`iO6nLT<_;%USha< zEz_D_Ept9c|c51#E&=^t8cKl}NxkUzb;o+ziW@KM`j*N3!bBW<+Do z453!AkgCt-n`~Mcr}+7Rsp#LZjMwrZ>=ff1#8Z@-F0WLoNGb5ygWLuMB3>_x5AtUc zy?4>Mp5fR(ALo%F4=UABHBzN*i2SBoaBb6=%#{ zU)N@{eA3{ad(&Ym3;rRz_m+@=N96YfFYyhwBx9@;F>yUBA8Xr&)=bgS^P-UR1%-uk z*MVe%GDk_eK1oc&*6BXz8e*hSQ-$%t-63k+>%|_Abj_z3z?3LA!z?4SH@UpZ4DKls zeqJ~@f!9a3M-%~rkX953ky(CV1;7B@g8NNW-i`{&64$$P&j}V~ToyZ49hRZTHCYu6 zckEsvg7VGe24$x((^VLBpCTeb%10XjsL#`%>=}O!U(3x+-Qnjn(!Eb9JX={x+tl@9 z0DR!5@u=vOX!%?~E1rmhe$m;LyLQl|(%uogLJa3T?p*oe?8l!Fd4)TE5Xg|f_3}q0 zKiFXyASgJepImQ-s9o^O<=n^)dJmqgig25wsH_#-C3WH^Z?A-kPp~B0XYVq4>Y|Jfw*oK!D6qn|ZXtv5O*v6WJpNw4Or0^s0P6tCLF|VND8v1X zFHu-d={b6vroptz(Q(8arN@SB6iW0r?p%XJHj`-3qcf_VjBf>uacl>T#%Wk!kB zb<6ARx&m6WJ*;UH$|ME&)MoN*@afR0hKz&DuT@bIIa;CvbraQRaoCNd?a(g;6Y@aQdLB!>=rZvIA zEXO9~UX*gh@M5sw4M}mo%&Ug1&bewuZ%Ks|r;x;O%o8de zSGMZ^7-gE8;A$!97p@e%v@9~E@NLd3-FUxy4?9Vj0I^CB8*j5tq^u*jfik#qvaoj~+C)x8 zxT!QpNQ9Lm%{>28XuUDwF)cyhTPRcyj0&b6kB~prsfJvU*PrcIf$-rXPxL6K`N-D`|gV5wSH~ zcNo_|JtLL3M`6_oz&J%R1FzckGhq?4*z^b(+bqsv$3=nogJ~1Jli}@?Ts)r<##}zj zhXB6vCM@dbjdx*C#^I(qT1ZuAsNJ3l#!p$OMXeUEEm#umv#@mgfdLr$_M7Ye8%feG zU~XaI79?h1rL~g}7p*?e7g_kcF#6_#{V3V@$zR-nu@|r7k>}poIS*SVknk8fSg&Xe zwnI$MKd3E!Xx!e#@9f2spWX!jGt>GvOtoe=amcvPj-`0oO;3vAX4B$A|4Ih5W3AWK z(fOTHf~okvX%+*`A-R1XhAZ>`HuhgGN}d#}n0I;bqW%1xoB3Zd1pjZsu7C-+-M>;1 zF>QQ|S^qb4`L{g9|3(T2QSFqpw6wmyK6S3CFc)Hcq1CUQj8-bZKt@#3qG9dx#(Jxd zC@(@oQ_~*-fr0E6WT<^Fz}D3dm(~8`LqjcoJQJ?ddWh&k=o(ckF+t&%f&FZll@_Df zF2$f!x@PG)(130=q8iTB@`?XcgigMY<8Vke)tb8bOXLBcXf648H(|dZ7D~%nEZ8H5 z--?yT$(D#RTl^o90Pm}@A)A;+y5=D^f3}V9S<-TPN89d->bG{FJZ|-2Ar@C9pCUI7 zu5@E@s0iDj31$@Srv^ySJ`hx=iZT`sX)+Z<1{Jm-?CRvY*cph;1y|PK6J_M{7{WKY{%GEJ+pCkc`%f@p)^&S$x+c_IcwNh zt$?6SK-1gIPJ|UJEL>@L0wTaVs@*E6%+_&&i_9?cEc~ILF$cR}<&4wOu{@cNGbq_S zF4s#^FS3Uiij>R-H|Sc%rhZWRVPNnh<2C$3uv<;ty08%^EPUR~)M9s&1*Pm1<6M*% zHnxc7nqpmvYybTvvtjXKzZ|`zK%r;aNr{D_y@<0Vr3v4gL~YXE?q)J_<~pLRqCBUF z2wsa|To=t`t{)bAVd8;vCKHp@l#%0Q9*86V;aNfjxv#UVuK?$43UaN9i#zIkApN#) zYut%y1{Za+;bI#JJDI%9#X=r=r~g+D^k{NX z>)~56V0TZXUbeeK@rw3Uex(W{u!g;}VlU6cT-ebqVw_e*NkyA6SvH|9GLyTnQlBad zUp(E8MyfbL_N{&UeD}WF;T%(;>Q+d?m|E-L51^c-vzv3~IP;=q;VY=Jk<^|TI?&)x z*=6Yq`s2g1F@nT3$5QPVjR{TDmt;(^#huJSvnM#Vm3>BySc{~65EIv_Aq|ArX!5X& zP>{ZS0+;BWtb8>o1(f3TQAPlsf}6!-4xci^e|oDcAk+O zB9oL?cxBOEQKlF`3$IF!pH!}TOS8A}+w1NNr|672=mBGE!#;VK_lSLEk9=&Kq6yr_ zKzmk`{$dt=zAJsjNL?hu@^D z-y~_US^$&=^v(~-TPkDC$iRZ7!68iszOhYp=RpzACJd9cRYfJQY>cFoDF#rv+ZO| z5g4MUQ6J_HkA85it;jE(SlK)EI!pqCdGm?_hZoJ7)bcgYY#SLOprhxj6LElP@nf7g zetM42$yU2Xu~JSz%V_D{g?+h8Z9&OqsM}F@cu&Uq1NZoOvt|@agzBDCc>M)e*80zE zbgBPj0mhplJ;tiqW+PA?ag=3jiwq<^KQ=JmY*VW&EU`QYrXeUCXB(TkW-p)43&B%;60YL>xC_r5c*3AJBn`(soV6l|UjQfF_uPr)fOfSi1=Qg&A5Q_-UF zMqpF1se^@7tpO^t8Ew0~u+Z!X+=%_dqPV#D5w(>;>n$e7V9L3yhewcR7$o4RMlDI# zV_YngqS+rEt*eLi0(AO{`splI=VDWFM+EBqo6re0K*^!?>P9z1;a7A+au(lM%2*Y| z|Lzsaz_w8S*MqU28`qD~|0*JQvPBE~Z?@rot1wv6F&C{}RYJ-6ox{gL&P`zyrehA< zUqB7}y*9_5;{Uub;eU6h|EOg!a^!@Zliu1N$3c=9_NNZc=A6#Im$n`&=zs z9D@+>L}pEm3N6RW{rUNFP0`D_Z!F#x^IwR9pP|k_uNoT~xP!&Ti2qtZ`%Z{&L!Z^@ zN<<2t1!V+%>LF4mx^;WjitXa=-g&v8i-mT^>j3 zt1L=y0OjKIH5B8|W_g8k*fzR}7yA1uy`VjYNH^Hu&LimJ&7Te1KAUV%!(d$d?VgpJ zI#|GooZs6QPTc0Dy<=M`;?IrEZV2+(oytA-J@&rvm}a`juC1-Ty}dm;I&y3G)ye&6 zm|_4NmyQTU?dtW#XKo{Vz?=Ol-%DI%5%#M5dvuHUOtAgTreanV#w{J;db?E<4mjt_ za}Sl`#@XIk|MWeg^Fsya%*68w_TxH@ZMb|Mb=bIE`_)!@1zT>}YSW_I5!bT4#(}^n z$`WYme1Y*F5x~4PFb`*`<1VDnZb<_6n3H1pnq#x!boililm7I~5)7I~bY&MkGivk_ z#6i~=4c_w@Tv6?t{^kGSL*b!zz9R1e{+b7(SlL_UGcvDkOf> zSArLa6NKQr$F)wDDUQEe^*-Wd?2K$(mRkcJS)@};{#Y+il{m#h*M7Zf!pfP{szw?- zuOr~tn0}yGP1^b=oMP*K!GbvV6{^^!E@zC*EBXE#=k2We8J-0rdU~5z)cuXcrhTUb za_>0E5nfjy&@2w|7;yjnYtM?Yw6Nc+Xk1OzBtJ?(!)jmGFCyvW6wdxy7saPD3g@fIiX{N^_2ro6&ex$ zL{YXMbVCjB(%*a)kyeE2s_8a=^ZopP^s97Tp zb|2uw>-JC)fbZ0rEKDZm_ki%U`Ryza20D=}6MEN;HNS5g&9?=01G9}qGt=S{Q}E%s#EaHJJyn!@w#e_ho?}-7Dp*)#9&KHTqb!^c zb-}~Wa>gm+LM3NV&p9o4rE}J=OS&3V49?8$0kvDJ^jhnjwnk8@m*}VVzvoDe`EWF$ zX62o^yjIHxoTXQSwkr2bE5w5Fbxvm)!*OVp=r3I|x*!_5CfJiD{Em6tTy9faK+nM& z+c$Ah^CKNiY%$ebZKK=KGkvQp3*vJjE+M&x7ciRK{sJy`dG`sv?s{aD_{fY*wzNK5N!jB*R7<0 zSyfa9xeY7b|3kqdgL79s+yEIl=rr6)5gN{MCZFgRuxwrdvdM;gr!_UA`YGT0&+hmV0_ucgoihO8egC`-dbfEF*sQ!P)CWQ|xF1 z!e{0xpn~e*@$?$aYJ-Q1S(P2xJ{6JM&GSjoY@N>3jb*)^KE+nJwv?|}^7e0y-PhYK zVlfc6cegtm=e>kLTJfak(IM4>rdTicAWf2$iNN!7Hcb}qT9u-2a?%x>O;fZ01HB{z z*Xf^8XTWw|g(FKR`GG}a?Nz|gsp*3CbGP-^n1f;24=jkm^*xJ_bbjNFZ{|MXyIH4W zRs&tmOS>xEB5T!ieMiob%TqG9qlv*sV3=}i(q59c|p&)&?jf0*$%^HXGL?hc27 zDL7$W9O&Xic5F#)s5C;r$k>n)OhiTco)EtdQ={4d@afYh8H$>ztq_E+hI45~)%1QfLBD!Ne@G9}J%v9ju0VEcP>yPZyO~=--D} zXt$XEr3|1Q@T8!kNj>`Z49$T=>kI5gRD^ZK`YK!F4__ATXmNq4um0`zX7{_e%WqD* zh~^qGaH5+g|BbVr<*`*7eDnWT-8;b_a@`D9ma%u&Y-w4^q$~luuS3f7W^8Wsr ziDNU{K6Q z{}t9xQf}jCtr}b*G-S zwH5V+nQk4b%OFqs5qLf7xns+}!9CqU~w@4Vi@(5=-7`FgiY_4pGqvKKJBL zxYuVDNR+2zwlj;U;G}1Vs;M@V%k2^*?sB@iD5@F{jc&@1Tx;z%a}NIC#GMIBrJ&a! zJDUN}(|eCKU}tKI7?x;qcEq#bf~DGB4;I?m+9-wG#xitub<@+*PxMGNn~91 z{3Xc>Z{^xnbyQ8JiOAfx3)Pay-REC6CKhiN*0>Cb^uOaFwpA%hU}{X`x0+OH_CW-j z&V#k&NK|OkugsqnP3M{h=Iu55wvWjth8R5Z7fW&jbAGR5;~wrq&PV*SGCpX2TFCR| z0U-wJ_of*GYSDP@%#VtWd@LMm3+l?Qy6}ASsn*JNoL+KS&U!TYWL~mdN7{ejVQ;LX zyT+goq!Z??|3hV@A-M6cwbL?bTx$bv2xIxVtn9{ziRTL-V_I>M9;~qn6|gm$?Lv0D z59xQ=HS_WEGSJgYNlRDhG=}5i&90h*JqopNcJpK6gnBi<$sYG>I>WwF>D{1TqoI9D z{*R$=@%Cl-$t$_2nBq2iG_yNjN>0cNc_2O zZ7K{0RTvB+`mg@^f0O0*Z$$8aN74SxegAI?g#XPCCuXgGJWKBMxj!8Y3=E_g^gZn- zK}q!2;Ia!HujVii4?t9;_VKv$(XURHn6X|IWgt&4RHX#ua1;JU)>@CNU zU()E7X*V(Wdoim`b2}gR#ruEiyt#scgC7x{?Z}f*(Lc|1znIT9i5?LY7rsZeIiPcY z_=o)=2mS9cv{Rm&T^;*BA~2|5(V`kZ6;DllB1-`J^`DLKw8)-s7TD7604v>VMPT z|5-)$f9>+j@1grq{9oCOT?32@H2<}J`#S!)$KL=9BsocbMSa(iU&Pfl?5x6W*o%H#X;BIxQLksPY;Mh%fpM_``2m`M@x zBGyAGESoy5NsHMTNhvAcf7aG7(e(jtR790Ly?ua^9Uq@L+hhGS*gZ_eE{TOeu&Gk* zBkH|CW5M~qsQKcv5551%0?-`)>r?o*Qu3EBHRb zz-i}1=e)V&Td`JJce)a;^UdTr3)RA65H5SW8O}jJ*+P zZ>=jTg~F*iq{Z`yk(dsSREMi1h_{8UpJ&$!#EIbtt@&)(eonB&O0vz zxOT`iLe&^qxC&(nl)Q|HViiztOINau*wH^2`UuwPZ~pz83r*(b6~ulrW2^NBoJF0i z3sBXUUhSsE;Cl5EbdZ_nJK!b6ICj<4`OO-BdS;662^n!Zw}#dw9ELZO!`Q}W>H$hp zw?)eEf$|f!1EEWeok*Hmr$!x6Nircy`R8>xZdb>C*X`QqkeG=)Y(3F=l;b?#({HXp zR211<;Q9hsHIrg!XfnV3X^WIze^C~J=l^~9J~{9!x6o}?(LI@Sx_8i5I`hq~w?5X> zAzs>^mE!^)tdd0>1s2CE@60?xt+Hzs3e6y_xSq-=`XLBXS)JY5Eb#L3%pulD+E>LZ zQ(IsYnbO&&ApWLa*;sB*NB2=9IW{vl-fRE*p=3Z#c5&g#S@h5KeVIj`Y+Rdfk(uY4 z(1a_^>-j%K0F!z_fI)PW5>7&tv-ZabMGX>mLm33F@MWTJNVsuef&qF;*?wi_gc!p| zjr?|PW@?n3^TMW_1gU3?E^I~3h*W1UT(W8>8~>)owO%xI4ep;D?lGx{-Kk53s}41E zD_h5~0M{=d)yD}gsUxhoS-b(`x3`Ufwc2m&J0I9Ry^NWdemG%9eNVCjm8-<+>-&CT z&aCs4E=%B~f(Ru|oNf!zM$H~9-hxLBthN2jVr(ohSqlwyp@+$KUrL`)xQi5 zTGCsIq|jyHGrdbIaLP1*nmT##XIV81YU!^j!~QgL)7MWXS=S1xy1iT;`jDlh&1cf0 zoi{47TUk-&>uEh-_d!apLfL-GdY-^A#Z9~IH-mSv0V_Ul62}s#dchb*T1>}BlE+(6 zLD?Vjwi+iN+cxnR{F z(wWX()ESzRz7L_&|BWKZB!||8L&(f)JxvIQwvE6@;5DUlTJTsPtpyk#cnK8_w}Tqp ztR|lBr`tPP`ZY%CuDyouTKNoqPq^(E?eqHb1#K)S)Z@dG4B@P(&E;z8HofPzH-)+r zs?qEjVF zl<^m5@ga9R-4UeZ5o_VhqI*>mrz@escNDIoI(FStgP(*{BpSBp5Z@B)vM;82A{kkBv)lcM&qUOU9tbR#FJTeOGeB!YEL zJ@>GC9uB+g_TktIxyS^L%lxdHq#F6atWoU+;o-Jb74bHJOjH)27qkX`6#!c-ChmSF| zH^P<76WBd%uV2?~UFExF(Vvc|#j+QwhA;5B10u`F{jMSbw z78LZ(LE1u4!#^nC-~C2GY4R?g))aWh%L~cW*aubH>!{srJc1E92VW0p$l=hwPmwm{ z?G+OuV0lf|k#uJ41J!LO)#Gnkg6TU~FTF8v{%dHXj{6*#=G?c`wt5ANkCy-tX2tof z$;M{e-Z{$~T_v+kw~hc>tfusT%ozK;?M3voPakg;Eu4voI@Wv?hniFRi(k2PiLwO% zK~HYZ%7ye9+d3OFp|Z5VEm0Bi?izuBpA1*)qsj^s$_T?6VxWUG!0_rB{x1O2n#2k9 zBF~G2qDR7L7&|k#13Xew?|$(B*9z@5ASM4#;aQ+7tTo%0tLy4%KXJM@lv1<)6sa?} zJl{3AU}R5)pFQGQvF4}tlk*W<4e~ompuDEAY(MK$$6iuwr#qPFw;#2Ac@f}L8Rogi z^s6n^&9U5f0e_(l?(pOZ!<766{}*xk-t~1yZr1e{U-ENW*TI9s%SP3neI8K9dNM}? zcv&ZC4>}SV=}2YSx>L<(8tRVJy}LVu>V@KkYMMWpA|~m_>?0#l`6Yc}rWe7hh_cEt zm6mP^4pvPyZ0;uk!(6_AQ571&LfnLrCs4S)P2z75syq>8m);1_g1b)xT{ftzPwC|@ zm2qz|^-D!)O~)e3PJBW;U zRk;;L4pAE~bA6?Y#)zFCPJ)lHag=NK9n*xDO7=k;2I+%F*a~j$8)~Y?r7apQ$0nzb zH>?fisnZRU0$+esO3nEkE%g<)M4X&+)y+fDVSF;;U zH00&Ya1N}+$KB~tTyzuLFM==9Eqm58i-)ZSgZLK>M?KUUU0?I|6k+B?#~u`;Lf77b z`@oKx7CNb)`@;A2lEv}}c|Mc8_2yz#S|tPJMwBN-XWtDi?V&^OkzbB0oo@FCQeHzN zirgu8>`bn3zfAA5tq|>hck7Z98F;wIV(Iu@n|^_mvMO|gtmga`3dvV-*1p=@Em$Vw z`Z89Y_(2t4@@ zL*2^4{ncQuNtU+^ZkOKp^uL}H?(1~dZxcKIli-nzQdW`k)sh<}r8K|%u=@#l@MgAB zLxfsfl)9NdP1Tru1Ko9#q_349ZU^tWNcf@qR_GFeV62k7hNi@GERGzLObSa)6j`ju zi&C)#GS)%w#peeF#U6VW9E^CgBoFtHw8THNnB_NsTHR}BQ$^lA5OnWJCR7?s)_dC- z1TcKOjqE|X&ID7RVCi%;6S^ixgcl5~;+$Ss(`FQx26PhJMIoJmtM7YV zT>(|k+h6di;bscuH_I(h%9uj&$8ERWRGt00Kqo8}$s@ClNIp9S3%x1F#Wk}mvm z+_SoHcTh{id{oF-Qzz^L^&qN6jcU{B2 zVty?gHm55P@ymTAISqy&TZIpRrYODjOa7@ThoL(tb=#z}&-n^gU(j3z zb8TZT#`~nD6)r*GZXSbnmGz)HDAeIib-I0Osj0*ZJL@8yg`7-3qvI$qI*5Gcr%+2^qjwM)o~28#J6F0o=#5I(VlB&3$F}i&tW#@p444LI7%3l=G57C zDih-4*Ppu1NN#CqK#Kjg`NHoTQP%pgT?*9JN8B%!7iXL1GAXs z*TEj5RHrNS^M3DNYwDOJLKNGn&BMVko0a_H?iwcuIAT2Q+L+RPbSvZrmIoc#pLyV+ zR`#4dNy9}fcgD<~aa_Xw+m^_?1G^aK=*U|Ug>F~vb?sH*`2G^CcAo8yt7xXfPW(IY zw9rKmsQ-(c@|}>N%pNG<!{URhQhqiwZ+Ddz!-mk2#F3wYBw)pg*~iGTbRz z43-$lI~_=$u60tlkT?IXsr7Pc>dw-}5TN)SHE?8MX0{RlWL&a!hDf`KatbyzS$TPR z+4ogHUrV-i)lKSjtA!8;m%WVG;5%x0n03awy1~?@GoL}r@X+tdk{9jMsXShM*^-05 zcd}7}#|A6nyBH^7J%2s5{{H4uT2JcUbZZpwY1Z2sH@<7?s=xWX0>6Vnh1{Y)o+Tg^ z$avCZh}5*SDH$1av$GC0Q-rWh=-*s`Wzjs|&f6WG$P6CqH8{9$Y`eC%BRtzM=3my^ zhK9fl1c~)?8gQ$DY8BD9DaPZ3rDrK&$ zM6)z5AT;0-ew0)0ep^K;Y`OJ%<8o?;Loo+?J_+wk(=!&Qz~*8N;0OHZgUCs_~ruwDb3mS_5Y&r$`dELnZ7gDQi=*pRG^*uJ9S=XR>CAN5^AMl7 zxHzodn?65)OeMM6BHOrD)NuaFB$#*Zy#~zvNh-RxwBr84Uiz5JKeRgKCLxfK!9{y? zKmu_fz`^G%V&_3)?Zfo&DvY4cqa^cBwxq@>EwuD)f z?bpf8V*MVX#Z{1F)H!?vda&_j%Vd$wHh6xlTD@dpI8%fnXQ~JL^XPnd(dX)LOBM}k zRLt#P0r`!7GtznL-cE7Cl5oI-j7TGC+gE{x8!XZCAB>6T76$X{RV-ES>YFL@)O9Tj zy;U$4lM0}wRLQ72z2DXbheycz$2{`(js__l@2z>+YWrbj13uRjSGQB9zjR)ZwYFIQ zgc`&5OyCNW590?Z*f@47#|#;gmjZ416NaN!R;ASL(#j`;)`DgYgRzDV%XRNY*wpT> ziQ@EAaIAh6x+RACbuJjXoBf${(bDH$3&k}Z%Q04N-Rw2aO7Y&2twWf*Hedh7WvjC( zHpz74M&6(zJ0qR>hi3&}6DT+NV8eT@%i0-IfAw>9R&dLr3KFmXmP@j*d z2E=vOQj*w1ZDs+hN!i&c&E0H9m8jt5WFs{Ls=V=>grN-=o#G*-Mo9;tAFh)>l+SXm z=BBjn%1*naaU}NcnbP#eH{0`K=f8TLcwU|Sk(0z+pOx)ycN($C7+ayX8>*IlCb)S) z^x9Ihz>F&g5(Pt(*w@=6kY{#4DBGN-d&$k)!tR~V&(i8w*^B_8iEXWWNVQzUV^ZW& z3y399jmm@f0{o$^2dXssR@15fX!r^L^3nY_IG{B{$~ZO7Wn<0G?wDuwRPH+aNnu)( zvlclw5&}1AQwjZB+&bO5Tv)WR+Cf?qqup6qzCz;5k9ic{=k}?CpLP?Tnf8}U>Vyb8 z@hoZfwe_l`dh$vtX*52wDpFn`@ytxK_n3x@8%Ce zQiz^RI|c)&u5)XT^{{8#uB14^bbR|2MLPFFg9M|Tad1ckuN?LoX^KBW8Y(su{o4r<)KvomlBdTbzL zdR%V@sr$1il(lK)PGVBZmUf>{`)=%_2sw{Q>4{C=+}ztMhcS1=;zgfk}bv5^(I>w;Vdw=ci+qa?%k$rwkFq zq|z@3sj`f0JQ1L_R`)dw2Cw|_!mgVu-J6$Y(`F~_rt#5b?4Mc0-yN_(>iQxT}<;Io8@~f1NcQ(W*yfaLdVEVNvRjU}lJjDUGnv<9AT~JpCjk@B0P?6zB z1bVX?f@#ls(|Xau0}ihzZ@C)^V6Ykc1)7ye|ErS~j(5^ev*c=^EF4L#89kcGQI`)sCc@xDtHZ=12bD5Z8cO5Eq@mA{q zukc>N*TkA)WD&Ag+@D86vo9#X?JNG^hPz7@!OKxgOQ}d_tz6H~GOQv6rJ_T|n@LZE z7$Cy4^U8(>G0!Y6e>JkWJ~a`;C5ntZ^()@e)6M!*FRk^=@{!N`mAgyxFLpeumb5rx zifSix^xSPAHs;Xt67SNQ=ui|FWpH(#BzX`2&iLoPSR+<4KRD{HL!8G6R&hat1ZcM& z(N|nttg5OCZ)u5(yPq#r8lTTCeD7?9elGBFud4#ckKi^G%*y%yG+*~Y z!SiM}1|j9P(YUSZuUF%P8{E{Dx)}KJkCzkBRD*CYY|o$U``*_614tu{P}xkul^j-0 z=+IbPSFDzenD-q!WS=w5gbC6Wc8MtZJYueo*K-|+t`?B%8UZK7VoL7- zp{Uc3GTeM9SJkZRBi_vO-B$ltc1*LXr5j0#$HyT`A<}h5-;im)bq^m?Q&SBM4KuT) z0`0;TCtkc{Zsf~k`)Hsm<6E=Pcv!Hxnj0ilfK;T+({Nn~#1cB)FW&`d|FOZra-fUG zLTq$?2R@vS&mulMKPkO@dCHCC#Pb9@&`ilz1wM<*I9+Na%$@*}%tqg%9UxMr-nx#( zV0s7cH}1|PB>Z~mb{g-ZV_*@@0w>kk2HOa7^6|Woc2vjxlbssC~o*Iw+dLc{%OEk+LtQUH2 z)#!Nw4ODB&y0l(Jt<@lSJ}8(VHkoWw(2auc$h=EU(tC5kn57ezy&O*_SUW0`McDc0 zv_%v&UqWGzvb`+nlsC9)bS_?GHL<`kHRdr;h_6`luDQ90Ir=$hXUHsAVM&e<68A=W z!UHz_cJl@s21x*n=b+k7j^2fzBt)@lrolT<6hCBu+TO_^8+*xArVO)XOsjKZ_s%ho zNePD_Z^x%pmRQl~s-n-KO6)y@S2WUHRg9Hwc&BvR@?aZt4>DoD@woaUwKerpA2l5b zzOB)GYy=BoDl$YciJQKQ-z>`6*XXKcU`yi|$;A$Ywz`&;f9_s3hr1-TiWi5xsjhG> z{Ma)Xk0j4#k!`C@W8m$0tXaORvEsbtkqqkQ=1EVm5wKH_=1{NQyJ&AO0@UHDH_6$Y z;9L_l+Emu{OTB=5)#jszdyYb#M?5LY?*(SfaSM0F1c&quW(Bf%i=>Q z9$yA!2KV~XY^OFN3ucSEN^%WACU)+C%dp@6f;;pcn=i#&S-n?juhvL*Cnd*rL+j!~ zXVKZQ1a>7Zk4iV=f-VyfboaJavMscGC?3R3eRv==rWyj&tKZWr+z6kxOAfqKbknn5 zU03*twn(ls+XK?-ms7)-g%KBBs>pTh2)Rx`TC@wJly1C-RNXe!O#JI{if&_aLUW#(uW&*6 znpx@D#8)HwBX0+vUO*=5Jvayb&HjQQQbjYqM1qrFln@(jN^x$aSJo&lzPe=x6Q z)lzd%kQTd1(Yw^Kk&%`{k5-WNd{sXC8qZCD4FBi=j1UtJhEG?n2_nZH@{!`_M^V(X zYW%zsW?%u37VX{CIux7@k563_eYhkNGNNT(?y(>F`^`YdQ2UGZ{y z=Aij!M(RrbO7QNveaREBT`Er^cew}jZVsU4YlDn+TV#<(Ytc>K9xo>>6xN+jZvCin zmOW}p-5w@yw@rLy`ExTvf|`1sS`?SjTE0#S-XdvH>3Qv|>KwJ$k@wWjOGK>gmrJjL z;q}+-*IM;Ypzs3H9dB13nDFh1h89EZsXR^z%>pwKV7{lT66qKm8OxE5;_9v6jx<+^ z2XSa~?DDO*7sRq!n}o&IeFI0RwNUC83AJ+%Y^2W3*aO8QWQZcgvtF-vCn|S3i?%XD zN%8jCQrAxBqgV=V#R)jhkoUOUf1#|S_ zhG}csvIkYi?%VGRp-!5~LWyokQ$Za_tMDWDLz(+NnRB;GA`X@kYdA^4xsADl3kjdI4ihgU zTv8;~(xB`ran4j#rQPiNZP;~Y9N&(HzAdz_t*y1Up0d{^GCuG5^lqeGeK3R<&oNnJ zi$*>QZ~YWEsftl$43IJvl`rs9Q|`G|&D{9mqHvmLrn2b;=R?n1lSk(beJ?dD z^U^Ju3xF}B{j>v4V2of(8=-L04&3sxt#iUrO*o)&^!Ijwf2pGQ*EG~2AE4;R+7gS8 z;=&pI4qkL#4q!NXz33@Je0ntB*>AqYvp->((Ri|fxTr!hQEk8< zr$3XaFE=;0YUYa%EV~t`cfo_iT{3lr4S&8tE3d=rn0F7K5r)_cLUeskaNm|n{>MC& z>}}_IPR=Wr9z6Of?}tn_wJ8Ba)WTOrj)khZTln)Oo3bO#V>Bu7bD^Q@>6!m-$h)D$ z13edEY02Iakho`@kyBd2MUGT6iXeQ9L_}DiD=`gJ#xqr=v)|^-W`Z&&JdSoS&qHnj zvj4g4YcRD;Vg%s%fJQqyI@V0#`A4@rgc|EDmC1{7%iKN@r9k{VqII0LZ5m%*uq;It zCkM9sRn`30GFyc2cohXC?0%cV=6(JbqqD^f zc*x@E>7?=5knR&gQ&QP+-o#wgxKCXkvj^r~ocXJtl739{xtjo!;N6TTA9!i;l2Seg zT)ox$*p2bB#m*QeX+Y2qNY&c&2Brm;4fLOTSUac26DozZwP{?9g5aV!i!=UA2;zty zC$=wEXV#KQLE8yi_*ZO{$u9v%d&)(;fa#mvb$-O>qqqR?ZQ6hZo6_RL`^wJsHihuvkgRso<+AP=DxL=^A`$bZIC*l!F#LU%E;fV9`wnTFgVu(GkC%Pysz%=&CnlLUu) zkLW|szBQ8=Bk#a@aIZu%Qj9I1wysK+Vn!n#=QK<$Zj(bn7Lc&Y#)blT$5c9zgP2X6 zJ~*bvJo9#bE)DQjFtm8^e5 ziXJpjxQOW#jIJ&1?@KbITU2AS@^jkd(M*LodF+B}d>BJT%#BeD37V((HO@7>0evEq z?)lNTlwZ+&L%b4swNJo#He6YgCC$x8hf3joosI}zBbY%`S^uRy6&jSom&o++XSM6M zSRE~OGCBq$w)^c@3=nG_M!#Ab8=jwaW*Y-b5Qx;sE*%jcdnNp*lC9R&p^=FK2F<#p zgP1{H%fF$?{^h-@8FoM9UaLWn*eqCkPIQ2A&Aza>EXYzTRpezdwfM@8ySVGYaRI9o ze6KY$Oad~>TcEVYTxKN=uoRe0{&%ad0eu4y;eZS5&qIJ%lM%TV*dillIOb(lPW zt)BUyE}qmS-#6{sCuRr2cR}K)h`KIWX@A?`0afAfnxFEJ&?FCLhs<{s-I2qVR#z^D4B+m0_jXI!%`lx0X2Qh^ zk5%M2>>c?vfO@2_Y7T^Bnqin_aAkCdTKSn zP}o8%Lbbz=U9e#7L%`CR^JgCjjIuaiZ5%eoZ+oZV8A5fk?;hOAqw0Hl>8p|X1zRDp zBZqA=KI?0#n4>%Ieg7$nlc^;m;Hmq<|4A&BcqSuMDnN{tOW@G9B|9KV%$DWkYqElj z|MvX%c7^BI+4ujMe3b(0Ea<-yVFlm@#xbKK_4Uh+r&}=?)JDojHDle4l9d<>w`*q+s>FTS}iy5SoZ*?Ak-r z!_yO|z7%-YT>Og;IZgj_{ZcVG9M1BS!}>9k7%UZ?7VuF{B3$VEO; zajdG$H&vWHT$8%i=2)~j61g`U&i+&_5goYdCbe^9CLCsdw+c0|7%wUk-vmeg!N=s=`XG7NiW!!?<% z#ja^1=sd_UcR<44J-x%|kRKUqTUq8Z&+Z`PUr?^3Qy%OGS){%TO; zP+V9zRc6}Jb0MhB&(C-B@^T?(8o?&;Rbg_o7#kN;Zo{D)ius%A4wL<6m>ccj%F=ev zIj?F+*OOG0XOqevcxU=q%JDaYA7C5o>=UNB^lc40M>6$yH&gYWz#+W7ypuJ`95Ih8 zuci%~aX21(^XbQeR29&Fgh|vOk*bJ*=O9RZevXxHoKpl#y$U@}oNDK5-TRTxaE5uX z9LD}Kw|FWI&h&z z`6(cWcA~2LdoF<*z>SDP>GM4LIp00px9vHSOw)13GZTTr1A@SpfZHdx>u}@vgZB3J zoSdA_&Q9$@oq>7Cq>l=1w!jpF-`>EHLz~aG_S}%_O+PKa7%nw9(C|ZV#^A0#26RS$ zslb%aeHMc|nted8!;^i8C%n?6M!>2LZ1ZL$aighYrXh%1&8F%YXfbyA0F5@BG0__c z_89@^qV(i_C{#-JQ*SKd2OJhNmUk-g-Fmx2)ugmR{qW&K;ls!~cYZ#{0}K{>=J;%m ziA~fNt=Ry&9@qbcQs960e*q+249XiNu_d-|J?C!}`ztK>k!n~RyS-hn3-H%Ag;x1K zf$x2SboaBTHqPn|mvD2bXqUeY0?4g&#ti(;1_R1_h03aEzR&tQ2|Icb@`WX}dc0|= z?R7;}f~wVO3XJH^cxRfHUGe?O)P}<1NKJAC=25ts)|8Ii81xRQ4tmzN+*?Enhhq|b>DtMXn zVKKAm2Il1)8nqlZpDr0?jB9=w6nQRhbArreAY)`BR0}4paY;hbzkr@wc-W){dWol~ zZ0gNG>aF4rjxGd&4##(A6cYyM3;^bf4JhxYk3Toqct3qm>1q3MeIYHjZ*qsGFr12q z_b09eCX|29&T5w#o0oDGltcCN4Ouf0X~Bg0hN3mmNH8cI&Ec*O=ZI1~RMUj|>5{Q` z6C4uu8)hsYbMFcEHje7LrsSMdN0;`BawWJu%j78-Zb%i40?N?osSP&e_tm9cRdtlF z#^4q<)2ycck^_0@(y{H z$uCfd;a=Z@hK4wpf^8~X(t_j5ib zz>pI;Hrhg?Mu`_`LYhk4fX?jiu~d&JfbZ+ESmjIctQwnYaEX*reEqXmDIw|LS~9U1 zEg7nj{pzY{D2I-JT#E~PQ79O?u4*WsKf(zW+f44)zg=jo z;Q9RI$hvPW(Ahc^T$(aKp4e)BkCG;Fe;9@(TKViO8y)3_r|0MQbqaz*QGf<}%*1u5 zGx3@?N;IT6WK5zkdy~5E0%DrGZUds0SCrw?!W-yinmOFZ9A#= zboJ#fX+~o{i2-HW$%^SpVA&#};etPdC=a!kSi^ECEv!V9{9i`OXT){ho+b})1&bxVQNf^MMiig*@6UA(g$Sq z!GV;#`3F7{`cMy-hJM4mDMso{(nITSDw?Tz>>DY)&eQJPCVkFjX__{RzQ3r8ck>U5 zBf72G>ij{HR>}sGW)+iJ-XF*9CSQ=*y{4vR(Uu6A>Hye2hD0|B9|uEAzsN{cr9AqU zqRB7MamA(OJ$a@dcSRZ^WS&vP65Nufj09|#6d?^lTQu%aQizKqN^Z@gQI}bG%>l~p+RBWZXk^Wa8(&*v=+?oLt!!JoGxyiR-dxu{Scg? z=Tp`9Q1BZ2(e_P0=)EBCd;uLcEZ(rl0nGLrZ4Ey!ynMR0Fp+^A+|zJZpceQFJP7(+ ziK;0=cl2B?SO#?WZWvbF1vu}w|BbS9JWX%*nM|HtjajL5x!~uf8O#n~UwyVmsHz#i zfP75}z)|{M{oOIp_xgnl3`)2SL_)paf0%9kv%R1HvD`Y3>a;^!E;ThO^FSVwU5Nu` zsw1O61o$S)hG8Am{QsrDM!0k`(7!S+U_q~ExW_eGc1g3u!A4_hLzJ+2OWD8d%#3wy z+b`+gtJ`(=^vsa-5fT-J&eXe;NuO@zW%!FddGZ1bu6M`jB!Ecn0XYlNHfRBK@qSop zbmq0Rt}$bYWHFMmZZ`&X|2Rh`p6-{neo8OD@YN{H!6k3*mpdhaQ<9T1b!R_|q5!ex zQ3Afn`BWl7`OEN zFvLi1{uEl4PIs8Fg?4O|KMybhL|$DRS9dyMtP7uzYachAuFZG`jOZEFY6|LQWEeYQ z9lk(ID`uE_y>NS{zxv#mHTS{V!C*}jE|tou)n7c<$DiU1#Tv`XoXyN^u81Jm=k%oS zr)Y0`n3~GvO67EzaoM=cxT(K&fli@?^sxwFcy8Ji35=%ZzIfb8{^UGtUG>4>wJv^E zJ{NnJ<0|5V%>b42hi@P2#CnQ#Eh}_bI`t7vjuZ=q0(6_X$iltMB8AdV>z8LrB{Q|l zGsL;fkL0xTXp*@+ht! zlPy)0;VelbKA;+x27cec&7sSFk*A?WiP=d)N`MxccowgO^RaB1Nlt#wtlDt?g!rPF zGj&^AK1jhHN|9#ZS6}}Eon*@uRhL|lIX6@HoKutf7NtdNuOHRKzcE*L?%V;4Dz;k< zN;;NbzjoI|G_%;GIm{G|T>;uBmJiXCI$FB%%c~7SDGCmXV})kN>&>a8B*l&taT>lC zdMEmMe1bORmr9%T@8uEXMHCe!1fhEU*7S5g4P?4Gf_C z><>>CrPTYOSEArHOkWfM|LTE!H$c+jem3ng(DrnYR9}>Rt?TCRedf4_W!{mu4`M|c zgZIZJ8@~Lhbq`kvsEU((yPP1m&Q^i6`6o-mH9R`I*=S)dG}UiIxJ9Xh&CJWLgu6eH zCGuHU`2f#fJ_JTdG1Q8rmwvl*jE?jXbAcyopgU1bKURFMW}a7U|^Y3%+ir)4b!yByl}6lY3h= zhxqC@AeL^h10)SdUirt#98lnf*(z&92P{ z7&z6mdJavNn+K9rNsl*< zni{Ft_M0sn?$jY})D76z=KfGoCTWrLrTY{NeTP)0ff&h#CvQJ-1N!JvgJ$G55QZBfyWVc=?JLLi+ zr^0cr3?ZCCw9DPLZ$#2be+Q14@_1jASrDVz(Fu6ItVA|w%eVRj{T5rnc#9=KS6K~C z-W6tDxHX%e%y{;xoyZD`gM5Uo(PAS31gN3!Fs-fJ5(NX?2Kqx6MY%%xtiqv#YF>>*sk^%2MvH-nUm>-j{nO&0 zqajZvZp{UxWM7xR(qS1?gEE_pXkNd|LLVn=MQwUs!UGr60m^rW`t4f46|hS1s4jI3 z2iF!;tu88+p~9@AH*|e931WJQ~L8_O17TAG= z^M+;QFHH*CZY`QAXC>eR5z6x9iz?t|06TQ&UKgJL2!e|W9`FS zubP0_7s7t8GJhFXt9KR^akpwI*LFKy4JcJ2h3sy+}-7zItpCp&JcFLp_yX_ zX*dYK-Tfir@CDGwfX?0MQkQw2h6VnK}ALzDCs)%tQGc|L$@fsq)_a_*m6r zwSo7F!`LYbkTpEXYwNL_H7%@gsc#r8a!0_A1cg{~q;0BgOX zhJ1y`d4?BQDbAGw!<>Ib=^#L=g_GG&66mnoXlO7?CVC)3V7PL!8wu$M3Gd1(0I>eD z!3H>xmDPRJn;9-~3I*pGu$ha{q*pN=U&xYw3W)Kkj#prD{h`D;No$`yjwC6>69w9N z18&*0UjhV`$T2qmG6o3r-)pXra8F4 z@z@{YkqJZJ8!b;_^%`}$2CpoaxvT5KbhjHID`tsUEypd@o&u@Gj6CCNoxiyN)MG7j zq~(Wr z+KJjfx6O+mQob)=5SCC8m{4FA>)~W22|4Td|jK~^OOv$*Pe_5t;epO_?Be1OoX zbgcvaL=fAX=+67BFX*qM2$5UNW?)h4Hz$;zfULL6O$G#pU%8io>EXYVQ;Qct#8NmV z?M50GsKAS-LV(i&Wad5POH6jO;xCHF(5E(Gx-a~BOzOLByCqF%Ls?Ys@P~tKfRWmXnHPDCle$L9q zPc$ME@z!Ocf!4Ft$K}T<(Uui1#bIvxV%DO-fEPSm*J_C?iFa09_va_+{3I!euq2B{yn6Vjop zoxD;sa98=M=u_+#&es%WJ+|UFJH6BBo}^kb@Re0w+S~PnFxn^}3M7p0kgE73)hnp; z>T=r`TOlR;bAs#M96Hx(2yna%9SNsrw z0KGRwIIeA%#o}N^!E)}iXIBOUx4Ggm1(`V9XJ4Ga-7=)R!9{&AvnhR6{E*OJbB+pj zd{_oJ*!EH0ySEP*yzIm%Fl34r6Eb;Mri@P)sN5*^C6rSqvNwz^+OEnRr5Mc8obbZo zK7!}>k^T}0{J2-R_vf?7%loFhOHEG>Mq_IH`DHJz&<@ylC+4{^EsWfb3?O8_wHHc( zYq0BUDW4X>oX958bN$jp;5N>4)h|kiZm-l#m6CZu) zqEDR2E*UDNt9>lY;5R>YZi#3XKt$t7PukuxHLWlKSLi7*DXB&~ZD!47KIb(~P@Xy` z6uJH>c!lViDEe)ODvG#CmFu{O@Ci6?B9H??&xgSu0mzE~_y>J$$d#FQ?N3P1yBB9= zS@wsq(1l?Ua9X|g*R+8z`ND(f=W#f0Z)t9pSJ>9&1MWeG1pwOxtYn4&r{{ATFf3tH zGo=dr_A5039&4-E3x6MArQ{iKcmsA3b7vPk@>f#dy#a-}lUc$BVp9rm`#GbpEIoMu zd{mb#XCXptfpu1f+SFZu6#NOCgP*3$!U> zZ^ApucnD6#R#;nSWo4zRVKdJ6^5%%=gs~E%i_eF^G3nvA_3av?_e!Q^I@Ds`Xn}$f zFRX2q6c1tn-t!IoEwHo%c-4Qc3j41CK>xq&vHo);*8lfi{%e*W|G)lTJTrlA@tv5H zr8sp~$lR5Y?G$kS)DQ2sJ9@7sXRcHFV}KnL|A8~uas~vbH#Z{H#XSlzmrnquqaTu)!S%sh~r%qN@W9qM4Ery9-Zp7@yi z`y*w$VQ1v46Mko4wJDgM(39AB4@;jNw_DFy-P%SS1!17cSa6sHO!x+@@QfM#a}8r( z5Z~|t{KGS^rpsTBC$4QGxo^(6ju+dVVGi}%@Ht(%$B6Avd(kz%8b-Vh()aX?Oj-a2?@CQbN)kk3{`95d(JYad zl8VbDVKrv`aiy7ey1zW_fZ7)Ny?XU^!g~viDs=w8Yg%l65 zb@hB9v*Y#L@MGzE-ZLo`Blc4b zqFE<~9cH#7d{UC4m38G%kdI;i9Qfs;nuvyWYJ)r_b-rO!_Tli9_UcoUrM@3GhE46s zDSZA=H;gQYWtC$1&NI_SHSC)vKRTN1p%4!Pu~hoRs84}8_h}|C7n9PPZdbzTmr^o{ zV0GMyrL5%&J_ZIS30?IoU965@RA3FF?NpOz^w|36!fdjf6haE($!yPk1Qe^eIic%j zL2Z)e2G65z&M>ozJ`)mU=aPpNY0f^(jJ&udZHmTRygd85$`1E*yZcUU^UlsRL*j-r zn^XHg=CnSb8M_RupYH`N#93t=>NzU7cIZWv!s%(U$K>kK`iRTdOQ#Pkux8iF&xXm# zETc(DBd*E?UhSP!o|zk1e?Ol3;ASok?vIbGsz{k$Zit90- z+rds$q$sc&)vnv=;GiA{URAzD0FvOFIlaxGZWxai`MgJEu|in%T`ICYq~2wo9?NVQDoqu?e$b{(ZpYNSgzj)|CDyz(vr>W zB5#K<02Z`?X&7yL_L|7tYwGvQw{_f{%w)X1_cpqNH<;ckJq5w#wE*Gi0k1uG)E{QPZYu?cOM)%#Q`&Fa;Wpv<(iX12 z;wkbX9c-KU*!A;_DJEy^@J5p-Jq}zVVi0QPyRW*_7B+TS<3@nBruGbqpO0TPbP?yB z&$f>8Q3GmjXGr^;I*nR$Lo34&_QeEK`bt5m{gU0~uzGgY?b5p!8(ls>z*Osog;$XK z)g)XADiCI43#=DEPcw?6Q|D2?r9G6h@nE|P*}w5cZ@Rp9wf@s+@aWr8j`E;8*y1TO z`VJ55M;_5&dB12Idto7w>(sTw>ru0G(oaQH5gqp&!bd~}1Kycdo3CC?wgsQ~-FvU1 zI7MgkbVF*|X#!X-H5o7wUx)ZQNPBk=Gt21DbYV#J>1?6zs;OGH)C)%*I*au~NrT6npVHuD!x~x0-|fPcHZu!PSmv#;8s1 znd2OA8K`m9s@zJ~yo{AP0tswdPfxfl zaC_x;v|+&a-bMXxRC^BF@QpT816xJ##P+mcv!vBnv}GyyUJarypxy1c93fV)d$U51 zD@Dlu5rFBb^ba#^&bw95-c3{j4(fAgBpzH@Sy^O+p!~TL`=8V^{|Z6fev9}Xx*PNy zu#%h(+W6D>LDCveVW0iQzyE0o`LAB*Z`X-`cxxvjU=b}6bpiF96tbSulatFBPdB+> zKp`z}$AJS}dwJkZ?o-v4WF&G^J>Xa~Ab`k7JnR4%aR3cps*UU4aH1Iptn^zmCN9A5 th8GcFI4=>2ZxckafFG`2e5#i(MOa`Cd&fT?0*_o$l2el{k$Ls!e*Rlz%MPGqi+X1{elaF6uk^SG+SN>b{|Q*RRevQu6(Z{e#}GyM{p# z<7`%$3r{aosX-OQ$sdXLIDZ$A0AOLLM{lVE={!4}tuKAl|N8bV{9BoV1yH`TyhLE)hJ)St*ekPcB4j#<|_d%=S()Y z?@Bkp?O@&>T<410z#J+^|?JmBH;-=AA zIzNpCYB{aCDEJoH!aY{lQb$di3k@*g&ak3<-%o+;dCr%WTifsyuIL4DLxc{HTwn$T zXWFEX&!JoBTz%!8yZQPzTNZwLUIX33OU~)!mgcouz3CvL%}HWkSWS!h;#mycN%~B7 zDFc9aP%#hwXWkUy1_j^`XhGS^nI%g zU7JizR18rK6f^%mYiw^C0Fh#fc(w5DXT{1v`SpE_V~UV4$T9S$0=lE(C<8D?`C-R* zjSf;fB%H2tdwQi=@8oN;7zp|819`W%MF)U~jEB?VkQr2oBaMKB&OZRm#GYCaO(u|I_ zPxD}Hy%?oy@DlQ8`ei=Z7k1dM&$CCpx#tq|IGzbaeT1)e*!bp-uPF%GrE4LedkZ*ZNZLvB=LH~=(z#_)9lp{kTn>#F+Pv(6UyNku* z=j4w0H8P3m(LR~lv}Z&BeJRri3Se|I$tw3#Vu*?MPnwKNdzV}&R>gC(LWf0kd^v|9 z->UN!YtBQwHb(Mrv_B9#DnNo{zL7*#lZAdfrC*r2`1w_pF559(zD`ClG_;de4y>g+ zrbmLZrja@3>mO&DCRsP`cIRq2SZ;*ZrESw@Dm~-AWknJ-HwV=@v=)N8>Pu?eKS>F{ z^=rtgdHHc6=7U4o)yX)swPcMU`!tc7@3`lhN{X3|O;Olh@MXCXLH6(1uhEw>`NmmR zZi&D2LJYZLMoc!e6&mfpB|Q@wjccTc)yDF|7AF*b_+-aYl(A@oj%r#2bQ1i{^UONN zt*Oj=DNk_ZBYv4f75G;Dd6v$F{N6Z(gC<)hAKm={E{K9~v}-ixtogojdu}=wNae4S zI!c^6Z;fCo^_FU`eMvLBhtM_y^Jb8`otE)iA^KI}x7q879I(Mt!iDD4kpTF8P=_de zqR;tm3K0j`Grs^h0EUD5Jv{tBZw^HKIPjJa`2AI;qWP!3=?v**u{`>ME9e1zb7>&_c$*1bO7K6&Athi8>|iKWXv= z&O)re2jLqg@HBtAot*rZ5Ec)7WZH|rqY^!@qXoHzacBbHl%L7Fuj2rEb4e-hRvr<8>ZF`R12i4fd6}7qD+- z-S=JEbm)UL-har!OC=(0O#VPZgt~lpehR&S$3N*Pm0 z4;y+URhhY~W=5R}3BSXDUWJZ{q6`nv`OXI{WJEyF2;vC&9Jx(*1wz@9uQhejJqiz7fEcByV3O=$!hp{MiP<4ucox*7AeZ;*5mc| zgZ$5$kE8uTYyAcEXd*PW_Bdo7s;;BTSfFWMg|U#)3(Wf2SYEz|;;;?5_1m1NauSa( zML2h3*OG5{9Omcdzs%GSUA8nGjZN!liF%w*WO239h}EhJK)t`xWsQ$J(REVv4}WZQ zS@St1bhl~9;tiQ65+sOp8_OZNOwj1N*CWa`W?s!wv!~<reP@m5;lNWSA&=c;Cs+l^&tkE7aW?SM!r%a$id6D-+ zOKs8b2g`PvT;#l34~P|D#qW*8iHswRW9wPOeF7_lcblPxf0v)C$$6;s*U3_**gmGJ zg@{R}#DVL}%R#qHa$Y>BAXaca1J>!!jAAu4hPkXES{EeHM6IwR*w}+sUeVp(JV-c- zYMVJyaW0p-Ou-Mf3p`#!VI4mH(V} zaEi@buUBAK?0ipq8`ZJ8*{hAQjMSuby)D)|FjUx?l#_M&{X3h_(xFrn0zSz2usvE` zZLUVvxqtg}59PQud4HCXLSP!iGgnSy>4jO0Ca9X3NromGM6|>2!5a}^g}|L>3%TsE z@8`AMe!bu@VM2b-Od})Q)KIV3r>lHBk3?|uKLsFR51`F7hPO8XqS8PQC}gX70Bj!b zy1*T%1$OE6J1clenHa@Abmg72Wk2lQ90M02XccJu1;0C+UzO z1dwXFOBti2vOGTlPeUxV;LId z(%Hjcf~BPqwr2#FqXu@p+-x<>zU1OdWF0zTEd5&|PPw0D!k5oTqY0m==p?OZ36!R) zb7F*IWzYVC}&jOl?k^)0XOLSHESz;D)uD+Zp z6R8^GvycFN@31BGEg7EF4xl_s%H>(1Q|_4+!~BCjcXI%UQsbmn{?pe%RuK)SN6p#b zIk>xXql_4b_qt(7Qapjy-6tSg&q%#`?1z{uP{DwjPqqUHp0g|%2o?$kfh)v)Y}iiH z+LNPXCbGoGcYcIB_<}y~q9d5|3)BS{Wy=xYGbsqs2UFu6^f-gWI{0X}H*r_R+U-r< z?M99-q2WPl4!@6I#Ea%KosjlfZf^c`>(F7E*{3b|Hp|nreHxV-)zA1@1q8zDt%qmg zS8}xaNQggWeAL>2t0=~55^2FE=yxk+$9zo zF@RUstG%^bM0C7Y0V7g7D?0lSwI|~j!SL9rmAkF<^EX*!xuSpjg86sRVYP6 zGqLlfx`5xrBVT%W`9^&!VNfKU9T6p3!k~VN7XaH)yzblLO7MeoS3memwzE7u>IIys zW1-X0+2blJGyR82M=dX~+0APBzK=|c($OzL7TIwNwXp3f^`}dmU$P0PnQSdW`YBb9 zMH$of;3{|3EVLsd{W3>6Fztk#+Yj%yk?fU>hysar_giY*3l1N^X$#bEFxkc66Uss17plgyZ;eGg*}*(D2I_h93`^KWjyhV`MckOE*(jA7o-O2I8xBGmC` zE2%(r<%pr?7}az6x@5sz#{rV=uMl>hY89Jd$S%N zphy?0vFl=wA(4fvqS)OO-%@d>toPmwkeapM$^L>uSiKax`ul5YSy2dhzxC!v z(OqiG!o6!Jq%@F#C_3ij@slS{qU6WUwr3L!vi6K?a%xL-H%sVFqtxbJM`wTjTwn($ zVQiO%67o74P^6?AzLKxkg(0(|LsL0LOX~bAs<+Mi#=}+B)D7Hk2KfTfcYw&gY~QCoOs5&Ee9H* z;c(_)SgbOBp^pd%bdu@1f{{9Ih(9#c{H#@Brt{?6Xl(8Xo5>jjnKvy#q^1N?_uLb=SKZeI5+pi{j#|28v%tz7ZHKitBwg z(ZQI+)QF^&*798~CI~Jf7L{RECV~=0M#em;p%;M98)%U4rDTY7dFrH4)0|jr!1RHf zwIkuXuzRcF$({*l^-M(nMf)U#!ZSsgC^2w+H{&7}$5n{fRe??3S_k!AEnCQOw&+I6C!C3>$TZMwB8gKqRGNE-@B z0eyL_iYjsrA|}?*GB2`qy^ve_J~|w_N-Nsl(Ik(~JE1-ut(ada>cod>i;SD~}G-aD2y*3aCT&7!UibK00qiEl6aoA}U^5+F3@ zE_D6KCs{p#PK2H_zWv~6X4H^w8D}0R%nWL_Pf@oDH@B7Gn|V7bBy4l;+EHml^24Y2 zAgi;Jj*<1KT_>B6;rV#fhD?lXgm(TKAgx%jQGLCjCD)II|JGvkmpQ9BP-js0)n0E# zW0+OV&OzEqZj+z=>=&0Frmnxv?79ZPF_5zPtW1!91=d2wv7_(UxOpP1V#W|-W?)!9 z%cEJh_0!VcrZxvv3(RZD^^(HIw;xNd0ZB8eS0rM#fAX&+oICNEh_?DqTqZ~AL^P%` zYc`-!*$2!8^gcVFT50ZDK@FBGT*T7#cqPw6MSRe4b2W{t`QY1fURj8Em}N+ZV7sbE zavrM*OS2GNgI(jWTJZ3w40il1{)A1xGOO)bOLhv4NVR0mO>$juc?!cb{Njkc@l~3V z1yf@I_lo3Ec_|{BhvLN(4|FO|7e%#-ly`2m9LY)A6}(t#YwQDMyZ42JY9B9A<9dAC z|HvxEcboH=LHYLp20Wu!dSk2%*p%N6n~x7ln`SflQ0l*v>(oUNuW7}if8Fuk3NT3~ z`wEaDS(P){SJEg0`GhS~ZYxaq)>Nc^`_J?uTL|-(SZ{#IA9-f)^JDhN5@w-veggg$ zA=0A4ZmERg&r}O<#;R{a+#8m{UcHZPS~*BjcYGkID!K3N(nu?)*-(AymGbhsH#}4) zEcjdF@bHRgoO!{XO{2OfUs;8r#KnmZ>V`H=^BHN0w0%sdL7v*Y_6Of}%>wtcl`#g( ztt2h${yL`eR1s5!pkz^C8t5@XTyC60XCwbjzQnsohbe}hLb>h@S|}~o+d^xAeS{{E zRdmAJ2Pl-Zd7}#vZ-H>WJ$;+JI=5oIb5w`+wVs$n@027+lY+Z~83vYU`zEfc-;)8J zJ~SSi9NKl3jbs@6m9v{O95at{!iX6hy3B__{6I|(AulzYk@dhO{WZE4^pD5MQd7M2 zU(PIh0wrgLMUV+4p-`F=r52w}7Jjax~eyF-<(C0Gx+*zy~ot%p90EEEoWlC zyu=0{~0TW{dE;r~?iwH9IVzobt8U)AGEq&p~W4%IpnytfVdpM`!LABWU{Gh4V_9jaxPQKu4&baGW}4)D8UrxqveB!@o_aB zyx-~ynKe7azog*@Qk#xFT*$J^aMrWkSqo`orJ&!mX>AIGll=aAi5$==bQmiU&Q^rd zNd9QqPGfsXWO03z1vmLIpzj(Jaqp70MwD)wXA0h^?0y9V!Y(?yVu7cP7DdW`wN31f z)kd*B5gkv^h$m^8k3L3i5P5oHbdlS2eRKzdR4}uRd4g5y=O;pj53=J(!g6Y1pJWW# zy^BZj%da`E(67Ah%hzZvpJy$YfQO8XIO)VJmHdBI0CF*_SIl|_1YA9wW=Zm8JkMzc zqhcEQUw#g9(Xp_wxE@%oB+Hv=yj>Kq>>PaFxDpPd`>|LX9h~}=why${K?4ibNsC5G zJbe#vviJ$hxfxx$mUcNiS6hR+X&fuQ$2ELAwl=D#6UYX_pgf5TC4TvWnDnH23k%?a zEQ6E{`ar}DRasASA;=PJyVIuaF0i@v^AzS@yoE5fxukVmS-D%5XC$rjZfF=ebGWH6{X1eZTw&fGaEtE zNs5JX=W}W0QKmVLojQ6EXB#-#ihV^X*zqc>h|&#(KG7;N@sSduLu>8eUy2Z-pG7|t zr!i82N^GC6kpNo-YS)9mKB}tm*&xz!mqQByu6i3ijX;Kmmvv16J(6ODF((9(_k%>{ z8sUQzLqs*gpHXaCt>4^kJ;#81a#?a+vPRn97-{n-1=Sm2LxjQUe%OXEFU ztdxtG+B>WPm|F8Cj&m6wU*5t*>`@|GJty;zqHa>*dt-FZDXA+KF7`xOi0_`wkBu%h z__Q}+Yu%SV`xG)>Unq#o`>oYNiBck|rtI@h1{(FY%D7N+G4bz@sj$zu>QbQ-XB0zh zFgwm*PZq@mD%K3HCW@QXE%l}7xEH(MSWei;JXs;s~g% z9M1%qkaNSIRcI@G;SpdUJ*TT~_y89_&v`AOdAS zD{*xd5@?J)=_f@#5M@9r6JwtY}&qs`l!=~u@xD>_Byj5*!6POLA)8TDrh5l%8dtQOvyNlr> z<@O$k0~eoQAaa9|sp9lZeotu1yZDXY5nUb>X8z*v1-5ROtkWa0Sx4kkVI3B#9s{Hn z_pVPY52fpd9#JzvbtZVg>nMv$-D7W4ZNzTeQz`#;;FO87gjdqd_u`4ZzV`NbE#tpQ z?vne4J#ehsR@GQohTl1u0b4k(? z^Q7OS{pnu68v6CC{VN6uZ!OT}0Nc3Mi6|3;ZlCUVgD@Hzm-Ma77aI2mSP-2O!cOfU zK~|r81*MXH4FQ`lDm{TN6@EIa;XhO_XP}0(GHD5iu}jtFhNx%)w`2>^vpt~&9pz*b zDH+k?fZ#KMJRX-^xSunRAFzs@M__$%wmM#eCyV8+xTgZR=ZajM1Zg2100@+Zq|u4= zl!vP)sd{)beG6l>7V+ty+g9b8$YB(@y-;Qr;^q;-MWhn?BTi0nEfJ;J5YMj1RSc*jC6LW_TiHE% zkP$6O-+q$}CiUrTou>=h$PNis7+(&un(K75ZO1@aCAbCbUicYp+DQ@9)AMsXIWj2f zij8KTHyVK%HQD91xF$TzW`{k`JRH4meSjJ`=IRb8?CsOoBY;$D9Oo}|MpJaTW>(&3 zm(La!ak8D=r9V%=>RXt&*8<osh6z#9?EG}a%LqAsUp>n0#>T6(+6 zWJ(W*a3bU6yt(F+^6`+?pE`&AKMKQ69Q)ciSyo7i%kH*>eHsOjKR$~75a9>?^HYyGPElr^5uk>0mG8tq5LcG4Ru( z2F4oSS{Ab5qNf)yOGBas#jL%_g)83v&YNWu;tMyXp1G&80AhALj8A~GflI&}8C=-z^!#zG;}7O4<_eTwL;A-L*0W@dzX+nw zGR3r!^C&RKH8SFT$~*;!&P0ybz9EQ_;d6lpzw}d5{#te7*ptzTZ(`fWQ69-ySq*_| zws5b@_>9@#eX&`wxRs*(SyMBW!Og#8gQ683ynn=x!D34cxy@cR1{zi3envd?H~`(PxW^n%k< zbQs!loA2HJ!MZws(8Q^a>R=;UDt>IRQNaF=I{-BsKn)n+2HkUmOqKs6|8nby3@w1d za!xIl%&JQ_cMqHK?OjZMIQe^AXFPEKjTPZtI1fKpy)2Zz>dH!HL`$SBq0SpjwPjU~ z{FF657h2J^>fIX_%O|b;)HtHynO>Z>i>RbV%ZbC4r0>HBi|jx&x!07 zZ@!y@i7YMDsU#+W+eFxGRvdnfCSj(@(cm$d>>O>|Jh8@)J`Y5?<0wf+CIyB3WZEo_ zIAsKcHmy)SlES8JKh^icR;(YgzQpg-$3hcgLu`h~S^*QbB?D9CpQuvu^wpm7v< z(Y9($Ppzjeg{=J8_HLndu^qXD1TmBfpKdgr+omc-%e(U=*eaR|#l-_ww<$9zv=6yW zuU}8Qw37}I05D{qjj|+jx%CCr{!qUu&u4i%;T~$bc=p~-+bi;F?WAwQAbX? zyAM+^Na6Fii)}~E=$2cV=OSV*qUZrfbM-@lckwNE7EX?`K0EhBkJYgvbe3VK)pV^Z z)Ty9?&=$fkKm=~UkA0mkmieYRai(q9N0(RT5Oyf3|GMU_I^m2FnwGiPj<&r5gZR>n z>1Pgsmfk9D8|9TnN07s42+c+fcU53TFL)$4;7?`BGq}l9m4_~XX(Mh#Dy#|0?kgTn zg)4*av<>&7YmC1BTu4Yu78*k##2f8o!jBBWQ+*LF#0y>1sk$R&B$Nc`RnlhW9a_FB z5}Cy1HwZsPt&B{|Z!OV?_`Ae>Rtn7fpkV{zR(=kv#nr2_WZ#wnw9fi?@O)qBOsDFl zPG+zS0pW<(+f7?R-~#89d*Ryo4xyAbPm^d5h18}+%473L?Y#=#SS}A56&Wo^xMgSf zkw#C;Tp)*xWm6O@46}8|QsEz<>J+SdJ0i1GbafK*MzyGOU72&b#n`WVS$+Dc8PcL$ zXiW-ATKbsxD(aD&<&V((;-G!OC$g`B%07P!j`eNYZ3Pq7nw;DVSh>sm80sK7Ck|t! zjQ>FCf+xC?#lvqvjm4&b8TRRsQi{)qnu}@nW&8F{V8eM8?i;K;_ zBpEJ0)C}amaOpYckBTFh0%O*vuml@LFJVQ9vyQ`d8W99 zqyd|a&;&nKqD^m^gulmau)d|?Z$kG@Sx-klzmD_#?UfK{u@a`wa0BBaSva3XWAnzx zb!QrS25HEj0oAi(){w{!3mjE6B^t*FQWr?CA?g}sbw)*>zrN&-!HkDTushl>@2ZYR z&c&((j_U3TdA+sFHru&Oo+d|FBF9PFr(`!(>KG(mbGM_J!n9&(S(I63n07d?!S@aRg#}zRF0XwfV!sRv7WA*W8Nxhxws5id0 z!hYt(j>a71>X*xa$#S!nn{~tv*d0S_rNi#IrjqT`k{W=A8tD> zVo>%de`GL&W!ikLL&Rq9ZJ+Yaf?d>1f*SRAW~D%v38{g)zIfPl>v=m)95b$gh3!*W zSg-_j{~YqA8bq~-WZeFqdm{D?JgPLCR5fUCKy%g(nX<+DBYJHoi`d8{bqNLd!!Sm3E#*Lw1gFATdPCktM5&DG`FjR|*isE#DZRYDz z5ZY+aKf*sTeXEE%a|$d@68Hl2kEZWmv0(ojyp`-v;3vF)w1t0Fl$u8TA98VG%47vu zSubC|UJDZ5log5aajnl}1UhgdvAkS3t}pXVM6vaR_TJu}gvahojNeI)sFm;8thGWk z&Bf(T#qrS*AnkX9J?3Vpr=_Shi6bV7)!m@M`#wLog5&V3gtcVJ6x)8|^O9kS55vl@ z1HJydF%lb%)7=<}OPhrjU)Q^7*(6(~S_NuDn3lEhxz?*8p#K$ep+-=b)Vep=F2bXA zVGCHmd>dg-_2yp~kYvaEM5S)&h}Qw` z)6=3dL$gg7=`vyKiIR$z)H=(3;1f{fF0%Prf;OumPE6EV=PGi$DUy0&i%FK+NN@gAK_CTTY& zSts0X4_2^yS7lv>Z{y!7%9=ZBWEc5;QnD~<@g@wZYp@eJ{01m?TypdztfVo!B_<76 z+XSB<<$Ee~nGh*;`h<&G4N0-m_@~?qA8Jh3K zPUY5bV5Ld1)MvE3&%Lfbs)dx57o~D1=#erh{dpM_;`gz$O>pPzA+{+>eoX;28%7L@ zik=QI-$JnAenqJ&pCrX$NlA4U;CBOH9Pk>ZUwp_0->iPjp%X+kymsP(6SlrfZjNknO*BLSh6lwjI&7-w0A6=LAeBkDUVt{PkW-7TJ4e{H9vhYtgE-a zplfOITDWZA0n2Z|q>R!tDYY#x6d3AAbJei-@QwyxbU82=V{`_TZ-e&0x%4!-!fI z|1KH{W&DLxCnxoP?upt6!f8|SygCnn&Nxx`|75Bd7B8+L{}@MxpVz-JvHwEk{BLFw z*KK(0LCWNoL^am|mS+Lww77(%$B6F#n;iOI5%glpN#7StYPO~Xqfh?MXa1XJA1#2y z;(8R1%wCB%?P;*VaD!S+gYX|My0Tpnvir4NPLh!N48a|qKTh}5&$P95sG-oet~O?9Vuv3O z#~Ayydm~u4gKN5a)C6@cIiN;6)>L!2XU}}EoH6^nWUyD|fL{>vx0fGCbG&83nnPY# zS-(j7x6AyOw;^V^#et)Ii7GtDaZ7*EY#>!@P!Z_X=E z7{@Fu6^A%HVw6COhT^HFl}XIhiHa$ ztKg#(K0U!4NoqXLzO*u2>3{YJ;AOhRuvXiO)-l;z|JCp^w^~*PoQqyZ3Bw{vIrB7n z>Z$C|rZ-pO3uS|EhNE1yS65e?Dv{e37A`drck$XL(3CJ#W@_qtTn8;WPyMs>Whe%F z{y+5h|K)J~Ws!pIk-RxP9+9M{r@!4Usn`Rvk^gZ(k!C*%zmuE#9L`!N?~;|}_3irK zZ1{V?P?DEpF)g>){R!hHbgb2%;XrBVnepRCz4J=Q-v$k}AFOkAGZaE2eorR?f&FC}aAU?I(Lasy}1ZwdrJBxuc__ z6?c!mY!2Kjp%-v`rtk^3UN(0(3hjU0<9|H?xsfHa#`(634G3G}`#;4nCmr-R--DS9 z(&a4A&d-GgmW3DpBulNt{gW6ab%lGnOz_@669V&`l$4*FTk20GL&rX{vVY@x{tNgs zh1DSu*Kb#xSmQr!PWZRk*bygQ|Iw-0d?a-$jk@*6P4!4>9q81`e!=}x;lM7!yV@%1 zlW%_QO2j9d*q^OCo0&r_sZ(qaZzh*orq>g0HTHJ8Hu?OnSUcNS8O+Aj5*!=TNV0bS zqP34U1GrnN2fiNKoh`@E4$V5e&QFq$w|d<$Z#m4qqbv;C+Ma4D=dm5gOwaM<^Q-Vo zM01-OrnuJZY|pe_z^GKmC63n*N*BpFgm)&`;acn)<UT|UsaNBZYL$Fr z3~BJj+L?8~AF|qMkkI=Mec%QoHQ;}9wUaCWY_W5!$t`__d+^VghugEi zTe`(ll6HinCcKq-Jx(tZrf#CkOQf6O3-B@W$-pC{)VP#q-opvzfZff;N%HrLQ#Bmv zx@{GiJB{Uiv!y8+b!_n5H3t)Q>xpge{32y@baw3-;Y5FTx;Tekz^gbWUsKcX>!5`P z`Pk`n_XTw}QBT4@n^x3AUynHWhY0t`vbDv=R#)?AR`o=ijS=uHa&SQCGb`{Y6lhkOkT(QY6iXcjJ5z%h-WXQqXy|Ja5mc^#%@l?@w84LRWEa(j~H-j*kIMn=e6~*{*I_uZOMw=Dpl&j z@15l6y}r2#AzCC~2Q_s?d9Lq5?D+GEOn%?134t_2PG6~=(cfGm>}eBcd?ryJDV2;y zCv;6j5MC_LH*Yw1=;B8qz7JBDe!nm{Z#KgXmKdml2TuF3>1Zd`I1B9Kt3B7-&>ymI zdH7>bGo54+Q%*awwa>?>_J(FU#ZIR@1d1wp0o(v}=0G0kEF`q|U7RQ{AG zy;vj;K)mwm20#n)^W#FsXJ;=)_i^~wtC*dMZwrir6%p3S{~0YT|0?9RdD5YxruJvY zRXsCRG9O>xGCONE1iaT!(Q+A%OKlTZRZ)?ZlZ)*#(6*}3uUzhqqW8Bsm6 z@l*Wv`q7%FkW)70q?$ zOov8EyD6+SK%=Y=|6nJ+0~$VDqn!U0p!qMhg#9mze7*J9^2Z?{?VlCs=InG1+ke6r z=!K$d41_t*6}~rbjOq{{O~v`&oDu)4)~zilxg+Q_ic$QlQJQNL6zPE5B!!!hb8I_s zPFpKi@zd#bZb!eVt+TTUod!f@UH|(uOx6vDqr~E6{Sfy?^ONdy*9;q1N&Op~9}>Hh zRO6UVO}&yQQYMd!w9Mjp2x%q`OB0q*d;vWlYr$-^0qL)P|1eF5YV*o7SjqCRB4w6yI{RZrt`!6ImBas#_>bnll&v(Uq<@GIg|U7hjmOFyJXJg6@3Vgjt_pj zCzURDt?hq-H~T3vj|m5OIijM-?(R6$DF-I6f#xqN2h@esjpR_@>&|Dkx{FKKJnXS5 z0iu7JXN$w9vDAe6kF`6_?%R)zKyTaz=IxN$YyvpoX5pAnT`J3D?k!1vAo4)zn-p7K zEawOVcD z8qfRJV6l|rwBA|1oa@(S*yu}?b+zua-hng!J-&e1&9x;e&&}3rRYdr3?~fv-(!jM4 z;DLp(akS+g>=EeB_r#a{&>3;2t)T+YR$D4HY6vKk)Nz+#Wsk} z(@Bx0Wj|7Xsffz+rv2GV8B>xs=zzf6JNbo($^!8a=$iW_mGmy*9~28ma7IMutHPzl zQy$%WGcx+<)knt`pv{C_?q!BNxa$!t`cYZizXGBRl?je3K5bJfCDVjJA)dQ{kdA@g z=i}beKN5Gea~C-02Ib=C=SSFTjv5j_X3n_}3g__cPTt==lgJ`XKL-C5DLwPlIAv%p zkNhr%vQ&+_(-!PiptXr%`kJ}EZFPd%g4t#cVBt;Ev8I1(+vD(B7&q}QxAU8sn?&OC z-thths$a2;B>aXxUvrqPYR)!|P0Vlu2PJ!m^&DngxrQUeJi|dtDLqpZMwji+oTun`J0gym3nyhW z@j2|Wh8R~F)g&=h-(Em&XVD)2#H=@%R&@*y1H(65dUFY0xS}(t>C&CCB}ltp zC!g~Ym+NhhGFLO7nAr8z!fhryBAX}e%xr?m`EMLO)+RnWbA!XTJ(Achbqi;*#94^{ zO@n69AB^OrE_uB~^zQ~gCMKquJ#zwwUYzLv-3v@o)com-hK28KQ{(}qnZ>;;@SoeRpHJrNk8Gb!-9@+dFjdNqF zU~?SKO%wfffH}I6P=NS9x}jB{-zntipOwWhIBE^g$ALmTE7=G>dU06;t2gSVoP4KX zp71kgKbUZj17^gKX|ZK=rK?o|cW#BUoh@&gD?Ir}TFjgbxL z@D9AkF(O89e!uXo9xR);KPE%iwNy;GYc}SGJ(zA0VfIyDb*a+)9+k%>u&>)xVA_I( zl4`b&?CPlk&S52uYSu*^`)xdWP{38rsu=gsA2@iPXSlYxK{0R7n=C{?79sWC%7oX~ z@sxv*eh5cjC#P6{qD@pCmKxTQK8nESPcK6t1Sl3CvB53ZHn!I0f*9AyOkPsbxq*ds z(_&vz*1+ccOv(jme;__R+yK~nC|8%9QLa6~YJGn5p`=C)X!8{hwfYF$3L%+poJhc7 zaf}YRfiI6R<=G{+NgHCS!u-rX=GRA?o%iM~EXpJx!Tm~|T@Rs0Tp z2?%bU@H_&Ys`xz%GptaL8z$GRxws6>xGrs4*H_i4lvs4TT7_CDPJ@Z4eNLp9 zQmY0_mhJpU`0hk%bOxZt;_WbrBOr@)(8*8oxcV-CRFsZEWKMYzSKBGS0TMug>p%%z zz@h`enNz&b1}%+pZ-wxw=T*%euyOSU=jo;;k1s&}8+*~u>qWwx;3p#O&3C^_6_{pE zy#I6H$HDicx7FU!Ij4Fouu<*L6y>+@GklZiSOEK*!4C^|=J{KjG_M{7e`r(UyU(%X ziQhc;gi+^puR$Zhe^9oPU@k8v5l~C>r>T2A!_yXH1l*cI@7sxDg66vw6GT!s`4F|B z*M}E>sroq9qyj~o5fk82ZLXRoZH z&X(uutkTlVt@7%hdT0%>oqD&H3j5YE2_npD5mxshV;~+^d+y9*eA113@cFz)Jl#7^ zLsb3UV4Q+;;<5>D=18IPMgogmxH%K_Pp(KEcFXepWTzzvI4FJ9ZvAiUblyPiEqW*1 z==ApBRPmfPF!3$^%uWJdRkepgXrlG4+ zd_;lHLcPs1C$Ml&q7HOHn`@+b$q9TWx=J-E!2+DKkFKW1T@i?D=FknIJHOi8c-R`|_ncz~0Pv{( zr`hRwzWL$WruuTJrKhC+$CU>gJSm(Na|u}%53MJ;*W=Rt@XE@gnO3O?@^kFuG(Y;* zJLA9;xACg|s441MFfT>!Yf`Xl?z1rI&G_;PXq`Ajt%7oL%y+tZ=;q5?fS3%2dDz~{ z<6}TUf=B93RO3y4u;G>HZL9!(p+1gGq*^p^5AJ&>sk3k`+NNmnc)56R7F|}{uf^tW zXqy%#*CB*k2pZ@0fQj?-CyJHTw;-}b;!OE>1a|V)p=m>e#@-FYg5G!V+B&v&cR#{B z&~cIv2ml@4Tzs_`r1xq6!VNL9M=98c7mjj9ekR<7y~ERg)&$#@#n89%4@+2tJR-#y zG|hEFa3>Psu|K+onc#kxU$hL~tl$`W9B+;bA^cCL^d>y*an!e%JVkKWWADQ*a)_@- zUt^YB((LW^$nCBN%>N{Z-uL!up`hoR+1o07+`tyCd5@!oaBP1RZZtyw&`!7@#k=Zx zXTpD?`@i&1lxg}222Q`l@lr>pxJ9;o@B(85Q>ybyO|a@+qnxon{LrD-R$g*&NQgh~ zCh>A43RV*m4v1ILZ8!}9cXlN<=Jq_s|8fG-yBx|`jSIY7^E8!kr8>88ON%duc&db! zdv^~HotG9`ah%mt=G4!81Guc_PY`;hzNd4pBgDAO&f($VsXuLVQ8MEW&!|%T6O`iDB&3LsBj?45{SQz9ww1?2?g_zv8NC%2 z{?p<`DRxWb`D$nB8#>GrFRS~#QKqHdY^}d(Q=9vp&O5dp3oZUoOWze-E8q{KY|M)f z%TfoV9b!z&M@A&)sHr%~<2BFBPKVFs?w_4Ti`(l00oR`|Mw!{L>ZFQq8qN)zNv0`O0n zTzjz$YUK-77Q1zhu#}ppr=Yz>ywf$6Qm?AqJ{Et^bS`7LUQ*@h?O4nCnmCiByORZ% z81TH+zNj^zg=C+aO?MjdG(mbsgpy863!9j&|%T0MS0_$mDn2jwKZj&{^uDE~(X zF{%~4{l9q{-dETBS6`A8y=9cyl_>@j?fb(>bmFi40}f(~&9!(jPKq}g$}H`WK5Y^@qyOM~nC1qk=70Um_Mj{E9IOr6@!H_OAskJ6Rao&K zU5`)1fW7VM5XW9cY3-w`k;7QJJ9hM?wBCtKbHpgp$bO86T`F$Z+$7S{Ub9Shult!M z`#D4wlOQ{F)B};C=W&>7Bmh4Yrzsd2wy^aC%~5 zbk&u1i1|R$*@*s1eHn`qcX>Fv?%sACVLgq*S?}VRjN~~nn9h>_5E!SLC@=Bn@1EJph!Ms1y>2ScD0l2IwhQcx7y0OG~BZsDM zT>$af#Fh08y1H1$?=wqo?k$g~nT3|flnM1hN$ieXm}JX`z8+2~f$(+pfp~Tfp9=dm zA9X0Zy;D;CS7)(QP9>MzM>m4QT4T$6FQ<8BbX#GkQq+dHO`X*fz zPWa-U9J;F=PshoUThgIqGF|13fw8&+SIg5NG(Wh&tKuQ08!w4q^zax+D$6Db0T1RqrZak@c-IofJYF&&2nJH0Cw8Xlcxy8-MHTEIPirL!<8gXl>2uk3l?6I zHfLLo5}gJo+uY6>^uQ}ZH^=k1hgLc_%2;DM(dSx(3fSQe)e};HmXw4HuStkh%0xvx zRYlO|{@`~k9J{}@fama<-`igLpd=>B;K^@ehOM0yy;Qvn@Q145x>}ym7fj0@d8m6c zs&8KXewxm2BLjGq|HP{NR|@GrmGAw3IxYWQUmv5qn3$NfbT692P>>_8oBb1FYOQ(K z1JTcdj4+)RkG|jZ*za|yGi!T_Gq$m@F@i(@kxh2H8Lk2RDW@VSC7bWAcAA=+1Qt5o zSSFJ+cbOv&ItSM5P>sKkbIc@A8F%vpouBgxD&0z4F7xcv;;pG57IMms5`A146)tTp zSFbEwT277*Q?~k4F1w1@R~L4NA3pfpHI&7EogE>Z#8W}XZwDZBjV=di(No@%#vi|G z-MP>EekzS})v1ZQYQQGbQ;yBOL3Ri_=hsXUlGu}|_h*a~w=8mB5V-hJJ+DAYTHMcj z*c?95<`!O7)KkvX4e!GbU@g%O{=KNYH$nW?d)*!jgu=4WX8B@I&fVNVadd-NMf}p} zNYb$re7`D0ckFu(2Jv zd$(`j?@F0Hj@UxpEkhOc;IB(eG$7LHse1Yd9oJmNF&+Br$K4we(c!w zniS;nafz_qOXt^|e&-EE=W)Eqfl}IE*jjjPR!VqHaxKC*9l!a5?4)C9r0Rm70b)Xz zCuMQbEPk0K8d;;W#=GiF({#Y5*4wWf-D9%9Q zZm?k3_TV)TfP8HBQ8(asE?GUBi}Rzi8*X@P3e!R#d8+`H%C&TpxGdk?{(7dOf_6Kh zt*2}Z)k?d)D+KPmjr|aJKaiZ?FMv@t=>t>bJ6$u5`WN&y=;qyaRGx6S zt`{eq3zK$r0>Bw{Vv`rM(a!CFud28)9lHSUe!b@rcf8Qb&ql`nZj26;$~Cd^mPx=> z;X%Zy)ao40iU=jFC519Vl_(-D(aS9f%Bw_(4f<3%8T~ZrBa1Ky_zM@-P91dPp%KIT z{m+?FjrzH|A2V-^(cpIsvPZ3A$E8B|KX)xHk7>9ehiR*O>6V3`x*$ez_;eoDlaFRZ zO0N=CId2>Hb&DRlEIdpTFXpKHdJEdFtQ>2aVXOPh2Ihn~VMnxY;RxI54=rUzl9W-h zL~pqeZtV|`8{@~M^lh!(+#>|G-v8r1;oLB*lQzVmeR+g~Dqhl6RzibZQ03;Yw-LEi=eZ+bitslnL4^ zu;a*19YnvdMe!yY6@7t8o4@DB!bfv`ES?oD&om$%qtq!Z*gtH+t)oq!7_B16BS?(D zQ$Bk)+M5`Js_aZ@&)(=gx9-In zxw^DYyu_s0+S7ovU^((3Z-Ob^y~+nfufKIMfqse?TqXBR0Hb*5V&Y6cp zij+H4H#uYE&9Kz-2d}whBBy?Akv-3gMtM)v!(+0WeUGMHz+7Zzxx?{le*S0g!rB?Q zZ?=igWm+hyV(QW_I7pt)b~m2LX2yF_l!zQN*7D}d^ibl^J=0SRFmy~_Y$l`mt>sjQ zsHsQYyzqjr2J^Ls+rX@aqr|1TVe9CI{nQNoj^M~Fy-XY-2(b9sF7vLd+{&{NANG*$ zOG+Z&nB&B?*!kgYk8+Uza)4m-pW!Jy64rZtgCdzfit6yj%MEsrsEIQ;yv@WADL&dj z3*JX4RM!UL>RW?GHeM99oz$wbsKng1SxQhCm_@VmRD)V(29M4!7#&^AS2#)$?7u%a z`DBLfSCg!GMI_Nk`m6lYZSyv@Qz#mxx_q|=7aHklHC`OU!;nPnwkIZD_{=v3ZDhf^ zG}Hu@-WtX|Aa@dZk^NUF53u5G_^Zs5SqUJZIAU{$I_Sf2)tlY3i7R3GGSCP0LM7>& zTR+imTkGqtGB$7iw#(%GbsCR!kwxf`XIoE?)3c?#xnwcKOR&)V=a#OC#Y35Dh?J(Z zSeQc^7IHmOlh6Q$bGbOrO9u{tHvccot#%OH;#k+2?IiamVmWU~r;m~2OB)&uFM{&- z{F$1@apUjTXF=$VR!&Ye!sWGH^UKRQnz8-{`#&D@bh#((>{2 zq%ov@HoCm3D3fQ2om0#j7N1?rAp*EDi^qF33Z?OXOw7JLPx8i(D77!IZ>DYa*o*Zz zC;j2^6%83CFnN%#hRaCU_3*(j#c}UBn;f?XwBGxo zbHI3*y_$RFZJ1rQtzI;9ZN}iV3ZyZSIe%pPm2NuLbemAG9Y2X7%ak?rT^6YDE6q}K z{)5z)`Qu&n^gi>f5^)SlsKH{TP^(T~dnGNkMi+)u`ceEorYT6~MYwdX_|xrMrxw?C zbAA&xT=nM_69K_g2KYST?Ryeb~Aqqz@m1 zu28jsK}a1-TEA9L_8&-^y;nCLi>}Gqi{**$pvITG0u%dSmIWtY}&8Vxieb z;GEc~t}+9NJr6t|$7O&4BO7QD`Ay;d{{>=}ezJSqB9j3py3e_`TUoolaXuCO-b2-Z zSkS8U?)OjrFWZ#=Hx6`vUeb4nwas;3)5a;>z~0&_^8iG z`^WnfD;AF+If*1U8$O%2yLxJZ@fz8+vn8M4aEib@4|b zfoL)wYPoB;IRhLnZ7aM+!i6_)SV(ErTwha?Y;4b;)vEQmi{7~C=n1*hi7(&#re_OEKA)Bj-iA&uCwUQ3JD9j9h0qHo zf?869`fPZTN!&v^UQ-|D;BSEs(!PmY?Ei#Jx|zBFb;l&omuS6KEzmdlmG|qX>3znU zV$R+*y3G(;rq3E_)G`|pJolV0J8snAEz72Ngtxl~I$|rCxF;>H!Ul7F3-`|SQ=YA7 zcFFC1FI{Kl|12>*l8cxyoXJ=K|fi<&HZ5dZG=YJo6z zkG1maTlYdv!C_sXb7-&%yD)UE`*?`+{_Auwzv<`LUgM|-%m@0u_^M?STRGfail5;X z=o{96=6~u>HEe>1_cR}GNhR;Urr6C49LF@1wY}3=l}c?zDQb{XH*J;N8yJm+JP74> zn|(!Qsd(;LZMP0k1Rs~l+_PdgSm_|!w>#*Pom}}EhJ~#m!;aX%)AAp_ zyRx7o``7#aMAKExkG%rNs>U)28$WtR=>EN`&}2anDe<_1Oy@+)S>~rZg5-n#=0RD}3mZEqb>^f+jrtb9D8i zk+V^M1gA)p|AgRW;Naa-m94%A!{splUc@I-!3+H9n;d0nf0H*F#O-#1*<;idVtD>< zG3r>*hocxbu2OXie->oQNO4N|jqN;*b(AO@NA;2^QK2)i4z=UR*Msf+;Td7c{OK9N zYaO+oA*V)B|84MS?rrBsmP#6h5Qgn~(>Ts`6rIsC6Hoh+$J??=v{*|NJ&Q-eK0HPL z@yxwiF=`AMiY*jv%i^hDv4kh$1^V86n+kA!@9GszpQk5;N-aGyRT=5~HFWvDNIHX- zO0_6T%0!o4`*SvJj<yuXZzCdPygjFgZWMrncst%PYAZ;DVoIU$y#fDb5 z2YUza61gvQviJhW^+o?%3us&8>fJ(moybg%&R|S{>1DTqJlLI&_ONf+GSK72RaIYc zWeoZOm?L?QT~jLKeL(&O-n~A2;Ra&tUSGG_Dwn8u|1{NM(+B@&zq@PrN`h8L7_MO3 zus6Y;sJx?KWJZked(tUDpjugmo8LPg9f;&(gqLVH?z60gSa8qK&#I&@~^4yH`ywZeD66EiH@6C2!eSk{Y$ctD~Nz zj#;|YeI=EGfs4yrE)Kja*QCrQ6N67@t~Wmk?geab;7kkH3}u9vX}CC4C68yu-429& z`=;H>{=(?tO&N?_Rp5krg!>iFfxRpKS80k7Ok z*S=|TEpUJYNl3G1+4K?{MGCF+e+6-lc^sn zYP;SzIy(arqq8~3bx@ld%a|(Xp$4dBOy;-6R!f^Q6|t;aPV2j%3R&C0@eAIy`ooYT zMFXnlHfXt2o$!I1-PV=I|9-s1zdn#H*|D*++pl&<-XDqFb^ZGFtG$$*p59__y80Ti z7ZMf*@S_UEM%;qTcjfmx_gCjW_vd1P&ueV;nScl$iANGj}a_sp$8cM7y}XyAy&s6I4mXLikS5=%3H zc$xP4*%iOEOQI%iGBSp-PBTWBBCPmn zq$_xscyWlbtX#UiaK4YdG2moXIo{_7y*9QAQS(8Ig$=1kZ$K5VdF6Z)n2b##PHS8g zevx^e>rXdfW)g1U+r{v^)8gJ3KCPRvCeF>kjI)d8&cSw5DK zDeUQPes5G--c!ntYj<-t-V7IV9$|Dp)%1qPXnQ#@4 zLFo=LdY$zAO33+EB0!TP=chM|nfLP;o0C?qKVL{V@_qTW5#jQFja0-*k&NgRg6b27 z>HrjZhQs%~+&bFe9TiGvo#?qr_P;#a_CK0dAZ&%S$SQ_KIjCMynSWu6SB=F7c#P&s z*aVqA=xX=oQFcK~8ZAB$^@AVg<>zLgOAp-wKNqx4^|UH5m4e zbYN$@hdSf3nPD;?(Qg&De2X4&F%>rD*B2PEW*2Ekgapt&Xzv~8PaRv&==jjio^lQQ z^j7r!c1<)UTun=brzFbGPwdp6dVCFc103U;Jb-g+XW!D7Y@3m%xNlxFF(v3IR5J2C zIX%+RR44(L(!dQ#gmd%gWiGi)7vJvf{Db80I!%KGM%^hwOU%ShG_m@QQ+wtCjO^xzqm zYl+9RUhz8{~;vr^7(wa6vHq0#?X`ylM0;&jaII_w92e7;-q%=ku%u7v6!A1+YWi_-N&A(9>Po z#~TM#JTpz9vYqTythM;IX>RhuqTfASz3k)+H$BHGv|nHcV7dl?F1fl;xl-CKoI2Ow zL!xSF@2pPJe{3G>dQ<9j{Sb|XPwdKPu~?!S`Ed&fQNpTdPca~Z?B!&<6O-!Ji^OCC zw5@ zHC}Po)utsRdgmq9)Td4qWFqgQQ8lEknFVvwQQR0bu%B;zN9#uN{i@iEm7_%iF=eK~ z;B~ukRP2ruAwL_d>(9PzbkVi1k(SD!Up$*FY%VNjI3iNi#`r;^OtG@i7`j|RrX^oD zG%89f5M2p~BE*n)f9Z;NY39(iCX9oTNRCD8YZNC>4Z(CXK~k@Sp?A82&sBN;hIsyy z&BE_^gsfm@y#g~9ILw=2@ba;+X$L}$A&-V}G<-OHfRcpmQAqXjT2sSHv<;LGI8v8R ztGE;~Qd?{;zwHmW2rM)^;Vgf~Q1A5d%~ai>=yZ}uS$E<3I1uHxBFR(>>(ek%J<84> zO{D8TUJI>wZvI7nM1og@Pj7`S_vQv?nQ^{tT^JU!^Y;-Uyl78GLP% zVqh^8C=j%07fnB zQ&Z!Vwh9aSxiOV=tZZ9lpV}}ZLLfyq9J#49D`$i>BP_^Kx3mc3KMvrgjg&f6zI91fx>FLsLHH!@kkd&(H99gEQOm{m z_yqUyF)J-ukVSTi!}Q$4O#bCvVj~sJEkDpVJjK`fvZ+){Y_&0GyZ`>I+m8CjS@#85 zbw#Yy*;i0bkEY%c4;h*dbM)46uN;ANrwC^idT|dkte`r{A<2J)8u8GOk04+srF zA9r?2!Kl%q@3dq28lfQ2R7d?;EDj&IO@QjkQ)s$_Oqs!`=ja6<35iaz2~OfKFfzNa z?GZ&HarL=8FoDVtSF>k5(EAqV$Rh37w$l+OxD@VR$nh$h+h}`Rr0k8w(N1Z<}R+7ZdfNc-Itv|q>O6iqueY~aLM%k3jS1beo0e3nOW!9 zceAk${f$kuMwR_q`KqtW0zFldl$6xgo*i3wr`NS~(-trv|PKM@NsfdMSj>sJ68Pi^R-U9Sj#O@>zk@@C!-etuKJ}vpzFPol9G%}UpkOI`i;Nc zSBYG69Dg>$xCZk0`IZ?w^o4Ue~~ovFN9X7!e_plauEQKIyao%H+UKH^i-Mw{4SS~3DFp%8{^@_+Uzayh$S7YAV_V?JQ7S9aEr%-y`3jG1yozeIGc$LW2X13QgVgSP`82C@gr}A^TsAlB5 zAF$B-?8R@N1Y;5lDkhYMpz+d&^bc5v3nKHnMAsKI_|(s|57hW9-0r)aAUop&4JdUE^l-SgDJIqG zosQdt;{eEp6`%8rI}Hj8cbZSU)guB<%0Tc0*C z4C{Dvq-R!SX?Ke8d=xsqxv$oT^5AoR`={$FvR4~U^*1Gmvl+2(kwmDdp-Zo_$7fNA zY*@!r_(7oWSZ2iqIgvDszcA0IW|MA;{?J%`s;cWFCi)(SZ%0kP)2LY+OVlIj{Kf@?Gs-WdR*=a0wy|3!n)fwhyn1U9YVV^~}bsfY-dRMrF$cL0KCNLfp1OEc}` zT`@;XNt5Ix%Y>qL z$q&J3=n$i)qC`Ov&-j#^*U=AzGry2^#k|GIAz~yG z?9+@dKc^e!SX|B(g{8o^j{Cwo2#8`ip*d5R`*+xledRnuZhfm)=%pzyD0DNUY?}?j zFHrVw#VxbEmN*Y`3ET|JpmNSGH4>C1As=rTDW#aTpBDVpWmHSgWwgCZ?I-q7m%~Sr zBRNJ*_e06qb!{zUh-yK#rr*y3xPQ^q!-zjCk=oMj#dNI~=6hk@_YzF?EpE`^0k2BmoZTa9XDIm+5u~AZ<&6e2h0D({V5)LEj$+ zYFiU!iMjFA=z$*51VJk7PUfwnkWvu?2aM+nPZbmo&kO1*rNs=wGC!X*q#`1cXXpjA z=vS05RdBX1mX=!8ebx}^sxZcq!zUL=MhHQH!IOt9Q13{E>V_(%SkX^-2nFe6^4-|+ zMh7eYRD*2!*bLPyWx#KXqpC6-6(N?@TdWKfXI|2=W{H1M^q^|Hxm?lvZXXj^e35-;7aOE@WXpkG?*j zV}RoyZ{7nTXQ_|M$&_Nn*~;0<&xx~|i^L>(8wOaQDwUeeSds9FTMcCk|Qmu?Zch%6fm$&*DS)`Qe&bpzQpS~_8u&4HcC4|*%wYpi5wy{ zYu!MTWq~2x`0{a?X&N9n02l;FnXqTFnVc6Gqg*9L5Su3p`3tE$%(Gm7#;`kEQhIa( z1}~Y3JzzM+k;R0b$Z=u$iy+-v5rw&}f!0K#U5RfWI+_9F6waEr`tvXb2`(iH^Ve+b zgDn8t{6VSQ^iD)V$o5>+lhPRDHTP7(MY95zA#T(81!X-I6@!-Rr;LTY-&^aFiLAUh zuXz77vo~Okm1d2OZ)&$rKhMnXuHv^T(5}tiMpqb?T}1_JdPH;$+IgRUt+oMEW)m2>IgV|%i>hi(Wbd$ac*7u+OCKSS~yvd!^V40idEP= z)CPxh#aflGWE)%PAbbTgmw>u?qj3TaDft}%Eg!kK9;NeGJj*18qJj5T?_q)rMys96 zk3E$`vg=1w`J5f5j(Kw>)DFD^$T^Lef@;dE{@Fa=g=m|8ujOj08jroK1tCKldNdoL z_ojixj;r(dP5?coHU;tVcpNm^Y(3UdJ@<6a+U{M(lK60(Qs%W+{r1`NE|p*c&^M9x zV`i_guy8fgKi!Y}zz}4nucoS6rd4Y_zmf4%@X;SUnOqlwdPx_so9pCEO*f{iE%88u zuz`VFpnb>XU|#5aiVhM0^}2R`f)F~=O|CECYiO-hVA+^+)*>rsY*pj{E(`&-OM@S- z({#G_IioJoj3LTfp#mrDQ8`Zm(xk2(dklCMzusFf+xxdkUB~i2pHdNs(zkm?}ENDxbzo|e1%B0UV;(@NO#*uOX?J5>2 z>?ADPCes?)SS@s=B1fnb<+OL{tp<;RP_yR=~3t z>U6y!au%kS(v+~^bU7XFx^_Dl>Wg-;$Gk^~2Gzx7Ql`as!8J0YYRaF|UUGwO#}iQ- z(G3l}s(yp1VobNeAf2)yN;YhzGXIg)t-Lg+V7{2CYzl8aYzs>Nx_TYg_(*30QGt8$ z*w>@(d@6#5U+Cd)88&LFsdm81d7BA0J0&qmpCg%s9}w)CH_N@8f6yA$GyeRZnqI2L ze2F($4?d%{Vm=>YWx1(y?A&F9rW`>M8Lq-WYwkT>=Spuja7&Ag=zKyI{Bx~{(o+&} zI#$viY9=?I!8?+G()!uVsbcg%k&<<_Q^2L!do1K$6p^v*91&NAGP~0~gNOZ55 z>zNl~;;Aqu2TVL5UmP$xbKiL0E9+{<=9_%Qm`G;01weV_3ed{fsHNcI7Pvym- z=dzX8d_FkhUK3f&QbeTMQ}>fxL^7vgc3ChtFpU|-%j!Lno^}eG^7spiWcWU3?`~|% z{`pSs2{+TTuT#?J{`nr|?CW^=ACjkf_e$txKRp(bM5tbbf*{=TH#OK*efoSE$Bc_8 zk0JzMJ7yLY7$exfq;UdL-H#hk0_M7d>A*lGpx{Xk_^jyp%ga96@=q?eY%P9UH$4D*nPRO^ynP3u~q z6Vo3J+Q2QGUG(Eep1RBE&W2kp5^JoHo+jeTqCT2L%KDtIo#6%EU)v*+7)en=7qBbJq z{mypH*x^RZoHb6LYmv&h=r}MlLAfi{uK$SXIG+e}vnz=qSupAe(h5=5h9Yc1r2oUk z&&M0(xYVM~d2bos}7oSbl zWAz+L6e*RrU%CcXHw+AqZXBV(W0j=pzKxRod~NeaWX^l~6@04!ct6$FAr6 zg1)Vb`ftnN(qGpgh0ogR6AaXsU8c<5ZQ$2uRt(u{xsOPpFd`Khc=%OsZfN;57~51U zrhWKq{noO(G2m}4z=9POuLwJA`1RR{rILZU)E9Co7`D_G-JfUYqhv@2dzg|4L5~l8 zjFe4cfoR=bs3NC3E+cw4RseiL$WeVxz-R|=dkrtzbQfr%(RtNX3Ixr6F6q_*UkH(?s?z*NCpX*%%SYQ396g00$bqQkkp zu`5Es+Q+g81?Xh?x5QS2y`TNhdbvT*q!RSP`i^}zDH~K}SL^-*hkb?nvr~#;I$t&z z*&!c8O^YTQ7dX*5bj6Hg!`^)xy)?jB<0|;0No>4KlGZkYdw4k^Hr;e=R`^#aZsMa5 z-APoY-ih8TRN*puKQ#1n`0Y);(pKpT>g=+#X-$%XY*LgQmZ*7b1ik)f(mRMk$!4t7x3iL_WnD(@A*-1 z|E5&e?{C;7c5krl^WoK4vI?GBmHpDSwX5A(E2xoGzsTenj|ezXmz|maE&IM#7Me~` zz@S3k3ic@y4dvbm0r5)W76lP~=fm(^HQ$@B4b4K@ZsWCU*vo(hJW`5+_=5%_zP*>hb*g+YCBky{fa zx>)?N15D^mUGFc5w9T3oN6dntPTQ22;Sz}Ng7<1+%7(mk&D&YXfn5n+T@C)tKQjx% zMg|r#=8_@HSt zq@Ui$CChN8gw!=MN-RQ?xfg;iq7ZZp8EAT5=P@e|{Ya7|*VuL9j6hGbMd6(iOn07t zxsLS6<#(6Vi?I?BV5Eg{emI`hK4n34n-^LmF z6@TV8SZ&~wI0EOh)&}oT71h6{|Aw>B$AdQbRefd)TLZyl573oce z<_Ejzs7l1iS9EH;qcX5e`k6k~mWC7EOloQfoIUg>9gx3j|L`5=qVw(L`eUGD;*T(6 z%I>DUcxeNOGaE=Vc7HhNc)`B4b%-^^ZH(@wUjj7Ae#sugv9KRA!ZRJy9N?3Kya6)t z%jl|`2xeGmc}chV%RH&mOLtZL;)G1b$~#XP?#V&egU$>!>I3G zugz6yNr8%TeF_Y+_*LQ~pl(@Cq5(a+qaZWBrgPb|Y@}fZ_A=bC+6{%u(q{UoC*TL@~dp8tPK*x1b7*Gsn0@spMM9ETxKx zb1%I7ATOV+nJc3x-Q~|;>Y3K|R)JNizJF97c68-tu*$r*@62M0LdA}=Q#J#gQP!mv z{PsC7-;W!yn=*d?VbF}e`6t^2nazQPX-wy`wvX|eH4(UMBQ|lZ?NF=1=b2qf*vsSO z&W0omUROVW)Iw$2M0pg#x-exUvALTM@JNNJ5h^zPt+mzTd)8Ux^dL(oq%{rESXE%n zIZP?w^dUaH=2MOLc{?DT@MzSwx_T31+MxY~G2$T|W$eO=xJ!gw(m$CRU$qQ2>*XYp zn(RcUM@)#H!Eu?jPvQzRq!?}#gD>;qdQ-N^m#m6Lwok;;TR8^f?Akn8|IP96myB)( z3$LV|Gyi&eHnEM#xFs!!@|09}2yVyQQbF#yu}F;CzJyui(kU|Zw(I?}(7=0~G+9B! zQej{fnV{xh6#Mku?uRw*9om_aCyOsKg_u#m<|xlv4UtVnE@&1P&VG9eK+doA6Kiit z65uc#%Kd9t3Aok&-zet)Ke%Kts>9sO?1Pk)o56GbNEpSZt~27EsZTZ6J(K`W<6<*4 zv%d73y7Ky0ZbBm%d82IZnuqM#`WDKl8EMqrJ229xK|ztyHSC!+FwDd2Y4}^g(X^aQ z1gpsGp9P@7J}aeD8Jo12#C9&*L&af0Z^7qlbrqrCA;alfn}yldJYX=u&RC)H3Dl;Z z;{3q-MC;u(P<@Otp^LQ)ncU}{_E42LjncG?mzr*^ZFC)@MMH0i_e4|=CU&O6= z^622gWl|*lxb(B%?IHU%|7;w*KL6Fr6(Gnx)B;~WwU@%?9)fGn=mW~>iRhUCkBEQ@ z3&v^nGi4#+G?1BNr)`)sOk4;Kf%C`dfXd=WRH_qQv>tc1l+r0y`R^3ZX>IitRpP4y zz5dgy_{7cijPidu4*tdiHN2^gL-SoGAP_-Nc1`63o1>fNf2;I9p?38SP-UyKbL2kzm<7-`!9QWHNUQMCYYktoyaD8?O}F%9Wq1 znVz<&jo4HSh1K9B>O9j3CYNjx!FsJEW^IS)JPfocE3w)~tFRE8*s;$a$8`Y^8?o7% z=>YEdnXVt~)e{McV002Xz%2R#CkLLZL zCd1&_jLxxk-;d7DBJ@w?Xk0==I%QVJML_$~DD=pCcB1Qr#AGlu)BHmmm~YOzrZcB; z*aQb80O);!F}e6Wq{Qdw=%KQ(Bc8`#VRUepizmxmS5Y^#(c`d0qJlfF z7_;Z5RuK*o+*lbsebPV-FP6#}lnSE|jT=bq_VBWw7hc_n&Pi)F2$CN}GzLB*uxB45 z`(B`;RMzsd!}9nz)Iw7zjlhrpJH0m6d-4FmIrqyv_!; zs5;)b^Wj6~VUfwr%^^qOw>vQGH5CC4%1kbc_0Cy^*4{HDT(5^4E{()s@W8|^nO3$F zP2WSIjkATrvzF+)qyEZ1>UPK2)jNDu_PMHo3J5zB=Zny=BgVPGLnGC=*QWmcCgYuq zIzFYBVcr8{`D!7SPsxC{+CR5@ck&byWt40cqidn&K$2m4ax}Q)@fXw z>fk~SQv$@7-BL_B({TumIlAkWHnWG8ajImJmT`~LAkW7#r5_04i1>pIBN63Z4FbF8 z?n1LzA9r)k)I?k&w2Be}w=jUHuNUs^f^hlmhmTIlbJ^oxB_=`RMszlM3vK(j$;pjN zLTObt5DonWHZkAY!8OOp?W7_CF*lIG$QSw(AY-q(Ann85P7g|=3VTb}!ey3(iGJx? zXpqk)W%hKv$t$fe6r=hH2exq(`A$42PMaFsj5s-wH(Gm!y6nKO{V+%ZR%!1<3_oy0 zI4EI+SxJc2;v8PqZ4F!o@Bt%8uQR|6STeksYi{zkUq`U5R$_BMIjwzR!Bc)%e+zA>;$YK zqC)b9LuP)g1AF9zQNRF{(Q+@@H)Xu#Q2T>tMi5|LZ48yf6;j^o_ z&Pw=v+}yG+QyOp2pi(hJu{q`SJ^PtnGeTgp^N6oBC@JIb8yTiW8P*^B3F%^AodP8S z;+J-{@Bh{Uv{Ys;02icvQ22V+y4GV@!|`FIeyDc5c}1+c&z&+ukbE~2Pom01@N`zM z7wGRyoxyZflkD$Ioh~!211&0#uGFh%*s!g5>JL*xdZ_HPgWD>ZcjginZ)(14T6zs5 zdXs@WKlE!xHzH~mh!%%*c44csM$7#Mh9isa;84$Wr)#FAn<|wwH*OprcWOoTcw(vJ zN#DvV3ov5olh~#+gCXCXgpSwngfw>P(B{eWRrAfV3VN?cg#|bDTEOb>xqcSee@*UiLmNd zWM^aJwFal1eb48Ff`aopEwwodilA6ul>CPe1VR5|0tg<%kg|>nUygvHyyeavX>vQu zaPi?JCtzuh0(Az57#XR{I5-%hk_dZ^FTxBWgBicTI)Ja2NL^ss&hs{_r-(lpcuy7! z1OMmKhYs}&err9CzrL>R zY2S)cN>5Gb`mqxR$xRhYz&+^I&1|!Jo1ivLqDx;jLy}mh=xGWKo>QiclShZlkPx~p zMuqWWHljW*JNRtr>pCQ~05rF!TUg}#UZRWPbgRFbU^lSD*6rf0G|fcaG>TKazdJ&t za(*N_<@BVqHXYR%e2;3>@euq#gE?sW6CWn#iS0ecmw6-m-;R8vwqNvEYHQHS`w zX{9Y3*lM@X=|@^NM*nEzB;+3vjA?H@ZLBITzY{qa!k!5I5s`1JE%726_HEsr>HPO@O+XmF*xId8#Gm1~p7_ zwfuZ}A_l0wx}jQq!h6&gwxZLRTTX=~KYn7{F%J+sQZtvGa>)P&$2qk!xmpH(hK6g) zJlg4rCY*Zy3JN<2nvxCwbsh{hQ^_3ROG;r{__*~tj5h+H(esLP4&`NQIlk3sS(VxI_P(=$6=d7!=^5j#rKZdrn?D5Z$ot%qjLZ=UQ-LDrN zcqc`j>{*v2A#+&UJDsJWvHiK*1D`VuS+RoL)uC5PbKbPJg9nUs#SrzWk zCvi>hT)wBCWXac?qvQwxHqlb`%dv0b9UW#Q?}Y0GGeb1xQQ@Z_wYI0^E|Z}W2nVxG z_e=~UztG(di5{|DwB?#qf|K^Cs}c1PzbGlpjGm*@s35L2=zjHS!OUQqM1GBS#5{K)ZpmP1s}^PolE30H=!Jgn*=ww zR$A8Pdmy=eP&;a3IxF@at!=;d3D1!-YM{a|Qggodxbo;_npa=TxH#4+J$C9Kow#p533pL*qSQ+iRNXP z$SHUcrS0(>ehI4Vv10brK}ggrGrTlhGGTdMCR!Yt&SbB=FrkyAW9{e1cn{H=&sbK6 zm6t%-6VXed`=3PDaA}R=)HYg|7FvdBmMG*70n9>WdWjX{)5@;vwQ;+wo$Eawf*p*p zw|Eb5*rNker7ijyjoHNYGTD7R6Zx&FpI6Eg2n|T2K}Cbc+k6gNqonEpk`cX)nB^12JB{G4hBBchR zS^g~1B?85T^{D89B1fmPyQ7o4N503&YU{uHoS+i_I{i(@rS;cDd(nZIJ85l~Zf=(x z;3YJHvhN29mKoUTO||4jS<(YkeU0bKO-~NqGwkhx(kyZSgVJr%C9$3qH&*|QA)0A! zEmNX%#buyhzrF1=u4ksA_HAHD8e@s_^s&n(zgOWA$3Kmd&pwg|M;a@n=?NdlYoiGKOzy(*;aWV0HId^)OXa2 z?erZ}m9Z3|T(V~GM)`eGw#XJSBq3c^S&F{cXMWYevWal9~!ej7zO z)I*(oU@iruP1f_Ft)O5e#v=lh`(Edb%I=cfJP)7B1vjco_l_#V1(X>-629dWe*gUP zvGDQmO2-48`_dUj3eB)NadTz76aaF~Q(}j5$^0W#umVyACT5tmRUv8upp4Sd3K{n7 zAeE*)AWng3E5{?T4SHVD_3F6V#aMp#5??fXY^@Bx3o*AE7?es<_Ni+rEUv0*cokmS zou1Vd8~rOPDh3m?EU(uuC0&;~^+7B> zYGNWPy3Uh#0GGW%hcb7Oyfk=qEwi!ngCXU*M2&I&=gocXQ1kPzl|40>L-|=Lft@Q` zDE8*F9J3{|Gx!kniPaujObWnyEPN5cEpdgLo9g5ccFQC3=Im3H35u+O(H>Cgvr@5QaWp})U^#v zwbXSU+U(jQhp+%MeYMl!%CzciZ{03~yPA=ao0by;`R>#m<3w}m@LA8h+MAeckk^1h z$vLW3loIgm=!EkN3a9#M?f4W7e~awWJ49xwiX+tz-5KTUuJU3U<~3{PQGFXVwP^%x z1S@8_T(A<#P|s~maXIMq-{<^^{m}igpc?TD3VRUVjKH$s(HfGMM?At&E%cSU%6S-1 z=~+Z_WpdX0q0D_;FZSp$$`b3$ZtPmtH!={bW$&3iv*{tRtjwii*kN+7>7q)zn$ule zJ7-awuo%@pX5>NQFdz(|2o?-Uw?jy7jM={DV^CUNCR~Gc={Cv@?{sU<3xJtMm)Bl) zNPeBxDzM5%)5!1HCcnhb4yli~BoQH(=gHeRXQ?PhR|H&lZc|`(brMcw5K*07Y>L?*UU^ z(Bn@IgeqV(H>uQ=ZF1)0MeL7&Y*N!sk^7a6!Y)uiQT#Qc=+p-9mqBM({~QgpixjLN zUcL}?qDu$MDTwa+n{cU~X7X!UBy(#KHFVz`X~db*=}ED!S7>P8Q82`O-Zx=3hS>^4 zcOhi0Sdh>9C&Q#x)KZyj=J4f!#uWGU&bf))pK z+PAikC=#?)kmFM{RoC@`%e;g15$MUmVPSW?ziPyX-5%MHs7=ern8aSt@p4lyA3+YO zM#>8h-09E3JV?KuH~hE~VOajKSVvF$bz=rYaetA$T$OZ3fsq56PZoCas+&(d!efn} z-yIvWcNP>R$1{p~?y;HBN?yEB^W>3BcZO%CfL6C$+!%Zo7*I=?Vd8=ojM_5ak-o#g zlM^wgO<20VWMaDgkYU7AO$OqeYHfH`aMwM(k?_aQz;pJvcgj$MN@)$g_&acQOieT1 zv6|LqRd)anHolN%H;`1Ljr+{7?0HFrR&4fXq74P0UT!L+rkaURb2yKhRx z?7SD_5osmWl-z2_t;9Gx=D|rtC;8#*Ny+D}?i)esL-N_LEWYTHK20I^_8A=0Q-KAD zxeLT_ht_9z)<^t3uw2w>5Enfuw6WJZ?)lrSV*W~xR(fK{I+@nqg%J zroBxqRb?X#`iM-sVf&lnB}(w=xkp#eoY&qPbx$(9pBY&>drqFza0lkkyZ|5PY;-&e z!&`~UcN6RB*x_sWOP)QT&24g@zjJW@DM2`=>a2F$Pjwo=8{|JHA4B7%n^d9v^oulz zmH_x+nlG4;5Gl}e8T^S8ODF| zr~H3s{enykNE80^ZoxFgE+Epr5l`Ii5q7}@Tu{{gu}-yjkdaJ=O4T9x6Xk&JG0k>n~Hp4Jvd30tm)pSpmagT z=wE{izgF%x?{AdQS%}K17w|^aw7@1tRW5zM{#s zk*;po|JCQ7Fbn^-VNp;s#o7JI;h^?@dkdC&&!OP3K=h9+=1Dyx63UVf%?W{NMy@E1 zv&6qMQH}3n?>G#4L%9-O2a*HjPURzAYrIacvD0LYnx~s~0qS*k`vmz1%1``fP_2=o za;vfxj}L2vgxzLsW>8fts;q3T@D8UQb4k~Lr!N+V)Y~53b2PKF0)j(%-t9UzM!jZ_ z;~{<%rx7_D74+dDW$pq8h)$>)rG7FtE^o_q$irR@fG#5<^iiq1@OurDfQ3i}u=nDk zaoQVWAO~&E@f+fUcr2DFDFKzAi|G5Ncq1OEXnvD!kzd0;4jkw5`QTGmsKxjRm4KY| z9cyb_rdo{uvD2j7-O3@4jY<6@n1h2T*^D zU4HjH!Q^h@5X2X22a=;_$3fy0eXH6xGtekE@YuOCn*r_BC>=BRf)05-G%9q_gA=7z^5l70hB8NM zlp0;Na}jS}sBl2O4yu#F!*7RY(%_mmM^Vniw3Pn&u+x}rPvZ5e6)4=s$=!Lg#2j5t zcDay8O||?@Dsx(D3sGS>8!?*xhd*xEMFOpVrfIi)Yr0)fPOfHjP!Wz755w2Rw)3DO z{MbcF3*j_4W5Xovk>sQJgBlwwk1qdY%*}-YIA&&{D9Eb=ts&RHzR6+2&BqzSk}7F1 zF{c0I=T@|T15P7xO-RS&u!33oA-vZjM(Q2YzBA_rx;4%%*Bt{&D?+ZnNB&HFU z?JbE2EIm6%?yKFY!#uB~%?}ApQd2D+`kt8g0(1Jc8JVRiGypdq%HQM;U&$TZMB@-u zHIEUh-p>ikb+^Vru{)!%D*Ttmt82o3?ZLTb=-LdkuqzChADd=L$v&kX=~A)$FT6Si z*N>y4rXV?NFqdUk3dGAF^DGYfz_fPNXixL6r>^tvh!d0n5&hT$+MNYm$i{p zXrO_qPD7P-Yx9|V;L+!TU)bYTnu#Z&oc;yx{adYD<#|H{i7_Wm zP)s?FR)zKbE#b2T`(&ST$2IV91l@3P7-~h3Etwk(M-sYr!>ij9+jv%!K=xB!h)OFJ zXJz-V%SORI>!BnzR$)C0DHmu3!N(?P z`!B~e@L72~XHSb4T_)E9MKS`AymM0n0n6ZTe>#Apl!4#FS-k)6g5qvp0DodxiahIE z`&>{s55AqYK|#DnMfu<9AOC}g%a`iFUvz<=-I#%1_R9|H=#_<@lp(qS0HQm!=Oh1H zPuX#U(w=chqHJZ&?quP~iLH&z{8^sSat`&(?HLLec@<@=rcnYlA}=H6fV_7_2T&*gT@*bI=UNl+Ascn`x$@4yZWyk!p6lME4ns*8!;N+LVkS=)BB<5^?r7GeqC@eJ0v6mx=--Ozq_xXpg=qH z3!-N3@3+v%Eig28o<=1Goh|bT(b2g}o=zZ|2`dQ(ccL{9jxOox=>aUl=;TYG zqx+3s>6L78adhvEBs?h`EG>PObmTqUcsvtJuGMSfkNYj6nv(d>U( zeX{tDfsXFug;XZGPjcU<&%;aqhfw*!1-ehOTP)d`%KnEnYW}kLnjlgxb)TLF-4t`I z{pfIs&RvPJI2trv(*i%*4pk$d54YMJnkijB9cW{Lp0q4rz352eyrgBLFNrNS>U}?? zHWOo0<-heJ$B?4_gkE_6`4RD|IMKmh%rY54aOPJ9xqI*1$b2R-<}G=^#!YF zsge_9uE{4%>nzu|=M-OS2cf*>MX{ss%&-55rATIhnBB%l*A$L8B_*d!$2XGPL|Ud? zt4Inl3Dj*#$YI6!wvKa}BJ{6h@Luw9*0X1KjB|A!tC_Vnst_&|P*w)o#&tOdve^`W zE(#!#?nPxD`*1OFSh7C)9lOhpUzw?XrmyYVI2?t_q}#g`t9;tGbJEiPQ&qE&WM zi4AxQbHv8*aF2in>qU9$WTQXx#S6HmGyjFPqqd{8JN7?QIf&g83kFYg>-VsUtfJbQ zd9^;oU?F~-H)*P2HZcDzdVCSm#MD&xwHLqyc~PcIT-#IHc*TM%8}XjTC5-fL#sLMUBIP?&b= zgz@~?s4>uFwrXYkM2T+(n_xMCr}tT@9ZSsj&07J1%Dv>lWh{iT6u3F3m;1c4Hlo=> zrz~uzY__-hNnqiVz##iH%^qR z{<^bM`HrjdCcMH!z63Rngd80UiKdU>mmCUE&4tZcNcxR-j@L!#k2eVR_-Rd*moT@yNh7eO(1zU#5(sc~Ca>P-8 z>%e@;+5+nq#(r4DCF`lHx#NTC^m<97`O2VQ&&!+Nr>o;VBMEA*SuNfLwhpdj0&*}Z zrh_!pp_T8Z;QJPFL;y%j*8peD&IWQma~p+-7)*|0M=Bmfr*rB@)s%bD8<;@))3|cF z>8Z_^0+3GWwyPrx?(Ji5J4y8s|DxpZIeXlYeZ<(_^dr+>uge!4kJ<{#7>OBpX4EF> zq;FF0czWML(`Dm%WZ0k;>i*e=h4UcRWQ!s7Y0*!gx14^o*RjyjGjXLqE&Y89w=LBldx|ev-U(2ewFI(8xrj;# z$O_4-%2tz}L4Ml&^>rKh*-=iz*PDpdk9{3Q%4+qQem!wY6BTFQHieh%&1YoA6e2Hafa#AV zW)EVdrKfT#c{2-~+rXa|q%f@lE2`5CxVObsO69E%&puX^vC>T5RALaI{DcW^qpM0fdt(T{UxvhFR_wzi@*0b=J{rb`4|Fq2t5o!UP z67#c=khD2i59-wQf_8omUC#zd6cU3gOFFxR*ecN<0>tDac1kn===Uvhk%yyNFC~VDGC)mUdvB zt@TC)e}yxIN6Bk#s+p;^0#}SZv)5~Id>Cph@VW&tR?%yQ0(YMOI#Xuq{imSi55@)( z-+Qvi1W-?L%*{T#A3qHr`}|pVI2Mm&08J&^R%8cJD{&t>ZD!H;VqU*{_ke|8I)d4E zAfp7ErX=2AwH@3K`i8vHv zsPVN2UF%sq6GMv;eN!H5M}ul=)rMbEeV0R+a(*+r;Zq9>FQi)|;rqx?X!z4NHh>&~ zTT`r}eoD;Q3VF>on07a!(6(v{JUhsWPYNdi)GZasRDvUeQpIoT^&#u*joOb9l0HY2=YdaOn% z<@2=@$+x)ElT#fS|M7u??aydv^-A-0BtJ+#B%Ez#o%$jE}Hg zR||Z8*4g)#3MD(TX;kiSwPl)!aH9pnbU^{W^`EDz^eiW5|CRs@N=8$;v2G9(YciOn zuAyTt$N9a5+c2q5Ft3Uhzfm%4>2c(>yqb^S*}tG_J_>8}nM6IeJ$y3JmpGL8xjE8% zW`;*et|aeLB?x1E3!aUaL2iwU;p}72SCJ;pdIq4jr$kgEo(+=HBX@^C)Q@mZYjZi~ zYz~qVqwsG<$1RlZ)n3{av3#!b?TP5b30Cgc-4y$1?xwcAjt+NQh3+(t(e$W}Tb4c1 zh5YmvRThO&`b7zD~h67D7>-pTlv0)fhahh z1pfucb7Z}J4TO#Re{Bt&nYWpT?FttBJ$8e>FtYggC9kfzd3jA;Ng_bIcxGybdj?CI zasN={P~GvBW8%X6hSmdI0q>kG~9dT)Ebb&~1xK34_!xU|sgZ5CHt zO#&&FG%r>3=j?1S7_2+88$d^&LoN{Tn7F&|qHcdLX4SO)GByT$Pk)A4Tp8B54W=-N z2C}W%BD{H!VOVy0O>d&t&m#F{OWhPbF*Ip2%V#*E@9yIoB`IOK_dE7&^i4cyC0+&h z&dU2U%OG?kqQ0u2&Q^x4cKi}IsiYGAA}&n#{2KC1=tP0ovT%XB`mo*p0jn= zawT&B5Wu#>vI(C>xtT}OhJHyOTtbVy$=L1+X1n0saXU|c>*|+*zdxUH`xjqQK|60e z{pHjV?2P@1u2Z>(+0naJ{nFm~3#w4d2zSveJDKA~98c50i!>n5^m`OZ$$cfP%dASR z)pBo~si{EV`r8chABRwS`r`!YWHiz@qSA*(T}Jma&o^E|@g-}LRXz#~x@gE0{DBu%U2z$vLZbEuNyQQ~UfFs*lCmg|V@hnsB z3h(n_9@3=AfXr*5=XlEATaU+H<6~tLc`rGH9fM+e`ofA~ViM`weCb2cF4Che)0HJh zzlm^5!+f80`mKkhcf1nZY7q2>W|Gao9WX6Eu%_baVxVHMa%& z*4ES&RykPV4gz$RqGnOBZ{c}iFKrvZm}L{rEv3F(hgR;Zk~d2x#=j|zoj0bli2Zc4 zdi$p4=CM?vy@hQli+9+b2gFwMMSy$Q`!v_EuD#9U;|E5#S|tKv$e>mKXSzxoT}Ml2 zwr|fp@R=$;^6Jh7*G-UtIliY1h?_U&jM?qXjtcaDg8)T)E2C(=gG(Vth4hCzSM@Bf zeXF-O#K0ms{U)i( zk*uiI{?l)pI(kk+#yOk}%4XTEQf}YS+rs2`G(&Ex<8x^U%r>8f8GWK9?V*u^l&FwQ zt)x#=GsG(~`C;dXT`4ctqK87 zqITO;Noo5}As=+0BLq*g>kOgt=)Ah4xDl=YXaVq`H0xh^Hkd<8xG9%$4Xo(xn>VQO zyb|um?kc|*oU5NGo9IPE0Yaxid*`H+Mfq^IWIl+H#AToZp!exQ6rGKWRTgSS<_9W! z9F$Fq#^r6^;d8Vn2ArneO7YQ45R?;=ma#12Wz2|$;Z$Ar+~$LFt{c;T{>cxtcN_jTwvT#KX^B5uN{VUg{~9yi z%b8vzK7FIPQchyB(a<%gC$1zl=PPUr>)EtwB=RrW^5KMdK;ZCEGFLLY5=e%pQL^|& z|6ec?vrWM2RFxa_3^3`v*z*ASBxbpAz8f>5tQ`+o9samZ&|GZZv{w-ai`&T7>nAJ9 zq5f2$vtp9ne|DjJ>yXD2G7(H{!8ry!zw{VY%nZ#ML>dBd-3Zf17Wk$qjD|*?dH}9| z6(%aWSP39!$V zTQ|gQosAycQ7V;xRMls8HX)Ab7wB{VS@F$yRW0{E8eLjyvt)aR`2|ksFCIwgVG2sM z+{Us?3+qRvSGnlw>I^3jMY{(hb2U7U7!63PKd^GBG3c|qTU@=w2;-jymfP3IKVGb$ zm%BWvW^4XyAYa!U1*SZ<9_YX`Sw^-Ip(O#gmOfnx&zph0UQRxzWf{m^3f~@T!w~YW zBlkH15TD>F{}qsvHN4(l5)`OmsCOc9L>Q=(2I1`lI`Gj0O$*UuDg@Z1c-3FM^Bv+$ z*~D#u3XOp}1l3N6BJWh@E!z7nW+%+Cu zY>I6X=Hn~Sv(qf8#;sWWIVbbZqr%U?@IpD-i_I38md(b$qWluFkltY1P&x5UO7r?N zkQ)3hZEM0>gDa=9e5gJDLpjFdWFJ2F#`YwpkQ=Wad0cwbRkg*#?U`a`y!1ZAc~Ya} zm9BNQ&-R7E#id|itZ=8j;=ID^+DAgdRyJB+lFL+YQ8{Y2qlk;Xbn*&sY zZCu}Pk4`8dRtk^Z3|_eutKT!rn;vdyM|L$NM$P30gc4m}ajP2OrGc{nJ5%u7xv0d3 ze~+5SZIcjoLr+Y~{BF=LtP_HH(*8xEd~v`tS#?PPWNbi2o~F2!gKv zo}gOaOy~7KQb*aO`}Ky4Gc_4nR%kuiZ0U8sVeRi$H5JjEjvcG1ao#SYB%#uk+UVSm zc#BI)%xgc!U7piwf`_!1jaB|Y*8fLE;#iDO6&9H6Nd(cQ{cFG6oa4*QZP~;_Uv#&<$Pre;YEL5GsT8>@U&%yij9b6#suyKmV`t=>Pu*lpkQq z5|dSW*B{OK&q!hf&O~?^*UQU4rtHCCAEft0cTIYW^fR7z8Y-Q&FI9*?HpuvBW4?;s zVxVpIGm7Z@LpQTHG%kLE&EEdtQ+#8GQ0qrM#{`wUSQ~|odPgk}w|E<*^h}v)#Pfi_ z#co((yt~#Zx7f85$qZ?NqsKtufO*4QRZTs`Uj5a|az=?R1iN?RR$Y<;TV+mGRoKZ6 z!CAh%KWtK)Slh}Mts04tWezG%Jf10?NmoqVWfv>bzl+zl+MDtkfdR^dshWUs$I8nK z!qJBFz8`wNL71De1jVo&ijxEV8XDW)2cdEW(GP>{Y|mchd51m_uVas9EfF_UR62*?yOE!{QSPh9(3U$+K~K#ahLnG@irz^&T7Oh|V^(GiF1pL! zyDlj)SK~?;X=hv?Ol_(C_3%t*IB=%PGY5&!D2R#Zc)e}Ix@}gW`heHE3F-jK`xw^W z5Peo8R=>j@%ySMaRfY4i{`>F#;L?~m3pDX#CU4|PX!y8O(VRBbP$5om-~96daAiKb5p5@cHLVt+sn5b8tkIJ;SICQrmCkKA$2F&O(P9*Xx^L2Bh1?! zpB)D7!W;s0bW3c>KY5)%yUF9Ax(<-?hC-8o`36HU88^bh z)wNWg);{T|^Ya3ukXz{O2@~yUr5HbE*H=z+O*4k$@UZ1yPI`{_VB3q*S(mtt+ZFF_ zDSn%an$_AYE_1y8l9db86vxHq#eQt`yVSu1<1JoOxHUFy9$CkT!gh{v+q zI+kGV>FE;IrRlCQJ7=$os^H`ZSzUl@rQoZKGXahMu} z$>b7<0sJgzZa?Wz3MFz(wG@?AmNEgq?h@coYbT$cE>h^lrTCkZ4z4e-d$tbBC{Fv)tAA0qy%hKMJS7#jx4m&OB=QI9y6?UZ>(7$aYK~Yc2V3)UvH*qfmU7bR2J1C*SuG3}C zo!-9Q3Qx3Ob%BUdNvGJ1qM~iS&C4K4CVo<=?!&HiDxx`8?mN=M)!wLF5WP0{uAI%T z$(#Fho23D|1T=_^BgE;BM3+5uvP}6K8AFLlkQI-s=V^4Tf{Mx!33EzuloC$eV%CjE&8hqvup}1D5^&a$$0^M+{d>O zn)$W2!A81zdN6KaqHZHIpfX&2rrM!> zi3tpkKoT}ZTfK@S2gR^Ni&xug1(EgggpHc{X(BY^qm%gb$e0<9;Lu@X=};_bjczEc z1S#{|Q6}^bDBR;_)`omT1#k#QIP=2J6z_0#S%sTb_C!nAh@qu5-}m>)yHCwrq$5n1 zOEtFVg12|#ye*kXA1@PsBMJL(mpaX|NZrBS>-q~}+B(rp4VKVE{DpPFhF;`JpR#3q zmpvvP-z7UW-LC;xX&%^j>?m6jN=g5v zqhPLzN{LHKi`Pz0yp!Dgk?4{RP3jOVxGiuep}JzLQ%OQpG`FZKPs^}L-KJZ&nv5t! z!*gvM!0^F0oh|P*fElpO^l`%WsL|(8K~Z@n73>53m!U0MBN~5i6QH8I;|MihlZ$%} zOwrM{iPHg}eS-Hi5oI&0X4d($yS42)!OW1&wM-MR9wvvm`-j~UpKXt`voQciuPxUyv`@eoX&u1cT)Xd%3B1Yq_uQ)n@(Sgh|Hr{HD0l=Aw+mR8~tv>+v6%GR8OG z33Dw+<&c8!a`ADN7+W^v4Ean#96GgX$1;+QUVMlQ4V{xsl4!flWux`WmFwzD6&3M7 z>ksiy66r}N_&(pdq)9B+S_GLGNkWKAbk8Qp;O*yJNxsfAwYvp-OoN@SVXwNotdh}! zl(a9~jvyD#@v2+S7Vcf9E&)dQZzg9(uod~2Im4nNV-tk}UiiCw8Ox8D)Aq33S-^?4j{D_ze|Bn`6 z_@%h~<=zAmIP z2NInTGDC)FCrvO7Rs_c^_L+LU*>o$PX+pPIbMDm)7d&G4GLOI+p{PPU!z~2?>EdOa z2!09N-u=pzPh*I$ItDNZ#JN9$i~h=8uCj)QM(SFBZ_jB57#(kOfn(SQC(Wf(K3EtV z8QFKlV3ZjavK;hv?&S3`GtCH28-oUS!uVW^Uz=jFcjilatd%m}Co{^!o5Ttk=oo5A_kp$0~LyuiUZlh$zyX>Kxwo!sXghJa1zgzFgn3&Q2{NC2ye_lkG1Dv{C{iF9j0c|g-K*F4G=_~=(eJ&4h|OovgKWh0nfsuGRgH88tW$8YwW$-_`d(sqe%gwx~7XxumG&T=DSdGDC^Xx;& zFr=jg^u5&NT47m@+nIQ-n#3EchghFVe(vQ_DWD{lIPfh$Ic+AUIpj@DRP-3QEd1t* znsr^x(lJINw|2}lTp!7VV#d!PWFZz1R}D14A!=BcICnm{x-Va7$q zt6XgNr*j~#A6Ywm1Ad~1xwHHxY)}rdWg47Z+^kpYb^oNV5lb1bw{Rgs?0Axx(wTy*b*w@b`mL$D81ZPHfXX+}i_mQnVqU>}<&Sh{y_rCM z3<+6gAEWVCxIKcy7G|pp@!jTbXNfyN>-Em+;q4;*nI9N^h)_g}X}e1GC}MugvvnFP z-`TIPCBBre(jqb|oNM$=8-k_9#gj!2*8`06C8Sh^lt;yzTf%2XjppGsYZd*s`c2Jc z8o4dMeH@8BjOTsuenZS}pVXOW*b?xAerWE%9HtpzSj6ZJp+6HJk15dQS={_vK>+VMK?#V4 zDADOnR`6^+K(-!{J!ib}pxljN4sKsGvZXk5`(1Bu9YJqd4;W9h&@r&qu!g)!lWor1 zsz8g(qIX5a>P>3#@?G&#Mg#&3G7-_m9L>*+cK%bB71HjCFax{l!t%DoLv2wgt)j@m zt|%PbcUv5g2V_-fwrd{&vqwiLpV`mx=02%WHHeZx>{-`soPLeul*|BCl~2#!3VYda z=^QQFQ7EVphFwEkL+s3%uS{X5$a^-ENR8xm&dM1p6Ik_xwdLf9KqTgc@k0)f|^@!2`j*BvkkKvWHDT;HUwzElZV55|L2;zYl1#2!W`*c;4D~>cH++-k>K-E4#;J0pl8DZ}6-fAj1W4D`+_j zteXNVK_P|rz?>4+O>PE{3zN<%lz8yl0LF&cXhVB?k(tXa-S1|O%CP0JU9$(r-(=8t zozKa#C1UTiA>1R9sJW&fU!mvZ@dzwa=;CQle+;ixR`Ga0m)o|7kLH$sPhZ~uqj_;x zPg^`a#o|$!4s0aTa&jKN_arDl!vt3DI{h=}nF2N~{b5NCPYTL0p{~d~)$W^}wVsQQ zeTIe2Wk&IUcv+3fF~Nc_0x{hTnVHk! z&S*$>$H)z1rh-lu`?fTw)V3n>M4*?x96t;wSwnHk{u@5Le$Hd@UH`D z;abSkEPV$zoez-A?RBWR$WNvCXY zSeb;htkiSCl?~=%RUsmn5RxY6k=s7}0n-4sEqqhu)L#Eh>@z^MR2MqLecemw+*~Wd z?^wSxKQl$^TX9;B!gK&CeDb@eA$OLy+qp+7;ayy=+~-_v;?^T0#w)!@Qa&NQ8aGj~ z`Ww9%oR*fR5y_!VC({`OJ&KTx?!`93=Ho9eFe~_C#QGHkFo^flYOoy`YCI1vM7Mf%Am!X^cG8_nby6ZwmSNqO8wI9ef z%%MNY^Ve7I(-SSF|L>~O|0+f;oJ&}A?vSXhN;^3jxfo=oN~e^;`K%#gO?~jdP+V3od3C` zl=?`F7yxe7e75S&AWuEMO1Fok7h<~U`qcHG`u$x{5LuDuQm#sAg)iG*(FT2K=-DnS z-5faTyrQ2>ALQuhX59Jgk5e3UsFm_+8T*H{n$=a&R_0@|T^yCN72ulV!1v_UtE_bL zOoT$!mKQcpEfC#sP=-o6FX>> z!y2Ndi`vOl!swOI)ckM24G*s!1oiI8Axlfk$+QSxHd@LVy0eUCC49gCE>JV%>C zY^!g<(_Ri1>PPwu)_xoOW+nZ}W7!CkzD?Tr@*zRYOUkeqI0P zNWT;%)sxdbN()e?RYt3YC+s zC;--`PS9&1qdlNwDzeM_aUhKs`e_^oW}}-15+~WO#&qf26S7`Xb8L0LZLpy|H~R(= zEs)i(w2XA8tM$mj>+HQLf#lxo7UEx$Lb$=4w{~EO8&S=TwwnmR`u5)3B%JvZ2eOlu zscYOvpn{u^ZxSu-A(^Mew(p_29`E}y7~1Qy{ZCzbZiufjJdtM0-{lMNan$cK8B}&U z(?9&8o^{mxk7iyzd+aM;BS~2w;^o}yBPv>)2SKk+yvm5ZmH60~=NaF}qm4yrvh_S!q@J<7hlTzE`Lng%H92YGL9UN^)+y`PUni8!f|R*ZW3?w4wu=f5(1 zKHUn8`{u8M^xy1BdRuemMn1|8ocAs-EWr^OjMvVx8RnbqtLXXs_FL702n4hr=jdk^ z75?yOHZ7lg6dQj16V4yAcofj0Cg)+lg%=6!rQDx%dHa<6_B!1ExEFyvTNS7ekq7D| z4)9GK&)2&}%21bCCMX}i5<5lWgAR?!iCUH34b)ACPQKG^+Tr}#9m#+`Zn;2Hjt z9dGn0mbUvU?s`WjUsCP}kQ%s~3Y3Gk+@0zs{e@7sR&m!US5nkOy`C}$N@&LoR(Pxo z+})1x*rfLCi1F|R_zF=vVMoRx^v61|^R=ULFbh}kg4+y{XMxn?p2Q?$-jrtKR;up0 z^LD@!UAB&9DKIx>GYCP$sc9*5dq~ za^?GuhJTB?asQ$eQq;%`dA$aMo9W;8KfW39GN{dby3RB7PvGhZPE{E{nw=v_G-) zzKd}Nf#9_xv60)TpqXi4pec-Wm<&Ew>>#l!A zD5}7rl~*F87z2%}o+0H`@F$72I2J!w71h4wrHff|@}9qO$Rc~Q?D)NWt?S_vQGau? zxK{W2Y;FrMk%d1)yiQ~<-Jax)O?7@UappOX>JB0rEdg3oei8rlK9L;EI4NFXXN8@{ zPeQs+Dj3d(dZpLZQ2s*4WrMNQrsENTTma$l=RO)g8&t9zmPSUWUV@o18E45_&72-# zXzx$nl^z^65|0BHqyyC)cgSyXdFM>#cYs}6P36& zsElom-q5n8_8id4^^k9Nt+LZ;%d`W_Kg7wFgC3p}{UmxPCnpYZ3z@b87Cu$wbAE-K zy)!VD?vVe|!Yi|%O2MJB{iTdX(zacWPi6(^8qlivyL=|pfi&637S@aB#~wabgRF{1 zt(*PLM-rdiyC(;0aNvV(ZbL?)**n|9D8z(Q*Wp0&FV#}ae9=U(!pw;oDJQQEb#d7 z-$cqQSvF7li$X$AvB+q8J$v?fup-YyZnC{YDn83CP|Fg3bG#HYSyE z8pIbE9%jy!^Hf$qEYvCFq+<6N$S}7*T5k&t4X^ zzf;WExCrLK93Oko@>3?@8Lr>mqCFS))o`i>D4sIpgzMY@Y~rNHWnK$4uj*~cKojnT z2An(0HfB#@p8H!#gc^>%bU~G}mgvdDjR&0bv-RXepwuf`YizPms6;88#RsRlr1x6Q z7RmsbALdb0eexnDNx7Nv;#}aQWX!ib?<_^=nSV;)$j-XG0kVBtPu%?&wq9v-I`_M} zVEd#V5$m(*P-#Xn0>VRQ1d%JNerhjo&qgXQpf^&yyE~j&LU3op0wM#}`=qmo2jzLW zH|-_;7q8IkuBrvSC6Y%X)hvYNtZ02+jDqb?H{t9Dklzh=2TcbdZxU^c&a63Ap+UrY zV8-D;d@=ez&>#19x*=+J0vrr78h*ZP;MCAdQ+7OD(cbzeKc2~Ot1>}EFIVSl`jb~4 zGUexOW+UUb7joKdh)7n^nN*02oeb0YA@RJQw&@1~a;>2D9aH$ZghdSQY+IB(y{4)W zBV{x0X`~pthi#^vOh>8?=MQh&5#DA(EAhL)vyPxVcAret0-z1XZxE<|7xAU|AY*#D z3N-h9f2qfgVaxo;S~>6|ZTM(ChF8Z|Sl;~3m^|D&z;o$uoYy+)qEX_L`|tJ`BVWks zDFiL-LI!k3IR_>()r2Je5q;>_y2M#ovMtJ~N*WK39RR)oDmflEajpf*>l|mo9LSOb zkr7+lYFC>flO-cTfw+)B8*D6x6~)s$89BhCAg=^E9>?tHOqK|=C=$Ch4hEKvq~+iA z-%45?!4xH~@IBIP@Lky`Ql;ddGTQurlkr_-kpU=}!3$`mERSbyW)ukozr>fE3I)7r z^O9_S8e|2K@6njz4 z;M=_^v?GWsG3G=GVpcXKo131FnX*oHlUqm&#sn8lm4qhu){97^J+(jVTHkV1f9d>+ zGP<;}Lls{iZ$9{NdKP}(B-zB$6w|gHPL6@hM?EEsT9A~i{m5R)hAepOd7FA0s(}bS z8Wc{mATip|L|g0?rY#LUgBZoYgSM|;);;-ehZkFXZ61{vaG0xpV3qmqN#&e9&Q5Ck z$NI6e!HGyqgCeN@ouJ0|kyWOb&_5<6GvFNAW2uW}qN3b4t7 zRvEu}o!4uX^5K=u$x;YT^XtHH$+DI~COar6Htm+nhSt3E*Nu}bdAA=jphd>kF(rtH zJH|Azkxa~NxSe#i6p_ODDtUk}h=^f%p@ zHF_>mC|7Ih2;jGmEz687vXv0TaH_mOY|Q0ABJt7geBaQc1?F^vCa!`A)~}UgUUfWXyj*i*L}+H;Bc}1|<$8k*61yK6bH`=VuFDqbD4} z4YE`W@X?S=#gn~*8fx*hWRr|F2j4M;9yFwb6EH~2yc=ctXJz^*OZWC0OBuo9)+zA8 z=xc_>ZPFX7RMMA~?vckDLt#<*SB=hWWS@yJx!FSkOWndVlp!|2$&imvT8ir(&ssyg ze;A~?y!=72+He=@%aVt<|I-?D{Cf`)Qx>OeJ!Y5>ujy=Ge_|HSz){SpPg$bW1fu^H z!7h!#aM{L?n(dQT3NABASlr+4RJYqOm%j>h3l&rpMOOIu?LnSCa)B7>_EVb@`!Mi{ z6MxTKcTG`b;b2WdRx0OrrX{Isz_*4qK%2)vt81FHuZUPkrrIQ-?I$zXZ=~GMkhED- zsMVX07|9uHg^$qLTq)Mhy{rb)-}Qj{#NXU;j!0AafJ;_(#LjJU26`NKm6#{2GyB`b z=wu<>C!|Lm4CGG0oT`*|zbE)SJhS9xmibwaZZ0(E_;MKYrxc)h^1Xn=NCYwS2ojz- z3LDJg%s$zS1lru|C@$QloUal!T1gPKVNVG8d1Yf|rJIkBJu|v_+OQhnsb5r|q1)e=LX5}K7Iz%*>-r@s`lR1}9*+8HN&y>PV_aFO1GYFfB49(0M+ZI}b}-eQ+bzILLah0f2wtSis9v@M7P zhc&3=#usrL+&#=v!x?0G8{X3Yw%M&&mnVLbZ&S%K==EkW%;13jta_d=<1*fU7=|wU zK0Ym*aU*Q$;}pxzPwymxCfa+ii+pY~;R0S5xoJ5>e{?j69|Sg?lmLgt)-`I>oUq<; zcGcdQ{2Ny^jV_13a~kgBDDgAq3vpJn>-m*k`1Z3+VmCv=b2i*+u{Lz`c?zOegp15~ z!&}oZxZ%d@#7~MLLJ`MDB0jWH28D>IC$Vol)dIX6Eddp6)$=KEXfw9fl-1 z=jq>7gH)B3ZSRCLIvCu}f@wr~#lDTE)`SKgV5fht_*FKYmG7vLsgkN&nRbu36N
_pV_iiXAvcwv3ulp(P5@~Z@cP$Pw`!-PRW;f zf+COn{oLkH67&tk$Z|I+?g=YEtFsr^DVaoidYaqZ*$wN5x}3_RFpd`teSeS0GoO|o z{GdwzWpyqN&BcryFITG?ZN<22ZSo^*$4q?k)sNTh51tHf}6vHqN))`45@ z)oWG+GJ)7NKfVfBA7sJm)!Fk~kONz04-Hw^3G+r6nw7}M7SM}#@va4kq8BqJyYJh2Tv)dnTN#U+|Tw6P~ ziZf{P>uYOM25T9`Kc6Bs$L9Zj=FiI3{h@6BCWJoFDkLw}EK>r#5iS+S>f|6bQD zEqcXs#_jG+2@KkZFjP7mn}vGk>iqLU1_#z1Jd92b9KkzWk08!z@dZ6ZCV##(Cm`*k$9pI}YB3Lt0fffZ@mFbmZ;;l*YvJskj4)fNz;C6(C}}^ z0rm|`FL~E4Dec#_YRly+cx=syM0g(C)_EIA*fb3#?UzHh-vK5&aeTvr69Lezwjuc! zn`15j3IBbnq2pfpI^3`M52G{&$X!T297;9JFfm`$|x zR`fO_hcLGtt*Di0Xx@u&%42%K6t|1=T?~PaFfn+gR0gc3;cmvWanKeDHV@mE$&i%2 z!1W;o$HN^?pw6C(66wo&{5e>vg6nl-bOIeW=UU~JHWD}oBI1)6JBhR<0U^I>G0E_) zsehhG@swWFRLNszEJ={dZd~k67U{S6;d1+A+p85O&b&u6nat+|G%3TX;oIfKE?4qd zzl*e-=$wNzl-8);^7P@-yY^U{cNb@Ng$?urHN~5AZx*sp^}~uU8|q{#1#UgR_wXII zS27S#>4SVk8WxL8$V)VcKZOOhedkPmN4hvHEl3{BR)nd#yBc*T#DA9O zizri6P~K3A=YOddu-JPf9ND_ah6`B8u5~xv$YqXt8+&V*QZc}BCzq99E3&l*@M8Sm z-PK#xS-FhXiD*AD`hd}~8`)CY5&BtTr2;yW)5h6Q`rW(-D*%b?l=7qVdaTB3qH8!? zJU{b4fll=5u4{@GVP_Gr|IyxgM>UnV`yORr##gZb0#ZcLP^3v05D{qt0s>M(Xaa#i z5)eWFsiQaugd#1J5K8FMgwR9Lp%VgzYC@IXk>26NnYrhE-#K&dId|Q4*E(yR_rL7D zviI8SxA*V2zQ51&Jm1G_K|IncRLS4%ll{W=&4;?WB%C@*qk5}E-`hd&wAiB!``{3x zxYfNFZ$eBWNY-UToZk0Ra;x9xU>vN-l&6@{Hc5OZVn^u+}a7Q{(8 zKhl33edsVQ8@5YJtaKbuJj*VUs+06!Z12JG-d@f5MX$&8N56XIzdKVcJkRwb-Gta> zvh4c?x2Dr8THhm9e@6*_9ZLG`?DPI4|AS@MEW%fpdT~0s-4FxEopx8c#)t=mFA`wG z@E_!k~^5wWx*E$0-kb z&}^>hvote`h;VgtD;N2LVxp`0w@GWFoSEe3ooHX{71fsr;kdn4)$ zEm)J>g8klXhlD;V5Y{8k0vufs5)yN5SiBR`eFyr2J<)ZWv&p{@PZ@Q%b22nrRyc1^ zuNSdA$?PR?we_&Gx(n7a=SJmW8k{UUi&8N>|Me`sin4DQzAO00X$V43YyOJ5 zT0JR6(9AvT@XiM^`Zc#|4gTo8EV_5romy0{Lm0?bwDd#`q^8-)U~rkFok>Z}Z*6Lr zTm5>xw#N;@Wv@jF25d{I?%eT{qRnjPU9!HBx`ou+R=|AOjbLx_?OUK!SDB8on`D#A z)ar~X-ponp(z7R(B2e4%PnWR}QNdmB&gGoSva_1|r5mrgefQU$w?&4F_+yKfpQ-0z zd0+?AtY6@4Zi8KwugCBvHdh5C$T7w@x^+x|_&0|kJw`EhvVdgK!K1RVVh(ErFkmkT zCJz0U|I1SqgBjP6?iB9aTto<8wq$O}EyszTn60-g>I~h<$+o_ceWG6*BrZx3jBY2@ zi%<<_%PkwJRLX=wnKtJGgd&Ma{USNWkTYy0(g75jTk~n=9dQHoE6-#YtW428j@c1B z{By$LNcU^zwEDUXic#v6u+W`L{%AiEJm+<1aB$~Y)odeJ@Ij_!zKC0emTHl;-(wvG ze5b|rD1ylN<<*6aii(aMNiWr)f`?*W_eQa*^$8^z_r`^+s3Ws({61maGw_DzmAskE z@D52YwmC)ZJEN%%gCd?oq9bd=;fi< zd(hRh6oC1(c5XrYSBV5^Y3VpH(&RnhE@}NRWKzhDRhU7{O(pJ2-0Z|&*nCr|Vi50i zaHpTOTR^C087r$IY`o&Cv55jRSFng-@cK&4Ma@C4G;u*;FEhZ1T&tx6>OH&xGX1#B zuW5s9)7{Zin%IAZC=wfDPFA1UNLrD{!No9z`?5i~WhDarHkIsV7!>M954CGB00|zy zqXuLSN_7Y-p|JaD%K{5S89UwyQiu3aEw=-t0m=4hcl!@oJP$ZKb?$H}#6t=)o1Ysm zUBk_|N}+hC)j(*VGn*6UAzizMeoK+ukSJBhX*sC(mG;{K5G@ zeH^PTFwfah;(zeWCrHSrJMdtJ{gg~Jb&_K;!wV6gCv;*L9=8>{7T^1(ips%Il7Kc{O#k*@NAXQb2`|(O! zd&tFbZBtj$lXC2e-dpu8WOzVMRLBdhg=ddSHj$o&Ka5+eMe}V3M*25QsFHK!1FgOC z*KSc|UyM=is(1eEldhlf)qk9;WV4kC{W^v(wjli>_M5OKs-g2~{u1^G;CEW9;hW*<9am-XCCsaZ1en!zQ#Vw;xXf_u}<<0AIgl*P(#A}N#!-p*Qovb zEuIwsNbRQ`yW4SkQBul{d6M_1KHxLT>VUEsRRN7_>KXYu<%xc)+E-4sF$L3$*TOm0 za4ak{v)W$s2#f0?(p$44sA(~`U-$)0!pKXnyfQBUv)XY%twWb#5mhfoOqo0xFsl}( zy9sW-B?$_5fEF;gSf}`oAU|ew#KJ}f1Y=<0M}`0mOEw`Wb)icBWD(COia{KhIVr{3 zkk!&j4nqn>A8B`_cq6AMHli=gX2iDbXe&%lG!ZYds6Fc7i(YoW*Ew8b;T2nK*$C@) zv#*H%0yjZX79m9U>5%98!0=E_-{zfUc#C#q=EtMur)x7(>~Z%lfMtW`HHFceD0gNi zxsia8#Jtt`tBy!oNt=J1?c-*$jc~DtITOw>Ua;n*73P+D;;trasOYevD@Mq>;1J(o zvMJ~~{i^kv$UehtFt2WeY|^F@KNM%aAZ3Q?+?a_GS-)~M%}d_{=k!t2qn)oM0n#H; z)8a@?o`LB|U#dkI$Fby8rseR@#_3eM-hXOjgoluESHzB&SW?$W6(cq`1E(6o4(8cU z9X?r)?LmzjPO7G|*StVw*0M|4Api08U*|l(aEJ97!vJn=Oxx!J-0$xf8;rj`Z*#d2XbAr~x}7nhyhuwDsky z@;y@xuzN?jw8X+*cdzRGV*UFZF0sSvj@n;2dw91w+ij3O_nBMI$mA2@7thhTM3pYY zqtlWPn~rLj>FBEA99n-;S>@3bBmNdzG-za81523$DaWn`6Sf;@$G2$5=iH346j$*m z9_flRbW>Vw?3TTPPE&`i>c4BY#307MF!gHsV!tzVG8^l%OBw9`h-B|mioWNcDk?hm zkVMm4T-Q+LbtCRumI>qK6D^GmXQ!hZl4DHr-$w;|3I(Vv zdgYAll`ynD<{?$+@+9Qm-Vi9KnTr)mR4X4Y{miE%vZV2h%iAp1cMtRPMumrOdAuXQ z9K{tkA+C+kGQm--#&RyyK!9lZf z!*Xw|p9!kSs_`1t4(fAutM+GJt$yC^otxV`;5SgSR#=WX6qBdp08wcXLCj|p;5(zj z=>*ofM3<3~#_MT>y!7h6MGqP4+WuvCb4Aq3KA2RMA8w*x322GWP8ZfMH4pSj`PLg$olA$e6vEDSn&rMXhoPeHl1v=U&JOs3#@HKu$7J1=LYpN~tR*u^lF!@A>+>FJhz5x@mNU^5ctccqhln zn!b`DXQfu1b+ZJ=%h0lM&bK~y@RCiK8z$m-zxE1S?X;hra+pdK#A#a$d+CPJ~a_c~afVIncb?>9^yF-O@}vd`Q5nu5ovq7)egH7&D0XwOzzN>FSO!8$40K4NJRZA|8 z(Jtjxg>h-X+NHz~;a?DGtNmXr0NE@_oQAqA!8{3m4!)5P z43Qt&K$^&BRmyP3)pr@goP@>8hI1Z(FY5v;LJK3|vY2I@f#{%J>98&-K2@Ldj#7-V zWj3TbA)ldwv$?Fpp$hPxV!2>YxDTAvB&T;*35xAjtXNaxWta?!bMdH)2 zwO6&psVroC5BgDjF*-+HRn=`t@?VvQf;s5k;f4a z4l3O9J3|&az@(j$j4tJ+K0aP3t?ZVy_Qw86-wZ4)Egxk$Z1=bIgLyHvwHj&xgrVGa za_}d0yqVYhm6jpO4kj&I`HK1B@4}|?W~IL97{U*rXX+Z`YZi?L8iv--$`0E6b2PfOl@vkjhy1pPo)Wzzs2 z+#@bSDn^}tQ%FzeJmS|*My#rh) zH~`p7LBtS&Un`xTUpx7hro03)S!eB%44YrOP|`Ov`1x)gkErucf5@7v@C?sA8MVGI z&s{u&-}b57Ca~WdLB}}ED4$H}J61m6^>3O@_NF~{gvMA16QWhqdg;m)F`;^65re2n zHd;!kb6q!=oY~*B!=4nsK8yUdgj@9Bj%s#si3)4m*WRI_r&h(0++MPA1O;7mGi@zF zXJiygdQa))5~@E61>aED#Q&~XjOzYSESUnJvL~dBp@QRehVD*T3Jm`^)xAnEN6|8} zkb5rux>Jxmk*`L_BBMqtzWXeaiZL(L=^Svn3`b6D60kF$F1lyqYm6k5bQvp@8|vy* zmRllvZyiwKnMq2vP1yCPuA!0}xBd`B$g<~{f~>kE1l@#5#ISFDzd^^OEfir8P^x)F zwR3j%Yyrhq7;+cbzh^}3`DbktV~+^XGVsVAg~CD1E<2bHg9`7gl4Qd58(lZFK&Et9)UOTMoLTG`NQi+)@^W|*@Pu;~{1X(sZ z4Brm_{K4_Qf`ozlaRg=Z{_#wRNtT{oyIjpOPBPJ$A4DQE(~TtmJ>?|O|JTj>8Z?*4 zwCjke0q^nTxX2!nE3l|@=+v`r>)1tShv-o6QLuJ?1m7>d*ReiL2)=gd%nRjz7bT?} zJ^x!xvOjXM0AO8jXXUi{!&~dbU`E>Nqhh|8Dyh7!3ocSrSOGSv4q0wsQpZzaF}6}q z{3!QYZw3LzqXEH>yVPkrUHLFo>lS)CIrs(1!{`2!ui58JjO$GYJet6~azInFsr^hV zj)eX!u`2o7bk$0&Ii}_T&a0O;=d@|*C$wnvwSTUx|E%GlpTv6W4Bd-BE~G=6>+zFX zuGPWAvve<_IFJqk&AQR6)jeXKpZginnF<69pGp6t7%y&>2nN{ub#)072rRq=O#ZW#YbwlFQ8O=5JQWxDu;CPeOM(^*V+u(5_5HqgI0xv2npM zN4PXzVPemnyt+#FBA0ym@vAgn3o%`uKe{y5>^;3nPbNTen(L%3F=+1`# zxq|9Ck+~#I_3Z+c?h@DwiXHEYFSd8^MzMfb5X6fpM&@J33aVd>s>#YwNjdJ;t_V;^ z96g``QTC9{wXJfQI0`lFyqfc+ZG#nIzMa!1eQw~me?xlV$n*H0pZ{IR#LRG^qZko- z0g)|Pk!B7_Gzf+zxg_+!dal3`z-QrbM*ZyhbMY)I;9^@H(97si*=->MJF%yjcIS}) zigw}c(vGqv^)M@Uh64B5T4owlP-d_+TnLDs0I|{~=x89FuxZXY(h1_#j{y=u=pPC$U@Q;(JFw&mPjU z{xr*p(Niyw2MUVH`9P&@2_&U0r?~h^^!VzwkbC*_Z;twfid!L*ORz&yPjA{!MaPHA zhq@rdFjG$AHD*L1qkauRbZ_C3dS&gv*Q(1@l~GK#y|y_b#v=uA>;a^4x2 zWHwl{y1Dc(-K`8(V2jaRq9CqO zs!q=uq}r73S>A5mm(o~5=-&;iq#+Ps63RN+Og zpg(637-;W>JQSn`6cNH|@A=FxPxJqLh|06j!G)Yl4WucC44}k?b%Oz|kC5=8ms5;7 zDq7JU#!u7r_Tn?ut-*Qy+cF`O_bd)*e2_Sh?}%lZDb|YxNGOn#!4ScM3uD!N3u0nV zbG?PI*Bt`_48Yzw-j1r^mw1@0rhcV;QnG4^>EYD*lz4a<#o-G5XBUGfUbWmn`EC{e zew_I5f6z1EoNky?fsFdmeRlIv%d%AmY|hq%$L^&A(So;>D{IwI z9dpIc1h^_|v^z2K!n^De&upEAP1}b2n7})QN1YB$5f9!ks$Jt9I#=vCGPaZ*sm;a? z!k{)#N?{!0l5*^3BsP#rP=~D{!q8CJh%Ng|GNkN_l7prJS}TUM4^St^d*Uf6kdBhL zF53~aH-SJm6Gt~a+}Bq>HVfuteloFGDCcZm)Cns}J&Q6k3AYl?X@*d2gqcZ)e4BPr zO56TkwlCu8ISSRm`|et3GXiDto0>q_%H@i4u^ad`0jhQ|EqNfcQY01^qPH;y8oUtd zP}3{61IQhDXB}sUeoJLOCkOu`bsd}d4-ki$XF1X@mMC^72na44@XNHi8ZPd9?wP$O zSY7#B^M$uDGv%NQa(j85xEIccPR_P^H9uUK`lGBX;>Ch>+BZMf;u*&C`&_%m{hEz? za_3JrTCEE~}Jql<@;M!54z1(F42BgMgaTQK0&`Ono4sw*^c?0I3FF8)6dOpkPz*qL1jNkAJx;D2<-`@zh6shMs`0XH6#Xe?t({r*_AH;eEQPzpb9L^_3ux;NJnx`@n75mY@qn+f zuAIe=TP*SynN;OPncK0WGx$pZf>e`1o7nU#&V~uY+%!pe-L6kqR9R;C?LOkWP5bcO zm<#{RULd#dxlh7qX7kmJ5eoR8ssR2`Ca)!b8Z6NaSHQDO=KPlO>)}TRL@-bNH*g~Q zfA=!_AA5&JLoZs)l!^a)AA$dpt^WVmk^0x@{A;HF9}9W^lYSKcUnfpep48!x!2R!F zeu`E)JdT0VR&QE*#`wLz+Q|M^5c?mtxBoi(uOazI-0|P!dk9x$5zvd1UZwfSuN}VR zUe;^>h^;+Gd$@=6E)pxN3{_T}|EZ&*_tUd<4?`YzjFzo^$X%e_$#sK!tO_75qcL=t zBIZIVmMU_*IIYWaX(4BZ=N%*{ji@$i8t@yp7{-@fw5!|+uk}nV6 zco%ADWknCvh_utVSAmpps%)>VM=C&lEZ(p}ii%wNv%xuAzf_9R%uM|BX=a3tI)?f> zE!vwu+tV6&RLR_k0A$xYk9HyjZXvw5AJ94sL=GAH>=c85{h0QXR%&hga$REUqDJ89 zn1y?UEw zVR=JMt#yfBw3u3(v%0!ESX&=CgGyi@^!TCAM9p2p-p*KE-T#e@l+_zgO}KHUm<+z^ zX7K~wwW}&)w?-LGTI;j7OS#588NU@G{6N3lv$9y&cj&5c(xC zCgGYvMZNPwUyGTdVH0XqBVq8&iBWA0&{dI6|)>e2(Yx2S1L9&nKV$AI;R9d^5?N_Yi-a&@6o~{shNq&uDbdg8@ zz{@GAKDz@rN1b$`VLN`A^$PAz1(uY{=5; z!zc(|TS!MO%{x7_;r)YmtS~3d+u$s&;Q}aE(>YpoJt3o!zQ$>sYI@{ydq zctusidq6LmQy3LoA=;4n-sRyV+C_8O6=-zo)=otQz0%3g-5e5IJB&1IToV$<-IRL2 z9^;}diMBd7x`&U`o9g}JeF<55nxM*#nvR9#RkPB1C2*)H+yO>yY+$o0w3IFxmBD3O z4&!B{M2n04wS3fwW7IJfs6=YL%R+6k%fdzS!Y%dO0R1SwYbBv8JGFoFvLwB__T%82 zfG9`_v?pW*u1;+2ud7Rp9~S16`-QhxeI9wnwdZrw+Nbs9pcdJwbj>x0b6+0+U0S=)!P*SYFHi6dJsMOeoqrAkQQ zO5a!7!RC^f^dq%GhiJyuHaXq|=v+6|Gf>CU*lY2kzH97hS8@3Dp^r0a0zR!v6vF{e zWM?(Cday0G`Nu_dsNY24=6kp=qjbyKo$uf9{3KpZ0ShhqabDYB$kLNdUJEx&mul<~rCKnd^+9HJLc$ zm|A_4incF?2aLJuyWSSQy6~lsNAa;`Lpffi@q;ge6m6c6D%AV$nXnnBxa4c+@H?D*N60zOHSds!Z+;#(U<%6!OMM{T|CJfRh#I;L5(FJS*i`X;ev6Cbx;6 z@~V}ZywmQTKW40)9`8TkT?rXmHDeZv033JKSrWnw6~@eWj>@Y;``F;CkG)pKv{&4W ztJ-pMFC^+aJkg3WRrP&({3s1wC2KsyvwB%B2mYlV3O{mcV1npsucovHY>eM`O!RbvOM=*@ TbDQ$CGjv+&dTPawY+nBxh7q{) literal 0 HcmV?d00001 diff --git a/docsource/images/K8SCluster-advanced-store-type-dialog.png b/docsource/images/K8SCluster-advanced-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..c0419a922c59e36a772e5e56fe0af6ac06d0e0ae GIT binary patch literal 37362 zcmcG#byQp5x9CetTc8vuQYhY{rC4zd6nAJTuEn9aJCtI@i@UqKli=T^-t*qmumyn}g;r45IH z0=U$1!uD@Q9;lGmm4#o%Aq!(yFB0%lzE%Eq<>|4&=WL0ZHw`l+eWYXe92t;-37#2} zDkAu+wH4)=Q@RGi?+mY8OpG7`=M|Yj{=a@dtQFMFp~qY4cAPLL5u7*#@Bukl#9a##a7_kNP#5sHnp1R=9MywXag#G_lmFX(5rdm%cD%4++29b zFX*H&+nlRwMz;sZe>d**^mFjXw&TAqpP+R;)kpLe&WeAZO*Ztl>ZOB#Qb$H_N%f{nq!J+g?QBx$^P3D;7+Bww5T@WsiRzU)@!LxUYq# z@?2S^^7Bp|6g(ccOlfJy8>qW}Zss>5KWfxzD^__Kz2sByby?+_iinhuG=+b&#bJ2Q z`%R|W)i%EGv-h#FbO+-DbZPElMx6b5)TOy_=KuiPFF)(TC608;*A-MF&Yg0)Y{b2hB3GyZdL$9BJ=kam91^uf51atj-_w)_ix#EJXB{=^HMFyAd<-J zDmnC1c3)E-9gEltrU4;~QB?%;t_^EvQ**X2Ud*UN$SI=FpX>6@uq_TcD+$C@tJ(-| z!?cfwD}R9XJNh@@0{w*BAMaON)MJ24O9zl8t%Cr@Hz1`}g#D*1R*Jm*We5%^*Ip-! zwdZSF)eaEmPQ*8GE9kH82%_aSFb6YIG|K}U2dI~?MwEJx3>eJ2+vFc38mu*!stvZpL!2i^ya25X>~%Ut%&oxRrj-BA<*c6>1lZWWQD45 ztaG<}*$bA`m|J_1w`u%S$?43I?aenK%xa+M%kU5@_4J1?Dv?631S(u*_FiP=l50_3 zk0k-0yC&b+Yh8RYa~fbK#5LVDL*nU_a0(oJ{{BN_{bV>fh_G(|)aGE0?QA%gYE2DC zKrz6b9GmU3y^`T^FV}3zj$6MCxeGnRfAQ11zwWmy#El%p1<7vn`}yJuJDsX^tBav| zbpn2Dc_PL8b(e6RFaZmHhYVvt&@!^PU(tFDSHH?*uivCH;Nqy!&{EhZ_wtv>#a+^V zN&9jOpx&_~bN8@@Ur0yjf`gCp32GRdCWPTYaWbV`*1|-LUiQ~3^Qqc!4VnlQ*;m|E zmNIRQ2!*J4CDmNDi^uVWy5`ZQ+XXxtF(f;pb`2hqzhkWvjHa7cv|N(^-okyNb$I>N zHCUG%ubDS%Md#AZv94OekY7-j6MYd4WcI>GX1Avh{>|b(3QC^l_u_*^c`&kbO>d#} zTlI>=eAosRk?_&oM}CHf8^kc3IPsp)L_TzLKnPyN1qb*{2-KEx=zKRE^ePp6xPf4} z#PSKvEnZLJE$L29Kl16~cKY5oAryOz<6QRRmG4sbY#Uwh_Gr*Uf4ZF*p19`(G1w^l zc^>tAL@ETj^Rg*BgJ0|ln-R~D-+%4ov@DVbscwIaiQWYW9Jq280`coVlrtMDrnafl zKD!FsY+5lEN|(NRzBbD9K}4H`keD?4(Ap|KdVAZ-opD-NP-Fj*6I<1u)%tb{xrP|5 zH>D&-xN5J!?(U{PhfC8@@n0fCukgrX=yA1myzN#0ymvn^d*l?u(rxY^yZ`knV)^U+ z0C|74DP6VZ-NtbS$6#mq@4kwSWB;2qL^1A-Jj@%udyw>bmYe?%nF%GMHQTej`jN7- zGK1y1+oea?Ez-zeC|P;+!DsA7Yaddehz6LOUTY~6m! z>STJBo;l&X_wtc()JH?9UmjqqQ?z{1nflvuq+z4wqgwZfd9A}rNeFlf zqzo8}mR%ucr;XPaLr;p|86cRAQCCl-lvTZ9oTW+7xyRXq2=$;jsN7au_u_eXridKH zbRtgN(VLN`O|VL{ruN2eKIOMW*#(5~!o1wdb6;}EWOh0MI35-#8SAz=)RZz*BfGV| zLfeY97`*srqsPP0#uy&!lF7-b*yJ}DtNFB)FSIrQ*>z$Tq)O^|UbJX=d>hgwB`LlT zyD~m9BwNV#FfCz)ZmbqSY(s-|19>Or*6sFpG_~ZlYwH zyfh@aFtCL0l2j?InACZEe9v?(yRiK>)yCK9&fNbq9>3sxq556~P`G^XY77<1+5GqYO( zi#r$KvWJP4O&L1@A?{r6Jt3haYC>|KjpYhnTiHw*8XAu2b2u0dfpqeT@JlzdI{akU z9uTcUr`&lkIhzg}K1J%{GKduHSCo~}_Uv|n>iF<5s#HSSC*3i#J0Jj*$|v9Y%Omdg z{E_1-2Yz5j?^<8xRDdAZx~!jra)5l?%qgld64sK)rx%O z@C`(VLIVbz6xZ)|Pfa5uVHE!Ly0L=;A?Qk1IXUl~oO`2jL;Zs-!3nPpnfL`6y4^9B zwXTEV0al|ihKVdu(*e;Mk0gFy6vgi)9gVM2MUj$Iw*%XK7P9>i_X7PC`jX9%wb5K;g|1XiiR$nrvn=s!y~ z1%Ig`z9obsY&S3)cGsADMF2!WiQuXeEm2 zeps5CeyCOPGl{{$c^1d`ft%Bk^ZlOC-2?yU?bk$tptV|0z=JTaaMtNWTIGJ)fdyW> z6*H&jNG242x^AklozSnM)4gLI{~NOix@}A{$ZrOGji7|$hSs-Vs#?pG_b*a&PI+-!l$#9s^a`C04yb$pEaHE& ze})+z8U2a|XoBS8V4WzU-mhIdWxe19U1)7YQnqBmIh@+@n4Zm=D!&4LCuQjQhSqwp z7&AR|_Z0nl>>QH#x6|# z8*}+Y=DKV5t|m2|jFODT$mo2fKZX6Sm`Ir41=QF=84twAKX9jf7B0!`+~{rRm_9@2u8Tr7y*{D{4x1boaPA(8mmdB|NMER!QfZ zA`*jlE~__~%_l;Z-FWa@h;B=u&uZ#X#GybZt8ZsjowjAg3#p(em^VaJ*er7mi9BeN z@&y1v1DcNs)h%H%8TKq%sVxj`Gph%qe?s84)fKI9X7`fzZK+-k49Y^q$q{gq$Omqk zFLbU8tz2A5RMm91PS1jwEX!vF^4BHcaJ%NmVohVBO>wio+D*Ha>K6CzaWQV1Hc*#} zjcrH_CdJYhU+vL!$Tq_AX7`JKb$&ZU;I%xWyqMQKxXIm4r#D#MsKToY@X05T|7Fzg zR}EF6h~QubT&^SSU21F=g7!O{M1dCggz$p*0#B%8??AOA76S>@Eiq zLOv2i`{VVJS0|qzPd<=#9w~e5_-`FNYlG6hLUR}8y+6QB>A1hDzP8l zth?x2ziV1fRJ}@~f~6gMTy4f=Gx=OAsa%RBJ~q)CT4KZc#bWon&eegGBn(s|Z~PKX z@9h1b$$UseepMFC@v-`TZ{5+E-+EbOJ6w}eX?2QBz8ax0>1{wPgt9G?UcY3WGujD0 z2iZ3S-TO|6~C+CA|c1 zccOnU_Kzj@y2$c>xiGLe*tB&6MSJCLVuLEe6_TIyf%%IE=>q=cDRgL^>}(uDpG(#$Pbi)L@YPaqWULC|eR+!%i7SY$*#?F}L$ld{`?xl!L3r`1YvGPrp<=i`-)e7c_vSo=8x>+hy4xdQ~`M`5qOLUH}hMMkNerssb0%FwjGP@uSLfT$f7$3D9*&}eL_SA3X`&M+_M(8Cn zy8<&jdeK6?v4KKG;rA=yX_t6EORxbe5)~q;Q_3pHM`}tUny85IE0twOK3d=B6#DE> z=06{ei-6e)ckqY^p7>Jk8^SXLPM9s7Ulw_PR8UcS_VM-m2!p?XAKe_JgX4qs7yHA5 zVDWjmP;%Yqj&yBeb6o_w0V-P~37ofYvJF zBzgV`8i>33{<{82-$!oM+!N>&Ntvu-HK(T8yV@t8^&IfXP-HR__c{j!Eq`PEe}S5x z&CyX^(EsNy0oSYEc>ltmPpx^d{)2%2FE9RIL(~7iyIjW$&6nicAvPu{fWngSxB1W_ z)^g3tHs_Z-F1Nc}|nrYo2wa*BRqV9=ef-QE@O4_78IZ4#9o zsEmeKF4c%@?UpLjzQWZVy(cFfYd?YgOK*Ly zZS^RXAMqUKKhAH20A(hHKr;tpQjc_KEBQ$!_QEvCE=Ux@_?HZ#U3W4)no1;tuz;Id z+h5_9oT60kywDdT=1OPM^%ZvY3&Av9s8=dW%1ZfN<#UK(nWOZZ3X>RWWWipv_ zlh#ZOHLQ6%Y2q&`s7wooH$2O9;=nUU#l?}{xUO8TgPU!vis9EE1RhC??oEqlTvMjKj zKIA`Bqt8>A$-QqcbGwQskcRC>&Rb@QL!Di+X6YUr!0XYps4r+(yZE|Ur_s^7`}Wiv z!!~d#ECzAKv6X^}LH|j>ZUdgbgB~vf-N6o$s13KvZ)o(7WU0#?<&jaj8ldJ)hY82k z+MaKZL)g`yb(`R&|agc_#$<+JEs%(0z= z3dO6nZ%zG6ulex<@-(LM?9@tk&vw|etCxUVse>C-Fk>64N5v`iX3WQKOzJN%D-bgN z9no6JWBzBpILf6q`wj0HbMkeyNg_QeowL~|@01lpvjCfx02n1%r+~;W%ts?Co`qL* z#M!rhCC+1S0@5;mIdg|wDpHj1Dfw)Tg;Ika-RwH@2edq`_7`0{FPBzTi_a3ds2kL5 zX&Ie4t%*H9r%GS7M%PZ=Y;G15q~xqchfPtr>P89-vP{(O2K9M3mFDL5CdZDA1et=3 z$#(f+M~IPpc1v1-c*>G5Cu8xzOtqqr4?j}_Vx@MB0(Ncnd+EQa$C7SNLuHK z9?2hXMk*;OoT-|RFE!OA;fY%M&oZ{X;EpmB6S)}7Tb=E-)rK5zF%^x2I^GB*IMzl#LdUu>d8ajP?I{Pilz)>lJ9rX z_}aAhCg_yOcb8_Y7SXnzBHG(ETIjieIipr?;`of$fXSA>X77IPw`bO<@gFJO<+g~+l@cAZ+RhO$U=tdqap)@&F znw&V1?~Q#gg-LdBw2P_i-M)3SlCo9}cR^d3M%h!JoQ)-h{@Skecb5xwd~rURWN)sb7Q~X=qWwEfZ)9@4yU&SvNP$T;pTyPAdO9I}XFJ7^ZKItqik3LOng#!lb z2fGEgK5OC_w(Yw#gKd-Uum0>7Y~BpjKG9b7(onr`Y8W3`8;Zte&vb4O3~`slh?X21 zwWop=QMCKGD5w?!+j}_@6a~p9W>?gUH8b-}FdlZWoj$fBD1i@~DBOc7Kg24cI9jX3 z+p*Ulzu*kjj)ihVJRVm>vCfr6;ePxsf9MLEjjlYB;Rd!<)=YFTX^J16G@Pop!fM>IgyMLelA zVmUtIktda&84IPA^+G6)t1eqi|FJ@fGo3{PLa$#=rf*x%>oBl4u55zt4<_l6Lo)r5 zg0&@Jd5sE8LCZoy7T=^)Of(^>b?12A^v;WA*S{7r!n|^K*a^}6Q^^bfy0QyO71#2t=E)!HdUWQJZ}n5B{+D6@yqb#r6gMQSVz~;tum*LMZK+_>KOulAuN%4kwc+PP91kXh)TwI$$l58) zRDVV~MSen!_4W-8z_Rh!%7tRj_U2|^&`r==v!%Rf-~`1aF5$qMF9|PUBe4NSRMdEd z`)hz{ERvA0Vv4?BEvv!BqB7=G>T2|~j&xL|-Lfe3-QE&;E3*60D75iRYy1}1;&10? zuT-)nsRB+1nq7Y<=(r3sIa`C^11*NwsoaLt%fe)JB%x$*NEA%t^COR-B0F>i9bI`e zB8EpfiH>_3@JTRrIll*MKhy7J;QAg77AR_z#)sVS4z=$|J92O+BrJ;=jqqR{1nYhu z^3p$RD#+J0D6>&kSXuD5u@6vB)iqaE{vAePw`%PHZT8R_i{|qKR>G#Iy+CWG6CC+0 z*JGy_QnvDwM!&DP!F!#>TeP;Xrlz7ne#^t`v!5-So0{AhU%6b&46Q2Cdha@It&Yii zyUeU@SaIJmJ4frMw6#@-X54_*s;Z$CjX2>d?CBlQaKF;3!(&jDa0DQWlBfuiyxwgJ z6rlU#?}XcnYbnKv>#eD%$=%As{X6feU5luzS1MG=Ilucj>!(;bT?=y+zQLZ4v&h%j zoX2vdJ42IoD|g5Y{HOUVsySz?Ue$TrZ!9;r_vZ|o5K&YrL|0evFUCr<>7@bc7}?YI z*1{5)5@G`y5$V{RF#-g*YH#eLHAAizfGrQ3k*<3;5gf%%{H-@?+B8RCCn{e@Z;aID zFJLp5?K_APq8Jd4PXxS7XuWSktQE1>T@<5#&Hy#+)DMQd2noTUh+f;>tl-vv^?*z2 zG)2YdzZrSej*tnYO+1LdPR#Z~e14@gy&CrEWf2KX3_W_aYg}9+Ib8`SndCSCj7kaE zu`-omv{9NolY^zb78|g%6p{&)Fcas+6e4*s`+@=rXX+;q_pX3AofXW>X_C-*yL2r> znQg3f&$cg5M{;V@89qWKxTBf^3_|Vk9v1T3adh1@^%$l(1wCyNByZrl;rL*!?gk@5 zQYFKvOQDsX>9>W?_vs^;`MrP!0^dumQrt#AKNjXgn%_>M@OlO>CSw^7@094FKNo~F zgA@6o!6p<6eF(6PzJx$cj0nfubU8Pu8hAKjyJy|Fx3h$m@+BS~X5qd$m3QxQmjc%Q z`hoEPytRKVQ*6e!DP>lD+F8OHc->b@RctXv3F3X-HM#X@PSY)XyT<*e4@HGXhBvr2 z;SQ1g1xJu3gB1QlOIN(H``@@if-7QSd)mX+mUx1;PVPbj+n#1`iO6nLT<_;%USha< zEz_D_Ept9c|c51#E&=^t8cKl}NxkUzb;o+ziW@KM`j*N3!bBW<+Do z453!AkgCt-n`~Mcr}+7Rsp#LZjMwrZ>=ff1#8Z@-F0WLoNGb5ygWLuMB3>_x5AtUc zy?4>Mp5fR(ALo%F4=UABHBzN*i2SBoaBb6=%#{ zU)N@{eA3{ad(&Ym3;rRz_m+@=N96YfFYyhwBx9@;F>yUBA8Xr&)=bgS^P-UR1%-uk z*MVe%GDk_eK1oc&*6BXz8e*hSQ-$%t-63k+>%|_Abj_z3z?3LA!z?4SH@UpZ4DKls zeqJ~@f!9a3M-%~rkX953ky(CV1;7B@g8NNW-i`{&64$$P&j}V~ToyZ49hRZTHCYu6 zckEsvg7VGe24$x((^VLBpCTeb%10XjsL#`%>=}O!U(3x+-Qnjn(!Eb9JX={x+tl@9 z0DR!5@u=vOX!%?~E1rmhe$m;LyLQl|(%uogLJa3T?p*oe?8l!Fd4)TE5Xg|f_3}q0 zKiFXyASgJepImQ-s9o^O<=n^)dJmqgig25wsH_#-C3WH^Z?A-kPp~B0XYVq4>Y|Jfw*oK!D6qn|ZXtv5O*v6WJpNw4Or0^s0P6tCLF|VND8v1X zFHu-d={b6vroptz(Q(8arN@SB6iW0r?p%XJHj`-3qcf_VjBf>uacl>T#%Wk!kB zb<6ARx&m6WJ*;UH$|ME&)MoN*@afR0hKz&DuT@bIIa;CvbraQRaoCNd?a(g;6Y@aQdLB!>=rZvIA zEXO9~UX*gh@M5sw4M}mo%&Ug1&bewuZ%Ks|r;x;O%o8de zSGMZ^7-gE8;A$!97p@e%v@9~E@NLd3-FUxy4?9Vj0I^CB8*j5tq^u*jfik#qvaoj~+C)x8 zxT!QpNQ9Lm%{>28XuUDwF)cyhTPRcyj0&b6kB~prsfJvU*PrcIf$-rXPxL6K`N-D`|gV5wSH~ zcNo_|JtLL3M`6_oz&J%R1FzckGhq?4*z^b(+bqsv$3=nogJ~1Jli}@?Ts)r<##}zj zhXB6vCM@dbjdx*C#^I(qT1ZuAsNJ3l#!p$OMXeUEEm#umv#@mgfdLr$_M7Ye8%feG zU~XaI79?h1rL~g}7p*?e7g_kcF#6_#{V3V@$zR-nu@|r7k>}poIS*SVknk8fSg&Xe zwnI$MKd3E!Xx!e#@9f2spWX!jGt>GvOtoe=amcvPj-`0oO;3vAX4B$A|4Ih5W3AWK z(fOTHf~okvX%+*`A-R1XhAZ>`HuhgGN}d#}n0I;bqW%1xoB3Zd1pjZsu7C-+-M>;1 zF>QQ|S^qb4`L{g9|3(T2QSFqpw6wmyK6S3CFc)Hcq1CUQj8-bZKt@#3qG9dx#(Jxd zC@(@oQ_~*-fr0E6WT<^Fz}D3dm(~8`LqjcoJQJ?ddWh&k=o(ckF+t&%f&FZll@_Df zF2$f!x@PG)(130=q8iTB@`?XcgigMY<8Vke)tb8bOXLBcXf648H(|dZ7D~%nEZ8H5 z--?yT$(D#RTl^o90Pm}@A)A;+y5=D^f3}V9S<-TPN89d->bG{FJZ|-2Ar@C9pCUI7 zu5@E@s0iDj31$@Srv^ySJ`hx=iZT`sX)+Z<1{Jm-?CRvY*cph;1y|PK6J_M{7{WKY{%GEJ+pCkc`%f@p)^&S$x+c_IcwNh zt$?6SK-1gIPJ|UJEL>@L0wTaVs@*E6%+_&&i_9?cEc~ILF$cR}<&4wOu{@cNGbq_S zF4s#^FS3Uiij>R-H|Sc%rhZWRVPNnh<2C$3uv<;ty08%^EPUR~)M9s&1*Pm1<6M*% zHnxc7nqpmvYybTvvtjXKzZ|`zK%r;aNr{D_y@<0Vr3v4gL~YXE?q)J_<~pLRqCBUF z2wsa|To=t`t{)bAVd8;vCKHp@l#%0Q9*86V;aNfjxv#UVuK?$43UaN9i#zIkApN#) zYut%y1{Za+;bI#JJDI%9#X=r=r~g+D^k{NX z>)~56V0TZXUbeeK@rw3Uex(W{u!g;}VlU6cT-ebqVw_e*NkyA6SvH|9GLyTnQlBad zUp(E8MyfbL_N{&UeD}WF;T%(;>Q+d?m|E-L51^c-vzv3~IP;=q;VY=Jk<^|TI?&)x z*=6Yq`s2g1F@nT3$5QPVjR{TDmt;(^#huJSvnM#Vm3>BySc{~65EIv_Aq|ArX!5X& zP>{ZS0+;BWtb8>o1(f3TQAPlsf}6!-4xci^e|oDcAk+O zB9oL?cxBOEQKlF`3$IF!pH!}TOS8A}+w1NNr|672=mBGE!#;VK_lSLEk9=&Kq6yr_ zKzmk`{$dt=zAJsjNL?hu@^D z-y~_US^$&=^v(~-TPkDC$iRZ7!68iszOhYp=RpzACJd9cRYfJQY>cFoDF#rv+ZO| z5g4MUQ6J_HkA85it;jE(SlK)EI!pqCdGm?_hZoJ7)bcgYY#SLOprhxj6LElP@nf7g zetM42$yU2Xu~JSz%V_D{g?+h8Z9&OqsM}F@cu&Uq1NZoOvt|@agzBDCc>M)e*80zE zbgBPj0mhplJ;tiqW+PA?ag=3jiwq<^KQ=JmY*VW&EU`QYrXeUCXB(TkW-p)43&B%;60YL>xC_r5c*3AJBn`(soV6l|UjQfF_uPr)fOfSi1=Qg&A5Q_-UF zMqpF1se^@7tpO^t8Ew0~u+Z!X+=%_dqPV#D5w(>;>n$e7V9L3yhewcR7$o4RMlDI# zV_YngqS+rEt*eLi0(AO{`splI=VDWFM+EBqo6re0K*^!?>P9z1;a7A+au(lM%2*Y| z|Lzsaz_w8S*MqU28`qD~|0*JQvPBE~Z?@rot1wv6F&C{}RYJ-6ox{gL&P`zyrehA< zUqB7}y*9_5;{Uub;eU6h|EOg!a^!@Zliu1N$3c=9_NNZc=A6#Im$n`&=zs z9D@+>L}pEm3N6RW{rUNFP0`D_Z!F#x^IwR9pP|k_uNoT~xP!&Ti2qtZ`%Z{&L!Z^@ zN<<2t1!V+%>LF4mx^;WjitXa=-g&v8i-mT^>j3 zt1L=y0OjKIH5B8|W_g8k*fzR}7yA1uy`VjYNH^Hu&LimJ&7Te1KAUV%!(d$d?VgpJ zI#|GooZs6QPTc0Dy<=M`;?IrEZV2+(oytA-J@&rvm}a`juC1-Ty}dm;I&y3G)ye&6 zm|_4NmyQTU?dtW#XKo{Vz?=Ol-%DI%5%#M5dvuHUOtAgTreanV#w{J;db?E<4mjt_ za}Sl`#@XIk|MWeg^Fsya%*68w_TxH@ZMb|Mb=bIE`_)!@1zT>}YSW_I5!bT4#(}^n z$`WYme1Y*F5x~4PFb`*`<1VDnZb<_6n3H1pnq#x!boililm7I~5)7I~bY&MkGivk_ z#6i~=4c_w@Tv6?t{^kGSL*b!zz9R1e{+b7(SlL_UGcvDkOf> zSArLa6NKQr$F)wDDUQEe^*-Wd?2K$(mRkcJS)@};{#Y+il{m#h*M7Zf!pfP{szw?- zuOr~tn0}yGP1^b=oMP*K!GbvV6{^^!E@zC*EBXE#=k2We8J-0rdU~5z)cuXcrhTUb za_>0E5nfjy&@2w|7;yjnYtM?Yw6Nc+Xk1OzBtJ?(!)jmGFCyvW6wdxy7saPD3g@fIiX{N^_2ro6&ex$ zL{YXMbVCjB(%*a)kyeE2s_8a=^ZopP^s97Tp zb|2uw>-JC)fbZ0rEKDZm_ki%U`Ryza20D=}6MEN;HNS5g&9?=01G9}qGt=S{Q}E%s#EaHJJyn!@w#e_ho?}-7Dp*)#9&KHTqb!^c zb-}~Wa>gm+LM3NV&p9o4rE}J=OS&3V49?8$0kvDJ^jhnjwnk8@m*}VVzvoDe`EWF$ zX62o^yjIHxoTXQSwkr2bE5w5Fbxvm)!*OVp=r3I|x*!_5CfJiD{Em6tTy9faK+nM& z+c$Ah^CKNiY%$ebZKK=KGkvQp3*vJjE+M&x7ciRK{sJy`dG`sv?s{aD_{fY*wzNK5N!jB*R7<0 zSyfa9xeY7b|3kqdgL79s+yEIl=rr6)5gN{MCZFgRuxwrdvdM;gr!_UA`YGT0&+hmV0_ucgoihO8egC`-dbfEF*sQ!P)CWQ|xF1 z!e{0xpn~e*@$?$aYJ-Q1S(P2xJ{6JM&GSjoY@N>3jb*)^KE+nJwv?|}^7e0y-PhYK zVlfc6cegtm=e>kLTJfak(IM4>rdTicAWf2$iNN!7Hcb}qT9u-2a?%x>O;fZ01HB{z z*Xf^8XTWw|g(FKR`GG}a?Nz|gsp*3CbGP-^n1f;24=jkm^*xJ_bbjNFZ{|MXyIH4W zRs&tmOS>xEB5T!ieMiob%TqG9qlv*sV3=}i(q59c|p&)&?jf0*$%^HXGL?hc27 zDL7$W9O&Xic5F#)s5C;r$k>n)OhiTco)EtdQ={4d@afYh8H$>ztq_E+hI45~)%1QfLBD!Ne@G9}J%v9ju0VEcP>yPZyO~=--D} zXt$XEr3|1Q@T8!kNj>`Z49$T=>kI5gRD^ZK`YK!F4__ATXmNq4um0`zX7{_e%WqD* zh~^qGaH5+g|BbVr<*`*7eDnWT-8;b_a@`D9ma%u&Y-w4^q$~luuS3f7W^8Wsr ziDNU{K6Q z{}t9xQf}jCtr}b*G-S zwH5V+nQk4b%OFqs5qLf7xns+}!9CqU~w@4Vi@(5=-7`FgiY_4pGqvKKJBL zxYuVDNR+2zwlj;U;G}1Vs;M@V%k2^*?sB@iD5@F{jc&@1Tx;z%a}NIC#GMIBrJ&a! zJDUN}(|eCKU}tKI7?x;qcEq#bf~DGB4;I?m+9-wG#xitub<@+*PxMGNn~91 z{3Xc>Z{^xnbyQ8JiOAfx3)Pay-REC6CKhiN*0>Cb^uOaFwpA%hU}{X`x0+OH_CW-j z&V#k&NK|OkugsqnP3M{h=Iu55wvWjth8R5Z7fW&jbAGR5;~wrq&PV*SGCpX2TFCR| z0U-wJ_of*GYSDP@%#VtWd@LMm3+l?Qy6}ASsn*JNoL+KS&U!TYWL~mdN7{ejVQ;LX zyT+goq!Z??|3hV@A-M6cwbL?bTx$bv2xIxVtn9{ziRTL-V_I>M9;~qn6|gm$?Lv0D z59xQ=HS_WEGSJgYNlRDhG=}5i&90h*JqopNcJpK6gnBi<$sYG>I>WwF>D{1TqoI9D z{*R$=@%Cl-$t$_2nBq2iG_yNjN>0cNc_2O zZ7K{0RTvB+`mg@^f0O0*Z$$8aN74SxegAI?g#XPCCuXgGJWKBMxj!8Y3=E_g^gZn- zK}q!2;Ia!HujVii4?t9;_VKv$(XURHn6X|IWgt&4RHX#ua1;JU)>@CNU zU()E7X*V(Wdoim`b2}gR#ruEiyt#scgC7x{?Z}f*(Lc|1znIT9i5?LY7rsZeIiPcY z_=o)=2mS9cv{Rm&T^;*BA~2|5(V`kZ6;DllB1-`J^`DLKw8)-s7TD7604v>VMPT z|5-)$f9>+j@1grq{9oCOT?32@H2<}J`#S!)$KL=9BsocbMSa(iU&Pfl?5x6W*o%H#X;BIxQLksPY;Mh%fpM_``2m`M@x zBGyAGESoy5NsHMTNhvAcf7aG7(e(jtR790Ly?ua^9Uq@L+hhGS*gZ_eE{TOeu&Gk* zBkH|CW5M~qsQKcv5551%0?-`)>r?o*Qu3EBHRb zz-i}1=e)V&Td`JJce)a;^UdTr3)RA65H5SW8O}jJ*+P zZ>=jTg~F*iq{Z`yk(dsSREMi1h_{8UpJ&$!#EIbtt@&)(eonB&O0vz zxOT`iLe&^qxC&(nl)Q|HViiztOINau*wH^2`UuwPZ~pz83r*(b6~ulrW2^NBoJF0i z3sBXUUhSsE;Cl5EbdZ_nJK!b6ICj<4`OO-BdS;662^n!Zw}#dw9ELZO!`Q}W>H$hp zw?)eEf$|f!1EEWeok*Hmr$!x6Nircy`R8>xZdb>C*X`QqkeG=)Y(3F=l;b?#({HXp zR211<;Q9hsHIrg!XfnV3X^WIze^C~J=l^~9J~{9!x6o}?(LI@Sx_8i5I`hq~w?5X> zAzs>^mE!^)tdd0>1s2CE@60?xt+Hzs3e6y_xSq-=`XLBXS)JY5Eb#L3%pulD+E>LZ zQ(IsYnbO&&ApWLa*;sB*NB2=9IW{vl-fRE*p=3Z#c5&g#S@h5KeVIj`Y+Rdfk(uY4 z(1a_^>-j%K0F!z_fI)PW5>7&tv-ZabMGX>mLm33F@MWTJNVsuef&qF;*?wi_gc!p| zjr?|PW@?n3^TMW_1gU3?E^I~3h*W1UT(W8>8~>)owO%xI4ep;D?lGx{-Kk53s}41E zD_h5~0M{=d)yD}gsUxhoS-b(`x3`Ufwc2m&J0I9Ry^NWdemG%9eNVCjm8-<+>-&CT z&aCs4E=%B~f(Ru|oNf!zM$H~9-hxLBthN2jVr(ohSqlwyp@+$KUrL`)xQi5 zTGCsIq|jyHGrdbIaLP1*nmT##XIV81YU!^j!~QgL)7MWXS=S1xy1iT;`jDlh&1cf0 zoi{47TUk-&>uEh-_d!apLfL-GdY-^A#Z9~IH-mSv0V_Ul62}s#dchb*T1>}BlE+(6 zLD-Gn`NUc&7duzk|Ns8A%_qA3PXZ`$CZ|&r>X)KCG!yn-?6|n;aA=jp=AWQ0o73FW4lP#)U(`+-ogeU=<6EoEKZyl+0~jUj)ippz*$!K;dAkV!fO7 z=+nIndq*q(`Y7EM)4UyP-+^ziJB~5FrdKav<7WchzMvEcXT|4yuI5g&`)<2qU3bGY zn!F}9!cGQ-kybw)6yZE1x_rf7&wPh?8ox3VV^g-sTe-!q-;zgkPa&p?nA9797>h3< z<5Fi)oV%Uw5JvonwQyqAy(*d0^`OpgI8Rvxf5TIQkK~q6Owz1FLUZIlKw_n~FwxbW z11jjct5|hQsm8E9cNY(@z9<+Hy&q$^+ErKt2@8iX$!j0$wL*-|Hgc0Yg}Yf!B3Y-@ z@((+w^OCN*y+5{;Nztet(L=Num^th?rF9uNdKm4fEUx7n87N+eJ3-`XQ_XU+`vBJU z3d;0<#E&gilk7%}w`$6PhBE!pm?(yQx(rL--TnO{{3a)UWnSeOkE4Cyc_y)Tg~Nwf znwt>{7BF^C=#3k?Uzd4rTlQtF(=4(VDhqqP|IlloBBSDunbJ~kwLM76UkZ|I&;zSJ zbu1|8nS!*0b`Ac3fPeKLR!o<5`M4s-Gg4kis>(i~(u$^XxAh3A&E0R@rzXqu?)?~L zOV(O3Dr6w5sWOzoy!cRM%Sq+yW2UZbEraIh$OLzdARteM>+7S+3KNP*Bh*EZgCv0P>KXkv8dFr_ zs9KTdWkJy+VK9oD7}y40LDjflzQDCaLj;uMf2*GbSYfTn-h5qGPy5l+U0f<^?I}iQ zYGJx#UMYER_+vyG@`tL<=U7ZCmRr+ae zyneNnn#CeFIgl^3!5xt@YLtqo3wRl??^A<5a|uwrJxqI0J*M0}9Y5cyI0x zxHCR62nx-3X3R`(= z&}-nRX{nR;sW)OzFGU1?0QV*E)L4jAX_fSsgDFmm&b}F0*?Z&OVM>oHo$ho$qaec8 z7P(Vw+nHSBR?p~#RtWdKy?w=r)L^jNa_;zTi++KGl8W~RDeC-H7lyautaZ7m^I4gc zt9te@lo>*hzF+-N+h&emUq4TWb3V-h3GZ5nUGcN&dR*nhvgzT2?8nFHorxS(vU1%k zk95^bvAfN~qn}h`Y@M$9O?dj}H|fS>2_|~fC6-F?(47079sO$6c$;Ia0sSTDR|z6R z8*s#`)-f|NohHybO%6HGXj#L^40`mUzS^X^2c>~g7rV)(SBq&mwIA!Lem=|+{Z zi&Tw|Rx{V9uENXK(cUmgZmfKNCuGM(%pcpkM4Jdq#>y!xSc-Ly*`Z?+f}q4`k>!%C zFeO_M1KRt30wOp#?%1gL_)Nx67#@z+= z8O+Pcwo8A)er*@b-QW>-UXZTNhL`6Cl!syE$vF~P7Y1b;P{oKzMPgCts5MTqu=Kcl zd4_yIOT%JEd9;l?VX-D>wtUp zcQM|(g{*K1Hs}Nywkod$qrJTyey`53PeYoCy|l9_(wWK4@&_MBd(lEUUlVAcRvJR-YYwt9t)Q&tB2v>AIe! zSMl@yT>=JdnWy-IuXouIuQ9$rLMyE00>mXFu`zkZ{V&y*dxS6v9y13zR5Ji zLzwb(iEi5eovEgdNg_nPmC7Q*Ajx(KQQV1gf*3@Oq!Zy49$>#hZZ3kbQGHqa9;#(8 z*poF}MDi!h?HNYI?7w^$db@8I>l_nxJF?L2y1lNwO5S>3$)YwKy6q~Q<*=Rb)?i%V zauTTd6P)rJ6{E=MFW>|XE3v`7c`zv_(c7!g^gjb*QcPs``C0{b(*IzBQ@5l@uWV*zsIX8M8L)zY z>m{;yB5KPq8QAtf-z1|tDf*kNf%Ggi42&0t{9$!aEF)msT!Pxz*xU?$!yc|hN(%VoTeza#r0 zJN(fUhWPSefSKG);`Dp-L42O{)wS*UuF%_b$CC#bIZs)5Utnu%>%!t93WXY5-?vfn zstzg*-D}u|Vo{ONn`OUF>qiNj0-@j$W&c_{_ z$ZUY`G2DM(3|-mX7M!e8c=zV;FDw8bP}b9eg(Mk1yQsl6meeYrJH4}RP^dYPFVj9; z43U#J{z-UJwi~x99Z_x3d1L&v34`z652pV%hTz%!G=*9nih%rl#pyt=3FAzV@!Mb1 zr+!t@J5grV7Rw|TupOTn6cnVaZ2k`l^-U~wxY~pEr1jxdC0E=BM~hpdc`eQwlekGO zZJTcQ`-uxh@!i!okQ1lT?&&`1r%I<+tt*xMHuV`x)dJ-QXgU^+f5}Jc$xe>T2Gqn$ z)3S3nuLW9)BPJC=s)B5atz1M~d;^I2L51i33&s9&8Vt%@E$Yo-QdphyYMCCN= zR%dMyY`$upJ|m=z^%>s_By&0pt?hp^EGM0BZZlhHceHc={-}?TLJ=dMs2QDEhajP{ zrR6#T)uW~5u=RutVbr=K&2AS{AqYzt6n!WCDCw!#Rur+*Z6ynDe@gqg@`AxS+P86g z5Wk+o+sHVQ{m){wv8%k7lp{qIrV`?=0|_jB(wyWdjp!12(7U*R*C%oI!9vl`m~OIf z?t9fqXT&8ZJ+kLP+AeQZFE(^uEJ>p317yA5L&oo5TL|0Koc4aWF1i<%I^ijBcT~`) z2PoX^`~wR`4@h{*{gj=25hcpv8=Ux!_TG_)EIXRJpd+~XHoS0-p;z^~fcqZx(H6FS zDj@U}H+5rn+(MzEq(^bcAiWNQX=}!H?;G*M21k~>&0)Lzd94chX~YPlFEwe?qj~yv z{tmGR-p1`ax8pb6uOqtsLx=H=$*jG;&Nc-U9aTvzbv*5aaRSd>n%Pexm=i!15|4J?C&Uq+gQvrA@WKjh@q8D)b*4PyUi!9o z3$NU5R#u3XptYLEe#>E~o9=a01sKT$-wq z6>a5q-5CC4KcyT&&8{H9o$)U#_ttwmQw9nFJ4D-~BYPFsW!vW=+t$Av z?QJ@i@@`fcuGlQ1wb)IBO2eRBd=qm{6zPiL-D0IlhWCZ=`%D8solM3A;y=ewqeXMq&4mTjVSRtPr z)7;5nP>v2+NCB%FQo=`aVYm$!ono9qy|@EFgzF%12$pkIH-$A6iWuSY%a+Sj9-Y(&3T6Q&g8bDpf< zWmed`o>c}4<6FuDL1XZ%b_ep6)On>bLiJA3KV8}2P#O^o0OT}kl4oww4^DvWGKq`R z9fYQ3w3Vy91#NRQQR??b^2Pb1$H%;4=6>uVlBHMfku`mH3;4L06vDvgp6Hm8I`{GG7y;_Yboy;UWM-jI5WS>%!)NxvK4mWZbW`X8CpKV zF28ZRF6nw9X0H&UoDi$?UMCv9nH)y^6XD4o&ttc&)UgSsrrJBVl2QL90sH{Fueak0 zeZemkGN3uVRr3c0%vGh#*M6@p4-|c7pBS7JaEWlJ!jQ=neFdO1p}nsG!l6}Noc)|j zBgj6LJMFHJ$9d+7znSG$g3e{p$TxGxmbDCYLOhf;eQK12`jh<$hJ!K-_JHmw=cnym zR8Z@#`)HlZHT`=k0sTx|e4Gf6(5w!5-ZxpRgFHEFf#>E1c{CrST?U|q;wyY5wuwQY> zq?oHl8qsu#82Y6Txw!#i0;Fd5AtR}yu97JDch4$AaFNtqOt)k*tiaqarmAap^}Kq- z|L$Y;#}AU8m3l=u;gkDLXq9TZo4^iI5rbO8ZiZ@X6Sn>~l6B8}(tEIi{SKyt+wMmE z^NX2#1)7zZfa`<`$GaJ)*)k|^7LMevncbQxW0eO+K>KR5LfpKo6A>}=DYwgVBk4e- zj#-h>!auZ6s%`Jc8$SAX(%9%*KOPpSMo;ocUy>!%!R-UKiwX>TACa ziq2?NRZ1cP2tCha7CS2(#rANq;pz$?%^i8_>R@kgZ)?jzcNH_LGl=j;z~+x?SL!Dv zSV0wf4+t6i%1^NEW;r5C9?4?6Fp%bF6~cNZQ<&0I`6!vOcn%B2Vpdhc>{te)OtRs5 zGk2A`OO${PNUWu&b-h~&!6mp+aKEN;p52=rwQ~YN85zqKU^y*pyHsQ(ecA*W6?evC zHKxQTDziE|??+Zy8%J$ow(RQTOoWo(R3@zvW<~0_OMl8^-Bw&UJlF(;7eGh2k*XPwwq z2^z!H2FDng;sI-Nm;LKsy4r7fCmSgo(G%AfP3x(&J}2B`?9cm}5)n|D$F5j1T#&#O z2vCXRG8+|oT&V)~kCa;f6K@;6JODB!%;f&Gf63d{_Rb9AeYdoya4N+9TK=&g*3CWN ze(%HQ#5So|xsjxLe85o%+*)Js3+1}0>J<=UB={SEX9aL`b3^eZ;O!|I-NGSBK)p8U zyIF61ag6Uu;sGW+?DA(v2xPLyaAd|!cNqVXB0wl_De(Qp`D$aM0A2I>#5vmFQmDU# ziEOw_Mn>j>V^Bq>j>GoAR8pOb_;dh~RQe?_Vkg>d^UQ#aCP^C%2q$0t8O;1I38??Y z4*uUK8~;Xg{q4U@2b8}POC0Y}QyVE~n{w-KRx=LzAwVpTPhF${R?Jm9$M)S{M>##~ zzpuz3FVa!Pc39#Q<(vpo)iacB@+Pro6{$VXmZ3qZPNj=y7^=CUHRrkF*!8YG9tblOF&{u`zqmm}!l<>}4 za;g^5Sv?mkbk&c8ptSsFBc;)d?s96r>hO4+_o{2*F*%u>s8##aJmQlj+@W(-QGnOGAhc7CW)Z;+i7OU1{%Jj7!HYgw~OmH>Y1IAcXo}HbWw72-s4Nl zl=5~c4^ik(c_S;Z;(4# z6)3gOk24TC__}~vuYiq2{C6S4xac6Ms;iBUGo5O3_QCiD~twN#2q4?a@p#4&# zgR}xf^mUAZ_%pkDdzb~j?PPRvT zMpW2aa62Jd{S&hv_9Kt>vfl4H+;+b`iZ81RU3IM#9v!iJX8-kG6$D=C-V@;T04>Wz z3F69CykSN+S62dv+p3s!6p4{4D(as4mlUj9MA~Q_3cesG`Dv^EcC3vxDGJj2-6O?& znh}?+o=y1pts4vyw{cw5!rowP6E4cA>aCJxP; zq$@s(+e#eT=Ovq?c+*+8GP~HSuAGPV^a#*?jgG)Qm{;yhUr1wOJ%9)A;X@9Linx(a zQMLYg#Ql*xz1Kl^{VwJ@+JD8i>t8S@S~&K-v3g)>N-+x!ccqn-h%#wz?q>%kB0jDm zacfPsUILa=+x|U1b*#4Tb^8L{LIFVnJe{n;(mcxPs+7Oy&u5pQwPj>!GaTi}WtOd_ zfzU`!G7;2)@hcE(CUoB#Hg%(}Za1xZ>Ja9!c)H;*3m)FSgk*6owuzqn^Ar;w&y=O4 z9!z#^VMrE*945iz{FB~1n}%r+8+;K4Pu60TpK5@0@`nwLO#x$$HMdU5Q0e}$ zk7!|3`r@tSI{Y+?`c3wp0OW*e*4h4PQ5p3kT_rRqwUnkNZRpw5VvQa`v6Z-aO>A?W zKXn~)NpBc!7IxVgD~&~RVpspd0#@fvV^x@)uX976Zj4s3q3XakeZ1?>U=&E{`z{DdeUj+cmR)2~J3tYa+9Q|zBgD4&Q=}Nh_%?I>QOn)}|1u?*#7{C5Qo)i$gzJ??L zekL%$r7F*ttS-?$vl)IBZ*$TQ#qH^Jvfe)g+$XP6d^ZkS#TUlG^B&9jXTb(H(5`*G z2aE2}DcRzCVod6J03^CuY3vOAZzMsSaLK7Xd~}X+J_Ymq2O{;~P$U6~Hh|b>f3$WJ z<2&C81NKBPs`qifTw#dsk#|j2Nq$;C+Nru2KJ93Uk??&y_gXT>uWU;+>*B+yllczsd-HUACm!`a{Yn6FMGrLYs=k`o3~{A~Rjc$`v$kj^x#-h5Hc7zFko=)tUTZlx z578NXwrnkH`&h!{p|Jpg1#?h5g=>`XUshXw2Ds$Th9v#3xn87F6$Yl9t-q^J@>Mj| zl@N07wsD}|DK28HtrSx2^d+Pga73X?ng-I`E6$T&{smAO{m`w=DLIR>sc)^V<_SAX zA%z#q3=0(%IhvIY9Q7KFCCzw6#PH}ob4Q~}`jdQF76z{h*98(dW#%D~JHPDfZ zVHzX!R*oF(2+uoV(jYUh85+uOw27VD#~?zx#g7WlvRZ$bvPB1Bp;~kH7J7uYSgIRe+xU8GE5)G1FSO6)F3{_He4TH1XF|L{!-;r3o7q&z z#sl68jX|;ES{CV+&*}6$ZI3m}cQgiz`qBi4^lPkD^w1u19a!P_f0)c}Yky?Es*EY*gA{mf-wNS2?dP)So)@;BqL^npbswL0xj zv&Gtb>G#gECaVe5hF-EQVfXTq%ie;FQG8ZNr0tBRqFUOgb{xdj+dA%E31Gw!&4!-{ zsoOoU;XqLOxKd@fqLUYI>tqV4e_AZEvM)*9?IB1UuNfK}pVJ%+VP!97YxJ*X`a2&T zFvSFjAL1{pyiBuEZ40s1Zk_BXXN3fxsIRzra@)qgh{EN`RNE94ulbwN8*;!lHt&eH0_kH+OgNiyZCO?Le{Mg(8`Y;>qHfIYIf#OAzyh*%`7 z4)1^v91Hv33`w2W{oepdWxXew!IaHRNzkRcZ@^xc9Xf^tfijmyzIoRu=ya;m5WUhv z1obU9ZRBx8r7Z|^*XVQ#Pw-uRci=WErjgFGM`iH*l9IHUuxUAk-qaW7l|RVtEs)TR zRU8|O)XIwc?*Dd&o*I)LzjS)k)q&YLcv~zfu-6VamE5GT4N;oZZWvx`5`*ftmG9Sk zgZ(P-z3m`7Ut0ybnm5{{?X8Me^}C&IKXQL6dR`29I)mQtfV|&JM6z#3sW~QDq)V_z zsaBaPBv~((5&sY2zUVErT;dy)H@NQUC7-Y6C!a0G@`zlVt$5OBoGpBJl>NmW*udxf zG$O3#=6@fp8WRqiogJlz1~}NilWl+L!yyJi6XKXrHZ%GL@vU>h_a)=}UV{#a(uLUf#(qMdxBC0S!u}ob%JSTVgH{=E^IRH^}s+yqt%eiKs^ zwLCww+`Kkhex1Vc?uN)cpG-4_B>m4_D%P<;q_4y3a&DkoBI!-w(M-+cGEo8pZt zmjsZ~Eb)i&-iofN`x($YdQKI8lMj;s5lanoOEh+vuD{I_rXjCC#aP+r>>n^`Q~fc% z{qde?WnES8%8X5@&^oDO*%AH7cJ)xw5X!p^8*J5y{vLDt^8_SIwPc@uGb)@TY)BDI zQMjq>?BSZ+u`EvXE}cP4)v07qkjS;m>Wk z2pL-JnzqlJ2k58vN!UBbw;3D|QE|}9GM8y~2LT5wh@u7BS+}_F8c3}}37wvK5KaR2 z5Cd-=STLONFOG#3yo6%kpQzQXNj??P9%-KLIxpGvgzs~(tR-CSmEZHuQ?^GVmgF`M zS*2|lbSN5Z0Z0l(LSDXjH6o0W^GIV@E5t> z-rjoozVTbjBHsn7Sgt0906$0xX69HJtRn)spb<;9Skwmeqjw zwlH_q;2Zd}RN+)C+VyQhvIO{{??$HakRF7aL783rQxdP+O)I1zMHQ5oSQBRVim?}h zUTm{E`FS%@re#F~S3zQ%=$H3TJiRjrYOfMsjO%aX5pB(F9rgAq067|y#8x!$J~^G5jd8M<6;NxTl0ejX{t`?U z=?SS4GJ+Zw{B0Bz@b<7Ac0rT`2Qmdh^6UBpHEXRGJh!5{u61Q5xQqA?_I2Gx>GK=t zW~_zwn(ioPM1dVdha*X0$pJoH58^5GQO!vln5j?%>mb6J$S^o9$kfn_@a=j-3vtH- zDn(*{6<6fm&^YTdW_=dw3V39}FF!?aJmay7HoJt7s!uw|ve%(5_9fRw+!4vtsE!ZD zYP-ujt9uJU0rUR}1@i*p6)N6a5px!BD(<*JQhTQB0~Dw5&op{BvR8d4JRnW`dtO3K zzGU^QNLOitf-q4i~2!kvc^6n z5{iuACS%Y}mEmetqKU`NiY#1AVPohQoSIa(DJ;cv@QSp<9xp z|0=Dz%nFOkxKVZ5; z2nfh)@K~_;_3da{vu!qb1&FR`iu|r3#WAqYWoUd6y%p@j3Sto#w`k_l)Z*P%jp>?S zCl13wX~8;hwgT6e)bLl{#Bx%4tqq>6%t6z2v}#io8W*{-cQaxu&hcDby}V-F>Tp^P z6-LZhzcLGqg@w$!EWi|W%RYV3&fe3;T!8H!r;&q@AK!mal}RLOy8|KnT!O`yu@sJo zjpwQO0sb;5fdvsvWuO{otaWLLo5SJLJ`>sBocvSB#jec@Bs-wKPNgan#qr%<=Jmq1 zbe?Xz$f^>RATzUZ?Ltu9lV4+P=UrHHk;V1(G3r#gBroK$(`kA5@yq*ives7v44&Y~ z7j42%EL~|m!9aYdk=WBkvjpm5c@ zQjjcDvGh2tyr5_g&TOw3rcTM|lD~QcVMhj_M|g=e_gef)PlebQE*8FMq)2H7(jRqu3;2G!BPjIgFvbhb8<(dWGdcYhtoNsBl1QWFF z-M;M_5MUvS6xZ+vO6E8%UO(AThF7U#aI#uJ75&_Q2WI^W(0m;AWpy-cZk4Lp+1Y`? z69BKLTV){be+yZUD6gAbpslOsQoKtEGzqcU8EVsh&$itNVjA{oXZ5c9WO73cg7Z@rK5XH=d)D!ejIEj@7h)d69eV(sC=3r0QsAM@yA#@Kdit zr{FMYtEG0`#E4!jf^_*QRYZ!B;DqK!qsjdWmEj{0aM=&i0HuE(JK*2@C9>g>@4a`s z&$lDPB8^hh0@fwlPZ;6@PU>c!p(&Vxy(J3PKd4DP$9^Ql{ROEO_}zGuckXmB0Ze(k_K z1bRLhxPKm{%6&vl6<9nc%C$b%A1WH%;5?0LSU-MuvTzT&U^{TWqT8S-FaIt)yr%zW zQt{oFy1MwBnCl#kzD4sF16zVT7pMzpGl$2KOPJBwT&tJOhznwuM`!lpjKX{7q!RnP zXYxhi#j~l=UA1}bP5#sEq~Wd?(=jE~$Ma>|3sd{2)m9HV1fI`4ZAc94*3I!CJz4)O z*AxQ6><1?4tuycsYn@BN1C|fF@Bw3oSZ$c2fZvmcxFW-M|Z-*(BMWfQ~4*;*{XCgq{CrQpV z?zZoER)MYOm7md#?fWP!_@$I&x-Rfs(2x}At;1#oNYa4RhFUvK-}j^LCu*7O0`2-u zKe`BSO1Q6gOZffWY|H3tI>iQ6en-;8NsB_!iNB|BzT$6o0!yNd+?*rbUg)TX`)vRG z#&y(3z6in;RL`u6G!ge8VE;Re(kZJS=V%G`^;yby%l(7fQX#k zUr^7XXoyAgjm5j$uJmO+?KVn(Q+e|Wb7285TV$lk&#ACdzo}o{@#*p52(r8KH)}TR#neXn8F%S{O!e^ICnVFS683wg(_-m`zj3k;ObUaDN&X1s1I z&5#f(WLm`q*y-kms4Br#&tQp7wCSq0e)jkh)+$As!i3wZVb-z*|5TcNX18&)6E*Ho zV8$H1BO?uMz-S-1D)4-5yZ72f5!uNjox>q;HTGo35b)t1V1hogMj_Hsem#bQgH| z+WyD{H7H{IrvG8R$#vu+L76^^+(9JAY^1U|t-93a)x|f_xn5xRZyFk!__(-7Oia4P z1~Nb{L6XpAEdTscaI=<|k7CC&J>-paTsNO#5nEg?&w~KAPGP+ao4gqa7s`aV?IO1!p zit%8PO{Ldk&n~usqjuW>$({!zD@AD_BtJBr=c7O_twv!HIPEV1cQ2-TNTX~&uepwPwt=U9@U+R{K&T2>GS8fl{|`Y-g&3eYXahQT)ErH zj=$`c=EkLk6>Oi!on>Ob-&8P;nP@3XNg!8<$(z`ip08PZE0wnhilMi+2b_4npLEPj z``Ce4bp)$8jk1TA0k>9kh}HT#%=dptNJJM6zsxhc&0Kh@5$ONSMUp+#Ay$W5Zbrtp zSddd*1P(rbT|5Tuf)Z5$9=ZF;<@B1cmia2Y?$9N@;#PP`uXLz3^NF+QRD%k?zlZ#p z6}2=zFnC7^jp*^kQG3}4r+!G7xd&I%UHjD$nJYTY)}?Q&SM_Gm$bWk=LM`p_a7DFG zgtV9br&)WeG4aYER~XS{15I4HJUU4SyP=}9EB z4pO_^?X|bv1a4?vTMS7lk~}XwMB{g_q5#mH@ZN+4ZBos_K~oO13G9WlBrpHM0z{ro zh!sAyPE{xOod_Xk*psfgp)%24A}^^#szK=%cR>xtI00{iPvR*z_Zqjv4Uf%^^{~$sWA8*JFExD#`ejDH=rN2c8XY~A4oW`C^iuaE8Si+^)BH}nQy1076Q^}Gi1*RGnXb2>n z7T!dQj%XM9&`|jgC4VV9MBwbGPpdWaEa582EhmEA7YjVBVrkRDlY#xuUu06U-U-N< z2fWFy34kEs)oTh@vDCj+l){Q)ASYm~7qA%#B)TP!iPs^yZ8@Oj*a4c}cyvu1m5m+O zs+|q|YPXSTvss?GPc5vp5OL6}{l^&|x2pdiC;YL4?w#Jcgie>)5(9$l!eyPo<-EUr zLvHIDk;mS;_q^nk^;nU}-vVY{UeKZC{xg=WVa`dOTW^l1*R@&ht#i{<=r3V4$s_~k zZ!Bza0)mhU-G8nVaYvC=L^nSTV!;_Cd#9I5iYq1m*q05sA4Ij4l)4C2(5MHb*_zf)oMiXG3sgmR6%;Z21I z^?{s!0dzHuwAOYP`>2Mqn2STwA4wxq7v~4O$&tWeFY`wR`k09;K6cYnQ{TLK^AYgk z6Zp4p-y|=Nus?D~E|;J{A{ijIy3!ri%5qBuI7E$O+M>7EFtBiR(&PtGo`)uHiCP06 z_^(e@z-K>-7Z*$izSHrTt$Hhn$aX}G>~dQFKGTKpsmRob3lL0_Dv0uP1Y5>K`Aft4 zV)m-&F015cU2Y3Y%`fE*#cR~$r&+7YUqbrx$BP6Bp?($Sgq()+=5M)yk~?q2 z4r_T5D2mREk#s_<5&KzFbuhz?Z<<|@$o)o!{N1b844_! z)&8fGB>l42FV7beQLX1nHp`GG$q*z1)PgJ&1Djo1OBvewEr|iO^D{7$TEgWf_0Fzk@PNGbG z-DBeukJs0WfqDfDNlp$I^32{ma2;x#^IAnSjjLMJUaWSLQttNYBd(Jr(gqskCjQ;2 zTz1sqBLV@qB8xe~XT+I#zuLKkTI_#X-Q^?#bpqSKA68$CmOSa%F!OB=aQ@cLb9^cD zql@u~!Ce>Br&byjq~AXqsJ;+iO?##Ccs5+($WB**==1&q%t8Ih zMr{mNw^Sg}`l`e`;8gvt-`^M=9Suonpe+9t>(iet_Py~c5I4Hp0vPQ8mrU7r!&%?} zUn3Te0BU{UvfBin@rXSl48`J+ok7Z{PmkfaBe>+*@$;4O7y*Y3Lc@{arTI5eh53f{Eprd(>iu?;qed4` zI+A|OCR#832-D+x&1_NpQ!^yOY(&G0iS^l}xgIZfk9+PGvl+f6a}R&XyHJ_2dfOnA zR`M?4`Au+~%Lt+Gm`y5#?pEz=K69$+s>0#}eZ`!Og|rFbq(=h<27m$itRV7mI$pSz zG=^>aC93L~siBYC0eT~=gAgK1V#rCuYUXEZ7+ur7E>{cVVF}`mS7T8uT93tim!`AvIhlc|!%0WKm9W-1x7Ds@X^9XE1Z}j!t=5pFM z=%c?CXWykrFRE|itTsCQepX5_OhNU%it5dXewNh)PkC#mALCf9qMb~4b>WgYgO&4L z5NrZ32B(?bKRsdNXJvo-u63_*Ibx|9n!{VeU>UY>-Ms zRv_`faXZk{(&;s?M`RzRR=-+@&UR4LJmn0&Oor!> zN3X+XW{RYz>@A*Wt@L!<$l8bww8AsD#dpQO7~)5W%KMe`REly@pzK_0K%c6z+`kou z+nIdzUKP-9E1M9`SBlP3pUN>9i@K#MbshAqHb<~cjYJi<;T$|>>aN-|_3eYbe$DHJ zl;Hs5Yme>?2!t9$){+Vud5}g$?;8tPY=BC4uV3>=AB0Z*dbz2Lb;IY1FCR4d?f~1Q zedmuqI}?lx;ox&!`Mi0|LP;QWiZmQW2!)&hJ5EjCk6ay+K>?j-=CNBMd3Ol75}u}ExE0GUw~PZD zfHvVWx_Lf?RX__mp@&;Q6;rCGE5z(<00l5T;^X3`NtbfTW&_r0%N{19&4=}8Whw=d2pHCIqmeY z8mJZ&6&5X1TLFj(a8${ o;k>xOpzs*r{p**f@#>Yg+4F~2=|XscSFR|?s7jYey?XQi0j@RpRsaA1 literal 0 HcmV?d00001 diff --git a/docsource/images/K8SCluster-basic-store-type-dialog.png b/docsource/images/K8SCluster-basic-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..4dc0320f8fe7065b6001b1011d324966a1850de9 GIT binary patch literal 44542 zcmbq*2RK|`zphk~1W{7-L=A#OjWR?Fq9sHRqDLLQ4db8ay%TLj^j^m3gOKQ>4@MiJ zm(d4f40rPXzH{&W?mg!@_nhl_JjR~A*4lgRwcg*m-u3==_*)Gn^4s*cNk~Y@Rg@L9 zNJy^66Mw62T_qmTY=lyhklZ6tQILJ_ow-e*)Ti7|Fa_bFw-X=fW@rtKZ^O810uk!`1uyWo@N>gwucteaCk$lP2m=k4>m z@>fVm+Q)*d3}U+vvv&QsI5}5+w1!@PyhcJIm8JYD@hc}{aT%MP$mw!jlz66g$n3CZKTJr2b0&0bj(tGm^C zNK5?ZS*d_b+q4VzP+)fuaDom%kL{bDDeY=S2K)YL!1e6F>vApa(D>r=^bkD<22Ezj z_?i6zxLwY9Vb9ahvv;*FPeUC+cLSK<=2Z33rG0dXP&=! z@q0g7Q|+xLZ6muk!2L5+YVw*a8rhWKRo{v`YudY#CG~wbWgK=ghaU-q2pJ{Ewp<4t zgv=a2HT4z7He=A+;H&LIAAflT6uncsKYzVrI zcV6ZD*IKrRw4Ih)RMlkFi8S3(S$d@MmA}RGvZTMq<`hlo^IRSUBiMIYzvmrT$!J;l zr*hRd+zr8SNFGaXhnZB!G#}SZL#Tbz92q$HAAYzT7OEU>)GX_kMaSb z<{7>qylM1B_FBM_S>XekUu}(Bn92Oei0$qkhlG0=rwc{D1iO}Qfb{&BbsNkl_4gJf zX0f#U!1}7>>*R!_Z(;dee*VT;J5=CNZ%uy_+4Enqt~4pFZa-wHQ74nBiq#R5=J!uD zG9IxoQ^LdI3fOxsayv3oI341&G`sY(9Z{^HZ9DbeajIyQ(ZUUF?Y!@ct)*F>Mui!d z`hhmF6Al^@HBTa1C}NJLe7lMZUn$7>nzfo+9#n=eLh9}q=d}IS_A1~|c&#=VrlR!+ z8ZO?(&{tTTgL3JRlx9oLHYmyzC+H}DIL z(KUJD*eKgrv$=i&c*_ogsY{~S=1as^P_m;EdhU&3ovCiC)0Fn;X#F?FN6jXtS}Ya2 zNg?_iBax2s69y!GcY?4W2hfE}w7YCP^cJ+5S zmf(^cO_ns2f*dE5S0-{!dIWpi*fL1~N<5gKDu>Rz&ujFy&*Jh92sn1eH*cnz_^)-8 z5BG64Q4sW*4U>VVPY9^ie0^&Uj1(>L(Cb0R2+dnm?^z*w}k!s@vA;5nDXClTnG2@-D69YB`MO?&ddn=_p;r z3-AZ+;8WZtB1048Oig|^3<*)+J!bMhY6sptMZwP>9*j!l`g_vg)buDXb)tPXIWK+T%bQh0CJ!%sd!)CYBaPvg>wIUo zuC+tW71a)o0U;u81ntQHjjMQ!x{SX2NA1W;8_JW~Al8h8E$sv?TJ9IA0#Ry5agWex z&YD)9+rHR&uNV*Yf?YnZwcydg3Jw2df(Y_kC8CyXx8ps)rK($WY7CjH>1|25=R6cF z>UClo(5QzUQfM7bhn3j>b7nSD$pKB`2YI586aQ$i@;(&WX}n zs>MXYPjA!yk>fLd>2}Cl5+$o;?c{+v>vFG74E;-Z&ntxCEvt52p)wmM=Sd{}i7`LQ#q;crs~3b1be9#Qk$ayBSF!pJ42C%4=X$e0uqBLokiDx` z*~m#3MUG8)4z05%D0TC6azSq)>q=r6b{MiDeW}M&vnN*j&Xc4{T-w5%*kPsYd1upR z=Vu-R6CPVsl7g#SP0S{otX4C}L8O{-@5q`5SiqmaGGhLLtc(Gv>NghEf90)apB;5Y zYsyH_PUDSIW5FLY%F-h^wJpA{Ir!TINw<~M)g2ScZM!eb_Qpn?0f`Z4pC5!@4=P~x^B#$>19-1Cy&+z+K`Fv)~Nl0*J{<*Fy@S)jd$rY)g^QrO2 z9VMAtV&r$d5^`zIlH$2>g%TC<7Etlp9WpN?e=gL@)X`YQkACrkJqaBg)A_MRp{o3~ z#oHY&9RXKTZ6;(!w6(R|2v2g?6<&~$Ee>w%Yq)aj%z@{`;CWAVCFrKkS;%$+4t~L= z$M+T^MkeP^e@6;P`(y{vp{n-ZzO0g$^zXz#U^Cbo9EZ%Ch~>BB^{HPwJ~O2yY0tPU z-Mj=}u*JCRrqp^fH$PxVt`!IP1p!fxfHA(S^}d{JlAIo(grs!a+w|30aH;rox3apr z&0%XFZ$VV>8>0qRg16Em5(u~He3Q%4M8K>hhO(`Bzd8OFI*qBWVc^&U7Ia3&mLR%y zTK%5A)*}a6-Ap(r8-|EeY8_-L#W-k&MMvo5-Dl=jYZPedlFHI{tS$~#a&?cGdb$x} ztTdmk2KP~mx~u7F+Vzz7MQnxd4Ir#u%|sz@nT1?3IISOEAiiPskE+5#-`_BmJrBdtkK7|{EQi}n+A`Ry&I7j!7|)CH z29v#~Yvm2=oui+{8$F>`Qgv7|`Wgh?blEpaSqh&iea#V;>uk0o}EAl`LSop|G0hRPMN_sE+M=g+-rIG(WbNZZw@_&7jzu8j%+Ui$FmDW_jt z{Z7lhXn0hQ53(913)!HvUlcd z>Vt-WRPQxaS4NyYqckbj=-7oq#e#OP(r34_i3^Il>VALS)%99yCr#-1=Twj7fr3KU z>j8FlTx2GTQjw2>f=0QwxvZCrW|XGY`A34N4uJse_Ro8eCT(x&rPd;R&>J0;{isz0 z`@_OIV2?EJ%zK5@2ICL;VH8RC4Z$+CSGqs=1uJlWRwm%5yza@gd>t?A{Vuk`dKNMY z(3uqEM{7l?F~GR)EvQF%67|Iq@?uL~>9?kuf6j7qOd8f)Ty{~0Oi;VkeHK;-WN&z~`9tSMcUMtS z(G4eaR$2no^8;<;u;%_t>j}WnjqWMzrdJ(PM$>(1K@$ygV8^W=s}BipV*qFJFFIqQPb~|G91t03~vnL8V}1W-Y9-i*Uz>%tnsa> z!(WKKhGvyT_(65U@2YRaM~{Ae?lwGlj)q=EA}C6`uS z>jTrJ*86>NDXo~@HcvFSS6Sr+Q|AlHjr@V$A$02#RzYjm)c3el0qLrv@zA_hW~z6t zT3d{M3xTn?vopU%rAqdm;=%M@5bAe5(&TO|JLRzsaK^oCZDcDpO{yyXtR!Y^=Ao~> zx3j}(N?|3?nLVLaZ>VD6z+<-~i!V#W&lDR5v^;;}LQ6*@Y0%8fvidMxdLYlr%-h^G z{?UaY#w=8V)wN{%ClKFbH}XrXpI4LvAaZdKY?SBI0@Y+e(QJNyn~$JEEwObj$=caX zFJ(9}yTm>x@x#9u5vcg?M0j#eO15p_vGEXGwSoB)%he_=9fZ)y&m)`s?Q;ky zAxfFV&@S~M&vH>I2X5Nw^TwB~x*|RS$a2WwMusb{Fku$IP5CZLj%sIxovBYxsX$|? z6X0kZTc-M&!(k?k7Q9ix{TwzcI)yPUSU%YZWpNcuM| z0LREkm&pivb+FkQu|LonM$26pEHmY;2^t#s2(4zGv6S&rOW-$aW#lyONNfh%SJ_*C zH7?45pbt4rb$=B&WYd2cacxYLNvDEJRM<4us~xLT=;WHy`ibF}n9NALZ;u4L4 zZD+=t7wr_FMbgW$nPx3^_Tn^=5aXFd^9N(Xt-}Kl@F^V!dhb=TLV6N2bG7h1(t0gp zQ*oc+D3Q(c=1>Zw{T2f=!;ZbAbxC8}_d&Ffq))_dnJ{vuw|CGBHu&B=<35V=PEXOK zXA1M1wAsFuFX}R)+b@zC`Ch=AJHP2VN(=j#mirar{98kKB2-i;1*GP6Y)c&0NM&Pv z3~$$6c#p+Swl!U3H7SuRK`3}!twxD7L`te9Y0UL~$8px;=boi3C3UQxKYNr^s!S1C zEJy6*q1bIrN->5Lcb^d4RFff4Vp`l_hM{dG?Jn)exN9KB#?jxhTlu2`$NJd&#c)0j z4jZ{GmR3XDV1c>}CySSMv46#yQ)0+c=235D?$*>QwsQ9|sc;Y@($R>E<(r(Am+J>J z1%>5heY?>Q;A9#0JRw%AwZXmTl~hJ#xYvN?(vzvJ+iEuQXr&-KkjCb@&e~MoQIa$L zaV8&N!Zqu9!0@C=6Wftu@!e#-REfuu?zy7B&_14v&jNU56*}ZY7-GDb?*v>$V}&@B z1Va1SWm=>}Yg4*kc985j=u?&Z*`qHLPTICJn(Nbl9y1Gy0YL|mk+&V}a?$|UJ*YUF zB;#}r^h9BDWteS5A)+=DlXzd{1l6KmSzeroZ+4HNs0o+s5^ELORiKIO-%~?+z;SO|vaWp7=i%LQ9YQ*oZ#S89%JDZ$3u7Yu|KxXplbjbg_G{zEyp3;S5# zDdn;qe>aWw*PHtg=#7lYe$#|XG$^IbJW7R6WKDoz#vvqTcgUJhhhRd*mn5B540Gwr z_>(gEr#^NNK1|aM~8`&gjr@3>++}Gnj`C(%- z37V6uL0nq#2T57o{C;+T8lO#{AsTH=1M9Df67Br6JvLs}--$;!7!y;WXTeX6`H`bA z&re#WA^`^*E7S6lVuhT&OY-)yVc~lD4uh3V&gGqg`2A0;woSO%;891F{lvAco;}yp z@mS=-Y(qa`n0ktk$#j}$snN#E23^3eQ7(&R4Zk|o9dQ9%v z{H#FiVn$pCX21G-XFujSN&6CL&>HGET^oMYJLGOX133t%Gyr)1<=MI<^rSmfqBq}s zV0Ai%a*V2#Wbgg@`nrCzC&uF3D3he)!M1%VW&K3=mREs!j~L0Vn}Q4wx*vAj%)LI!RWe%D28s9dr>T8`y->SZHU*!y{BFTBN07wM~9S zq7#ykvK8y0^L%1*-qWA1lIx4V$4N@*TNJCFTawhA-=?zf`J|rQ1FP+`5iwKWxExO&vv=((z`_M4mbv`14$XRO)@PeH1B7a_I!n`v_V4F`41HSf4*TnBc!S-B4| zFrD2wUu=)K+u85drbP&pB{RBy-89m;>sfTvJS?I~#niHAM zrA18w(a|h(l;Si4E#i0E0)C$7V8`x=yGGFOADwcZig)U5MM=)HV;fSFD|esTZe)}V z-UMLs!1Ws9I?Z>~+bSLX$}00M?Tc;~K?oC8w2TgI+u?JN?6xQ0OUvyGaG-%PbHP1) z8Q4uzedy7pY-@|*!Rods%B*=G>mh0A_hXprE@rjguCp2GY5Iw5G^p8QE+*F|W(Q^G zeTek{?!1%`4=ihr_TyRU7ufI4b#(P7%FQEy^LMPF7Nss{xiQ8vhdUXG_7%Gfg(<1K z2P1uhJz0fiECv(~nwqMrXb5O|e1lCQz7ojZGr2ecw@tSLKSoe(nNSk$v*X)B{oDi& z`FLKBey3)15_9rhD{J1G;`Awcm+l8FC_mTh52)XrFlM6gZ%<*WWO%a~)7p$hc)U3n zDaB0Uuq}--e)VJBtI|}XK}qD$mXv$E>2speK2LGv2#FM-o_Bnxrk$1HZ3|-|Q>M${ z_|7xeqV+6;<2O%K)+cvRyTdU<#_T;m9cB12?xs`t5?9TP?y(w+tRMPvt?pQ(OLR$@ z$5s?Z8`Ld!R*KFn1Sr#He4D{ufQqU7>mc#Ni;du}+9ia?qPbr!;2ak^gZ3vNykhCe z?N%~4miyByk0z40pLDAfgA@J2^^DXcl|fNwSO8M5vzeA1NS-{HYC;i!ST1xnRax-* z@#rl1u=#nT=LN%udRU(2&{p5u?6JfP36ksE_Ul8;%`5v+aZMqtD)c|HpS(GEBjEnd zHZ*31UEO`+VGAf~H=e24*I{Vh!Z_YG)XttVU-2kzBl#pNO3tJG%UOj{Ja>i|FK5%{ zow`*%FPRg4Q=<&cCO$q6tHY2UNJ=r(H_lQ+1!Os>G+AK~n|EsH5XjDFsyqw~+ecN* zr>mK`nrA92YlhPSW$a2=R76Z$JUe~aZSz{cEgx8ts7JZid33dT^_{77H-0F|Uk>EI zNHneFep=nlc)C7j&%zYeXhfHcz1NxC=hGu%|h;*iHEm8?c*ezudXpeWLS#F>4?z9&*etNJ!KyU%ft54Zm@m z$M#Sfcl3b*=~>%qv;WYt6H~y%0k{p8C#s8NO#Ps~x5HkIKgR{*UwguGdHl;THK3qu zDNp!?KB0X4L}0#Qf1|O3T@zlsYQOc+r%E}Bi}59PL{z-^8G2nNi&+yaNCRQk+y<>l zfMGy;YidP)4lbI537rfs>pS3US$c^XW$1O8f~dS~?OQb>9}YEg$~yM(dc4QkBB&+?K^oJxHXm5dE3c zo)vhd3FLxTkh^fR$J%wCGDfLjd710yW<4-~&$ZKAZ?YO9tre;ozP{D0sK}n@prIMS z#{@UO`4 z=Av8XCv{V#V!YG}i%<(g%pkdCYMvzJcFU}Rd`b*!4iid44%967gnp;mI7|6u9P9mG zU5t(1F05L8VmAubwjJy*7fNjWnv;OT(Q#X@qw;H0r$MwE3WYXOUxod0<_dd?r_brd zB}Um&dIrsGf9ele;k`#cpVR>ta$P}YWl_|$Z&g!dl#;Boc=v;2HjunSZ=#T zr=hx#;gVQaxQ{mVlhbmrH0?MZMt+fc^2D`ecfva^!f+gN+GOaG#qMkuG+iyCOF6!-!gfcFwhXIm$ySste7wTBF*mZ>A;u&oEjM0!h_P9X@Os z<9=IPl3dgj9Pt7=wK;p49yK4kb_PaZUwwOixyu#(GAThfia&8TPC45fWvILpAiGZ% z@wI3F2*Z8O&rQ8d#pmC;|8dxQ>CVC6+eonQMNVr)izvPvF=K;4l$WOB%||s>3il=X z5I!=6Zrv+&ty#h6o@_LpPLunl1A8==5+p%=$jOsDJQOGNeaHgck$$4D;lu zMznB0B)e}H(0c|h{UD3?led#o&>N~olvupr@t;0ELNqhwR?6o0}Y%&eYN zwbdEfT(lxGi*)s1-GI~De!8~dYkNmL*MTc5-=e;&NZ-eyK}L%63Ggz8ETLQq(MM!MR`Afy5dGRFk||a!h65*_l4F9*F|2ukc~#uL&Bm`Ux&!p zy_Yley=wceVUwW|X;5Wi@*EDNQfZBkzg6Qfa8y%WUezG>Z(0D^sInw1s)t|k*_rzH z)7nh;3~u092Dk0TMlrVvH(3PAfPry8p7%35&hlP-E?0EsUYwg$HY&b4UZ~sRY$47| zQ|_A6H6^C}L<;i;Fe!H&?xK zjIY}D09&ezq>Su?o$B%ohhp0^VM0h=UeGU!X73=5vSob3y0#&k~Zt`^s4gkd$YcsIr+u0?p$*Tet z6tDNq2od)TDW%6c2IEBQjrteTHyP-#q=kC+*mUA!D2g!^4TqoTA& zhpEEJEBAT>m`LREHI%*0)0j4gAoLv~v&TCHE&U=Qbw_Npw)FMt>?`Bx*m$;7)!Ty< zAu0Db7*Bh607jFe;_HV~gDKO4x(7P(i1EpuNtHUVy%dnJ(z0P|k%~VsRlSu3Uk!u4 z{gg2cdaY&QFewjnXf?{Hy*_h4SZCrWDQIfH&WoJoZR`_P@QjjfqVJU~l@t6LIzb+RZ33Kn9#|1mU4HJ2FLg zb|%wsUAfevTda2+^hixr zMLA^O7>m%|X5M~kqO}nnrcz!5X#!?$ls$N8VyU(9>rNxtA>YBzHVTp}c*C6`NSUB| zR1~5ABa3ZJr1DgYcI8amJsRoV&~5a7PqkrZ3vS@L?D576m%Baohf@lHV0LYR$n z4F&aW%u~%~_~C(0tAM1a@T3rPHl$6vJ64eX@aQOdfWaVsznW^PUODp9dS!L%v5?I+ zTfCO-^65u(&$!JU3jFDe2djlS8|Ukg!W1S>zJ&hiY^IDn)rfWb;;l^ox4rS;$*RH% zU{s~aySy_=A6jL3-_tF!7;?(k8@YLv`4|b;vkyq?(WPl2-n$C%c@mPp)5@lUV>N%e zTl`=JJinmDb$WQ<9UEQ|F;Amay0$gFDANtZakixoFW&#fBbvuj<>$Wh_Di>Q z8@6^H#*~}{Vcu$-9UWbbL~gAzf|#jtmD8o9A`H51{HknTa`J@=s~u)()cc+}0lZ(p zrbZ?2ph<)mw+_|$Sa=?sU>@0)vKn)=Ze(Mp{L#b9k~fY#Nc`p?`qr^Wu=mU>$&b7o zSd+J@M*C8d_5!_IgMGdaO_ZbZ0s7C8oc+_K=LYLT3_ro}o z9jJ%#kDl=G#eKYJRnMp-sEzi_{g<+;l@*AE8!C;j_NsfZCqHJLe4Pi}xtbR~NXcVV zK}j0eIazvGw^QC2P-eDQjF%vRaB5aS0G}j{I!oJz#i`TshKif~_J>3C6%8*mbbfm4 zshgM(rdCU|yX%UJDxe}UyDNVBFzpdN)4jnuM-ZiP0|(l(On40jn(55jSas8p)MoV^ zoXCcecg69zUaDSgTHjw!oFe5aP(Nii%{!1Z-S(Z z$>kuazsjz^chJ#O1;>}}O`aeHqaU2fb_57?{J4b8FVSK=L~e9*L%hz1P@3`PEWxuN zp%rCSZW~G4Y$pKe)1>X?#AGxmq%mMOu- zgwRm2S!-~jumg%!XS)%^*aw$MDFr*!{$j3TY_gFj3Z5s38MbMnUcY$;=cCFPQ@M6< z{eI4r-_I8R-`fzZK-*D*pLTE94&el=WhWlo^$l<;{590y!|$56+FFjf%%FY7QWwd) z7AH3?OSREe@<@hfk1`Sx6BoGW@_bb;mipq4*j78n7yHUVLw=P|tWuaxcWJ*;c7{>a!b50b3slgo*f5d2V&}BKjW5;$yx(qWX>bjw#flnj#r` zY$^KJtG!rd;ua7W*bTXX$48SapoqS_d$-q@@+i_y4Ju?McCeu~=+zaj^j4FEw^(Q6=S!|2d|dGb3R22GM+2 z-vYSMs6;re(hXT`RlL(-Dq^HV)j|KyAe(9qopW48sM%(40f%-pJ0AqUad zi!A+$tNVH5LyXDmTx}_L?$ zR(;WLdN~KJ znP>3Wq&*I$Nm1+jG6Fkgr-rX9h*zAKert7Db&g-PqqdowSPDj2{-`ZS1$P@Yufd-Y zMNjW0K9~$h{P}IT$uF$Q{`I0)Ug|EvZdR{RmHg*@nY>J8yp>JVaqIm9K$TpY=(aO; zkB~2}M!a^6BXm~e55YPqPds&#CmW|4b^CoBvC)B}bE}7r4@;w`CCgKqc1Vc5{rGMF z3n!_Us~cMkkgp;ftfEh3sW=SRZ-07C-|gJ`WI}T$tIW=;!h|n}J55@w+vD5!+{w0g zLLf7p5L{kNin8)#okDgo?EVSm&6lv#&oI|3GPY`|N~%Ba$`=du4cfdV-bM$EF%2;9 zbCe}Db6Un7e>SbDSt#%lN;YbzKIXN1m;Am|Uy>)jx6h#Bl?1g?z3(DL9BPc{*E<=^EX+>xt)yEXcw3LxDJC3dpQw)s;2krz z{+AOhAGu!_OjzCj%6n(LY;4i$PbFq&uZ1!!;QS!t#^OGX-sd~IFOu|g#=_v`u;@9H zl!02k`wtA|#6FL>zx-^F@I&os{WaSA&NJzZ&(fA`)*>)}<(4>``tZseWCjHU)TdJS zKbpNmoZWJ;yt;jsi@nfn|6^3A(+MlI=c*f`QAq#tFk214?x>h)?Pc&z_cV>?x8>+6 zLVvUWLkN_g-x{8BhqkQ$#e$26#bwXuzGo%lZ3u*o)b@{;C;ar z)Co|rtY6^vcvf*w#bNY3N5;r%>c;&)lKZ`qeW@DLoNm)b1MCx0F9YT8XO!LOPt?-tvF*!+~4&J@IxOqdlGBa z=l{e&`v2gD{uksW0#np^T?Yc#;@=|qT;$2e%N6NFgytV_wichgwKlDKrDc|l;oP%7 z*WYi~IMeluCose{vwEXn(DG=&au7Xd=+!mBvheh^S&xu)@vqOk-Rg+U4^rd1$2C!$ zZ1S@}ww1CUksJY1p8VtQmcQC)ON{eyx+dk4RD}=RpzSVX=@RPTic$1Ou zRPcj|gk&MDb~a7@c|_EJf~mH)*I!EooE$7t0V57^FKF4~`{^ba7S@Jq71AE17bHd4 zn2b97Wkt{+Eq%WJ{;r~`@J+rk;K?^Qu^x!6=EvEW>XAqTI%;hw!XjywT+;$@+%zo# z+8t)Ps9aYcQyq0*zf8OwIohsspJ3S&@AGPTCoOIkY@K8&`e&+2l|lyKCbbIn{U3Q{ zEXERqImx!GCqyYW`uKHuK1~>F>+kpQ2qBbz9;o}Q1~QC95^d}E4z5pk$$tt4r*eLT zHlFG_PwbKnyEXFU57v^N++G?@^GVchzq+Wt5~3XA=t!HE<=P@|cXW zV7&27orO?+^+0r)-M?u8zIl!X{wVxyK8;{mRmm-T2h;QJmR(&-+LfQEekc@*p0{xs z)}ovKb%hwZk24Y0Gqtufe-GHwn3x!t{p4>{KJoGY(``>Ow00Twx9^_h7iDYg-=9LP z`nP2+_G7aHE^t#*Q>mt4T#r#Bu}tf)Pw6pteQ+zO*#Tgb(}*Et;372u_ppA3K#X#J zmv}T+v-c1if_N(AMc$5tv^02aFbjQgTrYDr5^LhOuV^R!Ox`+R|JOq{HnxC6v4B5) z`--@aFn3QY8Sb*wMU0PF_^yAfVNJg7lnQyq^*Y1y0%COwS1O4Ua(H-nH{cRv*PD`r z%A?E>4ri+(mR}`WJhLx0vM-JbW!|Ym^9C-?4~OpGzVYXt56>1U1C-?w4bzEnZ))mM z=YseG@o?;`-w8pSFkw~tz~hxv)7HI?JAaZ226zPpUH$wr|C}w_?LtLG_4m=pf{lEc zmg_^ZM85LxrYH0tFSyQQjtTasy7{Li_!)*qpGa1zEIwVul{%D zw;i0?8jI?Q7bvBkA_BE(#z@4&f638hFhp(YjAJykt&4fFKVhG*=-CwK`2-x3NxK5Q zQg+0QjgtMpyL~)D6SBx(hxgZVNb!0@#XV8lnvTdTfZHKAu|`qkm`VP$QQdb!9xDs& z;k9YE>)QYzL^>g>zSlBguh^cQHC`dB4n4X-c{Zbt;+&EBFx|#6CYQo_-@9h|ZI)@4 zb&GI&TlVQ3KnV;Az-U*Ob)}+Sdcp*eRlp$R`r=3%wbh5DGxZW#d zvk|P<%v(gUQqL|Tq~qTE)zR+LZp-R#qYAxpPRB*|0aAXCd0iXeyUKLfZyo#5n)S>N6Y09o}nK(4?UdrD~Xp&!068)9t$m zelgmtH6!*HwKUhRA&l6GOBB zr=@zSar0-r(%(pVpswl5y7)sSx#kUcDhO6=iyv-Yw zb}_#M^s+F10=70v%zW+I{fiyhV2WuQXD+czeDK#cUvWY=ij&wnP5pKnpJC#h)bn8o zld#PW5JG>bC{cK_+g5v~Fu9hSo0~loofN!$W_j(X1dG?KHFYDOy|Alod&1}4+YmfJ zU7ir8?1TnqzOX3OLSRzg=uzqmA`_6sDCkXC@X5-t`lU>O;kWZax0c=W1slgp!YT>+ zt-yC(z`PX~I1aDO!;#Ozy_b+=huI4~*G#R#1UmU#=mn-45H!u0KG;Of9(oOuX$@ z(3s=a9&o5-J)A(tJT6Lr=#+AxH7}8CrieYUAj8i1$v^2zAg!e?mD2kBAGMoWo}vMz zlO-Zs96#(+J4EIeUfJOP`b6HlyMVFhIwp3{*9gaiMRM|MrON2~Fkr38l0;J7uPHwa zXRkSU_9Ug2Kz{AJfsPqfSUhYR4DsKC^7}CFjAO zh;3RasfPZvJOc;lqcFtTOiG+Mcd?KuxQSnGef8qc2W{eGQ`@FljxWkL2F`!*^rnk! z4p@g5;}lly?2@Oah8>b>8B~-LJvVji1vRfjGiLZ~sW0XVj_up}9vJs&;AD@ylo^gw zZjM~2W^wJ%vDCeR%YZy=>I~u1B4fYx3M;7I$&RECXf17OSXdiw`ih_?>=HTLqLphU zbePW3mutvPLaI~giC7|mM_s2BX=$Tzit8sOW~eQ2pZqgsVD%*=B$)AV;tU%~$`9i7 z*`0>j?{5=RRQ{FoJW3J18C|du9!~Zr!EIIXpU~R3{m{gFv0tDqk9hQ>$%R*^ zvrSTD`yGVK<$Qb;a#XFPpzx=fp_1_M@cn(4(NOjDpDN@agR2>a6?kYT3`1;hcI_}8 zzWg%g&q7sqL|EOf>fO6{z*gMqXvWV%z8N7MWpv#K{y&Lp3%%`bf4m+4UYgp!5VQZc z%(j10$cuj1<(U+$>}th?=>uz^I%p}nwj8h4ozX;KRIJ`f_s5qsp%lx*51Y67FX5L3 zg=pOdTy%Y`7ioc*&HrS4e*N%PFs8;@bjH}mmL9pR0|DAgnx^H_IhGey`Lb-GM^~>7 z#u{NLTT%=3Y6gYMcYdwN5a(@udre(5G&eU>q4Zty|PcH*z)+?*1AEgH#+@?FBTyB`jNd;yluiF+OAD#T=%#bWXt&o3Nh!YEc%#h zX-#9EEGsWQICW%2C+KS}xVGz5E@^S6T>ZaHG$Z)z0Y+ux+*j38=(m!c>QiGis}&e2 zbVo<$hAeeW93;~eCDT<1;={&zBX4ZJG7M%{&fmwB6~lrz$IHCpMpH%3*Zd__vYG6*vN}!#Y_(oL&M$mehr9>L4i#XwRdF_@0%!{ie_N$Tz61%s-`T@j!f3pjT3`l1ybC-?U%Q@{K&IRco6I zJSMInyi52_8e9wu`o*@Mw#rXi!QPK2ySX57?15?P$&2(}>us~fqY)aa8@(z~Ul&7m zoX6kPFv`og(kx$n%qwqhSLYLz(7b3{)@`C^WV6fE)OmRyZtL4S%-Iw0X?{S0xN`h= zSaNxa5LD$_LucnF(U8qvc71XmgF(4wfp%^deRoB7VcVwFtzP%1uf)^UzI7m1l|n=f z6u!?`RV8Ov+incsmYSIEdSZ9sUATTL_mH16n{V|Ml2?yYppKb$ zUS=pGr+3JetlJ&yLAJ#o1eI{p!uG}7;`8dUuCCGBKi=>w0o(_~%ZGPIuRDl7 zMBg4f16(m21csFjY#t>575&2;{>Grd8eR+^N6TNwQDqoShD5$JRBKWv)zKGnh8E;#kQ6>zp;A4w$ZM1ajraVWm;snyB(xm>sO zk9^?WURv2IAuN1EYzJakL!{Chot)~wZxI*afBD2sT@(hK70M7cH2;nTM0j@#mXrOn zL~Q||cC!348URE^yPkV%5H~>E+2R`5b5!^c30>d(i7OA{yvxm-#VrcqjJl%9 zy$Kt`Y2Z!y$m@hGu4ABzPNfNU*6llTb6jmHe6ZIbCoN?FTgt&Is99s}Z+JXD<0R@} z0H5E!&2NqVA|{zJ1LWW2BX)ykq7`Br<(e|;Je>~j$}i(=N$%3vaMUQ>{^ANOGr5PW^&U# zolCHGIMI$}^M=kj*fKY$6Z`GfI8E>NW0tA3)rE^y>!mZD^Xr%G?T#vj^eVtN>;`R$ z@Xb|N2D=OpPmt|B8{o?mgukh^gZW0TB=jR&O!>Z_XRVHUs%+$23l-Z|8p3=D4=m*I zFx7%uopCi|@t4l5js+bU;E)N_I$+IFFpb@BlRjLT{aqoZ-u*1_!c)7h_n0#E7}#4I zm#=aIQYQL-O|OtnfP8P4%i~033mR=SQD&Isv$0=shuABSJgzvDtX}7Z+975;#9I4l z71_upwz!ml$;$DqKqGfUXmStR?VtMqKw8% zt;@ZU>9yN@TR7Aq>t_eMlq8cw(!dM*RqQoH>P-dP{M7;Cc<1Bd7hymqZ7EoL9`a~6 z+kgBv*0P%JB9pz86y|W0E`#~m{_5}n8FAd~)fyZRtd`bxsfq=%j%+vFFFwhD1{Ub$ zW`lMbA9^6DEo@iqsIphm$g@(FBTvc3E^74x_Of*Bw6a#4+XCx>q>9v9xPk|<4hG9W z8JFJ){VcS_P|eJ#0L=qZ(&-Ff#h_@xzT{&SksUp}04%g*I`76~kZQ@YOC1@p^`Cqo z>&OX9G0MBOHl&C&d`4lHU;N+(0WVN4J%Ys%-KuMzY*tSirBNhsyBluEp?}i?2p2S% z$q(1++vqVst4kx7H84AoZEWPDB z+j&M$_yxg|*PpwaI`ziaE{0zo+G8q)BR|s^ zP1uMAi7M7LLs;fSaVZ~*ZuqGiu5Ny&NjV;V-OKzan(M#p~G^so6^i1ysGMv5uC28kpNj$2X=M=8K97GjL#DQ;+6l`6AN?Xnt(3da9-e z1=JT4rYma{Q){%r_Xtd*A@F?J+Domqa8Orhxz_HG$y{2wZlxxo_7qucukikDEhlum zp=s=ET1u0NdL3-qviAcUb-9KP>E+3#56t&6e`b?_uxxvyjkFU%rO|*d4nF^(s(k<( zC`#0ES^WZ=XI2dE&qQ4=JV{YG+RLE%{|0nGxS4q19=U z(q53Vb+PU2h$pspg7dQ!5Rb_vHV4rWR!^jNAjZH9;yU?=bKkcASnd93Jzr}7-w{f1 zk5QO-+P_G*|JfGOzr2Lv-(mM5YsFR%oa--K(G#_QHcv1Z|AM9Ro%RlNKhD@QHGuAd zNpsM?l6zoY?U>ck?fCO=iDs{2Uh)q(tK-j{Lx55pr|v*Dw0Hr+V> zjb^(+@|P8?B@NNE6``)48;(P+@qZ{99IM=}6iTk=7lt?db+|N<-_5&LpPEsUN!&Q$ z68P}aASK_@v0GhaF0#Q>|M6>M=L5^u^t3ahmi>q1NQ2wy3Ux4)XwRRuT>mHWnJ)3R zrKl|AeVtXVNL-tk^|@Sr?MV%Br#L-=$roxMkYjB!Rx#0J-5hJlO;d;%Knfj4yjGIg z;x0IdxIJF>e=Y+41JPKj@yET1x#{JU?Fy++aU;u`)zYT<<1brsZd|oYv~hrgQ%tw` zEp}d$t(EZ9p5_VK^=zHEQ5&03r77c@aVv60dXEmG3^s?G#baT9*>f*?e%T5}DK;nC zdg++)W$C58XtdHA;&;$xe0EO^>3Kw&`HSP4%m1M5t>dC<`+Z>xxkUk`8|fD57D?&O zp`@9iq?=JukQRpS&Y>B4Kt;MchmmfOZa9nkiG4rM-uvC>eBN{ZWME>=Vy)}<%}e0s zLw|{AoqDhCRY_Z$yK(d@jCQQQ~FJPuA2I`rNv5Q7fA~{2Td} zV@$S~+=^)^4E!{4E{o-w{RBw7`FZ4y;QicDJxQU6b_5b1l0X!m+sI5AvoN z)7w4weFKC7+*81A2im4dM;GhqRHY6!1-)6@i15-on~>`2xuN(}QD~*o0BF;Gp3!N1 zMm#A&*KcPR7jmy=nsGpCV~8!MAtg*2?Cd`kmHLox%n|nl=fOFpe}xX61W>s0%^cL; zyP_92YQoSfsTrI%HD@wY>ZuQ^>!cFPVz4a1)c{mng*+d=cUO0B<^2sUA7Oncr}QXGBX2+E?wyE7!eIEi-B)K+bPY$p4R5d1i;4O0cWwlAA zF+Qqi9eVV@rat8X`&8YSybhjm#1YI0>$k0|;61ZpQSpJO=jn8pjQi@mVU2}dea|cJ z-gyg-J4s~4Gm>B!vngb|nTb3T*Of!mTed&JP_B5$Vb9vXqg{Z9P{3GRbd2flq_Bf? zzOcCe;SN)eAUyVqkR^q#GqVqK*>H+&Z$S}9Z%w%rI}G$zg-G*pvs;MzHh*#(A0j-+ zU#I7Wvc$JIgWV%L!Rp9c-s$XvU9cYe>P61x273u-9?bTkc6E<)Mi=$3j&SROoF}=5n!hZrHWzz+RbBU_H5e`dU3lP1As0kF5oNoMJQ)8 z2`TAWa?2U{pQN8`Q4AWJhOZak*?f=2bZ=MS0tWovI$)LkC$O9M1b!0~80ZfOJ(`M) zVZDrglR5Gf9{|ZpQu?nN3|-h?G??c~;+ONd@^R{lz{6DJO9m_;UH?zeUJ(i);J5ZLNIh{uOsi$>kl?rON4w z)&C>(?XMboj_@1-hG;lC%h>H;S~)ts_Ubyr!f%C0Bhi=vga9GioV%7Gb7e&8*D5aH z#+*Zqs>IQ1-4YPeKeQtAYMMcFniY~)NKx9wr>a9P}OACI@FB;o+DVbO1#YY%9o-{YZMgG{D_n^RGPc32qvGyv=FhG;?Z zXbl`SP8&(MF}E-jCKhHXw%ch+`KOD9MTfG zq>g<`|5dp!df4{*?I5(T$v@+4_&syUXbNyu*DwFfwaQL%PVMYBp!Ex2X0OC-b~`iC4vdBHMnb5Giq}* z$QE^1VTNO1CiShXe9(Wyovpc4;=$Oto7 zJj$NSs0R?dinO8i-mx}rNrj27HZaRD>^|D6wgk||`K}bcI@%<@fuXTpOeD7Ks8j%9 z0*gsfsM5T4Sxe-622C{fE*$9`XcR&|I=bE(15ZH^GDxedxY1F*iGmCpWvjxyytafX z-tT&>WI3ZV32O z)D*x^{s0^k^0&*@$UngIkIuh<=O5AZ>#9KYJO4 z4|cDDegdzbhJ}xh4@?7p`X*px$CVHG8S4Hjd9{9bqPV^F#bkn$wAcZSZqE0hFION~ z6@Tt8l2;m+Ck`2~*#7tZjQ<5R{+}ux|BI&pXgasBtV~r|*>C->1#O~?pU;D>HUsqa za_pU>Iz10ma|tF$?9UG@7^gMBSU5X2=C;4ob<1xz>)$%e_7*!@01wyf?Cb@)-MdVW zJlS3)a*Oqx^~$A|Mqg6XgsC5GeHo&q`7;0$cW0({_e1aT3>#Jts&bI~zj3-IqJ@V3hLZ5i25WWF;8tGqT-&$!^ge5(_L{UkD81yKab+s5 z?0s5ldqCZ2CF394e34}UTk2Y$Xu#z3;+}FwVOE96x06O)!ihsgkK}=-swm|{iJbq#Ad}Z(T^p}LI(J}D;Zh|i{YcpU1*po_ z!)Dz=D#DoPoiL+-L=QA6iXES)cgqb^)SaogyL+tI@^Zt)rCQ7J4X1uoE9uvDo+C)G zUJaLRyh_7I&>uVVBHz@9io#Hr*R0k0`mFu-yC&Zf`0=Je6&*Xj_tOOj9Z$Y?;!H&8 z%DFW@u{i16;6B6}U;kZsZEV0P!{6^H9hVZ7oNGqOFVKT=?{38CQkz+zQh$*sS}ns0 z80>)~uA8uJI#?6&s@c=mq&-5Ur>PM4Aq6?)`&kwH7w)Aw_-uA4BN$prjS>^gU-U$a z+1)2l=5ca@kxKEH1#X^H`FH}VbU`;`f7WdFAQUL zm37jWuQi;u2G!nH*P3;xvRW~Ai`{jXc~4g|2XlOmJ%QIQ&vECZobqdQBu$(`>j>DX zI%fXi{U!4+)MEyH%&wqdl*0*$MKnN)kY$5J>m8<+lFtGpU9z)3yk~kTyu>~=E_85A z7%X*HHa;r%MVZLgZMpGv*Cgp&&<7RgJ9jemBYGp0#Zl=h97JGxbb`~@OU`$>MdeM1 zv0To&+JIP}&P|`VdY_Z;-~(P$9v4hP%2e;uB~Jdis;h6YIw9V0!$qReK$W0tM+rHb zO?u!2c#jck^t@OQnQ1*buE*(BSXb>SqK3;_$D|585Pgw9G7eJTj9Su4s?sWe+`scj z*90oP&ug2n!?yI)+A>^EqNscpU^z_E(;m@8FvJdawFt8QI>7h=Ew>OZd>J$xZ+?~5 zrR~ICILB?~#9QbSz2b0V;p1a-*SjJ5RgfBCTC%a2iTd$D8Mq>WQMr3-N$1Kzyr=I# zzjG(L-CAQim%8~r#hX{{qlZH@{8}P;MDOFk@{fJW`XHOuyuxjxLGxCA-owYrZ{EPH zoVh3yj!Y+i2R(u^J154#2hL@3h2G2~L@w(zDek=1Yu@PvN=CI>5Lu_5#i(uU@|*?h z;;PYly+qj;R`ghpmUp*Tr2^e%Ub#m&Yd-5oxe4%18(zOZQ5Ye`WE)`&Om^SJneMN4 z_ql)VV2ea?4t-?=KYGMB?i5J9MD*KTU~HzzY+I?fZ|e_AtcE*1(IB|&mVJr+)^R2M z*|zrQ&qR&s=AE)X)5dwmf9oWtUN_>FnstIpN)QcAa}EYouvnWIv!pa@%$*3}wWemT z-*=2pu4QQnFW>8MfW>YQUPnY4Rna9kh**e^c(&pHZnQrtp_0vx<-%hSH!CSj+u}QW zNoCu1SJTMj{lPRV4uzn@!9MX5cx}ssYAHJjZv=4udZMS>fof-Jf538s+lUGUvH-K< zvFfXFlsV)jHNu*x!PG{!tXx**_IXIF>~%Avy-IV>uwGqRFnj)}&9X5y_4K7!w-boN zo^8&wUP^{dfRN1CD(bq(Gxk*yqa-3Q?wuYqxMVJ%Iw`ZT0+xYi8lzMor1bX+80A_dq)%sFczc? zD7W_y>P5x4gw^v8$F6;6o+4;fsv2!PxS<#sY%g7am84AsBIIm`XvAH0phrNF6<+{X zig%;g8qWHBoTIR(UhOY?fKnZq7fSA{0go_lRD4PgaR2@5yHI+7&fnbQLTLdtaw!uK zR=e1E?N#*54OuzyZn1&7)>Y_|^}MY4tvOhe^%CXhYtpv11F52#dVJ@1$;AJc z-@Ie^KDj5nL&vM3 zsqUBrSpMl7e_w|EKX}jorCD3g(5ejm>vjx%D`eQnYBahZ+OySG3V5gQ#66yF2WHv- zs}?7cIH9WgnVYTajt|glpk93aS_n!rVyD#+dcB=~Q{lMP2#tN(vOmE5-U~x)JC@%RKXM7z;8#u@Ul)^NhRiT&s--lGs3@{_;U zdTXQNV{{sju)eImSdnJcsCA5>uBD!V>F%awc((_vLOf_{Oicr46vM`9@#MaT)H$kH zeDu$MWtG!co&W2{bGLCG*;F37n)&rg0QEkZJ#R%7v?!cz?)GVS2T0v)Q?y{Ij?DKwvfhM|bwp)DkW==esNMyp$ zN1nOd3qO)w?>56Dvx_Pe*Hz#lVMU_aI_ZDQn=9h!S5EryBbA&208;sNz}dlnu)+($;q*p=niu?Oi6l#0baVu^W6&KXPLPR-6 zR!Ci740jDGx@t7!FCJdqjnlCp2|bKKWDN}sc!v}=W!>YmEvc+N#uN;R0$1%jyKx_P zb1L`6r0jTHb2024y9w8FYtbxjTK}mZNd-=y3A}~xDt%9rN{tfA@24DUdnm?nX+n3I z@+Id|6M<-Yw@hu}F?$AZa zx7{_I^Yg(rDPf%O_j?rdN>~PKX!59`smWX{lkI!L=ip$lLW`^`k(-H?G#siH6tw+y#dr3v2NxM(%n*r7fzy^>1LAMo0y4w8y5Wou5( z7-H7pC=DB;*gP6?qg0IJQi1WGsla$se;w~d%3$f3f7TBcBIkd#SIkUc%v^-QD zTIY#j_P=WPloQrOY*`VgEXLU*pOd7GqQ}PshRtmQU(}XUgthBv+)ay3#oU=>6w;-0 zV;@rV55_Cw%?z)NL}h9Fo#yjGmE|5#xFN2b7jJ_o+-?5O5NQZh1o*nS_QLu8N|v4~ zeC0)rM&~7C7(ME5KR2pjERF}PdP!K5#jNnd((b?mrqJqU;n3I^!D}sk`W{{Z-h`vD z>@LO?lel%kjt&*^wgz%GvNvv)OP^ea3$|9#6~FK)MHSPetwPO=)mvzBO1u_u)2|k- z=fC+IUv>-kv2lgszDnX12NRk#lPZwCsbYV_Rvp~?i}01&{T;S|9QvL~;~?EEfr2g# zGlT@^-n0}$Y8;r?7mY`!{$*Vxd#iUn{z&+|P}-0AOB)0kxYu~LX;4`rjnw(B7ABdW zd9jVWtFgVo5LF^&0hOY~yRBdhpEprC1ZoJ~g=Qz1(fU5;UthRq^3mW;AzjxRLe;$Xt2dG?|h54eYr72%L*7`Og)=9siO6$)1MY{IK+Yh9}O7;`#JF}X@zLG@N%_852CH^ zvkTE2RqiW;npq;7q?jHZUQA-7ul*w3x0r61;d-JPb1z3S z>w_l&Wmhw7?yVR3D#}}vB7AXCyr?aDWdZroqhhMIhixC7lXnMR6!&TjrqqsERLaXU zd>|l=NHMv*N`+p)RtlFFvhI82`d-nw_S4*Cdhu+|>&4~fhmx~+5-6Tq@;(+Ca*83z zJtW=#nN~;}qNtaDHZlf1P2m;f=I(1~3GwlVmu;TM7Ynezs-ph(n>d3gs4D&-m`|TO z3FoC*A%CkOzt8(JH2(nE+M3Op4$8nUomHyWHhBeA($mz_EyiR5VEC+sfOeGn5GYSs>~5%Y9BX{(uky9%tbw`V|U(*voWd+Ci}a(%>b&*0cN&;49FoPM{%3T^))w_vktpls3QMtDL-JZ@*#vV*;@tUGmem zs_~3Ue%!vKsOo~+zjC=?u$+fs%+@8UO>h`{tf!0b1f3y4H1u*Ok5M37hT~$B_?eR< z(LrohB#wPgp|BA`ktU0={h{BYMdoLC_wE*n1uu^YEm%t3S*0;3j;+lX%}@T~ekN^e zrxxDuovwKL=tFnTz&p?xY3W%_$iI@`^54n!qWYUKVv8?cZiKPNwjhR{{kqUTr6MT~ zb*x(vtw|zFw!SWIQJa~68$>s1Ern(LI*#2s&NC~(F&DUDmwh?kF;NqMit|=4aOQDh z==|(9&iVKu>iJPVCv-pqN@E_k`Ut~!Ww=j=kx46Beu$r7xq>jxk3YgNn>%T?)kT0f zYA#!_bV==4%{W(RB0*i-Ai>@=NRJWmO-VR&M?@Sp-Sjv0^IG{!bRNC5A)?l!ok?0n zRcX33zx}+_n88}dV8Bx;ns#NVE%+eX(~7sz3j3T14UeYd+lIr#q;1azYHQlNv_QEZ z=Xavh?6(a-wtJZ+HG;tk$puew)nO%Ezqg+zex=Rruko0sTg-qm}C#KFgiM6YV>Xw9-V|pP~$@f0c zfKsh--0a17f^nLWX;o8p$^7L$K zyNfmgnTea3o8y+N4(MgaQ1%<>?*Qt{sdSEWp#|vWA~oQ*Jvdk$fE`_~-dv{tX@;s} zuyptE@Q{&dvn@k1;)$)`AGMk7-Nxy%vS|N|bRcqiaUKRZ*I!oLPkz43U<=TOw@|@Y zkuu8K6kt14(tQ@C`99cSlNg#eqmsD->$r}9stWo*9yDJYl`B4(Vt zKjsfRTOGesHJI@H5p@!o(|4p)W%{>S86W?#p2;^9$Q5F${${b9ZhY$YWpxP<&rMiQL19tx7p-xYyELyXm$KstjP}BIt4b;xPn_H zv#YZQH_q8A+V>?lKuVm?!q|KSC zxXlG%3>X=I+draSJXN)NGW~mOqY2q@j)&vty7A3c-F#wme?Q{r6O}v_4CLJanV_5D`44AV z5M-R3$3IhJ+DAXha4Jcu#zts!D}F`yMiRd~s>svveKv`uj`{})iBiG)fZ2?v##mgD zi+lTpxdXR#?dYF=u9l?`oQ<`eh7j+d^d_l4qa)N+D>xsedGN;CpL~||opo(rQMY_q z^G?iwxI9{tr<0goK8q$uE7qnTnp>JRK282MrUB)3_K;924{#4{Fa3y0Da5wGTV&>+ z;sZJmOax3Di*ZIZ+q>_5uD!Lj4MgYiHiqtZ6-%^xOeuFv0q(95Hu|KmVVCovR)HMKW#9DHDf)_gLu3dP|>=nl8p1R9jCZ85+_ad6% z^P+`pC~%35b5)Kn{}}%nZ#&Ea^l)2nWMjqRAFeabLo-KPukDPyFTEwbAaK>F8z!^o z${?O)<3%q(kovJoS6gr0C>DEFl?d$TMr2!OZ&NvVy>E|< z-bDDEZae{Crru|j;BVLNZ?9e$z{V66bDt<$##tMP3SdDz;j(>&KAgu#qZe%e83F-Fd%T!6;wTC zqirDsQu>j005p-)jey52%rb65;)gcQx*v0l*lB1q``@Huo_y5WgT>+{5%p-}?JX%5 zO8$t#qe`fHJ$$J{cnNA77EH3FE*p5({75y=Ui6GEGJ%fLGDQ(3BgZP*IElV>=ooF6WEGn`vJ2>)}Er!{G+ zjdgu5$4Azj)a{gwOAs(WGfKfkeU0_5L2d8mQ7#k9izg<6^2?Sn+4&(XiE@xp7ai`k zSWTJOG=EZK6on679UB7^a=m2#O4ub0JYRSS%=UQ2BCZW_KaZy*LZTgu#f*wV*F?@$ zK3K2TV_5LFechC)8C$_B5Ku`S(W@O3W)|q}ew!2w>qIwr%+iC0*;mM44j`wa75>2m zB+H*<=OfCSJdPnaW@R!)!dA77SXi*F2kXhNvcwfoW^i&5?_lXuR($pql&jdz}>;J=5y#7k&tr622AnYMw6#y2a+2#5{zw_jWx>W8@q zBw}rz&No-M0-t*HFdoPgc=m4>xN z;blp9#J7~T_ueV6NWFUXc451nJ0_G)uE4D@+`@@)0fV4Z9>yf^+09`sCc;f4qmXL9 zTm7b8HU6}7blV$Jx4Q9?ZytQ2HoP5@@VP`Oi>)AsjKggidck$GidD#8+nbP?aTUPR z^Kt_vL&`^_=}w1kpzC4oevbXh8<|sg`MO4$JF~Fa7weCroHAWT6Bh<)O=rX6;eqGLun{Xvs25 zkHvoC6w+JyZsj18qqNu(+bcv(AJ4H@07qLN3th?}6Q;5CN~yo%gwL9r)t=Veg_)l* ztA2G;U;+%0UE|H26w*!f;SF|=&m0>aT^e6129|;+u!>Vyq_j2fIR^rB4(CCj-jpit zYShke2ME^+>sOa>b9}{o)#!TG6ryzFfhoHht^7@2gg@BY)UU&?bN>mQu|GzZ>e+2CM zN$val?rqdVbq?R>)(CQko$ar-n14|f{#uOl|2JLnUm>FbO+`%;lk}vd^WpoQ(%hlm zMHQ$H^cE0qxG@|X`uoK{D zAy(5c%@{Nz;2jTo#-Uxvd)|xkCX^B*tb0E*=b1M)Pey@MJXXmZCUM^$XG=Jnn|D6s zCZlY5vRNZiD4nXH#8rd}>Jbe7)6@G9ct7aj&>Ku#D&LpokGP|Hg#r6*K-E2zHm1Mv zo-IH&8MvNy&VNKr*S$w(4UR5Z73SaBbl@e_IVv3`Wg9RO)V1f8yBZH!C}R8IHHZI> zUjTG*pWW(f$a=X>Z7@o~)}uJL1~DU`Akzcm*$*RyaP>75;b=Ws=UMRHzVe5@*RUiB z*M~G?kr!17O#1}wz{30y%Gt~Sgd`S(%%e-A8mV1iy>!;6?^mNBR@<|F;;tYh473Z_{ z-IqUK+j?OH^ZL^`bXvLht~xH zj|B#eG!5qs6V;E40bj`~U?J(2zcR?;u~TTH^5w=AUe8C`ONZ!&mIv>o9Hr-m$;y}gCEAvCpZV;&$2JjXdY>h^vm09!D5 znvKVNnf&xXCdMYhvi^N~E(7aSYf(6SV*aq_i3}+@Aw815@n9C&#-DGJ&vc;E=}JmQ z+V`f(kj2VRihX&v_DF+_Zv8Qn7iU)|r5lw^b-hRN*kuEN26>__FF(I$ZS~c7qeyR2 zjOUj(t}`o6@@v$^gO{hP-V!4wcV{qSg>c9@RyKQr+;u~ZPvlpHi2m4)q1a8nQhM^D zu-eejCb}S#%041>waz#weu%PPVFed65w%es7%{ZQ9Bd=YZbbsB;A-&(Voi6-MgLQ+ z+Cc0Sub=A4iy1%B3$+fLQ`~g}sBS9X(gAwC?B-0>DqJY?Ah00_92lkKhI4QeS)E&T zSM{xHr+#ILi`6>dn3$il0I@$)H70vUZ~ylawjcOQv!aB$vYDI(pUCe1=Tb9x2)YW0VK z%viHsu}(3%K%23MV2uD1NM?0y0b40vtv@!5BkK8?GO}&SBT4vHHdg!iLmHiO$MJd6 zT$hXv<4PJYIsHjsZ=RD($ zA)oHf(R0InaiCndFlf^?x;EO%1g+ScV?A&6a8S<^FBcT5-Cx*wpFd-|Yr|Tj zRTwsA`H&RI)BPenaXYad!3&pdkKS46l2`!H=?aVG{QKO+1(N>V#2v*IJ?O9b)-Ett z;fII5&EG~B?7mTZW;|48?ezzxM&;_tlL+&++ogfrzm2(GdTwsfY-M7-)aQA_b=luH zO(rlgP87lW;H9t0_t8NSw8ediQ_ZgfHA7zwbo7rkD>~-LUkC96;ltg{e!Jn{DN)v6 zJ(F(u8_V0Lx3RxY=alT!6_)pNsEo>y$mWf7-#b1R76H4gT%z1Qe_pN$iu@MMd=y;W zSU9&qJJjI~C&W~8L!F>wWu|kb>Xq{_XKNTS6*XtIG+xy~&8$ZCbq$TpH;+&C$9J2D zLFN_bBn(qR6_WYSd<<;K8<7^a#y;AnnQi?h#$O-a47OqPIQuS&r`O*-j$%<%#KULs z_dz0(?K*88E4_F2VfwX*)7Pebv4d`pHyMm}T@87|LAQtEC~v=b8)Fc^*s2Ob?Z^Oj zJgSrzI;*<6-4F=5cn!t*q-04Lj4dX(u}|jw_iN5EhpNPi(Q%4N9hEi~m|Ht-z{j7z zW_@1EyJA?Cmey2wzTqI|&<1-@_b-!|?sh54#zw_%l{eLHPmE%%=LJ~GY~<~;YSL(? ziFIIs6EoLdPE6W47M1IS%^BUYO5-cgubH^m`ihL(n_;=lz9t8h!Y|a5)h$L3L^wt^ zEK81d?Om*{jdG3iA=NQkYgg+P3LJdmpjgY^BW+%)X?4{$@Eo_zB53!Mdo8oL8Z_^n z?IZM6v&Nau(2j*@0&sEugFvNHJQcEWd8PCDfjdAEHn?rB_~MZD(!Aw-rB*xax&M}X zrwwq>`ndjWx{*KHN=Zop%DN!vWx4d`lw+!h~4KSqFWXZruI$RSkkN zuL6_q-uWg4EMwS;ZBZ(F3yYM^jiVugx#Q(*0(ANx2Z5KpUQt3I7)o^6!PDw^NLBox65J!7_3DRH%{2?es!i{hvw8|C6?s|7xxgRpltIXeJsN zcLPdcGu+zwO}=7zgOq#}PId1@GOU5c8y1i1LnakDTbi?T`T{C3&|yL8SH>F6&H2+2 zBUJ1GmL=A>wecjyjtn`=OK)Zcn7AccG^u%pt)?~KnSK@CB+c$m9Lc4{daK@EO2x*! z9?T@eZXZ#ianFX)B7)M=z05J*--2D|6oIb;fjIGec8I8EhWE8 zYsag2pP0OD)cJWb3lP~X?bYbjj?o(+B+i{Hs4IKxY;5afnyRa*<@d6QT+=63bu1x? zPzG0jW)buY_rVI+%~T}4u+ZIUpLXKtsarkGd9BwfAS^BAEnngms7gqxW~t22y&}IL zc3ApqrwJw8RtepM&j9s?8?LxGPM492wv(y3u%R>^O|P=dN+l-$CFA|&S-2As=W67h zf$4wbe%V#w;2eCp)L*pS> z#qrs{Sh%^kYTjE?xk(6y$K4zT)ZF&qwFo)(M_nXA3{X8cexU-_S()di&w9M=`dW5y zXIr%UH(fPA0nVLsoB6Mw?g(9oSwzVY^f7^pCU0uCb%U^n`T@6U)vUGtILZP{5wpW; zYh&A}XOxq@rM;|dGE;v!v)vUYLEa2Xtp&DQ`H>l^Lg^VFnxFL#E`S5FnhkwxV8buFHp;N`%+F-6jS1Pj*e$Dx;!D zu2fiyozM44)9?TQKF-M9|N89;9Iu?17=(|T%p*73?|t>!G~b_<2k5*b0 z2JZPk|6Og4JZ|^46=#tMlP*Qa7Bl4r`bKKUjr(82^QMeqR3TLdX=_%d7F~fTDI6G5 z{B;QRCZuw7e@~eQ%TFauVuAgId*H@Tc;m|JOilArMr^Lj!Y%VL)2a_U&9%~8zM5)| zDZRUgj8xaTftN%v!U#zv1-@)<3ix<=^`}hHOY3)hMB`K5_ro;eZP^E5=n2DoSI-1X zssJKxUqrhr+%|=5SGdMwcc>xT%STb<%_(UV3$Rs>3w{<+4OxWFnmbs?Hrw3YC_pQS zjSMJ0BI_4O!1e&KorVhhd%w{Hr+Xa=?w$B#a8roZl8H#TH#z_7>aose$U zlKA;8JMnohLcw@dR1xeGgKzsYDEr*YJQsK17T|@Q)*v3M^jy72lsuRhD_DUITQJ3? z=IFPN20C3XZg<9y z^A_|L)9060DkaXW?87#@im=#_#g+4yU9=@-{gTrUSH*|KKB504mF0#Um;q8bPMDZO zm;0_jz3B42t5+b&vxoQRf3z{jR-b&wlNmDn#*@=q{7OF~j@30d1*I_t*>(52ymZTz zrg*Wi^k#5iy{Er6RiOQdU;k|6WR^+E^UHrE>OPSCTcYkBP~xm^VZnHwl+ zacz}XoM9q5Co9`Wu?v%N(*t11CEjc_R7;x=a$mWtJ|9F=e_iLr^B3yNlfE`o8hNtp z0g{)n1}8RWyoRcJN6QEGopsX~Aaj3P&-hm!y(TnCE4VZDUfS^&r&b#zz<7aSBIj}# zV74p6GJggO3(d?Z`V*wo3Q$bBY|*e(@!sHYym+3@I{T{(tq2XM-4-J^?;I61EB`6= zI6x_zegsI5tH@u7eGqYhqH-kR+ItKd?6KS_>8Te=3bc*!g=H&A?I~c;Z{c0W@nBy%zLV0&R7S+aQE7Db1hPg zGjfKzC$SQ;wt)A981SAfofUeix}N+|2iGY}h%v7Dle^aT z3)oC(w1qTSQW7K}f`5|R2su~C+n6Iv--vxm#~4)=gG^FO{o&sF=oDe8VpEd9rYu5zOUs44 zmFfH8If7Qp%VeV`I9zlxjA-~`tz<}LZdPeZXmRh``%*}R_=WuTsHC& z-QmvT)0<SBexM)sCwp2zn>XaoqdG=YKQnmuqA|CrA&gR5vnVE<*Gi>aKKO9~i5$_(-l;PJ3yU#9Fdas@> z;9Bs+rW%yJP1eBVw|SWw2JCpX&`tat^IKFLyoWUTX1J zeU+P?B^JqatQ4z<${az^*9_o9SM}FSkK{IdY0lmy@N`czkhaqFMalfV>Ua3kLy5-; z@66yN;@z_7s|sJuw6kCE@1Ij@V>2Hz*{&|JE1W}5blVySC8$&@4cL8KULDt3)<+S z#F%?7v|E=*aK^Q@^&C$~+|ji!njPQ0bI!In@Q^!UEUaV32m6%4$ir3Qx)yS@s;WFN zn8vz(hFN3+X9MeN5tfv z>gCfxd`do-LSY}Th+szDWXJpFsJ-o2OOR1o9&a1F7BUI8C4F z6h=aIe7ffON33QQwhUwDS1**mS-I@B+LC_ekJ>;8%X{HqixxxNs&d={dHY=jMSX)G zy9#JW)wqJ#<41t~bNV;8egz4rN$ExqUk|s}HooMpSNH+f<0?*YxoeGI2s+3P^}Jh) z+R4pzmN(4OSwKul8L)3 z!VFo{3K``{#upb`M4(WQI=wH{8YK6q8UuDu4o;>ogbFn(oxdk9*YY=to~2R-gfTib zfPON&D)fU}poW|r>JR{P+6Zsf%ru3`vSfB?39VKiX|l2eum7}ZXg23I32t3BOZ|=bmt*QAr4`PC5EB8S7Sq9HAl=H{zw!tlcd9S9^|(`KW#) z-Zn$O8Z6t}LtQq!Ee0hQa*qj+7T%sZ?EYOn@K4f<&o@7<2q6uT>=~%xZ|~xrmQGBs zCS$NBJtwyfwFlUT3_K5Nm9(+ojskaTevKn)Vr%LXpub&NcKS*7R0d;wO<4Jyv3=h64qRPbsEy;&FV@atouUWeDnW;`Uk{yRI49D|F%p9Pu_;8Q-oRDsZ9Ms)2!m{kx%c3u$Imy4k8>uKNqT)V-Gz z)1bz(s80pbxj;|7<(@XE!XbXnCGW?f)3;q~Qu{emLb|+za4GG$AGPv9*orLf)NzA& zQ=&`_Ui{!g0|;&t{57LBc!thrXME~9w#esW0l(U=kqHeY6F_$EwWJAiO;oiXAj~&E^ z27DxP$sp}UJR-h9r(i)(E&Yvzl7?~V%Sf>E&=ka9&T=_qF(#4y2ka6WkX3dyMBuy@j*I}K};BDW@){6LQS-O)qsrJPBJKbB&JE{P|q9qp)k^Wgi z7;a!rHp}e!#gEp6!wPKL`-_E+G;F-;$T|?@&I_DcuQaPy4uiX|~_F()ZbfY8;#qU65kr=iK zG(}133NF{wCKY#UUW1il3d?AJWTROd6Eg0G5P`^>FSb4rs- zGtLq-dt*JMNQ}tr>t;7;c=F?9|2LJ!#Er3}`U79@%s18roY?NAGnjkn4{h+cnWG1v zeHX=gg0Nw z?90vcw2jvKfRzy$T>>umeftU(Q_*fbnM>{4(z^1E{PFzkufTBzz9{HP7ofusCF1kp zeFoErc=zf~IelhPN$|rDY-_YJo%5$5XT^_m=_yKv>5cb0V1^m>&r8I$RxpC4wMs>Y z{w{#0^8Pblm~!%?*($Rl_Q+SmS=gwQJN33pp9k&pAY!Y};N_v!3@JHdg?Nm5K(fUZ zdM2q4d<({zvWJH%e%(g;KUT6w$m3N~mOf<$4*G1X=Q|zmi^k?U;Noo&a9z_6M|R4} zuVC zs7x<}{$0CDXX?>A8?140*PSzh4g3*0_Ldf@+Qu^B^Ma$-iRralzs3+@JT_vjVWkap#Xxw~au&u5OJegT)0_Xr7xmGaMy43BnN>3EkQ2h~;J7|Ascke5eG^2Y;jnZZ=j|Vzwm4ov6tKi&B zLl|-dXCk=A6pJpk(6eF(3 zcQ{4CYPpU z7T)D!Z>H@$yq8X)NOt%8e5&_R@$`CSO*Po`Mu6-4QP#dt?_zvV2mZwBxI?0+gq{{@ z2#Hpen8jqkQ|`n&HNF4CE6%nv@EyOz&|{W92XL;qofE=E+wHK3U$IfsM41HKteB9R zeMf%ghMsjVo6%SF0^2@hs8dVKCRrPt41M)%$ZI`rU8HCf%PQwt+SJEK5pQt@Aa?FEPzeh-LlE%Q5>LJR+L@l)#6H*Y60l;qD|%U6|ZMxAz+eY+F;bFHy-k>AJ_`lKXZ zH8pe(?pqT$Da)F|{v67%A?QYfOQPEIMPLRCF7Ky`w<_vlD^&4xtzv-Fr=BTUg)xgU zGQmk=f7GUDAkZc|=ay%8q$(QSkpFS^5A;8hm0^2Ar7@SuN`90+tuE26fv)FPTXCzX zPTc+MX5#P@(OkoK#|2LBn>w{eOjam;p_7(C(qGZBf9hUS=~RjlbL3G*c%8B$mLIWg z^v-BprhD76r-EC*p)9L7Ydf;4YSivdsx=G0v6By%;85tZ8u2(Je0Y@M88$0t-q~_v z#zK<7po-DT>lO@L809PxNqre0w|kR9C8tk<6(nS+xLIf-Fdc_B@IxGN49+u=uk=Ih z@Z0hig0q!JFh6p@wEfe3qNjq}B<&vSE=-W1`8{rGs67tdJ% z^$7i!T^#TREE0*Ac&(Fzb;K4yAn#qHZO4sY4j|-pSW3a`RiQoV@TqBd)k&KSFK6oY zD_gEW>la(o^*n=yhK7vIPAdVOVc7iq3d1KH6`=A}Q182vSi?q4Q27j3)?IDNH0Uv)aiurd2jQ_@f)ssfB4G`|o zRB&9bliY48RJ$!raqZGa0}k~Uo?+}(>t^^ zv=dru@^e((uFbgn^*M(d!SQ2DZjYw zSMKZA6)CHMANNU4;Ah346LPk7V}<0!>vt4cRx~L8a+MSO&7V$5o}3@dWh3$hb^{HQ z#qjlv7uT8(c~k=d^2f`1Da|HA=5MP-0>$VZ(C&zqbmA8&2jKo}{B2%`Ck5SnZN_X? z+$%s8`b&r3)aZElPWuvX`~x$a`%=t>yp#`}UDlyS`mkgr?ITMZqgL%(jL3HgPyryX zI8vB+j>?;R(5`v@!q*sEqHsIwQtSCKd%P$(jIj!C3r2L7Q*Xr zeFt`ir_b#Lf$rZ^52vVG?G^?r3MX{V4`=C_LX+D@*$WFIK$nB0 zkMVYCA4>>BwqNz=u9krWZ^21A)Cg^==ZiNSmOZr#_)C}I!%tsY#vcXVihZnn0|Rt{ zbbks~{Jo2s)qBYmObvzJ^i{kM5q6;G<7v}JF!5V5|yQ7}6F@Ff%m`H)Lb-!j{GhC)6eL%3&4Zhw>xu}IWw9IcRi%a{pO zrFnT4sGHLx*sYWAYR8GAr|>_&q9rI1NzOu4y96sFsPZ4({6xp9t5fj@KNQ>U7gbJ{1}=7!Aj8 zkp`g6=PiuF4(Vs^n4QlTeA4VPT~COBzZyu)N-tLZDs1H1J3g{0pezXP`F69`ePv>##|GU$?IhP<) zBx~_<$8LWnQ+(=%?;i_Ml|1_V+hC*Nv64@dL^U-ro4+YbfB;H~zzACpC3xr6Vt|Q zqWaxex9dKuy!c(Q@21KxD0Ug&7cx|B@SUcnyB5L!0cRh2iIW$x}j%e z%(#5@Mrf#Ir-Em(gL;Ck0^xc2y>HXwE3@`zEw&`C_j(Q39ir&;s9>!X!ZAJ#zx)S- z%)DF_#e<{f`qS9z@wy+M(z&$$P91??UEDHf{8%7Wq4Di< z?EUc*z4@Zl35v2#$P}{w%iZ2ItJUM>hO~}sW!pMD@bs|cKB~G;iL=^Y`XHW?-}c^5 z7?bT8c%EoKh@^sfymAJ_2qKeusl{hMSKJM~;9L9-91S&`y@lf4-9B0r=BqtaK?zMq zaD%8R*^>t?ejH~|phU~MFJi=xX3lrl7_et=Kb7tFTjP?It~G1FUv!FM!d574#$MX# z@0l)NJ2`5h$5;q21TCLNn`@7QR5j$&zxw`O9EeO0QY2tB@U))qD+V257w1-5W0&$S#E`x1pVN>qyN4R1EuEsXs7vexEXiI;E_i zRjr37qIubNl@0d@pR)U7;cnVmg03`{wL9kcty~A@_e$E+EU?;>12O$fZTkpA8R_Kzh(#H`yr@aLVDifAQ^h!O(fIcE`nVSI2l<*fa1Wgx^HFL*45J z93M(YGf*i{y?m{3dhuc0`6{L@$KaZ;$x!=OZL8Yvg2p2EEcg-^O@dk$?@e#39ufB# zQuK|A6&>@O?s5r!*zdlfnPm{=^SeJtErAO6 zRr0m%*3PU-$J7KQB!_=?gjk8L=H8;gHhJ~eXAaM?8wN}F?W4Mq5c(8MNp}5%KO2{~0)N*0qLU?NHU6;e>8DwJF26=d(H)Mbe&yaGKb>(H zxHt8Oow@Hu_ay0Yogl$mQj&O1N9wSnYIw-;X900a*CJ<>k<0LuZVg_qmhdqB zwLQl!7Y(=tBDlQemM+veND`w;x^i661zQlo;Z7s_vbtlwX{S9tA8pL#H1$>NJK`^W zQ!DHHMU?ceu#1bW1DQ-~WwAq^cuM-KL-6p-8OBy|<5};lIu;?eOc9RlO|O%4Xq?h* ze$2)ht*I63y9nE3+-=ky!c?iMeYZncIG*ujNe5nSllO?IIB;>M9v8|x><1K26R#h| z+#JWaxATptj)hle4MCa-5MA%rM!r|B(8y{$egu`2?c!`dgL3E2nwXdFitq+$eR;CG z$)7nz%V`+g=C`D0KTqjg6rV7s)5P;q&S0gp&92a2SBINLH^-m%ZyC#9G)hEFL1w3e z3qFvE-m|wNi57dK^yWg9y=i5UAuUS(NCgB02_r^-A7^>BArleOB}>qC9uG{#41#O9 z0|Jv3G9RD}8H|U+kDhIxO>)1?*orq8^}}vL5-cp<2TIbuDKpA zD@x^da#z5qaW@PtDo&vaIM;S+z%p0;B`$*i^AzS=k^^<1q0%1pI7rF#kJZJASPrmn z;bJ^v5A%ly#Yj9^v}a6!Ix%L!X-H;jW@~Hr+LVr=&Js*tbstL?Y&&L`fHTmrAK<#Qi4@Hmhq_gWx3rd`Xwu)2AJVUiHLeqLe{^l8Hh4ho zM;mRYEg*w2sL@zTTakJOU(l)Y@gr(&+SV!Z2P@y~SsbFQozpCO!{#CVPU~p8dAgLq zuivuTJf!=4V?%E^tBJnL|8?AB6exO!8jPN(`RAG^fVa4N>Y4ev>^ z@+O0QAHnEZRHVHb<_WmdVj=JyfgL$c99VB^LVYbQ$>Gm6Eq>MeoMCkzIm>Lq%lqz6SrD_qHg>x&AA zD8>lijF<-*i*r!&SfC|zW2q)svT)j}MOKA2{<{P28j|V@V&Sjsk^_$)@a=szOyhx%avij^$ zoS(BD_CG;>t(2x`V;a-brUNTK!^*@=ff%(UWg2tJs&dYLl7$eJ;AK(s9b^0(3TX|h z+!A|I{TWJuO_dN$NxwO|F0?FxLu{fuR)X#5VWsnV?&m`4f7NfU&iM7)SHQ$raRAaz=;qBx+%@#>UMrO3cvcBPrz}@E4!#^QRf8|#T=$Df3 z7at>DAC+;Qu&`l!4eoxNak&$A0vviXWPqcz+v*#s-Wq)q){2|Yu z{Gy*4kL>@Sbn^ey=y&_Se%}7yOaA{Gil637=tQfWUp4?Zc~an+FzMmb3dLdDOPMJ6 zijdfP#&xaco&TI@H1iTzUI&M1kH1{Y{ot|zbd7uoz|G~_N(*e?G}z@PPUucCH@M$X zQ{hu7^bnaO?U^|D_9E^QWfkiVoZ=PScLmPRDrl_61fsJtK4uj(+I6I^BwG6|!}e3n zr*Y2?e{opYH*_<^(x{b2>*#D(tv_kntLsvblYIJV-Lf@<(V7(frvns!(Zo7gn*3DV@GXY8S)^Kx` z-$0f-P}xiyPbdk4rpv{qFjrb{M2y8`Jm46==`m&B_NfuQYAxVA`Mq3CUXVbX=)a-+ zL=Q5EH~Luc)48{Q`~#bm0zB z?eXMu>-eV7hA2>IbZ<4QGLSJrB^q;?iEw+(h_5;mgDiRt!wO4pT_Ov@I+;~22@OBy zIayd()?{49pN{F<)H7(B({&vuHB~1hWONRDk^gPo{GhriEN%}I{!r0cO#8Ke+VSyQs-PmM!y5{$lsu?qcc z8$~6DXm*TbK{H=el%eYw?0m@ruB$}9@Ac=?Aoc?v=qm%^Y@DShF*kfX95J0D$o5YfYX!~T zf5r}M@c5p2kFKp3XOm_eCq5)aC-vQ}`GMKyh3igirFba^Z4hk~AdMT9$du}U22emq zLr;w<)3UTn=1L{s8G+oK%JuFro`)Os?!iiQGzDgi!e#_v-*qTN*iDX*I z7)CI*Lb|u%ESn=~C&rjv$a@mpKQYd;Efl-8k>ozc~ry>7+sH)?35-mSxUdkOA-mb3LCl zLhJik6#dQ98@;Ro8!n~Tij#IZOZZ)ZDtvy?sg&+=$Ap8Z8tb=xifRM6tC)eZ*$X6OaoC(1Lf9kZf--TWdUSUMv%RgmR?TDfR`aE zZzDT)NI84Tw&EzyNxCkqB%uW91}Z<|T!c@cY%4z=egC z`udYvFJBD7l@YYnNt7#Uu^%jmoAw?-$1@9MDGjeB)~w&&MdYIqleYB=1f={ohngcB zdZ->^pxEpn;Ea&xXI?M;&M!8{sz=(p=)tnld^H!AD2f4dG@>OkMRZu)n%7V(vG!5? z5jsNxq`{`eV{T_<-9XK+opvEF*4`->=*O|K?ho* zn8QjM#rsoFrVhV?=Km3s1PHsr<$FOzM{H6jT)li;ixbc+4pG%C6dt(DBmszp-NeHct6C4< zm)oZRT-h?ZBV-J~m%N}v2J?yOd`W2t+_>zi3JneYQ{0$nK4bec?|5s7UH7Ui7@R=q xaM_Rz)Ph|A^Tox**uj@r;Oq6vW7M@PboNpDu})tjfnTm@sOUZ}QTpTce*nOl?}`8b literal 0 HcmV?d00001 diff --git a/docsource/images/K8SCluster-custom-fields-store-type-dialog.png b/docsource/images/K8SCluster-custom-fields-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..3d2d82b51e8357c103293d6c370c8c230758cd4a GIT binary patch literal 26641 zcmb@tXIN9+*Z;{aHbg{4ic}k2Kt*~}0Z|YT5fB3jJ<>a&b1MqcEg;erq?bqy5J*It z(jo*11d>ps1_+P_2}y?EGuJb7&GVmYW?syT^JbrY&ROg1bM{{Av%f3pv4siWDbZ70 zTwHt)9~eF1;yUvF@c4f6$YG0RTO&Ug*IBNIMt7fv=WpQn9iGx(l2{)NJS=M!jrN^q7x&N|DqHKR;Szrfe(>c5SYYb#ssf`sDW8RK^9w79#@U)L`M7>Kn)OhY2D5wl z`4zdi?i_bh=i&;w)c6nAJMJ7lu7AaU`EYUlz2m{nb?L+{F)l8xchg*4zvl1$$ATwF z)?Uw70VxiR{GPyKmGdRyIoW1Kii^fNVqE_M)?h0fOkqqY4x}56XYDGc6z*eRJCoQ5 zat}h!fcPgf7-`=U^gC5nCe?KqFX&X;>O2k;v!9xhi~sw)lM zvS&AO{={FF z2)#rUC+rs-$)Om%QTcw1p2Lbd6L%2hF77AO*j(moc3`!XL9ke|7;`9>(Ba*+QwBBs zSeU6US0W2tw=YE2R{buWHI)pUa-ouaWOXs1t)9GUOxE~q2sH`R(dkWg^Y&lW;Ns(KL4J@A2YSbc$qo1Y^3C?DN8cO$s?=_CN?KHIRh8)RCl#=|;yP7n zT?d;ju3B`x`%>&&(@ey^Lk0Tpt>* zH7OoGieAEmJBl%BmQxyFSx zpQ>PW`nn2LEwjd6ILwJuT@Q*~X$m_xZ3oM?2_C;5Jid+Th^f;j@F#5d>^*24MXqg6 zeG6EkZQq`lZTLmYp921gyC1)3{lvN^X}+p@?R8^I-*k&?z?xfP@ z`&5~{)<2`os1sQmA!kC~dezDFj|}fC#^6@bluoQeAXYV`;N?q-=b$1MD}KyO_^mP~ zf(WV0(~u9^5#sc<4}3Bg#`T&(T0HGCz;N+urH>wUQ-mcz4$QBc{2pNw+J65cYSMCa z`C!Q`+K}K9_h}uxR#gbeCS6zlzNZ~mZXXSvwK7it?{oG343w1X#Hj22}{6c z;jqiGl%7+CE!Us7w>zPDFcomWRMWW7#eeyrWv`hkOg&rnyTvdVqIbFgE_WE~2cby!jvQ;AD01+sPeQH%QBTwB5duU0(j9L}qb8HBRF zpWMh6wv>Q4DK7eh;i3xB?`w_9uJy^@mp*PsB2m@filEXZCO=d2@hx7xpW5#*!qjx= z!rH`q`MY+or_Cb@GrMX`=1kHipV}s0D4%@2hWI~WY8y~58b_oE9%{|_9){3bo2Z5J z0a_;H=Xa7O?<|^ze4F_M#Traqo1mK>*xA6To3%Lzq=ww_IA_wPch%H}TqT-&LtSmS zsU(77iXbZXlsaIv)CrWtujO3%%{gb4G(X(m44o6)|6?*D~>DVw1aiH(7!f zT7%TmgJ5RFJ`8JUPuS5>bajkP3a85J6agQKj*;n`YWln8zPXUQR#ok}do7Q<{7%TW z4ogDrZcP&<0b= zfVk)KtJ-p8l$+^2V15y-12Af_R&n6lS^HgoKRCJ_T3UPisSRIV!L{8NgL&+qLpNfk zCk?^5C~;h~ddJtY{i^F>6P@*1?~1!7`JyrkJ?jX_-u22#VtZG5xHi#(nSJw`@?dIb z%fGk#5H4{)nHG1r^ACqxOxbVG?3<+D#+9`|az~zsY`dS@UuXCmX*vI3Xm|=`Z z!Q^*1WqZ2-oOOYWMb@B|6Zu5g+Gw9@S)*RjxXm2=PD}Z#56jalueAkoPXaM zhGvY*HEJnnLC{3R__@;HO*Q+o@cCK^F;(=NZ`(6Bd~1q_2vG6NhCu7EC#}=EijCi2 zbRvO&mTJ5L)~FvW{KGrmeQt?GW5=hqx4%(lpT^yxx2S~xWrcM41k-;QwGO4_-2(4V zBAu;UNEvz6G>z0<*mBP-#`>Ug(-%73prGW;xHhWT(e4DENRq*bER0Q@{k(bUj1PK} zTDeeyF?a&k)A>#qscIh~7J3DyX|XUpl#QR%wR#Woob;%jooygFcyVIt@6Zn(eJgZa z8% zMX}rFmtCTCb87jF!hB3W#4#Fg>Pt`CnKon2@c8<#B&o+`I6v!9t3vYC+?TPxnh5<4 ztCauqEWKIg4OO;8OJ9wB-}-$g9&zU*&gq7n#w2F)&oU?e#%ShgpND)Y=9J+}WOc2) z$V4RqNU=??37?=H_tO8Zd8*V@!4&2Un<3!12&nW33<7sDCSS(?d3tIaz9tE7dBAZ5x7FYah+6_IkRUZa4u5wmxp~67Mlu>)7fsy^!<% zQ)x>w8k6E@Sxz?M{2T7I;N)oHAp7to&vCwHyJ0(#*ebmOJ{HEpCpw%{ccNEj-$WBD zCfe?&-*ojO`e34u#{LtgHh%nyj+P!?H+pA}LSdf~SGz8+hnK>#v17wU&Rq02-bVmx zdit6on<<-(FnZLVraJ7YxP6buq6+xg4OBYfM@V7VPMP9w&V|Q>9|FJcE`Pb4B-$4K@^jris*EkrhKR-Y!NTi{-Rt~ zg~xaQjQ1lv3Wru#bAH4pO75u{MI8)l40z>XvG6|Cy8wfFb`c|=cwVL!&S2ry>)Y*1 zeC!1I`pn^~8lH76Wi2hVvUY(`zECv;`yIZ$A#@O{d%~n3iL}YN(+if+4Y~4fm$-+z zoFkAUd-M88LXnq0h$GrggXXqza`{49Ady*lF%Rwv{`TPunxx1xthtCEKXhDah{5DM zAXi@nY+#&Dq>EkJ%0j&OfMJ=-IZIm^cJ zD=xAmo9e+WGPz?fWuq9PRc4}fvB*LBdph?1QVOn~d+Vn)KxN009&PtW`U9+?pWHga zY;yZcMABSmUt@$>hG7nTqC~6N)UHra`OkT+PT$@JC054I6K{-@r^sRIFc9pPstjW^ zd2pGr(#N?pQ}bteeaG0GSlTrr{$2wEIe`}S5WyeA^W zD>Kw~ingo_N_cwP-7i1X<~`9T=(+!@*?q_XH6K2HAc=v#e}^HhU?qnW~OH}OvR5K%j2#k>SrVV{O}ag<5l)| zdhgU(r;e>uKS~AZI1kb!ubZkX!aix;#EIH=BF#cFbn>3O5{)*zfVMVyyMX}O6_rse z;pjLr=P&VS`?TumIXrz&z%nPZj<6SZ?xo&0C027~3Mh6dB_?Y9NIh%sh&4d+0ohY=vIYR_vkjUUI?M<3ZqV=i zov`6s?254}IS=0FuYq=r-q4&LLO&J|Sviw#ncfLJlX7|fM;)XY!)FoOWi|faETEAb zI!=sYmsZ;>_YAS+MFb}-SU#c&ryclj9_0F*dSqk$s)XW9%hNdwJGliA>YFpr4qfuY zrS%^)CU%^&y{nk?^-85whW)OoNAz}hdtZOl8$<|UR_-^0bif^ z{w?!IY5}d`m6DCQaz=HfSBfulf-jVnGkxbADH?72MDY~-Fyr(+re=60s_Ea`BLm8_ z??k3dsqMWe6?;#`DF-J&XLOQ#BsSqkaP#|VT3RHp4WGp$y2`8_y=>DwQJ)8kwypPD zBc~Kue$M&svXWMImH%i~MUJKgq}`!T#rnFKt7;=l;5{=x&sSPj+gPO823e0Y$kx4X z9QQcfsofp~aLhBys1=ZI86LUg4TV-Kot5+A1Z}1_7x5AAI@zkKKIB@QcF?>qBd+r8<0aH-*|)?Y6c?Le9|o~Ddo;<3r>ztiknEUP1i8**qqWBu%XRocp(Q3Rt8#^mAaj{752s1BNa8mr)z{J&Nke;Fu*f-DzCT! zeWm}qU7tO4Q~SGGROB2<%xl23B|FnbM~oq05Hy{RdsE5wGgH&`{TP$u-`p8GW2aPj zQOlD-CRS1VK%c{9na4pBm!J1dK8w2@X5;_B>~q`SVHN7_4AHE%z)sGu-j^z7pCvC| zoXWdIOsLI!GR%ms-1w2*)|_4YS><{`Fqsw%*N}5y(*OcUyK5q zrSzY7x*CS%s_EYvf`u6dOi_B8ngMi-l!7RO`ob%`owdn&Gq})wWGVDrT-$p5OaHrY zWg8z)?>eNMtB|v;=;t(R$%(;xKa(WwZ6kdF3hexUYmR*Ue878wTI)!o+9cmz83FT|8gp zgH3QeK}V>2Ur+M3z*A`K+W5q4VK~@MJRDd+EfoMW;_s!9taRId>ZzCD&=J& zo?;2cOxhh+glIq#{+V0Wdu(mp7{23jtTm%meBaD=4RjMSeEL>xFsf=rL(|yirlxQI zSJ)U2hzs(@F!9WAp&nC)tz>b>@42;25)!6=U3z99)1PbXQezT)T&7kbkh%K7*%D6gr-4@SDnv;bpsra_tSIG6|^TZh~&UC&UNR^|0jO=@_%&wp%S~p`yaf?GgSET!T*4r z|FiS|0~h`Or|b5YAlMj|cD)Gpg6x?Ql)at*T`3pVP;A}Sxb*?oS{-7mRHW`XrVH3y z6;7#EC*1P<;O?G9tkTde*HFp5y|z{wg}r@@Ys(LIxsmn830bbh`>CdB^I{yO%DFNx z?1Fp0XcqK7c*4}GLPbt95cBjr;z?my@~fqkW%H=#(H`h!rRRP#_A?QUmt}SX@lB;V z{-Gz6u>&0sF@Fr|zf=rSy)|mglWxgDn&)AC|4Pr~-Z!v$4)(R#G%pw!NzOvc@WBPL zXK48WxY4Sl^50gW*ix?6hpV-p+K6+>(%E^Ohb>otLP zxw^h;e2(}TJItx{d`Z8j+(?n1SJIBV`Y@{Nlf_?M$@ZPf)M^TIzH#5Uszj+SRLitQ z&0SW;q;g>I;?J=#iD)xqJ~w3HlNvFT8xCx%%)%Y1OK8v-_?i5~BZu_o3|9kuIA*a* zOMO2J12W^;4WrTafq?~6ImnQgOP*GnpoU059AJdLeq|7CX_*IebMKPul+my8pG7yx z#;tXDE@TMR&W4fsepq>Krmw39FJqe@CbURnuYA9ny{U;kAokG>UL1syzy9p`f@n`(m&q8c ze@=P|+zi;ymcV}8@T^kUmg+u4m3IDNO`Z$Z0PSFVd-#H{T(tg^=;&PbL+zgTBfL#> zcE?BlMSOd4TzPsUz(;_1Hto(%f*B~JtI6||bW3uJmA39eFhN^$^#=gjQ`ODvqXxGc zIb4q%3|jK&KWUdTxhD5VrTigU=z3h^h}z$1V3g5-lFa!?TbHrNjV{KoJk4i5jQ|i4 zsO2mKulwlk@WPSvD#}raKhqs?6GNVg)mW^;ClufV=#uhTGb~Xnn0oF58%L~puICS& zQx$zrvY6d#pZN0>{fEeW-1Aa-rzrj<5p}h0^Oz#)KOg1<~O+TfDp5J4*oslC0_8xFnylMek{KGA;OIJ zRFBOUsiIYOy%Gj05xACuC=w`uG-Y$OlKnX0E#3Y@3wtHn#lIO#_e1f5@dWBP|M@$}X;Teqhyz@GWURdMKMelm~hg}6~vh7C# z6$bA3`$W0~5Z)%15q&GFY=a;Yx(Dp8H0Si;ylNe)O?EB7uGDQy^Lbo=s}Fj4qNU2h zJU`LK+q5GGz+X^FK;E>f=`Mr1_TXAWo9fzgWuWIXcNxSrtCy4YH`Svsqsz2z%%*6d zmX9JP^Y$As7UJVr^f%NG)L8cocQ!94N8}ow&%&WaeMWT4xB6LQ$OJ9d!{5jBxoIY> zt;}tB;NJTaRd*+5a{1hk`D=FGHw3{O-G;|X6*V-%hwsL8^10^`0`NnhJ69+zHj1aJ zb-K~Ku)lqZBb(Kq{M)=*4ZW++W)MDISrSU*;mg+`m;8*cT zrcG(_Tv|I~3KO>JC?qdB2xhxOB0p<_@GS}IWa44&I*8gY`}(y?JwPx_T~qXQQqGPm zQEE5Y%+#T%`EDCLqp*^YB@tbGi8K7;;Vw-*KcLh{FT}~ZcsjJe3~MD!W8k|@__3}t zEj7>W#E_nx`4ayX1)DrGQC&v)jh|WKnO<@58&)A*5?%%!fuAtW0N|gqR0f`*Y64kG zc6_F{twmKUSWP8_Y|l+z@VDs_Gq-}0>imVG-Yv*CcFuoum7v3B#x?LWmlV)|BS?`l zl^KTZ^H#i=M~k0!zz?wtb&#~u6%RWtyyoa+_Qjc%^S%=CT2pe@khHK}?_^*D4LUUO z*otUA+p4ao?qCIMCf&d!-2%3~(dA=G#8^S46D#}Xn%u}$$yi#G+-N-^w75)3Gt}ge zpjq*tVwK?7Hpfx&b!quum+$GQDwu|TJ2bw z+UE_HP$z6*Z^}snl-fwv*_<`aT^K*NQ|sIRMBBd19Mhkmb@Q6I*q zyl`xu-~&qgOs8`jS9*+kIW&hCprZ<|KJlw`h9!_r)&Tf72gbdd5`O)i4Ivy&|31|d z0Bx+bG?U!T**i0RHmfjCRIy?D-6!#mvi24|Ylq6Z<0c<3d!ngV0Zq|nruq0Oz8&YP zs$^}qvdgpA)jdXr%xi%Yf5xk&*L1!fm0c>6-Os>kuS-h^73EZcN}cO>mcNuuJ*tk4 zGU@9(PE`w~dgglfC~7GM2l#6f6+}{?JIRE~{b1G9SFWkM(|&v@fWdyRRfJ913X6u#Sa%EhXE(Z$4`Jpq zFfP$;>ei0I@}3<=rVif_5}2l@CaoqdudlBjed9(Gegx?MI6AKQGq|)|5tdn9xA0nn zO*M+i^YV!_4L1(8vG&-wZu~mOCH*#&c;b)@xP8CtKhH3nnf{Y^QE=Qg_<54>dnKUc z&YzHkOTht75{Q;kOf`kt9C5m<-Xl&@q~rs-gklQ>gZ&FupD2sZ!hSuo18w|*2bNzf zsd%S$jCoNZjspdN#1hOj+M*+%7<3FwxIK~Xj zT>;u1#|2GSu-IN;54jm3}nfmC&nee-j!1we%-vWLIsB`j4 zUFnZBr&LQbe#qNDBk8AU#w~hmtR6MY2AXTH*Sgu$th135neNqTZj%SI(RjE>_E&QUR8sDH z$fD5A&*do;FOrwQZ*|T2N8UQ4b7{#Lo$YJt*B+!k6vNl0E6G<@d3$?T%TGVHKHuVl z>AF&VOSy{k=YUg^K7YfQP^I4)xN26w*DZXrXT{I4=zN9T{yi%z?0rCyUEAn6+?afl zpzfIc>>s1Nk;UKpR%Ii0)3)4;@Dd>qWUE-30f)8|WYC8d7ohmp4 zq}nC~*z6Ci?{E%avEZ~)<+b;9Zllr$6xf%wHk~sLdW>7q=hPHBSDhGTEdnFh_2gGd z#M9GJ{HehTiUI!n1BEDBWTak9r>}2}^O|?#N2q57!Qii)zDUAdX{u+_sgsNiNy zl%Ws6+!u4_Zq@O`6Jn86qn(}nI;?#lQBrsm>s4(ei%W21GBR?%*@j)h9`>VF&$Cc4S>~lJx!0*H@W_ zC2}H%3s>Zf-)42KXS+dB@6jWEQ65p+mUg~zjm3(OG8OJd?x@@5=E>rrB0K@A-Y3 zCO<-3HwCNfe2G3m9iEN85ZcAlR`P3Bor3;|wHLcDuJprdp0(E%KeRUa&v@MSm|RI7 zU7|JEq!fXg+i6O>GB`Ob6cR^&$pL@z{&N}M5SsTP1 z;j0#PzzkW zoRJ7dVgwDXM{%(eVtjYobnw`BZcn>wy;Zx3lX_BG@<9*n1L|VX*eUgyCjjdMnW!?D zkNZ#bM;T*frLtCU)Z7FVtDL@nU)C8dq1l_Al#UfR9IEiA;7hoxLDZkGxhk3 zsQa+RQ_7$8A$-$stX;!(XOExlx!XgO2b~?;g3tS&d3StmvrpnTqRAz;)UBi6Yt;04 z_~UZ@D$ZZ7|Mo@snUu$AyR^n2$mVmY*~j1ABL5C8%{a>EZA=#n*j(4a`psVH`<52P zzxm8N?P+_im}oBiG`e;gK$F5UbMbbPg)O6nc_PcTit^XjQseY=@N=Zg8UT$=xktQJ zGYF5~2Epo6)tyN$8t9UzY6_vgEowu5mabRV1xE~5(qNEUa~{8HWqJ8(VhYH%6=Juw z$t)9JtfBgolpdvQ2K(8=N^Kt!p2z$s)a`h6X`~!iC?PcqSkatM9*EVmma;z#i{)Ws zbG0}3d}Yn(sn7WZvfll5T1n_dK`YnWJuU`Ll*%4Ik@Q-ez@yd&MwWpdqh-xazpDW> z{BWP^p4L3CuiY8g&dMNukZgHrRrmM%x1l{mgCLI?-si?!qKkJB=y%o1)pCO(kZWx1 z3&Y(BL9O8RzFO~Lwfz+8tIN)gh8qm?9LV};(A?Jc9dq;Hh29iFuCbkbe20rUx&cO- zg?;1NOBUA-kz-6x!RgGte;hK(YrV{z-+ao?Gj-yo9|D9vF3UPi`l*{jDI8rA+>_56U5s(KNn)K^U22rsmT>amf^#5x8e^bN#uTTCT!Z|kU zP(-(t8p!g_Ni#QJ^aG>J!Y%&c;sTAFp!WAQAG~@!O-cK|D(wE}J>xTTV%Ek=w=6jm zM5@B>4UyAdEm`{lmby0=;0w=U>F~k0y>6)s5xSH=h8cS5R^phqBz%;~Q7%Y+W{%Pk zom=ZUCXx|G@B97Zm@{=FDJAYLZ((09mHawwENNHg&=$SlIC_2yuXBZ~by4!^wQJab zpkpoD&Cr-lZ3*sTJq5cCo`tKe7OIT@y^9Fy|6pyc{Hn}G)m{!=OzKhe8mXn@_5`LY zwv=3ewC{vfr4c@O**^(ac_Z(wH;gN$G1XD?+O@^pB}ZhVFcKL~e}oVwzn z9|}(lGJwDiNc_qN`rm(>AZbQZjp*{DVv_A!^ZATzg6wdCAbV;~3`x=sJ(xvu0#_Rn z9;z-PX+-|#y4^q<$=l{d!pvSMn|{(eJ>p&iB8m%?GpOXwSu@axAtxF*>{1-n&PH+E zX{8zZtGT(iIJ;2MSk}V$=O2kXZ>M*&0X~(Ni$LoKdqXJvw9WQ%sX5V_I#uWt8PSSDpL9yg5W0eOkQyZz;qjY6mNLKuZP&6%H8X>6}=Bi&+-LGhfP zjyWh|O#yGi3G^Cj6gWXR&%^p9Fc0D^^Ospf{w1aG=O4<>@b5H=PNw7(u{ifXv&k9w z$|4Tq9@)|0gvGaM!-Rg0&lm-29$oQuAA`J!I@wn3A#M?VT`qi=^2H?2GA^Wx?3QZv z&%b#TqglES;E7SuYL*!|wt0C3)*kpfZBGnuf~m9L=;Gnm-|I&qTXl+DBDcTtBu{At zdh|zX>c>&q0mL)SXAan_-|UlA3-fOb+`sS8m^AM*Cka_vEb83vL&2yVhxG3E%Qe37g^}V8FdfeVlJr7}@$WbRmuen8xZgFS^Lk5hzi1=d% zSIcq;vGSTdx*g#WJ^7zmm?Z9*z__4?IiHNA2ljKv(61*+ z!?_wexyMvML7-T-g&uFhV}0aosC~{}PY=8V9R2s7Id386�x86SBI|OlVo&P8){V ze?nHj2C|pB6A*o05+%vEIQ@gQIw0Gh5u&$Ki;R)K`RKw58OX*5Q~kxE9Jk+S!%q>{ zHu5+{dcd1GQgKE+4`bJ6n!&M?e;Gc&sk!r((JX@w3YF-)ylZlTCTX|Ko_JLWGq|`_ zK7<$x-HliL9S8U%O!9sXTC1t&Ebf4)LwOMDt2z*C!_Ka(E}zjF6l&66I*C0FnHpP7 zN;Zn+kP0~L{x9J8t-c|4H@Gg2s=EiamW+Gwel73CKfmT021EDHko? zAc=AB)%B^&FpwkAw@$1?#;tI0;(F=ITZ)eTVSY1?^eHogp>!lm_0LxI5aM8mDXU_@ z>U_z=lkvJ|BxV7(xZi5{CvJcost&?TS0FYEulG;3p&YDR$^gc-$>!V}`dS zsE`rV<7B>ij*J24;A1$CNa$ir$4-AWkWo)s;&JAz3~(}6qW+kTO3ATbkQmuC2Iq=q zY;Qs+WH25$(A?cLVA$u$(^x1@W5f#>x_VehMgJkDGZ#s4v3wl6NH%&C<+|Wn7)iMd zlG=NA#w67t5oMkqd6>NG-!FJ4qBn3AbG0tQq6ZiJglqP=z^ma5kQSL}R_t6WyPk#5 zh{{abS^l~fIZds$)Gx~24cf&}Z%OLYh0MsWyb_)ZIs%7l(cfl&@FaA{0#!#GEg7Yy{m<0>?|qH7sUnrm2J+Jc?+Bv?8Yu; z$5N4A@O#T~!IR%5ZS5SVE%kFLo#raB&9#~c_yw*2|J=QeLG`>R9q?5sp-s2zcBtQE z-19XiP?bEiQalJbSXDtOv1d5DV`eAgbWs{@s}o|x70~}MXS&$Q@%voFl4Nn!y0s;% zEr`F3o_>;RtEMGGR7;qj0pU{DX{oo!#_@)aDagR=9<;NDrvktu%2PZ2mj@8H!E{` zD}&bA46`YK2T?!#uDWHhWetZRAzhkr!`{4x7r0u@b!!vxIzd&i!Gwl$7T}RKiyLoH=C*}u_@CYp(M>5NznPeUlFuH|bmri~ zfv^pV35Q69858NBt-1;zZv6yFsjq{koiN@bvym8;^!p{DMcP3%&Hb7YBePl`k$>>9SwM7No?VWV{vXNRdm>Bsa@;;UfQT z?*t1w_+`kPBEEaKs+EEWjsI9mZrUQS3U`0fvy&t=^i?5Wi*sZN^;g)60hZ}tViDxQ zTdPrBJz)z3ENaHmvMoj>@jl94H*O?TM=EWru|EU!=fZ5-JsHa!UH1Vu){(Kwva>9V z{6|^q(x1a3rJABy7@}a@ZFlz1V}X}J%27>)!B?c9=g#XHzRq2VuJ-~Ei^>e^|lu^En2;Z1PT&-P67f+3q(XqHVsZmFb4msGH53bb% zO81CM=y3ok#%ku?IL_n@IO}4{vdDAGB(u9bNr2YBZ@kwdv2Q*a7{oSEi`lS`E4uXB zeZomA+zKAgM%!9h#caY6zVv*B{c?zkNYNmR{j-|mV3SoCoQN9!T@W0q0iO(B-$tQg zLaco3XAQ`#iAPrU%F{8XDa@^g)s)1He2AE=%Co)NiwWdJf==wD``bd!&ky@-rB)Sj z&i>ue@@1>k%cH@daOW;PM_h;F0&pk|%|RlUcJ6KQj#fbpNooA$*BR`AV~oVI7z!Q` zW$8IeaP0g=9-&>;D}G(Dp&h#JlHv0C*5aG&PkS>83)&H+6;ct#VE7$)K}gBrf!zQL z+_doP_84FF{(zj`zav{SV^#FD{>s{Zekp(7(6ww^O1{5Ru7Po;wQ%}|vewqQ>>__X zJy{4zKYVm=c0DWQgv$3WTXt9NG1)}E^*2Lrd9}iJe!dCT!@7Y+=i8KptK)z^_ENZy!X@E6N&97Ey1#w@yI&i{JfxDutCTcK%; z+WQ23cNkf}Td|ED4B0w#muNKC1Nxl3rhL80JUVF9^wvv`7 zV*pzPAjWkdf#EpY%r+)X5-D$ zeGUcnI-i1!S(&R$aY>SHl=ZIdKhqIxblo{uR~B0VI$)RLgnRkEzSboVHQVSfss?+! zej%JL#aXRV_}2P}5J7jVR(EHoq!iwK>$S|LKd0hor16MA)$r5BM~`Y!+@6jC zZzl2Ib#PihZ`?%L-`2s-wFT@J&@Cb_XB!!>JBJq3)`_`OG(PEW;#( z+gvi*hWyq_z-rkdN7e9lOku&nP%v=fnsUjHV?wu9O5gDIlseHI!imo;iEV}ce8k6g zvZz?)9!*zT>f_Lcu$_hZ6lE*dLgpw`SFP8K-(`S1dYqu_5UKs(7kN@V)MqH{o2)v9>kuHCZYG1be zN?z1geJSmDW6O^u zyUTh6bz~WPmAo!uWZ{v{s`&oB)E7@cFML_QO6a5e?SBlH*WYBVL>m90dJ6YHJ{qC? zHpuFXZmYnpSMRxZ{;|9 z7RPX|HYrMI_^FYB(z7S2GgrrZjX$ys*Svn^la@#Lt#r#x@sadbD=r!8COfUOE+m=$ z;kSjw_e~6RRshLeAsAd8eYj)C8S}PPyf8-Q@6?X%sCUR8P51i_v#G7%N8C0BuD>o! zaOxQpku}mFMD~YsCRU15Mv@gyUm-Q%XA|N3EbQ zz;rC?Ox+)d?Add$`wwPMlXv3lCT%Te|E3fN+!}tXN|f+LXr$eDbt)`jC$*|&U`ir& z5fAV9UqH+tPuUbXcAq$6C7u@9ea6gg;)S}x${8e#I)`A}UD&h@nSA?+=GIJI=p{=I zS2QPk#Qh3ZHTqOJ5Ssi&OvLQmwS-DzRlv7pbKFr3-W^*3`3SwMGVpixH#>>$^~jiOy3QL%5qEH$00+LL^t_uo7NiH(Tes-Z9?S&G3lkbk z&JXOGwB6?inlJZf6u_s@=wRC3o5p_gV35$_tn0Iqm5r_Y{w){4$x)xKi!Ot{y4T0A}snvMAh1eHdJzvp*j(+Pon)CkZ(BjX|4P3}n&+ zoIDsJ=?~ETa>m@4fQi6l)nbguh=hUqjp!O`{z02aiV*k2D7OZ-88ST=Sy!pExBgEq zydPQgQbH})unyoYWa3k}^Ai$mSGSKO+l}y9-Ny97w{%Eby)X5 zr8=r@$=bnA2F2UBNOoS`;$|g7 zEo&@)-uz>ZaB1|8)*in1?9#$?Fhe&0iK5{ePAk_Kq ziQ?0dE#AWTIMUl&akSa$JSE0Q$G%`ND!B~4DnfT0ag~47bAx<=IzF9Zg4Zh^+AfSD zOn_o>ttZE3BdTjQ@&akv1s z)mw?taq1xYO+_^n)Edk{c77gX8EP1#KnU8BH^S^e8gLgU46YE)*qm`}U~a~*WXcBv z!*AAc&^Pa+k_dt5|7HPcst$YGz;BJ0Efo_ylzUL}5I0p4xe2Pvk{H;V~hNSL3 z89lq5uX8YO?7n;8PA)ObEc{54K)xt!ycF5PJ9yjm>*~cPdbQ;vEs;=jh0vgU(!61y zP5-guG5t@DUIbr{Tx*ke3E10%lcHo)ayO9`ovxZ!%tPXcjc@M1cwO<;<@>I?Rp_56 zE#vI+)qBG3{#ygigxhLA9n0jt29k|Kjfh%N>mA-xH{%!bq&=+QHe)ad;Gjq`bdYFB$kv<$8Ycth;1IWu<*b_>M?6yLX3SuZs8@y>ys_ zFWEKXR5-(N+}_WA({pj|hk10w|JL4lMm4!^i<)Ie5f(_5CLmHH(j}oRr3pwUR3QRl zAP5Ko5kj%in@W?=ln_ejy##`a^xjM89Rh?FI^=}C&fRz4efQbpjQi`JG1lLVjO5E4 zN#^s-cg|-D&uRH>u6{QeUbss$cH)!0=DTS8iI?r=$~BxSlwZ$NL`aduKB zglt17N#GpI-2~kPzXI1(^2Tu0wL|!$+MPTXJ)ZL~)w^YBslIdGN^^SRJDWk~`*L>H z#1M=G2K-ZV@;~<*2f0FbmrLr5)<1yCEGg$o46~i9MM_kD*L;1799QPKu=tH?>a_9ozw$b~L`WQ6(`}>9+O9@Wcd;&9w2|=ExqLOt3 z^=`T0KfyUtf&;{S)N6lyo`{U@tSzIP7eyYPStjxqWuEQM>#~DlvjRdOsotn&X8HwNU*=4cP_A-?Y&z9LJ{IRjYT{Ftkn%BD~+Nx2e@`da5cg9a2 zKbg!eb;sbf99@kD;ZaUza9>xQceq!lwIW>jNr&-H&CL6>c_^v+&-$Z0Rt}<_!TQ|6 z&8OUC>5W!ak0BGFd84~psdJD*J)C!-o7K_S&kKczQG7Y=wvR757 z0BkiRMK!DY=wy4LBV^^Lc&a(&sC&6U&OCW2`6e6h?@}|IE7;gALend|-$F$vvn7n3 zq1Jx-6$9(`Rqojh))k&C^K-G~V}rehDxUg9B?ub)%OSj^#OnAU?_y@Wq6afHVa16} zu0eJJ^eLr5HI}zzAULVDu{G%m{WU;mWN@0lgV50rGSh3j7uAHYuvUvky~pmL7uj-X zO&!;h%y@I*wQMAx7+-ZL`!8cMs`4%%T z>+HO}+*CJ8LcBJ5E|VdDqn<1~*i5Gx1-c>^V&UeTBG>32R;i5HQ7 zBud}m5fP|IJ`D+e^!xOjR8z%y0 z*}E3wn&}jmK5J-mbjIqV+p+UdSKA z3I1P5$FgprB4NGneEpeYK0=;pov6XA?dHjn+eN2kEb}8+Nlgpj%9^-0wh(oMwC%Ae zzPg<^*(@k5))8ti)LK-Q&Kw5klqr)c=oY_S*02c#J~T80WW0^<*K>>;h7auJ+sn^^ zs#Q61B6%UT4JnXSJo#`-lrqodH4Bc7RRf@gM+8U5Pv@Bu>^VuXfQ$={;Vp2ck(+rl zNo7)T&)xCcD$*Tmg6$#(+al~1=1BqHB9D*V4A_5@Q}xuB8P*h8qvqse6!lAKw88TA z8=FCh?!!0CTa$5t-ydB(H}%TJuKZ@S;fkQ+41K;rWf9%>KmGGp0A2+}$B%>+VMvsO2U4y3A}X|8*?hU*iG zwt`>1pX#Blgi6aT;Os+n#klWVfYW(jqWQLgw#`sb%r*0hjL6D@Q2)BEZAqKQHeW!E z=^kMyO@Q-qRzHG9C3?)pt)jAQx=kQ`CDW|5?W9cvu9SDQRGkpDGCLBba}p`ZE7k?; z?Q*qKS1}Ge{gf3KE*du2+w0w{UtmfKjkh}AR*VF$EUPq0KSoW4Um8evzpvTWpe?3Z zkd~Iq>h$5cl=A8fG|Ix? z?aAC{r8pI(0t^&WkgDl!nPXFwK!~KhUEIRhES85ii{U@_C>Of2m$P$s_s4ZdJ}0{= z-y-Vh6)vHoUy~lkTTLyx`x){In`_+UVidZ5sD=e0JGl8&+np^dW10ulTC^iJdD518 z++cX>bmw%*ULD@_v7Omsa151^bqvPrETb2N}3LR7$;50(x5rP65UqIFQCy4C-(MBvba56ZgO_2ajJ{>QVWyd(*`Hrn{jD4 zixihvcNi<|(+U+!NC(|Hd?k46wgQ^6p|Cyj&ZZJtodyA692s)9dr94s74;I-8WhQa zC1|aoNmhpTziR5Tu~Hjwn{)*uwp43Z9w3Tc^%8_=YGkOgR72h`(Y;*0%mvg|+YvEU z1_`$X(WZxN-al$C8IltJyb&)E|zpgXW-`qF!_b?-|OyQ=NKb14ws;+WlDDCAq$y*u7MfDxPlbU;@MfNseSh#e3 zzp44iQfiKIj0>DLIp8_N5o}qowUvQy?~psx(_JmDR-dhCoVe_~YHX{*{;)tI7O2uy z>8UF%Jsv?D1d`&pBlQzW-=n|IuF|b^%4~?SYaBBQn-PT{D(Y>Lk*eJLmjZk84GVXS z7SId(&mVl@6}6!sc!tw|`{oF*5Id6b;kY*~+*$n293poZ=J*(Zp@6i_*R0BB^VHO* zMZZjoHOqooA=uk^DVwz27i|jsb z-Kt?7cm@#dFbtCveK%mtee;HR%`nUPCi>B+I?m|ol9O!$hgVUD5fa8Q-lqz)vK}1s z;^WW?V>K}5@VC||lvSH!VhJ=}2-a@AJqH$!o7U&MwBE+qz-Hc4k-2;X1Qblz6o__) zvI>n{KM2#-AT`b2h7VC*T6Zr?;`U^mOD&2;MIz9Sg7KV-{KB;9$2dnPUn@x;#Z0h1(z zC564*8K_>Whl`BTass6gyQ}!_PQU$cL9t?`O5w}c4%~h{3q+7kp}mg&9M$)TvA|L( zc{{Hay4bSL?sTX&oh7_QY3F1`rGz1c;YU2Bqv|CeWdx2}rcu<#+7CQ{1$W3k+16;yU$@0vmw$0j{`hjiZh)I(WwIBu zR!X13U<1L4n)-kw`=kc{$+n1D8rB+7MF@Mv!26g^e&dZ0FArZqB@RL3pKeb0pZ^P##yO~Z zGqZq0+l~3$gxN)2@%|d0m{|=LJdBSk=01i{t{?-8tIVpgqoMCxD?~5E2+K8)QmtUw zrJ1nEn(&&fNO6{X-`LO*ojz?5Sc7Njfr@pcb|QI)0@FCOgiMbe=Hl}F|EdKzMNU&^dKisrjhi)~(?~aASIg2D;(;6ua^l{(RTi4t zxy&a-2Djrp88X*`DIYKM$;)lJtNw1KQeu2{Gcg6pzU4TImrs=4s9hMG+$9(|L(Ac5=@{n#IQPeb7?(JPhxUB;@Vbk~0)hXH6l3Y3Kbt8say5MKm-Ss?7 zXpeo8-(6%~nQ($)*)1M>#gZZ-=H=FVd4p2y=MT!g!)kG;BB?TzVBLQ8c)WAwxG@(D zE+Ye6r5*>2<0LF@yZj?h+wBxy2bvo>sy$qq()vctMq%Kw&Yv7uP-aaLx=5nS^0s%o zFX4;T1(*2m~!`i zyzNdLL>=z?sbj(hfEgOX7>_p8az}%|xSXh|>3caCt7z#*=JA)A)({G_(Ovy5469Y}%3OeX0&d}0q? z-S_3kaz!iKZhNal0>|Pw^v_?3X!%_nP~E0{LxoiDpmi@qx$O1_*!cKp_sO0Z5ix{} zhcRFk)1!3=gZ=b-;7y{5pI_io)Rl-3afg}q1cNXOpfHK+e9!HQFJk~_r~NJJ?86X- zH8=8B=xXUYittiLJ?7@-y1*5t94kN{0cvJ! zsIHK_#MmW#%J>|tLr&+!Qnp+qH`Uca)u6y<<-^4bT+)`>%ChNVv&@!^ zHhMqmFm(BBUvC5{`gn~{@~Z!nJ*8JMGfDD28}uF$cFp|XFwXD-i+4N+8HEmh94Dc7d%X*Uq--W8`z>!$K3#9Po}EwN#dk~L&WvoL z)rZN{4FF_toTNo69XLpgn;uA1I$iC1>r@@2^UP42+0kCz?x6di+veq%;?@VYydtT| ziBI|?0OMEL>n;lsdC;kpTR_L+Ehje3+I>^iSPeEe4f~mQR|g4-Ct&UlmZ@)h3%T-R zK;^6K@gpW($dgj{hhZ$Xbxm7~<)jUR`S~8WGJ}pws)QSc zH^5QxAy?m7nN_Y&sGAyUN6a5a^Q|AIC5a}^&IH6c^Z#V9?!^wao+R#wNaEa36!EjYINJPqyLOpir&}g*mYG~&w)58I>38Y9(5%6PG2BnJ6>rsD9^K-RwH}YXCD+demzc%v+mMZq7xJkj6ugiO?O7VBO7KMg#*mDw|Ir?X4#LO z=~as`2ZMS~p5=Av7Mj|KnxV~A+Bb~B_QpjhdG);ZgoA#R&26cAdL+awg$0Go4M2Or ziiY0|f5@|=7=S&0^&VnugkGi0VfjBJD_!n8-gM?1MrI z!n*#~L}{JYI2Q{Fl`Ktj(e2ywFt@60u%dK+xcXFn{2+g_b9+g0DLF2QX27~67H*}# zZux$8gf1)YxG_AfS3V5mf9M&;C%|)um-k2hJmUi8W(ZSzUst5qoR`<8IEgtC;8DXV zSP5O;esC;1yWDjNB5meY{L5EF^BoOBJ-h+lG@eEIb^ND(Vn+P#N!ToDGAZ@t`v7@u zgviZ@ko~X#f4|uR@WBiuDz;`Q@#DeghAf{E3ZLDIa#h8DQx1CGh2x}LlhRJ%R={qM zxNpS>i~s)2wfS#Bl(H^`_&(u3#sy}I>YjWn9%MuAEpzVSiopN82v9NtgrndrahN#!B%E{{P@mNyZY;51{(lu3{go*G ze~G}={70KqRG0nE_6YndmHz*{Z|i^8u=NJfovsnh*g|R87dWppc|K@XcIT_}Im!&? z$M5lvvDhE+1zvyKCh%`Uu<`XA)tlcLQ)}&r-ww~L%;{C9-4lSS5bMCxJ(^E#p2-eM zB}(w>*Dd!H;N%39MedLH{*J-z6BhpNj;*r2p3DA9Mn|WskKVf_IygmA6j!3Uy2zbU zyPnoqI$8BM=fZf-)pmX8_GGB$QU^xu>M569i@9+GyN zNSi+ZIf6(Y4w=`OAKzSGMuYHDYdZ_7*S0wC&gY!%NVuTv<2ikpj+01imTmj&VOOg` zsBnHvonFo(DkNQ*pWFFVJCeqrX02>MJ1~7`|82L7%AHJAiaDkKBr$EL44hj^qfy>$ zXSZfG@7W8?8O(bE=e>_;`X&jDTz^fOPJc1p`twv}S88DJB6J~88Z7H|DN07LvcMD3 z@HCt*H^-?9IiHxAW;N-t)1L6&qNE;QQD9~`W6?R4Q%RE@aeVkaM<25V=B11%Jk)zh zkq9hg+fq&DV^!_;TLQhVK$FlW-u7~aFx^2rWnjd4h-XK`&^{lEEehQ(az+Y36vCyefJ_t5h4As=7 zWq+}SnQmFmF2Ygtz($nm{yTxH{275|;Ol|q&#!bnNn8iujr-)DS*FN9qZtxYSQYm_ zi_6F<$gSL^cA^Xu-+GOOT{X!U*=}5P9`l}hX}jH18{p9Qeh2=}rZ4vr{ZQ?MV$XB% zOrJ_>Wkt?6%nx>gqr>HfjN6Hz9LL0S)ZDRESl7byRbE6Vu1<;`LR$IdN9$i!FcW34 z#Y>n?rSQ$cY<)|xhcW|DP)1TVyEc99gX7n{wYBZn*B8Ei+8ZKJtc$RPkJGF3h}#MRx2d?q|-w$C8?d4Rx4Th7}Cpz8Lh8K3!RnXg4( zG%o?z_xb&3E9~fUUc>9%YBT}n9a|9mgH;qrIy#hU@X>w&9|Yegz;?UF>Ke%iJ*XvA z^R>T-xwOE-LSWvQRZpqV#%G>p`;F>DH7>us2q?FprZgRbB%j5d@l#KGZNib$IS4{4mmk1+GF~YlXFTXBIqu0ce$RBlr8fNgEGrhiG11o z2#REA;!@8|ZXlrshEL(q-UNkGx@4{dX0=Cn9+~I3m?!Yqd&9hK^q}*Q| z0@00hG&*7Ho6Vib(cNzcIgQWrwb%26vtJ$1eoy+6eACF*!pzjQx)0@$-v=7X70p_f zV8x9dOry@`e$psgL4KC!r_1{F{dVGzv4C%LbukVH%K43P+P z1inYbTvD(9XuJ!a9ZB=T@&Qb%lEcq*1H$1%?^h$+eS8AikeVuy5ghhjQJ4NWTMCEL zGsOfsMLA8nHEYr}TZ8pc6=j#N%412T)_eJ7`k77+)O~z>(7Ph~#TD!3N?NJ!JxQ;3 z(>3B^!TF9>km9`Ma_Ls?KRcv~&QVnc`5gFT4kFnP>7IwxSIM59tR^ak{^@Q^{F_nn z-~2KEeIv}Rw}`2bZLz5KOO*e6g^laCmB(#^UiJOUwK4yl*Q1h?-ygP(^4%SQoeaIgiy+2pG#+%_&n7QFM+W49A?~T^-t*qmumyn}g;r45IH z0=U$1!uD@Q9;lGmm4#o%Aq!(yFB0%lzE%Eq<>|4&=WL0ZHw`l+eWYXe92t;-37#2} zDkAu+wH4)=Q@RGi?+mY8OpG7`=M|Yj{=a@dtQFMFp~qY4cAPLL5u7*#@Bukl#9a##a7_kNP#5sHnp1R=9MywXag#G_lmFX(5rdm%cD%4++29b zFX*H&+nlRwMz;sZe>d**^mFjXw&TAqpP+R;)kpLe&WeAZO*Ztl>ZOB#Qb$H_N%f{nq!J+g?QBx$^P3D;7+Bww5T@WsiRzU)@!LxUYq# z@?2S^^7Bp|6g(ccOlfJy8>qW}Zss>5KWfxzD^__Kz2sByby?+_iinhuG=+b&#bJ2Q z`%R|W)i%EGv-h#FbO+-DbZPElMx6b5)TOy_=KuiPFF)(TC608;*A-MF&Yg0)Y{b2hB3GyZdL$9BJ=kam91^uf51atj-_w)_ix#EJXB{=^HMFyAd<-J zDmnC1c3)E-9gEltrU4;~QB?%;t_^EvQ**X2Ud*UN$SI=FpX>6@uq_TcD+$C@tJ(-| z!?cfwD}R9XJNh@@0{w*BAMaON)MJ24O9zl8t%Cr@Hz1`}g#D*1R*Jm*We5%^*Ip-! zwdZSF)eaEmPQ*8GE9kH82%_aSFb6YIG|K}U2dI~?MwEJx3>eJ2+vFc38mu*!stvZpL!2i^ya25X>~%Ut%&oxRrj-BA<*c6>1lZWWQD45 ztaG<}*$bA`m|J_1w`u%S$?43I?aenK%xa+M%kU5@_4J1?Dv?631S(u*_FiP=l50_3 zk0k-0yC&b+Yh8RYa~fbK#5LVDL*nU_a0(oJ{{BN_{bV>fh_G(|)aGE0?QA%gYE2DC zKrz6b9GmU3y^`T^FV}3zj$6MCxeGnRfAQ11zwWmy#El%p1<7vn`}yJuJDsX^tBav| zbpn2Dc_PL8b(e6RFaZmHhYVvt&@!^PU(tFDSHH?*uivCH;Nqy!&{EhZ_wtv>#a+^V zN&9jOpx&_~bN8@@Ur0yjf`gCp32GRdCWPTYaWbV`*1|-LUiQ~3^Qqc!4VnlQ*;m|E zmNIRQ2!*J4CDmNDi^uVWy5`ZQ+XXxtF(f;pb`2hqzhkWvjHa7cv|N(^-okyNb$I>N zHCUG%ubDS%Md#AZv94OekY7-j6MYd4WcI>GX1Avh{>|b(3QC^l_u_*^c`&kbO>d#} zTlI>=eAosRk?_&oM}CHf8^kc3IPsp)L_TzLKnPyN1qb*{2-KEx=zKRE^ePp6xPf4} z#PSKvEnZLJE$L29Kl16~cKY5oAryOz<6QRRmG4sbY#Uwh_Gr*Uf4ZF*p19`(G1w^l zc^>tAL@ETj^Rg*BgJ0|ln-R~D-+%4ov@DVbscwIaiQWYW9Jq280`coVlrtMDrnafl zKD!FsY+5lEN|(NRzBbD9K}4H`keD?4(Ap|KdVAZ-opD-NP-Fj*6I<1u)%tb{xrP|5 zH>D&-xN5J!?(U{PhfC8@@n0fCukgrX=yA1myzN#0ymvn^d*l?u(rxY^yZ`knV)^U+ z0C|74DP6VZ-NtbS$6#mq@4kwSWB;2qL^1A-Jj@%udyw>bmYe?%nF%GMHQTej`jN7- zGK1y1+oea?Ez-zeC|P;+!DsA7Yaddehz6LOUTY~6m! z>STJBo;l&X_wtc()JH?9UmjqqQ?z{1nflvuq+z4wqgwZfd9A}rNeFlf zqzo8}mR%ucr;XPaLr;p|86cRAQCCl-lvTZ9oTW+7xyRXq2=$;jsN7au_u_eXridKH zbRtgN(VLN`O|VL{ruN2eKIOMW*#(5~!o1wdb6;}EWOh0MI35-#8SAz=)RZz*BfGV| zLfeY97`*srqsPP0#uy&!lF7-b*yJ}DtNFB)FSIrQ*>z$Tq)O^|UbJX=d>hgwB`LlT zyD~m9BwNV#FfCz)ZmbqSY(s-|19>Or*6sFpG_~ZlYwH zyfh@aFtCL0l2j?InACZEe9v?(yRiK>)yCK9&fNbq9>3sxq556~P`G^XY77<1+5GqYO( zi#r$KvWJP4O&L1@A?{r6Jt3haYC>|KjpYhnTiHw*8XAu2b2u0dfpqeT@JlzdI{akU z9uTcUr`&lkIhzg}K1J%{GKduHSCo~}_Uv|n>iF<5s#HSSC*3i#J0Jj*$|v9Y%Omdg z{E_1-2Yz5j?^<8xRDdAZx~!jra)5l?%qgld64sK)rx%O z@C`(VLIVbz6xZ)|Pfa5uVHE!Ly0L=;A?Qk1IXUl~oO`2jL;Zs-!3nPpnfL`6y4^9B zwXTEV0al|ihKVdu(*e;Mk0gFy6vgi)9gVM2MUj$Iw*%XK7P9>i_X7PC`jX9%wb5K;g|1XiiR$nrvn=s!y~ z1%Ig`z9obsY&S3)cGsADMF2!WiQuXeEm2 zeps5CeyCOPGl{{$c^1d`ft%Bk^ZlOC-2?yU?bk$tptV|0z=JTaaMtNWTIGJ)fdyW> z6*H&jNG242x^AklozSnM)4gLI{~NOix@}A{$ZrOGji7|$hSs-Vs#?pG_b*a&PI+-!l$#9s^a`C04yb$pEaHE& ze})+z8U2a|XoBS8V4WzU-mhIdWxe19U1)7YQnqBmIh@+@n4Zm=D!&4LCuQjQhSqwp z7&AR|_Z0nl>>QH#x6|# z8*}+Y=DKV5t|m2|jFODT$mo2fKZX6Sm`Ir41=QF=84twAKX9jf7B0!`+~{rRm_9@2u8Tr7y*{D{4x1boaPA(8mmdB|NMER!QfZ zA`*jlE~__~%_l;Z-FWa@h;B=u&uZ#X#GybZt8ZsjowjAg3#p(em^VaJ*er7mi9BeN z@&y1v1DcNs)h%H%8TKq%sVxj`Gph%qe?s84)fKI9X7`fzZK+-k49Y^q$q{gq$Omqk zFLbU8tz2A5RMm91PS1jwEX!vF^4BHcaJ%NmVohVBO>wio+D*Ha>K6CzaWQV1Hc*#} zjcrH_CdJYhU+vL!$Tq_AX7`JKb$&ZU;I%xWyqMQKxXIm4r#D#MsKToY@X05T|7Fzg zR}EF6h~QubT&^SSU21F=g7!O{M1dCggz$p*0#B%8??AOA76S>@Eiq zLOv2i`{VVJS0|qzPd<=#9w~e5_-`FNYlG6hLUR}8y+6QB>A1hDzP8l zth?x2ziV1fRJ}@~f~6gMTy4f=Gx=OAsa%RBJ~q)CT4KZc#bWon&eegGBn(s|Z~PKX z@9h1b$$UseepMFC@v-`TZ{5+E-+EbOJ6w}eX?2QBz8ax0>1{wPgt9G?UcY3WGujD0 z2iZ3S-TO|6~C+CA|c1 zccOnU_Kzj@y2$c>xiGLe*tB&6MSJCLVuLEe6_TIyf%%IE=>q=cDRgL^>}(uDpG(#$Pbi)L@YPaqWULC|eR+!%i7SY$*#?F}L$ld{`?xl!L3r`1YvGPrp<=i`-)e7c_vSo=8x>+hy4xdQ~`M`5qOLUH}hMMkNerssb0%FwjGP@uSLfT$f7$3D9*&}eL_SA3X`&M+_M(8Cn zy8<&jdeK6?v4KKG;rA=yX_t6EORxbe5)~q;Q_3pHM`}tUny85IE0twOK3d=B6#DE> z=06{ei-6e)ckqY^p7>Jk8^SXLPM9s7Ulw_PR8UcS_VM-m2!p?XAKe_JgX4qs7yHA5 zVDWjmP;%Yqj&yBeb6o_w0V-P~37ofYvJF zBzgV`8i>33{<{82-$!oM+!N>&Ntvu-HK(T8yV@t8^&IfXP-HR__c{j!Eq`PEe}S5x z&CyX^(EsNy0oSYEc>ltmPpx^d{)2%2FE9RIL(~7iyIjW$&6nicAvPu{fWngSxB1W_ z)^g3tHs_Z-F1Nc}|nrYo2wa*BRqV9=ef-QE@O4_78IZ4#9o zsEmeKF4c%@?UpLjzQWZVy(cFfYd?YgOK*Ly zZS^RXAMqUKKhAH20A(hHKr;tpQjc_KEBQ$!_QEvCE=Ux@_?HZ#U3W4)no1;tuz;Id z+h5_9oT60kywDdT=1OPM^%ZvY3&Av9s8=dW%1ZfN<#UK(nWOZZ3X>RWWWipv_ zlh#ZOHLQ6%Y2q&`s7wooH$2O9;=nUU#l?}{xUO8TgPU!vis9EE1RhC??oEqlTvMjKj zKIA`Bqt8>A$-QqcbGwQskcRC>&Rb@QL!Di+X6YUr!0XYps4r+(yZE|Ur_s^7`}Wiv z!!~d#ECzAKv6X^}LH|j>ZUdgbgB~vf-N6o$s13KvZ)o(7WU0#?<&jaj8ldJ)hY82k z+MaKZL)g`yb(`R&|agc_#$<+JEs%(0z= z3dO6nZ%zG6ulex<@-(LM?9@tk&vw|etCxUVse>C-Fk>64N5v`iX3WQKOzJN%D-bgN z9no6JWBzBpILf6q`wj0HbMkeyNg_QeowL~|@01lpvjCfx02n1%r+~;W%ts?Co`qL* z#M!rhCC+1S0@5;mIdg|wDpHj1Dfw)Tg;Ika-RwH@2edq`_7`0{FPBzTi_a3ds2kL5 zX&Ie4t%*H9r%GS7M%PZ=Y;G15q~xqchfPtr>P89-vP{(O2K9M3mFDL5CdZDA1et=3 z$#(f+M~IPpc1v1-c*>G5Cu8xzOtqqr4?j}_Vx@MB0(Ncnd+EQa$C7SNLuHK z9?2hXMk*;OoT-|RFE!OA;fY%M&oZ{X;EpmB6S)}7Tb=E-)rK5zF%^x2I^GB*IMzl#LdUu>d8ajP?I{Pilz)>lJ9rX z_}aAhCg_yOcb8_Y7SXnzBHG(ETIjieIipr?;`of$fXSA>X77IPw`bO<@gFJO<+g~+l@cAZ+RhO$U=tdqap)@&F znw&V1?~Q#gg-LdBw2P_i-M)3SlCo9}cR^d3M%h!JoQ)-h{@Skecb5xwd~rURWN)sb7Q~X=qWwEfZ)9@4yU&SvNP$T;pTyPAdO9I}XFJ7^ZKItqik3LOng#!lb z2fGEgK5OC_w(Yw#gKd-Uum0>7Y~BpjKG9b7(onr`Y8W3`8;Zte&vb4O3~`slh?X21 zwWop=QMCKGD5w?!+j}_@6a~p9W>?gUH8b-}FdlZWoj$fBD1i@~DBOc7Kg24cI9jX3 z+p*Ulzu*kjj)ihVJRVm>vCfr6;ePxsf9MLEjjlYB;Rd!<)=YFTX^J16G@Pop!fM>IgyMLelA zVmUtIktda&84IPA^+G6)t1eqi|FJ@fGo3{PLa$#=rf*x%>oBl4u55zt4<_l6Lo)r5 zg0&@Jd5sE8LCZoy7T=^)Of(^>b?12A^v;WA*S{7r!n|^K*a^}6Q^^bfy0QyO71#2t=E)!HdUWQJZ}n5B{+D6@yqb#r6gMQSVz~;tum*LMZK+_>KOulAuN%4kwc+PP91kXh)TwI$$l58) zRDVV~MSen!_4W-8z_Rh!%7tRj_U2|^&`r==v!%Rf-~`1aF5$qMF9|PUBe4NSRMdEd z`)hz{ERvA0Vv4?BEvv!BqB7=G>T2|~j&xL|-Lfe3-QE&;E3*60D75iRYy1}1;&10? zuT-)nsRB+1nq7Y<=(r3sIa`C^11*NwsoaLt%fe)JB%x$*NEA%t^COR-B0F>i9bI`e zB8EpfiH>_3@JTRrIll*MKhy7J;QAg77AR_z#)sVS4z=$|J92O+BrJ;=jqqR{1nYhu z^3p$RD#+J0D6>&kSXuD5u@6vB)iqaE{vAePw`%PHZT8R_i{|qKR>G#Iy+CWG6CC+0 z*JGy_QnvDwM!&DP!F!#>TeP;Xrlz7ne#^t`v!5-So0{AhU%6b&46Q2Cdha@It&Yii zyUeU@SaIJmJ4frMw6#@-X54_*s;Z$CjX2>d?CBlQaKF;3!(&jDa0DQWlBfuiyxwgJ z6rlU#?}XcnYbnKv>#eD%$=%As{X6feU5luzS1MG=Ilucj>!(;bT?=y+zQLZ4v&h%j zoX2vdJ42IoD|g5Y{HOUVsySz?Ue$TrZ!9;r_vZ|o5K&YrL|0evFUCr<>7@bc7}?YI z*1{5)5@G`y5$V{RF#-g*YH#eLHAAizfGrQ3k*<3;5gf%%{H-@?+B8RCCn{e@Z;aID zFJLp5?K_APq8Jd4PXxS7XuWSktQE1>T@<5#&Hy#+)DMQd2noTUh+f;>tl-vv^?*z2 zG)2YdzZrSej*tnYO+1LdPR#Z~e14@gy&CrEWf2KX3_W_aYg}9+Ib8`SndCSCj7kaE zu`-omv{9NolY^zb78|g%6p{&)Fcas+6e4*s`+@=rXX+;q_pX3AofXW>X_C-*yL2r> znQg3f&$cg5M{;V@89qWKxTBf^3_|Vk9v1T3adh1@^%$l(1wCyNByZrl;rL*!?gk@5 zQYFKvOQDsX>9>W?_vs^;`MrP!0^dumQrt#AKNjXgn%_>M@OlO>CSw^7@094FKNo~F zgA@6o!6p<6eF(6PzJx$cj0nfubU8Pu8hAKjyJy|Fx3h$m@+BS~X5qd$m3QxQmjc%Q z`hoEPytRKVQ*6e!DP>lD+F8OHc->b@RctXv3F3X-HM#X@PSY)XyT<*e4@HGXhBvr2 z;SQ1g1xJu3gB1QlOIN(H``@@if-7QSd)mX+mUx1;PVPbj+n#1`iO6nLT<_;%USha< zEz_D_Ept9c|c51#E&=^t8cKl}NxkUzb;o+ziW@KM`j*N3!bBW<+Do z453!AkgCt-n`~Mcr}+7Rsp#LZjMwrZ>=ff1#8Z@-F0WLoNGb5ygWLuMB3>_x5AtUc zy?4>Mp5fR(ALo%F4=UABHBzN*i2SBoaBb6=%#{ zU)N@{eA3{ad(&Ym3;rRz_m+@=N96YfFYyhwBx9@;F>yUBA8Xr&)=bgS^P-UR1%-uk z*MVe%GDk_eK1oc&*6BXz8e*hSQ-$%t-63k+>%|_Abj_z3z?3LA!z?4SH@UpZ4DKls zeqJ~@f!9a3M-%~rkX953ky(CV1;7B@g8NNW-i`{&64$$P&j}V~ToyZ49hRZTHCYu6 zckEsvg7VGe24$x((^VLBpCTeb%10XjsL#`%>=}O!U(3x+-Qnjn(!Eb9JX={x+tl@9 z0DR!5@u=vOX!%?~E1rmhe$m;LyLQl|(%uogLJa3T?p*oe?8l!Fd4)TE5Xg|f_3}q0 zKiFXyASgJepImQ-s9o^O<=n^)dJmqgig25wsH_#-C3WH^Z?A-kPp~B0XYVq4>Y|Jfw*oK!D6qn|ZXtv5O*v6WJpNw4Or0^s0P6tCLF|VND8v1X zFHu-d={b6vroptz(Q(8arN@SB6iW0r?p%XJHj`-3qcf_VjBf>uacl>T#%Wk!kB zb<6ARx&m6WJ*;UH$|ME&)MoN*@afR0hKz&DuT@bIIa;CvbraQRaoCNd?a(g;6Y@aQdLB!>=rZvIA zEXO9~UX*gh@M5sw4M}mo%&Ug1&bewuZ%Ks|r;x;O%o8de zSGMZ^7-gE8;A$!97p@e%v@9~E@NLd3-FUxy4?9Vj0I^CB8*j5tq^u*jfik#qvaoj~+C)x8 zxT!QpNQ9Lm%{>28XuUDwF)cyhTPRcyj0&b6kB~prsfJvU*PrcIf$-rXPxL6K`N-D`|gV5wSH~ zcNo_|JtLL3M`6_oz&J%R1FzckGhq?4*z^b(+bqsv$3=nogJ~1Jli}@?Ts)r<##}zj zhXB6vCM@dbjdx*C#^I(qT1ZuAsNJ3l#!p$OMXeUEEm#umv#@mgfdLr$_M7Ye8%feG zU~XaI79?h1rL~g}7p*?e7g_kcF#6_#{V3V@$zR-nu@|r7k>}poIS*SVknk8fSg&Xe zwnI$MKd3E!Xx!e#@9f2spWX!jGt>GvOtoe=amcvPj-`0oO;3vAX4B$A|4Ih5W3AWK z(fOTHf~okvX%+*`A-R1XhAZ>`HuhgGN}d#}n0I;bqW%1xoB3Zd1pjZsu7C-+-M>;1 zF>QQ|S^qb4`L{g9|3(T2QSFqpw6wmyK6S3CFc)Hcq1CUQj8-bZKt@#3qG9dx#(Jxd zC@(@oQ_~*-fr0E6WT<^Fz}D3dm(~8`LqjcoJQJ?ddWh&k=o(ckF+t&%f&FZll@_Df zF2$f!x@PG)(130=q8iTB@`?XcgigMY<8Vke)tb8bOXLBcXf648H(|dZ7D~%nEZ8H5 z--?yT$(D#RTl^o90Pm}@A)A;+y5=D^f3}V9S<-TPN89d->bG{FJZ|-2Ar@C9pCUI7 zu5@E@s0iDj31$@Srv^ySJ`hx=iZT`sX)+Z<1{Jm-?CRvY*cph;1y|PK6J_M{7{WKY{%GEJ+pCkc`%f@p)^&S$x+c_IcwNh zt$?6SK-1gIPJ|UJEL>@L0wTaVs@*E6%+_&&i_9?cEc~ILF$cR}<&4wOu{@cNGbq_S zF4s#^FS3Uiij>R-H|Sc%rhZWRVPNnh<2C$3uv<;ty08%^EPUR~)M9s&1*Pm1<6M*% zHnxc7nqpmvYybTvvtjXKzZ|`zK%r;aNr{D_y@<0Vr3v4gL~YXE?q)J_<~pLRqCBUF z2wsa|To=t`t{)bAVd8;vCKHp@l#%0Q9*86V;aNfjxv#UVuK?$43UaN9i#zIkApN#) zYut%y1{Za+;bI#JJDI%9#X=r=r~g+D^k{NX z>)~56V0TZXUbeeK@rw3Uex(W{u!g;}VlU6cT-ebqVw_e*NkyA6SvH|9GLyTnQlBad zUp(E8MyfbL_N{&UeD}WF;T%(;>Q+d?m|E-L51^c-vzv3~IP;=q;VY=Jk<^|TI?&)x z*=6Yq`s2g1F@nT3$5QPVjR{TDmt;(^#huJSvnM#Vm3>BySc{~65EIv_Aq|ArX!5X& zP>{ZS0+;BWtb8>o1(f3TQAPlsf}6!-4xci^e|oDcAk+O zB9oL?cxBOEQKlF`3$IF!pH!}TOS8A}+w1NNr|672=mBGE!#;VK_lSLEk9=&Kq6yr_ zKzmk`{$dt=zAJsjNL?hu@^D z-y~_US^$&=^v(~-TPkDC$iRZ7!68iszOhYp=RpzACJd9cRYfJQY>cFoDF#rv+ZO| z5g4MUQ6J_HkA85it;jE(SlK)EI!pqCdGm?_hZoJ7)bcgYY#SLOprhxj6LElP@nf7g zetM42$yU2Xu~JSz%V_D{g?+h8Z9&OqsM}F@cu&Uq1NZoOvt|@agzBDCc>M)e*80zE zbgBPj0mhplJ;tiqW+PA?ag=3jiwq<^KQ=JmY*VW&EU`QYrXeUCXB(TkW-p)43&B%;60YL>xC_r5c*3AJBn`(soV6l|UjQfF_uPr)fOfSi1=Qg&A5Q_-UF zMqpF1se^@7tpO^t8Ew0~u+Z!X+=%_dqPV#D5w(>;>n$e7V9L3yhewcR7$o4RMlDI# zV_YngqS+rEt*eLi0(AO{`splI=VDWFM+EBqo6re0K*^!?>P9z1;a7A+au(lM%2*Y| z|Lzsaz_w8S*MqU28`qD~|0*JQvPBE~Z?@rot1wv6F&C{}RYJ-6ox{gL&P`zyrehA< zUqB7}y*9_5;{Uub;eU6h|EOg!a^!@Zliu1N$3c=9_NNZc=A6#Im$n`&=zs z9D@+>L}pEm3N6RW{rUNFP0`D_Z!F#x^IwR9pP|k_uNoT~xP!&Ti2qtZ`%Z{&L!Z^@ zN<<2t1!V+%>LF4mx^;WjitXa=-g&v8i-mT^>j3 zt1L=y0OjKIH5B8|W_g8k*fzR}7yA1uy`VjYNH^Hu&LimJ&7Te1KAUV%!(d$d?VgpJ zI#|GooZs6QPTc0Dy<=M`;?IrEZV2+(oytA-J@&rvm}a`juC1-Ty}dm;I&y3G)ye&6 zm|_4NmyQTU?dtW#XKo{Vz?=Ol-%DI%5%#M5dvuHUOtAgTreanV#w{J;db?E<4mjt_ za}Sl`#@XIk|MWeg^Fsya%*68w_TxH@ZMb|Mb=bIE`_)!@1zT>}YSW_I5!bT4#(}^n z$`WYme1Y*F5x~4PFb`*`<1VDnZb<_6n3H1pnq#x!boililm7I~5)7I~bY&MkGivk_ z#6i~=4c_w@Tv6?t{^kGSL*b!zz9R1e{+b7(SlL_UGcvDkOf> zSArLa6NKQr$F)wDDUQEe^*-Wd?2K$(mRkcJS)@};{#Y+il{m#h*M7Zf!pfP{szw?- zuOr~tn0}yGP1^b=oMP*K!GbvV6{^^!E@zC*EBXE#=k2We8J-0rdU~5z)cuXcrhTUb za_>0E5nfjy&@2w|7;yjnYtM?Yw6Nc+Xk1OzBtJ?(!)jmGFCyvW6wdxy7saPD3g@fIiX{N^_2ro6&ex$ zL{YXMbVCjB(%*a)kyeE2s_8a=^ZopP^s97Tp zb|2uw>-JC)fbZ0rEKDZm_ki%U`Ryza20D=}6MEN;HNS5g&9?=01G9}qGt=S{Q}E%s#EaHJJyn!@w#e_ho?}-7Dp*)#9&KHTqb!^c zb-}~Wa>gm+LM3NV&p9o4rE}J=OS&3V49?8$0kvDJ^jhnjwnk8@m*}VVzvoDe`EWF$ zX62o^yjIHxoTXQSwkr2bE5w5Fbxvm)!*OVp=r3I|x*!_5CfJiD{Em6tTy9faK+nM& z+c$Ah^CKNiY%$ebZKK=KGkvQp3*vJjE+M&x7ciRK{sJy`dG`sv?s{aD_{fY*wzNK5N!jB*R7<0 zSyfa9xeY7b|3kqdgL79s+yEIl=rr6)5gN{MCZFgRuxwrdvdM;gr!_UA`YGT0&+hmV0_ucgoihO8egC`-dbfEF*sQ!P)CWQ|xF1 z!e{0xpn~e*@$?$aYJ-Q1S(P2xJ{6JM&GSjoY@N>3jb*)^KE+nJwv?|}^7e0y-PhYK zVlfc6cegtm=e>kLTJfak(IM4>rdTicAWf2$iNN!7Hcb}qT9u-2a?%x>O;fZ01HB{z z*Xf^8XTWw|g(FKR`GG}a?Nz|gsp*3CbGP-^n1f;24=jkm^*xJ_bbjNFZ{|MXyIH4W zRs&tmOS>xEB5T!ieMiob%TqG9qlv*sV3=}i(q59c|p&)&?jf0*$%^HXGL?hc27 zDL7$W9O&Xic5F#)s5C;r$k>n)OhiTco)EtdQ={4d@afYh8H$>ztq_E+hI45~)%1QfLBD!Ne@G9}J%v9ju0VEcP>yPZyO~=--D} zXt$XEr3|1Q@T8!kNj>`Z49$T=>kI5gRD^ZK`YK!F4__ATXmNq4um0`zX7{_e%WqD* zh~^qGaH5+g|BbVr<*`*7eDnWT-8;b_a@`D9ma%u&Y-w4^q$~luuS3f7W^8Wsr ziDNU{K6Q z{}t9xQf}jCtr}b*G-S zwH5V+nQk4b%OFqs5qLf7xns+}!9CqU~w@4Vi@(5=-7`FgiY_4pGqvKKJBL zxYuVDNR+2zwlj;U;G}1Vs;M@V%k2^*?sB@iD5@F{jc&@1Tx;z%a}NIC#GMIBrJ&a! zJDUN}(|eCKU}tKI7?x;qcEq#bf~DGB4;I?m+9-wG#xitub<@+*PxMGNn~91 z{3Xc>Z{^xnbyQ8JiOAfx3)Pay-REC6CKhiN*0>Cb^uOaFwpA%hU}{X`x0+OH_CW-j z&V#k&NK|OkugsqnP3M{h=Iu55wvWjth8R5Z7fW&jbAGR5;~wrq&PV*SGCpX2TFCR| z0U-wJ_of*GYSDP@%#VtWd@LMm3+l?Qy6}ASsn*JNoL+KS&U!TYWL~mdN7{ejVQ;LX zyT+goq!Z??|3hV@A-M6cwbL?bTx$bv2xIxVtn9{ziRTL-V_I>M9;~qn6|gm$?Lv0D z59xQ=HS_WEGSJgYNlRDhG=}5i&90h*JqopNcJpK6gnBi<$sYG>I>WwF>D{1TqoI9D z{*R$=@%Cl-$t$_2nBq2iG_yNjN>0cNc_2O zZ7K{0RTvB+`mg@^f0O0*Z$$8aN74SxegAI?g#XPCCuXgGJWKBMxj!8Y3=E_g^gZn- zK}q!2;Ia!HujVii4?t9;_VKv$(XURHn6X|IWgt&4RHX#ua1;JU)>@CNU zU()E7X*V(Wdoim`b2}gR#ruEiyt#scgC7x{?Z}f*(Lc|1znIT9i5?LY7rsZeIiPcY z_=o)=2mS9cv{Rm&T^;*BA~2|5(V`kZ6;DllB1-`J^`DLKw8)-s7TD7604v>VMPT z|5-)$f9>+j@1grq{9oCOT?32@H2<}J`#S!)$KL=9BsocbMSa(iU&Pfl?5x6W*o%H#X;BIxQLksPY;Mh%fpM_``2m`M@x zBGyAGESoy5NsHMTNhvAcf7aG7(e(jtR790Ly?ua^9Uq@L+hhGS*gZ_eE{TOeu&Gk* zBkH|CW5M~qsQKcv5551%0?-`)>r?o*Qu3EBHRb zz-i}1=e)V&Td`JJce)a;^UdTr3)RA65H5SW8O}jJ*+P zZ>=jTg~F*iq{Z`yk(dsSREMi1h_{8UpJ&$!#EIbtt@&)(eonB&O0vz zxOT`iLe&^qxC&(nl)Q|HViiztOINau*wH^2`UuwPZ~pz83r*(b6~ulrW2^NBoJF0i z3sBXUUhSsE;Cl5EbdZ_nJK!b6ICj<4`OO-BdS;662^n!Zw}#dw9ELZO!`Q}W>H$hp zw?)eEf$|f!1EEWeok*Hmr$!x6Nircy`R8>xZdb>C*X`QqkeG=)Y(3F=l;b?#({HXp zR211<;Q9hsHIrg!XfnV3X^WIze^C~J=l^~9J~{9!x6o}?(LI@Sx_8i5I`hq~w?5X> zAzs>^mE!^)tdd0>1s2CE@60?xt+Hzs3e6y_xSq-=`XLBXS)JY5Eb#L3%pulD+E>LZ zQ(IsYnbO&&ApWLa*;sB*NB2=9IW{vl-fRE*p=3Z#c5&g#S@h5KeVIj`Y+Rdfk(uY4 z(1a_^>-j%K0F!z_fI)PW5>7&tv-ZabMGX>mLm33F@MWTJNVsuef&qF;*?wi_gc!p| zjr?|PW@?n3^TMW_1gU3?E^I~3h*W1UT(W8>8~>)owO%xI4ep;D?lGx{-Kk53s}41E zD_h5~0M{=d)yD}gsUxhoS-b(`x3`Ufwc2m&J0I9Ry^NWdemG%9eNVCjm8-<+>-&CT z&aCs4E=%B~f(Ru|oNf!zM$H~9-hxLBthN2jVr(ohSqlwyp@+$KUrL`)xQi5 zTGCsIq|jyHGrdbIaLP1*nmT##XIV81YU!^j!~QgL)7MWXS=S1xy1iT;`jDlh&1cf0 zoi{47TUk-&>uEh-_d!apLfL-GdY-^A#Z9~IH-mSv0V_Ul62}s#dchb*T1>}BlE+(6 zLD-Gn`NUc&7duzk|Ns8A%_qA3PXZ`$CZ|&r>X)KCG!yn-?6|n;aA=jp=AWQ0o73FW4lP#)U(`+-ogeU=<6EoEKZyl+0~jUj)ippz*$!K;dAkV!fO7 z=+nIndq*q(`Y7EM)4UyP-+^ziJB~5FrdKav<7WchzMvEcXT|4yuI5g&`)<2qU3bGY zn!F}9!cGQ-kybw)6yZE1x_rf7&wPh?8ox3VV^g-sTe-!q-;zgkPa&p?nA9797>h3< z<5Fi)oV%Uw5JvonwQyqAy(*d0^`OpgI8Rvxf5TIQkK~q6Owz1FLUZIlKw_n~FwxbW z11jjct5|hQsm8E9cNY(@z9<+Hy&q$^+ErKt2@8iX$!j0$wL*-|Hgc0Yg}Yf!B3Y-@ z@((+w^OCN*y+5{;Nztet(L=Num^th?rF9uNdKm4fEUx7n87N+eJ3-`XQ_XU+`vBJU z3d;0<#E&gilk7%}w`$6PhBE!pm?(yQx(rL--TnO{{3a)UWnSeOkE4Cyc_y)Tg~Nwf znwt>{7BF^C=#3k?Uzd4rTlQtF(=4(VDhqqP|IlloBBSDunbJ~kwLM76UkZ|I&;zSJ zbu1|8nS!*0b`Ac3fPeKLR!o<5`M4s-Gg4kis>(i~(u$^XxAh3A&E0R@rzXqu?)?~L zOV(O3Dr6w5sWOzoy!cRM%Sq+yW2UZbEraIh$OLzdARteM>+7S+3KNP*Bh*EZgCv0P>KXkv8dFr_ zs9KTdWkJy+VK9oD7}y40LDjflzQDCaLj;uMf2*GbSYfTn-h5qGPy5l+U0f<^?I}iQ zYGJx#UMYER_+vyG@`tL<=U7ZCmRr+ae zyneNnn#CeFIgl^3!5xt@YLtqo3wRl??^A<5a|uwrJxqI0J*M0}9Y5cyI0x zxHCR62nx-3X3R`(= z&}-nRX{nR;sW)OzFGU1?0QV*E)L4jAX_fSsgDFmm&b}F0*?Z&OVM>oHo$ho$qaec8 z7P(Vw+nHSBR?p~#RtWdKy?w=r)L^jNa_;zTi++KGl8W~RDeC-H7lyautaZ7m^I4gc zt9te@lo>*hzF+-N+h&emUq4TWb3V-h3GZ5nUGcN&dR*nhvgzT2?8nFHorxS(vU1%k zk95^bvAfN~qn}h`Y@M$9O?dj}H|fS>2_|~fC6-F?(47079sO$6c$;Ia0sSTDR|z6R z8*s#`)-f|NohHybO%6HGXj#L^40`mUzS^X^2c>~g7rV)(SBq&mwIA!Lem=|+{Z zi&Tw|Rx{V9uENXK(cUmgZmfKNCuGM(%pcpkM4Jdq#>y!xSc-Ly*`Z?+f}q4`k>!%C zFeO_M1KRt30wOp#?%1gL_)Nx67#@z+= z8O+Pcwo8A)er*@b-QW>-UXZTNhL`6Cl!syE$vF~P7Y1b;P{oKzMPgCts5MTqu=Kcl zd4_yIOT%JEd9;l?VX-D>wtUp zcQM|(g{*K1Hs}Nywkod$qrJTyey`53PeYoCy|l9_(wWK4@&_MBd(lEUUlVAcRvJR-YYwt9t)Q&tB2v>AIe! zSMl@yT>=JdnWy-IuXouIuQ9$rLMyE00>mXFu`zkZ{V&y*dxS6v9y13zR5Ji zLzwb(iEi5eovEgdNg_nPmC7Q*Ajx(KQQV1gf*3@Oq!Zy49$>#hZZ3kbQGHqa9;#(8 z*poF}MDi!h?HNYI?7w^$db@8I>l_nxJF?L2y1lNwO5S>3$)YwKy6q~Q<*=Rb)?i%V zauTTd6P)rJ6{E=MFW>|XE3v`7c`zv_(c7!g^gjb*QcPs``C0{b(*IzBQ@5l@uWV*zsIX8M8L)zY z>m{;yB5KPq8QAtf-z1|tDf*kNf%Ggi42&0t{9$!aEF)msT!Pxz*xU?$!yc|hN(%VoTeza#r0 zJN(fUhWPSefSKG);`Dp-L42O{)wS*UuF%_b$CC#bIZs)5Utnu%>%!t93WXY5-?vfn zstzg*-D}u|Vo{ONn`OUF>qiNj0-@j$W&c_{_ z$ZUY`G2DM(3|-mX7M!e8c=zV;FDw8bP}b9eg(Mk1yQsl6meeYrJH4}RP^dYPFVj9; z43U#J{z-UJwi~x99Z_x3d1L&v34`z652pV%hTz%!G=*9nih%rl#pyt=3FAzV@!Mb1 zr+!t@J5grV7Rw|TupOTn6cnVaZ2k`l^-U~wxY~pEr1jxdC0E=BM~hpdc`eQwlekGO zZJTcQ`-uxh@!i!okQ1lT?&&`1r%I<+tt*xMHuV`x)dJ-QXgU^+f5}Jc$xe>T2Gqn$ z)3S3nuLW9)BPJC=s)B5atz1M~d;^I2L51i33&s9&8Vt%@E$Yo-QdphyYMCCN= zR%dMyY`$upJ|m=z^%>s_By&0pt?hp^EGM0BZZlhHceHc={-}?TLJ=dMs2QDEhajP{ zrR6#T)uW~5u=RutVbr=K&2AS{AqYzt6n!WCDCw!#Rur+*Z6ynDe@gqg@`AxS+P86g z5Wk+o+sHVQ{m){wv8%k7lp{qIrV`?=0|_jB(wyWdjp!12(7U*R*C%oI!9vl`m~OIf z?t9fqXT&8ZJ+kLP+AeQZFE(^uEJ>p317yA5L&oo5TL|0Koc4aWF1i<%I^ijBcT~`) z2PoX^`~wR`4@h{*{gj=25hcpv8=Ux!_TG_)EIXRJpd+~XHoS0-p;z^~fcqZx(H6FS zDj@U}H+5rn+(MzEq(^bcAiWNQX=}!H?;G*M21k~>&0)Lzd94chX~YPlFEwe?qj~yv z{tmGR-p1`ax8pb6uOqtsLx=H=$*jG;&Nc-U9aTvzbv*5aaRSd>n%Pexm=i!15|4J?C&Uq+gQvrA@WKjh@q8D)b*4PyUi!9o z3$NU5R#u3XptYLEe#>E~o9=a01sKT$-wq z6>a5q-5CC4KcyT&&8{H9o$)U#_ttwmQw9nFJ4D-~BYPFsW!vW=+t$Av z?QJ@i@@`fcuGlQ1wb)IBO2eRBd=qm{6zPiL-D0IlhWCZ=`%D8solM3A;y=ewqeXMq&4mTjVSRtPr z)7;5nP>v2+NCB%FQo=`aVYm$!ono9qy|@EFgzF%12$pkIH-$A6iWuSY%a+Sj9-Y(&3T6Q&g8bDpf< zWmed`o>c}4<6FuDL1XZ%b_ep6)On>bLiJA3KV8}2P#O^o0OT}kl4oww4^DvWGKq`R z9fYQ3w3Vy91#NRQQR??b^2Pb1$H%;4=6>uVlBHMfku`mH3;4L06vDvgp6Hm8I`{GG7y;_Yboy;UWM-jI5WS>%!)NxvK4mWZbW`X8CpKV zF28ZRF6nw9X0H&UoDi$?UMCv9nH)y^6XD4o&ttc&)UgSsrrJBVl2QL90sH{Fueak0 zeZemkGN3uVRr3c0%vGh#*M6@p4-|c7pBS7JaEWlJ!jQ=neFdO1p}nsG!l6}Noc)|j zBgj6LJMFHJ$9d+7znSG$g3e{p$TxGxmbDCYLOhf;eQK12`jh<$hJ!K-_JHmw=cnym zR8Z@#`)HlZHT`=k0sTx|e4Gf6(5w!5-ZxpRgFHEFf#>E1c{CrST?U|q;wyY5wuwQY> zq?oHl8qsu#82Y6Txw!#i0;Fd5AtR}yu97JDch4$AaFNtqOt)k*tiaqarmAap^}Kq- z|L$Y;#}AU8m3l=u;gkDLXq9TZo4^iI5rbO8ZiZ@X6Sn>~l6B8}(tEIi{SKyt+wMmE z^NX2#1)7zZfa`<`$GaJ)*)k|^7LMevncbQxW0eO+K>KR5LfpKo6A>}=DYwgVBk4e- zj#-h>!auZ6s%`Jc8$SAX(%9%*KOPpSMo;ocUy>!%!R-UKiwX>TACa ziq2?NRZ1cP2tCha7CS2(#rANq;pz$?%^i8_>R@kgZ)?jzcNH_LGl=j;z~+x?SL!Dv zSV0wf4+t6i%1^NEW;r5C9?4?6Fp%bF6~cNZQ<&0I`6!vOcn%B2Vpdhc>{te)OtRs5 zGk2A`OO${PNUWu&b-h~&!6mp+aKEN;p52=rwQ~YN85zqKU^y*pyHsQ(ecA*W6?evC zHKxQTDziE|??+Zy8%J$ow(RQTOoWo(R3@zvW<~0_OMl8^-Bw&UJlF(;7eGh2k*XPwwq z2^z!H2FDng;sI-Nm;LKsy4r7fCmSgo(G%AfP3x(&J}2B`?9cm}5)n|D$F5j1T#&#O z2vCXRG8+|oT&V)~kCa;f6K@;6JODB!%;f&Gf63d{_Rb9AeYdoya4N+9TK=&g*3CWN ze(%HQ#5So|xsjxLe85o%+*)Js3+1}0>J<=UB={SEX9aL`b3^eZ;O!|I-NGSBK)p8U zyIF61ag6Uu;sGW+?DA(v2xPLyaAd|!cNqVXB0wl_De(Qp`D$aM0A2I>#5vmFQmDU# ziEOw_Mn>j>V^Bq>j>GoAR8pOb_;dh~RQe?_Vkg>d^UQ#aCP^C%2q$0t8O;1I38??Y z4*uUK8~;Xg{q4U@2b8}POC0Y}QyVE~n{w-KRx=LzAwVpTPhF${R?Jm9$M)S{M>##~ zzpuz3FVa!Pc39#Q<(vpo)iacB@+Pro6{$VXmZ3qZPNj=y7^=CUHRrkF*!8YG9tblOF&{u`zqmm}!l<>}4 za;g^5Sv?mkbk&c8ptSsFBc;)d?s96r>hO4+_o{2*F*%u>s8##aJmQlj+@W(-QGnOGAhc7CW)Z;+i7OU1{%Jj7!HYgw~OmH>Y1IAcXo}HbWw72-s4Nl zl=5~c4^ik(c_S;Z;(4# z6)3gOk24TC__}~vuYiq2{C6S4xac6Ms;iBUGo5O3_QCiD~twN#2q4?a@p#4&# zgR}xf^mUAZ_%pkDdzb~j?PPRvT zMpW2aa62Jd{S&hv_9Kt>vfl4H+;+b`iZ81RU3IM#9v!iJX8-kG6$D=C-V@;T04>Wz z3F69CykSN+S62dv+p3s!6p4{4D(as4mlUj9MA~Q_3cesG`Dv^EcC3vxDGJj2-6O?& znh}?+o=y1pts4vyw{cw5!rowP6E4cA>aCJxP; zq$@s(+e#eT=Ovq?c+*+8GP~HSuAGPV^a#*?jgG)Qm{;yhUr1wOJ%9)A;X@9Linx(a zQMLYg#Ql*xz1Kl^{VwJ@+JD8i>t8S@S~&K-v3g)>N-+x!ccqn-h%#wz?q>%kB0jDm zacfPsUILa=+x|U1b*#4Tb^8L{LIFVnJe{n;(mcxPs+7Oy&u5pQwPj>!GaTi}WtOd_ zfzU`!G7;2)@hcE(CUoB#Hg%(}Za1xZ>Ja9!c)H;*3m)FSgk*6owuzqn^Ar;w&y=O4 z9!z#^VMrE*945iz{FB~1n}%r+8+;K4Pu60TpK5@0@`nwLO#x$$HMdU5Q0e}$ zk7!|3`r@tSI{Y+?`c3wp0OW*e*4h4PQ5p3kT_rRqwUnkNZRpw5VvQa`v6Z-aO>A?W zKXn~)NpBc!7IxVgD~&~RVpspd0#@fvV^x@)uX976Zj4s3q3XakeZ1?>U=&E{`z{DdeUj+cmR)2~J3tYa+9Q|zBgD4&Q=}Nh_%?I>QOn)}|1u?*#7{C5Qo)i$gzJ??L zekL%$r7F*ttS-?$vl)IBZ*$TQ#qH^Jvfe)g+$XP6d^ZkS#TUlG^B&9jXTb(H(5`*G z2aE2}DcRzCVod6J03^CuY3vOAZzMsSaLK7Xd~}X+J_Ymq2O{;~P$U6~Hh|b>f3$WJ z<2&C81NKBPs`qifTw#dsk#|j2Nq$;C+Nru2KJ93Uk??&y_gXT>uWU;+>*B+yllczsd-HUACm!`a{Yn6FMGrLYs=k`o3~{A~Rjc$`v$kj^x#-h5Hc7zFko=)tUTZlx z578NXwrnkH`&h!{p|Jpg1#?h5g=>`XUshXw2Ds$Th9v#3xn87F6$Yl9t-q^J@>Mj| zl@N07wsD}|DK28HtrSx2^d+Pga73X?ng-I`E6$T&{smAO{m`w=DLIR>sc)^V<_SAX zA%z#q3=0(%IhvIY9Q7KFCCzw6#PH}ob4Q~}`jdQF76z{h*98(dW#%D~JHPDfZ zVHzX!R*oF(2+uoV(jYUh85+uOw27VD#~?zx#g7WlvRZ$bvPB1Bp;~kH7J7uYSgIRe+xU8GE5)G1FSO6)F3{_He4TH1XF|L{!-;r3o7q&z z#sl68jX|;ES{CV+&*}6$ZI3m}cQgiz`qBi4^lPkD^w1u19a!P_f0)c}Yky?Es*EY*gA{mf-wNS2?dP)So)@;BqL^npbswL0xj zv&Gtb>G#gECaVe5hF-EQVfXTq%ie;FQG8ZNr0tBRqFUOgb{xdj+dA%E31Gw!&4!-{ zsoOoU;XqLOxKd@fqLUYI>tqV4e_AZEvM)*9?IB1UuNfK}pVJ%+VP!97YxJ*X`a2&T zFvSFjAL1{pyiBuEZ40s1Zk_BXXN3fxsIRzra@)qgh{EN`RNE94ulbwN8*;!lHt&eH0_kH+OgNiyZCO?Le{Mg(8`Y;>qHfIYIf#OAzyh*%`7 z4)1^v91Hv33`w2W{oepdWxXew!IaHRNzkRcZ@^xc9Xf^tfijmyzIoRu=ya;m5WUhv z1obU9ZRBx8r7Z|^*XVQ#Pw-uRci=WErjgFGM`iH*l9IHUuxUAk-qaW7l|RVtEs)TR zRU8|O)XIwc?*Dd&o*I)LzjS)k)q&YLcv~zfu-6VamE5GT4N;oZZWvx`5`*ftmG9Sk zgZ(P-z3m`7Ut0ybnm5{{?X8Me^}C&IKXQL6dR`29I)mQtfV|&JM6z#3sW~QDq)V_z zsaBaPBv~((5&sY2zUVErT;dy)H@NQUC7-Y6C!a0G@`zlVt$5OBoGpBJl>NmW*udxf zG$O3#=6@fp8WRqiogJlz1~}NilWl+L!yyJi6XKXrHZ%GL@vU>h_a)=}UV{#a(uLUf#(qMdxBC0S!u}ob%JSTVgH{=E^IRH^}s+yqt%eiKs^ zwLCww+`Kkhex1Vc?uN)cpG-4_B>m4_D%P<;q_4y3a&DkoBI!-w(M-+cGEo8pZt zmjsZ~Eb)i&-iofN`x($YdQKI8lMj;s5lanoOEh+vuD{I_rXjCC#aP+r>>n^`Q~fc% z{qde?WnES8%8X5@&^oDO*%AH7cJ)xw5X!p^8*J5y{vLDt^8_SIwPc@uGb)@TY)BDI zQMjq>?BSZ+u`EvXE}cP4)v07qkjS;m>Wk z2pL-JnzqlJ2k58vN!UBbw;3D|QE|}9GM8y~2LT5wh@u7BS+}_F8c3}}37wvK5KaR2 z5Cd-=STLONFOG#3yo6%kpQzQXNj??P9%-KLIxpGvgzs~(tR-CSmEZHuQ?^GVmgF`M zS*2|lbSN5Z0Z0l(LSDXjH6o0W^GIV@E5t> z-rjoozVTbjBHsn7Sgt0906$0xX69HJtRn)spb<;9Skwmeqjw zwlH_q;2Zd}RN+)C+VyQhvIO{{??$HakRF7aL783rQxdP+O)I1zMHQ5oSQBRVim?}h zUTm{E`FS%@re#F~S3zQ%=$H3TJiRjrYOfMsjO%aX5pB(F9rgAq067|y#8x!$J~^G5jd8M<6;NxTl0ejX{t`?U z=?SS4GJ+Zw{B0Bz@b<7Ac0rT`2Qmdh^6UBpHEXRGJh!5{u61Q5xQqA?_I2Gx>GK=t zW~_zwn(ioPM1dVdha*X0$pJoH58^5GQO!vln5j?%>mb6J$S^o9$kfn_@a=j-3vtH- zDn(*{6<6fm&^YTdW_=dw3V39}FF!?aJmay7HoJt7s!uw|ve%(5_9fRw+!4vtsE!ZD zYP-ujt9uJU0rUR}1@i*p6)N6a5px!BD(<*JQhTQB0~Dw5&op{BvR8d4JRnW`dtO3K zzGU^QNLOitf-q4i~2!kvc^6n z5{iuACS%Y}mEmetqKU`NiY#1AVPohQoSIa(DJ;cv@QSp<9xp z|0=Dz%nFOkxKVZ5; z2nfh)@K~_;_3da{vu!qb1&FR`iu|r3#WAqYWoUd6y%p@j3Sto#w`k_l)Z*P%jp>?S zCl13wX~8;hwgT6e)bLl{#Bx%4tqq>6%t6z2v}#io8W*{-cQaxu&hcDby}V-F>Tp^P z6-LZhzcLGqg@w$!EWi|W%RYV3&fe3;T!8H!r;&q@AK!mal}RLOy8|KnT!O`yu@sJo zjpwQO0sb;5fdvsvWuO{otaWLLo5SJLJ`>sBocvSB#jec@Bs-wKPNgan#qr%<=Jmq1 zbe?Xz$f^>RATzUZ?Ltu9lV4+P=UrHHk;V1(G3r#gBroK$(`kA5@yq*ives7v44&Y~ z7j42%EL~|m!9aYdk=WBkvjpm5c@ zQjjcDvGh2tyr5_g&TOw3rcTM|lD~QcVMhj_M|g=e_gef)PlebQE*8FMq)2H7(jRqu3;2G!BPjIgFvbhb8<(dWGdcYhtoNsBl1QWFF z-M;M_5MUvS6xZ+vO6E8%UO(AThF7U#aI#uJ75&_Q2WI^W(0m;AWpy-cZk4Lp+1Y`? z69BKLTV){be+yZUD6gAbpslOsQoKtEGzqcU8EVsh&$itNVjA{oXZ5c9WO73cg7Z@rK5XH=d)D!ejIEj@7h)d69eV(sC=3r0QsAM@yA#@Kdit zr{FMYtEG0`#E4!jf^_*QRYZ!B;DqK!qsjdWmEj{0aM=&i0HuE(JK*2@C9>g>@4a`s z&$lDPB8^hh0@fwlPZ;6@PU>c!p(&Vxy(J3PKd4DP$9^Ql{ROEO_}zGuckXmB0Ze(k_K z1bRLhxPKm{%6&vl6<9nc%C$b%A1WH%;5?0LSU-MuvTzT&U^{TWqT8S-FaIt)yr%zW zQt{oFy1MwBnCl#kzD4sF16zVT7pMzpGl$2KOPJBwT&tJOhznwuM`!lpjKX{7q!RnP zXYxhi#j~l=UA1}bP5#sEq~Wd?(=jE~$Ma>|3sd{2)m9HV1fI`4ZAc94*3I!CJz4)O z*AxQ6><1?4tuycsYn@BN1C|fF@Bw3oSZ$c2fZvmcxFW-M|Z-*(BMWfQ~4*;*{XCgq{CrQpV z?zZoER)MYOm7md#?fWP!_@$I&x-Rfs(2x}At;1#oNYa4RhFUvK-}j^LCu*7O0`2-u zKe`BSO1Q6gOZffWY|H3tI>iQ6en-;8NsB_!iNB|BzT$6o0!yNd+?*rbUg)TX`)vRG z#&y(3z6in;RL`u6G!ge8VE;Re(kZJS=V%G`^;yby%l(7fQX#k zUr^7XXoyAgjm5j$uJmO+?KVn(Q+e|Wb7285TV$lk&#ACdzo}o{@#*p52(r8KH)}TR#neXn8F%S{O!e^ICnVFS683wg(_-m`zj3k;ObUaDN&X1s1I z&5#f(WLm`q*y-kms4Br#&tQp7wCSq0e)jkh)+$As!i3wZVb-z*|5TcNX18&)6E*Ho zV8$H1BO?uMz-S-1D)4-5yZ72f5!uNjox>q;HTGo35b)t1V1hogMj_Hsem#bQgH| z+WyD{H7H{IrvG8R$#vu+L76^^+(9JAY^1U|t-93a)x|f_xn5xRZyFk!__(-7Oia4P z1~Nb{L6XpAEdTscaI=<|k7CC&J>-paTsNO#5nEg?&w~KAPGP+ao4gqa7s`aV?IO1!p zit%8PO{Ldk&n~usqjuW>$({!zD@AD_BtJBr=c7O_twv!HIPEV1cQ2-TNTX~&uepwPwt=U9@U+R{K&T2>GS8fl{|`Y-g&3eYXahQT)ErH zj=$`c=EkLk6>Oi!on>Ob-&8P;nP@3XNg!8<$(z`ip08PZE0wnhilMi+2b_4npLEPj z``Ce4bp)$8jk1TA0k>9kh}HT#%=dptNJJM6zsxhc&0Kh@5$ONSMUp+#Ay$W5Zbrtp zSddd*1P(rbT|5Tuf)Z5$9=ZF;<@B1cmia2Y?$9N@;#PP`uXLz3^NF+QRD%k?zlZ#p z6}2=zFnC7^jp*^kQG3}4r+!G7xd&I%UHjD$nJYTY)}?Q&SM_Gm$bWk=LM`p_a7DFG zgtV9br&)WeG4aYER~XS{15I4HJUU4SyP=}9EB z4pO_^?X|bv1a4?vTMS7lk~}XwMB{g_q5#mH@ZN+4ZBos_K~oO13G9WlBrpHM0z{ro zh!sAyPE{xOod_Xk*psfgp)%24A}^^#szK=%cR>xtI00{iPvR*z_Zqjv4Uf%^^{~$sWA8*JFExD#`ejDH=rN2c8XY~A4oW`C^iuaE8Si+^)BH}nQy1076Q^}Gi1*RGnXb2>n z7T!dQj%XM9&`|jgC4VV9MBwbGPpdWaEa582EhmEA7YjVBVrkRDlY#xuUu06U-U-N< z2fWFy34kEs)oTh@vDCj+l){Q)ASYm~7qA%#B)TP!iPs^yZ8@Oj*a4c}cyvu1m5m+O zs+|q|YPXSTvss?GPc5vp5OL6}{l^&|x2pdiC;YL4?w#Jcgie>)5(9$l!eyPo<-EUr zLvHIDk;mS;_q^nk^;nU}-vVY{UeKZC{xg=WVa`dOTW^l1*R@&ht#i{<=r3V4$s_~k zZ!Bza0)mhU-G8nVaYvC=L^nSTV!;_Cd#9I5iYq1m*q05sA4Ij4l)4C2(5MHb*_zf)oMiXG3sgmR6%;Z21I z^?{s!0dzHuwAOYP`>2Mqn2STwA4wxq7v~4O$&tWeFY`wR`k09;K6cYnQ{TLK^AYgk z6Zp4p-y|=Nus?D~E|;J{A{ijIy3!ri%5qBuI7E$O+M>7EFtBiR(&PtGo`)uHiCP06 z_^(e@z-K>-7Z*$izSHrTt$Hhn$aX}G>~dQFKGTKpsmRob3lL0_Dv0uP1Y5>K`Aft4 zV)m-&F015cU2Y3Y%`fE*#cR~$r&+7YUqbrx$BP6Bp?($Sgq()+=5M)yk~?q2 z4r_T5D2mREk#s_<5&KzFbuhz?Z<<|@$o)o!{N1b844_! z)&8fGB>l42FV7beQLX1nHp`GG$q*z1)PgJ&1Djo1OBvewEr|iO^D{7$TEgWf_0Fzk@PNGbG z-DBeukJs0WfqDfDNlp$I^32{ma2;x#^IAnSjjLMJUaWSLQttNYBd(Jr(gqskCjQ;2 zTz1sqBLV@qB8xe~XT+I#zuLKkTI_#X-Q^?#bpqSKA68$CmOSa%F!OB=aQ@cLb9^cD zql@u~!Ce>Br&byjq~AXqsJ;+iO?##Ccs5+($WB**==1&q%t8Ih zMr{mNw^Sg}`l`e`;8gvt-`^M=9Suonpe+9t>(iet_Py~c5I4Hp0vPQ8mrU7r!&%?} zUn3Te0BU{UvfBin@rXSl48`J+ok7Z{PmkfaBe>+*@$;4O7y*Y3Lc@{arTI5eh53f{Eprd(>iu?;qed4` zI+A|OCR#832-D+x&1_NpQ!^yOY(&G0iS^l}xgIZfk9+PGvl+f6a}R&XyHJ_2dfOnA zR`M?4`Au+~%Lt+Gm`y5#?pEz=K69$+s>0#}eZ`!Og|rFbq(=h<27m$itRV7mI$pSz zG=^>aC93L~siBYC0eT~=gAgK1V#rCuYUXEZ7+ur7E>{cVVF}`mS7T8uT93tim!`AvIhlc|!%0WKm9W-1x7Ds@X^9XE1Z}j!t=5pFM z=%c?CXWykrFRE|itTsCQepX5_OhNU%it5dXewNh)PkC#mALCf9qMb~4b>WgYgO&4L z5NrZ32B(?bKRsdNXJvo-u63_*Ibx|9n!{VeU>UY>-Ms zRv_`faXZk{(&;s?M`RzRR=-+@&UR4LJmn0&Oor!> zN3X+XW{RYz>@A*Wt@L!<$l8bww8AsD#dpQO7~)5W%KMe`REly@pzK_0K%c6z+`kou z+nIdzUKP-9E1M9`SBlP3pUN>9i@K#MbshAqHb<~cjYJi<;T$|>>aN-|_3eYbe$DHJ zl;Hs5Yme>?2!t9$){+Vud5}g$?;8tPY=BC4uV3>=AB0Z*dbz2Lb;IY1FCR4d?f~1Q zedmuqI}?lx;ox&!`Mi0|LP;QWiZmQW2!)&hJ5EjCk6ay+K>?j-=CNBMd3Ol75}u}ExE0GUw~PZD zfHvVWx_Lf?RX__mp@&;Q6;rCGE5z(<00l5T;^X3`NtbfTW&_r0%N{19&4=}8Whw=d2pHCIqmeY z8mJZ&6&5X1TLFj(a8${ o;k>xOpzs*r{p**f@#>Yg+4F~2=|XscSFR|?s7jYey?XQi0j@RpRsaA1 literal 0 HcmV?d00001 diff --git a/docsource/images/K8SJKS-basic-store-type-dialog.png b/docsource/images/K8SJKS-basic-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..ef24d0435a8481e3d1f79950069d372d83dbdbe5 GIT binary patch literal 44358 zcmbrmXH-*NyETlWq9Pz5AR?et1p(>Ol@>aJ6zNLup@m*lq<4_sq<10&LJuOn_f81X zA)ymWNZ((mcp;JmmCfz=k`8qUox&_8lp%$B>f z(o(L{t=(Ugjd`1!Zq>18?5d(N2_Ww_UD$t!jc@2Gp5-y+eyS@#3=fUdm2zk&_VJ)A z5ZN48Si}_$0g#vXzq&wNbq8RHZeNcyp%vTTiXHNRQPR)=j9Zsn8ray`*IY!}Uq8Zs zEw1`83Dg7+IG_n2r=z=IDzRezb%TH)OO55HqDsQL(;;S9G2zWkIs$^F5;;@M$JtzQso+6WmFFlq; zkk@%OEbGWh@_a`ZvW_1fyrS(lo1;;y(|W@2)mw>g-My&aZ=)n1Y3H1wH4%lsdupRG zn(bNim}%{{7H_%QT@a2`M)l(N-P#{rz1?hOCRQkh?0|;dQV(Lf^2&6|)tFw5IuBEq zc<*4=1N&SkGp>5_8(OyM=-~RMCRn%qDE`aNjc$-{Ye*Wz2t&b1F z?S9lr&50+7LXic{b=OlYdZ!oY1Wyc0$P*6fxxzGZPYA6}P128X55jIc&Xp5-sE0?Y zO1Zp~l!h{pCqJgidb7K`&2S&4G-K$83FS`8U0yE!Hclgy&>Rt()RTl&h$1s21v=l0 zoKf;X`HhgbEI7Gu0BBU__N_=3P*BoX&V-Nn$Nnd&lMRTFsm;1XIR0vD4XjdaX~BWJ zFHetJ-60<$^V&j4Cz!$7D@p{6GKcj5(yBX?6YjoMQHLDw%m@)oyv!Lp?p?aq3-I zXly=P|8lNOdJ>Cc?0faDvoD}tCZFaesM~gE7aMX6WK$B~6ZdtOJH58QGoU;N0b!Cxia)^zM~4l9&QOkP%_Uu$k1+U9P2bFhw<*Bk5b z?y3j0?j|OJ%Y9r!au(OK@|o6+EiOhq>f)1jbRU6{r$3;iuU-&!fdzjEec!$yuXX@s z8{<}&Z6Lkom-`FsLr9uFw|i{`Y~D|{n+oY<37HA$(Et*kZ-bln{lU>tW4i2?Atyki zDWGf~uF;4Fjjc9T7Q>w2O0$J#IZ<%&CRN3>h`OmJ!qXG07`Ns!{qs378pk`jLbI-$ zfa;~vW@fU@;dQc6jdoJMU&wUSu+HTR`1qkDg?Ko)>|0dpeeM0bsyqBPlsXk!j&^tD zpk?lqtu3iT_p32ePnd1i*pLBoXv~yEmv_1cZ2jo>;8)nl5TJme$@6c`*6+&5$Q`e} z^kF@21|?E|FLFxbQ|o81osI_+tIAq4MdP zMfB*pOD@xzyQp(bBdLdr> z%wZX2d`Ya=F!U)ME-N`c*&d+1vWwX_0Vli1csihSz#*u1QZv8P7QkLy%xeO1o}|t~ zdqkdz#IzI$x54rYv3QIFklJsLB4?TXD%yGq%^N3HwY+RmYs7g8ek@%cY>V2d^sPFO z(@ZmozsD_G+l}w1CdUgR8tV$5>_h21R!ve$*-6oQAsBCrTNv5S4Ti0zk=^?(Dnk{L z@y@yuQjRjl=&evQL5UwMB7$6o4NN3kUGzRY16qpbElgK-b=uiwiwwR2x2VWPXVujn z)G+K=Z~i4j-P0btxjXeoA}HC)-D?) z?Bt|Lo;^-nREJ75RqjQdwuiBY(bcim*Zkq_M)nARx8$2AYNInXGK_xSa1i=WRgJUV z@L&k4r@n4O-#RsP!eO3rPwJgK`!1i~S$-LCH^}4hV19L0!MhAp5Eyw z2-w6PVgU0Lf5hBT<2gL7PsQtuTmp`6ibxj}8evPlCCt`<-cvGG&roEpk8{#G>arnM1L+i2hIoFMq$f z$vs>iPz{FGoXio*kIHqiu?343u{ZV%^O!et z+S+s5{wRHWx5M?w5ptLf{E>jIgpU^=*Xc(iBXrJS^@w>j zvG&w^Im|&cKAv=8jb1p+;8nBF++KhWt}ZXe-^#rw&jMOkBsin~IIdZ*Kc;{wr-CFa z%7{MMD(GauD>i;d+{N6-)X*(Myk%2CV_V{{;O=gkZGx16#NO7zhG4SJnd zM3iC|7Ma*@#%PSbzksqPF_F!ue)>`=xx2HswgIq6Tu3S+Hox2dtwV-!s-;yTaORoU z&Gs(+;o!N%Jhwf@*@kx%G5AUK?RS2e7H={kQcy_?9rX`b!yr`yB+zwsqw6%V}4^I;@De;AAxxJ+nB7OypE7 z+ixmB@4yL}i9`G2VEfiYhi%bXGzAIZtScqe!py(8UE93_{KPBLBJU^OTN|p*jqIqe zPi5jAb%ml2y1M{uwsj$7PIaKt`sfqTcg!l~7+<`M3~3>8N%hal-Ma`er=J)%y)%rt z>Ce0v9CkjctOc0E#pAk_?7#50Me&<#{b6vsS3b7*HOm$%+;-0jZR#dWY#k1 zB)@K+-j-KIK`lXj@+-3i-I%!t*vakFGebQ!mHF7$iIL8|TfJm-;o>49fTK!G7>%?FtjW zfqg9z{d7Uli_y5|A&t}kaUF}SEW2z-`j767Ey-uNF`2)1&%F+hX&!Q^lT79UjgemO zL4umFmdYa+P^IHK-D6OkBBk1p34PJV*myS*+YGAw4*rNVTKaR1^A6^!Rvo zmlo`Fn!|84E!h0;Fx!_?9C4)QJw@CbG* za}~iQSvLC~1=1k*P1~)5>jXfvON{EF8c?xvdkwwnPVghuUn;B+bn}n+iP0~M4z4z1 z63?&-9e6tXu#wo>6cfE#Twkmg_JoRtMy|nfXeMDL@9%0@Xm~`5qQW7Kh*Y%ZQD|tI z{=w?EUH`0%l)kf^V28e7A1ifFMJ_(Gsh-`LTZ$72boZo0TwJ#UyN529PM@O>O38-i z?kva%Gg^ER3iu=gW^24Z4Sv<^aao*R?l?#YrBmdH1gHU}C>}eL)x%{7CEyZ%5>uai zdaQ?M|2XVA_Y(q^)z$oRR-2+TB_2Lw;(pHktx<#)!?qg^X(B_fc1%2RG@iMb3%U?m zqCZsAjPXg3W>H+PDdtAr>O|arU-P-0B@FdRgxSU)Xr6#ev-uqs8J-wBOxe7ag=mwb z|4iW7<%jm#fPckhPD6Lb06(6*-%y(te?d1 zbf|S!PTHVm@jIP312;}=}A7psmHwj=G&G^ABplB zPHHPE%Rfq-44v65sj6e9ge>y&^0}x(tbY{{JZ3JOn$b)L5|t=ZU7*cu53(vFG# z!r=r@GhDifo-B?sx+WO+Eqwd7L&ubB+TN7^s^0eiR!}6#f*uSFO^Vas81ZBDT@ZV{ zL?YqMsv!@W4BoR)p3(8(6^Ivq{T|{lUIhyQO9}aY%5$5{EUM!3b;=PXWdCBwbD>7!$WDcA#g`%DL9NsUuRJFJVDuE#kd^sNI<2HJx`V~@pFlSk^WSu$_cg-iR^Ly*-jdsK4)IvII&%`g9SUE+fI;j`~J|#%A$g zsyVnp7ZVR7r}~Ysqme0-&Jz7_3zui&T2bMNM{rb(2Oi8texX=9V?0`La~{P$gkq}& zdsphfJteAyd`lgqhl6^w-;ctBAj^~E_Td+^!55`0@vD&|p#@=C?sNz(#?)W$Xc(&a z-Jr)GFMju&^}M~{HQQ;S0$pa!?!SbU_04=@W)}l`v{X%qa#k}wiXF9cPoh^M0j|0H zEo9s}eXJal^aKIV(S0e*cpst5Id9{g4bGA8DzyAgowZrQrvus#{Mik!2r>w$*#aO< z46f90?ZM3IL{trYTlMSow6uByHX@?V7ega&SHmjvx`G{f?lGUPk=e?a^-{WFqyCJy z53(&t?2=1D8|fkeO@C@z!qRu0e#)wG2~RjriN1A@ye03J%WXuPHlwfajnB7n_^MjS z0YiRXpWbKhD&dhX@N~oSduw!-S^9Jl4-?9wTD&O%nYP{5=Jw+OS~k6=Hm{^(j`<~GKC z_a8fV{WX;Qv`J+!<>?)=&lC-%jmem1a5WOD*n&$D3>KQ&&ThyKhe) zKE4hKvVPM?z@3ZiqpJ-+*HfK@nMIlPb)dS}dECu(eQQf~39S844?g4Uqaf0#o z<21q|Zk;`?UOeSa`uO!6C>p)!TUQ^`0S2%6XnJC54 zJfM3?(UXx$=A}hcLR-WdoO`goCWD{4La_b>Ts-b@XOAXGQsjJTeu~qgdVf*2fWA~R zo}oJ?d5+dUWqxGV!`Prf^JETcw!2zwmP7ZK&8JVO*O+IAAx0&o6!JlarYFbWpTL|~l`;}L<4sCXYp{w7vbBP2*x^2j`lY{oq%kwXKZjdkmK-)k2p!8lm z8IAdujE+qyOHzOA(v_Ozi+egU0e{MtT1OeuVgAhWBXD@7HaM>nK`}Mt!m_x}!ec2FN{_lyW(dGD@aPQ;_S` z^k8V(FInqZFWHb#SF2r-@AJ^k<`@rR&?AqFE$1voqQqv8MG^O~lo};D?LrY|zjLBIzpGlRC_DiH!Nz{dPl5S9PQE z{(1kUmchUC)0C^eRASyTaa%J(6D2ss*zZqnebW^H@%ua_=Tx5Bd38~Ily@pD{zg4_ zdNuR%c>IHf7^t_psmt%Eo8xrGsQX9jgVL;Xf_xq^q2o69Nj*u?8WFE4awY_7U8d+2 zBmGB6Y)8~MgNR3t_d0W&5t-wH3kPs8moh!gFHb0dzRGKzyS+)a$0M!RSOsz16(Ckr z>M>}zAhAe(hrrX9=VQf`YPygH!Ejt0X`nyPRcOP7eC+LJtCP#k_cRS!k#NK5^Urtw z&=6$Z&&?L{=YWyjPowNU6}}jxvX&-4A&D*d@yUCKU;5RxZ&i^HAT zX%u|UZ#CoP$|$Tc4hCV&P<@S@>frjEB+t5eKYEo-UR51W+t_90<=HB8vTQY~9YUh* zlK}%N&&9ZXmcHJ@*QUj^GpVJCQbSb{3NyZahtEx1@XDP8Ub>4}qtT>M--!=UrV&)n zXCV*=XMLRav|m2SJw*gug>K387ty#_JQCdAJyJV#m2X6nh%K_9>+xFQ-U|o%ySi3{ zyQG?}21O~Q@Y_X*aUn^`5&cHNkGHi3{gD*+AAk(qyB&C5%sd<&U*sRhO6)ocZlC+< zv@{e!ff-lNOhCynktS954ogozc(e}i+1b6ort@&6E61ooI>T=Qe;tkLRyI@fe4yJ1 zUq5)dSah&eET}F)y};9gH9&l>9Z8HAnRoxjP>4J=AQ@)_Vdqjk5D&l&pFe%m*I(=h zlr`qMXI1-}Oa78zmXI*>S&aKo6l2ZYLYQ|0Mq0P4x}tSNXcPVM)O#OHFncAjn(h+> z)ZmS!PW-J9@_Ag$%1EMHsP|jc*s2e|<65i!Ws_eW%!lRdhJi`ehFQ zTxGN}eY7rm2v=iF_mNeg_#iw`&Bn{^;y&+r_WqDA4fM(?Hc!711m|p~`n&mZFD^Sb91fq&Sc+Ml%;_rs_@e@J6%D#rH}uw@HJm>}?bX z`GEd|Pq#3pY%!xq;sqbKMiUZuI>vOT+%K=K-E}9@xjP*x-FapW*gV3ks~4E`JqE!| z?Qmh`-ef_OtqLBvOmu=Yn(dsT$skHh!6$MXEg=ZcF}fdHcSm`nPgmN6|NP~`2Z}SJ z*S7-Ju-xCLhXMkT&?Nj?h7mc+)qBi@=*t&BLfq_%Fnm`-b2^q?ndyvQ*2aG}h=Bt) zQnj$!TN(VvBj!M&dIjEnf|8h`O!P0V+?vqZh=tx+urV z?o#vAHHNIF&WCk=?866PVCc48rf35v`AM<^x?eG6LALY-`8`w?o%M+R?Mi+VNTv&lKZU~&BTL`+0C1OCd+6d zD2Vi%9Mv?Ht@DScgj1Vct>#c1pnUO_(5<(aK)YFEBoW};2zQJD^@oTt&nw3mXQ}XK zawhsIdm^_wIuB?0(5&rUMf5;<`91}lsO8EX5hmmsB;y{o>sL4L06e+ zB+rixxhMT=a`r}fdgMhT#gr~qvB8oOiFD#g9*H?$PF+f>Kzx}fTPskP=Y_@e3n?$G zetT7Ly3L+Rvp;U!RjzmUj@gdz6pu?lT#ACY({`Q%pQav6(o>ZAE7qJ1?zdZiIt03O zK}?mKhZ`ydQyyB@P0}~LOMcw)lO#wM#zOcX4m6Xmj`4`#WKRo-iej*EvKB76A=`B@BD^?w7DC~ z(qUmyXMV)e%hY@mm111yN;u2fJ47hP<1raukf&%30L6|hawh|#kM)|^DarDcm{v?< z44dE3vi?oK$?xI;_3$0p$(rH*OXtRHKDQ9LBqH>jSDSBkE$c2zjN#^fpKF;g_&EUJ z((!askSXl(UXy*gg5>_<35lvcO2Dj6>kFOD1qvBCbDTIFU&}6Xp&IgdvB+w z$hc3bSd|N@pC#WVB)8e4$?xyIIgjW^ZgQ*{aImrC6G=&E{fxD=&r-$-L2ZZpg@VM< zO!++x8+^GB?bdXqzPF6C%f7B*zuE%)X|Xnw@Lh>1$; znaS$gix=0R9u-~6ynCx$2lj050d&*q(bFfJy}&y7LbKo0;sOdL{xIFY^jRjtMsfF| z!AOj|jtuo`xsEQe-nA*|%2Ynn*;esI{3V&t7Q7 z5>FlExVJf2`3GJ7XUi`_;Uqd*KGwplC^<^`hwN-ItE~IWojV&v?&TeKyA2g1?DLnMGnIG9asZ(Rym`Zii$V*lx9wxn=9I7I| zA1CJmh1J^iAfZ`YkgSU3GN$wrU~FB4J#Jn064QS^KHkMc_NZL(K~~FpDCCnhoft-b z+_Yl)Tdh6JAid_+{Hok!QshKOeb|Wyn(=+ibEePp0BXodC9e}ReH+~K*w83N!9_Fr zF)InfjU8!@`VSiy3W}Jxh%LEAI|*oi1!J>W#>gaIxPZ_YR^P#1bpKRTu!LvSe&MUz zU5+F1SbN-X)4RtuulM#+z`W%0E^^CS!oYLj#mh#|?caaWGHBQ)vNJvR-WfTy4h;x1 zWY+7^XVmOX*&ChK#cE_lj8?I+tpzJ}wJQtmQ^qMS$k1oXV* zhDX`wGXIb&c#{_W+>N@5Oo0jpQPAf;z@%7W9&`#u4*T{liYzKbQvTC~#G}f=b+^7F@>c) ze)2dIWB-+$C!k49%igeKb+c!pnmJ$2Mezc%5?|X(PFR69f{<~DjO}foPLM?&O>%~7 z1+)Xc3gm~tvhb2-kLNS}YBs;=xbclr;RJ?hnBM1yv~s18yj`bBZZ}`1LONoGQ9rX0 z7XG5c&=Qitr-Icc6DW!2wcfBwdW`FGp)hvx78%ey!&j#3#t~qHl(n$}ny!vCnjh_@ zrFGuzuc+8re3R)uRJB1~b-23!H*Q!|l2XQxxoWE+|8v@&TjQ*-)6r!_34p5wvQP3h zVe!V^#9^DM^Kf(=lw(YLIrCC42603Zgn0QAOt_SO(!uBB_Oo{T1$g3@8D)uiOuPMcS)O-@Ln0M1Z90yO!X~sTp-2M`NyG3!|+r|`nz+34PL#J5)~48_vpq}h3CtL z+vncSu3-slHEQRZR|%kBQq0BGd+Vs%cwiAiK4&(?u_Kmh(35u!f|HkOW)J>^MKG zKd)+Q)48?Csgz#-%VQks5tC)ZZW2_1w!S1aqhVEN)8*2*m%lDJv9cBt?$a~`4Gyk| zIn~}7*>kuHClu!!;TNCf7zi!j_0q+)RWV;kFM*_{i`p zKAwyh@up$2x6;!A@_?=lyuhZ1vFv>-BV)2)S%K0x;roWoU|Vn;8G7@j)4mCMEs zVB4Mj&78D2d%-$w(E~6jD;2$?kcys*Zh_RsGNuWYvAn-WC&aGq?)QGu+kxfb;|86C zRuFKf#f*ed9X@?yU%<-+je3rp)i-VrsvIpgH*!R;MT7`-^o|p|b1<`c+a4X!bqVWc zi$YZu(HRxB0m7&4+nI-7@l+k^Fz>VZM|BozX3=1`>qwSho-(AprxLX(Ht#eg`bfF7 z10+V7yxA?j2;kt3KX&Ma2rKfrSaEcQKNJWjws%vFb+1$T44j| z^O!Ue*Nzo8t&sR}H3V(xf*7A)&`8!c4+l`i;T2^nmgC2DuyafycIvJ}S|pJ9`GvVZ zPt{(^Wo;s-F6=}NVBhxquv3oBekM!Y`6LsKDg9dfV0??&&e4B=2s7>f1MxbiLegPO zGVWq=WlZtL^AMN481p_x+Hz;2fsoy~_xa{W7lk|I^ygCE4!Fgs&_UY#8(#6@u|P@F zIY}?~VT`U$q`}e6YD||7GJLAKlw$ zXMlVM(W&HL4VdE=oIJt4FW!iESJr&_Mt`#BpS!=09{g7&>faQkee2W~|G;F5pJnj+ zWGVuJTV&{e{Cu9=d`%EY0^a24*(bgYY1g>6<~SA5?|&mp z5#aqM|5ylb?qe{u|Bt#`d&I=DfPg@LK|w_`S*n7i2I497^laWBN(V7OjCUql_2q8Q zvLyO=d#h!MpKq6e7x|HpVM#H6?Af$QKxT5X$Ml0KZJ(t*$&=tKeW=264}TPn70Nsi573hK9vD z!=wwc*2_Vl{}J+}t8`hV_r1d?%w)#*Df*K?Ksmu;L<+$a`LX0jxHaA|w=`Q*JaD-K z3=p&W6cVdv{`GuOo!`_e95!O!XO5~xpL}u^+Gx5-trZ4-fxcW-m zJTC^Na0g$7gaK8Kb`{QuDYxpLd7{z^$D{y+q3UvZzf1FrkXI=%!JYoLt38fzo4A_D<nwz;>0CqsqRMa$Bq!? zwNv_0xjQ~iOFU%%tww+RICH+e{j%z^k6x-WBbC|pLIiCTfx)l)@Kbj$?eFYUEMzz= zMrvkPY=H$~aPXLI?KVr0(o2gM_@RH*4kIxd^j1_$YQ!hIosQ&RE>6WlIr|rgI zUv(;I&!MD0Xy=53W+Yx+ccOx@wRA1-wkZR@))DJW4TdWPQ}ou_#uZgmmQ1(Dr$V=L znOyhTUZ;_=zEYo>LT>4YWC zyZOemL1unZCS)Yqx{X1DPoW~!moN@~u}(*S;5@k4B3_lKKSFzuYO;%|kZEJFBDCgq z=Outc!~H z;Voz(Wj2{;rL>jWn*pw?xQqmi3~NLhW&?Y4!mzs0bOvuytvyH9KGT9M3#~`CozCBs zOgYs*lapO^DS%bC?WTKOyTSLL8Z3JYb&k61aFbZsR1Z6nTV<-QL+2Y06E@V7kRO!; zCkNw1MY_F%3-k)R+(MMe#ED68zi=HhBXcrK@{Y? z^DDaiL@vSyNE?i0#GV|72je#l{Kp;v+X|D*jpn^1E9#A|c@7sBm&HXZ=s3m8xy~B| zOXny5dg=cG$89=;C9PlA14p2-n`D5OV#pfz7?0=zvhje)NMU&*^4u3M#fp@Q>ye*Kg_EFL^NGtZRe{^)T6*u2{J(6c1hcDG0mh>67`s0xJu-o-$Rpy#A zsO-1zY_qw%+mpZGxi@Ae}Ev-&uR?CEr0PL@Fh z{CUwu;~6m9NovRu^*OUsUT3{rZCagV|H6UXvwDT!(;(BUB!S6NDxT(t4N8eg7H>wW zvgCY6tAkY7b?j}PbCMVemg*FwX8t|@N*AS9rdvSU>4Bmsz3)0%i3q*H}f{|QMc)kFoinNBMIPRAsjaE6h^auQC2{cN*kQX7i! z1j!ABRnnOS?1KcKbf~Q)jl5bcEmy9CF+gxAu+BoAx68d>0m`XBWwVHv4sx5}zehHe zIqjS=mrG5~y)~>(HUUXh?Ew5Vh%;v?%zG{+L3r8wAI%`fOg|29IQ;fl>Ed$sZVbPY zY4(q>?JOuWS;*D8kcSSO1ws?`mKUOtBEiZgx0sl%gslOkC+RLXyQWPQHjew} zsH<{bMSxWRm3_9TMp^w1^~a}0ttYtFXMzqgE6wl`SXp5PE=pK|4WJ33^y>6pDd0ZB z7;v$f>7+5O^XL?;sd%K}x3h>7Cy7ItbvJ4j>PO=!Ut8<|Q}3(7czv!4wAsBS8S(pM z7A$`buuQl64RTKHNsT&BdIcUEk_iK04nEP{+xGCR#S0_Tohfj6j`O} zD}dlMXYG65k!2YcdLowWns_dqMWviI%c)bM1J+N}nX)$C6ELT3`gY*c?-eExVpWjf zkEG(%DR7v@`{}jE-ZPx#maUCxBeW_jKeiMM*lXR+(7jqS`Nse41K|xmDLy{K665D= zWi(|EqS&Fn8cDTRnrEfIH<~BLoXu?I;+D}DgN3gSXmo*}9^%)z#W}Mk>Yc~79UKKJ z>whG)BerWz(caEW+XW*IhF|H7=!Kbd6R@NUjozjKQ6flm=H1mAx0LZKjzMdo%587mviIh-vX+_F3#}N~U-NwOOWC~V)x06C!Ya+3zP%ai zVsQofHZS`|G%~@{fh%cJPDK^KVDsBxd!JWrhg%l#fdUc%kiYH$u;b~28V@(6&Js-b*4_7 z#Y1Kt5OEz7pNv_!6|FTRAjJdzYl*s&7byP!0IKEq?`*YiBKlA?CcXzDQrN#}e`|#}57GeAna5dLT}OPjml2o4WpuCH;@8 z!COnMMz}p5P368l`wKaZp{ZlxMFm9TuxE3_bhpMMWGTE3+?ec_FX${;G`Q7tfjBIxIIP1KV8@F*eP>nuOmtV3XfiB^2Q zSmM16ow=MM2D{uGWts*uC>?YN^p7^pPeWnFD}J;b5}OgT<`K~csQ9b|sa-rna_1aI z5DSM}2|d@`p8SD})Yi>n@v<$?#Q z=uCE=B+S;d1Wjb)TF{9OZiOWW*z+_a-sm||yI*R9-oY=7yjB9>b*|ZJ&qrzd_U_yJ z%heb*DYxsTp&$kwdR7SyJJ3q(>UqMN=+xLJP(tG9QzUJYW$F_;Rne|Rd#VGT{@M(j zSxAg2+<^)tv%Q?KL049tY%qxCC)vfn66yu4gZBERV)h*G9~jUL$VtIZRw{@}x&G?d z>*x0kEWWUK94Gt7NpfnhicC{cv^GVyQK8@izoaH18yBMHgLzK{IKX7=&&+gG3h4QKqf@kbP+1IlS=Ncr$*t2OV6_#EpheemZy z4vsZ-gap4oIFxipjcYo5Ra8EpA5)8HsD^!u0Ka@jJJ9ipY_dM^YHc@G$4y^4gq@cu zm<~3m(ckOx05_r5Gd%>f4~wK{67D>d^lrq9bio^;{s;_PN6dZI?9AB(=6=O`i(CX`KBB*w&K# zu_+!G-@dY#f3x8skWgAXNExou+HZL@LXqkj{m?T1$?Zwt8gQLS5xBEqZo7p`G>rCM zN^#Y%oG&;rs8EAZWuO~yHIayida0d%pVJVM(Uz+{=}`3XEXv$FEyT7AP7ZG3Rh%zH z3!0Wfc)?=kCj;ciYJTfM7hO78#)0*N!kd#BBtyAB#AVo~HGe=r$mno?y_4M^O`Og7 zD0Mfa-32D}Te0f4Fu%nAmf&vv zUkUENZ5I99%XbkIfL+_Tyu_od#IX+Nb=W^v9mm72rkmR_C%E}=IYQYzVrtC% zb<%WpyzBX36Rv3A=PsSw=q-`1q$PL!4Q7!mr_Dm(E?GUZriBl< zqV7!I-_}XyEgML6U*3+Q8>-}U?!U~S^gUkO=9mXIH!^L=PDfQqoi#ooF)eadwx$MZ zPZb!L#LW7i=yL8FNHpADZ$3v+UnA9zuSc(w z6uEl7gSb=wY)XQ~eH74!w|wJB2v37olHN!dbzVI;Zk4ND9-HKG)F}NjO!E*tJXh^c zC1n<58*v^#{_r6<+_wkQYCW56Q6IPH+53Zy6nGFEqdz!3(~0%bE!qL1lv=4?QeW?P z9u8%HKTP_D?$j#PaZLdFcshi$C$4O&sNxXh246BL^BW?ydP_9`bk^6=UuBhvuBysI zmL>onnN-;(dR}(0eRY^It&fwxDdr~{uUkIUr|I{34*147tbD7hf`IC!F{?4T;x%RG z#8Xc{`mU$#1w1$7;vjT2%-R>KA~#m-c=KH`77h_J?~^)p3z>B-1l^68xR%)?FUCzS zE=^+7pgGQqj@Ah64?~w-bSw$XC9`48rY#4W$zHe$>I7a+Rq`X6vN4xJvBB%-bsNt+ zVwzJ_$8MtxW;y6TwE5C7<82i^lqDyWH~wVk!BHOr>8L&g+a(cx5OV^DiNKO~3E3o_r)NtdlsAcwAQ z`63>zN^cI8T^;hY(YBR*B}iqYrLEKgKTMd6&<^gRG=RP6p9^^DtG(oEY`ay@TbrwJ zfWcXQNIHus6MlUcf9)(Pb=!qEHfSN?C%T4xy?=pd{VMO4H%@5HO`*!)QI*kjab=4B zM2C5u! zkqToIL%#LZ$2{=6wPi%ULrL<7PywntIX4J?Lzctf$WCGJquS5eFZ)N94HC_Sa#UvT z{-+jDx!Z@iynnDgSz1nARkbEN#bJB9gs1Lt2Yqmjb{y7drVOHX%SB&wU@IWeQh-hu z)KaGXqFSE`q9(9w;)ihJ8@n5jJNj@or5!=XwrC17S3An=(X0qv-8)v}H`Go98S<5P zy%4~|pHB0qT76-MIa!G$yr|Ia&vUKTSn%d3E;hOE=!-YuRnvc`cft5lJI}`3#pSx# z`r;M$FLdI&C`dNO;7jmp2uzvo=#bUYdh`#2-Q3)quLEAk$7>#nWEO#v>&m_rFFj=Y zozVUtj5&e_cGixU7%*t$KfgTi*2DyXzz!ms_x}*%@$y8(8m~RL`1*>Q;tQisYAj5O zI^mtl`>%Ic>!*=;yyb3iKU+;uU%me6g8Uc>CZ=!KY1vp+O-)TjC05dYj780MMwwz} zLKB`%U+QqJFBpT9QLNq0_{;r13NN(L42+77_CFdFra`bsI`n3hNMoQDeE*D7{Z3Zk zo&T+p_upXfzpt?{)plSjp(d#LG<-|~^IKc+Om}e29lC!l(WCR7X6D)_|)lGeNB;<)}qz)C8^UjkP2AmI;&n^hh6odTVzFbuVhc7axr#Un#!(3sE!09 z5*}w;eRNc#dD7=>M$Ar0Le?n$DsO1u5s5xMHzWJx6Vedj#~qDxX-3O%Z6dU08usNF z)e9=yCieO-+4hH#wTSLRJGe#9{EPLBNjXcftP+WjucTV}AP*bmOB0?}Lnow*AMCjS zm9OvyR0{=}4XO7873O$)+}|nXF3meC<7+oyL!)x3&)cLmT#Yth! zcj~vocN4ZmP@I3G`3QSda0ZSeAtb z=vA(v7{z=cQ%Kk2ivoRgdDPh0qaFE%(0ngfBZ#iU8!y=C55@W6nufE|*Mk_}V|CJL z0U;fWacCo3Q8q{@b>0!#r=BIHS82vYGW9;;4U+b$avxaal#FQ7-_8hfaRa?+LE+$N z8P8Ji6WgQK68@wn$eRco=$@^RM}7Ts9!tDjpDkTqDQ|;KEptj_$L+7c<+|dpxE4RY zPbtZ8G-KPcX3URwYx_c3;%3{mvFy`eqhGEN&u30|Kg@cabr7THcw+42rZQmY)AoW` z&A7amjV`y7FDR6bffyD=-7Cm4s#sH2>(YlrkG~`uHWAngEKBZvJhei`#jev@@IkTD zCCZp{{r}_bt>fBE_kGdIv`i_|Qnc9M4#gb?Ey3M_6blZ;i~<;k>(*cW+#bXD_9BD>pyS7 zURcjxqpg%_4p|lF*}w1I{C1wRoG1&m?$XGjwEj4(#XIHJ7Vfo8uJJ^L!&uqHFVbx8 z?5fTSeEaq-{Hu~ikCI{37o{(@4ICNGj+!|8m2gES z2)Xt~@sLq*&#;|S*-0_}Mhkm=y+O+Paq=;dt+SaOq{0GnKvKXkG7{!g991g7QG3R& z95YCfVm7YI*YA=8Pa542<#TCyqked~aJ|mobQA2;rkQ)Z`*2BVuCb3Z>(|np5^G(s zUo`8)&ADS&F7h@L89gY>C@anJCXskpexMe{hv;J&{;mA}y*Hc*Tou*@vKg&z+6kl6 z24V@LHr}=obV@jpn!YP$j7>c)M_O|duMZs9t81$Bp%ME`xoyrlUo{P-0@~G@O)N1B z7rGbD+AdSa{giVPxSq~El`WVEH8`asuy3Gg@vxyA{$PVBH@a%w}=^)9&_3^UF~c*jyy*RTCbZ#=(aK~!-u5=TQ0S7MWi5ZhH8;X8cZgPeH{etzV4h`JQLfzXeI2b@$;Lf)`Y6B_{<`w1~|JFKSug6Z_En+9!AU6 zt(H_VprI9?7iT-V%=h$Tkkegh3{kN*GFK@je}e#7%vP9vR0NrWG>rOaXAk8vaZIex z1DowTkw4QbhDRIUnhkXa;&b^j6!RqB00@?vsv_gJj2tVZ3d>^)gomy4-MYIhvVSZ4 zYc{ihXN;F*>s29+D6oZor#;yB0!Fr9KOX!$EK-_-0S`F9&$Jd|-i+5V@;q##Lk1D* z{wKcQOk#w13V5grxq1#j4gF`n|5MzQF+eo|+xY^3hydB*o(iXW&NV>zoBWONPkz%L z5&M$wiCw(B%-w71_*Xc@V`BavaOfE|-V8wZ-(Kg5qeJw`Ow7*!ILDsYb4PTUTs7nR z{azma$FDCg1a9|@fvx=47a-0Ui_zs@&9J8Lpxm$m#~r)&6aO!|Kl0Uo(EY!EwMsU+ z=9WpQwfFJ)HdYH*`C0aB`Um&0RRK4flM2)A9fd{F1<)z4h2*h$`2ic%(>>UW*L2(N z+orE)BD^s_fl-x?kCBK9Nk2p)WX-NAl3_D4tz%bV z=p{G)RM-EovE&7+23nvEd$$zWsa06X3giqqa=pg@xbnXT(TW+Or)cJ?+Ra2?j7krb zHF!sjQ}!)@$9cO4KFf=0>Lex-E3xH(`(Frxd*d>5hQ8@b%x!Z);sr;P4H}$UrnKlC zrZQYUM9qT@El?3UI;*Lhb)07y#yZ&&J3J0g`j%ncb*@Mx=gh#3O`C5KL*hMDP26QQ zPxaSf?N24YVnsAomJ{af<2I5eDuN#*o>`Iz``q32v8S|qr=c^dZ6`YF z6L7RC=iRr+Tr{cruoiniLnyu|l|+;xbJlZPQ;o|FHq$Vf_oMgM|C`V+px+Z%Etb2LgOw+C;~p9Rk>4DV#nRkmv)cskXuQe2_`ffFNGK#tJ@*hVVpWeZa^KTzuAZ$M z$#n(M@(ON~CqWZ-tRerufJT)`b%?vBY2hbl57()>yc5st;cBGm>#I&%@ay1|7-+Xy zK~9-zyv=E$mbFF1`l+&1LKzEjQ%!23oXb0Hp{*LDGE=ST1hyhaLptoW0FF9+cEeMp zwe8R`aCfh))(_89;~P2w8UfyCza7)iw8U={n3j8$bq~HX?IE(zLvaL_V*2zeu#xlU zYU48*H7(e6C*FQQALku=TN=NmWq{QFSP~d26|h=YfvVc67<+ zU}0gf9LphW*&ai-1+*&|8bj^%2uNy&#++!J-Np+E0>C;dJK{s?i6H`JmGJ-_VV?zur z`~<*=QElcVp8L~PwtE-@o^}uAFo9uP*?hg=9jq?l0&mcll4~$$h)$FNX!Z z#e!FYf`Wh$ef1rv$SW}60KL)pfcO`oMUafF%Sy>r>PW7UTb$e>5Cf?2$ zMWk~*x?*a0imIlta&fs^omX@8Dk=kAu?)bjJmwAYJ)5%Zh@!l`LY5vM9qsv& zBH^aiHf2Jy^D`a^9X+d{y5hMjd`>0bSOMeGKDKd(ICj4ZFD6Yo;KP*PUf@!Q)H*ISqPS)(i&zWa zf)=`k4T=*qD1vix8cSMx#xyN@nwkxkMXD1ZHAW3;%vppAP(DrHMUv}DgZ*p@N}2(Y z>wuuqpMnX+gs1mIMsdB36mkIB-(S2#t&OS?)n z$v6H|_+w3dCTwEX!yzI%+sKy}W2|9nRvsHfoAK9Px;kJBi`cmyw#1yxSl!Ujq~njn z)CKCaSvy#w@l!6lzrTIF;iO5)ScZ+GarmclRk8f_Ig8fvBGs}^TQ@-={ta`x{~D2C z`^=Qq+Lfwd%I#!T4`!iT14f^j{;qRyyj^gljwKP1WzogcXXEy;Qd{ca?X#l`TKjY= z6&4Fg#ONC;dr~qQ4eJwxJ2F13N&o)6_m0D+s0vCFwwN%+nw+ln^zD}rD3cJ(rm>E; zuS|-MG>5~n{y;&4&#aUeEJ7wT{{!1Y?>c!omZ%@?n{J-pSU%Nuq%^i3N?)4wZT)AU zF~vA{0*P`utEX+omYlv%`1(O$4}IF?0vN2mrJJsIqfqYUCrU8p z)5MFkD=hW^dHBEG^XX&n`c~y{7hpJqJAJ>rn+lOOPU%p8fQu1(P3V&5d!N81T0K!3 zVTWUEg=~~a2~!@XKTO1J!9jizXvWrLd%Up?#XX-9WqF%xkvDrrtpm{oO#Z zv2;3=eQtd%AUN;F%z(}sy=T`?5GeB;*k;;nA6I6QD^Luahac7|Zy!?Qx7^nJ~9x5lpmyd*5tY&dOHWA!V+`-}LrdpAxmO z=4&JRp}pbQIhvxL(JsB{py|1_JjAFvrV4Dxx&dG?^;n`1VlF|%wvSn6 zXeK}wswONOl>!AG`>S9Eh*HS#n6H-*jq_fcwUfNNr##<=$NBWMm_rE*T5IkIYM|j+ zeIh~n%_=!03fB^=?=!K(V8_uD*|250thbNSp2vn(E{Lz6Uob_>k{KmG?`o@bd-s)Y z%&xpv*VS0vY3Ja(e{qv@M-+=CefO-Ndr}4sY<`LVOOP$+$~VII-h()DogL3Ww3%C# zjIux9O8FgeO5-A7kX8MNNk|3!RNV>S7pf%aFiXKN{kZ*AtsLxn_dQS@LF73zb&&Z+ zR_nR9V9VUI4b{bT*YY2pM?>8QW=qaFX4TC%Xwam*deh3Ba?XhtId!d!B z%Qoiz-kUXwgR2q?z}V|QEuu8pJ1Zg60VNl^JdW_NU+~X~$f97GsC`tGInsO!eug)# zUl#wVTG=yjv^?yx|4g;Px8z}k!4W_wp^Ao*);3Q4YDSj6S8I*K+u&Ncc65c)fD7_S z>DzK&1l>BT4qT{(HdVSeoRt3z7Ar*I!u{sBuW zgu=@VP*tMe0nS^pOJa?Yj-aVGyI=M1=@(M5?Vz>8+`g#Uu4zyPrJQboX86fpNF{g4 zRQitxn@Ca8pJaAgsE4wnHnegL;2n_jC1n5?n_T8{r&K=C_?XZgvtrMe*f9_jno%`x zuy3AYll1v{Pg`86{})`6aSQY$XS4L;J^EHS2&(%BCru1y-NGL`Ps|7dRO>SYv}{j^r)gD0i*Nuv}MO4 zW=5PjYWg%64Bb%8PXu0UW7?J3NB!j&v<+0oG`WPIaqYFjM>;l+PFlax!hV9!E9_fF z%io>uEzdDs6TGh;Y#p26jo-;%=`0)D5lgL!9=&l3GOfM|KiutJnt=v`tG5;yzKd6)rJTIK-=8qT~J~;Xo7Hf5G$n|$P(=^K>gl1|f#r3(1dp9~wFmq#c`Eqhb zo(L}g%ZifetQac8i*>gnkNrd6cr%2pqL4Yqy&v4A6%{Ukr6;V=a$|kn4}Cg;I@?9u zPBB4)8q7K(+c5YJbZe@{?bb$vtKJ1M0s4S#*-HEI2gY}%7my&|bw44d3C#n8NV-W#(x{E{tFw-Ur7sK!+4+bwhDYC*CVbE5#OE$_>(sU z-|nvbcM<0QbkH*i;Z8xEmX`R}9hNrTMv2b}Z*b&nM-+bQyuFz4e@T4XZ_Gf?ddrRZ z#^}DsYpt!Jppwik?~T@6a>P3uou5`6Wy6uJ=ZZ5gXqesyzNEAg)xMGdN;6TI+CQu7 z!g9kWQ(zXaG1Q~Ty1#sT)2smjaSIw^C{F&-O01;r`y#-_4e@N|`zspqoS@{C z5a=73S#AbqwHgf~;c16ijdv!Wg^(0^{YlSe4qWxRdvPutZ*G)Nj2UkFJT{ou0+wzM zqbB6u9N(ODh>MvU+Bu#E2(dSD_|{Sj?Q_POF=kb1twf*p^@C-boU!+S z^m6oh6tts{cS8FmmfifS)YF6k{Wy&&f6MKGHM}YZj~fS=tF?;$y^4A{wlwki%MnF< z7vs6B(3DHtlL~)VtOyKn@9ohV)Xlc>d{?tvuxVw5FC{p8(VAaSQ0(~i58+p@@V?&I zE-K#417yuLGJjMmZ~KT)y=z?r2P0>QCCDBvhM5kIeNmD1ZdPeO&l~fUD6@+f*Ylg)1jN&HrgTMnC?Z;3z@7 z_x9{_dxIZy-M0Ws74jz|q;w)V{_{0o-h57?E{p%z{zzzBX2|$1pOEf*Vi=^KkLx;^zyRf>VwXQKS(*sDnuXzDjy+h zSB8BlNFY^F!gq5msVqkgEM^aGPJU)|n`bRaBnDfICM9J_6t%3aK=oUeKHxuR3a{38 ziEZgntJLkw_`=xpLD^M+Nz^!@JY6)9w%TR!+#_GOiL&-8>fzq~jxqn2PmJo=QOa5R zY{rLH7UAoKo-8rTwhyisr9 zSq_Wib*cDRQNBb9OFcG1MY=j*p}oe$d9k>x*DE&Jm3L>(wzw4N7QM5&mGz2eNaC)lmr5?pw+jyym4^s+pL;?#5ym$Y347yX-7@ zUVyfHxmCh@6v6vKwBu|~RNtS+-%)Q<{tM6CXmoDMBf}^C?N_Pekg(tcIpXA_nL-w} zlaj*rV}>x^d9RAVIDs2YKGr@iUcO}4@P;YoW#a@}K~x70Wm{b`b4q*V+Uh6Q;cvvN z3uTKh$VF7rr6I4|8wE(wM$W^TuQAFqUn`3Y4$Y1RliXC*jFK3mp#ids*F3&c--s{ zE$lbKKeez@$FAxa*O!7)oPP;dpsJz_>1x7gG+T(=te!g~TY|sflt=Z>kN zmeh1@;P@vw^Yf8rB)e>Z*7wZ8GhD%oFwP^l5mT*vR#iWb{b#XIts^>6!3}eH=RdfB zk?tYx%i=$XP&phNDN=w2ElQhntuSd0=)1%q1@bri??{B_Z7DQ};*QBg<0w9b;It^d&LoF%s{EmC-VG$=fSwRb2_%Abl2HM^{KRYtsSr!N8DcI*`` zQP|;44lNirIq))dXB%^tafsSnabl5sJ-xk^JBX3Zq|F`PJL+MY`63s~mZKZ&U)!{o zCti}`6{fh`L___&SJ6JK5z*Kh5#dy6Zc`Qhc`3-z#b<``g&)R~UE16auD;!WNoqIa z(xqKR!o2YFw70l?(cj^F273CVs^`D&1hocgR-)O9dAo=6f#dLn;ZfgviKG;n1r3`Ai z$2&ugPSt_-Ck$6+JO}Y49|U>2*O;< zC%j8w?M_qPq%~xVGn$q>iBh&-pcNO`G;ovM8BA)}H&RBu5_G!nW{)=|HGFN%7lc9k zy?;CFaSFIJkK|}BxY1Spv1DliN1mWKDKqh^NNB>LrGDz!;Fb{Hj3o#eVF#Yu;<9i3 zG30?cCp^IRsv>VleU3e%YB^l1l(sEARk;-e4_2b>%}YEu?{|@<_UwDxSg5+Jn##v{3? znPiNlK{ps9h~`Y!p1tvPjGJB|(!LQR!%mP{U`J8n6r5(x8R;r@>cVx}z;E?MW;DDA zKGkNW+H7%c^wy5lT6i%VF#IV)ONW3{cQ(^St> zGeGu6Yz`H#tcY*SGpA9|4R!ishQucDCSp%>qC+-NV_M8n4eOizA!1i6CO(1vwABB5;TZu#~#v z&xK}&EW+f!DzE4BsDGEes(YOe@&E{QyTlIlD2d{!97pb$9v`;=XR`p4+G&FmKI=9J z)8$^vDjApK0C#pTdw&UU;wldc-BQWCfWI^CHw&!42&3=%uoOP~tb}&TrYoJimMxOo z5d&`H@PrbzB0M9!!I6Ov1EYg+iAbl|iJIRQcLfrRCkOdCHw=>YCWFTi6uzz;BIghG zv{w-APfG+dzT#!hYNIomq$2Y&nn!Z~oZA&rrUvlGU2>|k0(wfW;M#X#J|Az%Bs8EE zc@bW)%7Fd#IT>dfz#o6yIa?pxu=T@3PPNFr0NrnKE8xG0^!;s02Tc1kG&FaF=Kd|Z zNkvgnWd3DVR@Qilq4&XJb8T(lb!;dw{STDNSe)HnHQkinUS`~So@@^7``@DcfrAsS z$qxS!#JW7*=<>Qj`lCw$?)09>WEK~qrlzL6+_^8AH#$1%Qrb6K?gUUo3u-T?wn zfb4u2@LrMLd*=szr+3%OPOm>bR;C@_L}g1xVeO(h*DUXYpVR_HZ0~$ahN06=?Mm{oHQBCFnQr%To=|jsRMB7| zDBUk8Te|*5rIZc^9Q+XX(#C;4cY{#+zaF@`XrsjE$TNd_1h8$9cuX(tewCUw63=P4kXr7>m7uZRSq=&uB^h-t@%t@upjd| z0y((*$YaE`O<&(xW|?r$vPB{7TuHrR&Sx)HzX<~V*cj>@re~iI?-%v4h^u;7^~Y{p zR3$ew|5z8Tg*j7X$}vB`1NIMK zwpLDG*}Jcvl73UEnd_j*TNu@@I%Qp>WS$!>PQ7!xB zmAb*Yn4ip?opUd~XdeUwL~lLr`SBy^x}n4C!$41jyr^p-`~FhAo&H%Y?lj;?Hm>1M zKB|hV`l*XNi7hZ~D0m)#Hh?2}PT$KAY8NaHQOoR!UtjUp8`n$_$JCz^C@D*%TfdFL z|IEPs*dB@qO4Y=;8)>(HByav>rp=q2tSlcH!*%Rf^*Q6_(*_%8eZec%bL_o_tD7J# zt(`4wdGyW9i_KKkRgYb&7UT<;(Llrjf2u7Im?V}@glDz~bWy%Q-k2AG<;j%VXD}hS z=@EDRfkiAo#~aB)x+8Xk0~cHP0`uxk7WOgwf0@)@%TNBCkl{96YgdFDxX!+7-`0k3 zjjM`+ku_f=xm$^7onpiiHRG-NJ%EI2|M0#g{`B1CBQH9sT%IISyVal3sRgIzcxD`& z)1&kn^v3)q-bJ`PszHU4@I2V`EMI3#&L|@6X=fn>)7~f9ZqxrWt_}es2(&ia_ZM6- z;1PLfC0jUZ)k;XpB+DEGF+3-H$gB(96T1A~Kb=))68MRnjGBS9jJ`&|F}ribu6Q#l z@ro=R+QJ*C?ok2nU#3Tztk%t5_r`f6o1w&qJw3IV5;ajV$a3D|zUlo#ZV)02cYBS; zZ6W>p9~s<0E4x9dYUZ(ZqJ2VPNE)qMzO8s$!aFSeK{*dtbm=3d6S5h^xfOcoy1^n- zgSFtrShUd41Ld-vZ*x)%)|UK%VR8EQpU_tM4OcGhhW1a|B~c+_pC-dd#9=(ZW5M-z@N$73Y@E8i=eVGjb(c5i%@Z7bTO6lk%O zF84Ve7kfv>;!>_UD1!|~h((O64s<@@_g&7lgkC4d1~QLB_-0m)ZRIjq2B54i8D*VE z6b>|c9bJ-v9m6~FR2;ULv>yps1Zn!q7*?^NBEyd4VpEg4C1&=NGrr47v9u3RTW7Rf z!VXda1-}UjG@4cBRTsOvr&+ap*p?>iiP10rnuItQ%%U~K+~P8wJCjgGzqomjkYKYw zy&;JRHj8`2z%gzfYlFp>z$86;Fj>6r+TW2ucRIajP-WDD71W=8a1#1&XkhTmuT%YX zBf*tUQNqffb3vyq1IqE(UYA_s_VyJBbSfhq>P>a%;c4vgS9We0X1t=K!u|M>3kHQuzJ@IrqJkt}nFbTzX3S@zJePGY!vQ6g$L@(omlK;L1KVZcK{=-K5vka8OkZiS>HLK@Oy!(lm zW5YFz)S^Rfnpr4hvsYL+Dm5EG5}p{oHTw%s)!S6mK3nV4YJ|!xCE~%q($LL{TLwTc zVcnNip|poQJz_=~G(M#1iZkzKgU(gbl4r|2Y`#1zc(F_CmSw)JUjuHGxEY+yC7};8 zs6L|Gx|z%cp&)OWJ0dUZ&!kA2l9OM=t~2CGMmqke6sT{`YA_H*!N`!u-n#_C^ZCE3 z=;l(;h^H_Jnf^k^;-zFXSJ2h4|H=D%$frKHjqc&BpgIgwep)eQnG_mNCC;p^Fv+3z zkMxDG%azbn8|8wYo;g@%r`C#dP`cK2=awr3v%yEOuT&}(`n)O{6G5LIwFCS-)$a4r z(EofTp`fO%<3g}cF>_4{EWxX5C^q!Hg=2(ike|lN$KTyki|=w-)E@d!I!pU_Of!-c zQA!*>o3$=*d7$%tBrx<=<&`MN$>icEh?&ETOjJv;OIkfUy&^_}BZIl{@ZNJ?x{h+rUWNc&p`)OjN?0CK#1xf%!t3}7G-gDomBd1Z3XUWc_#u?DU;BV)yF4>X zij0hDP+gyMvkQrJ!O3?lrChAQJk{CVndYG1l0Q|~_RTL)N>K~zDEAj|axOz>Tj-q$ zGp5o9glt!u2TLlZVKtYXvTP_42?aL<&v+=eb_17&{Kz@c!{J?@+pb`@z9w~bPpaL? zCH+@KcE0#**%THvz`v(^!8Ygj{Dg9Qkq=)_Eupjxz-dAs?BQ;CN?S2b-u`#@+RQB9Yi(9PBO&1my$y$Ez)J8$!v|%dPSTA~{y-5n%H<4v{%|yTkQVQR!c5|hp1saeQ>2s`o zz9CW!?&+iGO=H)}p2Eysq?)`O3yJ9Hw_v6k6#lOzFR)}--1L&KqF6#-Ui%Ga!+2M_ zNTNr-APZQh^!a@(la^seigYwFL>pJkEa!T=gqBxU^5_qufI_-=&Ac0Z5zo8r$0(DzR?kx{f`fxcMn-@jnezQ! z!UK1*9uB+Bl&>x&iXJ;H+lC=gKvBZT$0p&tVRXXQ#%A^c2X zk#Uav{^fIu_gN{n3aD>L-&9C>OY=DZC&d$!vOsZ%(X(QDrx@W(B;T1WXx&J9J!7^i~6UZo2 z^ki`f)6wPRB&VO{uu;bY;taOGApzYNh%y6d<=Zv?OXEmNalg&M z%)>*c?J{W@nP}zHj~KXje$iI|JaRWMn8l#<`5nM4KVr{Y|43BaQ^5RhnyCIeugc%R z+W+!|$^Sxy`A-c{D!hL+KvAB464^QhY`Di3YNvKF-J+tR3@Yh9Km>0;=@by{$i@Ax zfs%{1h-dTYZ-T)s;l-SkgV)Msy3_c0^7`=`D zG=zUbQ_aO2=Uc{#u@IY*{n?^I=yR5M_2){!C%_sYGgje`npx;4nWO?*d=}>m zih-GSTcsNve6&-LT%?^hQn1ZNMua7#ZoO;IJyCV))sauECl6_)(xA)IvpfyxHZg?w zG}#Ys9BTlEXew}$*2GkWmt!S322Xj()nUAtQ~6>;;v%sA78OuMG?dppzwri5+J zr|y!wOi(u$RF9#ZB6vIaO$91y@Ffke_&3L1k$g?4!1c1~iE}#3sT;O-@cCIeaiF`0 zUw~1UewZ^eYF{-nxgau*)tWA%_vpxc`x>R7grIS^5HTl zb@h*5CEEs{^3peSdgK(8w5^ko(R&vSixejS=d%t31I1S2%;PI>FNjaU9>LGp#t85? zrI=(3;RJ-rmH>n+Dg3Q#L0b((9bx>L)Lq}8@VYQIB4SO*xB@-}+FtVm|78Z51uQE4 z;ajEb*3OTMkXTcix8Hl;9<7>0bXpV?S9O>t@EcuNc;dd9~JnAxvk~a&~k!;jBl=5Z&5^A@X)pL zV*d*_vt~mjw9B5z#`<~KP<)0R>wswq&oO1(deOF$o3=98r@SFeF^aO7A3RG2xK{@d zImG-F#2&a<;fnpqc+V5RGDbzFn(6iLn^~8sUwyNoL6!;osQWst%L;-x4)=U?{6of; zMz%ZaE!6FE_2rMBb7*|l-G8NU`514sx2v^hn48>Pi5S(JRAy~4oXHpqlp>fe70jZf{Yc}KIlci369zqGEo->L8!BIiNE2*RLg$Z+9Z{M0fC~`fs{uR;YJ(FaUR*kfl z>suP2DQIDrlGHuU0hz4lr8oRGpFfE(L}p3hVI|7QZO z==cS3PV1oW+S>a)WmY_O5iez8)Fbcw5V|pcmWP%7u&|ESY!x)1;N#Z44~d&vqudl2 zcD1w3-^Jx97h&3mf;bw5XVY-?SDd?4x@|GFJalFS`EQLOg}Bq|dPBW7fQrxS%(+&= z!F8sAyPzRkIJ_2pTeepnla5;3CJq21*pKuSJrh(jpRw;SkqzX3lYD3u#}8G7oB_t9nl zKHWHBa_v=JZVb7bLAZ3ml&?UPV{Ib~2Z;s5J#_ARzS>x=hc*Q#fv6~%r7%K9QKp}a z1)6iU++v^+27?c)3%XlQ9le9gYaB@AvJ05A1y+`FuLp(tvej%|&?-U7Bs%ti89KI_ zx4xz?`t)2&2uST2)Mei?bQJQ8URzmIQw@NpT&-R|Bq;S$C=GE$kk8I7Kk#o!%7W$i zoTHrEz-{UUFs6xO~%K^BgbJW$AVU`Fq&YizoVU7x;`@15&;>n zz2QG+8(>dzadBz7xk3V+Q**aF`06e5Wo8%;yp2*jOj&IrnO>2P$_plrEw8RVBDMh% znYiEcz4%xOUkkMt=gfyEeN6{Ha~ep^m!4BL+_6G9sVoIjZ5Ml|3R!l40gfz> zGXK+Z@qo#6%cVE%?M&p$fo}0`1?iy=j*}k;{QiZf?f3dF0GR)2e0N1(guI>?kD=h7 zFaTTsVUCE!)k_@EuPhzT6V!HjC4-;3ScCp)rNqR))jCRJmR2R>rs<~@5Srx3*;D~L z3(r|tBhNN9XRbPf%_T9JCV$B5xOhLd9#5Gs%yVAgSnpj99JoE*mlkpqoI!%t@hdB> zv}L{U(hHYPf-Y!%DZq2ugO~-PV1*fu_-YCPcDea7eznYCF&#D2Ii1uvo9yfK4_%(D zbTX$DZccs8gAR(jTKBbV?V^dq-`Gdl28ciV+Hq|u9<#anixo0OR}S)rCRoCobfPXK z(rn5z%|ow|>pEnN+A&p8>!AbH&0Qj@j_7We^%8S#!rPW!zFfbcOq6XB2D9YM*|&%K z`D($nPX-%Sd*Gm5M!jyz6>bxznRW&Sh|FQF_xsV@yxZ-Psg#99%zouTa$!UCL6*Wu zk6uR-ACZDD_vE~n%kfvCrfnZ@)McT;sV>+er>#Zp06!^}%=iZvF5nZKDjS|Ge(;x6c-H;|az9g)_&z;UvHqVZ>>NJXibeSC2F_#rIAc z{5}Tj!pYlQbYk!+XQX~bTf?ZO-uRfE!^@Z*W=A{6CS8r<9J?`szJ*En_0*Yp`?mL#&_yHjR*lk}>O&h{M<%%xN^z;9k8?NdfoFtd{@O`72f{9`WZL$n^MO>Y>*^S4 zg<%s7`j8pD(tQ@JI0QVum4YKL*jJ2_MSY(Se^a_YsTAQ_ar`k1nhvu>hHVEC;JLr; z>`*sVa&StYRZ>p;Xq21vfrY(4wP5=oy05@vi*CHz_!L#SESQpT@zajp`)726&gSt` zSIv~6-n~L*MH7J4$JKmyss-g!zGS774eoct)he2^@P36m>;#9e*l zwMii4j!U`4>d(#cvTe#xvpU8K6gomBBja#z%UjI`KgibEMs#@5=ZB=5d7o3j#FLw9 zif!XEp2vITm#}kidYKe0S;5^CgDQBYEGKy7+-l3Ws!Qq*eX>FR2v|(hJF|bU2x{=V zkt{8V=qa|bD`py>J-iTzWQAC75$$rNiRfv>mmW=$d5mR&p2VV3`l=FG8rX4-y`)XW z8bB4AIa5?!FhT!DdgEcolBc`a$iq-~t+ea5nOha62}j(L&&QJ}y(DeWKv{6J2bP+- zDZvAj^{R*PVbLOEO-%L}}S>eVY$lIpl`kX=hgM_kGSW(XXBokM8G*_Wcu%=OILtTRV<4Y zV&&^IPH{a+s+8NK6$Tbb_&_&RE)wF;-fc%~eC=>3gZq$W_p-81GM)imAkLS*^7*x! zYpc`)ulu~S5Mc|}W$&b+C*>b?M8akBR>L@%a51}uH;D=?MxR*|9O1$l1KC5I4+Cun z6+khqJLo(EF)NY+?QBdwcsd@tMPwK9t|k`bjV!Qw*}A3VPG`dChdV zuB*%?{nb*yzw+h$vmb%#O!)C=!9NJ|#>H8BOEE3?+{sB(H_}#*3nnt*_2X$=i)$O3 z=&wAt#Q(vMgL5g&^oD!ksi{IAi%f`v>a*6S*4DDt6Y3r+K?NWi8(Uf)xSTXHxj&$5 zHIkv_e^z95o1NZ&t+pY6W#^8@y^*Q)XC8+Z+Jp9o| zz282dFgW_lT<{+&OOC&2QB34XW^K!GUcai_Ixy8d zXmZK;di_sBPx^FF3vj5%{v5%uP@RvLeNW;Dw0^`UKEH46Oih{3D3O+YkMiiXa^H-Et|70x`WKC+oy4+8Lt8C?44XlKSYS1ZrZ@Q9)>{dvv7FWRb zT$A`r7dM3i_tG{fs4AEm_p;`4YP3_!Y^-jCbCcec?Z6PPYn>fR<*Jz$T;Gl_O7@Sm zt4b|R3krtC+)&=c%N4LNP7r*N)HGDrW1#ls)!=0TJgEp0H>+Pb;F^OQmcpTSMtmRs zvJ$O~`Ht%eGiuw#@qx+EH>&0X@L;Hd$cYK#yO+^7I}ulNW>B*zS4x(jFA~|ZbM-w0 zj1Dy2{Y@5UaY7M&k2j9#BH|{uG$>Cu<;-zG$Np2q6fMm{MPV=P9MF5-<89~IID!1~ zeEun}jxnKO)FIWU!nI{z@e6p2B&!6j5}oj1nysISt{w*D-76@31+59m{2X0-5V~zi=W4{_gOJ9$n4%Fpmj+H(C|5UG`UT?^0E`L9FyCm<%d{fsw9N z1J@lEl6q+=wCm8=dRN*D0t>OlbZx4t;A}X#9<`9>FR^rl`I)TE7!nr%RSyYlDO$aP zP1#ABu*)GCk-zHK1jPO@H#M^pj$0Iz)LiZrP=*lbhb&Cno%itgJWsR5Wzv25{CV_K z-Swd!;)O#6{S=ZUX&w!wXWYdzJ^mhz&GV{d&qTkyx|rhw+JiTcHQ3I0f$uIq@b@^{ zyL%o93I!9p4ZBu-j-tPuY@JJPBty^qGzX(Ge#&5fU>f;V>mmeRx2mw-pknT79lW$cSVTmEc(TYC> zS<#v?;TcZ;A$7KHJBuCb-O~pci{3oKUAQzLkqI{{<*!jzfK^H@qyTT*?sXy?vq_zm zY>xee8jbH9%_tPnq6Dh$F)Mi8o?q@kHziNrO#gapZ@E{$f-^4!|B-UCUTW9D+|U|udCNIphCARmdaK1B1&yf z%G;jQDKb1hoxv!a3B#Mce5c%tSApi$do} z(N8(g|3#me6Zdc)o#qE6d^X%PV}bDEwabmxUAG{#GBaVCuh^TWk+6Hgz?)D`dHW=ut=)PR4F~5yj)_dBs!5`vAw^HLI6!>|cKp$B7 z2u(^V7Qz>&R2p4M)P;%4#@~LmwJie9Ta(l**0ja!uDE1|$srUr#5An0C-;xb!s&0n z$2=c;6traHGBg8i3CdYT;D%Y3xu(CE6G`E@=yk)GKSKrUZ2@=uam~*!E-9aEj#`hc z6_TB#?ZEkO`}DFPbZoa$OzX+|%r1q&7ZnAPus&SB2j^tq_9w?f|LBfl!@e1U?!V-y zU9W%2DG7&NNofR;4c!0GLG-7v@#~!6JIX(uU3iq%-&Uxd_SUm7JqRgK2eU0xxaq}z z_F1#r`@2JZ5SOvL5X{9VRHE#!S+`y@zR$zz_d8Jf(S!s@%)6sj-?x2Ro8pbYzxRXx ze+H)iPty|rpPmKqTq#RQN$KlPccZ?9m=n^u+U*~v!hrU6FG*b;bR!I7`VTtx;2DrR ziPhZO+7k3US_QJpUIWDgVyK;q!xdwHw40I9ydk%)&Tc>xYEl?|UQVnR$}Y?gSdtj; zo6J?ObKCQ60H+dI^sKDOS2;{LG^q0|kd{oModIh|IyyNT8P-!p&2-1{i?jk~SWx<& z3<05;eO$W_inJB|X~O&ysDvKp+og%7rK;QExWrcdC{m<1I_}Ne^y-+09rl{)Mwc8M z1_GV};P&a>cKM=><}r(Ld(jcdxzl;$U2BZNA3Zq1U`g6{tl)f&PRj8L0 zv2x>@($ezk)&}d@lGZ6Hj0$0kzQ(DLLQ}}bCuY2^mWFOVjmNB-W5KM#|IV&Z1@98$ zakm8AT?4#3^PRPY=MCpYCZS#&EsdOxyN*clCk@KN+G$g_VKIJbA$FCp&P}=Q1nj9R zUq5lW@ioHzdE%>szWDe)W%2A$izd3N6t=@)fQF6hQJ)!Hf9t6yo27}Ya7TW84e&(i zCSkh+M(Tce3HD~7pya1SHkkN+3V}(bb>$`Nb?Zye+2rHhjUwmR`o4H2W%tOCy+keb z?v<18_!))DO^oTJFHd4S*LZBpwmN0|=pYqN#s;PBf_qbfj z5(O73(gZXhy+{`jB1%grk&@6+dI?48En#5+DGDTX0xWt5X@N*nk#6V&DIs*E_ukG_ z*WGuYJ=VQrpEJ(4^EF>G=gi1_-}nDK&+nNmF3GKXkiYAXtjr1EMSH<531&;B@deA_ zDgA#UFD;lSq4rL?ZMd$`FFGLc=c*WRAWCi@KLnLvLKPh?@#Z!|KTdA5`IqVpmD+ZI36v z9GUw?4a{~%hh29SoE&gDM^O#2rlB7MFU=jH4{sKH;V$58v9iS1_bqHh?gKp|3Uz`i z8Vd4R?SkM`fYA6s+=WlfFMaWw+&(G9P&eJ(BQ>Sd`-u&O-2pJ&*q)DRL0+2i;q%Xb zR*%*};cIFwy`H;S^s3#~2MD#Q8pRp~ZFb&Q3$z`udl$4&_FxnEu9| zaJzilBpWsBL>CYf>l9O2YFb-37X-SQK;+#XN<1-|8ad8i%h9Jn{>A~kYl5;`m#V}2 zUNA>&1X-`!pF5xYQes0VT#Y{_2-{9kPb_BZB{xaR#+Xc3#oWlftYsUW$(^@blS~&} zSya|3)LA5EEijkJ3+H7j=v$sRFl>WO>!>^!qLz2|e2rNKZR>LYu66j<)Yf@%i!7<6 zqt!oKd~0*x6BiK3=bTIV4rMc5B`)S(VdT`BH2HcLidy-HkJ$IWMD&?g87?H|+nf5p z&D)>zZvqR69t9d8MQjDa?+h^EWOfPSesC?$ph`XUlk~6U>^X9{(vPuEjJRMu)~B`Y z(E>cgK?Uc|kZ=iziqEoC@Z(I3ShyZ@*UrfDaiM`SDCv5X6A-ucbZ{Fpk9`|ADsPu0 z`1z3_W#fif^J0U@w|zyMmZaoz*+>ZOW4>&Nx|A|rai2N|uNb?1IHWx4uh}A)12L7W zmDMTQedQIt1nP(w@3Ub{1kP23jSA!{ph2W7H^=@Gi~aB11bL+gz`)J^ASRBknPIUM z!G8DYC<}}6Ec4QClt~uKO@m9Q6-0n8czrdg&`>FhkK$vFAWuxSq(%YDk$p@>IbjUS z@&%=({xB&_8@WozNxaSjIP`j(#unH8aIxYDO7h_jmcHfPvF7dD1F-^`4awUCKcUJP z%@@%)6UWyBvND4sO85z$IEKzy%-Lpc#s=(BYiX%DW_*cUGRK2)iPr6$43ddPkb zSV~tELYO)K;**KCv7XPn_D5exsiO6!G8(?Iacxp;_X=a6d51h3(qu^se_m-TU4s#Ij1w}39E zJ?qq7@r+><@34V^*;n`GUWBa#mM9Vt$2U+D!Laze%6Pt`O=@8w3=h`<7A>jOrzxRJ zG#TC8+6*yZ4|}@7=&o9Yl9AP~{|EU*@L!aXnq3*YwY|Ig$AK8MDICttjyq4aW-`CDWCHLwft8#Fu|O6RtYOyW2*N3Q>r_mh3ZB_fmnjsUR1s`D-P) zcH?qoaq5_gp?x1&8Rx}c0Q9k-qC9K;84%oapvm$3lI8c`=+lab9a@z3{!UmipwX|n z9Z_)vNF^D?0H%W~mS(sa*n#{Vhxl(KkAHKQW|kS-zjwdj+2VVB#F$HR8kzOa?>T`K zof8JCdjl%P$)exj0(0rUo8*HPdK#*Fdv&8O_IX~({!tB$E}_@ewpx1W&N;%K73Aui zwNJl$kmR+J#jVvqd{o{n>-vMQXtAtfG&-Cssd6&CgHH-Ek0tB@6#m|M0PP*IRk^Fd z#qM*ec3=XYrvFdM$G>Ddqtn&Uhw?@Q>n>Sp9^;Cv$ikI;?>Q(yie|4w^wyQ*RM}B2zQ<`f!F4-OaMj# zFWH|!w6G_bg@srxa%+ zp{NqbeS=j+LzljzSTd^{s_H*EZufvnHB@MQ7@FWij?01P-&g0~Z+qnEB6&I-Eu+U= zXp0YE$cWrvrbclZx2lWXb^}L>O3YWL&+3v!ldjC=3A)Y?WF? zJNRo(Wbns4y>UB-ik&I&6AQhyF7CcZPXM zRDP{RhgtxX0G|ZD%a=`4D?i(r7XMlI@aXzXLXZWUbsp{@@KkTV;Buj;7)g{Vm7Dc| zW3urh_L4Fh{=~?wzl0OiH;PLaK%@ zN{v5F2C5SHL};C<;?JlRqp8xA3l8aXU&rcH7b9j@g%(+6Y?ZRu^9wrEP1KOXrUt2f z!;b6SS1vp(=UPbw$f~Se(urF?&GnF_?DKvaW<;Rh%75nFNQ>y@V|ZE0tF(cm{!g%2`O!vv^&ghw4#miweA;Q#Y>i=b_8b3|!`;m>zLe8o=qK8B`jy>k zgQ(Wkt;jd~!RHMj&}ihzu@x>YV_5C2LvMUbmo`;|`AX`SvvD>kg#(`8eTz8Fk%dGY zS4AuHAMjcIWXD2L-k?NQHAQPv%@|EfBUhHY0YI4cyK{)ESnaU#5Pz@+*{m@<6vJ}y zotps<>g z6$@-bY0qUppMJu*ZwGTSbmD!-iMgmX!1nds_y=y~@(EioP;6N`RR=VKDEcUdzV;ZQ zmf42wg^CCb)GMP!JtHWC;MTSZ$n@Z+R!P~JM!9yoL_o5T$PDV--+P>BrY;=ab}k?A z^7f521ttN z%=d?PH9bD=Y-plh=3T_2md364`5J$6bLr~UvwwfqXla$TyF7=|I2)O@i~G8gFQ^9an-jWCQ`x3urm~^dLE!;1#No&8_+R;q;u`bo#aTTD#ZeYz3Zzx+fr}@Lce<*KBOy7C>4Dh+dWZd zu5?M-KPe-&t3g@J%VvA@U1RMOt=m(xa1E@X$)EJEn%Co51?g6u(9N!r`w@0is6!vh zwLDNrDXs54kVsamj_yN_%RcuCcXOJuItm*U*yll#4cQp6DJadnyZKv{NmEmZd0b@Hn$zy z!#(8Sd^VMid7T%dJ@@Dbtq1=cP*@3ReAJY2YtNUUq$&H!-D(j>8A2Ej+HkN;wd4rt z=JFY(n3@SYIOoZAPcyDNjra~6>t^PA|GhXe2WBZu&5G?yqsSUYrmb6EfA`NB1v>5M zf5|8S0pqBSFQzQWCguXO1iq}lWDxnXV#UPGS0yhABUKMY_JVTPBHm23emN8o-hZx+ z_Wzkt@IzPjz8RvHwsFfGsC&6}wn=|R(=??##ViUrLz;nnJgZDUu&`;QLWYV{QFjW_; z7KG(}to7XX{ZmYVdTc1Y{5wK&ztkqWn8?XkS9#k;Tu9Pdc;e=}Cw7B|%cK#1D~fSP zie#i`P(#(2qwNOF6X;>+au6&F($D-M_}G*!VA^HrDMIM3=*CQ9A#wicC9LPg(r|0R zw`gY#rTjyQ!^jLpI*{Zwh5Dn3tUFdFAO3$Ki1_&V9xAF!FCa>adg8@L+IIjqURFs_ z+sa&$JvJA85&ZRei4RF1i#Am$jC}e6kLIAnI##`ZE?-ii*8Vip{7vmn4co(|v!GxJ z7?w1zRg;vuy6RNyyt3_9Y-6b{Kd(A9QVewOm=0#)y0jK9Xx1qRZ^iXF?1o^h(vD_w z$DazH8-NX0RF97W6zTd!x=I3GP5#>4Pi8cS%N)RrUKM*rLD%1LKTQ$u&Gc>{FPKN` z&~w7Y%*qUIXvLl%P=|_;tc+N;M|3Z1qVKf1X-C#3D#`*I#?l0&j$wq#*=aD+m|)IlBZqi%JSx?WYELdS{W$ zMgWbxKfpx0e|#5l%y}kO>tS>=a*;qZuMOXAn7Wd{;f|gbvTKWHxLXYcP zIx_a(J9E=1O!gV1Dey+A8du-9%E<%Y@+Q5=EE%vLm;us%!%vvUbXW?ZS}b4(iev%YYOy8Id=D>T&Lgy$CVULnEntM@x_4U+V7 zW})#-kc`4PLJ;lg2TH)y3NsWF4`e{5emM+*e6ndT9H4d`Rsw|>6=0<+;hs0{{mJ+^ zSD>`)i0Lqs9IT57%R2a&J*3;(6^BsE<%aoRA-MC@a9WHQxY}@X1S2{FB$%=kbj_?z z=1JM!c}7^SZS9*TA_hey%_J#p^%nu&y+6Y2E+gUJS+L#Fw*tyw;Kn{M;3(Ytknl-9 zxKMfy#~gz*Hud5~wQ*SA9lQ!wJ1p(VmP~MmZJ<|_e;bpXM|V_2*3_P1e+-m=1CZ1> zJXlVro_y5iDSnRX7sll3#Vznk`V(~Fh-Y&<{|5Xw$32yMA%1nh;T{EGty~tnfSQs~ zG9MG^93?!tnahL1IIei?WXah7N{arEUzj-$QuOu)2`xAiw&EGQ4T;Vzcg^t$) z&8zc+T_0L5Bpj!)|9FteIZApPot7LPW*#V@^s2ZZnS-rE zQ}cCvBIB(Q&xM2T?TZAc7#{%rnK;O4>9w#OW4$%9-!lL!@PH)2)>l)VzJ1a%{B`@~ zxly((xiP)EGS?Y_eCeust!NXWQbYLihuD7XwKY8B3g6OOvf-f5@j;GS3wDB|(-bN=*U zCU89g#>yaPUf`4*vOe!Y=$c-=D|<6wwLfRD#5msz8sxCK$@;uQ`BxDW8`C#Oj~O?o zqxz*Ud`~hd=@s7d?IoKpJ_E{R=(cf^E8VNSm1CE(g+i=Mm+t!^k&pF^f^aW)G>s4M zD>*dlDdSQ_IBqE_D5Ab|t)#XfbSS&wN=0@?o}qWg$GVJ*W9nf^iOA)UUS}9Af~|T~ zT9@^$dMELu+3<}a-5By`g$so@!|G*XI6eQk@7 zqh!hZw}DZM4Yx9ngLuV84p&9gkLwt#h+XEpCzpUbL~l32aK$h%|43o@RiM`4f=qKw4bVtb2>ZmGR_6OjI+P*iQ0NuQ_j<(dX~Oa zo8Aqt15D;>Ecl(1whm1S* zQU!8;EeU=O^ROGuZ_ZNPZ=EI<57(JiUIX878lmr_$J%er%2kd{6X#h;YEqYGUomcC z7Cho&`YW8S4luJ?$&V3-d3Oy*^l~KUyM#xL?AWsEZ_)RZW@-mmfbKVu8ArxaNX6`n zuLgyugHPUW?09=%@{HWAOdOn@Kcx(l0y!rj^x8f2Sk9|%UJcZT7;8Ohzb^ysBPTxiiYXUKeBrY27By%XmK zk=clxm>cLhLgbO_T>1#QikYE5qWi+ax3ZjDQsvV^mS4`u^U%-9KN^J1bIaO@sIv5U zP~&x%D~}?d)w{9@!D3-MQNw#n+H=d2wl?sl2Ke_;@J-P42t_)9ruTVcJ19MRo;go@ ztUkb+WW}XBX!AZFqO+^r#{98+rQE0vvt{C>1VeUxt6~`PkJ!X7W9lvaXclY8Q-R|} zMsndr53flMlUFp=U@0p&ZsL?!$$*rETma|QDn>ii5msN7=NvbMJ#2lW0grp(cB0q4 z-PATLlhrDNKQikXZ-Z33y>|u4isKcq!NIUtAl`dHUezU=5wAPFdTZbg0H-<>cDW zwvQ$zfW-b^N(}t6c4_oky*Ka>{;=&9U;7m^lu{b8`SpKhEv(&(3)qhn?D)PStm%P7 z>-_g!Hzu1_{paMIt5{2cH`>}Y&>2mO#Fvsj$DbNb4;v!F!;emO0d(Z)-eo{Jpi1G+ zl)?Q9ggb9Aw11Zps8W1Sf%ZbG(^FfE^WVF_&VN6SoTUnB{$;fkGou20LIqLQQYwD% H#>@$pH+VZpT9Sp_-4-N&7QV+FiU4YW<1*$C9-hHJko-J6 z56|=l9F~XdoH%~?*EEh&D%6hJoJV!8awbO5YaOxzk1+cu@Sx9c6c z2+`3VylJ8Hp$|2+Faho05&>~*+msbY%WSdd78O2ca9m>dNadC0^ubAgPv`W+D!YBP z2e6FE7?&tWo)0HiDCy3VT8W>_N-iIJwoDBmDq(Wcz21oK5fLjHHj2JDAf`^Q)h7Kg z<)#Nzf_*JyDjykC9ZO0+JzQHU;L8v2Bw&Lk@CIA9TDNgV>VeS~RkT*J%N(`3Ou*^5 zSnQAxwcJYdLX&kXhI)#p_>&GP_Nj;79y;Q}M-FN1W5MawR%S-7x6epJYWeG*C)hoL zjY2}IG}&<*caOOT897F_uxFE(X>JFz#4UH_Thn+aE3V@;$r&81t5C;Pgp?aLCR%+1 z+-6yXStSSv-9}h7fkeE^0Wy?D1f$2ZMGi(Id1M$^Pfw4RapD~^+A*NzCDNu&R)tPJ z_p9r>7Jovn4|}FKo+aS~TUQ{>Z)5#a0CHfHA*rMzJkJ`U>l6DYZI|{Aq}j*~=rwF5 zV8GjhLx*y!)-c%V-?ODwIxW|s#_8~*NQ-m#G|>m?uD6RDmt(+S3j_Ow{_@j-alY!P z*rG*mYw5ooY>qIhTDLLh%0I<9bxO!U-CRPY76g&vzW>S?l%E#@2CwR za7gt=yfnJ`I#5f6F&g=bZ?oc8dPQx!S9-ynmS|Uk#L$f!A9GH2M}~&bOj@dJbkR@; z&U5iLM`4KP8x!uNi~kLQIDYXw z&!-P6kN2W>x!1%$a@cW|YqyUU?EOYq@vDBQ6#Fd(NOvy<{9Wohm%Z}JZPO9Vcwfc# z(DX79p;G7BLR*q=w?FNdg0<216VkF~^rV^}AA^L*)3FcPMMBi3tf@0Mc+Zuy0ttEk zbk|Ksx<*+$YcjTTWF?M~!n*2nCekc8rNyP1)gjXa`^SH%5f9eVrltgLli4n`>%fBF z?StEQ+1sj1VPSZzeUfnwbzcDuDFn*KO%IR9t4cWOybKjVN7Y(VbqnX@A&W9Y9?=z} zPEPev)F-<=MWVTT7e*#wqi05Pg?hfLJEQE`9+b%~V!&#*LH_8jR)Grh0YMX?`zR2f zJP~c14v%FibG9^3$o0+-c%C&;Qg`Maoh`Dbc28A_vZ=aLqF}I%9Ll6P6D9lkq$LhBeED?U{rv2nei*QV5Ia)vP(|sWlC!^G6CC z{p1^DHF?d8>i8pSuaX)h^#SFk7S{XRf*)5f=VlvtUoFei#?8*{L4MfI1GD6w_!93I#O1a^gUW!6#IS?Z6-u-d{rG0_Xh(er|b?tQ<>+_+&MDq7E&=E zLm4UJZ^Pz<`>psWMTAeq4h%b1RkjyBzB1Q*Rh&GZ>vJaTwh5#0>OpnI45Oz`d4VI` zpK)UqQQNqrRf3y{dd6=%W?n5vYLDIel{(=E(e{M*y25{dqUb<(OjFLl;q;m)MR(qt z%YL_*Z({11KV2((0#U6Je-w4JX6&Q)*UMh=daiEO()Q-=!74pRUx_irr*&2 z6E^U;r!?xkA^jJdX&~KqT1=d(H1gvEJ*74Y!#guEx3}Ut>?kR7*thMDkM!4j=E{7I ziiJV%3iDM`CbAk6x~IwRcQtpG?08KLgPem3rI8*=RgJ&av8uc?0^cKdpE+iO=p8yE z!zMUJ5A!BZvZxdm6+vO=9nc&syrJqc zV`pJtkkf`RmY~IG*uQo5t|5kP5ALdbV?z3?E44`qNqNTwue5X9$b&vz*%MK-1CQdWvyy# zk;_pXtgEL~Ha{2ER(?`*U=QwY6*xrGmm!=rN*2gb)r|1f?xD|l$d8ci!HXOYTL#;! z1eHU#{c;HK9_`1EO9a+b)%elR`qr2jg=ar-$TSKIJ>F<1aVP)0+UhLEXKFHQx3Ui; zbvxq<8kBMOi~Jd zr#-aU))$uf(vI6oBMh9zs9^Y3U9nKvHDQkg&6ZjvhadIuuK5?MgYCzyAaS<}qBzFb z+vV{}nA4~0PXtE!rPxHap0jTE+Y^q~3lIN1&rk5YX%nA0Y_C)Q?kTl8+CyGWT6mGa z3-V-%*M`%7QCca`v+1&uRUfr1@-`fIh-m@@l4)>?+Im z1p#-Qb11h470#WWnfVmTJ#wX!dc@TqJeIO_?~z`htFpJqbkd1dAq`}Jh5EFDFrVs& z$=2M~aj{?%TV;+(XyBudLA=iO4s{T+a-3@|D8g4kb)xbJ$;QcTyhHQVh~(}Y9rH&W}NriF5q&PJ^%wF>fY_F?}BiViYzkIx72;ngpU+l94x zzNgk%-X3o#(0XMM38^l$ZoaJg#oE($EMnn(L1%mz3znUPfSc zcwyA$4aeak&q{t-(1FP%5codG5BimKXb z=%s%C8Fs1#XW|BQ830-1Mwy8_&*tmu=E(5((Dnwf;GwX_urNmB1fUvRC6~f|lTA6A z=Qt&ux*Z9Kt*1T9cv3L2Ysh039*BMAZ(f#qKj#j$wfe9hX1?0ngRA;Fy6@h1TrrvZ zt$+HqiT4%#x`5K{avrR_(;KODNWPEMP@9pOGdlIqN7v-i0@5~maUCzz8{_|Y`1jsc zcd`4?Jp#rN*!Z~0g|VFXjgTu&Y0=;NX06YWX!z`dHO$460nsktGxS%kDUi3$z zZpn$U^$F*|cJqPD$Tx|M?A94!h@SU|fnUP0ETl$nnz868$*-H7{5h~Y<+oEfP$=~< zuTItxrTtkERh;Hj9nevw@uG@4ulOPN&!x@x_WcRUPVD(MXZr@$RM*x*`z~`P3dAr`gy@0R;K(LjhdKOr z{EX2hFOXNc>s0L!+nm;h+?Kx$7{h?bVT~Q(jnc)m**l@dBzD zYe6kosp6gsMQi+BBCI?XckjEz<6^sXRtBuJuUy8=R>rSudVkbr^H@@0ehk-q- z{7lrQ)JmB541diZmfpN*P+Mn)HXMaEjen5XQNvOj&2R zz`mjRL+2$K{V!yDXbpO;d1&}|#njY(S+)Iiw-==8VWwm@1LsG+{dCS`Dx_WwUM-qs z|4sly`XO=Rnf1>?sKo)-)@qomHlg#uwnLRc(%H59m?g#FV1=x*guM7m!7(3@bKE5# zJMIe!i;VUn{J6MT?Sznhl%q~T+dC=vH%rcQh?bmxp5RcUkXHBHoEU|zf+1h^h;^QI zH8|b&8i7tA+|V)z_xuB?;Zpzu2eEC>Ks}g05*hPYal+RWu)|Xohd>LUV_xSltB827 z6q9IXtJ37qDc>PaR@Vbi`qj}<0n<&pE|z_2o<{x-u_J&w3H7h#j!J&`Z$k7Luuy0=ZoSaPJw_ zH@Ma)dp4h)F{O+y*Wjd#XW1auHW6&aD=*J>QzuIUxBM$-4O4x^HMYa-(GX#Q3*Wkw zivwPMj~mlyt7y2B^;(s;U2DJ!@pDR4iY~fvcgSgDvo8;Kg%I%|50BE;3cVYb`N`(T zH`?pk&Eaw3+xf9@LTXoKh)pL>o8Z*Xzxs&hg7_NpCMTiuAZ>*6t&D!+aTDX% z9%E~@_5HY)QlJS$V|smJKY4$Ddj@pU6$WYYp|Z?s&Ek-*oac=gfJHwF7v*q&fFphKrl4WHLsuwct4!6s><7YrPu94UryDi6jcDCnhlI@wDze#51DB!O;cQ1 z?RJGlj*Uc-;pai|qP-pvLgj9CQ|B8?cRbgM<=#NayBR&L)`BeJn}S#=-2)b-rRyL3 zaDjTUWw#VMEJ9AO>(f`emDp+*1ZAXXf z(h7AC3TG#j{lR{35SrPy zMV872sLA6o@o6QU$7?-r@0PfW{k^|^0<^S5T-5Oo{e{^}T_xBl7cYFoCSR1p#iy=C z>k65H;4oYxR1SHC6$QOxLe?Iw50Ybeir$ANwf&m?yNeMhZyi?99LD*pdnv#_Xku6IR?EZ8Awq9Zzp3)HCo9^BcMoND;qS{ zQO#;Z{|7#^&zeBzBxXEuyBGtVvK7y26C-r-@TdoxdwDI@dktKFW?kaESrcJ+kk}#t zd*jEC25$XuK-vjm9M&}0{<2?0c-BrErAZWM!PfZqg#pi6{2GO#ZE=hiY3i}rO@5xT z=Yy}U^}%(uwcx-S**IB_!LM$yLIp#8QJ%r0NdDqi4xU%)m{?%jn=1ix9c#k-^_o1N zAS#QbkrOwolUMg+7G8HG$2{sPycS((@c8JnmY)*051Gq0@io1phdid>|B=VM>wQ@M z_UQkJ`aIIPI|Tg?Jt}h(=5gzPWb?o2(*G~b{QouSQm<&sa$vD@cgZ*}YsRsU zF21!ub%v(wxY&24yuQ%)ZFkHO7hbLZX53-filPU6eDS!Ks~Tj^&gS9!HGg-dlyEtZ zN?Np|AHThjy?TS3SpSq2YJADm?OI1{{cfs*#koeCZnF1jp1|)n87V$O5ctCPtyc|` zZmtSAY!`JdK=w{O{PUa5oMFYc2#Yxx7kB$eh+)uKdwUO@-*XNYzBc!McM+=!W))gx z02Q2fTkID8B`NAEwk2j+tNB+PbI*lksiyS(ss?*4jr0zbj2(PfT=sD}%u^_ZlEEw2 z;uw=OuL7`0_TY<{R`hhEp&wnYk(wwX@_qcfbFkx@)@D_#W;yz6!3d;`IKvv}S6CJH ztf+mDO<;YnA%$F@d5wYdkJGpS^{rA4SV8N ze(VAbWB2qH(^k@=l2lx(2Lz^Ma!XU9$~O%wHB_N1g^Twg-Pmz8^TWy)&Qw}nGlER4 zPViDHK`E?{F~K{xImV_Svz2n!b?R93T@>Q>QODIcC62wy#@F7of3F#7^<{?!zH;)I zGKx1EeeIYQ8bO^XKTWQKFR*pp^elyOUM;cl;{(%0s>X!vF+cpa0obE1aIFCt9e6e@ zDgEz4+xB-DjaO2i8)h6GhCDF~3~_3Tpcgq;eDT;-K}XWGv}(Elt)D8?`Dvsko1&6@lpHHZy^+ zkcr_Gr74m2o$TOHtBYX|w?d+!8`srkE9FEt9SBKDj*7h%vgp7hdz*&=2xYZPcA3`* zNn-tSR1@5S>mi9yFM7jDt!yDP^LgJF{Cv%%hq}d-jcw4|nGf{d=uVx@$8`-)zWq7@ zALUhp*1bEN$lIp2J2|yIDRvrtm(E!q42ec~wWStXpTRkqXJ4TV{0>tM6tDf*TCZl} zmD#?2&rh#4EZ?~~ko0kjL1z$D@$v~&6u~vmahZSt54#X$$twi#3Z0pw+(w;8iUT$zkEk@zm`0tFv}1!hM6U_-;?Ks3s=(Vvr= z3ko*`n+-h|SL#z&_D0>|^s9hz@nV~%I4$+_)|+cSldG$0v+pOe5VjSqw~$IFkM~v0 z#Z&hPMKc67hm3%9xy4zL-h|-o6rajXh?0Giux=;)CnW~&q`MW*DQyA8NmKnP^_~$6 zzyC<1wq@rgR&6`~cyMjPDRCh2#1t@7s{FhLuv%Gd6&P+f-K0oeR2vx}7i0!hYD~M; zQ-8Y>k}!FD8l|O_S&=gxu+@Li9|BiY@~RWDl2P;@Vqz7E;?dx9Z0p}k=EEQMi0i@# z#pYrL9d`#Hn*hd6oNs^nKqDl8bfW&W7$MCTOzV4HL^DcVyNg&m&QmT9 zKW5BlG_zN0%pY%TLFHo$@n)0QSE^H)j?zh$va&8F5$olOD-;R$ChQ&5 z&IkNx9RAI#FxSwCWoy{n$dUi|^+JM*tf4I{B8%Rkxu!m6#^Ffcib`;a^0D^;UVeYL zU;Uxp;Juh(N!_3L0_LrvZkZO6HtqhfXSuY@-g8dGK`+H*ui{&$rs{sUC}cT8o!vl} z^vyn>IQZ-nLWR}1VE1Cc-qT{ds1blgZI;%^)Z}e|=~mR_MSo_XoAoqNz0kVBYl`_I zHLFU;%>&VJ9=Z`}!u!Xe_8Np)%LE=W!I*q8k;M|m$}C_5_&Q>f); z?`b$ZzARcfS^qHlAl<^HBbwFU_oddL<+cSv6NHpj%8PLdpFXko%g5i}wc$A1^no*< zTBf2gr1ATTY=Ntt_tXe}_Dj)f^2`@yz0US6K0Xx}u$ZfAZOfEOq?hxzncH?bQ%=W7 z**5TfxwP%>zG@FmH;k9w$B$;Gr?M0jdu4b_ZjG8cD+gm#R4R{K;n;-o>(55zZCtg? zk#oAfIRTYfrCk}#qu^;eX2rVCFp{1+b)#yesYFvM#1U}-647a^j93`9AGmQm`jGR{ zv$lTZVf4^ffnT97xd?l|uh7=Tbk1gIVhMmSP&!XVnTTX(FJ?*BRVc{i>!;r=uHVAg zGLC9iUj_~oH9fU`uQ1h+DFhm~FDy$m1|j-zfw{vO=>=IHuSc=wGL@5)t$#~b-_*+D zMIKKw};4)genvvy?Dt-Ski}F@_de(RRFNT#AI8*P2 zT&5fFw?eD4P7kIp7gRbNZsr{r?KOU{t^hQm_gAoDsnXwrMOmehhd~s!>udR8=xlCgDgm-(l(GL2V;dJ_Zw7v3wF zsw&)bSn?~*Dxh@IA!Dz5GNe~E>(TP)5JB~z`g+zxvw{4yigDD0`eZtY+WgDBTFV(B zfBnWPF_d~<3dx7<2x@*xCni!_TU+~au5zs9IwI_=(gXc_JPn`~q4OnzX~}2)$%8dzv(K!ZGhVUhq&9;6HM2=rfAug^R=5m8 zad-Hj|Lw;|Bd&8so~^_8L^9cFnSp36Sx0e25;g?mHTSvcb%dPUr`}*f;fSS-%eh*G zu&~;e(!5E9NqVcvcsjS)E~rvf{Wdr>{PPR^3Wt~U!^O$bdE$r18@zL*bGERK^`8l2 zLg*|~>oGY7pQQ6~h{b?w%C;9G#?s%;Aw4$Q@jVe#qL4i-X~+a1 za|7zYzNLW=lh!0cx${}aOAr<9?J^-jCUgM z3a1lZj|sJTDnbXPOHE&U>>~#K#<#U#Fv*HWrwj#!zWZ~Jf+lXS}!@9eVGf(XA_7i;~){TcZ8Gk@;A4r4M25hCc>^#E&dSY(*l+L8C~ zKF%*41&HN}S!Q?Icub96mXntquF+U`5lUDczy6q>H|a?2yB_G;TU1RE^)Jma2x^-3 z|9Cz#Q@A0sbHCm$@4Im--L1_(B(m0!g%fQ$;WrpCeb+FDDxi&7{a7mJAn*QlYef7G zYVbPogGukeu-uKo%eWyWC}DR7>=6Wm5X#lf@^UuPY9qXj3?}++v{bd$W!V{Q$4(3; zn{U3(#VzvNE3}k~IV{^K#5X~h0R$P{rcu{9QyE3SkHUxIgf4IZ1Cvo~9$WsHVOx#qd%3hG=-8FqJb`SH{j7Umt) z_on09r;PN<6|9GtpRRj{qyNz5;(Z+nqYE>#b6(w1Ktzf}obvqmY=$vNC`ZV-%5&N} zwq9@STq7Fl(dg|H#>$Prv_mEmhtOiTY8%J%Ys^F$3eT(q-YOHCM|*Z;;xDG@Y}r`! zyw*Vny1y}5IhEJHS)~rlKGa8aKd<5Mpyi#WezkuL84dSz-ux8BeQtu-%z=QN_ve$O zBMY*#aS_yN0v|QJW`5U)iB)9MW`e6*znxQE65@|!PPo55LO$}y{Z?sw_`mCzuO@NT zyVLv2{q6Pm7+m|!)3t;5-uDJ`we2%gS9R4OA>CO-;9EtvCa_~=>5IR=CPF5h**Bj^ z6lnN#b--Qg{js%g(}B@LYs(q5j<6EJtUM7j?oqTzjYG;?b zW5<~m)W6-#ier904GU2wtVKT|m1Welc15!!DgqT;XgbZ%u64Mr<#N6P^wM^nd_Wc~ zkmziXwWhhB4Go$)ePkM?OKL5u$@V9MLO!>O^lzs#xY&PMvosY`QlVPTj3^Z2rp+nm zd}*jV^GAqKiq7&CA9ueXhZ82f?`hu$i^4{zfbnD#M8rn>`h1;;S>>kBWXHMPBI=j; zP*d3MGu`3E+2dXYwY-y?avpUb-)udenxDjtXlDZ#ZdrLTx45-QZH|leG^MqfOn0(# znaH2}%eh|^2m@>5#Y;S}_*+?7Sp(S$#XO%v56O!fcwIO{47TQK!}C*3BWnA1L;Ptv zkuJvjj4MUC5gs+r*e$ktGT_%+&k8GDAknv7b}+kEzb`EP*7B^V}T#FX`OPhC$t^?d!+Al?z@Fj^v!+nSJ&? z7Ix=9in!&&!X9+OTfQ?>kiRzqcrJwd`uxucsQ)1|^po|kUT-b=3dhB}1RLHLpr0Fe7AOK=I6VHps{C$xd3)lbRAZMs5q(l#62eK{nj27n`P=W*YLM%p zCK2ojX9#&oJo%Q&SyrcCBTP`MuR)Uz+rDG#t#)d4{{=4{$MWdc=I*Zm)z#eAsuYp|w?)p@`L?4d*i&q34=02-4jgctO32KfH?zAgDSa@lMDhCGd zH_0sO-hN`5?G@0O7eav@gy64*Y<5gTkYI*OY%L+364>mq*EiT)!FN5UBk0;1*F^6kvMT%fM* zM7Hh)mUqZOY`O2q?xufNw@PPJGzpu74kSIEda@_6{JzoEq}A3@?7+#DF{u>J#jw8| zaKGxqi~{1G>^J#@@~fB%bdHBA((~dhVwo#I_l}(n`f%(mm;;dmIjfqD#8!Yrcdtb* znKQcg5|^z8np4P(l#R)vU4a#+j(xLgc6kqb#&${~SLMn4POMt_RH@Tjzu9ZHZM6~M zedlkutG<`GQJ5ZP<$p>f+Fh9^`GVu2ZfA4kK%aJtlV{-SvHR_n4xNKLL@)Y6y8d~0 z=YI3Xu8$r3)Z*q0Bi15+lXGBoz2d}wB*PBxoz=;?9X%Si6BzOk6+9Xk{ktPIr?;>J zc8>__*kjoO=Ju?fHw_Pxv^&R=1cM=bQ=9{*<%1nEq5q3WHi*PveM-MA25vck$_(vH z!k>VL4>qi(F~Mt9T4(6H-iDKl7cVZ1ptw6W^8~EMzf|pZx?dcDMzJC zh+%a2D-6I6zOyk=q=B>hverT`jP5*)V!o=WoC>gG=gt@3Y?5CbXWwci&At$Nz=GSZ z9H7TKCZ1rSvs)?9eZ~M4wqk2ex)3d3;E=jH{W&o87utkzk1@(eJCFeSS#H!oSy_8H zMdatFYM)NBy1PAb`*`%)$7qkJSwr_b+x>CV3{wXtko$BCSPS9C3#uF{vFa*Wv7^^H zTO+BYt(ONop2FUqoSTcJ15d6i(<)B6v-nwO4wAzG)Cbq^-SFt}WnbQ|t|mo>Z$K`p zh}$DM23tr^R3&Gpi_vLn^>D3ay;x%_+M%G%-5xy`O@iabD?8dJBT`zSU*IsKkqG+H zPdeUhh5Pet^|gyIm>Q_lT;_nCve!eNW4@fdq)%U%hJTJw`{cXbT@D~Z^Ve~45k+@$ z&aZ5t_D75R%>bEJj@sY-3Zp|h_d53yugmOlqbu{ftztSUgJ}OeAa%A+^Ox4aS^|B0 z_hLypXZY1A>4V5&et{H$KHvUTB~jr1&!p~yr=Q$Gs{|#{8}Ngb1d{p?iUjXjCLK^% zp62dAMl59@5bcJ0U|+mkmm4nWbrp3m^7>$RDmh+xt!I!+!7RsF#4JF|W`WttW9p+v zo?UbU2X=%*nMVcj(oCFlz#03o@t72fGB%Pn&--4TwENS|jGbD)>gRceEm$$4=pZ{) zR_AhutfsnXXzlIUwnGp=>#P?u#m=n_$;N=bXaR;*M`A1Bg-UhYjll$cUj0!MYWT2> ziW)3xX}(23j->r`zXQNkiDQwTWpCQoGpsg%u{PyIby_;q^}7E_!2J5&rV<4usu+u3 z-~Iaw{rAi1L-BcYcgKDa^)DYKuZLp^pR5F8HA6U)j*`f1m}f{gkkf^(_}mu0am?=* z$9EaR_i7X|U7{Aso*4&Br*e~`F`X*$kte39J6~|FYZ%g z&zML@uPibun%x~%48YJ2QujK!Q+0^7Aq7skqbZ{^9Jh5J4ej^Xv|2K&XdC;nSFX4d zi(Z-Jz|8@G_2gI11zZU7j_X_FIZM_}wfA2q33B?g`H^NJmAb$Zsy7n{;<+%oHsapv zbHK(qvLW~!yBD(xtyWBdiwiex8?|1Qo9oH@Lud4 z=~r-7Q>_i(&|Ge(qw2E!{#t%v3K@*zTI1AV_`eBL4F7)8$wP>8;X7PFM>dhvxpMR% z&aKmOHZCw@3&>fF7nn8EboK#i(q_XXv4z`ezIvs)K%3%dQaFbzV zj>isK5>CV>D~%uKz&-KOmYi6IQk^@F-L1o#gNZ?fMQxp(TLPx*^@icwzef*o(0GBc zhHcl7V$on3YJxk4a_QjE6XSN_FF5BocUlDdOw zGphY|8GTaDv}~p>5aFWxzpS>T+ zWrGgD*sY0|BEO9$p>DU3Wv`8O8sk`PIm#lsto@8jr+FT}l~TL}XK`#rax41MfSB0A zFk||JqIhK3LHu}4qgdR|_cwek9jds4{_1an2uV^ytc3pDB^rJdMF)Dd2qjU-!gVX| zV2~G<{fq0E<~E5xC?XFI=EpC`Ldos2J=11B!|t2EL6rA{t`Uj?DdD>Xj!cy4gTWd} zU0jqmrNp02<8tV#R%7Uo=BL-%S*-o81drC5-|6mueX5;`3mO+uh^25AL~@k@Bhet@ zVxBf>`^d`BvVqtX5Z@Bur^)TFrmK4myS8m?Fx{*gP2^Rk0(O2i{L<+|4CM%BdU=PB z6uk3@IKT<6D5_SUN;yBNp)t0sz#;NzndLM;^*v}C-z;}T2#v(7r%PvM>+GfqZ8UxU z=hDbz8qCsCrc^pt5x%p=b&QQPRh4lqA9BS$C1z?#rckB@0g8U-XH$Y@tdQDX{UFXU z{HS>F3J}R93|wa5 z0T!a&=17gmW^gG;sY0{>F;}}((oG_D?hP&YC{>r3Adn_hE$X;dv?piDDB-#AkI*%n zduGs6I!kBkNo7mPi-Qsg@P)yKC90#?oPTosq^U?=h~Qrn>vDmSFclr$IO3? zUQxU)U75e?Hzphly;xc1CvpbI?s4{?#7AcHmG@TOT^e+&e;k?CS{P35@dfAQkr z5Gy)t+$({V@01qx@Po}Gl@+=N`U{vmOB!caD@R#!Zhbpr4O;G3MV^gbS%$ow!sWSx zH5o+o2s{QEqudfJTvmlFsc(lJ$U>F{9Ie{+iF>FDBtk@Cmnc5~pyQ(F12A4QUzX&A z%XIZ{q4QHl#weE;{ewtm@8(jHVQ5%L^I%L&mpSKv;36@gE{`%46OU5j1oq?0reV) zEc>0D*EYHO&f}=IhpNTN_@lp9^R$$H!xvP@d;p?W(64)#SbvK=7Os@9{7o06m!x+%C{E+IvO?M~gt}0jLsDQnPHwJPP3&408F$1Id&Ev{G z%jOwNIAOg4Katqo{yd+`P(2?IE#YhCl9>A7lM}Yb{49n{ZXn3nRTkyMU2(teMeWTl zNkxkZy9TpP_|_0h5e27nkhZaREVMp$HdQC9>AKT}%-UNH$#ttAn_oWg2)(@e^^H;i7h~0}?`a;bxiNIYirvh;x@Q=AC%C31oIIz_>WFg~KpNe+s4+9mBF2opJ=1igK!y7GQhk$& zj>Q3B_vNLFxebmNg8%A0Wti%1%WN+VDR(}XqZ_j~Cm_hyF8QtztoV5_CO;oA4)`X} zv8$`;Xo#unwnmG{XKCb|Kf`7eYJ?DrOQ7xKaaX7$Fs~QM!hQ1@U3?t3Rr`kvnfAMH z%Ud*Pz#Pf?eQm6DTo~yWbyLlqD`kJL!UFY1MI~frP}WY;;QPBj%TD6Y4Mjb(T$>q8 zjVnT*(h2!hOmpWe>27y}j!7lIXh^G0_AVQWmTGJ}{0)6Hb^6}?>U$3K($uv`;mYC% z7CvbR>S)E+3&$y?ww*DofUAg)Z_@5ChTB%QhXORYlX>*~QW+(9@X&%vh_S)^&%e|T z!Y^*H-rdre7N*!-)oXn&12dmE2O9r7v&D9K=&A)OUIw`1o8jH-m#O%LiU7dYr<0|gg>d@#tSp~ar{&6EOelGl*Jmj2iqNBL` zO=lqm8X^63BA_6J(tfGc8LH)zAqy!#t`oAGD7|Q`^A_o=8?m-I%}1%p5Ajg~Z!bz$ zXCrPL4CXH`;mQ^BAs%;*7f2R683mP$;@m&<85~x<+1G-x*v>?jq~$b331XIYHNl&+ zMrF5LmY32<+SML`lgkzoUyagL!if!n<%;PePR)zyf#TXofeaZ&>0t$yzu}>VB2mNF zq8?@aMxUgh!Xy7OcrbrXR;2IY^U?t=gyBlKrFV|ANj>81t1{5xlTfj>jdJr!8@vWT zTCN*V6uhkHcHhHKbBY_z_(E5d+9o`h6lHBxA{c>~G%I%xO%2t|LvQZ=di_enZhoBT zNNUM!o-G+FJ~wp3xvfvd$0F~ZRUY$uJKb7%xvtI4Xb8UGK72MF?uw8 zP!{7ooUgj2SB9hHAXQ#jicgN4AnZ(_mgVXzi{E`n2aFC@+_Xcy6d=EB>dzIOw~=d^ z#Dz>``(4YSK0Y6Y1X6hU^Q$!Tj&&kE79PIL(nQ-^mW4CF9zsY0_F>ZGl0p4V1=|Ct za)_xVMN*iP3v($QR>-E8&7E5qZ*QtN zq$df9M3VO|F|HN)CxBj9N+st#^VsYd!=7~MY&*ew%s6O#cNU&=x_rP zvphVmg|BEE{AVQK$D`j9bqsH&*{q#Zb9OL$HXtu?eDAqh{~`VQd=ES$VX-Tpg# zyk{CDmgLC!QBV6QfGJ>SB$aQVd^9tP98CCORz$X`Qmihu6y+Numt0|}E2n?mx;9p3 zekJSYa8A-KiitWrc>gQlluPGmG0MIefEd1{8MHP&jcrpmL5u7*T6)%_F~2 zydNC&TMk*G!pO@n|GlD-A~RR(HCuo8#5IO~nE*FzrY+(A)v%u5;*snpI>LCF-toP= zy_H3h>G|fDlC04oLANXTvhQolo_ia=JTyLV%q&_L-}6sRS?O@=-^7U0*Ed2oYj`i# z?#{+{?)@FAAa->2rQ8eOCpf`Vs*SH{urh(iNw?w28MmJ*%wZ9$XK_7G*S>Bre?6%^ zL{5m0zRC}DYB~3)ky&B#qL@zxaU(XRia);i<_bqQmGwp2vF4HO|n6l7^$cu&PjqQC>Lg8jJRo>>Mkoz!YOED1? zd^Ej7e`vr@bAub7kY8#A^fR!Vy;t%!uP0w8Owa7l-Iw_@uhBh*-z%bY%1MA*P*HtX zZ_5FViSbZMZ(Ftz0AR&o@01QkiWSCQ;-^`cq38cuTX;d+_gIh-!{^@#TYF-mwWoy( z#VdMtjNhhR;f!{bm633J9?RMTfO16!_im=aNH`4-CBacHcUb9bL&BWCy1@{ik&H4e z@&$FvmCxt(KyM>Y!zrsvEK(#YH%psESjKLGe_l1VWf=ZdIm~Q6X>9dnHe}DzjlJG& z4bS;+E?~$JINbM0zC;rbYRK`fb*dnRpl-xQdw8)8DFe{fm_tO`*pj3fmZ_{FGJKU! zo3-Y;z0_wn|E0xDRHwVys&<6UPoDTu4s7lKkp}}bHxfP`LBi&aYh5KwvoY`-C3n1l zrV8X&u7wqINAXJ3OroT&Zc<0g{tzdc)fu#SN!5$E`OOC_UNGpFHrU|Co~y)IgbojW zb5vMmf6!kZEDZ_qrQtW!<96Sxg)k6l2+9v>W#xjZBg@(q0(@k3i0+-ApUVIv?wSbl z{)kbsj{-4jYsvzVgN8pQo;MqFwwX4!d3o2$nY;M<6-HTbC3Sxjeog?4ian?PZqENO z5eiVc9fup7-8%)Z`iRPw4vPcBWRWVgQ9w2@zY^9eAI9HBRIDljN>$~%_(VcDP79Pz}zZx!8k-K14Zo`F5 zzAk8hunPDT`C^fvh-Crp%_`DvdlA{w6~9hq@}#FsFwcg{hA?HDpP$A zM`t*G)=SLfN@wg)v5EqvW#OBNj#e}=5x{%>Tx|%-sqvn|H9>$&{}7#>$=Zs=KXfG1$_l^uO49%dn{4 zzv~+nBt#ITQ@T?+rG}xqySp2trE^Fn1%~c!5NVKZkOt|LkbXA$&-?ma@jUOI`?y}p z!R(Ped(XM{XRY-;Gi)A^7G6q?s|mJEx=uD?QlTUF_q7c4g`JhloE$N3z;i#0<%n+$ zr$;O!G`dX2$fa?49e&qP6wz)tX8cvh-jE0uyRWD6al43@()>}%0P&tcp>p`zUTBLn3=06)B2<^p&D;k#@bF!1pA5Eu0O znI92DIz8aOng8&IC3MEVy*ZnUDd1g|^?oD|I);6p_&IJGpD113h zzJP?a_sA3SE${IMoRR;T=M}QrzrPo@EukTxMJ#v0n`#nZGo5n*2ZwBl0=)1UZgfqH z>gD}{Vt`K7E&Lgb6QvRH0DN&zQ<7|J<|7fgM-~A{B)Y|Cq$CVqv)y+P8HGk=qnh3K z>$Qb-H`Kr}wtJcRGQIf=71qrMKU+Rqr%!Uwqp01REJb_4Z5<$(jr%Z~{UjvHDacT> zy!ts|8W|40J;eBvt7+sAL-zt@mx!#7{1I$*_@Ga6y3r>VBb+3+hC9Vwf^a$mn)w6k z@DLsC8yfggUKK2lC9>kywgNG*gjkG$&g!qvSfIl2Ha0N|lQay~=U0?CB;QWbX*u6u zU2xr{@UFO3J>$H*5r4~FwDE$L7B0u1){FnXVI@9WtsF#=`RcOyyHMPe1H}reSaUj@ zsyH*LS3@d)uRcbE_$JQYg9zJp1|$gJc3al4M`!hF`lT(s{U6?E+1k)EP+n;ZFMO{OaMN}? z2^c)U;F`AF)V}|0err)3QRwQ)G^j=<6eIG=UAKa_oB0Z%DwxmAjr+iOjNZdc-EQOj zRO6Zg-|+>#%v+9Ts#?d^azW%Uya=n3MUvSPWTRTdjM!{g9c%h+G?89mqI^2%+X|lq zou`BIf%yYU2i7?|>t_x7eB734ixaMsd{4PUIhIyQdb`mg6`8{eB){}maztZ)@2D%o zVaIdMXEIh}&fX1*?Zv+bUvQ@jP%KG7&|T}?Hk|KMv+v)3-8)fHz1ESw~2gU$%MlyN&Gqby8hO4YVe7nF4h1gaQvD%Cmiu$J@o8;u0pyu=1jp zr&TA>JHu}mNi18kukd+G)?_UdWK=>$5cYvzdRAOjB}xcAqj`_=cWN zVLUXev?MXlMz&nseRdTUE**7AD%$abYY15!-O{e(}5+Rc4u4_}6e zX+dX5b5WNysl%f~h=0P0WWNK>%^GW}vdtnCA~JU7w@KE?y(pV8B~DLBAEr4j2Ed*{ ziTNLFbPWfQ=(b0QCS1wlq1SimJlQy2Z}46;TeFEh=jR4R74=B54Zh$AHnfI%51sN! z-5cA`m!h{aWR~RPA;NuyG?-#``B875BafffJ8huOo4VO6Cw!awSzV)UY4Oyehxb;J zZNIALTGtncZ~h08q>ljBY194$6>G`L*n-I7k4hw2-d^X_o&^t9bdhU*>qsoM)NI8B ztTcig__l4(!xi=Gh(3o@kut;^?-i-SijzzMoM8++dXev#S?_k_*V+&?*fjF~%<@Xw%sNbN2Ne)gbs>+p4 zN`o#7j#HU3i$~HBs zQWF;m^xE;3Ca)A$KT=9XX}vPWr_Nn?7ya&jL?B$OSv$KGiv}h=s^wc<+==M);fn?~ z-~8d#i>d@zeXT_mCZ&aZNCa)XLFvzjLp8NF+nit>>wJo8lrgcO_ty;T*PG%!S>7z- zT(YJuns@P6&yxF`j|Qm{?d9Hucac8PMbi-wdpliXGX)MzG3fD~{8@dbeKZ@OPL4it zt>=qFFz%0*G;e7NJ=i}Do zIGwM2I2TY`wWCksKd{Ck)p$R8Zo7%@`_vz9Ecc9@ntp;K55$nsMl( zW@F`sm+OB*;}U52F;dsf2QPPqG>DRr&9cipsu!biK|guSxz~feDRS1V^-MvcT`$yg z(MQbafRS+*jce&Jtm69B+uY18)r^_jfT&F!Bq~or`hH`#FIF#`xuUC24w<{>nm99X zJIIin<9$A&Wr z8`xmwBI|@Rqv*@@du#a@BH5+oEE7cs3<&en+C4J(DCR za}TuTS$UI8-MEBV9ChFvcA*I^;7E>7>}O}-de4GCv)QkrC|gmPiM5bMf&_~CH#zj) zjYRN^bl800Cj0cJpzdk?GvCsIb6@_p%SEiVeMH9irnwP98fA@|h!nZg7vS$`A`bz? z`D;nRw+M_dk=i2RbvfcO!$6A+XMS$ICpxFhO7G=v^H7062?<8 zWSB%<)dwVtcs z3=#Y@sg3`0naWaMFODl)V`3&9}ccFUJkzw`vl7 zq}=$VvZ8lq=KGWOc*2IpWnz^J&s&EMDzS3iC`kd5L$}7jF)d|~l>^NRYCgJup3`>0 zGJbT{ZF}`K&)OfQq>^0{tuK0E&*>KZ1O|CH^qaMe%6mo@(qDl@8Chq-vz;f|h6#0l zt%~RzjPlgAjSf&cOigf#WsW~!P;6K2m^f=+05_!WFiD=4p(XjsS}B``p=I1sN`12q zpOsV4dIH|drl84josLk+l<_C^m)N}lwjm)cl4Bep)Lpke+)FlIYmQ%RI0eGoLP2@O z;e9`4>m#IV<3>*5yczxLE9o^_o#QLEnmXQ`dv?vKkCFvP2l2_OZT~XBW@^y>yHMJn zL_3Kk`#PsSe8_?lj}^}s5H%H(8j_|Kt)K7|rU8+Rxq5vpcHy_&S)6}}L=$s@CB-%& z#y$y$Qsj!=GO}2rQjdj_j|2gm%%LR`L4eBP#xdf4pfoDsv7oUi&YwK?VtfXp3x@VNCFfE2RWz5|&*bV9&=!H}WBVLnAbn+KqPkO$ZC|NYA z-TJbEPi85<%XmzkF1p_G#Jz}a zabV6y)f>-3Zy{2!l%Us~MP<)qaSa1ml~}xGk59G3V(X*rggdVs$k4pU)TpLm9wRZk zW@Q71|5%LkdgRHAxD zE|w<5Zb5#mh~CLFR&N7tbS1%d(g;-v=Ws>ss9wRc?_Az30!P1g@aZHrIN6HvY)qQ4 zhK%P5X;ScFyw9q;Un@#I{1zHUttFYdExc2Ha^dwM96JW*++1`r0_GP#j85v$2Y2F1)8KX>Rls*9-nNc z7SdhyzT{phr7slr+mu_S%=?(trQ9oJg0k8FO|g_<#dj)d{fbXY7^FH?W-E%W*Cf6l z8)2#&DW=J2oFl(p-!Unw1Vg2GQzl;l-NeGS`TJ<~BEqF-7I+cblgUJ~RAGdtp{&HA zmU_N-SD$oZG~lhvAac8vw&oizHHpRFZ`Tr`uO>{Zc9Wh{^8w$2oL0~!&f((>zvM(d zqPt+ddC6;9rQ9++l5U5lGZnI|SOG_Zm=92{!G#izjt{JJhgD0;pel83vEueYWUJ}vW#7Z zvFGhn3>+CMn-xCQ2GU3$vbmna*jI!0t97pnpvz36t+wsi5E7HWi;Wf{U(YLxO^+d_ zS@oq{`|OzxMYb&z_fiAwUI&gP!aOegoDkp9qtKgl4%2Tqtl>1E{rd_z{l2wlK0+tQ z#=5MYrIj3XL$j?=kE6|=n9N_^bEfoFuR+Jp7oEQdB@H8H8`eV3-_#VF!k~sXi=wRe~nw$KB&alSrd)l->LrzM{94B0yEf~$f0-$Bq8|2eR*f( zdF`9KAF!NsjbM{eG$`D#BoK5<`+qGP;2NxU^p4k+zbg{2lfW?Jy`-6sCgSIDJG759 zi^1oOZYuL;FF4|8zMneZo1As{74-_oUs(eKkP2NbSW1zr*x!Sn!*H75jE}QIQh%v5 zNY*jBhvF_ArRmk)-*0%(mVf9@j_O3{I<_4X3I=nPgQ{J}GOuZgVEphokU#M=PShD+ zeGLzHqa8-&I=U;VP^JD7{ofO~ zAIYl!4o&Jw%r1hiBPP@B^98VhS)Gh58{aaL1QVMM77@q-sgIFkgx3!k$RSa_5k-qq*A zHXC1|KEK}SFy0rr(w|bF887^0!So1LUj7?c`O=P+CdCda9_G|dwd|BL2O`X8RyY|W zZ5fjV4mBq7wf+uRgAL_z^Dev7p+N*39mHdizUE_oojr}hETuCVfhfahkqUvYlJ6LK zds&TonCXw~Z*rHC-9>5|2$GCaXq)F)7AtKva#v8c*F$>~D=-dR_ty=uXM6^pILn)$ z0wE3;1hJQ2{Qd%=2r~YHZch~}^iy@+F}g8(MhuuUFv8uge(XW;pPlL2@^!D> z$cj^A@+o^D!+M2-WZT>p?XHdZOJvM;in^E#2g3h-DBXw|oh3j|;kF@obs7)yskAVB zgaQQXJKDLYhFo~;*iwL#Ym?lL*&b-rGpag_3ziuJPcCrdcktdxe*Z{=HKX1vQlWv{ zWBHnoL=3UX+7p*B*&9VSGubJ0C+Q;|VuL%KOwz{`s9NQLE%wN~_9|B{DA1Oq))`l5YR9B{TQswI&n8>UI|5sAM zS_RExX~$tMip=Qp!+GcDZt@s?qy7_D_dbtJ1P~1l`~3VIp^~8iXZhuAAxr;O)eAl* z1QfS-VM;K88~`;TdfBKWRE%>rS9&*sqrfKq#!=zI0j(UYsi@g?gr0NZhaLqcC3N;W z|59^`!g%Nw;a^cAx{fENr9o%&ptk9 zm0<=H*&os@-<{D}+F3p2%=-T*8t#yWPR1f8xA@yW#-H7?jQPn`#YLz?D2Rz)_A4k? z8;pXqO^YSJ$l!5f$e^kVu%=BMY-o6Qjdv7{sq@iF(QY}$)o~9Y+4AOmkdULcae|`| zB!1zcbFuRpSM_*X#+Y9;rzC={sNc~&IU*`JF^0?_2>nbfF4#++so?xgo<{Sa?L;+i ziFv?+&^^=!g|l4Z6o$dD%I9h62MKd47O`SIB0}e=B=_cQZV?* zyJ7bBWsA%?ldX#%>LZntMqiR7pFDJoHQtUBd_Rr`||GEuz(*K=!# zg}J^DX2jjul}~J0jI3q-75Z{Z>#OFJjrXk5?-8nut0qO2M%cr0mVBK4MLh@=XNn&@ zjP_NIjf9+8M^1(N4=F?->w19OQ`l8jM$>SRJW8s-AT@WjcRia(BFv|(3z9vrHJX`L z#%~LU4<0C8M;kj07N~1{GtjcLBGG_KEjTP`L zS$h8x7i^yuD9>~MVH&?3lb>AJLkeL$FpsPK1225V=>e`wQykY7U)`cN6?=%nGgIL8v zCT4PDQqD|%CJ@9bUQz~~d)8ZG>?KUQ;l(D^1uC=%1nq?Ge=PC+urwnZmsV0+yOr{J z$>%lj*i^WLZgYGy{TqPnapLzt-ysAhPv_kYdP- ziPPt{>u8X}2$Iemz`33G45i9h_7wmiO5hulG!D#`>*t<%Cu~O!9qO}3ImgxWSM|(t z@$8c>tRb`5mdEFKX}w0WRnHVpOKAQl?I0!G&rVI$hO%xWj6da+FGq?rzYf~{sot5* zG~o4JwST?l1>Y8OC6U6H$Gax4s>*S$$|NxDhLbAc(V6*3qu^E1($jR?D|PR>Qm)c? zU*3D!w(vEXzr#e4^QMsuV@KHS1L10{6zW04M%7Kj=MPJE@nh{Py@d_A{=FjlPqOo9sf5?^Z2IhaQS7HUs$10d!t!ukt;o1lk(Id5J9l=i7-OhyQ$-4vm*XKnb z=G~IL)k_ggO-jet?MQ0<({QLPMmOm{i>H?}`Q$beD}Gg-EOiCA9$I|5yX>eSjC%Xl z(7k^9jR<*~T8>8Zw%h8bjIj@H;_jKD^BmtbJ7ee8S#6|}m`V!V^Ve?uelCq5Sp_}4 zEl?|0Plh%%$yUt=qVd8}W>L9>p2d7M$51+{b+g}l`Trvtk|p)u(U8H)|0xY2Q~}oX zB-}s916V&%f9PmxqYSb{jT;KVZz1&bC4j#eOX0U=CDCos%1#}~W_OFX@ zap=r0KakS0uV|j%8%~Z)81dx5J-`#g-{@*RuHQM%S6}K5*pom%4R4Ay+4Q$`#y?*y zfnPrgsQgUP9`21~#oo{LWcaAfT!7f3_G_z2Cod||^Q)44@}1e~eg42_K)$RVcf+;6 z-`vIIUNOcPTSXFur&p+Lz&H+(=$Ec8vnSs-?03ORG%9&O9ed{c@E{?Fo7RAS9Fpy= zmsE3JsbePaaJ@HDPHmtNdXpyWt5><$rs~ZY!EkrgUA|yZWp*!8Mp9~%oXa9jzwuH` z-0QxeYGys=g#eA`xux)LEU5BXQ4wa}S=F#c^uQB>@Y`+h&UT+$1d#K4O{i|dD4P3c z!!`oSxn^eL%_O}!ZqauOUscf43-*sH_@+t*SRn*0 zwMKD?Zd?-I;_~AEsi>g6e1r^W^MuhYmznjqIX^2ybo?uPO_EOPkeAl64^S6cSC1du zE;tvG4&83npx>it1X9;9MJgNCu)P&J%D1I*I|Uq7=Kq0Z<_dnBWv4}t^r*hx$24UV zj*^tdLFK~ZX%8MPNj~0jFe%2?Y2M6$(51V}=LoHcv%8&>3Tj#c4+%uCl1fCqE9{Kts_T3rI4%t~Nr^Ul|H{(`U!D+F)&@ zt*-gh;~)%5CQO=}(^=*2$ckTdcr6SQ^e4L6-Q3iui#ow>AXq4lp<6)WZPClyGRYv| zQ8d&&Oop18FWZ7YJ%vj+S5{T}vEP`4L#Z7{hrk9V%F$vS@{uL3bw!qui8~t1MUaYY zL|aw?8GzWO&Oj%rS!^)VT%&QnRY`==1FDad9i}*njVcHFY<}P-0S7nR5Pas?q7u=| zOHqg=Gi297`{02RxDAy3zmO0$>@{-!p{wz56{)tW=gvct+`|Kmjx|yATsjG+PAlJ~yNfOenm@xOa$(cmL96dAYq z4v>titorGz=v~Xd*jI2QPglcc(Xp3Xae_Mj5|4xi=iez(b1-qI=GMbvd0CBb-uyzT zf$<#_7y&wA4AknJKCBz}6i*3$TCRORbM0MwS$l9Zac)jhnZATx>qRJj1Xow=lZhd9 z$IBR&Q8AStTY7uFHX=3mgpS*p$t#r=bvz3_X&!I-kGF;y)f2)u3BGt+cm%zy#*4|} zdmcCL+D_ow_1^Hh4sG7_5*7-kM_<7l+f7Sr3esk^7T$ePa>RD|5hXWes5go-;YdyZgrq8^ESQl)AX>aQI7{MtMm*W7M- zv8G`SXh7N!zJ%rrV&rl&s*vH^_qxT+j~G;8_kY6qa`!6-g**PM@rS0L4*BOur9+I@ zuyONQAMs9j_XX}&nNlL@=Sm_mpHVaWp!%NL2kX$*e8_lk6wtN*0^0**zLto1}QKn>L&3 z6-D5u-*Qn*{kKEcCqD1)_HoU+$ISA?DAg>6s&(gezV9;G+YEUy@vHh%TPi}wSd%&a zzqxg5(w?PXeSbQSs4<=2bXTy=?B(M#?OcW^b#$w;q8!Y)-zBvkN*LEh5M@}h_T2Wz zvOQ|&5nk_<&TcVp+jhs&_7S4T6V>N{^4qr~4u7*g{Wsq(jckX^>$+NqA=J4d!dBIB zu7m?H?YNLtqFJF{-}YW!sH%~fC926CFt5KNtn?dXJl>ED;})e7e{yE^x2cWKxi9Tx zsh4&7P??poFZ4a4T&`l0Zx6oc6+7PP#TLlAw<4=6sx?(eDBM_ z4oUT^95rKLrFDm>Jjjea9rAyvRvmEsah4c(fMl0v~oFWXP}s+ z81!WxjTxc%N4BY3&I_>e&g^hlZ{`!h&r~X)zj&44?^|cJi&!*W+D_(`@qL5=BKTRa z^Z5P6ITRF?!w^{XGO}8|$2)PdOsO73Z*106lU3R>LDkK+i=t!#+2XG%q9I!N$cQ7( zoHszUKDD%jo2=ck5@YVo7=`w9tWK>qRBokv2^&`Ax5n&^a|$!?2wBJ!h**QiGa8jA0R;b_Kje?q|lA&>aF*|+i3g_nKb z5Vxb8+Q&aDIP#BW*Y>kE4h@vpO6043EHPHBmJ=rzdZTmrh8uXRFT~-l#TXid9ijWH z&kq#=Ys-U-p?YCVb$IopsYF48$z%#Vy1v4lI@B|#L{rvHo(Wv&EpNEKKcQGMlBCD0 za2kH);jf4ZG2)8J#-4%dbT3HksYV3zxqACwqX(j~FFti`BIHm#7GqOE(0ISJsM z)uSuPNiPM&XNNlJ5i8cLN7+&mXn`R6)z6zv_j;3_O}~X*1Q4+}({DI53HPGL z-=ii=>1%i$D|-~Br_Xm1RfTZlOUWV{)yFFhkj<*!ak=-+t^LMyXHu!v&1tTVD%Bj# zv#ye{R!lCRcqft>ccvY9Vf``qT-A!?@)r`+`}*gi7}*){UX_$ch36+T{lZA3S9FGk zlXjS3n0R{4AG)5D3}HrFRaQ8lp9XZ&bt`mmwxXrZS+JR;ZIi^PnM!ohka}s%?ZvMF z{$_lMp}K-`f3LWRBioWqcw8C-vqKPh8&-^{MN+s}A7Xh=0uI@+G>~oTPR|0f75(Dw z-W!Wgc&|#IJs%iOK2Q2&tlR?%7Dbt@-F_n+%XX+OFeR3RgV?MhSjgrKt;;*BWc#~O zDC@3r646F&(Y7a*-6`Np`%tS67=@VLsMKxmzGEtq#(|~$D|81_b23G<-{pReI?zg64Q0CJ&WwCaPLzOLsT%0`I1%?r>&(%dc?2D3@m_N0E?j6}Tc*w*p zeop1`02M>ax!2cwRw48`L7SSv|D}&W@bS z2=H#nkfb@y+u0v;>rtWvBR9(V89mTDsq2(9C>MoNzJQLm9&rxTa&UoF*#BjGtjsgx^oGF}rc zAm{DKhJYqeQ$h7ZJ?f>@jN*hTm32Bd8*vkCiO!?3EbOU1`TGF4_4%Bs?1{-D>Ur@V zB{lKwVakCC(%?b?_0Cj8mpQAu*#xO)C5924;tpky$jy1lLslH(b>T2lHf zs%O#`T}y$WE;55L*?E3tZFGKvV!5%tt_VRU6Q!-vM7Jwp<5^8dC7*inBa}mdpjB8a z>7-oh98|D_v~rvY`Z9D?lu@izRMtBWt#G1k>j8Rg>6H;rLbJD$ z1WM^4#Xi59urXr50+hBKsJ-p}`sdqbqG}ZP#JG_wsG@@O#`C4V%tdsE@#EH2TfCK!MG0!qw5jeUmYA1bxQC1Z=Knr zR|yQ|qkAyQ+4ngP-S!27>JT{+F~pF%ArPzRv*vigyUqFb>zX5P%5jp`)#JXF^5>0u%JG!KnnZ1u zL?#-sbAvtmC4hMhNUoIV_)p-j{>}neiEb4VKQBF7&YcLWo40mmqmQ4dEx?F_XFPiQ zw@_KCP*fC?cVKHBi=DfMVflxG6~oIt9Oay8 zE{*H8z;++THRR7`9z5LP5F@^wYKDUCxFp`O-W#i&rwWwxys4vl!zx78t66#xJGJgo zp@Wx)d~{(C${;xVd3HNr~e0s-aK{3&s6?$lBf<1B)Kxa&mGZDUx zm?m}69;p4K{jxA0L%9htY3vMulqBRTdzs70Z75x_r+VmM< zL0hY)l7U~OB?gQIk<;3#fcrb=?oyP_>`_mCYx{_aLkM?rV3Mdp$}hIYrdCjg(WR2@ z7>gC8c>!Y@!G;H`{9cPM1^nu|MmqQF6u!L2Gez1DGwWWqSH5dcoejTHv*9^`4$i zyKEF;$TEUIS}4Z+)1&ELt(uRd-4gjPk?erfOlNFTQrP#d@~oYZ1YS9tf{1bS5kA!?89*CH+BU!g zGdllr^GaknQ$0CRxq;KUYxk<W2~G(W1kv=eWL=Mqv_)%TM~MDH{;8N-OG~$V0QRAyjXAn{67g zUWUnbm{K^Yb9d0xwf>wA1xg2=y_e?Pv@2^BLh%jJn6-pq@6r)X&|*jM2EA zTmh9COhw_k^wjmIcpnrx{xg{#_D+yHvp_uwi;n*YESRwouL@-2+b7O z_A6<19mvx}?VAe~xW9%@om52R!q`H9Mfm`%HU3A$%b}06o^!e9SXj#CHY_o^0J&Cd z*bv^&U0%{*V$WQMamP~|p_1QNw2Ne=8Q(1tg<3+Vb}RQ@OeUMNbwys(OdM1|e%OmD zCHlo1*$|X-2Hh|ouU9P}yn;Rb$Kr%4b`?AuxFD{gm?~KaeV<*5wRRRFv@JOw_1zwH~xg$hoE~5F-%2@JM5{G-mN6=hBQSyoQjN zg>HihojOd?-u8Ujlsw`O!D;*1%40t>$`l?G4cXI5SaaZBsr%WQPRaiwdx=THFX6W$ z&&5UDI2kCB3kMl9(Rq0T5iZ#GaVp4k;q+I(%)!w;%`ysc)o_$$v0XE35b7btN`xI7 zRU^qrGqK0rBv=8S60}i- z_3E1+8KVThW|5}$1yA=!{#W)+g$vKX@-L*Nr`3Yrrx8>;LYq@f;o$L48oNJ}$E!?J z_YAP=*iyamurV_pTYn+pNS>$2CbE`3ZH4zc6nLiEtaTo*C^D6LZoEg(VJ>|#ccz-x zc5lh{sK>*U1OF|AsQ8cKLm?U{f@YPv^92W}{8K}B=({>zJVc%~fqFSrmHxep3C~P% z*SlWL_4BPv*D@K+fonb_9km&^q#8FdNGY*TF*CGz7 zi#?+p^#l>W;EI=Q*EDElPow`*X@|2JPPvQzh0+#|S=EtEGH%ut%EKMrSt+d{%6se^ zEPUl?j(=~jXP&~=7f4=gF}?b;nLBT9u(DzsDRvh|#0{2ts999kL6$(!^j10lYXnhi zt+Z2y{A>Yj!-t*MIH@B0OG-lsZT5XKgFZ3wnLPfhibi*qk2-yaV0313^#{8|bRmoP zp0=!i?K}ZAjYP+*W@!T>%~dw0Y_b@doG}SRXoEk@gXxrNepL=t_wKFFt>@prGhMW; zim3fa5M3z?Z?G zN8y!4t9Bg5yHwyVCCokec+w*0vWxwsv|ja2HY2xxvQSPfwqV>`7CDH|SU%bL@|5u| zxHLlvC-sY^BsrGKnyS#N67r8mXksRC_@zB6DHc|JaqZM9Q)h#*5^|HuiMQ!Unkfb! z1r9$`saY_K0voS{3=N#Sb`o?(I4Yk2q1jp2wMK?fL&#l#?lTNVFJ41+BM6Ra_Pb6-E~wAC{a%LLQFN$%CtYR{Rah5L=a#0 zH~4HQ%=PWJvfie2vc>T9AG(YZNS}wm#3R!d0OHlgDN&ItW2W(zXatPN14g4`hyizW z^Vo$mI$T3`T>pb5kATSKJvk(b( z$MUj&r^r7qs*8iNa36dvP`6u;+$Fp^$q= zWS1KH!7eaynE&0dzS}uP>G(OHbl(ADw?^`e7^K5v{5kgb@D@x_(-1)t4 zRjW^wbCXwt?2BriJE3v7EwnRkoK(85&{Y`R0?HRCO*?*pWUvaA^Jg+LHtFdk-pfAo z2QID}z9~-d;C#P`mX4n0P7HBF$#SUtcno(29vV+n#b_EZqYZwMK;}8?Qvq4W6X;&x zrNsudJ)6-b-1ii{74_*K3ET=bS~PxTIKw-Cm+3Bz>SAZG!?|rU-1%me6TiQt{|_R~ zCEu9#U+Z8%nEk|2tRdw0bUysv*f}~(#OX@lqH|*@zii`rSG+eI~0ee%w_Cv~CvUN{19 zBI06yJ|o&wT^hi-xws|jB6PGBTxXd@*}F^TXZ-3^x-RO)!@o`SUIpl z03!$1S!k9KNz4RhxTPlBMx_%+K($xo^J>}%z9VN|>yj0+gWQIFr{kVI6qd!d-FMXi zgL|vBp~AXjhCnC)XK*bY>QX%NPSe~r>BpNe6mBwvo zAI<%u2zn_*?kPV`43bKmiy$^Pu&Oc5N~n|~+mg5B#IvWxw4glDZx;Gd(&7Z1u;$J| zw(o@|o<==?3hSkv9oWK%-y{LW;=#3Q10^=*8P>Z!Mwq8ND2+9YN8^73%Ej#>bOcF-L{mb6 z_Ee)Lxle)-Tc19nE3GStZECwxVucl-fJJK|^vRtp(>rhMvdxEAH)_n4eKn&^4;Z}@ zRmOcx!5KJoTh6=HF8N|#eKgi#@jH(NC_tXC`j9FJ?55ThQ#WgdR!L;UT50;nEeQyJ z96aZVh2p9*0u$^|y1NJvYUwoj+X>V&xiP7m*qE4W0uH*ZGf0mWlal%pNK8UR5Ix63x55Gf zrZ4JJ_cvloWGj|H%+%$LyD)x=cz1?pl~Ob|eK!C0AXUhc6jM%4W|?FQf%(vH#FqWq z#G8ECqKf2^h*~X@r5ctvFGP=G3k!w#jF1-XE$smfTAn<}1ZXNo&6A_Y(u5kAd-yh+ zHI*#~Xo$pz)_7_QK=QN4qOmB4)X(*$AGBh?J@bVhr}XLpb~yP`=ef+79n)?D{J~!N zQ~`lKWSY)m{5cT$B_p7EU9S3I?9(J_+Q;nvcRFaRv-_J4sw7bat@ZV>i+lE(wBCK& z5gA0*D0FU$6FjTktMTw8clKo6hPEbba@d1$fJ1wpXKfMkNT(t=$TCW znT_c~*2O^l5I95o+VP2PZ){1X~n@^A7VpxL4GB-pd=$fRZF{6ud7ugiZW9eTT_s!5c|N zLqgAmjl8=wEs?}`LQ;O*8mg37k{%cp^!55(ZBaR|(U!VYFV(m)r3wn}z$tnAF^kU9&08*a-s!zi0-8`O%f>LH|{_@tG#M} z%gseuo{bgmrGJ97nve+hbXWhaeV+ja9#aNKx74qASu(wAs!OI62VD5YVk)Ym6DkkR z#8i#$_=BecLz^xxxX&oo=ZWAkwXJKb0`%6;g)RkNe?T5>R-Y4_mVGRo80!Ls6Y7aN zVp(615b<+?i06%$VEE>3Q;OsvOD9+hp?1_KFe`bHg(W50b=Grlw(f@zH=AEvJu#J> zB%&{`WPCV@YbX3=rBe2=chY)PcWfeO|7mi_hw+P!RK#-v*=`0nLa;3i82`W5Ak0r8 zS?K<5A(7%&m^8zu9RJgzi7~zC84pl2>0uXbzt?^P)TnU&Q<s`Ef%a{To!)$wp4b$&J@@V7Ak>iFQsPlUaV+>N4MD91hcnv z)`4e?JW!8@zqM0?7(+q3R;Y1nouUI>)Tu_zH$}z?ZI(bJ1w@tVtCb7 z)qD$JdtaRmNJ`UexV-R+6XBCw+&zDA|2Bg=OI2 z^E|PnoJZSALtb-|Xg=w-o9=~X@j&rIRJP{cz>HIR9E0z<|1~*#T1{~H&>m;zH_iI3 z?N4ueFZi@3J@tQj+G&weSr!*n4{&Tu6P3w0TibwCt)>o7qjBu?R2TO~O6L@`j=#1U znGF-n)iRd*Tsn;$u>YvW!AzE|g$TBtTR)Lmlzse2->_C8vBtY7s+?aXB_&<&K3hw{ zw5n6#z_XAdZ6q(Q%LXqF_bCXk!(+SB}jV|Hdx&&`Ip7nUY2J!`DZ{KXgcGU8TT&E_H&pzgzP*#ie1r*k?l{P6mt zlf>cv!C^-AnNoV142X#Y$Mj4+biNliC_;)A z*g^6wq@MfsRm5L4Aga7(<;s%>P-9T7L-%?jwMY*@=YjqH#CbXYPiac z6irvx#=GI%B+SWxi`Ea!q3StfClE_N4{W$pzZ8)s=sMc$2nxQJ1g%PT2(L9!%t_9d zD33{wQ)O6}6c$Ke;V~RUevRv%dl^z}If1ArUne*|=KubFg&Eb1>NP_O1zqPj5H)j> z5z|R(<%*$vY2_tkB<7O;VVIhJq2ja8(Ng@-fz5%j6{$u4@V2*ieE+q`$hSkbwALTz zwxwqVAveGv`ZpAF)JHy`C7GT2oYJMkg~Ok zWtNL7O>f$p3^vyyo1UrI1Wp_CdHpOJN@SR{G3@_FntokcikG-ZR)=2%Y;`ywQjN-= zeC-AjaS@Tw)uKxoW?ZTual1P_oj=%-NQ#vHf9Abu=hp8J%ad(>1FzrQefrAnS+_tp zE;ZCmkNkM*s_IY4mGxV%$=v!Fle5lwVqmiovy56wX9ZmHSa0x{T3DKylCC7MN2FCFI{_Lzj^(V z&{sC{FJ1I2_w}s0vG%^vI`ehL++AFgOqZD6`?>COS9sj}DE5zYw9lYE9VKFykysGGGIk7oEB4?%E`n;XN6W8`z ztk*le`sU8M&)Mp)g=T$RaZPIDo_UL+{K8D0-0Hr?zTESBMV)hMXzlYqOSw;*>E^Ax z5q&o&$D!<_Rka&%o;A8|m*T?Av&-YF^Zsr-<<|Z5+dcVv;-HJtC)9oXRaE%--n2z; z^I!TK&$a*d>eP{U&&~G#yLl!grTk0D_G_W@{PgGX}(7kvM5;(_l|fR6-5G*@`KLL zv)h5~Y>7s<1LhM-%nq472c88)jV{oSW9Gmspv?g1SEuv@6}_-v76D=gy!0^}jC1|NA5kT0QYjZHe_9ma?)kv#FT^-t*qmumyn}g;r45IH z0=U$1!uD@Q9;lGmm4#o%Aq!(yFB0%lzE%Eq<>|4&=WL0ZHw`l+eWYXe92t;-37#2} zDkAu+wH4)=Q@RGi?+mY8OpG7`=M|Yj{=a@dtQFMFp~qY4cAPLL5u7*#@Bukl#9a##a7_kNP#5sHnp1R=9MywXag#G_lmFX(5rdm%cD%4++29b zFX*H&+nlRwMz;sZe>d**^mFjXw&TAqpP+R;)kpLe&WeAZO*Ztl>ZOB#Qb$H_N%f{nq!J+g?QBx$^P3D;7+Bww5T@WsiRzU)@!LxUYq# z@?2S^^7Bp|6g(ccOlfJy8>qW}Zss>5KWfxzD^__Kz2sByby?+_iinhuG=+b&#bJ2Q z`%R|W)i%EGv-h#FbO+-DbZPElMx6b5)TOy_=KuiPFF)(TC608;*A-MF&Yg0)Y{b2hB3GyZdL$9BJ=kam91^uf51atj-_w)_ix#EJXB{=^HMFyAd<-J zDmnC1c3)E-9gEltrU4;~QB?%;t_^EvQ**X2Ud*UN$SI=FpX>6@uq_TcD+$C@tJ(-| z!?cfwD}R9XJNh@@0{w*BAMaON)MJ24O9zl8t%Cr@Hz1`}g#D*1R*Jm*We5%^*Ip-! zwdZSF)eaEmPQ*8GE9kH82%_aSFb6YIG|K}U2dI~?MwEJx3>eJ2+vFc38mu*!stvZpL!2i^ya25X>~%Ut%&oxRrj-BA<*c6>1lZWWQD45 ztaG<}*$bA`m|J_1w`u%S$?43I?aenK%xa+M%kU5@_4J1?Dv?631S(u*_FiP=l50_3 zk0k-0yC&b+Yh8RYa~fbK#5LVDL*nU_a0(oJ{{BN_{bV>fh_G(|)aGE0?QA%gYE2DC zKrz6b9GmU3y^`T^FV}3zj$6MCxeGnRfAQ11zwWmy#El%p1<7vn`}yJuJDsX^tBav| zbpn2Dc_PL8b(e6RFaZmHhYVvt&@!^PU(tFDSHH?*uivCH;Nqy!&{EhZ_wtv>#a+^V zN&9jOpx&_~bN8@@Ur0yjf`gCp32GRdCWPTYaWbV`*1|-LUiQ~3^Qqc!4VnlQ*;m|E zmNIRQ2!*J4CDmNDi^uVWy5`ZQ+XXxtF(f;pb`2hqzhkWvjHa7cv|N(^-okyNb$I>N zHCUG%ubDS%Md#AZv94OekY7-j6MYd4WcI>GX1Avh{>|b(3QC^l_u_*^c`&kbO>d#} zTlI>=eAosRk?_&oM}CHf8^kc3IPsp)L_TzLKnPyN1qb*{2-KEx=zKRE^ePp6xPf4} z#PSKvEnZLJE$L29Kl16~cKY5oAryOz<6QRRmG4sbY#Uwh_Gr*Uf4ZF*p19`(G1w^l zc^>tAL@ETj^Rg*BgJ0|ln-R~D-+%4ov@DVbscwIaiQWYW9Jq280`coVlrtMDrnafl zKD!FsY+5lEN|(NRzBbD9K}4H`keD?4(Ap|KdVAZ-opD-NP-Fj*6I<1u)%tb{xrP|5 zH>D&-xN5J!?(U{PhfC8@@n0fCukgrX=yA1myzN#0ymvn^d*l?u(rxY^yZ`knV)^U+ z0C|74DP6VZ-NtbS$6#mq@4kwSWB;2qL^1A-Jj@%udyw>bmYe?%nF%GMHQTej`jN7- zGK1y1+oea?Ez-zeC|P;+!DsA7Yaddehz6LOUTY~6m! z>STJBo;l&X_wtc()JH?9UmjqqQ?z{1nflvuq+z4wqgwZfd9A}rNeFlf zqzo8}mR%ucr;XPaLr;p|86cRAQCCl-lvTZ9oTW+7xyRXq2=$;jsN7au_u_eXridKH zbRtgN(VLN`O|VL{ruN2eKIOMW*#(5~!o1wdb6;}EWOh0MI35-#8SAz=)RZz*BfGV| zLfeY97`*srqsPP0#uy&!lF7-b*yJ}DtNFB)FSIrQ*>z$Tq)O^|UbJX=d>hgwB`LlT zyD~m9BwNV#FfCz)ZmbqSY(s-|19>Or*6sFpG_~ZlYwH zyfh@aFtCL0l2j?InACZEe9v?(yRiK>)yCK9&fNbq9>3sxq556~P`G^XY77<1+5GqYO( zi#r$KvWJP4O&L1@A?{r6Jt3haYC>|KjpYhnTiHw*8XAu2b2u0dfpqeT@JlzdI{akU z9uTcUr`&lkIhzg}K1J%{GKduHSCo~}_Uv|n>iF<5s#HSSC*3i#J0Jj*$|v9Y%Omdg z{E_1-2Yz5j?^<8xRDdAZx~!jra)5l?%qgld64sK)rx%O z@C`(VLIVbz6xZ)|Pfa5uVHE!Ly0L=;A?Qk1IXUl~oO`2jL;Zs-!3nPpnfL`6y4^9B zwXTEV0al|ihKVdu(*e;Mk0gFy6vgi)9gVM2MUj$Iw*%XK7P9>i_X7PC`jX9%wb5K;g|1XiiR$nrvn=s!y~ z1%Ig`z9obsY&S3)cGsADMF2!WiQuXeEm2 zeps5CeyCOPGl{{$c^1d`ft%Bk^ZlOC-2?yU?bk$tptV|0z=JTaaMtNWTIGJ)fdyW> z6*H&jNG242x^AklozSnM)4gLI{~NOix@}A{$ZrOGji7|$hSs-Vs#?pG_b*a&PI+-!l$#9s^a`C04yb$pEaHE& ze})+z8U2a|XoBS8V4WzU-mhIdWxe19U1)7YQnqBmIh@+@n4Zm=D!&4LCuQjQhSqwp z7&AR|_Z0nl>>QH#x6|# z8*}+Y=DKV5t|m2|jFODT$mo2fKZX6Sm`Ir41=QF=84twAKX9jf7B0!`+~{rRm_9@2u8Tr7y*{D{4x1boaPA(8mmdB|NMER!QfZ zA`*jlE~__~%_l;Z-FWa@h;B=u&uZ#X#GybZt8ZsjowjAg3#p(em^VaJ*er7mi9BeN z@&y1v1DcNs)h%H%8TKq%sVxj`Gph%qe?s84)fKI9X7`fzZK+-k49Y^q$q{gq$Omqk zFLbU8tz2A5RMm91PS1jwEX!vF^4BHcaJ%NmVohVBO>wio+D*Ha>K6CzaWQV1Hc*#} zjcrH_CdJYhU+vL!$Tq_AX7`JKb$&ZU;I%xWyqMQKxXIm4r#D#MsKToY@X05T|7Fzg zR}EF6h~QubT&^SSU21F=g7!O{M1dCggz$p*0#B%8??AOA76S>@Eiq zLOv2i`{VVJS0|qzPd<=#9w~e5_-`FNYlG6hLUR}8y+6QB>A1hDzP8l zth?x2ziV1fRJ}@~f~6gMTy4f=Gx=OAsa%RBJ~q)CT4KZc#bWon&eegGBn(s|Z~PKX z@9h1b$$UseepMFC@v-`TZ{5+E-+EbOJ6w}eX?2QBz8ax0>1{wPgt9G?UcY3WGujD0 z2iZ3S-TO|6~C+CA|c1 zccOnU_Kzj@y2$c>xiGLe*tB&6MSJCLVuLEe6_TIyf%%IE=>q=cDRgL^>}(uDpG(#$Pbi)L@YPaqWULC|eR+!%i7SY$*#?F}L$ld{`?xl!L3r`1YvGPrp<=i`-)e7c_vSo=8x>+hy4xdQ~`M`5qOLUH}hMMkNerssb0%FwjGP@uSLfT$f7$3D9*&}eL_SA3X`&M+_M(8Cn zy8<&jdeK6?v4KKG;rA=yX_t6EORxbe5)~q;Q_3pHM`}tUny85IE0twOK3d=B6#DE> z=06{ei-6e)ckqY^p7>Jk8^SXLPM9s7Ulw_PR8UcS_VM-m2!p?XAKe_JgX4qs7yHA5 zVDWjmP;%Yqj&yBeb6o_w0V-P~37ofYvJF zBzgV`8i>33{<{82-$!oM+!N>&Ntvu-HK(T8yV@t8^&IfXP-HR__c{j!Eq`PEe}S5x z&CyX^(EsNy0oSYEc>ltmPpx^d{)2%2FE9RIL(~7iyIjW$&6nicAvPu{fWngSxB1W_ z)^g3tHs_Z-F1Nc}|nrYo2wa*BRqV9=ef-QE@O4_78IZ4#9o zsEmeKF4c%@?UpLjzQWZVy(cFfYd?YgOK*Ly zZS^RXAMqUKKhAH20A(hHKr;tpQjc_KEBQ$!_QEvCE=Ux@_?HZ#U3W4)no1;tuz;Id z+h5_9oT60kywDdT=1OPM^%ZvY3&Av9s8=dW%1ZfN<#UK(nWOZZ3X>RWWWipv_ zlh#ZOHLQ6%Y2q&`s7wooH$2O9;=nUU#l?}{xUO8TgPU!vis9EE1RhC??oEqlTvMjKj zKIA`Bqt8>A$-QqcbGwQskcRC>&Rb@QL!Di+X6YUr!0XYps4r+(yZE|Ur_s^7`}Wiv z!!~d#ECzAKv6X^}LH|j>ZUdgbgB~vf-N6o$s13KvZ)o(7WU0#?<&jaj8ldJ)hY82k z+MaKZL)g`yb(`R&|agc_#$<+JEs%(0z= z3dO6nZ%zG6ulex<@-(LM?9@tk&vw|etCxUVse>C-Fk>64N5v`iX3WQKOzJN%D-bgN z9no6JWBzBpILf6q`wj0HbMkeyNg_QeowL~|@01lpvjCfx02n1%r+~;W%ts?Co`qL* z#M!rhCC+1S0@5;mIdg|wDpHj1Dfw)Tg;Ika-RwH@2edq`_7`0{FPBzTi_a3ds2kL5 zX&Ie4t%*H9r%GS7M%PZ=Y;G15q~xqchfPtr>P89-vP{(O2K9M3mFDL5CdZDA1et=3 z$#(f+M~IPpc1v1-c*>G5Cu8xzOtqqr4?j}_Vx@MB0(Ncnd+EQa$C7SNLuHK z9?2hXMk*;OoT-|RFE!OA;fY%M&oZ{X;EpmB6S)}7Tb=E-)rK5zF%^x2I^GB*IMzl#LdUu>d8ajP?I{Pilz)>lJ9rX z_}aAhCg_yOcb8_Y7SXnzBHG(ETIjieIipr?;`of$fXSA>X77IPw`bO<@gFJO<+g~+l@cAZ+RhO$U=tdqap)@&F znw&V1?~Q#gg-LdBw2P_i-M)3SlCo9}cR^d3M%h!JoQ)-h{@Skecb5xwd~rURWN)sb7Q~X=qWwEfZ)9@4yU&SvNP$T;pTyPAdO9I}XFJ7^ZKItqik3LOng#!lb z2fGEgK5OC_w(Yw#gKd-Uum0>7Y~BpjKG9b7(onr`Y8W3`8;Zte&vb4O3~`slh?X21 zwWop=QMCKGD5w?!+j}_@6a~p9W>?gUH8b-}FdlZWoj$fBD1i@~DBOc7Kg24cI9jX3 z+p*Ulzu*kjj)ihVJRVm>vCfr6;ePxsf9MLEjjlYB;Rd!<)=YFTX^J16G@Pop!fM>IgyMLelA zVmUtIktda&84IPA^+G6)t1eqi|FJ@fGo3{PLa$#=rf*x%>oBl4u55zt4<_l6Lo)r5 zg0&@Jd5sE8LCZoy7T=^)Of(^>b?12A^v;WA*S{7r!n|^K*a^}6Q^^bfy0QyO71#2t=E)!HdUWQJZ}n5B{+D6@yqb#r6gMQSVz~;tum*LMZK+_>KOulAuN%4kwc+PP91kXh)TwI$$l58) zRDVV~MSen!_4W-8z_Rh!%7tRj_U2|^&`r==v!%Rf-~`1aF5$qMF9|PUBe4NSRMdEd z`)hz{ERvA0Vv4?BEvv!BqB7=G>T2|~j&xL|-Lfe3-QE&;E3*60D75iRYy1}1;&10? zuT-)nsRB+1nq7Y<=(r3sIa`C^11*NwsoaLt%fe)JB%x$*NEA%t^COR-B0F>i9bI`e zB8EpfiH>_3@JTRrIll*MKhy7J;QAg77AR_z#)sVS4z=$|J92O+BrJ;=jqqR{1nYhu z^3p$RD#+J0D6>&kSXuD5u@6vB)iqaE{vAePw`%PHZT8R_i{|qKR>G#Iy+CWG6CC+0 z*JGy_QnvDwM!&DP!F!#>TeP;Xrlz7ne#^t`v!5-So0{AhU%6b&46Q2Cdha@It&Yii zyUeU@SaIJmJ4frMw6#@-X54_*s;Z$CjX2>d?CBlQaKF;3!(&jDa0DQWlBfuiyxwgJ z6rlU#?}XcnYbnKv>#eD%$=%As{X6feU5luzS1MG=Ilucj>!(;bT?=y+zQLZ4v&h%j zoX2vdJ42IoD|g5Y{HOUVsySz?Ue$TrZ!9;r_vZ|o5K&YrL|0evFUCr<>7@bc7}?YI z*1{5)5@G`y5$V{RF#-g*YH#eLHAAizfGrQ3k*<3;5gf%%{H-@?+B8RCCn{e@Z;aID zFJLp5?K_APq8Jd4PXxS7XuWSktQE1>T@<5#&Hy#+)DMQd2noTUh+f;>tl-vv^?*z2 zG)2YdzZrSej*tnYO+1LdPR#Z~e14@gy&CrEWf2KX3_W_aYg}9+Ib8`SndCSCj7kaE zu`-omv{9NolY^zb78|g%6p{&)Fcas+6e4*s`+@=rXX+;q_pX3AofXW>X_C-*yL2r> znQg3f&$cg5M{;V@89qWKxTBf^3_|Vk9v1T3adh1@^%$l(1wCyNByZrl;rL*!?gk@5 zQYFKvOQDsX>9>W?_vs^;`MrP!0^dumQrt#AKNjXgn%_>M@OlO>CSw^7@094FKNo~F zgA@6o!6p<6eF(6PzJx$cj0nfubU8Pu8hAKjyJy|Fx3h$m@+BS~X5qd$m3QxQmjc%Q z`hoEPytRKVQ*6e!DP>lD+F8OHc->b@RctXv3F3X-HM#X@PSY)XyT<*e4@HGXhBvr2 z;SQ1g1xJu3gB1QlOIN(H``@@if-7QSd)mX+mUx1;PVPbj+n#1`iO6nLT<_;%USha< zEz_D_Ept9c|c51#E&=^t8cKl}NxkUzb;o+ziW@KM`j*N3!bBW<+Do z453!AkgCt-n`~Mcr}+7Rsp#LZjMwrZ>=ff1#8Z@-F0WLoNGb5ygWLuMB3>_x5AtUc zy?4>Mp5fR(ALo%F4=UABHBzN*i2SBoaBb6=%#{ zU)N@{eA3{ad(&Ym3;rRz_m+@=N96YfFYyhwBx9@;F>yUBA8Xr&)=bgS^P-UR1%-uk z*MVe%GDk_eK1oc&*6BXz8e*hSQ-$%t-63k+>%|_Abj_z3z?3LA!z?4SH@UpZ4DKls zeqJ~@f!9a3M-%~rkX953ky(CV1;7B@g8NNW-i`{&64$$P&j}V~ToyZ49hRZTHCYu6 zckEsvg7VGe24$x((^VLBpCTeb%10XjsL#`%>=}O!U(3x+-Qnjn(!Eb9JX={x+tl@9 z0DR!5@u=vOX!%?~E1rmhe$m;LyLQl|(%uogLJa3T?p*oe?8l!Fd4)TE5Xg|f_3}q0 zKiFXyASgJepImQ-s9o^O<=n^)dJmqgig25wsH_#-C3WH^Z?A-kPp~B0XYVq4>Y|Jfw*oK!D6qn|ZXtv5O*v6WJpNw4Or0^s0P6tCLF|VND8v1X zFHu-d={b6vroptz(Q(8arN@SB6iW0r?p%XJHj`-3qcf_VjBf>uacl>T#%Wk!kB zb<6ARx&m6WJ*;UH$|ME&)MoN*@afR0hKz&DuT@bIIa;CvbraQRaoCNd?a(g;6Y@aQdLB!>=rZvIA zEXO9~UX*gh@M5sw4M}mo%&Ug1&bewuZ%Ks|r;x;O%o8de zSGMZ^7-gE8;A$!97p@e%v@9~E@NLd3-FUxy4?9Vj0I^CB8*j5tq^u*jfik#qvaoj~+C)x8 zxT!QpNQ9Lm%{>28XuUDwF)cyhTPRcyj0&b6kB~prsfJvU*PrcIf$-rXPxL6K`N-D`|gV5wSH~ zcNo_|JtLL3M`6_oz&J%R1FzckGhq?4*z^b(+bqsv$3=nogJ~1Jli}@?Ts)r<##}zj zhXB6vCM@dbjdx*C#^I(qT1ZuAsNJ3l#!p$OMXeUEEm#umv#@mgfdLr$_M7Ye8%feG zU~XaI79?h1rL~g}7p*?e7g_kcF#6_#{V3V@$zR-nu@|r7k>}poIS*SVknk8fSg&Xe zwnI$MKd3E!Xx!e#@9f2spWX!jGt>GvOtoe=amcvPj-`0oO;3vAX4B$A|4Ih5W3AWK z(fOTHf~okvX%+*`A-R1XhAZ>`HuhgGN}d#}n0I;bqW%1xoB3Zd1pjZsu7C-+-M>;1 zF>QQ|S^qb4`L{g9|3(T2QSFqpw6wmyK6S3CFc)Hcq1CUQj8-bZKt@#3qG9dx#(Jxd zC@(@oQ_~*-fr0E6WT<^Fz}D3dm(~8`LqjcoJQJ?ddWh&k=o(ckF+t&%f&FZll@_Df zF2$f!x@PG)(130=q8iTB@`?XcgigMY<8Vke)tb8bOXLBcXf648H(|dZ7D~%nEZ8H5 z--?yT$(D#RTl^o90Pm}@A)A;+y5=D^f3}V9S<-TPN89d->bG{FJZ|-2Ar@C9pCUI7 zu5@E@s0iDj31$@Srv^ySJ`hx=iZT`sX)+Z<1{Jm-?CRvY*cph;1y|PK6J_M{7{WKY{%GEJ+pCkc`%f@p)^&S$x+c_IcwNh zt$?6SK-1gIPJ|UJEL>@L0wTaVs@*E6%+_&&i_9?cEc~ILF$cR}<&4wOu{@cNGbq_S zF4s#^FS3Uiij>R-H|Sc%rhZWRVPNnh<2C$3uv<;ty08%^EPUR~)M9s&1*Pm1<6M*% zHnxc7nqpmvYybTvvtjXKzZ|`zK%r;aNr{D_y@<0Vr3v4gL~YXE?q)J_<~pLRqCBUF z2wsa|To=t`t{)bAVd8;vCKHp@l#%0Q9*86V;aNfjxv#UVuK?$43UaN9i#zIkApN#) zYut%y1{Za+;bI#JJDI%9#X=r=r~g+D^k{NX z>)~56V0TZXUbeeK@rw3Uex(W{u!g;}VlU6cT-ebqVw_e*NkyA6SvH|9GLyTnQlBad zUp(E8MyfbL_N{&UeD}WF;T%(;>Q+d?m|E-L51^c-vzv3~IP;=q;VY=Jk<^|TI?&)x z*=6Yq`s2g1F@nT3$5QPVjR{TDmt;(^#huJSvnM#Vm3>BySc{~65EIv_Aq|ArX!5X& zP>{ZS0+;BWtb8>o1(f3TQAPlsf}6!-4xci^e|oDcAk+O zB9oL?cxBOEQKlF`3$IF!pH!}TOS8A}+w1NNr|672=mBGE!#;VK_lSLEk9=&Kq6yr_ zKzmk`{$dt=zAJsjNL?hu@^D z-y~_US^$&=^v(~-TPkDC$iRZ7!68iszOhYp=RpzACJd9cRYfJQY>cFoDF#rv+ZO| z5g4MUQ6J_HkA85it;jE(SlK)EI!pqCdGm?_hZoJ7)bcgYY#SLOprhxj6LElP@nf7g zetM42$yU2Xu~JSz%V_D{g?+h8Z9&OqsM}F@cu&Uq1NZoOvt|@agzBDCc>M)e*80zE zbgBPj0mhplJ;tiqW+PA?ag=3jiwq<^KQ=JmY*VW&EU`QYrXeUCXB(TkW-p)43&B%;60YL>xC_r5c*3AJBn`(soV6l|UjQfF_uPr)fOfSi1=Qg&A5Q_-UF zMqpF1se^@7tpO^t8Ew0~u+Z!X+=%_dqPV#D5w(>;>n$e7V9L3yhewcR7$o4RMlDI# zV_YngqS+rEt*eLi0(AO{`splI=VDWFM+EBqo6re0K*^!?>P9z1;a7A+au(lM%2*Y| z|Lzsaz_w8S*MqU28`qD~|0*JQvPBE~Z?@rot1wv6F&C{}RYJ-6ox{gL&P`zyrehA< zUqB7}y*9_5;{Uub;eU6h|EOg!a^!@Zliu1N$3c=9_NNZc=A6#Im$n`&=zs z9D@+>L}pEm3N6RW{rUNFP0`D_Z!F#x^IwR9pP|k_uNoT~xP!&Ti2qtZ`%Z{&L!Z^@ zN<<2t1!V+%>LF4mx^;WjitXa=-g&v8i-mT^>j3 zt1L=y0OjKIH5B8|W_g8k*fzR}7yA1uy`VjYNH^Hu&LimJ&7Te1KAUV%!(d$d?VgpJ zI#|GooZs6QPTc0Dy<=M`;?IrEZV2+(oytA-J@&rvm}a`juC1-Ty}dm;I&y3G)ye&6 zm|_4NmyQTU?dtW#XKo{Vz?=Ol-%DI%5%#M5dvuHUOtAgTreanV#w{J;db?E<4mjt_ za}Sl`#@XIk|MWeg^Fsya%*68w_TxH@ZMb|Mb=bIE`_)!@1zT>}YSW_I5!bT4#(}^n z$`WYme1Y*F5x~4PFb`*`<1VDnZb<_6n3H1pnq#x!boililm7I~5)7I~bY&MkGivk_ z#6i~=4c_w@Tv6?t{^kGSL*b!zz9R1e{+b7(SlL_UGcvDkOf> zSArLa6NKQr$F)wDDUQEe^*-Wd?2K$(mRkcJS)@};{#Y+il{m#h*M7Zf!pfP{szw?- zuOr~tn0}yGP1^b=oMP*K!GbvV6{^^!E@zC*EBXE#=k2We8J-0rdU~5z)cuXcrhTUb za_>0E5nfjy&@2w|7;yjnYtM?Yw6Nc+Xk1OzBtJ?(!)jmGFCyvW6wdxy7saPD3g@fIiX{N^_2ro6&ex$ zL{YXMbVCjB(%*a)kyeE2s_8a=^ZopP^s97Tp zb|2uw>-JC)fbZ0rEKDZm_ki%U`Ryza20D=}6MEN;HNS5g&9?=01G9}qGt=S{Q}E%s#EaHJJyn!@w#e_ho?}-7Dp*)#9&KHTqb!^c zb-}~Wa>gm+LM3NV&p9o4rE}J=OS&3V49?8$0kvDJ^jhnjwnk8@m*}VVzvoDe`EWF$ zX62o^yjIHxoTXQSwkr2bE5w5Fbxvm)!*OVp=r3I|x*!_5CfJiD{Em6tTy9faK+nM& z+c$Ah^CKNiY%$ebZKK=KGkvQp3*vJjE+M&x7ciRK{sJy`dG`sv?s{aD_{fY*wzNK5N!jB*R7<0 zSyfa9xeY7b|3kqdgL79s+yEIl=rr6)5gN{MCZFgRuxwrdvdM;gr!_UA`YGT0&+hmV0_ucgoihO8egC`-dbfEF*sQ!P)CWQ|xF1 z!e{0xpn~e*@$?$aYJ-Q1S(P2xJ{6JM&GSjoY@N>3jb*)^KE+nJwv?|}^7e0y-PhYK zVlfc6cegtm=e>kLTJfak(IM4>rdTicAWf2$iNN!7Hcb}qT9u-2a?%x>O;fZ01HB{z z*Xf^8XTWw|g(FKR`GG}a?Nz|gsp*3CbGP-^n1f;24=jkm^*xJ_bbjNFZ{|MXyIH4W zRs&tmOS>xEB5T!ieMiob%TqG9qlv*sV3=}i(q59c|p&)&?jf0*$%^HXGL?hc27 zDL7$W9O&Xic5F#)s5C;r$k>n)OhiTco)EtdQ={4d@afYh8H$>ztq_E+hI45~)%1QfLBD!Ne@G9}J%v9ju0VEcP>yPZyO~=--D} zXt$XEr3|1Q@T8!kNj>`Z49$T=>kI5gRD^ZK`YK!F4__ATXmNq4um0`zX7{_e%WqD* zh~^qGaH5+g|BbVr<*`*7eDnWT-8;b_a@`D9ma%u&Y-w4^q$~luuS3f7W^8Wsr ziDNU{K6Q z{}t9xQf}jCtr}b*G-S zwH5V+nQk4b%OFqs5qLf7xns+}!9CqU~w@4Vi@(5=-7`FgiY_4pGqvKKJBL zxYuVDNR+2zwlj;U;G}1Vs;M@V%k2^*?sB@iD5@F{jc&@1Tx;z%a}NIC#GMIBrJ&a! zJDUN}(|eCKU}tKI7?x;qcEq#bf~DGB4;I?m+9-wG#xitub<@+*PxMGNn~91 z{3Xc>Z{^xnbyQ8JiOAfx3)Pay-REC6CKhiN*0>Cb^uOaFwpA%hU}{X`x0+OH_CW-j z&V#k&NK|OkugsqnP3M{h=Iu55wvWjth8R5Z7fW&jbAGR5;~wrq&PV*SGCpX2TFCR| z0U-wJ_of*GYSDP@%#VtWd@LMm3+l?Qy6}ASsn*JNoL+KS&U!TYWL~mdN7{ejVQ;LX zyT+goq!Z??|3hV@A-M6cwbL?bTx$bv2xIxVtn9{ziRTL-V_I>M9;~qn6|gm$?Lv0D z59xQ=HS_WEGSJgYNlRDhG=}5i&90h*JqopNcJpK6gnBi<$sYG>I>WwF>D{1TqoI9D z{*R$=@%Cl-$t$_2nBq2iG_yNjN>0cNc_2O zZ7K{0RTvB+`mg@^f0O0*Z$$8aN74SxegAI?g#XPCCuXgGJWKBMxj!8Y3=E_g^gZn- zK}q!2;Ia!HujVii4?t9;_VKv$(XURHn6X|IWgt&4RHX#ua1;JU)>@CNU zU()E7X*V(Wdoim`b2}gR#ruEiyt#scgC7x{?Z}f*(Lc|1znIT9i5?LY7rsZeIiPcY z_=o)=2mS9cv{Rm&T^;*BA~2|5(V`kZ6;DllB1-`J^`DLKw8)-s7TD7604v>VMPT z|5-)$f9>+j@1grq{9oCOT?32@H2<}J`#S!)$KL=9BsocbMSa(iU&Pfl?5x6W*o%H#X;BIxQLksPY;Mh%fpM_``2m`M@x zBGyAGESoy5NsHMTNhvAcf7aG7(e(jtR790Ly?ua^9Uq@L+hhGS*gZ_eE{TOeu&Gk* zBkH|CW5M~qsQKcv5551%0?-`)>r?o*Qu3EBHRb zz-i}1=e)V&Td`JJce)a;^UdTr3)RA65H5SW8O}jJ*+P zZ>=jTg~F*iq{Z`yk(dsSREMi1h_{8UpJ&$!#EIbtt@&)(eonB&O0vz zxOT`iLe&^qxC&(nl)Q|HViiztOINau*wH^2`UuwPZ~pz83r*(b6~ulrW2^NBoJF0i z3sBXUUhSsE;Cl5EbdZ_nJK!b6ICj<4`OO-BdS;662^n!Zw}#dw9ELZO!`Q}W>H$hp zw?)eEf$|f!1EEWeok*Hmr$!x6Nircy`R8>xZdb>C*X`QqkeG=)Y(3F=l;b?#({HXp zR211<;Q9hsHIrg!XfnV3X^WIze^C~J=l^~9J~{9!x6o}?(LI@Sx_8i5I`hq~w?5X> zAzs>^mE!^)tdd0>1s2CE@60?xt+Hzs3e6y_xSq-=`XLBXS)JY5Eb#L3%pulD+E>LZ zQ(IsYnbO&&ApWLa*;sB*NB2=9IW{vl-fRE*p=3Z#c5&g#S@h5KeVIj`Y+Rdfk(uY4 z(1a_^>-j%K0F!z_fI)PW5>7&tv-ZabMGX>mLm33F@MWTJNVsuef&qF;*?wi_gc!p| zjr?|PW@?n3^TMW_1gU3?E^I~3h*W1UT(W8>8~>)owO%xI4ep;D?lGx{-Kk53s}41E zD_h5~0M{=d)yD}gsUxhoS-b(`x3`Ufwc2m&J0I9Ry^NWdemG%9eNVCjm8-<+>-&CT z&aCs4E=%B~f(Ru|oNf!zM$H~9-hxLBthN2jVr(ohSqlwyp@+$KUrL`)xQi5 zTGCsIq|jyHGrdbIaLP1*nmT##XIV81YU!^j!~QgL)7MWXS=S1xy1iT;`jDlh&1cf0 zoi{47TUk-&>uEh-_d!apLfL-GdY-^A#Z9~IH-mSv0V_Ul62}s#dchb*T1>}BlE+(6 zLD-Gn`NUc&7duzk|Ns8A%_qA3PXZ`$CZ|&r>X)KCG!yn-?6|n;aA=jp=AWQ0o73FW4lP#)U(`+-ogeU=<6EoEKZyl+0~jUj)ippz*$!K;dAkV!fO7 z=+nIndq*q(`Y7EM)4UyP-+^ziJB~5FrdKav<7WchzMvEcXT|4yuI5g&`)<2qU3bGY zn!F}9!cGQ-kybw)6yZE1x_rf7&wPh?8ox3VV^g-sTe-!q-;zgkPa&p?nA9797>h3< z<5Fi)oV%Uw5JvonwQyqAy(*d0^`OpgI8Rvxf5TIQkK~q6Owz1FLUZIlKw_n~FwxbW z11jjct5|hQsm8E9cNY(@z9<+Hy&q$^+ErKt2@8iX$!j0$wL*-|Hgc0Yg}Yf!B3Y-@ z@((+w^OCN*y+5{;Nztet(L=Num^th?rF9uNdKm4fEUx7n87N+eJ3-`XQ_XU+`vBJU z3d;0<#E&gilk7%}w`$6PhBE!pm?(yQx(rL--TnO{{3a)UWnSeOkE4Cyc_y)Tg~Nwf znwt>{7BF^C=#3k?Uzd4rTlQtF(=4(VDhqqP|IlloBBSDunbJ~kwLM76UkZ|I&;zSJ zbu1|8nS!*0b`Ac3fPeKLR!o<5`M4s-Gg4kis>(i~(u$^XxAh3A&E0R@rzXqu?)?~L zOV(O3Dr6w5sWOzoy!cRM%Sq+yW2UZbEraIh$OLzdARteM>+7S+3KNP*Bh*EZgCv0P>KXkv8dFr_ zs9KTdWkJy+VK9oD7}y40LDjflzQDCaLj;uMf2*GbSYfTn-h5qGPy5l+U0f<^?I}iQ zYGJx#UMYER_+vyG@`tL<=U7ZCmRr+ae zyneNnn#CeFIgl^3!5xt@YLtqo3wRl??^A<5a|uwrJxqI0J*M0}9Y5cyI0x zxHCR62nx-3X3R`(= z&}-nRX{nR;sW)OzFGU1?0QV*E)L4jAX_fSsgDFmm&b}F0*?Z&OVM>oHo$ho$qaec8 z7P(Vw+nHSBR?p~#RtWdKy?w=r)L^jNa_;zTi++KGl8W~RDeC-H7lyautaZ7m^I4gc zt9te@lo>*hzF+-N+h&emUq4TWb3V-h3GZ5nUGcN&dR*nhvgzT2?8nFHorxS(vU1%k zk95^bvAfN~qn}h`Y@M$9O?dj}H|fS>2_|~fC6-F?(47079sO$6c$;Ia0sSTDR|z6R z8*s#`)-f|NohHybO%6HGXj#L^40`mUzS^X^2c>~g7rV)(SBq&mwIA!Lem=|+{Z zi&Tw|Rx{V9uENXK(cUmgZmfKNCuGM(%pcpkM4Jdq#>y!xSc-Ly*`Z?+f}q4`k>!%C zFeO_M1KRt30wOp#?%1gL_)Nx67#@z+= z8O+Pcwo8A)er*@b-QW>-UXZTNhL`6Cl!syE$vF~P7Y1b;P{oKzMPgCts5MTqu=Kcl zd4_yIOT%JEd9;l?VX-D>wtUp zcQM|(g{*K1Hs}Nywkod$qrJTyey`53PeYoCy|l9_(wWK4@&_MBd(lEUUlVAcRvJR-YYwt9t)Q&tB2v>AIe! zSMl@yT>=JdnWy-IuXouIuQ9$rLMyE00>mXFu`zkZ{V&y*dxS6v9y13zR5Ji zLzwb(iEi5eovEgdNg_nPmC7Q*Ajx(KQQV1gf*3@Oq!Zy49$>#hZZ3kbQGHqa9;#(8 z*poF}MDi!h?HNYI?7w^$db@8I>l_nxJF?L2y1lNwO5S>3$)YwKy6q~Q<*=Rb)?i%V zauTTd6P)rJ6{E=MFW>|XE3v`7c`zv_(c7!g^gjb*QcPs``C0{b(*IzBQ@5l@uWV*zsIX8M8L)zY z>m{;yB5KPq8QAtf-z1|tDf*kNf%Ggi42&0t{9$!aEF)msT!Pxz*xU?$!yc|hN(%VoTeza#r0 zJN(fUhWPSefSKG);`Dp-L42O{)wS*UuF%_b$CC#bIZs)5Utnu%>%!t93WXY5-?vfn zstzg*-D}u|Vo{ONn`OUF>qiNj0-@j$W&c_{_ z$ZUY`G2DM(3|-mX7M!e8c=zV;FDw8bP}b9eg(Mk1yQsl6meeYrJH4}RP^dYPFVj9; z43U#J{z-UJwi~x99Z_x3d1L&v34`z652pV%hTz%!G=*9nih%rl#pyt=3FAzV@!Mb1 zr+!t@J5grV7Rw|TupOTn6cnVaZ2k`l^-U~wxY~pEr1jxdC0E=BM~hpdc`eQwlekGO zZJTcQ`-uxh@!i!okQ1lT?&&`1r%I<+tt*xMHuV`x)dJ-QXgU^+f5}Jc$xe>T2Gqn$ z)3S3nuLW9)BPJC=s)B5atz1M~d;^I2L51i33&s9&8Vt%@E$Yo-QdphyYMCCN= zR%dMyY`$upJ|m=z^%>s_By&0pt?hp^EGM0BZZlhHceHc={-}?TLJ=dMs2QDEhajP{ zrR6#T)uW~5u=RutVbr=K&2AS{AqYzt6n!WCDCw!#Rur+*Z6ynDe@gqg@`AxS+P86g z5Wk+o+sHVQ{m){wv8%k7lp{qIrV`?=0|_jB(wyWdjp!12(7U*R*C%oI!9vl`m~OIf z?t9fqXT&8ZJ+kLP+AeQZFE(^uEJ>p317yA5L&oo5TL|0Koc4aWF1i<%I^ijBcT~`) z2PoX^`~wR`4@h{*{gj=25hcpv8=Ux!_TG_)EIXRJpd+~XHoS0-p;z^~fcqZx(H6FS zDj@U}H+5rn+(MzEq(^bcAiWNQX=}!H?;G*M21k~>&0)Lzd94chX~YPlFEwe?qj~yv z{tmGR-p1`ax8pb6uOqtsLx=H=$*jG;&Nc-U9aTvzbv*5aaRSd>n%Pexm=i!15|4J?C&Uq+gQvrA@WKjh@q8D)b*4PyUi!9o z3$NU5R#u3XptYLEe#>E~o9=a01sKT$-wq z6>a5q-5CC4KcyT&&8{H9o$)U#_ttwmQw9nFJ4D-~BYPFsW!vW=+t$Av z?QJ@i@@`fcuGlQ1wb)IBO2eRBd=qm{6zPiL-D0IlhWCZ=`%D8solM3A;y=ewqeXMq&4mTjVSRtPr z)7;5nP>v2+NCB%FQo=`aVYm$!ono9qy|@EFgzF%12$pkIH-$A6iWuSY%a+Sj9-Y(&3T6Q&g8bDpf< zWmed`o>c}4<6FuDL1XZ%b_ep6)On>bLiJA3KV8}2P#O^o0OT}kl4oww4^DvWGKq`R z9fYQ3w3Vy91#NRQQR??b^2Pb1$H%;4=6>uVlBHMfku`mH3;4L06vDvgp6Hm8I`{GG7y;_Yboy;UWM-jI5WS>%!)NxvK4mWZbW`X8CpKV zF28ZRF6nw9X0H&UoDi$?UMCv9nH)y^6XD4o&ttc&)UgSsrrJBVl2QL90sH{Fueak0 zeZemkGN3uVRr3c0%vGh#*M6@p4-|c7pBS7JaEWlJ!jQ=neFdO1p}nsG!l6}Noc)|j zBgj6LJMFHJ$9d+7znSG$g3e{p$TxGxmbDCYLOhf;eQK12`jh<$hJ!K-_JHmw=cnym zR8Z@#`)HlZHT`=k0sTx|e4Gf6(5w!5-ZxpRgFHEFf#>E1c{CrST?U|q;wyY5wuwQY> zq?oHl8qsu#82Y6Txw!#i0;Fd5AtR}yu97JDch4$AaFNtqOt)k*tiaqarmAap^}Kq- z|L$Y;#}AU8m3l=u;gkDLXq9TZo4^iI5rbO8ZiZ@X6Sn>~l6B8}(tEIi{SKyt+wMmE z^NX2#1)7zZfa`<`$GaJ)*)k|^7LMevncbQxW0eO+K>KR5LfpKo6A>}=DYwgVBk4e- zj#-h>!auZ6s%`Jc8$SAX(%9%*KOPpSMo;ocUy>!%!R-UKiwX>TACa ziq2?NRZ1cP2tCha7CS2(#rANq;pz$?%^i8_>R@kgZ)?jzcNH_LGl=j;z~+x?SL!Dv zSV0wf4+t6i%1^NEW;r5C9?4?6Fp%bF6~cNZQ<&0I`6!vOcn%B2Vpdhc>{te)OtRs5 zGk2A`OO${PNUWu&b-h~&!6mp+aKEN;p52=rwQ~YN85zqKU^y*pyHsQ(ecA*W6?evC zHKxQTDziE|??+Zy8%J$ow(RQTOoWo(R3@zvW<~0_OMl8^-Bw&UJlF(;7eGh2k*XPwwq z2^z!H2FDng;sI-Nm;LKsy4r7fCmSgo(G%AfP3x(&J}2B`?9cm}5)n|D$F5j1T#&#O z2vCXRG8+|oT&V)~kCa;f6K@;6JODB!%;f&Gf63d{_Rb9AeYdoya4N+9TK=&g*3CWN ze(%HQ#5So|xsjxLe85o%+*)Js3+1}0>J<=UB={SEX9aL`b3^eZ;O!|I-NGSBK)p8U zyIF61ag6Uu;sGW+?DA(v2xPLyaAd|!cNqVXB0wl_De(Qp`D$aM0A2I>#5vmFQmDU# ziEOw_Mn>j>V^Bq>j>GoAR8pOb_;dh~RQe?_Vkg>d^UQ#aCP^C%2q$0t8O;1I38??Y z4*uUK8~;Xg{q4U@2b8}POC0Y}QyVE~n{w-KRx=LzAwVpTPhF${R?Jm9$M)S{M>##~ zzpuz3FVa!Pc39#Q<(vpo)iacB@+Pro6{$VXmZ3qZPNj=y7^=CUHRrkF*!8YG9tblOF&{u`zqmm}!l<>}4 za;g^5Sv?mkbk&c8ptSsFBc;)d?s96r>hO4+_o{2*F*%u>s8##aJmQlj+@W(-QGnOGAhc7CW)Z;+i7OU1{%Jj7!HYgw~OmH>Y1IAcXo}HbWw72-s4Nl zl=5~c4^ik(c_S;Z;(4# z6)3gOk24TC__}~vuYiq2{C6S4xac6Ms;iBUGo5O3_QCiD~twN#2q4?a@p#4&# zgR}xf^mUAZ_%pkDdzb~j?PPRvT zMpW2aa62Jd{S&hv_9Kt>vfl4H+;+b`iZ81RU3IM#9v!iJX8-kG6$D=C-V@;T04>Wz z3F69CykSN+S62dv+p3s!6p4{4D(as4mlUj9MA~Q_3cesG`Dv^EcC3vxDGJj2-6O?& znh}?+o=y1pts4vyw{cw5!rowP6E4cA>aCJxP; zq$@s(+e#eT=Ovq?c+*+8GP~HSuAGPV^a#*?jgG)Qm{;yhUr1wOJ%9)A;X@9Linx(a zQMLYg#Ql*xz1Kl^{VwJ@+JD8i>t8S@S~&K-v3g)>N-+x!ccqn-h%#wz?q>%kB0jDm zacfPsUILa=+x|U1b*#4Tb^8L{LIFVnJe{n;(mcxPs+7Oy&u5pQwPj>!GaTi}WtOd_ zfzU`!G7;2)@hcE(CUoB#Hg%(}Za1xZ>Ja9!c)H;*3m)FSgk*6owuzqn^Ar;w&y=O4 z9!z#^VMrE*945iz{FB~1n}%r+8+;K4Pu60TpK5@0@`nwLO#x$$HMdU5Q0e}$ zk7!|3`r@tSI{Y+?`c3wp0OW*e*4h4PQ5p3kT_rRqwUnkNZRpw5VvQa`v6Z-aO>A?W zKXn~)NpBc!7IxVgD~&~RVpspd0#@fvV^x@)uX976Zj4s3q3XakeZ1?>U=&E{`z{DdeUj+cmR)2~J3tYa+9Q|zBgD4&Q=}Nh_%?I>QOn)}|1u?*#7{C5Qo)i$gzJ??L zekL%$r7F*ttS-?$vl)IBZ*$TQ#qH^Jvfe)g+$XP6d^ZkS#TUlG^B&9jXTb(H(5`*G z2aE2}DcRzCVod6J03^CuY3vOAZzMsSaLK7Xd~}X+J_Ymq2O{;~P$U6~Hh|b>f3$WJ z<2&C81NKBPs`qifTw#dsk#|j2Nq$;C+Nru2KJ93Uk??&y_gXT>uWU;+>*B+yllczsd-HUACm!`a{Yn6FMGrLYs=k`o3~{A~Rjc$`v$kj^x#-h5Hc7zFko=)tUTZlx z578NXwrnkH`&h!{p|Jpg1#?h5g=>`XUshXw2Ds$Th9v#3xn87F6$Yl9t-q^J@>Mj| zl@N07wsD}|DK28HtrSx2^d+Pga73X?ng-I`E6$T&{smAO{m`w=DLIR>sc)^V<_SAX zA%z#q3=0(%IhvIY9Q7KFCCzw6#PH}ob4Q~}`jdQF76z{h*98(dW#%D~JHPDfZ zVHzX!R*oF(2+uoV(jYUh85+uOw27VD#~?zx#g7WlvRZ$bvPB1Bp;~kH7J7uYSgIRe+xU8GE5)G1FSO6)F3{_He4TH1XF|L{!-;r3o7q&z z#sl68jX|;ES{CV+&*}6$ZI3m}cQgiz`qBi4^lPkD^w1u19a!P_f0)c}Yky?Es*EY*gA{mf-wNS2?dP)So)@;BqL^npbswL0xj zv&Gtb>G#gECaVe5hF-EQVfXTq%ie;FQG8ZNr0tBRqFUOgb{xdj+dA%E31Gw!&4!-{ zsoOoU;XqLOxKd@fqLUYI>tqV4e_AZEvM)*9?IB1UuNfK}pVJ%+VP!97YxJ*X`a2&T zFvSFjAL1{pyiBuEZ40s1Zk_BXXN3fxsIRzra@)qgh{EN`RNE94ulbwN8*;!lHt&eH0_kH+OgNiyZCO?Le{Mg(8`Y;>qHfIYIf#OAzyh*%`7 z4)1^v91Hv33`w2W{oepdWxXew!IaHRNzkRcZ@^xc9Xf^tfijmyzIoRu=ya;m5WUhv z1obU9ZRBx8r7Z|^*XVQ#Pw-uRci=WErjgFGM`iH*l9IHUuxUAk-qaW7l|RVtEs)TR zRU8|O)XIwc?*Dd&o*I)LzjS)k)q&YLcv~zfu-6VamE5GT4N;oZZWvx`5`*ftmG9Sk zgZ(P-z3m`7Ut0ybnm5{{?X8Me^}C&IKXQL6dR`29I)mQtfV|&JM6z#3sW~QDq)V_z zsaBaPBv~((5&sY2zUVErT;dy)H@NQUC7-Y6C!a0G@`zlVt$5OBoGpBJl>NmW*udxf zG$O3#=6@fp8WRqiogJlz1~}NilWl+L!yyJi6XKXrHZ%GL@vU>h_a)=}UV{#a(uLUf#(qMdxBC0S!u}ob%JSTVgH{=E^IRH^}s+yqt%eiKs^ zwLCww+`Kkhex1Vc?uN)cpG-4_B>m4_D%P<;q_4y3a&DkoBI!-w(M-+cGEo8pZt zmjsZ~Eb)i&-iofN`x($YdQKI8lMj;s5lanoOEh+vuD{I_rXjCC#aP+r>>n^`Q~fc% z{qde?WnES8%8X5@&^oDO*%AH7cJ)xw5X!p^8*J5y{vLDt^8_SIwPc@uGb)@TY)BDI zQMjq>?BSZ+u`EvXE}cP4)v07qkjS;m>Wk z2pL-JnzqlJ2k58vN!UBbw;3D|QE|}9GM8y~2LT5wh@u7BS+}_F8c3}}37wvK5KaR2 z5Cd-=STLONFOG#3yo6%kpQzQXNj??P9%-KLIxpGvgzs~(tR-CSmEZHuQ?^GVmgF`M zS*2|lbSN5Z0Z0l(LSDXjH6o0W^GIV@E5t> z-rjoozVTbjBHsn7Sgt0906$0xX69HJtRn)spb<;9Skwmeqjw zwlH_q;2Zd}RN+)C+VyQhvIO{{??$HakRF7aL783rQxdP+O)I1zMHQ5oSQBRVim?}h zUTm{E`FS%@re#F~S3zQ%=$H3TJiRjrYOfMsjO%aX5pB(F9rgAq067|y#8x!$J~^G5jd8M<6;NxTl0ejX{t`?U z=?SS4GJ+Zw{B0Bz@b<7Ac0rT`2Qmdh^6UBpHEXRGJh!5{u61Q5xQqA?_I2Gx>GK=t zW~_zwn(ioPM1dVdha*X0$pJoH58^5GQO!vln5j?%>mb6J$S^o9$kfn_@a=j-3vtH- zDn(*{6<6fm&^YTdW_=dw3V39}FF!?aJmay7HoJt7s!uw|ve%(5_9fRw+!4vtsE!ZD zYP-ujt9uJU0rUR}1@i*p6)N6a5px!BD(<*JQhTQB0~Dw5&op{BvR8d4JRnW`dtO3K zzGU^QNLOitf-q4i~2!kvc^6n z5{iuACS%Y}mEmetqKU`NiY#1AVPohQoSIa(DJ;cv@QSp<9xp z|0=Dz%nFOkxKVZ5; z2nfh)@K~_;_3da{vu!qb1&FR`iu|r3#WAqYWoUd6y%p@j3Sto#w`k_l)Z*P%jp>?S zCl13wX~8;hwgT6e)bLl{#Bx%4tqq>6%t6z2v}#io8W*{-cQaxu&hcDby}V-F>Tp^P z6-LZhzcLGqg@w$!EWi|W%RYV3&fe3;T!8H!r;&q@AK!mal}RLOy8|KnT!O`yu@sJo zjpwQO0sb;5fdvsvWuO{otaWLLo5SJLJ`>sBocvSB#jec@Bs-wKPNgan#qr%<=Jmq1 zbe?Xz$f^>RATzUZ?Ltu9lV4+P=UrHHk;V1(G3r#gBroK$(`kA5@yq*ives7v44&Y~ z7j42%EL~|m!9aYdk=WBkvjpm5c@ zQjjcDvGh2tyr5_g&TOw3rcTM|lD~QcVMhj_M|g=e_gef)PlebQE*8FMq)2H7(jRqu3;2G!BPjIgFvbhb8<(dWGdcYhtoNsBl1QWFF z-M;M_5MUvS6xZ+vO6E8%UO(AThF7U#aI#uJ75&_Q2WI^W(0m;AWpy-cZk4Lp+1Y`? z69BKLTV){be+yZUD6gAbpslOsQoKtEGzqcU8EVsh&$itNVjA{oXZ5c9WO73cg7Z@rK5XH=d)D!ejIEj@7h)d69eV(sC=3r0QsAM@yA#@Kdit zr{FMYtEG0`#E4!jf^_*QRYZ!B;DqK!qsjdWmEj{0aM=&i0HuE(JK*2@C9>g>@4a`s z&$lDPB8^hh0@fwlPZ;6@PU>c!p(&Vxy(J3PKd4DP$9^Ql{ROEO_}zGuckXmB0Ze(k_K z1bRLhxPKm{%6&vl6<9nc%C$b%A1WH%;5?0LSU-MuvTzT&U^{TWqT8S-FaIt)yr%zW zQt{oFy1MwBnCl#kzD4sF16zVT7pMzpGl$2KOPJBwT&tJOhznwuM`!lpjKX{7q!RnP zXYxhi#j~l=UA1}bP5#sEq~Wd?(=jE~$Ma>|3sd{2)m9HV1fI`4ZAc94*3I!CJz4)O z*AxQ6><1?4tuycsYn@BN1C|fF@Bw3oSZ$c2fZvmcxFW-M|Z-*(BMWfQ~4*;*{XCgq{CrQpV z?zZoER)MYOm7md#?fWP!_@$I&x-Rfs(2x}At;1#oNYa4RhFUvK-}j^LCu*7O0`2-u zKe`BSO1Q6gOZffWY|H3tI>iQ6en-;8NsB_!iNB|BzT$6o0!yNd+?*rbUg)TX`)vRG z#&y(3z6in;RL`u6G!ge8VE;Re(kZJS=V%G`^;yby%l(7fQX#k zUr^7XXoyAgjm5j$uJmO+?KVn(Q+e|Wb7285TV$lk&#ACdzo}o{@#*p52(r8KH)}TR#neXn8F%S{O!e^ICnVFS683wg(_-m`zj3k;ObUaDN&X1s1I z&5#f(WLm`q*y-kms4Br#&tQp7wCSq0e)jkh)+$As!i3wZVb-z*|5TcNX18&)6E*Ho zV8$H1BO?uMz-S-1D)4-5yZ72f5!uNjox>q;HTGo35b)t1V1hogMj_Hsem#bQgH| z+WyD{H7H{IrvG8R$#vu+L76^^+(9JAY^1U|t-93a)x|f_xn5xRZyFk!__(-7Oia4P z1~Nb{L6XpAEdTscaI=<|k7CC&J>-paTsNO#5nEg?&w~KAPGP+ao4gqa7s`aV?IO1!p zit%8PO{Ldk&n~usqjuW>$({!zD@AD_BtJBr=c7O_twv!HIPEV1cQ2-TNTX~&uepwPwt=U9@U+R{K&T2>GS8fl{|`Y-g&3eYXahQT)ErH zj=$`c=EkLk6>Oi!on>Ob-&8P;nP@3XNg!8<$(z`ip08PZE0wnhilMi+2b_4npLEPj z``Ce4bp)$8jk1TA0k>9kh}HT#%=dptNJJM6zsxhc&0Kh@5$ONSMUp+#Ay$W5Zbrtp zSddd*1P(rbT|5Tuf)Z5$9=ZF;<@B1cmia2Y?$9N@;#PP`uXLz3^NF+QRD%k?zlZ#p z6}2=zFnC7^jp*^kQG3}4r+!G7xd&I%UHjD$nJYTY)}?Q&SM_Gm$bWk=LM`p_a7DFG zgtV9br&)WeG4aYER~XS{15I4HJUU4SyP=}9EB z4pO_^?X|bv1a4?vTMS7lk~}XwMB{g_q5#mH@ZN+4ZBos_K~oO13G9WlBrpHM0z{ro zh!sAyPE{xOod_Xk*psfgp)%24A}^^#szK=%cR>xtI00{iPvR*z_Zqjv4Uf%^^{~$sWA8*JFExD#`ejDH=rN2c8XY~A4oW`C^iuaE8Si+^)BH}nQy1076Q^}Gi1*RGnXb2>n z7T!dQj%XM9&`|jgC4VV9MBwbGPpdWaEa582EhmEA7YjVBVrkRDlY#xuUu06U-U-N< z2fWFy34kEs)oTh@vDCj+l){Q)ASYm~7qA%#B)TP!iPs^yZ8@Oj*a4c}cyvu1m5m+O zs+|q|YPXSTvss?GPc5vp5OL6}{l^&|x2pdiC;YL4?w#Jcgie>)5(9$l!eyPo<-EUr zLvHIDk;mS;_q^nk^;nU}-vVY{UeKZC{xg=WVa`dOTW^l1*R@&ht#i{<=r3V4$s_~k zZ!Bza0)mhU-G8nVaYvC=L^nSTV!;_Cd#9I5iYq1m*q05sA4Ij4l)4C2(5MHb*_zf)oMiXG3sgmR6%;Z21I z^?{s!0dzHuwAOYP`>2Mqn2STwA4wxq7v~4O$&tWeFY`wR`k09;K6cYnQ{TLK^AYgk z6Zp4p-y|=Nus?D~E|;J{A{ijIy3!ri%5qBuI7E$O+M>7EFtBiR(&PtGo`)uHiCP06 z_^(e@z-K>-7Z*$izSHrTt$Hhn$aX}G>~dQFKGTKpsmRob3lL0_Dv0uP1Y5>K`Aft4 zV)m-&F015cU2Y3Y%`fE*#cR~$r&+7YUqbrx$BP6Bp?($Sgq()+=5M)yk~?q2 z4r_T5D2mREk#s_<5&KzFbuhz?Z<<|@$o)o!{N1b844_! z)&8fGB>l42FV7beQLX1nHp`GG$q*z1)PgJ&1Djo1OBvewEr|iO^D{7$TEgWf_0Fzk@PNGbG z-DBeukJs0WfqDfDNlp$I^32{ma2;x#^IAnSjjLMJUaWSLQttNYBd(Jr(gqskCjQ;2 zTz1sqBLV@qB8xe~XT+I#zuLKkTI_#X-Q^?#bpqSKA68$CmOSa%F!OB=aQ@cLb9^cD zql@u~!Ce>Br&byjq~AXqsJ;+iO?##Ccs5+($WB**==1&q%t8Ih zMr{mNw^Sg}`l`e`;8gvt-`^M=9Suonpe+9t>(iet_Py~c5I4Hp0vPQ8mrU7r!&%?} zUn3Te0BU{UvfBin@rXSl48`J+ok7Z{PmkfaBe>+*@$;4O7y*Y3Lc@{arTI5eh53f{Eprd(>iu?;qed4` zI+A|OCR#832-D+x&1_NpQ!^yOY(&G0iS^l}xgIZfk9+PGvl+f6a}R&XyHJ_2dfOnA zR`M?4`Au+~%Lt+Gm`y5#?pEz=K69$+s>0#}eZ`!Og|rFbq(=h<27m$itRV7mI$pSz zG=^>aC93L~siBYC0eT~=gAgK1V#rCuYUXEZ7+ur7E>{cVVF}`mS7T8uT93tim!`AvIhlc|!%0WKm9W-1x7Ds@X^9XE1Z}j!t=5pFM z=%c?CXWykrFRE|itTsCQepX5_OhNU%it5dXewNh)PkC#mALCf9qMb~4b>WgYgO&4L z5NrZ32B(?bKRsdNXJvo-u63_*Ibx|9n!{VeU>UY>-Ms zRv_`faXZk{(&;s?M`RzRR=-+@&UR4LJmn0&Oor!> zN3X+XW{RYz>@A*Wt@L!<$l8bww8AsD#dpQO7~)5W%KMe`REly@pzK_0K%c6z+`kou z+nIdzUKP-9E1M9`SBlP3pUN>9i@K#MbshAqHb<~cjYJi<;T$|>>aN-|_3eYbe$DHJ zl;Hs5Yme>?2!t9$){+Vud5}g$?;8tPY=BC4uV3>=AB0Z*dbz2Lb;IY1FCR4d?f~1Q zedmuqI}?lx;ox&!`Mi0|LP;QWiZmQW2!)&hJ5EjCk6ay+K>?j-=CNBMd3Ol75}u}ExE0GUw~PZD zfHvVWx_Lf?RX__mp@&;Q6;rCGE5z(<00l5T;^X3`NtbfTW&_r0%N{19&4=}8Whw=d2pHCIqmeY z8mJZ&6&5X1TLFj(a8${ o;k>xOpzs*r{p**f@#>Yg+4F~2=|XscSFR|?s7jYey?XQi0j@RpRsaA1 literal 0 HcmV?d00001 diff --git a/docsource/images/K8SNS-basic-store-type-dialog.png b/docsource/images/K8SNS-basic-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..adb819778a2f05c34d920ff4abd7f5463564d15f GIT binary patch literal 43821 zcmb@u2UJth)-H+_3q?Vt29&DOq<2t3kS@K3UZjN3YXAiWktQI$i8QI9_af3u=q(8l zAk>5qdM`J4{`1~F|2y}cd&jtp!Ct<`c74z^bYMEA|fJEg}1UA zL_}Ak3BRSct`e@O)m4xa5#1wFkbR})mAZaLu1Dz|$aAW5P;#R|CuouETRIy}UhLZB zCpc@w%?>Z0ZXBqsaZt7~;`k-4&@?lk+7Lf4na$EHv~9)WoUI2#rR&)TNqH zUk)vujkB+QW~1dWtmR8&q<{2S#r>(v@v&13vE(Yaig=%`WGm2rBqbu+9Ao13TNwas zFAP2-w77TGQix#w#p8-AL`0viBoSIXCh2w{d}8*}`Wg|@t!sRAL_{yCzrhKY{%kVc zApGgWr0|F%#am97H%?tI&JHAT7gYg^+8YYlH!j3{Gy4u01I`C-^QE zTTEUX)8v?wY}gqeBK83<6Vu}Cxo1x%e9kMH3r6UW!E)jeSazv*+9=J_k3>YKp&RGT zJ69Q}7MB7J>$y|U);&@Ei6{6LyaU-yA?K6Mj*1MwBm9_**Y|$1UF|g)^@m?gc=mvI zNPyr%E}`|A`~aDU(}lX)Skw?+K&xt>RK3skJH(;N4)R5 zF^NF%$GvU?!hptUvJ|R*#8+pl(Y~%&qY6G}$l(Ohk%?MY2c~{KIk^q71h4tcl~M)X z&)!@e%c5G6vBaA3Zt+r5%Fh7OuC?kq8$KVTAAh5%rA!j%xxDZw#?vgC0$$FTKiteg zX=rp)rg|amWW!SyI+ljq>tT)cSg5$^=x%V*9j72bn0HDYS@w-7CBcj%X>fUKOHi3g zQw16-cMiSV;#?6M_PML6>Lg8=h5R8r>KmNp3Bu?!tX6hOFUsDbC~w@uzR&R}mK>Kk zfUX<;2q;!o4NvHLmo?j5LN@tA+O{Z&&*Z`}$8E{41=@LJOL+iDGisdYjU(kv+Yn;;-qy5}; z8HOuVURW+>^5Z;%{UG(;gIi&09Nn?xYNvuyW1~K09EZ9_y(MFZUrIx1hC{b+-65JQ zyW6=RAdpd}+_ewC@SF_4@dtfAD&D{-RGKgUo{l{lgr;QTbk=Qc{VuX?SA_iuGEJA$ zA8GfQsMT#bAJ;VoUQDRU6vHG{Kf_vjCoJ$FW-cW3`Rov$%W=a{i!9t2%29H6{GiPe zX)o2X56|JZj_oFjl~my+8Sx!UpUEe4rq(-mX4DZ z8WxYKz7(`oV5 z%q!P+y!&$6LR)!w9Qv^gWY>=)oA$ms$oR`|7SdKPH#5*eUWmE>fY#{H95~+f(0v+6 ziq(cyNFh!`d3H2y-ie1;n$Bh-J{!N zYRWJr8u6N_i`T~b;8K_aQ^p2nzNJ9j6W4A6e&9*w4XVn7hOD=#T7XuX~ z2n!cCRcOMGl6F5^VJStyPuoJs95C}(xQryMwL90cezD!s+hsQ{tPL&6(&^bTSkND7 z3`HDlY?XxWHZ5Ul^+txrGs9|Ya%nfKX+4*XQ;XQicJ+vT>V4d{$k(qhVCtqYcbb&@ zOC*wo3ey=Yc=NWEr?v{X6=M=p`PA!}NY^^kPPkQd6^@#iF6^tc)1lM%Apz76ABn-E zqV@zC?F+FB*VcKpVOKYnPn(W(b3JX=;|sCo3X>hKNc(}5kwDVp(_whLxHIWJBWn?_ zPhw&xQgsgs)@LWz!5^qs%VRDCO?pliW63v8Ci2k?kEF22&n2Wzc2{h*Dp}aPQm^@q zoe58SP8=Hd#C^=yj)(=22^Hx+tx(I5E{gCT%51Lj^Pd`b|9lD^H*h)MWv)q*?F0`$ zA0++8=UUi@5H5&F61krJv4wf;14VQrvp$88RGGp-NHJ%q;pEX;KFw)k_XX(l0>j}T)x4-QVqb0%hfxOEhLJ!koJdbzigrzPP zot*Gspy+5{M#Xv=v}aVmkLB49pE1YmsMeS;cUdbr&7eyr>dDIccx`P`uj!UsWx7A#K^)=I6k@Lv|5*xI z_;hi#L>U^;m{(tWeC#JT{8_%MD?}`>ORPIbOB?BqAB&mijS2m|eDURCt^x`j&;CTF zTUoN)IcXAb1}A3e?+zvnk@*OiUZdll44*0K<1yZR2YwP__p5k{`p){7_Vwg_I^n~E z9Y*Kcte>^;v+k;??shKQOlC-*H7?2Se(gB_efaP*aSGNkH_f5az3I5E@9Stm!MKo` z?$@zB+**1v57*?y{}62&9W75p(AAt<>{m*kZgk><8P5mSzlHQUfOTC@b}^7knDj~r4hr~T!HSKj^R%G8(Ejx;Xo~K<#3}Ezuhxa%(sdPkm{p$#`D_c zAb@SVT#p5{&;*2gtb{)EWNx)2A|^4hN?fu3MkY4U5Kt^BbLt-IX%zF81^i4TIf0fZ z+CjNbmGs7LX+u}TOV03pff^N(Pspv-VSs%QRvO}_y9q0q2$MYU1}nSlpVYsziz3&H z!XwLH9o?~g=nt)}uBrgPzwazM#?OoR2r12qyOF(MhYBsbY+*t>P@x2wfAH_kT?b>4Ncvwi{Jd0%$+A_Zak%{<4^vZ3 zMWh`D#a|o=4jwt%k%-pXyGk`%KH>IDWr&Xh zWpuHMQg~96m$?DL@|vpGbZ2GzyZ0d_@eF5|FVIZYGz4m%E1nfpb|%e$cOAM~;{eOt zF{Bew~*m|4lB88V&%khk8Mn=et52Rs1(s zlNcdn8jR4x)zsoaNhhq?&G$RRLc4ZF%mHm2M+XCp9FX(1bQQL+wpl!;;?2OLILFy33d{ z6yabmoV(FI-}N!0FQDcVcz_Xa=ZHf-Yzg8p;?JfHG`%R^EE$P5mZPA(=x zs9!a&_LIr&2io+_jcRKg_1fvVEiO(WGs|f3G<3A}dHMoVBXmU&QkY1G%FF^JV1E01 zmGgLsVJnI41_3t^zN&Rue(rcoRD%MKm51?cWQ5uMVakT={stG@fst6o7$3erOjg+w zqAym0qI^z{8#Cph?R~!@F`>Tjh3ZM8I}t48yV@WWq;aJc840H=r$zuK4R%Y)Z=F#uZ z4RHP;Vw~pX>+PV6cJqnOcYPdeqFk&Sy&ZHUkSSEHRtz^gRbv~*Y7GxPoEBKT+}*M+cQ-s;X{)`>iz7?&fufu z(y=$XR0iFO*#sP(Q6o<4L^$O{odd>;(W+0G$$F`Ka=&a@*k5#DJiF}O0k_CYRa>{=&kWU9iVSE>beAM$8zD9mseJ3u^Ti;^wf9{(&c|@ z0St-MzAv{i>0h^Yn?Lo%P6kU&>8TkG?wVE%Ghk(7l^`DfCz0sl}o_}l-m_elhn zW~QTdSWR>~Sn!GTfy0oTAn9Z?ez6jpL?GJEJ`?Go!WW*@F?cp6_Y zxPwhY8h6_+_R?m0%wxv-Y0owQp~K{(0?kwX={|=vtVoeOMJ5I1yAgV{Si7n%mA!dq zI(JHDkDCJz8NoO@S^&mg(y^$y=H~#4U)=dC{@05Mcz4eLQs17ldf?0Y$qmaz1duf( zmc81AHDE_=*Egc0>uUraH&*!FkW6h_mjh{a`~jL7EYF_z`4I!Q;Dt`*R?rXm8Q2lh zzx;@u&KR}nhzkm4R=e@Aj?cDX13*h_&}%Eo=igN_^m4H*(xS6omFG6|L0nXUj71OH z?KI+#W*e+?8o2R9s#**i-X+Fn=W9_jP5F^Rs&4uvQq-Oi&PzcZy;ZMe_1@goc?&*w z93sXsJJWc?zKC|@E`uFRgGQWE(}cF%-2kZa`G~Z|4>zN;>iv-I*RAE*dhIW)ZeX93SY?No&JTBY=YW^hS)uxha# z%`fq`R!RK1q_b^bpLQTmE^4MPKo_S?<1Ez&F?Ds~F~~mm_JIYYV}J_wWti?P-5HITR=YTzCy|* z@4o$`x0=x}fXQ9qEZ`^3JpAGo6wJLr{qqmn6Og8N<09hx6J$@?yQW>tIl=qmGcYcQ zL5L#j?Duy-W3*4viqUyIX}PW?-F_MxN}Z*tsO+s2px3h-foLpk$L+{_eBu)=;W)f4 zqzt?&m%X^83_1SGO&brxRui&J>cK1*Z^mA`;=$@kl6#vKN6g~Xh@RF_x6SDHkiDqX zv%xXT5H^kb<%_^B9)CyCdaG^kL3Avxc7A&%E>FoVQ(os&2POX02Vp z4P`gm9k1_j2!?oq6coO9+?Zr|1jtjKjnVbqGHCE#Mi2jCwawk3QmSU}R7r(0zwQH; zDNEb{y_&aFii1BZ4<*0H6>7LZUA1|bIvPLfEw;1^0^RTBVx>Z=F_Lspz)`(QdE~J- z*cg^$QvHrKR0bl0@Zh9cKS|XA-7;q3M~RVm#q{Y65rto`9(%pfhFPGzM-3N=Vskqd&llU2 zSicr=;i0O#k=|VETggm9w7F_rYEYaa49+D=XO;ooJd--V@9HY|?M9=`!P%k{ah+E9 ztj6fMGwmNLqVzjB91c5C?E5JojPm8wRlj2Q%!y->nUV)2M>mODUs|`hGQSv`Tw$mm zA3Ysz5Bd{Z;ToeJeUoUO@X-#_iy^ydV?KBMYr+D~YKWgV(IF=CGG{nO4c@$0@P#^w zQ{)HF>-ZR;MSjmK^J^bUO-X2ph<=ZfSqu?G%TL$;gSPphpCDe|yZImF(BA<^JQp|q znj*rE_53fD(*Hec|01sbU%iD#L#^uf-h!~P_tH4XX66bepBG^Zu|J!&=Gg<#+4+Ib z=x!qK?LqDmlu&J?9p3Qu)r|`A$rktZfkcH6x z%>qmW2(MjLC(meRHBSNDpKlBVZVk_m#V&wm3VoL1gujY2T7`V(nXA%n$_tR`2nhMQ zcihwgn`B%oFs+0Z?;Z0Qt6e{~vq>m4g)`~8e&>X_9ltl2j^%hlZnb+{R%4u`WK#9J z<6}f)*C`%>t zj%#N1E+z&nDEYhV4SVu58jtS;NEonBP;FKNkbR7-E+W-5xl)+by$XDjVA*ngGq0Vu zHC%Q-9!O@s~v|!$maE z{Rruj(2(I<39TCEfTt&?Hd&oGcDAD--JA01r1ZooCh6ypCFB7F0m@AQTuA$~RqB?)3{MmFOF>G)ju8Lm$HPFIB7gHUCfBfbz0=mw42Oj1-tCBUep}~7cK(eG=dQ+p<}=-s z8Y>o!MGY6GCt!DjnPEEjt>`esyI;FnyFDoBfQXAjbn#JV{ks#$)M0UY`X+D%IY`wW z#q-Xm0dY(b6$8d<7%R*7G%rX2bCz2C{e8MN>(DUEH;XSe`ikjL>I%K<9po`Rh7r1r z_w)IcUQ-|4#uqlnL3SyQo@nQ)uWauOs<_<`-*fk&j56SiGh}LRgI=4eXr^&cTyK*;{+qf@66bSLf?afRE`xUR#R!aph<=tVW zgidA_h^DE*e#u02l-P`gI141mF;O`s?U6)RX9v4dr}(tR$M(!Hkg>PNQhe3o>f6X< zX0c!vvn)wn2a8Z*6sjybsuytMhGd$YOMz-AcD0ceWi@->$V2y)fxRwW738XgOdERG z<*03sgt)V(;g`s^H#2j7x4@{4ZEL=t=3SCK0c2+kDj;KB@Qs2;V+LqOX9mIlopw+d z&9?D&simd%us!ih^C6(M@P~}i6{ur0a5BWoEjPudH9GDpzxkNeUc$N9_~b*Z^Mwm z`-CZ{{A@S!z1=KRW}4$kULf&f<@ES8+Ck4zmOR#whczBv?&2&DOrBa)-nc6#lz%ia z?jGL7sLEnuci0)Y6CWB#Q^8?~bXb2vHM-UM$T!q+GX8MRUBCBC37jgld!wVHFN?Wz z#Dit0fh8*8v*3Yu*VQY9aXj4(fn3M7-XSOTE{33*>h;7j;TkdM?wh>y0i`8RgP5~d z9$f<*#eNNU4smkrctqw>OJZi%IRUHUDxi4h1DhQiS?Gz6ynNa)H2~=91o~veFk!Sc z+|aedPUmsW;^USRyz~2EX-PWT@OxKQT>Tip*06FoMjv2mA>((dCQ1+-8Mq|;54sXO zH2ds-71p^*Y@JyuI9;<9Q{WfPT7R6DlT{;^Ppz-~OPWu@fIEx~eIWG!0g!AHU%c;# zb$=c$E0iSRUzoL_2eMDF7ty*KiIl4QSlV6N-J=RCePIWIq|!DB3NYMf5546#)_piu z={53mXbsRj9^LXPUb+fw7CJjW|DxPscdVRuE9MqmRd^LwIe|0&BQKzv`?KV3${(~w z#b{CIGz`p|mz$Hr!p_#!XJZXAol+{fPGLp)N;Wc`#e7<2U<+a`-!7}n7?mF+Gb<^@ zkeGMd%;AS)L%Cz;r&?e}WrA|J=;Iq8FR$On8(6Bm75VIM5o*>#b!;?rQE$UjrkF%A z!)B*BZ1F}j-$0_5#a;BeJ=6O0n-kZLk8n3ci)};nWO2{b$ z%CoRl{^`27oc-rg=VewNrP97Gwm_pEKy65h5F58|hUW;PsMQ0t7>p%F0E z$wh;Vj*XPz3eNm_ZS2a4lLBT~DgVYS7Ff*zV{EdgA05~0f5uN`RDJWb&SHp#rNR-W z_c96Sy0+S>FDh5^fuR)f*5%5fi6=>&Z#^P;aEVb^@eX&IRBbKWO2_Rzn=X{^JE|Ed z|5=1Q;c!fD(NLUtBG|BrVupCjwdGgo>S9}NV7nGR*c#5<@!ypGm|0fZ4qVLQRy;{4!ehIrx*YL(bHYgxszbZ}Ao-Xp+ zTc*yN$HDB8I46tS0Tm8NQ9O9}ItSE9&t$-0VPhoZAiZCztjv z!$>Oc`tNNwPChk3R9O@$2MZuW*P3;?)lO3VByUakZfu z7Kn@vwYBBl;DEu3XQ|UXX3JL0hPT^8+n6()A)PmUf`4jOD6|Qn*4zs7@DtNv`5|0Q z{F|gN(X&$c#qCye=fTM6>gOZc3u(vtQL{UwDvg>iO^AQT?oaXg)bx#-37L3+y+;-1>XYE`Imc}I9C)`5ONaG#Kj%TH7VPF z(3%zQ!(+u^oe+yM-UCT=M@h4D5~R*?nvA3pxE}TvHXA4Q@D_p#E*fe}PkhA)9eg|Raowv+pChLBG~snbT9c6S zk(2DYc{3ixm?wR@k&+S;93r=(Q0b(Pd8A+h1giBvDqc6+=LD++-mWiKDI$@p6=?O{Uc#b%Jo3w|BY-!-iU`!UuVtMCGSHlwN3DFvc_&vQx zU2h!M05aKYvLL;tHZyr;Q@|Utw|)g%XJrXvvz$nkd1upnLniXzuQxl>vqP)W4$r`ekS}1M< z_`;^WkPO`F+qGc8J$Xo_fZ1w zmJmhr#J)GIso?df=YJmIt4QNU#7hdm0^*k6Q?l6rQoKOUw}CIBet&Yh#T4CqkfRS;7MVs1J(`2Cw>)u z2BTyN_>wv|F&^h`13!_28Qe+uO5-*;x4+}jhl}TbCO4k|qhZ0>1jE3NAg#A_n>538Zn3*0UHzOx=I-M(N5NP(HO8?BWH z=~Ew#+;a65ZanVgD2H{lA;_hM6n-r|pbru{uzhiGf;qgoxf+XIEYNy0;H|X%TyJP{UCd3~;G?`Wz z2!m&puY7nx0uL7tlP6EV5Fu5+xq12?3=Y5rgm$&uzxtRy`%PV4Z7mn1Ywf{xq2I2z zl1LxlJ7pdbV#J3cHN2N+{h5ipqzD;#*9o5U$CAB-+4VW^;Qt^`dDZsMmJTc39;#BE z?jxiG28Q_jP3)7PN}8FSRV8HiNmw!L!{>k5TxRvPwOLi0iU$v85c2*0+46rc1@Qkw zr6Nl8^ZToiUGcJL6Z;R!+JDl*=HJ-aVlWsD4GrU@AZ3<{U+f_`sjUH_ta0HpLWbmA zQhBzIkit?)Nr`5jYSTW#{-FPOA&f^gRb&fSgIZo(>`!j3FCah1<;{k+=oE!h^a&=x zMa5VvhT=t9MrZqeRc)VecRW3yf40=l^mY3kK{Fiu!8%?ceY6-W6G8?fbqFN%I*=hP zjXKfkEx$MyZaKq&14a!@)DyXBesND-WWu`C4^}({1oe*3?sEP45~rB|C6{0(T}7#P z9d)+hxpULwR??eCdaGvw%<=4NJ1V(uoyI_Wav>Yn^uqDZA}(}#HHV1BxE_3n za1&iB|E`P78d1XXoEHcH7k_aUx|i=1$M5K2X>YRlDpMKoXwwLI8uVAq_!Ab_%OCL; z(_W@yGn2vsQWlDO%8*70K1dnI4;lr|Hg95mMv!Z1ucWA0Tw-o^eX7Gs>-N4eifym| zbKF|4rhx$`8xUy@4DK`-lb&1A`YCF^bSgEH$Q?!zMjfn?lVJQd?^3X}7v=LULQgf+ zO_b4SGPwz6WGEQASyN_@C+Fg4Y3O&OcH{AqU*~7+M#(eH|tB{Z7IfV?WNMrlcZM6T-?5 zio0=Rc}~St0HA0ZZ~20};;0P4Sh^3s}1?Zh+hUrUVK6^tG@!jdaB8WJM=|4o4Y zH^vFLL~~Sh!*CX|B3l#S5{TNL_s<%azqGHxWpAzdKm}?EurV~^{F^#$SBLC;qu7*O zo>7HS9L?F?wH%n7(eRx>;8&i?l?)167Ra6#vWKgrDho{Ew@bstB!OdK_gYA*mc2+! z0t*wk&cM*v=0K$-h=6%skzB5lDGTrGJZgd~1g31Nzf=s|bnOEG*YfY?DY_Ts3}BYu zrlnd)291zt`ZXzZP0-e z@?v{8{5sgeq9y~)#?A_;ck0Pb;CsLv-$OltURfEc)Qi5Cn)~fbuE|JIhLsnIOraVRK;SZ8j);Zh@S(TLw~_El}6k) zFJdo-cl)c|CRPp*eICvFLcC_5eLh(VU2atgD8pcraiv~^A(%_te*BvN+wJx0F#!@g zB_8c=+X-#pyYt`A`C(t)l*8(BWm1O12+r)@E;XVv=zX1I4FX&xcBJDpv9dqPmz0<* zk}87s~k1ZanSwsf`fHkaqw(_VO*W~$NILsinnikvWq*< z^iL{kJkEf?t234n#}pKsTyzEEj+*aP=s~GepM~qPe5}z;U~o zMsNPh30EuJ-`{t~PRzq|2><>0UoY5TtG;#V^Q|Zo|D&bV)m32>WaqbG9pRpIGXWL( z>rKa)LZ0SYhnn|XYStHhEvI39OFp=&N&n3t#&5vXy|?@XAX*{GZ-|VDn5lDJsUbM0 zsDM*+f{A~U0a@QSI3Y`Lk8p~CI)$MwUE94Pn*g3KT2|oc+DrH7e{q7!i+9L>=%LZZ z_OVza|0$tOB6@Gqgpr>9^b8-M#s!bzOW8GxWplnx;1$2GzIC`5l|CEIINxQrvyJ}_ zCp>qK5%(o8cG$}{R{wr6}1F0Jz-&8d219ilpSxaU@_Euw49P)>=Sxf z*>K~HtZaBhg!*OcWf5*p&hWoihXtB;LlWjh-xDnU*K7NivpF+3gV8|4jE5-zS7O{WzTT*Eerwu+&r!R09@PD!#_!=RZi-F!REbi-H&s64cX>WRb#g4JRXwiT zL~9rOKQXdet(A1e74+P$NmJ=88Y8uDpC`02sCXjSH?`QPa=8rK;sq;g>TwcDRpZJu z$r#cC?J*pggZV&N{5u|%^6NKgnnR6u_mn+!OlD%3J0t+?tl9?Yrv$UP?8 z!*p3r2lT>t;{~{O#*)uE`{~bfb9coFEh1k+=My!AIvrMx4WaxrKoXT;@JIgq*{4rMZS^}wIp0!FpH{9oBF}2>~ z5L2AXrXhN87>bgzx!$3_m(RGFroe|7 zGLU;5i7eFAqW(niq=O}09#AS&0qB=>-MCHf3xOjYo1_SPF+TrV#YXFh=UEC44q{1V z$p$%mW5P7;pqmsU*;&5h$>Fgdi*kirF{$eh^Wwi}YXoIwI#7WHO@#6eRjq&NeBL>5 z&!aBMS442rO_)CTJCuJW1u!W1`kpYiP+dBf^6x_|cwmhqARS0xJpWo|)E3kEV^}~^ zO6oFF`5pLAs7N{+QR4C2fe8~f3PEtb0L>pOoc`KJiRwiEaHwfT$ zOkYWWNl_u8M`eWRe!)W#&BD>KVCB`g&o_g?+3 z>g;^WC}c~)F1T)W+rh4GV~}jTy5)3R2|B5?AA=SlbT{YyW>g@*RZdQ>d2hl{2~3eu z?l7qJ#1F}r^cU&6t_{8-gk=9Q^WZrp{o#Wt`~De6~op`w;iW!jg5PhH(t0}cE?1V#cqJ5}na&!2)T z5fqO6<;uZbS#A8QTPLdWdxD`v)GpZ8)xRr`t6CJFvldr`b_m1HZ!;1`OjB9}La%q< zVxRb>t#MyPU0LHeT9Y>N{%C5L<>r^HW7E3gjEAhNu6JF9LTx8N`2sb&C!$}Y?f6_> zD>e2pA)RcBatGq)iQCI}ar^!gK-r~7%U}vM@aycc!e=M?g(U(&MK!f$$P8DNO>t{g z&t6@ya$I-7-lwwA*wC9NK!$kryu7gEVzPv&SUXbr?HJibE?xUR?0WN>=cV&gE3+!L z3435r*D`DbszczmH@BWqguQN6G^jsG3jeB9oX2PDOPMcy(qP|bxay{P_W7=MLl*tG z;Dl*f@*c^%`jO*{#(+uxwAVlRzYpAT@PAWj)L_`APrJ@<*sgCARJRmavOD%!Ge>Mf z!^S-}ZkQfR^W8cTgH;jhoPGari$|#{^-MD)%6x{)O7I%yk0up{gHP80Ry9hxart;T zRxk&H0&(+RO%ela{|#x>`6!5(gNw3ws`71IdYwY=3#QOd^N=Ex1wN0$&5k$JEm|?p z8j^ie*`V20Jy4a|=F#*WX0^e$n?gb!Cv`o!u54>VpOx5}zGqUGDR-8h-nfSP#;wD0 zJ?|OI&$R>rtc`v~+d%K00jtcgd6jY7E^_)kn3zy>h;WIb%gaGX#Ktd(XQw@K^#;*U z8OF);C59T%6gU%K^v$pquU39aPi+4}?YK!MU(C|SyL(Oe6*m#zXh$boA@XrEU2ccFP_9P@HAvu1sY`G=MQaiSV^&>q}2H(|JIuS(lw3RiSnlid_c~G z`)HP?D+g+4q^vzH^*&2AANa}f^XJ=9K@+vypewz@mRBDZ2uZ)F>|rv;IW|?T7ir57 z>(2cret5Mk6@*Sj4Zkgz5K?=}cgCFplTor<@P3^bZTCP68rPB(#?n-k5SyRl%27w} zj^bUZG^#Pg)fl8fI7G0nC$=;#Ps;hi+GMzIGQ7}B6ZrD~Ws+)jOZ^UVbt_+9Nt!?F zRlG#68hQ!rFtxIGfj3?18wJr|x03wF_Q>iqtETdPNreiI#%#1`yuEa)_RvDJ+9_W_ z|IF<%fK-}7oN=38#7V_IRU*KpDcEC7+py)F+%D5E?%xv6wf{&w{~LqiJNYk)C@Lm) z3=>94Z0c|j7?};V$|z6Mt_A^O3!%*f5v9)~Y+~DTzvZ;ArPioq(%2VAEPeP&R<^xJ zKJpR?Z3sxHK)OGWCjM6vIYl!PAh2)DMK8Gj{1^)j2?@Da2A>BLP?_lKox8`g2hH*Y z<-(5Bhxl9Fj(EOV>~EcXtxKfu-y+;bPDXZqe$Yaor3y(Z$E6CfB3B6^ zrRf!x>Wj6E^EI`AW6CN4g0jNXa;m|daLGAJe=we{%CiXM=jdx#M@2^Rk))3j5Pg$~ zg^L%to9_AZ3HZ3AdbP6E&as zT#@uQv-&h`lqJbcq5I7~GQD;thFvOBetrW&HZLFcgPj%S6c4Rr;>((g(aEvk2PRcM zRU!}0DFDhfNc`H!t)Vr86vDCrs@Z-q7>^G;`TQ4zK>C-Ung5qHP zD@}GX@z27<6g0$NxH1GOW7j z!!z{DQOod~&30l=bK96$ph;wSIK-C!oplVBvT3kTh+YKl0rTG3uVFsh%m3IHT&!8a zW}V>B5TXj0~cxQRwMN3(e-9~1qAAu=P*;hye~NNj^VH%Yi(N)WjRt}P*K(Hpmig4(po!7H-}m! zzXsNsn-Z((H_)d7(hP_u+rDP48GKl1FU)(3utCy+QTEd!wtGU8bh^NS-UaZUL6voo zh!f6bRjA}QEV4Rf-u|sWv7?E&_haDPrDfA*Z@^|i~9STszAfyaf$GNv*7R@BLm!ixS*K>&@k5vy^9 zT--2=kWgB`o=UL>4JL(TLFn3T+mYcWJC)9!mpYm$qVB5uUp18!HS$}B-&KdzB=e+b zLfHAW3jZ9P)N7JVYO#V6NbO(T`8yOIz2XU2im+x>c2m1Jp2%}ZtAV0d(NXENYyk`NAE zB>GhD6RASq#>AO#@kto_(roM<6M#^y1R!;?&R=IV@PcH`g8c5? zEP|DEUBcG@SXfwOlcxxT#?tPWUl*z}IY9%p(&cbknrZIj1LnVFeU zKG@ZlpIPR=1IK^4rSUBne@o#~+Zj^h z5_iWu2@JHd_B1SjXT=qf+H7^`DIpqFT>seqE<9|EOP@H*4wRl#G8VAcRumMmpBL57SvV|_{*$W~>M7;a<)8-D!?j|QQnKR8b=9a-M3UZ@qL$2P+lSqg8QfVeF)Reqq}p!GF;LdNGn#u z68+jl-cux*yI&+*qWa4#tM`3_ry^waRGR(&!|qqrkHJX5vA&@1pbK1 z?IUOn6+oN%s zpnetr?o2C?o7#yfP8D`&1mO`@343^3BiKRa$$gcUY<=lI*!11V$gjy@9%`%Ed?oE9 zOPNZ&+U$!0&FPIRrTFvWz%W1_zEMMS7{diGa7 zmlPNG8`U~XrK6dDe_KVZNT=N?$Wz3Q^)^V|iRp+O)-Y)NBGvQL`seopkO9xCRwEl{ zFZ^aev6fo11>gKy9Ea_|pmPz@*ih3R3n1a9s`7TJ>%rbHzwHA0?OZl??c0#5X|F?* z6wNq}(w_1j;cGrNSK}){snO3mirO%#yofM&eOfN=`1I%n$dn2v&*buHIp$AJ!TQq_ zxI+>HL=MxlJ7!LgMRN>vQ&00C-Q!e*f9b*uXG1cDP7*A zHOR^D_S}u>d2025W$igCcBby;lNO6|@|IH#-oZsI!-AdUas}r@xYdT;^{O|-ij`hj zHo0^EVa|k=MA>Y1Wr8hMug0VezX4O7=c|C@MwCja+`u8yP!pQl>9tz?4WN3Ygti=} zg~H?{(Is;V{l+x!d%KvQSH_GumPYQzWa{TE>=Qoo81fI&h57dfm@jyDXNw0B!5xtA!hZ0ghZPbTJRBL5~KncO%z&RaPqNb3};9Of9=OH*8C!FO{) za(e*8lP>f4Q^mPT#)Cuqo|^_sP!TWD>uOusdhmzqaK6e(+w>0?5f!x+(ghj38Z0pB zLbQ9Or=>ihMbcQ|> zsTshsq(N}u)(ou5pWe79qq+f#{BD;dCr53j+R+_M-mP09BV6Rzrw9P6T&z~Qh&^Sh zLT~8bc5XP{slcKaZCE|9FBW0DzXE{vd6Ck8Nszzo+XeFep6>1!cDI{$0IT#z0a1~X zFKf^Q+rKd6a%^i|;Ag21YGv}W@7~kDFyzT>|HP30h8?`;cU9nb1yJPT%;9Vt*TDOZ z>)!xog+JH;lp;!{DS7v6FK6dCG?EqAgFgl567_OeT6|*1*h{r*@c`zJJ9^6?Bq)f8 zlr$$nk|=r5K}SP_2-wblm*bLWMI}@9&);>#SkKo2^&^{FcIIaog?}{8e636JyBjgE zOf-Rt3!Bb>V(p`%84u)SF!icSqw{Dxw5$1&@KK@Dz9OOtB#-lxbE9H5GsQZqb`9^O zL@k?J4tP7+bhdrl43CVwgI0%Zz@h+z#wGD08?NWa@2^V=mYi=))_<&8bM78i*?&z7 zV6){cp$xC)0BP|Z-W{Z>?v|0)si%$Y{!zxVef^KP7|!^{wM3%ny1D12n$0!0CB35Q zn-lPox|H;~Udj)t@?Fqk?xttNo3-U{b+>-e@9w>?t*la_-hBA>!ctWxV8vL*Np}18qL`ahsVYoY@$jIS&r2l4K4pIH^iW;T(Ba7>-$AuNAMIfS^o= z{G&>U0GMlO{}uoHrdoy_+vFYPvibX|b~(=6HQ3QlPoML#^^nbQ`aI0;}5NsD9$e>h5tKimD_3 z@q()O@tp4VxJF1Oi*#<8TSMX%UXsNxW~dLC<9nr7bVh6y!G~~CCAI5W0o&v49j99U z`^E2lLzOv{zO#~6hMn1vPo;V10HQ-lr!w>D{|JxK@56)}xg@;+?-7gUVU4xdU^0%4 zhJI(uO+!YW$V1bZ{{yV%H3?n&_gF1hYiQtkDyp>79&FirIqor6Wi^zfM7uI^QQ>Bu zrd3;z{JFf>vcaQ@nelxe-v}3R&WG}p=VV`-u8gM=fst8%7Ben+{Yw1cr1;q*NUg5Z zViRgl+Rw*wxzb=~qBMAhR@*K!O?m3MelvVRoMEfwTPwPy|Ld$~OtgtBRSlpC25S!u zL;PCBVe*K$z4|-9dP_jom@V#{E{x#6`lg6HO*mIZsIBFYhvg$mua@) z;aNyaLpbT#TBcrwI!95mrE+xW>ox|zF$bRF4(2UR)$bdEatFvJGjF%+CIz|2%C_Y< z?&>!jZWys@c23Q#)YObtXB%|wDcqzTAFlez_4BNC$tk|hjJn1;tCs8GfA!g0{}3xr zD^Fj=bJ#ph)4sD~7ZYGNX1kvTPe^*Zoe`KpCsHtD+GRWZjDYdGo zW$hes|4&3nZ|i{$e-SggIqaHLL~jMh5JUBrD^+n|uGYqCny%G^g;ADiowb$%-*^G| zw75WZFGs*tzJ2UWl+x-A`dNh3?R%fT$@we!D#M!G78+c>U)1pd ztMR>mjtja2jJ>8Bm;74h0r0mgR3OR9Ff9@T<8y#YIt7TcJ5u@kUl{RjQU4EI_y=1w z9`&Cq{WV-&9|eHGpNsl`Tp|<@EY>K|7hU0`cYDLg>FMdsnLhgLDQnZ~yKAMoUv4A< z2oHM>SoWD{>ZLygclIAnSiM~MOPk334{ah@^qLX}5EI-P!XhIh!^5LRtjA~|mec(> z({aoHtW7+B)a`J$OezQDTPVT80J35ST9>d$BO>AcPuhh0(7)GT|5rfpzq6L<q%vvpi|B(-T;}Et_vp6A zcz3D@jN_4uwBG10%w6p!tDSpVjGXC}$y_Ykvqk*b(2X5D66*lke zUqa45M(*q>#8uLX=1bP; zHG>(l6J&CERJ_->(Gxm5ITYm73Zlo+0TbW(6H1HQ3WoaOGUh4S#6?7R9euI`|7;ig z>c+6+|cC7gEUGoQSo{PV~PYuAGmpR+09{R z&m9$?=;|3{sL5PgOFXht&$ZgufIdG+kFShN`|jPGRvHK>L&a7kd-thxNyYaV~#Wc4JT>#c+T1y`YQSvD)8}!>n;CsY3?2Bz;LtXRQWopH`i#eY@s{1+nJLy$A zZjl)KRcy>~e2N)r^1_?WbKW|@Kv-D0QGDID{ia+c&&+azDq1DaOIzM+w>j%K?W_?q zM4Vx?Mv?4Pkk9kR$TPlDh*q7%zZ;Fb2r@}Y4ecZ{(GD9Xi`W;C? z8jK`*&J=l=IlW}(6x;J09<452-FRk<>_LpVI8GWMD_ZodSS5Id?8H;zGGdF2_tXgc zFHyb`6YCOG0dhm7U*Bbx8v+aJi@1%iQ&#^Ux8T!EKL@R}IL(x}-phrB+5`nss}Mik zDvpXh|U$7j;ai z#m@5Yvc)sT4lr|wlEd!u7r)#(?=6M?0{XsrU)Rr>)X+s-yWgKp8Fsy4{?)COJSr;k zWsLOOaSO$`Pb(NV>qbEo6WW74H6*Y>Q>UH0RXv;;OMe+InC*5)>ZSi%Cu(Zn);Up* zAFmb{*-_{CkNtfmQ!|PfN`#Y46vixT5Dz}fL_i$x-OJL97>EE1j%P{=GmS~NfKV?k zGtrhNZ!~2?l@mo9{o@;lcQpIwn+4rwf0dsexOpQXl}E;Z)-PXGd(b-jRxvWpYCd~* zWP2IS{N%9>bXw-Ec0rSj<;-VqGq1u$k);ospi4~)_`IdF=k~+qr9Ef9QsxbATL;(A zAm!jOx_w5GkF1XiLslYR7}n7nJ_ zv9)#r3?W>xq2}l?to8sAxgTQD{kb%{o2-m-Gmepi`|atg!2W!k%b8mJSQ(XYoQ=!O zlh{2R6Ovgosk398XPF#?-QO8kUYChQJZXZOVE-;J$>%l&pMLLhb(2vNZnjsd68pk( zwpsAK@Z8wm(RBl}3s0tod`fO7&4k9arf*d0()fag*;x?RI6H4MwKLm~8zxyxm}PW9 zUVheGd(3*BDgj=SjYz~xQtW!|A+5LCHjWqjL%N+`+Le@z96W^{uSREV8Cmj2C&Dx4?!4fEi+`l7MScxBfyu_$mY``(UpEQskBd^05plh>(stCm(IA+D45>(iF!WW6)u zmS_R7m)c&F7m&+k^09X2Iqx4quA_5+{!-BXRISA2WOHzW`myk%y^$=j6Ol*IrY3LH z)!B*AqrI076rr#$5^7rUyp3qM9pkKiV|E215j@-;-c?%C@WuQ!ufvJJW#e_n?QyiQ zDjj(xA)vKQEiSg$E;Inva^Tg9I-f&bBZqxlpA;D!%-1_@e|RP|X#?fa=0C$`&MP|)91o~Z%H#^-b6))z7JVn>}-FCN(9-vgc=leu+?h)YG*Qw%Bmh2D_wYou^`;KG_ z+`6CDk+a%{`Ylyci=_RkQ99bPxzCc1S}$v(^0L<8WlnncNvPMVQq_sl zK{D=3g&7#F?SQMdoo%{R8iM#~TKP=)bU-JuB_of@LJ0js#@!5l?4t(Vh94_xYl}Cb z_b2#~uUr;CO$QY8JDR$F^V`94qee5_mbZ%PgRn4fBmKTYeoaLd0OZv#JBE#nSd;ek zs(~>?mi!JP1q*;nri1IDLd~d1$snVshLd}@H~rw~j_UQt4}+wX`V%Dlk$Ht*CUaOy z1**YZX8Db_98%SI-?}3e#uW#AoUTc2ugX_gZ`;_}NUYh>{fW4f z<)}6{<=)Mk2nB6xiinQ|3l|qZPAPw}(_eb`9#P&>Rev4f7JgJt9fOrw)~hK;n|i`W z7AILwRDE{!%H1|RaxiFB(Jj-fAuZe$qW`#SJ0i1a{^*+w53`an8fE9(e=Tnn|FTV6 zdve(r^hfu`QP`WOn0_l4fi0sw7vVelxT9%Hd-kW7{^~gf?0z*OM{w0pENe6zw~G$) zl4Kisp&?T|$UIM7Nq~1&pdM#=IU6~wW^AoUR@8&X4;X!{a{=ExcYQz_4QxrvxVlVb zWbv2G%)E{5fVbo(AiD}=)jkzN9h-iq7Q-MjFisferVPxJLF1aQvS7h6qo@c`I{Nt* z$d<|jMq_VOX-_^2cb=@GAo_XOdHUdz*H>z)>(k4e*`z-jlhIa5nYal_ZVj8uvpt=q zpChdy&DyN61a!kx0e+|$E;QccSu+_mjx14v7IE5Uqn56k5t7reNPN9}W1-5buqs67 z`mB@kcAX0(o-<|T>7{K5a;P=)@3Us>^(H`8h3093lMK z<7WG_Xne1@KZ*sbzi@n90;Lw%-wmz_p!NV$DG}MgH!%VubIf5WqAwK_B+`G_D|xms znF)L0fUV7zDEF1z&?9bplvndU5msnEye4Peqh|LStro;eAJHI;f)#Zht$cO{_?ON> z7PAoP7anEj*O&FTwWFYjR-*W(E*p&cMYlM@l6W98steY7FA7Jwz6<= zl=)8*QAU%ITU<^<7fGp4RmLwe>RRYbzcN6o;hE~-*%iT_!SE$r`h3*l)P=LdY&ox5 zXO{`9W$?4Rjn}>jV>3D59)Cz`L{LXEY2)-R_cS=3BzS56H{Tf=*x)lgW{{Sul&|E; z)Td8NdfMZxoM{dA#av?R)CH2c=T#N}3)sUu83weC)E#K-!RCEvvl!ouIV+2$*b=zV z^5O0{X^}EhXi*uM_t}*&)r~YVB3RQHCfuzC36xeZlxMzhwX5jcjj^9gmIV1}7H{lk z3V7q~SiZ6&8cm479RvAiXZm$#D>xqtd5|TOQ=n21+=}*tYkn82l&!x#JP*yDnk>-| z^}Sfm0iVQ5vaF_N(ZIO+9jkR>zhUZZ+=m}D2)vf5jN7a6>JVrSVWL&qb}@`())=!W z(i%iEvm4e2wQzoiWcq4GHfPF=JoMMd9V;Tv3~gmjQF7 zmiW0F4U?~W?@FBc?S}hZ@tOKtpYTduZnNiBMg-cpRM88vkIEZ~^3>V_-p+|GFSB;_ zOv#6;W>vlhrsVr_AJuvjY4RY9Qp4+245mgIAXauhOq;JI4Y{7CW zme%w3yjvZ_)7AT?lEvuhe3S~mZEvh|u)F(WGvf3-4#sBu%Uss`xF|8+X7W(pW1U`$B6a?TIypW z*ArT{4cA0{$P9*fiX5m@;Ksk1TNG_ExUOw%iPpsqesAiieY$&v!^`n~G^Q8MK@~vS z)P7`>GteO@ZBEZ-lDnfU>2lpM`vAB*bdENV!R;fT1IX!nTnBB-p~PHqOy_e6yD)t@ ziMfNy*=zF5+na*T;Kv++QmnLue@qxZ&LU_hrE$mXs^9E0xLF&A7ycO#Qk!Fc%#(fq;y9wR+eVz0TWq1NDD+6v_L)6X|Cn-TIG#`lEs6utnf8NE=9AJDnFl~YJ&p|5 zFTYjZ67>d?kP#Poq5u+=Z+6NBl?o@N6sg*JfAREP)xv1MhXg_nB!5jDEgoyjkk0>Y z%1rnDGiMb%i=tINk%8WW&h8^zKwnw)W`-9hbCe81yd+YDgLV&8)@S{>3%bvnwHG*t zu$~L(Cld(UyDoXDD~UkD^u={k#n1oXLaLwP-pA1}GkKFf2%Q?oyxbSl7XaPQQfE{j zOUrzQkLgGu(SO0od`I{`3*K|eJ(H|$-joaGDLt5OyxiB_B21o9HZQWR>(X+aELM*( zl!VZ)e%hs`!`W1py=WxlqmFJe3tnDGzFZ#WSO9|S*$D)w{gq?KEYH#3K$Aim%~W zLMhae;gh-MfANGuDv6{TvOM{duNFzUdZ;YB;L|@0xe850Jq!%0s*=j_d>q}qTsM;Y z7LM&Ly`8@aN)l)d6njUU{~{@jqK)Cfd$?6mZ;|}A18Gy0#qolPBTNNE_bkdAOa-<( zdH>sC6&;hcTG8Xg+=MjI^g7|j%`lMa+b5G1iO!qM#X1ZAig{)XKFrTtMVHFIBfn{+ zdAD~Xm+nngjDJ9W{ifossooCFkn_?G*caW`GI}TuG`x1{rFu# z6;zT}9QcP=j|xS7PP`JXWIKxZe;uW{Zl3VM8 zPANJaI|HjQoEYW!15W!=J~D9%_HckM>Bb(r3|}TsY{GvEd`Aawb7}ZRO2;QBu?Z>J zx!D~8BS`jkc4^GitcEq5vxTnOI)hK5+)XDM%`mU%mr6fUbMFldoIa49VXdv{kclVx zoVKzblVLMBMN{;=#B{Ania6dc2Mpmiw5q?JB6(m-21iw z6Hb0?j=&D$Zaia_bWAQEQnu~m#8gXpy7&@0%|yH8^eIh@VAsPmF8OmZd^5XLvehq2 zZ6oEQ?p&m2w!hib-{bo6#TqYq*O^Z^$1lZhGc7$03L2t zlAjVbF!W#6034<0Z6tb4^ma`&f?V(%I5^~R_;xodllt~A#k9$OgMKlm&Ma<ZBy4`?!ii+TH z1K8rY7XN^o3z@~$CRUHOK;UXEP!GcVjoDe#g~KS%Rfgj?eq`{Sb|0hBtMB^tzyIir^&|_#h1} z*y70p!|GwnlRm6TvJB)pzh|?hJ}`7+G0ESSQ0}wt6FqLxgK?;pL52sPCeRL0W3cnfFPcqTQ@JdmGJ&`x z-IqhPlow82k;zyEQATPSJH$Vs_|IcJ-g+_yJ@|vWkkLqhKuHg{hV}N4z5uH%oUBl61bxEP;FJY zhUPLX?f{v{Xw9VZ#8^g1YgOKPY0Xr(QkY8BTvTkw%mDWu%2#SMP-o>O^MdYOC^Fiu z=Pn5Vr=FZ&2`1hXOl?KlONpOvpGeiP|Ki4p1`ZmbXJS8aeg-lK)h8SbiccNea2$QS zrdgt$JftCZW({3>`(*H*epJWfD{CdyZ2l$q>@kUKd8Xo@oHu6j*!!}o=%-SS`IE8W zu;w0fXHlpWd_2=DAB^wG8l0f_-d3(=-~FLMzeE1P@HDk#}Y_(d7@r|9LuAW-7vk zM+uBlL15Oc3u5%Q}PqJ>yDhoL^XIoc>HX01@&G%Qc^^FxpA&iLWKL zOCm-#s<(?bjCB{p27SBZ1y6ZI`dXRALh-?dnK@IuGuCTWyqc2LQVfvvVu54M{JH&O zCyJ8#GW`TEgdr;WQ=8;%?lvrL>Wn_B(kbgU$Tb(%)YeI3o-5*I&RyESsK8k5IHaa& zo8_iHq0gsUcr=;9oK>3@{Puc9P~af|x=!H4Lu(aPj?iB}pse5fK&)~)#bjwP0>Uw{dez*K_a`pmHLlygQ zTp|(K68pTWu99#Sq}oBzg$i)2F>4MC=)0RMeq;%DCWhI1i5A=v`~4y-TVogNl(o># z-q)m@Sj++D4j|~qqq4O(mUI%>S{sh>w6QPKDmSoKz@LUQ*h+T5ukLsw zV=n#4T759NeKtvooL+o9_iDwAz8|C6@!?Kw?eu~#BreY5m2&5WXRn7`BEa$otMcO$ z7IWnJ`i7|W^KOhdhC_xt9%*1dwrNeb+gf=_9sinY&c)@A(I1y3vXVvcew3>e+Zg>* z=K9k(hvzNR4jFon7~yokSAGsVK~4d&bGzd)*On!|>>_Tb)Hf zFjXSd8=OKq$7QjE3E7y&&Ybe)+nb7Y%2v8rSLr!=mP8Q9t5L09Y}OM0uThnr;Z0Zs z(TBVcom6EfPw%BhT;XZ)`Gk}cS`haAbe~buHOjo~!RV%ZqR|P7Ec5Y~xbU$H3r#iJ zf{6{|gVA^E#SXM$!>@eTodtwH>($3>PQ8ST1Zhcs*2V3YaxF{Sw5I+W9?Ti$+@zT{ zj2ve{zaUCkGR;R;61VYwq+)Zmh&EPJ#d;rQ5RCmorC4%l$0KyQfEAoJd+~6;( zWUZoc!9GY&VstFs-bCj zwrZxT5L3~!C8?~JtZgkurHicdE`LL;;B zC)#%>g}mNgHbU`!g9C=(Ky1!i%zqi^ae$HsufVRN3JGXPg5~LB9WM{Xnn8(T-n8<@ zS&fP1Wz$J7Ak+{3;>p}rE9L7fWfB_7^|1b@y)aV3NfSyT+Wk3XA0(f1f03QR+M&||V{)xpjSyc`W6*YC zLNm;Xo8+nGY zX${vj>V)7vLJ=ZD)kz1ks%yCMcIj9I*4K&Ez>*iN*{>lqkqrsRYzs!A&M3O-h=QSVP+RGdb4w z!gIWQ_0(|9XWlyzT+M9hTo*r_SF+=2p-69VKbFjlKFpYvGuSx>@dxT)MqM>z`*@ zj*n3UlcGJnoHAm`!-2JhwE^(0K7SK%HE5Vk!{U2dv)G;03N$c%hqrF-HYRC zy|1_*hrwBv;{MpoptoxopQv88kZG}!O!oTCaM0E#6b2j38&V!(#=wjPrYB0+5(bj@9oBTUw`b$#KD)D;e3SddZtiFv@L<6_w)&jAMa$;N(Jzo5 z!onAgPJIh@slLG?DF@$k((>=MIQ?bgT)f@2zkGgTCOCliZ7g~yJ||%!XQC>=Wo}4I zQ-X!!*&%rwFcn)Dp=N;Q0ZJf+bwzUT)5nPlq}{bdjedGF{o}pJdxsSXD#OpQuqcU$ zUIdG;KRlEE^}{{QcIsC0*Ba&?n?<#9z)5V;K$tf+CMG2%<@RP6eFMbJ+5qsMsfZOk zQE?Zqt;DFL00fYG1b6m~B{UL^0#H&Q79~(OkVgR)7k{v=BI^9(#h-{p$+Wwp!~1kp z3UIvK6Y`DR`&lYbQTo5ZV*i`;?f)bfA+M{eDj~ zCknhvec&e170tupfX$`oE^(KksqcN%8H`Kc0w_jlX=(L##tW0PDUyx-f{uw=*tCia z@P;s90a`I(e7@HHN&DK)eKMkY*>gyl%8uK?Xm9f8#g%F#hb40>=1wJl;RC3WID4P4 zlng&C2mpi{7=W+F@3@yf@Hu%3>GXqSY14F3Ki_>OKevrG{W$b2{p2Pd1-~baUnJe6 z9V06nPlE;m^sRv;>|uN}V@*KF3E{9h@hMJbUQ^+5vEK*e1-bmQ1YgnaR%a~|t=+an zJZd$DJgStx{}p=Qtu>XmLhP=Nrde6j%qSe58HGaTCC75BLm>sqa4kL-BIn$(*#*Ng zi|zA>cZ!v{r#fN{GU8Q3ef}H%4X4w3+O5M|1##OLV)-HE-!XP}pWQ`F8I5qO`2zqd zKa0<8?~PIU+jhQETMOTKaJv>MLd!aLQ?8T2*$a~&3FUFR{otD^?M1`N3DS7880RZp zB<*<7ne}7ir`M$vaLeE;KH1Bd7ix~F`RNwQBNIh$qj_BxTB}h=LA?h? z_SGouUO8k()R_goV1{pOY>R;;i|b7YAZCREel1k2ZA(gO5UOzfAW~;7o#OeBpM1Q2 zPW>ntvEi$2qUh3U9JzhdsZS1$L_nD=?J-JrFlST_z6{tSCa}YMOhDzeQhAA!`ZuZ; z4LypQYCBE(=@|r_GDNM-MR{}G@^Uz!ng;nc)Y(7mD~Q!{IsTXrvm8ojf*l!oJK1a; z%+{;HUi4NV{!B=GWmqd(-e<8i|JK7T!|CL@^M{NAJkgX*o%9k*=0x=@fP}GtSqMHW zliz(lmGaZC^~ctNV;Ct`Si|*IK$n@^Ix*otSam`+Wrbv$rA`Llto&Z3y_>MiPD1<= zdoV~GQw$h?Rc*3?MI?c~s#_qUIn|0hm7Vsj`pIQ-^(9AYzM0EG^Sa1Sw^2kT&yx)eJOGtf+)+PFI2_-}?T5&z$TEbzcgvUr7jzB8GzSIilm2MA`+ ze;P?@drT~%RXX@}D0qZ5egTNJJj!jpF=y+NlKpfIW0SW-pjbU2!TEHg_L@xZuuRFZ zY8B&tS}K~AbLNo^h}Fut2GHXRI&2#CCj9vy(FRks~`&>C*Cif_b1nRTHrm2;FL z(yli0XH-wG59Y;^ufApHriI9Q-R#>oLYrYdIz?P6@rb-28=${tK6ZaNztgfNj&`9F z*S`aR$eqg4V!z0CcX6Z*3&Rr!U?ON#VC*=R()}~9=G)#*&DLSj0t|VEfxla}1o*nF zKWNo1&A6|M_Yb_>ZF|C|$tlHtGc-6&!n-s{5Xtp`&0D{1eMIm;{QjFC%2C6$;7nyL z#VgL}xyc==K%RTwoDRTdJQnVdVR-0*ykDy7JDctE3$V?Yme+TUcRM(=g`JoHJjwOd z)`f;w^E2@n<`DD4XyK<30~l=ksP@L%=IO>!ELJ(`c_3R3 z(AIut5V6AqLAd=_q9ifgt={^ z?hb90WJ?#rW@VW^@B7A9KRtjAtC?-nkseQzFz+|s7*Cpj1T^0HaJw&j_mrLzBqx=~ zNqBbea9&$!?jq9nH0RDE>09R&t!ezBeq5rssrZS7i+p>*W_xBzQ9O*Jp2{Gy=p7-+ zkGy#!4))Cyg#TQBp@u}v2lk%FIeE`!hu=@cozw5oaYve)Z^)8-L`(nKl{jXkc(z*?q%)|OP z$;V{)6XC1t>mEdwKt2-*1KI|e@TCMgLm|~(2TF{F_`u;!X{R*oZ-F4hJ`D5BT7yBW zSXiZ8_%3TM^x~h7QT`v&zknGdAYAWm%t>gkf%J+oqwSMX6;^kKkByJDz(f3B#?$|2 z7ymEjng3tjR{GcdS|h=wr1GHVV+5&SsP@7u?Zbty=$V7RDBHa@4vk6A^LN^?EQFf3 zrK{ewuoKn4Nt+18jSj6{b_zS>2IUQLx((O}nhMdQY3L~=o@P{BXQG0RU@e=gt3)1y z&(qG{Tl@=2%Wc|HU%UGL{Rz-HKv}^8^p^P5D>yYF-o?D)YqPr^F_&lH-tL$XGrA+v zRBR0QK3qLPE5DL76Do zO0UeAx4_(0splh6q;~qPdA+|Ly!T3Lh;oh7fPW6SEvDi}g^iID`31L#(%D4qttUef zcAc=j{7$C6ZOve=bEFm>#=lr7&{THc`FQE6*6UVe>2+Q$Er`QybWO|#Z(rsEe9 zCk`o0=dCs5WH0Rpkl2&nHE~nl3JxypaEsf|L zg_b_^m3J2Mg`XCe*Y!*W@auof8|JLbT@5I(gvtWWMNA%}zT;h6)-o_Pp4y z=|`RrgD>;p4<*hu_=SI*TxvvnM!r;_cZB#YbZVzj>QbFq3u|k?<1CD-K;0Kfz_F@) z>a=d_*szP_Ffq|FFt~D74g42l$?#lt2caqF3~t13^V`hSf*h?dQ&%?$U!1iA5r>L_ zlJehc9QpvsLBKhm`U#TC_xHnUBjMTr0a;Pdn=p<1x%3?Bya4aW_{{|0+tU0+P~ zs;3!0OyB2%uY~~xftT)qDwW>ZY{jQyr) zS9t?FHe)|SH=C#hRLHA_aB|0q@GhilefU|8mM~gr@YPvh@dOjI=__6|aoV$oHIsUx zIU}1y$1dwg?j;cUzFBhjmxs?>)JP-U!WE5lyODc>YF5ld?K3lris4eLD1^O7JGrg}>a%C;Eku^z@2IOmyU!A1;xmvVRyQuIPO)l4-F()Q zf10SLsIRYDSif`RK&Ck`Ho-V+BLHNWsnj=M{HE}1@Z;EP(m{Aa$pQKz`t&82cBxmz>s%YqoMIA8!_ z%yryIj*8;~x7g#(`#ib7g_V(Nz?ewTv|CiH05HGT%3&S zuRN6nZ0ssM#8c0W>A*PWWc)EACrq6UHqT|C386nNE=hIJz@^xR+XqVPtP_-@5nKtp zUnL%M%nH69$|@~)iz0A9-S_q7)$xU0ZA43;UN2inwN!WgB4PWG|8u;lw60n~q>h4G zg7%LE{4+ubzGYL5=@`$~!{B`pZ=R|did5MUS04)j6ZRLT*>^J~>FRt>$}m`KIFaAKF|j2kw1 z`7k{%58$5`N>6EGBa)8s{3ivR+J@`U&U0-tEkcUEmA}9s!}^6GDxT@nVrAgVJc-8* zG$65HoNA8Ry2P7TdQA6px>H#PG@(0ttOe7<@@b@@HGKO zk=C31(bWggkLUF$w@q{d__IdNx@@jAl>r~6AUZit+?5r&BFmC9!7%M1mU?nF>tkqB zK^l`_;1OzuoH$sPO95}SjA34>*hA}d5%r}S!11}lRt7$>NiWK;OnW0cM8xiQp!FPKP*8icV{voMcYQvCt@AAB0HX zC^V_&PSY4MH&c*r*jI$q#ZwJ&yJ3Nya6!YE4ATn4Ek@;3`khf%Z|a~&)*i&VTE&g% zRWd;ZgJl|HVZ{Lza89q%4alseJT*fj?8&X$EpF_RNexm^1a+w}7&~Y0e(Jd0-1t^Y zN*w~V*^o(zbJK$2)O?*6>Fe!6;N1Oh{MO5n-DMMc_2HXxC@bR)zj(Z|XUFWc zif=_qtR)g4@8j0Kw4^EmjW`0|8aT5)$-1@LE2&i<1Af$U=H znB@K_^kOH8Gapvt;017==bh&-Wk-ECWGP~eu zHKSP)u-R&q5{%!!m?8W<-pT9FepF5jLdOh(0FtD_^w_Fb+vpYj;JAh+C0z=Tc)Y|0 zH`SOrr)Cupk8ey>43s>Kk$vc6o1gP-)1;l~FB_5Gf>}Du->{R;BByh72TS6-$xFJS zLyR)uV*&Q|@M7)~=UahuX(Y_ha5V&f!g%L-_tT8NO#+Oey)Rz{t?fnh$E1VP1;K0ZE^x?#LX=1rutVPbszlq5KGB)GNkMU}mglq>r+{dxEAMH8VWOkxnH`JkX`*0FgZ+P(!2)a(Jm zRk2ULZ`pcGIHRhu5nb9pEVFr8eUiaeu4GTyKf^;IIdH+L6QkvL>%4fro5Go|0_Niu z*(E0__)g&p&GjsugPvM$o^NshYxc?B%ZL5cOibR`{X*WvYl6ODD^BXzp!|}@ zh5;^Kmj^>rOXLg$+1Gd&t#hVZ*C_AiT3<-^i*lV)(@W?elY)rU^}QTOQZWI$BlM%w z^gj8NY$!enY?vTzsKHtdD@QHJfp;Vu)ekHBa9=a>w70UehZoxS7|V~t2f|d|^f8EaV_YjRwFQ_(Oqi8GZ5<~y zm&M&EbDQ7w%|coH?B7GYM4|5Hs;cvZW7=nNPvG=z_oCy!4y?v*VTJ} zds!QxQKS|7`&qPFPOhAfpO}1f{Mq%5%J&RvFsHx~(MAR}M)Cf5b}8;+bYpI>bgV7g zw(9zrntoD$LMl?5Kg5LCWe9t;S@d2@{vNASk(+{!>QGf+h0s3>74=Ttfl%Q!i2RvGKSd3@qQ zUDT#0Btx+etCjXT@kPIuhDa;8l##eKd>kb1T|ScS`+LQMlXO)6!(rcJ-IMs)%OJpC ztRpKsc#DCPZJ4JOtDe%UZXq$dAb^~4Tr2R+j5Oh@mx>Du8v4t$Mb2|)+7g!w&3l^m zgJ3$h&8&?7B4SCjN5;>UCb1PiAZ?CD#h*SwL3=EW+EDxLXRAdVZfc85N|~2aBPtoH z{NFO=@hxp^4{^V4&2T`Hu(tj}_m&=qk#s&kU0S+927P<+l&NFu?$2KcHT+Sx=Wgq( z`(vn$-?(9oQhh(dukb^JY)3um)4q9P_uY0UEHhE}CLs7b1=X%=Ld~okliy{K0UP?K z)30PTxfFT#GC26I+hYIln*z$CetMf^-}G~qAV5IS;{P=E`hO!p04+=Zq9)KfTO)%@ zZ6r$~J>@ji_ik+-Y0v+xfV%hJWoJu?f$@HM$rq7+1O9r3S-nKO|8k&H&>jRwQgY+lOgW*BfPzYUB z_FILS;{Fnw`)=mJS_N5Ky#}sdrrHY~9i4g-f@pkN?h2eFvJ!rsG%4cZoqi;_4;Z`7 zW&(s$iPSf4k$%F`iU$QVyc?z0x_f3>Q=o3faW7FO1U$J%Qu|3*#3#9#KcG`vNM%D^ z*Od(UEUYCBy~Q7=oHDwbb4rafI9|C7`V#d_a2Mw1iHRmOGBqMbks|K70P#g!3nX7n zHs}pzIAY!xHn_tW6jtiuk}r!HcYyLIGP$0zh7r#!D#5lnjm2f-t>hoRnzVUB5G>iF zBE)H^Vf_bR(O{h+-jU%D_>*X~rHi78pS5Y{W#|?o2kriBC88wPbGS~;%kz;TQe`3$ z(Mb_nKQ{CO{H&qx3q|$JqpbiQ>gXUK6`aHT6}pUfNtdn$M)a@$`lYbYfaYa6;^wlI zbwY9SxRQVu+E@NcMXK|5H)m2-iZe{P+%FlA+XzZFXXPSYC0~HpVH^Wl$yaQD*md;q zmx@+*`LG+lHBLY;J9?v5>hkPanE6AQ?lKwT6b}T^;jnJ*t+^FzUU-7#z|8I^c*8G63*!>3f7Zk!eI}41*%$o zOV?>OGasDR&A3r|UxWp`>-s!|ODlhhds!h->3*|s^xK!FUOQxI4D?dvG;kxBtwR3Z zdoizazu1q~5ebN~|JU4k2Q|6w-yV-{b)&)tDN?hgN)j!6V zZpk$xLxL<5UWWwfB-#eu%mBDH&Xc~5yB3{g2tS;IM4sArH)ROs5rx0dTT^kC}?*&1c*)<9We)bm>@F>T9ke3u{?T z$Ltork3KDKKP6#v?@&(TX3C8vjaYjJmR{W!1C`Tz+1U{!IY@y*?9BBQV&#j0cMA%B zkaOIFb19X9#eK8yt12Z^X~W&(`)@!sD~mf3onuE~qxq!n5{7GNQy8s=L^dJQGxcVo zYg6<+$7c?o!lL*j&=&-HoTYOHoZW(o;?}kc`IH-B7OMNe@0?B;I9y^g77T)4%M`!R zBS?Jb!J?Aw)nEnwTm{Dy*oD!X6UG*~#su{+t1ll%zxr!vyP<=c#}<4nth(ICrwxF?caA<73m50}A)b8WnCX~|?)qMXz&iq!diUCQJetdt-F;?Al?i|&f zcTJd6k5rV9iMC*7Y(>@3U$X#fc`29FE!xL&WnMMP(cYJxl=S!1Ixbp8xS|xblMlM7 zjjPio?T%^#`N91cSZ1rn*uzjdU1G2Y!ej0=d*$|w(H?NM>e;=Z5ke18w<2!_4*o1{ z`Qoib(`=wUOKG_N=dGtieMxy||KBmJO)w}X$s@+&>E@n+*Hhu8y$aphgVcDqHU_`j zwy0G#DO2X)$ZQ#QAxm06U55Va5mr%mvWf~CV^d(QlEtMi{MqHIy z|GiZ|_#)i;B|I2Vaw=t2xOY&ZyIx4jbY*(g;cD-Qfd+f~t~3LqDZB)I`iMNgT5Xan zvu*6_TXxfIX~r6Hek3Z(+Dw)$mWGwh`dELHyHn$$c0@&m-EAljg(p8f?wXm*!q}?U zK_!AmcI3}G6nbm%`L(rO!;c2E0R6o3e+|FBVTwy~1N$d&ZS{q_^C>t4GUSyzmI zb8Hy-_7zUaJtRNm)wXcyD^F#AHK9b9AOEI|ZM5UBT;x>@&x@3=c3`*n$zN_ooRBIl z%w4hzd#Zj>=w2&%srQ)!JnKO}LGse;-icB~1g?C`8bUQbR?)H>6Fhqd1Qi>PXV=PN;fMu`)Ad~f%!5`hK zye1n`f_UD}zv(%$V5A?Oot<48DsA4Ab6Ni`YrgU^+tx;1U7j=jA^^;E{Xe&|*b0Ut z9;h7rF{dR^fCJLd(pg$X9~?-4vTXqDFTa7vD_f(DM8v-x|mm5KGx8ualA$ zDagQg`Mnl5n;rWBR8Z!-S>p2BOma!teh!FTFJtey;()ZHQ1$=TD*jzIEBBMj&}(Rr zc-4h;z-!=%X&hSNc(5g;V#E9_oWCB9dx3TZ`)zGI zo(v!e0D~if?*J78JwVih)}LMQ+Ns<%8trP;l+oyw85>(Bn_Er*VaHGE#Vg7Xmc@sg z^(FWeEYHGStNQ>+{%n`@(UQba*IcNTwPr(mc0MbVo*VLDVs%_8t&Or`@FKvBdBCua zF|aTg{U^{?Xc%~u*G3-Vk|wH)5z$WJ3H`7Z6|W};2Z#u?rvVR7HTRzwWVFdP z*VpHkba*i7>h8d-_giwVx80CTMF~o=mbFU*1yxspXbvDXoUpgw0${#aa4g?BpanzYtXVQG3I!f(gB}v&AgCR?z z*}hk{Op9~-$NT%5ZFC9=a&Up*opV;{XMV8>cqJB5%{Wr4n|gXhuPnXWz7itt`X{(}=YvNUwe%L^IrpZF`J5v>-@SygFA+AaQeBp;^ z&LPTuKocKXxi7(kl!QCi>H$F|cR%TcL2#q6B`ljaxWL}YU?gWZiCJ#jafPd2-sk;? zx6-C4>Z`6)5@Cgk_Wj1YN1WHpybC}3C2ekM$ner@^Ga$GZv9rwEO73Bn!tO|weCNy z?uOp|6juR&55rT&wzzC0XUe=N-}U?4y9XGLN5q0(0I|=j$T% zWd`kP4XYHojBFfsd}v3fxZq)N(|SRn@G@WFLG+hs?^M;{13FNjVbjISkqEi(hXS#Z(VU%4)ly zB&dprI9XG>2ZmQA$*71fJZl%5M&*p8&$k4XFLv(Lwc6IGUH3hX9hC9h9(XsOUkkmd z6JC(J?2H=#93lFqrVMT;z(mW2sO(o9Y?$gPZyH`G_Hn3xYR2jKL(Tyx+Pt!UYT)_W zcLwWHky@QUo%Z%mI?ksaQ*40gl%A)z$D{Vh!@}j^$tZwyvs5j)6Z0tT(^~aUtw!-Q zIB$D0QSb&tE@X!O9Yr@*;PzROQ)uJUmv>d_ndMm-Q|u8Af75&RMXn5!(nhc@7lpV$ju$CA>8g*-8c$5l1q_(atyywr;#7xqsgL2%D#{hHSk#ubf!ykCq#nl z?hLxW4%@tfH7~h0L1wBS>x)K%X?sd8NdTRC{YvO3N%-=JtbEVFP7BX1qT;ppoWYR9 zH^y7$TYvIoj|bOUtQsisCzpBLzP+aBgE#;!L!qu-7tvpa{{L~&Ta z-S=+<1Kd!Ql??#lQ|wU@<$Y$K0LQ(axe-3AE8&aV&CJ#zd90P<%$0;iCKH&8v-{ev zJ!0?<_tSAx(OvIKq~KFQO06$uxej|TcTZFx0i^_Ng&pXUy>xbdPO*{3j8*a19;9PX z&ctog?i=t_+lK|p5bd^blf>7oEIi4)S7-e!iuFOdx&a3V@&bNq3@K2()ZZ?B>O*`` z7x4cz!Tm!Y8mXsE-*y^_yeOBrdz1@5&DU2Z&t34Z_;r*tCapZdIO8hLilg7W&ZUli zpc!I&^sUm)K$IzQs<{;{&F3`Lm0?@wYxE6Vrr3FSY#Th%E7Q%FS89lS&o%L{_WD=S z&IiRHdG4WE^Y8nJBRpGIw@~-@;TR$zW&G1+P2KO&jrY~A$~=CaV?52MN_UvJ_v%-y1qf?C*Wg(rYrGbJ7EzD)shT!A}BL%M5Hnc9Z z+*&x0CBQ%>H}{Y`7wX`E+2D}C>GbvLQzVNN0w+&BK;bL$gA8{Bi}zN!dZ3c;F`vy0 z1I&^QB)_kB`^N-NiJ5G?yV7JUV1$Vm;~0^jM^u{(RRS}H{S8+k2Dg|b=cJ?<)-*R7 z>3#K(v1(f>M2rbz_rF&iS~Q>TR1E0IZ(H$S0ZWDv|H1disfTY$ot49nvNa)6?msR4 z1KdlC`Er!DL@~f?|NR%rZ&Di$)3RW{)plMx9|F?gr?=m~uha}Lu=P0)8efTLMuoi@ zj!7qU`;kd2>(NqgH{Mmsx*B)|dDBsrcv7t0O&Ij5JAWB6_($qAzv1}#8d-;CzRov2 zcY@Z40VlskGDCIx-%?$4@cAf177`x%Y90-AtG5aX^W5~gB zX0XXQPI72CSjgNEgR5lsp5i4;FTgZK`JT@D`O*`7=x2qr*P)F1z5xW7QTCB^4QAA- z_jZ-sOm+?alSf`|-u46b3rts6Sc@ito+Foo-A5!Y_UmsUhEi9cs|C_9(ynFPFXU*( zg-xA+Kx|5J`MU;afntT*(A?78kE`=(uGin$UV#iplm?Q`&|x+j#jkt-Dl~|ahi(fk89Yi=QzI{%Jp2*07G5?*4V7IHLqeoH}xyga8MCh(3~DCVW9s~yaelY z=HGc1~^g>Qv0>s@YL7DM>aWPk=GM$?c)V7kNfbdo=qY!+O~s5Z`QqHF9Jk(!oiQAzh5(~DjCYz>fj#XG>lo;L)*h!R)7uk8OCqgQ$V157 z(TSr=KduMg7$Q_x+8m6p8mEk{{(fx$D?T!J-x2&J=H7Em9LV%;SJP9*A}m({-xC&> znyr;#$JCzNdguv^s{i`kKkVy^uEfCiL2M#PLhV;u0b)>{oT-;`<@G<42MO=rJy}nu zEb*>QU79H?`MMC3bFnn@*1ni*<}*~+C)*N>hrzuJsZ5y6rLaxixWwoiC}@kEaHB~C z6iT9%Wv$fW%Q?{B{Ho%)*8Z76#i}>xky=RkGx;I%{n!_2YvNZ|rDb?2j35=If0Q}Z zG_?;8e}~N%{FOSue)8+zZt?Fg!s-mg#ywD|G0~k_ypa34xju!-eY-sA`lSkC-$*#_ zchcPLcP|wi#pAF3=Si!qS9H02!P>{Tke{3ACrd= zYlEt~c7g>gyP1lL+D%(c#Uyo`8)(baJ7O%e-uPDhah%#X{$^u&-tXN+nsTU4Q?#{y z#TD<3kC*wCOf7dY!j=GXJ0x8cn z<!jf3;9=6|iDMOM)N}IvJ_oveJU#R* z>#8Q+Hjcl%9G*a}7h$ak{_=_2Ohc~c5?g3k*tjg^Oi?QuOTSCXKABZc($w7yPBSxTMc6G4Bvr5Q**eR=&km?3#FhT7tk|E3-!J4MMuaX4#2 z+@VEh2Nl$+m=$5&s(<_e^4M?pDz7%Q$fn5^b<)OjpY(v-_0&>?3#En|B(TA|#%MSO zVsDcfEG@%chW?OT+}mKG;jKi0nR#8IANqmx6KgzXg04(NSgrzvR25=YW_=0E61^>U z7GkAZY=YB%b$IKylD~k}vmYUf3rf@KLk%^aQ35sQVIDdd$YlPTZwnx*?)#N%9;cJ7 zWUH;-ms-SqEgFP98FnG1Lh+q}kUjbf-WmSQo^YbgBo(scPYYr9SQdvU z<^HM1b0A^;B=#jGbPn{$_`Mj}Q^EZKW1ZjyX+^q-S_m7}*8)|y;iH<9?9tNRNzAkR zHtUYU-aihmRKm@jUw#yjQX#MW=XSw=k2-IwPq>_?S=_`~dz|Dv?}&yh!K?2ljy9jbO|pMPb@8ffaQT7n<( zcUEAgTlnT93DsFm;y%;%)o3WSv6EfH#=%Cy_l3PE!lO{%l`S2cmL$^gkuz&;tuB*> zlG8ba)kbfPNomt&S5aY2b))&<91XN@sc1A0wt%z&Wu#AeP82+zy_VzY;@e`l6nxm& zGx-^m6WY_^>Ak)LD-L(he@mX59b&AtJ?;>yXvE{l9G9&jyJWVg>YIz&Kd+cBskR7v zZ+cjcn;?^@d^Wz`5z$5Kf4zW%sYYB1zhrH05o5-r5=T2+vK{FO)lH{f5leX#8$u+H z@02n~&3R20rJ_8_SLQEv6m$xF_3WXfQCJ#_@=iM9`rLi#J9}r>L{gwLUzDxPx8s*< zn}kAhNLkWcK}53&MUH9XCEu)`iNIom)6<1M@A3C0tLUpH^K;~1lCNB`ttHm79%Lo^ z&U_odJo|C;xwzn*a;shy0d-N&pI^fFvLF@_Ojh2%kdoBOMe(J8#gLziS5N=$Q4+4| zwy>OMIahCAGA-(NP)^hNoY48jAfD$C>6OV_$Y_+u_{PTtU8%MFHfV3vBXt)9Hcw;E zW+A2IS|^WFzIvruP47G8RusN)v4NoJ4s~_s6&K%(tJlj)FD1kyv6(bKCQ-k49FEF& z(nG{JCactwi(k^PHA{(!u@{0g+uQ@_Ldls=INc2_Hj^IHkG9(MC{0IW^EjB&v+^*H zapX0=^7A!#eAJBVXzhZacdc4l5-aHH%G*q#P`U!b!_AoiS;UgR%cT|`h0XqsK2ys^ z39{7U>i3)}5}KEU;hL^;g&!ExkN$Zb-j=$%b6IQ##M3vM{m%MB^H~WVMjGpYX}1RZ z3{}g?3E~bg6MT5Z^*X3|kTfd62`YBgY+I@npA@QYihh>7COe((b>~s&=Ii>3PR-}% z?|-4Yzf}zb5c2pOV+`*%tbK-H^Wdly_gn5Mgrhh6yP_rb)IxUvOC0~aU5(h>JUxA$ zd9P79MI>E=+(Yg*-tfG^KpHHJi$>!UXf2uLBY#Az>o4JTKhg7>i)ElhQO+45w0pwbHWDKN{|}jD>|0ZU+Nfj64hk= z5^xD&h#Ne9^{~m8L%<*bx%X;xpJ+6XGj(=0X>T_E`F*v_C@71iY{DX1yIQys3S0?v zlbPX8Twng+l}$vDzk!< zQqVJH)k3z>(hoZxm%moSrPHoh4l$$HDz?zAQT(iJ4$_>;e)0xk6SWVX!uWzigE^{- zHvK=s!>*1to{W?>WRH%?OFHA53fIa^yX@Y>acMH%fF%8urF=WQ@IXOk3q<4t&5!Kw zRe%nR|Kz#QID7^c-~WVjc=>~bPv=4Z&5CnWnJRrBu4_33btw08tNypf*Z8xG3ur3f9_+T8}w%wH|M2KZ>-fLW|oA7G;QN3*Z;(}zfD?NE;=L*nadL}O^x&0h+ z{Ec$DLivFff1LVi&WCcptFq{ITmiPjxx?##Y?K SSs(BWmA1ORTFKpe5&r|oC#G8f literal 0 HcmV?d00001 diff --git a/docsource/images/K8SNS-custom-fields-store-type-dialog.png b/docsource/images/K8SNS-custom-fields-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..6016cf085a9acf308591b2e3de281c1c667b3a4e GIT binary patch literal 29121 zcmc$_XHZko*YA&_pduhjM?fh8A|TQP45)OFE+Ab&dI`OS5D^6g0qG?a=^dnn9zdG( z7J3Q21VX3@5RzPe_dn0`?th<|`{uqlGi&yonKS#WJ!`M^S>N?TM@xnJ4(lBfu2j%i4uP?%Yz&p_IoYSKhE4PA6^Q2n1=n z1{{)zMh40uF+sRy`O6jB`($Jd8G&dgOVE0(%Ajq{*?Gn0=H|!e%$%I0Q3YBxGO}f# zqn*Mm7z`$N&`us38|xeCBNHvGG~>RC2FL@A@;uv2s{(e)!Z2*T>22daJ}Q&_ zEc)-KCMDpy1yt$$CPkW3Hiw%N5nl6pGT5@fXSHvfD1bV@i%aZJSI)ZTXJm(j&6=n026BdfgCQQqKQJ))NJSLGV;>T?W5!=D zsM-o@&L@TDJf&}AA1}{4(`xo*WT>!c^vX6cE$uBkW)e0xZYVG4<6C@pt!mZ^dz`^{ zJy+XzHA-T4z!547>K5t9oQhuhsFS9Xqy9&yba^5D;>)kYsr{YK710tYW{jH${vy zfemU!2fbzuW7}q<6`w?ipA_n7gAKqc%Fboa7O$&^fd)`@HbV+8L}w;upAaSdur4A4 z$SP~=iy>pF{F(}w!?uP;p7jLWFY7~7NBU=)HfH#vN!oh&5Lf42}E-zOSr8TjebUIQ1N;)N;Cw`OC)<0m$@Km|`A zP(jmttD0%8?P3(0F;ngH=nuDDK><%UH2<}VersW)3b?pF+Zlb4LI7E6T^tD(*8cbh zZ)$x8UE4}o3xhN6ot`?%Gh6BFuMYN%=2*v%Tjl?tvoC3Nh-H6S)mj9MQ7-uW^2J_p zRdwagx5A34i85D1)9y|5fSzPNOZSMnwt|a7r5D?C9vjyWOvndBp>3z4S))nsGO1l z(T&&3UdFn{MXkVa)2g*1+yQZsSJ0Ao)H$VqNLt3s^m(a{jy!=a=h7&v*WGu zKt)s%0q@gn;V&vChToW0Uy^BnSV#CA+-+qq2Skk5`X45|oDYccDGG3$9;R6gytj=U zD|CWM8;MMZ3fkJU@6MNmI?o+6H$fI2kDAom)ueP-iH7u+MJ87Y%z6HmS}kE)6SE8| zNA@I(St;Ok^l1MjoPYNYY5qqU8h}t>uwP^$x_lbDZK<+2Ji0=+ z`)9oIxN8ywTmUh*XRN~i6;>OGXg=K6Hb)9x$A9OY=w+W7KbxP0hdvdm&TsgMNI;w+ z{*mJYzEX4bc*ci{+maX7x7IppfM0@Tp#XdY;574Rc&TZLx=NJi#vB-o?t+ER!9p)W zf9CB*li^vhlj31P@A{BU0-ma}$aL({)MBX6JSu-C;XSCqomXZ&L(pZE)${Br3(Rc6ZUP!B^0d&#k)bWd^&cr*1a+9_ILU8cp4%)c_X=K(`Y1JKFZIiv?<%f(DeMI5pD!0KFxWLyn-@ww$L|l?w9>-d@IilhNVQtI@Zn?l=fgYh|a5Ff=^j{B5hP zRMm?XSgKpwkj{=-n&F^u>%CV+xQxtdBhbnNNr9uKF@yT#_}y`87CTu}MVN|^8MQ#_ zj+(Nkdco9q604(Q=t2h1k^KN$_TRzhp50Rlc4;FI7wd#!*|77HXV}R$xO93>EH(-h zlj(rnpSPk#O!->aDP3njEmW9b)-(FdXKwnMHQvIj^}JxWE?I11RpHRLy-}{VNEP2? zt}>D?-Q=4K!)8!Qwpp;bruDBNZb`mR@W0El3)`QmTC3ZL7Q)oC3(?ex<)8(`cD>2E1*mB<7>1W~xeAwX~i)=n1X*p} zI~6ss`c@>;z%N%4@e5uBxVs#EgdY~Olac4Vn8V1uI{q|rmNiJjVrlD(FmhP?7MftQ zgKB-xRXb5P-Y^UPsAEr?5Ta+cU!XawW}7R$RP|{h6jAzDa1^z(8(9aONyy>=O7;}A zHtf{7p`y5E)~IMLm3w+sEZTPRy_!n@CWa%tp^`6Ghc?enE;TD1i@DXenw+X1Ijlit zEe3|^$F2C5VO1p&I&B_`Jx)-M39F$^>Dg{xwzsEWwX`)uw9AvdZdmJoL)frMmV5Ga z_Y~M{%D%m}I59UWs{ZT-Ystb2+e)?Nd;&lPO6t*UoC||GVI_VZ7<)PrOIflJG_Xlm ze}`0;P5LpxmI8abp&w6>%&X(m_u%tyoM#Hk*&eQrmWClV`l&1H3k%@Z2y>xfQSI&Y zlvLA}$6|fX94~nTb_GjZFPHqJ1pu-wA=(IRMg@R+e>5fVCqRtXYv2t@O~!LEnjMN5 z3pRr73)4(%2S697QK`PUSAmN?7bAc!wZvuN3jrjAn{^c+bI|aDTULNu$O~U1%FAso zm_LW2`0n#(P0^{S_xY1<4&*dN(%Sf*yMo=!1cKi68Q<)L)kWM``l@QyA3m0#O_=F;t^LyfE}d=X>$ed|#q$~N zsK58dq}G;GGJ|NaSero8*@#pdqqfEQ$0o6**flRvhHh=yxGZtr-LJu$HotZ#QOy|>3+6XDc zv?Jj$;FMw4sFs2z+K(^j59UjRHM{hgGFgapkMl2?kZf*Ip5f4a)JGulp$x879E6mh z+P2@lr7m^x>+7?)S&o%rbRwdVOfoP3rqXAptyIDQFe59wG0VJe_?3-b<< zy0B~SJlaUxqoeIXpRo~4$y&JSRsyyPZW~5gfG^_I*9aW7Rdz70wDA=_PyicEf`l0% zs8HpbPt%-SLeKbt0gG$PyU2T~_aaU+rwTZDhy2iG39nzjVC`)P|IJ7UF*J*2-ZfkZ z5B87ITe+3K1as_8f~%}>TdgYY-IPt6S1up?`J<_BwUz~p{KoMa8o&83$heiZ#fng3 zRVOR|!O~zN0qXVO*xsz!gl9APERx{x$B(6Bmj`i77QebcVD5#h^*&3|d>d;o`?~e8vrx5)kWd}a$h|1a zKq0RRvt(+C`8{%S5oqKc=?G{wSsRcl3g3lv`G59k0c#CnH?@QmO46z=p`He@Z1zu0 z>%25dnezuN>xE^9?$NPWTEp_EEkKM9-jjP?GyCx@@H-D2=;)fB~GVZG+5&e*9*P{IWNJNj3w6L zr|mmeX^10LUH#D7)Fv;5V*G_+aWO>AD%|3P_rrL@(aI(hIaEif}Q*%DqM0X@gX|VYHGJ>IV0UKiGbW2 zh^2ixDWjd2f3T@`N#!QZK?D=KSp#1=L4eB&h*r_UeDXQR2PSDbZ!P=I0Ja5caw+Id zR>#h@g;;?dwcL$A%=c+31MEx*?Jhnh=Z_Hv|HT4STAMa4n@nu9hW49p=Ayo+EJ8!y zkWYu)1@J-t)|aTo9-^M(qtKuJQ`*7h*5*av&+&9SsCJt3i<7p1m2QN6EP|F-7%VEw z>+#Bb&3b5$C?X%fI$q%r*H!R2bpHdYys}uo8MTp8`}2TZ)`daI)G;manx*~_;}*7* z4TTb`S>akb4y`HEqW59v^O1>kq*TJHUUNu~H*FD>Xh|U7O@3A5Raay08S6RJpFfp4 zAQ_rf8a3eES^(48_=gxA?P@&*zC^l}O1+^pDV-95*!GFRW?=@hmA6xs|^HX0rF$<_xBJ}Ib?<`t7j2&HD|HZ9SLTsD$f=oYLam+;(SgP?_GH<6wi@)c!?zT){zc@ zVVvcRRjnp1&64F6vB04W7Gj`+i_$E% zI)Xei6y6nMT4n89#f@+g=oOw{H_0A?6$arouC7bX)bqg$a>q3h<(7C*MkVT=kTpn; zpH-ID*~}K&dJ-jaDjxGNi!c{DniNTG`3cIx#AE@zh3_ecKD0dzDqc89ZmcsXO9R-b zFYGaxn&?N=f8+Q@HN_RP&wifGlpo%JSP;TTb1c-BVepwDU_yh(Wu&Pu zgWWfH_1}B(aaFFp*$T}b`a>&xX%!Q+LUW}Rohr0@Gbzo3nfIA;hZgU#h>3a6HkIRB z!qh1sfV79uod74x!-#|wH-C1zwEgyugZkf5>Wmt5X}}mN;Oo!MgUKx_npy$=(;eo! zFKlUEO)-jk8Xv+Hnk{a3$9+JS<9%J|AAD;YQu$7ep`*o8j+un9oHm)_j7aox~jyb%^+&_P-^y8!bToqr2E!(^<>PC#|qS3i& z=$?KZYpwT3@~#g)pY1y>7Tn!1JvIU%*k3QJ2PF4p8gPly)@o*+7X|fL7xo#RD%9Lx z+Wi3k;bbjmhl7wgM}XCAyMCww^Qxytm&u9zNdZTOxvAyDqJ_n)YVHf0uaS!jI*wO^ zXPIWzlSvq?Mu=#1+JB@kgKaq(RE{Znsw_P3zCHBrFH^hA%4oKN=hkp*a9j87ZRq%W zeMVGyOy9pc&jBg2#YZ*ny*h!Kn&t4}(30s+OZv<-lE+hO2eOMdwrg71wUaN6=yCGR z_dX#T1aMC-ZM@0O`hVgvcH{vJpQ0ltT(={`Yql^i8`f;@vweZP(Xx_})ywX`At!sS z{XZhh|Nj@fmXq5qc~hy$zR(P2B&*w!ll`XsEJ;Ro@%sOj=~nO6tY?BNOK?58b8@k?u95z7q#gRv|Ieg7g<>`Dq|Dj?Hz?Fk-A0+75L!SZ1&qfBi2*jHH>6&Kji~9n0pJ@c^lP~cS^@}YfR`-RFPT>l8N6c-~R`z zZmgb*aXjdC?z!w1%#hucaTV`UlpD^f3fvl^d82EZD!;*sqKgb4S^DF;*7Vaa#LJW| zz~RKSsoY`RJl_j3iC7%1*efytSoi-DbkFx3xs4PmPrH$}AW;au|AkHb4R|e9fDJi^ zQ;#bMyP7WqDoNH`O@&}jU|piz6isL zr%p5xoYb-IqIz~Ug*h|&`lcpirzE{7_$n$GSfs?J_`@KgU0p2HJ$Zx4 z@jT%0E86C+k6oVo-oebt7bD&{z9T$8l>klS5Ybq(3pa-CE<;f}58?Og%gja4$kSEo zp}i*u67O3q==9@6djlg4$wr%R@3SQjsqKisFVvM4|Kt`Lfx3OI>{gDxPxUI+L3Ywy zz%J70$?mCM4yY*P3ikmVH3L@f>s<(2&V2*jp@BTCwl4{Rw>Ls~M!&aM!+tMdUxE$2r(PZUtsMXJmpRX`pq7FE83h9U1^P!9TE>;{lbo@&P#qq-FqMc0$ z<4KvfVJhlGC?(}pf!NLCZ;xzfqD_v7S8_3~SlZ**bk>zwP(tm9+w}ZR1S0Sh=nVic> zQ<43~B?}eRZs53m;mPojQ&MCQOBH4PWQO5Zoge&VC=@R|{Au`eRvz1V4uQ9MsW9Xj;fX{B>hrQX$X}7UhQ%QH|VM;4z$M&RP=oK3V-zSBxE{ z$?l>ioj`Pg>S5$a>#XsVwJ#c%DcvBDU+4@TyXMY7p_S|+uv^;(BMqkJ0$o%cggjk2 z#}&|}^VOSCu(N3_h!*`X>FHFZP;+1ILQY=APPqAss-}4o)c9djB$ z>#B|}Dsg#m8ePd}lc(f^$lSi$Tg*=$qLx}5+uG@xR#KR~`Q?fNF0bHd;EZcaE$6Sp zWOgG?cb)R~*i~97Ej1kHT6&Bpvcm}n<8##?u~*!!1#h9jaO_rc%TiFTS!u49R-uF>c2YK|=y zoZ6VP4kM|4>kuwc=lbc;Xq!05sKbnNH zeccRS$_$Mdssy=y9+YznnAa$cp!MpqWd!zV$G)1kG-=!@S)s|VQ%`?;n$hvH86fwe zp746!-V||?7?pSf^hzQ##i;v-$98#geo4;sE-2n&w$4{6-TqnDdGcbas1@XR~>rOde;HBV> zXtk(^anpHzNfXTGFvq&>Skc8P&sxRRq)azr2+WK7V%MCvX{>DW&Geg(PhiWQQxSmf zT>!6yp`;2;y+aiWt5UFO>tsGicPMbEr&KEP`(%pUK5A$ov3w|?b1FQ+u;z_pc{w_K z1esQP8e&^9Kl8rLFrlBtp|he#^TA!O5+Pi}SxWeu%Kn~RZ%YapRukF$Tg?EFv29EG zC*O6Pa#y(4ZUX~0gW=Srilx%oPt?M3(RgDg_HJ=E5Dhlo8=nG{Cb^dR8chOKwa22f zAIr6U#tewMK$Asgmlm7`gPbse?m5ME&KjQjAtJw6KrR{C+0H}bb42)IcmlPlR5xwe z`-$L^(BF@}LrOn*k=gZPBa+M)gA1q~$m97lyeV0~>J3J)<24@IjyVQ8^aW_UB?!g2 zmOM@lh26xKhxyo)N|-2^1q2oNkgL4Yb95e^m@Cbrm3cDvgl$#qm|cwvNnJyRC3zS{7Nc8$K@^To%q$fe3TJv(RYu|T9P%tmI)b%QM%m_FCi(Rsbh6*-Kc*iH8UlLPR4BWr%t=dy|k0e^y(jx3Vl(eDYh>pIiqHLnB zuDAF4BR_y0&=H;hR}>xT8%%J0Y6+hF@v*%xcA^JDP^v>QsFL*Za(>ro>I4TmsHJ|8#PNR^e zZ4t+}w^!>=qup#urAto4C!LopHi~I+v&?!)H#-N=@{`K)`P>v!wU9cS({;nHokg*| z)Q1Td(>goo?Hz|wa|sagH^7?7PRY?eCZ#S){E1CloG!-f^j#~!)3^Y@%WI>x*R{xZ zZ2?=RruHCVHv3I8PaVIy#>k)r%-AbtYJIK-Y&u0h*$tctcrGTL=J7cEbh%=0rbBa~{m0yutDcCa*hQQ;?m9E{NxF5WjtAsCX3mQ9 z@}6+f`NcdT3HN?fTvk>9udAzrIa|9J4@Q_%YV3_S{L9v)BB*e5+D5<)PO&{5BHrS6 zGrE4owRtNjH{|4f&*7G0{L+QQ5f?w6+->-<$iXeoJ{GX> zfH5c1F4svRg7pi9r*mN7%fqhiFP;SK(!1%Ua-T8(Ntpj+e`xSIu6!<8CO=FzUMcx< z8Ode4iJ5_%ZV!yAt)C6Xg``4FwEa*t?-^W-f&UhpA?fwi*W(9_uz^0$M;~mX9bC{+ zeP+qfiY4y{_6!8~>{Y!(?=$+@hgnJI>U~S~l27WUro6FCc^;pg^RiVm={1+VhK5U^ zxQ6g?6C-Y!9m)NWF?~c{W@V-2?zFl!yMC3I9DMOkHWxUa0l_$Z_GJ$2$|{xHqVBFc^d+ zn5e609;O)xCOtDYop`KN6vaR0F}`nxa&STIk@Cjb#OI`1&Zjy$F2}d~E<7s&kMiFMO*U^{@|XqfIzsmc?L>qB+#cC` z-Mf>92EO<13D@I&D@0V<^m>ZQXr32LyBqpZTl@KFKzn0gqgbGY(_;q zV24LPFqkhfp=AB6#!}o98j<16RjrU4-U*yjE$1t5K-1M!IHB!5+E%<=aVM;I4_Q(V z0S3U971ulbT)p*WCUE!_5>&B>f+~pHO0GwaZNMUulU~*M?TmL*xxnfehC0F#m)_V9 zp3dre-?m+Xa_t9(GrEV-nqUoFpynihNWz;B^~(FSyfx=(4z`q)`{yb-waqHI zH$XJ?e84I%lU!++Dl#J7X_|f-7h!lHSp48bJmabvVqNgYv4Y>jwRBGZWPIF4Fr7ic zH^oGS&UC)9(!N!{OmD1xp4)XyC~r#YYb%_?a(PZQ-g;atUIyz@DOF(ma~E{?E}gPO z{p4IY#>*hJS?cZ2Bg^BLf6ugb9t%odrk0(aMbhzEYCpP{nwDWzgoHJs6vJ|Eq+!b} z;T{@(ag0wzZ)s2W9Cg zxUeiNh#+=_gpv#uH=8BPH5|Q#eI@gqJ!~ii4d*$aFL+(mbhR&>Ds8%G(xB4dH7GRB zL`tN7*5c`|rmxGQTTN5%b!r0%_Nr(Gh0yC8ejwM9yilM2^dGTH)eKjV^R%vNHr3tH zKbyg%hX)jq-Ds?STLpUy3WIOPuP{C1+i+b>b10&FTvb~nr^jylGcn5Z$QM0#Z&s() z%XVQeaURS9HEYayVDL_M+;M@Yr*<04F;_Lr!RIY0B`)sEYCGpyzb9LZW2mcqLCc(cToQ}*{iMS=7U=`o9m^6tn4>-3tH^49KwxB!6Z6tFn{MLow1MxE2- z%{~0YM!)8dy<*?2gYGSOT6uI?3`}W!NZifgZs2_15rBKDQ<0YkFka){C+6fNQ<dFuMM^j^V6F92B&<(Gr)b1rL zMHs;Hf#S?v{#6pK^?UhttG06bADn{nKU-f+GDz2~)s^oK)_vDNeC>e2A3Jmw?3te0 zOS^#@N?|aczBu0dWQ(`cms%WMCL-!x7whxL&LSSlc=50N$eYLEd#?R_GHOzj-=MBG z;(KqVJ>%;j#fb{x#fy0{r$xG5vuPgz@|4;$)ATRIe^s+Uf(GoyGL6FjiO^s_+iEn& z%D;(XTL#bxUTeR>eI-j94Lh{KW-Em8Z1>&0ZFyUmnoR0r3zA(+mW_-I%xr0UJgs>0 zz4Mg8>J?l2x7>^?C?xl5mW*th{6Bo?|JFRf{YMZd(Q`Wef(@G1vpAdy1esjv3@wN8 zOV(>?LD??C;I;qZBik=(M9iBIr+sY{A#c>=?@}n7VALcaU%ZFsV)-F^yFvu9p&O|yR;E*Cay%-1yKO7y&Z37Fh55JZB@2;AB zg;}G=`B5P^@51^#7g@u`ev+4J?aB$m%-`uY;;F6-g(B#^<>8ZXh3D#G0Y@%$WD6cY z?fx5+xl!6;3+>cNBhyI8!8xgA<9x@25}z2I1%?bQVMm*BsRcYD|G@r}mmf|6$k;Ye ze%?+E-1oj7=^`J38`_~&s}B*8BWx3_w;=NCb(Dp(dYo;T)%IOqHjc~4?OwZA9H+nL zvy97qT0>ZQwTE=j#SLt`mdjYFVUB2#wfQ zSD5#dFYU6RXJh`VJR!LNNL;4W;A}3Zu)?$q!cRKz853fRW<l4LY~gZY8)>mSM(%8KR?yR~TMogbi%YrBXv-7M`86xOn6%xIaDJQ4 z@>9Sf;k8%)C138{EJF4)sd*Sypr4$TB6d7RsXUwhY0K(4?}x0kpvefRSb^F~$&V97 z)Zjn-ThBB58ENtqap5aH%?gH8NJ^V-ORD}fPs?Zq!eBO%)~NNyCw|asNbP%Uf#hci zSP{s?c^H0BOw=6qI+U!LI83w02cXBOjoGZ%D}t8r{y5wI0>EEUK3Y8!yD z{4A*v;EoK5Va_keT>6-x)`Vu}BGyxq5S#cDu{H30vW4GaR+*|(clI=hb9j!+y{c~s zpUZ#2SDpAFVB82)4*m=*^kij+iAX?wr_DScgSfHdLwH&*%rTx7B;e`E0EYB=OFKHl z3Dam*Jwv?6Z!^D$>gWS)+N3D^ujpUlB?v|xyW$s(4qpk%wrsPlZpJj@_vOLZbM!g=#3F8i??>VTkWU#j z_gsGz0w<216Oo)LFZjHtxVbloe>^2c)2ZKi7|C6nvsIEVmn5qo?0@w=omBx8z5M%lAj0+QHqnTr|W6rtBOyj|ZFo2cI1;*N*Rh%tJ7eXo7ehd8b*lik4#u`%|w@&C^)a0o8} z^Yo5hEjuVbcj}bHLDIxso*QXz`hHf*|`0{GPUUk@vKee zDpql2hBvT_;Ul%dB-RGJNCChrCa(~fbMrT4G8jI9gL3ZfR>I}S@AFD{;e|C6dL%_4 zCqWzYm=;LI7Hu|i=yq0=_cdBA5>^nxG~qQ4x}1sTgbNee&y7SMEc~9>!2MoK8Q^U7 zJvy>J#sgIwmCzXf;d=UXlLpJvJy1OqP=|H@&d5kjE~2 zBI_23Qop|k((R$)qkc`Zq~(({71w&;`sE%iQCsfi{OCn*7-v?`N69a@4`vgy71BGu zx#JGUIne-MK+qbrIp|1h0|Jrm6VE&%5R3Tq7y*_CS;YNG;3BR=WH>NTDea@LmMnfE z2Bl@0N&IT_=m$m$VjaDcfg3(~^(0`34RSetEI(xd7ukeZ60+{pQnvD(2Cvd$UHyW9 z+Ye#|N+m1W%sEctD%cAW_eF>Q4EcZlx9cmZUSt~Zy!%x{?nyO9iW4FUSo?kgEV3cy#|(o5&-+hA2j_g9cWEIW z8&`7vpzSv=(7UyjKO4b8Yy0VgLECIMNrX09@D4F$kkfVGJ!I};__#CZU(0rwL1fv?( z`=W-Sc4Xb^yay={(f>Gmz9X+(YZ)!8}|3P+|J;6jIiYo z!rmIUd~vf^*0w?GE1tlsxSzEvlgk+BIlRnaIB~-FF4>3p87B{gLmlCP`xz0q%S|Ak zW+3MtJ3@+vtReT+Sr?VoRy_vPwk}^W?7c51#k(aBCdtMuipUt-$!EBoGs$1zDh<=6 zg#4C#NQWd`K1MFNxmy-c@8+$HNS(GMVA_b*$X69-BUiU7#t*E(HiqlHOgxsa)M)Z* zuX|j-j3KT_6##*Lr{61=WexUA%FE5GKld>g%6V;%2F_26mrwZ>bjZjmjYD+}@xE=l z{_C--YCvUUbYHy^nVV-T25{AR%8>OHhHzg^KY&MVkPRIl8v@U(^8`CS>XczsF-x8! zfGjYUVFB(Y7DZ&L{;!nE$LIY?ZlN|w-Li_X976kqk1ytApPV*O^Q1qhAc#H1b-@?e z3OQtgh>kbM10%_nlO}9zBfomD{I$zdQ%u@W;Us7{+)oWOy+KxQxU0g%JaRR7LAhF} z{ohGyt7YU%Fn0QC*yGGYF;9I>eBTF~Zmg|tDXpv9z&mi0?Bmyk*K8?p_y1v5<9|0k z-y}n(sT!_jdHHIzC-?mL23_sZ;+gwTV%wRKFiWIe3i8DGpBGO$C21w*yB}rEwGtMo zdTu&d8q@P$WzM(LHds2XFvIcKq( zRqcqasq##_IQYYjzuAxlaKD?Ft#>)JA+x@`FL9O_-;8|ar+b_9WI)*(@xZgK&TmN^ zy?0eL0-xk)&x9gW;*&)7x zDZ+yO9!xhH&Xq-?m2)lZ;g`1j$xGkv3atqqD!S+-?WFTqZdVcBExJ!Dy zh%jAXyxK<;;{-1r@U{+7A=3ypXdnnl=?H%=~?5F z_H%GEGBJ~|bf;>yr#H)lM_{wKzAT({=UxAy^QoVT5(_WyD0pSPxw)Qjl3)pvmie?4 zck{Sl@xuNj3lMbqm21U^Uc!40;V@B9!uLyEQmMF23o4WNl)<&@R`*!=*N)$3qqR39 z8K0O{QY<9T*AbzfIge;5NgF0UCc z>ps4_rTs(yO@z8d?a8bYDxm*+eA~;Qqf4dJ8vQK*q5P({av#wX=tA1@*VP4Y$j((a zYbO%cWSM?yZ$W@#lbp#m#rTC4&*P&l^TnYGuPm9%NKZ~PdJV?uk*_)u`tOqle6sZ7 z+G@B~R#&(=FQW9BgfFI^b%uo@0YOuCsvi#a#&2fxo{2mpb-x)aWc>A0_qH|wzxP+o zd@-HBZ)Ah7l!S5ee+4Bue=YOgZY7pFM7GrjWCx5U&@O>JF#^0RvQCVYK`?@9J^!b| z3$2W%86lQ}p#bc8el{%PrS=k`8^l?nB8EC#?~Y^~OZ3=cDSr8a+PCAW2}?f3=xlv` zx)Hu7e&e{8mQx^ z^2-p@NG%!`L}XgxL+`!S?^Ih&iNz*kbPawM?;PGS8p}D;iKloF3+I>Q1iw?s2sy=2 z766)`Kr$VkDg7EpQ>iOY7!=QeQ5lv$4BsL2k>|s!I+{w22TSunPPiZTAa>mWsiqT+ z;n;r~UzcCnY86~xPi)=34U+uh>xOJ#wt4BXz8AK5P3e95eOs`G;Cd(M32J8&`62_~ z4ccnr^*ma&V*;=+$S4;^vrBs$KKsioVc@i_f^_}9y$%O1h@b9sBggeH3*Fh?rn;N( zR@_;4(Yl=xpv^wbi#Rh9gv~6nSEoSVl>_aiC;YJ=)7RxPMM|GVmZo*B*2v5Hp>k5J zb{2~J&#mzgAH{c{(qu$BiZU;=iwR8KHy4K2yqm#o;Yi9bD+R(@Mxde;55 zBjJbp`d7QzbAIHwRG$gujf^Cq3DXYwxcI_hjj7csahIhDZQi@ZLTUFAANSyApNhU6 z_(J%H-&wys5_kBTpV3;$%eVl3Wy!Pw8m(4(&X)i)GlNZIWhnuxt4M02TC2h=K)ph3L(q>3`zR`d#}^k^hK@3BT4&&*i_+-lmbPUEK=_5mumU!7q~+;@&omK?!hA&vP{S)rLQL)+QP#9akxqe%sRC^5jZZ0{-nG5Gb7pU z5^=NY=gr8>rjn4}vj%%T%a;&h$d@^lLho!9Kt7{k@L0s}F#)Dtof|iW!##BGGBSq- zz9{l`RbdHx_cYG@C%+dZ`L(eOmVk}4(!FB;9N;pd&sD&2|LgbFjD1f6CoYRLdHyAU zt^X-nPLA}xZhkLBpNUDEnmT_#_ZS}E_DKCs`cu$x232t6V*e|F<>SaYXxb~mPig7D z4!T-^Y7`SLzKu(wxF}j_m9CwGt~K4>=q#pIWy+`tTVB2q^`HfW<*AsmX1qd}gxB~D zLXMQ(XjpE}dW}j@)$TuSJnGl#H+@9fN=t9lmR2!9t7qBY-BHW@xzpJ{@e~fr0|eqY z400M-(}!ejG1OJw*gLGJZJU>}4tcSzDJs@oM3k~mXJokO{+)SfRr2w*7eb?dwzZ;$ zTntfhgKKp&Ts_l9E@;%382HE^rKI~Z)s`1J87+y{%pGHfkLUupf_U%U{TKYj=fUW1 zH|AvMts$mj<;!b&6>f_^3gZTnX;I^iofucZnGaGh&O=PbNl^n-5=dO_rX`Qil@>`O z=xUGLH-4g#OaEqCG>J>~u70E~Om&E@=~hK+e*#_Qlkztr{p;U~v)M2kMa9ZHZ|f`P zMN%m(?%lQ34Q{yiKH;~_SKbKhaj!3l;4c02vH#S<=Q?i9rlEHigHxf}JjTr%pLC3B zU%8B-ymfnHGMZ-=7s1%G?=`)e+O3az8hfAjw$FyhgSVXB<|ag5k-j~AiQm`O#xB}C zgT`N-NEx5Qh3~Gq$&7TF&sRNJJrMelaoYQGr%Q*lS=*MAkt$f?Ny0XTDO_eYFVOGI zu2)!fjfd}9P|zFFS$v18ApXgHf}8$Emc`}kyMzo{`w+-9FeqF&aU+rgBYP+3#%9m4 z?A-5F{vu*f29@ECjBw~dQ&itbd7534Fb5K{ez{y9LWrVpSa_!&|6u+2ZT+_9d*Fhu z%AxD;TX!r@@!O{K+xs*{xDndLcXhU0Civhlb5ha=N%r^%F4GpfUvRD-W5KC^b}^Ab z(XOI@z-O1m*7{7XwHG^w09UE8C+E1|H-|Y4fuoYVJZAdvh~eU1rgFber-Hju@C)a! z&(1~6_SitTy)17{+9ZyuSwE+iaZn^^w(zf>7k_h@P~`PH*vN?r=wIaIkR^V4Z3sMJ zwwYWn&Jk0gNtgA8VfHo0c6pN+PtRKT3bgcrV(io3`Gsk`c|)poTl@Ue0x}20cU*3Wn?x?a}%?QjwpCy>TDXH$-eig%;YS>cn7x~&y zf^R|0r$~D5pL*hM)J86aGu)0*D+`C#gw9@dT%TolmA$A=#waA)9F#~sxRurvVo0lV zxtM)=x3XyLp@d_(v2&IGR1LDvvK32uW=43Qkas4$DvEGwXHgUHs%1jyPfLA;&E9iMugFN4FKB5r&mKjC}xr0bM5g(PP4O?q}RN1$p_(I`_K{$2?i}$!gZa#9|$Tr+tab5QZ zKdgj1ys!v=-dAT*uf=s};2=@;CO>R?Kvq}Fjd*8Ot#FyiMKEf)Ikd2lLYuHUb91fb z5(7|Cz|)B7x%0%hbhA%qA`8OVNVo;JPv_9FP*~v#E7JC18OZ<$rtRlgo5^PM>fQM9Y184TxP~dF#Zxhj z;T0~kvhuPih%WDJQu$ZWu!SdGc;>gpEg$wawK4y61`igR@f(r)`R(VPO!WR~K3T7u=>L00U@rWW zZLG9P1MCJKTm4+~@Jz?_+M0`RhgQE2?7|t@O~r%=aaI5D$77LdIxzWH`kxcok)b#d z4iLz9cE6q`GrnL5gl$}h=UTt>dphg3VpKTnGoafyB4qje`~k#d28LHm`e&u$0Sj={blW#aK8_ytxOHq(6;e~yz&){mb$lVLWB4e-+$%LA7+>J ze$1SBaB@5%=kQ+EJSh^4gr`IdGDfU`xi zc)hr9t}|@4OpAv0B0B%pi(!+?%ZZ7u<%2`tC8~GkucW;6D0}}XMQjrdF^sGQbX+Qt z9sNv-lW)))^yZm4ROSh-=cQqR6Nu+VsXR)2BKIcg^6`7cv|t68F8xudkz9uJL6)q~ zJ4DUUaT44ugG)4E|9F5&QJ`>Xw)yJ+YsYv;{;&4FGpea|?G|;TdxKl0s}vRKBp_0h zCKifx2_=w_Aieh{L_n-SC`w7B_ZoUaD4|#=0ty5OB@mEa0}`5qcH=(ZH|{;-p8I`g zeCNmgbN*#yjFpV_yzg3TuKCP4A7DrTQEo}W_di6>?YFn3;}8p9gF*DJ^gH`26%O@Q zN2$m3h02t5dBV4+{ggweLG;1&=ut)GH!IF&`W|RZx#!#McQ>RGHYGSj`&$A6Lwv*C zqX(`i`8lnP*B`{ZP3<`TxH03{o31SB62ZznetHuBI#t_bc2fBWgS`TO6phVD)jEIr z88rNBvoq)9o^fGMiQ#WjkcMYBL#j8zeqwAFq>3i5Z6DNTS|s6)%H5`4?n)~cHCLQwxB#-L2E3Tm^?UUdRD8{m_j*1 z{HlEEgBSl`de%9O?r7@2y)?5P9Ql>a}INGi4MY$O^LB2Yf)ftwL?;^u5BSMal~$Pev7_uCFVau8;7xrBug1; zXMA>%q4=XaZMr4Iyx;U>OL^81=1Q=|7^PlvSl5Zqn}{?8Xm*F%YN}4ISn(_Y5Ja*C z=pMlRJ#wysAmb!BOO`V7PP6gcX&jhmK2eN0Usw^fa%;CkMs|x~l1zbSs#p?AAKpXZ}J=+kl7o9vVd}UGxqy zh*^yX8S=Cd`Rzdt`03pST3XCbJnep}Hi&iVzN^*#lP|p!@c_({lp;CB_;RoYo6&lu z2n#+f-c_=)y3Oc)ej=fy!h^8S+s%q~TRu}3dmlJ3*6mxm)A$@fAhEkw@g$;3)}er* z()b_M&@R^1Y~i`2TQ1U(L+S4)Jg{T@L689h_s&tVXwu zZgpC==G2YNj**{Z1Wx4j?u?7>H#J1btddO=G!AS zZod*|$^JCGY=y8?RFv`r6ULGp*Cn6fR+=zMg)P?|fAq$0?a#EmDkqcU8~M;$pZIOr z9Rk3*_V?gHIPCb`#U?VDv}jtb!>dNCD~)M0AjX3(>(bJIu^>;~+%a)952w}GIuOd5 zhDXJ-uYcz>fk?0-Rk?{bT(>x(Ds58RzSYy7yJMDXnx6Kkmi{?>gG$T<2!RMHE@F)+ zu*~Sr1dlR|L9p-A;ulO$=jW46i#bh#8wCQL&Cp{&h+lQemB=2Kiuc;FErS+01_9LS z)^Qe{q{d}bK<&V6Kom*9;fTFmjEu6UN{D-*%n*&h9JcFPP<4MXnZmlhBRex~`=Fkg zU1WT%kyMd~-$L8O>5#J^No46=0tkS+NzKco7?p+-KU0$O8W#F}PSYsum7 zgKMhnn+6J`J@>H*FKnu66#!1ukO3etTCiN+;%lpj(tIvZp{Cf~G)xZ%5eh^1lgz26 ztIReRbe}3#a%|{1C|97Z&=)*>lTJ*kP0;D@c523+BBLZY_NfDx&4Ai}25QGHh36p?}1! zMwzH1=XJZi3(SuJl6EwSTa5}57#kK|m!7->L3TT-OY#cE3A3DVk? zfIr%TeDX2DkIkWM6tdt=`;GdgNemk}n?0pPJGG@0c+IlewLcMOWmFDBnfq(3rRrUFW^59JGI>+P<*~!C zgVveo0A=5_wQG*g#Y}Q5$~a3FjE<$JKR9&=t0apnk%guV1Y=u-qMkjv^thkp#gx?7 zkD@56tsF&m{cPGo2)+GAbSHY0Xrn@$_DY%;7k;5syWb6Z=M`dvK@}fXL?XMKs?~ds z1J#aadqWOLK`3kVHM%zc5&Jt#_9S7v=hLzi8qAitw|GUiB5WY_p-uO}`moiq6^Ib9 zAL*p0+^q_vPE0Q@pQPeNy}1In%j}AN`(Z@@)OciV>Cbz5y1AiWGuE)mh^$IlYhKQ9 zQeLP}Qz*{2KM15p{LWLODE!p2p+W5VI=}@urslOx&u5c9xRGDg*hk7Rr3g>dnH(SP zy};~E)r-kBu0KiGZuU+ntHg~=O94z03}d-NlCnX=lVVXb&4hcGB_&A$Yvt`af#^2W z#dN3MoAM~I>x+ju^3aRTORhghd7`YTk1~txpt9ebgOZ4VUd99w>wqDG=5YfLTHRt?7S>MklXBwr0XyMn9i__jZ71MlL6dEXOQgO%BF)=DcX1EUIZAYs$c!UcnV8FObsh`|qse z$LgRGN1#!xI*n0n?;PF5aZvZzPnt3fZt=LD6{l2v@hVY>TM!(Bz1^KN@z_ivr7p+} zBTqDY1hnALTI-1pxXtPgs?7n4W3I{}ps~80>`0%;S8xIMIlY}}+R1u3T|lQxU~n#n zhUORxOIb{t;yJ>%WwCcGX%;TLXr(mE%_`cS`PW#iaTD;pfjr}PMqAWyYi9wMo^3- z`5eEJT;SUHA5M;wh~B3Dg)Sajx(Bwm<>!I#QU+p=_uBiHtzK^^W?7+Znf+^|*H(*E zrXTrwcOjPrYVOcA{L@91sDBKo<{Ip2ta}>B=~i9hZg%5Kc)Q5w?+}^I;#wsL0Ps_nD^YZl*OkR$>fex9T`wttqJV-taQIdYNGL~by zK-a21PAZ^(@HCU2NP4E9?o3|XIxkN$@YfMD0&@ST#UvtvRXdMM`|+d)@6W82{`H5~ zbZH^K^M;7aIVL8{UiG}WxuNT7zGnc)jKh_c!=;b^8}Ka{B2F;fX!zsHYImkw0K+N+ zYLPjlhXHSEF1r=Gt~IKtzEjI)#FZ6^eBWE`eG%nX;das3{X6`{)P(f&u7&<@{d3}- zzUIIJ!rDy>Hw$LrwE&G2a~&jsJSLBKKAh-RNp0}Su94&)TS$~LtkH6N(+|(E|0dzd zQz3_P5bg@J@Hw7pd2Mwm_ZRB3*F&f;`4Fmc{Nh@oWM39Z-b3=~+wS<2amNka#XVTE z?q$*7NyF$Joj1V|a?`gJS-N;D2p?bg)o;2rPy)u)brAL$BtNwCh@=T2k)>%y5zC}4 zJz0FyEY#53S{qH7^QiYLZlhKQCe3ms*6KMei3<|)1_$I{+y87TF9m?nO|6@q`GzX_ ziXs)Vk`-HYSJ8efE)Qadck9G>l=fgF%$+uHP@SXv{AthQxF3?X19L!NvD>8wGQ_z6 zC0bX0BWPU|4Jm=0YlFQteWbWUH}o?L$}Q{*K8!_;CGZ`79g+<@*vvdW=s+!ha`LRg zR=@ha{mC9wB}T+CWcYUZqwm2Y77n$6;@ny&RT;7!d)entIu*4l(nk8RQgM>qC^2(v z+L~9YJQ0l0qu_`4{Xo^S={& z-{>tS={Lr^lr}t8*ZnEHDe+$7jtjV6tq^C4gXiiKr)TCo0-YJ=EZ`h-00uwU_$bxD z6*D(C3PiQ3jU3drsVPF>Z%xhpbzB`Yw^5wj;A8SkSLfc88g8#I8?iDl*~bnfJAvk`;x)HM>deI^de(%ErdNYdd+1Y+h!;B``(Qqu(Tt zTpTCkaj-lb0T#5=927Jdw9UY%?drcU>Z&YKUZpAa3(*V_Yr0drPuk|@UH;mSA8_eq z4UCVF&G8)j?07cINV?YQ3Q+ul{k`EDX5A~)Wge0O{y%jA-Xrb`gr=4SD*5DzMcMkB z%6|v+sFGUH9DDiRE>@Nj4p;_?+fzHI@R6k)#00&AggnGF8abf;g1$s9?R)r@} z?aL?Y$)-7Qsp`6t%ZIT(6=TUGa0~O*stAXtxrHOs;sNzsgn{JkS=m=}Nd|n(vo-8GUP|CTo*Gb=FRcu>npP=n|5$#|IX@% zR9iOuC-%Y_Z7pyA?PK|U*AQQ6aW8-Sq*@#T7U@E$Y+6ZiH)8jVVx<~7B$=QV%pp2| zf$EL&zc4l7Og?@D9*DqwwwB*+5z-p-ZEff#6LK~lEv~V90|>gfU?ir}1RCaPAKQYf ztKKN-(#efCU3TWAuJvujXNXZJmbnwYWjOWs2s-A%R)Z9%b@;!*%R_sdWcn%+=AP>>5e#VsfZh3aF%i4#4H$6|>?d|G~BTY^n> zeIqpo=FU#(GlSy#xt3`t{h>#XJ0qDhcG}qyIPy`oh0w-P7JKl^{Fh=;lNIlC^oMu2 z_jxf*Q82k#(w-yN2xqO9PfSn8Y2ff)iVXhH65Twk8c(4*ELY$6Y>SvM^ln)O(Bq;Oh1G$0kQ#d zeXJN@Oh6m>S$>wIwK=`j2N4L3Aj_?sEeY{XZIjpH7liI^X6%9!B(cn+@pC0Ra`^q@ zpOGDxr~&g4vEpIi;WIU^4lh}zF1flu$%H}C4h^YSHriX8T`mPKhbB2I5XRcU!*FWv z^b5Q~#bFuod~A1Z?hLema|5c*1I#aZh##&aHQw7DdqoQ089rLMQm9r+p>6%B4Lexb zK?RfrNe_9H&U}noy!lrD!GnO8?n|l7E5mAgsag-Z^$v-|o${S~$v{-;Pc1$0z<1{2 zfuB$b4bcX1Im~W_Ge;33@XJ;YRzcO!M{5Qi06B3R1-J!WCfPo+ie z9v=|Z93Zb7rK46|(Km0ravFpltaW|7-Vy3qj~VBc(}2#0wH$$t7g`@8aB_DZOyBp@ zycKm;z#VFrARK(uvcD&K*u8bWSzmKYawK;QBYEb0UgXB@;U9q&;x-YJf1zRr-{PbF z&5j}2ERJf8=yqkSP{nPpWyWbI{xINH9^>RM9`c||+=}AA`KWEeD9vOe_dELrmCS@0}sh99IXZblaeO-26XaYmG|ji z%>hFYWtggdihY%E7YqoCZ*!3;J{(UPIgC=P9hIH|cB_lnfAwcS^xc{5A`4Vp1&)`3;A_GbwWf$E)Yn-Y5EQG)B zR(CO>mm`FgM>-k@jC!Ax_BRB7>-Czcq_|(u>B(0P>?|Y9OaqV?@jcilG&i$U)ry;t z=!b~(SNRL4n?p_cVbyp}a+v}Hd$UyyO-qO=?(rz-?#F>Rd?g64t#n!z(?Egt8J6j{ z_K9a&Z#$!u8!8*BuNomsWG(}_3v#$Klj8lI1|!1vbpoAHAR6`3azl^U z4+xBuuZWtusoeD!;EohlWKkVz1dLMs%mOUmZMi*G*_RrHjJ!7m!5=4)uwU%`7e?7N zqziOAC3~=4B5yFbyW&+)AgYxwj5p<`8b1|K1s}cpY147{dq? zuEWMCV|!~ugeWYvF7=G8U6JniqhLSHXXRaH{V9}2?@`Uu zbnzEdQB}msS|?QH(Coljnt|W#PTt(7iN^4Q4sr%P^;+O|x}fO6QPA*sP*AX7*nM86 zXGZ!THW~lIwFDo%Q9%CCboz6X)o)3?`Kh1R#VaAKDo0fYYyM=nR}(7+6LWvTVy-3n z!7s4g<~IxrOa|afpMyMyFWwPi-1A)w34-F(Ig6oETEK>mt+QFqQ?&5zl_S@mNixec zGXk`|y1*ve1B^0-ffbdA8OG+Li|9}Lc4rBdnBcGb>Yijt{^b*c5xI+EVxD{}m-5*i zk?!$pm!f+|q%|LxZf&GXC{67)R99QVcG!DG(RVfy=ifK>ls5LSSm6X!b#+TL9J*1B z%k9f5$T~7qg^G#~b1wclc6|MyYs4=|S62esenAH2QFy(=vP*J1)TcO~Jojjv*@8KV zYAf|P2iwJ~`f6w;Fn{sgKY-8i@jNpM^GLRf1nrbj2voG6j2wkJq@kRckHjQq-wV!SSKy7lAj0+J?pTw!8a-T2*=X$3m z&D5N-*iSyS1UYG=82K>Wpm0h_Xb+0VrRLSpjb4u`z|qI~7T{4Qk@mdwQ;9J|dB3za zudIe+Y|Wu**tE(TOW?M4&D%pP{Xl`?b=e*ooWAauLteh_@IR0U%3K0#FE z!iw?Y??BnY*^-^+e)FXg1uhhtM~OX`ByhqpzmS|{`-ev5bVa}pP`ga0NV$i>x~8J> zvisyw2tlRrM(?#9T-)W0(Ehi%WjlPBRnJ`vG(SVlf()-DZ+?P_9ktV%Rde}I{qg&y zx{GoAi-ZyWxxx}3x^huN$$pqX{^Jv;QyZynVYbNPEb`chdGdm^v^OTw%wlm10-M-r z_t8RVTQ3z+(4leN7MG|rIfVuoz8oc0_LaL6`Y3&ohQmG4WmkQb6D?4E_ZPiat#Q7Q z)4jWkZE9hcbD{nqC@BUQLt;K+C)$>icn*LuKKJ}*rj8q@&M5Y(B!eNaY5-{8{AF2X z>(Y~cBTLv}*ta9dRt~utmwR^>7xLXZlx%}ra#mB;mu%U@|AlNTlL(W z1*GJRycJj5I#`cb;Oe;SS-K;!b5iCGurtzvS)q+e)CrImIny!kq#oOFIHY29D#G9^ zy9}_QJJ&sjKIKi;voS8iJLO|^FEt)zFVzH6na?GdZ{JJz(?JWKCzOMnnpjw|>S5{( zs!N*<(K9RN?p$GpIIEs8?n0~mnUp;+#|AaV9Yq&S`E`M+6W4aXrz|0(w z5d2%~UP3~Cy76>kr34VTVA#+U4=Y0zZ)5og#S~pprPs2{ZFgKgo;)k#EDN30#Q}B? z0a4c4vv|9kowmH;Tz>#SK$R-D{(k+9K>v_O1P9Hc8<|xF`23JZ23^Z0M^o&&PslZX^FC2%K}quTFL zd+vb~a-58dWb$5$qCN>%i6!P{9;~T_ZY|u23jCpOUZ75BTQBFce6WM)hRsc6iIZ<0 z?{A~&YQyjhE?`XW+q)Oii7|pNG{7w#X5^d*Cq?XbvQyCF7HV4TF zU5!>P7<{hz3gm1o;dP6(rZYg=ug1|dFmlwg1mj*w)Ibi#v2LdU{{2;L2P%~ITGf_PIi(kLX|%FtZo1(@Yi~Ebd{4Fnk%4j9m%49ew zXCUJSMRqySYU^lT9m|<&J=NXLU`{g_^d%xD5}5&eWV~shzv*8X^2Nr=K5ii{n8BLD z{$-RX%*6C#&M&kd7{f91FFR2Gbr0*mf8k%U0ROvu|1RJE)IR?2z4QNV?|iP4-Dl{Z zewnbkVx+Mx^&dnSY9?s-Kj*souSV$nzw;>n%gHULB`k!JP`Rv@&P8@;%>0Zj2|1R|6Glg+w+*j9GLp8l={53ek8@t;# z0o*H=dELBwmJvOf?yQWJ4l8)lc|$gAGC3Ez`tDSweCyoWwg4q%W40Q$yl}>K49)BK zR^)yEvJ|9#gg%le9%sQLZH4_tDLLCXjB~FiHTZ2V-JO)=mzQ+Zvsf(M+-~}gvB3KI zn`$kh?;0oh?%nr?%g#%~E$Xo457N;-4Ng;u*#gjJtf`TKC%mz;kDAcT!bo(zdn0d_ z+who*2{pP+6McG;deLf>215amJ=*pKwx+vG+xZb6)jhYynk}g>HM)PD- zEWiVH55KLtMqt)E_SN6+>eSxND$Xgr7BG`q&NILmo-u-39S)#QZj?|MsoU-$>cRNW zY@>cz)>-my2A#dpMWb-pBGqyl$y0LWAqDq2Nl|pjE!Gf0tl2H&-(v*D?)-|ueK{er z8#$3UY{~13w$JN{mitY4j2wKQIunt%6&+DPe$AMNbNaz@wGbOwb=&mMkDSDQ1*dgK zht`0>p^20)W=bn7Asfj{GN<(6iVCU&@A4QE9H#CXzq~Fla)-n=0Fk{wj=H9RfH_p! zK;1jCf|wzy`XG>l%jyT+_PnjHTR+EyaGi{;d118_2ybc@d>?;I9y)x(n;N$Uge%D2 z4-pk~PNrO)ZV(-jB$tA^ZW2WWR^5u6e;08EQX}%B{d_yZ8w$KWbvUkj@Gai;m{9)s zdGzDmIGc#*8)wIKsjfxNF@AaNT{+g&2uAqbmBc zD=%YIwrlns)}g#~)tubs>(}uWT)82t!Lo%O`G@E0o7DLLfh$CSJbsbU5f6UiC%FbS)?2)^XwN#%M*o<;p7A z-Trk%a_rZ^h}hSx=f8F8y)!s}mSJZ1cni8&)8|pd$cglyE#zIsEF(Nj?J(DSB&%(C z@uhG^Dy8dPq5ui9RO*tDm%$;=FB6-1^wF89DllvW9agvSJS=yOv$!;CGLUgI&!oDo{DkKmamPB;MQLs2tWNp6*%t z#KB=aF$SEx-Jll}@H7#DC;`Pp3`YRb=7_1~)bo`o!!B`z)xZ$U8 zfR{QG(+R;}GX)2F?D5Io-dJ#=c0DxE{eAAli-7GXJBi}IhTplutr&^QpDxe+M_)w! zB$J+?)sdn6q|b}v$M})7&W&BH=M%}lsgW%I%D?`n9tqFR={*8DyyJO1zq!X4V>o#@bw2DZV~8MC-R}+ZgF@;zkQkQn#_KhG=3Ow){S0 g5aa1z)jGxG8vT6XRh3@~;~OSz4FmP^`;VXhFM5=I2><{9 literal 0 HcmV?d00001 diff --git a/docsource/images/K8SPKCS12-advanced-store-type-dialog.png b/docsource/images/K8SPKCS12-advanced-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..c0419a922c59e36a772e5e56fe0af6ac06d0e0ae GIT binary patch literal 37362 zcmcG#byQp5x9CetTc8vuQYhY{rC4zd6nAJTuEn9aJCtI@i@UqKli=T^-t*qmumyn}g;r45IH z0=U$1!uD@Q9;lGmm4#o%Aq!(yFB0%lzE%Eq<>|4&=WL0ZHw`l+eWYXe92t;-37#2} zDkAu+wH4)=Q@RGi?+mY8OpG7`=M|Yj{=a@dtQFMFp~qY4cAPLL5u7*#@Bukl#9a##a7_kNP#5sHnp1R=9MywXag#G_lmFX(5rdm%cD%4++29b zFX*H&+nlRwMz;sZe>d**^mFjXw&TAqpP+R;)kpLe&WeAZO*Ztl>ZOB#Qb$H_N%f{nq!J+g?QBx$^P3D;7+Bww5T@WsiRzU)@!LxUYq# z@?2S^^7Bp|6g(ccOlfJy8>qW}Zss>5KWfxzD^__Kz2sByby?+_iinhuG=+b&#bJ2Q z`%R|W)i%EGv-h#FbO+-DbZPElMx6b5)TOy_=KuiPFF)(TC608;*A-MF&Yg0)Y{b2hB3GyZdL$9BJ=kam91^uf51atj-_w)_ix#EJXB{=^HMFyAd<-J zDmnC1c3)E-9gEltrU4;~QB?%;t_^EvQ**X2Ud*UN$SI=FpX>6@uq_TcD+$C@tJ(-| z!?cfwD}R9XJNh@@0{w*BAMaON)MJ24O9zl8t%Cr@Hz1`}g#D*1R*Jm*We5%^*Ip-! zwdZSF)eaEmPQ*8GE9kH82%_aSFb6YIG|K}U2dI~?MwEJx3>eJ2+vFc38mu*!stvZpL!2i^ya25X>~%Ut%&oxRrj-BA<*c6>1lZWWQD45 ztaG<}*$bA`m|J_1w`u%S$?43I?aenK%xa+M%kU5@_4J1?Dv?631S(u*_FiP=l50_3 zk0k-0yC&b+Yh8RYa~fbK#5LVDL*nU_a0(oJ{{BN_{bV>fh_G(|)aGE0?QA%gYE2DC zKrz6b9GmU3y^`T^FV}3zj$6MCxeGnRfAQ11zwWmy#El%p1<7vn`}yJuJDsX^tBav| zbpn2Dc_PL8b(e6RFaZmHhYVvt&@!^PU(tFDSHH?*uivCH;Nqy!&{EhZ_wtv>#a+^V zN&9jOpx&_~bN8@@Ur0yjf`gCp32GRdCWPTYaWbV`*1|-LUiQ~3^Qqc!4VnlQ*;m|E zmNIRQ2!*J4CDmNDi^uVWy5`ZQ+XXxtF(f;pb`2hqzhkWvjHa7cv|N(^-okyNb$I>N zHCUG%ubDS%Md#AZv94OekY7-j6MYd4WcI>GX1Avh{>|b(3QC^l_u_*^c`&kbO>d#} zTlI>=eAosRk?_&oM}CHf8^kc3IPsp)L_TzLKnPyN1qb*{2-KEx=zKRE^ePp6xPf4} z#PSKvEnZLJE$L29Kl16~cKY5oAryOz<6QRRmG4sbY#Uwh_Gr*Uf4ZF*p19`(G1w^l zc^>tAL@ETj^Rg*BgJ0|ln-R~D-+%4ov@DVbscwIaiQWYW9Jq280`coVlrtMDrnafl zKD!FsY+5lEN|(NRzBbD9K}4H`keD?4(Ap|KdVAZ-opD-NP-Fj*6I<1u)%tb{xrP|5 zH>D&-xN5J!?(U{PhfC8@@n0fCukgrX=yA1myzN#0ymvn^d*l?u(rxY^yZ`knV)^U+ z0C|74DP6VZ-NtbS$6#mq@4kwSWB;2qL^1A-Jj@%udyw>bmYe?%nF%GMHQTej`jN7- zGK1y1+oea?Ez-zeC|P;+!DsA7Yaddehz6LOUTY~6m! z>STJBo;l&X_wtc()JH?9UmjqqQ?z{1nflvuq+z4wqgwZfd9A}rNeFlf zqzo8}mR%ucr;XPaLr;p|86cRAQCCl-lvTZ9oTW+7xyRXq2=$;jsN7au_u_eXridKH zbRtgN(VLN`O|VL{ruN2eKIOMW*#(5~!o1wdb6;}EWOh0MI35-#8SAz=)RZz*BfGV| zLfeY97`*srqsPP0#uy&!lF7-b*yJ}DtNFB)FSIrQ*>z$Tq)O^|UbJX=d>hgwB`LlT zyD~m9BwNV#FfCz)ZmbqSY(s-|19>Or*6sFpG_~ZlYwH zyfh@aFtCL0l2j?InACZEe9v?(yRiK>)yCK9&fNbq9>3sxq556~P`G^XY77<1+5GqYO( zi#r$KvWJP4O&L1@A?{r6Jt3haYC>|KjpYhnTiHw*8XAu2b2u0dfpqeT@JlzdI{akU z9uTcUr`&lkIhzg}K1J%{GKduHSCo~}_Uv|n>iF<5s#HSSC*3i#J0Jj*$|v9Y%Omdg z{E_1-2Yz5j?^<8xRDdAZx~!jra)5l?%qgld64sK)rx%O z@C`(VLIVbz6xZ)|Pfa5uVHE!Ly0L=;A?Qk1IXUl~oO`2jL;Zs-!3nPpnfL`6y4^9B zwXTEV0al|ihKVdu(*e;Mk0gFy6vgi)9gVM2MUj$Iw*%XK7P9>i_X7PC`jX9%wb5K;g|1XiiR$nrvn=s!y~ z1%Ig`z9obsY&S3)cGsADMF2!WiQuXeEm2 zeps5CeyCOPGl{{$c^1d`ft%Bk^ZlOC-2?yU?bk$tptV|0z=JTaaMtNWTIGJ)fdyW> z6*H&jNG242x^AklozSnM)4gLI{~NOix@}A{$ZrOGji7|$hSs-Vs#?pG_b*a&PI+-!l$#9s^a`C04yb$pEaHE& ze})+z8U2a|XoBS8V4WzU-mhIdWxe19U1)7YQnqBmIh@+@n4Zm=D!&4LCuQjQhSqwp z7&AR|_Z0nl>>QH#x6|# z8*}+Y=DKV5t|m2|jFODT$mo2fKZX6Sm`Ir41=QF=84twAKX9jf7B0!`+~{rRm_9@2u8Tr7y*{D{4x1boaPA(8mmdB|NMER!QfZ zA`*jlE~__~%_l;Z-FWa@h;B=u&uZ#X#GybZt8ZsjowjAg3#p(em^VaJ*er7mi9BeN z@&y1v1DcNs)h%H%8TKq%sVxj`Gph%qe?s84)fKI9X7`fzZK+-k49Y^q$q{gq$Omqk zFLbU8tz2A5RMm91PS1jwEX!vF^4BHcaJ%NmVohVBO>wio+D*Ha>K6CzaWQV1Hc*#} zjcrH_CdJYhU+vL!$Tq_AX7`JKb$&ZU;I%xWyqMQKxXIm4r#D#MsKToY@X05T|7Fzg zR}EF6h~QubT&^SSU21F=g7!O{M1dCggz$p*0#B%8??AOA76S>@Eiq zLOv2i`{VVJS0|qzPd<=#9w~e5_-`FNYlG6hLUR}8y+6QB>A1hDzP8l zth?x2ziV1fRJ}@~f~6gMTy4f=Gx=OAsa%RBJ~q)CT4KZc#bWon&eegGBn(s|Z~PKX z@9h1b$$UseepMFC@v-`TZ{5+E-+EbOJ6w}eX?2QBz8ax0>1{wPgt9G?UcY3WGujD0 z2iZ3S-TO|6~C+CA|c1 zccOnU_Kzj@y2$c>xiGLe*tB&6MSJCLVuLEe6_TIyf%%IE=>q=cDRgL^>}(uDpG(#$Pbi)L@YPaqWULC|eR+!%i7SY$*#?F}L$ld{`?xl!L3r`1YvGPrp<=i`-)e7c_vSo=8x>+hy4xdQ~`M`5qOLUH}hMMkNerssb0%FwjGP@uSLfT$f7$3D9*&}eL_SA3X`&M+_M(8Cn zy8<&jdeK6?v4KKG;rA=yX_t6EORxbe5)~q;Q_3pHM`}tUny85IE0twOK3d=B6#DE> z=06{ei-6e)ckqY^p7>Jk8^SXLPM9s7Ulw_PR8UcS_VM-m2!p?XAKe_JgX4qs7yHA5 zVDWjmP;%Yqj&yBeb6o_w0V-P~37ofYvJF zBzgV`8i>33{<{82-$!oM+!N>&Ntvu-HK(T8yV@t8^&IfXP-HR__c{j!Eq`PEe}S5x z&CyX^(EsNy0oSYEc>ltmPpx^d{)2%2FE9RIL(~7iyIjW$&6nicAvPu{fWngSxB1W_ z)^g3tHs_Z-F1Nc}|nrYo2wa*BRqV9=ef-QE@O4_78IZ4#9o zsEmeKF4c%@?UpLjzQWZVy(cFfYd?YgOK*Ly zZS^RXAMqUKKhAH20A(hHKr;tpQjc_KEBQ$!_QEvCE=Ux@_?HZ#U3W4)no1;tuz;Id z+h5_9oT60kywDdT=1OPM^%ZvY3&Av9s8=dW%1ZfN<#UK(nWOZZ3X>RWWWipv_ zlh#ZOHLQ6%Y2q&`s7wooH$2O9;=nUU#l?}{xUO8TgPU!vis9EE1RhC??oEqlTvMjKj zKIA`Bqt8>A$-QqcbGwQskcRC>&Rb@QL!Di+X6YUr!0XYps4r+(yZE|Ur_s^7`}Wiv z!!~d#ECzAKv6X^}LH|j>ZUdgbgB~vf-N6o$s13KvZ)o(7WU0#?<&jaj8ldJ)hY82k z+MaKZL)g`yb(`R&|agc_#$<+JEs%(0z= z3dO6nZ%zG6ulex<@-(LM?9@tk&vw|etCxUVse>C-Fk>64N5v`iX3WQKOzJN%D-bgN z9no6JWBzBpILf6q`wj0HbMkeyNg_QeowL~|@01lpvjCfx02n1%r+~;W%ts?Co`qL* z#M!rhCC+1S0@5;mIdg|wDpHj1Dfw)Tg;Ika-RwH@2edq`_7`0{FPBzTi_a3ds2kL5 zX&Ie4t%*H9r%GS7M%PZ=Y;G15q~xqchfPtr>P89-vP{(O2K9M3mFDL5CdZDA1et=3 z$#(f+M~IPpc1v1-c*>G5Cu8xzOtqqr4?j}_Vx@MB0(Ncnd+EQa$C7SNLuHK z9?2hXMk*;OoT-|RFE!OA;fY%M&oZ{X;EpmB6S)}7Tb=E-)rK5zF%^x2I^GB*IMzl#LdUu>d8ajP?I{Pilz)>lJ9rX z_}aAhCg_yOcb8_Y7SXnzBHG(ETIjieIipr?;`of$fXSA>X77IPw`bO<@gFJO<+g~+l@cAZ+RhO$U=tdqap)@&F znw&V1?~Q#gg-LdBw2P_i-M)3SlCo9}cR^d3M%h!JoQ)-h{@Skecb5xwd~rURWN)sb7Q~X=qWwEfZ)9@4yU&SvNP$T;pTyPAdO9I}XFJ7^ZKItqik3LOng#!lb z2fGEgK5OC_w(Yw#gKd-Uum0>7Y~BpjKG9b7(onr`Y8W3`8;Zte&vb4O3~`slh?X21 zwWop=QMCKGD5w?!+j}_@6a~p9W>?gUH8b-}FdlZWoj$fBD1i@~DBOc7Kg24cI9jX3 z+p*Ulzu*kjj)ihVJRVm>vCfr6;ePxsf9MLEjjlYB;Rd!<)=YFTX^J16G@Pop!fM>IgyMLelA zVmUtIktda&84IPA^+G6)t1eqi|FJ@fGo3{PLa$#=rf*x%>oBl4u55zt4<_l6Lo)r5 zg0&@Jd5sE8LCZoy7T=^)Of(^>b?12A^v;WA*S{7r!n|^K*a^}6Q^^bfy0QyO71#2t=E)!HdUWQJZ}n5B{+D6@yqb#r6gMQSVz~;tum*LMZK+_>KOulAuN%4kwc+PP91kXh)TwI$$l58) zRDVV~MSen!_4W-8z_Rh!%7tRj_U2|^&`r==v!%Rf-~`1aF5$qMF9|PUBe4NSRMdEd z`)hz{ERvA0Vv4?BEvv!BqB7=G>T2|~j&xL|-Lfe3-QE&;E3*60D75iRYy1}1;&10? zuT-)nsRB+1nq7Y<=(r3sIa`C^11*NwsoaLt%fe)JB%x$*NEA%t^COR-B0F>i9bI`e zB8EpfiH>_3@JTRrIll*MKhy7J;QAg77AR_z#)sVS4z=$|J92O+BrJ;=jqqR{1nYhu z^3p$RD#+J0D6>&kSXuD5u@6vB)iqaE{vAePw`%PHZT8R_i{|qKR>G#Iy+CWG6CC+0 z*JGy_QnvDwM!&DP!F!#>TeP;Xrlz7ne#^t`v!5-So0{AhU%6b&46Q2Cdha@It&Yii zyUeU@SaIJmJ4frMw6#@-X54_*s;Z$CjX2>d?CBlQaKF;3!(&jDa0DQWlBfuiyxwgJ z6rlU#?}XcnYbnKv>#eD%$=%As{X6feU5luzS1MG=Ilucj>!(;bT?=y+zQLZ4v&h%j zoX2vdJ42IoD|g5Y{HOUVsySz?Ue$TrZ!9;r_vZ|o5K&YrL|0evFUCr<>7@bc7}?YI z*1{5)5@G`y5$V{RF#-g*YH#eLHAAizfGrQ3k*<3;5gf%%{H-@?+B8RCCn{e@Z;aID zFJLp5?K_APq8Jd4PXxS7XuWSktQE1>T@<5#&Hy#+)DMQd2noTUh+f;>tl-vv^?*z2 zG)2YdzZrSej*tnYO+1LdPR#Z~e14@gy&CrEWf2KX3_W_aYg}9+Ib8`SndCSCj7kaE zu`-omv{9NolY^zb78|g%6p{&)Fcas+6e4*s`+@=rXX+;q_pX3AofXW>X_C-*yL2r> znQg3f&$cg5M{;V@89qWKxTBf^3_|Vk9v1T3adh1@^%$l(1wCyNByZrl;rL*!?gk@5 zQYFKvOQDsX>9>W?_vs^;`MrP!0^dumQrt#AKNjXgn%_>M@OlO>CSw^7@094FKNo~F zgA@6o!6p<6eF(6PzJx$cj0nfubU8Pu8hAKjyJy|Fx3h$m@+BS~X5qd$m3QxQmjc%Q z`hoEPytRKVQ*6e!DP>lD+F8OHc->b@RctXv3F3X-HM#X@PSY)XyT<*e4@HGXhBvr2 z;SQ1g1xJu3gB1QlOIN(H``@@if-7QSd)mX+mUx1;PVPbj+n#1`iO6nLT<_;%USha< zEz_D_Ept9c|c51#E&=^t8cKl}NxkUzb;o+ziW@KM`j*N3!bBW<+Do z453!AkgCt-n`~Mcr}+7Rsp#LZjMwrZ>=ff1#8Z@-F0WLoNGb5ygWLuMB3>_x5AtUc zy?4>Mp5fR(ALo%F4=UABHBzN*i2SBoaBb6=%#{ zU)N@{eA3{ad(&Ym3;rRz_m+@=N96YfFYyhwBx9@;F>yUBA8Xr&)=bgS^P-UR1%-uk z*MVe%GDk_eK1oc&*6BXz8e*hSQ-$%t-63k+>%|_Abj_z3z?3LA!z?4SH@UpZ4DKls zeqJ~@f!9a3M-%~rkX953ky(CV1;7B@g8NNW-i`{&64$$P&j}V~ToyZ49hRZTHCYu6 zckEsvg7VGe24$x((^VLBpCTeb%10XjsL#`%>=}O!U(3x+-Qnjn(!Eb9JX={x+tl@9 z0DR!5@u=vOX!%?~E1rmhe$m;LyLQl|(%uogLJa3T?p*oe?8l!Fd4)TE5Xg|f_3}q0 zKiFXyASgJepImQ-s9o^O<=n^)dJmqgig25wsH_#-C3WH^Z?A-kPp~B0XYVq4>Y|Jfw*oK!D6qn|ZXtv5O*v6WJpNw4Or0^s0P6tCLF|VND8v1X zFHu-d={b6vroptz(Q(8arN@SB6iW0r?p%XJHj`-3qcf_VjBf>uacl>T#%Wk!kB zb<6ARx&m6WJ*;UH$|ME&)MoN*@afR0hKz&DuT@bIIa;CvbraQRaoCNd?a(g;6Y@aQdLB!>=rZvIA zEXO9~UX*gh@M5sw4M}mo%&Ug1&bewuZ%Ks|r;x;O%o8de zSGMZ^7-gE8;A$!97p@e%v@9~E@NLd3-FUxy4?9Vj0I^CB8*j5tq^u*jfik#qvaoj~+C)x8 zxT!QpNQ9Lm%{>28XuUDwF)cyhTPRcyj0&b6kB~prsfJvU*PrcIf$-rXPxL6K`N-D`|gV5wSH~ zcNo_|JtLL3M`6_oz&J%R1FzckGhq?4*z^b(+bqsv$3=nogJ~1Jli}@?Ts)r<##}zj zhXB6vCM@dbjdx*C#^I(qT1ZuAsNJ3l#!p$OMXeUEEm#umv#@mgfdLr$_M7Ye8%feG zU~XaI79?h1rL~g}7p*?e7g_kcF#6_#{V3V@$zR-nu@|r7k>}poIS*SVknk8fSg&Xe zwnI$MKd3E!Xx!e#@9f2spWX!jGt>GvOtoe=amcvPj-`0oO;3vAX4B$A|4Ih5W3AWK z(fOTHf~okvX%+*`A-R1XhAZ>`HuhgGN}d#}n0I;bqW%1xoB3Zd1pjZsu7C-+-M>;1 zF>QQ|S^qb4`L{g9|3(T2QSFqpw6wmyK6S3CFc)Hcq1CUQj8-bZKt@#3qG9dx#(Jxd zC@(@oQ_~*-fr0E6WT<^Fz}D3dm(~8`LqjcoJQJ?ddWh&k=o(ckF+t&%f&FZll@_Df zF2$f!x@PG)(130=q8iTB@`?XcgigMY<8Vke)tb8bOXLBcXf648H(|dZ7D~%nEZ8H5 z--?yT$(D#RTl^o90Pm}@A)A;+y5=D^f3}V9S<-TPN89d->bG{FJZ|-2Ar@C9pCUI7 zu5@E@s0iDj31$@Srv^ySJ`hx=iZT`sX)+Z<1{Jm-?CRvY*cph;1y|PK6J_M{7{WKY{%GEJ+pCkc`%f@p)^&S$x+c_IcwNh zt$?6SK-1gIPJ|UJEL>@L0wTaVs@*E6%+_&&i_9?cEc~ILF$cR}<&4wOu{@cNGbq_S zF4s#^FS3Uiij>R-H|Sc%rhZWRVPNnh<2C$3uv<;ty08%^EPUR~)M9s&1*Pm1<6M*% zHnxc7nqpmvYybTvvtjXKzZ|`zK%r;aNr{D_y@<0Vr3v4gL~YXE?q)J_<~pLRqCBUF z2wsa|To=t`t{)bAVd8;vCKHp@l#%0Q9*86V;aNfjxv#UVuK?$43UaN9i#zIkApN#) zYut%y1{Za+;bI#JJDI%9#X=r=r~g+D^k{NX z>)~56V0TZXUbeeK@rw3Uex(W{u!g;}VlU6cT-ebqVw_e*NkyA6SvH|9GLyTnQlBad zUp(E8MyfbL_N{&UeD}WF;T%(;>Q+d?m|E-L51^c-vzv3~IP;=q;VY=Jk<^|TI?&)x z*=6Yq`s2g1F@nT3$5QPVjR{TDmt;(^#huJSvnM#Vm3>BySc{~65EIv_Aq|ArX!5X& zP>{ZS0+;BWtb8>o1(f3TQAPlsf}6!-4xci^e|oDcAk+O zB9oL?cxBOEQKlF`3$IF!pH!}TOS8A}+w1NNr|672=mBGE!#;VK_lSLEk9=&Kq6yr_ zKzmk`{$dt=zAJsjNL?hu@^D z-y~_US^$&=^v(~-TPkDC$iRZ7!68iszOhYp=RpzACJd9cRYfJQY>cFoDF#rv+ZO| z5g4MUQ6J_HkA85it;jE(SlK)EI!pqCdGm?_hZoJ7)bcgYY#SLOprhxj6LElP@nf7g zetM42$yU2Xu~JSz%V_D{g?+h8Z9&OqsM}F@cu&Uq1NZoOvt|@agzBDCc>M)e*80zE zbgBPj0mhplJ;tiqW+PA?ag=3jiwq<^KQ=JmY*VW&EU`QYrXeUCXB(TkW-p)43&B%;60YL>xC_r5c*3AJBn`(soV6l|UjQfF_uPr)fOfSi1=Qg&A5Q_-UF zMqpF1se^@7tpO^t8Ew0~u+Z!X+=%_dqPV#D5w(>;>n$e7V9L3yhewcR7$o4RMlDI# zV_YngqS+rEt*eLi0(AO{`splI=VDWFM+EBqo6re0K*^!?>P9z1;a7A+au(lM%2*Y| z|Lzsaz_w8S*MqU28`qD~|0*JQvPBE~Z?@rot1wv6F&C{}RYJ-6ox{gL&P`zyrehA< zUqB7}y*9_5;{Uub;eU6h|EOg!a^!@Zliu1N$3c=9_NNZc=A6#Im$n`&=zs z9D@+>L}pEm3N6RW{rUNFP0`D_Z!F#x^IwR9pP|k_uNoT~xP!&Ti2qtZ`%Z{&L!Z^@ zN<<2t1!V+%>LF4mx^;WjitXa=-g&v8i-mT^>j3 zt1L=y0OjKIH5B8|W_g8k*fzR}7yA1uy`VjYNH^Hu&LimJ&7Te1KAUV%!(d$d?VgpJ zI#|GooZs6QPTc0Dy<=M`;?IrEZV2+(oytA-J@&rvm}a`juC1-Ty}dm;I&y3G)ye&6 zm|_4NmyQTU?dtW#XKo{Vz?=Ol-%DI%5%#M5dvuHUOtAgTreanV#w{J;db?E<4mjt_ za}Sl`#@XIk|MWeg^Fsya%*68w_TxH@ZMb|Mb=bIE`_)!@1zT>}YSW_I5!bT4#(}^n z$`WYme1Y*F5x~4PFb`*`<1VDnZb<_6n3H1pnq#x!boililm7I~5)7I~bY&MkGivk_ z#6i~=4c_w@Tv6?t{^kGSL*b!zz9R1e{+b7(SlL_UGcvDkOf> zSArLa6NKQr$F)wDDUQEe^*-Wd?2K$(mRkcJS)@};{#Y+il{m#h*M7Zf!pfP{szw?- zuOr~tn0}yGP1^b=oMP*K!GbvV6{^^!E@zC*EBXE#=k2We8J-0rdU~5z)cuXcrhTUb za_>0E5nfjy&@2w|7;yjnYtM?Yw6Nc+Xk1OzBtJ?(!)jmGFCyvW6wdxy7saPD3g@fIiX{N^_2ro6&ex$ zL{YXMbVCjB(%*a)kyeE2s_8a=^ZopP^s97Tp zb|2uw>-JC)fbZ0rEKDZm_ki%U`Ryza20D=}6MEN;HNS5g&9?=01G9}qGt=S{Q}E%s#EaHJJyn!@w#e_ho?}-7Dp*)#9&KHTqb!^c zb-}~Wa>gm+LM3NV&p9o4rE}J=OS&3V49?8$0kvDJ^jhnjwnk8@m*}VVzvoDe`EWF$ zX62o^yjIHxoTXQSwkr2bE5w5Fbxvm)!*OVp=r3I|x*!_5CfJiD{Em6tTy9faK+nM& z+c$Ah^CKNiY%$ebZKK=KGkvQp3*vJjE+M&x7ciRK{sJy`dG`sv?s{aD_{fY*wzNK5N!jB*R7<0 zSyfa9xeY7b|3kqdgL79s+yEIl=rr6)5gN{MCZFgRuxwrdvdM;gr!_UA`YGT0&+hmV0_ucgoihO8egC`-dbfEF*sQ!P)CWQ|xF1 z!e{0xpn~e*@$?$aYJ-Q1S(P2xJ{6JM&GSjoY@N>3jb*)^KE+nJwv?|}^7e0y-PhYK zVlfc6cegtm=e>kLTJfak(IM4>rdTicAWf2$iNN!7Hcb}qT9u-2a?%x>O;fZ01HB{z z*Xf^8XTWw|g(FKR`GG}a?Nz|gsp*3CbGP-^n1f;24=jkm^*xJ_bbjNFZ{|MXyIH4W zRs&tmOS>xEB5T!ieMiob%TqG9qlv*sV3=}i(q59c|p&)&?jf0*$%^HXGL?hc27 zDL7$W9O&Xic5F#)s5C;r$k>n)OhiTco)EtdQ={4d@afYh8H$>ztq_E+hI45~)%1QfLBD!Ne@G9}J%v9ju0VEcP>yPZyO~=--D} zXt$XEr3|1Q@T8!kNj>`Z49$T=>kI5gRD^ZK`YK!F4__ATXmNq4um0`zX7{_e%WqD* zh~^qGaH5+g|BbVr<*`*7eDnWT-8;b_a@`D9ma%u&Y-w4^q$~luuS3f7W^8Wsr ziDNU{K6Q z{}t9xQf}jCtr}b*G-S zwH5V+nQk4b%OFqs5qLf7xns+}!9CqU~w@4Vi@(5=-7`FgiY_4pGqvKKJBL zxYuVDNR+2zwlj;U;G}1Vs;M@V%k2^*?sB@iD5@F{jc&@1Tx;z%a}NIC#GMIBrJ&a! zJDUN}(|eCKU}tKI7?x;qcEq#bf~DGB4;I?m+9-wG#xitub<@+*PxMGNn~91 z{3Xc>Z{^xnbyQ8JiOAfx3)Pay-REC6CKhiN*0>Cb^uOaFwpA%hU}{X`x0+OH_CW-j z&V#k&NK|OkugsqnP3M{h=Iu55wvWjth8R5Z7fW&jbAGR5;~wrq&PV*SGCpX2TFCR| z0U-wJ_of*GYSDP@%#VtWd@LMm3+l?Qy6}ASsn*JNoL+KS&U!TYWL~mdN7{ejVQ;LX zyT+goq!Z??|3hV@A-M6cwbL?bTx$bv2xIxVtn9{ziRTL-V_I>M9;~qn6|gm$?Lv0D z59xQ=HS_WEGSJgYNlRDhG=}5i&90h*JqopNcJpK6gnBi<$sYG>I>WwF>D{1TqoI9D z{*R$=@%Cl-$t$_2nBq2iG_yNjN>0cNc_2O zZ7K{0RTvB+`mg@^f0O0*Z$$8aN74SxegAI?g#XPCCuXgGJWKBMxj!8Y3=E_g^gZn- zK}q!2;Ia!HujVii4?t9;_VKv$(XURHn6X|IWgt&4RHX#ua1;JU)>@CNU zU()E7X*V(Wdoim`b2}gR#ruEiyt#scgC7x{?Z}f*(Lc|1znIT9i5?LY7rsZeIiPcY z_=o)=2mS9cv{Rm&T^;*BA~2|5(V`kZ6;DllB1-`J^`DLKw8)-s7TD7604v>VMPT z|5-)$f9>+j@1grq{9oCOT?32@H2<}J`#S!)$KL=9BsocbMSa(iU&Pfl?5x6W*o%H#X;BIxQLksPY;Mh%fpM_``2m`M@x zBGyAGESoy5NsHMTNhvAcf7aG7(e(jtR790Ly?ua^9Uq@L+hhGS*gZ_eE{TOeu&Gk* zBkH|CW5M~qsQKcv5551%0?-`)>r?o*Qu3EBHRb zz-i}1=e)V&Td`JJce)a;^UdTr3)RA65H5SW8O}jJ*+P zZ>=jTg~F*iq{Z`yk(dsSREMi1h_{8UpJ&$!#EIbtt@&)(eonB&O0vz zxOT`iLe&^qxC&(nl)Q|HViiztOINau*wH^2`UuwPZ~pz83r*(b6~ulrW2^NBoJF0i z3sBXUUhSsE;Cl5EbdZ_nJK!b6ICj<4`OO-BdS;662^n!Zw}#dw9ELZO!`Q}W>H$hp zw?)eEf$|f!1EEWeok*Hmr$!x6Nircy`R8>xZdb>C*X`QqkeG=)Y(3F=l;b?#({HXp zR211<;Q9hsHIrg!XfnV3X^WIze^C~J=l^~9J~{9!x6o}?(LI@Sx_8i5I`hq~w?5X> zAzs>^mE!^)tdd0>1s2CE@60?xt+Hzs3e6y_xSq-=`XLBXS)JY5Eb#L3%pulD+E>LZ zQ(IsYnbO&&ApWLa*;sB*NB2=9IW{vl-fRE*p=3Z#c5&g#S@h5KeVIj`Y+Rdfk(uY4 z(1a_^>-j%K0F!z_fI)PW5>7&tv-ZabMGX>mLm33F@MWTJNVsuef&qF;*?wi_gc!p| zjr?|PW@?n3^TMW_1gU3?E^I~3h*W1UT(W8>8~>)owO%xI4ep;D?lGx{-Kk53s}41E zD_h5~0M{=d)yD}gsUxhoS-b(`x3`Ufwc2m&J0I9Ry^NWdemG%9eNVCjm8-<+>-&CT z&aCs4E=%B~f(Ru|oNf!zM$H~9-hxLBthN2jVr(ohSqlwyp@+$KUrL`)xQi5 zTGCsIq|jyHGrdbIaLP1*nmT##XIV81YU!^j!~QgL)7MWXS=S1xy1iT;`jDlh&1cf0 zoi{47TUk-&>uEh-_d!apLfL-GdY-^A#Z9~IH-mSv0V_Ul62}s#dchb*T1>}BlE+(6 zLD-Gn`NUc&7duzk|Ns8A%_qA3PXZ`$CZ|&r>X)KCG!yn-?6|n;aA=jp=AWQ0o73FW4lP#)U(`+-ogeU=<6EoEKZyl+0~jUj)ippz*$!K;dAkV!fO7 z=+nIndq*q(`Y7EM)4UyP-+^ziJB~5FrdKav<7WchzMvEcXT|4yuI5g&`)<2qU3bGY zn!F}9!cGQ-kybw)6yZE1x_rf7&wPh?8ox3VV^g-sTe-!q-;zgkPa&p?nA9797>h3< z<5Fi)oV%Uw5JvonwQyqAy(*d0^`OpgI8Rvxf5TIQkK~q6Owz1FLUZIlKw_n~FwxbW z11jjct5|hQsm8E9cNY(@z9<+Hy&q$^+ErKt2@8iX$!j0$wL*-|Hgc0Yg}Yf!B3Y-@ z@((+w^OCN*y+5{;Nztet(L=Num^th?rF9uNdKm4fEUx7n87N+eJ3-`XQ_XU+`vBJU z3d;0<#E&gilk7%}w`$6PhBE!pm?(yQx(rL--TnO{{3a)UWnSeOkE4Cyc_y)Tg~Nwf znwt>{7BF^C=#3k?Uzd4rTlQtF(=4(VDhqqP|IlloBBSDunbJ~kwLM76UkZ|I&;zSJ zbu1|8nS!*0b`Ac3fPeKLR!o<5`M4s-Gg4kis>(i~(u$^XxAh3A&E0R@rzXqu?)?~L zOV(O3Dr6w5sWOzoy!cRM%Sq+yW2UZbEraIh$OLzdARteM>+7S+3KNP*Bh*EZgCv0P>KXkv8dFr_ zs9KTdWkJy+VK9oD7}y40LDjflzQDCaLj;uMf2*GbSYfTn-h5qGPy5l+U0f<^?I}iQ zYGJx#UMYER_+vyG@`tL<=U7ZCmRr+ae zyneNnn#CeFIgl^3!5xt@YLtqo3wRl??^A<5a|uwrJxqI0J*M0}9Y5cyI0x zxHCR62nx-3X3R`(= z&}-nRX{nR;sW)OzFGU1?0QV*E)L4jAX_fSsgDFmm&b}F0*?Z&OVM>oHo$ho$qaec8 z7P(Vw+nHSBR?p~#RtWdKy?w=r)L^jNa_;zTi++KGl8W~RDeC-H7lyautaZ7m^I4gc zt9te@lo>*hzF+-N+h&emUq4TWb3V-h3GZ5nUGcN&dR*nhvgzT2?8nFHorxS(vU1%k zk95^bvAfN~qn}h`Y@M$9O?dj}H|fS>2_|~fC6-F?(47079sO$6c$;Ia0sSTDR|z6R z8*s#`)-f|NohHybO%6HGXj#L^40`mUzS^X^2c>~g7rV)(SBq&mwIA!Lem=|+{Z zi&Tw|Rx{V9uENXK(cUmgZmfKNCuGM(%pcpkM4Jdq#>y!xSc-Ly*`Z?+f}q4`k>!%C zFeO_M1KRt30wOp#?%1gL_)Nx67#@z+= z8O+Pcwo8A)er*@b-QW>-UXZTNhL`6Cl!syE$vF~P7Y1b;P{oKzMPgCts5MTqu=Kcl zd4_yIOT%JEd9;l?VX-D>wtUp zcQM|(g{*K1Hs}Nywkod$qrJTyey`53PeYoCy|l9_(wWK4@&_MBd(lEUUlVAcRvJR-YYwt9t)Q&tB2v>AIe! zSMl@yT>=JdnWy-IuXouIuQ9$rLMyE00>mXFu`zkZ{V&y*dxS6v9y13zR5Ji zLzwb(iEi5eovEgdNg_nPmC7Q*Ajx(KQQV1gf*3@Oq!Zy49$>#hZZ3kbQGHqa9;#(8 z*poF}MDi!h?HNYI?7w^$db@8I>l_nxJF?L2y1lNwO5S>3$)YwKy6q~Q<*=Rb)?i%V zauTTd6P)rJ6{E=MFW>|XE3v`7c`zv_(c7!g^gjb*QcPs``C0{b(*IzBQ@5l@uWV*zsIX8M8L)zY z>m{;yB5KPq8QAtf-z1|tDf*kNf%Ggi42&0t{9$!aEF)msT!Pxz*xU?$!yc|hN(%VoTeza#r0 zJN(fUhWPSefSKG);`Dp-L42O{)wS*UuF%_b$CC#bIZs)5Utnu%>%!t93WXY5-?vfn zstzg*-D}u|Vo{ONn`OUF>qiNj0-@j$W&c_{_ z$ZUY`G2DM(3|-mX7M!e8c=zV;FDw8bP}b9eg(Mk1yQsl6meeYrJH4}RP^dYPFVj9; z43U#J{z-UJwi~x99Z_x3d1L&v34`z652pV%hTz%!G=*9nih%rl#pyt=3FAzV@!Mb1 zr+!t@J5grV7Rw|TupOTn6cnVaZ2k`l^-U~wxY~pEr1jxdC0E=BM~hpdc`eQwlekGO zZJTcQ`-uxh@!i!okQ1lT?&&`1r%I<+tt*xMHuV`x)dJ-QXgU^+f5}Jc$xe>T2Gqn$ z)3S3nuLW9)BPJC=s)B5atz1M~d;^I2L51i33&s9&8Vt%@E$Yo-QdphyYMCCN= zR%dMyY`$upJ|m=z^%>s_By&0pt?hp^EGM0BZZlhHceHc={-}?TLJ=dMs2QDEhajP{ zrR6#T)uW~5u=RutVbr=K&2AS{AqYzt6n!WCDCw!#Rur+*Z6ynDe@gqg@`AxS+P86g z5Wk+o+sHVQ{m){wv8%k7lp{qIrV`?=0|_jB(wyWdjp!12(7U*R*C%oI!9vl`m~OIf z?t9fqXT&8ZJ+kLP+AeQZFE(^uEJ>p317yA5L&oo5TL|0Koc4aWF1i<%I^ijBcT~`) z2PoX^`~wR`4@h{*{gj=25hcpv8=Ux!_TG_)EIXRJpd+~XHoS0-p;z^~fcqZx(H6FS zDj@U}H+5rn+(MzEq(^bcAiWNQX=}!H?;G*M21k~>&0)Lzd94chX~YPlFEwe?qj~yv z{tmGR-p1`ax8pb6uOqtsLx=H=$*jG;&Nc-U9aTvzbv*5aaRSd>n%Pexm=i!15|4J?C&Uq+gQvrA@WKjh@q8D)b*4PyUi!9o z3$NU5R#u3XptYLEe#>E~o9=a01sKT$-wq z6>a5q-5CC4KcyT&&8{H9o$)U#_ttwmQw9nFJ4D-~BYPFsW!vW=+t$Av z?QJ@i@@`fcuGlQ1wb)IBO2eRBd=qm{6zPiL-D0IlhWCZ=`%D8solM3A;y=ewqeXMq&4mTjVSRtPr z)7;5nP>v2+NCB%FQo=`aVYm$!ono9qy|@EFgzF%12$pkIH-$A6iWuSY%a+Sj9-Y(&3T6Q&g8bDpf< zWmed`o>c}4<6FuDL1XZ%b_ep6)On>bLiJA3KV8}2P#O^o0OT}kl4oww4^DvWGKq`R z9fYQ3w3Vy91#NRQQR??b^2Pb1$H%;4=6>uVlBHMfku`mH3;4L06vDvgp6Hm8I`{GG7y;_Yboy;UWM-jI5WS>%!)NxvK4mWZbW`X8CpKV zF28ZRF6nw9X0H&UoDi$?UMCv9nH)y^6XD4o&ttc&)UgSsrrJBVl2QL90sH{Fueak0 zeZemkGN3uVRr3c0%vGh#*M6@p4-|c7pBS7JaEWlJ!jQ=neFdO1p}nsG!l6}Noc)|j zBgj6LJMFHJ$9d+7znSG$g3e{p$TxGxmbDCYLOhf;eQK12`jh<$hJ!K-_JHmw=cnym zR8Z@#`)HlZHT`=k0sTx|e4Gf6(5w!5-ZxpRgFHEFf#>E1c{CrST?U|q;wyY5wuwQY> zq?oHl8qsu#82Y6Txw!#i0;Fd5AtR}yu97JDch4$AaFNtqOt)k*tiaqarmAap^}Kq- z|L$Y;#}AU8m3l=u;gkDLXq9TZo4^iI5rbO8ZiZ@X6Sn>~l6B8}(tEIi{SKyt+wMmE z^NX2#1)7zZfa`<`$GaJ)*)k|^7LMevncbQxW0eO+K>KR5LfpKo6A>}=DYwgVBk4e- zj#-h>!auZ6s%`Jc8$SAX(%9%*KOPpSMo;ocUy>!%!R-UKiwX>TACa ziq2?NRZ1cP2tCha7CS2(#rANq;pz$?%^i8_>R@kgZ)?jzcNH_LGl=j;z~+x?SL!Dv zSV0wf4+t6i%1^NEW;r5C9?4?6Fp%bF6~cNZQ<&0I`6!vOcn%B2Vpdhc>{te)OtRs5 zGk2A`OO${PNUWu&b-h~&!6mp+aKEN;p52=rwQ~YN85zqKU^y*pyHsQ(ecA*W6?evC zHKxQTDziE|??+Zy8%J$ow(RQTOoWo(R3@zvW<~0_OMl8^-Bw&UJlF(;7eGh2k*XPwwq z2^z!H2FDng;sI-Nm;LKsy4r7fCmSgo(G%AfP3x(&J}2B`?9cm}5)n|D$F5j1T#&#O z2vCXRG8+|oT&V)~kCa;f6K@;6JODB!%;f&Gf63d{_Rb9AeYdoya4N+9TK=&g*3CWN ze(%HQ#5So|xsjxLe85o%+*)Js3+1}0>J<=UB={SEX9aL`b3^eZ;O!|I-NGSBK)p8U zyIF61ag6Uu;sGW+?DA(v2xPLyaAd|!cNqVXB0wl_De(Qp`D$aM0A2I>#5vmFQmDU# ziEOw_Mn>j>V^Bq>j>GoAR8pOb_;dh~RQe?_Vkg>d^UQ#aCP^C%2q$0t8O;1I38??Y z4*uUK8~;Xg{q4U@2b8}POC0Y}QyVE~n{w-KRx=LzAwVpTPhF${R?Jm9$M)S{M>##~ zzpuz3FVa!Pc39#Q<(vpo)iacB@+Pro6{$VXmZ3qZPNj=y7^=CUHRrkF*!8YG9tblOF&{u`zqmm}!l<>}4 za;g^5Sv?mkbk&c8ptSsFBc;)d?s96r>hO4+_o{2*F*%u>s8##aJmQlj+@W(-QGnOGAhc7CW)Z;+i7OU1{%Jj7!HYgw~OmH>Y1IAcXo}HbWw72-s4Nl zl=5~c4^ik(c_S;Z;(4# z6)3gOk24TC__}~vuYiq2{C6S4xac6Ms;iBUGo5O3_QCiD~twN#2q4?a@p#4&# zgR}xf^mUAZ_%pkDdzb~j?PPRvT zMpW2aa62Jd{S&hv_9Kt>vfl4H+;+b`iZ81RU3IM#9v!iJX8-kG6$D=C-V@;T04>Wz z3F69CykSN+S62dv+p3s!6p4{4D(as4mlUj9MA~Q_3cesG`Dv^EcC3vxDGJj2-6O?& znh}?+o=y1pts4vyw{cw5!rowP6E4cA>aCJxP; zq$@s(+e#eT=Ovq?c+*+8GP~HSuAGPV^a#*?jgG)Qm{;yhUr1wOJ%9)A;X@9Linx(a zQMLYg#Ql*xz1Kl^{VwJ@+JD8i>t8S@S~&K-v3g)>N-+x!ccqn-h%#wz?q>%kB0jDm zacfPsUILa=+x|U1b*#4Tb^8L{LIFVnJe{n;(mcxPs+7Oy&u5pQwPj>!GaTi}WtOd_ zfzU`!G7;2)@hcE(CUoB#Hg%(}Za1xZ>Ja9!c)H;*3m)FSgk*6owuzqn^Ar;w&y=O4 z9!z#^VMrE*945iz{FB~1n}%r+8+;K4Pu60TpK5@0@`nwLO#x$$HMdU5Q0e}$ zk7!|3`r@tSI{Y+?`c3wp0OW*e*4h4PQ5p3kT_rRqwUnkNZRpw5VvQa`v6Z-aO>A?W zKXn~)NpBc!7IxVgD~&~RVpspd0#@fvV^x@)uX976Zj4s3q3XakeZ1?>U=&E{`z{DdeUj+cmR)2~J3tYa+9Q|zBgD4&Q=}Nh_%?I>QOn)}|1u?*#7{C5Qo)i$gzJ??L zekL%$r7F*ttS-?$vl)IBZ*$TQ#qH^Jvfe)g+$XP6d^ZkS#TUlG^B&9jXTb(H(5`*G z2aE2}DcRzCVod6J03^CuY3vOAZzMsSaLK7Xd~}X+J_Ymq2O{;~P$U6~Hh|b>f3$WJ z<2&C81NKBPs`qifTw#dsk#|j2Nq$;C+Nru2KJ93Uk??&y_gXT>uWU;+>*B+yllczsd-HUACm!`a{Yn6FMGrLYs=k`o3~{A~Rjc$`v$kj^x#-h5Hc7zFko=)tUTZlx z578NXwrnkH`&h!{p|Jpg1#?h5g=>`XUshXw2Ds$Th9v#3xn87F6$Yl9t-q^J@>Mj| zl@N07wsD}|DK28HtrSx2^d+Pga73X?ng-I`E6$T&{smAO{m`w=DLIR>sc)^V<_SAX zA%z#q3=0(%IhvIY9Q7KFCCzw6#PH}ob4Q~}`jdQF76z{h*98(dW#%D~JHPDfZ zVHzX!R*oF(2+uoV(jYUh85+uOw27VD#~?zx#g7WlvRZ$bvPB1Bp;~kH7J7uYSgIRe+xU8GE5)G1FSO6)F3{_He4TH1XF|L{!-;r3o7q&z z#sl68jX|;ES{CV+&*}6$ZI3m}cQgiz`qBi4^lPkD^w1u19a!P_f0)c}Yky?Es*EY*gA{mf-wNS2?dP)So)@;BqL^npbswL0xj zv&Gtb>G#gECaVe5hF-EQVfXTq%ie;FQG8ZNr0tBRqFUOgb{xdj+dA%E31Gw!&4!-{ zsoOoU;XqLOxKd@fqLUYI>tqV4e_AZEvM)*9?IB1UuNfK}pVJ%+VP!97YxJ*X`a2&T zFvSFjAL1{pyiBuEZ40s1Zk_BXXN3fxsIRzra@)qgh{EN`RNE94ulbwN8*;!lHt&eH0_kH+OgNiyZCO?Le{Mg(8`Y;>qHfIYIf#OAzyh*%`7 z4)1^v91Hv33`w2W{oepdWxXew!IaHRNzkRcZ@^xc9Xf^tfijmyzIoRu=ya;m5WUhv z1obU9ZRBx8r7Z|^*XVQ#Pw-uRci=WErjgFGM`iH*l9IHUuxUAk-qaW7l|RVtEs)TR zRU8|O)XIwc?*Dd&o*I)LzjS)k)q&YLcv~zfu-6VamE5GT4N;oZZWvx`5`*ftmG9Sk zgZ(P-z3m`7Ut0ybnm5{{?X8Me^}C&IKXQL6dR`29I)mQtfV|&JM6z#3sW~QDq)V_z zsaBaPBv~((5&sY2zUVErT;dy)H@NQUC7-Y6C!a0G@`zlVt$5OBoGpBJl>NmW*udxf zG$O3#=6@fp8WRqiogJlz1~}NilWl+L!yyJi6XKXrHZ%GL@vU>h_a)=}UV{#a(uLUf#(qMdxBC0S!u}ob%JSTVgH{=E^IRH^}s+yqt%eiKs^ zwLCww+`Kkhex1Vc?uN)cpG-4_B>m4_D%P<;q_4y3a&DkoBI!-w(M-+cGEo8pZt zmjsZ~Eb)i&-iofN`x($YdQKI8lMj;s5lanoOEh+vuD{I_rXjCC#aP+r>>n^`Q~fc% z{qde?WnES8%8X5@&^oDO*%AH7cJ)xw5X!p^8*J5y{vLDt^8_SIwPc@uGb)@TY)BDI zQMjq>?BSZ+u`EvXE}cP4)v07qkjS;m>Wk z2pL-JnzqlJ2k58vN!UBbw;3D|QE|}9GM8y~2LT5wh@u7BS+}_F8c3}}37wvK5KaR2 z5Cd-=STLONFOG#3yo6%kpQzQXNj??P9%-KLIxpGvgzs~(tR-CSmEZHuQ?^GVmgF`M zS*2|lbSN5Z0Z0l(LSDXjH6o0W^GIV@E5t> z-rjoozVTbjBHsn7Sgt0906$0xX69HJtRn)spb<;9Skwmeqjw zwlH_q;2Zd}RN+)C+VyQhvIO{{??$HakRF7aL783rQxdP+O)I1zMHQ5oSQBRVim?}h zUTm{E`FS%@re#F~S3zQ%=$H3TJiRjrYOfMsjO%aX5pB(F9rgAq067|y#8x!$J~^G5jd8M<6;NxTl0ejX{t`?U z=?SS4GJ+Zw{B0Bz@b<7Ac0rT`2Qmdh^6UBpHEXRGJh!5{u61Q5xQqA?_I2Gx>GK=t zW~_zwn(ioPM1dVdha*X0$pJoH58^5GQO!vln5j?%>mb6J$S^o9$kfn_@a=j-3vtH- zDn(*{6<6fm&^YTdW_=dw3V39}FF!?aJmay7HoJt7s!uw|ve%(5_9fRw+!4vtsE!ZD zYP-ujt9uJU0rUR}1@i*p6)N6a5px!BD(<*JQhTQB0~Dw5&op{BvR8d4JRnW`dtO3K zzGU^QNLOitf-q4i~2!kvc^6n z5{iuACS%Y}mEmetqKU`NiY#1AVPohQoSIa(DJ;cv@QSp<9xp z|0=Dz%nFOkxKVZ5; z2nfh)@K~_;_3da{vu!qb1&FR`iu|r3#WAqYWoUd6y%p@j3Sto#w`k_l)Z*P%jp>?S zCl13wX~8;hwgT6e)bLl{#Bx%4tqq>6%t6z2v}#io8W*{-cQaxu&hcDby}V-F>Tp^P z6-LZhzcLGqg@w$!EWi|W%RYV3&fe3;T!8H!r;&q@AK!mal}RLOy8|KnT!O`yu@sJo zjpwQO0sb;5fdvsvWuO{otaWLLo5SJLJ`>sBocvSB#jec@Bs-wKPNgan#qr%<=Jmq1 zbe?Xz$f^>RATzUZ?Ltu9lV4+P=UrHHk;V1(G3r#gBroK$(`kA5@yq*ives7v44&Y~ z7j42%EL~|m!9aYdk=WBkvjpm5c@ zQjjcDvGh2tyr5_g&TOw3rcTM|lD~QcVMhj_M|g=e_gef)PlebQE*8FMq)2H7(jRqu3;2G!BPjIgFvbhb8<(dWGdcYhtoNsBl1QWFF z-M;M_5MUvS6xZ+vO6E8%UO(AThF7U#aI#uJ75&_Q2WI^W(0m;AWpy-cZk4Lp+1Y`? z69BKLTV){be+yZUD6gAbpslOsQoKtEGzqcU8EVsh&$itNVjA{oXZ5c9WO73cg7Z@rK5XH=d)D!ejIEj@7h)d69eV(sC=3r0QsAM@yA#@Kdit zr{FMYtEG0`#E4!jf^_*QRYZ!B;DqK!qsjdWmEj{0aM=&i0HuE(JK*2@C9>g>@4a`s z&$lDPB8^hh0@fwlPZ;6@PU>c!p(&Vxy(J3PKd4DP$9^Ql{ROEO_}zGuckXmB0Ze(k_K z1bRLhxPKm{%6&vl6<9nc%C$b%A1WH%;5?0LSU-MuvTzT&U^{TWqT8S-FaIt)yr%zW zQt{oFy1MwBnCl#kzD4sF16zVT7pMzpGl$2KOPJBwT&tJOhznwuM`!lpjKX{7q!RnP zXYxhi#j~l=UA1}bP5#sEq~Wd?(=jE~$Ma>|3sd{2)m9HV1fI`4ZAc94*3I!CJz4)O z*AxQ6><1?4tuycsYn@BN1C|fF@Bw3oSZ$c2fZvmcxFW-M|Z-*(BMWfQ~4*;*{XCgq{CrQpV z?zZoER)MYOm7md#?fWP!_@$I&x-Rfs(2x}At;1#oNYa4RhFUvK-}j^LCu*7O0`2-u zKe`BSO1Q6gOZffWY|H3tI>iQ6en-;8NsB_!iNB|BzT$6o0!yNd+?*rbUg)TX`)vRG z#&y(3z6in;RL`u6G!ge8VE;Re(kZJS=V%G`^;yby%l(7fQX#k zUr^7XXoyAgjm5j$uJmO+?KVn(Q+e|Wb7285TV$lk&#ACdzo}o{@#*p52(r8KH)}TR#neXn8F%S{O!e^ICnVFS683wg(_-m`zj3k;ObUaDN&X1s1I z&5#f(WLm`q*y-kms4Br#&tQp7wCSq0e)jkh)+$As!i3wZVb-z*|5TcNX18&)6E*Ho zV8$H1BO?uMz-S-1D)4-5yZ72f5!uNjox>q;HTGo35b)t1V1hogMj_Hsem#bQgH| z+WyD{H7H{IrvG8R$#vu+L76^^+(9JAY^1U|t-93a)x|f_xn5xRZyFk!__(-7Oia4P z1~Nb{L6XpAEdTscaI=<|k7CC&J>-paTsNO#5nEg?&w~KAPGP+ao4gqa7s`aV?IO1!p zit%8PO{Ldk&n~usqjuW>$({!zD@AD_BtJBr=c7O_twv!HIPEV1cQ2-TNTX~&uepwPwt=U9@U+R{K&T2>GS8fl{|`Y-g&3eYXahQT)ErH zj=$`c=EkLk6>Oi!on>Ob-&8P;nP@3XNg!8<$(z`ip08PZE0wnhilMi+2b_4npLEPj z``Ce4bp)$8jk1TA0k>9kh}HT#%=dptNJJM6zsxhc&0Kh@5$ONSMUp+#Ay$W5Zbrtp zSddd*1P(rbT|5Tuf)Z5$9=ZF;<@B1cmia2Y?$9N@;#PP`uXLz3^NF+QRD%k?zlZ#p z6}2=zFnC7^jp*^kQG3}4r+!G7xd&I%UHjD$nJYTY)}?Q&SM_Gm$bWk=LM`p_a7DFG zgtV9br&)WeG4aYER~XS{15I4HJUU4SyP=}9EB z4pO_^?X|bv1a4?vTMS7lk~}XwMB{g_q5#mH@ZN+4ZBos_K~oO13G9WlBrpHM0z{ro zh!sAyPE{xOod_Xk*psfgp)%24A}^^#szK=%cR>xtI00{iPvR*z_Zqjv4Uf%^^{~$sWA8*JFExD#`ejDH=rN2c8XY~A4oW`C^iuaE8Si+^)BH}nQy1076Q^}Gi1*RGnXb2>n z7T!dQj%XM9&`|jgC4VV9MBwbGPpdWaEa582EhmEA7YjVBVrkRDlY#xuUu06U-U-N< z2fWFy34kEs)oTh@vDCj+l){Q)ASYm~7qA%#B)TP!iPs^yZ8@Oj*a4c}cyvu1m5m+O zs+|q|YPXSTvss?GPc5vp5OL6}{l^&|x2pdiC;YL4?w#Jcgie>)5(9$l!eyPo<-EUr zLvHIDk;mS;_q^nk^;nU}-vVY{UeKZC{xg=WVa`dOTW^l1*R@&ht#i{<=r3V4$s_~k zZ!Bza0)mhU-G8nVaYvC=L^nSTV!;_Cd#9I5iYq1m*q05sA4Ij4l)4C2(5MHb*_zf)oMiXG3sgmR6%;Z21I z^?{s!0dzHuwAOYP`>2Mqn2STwA4wxq7v~4O$&tWeFY`wR`k09;K6cYnQ{TLK^AYgk z6Zp4p-y|=Nus?D~E|;J{A{ijIy3!ri%5qBuI7E$O+M>7EFtBiR(&PtGo`)uHiCP06 z_^(e@z-K>-7Z*$izSHrTt$Hhn$aX}G>~dQFKGTKpsmRob3lL0_Dv0uP1Y5>K`Aft4 zV)m-&F015cU2Y3Y%`fE*#cR~$r&+7YUqbrx$BP6Bp?($Sgq()+=5M)yk~?q2 z4r_T5D2mREk#s_<5&KzFbuhz?Z<<|@$o)o!{N1b844_! z)&8fGB>l42FV7beQLX1nHp`GG$q*z1)PgJ&1Djo1OBvewEr|iO^D{7$TEgWf_0Fzk@PNGbG z-DBeukJs0WfqDfDNlp$I^32{ma2;x#^IAnSjjLMJUaWSLQttNYBd(Jr(gqskCjQ;2 zTz1sqBLV@qB8xe~XT+I#zuLKkTI_#X-Q^?#bpqSKA68$CmOSa%F!OB=aQ@cLb9^cD zql@u~!Ce>Br&byjq~AXqsJ;+iO?##Ccs5+($WB**==1&q%t8Ih zMr{mNw^Sg}`l`e`;8gvt-`^M=9Suonpe+9t>(iet_Py~c5I4Hp0vPQ8mrU7r!&%?} zUn3Te0BU{UvfBin@rXSl48`J+ok7Z{PmkfaBe>+*@$;4O7y*Y3Lc@{arTI5eh53f{Eprd(>iu?;qed4` zI+A|OCR#832-D+x&1_NpQ!^yOY(&G0iS^l}xgIZfk9+PGvl+f6a}R&XyHJ_2dfOnA zR`M?4`Au+~%Lt+Gm`y5#?pEz=K69$+s>0#}eZ`!Og|rFbq(=h<27m$itRV7mI$pSz zG=^>aC93L~siBYC0eT~=gAgK1V#rCuYUXEZ7+ur7E>{cVVF}`mS7T8uT93tim!`AvIhlc|!%0WKm9W-1x7Ds@X^9XE1Z}j!t=5pFM z=%c?CXWykrFRE|itTsCQepX5_OhNU%it5dXewNh)PkC#mALCf9qMb~4b>WgYgO&4L z5NrZ32B(?bKRsdNXJvo-u63_*Ibx|9n!{VeU>UY>-Ms zRv_`faXZk{(&;s?M`RzRR=-+@&UR4LJmn0&Oor!> zN3X+XW{RYz>@A*Wt@L!<$l8bww8AsD#dpQO7~)5W%KMe`REly@pzK_0K%c6z+`kou z+nIdzUKP-9E1M9`SBlP3pUN>9i@K#MbshAqHb<~cjYJi<;T$|>>aN-|_3eYbe$DHJ zl;Hs5Yme>?2!t9$){+Vud5}g$?;8tPY=BC4uV3>=AB0Z*dbz2Lb;IY1FCR4d?f~1Q zedmuqI}?lx;ox&!`Mi0|LP;QWiZmQW2!)&hJ5EjCk6ay+K>?j-=CNBMd3Ol75}u}ExE0GUw~PZD zfHvVWx_Lf?RX__mp@&;Q6;rCGE5z(<00l5T;^X3`NtbfTW&_r0%N{19&4=}8Whw=d2pHCIqmeY z8mJZ&6&5X1TLFj(a8${ o;k>xOpzs*r{p**f@#>Yg+4F~2=|XscSFR|?s7jYey?XQi0j@RpRsaA1 literal 0 HcmV?d00001 diff --git a/docsource/images/K8SPKCS12-basic-store-type-dialog.png b/docsource/images/K8SPKCS12-basic-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..11844bfea82cf5de0a1ba428e66eb9632e3469de GIT binary patch literal 45202 zcmbSzWl)=4w>D1&+EPjlC|Yd`BtVKg zfkNK1ov)o93~ z5BHcF8pu3yqt1l4Z#tL9ezXep&wT};vSL*Jykx&BOXi2Uv3F1ME9BtYF_-N=wH&}h zu1&d}4SEN|+cEjXeBtNfU4GgyULUzep}^qO1FhS)I$X+eLEgFM+IppBxN;Y@!N1T&c)iA6?b{NWKu#@v{;wZD2W=UU_#Y)?Tg<&*S!c*`o-(BLG(hP-K+^90EoEhalHv_ zb3GAjz^&%ttDF;-K%MD4?}jZLWl)n zz2zO`$BW10!V{=BRT~hmPP;%oXMPd#_`0l_xZtn97wyh&{zcTzyl@?Od7G(fEAM(~ z?}zKjBsx&Sd7m*Dz4-8s)AoK`j2)l_t6W2*m4v`Ay36yIeLUP@LbG1~!mgLySjnZ2 z5St2V0qeEwlXX3?^3%aQH&SIewwj!V3e_hJwV3*E`8Q6BZsfeZc<dWF9QY$=rGf2x{ufyL24Yo2n_z=%HetNGg)1UEbGiVk85lCpc<$pn(b@H?Mx9|38 zW*Y)`>%&HS4F>1kW&Ky~SLcAjhSE|;!SD!4 z8cAtz26sxp&8yt?75|#@9CGXBxv`v}i?+&{7>enP)YM2%wOSBf%G(4Jnk>hXlwhv= zU;+}U(4!QuMdwxzJ0-zKFPeIAcb#Np*y{qbX+-0Ay6i}_+11GTCD0mRYVjaWw=zmsR@~Xi(^dFD`4hK* z`J+bWA3&pBVroB0C9ty^C4yy-;`S3|VP^BZ3N6)?@CPTb2Bb4YbIA&uC#7F4f!~av zI0jw6NryP5NZ*uuuk+hIMSca^Lk!R4^}c1U$g!s$Pew|e_vjJyJ_|t?m_3JG7c9kk zal%IN!BWLM4{30Di-`KMc6O~XQB4*UFROye)kyQr*W<^~@%We%JT;9C@X3zRBtut| zfrX#ff{9eDp7-ptyBU6|8oi4sRTG#+oL^T}$=7@za|wR;mZq^_` zJwIZ*tx?Jc;{q!WE;Xz2S`SNWa{8rgH@7i!6z2nmf0SZO^Szqr7Fxdv*VcyF1-_F2 zwRpaeJy;8m1)ItT1!Jlk%->dwI+F$H$-{PMLqo}x*vXHv#qN{2kdXc8FR!}5eqA>i zo!8}M5E%aDnmidLg9A#lj`HmWSgV06EYNkv%pzaC|Ki<5K6eYZ;aF$NONq#yl6BU& zTohLT6SP7ISt6FG<%PXtG5x9B;cA-p_FgE1zuv)4{$*8{?lk^j+~nX9@rRA>nonVS z{`br6E=nq|lZXj>F{tWSJ3A@Vj@(=17IW5%|-&pfnNos+*<-L z@Ls8&$t=f5?EOcfUV2c<} zA=y4pq^%hk38Uk~Jg+(XS$H@=;jALIH|OtGrpmcXfwM?%*$qIPv|q}rs2o@WM3E@h zipD1SJ5?pRB1do<_tRDL3}nu@)JS|xI6c*GN-Kdnd`kz2H>La>Tmr4VjF&Z|rej>|?$FJ$e4kKvMkPMCjA zH9_;2P6XR}wo9W@!ti=~Q*XA$G{iHVMQ6nG)S_Sa)@Y5s)!HOW`0$9|jKAguLw z50yp0;TDPT&}Kwjd(T{yIonrag%%JngM zi#G-Nkz$KOs*~uz^!)co9IX$2r2`mzwh)IV;|jJ^4?{F2DBLymon#(-32sg6?RXXiPu&{`)ZI>M-oe}A04?PHwPL>#{Jc=QW*uIhZYk1&UXK0E4j zQU=}qO(uhMyLiKATMqUNjCUGvp#`YfTQk9%n<-0CDRTo=NJQ(I+ zXKAkLWWB1J_-s#n_F&a&Mc&E_)l2RQcmDR{ftLu$k0}wHBA0NMDYANQZA`HiwdC z7hUX4%J~mX?%#twQ|je-$+6v@A5Hc;n#4eS3MFN36t97ND3chQc-ViKKpQPBDk^Di zLw@%zQ-av`w)<`LLyhvJ6_a~$@f!DIpVRI*@6m(bokx`?m2?57rXNW!MgC;((c0JC z{cGp?N^T7I)}2-6hhvRwlXVeqV2a3M(!&~NaJO&r?>@Q(k~)i~;45PlYQXvJiZ|@U zj^jR+K12FuWO^=8r$+6x(!2}ei0nEeIKMxtc$Q)tQXH}4p?LbKq(1PQytIVdwsB-y zGTF+_`%Sy#aR$BzZxVc)*atM7nw{RycD)z7GUgTbO)< zNSVyYih4gH1SDm%OY%nO<{vhb+I#+vU#;q^0!GnLQd28s>)7p9C*~in-n|=hKSNdJ zB085bvX4%#lU-k06bjGlRpJnAZ3AbOT`VCA7>r}oGem2on2jkQi5h5O_JOQQ&3Wl_$+1B0a^|b_a{gxPP1ZZ zq`L)b5nz2YH)!;k-$d3^IiMg%cs)`n%9ZNXVg#9$aLvuN*y8i9M2%C&vcEWlx#g4q zTEEi#ElH@n!v6YYvOj3TLr#3+V}XVZ9)!YANU8A9D2LvK;3nU7zJ9s9P|@q5lgYB< zvmBWMGlMcXLvCn z=Dm%aR}sR;F4ymdVcRl#e9L;SBUoDKn*q>TE1sodOc? zEEzk)2GrtSC$uYIVQY~bRa-^FnvFz}&eBZNPb1{WWI(447Ae0vy3w-}B>78bnEE6r~ibIJ`@J+|}x0a$(nC zVr9yQGgkO+K(w$hv#9J`y%xZC_UHbYnMN@Lbqfvyvoolpvv*f$v5vG zJw7YroELM}4}7q3WG#D2|AC!lpoqc-y|Z_#GevcXG>${Ip7#_NHxc4avE^4*R9FX+gfL&ugtK z`j_Ev`xe)NgH_ksw+4}pZ$3dz944!04v~wS^s~NS!!)^P(E%efYCf^VJ<*1NHJswr z`CorIy~Bm>6=7VE$5t0^ViZU_@V=_ zPgd=iE*(bf2%q6{*E{J$_*89PI9u#~*lmwPD*QOwU6xqV|M+>%D1tT~#y}o)V-#C^ zySMVzU?G3Av|v>lhd2TB1Q=2>9G$dYi(CdTh^^UtuHULE!sS!tvI-Bxt4uw}}w_s^hG}G8arQ_oey+QIm)PQAQCE zX@&Rqg7+AL@q~U4%Jx_Mex*1mA;oy~{eiKNW;B`73So1KLW39HG<}Er$)%zIeWXF| z7aa`{gO^WN{GX(Ge&4lsFXT6O*f{H&zZh+~yx@YqFh_gOQ&{*)`?Aa%Dlf5j6PziQ z{P8DV-V?!z4BN9l*##CI(PR?qzbJ+cue;?#ux+h8uES3s=jo)0sU>?9?!PfwI%_eP zqrENj^{?aansmC|umVg%2`}V2p}{Qn9^(>L<2EFeRoHuD{7~->dNX0m;CjV})Op1x zVLD^JWYY6j zqP-k8As08QYfH?L#ILwKvO)!@Wmu3tY~HAj@}7UQR#`I{e({TiOYYkWRw9*$r^JU{ zDIPt3{Kebe*g_=u0+Bi(FD1s&&Gqf3BYD&(eKwbomvCQ5w;=A&KELMa(RoZbYPq0y zbk?$CtA+G!$IFmYu>^E01LSGh9GB>7Mgm4XdoIu3sOs-)rObZlFhYIb%{RDK2qpkr)x!tB)|8UJx~yUO$mnEH zgk6!(S}CDtx)^qm^+aAAhKL-!o>y5IKcX5emVLZ{ZSR4U)Xs2AR`(y%)`#zW8rJcl zmVK_!I4O7f{&%t15=z1h=D5AQ-yhFU)Sm3$VO#5rtcxO&RwmAhi)iU&S!baBd;K(f z;c`VDa;z=z-os{4`Q;r8B475py1EK8_{m*7k0z1Z(W$5&iOEg@Rw|i)m6k~1W(L_P z+4VaR)bT*mpeu5P{GQg(kg9?r4bjg(k4S@qlYu5nt1YCKuOs94O+N-3(G&f0to;=X zpnX-*$xIR5{-Kp$QQNktUXV13jA;3zfIWe!9F>gyo4{*6eDd!}%)c_o2)yTm{|)c? z&n7pnH?Gfvng1}M3hyB7kN&Uy{2zw?Uo}}${H=au!RNb@YGA$qo>}73 z_U#jMs@iJt0zKOcT|HmN@Q8hH&>uFIyQ-{}nrZRcz3A(jgr?KZI77ArBUCAg+UL_` zYqwsy@03H;kIF9MAedA!xKi#rn|#5*_5AGSoa#sUt2@g;WI@ncs@Oebo^@pRD5g5S z&CXYzCm>Q_=f3|vno7X9UWW?EV-m~OoO^JpFJoAF!zRXj_>p4t`SEzlCKMXR-Peb; z0=4{pA%9LsMS3h{UjrDoDJ!wm8VYS|p)ao83q@~w^=qdScvHlrBdx)v4?9;^kCKep zuz_SH9cFWrvsT|Fo#$YPrqOaXglyGu)dxWf?s~iu)soL*C-2VcS2;#nxeJMOVs$eq zJ`c2cmX9{qIbVeADUW99P@YVadFNannARz_vAf@`73Mb1^AHvib#j;MyJzERZ*RX# z^IM%%$4Sc56E0}&aBsn_yMm-AxTLYE*~jji<~eIGFDv*6xT7rBk0n3x7B--l%FR*Z z%~>qEir{s~Reeq5Yc5j{JNz`a=f@au(DC+2d1jQ?mh%p^yO&>2m_+EFUJpHJ96Vnx z0NQqDahx+xlEIPBzAly!P_ zk4`_8cUV6>F~ZH{Mpr&s3JpM*AIuz!BL0RS#(7E6NaNc%?(eRbJ9PQ4d27A9iwuK% zEyP>dCF~&_e0So!Kzrh%vZ0mmsGzbh1{ROvl_$?G2t>1$e^`M6d9VJ;sxp0J&`C=} z&#dW!lxkYq#z6JNOjS+^gwf=Ilh$iZO+>EO@o`2$(;F?!XN&J$5dT5p@vB!^EHf>S zeAh}Y+aiNJp!awk-J)iq1Umi2 z!|+v`Cl+;`S99#O6FdCGpF{Yf9GzJp^FmlqzhNizG+7SpY$hMl<$^?K} zI5;9OtfxID7z=^2*hxwQiBG>4n&w3g zw3+5Ab4zO}Kk51IM}Y$_DsRhxy-u+oE{=b9m?IP{8Qo3cY22BqtX+TcqdsRuOql> z`R#Zq%cv|du3pJ9j|N*lFTkk^NGDkt#v>u%b`()n84*?6lxM5?w};_+?`)+}0y~(- z2`9{B5j_q1bTEg+#B%V-2*h_6vns`kG79ODvt{s^!7XKI0J=FQt~SyidLoRoj0?~J zXI$M{044CnS(W_R>MWN#>Fy&ES^O@tmxLKfdZSlfoQ~apZiK)%&B_K@AcA*WKCZXF z>5z*NKT#jOmfyy^TCrjS!wp&Z96d+ zLjaN*sq4BsV3>3sVEJC*DnAXc1uzt{1>ns)u$!lVRwaPCrY8uvUwt@Fz3s67brOIZ za)|e$M`t-E0KkWnqa$`n#a7d1q;1b>okaIuY--=5z1a1%{beZoCgLiW>vnNOwRKZD zkIhRK4TEg?&eg=7>E3b-YoO~^Pu%FpMmM}ngTlh3t*=1wz3@r^Y3RZj#_#j(jd<#A0yD9wmAXS&g1o?x~Ra4(~8nx%l2({DcqJ>XqDOS z^|xz(nR#wTe;RJ;Yau(q4-XJ1JcK}_`v!57T1^g#w>c2yu5Ld@_I6WH=f=j|=9~h;u-tKq5#U>m zC>Y{KHAgVeBi^bR?tJC8F5HO@6vnq-qQvgJZIt1ImM0dI6H+!j$>CycKqH0422Ix2+Ac>W>vF0>PP&zaXU=+us?41_~eIPPfdTFr)B6 z#m4J+hmN+@ZYRfSh~Pg4J4J6Pphjf3tD`XaMs-)Pkv60k5MF9kEj{R zqrz?Ai-55vY!{cA-(gME?M*g0kjey!M89fN`^jl-rU_|ST6FbzM~A@U$JEsyC+NkY zQm@kH-cUj881h7!xJxV6j!*6gS|yHY)Z>!d|GM+G*qXif-hyz{%P6MX8W0AYH}#`? zHif*Pk-lOP^!D~l^_=|Su^QRJXP-q$bAA>d+ie76^Jic zgyt_GMe59`*K5o;4uxyBR;#5T)4gSxlG*Yd#;(V(D6+7MPv!#SrPPn*dU|^LHgh_v ztL%*o4+<(jX=p|j@!Z?X&6k2S?oc!)Us68CP}AJYA5>E3rKRQ~txaZA@Of$70SYYP zB>5K?a4$}CM7=trMyw_EOLkIH%Co#@<=MIQcqa0e$Da&hNgm07YpMjOWO_+6=qag1 zy`J&c0D0?#1-}D#34xM{W*Jw@9mZ`*pNem#1v{Dt4OD5u)dI$4 z>`Hzk#$b6l=3XBWg@=@)ty)a^$77QprB@H{dp*S)z7?D2b>qB%rgSc zM3R}k?30;gG-M{|%wBy&V_C#ZP{N>h<(PM+?)PXXb_*6Qu7!)7@m;Jz4M$0w>DI8( z6IyZq;fHo1W1=EHWNeCal_U-bxdu_^yD+Y!fr^(=)rkcf7;0Hot>>&@RIh%_eu#i; z=y1q_p>O4g)(e@Jk@v@m$=h6HDdwY&0>5*gZx*dek76HOrbdvXMdG%(AZdkLq`XEq z@dZ|6*21;>>L#yJjr_JYBS_q1&Hs|It>@aj{VNzHyScq>?;@V=KhHV{_q=Go%FN#2 zn9HNTJor1ur)^|Ptd-fjmX~{WX0eTZYCUla@G0;(=3bPFwDm{~`BW^6jcSq8Rp=OO zXMR4SDra3SHL6;0!bNaZ7WuaM`vmRdL|t1M+?e{orsuv(m^SEu&9iN14GlT0lN@T`1*%!>$ zrG_c?OhoTLgE*7w;3|n%^t&GDB-@or*5P>lpEw)KcwQ`r5ky}Wu}fwaDt9|H_Bi1d zAR@SL8emRxH|*q|L2V0G6+V_uPyJ-QTjxQI_^gkIC4FXf2Lw3P56;wqG3$vda&Q{U(6{EjFa5@5_~(utjN&(5+un6}Kggi#k< zh!)x{-KKw3W)P+y+?#O2S%o}E2A|l`@#y*}qy{0yU61V*29IfYQ)g%>Nm$F%dmo4Z%q{+%IO?d9Zo9V7`yLk6hok|Ma`*fhF$qhw-^VMS95*~KHt)Fj-+Szs| zcnf>pR|KhOF9JDbX7{O&>%>yTez0p<3)ej{@XRT%ne2-v*NyJ7zhu(z0;e7NXL5~T zBgVea(_~?@Yni=G+!Zj5s-te6rHv%JPDx2>kVXFs7a4uX4gO!sf! z(_?r3vdj$37g3Z31NeZ)%ZnPQMJaDsR1n2UgcU+c9il+31vT#c1{^ML z>teZ2aaxz_c;|r$;}++F<(vt9Ga(4xP!PAhv_C`ND^+a3#w9vI4B3!QoqQm%5%W#DMzC_C zHd0UIn@05VYO%^=oNj9)b8Hs^37+H8G2DJ8SH~I?vGW-!VPpEc(qLg=9T;^nJG+6j zM(I55oL2ay4r3O5Df@Ga^>8JTo>OfA!MoFkt6ruEUourFKDXDb7_1X%0Kx*ys@XSK zYF+9s78s$yr(KI@rvOP+|EKy+;-1Cs{wg~A?5Pg8Tn}r1#M}ISx9$jOJB z>mGQ;hkd*i!3F_Fa{B0*OXfTQ*q4i^;PzoH#U2c6Bm}A~=y?D|zN0tgx`NLaSSz-t zcsJsqS(2PROa7&`9{{%VV+m_u?nlTz$zpMTFwVy-4DLEP8~4Ceilv-H6nz<`GxON! z@|kVJuk3EWHA7I>?w8J=GGwTe-jPZ153YEFo3oFRekXC<9wBFw1>gsf14r{v0Q zo!GFe)hqit7mol#g{yTkQd;h38DBD}cR1$@!HS0~6Zt6x>&=B76A=H=#pM!+e}0kA zg*mieI#81DTY39e?dH~k_iuuyxUZy3Qo||*jGHwXjaM!X76`m6?LGK=z>7iD!J7h~ z&B<#?B8A=CS;H{kB>N4bWqy0Hy%*0UT=4}@6{y>f3W|!>>aXp%@o^7{4!`mYklnsL zoR8AtV5<5nSDwH@B|cSq};vF96kdE#!%<0$JDIxWq=1yr>Y)j zV;B=b@Mz7Lfn79i-$#hp`(chE)t4RIeJ(xrXYRx6x-iJMGM=&QVK`L(i=b%R`Fd8r z33+yvq=Z~EtU2~^WJ&Mu+B`aY&%-be1gH8XjD1pZQR0oQhg;{Rt;6Gu?3pKi)Sexy z5NbaT8mWzDZo+WBFdi7d|7DeGi+T5{sn_`@Xzj8}l$D>uIFuJZkj=IO<>ZBLCvV3L zfd)HQV%sh>{K}HVA#4=ROQnh;RKa>FoNg%;23{UQkTf4und7Ame3&YeH7YNcIG>e|YuSPkxITr+Jy75F zG$bjF0i!g09IjWot|O_$S!9ON4$PeKE`*|c%h?htQcwMWR!z*NoR&u4GU18b=H&Rd@wNYb` zQ!jZzydTHcF*>(CTy}p8nR{Cu6tK1=MlV>tFafoJA5Nw=hnr2E{RMnp4R6U-YToeTO;33r#D=A_IO{%$1 zb}7pTK=ldc9$koc4oo*4n|c5%Gd=1WCH_cM6K!vMlnqCj>p5}mq!rWnlp8X?-4=fA zV`bx9l2stIXXEFW)~@mH{uA|g@wWW5ea?(bvL%qpxB`#ndG+c&N3KDX!TgI@>5?V% z>=yfDi5UM5LK1HU<+LciixGctGz!Su^X8L`;pLyq_Qy>FuKRz=PoyaVy{XnpNb*XV zUw?I8tSD;owZO@+b82Q~f~M4fBLnqdKP&7diVhfTk(rr0X6qM>g7ym{ibEC8x0{v) zbr?*t4-fQNo3aBerV&Z8oTCSUP1MesiRMv%(uS+S{}vdKPWK$i!%W`uvGR~(BEcQ?hm~p$3F`AQjdZ~whvX|9ts#khyZxAF+ zByDrnAWm4spZ{K2JaS#Qp!%npc@caN_&?K=gibybxkAifU)QM85Ts^Ogxf-(< z>CgXua5vvXZYC%X=qL-5y?Lymet-yW9JM}r{O8>&*oK|tp4m!lh@&=F|4g5|w8(`v z{ri2I3GbO=KGjqqon$|doz=9FNnQd+#l&Z4bpy2k1FbLHe&N<%N4M4uH5|$cN7r4! zevKo(;v9d=q224t3Y&(dun!1Z=77#*87#U)UF4FU)-VIp06p4ha^#6SJytB?&E}l& zm~qI8De-d8^&sz?91;<+l|kv-CEp3A+&Y74(V2HP(!_9Gikz45PNfv{H5io@)65fu zlB=ecgLqo5t`T!IHSKlb8}wegvx78!h*(0+uvD(Y-6fAd(y~y%Ed(ea*gutbe`7@) zS`ep0X)bhR~B$JVfr_69!zqc4uEiwMWKplkPM3x?8p93EbPpT=r0Hs@t4GDonRKss(jL?JJDZG zQf;bE8EK15ujU(FenV3iThL@T`^)5CTtMeZcks};i;Y8&ZAyzc3(HDQV4A2ByE0sy zutm}4RS2gnQDxJ&AbC7g@^w|v_9Z1H z!I;GsH2$Oka50`>9&~O~^EB;wZQI#$On!cT8xGa>=bpgB?{>jrAM|ZN^FIy=JqKd^ z(JV2rxqDI&%gJ{A^66WIIt+&wJ5cib_pk7$Z5%PM??c6bb9JxjLI_xapM(Z=eKmT0 zwE?)!;2!xVcsTJo;O+rVo&I0zP|11=+C%oI5 z8efY7q4qmXOH0dwf&yzd%2b5(Xk=K}Lqh47Ctdt8!M=BMLkTM6KaJ3(?RKnvgb!aD zK#|%W{>wHEY<|;aJZbyz4PF6U2Rf$LF$glV2BaRY6&d>SsTdnic-W@evFbM-Ii z>lj=5O!Pa7fxH_iRd-J9vUiK``Zmh@HDng1pK9$sBdnCz zQfXb>CB}Pp?EWzZ3KgrQ(jLRK_#IUWOGtb!pTL?-aq(He1Jl3b%%OSumJPRR-HX66 zYwiu>d}b7?41Mcwj0btSn-`jj&XLY57kahM;ri7)#o%BijaoJ%&gL|BOam($heazT zjiKqBp?2n*(h@!c$Y@m^d&VbSL$mL~hyV$zwc$=j?1D~KDmyg~u)n{2YndyV{nY3W z0%*Ofm7lwZsYK-2wr0K60T~0#os06b>IP8rV4Y9zK|UT07W91}COLUNS|N3jVaRM# z_`tz{UU^}@)(?v7y_p%*1W%oaKhizFJZW+wX;bgj=5}En7N3c`9L9QDi2)0IUo6ZG z{OY+8EK|3TTAn=l(SZ8c;n#Y-%k_5QG#BB%^kSa3j|beia?67g3gZsKxE$41$nEyBeExRAD&Q|dJ1o=jjwswb4i)_KX5v-QqT}VhIBrQCcdR7N*{f%zb2Q3Ox zWD2>2!`h)1ezmRZnLbGT*qBI`L*+uzFlrc^Ub20_HBD{n(ZdNk)xcET9Na955LjUq z5D_z(_=5)y$o!30dVu8(MLl)D-IXF-pUezQ?-b!3(?c8F&OtCy^nHpR`%8?uR3pIo zdX?TlxXaPOrP4I7&LQ`&^I!U5oNzbX-gPsZ(X&sQvs?)D4t!Qk<&D*FKaaUbX7wVRv+KR_Lgqcn*Uw49CyuD?#NuF|ohR7^E1PPj0f_+T2yfuqJgDQKl?ra-o|fP-=M*G<9GA_ei@ zhHVEq>B&4k4O4Y9q{B$AMP&5tamo{0}}Eit1q_)2Iz$T{yf|#fl#?U`(G-3D2QO50M}O@gwcpRzPY`YPyUBd=%%u`8czuFTS=`e&Lmu`cHwNWITq3nYRzc&%G**fD@o@F^U&W#8O-$a*lRR5pceN6575WQ$lnB~ zZzM_+y}G{JHg8ws_h;%2^Rzp&yg*xz9KEzAOAYU>@Zw_9qKwR?o}|a+mr-~g=f#b) z!f||`KlMM+rKusF09*q|xq&EgG3g<-dYXFE&WD}sg$%MqYep}-q=3ZaQk)M`<}Srw zXER9w91BvGOlJhutp4Cm)2!T_qGS()U|<=?z2ecsl0q>Hd*IHBsj`Z9(7w{v6gw+t zXhdC3{Z@?j+R&8sA_`&XHA88b^}hzJ_f00iFjl3K<7p$#3InMe7baOY?brNquFW68p5N$CBK6rK_@H5zm{F^?96vh3-+_>E3)vLgH4OBKa*? z6|+()s%Q;T?>uSpvvJ>8ZAB(Z>zK_;EnIs*{kuS1fH z(ZecJrCYRX++2zMhKqye^Ui^+n$W}vmGtje!WA0F_PVvK#GhOBs@@}zs)4CGaV;~m zl7u{aNxLTx%zs#m_8E1mQrt^>!uu>N!V{=&`p!63T@cIBbuK=#W51F@oD);FM2aF~DCDUEQfq|4I; zYk@a?vtp*5?oTBHt7vK_>HWMD5)%BZ$8DCD>b8u(a|neHtx-#c+$tYVAaic|q}wp~ zj!V{YQZR(#M@4G=&8BZ^MXC`V`m3qZuz{f}?Wp%Uu=8I^$L|R&lM1&DN*v=cHC|S~ zKp(4~H|gRdBpB`)@z8b+`E0`KiOc%8*Pxvx3YznRRMXrc$@T2F+djYmQIm$Tdn0~k zvPw)&pDKs8T_FvonP2D$1ux9;3 zreu+4dpX9f(_v%DMv}s~tvD_6(yP68;+Gi|FZRPoxSH!$B%(nQDT%Y2nQTEuUKf?( z?pi8##znI=qLZz$fqs;c6JKrUrYT^2_|Tzx=)ly~&}Z$KZHxm zyIO>(Gx86l{be*gF;U~aXDkhW`d?h4{m-yIgwXU4*7w^gO4qM2JlrO5R%gpe3*YL6 zGjP!B3#ewvQT?p>B>{{xQc|9@v-A=g>$e`rZE|{PXC7KRzN0jo zE~6^0Fs+vz_B=1Xb~AZoZXuPCSZ7Q_6JX#TQ7U^T+Ek4iUdNftkgVUWoro2gZC*JF zlMw(JQ8Wqqxp#Mn6+%j4B2{NgGB{4C2}?~|U6>)Wu&|#@ZNmN2(85X=%IagH0SsSw z%>i9#Ml2Y=fS~i-YO>gWEzES{iXFLxG+~Q$_=1M|o)>$BnC1vG>+$8wwkB-quY`uo z;nzVI?1S}i59jcQpjv^KjR(b<>zA0wU^H0J3cHsXyBZ5-asgS0?lpKq1*a{J@P`Rv zCOkkclQ@$Ti&l*=(&%Jrpe<$_TduEZ;^SzUS*>R_w@u%=;E-g#2&lFqh#4JLG9kL( zhBA{E8f$B7UHoCL@^{MZCjv^ik!#O&LNe@l>Y_`>6%fz)lDw7~_X zHc!15e$TVyfjsc41Mi)*b;pLd9fM&Qg>g6R%QlW$WH`;b^uRc?8J(1p9dK@J|IW?Q z>NQZVD7Td$@vezXYi4arulxz?qqW#nF;eKXkCwB3rgdE*8wa#F2CAMpZ}*b0JI>gp z!@;mNxNUIexr>rU3lQg9pBmvZ!3px%(O`;hSr}dj@_ODDeuu2ZX^4MXxWRmflCz88 z$R$O{F6m!2n3#an8pdXJfrH_ds+wwQ-wgiBFHfGBxpX|ih|NyMEfmHr=X+Xlh0>B< zVaL1;Dm67p&27fYL$YR@aOKJRP}V4z&D zLo_V6`Cqzx_na9jxqO2*&Z9&+2-vW8H($}`CtUm}vCbTcA*NvvcK+9o4$Q66-SA1v4Oo~L18Xtfc0OsZiDa$Ow2UTTS2?6mrw zmM^ttT3_3&q#YXJgMk+aa`v9DYy)wqbt;n;!< z%?~{_7M!?evZ3yLy*JpiT1PO*?qrV%p8{xotCox4GAK2G8mH6%bvA?B@L79#3Fo28Hfa%0|FvzNaLQyPI*{jcr;gQF>%~CurE!bj zpsxMM4+`XswxG4)i%iEw;HA9$tW#N|ce*G@Y}O*TtP84Z_hp#6ym>*arS<`LK{`!O zZ1T^kd8gO%?+9vMY!?_uTLM{3qnR8Sq^9oFFyu0Tre8qK9xV2(wIPrJLb}fi_S*dS zR`GSXWFOP<`_R(HM)$ypGC$(gP?JYxyFJ*3>!UPl%jc42C1{jG|5rYj$N4BE%4soA zVEQ=dbbT$;7E^}ZMj$6JFiP7mn0>&@`5Q`v;YrS?#BSV z9FgSuss>PfQjK9O$E5yvQ)PAW;tOZdiO-ZY?FJ<|$97X%u@~kC`u3+M+c@kjeh05N z8!L&l#C7_ZYr^Iiv?q=EgdL&kf|GGc7r0Kc*-rXd>U0AdJ`3K$;XS-da;D3*R1^pP z(84L?#22V^biH6^acwjj{QA1XhaL0SAj`FuihuyE{zX1%6%qnYQD{NG9>u9-rfP59U^tY>V*4?>O74JCLhgc$)DMV%j)i0rc6b*j-lwIgvvHMlJN_LcVJ^UM9?IgfHhSlW|$cSloz zTCg+ASwA^=5JGzPXqa67bHd{T&tDSug#Z8S`xgHRvj6WsiSchu_>$PxJw);D=$Tb9 zbb!!#PGIqqI8F2wde9%fx3I`|<|FOb(8A1TCA1K;I!sLxuZviSF)PJv^9eneYGg1Z zn>B-hEEL5y>N5n@MKN_Y0VCx(E?54AL_}4EX`;0fcGHh^7FwA~y4?1&}a@_DdFOsU zl2xWC0D6#69*k?`)? z6_75y1yCV`5IUg*2q?Yx9s%jS_kJd8@Ad9yKj+!+dC&QFJ~BqeOh(9@ce#Go^*1Z1 zi2&0fd_BM!%}jA|zgLcSD!YxJxIWu)zt?%YqENt+Zg4ozV~+>ABjsZt&4^GGT-;JK zggaiwSi62Ymdv5;hN} zK`>~bEjty;W5_m5v6-8T>7Nj8blLpfD;1m5k`KYJ+LO)nK6^ZU7}_Wf!x_s*s}~Nc z;Mthe`(WBiHmRea5ifxjEh@V%lnQ=a4*8bCTBIoHWMyVIHFdzX#Tbm=nEP*Qe1l>| zxXTeqt5s6wRmcb0%!1M$L1jtr6qTeDT2|#YcCqTgFD!nCrdxj&6?Jp=+hyMclwVI7 z<>YaR*8Wp;eEK^MKH||mC>|u-svx{LpOeRePqr1SIEWGPd-ChK9WMAlEXdd)IHskk z9b6qronpDF9=zvtzK{Ervb~*h_#U(Xuhz~`6K+zV;3M-l71MYkaJ6?=xs3^Pi3f<=VefosGOkxL9N3_BKqB#b%GelAY^N&pEHz!c3kWY&`wHV zneFKydO~nVE`S1*uwN}3{#k2KI!^_U3m$lJLqPhkks{|b6NwMK^ zPUr$lq5Lw-a{2GQ@-eLdhT2Mr_o=-%u#&Jk`v8c!*`7}~@Nf?G|2{Qst zr+>-a98^qaVvOoMl|2bkUPzg74{sI|JdPNNOKETR?BUdgFB$nHwX{=LPV&Ln=(g(g zb>-Lg9BL5NygXM8?*agU`24kd*P9%ojhl06)gI9h=BEr$tBpSkm&uF@SGJ~gR7S2o zj57W3c%akJWs#&eq10P#e<)NV|4r5sD0SvsR=_}7@HFZjyQrp_hqtIcdL#eEW0c!A zW|fXY%~wsBRom^1KClK`)e~0B6e*+5#{|mD#;np33uN31PH+CqkmiV|0>qDl?R$~% z^ey9Jjt^?H`C^(s$5wJ^Iuukk2)atKWu^C>PR7;BQf84bm=qx_BXdrnulJ!Z`2`#82v~Q?@*(hT z7KUdyh)!H4^{j8*=t&?InO<& zQ>3aS-tBe=rVeup+PJuSlXlx&uZF#Gb`A{6(@>WN9d(I+SFpS{%ho=&#KYaK$zD!t zo0TBj2xvQ814Ke;u)!SFd9P+S-FZ;#`haaEm{+i<+p-iI9!6Z%4%FKW6=mhliE?Pt zxv0(dZ#{nH75(Tw=yeWLu|nHAvJKjeKP{V;YTlgGCj=T^J^0ea^j))IQKVW7@{JwP zGyoFFpUi;)qrkOZ(KjWH2b>OOI!smz^7HR5B$=rFEC7o5HnABs3)in}?PjN$c`cX{ zkdM~tFVTZ5z5w}9cXhEfXz}9(^*Hd-UV425{o}_tkFBZeA0*?&vOG}O`N8+hJJxyY zj?HasmfrzUQ`dW^mk~Pb^>nYG$-)jlkFO`tBivSuEO~d8lYV1PV1W)Ac+sDpwU?)B zH*emo2i~OpTPRc6Uxip6=*<44?jO5c3b+JRp_5)qr>2;3pdxE>Bmf2G)jwn*E~ap% zsB2m1;pK%gP<)-fvCEZ3a7Bsy+l2T4SzKHUZ1_q=X4~vDmR`%q0PVw{B7DSU$B-~C zr)w9?2ivvlu$>_>i?~+x^TIoW88>ElfeY$=W-b82Z>Xp{x0+ZWixP&c_rr&`hUAF_ zQx4~i*IAbgndWOnWht-a1=9>*<3Ui9Dkf(U?e8cc>YRf;eE-Un=%33_t|rZjNWf4Z zKKoF&2x|A|PX(WosdYPusXONKIHhzW7q~%x<7xvmO6X@fj9Hx7yA!vk74n6;RuIOm zd&EiM3LFwz6`bxdfqs=i|>uK!u8O5U`!JT&zQTJdaUquCIt^VllMvl#awG6?xdV-^b7Ny^N1 zKO_@Io|TT9bcq7R7alcGn>(jRqoZ`A zMC{8)Q?*{Ysc`x>(8?+IYC=-cWS#Pmf6=Hqy4c`77^{hEcE;kDlM3%KlUlm46-vo`#N~ZuJug$=_aaMDJ~)rGe1A8Mm% zNrrC|UZ<|c64krIaX@*mmy=BuRj zPbZw6iG6Wl>#pBW(z_|WykGgA2NREb|pYhUFM)dApDG&Dgzu>#WeUcr}*&f%@9(JZ;@b$oY!o}Ys z>e2lKmVOT0TRWYo?Z0;cSyy()!Ctu0*chELF^Jt6u&ZG~4lAoBK|ceJ{}*wHuJz)v zH#AOyl@oYYSFeWHiZ!M?HOte7i`G;z%p6Q@1A15`ocC~Eb^~qase?r-O7KCwM-A`b z;&qdY#~d^a*`xTl6^q^-8r>MpOrc-3GpceNk;Bg7i*d-N7I>Q>U-OlfdKFRbCu za~7?YX|MAEtt;X!`T*N__m&3^;_ZQtP*)+;fN`GL0LdHjWUzyZAO)@yX(dDWB}H>lVe^Gm^bZg&&q7=45ThHO}f?t{OuGqq$1zyW2f|7oWn=q*7-+; z9mUByl{put2-gF<^1dO%0Dc%n!5S@eHFCh(Vj%DP#t?c??eyg;tDGONCnv_o=iu@b zdgXSN2bFugQS3h>&dX}B>435=ph_**Wl33)Q@rq>35L!@twnTlMkeu64J^6`R4S@g zUZppYUmf#Syz;3P$U3>&EG)XpU#ic(`XwIc5sFr=8V5=`!{PgGYdpr5+^eD-gONBB z2WskzkY-C7zb&9?Xx@3}bUj=DS5|U+C<9fRO&$D0`Z@w~R#q#*ng&eoWO)cc6#GC& z0I)K@Inh3TOhQETS9vuCBrlxL(O)&Q|4|lLj#8dJOBkV*j0H zs(}40#>pzD55QGEsp{&EPM>#A*KRiu{Z+t+{>y~!^tD}(YDaQwQ-5vCY z$E!cEhu355>Q9>(4hdN}!C6go+IiQa3x5<=Yg z0%MLfZw{-R@`moH&c-zz{Y#=$FW-vNLK^#Ql!sXR0pBUB8vMFjDlIK#@TXgDz>}8-liLO0r_m5%`!F>L&+T7zerF8r_C>hoMPuv%;%km| za*99iL;XMt4@pgoQwz^&T|zzZYiovgy5+DRxf0)4a9#9G9)%)0lr!kjDw2S6a-_j4 zsxWT^-QGUZP96Lr-!SYupzzCDA8z>{)zI7&|J3u1NJ1iE&%Nd(+0`OZ>aAP+vP(Q) zYK4C=g?=>WefkyQ_|%)_9ly{+nq?V!s$LbjL&?9RagaYrqx+ZUmzL)vM*Zhs4VP+f zNTzkqU@Hw{;uA8VZwC$@n0Q#oS{WH!y(nmDwHb^Qb>-j66Ej^6?JvEb#(A2q>H)n{ zmVPRUr>{8Ivc@&}mFJb}>vflIQ%`QL(|=IXBV7W@D+;!^-AO?hEE4s3n?{Kn2kDou-nn)1bT5defxmJ_k3iCk5&2Q?xSx;UvR4Ttqr*hGt*?O zRpLXx<}S__b*hk6zt5lXN z7ptMldGOsy#*F&6b;=`g-fUsW2?x< z{dbOQQ&Kf?p@YqYNu)RL8`SgHoHsNBuAt*pB|C9HnR=h`m@uhvhdrsNu7J+G-Y7lCKZrw&caihw3J+{N#sMogDrO6&R4^TwKm3oB`$ zzAbv(r)P)Ou6p}=zvvuBt%xDsJkwp99(l1@kzx9gJDe|j4Wt>WjZhy}!bJ)3F1e3Y z({vY31|rCbQ@pXg{X%twayx@Vx3C|rkVW{VQgIQGccL*jl}=^?idm9d(p46AKhrQX zM^~A7H*%%MwbaT|>UiAaPu7{dp~;3zj`Ecijw#!%wAN%H+6n#8&Z$L8sgk1J&2KS} z^O<<#R@`ZpH~WVXs|oO|?rtw1d&!RuhGU;3o(ggrHJ6XW>9_VyJoV#}6!gSIar-i= zg{eT}_Jl*(sc6(@t;C}YmNl63afMS_JdR9kZ#F{UDUR)F`Vm%aBQkRcM0sBA>}8mP zWiyh(-?`gZtf4VS(^yQFxV7gj^PVr3Eyc3-eUFl@?8Fk?A=dBBw}dF(Zl!q57NHm4 z`|X5`3^}}>qdXl|Tyk;`6&{l34V;QauQ5He;col zoT}q;_};pzIXK)5BH*7Oa}`Tx;gKtN!z%jQpJQCI*77;<73HTyvUKgjISkoXdq&)y zoDTNuBTG_aKRSAMk8XDUtiM{uh^7{gr+f$_R2TDIrJ`dTtJ|_;da51|J+GbUOZk4) zO+*4qACh}*P*kl19Y2wQ_!Lh`4F-aF&TKVKvWAz3z7gHYMB`_Q1rxQavr`a@t`vC_ zzx`&u>vja$bMR>n4MR`af|)c1IJg3~7y(crhm_PYaDp#|K&}wMy)G$)E{Gmpjwfdf&OBVP#S4=& zsHL?tN4%Q|nR(C1a{P7KO7p$c1r=gZ1%aPhY)+pAiuJA=L7)s8c(2sBs}UvcXSvq6_Yz44bMGt2T^~Lp%C>?4#V&h#Ih? z!N)vK^m#5}tyQQ|wbd@a^v2dzBPuo%L>jjcmJL6D1?5fiuKJ{{twTR1hwK;%ezxZ@ z@%H>JLi5?JgRdQ#^@G+DRzma1q-BY#vwjCh$+;phyE+YCL$X{CIuB9EqB)?^>$&qQCBvIi@bZ|E%Yzo* z!qxnh^w>ZjOo&0r$}h9Y+DZVf?G6543>Tpk!N#v2A6`lk6l7;xPFB0UlpufwdR7j{ zkLI#*^m-Lv4FjD@ksa9ogqJKMgf3DPB0Cl1e{tNsw(qtS>c`wz)7kB9$qNug#{XDK zQGt4Uy1LGRZsl+Tf3#etWkcfA8ud7w)c%1Z4^W?4p!e6diM0Uudepo%5_0>2r`<>E zV828L7M?-)o*{+}=z_QaOTm4h%`^GHY(qx?^l?Qb|FvEHAM(Qgt!dNKvo4zcbxm>= zKPoKmq{N&9&ZV!=>kA>?R{%K0|7i;Ozg_h|B3mKMJ@%KI^&(d*i}lwz>gU_=`dFw? zUe@cY3zJKf$9zq|V>;Y9@7?e4^TNe}_ZGti7Z#+wp$cODEBl4ZUl-?Ycb9CXRkj9` z{dq#W0uwRbHhbNgE`LvFzoJ8VG5(V{Nl>ddc{GDk%vaMNFRc|{;;)LXh7L~Zi#)+6 z6ODnj_RXDW%L#0$$uPegCE z7rIBq6lz?ZbQpbtC1?IvykT*YuBTrt!;nf&iJnG9Qv!mqe2Dfs` zxc_vz^iPwW(UO2YT#6Dl;1>V{yU~ulmjSqL016UfIgK~kZ-cW+ggu9w{Igm!katze~hoUtld)9E+^ zR+EW1%I^Zav4}n7SwKdZ`DJH~$*xvWu+){j{FTC&=JO)sD1*wyvuPFPv?Ea|TTG4D zjo#{#k{A?~zxunaF9Extt?_kStGHZHeIprZdSO?pI&+$bIQ<*wCz|3TPeO^x7CEHs z&L{M!AgD)f0$F$~>!7ta9u{EF41igGnYB2NRkg5uJz5|`eD}jYkqavkf9#R^Z63Ey z#ZZ*cjo?_!JTp6ImJeR^MpsoH$C38+a)XAghB^VKSFXgSY zxcTU#6s?8a^njak-o1;PqC>QaUZ>|8M%mNDPikq&7C$yE!3!mdt($#Ep1lz&8n^m9 zuH-*CH>`;G5n53?JHe2VpkT!%pGc77RiyJsx8g((WyrEKv%86h7UST?X9q0|r^f=^ zZ0onJsV>=-8DXop}m&I`+uToXe;ykacgK)6eWbgLgcN z4U|HrSqP#~u~KP`D+>!^b2IQ;gxnE__mm47JIUqp9;zuci4~DQR#WOtLgYi#zl2Us zo`syvUov_ZU04*MN1Zk@@7zo(?5v|h_p|BpB_ke7=-PGnC!CNk1)@rYln!INc&_mVX3C^|^;c zh@y`+1wjc*o9#Gf`Q(S+IsiZDyVvvQI*r)%`!dRz+K7ac3Hm_ZG?og)NLH3C`g~iR zW+wIXZaD~a$R2TRz)_0xTtPiVU2F)98Jm&OLgmDP{9vE_RlUQhhF=L!VAZH>RpGsA zGI-RUJAO6aL5{_OX0|LTK`+G!AxNdR0F?w$a&kL0pzL2|SQn!B*2XKu(%u}GDYRDl z&2E$RfDJUo^Etn*NP7tGA)dj?nRpr9tv`}>tu*#hr{2gev)%1C9m2v2USz^P*2qPhdA=d z)jP=L-A}wd>*97;<|LNzHdfm^olG)rS|^6ixl42>(9GubV~QY(!88YvXB0>!%LrWe)27&cPBcDY(i-@XNy<(P8js{a=v zQpU+%F>Mg}{LnvC$Vg2jTbmmK1 z{fDA3m|v8-{~>wj@vWdn*yll_SNs|>)H)sfJg2QV9|@*Rwp(1`MHhHZ=SBjgdi2Ja zIA3Cn(BwMsd)k@zu2IJRAzJj4^0X{mX)u9!%RwN;o?l<_i)=7*iRzun+Vn-Xzd1J7 zaoR8C?bThl%U?{Ww`bH`a{H_t5yOm4eT20Xt5}A@Tcu1U^^FvcuNoz50s#(Jtp=DM zF$vI-3%8+gCfwuEdc$(FnUssWI#s`wV?@0@qu<2wK&TlxV{Em$Wd{k4yfqhveA490S@Ut_z>%hy7!7QKYf@NCrI|S*x%Aw2B zHAgs3MaJgVo~%MurW%us3v}wv?}UaPVB_*hs~0c0E;c`yh;iTiQJ=^Q@nodpqTZJX zOWb)^t}yxaWr9FOZ~q8gb4AC?pz6<47F&ze?ira7YjyMaQzLzY9dOzovf(t6=?ZiF zq-nOv>O3=R@VSULd#MXJ^5#fN2{InDm7sYEHP>xla7V>X{c$)IGMf7=d|~=*jbzO@ zj#FT5c-r8SYQFc<=TbTjLBqo{gh|P0sg@G*G~x^$RGJj3(OQm~hmVwU)OZ}majV~G z>@in}E=c2P8Fa{HF#hUwe21j^Q?T2}uqc?@Zrr5)^JjuGz1&BBzBUHd<0+*^9dG%C z2DWGrMBNaOvAnW0I^~qimQIOytGI?*HsZ}Pe(}B4led<@x>$+sNl@&YxT(#S2fyB> z0oPGd&E>*wpRd4SDG89Sc7FZhUH;huwnuouAwwEbZeUZjXjBn) zFAchhu78C$3s5%r(i==Ekty-V51!pO1k*~&;9ld3*_r@Zhbwqgl^(^OMMK<$+%&tRc0h|G&i4RZM&;m7IVZF#w!xf z_u0s zUE!UNxMbNxwH(uI!oz4@wc50nm*{apSfBKTwS}ktpqjdRWEtg^FVrI55D}?SdhRz- zR^VpO&;>2Y<;|bc7;E!`cHNHgxkVwcdxz=D zeP(?!yvZ++x@=X)B45teD)QF4-6y2N+~p1S?1f}V*Z5vn-oV}*FB^Mqo*0qj0BIoUFQxdH-;@`uGr5G3sY`!=sQyz;7AmU; zi5v}w&Du%f_Nm0KrQ_qpTQARSf36+Cew8o6E&#C4{K$d(dV8Ni2>4_nEQ0Yubiiun zdl`_O`5&Bg|HBzS0OdtMK%fp6*_pmN3t)Ww*soOZV^B~55ZVb0BQY_1C#)2}yJwgH zHj%4~fUD`NIqA!}u@VdE;~%7#v%Hk&^gGfQE9!vwTkSY=!>BjlviB+l=#Fke*lV@;^l$7F75@*hTcs3wuOLxS-Tz-ULc#J z{_uIvvcqfwXs+M)ew%9nKES`3fUkYHsF(ze1D{rd2Ty~^~hXWbcy!qQa5`kE91NS)Ba2wtu92>-)wD_{B6{d`EAb@mo?6I zB*%w)_yz=5rA@G$lnBB_tHZ%Zg23?}Z{I#Z<^PNtB$tT$H`&=M2a-wx(cE~(Hvld3i6`J7?e^TI#~RlO zKNx%8n#eLeY_iE|^Z5Qb&fY6tGcGlqoK3lQ)VpaYM=*^<^G0t7R$WV=eHq* z>u_S1U&(t@z1EOtaM=U0HPQ~=ebhf-pQpQ+L|c_ts}yULnq{2YJ@cIXzVf(`l#tlQ zyy)yIqI{)YcS8#~W^=Lg(kl8w*0Cp#DW`g-3ckBX#hVCOOF9Cjgwah(c#%mV%cn+q zA3lgKDM8J?Hu&M=L%>SMb%BGF9WiX(mEaZT+UZ;A$ZypxrD;}|wm;o?7ci)8(KGVU zpak^|FOO6rS){#n=&}$vIK&m+RiydU^f_P3)ppwSJ^w*%hlo9Gic$CQU6l`U*$NWr zd^R687WT6z=zNyv1_?&;sj3+4Gj$x74D*WNGyUG;aeWYh)SJ{Q^hTvKxs{U>B zn2$)X@p!6Ah2!m|<+z3TE19{n{yfjdA4@I~2-D0HWF0Z-~i2k+_oK z-J2{&leI&Ivl4H^kb#+$$4O z`stQ4o56-1orw}R%;59@EIS1})eJhQ-Yzv&&ngC$@R;J-_gh;oUZI+qg$wHy43*K5 z`1F9jFP3dgJ`F~aW_e2%&l~+5szF#D@qo%9zK!Q7d80F$iYAM`8+Y)WDl*(Qn7QLA zTx(vG)fP8#hPiEeZtO_tqEpzy>BLVJxP!M=)f>bhvqDg56IL?T2!Zr}_-T5==k!}D z5vI_!s3g0my?+<13tsA{R`0j{3#Vh{9kt47X(w|I^Z%MuMfaD(-POVN)Hw~2Hz@xr zMQFsQN86_6bqjph=O{I=!v#2J2g}rTSHmhpD!p<>@e)QOM;rI#K+LtQ+Qv=F=5&qTEWI^s$xP zRkS_hBdtx#@wK@8rjB)v0<0s4$r`Fu?*r`hT+m_C*0RMhLydB747zi9t#v`Ts%x)v7@atTTVMq)EPc|QE|z{ebdpRx#jN`z7zzG=%~KdJgchsft;4bn zU|5(Brgu^EHT7-1CMKHq#rlK2hC@B0vdS&l#a(91o;#i1ny_lZPMmsns|OM3$rbvf zWf0+iN}xML-B1$gIu_KZXL1ds#OhGBC0qk|;0saLFg3>BWP6>kxA5~=dQeF0vyalP z)jbpp^sh))CirTdC3d-$KZ-0Rhy-U_n1PnVm4|gdhJLWhMCa=H1Typ z@=pd>?{VYywYTqo9oyMtAYdJBep=cbadZH>I%j=%Pt(2DL^!{loowQcUo_>-Xvkt5 zDGa#jmz^U%21{;{Br56@4(6@AF_{JlqlbwSsN@RAAHA0FoAQa?yj?KM+N3}u_wB7B z^ISkjyk7mSDS!?L~0*6iNeGCEb08-QTq{=nlOn?jz2<&DA_(qciS# zef@oKb^BJ>p>y|sAyPk`i^z{zY43avgpz4YqO5J{8(EDfS+=InZf-*QCBo5p7ag7iLyo9jT?2 zywFKw_IN;~AR9mz$~9yxA)GW*QtKPgi<-?o1~2$4$-a1o@}a^kTMEyzP3mLx&!VX(?Kq z(HBs%UuWL~%n5^!@M!toxdeY&@xFHq6ytU_M911=3m>%G(523?deJDSNbycu#35G5 zmf<1o3*KbgqbxLEQ5EFWZY5Of+gLnIs_G#`NdsK6_-bLLAGf9B8cAqD4QwXf>}O7% zO(kSU&st=DDO6n>a<6=orfT8(&G!W$C=m$f?A7&5FflW`#Y(U%Z#wz@GL$pmn56IQ zW51Zwx*M=%{N?GVuV1-g_G>GI$e46g_R`R{qpjhh*-OcAbyzPntzzeujqb#R{n5uZ zIqoxq_c3c8wlE;q;tnVeZpOfU2ZKN9k0V`z`yep8GWe2K=nvm72O6ajT$YvAW8|}I zn1>J02zxrxuQ@p4|A}^aZfT4*pVxm)KdtGU-LRQGOgDuGn~7f9782&1K2Bsj} zHKini2{STIB!b;@?2}>>b7K5^*$7iioKk~bJn$S*^d-&{MyKs%)LZ#47eIuKel(%{ zax7-!3;hD&xI-af`I}SvzS&KSS&^ZxN?#=7Tqa-+I^;|k8zn(n6uPA6N2_g+wae2O ztPuJITY3fpMnNGo+PD$r8Y42BTV8EN*Z<=3z-L+D;A42#pCDuox;C;LR!0;5yH{*n z^mFShIJ8XEPsS~~01+M9uRx{qG($d+Uf4hOBjl&%NLk~*n*P$J5N6nD+>gS;Klm5z z+#im+TQ!~QunaFG#_B7BcBcKF)f%!4T2s(yB}7yP*wN_V#HGs{%sX-^^gZTLCn(Gh z`JyBScB#)#6BHf+Y_mSd%2u12;%`!PGCdOv(uDW3)xQ4LIr7!$oTgkRk(zG6;hjTd z6iFJKT3vbYdYHlehH;COYvN>DG-zKu3%Iy^!>i=^6MwSEH52u5=jEfU0i-P&xKGiC zCpOU)J;?}5W@n3>n)$Yoj=-}{^C=!BPzjlpe@#oiIpQwk8H?d|OVSo-9* z!4t{u)-o4#jT{7y?qj^lwbxz0vAO5%e%E6uzG_P7>V}`d^hZ`v)!%*R^!4>e0P70o zV*G2zMxuJ9!QJn({XGd;BlB7F_+Xdu-ifMYdkNZKbngcreHt@AE4$i9O2;&V&w&#I z-j5U?!7jXl)Z?(?zi&kUR{S8CG%YDqfBE){9ir3wD`!{9Fwg`#`7s%<&;_!e5|sajy4aD`SA~_OBoE zz|2R!lE1gqD=pRuC>Fn#nClOf+`uOx(F{G41(Cbs%DXCVYEcq5MIZ(2MfnhHkDmAC z?1^*MAB*LQ^z1dOX>*cN@_q&7y{$w6?gmgg{EYxWWz}qFCI?~`R4M0r`i=J?nO4a-c}$02)*JpBg8 zNh<=SJNqaN$wR54QF(2YoJF;MZo{3`_431vK%dU6SyyliS2~=z7QOl>idC*t%$~=~ z0SoRNw?oryU=~%rneW#`g3EN$yi5Wzb-#(j<1!xPK6$4inH#3)c%1!Xd0|o)&4Gs9 z@5Nco{ImIo{H3I*(@USVU-5cv)C*l5`FuP-XNA4H!htQifg-J1xtZ>^G+7Zg%Tbe- z#F~vCLx!ux2+U8FXDaf9IXrMr%6h*`M---wbow2ZGEw-I zPA=|I1-OX_)*{yxU>;wpdj?bwh}j~LYL7>h;3KhN728AKQp4*xloCWb!qC+a^x(@_ zHkvgk`rZ2e?p)k+j&y$u(|~_bEN(lxi(KFU5MM!n@`3DPrPYj6i^;{}{MA_!B89J$ z!WJ0(QsD%tr;wjsQ_SmBXkIapR(y+b0l5?#llCx_6IRP}rL9Gt&M>TNRZ{HT zE)uzy*zSg+6=ix;3v{+#cSL44$_^ex#vBF>)+XgxlZf9Rnt;~~+nE_f%py^Q&NDKv z66~Z97TKEBAe59URD57`Yi{_Zhd>!2SQgu)>1HE;QR*0^l-0jRBIfobb;D)+G2G50 z(b$uH6k_Gh$Y#5;<1qBOHO*|vs}9-Sy?P(XdN<@lkAr>Lov8lp7m+qP&&H6N_pRbCAQ(_dD=aTM7sN(a=bmXVM z<9^+`EiK=i09tkFJP?KB$F0w@3rn&Qb6P9jzpZ=*hJvof@u-H7xr+4;e7x-MS%B#u!p_A|)a zwz7A4-1;3#+?-vDrZb$_xk>1^?=G8bo4wZAw2|zBaO<=4N_ooOz}EGe?gUNK$o@{|@+5F^w3fFSj@Gm<%P491JNY;P~#^ zEnyavo>n2~pHtAy2)k<L@8@?3~8ki z0z7J~<+=vqE5Sbx#n5YYFH&6eqv_kwRkT$OGe0qF>7n-^Z#(b&=DEq82Rpw$yL>4# zKnlNM>`H0$tAB;eP0b5c`>hmEH@>QKS$f6G(2!T+;YFnP_cb?!(!k1A&4IAy=Nv45 zK)Qt4Y>9hn3Et#&3hn_Up1iyEE>LdVk7l^O&YT9;T7pn3gs{Y;%8OL4IGC7Td{H4M z&&!39W}27zpJV8DN%zVR4y(za?Z7InGb`Q>))Rs{{rXxUk{39wOlYw_Q7R#3hP>{&%!@ejxGK3fYOQc;b)!5`Y zy~)9NZNY7sqqE)Q$~_O(Uq688&F#O@-e*6SzH}e!QP7S7yUw+dg0vk`n-@1TFWLh0 z7Fx6j$Q^mFEpT5D2&;{Wa-b?ftgWvzbj}VpeD=rLF~K;C*88^(;n$>xE>(twRBqg! zT3UIU?xJZfkUP+24kVrGab>uNF^cxjV$~C6n{7yHN;S!|@4^5mzKv|C%&deOyJ;G^ z`2=`mcyj$eL?ZqV-qw&HtHVci?Y5j=!jnf433;pRpMK zxn=p^ZEw|^w(O)T<|0$V#yE@WO0vGR2bJEQju`LtFKVhSK>|Bf2Cl$=v;BOO5Mbrf zsn=rU8?u~;^C`)MyF`B8TYLm&`(5vI%;6mNwoyOk6Laqik0C2*Ycb@x2q&d1QJr;J z=0$Ev|5Wh%_X<`E?(hRsr+-`3{#S<(Lm3Z{`e+iW>r;Df`u_QgACN0Vd*WNm5#{#x zPLmW~3D0W;wEo@&1-LH zy$(2k2qb@Z2O{^ctuB{gPT0%!4n>f%r*1lG?7)46S4gQ%^GjMgT9<)GRkuewUSxFG z;oDTMZ>}kT(#Oq@!9CCzcC$A=)l;v+IcJC3~a7jK}mnTop_-(@|Yp>mY zYSM-zf2TVw_N1sUBYUKak zT6g5yd<42*`=qhU?P6A z>@OxmvTm8b%elv?qQ5<+h+q_Kg`yj=Oft5ytA3k`qH*A2FR2FLkIw-7;l;IAMbw}O z)LBNMi^IzLi|*SlISpF6hqi&?_x3Q~=72Ob$nJC~_1LSUOu>v|)I; zap>Ceg`^@0vL!k7-!{om?PT&8ZOa2Ggm2{pduN6$ z=E%5!1Ld$cV5{`Hg3pNiVHk<(q!?9Wi=*W`v8L$cJNG2 zvJMRSit0;;q#Bb(o#X`#>!GxNbfWI(^Q$*fGJGNm@dj13f=Fk~4 zO+YoJ>6{XkZ_P*&8w!!#9$b2|f{07%-HtGQu2e1*<#z0=1)<2iP{~HEO=!!mInmawk(Z^gbg5!C- ztJn96o11<8{a3X?@}KOD%Q~NwC7f5cqT_nTFwY-Z6HSt5Z2Cn!6_;11Ri$*$wRO0$ zwkF~9Wz2#NQSLNb&cG+Szu3rE=ym?;7q}I>Q9e8(rT-p?6Rqb|R#zsuVCdwE^lJdC zmWfM;j94#8^s6>@kQ3JsOsE`6F>?DGdZZ&XKfMbEt-dTH(QJ)jih7lv?4m>8=3>*e zfO#q>lHm7E%wFh4I%y)Cj?KN*&{&_xn^leVLw(aS5o!hTeVRZNFhQpvJ(E?a@-gvb zxfiH{fsrn&lYen_Web|4CDvsf+WO@-afNPjlt)Btf7G1M5d&H*5m#C4rjYzF(KEM{ zpVPe=fInU;P4aNRD}bdLkA4}RiT%eeTF|-?*FrWk8|flQse1_BRX56IS2b}c({?-k zNQCQth1si00);aONRb?M-LrM=v^>toUAAj5H4}*j@Y2 z4RDj(<5l94e^6GQZO;s?K-hb%JRU^Kv4d=_>V#S&V3G|P+DFa(&jP+K7CTfGW{)t3 zYQ4zt_rAYSD|s{G6_ zE(fI9tm&>}aPpU?=!*FZd%SuD0~>h<`A$EH!oi&x8PGSOWrTybDhC&L=pbtw_*v*6 zdsPO*Y1Xev$scVQW~8<$Rv$fVoPIx1nE_To{vB!WVOw~;*QtwqADFGViJeu6(_0kg zT=^nK7ixs}MpZeR^b_7bW9Fyn^uea|W($=1P#3&)1}E?Yr}1ID-l?bQ<`KER=2t2( zZudF$!it6I%=*ELrW@_{?`0T!-{~oK>L{vSI=C4KVUP^M;`7~+Ne~bUD@uouS{nA( zfhydkr1}tRJnz*GXRRhUt}f82{FrE5xRsYSyb6-x%UO6D?0M=-7WsaEQ0J*heO%M> z+$SwILqCRR;c?E<8O}jptQN!y#QH?oCzB0Qi)!8#mC>J^L}l7f9d))im^j9fA)Xq^ zuTAG`vm*-9B!uS($*m7uCt8?u~HJM?~=F}XCezcThp571`}5E^`y9sftHT8?vFU`9vgMYgl~)1Vd)6PdYy z^Mcsq$a_5#b0g#-AHuy1m}kVx??OiO5UTEC=krU40pCZtxnl#R`^x_GBep%&A=dYE-v$;iNAy-1pg&ox|S2; z=6W(e0RSvEUJwC0#jL>v=1IeNDK)9S!7cZ)i`r-0zFks9jCUoxSB!Xp2kDZxd;MNG#@7FGYJSSX{C0uzvmIl_;u#bsn zOjI=qzC60@Lb_^Wmaa``WGHdhoYfuOuntebj+aIi(hwjrxs$^gsjp?)#wb{YUscN(#GOQh{nVf(>b%oic8qODCR-J zV|G-0UtMZwD#g}@gG)*3ue-+HDAP7IkNI&)!@K|FiCWPc3Z5h_P+q26XPjo6JeQonDRT1gIYr=Fe~^Z-wk>Gz zYi=!rTRL5x2|3fZNN;8Qj>&5nn4+D?mf&-MS4@81-hPFR%_G6?2Vlr+s;aU%&Z#E; zTK(@eX3;|=`(seb!z-P8fYLJoXWNo-`eO7UKi>GZyEy$#j3zJ0kxR0Br;%);u5J5e zJe%&^(6kf;8J8=RccaYq$aAEyr>;zmku_~*u*b8ZR>_nSkmDI-RDEbTlzAiq#2^ON z3p6gJT=5YkUUym*+GIwR(5RT~epg?kC{Miut@d`o^&V*2Hja#V!A zYBiJHZI1?WMGA&sWdzlFBFOUmj!nN@|L2kY?Y$ENIz$O{zxmb<*fHt86}f)F?x8kLZSwFgi4b-!<>O$Jps7B{>T*o}YN@y<$6N z@oC1pTrzEQoknfG;VhB}wv!5V`yWN=LZ|6&+k9dZ!K^=T=(&SzEUg##F!`k_+F!1k zXl*t1 z<9=Nq(pJW^p65U3{LK^j$<5YV7?EwAk|TV{qL%n0}4@rI&?9I)puzfDo*nd6vM{B^61L<5;w&iVtY?{xzDiNV_#PuO{R)Lgn->fy-0b1pdNjjJ_EuDAZUbqI2i)PaENh2f5 z8l}3rl-2L}b6%nJ+#Ozq{Sg7?d`DyMA3P9LVx0R)AZpfhDhg-!`h zXb}!!^Qz^CeyyLAS~B9^P7=B{bbs8#2XMGiB#x0@e_)bbHWSl44ykd;Ru{dO+xITs z(Y|0(TS;0YZ^+subSRLcP^L<0OGMxFqz$+4TmU*P2}SSRM;m%1=sGxAlG zh(7%(2oL#IUN@&()*OnoUp)DIcJ)sx{Kn9MRWL`DzQmLR!xhM_4JTn+6$!;F zsn3K?zm8qKECPUDzwopV{MEAK#(o2W7XRX;{_oG!|38(3fB!DP$sG)X!PM1`?W#bpQ$jJIEibW@^fjM?{)lX|v*5DQvs;aQ; z**XGBQ;&OWk$u_AL45p5BqW&ucpo_GUkM8RdyPw>J$^^MjyF`Ao?Ep$0a&a&Fg+RZ z^whh>=3Am6-5e()?O{j~B&SeayN0PtzmegxK_wt&7+uUYJ<3(jig{cL$RpbiH2W{6 zwtNN6-VhDyx?X+Gs#P>DeB6VxkDHJbR!+=oD;eu`1dS8tz(3)?5J+#*10k1Z#%w<6X=49ru-BB zBln^0(&1ENy4As?Raxp?<;ZH+S4|Ba_+7GG2|m9=^lWf3Cwngb0L9^RGO+^+6Igre zQIsfDNHG#Yf($mZ;D}&=Rx!NI1aiyz_Neo5r7pSFQYWE49p7zJ4{&(Do;_J!QF2*P zsl#KQvNI`6;7||1$yI;~3bx9Ob=wL%xz`Cl$+WG4khdQm9$PQ&OkYTV^FpGIinM6h z@nMQj#r?LuZEAZoH4U5)T3dmmw(bzW;mx7MC;r3GikJ!%p`JgFpe^A#lmH$C;*3@h zvNB5%FDY!kza-lLeueMeyEgkR3j52fhPz}ihS)Q=NASp|0Q=Ni@RQYGmAJ_41eVK- zS5imi6*~s-UWR`Dw7gt)73RvW7Z`%6rB8b9%HZQ0wSt=vsygA8oBAltv4d{6q^JCb z9D=r60(vqdU|`+`F=t0doXQzAH29kVu}~Q_nnOFF57#RtjT+$|G#|RK4*^y22gS(; zR+<{tejU{U(uahjxQxzjMP~9?1XE_5kvywZthh*&yVqiU;Y>HHyx|l9d12&+)4{3w zQf5;JYe-0xv-k*!Q3}FBb#M)((Ih(M`?)f!qv~0Z18^{T4O6^j7~IgyJxB+Jd_H9q zTz~#u1Wz|^C7a-T^w?MzHgDC$W5g4Nv3B+J2frg|5PSRGu%O7g3antP@Vbl$yJPRB zou~dh&5SI|L-dEl6U{dHqtvVPTfjusDbKZ5#8VlRO|54S7EI|st>43Nwq)&L?!jya z12uq&;f$wJ)Obc=$8>LH1UQL2yZCHfxvL<-r?}|^Cz(K{L6;@)z=HW^F51h>dcUT3 z^-&{z{Jm5e&Kh!<0jpI&kELdiD-;sAnnJgKgwzhPyGai$Yw!QA6T0KkTAGtdlVK!F?Qx4U zs(WccVF{n9GDdQ|dFI@p$G$xdr^&gkY^7PwV)LV>mX<`{Od(4tQP&o%-OH~=cdr#& zYv|Az9DT0AZe@{K*uOD<5@PzWu*tJV*df<6HB&Gik>|R)=SMVEdC$Wl0u(1pO=+U7 zms;fg)@Qd)e|>P0cypWaR5s}bN$L=;x{em=W@iC?l<}0KS0!HCf(|guu2HY{Tk2SZ zi@fAk?P4WT*=_VCeLAxBoarXiNmaPXt8Z?;p&%Cw%}M zetx)nP)PX=-7gy5J|uO~YHZdI%5GEO0evrU+loJd*-3-~W2kMBLA*TeUH9$BHQ zMJ7g}ZI+C%?bE9VHFbqn(CJh7Ix8nJ&eIl7!(L{Tb-s~2HeyrAmb<~I=!s$&SwVPP zaZd%ojkH|HXocV8!ETGPhtp8geZJKvesnm=)D@vPWTt{CALnHa(v#?#pV!E51tPSsSwPGI0c|qc4`$Vpu?gH;qS8hm{OecEs z%OtjJ6s;H?=->;eF|!3_j5rL)@-Pl^ZG3F8q?RcJm@LL_1}3|XS89JOc{zR$G~%|mwkvc3ZTNx zIRCwUVkP$`!G^;%)88AatCs>c@!&LnLP(^$7Ol`w##3&Uc7F`uFX!au<_1~|3^l|> z`S^AL8X30AaVDc5oG!3VE9&;R=zdb-6Lg-p}}FUzN-+8UM9uJlRX8nX}FO7cg*pR|E|w#@bwP{ zwj0gr)uTN613P!R*8_`afeW#>vH!0*{eQX@Gh$K#npeM;!>00!#cWehoeQkK+Wt0> z_dgz95yKD`rwLFE7x&1Vk9uit_+P)$=3=e}CQ{{TFRchR{g&a=_>tw&j$9R9X|mm)ZH~iuo4C_v+mnG*5-%I&y8E@BB7lsG0h%NC5%g-T&5a) zRTSTWwLI?pi0s7GubJK>Uj(SxK)=Fi9fXiB{z3G4{?Ks3bj1()BY)OsC$C4hx~3b{ zPI@l_sy9RbGPn2C+;0>HlCx$R{GqHoUBL5Nnhe#oZM^pv=k0OsKSf9%+>ri&n*`fg zC^$inz9>>L3dGypHIMR!A`ot$QjPU8V}5gV&uCY-H|Y*5Z`)SLz$2;l=lwn@$DnmM z40L`-ARCHm^D?E>FYcrST=9mYW$C;ORnFkXOmAY-!X4D&`rs4U7(GXbD)Tq`-8z#m zpCV%~O&1pY4C}XU`OZeOKAXm^*%uU*>tyac@uzv%_+v4(kFxyh!48m%^)e&%@jhuz zr1&eq8FAa?$-%Rr#LFS2UeD~ZpDkocW5{19 zR&vjCXrYK5{vn7Vg3o;D{LsTk#$h0bfR$hg%~jU*LT7aRU1nt=+=Z55{J6%p zPtVe3{oXVWa%2&3%+#I4bN8LqFms%5@*^`!CwfwxDOpm${yt~_v9P79AY zT9?}?a0>3t-K+JUcNEu-vfBQ(Xx_ZBzoTyG=BsrLHRz!n-iF&g5n^E(iBD4W8?K)) zGRcJv(33Ha47B8Hlcy63fBslalW}QNws>i~x+@%c_Nl)=)OmPxLR>=XI~!C_%eG}f zddyDLw3HieB6i;L0FjIK7DvS@pEdhspX>+!$`^zws_$KruFf?p1PvH#PDeEk4?QY= zMH%93c2XoE=j1La$2S4ksvOpxTInH@V4vDn+%K%5sP5y%IteRp{5wZ6=@X z;s!?F6L^qB)Ff-Yu_lOLy*FY~_P)H=lV8ZcX1G~jNpa0U=1EjHWh&dvKSs&nFYi#= z7xU6?Q8H)Hb{uYsYr(j@98K^ac^SF3RV^&E*1h#Gbj==hP?(k=V>Ifn+(OYoYGcl_ zRK)n(KRxzsMTHJ``Z=0_vW!Biw;mn`s3yg}DaeYVA~8@;=w#8va(Um!H6 zWNL2cHL{EJGG@cxm(6qYI)Ax}Ai9xilPWmt708?Aw4MSb7o(@Um{uv2lGQq*Vv4_f z<n%5V<2wm+922AeJDfUKqb3Cab9SpM<4t{Rb#y)c9X% zS=pWR$k3M1H*bRf%!QjwzgG#f{HMt57a*mLv&An6NK$Y#h8rA$&fCjte5O++jMBq0 znjUE7j^xwLsG)hofu55r0oQ5Hv!S~pp6SX@Rf+W~;TP8umb!)F3Q@gF3(U7xiRcT6 z%JPQ4e3>e}K(Ec$r)Amuc4(NmLnMjcZdOW=BgbxP?~+#-wR)zsjBHKnCqw0gXF|RVl!@_Qyi(KxL?j9t63)5uIbaygUtY zn9q5>E1q|S&vO#8{IXmzFAKV|cUbs~L!9xfqf5Z){fE3EJ0^*^37iA|SLpZjVgAr+ zCVxi&r!k-*x{^|82F-c;LhII+DOb_SFDQIOd_PybnMjKMv`a;xUDPrv(6aIfV6*TZ z1_@uJ`-Edy2gb<};IE zw2{ALJ$DeqnatniY;x_XNn2EiyOOrhcc% zMSeZgRc01Lp3sX&7pgBU7K2(}*&7-*tkT}e0QdGNPaVB*-w8h-H=4u3O4)zc(xIPz z6-4X!2ANJPod*RMn>WwBUNNH!ZGF?8A@bwUIU&d`V0CrW;}?j`O#iZkR|2XV9>n_( zl_*WddIFR~pYlXoZd?1bL9K7@ZH4UA>f73ew$4|pF?Yv6hl8`;G`fA){qU|YW52?6 z+fuQ7nonTCeHugGCB`6snCdSjNEym+q1;^zMf>~t%2)@xd;UrtBY?3hTkiY@k({`5 zpG44Mr17oY!_6C)zfpZb``L>@tRy_0*zX&hEJXj(OeFU55su1|)z4Cpg`0BLlByau zqisvVxJ}o0S=iZk8nTHcqM{YJKL+qjNji4#gruuFh(;j5J$F;s5GP|ES{qm4^4XG|1GH)*)c`CDA8N=+dh5R@L zr_=mBFma!?%o|WrvX*Wv_zj7ra=`XXpQ}o+vJBousx>AP_M6XTYRA#sitE7w`=TV> zrU8q=u<2072X`0+kvwycOa3eH;9DIl4t>0F-`EO~711j(qHKpXN@DK^H9qkHM@a;O zqJK$1H>c)FRfLr%dZ_AXBd=l|7&PA&j10DtDp|wQ=IC7bS6(umFLY=N)nAuJzp`ha zKuhP?Je9WS48%cj_T2?yX5iSsPbh}|+2QJ)z&8M7jKk3kngp@Vj$jnmGARjE-7VnA zIIk_>mqj0rd(}(nJ16x%TJf-8a*jn3+wD05>Un=Jxp28hVkNk$ye8oIXR}Z(nEqF; zVbGU9eS<@m#bdTM=CE?mQwoZVBW+x(tngrV3Vn02!^E4+8MHS5;+Ej83f8u!tCogl zbARfX_xUquvF!#6k6r7H1%({ffhxv3G(`yf}1>g(5i4L)yeW%P-XSUFFd*;zAslN0; zN;Fc)w$Nc5UF|^}fb*dv^@-zs40j;}Yl}Uq_I$Dx_kNqHz~JSf^LS|;T-k(@eWPYG zqiL8eFaW`3Uf+t9p1-diRD}rQ^`#WZl^(r+Exr`h#Vut0twB?va)ktLzx8-KGO!bCq z*s1cT3Vk%uL|gMebH(=DKxk$!TWKNgTk+q<|I|vj7)SmQn`kQOix=1s(f#xhCX|1$ z4jA?12sfkNCMW`QDEVS@O5=Y+7|)KwOit>1pI!Y74f9-$nkRUq9wL)2u#%~%`5<4I zRmIEX#24Kb_2|Grp{{%*In_v;SB8Oc+Ciaqz*wHVG@QU?9k-W}HhL-|7|!whQO;zU@gYdO>hG+e>7XV{MAX#!%zN zALnUwR_e58)>h)shQMtrg>cXEDub^GtyXD;HoIfbnR9ucd0 zDBoYH_MKIU^ShACD>}Cs8?0OoX-cOOoGf*`Ep?aD7n%KH=9D34pEo*K>iXTn)&X6Wux}=`VOQQ&pnf;MIC8K zpAbK9gC*PTqGmarZ43CCeR$W4O6==H#s=c-LdToOgFa zj26_Des53ImrfO;?zuo|O=>qfJINZfYqM=zqqY;+O;jjUFl!4RzDDlYLgoh*UAm}r z%`=@_d3HN+oP1{5AFX}~r8$Gs%Lju;q&>lI4x_AjPo&VBdxxYq@Es;75g(o6!u+Q0 zQHoF1!m&XIs&dj}I%0)3!Pl3OD;9J~8%ZJdmno5vFD*iOJoCD!IWSpF9fVR|C3r=g)+(Bm5NDi{Hi%l4DRVOQ3!r)mN?OrC_i4#ol%(RL3wBd>kGC`uV5KL5Wtj zh}YoI^L&zQb$d2dyJhe@g83~0!X~JsXenz0(ujy55zdeq<%zbAO;-U}L_47^)&%8g zn28H*a2K0HO!T`#1Rje@`gTo?n=wjXeEg&2<0JiCpuE6uFfb@<#WB))cZhX&2O>^%nsAp+5tC=Biszd4$`4)&m~0G z5l1ls8CLFX;o3ZAm0HAT7Sz?FI$QfLRiO;wRtw`?omfEFRb0i?df!# zvw1Qz(#=+qLhaK#JSN<9$F{|5G&hRK{ARTZX|scTrGl_YVuPLA(J7d64}&?>_$d~r3{ZzDEWK*#od{Sn! zU+L^}-6IhQh>Q8u@?L;fE9vv^7w3Rz>oWM#*p+FZjq_2f^T-I+u<$YVzyaUc6Vvvf zp5(TV>Dz=rBSCOqa-W)!Ak?T>oy}-QOT{fVrB9zR{H0g5>En?|-LpOJ-L8ZO8Ha&*h~t zu<-`ual)qlfm15wf40{DTjckjjLP7Lmutlrp$kGkV-EdHRG99#r%1p0BS7CDTXO!@ zN}T$V|FexUrX<_1>BrBO6n}qzKcL_K;(X>3&<+5yP5>wv(;OKd&h)j11-S5|=kyXl o)LdRt=kx#UP9ywzv?sX2m#gvg@bzT}aOH}^E3izF)SD0g2c@gd2><{9 literal 0 HcmV?d00001 diff --git a/docsource/images/K8SPKCS12-custom-fields-store-type-dialog.png b/docsource/images/K8SPKCS12-custom-fields-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..b24ac0da31548b156b1f800207bc8ba3821e6948 GIT binary patch literal 38809 zcmb@tXH-*L+waZRZDpf-TR=cSr72PrM5KhMNDW15q=cw+0z~N$0yf~L3kVn>Aiaas z&=PEv5Q-35Xi=#NkO%}q5|X^!_ZiO^XN>bc=bU$p_d`Bp&3Uag*IaX6*EN6hKjR*n z8w#BiJ1HO_AY^Rxz)C>iQ0l?&QQwe7HThR>h31q42!kxXeFq{D!B^X0$aU+u2@VF7{nhgHQ7s$YCdI=Hm_V&JHNz>Qg< zTkc8ozGeY1`>C{CDXMX zwd2^9@SYd8A5$lt>Ywy1zI>ijJkx;|xN&rLXXDtiNE1Ik_MaI(Kw_riQ!PxT!Yg=4 zaSd?L$h+jw!j{6qQb4prC80{(WNXWldi%RrF+@CXE~Ee?C+8@(hL2L;`U&9Nrpe=e;jaw-^`a_d}XFpOVuQw2WAl$wu<_aL%vg!_aK zPhw=b_w6k29X%p&<5%Jo&N=djr=d^RF0@j6@a~H4*0*#$As^~dc8{?um~!IDHHWSp z&C6N)Rn6>Ywn!CpLvg~6`tz^-N0=74sLu_}dEhE)+Pe~_zTNt4Q#Qkg40PG-7n&i! zj%6H8*AxFAlZ4m=N@N0*q07pW77y_I67;HaQ?O*IfmzA-1P@ zXn=BB@c|POez$}(tLJw;arNaf%ep;{J9I6w&(R4O#M!t)ry8B0(B8*K>?2r&E0iTULRY?HXZY(qZ(F^nxfKT&Uo-Co zwfGQh*xn0zn>+|a$P4?-XOC!L&Wp+qk4`_FEc9yD&N3TX!SwZ1cvnOOn^S+je!zLD zYrWaf`lR`$)6K7|kD}T-3AH`J83;cEVtjT=H|o&dv;d--phg3rQAwoCgx=F#&!}2TOQb2;))d@#;;jE{34V$+b3>X1 znHm3lA^mAkJ@&eCG0(o~IWu`wd1HS)dU##;F=@wNJp*i`SS$`MmWDWS7(bKcDsZ-o zUGbH3b#!I5d3b?h#TQ+YgCov*8eDU1>bUw~Q~Q>Zc*{k~RPIEN;CL){Joa=giPK&; zw)%ZCWr*rQ3=(k36J9uuFY`W)MR~99R;-C$qE=nUM=crNmeOL}&xiX0X~OLwZoKkr zD?jvFMn;zJMUR?HDx$l&E-t6jkUArhAtUY+Slx9iV1YM@QNl~EJ`ADf!`mJr-|T}e zDM%z=h>3C)u60n|ehg@H7puAsI}2(c#=Z#rO{h5aF7a2xFCCC77GeYYnz{iy-ID)7 zaO+;3B7UBW$VcUbuO&%55xAgcYh$&n{js|03W;b=iXj!X*6~vg#Yxu zrU0>ekAm2EH#Jpc$HyyM$fxQ|?^spdXdG~A1rsKfQo7mr`lrOJr_9gzo6x(IU z`pie|uag#HTSOhnp{^?l8I;m%X!9i3!OzHs64z}S7Qw`QoW`wj*$eYF+Ufm}sJ$=p z`TLuL9^uJHU1y+i5&pa1vu7DG8(PkMynIwBR{a@4F7>Z6Jmio986ZwvXP6<@#k9+fv;qrh1&*z+h*sk2}DV&`{=C zx4O4lPWG~h;m9q#JRNuUOJem@qtf}Q9)o=BvjU@s{4$Tju zGUMOuo+-M8yCgw5H!ZPrDWfa0H@V@<`oQ`j&V+X(A;k=;d~2isq7EM(%9va0NWJBtFycP z^CJBwanWJYzo#CtKHGHp8{h@CCsYOqLwSzNJ8-jcL9wOyYafklAx-<5*Yg}C4D7nVAi0FQ%rza%%b^=x4_9>F_V_q%^)>(1vuIyYHqHs11U z*Fyl<_sW(}b}+m--MTK{Dj$vv?^ueb#zdZ0Z|hkc zQ@ z$-GcvgS0LCZhkwr60~z+S@^^eU*E@CQ3Y?wK`)h>n<+j11s`uobpyYAm`$2+i>UBvgNNqaGo(!=8@S&dLt}z7{6kdu;jr`pgnjUQR#bk)_K-)^7179 z3*+!nb=$c-@M?JZSs``bN%JR`&NHPR=afy8o{de8-I@>eTv4&lsJuOai4G1hv(;+I zdME4_g2t9NHPsxB9fCY^cz1Hc#+TCb@7_BBIF#c~Tf2~W`zdF(FYx;wUF^}^$0W>OI%<7i+bNM4sF_0oZg$3>Ps;)+7h`Y zI#>lt6wEGB>8av>} zF--L~b&iFnZpBaUM1Os6sHZh1a})kc+`qg}@~n$MyS<%}G5Oj(X2oWdAZm@ypZh!Sl2o9(cxU7X z-_O+anT^pLG5%l)(URHLumIA1kbzxzy1Sq5mU~LuOmJGex+02IJZ?{R={+md+$>a4 z=X`CTY!N^iZdf`9>F!ix|C-$;bwbGaU!D8ajF*E~NyzoPq{l$9TG?#zHE-COqpDF< z&`Qri4maP9bDA$ovBlhKYTEtBP}H78nFxY4>RNN2$N>Zg@eD=#a7ay^o-f|BBiMiP zq81gJW+qg({>$nzv+t+DC_s5K({=2E-Z`}m?1Nw!D4@!q84z5?&tPYboCqv3ydYrE z#gQ|ATHXUJ;az$;SE0nM@jB?VEw*@_ZJ7%P2X~~4kM?4YYUj;uE_twe0*L5q2{erVLCXXotzJ>}lEYMsaq|Z3iXNkwk15c+`R1d!w+7#~IMD8i zrMGAPdZ^jVvS-lwUsUz>AeD(GnH-q7mEq;0XT}Gm?-L8{CQCGmJkA10l5Yb2EG@(L z-X|_#q(qepn8D1p4u`L)9#Y7_@pcc4Png~8p%`uWVUb+6Op~dh< ze@Y*Fq$yCWl~%l_Zl4orlhm*9J(dJtKYsYrg=do(_lSesVL2j)DmitHoV`oW3vHM( zNn`8I^ve_C8)8P)b*BdW_*-fUQBP9jjGZmLsBt9|)OZDKRo;O|ON)G3#{01gIo~`O zw>%vW`ISc#3gW6YQm!~h8qb3DPjRnJ$>3xtr|-#A`!Us#fvlqai;;6xhXKj6 zk~YQeSI}ObettOAQ_aSYK1k}lMZ2)FR=UmM6GiRPDl}sND9^Dl>R~JQdE-PowcQ=i zV!m-Uq@Ob340C~KJzQ;JQA=KDG`oH^dh9BkIpt9*mkB5Hvg`MktyO9qar>4H9R#c` z7D>NNxikMLTUTPd!)`NSGVQSUCBvXWDnq3F?U)%5>{;(xoL?e0w^YW^yMI(VezML2 zusm+nhRz+)@~5swnh9 zsY&uV{Jr(4ea^gLm9Y=}Qk|~j?(gEuM{cVhd@#;dqqDU3`Dp_Rx?1;Xgsd3kG5JxZ zpON#Oz4a|kwH3vv-4AvRy6E~1p~iv29dV*mp;u~1jdZkXSC6CP$4Fb=r51$%S^$SU zi;Z+=bJa7BF*isdzyIY#%-s9;GV%Ac^;~A)e5C|Vz2~W8B~u3*Va{7brTA$UYViE= z*Vm5iRh}AE6+US_G8O7NqYydNpXEm->IB{+2|8LM%!4C@fNDS>R$cT<%bfN)iM?&L zMuaZgMLnC##iwttRFiDMi*p(5OHK{b9Xe5)yVfVPFg1hb<5F_5;X~7}7tgsW&#r^U zJ=1n#F`|V0#-4ID`}o`R`Dw$ffZa6T4lHFjoPs>J_(H7D(pS5j1q;^6H;0V!ESQic zYR3%^R&X1tP;ioNq;elvl#*u6U)6%Uv8|UKkvS`;7;e%ekn?ZfTe?Pb4gt>y3c6AL zx_rhxY|neyP-G6AM=;USEw5=jS3?0bsJRQT*oh-PVZeW=y%`)XX7YNH|Gl_lx|;Q~ z?ebG2hQINgH)cMlc5n&9;VC}SO$kX)r}s>5VOfSI{KE*1QaLM8R`*(ngl=SDZ)FP| zVcxQ{FnYv-HcwYFM!H4IV#-~&=UsYt>r{r!qYAxVM0$=o?_d%8ee=F+;1l|+ww_TX z`!=-%u)aef5$V>xq`m)bzWV+jk2XBtxirYqQLL1iI`0^A&TDS&%dnhoXv?a zNK%e)=Z|o6K<>d2)k-eQ3iO{YoP1FC8Pfb5oJKZqH;O`mHhZ{m8nSe~Z3SEc#N|1D z(5P1v@!Q#OfX=o6+QKSM{ZVAlh;d0!vS;bbu3=-7CBmOPA%~@DGEs+nQ|QcEm23U< ztyxTD^=%r}-*m_OJ1tq_k_*YcLIUAWAJLn!J0GNVe{rC8x`n@5u(Etg?s;R@dMNid zEg5np$FF*SmFKZMANbT74J@yjl(q|s=>I4P`Wy}<#qXZRQan8PG5RKqBe+c-^ zw)Xe;FA=h=1ze087wuV1yz>Eoyh}teX9Ro1SG7XHy=EG*o?-PyMPT-yWC`ut@cB;h zJtcF20HXKx-IDON0MLYB=%ToQ>0y+ROU#6mqvPc4BWvDMcEXng4PEQRm|FtxkEx3H zoUFm!cUth}uiuaP=-bPFvgZ~g@WRo(uPa~Zv7IQ1#p*eX6lHzs!5T7kUw=C)5b#;e z^MFu>Xz9E@K$wr^`g{)l1^jrXAwd%bcvlBL@-2=La z9&vNjfX_HtJuaYmLf}ck*P*o=oQGaQw&!g%0Y2)g8Mrly6Iq~C}G=)YjaPp-D!9E`F1O7Ncnw^+1wQeh;5j!!SjD? zZJn`U1>DRU=Fs( z9v~DGqaOKht0|$PONP%`Ex%3ea-T_V7-|*-x!=>Bn_PD&YN9Vq?{tGsdU~%awpHy) zA@#d*i6OsgJuna9w5Y8Z;oE;@!%pEsZ%jf}H8{6@1zwPno{{gMA+3w}mHg{?quWhQ zV%FIfSgJkteMi0x2kaN#R-@!$3h9}P;wK)tuHh49Ru>mS5w{q_E!$%s9}Ocm2&s@m z4}Y|9zy=m8clc~CM`u#wsmYNm4N;wH{s6>U_q?Z=?9HX#&nx`8TGQ|joI|v z@|vl<=~&SOFns#jxYuHJOjV?ajrrf#-{d46fWaojrPRiI#`9{c!eK$`oHesmf` z)&8j0pJ^i5JN6>O??2a^BdoDke_x&6>mNA<$8EV@o@<6X0b{P?y9+Uj8td=E+Z>vX zdUZrNEo_J8@TDlY_3o$|KH*IBQ-^oZc-N;$X(z4vANRY^-j zY4@FLu7=>!J>fSXB7VObO)w3$_D` zbz&FOS8TreZpaF>at$JNv@O9(832@QQxgQMopp$R__)|!YwLrVfqX(r`u$BpOi zkD zottkIm3Fo(*%`mAhxAW{8d)aOuKHcAtCrtMhM&(=9PlpJ8GoN_ZFN*m5R}m9fS6N< zfXur8@m}B+(RsV8f^DNiXhSiEzSL|($t#5!gp(%w{*#R%v#0v64U)eShiRb94c%Zn z&Hei~?PJPSiY5my=sLIrx%sB`Uk&52MqdT4-D!NrO%$r~70vHckhosPQObpx0X z=0vn{*l?rc?zrPgLVvtkUzL3~>~@{VR$9=~aBXC`#Zt8E6MSXbtHtPk!X=PGn}k)`q@=yAJ3+UtTJk3`@DSm=PZ0t5~=Q zu&A3G_ifdyx-OsfFvvv}`uE8+TSW306Jywn@u`*}T>d=%e0Ke7$;l8U_4Brrs*eQ*mG$Sc&I{E>T{Tv|=8v>< z^U-;>U)>OeoT%8y%Njj)jbs&2+2+cu*9bZ1p}`C=29383ONBG{ETK>4YRfP-=Qr-` z(>5nHtj=pQ$7L9e-w7GHPncMmk{sk&FO`gZ;%9Yc(y#7XDDSQR?jA46_3Z8D{IZE@ zYaxB@WXU;5TJ;p~sqg3QWA6lA1x?Nz>lSefto}N6`#y3(NxfJVdz~BWwwygzSKUuU zd~Jx9fa6dDeZ-C)6OG!sx6V4YlMZ%M)27o}nd{Z2Pw@eDDq+c^pox}f^~rZ&*#zj6 zlf!#M%i+CUcW}CDo|r*g_E#&|=KzpDWuV#?)R3=SR|&PftF<=7@#bI^5+Eof=nG3%V@%6F@eBT=iUSvI;Vi{AD<+kTf_u(D-r4I8f& zY*rtP8|};sipfUi*x9u(lRVD(&S8r_xDUKmrkN)A5Icee$Y-{L^QC@$q z53AO)N-y@GTt^b&!*Vq}Wm)jlbnf~;>ecPDVm*?_J5n}Oh_I&2eOYl((y=@Kf(hGc z{*bDcVxs2FV3O6t_7P{J22z8!@kFCxC6&;ZG3_Kh?jTHC1vVHHLdd$B_N_Hnvr4_J zVig+~-O@AMvV5DQ!rDt)^c~CLe`Yj4bD?}0a~3>kSew3EFjrwvNwI&ZTuJdPV@A8{ z%aHUgUl&Is}`(+dhq(*NzNG~U~_WdzObWOqxeJBkR4#}+?BlG0xJ_}>>h zTk}phc-C=L>dKWV7&;`Pk=4R=4q>b0X_)G_Ttt$uH3z>&?5t11`@0c4A&4ujy zph`W}5Fu9ndZEW{5%_d-cv#6}mHI42MFoX{wc~%)loZIKEXOjhk^(@WiYMbvkVpl4 zMnpZ%y!~U7Ox?bbzOVgHr}#Ib8R&d;rPKjcVA%^}qjOIBww0DtUn;8I`pfpgl^j!A z&}3j{;(9ehHL=A_)wsE3LRQf}npC0Fr})Uq;R9w%Ow6IuII98UGP5O^<0yzAC(bA} z-hFf@U|2V7rieAu5N~2K`L4!cRQjibxVN}bP_@yc=$nc&|HT44|01Q;s0>_!B*Rt>De7# zP#rc|x?y|7F+@s9NqNApW~ymR-(`2;zE!L;thVa1(#O}1!Es@ZU>={ZI^KKt{dTqKD0W)qdbbWJ0e|)F8Q%3!}q|lml z9NI5w=qSK^Ci2bd7ul+B#!$^_Ju z;Pg6YQw%e1>{=_~X3KQ*T@8QCE+gb5mz^Hd;1XxUzYx8{j((^Ab8gZ?-m}2<7?cAI>PyC^RDAL;WjC zYFp~LXa|_8^%T2*&5(@buWv%`A02;WJ-30cPwf1nGy2r0yar|rM=G%l?d~}e{aaIU zK54_o2Z(G`imou0li1Wf8s@ebnpS~dZjZ5}9^G9Xx_1Ei4{u^ zZk?a!U7)AgisxVRu2HV@!$Yo~yJgoI_}fM=;A_QJ7GX_G%r#oJ8>M~>T5}~8EvCPY zoMd|gM7w<+B zNv?ryydOk@6r{!fAg$NouYVTAC;m#xiSAtQEd27<=*<4;E~E}eJ2* zK%(~bN^@Jh?RZd4u|grU%H7>HO=E0b8eZ;=SDI^8$nw@~Kqh!_f;UNK^HjUhlaaNd zZ*|6VFiT5FQS|Jf_`^_5`bxzF&I#W9@C_(2MFiEi(_&<0#UwUZUFrYn&!8T}U zZY$9oQ5#*Il`V-Die=h(2xt98LHwmCiVF8zYffEOTjCT?{H5AYURXG;*HPTz^N0>^ z7+J6|$jx><6IcDK;Re8jnnc3Ds#znXz zH)4_=x{IHlzCd2Qu{}}-t;SEaGBbPy)hIeo0_>f4G7Y!oSL$@$H;-Uk0-m5-9jcY4 ze_jVk&VC{T!~A($8%iMO&;pq{;%Gyb55mpx$=uMm4xfRWkj2e8##SK?z_0VjTMsDF z?dn_Qzb8bj!#!8($n|=jbC{U?ukeb2>(>V-34%r6`xVc{D~c#T)Ti{(Tqav=BBnX< zlrK9SAz2OzMn=`M&ghcUYRe<201X9|lY+@>9E~j3aS0NJ{x}FWB1SLZ ziW|~${8d-{kleQ+woj@$VT4+R%0OnS1`^b6_jlhWgEb-I)@%bR%NCpfLQ7Ms5Ax)( zXVg}8E!>9d4h%W*)kxOWIJ482RWxjOYxjMuQ&35_y{OFP*xhd9s@(Tf@nVycM-vl-Iw$ zvOkj@U7>h>+Kh;Rj5G^kX`+*o;2AA z5*08|+8368!TKKNR>v<$JoMt`(f=WH``^GB$-%v7jjgj|&knz{4m&6C>A2p1^mAXo zt8xw=e(pW~uakZ!X2k@a9gbno{q*$sx47=0P`pd-sq!5N=I@@yKOTQ8K>tTg_rH0} ze<#5E?@h?V2R5yM7zPZLIz4?E(3MSdKNGbHvh|u*S)X9Ncz8#`h9+fLhew< z_saO$rgGP|KR!~NFpkoG{_C4FRF<=q)#b#YR@GhIz5tBe*XRmUA=NoUC6I_e1)j~I zR2z*SuZZY8W6p(GFK?~@`EB(-O`s^VUrN%_>8?lJB%u+T-OaH4os4Hi@Du?7zYh3A zxd+qFmQVWpawN0ufD(s`0p7Kt(tX!f%R~X}-Qxm3TE2$k zUex@~-mRk7+=LiRWCP`);tmxuuxNiU0vrAAL~r zv-XSDpU3UXHI@dv zwa?#&t%ND1ube}!rO*w}LQ1X3kKL88cJes<5ki{pS+j|d(*l@*=GD)9M$|+kQ;Pq5 zi5oI@cYTVmUL}P+P{X;7G?ORyH|xDx82DE091gSN0b(c%EUt{^jyrNNU4cQpb{ zAvaIg&KQiM+o$(>rzeuqeSNJKtQk`l~IpWL+g!|-;BF1l!*~%7{s&RN#FlIAg503M zP7k3qDS45>Ws@b3-cx4365D-4gYh;B5cL8{#XM9H*!x6QI7C$-Q4CxKon;U6^)_yD zbMzgdyk31kJ{Kztu-7}U`!vUBZuKOYPl@`C-UF=|hXD4*Kpl3=$v)pw+6HiJ4mmOn zy9bQGXnusYxncmJ@LtfO5gBlku1)50ywd5svQIf4B0l!tDcx~xE&6NxF2(IA9z)4( zWE<2--}Crkl%0f`Woo2*M6S(ms*CXU%GODmA!BD_Ly&6Hu>OHWgmNxx)&JK_i|I*$ zA4kn{cch<#Pf*Tse^E)$^{|5x#*N+SP8^|TPdF+Om>wnd;N2vv%>&$c?fO3!TK>e zexz;AxlNm+-ADseI@x5odsw?apTv@fioG2j(l!4I>aBO(S7Gv+ajZraHG1K}B>9eP zJ3XX&a=prX3BrsF<1-5F4K8!_1I&JRAMUE;E{g38&QelzHt8CQIHpf~-2Q&byWR+X zmk_ZQ%TEADJ^vL^y(Ad36!n`yuG=?X$>skV{k+2eiOks}4wBn2%phn7qbeU9X}Pt} zEKQ1V^z(7s6-n~YZ4Hk)Q4unSg#XNqvz3YnZ1(h1$@tho!>-X(Y9X9g)E!ys^tcM{ zM)neB1`6a8qZcwnrun##=~w(9HYR*vH>m@+nbZ{-#vR%}N7U#c>!&738wP*uaM^=d zVILvapK{1d(>zBV&J1!XvJT{aBUk7~Kk_*Rtb*OE>R8Vck!rLQIo-7n4erX#;HCg) zw=CAO`9Bw{qu3R&={e{v6aIeV*%0mzATLXw1O^^wo!-ylXL5=8imO+D(A}3K_?y+a z>$vzVmF)S`Tq-pr&)y%@W7=!u9yJoNJLv%fvLAn~8$J8JLz(AEdzEKf1_O`7LdXcX zN>HUrow{=o4IN5HkEqRa1fHdkYUR6Hc}X2|vnU~wN;0f9sr!xewe9;T`t829pW`p|22rs@DPBu- zVa&73$(<_vLSDts(O#i^3&s6p-S`p9711ah$`|Fh6 zD0frbb!ODu@BG=GW7wGA(! z0l`@ma_gjbj#}fwYiGj2DXHSr)<9*U;qHxB`)9xXCeL?eIyNTh69&0XR z5t|HMUH`eYw3Wt?p?iP4_~#keZWjs7ZXHB^4(-UcP|2e5r@6Ze zSll%P1(=~yLNi^U=d}FhV4WSAJ2%lzpVUO$g4i>vUdcD&+B0ZReeTEAV8Ai0+S^%6 zR><1oHNRb~tH6bE8Ugan1I(j-cWmTwU0PJ4qV|4pCjF)ILGAT9bX-n*aI-x&n>&bT zq!$i3cLr`GbgBTu=pwdY`W0;DWP4L@9go)qR$o?R(`NIMD6sr}ORRRt);Gt=9q)ef z@q@Dj7rtXp>t2p0cda4$QL`VNb)H2wYy-KAu}rd=mi>y3DtEdricQZ4hNjvx?nE*1 z{56Ucpd~U()felbXFNm_$>-NeMb5V*s*E*ug|GRRv}Hx^95^H_yBorsM+iy@i-GO! z+ag$7_lA(`Q}svorN=geH66bWUMn0Z%^&0u^Br*94aI&RHfenXV<;f-bq%@n?d?{` zd}r8R(%=8yGQ8nNZtZ^B7Q7+mrhs=%^9hF5B})N$1QmLDS^KdGzKUxK4sb}Ib;Fc2 zG*oY{6|fw#9KV5}V?!pY?UC5#y{3w| zL#}oz0I*MRK}Pg(Whvy+r(B|Bcll1#DLyHqfpyFI_XL|!12~_%0L)M3Uwdw zUNdoW>$@j-K9co`@@Mw|@254)y+paPlq`AYx8HUkSCUZtV;2FZ19R6)2=S70NB;P$ ziz;CI{H~suM*x94(mp6QHXtPb-1&u|=jlYX*_(M5e;mT2bfZYjqjw&)f9w8wY`(xw zr#Z$abouaUm6E3QYnYmUbsaHS3T=tR1^BC8QyK|my$(6mxlbTg-Xv)ud0YD1W%E2w zn_;w0n0?U?^LJ`))OQuuWve1@limFpz%p~xD~0p3|I&>w(v?j&-YTs~$W+eD2nZk* zsiWmtQ+h)TlFZl{DX5R1%Ih(Ll!n(iwV;W2skIqtMIXEa&4V$S>B3R;Pk9>VxgCXR za%S#wHB!|?I32N+B_(&%;W3d#IH81?Ix)a!9I`FAV3&3UpwOg4{t%vG!eky|GiBlvWBUf0ySV*iFR3n&A-RGeK3(b?}`TPY_ImK~Mz7~<=$gS52U?#LN&n>KJ8^o_v}=ookg7si z3#)MFeF(jDT)>u7qZ_;M{B@C%i4V@YthJ(I3#EH*%cfDG-SOQ;?d_UY2a=@cnLNI) zQp$O8uxVM+DXd78Mi9wbTzF01jI)XcpF&TR@}ChKzBwZ1VOM0=-z^i%>TX$PRy2Zj zaH`{W2Z~hfF5X5jn=}yic%q>MG?JmZ%dow86Fc`Y+tPsYM<6W;BC>+& zy?s|x=`er3LEqX~Gl+#f%rTeiTk=pWqr5(REZG?!;Yy5Ik`Q@hc%8pW+mH$r9V4Is z*H^w}5VD3fysQ%orJpZdL8%1@J`6P_bVaa|0&Lnps5R`mKBdN+iLa==zV@oA zbXg_?9|#&RCBpg1O;7zLc|T8Qm3S*mFOhMZJssd7EN8yD0+?Hi*7-gIF%XAMBD&AO z*LfbJXIrj3FApH!5p@ftV*{i#WN%qL&(`H23@+#Es%obA>`4ajCc6OS2X4a-El(+W zniT~Dy&;Z$4KWz(Bt>jP4=RsZ81j6-{ zd;dNK#qQ3}cEsNIJFc+u@>sYXOI7MUP}{I0Vr$WGuJY}oDspY(w6eFg2%u&C55Wp| z$;g#L9H}CS{eJeZ6M_{loHaujN%?fdTBnI)pTsj7HY8DLQn_op2ge-p(%d$dl{VC7 z(!}8xh)?c(*KCyPyKI;2F6$^IyzX8Zz`(xm-5K>7`-X zEj{HT#*s`l{$@!6zT_>sb-zEZG+`wNH(8>G&QqnQ<_?gy-5n{{rZcY7oxS8TMk_R} zjZQ?;I_DP{Kh6!V!unBU7+n~!l&asT!rz+hC|faujIn~WJSL8sAX-)~9}XN$GJxto(~W0Uh4AY|5BnSH#kH)`PR8wt?jU5xfKtv9tifUl?B> z_(p&`b?!ZXx>-(>ZIAX`tG2g}VoFkcY*tpj4~EZZrki?oD6ZOHw^Nq&puQYjrqgy|#p?cruUhfaNwkd^GiB$d)t@QD`LM#W zp)1JF;_;mK0D3CPdKsXD9#O4}VDxD2m^9vw>c3>CUpvJjTIAtOC+a;ZU+1(!Ri!SO zQ3)a{k?+29Ruh#Oxv@K66h@%`i~%?LFU5cO=4Pdw_W2MfD?~17Xd`z(xiQUEUizdN z{=ut2kJ3^`D?u{Pf_>CH>idJG0mr8Iouh#V=?k@+3^83zDX3P{mdd4DGo@4bR?rzdODn> z7yUzjzsx-=uaf3mRD`nj7|vElOdK{vjH{@5D4?}!DiY)>(&lr`;Y0X>VJvfvOXoJ! zoHACvV^$|R6m@BP-wWG&O)V_dDcf3jkOojy8aSLFndiSbN9M9;tLZ`WmAR%Hvv`ep zWSQ@0;Tl4M>l24kUKf6#LbC#>$UbkeY$9i52q-~oFKSQL-(4`j`{1vXT>HjG3rSyG z=*^q3{_|FMZZ>+jtx5RyB%n|z%F4wZwL+&dH126{!0sQGAkf5gS=cr_jJXgipcm6fBaQ? z{L0s{Vw9QHc8uSvyb#pH%AD)1Rb!M6(uDdMq2*yB7t~hKW?a&sE%$e(kJZc8+_9!& z-B?*w6rup zUL{`}ue1NB=!)dGGiO(l4^VUfzT#l{zV|xt*Q|Ee{)dfgE?S6*^<1KSZEn}>1L~;E zmog?xQ%Gy&XGx>(oo8%}JTUSj(z>oQWHqbISYwJR)OcZIA%v{;93^%ooZZkX(wqXc zR~_k>G$@wxJIN(nmr5<@N;u*28~$VY7{$sS%Xrz+c-Q2yPN;5akV0}An|yfoqr<+8 z=oeUj?#@&@i!_#z4#$PmZxisl28Y#M2j1BeDG3kGQq0DrW=9M+{XQHw3FdV00VcQ9 zWf?0g9kfzswaYc!2lweY>!EQ?NaIv9=f;N^qvdt=oYeq%W1!(#(Wyx0FUnc#OkM2H z)B@zJUvbhF{T?V60gk$xgVMzsvP`tfBp&XAD+%5e z2|Zr|+dYlANv1NJ`@b0#*2c1}+Z#_4!$-}e^6#*oznYL@ta=bvuNAAsn&$$MwHp+( z(KY>v%`ke>>tpwq8uX` zD{$g`YFSiu@BQgNQQ=a@+iVzWY3XqRHHqEP6LO`XwB;ig&$zdqTAE^+cC@x+ zCNfRBaPq=XzRrklM728dH%wL7>}X{fhU^KTHzY4H%C#@-2$=br_@ZupISl^MSSF%0KBfSzB=_7E!m{Oo()4?{KNT zi~w-9|IzJ_Hvw+DjNH@a&`2g4Q^C?SlP7a7r8cft$XEX>{>g**Hp)O7QKXsi1A1)q zt|ogZ<07@cZJQl%X1h$S$!&s>OEfbpOToE>xteS->MWdwa=SJwdcS{{bYUwbuj=|u z4bjyl8!ivV5m$htO#xj*ko-n}2EmLdH3kfy8e?>X%n#Nz5$Lb^=JPSSAx&-Lf&%WwXR1xPI|-VnBu@KT)yHG-8#^V=-WcLC_CNco*5 z4TvUd&1Jf?8?9x6vQKbNKav-QogB!!}UY`WE;sQz4K3bdg z^?#s3W`(pBW=L!gPOTHJIzP~zUD%wHzk0Bx%3x#wBYbWjEL6ph?Mj4lSHrxi`{z>z zy|uMbM5#Qtw*3y`O7?25eM*h<*v{8esK(4eLP0Y@etvK1*mSkJg^od`OBTK_u=3>l z?H9U=#lR-krx)@$d8%-dV(E7NY4QB#(Cs9shM9dmZIflKWVT}Dre-X32oThLR$OFo z$TSzoCNPb3su9!^IxlX|u2wWkeov^&r8IU#%0Cziv@$^hpR@f{J=oGIb)i?S>4EmV zv9s4bmOQ1pn9Fr4R*jLZtcu>!UvClt$a99T+n!J=w)-x!%fP3w+s~Jod5_G*4#jQL zd9;)2ZX?C4IWk_*6yNGx-#IMYQ_ip z1NR0wNn-y?)B!oo$4djpA}lG*xX`5dSF3% zL&!pmGWpgx0b*b|VV__W^Z=$6!d_Tb<`|u13BjaLZkEIOckWS1q;0V7&AX|dXyzVO zUvrv*IW2MLBRxw#yDzWykyb|g*TkyoYA0L->(UBu(AbT(9$W568)!QX9}I`{a`@9( z{||d_8P!(bZhIFfrD%&3hvM$V-Cc^i6_-$4ixgTsxD_V^cXueI1Smy<7I*g+E7o_> z`_cW}`#gJ(^Wi<`jQxo*GD4D-ESc*!=e+*a2ulv0VL$6j>@~?2Pu8Wh z*Ng`N+6la*c%UprU6ntvT`pP*exS{)c)W^wiQZ^VG&!2fdcLGX z-yVk1Q}prJH`}T+mVXxdMfP;tWnom3Lhw!5JJHWpU4z3lUz=Sp28HGW7(Fn1ldC6g zkNbMqDsK~zwwJ(oLX4%7kuPAIDHDy11}rRs{Go*vnd9tzjD#d#PqLW!DDcnuZ_|aA zy=sy8E>P&n@kJ!Q5XD*OuEDGO<=WZQ_+>Gl;LO~yc|4fiOaVIFW!k^)^1|+#O3SXg zcxFH(l?!i0i)*LXV$nqzeb4N*zN5Ny4U*C5lj$Pfz0^7oteeD+?kC5hN0yCaic+om z)ny2IcHSxTV$TWWRZ^qzUB#t> zh)1T08YZ+buC%Ogc;@lqj_&G03URC^Z(Ej41%^e#Os}&v7XLTVMVZ-k$O3E>gSiS@}sw$7EYYEJoiodrC1!TO?T&eu}cd)R;d zooO{HTaocHs9eQ4Orxq4o@*!%N@ONfXC&n2!JpP^ld2}#(m#HON4x#XLL!z>ko-Hp zaUQOmQTwthDvQIDY&NxqI&B%TF7ni@Ek_m``ecEj=EuT_0?fRNE0nt7)Px0QUpWrd z+5&76lqA{NTTd^0KRJm`q8G~|vMrYKrGjfeZV$V~&wU_x7$#(vL=Q!Lj&YrpRTj$K z)8;Sgik;w))a0hcO)OSaQ5ajANAvK3GuoNKFRD7j?HREv-aK2KZ14Y%cP zA)qc5DVB$@;=8x?@aB+$nF2DDOZ!VHB4fhH&mKxaKAv{;THa~XGfJ2{wy@YRA z6{Gt4WBL`P&ueP8X+eP+D9%5%bQy5K?-ojzvMLikn(6tV5L~qNil=4TjQx->)YpK_ zW}3tv$Mrl%6MWvBL3;D}085TWcX8q1h^dIj&L0EB~8h?t8h#sQc6)7-aKZ;C@A0gaxodfCU zJS`|@+2yfJFCUd)nz(AVP4b9u<(YZ3xbZ6A+$!$Y;0kOXMUqz`$J@JCM(b5SRLLG~ zJ+S1?g40Dx>B1H#E23h*jm1}`;2Iq)0RdI!u5VdTRt<_;;OsD*obDIrRs@d^b1oE~ zKygD!U18Q1_06+*$&mWx2{}@bDjamW10W_BN|gRy+~dBEgqtu96l1dd*u zV3>?^>KcA}j(j$|pp~BYN`r%@kK2{@>UQ`}uIF^~Z5YdtkT^QBY?ONH47XDHFueNd z39<3m?eG^pO)n&s7xjgu3S*2{E9?Qn1KzU^uTIor`&Mh5l+5^3O*N=E4}K__r{aHa zmPcw#^`f0I-*bbXHP2oj7cwAz(9iJ76 zIh$^xYp=##8~QCw%#e$-L1pRJOjwO=bZ|GdZah1S+^gNKoG%bp@bzRA`%+WKx{ImiOkzR~~q1 z1c;sH=a||Dh81G0P|}U1Y)&{ckfzA@dAAl6HB?0^2v3P_vAnNe) zbO%WXI-jSIqkKgbAwzXlTps{`pQNYdsu|#wGt!cP-^lPqQXH$5e*&d127Wcq-{Xg9 zqVwH57-su)r%XAy)&3n`-_DpW_?_ex2sic}lz(upoVUAMI@o+IM95|4=)~jagZKDP z{1%+LGJPjPlJ@hQzkZo3Jpaztk(va4e_H9mgX1nRzryw$n+mDWk-NdEgMDdjJV!MT zeC_+RO}4eK#e0-QYmPd@y)lfYBO}`}5i;ZL$+Wf1C_qt=9fG!Z=KBz4X6Mqo<>@!4 zsxOR#C1V$(#1~cHE!Xru6IB~a?i80AS@JS&kq|Fc%2&kn7lqBc8W)`?&IGG9Bhe?g zbTaS1ID2MmNJ4okdTHS+r;J-YPJX+%r5J-QEaNRd3UR?05!Z}OVrOZr(Pa7ObtXxi z_%zZTPF;{1PXdCo$E2?>r1i3`PP3In1bv3szsaK{eTpzaQSvRAN2uc2U*#W$we{fH z?7b1vLpFUGXfQN9wg!tgf7P{#7AlX_(&V+neBqkVBj~hBs_u4aB)s4;ju;?ua=cDv z`BcdQ1Vu@9)ZH)Y<+Wkp9nFr<)5=yS$`h$&OsSJ;$BMyi=j>)qc*`n#{Aj^FNSO*( zrq|xW#o`Hm$szJ>3_p>aWxr1&+N;lpPp%)zvO6&D^pPG3{g}zcmlpgc!^hkrZ#9Yy zMaEhKTYv*}4WDToJ9~C*;)xvav8Y5o$mt`-_vf;@ND!4^_ZksN>|~#l7vNqxbTOoj zy_0x4O!P_wVx~>YrxXg`boBexljENg?Onqb!Tm|<`?c70H?*=640S6wn|Uqq7C; z>8{p*EMhT)E^IDu=pOGjx+WIE)#pQZ=qSFoSN~;y#Vd@iy=mO{GU}O zRG>e%gk1=2=~i@!dA$9?Y<^<376J`a=}Guy$T~v?lM6e1gK>mU25n0GVbASAaLe{4 zjO@XDCU*Zm>W9VxW_)d}c4HUwk3L5h?>!_D0wx@)3A>-)&MsNu4Ed}-M)sl-DUtGw z53UKveiJE)fKe5{lUzv8dKK@7eQ%2OJfa=|{`~XgvNY+j&j;H*dw}IDP2cE8i6qPxVFB#2GJf zBUxe+?sUuszjG8cBWd5VE z;saw_c<$UYDF5(mz)2kQ$cAQCo~RwY<`mNwqRL#7%c&Nvk~GT8y^X?{9jqXbzfHC(QWTZ?%WEa7^q%ogfSqN z?b2pZc2wv*qSAOYxIPwa8#Rc~l*N~_`&6Md;d+!hG$u?~mEeO!mF%46 zp8Hi>(}f-L2c}0-B_Pab^k=_%$gZHnVq4kjQq zVO&gsb30t{*H28j=g9_>qg1g+Djj*VY_C5|ouhOvPkuK4Ht0@p&=o7N6g2w7HY1!k z%AtIL@>@9|-%+#UAP{yDphb9AwuQohuLju8Z@)lP5+kW}%i3vXU?|=6ATGxu` z_29Bd0Q@d)fduPU;O3h;&`v-TyXu#PwADIB6HdG+<^VXsvzy3HEx~mkd08#p0?Xc z>t@MF>c1Dy8c5Z%@@`y;g1Hs#Y7qleBXQds-evf)UWyv5>FG<}+Rk%CwDS(J0xFHE zj(nge(iY|&YC#xzuF=HWLPcET*JTFft0i`1Yco1F{G#Cv^i-}%lr7RfZPUa!cD6abOo{t`b`p&6S4W;()UIsZ=4nK7X2EB)g%#5uXd1vzDV0< zFf;u0;Zj|$9ZCCK9b9CiEAd(v3$$@?MM-(f!7Ce8rlQ_~rVvv_ehDGD-LfDm$^60V z+QE_8(_ISJ>uS*B!8!J(YS+bkq|4i#c4D}3f20lsu~fh&vsGTIfcr#mW)dP~YgKOU zMnt2D_%Id3nMJ-OXua0kW!~ljpXw#<=l6lzY=%?TWK%q{#qRFqG-Jc?Y7Tj9uV0%w zPeK=7{%h~uoy3W+M_xH~7rJd=n?5P5J&LJHJ80ynPJ?;t0nU(MJDcD-x)+9n18`QP zF_%u^J}5!!AX!S|yp=T=c}-{BII8trE`y7}74MC?0FEYb?!vD~*v2bhvw>bPhZPEu zDGe1%j{R27UzRwdon9+%^P#sOUGFn!KI5Vyu>71m5~IWGUYC}`SIU*)&RSE7w=3*f z#w20-Qh`gyvsV-Q`xigC{T>fLZfkKUScWYAT0-r3+^WgMGwE}8G2 zD!8cV`}Ux8iN04O5ExyB+jxann`&x$<-;gsMjLjxVXL_*A*l69!>}j4KFe4%z6b)p zjC(#r-S=U_YphQn+;<`j*PB{QqwpdvVZ4CrygUojgAB)!I?s->BXtlNA2??8^g2kS zj^jpt1{bwThiNA9(1p1jCy~Z!j3B=s_~zV%t<&LMP#>UVHAdiQLq&PpBU-xZ6`wMl zJP7CSb!EvHVIqF!m-kw5a(x~& z08>8Fpd_}P^t~|sC3ihs*!wJJ?f|rBOCfTb$FOkjeiVe#nK081+aWXGmi#Oc8R0@A~%NCt4o+CSB(@{Pggy#x3pUzach;Fk< zm#X#sMA-zke)xJ+1%;H9GCXn;=J`CbzGil$^L1U9!7nS*K{^Heryp{&DE)^5W)D0> z+duBSvLYBc31+tRXwj27eF(ASNK6R$deZrL56ipa3O7F!>=nj1Y+bGy^?ZqIi+n6Y z)DCtb!nKC_{uIH5`N(sO5=B2{f!d7?g*D<8!!Wdo>4s13?9G{LmnnvlTSw)Bw?d$3 zCK_8!f{SezY%g}-LyfA;`1DvSk#kcm6xvcOw+vvNaZ)z6UAOCGhuaFj+Men7 zug|xt{tUs z&h206PFHEJ(J%8!n&D|!sV^^3uJv3*;@S9+kV_#2WpE+d*?st|a>ZmsYe*p4AARIC zTxAd#xQm#q`)PF$W{&sDyJ`Dr2i9;|{K;c3<%qt>2g{q$;?`>Y^{mD<#gNs5NOYuO zzvs;5xM;`uCLByV3S_lWc+nsoKaN*L4?=tTPZh@#@o)P(!hz|$LFOUxmVl)E=Lr^H z<7fWDSuN%O82jp$cGt7ncn{FQ%~BWwbwyih`A#iLy2S8_M-PJF(35dG`|z(P{%bUK z01XYQ!5qm2xaprw{0)mA*x!rTX4DteeXe#clwkz{ol~E`N5-(n0zL#1QAB;a&c&jk zMzC?~Dhkr=sTtS#+c(Ab?G7{CH}wDu7XS6nEcRm;ex?$SY#AH3NrrWgnk^uwPaPhL z=J<=0sN>oW=Gr6SvZSDz(l+c(9EZQ(|Jux3pX_x7O_N=)E@k=NE~g`;vRj+=NL5P| zt&P9?`HqL5g#^mhV_2(ll+wc1G$bIq&_`W;j{f0(yHcbk2hDGx$|4|l4`c66wefU6 zY1GgCjJR-{dT_|l@r>Gx_gI?3)9kmvvOEfj@oJA{ zP~fJ-vy~XL71`p6Pijqw#ruENe=OVBQhie7Ma=H2;ZX!eY;Ua&y2m$4>SQaiUC%|> zgalwL0-s^16sbva6gGn}A>nm0U`*E&iIZSUj}PozBH}8rR2M2VKF7?;Qa)U&AK^IWQk zMtSj52XaQ7cqC6&K`53l*s?&#@yEbbEvPnZe(#{Fq*e_>-`|x+vXPVg-~bCM(9|z? z8z6H~`;}ZS=xa#{XYz#tHtqULDbWb(L2X1ymg1!gXwA;|61Li~du^Mj_%%%d#C){8 z8qh@ecrY>`+>Y6yz%FBa51ZWeQc7YA$tw{}<(+33bprFz;rT^;U6lah`g}jR0Trt& zE1QqZdvs~4_*`o8sX-g=zCL^&{Cs1HThFsmN;rMr0Omd_VN)`WYbnBO21)y0=BDy) zVU`-l4@q4VB4KT6cCDsn+8qp#Rcx6$E>3|IrWA%4n>C3hLTp4u?ov~0(WY389ym0H z+)6q^IqwrB0GmmjcE1J&u_!(iF#xZAr8`p!WN@mRBLr?dEU>%GCJmQ_m3q&D)BZv) zXE(oJXIWM{X_EWKZ57*cS0-G)TQx>3kUkBRV9YE%QBA~yo;C35F!NJB@p{1@PPb1Ik?|6gigR zyBg^ucWs&xC<{=S0VXU##-J^v=xzO=-fH2#V)e=9Ckj`C%p=QcPmP6qyn`49YJXCT-8mK&qxJ7ky zwCHr)vs`VO_=`Q)T1D9~=&jOK`YDuJvq(f+VoW_>fD`Y#o>jcN^Y_Xi(jzN0sl&%A z5uYK7^GuI}lOMXVK#I%F@+X@WWn;$QbNnPIDD{1;q3jDOEL~sX&IQDSG- zxX{yB|I0dBTrjo334o(@LY=5f!aG42+B1r$so&AJ`6Tve94o$D)^0$pq=sLjY$wZ6bw$&5*1 zbvrmR!K6bznl8kPmlZ;w#Hlf2eF`bm{2)G-t<2%HH32RsAOewepXyr%`9#m!j6NRI z!8`E9gZ&{-!OHEYKgQez4SZ7Br9&%d`8K@#PO-KRH3?O#VV3%lTvtJOebTi0bSEmr zs_QxvO6wDX;Gjm&7LqZ}#q;kk1)=@56;E!rw^C<+7-dt{sTO zOsaAEiksYX&KM?TbPr$^R;I``Z9ATS&NbN5w$|yCZ6|N%(EBJkphnP zKB>?K&5qU%vbT5fTp>m4K}o)jbjpubU|+o(@pa!gH8oWv22b2bs;94&?^q8ms}=OZ z_C!+GF>E;*gKU2GL7E+taG-dP;#_mtQpNgY}6R7LER*tB88H7PNex!@=cOJN!%#nPHn zmK|Fjd@jT1aT^fww`)E{YHrQV#Uo@_n~$2bzw;j;jtEGV%i&qii7XWAm1w2n?O@sv z`QHqb?mqF?14}rni33@(m0((O&OTKKFZ4G^fJh$%&B4N9YDg0((6TIf=pYcmUK9R`L+v@uwtG{ z19Z7hahgq_NurCoQfxIhu;274wP)ZrdJbQi=->MNMGmID1T@6hy)I$UxC3^K!p90&WEbR16`rzK~_vLpd5;#oFpA{o90Clf6kb7wBw8q5D zoXT!0+TRlBrt$NTDj?_sPD9uihjQkC_S4rWcLvFOzkFXU39-JJSu>*ZsM|wswy*;X z^OEL*T%-XJoo!58^&biW2x?s7&qMJ*e?%7+AJ^B>N9TwePj?becx4#>+P(6yzj=5g z`#4(io+CGjE<$?o7*z#9FTIieElK7;i^s-+Q~Hu+>QWmgL6)p~G}|6HYXWMM-f}jj zQcp|$#IyH3!d6G@vnf>MOLca_vKS=M zH2+eCHH-P0%}bjK$Zo>9(99WvJ$Ch`o&$sXZUxz^{tqG|fy5qz#;s%Fg+N6jnhu=9 zt1e|3b3{V_K?Ts$(ID?f07m}PB{ZUytxeUW)ds$|TzS_n&9LBt>YmrIvzWbf13n93 zzdUrKq4i=h0cU^gnHb@A5z5~q4l6|+z*DaH5I^`IjLRcwSJz((jX%0;ST-u%wo$y8!o6e`DJX#;D>t7spm2iD!-)wGJ= z5~-cFO2}B7H>Nv-GE&*Ny!v5r&DhxC=KVRj8n5G^&sWdAGm6m7lU-vTuF*;Wn{LKwcgpJYCT!bJGeM!Z1aXwM6p zn&sDU|!s*5P~J*8`!K7eI2|w-+YH{~12Lf!Zg?DjD@i1oF8#MDfPn2(`7M z79cI=%$&awa!d+h@fuTPsEAH4b4+N|V<#RSCON_yL2}O;ypJ42pbrZ%^|WN4oQ7k$VRksm9Ab63)#?itT+#dfaAPfL8yYRQj2;r(pN<`lI!Ox5css z736K5;{Fk`QeSP=gch(!?6BmxwNd#6reG(&n$1UuVrnFC=5E5foNwoq!?~Id5IRG7(}|bQYEL{gNK5dNSkRT0O0>_tTF5R#t%PcJ!6_ zws-%UyLx^UoVpusuRJ+|(IP1=x0{L1wwBIW$)bC;E%5pH;Arx#P-uYW8}H2dB?w;Z zJ(NB=;M&oDdKRFB2#ucos+!L@Bu^2mYwfSW{TqWOuG-TqCzij`Q@0%Glaq4gUIaxZ zWKwguyr=2JkCnDdiIkClT}Q0>D*EFK?5;TiuTUy@@#+>{mE4F`ZKa-c1IjandKpBB z=?{5qoGee)SzYx?nV!zLO{@XSECe~D1mAkChUR^bNKQYB^gIj7fYs!JxBvsAh{i#kH zpu;t!CNs_~k4U?1l}~0)bqYIg?YSk}daxt3LT=bN?Vm8f!)eAOnshZls#S8{{VPv^ z(Z#Y+j4KR1=)AI3ADVl^#m|L^Q3Y2;o78l)2lmd#eRJfr&JAc|>EBI+a;GkBd2g$8 z5}u!Mc5O$Y1;}&_Y*&vg#rH&zBgaq8v7(Mz z)$cLZ#c6mL1DxQ-mYV?j4`p*nVdU!qk=(B)y`}TKQ^gsvZ}HYUM|pK;hnCP4zZf-0lM@ zuZJ8%ZPF$#s;xHjBIB88?7pW{TthyR=J}<|IM&LRj#xE*YCP1JpD6iQuSHY?W~D=w zz-MLg_gdObd`aWCmM(;ycDM;3PuaW0xrVwQzFiyBxV+;ew^!9Do}Scy9>-$GvoYl@8|C3_{bCIzdyZ@*pf zSB!S=*=fS)Gi>ngtD{S~|LO)=6%gw0k5cv7n6|Ks64hI}+_S0DrGYx`4}t)6#nC1n zipYx#!`MwYG+8VVtDba2v%uB+Q{+@s zjIh54CgtQ*+AgGSVktsB^Zf6^a-Uwb&36}<) zB-i;RHJ4#smnYB(p~ygAVfnk9*k7Tm;tr_&mjMaUE`?kE^hfJKol0X-QV*?*&$FXr8sLg}9kXK~Oo9M9 zNO0L9eC^kgqfG5T_39;E$Ebx4ecFRX%2NonnV}3%p_>go{eVSi&UHfzqi|#S3bf z*#^dmtHf7YGES^n=z_HL>xICv$Z(jTkk?x;6Vg43TV%_Jlgxc*71YK*A~~rFWv%oZ zz5@nEScg-S7}*yn2_Ife{7%-@`hacu_W8r4i9$ldg4%Y_@AQRP{qcZVaO~GS&sibu zleSFAgwM5I#(U49K%fk`MKAiCm;8mZgmJdx%om@1rOg``#zB$VudQc_8Fnz~n@D=T>+mSXuP|6Vox=sV zbD~9sj$i-oiQu${Pgs4kJ%NQfNHk^L{ppmXC0DPj(;jw4UBW|_Ic=!1=~d9 ze8n&RsB|DW#7S^@`LTpnIj_I2rk{tZ(1F~hKSI+c0e?z^fR!rVfeuuJtsKBQPVEifpv#ivc1OuOH6N;KI~$D;-QRciV<4 z13hj9c>)jvsDZV~%qXbiQc@J=p;e!N7S2k@*UNydo6@t3BDR-4v@D&DKx*LrDKofS zASGRv(qiwn)lWe`7W>fl-XY!;17P)I(Em01H5VoA1<|#*s20y+gClXkEbuMm1_IkQ zEehs-iL4aW^#YXJUs(KK*RSiVn0E0s7f0O<$YrZPryPnUyKQt=}#{dJ$%^7AVQJ|*ol zkrly#b3KS?Cy9r@6oU|=`$dkkD}SmWUFn;UmJ zV8AjYPTc>>0y4d|VruThq(iXw;ueeK8pSC3)JegN`CN58+9xfa!y7y=~&80rs?U9BiH_n;ouo&UA>$bA^+`jI;*X#S_)Z-Qs z^z_a1SZ^&V%9pVoo=)qhxLuC##XMS&v{$J#`IH2Fl+b^QL4Xg@qaE#+W4qb4qI?0yokw z?aNq=9=+~eoC=idC!u0V{;EZ45q&f{O18{F(bpp6o{e7X?st4Lw?CoNYh~r9ZJDAU zf;lbltUZN^UE6|nIJfIAOhI5dydmsxqXd7W&&&xaN%$vipNmCurKuC-Q5F`nZx^|@ z@P8IBRk^E5uo8dwwo2jtN>!Vh+#!1FUtb8*TBMgrij%_pNi$3@mlX6A{gJ$J5ch_W z=;X6VX=?MPU9Uu@5PZyQ$#fwa=2|@G&$JQs+qNQNj<576(OpUr;8i12ZpM~&he4ZY zaux~w@>DbXCMjy&6#9P&)avO#px9DCpq8vwpo4scGE5B5UDTP6(TBQTh&0~F$E&GJ zElQ^Uj7CnrEh9xf$|y?7M12MEFWx^6;m`@Ev}Qk9nGcPt#KV09Ztdhl7YmK{KK9w? zwSGP3aQqV=L|7T@_7L+-X!Co83}hS7nra+0XaIK4XRA|~oKhhcz*BjmC(4yMez30Z z|9K2>%L#WN30lJ&G$6NhZty`gPRx0@;4G83aQW&%W^nxwYadlWx1!00cS>X*k82g& zl2Ujlt*N$saboi{aF#zsW6eMqM~AyxJe40 zes&Y*Rij`uNXt(@wUb+M)a$)F;ls0_Tt9tL=86 z$Wpv7ZLleL*%dSUi-I1;&%QH5SeBe;#zMK3LnR|#ieVQ0DYuEF?#KIr1QYHyutKuf zQT}TTU(PG8IYk(*ejEGp*iDvT)7+p&f-^|HEVbldyk8}Gpn3{9@S;qu%PBw9*s%&w zAW+XqHCLW9FC!cg^D;GfzaQIeyZdt3qC8F=dVq$1gTD&r+6nGh8h(f?ccFKMdDF=^ z+?J>{5XlE7go*6EvAstIbB^{bI1%a{EIGm5@OzM1b{OASH%R|oi(BxN-e3M*;%sJ$ zDEkS2-05k55sUMx>9cNW|4g) zpg?dGmKzRTC{yf<;E#3Vz6)&7P+pV=?~B9f%B^qDTz{_i!@r&>dMB zW7upl%H)8fb0e|nQBUs=(Pi5|vaPM^{ryr5if%@wYO*Afd3H4?c?Q0K7z z?`Kp`BmQE;Usmnxm>#cb&5y;21*1R6pN@kZ07LYCYz~pU^*n!ff?K>ds~d9VRJUhp z+@%W630ivmRy`cU>v6l`FDg;iLc$*Q?SlvZ1yi0XD<2Yqq3vt}wmtypp;RF1gZZTY zG7stz5+|Vh4|%k7BqdcD#fN|1zJioAiSSNRbUN;W-*H1?t$R zOd(ETa}6ed<1X|$?uDQ49rtcZn|lGa3J7=w6=E?EB($G&iBFX)<2P|U#vlfs`p>KF z{!x=6{P49iJ3KpK!|m+Eva3#?Zq{1tm8ssx+)d!KaKy#S4?1`pb5b?#B`-IK07gXjo z)hhev{<4 zo`wdUwj09}A%1I8&_?Fl2|TcLM^+tn`}k7FWEpHNX~=0ypSed5lM%2 zV%x;Y-Gg>0E={}l%;$gEZkngXvzhp}&-osM%gc8(#2Vl9p~Ph?FkhMnozIUAs>!qK)gU&ZH&Y+gL1B34m6 z4!3{8lwcc$yl_}OL@$>gxkTspxtb{)vX&<&(jCXZVce9kIZyTc>^gavv5b8QFzy)% ze;fBZhKhfZqBIMdpq8)rxS?sBC(n)JSr*_WE@6Ms{Y9v`d5QJWr*+}P>?gBd4D4n% zPkrBok>0%={rPbLiiig!N5lWfSFYbA>?y>=dGfKw~~geO0+q{RzfM0wKyqeDajmEnBAnwS@4ua_1Zx#5Kv=anWaL2 z(|%3s|3(T~)GR&wUdc}cNCvj11zCf32wt*G$B!gBX7^(qgXaX`S~dc;Qap?!*BbaC z(v0z_PWPJmv)5Zm1t2E@{1bGY?@WDlTEdm_)?_NYLG)4xIw{i`vzd2lBz+q8Mp1H~ zBI)9+MO7B}oPVU#^f7Ed1GypJd)74fp0&JOM3GI?Ljgurp+5Hv*xXr<+6!Ki{NBmJ zV!Q%m`o8VA?5*%XtOtCc2`k>AghDrN7U_1`RQIkrt|=`}#c>R~{J)il>@uDH)9z5* z`S;3q#JY^3J0>7A!VY66_u4?M7CV^8mC)gbnvw)9f-Cexfb$H*rbM^Wx4q4;dp;V`bf_A8#=vlV(9BF=eky>!~(1 zAbOTa|4H-!{76jfrtHsO6LQ7CMW(4XIu`9Z*LWs8hmnfss}VpJ+Ynd=q=}?t>^-rTy&zKs+6aeC_V#QpzWTv#iHqNsVUPTi(uC*$GG* zy9345BOxdIoqy3kszgNEkMFxZX9Kpg%lUJ!*7UWp5?>So`X~DqB`AZ>UTm)*R`Kdq za$@hCnb^V0MLqW8iKp7T=rgV)c(UWheK$vMvA`KJ-Mt&@hYYyXQEU7pM_8Jf6>eUI z+Q-OeMU(r!vD`#>=MI%-;oNb4eyN?V?DPWVYjnfdJYgff!J7ZrRe-+7j z6WodUpqcTn#3!X(x#q7d;6I^1vXr4-QCM8NpL}@I8=?YIF`r)`-iw+KB9!Be?!A!6 z$R=hs4E`hk@@iFvkFmbp#ZY>Wem0UtnQZQ`WF?k*}re6 z>H0hR2kQUeUvr1!Av9lk2B?mCO2FqF|52pgG!JyQZS9dBe6$_Aw8Q0*-n{H|Ntgkw z(vROlZAJl|@fG1;CnNX#H=5faZv%We{tXveHboyUAkNn&Ag)rWTcNK9w&;onF=wPR zd!iV%-s)w;TU7kPcU1|q9`?=up?Fl3noh^z(Y{j6k*nqe^q1892@jl^e_NAE|Jos8v|77w zr7Sv+j-7@CUa;o`sJsba1g;V$sk)uFB?~duN`V0b-&)nI{Bsr{ct`%j8Nyf=pW`a2 z{$4zJ!1p@I%JYwldmUHwB%QZpB#wJcO|BdU*%P14%9mQ>5Xx9Uf@CgOaHnYlsOonD z@VOoP@5rBtSNP7kHcI+4BaRKE6pcFN| zKr+{lNKnqNU_qt*TOO_mD5d{BsYhF)vPos-@P}X68|>uuZ8Py~8i?ju8jmzU=d?=q ze>~J8&`Aw4-_fHQe)HJ+jO#8G$~ zpIQ=7Jk%0$^IPZfo5Ct3@eI_8mT1rLW!_V>Gn>cqOa=PsYu`ZFnJ$xUY4!_yL~)q2 zVtSCg91NsmTtsQfQy1(bZRbltX7Q_Rgrd z`w*53qbt7_{$sbe2Q9l&YQ#V}MQhluDZVyw#aNYB70v3_A7jfsj<-nk6_J%O+oFB@ zAy8s2FhtkV4n}xS_fzr3ACa`${#<$>lBPZ02G^#2ngn4Q5_}WD*XN#7YsNeBf|Iro zmLK`0WnY;EM|Ukg+@4yWEzF{PTw+lgp4l^C2QR*}6G(4pJ5|w9xc)%t^U5)Eykul5 z3m^5`3XJQB(Q}I$~bRW827WYLK>wq7x%O#l5Hlg%^EaSzor-B ztpfY&trWV6Loi#H21X_sySJJ2e?;kkZ3Y9|d>Z6-d4KUw=r)EkMX0LpGQ8$VP~q-@ zqO1Kj|UffatSRUQ!pM)dvq6{1j5)GlwsyNBtGtYK8<%hv{` z#HGjob?WcW>TCD>`-%F!cb6$T=6zs=HaJ(zV7D#zihBf|mlY>MCYg}gIl3^xnul>^ z+)xh4lTqa5EWT3Fy;oNJ4BXyLe9T15;@a6?EO+%L zewLz@>%p=$@cYCti#E-Xs0NbLlcR<~xcl_SE3{Ms-+djHmV}{r%F}x>IPFb!DTH#( z*fK!3dzp8}&M!at$NWgZI^YMbMZZZp>wH~{_&dK9A_kR8r@kFNCFnX3eP37(tr8?o zSk)Q+5*IkG_;Sn(9i$64(~th~jBYF9)aRk3I;q!#W__RlM6`%|Dzq9a8Z6Dn{#WwKC>ImA}RLsGng%&Q%uj>*#Gr^M(Cg$y( z(yE2~U=^&kUCqtM*cc{0(A?N3ft;!bp!jKT|Iv<-hm=UCY&xFt6}U!}%tRk_rPV0D z)RTq1$Wb2+ds_vOAQ$<^Uc_jQ6cFEM{NKxBVLq_?FZfZilw4X=$A@tz>H#v5b?un3 zdH=r3%YnuzOoWd8yVu}?39kxdd-`CR?%($s9(+6|{9t0|I|g~)LZE)nD;zlzFaWy? z>mNtJga~l?%_bS40gpS9xLTW*cS$c`H96czpS;3>=I-f@-F<3nJ`<*vQB3*iAJ+r; z6Ip`91q7o0G>7$j4bMMQGXL{0|MQLg|FB}~zZK>XFj++4vwSOLa@h4Zg z%SXTwDQ<~ZvE;Fx=DL!oCfbrqDpc=a;Zj*}z@v1RervNgLcYkKs9gJX-uv=?1vi~O zKh~dnPZ;~WQibd7yYB9Wcb`;^G`*x&E=z2z0+uWm16GWlubs>=N!hKBnYK4I8FFFv z%2udXu`AXSviSb0rnChl>DF7A46Hz{5lCY{*gF|@W;LW&?O3rjS^CIdfA+&c6upG(TY#^RCraD^m;XNl?wXgtpOaZU5?7 zDwctf+=Me=wM|xF(b`$5xr8oDZ3zc$pR+D?EeGSDk1925H>w2ma-gyaQ!oF&#;!gn z={pX)Eo&X8O>fF2)2>9zx7tmO(rGJS(xLeVC_<47B43a+Q3=tTH`~IOd;?ENEfwb* z*g!^L*shfF1vD2bYQ8IJps8g>q5IkPM}O>g`}cGAz5D+0`99A*&-Xsh=QqMbRs{OR z8yipB`o=gBSUr`fo+QC%eMv|PN-ZB7u@zk}kSQL=@kS!X&1Q5xjWnHF&_P7}^SHa*T87j1+w-53018& z235VXzDi$~KL}b>et7BCB9wD%YlLZBtkGfn2^s+ zNABOPV=b<-@n*5Hn7ko4eAUX)i5!BD&sV7w#$0%^C;MK?cyT!Gw%Lfn{dAnGwo_u< zxjrUk6!Z@|Qwbb+$u1l};dyJbZv_@^!Lrm)g1Vit;nLbk)7_+Pu=%1({{8Ybmt7@( z5Ztg~zO4xKXb&|~(c6#fI)t^03c!k?m_QEGG1^bxQIhX&;ofzshFcL9C4ja~1t3Wt zQ=o2BUk{JMBVSofO=Z*>L$Zx3c5r8#MYGX)8E;ZLLmGhhEF7=6CLC%X?T{g<)!j40Gozg) zr_ihzC^cBAz-;_X91yw}&Wo^t(IZG+8yq|z32Tln4okZOq-U`6h-9>kE69=hIhUhr zBkqfkH3C{kst-kiJxfhjP7x!rh;9g2>8wapy`Y`Whg^Ya9a^3hRpPrIw?a7>+P+Mf zTsZM+RM-|I<2K}P=Py1FDYs~ejwr4w(l?3bUn;>)7(s5bt38;hB+*H_yp)+_`C=po zr0c8=x#=ctVuMi3!w%(~Fie>0n4quxb-vQY@y>Hd|3cu(&IMIula)C|W#Q6EWBzWx zr8d~{!ZmLL4qolLLO^ud7>bf)Nfqc&L}BxO-ik7$BJ$q*=wItLNIBaq@gO{OJ-bhg z{@TV#i0^GJvn0Ab#kP|ZW6daa7wXwiiU|@C_fu*xf#6d~pD~A1sFWTZBZ1yQ4Mv|+ z@J%r1ynrm+yc=;mi=Gz_jdKV;AHJ-fewm$eLjyygRB1|_^iINBF^fT0DdeVjaEq9T zU_kE85v|PGgBkNGA}paLp*1Q|w>CvTxeb#G;Fcp`u{PdeWTkF1whr_Nhh`41X<0+w z9413sP`NZH?RH)GQHv)b2|lP#khZFnI07*KX0I5PH3{mAN{^?_Y#PR^dg z6GVk~oMFj;(Jc1eqHOQBDIX1eGIl}VT^4`3In0|c5G21{oda}A-T~NFghG5)v#-~_ z&DA6G#Jg*6rvLude&~AX|G@P}bQE;{%Z%yw^ZNl*^uHbU(ga$OFL)-2`B**uH;MeK zbNkPc_7w#=b4}RiT?5=|vcUHT{WxveZfip>zHiV;r5+tXXZ~UR%MQ2evF3xb6EmB- ziA|nF@-`$(|0iy96$}VAqa|pq=gl3dsi{Yq-3cEG>07|ajM3IsNlYr>;2Q1RX1mXf Yau0kuQPM!L1}a8@erJ67r_N{p1!G$H(*OVf literal 0 HcmV?d00001 diff --git a/docsource/images/K8SSecret-advanced-store-type-dialog.png b/docsource/images/K8SSecret-advanced-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..8b43572387002a4e9f44c1881c63ec437eee085a GIT binary patch literal 37373 zcmcG#byQp5x9CetTc8vuQYhY{rC4zd6nAJTuEn9aJCtI@i@UqKli=T^-t*qmumyn}g;r45IH z0=U$1!uD@Q9;lGmm4#o%Aq!(yFB0%lzE%Eq<>|4&=WL0ZHw`l+eWYXe92t;-37#2} zDkAu+wH4)=Q@RGi?+mY8OpG7`=M|Yj{=a@dtQFMFp~qY4cAPLL5u7*#@Bukl#9a##a7_kNP#5sHnp1R=9MywXag#G_lmFX(5rdm%cD%4++29b zFX*H&+nlRwMz;sZe>d**^mFjXw&TAqpP+R;)kpLe&WeAZO*Ztl>ZOB#Qb$H_N%f{nq!J+g?QBx$^P3D;7+Bww5T@WsiRzU)@!LxUYq# z@?2S^^7Bp|6g(ccOlfJy8>qW}Zss>5KWfxzD^__Kz2sByby?+_iinhuG=+b&#bJ2Q z`%R|W)i%EGv-h#FbO+-DbZPElMx6b5)TOy_=KuiPFF)(TC608;*A-MF&Yg0)Y{b2hB3GyZdL$9BJ=kam91^uf51atj-_w)_ix#EJXB{=^HMFyAd<-J zDmnC1c3)E-9gEltrU4;~QB?%;t_^EvQ**X2Ud*UN$SI=FpX>6@uq_TcD+$C@tJ(-| z!?cfwD}R9XJNh@@0{w*BAMaON)MJ24O9zl8t%Cr@Hz1`}g#D*1R*Jm*We5%^*Ip-! zwdZSF)eaEmPQ*8GE9kH82%_aSFb6YIG|K}U2dI~?MwEJx3>eJ2+vFc38mu*!stvZpL!2i^ya25X>~%Ut%&oxRrj-BA<*c6>1lZWWQD45 ztaG<}*$bA`m|J_1w`u%S$?43I?aenK%xa+M%kU5@_4J1?Dv?631S(u*_FiP=l50_3 zk0k-0yC&b+Yh8RYa~fbK#5LVDL*nU_a0(oJ{{BN_{bV>fh_G(|)aGE0?QA%gYE2DC zKrz6b9GmU3y^`T^FV}3zj$6MCxeGnRfAQ11zwWmy#El%p1<7vn`}yJuJDsX^tBav| zbpn2Dc_PL8b(e6RFaZmHhYVvt&@!^PU(tFDSHH?*uivCH;Nqy!&{EhZ_wtv>#a+^V zN&9jOpx&_~bN8@@Ur0yjf`gCp32GRdCWPTYaWbV`*1|-LUiQ~3^Qqc!4VnlQ*;m|E zmNIRQ2!*J4CDmNDi^uVWy5`ZQ+XXxtF(f;pb`2hqzhkWvjHa7cv|N(^-okyNb$I>N zHCUG%ubDS%Md#AZv94OekY7-j6MYd4WcI>GX1Avh{>|b(3QC^l_u_*^c`&kbO>d#} zTlI>=eAosRk?_&oM}CHf8^kc3IPsp)L_TzLKnPyN1qb*{2-KEx=zKRE^ePp6xPf4} z#PSKvEnZLJE$L29Kl16~cKY5oAryOz<6QRRmG4sbY#Uwh_Gr*Uf4ZF*p19`(G1w^l zc^>tAL@ETj^Rg*BgJ0|ln-R~D-+%4ov@DVbscwIaiQWYW9Jq280`coVlrtMDrnafl zKD!FsY+5lEN|(NRzBbD9K}4H`keD?4(Ap|KdVAZ-opD-NP-Fj*6I<1u)%tb{xrP|5 zH>D&-xN5J!?(U{PhfC8@@n0fCukgrX=yA1myzN#0ymvn^d*l?u(rxY^yZ`knV)^U+ z0C|74DP6VZ-NtbS$6#mq@4kwSWB;2qL^1A-Jj@%udyw>bmYe?%nF%GMHQTej`jN7- zGK1y1+oea?Ez-zeC|P;+!DsA7Yaddehz6LOUTY~6m! z>STJBo;l&X_wtc()JH?9UmjqqQ?z{1nflvuq+z4wqgwZfd9A}rNeFlf zqzo8}mR%ucr;XPaLr;p|86cRAQCCl-lvTZ9oTW+7xyRXq2=$;jsN7au_u_eXridKH zbRtgN(VLN`O|VL{ruN2eKIOMW*#(5~!o1wdb6;}EWOh0MI35-#8SAz=)RZz*BfGV| zLfeY97`*srqsPP0#uy&!lF7-b*yJ}DtNFB)FSIrQ*>z$Tq)O^|UbJX=d>hgwB`LlT zyD~m9BwNV#FfCz)ZmbqSY(s-|19>Or*6sFpG_~ZlYwH zyfh@aFtCL0l2j?InACZEe9v?(yRiK>)yCK9&fNbq9>3sxq556~P`G^XY77<1+5GqYO( zi#r$KvWJP4O&L1@A?{r6Jt3haYC>|KjpYhnTiHw*8XAu2b2u0dfpqeT@JlzdI{akU z9uTcUr`&lkIhzg}K1J%{GKduHSCo~}_Uv|n>iF<5s#HSSC*3i#J0Jj*$|v9Y%Omdg z{E_1-2Yz5j?^<8xRDdAZx~!jra)5l?%qgld64sK)rx%O z@C`(VLIVbz6xZ)|Pfa5uVHE!Ly0L=;A?Qk1IXUl~oO`2jL;Zs-!3nPpnfL`6y4^9B zwXTEV0al|ihKVdu(*e;Mk0gFy6vgi)9gVM2MUj$Iw*%XK7P9>i_X7PC`jX9%wb5K;g|1XiiR$nrvn=s!y~ z1%Ig`z9obsY&S3)cGsADMF2!WiQuXeEm2 zeps5CeyCOPGl{{$c^1d`ft%Bk^ZlOC-2?yU?bk$tptV|0z=JTaaMtNWTIGJ)fdyW> z6*H&jNG242x^AklozSnM)4gLI{~NOix@}A{$ZrOGji7|$hSs-Vs#?pG_b*a&PI+-!l$#9s^a`C04yb$pEaHE& ze})+z8U2a|XoBS8V4WzU-mhIdWxe19U1)7YQnqBmIh@+@n4Zm=D!&4LCuQjQhSqwp z7&AR|_Z0nl>>QH#x6|# z8*}+Y=DKV5t|m2|jFODT$mo2fKZX6Sm`Ir41=QF=84twAKX9jf7B0!`+~{rRm_9@2u8Tr7y*{D{4x1boaPA(8mmdB|NMER!QfZ zA`*jlE~__~%_l;Z-FWa@h;B=u&uZ#X#GybZt8ZsjowjAg3#p(em^VaJ*er7mi9BeN z@&y1v1DcNs)h%H%8TKq%sVxj`Gph%qe?s84)fKI9X7`fzZK+-k49Y^q$q{gq$Omqk zFLbU8tz2A5RMm91PS1jwEX!vF^4BHcaJ%NmVohVBO>wio+D*Ha>K6CzaWQV1Hc*#} zjcrH_CdJYhU+vL!$Tq_AX7`JKb$&ZU;I%xWyqMQKxXIm4r#D#MsKToY@X05T|7Fzg zR}EF6h~QubT&^SSU21F=g7!O{M1dCggz$p*0#B%8??AOA76S>@Eiq zLOv2i`{VVJS0|qzPd<=#9w~e5_-`FNYlG6hLUR}8y+6QB>A1hDzP8l zth?x2ziV1fRJ}@~f~6gMTy4f=Gx=OAsa%RBJ~q)CT4KZc#bWon&eegGBn(s|Z~PKX z@9h1b$$UseepMFC@v-`TZ{5+E-+EbOJ6w}eX?2QBz8ax0>1{wPgt9G?UcY3WGujD0 z2iZ3S-TO|6~C+CA|c1 zccOnU_Kzj@y2$c>xiGLe*tB&6MSJCLVuLEe6_TIyf%%IE=>q=cDRgL^>}(uDpG(#$Pbi)L@YPaqWULC|eR+!%i7SY$*#?F}L$ld{`?xl!L3r`1YvGPrp<=i`-)e7c_vSo=8x>+hy4xdQ~`M`5qOLUH}hMMkNerssb0%FwjGP@uSLfT$f7$3D9*&}eL_SA3X`&M+_M(8Cn zy8<&jdeK6?v4KKG;rA=yX_t6EORxbe5)~q;Q_3pHM`}tUny85IE0twOK3d=B6#DE> z=06{ei-6e)ckqY^p7>Jk8^SXLPM9s7Ulw_PR8UcS_VM-m2!p?XAKe_JgX4qs7yHA5 zVDWjmP;%Yqj&yBeb6o_w0V-P~37ofYvJF zBzgV`8i>33{<{82-$!oM+!N>&Ntvu-HK(T8yV@t8^&IfXP-HR__c{j!Eq`PEe}S5x z&CyX^(EsNy0oSYEc>ltmPpx^d{)2%2FE9RIL(~7iyIjW$&6nicAvPu{fWngSxB1W_ z)^g3tHs_Z-F1Nc}|nrYo2wa*BRqV9=ef-QE@O4_78IZ4#9o zsEmeKF4c%@?UpLjzQWZVy(cFfYd?YgOK*Ly zZS^RXAMqUKKhAH20A(hHKr;tpQjc_KEBQ$!_QEvCE=Ux@_?HZ#U3W4)no1;tuz;Id z+h5_9oT60kywDdT=1OPM^%ZvY3&Av9s8=dW%1ZfN<#UK(nWOZZ3X>RWWWipv_ zlh#ZOHLQ6%Y2q&`s7wooH$2O9;=nUU#l?}{xUO8TgPU!vis9EE1RhC??oEqlTvMjKj zKIA`Bqt8>A$-QqcbGwQskcRC>&Rb@QL!Di+X6YUr!0XYps4r+(yZE|Ur_s^7`}Wiv z!!~d#ECzAKv6X^}LH|j>ZUdgbgB~vf-N6o$s13KvZ)o(7WU0#?<&jaj8ldJ)hY82k z+MaKZL)g`yb(`R&|agc_#$<+JEs%(0z= z3dO6nZ%zG6ulex<@-(LM?9@tk&vw|etCxUVse>C-Fk>64N5v`iX3WQKOzJN%D-bgN z9no6JWBzBpILf6q`wj0HbMkeyNg_QeowL~|@01lpvjCfx02n1%r+~;W%ts?Co`qL* z#M!rhCC+1S0@5;mIdg|wDpHj1Dfw)Tg;Ika-RwH@2edq`_7`0{FPBzTi_a3ds2kL5 zX&Ie4t%*H9r%GS7M%PZ=Y;G15q~xqchfPtr>P89-vP{(O2K9M3mFDL5CdZDA1et=3 z$#(f+M~IPpc1v1-c*>G5Cu8xzOtqqr4?j}_Vx@MB0(Ncnd+EQa$C7SNLuHK z9?2hXMk*;OoT-|RFE!OA;fY%M&oZ{X;EpmB6S)}7Tb=E-)rK5zF%^x2I^GB*IMzl#LdUu>d8ajP?I{Pilz)>lJ9rX z_}aAhCg_yOcb8_Y7SXnzBHG(ETIjieIipr?;`of$fXSA>X77IPw`bO<@gFJO<+g~+l@cAZ+RhO$U=tdqap)@&F znw&V1?~Q#gg-LdBw2P_i-M)3SlCo9}cR^d3M%h!JoQ)-h{@Skecb5xwd~rURWN)sb7Q~X=qWwEfZ)9@4yU&SvNP$T;pTyPAdO9I}XFJ7^ZKItqik3LOng#!lb z2fGEgK5OC_w(Yw#gKd-Uum0>7Y~BpjKG9b7(onr`Y8W3`8;Zte&vb4O3~`slh?X21 zwWop=QMCKGD5w?!+j}_@6a~p9W>?gUH8b-}FdlZWoj$fBD1i@~DBOc7Kg24cI9jX3 z+p*Ulzu*kjj)ihVJRVm>vCfr6;ePxsf9MLEjjlYB;Rd!<)=YFTX^J16G@Pop!fM>IgyMLelA zVmUtIktda&84IPA^+G6)t1eqi|FJ@fGo3{PLa$#=rf*x%>oBl4u55zt4<_l6Lo)r5 zg0&@Jd5sE8LCZoy7T=^)Of(^>b?12A^v;WA*S{7r!n|^K*a^}6Q^^bfy0QyO71#2t=E)!HdUWQJZ}n5B{+D6@yqb#r6gMQSVz~;tum*LMZK+_>KOulAuN%4kwc+PP91kXh)TwI$$l58) zRDVV~MSen!_4W-8z_Rh!%7tRj_U2|^&`r==v!%Rf-~`1aF5$qMF9|PUBe4NSRMdEd z`)hz{ERvA0Vv4?BEvv!BqB7=G>T2|~j&xL|-Lfe3-QE&;E3*60D75iRYy1}1;&10? zuT-)nsRB+1nq7Y<=(r3sIa`C^11*NwsoaLt%fe)JB%x$*NEA%t^COR-B0F>i9bI`e zB8EpfiH>_3@JTRrIll*MKhy7J;QAg77AR_z#)sVS4z=$|J92O+BrJ;=jqqR{1nYhu z^3p$RD#+J0D6>&kSXuD5u@6vB)iqaE{vAePw`%PHZT8R_i{|qKR>G#Iy+CWG6CC+0 z*JGy_QnvDwM!&DP!F!#>TeP;Xrlz7ne#^t`v!5-So0{AhU%6b&46Q2Cdha@It&Yii zyUeU@SaIJmJ4frMw6#@-X54_*s;Z$CjX2>d?CBlQaKF;3!(&jDa0DQWlBfuiyxwgJ z6rlU#?}XcnYbnKv>#eD%$=%As{X6feU5luzS1MG=Ilucj>!(;bT?=y+zQLZ4v&h%j zoX2vdJ42IoD|g5Y{HOUVsySz?Ue$TrZ!9;r_vZ|o5K&YrL|0evFUCr<>7@bc7}?YI z*1{5)5@G`y5$V{RF#-g*YH#eLHAAizfGrQ3k*<3;5gf%%{H-@?+B8RCCn{e@Z;aID zFJLp5?K_APq8Jd4PXxS7XuWSktQE1>T@<5#&Hy#+)DMQd2noTUh+f;>tl-vv^?*z2 zG)2YdzZrSej*tnYO+1LdPR#Z~e14@gy&CrEWf2KX3_W_aYg}9+Ib8`SndCSCj7kaE zu`-omv{9NolY^zb78|g%6p{&)Fcas+6e4*s`+@=rXX+;q_pX3AofXW>X_C-*yL2r> znQg3f&$cg5M{;V@89qWKxTBf^3_|Vk9v1T3adh1@^%$l(1wCyNByZrl;rL*!?gk@5 zQYFKvOQDsX>9>W?_vs^;`MrP!0^dumQrt#AKNjXgn%_>M@OlO>CSw^7@094FKNo~F zgA@6o!6p<6eF(6PzJx$cj0nfubU8Pu8hAKjyJy|Fx3h$m@+BS~X5qd$m3QxQmjc%Q z`hoEPytRKVQ*6e!DP>lD+F8OHc->b@RctXv3F3X-HM#X@PSY)XyT<*e4@HGXhBvr2 z;SQ1g1xJu3gB1QlOIN(H``@@if-7QSd)mX+mUx1;PVPbj+n#1`iO6nLT<_;%USha< zEz_D_Ept9c|c51#E&=^t8cKl}NxkUzb;o+ziW@KM`j*N3!bBW<+Do z453!AkgCt-n`~Mcr}+7Rsp#LZjMwrZ>=ff1#8Z@-F0WLoNGb5ygWLuMB3>_x5AtUc zy?4>Mp5fR(ALo%F4=UABHBzN*i2SBoaBb6=%#{ zU)N@{eA3{ad(&Ym3;rRz_m+@=N96YfFYyhwBx9@;F>yUBA8Xr&)=bgS^P-UR1%-uk z*MVe%GDk_eK1oc&*6BXz8e*hSQ-$%t-63k+>%|_Abj_z3z?3LA!z?4SH@UpZ4DKls zeqJ~@f!9a3M-%~rkX953ky(CV1;7B@g8NNW-i`{&64$$P&j}V~ToyZ49hRZTHCYu6 zckEsvg7VGe24$x((^VLBpCTeb%10XjsL#`%>=}O!U(3x+-Qnjn(!Eb9JX={x+tl@9 z0DR!5@u=vOX!%?~E1rmhe$m;LyLQl|(%uogLJa3T?p*oe?8l!Fd4)TE5Xg|f_3}q0 zKiFXyASgJepImQ-s9o^O<=n^)dJmqgig25wsH_#-C3WH^Z?A-kPp~B0XYVq4>Y|Jfw*oK!D6qn|ZXtv5O*v6WJpNw4Or0^s0P6tCLF|VND8v1X zFHu-d={b6vroptz(Q(8arN@SB6iW0r?p%XJHj`-3qcf_VjBf>uacl>T#%Wk!kB zb<6ARx&m6WJ*;UH$|ME&)MoN*@afR0hKz&DuT@bIIa;CvbraQRaoCNd?a(g;6Y@aQdLB!>=rZvIA zEXO9~UX*gh@M5sw4M}mo%&Ug1&bewuZ%Ks|r;x;O%o8de zSGMZ^7-gE8;A$!97p@e%v@9~E@NLd3-FUxy4?9Vj0I^CB8*j5tq^u*jfik#qvaoj~+C)x8 zxT!QpNQ9Lm%{>28XuUDwF)cyhTPRcyj0&b6kB~prsfJvU*PrcIf$-rXPxL6K`N-D`|gV5wSH~ zcNo_|JtLL3M`6_oz&J%R1FzckGhq?4*z^b(+bqsv$3=nogJ~1Jli}@?Ts)r<##}zj zhXB6vCM@dbjdx*C#^I(qT1ZuAsNJ3l#!p$OMXeUEEm#umv#@mgfdLr$_M7Ye8%feG zU~XaI79?h1rL~g}7p*?e7g_kcF#6_#{V3V@$zR-nu@|r7k>}poIS*SVknk8fSg&Xe zwnI$MKd3E!Xx!e#@9f2spWX!jGt>GvOtoe=amcvPj-`0oO;3vAX4B$A|4Ih5W3AWK z(fOTHf~okvX%+*`A-R1XhAZ>`HuhgGN}d#}n0I;bqW%1xoB3Zd1pjZsu7C-+-M>;1 zF>QQ|S^qb4`L{g9|3(T2QSFqpw6wmyK6S3CFc)Hcq1CUQj8-bZKt@#3qG9dx#(Jxd zC@(@oQ_~*-fr0E6WT<^Fz}D3dm(~8`LqjcoJQJ?ddWh&k=o(ckF+t&%f&FZll@_Df zF2$f!x@PG)(130=q8iTB@`?XcgigMY<8Vke)tb8bOXLBcXf648H(|dZ7D~%nEZ8H5 z--?yT$(D#RTl^o90Pm}@A)A;+y5=D^f3}V9S<-TPN89d->bG{FJZ|-2Ar@C9pCUI7 zu5@E@s0iDj31$@Srv^ySJ`hx=iZT`sX)+Z<1{Jm-?CRvY*cph;1y|PK6J_M{7{WKY{%GEJ+pCkc`%f@p)^&S$x+c_IcwNh zt$?6SK-1gIPJ|UJEL>@L0wTaVs@*E6%+_&&i_9?cEc~ILF$cR}<&4wOu{@cNGbq_S zF4s#^FS3Uiij>R-H|Sc%rhZWRVPNnh<2C$3uv<;ty08%^EPUR~)M9s&1*Pm1<6M*% zHnxc7nqpmvYybTvvtjXKzZ|`zK%r;aNr{D_y@<0Vr3v4gL~YXE?q)J_<~pLRqCBUF z2wsa|To=t`t{)bAVd8;vCKHp@l#%0Q9*86V;aNfjxv#UVuK?$43UaN9i#zIkApN#) zYut%y1{Za+;bI#JJDI%9#X=r=r~g+D^k{NX z>)~56V0TZXUbeeK@rw3Uex(W{u!g;}VlU6cT-ebqVw_e*NkyA6SvH|9GLyTnQlBad zUp(E8MyfbL_N{&UeD}WF;T%(;>Q+d?m|E-L51^c-vzv3~IP;=q;VY=Jk<^|TI?&)x z*=6Yq`s2g1F@nT3$5QPVjR{TDmt;(^#huJSvnM#Vm3>BySc{~65EIv_Aq|ArX!5X& zP>{ZS0+;BWtb8>o1(f3TQAPlsf}6!-4xci^e|oDcAk+O zB9oL?cxBOEQKlF`3$IF!pH!}TOS8A}+w1NNr|672=mBGE!#;VK_lSLEk9=&Kq6yr_ zKzmk`{$dt=zAJsjNL?hu@^D z-y~_US^$&=^v(~-TPkDC$iRZ7!68iszOhYp=RpzACJd9cRYfJQY>cFoDF#rv+ZO| z5g4MUQ6J_HkA85it;jE(SlK)EI!pqCdGm?_hZoJ7)bcgYY#SLOprhxj6LElP@nf7g zetM42$yU2Xu~JSz%V_D{g?+h8Z9&OqsM}F@cu&Uq1NZoOvt|@agzBDCc>M)e*80zE zbgBPj0mhplJ;tiqW+PA?ag=3jiwq<^KQ=JmY*VW&EU`QYrXeUCXB(TkW-p)43&B%;60YL>xC_r5c*3AJBn`(soV6l|UjQfF_uPr)fOfSi1=Qg&A5Q_-UF zMqpF1se^@7tpO^t8Ew0~u+Z!X+=%_dqPV#D5w(>;>n$e7V9L3yhewcR7$o4RMlDI# zV_YngqS+rEt*eLi0(AO{`splI=VDWFM+EBqo6re0K*^!?>P9z1;a7A+au(lM%2*Y| z|Lzsaz_w8S*MqU28`qD~|0*JQvPBE~Z?@rot1wv6F&C{}RYJ-6ox{gL&P`zyrehA< zUqB7}y*9_5;{Uub;eU6h|EOg!a^!@Zliu1N$3c=9_NNZc=A6#Im$n`&=zs z9D@+>L}pEm3N6RW{rUNFP0`D_Z!F#x^IwR9pP|k_uNoT~xP!&Ti2qtZ`%Z{&L!Z^@ zN<<2t1!V+%>LF4mx^;WjitXa=-g&v8i-mT^>j3 zt1L=y0OjKIH5B8|W_g8k*fzR}7yA1uy`VjYNH^Hu&LimJ&7Te1KAUV%!(d$d?VgpJ zI#|GooZs6QPTc0Dy<=M`;?IrEZV2+(oytA-J@&rvm}a`juC1-Ty}dm;I&y3G)ye&6 zm|_4NmyQTU?dtW#XKo{Vz?=Ol-%DI%5%#M5dvuHUOtAgTreanV#w{J;db?E<4mjt_ za}Sl`#@XIk|MWeg^Fsya%*68w_TxH@ZMb|Mb=bIE`_)!@1zT>}YSW_I5!bT4#(}^n z$`WYme1Y*F5x~4PFb`*`<1VDnZb<_6n3H1pnq#x!boililm7I~5)7I~bY&MkGivk_ z#6i~=4c_w@Tv6?t{^kGSL*b!zz9R1e{+b7(SlL_UGcvDkOf> zSArLa6NKQr$F)wDDUQEe^*-Wd?2K$(mRkcJS)@};{#Y+il{m#h*M7Zf!pfP{szw?- zuOr~tn0}yGP1^b=oMP*K!GbvV6{^^!E@zC*EBXE#=k2We8J-0rdU~5z)cuXcrhTUb za_>0E5nfjy&@2w|7;yjnYtM?Yw6Nc+Xk1OzBtJ?(!)jmGFCyvW6wdxy7saPD3g@fIiX{N^_2ro6&ex$ zL{YXMbVCjB(%*a)kyeE2s_8a=^ZopP^s97Tp zb|2uw>-JC)fbZ0rEKDZm_ki%U`Ryza20D=}6MEN;HNS5g&9?=01G9}qGt=S{Q}E%s#EaHJJyn!@w#e_ho?}-7Dp*)#9&KHTqb!^c zb-}~Wa>gm+LM3NV&p9o4rE}J=OS&3V49?8$0kvDJ^jhnjwnk8@m*}VVzvoDe`EWF$ zX62o^yjIHxoTXQSwkr2bE5w5Fbxvm)!*OVp=r3I|x*!_5CfJiD{Em6tTy9faK+nM& z+c$Ah^CKNiY%$ebZKK=KGkvQp3*vJjE+M&x7ciRK{sJy`dG`sv?s{aD_{fY*wzNK5N!jB*R7<0 zSyfa9xeY7b|3kqdgL79s+yEIl=rr6)5gN{MCZFgRuxwrdvdM;gr!_UA`YGT0&+hmV0_ucgoihO8egC`-dbfEF*sQ!P)CWQ|xF1 z!e{0xpn~e*@$?$aYJ-Q1S(P2xJ{6JM&GSjoY@N>3jb*)^KE+nJwv?|}^7e0y-PhYK zVlfc6cegtm=e>kLTJfak(IM4>rdTicAWf2$iNN!7Hcb}qT9u-2a?%x>O;fZ01HB{z z*Xf^8XTWw|g(FKR`GG}a?Nz|gsp*3CbGP-^n1f;24=jkm^*xJ_bbjNFZ{|MXyIH4W zRs&tmOS>xEB5T!ieMiob%TqG9qlv*sV3=}i(q59c|p&)&?jf0*$%^HXGL?hc27 zDL7$W9O&Xic5F#)s5C;r$k>n)OhiTco)EtdQ={4d@afYh8H$>ztq_E+hI45~)%1QfLBD!Ne@G9}J%v9ju0VEcP>yPZyO~=--D} zXt$XEr3|1Q@T8!kNj>`Z49$T=>kI5gRD^ZK`YK!F4__ATXmNq4um0`zX7{_e%WqD* zh~^qGaH5+g|BbVr<*`*7eDnWT-8;b_a@`D9ma%u&Y-w4^q$~luuS3f7W^8Wsr ziDNU{K6Q z{}t9xQf}jCtr}b*G-S zwH5V+nQk4b%OFqs5qLf7xns+}!9CqU~w@4Vi@(5=-7`FgiY_4pGqvKKJBL zxYuVDNR+2zwlj;U;G}1Vs;M@V%k2^*?sB@iD5@F{jc&@1Tx;z%a}NIC#GMIBrJ&a! zJDUN}(|eCKU}tKI7?x;qcEq#bf~DGB4;I?m+9-wG#xitub<@+*PxMGNn~91 z{3Xc>Z{^xnbyQ8JiOAfx3)Pay-REC6CKhiN*0>Cb^uOaFwpA%hU}{X`x0+OH_CW-j z&V#k&NK|OkugsqnP3M{h=Iu55wvWjth8R5Z7fW&jbAGR5;~wrq&PV*SGCpX2TFCR| z0U-wJ_of*GYSDP@%#VtWd@LMm3+l?Qy6}ASsn*JNoL+KS&U!TYWL~mdN7{ejVQ;LX zyT+goq!Z??|3hV@A-M6cwbL?bTx$bv2xIxVtn9{ziRTL-V_I>M9;~qn6|gm$?Lv0D z59xQ=HS_WEGSJgYNlRDhG=}5i&90h*JqopNcJpK6gnBi<$sYG>I>WwF>D{1TqoI9D z{*R$=@%Cl-$t$_2nBq2iG_yNjN>0cNc_2O zZ7K{0RTvB+`mg@^f0O0*Z$$8aN74SxegAI?g#XPCCuXgGJWKBMxj!8Y3=E_g^gZn- zK}q!2;Ia!HujVii4?t9;_VKv$(XURHn6X|IWgt&4RHX#ua1;JU)>@CNU zU()E7X*V(Wdoim`b2}gR#ruEiyt#scgC7x{?Z}f*(Lc|1znIT9i5?LY7rsZeIiPcY z_=o)=2mS9cv{Rm&T^;*BA~2|5(V`kZ6;DllB1-`J^`DLKw8)-s7TD7604v>VMPT z|5-)$f9>+j@1grq{9oCOT?32@H2<}J`#S!)$KL=9BsocbMSa(iU&Pfl?5x6W*o%H#X;BIxQLksPY;Mh%fpM_``2m`M@x zBGyAGESoy5NsHMTNhvAcf7aG7(e(jtR790Ly?ua^9Uq@L+hhGS*gZ_eE{TOeu&Gk* zBkH|CW5M~qsQKcv5551%0?-`)>r?o*Qu3EBHRb zz-i}1=e)V&Td`JJce)a;^UdTr3)RA65H5SW8O}jJ*+P zZ>=jTg~F*iq{Z`yk(dsSREMi1h_{8UpJ&$!#EIbtt@&)(eonB&O0vz zxOT`iLe&^qxC&(nl)Q|HViiztOINau*wH^2`UuwPZ~pz83r*(b6~ulrW2^NBoJF0i z3sBXUUhSsE;Cl5EbdZ_nJK!b6ICj<4`OO-BdS;662^n!Zw}#dw9ELZO!`Q}W>H$hp zw?)eEf$|f!1EEWeok*Hmr$!x6Nircy`R8>xZdb>C*X`QqkeG=)Y(3F=l;b?#({HXp zR211<;Q9hsHIrg!XfnV3X^WIze^C~J=l^~9J~{9!x6o}?(LI@Sx_8i5I`hq~w?5X> zAzs>^mE!^)tdd0>1s2CE@60?xt+Hzs3e6y_xSq-=`XLBXS)JY5Eb#L3%pulD+E>LZ zQ(IsYnbO&&ApWLa*;sB*NB2=9IW{vl-fRE*p=3Z#c5&g#S@h5KeVIj`Y+Rdfk(uY4 z(1a_^>-j%K0F!z_fI)PW5>7&tv-ZabMGX>mLm33F@MWTJNVsuef&qF;*?wi_gc!p| zjr?|PW@?n3^TMW_1gU3?E^I~3h*W1UT(W8>8~>)owO%xI4ep;D?lGx{-Kk53s}41E zD_h5~0M{=d)yD}gsUxhoS-b(`x3`Ufwc2m&J0I9Ry^NWdemG%9eNVCjm8-<+>-&CT z&aCs4E=%B~f(Ru|oNf!zM$H~9-hxLBthN2jVr(ohSqlwyp@+$KUrL`)xQi5 zTGCsIq|jyHGrdbIaLP1*nmT##XIV81YU!^j!~QgL)7MWXS=S1xy1iT;`jDlh&1cf0 zoi{47TUk-&>uEh-_d!apLfL-GdY-^A#Z9~IH-mSv0V_Ul62}s#dchb*T1>}BlE+(6 zLDnhru|RPM z?gUBEV8H?e&->7s+55N8d-iwEd(Qd3-}}e+Cn3PYljpv#b+5Iqb+L+nT%pSVsq$nb zml$PrDKkq)8{;31Z+)Z4QQ#?2$e7SnX@G_V4WtG~${+?}WeI~GX|A|_>lw{Oo1w7o zOzz_D@bt_>6H5J`$wJKXXk0l2Exflf1UComB3Hz*no@afSPW3sf=rLR1&hWym73gb zrk@>VIyhMeG)3udyoTaz{6@Yf{o)kk_xjouZ7d+z=LbqN;jH?a&(+pzPVRm%gM1LK z(ds?79ey?@QfB=(eDSEKB+^gf?c%P9m+32WakiJ1(2cw7`W?`lWQs90#P@vwim~L1 zGA?%!8}+c)9Y;u;oh5*%- z2>$wi=Z~#aQ|zZq_v$MFK$*cfBZgpKs2HU0>)R!Kyu&%Uv7#ctkSD{{&RAV#MiFTQCj>i60SvF6(SHG$!jq@f zioLE1iXO>hqxiXzec%;%y~ouHTx&Epfs*`xgl7R&SZjVDU)RmcVfy@FG#$S6455Qw zUFaEEGy9J`97gY5TLL&$`UUPu z{aR}^OAPlzAYW*kJ0fk`D7~OD@b?6L-}<@}cW}K`c|l(Lmchu_s&TE?fTxdB{e34x zXhpZufzNnUloO?O`+hC2dAJ8c_aSZ$+3$lDgtvY+Z$QyaIz&Yw3rYt*nqO^R#S}G8 z5E|NLsDTQ^sC9_MAjP%Z09mCGD#(o=f9eC(w@v=pgc2sK?AjlxwCLg2NSmwFGoYxB zqcrU=p;A}yfp;yj>?ig$j(L!xBoTUsCg#xLK?SYQKCXI5hfQ@b=hvgmFV>SJnb-{m z*%PCqZ(5zUg;m1f%E}SF7pJNj5GtNWJLO~3dM_5fY1PDrlN!rqE17SaJ>pfKR^nsM zsL8J~c8uOu&-asjA-{p#?83)quUaLup>6&>&a>qnn|DL;_7mewL|G$HfWE*6@_x{r z3CY2Bb~)th4>)r8Ev#Ujiout}qhdNj4(nCwC=8#*gd!CH4)LF49jukLM4@m*Ds-HUqf&d|lsckJV!)?ygf3*9t&sT8NK+*tW65|mJ}q;q zabpywMmu&FkX}!HV?*+~T?H;MTcg=fT8pU-_8+1U8_ez4M^mfd)| z5eA#%9NtJwc+jJ;_L`@!cx6Fk^4Ah%_{MvK z0RtyZD;>y}frvxBG*K8H=7-{`w-l|>DjlvgrZ_9U_-X`#}RU$+0?-4oQHyG=)T0VW>pOV>Us_kk|gI4PNHg*N5tGu0R~iV93?D4Sz85NsTYdj;C+g@MOH+h3H8&D;HU1 zq?=xv{XHHY{girBn+(qx=&wk>Y7l9i z0Y{u_BQq1zc_O{@{J0~HmQ50=LBC#9J2>4V7-9@39HhR!Rzl0E{X|do>v6W&_xeD` zy0yhe>!DmImbdioL~s0tUZaHux;^weL{H!0J=2iNFJ=9;WGC)YSYBi3eM%a-ldISm zshSY2W}#1AGbz_dd)q9vr8@SPP@JoHz~I0dZ8ESKzf9X0q`-14jh~XBge0ent=8m3 zDA|G^*ZGhq7KDVvpL!J@jr+2sjrEbVB|f*B=QH%NA@5{UK|DMX@aRj!R~w@0eeDf{ z=s*2}=tH>8g;JeiXmvD`dQjs+i-tA{&cB0cvP#N=x{jqq$Wr1nGb^7*BV2&1A9!6` z<)a2WT=a%>Gllb6*__Bx1F=35qNg(Rau(o1UIDq?*ndv(>|MlPA&_y?dN zgB5wXZkaEG?cG9o+dL93t1`7Yu*$r^%J4yjhaAbQt7CG_@REXgC1NqVX`4~0qVm(e z^~HxHS{jzPm(yL`iJ1D_rOIjVi;7OKi@-yj+7SorexF{SS!p45lsq#V$xpz!eQa6z zsc6iSwoo`ApHX7gzy#4QbOeZ^bYOM9nHdwc^a-65De5NAqVbOIhZ;JJ);@5$|7y|~3ylIL&O^NrXBNnutxHAqlFxK? z6EDBrI)#s4)3Zrt5)dCLREgEBi>B=-odTgJ64nv>DwNdjQxdxRnv~&ziXoCl_a6driB;CDQ6MYC5ohIBX!2*%==1l?o_nO!*dJamS&#-z{ z-X+h64^RkWE2z>7zJYb8Nu_1pZTrhi()(SV`4)E2>TvcvW^-zw zsHX_!`5N6qz=zkGI%dfx3Y}Dz5e6x?YXv2}aAy;P$f=B*lZuZ9+fD9ZK!Z_3*+-tL z6))IRHC#pW=PVo^Pl-Ex+ZBF)WFO}e6Ll}L$o+i;CC{HMh!a)%2!K@-YsFdrU7+FA7eD{vucIDpWf7W`4jkFh|~-Csx4Hr=FY zjexz|7apU`H1{&5egnSsO3=poUvxnJCu=DpvhT=W?sBGKd69ho_opYgC)3BbPP$-< z%*xw3Spi4W4LbJJXqcy1suN`n7*2F8P}SauBb zO*2mN+-7a~F3O4DD%gV5KiYXl<3-h<2}S~Uv)<0M>3wrgJ@Jbw?EVTe>>l0eJRTu` zACw_YprWBk&&op2&pX0r@E>=4{^A0xix;r=z8-_g%m$PFhDVP~?KTefh2|S411tJF z22D~71qk(M4XDj84Zov}wf9HGi?g6}rPS&nDktWdJ_VD^CfjHnih2$$vUK z2xD%F^S_jRb^6f~ND5hoi7B?5jo?gsdSiREABA%?l>-j3*pOFwp^IcU_APUpx~vB? zq0@q!vj7iEE8@D$CUv5y&@B@JcBICY6f-nb3#<0}q0$REqUuUpM<5>Y(}D{%>FA15 z&9a1`@E{`W1gGqyj;gYh)%M#>tB@|o5)SqP5}vu{=hBWem)~iK-VBmjc@8%$XT|qq zmBt4Ni&0IDjoU4ENihYT(e0}Ru|>M2u*_MAH6ji4O=h+iz>n-S`1lT#M)Xq+$6>L; zD3KSJpn93C5_{9QlCXq!YThcoiD$|FxhjT6_OZS*FJ)IK?lZ;pT8gVBwjK%lX(}o< zy;op%rD`KXe5DGGs>7tO)3!j`LH*eyF)>n~ngQafEdtpYlCYs z!#de{OaQ~6*h|DDRUR*%&cO7Vb(-)_2ecqwwO*nqf+^C76XMDKBBlUZ{G~R+nni;O z8TZRifc-|l72z^NzF(5GEEM!>R+O=n-K$`uZI&3hSX08KmEpox4NJ}Y`c^WSnyz(` z@5>b{l)O?iL?Ze@|F?~ivGMyulb*1HlMyl}@(pi0?Es8S&=+_~Z6`&hy33*r*lO!D zauVA&y;+oYoH#LX+)p49BjvzG#0(KE~)yEMlMZhBV^tv6l3JLTK9gOP4(f1 z$fkb!CTl>IZmE%eo$CrM@lZB8M(Wagu>{_=8fW9)%MN!@O!SRvA6_EjpjH`ZBTxF~E%qS)b089QiS)y|UqQ_s~|+gufq&k}F?RGLb;3C?N4B19(} z1g6KU1KA@>O2L;+<8Xrluy@&c#I*!~H&; z8xpqM%1GjmwVC;CP%`r~nz-D@FQY?O(~MOODPdE2Nu%4YIwhluO%jfP9aMuu#!j=WaU%Nux#H~hH@nLcmp`>mERRmX_*rtk-`ZZU2eoKaoSk6D9Tn>Vv&{v8 z!Hwls{y8@e1Ttli#G&3ci8Q;*grdWFwx86p<0JXy!aR+BjqNzFHL-2PDdP)zS!_<#j zsClcrJ4wMiG!XpIF1JpvE*ECdRP`vM`LX>)MS*;>`X?Bf@1+A|(IaX~WTbFK?{R#QAPClU?Y-QTydpN2lmBF+C z$gBy2QUw2;Qt4sgnDXhKjeYl@nD(&Asoie%zh-VmV$F-26OCP+m)7ONR#t`H!<^0%%lS+>e5~PRe@#NbC5Hr zlT*YbLFD>?Skw2tBMfRNHvo^0iNKQ@P)gJKc#KkWOlY-33&TL_5^xNylaSucjMV@8lx3t%{a-sQe zD?{F%lj$&X>37O0k`G!YTXm?c=O5L^8CLrqZoGZ_R%9`1AYeJJ=Z^Bj3evKUjqhV* zXDhT5pfZ`V&*sh2LeGC4^vO<)*Z(OhZlwO0W(9F4elr~#=>EOYXiZwmxY)`^Uei&X zQomA3g=KvEDL)lh&EF{0VC}cx?R&X0eR-&NZ1*#WO;4_2-sKQ(MLG@xiHEC_?*5Ysv{*l}1wJPKBqB z{~Vg4f#)ZdJJ**gZ%{Zr*cK)8%`#U^(f^86v55o1Qye$f^I)02g>`j4(bofys& z*btEms~8|qu+m}6Fko_3X2*ffZTeN zrgfs&FE6%`d|TU$cHqXNmY!~$+1@{2V(bnugYH+iK1y!&VF$ z=ww1qyq2w~?+uORy2C>U)CG;k{)h^TY(rYGIoGh|h90^u_U3?Wu^ji|tx1lNDQj~( z93EToMVmTGdSL!nZ>l;5o&-*Iw0U-l0Buo^u!0{WbA6(o+i*-RziiLAK~nrm*#lrJ z>JFfYupG@-vFQ1PweWhsJ2aUa*Q#RePLl5VX_P|n?$%@fu-SkuPd{^Wa}5m*3ybAK z?V>ej9;`%ulzN&&44}&R!xx*53wPG@LnI3k3KTF6x5Z!#zT4y4LxA?592uzuR5TVs zlgoR9{O6@w=pX# z{lkx%aC1pXKN0bj8gw?yOgP znlwkH3j3{;Qkpca9X8`?ldwK!S>SoGx?#^?6=Q#o$j@nt$i#8aNlLm3}@xF+l zod6tcq;Z4}=vh)Ut7ZnY3rY6F2B__urey0N0b$CrSY2s%N$%Z01(}s{ z2=H`$hOoqo#MBgj30GwA8@aBL>Gsl8*_LNUw*!{4js7(|?RZFOAYP(oT*qhoax1vvd zBZ&yoTo##*uNm|_T~9PCaT;qbyPj!Ez1*P8BwK!awHOYyuLoE1_7XrHp8Jwqpasy) zJ~8GpZsqm-9yL3R37sHj}QyiIN1 z08g`l8?}G~QW=ve9FQ~h6rd!WvW7eS9m?ktoi;|7SD=v?5g~K#oQaNj`l7kX3oN$6 zhuNUtpL!3{geaUZ=_$=OR5G*o08)kn4i`Oq$l3hK&=vLGW&K*?x!n{TdyVZ&i`~T+ zr{b8k1Q?}m))igGFW}(|RMSiM6HE_wO-H+AOz* zglMsw6~Bi}j*qt$dA2Ko7itRFH$cPy8UD!;Xd%WQjh(OE6hKTe@ZQBPOdzS|Rrz?t zEe!aTv}hhe>X1-2EEcjM!munHHm+q^>3JA+i#XURt=9POXefABh9@ehCs9__ZIrFD?KOUp50gQn7Y`hZG`J8O}WL*^;|cqTy&c8P0jvAipVpWHISW&T;a!2G?}) zjSL_5mkBPEHD$f*haH$L=1tyx4ShSGx{i+a{(6dj*Qi9;i&aX?+O8kT9z zTnMxo9cCPH0&N7l+70q&oxme6(~cI3Zr%ihqravL{7V4u}5H4;IHBXpWn-SM#X{Sfh8OdOA3Alt#?gvZe&#&Ydj zCSu`4L|&f((F@8BSXnIU8ye8Qno3~!~@LVz{e za5OGJRFvu3U<)U*T>C8_6b=PpEz+-Ijz|))NTKLb z^ilKE)P_Er)YeO@a-5JN+xUx&QWm5Yt$6Ft?ucRL$P8%WXH#7hz=(U=X)7vPdaqyJ zB|b*NOkW55jcD6K`O~!fF`tMC0Q=Wwfz-CaS6>wy_d#}+J`N3GFtcLC{=OkjMQh7{ z)b=&ffZECc*;;y4QoHWH0lhB0{U|{Pmx|{b4t(T)H_@x#nOWLWVPQGE#~9abNuuVz z^b@2_L*E1~OH)_;qrzJ>QJV50+KQOpOMvdnFW2`qMtZn)sjB1H2nUNom+b+2_niX7 zA54vDUrGfUd964t(VxQT(0NOc-by9cIzWx-XICv+=~8)P&h5M6DfeMd(8 zNn=xMJ{Cy_{LoItd!?_=7HyO*%zaigFwAZ%i?C6#r+&jnnV zm*6B<}oSoTzs%bm`9lQ=nbOCjce6Mc9Jv??Xk zxg4S5QO}JR!bf36RoW8yu6$S~sObQG*N4?t9^j3Qn`?Frny3Ej;qW^ijWvY`w;ZXl ze`BuS^jzIK)K>9VS`Q~9_d(f#?yI=A)}$)g${)Bt{?n2#?F4Fb0}0_~zip7Q-8qCD z7WaE3AoOSCvjR3ZkwHs{)9JM!BO$x*RXiX<;PPz`)-;US|cBp5(+>D8_%O{Rl5$&s_WS^|IId{xIxk7=6n3Q|<6N*-y<@ z(Jj$nJeWe}Jc@46&k=vP|J$sP&iM>1w`!n?_bCOTKXzz^jE+WJO{hm{8oWeA!kP4o zsPR;j7Bp^D940%dBm(oZBHGIYrOOxMppq{*zbwzG@|1{`d}@RInTdngS(MtNCk;ZdtC;WA9m%_>&uyCs;-?}H8Tw8-iUgRJkq0^Z>ft_ z6QLC1bD3{CU{*Z5kzD}_=Uan<>|!Q2?ePlL)X?%6;U?#3VE^C%`1ZgnRYK~*J=*E~ zFNeOU<*K*fq)z9vE${N%gA^_%nK3y$Z7(`ga&Xs(pE59zs9|pU27-^DXd28Z^gWMG)VY#Wb5<4763DX)pUfe2(U1 zYRd|GrmmZ91CgKFvheT`eH(Y|iF~;%VjMg0-FiC<#@!Pe&O35vq<8N?g3pEFH=6v* z>meX_w+25MZ^|47oTnI@i@*4cdH-O^-QinQN@^ipo3-Q)LG@3{$9VgHr4*)IN}?_6 zf&7HYFxmA!t1k>ZeqXppbw>q#3wzI+^&Yi^|Ghtm}XW(sXrobzqJIbE@f%X?fcF_A;rec>nk*I6gXtxob4^%hB%v&tFGdUyqu3cW#9 z{G5(TLN)NH*_Q$>=k)>~E$t^cTo6ea`8d6XK-%5%+HjNm7eGQ_uO3cURpCV}8Tlx(Pc*$Gwk*DIZ?QzjA+X@@4jmUwR;jnb$$dB|EUU zyRmDr;p^?<&4tyu^eYGgJOYT7jJvx7?Js4T zeaCe7ophDOjNf?G7#bH#KcGK8B-JU5-;y72^i76Qd#V+M=ACvN(?tQfR^&9XKs!T4i2`q9CV7lZK6^c}Z4K zmEI#%=8?kF!EW`VfOrBVs2Dr#valR-As@Uo4& zM%^_^PzNO5(cg*fQ!d~V+AbuoZ&_jYVTa>zCUM!wXc*@uVkU=z#g} zi1@w#Zn+%V__8$5KPJRv!nv4r=~rxc?3%{wepxBh$U_!gJ8h-pW;s9>WW?)pC99+h z#<7^gXJ}|>65`_-nV57-3}nNkz)lFVU3kSQ<~2zT$7avaK_}p~{hOgulz~p?UIYn817bt_ z?V5yJM9$WyyziKqnV0jWAg)6CC*QBF@B}8z8vpUln?PnsBh#E;^F&XlrM51>8-M!$ zv`67T$8+h8^&RQCdL_9V6E_m;+8m1UdO61Oj>3p71}|_$)X1Wh_w3M{hZ>=(3tNYs zIi3z?W`*&0x!R{W@#n|(rr+l(zvvm;`X)c`k1tE?dd+X((b3_%zRW*hSyBS7^bkGu zmdlSEeUynVfUPVWJ2*gG-y86{aT)=LmAr?m|Kr)mB7pJ8sp!Vq%jGEXaH(kXHck#t zXlZJjfRZSwKlQ9@QYPoyMQUqL=%u0B%}Sr~g-XA7^$mWe9xl&u&ms1gfl+WtNg?;M z9uC*->Q76?$@{%WUn1WFy|G9i)TVOpM~=24e3y^?4umCjbBr_;cn-M6G!CQqNLNC~ z=p?YR8L9)H(*me^>LU-1W;qhH<65=#KQQc^wr9Re>ZIb;n86DidLIkd!Ap9ytk?JU zgS7!&S96KEeP-Iiw`=2QL^ij2&^oU;!F3e2CRZ4_I@P-PP{f6QWpzS+MSC>jZ`n2*~hHAPe~nDE#Yum*BL8OS^V*W!_QJZsUNAd!h3rT%ilP;VyQg{ z9@8-J*C{}9XuHU?dZqPlHux&2BfN@=F<8kL;OsK+b`2tJhItMi;O_t=3gi*r@lc1Z zuJpM8UdQkAo>KbK)d4D{{WU}lAOX!KK`MZ2l?(`MnuiRP8T}g;>@P!>tcNW4ha;XLUaoiA*gc?ZWbQKV+%N zfRyw6;WUelo_eV*@zLHaY*1O;on}-cJ!zBQ-cO~j2Q{(&nZ{DDAlQ=GMa;{_lB4Zg zYq9l#L3kT#`@zIMibr%>54*AQcB2}=zhGlkh@`sxBQQq++zl{)yb@GSnQkmkNM6;CYLjVipqz|i(v?Hg8WQ^&`z(A z@xeZW_?>2kH=Lxux?08P4p!ETSif@4s6#8pU7mEJPKB}j1c*d(l* zzZz|zw$#mc<}J78VsJHx)U_ ze0qRTRFFkwT5fKlpCNu9Xou#(VD_IZKPt)1ue;PW1~9nzM&%+m4rDy;DJ?zZa#~Qh zg*?U&1P4EbqyQqJ&PEnLZ!4ec1R>3GT0a!VvXS@#%HHlJmR68gnJ2@@GojW8%`Qnu zE5U-I`c^Goham5UId%R+uZ&*^H$e?$uH*{C=pot z?Y1PkX=iV*B#M1xH6BW5;1rN#DM{A`=~}RScqc8k5jHxzouiL*b4aQ?QMt#U4OId{ zV?xR<$~Iw7Wf)@;gt-NszAE)9S=i=xjSL{Qq%Df7HDbm$ez}3f{;9XI;=6mtHBbQ{ z5&=IfMbTzGgZ04NYYujynG1ZrOR1+aCC}kptXxF*nO(aASb4^>)WQ07jb^Eh9`uUb z3wSYifNIs62;Q>?Zt>f)Eg|jT_F7){5Z@qVT9mTN1XYSkQ<}*(9xPIwT*kPXl%=G=Xva8~D+URE*fDnLZceR8m}Y!o;?S_8?86-w znUk*Jq`$N+40Z|7wl;i zPS4MM#k}74`(<)hcmWLLenJSngfh`n7B ze=%#uj^rs69Uro&;42h};f+3x54yCB+02d3Z1(4qY(1>1G%q7WJcUQ3bOh?w&jP&% zXM^+2!v!p+OiN`+{$bDz@l)rnJt5Hf5#0E(3)=s6zmW>c^kPF7$Wu{QR~It)o*hQN zv9aNMF#Owf@0gl%Q_;)S6~a-FgI)*76cksKHT#I?t|2JtvcvYg8O^BXpLImF3&I5* zHm{1MUlufOWQ3Ytj`;dKIUm-3(JZbre?F6mJ|dCnU{w%bo!pN(u^rnsYo^01ObvBR zUha?m^{uc<6#oP);<2y2Abb(EB$m(maZi0lfM(LL@^Kg=`4M+W#vfR$%nq zrz2B(6K0!xt`7O}s0RT63HB#l<(Z?}KTpLLfqVi|)fTlyrmxLzi~^|;14ia9edAhp zFSZBh3{rcY%bzkiZZ~xQJ*48phY!ccOEGNot`dTjWJT#Ha*+C_`=(VB=)3WRD6vm% zc}{%}zZ#}yTHN(Ty$Q>xHRY=PE1Q7yPl=0HZm_LePG!ZFLlZ)6Zl#hZxDLR#wW)8| zB+J;yHMUn@2$Tl<8HxGa2ivXaQvOWS%UWg?-wtVbXFOU8L2c z(oIZq1SmSrvAb7MUCrb-XOQ9j@Nv7~@|5;1H|Ei};i2)BY94@B#ZL)$=&0tK43AL0md;fT@;B1ZXliJluI?`owxsV`Nm5 zHEiYN+w;u0XD?q>ktXlZEGXW(>k#h5cyW{IS3pcr({JsYKmM?*H#v$Xr5>HM#PyO} zsPLc2#+3I(`CyYh%fz+G2T;(D7+&S7d=IM_uUoi#ZrTo6rMoW+;up4(>R1rz6Up36 z{+|zfh`UP+|D<73RWOqK-4@sN0FShQzG#yR*&cGb-wGyOmKwh(E@T4eok-z4SrV!A@2&aUKcyg4 zm0m@ztyZ2ha;8_l;7oc_14I|hg4}-@4dzP{P-#kq;Dj3^rJsw%19tbixsKbn`xWxI zFwVpgKE5cU$vMA)*ps|tO*M(}*;(L&3p>pYG$!`CE|nTkdp3%*@Pw$+4w?b!CVsWuU%ObL?;Azm*A~_0k7#_#9aW4f z!=lFXbin3GBj4B`^#8;34U}dlqrkLWL%1WbkC+Yf z&Dc2=a+SeFZkBOJXtZ~1cv<9qVG%Npz`LWwH5?%Ab^}7F>W+>Z;cbvC)9C>=3nyR@ zxaKED7TjWuseAe6L{Dm+*IFSO-$so|WJhYHl0(^h>vS9L;y8gp@h$yaj#h4-nuy`n zwJMG~=0G=ufvGt!Mcl{5#B`P~@C*BdC4Ci$mhBTsvtL+!AV2CgLi_Guf)5VWzoR!< zFxlheo82MHr3C!`-OgBvV4+{y#pYtmuSoNH+tvHjb+jB4-B7(Yw zwq@8D+sbgM{2IBqNQe=AQtsjB;Dh}vSXN&Fq&}G!R(@?fIxYMmuQ&=^$t%-f?|fK$ z?}Q~e{fM%WimbM(3VnuQ8ue>-p&B12gKIq8)?^79{#Qm{x&>^KJKMR1i1OVcon1(g z+NJ+qI9Z49gpO0(EgoWzMy!29Sh92J{;$9acx6UWktI?ql{(#ibu?u)W@}G2 z!b1uR238j}ABD!XZ`3FygPz8e_|?}pe#9I~vsH=1eBV30);R=xCvw^GM8DrP_=^kJ zm3V(Xwld=Y;gyBur&|l$aL^1N|5jqyrK+D(*5rRS3dB~vsFvr*vfE*(NTp`yhB2#_ znIXY624YZ%N$XP$?P3T^u@*~0b=4A2Du}16YD1(KI0Tgc7V&AC1Q|*;&^G+J9#re| zPreW~uJ%ftqyN4;vd;sF`_t|5!{_QYw{HS3u{j%+eR~_p|Nda)m6FvU?ckAtp|@P; z)3+N6dI+arHipq&#cQ*0BB1Jhasv7th$w8HbyeyARh(!#8@faqrnj`#EPf>YK=oZT z8ApMMmXrQ3(#@b;JKxW_bqAJqf4M!X{im}-1;f8W;b9DKl&N5^@+O3ypwByk!}!Fz z&Ui#^)^M#qw+>c8+`k4y?*o60Yv^^fH4shtkBZ{pQL9ajvzzge%Ngs82e~zb;cH}7 zELD#5ecOC^b#-}}qM|G_xUueUQa6ivddn&g@nTmtPV&=YEQM%eKQVYS!tnH6oNcwe zT0}p?OI+=E$~f9zJUz)yI}bUci0ttbR6@=W(tow4+NIKr^-1o6G46d_S|j-hc#*M_Y^b&{7aKU>5GcUe(vG&AAX{wg=n^kf2+uxE->yQcAnFPQ| zLDX`%U8TpBF6h7reBlhU1%ve)Jh=lK0AJ#7|DHjQ%fO1T!V`1?Ajz=MP|35cD!a+j z2f$9`H+~hv;lKN>y!>g1vJ z^~*y9r@+MNH)=Hsn1S~^ZG$5YOQeqf$Y&wGiDHRvxp74dM`3|j3^-x$G2!`-;F2>m z!GtvdxZJBe6XhS_EQ!-EUc7kz{5epdh*lrc(w<|a2&q6k%MY7~Va4m~z(u?f8UC7= ztqA-Id=ySRrmG%!uj9wgl~%%2zQCKnuJ!NVD%Aay!Pjd+%Yi)pBSHv#pR#=5-tdzQ zK2+ecRG2A-#!$6EE(o`pyi&u2Q4N}SeP8_jRZsa&AYt9K}M zg8ha9FOP`#4fUWqjC6hXE*ECx@x4KOjVsV=D|Tqm(C3;Tm$bHKgDTID+A0gc+VPiz zKPGf|!lJD47mM9*O@l2TUo3dNSNs%unGS4SrZR>=n(?+jKP+gW>fu|J?Q-CnGXhsy zWb5|Uh|xzD0lmdL(v$)+Eph1pk@t<;+xYp?TL(RN1uZWzdY}6_I{5`E# zxqrZF1>8@hz^i{>4r4;}6cmD@ADiQWXV94pz;-7u?n}r3k3Mz__~aVq9D)0G6<4JA zBgBaJ?DA}f04&~g^u@N<)f#gAo(mYBfwngw$p;@7qQAEDIbiN)1#qjLa#BwX4-ZG| z+P!zO3TI{RiVlKcuMMIne6N)H!K>;CUY}tkXXZB z;xZf8*6A*g@i0%->3sLXJp4hz<_-1{)qvf=R7t`0ujQ9o1D*V`zv#ctjmBM{$qF}Y zvK`;}YF)ckBE0h`12Sn`!2%j^KG+{Re&~hs950NLvm+b_19MJ8=k7WZ(zCa3EG0*^ z)@sE_RY}ZPco5G}HyM??jJp@XKhfsqro>2AJv;N4I^n(gPu|=CM(RKs0*~|JRt+Hx znB|t!*-G7mw`2D{nly{#99r1@o}>CesS^UsnR~vOu*4=UrjV_yanF#(fFRRdo@?ec zn`ohFFR@O`qzoRLgH(xOG-M34kwC<=Y0?8Je_m_+!k!HMMs2N}y>iU9;z^ zGds&Ri%2zlqTfA^ zci(KE{LzM_{wRakuH0VqVQ;s>^r=G`t(4}W>+9uXBW1fUjx($M59TnUtcGoId+R;f z{Ym|rsHJz86CbI)TH^{Amjx=j6;@8^I$-mqN-?*YynZ|wzqid{cw$ z_Hsg2P0;7PW&LvhGsMvLj_@R1y$FLrYPkq%Sey!#`@GUYzsH=7lWUuOhT7F=jrCd2 z?aCfSvuE`d8T7w_Mt8uPH9S{M#jrcT1e?5j8p&5}85@A4H(6YG5K&y5{=)C3v{7(me}c(2q7iLr^rVqwYN!hZHPulS!Z^4m<9 zY+OcL0TcIr)_>}t=cIEa2v=2H8~Wt1zL_B)kaEg~LYcR{Fn=DGU6tZx-#2|cVy+ol z1)nsYR5Eq_dX-{+-s#Jug>cV~zXi{AkkIhY`|AA}-=XB?KeBpgXR+zW`%^?67FHVG_+HPv0-5=k6dFReuV(QJunE}UhLYV>i{%*_F1*W#PxmUwl zT7gzGMZ?37zY`i3qC0cT3~w+3QC_+oY-LoXGo^RZJE)r_M(b2jk~ zO#Ml%+)L6+qA#h+Xg5EX>=k%r2jlgYYin_PqdmuL>R{A z_I9??mc3nlT)(8TdfW_G115Qgbu1=3s7_w55v;!FuN}u7DeN@Ix+z>M*5%&wjDN#V z%dVl~n__nh)XM8%^*H<+7$s5aY*;){089+7;#L+KG8#qg6#Zr)javOZ!Uew&irmf~ z9==58_sv~Tp8x!r2Ya_!o*`J7IKn6#qkfY(c~rKwP+N;+Iy@qq<Py4`2V~dFEg2-fwQrURQ(g&;sLjzJuH;&wuLC^3wNkr1@`- z-}wW;hMnma>wR;fy*h-6kw&e@#{P1;cnKu#i_+d}2NrM(-G>|eQDEwcgTsKJ)6uNc zvopeRmlR-3Oae+tOGdC~*l0_1WF+%tA1m;JbJrOlsSyzf(=PfEz}Gjf?&vk5IF*%S V!>VZD9upBM%BsqgO22ydzW_kXPmTZp literal 0 HcmV?d00001 diff --git a/docsource/images/K8SSecret-basic-store-type-dialog.png b/docsource/images/K8SSecret-basic-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..9cb2966cf89be22d8875f1719bd8b533dd37e526 GIT binary patch literal 44839 zcmcG$Wmuctwl2(DqXrZxUZ6!=w0Q9rcZ$2a26t(pxD|IOZp8@}612FxCIp87!9DPW zcdhlEz4o=wbq6PXa1^UuXpR`krtcVSZax-GV94#(@4cc|J%yD ztIE#KPXCKe%G*8IZ4`Q^-z@qJZvGhfoP%Id5fRjt1`bWS`1trvO&LbS_g^iGmT91Q zX&>pc$zNSv%^K&${eTPuV|h;OL0T856*hh4T?S_ub=6+mEubLUnL~dZu{{7o!HS06u5VXI{N1lJ$pNo!VerkLK}=_Q+Yiy-G`m%APf4mPu3fKtUyDviJH>r^drc4#s6c z;NH|IrWarXlN149UOL?%y{(0mj+5~R_pp%7{1E;sf5&n29lfpZ`?t48T0&KQ19u0m z*@CCrNJs|TIn3X`iHmr)YtLp=!PjdQR?>4olS;l-ITn)3@VZrhC;c@sWM0X@dKM^u z*UZqUQCT|OQUNnBwn9=C5>60b&YGUuL?-ua=l?U@C&hh5mZ}? zTRvTWJiMZd^Qa{mAq!i$*+AHcU~>A1!5GVtTdn7Ln2SZ+j1->F&Q7ozkjgDbmZj%> zkU7+&Z<}p#$lI^X*;g6@0o5q~5EK5_v->3+u4_k${vU3!Pl>aB+4=l#1%urgf+U)C zKw!Qwnz*Yck6Oqj-PU;;_xrlSVs!%7{K0yg)?`kI9c)V?3)q7O+v!_xdhzZ;Nrla$yl)wQIM`R`>>LK3;<=U2#QKj8ETsuD8uj1&;@R^%WMWFW9eT%+3`Q6b+PH%F zWq4W@(sXBDPZ3pkir2%XEKM2|07`KiD?_LIZ79@SCpof2U+Z$eNvAzg-i7j_nyHZi zc_4aKdnxKNTP07qdqsC$n<^}G4s5}}j9EdH8m?A~5D19GU(3z^P^*03!1;q}K@IdB z26eG`tmSJH6!_u?tMRi70sunU|Dfl$=oEJU6rBZa+Ue1H74>{(62ZH8b$ zh0ooVAcX0^qlSYi1>6i(Vhlzo_U*7FxM?Q}=!*JPOjxtXQnzT?AcBWk{kyYMX-i0o zZR{c>v&KwQO~pQo-Xw}^>RZE7BlF#&si0%k4Bza+QkkreDb9fdvdK+j%go9CG$+z~ z=h6{zRH`WPrewR2rmw^b-cMj9#bdwVYu_x>k0iJ>0F__KolY-bQx}Jh_W2pNw4ORh zitln^)&Qu&CH-%TEG}Nrh zuET7q$NI=PL?kbghUWRFs2s|8-po~7>BQ4cx~PnXo}T;(t6QXYb)CZG?iY#gV^P%- zCD^9t@4z_Fy*!!*+BDp*LaqESmVmG*f!oZvcQMIx(EVvcVI#3431;D>@E`Tu9^7uO zx*53h6PsUT>QSRPJ&uGS`DkCnDEK;&aPgE z#%p$UmKa}`DMp8~JT4#HSZ#;m_j(jW^fMb2UcxDSYrD4IZ(rcy_^6(@Pro$IT>J2n z%tnyhS|fVg*TM3dPg-}ewA^eXcht4Lyy6UMblcp;|4y1tnTL>^K}s<}YT9hAFyw(( z*AgO=ny}kThridK*h4W^f!l$+jrHd4Wk|n2ILs$~#@dKx+K|B>|5E1Pl zbX*6tE(#08G``u#ig9~Ox%<^siSKgfvU1XNo&t)jII~A)grp@@SA0$VYR}5pFBKV) z&VskPRHT#bW9ws@>t=I-VNkC?I1>wv{+jJ0qAlTM+1sxAPK|JKihRWz^Gq$9>4iad zXKG2zOMq$fP-N9fj%Eri-^|lJ|c|%`*O5FR9h6Qzq5Aw)%8OcT8|&uUTO3T~-#KZ@FlHU-JP*p#FmI zD#55#0`j>L^mov+s3}nyoIITH>6~cf^(tNkxO)57#0i z`<`U<{%|Gf%NfPiV-~!`ee!Lyq<;#x z(rNWRm|lH3x`AW6HRYiJpVxSf%objuE7LjsxhE0#d^IOt2j_9{63YJE(EogWA8Kz? zC1{#|?E)t}Pg&2QKBT8>{d%O=GyLZ1E8OH)L|>NDp8DdScg=xAyo`OEuo{N<^gZ{# zV|ieL@h9V<`LCqoc$rHF_!JJ^|9V}n!}EoTUvpS04MsU<+FD5FK$T}qyLS8t(6s69 z@I{gs1F{Zj8S?}f`n#_ukzY|R)@KS{!|2P%8}8tXeZoZ)=e(B3BfA(SG9k!a5+rzb z)cfv6M~|is=!5#1ruZkB=x}Yb?tR>|98F5c^O#4|;=+xkZL`D#y0y;SHu$?ufW7gI7v}siB1M3i*i;yL(a4-W6Ha7 zl#Z~bE9`^&?^d`T3YTZQV37I!Y%>cL19yvTe?Y`0rKZ=BsIoy!s3l2>E4I)@oEPUacJb1Q_?A?O&Cny5z%!tV~xW~#MBlwcUBMiXbcKW@97-xjb!;3RA!~)HOxBOSveIvVg$S^Fl2Y#5A^lAC&~bX; zY;9Cl!!D=#G|LfTqJc&xt2V`}fqLZauCdr-U442x+4FeYx%7LjP2c8IKWmHGN>>V{(hqjMF$* zi!3^)RnBT=IBDj>}2F<$Lf+=cPX~ttCJKE(BU|S=f-2NABdb5 zw*GXa`Zbm@KDrDFhr@$1lJf8y>~XNfD3E-%wvD^AMr)7@BRfkb&w%JwB@gSyxkk`} z;9$@6`jb_7g@Ya7CW-&e``GvaEVqpMvv_jq@3@)8vKqm3^+`!t&nx^doTflz+&3vc zi&$p$b6FsH(r9On4g<;a*eDwVm;|=vE8bEa?hwjfBFa1h6(6an7zC2iIFk)FaGq^P zN-aSIIR|aJv}GVlJeNC5^;aUR+so&;Ig4rO-0oAnEWFfQ3Bll^f#^DY+IGqVw*;7qph&;wG!r>T@kICve8#H3h-n zM5D+~BodfqUu^fux4O)o{m@KjMF}APKxyD)Lilvvq9rPH(?%HOmrwI$IQwqJu)Gb76yBTgqbJy+81y!N$n(JjsA@fhN{ zTn=MeSi3W30K%Y&)??^(tnOF6lb>{(pZ31*)Et2IeaIg3{`#_3tU#eUmn4b|QAwV> z>$D?Uy^+*x%BizS371>+d*AZ>mJG#qx#NFhpUUNv>=|2PIF(1ijaP(fOCW2B^=dhH zfp-IIG)!&Wvo|V4I{>^q5?ZwXyvu9b94VCTx=zj!vSp!YzcfM6|181?tf z()Xc1Tc1s)Ank*NrP}Ow4l&jiQTTCtn_`Ocb9tm;3*kjo-p1D6^))Y!iZRF}HKTf) zMwmjl6@-wU#x>+T%8Lrg~rWEH=aTN*v+*X%u7F@;haPiozgGcf;%M zI#VqXhdtctXZ@2=kEb>(T+%FrD43PwjQE@@Y-OE9E_}!dwD)sqZ(i5&ipMdlZ5H-* zP`*`Djjt%pqXQF@Z(!aehpPN87FzlK&OB7C9(>k@O_~z}4ACwz$Y2GV7deCWK zB;X|slJ$18Y<3J0E+<)Eq_D3TKr{LFRZDJ3I&?KuQ>(__d#)#w(!XjS?uiFxK(1M2 zXTD#kkWE_R*iRQ$Z<5^SExa-NdU}HS)_1Nt2d6%7_~`I^R3At5t4nhpicdzD9RSGTOLM?+-kpU%C^YfG#Bm1wRHbp*g$j9?a(60^{B8=HVFjR}hQ?xvkw@ zU9i_F{*6usMhD>*0PqwzO}|xNWYo)p@$?BhSr*xM_^sdhK{<39rxWM7;?R(+xHu`s zkB6yPBN1(eAV=A`N$?A_`C{7{{P5Qz$5^&Gp1t$q{`OV;PoHV~U%pB;b&GtmdK7qM z7(X7HjH0Q?ELY+{G`snh=6|3vf8KMI9sddYiE)eYM^*m4)L)wA3gZ8j82!&zBmRH( zh)1kf;p2)V$ZbDkrM=KP_Sccf>Va;anO*BsWmpyb?0mY#z6wiaq~WuFls>TOHiwpG zSqNx1lpazUy(EmXj`ADYxVp6{HvJ1@(C&~UJ%fs;^{W46WvM>wMqfU}d-s_-;fJwx ziudp5vxv#0ef3)QK&q83M_$|O^m9h=7an$8$ZZ3SLs*V+l%IwbVv4?*ff#|bY;6vm z!T)}HxcvZ z(hn!s;eeB7(`wlVZO6OYz^DP2g^6_~{8cD4I%0_^#>M?yU1z6WhT?dTw86dy;yO9= zez_iaCRsqIQa`;P;JWQN=^Ui%unrJ1EKqJ(OM@m$Dy=QpRL+4fk8(H)BYUoQg1r^} zJ^0#x>ku@AYLO=XV*HelPRzyij!HZ06$wddW4KqLcwhaSPjzY(Y=S|%jk`IRbm-(X zr_kTKRQ;BwhlR>$_1S==PaoFHb9eViN})IdsZ8N&(OWFNNrA*TjDr?0YrECzFr5gY zi{(Jk!WgFP%z;Fu$xzS?fBOgtL>Dl7Mpx1UF7@!$v9j@R++bcFIc=wN zESQGa1<%ab+MGTK$o|-vURipAoSJQEr5;0ajraKW_U85i$}cw(bnU< zuI#$^iB^?Tnh&6R=tg6}zX3UAK!NSoHf>jlkVW9MHe3#IJwF<=vDLUdZD|VjX;A6e z5W|MkWNGS7@168a)sCRon9u`JSxY;33(ymKb7uW zhbi7oYwhlH;HNFt3UsIO@TkaQxA%6IFD9nkf9iV+k3QG;KL&R`0m~ekf4HpKU;v*M zfO;L3i=i|IE9>g3+~X8^UcMSb>!U1>dvyW}juSOR4LB}8ENb9g=zVa*U`_mfb4cJK})Ua1OOb9U61k->FU;!@0A6uxouXMd9d0RWuK z)aMr!+UpWcE%14&%iA&>ASu@-8E2S6;v`9*%d!SPv^35y12e)=_(_WVBWp_K1(a^b**Dg9MkUN{u%2wa zOAmwH_3`DyWt@;PLLj)}cs?-(mW)H;S6N5xkx&{b>9sDtS)t2okT46IceM%77V8Ap zL&Mhg7ADNqOQ_dLLgcQ;DfI`=w1ou*kvkSM6qeb<3#!a4+xv<6M>XxFHk6VajqssBOO*Qz-IJ)OqnTI>B{F(bM>Rv`G4fY{jnBjERVl4oo59PoYD92qm(R178d z&(5N8SV27vG8a#lo~Cm1P53&w)$PSP z-yMGrZgnN6Ow@@8_hKdME8%0#K^!q(x*bn1*DOS^&x81j|KJl-Qly3^4p3HFeERqW zDo*=zgp6EX+#*G2=&8b9wzgqo!xVSc)$O%uZKM{kF@Oawr-Jxh{ z=z7FY>Fu%fnS1f@^SZAAQJBSBJ@fbgcN>6MTFHA80xP1VT@QbQnGGD)GeTNfI-pBc{-60|L#i5O}mLeczq#Gr$SHeqL@VGbfnUd91CVhRk zaxLMrJ(mSx0s#!%qsT?{7SidssJU|MzyoCq3^^AfBt^_=95vEI4LLbBREMA0FO{ih z2r{dGyf9xp)3qzBPS%y9f1{BhwjS~C9*E$imh~osR*Rw^!^t%8& z435|8%y)lY3ZGU!{9K%YLMeiT(}k(MmNY=kq>!@B*M4js=c+{{;kb0s9WU*zTFzOFU|)92#RDCNYEW~OAtN@>4l@s_lA zC8$UwP}tKEt8q7_31A}Q2iof9()3F(Q`N{eI&+`=iwnSwK^6A?I9YsI#^&FdUb0O> zVpY;t5_XiTMMiuW$N1e;>r-g&SiG2gV;^tU$Zm0C@%Ad4t3xk{p6)>{=etN8Zd)bp z!IYm>sMX<`gOrELqY@HN%8?ZUJc7auQMNwpwS8QD7hatKpw#xFrdsI$k+w&KKS!#F z(eR$+zm4$#Q!kkbCnd@w!%-pJky`7%UI9z*^9kEVNYja>LvozY_fE>HsEpq7ypgz`g z&85BFIG$}hk(v&>GX84!0&K!xO7MH=4`xc8!FliQHZ1o??yHB+u6|T~(!9n$I6WTK z9hWRCWFe_(w?l@Dh&(IZ7Fg>2E-D;#H7wYQhIAdqNDnCA1k$}rb+ze!(7)Jx95THW zZ?g7$3%4waj_BK+9ij@<0LnW>^DKG!TQ_08$2Lw`*9>;iyqX-*@xAMD2bk~dW`cssl@{bT5z6?qlV*94gZAi^ z$BEF;**fciu8`<(YiVa)v6b#U zzP;wI*-=m7i|n=o53wV+EqNVyRW zBn#k(sT^{Lg?Z_To$vUYbiTS^Jzis*J@O4k;>p=%%`KBh5{rRwKB{{|r7E zoxvw2qo8;pCaYe6{N!>ZcPcTyI?qr2k}6Ni)vb%XVm>HZu}jsY-NeiAWt!=gDg|3p z&UT)}SwvbBeZKn03{ccR8g>-inzjs<dyDW-V?n2EU6nOt~Snz&8ARywudgzSThB z5?Rs2FyEN~m3r12A%P>39t)o;_fOn{$((Y>nFd>k z8|@_(dUm||k}+@*!j7gUJ}`0R{kWf$a%P6v18DU81PYhNT#}B$YdB0{F^*!v|EhDk zOdmOQ#$aM4iWC#mJ(92s0KpvshXe_qHZDXh)E|m|r&_l{7+;fJn1w9WPXOz6CRf5I zzy=B2e)i|V%t&&fDFw)L9R&QwuA4;hZ0dfUkF=z z)r{%U*y`;-6>Uln89k{1X4_=6C@d_nBN?!!XKvu>ku#|~NSX&{dtFEmMjo1$LQK&Lco?JQ zWwD>EoBWQ_s=Rb(i{5P7hW}`PL&VQ=J~Hkz?eB#Yfw5B~HN+JBv*Crc{O!gP@H~d= zrGT>mW?Svr_Earqd6A7L)@HLrZk%h=6wwH!CK0_N>ug0NF|uN41VFr?>ATWPNIT`* zJbepZj45pxxF&lJTdFZT|L)visuP{CUeVkjD2FD9RKS8NCfVj*um_CS)-P;Xh zdd_Nlzr9;x21ONtk8p;4%`d;*F;HpPu`)_+aohVHpJH8>RBqzVr`C8UpJ1N4mIDAe~Z)J{&Z**N&a7+0pULZ0;cnPj$SkK z8U|?nOOA`!bvq{CGhj-9$tZ;n>0l>>5Av5lJ)$j`ag(XfSZYvs_jv?YYdO( zM;0y~o-w`pFPGuFJ!;hGltbLAQ!U*+ySaTx^L#Z4n(7T^IPVI}orNlcmFt~!_Nw-O zhTVA%zkdeC&-cjuRMn4ygBZ;iPtCw#l&VDKpvp1+qiuh3j0a}{Q`SpWMh_ojbbPes zuxBJ+aNo##DMr$EoL5_W47^JS^{0OH`IA(HlZ};?x|MRd-LtOjm>kh&(!;wjICx-zxI{!6F@aq=MZtlkt8rCOfh+qV;+d ze@pQ?4s=c3EG+2JLcfDZ&qa%nysW>Kedtnsz#g%LKU(wmubKY|5%zyaUH#>7c20e- zCw#Pg3M`BLkLk95drL4;NsyJLrIf6!_xfL^RH@>=zOz|*NLy}g-w9SUkq1#DR2`u! zSzKE3y}3A?(f8hiXl47~UXJBSwqEU&wY0Q&n^#rL`}!Y;@!ZVB6|fmM(ed*r7MX6$ z<88XnUlRk>Z$}G=*M|ewGc?7NDA1b9WgW{er@LrHjmOquCPJewnF3WY74+6%3NQM1VW@rg z+9z&LQ^g5W5GYRSq@t}C@`ZBU`Z@p{ZVTruSzvcY6rkl$;%dWJk{K=0^O?@gkO^rR zxtVA<12*x7yXx3Pd2<)Vi$mu$>|ASauFY-mEcBA{#Cc8IPlkBKB^SIlTA0wU^QdR8 z6ZU5N=#;6@cdF-f{lQ<+PP)Lv%KWl&7}cLZPx8C67_vr$=$8k`8ppkCy^@zN%y80T zu-RivU60!IQ_K3`q^dE=KR2g7;Q1R%J}@q`uy$|L=4Bec-NqG#Fxr;hevM$W7x=ib zkEF~>VWXvDVN;?Y=YHMW#P&*x0>W5C@>k=|d8g zTo>2u%)u0QbNu|Nv_d45g!CxpOwHcA%*iWyaBp++oN32>VMkHx%|lW54q1oVdQT1+ z-}=JJ=?jHynX;+U_}2^t2|4IxA6c`p^Ruk3eSQMO$nYN>V6RCjkd^qrN4K|pm|fZ0 zFh9swlzghmz?i0G_kH`91WV!KsdzUe|s&6i&z>zhdFO3Kv zY)@~qNBKES?~)#0{tFxOBy_^uKiOF)7Psj%8jD*ROs;k)gu~~|8oB^TDO~{ z{dM622Q4HX5x%=IYVeNLGW|Zcu}ETjF{cxcBdvp13DwfiAonT^e;-um$*~a}F39Y@ zbwML8Y8!g)iOQCK;&6(vY1c6P2YgmPU!oi4UW6aIId1 zqfUz$oOi%^?tSK*kJtHl@Abkzb{>~aH5+w4*$MlR708V+QIj&%P*<}NUNB`Y~sy#xE$=(mAR_MJhwv2RoGBS+@clLKT8Rj;ox^%4QbfQOxQMUwn8tqg)qu5Ic6hqV5;1#@uqu z(i81>ino#z91G)G*)W^R*)s`oj}E-k_kFg(=wI7IUog`fY+3CV0@ZfxFMVevhc|0i zVnaHflwBD&@w=?P_$XG*JPkL(lbjhaf-k3+zEzv=einQjnR`q4S322Y+a`oSz`MaEib{(1&)Nj%pOMT^+* z6Dgf2Z>O`@sY`zuEd7fMAa?=>yKzoxw_e2X!k9;xhNBwP*4EZqYI|&pXqD?C9%8f| z@BP#0|CZ&eWoBlUX;gOC-do&1h4ufF!3K*D>WWhZC+s$>Gvv+tN5?I{GUwU5lhpQS zSoKusw(jpT;5Y0J@ovztd4kGpD-Zi?GEDSlB=44HrYv9aN2LeU+8eNuyd-)bw}11- zBEoS`-dRC?E^%R!>V`R*JIHqY_e^#j=v0;n5)qskXDC-z;eJ3f_9IEC4bBC z#PO1MFVFX$ejb3ef>+f8tu^EGm~;u#qx=*aqbwxD85p z%*wGK@`?7#HhbUG*LHGtYg_4EQ5h0zXlN)fktJe|nGxk(E7#yms?&ih>*RGgU$+j4 zu0Z&-TxF0Ce`832twOXY#>7N&hJYUS9%6gx^}An&$bfC1i&KAjb8(|K z>k)q|JM6J&(&0v-VJ4~ry0G!4^D$+sn)5KUg1}6V2f!Co0OQ=_a$Ag!q#<*DQp2K4 zzfHa^kd!!4GdK%x@dFRkt%Ms@&Pg+mu#@nhit;l|h)A8)?>l-hMk>TdYz;zUe{2n5 zlqGp#xT$KDS!iCJ;r-2_$O(lk%<=1&=S8vk;`*|HoF5m$VJWR*Bh&(&J{oZByG@u><>!n!(H?7 z6LX z>@2a;F+K(DD_(^baoK0od8Ly@4X~`O9W;0`>r|`1X>@w`y5l=Sk9>w&B!X?( zSqjwmS@g5lT_kO$L@_qk_*KcZ7zZ(wiQC%pCIK@z{m4jlUanw2d}cLn2(}fUuKuhb z8^Wt6r#(xiBgdG5KDDIBoB8P#MU)83HShL6>4Q;bYu2Ct$a1)em0sNLNYzxB*ktk! zNPA!Q*L+TDVnRV>IJcDn??5U^5>W9ocuGvG^)lnR)d1j58RS!5{Q_$poxL&rOKIUn zg^nnSH~Q$GakF1UB)-M{bZ5%L4eiwbTldxr(m;ucldi5u_fW){>Yv`%>`aywe6pTw zaDQt)79AcQ78k#_HX=-z8yg#Q-(So@4;w1but-}fzo`8+=yy7$fkuwb|8UAHaX;vQ zAJN$i5n3C6A6|eqGw;z4c!WZs(AKN6RxfxEQE`ygmh-5--{tzng+~|KjkNui5{vu& zI)Vsp(5U&t8+;#ZVr@bcg;A<3$s8|5uV$&KsL;!N+nnm^>bki2wB1Q3zmgvee*ayb zc^WmBGk+FE#?zwDIwu>w`u98n`HB1|WaQ+ijdTD@i?mOFuAoZLiQRxH``=5Fex&WSxYF>(2@g~X*3#oq*VNOa^cqpRgw{re z`2OZX3iSL$4``}9ZQE!JucA=iU-V9#dfQ^Tkq+oi`A5I<(1@QHriK7 zqj4uPB1{j8^V|#y?7k7uZXZV+Pe)iy+m&!PU|sNr$6D7MAJ-|Ljk88FCqz;>+_3FM z5%KLk{0;ii&&s09ng#tKRidGCrlPLrS(uQOHF)VYk4~ZjZQ>EfSaS@qcjHPXFX-{H zuo?xJ@`eXrV`-AJP|{D4ViV?v_Uf=qX>iZ_P9T4wEg;J%LVJYpL!Faj&KYJ5y+2j@yT+2CUQ6E}6Oy|5nu6KD@+cV($yP$oCjxmpSnuBJDor^oo zB@#Txuwsy8!+TASP5GyJfnn##)SsRaZgn$OU>c%`Y!MB-vZN!@=IT`4M^%3j*Knsq z_%*MW4_%is!_{rI^ZN(&SrjgY+U#0ngDPql11u7gu$`9$7VRi4Ni()yP z?So=1%xOK-)4gvNO(%Hc{|y!227Cud5i!OEOuWV$JCRL0t^GY>WU=m59+zWTtzBvK z#MZv90Uh!=?5caBCY0^IOUoXTk1Iqp)j$FwDnGm>8SG-hnraNZTi=gUchMFJp=YBC zCTs3glI?SPiRzXA`QqEITy^!I9qv$MaACE*j;|iL9I%Cbr!g2@LK~R=_AbYB0ZW%%(=$2^yJQCPEn3LL@@munp`KOV(P^+X`K_v~?TQ#-b4ouXI_S#Bu)~;B{Inyau zfDmMyHlgYwVXw4O|G?i7J&Ym#tw7o(?d?&Ni99d75geKt+8TL+?tNV}Hs{V;^c?*~ z0ZdrSZ$0cLBRkJLvV2+iVCpy4aBhNtDBX;5LapaHk4V@v)jZx%w}r^@7p zpVSR|=`OkSB)L$gbfSKz=09Nl|AO*3))l^q7KEGK3k*(9PS81%`U$)b^MC$Ax6l4B zN)H_(N{5Gsr^+-|=L*mk|34|mjKsC{uA%b;Y>7;Z$Nw6 z7_>t*vu0xwG50_GLqttY?T?!Amq(j6hPe16UvyV6t=gQ;Oa(fD)_`3@&x;@HSO#TI zR!JL{sWRLg_eT!}9`rEv&&Gcs{O(`Am+Q&sh=TWblnD9+O9v=9H!$iv$WzYPEu+BMQWK1*O_Qk z7`VG7hUuJbym5|8X<1UMpYbr$8m_KD2ETYM?d}&{`={}& zke9w}x8Ke>_Hl*5$JnU*rs-v^b5(Z!HcYpq4^<5Xf2!O_gxlRwS9XqGe9{00$xFD9_btC+2w;3pjP@c3lVFCZoMwB&!>IccCIX(rtDxzzi>Vwt3Du`TD^d*F9X}e z!EVj#ml;62aX8D_mc8d84}at~W0JT8i%u+I2B|~ZgnIrSS3avjeaEP4dgWw#&GZvk zp$yLf@T^VV>GbQ_94x-sPl4L$KEbt8d{_H$xErihxWF653=gH{1^d{|I~hpMxC-g} z4r5zIu%${*T+8HUoy`)536z@YVqKf#FXcvls zek(2WT?hSEsF}9opQ@SN{3MIi$n;wk<>BfVQM`;)_c+F4CfB0AvQtXr#QdA8yMK@nnqew;*eGhn0GLYF=RBQT3N@$>#6vXnA@X(|iyv^u;K(1WN&G`h>`oXceDKF3V z&yd6fRG!iQ6@C+yFS6ROp%y74OO$BdyHbfsrD4mSFR2f|&Z~6SZET{lK++{@wg?Q( z{=wvFeK?R*wEoj7w%s0)KHw}>z#rGD{&83BlI5558;qm2y1{>O0T_==$2j<%#1#fk z5#+posZ2wY4jgI>$xfgz24Y-c#N^~)BaW}|em20|Jh+Fi;!`E;*4pJ4o1jB`m6g*p zyIOSWWKHEYS81VhY>c6{XJrSiH{BnMT`0%~q6&sf0Fy&TzAp^?~Ar27n^Aq`ST&l%FueB{`xs`>>2` z0&v|w( zIVl#_ILt`2eFmHdy9xBPgf;2(t3?v0sJQFj3}`EmwqivwKXDBC{)5x1O23{8q4~C` zpfiJoj(InVxsX5seQE;%&g1ek6EUuwN8sfZ`HgONC$3*B1tk1bYCit1G+Hy&z~PMb ze6Ww1*4qKyBtHOcnoCK;&!rEt)JUpphru2Lu7kwuy7dPC5`Yd7WAdfY40Lza!aTG=q|7#RHvbmRuBIZalop} z)B)DN4?MlV&Z2BThU5W~;CH_F{e|dd+K#P_jg5VLGER)*=^T|i^%L3(2@$uuU+wN` zBmK(cUD_VUzvqP)S}6xcMMwJ`5AhH|X@tzivPwj*>dn|m?!${BW>(<6n)}~^$NvGi z|4;Ge-yS)j0`}fi)En&1W!!d?0rFdG(V%{4J^Rj^H+y2^gt?=2wa?QQD9%gPr=JfP zoYPPS95cBT+{(80&duyXEVzExdW~dh(<5q0og>v@k!Cj)vVs&h-sl=eRWTt?t(Jyw zShXi-$*+yUCTFh8=7NW(-Qo3@g+!a~KI8QV9_v2!&rN{TbhS4ZP0l?7wFJLUi>vE5 z*(%64!juRog!O+J)7=r4-+7wI*Jseh+F4a&*W8~KmG)r0ZSr?fO(X?dHQc!FvL05PjpfY}=y*;7HGr&5}{C4(mq7l(>1Nn9To2 z+%GOI^qk1*9WYsnSGx2bJEXLug9xNUs5vMekh*MIe+=rFRhNCG-}0Z=pkg zgm!dTVCjs z_zG;+XzrFHuQFQ$ArT|*1wTqH zG$~nhIG0D&3kOPBzT`Ae{a;oN=$W!hv87z9xs4s~Hn~rwR!1xQl=GP?Rm(FZN(ghM zUgF&)V{IMg-fSQ>+EibPDB`D*n6>JI?&Z%I_-cK#0E=Uov27_Riz=-34dcg#{!Mka zEs#$`J&9mipGrfo`&BQ3rgr`0#JoeLAdnOWd6t(FRfc8R5ACuR?%jT#XC5u+`~xUj z@q8El4MEi(hbj7&;>bF}J9}=6WW-ktpCTi+V9lTTCNDgLUBF=YdP#~kJ@u&m!pI?& zlr0YW1QGNfIy|JFjEb6wXV&O--`CYm+lt;Gt8%3mD?u^=jyclKxbm)qdp0F$$KKbj zeK(bx%9y1cbM7G2g=Bx|gdGC~XxS}OA^H&q->kJP92_<kKp8z)VyIuh%w(k&&9FSLC*EXXRjtMnG7hn{T_%p9BP z?j2XRXz^)#i2}tIwLr5=x+S@j-1MU;*h*-^vaTE?NH~dju9|hV*{qN7j7csoh0!6K zqIi(t*xoIFw@d4kh~L=}b)9du2|-b)Si|EJ+p5`Xx=~Sy?%3y<^ruY6YU2?_^@z^r zz?1pmBk6extBL(bk_ofYvI~gng+#I(uh)8zl8|z_H?BQbhe>-vEW3 z%}W-OYd;BQxM%@ExS+JCj`wrRm#uvXmOaI#Y<*mnlI-!?Rtf}aCoOJaYWut?Qq^wC z*nXhyTk0Io#vh`N%^?oQ_ZO-A-0Vzat&-UO#=7&f-KI+9odv1;ZS#8ZkB^#I-O(DVp}NKs zS^2=pM2dA|ct;_8d}?HIdlc>8&&!2hQ1>bc5gR_&2tb`Ku z;oo;Z)hH}wQ!~Ku5p|JE1P<7%!E}+kx1;}Q4sA2ANRFF4RsZ+ZPqbYw@wo9VG{|dj zruxny@>#s3ss8ZwnShGTG{X-qRubU%drrlsQ%Xfafw?~LSLOKjnj7-hDf~O|cKw6k zUtOGt*Z<<;Jk6uMISgj#F9;-%v51b0Ji5JMyi*usiRtxZI3iyEm%Z<~lA4;@>gwwF zuRrK3g`&bkLcRmf#h;;h+kp}qX0fwf-5C8y$W#-iFJO{$>sXf@!KZ z?tKO{RAg;vn|M34UAwImNX@$&?#eYf=`7d3-Kp}45H{_L`Ag(~ts0(!Xm8$|Ukwcw z7fhfLm^IM1e*MD>*p>epR-!uXC^N}32|7*p{mxH+1B#^h8c!$<+7OQ#=$VUZv*Q3& z@K85nu-T}cAsa<`+GtyPTrTEbEiQ2@=lH44zz&4y-JuSB{A72Q+DC_daop48ST$b= zj6PPj*t9>EUGffhinqaXv`?yEwJ1P}E+K_$JTy{m&=q7xAqJ%i{oGVYoS_DA?nn$t z2E9>ijdj`fFI4`>B2C@G$mqJHsyOiSX645s+LLV~WgEI-NBi`R9<-$rX|0XLwtr?4 zBzk`@eZ|R@3R0>~?{?--VUbkKd0QRPFmFD<>XJv@=zQH!S)?>qA+Y%^zGH2#w4%9- zt=~Dy&5-um!&oQh?Jlna&R_$$)9kguce#cWmo$#9Y5};Ap1F>LMmYPY>#w19zu$pG zs$14(?sE@Q>ZJ!F{lwF=qb9nI5t&Pke%CdE zV(Cx;5*DLI`Rd(`L;t|%63&`cgf{aN2tO2>DJL7>t{sF zVR5jc@3Btw(~=TNz1m_- z?RK{sR@NvxlR1oEZRl@x78bi6k*pd?u44HO+KVIQf1I$L7``@p=IDSkiQwFAwjbm& zI6Ttl+uYp)sZF|_Irf5M^FzUry7;mO3BYs z)5nk5yc=+WpbA_ep>PDtH&)#_An8>yvVJx8N=z}#^L;* zO2=;G@*xXPVs`c;V6lbGd1;@W%m*HGHXT;fNZY;a2hsFedTE{?4h!i3$eP^Uf>L_FEct?nb=T}fweu{Kyk9ECYGd=T%zL{A<8WmEzfCZnA z=<LK__Vjpw@EB%7#N<48Q-JnUEG{K|u%ygsgY(3#t!&aL0-yFuaN2DV+2Z2U*q$c_CX93sx0I1apK`e$zpy;20Z1vx%l<^c^FY?{8z7c~c0 zOZj`Zt|u6{^Z^a9`)v-ISh#DN6#nV#;fi>rx`UF*wV&w3JCB>HiNX_Lluztd4-fc% z?SmyvJkk0OE#Ut!GTt=4te;qM}~I#aa2YM#+Y8{V1#_UA&20 zapOJoQxuf)6KOcba{7LkVtdY;H;<|Fs?6_Jrd6+h(#qa7Ztm{lmm-gVl{h%i?3vfW z&O}k*k)soE!2kAl(c#}l(BXIntfIgwwM$|V_}X96>Jetos$c)=*-bX`-Uir;zd$u> zU>#;<4Fi#XG;?=#Jxv$!xbwt5(y_=?MBM%38KC%L(3_ceEZ{Gx|9psl^U$)k_x7%f z027VO$n(qHxA7kV%RGQ{(AV7i?TxOSbL<~PfQ3ez@pSZ`Om){fmVrL`BuDcK3DUsd@69+`_^bxWJ-;XZ!{6^1oPU zOF{wvEqU>;uGs&$T>no{sb?(cTToC?RaKP^%^Lu(9Ip*t)UH6M8yg&JsD`;s93Yy? z;PAU2Sk>e$$}X;Nety0?n$~}>dTJkn0-jS^G4E60>Fw+9Z@jfH-i*tIb?$ufIhZq~ z;EZS9u5jPc=-@@Ut@w)Z*XlMJH5|e*#nM8FV2@rl`AN>`&E8DA$l^-(q07uCVz0rW zbhn;bd8bG*VPH;p0(x)Ze|6Mdc?W*(FShy*Wr*RM)eLFtX)edLqS zh9(!m`jY%3>pQ&cIN%P=-p!g)90_vv1(;!;!_fK#Sur7*46j2;Tv(tByPj6Os$oo7 z;xMl?k2=>~Mz^xB0TZIT^jVTo*-ELU0)x1*fS5grvqeW#cnXF!eWBc`xZnfa!E|(^XzvHGd1d%Iq!3P`Y$W{_UhmQ>TwqC6O@b0*Z>1i6 zxhTNELnUE!d`2^tRdqoQZ*w727A|kiuYr!1^HyHzn4zw`SqssAwvz}=y#oOBIUGQw zQper1UEC6F%%-h*V3ru*E>a>f?YW>mBsv87MmNO?r$o_T!ZXHdGg8{puN3uMbR4#8(Gk~)XF>0 zIKIj3BQrpieg4iaV}ac@r^C6pTIj=m7!zm>E4^4!+5UhUs%a`eN(VDe*eB0LtKfUX z02GytEELK*KWj5%dhl3!nlMltfK$Ue6b$oZc3q~y#oZs>Mt7)10u=MNT-?-K+i4bl z=eU%&2-EC%%`>&m6BABA<$ZDV$+LA``F;&s6X zzsYvK$G-KaQ9N+-}E@2o)Nb$WxIBpAB7rdc-5SKr2KA`8XApn`2-$9 z?(nnw_>oNb3S;&staO6-u&PCgo%0KpSQ#p#RD#~lDmSYT#tFNMI^EMZ>Q1}EG5%F$ z&a?W7V?^c-5{(^0vDycRlydFW-<;l`{1mgpW>_-~VTc=c1rgJKta~egCeM~dY4bRj z$k`O zhzr_BG1*z1ea|)>#iO}JV|;23TE}J7R1<9Hnr4Q#mu}&YAK8~oE4boyHQ z6fB6(e$it^1BzL|#MZ!ZrFZM>_9xw0R^;5u9IHkRp_ct`zr8>=TviH2mz-JcF)l_F z6ZFcHBsIDOuOi3BUUZa02`O&EbFPfaBu=pv^Wt$_UW0`uH}T5COyyBY1feE!^YOeM zm%sM*+OW1@3K;gUTAmIzC|_wrcWa(BT`Dh2<#GweKs*VuS{XCX7&!!;QIzn-7L4+Z z=-tkdwEN+%1b@IW5kq<=Ueqc4v!MF87rz~TaSGjoM1{V9uhGp&thWEi!Y9JKU*l$x zPQE^2)hL}at-Sn{FZkQ%AHMS`$}@k$?kSr0j_^bJS1si`hd_>{9u?}Z%MI7euYQz2p1otW`DwdjB17iv^VzdX zY6N{fXbn1J+SPR|oxDZGCP}f`wArM1#k%q4sQ0W(Ya4w1YO7(r@+{S1UQzQ*Y!kiU z^h`lZ8Gbj99{0lSxY+|2J<6H62oSw_2aaC{$mIdT_W0vmQXjYrAo4fMwfAQ|#&?!E z$#sX`WJVk4y|$tP-atuM)seRVjCpl+GDPd%NCspN>ik)A`q&m#1@wwhU6?EpkK_)y zgq?u^J`Cy#teiS`KffMkrOKnHk~P^QY9wBT_DNXfqnH6zziHb|Ru`xhFFtl)ZUX6u(NW$G*|0hl-QLks1UQIJ!t zynu-MEECm!YGHBtcs;w}qvYQU(}U7;HuBDEC)AEo*}-Am&Wn}=@z)btR3$!(Do3?i zB*eiE1o49n57?zyf8jJI*|5!MdwIzF#x2B@5onxr1lO>3ZLhj`*_bHBX)l*tB9dO% z$TxXg9t{%T;JnedTG>ISD%4Cktxemw(+udV+T03Da_Rf`U8t-NQ;)WD%>KCj?!GX4 z2N|?K)-G~u55gTMdL)Kz4`e(>1tu8$-wA|d-xTC3j&UU>H z5i9`SWItOIh|PbfTU$M8w?2+t?HR-ZSS7Yut6e8wUwYbHSOke}hzqk!X&xF>0Tbm< zN%n#}JpH$phvCEgfV}maF{K%x;`|%-_1`w#{1XuZPR-AqpVlkZ%9H$?2K?r#0RrHs z$=g}LKKws@r2lEE`@1o`oz9Zq<1*9m_S1Fd?V+Q8ga4qh+yqkVQS9y6(Cx6q*?g;# zk}k%Q_-ESv{iwpxc3i^%qVu6pWfA9_j;KFlqv&&~Lk}P|Ofu@fo$yUAdP7g!C-?R7 ziHq+V^OT>J*Mj=-&hu%6V_v*%`)WCmZQ;ITe3Ny4;vep(cQbSSrHKKvzRoH8&_Sr| z)LVC_E7=3)#@fL@V7_}C`)hOoNOXTaz1)!M9jkFrBCn-JBrYzce)sNvV7cS|yyl}{ zkca{if<{@hl`l@`K?x^tD*zA zcHaZZ+mnN`xSt!>+tL2M9SzeNJ76~hKllxC5J)L)$of2#kCjWgjmN%t(dMM@e1dvf zcvjwJ*9N}-;ll|N(?+$-peYMW;dw#0?O7R_*z2)*1I^{ZLJWF9PrPWvYAjVrm z^na&KUs{q5zy$}xQbGpv7?FlYB}H0F?~vV&(Z(((}$h18x3@0v}^Q9S&lk> zT0uWVl@W3xNR=Q{MqYtJzw~raju;AA;qqwpX-JDS%xEE08m1P~YevN;0&G>!^}3^9 z|E01|Hpme2X?+YxUcNBHhvT;7y#b-39Y5sjoR?tMDF4A99TaPqHbLQj~V z;M?8i=5&#&yr7^yywFuBgmW&iRFEbJ~YnVGrkDM2RG<}kYo{2%*-tgUtLJ3)nT`v-neCeYN~E76jK=F`Wf zj~R2Ysr;3c8^DQ!ML60$7Z|-zWkZL)glzX4Tyms@Rvq$JJHK zy80!l`4+8_6TQc@h&1nDBa@Q*R{CN8p#@yIWva4~1~Y+**itcqG7L$t*{gX4;U2J> z?7@A@4)xHU=>A5>vgLlhwV5)Bqo3W(axW+vL7AEUPytUya)`Ej1;(jS-%6%%+^U0g z_IsuV7cbIgb%=BAPX_e^_E$@)oL4XDV;hfiER3auDGN(IM{o|tnX5%F>+BA2(Hk{d3AZ`k}75B5C_(80?~xyZN!roxG1 z^Jtwet0S;?DuLwgupXJcxnj&Vv z&Ao-SvwZ)Bb?LU}>d^{=u|6bTW5>k}Cv@<=QC-G9tjsQlM>%qhTEv8^+HLZ~9t8D7 zz2Ug4^%`a*jXQ0yY(EXAtH8bDZ+QgNibR@E>W}|f^zq!m6s){l`YXKl;u%5T93bya zcETO`if1>z%WV^}@e#Jp6I@lun?N8v@4fp# zGwv062VJ5H{KDW0#evX{Q=zwfDO0L7_Mk>w0_Kj2?U|&jXnjEtI@^y2?L6jW_Et@% zt|#BIO|UN$@p?lku$cNZbXQ#1bH4LsH4Z=V%*|VDe=eC82T(CiB39qQ{xh?*;Duke5`;}qwU?o=s>UnlKK_@Z zW{ND6%d|U1m)rVo@s6>uYY%CLuPMFuBj=OJbt7s~NlK+j1YC2&)KQL<=D!a9vJGQO zRi90)64}N-MJ#^X((-a+W^!+(+;3wdcwm3Rx;Xd)jztu zFMK&B3R7^3;3_`Ssp%oRj+&>1U^nJ2k5>Izkv4ohVU2VG5l@?QAF?rV1(h^eLx|Mb zcivl_$mM&FiYprm+BPPU)2s*~ESXVZeCvIO->ui#&ShVWH)34+QnB#EXuFgt4EYPLt(k z-V>*_Z{(Td5G>ZhgZke5=y|Q4`;GU_F=Hr0Gd$qM&qaO$g7bvb|0;?@KSX-UTP`&9 zO@PU@ENVulCe6-Iu33HYBRYEp3|t&+?Mo)a&L@n2?0xz%MzdS_0&9pRKB(%zh#nAR41Z;H7nde zNSKqy#N;@kW_q2>8P8Kx?IFsqM{~Kg(%~g1%Ckew^YA*}QM)ZR)!p6QA})8u5;D7z zs}T8a@RNu9P|b#YWbWEe3)?1Ln0#D#P{AkLC%z(5jCl$LW7LK<1%JZKq7>+{Z0pXC zU-K>Rf6|C6Io92I6v8KRYA@rQQugY7Dd+1aT9ELC7bVl|jEi0|X_6beUKR<6PDJ%a zT$)9ze~9)ve{P(($T&)~on+3FdReRKZ`K#H zx@~z_y#04Fb;aVW76)0csXy}5T<6+=E&FZ)7s?v&qd4~lQ(mx3L;OKp&u8m30)E~t z5%+I61`(ksEoyIox?Mti`5)4#|K)NWAcO(j`Xd`nb4`1@>K_puErFoO&d$~@Givs~ zy{W51U&RAM#&1JqSmtN9X#bnc+auarr;Ed7+N&jO|1-K{=>;xC{DM8~AMp*d?3LZPu-vey__gaPuK- zY@cf-hHo|GRqX=mCU?QFXR~>*JienT}t8?bjV@{505XY{=;EC&!0l z#9Ukpiy#mMbJ=Xz7?Ef^DNkjv&un8i5kC0SOK^>4D(9Vz^&f=FWltmn+ta6Vgi>EAa3}8P{<-GM3d=w>I+>>0-SqjkgGmeZ}N8%E) zTw%K_@0!yLoG|J3sQhBEcoHzIQv;LzphYQ?>QF?%uZ`qjYE%rBi0e-46>N~{*rP4> z5l-F0Z+e}N<3YU@)+gq)5ySs#$zlDLVtG@Ffh?_np3&|GnfMRr znQcKv2})ls>)G1lI6?VL#X<$%%|=aQJKk6DOqG#gDecs$sVxkLidHxKL%&A8(swdNlnhc%wEn^E9ltVGiF!3 z6`qWt%76y&1*&^g)(@^QAwRA)%v}v6Tq4_`hQ z2_u(7W~J!)^-WQ2m-f%>w-@zY0rHaYEBP@~m>szso%yES>f1dl7xVaV`B6FW*|3dn zGWfH$)p}Y;C2J7nD#5 zoD`oU_BHRi{}1vX`+6$kzA=qL_D;&ChrScPj0x0vH$CuKj%}mJ3UvXZEPANyMPR9D ze8qrY7hS(k9mSXuR5jS-JTzZ5 z?vGu|SzuSFbHmE}y0&x?6}vxEF_Yq!?RHW~iN3k4cY5w1rEghTN`lrwQP6`^nr#VudO6Wdm zT0p3ZL*X(x4E-Z?glB1-noQ4N+BtMY*AJ3KBV@XDjI3bZ0bh^tF7`$1$e>}F*-yu+ zs*zXPN!+A6h`z zu$P18le&}d%;SGtrUnfo+iMOGz$Oapikto^807$OTIHK+NGe9bodtq1vc zD7P?>S`gDBDedYe?^s|GzCG5&2RF2oBwnjh{+q>!??=~&buGkN_<2<<-qTPJTt`F5 z;q;5iYhOs}`dYj3Jrxqx8;Q14hR(p{$IP&%2pq9GM_y&!Zp=%BhUL4>t6Ow*6ddNwiMk1{^|8VSm>% ztSYg*94R`RNGD&scCbJAT_Wg6$xUW=2{wOVsC4;K=;+bT3{=JbB!m~uAj8~`&0(0? z><{MOJg{bk72A=Lgg)EB>&F^0hvts9bMvNflV`kh^4R~K@~ai$%nHAcvGJ48T>~MZ z{H~6WcxU|79z9=gA8}+vB(`MZpiS+|6>k;gp`9x~)s>4(=ur#+Sq^RF{IH35&IjD-c)wu@_4_uQtCy zr~LLWZu7)+#6Y{K8@K@_N&e<*{OT-JE?zT#9cOFF)JUkIRC-0 z#6iNCs4Zcw#GvtYFQvHO0`=MkYcZQeyQp)&#sWJTx(tD%r7ZSH{oV@;DeBwWmh4~7 zQuoryC*<_5#1_l8UrZgejExh$;(jcXm{M|D&4;+IBz>?WuOd#@>CIwW+i>OU*0CV; zhHZSMyXfgq&YPe>)wsh5{Q>X4m>c2w5%X|`Z>&dZ*7|PapAObP+WeYd&STJDFF(;w z(bd-wLp=-5{E z3dY+7GVnZJEvhd~ETgb6y|W&bNFro^B_cKB%Q4fLsWuV^;7I*7QKf%&6u?4zp}fHD zhAm33ek*BSE$=;^Mr&8pw;8ueAi@dbPu0N+}x}rHY|}!?EW|_@RyGT zGX|$B)GQ_mzMF5IqngWv;?->8$cqeH#2>-Mj9U>Z8e?DcSZO?2^~K$;uj^J>i8=@E$_D$Cm>@Ew3Zmn-Q1x_C;9qt z;-9}_2NNZeP9?`{agjCY6%}E=q7+M%K;ZR{>35fvw-?^?=#kmQG}V+Vv? zHUQTk3_wb79cGTM1rV`s&Jwg|j5M~7|mmdh&3o@=7fsg&kpLj1Sd+wjB zny16vwEflhIr}S_ZA(GvD*1)ApA24a$>ml94Xsm?tJJwBW-KY_Af?0*i}Z<0)?n9^ zBXG^V%pp}49^4>165~MJNd&|Ws1i!*Vzxec;ss)nblS&&yTk*7oOI_$e^JB-RrB*z zA>`mGVLDsx6vs3m`;DuB2ja13AKtnv{P@}=?$W9ryK)#VInw_Z@1lE0%$N|*q@%IC z8ErZGV7rZqLVlRZTTU>l)%7Y`gcwy>yX$zHE^p6LNHs5Cv+uJt=u-^fBK-Kw%Dsb= zm{i-~Q$D8V9uF9-v~z=soX)3cRJ1S&$nOsY-*GChCRaaQkfUbLgPw9skPvT4vd9$H zlaQ)d76`fI6+Z7>)K-(Hi!=_QbOsp|UKOrJMy?ARSJorsch&)UT7K`dS^oAwy)pGb z#CFjuYv+eW$R`NR#h8IlR~K(1d(2_Q)!k-E0vVTDUU@xghH3}Cy6G9Dor>hG&ABDr z-GR)Z37~n*5^(>5jUp?xB2T}+8^FfgVK7)Q|8TeUyjn&s`5@!#jp$5CFT%L3M|jzvvVi^Ez3U7FLN$)1)iMP(g3ht_Up z3xqI!4USxNNHU95u}4U*?}JHk1^egVWrl;!6tA2pu(I})N@AEX*U(W;}Sgw|zSI+JxEpbs$GZMf!3k{&cc$M@)z`Ql{1@M^3$OgavSm!{ZQ6&zP~fH|p6r;=%-j z``axZvi*$UZoHDDmQ9Va$E^l0OD8d{QwwZ&o(DCae6%&V!$Xv_b{4`!HaBkjmCoMk z|647d_|Aw=pPW{M=&{7)ytexIxJAFFZO{0(s(^0)mYW4uOuNT^xf1w;nu5^;I^EAB zdVUgNU{b10Vbh0F@8Ac5j{C^{p}bC;>IBC5&gHi&5t^_S7HHPz+||`*gPR#UiW|C_ zx6AFl)&#IGm}aBfwUy$V75y!eO&rex;EcMHV*veRMLwoFzCpnUozb)0DyIJyE zdkzjvh0k;N$7^WXZXaF9+mC|$$8|Li2pM6WPv|FXpnm$2&5>0?E-e|D>}(ulyX=Qh zk_LvEiMbC>aa*SIf58|Tmj``xd!uc0Ok>xtY%9}qSsb`oXy+sdcyYvp|Ua~|m4;(qmtvVt@9!-haqOsR*kc#sUo-LF#nz2@jHx^dTi+3s*o z2YlS(tB}EPYzm=32q*I!zOPAMQdj?47&JZ4#L(({vU7fK$G1Ch1NMD|gass7Zlq%J z=}hc<$ILq-9pfp@ijt`C*q3}F_!~#KQ|D`pIRgVK<&ee2V_Tb0v-X=~6D=3%>hcg+ zPl|b9m8P+8jIB*MpALvs_TZHs1*eWRj`+YhR&a4{%$Zx)-23wUbv)`!XfHee)xf@f#@eFaFT@g3QFd~MV>SaKB9 zs;W;o@G~y-Yy={NGy}j)z^Pj@iA%}p6EtM!@02Xu0brD z6`-`Vrr#vtfR_6LC>RY2T#?K7>>W`#Fa#)*cR7o($tiR)R=~r8NwYF=A4@A%Us6_I z-i6p@-~HcT5A^?aH{t&@oh(b+s70b`DFn*AP>I+jTva{~G=I+9%xU$t-uI-t=h3}v zUpA!OVdRBE+2`&#Bye0ve%%?7A{Jjesmssudl@=kj(1yK+ z=~(yG(qAqC@qpZrrhQV zWLMQg>}SN)nsLzClvWKk<5SKIH@&-J)6%vVQMXRkry`Zr>NE2e#am-KiMGuwsn*w!TD~ViXRkS4QpzzugPDS6D=Gp z6P{i0t6|jy!s=5xFXYc`sS`lP{2~Tp4-vI5Mq1O>NtYQ z6qpocH_@xDUY~k!b6MNxMTMu3qw@rT@g@G_mzZU1F#9pN^oeyU`&p~~?ZjJfM9!q0 z6X%&;k{cfc@{m!ak8*Z)Xo}dDMc+;OWXk>3t-Ft~>2MI|)Y^ggXr|}VD$%93bhKf~ z(2&Ha$RI!jv5Dw4n;I!6)8!f|BUJU=*3XR$<4z1p>g%J^w#cR3ow71orPh3tci1R* z#krMBhXl-uq+d&Y_rbR$zxYd$jHEc0jtu-D>2z~ zEl-pdlwSqS&L|T+==y#+qZ|MC47cL$$?*@*o->9J^t*~2yF$lf4$5cd_hnhxI(7H_eZDeZ?(g;O&!Mtw;C<~Fg<=3Jo62YnGF zkqFKfwHh50J5PEU0v>*4kLmDN;Dx6E_#%zfd0F=ZaRYxre-AwXv!Q22y)iU2GC94{ZXa>p z!^5?-t{5t|joJBR4w#8vs|cC+8x?&<|D&#d?|kyPx(YNhq)gVEnAX)Ou16j@QRxkg zjxx`D6!vS%V>Mnc7uttO#}hK03qWi+lD!RRT24bce7)l>U<#Fzar!Q2cFHZ#Ap^1* z%E?udy#nEzaF3fz_0l041A@)+^K$NzxD0drfCF-9PY3JoXO%q%?oZy25~JsoKjE`H zNn7;L(Km2uDre$sDZA19v@$+*-M41WrED?@k6ovrR8FaC?%W_KSxiZ%lb`WA{ID@l zNsO!!dRYy6rESCD*JwIfL*u7P@i0yVcJcf)|DTHCEC=5uH0#I%zn+QeX1`25X$&St^L0Pg zBCO{RtxPGJwG&gRjczR^4u2<|cJ;?YK|?g+tTO1L#p1C)Cgb|gNBBp)+#(K!UtrIL z1fQBh8*7UBiKhvAv6y$xN+6aWf?ppG6f-!wxJ3IONBnBodys}h-|UHmiy ztsFjI372|&HLt^7IYNZLF264$H}2Enk)BAApx3L4hFBuws~RR z#ftUQ#BnR091JhrKTi3DdxN=-5b)GrsO846qv#(hidMaro510YBxSZHsT$gA<++?v zX6>M0G^Ud#eAJGfMhrn2DlV;Xjh&z6YPSti%%qhK?GxDs%*Rw2La+oVU(Cug+r*u`D3Z8rHmKOCUXe;qw<;(`{GNzv2&VYKUENMXi{NqFxx(%&nc z5uJJ><$>QiW^xoFw{4F7%8NWwrI*Z9orXBU<0q$jf5F>P)-_sJH5^02^_9m{pOfPl zLJ`=i^}fU0>LoHHc4@?AoW-n@3)OrOMZcQ8l1LxFk&V+}ewH|7Wi|8$4uH?24ZY=+ z8LyYKGE`{%7gfv4)`g_+~Y2&jo6Y zj?4N+ZF2K`hOMSqjUb~&O02H}n&QGDHf<8erY&|+hwYp)4<@+SkXSU ziA$6b9}8q(o^Q342y&uq6(wq6DYXf>4( zJC$Oe$M6co9uIu~dL6MWa#o0=^#n$HI-RPjr9Hg9-Vn?=SYAo|Q03huQM*ziZz_9d zrnALm!}g(x=3#4P=C`X?Mc|)Dy{e1cst)bTBmKGO2RPQ$hQie~fbg!qU|p>+zTtfN zl9{qhF%A!f>n%F)oVhX9kNu$e|L`GYjaP9^zhOjcMfF3ipWYDi|-M z3GQFbF|cdWR;fJ0R@D5V&1<-8t@c-Bfn*0>TwL-x+y+m<;+5o$kH?vYFzbwqr_GRN z=opQlo~+5`>2o2Z-QPh`i7SUJpUaf)9=ouzMk|l45|aF4iqzXEYbGOhpUVY;(zIE& zIQt%fy-cpUn3F25@eg(GDudb3+hBi2^&Ol(H!SE=tz^x~P&s3`89eMnXwN~0nxakd z70D?Y5k&_{j{NWsOyud7>DGl8MuNCNx2Ngn zyTcAU7!?b8C#j>zL=(ky$pvczR`!3ip?&4)8QpirWyQn^5douD#(Y8DpMDJPWIu%H zw*u_|N8o^f<;Xbr;){6*bR}CZ+a8SPz{@1f8kzi_BdUclO^S_#YXyDtX6f0RLe?kS zB`=iw;#a%mXK_i0h}d;Z5?f-fqFqgNG&Lu?uMCLjRrwXFw4>xC*RB@Rr2&v*6onvS0o9DltIoNSh>qGS|*^P>2 z)aF<&CG-y|SfHzbzZFik!>8fEeS>cYE_l@AjNCV*+LGoP;`3bP8ThzXs58FP(Rh?V zy^H^Dwe$1jpr2w;1CwI247Gi+oUnhDR5cjWm7>xJ;dHvm*svK*QVBQX79Njp_o7O_ zI(%reH9C@Qtc!LhlVQ~eOJP*BAa)r%uwv4(^>ZZ{I;cR1R!K2Msg8z-Y3u(84|LNj zMB2Ap?#P-1YOmDt&t7xm8cSKuO5%{pN=dDWCV5?PcX?dJO5h&{rbv!|y9WSOk zerMKXmjaF_zgqa<`6U`-_aIH`g^}<9{8%5Nm*E>V_*N#JSBt}B4TQD%V_u>(nUsy! zB$Goh-3?JpBUAEp%&aiNMHl;J?w=j5>JdW@C~j6Eo<-U}*xz*I^c!~ghBFD}_5dA> zlfzRg6xS+3f`Lg@%SW}pX&bLlraXgvP0$L8!avK@{faw81sj?K&94>nbcgQ0kn_n( z0D?X@OFz>F?}4)LNMB-!eb`%FF{hJZi2sDANSny8Y6+Z3`+C$OK$@qcE9wX z;eC&rnXpEMidtY)mPu6#kT0W4uEDJM){HiF_o=b>7o6aQ?cd%z;WRMXP^f2j|5qX;wl73*yX2DC?B{$x16(FLOl~tnonxooebtEl~ zKlfcc16lO38)%z7@JreU03mK{`?h-Ibk$=xI=`2?i5J3v)1_5w8Qs_v=Ku7byeg&j zE`lrP|LN|$gPPhKb#2+eRunf?1q7vcq)LxU4P7AgqI3wo3J9nONDUA|3q_FLAwZ<7 z)Bpi#p%;Y^>0L@FXW_R`xijax_nf)sk309@%!HXtn5?ya@B2Q_d3^dHjcJJUJZNre z6rhxK)VK8X$kGj&4q#9{N8i!b=LtWI$a@KoBD~ob(C$*9?>A}F#%}#V_q+}@S2I7M z)e=~zBh65SbBlvQOQwbup6ZqAL9h3qj(Eyc8s!Oc5QmfY&E2YKj`I%*l!GK;*^Zur z(z$J6d5hAwA|0x{VyR~sk)nrv-o)8$Vz}Y57RAyo`fHpg@}1*O`>umpn!AFNNue9o zILDTa|6HDXDb1M2vzY7%RrItBdn@S50iQ|dwcYKezX@6V6la6En|BB5ZJWu3p4R6b zv+9O14qSfAd3(!;5hLjI=ZxgxrPPgX$6LD+0ZQ@pD`9JuL zf-b>6xvxqt=F8XTxgW?1g!3(jbG^2^(I2$s{ke7Z0-6CJre24Bz)y(90NKRY<^O|y z<)0t?|I;J)EGY1pMVZU5*eerB1&``^wh_XKcZwQ~#T6X*J-)2;n#ro8g~lU;fCnnurIwA+oz- ztYf#6p^7?bz#+`bcO;`I(AnX_De(YwXZ(*;726C+Pusc!egyt(=TR%Z_Pi%Cx!o8> zzZ!6o_}neCE+J6aSx?6tu##j*2R$_Dob2mVEg^g#wZS>dj@ll$AGGFoc;uPByPyv# zn`p}teSw*5>6?2`ZR1G_C53bl0=xbrIM`DbH9WxY#&4pfBijZj^@WZlpJEqh!z4Ak`~+${6ZW zee=eQ8I_4NX}BO zQ^@^Ej<{Ys!+X7!rcywywjLuV;qP0dP&Od8W;*bx_@L>0^+BXR->*WKe?1ETwYA8( z?r*MuZZ>O5>tswEL?y^&L^#!yb^lc9NxC_C{3-~FS!nlc}6VG#(dCg|gcO)Gyb zl7E{FdL5G3t26a&$<5D5DMxP=<+Bo^41Cuu9dwgf&4njyd{avB8)Afh-~*l{T^F(N zwlTwcW97j>aerz+AJ5^3HR>tl;?&zq^{k};#ok1-sTa`QETq`Nq=#tNAtLqkipbl*`g<7cShvJiQhu9 zu_|mVxKW%FxeKp^VvBhJB;i=N{t_3r1HA?h5OORfcS!XZ8x1byLqZ`PD=CM-0YlK4 zc9Q$b{(!EfZ7ITvSW0m*Ca|)CaM+ZQi_6BDl{@WlU3ctHXx@G`v}DblHWyi&?Vt?| zW9v>|#XRvW!15LP0H6IO%YUY%$$GSVvx5$%lA(5tQcU~GL&8b5>)bKv)I2)7xKrid zxygy?eXqz8Mww@Akb%uV%%$e9s@MwR@GQ-ix}m zL0DOVo$Za$s|(XpwLdM7&he$5F!CWgS@8GQ6@Aca%P-EZ5AZq%J3$*TV-wf-eJ_h*?YPUoXeL z`|g%4h~z6QugFQKZhz}*5gFe?q4UWQUC?k#dUfpv{dAALhSEr(Rt4FLSH zK4fIGx2nLt*4R7YDf{hVlqL;tf&%txNKg{}o=!Di%(w|*=LjxQ5Uzispn60+Vf+~P zuB%}%=kR6NZo-ys90=%7&U^K1t@N|_eac9si>DV0Bz)2OtWrzD;e2`3Q_{)V8M|~f zE5%BbbodGX>h{d`ujZ_6%wDycqP#U?daGmF3Po{GIBoY)mv8SamlQ z%e6m|)?&OM9ay|oU~nD!Cy2%{n!wrwWy=?bb?IA z#V0Od{rGY~ENzaYhv<7X?n|cy?Ik97MF1UzjQLvKVx_G!nZh~;M-ra#;6YGJc zhKejmx_IZKW^*48&)Ek_vB}fY_DH^VZN9l3M)S_q;QK$1p4ciQGeo4~z&9gj0627X`eVjGW|-Ui!TpsCfy{ZQ+5#Q8@neRYq3xOZ%X`jI`T;Js*GoK@L0db3bWw60I&8-cZ6m1vu)VjQRFff(7WthY~% zwiaU56=rH|>wblkAt0OGeR_ln4T0Se)}VC)>li6UlXY4na!J;Y|5f7cQC<+?)TSlCn~r5CMr#NJaUR86 zeUxYWG7(@gpuuJ#Sdfm@(0{Z%wc$X_brqGEaIFxS)E%TV6(TVI+}8f01w^lNj^vIE z=idPb5`c>Ut@#K7kcG!s2L4g&Wj^+$tQMPm%LI?!o1~%jIdz2|!HDdXGLX%y0+085 ze1h@L^&nm;{B=8BQ>j$d^{@5pCv=&;B45I8>F7D~zVCM%6)P&FHgo zr(AnX1RE-5(vnthl5F%GUj;ee57_p}R~i!U**5DHVR=^5QrT3woS0YEZ_k0Wpcm9F z_GRM6k+`CVlHtxHqqm)laxJZSoM*qt&`!`QWozW{@C2_6F_v;?1qF((Qj#f_VjlhE z#g2kjOHFyE;>sW|j}PyCqoX0NYC)Dpc4g1ieu(|;Uz#`B__wCWf8t;I0$(uQC#oKM zK_ICw-ROZdF7JOgRu%u_*VChb;wT<6F|uB;^URo4)sccR2@{eO(A61h%QCc(=IS=( z5gtKuh0eNv#kkP2i{z(nDi_tn}}Z$8jlW@q6qGlcF-;SLUhfC_22} zubGS!PvD;7cPwC2$k}yqyxZ7mJrq?$GXE+$ZN+3Q&}EbBUWInCw~@3r4<+^}-6zZN zBh~Q8Q@6~eK#=pD8|Sq^B#!A9{086Gont%Cv!JQ%zNK%|+d6Ujx&l0}?-~HgE0c4x zH`{YUHJ7;r#*E75$3$gzO)~AkvokqbR}+w6aD0C)Ee_I1aFx5;V3)>nZU9L|HLq?5 z&mUyAcWW7;S%V4w+mDFUe1ai3scTbu3O?1|m5-vS$7jdQ8^U^Z z42%Y8P#+SMqW1HZWNRM>1(;>T^azymBu8;&p|DQn4@JcA^gVzTfyn7N`ZYMgt7%fZ z!@|%lD7maYyQNxRZ`ZTz{guN>^=R4SWcm~W?C1gL?)qDS4CY#mUMpao;$$4Pb{*yOE@^ zo_S+&byr=O3(yBoAP82z$H1Fb=zST^%7z5N?0+uOF(oa335*sp%1e7y| z+Z+|sQ887k9X3Up+Dgky%=N zCEmIJbmTDYt1^V=yM(IdWtoU`l3(tIUy$Jd{%Pa zH}T{xZ-11pXzh4YP^9G#F(bcJZWx7GR&BezS@DPFkQ2JUSGwsZZ_f3OR&V{D1pJl7 z!EloGBjgMGhGGyzk^O2a1Z5uejpYa+j9iVqPPnfoJmp;GYQMT$$=JFXb|oY6hY5?^ z@@};?I3j5+FS6dZN3#}P-JZ<}y&aEx6R1d0TNI}ET;*!YHZ}eUJhK|KXJ6^Bi^xRj z>5DgV$E)yUOR6fpdETsY?b52JF_NFjnB|3iQoGrI2pRxX412`P$a5H`L~_ayQNidz zlvs*yRmF*@#3S^U0a4#?o0|L1(psLrXCN$VXTpT<<75b=3pU1ha&6ek_o!e_B??|+ zsikXEwx2Mp801C6N+lxtafGl!LzR); zck|jeO}&ZWDXrT0fz$b*Sy0FBxidcV+eRVVX&qX9=AJRjxC9A8wf=7R8w2h-)zjRjrI#9zDx532apGuAq^lu3 zw?2O%rYj2m%Gp`drSq0d(s}$#Md{+$^B?yz-maoZ3^0C-KKkX5zQLD|;pdILf(~UR zn^6O0Qd5R-hPknkkp;V%q$IgP3hJX7eSC?Gcz9RvTw+V34#@&%IL!3Q&6f^Bczp0^ zX@%?iXI%CNrph0AOx9e=p$oz#^bF8QF<)6ZidLJ;0X`x~8tnfvQ{8z>L%CXa%WWlV zi`L?zOMhay#?)Hj`Wo&4@2&`qhkErW`z8*G0%?JR%FT@3?N-s|BvURpxn6VF-TSSN z{gUod()VgIP_-+Pt(o6Cz)WgZ_O%U7}Hp*&Y31W&UJ=?kf@ zEVH$ovW)hwO%pMiOc4JTW!mTZuw%@0lpa_t_h!aP%c!v=e*YNUC#2)8Q~80%+cAD_ zeLG<7A4A)7%S7X{l*K#2cr^e)^Q$FCb=YaHqAXd4kKf$luhN`>_M6@a7e6ai|7Rv! zJ&3u6G-lbh_js1$ey-jbGz{E8BW#j8(j!53esxJEkV2nc<{CEE+8;F|2$G-ARAGq1dnM?x}br&rqHpmPu@wF1d z`@6kEAyQ{EEt&Z}JuBCxT6h9HIDTV^rJ5c^zyBV#;Wjcgz@x8fiz_6I(oU$zVIfyxh1;Qp&cNwO$%1{y zFb=loEhH`J<)rsGw2|rvbiY&lQuGfCK|~=~IVIL9V^@00admPnd_9E(eHIMDp~0{LSSw9?Pmhw=DY<)#A)S_ebk7K)Sd|^xv*$Z-xZG6 zXHFie_3~C1`WIf2JW*=Fq~^fQLS>xTW6zc?#6w?#=1-Ejzi7{@+!<4k<~!Ie+%PaL zwy8MR$>6yP{RX*!^JAyjnug@Kpbv+|O_*L!-0;Fygjn`=VU2{1U68HCwYgQcR8y$> z4UM`kk}<6-X$zd%)2wI-t5%M#57@{4n|(L0f;;RqREM(X^z{aB%ZcAwBb@41(+U@N zJo)wTjMI{vcEFg(=*vAZWf_(h06JO=+A6#vQyzY1og|RWVd5ZZe#nklSk_S%;0VEc zdQf59sPJmwEp=K=4{wZ)P)@iw8a`<|J5cMln1ilscgoMp?^9&_gYL$DGy45{mz=@@bTXzbWTdc@VF)=J)seK6$m zAgL<4W3VeGQpG#Vmf2mj`$;ZoTURoui6$(XeB81wM)@yt3v0S)0K&Blg;o=fY$w@@ z2fp5_n}=rZkLFq=Q}VJ+zb+f-LbFeml|LWg>QSMn+wEvwvy>=Bu zbn=?pD=G)4;P#-|U_GOEzjm$VKqK8przy<8;MribI1nwAEw;SLT*i3>TNH$dYQsCN zFA&rUYH#mpiU;Xk<0ew*mnKB!0>FdH;eNCg+(EomRME$RV(<(3<;e9SejbN~V5bWR zw#W@sT+|2Hkf-e9prUPIO4bChM0g%dH6g;`m{K`}4r47k2WFBf%m}=b#$q33G!Uz* zj?gZUZg6^b4J8})1(+i&PEmg>(rm9dg-dreKGPByUHR&I-tvHW)w_wMO{e4+}^3lR5&?y^;C zu6hU%q;a95P*5zpBsS>$ud<#;+Zpxc%g#eA5z!ucOKTXZ29TP2OLp#id@$8eUr1U& zcnld4)o813SS&YgpMuwogN|?AIth8Sk&(?7;ZWN^5*7a*2h>KK8J#Oe^i{aq`ULhWW6bSDou8utnWIC)uC#5GbYaY{IJJvv>`W!^YCCm^rcH9 z-&_A4fTA_z>{@Idh({PeTwQ`H^4spEWR6*&jPiz%_x24o_E(nteeb*NZy_rfq{50SewRt#zh7Lp zQC#iRVgR=k?S&R7<7gqlAIJ-Q6uvg>jc*LkP&ybJ(TEAzH;yw`39$O{)UaAl#_YJ8 zKo44VMm{xqCp#)tW9rhG(m!P8zeYE^8GOf&uX|?z<}&@{WSO7_H-ial7TEq&gB5y- zW6xrZ8F^OotZJcd61RLO%Q%^+cUISSx^tlQ%4a<-&%e>SQXJI!;FGDs)>oU((e87p zEKXQ%i{?e_c0b1wKS;enVSczV$k>YL~T_4ju= z@0eYlbTjpEQPK-=CPp7ixPEHP|AO={>`$yxrMk^&fo|K|PHmWOw_lm~o%UHawJz+u z+#$=qI`wEp2T?^yjV2{ie!9O&uclQp5UoSHz2| zV)PiR;4`o9dr&DOk9=r`k4dx_8KMr!mYoi$0`bU-J;_YVoOj8hSbzM^8v3NOeVM+* zx3i&h+U!)%QmNS5U&kv)T%I>r=_$j-e`R|+KXjt}>o7H@o>?#Jd}R4}ZJ|1*hbu@^ z??-3NpHyS4)C;-&s_d?8&OfNp{!;;*R3T#Pg$fzs{Q-kGX3dvJIC%dusr6WwR=sq9 zr4!p%AVaT@~^EQ{lvc zuchVI^aett0fo+Js7N{+c`*&(=iaGLuN2SBK-9L|2J0Aw?+K?Wxip)sYRsmzxFD=& z9-F@u5-c+JH3Dl)iJNCsY2wyr3S&I7>NI?e;b&`Kv7tE16(|+uJvI9MuCA+k(^sq3 z*Im|E>M~9I1VDSfiRh^kxH>L}bwS6|liFvr?icfQt;qM0u_kq z@H0T0SMHJj5mtdCZ1U93M!rAv?+ORqxS(UJG#);`ILBl=`sR1$!ZBvY?95n#6_n{X zv*D^PFlp$T!IgZEU5f}pjxz8T_)GiSjZ|;04seW4HN;en4AV689JEJNFPcD1f=Uyc zbEe%6lW<TBbPKGn5lvgYVJ0f=e2Ezc<#6voxL(u3+4D#rfEgZJH zet3Y&I@I<0ec`6J`e#PMe^#9T^D}xrb~jWWsP?}i4Yoi541Rn!H|8WNjcZUf7?@~L$tCxE;n6Qc4Mp2G1$!@PCtLgfzNVuBCbm;ubo zSlxBpGsy9RA((c;CSL0YsB0xcAGF9d0Er?>_xP>MSg2`TQR5L{cVxI^&Z z5=a7pU_l=4^P4mCym+2DXZ|z)7kRU<>^;|(wXW~_ti8guG!!3_(vy;qkUUgYdaFZ1 zax?z=_v_xx>lV!h1UU)GV-n@JZ}faKcNZS|>TZ7KK9iHpNsKcNYpCSA!|>LL@w21* z3-c;C>tFu&*7x73|IxoSRJ7#zkJSdLyANO*TC=tLsc~3+WQatYwqxs0i2lRD9W z*N#u#fj_^eDl+YwmVa-{)(@3;m-Be56oB&J2oAn=C+74jOR6&^W~grQipc4=(so5` z3zN-8U0ogrpRcm;Uca9252=g8@nLCVnQZnm8BIGoyYC9Q_V)I}QU?!iUq2^L6l^=M zDlXnGF3eI8kD#unhW;X?2gD4=KCQxUyrbJF8@jXe+Xmr}Vo#k)0&mT4= zO$+=P4I<~!F*mCUnqgah2eULxU&vO9_R~K9bTlE;dG{X@5})lIL5G-opVfn!naV)! zTWiTOhrUOpf)0IMzq#6JW0@uW2ml8vEC=HB3px>;>(asZ9)pn2-ChZXc z1jZ)2-oBaw5H*1nZ59#N!BuK*RT2K6#bj`fp)SclwAwq)JO`uB&os&-TA-BtKK$LE z264iT)_j}b-tNi%6ut=P$O+xTyDF3^ia2swAXjSp5PX{7Vzvu<_*HMN&1?}QoHY%T$oAgfDG zf?8Ru3DUKfgR4c=)`=xvp`{d$Q)qB=b^N%+T?Uk~sXmIxDyiMHYG?f2$+VzHtCJ;4 z#LpqU3zlGrk*;T#iO-=TbvXEwTdK6!yT)65e6A*s2CRac@5)YcI*LE=Rsg8>M?7Ld zY;?sYyOtN1aEm6sy*8DVETw_xCYs4C=d@R;D>w@$T{w-+;t7(SMGP|2@D$p-TVt4- z7xlaf_Y9#dTh9=}l7O)BnGp5#oY2>+tMKQ?T!wiU*&qwBzcn(U(B$}npKSbunyhc$ z%h@rFW9s09Sf(J*D%K~)l`DRsu0;(nw!u5*FGGX5=k;BtN2dy*Lyey<&=qpmDXM%@ z3~#iJXDXfnkNGK3BJee*Cf=k>CGdScLqGbE4hMm`1|R*Y7)FWHG*@_O$<9yan^jR? z$}`4iSKH*}yr>l&yHE)YY|aW__%7dC7#QEYP4Z%+bGp?uXwTQjiRJ9?EHl|iZ=^ZI zx%#vE!W-19@LdO1Rx2ZUFls5GSCgqmu{7iERuZRaS=hjip@6>&+9NWhToeO$iO{L~ zY-m*JvFb2}xR@{F1RztBkg+^>*=SW%RV*zD_0|MQ`dV}C~aJZEWYoB&cDeC%o@BIYM1R+QscVEmL7c%1wD6K@u;F z_%rjRK{(cZK7kKiLnxy%-*1w~X@~a_y0&oMXnF6B#r5{1#=C$XbpP=WWkGSHE05iT z$(=!BDfk;&dK0{}V*!N4wd_ofew`9G1Mu(!LYgoOtAA^)!)Z0AM#m70n zZ5X<*tEWKc0D-6)uc8FR)++8OMbTOxIt(ZX?9TjhF?5!KfElC|`Lm2QgJe-D&rv!b z%$m0CY=M;x6(tQ7wE{Ah(@&PP7Dgk!O~)E_HTh5-I&1>m%}@}nT1QR(qGE(XIq z_JwBej!`UE@h`)*wg~hB4l6)qE|_ao*)Bb+ZQeR=Y7F>i`l;yPNdcaJr%ulsr=jR5 zhtXEWj8=&f7i(y~Go7{17`5=4-F=*DPdgk}Sa7*l`OeZus|8LnY66zO1i*t&csw-KGvw^5-l-}@+%X~%U~Kza{bE7kR} zu+jA@FhI_k^Aw)bhsS;fVuj;v%la}*r_``%Q?n&!N?B|{q)K<&xTiiR#F_qpvPE_u zN22YD`Ha9*UZ3futZ8EBEG2&72!55Ri!*e0J}KS_#~7M5LDqtUp4Km{j@r`R`+UKV zj)|&*sv*;9d42anKAw?Ckm$SxD}rQC#Y< zmDrU%Tj$-aD-u8FeR9}!2RCYJl2=me^@AzAdcy2GKYPEK?vK&7Pf51THjquGog*Zf z`F@1GT1}QkE-b`xeW{ZL4%AB-J&L`&wD5ijxE4xp!#2DN`WEhg;ua6UQdt+GU3eyzId(lMOL-(9FeEp3@ z>w3}gN>|^4JfdqoJr)}Xm=b-Ak3+CCTgx78+~RItn=hk4GC3FV5aLV?s2C4L4QUFy zrz8Rn?tcilOQzEq{t;~9#%A)V4@*$oIZD}WdC|isDfyC}UF_AuGOK7+UYE?c4J4J0`16wJ!r(PYoD0)_)A_D4*2#G6mf%_uB8#SR+N~6k#iV z9+gz}@fbEcqFNW`4D!2~xtjL8^~+cxwzf}6n0bTkT6`-B-nhR(!Rsr@N29?)KpW4r z1s$+J3}s)H!TNoVVkNuH@O-zgO;w6^KB-^z97bc9Lg`2w*wmZ6{!Z;mFH_s&J&(HF z!9G-*`Mhhq5^&5kvt|qH+c~-Y<^Im<>dxg1v%u0ODYNjN#b(P=G4*Vve!${>!4Jti z&kAhnZMwO|nYxx=pL&$(zS>)^TUQ3Hhn!=85$-xv5q_aGb5rkHeopFY(^8;0`A3uZ z*a9Y}m@;bUczGpmcg?6r zwk?fC6=UZyS@Ez`1W}k^wj9k#1UR7O*uVE{nFiM0lK92cROir}Pb*M7X-tK3)s%Pc zk1I@{x6GOby=>~Ks(B`tz17Mo>CoSY3v`i!#v4AB`6H?it#b^30>!vs1JqVs1&p2x zc?j|AkG0%WCSS|rH>%A+W7@b1N^CO_)IqY>vvr>2jr!Y>dbK{%HnCvj6w8G;t>_u* z84gzuPO)9TUSvHFuh@~8+6j>^{|AYP`syLE7tr*M{3Eju0T4)YW#*rC4j-;uHq{K# zdA&8eYW78|)LyHJJ;`)*x`m(;mwN9>%GO$xliMAm>P21DqT}h1aqslf+>V3g?N&Z^ zV5y^z(BiAhrs3PIKGme|?wc)_LzSzYl|E*%#~eLty?EbLcdPHqw}b>17~y33)?TJ0 ze#YKq)C>OE-oG}ULk;S2Z`ZLa=UBkV;_Jp5{){O;SVmukSgQHc=Z)6A zOvC26CHC*%@tTBe01l-m<5L=k0=U@$`5s70A$JRQ#z8Nyav$c|V!u+0$?lDzkw=sI zf7yZXXR4zC`(NyU{oYMUY0$vzLVN@-NAiF?EFTb+D zL~XBiS6q~}qGF(=rm&w-5+#vJOA*PPKuL8UL?QYnTj?i#qw20*9wYvauAZxE{ zUZ7Lqw`ZzbCT^Z@VL>t8o;HCV+vzj;5E#~uwY=vGvv3n-qAo?Z3s<1X#H`;^IEcKN zWsEtPSYCxbE7+JCRU4tvaM~?=G)yx%!4HACy0VpKi1&EgkG-FF`}OfIi$jU4gF^+p zyturyoPsDf>)2mgW*@=G;>i_Meefm05jyR`_DLHd;d_?{%Wp28EP9Q_>#qr*a7iZHk!{h{9O2t5xC!8v8q&l0vs<|2s3m#JbQI6F2XWo2#iHYAs`Zg6Ci>*!6bpTulCGSqL$ z8a!nbf<3o$_LGNbcY_9UwV@6PKYaEdih7b7{^m5$ul*|v{8|znJs8(B^wfXshm&Vr z$M=6{qu74@lSy)%{TChUuTZHU&sCFrhFTta9r~&(@=O$h^>(+Z8O*bp5@}V+(K2M%)$6B_#6j0Y!(!*~ zR1+=vJpxM!*V-ik>!t|_l7+r{`w|R%ZRJxPCh1$^F$>)T?{ZgCZfOi(FIVueT2{MO zd0Xs-?9C=c@EKS*rR{7M!ye|aT6r;m=(ANI?3c&K*!l#Y8kM|qZREzaPFHijtPZVu zSMY=BDp21MTDT+E&|a5tc!?#Ke96x*)~9?Y$#E7Kxvym^kNM@S?AM*1Q#Kv@Fre;7 zf50F(*5sAdB2TpzFdgLLW@`0XB-bMq-BkPb+m`Z`t16FB#IG2<&y{|jr-g!nlO2rF z*K`xRr%t^w>G;piVu@qyH#FG7mX(!V5FjR^rl9SZvC=f!7S4`HDaFmT3Q*1-#0r zV!nk09kz1stm;k{b&7oWaWQm#5T$NrolKRbngw`a5qhZKF{e{eS9@s38I^>I;UdFU zgCEJS(ku4kZM>1GFzsTAi*ycNquZ5qs!TQ1ld^^&Xl5b{ta9AMpsF-Sn(F?f;jR!4 zGp9u>EzBUe0&>kzEmi)2)Ip$3bSBxW?vg2;Hna8D?w%Mtuj31LTle?q9ilkst^v%< zl-7317-kq-EeKR=ZFlZ|nQmvQam_$^lO_ISS6>GkwAG)>51I@%UUaA{Vo9It2)miv z-4B)Z(dFwGCXKY9j0Z{q2lGYwIik{^qh=X0RI@S#1GVZM8;uloopqJIm#6C-XlORq zAV+7Z$f+7V8f<)w^g%N(DW2k^0x`SOU)MP~!#W9J4vS`Wfv1scA5+04ch44`$J|Uz z9=9>pG#S{ZlyP$Fy&XcQPwoq9u@*DH40#ecJ2!O_v3UCBq_{udcXM*4Mc_vz6z=jF zJ^8LBi)~#dTxR4myX_V(TLlQV(r3VwZ(i0Zrt7pydk6e3{l@#UgJ!4Rg9{oxG%`i% z_hC{%W3IrY*C{W1JUbo@S4=;tHhHC2g%I-ABpvUkUNOclJ-GEdcR9QlVRpKYaygr0 zA(t{%w+I0FdFw8>^X8H|Ipn1+oUYs6Qt;-h?ivFcgL#8E>7fPu0#V`|41Hq!Fkk={ zuWlU}q%CFHL~nyH%UL-IvzrAqO~uO^A-Z*72G!5K{t4iO9e01WY>Kq`Yi@3+Z_rp* zT{fnROgkxdJYuT0vs_5=>?>iK5?yhab3Ar=CoS%U-leV6BaLpe!mEwGFrR#5+-;)3 zM-K+nm5&XWo*tP((!(?W^R1%ZYiqxeb~c3t-N#&?=V}AO3|I$JpGO3zfjwp#8*~c` zhD;Hqy!};xqc`<-<<@@agoN~a(D@mg!t~e#U67A6UBf^4%)zO5(Ok2Eo*DI*4UV0X ziF}R+*z&KQ5&(QHrnXaNhx1T7j`BI1ZOuVmLB-6zjg*%%QD)I+l$Ei4ew{PxvAiu6 z<~v-rK1VP?^=d^@RsURf16-c5`S949J)#*iWwHNtg2~GoY+$cbSl}R*bYHal?U2Pn z;IX;E*u@*?&wP%9zvH1VfWQU=shjGC)Gt2Io%^3};dcMso|WQG-f$GXNCGTfY69_< zLEFX$ays)np8uP7?K`zd^KdSaE2Zt=kLGT>Z=SP?HrXLZ$N&12q0d`4?QCTPphvUV zTPf$$h6X(e2)sBB=(h4&yO!-Tyx_xGwsOFvKi+e_)mgr@zHGwE4O7**c5OUjIB7KK z!_Fze&Qs+xVIem~)TnnKFUeYKvc7*(_w!*m7kJimAitaZ*-Oq-fz6^(IylR#p!Xh^ zyV%$o&H*!P3ICPf43+QLh)u-l&(2n#Pf{DKXjxv>;t1{Hizd`pC;sl~Bb_OmPBqx) zeb{-}TGG3)Pw#SPkS%|!Iw#7`+4`3$!|FC4WO3vD;4D&*vrqXvGJqOnv+J@6H4g2i z5$Z64#ol^mITK!aE5I4G-!W%kO?V}@)>kp>y>zlHz7fsgM(qb&1T{7h<9aG08DxT% z2!1}$X}w``2QtEU{RNoNu6&At6??!aAzOSI%{YBw?6Z#j*N6RvW@zc_*94xrlP*1> zaL+JsdE9DIfqEd+x<2xaw$4vU|E1exDTPO?2jv*;im_is6VKcf8xYiTXRIF zz_3j7&JTU!BuaOL7?|k-i&|TGCyWg*4bCIm5s~J@3Uc%$dAHIY#*(%+v^RH;5oSXF zahZ$B3D`@Wyg`D^(7w8GA}LnU$}5PVJfqNQSb_XKZi(rS7*ro`p^9zZO<6~12q4KKL1|~^#5{~<(KFWUE)l}O?ERw zWKYnnPl{g(f~#AbL;Zg-CoK3DRqK^OMZM5$9)u-v)uP!>4QO8l{2sxN&Hck>Rk1D% z3@HjPBq3pTv5cFkl>Ie+&2f@<2E!CsT0E<~|4M_kzhySc7(bs%l!YiO56bB(*TdNe z>zt0M{OJV71{(woKiF~6e8IhtRRQldS~f|Ui)p@D;11OF@`K2F)99O;HAyH2plXR9?@cC^ znHtVM=9KB9&`m6!x}%xarK@c%5qN#db1OvT(@W6Cxt4}V6*VZ7t#GxiCqZ{z$WP(V z4qcK6M_$EDZSF5yj4YR?YW`htrmI&fwpg%lNHw>3G?5c7`SF}-**m6<(#LsLmI=5w z%T&J0d~Y(jML)%EQc?IZnjvkQwWG^i* z!d&xCk>m`+2w;=b#bV?4#}2_oyhhzec5f3D))V9%`+KDydfEl5p3ZUtR3Bkx>iyTN zI3rWa1d6}6B~-(_E6ln0TI^~Xnx&^2H+v<;NXZiv4PE9@Gd%R~#j)8vp?Fhkj$gXS zUEsnV5T(dM3_^ZvPk@eSgUyUs?l*{&Li-pNvZt#+0SVWvnX}UJM~xMs8;a%1GO3yL zKqiUmj!O1N7O&y=+mk&L*-fcj|G;BmH$EtjJuqn)$1KWCy`lfS79RI&E5QgcoxFiB zcq1uQ6@iji#7qO>)*~&%?of~Vgn2&Me)kKFV-g=S)QZ3pm%?I1N*Sa{Y+^O=NQMo~ z%zhsv2rMl0qvQB^s=tj)QENd;PFm2{pdu`Y~^agoB%X)m2K;Yzb zq#ZQ2D0!qUw=hQZaWPRpv+kjr*M+=!hpducqsQ(BdOZ5b9X4OEzSBqV;KQ#;jY2-D zA}dY3XL>!-O3$m^?hdfxIkcRnw#!cN&JcW}roIZ?~dY>uup?>CPdHx+%NyE>P+0Q51ay;mwQ zSC#+e`Ml3;KwyBv#ZdG{1Wi_E*uxB!+|VXXlSAf(EcK}mG*d5^T;_p+j?Vg!B$b}v zgTXJ=zB})-v^|$RMF{k{pkHY%`)c&9Fl1grH@*wS%%{Y)37FMG=J_5hP+D_! z_*i*SPwqGU${#Z2?iU!KH@ebFn%7yoEYskT_C3oveywex9=?q^QI4oZPKMxpV6SS~ z!B6N{QoNB|ZGIaQog_xAT+h&{w_}Ot5!lJ`{@s^~5Hnq3}N~ znV6j|C&U-c6rYbbt+e&nz-KOoN~p5M)&5{!dGn>mv3W*QQ_jSos0b&mBqSPh!x01xa6Sg|3v;VKsUjbb5*kN=j0yR~F)Zn*? zUJqc9Tnoi92eBuM)EHnKir{4Oq&jCvI<$&-MHw2+pxHCq7@%l;tTAbrf|R$O0hiN^ z-7xtv_Qu$IGMNDOXrx^RmjZTj^ziABzfQ)t?L}SQwRTZ5t$Z&EC_#edq;9$#hu;d7 zjW$S0H#B*sv7|KAqY>_(E_u?-jC?C)Wn}!OQtYc0!b#t3rJxVJA?sfF4Lwh&%4CvL z6th1~N%7C2o2yE&Pv`RLku{3=;-seiuB?1s%MdlRc@Ox8bAyU@turQ_;V?yG==lVx zkG;D>3R|{xZXD&}Vlf@veI`OVlN1a6o`#wJbc;BD&AOM+P-D&Or&lVh5Vx#JSN$pH z!Co3oWd-dIX6au{;--}Da;hpB^sMU*IpP8j>2L4x984l(uQm0r7f>TZMMCpZPX^a5KL1pP^G*Y~@isL0K44b}TwRnO?wld=m@VAG$Q zpBNjm4JYF$DBv7Rl49lO{Ok~yZ^JR3#~?0$!b#7x#xs|}FxwQQtYjC9U-&#fIxCwM zIYkPbtWi>RygS*VBr@@Q>TxK40!ZaqGIihhDyYTezgd9P3VS2?q8rhh#nFxRPLpaV z6?)E&gW6radF(FOg}R3?)4$E@LNO~}9ByF+Mx5d7t83gl=KHYDwyuk|{8a8qu5kEt zL*2YC0}c^yT^`Y0H|JIQ5TeTMiL*z#jJFRCCeAfMegh>`yfCb&(XquvlNuN7D6{Q1 zb{~1~-6)>UuSvF4t?}lLX2%x%hQCTa_4oCqrwVx=aF8(jJ1KNOwf1%z5s>4FaL1F9 z8e%vWa;fD_KG-3<6VTP=O|i6Awmg#0#VP_-O-!=hphrTp3na&G0_LjvGph*GpI3;Y zck8=!vGy*Q>Ad3k3BtR)s-T1B2bDjsRYm8BSkumILuUz@1pqh|EHjcF9m5wt2RVQJ zL1mcBC9l9?X`x=xDq@DCB^{ihROO}lYBj?FonvoA2gz^&eR-ROz%2Adjg3Xj78Dee zj5+J)_c}getaFuS2LLx6_xY()qIahF%v+0dLRB8qYv-+V z44F8%mbha4IZ;oNJ-{fxsh3{XaUIC35^LE4M)cxC^JWYOE;D*0=~)#y9-UPdmimck(`R`J;2|+ z)XL*~$q$eo=Pz#xpB>dhvaLpl)5h5V)YIn)>bFF;75!9?lV0pW=RHuAE3W9FMpDg` zr|+wNp2$k@J~gXj_C@x2=^0MSq{F)Y`Oa`K5L0bZG)?sOa}?s$rwCbrS!nnerdPZv zc8c3BGP2rq-1oqMx-IKE@oqMkmD!PBW6*4BFizo6%zK@ko>+L+-!q(oOvb>u;+Yua z8Ba#;ID*2voPkDOUb?C+L}!E_yikrywO>%lQ81Y3>;nnmmS}ZcK=ZE?q(CPw^9*?} z5j8)e1jJLF-(9X$B?D6VNA1LtMc-0ZMT&dyMkJL*{WCUq?%i8)LFC_PAwa?84Rw6T z=6d&zp$K%kgQl0W?%m>udlx16eyouF&}x@!*js=8l z>4}&^8ox&MleXRuN0AJRC8|7&$3wM@63}*M0kz@pEd4oIX%GNH7AH zg^pGc(l-k<)J@ICvg#lKK`OB|y!hG{1beRirbD!ioV{X}*YQ-qB#5RM0Jl>ft=JZ& zQYv(lpGkT=TPzRs{>YT?DB>XsF3}++(+S1P@>Q?VnWU6uf9{J=JbD&Zo4*qISzPU! zVJ(_ID}BaVS(PWI{nSP+d;K7SoN+q+one)`H+sG%K<*S+CZ9){%mD!g#n5Q#g(|Sh6#s+ioHQnwfulJ`R zx-o%^Q$FNi18YxTZ|50(b?V&;DVxC^(>KpH#~t|lRGi>m$dIv!MLsHpsW3@4v>7_c z(KC3i7cKX7szZsBLvR$~d>WbY+?dEOhi$x$3I0il%LQg%6HDe$|BgxCU36(& z0B;SN!0gJWcTrt8%|l~bY!zzGDFy=%qyINI@ZKb(K~}q?muRnOq7`_z<9e<7c!MSU z@M||)Dxj@7KhD$V1I4hg^4l2-(uqqrKyhWJK+fLt2(=@>a zoxhyPYttIa6cyg4%Z8op9DR!oCKhhea-m)w?@wm57#@dM46QWicKh=j@BF$74i3bW zo^Zj=rqcKO?r>+Fl>9(e!^s&~%PHF$^4M4<#ZPzvz&(#-j zW?9)W=26_#yXH6{$HdmwQFp>h7>N>d!J=q7o7+6$|d*^CjSOi?y$7G zUTzv@1;4T&Ru*PK7k~pitmhW72wu%A-m`U&2{(Y=77E{P6T%j*xfqKgU75erA$2$Mcg6kqJbpgS?fww8WSIh7MI~QkCafKMu<>OI&f^xn54l zDW>cNtDot5Z1uy}HLtyi&sN&nrf}CyqC!17T-jVEH7l8yW~@%uE2i#I(7UTsb@cYy zVHf<8aK@P^aJlPRW_zim?Rxo}SVg!3%dBqvZJWM|6i&T`se78d5x@}CjGqH}Tux0^ ziCkfAddux(eySkn#0|CCiYl8 z8x*PO`DEAG@KE{Hi%XJ&x2xnE{OI5m*Ts9NK=-k{8yZ(gaj>gSBA2HBEC24h%p};l zY0OsnTrBA2{<2d~5L5K!cBL|9s0;B4bBx{6{_damQVdJlo;wGKLSydWW1Ly923OZ< zj$!bxY2uU-ZW938sT@e`MV$^$@kMA$9dINk9rvkD(#n*PLuL?(UiiAJ4gd;UhlRUR zm}`!e5i?R<%m`V&sC`5o*TqD$h+kC4vUcAtxO`K(HTl@bx|^@k9#Wd$cZM3iEN~vp zX(js>bg=B|GWbqrl@7flJv?t$Rzb!M*I*&`O@Iz3uk24{f>nH_mp=^by0$*J0IyZH z{kR;s#(1saG$eUTHawmO%3U6btDHxP;Uyd;75s1S*XpOEvK6B_f<9LDag)eV`DOQXd%!=8yOP9ohU@3@hG!} z5j}c4Xr~(|Eq#e-t0NY+;?eVF(2Y75lNK%OD_2)&+994?g#7BC>L0E-OwPzaTKe`x zn>-Nl7leHi8T=r4e8S}@9f@xu`*)H z#aX~6;#V{Bc~~pyl;4+180=)qyaX|!o8@n^dyA!aIWB%DDRf5oEZUaLaw2{A@Qt)P zXephxh&e0qCW+-z_}ebwI)O{<9s74=>KHJ_aIQ$%C?bm~UtF&3^n8cz6utog^BlOE zFc$6{|2GTZ{5oD|6ZL*lT!x6ODuEw}b^iV3`YnjIfQvKc;@5U=;>>X1+==GZ1TmXC zk?b-^^Yh*~_Sl?mPd*|)*t|8#{}t$RASyHUPIFxr-I|;Gt>Gc{-Tfw~J`)#GFB#CE zqJ}`i>)|N;M;boWf;$UJxDLj^L6R30pv25lZ9RzZNy|W6kkJLfH6{fTD14girwhxI z)s$9VXnsP9(vkux@BiafxsM(M^O^?-p=l?@v!1n-hzHdCz4o2vrQk&OHet9e`OdX7 zd0;x<_V=>W{OVc8{b0|NPpM}|8}gQ@yTp5hYhCi2-FoZ*o<1lD+ONd8B5Bje&9X|a z1Z7SyJv0+ErWzv0T`$qL!5210?1{vPjb6kRq=Vc{V0ImQP1hZdP0=%Z@ zm=PC9>~&deR#sLKq33J@O(SAuE>Do=u}iDB$rH1$WRLzMVKfpjyBzCDWVF)p22Psk zBD})F9=~j1{%HF#0I_Dz>wUt0Cne?8ir}TiFWbMUCpSo>J|+w}>HHEf!n29SjEI1& z`^fibYrPs4j+y9Y@Pfcw!10|QQ=kjk6M?H{3r&ycb3mCANNn1pW z(W7GS@xIP)cK0wO{EL$CjY&titRBNyyjaESYjpz_B`DL5@EZiOr)caRQseyK&p}l{WyvLWIY_#? z+t4O#m??1c#7p{;LA`%nd3g8=TXlQ9t0^^Q*u2q~p3r>Gyx5=HVICYj{O90FMB2dx zOL=e9f}S%Ala#Mel0fs{H7Y6J!lR3YnH!B|Tl=Puf47Kxx`{lM_Pv})>lQn$zD-7} z*3?f_=lK{DlHz32_RDr=%-d!dSU9^zHsu`H06^vpP4gXNy)O4|-jGGD=^yiccd;)oHevy#-joeRY$_ z;y1zNaY%G2&Q?H)OG{biS>%!AfN@&BVbd2Ee-tfG#%2&mUs7fTQqa7uarc$4g^#cx_l+^a3;VI2_3DpRLv7|~LxM8V59-=$`;lyc z=So}KWW9c>n)JhIAZB8B+9CB0GLOuVKk#B;pS_S?5GI)=jo?W{Pl^xKLA;N4d;6oE zwVx};XJru=*7MT4#hD?S3#t>D)?`-Eo4w_)Ijsdu8*!5ZC&r5q$dBCpB|Nv?x`CTX=hb;D{8c+aK@DVRvtd=i?pbFp_@%WP%cP z(hpJ;(BA)|F))jW-v)@$2)C+>I(oUgUCt2b{YT)MG zCJVG_>td6OYTrD2*sz&qpGhS)Ie)ykTNu}J{G`}UM`-_1tLKJLa;xWdJ4Zq}j^#=p z#`V$<6YzJ~oLjXlQzqI~%44@h*Xq8_>=)05j|YEK9+`8y-g|DpF>t9beL8U4BjLo+ zb~tFNkW|@a{CH6Y*`qlO@taYjE4E?2_^CaOnbt66b^Z1|O7Hdcq=VLAs;DN$0_!!V zkJ}S>SF#R}(yw&<(G;-iPkKTLC#u}Bj89m?0zPY`3k!#5I_qds264*70pt>oNaX}> zHvH+CbkgN}CnjS`)8LJ5As>)Fupt*E#;1H6FikCz6WjI& zwA{U$1F+n@!hIwh*38V7JhrVou5>?WyJ}?h@La@f*HOjz#d{nL$k`2>>Dboni9bKz zZUDgw6NP96Gh{r5zHF<#^~UrGGW3p+qa>O+G8*ucsmcV|t^3cINZ`$lT+p-KR2*X~ zqdogwZgNux4%~?Zz}!fsyJ(|_Js?Iz%q*Ob4%zbd_(}P|K;~sH@7T;!vul47Qj5rx z8uJ5>qyY>BI1L>Nq$nf*>iJvIchgq<(jJ-?-zU+wnf?-3riy`Q}&CXb!I zy=^;e&OX;;+W1TJZfqczy^gt~(>Wj8;b^$&mNHpr`*R_^Cn6%3XZIq0_K4~TB>cH) z1UFRZ8p3e+!R3{!5}$3R}h=2Bh+vygs`#1ar(y*w_?c9j-RT`uo-ICw6~- z@z5IjDppWReM^kEdrq((w~*WRygqKUn_SxQ2l=?>V1DVKqsQ+W13yrc_N>VwwcE2iLehA(30X&@xrjd;D!j zo_OKk$i###)xsdJr3pdcPTbnJ)zI|iFKPJx%}{1;zv}q;^l|si2aIV#Ha6IH`)F>N z)5-h++|hg~heYu9ZhRt(XT`hjWB-J*s8q5mh4t}7i?*H+U=|;BbX<&oM4RWde{n$Q z3h>4gH&+hpA?-{Mvx8HVl}3{WDYuPAf$WwYB`m3becvypo%;Skyj@7l+fL=zu11SE zliU0Q6@PBu&|!Rd_6?IytwwA@gE$<2Dpm-6kWeu;)H@md=jUBa$CEfRZn*YNZO}oHcrtvkm*KX z@7_!MqW7#q-cR~@)cg3Hmg@*G_?0SmzU@#NjMp@`8HnXyKUp`Wo+22!sd_1)R zmFamju)gE$d~J(nO`a)6C(r3Nng7tUr^a02FH}djud4vp{UqJDznW+5WLm2Mgf=;# zG9DNB8Zn(zt|wX2Tbm+Vd7-Mp!%R|FqcebE9}JqH8y4)B<@vST4A#46sL|@PK`*M} zc~)iU-qa1Va<8t!v5t|8M_;ZJhI>ZLE#ESpGqj$*Y1A_igwFU;E8UL@-;Awh?$Xvf zf&38XW06w*wl}+$CI|=r{8<45d6!gfj*nI-+!A#ds2=cajJIQN32*OY`ap$y6!Fsz zh6mO2K<)$@Q6wp0yL%IdVk!=QD*c4m5m=V0j$YPt$DNWCpW-Rj-qvCBE; z&2NypZYdrewe2<@cgEls*Ll!>xIM1SS-&|a&q&CdtH_iH;FKk!1bv$p^{3w+$YxI+ zHb-Z+DEqhcOeNR|_y)~-en{UgTKv8?$hvElltPx6Sx9y)5zV#G!l_~O>}z~GC*_?h z|I7s?4vHqrkQk|DOOVhQR~#AS*_y$V3Z(=_9#S=-FiiXe@0h=6xo)inY{1xO(ZW%OSLsuNYB?t(gfJ`+*KG*|&Y%3bRuXw^{b5}hX&S?(nKP4-yb;6X zn&!=H$9|Ht-loloAu*}b7mCKiEN=^YPXO)ei6Xl7&?c;zjw;m#Br%{xd&oqBnD!BV z?|`Enzx{weij@1?tzU~Qfk6U4$IiP3(RP|1Gya^y2ZGlU>H6DtKr+mEO@$qP-jA^rUgplD64;DZWv8_MkE7cUr`(hWav3HPq zxW!{FuME-Z{Zn7C7piZhG8)qWS5D$uVt5)W8;)Wgy!zFY5P zO9sO<1!2-Zj;0;X*JPMuj!k7f&-!p}Qemw@8$Exl(g}17eSR#9RJj+Obi0D40 zq2O{JVmz|A-X+0)EC0(zt@E<3O7=E~j9QBY09ir*tU!F9O%nYL|Fa0gNRQ1P_SD!b zJXLs@myAC(9Nqpb=*sIZcoNP;*Y2qJAHdve&fOkUB`MnpS|J^pSYecJ2gV2n+l zKjbLE%-^+z18De^S@yauHuyL}a-Mnn=lR`sS9v*w))6ey96nw)fg?T~@^OJfRfaU0 z++RCvQCB=d&NJuJ>P$@6_LWBj|KJyS%^qTq@TbpEdGgKHI)`ai9vL*LrE4buGCo0q z6N=EW*+@X&LwRqXCu_kiIYQ6RY9fWLm-}sp;{0nZuKR`YQY0Uk8$mNVVZm2>f4=6o zNsTMScy^6#PsrKG>g!M9*ZURg58=c9n}dFz8*u_AXNQ+g$Jn-0xZ}f}{T3VYwChN@ zfMa2ucGw#d>byU8(!^r!KmI|)pUXV^x~enIt4MtwZJ&KC{*7fe`NydQiW zN#*ya3dYl0xM1b>oE<+3#z&kh+R8L|u3yJo2l$(Z?@4}t{WQ>Od!n^^dXO5T`Hz5U zTBH!9`M&w-+Q7PFyN^-}et}kt_134mHzBM4=7LDVYqbf{|4(~o9n{vpu6rmgQmlq+ zixzj+(xzx|_oBgRai>@d!L4|4cPJ7lR-j0N1b5fq?l*0J=bpXKxo7WtX70?LJ9qyD zlSyXQ%F1_rKkIp)_j$SRG++F#H$92sGZFfy1+L%e3)wIPcA{7=Wgtea{x5styN~ynTzCx6Z5dII4YGlMVJP_Ezw$+M@FjT*FO?s-vGHPL zOR>?Xl%!W{rNnl9T|*uxM{1>XUy4Hh+=sVna++R|l;%B_3#sc4C(FTR$chc}9Y%~u zi!p!8eytKnuDV6kr2c1KfoajG;q0KthhUEO|`yGvRUF+ zzU6bazn?0^YjJe2#NIStrdo||;Ya1591<}qc(0=@rbM+*UWshB4TkX%*lhl~{C?p> z4;ysW;&=4&Mrx#KLu(PUQj+C;J9{7aALyfh+fG13A=Vu}2gVCOa!5Mno3pIjRPW$F z3juJ;7}t$1;;Qa5VtTUB>qb>K-tgO<&uXw)auZX~76%wWpqqOih!~ymGP-}v?TDhI za6DP&s=lZgx8k@GNa@HiX3TuVS4sMT<%8!9qIOfu{9dW)$>{`*$Y&4MVtO8rl)7qA z>ByI3FnkLE?^;5$EB4>ko1$T%a3bSLZ7W#UidX3&wZW@C&(^VysD)!_`A)2JYzhFg z7i&DK!)!hxGJ{7+k9Df72;6h!ELU(VSTh;gKr3oI(1O~$2^enE9S75*M3g4TIaQ~J zLzdU#y+<=%0Mi0TQd)i*eRG?8o=SZ$Ixu%w2$tAAHECR~ojsI-ql4RERWdf>J}OV% z@X0D1_PQ(#wurQZ@3sr{BdBG#0;E7LTD85IM91##X|t}QCT8A*+#s0)v6ME%_*An` z#4t4E)bTk0BTKrQLmPcWJ^ zYRBKXptlDg#KEB|*(L#e*^|46Za0$YS@BGC3dJXcPtQKW)|@sh#AM2oCJv*G zPXNsTI2Z!Nuvj2F;h?e6;}yx6(b6^FaQlvxHMb5#e1WR~6pG_f zB|kw$n31JU3WO?wlWWS=Ny9_03sj0XI5-C{dwhbufsj6;mH5<2yR|?MbkK#h_90s7 z*p^nWV!~DntJou5vbV_xLMh{WT#RS|d*Wd7Qa*thK802gr=^90v07@+;1#W2=%zLR)2sUN%{q$1c$dC8oN3tU6e5t(X?cd5rp1#D zCdkflO?XqWJqhYAaY{KccP;0Z*#h?7#=lzhaJ_kY5}Bq#PR~pg9KbkIe}VTkg@j>0`f zzL?{h+YXX!Q{!WJOX@&l@`PTlP}pVGd3;exqcplP{iK^;>(Ty7s6e}xYwj4|Begw0 z)U9QDm8KbS9DY0fVs>7qi-C>sbPDH{oDy&UZHM%}WcjFNP5lx#UVvC4T(Q~)(T?L8 z?HN_bTU62gW+?-|e#hH_;~olluKuPZk%I|T?dTIWw6?0QgSO4@SOTy30xgu$NM!uSP4T%IuFTHO^=@2Djl+N{*;Mzj46#TypvF{ zR9}>j1DS2j#%O=V6@CZJsAz}+QO#yhCMFl{yHk)Y8*_J*Y<%+jyQonub}zv!0xSw{ zK>V}>Q-BZ#v{LpV%EInn29XQQ#M=|?J=gcV9W2iZ#q|vG^$t36eFd+_i)L=?xO1s$ ztREU0ua3;xxi(>X_UmxlJ5LMH?$$r|YKxq+b`o}ywnOL;*`J6UNutj$2_LLIiUS1!1}d2+Fru?SU-*8sl(zX6ZFMy|H`K zc}0NR!FB}>)$Pt*jPyA9;h<5T_|Z{9+A4oc9u;MV%mmJ?pxATc&zXqai~T&&X?l>G z;NRydNz+tY$jjv+U#GN1Zs=WW#UlaxU%z3apzKExJDca{!@ll9ipO<_M$l3G4suSy z_^je`4!oCXtC2MXzqe$6TB80Jc}>BUJ&5VYzTw>;3I&NN-g8cxo}_k8rShQjVjw@b z2!5k8XCriyE}W&)xa8S!v)T6V+xdQeGxB(X`OuTRkFX7~+m|S-1756}L2I zo~+^U-UcGmpjxB47LF$CvPF2K6T%DlIF#vA&K2TX6lTd#^MTMwucmYCy}Ip@k~WeB z484&|6XysN-g}af(646d{ef6u*=+8q8MN|)h<(Y(KAMuqv*eMd#IW5xJ^sDw_oUSf z@@?MyKMC+X^zD2ztf`zxCdzd2P>gJ3mW9=KC0fmfr`@t=^E7eiXQ*T+OgJY$rjG8k zICkuPdoP*Nwy{5-&6SMbxWlK(^4L=7^XW888A|URhIIuqg6~<1UL9F2C{G&v7W}t8X{dt+ah*sUd^oKMJFgk+2X~3N{x=i+C9D$hKY5zkCYH)W;>Z|?yw}v z(_~)K<{=46^%z@i3JtV;X&qet`isQY2%v7OLrV zUmR))3%k6LUkR4IP&I9)MadraRbb5%j6L*(ODhD zzHDlO?LxLHtHi>RYI58%phl@>Bl;@3mL(=1J?^qjjE{dO5rZ#`MittS?aFTB}ICd_L*-N%fETFyVV?N)96 z&{qe^)7Oq~?VsB8M<)kOZmruGEIQZpSsis26ZuRn>|cry#*bU!lcpLN=g+zj2}Yov z;sR`1nSpUzx*Ko3ShWtkIQu{v{5 zxAc_`>urIlb})Y61?nlQbelBp`%X{x?3H7kgw3Nbfa2#goIKeY++G|rYpz!y-~iXF zg_Q6OapXxIMW4kwCQj0xAjDe2j-u(y?KiOWev<(YbkIwHoGvXZ<8~=Tl^&Dc;tt_N zO^n$+4sv$)^554qbnBO`)3$fP=xAH8P$#nxrDM4oDG67nJ=A?=oUXyu9A;j%J3-?m zKzx3@?jCDm?Yp_2fqw0edaB4ccVY|~r9eEi9qzCit&~l+vD{67x50QAgcVe8e89Ga z^WPr~iHeb;=^Yr1hvxlkhO-9*T@`E-rR!lV`g~&lixr3xEY~7i`ZXTz082;h7HlhF zI};sg14mx<*5)n(x7qu|pEU%tRoE_z@mtP6x8><^dZ ze#-FKfxC+VL;abXtoIXZq?0Nw-cmI7KhPVNvdd4RF!Rr0OoWAR7io|=cXeIcO^yJQ zDqS_ZSeY;Ta?CP@W+fxISJIB;?A{$>`KrW%c$cZW>()Cb|E2|emCe>D5~NuEQ2zse z_db#!;&CKnBFu}2EFC*7LNUDA@-xh}SDnIvtC7tH83BF15mQ&Az z@oJAOd6I^2f*|rFVV_1kma7&(a9SVO6O39nyV=c);s@ciLw0wAWv6UX=ik-1yL09A zUn-Cn4<&msg+KCrbx}BC=|+~X0m3mDvl%L6Oy-?pl}+?F)2{8>$kO7a32f=e!=5^} zGH<`n6$<)mzaO2pO&!m9-WM}uZIG)m3?6%xd`5U$n4j0Qq8wI?@Ly!Xqp=;2uB}d; zELMxXp{~UuxI0Q5(Ydk^ZCQ)g*klDbmyr2^8_Cot1A<2#(DP%!Ku;+B)#?UE$ejH= zBXOo=dA&+$-i){@?-;gWgyoy|mHXMfw$$;GX#s0mbia_3UQJz{)$qGlpxoVM$(e9N zvN2)k2o+noYT5bXa0~gZwYuHibkZ>X6mL*@#rrM0I_&+yC*K#|?(sHakl>^Gy&WpZ z+Ckb=kJckQ-A;dWGpN*E*aMDd&Ffkkyi+{9UfcpO!BWPNNpRvI#r`AIa)IlQAWIYn z%`R$IGu4Tg^Yuldy{YR--6491DG~D{JW4Mwn7k$hz*68Y%dzO^PsZBeOr?{AS4@;h z?QpxTN{~b^G|MTvq7qDR}Wt z$AN2ftK81ASx_omJQFEnaO7~Fd!6nuDk|id(G=mz$Mw+rJYBU{Jp;5Bs(#?3V!v&_ z+7aTlc0fNzC34=-N~4homl!nRw$vuzHoliVyaDDrYqf5o@fut{ynkNNU64GO*t>zH zx{reMzB9leae97z3geF~P>;V9g#I9s7UY%ROMzK0??Gl?GksjNm~thB^`8ZSThHU* z#Q-}9lwg4bMtRPCFls;F<12QTR&0pXavwo1g`|@SB%SQ=<+mvE$`*b&7ok7h-R1O) z-e%!pbfXRL>tE|IC~iY6+u+3lq?7(c!FW73$Zi3X2rZRre`ndY$bzRO9lN^(tEVNEgT_W zN0E97Z0obAaBF%i1=)UR@jblQN%twxFj=Yv6D}#tXhDssblJE7=e{Z-+?(>k6!Z@QNXIUUT7`_E9(-QRsW8)Iv{kN#%(HGh92;3>K zIizp-1j9X4qbRP1I17+1XM1vfV~{ds!Ueha3Jq$xj?3oTYHL1YzPQTc{`QijdU}0u zh%&5=luy9hC!>$}8_AAAI$gN)2pb~szcbkw2g`1ZM9lIozu`Re4F}rQDYT1!aEandA`06Q88{u8%`dY7s5(KqG3N` zt=9f27f5i5@$o;%4AP2>|Ka&xreNpc^DRvh>6O!7Hu~U4^x%j`s9oXWe2WrO;TlqGkD&#lI8-=w7qdRe@M`d*b90)@0V>WM%!gO0 zE{W_vnFXt7`(N%!Ax~HKcQ%GZLY&&6Wq;7@0^Wh(z zWe@rt*j<}_ivcqf)o4Kc>pF$%Oz>UB296eC5>IR~=Ap4r<3 zsNEIbx?r7dPO<#HH$q*tdR|=m^&g&^-o30Em$^B+uh0nL_(?$JE&3_038_UapGk3i zYClz$Dz5z-T?4`%gbx0&>^vus%{j@+RM$f*f1VqkQ_iKa73`fO5YfUc-5sy`#e?uz za8@!NP^$JpsB7KfGt~^1hYh`PC=u1MPB=i$3mr>)Z1ot1t+b|?nEWI zuh?*0I!$n?d{)*q^2Q3|m#a72*jvboTaG{b-ridXncWq5GE|F&q7NXjWdNpr5%;|%uBm1a6N_$y`f_LO@j-5&JJTb}PY?KCp|@S> zYk2zcTB`rF+{E(iPwis#dYr*=U`XuK#>0bB&ukKvQ1ucKXRkL(X$Cv$UzTFKQ0TU| zA}xsXBKU6OMU5Jga1;IZWE?M%Fr544Z@uH#rRuld@ohr$0NI#Q$@vrU`TfZ-K?4E7 zo+b|t1i{T@N0AsTzQs!&-$ucA>?2+1d|vZRIxuPkSc)t<)bn@cX(p$~T%nn;{Sy7p zZ~!q#T==)l=s%XmD1iCEmjt9pf+8}7M3iu-W+BF+q%AUNYvDQPRzFZNO>)*%v%D^= z5XlJ3GTTJ9BaAZ3S6wpZNGL*y<|?A2@_o-c|K%35L}Q zf^e*mhDwwUlCYYlNvADQ*Vna9ooB&U@PMIK!GXoCZrnce1w~Kf@!;6va9ynteJ5nH z1)bJe;M|RWj4jmgb(Y$Ol2~11*&?atd3f7;wf$Rns~4RfKU_B*{2UyfJpo#E)`z8J1M%YXuw}wGXVWMf_tDgql7@}QyshoFm5BisHU z&UX)3>hSsXiV!FqZ@vO!MrzP@Q2KOYk#Y$Qh}I`>gzgm*YEKvI%Hv9iLKnZMMp9VO z{jTbPVDYr?a`3$E>PNnSp+zeAaO~@E&|RzuBQoQ1_55md!IbqdGDA0nN0;>&38G_< zLPik+eZ!TaL82#?DEa1H+a6YdP0LB*&H3GDaV{>&^4YcH$gf{88=*P@0bCQ!hBNz+ z5}i5Q5t1~T^1DC96ukMNLx-$*_TBI2qZxPC>*d#MvBTD!!Z)9ch)XNxmreR>+mxH6 zP=mQ)T*CiGK{z0avLuUIFWe?tJbSOp|4@L7iNcp_ZKQ7|0F zvO-&k9<^05SD;!fP#lSWMNXdEbr;G6*^kJ3hUJ-j7rzXamsiksdpf32O(#W(zA3q zVlujYcWZd+{H@x(1^%iED~lB~EW^lj5P9aVoa=K}R3l zv&aGJNum|KXP)0}Hd_4daes*Z8jSUG{wMtUQuMM9`jp1{X*)KRoSFP2H7luw6X%Cd zUNLI}2Zk3Vv?lD|e>G2YOJ%Y6{^Is~ufF^R%^!{M-ckQGgT3 zt5JspBTFxhu&7ppl-~kO%Ya#qzDCNvOJ)zGmuO6=$*x*xfk#_}X&8Lw&cYPgxwR%( zt$o%WMjrz2AG)a-9*y0nX|S&d#sy|nj8;I2%f$k3eu*<_*X6pt zMZO0Q0%py0;~BrRNSah7)v{Z%vW@$uUOBB#*#fMU*7tu^fd<)d?q5-0myhYn&tMCs zz%w;3Y|*O?tr-Ryp*0wv zRbj}OA|&mF!N>EfmX@7eA|q=cCVi?Z?HEmL;@OKMU^k*9Z*oBkA7q`VhE#@^74ePO zwgy?hx)LSKoi=^{qV_q=s5+*q4dI~8>yP>{;mfB1J7;DnTlx6%H>+!4ic~}Ch=sP7Z!J*urYt^_yw>3#{UKwzanlG{Dig7OQiDV;npd5W@l%1tU_DVn{n|-peiT|78@N~a{u9rcliGVlJ>z;9g0XB5O z>mA1F%3L>|VI4>=T$h$I&}xAdEY4C^&Jew;varDmS}8!5vZQe(3df>j{GGa9Vu&T2 zAKp$JE>)*0_eJUNDYNZMrc*i?7Ebsi$qVsH1velmkoIkE?G+kZX15~%s>=O+U6~}DoF>&oQzCa9D>2aA*(2fXifo{v`5A*+ zQy}S=bd!4qPFYgo{R{R05~vbtU5Cuvan5noXp^Th{JSb*-y*TVzixaVl^ zj?xjc(%k{>!)6lP%~CE=CYyR<=bP+40(9S?h>SG6`)HzEDK<&?_{nAR1Grdyfj7Y6 z&#)gFCyp(A{thmltatm{lmp*&u3B*7W{qgQ=~wWc*U4WeV~PiM>=>&+HcMtON68P^ z?roUt^V2|+(}1zVQo$*K&xP>a?f#s18JDi*!vaajsF_&d<(^E@?Px`YlBG;Az1X+?~-QrzxZ%zEJ@xW+ndn(x=2^KYKr<7< z<&<0y&yzwUguj>ZFA{Y&&C!<$2bR}Urwxh4v`JB5L;s@N#&0CMf(pUM%nrSNeUl%k z!@=F!80pPjvCn<1CDtFtjLsC?^khY!;7H#ueUW`&PO(Zy1gw|(8U94PXT_Ae_jRTV zT)Sbh6GcfUQ82f5E^hjNd-Ari0f%(X_>mYd!HNky>DU~9fVNTyceN5?Qr)0uYEwV3PXNk) zI2xLXm+ItTP4fQPN^8%TCjVnry%xTS%6(Jynq)YqSV$jHO0hY&wy3B@Ca0<4q@O}L zvbnh(TSizXzwWXCb^0dyE4y^D4B4v!F2R``i&QF21!%><4jwbFRc8{Fbm*H-fc_oTV=;tLYf2ALDw+DAtw5^^6UrFO{Agi_uZ$~Y=nFZY zeiRt%GZph%zgQ{MY?YWx$+XVVAU4=+v}CTWc;uaeW>1kj1eiTW+*C4|r5bH)9nfns zSV0O~P>XpCDxWlMnYlSBZr^zFyXco)cSt*St&zPmV`!=7pJ7&f0$XU+-OL)9o&}=q zaP_AhJ|kfmZHT8&gcszIz?L|MT`1%n%*$0uxAYOQ{wBZ0x2YSbA->~^3-|IMSB~ct zfQ1;hK!_wiVi<8wuFXT?RWi-mw@F7LN9R#;KJbH-WOODv!ytAt zWZew;7Sq$$4IZ1JGohhp%%s8krz8Y*5ptf7d`INYDV5NWz)MZ?|4iBMm_rVLwk{G< zOvTTVazK4sgXC|&IPl+Vb}v%0V*WP)n7^HprjJx~F`8|c*P4fZuObX%7CoW*!p+Lf zxP11jGUwC3JUhF%5esjgQ61Ndpr$XO;ZYQSxc`$z3<6Y8R3f+;xO?nt8u$^Z-HFGD z(vdmqI+s+G*B}e=3P8gzp&7A{Q`^5<|5$%*^$UPe->fiMApux=j}f&&muLC7zjXtA z4aMY8L0W(aK4W^83Z?P>oD?yfId3-^=QgN@8ByIT$PL5oK1BEDsiP+jm?=fOLgt?; zP5NxJUme^%^))s9_{$1JCHdq2ta)jhBne`U-R@jpgLRK@3k+-hgiV|aTRi$Qu?SJg z`K0l^{%T3n_x32GHVGOB;Z$nq+Ti1+%GM(Cg?(-Q)DoG**}qk@yW7%-ZL3DA zm)~9aPL5B))^30_`B@-hR;BxzJ0tajt-^t|^-z{6;7SH?Pv1d3q)g4WDH z?+6$-jRD$2>bxtcTVB->w9Gk`ecaVq>4Cn!IKFZP$}x}6^rUe{24`cFSO)x&%f!s9 zEI|cxcIy*#FFe~;^D6vFZ<13jC@^<)`KX~Z`Kvf%!X&Nx-_UH_P&41gDLfUJjX*w+ z4sFVu2Z<5}@Y*B|LQA|Q ztsNU~muK>Y$L+Xvkm8>BLTyn{f+6)rZBnTZY>i+{7E-d({EwhiY~ce&oDOTBljv(^ zLD5N99j~!v6Zu{0&n8m}qz^>|iRdBqcLw=lHgy8t-b~D51{Mq!y(Xcois4jVt=os( zNNdq2&3VM~Pm+@>^2V>DmM4K7c40$+6g{z)c@yPE1$u^1-A~&-+%PZXSGdcUBQojR zlZj2}m)>P>4mYJ$`AN&AC8xqoywz9p0ZH07~82`+yBBi6kITSq;|JHQQVll#HI_~K-eDF7*IZTzQ zR!owfDhRMX!_a#bi3*CTMw+SCJlV^K9x{a1^!?)UZVW~Hq^mfN^qUdzp1T@=rW;e! zZ${iB%}p^{_v7l#ZPy1o_D-x(u1uf2^)G%zX&W3-&*u?Rge)k{;OTz)i>#bYScVLz zeDq8naWLg1CX0+wjMYI92q4do)EIptVmShWm*>+HDT$*u&pU58nfvnV=d!Ns6Ht=63Ddq#igk_{Y#FL-c?|?NjO2vJaZm z%AhAZyYuYwq^9*96%Tz5=_hVki;weYrm6L{dplpvt4Go{lU?J5WXswqJ zvOcD-jyR0zlP!|}brKBxYFSEWnr1D{*hj%m08I=2y#0jCk7Ah=Oiq$vJIX3r#qKI97(dEvRo-Fu#VmsUfZv z;ES6%blg1-%#7rRhm}}z9@QZhF~nqOj?5PFA-Oj+qCA5>&~_-HFJ!V z!*#t!{1p792Z?ekPg{!j;yS(dGRIIMT;6lYLHICp@8Vp zD*fHMw($blSGkt6hlOLD#+4PB_Y4$EVnlvjL^#a|4EZ>i66Cxc_mqBs_eiK%5>BFI ziX)>a>|DY@_QgWGvM^@_42a+MTw18hc-G0oUe@+o%j_%CZVu2a^sFn2^MFi)zUl`z zsHVT5$rP#^UU^SC%G04u4wwS+N$?q;#-N_gJ%Dhm!0xW;YF&Jf#shXlk!ta8SJp1* zmn(~iZTR1-s5l?pq4bapoR_M*R8^$Kie@#sacpRlIXWgz$~Jo(nWKRG>9S>8cIcB+ z=Y*j?9sN_-=jCQP5V(DF2$Oq5v_$eP1Zr;4$7*%GMLCczQB9u#TjQvzaX2Y0nf{72 zq>wV(R}gC@59#ax=DI4G;&t|nq2@c5!b(OnPu2o{%z=r%BYfhFaXk*d)6x0ENR_IW zgzf5)zm@4gWOMgwUt*-greVg34}&Im|EuWBj#cMg0&%^|#17xm-W^|I)k{f8-adf_ zaCYZccXW=4+K|hi?CD5JVb7)Ir-jqk{4|$#)zkAc-xWl~9{=w9MiwXkq4G)oyM7rp z`E+$Fm-#(2(_FbFvCE`|+KdnzuI~uaePyKee}>|aqT|ADjn5DuTsWl{DM8}x{F*8F zr0Z|T=>6|?dH>zyy?=e=A7y+0U&!hHYa-&muFJo!%YPX;|Nr^VGFaK-6xo&YJNse} znYM;(utBCNq3lzCwMX8L|M|4hf32;5t*w8pt-q%88j&XpIWy5YX87K^j}I&_IK1f=5cV$##VV%TQ!o^F$aen8EQF8xOpo=--fA}jSw%V%pgZc zR1PSlU6Mm=PP#;Q>Azn!AjAB%T~=Y((XhA3NfWT-#vghVTVB*^m5!^IhY1tx(Ua$%~^H6jn%X?zR@D`%{1*9nM>DgZuz{9m{WaUpVdz>vko|<=LC9DOA$~(rf5>i~xLG5hpy!jTyft zCri-M=JjMN>~2j3pPrtsO>rGf#aqi2>2%i6MW<$H87dnXB(@UdL=W1PmK7wL5jpYw z2wI1~qWvjcfI+QdsG*ZswL`IOEeLw}Mi#huiq?JF-1AZ>qqIojC-aEa({1MMM%|9k zlBJJ4~~!{5o=P%OG4&nHB+DGQ{w%);M77}v%D1A)1}j) z8mkrqz_>TMDJjz?JIjIKrt84VqQY`tM zuIXA^OMxD^_sl972+@^Gq&yFHDJZKFlT1lVO(<2cE84)bHAqmYZ=lxsmS2?H-S|Qw z-GeEcS~&OWxjVo>(qKyJ$<*)T$SPG&IMMCR((asgr4rt>7Vw^^vU2&jFaN5G2?$tf z6rGZsDp4C_8fKuhEiEnxGylZ869~Q*c_U}$>@Bhge~5qCC>%wG7kS`-%wdN0J$Y)1 zcB&Gx#gzP{cJd_;NXr_o!))bA>+}j>>-u(Gw+udAc8j_0#5kcHVBMzSLft>fuT z!^35}6Z%oHI@485?3slnjUNV+!4~$~&ACNsjf$p+uZIighuTy_eJYW&F?S0~g@n#F z@+S7MSZi4?UZ#~=>O|}7r8fE4yWd2dOI6)(U?JTic01Q69}q*fb$N(-7^;%(Ag|RU z^CYu!o!E@zM^~lUyBo;irBejjJy@#M57(T@b%dGc>Qieyd>N%u6fS?rWJ84Fz7 z&{gQOQ3KVXm=fp~X)66Ja>=TXLPd`fVT?1W;|9t)WKZxVqV;nW3b@Ma;tVZ6?|W^u z-zsb)SBzQJm9V%M$M560S%R*vvF7e*3rApOm|F=Tha&u(Q_#ipP9h0I?56KV;uk*cqkZ4dSCa;GaK*IjAQshG%!m7lkw%4uv*TN|XN2|1r0rj@#n1tcKw zT+QTU4KyMzOhZeWc%IjIjc}o(WQ(N{dBc_X=ymJKb-?6`Ls$3w!1v{B z0mr2u*B3{e7|6=-e+PQ}?t=pqQ|CpIbJ$x2c<{da=j1!O2)OT^-t*qmumyn}g;r45IH z0=U$1!uD@Q9;lGmm4#o%Aq!(yFB0%lzE%Eq<>|4&=WL0ZHw`l+eWYXe92t;-37#2} zDkAu+wH4)=Q@RGi?+mY8OpG7`=M|Yj{=a@dtQFMFp~qY4cAPLL5u7*#@Bukl#9a##a7_kNP#5sHnp1R=9MywXag#G_lmFX(5rdm%cD%4++29b zFX*H&+nlRwMz;sZe>d**^mFjXw&TAqpP+R;)kpLe&WeAZO*Ztl>ZOB#Qb$H_N%f{nq!J+g?QBx$^P3D;7+Bww5T@WsiRzU)@!LxUYq# z@?2S^^7Bp|6g(ccOlfJy8>qW}Zss>5KWfxzD^__Kz2sByby?+_iinhuG=+b&#bJ2Q z`%R|W)i%EGv-h#FbO+-DbZPElMx6b5)TOy_=KuiPFF)(TC608;*A-MF&Yg0)Y{b2hB3GyZdL$9BJ=kam91^uf51atj-_w)_ix#EJXB{=^HMFyAd<-J zDmnC1c3)E-9gEltrU4;~QB?%;t_^EvQ**X2Ud*UN$SI=FpX>6@uq_TcD+$C@tJ(-| z!?cfwD}R9XJNh@@0{w*BAMaON)MJ24O9zl8t%Cr@Hz1`}g#D*1R*Jm*We5%^*Ip-! zwdZSF)eaEmPQ*8GE9kH82%_aSFb6YIG|K}U2dI~?MwEJx3>eJ2+vFc38mu*!stvZpL!2i^ya25X>~%Ut%&oxRrj-BA<*c6>1lZWWQD45 ztaG<}*$bA`m|J_1w`u%S$?43I?aenK%xa+M%kU5@_4J1?Dv?631S(u*_FiP=l50_3 zk0k-0yC&b+Yh8RYa~fbK#5LVDL*nU_a0(oJ{{BN_{bV>fh_G(|)aGE0?QA%gYE2DC zKrz6b9GmU3y^`T^FV}3zj$6MCxeGnRfAQ11zwWmy#El%p1<7vn`}yJuJDsX^tBav| zbpn2Dc_PL8b(e6RFaZmHhYVvt&@!^PU(tFDSHH?*uivCH;Nqy!&{EhZ_wtv>#a+^V zN&9jOpx&_~bN8@@Ur0yjf`gCp32GRdCWPTYaWbV`*1|-LUiQ~3^Qqc!4VnlQ*;m|E zmNIRQ2!*J4CDmNDi^uVWy5`ZQ+XXxtF(f;pb`2hqzhkWvjHa7cv|N(^-okyNb$I>N zHCUG%ubDS%Md#AZv94OekY7-j6MYd4WcI>GX1Avh{>|b(3QC^l_u_*^c`&kbO>d#} zTlI>=eAosRk?_&oM}CHf8^kc3IPsp)L_TzLKnPyN1qb*{2-KEx=zKRE^ePp6xPf4} z#PSKvEnZLJE$L29Kl16~cKY5oAryOz<6QRRmG4sbY#Uwh_Gr*Uf4ZF*p19`(G1w^l zc^>tAL@ETj^Rg*BgJ0|ln-R~D-+%4ov@DVbscwIaiQWYW9Jq280`coVlrtMDrnafl zKD!FsY+5lEN|(NRzBbD9K}4H`keD?4(Ap|KdVAZ-opD-NP-Fj*6I<1u)%tb{xrP|5 zH>D&-xN5J!?(U{PhfC8@@n0fCukgrX=yA1myzN#0ymvn^d*l?u(rxY^yZ`knV)^U+ z0C|74DP6VZ-NtbS$6#mq@4kwSWB;2qL^1A-Jj@%udyw>bmYe?%nF%GMHQTej`jN7- zGK1y1+oea?Ez-zeC|P;+!DsA7Yaddehz6LOUTY~6m! z>STJBo;l&X_wtc()JH?9UmjqqQ?z{1nflvuq+z4wqgwZfd9A}rNeFlf zqzo8}mR%ucr;XPaLr;p|86cRAQCCl-lvTZ9oTW+7xyRXq2=$;jsN7au_u_eXridKH zbRtgN(VLN`O|VL{ruN2eKIOMW*#(5~!o1wdb6;}EWOh0MI35-#8SAz=)RZz*BfGV| zLfeY97`*srqsPP0#uy&!lF7-b*yJ}DtNFB)FSIrQ*>z$Tq)O^|UbJX=d>hgwB`LlT zyD~m9BwNV#FfCz)ZmbqSY(s-|19>Or*6sFpG_~ZlYwH zyfh@aFtCL0l2j?InACZEe9v?(yRiK>)yCK9&fNbq9>3sxq556~P`G^XY77<1+5GqYO( zi#r$KvWJP4O&L1@A?{r6Jt3haYC>|KjpYhnTiHw*8XAu2b2u0dfpqeT@JlzdI{akU z9uTcUr`&lkIhzg}K1J%{GKduHSCo~}_Uv|n>iF<5s#HSSC*3i#J0Jj*$|v9Y%Omdg z{E_1-2Yz5j?^<8xRDdAZx~!jra)5l?%qgld64sK)rx%O z@C`(VLIVbz6xZ)|Pfa5uVHE!Ly0L=;A?Qk1IXUl~oO`2jL;Zs-!3nPpnfL`6y4^9B zwXTEV0al|ihKVdu(*e;Mk0gFy6vgi)9gVM2MUj$Iw*%XK7P9>i_X7PC`jX9%wb5K;g|1XiiR$nrvn=s!y~ z1%Ig`z9obsY&S3)cGsADMF2!WiQuXeEm2 zeps5CeyCOPGl{{$c^1d`ft%Bk^ZlOC-2?yU?bk$tptV|0z=JTaaMtNWTIGJ)fdyW> z6*H&jNG242x^AklozSnM)4gLI{~NOix@}A{$ZrOGji7|$hSs-Vs#?pG_b*a&PI+-!l$#9s^a`C04yb$pEaHE& ze})+z8U2a|XoBS8V4WzU-mhIdWxe19U1)7YQnqBmIh@+@n4Zm=D!&4LCuQjQhSqwp z7&AR|_Z0nl>>QH#x6|# z8*}+Y=DKV5t|m2|jFODT$mo2fKZX6Sm`Ir41=QF=84twAKX9jf7B0!`+~{rRm_9@2u8Tr7y*{D{4x1boaPA(8mmdB|NMER!QfZ zA`*jlE~__~%_l;Z-FWa@h;B=u&uZ#X#GybZt8ZsjowjAg3#p(em^VaJ*er7mi9BeN z@&y1v1DcNs)h%H%8TKq%sVxj`Gph%qe?s84)fKI9X7`fzZK+-k49Y^q$q{gq$Omqk zFLbU8tz2A5RMm91PS1jwEX!vF^4BHcaJ%NmVohVBO>wio+D*Ha>K6CzaWQV1Hc*#} zjcrH_CdJYhU+vL!$Tq_AX7`JKb$&ZU;I%xWyqMQKxXIm4r#D#MsKToY@X05T|7Fzg zR}EF6h~QubT&^SSU21F=g7!O{M1dCggz$p*0#B%8??AOA76S>@Eiq zLOv2i`{VVJS0|qzPd<=#9w~e5_-`FNYlG6hLUR}8y+6QB>A1hDzP8l zth?x2ziV1fRJ}@~f~6gMTy4f=Gx=OAsa%RBJ~q)CT4KZc#bWon&eegGBn(s|Z~PKX z@9h1b$$UseepMFC@v-`TZ{5+E-+EbOJ6w}eX?2QBz8ax0>1{wPgt9G?UcY3WGujD0 z2iZ3S-TO|6~C+CA|c1 zccOnU_Kzj@y2$c>xiGLe*tB&6MSJCLVuLEe6_TIyf%%IE=>q=cDRgL^>}(uDpG(#$Pbi)L@YPaqWULC|eR+!%i7SY$*#?F}L$ld{`?xl!L3r`1YvGPrp<=i`-)e7c_vSo=8x>+hy4xdQ~`M`5qOLUH}hMMkNerssb0%FwjGP@uSLfT$f7$3D9*&}eL_SA3X`&M+_M(8Cn zy8<&jdeK6?v4KKG;rA=yX_t6EORxbe5)~q;Q_3pHM`}tUny85IE0twOK3d=B6#DE> z=06{ei-6e)ckqY^p7>Jk8^SXLPM9s7Ulw_PR8UcS_VM-m2!p?XAKe_JgX4qs7yHA5 zVDWjmP;%Yqj&yBeb6o_w0V-P~37ofYvJF zBzgV`8i>33{<{82-$!oM+!N>&Ntvu-HK(T8yV@t8^&IfXP-HR__c{j!Eq`PEe}S5x z&CyX^(EsNy0oSYEc>ltmPpx^d{)2%2FE9RIL(~7iyIjW$&6nicAvPu{fWngSxB1W_ z)^g3tHs_Z-F1Nc}|nrYo2wa*BRqV9=ef-QE@O4_78IZ4#9o zsEmeKF4c%@?UpLjzQWZVy(cFfYd?YgOK*Ly zZS^RXAMqUKKhAH20A(hHKr;tpQjc_KEBQ$!_QEvCE=Ux@_?HZ#U3W4)no1;tuz;Id z+h5_9oT60kywDdT=1OPM^%ZvY3&Av9s8=dW%1ZfN<#UK(nWOZZ3X>RWWWipv_ zlh#ZOHLQ6%Y2q&`s7wooH$2O9;=nUU#l?}{xUO8TgPU!vis9EE1RhC??oEqlTvMjKj zKIA`Bqt8>A$-QqcbGwQskcRC>&Rb@QL!Di+X6YUr!0XYps4r+(yZE|Ur_s^7`}Wiv z!!~d#ECzAKv6X^}LH|j>ZUdgbgB~vf-N6o$s13KvZ)o(7WU0#?<&jaj8ldJ)hY82k z+MaKZL)g`yb(`R&|agc_#$<+JEs%(0z= z3dO6nZ%zG6ulex<@-(LM?9@tk&vw|etCxUVse>C-Fk>64N5v`iX3WQKOzJN%D-bgN z9no6JWBzBpILf6q`wj0HbMkeyNg_QeowL~|@01lpvjCfx02n1%r+~;W%ts?Co`qL* z#M!rhCC+1S0@5;mIdg|wDpHj1Dfw)Tg;Ika-RwH@2edq`_7`0{FPBzTi_a3ds2kL5 zX&Ie4t%*H9r%GS7M%PZ=Y;G15q~xqchfPtr>P89-vP{(O2K9M3mFDL5CdZDA1et=3 z$#(f+M~IPpc1v1-c*>G5Cu8xzOtqqr4?j}_Vx@MB0(Ncnd+EQa$C7SNLuHK z9?2hXMk*;OoT-|RFE!OA;fY%M&oZ{X;EpmB6S)}7Tb=E-)rK5zF%^x2I^GB*IMzl#LdUu>d8ajP?I{Pilz)>lJ9rX z_}aAhCg_yOcb8_Y7SXnzBHG(ETIjieIipr?;`of$fXSA>X77IPw`bO<@gFJO<+g~+l@cAZ+RhO$U=tdqap)@&F znw&V1?~Q#gg-LdBw2P_i-M)3SlCo9}cR^d3M%h!JoQ)-h{@Skecb5xwd~rURWN)sb7Q~X=qWwEfZ)9@4yU&SvNP$T;pTyPAdO9I}XFJ7^ZKItqik3LOng#!lb z2fGEgK5OC_w(Yw#gKd-Uum0>7Y~BpjKG9b7(onr`Y8W3`8;Zte&vb4O3~`slh?X21 zwWop=QMCKGD5w?!+j}_@6a~p9W>?gUH8b-}FdlZWoj$fBD1i@~DBOc7Kg24cI9jX3 z+p*Ulzu*kjj)ihVJRVm>vCfr6;ePxsf9MLEjjlYB;Rd!<)=YFTX^J16G@Pop!fM>IgyMLelA zVmUtIktda&84IPA^+G6)t1eqi|FJ@fGo3{PLa$#=rf*x%>oBl4u55zt4<_l6Lo)r5 zg0&@Jd5sE8LCZoy7T=^)Of(^>b?12A^v;WA*S{7r!n|^K*a^}6Q^^bfy0QyO71#2t=E)!HdUWQJZ}n5B{+D6@yqb#r6gMQSVz~;tum*LMZK+_>KOulAuN%4kwc+PP91kXh)TwI$$l58) zRDVV~MSen!_4W-8z_Rh!%7tRj_U2|^&`r==v!%Rf-~`1aF5$qMF9|PUBe4NSRMdEd z`)hz{ERvA0Vv4?BEvv!BqB7=G>T2|~j&xL|-Lfe3-QE&;E3*60D75iRYy1}1;&10? zuT-)nsRB+1nq7Y<=(r3sIa`C^11*NwsoaLt%fe)JB%x$*NEA%t^COR-B0F>i9bI`e zB8EpfiH>_3@JTRrIll*MKhy7J;QAg77AR_z#)sVS4z=$|J92O+BrJ;=jqqR{1nYhu z^3p$RD#+J0D6>&kSXuD5u@6vB)iqaE{vAePw`%PHZT8R_i{|qKR>G#Iy+CWG6CC+0 z*JGy_QnvDwM!&DP!F!#>TeP;Xrlz7ne#^t`v!5-So0{AhU%6b&46Q2Cdha@It&Yii zyUeU@SaIJmJ4frMw6#@-X54_*s;Z$CjX2>d?CBlQaKF;3!(&jDa0DQWlBfuiyxwgJ z6rlU#?}XcnYbnKv>#eD%$=%As{X6feU5luzS1MG=Ilucj>!(;bT?=y+zQLZ4v&h%j zoX2vdJ42IoD|g5Y{HOUVsySz?Ue$TrZ!9;r_vZ|o5K&YrL|0evFUCr<>7@bc7}?YI z*1{5)5@G`y5$V{RF#-g*YH#eLHAAizfGrQ3k*<3;5gf%%{H-@?+B8RCCn{e@Z;aID zFJLp5?K_APq8Jd4PXxS7XuWSktQE1>T@<5#&Hy#+)DMQd2noTUh+f;>tl-vv^?*z2 zG)2YdzZrSej*tnYO+1LdPR#Z~e14@gy&CrEWf2KX3_W_aYg}9+Ib8`SndCSCj7kaE zu`-omv{9NolY^zb78|g%6p{&)Fcas+6e4*s`+@=rXX+;q_pX3AofXW>X_C-*yL2r> znQg3f&$cg5M{;V@89qWKxTBf^3_|Vk9v1T3adh1@^%$l(1wCyNByZrl;rL*!?gk@5 zQYFKvOQDsX>9>W?_vs^;`MrP!0^dumQrt#AKNjXgn%_>M@OlO>CSw^7@094FKNo~F zgA@6o!6p<6eF(6PzJx$cj0nfubU8Pu8hAKjyJy|Fx3h$m@+BS~X5qd$m3QxQmjc%Q z`hoEPytRKVQ*6e!DP>lD+F8OHc->b@RctXv3F3X-HM#X@PSY)XyT<*e4@HGXhBvr2 z;SQ1g1xJu3gB1QlOIN(H``@@if-7QSd)mX+mUx1;PVPbj+n#1`iO6nLT<_;%USha< zEz_D_Ept9c|c51#E&=^t8cKl}NxkUzb;o+ziW@KM`j*N3!bBW<+Do z453!AkgCt-n`~Mcr}+7Rsp#LZjMwrZ>=ff1#8Z@-F0WLoNGb5ygWLuMB3>_x5AtUc zy?4>Mp5fR(ALo%F4=UABHBzN*i2SBoaBb6=%#{ zU)N@{eA3{ad(&Ym3;rRz_m+@=N96YfFYyhwBx9@;F>yUBA8Xr&)=bgS^P-UR1%-uk z*MVe%GDk_eK1oc&*6BXz8e*hSQ-$%t-63k+>%|_Abj_z3z?3LA!z?4SH@UpZ4DKls zeqJ~@f!9a3M-%~rkX953ky(CV1;7B@g8NNW-i`{&64$$P&j}V~ToyZ49hRZTHCYu6 zckEsvg7VGe24$x((^VLBpCTeb%10XjsL#`%>=}O!U(3x+-Qnjn(!Eb9JX={x+tl@9 z0DR!5@u=vOX!%?~E1rmhe$m;LyLQl|(%uogLJa3T?p*oe?8l!Fd4)TE5Xg|f_3}q0 zKiFXyASgJepImQ-s9o^O<=n^)dJmqgig25wsH_#-C3WH^Z?A-kPp~B0XYVq4>Y|Jfw*oK!D6qn|ZXtv5O*v6WJpNw4Or0^s0P6tCLF|VND8v1X zFHu-d={b6vroptz(Q(8arN@SB6iW0r?p%XJHj`-3qcf_VjBf>uacl>T#%Wk!kB zb<6ARx&m6WJ*;UH$|ME&)MoN*@afR0hKz&DuT@bIIa;CvbraQRaoCNd?a(g;6Y@aQdLB!>=rZvIA zEXO9~UX*gh@M5sw4M}mo%&Ug1&bewuZ%Ks|r;x;O%o8de zSGMZ^7-gE8;A$!97p@e%v@9~E@NLd3-FUxy4?9Vj0I^CB8*j5tq^u*jfik#qvaoj~+C)x8 zxT!QpNQ9Lm%{>28XuUDwF)cyhTPRcyj0&b6kB~prsfJvU*PrcIf$-rXPxL6K`N-D`|gV5wSH~ zcNo_|JtLL3M`6_oz&J%R1FzckGhq?4*z^b(+bqsv$3=nogJ~1Jli}@?Ts)r<##}zj zhXB6vCM@dbjdx*C#^I(qT1ZuAsNJ3l#!p$OMXeUEEm#umv#@mgfdLr$_M7Ye8%feG zU~XaI79?h1rL~g}7p*?e7g_kcF#6_#{V3V@$zR-nu@|r7k>}poIS*SVknk8fSg&Xe zwnI$MKd3E!Xx!e#@9f2spWX!jGt>GvOtoe=amcvPj-`0oO;3vAX4B$A|4Ih5W3AWK z(fOTHf~okvX%+*`A-R1XhAZ>`HuhgGN}d#}n0I;bqW%1xoB3Zd1pjZsu7C-+-M>;1 zF>QQ|S^qb4`L{g9|3(T2QSFqpw6wmyK6S3CFc)Hcq1CUQj8-bZKt@#3qG9dx#(Jxd zC@(@oQ_~*-fr0E6WT<^Fz}D3dm(~8`LqjcoJQJ?ddWh&k=o(ckF+t&%f&FZll@_Df zF2$f!x@PG)(130=q8iTB@`?XcgigMY<8Vke)tb8bOXLBcXf648H(|dZ7D~%nEZ8H5 z--?yT$(D#RTl^o90Pm}@A)A;+y5=D^f3}V9S<-TPN89d->bG{FJZ|-2Ar@C9pCUI7 zu5@E@s0iDj31$@Srv^ySJ`hx=iZT`sX)+Z<1{Jm-?CRvY*cph;1y|PK6J_M{7{WKY{%GEJ+pCkc`%f@p)^&S$x+c_IcwNh zt$?6SK-1gIPJ|UJEL>@L0wTaVs@*E6%+_&&i_9?cEc~ILF$cR}<&4wOu{@cNGbq_S zF4s#^FS3Uiij>R-H|Sc%rhZWRVPNnh<2C$3uv<;ty08%^EPUR~)M9s&1*Pm1<6M*% zHnxc7nqpmvYybTvvtjXKzZ|`zK%r;aNr{D_y@<0Vr3v4gL~YXE?q)J_<~pLRqCBUF z2wsa|To=t`t{)bAVd8;vCKHp@l#%0Q9*86V;aNfjxv#UVuK?$43UaN9i#zIkApN#) zYut%y1{Za+;bI#JJDI%9#X=r=r~g+D^k{NX z>)~56V0TZXUbeeK@rw3Uex(W{u!g;}VlU6cT-ebqVw_e*NkyA6SvH|9GLyTnQlBad zUp(E8MyfbL_N{&UeD}WF;T%(;>Q+d?m|E-L51^c-vzv3~IP;=q;VY=Jk<^|TI?&)x z*=6Yq`s2g1F@nT3$5QPVjR{TDmt;(^#huJSvnM#Vm3>BySc{~65EIv_Aq|ArX!5X& zP>{ZS0+;BWtb8>o1(f3TQAPlsf}6!-4xci^e|oDcAk+O zB9oL?cxBOEQKlF`3$IF!pH!}TOS8A}+w1NNr|672=mBGE!#;VK_lSLEk9=&Kq6yr_ zKzmk`{$dt=zAJsjNL?hu@^D z-y~_US^$&=^v(~-TPkDC$iRZ7!68iszOhYp=RpzACJd9cRYfJQY>cFoDF#rv+ZO| z5g4MUQ6J_HkA85it;jE(SlK)EI!pqCdGm?_hZoJ7)bcgYY#SLOprhxj6LElP@nf7g zetM42$yU2Xu~JSz%V_D{g?+h8Z9&OqsM}F@cu&Uq1NZoOvt|@agzBDCc>M)e*80zE zbgBPj0mhplJ;tiqW+PA?ag=3jiwq<^KQ=JmY*VW&EU`QYrXeUCXB(TkW-p)43&B%;60YL>xC_r5c*3AJBn`(soV6l|UjQfF_uPr)fOfSi1=Qg&A5Q_-UF zMqpF1se^@7tpO^t8Ew0~u+Z!X+=%_dqPV#D5w(>;>n$e7V9L3yhewcR7$o4RMlDI# zV_YngqS+rEt*eLi0(AO{`splI=VDWFM+EBqo6re0K*^!?>P9z1;a7A+au(lM%2*Y| z|Lzsaz_w8S*MqU28`qD~|0*JQvPBE~Z?@rot1wv6F&C{}RYJ-6ox{gL&P`zyrehA< zUqB7}y*9_5;{Uub;eU6h|EOg!a^!@Zliu1N$3c=9_NNZc=A6#Im$n`&=zs z9D@+>L}pEm3N6RW{rUNFP0`D_Z!F#x^IwR9pP|k_uNoT~xP!&Ti2qtZ`%Z{&L!Z^@ zN<<2t1!V+%>LF4mx^;WjitXa=-g&v8i-mT^>j3 zt1L=y0OjKIH5B8|W_g8k*fzR}7yA1uy`VjYNH^Hu&LimJ&7Te1KAUV%!(d$d?VgpJ zI#|GooZs6QPTc0Dy<=M`;?IrEZV2+(oytA-J@&rvm}a`juC1-Ty}dm;I&y3G)ye&6 zm|_4NmyQTU?dtW#XKo{Vz?=Ol-%DI%5%#M5dvuHUOtAgTreanV#w{J;db?E<4mjt_ za}Sl`#@XIk|MWeg^Fsya%*68w_TxH@ZMb|Mb=bIE`_)!@1zT>}YSW_I5!bT4#(}^n z$`WYme1Y*F5x~4PFb`*`<1VDnZb<_6n3H1pnq#x!boililm7I~5)7I~bY&MkGivk_ z#6i~=4c_w@Tv6?t{^kGSL*b!zz9R1e{+b7(SlL_UGcvDkOf> zSArLa6NKQr$F)wDDUQEe^*-Wd?2K$(mRkcJS)@};{#Y+il{m#h*M7Zf!pfP{szw?- zuOr~tn0}yGP1^b=oMP*K!GbvV6{^^!E@zC*EBXE#=k2We8J-0rdU~5z)cuXcrhTUb za_>0E5nfjy&@2w|7;yjnYtM?Yw6Nc+Xk1OzBtJ?(!)jmGFCyvW6wdxy7saPD3g@fIiX{N^_2ro6&ex$ zL{YXMbVCjB(%*a)kyeE2s_8a=^ZopP^s97Tp zb|2uw>-JC)fbZ0rEKDZm_ki%U`Ryza20D=}6MEN;HNS5g&9?=01G9}qGt=S{Q}E%s#EaHJJyn!@w#e_ho?}-7Dp*)#9&KHTqb!^c zb-}~Wa>gm+LM3NV&p9o4rE}J=OS&3V49?8$0kvDJ^jhnjwnk8@m*}VVzvoDe`EWF$ zX62o^yjIHxoTXQSwkr2bE5w5Fbxvm)!*OVp=r3I|x*!_5CfJiD{Em6tTy9faK+nM& z+c$Ah^CKNiY%$ebZKK=KGkvQp3*vJjE+M&x7ciRK{sJy`dG`sv?s{aD_{fY*wzNK5N!jB*R7<0 zSyfa9xeY7b|3kqdgL79s+yEIl=rr6)5gN{MCZFgRuxwrdvdM;gr!_UA`YGT0&+hmV0_ucgoihO8egC`-dbfEF*sQ!P)CWQ|xF1 z!e{0xpn~e*@$?$aYJ-Q1S(P2xJ{6JM&GSjoY@N>3jb*)^KE+nJwv?|}^7e0y-PhYK zVlfc6cegtm=e>kLTJfak(IM4>rdTicAWf2$iNN!7Hcb}qT9u-2a?%x>O;fZ01HB{z z*Xf^8XTWw|g(FKR`GG}a?Nz|gsp*3CbGP-^n1f;24=jkm^*xJ_bbjNFZ{|MXyIH4W zRs&tmOS>xEB5T!ieMiob%TqG9qlv*sV3=}i(q59c|p&)&?jf0*$%^HXGL?hc27 zDL7$W9O&Xic5F#)s5C;r$k>n)OhiTco)EtdQ={4d@afYh8H$>ztq_E+hI45~)%1QfLBD!Ne@G9}J%v9ju0VEcP>yPZyO~=--D} zXt$XEr3|1Q@T8!kNj>`Z49$T=>kI5gRD^ZK`YK!F4__ATXmNq4um0`zX7{_e%WqD* zh~^qGaH5+g|BbVr<*`*7eDnWT-8;b_a@`D9ma%u&Y-w4^q$~luuS3f7W^8Wsr ziDNU{K6Q z{}t9xQf}jCtr}b*G-S zwH5V+nQk4b%OFqs5qLf7xns+}!9CqU~w@4Vi@(5=-7`FgiY_4pGqvKKJBL zxYuVDNR+2zwlj;U;G}1Vs;M@V%k2^*?sB@iD5@F{jc&@1Tx;z%a}NIC#GMIBrJ&a! zJDUN}(|eCKU}tKI7?x;qcEq#bf~DGB4;I?m+9-wG#xitub<@+*PxMGNn~91 z{3Xc>Z{^xnbyQ8JiOAfx3)Pay-REC6CKhiN*0>Cb^uOaFwpA%hU}{X`x0+OH_CW-j z&V#k&NK|OkugsqnP3M{h=Iu55wvWjth8R5Z7fW&jbAGR5;~wrq&PV*SGCpX2TFCR| z0U-wJ_of*GYSDP@%#VtWd@LMm3+l?Qy6}ASsn*JNoL+KS&U!TYWL~mdN7{ejVQ;LX zyT+goq!Z??|3hV@A-M6cwbL?bTx$bv2xIxVtn9{ziRTL-V_I>M9;~qn6|gm$?Lv0D z59xQ=HS_WEGSJgYNlRDhG=}5i&90h*JqopNcJpK6gnBi<$sYG>I>WwF>D{1TqoI9D z{*R$=@%Cl-$t$_2nBq2iG_yNjN>0cNc_2O zZ7K{0RTvB+`mg@^f0O0*Z$$8aN74SxegAI?g#XPCCuXgGJWKBMxj!8Y3=E_g^gZn- zK}q!2;Ia!HujVii4?t9;_VKv$(XURHn6X|IWgt&4RHX#ua1;JU)>@CNU zU()E7X*V(Wdoim`b2}gR#ruEiyt#scgC7x{?Z}f*(Lc|1znIT9i5?LY7rsZeIiPcY z_=o)=2mS9cv{Rm&T^;*BA~2|5(V`kZ6;DllB1-`J^`DLKw8)-s7TD7604v>VMPT z|5-)$f9>+j@1grq{9oCOT?32@H2<}J`#S!)$KL=9BsocbMSa(iU&Pfl?5x6W*o%H#X;BIxQLksPY;Mh%fpM_``2m`M@x zBGyAGESoy5NsHMTNhvAcf7aG7(e(jtR790Ly?ua^9Uq@L+hhGS*gZ_eE{TOeu&Gk* zBkH|CW5M~qsQKcv5551%0?-`)>r?o*Qu3EBHRb zz-i}1=e)V&Td`JJce)a;^UdTr3)RA65H5SW8O}jJ*+P zZ>=jTg~F*iq{Z`yk(dsSREMi1h_{8UpJ&$!#EIbtt@&)(eonB&O0vz zxOT`iLe&^qxC&(nl)Q|HViiztOINau*wH^2`UuwPZ~pz83r*(b6~ulrW2^NBoJF0i z3sBXUUhSsE;Cl5EbdZ_nJK!b6ICj<4`OO-BdS;662^n!Zw}#dw9ELZO!`Q}W>H$hp zw?)eEf$|f!1EEWeok*Hmr$!x6Nircy`R8>xZdb>C*X`QqkeG=)Y(3F=l;b?#({HXp zR211<;Q9hsHIrg!XfnV3X^WIze^C~J=l^~9J~{9!x6o}?(LI@Sx_8i5I`hq~w?5X> zAzs>^mE!^)tdd0>1s2CE@60?xt+Hzs3e6y_xSq-=`XLBXS)JY5Eb#L3%pulD+E>LZ zQ(IsYnbO&&ApWLa*;sB*NB2=9IW{vl-fRE*p=3Z#c5&g#S@h5KeVIj`Y+Rdfk(uY4 z(1a_^>-j%K0F!z_fI)PW5>7&tv-ZabMGX>mLm33F@MWTJNVsuef&qF;*?wi_gc!p| zjr?|PW@?n3^TMW_1gU3?E^I~3h*W1UT(W8>8~>)owO%xI4ep;D?lGx{-Kk53s}41E zD_h5~0M{=d)yD}gsUxhoS-b(`x3`Ufwc2m&J0I9Ry^NWdemG%9eNVCjm8-<+>-&CT z&aCs4E=%B~f(Ru|oNf!zM$H~9-hxLBthN2jVr(ohSqlwyp@+$KUrL`)xQi5 zTGCsIq|jyHGrdbIaLP1*nmT##XIV81YU!^j!~QgL)7MWXS=S1xy1iT;`jDlh&1cf0 zoi{47TUk-&>uEh-_d!apLfL-GdY-^A#Z9~IH-mSv0V_Ul62}s#dchb*T1>}BlE+(6 zLDnhru|RPM z?gUBEV8H?e&->7s+55N8d-iwEd(Qd3-}}e+Cn3PYljpv#b+5Iqb+L+nT%pSVsq$nb zml$PrDKkq)8{;31Z+)Z4QQ#?2$e7SnX@G_V4WtG~${+?}WeI~GX|A|_>lw{Oo1w7o zOzz_D@bt_>6H5J`$wJKXXk0l2Exflf1UComB3Hz*no@afSPW3sf=rLR1&hWym73gb zrk@>VIyhMeG)3udyoTaz{6@Yf{o)kk_xjouZ7d+z=LbqN;jH?a&(+pzPVRm%gM1LK z(ds?79ey?@QfB=(eDSEKB+^gf?c%P9m+32WakiJ1(2cw7`W?`lWQs90#P@vwim~L1 zGA?%!8}+c)9Y;u;oh5*%- z2>$wi=Z~#aQ|zZq_v$MFK$*cfBZgpKs2HU0>)R!Kyu&%Uv7#ctkSD{{&RAV#MiFTQCj>i60SvF6(SHG$!jq@f zioLE1iXO>hqxiXzec%;%y~ouHTx&Epfs*`xgl7R&SZjVDU)RmcVfy@FG#$S6455Qw zUFaEEGy9J`97gY5TLL&$`UUPu z{aR}^OAPlzAYW*kJ0fk`D7~OD@b?6L-}<@}cW}K`c|l(Lmchu_s&TE?fTxdB{e34x zXhpZufzNnUloO?O`+hC2dAJ8c_aSZ$+3$lDgtvY+Z$QyaIz&Yw3rYt*nqO^R#S}G8 z5E|NLsDTQ^sC9_MAjP%Z09mCGD#(o=f9eC(w@v=pgc2sK?AjlxwCLg2NSmwFGoYxB zqcrU=p;A}yfp;yj>?ig$j(L!xBoTUsCg#xLK?SYQKCXI5hfQ@b=hvgmFV>SJnb-{m z*%PCqZ(5zUg;m1f%E}SF7pJNj5GtNWJLO~3dM_5fY1PDrlN!rqE17SaJ>pfKR^nsM zsL8J~c8uOu&-asjA-{p#?83)quUaLup>6&>&a>qnn|DL;_7mewL|G$HfWE*6@_x{r z3CY2Bb~)th4>)r8Ev#Ujiout}qhdNj4(nCwC=8#*gd!CH4)LF49jukLM4@m*Ds-HUqf&d|lsckJV!)?ygf3*9t&sT8NK+*tW65|mJ}q;q zabpywMmu&FkX}!HV?*+~T?H;MTcg=fT8pU-_8+1U8_ez4M^mfd)| z5eA#%9NtJwc+jJ;_L`@!cx6Fk^4Ah%_{MvK z0RtyZD;>y}frvxBG*K8H=7-{`w-l|>DjlvgrZ_9U_-X`#}RU$+0?-4oQHyG=)T0VW>pOV>Us_kk|gI4PNHg*N5tGu0R~iV93?D4Sz85NsTYdj;C+g@MOH+h3H8&D;HU1 zq?=xv{XHHY{girBn+(qx=&wk>Y7l9i z0Y{u_BQq1zc_O{@{J0~HmQ50=LBC#9J2>4V7-9@39HhR!Rzl0E{X|do>v6W&_xeD` zy0yhe>!DmImbdioL~s0tUZaHux;^weL{H!0J=2iNFJ=9;WGC)YSYBi3eM%a-ldISm zshSY2W}#1AGbz_dd)q9vr8@SPP@JoHz~I0dZ8ESKzf9X0q`-14jh~XBge0ent=8m3 zDA|G^*ZGhq7KDVvpL!J@jr+2sjrEbVB|f*B=QH%NA@5{UK|DMX@aRj!R~w@0eeDf{ z=s*2}=tH>8g;JeiXmvD`dQjs+i-tA{&cB0cvP#N=x{jqq$Wr1nGb^7*BV2&1A9!6` z<)a2WT=a%>Gllb6*__Bx1F=35qNg(Rau(o1UIDq?*ndv(>|MlPA&_y?dN zgB5wXZkaEG?cG9o+dL93t1`7Yu*$r^%J4yjhaAbQt7CG_@REXgC1NqVX`4~0qVm(e z^~HxHS{jzPm(yL`iJ1D_rOIjVi;7OKi@-yj+7SorexF{SS!p45lsq#V$xpz!eQa6z zsc6iSwoo`ApHX7gzy#4QbOeZ^bYOM9nHdwc^a-65De5NAqVbOIhZ;JJ);@5$|7y|~3ylIL&O^NrXBNnutxHAqlFxK? z6EDBrI)#s4)3Zrt5)dCLREgEBi>B=-odTgJ64nv>DwNdjQxdxRnv~&ziXoCl_a6driB;CDQ6MYC5ohIBX!2*%==1l?o_nO!*dJamS&#-z{ z-X+h64^RkWE2z>7zJYb8Nu_1pZTrhi()(SV`4)E2>TvcvW^-zw zsHX_!`5N6qz=zkGI%dfx3Y}Dz5e6x?YXv2}aAy;P$f=B*lZuZ9+fD9ZK!Z_3*+-tL z6))IRHC#pW=PVo^Pl-Ex+ZBF)WFO}e6Ll}L$o+i;CC{HMh!a)%2!K@-YsFdrU7+FA7eD{vucIDpWf7W`4jkFh|~-Csx4Hr=FY zjexz|7apU`H1{&5egnSsO3=poUvxnJCu=DpvhT=W?sBGKd69ho_opYgC)3BbPP$-< z%*xw3Spi4W4LbJJXqcy1suN`n7*2F8P}SauBb zO*2mN+-7a~F3O4DD%gV5KiYXl<3-h<2}S~Uv)<0M>3wrgJ@Jbw?EVTe>>l0eJRTu` zACw_YprWBk&&op2&pX0r@E>=4{^A0xix;r=z8-_g%m$PFhDVP~?KTefh2|S411tJF z22D~71qk(M4XDj84Zov}wf9HGi?g6}rPS&nDktWdJ_VD^CfjHnih2$$vUK z2xD%F^S_jRb^6f~ND5hoi7B?5jo?gsdSiREABA%?l>-j3*pOFwp^IcU_APUpx~vB? zq0@q!vj7iEE8@D$CUv5y&@B@JcBICY6f-nb3#<0}q0$REqUuUpM<5>Y(}D{%>FA15 z&9a1`@E{`W1gGqyj;gYh)%M#>tB@|o5)SqP5}vu{=hBWem)~iK-VBmjc@8%$XT|qq zmBt4Ni&0IDjoU4ENihYT(e0}Ru|>M2u*_MAH6ji4O=h+iz>n-S`1lT#M)Xq+$6>L; zD3KSJpn93C5_{9QlCXq!YThcoiD$|FxhjT6_OZS*FJ)IK?lZ;pT8gVBwjK%lX(}o< zy;op%rD`KXe5DGGs>7tO)3!j`LH*eyF)>n~ngQafEdtpYlCYs z!#de{OaQ~6*h|DDRUR*%&cO7Vb(-)_2ecqwwO*nqf+^C76XMDKBBlUZ{G~R+nni;O z8TZRifc-|l72z^NzF(5GEEM!>R+O=n-K$`uZI&3hSX08KmEpox4NJ}Y`c^WSnyz(` z@5>b{l)O?iL?Ze@|F?~ivGMyulb*1HlMyl}@(pi0?Es8S&=+_~Z6`&hy33*r*lO!D zauVA&y;+oYoH#LX+)p49BjvzG#0(KE~)yEMlMZhBV^tv6l3JLTK9gOP4(f1 z$fkb!CTl>IZmE%eo$CrM@lZB8M(Wagu>{_=8fW9)%MN!@O!SRvA6_EjpjH`ZBTxF~E%qS)b089QiS)y|UqQ_s~|+gufq&k}F?RGLb;3C?N4B19(} z1g6KU1KA@>O2L;+<8Xrluy@&c#I*!~H&; z8xpqM%1GjmwVC;CP%`r~nz-D@FQY?O(~MOODPdE2Nu%4YIwhluO%jfP9aMuu#!j=WaU%Nux#H~hH@nLcmp`>mERRmX_*rtk-`ZZU2eoKaoSk6D9Tn>Vv&{v8 z!Hwls{y8@e1Ttli#G&3ci8Q;*grdWFwx86p<0JXy!aR+BjqNzFHL-2PDdP)zS!_<#j zsClcrJ4wMiG!XpIF1JpvE*ECdRP`vM`LX>)MS*;>`X?Bf@1+A|(IaX~WTbFK?{R#QAPClU?Y-QTydpN2lmBF+C z$gBy2QUw2;Qt4sgnDXhKjeYl@nD(&Asoie%zh-VmV$F-26OCP+m)7ONR#t`H!<^0%%lS+>e5~PRe@#NbC5Hr zlT*YbLFD>?Skw2tBMfRNHvo^0iNKQ@P)gJKc#KkWOlY-33&TL_5^xNylaSucjMV@8lx3t%{a-sQe zD?{F%lj$&X>37O0k`G!YTXm?c=O5L^8CLrqZoGZ_R%9`1AYeJJ=Z^Bj3evKUjqhV* zXDhT5pfZ`V&*sh2LeGC4^vO<)*Z(OhZlwO0W(9F4elr~#=>EOYXiZwmxY)`^Uei&X zQomA3g=KvEDL)lh&EF{0VC}cx?R&X0eR-&NZ1*#WO;4_2-sKQ(MLG@xiHEC_?*5Ysv{*l}1wJPKBqB z{~Vg4f#)ZdJJ**gZ%{Zr*cK)8%`#U^(f^86v55o1Qye$f^I)02g>`j4(bofys& z*btEms~8|qu+m}6Fko_3X2*ffZTeN zrgfs&FE6%`d|TU$cHqXNmY!~$+1@{2V(bnugYH+iK1y!&VF$ z=ww1qyq2w~?+uORy2C>U)CG;k{)h^TY(rYGIoGh|h90^u_U3?Wu^ji|tx1lNDQj~( z93EToMVmTGdSL!nZ>l;5o&-*Iw0U-l0Buo^u!0{WbA6(o+i*-RziiLAK~nrm*#lrJ z>JFfYupG@-vFQ1PweWhsJ2aUa*Q#RePLl5VX_P|n?$%@fu-SkuPd{^Wa}5m*3ybAK z?V>ej9;`%ulzN&&44}&R!xx*53wPG@LnI3k3KTF6x5Z!#zT4y4LxA?592uzuR5TVs zlgoR9{O6@w=pX# z{lkx%aC1pXKN0bj8gw?yOgP znlwkH3j3{;Qkpca9X8`?ldwK!S>SoGx?#^?6=Q#o$j@nt$i#8aNlLm3}@xF+l zod6tcq;Z4}=vh)Ut7ZnY3rY6F2B__urey0N0b$CrSY2s%N$%Z01(}s{ z2=H`$hOoqo#MBgj30GwA8@aBL>Gsl8*_LNUw*!{4js7(|?RZFOAYP(oT*qhoax1vvd zBZ&yoTo##*uNm|_T~9PCaT;qbyPj!Ez1*P8BwK!awHOYyuLoE1_7XrHp8Jwqpasy) zJ~8GpZsqm-9yL3R37sHj}QyiIN1 z08g`l8?}G~QW=ve9FQ~h6rd!WvW7eS9m?ktoi;|7SD=v?5g~K#oQaNj`l7kX3oN$6 zhuNUtpL!3{geaUZ=_$=OR5G*o08)kn4i`Oq$l3hK&=vLGW&K*?x!n{TdyVZ&i`~T+ zr{b8k1Q?}m))igGFW}(|RMSiM6HE_wO-H+AOz* zglMsw6~Bi}j*qt$dA2Ko7itRFH$cPy8UD!;Xd%WQjh(OE6hKTe@ZQBPOdzS|Rrz?t zEe!aTv}hhe>X1-2EEcjM!munHHm+q^>3JA+i#XURt=9POXefABh9@ehCs9__ZIrFD?KOUp50gQn7Y`hZG`J8O}WL*^;|cqTy&c8P0jvAipVpWHISW&T;a!2G?}) zjSL_5mkBPEHD$f*haH$L=1tyx4ShSGx{i+a{(6dj*Qi9;i&aX?+O8kT9z zTnMxo9cCPH0&N7l+70q&oxme6(~cI3Zr%ihqravL{7V4u}5H4;IHBXpWn-SM#X{Sfh8OdOA3Alt#?gvZe&#&Ydj zCSu`4L|&f((F@8BSXnIU8ye8Qno3~!~@LVz{e za5OGJRFvu3U<)U*T>C8_6b=PpEz+-Ijz|))NTKLb z^ilKE)P_Er)YeO@a-5JN+xUx&QWm5Yt$6Ft?ucRL$P8%WXH#7hz=(U=X)7vPdaqyJ zB|b*NOkW55jcD6K`O~!fF`tMC0Q=Wwfz-CaS6>wy_d#}+J`N3GFtcLC{=OkjMQh7{ z)b=&ffZECc*;;y4QoHWH0lhB0{U|{Pmx|{b4t(T)H_@x#nOWLWVPQGE#~9abNuuVz z^b@2_L*E1~OH)_;qrzJ>QJV50+KQOpOMvdnFW2`qMtZn)sjB1H2nUNom+b+2_niX7 zA54vDUrGfUd964t(VxQT(0NOc-by9cIzWx-XICv+=~8)P&h5M6DfeMd(8 zNn=xMJ{Cy_{LoItd!?_=7HyO*%zaigFwAZ%i?C6#r+&jnnV zm*6B<}oSoTzs%bm`9lQ=nbOCjce6Mc9Jv??Xk zxg4S5QO}JR!bf36RoW8yu6$S~sObQG*N4?t9^j3Qn`?Frny3Ej;qW^ijWvY`w;ZXl ze`BuS^jzIK)K>9VS`Q~9_d(f#?yI=A)}$)g${)Bt{?n2#?F4Fb0}0_~zip7Q-8qCD z7WaE3AoOSCvjR3ZkwHs{)9JM!BO$x*RXiX<;PPz`)-;US|cBp5(+>D8_%O{Rl5$&s_WS^|IId{xIxk7=6n3Q|<6N*-y<@ z(Jj$nJeWe}Jc@46&k=vP|J$sP&iM>1w`!n?_bCOTKXzz^jE+WJO{hm{8oWeA!kP4o zsPR;j7Bp^D940%dBm(oZBHGIYrOOxMppq{*zbwzG@|1{`d}@RInTdngS(MtNCk;ZdtC;WA9m%_>&uyCs;-?}H8Tw8-iUgRJkq0^Z>ft_ z6QLC1bD3{CU{*Z5kzD}_=Uan<>|!Q2?ePlL)X?%6;U?#3VE^C%`1ZgnRYK~*J=*E~ zFNeOU<*K*fq)z9vE${N%gA^_%nK3y$Z7(`ga&Xs(pE59zs9|pU27-^DXd28Z^gWMG)VY#Wb5<4763DX)pUfe2(U1 zYRd|GrmmZ91CgKFvheT`eH(Y|iF~;%VjMg0-FiC<#@!Pe&O35vq<8N?g3pEFH=6v* z>meX_w+25MZ^|47oTnI@i@*4cdH-O^-QinQN@^ipo3-Q)LG@3{$9VgHr4*)IN}?_6 zf&7HYFxmA!t1k>ZeqXppbw>q#3wzI+^&Yi^|Ghtm}XW(sXrobzqJIbE@f%X?fcF_A;rec>nk*I6gXtxob4^%hB%v&tFGdUyqu3cW#9 z{G5(TLN)NH*_Q$>=k)>~E$t^cTo6ea`8d6XK-%5%+HjNm7eGQ_uO3cURpCV}8Tlx(Pc*$Gwk*DIZ?QzjA+X@@4jmUwR;jnb$$dB|EUU zyRmDr;p^?<&4tyu^eYGgJOYT7jJvx7?Js4T zeaCe7ophDOjNf?G7#bH#KcGK8B-JU5-;y72^i76Qd#V+M=ACvN(?tQfR^&9XKs!T4i2`q9CV7lZK6^c}Z4K zmEI#%=8?kF!EW`VfOrBVs2Dr#valR-As@Uo4& zM%^_^PzNO5(cg*fQ!d~V+AbuoZ&_jYVTa>zCUM!wXc*@uVkU=z#g} zi1@w#Zn+%V__8$5KPJRv!nv4r=~rxc?3%{wepxBh$U_!gJ8h-pW;s9>WW?)pC99+h z#<7^gXJ}|>65`_-nV57-3}nNkz)lFVU3kSQ<~2zT$7avaK_}p~{hOgulz~p?UIYn817bt_ z?V5yJM9$WyyziKqnV0jWAg)6CC*QBF@B}8z8vpUln?PnsBh#E;^F&XlrM51>8-M!$ zv`67T$8+h8^&RQCdL_9V6E_m;+8m1UdO61Oj>3p71}|_$)X1Wh_w3M{hZ>=(3tNYs zIi3z?W`*&0x!R{W@#n|(rr+l(zvvm;`X)c`k1tE?dd+X((b3_%zRW*hSyBS7^bkGu zmdlSEeUynVfUPVWJ2*gG-y86{aT)=LmAr?m|Kr)mB7pJ8sp!Vq%jGEXaH(kXHck#t zXlZJjfRZSwKlQ9@QYPoyMQUqL=%u0B%}Sr~g-XA7^$mWe9xl&u&ms1gfl+WtNg?;M z9uC*->Q76?$@{%WUn1WFy|G9i)TVOpM~=24e3y^?4umCjbBr_;cn-M6G!CQqNLNC~ z=p?YR8L9)H(*me^>LU-1W;qhH<65=#KQQc^wr9Re>ZIb;n86DidLIkd!Ap9ytk?JU zgS7!&S96KEeP-Iiw`=2QL^ij2&^oU;!F3e2CRZ4_I@P-PP{f6QWpzS+MSC>jZ`n2*~hHAPe~nDE#Yum*BL8OS^V*W!_QJZsUNAd!h3rT%ilP;VyQg{ z9@8-J*C{}9XuHU?dZqPlHux&2BfN@=F<8kL;OsK+b`2tJhItMi;O_t=3gi*r@lc1Z zuJpM8UdQkAo>KbK)d4D{{WU}lAOX!KK`MZ2l?(`MnuiRP8T}g;>@P!>tcNW4ha;XLUaoiA*gc?ZWbQKV+%N zfRyw6;WUelo_eV*@zLHaY*1O;on}-cJ!zBQ-cO~j2Q{(&nZ{DDAlQ=GMa;{_lB4Zg zYq9l#L3kT#`@zIMibr%>54*AQcB2}=zhGlkh@`sxBQQq++zl{)yb@GSnQkmkNM6;CYLjVipqz|i(v?Hg8WQ^&`z(A z@xeZW_?>2kH=Lxux?08P4p!ETSif@4s6#8pU7mEJPKB}j1c*d(l* zzZz|zw$#mc<}J78VsJHx)U_ ze0qRTRFFkwT5fKlpCNu9Xou#(VD_IZKPt)1ue;PW1~9nzM&%+m4rDy;DJ?zZa#~Qh zg*?U&1P4EbqyQqJ&PEnLZ!4ec1R>3GT0a!VvXS@#%HHlJmR68gnJ2@@GojW8%`Qnu zE5U-I`c^Goham5UId%R+uZ&*^H$e?$uH*{C=pot z?Y1PkX=iV*B#M1xH6BW5;1rN#DM{A`=~}RScqc8k5jHxzouiL*b4aQ?QMt#U4OId{ zV?xR<$~Iw7Wf)@;gt-NszAE)9S=i=xjSL{Qq%Df7HDbm$ez}3f{;9XI;=6mtHBbQ{ z5&=IfMbTzGgZ04NYYujynG1ZrOR1+aCC}kptXxF*nO(aASb4^>)WQ07jb^Eh9`uUb z3wSYifNIs62;Q>?Zt>f)Eg|jT_F7){5Z@qVT9mTN1XYSkQ<}*(9xPIwT*kPXl%=G=Xva8~D+URE*fDnLZceR8m}Y!o;?S_8?86-w znUk*Jq`$N+40Z|7wl;i zPS4MM#k}74`(<)hcmWLLenJSngfh`n7B ze=%#uj^rs69Uro&;42h};f+3x54yCB+02d3Z1(4qY(1>1G%q7WJcUQ3bOh?w&jP&% zXM^+2!v!p+OiN`+{$bDz@l)rnJt5Hf5#0E(3)=s6zmW>c^kPF7$Wu{QR~It)o*hQN zv9aNMF#Owf@0gl%Q_;)S6~a-FgI)*76cksKHT#I?t|2JtvcvYg8O^BXpLImF3&I5* zHm{1MUlufOWQ3Ytj`;dKIUm-3(JZbre?F6mJ|dCnU{w%bo!pN(u^rnsYo^01ObvBR zUha?m^{uc<6#oP);<2y2Abb(EB$m(maZi0lfM(LL@^Kg=`4M+W#vfR$%nq zrz2B(6K0!xt`7O}s0RT63HB#l<(Z?}KTpLLfqVi|)fTlyrmxLzi~^|;14ia9edAhp zFSZBh3{rcY%bzkiZZ~xQJ*48phY!ccOEGNot`dTjWJT#Ha*+C_`=(VB=)3WRD6vm% zc}{%}zZ#}yTHN(Ty$Q>xHRY=PE1Q7yPl=0HZm_LePG!ZFLlZ)6Zl#hZxDLR#wW)8| zB+J;yHMUn@2$Tl<8HxGa2ivXaQvOWS%UWg?-wtVbXFOU8L2c z(oIZq1SmSrvAb7MUCrb-XOQ9j@Nv7~@|5;1H|Ei};i2)BY94@B#ZL)$=&0tK43AL0md;fT@;B1ZXliJluI?`owxsV`Nm5 zHEiYN+w;u0XD?q>ktXlZEGXW(>k#h5cyW{IS3pcr({JsYKmM?*H#v$Xr5>HM#PyO} zsPLc2#+3I(`CyYh%fz+G2T;(D7+&S7d=IM_uUoi#ZrTo6rMoW+;up4(>R1rz6Up36 z{+|zfh`UP+|D<73RWOqK-4@sN0FShQzG#yR*&cGb-wGyOmKwh(E@T4eok-z4SrV!A@2&aUKcyg4 zm0m@ztyZ2ha;8_l;7oc_14I|hg4}-@4dzP{P-#kq;Dj3^rJsw%19tbixsKbn`xWxI zFwVpgKE5cU$vMA)*ps|tO*M(}*;(L&3p>pYG$!`CE|nTkdp3%*@Pw$+4w?b!CVsWuU%ObL?;Azm*A~_0k7#_#9aW4f z!=lFXbin3GBj4B`^#8;34U}dlqrkLWL%1WbkC+Yf z&Dc2=a+SeFZkBOJXtZ~1cv<9qVG%Npz`LWwH5?%Ab^}7F>W+>Z;cbvC)9C>=3nyR@ zxaKED7TjWuseAe6L{Dm+*IFSO-$so|WJhYHl0(^h>vS9L;y8gp@h$yaj#h4-nuy`n zwJMG~=0G=ufvGt!Mcl{5#B`P~@C*BdC4Ci$mhBTsvtL+!AV2CgLi_Guf)5VWzoR!< zFxlheo82MHr3C!`-OgBvV4+{y#pYtmuSoNH+tvHjb+jB4-B7(Yw zwq@8D+sbgM{2IBqNQe=AQtsjB;Dh}vSXN&Fq&}G!R(@?fIxYMmuQ&=^$t%-f?|fK$ z?}Q~e{fM%WimbM(3VnuQ8ue>-p&B12gKIq8)?^79{#Qm{x&>^KJKMR1i1OVcon1(g z+NJ+qI9Z49gpO0(EgoWzMy!29Sh92J{;$9acx6UWktI?ql{(#ibu?u)W@}G2 z!b1uR238j}ABD!XZ`3FygPz8e_|?}pe#9I~vsH=1eBV30);R=xCvw^GM8DrP_=^kJ zm3V(Xwld=Y;gyBur&|l$aL^1N|5jqyrK+D(*5rRS3dB~vsFvr*vfE*(NTp`yhB2#_ znIXY624YZ%N$XP$?P3T^u@*~0b=4A2Du}16YD1(KI0Tgc7V&AC1Q|*;&^G+J9#re| zPreW~uJ%ftqyN4;vd;sF`_t|5!{_QYw{HS3u{j%+eR~_p|Nda)m6FvU?ckAtp|@P; z)3+N6dI+arHipq&#cQ*0BB1Jhasv7th$w8HbyeyARh(!#8@faqrnj`#EPf>YK=oZT z8ApMMmXrQ3(#@b;JKxW_bqAJqf4M!X{im}-1;f8W;b9DKl&N5^@+O3ypwByk!}!Fz z&Ui#^)^M#qw+>c8+`k4y?*o60Yv^^fH4shtkBZ{pQL9ajvzzge%Ngs82e~zb;cH}7 zELD#5ecOC^b#-}}qM|G_xUueUQa6ivddn&g@nTmtPV&=YEQM%eKQVYS!tnH6oNcwe zT0}p?OI+=E$~f9zJUz)yI}bUci0ttbR6@=W(tow4+NIKr^-1o6G46d_S|j-hc#*M_Y^b&{7aKU>5GcUe(vG&AAX{wg=n^kf2+uxE->yQcAnFPQ| zLDX`%U8TpBF6h7reBlhU1%ve)Jh=lK0AJ#7|DHjQ%fO1T!V`1?Ajz=MP|35cD!a+j z2f$9`H+~hv;lKN>y!>g1vJ z^~*y9r@+MNH)=Hsn1S~^ZG$5YOQeqf$Y&wGiDHRvxp74dM`3|j3^-x$G2!`-;F2>m z!GtvdxZJBe6XhS_EQ!-EUc7kz{5epdh*lrc(w<|a2&q6k%MY7~Va4m~z(u?f8UC7= ztqA-Id=ySRrmG%!uj9wgl~%%2zQCKnuJ!NVD%Aay!Pjd+%Yi)pBSHv#pR#=5-tdzQ zK2+ecRG2A-#!$6EE(o`pyi&u2Q4N}SeP8_jRZsa&AYt9K}M zg8ha9FOP`#4fUWqjC6hXE*ECx@x4KOjVsV=D|Tqm(C3;Tm$bHKgDTID+A0gc+VPiz zKPGf|!lJD47mM9*O@l2TUo3dNSNs%unGS4SrZR>=n(?+jKP+gW>fu|J?Q-CnGXhsy zWb5|Uh|xzD0lmdL(v$)+Eph1pk@t<;+xYp?TL(RN1uZWzdY}6_I{5`E# zxqrZF1>8@hz^i{>4r4;}6cmD@ADiQWXV94pz;-7u?n}r3k3Mz__~aVq9D)0G6<4JA zBgBaJ?DA}f04&~g^u@N<)f#gAo(mYBfwngw$p;@7qQAEDIbiN)1#qjLa#BwX4-ZG| z+P!zO3TI{RiVlKcuMMIne6N)H!K>;CUY}tkXXZB z;xZf8*6A*g@i0%->3sLXJp4hz<_-1{)qvf=R7t`0ujQ9o1D*V`zv#ctjmBM{$qF}Y zvK`;}YF)ckBE0h`12Sn`!2%j^KG+{Re&~hs950NLvm+b_19MJ8=k7WZ(zCa3EG0*^ z)@sE_RY}ZPco5G}HyM??jJp@XKhfsqro>2AJv;N4I^n(gPu|=CM(RKs0*~|JRt+Hx znB|t!*-G7mw`2D{nly{#99r1@o}>CesS^UsnR~vOu*4=UrjV_yanF#(fFRRdo@?ec zn`ohFFR@O`qzoRLgH(xOG-M34kwC<=Y0?8Je_m_+!k!HMMs2N}y>iU9;z^ zGds&Ri%2zlqTfA^ zci(KE{LzM_{wRakuH0VqVQ;s>^r=G`t(4}W>+9uXBW1fUjx($M59TnUtcGoId+R;f z{Ym|rsHJz86CbI)TH^{Amjx=j6;@8^I$-mqN-?*YynZ|wzqid{cw$ z_Hsg2P0;7PW&LvhGsMvLj_@R1y$FLrYPkq%Sey!#`@GUYzsH=7lWUuOhT7F=jrCd2 z?aCfSvuE`d8T7w_Mt8uPH9S{M#jrcT1e?5j8p&5}85@A4H(6YG5K&y5{=)C3v{7(me}c(2q7iLr^rVqwYN!hZHPulS!Z^4m<9 zY+OcL0TcIr)_>}t=cIEa2v=2H8~Wt1zL_B)kaEg~LYcR{Fn=DGU6tZx-#2|cVy+ol z1)nsYR5Eq_dX-{+-s#Jug>cV~zXi{AkkIhY`|AA}-=XB?KeBpgXR+zW`%^?67FHVG_+HPv0-5=k6dFReuV(QJunE}UhLYV>i{%*_F1*W#PxmUwl zT7gzGMZ?37zY`i3qC0cT3~w+3QC_+oY-LoXGo^RZJE)r_M(b2jk~ zO#Ml%+)L6+qA#h+Xg5EX>=k%r2jlgYYin_PqdmuL>R{A z_I9??mc3nlT)(8TdfW_G115Qgbu1=3s7_w55v;!FuN}u7DeN@Ix+z>M*5%&wjDN#V z%dVl~n__nh)XM8%^*H<+7$s5aY*;){089+7;#L+KG8#qg6#Zr)javOZ!Uew&irmf~ z9==58_sv~Tp8x!r2Ya_!o*`J7IKn6#qkfY(c~rKwP+N;+Iy@qq<Py4`2V~dFEg2-fwQrURQ(g&;sLjzJuH;&wuLC^3wNkr1@`- z-}wW;hMnma>wR;fy*h-6kw&e@#{P1;cnKu#i_+d}2NrM(-G>|eQDEwcgTsKJ)6uNc zvopeRmlR-3Oae+tOGdC~*l0_1WF+%tA1m;JbJrOlsSyzf(=PfEz}Gjf?&vk5IF*%S V!>VZD9upBM%BsqgO22ydzW_kXPmTZp literal 0 HcmV?d00001 diff --git a/docsource/images/K8STLSSecr-basic-store-type-dialog.png b/docsource/images/K8STLSSecr-basic-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..6d80f4bfccac6b28529d41a6ec5bf2bd372ef347 GIT binary patch literal 45095 zcmcG$cT`i~w=asKq9UT8Q~{-mQlv{)sz_6MN2Eijl2AfGL_nm2fOL^2y#x|kLhro< z2qgh&LI}MF!j0eGId{B!&pG3~Gv0WAFc{f;?X}mQ+4D2!{LIfv_!})%s+&wV$;im4 z)Ltp+kda-EBmGrezf3x!T?eHmBfCSUru0(JCw=3b+KkpWQ}E2-sO&1#fMe-)Y$i8j ze!`k{>qfjv@Ov5Ar9)VD)})fZ*gEC30pr!KYe&A9&+8co9%PQJQL~1MgR(CgKHYYB zYW6Lly&n=fT<)uoW!=uDddog}e(grVTs!8*Gv?0%-U@Xhkif)k?Uz?tT#L^ey)6*g zI)z1g0fpL-z^0<(GZr~YgNe%o`^X@(zCFf%M?QIPW^pC9-3j!d^PXqzGum~>JNgb$jG+G z*@YlSo94Uog1n>=cP`tAlaYOV_7HlBjO_EJ6w-)?x4HqOGgdF`$jQjAlM6GGk-cDu zMUxJ-Zp&OH{p(vV7Aymqo&PQde~>41VUN7dl8JHP@%Pz-*T~3>v@FjzFQh&o`;N8( zPa34%w)_^m1WRhS(DHueneuySrkB>)E-GANh;Ba(_}=$m9WwAP=xm?xg6T1F(INjF zLv;(v!J|=T)pCko1qRJvyRN=$iT%xf3DN0EovPI+;29WVoF@UJj1gL9}<6 zFOz-bsy`wWubwn>Q(w$Y0*UUVYhNaZX z`i}z;<8a<*UI;{4dxd=%QB2>x*utO`tl8A|W^O`4iNE0OF0AMGBx8B>pgb1U>rJ^{ zS~g?76tiOm_XhZ<`~B?ZZEZ)F>N}n?XGjiyRVzx*@m&rBp7bh3(|IlxlzYn9C%s$DjX^-mCZHJ zbfKJu851_M?y+WomOlA^DUs#leq{Il_pgS%^%vW3XIF~GRJ}&--KSMt&O%nCESXO| z2?wB$#vQQB;bH>8k4$@_5!5p|$+)4-v*Vv?(mNL9@NyGEcZ!-Q>5Hc|P~vgHD%PYE z<=v`Unu04e5s340Rbu&GlLs^b8q$TR#Nj77Bff5Qbpzt>;01^;&Eh>vy2QjM#_Spp zzR724)cEY;uHAfcX_J)rZx3U#RS*#Kj54c$Q6p`L#mm`_m=Cl`NROaPG-&FHz6GIO zF`->TK~xM?)K#|6YC7>YLd6QjNt}S#H`<*JSwJ*9c;890XNfgRYcy|7N0)O!5n?Fq zGNDC(0lPNHT8d8hvT1v=`~2CgHJ&ji^Rm^AwUCqDh47}%Fu!R5ud5ed)#p-@?%WmM zQSyqH`E;4g=l7?|^DX`Y{;^8P%Eg$Nb?A2O#qnWT$2IW-2FN03m5aZ^XD&RSOe~Ws zYZTDDf~tRnSH0e7h~enZB;ste4~Lnu`US1)Dy*oZM}zj~N^|WAwjIu=vRwQS%HE(6 z+yU1?wx7HPtn?7-oMj>7BA(LEmO&WzT~sI(5O_XmWC$@|)eCcY_p2PS`O8YXg4w*q z4KI+RF=u)%>bMke85HN6U;Yni()p#@=JaI{>e^5zRt`f5Wgwb zNvZwHR_-3#qt?_I&}NZtNWOSsVPan~u)&_iy1pP^^wxW>-LgE*K zUrfD;P~Ng4^D!v-qJ=@KHu;qWuAd63y=y|OsYcueIPCxr-)O5ptKv-&;Nn%zq=B5Y zZu?M&?_}IKx)05nEIvYhC~;+Gy0dgK`K#pp)L1mN!%F~A=M#j45M z-FN4+GbvrlhTC$}i#XPfP$xpnp2b>WEXA8YIn{UzX*=$(y^`3R0$bH{F2lc`l@AyI z%bdX52UdDUf8NQ=A z2&kCb?*|W`54pQj11<1`C}r`>1*itRgC8QO;2w&NQEzrRQ3+H@M+YQ7A=P2I_(Q~xnvC{$&F>k4;Dtk??q|J z?(f)3m`w^iP-m$D%>}fFM*20Bg{|CBN5f>T4ljA?w+f7@vZY{#G_enSjPOm@}kmGNTBm{Wgx?GiKw2vj)$~h zE%IzP(4s#>mg!EyVccFHGn-pP+Ej&g7M1^r?L{3v9z92CL!J2T^X@|vL%)UTDCXp1 z(39XjDzoROR==Fz{Yu!#m~V)D)gzDch}uXSXt9lHm|mCe;qJ=K0^K$nj0;IB?BAN7 z^p-NGX}nYR@E*?@g}blc$)ci}ZR z=Og*^T@x242XAGZlbip^a&i_@yEU?8%Kh=Zsg@|@g6F{0#_6YcU+)9Es^ZXT^~mhz z=vTdk_*#$PK-mkrFzKi2CbKc-9c8bl(^;q6;4TxHg{(m{vb1q58TGPi3Yy+msZ56~ zShWWv4NOge4p2VP6o5jWnBFUS4C}Rz_PvI1x7phBts`wh+m`E@tIv+NT^OGL6k*Qa z;?Y`>J77XIc|tQiJwGyq3h-5N&}O6HMGtbQ!g$(CzQz^YXXVxKeb}fnmyrOeEDTZg ztls^uA5YZ~-6$XDx5vQ7n#zETOzO*FGxxjd3WsZ?E9EY+@oFS=wRhJ@s$wYfZ%aze z*x9~p&5m)xVl%Y>u`)q@ohE~!r->Y1TWsjMmo&6cJ8)s$GcODG2571M7kR;*X!ZCn z-v&ZdcgJWrruyG)xt|Nk;AM<7QisSTZ{2J%L!ucwE)GU4dT_?M+chs`fe05|K?5* z;^yUFdz;K26BDEPZNtjSYCI>Z4m_Jp-yWyq`CfCu;|6cb)9y}!6d`mgEpWGFsptBw zBd?I#$5uCZ)pXMm+?#jho0cTyUq?KW_SW1~rRQ(&i1Fm{qiHqhC{6vN!5oybabD-Wc`} z4`h#Z2K5ZHu2*U*!Ng^GSBU6@(J>xr_tr)6T%HgGX)oCR@m~wxfL@lCiBDmTyxn;i z7+BR5OjqmTe1iqs`YSW3Hz#|8A+0vu{-ca!^&>C(;i++!p1VSKMQFs>xw$`iYO+;! zsfO{y^YF2A1Ee1HSS}qu*BId7d+*t@NLf$t^#=$qQmn&yacus6{pv;C`;3Ml)h;#m z%-O{4MMXFd)@Q$8LXNVq>#4kqGwuWRtVRFT>9c4mStcBx(S=S+@DO!F&+iEt8^l8H zI~h+uLR@of!w{bJ53YV1HD*h77;`;-&+akT=E~k8!+KakMmz%F1zwOlUW26&(Mpt}~{a zQ<@y6n4R$g7}9C?%7&*uaKvcpcWT?G!)Ijv^gB(#pp~Y<>l?4+Doz}tr}qzM?)kcU zeonh!sothPJQs|p{p8=0!VBJ9W~%HFf}|(KKHXF6Z39I zOmy*%1TbQ+Eu>F(vK>|HN+FV)=SCnnvp!#nK14O;$ggnce3LvmnUVOctfUQy7rxl- zF#e#8R9jEG3wy0nG#F&;=083&xk`1u|N2wpdPz!cGQX=SzGFCXDG0glk`{d+<99Mb zD=n^Ii1P3wD7aBkN8X+T9UV~JQjI09r*!aHg6TH_Yb6U^MPZ0GYwGZvFMqy=uloVM zWH~xXBxHtU?}QuwJo!))hF`Dv(gUM~ z4uVRY4hag1Z8rC6`eZ8^q3ZiPg%5AVsJ~8SkmFuF)&+Av>pcR=@8hpEChrBDjty)r z-M=T^_>4pe{EG`%V#Kl4?n*wBdFFw?)Kg4xb8*e(Msh*P4Mb&S=3(Yq#DEI8gm!Uu zL~Z)>iRbrQH?#q#_@J`2zKu^T2WLrwC)H25Z3#v_LW!i){JJSZ{5_(g*A}H6orWYs9A-mtt#VdHsaU7byoe3fbgy zY?$p5IpcHphwrOfo4bf3i{)fogI#}r%?N^Wbxog!s)U_RM>9IJ@{ON>?RakQWF&U_ zF-uPQmQOIMmx!!{@&0h+uk*S@>?7k40m$dfPvZHwDPPn zJIFiZIha*0TkC%k&}2-V($Vqcu06{xPTT@a@9XY@Boe1rPUl=kJ<=28c09aTW*Uh# zEH+`+;t=&NxOVDavEv!FWzYEd-v2gn8Z{3{#B$j@W4B!$9JaM+o1obZukTUaf}!p+ z3|*6tdA59*K7OLU`aO65+Z(3Cbbi?h&x|X9%`+DD9LFzt4-yTN{a%8$Rb0L{?QOIg z6AeC9d=4{neLmsKw|~2Fa_HLw!~>^mOPoxzsXPA*T)^E1ma}l1rR%%gW`l8 z#oF(|c$#W|HRsc%q7&o;#O-au6r_FjS-0vRoT*j2`NjxPTARJQW3c)6VGT})u73K5@w)|AlTUsNM$16=?#iQHK3N?9{6-Xm z^mo`hH9SaEuTSGKL!O_v4oma6`Oo;}X^2;f-7O3&iq7rWo>a%D9}B^Qpj(Znqv}DXn)3ed_L{%zBr~`|7PU&rcFMF$d}VQ;imf@qlv-^o-Hk z%c+nza82Go7?L9{$mcjS8^@BZ5stfw3_j2;_;|PQq>grrxI@BxnWsql^Y{Cd)KN=Y z$^%CmZTyd+1p#M(&F8NqKdDnkMC;}Q z2FvT+OWS1jR!3U7*785lzlL*lXg(y#(f)u*C;=hNVfR%9Qg2_x(&EkAX7@o?)$M&^0#zddgl*tHXpaWc0A6*6WMN2 zlRfMOuI=#k!J0gi|4U`lxyR$=JX3gX&o>rWKEsK(#l;lpU8tdbmhAWX|xPOif4Q8;sstmmczYTuMS zjn%AfS#L9yi$`2+PsN2O^L}sNJoM;B!j@=4>G%4zs0%MGeSE519r!P#Z69YsO-j?m zU4D{fK2pSAJGUV6tk{{qq}$F!6UG!Xmh^=DKDczLu3fhz^LgUs_#pE#6P}KZtu2fp*&@`DU_^9nl|GUC%aBr_L4+q`b;k{ ziIND+M=$>)wfV81#9iLG_CH`lFK-84U@s*8;YZ0Pigf=)k^ax;Y5o8ElFWikryv|x zIbwgb&vdAkd|cOhzi1~42sUXPhXa1$=YZvm0L5`AKZzAJbSVWpP~NB=+Auom9Kq#K zYc*MvTEc6}ws@V4$;kFhiT&JR-KBy}qHTRelQ5*|+$Jj|G9*OZOEPSi(wkc;Oc#64 zZH5)4E{HJjJn#@VI=*aSdeCq>sdr}o%cuaWJL-8}Ie1frFg;TyxOk%UqkNMHx(_g2 z0z}8>rD?IK#Sm6Zx_?Gm$e(tqL)VH|C5<0uy-dSbYUv{Q!S{{=k3bAVW-O-$L+VKl zTx2qRnP%8p4Y-IVtB~9Z-mz&Gcw%H|sGXPxYOsk@o%l}Ga2xOg`SKFHG*6J7E4-@4 zYuW8pM0O_c(&wjcxJOSDtN6S2Gi5%pXOWhPDK(5q7s(Uc%wb-aBrKqxLtQodh3y=b z(giMFX(_aif3DEqt=-<<{wy}G%dY^#569tmE7o{z+H9%kgo0-92PlZNZuM>#+S|$_ zP1{)Rx2Y?M$}2`}{;6!dy#Bk;eAjI)cO|^~%13(?Esi-xYs%u7NZ4W%g4mpFC`3p8 z44sq3co0*vi-DmmZn09EB=S)DwaF=WFZyFc#<(}`UINP8{gfQCm;>SGG7aYX;k2Tj z{Px|C^D1dOZ~!s1q6}8Hwz>7zJL2t-8+1KNR!lbMjQM2UsfSsFU=s!iot(fs>|Fb_ z^{h5Uuy}vVV5YG}@)iB&1W-CUQ?lN^m`Eb95tWO7+G%ajE=%UT76IW{HW%7HN}rjS z&4nWxG>a*ft{ZUwG{qbH-N+MyWvFRvOpY-CscgvDo=o|_1N)hnoF2|{6lk%Hgn~&G zfIk&{lWNiChhJ| zH}5HT=tQQg96I$(00k+s1W}B!<@TmffD&kby;2q&160msDJqry zMmM3DZz$*f?B>MBs|V(A4jpl~q!@1$Jz&6e(_@p=PY^G+F*SMJyFztWmOnxDfUGAy z{_snBOu0Gqf!Yqth~kwAGWN&J9ej-iLN=~(srh+kY$lEDM8LR_e7aM;4?cAH)u=n< zWzTXr857$k02c|~`nEh4{h>}zy(i54OuETJ_s#nVx$PbMNjbSYkQ&Zf`QtgOYUPa* z68(f5|ig-=V6G%0_%K3Yij30t%bdDcC62#Q*pzB&Wy%Ciw%*^yDbDW(t zx6@C3(jxEmNt|jIbj6kT*EV#q>|yGnE%7s{DN1p=J>j1lA*l6e%nx;=njiN=OtfvY z&JZ6akKytdgLfs=2SZ^|*v+*YSl_ZmGpp8PnNoN$LU8T+NwvUAmsipz|JsCh&-nc?eJp{GMR%+Bkb|^GNRlf^Yke@Z^3%Eo#!ldq;l@k5>NXdn42YS zrBz8W&PbcBa6zZ_^wd?C#QCI+jZK!k)<$hUpo~Z;`Dw@L`K}q1?Hu`aIAt(S;BbdT zDaTVY*rj<=QBBP{Py=h9Q1%SP~t>VsQ(T-$TCYBOWULxKX2c)5QHT7kC#FOy>L2u*l{ z`CgQoj3@atnE18oXojpgziO(mnFLcv!2^8i3ZAJ6OOi_}|DjZe$jfVL*-a5GT*3A? zu)0EW;-aEjAstHP?9~*5j?{1Z0JUM`DP49NUtX22Kd+HZO@*pC6cC7o^S7@j6s+cQ zZMTW?uJKxNxnx+(fo^n2^fI_CG{$K@!JeKD?tE5MTT-OLzVR6p9(iUBT5&LqlwGos zdNgG%ID(%|zat~44)MW7jfKknsJ-Ir)oyfpcrPGf=|)vWlH8Wj!*?~iRKE5Vs`9cI zZ!8Th((s2XcoEpjA*v5D;#jadb{v(o)R;9^x9Dk#9aIQF+`SmM4#Oq!67kdV>eM1)k#((+DFM@HF^QZgO#6pqUV~8-pQE39*I3FDPEnjTds7- z6L0~a+PPFOAum-_X3G(a(_?8GS@~tGCRORZ-}X8GDqddq83psk&)*yc#?yH!p|!55 ztGdPL2vvO__ObD)Hlt(dbb~yumIjBy`#5GNaC$W10Ab%Vkp1~cJxpNI{nyRt8S%PL z75W~<+!SJMt-p45Je)QThkcaNIobCO47qaicw$*YiZKf_8CP+(S9NFTev!?S1Oxx# z0+NnYID4Pr;?8j zhlWvot}KrtJ>}9=U(NsUc9U3LF>#3mX(T>ulb_ZJD}}*G&P|)F)nJJ>Z+)t z)B0Yp!RNE_BHBu5H@x`Cssjx*JDAt?{Z>aV0DI@{ov#XVRlpBQhsSt=cCzlSv*t`N z4=iXQ6RPSwUGL`_h6LX&OnAys>a_c0C=7bFomk|T~TFVk(E(V`vm6Xu5RYJ@F2UM_~g+-xGl(C2E0pC zmJRckST-*!tjuT2el=MOl;JIy$ckijF?Ss;(p|_pUN@#Dcc3G#i$hpv!FIWpH+yj-GKE_7W1v~ z-Vm~O*;<#+WmPnqg~jmO;USaFR5cV5);o3e&lZ+`JP_BAlDRw`a<4X_i{P#{9T(vk zg29=?`uN$9)(^%|CjEsX_GYl#XXwcvYOn0(GKGSL3l4wBQ5`KaNRs=tzc-AdZN8|2 zbkB{UFrKja?{9T{cE*E3fRch54l>dUEgALm9vN%e{-j=+i&D_RdUL9KvEfg!ywxGa zeYypFSmh$;gkW;k`k#Ui8-T8Tf~fTB!t|R86nvdJs;- ze!q5`J^rxCbToGpUfi7X&~e$*CEuiLGdRC(o#tJ4t(x4`lzGiW z)@!{rH-^-%3UlF?RrC*f8Ff1{6r=KPO7_{?;46yY#D=*E-;*cuNi4Mf6S8#4nN7NV zmbRknn`_LO5>@QK-?w(UCa{joTjoIU_JdQQ9GvlADua*pFTCb7X8JgjL1gkz^`H`P#US%%QUWSj` z5h^}t9$1Z8VWqk<>(a?0eXJhTx?IToldyi`8#W7rios^acfXDx48Kc(thVx9wpeAy zROD`&_Kh^MbZWiMR2np4|NUxNY%e$qgVO$R+Em&otD2Vikq3<+MXs89Kft9L zzgFSNO4KCh{5rT*@Hj1y_;g$%x8`N~!(~ z=^GVSKV8Rx--|ojMxcA2?E;xTH1s^9W?YstoxJ~rfsKs`{O)Q503iZbFH=vZhU*!? zj^e~|H7sCz=SzW((~(IpI$WmGMKLEGS3_j~}w?7v2Bosp_ zO6;9|4(O%AIO4q|^^*lzr|)oR_hAcfG2@DQ`ij}+%z*1t;#?>otdkg=9#aJBC9G3o z&@h*+Y)ZK8OmyN(NnMk?M!c((VT}k^$tvL7823VyH{98qn{O=Hw>s>eKzy}}nuwvA zu&4dajxZQtHIAdu`e0_FsUF$<1f40cIK=%)wMzd+p_-KdeWK`H^g{gj89u)3Q&z7< z{MwMp>i6g+p4uo=%4yc5auOR9Xfqm(YT6q+*z%uB-p8n_c7JItq6*WRbftEFI+d$e zhW(H8M`J)EUEp6N0ET$46 zivF-o)3+qnlaPerm8n8zTadAa$cA z{nO-+0ixLVFo>5wg^$;2wx;}mbJ}9($L;6%mE13XatD~{yer>nyw=kC)Zmq{%Z1i{ z8a5X5{ibf%6Zod=-c<=}bc74(Rq@jtEYuAdk>&Es+d#31Db{mv6LFF`T>Fs;E5P+( zrlYW}#wTEX%jtye0R4qf3MoWe*4f_@ZpgTFLNiVLElE|UNYahOkC3m*y;l8pNk&>q zO3LDd`o^(@0@>%_{m1Zc->Sph%wB3s!#LTNKfZqz*jiPT{w$E0e6>r3@v<@g9_v>&h{3&Vgk<( zChO|zj$~Wvoo=7a@nFK63`!zt`oxSS>!i3uu&K|R#xQ-qYIeg0J05$p2`sj=f8G6S zG3-nABB(s^crloQdhj;jlLn`DhP1b9*<|Ur<+F3Q0KyEGm|vP*^;l8(jc)B0d0I>k z>)@7yYxO>1H7(@s(?p%Snk1p6zXU%oH1MbaJHR;gXo*+2&A+^Wu~Np^@}02lv%^#= zaD{Z*o>`%gom&8DrDHJG=dK==_m-h_c81Rz5i40uzCTa{Z%bxOtY_h3QT@AzK~IX) zmMtX=lb_?N9tiexi{!fu2*_ZjWw#tjw`(4ADO^PN1;ydKUY8wxozXsNaQ^!A!Bdgm z0N{dQzFE%;b6?c`CL=>TKXsZ!hhvmmk;u}wKApGLF};tSYqyK5ZpGykH4gR+)))<1 zm%2TO-4M@kYcO&do^=tM1QPxVNrOzHah>Ejn@D8#4x?`Cdm5Uh;#T^4vedYC;dJlV zgAs9x;@OO1-Eha(MSTMvtiS&JIdIV%N;giik}AyWcrRSdKVj=s(s526pv9G1qc^z4 zk+D|wxblnDV|^9$$t_Yw{-QRC14?Q(ArtIb(uBAa3<>D9{j2ukFa1g#Pcd^XFE3uX zbwo=%&CiOfJ5N7F8lStG&M`*h1a5D(KbTF2U?O$0^43a)kaNYOPBrUFA+LFD|7vSV zOYe_Xlb_4d;=i=Ywp|s;=d}Fw?$_wovi`ft%v*wK#;f~{tm?|Xw8aAwEEC-w-x|t> zrwFkfqdIdf3HAOlV^(luC+1=Yb7R|=RbT%05q}oElS$i~8m#tfXF|O0Z{LM1VG40= zigPnZR?sp`rf5j+f z%)rpK#Ph4jt%k%~T=C8*c5P=DYj_x!_H@xr%7K=&W(TQn&3rxYxWCT?eBEs*(F7&Q zELyLAb!kErxm)@^4P2JIaY1yY=86}trN2c|`8ugV7UhXMG4dp52%Fnf&SV$qKj@ze zI<;(+JmGMB`X1HL_q9r)sgV6OH_2#qNPo*cb1Ct+32$wN!_@{~i%B^;pMz%}q+HYq zb38@62Dr_X7v7K8r0Dyqr@5@(sgN&2XsP*9eWFaP7rBoHV&cFyVyS1s84v!-ixm#i zQBHH!jADux^m z-jb%P(CbS@-%}oYYTT7#K>yDjt4ubL9&tM5`5X2n^;NfcWo1+LfbfZo%0q(W*ErnX zE#oI~7rh?VB0RKIhYd1(IfLDI4oq1D*mzJ(w^w;0y4B0Z^~Yx*W92_cH^{W=Gqcxy zz(2V;>Yk)R=x6nqKs&f1il0jR5^YkVYsO9I9u)RSPKZ1n5ET>s?iGpXdGebr$x)KP zbDOQB-n7q|VqBSLNJ7u9v^o`+FFi{#N~T(02KoxeP`AduxEPQi>FTMo+pBp-m z^gbohN;ZJVm`eAQCV1=~&B(rD>H)N5$jW}%uQWc}q0*$>>eR(`A5KozEP}sbCZRRP zu5S=JH3a}Nw;w5t8No}-V1pCVKFJqPoyNw~MOn@+mI6g(p@JC)Cy2vcmhxn64Wn$< zM=1k;0eGm0=R-L?|HS5~Y2T2M7-y8)rN5Ar)G5l)Qg+usfOO5)v($W!PZj|u%d1(IFw^QJ z9_YogC9z}K6S3R-l(cPtx`!KclwkMQU<^79(NR%z2=EcS=^U>eu$w@dF3#k3Uo6^^ zGy$oZ@pq2_X=eo4of2pho6>7EvxKWZDeTA}w^0A$GIeUvdIF%CdXo6{ud^9jKn_qX zEiKp!;?a0KDT?(lh_BJ8z9YFve{lPu{P~#t`N>dVev+M9%6SL9W%sft3ChS;4i?!i zzJKPf5moQq7#VpR+OqYLbcxL6aCMs0@ln1trs{I!>3Rsg#ShZxcNTZ=-nF*2CY|7g zN=8#sQs(?~R8&*&yi0vs+JW@xKkJ%Vp#y5uy$c{0>&N_5aPAAQ)Un@-@b4Mk-E2W= z1D*UusK$eol|$2@dA>`QtKsLSI{G_tL$dU&<*x@s)BiNyzdq~qii6hfEo1rIj+lLC z`Jn63fC(Im{+e0(XPqSQSQ`J8y6)ox$CS`eXCxUZ$$H2~ z@^6tjkIZh&`}|u2RM+%5fdymVjn_3~J@6}<_V$IfzJZ4~c)|yyGx7*gq#Q`w3-jP4 zrySby5X1zx$*ScYbZy!bb8A0rIuB#ZzgUl$XS0;n#Br=zFbAr%a3)d5=zxO&+Y6RD^F6lVgeh{j)RdKq5yQ@8r|OoJ=W%glKa22PrXb?OQUM} zMs@6pY2?sS=UCGWiI{YItBk1!Md-D7`y)U4Kvt3tc7Atncl)5|_P7e5zD-ZkO>&zv z(&U^D=yWRgC~3;I=CH$S8=`q%dqmEpbVN=}ew<>O-6J$^0;QJP>_9eYoqPn_z1NM%wN+2 zDMCG}_-@BoW-)C!Z#DKD84%L(gCC!K$NDFQS_<1RGfzvGOP)N7jEtcdl&b9MGqATS za!om8)-q#PulMD7p+$APM^?3tDonwVQxT5RQcvt(6+D-e{IZ($h}n-_q(O3YYO~Q7 zI#zv}8Z^Fm390_DVZ09Gk3WJ-sT+DT9c9&mc+ziD$3i1fd6TX+By&dMN$;sqmF*C~ zvO#FZea+yZjK7@(sMe{8SNfg5*w@I{O}|{|m|u&W{Gp5)0{m%I@@v;-I4VG#=4>e! z!9L%dQI0TkYaDm92rNL`^lRuVK?LQ*!0(6COX};Ok|K>`fPO9g#$#EX$uxl-9_pYp z`~dtnl*;ie>5DEEK_97(mw*he3`!TBhw>M9{6^XEVZ2>__Xh(^?U;6%$jFdleVOQm zVrZHh1~7E{yYP{OHi(15Rcs3z$V*h3r03w^u$;Q}EoJGn-PR@!ca-JOw9@Fiii;zL zRyT9CB^4IX)vX-!=iBL&5iSRwL6U_q#;GX-lLKcWzx8x__Cn4kIV3c2kd=-8(Lw1T zX}JHznQ_o>a0_k*d6bg{KaVk$aHBfeoXuwEu(uak^ZW}2&2R^_NLu9U^5__CewSzE z-b}(#87;?%#YUz2Hj%N3E>#tk&H`6-)#;$v=v&rW6x!eMlxedYW%_zRMZekCWkj)4 zZZ&V^FfE~+U2%mlkgu`BKT01ErZ<+HuYUAOAJ+4YW$Q!y&Q`b2&i;YROJpd&j)#rS z{9s050+oG*JPQeDO^>ZPq(HYjtq z+tpQ~Abi!-_2ITW6V~73vUJk;ZRxd%={pj*+Sa$b^=OUh zQH_DJfq~+M%}_yQCIRy&T*2dKuO!gTqk4(2m0|0jW8`Cg9MgX*bH&iGJ@AbY{T@Z# z&_YTL=hOE8cXCFmPgw~yB%~esmiL+47e8I&yfc&cACQ*>-J+@aU0q#&i-7O+|Ayzh zP)nbM5E7*S6Eu9IqN0?Ql-{UAbNel7oKSNO-v9S#QY0FZzexWZVtnIjIkVOH2jYbZ zC#zW(J=y`Di=9+|qX_HIf`U~y;)+`)cvI5JG3iv=K@fTT9suBbPuisRPK%RW&ERXt zd#9eH1&eaFvw4c8*@ZD}`NY2ETWzsIhZPmiNVCivlQz!DiHoarR;VREFRV!BswiBp zmzUOa3Eb(RwroOIBfsS1Z?*)@`@%5(gr0wP6NB3Xmk7O6i(}Cbj6N3PI97PD)bj%`9)&(cGxRdY7ruw#|*ba*u>$okxLIvu;CR_rq2?C8gZdp@>qVn!svoIeGhGxoW(aBH}jQ=*=d?!AO`kK^1> z>vqvqc1D@sza-yS;p~;ePaA*EM!io3niln!o(Dv~&rL09G%Njv*bS;oi61$Smd`^H z&B72_KzdzY<*UpcW5suP51e`fI*Xq6#g2|8NLqS3&oMf?J9)Vr9|JAR-?ezZNuS6GMj040eJUx;~app6uH)oZT zQ-1&Uv5}g#w|s)JZzbM_&c%)U0NT`0_A_ztnOM5KCE{uCTU}?WiSZKqkE4lVX9W=H zqqTc98QB}i<`sISzM2Nn^t=%{sA@V;Jk@k-y;mz!-ZtY^QB{cVRlQd z^@gUw-HQs1KD4~Y@#Bd(6AS4d0#d%nY+>g-l$pfb!fn#lNU;X{*dT-s-x_^9&#(3|W4wf@P z@0k6cV>Ev6X*k~3wlqAbiSO?kjxoC`d8xbi4s%+mYw)p!0}~F0LQSCkD7JP3m0eO( zMQU&EvZYEOZjq|h|CpF-7cch%MlZQ~i>ybrNTpmUmJ{rIOVS=nc9a+!Dk;a6IU}|5 zgD>@t*j&E$Yl#DSUy%pKPlx|wV9 zDv|HW$v(c|v&TMP^%jjAonE=2oR77I`Z|Pb$f#Zy(TV!BUb8FlAubnw=qX&|1&Zr? zOO04bPr`u;&kc$bwyxSkT;=%}4VCEZJbb!)nmGgvcvybt$~U$R#(;H+oB2iDk@lpJ zrRypwlJ<5}4)7+%=qr@udFKZM6oWpZ*L0CigSYM9dX_y3b{6Qz)B{z0%lVwWch9d1 zGWtX>OWn4mht;#uG(|pfHe?4TYuoFLIx`e|SRNu3po(Ra!_lWqxa1410eI&WQnfCH3aOe5+qut`VeuhCohSfPsa1)I)x_l5*#_)Yo} z&=F}5|ckjRfnNq5F*-MW&Qz5xqY6=yFMs03fKr zZK6J7pmU@8ptxgUC`7f)A}h%SaJwwIWYM6(@giwnWJtNQT)R(H)NJqS-=JY-Jkg)I z7QLr*NGD?J;QH(rd!ckjXTOg9dbqQMo0PPA#{dDU{ag)zS>u~?Yotqo{M=jVW`kr< zU8@|c+lxoJ0Z;Y|tY#i)Tv|G=}w0j&>qHU(CFM0NPz1-5%orf(FO0Ka-JIQj zTMUo=nqe9116(JDYS|a?>T6^!Ova`5Ozti${60QFuV}5-g!1pSB%erWrr?4*nw|`} zudOKU1VYiVub*7F3#Cjo8{&|MfW#+bu?P!3Eol!*F%tda&z$+fjv}3kAfoAA#heje+x#**Z}4Enxv2?dTwg!-;qH%_f9C>fFWPIQ7xa8SrrVYXAV9^Cz%y$AiFIy{ z=Lg#nrlZiI>hQ}83nC4bZTbXF^rgk(w>EmG$}Z5UH>o|UmOlP=imP0s909Gh@^};* zL{O)OOK(cRWXW$aPiyZ~dVt&7u84gdyi6( z{kJVM=KS~Uz@X-Dbxpoi%#!ZKz86IG9iDn510&-}tKE-&&Pg5tjtH}+3nhZs>VULm z%)UhKRRKnrhHOo@SeKiSSc2yq{qf>fL*&ljXg>hyx{`IbApUix;8GK7ot4R!h`oIh z2y4)Zj`%XfVi(5 z9OT}c8X17+!RKovFTmFG0Oy{s9f(UXa0uGk@4@|)%Pa(Mn>CCx_Wy1k7(7f{C{_!g z*ff)_l>cxsUTVnM#?0iZ5?{HcY*-B!V1z=WTIAdUUgm~1WbbMD7roYy!f6tq1>o7O z*~anV%?QhK8r3qbzQ`uu)>&3FY4p9|h0l9hxlcsIM$va7eJ$-B?NYNZ(PvyDarN`z zbGQy~KV~K^z)p%V)d2Ds0QCUcuf(u-6dM)`r*(9$(5CF<{t*)uWp2k`qZ!QwOL+oU z!e4+sG)QX7U_Hr$E=G=5BF4O3y0*3&IWX^$Hd+T6-FnKQd)|HpOl5_yX9O7y!c_B9 zyX$|goa0UiP_?U>5Z+PuH632Y+!fXOo@+_@MS4%F^m+Wxe6Msg{qO?rB^}RqgL7K| z{!>(cc_nP_YKZ|ZUo-7j*XYQ|&Qv)GgMIS(xI}xLC(FzuumYsd|0fDtkzjm8R8~$- z>o3pR`0v=Ba^6ZQ=ud+8e*%azDVb+y|74QNWqVkpU%ZJy{KJv{KSuBN2?i2RR{t3t z(av>4lT-+NLz9Y!v%lOHiM#qs6K>y;m6Z+LlL*|K{V?=a9XgJE2_|LtBu?or$%V;2 zu-{dy(&3}iRfpX=@;jfWkbk&(J1gL{&`iLdAvCfwEF|PFSvyp;v$IoKDI^@KS>LV} zg5V3%Y8;|8-FMFMn&}zpN4d?dLg29J5`3A&!Co%SRATagJ_VBCKw}6MCY_;A*ubq;Gr6 z$CK4m)9TQ!>b_$dl=|KzT1MUc*F`S{nj&@fh(8o)fS)m3w1F5{!$#KAgkrG3yqVy@ z7?NR=P`h^GxT2@x;!&I{hFJ~n*;3l@s-{6BO#SfxV(zV@+FJLu(RNkXrO2WMiqqom z7PKwy#e)|KF2x<%(&8?`p}2(Lf#RjO1P>nE-CgcvowdIs_l)n{J;ry(y?%vJzl(yP}WJHC`}#E1Y`*bNL*UOrv+1O=vM><|ClrT;*8N3B8`^r*b64JL;Il) zLq2u$Zp#;wP_wNE_otF2du5w+&HI#_Pg7StDT8J4ZZ`2iKKJ)n?{I3TF-!H90$o~S zvaf=W?pCs`K}@bfF&(#7=L8eU&P{QBVh=OZhjJ*BlXY`OHc=rRGrJZuq?C-G&xvd3 zV{>mS*Jc=&N;7KV&_NZxu-}I157x4dm2ap&{9zy$D<)azo%`PQ?6LWNtVVkI=_S~= zupX0Jmx3*V5G)=%Eka)q_{Ceh&N{ zr96F&?+9lDNJm?;Y?}TAix~K|RngA+nNWzlUB~Pt;Q2e8m%=l=)C~!>-Q-e}`cw&g zLhX38pf;0Mph=-|g;&Qm&AkRLd2WjjN_n;W|2bbOhsa}pLm zJZ!onRU4G!p=KMaWh>y()Drh@dZ4QATs6_mNA%J>5JpPERB54Wn>{ihNQ#8Jxj^U# zGFV2+p`O+S@~J1sku<9s8CO^SR?Ud&?wcq<&+if`vC#~&{p>;&YNc71wwXf@{hHDA z!v*dC0F+~Qh2F$Tvfh|WjXoBhc#Gtn8^lRSU~W6<(Q~diHJ?5j@|_#?EHT@e#KCNVAX(P@i%yiVmaDky~r8Nh=`D6Yi1(IZFeY2+f=d&ocE`LKXpsO5LIme zjbN}VLQ~13(O2+d{vwpl=hFcIg*>k_FWNS1oS6#2B}3NjspD7cP4-eH8Y4H=24bMt zb=qjSq$x1eFX?tPIV2lpF^qMtt^E-b4Bf;{;8avZcGMuNn5gOLO_tPs`oqIMRej5& zCuIH`41KF+5Qx4GToo~8Ch8Y@U;UnE%cI{dcSz6P!5siYaCPM-W3GjbcxKD~0f*vg z11(+iEpn{>R|reTrtTxW3QR}4Uk>G?)KP;y99n6g8qL^V z+`5_SfOxf4!K1CmB0}AMQI?WuSc1HPoLq#WKq`EdlUzOr#D%dNg_8nfov-?zm&~>Y zznC&{>iZcNexzqLSNmS%F(>v+u_$ToUBmh_8e#ICnVBO*oD+SG-}>f zvjg8d_XsRbdtH-5u2FNjh?&iP=QJt|f`%@2V8Q~88Jee++k4uu{Mex=InM_Ae$4Ae za_=@Lia=y*m+5hH-A$E()F05|nZ?)7pCLOhyXY=1Xs333@ix*k%$1|g@I3K6n5{Zc zqszvB0td5_>3W*!>{?Wa*R!TbX zL5@i7NVe7?Lto)365*+6ZvrSojdwD2Pw>N#iMFRsVO*_0sP}q6XHN&Ig2NouP4|w} zHCLHdNDx0!zkisJ0bjrCAQ-C7a)fSEyIs&4)4H&shqy+Yoj(I*QDxcFbNsXWIlzS} zOG|eGoLs_<+u*!t@tT|oOgV4lb=kuQAA_SNm7@k!f1a$Z+*F|Jd8q(!_|Y=`#E<%$ z%1VZ?tjHTMkX+>>td#cno$b&UwA*9vU$=Pds>p{ePIrQRg4*ejE(s{Xe^)BB!n0FFAkyPwD39?9&b)MeucLJ9&+8!Z)h?gS^C$9W{`~I;E@L8cY23N;zwe1o z@Q;rKS5ZhNZ*tG(0jA8MLV4mf>~zN9_;{<#n{F z-;%%N+^M8xD;*8U=4A}Zs|KZSUJP9-UN)k}FD57&4H6REis{{J^_;CXHj4D0$zyH* zKR~zGX&ByV^r!Z+8tu}eXL{}pOuQqXvW_%ge}cUUS4fnEG`Mz-rxG^{)}#5Y(ft7C zn7TwQ?yvo()&h_$A0NiJ{Fnm_UF9dgpR`7`G@cJ3At|}wa0IHfNrvyIYQ5vx0_J7lXFK{6n9-ISEF5FI7ARQigVL`HEZ|91qk=nWn-sGyp%UcJZ2 zq&Ab?Y=+NoS>q!m^9|o6MA!DqG=AyZ^(`BYptKIwNqW1G%IQ6CBx(7L{oO*~M)M`r zdFQy&$YodUct-{v5s7zUE>dZZ(ubctsroV7&H&HhkndKEL-QoDy-m~V)e@z>Yce;r z5Vr2AVV>G!jT3J;_OWsCXgU(mNPXZzX5_{tG!Y&ade7R{#Wi`vK)dQr@rIRWor8 z$fKqd{=J})VHr=gg~bzH_2`-sG?m6ac?SDygN#~;PlEuLFqZ+M-Mf3kX0}wvxsmdx z(}*;D_C1rU@4H1*;T5T1T3Vhur$>OHv=yCUZ(v~P(ztnwP}(?2bsL7^>J|^A1efrx zh^I9-d`6C--j))j&NP zu+G*vA>}kCg{%@o7xojak9kl2bA6m=_5Zr0))^%RFh%=qzV$p(UhB>~O4|G7 z_pxSGTd?8E?AOcm+*`~(n*X1wZ4_0hN#w3~_L&T3FaF5|#DA9`mK#XxnS-i%O~uhY z%kKzm6ki&xxJlMN-`rkJ;h(O2l-GBIj74{S(M4XJ8HR`rowRp#b-m(y1fi=Hbs*MW zzPzEIDh1ikUU=p-zhV8=Hh88BpZ8iO(^qYf(xk1g$j$F9!!UW>g553>q zopfQ3cxHfvDyxo^=KERa#QZdWoEz+4R`1=cui4%$jUjc#n}pm7y1FJO73ya08v!|{ z9nD-N-iLg1tZ|zvQQAC^%CQ@l#65}XtUh(+r^Tj&@-LN4i>O*Jgc{Yb$JKLp60l&c)M|>R`szowC)YQV zIe!c^;amQ6E{wxcJ)%aNK9X0{U?P|-dMSD<{B_arLtUMRy!WSNk>QVgqT5da4f4U_ zKgWuVF#xe2+tUEhR2UiqSw;YmouH$+{TXnl|Anl zE}oQGGq8Rd`kWB_wcy@^YCOEr;eSw9YQc3}fNn`(-guiR6B5mm4V5BFy7_m+{+S~h zpITdrHJszWYI|=jJUu-DW$$*ib}jv{hbcCkFNT(vmj~Gb|C%sHkLGuqF(<Q-knF|ri1LafsFlN%A1Wr#=l8>Y5{<> z2mTMz9{$2j9wzZLwA&O|kbiMM{mY2JY>Pc%5rmSOHED9F!?)R zB~_Ut_tiZZs}cLTm{0L)t7y9BCxBMr&mt*UWwPDaNj%{5EJvg zJ|8#qOG`<)n(qY<0QDf1sD;zn#u_e7I^|Kw?ihWjmGa^li%%U?qJqe*U#>9yUltyGGA!bqUsZ8QX&E!I8V* z+J0#fQK@u?b8+m#-ykSU(NKQ>z=)hhau#tR(S0AOeBbum&90l%Q`diZg!JvttBtPybAQ^2#q5L!M+l9EYOHQ|X-%kZ78 znZb}b*Qa{%kqa{yj~iSw@N8F3+saPmi-8hU{2~p`i%>lMf~VTS%%dIP&6VUdPR?=4 z#1q!K8R6wMlGbsz_dxQ*&IufC4HSg+GP%xbUQHCL2TPs0>-0IWj}K zFD0N^S*zaJRWe2R!3;v;%4Vl}q{rif3~8^y(ng zcm-2~%a3rW`S4x!ft@BKNmSkX$iCi8(l@^3>W7B}On;*+=47yZvp6e@g~0ER-*s>o zM7XIITAw(j0Li;-m8)P8yUChk?{8wt6z)52*XX!m&J2J_MV(Fe(<}fa2RZ7J*zR^` z8c8J=j})!KXe}ei%O)9ov|GO$CRGr5g-dgmx3k);C0(k-)#lPIN&*>_0`%iW7Lr%4ex9a5G!hCgkFgKyBh?F13= z#E@pH(6t0LgZ4<>%KnZJ!35{Cz_os@y_jQNFKI#n{F^fD*P&!()0Q_20nh#XIEL&w z$ERL>NDPgulbC`yoxis}JDJvV&f<#}^C5BuV=Q~1*4VFozD&)j4^8Z>b)sP*)|a&P zifdgx+*zKm5YjXj(3M4zEr~*3q3E1z6BqrEyqRkSaIyZQ#}Oz(8}+%_^eL&AeuSHp z1le`1&?@4psB(;!DH?9f%@aAD{qPO`VZG8>u3V;g z6k^dP8i?-nB-5ma&mx2b+$uz+=}&~VU&4Ms#Cm0*Aw*`Y6*qP%{u*X0o9e2*2elxQ zqMGakmag4>d6y)?crXn*5h2g4{f_nV**^As0RyDN&ev-txtN7^t>T1zKAG>u6iM{7 z+1dWy#GJiTY!?oyiCNM5%^iH*YTzfa zc~dcl<0T4xobeD@%IZHt@{%Sdg2OV2@mf!=z@jY{D#a2!DnGc5Rb{SjsC^?dURbuh zbmFF}O{~VjsmST0s|=N_j0rKpz__7qBoLY{PE2QTx|$^LjX3sHZuso17fOtQcreq- z_xAm4fDF|$#e7MX7XhUEu{CczM=f}%$F17k8D%jwc}nb8k|dFTPbK!!|vN^5p5W%=p_LY=xO)E2j9#fn+MDC@m%{ESstZw`^Tg71#WIEaJHneN7zqw_GF({OI*zD5m>g}`a5TzZ&ude{~*ro~;Z^n}cEmjT|bvUfeK;>fdkdgBvVm)Q!v zm@20ReUZ!e;B%Ds$kJqLr>0ZGYKXnmSkQ9Lx0T)5m2*!|!EXXk{LGhr4sml^CxN#g zyPZ`zFh&wge0GB+9atFciK7`pM$>cZr}>BGC{n+qGYzl($+A#e*nafABGOMGRDx$i z)r@{@)9C_imwxu1FTq(fwj#mz{OKn$57O8X>8Fz)T@+X!u%e3){8ml6>|gv}I7qutht9aok#l8hXH7i7MO(}v>{BdWKiY|xS0_!hc};GFScn-# z6Hw>6hYcR6a`n1yvXgH_(rd=DS#mz(9rF!n?n3Tu*cH`yN+fS2rp*2+NaXAbrPV0b zS+<1RZl9LXT-a)S|8ABNY0@Ppu{*{M9n?u7Z}O^q#kpQKI;N9Kph?0=JWbM{^lJ z@oU#n6PdI+G@F5jJnE>k6I(0SBop{Fv$>#51XlJdjZD?%SSQ1H@F$e^BpeWx#cr>U z1}I(YU;W$SA{DRe8f8}n-U@T^ciV#p#W0|V17Rnm7gxzVpbI4@lZ7Tau8jBaXpaV< zIO&X`(~74G;U0LwMvyz9{&9ZK>oC^b7&Qf!ZXei^E{Lxfz0Ue*&mQaWGpwi(4k`;* zh%Y#XRS6Zwstu>e*Ow@~|>i&(d6g-?Uf1vyv?KbQ{_=y~TQ~`*Cs8iZs-1)X{X#%9XMo zEmP!|mKg*WGV!iA-e)6TfZ7VWgX`yA0Gf1U;h(c%`8QvTo%t4jr&}ByNy+v)m#x)v z@+!$iVL}rlSaGr7-R*%^Gu+(}9g?+aNGJB3pQN%R`S;>ObQ^MOd2e^=ib={h+GW5eQ*t;!)9eP5OI#J_TaPm zxGKP)VQ0+;FVqvCCV6eNk*VEs58V$yxIkXf0k}PX$|61oII16boBS(%JFSacUN=wK zfqC^o@4}Quch;(*o*BFAz4lk8H^>i|cmB@~du4q|Nc4sIxY#T}QC&}GPALuo1vwX6mzYY~=)i z)cSmPO1TTa-1^ph(V_F+fp?5`tQo*cXrR^fsH3OXe zVgz3pC3RKIS9<++Cv(S%oJYD;YY+P=pS`#DJNac{=;Cj|$hv~dd8wgddbHyAmEFD` z!+!4`b6yf#omg4=y!m?Lf_%6&%R<+c^sw=&=a}XTESuSLYEtNcPNM#hm;K>D{0oGg z+pHbj*#lSS0k^O+Ylay5>c|=2$q;=Jl5%T(e&qKFE9|LP-`!?=n~SyY`40Z%Uxqkj ztIB>ADJ5mvE%p4)7AdB}4a$wqeh;9tZXG0gGSv{Z&lxK~k*)76k3-(+mPURxA3L82 z;|vht`6m~^K;d#$n?F6dj@saE5kQxZXiQUTn~qRP_Rrm|)-=pjX^_5XbXf^kg8t#I zn%>82@nvCv{BDrHj>)LCPD_Gk%}t2R=XQS50^Da^L*g$0$L4LqRDo z3+Pkzl4HLYZ^L@HSPgH^ZQ46D+ZTFRqAN?XW~DGabc(vUm+3-p#*DLFa=)J9oL{rB z4shUaFvv@0|I?DkG^Pr%+c|T>r$(8stXSo4$K!?}*S%P%ZSwC;HK`Fy5)}eBp%=R^W?PfKJ#N+jI`L z3^FuXa1^UF>Dz*dk?$$N5&9&q$PQ0|Lp%6zvueQ_;VcdelzP~fW^Eyd&6 z$i}`0R^C_O5JVh1ql^P}Eu@M@E!qgDKWC_M@@!eHM6xe`rcvEv>siBPzs^*kBiVNI z086DszuBx2)Du-I;w9@>CXDW|fN}B*dXoWWxa)_(6)fv-1O109A)u{oS(@@RAHSc{ z=qvF#gx|W;8K~rD>BIi0OZ(Z&Q7ez-#VNq+N5OtGwh)Vr4G|nWeYP>Bq=4^Ha(s1R zesiNG945tjs?F4gBdc_BafI@SF>r#XvF8emi7+5J0ULpK+`6@`i=&)RgwmTK;vP)C zVYCYY+&Q2SxDd7Cvh&7Bikq|t9^^7xpDT-v!wP&;tc}TCGlGgA&4t^yy3c8w6rS+$ z?iS6}0~PT4W%=`mwzt6?ko(XnsWD+S(U`5%hn$n(c#`0`-GBH_(3B&?4OlI8P=S6@ zM{D1{%^7G-vva2k`&F>0EmH?d<(#^W06Z-9oHqBEi_P9_wu|)9DKwz}vFx}a>qedS zVA8xo@qndmg}X)Yw@k)nc+v0odqp+^eibrHaBf|h&?Q`m|FD9ZxW8=YL`pH$tx*!R z(rDXQRaJ@D+aam(a=!!)xT{Q8}-xx)6E|AYvri|0pXF)EW1WEEa!&_|>x@EZ| zs)%GtU0_VX^Ktu@CVE}*ms#@p({h9 ziPIVy79;bG%u$Qm1^0o;VUq-Llkkc(L_V&i38Buj=&s#d|26$ERoF-I%pJ;4`}8Ku zOL^@@A9R0Q@9sXNQ-Lk(#;E4Uo0uNfGnt7uF^Vy|6Hk58QnW<&m84)l$Fb?3GrSAs zH(blzb1$`&NHgph@5_7?D+(H&KX!CXCK7H6A_!jo+!jRecLr+t^Js4mpXGUp@F6CA zVr~!e%KL}Ec^5$2;zlZgYi^abN)^LC#{M!m$v)ZAjLj3iCU|-C+ju0>Xnj!r{7(97 zf-@#97lCVnq0;12iDVYWcEM}^MueDOrRyOr7ve5GNP>gAmhJM^GnkZk!J>QF7#Qxc zfeE!q#cYv)rs`#qBiAuwcAby0Efv+3Zl#r?-A>^_i;qp24XOW8F{M#dx z-}zT(0WQ^(y5TBBORWP^!i>pEj_YRyle_CH4OA}BxV)P%nXGP(cx1z`aq~3u zXU^*Q8-5P3A-C0pZNsch2l9yyMI%wM-Rm6*7r5wKFlb>gv+AOfH zr{Q`0E2(kMKz{kd^HBj+{=}?KI=Ky-zeaEvQEBy zqa0lh_##VlmYh@K`PQ;F8MKZ36}E_cd4!RV^c>@-J>i;Ped+JzUFvzp4!JcOV|ch7 z1@P!s$@ro8LnmiqMm0^dfC#`{NtAFC+RsiLO3DxD4q{JJvBP;t>0QQn54YZ%ISbQrnpyC!~96( z`eUz3OK(5EdMQfQY^jSwot<7y%-#QKk|gqHaakHU`Y7Y($rTQU;C2fq>G1ybuqkn6+aq#sdRFtaMq||3T}a)@RZ9zjAFm5j z8I{x}6~R6(MuC{$i5K*enXyv1`NJ=BHnfeA<5$)s9$Oz33SFaF^OY_TQ+B_Iu$vnm zu}H{@91a9`RU_FEn^*(!ebUS|3ZnX4!Sv6~FH78otEffI=l&4~_N`2^a_=WJbiK^= zfQrAioE<@{s=ZAOM^nUUm?V97HYGY$05{lNs?oYb@@_d+<5SLXe@~B0RotDiwRN$2 zp-LC=E(P)ASVL|(KIN2EH~}+nu;b8c-XYRQbJ%##7+-AKc;&NF*)b(itID>LY}N`& zgx61_<4o&?lRdGFk!(J&=+sr%Q9S7pw!g;e?;2TlKKX7pO1jP{59xGbh^C5Wc&$Kv z_a0@AhDYA~;OP>@`h5M?-xIr)$Mpux&s8ureMoHJWcdh|V?A2*^VQ?yE%TPS(ZRU* z4TsqAn%DETVoja z&PPs8esAQO?YmVn64A2i*{Ut>F|?Arr$=k(<0h3C4NCX^$jJS)HPCwnsduyf6HpiS z)qgd&gZRsvD)f~BaZOm{UmDS4xV$VZ*3S=??sl4QY5?Z9Q}?}uL>r)S<5CC{y{wG# zQ^fsjOp4t`-Yw1D-ONQ&h+Jk<-mJ6V8V@y7-~O#(3;5j%YxnzID&Ga)CrSc! zRn6So+_coyi?u81gs(aMR19fe+~*Y8n3%Ev4Ditah$X&#{W`XrLa6N7p-#o)3NnCc zd9aEYwH~C%miL}a0DjtM`Q@?%-2Uh2AuwLThMEYMfXcyUo@qhx6#lpO2UUdjn)b zJZzV)N1S_ zNGr+jHw7Ze_w4v%&B~4T2XD();cE`bu*efcTwGh1b+srcQ4U9Y$zlM(~=vlLwnRCR0BM}%2@O9^@cK?*ytOv#%m>&>ZGFy#qIF$)5V5PW9UvB~sO!(D zEU(=g&Z{Jr#59&d^5?`r+!c-*ZW6>u@<}8iqvP!@fAh*s9(*cl9nNg;jCm;I@1OHl zILUf2phPp)-|DYXmK7j z{9##{dQ9TT2R4t(AkJ@}h&&sH~>rC&ShB6iSTRl63mv%`aLpraCq96Fs}Z=gFhUh5J&eI=iw zRbh&RN4CKy?vnLP%C}rZ&EbGi4tq@&?p%Y&>TZuYom8J*)*w}iu_Ug#QGkWUS~+pO zpzXeZG>--g!&eZGHmMG6AY*c{+LCGI7B$<3z2fpw&lD0j)E?Tp7{)fC_UVG}P9l+O zZM5(=cI1(L@1U_{#l+hBiK6TD`8E=Yx3ka_OAo`n3)`r!zfSG6D%nd|NoyGVB;ZgM zEN0=!LU3{uoU@Z^FHlTwS!ChN8B9_*K%s-RRdF_g2~Vxm&;YON$78Q46IwR7n8_E| zTVxIS?pG_doJ`GlgIYbvTs2EHUY9kKf-^>@Ob-TMJQG*DokV_i8F1KN@Sj0ih8B^2 z?Sz@#hDBw8n!P?mYxz{XZJ+8h^RhAEwRDCM$3b?f36thpZE1Q1w14b_ll8inja-^? z=8S2j+d$Rd8a`J^U&34INlAK~i+5huD+~KXNqiJTr%RZ1+H~=+&_5~NBib!ugePgg zv;}`qY%6CejA`$i2@fQs-Hhpu!rQ7obK1-}pf9UZzaj(?PKl6Z_lbFw3x>vV{%sKC zt{VYS`o)b}`wtYIkmQLuAAif&0{;e@?hA*mTMyDJb354r*@B~XibZ^6NRNJwKO5p< z6uaIwo&KR!@)13zSwB4x98-y7R!C&X4vN^|ipixaXR0~$c7cu#C=Xd(l#uC^40VI{ z9xzj7?$jLJ2z#64ypT1mFTvs<5%F{FW0)R~F(lnbkKb@<;h2Q-G=gU920HOYo zt&h1=5)#!>4!5^JyT*keyHBSV5XigcYO)^`t0#7EbfWZ@$q1K{UCoxH*#;RFC~~R7 zr6lPtuS(sC!XwxXEDAkizaE}m?e@=NsxHzqxACyXFt%p}2fnCHq-LEFGxyKAK=fSX zhR~Gr^oq_VQUi$zg*o@WfHUPZlDTrXL#j8bFL!8oRbIH<6zMj-yX~6EBc=;Utv+P6 zbhR1D@#7YVH<9)>xXL^>R2F?1zeykXK4R}zl|VyFUZbkWQ7+lmk=M?OkO6x}V%d9< z_f34t$02y&A`NRtYvu4gA9Lf!DM8bEUL`!d#`9K&#{u6u8LL1sihv}q@j`Bsy#7Y}GSNIGLhihZ-n>pO> zb}WX3(5Yl5X6{z#?SrK}nM7E`V;LX4RAboPMSqn3Q}Mm-jMd&wI8}5SHGSu30fU2a zztKxjh;r$Gd0P45M~iWtow0gv)9jwxh#$Fi`XtsD#4v-TH@O?YwT>k;AbMU_a`8$o zl|=sNteC-7Q1wnBa@&Wh(;l)3h92$_5mcA0@;usd(6J5)Wi2*Ku-jzls7((0?sC1-R3%dq6+~nPA?r5IK<*mJ z{?hFUWiIv|PLj!ce8sJufZQ}1#cYyRE7lA}!xeGZR9f9q087Rc>$T*@GJ`F=u)L0P z+l{7@Mm0hzRJsC>d}*!$14k_q)JsOBAq5>CpRza`n8YgR1f2)rljatqHxG|if*P|k zGz;28nS)*pzNS|oqgi0ANp<D-L^jtR) ztouQhH+ie)ZujNw0Kp4IyQDYbN>@+w){NBaL%FQ_I<}>n+@zCL;@$~*JO3}k>Bu@_ zu};tl*7rJAB_d?oC%vZ!EeUcVSeb-hGfPYfvtG7msKRI%pBZV{?xZ<9!&7@1D`QQv zQ|}p{`as94BP(`!=s9ae?H9vleo)AZ_;bx@#)M{Sqs4znGP@)t*D3cr-@5VT%7XJQ z_Yg;qMlBUG%<2fa+kan#S76an$GloOXJR_l2H(A=A7FV75v82Us?*WTpvSGI9qRCI z{TN@nzoRqU#&EIQx=eKS){QQEl!i;Q-rIz#&a278i99dw39i~<8u!!;RS<9eF}x#> zEhamQ&qv9EI_*4%FD~k#%6o@@om2B9IwGAq=%Eq-zetdk@O_cQ&Lq`^;aZ>`$@x2 z=ON~%SI4TiW}eWg3aaFrD@UP{H(j>uj)2axVMBw+w)`VZX(0 zb-kI2?q2tM{JC96HI1BtLX?B!^^4%HN1Nr3|9DvOtM`6j>*6kuo&hhwBonqJ}9-V{8R`>64^@CBLv}Z4X=#JN zpi~V57siEH0B7JMG4R%I(R;r9<{ty2^1HBbl^|(~2u(lZ{<#E*qGpLsno@pIM+E+LVG{!%sal}u>p&{%>{=8nuI9~ICWL#9a{Vm0D)6W> z#{bD-N0`5yWJN1GjwJh9t*Vx;y^H%^Nsy|A+uF)jd@+KfKI@EP<@_S$uDJ?vH+(y{ zt2)X)Th)A$p=c#<)ZS%R;W{VIKWhSKEUokquyoXfj*Y8x7nJgCNH#HtBanRNcdsXP z;#XBPL;)6n6u3ef!Nr{m`<$CKySQ(3ih2je169M~YF7xA%nL-_O1Q*^=5!3+QH5s& zlRE3@6*cty#ljoL)^^KoIs)wU&pgA5Y3JSFr8wpiCz=HOg8nOl;+iNS27vSS08=|^ zGg)n`5JRwE`D#GlII72wgD5peMzX-qmTLHGT(5ox%TncP)^Pr8yxmP+#O&+|t1#3* zk7v~4`kXxuLyy8|i| zR^?vaNm(|j+ZQ7or?O&gZB0FG{L&^DR{_Vm`xtAd%hDGWH^aHX^Dssu&S%dKH5Q!u zdM|ufST*G+HTfzi>RahiuOK#YvBxj=`khV)b;(8H5yCa^i;y4WEkze0n0Q;{ri_No zhy+#AF0eqimxI)9(9+v%6hb$5F+sA|7aGm7qWm}x*q2&IhlS3XV2g`)Z1MJ?SbnnC zk0jZCR^}glE`hE*r9m-_D62H3QjI6QHqFzkALHwtT&^=z_3a{#-bzZB+Gi(wR)P4^ zmppeUq`U-}ljg{mH#F;Me@044$w+Wh;k6DPhF_pa@7?+<-P`5;*?Y^{KrMOjAj;QO z(5Iv?Z{sS!ZE|;MGEh+Jy`RkN$r`-E10g-C@a*x zDJIaks$eAvx677_E{HSva383ktuz@{KFeqSWS~Ps;DD15i2MiPuP`pywm7+TU4-ok zZ{y3#Vud~t%i+*HT(`AW=ug$d%8JcDP&eO&)>iL&6(Zj0GWDc@ZJRdAq}cLifIa36 zHivY3WHjpZ4#j{r2)&63tKJXRU84n~t@M7i2e&V77D#It)a=1=sk$BxHFId&8W$dd z6j)rqCRZbVIrfA7u&cbzO3QK`R!H}!gEq-U03a_i=45`(H8COXUrQ&EUj=8}EhNN_ zP^o^oY&5uA-Y%Y7%g}fi`*l(p##P}g$0?3c%9)bib1IY)L1~}n@yx620iFCRL%`fm zV(X<~XoBeEUNa{WE_zNVM<9N4wY!-vmT=|1ds(Qe0(?a$A_dW=OAfG1`u@_fk(w z$GVS@J^M8&{l8Zk79&kyOe{Rp=OfRD7bt~mKWazpU9WME4~TL>EFFxqCd^?q&ang@ zHj0F2BEDQ(75J14#kDVl?TtiC*V7`xvs56D9ta;nNBM7onz3`h80j~$V{qTAxxGQ9 z;p>uHl~;Z6@+eceZ?p%Tq!;~jT0Q5v{(A0=Ef?qNRPv+go#n^|Ogjk|fujdTq z)xX+MC_ciyf|V>9Ipl6@t#{{%k4HBHcSX$3>RI(ovd)`H=dxlMl)3?g#k8k#4g8uF z^@@CzB*j*d02&hQ#jM%Uqmg`#%kA7EKNcfTWlv@j+?|4aW0d^{Z#mq}KSeiguT)I!C*m8WuVJA(%)*V! zHxXFL{@ENsA;0c6xO%Nk@M401fM9D3o^s?i_z?$ilYXg-4~WHxbzld!d7sJ8&Ncyx ze1Hy9Cr8I7AT{c9b&9;*!B;ifn<#(uMTEWIgp-g@awP@FDmS&)%E9r_Th9upTLjz} zf~3$8YX8OdPN9ag0)lePa9=GusS2V@z`}_O4!Hj-)C!l+0{6a1F7n&IyqVJP|I-zW z|C0mve@EMPzW7u_i9VRpQ{2u?Fq~EyUX_~uYTwx!>C4V&Fs)|WYJ>}IsTi9S-=PiI zoPGv)DU1LwMf8v9!cYo3?p?;89B;cs zSZeukT?4gxoI>tc6GDhuTS0CAm}sYRs^RbvB5+moINX4|IeFaU=CuFuMRsJ^Ei>gd z^9I>7Q3E_$6}nBg74rg#)cS7lt}hH|LzNtLd<|o?fl>mV-vLw{_>6!)cZ$L9hmj+N zyn|7iw7$9zM-_3bZoD#zC}l+wS9@wnXa3dWRnEJiNPq->Fa?mnF_WqJK$Oi|k*+Z= zJ@F$ai7iPiqj=qNq>ou;enEVU1bVjtt#eV~w-1O}ZXJuCu(2Gk6Xdh!(sJX6cQs8s zN}DPam_3&@4|isAT=Ci05)Oon0L`qk(@f%^pgvN4M9ohhKAWPohbc;)FXURcIi#47 zr&STb4QGR1nw6nlR`c*&3|20xtB>MAo6%z-n4y8$^Nd`gqII7=C|uqPe23m_w^jqO z%9>`7eNVJUij}T@@0~{|-)%+ar4e3l9UR%bdnWc%vw!K+2a-nP!LhCEw}0*mU5c1O zC3%qamKBqC)jL{&Cn^ynmF@3@ zj1UA|CQaYODKiAi%uwqmbqx(BA|}_|Lxs8dFjv-sE!CV+7~>T&tYrJPQrisD2nQUo7u0^y&N>WN@ zvcqXdMA#?ea2;BL=y=X<;y`690XneRReg7bEyW>IA>BY!3d^bP-~4oEUQffFzK(hl z%=DaKjF{OwDZW|#f^z2fyd^bl_7%Ch=E~>>w=k_mv|g^PDVguxu}Zr=Gg}o61s^2p zXWD_grpb?cD)KBSZn<^@UC zI`V_`PQ8*29ZL!rOzK7#s8iJThUJS1ns-ku+nrol55gxEs=ra|mJR~*YJp~U5?Vt$ zs_(o$l9J(UlUbHm>4K$QDzM)fykPL_)#G&6;?6O!{RTa25MHlyy`xJGDr%top1Gz( z-80v+yh3|l?4APF={XS#{;A8GoQv{)Iww}jIUefq6<}eESTvR{qchXz#lR%DQsdnS zTEK;5FyN*fJD=UKhAh;7^)$&94WvKV$FMro|6rlvh-ZlkQ}rv;K@J-SI3De_OoGAY zJ15+jwk4TwrJD?$$cGn*a^$q`6sS)OFWRx7nvdTI z^_#GD$Z>}a+uX8hpqN(%q&MWQr8V}csU@d*TBjwWp?r7jaO$DUQ1=mbyf!m@74Sp) zWob?KK-Bqo)L&WddU%sbn^p3hg}5dur5BgdY zwjXBIFmjb~EE>ot?T>rJ46h z^b}i)p$@cmcT5{P5ZAmgGLi(>>yQcXZ@P_M;m5D`Lxel z&t@%0Kta;)tpNo$xu8!J5cB+)lVy%ne8LrfscU`sQO_>Yo%3G`#@cJ>dz3X_ zk8NDM)QFZVed*N&Vic=kP)T5cFsNi{cATEZus>Pbz?M8E)0LTGK{mhlf7z9f$-lpK zHf*?N>ow4`&W(!v30}+$e^;a#WmzSl0{h`(cZaSOvs3-kI?g*3|F7DzHPM(Dz(vFB z-3y7+c_L(P;nZYMuUw3cBR=dHuGH^=AyCK!#Xs;J6Pt&O3KB~ziTF!TNL-BfKk<1t zUnq@ZL{ZzBoGcjjtVLTs!sCGXysT~Xis_C>ttvEEa|0}hh3 z82gSK5e5ePW}uQv5JAa8UJFP5!WhHK{_uxHYPOzPdZ_iS|GCW(! zn-uC-zJx?xiCVZ^io@``PqcMZ{kV;56OZj2w^M<$RX{(&Pf@vWqn6*{ww*@Q0wj)S zJT}#h{$|LV=4a@nMgP5`_?(eUXz^$YH}}rd5n7;r_m6)k#H-(n{I1AJaiRq|KYi88 zf#o65TiMeip@>9akjOgq_4J}(yUlH3JW1ZMP{ZezJ*y#gj%?Lj{wKJnW4G7HsqQ3G zt2+_A;Je_25PVWdaqf6_HW`lQ0aUfE*3ACRh8@*T(z`D=aSIryOwZM^3UTXf70m(5 zZv_{+)qHINMDmFKO>eMqo(_rP>LM=4$!F%c%|?B{*@-gonhn-CchEgB$D>@*x-it6 zi))9uL9P!%Q~|98!?TtMxzSC>D+YQ}n0y@0DUQ2v-vj#IFp?V9_2+*mvo^u^JO9+M zn>4akb87!WqEv)VtJGyCAwD>9yG5rUW1TvrE(*ggaGhJ!P=g1S5SuK%xgYc;t z14QUQ>*Fp463vX;D{6L|f5$s{NmeL&6u`LV3v3NOD(qgk2i0>9CgX8M1x%5RX zB{bRz5L8^6+}hd>qWNfKfw)Jh*!dKNIR_5>30rplk-R3 z^3<%Zn}gD<6#sM*l`Q=2B=S9b)VtXE6oXDvPSY;|%Rc6}WVFn*C;5zwdWAX(b7nGm zBeOuTCX;d7^P8`~)IP^CVG+aM==a2qhsQRNGBGhtl(aGVJiMSJZewFFEeO5LrISld zbecGx*NDIs8B`g`FXCQXOJs1Y22IXhtiBC+O3Vp*?kq^=pHuLv7aTyg`V$Xt!!V~7 zq!U-~a#=oy+R2I|jc>{C-gn!NX69MR+aTAp3Xhhg)7}2>PVHy=6JH=45$0QO4mTtfro{}1QjmU9)LBbdwoy_XU)NRKY{;)zgEO6-;XO-`b32ajAoj}i9>y$=Ir3Ov1^p1 zaC5KO(cp_D0X`M#Q?PBz8^SS2VNvA;ML}d6CcMqww&Dsx(iGf}_>RvKSys0Hq_6Uv zuLJiwX4XuK4o@-RnQ?%N*Tq2p_#C+vVOAi|)8=Wjway#w#%f=stUpWj_N^`uNE>BQ z>COk)N~uhtM75eNARAnRarsaJlJWt<)c!gfP26nFAWJTd4p8w;oa%dHLCzlY8c*W* zRPFUwkD;%(hj!R(G8JRVRF_k4URtl4(5LyDlcm0wzuZ69eE=)jPwNX)e>cS>-ubjs znWZJdJYuwxSCb#K+2;f-NyCN=kR8ngF?S;+X)*W*4AQu-yFi6uITs#vjI2OlZh~Cg zfpVXn${B0K&Rv_H3irX&b37!@VY>|efQv!Uqg5)vC`BF}MU~lK?KVZVn3rrOvFS?A zJL=>TMB-Lc&)Dti!Go{}16m2Q;B9!@j_NyXJq4Vkm87z2^Et$l#8_h6`f+MnD(UDR z<(HO6Raky-mzu0xhjHAWs|y5s$2W=wqweedF$+=5LmKf&9N3ad(eT{>NoW5 zlbwy!XEF)VbgdtUVO@prCWc5j$6lo)elOSNOluZK^8@eP9d@@uH^o$7@8R!d!kV(G zFMgLyO$jZ%pfVHtzq&imsHWC+-@9}HOQbA8q=P~L=?VhUMFL3gp@Z}iAataw2m(?T zgkF_i5_%5-mEJWpAwW=i2|d!`Ok8W9v-jQmjC=3C=hOWL#u-n~ zAzPsDS2k>)Y&yZIf+yWpqbGu6!%H%m*jqYs7IO|0_t^CBMdgB6>&31FY*ts6W4WexW7FKk=7z z@zhrukS^v0+c>Z(bp6JLGHuETUi!9}5pM8l@#j~qcPfANWIih-iVNP&@~oR`il_^3 zH-$p+t%_8+Rt3gzi{#FfS~k2u)`?o!4t3jbw@`XZyNV)snUT0`APffog)uo{ONOto z6XQqWwTHm`gPzfiBbASJp(_1C-CxAN+I6!E`MyiU{%v}E?I~?R1k|~_r<`Ffu8_1& zRPc~u+7m%fGSKPwm)K#eRG}{odd(J>bUKq zjbi~B#~lQA+^cYGX@j)|Wo3&1BnA8w(jaOn;3EynqFnv%_~B z{4#FSiX2PHXKSCr;BRVd5QEN$N`Dq}fg0EKGzcm#VEeLaXORsItZ$^I64w4cEcVq5-CiYb}9t*5oFy>QIlcO)>biMNt)@ zI1Td_GD=GF?}O-STQfGQs*XyKODj>-Ttl-cCS|0kj)Ot#HxfzfW_U>nw<-lxlbXI< zTFDB)$l(VYvptQaKhOv3a#8+*Gp!GN@mp&$}1A$9Gg1#yY5)?Diz3_2s`7D86F0Mu+`BOn$b`}Ugi`3 zwFzRh$D?*3Vo081J{_gbb6~yjR!JyEH!dWNNyNH@2@Cap>Zt~pWq5?|L0u}>Upjjz zV`UYR&ul{bq@0 z&-41Hx>_Z3V5`;&!;FH4DMm9H$nfDA$Pa*IbllHfK=kby-O918;qqXqNUWhaY_zGu zir>RHq?u2=kd;><-#=C$4NJu%ecei@P09Y}I5L zGwc|qAr($6``8x71eIauBFsN55%@y$LT@ zNTl#CF+L2EAt^6l+|wGN-$oP2%#q9uHr;xcvv&eiz6rhMi`{_77#&lT^~+~3pUUiR z+G<vyFQ7ng?0)=-vkB7nLv(2+XABfEEU$Ac*32w2H_--i@+94AVgq#j ze~6tnrDl8P8phvqT4UX=8GVtGVC&Q|Yn(Ei(<3fj``uor54XNd7iRO_Sj_kqW51g@ zRWRu;2{jE(=FpKco-aXjUl>@`YmfNaw_Q^#9TaoiGs@|=gu1v0u^x9Y6+B3#fEvYZ zl{Xxq_caTb&A1srZ}VAV?7(n#>_hn|$JV#cY+hUU_=Ix`CxE#J?M3rO?H&E0(XfM3 z&RMjMVahhp4QXxo7pbT>|fpto}*h)@k^4F*C&Y0;Tb$b&s9s?<1C? zcGsFwQOK9(>b_SCL^OLqoK6qd_gr+aho;nqMpGcG*&%(8^0|1GYl=+T)^B#w8VBGm z;(%9<@lt<doEymvTiE!t^omx9%SJ3)4e1z0qcjp)DytlZg=Y3W2atU)AXK~A139v-n zp+d#7jA$3%hG2{&Rpv&60nH{aj9egf@4z>pcn$@SHMVO1IRg8bpN@abW{s~CV2C*u z=2Cg~kr9VAwG>uyLj#*!rvdLUNuEt)wE8IX!$sFy(w|}K{e!DO|+N5W~Hv_W4>TPR8Nz^y#WnKbV+r_Lgc ztgj=5L5jMpO!iSk7Tfp&{XWf7sfCvwBGIJ}!y|=0C3e_*d+Ke^Q@wr|e?e3AH^|gB z^TB^|4E_~lDlX1*jQQT?m_EdA?#&1wqj3Lach||vg2VTK>%kVb0rmq{^ap7`cP#U7 z8wI<*1~d>d2a1$<0Ak`&bp$ph3Kk^?+~~D{GSd2sjaExbOEzndIk)nt-QwcfLL>49 zzz?b+^A-)f1};VPy#;(8fJF6gm@saqOs5Rgz0(_SMf! z?B$gWC_?z3xt@jF4sCpCO}6G>t@oN?$sy>yR!a$4cp3|#()i_rE^OsEEw3Pn)<4`{ zmIgVk);iF{Xm#((p&~!jj~mymBK-e@$5CL+u; zV)k^Gj)f=*ql~YT)o^&uIr4}Z?+Iz@+ z=y&#^!-6;02A~uKN*l=#Ty`yv-c=d}Hwvkq<6TJt<*zmbOda2I8GFyp2pJ^QHgqB@ z>YJ779+cg#tbG$`Tg=t_mj`|i8Rk8?+Z1g@v%WdtUe>p5%rCst!k063H{NC z(vT7w?JKy{oi9ouy4P-;3dt_;=9yti_VUJ8s~=($l6o;pfv}aYqwHgC(}ycC+U1aF z!NXCx=sgt5WF0zaS5>Pf*cmA(B_n4Vswk{epvYeTmH0F>>f7`^8ECh<1~Z%AGHl@Dg*SB?PqszsZgCY?r`_I z+hS8EM!pY{4D{Yv@#`;*2cIwM=x{DyhE$ah?wbevI%_`m%}jL~lw~yTLy&51v`n(a znt;53xMdDHYx+!A2vW~5e4kjiJYmNu=ESM^6b=;1dWzBWN~I+ov0+=VB|9P-8~P=$ z=kJLVRX+C&vF%92K};Q#rJVcjEHA?2yq(qGPx8j=gtFwsQA78lJmB2CezCy4&^#xn zfQCN&71?gVl2ko|XI^Mvq(fEuL-VZ6@4P*7X+3zllei3pi@H4A*1hu=ynQj=4@I#p z!BJK~yuXRQH;%$Ar|zqRS;;%}wNr*g`fxU8+mh7NR~M#7>y$`sq46)Q89a=KTi@G1 zhLS0?>i@LQduG4=%y!g;FguI&SiYhvgmpod!SIAirZ#+dU{>Py05+LbLbZ)XWU_NX zR8vTwYh6R`*Y{kiwDGequZ2<6m89RgpMP!OFmkt2S#y%LSf8F9_mD_1l#E@%JC9elOoCFGqX}3{?*K)9v2jifB+;gyg`A2XrZ#gP8VuU>xi8 z?|Po_5C9sXAO1!23dqm>FSq;AKe^XO1oJy1jjM{Pa=ZLHSJ^BiqHadgr)#fydXYvB zX+bLEDHk9T?W1nzfrRpVO6th5c4?=W8(&Gv3#T|MrXHKy_PxW~8~2`Mqq8VAc1~sW zs9ayfxwUn7MuCHi-XI2KKM$)Uu$%6|xaP_5W5m@4)Jjspu~(my0f);XA-2BvMOJb^ z48=DE!LESbE5u$w2vzLb$k)j|_^hYNz_adzaA5k9(Ei~FPONb0=HYZ#IIfuS9ebmh zjvJg#`B{E@QjlDoQ>7!z3n&9-M)?FR-qq(WcA#og&M|h?roA^8YymBUXY3HgEwzEn zzm)gESzD00Zs__sHXtxQ)K?efCqe138**?cj;!-WSBWPr13HOS03##n41vW=^G?~a z;jn#DN!?4^hpefX0L{{8r#1)iy6=Jo`3qZ48`22`3L#P=d^QZGXBRo6UWYVQw3V0l zj$g{|?*4}2d!`AqgBKe8Lqs(>htF!}N3h13aO-wK!Bj(!Sl8yxiT{asnrM8W30;$7 zQQ-b#di9Z9a8|h9N@mpwbmuHiKUV_ZpFGRfN*pDjH3? z_CAIN`F$H65o>cnRQcJl5F5s!b5ur4j%xhkRf_Ba1@Bul+M<< z0%=nGI!?Bkp%+&@v&~6($yr`6DGH%`H&aS&$@mA0TfS=j!S@{pG`q);C5%vAN-~h5 zxPpS_S68zV{oJC|3OUUpt}U!f{wYz2%-Q#13qg@q7pDQCOe!a5I{X*cxACbm$_ExjYRGeuYS8&JfutCByj5cacsm$N5sIDBU#=<(!(+RzV5&2^zh%LxYoM zMqZxMzSXaNh+eLy_?xlGpQ%mSBj{YW1(cAPAu$V+tDT;q6nn7~gCCcH*JE^UV9Y%) z=D4QW@7uGBIff;i7dKrpf1VUgWHb^tf76d!p)j4{(B{LuCE6=jW|z0S1*oR!onK-ScD;*UWN?co_NaW59u7a#p&cF`sxRXs&J>ybY)2@di zB8)iEk<#eQ%;=Z{a;{l472S12WT5(C!kH>iy9S1J!`ZYyQ^{b|nez8D6K`I3h zZ%I=Y)VRlafgHX&XEEjYTC3HJSN@BAu6NrN*K@99C+>qfQ6tGulyqT%7wtD~L!#-{=9 zBz%xEW$J-3(RCIb(b4S^GXM298Q!>T#y=%)gQRSOo))9A=R1*xSDWqi(Q!OMbUj(` zc;$6u+Z>2dhv=JX^L~HR$(rhsx}R1j!5k}xf!$560xW#}F%eIjG;89%GTLzIT%$fo z!J%&n(9>1|b?=ny$ufUuq~DvVjnu0MYy0}DLTbIVr%`|%^0YA+sMFX|tv50I7;j(< zvVDZ9Qe-)qiT&lr-FW%tBIPYFAR{2VwdGpswD!ZZoYUHpnOk1jj0~jHqOv$*wPCUj4BuGQZ~RCiZB~-1a6AatjO8Zm0cW8~oKE zoU?rjf$cv?I5|cY1@xbxnJF-G>Jo4l7DY~K5(>{CoCZ z0D3|Hl*kXk`@Hdc@kie78?wKdYkqoaYr|`RXcUH$s=w{+@s>R*?CJwYKjr+!lx)tU z%~`mrv_WnRf`2)^bUdA#GRYjVhRos>@3_-m?}{rJoj$*t zlnJHFw3oEs)Cc@6n?-YJH(9d&xI@2H?K4%pBHlV+9fY5)e2q^Co6bDjt{_tiH;?JA zsWC|+RnIk*68h514p9^zBuNhpK5uppKK1*9N||GWtMh~>kPn_}`8lHZe~Dvr2H&3$ zL2DR;;(ul`(z+?_cm&32X{%2So}{}QdS2Mhf85y^qNj$GQi{);WzQZo5uZdN|x8 zPtv1f4C(c;l}L3^(WZ?j*qK)~)_DQ{x$o$J7}yx~+!&O_P0{h{L#Ya6NMHX~MtoZ~ zd%t|=6?6zI+Mb9ll@TiF&)KMW_iaMDXB za>sEoqR8I-fP@22LAmX5wu@iVY{=lg@_VEHb(F?M zy8!7@ce9H<0>P#k_8}bh`p)Js@s;Omz$lFyw-`Mf6Gy?_jc5U8K?4l%=3Yt0!B-eB zr&%td{|%-2|22s4Z%YpUS8<2`pFicr*1HsQ|46FF%R=|H9p5?p>w!SsxSzkz)yj_A z00zFZfouOq#~8kRxzb=`b6l>9lPqs)J>6BEsEdt@Tg>kWQfb`NyCVa@S12E&mlRhg+9fo3YN`&J$Cg* zN!~v*wID!}R6_QTR~Bx;uoRuD74$ChaO&`>*|9Cho$zxyJoJHUP>e;g)eNH~u&EJj zLwq14Oqe(0`c2lSUw$Cu!CLGbSabhW!R~xY@JYVyN+$^g9Tj3|Gnr?#3<<5SY<2D5 zMe`MWv+$&F+P1sj%y-*euR%lpI&hZ2oEWqFL#>yJtC+-x!eWayvc7Nvgz93-4y=j z4N3D5gYSxOq9KfABpF;S&|HBmDBxlfG1GW*QjbIm@^J)J|Gu1)LK%ODHLsN@FUWp9 z0Q5#i2tRcvE;8Qv>-l-f+q$iSE;Sh_KI*fprs~^G)U>b}c{gY=U#WJicCfhHPu^^d zFq_C;SGX^dkV#B01bBk|gL1%>+9)Vy`xyyb(Np0KUM!w+HTiXpn8S@)%vJZF*Zmz5H~ z3k9QU>|plfoffh6_=wer-iLuFSqw1DQY|?Y#CYt?x5aPbEE#Y;hPfJ)31QDuS8b#_B$)P&iaP3f|`E+Z(}$7-nX&0n3-qUR7X+7 zDfjk9Vs%F_zBX1mh8?AqJMXKS-rz##Cus*A9~`KkDe5wM14`qzL0WlTsg^zxh4^ z6Z(F}y3U`&QGBYhJh}WEjJNve=CTWxL%RFNtx+@YIO10gPWb!vWLl%!W1=uqW6bE> z!&R0PKV<#Ov?IpsN@)wpX$Vf_R^YV<+>#?~h%V^@{t0y6%MYIc8?H3RIM&hldLO^ zmliJFAnB@6_A^0=r~4;BkiFvGr4Ltq7VC3(Yz4W+n9)d)ECF?TXxm1T1KiG3^ENy` zY43dy?x?erT>OaJvYndw`vXRbESV(1HrMGEb8a}g8JRt0tOJ~|Wz^1=z3dOv%F2o%%7?%Fzr`f} zHR%mN(bpBw16VLDiA{FSODoAqy(h*7J5sLAP9tB z0-;5E4cyea9X5j`#iWe%K%O+I#M`_S$>SHP>&>8D*fSK~MXTmWGCg zUQ1Keh=%5J(#27C^YTTDep>?r4b5E|E!CGM{yBS#^!^VvKZ>6|emq`OgsPKC@3s5< zHIC=K?)5`H@@3YRztdFyaiy(!_}=WA6Yzy!?IY3>Ef)Q596+}d;Q0wFc9-zR9Pn+e zEW*(t#ohjU(@l1(k8c>uK)thSZ=86Li=Wpb991=gFsuU@Jjg8=Hm zuUJK#GG$fyRsPsP7?rF{!6h(W3{dekoKWorI2@9s4gYkem|tK2>|vavy}jc3(d7TU zeuhVGY;2U~1`5f^ojjWuQGavgLM})1Mas7)i_2@9QAIlJAL(gm{)}-y3pw1-#rLTG zI~heZnHPmQqx|L__lr zfDl>P#P3>5S>FA55K2%xk4gv)T6J@692>c~w>5+EejRfMVa3u3z-b?+0W(I=hz~-R z&MTUTi#=S|{de#OGoI$sPWT6f-ws1OoLbDPvZYP`@hrPd{|r>r>{~9oIJMp(_Gd~Z z#tYDiMbBRM*y(zi6cIf^k7T(ue=5>3xOYd*bvR~)t+8eK@zSGdtiJ^ZzyYH{6A`{$TCh^a`09d2G5pc%aNiTtA6rKjCg z$KpeEt^5VQRf~EZBL9DYD&s4tqgISM8S6Yn)UEHjfHJZk`Igf7|ZXA zFbT_&N|gR-L2(K!Haeb6sMT{k#1v+0Gqkduddg#h{fDdGR=#;BZqoJ^HMLxyy};lH zxb*wppP!PFEcU)sCWdFtR8h|P`hPsJV&yK=3-0U2QvwSwG5$sQFc@4RTz*Gr$C7Sh z!g=S?Z>z-)8Fw+ay_Bf&_-1CjZP(@&9F}}eZrQ|SgIDKWE7(rqs{C#c&f%L$#Yjer z=;N3qM}3c&W8q|5*79I@9sj-zst5A2SMrWW{kDauFJvJ&48#!$2r>kBn z7Dh-bb}5YBQ|Nb3zKc~~j-1LtLkV$EC?QSSqtbS`m732{vDnqdUzg&vxnb`hP^Rgo z0xhjq@h@+HyC0&a-f7q%+sSFGR+{!CFY(Ff*nsF*c&(a(3Uq}5*0_-48?M;A)mYUj z5mt2t^ zHq=h{PfzQ3Ui}y_KRROB?yBOV*7Mc-k#~MoqX=p#qquf4Y%T~t`#5{rHHZvNfyZcw zUMpWQfr1@wC@yjo1eg5?d6VJtc{WZ-$Gj56#KPUR$;zdf*Hlx`h6c4e3T}IY8u$M} zsTofK_u@sXs)P64CqSJWFC;NxiVAB>KlPv;6z6Q&2Ioa0%S5k5Q^a-FQD(n!vB`GR zl`$EMJn3$motZ<<`=k{kv%NEDZ*)+Z8&oUrsREcd2Q#;q!CE~QsdcLRGz7P+%{=l> zIZ;N6ff{}Ue=h--VSV7$`AW@rt+tK?4uE~g`E+-8!HnPRl3b{JP`v*idua7Aha#rV z?PSV#*et=nOuj;9G;T5Y?)K6+ix4SGrs`g#uwxX*ZjkV)yX6XK5rDnxQX|(HGxSC- z^GCxTUiw03W+JYGzya#ZZVK%lVbzaB{R;RT7(LOPVPLu$3%H@|BV(3K*FZ=T={DhJ zq|ik0Bg*{5#GHZK@WwjzXJ{X{jd0u72e`-AQKf;6@%xeY;NCO8s}wz26@65ju8Pw&zh>a;~_k0NUi! z7LyZ{_F?<5M#o%~C}CQZ047|s=!vI^+(|Hd-WNI~h;C@8(^s%fBF*Khz!rmc%Nld6 z#gzYzagut?(vpswrwOz)3&pIDnNehKV>n5)lo;!sH+S(^uxwCj)d}tZS-p z0?W@o+>N)~iBGRxq{cTH?2WMyN3w=-@_)z`{f?9aVmCQZJhLfU5Ld*)$oegi)s z&6~mz^V8?#O@)WM75!mp)9H{qOCR#06y3m-Jv_7bNaM7rj4GZ92YMlY45+`8TC`BG zAY~y1w=r>YGu>{-W3NnY3AXqza3X)4*AB;o9E}j4(kM!3x+BhZ_90Yq`mL7{@m2o0=(ht(GO7< z!gSm@OxA?7QR5%|#AiMs2R^$6XwQx@nQ5YL;7&rd)787!x4Ff@t}`d%tAN#B2#-aa zw&jb?Vm5ZuZ(&wOu_SLGbR5!~sb{mYog($;1piOC(^5JshNxHWbt zd&+r4HA$9FtrW)Pg;6@*)zY)m8#rT#A)&bbxvAsmeWgYG$tEJCRKVj6=`vcSxVT>1iVAE;dRO;U>3qp>Ay!zU&zv6^JepbI8T=f3)C1WppdZn{4F3o`xHW=Nl0#C0< zKAKf@@{)Tja$xW_%b#ZfWu9~M#`g**%J^wWF?zWxS5h#r| zeGDm=W1iKL<0I=^cM1gC%>KMHYE{fM3|WXy+pH3c-Cu6b+BwB?er!JVx99g!lXEfA z2O4OA158te(OqHG-2KYQcj76g{+05mM0f+>HcdjRawDj7*01Bh4T12+Y5&^F8;WNI zIkuoozpj3PgxDEy5jI*(7jsKHBWS#Zg#$b{aVIeu*z!= zBl(%z{hzA#y$&#jCYo!-aX&oXF|F5!t`~jcP>4C4V2ln>W1ep|@A^J$Y{7MZhp&3P zk)0btXogxfTDZ6bg!9drzko>1wA{Hzmvl-CIa6;fxDeckI>f*m%+KDxTOU7tsZ`l7 z8c_HseQrE`XORu)=BUrt)qP=#Oi<6isNc=VKRsT&W8dS4MVIhJ+Q=4}xqS%k0;GYf zRj{t!@d0+5KlkjA&D|p51)Hf`Rl>Eche4~`Rc8gqcWSD!@*sts#rkI_CN)p_{g5w7 zTJk|i%DF=L_{SL%JM8B!Ka?IDxIEM``R`oE)|57q5uEU|+DK{>WyCH>Dsvd3;b->J zW{>C;p!X7PuH7_sM7!_o=HXNI>#1}ka?AC~pqdXYWdRkszz>eP~vi@X||Wk3UkrN15!TDz|v! zMQ#$Cn_3H~jIF9o+lg^s*|4d!==U@Kj< zs^Anu0+ZK%w1bAznO`n5-cdlD$Y|h1dN80BU1SrLRb;?x7zg0Xr5h8X$yKhUUNk|9_)RdEcEzbzgFDq)sas98ck7^O#dkup zWkv63DCjG###;9h!3_cd(B`FP>Dh_T&CN>KJ2?KAP`T^cZ*R4*9)q zHDmP!d*%#Mb5Qw!0t^)z?z<*`gW%|;eIEk*`G7$1&sPdD6)|zciTxuFPfMPmxAY?K z?Z2h@E8)w*ONHPP;2X(TZ|KGq1A2vP4c5A9?s+Z;jcs{R31JU=Io5ba+@HZBMMQhO zfaA1rrWUZy-KBX0r`l29h*#(BYQ4EO^*E*-)1P4F6-8P3&)FI6we`9~iO~@S9EYb& zZAlR@LZzQfis4|gs8uxHUTXknn$=ajGy8XW$MfWNWqZ8u#Ev^_-EtBtA_6rFthFyT z&JDpip^av+%FG=pIbO3Je!bY!<;^^HOug2%AU$@WhuekA!Mszbg|V@TB-PW(AQ{K- zW>WJC?Woe*s`kRBLZ3ugZEdrkRx{AYZws)CuLGH1jUV$4yaIXDfkbt7 zpaChJyCqSlT7FKw{TG1#nigT@Zm+w?r+)0-O)%bM#skvrRiF1$@4Lcc56x2w01!Z{ z(sZswq`S3e$6~9{4<#QJg*PXUkLMFQcNWVO-?yFb{ z#5hEwahsKMJAg%oby|$}1gS%LYb`c*R)C+?pk{wds85BE2JUI*TeonF@v&2Wj-7X{ z+48{zu64gXe3BnNhhF&*bI5(Azyee`HP*!|p{joxW~Gv3_ywGbAlGsir!;umsgUh^ zc00@>y=tUtEriXfjv*RSQ)3V3>9j0P@Eu-nFc)ID;B+?^X=KEa27bIpl9t;b$d7QW*l3I?>Gqc{lNSr~AWc9PW;So*Q2*?+SDI(4-)joECN z&6Sz1BLF|!N=t>|0BiSCGW6n4^uMZz+qV#hpAIfKl~F!&9PYDHx6^<=X}slmX0?G$ z0{j6|pjDpXJ*>EL;l$x}DXj@_+IJ8UFv=8l6GZTJwRw3K4^78UET+-tYnJ7Ew*=Ty zBijEAxp#ggbvlSuJ`M-D?O*b70oV3(iac6Bj24~uS=A|@YhMXBWg9B)&>qf4Rogk$ zE^&s{Jnx!qS8>jt7-$Qxk5brOl0d98dwzw$$ zl%LO9{rC!^JF_BI>-k7n{jy4~>31kcP<=t;QJpN+VBcyNSmpoG9ZRdDTX3-WgyR=q zIIhRAC8)`9TOOvOW?x$adO*F*l-!OZ(>lP4j=QFcIy%i}`Rt!^x3tRoWdk+9f^r4J zYhyAq?6a<7ED4eBeulSXd?ziEjK8tz^qhJlvC(wA$0uej4p9H^j2wMA`(fAH7V9P(6q>J9v)swRRzyQny7$*xbpQW>@H++1wR0Zgd8ik+Cl< zT#KKA@P(evokxnynYZvkn*&S1)w1*P?ICQyA>BNAa(K1rt5xx|PGiL(AUHAoSq4)~ zUvtHNrL+&Q3k=jh9Ai~eXzp#!aX+>k-a9%vp5y&6PuiOj`a&*_UbWpo8NoxbQ{~$} zGg!}&`n`C-O_u70DotBUOSXLDj=4P(q#>+wvqqRd@ zLTmK%++~ZAxt~c;DFvA(y@kuV5T>V5^LWeP-2-=qEB_R(l&=X6U^u0c^Rg7DIzF=* zIzqxuELQrNRTO|CCB3z(53<6Fj+7e_yhQG_)Lg4h^49jM0uT~{@oB8&${6tnkG|A- zxhE`aUoLmeikK(+p-vWfFRZ}jTd4DdO;fHSs3|N6=PJezFwN-@kpuf-cSM8Y1NCPE z!vGJVX3im-Wey&CuAQBF(YipeB1P0$rC=bLnEHMjN3W@;(}fJ0+Nzql!>Qa_{Kjwe zorhKf&?-Jx_Bc=^z5f&|=l5PA^AW{Ctc~wR!hTrw7D2}B7niO6@ZGFge5VI$v9}Gh zo07%6d-txJ6gdcGo}QCyY~U{Ez0x1w`QuPk>7YraRG+Jnk!7uj)OKJs3*_q{?-}Pm zY%F!U(r@nP?cQUv70{r@JEYD){JF)9!PVg z`9K7IBg}$><~N*`fEm4>Si!3n*zT`lYa|bZQI9DziL*41L|boMaLM0qBZI~+C}h#q z|1XsCQNsnLEV}f+i~Lg?cJB6HB=hQ!ZDP#-N;dzGGXG~7`v05ApT7uoE7=USR*k_k z;Wr71U#GG%#ODmgwE^Y~1FniDmclc`S@PhdHpf3Hd?xSgO7$FMOd?LZ?zR1kV9G~p zh!u#q?I@Ih3|>gX+URj09O=EEBsiTUNc3&4Nr zDj3N!9GK4DU=fpEE6G*n(lvRP=cLscm34(Ae^txFVSMV+7oPM~!$uDzQS=(C#7;hn zG_lp}>echRBigIFysE7bgtn}|V4X_975T&Exv?wNS*i~g(pX+G(k$dZ+hNlmK~qM? zXBwQ9rVKWf>X3G5A*3u^(#zyTM_6J*u#Ei0tESvpb8tA{RcNPq&E;U;o9j;g+yr_>x;lkD~K=1&39HySU~7|Ha7tTu8BQ>SHY#5JRv{d}Wqzqm4dLy0)#@l8`qvx$C9 z>py`R4Wmj5ZsQg7#gXAz{&{emX3yKnEVYLI$aJsSpiTOJUgAWt6^?4->7oI!_QCet z&`nLB@PM>d7*b}hGT~-EF>-EV-Mv*fz@VI4BWoAt&n_h3-6EE0dj-t#xU$Z% ze2nR-j^gpkje#e%mW?HisX5oWiAh+lL;2-}$E8Z!mgaC0)Oy;Cvb5moqb$Ak;LkDuMmE)I~jpF%8bIyjuAzTSCm7lek zz2rJD`(Y@^F6^Eu9PEPzaIQb$13S3QS$cS4cRGtsquXoD`L3y#E0nK&oe2td@^n)J z)0IPl6)GQzw>7mli*lA0-Hvr++IRwavLN+RBgBEp)ceozKtlY1Ciq~^bXsVrJ$M(T zUExf1IlysP(04q~6t)V0aXt4Gi(%fE`!F8lt09&dY4J^?d%6{J+}yqsA&_SBr;jb1 z6^E)C9@L&a*@ z!q02bt+nmXvP|pRAMwnYgPH?Ahp$}{EevmV3<=oI&MmV>p;rXwI~|83Kmy)I{{*LnER)bP|1M2kx-?}AGaQZ0GNE!CITDV;1;+(1^z+Zh=ai$ zVYd~hw{Be>HtANWk}yiXfLw9^iA9Qu_tufx!H<=-IipD{9F%dttd^c>Pws=eQw_J& zPr>~fosiZ3fyrOh7Q-Dfp49{BfTOi-h<4c^$boQgS%6nIC8ZGs5os%;!>S?&I1URu z58EeBV`bv~#dDR+Uzxo%CVkj(FY_2i2b>+}esXr$&ZcMeV#hyEmKOM$nvFU7{*Hsw zFRCP+7Gg(YXAX^B0`NP*y?xPH z>C>!5?-13^?Q#|!2w8Dmy<#SWjrBTO<5qxKV#eB&d{AoA%gCKdw?d2B&64rxHP!6& zC+=b1o*$BCdvj8gQeLLXL~;i^>6-djF8|>EfSM=ru1g8qoA`jiZt4TMcJ*A1?~%la z_TeHEv3{M_hosk16Hgi!CMAth0=u-4k-PBNMwCp8p%y!^vHj_1vEPk+P_6Q!N%;^_ z$oI|~zUtouk6K5A;TuAV9H}BR_>rWUelZWF&d_P1JVb4=`HUU+*Pw*9yM~R92fE3z z7v85AFs`6sqtCBfJ>9{^wxg2N-S`n4aSGF|tmq*3rFb{*qcg`FjOb072!i46TDu?hS+?0r%Q!ZmJ3%#amU}06$H(QX)jt<%Qm0uq zJ~(lxL)*(HYt-O9S&+M-r-Yb!c2CA4-O#*Xm>Vr(1C4HwKIv^Zdz=_QZoj2Y9ME1#oeeE$S=Ya0v%@P!A|S8rSg6dU_QH+EZO zWu+Bry7mjLd_gJzgoVo+@~cxeRc?*0O{)RiCM|)6;;U8jwBfi~sR@=%i$h1#^X5+L z4;l7MEbC4J{g+%~e2rj5CgIk4>s_Zrjanm`1PNP}p1&OYNZ&z?g+Eqnyt8F2>?5n@ zq=e=+1n0ruVKwzUsK=S@>1T!g0UkQol0`Q&6Q8-u9xrY5^vo>v-~8dI<`^%^sZli? z5*8`KmK%W7Jft?`tlwt(n!SB#sb=b+Vu(_V{=!_RxqN)fC)&) z$L&TQk6vO{kh)l0XusupX)U)jn%HJ3l+Hzo1SPd(fi)12hL>+ zO|{*|EC&rq>s9f68S^0(^dZ{(gen)3>ty%9aLQx{&vGVvar;c-f&2cJbGeN&$+;HL zlhnX1)2zX`qCVIVZ6jVLSsRugFKi9!Ute1r(qZc$^U`nzx|^XcKCk|Un5k^VXMykl3Pb!~^vPFMjImghXFu8}^pFBe)T zPz`w?V`K&Om&V@9w0o{qo8Ii0><*C0!3{SN#$$7;D7q~+FS$qODSD=678VX5A0Hnu znz#d-YPyjyFY9WuHCxh4$=9gMEb=mK?W!l~R1-q@lh#xB&}MgQ1)}mb4TnDui)+)j zsF9A+f7)cId+~6V?k}nMno)Kd@fCxC9`S#nqjKvWffVPf=e@tsqzX<*NUTI@sNWc} zB7vDL6ZV!hH%*Z>gx#H>4NQ|O1gy<3pQ4o!e1J)I%-B;#g&h?i@cOFf@B1&0Y*^~+ znyPJMt6?iVztjVSh5tGB#^jF1tIKmkIfjR!<>6M*hv6Nb+`~o6VrJI(eAHciVF^5~ zZ3{<$Q;?YtSl0^jQk%b&4=Mje^`4rT31?X=Bq8R{uyk5ciYNI;At-)NFn7_=*pMq( z&}iMHh%Xe$f*D`9Zwq?XxIT=1sBc>RG`;#RMz_-?ice5tZ5$P0a5mC_%Ib++9EPnm z7M0D4#noE!^1gn0?7G1AFGos`-Kh%ov7I@$40bDam^^I~Hgm6WFHZiV&gdc+1rY;F z$uxq)k`H1B+dRAwK4)vcSo9AzlFOP;+e0Doe8mpMNzCuuRD3jo_u2Xx23SG5$e_3* zhm_!Wyoq=G`ygQYn0=80Y>AGCoYMJ_Ub@B42vVoUz#tC@17F|fttczY*ks`i6);NA zNqT^o6fG=`nnPP-gjThi8Iv7_b+Z=ehi_#a6)F}7>1YQ(A=!|Mj@1@Tfy)Dow>+5{ zl?C{(^|+xvADFj|WbH&~99q2oyY<=Vp5|`&V2GD#V{x((pOyecYoig@4ecNgvf0C& zH8i9qtQ~9``q&ZB)?#>#sb+01a|U;*fO5I#0emn5g_`Rr-k7M^*y?ii!;4}I>9yvP z?L0^xohOw#HpuO&%CcR};Z=z_A&gM12YnODY_HlG>yqfev^KblWSC0qkB{SivefwF zB0~IO{-q;ma$)XwDAIjtb31iFf|gcNUT7&0xp;S3EB?R+;pnDzMV|rwkaXQ;$X)nx zAyRam4cJ*1JYBJ_Bb_z89yeaJkSuDQ#VyJ&9Ch>@VcJgq=Tc07t;)=V3btBUO1x^W zwGvj++-Gb&v!GSM{R&Z`sHLZ5V5_cVFqvd&4wFyYDHB?B6%v*9TCy+S<*oib z1N%2cZ=)bpqfzjJGXu{*?!>Z+^khVy3G4$qmK$r|rh=qtSdyDZQLw z5-W^5UsaQRV!Z9aK@iiaW_)nb@*kA+uHOuyHY!rF*v-rXAkrs=F|?g$XWF%*NvL}^ z=#Eoo!)3EOBITXkgYt&-<|>HVkL~w?0h3%=|7tL z%7X7!lxZ<|p!?~&hoX5v??1nr*G?x)8zwhv=2?VhT|}Qi%k1ZVn5}XqZSKo@+fkXt zpssFJwO;Ni!yC~MF2IL1aDJ_#2jPyJmZxiD&5#i)>rnkeya-CA=C>cVrAn`2z9ry% zj=&~rI&KZi3TKsq=Kt#)56&sBn}YMpUb%&A{!ah2wow6t;oC=Yn$mf0==5Q;z1I$# zyL^7aX&-RpFZkN_4B}Ma9yl3Q~PqZzIUK!fB)O9FsAs(PWTOJ*^ zOFH!=Ku^l_ww37qT6?WGEIha^Vq0rLFzbrVVF|)3AfLk%mB`nOn^wT{#4`$$T)5w_ zT+wLPN!t83WA4?XbIlD~F9DW!{=ENY00MQ{_0rPP@bY`VojDz*cf$m{$0T2-Aq_-5 z;Fril2Kpns*l8l}yVNXrl>a`|X}szFx5hOIwikh4#Caw=>(J1~Uims5R+>K1fBDjO z{$%vhiO0QbGzowGC-?0Cf?I+VC)XAS^1eqX{I1q5q@n5i>pvN6>KW(@X7&Arwxi*D z+usv3e=9tlJGi5v@L%a|7Z;D+xF+zJzp5`{CrfAEbzj*2BLPs?y6e)TC0rNfb)kML zzPA&JWsNIwk0RfEbv!zr=cf7l#+}vwWwIhPo;DylovF&0Gye%B)q#YR{CS6HRef-7 zKbiDmZ;}67IXWiB)(Rn@>o4xRb70#d9lS`;bHtKlDAN!pMP0yc_z8aJms1vHY_myg zQo2ntuXXA0^c_qqEI&ui&2ez@l`>(5BaVwo)E^an-Sq*xS}8*w!QSf4;qxhtB^Y35 z-cqS&$8$iOni64upnP;VH&-MmxPMrVIzY{8e{VC_61a3+v44g}Qg`*cO4D?q*@yd> zkiCSXfV9Ba%r1dlq8G*KlUyagPSpV?4K_QQf~TI@vcbudc{PE={D)sdjwHx^PFyX+ z0_MSoG6Y1BON4yr(_E9fu!i|6-IG)G-RT%EIHc~VnoXg_C44sYQ-J5WUov(ot{Ede z#ZKS;7; z#hag(lS70aPzbT*`jpS-v%P9oEQCNG?~1?=IBK;WWp{MxP%QLa=1M-|Mtl)^6;?{M z+u8Hd5A1~FAPC@)RzMk6Hh9HKYhcomA298|+~AhvH04c8^ZSnO2qixNa%uZP7kG6= zoY)n%8x&@hgZx@u!y09D)aRvi)=N%l5jE0>uO^?NGGqkRC>ZJ_W@BOI$wFZ|dY@&q zNp~11Tv8&IWnX!+huplskJTzalqe6`tXVQoojZW?GhqgDeHZ2#ZAuIbjBr1ToYqWK zG@PWu^Eu^VMO2T8Jj++Mp`u}*F4MHC=$9&Gh%(R0bWiKQK0QSb<+#@;!kH={odH`t z5u;v480}$e{2<2NTz-3Hl!6M}NMI!NF?5MrP%-q9o}p(kR}iv3a$_H23|-&|TrDu9 z6f%Nox1{u8!m6HA-I0*MCR|x90B)vSqg0%3r;fL z8+>J70ME9g_`Mc817fs~nZbvB)mC;5XD`W~7PG*ajmzNXIht@ND9TBsC+i`balYW0~>aBlF1LJLa2@AA69cF z{kHNb9V<@C7E{LmC=U#U;MUg|)i5jTsA_Qpp{3D`JQLI0M4KI=4medAAxql3EJ2r1wkT-Z(hf; zulu(86IIlC7B3q@u0ICXAj5w?)hPmw?O8S)+_Uo7RD!2bN$Y*=^)4ZmO>?K15lTtO zcmd@>MCjqNm*?>8(^Z$9-Oz&t=ZbQM(wYHw^57KUXqxJJZX2c@D7O7}XwM6N`#fl^ z9`TKGw3?a)?aNutUR@T+oh_y#g%T{oL0Bma=m1 ziQZ*Emg8zR1o`-Ql=1_ccZwJGA^T=w+CLCpHJu~i0ge+o%2SGGGT(cHAMCp$Haf=s z%9Y|-&5YbcD(Y>U&p6rn8zbm-!6orC=EQiL&$lI(s2w4 zNlC-t=-Eq(IWtBlhJs2)cN27t zDmF*30b{!#FI3=1p#D?h;R6gs2OJ+bXq*re@|y?EF5wMrehTUP8|VHu)-okquAgV- z)@J7m!k;}xn!m2-^9tv}!8nMFW{;(_D`uy4PEU8x@CYl=#d;)D1qu3_{M5f*YR7*whV4rUjhv zf)CXNf>m(UTG9MvF}gsnC2jKQp)sPY4R>|hv>nz{p+{5EwlHkfPCND-XElDV{3zCu8g7r_{3) zE=4l$wmr0i_i*E4(US2>m3bCpi&6|AB0SEPb$UCxB%^iNXpO|+CwCYlQheu0@T8hJ^aHBw09!IXT>1_4;z*SZRLdCHFZ< zpog<%1ht~n3+wh^-Z=`LzB5?l}QQYeP_Kf2{vByH>UKB>V{r$G_zoiz~J5eUCsp^X(xiXspJ8&MR z@Eb7ei>iue-Zwnn{J--8|7T1y`K-f+2J$N1wE_$h+Pg;YU~3#Mvig> zl8?bk6gFMty5Q(AbqRlMvbP~4ee~k%J|yIvapocmdu+qP4)PE0MQ0v<=Bgczhnnnj zamf2hqzYQU^QPtOG$vCi?w`bj1A|$vzCWM`vC~H|IUb@NowLHT zKQj{Y-uXa$G_p4%EtAen#OCSw4~=)n6X=E+e_Bp;!O0T+Y^9K__m^)uKT$gdpEkOb z8U29%RV4e+MCu_QR~FnKJ+YVCf#igrOAP$FWF)bfXb@xVLJQ7#x$Fj<3y99l1$b1s z72At{36NJCuU-FnL!V=ggw52M=_%6U$(ZaOk*9{D=MiU85(~HI#cgB$;6(FF#d*o1 zk`9VaME^ZDCkddZdA1;X(;tH5FAQMX_hbq;l-Y|m$%B7@pEoo(>Dzd^CKw4u4-NHV ztX@{Q1W%5)VA@oNE#NOuzPUNHCfY=psql>{!m-9!yZuY5ryuQ8t$j2V27y6!Pq?z94zh2Q>&-bMkdOrPOqLev* zO)!%VSYs_;Q8Ll$g1V zNZ}Wn_9HCzNxqk2wx@g$-rd+(Q?^NhCD`j^WxFV+-EYSLjlL;&{_~_UPr-NV7<`hf z%Vu_z^9E3Twi={8N?@JR$xMNIZ=5!{Wz3(r*p1(7TT(4abxIM@H@`~glR5W3=*TGZ zf64E-kM2K8%hqOo$|Lycm}roiEO~C!bbdz8OEh~u*v)nJCZMXM+m^hw2+_Ae_~K27 zM_l%JCkDRuLFW(KuWHTL76DYvz-}}3_#-SEf8p&?Jy81u=dxC>pw9^D=PM<+lTo_+ zF{jT7kPGBl%7{h+#e$Uh{9;G)%XZ>7jIN(qY zgTAhJrAWcIhw4dsNrK;8=p@#=2e`83gQ3=UO$LWDuT%!(GwC*p{>+Tzo>$p2CFhhJ zbcNMK<-w1O*Cic_vI34iKY82qP8b|+efu73`QH~WeYO}T7y2_e43vPwCCt zkUyU2a-HD8%SHp5%i_>r5(o!wW!XxVlQiyMdP0y|2I8;CNl3ZWK3#j1_#l>j*su4~ z`k|yllH2AI`M0&|w+Kf0U*a0y_A>edUV-F%))tMotOHUBqVe}_>QaN11lhmrf^xgw z+}dXIQV!eelFZ;1q=ShU+pES;IC%>Kt2eUjIFsgVP_-Q=)!IHQoi3* zT{4r7xz7){@rf^nY<8DBBc3yGGxqL)k0wXBE5bLzI>C-lUBsXkN?pH^!F`bo&-{UM z&LBpYjSk(I?KrS4C=m^FSkyra7IA;DXUq;m#FB%?zA=W!wlha1dVY5S)Z*_+xV{=( z*rwY^EE)BgbQFu4xGfjA!f!tKDI-Iauk;hQ_x`@*zHY`mVy09Dn)^IVD>``OOinxS zVc7ZU!0uxsL1?Z-T4oe{?ht-by0-Y7>*! z51mFVobJHoFgN8?BG(McIfeV0;A|{pIDAIo|?$@9FcmzbVvV z5x4PQ#~1qr20q_j<*Q!m&pFZAc%6-SnzFn;qZ~vsIu875`_$uV47bzXr=f<;+9U@N zo8~&(8wtTrT#RhpTu()~kH(`wTY_}q-9i#3_oSpKr#GX&_e&dzCI7f=k*BZTJF?Fh zkf)^uOSuo9hQpZ*{TTY_DOJ+Eh-nzuroJ>N80e@f?&dKE)O^NU=G% z$ap=>7=Z`jKi9A#kCnWVGjZO_n6ltN?LC&v_kAhl1@|Tl^>G>T=Hi4QgUqXehz)S*4O!-nv9sh!7?SV=2(rF>^xdZZ0#{OHJmt+^-%;Byif z6htm=m=S|IFvDN>=8)FEq!=Tp0?;}U)*LwqfM`&$#KXxx^#wI zJ{A9c{9Xo1+`wRFlv81PioEX(Dg5|Q+R@VQ$)ajw%984GAIDq9gFDgRoe`MGr2@^M zAl23|_<^n;1H1l2F_f!r3&`3y$%8h{m?*S}e{sA?;(b1FAC@DFjIs^neCNfnt#PSeRVA7Lq z0=JG%X4~&Jm&x$?*Bao*$uTPC0|KHfp5D1)Ih#^hzNB=21@;BmrIx5=FJb2XtqBODcRb=$n zNc-0@|6+9=C6AHU5ey(D(g4#$lgOR-2~{@>dI|BW-SyIYaLJIXRzK<9r51e@-fe-} zC)|{dKst^3GH@O4Z-%P%6%4!pJCeem{}I~F9R0ifvpK`>p8a}4Y;Bo!l7xMArhC2J z$RJm$`|Md*)^m~9`Nv~~NUXv^-#Z0`g`*$&u!bUTWMpqj=7@DCZ$}4)ZKrM0p~R@`QVK!uHp092nCX&5h>DvuIgRR)MKsql3OO`eY6jAL<4N|Eay<@|~Uf zJCGK9KH;#e6m>20wkUGswH#(ClyZCn#y45883x|S3Vu0|VEamid{5H+gDQjf4jY>YTkueckUznbY9PDPSJ8 zokgIz714Z%;O+Y^?J4meaK4;c_f#V?OD8wQLCOS*psU^yUL(H-?{>`nm4Pnqkr9;R z{k_E8FDDrcxm|wP#TI29t+)0?@)Kgs85>oWA`3oT!l5^89J$N{xn04bw8ORvhgk7Z9NNt`Aj;%dO;XafInz^zlBXiP z3ypFo2vwnML)WWY+rqYj7K$32ZNX<5 zrJ9OWRGe_@rG1;iQm0YI=-SjFxe&wyZoZUMqm0oU1hejdH6A~>x&EpY8O?=&2`Pjl zymw}6v�k+)r>ilOJAi0zNZp@U*?z-aZ^)?4A_XP-^9-E(yD7syy;OS>vB6cZr!1 z8+n~SHyZMu*lzb@V(1G$v!oO2HfsTo?xwi3+Knen08y*p~4ryy6 z0lj@EFN9jy-?)DGjvwrMpJ~q9PpONAlkSykFL`-+zI@C43 zRU;8?O9@%~IHjfGJy`M~LZyWOpZ6Z1yKhTCz&Uqs5 zq@CkmE1)ORkR`?pnYX5=r-jX`{#u?wDD6W3YjfT4etVMKu+Tx>Kw#zE{~=`o?BUK{ zdCA@xwuA^N;{xb$t#kzd-pG0RRih6(71IpeW zS|>x?mRtH~Zw%KbFRRZ%Q6_83^5lVH;TivvoDAmgH?GidUbQCzdLpw%@({d=_gdYj z?NYZ_b&m)6oy2S(z*TnsM|)=-)mEFXefrWu1!iis4N}|*5IhjvUD{&B zN^y5+fZ&AUQYcW|-3k|z%^{Y|L zM|2{2%b4g25e87|B)u=zIZdrcgLOMn4I?xd)Sn({a{^?CPU|2H70eigL5i~dAGJic zPM92Tzi%2_su>{)BM?lqD);CkvWDRJC1G5tX1n$$?6$ykkA7-pcAYbCj|ArIw~lG_ zfC$RCezzpd=fBAelYq{jw~Wi0vUOkdg)KZu&Qi$-`pO$m_mXeOTw7guhIncHjnvEe z!APr@m2ZQ2CcoNdom+3r-4<}R=v!H8(|2pqgG2HAu+r^Rfx+RR~zoNCGNscw=k4eG%IR@pdz5ie8S|iIOknOWvwhtV$<^6+y*mHrVn* zoplW3c*M6ycR{wpB;k7 zX+ck^ZXd7|eNbg32j#EGDU^&GD&3-DtT;pt=kN>ktKE^BY|d8$cbtW22@7ulEcra5 zB@mCL!bg*8KO_ay<0=;oCVsOY6g+>3)vQMrlt|4W1GRhBOMuW2MEQ$xmQU|nFNLey8k!m79j!EoP8y(qw@-;G?Pr~oGJ>H} z@eH0CFR}Pwd+kn(+u{^%@w3z!M7`-IWukeG)eVq{)^F8%MgxJ^H>SStoqE|2Z}aJh zetFq_7i|S%J_ zs*^l8b#WtJLSEHmAlkI$vh_*GEw%R{D3@?*hm4*ids z4$!(p;tleg}Za2+$1KyUA z3J6fPXACO2^2v!!fpqg+K!(i$CJccn&pdK5GMkgS3qH6R`QyD_5GozJS&z~+Q63>Z zJh{8*MUp+s?_@L>#-kAyHD{Vc7?ho(iW=5GH}AUn<;P5VD#16aI@efUM_jt3>7thYSqdCww4>dQoIFf-|T%|0PeN?m@Pc7TOu1c&lA1>VN ze&Tp<7;l*M_G#uAEyyqBl}3CA>22SmfQ~|^ea-NLeSZP$mgcDiNBT2@lJ>6G*>?3BmcG|+sl{Y)=JW&W^~%efxyas?=5daUNP@M*IKe`T5E@I#$2AZN)C zg;rCrF#sH`_!N&@^~G8Kh`AdjTmyy&8M7M9mu95gCdut?E-wTdJ1G~|`Yt6d$U!li zy;St`xi?^N1^S+mRthKNw3W-}ISPkZoW6AE5mc|)X25|Wju+PnDoTEw)0t2`^m;6Q zbjqz^@~c?9xwhe$2|q6ZyX4O=*2uvuP2SdGal8n%6DpwIz$encC*MB4pM+P|6jDjD zs9SVh&}$es>@B~CGC1{+soP-Z<84s!b+9mFy{Y5PtgZEE3wcDJ@^jp*;d-fsW=Xe3 zhIlM@(Xykv7n(GdkDJn&(HWAeC>~b$j!Vtbs|n+=BzMGg`(yhK{DpfyC`k5nrlbS* z^O?M??XSVahpYXxelEvfJD60e&TK)bS!h*Ljd!w#*ON=o?J&ul<2G1W3+ev;jS_+L zcVIHCnOJV=*OL!jy7-GJB6xNMSN0#n&p#dVSB9&B-`>>+5-i=%=1y`p840M|L&{oy zzSF;P18XJ#vymp);ix<|l$CY9#EQyg3a&om!GY~Ng5VFV@Mw4#hW$cCxDtwSuII>- zAux}wMOq3{%oZFhyM6-(^1lmHf|(qL!SXSSV{^9kNaE~>L#)Srnh^)gt|c0x?7poY z6#0m^>yZa#(i9dJR~piLP$4{u52NIn0B>OeoXlHAF;3LqBs2Yv3WioZXqT`0oBO&J zcR)cYazJfSvtS^npF}U_y$uA6Bjfm!6&qGR1--Qd8)FglawpWV`wUEZ@Z6*5qs0lo3)^w{A9QNz1CbrK)k1~whgXlisuce6{n0~VI?Yl``N2i)H{qUYKvw}A~7 zrz@9AEi|E>BtHsmuEHsOs$%a=;emp#XkrJw2CS=UjDnvJGb87r_P3NS#kKsX_cO+A z9DkzKvtopT`i+ftcc?JDkZ7Mc=`~>qNbpYSH5}rKQM#S16+X!t_u1R$c*=>5_pL^` zhv(L#w3iKW>ckWcy_64`?%s5d)#%8N#miQ6WQ31za^(f^2(6WE@U1S#1H4`Q zKr+#S?GPgHAvjwiTZK|rf@RBFLxW%&8Z+9CPeHWpEWAPOIkW9^2KMG z7&Q?NwwIwu)$T!+ju#HDh2tC)M6q>mlu`(UgL9uCNNtG-bot3L{iSpt*(LP!4J$;? zeHT$R9k9c}hO5A+S6Pj=wzr5`06juSMr zRca9{sknA{AXK+o(9!ji4LTIH=neFnEUEOo5UWabA!E0RN|O!$fIk%mt?OPo!gUYP zD2PE09PV&Y=vg2-c2A~8Xox#iGT%axhdA-#-+{a~6?^tcU#ru(>%0l5x68;14gH2! zPin#plLvQ}wf$aQwH)Hqb$=q(RL|v39DyKOr|Y<-EJ&b;^a}TY{y`2zFKG$n6z12u zd8nlZL5P~$c?86|OzW8l6BSa1X|>QRAdX0gPwM+toYu_5WD4}frq&K>@L`HBz8?rr zzn%Tqk96VRW@L953O3^Q)UNB7`rtG0RIP1*3inMN&km39RwbnjeGrO|P)CfXa4v5= z&;P;eRF*Bmn-?^$34k@3=@bon5c`sIWSSD#+OFC<>CLdwKwnbJ$4`X=FG<>g7cAH? zwdgZ*Je=71<%^!x1Cm5nS|! zD?50wccVPzvqwKhk|il4{(uT*&%U8MtGlhDJY3S}+s>q;$N5qCx_sGTkFxoC2fPHR zo~CA{UoJ|iGTvrfz1(u5BfH(P3UhY%db_8o@75z*rETki+xq3Z*=RCU^r;+rq)>j8 z;Xp^yFinHUI~2;ZJHhHDKz52+J&QJW^xa=g$2os{bCc=e?$6TM4FZ=S;JRVuhSpPg z5bpy?$=-5yBH^kfH_zY&>t z^17zxCY>#DR>Z!jQ~gB?g^t3<4&!JM+MPyTVX7--xA2#U6lG@8i_swc^P1Narb_!a zBD!ZEUFJMBElmQ%%+vbF=6hWRT{%>Gg6AxgO6Ue@!}@ut_RfAHvt{rlD%Y5t`D?`= zysvDrnrky7`HlRj_6Ns3r2SRB zG#`bIWbfU^wCNS?d&~=Db5F9fRCO}U?7e1{(Kjs|!ADEmQ*nB?iosRMl=v@s|EvWF z68ucr$&k&~C=jGxa;*M}>-vr+xl=ZfPDZL?)Ers8=o*6S%>hq`YA-v5D=bHNL)Ier zwe@Z!jaob_8I}xL&zLS8)RQUJ=mPi1UxP2 zAWMq9ubecnLLdyOC$-Y&04-6GAM+bwR6Fn2SF_wsKe|lP1m{+fjh5M9@od;Ax#Ll2 zw34UD@(67MlDFcsTdjV+an3gI#}QqWtxR&bdOxbg=_Qy&eutmwe+(5^gzUeQgy+Zo z`&e!d!&#;jQUthtFSWwV6urEjI4560U(Q>*pp&Po@;jIoZT*`C9v&wMhAX=nr4hQd zEs)Lx;$R*z@P<@?0jUS!i1zFr&kyci-L2b;=@}7zM6+YsmY%hvWpZA zC0Uo1EZ)GXHa7k^NxZya%1WxK(WpNuu!U4aR3GW$T;`F6z5X{t{P!6m4U6`eOr7|r zDmjK7Xx{uCJ2W__a!FK49CD>F1S=SPq=0$ByQpth%Xv`RBBxOW3(087JAW?>oNRnu z^|Pt#ee|8YkLHwjf7EuK!>#!HHbVbS)6Fd^$uHjg6AuVIwt?^_eSmDf4fpUS>@6;xCxg5%BD5)B`+R$5nf{SQY0RvWl zfNA*71ZBN`LiB}Pz*|#i9BR1XD2s;K(bqZoQbxNDA{u-3WEW@U zoY041bAh6{EsC5K#Xbsz1gqTF^{`_%W=t&IefXhpcuL48^2)Iv4>w|V(uR4OPdK}z z?+jInJ(Qjl=-HwZjKwF&oy443P};!iva`#)dPMAzc2CaJHnbH^g}&v7aAx`$1GD7cs1cn@^xHO5@)UeI#BD~$CGd7u(0W6e8y9<{1cs7S%+XxQ5!`2F6y*%K>I3- zUXHPXyvPK4`DVP}7~Hc+W^e+_M`6CO7EvayTPnc+z?iIc!)~d-QOYBVST3V{)qsn) z8S_g76*!`>>ns_-16wd9%f>NuOIDP1!VT0_q|M(FIgde zNWJj9uyj#Pwz6;Ks1DC);l4Qgng1*DuzO1!6|hGzA+%mf1fRRNWcsIHob!Vv^UO{_ zHmUR%=X|AX{$B$fLk@aS(JC2djaz`mXBLvl7H|it#ERSs1&p?uQNk%=KJ^dq2J|Pq zu~BdvVRp`WEl=q}rWFe|qcJg0g!U@HW!AZ)6>P%4?A$pB4*76wM>nI6M0p`Mkw0)* zyPp62EAiw{IP~MUwYz+oa@#)PDOV1lTwRnVtn;O;<+CR7 z^B9%0bHb}-ixXu1IG?^mmN;3unZWnMBbZclp*s6dnc46i#hX+@%UqPLdCpWzjEm#`aLN_#+4KUpxGt3ckmh0VyYK8b3O#UAU5YYwsJ-PCRW#O z3Djx`R%BVoarD6UsfsL*gtRKX%Q67LB{1eYBtd_ z)eG?&QH@<%`IN_zivm8GA8lCRcAMG*t4_G;6qPEy>tyMzn4LxsP!n=3>=3U3O8^BX zCLr|YKVYSASV$#qg4$l8hDt?Rz1`3i)~c51rbiJzftNUt|Io(&=@x)bhI1w z(xsW6?ZuiUlZ?U`SkO*>pr`R3=7CVl_Kx_0H>;|pnqkE2>PfEepN027_Gagu+-XHy z2^Fcky@`&IE(A}GVnTcdOh?+&luXsw5Ju*p$c!~Qy*aQ-Dk;tET~BMA%*~SVvsX+k zT{wk=(nHnWW1&PH?*y9K%nuJtq!W*l1vIh&XKEC&AERTGl1KM|3i3i3^@WpJs*w=p z?Aa_Qa;-RZ%P@|Rr%UY&=hQ&Gk6|p_#Ec&oo>VAWI%*3B_RQHV)idHJ#)Ux+St_HT zNRpxYs!~N!!1AjIaEd7>o|!!vtnNck>T(YxH>nV}#zp;i#`23<3j-rm_eItjc0EkO zl`D|l&p*G~H3=gTeT}JUcXuW-q;&H&RCj30C^iE)rTFNFzSsZ@W^h!qe?}dY+_QK7c&dCK{3;yQ`M?EzdP8OVT_xfjlVgvG+VM zDdy(J+@Y*mjB^PgreOVz;v+KiID(HVKTosxe6YNU>e5o(<_euyPAJ6pinGFD!zNx> zA<~B{_4TSl$VtM@S)8I+=juT;J9i7|`C0?$WN+y)*4{TVb!4i5z0u|Qnejkh+Ue=b z4d7Mp`^M?5WBw{z)dbPfB> z8oYDm5`Q%u*NK6Xr@3Pb!zy$Se#bnz8%cl~FUGqDeC?k!lhVphgWB7E?F`~2llhCp z?LY1Qp-2=p2DAK9e<+=y{FS=7H2%1i*WIH*U-Ni{dA)I*=k*%q0zYA5y2F^P^^vOC z4B@+!Oo{Rs;YVc3j*tR#DBmCXNy$Bp)cfNeBJtpNgO8b_TV5vfhlW~_zZ1KC{CaIhY=AQEir80se2ev$s9wp{7rk6D&*Y`O}xgZO*fKd zE6*$`rfvF^mK4n~E)pK>j}0Kmoxiqp2=+!Mu2oZhfpSeke z5k7q**|9-&;~=EJSaq0Kt?laKDzu5`#kC7WJ4mzOXM<3fi9}+GiM)co)(ln!$Qb1x zr1zn_*#S7OwTmu$U}q5^$?&8@#?t9DaP~XoosA!;e460oKCK-E#?^`5yZeaqX|yY! z841?Y*j+X9{L&7i@>_z4Y2T&5dF$nOK)=BS+To$-m!Erg?tCyHH!M+ySKtUHuZB|U zyKQ;2TaJ-$wU$uJDAx79;z`yZ*AE z-nLa4cP55UP15rxPEkZJShW@UhZde|Y1x)%LQ|_#+05R%Mt$VXvYcKr!+RrLJtHP+ z%^OutCs1mz{sbZlR>)qc-bt%^d+WF7@%yopf1!0nf9AY4pC0#9fwEs)ADv!6lBbNH zkcN}RzAbIvIR05r5Z-U`fCwYz>s+MtZek=ZWVZz|2WgV7`sLLpOb7Vya|9Yo#}=HE zM{mG87nLKS_5H@m?ra+T{fWJ`tNL7mDbNoz)iDqR$#D(F>KT59E-Xs(r|tCi16bMp z^v?~nZg)F+ymc}Nir@X=J9(^naj&0pi(`7jWZzhZBD%NG8)9i+b6HX|zmZheYmUD` zbxn*UQvq+kzp-8z^#~32#6-Uep;(%F4UR3hf9UrhrN|WKMk(tybs5}0h#DlrWAU}Z zN>X;D$lT5|IRcvwkbWl*AEl(*wg_~RtibeHhdH|s<5AvY16!kRdI1%fkxhIoA@%bJ ze;N~JZV_67!>}mw2_35AntBl_ii4JOXAu7G@%!b*`_T=?j?WmRW(~)lTVTmneu%-# z;Z;a<(^(uw8xM!>I)Kj(8HCECTTyF&dooXIaY=T-_HDH(*f} zauc*GXoZr&yLE}kZsTE9LUA!SkIfml|Na&n>NTIuLm>#7=qP?8TS825r*{LzwtK># z>gdU=kmq&>z$MyovwrPm(2ayIoFMXEr5jbPG8`T%9+Orcfb@*#8CbPpB|VJhv3(l{ zr@t+fH0~wD+Ek=D$p!d*=`Y~#4SCd30aQn0ODuHSN4+l7dU8>Z{FrYf{%F1SQ>Tez zRoae%Nnr3QDJ^OO#qj2v7xcVZWzA?;n=9R%d3HDY6_=BMvQcFJEwKytOOyRLcqixO z`S2TYI^b^SRJfB!0+SvN-!Q)k?qpo?y5BFjHtO!Vm|TC(HNaZY8FjXovEGG(eB_d! z*kwpvle5yGB{V0#?OD~2B5X?A-$FQFwLYK32Mw9M=)3RG^)(`RPf}p!0b^xyaaXuf zFXk3{RQN{XT3nPI>ibpPgg=kCqB8Qs-gR+-E{b~ap|YzzC17G|Db?y1Ty zABvyHBYbySJmm}Jq>J5dyyhStDrGp*gLiHXPF#pE7jk06yh(8$KbwlqT%<=Q+PCp1 zXF!42ZuAq+??MSeV1{-l2 zpv_S$40-UgCRIWIWr&7kFra~HTLR*J}J1^;=*xw>$Q_PPLD9sr5o< zp*a9<>_rgI=~9x^YjT8Yychm>vkS+{LzKLRR7`qmP^e*4>Z#R<)VoHyB1Y@mnO#5Z zqSNesbOC@?u`1!hk-S(I1^8WoHi?@HduVcYVYAG*ToHu`x96Q#?iysLIBR~iSq3my z@=Bb2j@zKNC>e7Qx9(f4h|l)1lVR;YO4r|+$Vqz@Ch($>!1!3>Z_guV+uh|U;?yfV za7$D|0eVjnE89ZhVB@`VXsE)gz#@E>2#Hn;0Y6n4P)-9h`of`qyyR~7>%#f3Wfb9a zUC~;HI^mxkeKVDB`NSc{g#Ci!hvf6C>QZs0OcR8cnRyfn99iW#;L7s6DQ$*1+d^^Q zF+2?(t(suM?qIoGK^IS2@-K~l}|I`MgWcUu3wUA zxpZawTGm9PvLwzqk@--sae-f><2a(%Y#xJ>TO_hYEjiQ z=1ubcwC5F!>3u6)>>=2L#P zFHu>)gLpSgt3lP2$FXbS?oBtOd|q)eq|B)8HvIBPd)JlJGBEMkkX=p|q~<`X`_kdG zM7`!>*Q`ryZQx-;Pgj1O-p<-b0wxS|w`50S+{Nc%f0jefF?IQm_0a3C9<%>i{=DWs zGdv#8EZqjH<;AY96IRNg)MMDAsUl0!-Xo6!Nn?sEq-7QjDIR=G?JK_DCSqYTMV(4RK;w{Z^x|P zQ~AnK?I+>UJ)baVN@M*iO7aiq*@VeM=RcfUil)70|FZTmx|0#H$~L%S%9SVh>tAFW zI)EPLpUgZMEsvdt2PN|Shg}+myAN-`9Ft>$$AexWZPZ{f*4}Z2;*m~1jQtn!ckZ@l z7@H-^UrMM30X3h zzgw@6pZ95KTn>D8( z`SDCN=+Erc6@uriN61s(J|N|iO>JG}E^Bqom3~m#2>QY*Vd+iv&S%<1oeM70_!f`HT6}^cjRX2&cx4(o zR`~cSvX$rXy3479&|!k?J~exYm6`s*lpM)8oCX28BD|_?LZtShQ$Y%^hQpEyKPEhu zh?vcLG!Dw7SZEl|mHjT!G`ZU+-g!A4N@1zGk)57wgY}(!`?e8bk zgQWMvZVOx4JRVG8tcb7lz!nPv8t_gAZ8hR~7DC}e8~bN78uA0Q4>2ZTJt%%^V;|iB ztn7H%wI+7Y2@O+#D<9YAjI5y;&M{v47mDlFuJmrQ&yh5aWsUcb(dOCRt_Mw4=={ro zReYCtYv=OQGKTO@=$KeZWwq|r_>8S{?<^FF<4oY&Y^i>az3KVD?@Y|v6YHYgSy}QQ zf~n@2^|g}Av|HPYY&Ew(k+l~4?uZ)$X76@tddVs%s_hE)8ecM&+o20K#%QQ_MJ7oZ z>#8pya51YY0q+YIRxyYflV_K4h`eGrtylBr0WXC@?|Z5Ft)*`?M`%pj*QoiCf2&RC zAShW^tZCj@xmKQ$DMaV}W(}E{*ran=9mXamNO4$ucPpc6KY5amJoq6`Fy2_y2wtE& zPxV73@~|Ak{KX!drVbIc4vt+{Pj`)y$LxxMqwB_opq1~MS-{U@4;{r+8LC&d&vI zOS1C(U)HbJ?okA0>_sOH^^p!|w2ahG`WOp9YqV&G`S#_T*K6E# z@(yu#(5+tc>j1E!RHTbLhQv28VT?tN=|t@n=}G(E5nbj#$QEvYJd`RS?q_z8Ev=uQ zck0{D703iLj`X9bi1)IHsfoxBjA+XZZmb#4K!Kg4Pvu=N$@> zyroa9yZ|1Md$;)`nPKHT81f`Iz?|)W$&3k3${!^HCJM!9xSmS^8+K7Dy< z&+5KNQ;6j#fR2QonhR0w+>WkQ)Et${yLsmbcsHZzG3RmSJ(4$KG?|_Q(vh-}Pt@y4 zPBZ4m5wnw<7K`rocOM6yo_>d?&U1(^qZ7~{2VcBvyE`A);K!9ka zG>s{EC7xe5cv1645}pHsE7E=JGpFq|7#iKZhRNW#P)~@`kT+cOclY@h34(x0hJvQe z%Uj;!eB@MBjE#nYCxUWgZ~7iFRMaS+M8BfnBqt-4HVdCK8B>NhXvxF|Z#c{D{qUD1 z*$~rHr-k6zEuYr267Hlz0_3-xC_Z7X#`a*RRVJ?HBfGnLUt7E-g|ZO{O4VwUybMM2 zpu2hlMxHSb$1KufMsAc@CdW*)AWhuB%dSEVWoB7hjF#!1AEcYABwB^>T2xgf#9UgV z=C&3RA8NoeMO<9BY&b~CDR)lX$n)uL#|AtehqS@S(^cIZ7`7_OQP7hk%S*akBlWO> z%9Sv79$=BuX2$P5Z~JH+t52uaZuWTEnm~i$%_1AaJP6sw_S<%+8Vqq4{R$l(uC~&&X^oqMT z)UkA0phTv%+(KjbyZT0B5limejthl(yx~p^{F`)MUlCtT3JB0^M-mkIIr`SeR|yR! zZyIdBaNyM(iu)=Ti4Ghb8Cdq4%en9_4e;c6PJt-de+Go2aAG?$3;`)$@)`ULAQhcE zOp;wOXsN>X4OQ~%Zo20r`D0{y52yL%%qs`iKX1BChgSGIr<$V5HR2mK+xHt)_&|my z=KjKKqJrkGD3}l)wYyOD`^nC4Vr5&V~GXt z8umiB&4rZ=W{7rhgZ08l8@JqJ4e>o3W}~8>o8jka?}tzpW9}R7zfo2Hc^@5yRED?< z%!Tb2zn-5Rc4VZA?(YYWSYIYT@UEKNwzZl6M3er$=>dkYxKjQ}gWRt}{!u&JwIHbV zze9A_&E<8&$FGC|vSj^#Cy4$*xcC2upzgn#jra%R>OUK&`0tneaZdZcFXi90jQ-OM zw0|j&>|dMm`S08E|G;gD+1G>F&6JC&+}|51^`O44Wr5cv5%-4o(sececj@`hskHyT zU;hu>uYWKt`2WszSsED0S7i=HpC9(u`O@Gf6Ayc4?_gbrL^6Em7~V0oI{^^>YZaCz z8}sXXpOdmUE2ZE@c|DgAv>Qxc_u4_#RByL)Xq={g!eQUM)9N6~%B6EK6z=NSDViRe zOG>++HmACGzTwxh>S-wmPT|OIC!62m(5p)E#zdZ)O)gskx1IS9MRx&PdadOM%r;-A zh9Pi`&DcopN|Ms}z059o1W*mx?i0+XmN3rtXa!*T`{>!Cmip6sxv$~JM_WnQy&}Gb z;|IBnuJ3DUuP?~+Zw{ELQ3pcZy$tgc>N?%R2bdIe<@<`(+7@ZRn&Nte_GLJe@?cz2 z0gg7rP{Gx_d+1Qp%xO$*mY!1JljmBXMniVv92P@&tr_FyW;kkA)6N^ z%T95&vj*$3Kcpq)^&FICEF{$>bIdHGql7Jw)lpyFPU@2gZ6Q^N$4lXUa88IwBV3@! zbbh7RbkT{YY;gzyJitueG#wbZ@V_3!@`PDXlE&I)d<5X)hjLh5VjTwTi9rpAVb9$3;cnJ$wu0My2-Ml{E}9W>1% z2X^uhc@Zlg<37uIHI>p8Ro4Fe@)9_&p-I~HtVeMhb}$4x3z%Z#MoJ#3V?u~$M#6Nh zEgVf1%@50wS?mFW2Mwb|4J(ge$9ziK0W~mD&d!R1dxyLLNPAqdH1ZVgOu&}rXf&Go)Y2Gn*!c$YJW2qXJ zQqw=Ziv$ss?uSDMK4`F4xyDfav08MTi~MR@OFgP~Z1hZ~cNw7PH)bN@xtUZnNymi^XhIk*Q2R-sGJGg)FUa^2JP9*Z!+>pNvZ-RhkLb{ z*$>Nw0NfYaQ@TS;3KX+|%&^gbvs;Hz6fBlg?Z;vjUk399$$1QKdCW4;ZHU=rd;$#V zYEDMh%}PW5$^p!wix0aRf;<6jw9l^V z$NloKENYES5{3FAxi~%@orL5OuzeiGE*9AztrVG33kpZv zQRD@r`FJ{;%&!y$HT8UW<)WzQYUX$paQfT@nfa*}Am~?s8IxyWdP3RH*gJiJh|Vu# zxQ<57cnaSxs^siZNEh;KEB@@Y`S`UBysiMiE)E~RFbPRH$9s%Kk8u8Qf2!kPO1)2D z|7z}761U1km#bu~M?o>Y?sFK+oTJ^e$N~-WatRYbTu#X%i4D=OtTODOSSBt&AT$fL zByM0e3pkwk7M#7^yuhvKTnUS4O84&2!91}BUx&NV@L}riKb=qi7b^}C7eSgplPBg| zcw=u)<%KO{yJY3K^QU0o|KVa4*wJ`YWb1vl9Dm)hBN8Jmrp0EVAuBwEq=Kl@#_ubq+JE>SOvV0 yXyZw~hPQKz` + +### Alias Patterns +- `/secrets//` + + diff --git a/docsource/k8sjks.md b/docsource/k8sjks.md new file mode 100644 index 0000000..ae678ad --- /dev/null +++ b/docsource/k8sjks.md @@ -0,0 +1,33 @@ +## Overview + +The `K8SJKS` store type is used to manage Kubernetes secrets of type `Opaque`. These secrets +must have a field that ends in `.jks`. The orchestrator will inventory and manage using a *custom alias* of the following +pattern: `/`. For example, if the secret has a field named `mykeystore.jks` and +the keystore contains a certificate with an alias of `mycert`, the orchestrator will manage the certificate using the +alias `mykeystore.jks/mycert`. *NOTE* *This store type cannot be managed at the `cluster` or `namespace` level as they +should all require unique credentials.* + +## Discovery Job Configuration + +For discovery of `K8SJKS` stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all +namespaces. *This cannot be left blank.* +- `File name patterns to match` - comma separated list of K8S secret keys to search for PKCS12 or JKS data. Will use +the following keys by default: `tls.pfx`,`tls.pkcs12`,`pfx`,`pkcs12`,`tls.jks`,`jks`. + +## Certificate Store Configuration + +In order for certificates of type `Opaque` to be inventoried as `K8SJKS` store types, they must have specific keys in +the Kubernetes secret. +- Valid Keys: `*.jks` + +### Storepath Patterns +- `/` +- `/secrets/` +- `//secrets/` + +### Alias Patterns +- `/` + +Example: `test.jks/load_balancer` where `test.jks` is the field name on the `Opaque` secret and `load_balancer` is +the certificate alias in the `jks` data store. diff --git a/docsource/k8sns.md b/docsource/k8sns.md new file mode 100644 index 0000000..5121b1a --- /dev/null +++ b/docsource/k8sns.md @@ -0,0 +1,26 @@ +## Overview + +The `K8SNS` store type is used to manage Kubernetes secrets of type `kubernetes.io/tls` and/or type `Opaque` in a single +Keyfactor Command certificate store using an alias pattern of + +## Discovery Job Configuration + +For discovery of K8SNS stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all +namespaces. *This cannot be left blank.* + +## Certificate Store Configuration + +In order for certificates of type `Opaque` and/or `kubernetes.io/tls` to be inventoried in `K8SNS` store types, they must +have specific keys in the Kubernetes secret. +- Required keys: `tls.crt` or `ca.crt` +- Additional keys: `tls.key` + +### Storepath Patterns +- `` +- `/` + +### Alias Patterns +- `secrets//` + + diff --git a/docsource/k8spkcs12.md b/docsource/k8spkcs12.md new file mode 100644 index 0000000..080eb49 --- /dev/null +++ b/docsource/k8spkcs12.md @@ -0,0 +1,34 @@ +## Overview + +The `K8SPKCS12` store type is used to manage Kubernetes secrets of type `Opaque`. These secrets +must have a field that ends in `.pkcs12`. The orchestrator will inventory and manage using a *custom alias* of the following +pattern: `/`. For example, if the secret has a field named `mykeystore.pkcs12` and +the keystore contains a certificate with an alias of `mycert`, the orchestrator will manage the certificate using the +alias `mykeystore.pkcs12/mycert`. *NOTE* *This store type cannot be managed at the `cluster` or `namespace` level as they +should all require unique credentials.* + +## Discovery Job Configuration + +For discovery of `K8SPKCS12` stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all + namespaces. *This cannot be left blank.* +- `File name patterns to match` - comma separated list of K8S secret keys to search for PKCS12 or PKCS12 data. Will use + the following keys by default: `tls.pfx`,`tls.pkcs12`,`pfx`,`pkcs12`,`tls.pkcs12`,`pkcs12`. + +## Certificate Store Configuration + +In order for certificates of type `Opaque` to be inventoried as `K8SPKCS12` store types, they must have specific keys in +the Kubernetes secret. +- Valid Keys: `*.pfx`, `*.pkcs12`, `*.p12` + +### Storepath Patterns +- `/` +- `/secrets/` +- `//secrets/` + +### Alias Patterns +- `/` + +Example: `test.pkcs12/load_balancer` where `test.pkcs12` is the field name on the `Opaque` secret and `load_balancer` is +the certificate alias in the `pkcs12` data store. + diff --git a/docsource/k8ssecret.md b/docsource/k8ssecret.md new file mode 100644 index 0000000..6bb91ee --- /dev/null +++ b/docsource/k8ssecret.md @@ -0,0 +1,18 @@ +## Overview + +The `K8SSecret` store type is used to manage Kubernetes secrets of type `Opaque`. + +## Discovery Job Configuration + +For discovery of K8SNS stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all + namespaces. *This cannot be left blank.* + +## Certificate Store Configuration + +In order for certificates of type `Opaque` to be inventoried as `K8SSecret` store types, they must have specific keys in +the Kubernetes secret. +- Required keys: `tls.crt` or `ca.crt` +- Additional keys: `tls.key` + + diff --git a/docsource/k8stlssecr.md b/docsource/k8stlssecr.md new file mode 100644 index 0000000..2791731 --- /dev/null +++ b/docsource/k8stlssecr.md @@ -0,0 +1,17 @@ +## Overview + +The `K8STLSSecret` store type is used to manage Kubernetes secrets of type `kubernetes.io/tls` + +## Discovery Job Configuration + +For discovery of K8SNS stores toy can use the following params to filter the certificates that will be discovered: +- `Directories to search` - comma separated list of namespaces to search for certificates OR `all` to search all + namespaces. *This cannot be left blank.* + +## Certificate Store Configuration + +In order for certificates of type `kubernetes.io/tls` to be inventoried, they must have specific keys in +the Kubernetes secret. +- Required keys: `tls.crt` and `tls.key` +- Optional keys: `ca.crt` + diff --git a/integration-manifest.json b/integration-manifest.json index 0b75735..fe94f21 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -19,12 +19,13 @@ "keyfactor-universal-orchestrator" ], "update_catalog": true, - "support_level": "kf-supported", + "support_level": "community", "release_dir": "kubernetes-orchestrator-extension\\bin\\Release", + "release_project": "kubernetes-orchestrator-extension\\Keyfactor.Orchestrators.K8S.csproj", "about": { "orchestrator": { - "keyfactor_platform_version": "10.x", - "UOFramework": "10.x", + "keyfactor_platform_version": "24.4", + "UOFramework": "12.4", "pam_support": true, "win": { "supportsCreateStore": true, @@ -58,9 +59,28 @@ "Remove": false }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, { "Name": "KubeNamespace", "DisplayName": "KubeNamespace", + "Description": "The K8S namespace to use to manage the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": "default", @@ -69,21 +89,23 @@ { "Name": "KubeSecretName", "DisplayName": "KubeSecretName", + "Description": "The name of the K8S secret object.", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { "Name": "KubeSecretType", "DisplayName": "KubeSecretType", + "Description": "This defaults to and must be `csr`", "Type": "String", "DependsOn": "", "DefaultValue": "cert", "Required": true } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -111,9 +133,28 @@ "Remove": true }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, { "Name": "SeparateChain", "DisplayName": "Separate Certificate Chain", + "Description": "Whether to store the certificate chain separately from the certificate.", "Type": "Bool", "DefaultValue": "false", "Required": false @@ -121,12 +162,13 @@ { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Whether to include the certificate chain in the certificate.", "Type": "Bool", "DefaultValue": "true", "Required": false } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -154,9 +196,28 @@ "Remove": true }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, { "Name": "KubeNamespace", "DisplayName": "KubeNamespace", + "Description": "The K8S namespace to use to manage the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": "default", @@ -165,14 +226,16 @@ { "Name": "KubeSecretName", "DisplayName": "KubeSecretName", + "Description": "The name of the K8S secret object.", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { "Name": "KubeSecretType", "DisplayName": "KubeSecretType", + "Description": "This defaults to and must be `jks`", "Type": "String", "DependsOn": "", "DefaultValue": "jks", @@ -207,14 +270,14 @@ "DisplayName": "StorePasswordPath", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, - "StoreRequired": false, + "StoreRequired": true, "Style": "Default" }, "StorePathType": "", @@ -239,6 +302,24 @@ "Remove": true }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, { "Name": "KubeNamespace", "DisplayName": "Kube Namespace", @@ -250,6 +331,7 @@ { "Name": "SeparateChain", "DisplayName": "Separate Certificate Chain", + "Description": "Whether to store the certificate chain separately from the certificate.", "Type": "Bool", "DefaultValue": "false", "Required": false @@ -257,12 +339,13 @@ { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Whether to include the certificate chain in the certificate.", "Type": "Bool", "DefaultValue": "true", "Required": false } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -290,9 +373,28 @@ "Remove": true }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, { "Name": "KubeSecretType", "DisplayName": "Kube Secret Type", + "Description": "This defaults to and must be `pkcs12`", "Type": "String", "DependsOn": "", "DefaultValue": "pkcs12", @@ -335,7 +437,7 @@ "DisplayName": "Kube Secret Name", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { @@ -343,14 +445,14 @@ "DisplayName": "StorePasswordPath", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, - "StoreRequired": false, + "StoreRequired": true, "Style": "Default" }, "StorePathType": "", @@ -375,25 +477,46 @@ "Remove": true }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, { "Name": "KubeNamespace", "DisplayName": "KubeNamespace", + "Description": "The K8S namespace to use to manage the K8S secret object.", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { "Name": "KubeSecretName", "DisplayName": "KubeSecretName", + "Description": "The name of the K8S secret object.", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { "Name": "KubeSecretType", "DisplayName": "KubeSecretType", + "Description": "This defaults to and must be `secret`", "Type": "String", "DependsOn": "", "DefaultValue": "secret", @@ -402,6 +525,7 @@ { "Name": "SeparateChain", "DisplayName": "Separate Certificate Chain", + "Description": "Whether to store the certificate chain separately from the certificate.", "Type": "Bool", "DefaultValue": "false", "Required": false @@ -409,12 +533,13 @@ { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Whether to include the certificate chain in the certificate.", "Type": "Bool", "DefaultValue": "true", "Required": false } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, @@ -442,25 +567,46 @@ "Remove": true }, "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": true + }, { "Name": "KubeNamespace", "DisplayName": "KubeNamespace", + "Description": "The K8S namespace to use to manage the K8S secret object.", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { "Name": "KubeSecretName", "DisplayName": "KubeSecretName", + "Description": "The name of the K8S secret object.", "Type": "String", "DependsOn": "", - "DefaultValue": null, + "DefaultValue": "", "Required": false }, { "Name": "KubeSecretType", "DisplayName": "KubeSecretType", + "Description": "This defaults to and must be `tls_secret`", "Type": "String", "DependsOn": "", "DefaultValue": "tls_secret", @@ -469,6 +615,7 @@ { "Name": "SeparateChain", "DisplayName": "Separate Certificate Chain", + "Description": "Whether to store the certificate chain separately from the certificate.", "Type": "Bool", "DefaultValue": "false", "Required": false @@ -476,12 +623,13 @@ { "Name": "IncludeCertChain", "DisplayName": "Include Certificate Chain", + "Description": "Whether to include the certificate chain in the certificate.", "Type": "Bool", "DefaultValue": "true", "Required": false } ], - "EntryParameters": null, + "EntryParameters": [], "PasswordOptions": { "EntrySupported": false, "StoreRequired": false, diff --git a/scripts/kubernetes/README.md b/scripts/kubernetes/README.md index b295ba6..ad6675a 100644 --- a/scripts/kubernetes/README.md +++ b/scripts/kubernetes/README.md @@ -1,7 +1,7 @@ # Keyfactor Kubernetes Orchestrator Service Account Definition This document describes the Kubernetes Service Account definition for the Keyfactor Kubernetes Orchestrator Extension to fully function. -Please note that this is only an example and you may need to modify the script and service account definition to suit your environment. +Please note that this is only an example, you may need to modify the script and service account definition to suit your environment. ## Table of Contents - [Keyfactor Kubernetes Orchestrator Service Account Definition](#keyfactor-kubernetes-orchestrator-service-account-definition) diff --git a/store_types.json b/store_types.json index 8d8e595..df66bc4 100644 --- a/store_types.json +++ b/store_types.json @@ -15,6 +15,7 @@ { "Name": "ServerUsername", "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -23,6 +24,7 @@ { "Name": "ServerPassword", "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -31,6 +33,7 @@ { "Name": "ServerUseSsl", "DisplayName": "Use SSL", + "Description": "Use SSL to connect to the K8S cluster API.", "Type": "Bool", "DependsOn": "", "DefaultValue": "true", @@ -68,6 +71,7 @@ { "Name": "KubeNamespace", "DisplayName": "KubeNamespace", + "Description": "The K8S namespace to use to manage the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": "default", @@ -76,6 +80,7 @@ { "Name": "KubeSecretName", "DisplayName": "KubeSecretName", + "Description": "The name of the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": null, @@ -84,6 +89,7 @@ { "Name": "KubeSecretType", "DisplayName": "KubeSecretType", + "Description": "This defaults to and must be `jks`", "Type": "String", "DependsOn": "", "DefaultValue": "jks", @@ -124,6 +130,7 @@ { "Name": "ServerUsername", "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -132,6 +139,7 @@ { "Name": "ServerPassword", "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -140,6 +148,7 @@ { "Name": "ServerUseSsl", "DisplayName": "Use SSL", + "Description": "Use SSL to connect to the K8S cluster API.", "Type": "Bool", "DependsOn": "", "DefaultValue": "true", @@ -177,6 +186,7 @@ { "Name": "KubeNamespace", "DisplayName": "Kube Namespace", + "Description": "The K8S namespace to use to manage the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": "default", @@ -185,6 +195,7 @@ { "Name": "ServerUsername", "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -193,6 +204,7 @@ { "Name": "ServerPassword", "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -201,6 +213,7 @@ { "Name": "ServerUseSsl", "DisplayName": "Use SSL", + "Description": "Use SSL to connect to the K8S cluster API.", "Type": "Bool", "DependsOn": "", "DefaultValue": "true", @@ -238,6 +251,7 @@ { "Name": "KubeSecretKey", "DisplayName": "Kube Secret Key", + "Description": "The field name to use when looking for PFX/PKCS12 data in the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": "pfx", @@ -246,6 +260,7 @@ { "Name": "PasswordFieldName", "DisplayName": "Password Field Name", + "Description": "The field name to use when looking for the password to the PFX/PKCS12 data in the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": "password", @@ -254,6 +269,7 @@ { "Name": "PasswordIsK8SSecret", "DisplayName": "Password Is K8S Secret", + "Description": "Indicates whether the password to the PFX/PKCS12 data is stored in a separate K8S secret object.", "Type": "Bool", "DependsOn": "", "DefaultValue": "false", @@ -262,6 +278,7 @@ { "Name": "KubeNamespace", "DisplayName": "Kube Namespace", + "Description": "The K8S namespace to use to manage the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": "default", @@ -270,6 +287,7 @@ { "Name": "KubeSecretName", "DisplayName": "Kube Secret Name", + "Description": "The name of the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": null, @@ -278,6 +296,7 @@ { "Name": "ServerUsername", "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -286,6 +305,7 @@ { "Name": "ServerPassword", "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -294,6 +314,7 @@ { "Name": "ServerUseSsl", "DisplayName": "Use SSL", + "Description": "Use SSL to connect to the K8S cluster API.", "Type": "Bool", "DependsOn": "", "DefaultValue": "true", @@ -302,6 +323,7 @@ { "Name": "KubeSecretType", "DisplayName": "Kube Secret Type", + "Description": "This defaults to and must be `pkcs12`", "Type": "String", "DependsOn": "", "DefaultValue": "pkcs12", @@ -310,6 +332,7 @@ { "Name": "StorePasswordPath", "DisplayName": "StorePasswordPath", + "Description": "The path to the K8S secret object to use as the password to the PFX/PKCS12 data. Example: `/`", "Type": "String", "DependsOn": "", "DefaultValue": null, @@ -347,6 +370,7 @@ { "Name": "KubeNamespace", "DisplayName": "KubeNamespace", + "Description": "The K8S namespace to use to manage the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": null, @@ -355,6 +379,7 @@ { "Name": "KubeSecretName", "DisplayName": "KubeSecretName", + "Description": "The name of the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": null, @@ -363,6 +388,7 @@ { "Name": "KubeSecretType", "DisplayName": "KubeSecretType", + "Description": "This defaults to and must be `secret`", "Type": "String", "DependsOn": "", "DefaultValue": "secret", @@ -371,6 +397,7 @@ { "Name": "ServerUsername", "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -379,6 +406,7 @@ { "Name": "ServerPassword", "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -387,6 +415,7 @@ { "Name": "ServerUseSsl", "DisplayName": "Use SSL", + "Description": "Use SSL to connect to the K8S cluster API.", "Type": "Bool", "DependsOn": "", "DefaultValue": "true", @@ -424,6 +453,7 @@ { "Name": "KubeNamespace", "DisplayName": "KubeNamespace", + "Description": "The K8S namespace to use to manage the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": null, @@ -432,6 +462,7 @@ { "Name": "KubeSecretName", "DisplayName": "KubeSecretName", + "Description": "The name of the K8S secret object.", "Type": "String", "DependsOn": "", "DefaultValue": null, @@ -440,6 +471,7 @@ { "Name": "KubeSecretType", "DisplayName": "KubeSecretType", + "Description": "This defaults to and must be `tls_secret`", "Type": "String", "DependsOn": "", "DefaultValue": "tls_secret", @@ -448,6 +480,7 @@ { "Name": "ServerUsername", "DisplayName": "Server Username", + "Description": "This should be no value or `kubeconfig`", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -456,6 +489,7 @@ { "Name": "ServerPassword", "DisplayName": "Server Password", + "Description": "The credentials to use to connect to the K8S cluster API. This needs to be in `kubeconfig` format. Example: https://github.com/Keyfactor/k8s-orchestrator/tree/main/scripts/kubernetes#example-service-account-json", "Type": "Secret", "DependsOn": "", "DefaultValue": null, @@ -464,6 +498,7 @@ { "Name": "ServerUseSsl", "DisplayName": "Use SSL", + "Description": "Use SSL to connect to the K8S cluster API.", "Type": "Bool", "DependsOn": "", "DefaultValue": "true", From 06720284ba736ec365ff7ef01a0f5fac4d7b6e75 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:35:46 -0700 Subject: [PATCH 03/11] fix(k8sjks): Bump `BouncyCastle.Cryptography` to `2.6.2` to fix JKS files created with keytool `v20+` `AlgorithmIdentifier` change. --- CHANGELOG.md | 8 + .../Keyfactor.Orchestrators.K8S.csproj | 55 +- .../StoreTypes/K8SJKS/Store.cs | 644 ++++++++++-------- 3 files changed, 387 insertions(+), 320 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8544046..162ce99 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,12 @@ +# 1.2.2 + +## Bug Fixes +- fix(storetypes): `K8SJKS` and `K8SPKCS12` storetypes using a separate `k8s` secret for store password does not crash +on missing or invalid secret field name. + # 1.2.1 + +## Bug Fixes - fix(management): `K8SNS` management jobs handle `storepath` parsed length is less than expected. # 1.2.0 diff --git a/kubernetes-orchestrator-extension/Keyfactor.Orchestrators.K8S.csproj b/kubernetes-orchestrator-extension/Keyfactor.Orchestrators.K8S.csproj index ab2f54c..1442605 100644 --- a/kubernetes-orchestrator-extension/Keyfactor.Orchestrators.K8S.csproj +++ b/kubernetes-orchestrator-extension/Keyfactor.Orchestrators.K8S.csproj @@ -1,30 +1,37 @@  - - false - net6.0 - Keyfactor.Extensions.Orchestrator.K8S - latest - true - true - Keyfactor.Orchestrators.K8S - + + true + net6.0;net8.0 + Keyfactor.Extensions.Orchestrator.K8S + latest + true + true + Keyfactor.Orchestrators.K8S - - - Always - - + true + portable + false + - - - - - - - - - - + + + Always + + + + + + + + + + + + + + + + diff --git a/kubernetes-orchestrator-extension/StoreTypes/K8SJKS/Store.cs b/kubernetes-orchestrator-extension/StoreTypes/K8SJKS/Store.cs index c57fb80..837a176 100644 --- a/kubernetes-orchestrator-extension/StoreTypes/K8SJKS/Store.cs +++ b/kubernetes-orchestrator-extension/StoreTypes/K8SJKS/Store.cs @@ -15,374 +15,426 @@ using Keyfactor.Extensions.Orchestrator.K8S.Models; using Keyfactor.Logging; using Microsoft.Extensions.Logging; -using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Pkcs; using Org.BouncyCastle.Security; using Org.BouncyCastle.X509; -namespace Keyfactor.Extensions.Orchestrator.K8S.StoreTypes.K8SJKS +namespace Keyfactor.Extensions.Orchestrator.K8S.StoreTypes.K8SJKS; + +internal class JksCertificateStoreSerializer : ICertificateStoreSerializer { - class JksCertificateStoreSerializer : ICertificateStoreSerializer + private readonly ILogger _logger; + + public JksCertificateStoreSerializer(string storeProperties) + { + _logger = LogHandler.GetClassLogger(GetType()); + } + + public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword) { - private readonly ILogger _logger; - public JksCertificateStoreSerializer(string storeProperties) + _logger.MethodEntry(); + var storeBuilder = new Pkcs12StoreBuilder(); + var pkcs12Store = storeBuilder.Build(); + var pkcs12StoreNew = storeBuilder.Build(); + + _logger.LogTrace("storePath: {Path}", storePath); + + if (string.IsNullOrEmpty(storePassword)) { - _logger = LogHandler.GetClassLogger(GetType()); + _logger.LogError("JKS store password is null or empty for store at path '{Path}'", storePath); + throw new ArgumentException("JKS store password is null or empty"); } + + // _logger.LogTrace("storePassword: {Pass}", storePassword.Replace("\n","\\n")); //TODO: INSECURE - Remove this line, it is for debugging purposes only + // var hashedStorePassword = GetSha256Hash(storePassword); + // _logger.LogTrace("hashedStorePassword: {Pass}", hashedStorePassword ?? "null"); + + var jksStore = new JksStore(); - public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword) + _logger.LogDebug("Loading JKS store"); + try { - _logger.LogDebug("Entering DeserializeRemoteCertificateStore"); - var storeBuilder = new Pkcs12StoreBuilder(); - var pkcs12Store = storeBuilder.Build(); - var pkcs12StoreNew = storeBuilder.Build(); - - _logger.LogTrace("storePath: {Path}", storePath); - // _logger.LogTrace("storePassword: {Pass}", storePassword ?? "null"); - var hashedStorePassword = GetSha256Hash(storePassword); - _logger.LogTrace("hashedStorePassword: {Pass}", hashedStorePassword ?? "null"); + // _logger.LogTrace("Attempting to load JKS store w/ password"); + // _logger.LogTrace("Attempting to load JKS store w/ password '{Pass}'", + // storePassword.Replace("\n","\\n")); //TODO: INSECURE - Remove this line, it is for debugging purposes only - var jksStore = new JksStore(); + using (var ms = new MemoryStream(storeContents)) + { + jksStore.Load(ms, string.IsNullOrEmpty(storePassword) ? [] : storePassword.ToCharArray()); + } + + _logger.LogDebug("JKS store loaded"); + } + catch (Exception ex) + { + _logger.LogError("Error loading JKS store: {Ex}", ex.Message); + if (ex.Message.Contains("password incorrect or store tampered with")) + { + _logger.LogError("Unable to load JKS store using password '{Pass}'", + storePassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + throw; + } - _logger.LogDebug("Loading JKS store"); + // Attempt to read JKS store as Pkcs12Store try { - _logger.LogTrace("Attempting to load JKS store w/ password '{Pass}'", hashedStorePassword ?? "null"); + _logger.LogTrace("Attempting to load JKS store as Pkcs12Store w/ password '{Pass}'", + storePassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only using (var ms = new MemoryStream(storeContents)) { - jksStore.Load(ms, string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray()); + pkcs12Store.Load(ms, string.IsNullOrEmpty(storePassword) ? [] : storePassword.ToCharArray()); } - _logger.LogDebug("JKS store loaded"); - } catch (Exception ex) + + _logger.LogDebug("JKS store loaded as Pkcs12Store"); + // return pkcs12Store; + throw new JkSisPkcs12Exception("JKS store is actually a Pkcs12Store"); + } + catch (Exception ex2) { - _logger.LogError("Error loading JKS store: {Ex}", ex.Message); - - // Attempt to read JKS store as Pkcs12Store - try - { - _logger.LogTrace("Attempting to load JKS store as Pkcs12Store w/ password '{Pass}'", hashedStorePassword ?? "null"); - using (var ms = new MemoryStream(storeContents)) - { - pkcs12Store.Load(ms, string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray()); - } - _logger.LogDebug("JKS store loaded as Pkcs12Store"); - // return pkcs12Store; - throw new JkSisPkcs12Exception("JKS store is actually a Pkcs12Store"); - } - catch (Exception ex2) - { - _logger.LogError("Error loading JKS store as Jks or Pkcs12Store: {Ex}", ex2.Message); - throw; - } + _logger.LogError("Error loading JKS store as Jks or Pkcs12Store: {Ex}", ex2.Message); + throw; } - - _logger.LogDebug("Converting JKS store to Pkcs12Store ny iterating over aliases"); - foreach (var alias in jksStore.Aliases) + } + + _logger.LogDebug("Converting JKS store to Pkcs12Store ny iterating over aliases"); + foreach (var alias in jksStore.Aliases) + { + _logger.LogDebug("Processing alias '{Alias}'", alias); + + _logger.LogDebug("Getting key for alias '{Alias}'", alias); + var keyParam = jksStore.GetKey(alias, + string.IsNullOrEmpty(storePassword) ? [] : storePassword.ToCharArray()); + + _logger.LogDebug("Creating AsymmetricKeyEntry for alias '{Alias}'", alias); + var keyEntry = new AsymmetricKeyEntry(keyParam); + + if (jksStore.IsKeyEntry(alias)) { - _logger.LogDebug("Processing alias '{Alias}'", alias); - - _logger.LogDebug("Getting key for alias '{Alias}'", alias); - var keyParam = jksStore.GetKey(alias, string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray()); - - _logger.LogDebug("Creating AsymmetricKeyEntry for alias '{Alias}'", alias); - var keyEntry = new AsymmetricKeyEntry(keyParam); - - if (jksStore.IsKeyEntry(alias)) - { - _logger.LogDebug("Alias '{Alias}' is a key entry", alias); - _logger.LogDebug("Getting certificate chain for alias '{Alias}'", alias); - var certificateChain = jksStore.GetCertificateChain(alias); + _logger.LogDebug("Alias '{Alias}' is a key entry", alias); + _logger.LogDebug("Getting certificate chain for alias '{Alias}'", alias); + var certificateChain = jksStore.GetCertificateChain(alias); - _logger.LogDebug("Adding key entry and certificate chain to Pkcs12Store"); - pkcs12Store.SetKeyEntry(alias, keyEntry, certificateChain.Select(certificate => new X509CertificateEntry(certificate)).ToArray()); - } - else - { - _logger.LogDebug("Alias '{Alias}' is a certificate entry", alias); - _logger.LogDebug("Setting certificate for alias '{Alias}'", alias); - pkcs12Store.SetCertificateEntry(alias, new X509CertificateEntry(jksStore.GetCertificate(alias))); - } + _logger.LogDebug("Adding key entry and certificate chain to Pkcs12Store"); + pkcs12Store.SetKeyEntry(alias, keyEntry, + certificateChain.Select(certificate => new X509CertificateEntry(certificate)).ToArray()); + } + else + { + _logger.LogDebug("Alias '{Alias}' is a certificate entry", alias); + _logger.LogDebug("Setting certificate for alias '{Alias}'", alias); + pkcs12Store.SetCertificateEntry(alias, new X509CertificateEntry(jksStore.GetCertificate(alias))); } + } + + // Second Pkcs12Store necessary because of an obscure BC bug where creating a Pkcs12Store without .Load (code above using "Set" methods only) does not set all + // internal hashtables necessary to avoid an error later when processing store. + var ms2 = new MemoryStream(); + _logger.LogDebug("Saving Pkcs12Store to MemoryStream"); + _logger.LogTrace("Saving Pkcs12Store to MemoryStream w/ password '{Pass}'", + storePassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + pkcs12Store.Save(ms2, string.IsNullOrEmpty(storePassword) ? [] : storePassword.ToCharArray(), + new SecureRandom()); + ms2.Position = 0; + + _logger.LogDebug("Loading Pkcs12Store from MemoryStream"); + // _logger.LogTrace("Loading Pkcs12Store from MemoryStream w/ password '{Pass}'", + // storePassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + pkcs12StoreNew.Load(ms2, string.IsNullOrEmpty(storePassword) ? [] : storePassword.ToCharArray()); + + _logger.LogDebug("Returning Pkcs12Store"); + return pkcs12StoreNew; + } - // Second Pkcs12Store necessary because of an obscure BC bug where creating a Pkcs12Store without .Load (code above using "Set" methods only) does not set all - // internal hashtables necessary to avoid an error later when processing store. - var ms2 = new MemoryStream(); - _logger.LogDebug("Saving Pkcs12Store to MemoryStream"); - pkcs12Store.Save(ms2, string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray(), new SecureRandom()); - ms2.Position = 0; + public List SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, + string storeFileName, string storePassword) + { + _logger.MethodEntry(); - _logger.LogDebug("Loading Pkcs12Store from MemoryStream"); - pkcs12StoreNew.Load(ms2, string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray()); + var jksStore = new JksStore(); - _logger.LogDebug("Returning Pkcs12Store"); - return pkcs12StoreNew; + foreach (var alias in certificateStore.Aliases) + { + var keyEntry = certificateStore.GetKey(alias); + var certificateChain = certificateStore.GetCertificateChain(alias); + var certificates = new List(); + if (certificateStore.IsKeyEntry(alias)) + { + certificates.AddRange(certificateChain.Select(certificateEntry => certificateEntry.Certificate)); + _logger.LogDebug("Alias '{Alias}' is a key entry, setting key entry in JKS store using store password '{Pass}'", + alias, storePassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + jksStore.SetKeyEntry(alias, keyEntry.Key, + string.IsNullOrEmpty(storePassword) ? [] : storePassword.ToCharArray(), certificates.ToArray()); + } + else + { + jksStore.SetCertificateEntry(alias, certificateStore.GetCertificate(alias).Certificate); + } } - // public JksStore ConvertPkcs12toJks(byte[] jksBytes, string jksPassword, byte[] pkcs12Bytes, string pkcs12Password) - // { - // // Attempt to load JKS store as JksStore - // var jksStore = new JksStore(); - // try - // { - // _logger.LogTrace("Attempting to load JKS store w/ password '{Pass}'", jksPassword ?? "null"); - // using (var ms = new MemoryStream(jksBytes)) - // { - // jksStore.Load(ms, string.IsNullOrEmpty(jksPassword) ? Array.Empty() : jksPassword.ToCharArray()); - // } - // _logger.LogDebug("JKS store loaded"); - // } - // catch (Exception ex) - // { - // _logger.LogError("Error loading JKS store: {Ex}", ex.Message); - // // Attempt to read JKS store as Pkcs12Store - // try - // { - // _logger.LogTrace("Attempting to load JKS store as Pkcs12Store w/ password '{Pass}'", jksPassword ?? "null"); - // var pkcs12Store = new Pkcs12StoreBuilder().Build(); - // using (var ms = new MemoryStream(jksBytes)) - // { - // pkcs12Store.Load(ms, string.IsNullOrEmpty(jksPassword) ? Array.Empty() : jksPassword.ToCharArray()); - // } - // _logger.LogDebug("JKS store loaded as Pkcs12Store"); - // // return pkcs12Store; - // throw new JkSisPkcs12Exception("JKS store is actually a Pkcs12Store"); - // } - // catch (Exception ex2) - // { - // _logger.LogError("Error loading JKS store as Jks or Pkcs12Store: {Ex}", ex2.Message); - // throw; - // } - // } - // - // } - - public byte[] CreateOrUpdateJks(byte[] newPkcs12Bytes, string newCertPassword, string alias, byte[] existingStore = null, string existingStorePassword = null, - bool remove = false) + using var outStream = new MemoryStream(); + _logger.LogDebug("Saving JKS store to MemoryStream w/ password '{Pass}'", + storePassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + jksStore.Save(outStream, string.IsNullOrEmpty(storePassword) ? [] : storePassword.ToCharArray()); + + var storeInfo = new List + { new() { FilePath = storePath + storeFileName, Contents = outStream.ToArray() } }; + + _logger.MethodExit(); + return storeInfo; + } + + public string GetPrivateKeyPath() + { + return null; + } + + // public JksStore ConvertPkcs12toJks(byte[] jksBytes, string jksPassword, byte[] pkcs12Bytes, string pkcs12Password) + // { + // // Attempt to load JKS store as JksStore + // var jksStore = new JksStore(); + // try + // { + // _logger.LogTrace("Attempting to load JKS store w/ password '{Pass}'", jksPassword ?? "null"); + // using (var ms = new MemoryStream(jksBytes)) + // { + // jksStore.Load(ms, string.IsNullOrEmpty(jksPassword) ? Array.Empty() : jksPassword.ToCharArray()); + // } + // _logger.LogDebug("JKS store loaded"); + // } + // catch (Exception ex) + // { + // _logger.LogError("Error loading JKS store: {Ex}", ex.Message); + // // Attempt to read JKS store as Pkcs12Store + // try + // { + // _logger.LogTrace("Attempting to load JKS store as Pkcs12Store w/ password '{Pass}'", jksPassword ?? "null"); + // var pkcs12Store = new Pkcs12StoreBuilder().Build(); + // using (var ms = new MemoryStream(jksBytes)) + // { + // pkcs12Store.Load(ms, string.IsNullOrEmpty(jksPassword) ? Array.Empty() : jksPassword.ToCharArray()); + // } + // _logger.LogDebug("JKS store loaded as Pkcs12Store"); + // // return pkcs12Store; + // throw new JkSisPkcs12Exception("JKS store is actually a Pkcs12Store"); + // } + // catch (Exception ex2) + // { + // _logger.LogError("Error loading JKS store as Jks or Pkcs12Store: {Ex}", ex2.Message); + // throw; + // } + // } + // + // } + + public byte[] CreateOrUpdateJks(byte[] newPkcs12Bytes, string newCertPassword, string alias, + byte[] existingStore = null, string existingStorePassword = null, + bool remove = false) + { + _logger.MethodEntry(); + // If existingStore is null, create a new store + var existingJksStore = new JksStore(); + var newJksStore = new JksStore(); + var createdNewStore = false; + + var hashedNewCertPassword = GetSha256Hash(newCertPassword); + var hashedExistingStorePassword = GetSha256Hash(existingStorePassword); + + _logger.LogTrace("alias: {Alias}", alias); + _logger.LogTrace("newCertPassword: {Pass}", + newCertPassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + _logger.LogTrace("existingStorePassword: {Pass}", existingStorePassword ?? "null"); + + // If existingStore is not null, load it into jksStore + if (existingStore != null) { - _logger.LogDebug("Entering CreateOrUpdateJks"); - // If existingStore is null, create a new store - var existingJksStore = new JksStore(); - var newJksStore = new JksStore(); - var createdNewStore = false; - - var hashedNewCertPassword = GetSha256Hash(newCertPassword); - var hashedExistingStorePassword = GetSha256Hash(existingStorePassword); - - _logger.LogTrace("newCertPassword: {Pass}", hashedNewCertPassword ?? "null"); - _logger.LogTrace("alias: {Alias}", alias); - _logger.LogTrace("existingStorePassword: {Pass}", hashedExistingStorePassword ?? "null"); + _logger.LogDebug("Loading existing JKS store"); + using var ms = new MemoryStream(existingStore); - // If existingStore is not null, load it into jksStore - if (existingStore != null) + try { - _logger.LogDebug("Loading existing JKS store"); - using var ms = new MemoryStream(existingStore); + existingJksStore.Load(ms, + string.IsNullOrEmpty(existingStorePassword) ? [] : existingStorePassword.ToCharArray()); + } + catch (Exception ex) + { + _logger.LogError("Error loading existing JKS store: {Ex}", ex.Message); - try + if (ex.Message.Contains("password incorrect or store tampered with")) { - existingJksStore.Load(ms, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray()); - } catch (Exception ex) + _logger.LogError("Unable to load existing JKS store using password '{Pass}'", + existingStorePassword ?? + "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + throw; + } + + try { - _logger.LogError("Error loading existing JKS store: {Ex}", ex.Message); - // Check if existingStore is actually a Pkcs12Store - try - { - _logger.LogDebug("Attempting to load existing JKS store as Pkcs12Store"); - var pkcs12Store = new Pkcs12StoreBuilder().Build(); - using (var ms2 = new MemoryStream(existingStore)) - { - pkcs12Store.Load(ms2, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray()); - } - _logger.LogDebug("Existing JKS store loaded as Pkcs12Store"); - // return pkcs12Store; - throw new JkSisPkcs12Exception("Existing JKS store is actually a Pkcs12Store"); - } - catch (Exception ex2) + _logger.LogDebug("Attempting to load existing JKS store as Pkcs12Store"); + var pkcs12Store = new Pkcs12StoreBuilder().Build(); + using (var ms2 = new MemoryStream(existingStore)) { - _logger.LogError("Error loading existing JKS store as Jks or Pkcs12Store: {Ex}", ex2.Message); - throw; + pkcs12Store.Load(ms2, + string.IsNullOrEmpty(existingStorePassword) ? [] : existingStorePassword.ToCharArray()); } + + _logger.LogDebug("Existing JKS store loaded as Pkcs12Store"); + // return pkcs12Store; + throw new JkSisPkcs12Exception("Existing JKS store is actually a Pkcs12Store"); } - - if (existingJksStore.ContainsAlias(alias)) + catch (Exception ex2) { - // If alias exists, delete it from existingJksStore - _logger.LogDebug("Alias '{Alias}' exists in existing JKS store, deleting it", alias); - existingJksStore.DeleteEntry(alias); - if (remove) - { - // If remove is true, save existingJksStore and return - _logger.LogDebug("This is a removal operation, saving existing JKS store"); - using var mms = new MemoryStream(); - existingJksStore.Save(mms, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray()); - _logger.LogDebug("Returning existing JKS store"); - return mms.ToArray(); - } + _logger.LogError("Error loading existing JKS store as Jks or Pkcs12Store: {Ex}", ex2.Message); + throw; } - else if (remove) + } + + if (existingJksStore.ContainsAlias(alias)) + { + // If alias exists, delete it from existingJksStore + _logger.LogDebug("Alias '{Alias}' exists in existing JKS store, deleting it", alias); + existingJksStore.DeleteEntry(alias); + if (remove) { - // If alias does not exist and remove is true, return existingStore - _logger.LogDebug("Alias '{Alias}' does not exist in existing JKS store and this is a removal operation, returning existing JKS store as-is", alias); + // If remove is true, save existingJksStore and return + _logger.LogDebug("This is a removal operation, saving existing JKS store"); using var mms = new MemoryStream(); - existingJksStore.Save(mms, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray()); + existingJksStore.Save(mms, + string.IsNullOrEmpty(existingStorePassword) ? [] : existingStorePassword.ToCharArray()); + _logger.LogDebug("Returning existing JKS store"); return mms.ToArray(); } } - else + else if (remove) { - _logger.LogDebug("Existing JKS store is null, creating new JKS store"); - createdNewStore = true; + // If alias does not exist and remove is true, return existingStore + _logger.LogDebug( + "Alias '{Alias}' does not exist in existing JKS store and this is a removal operation, returning existing JKS store as-is", + alias); + using var mms = new MemoryStream(); + existingJksStore.Save(mms, + string.IsNullOrEmpty(existingStorePassword) ? [] : existingStorePassword.ToCharArray()); + return mms.ToArray(); } + } + else + { + _logger.LogDebug("Existing JKS store is null, creating new JKS store"); + createdNewStore = true; + } - // Create new Pkcs12Store from newPkcs12Bytes - var storeBuilder = new Pkcs12StoreBuilder(); - var newCert = storeBuilder.Build(); + // Create new Pkcs12Store from newPkcs12Bytes + var storeBuilder = new Pkcs12StoreBuilder(); + var newCert = storeBuilder.Build(); - try - { - _logger.LogDebug("Loading new Pkcs12Store from newPkcs12Bytes"); - _logger.LogTrace("hashedNewCertPassword: {Pass}", hashedNewCertPassword ?? "null"); - using var pkcs12Ms = new MemoryStream(newPkcs12Bytes); - newCert.Load(pkcs12Ms, string.IsNullOrEmpty(newCertPassword) ? Array.Empty() : newCertPassword.ToCharArray()); - } - catch (Exception) - { - _logger.LogDebug("Loading new Pkcs12Store from newPkcs12Bytes failed, trying to load as X509Certificate"); - var certificateParser = new X509CertificateParser(); - var certificate = certificateParser.ReadCertificate(newPkcs12Bytes); - - _logger.LogDebug("Creating new Pkcs12Store from certificate"); - // create new Pkcs12Store from certificate - storeBuilder = new Pkcs12StoreBuilder(); - newCert = storeBuilder.Build(); - _logger.LogDebug("Setting certificate entry in new Pkcs12Store as alias '{Alias}'", alias); - newCert.SetCertificateEntry(alias, new X509CertificateEntry(certificate)); - } + try + { + _logger.LogDebug("Loading new Pkcs12Store from newPkcs12Bytes"); + _logger.LogTrace("newCertPassword: {Pass}", + newCertPassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + using var pkcs12Ms = new MemoryStream(newPkcs12Bytes); + if (pkcs12Ms.Length != 0) newCert.Load(pkcs12Ms, (newCertPassword ?? string.Empty).ToCharArray()); + } + catch (Exception) + { + _logger.LogDebug("Loading new Pkcs12Store from newPkcs12Bytes failed, trying to load as X509Certificate"); + var certificateParser = new X509CertificateParser(); + var certificate = certificateParser.ReadCertificate(newPkcs12Bytes); + + _logger.LogDebug("Creating new Pkcs12Store from certificate"); + // create new Pkcs12Store from certificate + storeBuilder = new Pkcs12StoreBuilder(); + newCert = storeBuilder.Build(); + _logger.LogDebug("Setting certificate entry in new Pkcs12Store as alias '{Alias}'", alias); + newCert.SetCertificateEntry(alias, new X509CertificateEntry(certificate)); + } - // Iterate through newCert aliases. - _logger.LogDebug("Iterating through new Pkcs12Store aliases"); - foreach (var al in newCert.Aliases) + // Iterate through newCert aliases. + _logger.LogDebug("Iterating through new Pkcs12Store aliases"); + foreach (var al in newCert.Aliases) + { + _logger.LogTrace("Alias: {Alias}", al); + if (newCert.IsKeyEntry(al)) { - _logger.LogTrace("Alias: {Alias}", al); - if (newCert.IsKeyEntry(al)) - { - _logger.LogDebug("Alias '{Alias}' is a key entry, getting key entry and certificate chain", al); - var keyEntry = newCert.GetKey(al); - _logger.LogDebug("Getting certificate chain for alias '{Alias}'", al); - var certificateChain = newCert.GetCertificateChain(al); + _logger.LogDebug("Alias '{Alias}' is a key entry, getting key entry and certificate chain", al); + var keyEntry = newCert.GetKey(al); + _logger.LogDebug("Getting certificate chain for alias '{Alias}'", al); + var certificateChain = newCert.GetCertificateChain(al); - _logger.LogDebug("Creating certificate list from certificate chain"); - var certificates = certificateChain.Select(certificateEntry => certificateEntry.Certificate).ToList(); + _logger.LogDebug("Creating certificate list from certificate chain"); + var certificates = certificateChain.Select(certificateEntry => certificateEntry.Certificate).ToList(); - if (createdNewStore) - { - // If createdNewStore is true, create a new store - _logger.LogDebug("Created new JKS store, setting key entry for alias '{Alias}'", al); - newJksStore.SetKeyEntry(alias, - keyEntry.Key, - string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray(), - certificates.ToArray()); - } - else - { - // If createdNewStore is false, add to existingJksStore - // check if alias exists in existingJksStore - if (existingJksStore.ContainsAlias(alias)) - { - // If alias exists, delete it from existingJksStore - _logger.LogDebug("Alias '{Alias}' exists in existing JKS store, deleting it", alias); - existingJksStore.DeleteEntry(alias); - } - - _logger.LogDebug("Setting key entry for alias '{Alias}'", alias); - existingJksStore.SetKeyEntry(alias, - keyEntry.Key, - string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray(), - certificates.ToArray()); - } + if (createdNewStore) + { + // If createdNewStore is true, create a new store + _logger.LogDebug("Created new JKS store, setting key entry for alias '{Alias}'", al); + newJksStore.SetKeyEntry(alias, + keyEntry.Key, + string.IsNullOrEmpty(existingStorePassword) ? [] : existingStorePassword.ToCharArray(), + certificates.ToArray()); } else { - if (createdNewStore) + // If createdNewStore is false, add to existingJksStore + // check if alias exists in existingJksStore + if (existingJksStore.ContainsAlias(alias)) { - _logger.LogDebug("Created new JKS store, setting certificate entry for alias '{Alias}'", alias); - _logger.LogDebug("Setting certificate entry for new JKS store, alias '{Alias}'", alias); - newJksStore.SetCertificateEntry(alias, newCert.GetCertificate(alias).Certificate); - } - else - { - _logger.LogDebug("Setting certificate entry for existing JKS store, alias '{Alias}'", alias); - existingJksStore.SetCertificateEntry(alias, newCert.GetCertificate(alias).Certificate); + // If alias exists, delete it from existingJksStore + _logger.LogDebug("Alias '{Alias}' exists in existing JKS store, deleting it", alias); + existingJksStore.DeleteEntry(alias); } + _logger.LogDebug("Setting key entry for alias '{Alias}'", alias); + existingJksStore.SetKeyEntry(alias, + keyEntry.Key, + string.IsNullOrEmpty(existingStorePassword) ? [] : existingStorePassword.ToCharArray(), + certificates.ToArray()); } } - - using var outStream = new MemoryStream(); - if (createdNewStore) - { - _logger.LogDebug("Created new JKS store, saving it to outStream"); - newJksStore.Save(outStream, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray()); - } else { - _logger.LogDebug("Saving existing JKS store to outStream"); - existingJksStore.Save(outStream, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray()); - } - // Return existingJksStore as byte[] - _logger.LogDebug("Returning JKS store as byte[]"); - return outStream.ToArray(); - } - public List SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword) - { - _logger.MethodEntry(LogLevel.Debug); - - var jksStore = new JksStore(); - - foreach (var alias in certificateStore.Aliases) - { - var keyEntry = certificateStore.GetKey(alias); - var certificateChain = certificateStore.GetCertificateChain(alias); - var certificates = new List(); - if (certificateStore.IsKeyEntry(alias)) + if (createdNewStore) { - - certificates.AddRange(certificateChain.Select(certificateEntry => certificateEntry.Certificate)); - - jksStore.SetKeyEntry(alias, keyEntry.Key, string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray(), certificates.ToArray()); + _logger.LogDebug("Created new JKS store, setting certificate entry for alias '{Alias}'", alias); + _logger.LogDebug("Setting certificate entry for new JKS store, alias '{Alias}'", alias); + newJksStore.SetCertificateEntry(alias, newCert.GetCertificate(alias).Certificate); } else { - jksStore.SetCertificateEntry(alias, certificateStore.GetCertificate(alias).Certificate); + _logger.LogDebug("Setting certificate entry for existing JKS store, alias '{Alias}'", alias); + existingJksStore.SetCertificateEntry(alias, newCert.GetCertificate(alias).Certificate); } } - - using var outStream = new MemoryStream(); - jksStore.Save(outStream, string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray()); - - var storeInfo = new List(); - storeInfo.Add(new SerializedStoreInfo() { FilePath = storePath + storeFileName, Contents = outStream.ToArray() }); - - _logger.MethodExit(LogLevel.Debug); - return storeInfo; - } - public string GetPrivateKeyPath() + using var outStream = new MemoryStream(); + if (createdNewStore) { - return null; + _logger.LogDebug("Created new JKS store, saving it to outStream"); + _logger.LogTrace("Saving new JKS store to outStream w/ password '{Pass}'", + existingStorePassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + newJksStore.Save(outStream, + string.IsNullOrEmpty(existingStorePassword) ? [] : existingStorePassword.ToCharArray()); } - - private static string GetSha256Hash(string input) + else { - if (string.IsNullOrEmpty(input)) - { - return null; - } - var passwordHashBytes = SHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(input)); - var passwordHash = BitConverter.ToString(passwordHashBytes).Replace("-", "").ToLower(); - return passwordHash; + _logger.LogDebug("Saving existing JKS store to outStream"); + _logger.LogTrace("Saving existing JKS store to outStream w/ password '{Pass}'", + existingStorePassword ?? "null"); //TODO: INSECURE - Remove this line, it is for debugging purposes only + existingJksStore.Save(outStream, + string.IsNullOrEmpty(existingStorePassword) ? [] : existingStorePassword.ToCharArray()); } + + // Return existingJksStore as byte[] + _logger.MethodExit(); + return outStream.ToArray(); + } + + private static string GetSha256Hash(string input) + { + if (string.IsNullOrEmpty(input)) return null; + var passwordHashBytes = SHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(input)); + var passwordHash = BitConverter.ToString(passwordHashBytes).Replace("-", "").ToLower(); + return passwordHash; } -} +} \ No newline at end of file From 28291f1baf3686676c1266ec9f5ef91a07cf1311 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:36:22 -0700 Subject: [PATCH 04/11] chore: cleanup --- .../Models/SerializedStoreInfo.cs | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/kubernetes-orchestrator-extension/Models/SerializedStoreInfo.cs b/kubernetes-orchestrator-extension/Models/SerializedStoreInfo.cs index c736d2c..e5af7d7 100644 --- a/kubernetes-orchestrator-extension/Models/SerializedStoreInfo.cs +++ b/kubernetes-orchestrator-extension/Models/SerializedStoreInfo.cs @@ -7,12 +7,11 @@ using System.Security.Cryptography.X509Certificates; -namespace Keyfactor.Extensions.Orchestrator.K8S.Models +namespace Keyfactor.Extensions.Orchestrator.K8S.Models; + +internal class SerializedStoreInfo : X509Certificate2 { - class SerializedStoreInfo : X509Certificate2 - { - public string FilePath { get; set; } + public string FilePath { get; set; } - public byte[] Contents { get; set; } - } -} + public byte[] Contents { get; set; } +} \ No newline at end of file From 6f56bef668f4c7d4cd2e29b5e294501d9ed57eb6 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:37:09 -0700 Subject: [PATCH 05/11] chore(k8spkcs12): Add verbose logging and cleanup --- .../StoreTypes/K8SPKCS12/Store.cs | 169 +++++++++++++----- 1 file changed, 122 insertions(+), 47 deletions(-) diff --git a/kubernetes-orchestrator-extension/StoreTypes/K8SPKCS12/Store.cs b/kubernetes-orchestrator-extension/StoreTypes/K8SPKCS12/Store.cs index 96c4746..7ee3991 100644 --- a/kubernetes-orchestrator-extension/StoreTypes/K8SPKCS12/Store.cs +++ b/kubernetes-orchestrator-extension/StoreTypes/K8SPKCS12/Store.cs @@ -8,7 +8,6 @@ using System; using System.Collections.Generic; using System.IO; -using System.Linq; using Keyfactor.Extensions.Orchestrator.K8S.Models; using Keyfactor.Logging; using Microsoft.Extensions.Logging; @@ -18,9 +17,10 @@ namespace Keyfactor.Extensions.Orchestrator.K8S.StoreTypes.K8SPKCS12; -class Pkcs12CertificateStoreSerializer : ICertificateStoreSerializer +internal class Pkcs12CertificateStoreSerializer : ICertificateStoreSerializer { private readonly ILogger _logger; + public Pkcs12CertificateStoreSerializer(string storeProperties) { _logger = LogHandler.GetClassLogger(GetType()); @@ -34,17 +34,74 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, strin var store = storeBuilder.Build(); using var ms = new MemoryStream(storeContents); + _logger.LogDebug("Loading Pkcs12Store from MemoryStream from {Path}", storePath); store.Load(ms, string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray()); + _logger.LogDebug("Pkcs12Store loaded from {Path}", storePath); return store; } - public byte[] CreateOrUpdatePkcs12(byte[] newPkcs12Bytes, string newCertPassword, string alias, byte[] existingStore = null, string existingStorePassword = null, + public List SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, + string storeFileName, string storePassword) + { + _logger.MethodEntry(LogLevel.Debug); + + var storeBuilder = new Pkcs12StoreBuilder(); + var pkcs12Store = storeBuilder.Build(); + + foreach (var alias in certificateStore.Aliases) + { + _logger.LogDebug("Processing alias '{Alias}'", alias); + var keyEntry = certificateStore.GetKey(alias); + + if (certificateStore.IsKeyEntry(alias)) + { + _logger.LogDebug("Alias '{Alias}' is a key entry", alias); + pkcs12Store.SetKeyEntry(alias, keyEntry, certificateStore.GetCertificateChain(alias)); + } + else + { + _logger.LogDebug("Alias '{Alias}' is a certificate entry", alias); + var certEntry = certificateStore.GetCertificate(alias); + _logger.LogTrace("Certificate entry '{Entry}'", certEntry.Certificate.SubjectDN.ToString()); + _logger.LogDebug("Attempting to SetCertificateEntry for '{Alias}'", alias); + pkcs12Store.SetCertificateEntry(alias, certEntry); + } + } + + using var outStream = new MemoryStream(); + _logger.LogDebug("Saving Pkcs12Store to MemoryStream"); + pkcs12Store.Save(outStream, + string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray(), + new SecureRandom()); + + var storeInfo = new List(); + + _logger.LogDebug("Adding store to list of serialized stores"); + var filePath = Path.Combine(storePath, storeFileName); + _logger.LogDebug("Filepath '{Path}", filePath); + storeInfo.Add(new SerializedStoreInfo + { + FilePath = filePath, + Contents = outStream.ToArray() + }); + + _logger.MethodExit(LogLevel.Debug); + return storeInfo; + } + + public string GetPrivateKeyPath() + { + return null; + } + + public byte[] CreateOrUpdatePkcs12(byte[] newPkcs12Bytes, string newCertPassword, string alias, + byte[] existingStore = null, string existingStorePassword = null, bool remove = false) { _logger.MethodEntry(LogLevel.Debug); - _logger.LogDebug("Creating or updating PKCS12 store"); + _logger.LogDebug("Creating or updating PKCS12 store for alias'{Alias}'", alias); // If existingStore is null, create a new store var storeBuilder = new Pkcs12StoreBuilder(); var existingPkcs12Store = storeBuilder.Build(); @@ -54,32 +111,56 @@ public byte[] CreateOrUpdatePkcs12(byte[] newPkcs12Bytes, string newCertPassword // If existingStore is not null, load it into pkcs12Store if (existingStore != null) { + _logger.LogDebug("Attempting to load existing Pkcs12Store"); using var ms = new MemoryStream(existingStore); - existingPkcs12Store.Load(ms, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray()); + existingPkcs12Store.Load(ms, + string.IsNullOrEmpty(existingStorePassword) + ? Array.Empty() + : existingStorePassword.ToCharArray()); + _logger.LogDebug("Existing Pkcs12Store loaded"); + + _logger.LogDebug("Checking if alias '{Alias}' exists in existingPkcs12Store", alias); if (existingPkcs12Store.ContainsAlias(alias)) { // If alias exists, delete it from existingPkcs12Store + _logger.LogDebug("Alias '{Alias}' exists in existingPkcs12Store", alias); + _logger.LogDebug("Deleting alias '{Alias}' from existingPkcs12Store", alias); existingPkcs12Store.DeleteEntry(alias); if (remove) { // If remove is true, save existingPkcs12Store and return + _logger.LogDebug("Alias '{Alias}' was removed from existing store", alias); using var mms = new MemoryStream(); - existingPkcs12Store.Save(mms, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray(), new SecureRandom()); + _logger.LogDebug("Saving removal operation"); + existingPkcs12Store.Save(mms, + string.IsNullOrEmpty(existingStorePassword) + ? Array.Empty() + : existingStorePassword.ToCharArray(), new SecureRandom()); + + _logger.LogDebug("Converting existingPkcs12Store to byte[] and returning"); + _logger.MethodExit(LogLevel.Debug); return mms.ToArray(); } } else if (remove) { // If alias does not exist and remove is true, return existingStore + _logger.LogDebug("Alias '{Alias}' does not exist in existingPkcs12Store, nothing to remove", alias); using var existingPkcs12StoreMs = new MemoryStream(); existingPkcs12Store.Save(existingPkcs12StoreMs, - string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray(), + string.IsNullOrEmpty(existingStorePassword) + ? Array.Empty() + : existingStorePassword.ToCharArray(), new SecureRandom()); + + _logger.LogDebug("Converting existingPkcs12Store to byte[] and returning"); + _logger.MethodExit(LogLevel.Debug); return existingPkcs12StoreMs.ToArray(); } } else { + _logger.LogDebug("Attempting to create new Pkcs12Store"); createdNewStore = true; } @@ -87,31 +168,47 @@ public byte[] CreateOrUpdatePkcs12(byte[] newPkcs12Bytes, string newCertPassword try { + _logger.LogDebug("Attempting to load pkcs12 bytes"); using var newPkcs12Ms = new MemoryStream(newPkcs12Bytes); - newCert.Load(newPkcs12Ms, string.IsNullOrEmpty(newCertPassword) ? Array.Empty() : newCertPassword.ToCharArray()); + newCert.Load(newPkcs12Ms, + string.IsNullOrEmpty(newCertPassword) ? Array.Empty() : newCertPassword.ToCharArray()); + _logger.LogDebug("pkcs12 bytes loaded"); } catch (Exception) { + _logger.LogError("Unknown error loading pkcs12 bytes, attempting to parse certificate"); var certificateParser = new X509CertificateParser(); var certificate = certificateParser.ReadCertificate(newPkcs12Bytes); + _logger.LogDebug("Certificate parse successful, attempting to create new Pkcs12Store from certificate"); // create new Pkcs12Store from certificate storeBuilder = new Pkcs12StoreBuilder(); newCert = storeBuilder.Build(); + + _logger.LogDebug("Attempting to set PKCS12 certificate entry using alias '{Alias}'", alias); newCert.SetCertificateEntry(alias, new X509CertificateEntry(certificate)); + _logger.LogDebug("PKCS12 certificate entry set using alias '{Alias}'", alias); } // Iterate through newCert aliases. WARNING: This assumes there is only one alias in the newCert + _logger.LogTrace("Iterating through PKCS12 certificate aliases"); foreach (var al in newCert.Aliases) { + _logger.LogTrace("Handling alias {Alias}", al); if (newCert.IsKeyEntry(al)) { + _logger.LogDebug("Attempting to parse key for alias {Alias}", al); var keyEntry = newCert.GetKey(al); + _logger.LogDebug("Key parsed for alias {Alias}", al); + + _logger.LogDebug("Attempting to parse certificate chain for alias {Alias}", al); var certificateChain = newCert.GetCertificateChain(al); + _logger.LogDebug("Certificate chain parsed for alias {Alias}", al); if (createdNewStore) { // If createdNewStore is true, create a new store + _logger.LogDebug("Attempting to set key entry for alias '{Alias}'", alias); pkcs12StoreNew.SetKeyEntry( alias, keyEntry, @@ -124,10 +221,12 @@ public byte[] CreateOrUpdatePkcs12(byte[] newPkcs12Bytes, string newCertPassword // check if alias exists in existingPkcs12Store if (existingPkcs12Store.ContainsAlias(alias)) { + _logger.LogDebug("Removing existing entry for alias '{Alias}'", alias); // If alias exists, delete it from existingPkcs12Store existingPkcs12Store.DeleteEntry(alias); } + _logger.LogDebug("Attempting to set key entry for alias '{Alias}'", alias); existingPkcs12Store.SetKeyEntry( alias, keyEntry, @@ -140,62 +239,38 @@ public byte[] CreateOrUpdatePkcs12(byte[] newPkcs12Bytes, string newCertPassword { if (createdNewStore) { + _logger.LogDebug("Attempting to set certificate entry for alias '{Alias}'", alias); pkcs12StoreNew.SetCertificateEntry(alias, newCert.GetCertificate(alias)); } else { + _logger.LogDebug("Attempting to set certificate entry for alias '{Alias}'", alias); existingPkcs12Store.SetCertificateEntry(alias, newCert.GetCertificate(alias)); } - } } using var outStream = new MemoryStream(); if (createdNewStore) { - pkcs12StoreNew.Save(outStream, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray(), new SecureRandom()); + _logger.LogDebug("Attempting to save new Pkcs12Store"); + pkcs12StoreNew.Save(outStream, + string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray(), + new SecureRandom()); + _logger.LogDebug("New Pkcs12Store saved"); } else { - existingPkcs12Store.Save(outStream, string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray(), new SecureRandom()); + _logger.LogDebug("Attempting to save existing Pkcs12Store"); + existingPkcs12Store.Save(outStream, + string.IsNullOrEmpty(existingStorePassword) ? Array.Empty() : existingStorePassword.ToCharArray(), + new SecureRandom()); + _logger.LogDebug("Existing Pkcs12Store saved"); } // Return existingPkcs12Store as byte[] - return outStream.ToArray(); - } - - public List SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword) - { - _logger.MethodEntry(LogLevel.Debug); - - var storeBuilder = new Pkcs12StoreBuilder(); - var pkcs12Store = storeBuilder.Build(); - - foreach (var alias in certificateStore.Aliases) - { - var keyEntry = certificateStore.GetKey(alias); - if (certificateStore.IsKeyEntry(alias)) - { - pkcs12Store.SetKeyEntry(alias, keyEntry, certificateStore.GetCertificateChain(alias)); - } - else - { - pkcs12Store.SetCertificateEntry(alias, certificateStore.GetCertificate(alias)); - } - } - - using var outStream = new MemoryStream(); - pkcs12Store.Save(outStream, string.IsNullOrEmpty(storePassword) ? Array.Empty() : storePassword.ToCharArray(), new SecureRandom()); - - var storeInfo = new List(); - storeInfo.Add(new SerializedStoreInfo() { FilePath = storePath + storeFileName, Contents = outStream.ToArray() }); + _logger.LogDebug("Converting existingPkcs12Store to byte[] and returning"); _logger.MethodExit(LogLevel.Debug); - return storeInfo; - - } - - public string GetPrivateKeyPath() - { - return null; + return outStream.ToArray(); } -} +} \ No newline at end of file From 923969f597955704922b288ad4769b6fff81b740 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:37:22 -0700 Subject: [PATCH 06/11] chore: cleanup --- .../StoreTypes/ICertificateStoreSerializer.cs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/kubernetes-orchestrator-extension/StoreTypes/ICertificateStoreSerializer.cs b/kubernetes-orchestrator-extension/StoreTypes/ICertificateStoreSerializer.cs index be5393f..5f859be 100644 --- a/kubernetes-orchestrator-extension/StoreTypes/ICertificateStoreSerializer.cs +++ b/kubernetes-orchestrator-extension/StoreTypes/ICertificateStoreSerializer.cs @@ -9,14 +9,14 @@ using Keyfactor.Extensions.Orchestrator.K8S.Models; using Org.BouncyCastle.Pkcs; -namespace Keyfactor.Extensions.Orchestrator.K8S.StoreTypes +namespace Keyfactor.Extensions.Orchestrator.K8S.StoreTypes; + +internal interface ICertificateStoreSerializer { - interface ICertificateStoreSerializer - { - Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword); + Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, string storePath, string storePassword); - List SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword); + List SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, + string storeFileName, string storePassword); - string GetPrivateKeyPath(); - } -} + string GetPrivateKeyPath(); +} \ No newline at end of file From 57f2a189f08313b9a53646181ccf28d8f5640fad Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:42:23 -0700 Subject: [PATCH 07/11] chore: formatting + cleanup --- .../Jobs/Discovery.cs | 11 +- .../Jobs/Inventory.cs | 7 +- .../Jobs/Management.cs | 187 ++++++++++-------- .../Jobs/PAMUtilities.cs | 16 +- 4 files changed, 122 insertions(+), 99 deletions(-) diff --git a/kubernetes-orchestrator-extension/Jobs/Discovery.cs b/kubernetes-orchestrator-extension/Jobs/Discovery.cs index 8d94260..3dded07 100644 --- a/kubernetes-orchestrator-extension/Jobs/Discovery.cs +++ b/kubernetes-orchestrator-extension/Jobs/Discovery.cs @@ -9,9 +9,9 @@ using System.Collections.Generic; using System.Linq; using Keyfactor.Extensions.Orchestrator.K8S.Clients; +using Keyfactor.Logging; using Keyfactor.Orchestrators.Common.Enums; using Keyfactor.Orchestrators.Extensions; -using Keyfactor.Logging; using Keyfactor.Orchestrators.Extensions.Interfaces; using Microsoft.Extensions.Logging; @@ -166,7 +166,8 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd //make secretAllowedKeys unique secretAllowedKeys = secretAllowedKeys.Distinct().ToArray(); - Logger.LogInformation("Discovering k8s secrets with allowed keys: `{AllowedKeys}` and type: `pkcs12`", + Logger.LogInformation( + "Discovering k8s secrets with allowed keys: `{AllowedKeys}` and type: `pkcs12`", string.Join(",", secretAllowedKeys)); Logger.LogDebug("Calling KubeClient.DiscoverSecrets()"); locations = KubeClient.DiscoverSecrets(secretAllowedKeys, "pkcs12", @@ -211,7 +212,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd //Status: 2=Success, 3=Warning, 4=Error Logger.LogError("Discovery job has failed due to an unknown error"); Logger.LogError("{Message}", ex.Message); - Logger.LogTrace("{Message}",ex.ToString()); + Logger.LogTrace("{Message}", ex.ToString()); // iterate through the inner exceptions var inner = ex.InnerException; while (inner != null) @@ -220,6 +221,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd Logger.LogTrace("{Message}", inner.ToString()); inner = inner.InnerException; } + Logger.LogInformation("End DISCOVERY for K8S Orchestrator Extension for job '{JobID}' with failure", config.JobId); return FailJob(ex.Message, config.JobHistoryId); @@ -238,7 +240,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd { Result = OrchestratorJobStatusJobResult.Success, JobHistoryId = config.JobHistoryId, - FailureMessage = "Discovered the following locations: " + string.Join(",\n", locations), + FailureMessage = "Discovered the following locations: " + string.Join(",\n", locations) }; } catch (Exception ex) @@ -254,6 +256,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd Logger.LogTrace("{Message}", inner.ToString()); inner = inner.InnerException; } + Logger.LogInformation("End DISCOVERY for K8S Orchestrator Extension for job '{JobID}' with failure", config.JobId); return FailJob(ex.Message, config.JobHistoryId); diff --git a/kubernetes-orchestrator-extension/Jobs/Inventory.cs b/kubernetes-orchestrator-extension/Jobs/Inventory.cs index 896ce05..ac849e0 100644 --- a/kubernetes-orchestrator-extension/Jobs/Inventory.cs +++ b/kubernetes-orchestrator-extension/Jobs/Inventory.cs @@ -59,7 +59,7 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd Logger.LogDebug("Host: {Host}", KubeClient.GetHost()); Logger.LogTrace("Inventory entering switch based on KubeSecretType: " + KubeSecretType + "..."); - + var hasPrivateKey = false; Logger.LogTrace("Inventory entering switch based on KubeSecretType: " + KubeSecretType + "..."); @@ -89,7 +89,8 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd KubeNamespace, KubeSecretName); return PushInventory(new List(), config.JobHistoryId, submitInventory, false, "WARNING: Store not found in Kubernetes cluster. Assuming empty inventory."); - } catch (Exception ex) + } + catch (Exception ex) { Logger.LogError("Inventory failed with exception: " + ex.Message); Logger.LogTrace(ex.Message); @@ -323,7 +324,7 @@ private Dictionary> HandleJKSSecret(JobConfiguration config KubeNamespace + " and key " + keyName); var keyPassword = getK8SStorePassword(k8sData.Secret); var passwordHash = GetSHA256Hash(keyPassword); - Logger.LogTrace("Password hash for '{Secret}/{Key}': {Hash}", KubeSecretName, keyName, passwordHash); + // Logger.LogTrace("Password hash for '{Secret}/{Key}': {Hash}", KubeSecretName, keyName, passwordHash); //TODO: Insecure comment out! var keyAlias = keyName; Logger.LogTrace("Key alias: {Alias}", keyAlias); Logger.LogDebug("Attempting to deserialize JKS store '{Secret}/{Key}'", KubeSecretName, keyName); diff --git a/kubernetes-orchestrator-extension/Jobs/Management.cs b/kubernetes-orchestrator-extension/Jobs/Management.cs index e1ca522..2c79ac6 100644 --- a/kubernetes-orchestrator-extension/Jobs/Management.cs +++ b/kubernetes-orchestrator-extension/Jobs/Management.cs @@ -7,7 +7,6 @@ using System; using System.Collections.Generic; -using System.Security.Cryptography.X509Certificates; using k8s.Autorest; using k8s.Models; using Keyfactor.Extensions.Orchestrator.K8S.Clients; @@ -17,7 +16,6 @@ using Keyfactor.Orchestrators.Common.Enums; using Keyfactor.Orchestrators.Extensions; using Keyfactor.Orchestrators.Extensions.Interfaces; -using Keyfactor.PKI.PEM; using Microsoft.Extensions.Logging; namespace Keyfactor.Extensions.Orchestrator.K8S.Jobs; @@ -52,6 +50,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config) //NLog Logging to c:\CMS\Logs\CMS_Agent_Log.txt Logger = LogHandler.GetClassLogger(GetType()); + Logger.MethodEntry(); K8SJobCertificate jobCertObj; try { @@ -85,10 +84,12 @@ public JobResult ProcessJob(ManagementJobConfiguration config) case CertStoreOperationType.Add: case CertStoreOperationType.Create: //OperationType == Add - Add a certificate to the certificate store passed in the config object - Logger.LogInformation($"Processing Management-{config.OperationType.GetType()} job for certificate '{config.JobCertificate.Alias}'..."); + Logger.LogInformation( + $"Processing Management-{config.OperationType.GetType()} job for certificate '{config.JobCertificate.Alias}'..."); return HandleCreateOrUpdate(KubeSecretType, config, jobCertObj, Overwrite); case CertStoreOperationType.Remove: - Logger.LogInformation($"Processing Management-{config.OperationType.GetType()} job for certificate '{config.JobCertificate.Alias}'..."); + Logger.LogInformation( + $"Processing Management-{config.OperationType.GetType()} job for certificate '{config.JobCertificate.Alias}'..."); return HandleRemove(KubeSecretType, config); case CertStoreOperationType.Unknown: case CertStoreOperationType.Inventory: @@ -99,10 +100,13 @@ public JobResult ProcessJob(ManagementJobConfiguration config) case CertStoreOperationType.FetchLogs: Logger.LogInformation("End MANAGEMENT for K8S Orchestrator Extension for job " + config.JobId + $" - OperationType '{config.OperationType.GetType()}' not supported by Kubernetes certificate store job. Failed!"); - return FailJob($"OperationType '{config.OperationType.GetType()}' not supported by Kubernetes certificate store job.", config.JobHistoryId); + return FailJob( + $"OperationType '{config.OperationType.GetType()}' not supported by Kubernetes certificate store job.", + config.JobHistoryId); default: //Invalid OperationType. Return error. Should never happen though - var impError = $"Invalid OperationType '{config.OperationType.GetType()}' passed to Kubernetes certificate store job. This should never happen."; + var impError = + $"Invalid OperationType '{config.OperationType.GetType()}' passed to Kubernetes certificate store job. This should never happen."; Logger.LogError(impError); Logger.LogInformation("End MANAGEMENT for K8S Orchestrator Extension for job " + config.JobId + $" - OperationType '{config.OperationType.GetType()}' not supported by Kubernetes certificate store job. Failed!"); @@ -115,7 +119,8 @@ public JobResult ProcessJob(ManagementJobConfiguration config) Logger.LogError(ex.Message); Logger.LogTrace(ex.StackTrace); //Status: 2=Success, 3=Warning, 4=Error - Logger.LogInformation("End MANAGEMENT for K8S Orchestrator Extension for job " + config.JobId + " with failure."); + Logger.LogInformation("End MANAGEMENT for K8S Orchestrator Extension for job " + config.JobId + + " with failure."); return FailJob(ex.Message, config.JobHistoryId); } } @@ -123,7 +128,8 @@ public JobResult ProcessJob(ManagementJobConfiguration config) private V1Secret creatEmptySecret(string secretType) { - Logger.LogWarning("Certificate object and certificate alias are both null or empty. Assuming this is a 'create_store' action and populating an empty store."); + Logger.LogWarning( + "Certificate object and certificate alias are both null or empty. Assuming this is a 'create_store' action and populating an empty store."); var emptyStrArray = Array.Empty(); var createResponse = KubeClient.CreateOrUpdateCertificateStoreSecret( "", @@ -141,14 +147,15 @@ private V1Secret creatEmptySecret(string secretType) return createResponse; } - private V1Secret HandleOpaqueSecret(string certAlias, K8SJobCertificate certObj, string keyPasswordStr = "", bool overwrite = false, bool append = false) + private V1Secret HandleOpaqueSecret(string certAlias, K8SJobCertificate certObj, string keyPasswordStr = "", + bool overwrite = false, bool append = false) { Logger.LogTrace("Entered HandleOpaqueSecret()"); Logger.LogTrace("certAlias: " + certAlias); // Logger.LogTrace("keyPasswordStr: " + keyPasswordStr); Logger.LogTrace("overwrite: " + overwrite); Logger.LogTrace("append: " + append); - + Logger.LogDebug("Calling CreateOrUpdateCertificateStoreSecret() to create or update secret in Kubernetes..."); var createResponse = KubeClient.CreateOrUpdateCertificateStoreSecret( certObj.PrivateKeyPem, @@ -161,23 +168,18 @@ private V1Secret HandleOpaqueSecret(string certAlias, K8SJobCertificate certObj, overwrite ); if (createResponse == null) - { Logger.LogError("createResponse is null"); - } else - { Logger.LogTrace(createResponse.ToString()); - } Logger.LogInformation( $"Successfully created or updated secret '{KubeSecretName}' in Kubernetes namespace '{KubeNamespace}' on cluster '{KubeClient.GetHost()}' with certificate '{certAlias}'"); return createResponse; - } - + private V1Secret HandleJksSecret(ManagementJobConfiguration config, bool remove = false) { - Logger.LogDebug("Entering HandleJKSSecret()..."); + Logger.MethodEntry(); // get the jks store from the secret Logger.LogDebug("Attempting to serialize JKS store"); var jksStore = new JksCertificateStoreSerializer(config.JobProperties?.ToString()); @@ -188,58 +190,68 @@ private V1Secret HandleJksSecret(ManagementJobConfiguration config, bool remove Logger.LogTrace("OperationType is: {OperationType}", config.OperationType.GetType()); try { - Logger.LogDebug("Attempting to get JKS store from Kubernetes secret {Name} in namespace {Namespace}", KubeSecretName, KubeNamespace); + Logger.LogDebug("Attempting to get JKS store from Kubernetes secret {Name} in namespace {Namespace}", + KubeSecretName, KubeNamespace); k8sData = KubeClient.GetJksSecret(KubeSecretName, KubeNamespace); } catch (StoreNotFoundException) { if (config.OperationType == CertStoreOperationType.Remove) { - Logger.LogWarning("Secret '{Name}' not found in Kubernetes namespace '{Ns}' so nothing to remove...", KubeSecretName, KubeNamespace); + Logger.LogWarning( + "Secret '{Name}' not found in Kubernetes namespace '{Ns}' so nothing to remove...", + KubeSecretName, KubeNamespace); return null; } - Logger.LogWarning("Secret '{Name}' not found in Kubernetes namespace '{Ns}' so creating new secret...", KubeSecretName, KubeNamespace); + + Logger.LogWarning("Secret '{Name}' not found in Kubernetes namespace '{Ns}' so creating new secret...", + KubeSecretName, KubeNamespace); } } + // get newCert bytes from config.JobCertificate.Contents Logger.LogDebug("Attempting to get newCert bytes from config.JobCertificate.Contents"); - var newCertBytes = Convert.FromBase64String(config.JobCertificate.Contents); + var newCertBytes = config.JobCertificate?.Contents == null + ? [] + : Convert.FromBase64String(config.JobCertificate.Contents); - var alias = config.JobCertificate.Alias; - Logger.LogTrace("alias: " + alias); + var alias = string.IsNullOrEmpty(config.JobCertificate?.Alias) ? "default" : config.JobCertificate.Alias; + Logger.LogTrace("alias: {Alias}", alias); var existingDataFieldName = "jks"; // if alias contains a '/' then the pattern is 'k8s-secret-field-name/alias' - if (alias.Contains('/')) + if (!string.IsNullOrEmpty(alias) && alias.Contains('/')) { Logger.LogDebug("alias contains a '/' so splitting on '/'..."); var aliasParts = alias.Split("/"); existingDataFieldName = aliasParts[0]; alias = aliasParts[1]; } + Logger.LogTrace("existingDataFieldName: {Name}", existingDataFieldName); Logger.LogTrace("alias: {Alias}", alias); byte[] existingData = null; if (k8sData.Secret?.Data != null) { - Logger.LogDebug("k8sData.Secret.Data is not null so attempting to get existingData from secret data field {Name}...", existingDataFieldName); + Logger.LogDebug( + "k8sData.Secret.Data is not null so attempting to get existingData from secret data field {Name}...", + existingDataFieldName); existingData = k8sData.Secret.Data.TryGetValue(existingDataFieldName, out var value) ? value : null; } if (!string.IsNullOrEmpty(config.CertificateStoreDetails.StorePassword)) { - Logger.LogDebug("StorePassword is not null or empty so setting StorePassword to config.CertificateStoreDetails.StorePassword"); + Logger.LogDebug( + "StorePassword is not null or empty so setting StorePassword to config.CertificateStoreDetails.StorePassword"); StorePassword = config.CertificateStoreDetails.StorePassword; - var hashedStorePassword = GetSHA256Hash(StorePassword); - Logger.LogTrace("hashedStorePassword: {Hash}", hashedStorePassword); } + Logger.LogDebug("Getting store password"); var sPass = getK8SStorePassword(k8sData.Secret); - var hashedSPass = GetSHA256Hash(sPass); - Logger.LogTrace("hashedStorePassword: {Hash}", hashedSPass); Logger.LogDebug("Calling CreateOrUpdateJks()..."); try { - var newJksStore = jksStore.CreateOrUpdateJks(newCertBytes, config.JobCertificate.PrivateKeyPassword, alias, existingData, sPass, remove); + var newJksStore = jksStore.CreateOrUpdateJks(newCertBytes, config.JobCertificate?.PrivateKeyPassword, alias, + existingData, sPass, remove); if (k8sData.Inventory == null || k8sData.Inventory.Count == 0) { Logger.LogDebug("k8sData.JksInventory is null or empty so creating new Dictionary..."); @@ -251,6 +263,7 @@ private V1Secret HandleJksSecret(ManagementJobConfiguration config, bool remove Logger.LogDebug("k8sData.JksInventory is not null or empty so updating existing Dictionary..."); k8sData.Inventory[existingDataFieldName] = newJksStore; } + // update the secret Logger.LogDebug("Calling CreateOrUpdateJksSecret()..."); var updateResponse = KubeClient.CreateOrUpdateJksSecret(k8sData, KubeSecretName, KubeNamespace); @@ -261,7 +274,6 @@ private V1Secret HandleJksSecret(ManagementJobConfiguration config, bool remove { return HandlePkcs12Secret(config, remove); } - } private V1Secret HandlePkcs12Secret(ManagementJobConfiguration config, bool remove = false) @@ -272,7 +284,6 @@ private V1Secret HandlePkcs12Secret(ManagementJobConfiguration config, bool remo //getPkcs12BytesFromKubeSecret var k8sData = new KubeCertificateManagerClient.Pkcs12Secret(); if (config.OperationType is CertStoreOperationType.Add or CertStoreOperationType.Remove) - { try { k8sData = KubeClient.GetPkcs12Secret(KubeSecretName, KubeNamespace); @@ -284,9 +295,9 @@ private V1Secret HandlePkcs12Secret(ManagementJobConfiguration config, bool remo Logger.LogWarning("Secret {Name} not found in Kubernetes, nothing to remove...", KubeSecretName); return null; } + Logger.LogWarning("Secret {Name} not found in Kubernetes, creating new secret...", KubeSecretName); } - } // get newCert bytes from config.JobCertificate.Contents var newCertBytes = Convert.FromBase64String(config.JobCertificate.Contents); @@ -307,18 +318,15 @@ private V1Secret HandlePkcs12Secret(ManagementJobConfiguration config, bool remo Logger.LogDebug("alias: " + alias); byte[] existingData = null; if (k8sData.Secret?.Data != null) - { existingData = k8sData.Secret.Data.TryGetValue(existingDataFieldName, out var value) ? value : null; - } if (!string.IsNullOrEmpty(config.CertificateStoreDetails.StorePassword)) - { StorePassword = config.CertificateStoreDetails.StorePassword; - } Logger.LogDebug("Getting store password"); var sPass = getK8SStorePassword(k8sData.Secret); Logger.LogDebug("Calling CreateOrUpdatePkcs12()..."); - var newPkcs12Store = pkcs12Store.CreateOrUpdatePkcs12(newCertBytes, config.JobCertificate.PrivateKeyPassword, alias, existingData, sPass, remove); + var newPkcs12Store = pkcs12Store.CreateOrUpdatePkcs12(newCertBytes, config.JobCertificate.PrivateKeyPassword, + alias, existingData, sPass, remove); if (k8sData.Inventory == null || k8sData.Inventory.Count == 0) { Logger.LogDebug("k8sData.Pkcs12Inventory is null or empty so creating new Dictionary..."); @@ -330,6 +338,7 @@ private V1Secret HandlePkcs12Secret(ManagementJobConfiguration config, bool remo Logger.LogDebug("k8sData.Pkcs12Inventory is not null or empty so updating existing Dictionary..."); k8sData.Inventory[existingDataFieldName] = newPkcs12Store; } + // update the secret Logger.LogDebug("Calling CreateOrUpdatePkcs12Secret()..."); var updateResponse = KubeClient.CreateOrUpdatePkcs12Secret(k8sData, KubeSecretName, KubeNamespace); @@ -389,7 +398,8 @@ private V1Secret HandlePkcs12Secret(ManagementJobConfiguration config, bool remo // return createResponse; // } - private V1Secret HandleTlsSecret(string certAlias, K8SJobCertificate certObj, string certPassword, bool overwrite = false, bool append = true) + private V1Secret HandleTlsSecret(string certAlias, K8SJobCertificate certObj, string certPassword, + bool overwrite = false, bool append = true) { Logger.LogTrace("Entered HandleTlsSecret()"); Logger.LogTrace("certAlias: " + certAlias); @@ -409,14 +419,12 @@ private V1Secret HandleTlsSecret(string certAlias, K8SJobCertificate certObj, st catch (Exception ex) { if (!string.IsNullOrEmpty(certAlias)) - { Logger.LogWarning("This is fine"); - } else - { - Logger.LogError(ex, "Unknown error processing HandleTlsSecret(). Will try to continue as if everything is fine...for now."); - } + Logger.LogError(ex, + "Unknown error processing HandleTlsSecret(). Will try to continue as if everything is fine...for now."); } + var pemString = certObj.CertPem; Logger.LogTrace("pemString: " + pemString); @@ -434,16 +442,14 @@ private V1Secret HandleTlsSecret(string certAlias, K8SJobCertificate certObj, st string[] keyPems = { "" }; - Logger.LogInformation($"Secret type is 'tls_secret', so extracting private key from certificate '{certAlias}'..."); + Logger.LogInformation( + $"Secret type is 'tls_secret', so extracting private key from certificate '{certAlias}'..."); Logger.LogTrace("Calling GetKeyBytes() to extract private key from certificate..."); var keyBytes = certObj.PrivateKeyBytes; var keyPem = certObj.PrivateKeyPem; - if (!string.IsNullOrEmpty(keyPem)) - { - keyPems = new[] { keyPem }; - } + if (!string.IsNullOrEmpty(keyPem)) keyPems = new[] { keyPem }; Logger.LogDebug("Calling CreateOrUpdateCertificateStoreSecret() to create or update secret in Kubernetes..."); var createResponse = KubeClient.CreateOrUpdateCertificateStoreSecret( @@ -457,27 +463,24 @@ private V1Secret HandleTlsSecret(string certAlias, K8SJobCertificate certObj, st overwrite ); if (createResponse == null) - { Logger.LogError("createResponse is null"); - } else - { Logger.LogTrace(createResponse.ToString()); - } Logger.LogInformation( $"Successfully created or updated secret '{KubeSecretName}' in Kubernetes namespace '{KubeNamespace}' on cluster '{KubeClient.GetHost()}' with certificate '{certAlias}'"); return createResponse; } - private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfiguration config, K8SJobCertificate jobCertObj, bool overwrite = false) + private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfiguration config, + K8SJobCertificate jobCertObj, bool overwrite = false) { var certPassword = jobCertObj.Password; Logger.LogDebug("Entered HandleCreateOrUpdate()"); var jobCert = config.JobCertificate; var certAlias = config.JobCertificate.Alias; - if (string.IsNullOrEmpty(certAlias)) + if (string.IsNullOrEmpty(certAlias) && !string.IsNullOrEmpty(jobCertObj.CertThumbprint)) { certAlias = jobCertObj.CertThumbprint; } @@ -513,15 +516,17 @@ private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfigura case "tls": case "tlssecret": case "tls_secrets": - Logger.LogInformation("Secret type is 'tls_secret', calling HandleTlsSecret() for certificate " + certAlias + "..."); + Logger.LogInformation("Secret type is 'tls_secret', calling HandleTlsSecret() for certificate " + + certAlias + "..."); _ = HandleTlsSecret(certAlias, jobCertObj, certPassword, overwrite); Logger.LogInformation("Successfully called HandleTlsSecret() for certificate " + certAlias + "."); break; case "opaque": case "secret": case "secrets": - Logger.LogInformation("Secret type is 'secret', calling HandleOpaqueSecret() for certificate " + certAlias + "..."); - _ = HandleOpaqueSecret(certAlias, jobCertObj, certPassword, overwrite, false); + Logger.LogInformation("Secret type is 'secret', calling HandleOpaqueSecret() for certificate " + + certAlias + "..."); + _ = HandleOpaqueSecret(certAlias, jobCertObj, certPassword, overwrite); Logger.LogInformation("Successfully called HandleOpaqueSecret() for certificate " + certAlias + "."); break; case "certificate": @@ -536,7 +541,8 @@ private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfigura return FailJob(csrErrorMsg, config.JobHistoryId); case "pfx": case "pkcs12": - Logger.LogInformation("Secret type is 'pkcs12', calling HandlePKCS12Secret() for certificate " + certAlias + "..."); + Logger.LogInformation("Secret type is 'pkcs12', calling HandlePKCS12Secret() for certificate " + + certAlias + "..."); _ = HandlePkcs12Secret(config); Logger.LogInformation("Successfully called HandlePKCS12Secret() for certificate " + certAlias + "."); break; @@ -550,26 +556,34 @@ private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfigura var splitAlias = jobCertObj.Alias.Split("/"); if (splitAlias.Length < 2) { - var invalidAliasErrMsg = "Invalid alias format for K8SNS store type. Alias pattern: `/` where `secret_type` is one of 'opaque' or 'tls' and `secret_name` is the name of the secret."; + var invalidAliasErrMsg = + "Invalid alias format for K8SNS store type. Alias pattern: `/` where `secret_type` is one of 'opaque' or 'tls' and `secret_name` is the name of the secret."; Logger.LogError(invalidAliasErrMsg); Logger.LogInformation("End MANAGEMENT job " + config.JobId + " " + invalidAliasErrMsg + " Failed!"); return FailJob(invalidAliasErrMsg, config.JobHistoryId); } + KubeSecretType = splitAlias[^2]; KubeSecretName = splitAlias[^1]; - Logger.LogDebug("Handling managment add job for K8SNS secret type '" + KubeSecretType + "(" + jobCertObj.Alias + ")'..."); + Logger.LogDebug("Handling managment add job for K8SNS secret type '" + KubeSecretType + "(" + + jobCertObj.Alias + ")'..."); switch (KubeSecretType) { case "tls": - Logger.LogInformation("Secret type is 'tls_secret', calling HandleTlsSecret() for certificate " + certAlias + "..."); + Logger.LogInformation( + "Secret type is 'tls_secret', calling HandleTlsSecret() for certificate " + certAlias + + "..."); _ = HandleTlsSecret(certAlias, jobCertObj, certPassword, overwrite); - Logger.LogInformation("Successfully called HandleTlsSecret() for certificate " + certAlias + "."); + Logger.LogInformation( + "Successfully called HandleTlsSecret() for certificate " + certAlias + "."); break; case "opaque": - Logger.LogInformation("Secret type is 'secret', calling HandleOpaqueSecret() for certificate " + certAlias + "..."); - _ = HandleOpaqueSecret(certAlias, jobCertObj, certPassword, overwrite, false); - Logger.LogInformation("Successfully called HandleOpaqueSecret() for certificate " + certAlias + "."); + Logger.LogInformation("Secret type is 'secret', calling HandleOpaqueSecret() for certificate " + + certAlias + "..."); + _ = HandleOpaqueSecret(certAlias, jobCertObj, certPassword, overwrite); + Logger.LogInformation("Successfully called HandleOpaqueSecret() for certificate " + certAlias + + "."); break; default: { @@ -579,13 +593,14 @@ private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfigura return FailJob(nsErrMsg, config.JobHistoryId); } } + break; case "cluster": jobCertObj.Alias = config.JobCertificate.Alias; // Split alias by / and get second to last element KubeSecretType //pattern: namespace/secrets/secret_type/secert_name var clusterSplitAlias = jobCertObj.Alias.Split("/"); - + // Check splitAlias length if (clusterSplitAlias.Length < 3) { @@ -594,23 +609,29 @@ private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfigura Logger.LogInformation("End MANAGEMENT job " + config.JobId + " " + invalidAliasErrMsg + " Failed!"); return FailJob(invalidAliasErrMsg, config.JobHistoryId); } - + KubeSecretType = clusterSplitAlias[^2]; KubeSecretName = clusterSplitAlias[^1]; KubeNamespace = clusterSplitAlias[0]; - Logger.LogDebug("Handling managment add job for K8SNS secret type '" + KubeSecretType + "(" + jobCertObj.Alias + ")'..."); + Logger.LogDebug("Handling managment add job for K8SNS secret type '" + KubeSecretType + "(" + + jobCertObj.Alias + ")'..."); switch (KubeSecretType) { case "tls": - Logger.LogInformation("Secret type is 'tls_secret', calling HandleTlsSecret() for certificate " + certAlias + "..."); + Logger.LogInformation( + "Secret type is 'tls_secret', calling HandleTlsSecret() for certificate " + certAlias + + "..."); _ = HandleTlsSecret(certAlias, jobCertObj, certPassword, overwrite); - Logger.LogInformation("Successfully called HandleTlsSecret() for certificate " + certAlias + "."); + Logger.LogInformation( + "Successfully called HandleTlsSecret() for certificate " + certAlias + "."); break; case "opaque": - Logger.LogInformation("Secret type is 'secret', calling HandleOpaqueSecret() for certificate " + certAlias + "..."); - _ = HandleOpaqueSecret(certAlias, jobCertObj, certPassword, overwrite, false); - Logger.LogInformation("Successfully called HandleOpaqueSecret() for certificate " + certAlias + "."); + Logger.LogInformation("Secret type is 'secret', calling HandleOpaqueSecret() for certificate " + + certAlias + "..."); + _ = HandleOpaqueSecret(certAlias, jobCertObj, certPassword, overwrite); + Logger.LogInformation("Successfully called HandleOpaqueSecret() for certificate " + certAlias + + "."); break; default: { @@ -620,6 +641,7 @@ private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfigura return FailJob(nsErrMsg, config.JobHistoryId); } } + break; default: var errMsg = $"Unsupported secret type {secretType}."; @@ -627,6 +649,7 @@ private JobResult HandleCreateOrUpdate(string secretType, ManagementJobConfigura Logger.LogInformation("End MANAGEMENT job " + config.JobId + " " + errMsg + " Failed!"); return FailJob(errMsg, config.JobHistoryId); } + Logger.LogInformation("End MANAGEMENT job " + config.JobId + " Success!"); return SuccessJob(config.JobHistoryId); } @@ -666,10 +689,7 @@ private JobResult HandleRemove(string secretType, ManagementJobConfiguration con // Split alias by / and get second to last element KubeSecretType KubeSecretType = splitAlias[^2]; KubeSecretName = splitAlias[^1]; - if (string.IsNullOrEmpty(KubeNamespace)) - { - KubeNamespace = StorePath; - } + if (string.IsNullOrEmpty(KubeNamespace)) KubeNamespace = StorePath; } else if (Capability.Contains("K8SCluster")) { @@ -678,6 +698,7 @@ private JobResult HandleRemove(string secretType, ManagementJobConfiguration con KubeNamespace = splitAlias[0]; } } + Logger.LogInformation( $"Removing certificate '{certAlias}' from Kubernetes client '{kubeHost}' cert store {KubeSecretName} in namespace {KubeNamespace}..."); Logger.LogTrace("Calling DeleteCertificateStoreSecret() to remove certificate from Kubernetes..."); @@ -689,7 +710,8 @@ private JobResult HandleRemove(string secretType, ManagementJobConfiguration con KubeSecretType, jobCert.Alias ); - Logger.LogTrace($"REMOVE '{kubeHost}/{KubeNamespace}/{KubeSecretType}/{KubeSecretName}' response from Kubernetes:\n\t{response}"); + Logger.LogTrace( + $"REMOVE '{kubeHost}/{KubeNamespace}/{KubeSecretType}/{KubeSecretName}' response from Kubernetes:\n\t{response}"); } catch (HttpOperationException rErr) { @@ -706,7 +728,8 @@ private JobResult HandleRemove(string secretType, ManagementJobConfiguration con } catch (Exception e) { - Logger.LogError(e, $"Error removing certificate '{certAlias}' from Kubernetes client '{kubeHost}' cert store {KubeSecretName} in namespace {KubeNamespace}."); + Logger.LogError(e, + $"Error removing certificate '{certAlias}' from Kubernetes client '{kubeHost}' cert store {KubeSecretName} in namespace {KubeNamespace}."); Logger.LogInformation("End MANAGEMENT job " + config.JobId + " Failed!"); return FailJob(e.Message, config.JobHistoryId); } @@ -714,4 +737,4 @@ private JobResult HandleRemove(string secretType, ManagementJobConfiguration con Logger.LogInformation("End MANAGEMENT job " + config.JobId + " Success!"); return SuccessJob(config.JobHistoryId); } -} +} \ No newline at end of file diff --git a/kubernetes-orchestrator-extension/Jobs/PAMUtilities.cs b/kubernetes-orchestrator-extension/Jobs/PAMUtilities.cs index 2749e54..873d0c4 100644 --- a/kubernetes-orchestrator-extension/Jobs/PAMUtilities.cs +++ b/kubernetes-orchestrator-extension/Jobs/PAMUtilities.cs @@ -7,11 +7,10 @@ using Keyfactor.Orchestrators.Extensions.Interfaces; using Microsoft.Extensions.Logging; -using Unity.Injection; namespace Keyfactor.Extensions.Orchestrator.K8S.Jobs; -class PAMUtilities +internal class PAMUtilities { internal static string ResolvePAMField(IPAMSecretResolver resolver, ILogger logger, string name, string key) { @@ -21,19 +20,16 @@ internal static string ResolvePAMField(IPAMSecretResolver resolver, ILogger logg logger.LogWarning("PAM field is empty, skipping PAM resolution"); return key; } - + // test if field is JSON string if (key.StartsWith("{") && key.EndsWith("}")) { - var resolved = resolver.Resolve(key); - if (string.IsNullOrEmpty(resolved)) - { - logger.LogWarning("Failed to resolve PAM field {Name}", name); - } + var resolved = resolver.Resolve(key); + if (string.IsNullOrEmpty(resolved)) logger.LogWarning("Failed to resolve PAM field {Name}", name); return resolved; } - + logger.LogDebug("Field '{Name}' is not a JSON string, skipping PAM resolution", name); return key; } -} +} \ No newline at end of file From f422ee82f8b630179e3a12e165e8635f2394a503 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:43:03 -0700 Subject: [PATCH 08/11] chore(client): Add verbose logging, formatting + cleanup --- .../Clients/KubeClient.cs | 177 +++++++++++++----- 1 file changed, 132 insertions(+), 45 deletions(-) diff --git a/kubernetes-orchestrator-extension/Clients/KubeClient.cs b/kubernetes-orchestrator-extension/Clients/KubeClient.cs index 5ccd293..612a245 100644 --- a/kubernetes-orchestrator-extension/Clients/KubeClient.cs +++ b/kubernetes-orchestrator-extension/Clients/KubeClient.cs @@ -7,7 +7,6 @@ using System; using System.Collections.Generic; -using System.Configuration; using System.IO; using System.Linq; using System.Net; @@ -269,7 +268,7 @@ private IKubernetes GetKubeClient(string kubeconfig) } else if (string.IsNullOrEmpty( - credentialFileName)) // If no config defined in store parameters, use default config. This should never happen though. + credentialFileName)) // If no config defined in store parameters, use default config. This should never happen though. { _logger.LogWarning( "No config defined in store parameters, using default config. This should never happen!"); @@ -569,37 +568,117 @@ public V1Secret UpdatePKCS12SecretStore(K8SJobCertificate jobCertificate, string if (certdataFieldNames != null && !certdataFieldNames.Contains(searchFieldName)) continue; certdataFieldName = fieldName; - _logger.LogTrace($"Adding cert '{fieldName}' to existingPkcs12"); + _logger.LogTrace("Adding cert '{FieldName}' to existingPkcs12", fieldName); if (jobCertificate.PasswordIsK8SSecret) { + _logger.LogDebug("Job certificate password is a K8S secret"); if (!string.IsNullOrEmpty(jobCertificate.StorePasswordPath)) { + _logger.LogDebug("Job certificate store password path is {StorePasswordPath}", + jobCertificate.StorePasswordPath); + + _logger.LogDebug("Splitting store password path into namespace and secret name"); var passwordPath = jobCertificate.StorePasswordPath.Split("/"); - var passwordNamespace = passwordPath[0]; - var passwordSecretName = passwordPath[1]; - // Get password from k8s secre + + string passwordNamespace; + string passwordSecretName; + + if (passwordPath.Length == 1) + { + _logger.LogDebug("Password path length is 1, using KubeNamespace"); + passwordNamespace = namespaceName; + _logger.LogTrace("Password namespace: {Namespace}", passwordNamespace); + passwordSecretName = passwordPath[0]; + } + else + { + _logger.LogDebug( + "Password path length is not 1, using passwordPath[0] and passwordPath[^1]"); + passwordNamespace = passwordPath[0]; + _logger.LogTrace("Password namespace: {Namespace}", passwordNamespace); + passwordSecretName = passwordPath[^1]; + } + + _logger.LogDebug("Password namespace: {PasswordNamespace}", passwordNamespace); + _logger.LogDebug("Password secret name: {PasswordSecretName}", passwordSecretName); + var k8sPasswordObj = ReadBuddyPass(passwordSecretName, passwordNamespace); - storePasswordBytes = k8sPasswordObj.Data[passwordFieldName]; + _logger.LogDebug( + "Successfully read password secret {PasswordSecretName} in namespace {PasswordNamespace}", + passwordSecretName, passwordNamespace); + + if (k8sPasswordObj?.Data == null) + { + _logger.LogError("Unable to read K8S buddy secret {SecretName} in namespace {Namespace}", + passwordSecretName, passwordNamespace); + throw new InvalidK8SSecretException( + $"Unable to read K8S buddy secret {passwordSecretName} in namespace {passwordNamespace}"); + } + + _logger.LogTrace("Secret response fields: {Keys}", k8sPasswordObj.Data.Keys); + + if (!k8sPasswordObj.Data.TryGetValue(passwordFieldName, out storePasswordBytes) || + storePasswordBytes == null) + { + _logger.LogError("Unable to find password field {FieldName}", passwordFieldName); + throw new InvalidK8SSecretException( + $"Unable to find password field '{passwordFieldName}' in secret '{passwordSecretName}' in namespace '{passwordNamespace}'" + ); + } + + // storePasswordBytes = k8sPasswordObj.Data[passwordFieldName]; + if (storePasswordBytes == null || storePasswordBytes.Length == 0) + { + _logger.LogError( + "Password field {FieldName} in secret {SecretName} in namespace {Namespace} is empty", + passwordFieldName, passwordSecretName, passwordNamespace); + throw new InvalidK8SSecretException( + $"Password field '{passwordFieldName}' in secret '{passwordSecretName}' in namespace '{passwordNamespace}' is empty" + ); + } + var storePasswdString = Encoding.UTF8.GetString(storePasswordBytes); + _logger.LogTrace("Importing existing PKCS12 data with store password: {StorePassword}", + storePasswdString); //TODO: INSECURE COMMENT OUT existingPkcs12.Import(existingPkcs12DataObj.Data[fieldName], storePasswdString, X509KeyStorageFlags.Exportable); } else { + _logger.LogDebug("Job certificate store password path is empty, using existing secret data"); storePasswordBytes = existingPkcs12DataObj.Data[passwordFieldName]; + if (storePasswordBytes == null || storePasswordBytes.Length == 0) + { + _logger.LogError( + "Password field {FieldName} in secret {SecretName} in namespace {Namespace} is empty", + passwordFieldName, secretName, namespaceName); + throw new InvalidK8SSecretException( + $"Password field '{passwordFieldName}' in secret '{secretName}' in namespace '{namespaceName}' is empty" + ); + } + + _logger.LogTrace("Importing existing PKCS12 data with store password: {StorePassword}", + Encoding.UTF8.GetString(storePasswordBytes)); //TODO: INSECURE COMMENT OUT existingPkcs12.Import(existingPkcs12DataObj.Data[fieldName], Encoding.UTF8.GetString(storePasswordBytes), X509KeyStorageFlags.Exportable); } } else if (!string.IsNullOrEmpty(jobCertificate.StorePassword)) { + _logger.LogDebug( + "Job certificate store password is not empty, using job certificate store password"); storePasswordBytes = Encoding.UTF8.GetBytes(jobCertificate.StorePassword); + // _logger.LogTrace("Importing existing PKCS12 data with store password: {StorePassword}", + // Encoding.UTF8.GetString(storePasswordBytes)); //TODO: INSECURE COMMENT OUT existingPkcs12.Import(existingPkcs12DataObj.Data[fieldName], Encoding.UTF8.GetString(storePasswordBytes), X509KeyStorageFlags.Exportable); } else { + _logger.LogDebug("Job certificate store password is empty, using provided store password"); storePasswordBytes = Encoding.UTF8.GetBytes(storePasswd); + _logger.LogTrace("Importing existing PKCS12 data with store password: {StorePassword}", + Encoding.UTF8.GetString(storePasswordBytes)); //TODO: INSECURE COMMENT OUT existingPkcs12.Import(existingPkcs12DataObj.Data[fieldName], Encoding.UTF8.GetString(storePasswordBytes), X509KeyStorageFlags.Exportable); } @@ -646,7 +725,10 @@ public V1Secret UpdatePKCS12SecretStore(K8SJobCertificate jobCertificate, string // Certificate not found // add the new certificate to the existingPkcs12 var storePasswordString = Encoding.UTF8.GetString(storePasswordBytes); - _logger.LogTrace("Certificate not found, adding the new certificate to the existingPkcs12"); + _logger.LogDebug("Certificate not found, adding the new certificate to the existingPkcs12"); + // _logger.LogTrace( + // "Importing jobCertificate.CertBytes into existingPkcs12 with store password: {StorePassword}", + // storePasswd); //TODO: INSECURE COMMENT OUT existingPkcs12.Import(jobCertificate.Pkcs12, storePasswd, X509KeyStorageFlags.Exportable); } } @@ -657,15 +739,21 @@ public V1Secret UpdatePKCS12SecretStore(K8SJobCertificate jobCertificate, string } else { + _logger.LogDebug("No existing PKCS12 data found, creating new PKCS12 collection"); + // _logger.LogTrace( + // "Importing jobCertificate.CertBytes into newPkcs12Collection with store password: {StorePassword}", + // storePasswd); //TODO: INSECURE COMMENT OUT newPkcs12Collection.Import(jobCertificate.CertBytes, storePasswd, X509KeyStorageFlags.Exportable); k8sCollection = newPkcs12Collection; } } - _logger.LogTrace("Creating V1Secret object"); - - var p12bytes = k8sCollection.Export(X509ContentType.Pkcs12, Encoding.UTF8.GetString(storePasswordBytes)); + // _logger.LogDebug("Exporting PKCS12 data to byte array using store password: {StorePassword}", + // Encoding.UTF8.GetString(storePasswordBytes)); //TODO: INSECURE COMMENT OUT + var p12Bytes = k8sCollection.Export(X509ContentType.Pkcs12, Encoding.UTF8.GetString(storePasswordBytes)); + _logger.LogDebug("Creating V1Secret object for PKCS12 data with name {SecretName} in namespace {NamespaceName}", + secretName, namespaceName); var secret = new V1Secret { ApiVersion = "v1", @@ -678,20 +766,20 @@ public V1Secret UpdatePKCS12SecretStore(K8SJobCertificate jobCertificate, string Type = "Opaque", Data = new Dictionary { - { certdataFieldName, p12bytes } + { certdataFieldName, p12Bytes } } }; if (existingPkcs12DataObj?.Data != null) { secret.Data = existingPkcs12DataObj.Data; - secret.Data[certdataFieldName] = p12bytes; + secret.Data[certdataFieldName] = p12Bytes; } // Convert p12bytes to pkcs12store var pkcs12StoreBuilder = new Pkcs12StoreBuilder(); var pkcs12Store = pkcs12StoreBuilder.Build(); - pkcs12Store.Load(new MemoryStream(p12bytes), storePasswd.ToCharArray()); + pkcs12Store.Load(new MemoryStream(p12Bytes), storePasswd.ToCharArray()); switch (string.IsNullOrEmpty(storePasswd)) @@ -1123,14 +1211,19 @@ private V1Secret CreateOrUpdatePKCS12Secret(string secretName, string namespaceN public V1Secret ReadBuddyPass(string secretName, string passwordSecretPath) { + _logger.MethodEntry(); // Lookup password secret path on cluster to see if it exists _logger.LogDebug("Attempting to lookup password secret path on cluster..."); var splitPasswordPath = passwordSecretPath.Split("/"); - // Assume secret pattern is namespace/secretName - var passwordSecretName = splitPasswordPath[splitPasswordPath.Length - 1]; + _logger.LogDebug("Split password secret path: {SplitPasswordPath}", splitPasswordPath.ToString()); + var passwordSecretName = splitPasswordPath[^1]; var passwordSecretNamespace = splitPasswordPath[0]; - _logger.LogDebug($"Attempting to lookup secret {passwordSecretName} in namespace {passwordSecretNamespace}"); + _logger.LogDebug("Attempting to lookup secret {PasswordSecretName} in namespace {PasswordSecretNamespace}", + passwordSecretName, passwordSecretNamespace); var passwordSecretResponse = Client.CoreV1.ReadNamespacedSecret(secretName, passwordSecretNamespace); + _logger.LogDebug("Successfully found secret {PasswordSecretName} in namespace {PasswordSecretNamespace}", + passwordSecretName, passwordSecretNamespace); + _logger.MethodExit(); return passwordSecretResponse; } @@ -1835,7 +1928,6 @@ private IEnumerable FetchNamespaces(string clusterName) private IEnumerable FilterNamespaces(IEnumerable namespaces, string[] nsList) { foreach (var nsObj in namespaces) - { if (nsList.Contains("all") || nsList.Contains(nsObj.Metadata.Name)) { _logger.LogDebug("Processing namespace: {Namespace}", nsObj.Metadata.Name); @@ -1845,7 +1937,6 @@ private IEnumerable FilterNamespaces(IEnumerable names { _logger.LogDebug("Skipping namespace '{Namespace}' as it does not match filter", nsObj.Metadata.Name); } - } } private void AddNamespaceLocation(List locations, string clusterName, string namespaceName) @@ -1864,9 +1955,7 @@ private void DiscoverSecretsInNamespace( Client.CoreV1.ListNamespacedSecret(namespaceName).Items); foreach (var secret in secrets) - { ProcessSecretIfSupported(secret, secType, allowedKeys, clusterName, namespaceName, locations); - } } private void ProcessSecretIfSupported( @@ -1894,7 +1983,6 @@ private T RetryPolicy(Func action) const double maxDelaySeconds = 30.0; for (var attempt = 1; attempt <= maxRetries; attempt++) - { try { return action(); @@ -1914,7 +2002,6 @@ private T RetryPolicy(Func action) attempt, maxRetries, ex.Message, delay.TotalSeconds); Thread.Sleep(delay); } - } throw new InvalidOperationException("Unexpected error in retry logic."); // This will never be reached } @@ -2008,28 +2095,6 @@ private void ParseOpaqueSecret(V1Secret secretData, string[] allowedKeys) } } - public struct JksSecret - { - public string SecretPath; - public string SecretFieldName; - public V1Secret Secret; - public string Password; - public string PasswordPath; - public List AllowedKeys; - public Dictionary Inventory; - } - - public struct Pkcs12Secret - { - public string SecretPath; - public string SecretFieldName; - public V1Secret Secret; - public string Password; - public string PasswordPath; - public List AllowedKeys; - public Dictionary Inventory; - } - public JksSecret GetJksSecret(string secretName, string namespaceName, string password = null, string passwordPath = null, List allowedKeys = null) { @@ -2344,6 +2409,28 @@ public V1Secret CreateOrUpdatePkcs12Secret(Pkcs12Secret k8SData, string kubeSecr return Client.CoreV1.ReplaceNamespacedSecret(s1, kubeSecretName, kubeNamespace); } + public struct JksSecret + { + public string SecretPath; + public string SecretFieldName; + public V1Secret Secret; + public string Password; + public string PasswordPath; + public List AllowedKeys; + public Dictionary Inventory; + } + + public struct Pkcs12Secret + { + public string SecretPath; + public string SecretFieldName; + public V1Secret Secret; + public string Password; + public string PasswordPath; + public List AllowedKeys; + public Dictionary Inventory; + } + public struct CsrObject { public string Csr; From c07f6e0acd77a980ada462c624f80af8c572c839 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:47:25 -0700 Subject: [PATCH 09/11] fix(base): On store-types that support use `buddypass` throw `InvalidK8SSecretException` if response is null or password field value is null or empty --- .../Jobs/JobBase.cs | 170 +++++++++++------- 1 file changed, 110 insertions(+), 60 deletions(-) diff --git a/kubernetes-orchestrator-extension/Jobs/JobBase.cs b/kubernetes-orchestrator-extension/Jobs/JobBase.cs index e3c9d62..8a15101 100644 --- a/kubernetes-orchestrator-extension/Jobs/JobBase.cs +++ b/kubernetes-orchestrator-extension/Jobs/JobBase.cs @@ -7,7 +7,6 @@ using System; using System.Collections.Generic; -using System.ComponentModel; using System.IO; using System.Linq; using System.Security.Cryptography; @@ -102,30 +101,22 @@ public class K8SJobCertificate public abstract class JobBase { - protected static readonly string[] SupportedKubeStoreTypes; - - private static readonly string[] RequiredProperties; private const string DefaultPFXSecretFieldName = "pfx"; private const string DefaultJKSSecretFieldName = "jks"; private const string DefaultPFXPasswordSecretFieldName = "password"; + protected const string CertChainSeparator = ","; + protected static readonly string[] SupportedKubeStoreTypes; + + private static readonly string[] RequiredProperties; + protected static readonly string[] TLSAllowedKeys; protected static readonly string[] OpaqueAllowedKeys; protected static readonly string[] CertAllowedKeys; protected static readonly string[] Pkcs12AllowedKeys; protected static readonly string[] JksAllowedKeys; - - protected internal bool SeparateChain { get; set; } = - false; //Don't arbitrarily change this to true without specifying BREAKING CHANGE in the release notes. - - protected internal bool IncludeCertChain { get; set; } = - true; //Don't arbitrarily change this to false without specifying BREAKING CHANGE in the release notes. - - protected internal string OperationType { get; set; } - protected internal bool SkipTlsValidation { get; set; } = false; - - protected const string CertChainSeparator = ","; + protected IPAMSecretResolver _resolver; protected KubeCertificateManagerClient KubeClient; @@ -143,12 +134,20 @@ static JobBase() JksAllowedKeys = new[] { "jks" }; } + + protected internal bool SeparateChain { get; set; } = + false; //Don't arbitrarily change this to true without specifying BREAKING CHANGE in the release notes. + + protected internal bool IncludeCertChain { get; set; } = + true; //Don't arbitrarily change this to false without specifying BREAKING CHANGE in the release notes. + + protected internal string OperationType { get; set; } + protected internal bool SkipTlsValidation { get; set; } + public K8SJobCertificate K8SCertificate { get; set; } protected internal string Capability { get; set; } - protected IPAMSecretResolver _resolver; - public string StorePath { get; set; } protected internal string KubeNamespace { get; set; } @@ -189,6 +188,10 @@ static JobBase() public string KubeCluster { get; set; } + public bool PasswordIsK8SSecret { get; set; } + + public object KubeSecretPassword { get; set; } + protected void InitializeStore(InventoryJobConfiguration config) { Logger ??= LogHandler.GetClassLogger(GetType()); @@ -202,13 +205,17 @@ protected void InitializeStore(InventoryJobConfiguration config) // Logger.LogTrace("Properties: {Properties}", props); // Commented out to avoid logging sensitive information ServerUsername = config.ServerUsername; + Logger.LogTrace("ServerUsername: {ServerUsername}", ServerUsername); + ServerPassword = config.ServerPassword; + if (!string.IsNullOrEmpty(ServerPassword)) Logger.LogTrace("ServerPassword: {ServerPassword}", ""); + StorePassword = config.CertificateStoreDetails?.StorePassword; + if (!string.IsNullOrEmpty(StorePassword)) Logger.LogTrace("StorePassword: {StorePassword}", ""); + StorePath = config.CertificateStoreDetails?.StorePath; - // StorePath = GetStorePath(); - Logger.LogTrace("ServerUsername: {ServerUsername}", ServerUsername); - // Logger.LogTrace($"ServerPassword: {ServerPassword}"); // Commented out to avoid logging sensitive information Logger.LogTrace("StorePath: {StorePath}", StorePath); + Logger.LogDebug("Calling InitializeProperties()"); InitializeProperties(props); Logger.LogDebug("Returned from InitializeStore()"); @@ -362,6 +369,14 @@ protected K8SJobCertificate InitJobCertificate(dynamic config) { pKeyPassword = ""; Logger.LogDebug("Certificate {CertThumbprint} does have a password", jobCertObject.CertThumbprint); + + if (config.JobCertificate == null || + string.IsNullOrEmpty(config.JobCertificate.Contents)) + { + Logger.LogError("Job certificate contents are null or empty, cannot initialize job certificate"); + return jobCertObject; + } + Logger.LogTrace("Calling Convert.FromBase64String()"); byte[] certBytes = Convert.FromBase64String(config.JobCertificate.Contents); Logger.LogTrace("Returned from Convert.FromBase64String()"); @@ -494,7 +509,7 @@ protected string ResolveStorePath(string spath) { Logger.LogInformation( "`StorePath`: `{StorePath}` is 1 part, assuming that it is the k8s secret name and setting 'KubeSecretName' to `{StorePath}`", - sPathParts[0],sPathParts[0]); + sPathParts[0], sPathParts[0]); KubeSecretName = sPathParts[0]; } else @@ -662,10 +677,14 @@ protected string ResolveStorePath(string spath) private void InitializeProperties(dynamic storeProperties) { - Logger.LogTrace("Entered InitializeProperties()"); + Logger.MethodEntry(); if (storeProperties == null) + { + Logger.MethodExit(); throw new ConfigurationException( $"Invalid configuration. Please provide {RequiredProperties}. Or review the documentation at https://github.com/Keyfactor/kubernetes-orchestrator#custom-fields-tab"); + } + // check if key is present and set values if not try @@ -731,7 +750,7 @@ private void InitializeProperties(dynamic storeProperties) //check if storeProperties contains ServerUsername key Logger.LogInformation("Attempting to resolve 'ServerUsername' from store properties or PAM provider"); var pamServerUsername = - (string)PAMUtilities.ResolvePAMField(_resolver, Logger, "ServerUsername", ServerUsername); + PAMUtilities.ResolvePAMField(_resolver, Logger, "ServerUsername", ServerUsername); if (!string.IsNullOrEmpty(pamServerUsername)) { Logger.LogInformation( @@ -744,7 +763,7 @@ private void InitializeProperties(dynamic storeProperties) Logger.LogInformation( "ServerUsername not resolved from PAM provider, attempting to resolve 'Server Username' from store properties"); pamServerUsername = - (string)PAMUtilities.ResolvePAMField(_resolver, Logger, "Server Username", ServerUsername); + PAMUtilities.ResolvePAMField(_resolver, Logger, "Server Username", ServerUsername); if (!string.IsNullOrEmpty(pamServerUsername)) { Logger.LogInformation( @@ -765,7 +784,7 @@ private void InitializeProperties(dynamic storeProperties) { Logger.LogInformation("Attempting to resolve 'ServerPassword' from store properties or PAM provider"); var pamServerPassword = - (string)PAMUtilities.ResolvePAMField(_resolver, Logger, "ServerPassword", ServerPassword); + PAMUtilities.ResolvePAMField(_resolver, Logger, "ServerPassword", ServerPassword); if (!string.IsNullOrEmpty(pamServerPassword)) { Logger.LogInformation( @@ -778,7 +797,7 @@ private void InitializeProperties(dynamic storeProperties) Logger.LogInformation( "ServerPassword not resolved from PAM provider, attempting to resolve 'Server Password' from store properties"); pamServerPassword = - (string)PAMUtilities.ResolvePAMField(_resolver, Logger, "Server Password", ServerPassword); + PAMUtilities.ResolvePAMField(_resolver, Logger, "Server Password", ServerPassword); if (!string.IsNullOrEmpty(pamServerPassword)) { Logger.LogInformation( @@ -803,7 +822,7 @@ private void InitializeProperties(dynamic storeProperties) { Logger.LogInformation("Attempting to resolve 'StorePassword' from store properties or PAM provider"); var pamStorePassword = - (string)PAMUtilities.ResolvePAMField(_resolver, Logger, "StorePassword", StorePassword); + PAMUtilities.ResolvePAMField(_resolver, Logger, "StorePassword", StorePassword); if (!string.IsNullOrEmpty(pamStorePassword)) { Logger.LogInformation( @@ -815,7 +834,7 @@ private void InitializeProperties(dynamic storeProperties) Logger.LogInformation( "StorePassword not resolved from PAM provider, attempting to resolve 'Store Password' from store properties"); pamStorePassword = - (string)PAMUtilities.ResolvePAMField(_resolver, Logger, "Store Password", StorePassword); + PAMUtilities.ResolvePAMField(_resolver, Logger, "Store Password", StorePassword); if (!string.IsNullOrEmpty(pamStorePassword)) { Logger.LogInformation( @@ -826,9 +845,13 @@ private void InitializeProperties(dynamic storeProperties) } catch (Exception e) { - Logger.LogError( - "Unable to resolve 'StorePassword' from store properties or PAM provider, defaulting to empty string"); - StorePassword = ""; + if (string.IsNullOrEmpty(StorePassword)) + { + Logger.LogError( + "Unable to resolve 'StorePassword' from store properties or PAM provider, defaulting to empty string"); + StorePassword = ""; + } + Logger.LogError("{Message}", e.Message); Logger.LogTrace("{Message}", e.ToString()); Logger.LogTrace("{Trace}", e.StackTrace); @@ -879,24 +902,43 @@ private void InitializeProperties(dynamic storeProperties) case "jks": Logger.LogInformation( "Kubernetes certificate store type is 'jks'. Setting default values for 'PasswordFieldName' and 'CertificateDataFieldName'"); + Logger.LogDebug("Parsing 'PasswordFieldName' from store properties"); PasswordFieldName = storeProperties.ContainsKey("PasswordFieldName") ? storeProperties["PasswordFieldName"] : DefaultPFXPasswordSecretFieldName; + Logger.LogTrace("PasswordFieldName: {PasswordFieldName}", PasswordFieldName); + + Logger.LogDebug("Parsing 'PasswordIsSeparateSecret' from store properties"); PasswordIsSeparateSecret = storeProperties.ContainsKey("PasswordIsSeparateSecret") ? bool.Parse(storeProperties["PasswordIsSeparateSecret"]) : false; + Logger.LogTrace("PasswordIsSeparateSecret: {PasswordIsSeparateSecret}", PasswordIsSeparateSecret); + + Logger.LogDebug("Parsing 'StorePasswordPath' from store properties"); StorePasswordPath = storeProperties.ContainsKey("StorePasswordPath") ? storeProperties["StorePasswordPath"] : ""; - PasswordIsK8SSecret = storeProperties.ContainsKey("PasswordIsK8SSecret") - ? storeProperties["PasswordIsK8SSecret"] + Logger.LogTrace("StorePasswordPath: {StorePasswordPath}", StorePasswordPath); // TODO: Remove this it's insecure + + Logger.LogDebug("Parsing 'PasswordIsK8SSecret' from store properties"); + PasswordIsK8SSecret = storeProperties.ContainsKey("PasswordIsK8SSecret") && + !string.IsNullOrEmpty(storeProperties["PasswordIsK8SSecret"]?.ToString()) + ? bool.Parse(storeProperties["PasswordIsK8SSecret"].ToString()) : false; + Logger.LogTrace("PasswordIsK8SSecret: {PasswordIsK8SSecret}", PasswordIsK8SSecret); + + Logger.LogDebug("Parsing 'KubeSecretPassword' from store properties"); KubeSecretPassword = storeProperties.ContainsKey("KubeSecretPassword") ? storeProperties["KubeSecretPassword"] : ""; + Logger.LogTrace("KubeSecretPassword: {KubeSecretPassword}", KubeSecretPassword); + + Logger.LogDebug("Parsing 'CertificateDataFieldName' from store properties"); CertificateDataFieldName = storeProperties.ContainsKey("CertificateDataFieldName") ? storeProperties["CertificateDataFieldName"] : DefaultJKSSecretFieldName; + Logger.LogTrace("CertificateDataFieldName: {CertificateDataFieldName}", CertificateDataFieldName); + break; } @@ -939,12 +981,9 @@ private void InitializeProperties(dynamic storeProperties) Logger.LogWarning("KubeSecretName is empty, setting 'KubeSecretName' to StorePath"); KubeSecretName = StorePath; Logger.LogTrace("KubeSecretName: {KubeSecretName}", KubeSecretName); + Logger.MethodExit(); } - public bool PasswordIsK8SSecret { get; set; } = false; - - public object KubeSecretPassword { get; set; } - public string GetStorePath() { Logger.LogTrace("Entered GetStorePath()"); @@ -1192,7 +1231,7 @@ protected string ParseJobPrivateKey(ManagementJobConfiguration config) protected string getK8SStorePassword(V1Secret certData) { - Logger.LogDebug("Entered getK8SStorePassword()"); + Logger.MethodEntry(); Logger.LogDebug("Attempting to get store password from K8S secret"); var storePasswordBytes = Array.Empty(); @@ -1200,21 +1239,22 @@ protected string getK8SStorePassword(V1Secret certData) if (!string.IsNullOrEmpty(StorePassword)) { Logger.LogDebug("Using provided 'StorePassword'"); - // var passwordHash = GetSHA256Hash(StorePassword); - // Logger.LogTrace("Password hash: " + passwordHash); storePasswordBytes = Encoding.UTF8.GetBytes(StorePassword); } else if (!string.IsNullOrEmpty(StorePasswordPath)) { // Split password path into namespace and secret name Logger.LogDebug( - "Store password is null or empty and StorePasswordPath is set, attempting to read password from K8S buddy secret"); + "StorePassword is null or empty and StorePasswordPath is set, attempting to read password from K8S buddy secret at {StorePasswordPath}", + StorePasswordPath); Logger.LogTrace("Password path: {Path}", StorePasswordPath); Logger.LogTrace("Splitting password path by /"); var passwordPath = StorePasswordPath.Split("/"); Logger.LogDebug("Password path length: {Len}", passwordPath.Length.ToString()); - var passwordNamespace = ""; - var passwordSecretName = ""; + + string passwordNamespace; + string passwordSecretName; + if (passwordPath.Length == 1) { Logger.LogDebug("Password path length is 1, using KubeNamespace"); @@ -1237,24 +1277,33 @@ protected string getK8SStorePassword(V1Secret certData) Logger.LogDebug("Attempting to read K8S buddy secret"); var k8sPasswordObj = KubeClient.ReadBuddyPass(passwordSecretName, passwordNamespace); - storePasswordBytes = k8sPasswordObj.Data[PasswordFieldName]; - // var passwordHash = GetSHA256Hash(Encoding.UTF8.GetString(storePasswordBytes)); - // Logger.LogTrace("Password hash: {Pwd}", passwordHash); - if (storePasswordBytes == null) + if (k8sPasswordObj?.Data == null) { - Logger.LogError("Password not found in K8S buddy secret"); + Logger.LogError("Unable to read K8S buddy secret {SecretName} in namespace {Namespace}", + passwordSecretName, passwordNamespace); throw new InvalidK8SSecretException( - "Password not found in K8S buddy secret"); // todo: should this be thrown? + $"Unable to read K8S buddy secret {passwordSecretName} in namespace {passwordNamespace}"); } - Logger.LogDebug("K8S buddy secret read successfully"); + Logger.LogTrace("Secret response fields: {Keys}", k8sPasswordObj.Data.Keys); + + if (!k8sPasswordObj.Data.TryGetValue(PasswordFieldName, out storePasswordBytes) || + storePasswordBytes == null) + { + Logger.LogError("Unable to find password field {FieldName}", PasswordFieldName); + throw new InvalidK8SSecretException( + $"Unable to find password field '{PasswordFieldName}' in secret '{passwordSecretName}' in namespace '{passwordNamespace}'" + ); + } + + Logger.LogDebug( + "Successfully read password from K8S buddy secret '{SecretName}' in namespace '{Namespace}'", + passwordSecretName, passwordNamespace); } else if (certData != null && certData.Data.TryGetValue(PasswordFieldName, out var value1)) { Logger.LogDebug("Attempting to read password from PasswordFieldName"); storePasswordBytes = value1; - // var passwordHash = GetSHA256Hash(Encoding.UTF8.GetString(storePasswordBytes)); - // Logger.LogTrace("Password hash: {Pwd}", passwordHash); if (storePasswordBytes == null) { Logger.LogError("Password not found in K8S secret"); @@ -1265,8 +1314,7 @@ protected string getK8SStorePassword(V1Secret certData) } else { - Logger.LogDebug("No password found"); - var passwdEx = ""; + string passwdEx; if (!string.IsNullOrEmpty(StorePasswordPath)) passwdEx = "Store secret '" + StorePasswordPath + "'did not contain key '" + CertificateDataFieldName + "' or '" + PasswordFieldName + "'" + @@ -1280,10 +1328,12 @@ protected string getK8SStorePassword(V1Secret certData) //convert password to string var storePassword = Encoding.UTF8.GetString(storePasswordBytes); - // Logger.LogTrace("Store password: {Pwd}", storePassword); - // var passwordHash2 = GetSHA256Hash(storePassword); - // Logger.LogTrace("Password hash: {Pwd}", passwordHash2); - Logger.LogDebug("Returning store password"); + Logger.LogTrace("K8S Store Password show new lines: {StorePassword}", storePassword.Replace("\n","\\n")); + // remove any trailing new line characters from the string + storePassword = storePassword.TrimEnd('\r','\n'); + Logger.LogTrace("Store password bytes converted to string: {StorePassword}", + storePassword); //TODO: INSECURE COMMENT OUT + Logger.MethodExit(); return storePassword; } @@ -1304,7 +1354,7 @@ protected Pkcs12Store LoadPkcs12Store(byte[] pkcs12Data, string password) protected string GetCertificatePem(Pkcs12Store store, string password, string alias = "") { Logger.LogDebug("Entered GetCertificatePem()"); - if (string.IsNullOrEmpty(alias)) alias = store.Aliases.Cast().FirstOrDefault(store.IsKeyEntry); + if (string.IsNullOrEmpty(alias)) alias = store.Aliases.FirstOrDefault(store.IsKeyEntry); Logger.LogDebug("Attempting to get certificate with alias {Alias}", alias); var cert = store.GetCertificate(alias).Certificate; @@ -1352,7 +1402,7 @@ protected List getCertChain(Pkcs12Store store, string password, string a if (string.IsNullOrEmpty(alias)) { Logger.LogDebug("Alias is empty, attempting to get key entry alias"); - alias = store.Aliases.Cast().FirstOrDefault(store.IsKeyEntry); + alias = store.Aliases.FirstOrDefault(store.IsKeyEntry); } var chain = new List(); From 7c067e045879bf852727abc2b59c8c2cb27e70bd Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:47:40 -0700 Subject: [PATCH 10/11] chore(tests): cleanup + formatting --- TestConsole/Program.cs | 1095 ++++++++++++++++---------------- TestConsole/TestConsole.csproj | 4 +- 2 files changed, 557 insertions(+), 542 deletions(-) diff --git a/TestConsole/Program.cs b/TestConsole/Program.cs index 90f794f..a3bfed6 100644 --- a/TestConsole/Program.cs +++ b/TestConsole/Program.cs @@ -17,7 +17,6 @@ using System.IO; using System.Text; using System.Threading.Tasks; -using IdentityModel.Client; using Keyfactor.Extensions.Orchestrator.K8S.Jobs; using Keyfactor.Orchestrators.Common.Enums; using Keyfactor.Orchestrators.Extensions; @@ -25,678 +24,694 @@ using Moq; using Newtonsoft.Json; -namespace TestConsole +namespace TestConsole; + +public class OrchTestCase { - public class OrchTestCase - { - public string TestName { get; set; } + public string TestName { get; set; } - public string Description { get; set; } + public string Description { get; set; } - public bool Fail { get; set; } + public bool Fail { get; set; } - public string ExpectedValue { get; set; } + public string ExpectedValue { get; set; } - public JobConfig JobConfig { get; set; } - } - - public class CertificateStoreDetails - { - public string ClientMachine { get; set; } + public JobConfig JobConfig { get; set; } +} - public string StorePath { get; set; } +public class CertificateStoreDetails +{ + public string ClientMachine { get; set; } - public string StorePassword { get; set; } + public string StorePath { get; set; } - public string Properties { get; set; } + public string StorePassword { get; set; } - public int Type { get; set; } - } + public string Properties { get; set; } - public class JobCertificate - { - public object Thumbprint { get; set; } + public int Type { get; set; } +} - public string Contents { get; set; } +public class JobCertificate +{ + public object Thumbprint { get; set; } - public string Alias { get; set; } + public string Contents { get; set; } - public string PrivateKeyPassword { get; set; } - } + public string Alias { get; set; } - public class JobConfig - { + public string PrivateKeyPassword { get; set; } +} - public List LastInventory { get; set; } +public class JobConfig +{ + public List LastInventory { get; set; } - public CertificateStoreDetails CertificateStoreDetails { get; set; } + public CertificateStoreDetails CertificateStoreDetails { get; set; } - public bool JobCancelled { get; set; } + public bool JobCancelled { get; set; } - public object ServerError { get; set; } + public object ServerError { get; set; } - public int JobHistoryId { get; set; } + public int JobHistoryId { get; set; } - public int RequestStatus { get; set; } + public int RequestStatus { get; set; } - public string ServerUsername { get; set; } + public string ServerUsername { get; set; } - public string ServerPassword { get; set; } + public string ServerPassword { get; set; } - public bool UseSSL { get; set; } + public bool UseSSL { get; set; } - public object JobProperties { get; set; } + public object JobProperties { get; set; } - public string JobTypeId { get; set; } + public string JobTypeId { get; set; } - public string JobId { get; set; } + public string JobId { get; set; } - public string Capability { get; set; } + public string Capability { get; set; } - public int OperationType { get; set; } + public int OperationType { get; set; } - public bool Overwrite { get; set; } + public bool Overwrite { get; set; } - public JobCertificate JobCertificate { get; set; } - } + public JobCertificate JobCertificate { get; set; } +} - public class JobProperties - { - [JsonProperty("Trusted Root")] public bool TrustedRoot { get; set; } - } +public class JobProperties +{ + [JsonProperty("Trusted Root")] public bool TrustedRoot { get; set; } +} - public class OrchestratorTestConfig - { - public List inventory { get; set; } +public class OrchestratorTestConfig +{ + public List inventory { get; set; } - public List add { get; set; } + public List add { get; set; } - public List remove { get; set; } + public List remove { get; set; } - public List discovery { get; set; } - } + public List discovery { get; set; } +} - class Program - { - private const string EnvironmentVariablePrefix = "TEST_"; - private const string KubeConfigEnvVar = "TEST_KUBECONFIG"; - private const string KubeNamespaceEnvVar = "TEST_KUBE_NAMESPACE"; +internal class Program +{ + private const string EnvironmentVariablePrefix = "TEST_"; + private const string KubeConfigEnvVar = "TEST_KUBECONFIG"; + private const string KubeNamespaceEnvVar = "TEST_KUBE_NAMESPACE"; - public static int tableWidth = 200; + public static int tableWidth = 200; - private static readonly TestEnvironmentalVariable[] _envVariables; + private static readonly TestEnvironmentalVariable[] _envVariables; - static Program() + static Program() + { + _envVariables = new[] { - _envVariables = new[] + new TestEnvironmentalVariable { - new TestEnvironmentalVariable - { - Name = "TEST_KUBECONFIG", - Description = "Kubeconfig file contents", - Default = "kubeconfig", - Type = "string", - Secret = true - }, - new TestEnvironmentalVariable - { - Name = "TEST_KUBE_NAMESPACE", - Description = "Kubernetes namespace", - Default = "default", - Type = "string" - }, - new TestEnvironmentalVariable - { - Name = "TEST_CERT_MGMT_TYPE", - Description = "Certificate management type", - Default = "inv", - Choices = new[] { "inv", "add", "remove" }, - Type = "string" - }, - new TestEnvironmentalVariable - { - Name = "TEST_MANUAL", - Description = "Manual test", - Default = "false", - Type = "bool" - }, - new TestEnvironmentalVariable - { - Name = "TEST_ORCH_OPERATION", - Description = "Orchestrator operation", - Default = "inv", - Type = "string", - Choices = new[] { "inv", "mgmt" } - } - }; - } + Name = "TEST_KUBECONFIG", + Description = "Kubeconfig file contents", + Default = "kubeconfig", + Type = "string", + Secret = true + }, + new TestEnvironmentalVariable + { + Name = "TEST_KUBE_NAMESPACE", + Description = "Kubernetes namespace", + Default = "default", + Type = "string" + }, + new TestEnvironmentalVariable + { + Name = "TEST_CERT_MGMT_TYPE", + Description = "Certificate management type", + Default = "inv", + Choices = new[] { "inv", "add", "remove" }, + Type = "string" + }, + new TestEnvironmentalVariable + { + Name = "TEST_MANUAL", + Description = "Manual test", + Default = "false", + Type = "bool" + }, + new TestEnvironmentalVariable + { + Name = "TEST_ORCH_OPERATION", + Description = "Orchestrator operation", + Default = "inv", + Type = "string", + Choices = new[] { "inv", "mgmt" } + } + }; + } - public static string ShowEnvConfig(string format = "json") + public static string ShowEnvConfig(string format = "json") + { + var envConfig = new Dictionary(); + var showSecrets = Environment.GetEnvironmentVariable("TEST_SHOW_SECRETS") == "true"; + foreach (var testVar in _envVariables) { - var envConfig = new Dictionary(); - var showSecrets = Environment.GetEnvironmentVariable("TEST_SHOW_SECRETS") == "true"; - foreach (var testVar in _envVariables) + if (testVar.Secret) { - if (testVar.Secret) + if (showSecrets) { - if (showSecrets) - { - envConfig.Add(testVar.Name, Environment.GetEnvironmentVariable(testVar.Name)); - continue; - } - envConfig.Add(testVar.Name, "********"); + envConfig.Add(testVar.Name, Environment.GetEnvironmentVariable(testVar.Name)); continue; } - envConfig.Add(testVar.Name, Environment.GetEnvironmentVariable(testVar.Name)); + + envConfig.Add(testVar.Name, "********"); + continue; } - return format == "json" ? JsonConvert.SerializeObject(envConfig, Formatting.Indented) : envConfig.ToString(); + + envConfig.Add(testVar.Name, Environment.GetEnvironmentVariable(testVar.Name)); } + return format == "json" ? JsonConvert.SerializeObject(envConfig, Formatting.Indented) : envConfig.ToString(); + } - public static OrchTestCase[] GetTestConfig(string testFileName, string jobType = "inventory") - { - // Read test config from file as JSON and deserialize to TestConfiguration - var testConfig = JsonConvert.DeserializeObject(File.ReadAllText(testFileName)); - //convert testList to array of objects - switch (jobType) - { - case "inventory": - case "inv": - case "i": - return testConfig.inventory.ToArray(); - case "add": - case "a": - return testConfig.add.ToArray(); - case "remove": - case "rem": - case "r": - return testConfig.remove.ToArray(); - case "discovery": - case "discover": - case "disc": - case "d": - return testConfig.discovery.ToArray(); + public static OrchTestCase[] GetTestConfig(string testFileName, string jobType = "inventory") + { + // Read test config from file as JSON and deserialize to TestConfiguration + var testConfig = JsonConvert.DeserializeObject(File.ReadAllText(testFileName)); - } - throw new Exception("Invalid job type"); - } - private async static Task Main(string[] args) + //convert testList to array of objects + switch (jobType) { - var runTypeStr = Environment.GetEnvironmentVariable("TEST_MANUAL"); - var isManualTest = !string.IsNullOrEmpty(runTypeStr) && bool.Parse(runTypeStr); - var hasFailure = false; + case "inventory": + case "inv": + case "i": + return testConfig.inventory.ToArray(); + case "add": + case "a": + return testConfig.add.ToArray(); + case "remove": + case "rem": + case "r": + return testConfig.remove.ToArray(); + case "discovery": + case "discover": + case "disc": + case "d": + return testConfig.discovery.ToArray(); + } + + throw new Exception("Invalid job type"); + } + + private static async Task Main(string[] args) + { + var runTypeStr = Environment.GetEnvironmentVariable("TEST_MANUAL"); + var isManualTest = !string.IsNullOrEmpty(runTypeStr) && bool.Parse(runTypeStr); + var hasFailure = false; - var testOutputDict = new Dictionary(); + var testOutputDict = new Dictionary(); - Console.WriteLine("====KubeTestConsole===="); - Console.WriteLine("Environment Variables:"); - Console.WriteLine(ShowEnvConfig()); - Console.WriteLine("====End Environmental Variables===="); + Console.WriteLine("====KubeTestConsole===="); + Console.WriteLine("Environment Variables:"); + Console.WriteLine(ShowEnvConfig()); + Console.WriteLine("====End Environmental Variables===="); - var pamUserNameField = Environment.GetEnvironmentVariable("TEST_PAM_USERNAME_FIELD") ?? "ServerUsername"; - var pamPasswordField = Environment.GetEnvironmentVariable("TEST_PAM_PASSWORD_FIELD") ?? "ServerPassword"; + var pamUserNameField = Environment.GetEnvironmentVariable("TEST_PAM_USERNAME_FIELD") ?? "ServerUsername"; + var pamPasswordField = Environment.GetEnvironmentVariable("TEST_PAM_PASSWORD_FIELD") ?? "ServerPassword"; - if (args.Length == 0) + if (args.Length == 0) + { + // check TEST_OPERATION env var and use that if it else prompt user + var testOperation = Environment.GetEnvironmentVariable("TEST_ORCH_OPERATION"); + var input = testOperation; + if (string.IsNullOrEmpty(testOperation) || isManualTest) { - // check TEST_OPERATION env var and use that if it else prompt user - var testOperation = Environment.GetEnvironmentVariable("TEST_ORCH_OPERATION"); - var input = testOperation; - if (string.IsNullOrEmpty(testOperation) || isManualTest) - { - Console.WriteLine("Enter Operation: (I)nventory, or (M)anagement"); - input = Console.ReadLine(); - } + Console.WriteLine("Enter Operation: (I)nventory, or (M)anagement"); + input = Console.ReadLine(); + } - var testConfigPath = Environment.GetEnvironmentVariable("TEST_CONFIG_PATH") ?? "tests.json"; + var testConfigPath = Environment.GetEnvironmentVariable("TEST_CONFIG_PATH") ?? "tests.json"; - var pamMockUsername = Environment.GetEnvironmentVariable("TEST_PAM_MOCK_USERNAME") ?? string.Empty; - var pamMockPassword = Environment.GetEnvironmentVariable("TEST_PAM_MOCK_PASSWORD") ?? string.Empty; + var pamMockUsername = Environment.GetEnvironmentVariable("TEST_PAM_MOCK_USERNAME") ?? string.Empty; + var pamMockPassword = Environment.GetEnvironmentVariable("TEST_PAM_MOCK_PASSWORD") ?? string.Empty; - Console.WriteLine("TEST_PAM_USERNAME_FIELD: " + pamUserNameField); - Console.WriteLine("TEST_PAM_MOCK_USERNAME: " + pamMockUsername); + Console.WriteLine("TEST_PAM_USERNAME_FIELD: " + pamUserNameField); + Console.WriteLine("TEST_PAM_MOCK_USERNAME: " + pamMockUsername); - Console.WriteLine("TEST_PAM_PASSWORD_FIELD: " + pamPasswordField); - Console.WriteLine("TEST_PAM_MOCK_PASSWORD: " + pamMockPassword); + Console.WriteLine("TEST_PAM_PASSWORD_FIELD: " + pamPasswordField); + Console.WriteLine("TEST_PAM_MOCK_PASSWORD: " + pamMockPassword); - var secretResolver = new Mock(); - // Get from env var TEST_KUBECONFIG - // setup resolver for "Server Username" to return "kubeconfig" - secretResolver.Setup(m => - m.Resolve(It.Is(s => s == pamUserNameField))).Returns(() => pamMockUsername); - // setup resolver for "Server Password" to return the value of the env var TEST_KUBECONFIG - secretResolver.Setup(m => - m.Resolve(It.Is(s => s == pamPasswordField))).Returns(() => pamMockPassword); + var secretResolver = new Mock(); + // Get from env var TEST_KUBECONFIG + // setup resolver for "Server Username" to return "kubeconfig" + secretResolver.Setup(m => + m.Resolve(It.Is(s => s == pamUserNameField))).Returns(() => pamMockUsername); + // setup resolver for "Server Password" to return the value of the env var TEST_KUBECONFIG + secretResolver.Setup(m => + m.Resolve(It.Is(s => s == pamPasswordField))).Returns(() => pamMockPassword); - var tests = new OrchTestCase[] { }; + var tests = new OrchTestCase[] { }; - input = input.ToLower(); - switch (input) - { - case "inventory": - case "inv": - case "i": - // Get test configurations from testConfigPath + input = input.ToLower(); + switch (input) + { + case "inventory": + case "inv": + case "i": + // Get test configurations from testConfigPath - tests = GetTestConfig(testConfigPath, input); - var inv = new Inventory(secretResolver.Object); + tests = GetTestConfig(testConfigPath, input); + var inv = new Inventory(secretResolver.Object); - Console.WriteLine("Running Inventory Job Test Cases"); - foreach (var testCase in tests) + Console.WriteLine("Running Inventory Job Test Cases"); + foreach (var testCase in tests) + { + testOutputDict.Add(testCase.TestName, "Running"); + try { - testOutputDict.Add(testCase.TestName, "Running"); - try - { - //convert testCase to InventoryJobConfig - Console.WriteLine($"=============={testCase.TestName}=================="); - Console.WriteLine($"Description: {testCase.Description}"); - Console.WriteLine($"Expected Fail: {testCase.Fail.ToString()}"); - Console.WriteLine($"Expected Result: {testCase.ExpectedValue}"); + //convert testCase to InventoryJobConfig + Console.WriteLine($"=============={testCase.TestName}=================="); + Console.WriteLine($"Description: {testCase.Description}"); + Console.WriteLine($"Expected Fail: {testCase.Fail.ToString()}"); + Console.WriteLine($"Expected Result: {testCase.ExpectedValue}"); - var invJobConfig = GetInventoryJobConfiguration(JsonConvert.SerializeObject(testCase.JobConfig)); - SubmitInventoryUpdate sui = GetItems; + var invJobConfig = + GetInventoryJobConfiguration(JsonConvert.SerializeObject(testCase.JobConfig)); + SubmitInventoryUpdate sui = GetItems; - var jobResult = inv.ProcessJob(invJobConfig, sui); + var jobResult = inv.ProcessJob(invJobConfig, sui); - if (jobResult.Result == OrchestratorJobStatusJobResult.Success || - (jobResult.Result == OrchestratorJobStatusJobResult.Failure && testCase.Fail)) - { - testOutputDict[testCase.TestName] = $"Success {jobResult.FailureMessage}"; - Console.ForegroundColor = ConsoleColor.Green; - } - else - { - testOutputDict[testCase.TestName] = $"Failure - {jobResult.FailureMessage}"; - Console.ForegroundColor = ConsoleColor.Red; - hasFailure = true; - } - Console.WriteLine( - $"Job Hist ID:{jobResult.JobHistoryId}\nStorePath:{invJobConfig.CertificateStoreDetails.StorePath}\nStore Properties:\n{invJobConfig.CertificateStoreDetails.Properties}\nMessage: {jobResult.FailureMessage}\nResult: {jobResult.Result}"); - Console.ResetColor(); + if (jobResult.Result == OrchestratorJobStatusJobResult.Success || + (jobResult.Result == OrchestratorJobStatusJobResult.Failure && testCase.Fail)) + { + testOutputDict[testCase.TestName] = $"Success {jobResult.FailureMessage}"; + Console.ForegroundColor = ConsoleColor.Green; } - catch (Exception e) + else { - testOutputDict[testCase.TestName] = $"Failure - {e.Message}"; + testOutputDict[testCase.TestName] = $"Failure - {jobResult.FailureMessage}"; Console.ForegroundColor = ConsoleColor.Red; - Console.WriteLine(e); - Console.WriteLine($"Failed to run inventory test case: {testCase.TestName}"); - Console.ResetColor(); + hasFailure = true; } - + Console.WriteLine( + $"Job Hist ID:{jobResult.JobHistoryId}\nStorePath:{invJobConfig.CertificateStoreDetails.StorePath}\nStore Properties:\n{invJobConfig.CertificateStoreDetails.Properties}\nMessage: {jobResult.FailureMessage}\nResult: {jobResult.Result}"); + Console.ResetColor(); } - Console.WriteLine("Finished Running Inventory Job Test Cases"); - break; - case "management": - case "man": - case "m": - // Get from env var TEST_CERT_MGMT_TYPE or prompt for it if not set - var testMgmtType = Environment.GetEnvironmentVariable("TEST_CERT_MGMT_TYPE"); - - if (string.IsNullOrEmpty(testMgmtType) || isManualTest) + catch (Exception e) { - Console.WriteLine("Select Management Type Add or Remove"); - testMgmtType = Console.ReadLine(); + testOutputDict[testCase.TestName] = $"Failure - {e.Message}"; + Console.ForegroundColor = ConsoleColor.Red; + Console.WriteLine(e); + Console.WriteLine($"Failed to run inventory test case: {testCase.TestName}"); + Console.ResetColor(); } + } + + Console.WriteLine("Finished Running Inventory Job Test Cases"); + break; + case "management": + case "man": + case "m": + // Get from env var TEST_CERT_MGMT_TYPE or prompt for it if not set + var testMgmtType = Environment.GetEnvironmentVariable("TEST_CERT_MGMT_TYPE"); - tests = GetTestConfig(testConfigPath, testMgmtType); + if (string.IsNullOrEmpty(testMgmtType) || isManualTest) + { + Console.WriteLine("Select Management Type Add or Remove"); + testMgmtType = Console.ReadLine(); + } - Console.WriteLine("Running Management Job Test Cases"); - foreach (var testCase in tests) + tests = GetTestConfig(testConfigPath, testMgmtType); + + Console.WriteLine("Running Management Job Test Cases"); + foreach (var testCase in tests) + { + testOutputDict.Add(testCase.TestName, "Running"); + try { - testOutputDict.Add(testCase.TestName, "Running"); - try - { - //convert testCase to InventoryJobConfig - Console.WriteLine($"=============={testCase.TestName}=================="); - Console.WriteLine($"Description: {testCase.Description}"); - Console.WriteLine($"Expected Fail: {testCase.Fail.ToString()}"); - Console.WriteLine($"Expected Result: {testCase.ExpectedValue}"); - // var jobConfig = GetManagementJobConfiguration(JsonConvert.SerializeObject(testCase.JobConfig), testCase.JobConfig.JobCertificate.Alias); + //convert testCase to InventoryJobConfig + Console.WriteLine($"=============={testCase.TestName}=================="); + Console.WriteLine($"Description: {testCase.Description}"); + Console.WriteLine($"Expected Fail: {testCase.Fail.ToString()}"); + Console.WriteLine($"Expected Result: {testCase.ExpectedValue}"); + // var jobConfig = GetManagementJobConfiguration(JsonConvert.SerializeObject(testCase.JobConfig), testCase.JobConfig.JobCertificate.Alias); - //====================================================================================================== + //====================================================================================================== - var jobResult = new JobResult(); - switch (testMgmtType) + var jobResult = new JobResult(); + switch (testMgmtType) + { + case "Add": + case "add": + case "a": { - case "Add": - case "add": - case "a": + // Get from env var TEST_PKEY_PASSWORD or prompt for it if not set + var testPrivateKeyPwd = Environment.GetEnvironmentVariable("TEST_PKEY_PASSWORD") ?? + testCase.JobConfig.JobCertificate.PrivateKeyPassword; + var privateKeyPwd = testPrivateKeyPwd; + if (string.IsNullOrEmpty(testPrivateKeyPwd) && + isManualTest) //Only prompt on explicit set of TEST_USE_PKEY_PASS and that password has not been provided + { + Console.WriteLine( + "Enter private key password or leave blank if no private key"); + privateKeyPwd = Console.ReadLine(); + } + else { - // Get from env var TEST_PKEY_PASSWORD or prompt for it if not set - var testPrivateKeyPwd = Environment.GetEnvironmentVariable("TEST_PKEY_PASSWORD") ?? - testCase.JobConfig.JobCertificate.PrivateKeyPassword; - var privateKeyPwd = testPrivateKeyPwd; - if (string.IsNullOrEmpty(testPrivateKeyPwd) && - isManualTest) //Only prompt on explicit set of TEST_USE_PKEY_PASS and that password has not been provided - { - Console.WriteLine("Enter private key password or leave blank if no private key"); - privateKeyPwd = Console.ReadLine(); - } - else - { - Console.WriteLine("Using Private Key Password from env var 'TEST_PKEY_PASSWORD'"); - Console.WriteLine("Password: " + testPrivateKeyPwd); - } - - var isOverwriteStr = Environment.GetEnvironmentVariable("TEST_JOB_OVERWRITE") ?? "true"; - var isOverwrite = !string.IsNullOrEmpty(isOverwriteStr) && bool.Parse(isOverwriteStr); - if (string.IsNullOrEmpty(isOverwriteStr) && isManualTest) - { - Console.WriteLine("Overwrite? Enter true or false"); - isOverwriteStr = Console.ReadLine(); - isOverwrite = bool.Parse(isOverwriteStr); - } - - var certAlias = Environment.GetEnvironmentVariable("TEST_CERT_ALIAS") ?? testCase.JobConfig.JobCertificate.Alias; - if (string.IsNullOrEmpty(certAlias) && isManualTest) - { - Console.WriteLine("Enter cert alias. This is usually the cert thumbprint."); - certAlias = Console.ReadLine(); - } - - var isTrustedRootStr = Environment.GetEnvironmentVariable("TEST_IS_TRUSTED_ROOT") ?? "false"; - var isTrustedRoot = !string.IsNullOrEmpty(isTrustedRootStr) && bool.Parse(isTrustedRootStr); - if (string.IsNullOrEmpty(isTrustedRootStr) && isManualTest) - { - Console.WriteLine("Trusted Root? Enter true or false"); - isTrustedRootStr = Console.ReadLine(); - isTrustedRoot = bool.Parse(isTrustedRootStr); - } - - var mgmt = new Management(secretResolver.Object); - - var jobConfig = GetJobManagementConfiguration( - JsonConvert.SerializeObject(testCase.JobConfig), - certAlias, - privateKeyPwd, - isOverwrite, - isTrustedRoot - ); - - jobResult = mgmt.ProcessJob(jobConfig); - if (testCase.Fail && jobResult.Result == OrchestratorJobStatusJobResult.Success) - { - testOutputDict[testCase.TestName] = $"Failure - {jobResult.FailureMessage} This test case was expected to fail but succeeded."; - Console.ForegroundColor = ConsoleColor.Red; - hasFailure = true; - } - else if (!testCase.Fail && jobResult.Result == OrchestratorJobStatusJobResult.Failure) - { - testOutputDict[testCase.TestName] = $"Failure - {jobResult.FailureMessage} This test case was expected to succeed but failed."; - Console.ForegroundColor = ConsoleColor.Red; - hasFailure = true; - } - else - { - testOutputDict[testCase.TestName] = $"Success {jobResult.FailureMessage}"; - Console.ForegroundColor = ConsoleColor.Green; - } Console.WriteLine( - $"Job Hist ID:{jobResult.JobHistoryId}\nStorePath:{jobConfig.CertificateStoreDetails.StorePath}\nStore Properties:\n{jobConfig.CertificateStoreDetails.Properties}\nMessage: {jobResult.FailureMessage}\nResult: {jobResult.Result}"); + "Using Private Key Password from env var 'TEST_PKEY_PASSWORD'"); + Console.WriteLine("Password: " + testPrivateKeyPwd); + } + + var isOverwriteStr = Environment.GetEnvironmentVariable("TEST_JOB_OVERWRITE") ?? + "true"; + var isOverwrite = !string.IsNullOrEmpty(isOverwriteStr) && + bool.Parse(isOverwriteStr); + if (string.IsNullOrEmpty(isOverwriteStr) && isManualTest) + { + Console.WriteLine("Overwrite? Enter true or false"); + isOverwriteStr = Console.ReadLine(); + isOverwrite = bool.Parse(isOverwriteStr); + } + + var certAlias = Environment.GetEnvironmentVariable("TEST_CERT_ALIAS") ?? + testCase.JobConfig.JobCertificate.Alias; + if (string.IsNullOrEmpty(certAlias) && isManualTest) + { + Console.WriteLine("Enter cert alias. This is usually the cert thumbprint."); + certAlias = Console.ReadLine(); + } + + var isTrustedRootStr = Environment.GetEnvironmentVariable("TEST_IS_TRUSTED_ROOT") ?? + "false"; + var isTrustedRoot = !string.IsNullOrEmpty(isTrustedRootStr) && + bool.Parse(isTrustedRootStr); + if (string.IsNullOrEmpty(isTrustedRootStr) && isManualTest) + { + Console.WriteLine("Trusted Root? Enter true or false"); + isTrustedRootStr = Console.ReadLine(); + isTrustedRoot = bool.Parse(isTrustedRootStr); + } + + var mgmt = new Management(secretResolver.Object); + + var jobConfig = GetJobManagementConfiguration( + JsonConvert.SerializeObject(testCase.JobConfig), + certAlias, + privateKeyPwd, + isOverwrite, + isTrustedRoot + ); + + jobResult = mgmt.ProcessJob(jobConfig); + if (testCase.Fail && jobResult.Result == OrchestratorJobStatusJobResult.Success) + { + testOutputDict[testCase.TestName] = + $"Failure - {jobResult.FailureMessage} This test case was expected to fail but succeeded."; + Console.ForegroundColor = ConsoleColor.Red; + hasFailure = true; + } + else if (!testCase.Fail && + jobResult.Result == OrchestratorJobStatusJobResult.Failure) + { + testOutputDict[testCase.TestName] = + $"Failure - {jobResult.FailureMessage} This test case was expected to succeed but failed."; + Console.ForegroundColor = ConsoleColor.Red; + hasFailure = true; + } + else + { + testOutputDict[testCase.TestName] = $"Success {jobResult.FailureMessage}"; + Console.ForegroundColor = ConsoleColor.Green; + } + + Console.WriteLine( + $"Job Hist ID:{jobResult.JobHistoryId}\nStorePath:{jobConfig.CertificateStoreDetails.StorePath}\nStore Properties:\n{jobConfig.CertificateStoreDetails.Properties}\nMessage: {jobResult.FailureMessage}\nResult: {jobResult.Result}"); + + Console.ResetColor(); + break; + } + case "Remove": + case "remove": + case "rem": + case "r": + { + // Get alias from env TEST_CERT_REMOVE_ALIAS or prompt for it if not set + var alias = Environment.GetEnvironmentVariable("TEST_CERT_ALIAS") ?? + testCase.JobConfig.JobCertificate.Thumbprint?.ToString() ?? + testCase.JobConfig.JobCertificate.Alias; + if (string.IsNullOrEmpty(alias) && isManualTest) + { + Console.WriteLine("Alias Enter Alias Name"); + alias = Console.ReadLine(); + } + + var mgmt = new Management(secretResolver.Object); + + var jobConfig = + GetJobManagementConfiguration(JsonConvert.SerializeObject(testCase.JobConfig), + alias); - Console.ResetColor(); - break; + jobResult = mgmt.ProcessJob(jobConfig); + if (jobResult.Result == OrchestratorJobStatusJobResult.Success || + (jobResult.Result == OrchestratorJobStatusJobResult.Failure && testCase.Fail)) + { + testOutputDict[testCase.TestName] = $"Success {jobResult.FailureMessage}"; + Console.ForegroundColor = ConsoleColor.Green; } - case "Remove": - case "remove": - case "rem": - case "r": + else { - // Get alias from env TEST_CERT_REMOVE_ALIAS or prompt for it if not set - var alias = Environment.GetEnvironmentVariable("TEST_CERT_ALIAS") ?? - testCase.JobConfig.JobCertificate.Thumbprint?.ToString() ?? testCase.JobConfig.JobCertificate.Alias; - if (string.IsNullOrEmpty(alias) && isManualTest) - { - Console.WriteLine("Alias Enter Alias Name"); - alias = Console.ReadLine(); - } - - var mgmt = new Management(secretResolver.Object); - - var jobConfig = GetJobManagementConfiguration(JsonConvert.SerializeObject(testCase.JobConfig), alias); - - jobResult = mgmt.ProcessJob(jobConfig); - if (jobResult.Result == OrchestratorJobStatusJobResult.Success || - (jobResult.Result == OrchestratorJobStatusJobResult.Failure && testCase.Fail)) - { - testOutputDict[testCase.TestName] = $"Success {jobResult.FailureMessage}"; - Console.ForegroundColor = ConsoleColor.Green; - } - else - { - testOutputDict[testCase.TestName] = $"Failure - {jobResult.FailureMessage}"; - Console.ForegroundColor = ConsoleColor.Red; - hasFailure = true; - } - Console.ResetColor(); - break; + testOutputDict[testCase.TestName] = $"Failure - {jobResult.FailureMessage}"; + Console.ForegroundColor = ConsoleColor.Red; + hasFailure = true; } - default: - testOutputDict[testCase.TestName] = $"Invalid Management Type {testMgmtType}. Valid types are 'Add' or 'Remove'."; - // Console.WriteLine($"Invalid Management Type {testMgmtType}. Valid types are 'Add' or 'Remove'."); - break; + + Console.ResetColor(); + break; } + default: + testOutputDict[testCase.TestName] = + $"Invalid Management Type {testMgmtType}. Valid types are 'Add' or 'Remove'."; + // Console.WriteLine($"Invalid Management Type {testMgmtType}. Valid types are 'Add' or 'Remove'."); + break; } - catch (Exception e) - { - Console.ForegroundColor = ConsoleColor.Red; - Console.WriteLine(e); - Console.WriteLine($"Failed to run inventory test case: {testCase.JobConfig.JobId}({testCase.JobConfig.CertificateStoreDetails.StorePath})"); - Console.ResetColor(); - } } - Console.WriteLine("Finished Running Management Job Test Cases"); - break; - case "discovery": - case "discover": - case "disc": - case "d": - tests = GetTestConfig(testConfigPath, input); - var discovery = new Discovery(secretResolver.Object); - - Console.WriteLine("Running Discovery Job Test Cases"); - foreach (var testCase in tests) + catch (Exception e) + { + Console.ForegroundColor = ConsoleColor.Red; + Console.WriteLine(e); + Console.WriteLine( + $"Failed to run inventory test case: {testCase.JobConfig.JobId}({testCase.JobConfig.CertificateStoreDetails.StorePath})"); + Console.ResetColor(); + } + } + + Console.WriteLine("Finished Running Management Job Test Cases"); + break; + case "discovery": + case "discover": + case "disc": + case "d": + tests = GetTestConfig(testConfigPath, input); + var discovery = new Discovery(secretResolver.Object); + + Console.WriteLine("Running Discovery Job Test Cases"); + foreach (var testCase in tests) + { + testOutputDict.Add(testCase.TestName, "Running"); + try { - testOutputDict.Add(testCase.TestName, "Running"); - try + //convert testCase to DiscoveryJobConfig + Console.WriteLine($"=============={testCase.TestName}=================="); + Console.WriteLine($"Description: {testCase.Description}"); + Console.WriteLine($"Expected Fail: {testCase.Fail.ToString()}"); + Console.WriteLine($"Expected Result: {testCase.ExpectedValue}"); + + + var discoveryJobConfiguration = + GetDiscoveryJobConfiguration(JsonConvert.SerializeObject(testCase.JobConfig)); + // create array of strings for discovery paths + var discPaths = new List(); + // foreach (var path in invJobConfig.DiscoveryPaths) + // { + // dicoveryPaths.Add(path.Path); + // } + discPaths.Add("tls"); + SubmitDiscoveryUpdate dui = DiscoverItems; + var jobResult = discovery.ProcessJob(discoveryJobConfiguration, dui); + + if (jobResult.Result == OrchestratorJobStatusJobResult.Success || + (jobResult.Result == OrchestratorJobStatusJobResult.Failure && testCase.Fail)) { - //convert testCase to DiscoveryJobConfig - Console.WriteLine($"=============={testCase.TestName}=================="); - Console.WriteLine($"Description: {testCase.Description}"); - Console.WriteLine($"Expected Fail: {testCase.Fail.ToString()}"); - Console.WriteLine($"Expected Result: {testCase.ExpectedValue}"); - - - var discoveryJobConfiguration = GetDiscoveryJobConfiguration(JsonConvert.SerializeObject(testCase.JobConfig)); - // create array of strings for discovery paths - var discPaths = new List(); - // foreach (var path in invJobConfig.DiscoveryPaths) - // { - // dicoveryPaths.Add(path.Path); - // } - discPaths.Add("tls"); - SubmitDiscoveryUpdate dui = DiscoverItems; - var jobResult = discovery.ProcessJob(discoveryJobConfiguration, dui); - - if (jobResult.Result == OrchestratorJobStatusJobResult.Success || - (jobResult.Result == OrchestratorJobStatusJobResult.Failure && testCase.Fail)) - { - testOutputDict[testCase.TestName] = $"Success {jobResult.FailureMessage}"; - Console.ForegroundColor = ConsoleColor.Green; - } - else - { - testOutputDict[testCase.TestName] = $"Failure - {jobResult.FailureMessage}"; - Console.ForegroundColor = ConsoleColor.Red; - hasFailure = true; - } - // Console.WriteLine( - // $"Job Hist ID:{jobResult.JobHistoryId}\nStorePath:{invJobConfig.CertificateStoreDetails.StorePath}\nStore Properties:\n{invJobConfig.CertificateStoreDetails.Properties}\nMessage: {jobResult.FailureMessage}\nResult: {jobResult.Result}"); - Console.ResetColor(); + testOutputDict[testCase.TestName] = $"Success {jobResult.FailureMessage}"; + Console.ForegroundColor = ConsoleColor.Green; } - catch (Exception e) + else { - testOutputDict[testCase.TestName] = $"Failure - {e.Message}"; + testOutputDict[testCase.TestName] = $"Failure - {jobResult.FailureMessage}"; Console.ForegroundColor = ConsoleColor.Red; - Console.WriteLine(e); - Console.WriteLine($"Failed to run inventory test case: {testCase.TestName}"); - Console.ResetColor(); + hasFailure = true; } - + // Console.WriteLine( + // $"Job Hist ID:{jobResult.JobHistoryId}\nStorePath:{invJobConfig.CertificateStoreDetails.StorePath}\nStore Properties:\n{invJobConfig.CertificateStoreDetails.Properties}\nMessage: {jobResult.FailureMessage}\nResult: {jobResult.Result}"); + Console.ResetColor(); + } + catch (Exception e) + { + testOutputDict[testCase.TestName] = $"Failure - {e.Message}"; + Console.ForegroundColor = ConsoleColor.Red; + Console.WriteLine(e); + Console.WriteLine($"Failed to run inventory test case: {testCase.TestName}"); + Console.ResetColor(); } - Console.WriteLine("Finished Running Inventory Job Test Cases"); - break; - } - if (input == "SerializeTest") - { - - var xml = - " cannot be deleted because of references from: certificate-profile -> Keyfactor -> CA -> Boingy"; - // using System.Xml.Serialization; - // var serializer = new XmlSerializer(typeof(ErrorSuccessResponse)); - // using var reader = new StringReader(xml); - // var test = (ErrorSuccessResponse)serializer.Deserialize(reader); - // Console.Write(test); - } - else - { - // output test results as a table to the console - - //write output to csv file - var csv = new StringBuilder(); - csv.AppendLine("Test Name,Result"); - PrintLine(); - PrintRow("Test Name", "Result"); - PrintLine(); - foreach (var res in testOutputDict) - { - PrintRow(res.Key, res.Value); - csv.AppendLine($"{res.Key},{res.Value}"); - } - PrintLine(); - var resultFilePath = Environment.GetEnvironmentVariable("TEST_OUTPUT_FILE_PATH") ?? "testResults.csv"; - try - { - File.WriteAllText(resultFilePath, csv.ToString()); - } - catch (Exception e) - { - var currentColor = Console.ForegroundColor; - Console.ForegroundColor = ConsoleColor.Red; - Console.WriteLine($"Unable to write test results to file {resultFilePath}. Please check the file path and try again."); - Console.WriteLine(e.Message); - Console.ForegroundColor = currentColor; } + Console.WriteLine("Finished Running Inventory Job Test Cases"); + break; + } + + if (input == "SerializeTest") + { + var xml = + " cannot be deleted because of references from: certificate-profile -> Keyfactor -> CA -> Boingy"; + // using System.Xml.Serialization; + // var serializer = new XmlSerializer(typeof(ErrorSuccessResponse)); + // using var reader = new StringReader(xml); + // var test = (ErrorSuccessResponse)serializer.Deserialize(reader); + // Console.Write(test); + } + else + { + // output test results as a table to the console + + //write output to csv file + var csv = new StringBuilder(); + csv.AppendLine("Test Name,Result"); + PrintLine(); + PrintRow("Test Name", "Result"); + PrintLine(); + foreach (var res in testOutputDict) + { + PrintRow(res.Key, res.Value); + csv.AppendLine($"{res.Key},{res.Value}"); } - if (hasFailure) + + PrintLine(); + var resultFilePath = Environment.GetEnvironmentVariable("TEST_OUTPUT_FILE_PATH") ?? "testResults.csv"; + try { - // Send a failure exit code - Console.ForegroundColor = ConsoleColor.Red; - Console.WriteLine("Some tests failed please check the output above."); - Environment.Exit(1); + File.WriteAllText(resultFilePath, csv.ToString()); } - else + catch (Exception e) { - Console.ForegroundColor = ConsoleColor.Green; - Console.WriteLine("All tests passed."); + var currentColor = Console.ForegroundColor; + Console.ForegroundColor = ConsoleColor.Red; + Console.WriteLine( + $"Unable to write test results to file {resultFilePath}. Please check the file path and try again."); + Console.WriteLine(e.Message); + Console.ForegroundColor = currentColor; } } + + if (hasFailure) + { + // Send a failure exit code + Console.ForegroundColor = ConsoleColor.Red; + Console.WriteLine("Some tests failed please check the output above."); + Environment.Exit(1); + } + else + { + Console.ForegroundColor = ConsoleColor.Green; + Console.WriteLine("All tests passed."); + } } + } - private static void PrintLine() - { - Console.WriteLine(new string('-', tableWidth)); - } + private static void PrintLine() + { + Console.WriteLine(new string('-', tableWidth)); + } - private static void PrintRow(params string[] columns) - { - var width = (tableWidth - columns.Length) / columns.Length; - var row = "|"; + private static void PrintRow(params string[] columns) + { + var width = (tableWidth - columns.Length) / columns.Length; + var row = "|"; - foreach (var column in columns) - { - row += AlignLeft(column, width) + "|"; - } + foreach (var column in columns) row += AlignLeft(column, width) + "|"; - Console.WriteLine(row); - } + Console.WriteLine(row); + } - private static string AlignCentre(string text, int width) - { - text = text.Length > width ? text.Substring(0, width - 3) + "..." : text; + private static string AlignCentre(string text, int width) + { + text = text.Length > width ? text.Substring(0, width - 3) + "..." : text; - if (string.IsNullOrEmpty(text)) - { - return new string(' ', width); - } - return text.PadRight(width - (width - text.Length) / 2).PadLeft(width); - } + if (string.IsNullOrEmpty(text)) return new string(' ', width); + return text.PadRight(width - (width - text.Length) / 2).PadLeft(width); + } - private static string AlignLeft(string text, int width) - { - text = text.Length > width ? text.Substring(0, width - 3) + "..." : text; + private static string AlignLeft(string text, int width) + { + text = text.Length > width ? text.Substring(0, width - 3) + "..." : text; - return text.PadRight(width); - } + return text.PadRight(width); + } - public static bool GetItems(IEnumerable items) - { - return true; - } + public static bool GetItems(IEnumerable items) + { + return true; + } - public static bool DiscoverItems(IEnumerable items) - { - return true; - } + public static bool DiscoverItems(IEnumerable items) + { + return true; + } - public static ManagementJobConfiguration GetJobManagementConfiguration(string jobConfigString, string alias, string privateKeyPwd = "", bool overWrite = true, - bool trustedRoot = false) - { - var result = JsonConvert.DeserializeObject(jobConfigString); - return result; - } + public static ManagementJobConfiguration GetJobManagementConfiguration(string jobConfigString, string alias, + string privateKeyPwd = "", bool overWrite = true, + bool trustedRoot = false) + { + var result = JsonConvert.DeserializeObject(jobConfigString); + return result; + } - public static InventoryJobConfiguration GetInventoryJobConfiguration(string jobConfigString) - { - var result = JsonConvert.DeserializeObject(jobConfigString); - return result; - } + public static InventoryJobConfiguration GetInventoryJobConfiguration(string jobConfigString) + { + var result = JsonConvert.DeserializeObject(jobConfigString); + return result; + } - public static DiscoveryJobConfiguration GetDiscoveryJobConfiguration(string jobConfigString) - { - var result = JsonConvert.DeserializeObject(jobConfigString); - return result; - } + public static DiscoveryJobConfiguration GetDiscoveryJobConfiguration(string jobConfigString) + { + var result = JsonConvert.DeserializeObject(jobConfigString); + return result; + } - public static ManagementJobConfiguration GetManagementJobConfiguration(string jobConfigString, string alias = null) - { - if (alias != null) - { - jobConfigString = jobConfigString.Replace("{{alias}}", alias); - } - var result = JsonConvert.DeserializeObject(jobConfigString); - return result; - } + public static ManagementJobConfiguration GetManagementJobConfiguration(string jobConfigString, string alias = null) + { + if (alias != null) jobConfigString = jobConfigString.Replace("{{alias}}", alias); + var result = JsonConvert.DeserializeObject(jobConfigString); + return result; + } - public struct TestEnvironmentalVariable - { - public string Name { get; set; } + public struct TestEnvironmentalVariable + { + public string Name { get; set; } - public string Description { get; set; } + public string Description { get; set; } - public string Default { get; set; } + public string Default { get; set; } - public string Type { get; set; } + public string Type { get; set; } - public string[] Choices { get; set; } + public string[] Choices { get; set; } - public bool Secret { get; set; } - } + public bool Secret { get; set; } } -} +} \ No newline at end of file diff --git a/TestConsole/TestConsole.csproj b/TestConsole/TestConsole.csproj index c594706..52616d3 100644 --- a/TestConsole/TestConsole.csproj +++ b/TestConsole/TestConsole.csproj @@ -7,11 +7,11 @@ - + - + From 82c334e6406290619f51d6c040870206bc1e4685 Mon Sep 17 00:00:00 2001 From: spbsoluble <1661003+spbsoluble@users.noreply.github.com> Date: Thu, 9 Oct 2025 10:56:37 -0700 Subject: [PATCH 11/11] chore(docs): update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 162ce99..78b3932 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,12 @@ ## Bug Fixes - fix(storetypes): `K8SJKS` and `K8SPKCS12` storetypes using a separate `k8s` secret for store password does not crash on missing or invalid secret field name. +- fix(storetypes): `K8SJKS` where JKS files created using Keytool v20+ will be recognized as JKS files. +- fix(storetypes): `K8SJKS` and `K8SPKCS12` store/buddy passwords ending with a `\n` character will be trimmed to not include the newline. + +## Chores: +- chore(docs): Update documentation format +- chore(deps): Bump `BouncyCastle.Cryptography` to `v2.6.2`. # 1.2.1