From b6d4229977d0c0c88f92ffe799a0f0143b30e3fc Mon Sep 17 00:00:00 2001 From: Jim Anderson Date: Thu, 26 Oct 2023 11:26:25 -0500 Subject: [PATCH] Update samples to use okta spring boot starter and spring boot 3 (#30) * Update samples to use okta spring boot starter and spring boot 3 * udpate to gradle 8.4 * remove @EnableWebSecurity as it is not needed * update machine image * try older node image and install java 17 * update config.yml * update config.yml * remove nvm install - test script needs change * update quickstarts-test version * use API_IDENTIFIER in application.yml example * Update 01-Authorization-WebFlux/build.gradle Co-authored-by: Frederik Prijck * Update 01-Authorization-MVC/build.gradle Co-authored-by: Frederik Prijck --------- Co-authored-by: Frederik Prijck --- .circleci/config.yml | 4 +- 01-Authorization-MVC/Dockerfile | 2 +- 01-Authorization-MVC/README.md | 21 +- 01-Authorization-MVC/build.gradle | 11 +- .../gradle/wrapper/gradle-wrapper.jar | Bin 55616 -> 61574 bytes .../gradle/wrapper/gradle-wrapper.properties | 3 +- 01-Authorization-MVC/gradlew | 276 +++++++++++------- 01-Authorization-MVC/gradlew.bat | 40 +-- .../java/com/auth0/example/model/Message.java | 13 +- .../example/security/AudienceValidator.java | 27 -- .../example/security/SecurityConfig.java | 52 +--- .../main/resources/application.yml.example | 20 +- 01-Authorization-WebFlux/Dockerfile | 2 +- 01-Authorization-WebFlux/README.md | 23 +- 01-Authorization-WebFlux/build.gradle | 11 +- .../gradle/wrapper/gradle-wrapper.jar | Bin 59536 -> 61574 bytes .../gradle/wrapper/gradle-wrapper.properties | 3 +- 01-Authorization-WebFlux/gradlew | 18 +- 01-Authorization-WebFlux/gradlew.bat | 15 +- .../java/com/auth0/example/model/Message.java | 13 +- .../example/security/AudienceValidator.java | 31 -- .../example/security/SecurityConfig.java | 53 +--- .../main/resources/application.yml.example | 20 +- README.md | 7 +- 24 files changed, 289 insertions(+), 376 deletions(-) delete mode 100644 01-Authorization-MVC/src/main/java/com/auth0/example/security/AudienceValidator.java delete mode 100644 01-Authorization-WebFlux/src/main/java/com/auth0/example/security/AudienceValidator.java diff --git a/.circleci/config.yml b/.circleci/config.yml index 1ae4173..0afd789 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,6 +1,6 @@ # Common Logic machine: &machine-cfg - image: ubuntu-2004:202107-02 + image: ubuntu-2204:2023.10.1 version: 2.1 @@ -102,7 +102,7 @@ jobs: - checkout - run: name: Clone test script - command: git clone -b v0.0.1 --depth 1 https://github.com/auth0-samples/api-quickstarts-tests test + command: git clone -b v0.0.3 --depth 1 https://github.com/auth0-samples/api-quickstarts-tests test - persist_to_workspace: root: ~/ paths: diff --git a/01-Authorization-MVC/Dockerfile b/01-Authorization-MVC/Dockerfile index e01604f..d0fa659 100644 --- a/01-Authorization-MVC/Dockerfile +++ b/01-Authorization-MVC/Dockerfile @@ -1,4 +1,4 @@ -FROM gradle:5.4.1-jdk8 +FROM gradle:8.4-jdk17 WORKDIR /tmp ADD . /tmp diff --git a/01-Authorization-MVC/README.md b/01-Authorization-MVC/README.md index fde8117..8ecb1de 100644 --- a/01-Authorization-MVC/README.md +++ b/01-Authorization-MVC/README.md @@ -2,13 +2,12 @@ This sample demonstrates: -- Configuring a Spring Boot MVC application as a Resource Server -- Using and extending Spring Security to validate JWTs +- Using the [Okta Spring Boot Starter](https://github.com/okta/okta-spring-boot) to configure a Spring Boot Servlet Resource Server - Protecting APIs to only allow authorized access ## Prerequisites -- Java 8 or greater +- Java 17 or greater - An Auth0 account ## Setup @@ -26,16 +25,12 @@ The project needs to be configured with your Auth0 domain and API Identifier. To do this, first copy `src/main/resources/application.yml.example` into a new file in the same folder called `src/main/resources/application.yml`, and replace the values with your own Auth0 domain and API Identifier: ```yaml -auth0: - audience: {API_IDENTIFIER} - -spring: - security: - oauth2: - resourceserver: - jwt: - # Note the trailing slash is important! - issuer-uri: https://{DOMAIN}/ +okta: + oauth2: + # Replace with the domain of your Auth0 tenant. + issuer: https://{DOMAIN}/ + # Replace with the API Identifier for your Auth0 API. + audience: {AUDIENCE} ``` ## Running diff --git a/01-Authorization-MVC/build.gradle b/01-Authorization-MVC/build.gradle index 03709ab..846d7ef 100644 --- a/01-Authorization-MVC/build.gradle +++ b/01-Authorization-MVC/build.gradle @@ -6,21 +6,24 @@ buildscript { plugins { id 'java' - id 'org.springframework.boot' version '2.7.0' - id 'io.spring.dependency-management' version '1.1.0' + id 'org.springframework.boot' version '3.1.5' + id 'io.spring.dependency-management' version '1.1.3' } group = 'com.auth0' version = '0.0.1-SNAPSHOT' -sourceCompatibility = '1.8' + +java { + sourceCompatibility = '17' +} repositories { mavenCentral() } dependencies { + implementation 'com.okta.spring:okta-spring-boot-starter:3.0.5' implementation 'org.springframework.boot:spring-boot-starter-web' - implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server' testImplementation 'org.springframework.security:spring-security-test' testImplementation 'org.springframework.boot:spring-boot-starter-test' diff --git a/01-Authorization-MVC/gradle/wrapper/gradle-wrapper.jar b/01-Authorization-MVC/gradle/wrapper/gradle-wrapper.jar index 5c2d1cf016b3885f6930543d57b744ea8c220a1a..943f0cbfa754578e88a3dae77fce6e3dea56edbf 100644 GIT binary patch delta 41329 zcmaI7Q*Td!I-v?`;`vDt%y5>m*3j$(*l^jdP2JpjMA^0+&|2TRW5uH`Rl*t)xVuObX z8is+1yIO~&Kuk+s4o%X#jAkG`%UPmPu(FoL%5_`#;kGEuRVc~{{IR+C!``~k7pe0l zFXh?Sv#G{;-2u>dboTrE^TlrtNyz)gAA~dd3D%(Ez-7BcWF-3N-lU^jY(Q3BP09(v z08qAf4D0ZGh!N1O0%}ltu;LX<)c$&>15vN4OoeiB>*M_jiP3(*3DI7ybrif?aUk#2 zZ1#cK(XGztsOk*$n=#$<^-e+Pcj5{+!C$eb zN~?2cjlp%m7T~9W%6~LA1S?1-B*cW&S8#yh*9dDkSPV;;oMD(o5Ay}vOPgL_`O4c{ zc#!>?7VKF4YmW~!y6b(Dmo!%rNrLYq&g13!f`8Mups(Ds?W3 z48Eq$A>}K@X%nJ+7A53jKO5ziu79Dlo2a#`KniJ`T<~DWx3*+QhUVcXjS@OJjaRtL z%jHp$NjJ1+5c_bN<3)n;D0{)AuFf67lPOR$ zHNRwEISZtoGb>zjEKL+DOt}ycwmuCce>^IekE8o38o7Esv(qZOzvTR~n8e|*DXSG8 zsx23%fasBiHT&(|kP%fK9)Q2>guZ6W9nFRtcL<-$tczpwDj4wd8w=q1gYrs`7eQ2b zSqIDBGz*?9u0ezSFS3xzEijzukZPERLMecjfXyz5;af7-_LU}}Z2#mnEZETI6(eAV zK1*TNL4aeB*ya@>pnA^}Hy~cfiaYYehC7x8!I@uifQaKS3}E#Z>u;+5kh)P!m43yZ zBkormKnm(h)u>YQZXEE29FNuMdVU+|5Z_X&A`whuCQbRBG=&BlOE~VkPNT}nwdg%9 zxYh|cl>WgWRB4qj+hN_gA=CD){EIp?qdbyTLg!VigOXN^CwqxQ4%IgHr@COIQfR(g zkqSx`WmRa|ueYoUOpd6E6|r1s>LLR)xM2~>HTYw(b~!33LtcRO7^=jz(!F6xo4M3d$AZYj*2<0`phJlRYN*R+YrfjFM^H>z9pLcHW> zEmv)@MZ)v=y3}Ij;FFOACiNIYUuKF%&mInXG!<7`F##I-Wn;RZO0GCJ2toHvFdqlb zH!OwhjfC+T38NjzfIzdn*)vvUS*BL3-&Cs+-|2W^njiNfskM_0FL=)x*14CKrp!xi zu4Cp5EfJO(KBYLyuxE*c-NgJ`xrduL$J1T}_q+^NXK^4SPW)3&_;)hqiYV9fxBL&d zU~xH+iU8GUrkfc;`sfoYu4Z0Frs}5{g|n-=_43k*>y%7~Msc9GR_0bSa+yrs?M}hC z*!;1&c5}=EkdcX9BkFZ)&=sbQYHqY6agmN=NvZt1t8B?CyEr6r)40>IXhn6h99xCX zBHx~7bc2OMArE!PJ>GAi1B*-WO9rTrpR}7)4&XKAqAZuXuFLL%=>nr@Dt77@TUWDR z!eJNBxHsq~-_`ykOXHzrYK!wUdo2nf3x7ypQ7C=lCTL+M+Rbg`%c`RU-BK2@+-vjo z`u+tKt9gX!GcO~*O_OEzXJRT?)lRL{Zr#a3xlmda^AB0FdjYyksXf~Vp*yR3aFnI7 zG+?gWkQ=W2Pf_`(+n55=Ys~{W7th)ZLb4(uZQdtYsOHNRtyjE++=H1^+lIAd>KyDa#5C>D|<_GKcm(3PYc~bzGZ@N7+!Mj!=bDV^^CMiVdv+$p{@93{c0Z z!5ur-V5s0!EDG8y;Edz|BPSf&bgs!3BlC`6v&woFBf@mDFF71)>490%iXT}I#903o z-3YS-O!xu(mA4sex(*ALz6am7zhN~ZzaE+02-j}JrrL>&BFBh5ZeWmE0-FX5X4r`UeKO|0 z%r}Ol7l*(PlVbb|b5e28ti)lg6nliGY+B!n*gYz-m0$zZI`4rYRXz&)E&Z-N$iaqi z9a&2V@!gG#;2LE0!G7_e85}#Dv5}F>BJWGgll8mU zT=N(1T;BM;&mWXatMH5ydyDXG`rcH3Bq4h)_AKCM^IAgG>+VC(;qlJ~` zqck?#sKZyK6&3>^E8I!-|cbPHHvkpP4Ds9-P-#Js$IgY(Nd~Ch}UtjkaKZ(-F z*-14NMe9Q;hslQ*PQ-<-o#CCfv9d^D@Q3h`xFyKF?v#Q!H1^6tUQJ1JY)$n;R z0>#YiFav|LtDPn_;}<+h;7L9@v$d1qw9gQQlJn+3?&n3d80nSq>?ytr2r0A~ zfMLv~DJ_;EJG{yq?KsK7@{jrY@BjmzwzIRj*WUw1#V(u+FMyObcse)T1>+^BIcgu_y=@!0)y= z^RN;rIpZMX*%-1J{z^e}i1||LsH3g&tZNhIZC*qAct~9jZTJsOA_2j)dZ1%%$uEse zBM(qzYYaz-S_qaBY{;+5(W=OaXYMvSJQ-`bRCIq!CfrH?6M9|_7(22_HlAFK`?ozM zCUa{5M%aRV`dM7%9}_k8qCpvOfZD9~h}kLqHFo6_0);(c9s{N`y~-{v%+-~2&ma8B zM&Oy6ZnvxYQ;*F;0Qat=^j99Fo|V)0g$b#pusGl6eD>+u+~0tOI;-PwSvRJ6#YB&# z7SE+ixG z)e;Qu?WjBgNkh7Vb-6@3t$?Gb;_Uv+R#@%3X!VTk$d6bZYyqI$19yjgiKPafw8OmL z64`!T;O*K%BsV0Ihvt+3;&t4__r+C zv|@_-!5!B0xJ6OZMZhsTc2oPBzpkL)Azz--c@lD)o||{Eak9--EPf;oIY~s(2hD|F zZl7VZrXS;HSz@7M%VSpGaoUvljLuytnazV~H9QQXEp11ecsQY=7&3s@0^29sg^iZs zU2Vt)$|XYUPQ0aY<;~al3rCUO_dt;&vyWBlR87~f+lrhZ9VZRZY3y$OtN^K{mWD%V z4S~Q6E~N3melp5`PT7B9_YYeo?KEjf4Q`#;0)pt6dU%J{J6a=2w`bAN3c_W3iOKXi zFm1$rnne!3>Icp!k}KdDo-M)=;oa|0G1a)_O5&xfUL=QTC_*9jiwKu;GvYhTL09kH z&%4#fb1J=idPm+jAFCh+R3P2jNAwIuNkCi$i+#n??2P0}&>D9JC;93pTeM-qI;Hv$ z3T`~HFkgOgbWh-b0jXr$R~g?uHzat{AnW@-w4ifKwY{w);{gmBQFccBgY!D@vGi1+ zqaX?qF;FcbMPx4o6PDr+Y^bzDb&9@$7e5;2-Ryt3k|;@AN-atWMn91Fkko7_Egxu> zOzT$_YOF&pPREwmw2Vt6=V*o*LVJ6TOO7aJju13l3E&9Enq}BHt6;;&$xCCgpqsJd zUv`UeL1efo@-oNv9Jwd`QI&qWu{^+^fq)nLDcR<|6Mh_$>sObpLuNICKX(RJpr|?P4}Py5>L{ThsOt#yhlsv|AZL z5^K+2+wz-vN$YZ7a;VF7;-v|>emyT*UD>MBT9w7eGqikDsiEKARMKOX5#BTHWV@*Q>5d@Ty;PK* zyJ?cJYQx7nghR4!rzYF!Zpff6g*v;!-r7{E6TZ$BmJ~R}+)^b}rTs2HRJ8>Nlc=;# z7Va?3>TK0ezHrZ7Ud$sd)<;k-5x!Dth2zO>WQJd!4zAVl_=>b&mWzwWf!t}mh(@$; zY8A-ztqCYDqpi|bz_6QQp4w2DNa1=!+zK72*D)8?j}UnG;E>Fha>2U(VgF#irB)w@ z1dr6FlTv_8Qp|~;QZ`!mC-Xig7_3S5?X_ex$-o%G7i~%Rg?A}j zZD60oNlX|b;9Uy#g*ag;GQvLLzGfp=9IgcZ{W*Xsxc{mqjIsrf!X${nKWqsfotH{DMM*Y;FRcNPVmhESGBfEG zWSK$cm0R^YYpmPAH>6QgMkVA3hnP#?jDxlUegrkhj+lJ)VMG{!bTDe>Ri*t#Jgo@n zNbd9SG5dYyV|M_QfyWb2FEJoWt+B~6sFz$~djv8*-R70+86s>|lvH5<8l0yrsM1)q z509>8-jVZmZ&!EwWuy!s#=e0V;Doxvu`_+ya;WJJT3pg;@I7XK{f6^O|M-sX9G0#j73o<*Zq=hlM;*!52zV7^fEwCr>5}&q znvtRZBJ*qXGC}&fvA!ANW6#61v?KJl`yre*+C`36#f8 zdR(Zv7Ns3UvqSRFZY0|C4f-0Ebs`E7B_@lN>N8!%$bU!N_a7hOwhv)h)XcjvEx;CJ z_>5r_2Q=M+77D9Hkqp$4O=(mz=y?_x zdI%Hz)MN>g4yFfasJ7gbNC{P9qnf#*b0rM3bCl9hN$u{AyGY>&HIpC*HP0wLl+Z0q z6I`#8czzBtcO7uYb=dlc#?*?8k9Z64fcjOT;Ya@|z`CL!7U2k}DKLhTL=>lQ#QYUv=LZ#~Xhb&cjFR z^SF64uO8q5vMlhW#=efVOf{U6D_Hd%Yu*n^mlt8#t~}fm!{F<**Td|MkvK)KJ!#>l zv{;0D1wVEHoSzl@J*#o=`yc1*P5b|-=WYlNM7sGUMX=NOI>eF-BpS;nq}0v*PS zSQ6@wGZe;F`KM+J6J_JnWs~{FenqiC^tINxW+y-eUpi1D81E=KU2H5m5h|KLbSrG+ zSrqK#{-#pRg++FNLP;F zBj2Ve#>SI{DY|QlOy_2TF>sUE0nn4+2tl$%xMzLZV@kA&ggy>i@Nt zbuw2oVGbt2VX;eYB=CHg5ny%b?}_m;1b<;W3S!;<1?BB6H8|w=32i8(6Fznu7&?~u z2m_-i<0bR65mIl6wM&1CITk!@FyNTmd3uq{Z<+HFDU3-EK-K+uE_Jk~UEB)X)dzRlULl>sytpTQ; zFW80jffMCSm18{N;}p} zoKi5tBpGe@umKBlZ|1?wy7D;N(o+#Pvc8HjpH(=&{-?XzOMq?H0F62BB7CW{%TiRP zV`^81cE$EJh|(f>ul;GiKP8F^Eg>}tw>hCF6y3zP58py3u%=88_f1w?Dh6qHi_=ps z1{zKT3L#)T-CHtS&YwCVV7i$hOXFt+doDFc<`MndcjpeR_V#?~+=e|BdnS5C#8DCu z@>*3!I9V90`#WJf((HL5H@8Cn}2785z<$gM>-9QzkIFpq?-y&ZG;z`CfJDo9A}G6 z^Ot5zx6dW7CS z%CI6TuW$9`)#F}}>ZZm?_H-DQXzUIAx*V~b340UbCu_t$Dyfn)d&||;<1z?7fkbQo zJ2kmSt9>cdDqfC-E2ZXN?z7Y6AEkZ^eIVyo1 zw;KO5iZg~7HCM5Jk&G}NQwK`~bXb=f#j!xIJJ#ETt7@1qhw9lR(hEuxbrv?Ct!{87 z(9=Xd%+o|ax*N?__cB*&7kQ_BKkH|g0C`v=ptGnr!Eh|tl=`ApNyN}p!_oQCHMFa* z|FW3-aBH1mgsnX zI9mTRZMe<`*tH~w>N9+i1#h^sZpf>kHavl=APRCt+>y+ojJc$-aUSf^8qCY4ef}f(#S6=tveiuU`=132nDf#KB)Cf3!4ggf(JETHuKO(IvTb(s6;Rk ztYFXlcsofjf#oh@u|;rIFWKDeg%l>%*I;u@iH7^D8QiG=N0e*#(CB<`4BYGtxViCH zK}_P>g0_%^NAkM28@J&eAN_e0N6bMm0POqgxLKQDf`=o{(*v@;Ga7?*IqTo1^w^?v zIcM@Q@~%nUD210hId^wYwE*;*WM5&f4n%ofbA0UbB8e0^2qWr8GUr#+{S!zLVlM4DyW|>h(t4HO*B1bmF_098 z4$HepU8YS-9gl<+Jt4+VCtJtvcUTT}1QYa=dtF@74d&Cn0)jpv1WUzjFfq8f{014v|G1;he z76hAgD&1IT-dQsl`jfn*ZmGI%JJ^~+NI?156SJJ}aqymBc2)EUtesH3bzUGkE>BOU zjiilBZdFgHdrbKru<~*cLcJxjI#t~}RB_zhRU&TJz&fD*F1e&^ zASpZ}3ppRY={cnp``a?AB|@w55$%pZ!_*FuGrqYzLh!y&70vS1j+=c~|zjkE7i4Y4E(NTKXd-je8>=6q<+#B7yc*NLp6XBE( zs>jG~xBpI-ljN3WLT@-~1>TEAk)dHU%i@jw-oY^D2AAbV59ve1769bo`!T=fs=;eSB?Ur}e23z;mmjG63^1VapT zJ^+%ZaOzE#rj%fn+b{m4>2adL5XUGah7hN9%pOioPhtS{_h27L+0G{>cCo|~9^z6m zR}TEt7)gP|V54=xHOWv{R&vfIF>ue4cUX%`vuBOLBv77PfvD%0)@wCB&U4w%YF!b^ zpa}ozLBfP;v#}!^mV5J)dZ^$J^ zv(Hyed#^O5=y({EIo9Z{OF9+iq{Ine$lY^BbK(F2Ig8F{L$rU~w+Dlx#0g}zEHdDx z&5pw?qc~)N29@e}L+~Lz+bUO_LyvddFBjqn%Y5<^!p&TO!8}&EPg#5QZF6j-yoX0S z-?-v5-}&Rjf`Rh7JDsZmJjGj9$Cl|nIgO6&D%o7z*=qGA_a#^F&XG*hZCRd1-S6Ws z!gc`Xg}x2d2`<7Y4cTMI@|h^^U_p)}ab^mdVjeR(ZqX0s9Fl6OU(B`AWLSu_F@vsB>y{Mq`)wzzv{<& zfNo`_G-R4&%8bV;CZaoB@3s17HMBWlrCK+##Fn(-5RVRm44J}Qv&=6O$U5r#Z&RZz zWEPzVa+hNL=u^l41{J<3*`Vtms8#QC2{sGHFPjy-O?`j)F@~l5qvQaL4vQri^;41ad$`%D#T%3N9 zkU84ckT z_3+LH{7IYY>1@RWK*VVp8cDs*jNb{UU=qwlreT-e=Q`)+4f2NQ+}U!9`fS`?rsj^8 z5p*AB*D=t(sbAMU^rLueRZ8e8j2qQV1~Xu@8hYmusOb@gbMEL&1t_(j|ETY1Q+Fq* zKH$RLu8u@?^hVwkzBUu&NT}LcfTObO{CffGsFXYPCekhefLbLr_2P*#-0EE$(pjvcDgV9tRl70x2=D#$2{f zBYGy%jl=p4xYOinzp`n)kZ1)!=(h>Uu z!u}9h+W0v!f592#lTRX^@m*2>QYApnMFyI_OqNgru6^c^*Pnwr`G(`&)Z{?F1xCv) zsvqbLV)_E?!c=(&SLqH*LCM{3Q#(QNh_k>60B8NI9v7B&fPo3QayiD3*xHAk&=3?sc3KByr z*8HY4^=sBurq?+vda~|8r(qXWjJ(DL3p_e zBn*I?YtG*$&&lZB_{U=;D( zxZ+Dj`A%#$CJkmf&T1BLGSl#$k97)AY1E<*U#MO-$vFR3oTqT6Z^yWnoC|l@H0xv2 zD)1~1F-|b3gk=mXwfaSxOiz}bApixCL>&8@~99w!b|jzLU9r zTOEW6^%I%%J5EvJkxL~%`#ti^dCz)p?E(V6K%D~9V%e)WSt~5=h9wXb87{Rd&{&xS z&cy4XD}4?_jXZ)2Wwow+76rPoU-X}ZAN^+mDV+m9U#UdAdGp9;PN(5uI!p^iG@nRO zoLRpOWHjCVP{JAe?A*aPTqI=R{nv0_^Oj&nO-Uj;MO8GjX&upEP47x?TuO?H;}fx@ z26cLT83kd+uw0HFNslL#yPRdlefBBHDVC+Ga|Tc}KzT+i3WcdDzc_ZvU9+aGyS#D$ zI1Z}`a7V_(Oe4LSTyu-Qut(@ewfH*g6qn0b5B!c7#hijdWXoSr@(sQNVYt8>e*g0e zwv4nqN+dY#V08ci=d-Rn+zkJ-QcHv4x~>H$;nl83-22HjF)2QMpNEM1ozq$th2#KR zj5s^@lA)tHN{IHpAsv{%HuEFwPv8h3aVTxQ%oEW6IvV#QJ0B;vgw^Hp1Px?Mz2A(2 zdQ^;}4MsY<8eV>fzO;AfuTO{tS(&yXF^v3Wsx#DZs4Wl=ZFh+B1m>lFnd30yCVR52 zEJayFdp-q;DvW6zH@VRwYD(2-QPXG9E3_6^gL+7G$hjq7@;bw*A(u_p);K`=92Ab# z1o-jasBEQv2krbr#TE(#MCgA|$zCN)9w_30sl_vd<8s(O#cBpCt^|cGdhfk9L|QytS{v+6Q(M+%1Hlofd~SQ8Vq4uNSlg>%xb@;Et66K0q5aPH&y}=D zijMp=z2$$)fLOS^q5p68lSW1#m3yq5Sk|@8ceL2rNmjk2J%f=$-}y#AAr@z7}J@q znC9s0tH!IM142|WcJIzvgeRMUrxSw*j0!Zj_bp5^psleDWe zDY$ccM9=xzR&NE;|Z?L-|)xilhIAhkZZWk#w6L6SSqli=BV@qsfaoHuDkj>&m z!zI_AX0#lYT5Y4TY+qAdr{Csm{#2zt#aM*~cuo7~3ldhG#z2W;C^xTcYc#SVm#gh} z1f!tnu8-(T6Ot`f*n$z1OjIJZg@fJAQgi5~@$k(BAV3V(VsM6ZOpz_DMy*;E@R(_^ zhXrH6?4&^rl`&jyLmct2BEyQetwOeE&cL|Bq?k);AL4u+OjlIW@)oUbEgI3!W3yTV z#OAtdpy+g1{qG$O)Z_fo3FExgDGRWHK@biXmlPbTt7 z>g?@cFRqmY1~$SjAkTG|^Fvx|cw&)wjyRusR0yCrLH#${DA{m$@gSPvmMUycnJ8Z8 z+t}!X(9$q+I4Y7Fm;>@IC^-}m$?K=_!4}T zgVd*|Ox+=pIq1u^VUaa-M0!1PBco=JVw#ey)H(Fm$Op865sBKWe5(CARTJjH$D#&; zkK zVb&kzzhhhnGBe2@!a-?puNTM*NJDT(nBpLG&J+zhC9C*&vFANdQ5a*SAl>5P#Ik3s zSS>G=DfA?l?HctG@F!%^9K4y!j%FOVx_+UiLy6>WFWZM7DnIp3JHWA$xK?r0Xo&M3 z(qa-&m<`?quG{UqQAWEa4VB;k@<`ajTqCT|+BUMmw!l^2w-#8E%AZwF$<17Imz@Ry zV=K*&LR|Q(){7O=$&}!}Yh_XiKe+0dV;7R7sLeRFf9#WDpchEoGx!W`RHO7}_kBJs8dd=lFv@uxIHs(zH(jHHlgHMJoAx zrK*{gP+3{iT6X6(IBeicuuzggq=XCFTNaPCIkg&jJSnMQlTqZ+JW*kugy|dQ9R@^a zF`SK@D!=$GK+0W4#`vB+FYj0 zs|)Pr36|g#TTz+~>F9Jl&;BA%gu6+XlW2~ohU-yi;&S);&nRL7v4 zKZ$n?B;XxWiaKb7zb4sn9bvvTk#w1rll+^Z5bY&39Bv|MpCX{I!8cMF z8Fj@8(8u7Ae^+-JMV>0^y$EH!$~|{ZCoxR!N|vE)VB2=!qymlC<`Mhz$;1+VnI?c! zr6yS%#27XWAF0v@2r@jd7rjo*24_CHaH%g?shSsM0d&tiK0x0|>imsu@#v<5D#GFckLxwAK|CD~2MAlXfVs$5_P&|wprbdUZGXzfpMNS!v# zQC3fOq)V&;zv z#fWE$XrJvk8SPnB8u;M8)HacogF=OUeW@|1wC;PhU6vL4{N0>$=}4W|Or z_w;hZkX*8V_@!oW43l2pZPgQjrbfj0%ei}{!Nw@UhbTaD{i<1CijYztB$G45Yj?$_35c-!{BK`IReuw{0Fl%hQ)Ov@uR z49L}NfcBAEChD3?J>v^=H{(QA@0@m?`IU<6?FFyd+u||ghy}~ z8%XR^Lrud&p55iLzZu1|En+p8=&RhAQ$uRp<&_Pq!eM~p;LBGCb1xG%bF&NC$rzID z^$-7=`QUvE*X+*Dt_qb{7t7dYn@$Kp4P01E0AI(ShwI#I?pPD73b;BdBXer!p~M&I zNr9%jQL;)~kHX^9A>A2nx^lrg_pWo;OxSXM61Htz$L7Hl$nn_F3)1}(um}3d65Od2 zzl~a09R<%Qf%5*@KNHh?*0B=2e5>Fqf^TQq^}W&++}VO&DpaIRL{{XA0=Bb5GgYF6 zfVrQTWf2MxDxU9&IA^v166I$do6)SIfg{T{#3vTxwvb6t_TciJ%O+%RuU#|ypEyIc z2eB3}I=dY7xJ>Pa_JFI~23yI9&z_>2sJ!caVGy3r>`|}s;j3s0PuU8#)ii$Ycbs^t zJ!DZfXW{&Z4zrmUZOPl>2={9Gn2p2~fQQid>tkMUZH2r4wP{OesX>o=I#(tRXH)vx zX7nFkr#kt2yu?xY&svdjD^AmaijADk@=EZVqtMmi(-y|f{KO?h0RA3(OEF;}UU@}T zdJnxjUc{cP#y94d7fbtldljc+PN(R-Ken}(?#Y8kFT+nx-yB9k5KU*MZ3L)2fH$o6 zM@_2dZDlir#X#5wFj-)zY)tE5w)k+x=PJ?&kQ$VOw%woc+U6jV0YquV>u)H0-z1U-BkI5=|$N(I4>DS0lIK z2P!;)DDD&y31fJnQzyKkiNQPffT;6hxV)hXTF=b6osfmDW959lz5*yy53+hJQ@rIx zXZIZ!rU-ulZgVaLlF~W(165z<-pRvs>YfpdV2ut6z@T*^F?NruWIrnN?D0oztWpyYso0d<@5THYPMl zbpj*b9OUri7{yC;8MBqw0RDaw+DNn1{@YQ=7>XatlP6)=5z)+HkxH@Z+(cLp9k@Sg zj9v7C8QG2aR#`DtS*}+Ph3)#2f#~1iv0e!2`P+J~70hgfLxml^5Ds9RJ*(p(9g%T@!MXOd2yKf_Oc~D3uyk!GV=}uwT}%za6sd}6{aM*iq%M6d4m35FCp|z@qI^m zQ4)s2aHr*ey)Z`3eA?Ul{RcYyVT9RXz{;-C#wS=uL?a7(fVBR`zKo_vX;;7g-sY4V zqtjf?eF~-P{WLxPptiPF^U@3u(Ef;Q0dqcShdj961P-ZAYesuDu(3n+o9R0Gc;XS& z3X92}H4(@aVo%}kNn&b>;NO$ht9hR%K0!q)v_Av)#upfJB+R3#)tMJeP5;D-mM6i) zq3}LW=p9Z5usNY|$~B_)VQ;bZ(ik!p4Eytntr}mo;4jIX7u~B^$&hR&G+B9 z9cFSYL}6$Yg*2t?gc%NraC67es|%{0MzsOxmV1~W0HY3ydE>+#v|N-sV!D&1(y`NM z?=dpM@AqFfB@zrlZxpXrK4b2(dO z02Gyy;^7o$Vk@#zRTw~wadmt#{nG5lqO=-pUZ;7I_OF*!pcf8Lg5gMrMmc4TNmcREY#=tRN238%O{m|?e`9yMnBO9r;m<<}3v zQAHFs0A;ZS#WM=a3)!^a&ZJvcG>)r~>mTOgTY}NmdK~?mL+!tbWRlptV|QQ+ccKU9 z4+lfhtb|Mxq<^*24$ZZL@{y+u5(!=_w?j0K0q)(5j(aEfvVRAop7gO5zGNd;#00M2 znFIQ*R)IHHuOtD(Rslq+cl?&Fz+LceqlMZM^qrK^A%A!{7LIEd8iV0@b-}5v34Y@n z^S_~mxn%YG7=Kf=_mfX<*{%~~GZ$kuBi9&Z{?gxhF+E&2ihXS)b>}4=oeXpPMi@Fx z1OD8}MUCOLR7|$vvHS(ELfv@2!L`tZd7)f_A3iakhf=VrXnA+k7L#Pj&+q{+M-`4Y z?hdOjZc?0=x(<;2F&mxQKYe73Dd>7NNtRJMuc=8?k9NE%X(wPecQc|BKGUhQ7Mz5& zKOqG0z9XqotS@F}P?l8hpt=-Rpb@nh0%WPUa~f9pY`}FYc8_3hu18oO!_rg7VmUg` zwbPvPg=QN*EC-~&J`>(uacPC_ny>^&ety%1IhNKS?hXJd*rHC}>VcpdH~Q}?#_J|^ zpNg{a;ztd1pD|6RfGG`W7Q{MJ>`LQW{4figAc^YlP?z=c*_&T4JKJlcAH@FU0D5O& zN!#OX@TH7qknNy>9Rq{YOpS{!@r^=?YOjIbY66i|Nq*NCF)mU;qaC^# zifF$*MeJCi2e&skxECbrj=m;Jz&oDKt*72d$Hgtom1n5;7tO*6b@8*-BwX==MJ}tu zEMoJ$R4!|TYWej3FimrGui9H0ziP|jtq#{`q9rXGLhS+WrSI5fL5(`TzYvWzOX8W^Km=_Me#_0M7r%iM4~9 zxr>AGzmWemu+ZIwVHNPN0UY~3U3dR~7j>+iRPC&t7)|YrU0uV}WIdN8(7z~~$VN20 zpj8HoD{%>>(Gzrt!^i>b5F%FA@?IIClqJ!TY}}&e6RD#mXJy%6k*`Q@Lq%@JE}N>I zH}U6Z1RLO3)56i29q}EzolFRxI;9wd>wAb1CbwCEb4(lbB||9 zVN*W&ZOp}=77Tg|_a{0T&9`A;)jGWv`<-Fla9s5C=uT*ch}7<|C;C`cPVgi$UIMq!83)Yl}0suK_y2m#Ac97 z1cf~X9t?*jQH&p6!@LK7@|}JtC`Aa9oKcK+!{CUcGr*$zF;wVSc)Zv~Nh30*su|6( z8k%bIZ>~YxKoj5~^~UkRCt}GslTqB!6ya%5$DG?Bl5E60<#$44MTORfP^x;J89odA z_+w!V=Rqwy9r7F2q%&FNuWS|5joe2+g3VDFKPyvwG_}Mvt@c4BHE%D5N=_S66*wUc zu^s|Hw@WwPKa%QC9V2p2TqS-?{@8`x~q^{!Gc~bvLk=cDa9_bMIy`Z zi_8x0FMHgx@PD{^$L`F+rE5F3Z9BPQ+qP}nPOgq^+qT*1I325_j&0j-Klk2W-aW?p z2j{3cYSlby)&(odZgI5SZMyW4&tHzqO+kUX;jxFv`#B>b`B{uQatg>+wz@~d9|9F( z#Dc|bLTX4uWlN5H%8@F6p`Fnxcr&z&E!$C@umga6IA7?a(J7OkVIR@EXC&*XobilY zIH%rRQW4DJ+M8@6L3uR+p)Iep4q~nRPR3~H=T5Mku_Bz~%?n&%PkwQ%jhI)*$OtL4 zxTFE8gcE=fQ%rv5x!@4X;#=NFJkWa1+3L{8%H{ZXxkFi_Pq{_03pwVJl`#E~6Zd4% zouTBN@)YH;mXhBw+akZk>%E(&BlC?T<{?-XwndIZ3t7fK@L~^VYMNkYN12Oc*{IYZXb5jMAIl}bIP1zmV%Hf z!2cJhRQ}jRXbRl}c1h30sQg{>;BYNUncM$&TOkc`9u3gwHPUUr8^USBkNKj@+QP%O z{B&`0)>2otKb&!9#Iy5LnG)GK z&x;#$j&WXBznxIPf8Ut^xUPn-h4W45w${iH$wC(u+$1Ukg3i>Y z*{B&uGY1I(b!h#|I8IvY=y_^cGG}{T_mlrQsN)OviE@>-Z85{M9GJ5Iz}F)qW7^w4 zwbruz_-w%SE%^D#@}uNMMiK;_)o=(B7F#Scm6_5E?|R}!B#oKeL{kzW!(4yVkM$@K zh&k39i-KjYKcL~#ODw9WTp#9aFbIvN%1YKrYDU0C>AxCf=uaU6Z=$j~5mQ2f#AqTj z8VE`fUL5+5yqRF{%42DD&C0+Hu5efLQe=BU8>dJ3iq+UbSl8G*Xh~Zj>o{(c2%#}q zny?$ioL(OBi#zd3_h?R12lQkz{?#1-?wt0tw>J-7KJZMsP9Xi9vhL3EU|-*T;ub4p zs7C;gIzIzk#;0?#w`9)nwmV{t2}C=VF`YmWd)-=lCh=d`lTVTOF;dr|nVdRmTAti= zE@ms7+^3)3XpAB1wY7p#oBmm3?n*JtRKwR6?GmpvKpTpO+GdpL#QMO!V$g#GhHHoX zn9e}R_gWxIpzz|Nc62Dq@0G4uQyZ#~>5Fkq`z26P*J+C8?#kJeeM}$km}LRmQOPUU zt)tu)on>^?j&B4kru3*ASB?d^z}dV%T0uUH+;=O?0sP|hE$gE5j)P^QY_%p+nG20U zLf{nl2`2_Mx!o`q=jA?ts|e^o+!|Aiz4F6h#EFQZf89!gkvly`gISDHL0-(cWuE@r zctxK!D%PG@$YBwN*lc==TucW{UFbR-LMjB>UCS{KWf=%Q4;(|S^ow>7;zU(RVK5)u zRkRsM4can>f3Onf#!$cnW1H8+dAT~F-2^x-TJa8>zhWJoZm{aQss<#`Xh#mxXxHwn z)OUd`T;r&?53X;(m{7kCk3B{m0rWr*a(g!@`1s@eTRV96cTLgJ1*D z=B`~E@$kYXPg0jcF5O_kx><=TKW}OD_VG;9Y5pi`Ye`b8Ht2^LU`iorTfEuDx?(iv zoL3`7y&y?F>^6Pk4<9*D^+3_H?&3!E-dCDJkJ{Z%AaTNC`iN>Ir`D;tyW-e7iW~2a z^OwC_9NI=&!|I^&r@+F&atYjx#g+MAh9>Pj$SYoi?v?gc%C3|L-F zB@h{e#S{~W5(~E zC0tjuqA87ryF($+Z|WOnz2u9|xA^NOo^H@A$eN@#rIeh<$XlyDdedycI?)G9>Lg%x zsq&lYp^5dzeQ0=7DjY(uP0_mZsAdowjJRU)!LG^>n1%)#Dr|A4PIU?#t zDYh_x+l5cuGt*CQpBWObpDuoGTB?0!9=X`;K!I`spIZ^wn{%+QkXsn~Q$sFoj8CSQ zrC7Z2684R9IDaoZG%++%+*7eD6L+h;K>XpdYH81^`1QocAH8YA+4~ymsft|Vq0a0F z(dYRI{@U=@2GpJgK_>1ezClUC=PzNrN5X*LMBQbWHj$_}%G`PCRWwVsiNY1IPb^?` zqVXvkB;795P*$}3uE$Vt$;9O#$mlqr{18tNV=&y~<{N$7N~hrFd)HoSVc#Grc2Kv7 zB$F6vtp8wv)qgIq$p0xQ5E>R*+``ht!`?mR9ES*4rm?MtuYvL9$eDwfqaZCNS~Lfy zYYUTFsEM(#+%C+{o+?WdshLOFrO
CzJPg&1&C#S}14UBT4n{?E;je=leIwEK80 zX7l8KMhkR@<0ecQ@8WviaO=D7IlkDmng#lU?Ew6X$fKTh=fYV`M#IKW&1WK9M8+g~ ziA8{L8N(A6gj&p~0~F=#2OR!|eo_W1_SQ%f3G7BLH1W-wZv(>3L@xHCkpE(-=;_A9me&l}Za=a0o2&t2qV2@Ssf z)2{fBn*tm3Zev!)kb^=_Jn6usUE4Ppum&ImPh&qyt~32`Tbnh{hpw4Lmf!tRvjTlo zu^#6oH&Vq?N|t& z2c=jz*{_3uUSontjGHMoE-W;I^8noFtuxu`M`Wh`N)kZFyb{4Jw>;ACT6~3=W z@4rHelELn8x}&zieuL|1`;trgEL5#n{Cs1X;dIZMH?u?E$`z7~g?YyRU{e%f+tZCe zJ}sGS{m0NS3b?kTm~{;G#KSnbS z-OJ49#;7n8YJ1H-u9u5Q#9DWo$}FZ$#k{XSDH0WVNNhG$S?iAHW_wt0$b`5J3l2TO z>Hb11wy{Qt>?>lC{&LKv@QeNeEOv{Uv9`db<8BC(u(g6xme`ZLNJ~B@Iz-4mX+?h` z0$vDNK18H}XhbK}`|}Ztcff81S$!%iFdkvIvuUcW4w!jtoNI@!Z;p72zKA>c2YDwy zXLP!?cVv{Z5n-|i@K%Z4FI*QEgyegcK~fmaXmbxZytQ8^&EGkVU!)$h^RqbN+8|~O zG;0=-Y(IJP=|e_*)__^x174=$2BsqIw`J#^*}4%H_myqmCL`C z*{Z}l2rTgBf1I3EofWI}=At}%zgfsY87x)l^7h19<7PjU} ztE!GOae|2`8R|ZdIIr=CL#kTboz+m~?doyEEyeoh{SsEZ1L^Ii0B5AAgyZB!}9{5jb*#E0EWIzoEH#G^2z$dB) zst$ZS(=zp1^{C8Jhh(z8IWlEcW#)h;CuQBB%V|a5TVJQ%uBHd%S6o5`6-xr4Qv~1- zTxjJnH>hGblo2V^T&?>sNB!Z@csW!Ivdlj&Yr@F&IMO?2hnMJt zS|0jlCwD7#wyd+v%I-g1>o1~`0dDyDmFlG#IqqBp>zHLOVEHWslR~r1nP-vmOe~@B zjxwwd7yv27l|KEHtzhjI8%h;-1rsLNSyf*%mRixmpE|QYJAgbY_bX-ldgV6;2|-34 z1gDtxDs{4h2YiHi8|Odvu9)P2=~G<#4S!m#x{!v()w{j5`~j}<4{q-vzr|{cKd$U+ zD8TUbxDPjauXPl&gi*m>>rek8%!B;WPQw7&Z($!{s}-XiRPU>W!{@!8XYN`HH+V8N zgsX(3Ll@%4`T#qQvhJeGGUG4pEi|AA8g{wISRUxBezSz(61ET&n8ceA!SiDAq&pjo zA;w#5n4j3qeyC12%Ps6{56}^&Zz|;NyIFY0>~mf*53eKQB3Z3_Lms*bb8tf}tG7~( z$xz@ne>V{0#9!slwX@76$%HG*st{K=W~Ue}nWx2KaRTY1|8NQ{ZKwkxDD)E5a}OqW zaFC{FrZ==LxgVPYbBZadv5%u${}5o-p+s|?BW#`(UvRoyBlWdSCwLi0oiWL)Y1WL- z^K)1~{aYJa518(_AlO8H9Ha>qbCgu|OW49!D0%#|dB2%g9^J-WR;{8cuHQ10)z-7{ zphv)&9ti~B2Gqhk4c-q^3CLGH$OdHx7C39dol+t!@NGyram0)*0mx_}6b$Ij4pwCN z#Ihw@l5pQZbuHnGoMaZ6h0U-{evEmCND}>qQrrP#4^_9|6MazvS!@R*Lla;ZQut-aq5Vif5S zQfJ;4@IRkvSGBI8VXKUl=CL7P@ zM%K+S$sPc`Vrb+!E~V0{p?~nI%1^&xT927M9_+urz!O5a32d2}WuQn$v@EUR?f=2l z9b%}66|#8cwvEDgBAk_?jEz(K3N+WG)f+f#HW-YbBjgx{#N|v+zy4=Z7SX8ww)qbU z`#}o=Li*oYh5`QP?|NDn*8l&JVSQ7sPE=f^xFpPx%ye>3Fl5GHDrjgh<^%FzQ0l!D zT;u)bR5KeUE_LvZ8Z}GHb@fXN%VpLUV3H$@#cg$a3krJgPkk#-I@@1wh7NB+$6IU3 zEDO(X?`=N=~&cbiX;)*hB8AC49oAbh;(Nr4Jf`a(J^n} z3{Q)=UK!HP`SoXOhKrWKnss-f!e*b8$@$a;rTkYSi&PG&ZVhT&TVAjt@%1nasaFk{ z!Zlg!QHCU0TBC{#5D4MC=z3)i-30y&0Yrg67}LOs@QxhQ{M5H<@324xl&o7<#6Ej9 z4jqWzC<_|yAmNN?gx59tq%91JGBCDwcLlGs)=<0V4`Vdqs|nQB)OqUf99^6f2K_L%#!B15ha_8ROUFzlV{N{4&4d#orrMGOc9ntR z*V`Cz2$FHywE!G8L=sjX(7!!S3L6BhgO-g-T;w2%=clWy^Ic_T??*@V!gf~BbALV0 zdLI8K5)suRX3iUXH|AG0(xSy@`L1r%M(l-8WH1A?*EgEWE9(6Gq}-metA)ZGOdXzavrW98z+OWd^#%h&fRZGaWdKn~W)@ z)cILuZqD?d{d4o3-CXR6kA_x3i*Ygj=2_BGIzoxHUB1C2-hmGcG&+u!81De5E;cn% zIJj{ae(*&PhIdh;Z7vZKaFV&87dOC#hggEEnXO?o7yN!a%*o1CND36YAws|>yxk>~ zY}MOFWetrY5Ad~aAwrC9Lv+s;6Os14Q=b5vRrofV(S@{Yc_Z81RCY8@F2~NWpke!| zVk9^Y#@OkC5wv65-pAI$f+Y=PzTqdwUCB7=Bdm@YV+{5n;f_@2Y6|`xdrpHcZToAQKsM=e{;I;%}a~<$1emQ{c0tY=Jhi{WG0BXk0};V#K4K zhRnILHmeSZR*rNm0sSXY;Z!FLb%wk27=5a{O0@oIgIe_d3UEBX*`0z-CaCGY4;X}v zjaL6WTiz02ucQw8#`!X=a?PVpxZwphCx^m&zp2`BCp7BXd6NVK+btuA*wUHoke(yeQQ_McAtEu%l8E7|f+%m);k2J^JE zYSl>y4+gWdgwiYzr`U@|5bt=Plee_UO*GKU+4wPDZ$T$Aei{?uzIY;Iv-f9Xc>+t% zmXTqd!~-IuIPV8LaI5y*oSS)?X3{4_s-F{oH*g*aOB=o?gHFb&%=k)r>a6>Yyh(m1 z+j=|EdgSd5g%LhIH;`9NVdf+KjFL+0q4y{EA*}e`yr9@HU$rG#kK~T6J9U8K?kAqn z*oxf)vq15@fV(on?COT@O5KW?Sf{Ez!NLnvpUQ3y`xpB*u=W<;yPjEoOmmF4 zJ=0Pdhw!qWKmp*)iXSx2ec%@rm&pUa&|8dg#L^PEgLv+MR2& zaK6PIMv%iio1BB3>>19@)*pL2ZiAw*i5=%HKl<+A$OxrJYS)jWFX30=?dQjjQDjlR z2e3HX2eG##;3)F#ko5OB!5^>N_v)QwxBl4;W&F(0} z9h*`waf z6lUENGPuIu!tAUUD=!j)bm18&VPBwxyr&KKIm>xptWEcb2lKnyT|1XKzs0gx>Tf$j zj|21&nBXx9&|9>IZ|Is;!2IqKC}+2&jRAnX_Q& z=IS?>-@g=n%YPB~5g}eh!sp_BmnR1KGsTYtD_05Sli^f~yuiCAS>K@b^mhWN*nJBE z>u;Z5-tm6TIFY=<7uku^tguhq72Uc7q6elk0^wjXVPCcOJ6;^tfo!vk(s?w^(V||% ztUU_UE$lQO@uNaJ#G*ifO~4X8#~121H$0P%yKlVjzybE$PY%BbF%G`q-LLGn?y4Mb zS9YCQ@>4VN&i+T z;Lwrh$)=q}5*}ZS_GuYAe&={S=U^GI__l|v-r}`#%>f&I+Hg(6G`o#JQ7l!ucC^}n zXsWrtn}M1d5WB<}`#Om=dUgmr#8r#i-Y+2IJCydVvs3$dGOl(wOnI`b>;l&U2U@Ds zpl1Shj!nttDzK2eYiIR~VmZ_isd{n~2xCFj>I~&;sc1dvns-%XZJzK*keAhx_xnlU zwLAO=Oo)8BRffg#R;^Vd9q|$<_@}507MAd%PIWT3Epu7n0>eY;o_Gsy=@@V9&vJiS zdkJ{L^q31ziY1$_fpbZ4!TRi~Mm5lub)T`wlWeVY1wmfiq!dmStEG=DWGb*o@esFtzCKxSo>VDBQYnX`7u4AEd4Yj*URb*An2FxL*M;V*U3j` zlvdyD5NE2Bi`nd2gYu|y!rwLX1cav}W5BUf@M4C!*GDFiR(X}`q;r(f+ygn2<6mYE zT_3(&r0!+mv`6vkc@jrmiPV=~r1Lm>U(E~x6Ga`atYN~4ih6EeMc6+Bo}v48t<|Z2 zLVOU2u%iMQYk5XINB-0&%a*EUy)xSsI{ii|lOFI7ps>_!QJ_h9lE+@gsyf-|B#m|k zEeEIsIBWOSODg{6aQonW`1X`{zLfMnDO!afmZ^5E8L6#B9GuIVNbdKYyl;t)aAM8= zln+Y|{a#%Gd_e3|!NQCHsR~w)54c+#7P6-Fs09960XK+JQ4y}=FM>a3CW>Mm)Os}O zgy6$CuGkKlqTOU@0>julYHjF#p&KRz4)s8j&6{lI_G=*R3N7!RpJLDzk+2wu5Z%pl zxC4&fqi7Q9hu(agzZDeyD>T$yH6BeS_~heNTm=Eh0iY$&M#XH-_PCn~I$>do z$a5ig4L*w$_zYITN&GzMwcHd%5%!`XrHL=^Mlw)ESu-lG3KVU@(KcliZBx97WE#o; z_nD@kv5^*_13UQT6O56?*MbNKuF6?lpW~AkG?PdkVGh~avS?j$5ICxC$M4p1Qo8X zbPuU*s?sI=JcLAJMHh$>Z9(6GF#?mIeN=TWbE*gikanGb7A=kUTtThzJ=1lpcmzH6 zfeX7b21G1h#TIzrq#Vx=@E!G4 z7oT*bH4)>T)_&Rs@AOr_1=Q>uXeRoknv}ycAdUiliO)|=e%X8E6d{0SlKHNFwj3y3 z3DJ0;MB|3#x65g&j~l$S_jzUA0+FjWRh8@anHX zJ2PQZ-7`Vl?!kRBjvCHAcJeTRUlHtW#I{>!$hm%6gpEir)^gXFwaPUP;0kiLS%vNz zc+-Whu5w&k`9KP)KIpIE5j}fa_e2X@ealmXWE5w+)^-F~~1?CNXf%Os71V@~d=?O@H>)id~o}DT8FYe?F&&lZ8L*X#A(J zc^tXG~=)m>DCgg?M+vF z(wQ6O$;FvjYaOr1F+t%KuLKG~iR3{h)%9Np4tQ9--gD*_bM0$~5q=ST{|OogeqAoW zb69le9M|Q^;v5i_umagS?&Z$k`W;+QA`sx!i5;luPWljt>aPH;NjzNwYMu-vtrm^b zk>yKD^Ca~ZyLmP_3omP*hq)|_*$q=M9gNn*SW zaHFZaFhaZ&D>KK6{Z1%JLQSZC324Z3VvNX_K&l}sX*c}S=Q%nTRG|1_KRDaK9JQzLz>c`%DILe%0hwIbz;`c^8( z$NAUKc@p`eNupG>6oCQRXU;3bee$24G=nQ39DZi7`$Fq|zYl3>CC7?jA&{~)^_r>-X z)A>~brtK*yTQC{)Ao#hlKpk<>>;wO&T|fl8P0QyI;_~K+$FLCi1%XSbu?5;hu$(g8~4`p9^JY6BK=&OnfvL(69ittxUVUQats{x7&Ox3$==!pi5Vo}3= zQP5id3;mnjhO!v2Vt(8B2*R8bt$%wUSZuBdvIlPI`1+KX`CPR471DB0%2DR@4XaA) zVON^$TlyPK6mK^iC*a=-& zh1N+6hOUcBUdj6;DWzrs7>=b&leLN1}P-Z?%+#=oZKx`Cmf>?@^%ekP|<)Lk;n1(|1DakT#w_mtm4$b zrMLpl5CKrNh6evatCRl?&B*>UFk?go`uJmL5q|ewuuPhR+0Yc>TjSHV%aQ1acA+7` z!;VKF-SthS#d3dG^3skn->N%aKEx!-a(T!N5M{{mL>z)V1ESK2+JSToq z8+m)5zM$&Kp`<*zANRZ8df)tYef_+Z|9&lo46YppoDqR%AX4S;&4kX0U`LJz#%h{V z5G0`vHink4nwxvO#Qt(b+@<9ImFi_UIyC9SJu~FMn(Q4G>)4wdv3|UR)EoWF5U|hD znIdzQ?80S;KX{(`@JQMlWbspFH0Q>0%SVp#YCtdR#-Z2WkJ8jzigM4J8kwAQV{-j@ z+#7ofP*PAQy(hrmt2Ov8>J5Ye62t6TWQlL=dOkxWH0V z`imC6McOiO)MnaVtf+CFg;OzixG4)1OM1{xoFjsz$)m3XFjkM#wEa zAXL^Y*ItfOK-%(KgxgXT3y2$2MUtK%oSc@?Lt?f;yD9Y-Re3QK0H&VA)X;H7R*oog zqugDx6T5-Zh4{Sn_|aB%#xYmbwg~oh@&;B8K)z!~xWbU?{%~hOW4b1?-DR1!8Ug)M z72!O>;6K0nQl`R<{I5(aMQ1y=`cGF}|aEBWezY{n4&Zr^o=7y~bR) zC**n(rA}BiMyv@iqkm8}(sBAkQojW=c0V>a!a4o!uQ?*^3qnK3ehVDYXlU^4?TydY zJ6K=kj@(OgaKlawT3`9jId{bl{!4kN6ox;10^JKI6@|alfY+@+kg%F;8zJQO81nB* zeh_Id0s4=kP-5B_7Pn6bp|l$|NTD$%jNCCM%n!H(+7}LBV98EL?YEaSisfGpF}KXT z8!6O|3p0unmk+~1VvG+|C7KuXui71^7kbnTP%6^u=?R=$-$mCmwxc@V>U_A$ttM+U z1+XGV1qD4zdYMmrz7MYtv4NCKl**iFL$6Wyhf+@3R5J<2ivtp-{3>l3KUzzO`dn0Y zuoVN-sG}5MzMa9J_L#|_?3q835hW`7%@_Wu`Y~|D>Rv8op?@>$s^ax}zyKC}4r@d_ zbwaOX8x%EY*)4Jw4L^AktvAc4+7{??yAie9WgJRbRLd_F*Cz&Yam3;e9bom*X;+@) z-o4859cRI(IWpcfm6iNFXUO?F9x4Fj`_?_`RzJXiC8MUg*^Jd`?i!Sq0g#wIEHN{= zYU@+BT2rO%nJGWV@9Rys?z$Le^|B|y%%2J5`0xx41*hBLnIa7ivc$e@Y@7Sf&UNm~ zb?g|!hd)?(VPt3xaYK(G4--XUkw&|Ulv%OURD?W?Wc;-*n>@PX$VZSvEy|oqdi81w zI0_GeZW}g~XpGu1{dqmcmSA2l#e+2H;c1zy4v0DJE>Gni2jI=SWC4zJ#zij&$4iu` z^iW9Dq~dK#kA3UK85S}+SfcKiEjb2*{GYcd3)J{V4y8Bz+bB_zc*=_ge^t&L0vGe{ zplZ#)@vO}HzwR!3^t~S5WOn^3cVxH-4bRtr={bx8>7v6%vXhha)+UhnU)NTx^w9)= zMVkLWU}_(#r(`=|yvEEQ%D$A(8yCiI zlq8XPa_%co#PKY8SMX!IBWn4}h2cyW$RAvUtDwzqBU&SLF&l-p-^nVa>xPNSZt22- zYN2vXC>Svk@oCjK9MQO);;G=Ywdca%;GtANKZgecJ+q@5glfOna1J5BBvv&%q#M$MBbA%-=nL;Sh88@(YCR?&V7fz$>iD=sBdYDEeUY|uFc z1aw)rB@KeLYuKaG_68=C5d2=>E%9ck2yJw8luhqkUhul))>IQ*KDbj^Id{zGjcE(` z@EE~aRuGO1A){4&DA~F;J$Ga%a)Boc-Nq7iqTcO@U~WrLURSb~ott6y+~M9m_Y_@~ z*$7=c87&ci#PM82@5ELzDbS7t3N{hFk7yF0tUJeWM~acb#<5ooO8)93W^qAsxrGs^ zn>7>WM>61#61inUh_W(PhcNDX5k$yhXCwpkz)n-cKKfNId{6*+o))wcO9@Hx-eLAb zZ}bVphtW?;)PhW0h?mwt_XHTP2By{X1oYVrr?LZ_Ho6F8rGAaviOAUrd`rrd%2nKOj%{pI-gGU(%f0NEg1 zp$9*(e?~m+Kh*s{;3SX{1}Nj`=5AtdFJ^6FX7?X6FD>=|5{|>SZ8{9PH%05VUo^_3 z_2Bg2vQb8GWFn~~m~69mHX9KvOl-y-Yre>xI_JcT=ZEE(K2%28TGo+e5!n@Hr`GbG zd9K&8Hva`UeSj$sn1Q=sSY#?G(~LKgEJ_es@G#;^7Z#gk0SBzT{l_qw^df>yn!9JW z-6m~x@Z;(8=fVuGIti8R;kJ(vb(3HP?xAI6gVOHXj8{h$~xZ zdp$DV`)+WT@2r->Y$xrsgJ91?#uDN~t-?|_NaD_{&+7>3ST#Jd_dJfB^}L;4+iUdO z?5~!)j(_v_0xO9<70v_4+G$O+rwgu}bI)!o6c=rT%rbFjW>4 zLgfjHj63R8HyD=7Hbw~v=@Hzp-Ocx) z94BrfNjIOLEd7jD9l}q)&Hhj=C6#f}i7**L;GX`l#I=bSg*ZGwau=o53zB5(e~Eg* zq7MxD(y3xpi=E`N$I`NPgsO4YU_n?rpb<@qBf(Ha1>-_pGnQU0W{};-NGqV3DG;Vl zS48<-01lZ~LTJO{=?Mn|Op|rsvJlNPM*+gq6uDJd_MDw&q~f> zdldr&1PA~DA^C3?4gFu+xlZT*+0IKs)GfW^H>+Tv;nOOx=9Cwc5JjXAu;D*K%YwRl zDVWB8Gq@ZfQY`$9UjEru*9KVLYQR`2+O5S)qOId{ z=ZKPB*qg26V-qct!$K&#?U)&@H+nMwZWigEF84#yx11@AD6-=H-qOQc1_F+Jb)NZN(?X;q1#R*%qae)x=p0 zN1yoq>>DjDKAL~kMYlYA--gn4Bol9`PejAqi)>tj>B70G%w(jvE$>vi!x@Jql`WYh zE6|223yj`YOVg=#+j%Csdld2fJl$zSxubnI*JBA^lLhlnft5WM9l2!f&*pjAP_s)7 z`60VKQ6@_VRx;YfF)cP9^4lj*wgL7k!F=lmdnKGY)D~B%!IKMi^t4A?G`@hkTf!#k z4Qq?+v(`pO317obcRWog4)It{sn9!GMIiq2Vf{dPl%QfKIA0tR8dplpd-rTh_Q*y5(+EuF8DjGKnpM{?4 z{_GGS(_Tixc#9xNiIzyZY?#&;2e{`-*tnEyYlp6V zKw{Hgie^&NGOT09_0v zRRw4zN0#6NN-Wm#O4N4c_wCrff+hXfzsMFlFD=P7mhl(bmv182!S~d)!rE4_*~4!-F$2!=mf1U zM0fgFpwHN&#eZpYZj8W)+-bnJAFq9b;Q%cBMvcQa;C!33~%4ygE--1>L&a)U=Tr)1R#Qk$CB4Se@k3 zfrX1}vEun=Qyx*BrH6-A&co%Q=xL(}1|)1pKb*C5;{I0GelNv$197yeRP&g9uab8; z6K(hAD^bNhPPH+VN=p>??MxP&UER3D%@De~qvhI#>%5x>P<9SGvQgC*90msjwJRyr z&b)(Cz3g$C!ngkBy2vDpaxjqK7l?ImrblP5FL-q8??=ET zD>k_0$^dBjvQNvYhW?DY!QE`Fu(wmE6T6)nkca!ab{VLLDb6Bp` zk-v0NuMrjTU{lj2iA&UZLWgQvVTweOXTPubO?3948Tl0qrO~3difO_{yYO zViZxM8cUcox$a+7K=>>&FHY)65zy{CqObOu?cM9M4}q`f8Lyk?q{iGyoH$_NJ@Tt! z-t(OS@AmYwbc@n4QJ=`Mp>NXZ#$sCUz=kS0cL@y-kbD)7D`h}?1Fm?lE!LUAdbqoZ zA!wh6k;mDxkuyLOy3V^1ky>Q#Vz7zm6lrFr{yaa5uFR;jZTi?m`}ose_}H&Y>6rM| zK;DW_Ba;1^LVGx5K7lG|=K1y$kND3kXkenvV-p9~3N9>Z_L9I!BYY}w3i;F>f3yC6 z=mR|uh&)ib(Ihib?i@3*H{hMKxNMvQdfc9`k3k>J0lE=yS1jq(IJD{rm7~Ch)f#JE zfq^Kv67GGt@YjIe;6#jl>q57sbt~yD4%q59qaz)GQ_CWfMRSfhr4z z3r|tzBV7)e)U%MAlNN4uCxYn4=y`ZD)*~YVh6U7$)6wQP#&l&BYcqEUBNg|-L&hXa zG|7u1%6ibLJvlFD08V+?N_)Xr2W&MMkh11pQTsq2RfPJMD@--HZ7t7nV7sMMG#;$B z&%_5$(lKi9%^r$p67JD?g=m$O27=tRO$WCL;>-56Vff?d_N*~iLENqS==cGI^Z!nS zQmqWW-g|t}nj)&_&%auI)XoTD_b0g3BV>UgMRW*M+%vsoh@NOIeE9xQU7Juj-j0;m zFjb0b-nL9ftOfB1R7_X+ydhKGKlb<{{8e~wGM={|ag^B#D{Hq`C0!FukUAbYAfHEY zalw=t;&3ZYL-Tqp5eICzCmv?e<>z4ohDWRHXSjcn|Ej$$a1RXouDv&UX~^6%S;^r2 zH33|FVmfsYv{AS_*x7WO7LJ~nZ*z`&;*Y)^DXjFyXHM4U0K3GMb-7yG@m^h{ds9( z^iyyfmttIn(!K0VbE~KLDfuP`Z1{Vdqp%BB!O$OxEL_tJH3-`YrH`{_0ggcc1(^ob zgk{aWzKd6UfU_d*SXirZ)8^q5wZUJ;tA{9O%Z#v^c;70%Cll+fw}`sS$e3hTH4olW z)-6eBIimHrO@)cI!ejb7=DOOmM$AOdJNoh<#aGp3dhT%zzVfcb?znXWXf?v-YQ1aj z(7HId($Jxhhj0dO3)5652DqRJZ1*exw7uKJn-YF|<@4e8fh>Crq=+%3Keni?G9`=w zLVwJ6K|$)2SWqzB_Dj>gpT(&ojEI=F1tnF@bntzuBrjPhzOB2?-R-Z8*ySg5i@WMK zg#Zpkhx?$LTGTw;ScznSI_1Ofg@CSGQ_nSAAtT0Lnt!!)OF#!mZ9`M&SveRlY+Auo zDu~{{P#GjeGV#c<5{e|_Ru^LFJv+Ts<`XgGVmiCx&wg1fc;cAAKSCpcW9IN=`THvd z<9Xxr4ZJ3czQmmt$Zn^PS1J{^8yZ9bct|ObyR=gZL7F*Cn z@K4rh8vzz@RF52f`a#)U&F}<|-JHg6qYFpzIooYvu!iNKOTykX&yzWj|Am{z`q7 z2b+|f&KoW~&)+OG2b89zUz0o8j0oa2X}P@c|BX73;KS#mw_%tLLU6O8n=Vna5i|(- zcUy-lAgE8eG+&%bQ;AF?-xsY*ALkRzAO{n}Tgk-%4TXoR`5nfQlJgHaz zrWhn?g1eb0&@dJm+56qvUd^T-|0Xp<<3ZH~InM9L=r)h^jKrJ^3yqe@G9`PIVu_k{ zR!hY|FGABOBu#%+Pqyb2%9<0_cT1YfWQmqN%W*U%!*Rfo z%X2GQ;HA9dakq!%XlTj<68%ZdSbniO1G&K=x&i6$98Nkl4gUeA9QSN}`ZC+`8PieU2c3@+|^{EKMgEp!I z1)8A(Y&$cUu+OPPx%8}T1E=o>&4b_B%X3EyNVc4-sLW*??lWLM8d+_Nv7K)SHpAcf zJMC=8Mz9Xs=>hJH4Qi`pe1Z2^P>DzdC_H^Ye4~m*2bp%7C(3L_pWO~G;`j@O5&+$@ z*L~hx-xc2nFGgM~eCX#Mk^HIpCin@$$~AWid=OK133*rTPI(I6GFW9xXeB2(U$U-{ z+~?^2cf&`!Bp}qOzKWjX>^4BSd*q2)eTwJFyk~5XRb9{7cn)Zc*9g zhb8k3b9>=x0C5_7*988v+G!wN4?5f7Z!IpfYSWw4bCBsNa$)tk-U2$}fnuEytnuLs zAYU57Ud(A~!jtaFr-ijYAtdOes&I33A5xuDVcUsbLrRA0N;$r@X5EjDLd<=z9?tOD*6Li7+MgbSGeuFN-F}R(md@xy#`d0v|Wv zTy{U5PA?0(kpo+xYbcBITzAr~U!N zZr=QSHDe%6Owj*V)>S}N(e!V)ba#5`?(XimBArswB_ST)G?SM!EzfB(Ahb zhbSN*NGty}F#=CVY_t zgD7Y=N|g(@C_D3DPB@O?%Y|j+M6@lQWQm*~qnR?J(Bw{er|SgPDg1ymN?psn((U%w z#Ze}^qnPihp-$}#0idgyS2A+jhDoOzdt8pK-a9`7NQ(Tw&!q~kq2*OD)|c~>sCiB{ z)v(DZGF2Drj(E&wo0hv9O55Uw%t2hmL~2-G?#4q*qZ`TU0+*?t)sIwIo`}>2#3{pe z(VIoIBs(!!I+Pj?yF!-7Q6FL${7N*B^vBXF7!up;gLdh>K8zvkWOx3~e%Zj^n&vCo zx?Bp1`_-qrjFKpMQK8d@>W6<2%-P!ZQhf6SPh^!-Ml&HGq%2L5vP#T@rXxhuy-z((WD;1v2hq=e(Yvv!U6Ep%Uuu^})eR-(ZWkri@`co-) zbHzCK5$DT0iEUC|E^D;Wl z@{IeZNRZ;EXueQKn1hIVYb5`?&yy+8*_@-Ie+2s~_q^w(cZdf&p{C&tU#XK0HzSW` z9t;Z38@^Xf8Iv7! zpiOs%B{iZ#)8pymGGmpRMQ!3p5&zf%TDGUpsh*537l484LLdkxXod;3PY> zHW?GLEZbrY7w#;Wnc(n4*8Y-beDmq2+Ocx}(XN%B`OanWi`ox+Yl&#EgOimuS5SXQ z;*?tbYA{jn0AYS1v`mYKGhZBl09p+hsP>}zTUmUm%%Zp|*sNbS$GKJoIsOW<9I+fL zJ8M|i8S`kKP z_$pD<#UeREd}}L#KbWoh@GzF6%tPc0qxXUpIe(LsNvTb1_K>L6A#Q={>!pM@CSfMR z>UHHPLIV}~=&mGg!V#G9{yHo9mn1m45ShqHoL~(`3*GIkz(*HXRmNWn4JV^})IJ%I zzz~BcUI~pIC-hcENw-jca5sC;2d%uZpvK^1m#3ZyD}17$M~K>-ZjJ=5SW1aV zN&leoXKWvmFaF1iDsQb>0vWyt!+{Iu8@ip&mL4O5CL4T#-kTwjvgTqK-9Q;otF0p% zz^LOKCRM{o5-n0}eon$E@k2QqVO*7R6i^kgO6mXd0K*xJ>qtW$1p*(Ki0z6lwKIiy;9=|#(r3uDf6_v)^AU7}}P)UrM;ng$61-v7o2=QzQ zD0y}zp=Hs2lCi>-hcUe=6k!9J60!Kz-@gk{&nlYY72aFH-gtQKL%#ATO0?@<-&xp3Zh29)<%~sd~ zV{HcC9Ba+{6spjl33AQ+aQwv4RESGqY$2uG844=;tyFHLCaf_)Tzj*(mwr_Cd@G{$ z`NGz4`d-QOe=gdSI7IVttr-)lg-V*2i)LtOAUiP_dOne)SB zQ@pU8V_R!yWm<`;-r!7ul?mw5j74{NG1AFQ)Amgl^NsAcwto`3!m%o zXc=|*mJH4{p7V_Z{Akl=hJm;N`rA04^1!IM`>SYJN{JY$ziso&3jWP?(Cdm zV$j^NcW-K6hpzmKfmd?5aJdu7VoaO2Kwq6qUgL1f^YU;?SG9ANQZwt8ozKNkjciwY zx8y@Q;nzkTC2B$=TkiboOl10FudB>pC(iNWHw8;L+X7;)X^Sb_9qXq9EgZPPy$7lC z{gFPTJ2_NwJp0q8zLk#o2VUDrYk{;`mhZ$Zo8&j=$S!XRZZH+@u-C z6f#7X)RazwyAUq1wc_-#b;>&}q#y3ay^ z_MYY}epWmlixa-)r3k(WbltE@C|qQ+S?`%*!zsHseYW7qx#R1Cipa$WsKP-Ei-Bh@ z$KI7T*1GOUOAx8h97~*lx!u+u^r{=QTO!1-%N7fvmgErTjsyWrOh53l2E`zW{nT`v_TmLezE3|GLIQeL3>3BPFDK5*iYx& zue=z@Qh(J#y5&UfYp!yGq_!ttv_JZKf=b06X3eKv;ww=Ce#&({afsfba^?3~wdgbH z(*|U}cV4e1FNG(&H(7MhoJ8lni(+=3`XC`e65o0ms7QOz(-bUzr;C|OI6$PFm^71) z<5mv}Nx&l#K5oxsM28mO35aT*KW2o@@j(Lc0I4W{mdr%)D*{f@J+fh3`Jw0GQ+-hD zmp^Pj4l~VVM}IONfL&cJ%hA^59RASf8=|~uPTCa{Z;3*;#oTY~)~;UiZgdTND@QbJ zjX{P!{Pri_$1lzOhKP7)7$1lE0@O;4gojl;PrPJ8S>}MBzaUV3Y@x|B?ZG@SQc|uW zg^%_Ff{}a=lTL5cPCw$81j+~jb$i5sA`O}6k(j9o-8C5jL24SVnS`YHgf2PhH$8g! z@K$pVtZ>1m*i?TbXnM4T@e z{VZtXI8VBYGA1Fo_aT9ZmPa-;#Au3haT;3A^-#bIR9Nh})j+>n&P9{_A`_WD`-j

y@x`+Tbra}}5^vb;M@BwAEuLYd4TN!#) zOGK*#`o*O&x5pXU>$RO0!ec+JMa=Ek*0$ngpnt4YCJd(C&~pTHlqlzRYUBo$7$ZaZ znch~8dh3=6>0Nx#?_wA_Uo=tLrs|6}TaGx?(8LO=%YY_DRaw(;VjOEdi2>Ml9HjFR zs}RB9Bl&Q2MJ3e_+XFY(O>|$!-0{jke=WoDJ#5F`P~qx9@a~^MDE58QH>$={3hj{G zw(ai$qsrG{ZU{>2d*oVnar{K4A3$AP1+0DvqmPTPRzB15;`)2tljfc&klG*#Wd_NuxRt-TJej=B0 zL5oOgLnhQJP0NO-xE+RUoFK(Lq#&)DfZ`vQArd4zD4C!l+GC!uR)akxC{1QVLVXr; z-#e(ETa`j6S(^3)?-_N+w!`e7ZOCw9G<5g_gCK|S#wg2w5d#6Ck_1RJ=Y`9+5O0y( zXw+veU;~!IjQHqnR!O$LbTQia_*>|n9yba;#k9oLnn$FZFe&Biab&@lJ~uc6g9fMWN1#$kEMTg z5SMyocoWUvM>O2`=o}xqOw||Q zC)t-9rQpZ&^1ynzP%=Pq@Jitvp~5RxJ5*` zVKiIGYD=64{1C+MSQL<) zUx7=^tt`$h$nY}Kee!N-e&{^muyAym^q6AdsEP2aaQZ?=mF@mxlaf4$kr8UGheG+( zGpz@Ei@dcn3Z`1h_a84oc{{$BS48PPTO!;(P(8&dMSXfD!9gIEq~4M<9=hN8Qv?@} zv0Wkn4Na1f$v$0dsUAm)Cx4+1zNa?*v};}3*uY}_qm|82Bb;25chO%1EaWI4VHXS6 z(Xut!*xyJI&VVhR8JWb7H@W!^YJ`^_Xtzr8vHOWVg6uF5<#!qfqTmxnpmK;hs4++;{ zH!KhvGry4g3lvLY?cc5wUYSOv$MQTbbo^M9o3cAQ&plS}4TbcxCfY2 zj(RjxnCT4~RSRfrt(KrKrKBo*G-u@*&E6n`Eib`FzMO;aJHIYw;x&GwC^@pL?YNM5oDkq(KCLFIz)QvhB zJ`L&xQdm54v?w0;$|){hPv0?w#Zi-V?&$LMwmFe&9|=JNv%_Pbe)TI%nbQwMTG8|1 za5X&QO3@pHl`asmca4Ep9$5jYX&I9{s1Oon{lK~2`I_~B_a)0tn>xfOONoa;C2*1A zRfL-a3>hnVsiu0Vk|yU6QwP$a6PgW{Sih*4+;w}s9_gwS$&O)88|4VH)^4TKbJ0)y zED>)FYgwSsYOAcEBP`Nu$hG=FjsNMrSgq81T)RCKq|nTmc8|pcnH@0XWXC|~Ar?2rT3o?GVxa$GcDb)1k@!aVNxBcef+DGVCgSHkn zGLqu{{6NEa*7x<5fy%{027XDNlxbwA9jlyamz%-${iz2e=OVSt-Egh%?QM>l@<@jZ zvtiRX5;DqCw&cKRLp|%|m#u_hL{Eil8rt*1-WZ80j^qMGlVw!O;{>Ifomf%pA??KW zFxez%PQ5yzd1=z)p@|aY0<}}+y)X9y`J}>koz&#nrSgwa^xn;pOPSR-Pg%d=H`};oqeV!{HH`4@<7T3*~p6mzG zur#F|7>SpLkq7uzYSPkoi|JwXHw7BJx?IL97PTb(u_;;FA^TMHyl2h3X~Ur-IB5sWkj2 zTL}-tjg_qLi8Xb;kPNyY%F;}Nyqgq_;Bc^K+L|V=mZao~5a*s9TA%o( zSpc~@-pf%XEoU_YUF~lXN%eWgToF|{HsNg9nGU9^)*PV?)CBp9RwBp#gQ3tzMgF|* z4I+vfVEXu%v1Z_c`x@FyYL~E$cU2R~g7w~XEL3xbvuDxokm%-+2=8xxI^O?wL7Q76 z>Eefr_9DtHAKN1^neJH__$r*?XPZ#y))DDQ>@E!(y%=ITBaJ=Vfkx>3S{D1Z6S@Dq zygE6`9w`OUAoX5x17=z0OE4*vRh(AN>#0l|YNcm`5S$PVk$qGB9;YU0WDKE#U(QZ- zES#RdF(RRyswkZ1gR3UKJ;Tx7g3l6tWmiT_N7EM!&C$poZAR7!9kY!-;#R43}9KcZcxM+H$; z!_Sb%9A|pZ`;Bp~10Tzs%=XKYV)r|uyygP#$4X`&O&R=sSh6<}xcXl>@X*#9%Ke}S zxBWy?$yD9`;?dW_%T?W~0*EVSo7ofA9*wO%DV?>{0I7UuuCE`yex+X<2)oI-0ReU6 z;D%@KC=hWXcjkOq;NOJiWC#fCK-mx@P{Ke4n2zFu7YDgLc;Fw30`P+Ye*6tZp|M!N zp*<6TJ^=>C#&JQ{Sb&xT2RzFTQo;rVCnP{#*nr1`8R!NV9#H@;&Wr%gBs-{<2!KU_ z0a|x5zy+RFCb`Y-IpD!-@qwvHN>B;uZ4nks7_yLu`zaUq}ThLC(z1!9fA0HAz;H@3N$uO1wqTq2+=m6_2@bH5W7`~oMHuakwo&c^0 zdk5sj0mw~hg8x^r{x7B|v;Z#03BSULDGub{BH+NUDN<0L5FnSq2ABV42LG?#^1p_~ zqCn`h+8>?e@o7>}lf$9f5i&I7sOB!tSWp{%sZ>7ll^J!a+R1rx{w5 zTis9qah3#>rEq(mnt233$P_;EZEa+VZyq;y-JIm-?HR}d0D5_ekUP=kZ$0kk<@ z(D*}uu7@6Y2v06r!;{?by8s^;oudTZ*a4sC>_AfvfaW{|IDCgq_nW`}Prygmmn(7l zFS+SIZ2kbj5Y;W0|G%i&|BvGN53|1(1QA4x^zXmV|1$gk?XD;k&-wp#_HQ$Hc>Zq( z^FPeu@LTHl)ABbIg~D8cLT2Ddz1!z#{>3GXHGePTIR+BuHi4DKfWpdxTf3zqLuywM92PbPZeNoh!lLsHQ?AE0c^SO5S3 delta 35491 zcmZ6SQ+uEd(4;f5lZkEHwryJz+kPgtolI=onAo;$+sW*^-|n95b@e~!gRZ`-Ds&I5 zw*jn<_6Kamn)xai1PI7EOwx@bJD{tHs)_a;n_*^z2Vp7{6dA;c!VuBCtWnn_(@pe) z{)esD2I3fTw1WBk*r4nUrq35t&vUV&ex)BwQ_cF)%6HUvlz`Ps#+VRFU?tsh2J6S= z#>h*H8(8PsCkU*nJ`*OgA z$h|w%v6n-3-Z_>V^IB zldB5M`mT?GV+$|%-Fn9g??9kkCwiKJx$D4qN5_G)#UEn5pSq!@5yg}EUpYA(Zk6fN z9kIsfBYqLarHt4VgfI7V*(Bnt8xk49ccKRMvdI(I=BA+v{~jx@m7cveoZrAa<`-#G zqN_2vU=DghhPEF2^-A`nu+pe(6bI`{iCZX9@`v8wJv6UCMGb=j2LMgE9FK)>Y^!Gu z)R#KEcuX5NAA8HdM~|PHZ=I~(YpO~0B7F=3qYn)>s~X}G2^EbdS|QN}&G(g?cehWJ zI%PKGqB_jMjq1*+&6Nr{aNNqXH8Rx3mHW`K6Rc!z9^bFT$0jCQ}0eHY*SeOX^|%daAdpdtxX z(bjO3@qY=CwRZ?hKCG8|OU^MUJ5n>`62?&cKxZQ6`ccoUgU!%#2ki zdN>^9Qma~L(GKA(NrW+X`eqK9)n?4&lJIr0 zhC6S$7*0%|ikghIf(+uRoK$CsD->F1&X2nNdzA-qc)lhb&(`$L6}K>5HrB+xNoW!~ zQ*ua2QJcwH9zc&0*8Qk5))B31B(wirCBZkOGs$jP+;AUak4Jue4E`d=FRkO9)Y<0b(=hmreM*A7w8vRw{78;F-!@quEzlw=Loc)uzYKXQao94Ad6vW{ zv}1mU35rS@zij%LT0&W9;c1C*skwgH>!d@P<0z;wTk#HyB^H>oSdB$O&teW%M41$g z6jNn9a)}!3JWm+!oIi)t&o0(*5pQ#_a!{FNzc-rEs6f8=#=`LG}8h-wAo(aZWJCU$5Vo zPH4ccUndVW;S*i3&->nlGx{eI@(7g*IGM;_-1#QBgdvDOgR*ExY}KW=ECCn-iU;WP zJgTMrf<7tJ2Bgx0t1hq<6Ik(c^o1)QNMomoXTS>_)A6qV{XZ`V|8f6tIW`m*%oA75X-UX$Ri zHGbGi-q%@*#_WP@IZPrOD8Edd;`}#!ABL-CQDHtVD!7)VyaO`p)m$H+Qs+?(bBXNKNJ<( zEO3u9oLfwf$3aQ5mQq3)SeR8Fn;Krg)!dw z2|SD-@OLPlZX(mDO$)~KuA{q?bP=})Re7*-lqRmF4R)%XQ0`n}wO}(e(Pyi<#Xejs zOueSq#L;lLUg;>jRVR>XC{pbyuf~%eMOgCAT(xXB|Ku(`MqlsvS&V-{EJMoJxb zG=#-m>+vDwjJ)+&?KUEppB<&|rxD+Y){FN#)x%d~XbSS5Squ)YMD_ zm~alNWH08*ka~Z+ViC2MinwaXxP1)gU{yUW3%V|bH>>QT?ulLQF$e=r2iSZ&sTF7m^HQ3>Oy$zcQ0T`v2f>f`p2=&T5}zhq{!jRtM;YBkZ-TVF-OPYr zDgcO*EEqT}2naMZ2ndKU2zv`(Rxct5$RGTqK7bO))`s!b8`1s;%wPAEE-mamwf8hA zTxu;_@y6m$M4-y{m`x;Br5ujC@AFA3&aYSMA6@Bg$jFGwAQY1a7qU&w6$xz!QSUZA zjmNB0fS(HmIIHFzQ7KI;U1M14ya+aixffSUT^O=C9A`Nkcm88-eA{d_c!&R;eZNe! ze6Rupp7vQ(u6E{UuBbg+RJ)C0vJ=)IXhPXa@=1w)mo+^p9qqV2f9YEy>TuMO|tZpbrx4uP+_ zzT)hFrnnX0uumBHD*2fd0C3!SBWK+)`U7Ra)9;8{$h+FtR_jmRZ_;p!yIhKIS>!6AWvDoevw$gLp}>wiYa5TtG+)q&YTz~uCj)iV zHVE1l193qBPmo3r`fmYNPoYaKHim{%=r+3A*1 z-u86N^@>Uh8FEE@yn6_1cTJ`;jX+*Y?cW!vfBBY=dMC>EB=I#eM>fK4BfEP8Ved2I zoeG2%;5bsSgGs2Uh)2~I3LU6+s5Sf;9_tM4&yP(9Ep8Xmk<47z^`&_4Y2Cyl@7HLZ#i=;RQtp2s1F)KH%;=in$W&;GCL`7UfzsLN04tIj_k*# z8m*d|%CMKnQqwk?O-g&!ivbE6c4s;iz4;S`(@mL&`|n+oHNhusFuV#!^Y*@dHCuWb zSqj|O0Wg$lxB#WK9LLP%m9O-cKVgfq$19| ziBu)AU8pUmSr{>Ixx+Yt2jo_|(E+HTgYKy!51IKWezJV7$7=cNX}_mEEpE+_L|HF{ zB%Eoe9(OY>a}HTa^eVN*OO0rRvi^@&&g8KwXAl*^JA;J_Reg zHST-eSo7%zoV9#iSU|Cx^rT%%Tz~HR(hX_Np0A`$1H%a&g?gr~G@Ln)bYl9v03C;= z^9j7LLAEYhoIf*mBZpP%cCh*gOvSq8Sxd+wAHB}NHmVC*UvSbRD3&5MZT5U}Tmv&cXP0+YY z@~dya3(jguZ;%{rCvN1lM|vj9K3l^mpN;cSLDv0%G;o=G*Xm*4CCu3@j@U!HL35pc zjnYHcIqtIcmZ58)U-7_#u3ht*ROslUNEEZ4RYOmnZop)cDo5pmP)Rt)9DA1?Kn&)A1U65M@@Z{swMZ6*`PckGeuE#+$$;N zx0sCgmn~o+(lRK!-4^+V>3^dqO}kVpvNWz#Nu5ypLegO&D~0!pA|G&GPh@r00Fk{; z`yor9WLy`CI+N&<-gqdyv???6a|u^{3Jdr8LTl7W1K8D^lhtNnKnitosGziw%sO63!V(AnlM#E2)Fn8IM6wBt)RZrLb5%;` zu1Vs3ACXy<3wb$~lwr@Ic4XTH9zW>!dp|0r7;PB1P`3q@5U zCk-xj5D0lws$FhTvF&OW9Y`jJF)oKZ=?fG3n>S6Lks9XQuGZ!5Vk~Zl;R~6l9pda9 zNj!?Yl9*f<`4t2frklQE)vnc_X4ugM&j3Rb>D~Txuh!*8mWpM=Z|T#*$$EvHeCFqe zL!WgFX`s=JNRV|6|I^jK(Vsx4p1Ra>=HsEg1nAPIU@9LiPUmbF+chnhA~_RRIXgQe zbHj>?=Meo2$HV2xe|SPkpwnfkZckKh9s(;%UQHX|M{k=*oh+kS6k7IXhO*JHPY$Z= zxOBA6F(Ff})<#2U&=hH5udCijwBAUJWV4mNTKH#2d#-a|$0tHZt-7ZV1?Q20AWOW8 z2xuHX`)(cGhKB23N0+`G#Vwi0NukwaV!C)p2g1vBjLELau5|22#!Zv)eK;$ZX{Pdb z$UHcNdWgzYno}dkS!Ht;&eV}lEo%mN`CxS62U3slo8zUTVajaYVZtJ3=RkZwt3ZP|AyE55as zVIoTVhRwSA_GFwaBa(K7cgv89{zI7D-B6=qzO-=C(XY|uTH>(EasB(`nZE}vK**fh z0Jyk4qroP(Rj2aN#$cJMvoTLzyLydkR>{qNwdmD7CGrln0gw342$)|N_Yg0QrX$JI z-?H|Trl2^FcA9AgYWG$$@0NTSDk~JjWIQ})R8`EYf|+t&YX*eEOe>A*Wpd97CHNr& z6=jH>&x6T5qw;^t^|a;A-nUb!0bJ0>a(qR4X!UFFs*3U>`K<*P$?A?)?~nn7wQ^ ziHo5C=_^9w3yb-xz~mg!=k1;D(kj^$ePcZ46GxooFl1tbw-ER5&dLLZ8E$mDY7;p`$Ekeq540kwv&PK<0?}VNKJYL^Mn#N>((j9 zTxPdWN)o;*A1*o8UYy!U-+Dp3?u`24edKjid5(hEVwON)K&2_h0WgLr6Q@`Mrv1G!a%WTEnVB#!hV?7XEGQr*a!RN zJFboz*{!Dab-4cn8X$egZ8?`L2d<5la?UIG*^PnKNuz_?>x#$|W;gs+Gh{DVTES5H zd|lQyJH)IoQC)MVkBLfa4GsPJm&K}z<(+f&CE7Z-igW&%{PH{0GI+a*yt`xy9-j(n zm`x!mzf29t+Nz2-vP@7*n5-1qN)}81z2nZO%v5-tfp1)ZY2X`vUB^BzA^D1Nx8=Fx z{vk9IX{GzKK%ryiz^&ub%~u_0B=%!mfL)z<^E+${yWW`rZ%^@1o!ygU9-PC9t$&YY&F;w9=7*PM%pn?C;EF&hAS5I|8Dajd=@i+ZcmT&0#JES- z6Ag8X{-+SYD7|x=-|p4^$w%b>Cy8d|AfH%=u>rz_CoKoV;)+Y=*>)d@kSr@x&t zodKy~8HfhdlixW$xqO7jeZd6-a>dx)x}sm|G(~L;1{CKsa%G}@W$M#psh=CD)rprp zQEo(w%bKQZZlfYfEt3o>Un@?cTeFv^@(@?-F5`tZKH6mT{Eb8_E=*sGgG{J&o4Y4B9P+7c?~4;~9> zYUN#4nK#q>6pUS<{<+`XD12WX@8oE2x-~1c{^;Hn`H5)TKQmwaKq4SDjkGtw{qt{n z(8?DOBj32Xv2c&$%NV+zMMWFrr#LV#?aP_e#_c+T_lz{Nzdh@Rjb}-Q=5d=POj+qd z5ZADpUPQ3qx+Lmq23r~7^0Q!@f3Vx@&$eN2!WRVIS{x>p5f6;V-U%B=kG`q<5N?@y zv<6!AsvJenO`{UE6D)$`u~Wx^5oDMGTNol>;YjA%biZ&qzN@9^a@vOD@xet<1D_q9 zxO#2#bNa<>cH8DB%s+v}P7rYn<3RU)4Q0kwjPNkFiK5d!~%BU`j`JRNDwV z_To5yf=;w1ZniR86Bgq>C%((R{*rJ^6queTFkP(O7k_?-K_N6%G=4sSFchr$8mEOm z0`PM4V#f#M%i5&xQg}GEVOP{-BpvSc?$D*kENRlrn6h|_a*m}STqG^i!xkfEty=h} zI33{(2S9e?9~J)#+3XB5b-DbMl?8wD&40slQ?xzQi|p7w-5 z+)v{j!Y}x;7Gr44C^W6vd}ufn+#{iGr1#HI9`*d6xB|(m-T(f4lRhtS8V?dHVG%M+ zIXFvUKtK>MKtO1cW_>V{6n@|Uo@gWJ-%#02rAs9Fs8^N(rb3j;!PJmZ=EN}4jzmJB zB#yt2nxvpST1_0{61n&l$cKv7BNkA3@l_NW(22Uax?j#8w?$D##soV{7g8Y3CSLN} zvpF5UHBY*+3A{e{XhAe0AYgOyO;~fvMTQy=Z*93Zt9Q9+Xvo?@XVh;2K8Tr@0|@^v zC6wt(&z}aDBeI{K<$*qGi!#GHdht<=s&~#^B7L;#ldfa6DtFeKw8l3{12%`ZI_NJ4 zZms#DKdwi>Uk)qa@WowK2Q>b(DQc!^!oXH?fK5}LDgYin){P7OC~&-Cu;*Vm9eavQZCR(yX(boIH6 zbBck|;I)Z8%s%u?CPhJdGR8B+E3{L`}Nk=D4Rg%V@zb9X>z+S+i8OP;CmFi zv^AU+)p8Et;FW_l`_iG6Zsfb1zlDImU6s(;*`SXTTqA@s);gj>m!kPhf>_OGvI(7i z^D#%;xkp1PKn@HkoZ~@`#s2&Y=ea;~05xIRh_rZ*>U3pRtW;!x^N#-g@2e6^7=_C% zHf)1}%UWtFOq*}KcHZ8`Yi!_+^(#S-VvZ{4QRzIuJbo@_2=*eee?kjt+@d1H z?Uzm#+=(uhmqKETAqWo4pnr-CFy7H3F!PBIAS+mL1(edfHiz!)wt~9wO`aznaS@#C zxnoW%9i`0Y|D}E0#rkKzMPMsk91Y$$oap;EZGaH`oIky_L8I7Kq3CbAV~sE{mtyql-9Txz{T^;#F9l^4#QWWb|Sg8(8IECd3HArC3O&nWQ`AnOXJ%3kR+5N)=|Hb++Ra`4ItdAXuWDMk`*O?n{a8&K8hMx z9Z>gIujSYnkgp`TM4hOYtU|;P#1Gk3Bw?eaX*Tkd91nVw%nv%N=(Kv`ZKZ1-AIo*r zKQeTY)0(XnPw=LiV~aZJZ(~-Wy{&{%qU$qGzK_`zYg!MND^$D5m(FoaumKn1S!X>U z7_rp3CQ{Yuel_Lk76V#mJq%$N1aAgTH{!nM$$7E0C=Sn0%UW;YXk+^1E|~JIo{}7B z7!S~J>2^Hg-QlVRycQ?Cl^(M!GowC*2l&`MIj4DhdK)pSR{RQ3Q==yyA8VnZL1w#i zil^|KR|MOFhxH@0&a8aTGJyPMY>L_O*zhGDM}-Q95trNF*&=4RhYT2es$vzZjme&# zKXNHW`#q{EhG&@1+4Tg6<;+|4b5R1uSJQ6g`Lw)GBtJ+`|-ANaiaQDqfQCsIZpWE zHO$9fyMoA%DTWfi47KwrN@p-aT##Yka`Wyqqg;_{7Q)+W#>|;~zWg`fl`o!(7 zlvu5)lPMjnHUx`$0!2~Q>tTsM7SRkwa5Z^LPFwL81bF?~3c#hr8y}CHhXzRy>1U=0 zOj@`r*01CTB3C@p6#}xK;)44A$$F5ntay;w0>6c+lHH(cW5cjV9v1h(6;Q4~pQ1?n z9LeyxK`H*eJ&#Io%T!U%v+y{h?ez=`4KU$I)+Gx}CZ--I4CAZF5B;_)6NO5h^|e}* z!-U01`TgLw$PCD&F!ogSHm@~Rn0%(T|6{-)Uy1EHtoTn9imY;nr_$}vN$$a?J~)Wy zQP;5q>4w!;VAb#<*=r!i*3Qvw7P@9Hc5>#K*YO0gV^>Y>w%{WfS(~9xMdwsPmK^5!<4-VF6z`kj!BwuLV<)+PUbe{E=5;wfSYnmsGLSV|;Dr zbbpL!WNS+QAtn9JenoH;+IupE0s(MySQX)z5#f@@cp+h znHQ#lO9CL%T9Aupr&7&)W|vE#=%r~B_qRV#iMl!e2N*M8&s3xJ+KOkdh_WZBt%8Sgy!@ZEg)_3U^&Hv@lfNq)eY~|MQqKsKf(6pG#(lv}mkOz|ga5*Py-u+zbbS@^sRpby~!;2#hLS_Cl zNR9q7o)Y)pl)tvAy@|oU>?JuLsZPDJ36Mfur!CBI954y2L_7H!a2P7xiMM|iWA#MW z4my^)ruJ$6diWh!TmIS+38n5UI>c#uI@o$R473(E-wb;G4nyOsGLq;c1+5-&v#CBZ zbG6x=yy2u5-Hm)?{%Xr%$xi-rgKU|~qTRUrlu^^0l9FMgfX2U2FR52qVTNm9ZB~{m zLtCUZTpyR&UQj8^9WdQ=aIC_uIin+S9$b0y5SoPp_r9&8d_Hoq1+RFX)nbd!pa9nd z0Zh|vO&5n!8=aIPKT%BeuOom~;(DF6!sXa&tJs%XWo_FBe4xt0Fmwe=G>&UCz9~g1 zd&I&9`()EO_<5~2#q{kz2JaEfQ<~we&$G}KcG!%2c`?%|Qs+Hwa7^iX=NmbCU!hQH zcP4}(E}#@HW}a3d*-vIoYl;$%k3+-70vZ}e??{)t8O--bb%P~t9^;N+cNiN?4Iu(2 z!FJr#cX0NM`M zR*!li1dw|kRagCiXO-?Qt+SdRIjeQ5uB;M{nmXKgTPo3e+ZGmdr9vq1SldNO>bFIq zH~T&~?gtnMx^?OU9BW;K8|;rpVWHWp#l}cIin`4;Y@Z-spqeX57s~}!zYsJBknTtk z6!+K$Hm>BXJawjDc1Ljh19PoC0SOMlBpbnzM%ZafPsABGv5tq13#-?VO@SzF?`rVO zVcw#l#6TCEV@HDlxVF6AG#vjBO!lteH1+{*`+k^Zk`=S(~SdNFn4w*l)c|G3ITb z#%@FIu0||~rp2;+lAopm$U&up(aW_|6Tg@+Zqz=lj2{S_$V6d>`!Rhq*zQrVt0g|e zRpyh_g~gx53|sYqtM#^!ray;^XZl^E!Op~Cc!{QcDxsIO#94nUd|Cy-6>5+9m=at` zM6@_z(OTm6q*zg=J=D4hV~syql`{=8T1R`>az{^(O9bF&hjmE<^ZRe$IvN%IoM$j-!doZH^n|)~SRCr6vI24A_-|EeWj3=L- zCjXg{<(oI02S(xWzx=DRSGwFdlBj6UoD?fFB4iGk;;Icc82M&=d{K@p1R3IF*m2V& znS4-3+%g>bX?Dr)y^xRfb|*OWMuY+&ucT)Ywdua)ZIXh3yaOr8S9mLf5dR;(s1lS^ zeWA-+ZZ;^^>fqEC+STN`PdvejHXIt`A^7Dg#(X=-D?Maq=G8W5M9pj%whe*+6oD8= zOU#o!?kYSz{-AR5uO`i}$KZoKlp2Dh<&)c-220&Pp!(!`qWLHq5LuPQZ=SDw%fZM< zP|G#=mA#q3fE)ieL+(wE6rVG}4SISX1Gjf>?}U<1ftx~2X_9BM1q)c1>;Oi_Qu&JlHZ3(+cp>U9sBb9wdCJzZ+eAn{S$EKFE-PCIwqmw2k7Ph4x z;8_$%Iyi;vbrDeOX@*Fhxy6JL_a^|k+e9k*_C_06wFrw*|IVEO*Y3!slTXT$9G#%! z=9bnFkWvs3)5sxLH6YjACX)OXp7NNbTsF$p3i~37*brm1#}ws~ny_LH{c#5ZIn>BS zlrs|V2{EwmhKJ%{vS_jQldf<}_g2_kI6Zawz&*BLu`}u$YV^N9dvY$=6EbKMor^?a z9|RFdEY?mK!570NNd!!w2cQ>5VDSp{z)2V9sR%D)<_EAe?SH=`&ciOI^6%?=iu7gQ zm=p&Nzz+Wl**1mc*`cWGq{2y^)_GwezeZF6r4|(L{iHEI$Oz3Sh5-GwsLpCDcsK!I zy}WkE!T^i|xZ5+z(JEP=dV|1^{}VJo|9?pXwK6(@9t{MJ}4g#QT~s4XoC zQZ{yt-L8TX!(W7hH-zECga?yJvB5}bMWgNgIwr@?AfN6chH18@*RW}>)}_~3sjw_o zS3)6*v{};Gtf*d>uWVVa$Zh$;_=+s~_pm)_mIx1ePx{jBk>)aUFF4Wtu!#wU^m7jH zdsKeItBsAc2%CC}%1XilC>%>LkM@mqQzbs3;hUEDJU6v>cFBp3NgF;mhT&7rl(x^A zRNZt1Q%o7Iyp^`cnOHFU9)nf%aO%k-*u{pOaa{msa9ki@NX{X#ibQ8{T2PyIbD>Ua zFHf8}a!F-tEY4t!M!eSxIcfLo>4!5L7U7&aR4oD$qG%7>wN~{364TNS>bSIyS2iz( ziDMaq>tmW4_k(JQJ#>4W@NOpe4mR52a&%Y==nz(YJxcy3SWc?0@u5n6-&EHsrv(=K zWb^7Qga61+t)^#CSI$+5j=l4OjDX}`jC}>>IqjPb!!{Y=i43dc-ju!dAw8^(y}fxZ zn?GlD62X?d{GSV8AH%CfhIM4h4$twg*$bZ{$6e8nQz9%H0EfaLwFZv#~EsmlmKI5Yt#@MCiSO0 zMKcH9a-q5~{eO5}wj*}kU6POr1X{jH<9xe^E9sIAfKOr$Qo=CjMvAXx0L zK8lfGL$=qSWb2|qiN)4g)vAR!=!jx8c7`OauJ%s0GSMen*V)Ed`V{W&BCTj{y_mb_ zaY3fl|CW;E!kYV(Q)Q8_s#b`eV7SVh(}2Mcof6LHqhAPII&-PB4BS408#WEFdyf=S zs(pNW)T#mu;A|)yjxwkg@!Wola;Jg!|1hOqXooN)SxJ+1wrzo1VO^^v@z1t0((^pgaXF)*l5&UkF8VRDjAH!sz#>{I*S6m_!h0iG$2MxbJ4bF~c!VK)R54>tJtA zPs|c1u9weZ1%yrc2HAM13N%X*Xg=v(R}ikvGd<+!6$u+)d1)J5+=wzwDh$n+Hb4Ie zb^3~?^+s$nOqjsl{MKeVje^SGW(zGvhc8k|AM>%b^QJ_Fy48e}ZAm|D6mg6gTYgNx zj*!67=pmd(niD`8QPut7+tp~20z+BzvgOx*Z{!HDaVgz_E47I5nJ4TDI%dFb z+n67MH4Hu4pnFEm(OxR~Xc-=~e}D^R@s$hMZIT&nKz^)zi*CbUQ;x@v8Y~pp8hmH! zZq$Fl?%2U|f}n2`=5a7Ddz7ubJtA7dvP7_v;HyAdy4yt;H47~^?NDBT;leH`S@H(h z(87nn`yC7V7Ks#6du@Cxc0@w14GV4jX>o?(0W$j{B1`*j5)=fhP-BHUsGr?JrQO&G zT=Ksv3x7sbP8N6erib_G7r_3g{+8XDIKfGMEdT>fZ4LDre3;u(-KO<yIRQ2)T^$X(X*ZnJ52hCC{}qHdJm48F_RUdp?&YSrH? z9wD8D|BbWX)%}D%D^H(lI&xJ-bnxci&CVdqI(w3QOy|U7?xGSzphteT-eZu9BFUE^ z%S`dIL0Ma}5$mFdJ~RNjQ6sokkFv8fSJXpQ3V?s=Qz!YlN4XDQ1*K4G+XF95c04qw z5#6S%B>M<{?1*aH6G#=Vv|AI>@tclJP32EEZs|s7%6e>F?+#X z`soBs;>77In-A%9C!06;=G5MyB{`{Erl$!ISaXkh|4e2pQ45#2H5K64e+Mq0 zNX$!EJ&6s{X?AsW+Z;kdC2k9MGNbv1d5f&%rE_HQs+|H*OW~!pfA%x;i%K*PtNF(Q zz*KG7X9aj?SAGI< zeqcd`6yGUlHdZs$A5!gT?~RX2Wd~U@oxPN@JKPYU^4{hX1m*5LuVx5b!GQZR@}jTB zu}UZkrWujmHhf`-S<)!gG1{&9)`J{{7OpT-_07#+bZ@8p)8{*A95@s-t{R|uRr62U zQF)vB1UO))qse1sZXS4P{?bCf!u?~n$|QD6AHR_<`pDWfoj1Cu#!iO`!fgWXg=qe(Z1< z>|F;d-W%>4S~(^DW)b>l#ZJAjD)+Px;=j@&4v^w6VLEgJ%(wU>=8v##R%u4E=a+<&slj=L>4+x7 zUr6h#wvY)uOrGY!w+fa6=`k_5MAqF1(==rRh+}YQFb4f9TcjUh!a}Nnbx0`F(~jGW ze8BKg6#nW1Tn`5WV-&NDd`YIIA;Z*pYswT#QBTG+X$Y$mM9E6A?1scxgDYz zyZ&JCXW5b^D>J=M#PlHuZ+)Ki>F45+{McOaINR1Qu|!|004@2ltzPYgHIrkw2Rydm z)#3cisZoD>3W>v5R*Y4KSXf>71pZ&trGUS{zOOBE%AvcnNGsxT>VXEw2uWXCeiSXd zT$_Fw%WgKuVa+3M$kJ}fKRrGQQO?CV21DWY$a!9{5@C9?#6qBb!r$~g3`J99{sQH18S9N->K|nD&`knqOB z=55#RJs3?ze|#A5`RN!TrFG3hz=>J0)Xs1_nUwI#B5Vk*tpQ6#+o}4Y&rAAg&B?s`=*Q! z;;aPQlb5YQK59v_z*}AksSgt5yRL5AicA0sm-J`~cJbF%DYvL@wU54{V05S+SW4*x z&u-0yrKj6#;Lo|lLNI0B(j-e>bd-c3KGz?9LFo*Gni%?G+|D8+KCyT!QvfC6`Y~#$ zJ>Q7Y_0c1KljiP)iBjDGcXwG>LzMT}Rx+zC8~=vrxd4uVT31|hL89Lw9nF>`>2o@- zFXk1vb3t}!iUE!+Wl-1|Tgd$#M^Me6RDyU?O~K9242OQyEQfye)He#>wb>89_aEND zSzm_~5HrO?TWk#kQ)QtAVSpvLfrREN|Fivgx#Os*TnOsd0ROZB&W75dlQ$muP%(e< zhWr6RVHXtSoi;Rflu$c(SL(bN4cJMeoPefIXYs3^jOGIS?x=9osZIx?+9q3EO_;x( zmadp!QFgp7$zfN5eSeh|TZDf!C*@Z3l6zGbgpK28^Wh%c?8)$GF~EKBl2qE0M!|;u zGCK&l0s3*O{8(4npI|f7kwTH;jkm>S6~MpZFS|oYP7p?qDWb5w^kOf~DPR6OSvAXh zR5yPWqs>{L;3S{da@q3yfy+hTg>h4nQr*m_q0=h!iv#CaSz_wEB#F}#?JTp$I4sKJ zse4zsgW7P>gmtMQ5RfR`0&kfqPH4iOT?Iw8W=qMmqIk=r63iBV#IWY-jR z{X>u&t}8yi zaZ+`WlVBflB;k-HO#fJQ#NK@0Kns{!syNK#+5*!`Kntpg`;QYtsC|Y!8c)l=4s1oq z3q~dpQ>}hVCIE&;O_BY1fb(;qCObMMKh!L#^=L^IDVu(NkSb*Osw@(vm@fLHb#t+V$fiFSx7;}ojcbn8ti zgpW!cHA}rO49BMMfYD-oI2FNQGWP9GyJrsQjyB}qav(HU&&oRq)sKcBv>Z>XJ{)mR zzNl7O+E6qub53@9FsWg(bwn<%b0^y2(*ap7?ZL^Lg!rV=GZIYmd0vETlp2K@W0yWZ~elWQbRq{*DW2Hj!?@jPslviTy`N0xcrd+wIwQuUjP~p~_ius(Ym&A1*`nXR zO8J!7GU=bx;Qr(AhJSl^79OL~OBzE>3vC|>Aukog;nx>rz2t|uWqnSYyzNhmf5}fv zmNkr}HsV1}l?QSgFP#q)RMhVu!w$-0Jw9eP6#!`(98W5CNxr#rq886e*<$J5RCW0x zKM|^}D;)Xdy$HxHnnOI|D(kbR*MEDG1(?YXFl3q~=tpUa9e*|TWN}E1tRei?BQ|NA zmzB@+RG1#Nf6pX>kF#H2ls_3anl|sc3t%TpNPQi;e=R)T zfeEl)gN?eYLhScBiv=Sn9b&8pjW%H_9}!pGKor|sRzf*mLNtFtZ$cTx1~F|6 zxu=% z7m%_+`1vKKEl~cX*DSk(4_QWF1YcV@ixGo#7)bM+3jRa?A-y3xwRKoYJALPol;cLp zec5T(sY>w2wBdtH3y2*4VRG<;NqLwnN<;)cMPl|wt`;p-KRBMpfNL}{7Zj!QIt(De z^JJjo;IDv>OZDEEA0r=?r$o;{!s~d`PY)Fd_%PHla&8g!;+Bh;@COlI_HUaOiIK;+Xp3LJsqgVYMLd{E8B$(xn z{3A5!$^|EXc7yMY6?rT%mjmVP?H6FnVDBc+*eqji-)Mv%U*(u%76M|>!a{`Fgh$ns zbT8J1@&+y1WgpqgXmD2S&b9O=4>s&gwJyq>OheG=icMgFG&I!La#gUGT50z{6?c8! zslag+uaNe3?8M&zC1Nj<857t^g?+q$kS7b_fnCu$p#p0QvI?E*B+6cx2MZu2GiPsy z-f!ot5}&bnBPDM`RU^fB2!aHEwV?iG2o|XU*$L?i@u+z)k$DoT>M!;W!fFr=hdOtG zDnvk|>8WANa1ty1%nt=8NTWh*y!)|lQtOX1P+WWs?W;7<+BQY9}z}KHl z_S}x#IV=;zcU-JiOPNLq!~2Y7i~}YoPV~dR3UoD6;B=+hzkeCnL6BL<(3Fy+pPJRv zqvC&DqZXN3NQz8V=BwhvL@|_Mhe2=TL?>4@Or;bYf|6G{ItkBc?CqPBVxKLrO~ZDw zWU|sea2VQ8XU$K-R5@~VvQh`JE(k=jP(_7}`D!Sa%fya~Ah&#P^(LK34mR%fbb%r` z*kk`}`2hlA1O@`a^*^|=w~qo)(Urv&M*E&NZ>&7iIH>4elPwS!d}k$F^B6EIe62-;7a@EHdoPrkkrQFofc8sgJ$cT)$r|{4|2m-j?Poh#7>-Hq zsl~c2YijW3c~B^FyI~y7t6xt6i@O>|nly0vxUiIocON%d5eKt(H>Ct;HGOx^9N9JP4>=Q))frf-aSMhG!6hi30^MgG?XM10i$~ScdudSDUb;MI9l< zdv{{4*y1dbZ?2)8!H%H*jZN?`15~6ipnDb?bo>|ToQ7wT=cIc;Ap>5UZ>`t{sgf%k zT4vfy;JZLAJ3sn&LV0IogDj(y<)dut@|`l?B(Rcc|)8ea@V*mgb#VKhA?) zN8}s=tR`T^m$m5b%4DA&O~L1fe7Ox}C;;MqJGp*Rg|$58S?kkv znqS7(MfF1QDvFheK=?%+pXx`gM3vkix~6Ygqy+Xg?O?*|VNSPJBe#L%ebZC=an0@F z^)e;+?_pRFF!DV{TZxG6s<>I!MH{b+oev1kZDz5$_)rp|{i49>k)FHRG(H>wva zG$g;)Lq1RvSq&Y#hx*f3P`9Frk32r#bc-BH~ z1F-H^WtnXW>esnYBhk1`EJukCDCjR|KQVhZ3(IE-NgjOULsauyaD5!qqd1sdFgujA zu1xB!EsJ}&-r6ZcZKF6wtgRc+!s29FL6;GARis5@>w{uX&sR~ltcQSZ)pe)P0FJ23HP@_JE%1e^^UlLX>8vs_fdY!< zrd7#y3u`iFPoMH1f6r1#m)2Zdbpu2QJD)VO*L7JV{Cq^nF$1CQV|v_33o$=LtXiX^ z`{hln7nrLOaG(4SC1j0UlGsd6Gy*XP{B{7S6Amho&ZnXxM7w%T_ss>{OC`4?6GB6X zXkwP`S<=p^^8gS3GfWa9?xVhcB5V4rrinwnwN(-a!9ZocvfTl$+PzR5ikk-D$Zaq% z)JaN+OdAY_p9ASd?^f6NL_-kD;}QGU3ZGgQhH6K ziZa$Y=_>iF88k_IQhq(1Oh2;8^z^>Qt4wv=$Xxk%a9OL2d4VP+J57Uz)c9@2CAHt+ zrUS@ZW?2@|=?=#5J#>;Sk#7(L2RA^WXrocHpF8`7NQ-CkKfb``Sh0W zi$R~d8u0PE8hV{tWn$`g!2!1odWIEQ)uLf^yJ)=$(|3_o*jpYyj`RKo>9QNeog-dq zQT{VQEy6n@@Fp1vZSxYe2ytdo4!O&y^a?NuW}OZFaWy1KWtD>>5WzfcY`DpJ!^AGm zNdkc~#%o!j!!4ry*Imt@O=tF6o9D{vEkz7PTf`V7v1jTFMf%W(Hy%)x*B&86!K^Co zK*5|E6OkZa3@BO}ol6#MXCacR|VrG=Dsagn?7&E^3ZGC0F5+eygOt zzC-~QX>E-Rt-%(B!*+iT^V{Z=GR5GZiT0gr5+Fw<0m;V)2T~7%dYg&FhR>5ob6#!^ zPTWEg-D(f6aHc8C^S9Zt>$}5eM>CILJrdS_Zsj`#2I-=);4Ur`(`!F>qVo3jZ zJE#IzjeOJ`0B@|)Hx|)^i~v|)Fv4|$Ggv;gz7N-j{RgZEW~nbWuT|mPf`|N^>KvRP z0={r`W3ai9(oLCpkM>~M#))F^@m^%Ld{}(H&KDQ`JZ$JqQx+ag;XU$T)Y?KTUTpb} zN`!XYx%^J78e>zPhT~Khx_N_$ry~NRF z6mbU0j+fqDj8pa!-SMPridwXd*{>gso#O=HFctjeh;`qo0fLagtv$C(|2-k*6O6FfzK=KmUj93>bEi3dqSd&uqbrGv95j`EQ= zmh~k-%wS>BJLG_qu&(vIL!=tS?P=-UqE#h&B$AWTE%q2nCy-?q!$(5uUCZB96a~{+RRunBk$Whg6k8jk>@$ORZ zy0%`e+H=eKQg!!A=5IhHgsEX#Uz$kA?(5Ir%~(a#EDy>5AWV%`{rS>C(ut*T;|i&N zef?7-8W|$B<%qfX_(5?~o6!HIf%j@jBHNg>$r&YOx*TqpQvlV_Mw(S979c_b51P$&=JfTSCWdx9;|I!J-x zRRNzSDD>qfK*s=vxfkGkYlnrohkkKYXz%=r_5h2mZ?io|Dt8g&ASxQ+GWIDxy+`g zVc6nu=A*8=Tz9`&94tI}Zu1r;a#4K|zg-;jci&xO8bH*6e6$;aKr{&L+xg>Y#0B9+pf;TP^3x=b!OQvG$fv0LOJ&K^dLmMK8_^( zyDMGd#}tfs`;M0Dlcu2z_OHh`sIu%jw0;)xn{SR*;co9I9b?cSrf2M6kXuq5M-gA@m3V9FR|%)w{x24 zNqKv8`rj2;Gh3Uhe5EGPT%e=Pe&D|)=n(`v85{5X6-IRQ#Afz%*cnZ++mK8U?M6w# zKUIh#gM5SRpg{)kC&6%$TcmSuHNf*T8kHA%^>MIVhVOBg_vQ_{{uzz?gvC=Bus!B? zTr8TrNMmL&5{I(6Cjb zdq;h`3qnBymz~?xycn)ef4p6}W?~BOT^sy}uKn6+KR^tPqF4D$Ccbi-l;g~gR7VNt zucX zlUplGd7M7qVzZLR6{xy86oya1z8O}pf-2v_WCy^3(N zlfd;w_+GzE!>eEs1!NkPlEqEZ=+l_7r8kN0b!!^91^&1R8h9>)XTHVu{Rsv@_mHX#Ik)mn{9U)dzq zcAc*k;^$w})JHc@ba}6#PQw^gN9PIYl=4fg6Y{*zY`z>DMaB z#4&iA+lmTEI2xd!r@lJfMqz%}%Y>=l@NRIpch)anslx4LlC9Tvq(9LU09Ac(ck+kz z8ax4cam~@v-I~@Y+Ira}LmpF+RB%o`pWSm(&&Pw(q?$j zQ#nevq(?8zsOQ~-2f-4I$_-5Adz1*nR_FjhGmb}M($pfVlbGOK=Eq|*Fvu57xfgQO zGoKD}&$t5AA3W>y#QuETwO_p|j!||W?4Vx|y=u3-`X2<6<;ukq8J0kF z3c}nFUsA2j80p$lPIo@vSn+q^A;Mcqbik1u)`&7TK>1eVU4D2+?H%+hsjhY=DhwbN zo5gYwJ__wS9_}GfS{lVHswf#%RZGq36qH~TqLF`~y1cC5{jPGnkT~JP#buOUn)O^c zxN$A4sj5|lvi#EX+iWY)%iJ|-1Sh`9v%a{aCjZz)rSZc%q_vYL{BpyhuXx%X`3c<97rby42{Rf^la}DLoYid^tiXn(Cv*Yk6{#2BhN!=l21h-yN z7BrMhX#Q^LM4phWyn_gO1XaR9v9aiJZjop!huljqU@Nx1dAiak&++0a(F?Fhc^Kd5 z@4(oJjerrY&-f&sECh%&TmI4ClBwswb2f3H;GL5;+ndbc0=?EZ;W-zF3U%sWrDQwKu{Z~cX*@&afU*eDKN*lYw|xY zoiox61&gk5hW?E-+l)m85(5y$Xj)!{6PYpohi4r+AoG`e61OIXyjCcC=)IDTPMx7p zdsI`16^S&8D`WO3e(5YD9<56SRsO+{N2K`eRK#DQ#H3ME=npKk$DA2mOtZcO7e;SX z2bYyIf#R@Et)cV!aY8egjMqr zkApYV2FxVVxn-GKhjMz^K*%K5VE|$T-qB5TgU(okG2s)LFT?`L6@NBBoXwuZW_k8& zXi8J$D;@U)(F|;Zs$?VF33135@@hmu&KQ$m$iAaD73t|O-_;N-+E=iHk^hsdBUEUJ zZ0YGR6OsCblynuBXayixHnreP5KKkBFHxC%p;tYl&}F=qFZ#PDVyd*XCq5qX9xbe1 z;r>l!!H{ncVdv5i?_>dSxp1o@H9*3W9o$Cv4m~G#hZ-X`?DPn;$H3>$nV?@K4>ezD znKE|8ImaMWN;>FURW=5?2S)<7dsBjK+k-%kvCS4qAA0QYTnEs!&mL+SpFAT+e^ru% zNn){St_;l7awSNI0i3k4Z9@Z2r z9;j9qE71{28zrbII+ISxALuTVlDO!cnse21F-0|j6-s%Es?HGay^KmZhdpEzbeKF8 zGD5Z@w9Za0hXArvH`TO8M)(Mz+6m&Aehzf+Tx}!XeT+}+=S=kN9qx1OzS4+7fO9`p z$2@Fxg4o?cj7RZfMoK9NDa6IHYRa`whUsMM4C%t7+NnrElfwQomBZrZlX6E_*&qo8 zk3a}R$rk9*1$}B;!-*Iw{(){=49~5I0gONqr3zyhmjY1g6@dn;UJ^CG60hYDZAT4O z{%Wc~Nh{TxJhsF{YZk+n3u*M!$Rl=uXNM0sUABR0QK;pMUDwP)@zSOtcVsmRU_z5q zcJ~PLaRkzFMIL&jC7dD`2p-*<$SS9%6fn@&Fmz>*fIXRzZp&Hxj5md;Fc8-qPB)}? z%%=BZ73Q;=Y|RiO?c_Y+XxRO+@)_NtzneP3Phd}THh*wNvP&QMwfhC~pV?50W|6Rj z-zib}iG{HIa0fIrQ?z4~^38`JKjLs2G2mv9q0?uFs};Tl*2Bare0hMGPM)f87pZ!1 z%PcGjQ5Z&2BpQsc^vzB~m23V*!X-&h;LI+pVSz9?^C#=AvJZqwR-;ayrXeix?F_fG z`H_$FTKd}k{mjbmAM~%mRFkSIL-m^H5A}KHhi*yWx@e3V?A zv7e#Ugu#(28wb}%t*0?nAE--LQM7b@W^zD<7r~l`XGsvBF%FQzI)nG^OOU5+HL?Ou zGY`)m%*IfoXa_$wuy)e)#-oC3%}`>{{aUyeP0nI)pP{WAgRHeZ65pe_Ihnw25#UzC z(5@NeJ>B5tArWdQsG1tZeJcIy(O>7rp!S!*X1oS%W}`?`#aNnEtfGB{h#o7mq#(wo zz(=BQidKOwH;ydi303(`iXDI?AG2!2ke(xh(s>VrW)bfZ1uHvcmXs zi{8R%)#o z5vDqT*HHs9>ZuFJA7KLc(UUR0vUKB+c@x1Jb^ z$n#qx|ESO@R2e?!)cI|=X||zY_}fCr+hR=7g+gVvZiVvzpSH&SVyutB3vW@3iwaXB z_u==S64el1aFXCP69=qmIdMs<1Poll)dj&V!cggO=$l7eXYQSlIGF!Z=7kK5Ahthl z+ZaCSGh3G&vjycJ)(&?Lddd`lb_W+5RpeAT3H1mmW)i#mafwL0{hK=Kl`pM?|2*;Y ze=WmeY_Y<`XkvLlQyGzf23P>CgMS3cu-FYT8M=I&gojZ>lLdG8Rr+QA3-UWdPn;O} z+#urLP?l-^8K?OKP?L;{>B;F&b8~n5xBHb=!XM_28~!oMpjJ_?iEK56mPFywpug%| zkU0jF#uC{pDLj{&t0T@e729oBmx_G>x!}M>d`YfPJz#vj$MY?V zsMA;_3STK4?Z%_Lj=+8dGd@+;bn*)x7k?DrcnEWDSpE1qlIiETVf`<=+uMS8 z7hMxgfqwiE6N^BBS+|lUAw5o?Bzm~vidK5sCsE1AA)(Bfqza};xCZOC9C1!Kd`_$* zlT(|$=9}$s1PxA))r1J<(tUG`R;C#y&ngJhG_GmD8tWuMFZ;=Tw4fSrt_7F>q6fy& z4~~$B{S{!DW=Z&I(_!a$dVjcd7KCqb$Ku|4DXQWY^koV zy=MZ5OeVoyjf4`lVPK!}LhbSGPhJhC8D1?uG@{Gk0=H|t{e)0tRF z`dE5is>ffJ*o(PpO=)pYqiE8%B42$KV}3Hc$hv7%A~8!N!~ntbc}#LhF@1=?ZVME< zMw~^inTr|@e59m^77Kv|2ii@)I1@y!gEE_KSm2IF^nR`A^_kT%{wNUSVBrDM(imj; z_kYqx(a6Z(pI|?JWWxUV!Ix-+j-QA~0GW8RhYJ`|KUdk1K>J+As3MIVY)cDnDMDcX z>C?BFV3`)s%ZgKv4XpRsswkpO=}=o* z&|Z?NUAAFg+8oC%@sn)E=}0DhNHD^ALI>g|Zr`jR$9Pu4r)I7j#;Kp{@C;BJY5raw z?{L+i*BC>YUSV(U$kzsHwnio7O(1E_5ds$JKRS%qFN_;E@5b^rS>(60t1F^`3U%U& z3H3EGCq=?`gzMs2(~V4Ui&F*F+HSk?c8l^cGguH??YNN~c6ZI(>3}l7+LFo&Eon@< z2`1Whg^482M}(chzFKW`V!cqoS2tHkMUr+@_n?#z&yqU3$RQPrZEtedoj`w8qIVA^>mD;Lfiqma{e7hC^Wp?G`32nQ)jc@9ntudW_er>wR=7)S=%C722v}tmYA%_(KD_drzX1B(8}{oK zamaAP-bQs}!d?)FWpARKYTF{GR*b9N);M0-(831V&3^fJ>=_a zPO1TdFX(H+{x5R-J1%|X;wu^vd2HAaG0)O;LILH=z8i*W`}uXnLKMY!5CgvW&44dT z?YA2Oe#HoWj#z;ff1*zRXTTVToOkdD)juF>p|var5Ye&c@R1R0R-*Cr(9af*Xde<=Yw(qV`dFg)f!)RK3L(;l=W4 zk93gkipPo9C*JWq!;_iihgEQ46=RQ7P8q<`5lPUKh|w!PavaL<1^h+XD6BOBNfgtW zEU`QiMam2#l@^ec&Os|Fca`UbeEbN)3mrtpf(a1Ivcqo`(hQflIvII-JjaY#%R=S4 z5_tk~woX#y4d6b)2OqNiiJ8UdGI#3;O*q>oVvV5O>XSmpj59($CvOp-SK=wr1_Msi zajF)k&mFlD969?^PIfS$!RALl_P;f|CYnlZ`EMcm`g_xm_@50!d!HOo{NGWw?r-%< zttu0t5hP)1mckew%q78P@^TrAu|>hp`S@pl-BKs*!vRBIe`J_ z#BKIOkEb`epEtb~ECc~xH^_e|IAH6PsSPLTxHs7+_;F<^x@`;1zXNP(hT994HjS7kZKL31XcM`oMFFdoTTLWWm+(OikvM3toXwgxQa7mKn1(W>BNLz&nngnohjtFFnT1YzE@LY_N77w?qg$r+DByuF?PzSf*C!ioA9#Ur31 z3%5w*O0G=-l$KBLLb40FOul`Y%#5b*aPpd1;xqQE?;(!p0B0@DVM+mRA17{<5#3Av zD)+8>r33cg2@l|@p4VhQdrksi=J zdBg*H`tk{xZRpG8w5IHFSRG4QYVM}@u<>*UT#wRiA}OWeg#YR1!k*suzEDtOlfmIdIq@d^7elHr?RMhGx`0zHaz&>*^Ja zd-{+(C}Z>o*nct=#0d*D*td_M5BbLr{{I2q^gbS7OY_YgZ3+Kt(=>6-76K{&3>8g6 zUaG+p-x@SY%?)**J`bPjplC>4M4T?&hT5NN5 zD4_88;X(0aw`}Kn^1?nrZ*`FH<8b=f@A}!bcc$}gX$A0s>#raeIt$humGVIxjGTys zNc;m3%^Z81@YgI1GdmSj4xl8$5@rM~0oB?MCp-)#8VhNZJOCUJD@Vd%8sA`s4i(W1 zp$zh%3C7^V?`QQ$QOtog;`AF27KGh9j`HlmL;Q=`)kU-`F7QcC_*H?|JA99#Z@ipJ z-bJ#j_Hzx-(PiPpoo-7?$|IYJ*TTqh!v+hGv6QH4r_%_&PFj*|si05 z%~yqU8)k3WsXDP-)v@;eJ@@g#0kdyMs2mYpJglc<5r~Y}l(Cg`W&2iNS}jBb zNx{}(Hh3a)%SpICIlx-WOnE)-8vMlXsY=!*P@9aj|I;zF2HCgcjym6fe zmYP;op)0UGliT;eQjm-;40Cz*cI*MvBO=XNWgJ&=)FAlLk<0CD`P>_-yxxg>!zGYg z6UfI>DkhA{ZPaqfhCHGf%?phDo`difUYUu8+;dNjBK?^t+X*)YJuUL5!E4_=;5*#vU&2<3Q{7vh zrg^2`oK%j#8qo(_&?NcGs4Mb|P`jhojXCDruLSdkMjLka@Hu{q3?t*AuWs5=t>1(> zQw@|vmA9}Mrx$wZM$*Qnr=S2jfoB}hBc@%E`z&rGB>P|mED9tvyY3*Zm@b~V_8UoR z`bV?LA1%tsm@^z-IYkmv*T!X0zqsgk`LVC}qoM@=mPH}niP?4tfGR>B@j8%+9xzf%tYz_>8f)f_X? z&ji`%sRkigYRS36R_SQ!6sBZXH|R??s*W^S%3#)52LSu+X0M4Cv#jWgH4!TpD>)C- zdAv#QVIv@vbBt7ye;e1|6q%D{5o>5LPKCDDqKH)9zVKZ&;bh<@vng~WN;}iBDqFtG zbaaQDKX+IiZv8U62FU`%^TuGF{c&Q)Sg`H1{}@I%8|H^yPR2g<t0vYcy}jTZ6q>r!iNHR zAR0%s<~^+C2!OjXV@#n|)}L;%Mr3k2LjF~dHlz)`0})%#df58QpP0tyvZEcDaaO!AAh|t=e zF=QB>tz~A2VZY)Atr|Xkt57Xw$pwUJUuL_7n@jnfg8)=5`Kh)W3JyQSZB~%FK#_OW zeS=XSswsW@s8!|jfb27Q+J+#q48}`Do&SK&&e59VF-U~SOWag@CK~k@(0Ay+-K|1I zq`XF7)_G1R#Dont*5qtuuoWX30t0)9`eqc|d}e@fff*Ee}WI#_q! zS5SWmipG!4Z^f0^gf$3@t$Q40ej#Cv^E4;gBRE3S4w{XRC{kDC?keAM4-aBKsD43G z45o5Xe1^#G?YxNiga9IFYkK<+5?iTZ-IcQ<9RcBd?!CF?8a{+>yK3)PAAT5BC6gTy z_$Y1$;_1PVpRwzeae9ACU?{ftLnjLAr10V#oMmm~^GZx{_TIbVx(_qzrV1y>vZHd9 z{=s14Jitl~2lZ&NJiUUG?Gv~9V|ii4wjF+!RT>el>!v2D#77sR6K_iFY=FK)j&u2m zq0xg@m3_BbO#qO0!YM9&*x(-U|71?G!JdNR@0RTW;{Sif<37LzWGCAxE-0ame7WOp zEu&-8gvH8Mf(teuRY!>~D zlNeqr7SQ13PL@Fr@T-Qd3OWP_fS@ z9yb#`bU&aN$RkA{TJ9w35PCcJ8%L&%Sw&3dVcLP*a=OMpGW2gE<&h%@=UK{`svcq< zxhbg)e}1BV(?R~Hq>{=qaNwwm^`KTt&N(%bvYs$U%E4NJ4FQZ(Pu+lU$zoxOWd=p3 z!)gnYg}5>V@WqG&|9z%}8NHHyn5FT1f?`v6wFViTVGTgzWY=wefX{ze{a!19`8A&7 zq2tnvUR^@X2b5#9Fg>|UE_%k{m$t?svkEJNo*QGbQk06E1<=eqA&p`Bk#vY!2Tuwg zDc^1O|L{i4md?s=ocn`kAsxs_O;@JQVOV&PwH7$O7-W^9(L1gq2e zrWyF?;%*$a^S`?iYW9H!b4l0f#Tfz6gO*(6Sj>;$v_@cOZ)*MM^OR^r*)Nd)iD*?Y zS%HdgL=S!=`v2<%ci72^iX8Xa$dWj8$H|MR<+o(lg{Zq7sL{pI^NGO4X@295B$9E^ z0|vXfP)5sVnP}WsRK23gM@@7?VxYkjY0%_osmj7k)PcCDolRoF1OuHG!NhidPENC2`Go0Ebg05Sz+8c?9_X$(Aj`EJh^4(1) zxs|D@sabjg{^9N<)XqnPt7}IaK;w3?n^TP~6GKA&OtA#vJQBpA4`_K(md9N%ay~K6 zj{)oknP8}ejCo48K9?tSVqYiBUByqWS*?ghI#rH9vI(OwAFGHtZ0#A)%j`uc_=tHf!&69FT zRw`JLop^Gf6r{z_BLDlEV-^qNs%9l~D%6Wy{a?~r8u{PJ&To)be1nwpdouIe$%4_s z$;i|;(GDH?|Hy1R>=21(T$12l!(|51jU3$3An*s~qG_eyPWZzA>lb1BN<3Ig@FHck)xXql5L_$;`G(zw9oz2#2z@bA;XV!>d?ODVS_l;^b85fcE^qB_4bU47nqV2LVPfN* zw3Y8_rK%agOViEQ!mPCCH2C*R z$#Ixmz*M&@L5Ik1>?MzhXsjr;^g3wKGuR#X{)myn(fnUF+)y^^^apA)^|mw3G{W7} z9~Dx!8KLp0M+(Egex7Ea3OW}8M+9qccn;gs7+q)pO#u3%r%;V9;#14EnYf6cqk14D z9OI0tySty+8t&mj6_Oe85tfrhxXHK=UlymFa0XC-EliDkZBXh zL@ENOD>N*G5hTLL#^evj%$N*EXBcmE0N5<$tBc9eAi@!Zm9U0+uJMYs2^AQs1yGm(iaN$R4QMMEi>`K(9 z7Uys6#h4Uk808f;^4(Mzty0nHOW3LHg7P9|)*-B*wIL@($tF*I%gh}KZ54qCV@&9V z4_;}3`YA#g6! z){JY|^pLZ?#t$cX*Nc4&LzHBt1OY>AV*{3ZEgrhXy%1)1)e?jh6j$Pr{^FGmav6|J zZn2d%B-oU33GzizW$zNS9?5qVAZu9+1R`s^_%S;yo3AH0d+dq2K2!2SU32iCg1Fu$!q4 z?YZQj-JYwz5kL6{C$Z#8-@6w^R0q|ne*a#w_Au0Ak`6z@0qsq;>AQB3egir&qi0Y) zna5rbmN9)`6S^ms7UPg<4ykoDjaK0@99fY}_Qvq%@QEZG3D3h%itFi45+Jmu%8wSU zp*ZNscbPoQ>m902O6P6?qXr*|+;&`7+>n&jt8X~^0h^KEYtN~N{4LF&1B@47>_*^7X5N4i#Q0 zemM+7NU>!cNg^F-W?J_TfF!~QQnhsY0nGdXF8&XD!(h6^yTMRF(R{u-HNMb-o`8~` zkP6$$51i_j{KJ z76=WE&mNXp*YATQ<75nDo?7gm4$pC~ny_frE)tQ8dm?EIcrLi<#pMuTz&tFlUl3z_;g-!xqEugsstc3GMNJR|nKJUa$VF`h)9B=G!i`bM z#G-0&)IB@@ntRKT1=*>Hm(2B1)iYEnBa9I=l@uM{H>yhrWf`}d^;VjzC(fjlkXkW@ zcM4Tx8JAYXF5H6+;WfUzlgd#udMZ+a`(u$?@a?jBm(559y92XkUh4kjN%_n!<-@PGR-9Hunkx4xO#=3A;1 z{2yj!lF)!o#x;QDwBI~oY>bmA2Z1-$&RoPm`SHV+`oHc){l82P@!$8NvbC%Xb%)|V zWirw^y}Vk?)*AQ?ZFfP>Q%?_H_K$hCY4LSPh_yQTgtbADxo|0>;8{PzMcu#&$I zi|_fOGGK&HdVB1H*Ei>LF~Yorw-St|5&1$cIf6B|G+1cTh#KosS+boL0#5L(JYA*n-KGm@TyOxWhj3N&#tLPx7 zDkEG*G4eXehmSFF^=}zPqU)kmJw@qR8tpH(^olVy{Cl&G7;SEO<>}cXu@Pf0VHwxO z@?@OvA*Akz6Zwr@`avp;mpILmOtL}65(BH6a|c7?0UUcq^;niqRSHgTR{5ANdsb;n z)#HRu@iPFVmrk`8)2cyJk`;Uc1@BPm%mZw^${f3POr@9ZmmB>`y_$O2oR%NAj^{C+ z-kDi3!|^yxFPjo-PAJ=1gZA>vAzyQwdLl)DGGTaHz1glIpZzfSzPdZP$eh$K5{!r@ z#>lG^nBl;1OSweXz_E!y$3_7ZPSRT?5|{9Fc`^W1UHihnX-qjT!3KVmE$n*C6)+P= z*5xE93OV^@=MiVcx)x!kb+cCxVP#P&g5%{UYrU#1?E-pNJ7`w(nPGM-jHqVwX_%qC z@RBRLMH@+`d6}QGQ!SR0lNl?fCgVR{d4rf)O?Ko1-=o5(Hkr0`0+}mUswxe(+M4TY zjE26Qx31^Q)tVbrP*rDe`Y2Ub3c>wL%#B-{YTXoRdFt{10+p3@){6P1u?y$Ra0B&< z#%y4kB?H5+u;_K;+dKYzVk1bbSK9r&*AO?kT)M0`v{|jPhYqd4-%t-BDXG4A7f<5m z!9tL9=LmL7ua4;i8-Hb9_8IncG@E2Y$7cqduiPo|wb9$ohxdTzOHtKJ#p$SwJ3r7x zwq(cvt`=9jO){}{N}<3*DhufQZe9)Piu`yJbHpUW5=wnSI$9dbt6F8F!7Ng2acqBE zwSYxdv&$opAGE@~7jZKfhe^}AHK&cuu92kaBuJ>u+^a+&{^lJ}S-q_?e2SA$z(oTb zC+)G4R!7+p$nggeWkj(ZDq%j7lg-)|ER5m0K25{ZK$~pI8KJqD(Ox@|*h8FQ6ehZ= ziDsr+t+q}2pPb4-gk+BBiRgmgK*89oO{3LmvbQVMS+8CU@C=TDQj3H+fKcgUVoRl2 zkq3dbht%3bYfrt~;M&7=hGTCfWRC$1vIP`cN(%yEFcDCYXTY*3ScQSCEEX7WkSc5! zbEcIMaN0>+f&{k5o)GhjMKzU?KkX=ycl*Q4g^pJ(tCph3oriPO#$AUdInJRHSi!Bv zt6_$cd)haq2nq(t`y4nqA2Z^`NSvutVami7rS%h+}68j`Q99Fo*S_d$+%IOgsaOeNCe4 zDhi0@04p;OMjr_rFpot4Vb6RCqM~2W!*l5Zrqf-WD1x@F6?wauZhGCv8lG9MGSFJx zSuKx09W0DX->kmqW_K1i(*+2C1Y@B3m7{fGAFqv9qHMrh{42d2Qb&8z!)HA!ofUjR z7AO&*qCdyoX^!A9t(Ij07wW8}6_3WO7=FV@l|Y-KMC-hjxLG(AUIVBoA0`4{|93w(3sB ztwh_nmbUS-uh~m!x?!Qjml5kZF(Z?|-N1!I4=|NB%*O@0z|w?nGI!so;_8X4R#$Dh z?Do?i0xy!W?Pq43Eg_lpsR`YTvOdx$k?3V!1_CF{z2G%YVRXb;)7 zg{VcbYP1(uL^c z>Gt?@u~_1_d&WbCqXRTU!|f*76yE3`0_tE^NfG*=U2 z7<@D+LO(>0&sUED)Xcgqe`@HcX07O9F}xgDIdBwx0?>+6q}b~F{5z_dIO|XH9x7QZ zb2?9HP!Y|EqdZ+CHVG$xP9P2k`UuS6stktf&kuyVKfAXWF0TNx;UI$*ZzOVA`RMQ; zObP7;ECe^f(G8A0S@7y+d>&GB)3(VUVIckcyb3gr1xN}NOqnm#6V2nakT_Wy9li&< zKP;J@0ls~0-5mUdGL8{7^L;~2Gc<)`-1$WhVy>Eh!PN39&PO^0Gus<{vCPJ25gYRf zGfQdvev?{8=VH*hXyVzD<8o(aiOye>;(WvM zjX9sK?)&TwD!&>px7R>*APT3hS#BOwAr^on!|OeztwNw-ORg>lTgjl+Ccm!SVH}g= zdv+X-Kr46Z|87~tj3Z587$Ba`W)d>b*s3QyVP#)`jIr9@m5$AKS#RmS0*qTPW#T_y zN(Di;UR-9P3QDDgh{ani_ zKXow^Lr=kW+!{wj4&p&0;e`+3Y9lxS9b3PB?dmMwH~qRl;QL4N@$sKDf&)UGU!f6y zj-DFeP;`)A3DJ3O^l#n991O)D@@@MMz{wx4@m<@TW?(ng{2f7Eu5MtmmsHVS%DENh z1J_|bSLP+M#Fp)*=r6^#VrKO*ZRA{)yVoP*Bs+|jNi6wX6CSl>-_K85%kbg{l!IL# z1uplWH0AUf#4j-9-aFFp)MNN#QkGYw7UDfh0RK|hyxV==w%bPkR`cxxdu-UhMlRaL z&A4>`XM^m-z2~&{(_{Q~*G}Na4(q6A|6W&6^)x{mDB{tcLJV9cf%~rglg4ekFCukP zRmcUpoxavTVax8DYenc=Ejd~`z|VbK5=noY%VC0=or(I;kLQ0QoP6kovzwfj#sWhg zukkCJh~4cMRtFEn1`a=le@0oJjEo*Nz;OF3M<4o9{e|sEy?HQdGHmUtkq8Ow?N8JG zZT4p)vcB`M-oLf340GSDFpqFQ6a74R*w=}$6ttVmic^8a?2qhTqBnE>G63`DaSshe zS0PXuLs;#PPF)>lqKyxS88USQdNsx@$opaY=pKKvoJFEl#E?sc`1vhQ5gP8ztBOlv z?%*On70Dx;%C)ecV97m|f_DHNS;ZrDBWRDnWib1VU-nye=PA5?#sZ>|}gXn0U=2OKD zedR2j#8t8=2Ssbi!!GB7_j6Bxu7n|>rlzq6aUpbG7Ws5Je#&;!-PYWUQK5GAw|H1Y zDW!7X6Q7(Rikvv=Ssencqrk=^lrd<_KFC8JwuUk3f+4Dj9V@{w27oUb_I718!eF1I zOLqLZ4nDUKd}NM>)NtIRX^h%3)!0Rfn&(i?HkBgS4Ao7FvS2=hp&bNsLOyIvfACQG z(+`68ko#eDqD^&skn=!Pmm2Vg{SLb(QE=aj8;I-dl$JvC^c}r)b~u3OAh^-Vg#B$k z#p91sUe1!3g7Z%90Ia&;xMv1J-Xgh#n=t!{#qe1-Pia3o@936P_JtUF?rmHc+Sg;$05MraPh@kn#oQGI5rUzr9eiPYs!jxwMw~4bSaoY5515 zP_4w3?pnjY#Tv!{nTHxJq67m`Vqyw%s)2fvWphS!Jd>910F=@rJYeiV6J2Y-8FWnU z;4cKcsof|MnCi)UIH!pxi~QMY)z20-w0S(%VA>iI)3`8RsyzivWDRDHoOw+G7}kzL|Bkm=*%+gi;%5vB?`@j(KU(|tgj?x?pNwFje^y!v?v z;;32|rZNd)z%Oye=}q_dpoRd=oc>=RAG?%C@_Xe|rUnCTT(QSp0mnV@79|ha@>7)g zv)ohnFDtTe4^;fWG&`^%>FFL>QD1N9=oNDE`4?ueU4g%Lxu=yLtWFkhvVg~HFk83a zCHTsXZ-^!&=?J^v8|3XX4!r$!?-hj3nG=YH1dgpK01v+2^qcm-KQK7dOZ?jrBTpjz z=t{0r7QJZb-4{{b@j}1XRg9!hOBxTkIrWexl1!Oq3R**!h&mDqn~sb=(M)`Uel(u# z3i_+6H^HAI{~h?OR|kxc%YlP{!-Bqvk!Oha5DUUV?#&RI|EH^Sk80w|<2cTmf=D1O zkB~5mJVGJiC6DrmfYhV1pde6L6$Qg9P_(>6l2V9S6!d^#xu7iw^w3z0t41DCDPUxy zL>?ljtI(AMLP9WrBv>n`lpSWFJ<~a7&b@Qz^ZR9zxw(Jb@9%f-Q(B{ojjX&w_rO?i zC<|h*=`d1pCaCYeFVV{uUyb;THuDXY>^Nh`|Mth4D8=5pQF#QsXG~X7TngOxxH4}4 zwf2D`PqQ}RLbvHD6}wjQ%fvz9fNiq+zAxEBV4d=4!Q;~DYn*10|jAyJxdSf+kg7dXK@$$2RRq)e|YMSjP+@t$I=TTuEuS63BP6YgjoA zl|wcTxjr+Lo(##((~lpy>E=YV)r}KNq(-iImrT#H+?s!0aQxYmH{1(rGAzZP2c2y@ zc=`h8OhJ|YvxJ!RUqjlv_Vfdy){9lMpKz{0OPf>0oqtj6wa=G*S^Js=_N#yEtaj+#C=T!WZ2oBR zq@LL)+lEwP=p*dX?eZU4364PJGCTr#QOjoIE8_9Lh7#GWkWVHg1Zn&Fhj% z@)HB9NNyGuTZ(&Pxq@`%l_viq!Gdbn5q|ZT9SzfgF*tF`>q7l(Vp{l*FSfrg6^Z9t z({;pGOuPs31EliWw8+66Jr|MEX))|xbIuv2Nc@TPW{B3MWogl*cJB@Hhn2N@&OnCqoC=7L73MG?1ptW;60l}!Ge6T2u`GJ4Co)aG*1iBNw| z2|xC3uF3W&4|m%Jvw7|8ypbyDdXm5}wAK6V;MH557hCAVy+>623BQMZxUfDe^f&Rp zYZgR@a?UfR`yRZndup6=MhLCdr{^}-5V=gtEv;dUFB$Wjj&H$bX`=ZjcFx_VI7{|f zU;Hp&y`UGqK6U5EVGRC03G*PaE}ht1wzaYDk$=B`=bdV~GeZO}whg^y9h*BYck3@> za(v#?hByUNHp8*qzgJHS<`kM1dItWbAd$1-Wt6c)j8?fA(A*zAVMtya3aB?lBqw9! zTuur?Wv4`^_#-Lc_WF$mN=$Z;Aq7j=8(0E&DY-digtP{KWjJZ*Z-~gGM$)vMK$+AQ z7^+PGN9_uwegqoTp0Gsuif@6;ckM#rK|K&hs|Sx8stYovcEEpbTCbyHwR#sRdEB;j zU@&(B&`h~PKbwQGa(9q3N&tz|WatVBaHnIT#!U!difr|VNLtgjFlG}#jHhgy6_5ye zqy%6!LxvKZ(58qPOBl1&48|_h8HJFYX8?c39LB7Aj{&uwDmctwQ{2BVkNuV5In zbQQ)%Z#N3v?W6$wECI%>gM(Cb+zw0xV=y$Rin;8_QA$>5xUJ1`ujLSCszl>|JDkWPWTxS~-qG?@m*>|r1p4TSPD(CWr9A4r;s zR;6YJfUF^acQCD4P#OpFcAL)3Tfmt92(9HHjSG?YfmAKL4Y$(fH9$_7)xOhYS};T zh(n`lz!G9Z98 z2L|cBK%^kxP#GB1DNP|t73zLj{Z%T>aHx`2K4A)3)vUDJ!KiM5{Ajn4f2teCBjE@1 z3;cK6$ID(}%oH{TOsGde*Bu*C5Hp310c$TIpf$))xkB@|fI8Y9^s1;3?k-Zb2BgW) zAO|rBpG<-l?}6E5`f~TN|Ld5w>W{}A=)#O(AIUbu%R|=c!Q)y>Fu*@#8%%JB=)T-H P+;zlAyf701baeg)J&AD9 diff --git a/01-Authorization-MVC/gradle/wrapper/gradle-wrapper.properties b/01-Authorization-MVC/gradle/wrapper/gradle-wrapper.properties index ffed3a2..744c64d 100644 --- a/01-Authorization-MVC/gradle/wrapper/gradle-wrapper.properties +++ b/01-Authorization-MVC/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip +networkTimeout=10000 zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/01-Authorization-MVC/gradlew b/01-Authorization-MVC/gradlew index b0d6d0a..65dcd68 100755 --- a/01-Authorization-MVC/gradlew +++ b/01-Authorization-MVC/gradlew @@ -1,13 +1,13 @@ -#!/usr/bin/env sh +#!/bin/sh # -# Copyright 2015 the original author or authors. +# Copyright © 2015-2021 the original authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -17,78 +17,113 @@ # ############################################################################## -## -## Gradle start up script for UN*X -## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# ############################################################################## # Attempt to set APP_HOME + # Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null -APP_NAME="Gradle" -APP_BASE_NAME=`basename "$0"` +# This is normally unused +# shellcheck disable=SC2034 +APP_BASE_NAME=${0##*/} +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. -MAX_FD="maximum" +MAX_FD=maximum warn () { echo "$*" -} +} >&2 die () { echo echo "$*" echo exit 1 -} +} >&2 # OS specific support (must be 'true' or 'false'). cygwin=false msys=false darwin=false nonstop=false -case "`uname`" in - CYGWIN* ) - cygwin=true - ;; - Darwin* ) - darwin=true - ;; - MINGW* ) - msys=true - ;; - NONSTOP* ) - nonstop=true - ;; +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACMD=$JAVA_HOME/jre/sh/java else - JAVACMD="$JAVA_HOME/bin/java" + JAVACMD=$JAVA_HOME/bin/java fi if [ ! -x "$JAVACMD" ] ; then die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME @@ -97,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the location of your Java installation." fi else - JAVACMD="java" + JAVACMD=java which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. Please set the JAVA_HOME variable in your environment to match the @@ -105,84 +140,105 @@ location of your Java installation." fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then - MAX_FD_LIMIT=`ulimit -H -n` - if [ $? -eq 0 ] ; then - if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then - MAX_FD="$MAX_FD_LIMIT" - fi - ulimit -n $MAX_FD - if [ $? -ne 0 ] ; then - warn "Could not set maximum file descriptor limit: $MAX_FD" - fi - else - warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" - fi +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac fi -# For Darwin, add options to specify how the application appears in the dock -if $darwin; then - GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" -fi +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) -# For Cygwin, switch paths to Windows format before running java -if $cygwin ; then - APP_HOME=`cygpath --path --mixed "$APP_HOME"` - CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - JAVACMD=`cygpath --unix "$JAVACMD"` - - # We build the pattern for arguments to be converted via cygpath - ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` - SEP="" - for dir in $ROOTDIRSRAW ; do - ROOTDIRS="$ROOTDIRS$SEP$dir" - SEP="|" - done - OURCYGPATTERN="(^($ROOTDIRS))" - # Add a user-defined pattern to the cygpath arguments - if [ "$GRADLE_CYGPATTERN" != "" ] ; then - OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" - fi # Now convert the arguments - kludge to limit ourselves to /bin/sh - i=0 - for arg in "$@" ; do - CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` - CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option - - if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition - eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` - else - eval `echo args$i`="\"$arg\"" + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) fi - i=$((i+1)) + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg done - case $i in - (0) set -- ;; - (1) set -- "$args0" ;; - (2) set -- "$args0" "$args1" ;; - (3) set -- "$args0" "$args1" "$args2" ;; - (4) set -- "$args0" "$args1" "$args2" "$args3" ;; - (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; - esac fi -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " -} -APP_ARGS=$(save "$@") +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# -# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong -if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then - cd "$(dirname "$0")" -fi +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' exec "$JAVACMD" "$@" diff --git a/01-Authorization-MVC/gradlew.bat b/01-Authorization-MVC/gradlew.bat index 15e1ee3..6689b85 100644 --- a/01-Authorization-MVC/gradlew.bat +++ b/01-Authorization-MVC/gradlew.bat @@ -5,7 +5,7 @@ @rem you may not use this file except in compliance with the License. @rem You may obtain a copy of the License at @rem -@rem http://www.apache.org/licenses/LICENSE-2.0 +@rem https://www.apache.org/licenses/LICENSE-2.0 @rem @rem Unless required by applicable law or agreed to in writing, software @rem distributed under the License is distributed on an "AS IS" BASIS, @@ -14,7 +14,7 @@ @rem limitations under the License. @rem -@if "%DEBUG%" == "" @echo off +@if "%DEBUG%"=="" @echo off @rem ########################################################################## @rem @rem Gradle startup script for Windows @@ -25,10 +25,14 @@ if "%OS%"=="Windows_NT" setlocal set DIRNAME=%~dp0 -if "%DIRNAME%" == "" set DIRNAME=. +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" @@ -37,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto init +if %ERRORLEVEL% equ 0 goto execute echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -51,7 +55,7 @@ goto fail set JAVA_HOME=%JAVA_HOME:"=% set JAVA_EXE=%JAVA_HOME%/bin/java.exe -if exist "%JAVA_EXE%" goto init +if exist "%JAVA_EXE%" goto execute echo. echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% @@ -61,38 +65,26 @@ echo location of your Java installation. goto fail -:init -@rem Get command-line arguments, handling Windows variants - -if not "%OS%" == "Windows_NT" goto win9xME_args - -:win9xME_args -@rem Slurp the command line arguments. -set CMD_LINE_ARGS= -set _SKIP=2 - -:win9xME_args_slurp -if "x%~1" == "x" goto execute - -set CMD_LINE_ARGS=%* - :execute @rem Setup the command line set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + @rem Execute Gradle -"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* :end @rem End local scope for the variables with windows NT shell -if "%ERRORLEVEL%"=="0" goto mainEnd +if %ERRORLEVEL% equ 0 goto mainEnd :fail rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of rem the _cmd.exe /c_ return code! -if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 -exit /b 1 +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% :mainEnd if "%OS%"=="Windows_NT" endlocal diff --git a/01-Authorization-MVC/src/main/java/com/auth0/example/model/Message.java b/01-Authorization-MVC/src/main/java/com/auth0/example/model/Message.java index 9923910..bf78d34 100644 --- a/01-Authorization-MVC/src/main/java/com/auth0/example/model/Message.java +++ b/01-Authorization-MVC/src/main/java/com/auth0/example/model/Message.java @@ -3,15 +3,4 @@ /** * Simple domain object for our API to return a message. */ -public class Message { - private final String message; - - public Message(String message) { - this.message = message; - } - - @SuppressWarnings("unused") - public String getMessage() { - return this.message; - } -} +public record Message(String message) {} diff --git a/01-Authorization-MVC/src/main/java/com/auth0/example/security/AudienceValidator.java b/01-Authorization-MVC/src/main/java/com/auth0/example/security/AudienceValidator.java deleted file mode 100644 index 97cb7cb..0000000 --- a/01-Authorization-MVC/src/main/java/com/auth0/example/security/AudienceValidator.java +++ /dev/null @@ -1,27 +0,0 @@ -package com.auth0.example.security; - -import org.springframework.security.oauth2.core.OAuth2Error; -import org.springframework.security.oauth2.core.OAuth2TokenValidator; -import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult; -import org.springframework.security.oauth2.jwt.Jwt; - -/** - * Validates that the JWT token contains the intended audience in its claims. - */ -class AudienceValidator implements OAuth2TokenValidator { - private final String audience; - - AudienceValidator(String audience) { - this.audience = audience; - } - - public OAuth2TokenValidatorResult validate(Jwt jwt) { - OAuth2Error error = new OAuth2Error("invalid_token", "The required audience is missing", null); - - if (jwt.getAudience().contains(audience)) { - return OAuth2TokenValidatorResult.success(); - } - - return OAuth2TokenValidatorResult.failure(error); - } -} diff --git a/01-Authorization-MVC/src/main/java/com/auth0/example/security/SecurityConfig.java b/01-Authorization-MVC/src/main/java/com/auth0/example/security/SecurityConfig.java index ff020de..a1c263e 100644 --- a/01-Authorization-MVC/src/main/java/com/auth0/example/security/SecurityConfig.java +++ b/01-Authorization-MVC/src/main/java/com/auth0/example/security/SecurityConfig.java @@ -1,58 +1,36 @@ package com.auth0.example.security; -import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator; -import org.springframework.security.oauth2.core.OAuth2TokenValidator; -import org.springframework.security.oauth2.jwt.*; import org.springframework.security.web.SecurityFilterChain; +import static org.springframework.security.config.Customizer.withDefaults; + /** * Configures our application with Spring Security to restrict access to our API endpoints. */ -@EnableWebSecurity +@Configuration public class SecurityConfig { - @Value("${auth0.audience}") - private String audience; - - @Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}") - private String issuer; - @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { /* This is where we configure the security required for our endpoints and setup our app to serve as an OAuth2 Resource Server, using JWT validation. */ - http.authorizeRequests() - .mvcMatchers("/api/public").permitAll() - .mvcMatchers("/api/private").authenticated() - .mvcMatchers("/api/private-scoped").hasAuthority("SCOPE_read:messages") - .and().cors() - .and().oauth2ResourceServer().jwt(); - return http.build(); - } - - @Bean - JwtDecoder jwtDecoder() { - /* - By default, Spring Security does not validate the "aud" claim of the token, to ensure that this token is - indeed intended for our app. Adding our own validator is easy to do: - */ - - NimbusJwtDecoder jwtDecoder = (NimbusJwtDecoder) - JwtDecoders.fromOidcIssuerLocation(issuer); - - OAuth2TokenValidator audienceValidator = new AudienceValidator(audience); - OAuth2TokenValidator withIssuer = JwtValidators.createDefaultWithIssuer(issuer); - OAuth2TokenValidator withAudience = new DelegatingOAuth2TokenValidator<>(withIssuer, audienceValidator); - - jwtDecoder.setJwtValidator(withAudience); - - return jwtDecoder; + return http + .authorizeHttpRequests((authorize) -> authorize + .requestMatchers("/api/public").permitAll() + .requestMatchers("/api/private").authenticated() + .requestMatchers("/api/private-scoped").hasAuthority("SCOPE_read:messages") + ) + .cors(withDefaults()) + .oauth2ResourceServer(oauth2 -> oauth2 + .jwt(withDefaults()) + ) + .build(); } } diff --git a/01-Authorization-MVC/src/main/resources/application.yml.example b/01-Authorization-MVC/src/main/resources/application.yml.example index 8240a92..3306585 100644 --- a/01-Authorization-MVC/src/main/resources/application.yml.example +++ b/01-Authorization-MVC/src/main/resources/application.yml.example @@ -2,17 +2,9 @@ debug: true server: port: 3010 -auth0: - # Replace with the API Identifier for your Auth0 API. - audience: {API_IDENTIFIER} - -# The following is standard Spring Security OAuth2 configuration. -spring: - security: - oauth2: - resourceserver: - jwt: - # Replace with the domain of your Auth0 tenant. - # Note the trailing slash is important! - issuer-uri: https://{DOMAIN}/ - \ No newline at end of file +okta: + oauth2: + # Replace with the domain of your Auth0 tenant. + issuer: https://{DOMAIN}/ + # Replace with the API Identifier for your Auth0 API. + audience: {API_IDENTIFIER} diff --git a/01-Authorization-WebFlux/Dockerfile b/01-Authorization-WebFlux/Dockerfile index e01604f..d0fa659 100644 --- a/01-Authorization-WebFlux/Dockerfile +++ b/01-Authorization-WebFlux/Dockerfile @@ -1,4 +1,4 @@ -FROM gradle:5.4.1-jdk8 +FROM gradle:8.4-jdk17 WORKDIR /tmp ADD . /tmp diff --git a/01-Authorization-WebFlux/README.md b/01-Authorization-WebFlux/README.md index f6a11d7..11304d6 100644 --- a/01-Authorization-WebFlux/README.md +++ b/01-Authorization-WebFlux/README.md @@ -2,18 +2,17 @@ This sample demonstrates: -- Configuring a Spring Boot WebFlux application as a Resource Server -- Using and extending Spring Security to validate JWTs +- Using the [Okta Spring Boot Starter](https://github.com/okta/okta-spring-boot) to configure a WebFlux Resource Server - Protecting APIs to only allow authorized access ## Prerequisites -- Java 8 or greater +- Java 17 or greater - An Auth0 account ## Setup -> For complete instructions and additional information, please refer to the [Spring 5 API Security Quickstart](https://auth0.com/docs/quickstart/backend/java-spring-security5) that this sample accompanies. +> For complete instructions and additional information, please refer to the [Spring API Security Quickstart](https://auth0.com/docs/quickstart/backend/java-spring-security5) that this sample accompanies. ### Create an Auth0 API @@ -26,16 +25,12 @@ The project needs to be configured with your Auth0 domain and API Identifier. To do this, first copy `src/main/resources/application.yml.example` into a new file in the same folder called `src/main/resources/application.yml`, and replace the values with your own Auth0 domain and API Identifier: ```yaml -auth0: - audience: {API_IDENTIFIER} - -spring: - security: - oauth2: - resourceserver: - jwt: - # Note the trailing slash is important! - issuer-uri: https://{DOMAIN}/ +okta: + oauth2: + # Replace with the domain of your Auth0 tenant. + issuer: https://{DOMAIN}/ + # Replace with the API Identifier for your Auth0 API. + audience: {AUDIENCE} ``` ## Running diff --git a/01-Authorization-WebFlux/build.gradle b/01-Authorization-WebFlux/build.gradle index a238f9e..d421481 100644 --- a/01-Authorization-WebFlux/build.gradle +++ b/01-Authorization-WebFlux/build.gradle @@ -6,13 +6,16 @@ buildscript { plugins { id 'java' - id 'org.springframework.boot' version '2.5.12' - id 'io.spring.dependency-management' version '1.0.9.RELEASE' + id 'org.springframework.boot' version '3.1.5' + id 'io.spring.dependency-management' version '1.1.3' } group = 'com.auth0' version = '0.0.1-SNAPSHOT' -sourceCompatibility = '1.8' + +java { + sourceCompatibility = '17' +} repositories { mavenCentral() @@ -20,5 +23,5 @@ repositories { dependencies { implementation 'org.springframework.boot:spring-boot-starter-webflux' - implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server' + implementation 'com.okta.spring:okta-spring-boot-starter:3.0.5' } diff --git a/01-Authorization-WebFlux/gradle/wrapper/gradle-wrapper.jar b/01-Authorization-WebFlux/gradle/wrapper/gradle-wrapper.jar index 7454180f2ae8848c63b8b4dea2cb829da983f2fa..943f0cbfa754578e88a3dae77fce6e3dea56edbf 100644 GIT binary patch delta 36900 zcmaI7V{m3&)UKP3ZQHh;j&0kvlMbHPwrx94Y}@X*V>{_2yT4s~SDp9Nsq=5uTw|_Z z*SyDA;~q0%0W54Etby(aY}o0VClxFRhyhkI3lkf_7jK2&%Ygpl=wU>3Rs~ZgXSj(C z9wu-Y1}5%m9g+euEqOU4N$)b6f%GhAiAKT7S{5tUZQ+O8qA*vXC@1j8=Hd@~>p~x- z&X>HDXCKd|8s~KfK;O~X@9)nS-#H{9?;Af5&gdstgNg%}?GllZ=%ag+j&895S#>oj zCkO*T+1@d%!}B4Af42&#LFvJYS1eKc>zxiny{a-5%Ej$3?^j5S_5)6c_G+!8pxufC zd9P-(56q5kbw)>3XQ7K853PQh24-~p}L;HQuyEO+s)M^Gk)Y#4fr1I*ySS6Z>g^ z3j2|yAwKXw?b#D4wNzK4zxeH;LuAJJct5s&k>(Qc2tH}2R3kpSJ)aaz!4*)5Vepww zWc0`u&~Lj*^{+V~D(lFTr?Eemqm3a{8wwF}l_dQsAQURmW$Bm$^?R10r)Xd_(HUYG zN)trq(ix@qb6alE>CCw@_H0*-r?5@|Fbx<6itm$^Qt~aj+h+Vd7l?ycraz%`lP%aB ziO6K|F?9|uUnx$T5aqKdAs74ED7SPSfzocG)~*66q;Yb=gB{=6k{ub6ho3Y`=;SnB z;W96mM@c5#(3(N~i_;u05{yUL8-BBVd|Z@8@(TO#gk&+1Ek#oDaZ?RNw{yG|z+^vm zz_8?GT|RX|oO;EH*3wMsfQTe(p6)G9a)6&yM+tYvZwg;#pZsdueT#%;G9gwXq%a(| zl*TBJYLyjOBS4he@nGA-CofFCVpGz!${(Qa{d?g*Yt zftsoLCHu-*AoZMC;gVx%qEKPVg@Ca2X(0LIQMr5^-B;1b)$5s^R@wa}C&FS9hr_0< zR(PnkT$}=;M;g}bw|7HERCSm?{<0JLnk{!U8*bbod@i#tj?Jr}|IcqMfaed&D?MHW zQQ>7BEPK-|c&@kx4femtLMpewFrq`MVIB%4e_8@IyFi9-$z0o48vnBWlh@E7Lz`C& z{~7u$g;@syjzMCZR|Nm+Jx^T!cp)q9$P*jxSQZ3le#HSIj=wN~)myB;srp0eMln_T z6?=}jUvU5_s4rEcO3k}*z#DQrR;TOvZGc03OR0)P5RI8M<#*B)8fYxxxX(I`Dks;X z_q5?sAs zMlaiDTP-1_XRMwL(q5h(W2yvr9HmtlnR);!9>U%TyViU)t#_5B#W0DnP!P#s!my-T zqbgQRIf%MWo*YUK2vXE8RIy;gJ8p^LU$c6POWt88``5^mIqohk~I!a zv-T{zI?eSLajm^r3>inooK|w$a_2H9J=;|sziKGRQ&FC5CWUF*#N6?n4rD-}S>Eg!tFkOpE7otS)$s3hyim=Ldy&-I$%Yra=M3xIOG{Jc zr8d_wbB301%Zy*8ILfeRiGfeQUIh2N3|41xAR|uvQ%?AIGUkdX*Ymgh z54d1)Igp9~)o7-h8AAH#6DzJ}UPh+srx=B^tGe~_(uwPoOov8sptn}$Rx@&$Ox^8H z!MND`vATA1%mR>+iCrV=b!*TSrj2TDv?Fnmj$=uw{JX1c$tt@zIC9gt)3Inpb+Q~= zh0Y@1o@R7|g+n0^b;v#5cc24{OYlnusF0tun^X?qHRYl#m%6UY?tK9vA zvtPnt7tgpi=qBIQ{v=D|p=4@{^E7)c3MLDCNMKPYec~o)VJ6zmZRE?UqXgYj7O~uG z^YQwQfQr>T!u&NaBfm|PW%g%cDoE8%t<-Ma$wIkMS{3sTS+aWpx=g7(+XtaLt9nqB zrLi<%uH29tuKZ6?`Ka5N0@G{F134GZ+6+RnA|Y+wCs~N*%N4CxyoB6?*{>AMy4w}` z@CMj>CaC}<;Y&#-a6~6AB=v2>)b=&t&D7SK6Vc4p+Tfg{AO(<+v?R1IsPA~@FvGJw z*d@a@6bydfT8{(k2N*D`FO@sUHbUIw4kQ(jrMPa2Mjc&~AK*xoe*c+VfsGx$cnzHQb4bSL2wJvVg>oYR*?s}CgoHMPLwA`Km%5LJm4a&OZ3QL*-+4G0t%;_ zS|DOILXL@I?hGl*3JvMq)Uq;%_B{$ipS*Qkn~F!-P^6Afg;Qf!n-zi$tpUjh9TEgk z$Em>`JJ(>S;8ZLM+$-RWUzFrR!@<;W=Y3ASjLR1`U zRnQ{ZU%JK?(2oo+c(5g;5Ez&I&5{C8{!I?aB34uFL`IQg#2z;=$Si?P0|qnfM1VdS zb6@5YL(+>w;EPEyeuX)yIA~VlFjk5^LQ^)aZ$<1LmDozK0cxH1z>q2*h5eR(*B8Pj6nS=K`)S3FLEV-S*4c;F0<9nRRu$YqiDCFaTc zU2LxT3wJJWeBb8}%B59!#)-W}_%?lSsy~vH3%oytE`j-^9*~SvMr-z3q=A7uy$?X& zf*Ky)z&7X0jy`YDtCs@NJw0+j_3CeDw_I25HR6CPV2t!asKPJV^R_r+u&LUxP)wtR zmFA-~HswLN)Ts=7{YPysG?DY))3+-L*En93o=+v+Kjw;_cUsONDZ!zzk{1O05Wm+3 z*2;}O&??lNOe-V{mDB}Gn<0_7H$ZCa5dWoq#}QCT(~h%=J=n@;@VXR52l^?vcj%GP zh7{kjosPu`1x+iQVU?(TJ^?xlT@AS>a?&FMQRTyRO?(2jczyS@T%&!d8mzxqO0r&;UjTNkbB)J1%*iB$McM0+stU%2(C}f0}_{G?dWaCGjmX7PnOq1 zdRr-MGfS#yqMH&mW5BiJE3#|^%`(niIKQ_BQ7xk`QFp50^I!yunb~0m24`10O=`w3 zc#^=Ae(B8CPKMDwLljERn*+I@7u8~-_2TPH`L# z=1~{&_1Fg{r>4*vu5rRTtDZ3}td&uZ)(p*OD4xfn01zzS+v3c_N~GkBgN$cm$Y%H} z1sPjxf=IxdrC~^)&Pvq1^e`~xXM2! zYU)LU02y$#S?v+CQ~GP{$|nR0d%`>hOlNwPU0Rr{E9ss;_>+ymGd10ASM{eJn+1RF zT}SD!JV-q&r|%0BQcGcRzR&sW)3v$3{tIN=O!JC~9!o8rOP6q=LW3BvlF$48 ziauC6R(9yToYA82viRfL#)tA@_TW;@)DcknleX^H4y+0kpRm zT&&(g50ZC+K(O0ZX6thiJEA8asDxF-J$*PytBYttTHI&)rXY!*0gdA9%@i#Sme5TY z(K6#6E@I~B?eoIu!{?l}dgxBz!rLS{3Q4PhpCSpxt4z#Yux6?y7~I=Yc?6P%bOq~j zI*D}tM^VMu{h6(>+IP|F8QYN`u{ziSK)DC*4*L>I4LoUwdEX_n{knkLwS`D-NRr>0 z&g8^|y3R$61{TgSK6)9&JZFhtApbp$KzF13WaC(QKwAZ|peA@Aol`&*>8RK(2|0%R zyo9nL{gtv}osWeNwLf@YG!wb9H2WRcYhg_DT60dzQGW(y7h7|4U*<;c*4N*sE2sdR zZRP^g;h(t0JLIuv)VNY6gZ)yUD)2d)p?eFznY8$~EZMYTiu%DF*7UeVQPV}h zF*|ls`|a+{u;cd>D@%~dRZBn~-Ac+m&Vg>P=3VY8+$<7Zi7p<~Nq zR^M^jl=zI!T`8H(gK0H945KY=N1J#Up`sWvfY$>1SGEfqEyKIokPVbexYnI`OXJF$ zkMS3dBE8RnB1dK)tJbNSu5Y&$IYBy38luzK-TGMpQcEojhte7Xff-zI50I2qM(i2F2)9DdagoKYlK zz%x8sxFf>5@1bI$-n*}N>o3o#^zP{$d7pf& zf*4SNbn9QDXDCVn;wo6|E0$(wBv*pgxHCA(S3lXJ4HMQW)rU}U7?F zxI}V}W~d>wx97Ozh+^glLBo{*j$o`=hK;idHhi4CG!_fG89V-Ew-^^hhMOWUdu-2< zd(t0O>8BgZ1N<2Xi1G3>r1@d)nBD*K3PsmP{s{&G;tmG_!k=7FNuKO+fCm`SxKP>B zK>mtj;Etn5J%mKvT;yE_zl8vk?q3f9hwea!Dt8yLUCgFO*BnS=YuY}-c!&0jb}J)D zV(s~BTYfVyXK<9y&hpVuS= zc!!wNsFjPgspRhCIw6}w^RvLX#?KnhpM(hB`U3x zg*!~MI$JfAFWhsN7xRdV^%0aygs+rZ;dpWzncKOTAa`0Xq7m(z zS_LwFYW$1KXsfgpFzlw7r#2KOQn(%ww?YQ$bT(GWx*gx2Bsny3J z!6UUPr8>TIGiK`%2m`PSS3Pd36m#OIl#SN?$h?mU25XXidM(*ZGBAelMO)H+;9Uw= z8`vjt5)+09c$b2FAWm3{jId9*ui3~Ihbw`9e-2;@?!T%Dqin&WFbQJt4_m@V=j9P* zbXi|lvH3x49-&)RB5c* zheg*i@5p((w*%DOB8-%Yv2P#-IHB%v>`Y&_9BR4)7ngJze2&>4c~NOkQnJ)jt+X$L z9`^6#2vV*K89hV$gu10|zu~;nKfa?ohox&sMS7NyTlMJCQAe^h{9nZwpoX?uy5xO? zW@PBU$b1{UOpv~AtZ#<+*z+(g?Fjwseh8lsxs5iozi*#gI!;qXBt)G~j z9v5n^MQKOT?2!Dj8;SOO0>6f3orwHJiOFK6`b<|b^4}5n{l-VQ?SoksHS=yv3$O(l zK4aL#0Zq4{g#z$jo$*dAJfuB~zb-n^5(3@{JHT~GGc;Ky(^y99NCxW2rZg%U^gIg; zJ%kBn@NxZn`e|BO6V4* z39i>kJU<7SyAHVHI%uKdcv|~U@W=4e@t=p!S?jnBEq^yQ2E14shzIlXKC?om(H84vN=o^2NtMBm7J~D=rmbm*NWjSVJeDEz-N5UmBk5`GjywWp zZ6s1IpXkUutr~lnCT>!2PPR9DIkuVbt|MCCR|#D(rD%~B zubEU^cc78hxs+x%Vg6$X@16i4ob@ek?PQijQzieZfi>E5NEg`76N6^2(v~ar1-yk2 z{{lAO$SjM{aof;NApyxnbEZnRO}8?!fT!U_<`21g+Y&qC_&99r6|*kDkDETgh-Blb z?9T7UIB}thISUzkw0O~5y~+>wtL{7Fc;gSldH8639yf31)qi4|Wq~g>_I0dfs^OGe z!K&|A^L|jeya>y7<>8(f3SXza9%^rl#3_31Neefn#Uk7*_^}IkM)e_&Fg~Ughu3}B zG0}?Kod{eb?94;$6dD4YV>n9mC5+Hy8M_h+bQmvUNvJ>0P#9a~pPDU9l#NrDP39Z> z7R3hA*IMVAod6Yl=s=BNyrblFv9ahxsA&Gst+0`2T@WSesGH1hRhw z#t7Smp){oxPiCm!XedMT9Xls`K+YKLV>+PC>98;G(5Lw*eBS5`f9B8Y2br|#y@jcz z`ddmVevy*mwN3@%YsE|Fsj!mu|5S)>5)wx;dbtMZ6Z1juCz$0kMS5-C{B5qnD{7ViiFNTv<&?w+5J7 zOvuImg^_o-ySHEQGAp-85!m8;Kjq_i-SzRFWcdAdj|VdIswTnUkggogN4`x{jEyG? zQ*_r9na<4wW8fySLr;PuoDVKKN@|y=99HWqBR+2kiH1prFkUgL{}*5_>twEG!W=|` z!(x}*NZ|P}Bf#p=-xK3y2>!x$6v(pYq)(6dQWk)$ZWSp%-^30dq``oVSfEWcTXE)1aMtpTQ;FW3e5ffMASm16(q#bJ}PAM2+l8m-{ z*nkDPH}ha-U3r{s>8XetSzpDN&nlc>|Er_gOMq?H8gtx5_)=$=rKn8D)UFKeitTF< zrA6>w`_sOEN&t!qEx|Pjw>cpv6y3zP58py3u%=88_f1w?Dh6qHi_=ps1{zKT3c+AJ z-CHtS&YwELV7i&XOXFt+doDFc=HdO@cjpeR_V#?~+=e|BdnS5C#8DCu@>*3!I9V9< zW8$!NLpp)$6Dt$s16B6U0ukr;dz~cWFIBq~D_Il@v4E@wH%Sf#P50K?&Z#GHc^JwQ5QyPaJatDTEbA97~OHLu)q6tU>srf)aJKx!w!`g-`+$hp=yl`47e};Vme|`Otn|zcuTh4TQZ6IKVT7?o{08_qzzuC#0N+` zUL{|(2B|=83J;W>uqDA61!wZ8=lN%B^2FGwkZO!2?1c;bDLELF1bQ^Y?Y+7uH}!W` z^`^=K4S@v^Hf0N&e`kde(pQ;BIt`1ze5~`Nn*fETHo^-|6KuqPj||YZ}sKX zV?ZxRbyMRcdpZnDH1-C5U5;4JguMyzlQm)=l~l=@z2)laaTx@kKq5APotoUE)xH#J z6)(ramD2fUHPdL793*l5S06`4Z3{&?tnR3xfYKS3B*A9}jW9$!H?R6_%7X{4+i!*D z*)40tp!3LCaUi_0jXN?z7Y6AEkZ^eIVyo1w;KO5iZg~7 zHCM5Jk&G}NQwK`~bXb=f#j!xIJJ#ETt7@1qhw9lR(hEuxbrv?Ct!{87z|%xN)YC*i zx*N?__cB*&7kQ_BKkH|g0C{L*XHjv2;aHF<^+m0ch@q*5qw}L{NLOF~Wij{R7GRxv zl5Ne^rT$D06;D(gWfiTsBRtZy(NY}48_YzA+&O?{^mT^%=g%f;Ze*H{?}d8=k;bAO*Q1?nvfP#$3|aI1lz{jcLWDIa9v7R}*UUhVLB> z?TDq)NCcJE9S%g0rVmhrf>=Nw6kt8m!lpu=;6aU-%{(-cj)pA`DiK5kE7&tX-cAxk zV7ZG}Y!Ot|OEx!qA%%(cHP{?eqT&8(26rmJ5#`!FG&0ynY|*(Kz?poEylYbT zipX*&ApQikP2)eD@Cw5>GKY=XH&1uQkIwKs&xAMXwn91ntk9#gnYz6e93PIWrmt>FDJ!k43qNZXPf6WzmzXnJHc=iBBr{8^QV3P3jBjzp1TS;KxA;CN~^( z+=W87)Xjkhvi+QF4Lx^aaWOqm(0Y9CO0GFZR8z&yMefP`|0m~2!!3xZ8Lm2Rvv@2r^&{YhR@ zw^UuX9c)b@B%u83iCNC~IC#%5yDEAF)=sG2Ixi3%m!~JwM$*P5x2h-9J*IpQSa~@J zrrr`+ovQAga*z#m7tsT{r|u?Zhxkhp{;cu*=@#(3`WZu}iQhp)>uS`C#CQB#V0r*V zTe2;aKaHbKz)(xpB<;4XJks+e6S0l-xv_|GDdg@Di2SHte&&#+NZ(2^BxzTs#s&{h zT+P^yaLR3Ngh&SYr_pGSlo1CA2wot^gmLX*Kry~2|D>4C=?)BOyuKoq!#CwNE>=xz z@B8_S`HEpn&6xHL%`uv=rD%h>RB_zhRU&TJz}mn5F1e&^ASo;(3ppRY={cnp``a?A zC0wiV5$%pZ!_*FuGrqYzT=2e770vS1j+=c~|zjkE7i4Y4E(NTKXd-je8>=6q<+#B7yc*NLp6Yi7`s>jG~xBpI-ljN3WLT@-~ z1>TEAk)dHU%i@jw-oY^D2AAb|%)}JjA7Bt{nKOF_Hp_!A9$XYm%X^ ztmK?aV&I-7@30n?X3rXfNuWHp0#VN~t=DRNoaeHi)w&{-K@k@5vgoq(MtF*-_fe2= zYChH0%?FP}6|_HapKK0kzEY{&1ar1-#X(o*HA;tY509Qp>zLBfP;v#}!^mV5J)dZ^ z>BgG%+gA^6~) zZIvs|p~pM!mkV)(Wj^@{;btztU>>X7r>wpDwmCLZ-ovAvPh4@D&-`&>!9aQ4ozB$& zp5iU5W6N}(oJL1>m258VY_?OHJtQ4roUQ9xnhBhaxRO?2T*pfCJ;?Y5nAyb%ZmWeQdtfRjFHZ{sZX3=>dcPZA7K6U&rrSMJ3 z23`Lst@rcgM;A*bOBZ7^yX5>5bBMmNiu{;nn9^8K@J#x?!{n@TH!x&BoMx1Y zpdS!C^i-FX$r+VWfUDF)D_ay~adG-ZLIz0`K#)}p3kzvR0rp=Om7M8tl78YAV0KgX{bGW4+cEG<+t|p2oXOxm#xNQfN z8f%1y6(O6G{7C}RnVfKJuiXZaj0W?HdU$68{-jOybhcswAmTI)jig>@#_t4FFbU=& z)3D3#bDeYZ26=;Z?rb?le{I}drsj^85p*AB*D=t(sbAMU^rLueRZ8e8j2qQV1~Fi> z8hYmusOb@gaqj3$`75=b|ETY1Q+Fq*KH$RLu8u@?^hVwkzBUu&NT}LcfTObO{CffG zsFXYPCekhefLbLr_#$o*i+-Y*PU)i`#x}$R}_=G*KKA8Od zg?&d1E5yBkIi!?6gDJR}d@@sZwG!db9)PIXWr=&{#YBo-o^KfC-w7L=Y$2_q5tA_s zd_)K$q}9eV8#$HB4v)xO`cRrV5M0lbBS^BQ?N_Uyj}uJ$8D))4`RzrAKn8@Bl20*K zK?_9(EL!7Tu@<%jia$Ut+x-QJbj1FEus=kWHhxabUvLKbdZYo9sf_2ZyUzTtQ`H9634fzfh{>IZs*n7#nJFjd~cRk}k{P;z%|sOnYp)rqs0 zMntK7EEh?ZW;Dj{ezME8Ko#w`;YZB7WQfu8Cl3?Ixic3l%&`v9SfHWm2pdd-N*w#6 z>pThQ1uF0rDpJ1vzbcK8Z)NAyf7p9L{2y_q0+dc+(u%0J1ZfqPj;s8HrXflA*Q%+? zSWY;#r_OEyUMB4@+!+QYb20UJ1&W~+YkpIj`Znt-)9V}-KKM^_-T2*HO#8n*e~|@< z*PKcjON29GAwVEB^Quix92bUpcgU|UHxv~9a~In6`L>OeU`GfbThFhw;fLI}TJzeF z0G!n|WK%ep~kHJws&s(en>DFZ0)ld zbX&L4=&DqT55oSDXVOUIOCNtJ?&o_+z|RdgGV~cu#bIU7P1)FXPox?Pt^Wzf#Uyju zHJ-wt;Q{pYCwybEi&h!8>!GxjB3=MYmJsd7{?h#Zb#sZQCgbR3-)Ak*c5Jng=kai# z@B_>mOjhgPQ7~?18moe?$->ieFbaQeT=5~Jd?z*=lLj*#XEpObnQ3^>$2tY5G-}a@ zEmSX?WSoC1&Qmzkw_{vO&V@N_n)R`16?m2h8z&f4!ZL=IT1Aj1)01Uq2tWZO5y$=s zaORP;**KR8NS$#Cee%5<5+F>(+o;+NQrr(r-VaWFBjbZZN76SSb_b1o zc^0aIX`Kg^LWGJ>O)L_3w-hi3`3e%|1sEYkdcfy++pC_P2+`cQV&+tAkLXej;;z$0P<*&mKBafg$S*@#Iivr!)FZxfykAAa& zl+J;luT&!5ym{m^r_*pS9j1jMnop!C&aB@CGMetbC}E6!cJ5#tE)p{Eerq_dc}p;( zrX=B=qAHr%w2o-7rgx<`E+s|9@rhVcgE~DvjDj#@ST0A8q{kD=UCuJ&zxFA}DVC+G za|Tc}KzT+i3WcdDzc_ZvU9+aGyS#D$I1Z}`a7V_(Oe4LSTyu*)ut(@ewfH*g6qn0b z5B!c7#hijdWXoSr@(n%%p}4>se!uezwv4nqN+dY#Aawu%=d-Rn+zkJ-QcHv4x~>H$ z;nl83-22HjF)2QMpNEM1ozq$th2#KRj5s^@lA)tHO0f36Asv{XHuEFwPv8h3aVTxQ z%oEW6IvV#QJ0B;vgw^Hp1Px?Mz2A(2dQ^;}4MsY<8eV>fzO;Af@2_ABvNCN&Vi@_$ zRA;E+5L+M~+U^kL3Cv6VGRI-YP4;A4S&FiV_IwHwRVdRsZgQhV)RgM4Ma^G}ULm!> z8q`CgL(VPvlGhnd4Y_Q(w#EU{=fE(mCcuyXqOz6x9k}xk63wR%n2?k=jbfx8KC{_QVW? z2ys94)HvxzFg3~`E+&TzC@%OAsX|h=**G(r1*OP#MUZ>t$ZBnnJ56m_n+*g-@o>wMN)L+r|C7%OU{k&i7w!T&(lEg>(Lm5?YI)Z zMu*56HN&c15ADmoxo6=V1AoJDxTx;8r_dWba= z34d+4zF0+J$*d`EgH=4aGD~iWMN?r-nPLgUypU3y7jqF-rKVVCMolJ?vXnQCHq3E? zygp@tR;A8@wwqP-$|X$GqUu>re>O?GO0#leqeF|PxrbFUnRX?&+9UTQ^-bmx!a%#? zHr;DWVKXE_Vk>kZU zv>7s5$dTD>2U*zg;YNegvp*xjy`Rq?-EF}S83Bmx;bgi)&qtF#*)1e44g-Oe6BOHb zLCMn`&=S1x^%&^OkftmS_H!DNy0tXtDm$oL#m`o9$?ic5tK&QaR`dqD8&VydP=hmO z4eNH1Vl)1SSv86{1;1>GZ7eRkgcGt^oM^b@+S81dqf)DFG?wjas_XRIoXwxA)TbD$ z&;YM#{~CaV6{j&!q8Q4}E87~4tjOhR`yD|jD7xz-`qG4CixswD1SJ!dNNr(YceB(S zdTBg-bN&brgS8l(!5vd%3#(D9Rs}p}8tkD#7%)3&P(x)5m)j6WJgmsD;%%#t?U^$$ zt}rR)lG=wjUkB3_m9)G?t6Pgk^z+!P)&Q}&ZX<4NL*j8pdJ{Kbnpl=Rg^*{}#rC$9 zgeHxM@YlVRDsc-hGD6kMZ~@(KO!AY7e3CkQJJ^eBC4qsB&hMFE~sc=K_u%p7dodffBw1U*#b6=_ylpuw)MUa&2g24IPnQkKD+p8Kjt| zBrA0e{WbCdZ9sUUwkn@$zfRSJdC;+_fgm}R!nrJph!|;r$;y6jNTv>VK%(mFIc71& zbYEKGXaibyqWmY@Tk{fC;#Flu0igd4Olz3+NBQp<*MZDTvWGBG8rigCLOH%o>>M6OIYwohsAYg2z8B&M~f7N=iLOPie+-I#!D&YrLJ#*|r zk`%QWr}mFM^d&^%W6EKt!Jense)RQoMqrAg_=q!e_ky9mt-vXrEWn`?scHMlBa@%fis_I33 zTO#Cq>!AB*P3)GH3GO0kE#&p6ALzGH1785t(r5xFj0@C83E@@HBtSSGZ|q#57SXzC zBcVYI{w#qZOiY|a25^Fdny!G``ENdD%DlS3Zk}KXPO%lG*^rJ-*YoTz0!5gcbUBIU zcxsp)g(jX$tR0mbI%5n51@)hFEWCS&4h~-C>z+e9XP2#9L=w6n0&{JJOi_tKFjBOmkydTxF?{=r~Z0SZ zQ!+?)lb|XW*a39dgeKjifBjqg6C6^fO>>mhlO5^a!?k@%Fm%OcR)0o}*qm6=$;a85F~$*LPd>M4+h=KK^p< zUTLr~iZCJ`#!sTSSP?A25d9$@jEe9}IiHO>I(cU!JV|?&>({{a8~_Oyc02#bw!fyZ z@HrqJOcWp<_mvL~UYdVG%AR6M@$eurF>ywq!qkU^T{D$%{9=rQK{Mr0e$Ev<4Z5_S zNnwMk`o5QFbqF(j*?kTXXP`Tk>0tE2420%Wbv=sgM}= zFD&odG<``_Nk$!;UUlNa@pUE;@K9l8cg(6Zp^76 zHSY4thE?HEz;V#!D}=e137fguh3sSu$@cn(U(I~bzJ+UcXJ=Q1O00`zY_m-#grEj4 zEGB@jzU304JM9hH$ewewKoi}a*G)7>aprL9L{@#&E63^!f5;GKKdIcz3u zIX?;8Hm+myU<%}TY{&)aehJtE{bUL5REqCLEv$}$XOuvB|LmWM={@UM30}Tc@D;(g zGwu3b=?d;_K`#|5(k3D+azz2#*`b*#(L%u7Pt3A#1qc<-_e7jCTL6jjvyRPZR?)zb zWgFrXi*Z})op{VWcX)K(M?p| z^}a9&&u8|iSNZT&G=-;Z1>0&GKleLMJk=huD4Vlz{zHe^OpLbVZE?7JHGRxRVhX@R zX#DjtFQ~S{-S678C8X4#M?IY@6Nj@YeQh)P53f_5{5@XcsQhQG$hZ}!=|IIsPG@-~ z_{~ws>hNg`<7R&15+VS9kG-XsFaWQ-qAIYaR{NtS)$_Kp8Ny;9bOV?yFjO|C|BAb1>)p63 z4?AKjs4JeWs^@~NgVY^gp5av^K1B~{YF7jfwz3uM!~O04tZ#R7eB-b!IWW%tVX4NF zZl~8XZhad1Tj?)(6C#PG6UgWf`0A^X+pq%_o&XegitvOnypX9A-jKwgoqIsk`7vDH zPz9}L=G;#3Lf5f!K3`t}l&J?TXKzH~Uzk?{5_k9H9xWw9crd@!v&1VY zsOuRn#7S^4j73)ETazCqI7bwNo$t{cZ&ry=x*Xgs76A|6USJp|n$Y_yB zDC2KGY3x!h=P8)>V7&ntYvVVK`hxw4Z_sN~Bp#BR6^2R37pGT z1Dj`(PM$x)t^Bc$%_kZgDbs?_&wIue+uUzpy}>uET;=1A)F*)A>Ata~GY4hAc!A?U z?{U63R0JMe536-g^k(*$`+N?+OJ(#XPk0Vrn^Rty$T*_`6p2GBZiWkJ{>w7+4g|H2 z4M328#NL_h?{$DR4^iA=7M|n{ahQctX<$tp*M$UZN+xz_oI{cx8*`dJ7 zuF=LPSVu%73wwaH{>HwHrblU4zy99llp3ScT+Mw7rR)7PJ^rA!wpR1f3=q)%h-?9K zK52(MxZVT~sZMJ~do{4JL-m{KI{J9x5!DKd$(}V4$Q5i);pa(WYKq|3lh&(wpC>*+ zMJlvE1NX)k5PT%eqpH=J7er0}#EOfJJqW;C+V(XcP_4kkIdOF!3{~9L+ z48Ix^+H}>9X`82&#cyS?k1$qbwT4ZbD>dvelVc$YL!v08DPS3-|GFX_@L!9d*r0D=CD`8m24nd4 zMFjft2!0|nj%z%!`PTgn`g{CLS1g*#*(w8|sFV~Bqc{^=k(H{#0Ah@*tQgwCd0N@ON!OYy9LF`#s=)zI0>F&P85;TXwk#VAWS+GnLle5w zSz<>g3hqrf#qGfiyY=*_G1~|k*h-g(AA+NbC~N@AVhf6A6qXmVY2Temx2|X$S0UFw z%*D3^qpS5e`ZtH#e-p_hv3bYtz!vUA56&MBhN4*snI=g8YNZ{TYX{~dPZ=Z_gk$3Z?0ZR{D-aliB#|SEnR`T;N3$!}02ZQ(F`K#y94FLke@r>i04JrfBacpWL!tC&p$j#%e~c zG0Oa(wM# zM(Mn!CQ&`w@usAmfZg29h)&o{r_NeX64w5N5WxG6q(-s6n3+LYQoV!fQdogT)Mf~f zrQ*(MSoLcIu2Zpl1bcHm-1-=no;nuG(Rr?&=9Dia+wfu8KmGNY@a~FBD`eM%#b5IC zn=aI`v<7i^08qgeb@EmZ1l73Fe^)VHH>vwnl#LfZYM}d!X*vZ=X-Kmm)|p~g8rR~7 zTHpjqRDXxKte4N;M7->5uZ?~X`;`Oeoq;87kGDaWGMa(5g9dgC3{EpOF1o}w3Ms0+ z270RrL{cUBU0=kwNClDNSwY!Lm!3n$dY&svjk#S0d>tPZn?&G%Bdtl_HV)BD3T&C$JTZ)yChEr+){ zP!q~(%s;6J22$ep1;aq;vT%}A@4H_e%j*18G#k|8R4HfuOLp~*H8ydsM!zd^J6-{I z0L19#cSH6Ztna?VS=NwT9B)9MqJAc(Hd_EwUk?-sA$*+!uqnSkia#g=*o}g> z+r%Me7rkks(=8I_1ku94GwiBA%18pKMzhP#Af0}Seaw|!n{!*P9TQbotzCQLm5EQN z>{zN@{lSM;n`U!Q*p-J1;p{VH`75=x^d=n#jJ1K1%%tgPj|GD0Xz zq9fV3Ma?HtM@!DivcDoBi|RXcCu&(8=pz_F%Qq#Kd@NT0|MtB&yqr?e&x3@7k^qX=q=oz=wvkChK5$_^jhq9 zhI+$s(bJ#2(25kdPfP>T<$A@3xOU9Xu;*O>W zPlGz<+y;?kBjzc;6Cx`rv_6DV)$7dgS>VSX3u8DBYT4@c~$tokVRZKT>AAJcn zM`3)eO!3jw64$ia2bI*ky%;JvZAew%gfzr@2z=cx-FW{@F2|Z2yJ)(40FvA_tyb$4 zHp-iN;@m7h0Wd7=&Re6T*H*wT&g*@8FgUyIHK5&0SUQ1)UCLemXi3}48~TLSgCCyk zrp@aYZmn?H^Jl<7jH)47mR8%{zw5cawx$r(oP>dTGqsxPPP=R8-^vbHS!I{bImH+d8&wJ9%Q;wmq?JKe27wwv&l7u{E(hv31^a>U`O|>aMzfL3gd{Uh8TtBa3!a zM{Iu}AI>-WSaizNSJ-FtewydP57^1>j^mNBnaaxoQn&p9y9&-_w4i7^xOT?7NKl?lKxm79T1T;#zGve! z^z&y}PFN96@n!`suxGzHHb%{=V`PLBTAb6YsDu-M5z|b*X1U-HtKvIeCp^%4PTA_v zr^@B{_qoGaW6!xov5Prol9ez6kdqH&(Vd~>o$?gruojX(F}osv#OuA9XCm{BA{HQ6 z7I#HXLktMs2!{a#?(wMAlBNdNxg}5ft0q4}Erg)PFo+~m7-_8kEk4%&n`n!qprR3_ zRKcyO67pN^HTAedB<#V{RM6J$?2A+0nwfZkx z)#H~>#TqYNMDy~b^!AI9>aavY_!YH!u%px+~ zAR_r);-C5#UfvaZNPmjHSuC39+iWbb>#uq)ntooMYNm#v%L5gx`qHNM^>O%V(&=$_ z)SkW9)C`tI#lQ5oYR4|5rnABn0GHiGa>kIEA)V)lr~lGU5$|u7S!kwV34&t z#Znst?`+H+{F>XL5Ihe`v2bcY2LZjt7?Bt^Q*1(5Xcp&jtGCX0X8@7GN*e>1pKz{? zTsY$-TL0JWaic5zP>F zBpD0yg8$LFD8iM^) zk-SPvJ|)^m$UbXDe<1>130Xcxq=9HeXVixa5li>o3bOiCmS8->t{1==s+|s)1#Fxf z`>r33c=P^?sE%sIN{nLrVKP2=8#A#L4aVF0&5hX+277!PfIi#w^-B=A(-v7xyZMmjc^*yX$#oLqK zZ9ANck>T6&l`fxVTgmj2FMyTGi}%N@9p_{)5@W~|eKY+}O(1Eb@~8MeO%U*3OJV&~O!Y|BfsbcWre3Qam04<^Ox8b7rmU*W?BC?5tQ&Maqv&(zE=o#*zFyM3A~aLQx(BIxtIGzX$s zVzx&kS;C&nIUnJf=0g?za@(IQ$b3sWi-$AZ35<7zDuzQDl|s$cdI)pS9|?_@L&YG= zTz1|NMy|(^-ZMSEMkmyA*Ec=8U#qiWonuyZ>vO5Uib@8!;^$YYmuBR+aS?1{mN|pv zw-8JT%`sus&h{q!ics^;33&wOgzyRooPenPBHseN0(uMGO0M=K4B# zfGQ7bWrup@w+0D8zuXDVG3`|9WQUIU2=lfs0}uW&$pO=+x%3;BTP?egh9}g!y|nxQ zF7c19A0dClYKuSr+0{^h;p=f9Z}r~jC}s(xg1yzB|3z2;`K_IX0kqq}KEYNiMmwrL zR11gCd%Misw-RpfU}^|g2}g%6#Etdt0G?#sN0(*BU)z~$KoK{Kq`9iHM72 zx#?+K`4Y8`;N;NJ+f!qAkK#UXrFMqzBWj;wJTv=9yxWXYj<=2W?S}YbPJurHi zQ($FF9S}jGm#Ch5G_{9=G&4K1rES6e)EtmgOi_(}8r`}~fLVtU&2@>eeNlYH>3oCK z-!_xrX%uzAB(J7fGqJ$WVfFlaX$_^-S(u6ywL|Ek8l5*sT z8D9aA(LyK~&|Ms@$?%C~OSUB8zJuyoz!y2nEHMk4VjBmJdxc06{ee>417r_Zx8M_f zQv&2&0cujOd<5@MSTY9gXQR_E^F$=~C=15`95Ht{YHmdLk$@3n#NUOMK$};s*lX~Z zj-hg?05PqDKaXM*=@C*FUgq$9FSP4gH_)(EMoJ6Vkgs{7exk&Q6_1EM;VrM=HLvKN zx7hNZad6+T$rH*0HD{xnW|(A;fL<{)@*L+A~DI2+a&j9;VV7>2~< zOwYgnm%NW?RDa+8Z;c&Dn}UQ!4V=-1_4~gI?EYyNM=CB-ToUF;W;(fN7&0R;6*M#$ zvq5<4o!#$u zL;H83)18fEmc^I%kG9Y0u2a8LzSGT&l-IvE1-?m<>GyN@RiOc=MG0pwK%(g}7UrlR z%-M&;96}o7L1r8apQ&v zS?_M`X_R4kkwW!jor7h&G=I3cyLo=WiDB0_Gi1V3Z<9=>`A-w>Q89bJ>Y)nS-T|=~ z@1h8-J2K?H;h0g6ESyOVVEyg9o<40j9gBKQkt9MJkx!1&%PpEAT{s(tVflR)k?!o2 z0mU~aI_52$;dv3)8$;S9zy4g!NYM&dv+h1r*xa)+IiI?ql;2upk;*aEok5LD%PUqS zz8;1l^|}F5xF(Ao%CIC$YgCZ|0wJ6yU9ZfstHAOwKs1ms4V(xMc;b-etG-ivj|D2A zWYxMR_SLI#Y)|w~S9~nxto669sc=HX zbX$_ZzOwkuE=C*zP%=)t7J$QsNW$t3`nShXVT*uu$f8k+iyTDp@_c=Lp{vaFBc^0&k4p3rk*Y7Zi_uzwrjSgca zMtjp&+ZrhxKyKW{K)&dq@Gfe!?G-`-PBLfo;s&_z5DRcM(+!N~fXTq|3O~PQbs=qA-pTg2l^u+d z%ds=eY1sNyehE&1F?Kp*1nt?h_p`OIU`aFI@{{AP0W(he39BQ}N&Fxr(_Nn9C@|Fv zF2CjVJpZj*KW06pkPfYefvVkXhPmEzhB0ZpvW78P+6b`(DXmx4XD$i@yG6uVoa7U_hH3k2Py`({xw)s6nAe(f(@W-J| zz@YAV6gVhtFUM>qy-n`}{EY%a%Z!g{Uc4KbHQ4Cysq(A?;rg&6Xew@Z;N+ZaVY|*= zY%CB8ewT@Az-G0c2It&IF33z$Exgk%iGnm9(StB(7KF?4q@06F#2&%w!1|s-vJ<$R z#XzNy)JYP=0BaD~u#sigQN$gNdTInmz#5sK4BSByfA_#G&)Zj<2A?Bk3$T_QnC;|2 z<0|qNBOdcGWX_efUbjcIbf9DLA2^E&r#fq>Gu)@g=vUoWqV-D~(xUfMfaCeY?ig%5 zNlo{2#2{?+Ykm2};*J1&Ep^Bz&WB;0YXN=I6)&JUITYUOUDcL5p;6b?izK++B7%r5 z9mr&h^fGbKR>>e`KebYXfs9w~PV?6xQw%lJOA*R&83!gvx2_G^Zzl1NjQ*&uWXlIJ zA5d%t%)`R6RVN`l7|hlJO0zti;vgD9yyKBh-oiXL(LgU}D{!LToK9roJSM_z=}gA@ zV0mkG5=+m9kztd>9U`MRFOYqw_R@@-88|~TY&n;wx0Y%6<;}H~Vhw9l)<<3|O$g znOS~HbBeb++hP5w^R9fzH*%%;O@OyRJ2HQ!`5r6TvCxLMt;lTth4BYout)}a_|rR1 zP|nlJjcdDbp~VeGki#sSoP(U~1 zzvfGSEi^1h$ayZla(pu`eFFiu-MqSdt8cz0qRmg++c}@ChaW9!{X)T1I}H&3h$C+b&J+B z&WGhay#y)vpbmts^9+1um2a^f=rUg9gc(vaIvdu9{ z=g~Ari+YZ*_9#%du+x0Tj|uG&ivk6<0W0(z->5&_@J!xrKJh+-N7(ay9KI1^9DKq1 z-`Q>5RXJWR>^gJg=ceSH1FhP&;-(b&yx3;%21tElpT5B-^B5lRW1stx=Lw@yl4K-H zH_&#(_w~Tx6OXfPTcCLo9$$?1c^Nx?=R`f{P#LiJu7|AN{H=1s9vgkea6`f*yNy6m zELFO8tlEHRx_O|Rftnf+yTTazHib2IaSS}hRg2p_EFj}MmiDQ$RqH#OP&*!>JX=+E zhHHTXEmdmJGX}fFret#wSWMoxwfs%78tQ;lJ+%#EPSxrJ1@y5{w3>3s`&VRTmheQ7 zm(`N@=UL#bJ3J63M84cI!+dq8*0Pa~cm)*vOH>96OZZ8rI+@#sxvX%J;j#2UyoI-P zoHw?w+>h2y0-i8E=E{R&#ky4YXy`dpzp?LN@i=(bZ>Ps)txu1NjX9j_ZqK;J7FkwVRy|k|*99~?Y z`*dy80oA`CJ_$tFQGtxLJfj|?%k{~!rK(wP%(jJ&e^AP#2mSmhEOc8GXcC^~u~)IG z&bB&9qn$v@0V@7Z+WqyCihnp!(NDz!v+(tZ6+efxni(EuvIZgq!%Q;IG-q zqF8&i9!)wS_%M!tY{yK|t}-+MVeB2X)^xwo4U+^n6ZT(3n^9s0^N~ZpVA-p-|=@^inh<~GA#G0Fb6cqg`G}K)*o{T5?_kIK6JI}m$v_ol&8oO4P_zX{TbEI^ zP4gy_X(a!@XOe=(Mp}U0!7ra+gbWnl2qGN(SI*+{5}&-NnMCpgbIjJJMM#>k=g30^ zDbJL&s-oi`3YUeZ9y-BZu65hbFPz;5@(6>;XEhacr$vW+pjdI#rGBriL|0cF)|$5S?ZhrZRY7Vy{kdqRI7&X0dtGtm6}Z)oRm-4;l8Ds`lB z1{;=7P~qZ2_n6wIDqX_QLr64UbcGnv7W5MkBQOQpPgUnUuZmy*Y1;{C(bD+H71WwI zFxkY4N6=#*ys|B0K*aJKZ-tf_Feu|x0wGE^{ za6HB=IjXDV7hj^UMqY@8D*!&A%+%g?A)#u;s#rUkuh7i!inq{PbR#Dr|8ZT+Wh(ZI z1r+upwLB#jrdiBGjm$~v%G;|eT(?4SqN&z(RF;+MW+&TN%T|}sR;8Dh>e|RrS`1xo z;obvgl5Z|wz0;94M2z-Y2WT6-(${?#QL}TPndp;hQjRZh6!1&D`+%7IvJc29LIBMq zvwi(+IZ(P1qKSTq#x08<=kru=S9oc!%gVY%A{T9{D%p8jSYCIzFy$TV^U4-RLFD+w zn77r`QwzNhX2Pbr7lOF`qlaW1HJk_R3Xg`iqZN?BZle86?}o%OyRW zEc|gt<9{tSk0Td&`c-N?)$%jzYaJhoOAjaF;6Z6r1}Rm!15{WMTw!4o5~)Fo-HoU_ z-&ujRx$TNix^SgDySgxKt>YCrB`EyID}h2#B6*Zab@La310Ghd_ma8AO#8-ulwSnj zZ<5BIUzZE;5*FP#&vkvaG!H~2tU$Jkd%gFw`T!S{2mp9?Vh1R?kv;~X`YAwb63>)? znkAD~i^l250{N2CJV<@SZeNTq!pqthV6F>e_QO<+Mykoxd5^JzHJaZeQZ zhJkUxQe7WRdWlz!MRJxF0W`KL@`p~)x5J(z5M;XocV_|rgnnd1%sW+|yq!Q`G&7GP zY07mPEwX@!LGr!_kNsDN#hMPL7#l zlc=pE5aWH28%^Dr5#obbnK@SMPeMr&YC`p^e?y)lV?@3LQVmf_yWw)b$Jl&Of#Rp# z&|KH+IbPYoU^~mj`IAFEK^Z{Gyzpb8*3I%bzXzl%M=>mC%Q2%)jr6JJ(KPB8q85*d zB`H_bk5V~4&VPE&gUAO>5~Zr82#kI9vNGHonE(8&8C(Hj-eU@GWQ@M~+4I^wF?8-BT6Km@x@%lir9`u3T}u<#oKmr!E| z2--yCX0m;Giv$T$>#E8290L1S=M=3CD`(J9s?1X>SX6lZ4GocaWFnHAC)t1T^hkf* zUD3KeM&diP@80N9p%T&fLe$oqvOhhZt`JxBO+^LSf?Q@z_`9Vr$Q6~<0L2-m>O(g4 zOan%-sNta~Xk*}&{@r#)usawmHs1u<1GjQ|b56{BDO&snX)z?_ zAankXRi*W~FHQC%{R2T17EVv=NN_~B7>6qS8-oRfDB^`%jRb@OLn=Vxce}tFY;7n@ zj#*voq%N#N>y$Y|*HtC2U!S=)^IxgQ0-7$v2yiqNXRM zwteC_-%jMY93pATf5JRZt)5Ay&cMar+UEM%P_tH6YH%!8xM83G_bjXj(q~&xt5EB% z3%t+9ys%^4AWWnRiJ*K6xjY*LNS|#O;pS)*K=AB^uJVW_JHF`#iYDK!(>=WUhh6%c zX>sTwaqCCJrW6nIY`0WWbIIb}bAzF+1oH!VTEEkh=Zo6npGn$x%=adz9iX3#tW4ZG zd<(6Uxn#z9!I5&G|DBlUn~4sC6q09u=rux4?hdLGj!_7Cw~W?;w)!zdM>lGL9?iJ}t$XPovsz-)cS-!LHv0ZC zb4AsYLrHn^FyZ^K^RfN==H_K5|Kmms8C*LII4c6rK%~mwn+cs0!Hx`!kJU7zAV@+T zY78x5H8b;aj{WU`xKGLdJJr*0Ydv@5KHQ6gH)}c2!V)JwlsWfdsGezcK zvNM+<{?KLS;}dCbka?fVSkA4*j<+1;zd^mMTl-!=UrG}%Dar#cYGiWKt*OnI2`}s& zKuJNJ^nn0>uh!6qs230jLkzPYLh2_ii7q$|O>AsUP2s0Lrn|+I5<#4D>kLax=_gwF z9%;kCQJZOVwWh{(5l+S2;i@c9Ea^@^d5H*?CXc?hq}byCKRwrA*C%v%mfkhaNtGo( z6ZP->A4&OCCWA#*#FO}#W|pFnPK7yjF|1x3zOLK4rW)-`{Id_xRgaYRE<$eQ5uvhX zwf1^~0@8-xJluw=SU}u}Dw6aJ;q1JO9ug~KY0 zc4j+Rx)`6g89&yl&N%L(+7`jSN#4N90mygg2v-%B)UllG#o_hk%4qb{}DFugg+wjSK#BF}Y6uqK(T} z?kzHTS{^k4!@fD4XcX#W(^8wah zxhMD99Ne&1gVtZZcgbC`hyPk0Duv+(pFsD@Nk!o&HRyRK5G1T7+eQevJC6LPk{?9c zQ-J=nD3qA?mBsZ7LMZK)4N_>F2_tu$3G)*!f%X;15m2(%QTyX5jbibaL(DZZ?^X)6 z6IQe1C)xidS(*m&S%Nxg6*Wvr#c_5a;M1(O#!UP zK|w*!f?nnepYPN2Q*1CL6QwdI+R$^%?Xi@THq}&u@#=_#DZffv#+TLtqCOXu9c<0O zBsjTGdF-y+Z@mK*MKeXymw+sY=m5iC_W;0f&xoJ>Z_(Nj$u*A&fs%=i& zXib;4XQuQ`Jk*=)+;=g|>19uWnY|Fm@!=U93(mB|GesI4Wr=-T+cXbcT)0}e zk9@N7!pP7X;)b3=9w&;zB8_zwDYIgysR+6MlJV2JZgTIABOgT$H7|24>D8+#;3xzh zyKY%iqA_a64CM6~S%7)I77x*&ho@z-+9T$)J3p7ZAAvXTlleQ)85O-Aovu)#(nBFp zlZv+~J@s!EXPC?AV2Qe2x8xWM@qgW+EK=kDvM;^m-$jX%#8X}}_^WbZAFz~n4^?Xl zj%R5)@O^*Xqwo3nF0=1jxhKO#Xm|5ZH%Ot*~o~Quw z_cI`0zS0)qV;eDMqE&yp@f(f!aI}g#JA3@l8p?CR&@Kv6EZIB?Qasr@Gt@Z{w77Nv z-U{;yNYdDIL049ee>V>Tr3Z~994}6y+LfVe( zL~*qRBcjeUeu*d3^?P%t9mHjZr3zcH#b1=(bHZuj@nb&CSkplmQTCO5-ncOKUr7>~ zXO}(#MI0}p_XUBw9Z{>_&I}hoUH;%ATm@}@Ytb5^tGOt&!%kKyT~|z0b_-_?RCARZ zLcxg9h%d{=k%-3K6b}W*odahEdv~P*`guGU=-EBpAXK}9hD!(mCb7CfG)h!eG^FI5 zd=4Io{XOpVr+hC9GHRYg2{EiG9pbO0{pc-`u!{CO2&6VBS#c?uQcF@Ge1pz8z`x7f zHE9T}UBeEQwl^S|gy7HSeu)=DMQEd|gKT=|>Z0d0x2Brl>e0Q*+NDE2Z%mv2r~4?* zs)BH22pO&FW692q$)y8BkuyA5=q{G1BlUhq1an)0@}`oN?EEaV#~%0orHAOc%vR{q z*;tAA6OP9cdMCD$ae+24Qm~2WV^os>Wz#8!J5r1cHjce&Nb+|lF^e;j^Bs&p-JGc~ zKav4|l*k}_e7EyWNLxyMK5|AW7)i^q2!*m2O?(+3 zqby+A^sT-jtH~dn3!P$OMc{Pqj?n#pg7Crsn{p4bJZ}i!``h8~b}(@ZpyEJ+ZW^DyE{7Z#gl4O)5m zjbk$DMFbl+chBv*PFd^V$J6J}hZ+3qBvi5k!tI_S>L$TzcJ^*G+St!ob6TYl)tfN? z;`rk9+C7v-`K&b^3?Dx02XH;WA*noz_@;rr@7b?!{e&;*zzHX(n!PtW~ul z&|=dUNrRvwc>mRXpQk5&-8k|D{su?2jk5!p^G#(vbx?!4tIQ>Il)tb9 znC3VL0&yIpl}_;L7*w91$b^Glb%SBKJYJjTcuN?=rjSt#n#loPeNN^GB|4QV6#|9A z))*lnJ%TH?o7n-B!{luw>GsRBh3~I*pndrHkLfbiN>UjYod}a51nzmD1+I0(7{u`r zlA9>4UXUc)z-!bi7JWd-w@wwKTI>{`9hR1r15}NZ1`EQ*5she490`UZDi{~)hLQAo zF@x+OMp^;QY=JO+x+2Qg;;>mIgf=Xmo^UY0Bv}V83(+id3?Mv1kz18z$0;fV^tm_A z!e*cJtvb-M`dwsOP$-dbF6uU5Yd&C02k~DDA0g?;H9dbopc?PCHW8bAv+1xXzXd!O z=bs!>6tU4sZ00nAP~*Y@frV6L2{yXW)wS2JPr{^!5n9UpOZ(@-%sgtOXPyQVQ0umj z#|bhR`~OAdK?1RqGv8gu00994KtM=RP(+H`^)6R6>^1s-x*RQ7 zWr)DO1*QM_-!NK!6}Zmzcz=fY-cT3weAX9u+-qCImEls)cv({&mB31~sTfkfRfSU9 z@{dXYKVzUjk4~#tJ(Jl*gbJoBq+P2EDx8xF>QB!Xr{_D@l}x+DS2Jw%PYzv#wr4Q$ z<{p>C>mQc{_~j%mrj`i2vup17g&@6~3r-)vgjQ}vy$vX4OsqwR&q%c1yrRY`CLUFV z{F5^#_Qw760bedcYqxO3Ym?KmN#AZdos&wy!>-x!nld4=Lmwf)5eFXEt2N8Iu~QxU zWhsx^S#3sLoZt=#IX=fu>74~JaBEzFwQ*Ew%DaZW;C2b#FMZ6?)-Rqv|FVK@{dUR5 zVYPEq$u{iW#^I@nmdSoGl-=QFN%G%3_toixR}MR>kbQbmWkLJB8S!{&f*kt2D|G?z z<}kD%#qQWOx+6xG&u@#;zXQfCXpHY`nN;(7PYJ1{<4tW*zw)l)3*&h1^^I(YQps}i zB8H=1{BZ7_mKGn)uj;B>p1prd=_Znix70hLVg6M%uEAvS(nMw|Qrw1jI^F()!-C3& zOp?`_DhrI>MoZJNcGqb(x_b=q@-iLhxTW0DzMt#9g0IPfxm;jr$3;gjS=-mVARB6W ztsy^bdmzeWVb4lNyELxF=1qS0?7=q3UL}}s)nKQDQ-|8(A~ke&#g3l#WP`@%Uw22? zB)w&2o_*2U=pf-^*y)C+Da9ck%PAFlPpgQ(dR#wP9%Z2=N0El$$fXrdZs87;i^-C& zXE6y+u3L-}y;k80%=MJv#%fPz%`^BU_3`hd8prA}Lr>|U+Oc7ct3@844p(p8khf!I zrX`B(z)4b&BxATa7wK3*4L_ygb7}WSJpTf~E;UYL?w5|XuB(L1cpyi#hi$6C4#SO` zYEZT>4d2N&MRgWadgfOhb;v4S%whUtMwPiTS75Z!$IWInA)SZHK%ixRWree_0x^?4tck^;}2eX5ll} zQ$3s;24vdFNEq!91S!!HNtcb#`rsV65H_yl+SsCNpV%AB9$hf^FcSg89XBzCduf8r zq7_K2+e^`mYkFJ|=V7htVLEbT;9K?W!9s=@*1EMVC&8$fB4t}SJcmER&6$rwdI6wI zp`@w+t>nlOd_al$CSHl!zWkvr`**OUFZ(yyQs=b=+16^F?cmcLccS|kNnHfpbz}y+ zV#VD(^0}rdw)0xQx65Nxyo*)MydMApuvD4itFO5-(yK$pMmDYQ5qC z>YI+^l$RA5o+1+kGO}l6qs*?<$W6-U5He|J;D}e}!K$EJcbA$rT4U13njeXmUWV04 zE*(&~v=J+wZ#wNB)meIcT;()U9*UkehG0O#b`t2MofG%By7p%!z8goIN;Qw!=U?(Z zXQIu)LM5u$=Q&UtL#ebx@zBKd?u#VPLds9n#p!FWEHr*k{0WtXAA}6?Sr9T{ntB zlb-DYLh__hEgQ+wY$KAZh& zt&aS4yp;Kg{@0JZhqpmXX%=86H-Ppe3S$=9LlRDkaf6p$%&H$n*X1D8<+2f>4syKQ zecCRqs12xWrI8C$2l&dto;YDkFnx%!xah6#`qIaO&!|S16m{T6l1s@JxC~txbpV#| zk}fu78*-_opFd&<)Ghrw*T^F(gm!-i?<-v*^%1X_TP))>kk2?ud zS>ABr25C^WWbW2A_G`(T>sQ0W+8b1yW9omVy?$VpN{_*i_DXgI#L9*`=02#eRg;M=HgS}J9^gh_9dw?cM2yCSonba zrkM9~Z@{}d^CI1%bV}4Oa%$+4biTEe);qYRO3qzE!$ZD~$CWauy#-f%&=%{&U^UX+ z!~hIB60(p$6*T*D_k~Bi{0173X#Ld0fwhJUOPakRaMlQ)3YkVBx# zg5knbl=(sY@Tiu8tx-ohlpN;g$h{F79#p!7C8)Le%inWP^DOB~p4DHV-J z%iRm{p|f<1+6U9e;@N};bY3A^C8fb2H*J%lU4r)6`S8^JoA7txgYiV(VZ=#hE3B;TL6vk(G(qY_W z!POO0YKZ-vI1SC)sYD#G;emLBMVFt4Ej(J~FvIPe{CDkLfm=Y>Pwm66S71Ztj`3Os z@9#@NqkqMB9WAzSs(>z(#CrZ*|UuT27M@1;t zZUYh8EeBojHewBZ)>j|%p+X5BY%J3l!Ume)@n*gy9%`4o$E1H2a8OZo{WZ-OPrsI5 zn;3l+TqmR$*P(Q;JJVe2Df%Se2%sR- zpqj9(xHtFlijQ#C#2pH2HE!G7y`#4H%Xsw=0o=d(?;->v=_AAEo%HI?v2MZNOLFm)M@RZds19xmfL+ z*|#nYtu=Hgcjw7Gy&}%1%S2>>v$8wAJ2R~+M-kNn21-)ocgfmrC-ArQ-Xh%l!S}+Nf=QLbte! zep3kGSahTxx~WCY-IbL{MyGt_qY%(_XX3GeEA)%;x8`3hU0@05AgN7g3Oy?a+V;Hg`*-ss>O+;-AIeMN=up-v9_UVbSd##|#j*F#DP!Td`gd@>xDb?WLvhVQ0Fq+?C?warby;8PufI~? z<-x`!=fDNS#g~QK#b*D~wDcQtN9$2Rye2K@SN^|IM-qJaeDu}~GeHQh)^sx^YSw}V zA^$P=sr-ZbrAzb0sWg?yH1d7Wy7Y0r&gI)2GCJvUs`81g$EIuze3XV*Y#w3&Y`S0VSRR_xr|q6*|QwRQZgI{ z9k@Jpq6J>dJD&D?SWbqg-67GR)r=H~73}CP%VZGiA^$CuoJsX3R?O#lvMJQVc==e} zg8@B@KFY}*)1dk5MQM1<=aMq$eXK5s7R3y`VZ4yjU*=^)`#4Wc#G3axQ-1-lGwk7V)I^lqBYBxsT0Kx2?zkRV8*_ar!tkJt z=|F*IsI*-eOxopCqFj4awt>@kgXY2S9RTy((EO7v<|`_58AtjJm`_I6+hS}M8iGyn z_x{c}*|HIA!gjiYJ7I&`Xc=AMJrz_UQUMCj9}(ZFV$nfn92bZ(o6+ZX!;3inf}!|B zw;Xg|HrIE>_rr^k*9sr|x^slE$-fv|GTpFfHzJBNIzcBecC?-;DJCA5;0Tmo0D zDkKj%y8mPQYnS+kI@VXwb6ni{3zyv0t0eB0oa3$Z$_+zzHe)BYf*-?J`G|k3dd)8> zI|o`Y-!iusuKN?Gv3E`4zo?xD(Dk6R9skkdGOaebO}zw}nI;!jpYJW8BOWZ)3Bj5e zx#CMhIEXnU~ZtFn%w%zMBj{~So6hLKHD34vBImBB6|rr=k_Ov9TDKb zjHv8x?aep|-NHo6bZw~E7&z;lfqdX7)6_9d!3T%O%i+h2Qy8eO#Jzu97y_0DR%Boi zZskbi)tz4_p5?G3RN}xVz)_VC7q~7k757;4Jkcm*1b>l{oR8B5A(n(aqU2MYFPpVB z6h&y5q*B8!@;^PIV@`WkEl>P_59)go7fUVT5s5G*^>im-k*|s-$5wkRp}EQ76+Ugj zIq!eLU!gEOZb?$hz0Nd=-2hv+OEaKb!CToAt`hn51=q`0DETbq)jvAF-4q1sk#2!_$hgUltLx=?;T2fk9Gvi^`h@3j zR&uPc^HEtoq0tCt$W$3NxBs3N*XP!q*QZ75Oa8EYU7qIO+Fg|}YnA-+Zm7E?he&Gn z(AN0GyFR}uX2}`m7h&ZmOt0-I_21pyb+NddB+Stfe7xs*vz#j`{sX^tCE}YRD%^E4 zBDjOl`FAUNnt63d#O!&I>x*cPXld<~b;(78#6_cVXV_SgKgMbR!m}^f z>2Zqo9XrXZ8r%X~!OMUxcEMkb4&r zAnz}M7jly&d4ZP}*|0Wqm5KCVeU^iDA?5RPpo+xYb z6%IN{rz>_6!{12CoCs)<+eX?XBJ8i zR`WZ_Fx(qnx%dyy(NMo?28O; z-Z+y)dMKc{Y(WBe0QS2<<+6vl>x$12LGh3Av;PrYZn-p;M6MM4hQ!pmLfci5##IU6 zs)BR1Xu&DENU7-N0JSwmYN5iL{aO^r^Ip>_oaH0nWGEizG-=y7Cz?v!P{V5jfANQF z4-avR%xP{HbGBg?@5|<0>Rq}g`@701KjGl;*CWuelQ!k)D(`1d(OH4R8inw#Y+>_e zi7c*o;0cv^4iPe|)so#OLYe%rSM2Slj9-JoEFm(^=!Nl%%U^sek|oG`!HP?^E1Y%R z!(|EVWzAaLJB)6RaozREJGc*39Tlm~n943AQZ} zxZ&%U!!a$wR#p0hG)dkF;NeG9AwCww8KmbS#%b09Y%L|}A!8ti-} zaK3ggH3Jg7HK+O&nyt|aYOmF+`N0s&Y~xbzzzLFjnPtxjQ=jm(yg5^D=vb+kTl=j>XHlhNK5n z2XGxTQ^(Nk(5Yn1$99jxX4jp^;DLcclXrG#h1(96y*!pJr@c3V8%vLKyT5*e8bLmb zqJ&d}@gokjki-s!gXDm&7f+qCn^~`8?Lp4)v0p7FqLVNQ2L);`F>Edas{wj!ZeS&4 zuE#B8m(>8`w3r+Svb-mQQB~NHt^DxfwPU!|N8ZgB#iltJ3ce0H%gM>VK4mKuBz_Bw z`qbSnzEXE1a>Ji)l^hx+=IA66VBY|RwJV08LAR64Kqkv&Wei5^?(SV1O^pZTDoz5D zLv?Ec`f|yFK7|7RavcaDE9G$Ql)G9Lhx*&1IwPaHTENXoZV_<#0-#nD_=>dOZFAaF zPo6y6h>h01UT)Rh6VW_|OaJ1JuH~`qiQVBfGvVgQH21epcy)N2(9(ymoY~oca|Kpis{4TTYxkX}3){rPMoy_j)Au0Fk}LiD`tK{%8G41l z!}o9ErvR}jd*hiP#QCVAKQO!%PM&!FmW^cH`A+y2Ea;{A53?yOOMep|!ABg|!UHT_ z%fq>&Z6dvcusl7km06wysty^a|6TcdtUeojF$w}dFcrb-B#B8p z33}B=f#s0%7e1>!8^mRd90+D`6`>IP@2@SiXhW7B0@pbRj%_5l)KC2IOGL#o1Lw%` z7fvSn1I{QN2sz;*lKw^lie-k)(IrSii!6Q;455=K!1zZ@P&yIPJ1(2cUwDi^QHp!O zFmb;D;SZM}wizbTOQ5{F{|KWrE=QUm$s=+IQSXV>>i?`G5s(h;T<=X-5Rh6-5D=RG zUq8?(3Jxg$aaA#nF@F@Ab2boCj5sM!V7g6G%{@t@RZvilVaz$ST433YauhjJ%*P9tfk zK~UTVHD+vRo2UoD@7{c&h}XTZPj7IwU7VpDFF&@M-Y`o?#C>~y!GVH~h+8D0-H9V; zZx8NJ&%0L?;11!CuNVLSY3t16q3RkqJ|?nOV;e?SmN7JzELqA{$U2m*tn(=QzLYGX zX+(N5QC-=xuaPZ-NGODalET;-G+EL-l~Ufk*F0@{-}Cv*=PdVowtLV0W9~io_iN3L z(+iVNTydGm*NiyQ@m23L>`pLAEm6ic7JK4cx`$NQ>LbJ+w~GY#)M-7XJ=CB}PgvbF zD^Bh>sGV?l%+8YiP)aY%Qupb+t9QNieMc<@i@oj9wD<2>^#MyorDx1al}A;YbeWKy5iM_g|DkJ`>%5{()W ztgM<67>~4rMx0%{Y9QGQh0$;`K*ejnhC2xoxOTIr zE>n|L)B8t1+1e-c)dqxim_-+#^r}1M{>Ge|>UBNi*2kJA0;P)PWB*km_{h^o**ou^ zsm$8btMa+AGb)RuvQw2QRW-Ue!jRmkq)wiTSytqmv0H;@Dp=vGF**qW8i#mqK`+t< zWTVK}i!*j(6$o89ZbtQ@_j|any;@#<^i6_QA^=$yjJ3vGv9uPIr&_t@75e1EUjQ{q z!J;nS`B7OlY$&_#Ap9-a5gh|5azpg8Z{^q*B{tYRd zD?aRkDFrotu<`BswHuCcX(V~Se6Nv$?BvD4;eEZ;&?}C1Y>pk()h|Dh%d$046jP&} zd6@mZLFBt<7RcsO^9w*-`Md;0Gj8nl_KV)sYMSp{^4gm__xT$u4PBC6X}|6h@Uj*e z;7B8zl~Y);4YI~wM_YXQa6LPn4vOJg3J>E?Cgp?}vAuNWhjkA^E}B6^A@yk{->SjMlvizuS|jYZcY{TyXS6c6|_`N|D0iu4K=6SU=P*Pu6_!MAp?HR-mCpfA#Z$F(s+k zHk&Fb0-?e=BZ|(6T*s}OJgy91-Ayu2*)6yD5QQY%y3!alN^w0sDmUIeG4_wL8Itb6 z-_o{ne4V%-6VHtzSktA}?K+&S*ZB!nbZE~}$D!lvoE{RsG(~itw0Hzpgm^V>@^yis zc5(4lMLm(Lf_6@geUdzGed3iNB~f+`ql-ZV%lu=Z@@HrdW8B^b`M2@}RI*M-cXuZT z{=H&mHyC>R>j}d(2egu=eDX_XZ<=$~OW%!-ndO0_{GZjTBwHZ6t@(MG%F;`oYxpOQ zSNR2mim^8%U)or^Oe8k&MDw0gtt2<*MBlSLaHKmMEO=fbY|zJDJln(>H*=wp&!hiv z5+SSFgy*l~B)_g_Ma+4|s|HJNc1J2|#VmRo>q=|ozGt!S9D;n`tLp|_;^mWH@K%>} zWu4|xH)Ayley*yIQL%33T+mmE40HHqorHuW$KX>UCLS@#B=-!bIe*OiO^)b>u;A5FUzxo?HC!@vPnv0m4=6-T>(jY$TEZ?c- zaL+ySPYp@I!u__#2rHI?qJ28{e!4q)FC?Rk^!DEtx)OV*m^)P`&{Ifd;94R_z2Aqk z1i=(%ji}?V5m}fVA4O|sAWqiv?_oaOPcDzRyyIF;rWAWnr3r;c4`&*TL*E6-q*%zg zz8qj{XGarHl)dXRsdryOJg}765&TI*w-69!d)`+vth~S;wvWjv5ZH0IJt)S7PW2># zs&Vg5Y6ijIJ9l1Ix>|%)j`s@F-eqO0K)9NWl?`4+9*ih=4!BDW%_WC&hwoL2jnC}G z^vz?U@Ags}Us4)Pm*mc_=JicfdtLLGiMv~6Snu9IO+V1+zNUO4BQnPK%9I!&1_~GZ z>THXu6y+SH?fPia({^+A%g&km=`+n7DK08=gDQL^mDG0orA~FAy*4IDE4Qq(jZmNP z?P365ABnrW&9j3{2c{RS1Ut?!DY~%YoIBF2FplG-(qguP^l0gPlcJVYWl7Hz5v31v z*BoN(^j&rztZjV1__D*^b_Z;J076Jr z!?xlt9mg1D17rC?N#-|P$z87Gql7!K9J6xnI_-s?*3yZB_q* zj}SE3mH1TO+{gHYmBriGr0N_yx!Ce7*BET(El)=y7a1aX4|ndUv)cRc4kF=HLAXL7 zS?!1!AfAv&!UK7xW)|bdU;3$?<WNZas@@+6uTG=e2qc>=e`PYj*jdmEs9{p4>F}mh@nn}D?EB(S+oig zq?=b0d#zNsAV%bc|1pFIn!dEAe1|7Bv_4ghNA3O4FAZwAx1JBPzyi zjK2(1(HMVfA^*#iRe2uHpW{CM^xlVNb4yy5(Jxju3WFBTTWryoaeWNpB~+zEhe zI*4KdF42ZUr8r=)zXV_~X-ItRM<^f)Gl4;}yTPduF<`V~UywX>WIyyn{~(~afJov5 zBPWi**Ezx7iQ{m6E>L1p10Ku;o|?qNH+Di13ZzUPg;(){xg`MjfFJ-mPD#TJ_!(Ir z8aKExxf8q`jo|vxY5}nb$vF6RN)^5YKuI*XahVmwPa~LVpS@bZplKw0NSIMxHZ2Wo zy0qs(ZUT~!P|D`;euM&Igct)#xXJ^@jUj+7_SiotC@vuSOEAEY85w|KjSIE50;xF} zY=Iu{Wk6FiDgeXabW^L18wS(b0tL%}iqvDk7Mr*&K%Nq#l@_WD^QQe4_?C)<=cqts zSjc-z68O{X=ttcGV&MTWXx8{&lcVNYB)nFGQE6jV3}DzCL1V6C`ST1^YeA3-WA?xN zWd0m;*o}mX7qQS~aZZMFFVBWNB0L|x-aJoLDJbr#3@XMXy zU)8!_W0f(6AaU^1yaK$>0VF;X2XU_z;G-^3avya05n$tMA^3(nIP}^bKHv!+qG>T! z!QnwJ@l8R!e**%xtW)Iuo8QxSdA-e*%aGUmg$@26?5EhCIgSa=w+&k0Y|sM(m=5eu zvAyrzLCav5&;R!JvzaZ@dz)tzlwtaP(f0d;#32XxP#_dxLDpdfxK0Rk`|yK-6gKe0 zupqESBkV_~P+UNi2>l6`uuFoy!w6uD`p*`)HsU9&xf2D-QxL!}eGwQ;YztgM_zoX{ zKfdv^UIRN464;i8*Mf{90!9?n9+8GWNQbiWVA==*`ZDA9sa?oqa9RgCQWg0XFHff%59CjAh5zR|&066m+{l``Lbm0wQbicUTBq8bttGcD?h``a_(MU|_#sz`#V)mi$T5NH3^>3e7!r0!_>>r|)?YmKbU>w3vD# z+xXyAnhfx^_WGpw_;OU35_JnyJxJTkechWP|00E6er64vrLE!^^HGR-RtB!-d{KP) zE#nm|yGjW@qX&7w^AM#?_i#V&xDVX)onHQ?0f0}~A%>SJ323qi_ zUW`-V&I%*7n^c=Qw>x~9I^J|gWMN33y3~i?&6N0$Ie8MCEi*wjr_1;druf($Jr;<= z16yD)wdSS&GJ39dF)J&gh>q4ev!sNPP!$wn!qc%a!REZ?DPT14#~;gBqYkPMA67ep z*yw3I_G+zm+dteG-Dzm(J{(y0y4n{QJ^l%NgDga7b&Q1?>_7`p0TwOdTad> zD$c+J)ihS1d%b-R1hNq_ZfQndv$=+CHwdaxP-5bc^V}|R)VV?sQ zG`MpON9^Y5sB&G@uWp8}YHprga>ERzXU9BnKh^Ve94m5f(oQ#Xr}q_owr7v3CY-az z+)VtLTWqS*nAQmYq*{+?7}0yH??dfumg4P|baz-_|G*zVa+qfC&9GJh*E<{0L~!JB zC?O)kPApy>p+iKk6NR|Z$(C9kfy)Ql&w6~(s^>nu&_xXUom17|NQJ zC!W#J`GShp z{)gR21Y#3FrI5xcJFz4~Y=Mo`#nr7e&&QLS!6V0^xW_}UrI5erSoP7xqV8g1sghvh zN-O20s{OXLL^}_k7@xYAN6%4T*3|WEN+;B5BHDZl~&} z^&cC!{>r83p4b2)mRfEWLm}E^u?J%nc?d{&FfdqHu>Up+SYc?xc1hZlzbNqAU0o9M z-<9H-q7yggm|Trc4LY0bHl^f8v1D<1vB{h1U~xP6c3#2b!QWjUck^@MBM!dY(m5WX zb3~Lmo?t$q7wwmQjM2^Q_O$W>O#bt0-o8Qir~EzMzUSqKq9AA&d@2ZOHv9@udx%hf z-A@kH{;21S$B+;d*YzRX2~QxO164DaRw#DAKbOVhkeu4XAhsBFxIA$d+RtTN1e}Dy zx#+CB_7Gn@YtTtE%{MZn^diIEQaRlrXZu#7g8au$c^~LkBW(i4ZT_*&mv7{-hO~uW z44Hw8d}>LR4X<18({b)2_E@eWLrkeXyuYkZ<_bZaDHizEyx;YY`4}K~keO(YJ>td> z@uT)orpYAEP7|Ga@BHk@2nN#|(0yyO7y$WIR0_^|;wn|HjQ1Vbr?{6FZIeh4n_(S$ zTkBJy{rWXRcX|@I=r#ixi#p}4xM39y{W4x#{$lLWwoi|@P{UI!37}Y22a*ZO}b((VF*`8paErO^WCTp%N z<>FN$pHBV+K8IX9p2Is6LJ}3&!_{Kncsy70KWeG#EZUoORe|!(^O}=NJ6_7o(DDOH zW9Ug28!xAm3HH&NtiRisRH{FCw96|_s%;`v`gN_(v~VoDV*I^t8ytiBA>=gx)7(}) z#l({u(KeWVjO}at0n5{~plTc`GD0_w)GhzVT^sy{s_Vj=YfjDjaXQU}RPuvdqJ{e3 z8I^kn%`FmyFMyM&p$|qO&G&Otxe9IgpO5e1ZE7+srpdb?A-_6Zfkr1ZSu&eHYN|AY zN?Uj%RL;~%!Irg)-2wts;VR0l=}%^XN{`mw$X-V^kqOIMPR zw+INRO)}`8{ZJkr@DrAif%1aH-(HSr54jVK%aMrk0PF9En zH%MNT!mPugh>L{*x{ijH)TKet#zMAshp#goVhm!_p0~i|d=b zKX7*^*a-1xuCQu`L9M{HiekBiSQ0yn`J$*EPfRJ5xty~Qm)yRw2Dbcz`oGhg0uX|1lABxTc^AgGQH#C~UWis6c^j@uoY% z5%W9q98fvVAT}DuiIJ>>vg{baVd$R_*It34ZyL{HL7T6j=ZXD zKGVCZcj{bZlHWA0wSDWvXs~uqKy|(%$5&z#$PrDdK2o&w5ts!UVaKN#7Ztt9Z`11g}{ zcd{hS(ApwuI{YHb3KQC~^mFnZ@0!Up62{`MAJ3d9HmhzD@kf^LL)2q)w%}XS*^~qS%%ns#qGIN=NbuLV#TR|pEGSRY(K;zUkUVM%e zd!=*>X#socMI;hG0N&8IDlSeAmvLz`KGE`M(?pj3nCq&ZQ1SginfsILm|eS zH@kIU+X7XJ-5G53@UV6*F_ZZ1hYCDC`*%TSH$F^~9sBIS6jh4C@9r~Uiy^MeGcH4g z?Kv`etoI%EL8;x-skig=DTOOurPqz}J`I$goshX~=SFDnq6`?7Z3u|C3if z-*`tqVlp!`ZkoQHn$!ajh*^DsADebD$yGPh2$f#y#BXWtF865&F`QwbsdD4=7O=$n zT=AhV>SpHUA$I}?!opy)s2EuKlWR(B{ASlW&pm68z_fhD?mXOEG`|*EE z8mqiOCkRh)+dW$P$&~q@%j&Djt3?&!hj6mpwNG&0&BO1N-jNMx9wt3F;sc>59P`X- zMVw!hBqY&r#{O5n=Rzd$eb<>an8LGvr?NvZ^y% z6U#A93?#Ue|GpZ|F98zK1+GjremNb1@6@cz z7V_ywkBWBAo1>I1)h&AV6h5MC_rVk-cUbkht>BYOwEBVkIp>4fUpez)BPtm14(Z#fEq|jjBK#7&zc4OF1<&#B8gHm3f~};t!6o*nbFq z3B@xY|0V_RD$!hrO8|zNzpW823?jnPp~tz8_>(T?O9T2ahz_ zec%rwzyE!9tR9p&hZzsOlF1 z1;Kz9-<+FbPv@}5xU;}3FJtCpVG#x&Lh&khYWz)?k-B@_E&+TC4M`La=?JOu`Rm%N zWamCs)eN`k)X;cwYcN9j3Anl}F&B`^p`!WCf8FIki?6h*HvytD0Nr8Ike3=J;yH0A zV+P5P8*ixF?qoy>YJQ-LAN{~DK=$ur#VVcTvGbd-zd_7Jt+|elsV|mkHc`5t%(NembP<$4=Gb1pKp5sg^O!rh**7qbcT&jeu;haDMQQE7iCS#+w6MCo znvrj`4uwQG2YaQluyN&~X;}bvxNl1qvXbgMzX+CEYX(pFTdGn=f=F(%kpGOi*`XBK zc873Gx75)Ar>HH*zo-dBMAQTdDZ{X3A31^gaSO!Ki^V@NR(plHRkt{Br8OU19Oh(M zbQK+PpsuC;XfnHm&>(36OT8cS)qs~W&NXI_mHZZ}=6c+9WVw(4{T?72(>Ai}A$JRO zDcD>=fBm(wgNJSH+;pO2NE^Jh7-*qv*$nj(^}JQKZX?NOO$Cc)aypmxVd)EDb$DtC zuuS3NuWXpkV!wJ7{5N`H5-;Om9KiD7ZHs1pnT^Na1IdWE?zfaaIK}8Cb~jrrx#q|L zQYtpP=ej12rIGe@j|H?Ok^hxMJ5@eZCnB2lh6o&0>7Sv#b)l=m1?FQfIX=ehys%Cb z%@F|bhsvi3!eMvT2opkg8j^c7Ms@f8eV^lD>Ops2(Eom?{v%#l8q6Aqev&V~B<1G4 zV`{27?tR11a0?|gKMIgy--}ugV_BBujMG~EJX_Pbd;}Au{Ril2Fn3vRV!)?Q6{-w} zbokVSg(mz8Y0>HN%{PEBKf11;PIgPxsBG*_)0jaWfF?p&l|Q;_Y!H^kKLqJTE-+Sd z_)HK{&Ep6ArOptwU!9HRY?&vYr{`*=yu7dJshy+i$z`oj+m$-mW$M8+zpLp<8J9Gb z!Z4lLKY9je{sD@eWgY~`snUNL>_KL6d83>Vj~fv10*XQriS&=ZAR9=l#FF$WBKkGR z`%>T->GNH5Fkb%2&*=*Ji23cy&a(0(APAAx*5Q@K=58Ho=&A$x0bD_+uDOPX-b6Hw zcvZX*9iHZ#&petTj)g8s;>2$OGE{aUaE--kz35JQ(tvw47OidBaeJX%jUj&V_!h-! zXK()YA4(-Ti<@YVyfZi$K1=1|Nvip>%@6NkTIP4gy^%%r$Mytj2z$uI*j($Fzz5~j zLCD6s^fD+nkKCC_TaXA+;c%SN5^owz4i)!xv1EHnZH+p;qht4o)|=}2d8(w5%An$; z!^7V+aiEd0X?E!Vv7oO(3YVT0&P3h?<+2^`lZlrHGxP=TEfMM9W~EKX*T89_9p+QP zi(`^lNA;t{5zE^>t?mi3AgkmdZ|Bfsc!-AyZ)ie((nhyyub||=OOdNL=pJ7SYQ|EG z-Gj@b#{+M0^OcPJbLAYims2u9t!>FA*z~=|4DbNqE1&B*pKq}b&Nf-u91rELq(<4E z!s%s{#9ddly6Oq;_xZ%H=hxmZFbUQ-{ng5tcGlJ0B-G>A^IH@zH=S{RDTJ{JDaW&) z-4CzTTdM7+IalL;(k613=lJR2aUiOo`IgJ!k+bKSt1-wRp0!a_S@?$7L0FMUE$P6c z1Za~xY`p4m{G?v!+TBPriv0eP!PfgnL*3VvEEe^EMffiwqfp##<#UL7Ko9y;V3GA~ z6I3t^s?SIPRXfsIFTTOHE!&lZ$Tj#$W0__-MYcD@Mi}fB>tAq32+sH%G!=4ANaLLL zET>Z1Rx844r6FtCF@yzNC4)x33V)^-;^poN@n4;5>qz6Wk zH1`8L-x!w%1NV|+Kl-MY$%&AOITrdB?mFEsUPT(%SA;$T`Nfbb%-k^>LP3H z@V%U>P^u|el)68Y zHRfPclv6g}53DhQBoxm_l%H|`5&{>5RZI{AyIXAV1*s)OB6zz7$&OAi$H?VN{1su6 zPr@WsK{-K`uNUXf`=|^z-7%g}b@F330#|bnnE9k?7V=0>XBUmaVXfyEO%Y0XTW?^t z?4+G!q<;dmt;?*z*wod9rM4S>iSlL71;;^=s^IR>E)ZYtM`%5OC4q@}^8$a)EdDx9 zQ#EE99N3izLyE{XzoEZT_LePFIFo^G)rUQO+(X&&3Xp*n~#pW5rDe*%X$V{*^!4s3IYyJvIFM!qv zl}{<`8bba7n}-Iuz{K;XL1t^jXk!TcVfb$HktTU5c<5dIF~4|D8vVuH#|83xr%hMs z?g!K-mER8;P9UOiXeuSYAxWn1ATmaNOZlv+q^#M6DMP`;KPsFJ{0yifhkjB36I>vK zgOnXlEh0PBk-^ST=V?>an#`_GY?jC(oM;=p?p^g@zCRNq5UqA|#8SkQ`>7Ah2iv!F1;=MSG_PjzE9Z@Ihk0{-CiM3(Nu|DR6MCsw1By)R$53g5 z#m^3N8fF;Z*7_=Hr-Ay~0=H~>f#@9mXu`@iaSds<-7JE>BOk!&@`3ImsZR_dc8>^O#aza>KF7OPJNFbBpU5oQa=xTw~Kg5qa`qDG5KVr;V zvd%Jb9y*iFOlpZgKfPB*<5G718R?Z1^ZpIAO_{Z2_zdgE^i*AjF25CL9Z}K~{}*1^ zCsqMe0xd+_(M{1ZzNNAeJE`5AH)e;WKn6k9(%|&do@&8Z!h$Rb##hJ^Z*>6ow|j)U zA9#dDd~zs#@&LmBlBTqe3;edj)H--16}R4;Iyf*eCTuV;`u}_=>@=ls_<#@QB-R&9 zL3`C&sat6bd66W447mcE&Il?Q9AyBh2)e{RSX_H5^0m|WE-{tTfk#!UR4h>y4vj0k zQhr)9_?VKn-_6?jkF*1xSLhm(1RfBp}!&W62uV{8+sIp^h(gXNbNw;NmE8IFLE*VeMV&tjeq3Dx7ySe(L!VuACxIEUqWVk3Eo5-ULbj0C!@Z#i2M1Uf$(|=WR$t2vLIm$kD|q+s&H&prb@UFUX*7CDW3j4iT&QwM;?T)`FVr zAoBOGzNR$$P+F!LGOwb9?YEqG^CLJb%N?gSu38#&M_^*#ivy3uri&3KI_G!iE?|}= zbU-;6+JsP#q)4<2uHL0&zxvm##w$;@ZqMZ*KxtT1p9zbdL_nfFr|M8uon)yQto?rO22a!{f)QsCJr5#CP%*YhG?2B^GG|4jGNjDN`v7jb<+0c*G1csqlK zwUNL+{l(bT9D;p}i0(oraA54VH;5(B2om-Y8wR-eC^6Z@F(gN-qRkZ3U1Fg&cts`b z*lC`q4!tO?EU@W}U$|818*Y(Sd=#ro6-?yoh?DZXT!xC%*dkefu`K?Ey@N;2)nZKm zWRszUd2Di8OoaVc*#u1?vse@vjSJGE3?~x_K0B#7+0<(pv?U^_=_NDB!E>vj)oY&K zU<@$YTr|;9pg8fll%FS* z$9!@7sPV^BRX#m>)njt7dzagyjHD$1?aH5uljSyD(qHcS2YT=QyB^FtnBIS z+4=Gab_OLJtsgl24Zgj*K2Hnvj!Ld3CB*EPmtJhnrG}VZ>Quikp*j`I=&fZMh8%)GX+z@gc?v?uzt*1tXSgn`q$APMC@hR2J&L~=;A9-S{ zu^m}+$E(|N8uZjPO2?jtRjc2DxbJn+dFMiif2iY?SD)JZ_Vr=umGD0aP)kBD-rW3f^0sdjmVw3&&0ZM#eGu|RmLzDDl6TbtXzLw3HSusL zciNsdFQ=E1jh=(|Ff00G&nqm4h|wo>&OesTO>4-`+=xM~Wp+0sD0)yT$H7fnvAm^c z2&}ecDki1fAmA4U#rPX;dmRbPj8yuP^N!3aotbk*sipoyd_rVJ1_S7Ch zq&?lb`Bkcx<$~;yrMIzcFJ7*+yMl?S1FE!&1Ng@9Ul3da2lBL64Djim&#&Nm-tZji zv_+KKGHw-=B)HO8-q5+R_OZvifAEdP;oEZMCRqDqYgA>J@Fod?);UE}BX}+@gPgsi z(^y~)7klb_q;e(0T<2%`dNtBv^;I1mQPe(eHyJA7c*0@z1;qm`c9PjNPo~;>D`uv$ z-vGw9#926x=z;YzLIzeGh8EbmX5zZ#5H83^YO|Kan*tk+Gb^Xvt4 z24bnYu-)i5RAdm~MH7(qYQ(1?A@7PN{lXQ7Ph4I;N?Tg^UUG=r^K?M@#wPMJ$<4_m z8I7&m9d=Zux-P?edKB@Pcgus2hW1LpF^+s9dW=XAoOP`aBHxf}FL#{9C0}ZVCoTd@Qscs~AwyA% zj&Wsh+!?kwBXwGNf{ttoeNW{X*X8mqw2FmmwEy6nZHiFf@%~%$Q5Wi56q=A!rZG%3 ztP~-q`HHQ`zjJB<1wmjj4Q z3n`=rbbJFay|Mm%wN5goeOplx!?DTJb8u$?(T9(UiLp7Nlahr)mKR(i=aIE>TwF4S z_^CKHNdLIV@GH`htoY?1wmk7JV*kT=S*t->@Pgz?T{6(wihJ`nBOP1O;@5)r=kEK! z^Sk20=V?jQxB3y`6H^FAr_`PPWP-drOzy;Z0K1%uFa>QSI=qbCqTJUlUb-vlmi*dy zj)4VqQn5pLdV-7x*RLSOZL~07@Zf@DG+fqa*^l02ma0ALgLDlC>QH#=MKxM%-6cIt z@WE*6?;(6XU{ZL|DjaAaRPFyk$krd0w~TsycKg7+8uxi5b#w7y zv!6u5nO68I0n|(mb!Aol_utq$>3N%PCR@u)Z5!V!vlZrJ9=*CSRxK5QljrMW@Ww{TK8JD2=pW2QKzZJL;Ipv&^+&dW*v}{*1 zSUzz-yK%XYM+8n8D!*HqqTM4Lc_-gI;eE7Rm!`_Tsd3LA9k5(^){8_@3QECWKC&h zCr@|mbxH@a?XoFck%y&nlL4g-@8)YcrGgjwG#%lq86u8o*|@sgwzrco{#xoL?kwCI z@w!7&z(9>{i$)%o8Ga@{#l*J}JvqVh4lHv;*LsU6F9{CVB##$(Wxgwd6y#E>Va-_arru~T^%DM0)SC}t=>%lJyH+;qKTSZHpLz?X%Wvr?H)0zy>%QPY(d&NOjBWY* z!SAuVhR-(dr(=O^vNf2cG^gWs?zx2CbWD9?xS(57MrT>>X}N(zZg#v#+wXXMt=Qt9 zHN4_l3L{lm0?}+x+pcM$iofbj5V#jd6W}||@3)SEPS0ppm=N{>keQg`9{PIR zX1NU};MSM|;cb{3)b={V);NP^*yVIJKQcQEp4>zcN3-h5moc59y zDtyQyVE~>TUaiI8I997TTcecMbun!xS8O*~s>BHw-pj>hnZrc+w<%zM5Of1yI8r{e zVteCRr6{dzqb|0o?GavZd34-H#bC=a5kHjC7Am#>CazJJfzyI7G`A{8PJt{x3jN3JZT(?OwH)DNXS<$3g9xJJe}mS&YG!ux)&++&B|Sh zZF711Zn8<8kus5sZs|RthJ7-I>&ECTyT6sIW;xg$lyy@+(I@lrbzH;*JYR>8NWmfpc zndd}Z7MjyZm(}f5ZF+q{wZti%EWL7arC9&9TkrQ>$VDJ)sSZaLQ%kjm2Kly>;%o5!S(7tXZ-*hlmEM zS!2UZ$Ey_eXDc0Z`)sdxqa6BW3i7;kXuosy_fDBd41q|)X`ku#o^>8u8RcdJq8t6a z+TyaUg^0!8G(dH=(|e0p5~V4TKQ*$v((Us0Jo@s#aW{WUaAz|q_IPF1B>Lg^A8DTP zUzrcz@B=z6pQ(POCcVhh`SL;$=nPN%d&j$qErsw*W#m$V(-JZ)Klvj$K+(@oB~JjN z(pb$>LYNYQWT1bcgH#!$+FlKtx;j@pdU|AZ^Y`Ok<}OVN;=c_zaH?7cn;}&N3=KbV zB@9P#Xa3+%?$;r_PwqD%z)YZ4Bfw0e))PcMf&r?TAS=7DF_ii-rk`5N__87}yg?IZJ;Aw%*omusSz3X32H#`< z{>9TsEX~1&Wbq@2qjvGN9)-kCB9|~+t69|%`^3Tvj|s9ZqG`VulKH~8egD3?BOGFB zI15O#3Dm*ORw>xrMSbe3nt^Lu$ucyNhfW|iQkNpu{+PGd3HSv-FW!+|K9?JAXSMl& zGwAL7K80_G90}p*Rx-iN^Y!>qd}>)urBhxWnI0bIp|F@+U+Url-VsRi#h;TwI91FX z=C>{_yyYNqPwc@N|ypzNQ7+oK4-KMcR&hx<(fw^s%CI|+S&gknxmwmJy^$_&m4`vP!{ z`xS}YLS%SA>JT^Ls_>R& z%Kd~Is;s8;H`Pmcx^dD7A4+y5=rP6do0KQ^JJ*5h<7(qjba$4Uz3?3|&htK)?&aue zDLTuLXsR1AQsWVrEd*xi^OF;Way8Jtg7^ylBnvBh76grOvM1xkD>kwZ#h8hjf$9(4 z5JkoLi2(DJ0IMoW@m&~>PopJch55RIh};Q3)QuBoRXRgnAgz$`ymDjs0l4EXRP8~V4a&p%-U<(H-UIN=o?l>H4#tha`*Nd``l?S%`?`+yAIv< zaD+y^u1o!Dbe?OqOh(@J?^e}8x@1(_ie-FTNO9jAbD3+d?!f+8<Idi}L_YObnei1w_ z%6Vp(8SI*>cT2f*=tNw^nod!}pxrxwnN~)jcE?OXi;oCds^ZgBf9M3g66ysV6E3qj zD&)!q&x@J6%QPdZIT(>~gdnbFfBUI0l9M}aMezuf(U4^NDwXwT%>fZl1iepidXMqU z5`Fzvef`wpw~U|W(ec9OY3A8wwci%uec4)x_%AMae~-tQ8o9{?;2_|PSycWDLBh6n zbq?m?%YO;-pX5Kdi8i2CqQ5iqZ|fVsWOr>|I}$|{%&36z zumlqfOq>Y}jP(D3&aWB*fSe35j{<#4?pKybi!3ZUVhDOBwBBDTUs)-uhk1guB}sj( ztj_iIl~_ZEhK$ZqtPDs+$%Zw(u5~A`wXMKaCu1Cay*J_Kc?Ife@u9s*mYw(AAE$-> zng4j7`}vhWpNGvQ+Oz-Rm;W%JoY!4ZNU7Axt%PT zu12AZaBQ105f_GeaxQ8#A|Lj1X!gjnhm)aPmp3u-t`=;=u3xWm1M-~cgBs6(VE>^U za8JJI78*igZ&NCF1~5ndiqeA~Ao@k$s1vxMZJ~^dUEPzlO!*O=QY$5M=SQsL7z5>l zyJlqSCbl_uiT8=V?b1OwBdG~?$+j`b2%r4MA5=W-nmvpV?G0vuUy&NnF{hBpi+GoE zLUD=e_mFE-Gv|=m?vX#dCVh61$dwOmSC@K%wB=StanX3o1~?hQ2u~$~(?kc-8^n}a znCL4Y0&*UIkgF6;e2V@-t9!cLb$#RxisHQa`C=#oFn@|WNO1ig7~28fVv91F90U3i)`7JUGYECJD=%M|GT{tFB=nuk}v)Yc{Fy)-)hPJ zSz^B@r;(q3Ao6h-d6v_`-H_6fqrq*>q-u4v#4zQ$-SSt8M1W_{;iF8clmmI=*;J7= zy|AO!5>Sn?t)KGL-tXL1s(?ZGH~sn0`}B2$;x{UTC+ zt$l}NA}#3lr>v1uHcMNV@!n}(#r|&W1Hc=Z*MBQ6SLka&`PDWatgpa;En7hejv7|h zBf1Pee9*qr4ME@LUT5pUH_d73O}*lU++=t07mmT|S10+cRLaK?&1RxRq4gY-me`70 zARoFXk8A3AeG4SJc_M7od{4Du!NZ{5GUjBa79U*MXd!F^JL;c=^XKhSIfI_>k1{fDe49P5NnAuUZ98$_|~)A3~OZ$+4;WtuH=92N+& z=4k85L+euotP<`#=H@EAlF(`5!D^_f`%#skcLZU;$U1R^h_c2dF=x8)39~_Wa?SSNfH~sIe?@qW#m*(1apk%K zjN@u4BcJIDa-d%M#_kz*J?j6AdET;*1BO}q*Bajfc1cU$22`Up>k<2nTi_t0^@XXb z!ZK z9IYToj^*N!N3dj7)1yP_rh>r}zgV=O@f5}Ukb~aSa#@kjP=4dQJ*jc|g@W(qH0jR= z+koyN#JyYG0?DcJ*@x^GBmlp-A^J{k`b1aYe5@=U5rC9JsmJ|OvrKR0l_P+FUGmGp z2sI4C<9PA@iVsM~RtXs~-viWKR2DoC*fVo@Ly1PW@l43U119 za+rmTrwJCCSVkV?)gML+;5e`nX)al347Q`kMy2{mEU*`j!jFca0MNwTH=<4q5Oevz z=FO-!fh`iF^s)=%;1vsrJu_wQ_OGJD1W~ zN89e%V0ZpSx`eC=U>nRyJ2!ioV(;tx_ z0k81pZJ1R!za3r2<~gcFdhqgCq@53987jvYmy^*_ohLPPD^mxB`6ivpbTrf^M*!BN z=8AoG)KH5Y`u&#{A620XeK%C84$mMxa#?j9QdXth;bu5KkojM1Cm)p0!p}Z#*>Dg4 zEBrzug2zhibn?XtQ*!iWD>rdFB|C?~i1KV8R?Up(eO)(mnT1a0bn;xXplHA8{G(hT zkO;ZFNJas2o8nG^5FxBeg)hJU5 zEU4C>cM8)D;O#HqEf}0$L@0BXeYirCJD!m&7^J|yixs4r8OWm|(0w}p5G2d{e9I`B zU^)8;{0dnRPT$dG|2}Dq%oU`2T6DMQ`2|%rvFcY)s&;A&+%k?P$0fU+p6|E5MhrnkB+8-t^Z@8R=|5C?~e)EG#;i8W+j@g8fF(0~euF=cv=^V^W&#KQG0XSUR+2V`9#FIs=@+d$Q)hv!-E&TO=#7`J6Ht%F(OG+}j$F`W7qLATqzZ7@_2+NT$sK#QX;( zEre^&v(sKXE#Q4BeXBZ-|1i>=hG&LJGNX2NodosFbjTW*#1ub$ofrDG~tPY zgl6;Pc+Ce_nfG(ea%MRB!qBLiaZjJZd71hNw?+|e)*(KZtsAO^mD%ZOGiPJ@Ynlob z>BQ}t=(9y|Vcy3ESJ#|*(C*$7Aab4bVuyYAbM4ReK)$MQBfnRT-c`)PSjF;TD1KH+ z+2P&qkzpp)7))wZ{p|1{dTSH$7yN;8^?v6C#pAQQ*nnF;5=#c(iItG2pp2Xv6h5J? zK}^Hm^fH{{U|4Yf< z;)h-X|1)jsc=#;pY!nyGHc>5^^UiJNoFvpUU}2G+fA zY{^l57)_9>phz1^s?kMORPsMi?Ki%@b$$s@rzl_5`l;?U%TrW8FzHklk#;UIrGIIB ze_h5|rG;P%;nDcK%E^3`*X|O0a*gw|<(I_1 zjZ81K4b{;riuTQeIVA3RX%n;J6*G+NP{(>1U(Pf`GU1F{C0DOH%S(-zJf0BYpA4GvS;qPdnqm+)!s=OYv@ zzG*}X%SwUVQ=mumb?6+EhtO{%W~0l2%mIn#;G$qpI$N5d^`>Q`1Ub%L?Xq{BviBIH zvds%FKJ*tB#fd&CQz4}XPCK83i6oa}FeIyDUvPmyasWyIIJ2(_3O?Z=DyEaP+>NU4 zpI2Y=OQ%m%I~L5Y5j*L@QeP{p55nqkht*P@_W*T zFw_Yik*HK3(=M~v7;f$-1O<0>^4~*2nIth`l4|WGK>L>Ryo$^^3ffPhLdG}Mg-J!( zSkp96hf4K}8~4Qig-0;OJs>0&lpx*?ud2;pYy0<`UYL_2Lc5U~(}Fk6rBV zhA}gqs#G-b&-zUF^jGk=Pr1iQ7l(ZB;Qpwn>hgxxv-vQMt{DBu>Vf%xs9f#7vFpPZ zk_orG27?2h$qU~1FVIJ>N5z#8?LpDsJCT;50LS}X0hv7LnhI>+Kn{l=P~RU>mh`vm zAe2>PWf->pjLFe1@rg9>r;v<~ZR;VgC`4T$3mla5$T<`J4_Dt5omtc^n~rVUwr$(C z)3Kc|wr$(CZL_0}(XpMIbH*L#-v7L>v7hE%HCN4=Rr%~#>ty)Q2i5bTmK>bDHK&&# zE(QIF+dz7(f*1s$>?4r%)>d8T_QJ@HhV4IeYM zOVDU~aP_BtoV2C2hOex@53IlsSTBcJf1hamKX7Mb?EmU|;P-!`tNTfKvO=|A4O>0n z9+SRE3w`st{VUMQ@5J?{FQ|F2RrGGy1$)qY!}oFKvoy%RHn9=leFy#&4ESuo1;S1C!d=IqLgWna1UnCfn3qH zeN$qFRONo5TnwPuRk2hEtJ5Gy3@N}gPJWs~eae1_V53PV0<1zs2KUu#{l$WQ43o)_ zVGSLki!mb0BqKt_U=p8Xz$X9*%eZVtB+p1@2Mp&xazB4*(JpFFDZ##9(!}Vw1cfq4 zlIok`9YWG@i7`%6DVS&RfOz_(^m9JRgPhZII4cAKUPlzS%Oq(MLWBaK#)dTd;SPHt z_9&Ybj6st3`D>8j=c7bTn0)aEYV+@4(kBel^S(h@fJnuoyXgrazY*|)!HEY^_pJ<+oq#-vC;*ov@jjQC3BDw zoOHe^=N&fMR}{4BOgw;xqSd4bFfYJz5{z2{JhnK&sSHAwQhzYrdbAU_6kPdRZSIkP z_ZHfp181Ym{iRxkjN0wSIiCEUGjjq(F-EqygO}=BmSN^hJMzyFeTg;I#akrzQV#Yc zh-B(~pPHVlrj?$9?(e+!I29%Y7(OZ>gAWQ47ZUXeq(U{-{R;p*tj4Tg%Lpu)@H$bz zCN2^y=NwZTIsI_t)&v(-Kdc7#&vm0;?vn`E*7^q@FoYe&cj2maA<#3z|73x_W{#X_ zfM$JFl@ok0XLaP>3``IMV&~HxHXE-%q%V?(yUH>jbYmFb(f7O&2Ecu6zCnrg9)la6X06HGjjM zAcmlx2l-`NmGM`1|C9Vinvegc+>;Eiu#=X&QIfK*V4Dd0IuM~N`6>|Vf2el>h@@)= zti&5^KunUY0*Vmgm_@25>Otp zd%PK7%nIYYWKHD*iQsdXm=Li99`Z#foVIBL0L9C2z;UWI#Ol*3_$tfxBiq#`Y@?Dw zRF_;;EL$7ZbI-{DQIN2ErQbNsJ^t0Xd{VM!3u6C3uEvJhQ_>uOewYFRwL9@-js4)e3o4G$RA5pFE zfC(!%UU}N^EW1AgZzV|<(q^w0Rt9$1^mt@QoT)~i!{ZvD4X)3cUk52yk+HB28!7w+79`(@vPSv<@9kn##{YP9ap zn*p3bB#9GWM5Xfmszx|ALSn-nd+`ZGep8n?_^pBaW=SmW8;t%|eZ#ePKZqfm2P}Rf z!4p`eH_h_EF_YInZSzevJZZ{HxhB+^F~<{^w1|7%Cu`4{$)# z4Z}Ib5^ozONB63POBWFQcH^g|2gTSAaK5$0#Mno>xGJ)9enWkLLFJp4&p(#uEWmV) zfI?m9nIA=2cSIv450a%8x*Fs|lavLgDjL1`C5#|~qd+ahie)Me%KUhx1l z0Ub|8Hl7d5Tn9>3Ap~v~FSbnks0cIx72k+VN)*Ja5t#lvJ{Yz!GP4Dr(DN5_4XD&4 zp&HpZ2%Drb_=ez27Cs@^FJ_eA=HI{mfA(GoNaCX$0qsYnjQd02Q~noupLhe2WV(b1 zcm|-HV14J(y&fKDGK1T|B8~dT+rWZC(iE?!@2`rq*n|_+aLHJ_3$9X?q5MV7Tv&7| zrm@Y8zjB$+NJqE9<|sh<<8s~eZgIHuS3;r0VH&nI0&A?yZr?!?oBJvi>>Lx~&^twDgWhr$a;3{wcX z!JW%H-eY0r#~D1)41k&b@&t1~fT`Zc@O&iG_vH$%tACqg8G>Oh_4Lb~P#A9qlpFH& zP9D}#Ngf~v>8mpaX@P0nJR<5R&)4_yaB99MV zYP%_sDAI$RigzX-O$zZ2(MgR2;7f+)B(uoi+HQp7V=$^H@)}@gzKq!Cs_4rfcI_XJ z|AN7lAF?^&b6hT-zDQ@HHxh}nifN0}(dI5{%WG`L-L@9En9d0-Gqh?oGCxz^PPa

yHlr~Qj z%`kgh<2P>C>fTYE?E#Zh!{+2Qw=75K)1B;8ZJ3zCdDjI$qG`W%*$ojvA?sB=lZvgK zCFeTxA=XpCI{8fHWVEwdoN>)8KI3>wS1$ku!D@vDi!H##`d8bvA;7sf3*MOzNT&#^ z6;g_U-7z1Ji^{Am0x$ju^_X3VOn#pQQ_u;Ery^^ukw>}3FKln<4!Fg-PrZajr)_E1<>}I=v!q+(^ic#+0V+3yx3Z0nrya_ z9ic5(Ikj|7NP?0XaV4ST+E6HsCdv`M=q3j>e)^RmxA|<+tdj)5`<9`iZFSU6^%l5* zuUeaN*&D0)#-8)Fe8S>ey88ImsV>hoi8l7tzto01!b%xWUi?smIhTFWrN(* z72BPsG2KQLsTev>OM7u4F?%B<)XaC6+c>m+gLJt14bLXKdsoBql`8Ch7U`e5&WtBI z{7_XNoZW&^y+%(!etb)eRFCFwWNp11VzQfYOez$uKK4HTM0Tqzw##t8%t{NA6gj9W zKr&BClpUjOKiNRO!TZ#1dGtT= zB`TCkrZO!<(Z~t%LVQWIwqm8~$~fG4edEMFghmK%DbN7NvY2B^SOBG4jSsoeU9}I8 z@8tTrx#)0!Xk0e)MZ`Fi?_`7re_2^HlZb*ubafpShf`3ZQHVytq3Y_Yy!VIl$x_mk z4=1NlMp^cA)$r!Ekfy3uHS+39uf5rJpqII8@)&kPvu8s|XKlfWi*nPacSu_ocf{qc z+xaIq-h_5~osS{9#FPQ&ab=Z9DCd27WKnP7`JEqNIt4Mih~u8SY>LJssztE)gH8&1 zo7?yh*HL<>%aIbkUB;2UVY6-5xHtskHxzkB=KL#I`rI|7FOR8h83?)nmh`T}qu5h% zQWjOGpb_k!((<5@6aw=PODD3#6s27RkYmVFX7bHtkAD_PHnK>4bo@4=f40un2ISaZ zT*dnU7O4-Dn}eO`yK#}wA`O{eMAJn8;TFq&{Vj>EwfS1;EX%&RCIj(z_&GnYOCG*= zwdURH4UVPWsV0Lc#x`s1unv=`3@^@^dnq>ruZX5Nx190n~xHjIs1bmta%p3XQ;HW;dWus-?1PTxQh) zTo&#LVZXaVb-7~QO>QaTsjo9s|JE5c@9J1V{ndcBAc|v8VreFNW38yh^~0^ z0b;Cn#MZ0x-y<`c!rvJ&GLS)L$Mi~j!FC?X^IYlY~!7^!u=K`S0asx?9WJ`VOnME#>b-Xb@JrQG- zr5(}9i1&C=%^H_Ir3HO~9k{JaV}g?f_~p{Avg8mkb53wO!3WfW>>Wz1=%~{p^gcbW zKS!c|wH)MPm1XM06~_X-U>V7%5x}_>GOUo5M0~&DJ&YVY1tkdWOzZo_G^87HWV^JUE$HO3acF-XQ z+MH^-f^k$^xO}KuQ=&*qC}otWrr=C6BX_8~NKU4eX}OjoV4!&HCUn?2Bv4W`bMK@xJVgK%Up<|o zBI0#8S^-@%7*f5za7q*^w2;)zZmZru;SI7)F(0tJL5+UVAZg=|vfGSk$631oW1Ut^ z1_L6E*=(dzpt-5w0=T$QdW{hNfA|H7-D2&%m-u0XU)OVLJ&a5?T|?A!4O2Ucm%5Q9Qea6=O|vm?(voLlGudNwwm}k{+C`LbTmF=T z5rS3bW*+k13AaxniDC5b;o$6Rk=33KK+@qxqhe|?zt%m1$`}STyM7B z21-TZyt3Ga)$UF!(yzp{>Eps~TVLqdG1#n=M6lV0(P~-8o`^^y@=&2rLAn#nVm05f zaY~j-$-G$RtY3~A{LO&9Km@;LC*E5l@FrYm{^ zKJAg#f$PL%jYUBr)Hir5sGn@)={bU`+9f(d)>5!kp?iSJ25sX;KKaYZP$%Zn-;o1N z7;s0u&geOrpsh$p8QBw*A;N~N(pucAB1R7zW}POLuaIgf<@Ep*VCs`>W9Elsw`f%_ zk%{y$3mGxospU5L;HOsQI<7D$T3hZG^lM=`-#YbXg4t(pVt@h&J$w7NE7M+6eqof~ zDc!?A3%@=~jpoWA85f3mg#AW=s7u-qAf1MCP+JNKRdNTIZBe0WyQN97 zUtvi7c!Os|Rv_yPpq#vZ0UJ7`S;RH{d+HAtoL+JM#w^-owJ!-YvHZXmtJIbw4C+Kq z6jyD#gP8qhnPn5UEPPGeQcgj~S$0tFV8ML>^23b4x4n@>@VD!cNUpccQAU3*2Z3j# z+8+KxiX;S7f+bp%6hkBjXf7w@*8mNmaqy2M9u>VIB1Myn7xyq~Y_{O)xyraKctQH0 z?~NBFTNp<88^%1VKj*ZV2x5|XF*`l`Wp3_n_kO?DMgU~)xal9O1Y#BKn#5XLWJwqy z1)@^#BKt4hXk4}1D<|sr1QPp@;zSZ#6}jh1OHJfIO@$7d^_3D|Kpt4=GM)tImtJT> zgU9nNvxw6~6*6xbEY0SloDTm%7QL2yayPX5lwXp9tK%8JqSy63_6^)TkzL%3o} zc-?8@C?-^{(v{JP)I2^IH}&v*o5VO0I(I^@-Yw_!g*V8!%n(y&3r z_V%_g!9~|ZlYbCz%)}y)f8MQhMNp5!Cz%d*w6cwk=1D~2aYQg{F1eC13byfgd#)G< zEZz@&Y;tD3-*U4P0k6T~v7Q*oRCZvF-o`k`=vfVJn$9^3*kGB)?_)c?j}cG{U1-JO zyXb{>^n)efW_trzrdtwxS$Enxp4}g3lKV;0=o9npPXnMaaz zS3vrg8MfvefljB-XdU2Mwob`m%S_oOr_#1o`Mak!=}#fUxQB)as+A^>;-#>>1uZN{ zs+NoDCKaz6?9|~)u+hAZckk&uk&aH%tHgQR@6yW56xoFaxTeH^$+E8^*Y$Fkft7kl z%dYE1_7)v)qKR!c@RmB3o914w-S!^!A(g^QV@ex`XOM%CEv*1&3EvAp-B{wGS)2)) zZ$$I$Eg0S$q@ileW6b@YEtB{t^`TWt3sGTs_fuJzE41v9@Ia&Nz4ozqe)O{aJ72J@ zm*fK$Fftpa;g1*98=yQE+E=em`>XU-lqMPTT)qp*0j_8$RRbnc1owJl4Q#e;ms)|9 z2Xp*v>&$32XHtM3SxouMyghcezJH^W zIFx)fU|kyWBy}VOPVyC6DiNtA^qd5^Gs}Kw_~%XPBTWhcgNxh|b%gvDyoL;<3B$x=6@kASCN-9KVH$I;`3F?2+8j2rri z(6i_VCTT$HUTt}5V)PzJw!QWz46ZM0m3O@K1nQ>PuK2zLXl{|fBZ~(R1Ja~4$>MeT z<1j_9gbRWbmDHv~;6sXqHzuW+f^^@$Dpfi?zl1495W^E9U5P}ohPFMQGYGQcE=ii9 z3@A&KQtA+QYNI!E`@msN(Ts%37irtKZTr zcJTpy2?z06PMxVAXO3&Mf1AB7r-nWAqw+m_f4q$87#k) z6Tfl)mrG?cb(OZ<57m7A<6|wJWQ2y7gn$o`q&}>ndr&jcYTajGI zj0#HtKCeFWyGdRW7oOQvZGo{jZXxQ&+2l}zNDl}h z=t}ue@=MPpb{@pAWEi|wV4WvV&8J?AmmZU5HU=+xOOGY<1pbx} z<^0(d?6zBR10*GO%Q5$>S+2rI2J^wUt>>@A*qFCEfJ}2ls=3dj_0{^nwx!g~K>=6e zWs{OwSijrMBXLn3CI+x|A^tf)mF!mF${J6CzrURVzBimNA_xbU#eUqPinfVmORr4< z6qZjPf-*~ajJ^X|Obn(UuyUH1Vsm!uA0dut0B0@DQ3`%8A15y4G2KhPYWMC2#X~mx z#0Ri6&uda3+5G8*=n$(0bC*;TPqRnRjLVL;@fo}<->3AZjPwc{#0NA_Zn1#gfdT?1 zYq|6&GN6#^?(de2X<@tA7p;Uq8)zO)QmpB(~UT3Tfd@q&lr&dVTkzz z{ZB;lxlo>+|5+^{M*;%k`=7#_J-|(xqrn4IH;dJv)6m0C#KRY}xSB5p;#_rwM@lL= zh&W>KDp&vY+CumaJ$d2q;5_ePNh-Dlwt78Gd*0b{e|{tbeB3{_0cqccM0;(K75#FT zX_pYEVoyd9Juo9-aMVZcK8@~_5@rtk1r-`CwoY3Ftn-o_X;=?TPAiU`s1)V>x|9m| zJ6S&J07}AayiRR`b9IpQZnhN-fq6RsiEljq1icj)=IJRqSmg7GX&|5y}w+=U&V@wtyFqN1aaCU{7LusiK zW&i=rjQYp@D^Cq?RoSYwvC+DTy}G4Xk7Q-hjFWylUpaoSYI z&>g2q$0|K^liVTSFI1oAs$xGjBjXm%7q|ePMrbu>gp%)UAg0r|s+CDBzLFk5Q(N-J zy7~7S2-67y)=BLVdkLG#w}#yF`)(f^m7HvDB6Y)#VkxNe3|dzw?|LURBb2?+>{ack z2_;=D{FZL}kD}qWO>BsH7vGzDnktf}wtz`SQ&OjQ(D5NHRgHc75KAm&m@>C_#k369 zr0x{n{AG(!1*M2SCrh5^SrP`|l8}b9o6smM7z51j{rg1M@xn}BKh;KWa*A1B+f!?H z3c7a4%7HNKS=)-I*1+DuudI|%wbe1=enkeFe#8vA&{BOq zumn1_KyAQDxA3ocHBxwvc8)A^^&jlDpmKVI+AL+4x;H)L8lC;+3Md(XyXumYn#N{f zRc3{GVq1o`3ccr=-B$IOR8!h5bXA+oK-D^3edD(3;{cJnPO2>40T8N<7LCF zs1n%wZE0{DYIlq~YIhW18yfyEAK0}s>7ULesZzTTQ zL)SiCRG&fkZ`3@g7hOR*bzW%rz54zVi**z*?J}*Ir0`=@f3}%&I!M;p;!?2RWown? za3_`3ODncBEjHLMBQVXxSlInzu|fR_mI&{&##0LDGGk*r#K%Sd|{b3l))N z*=_TwbRdE(IpOQ@+~lpdpG>Wq<*VPp65tkF~I&r-rK2T ze5ag!qh}8VOin*$e^_&;jf^U(1-cGfUJ>nUo@*(I?D%_NBytL7_Qh#CBHHeYxJ1VB z!c_X6X~B5aL$4*-Rh{7qPk_Ok`G9bP*m8LM0g;i+WeshTV9FzlOLAt6)EZOVp3~<) znKvafZ+hK#R*e!-9Kpyn9I-%!)W6(=PVs+mfhukREY3zkiSP#aM4|Iwq{zWo? z0G6k3dANxSFaY?z+n~iS%bwiJ$r`A-Gzx)ix%%4&SZv@u zSypcZ;O=uCN7^Hz?5d~&`uX-HqQmp*Wj>;nZee;7{e~QGdHj$8e>EHj?=_Nr8l&!7 zv-Wi(4-Pxp`p?RpP;55My%=Db{8vl<4f3S}05C@QxVym#Eh&uM|jG8R1P&8hDniW$T*;Zu{xc3 zg>KJNcpGE?u=FB~95RgI2PBYuyVW}VO9p%@@hW@M+3%#`GOw@C4$Sy#66>)wuJNE8PNQ{8S^7ddoadRBf)RbmxSCU3#$; zL%W1hV++9DCkw-t9(zPhA#qdLE{AB+OytP@kbEeg1fFoUi?CDh{h!|?5>4znLJBwI zF2uIeHQuqIe=`ZUEPe#{O72X}2-Db2XmcNX2v)s5HwoM_HY^SD?19gsGd7>pZ){Sl@N%ey z2}Uag$*6e%_1qKU1co1Rr^xT%X`y4KyRAVWZ-gAF?1H9+eq0NwKn5z>qFt`&koghB zACn50u5e%Ld)7{b*6o3XKe%uwjsqw2slnM6sCmr&hF=hcU6_=z*TV09kk1oiX23)2 zc8tSRQWR9ecV^LHf4z+YrNByY55fxac${Qg3ntuRv2@{-&X)UuTqL20#s4a*|;( zJ%Z5~fu6ss4Wcblpc3Z1{4f4X6;y`5@~5JQe=7R_b#J?DWQ4_z`|YI3?7EX=#Z+?J zGJgcAdK{?G#Lx-|!NjQTamJEJ+35hoJ)Fqn74wYL?rW-E(G}w+x*@SpU`f=dvNV+C z;U?-rN&~K;!F#M(TeT^)o2KKbxJnGmV0CQMfeZD}3LOqJf6fV}kwuohtvWg~@K51& z-}B>7&8Awrd0-Ll2W|{sZ=pp@S1ObmrOwtZ*{VuCMyufNV3To!IH+|s7oPw*NE!4Z zZxgK+Tu+nm7`@sX2lyi`uAA&5zk|AJrP@RKX`OpAPW4pezFL1Ll6CvS4k`9NMD`tr zfVce%X{4a->Sg`PCYl!0Bi}+RPUUS!v~mm5J%!8!+IRCnLVHkd=L(X>_i zr5n|!=~Ql;r*q?<`1OsIi)Z$ayB#HT){Ow~FoI+rWG1hRdy-MQ9u2Op9jyUPJ0)&TwKk0O zi3M{d;slF`;72|n70KBicfm*nMA$$>SdG%bkV~116mA19PiREGP8fR%Ut058kxjI! z?17|HM&UkIkqcPbb0C*F%aBMXV6gAgQKmAgs(CMg<6$Dblp_Ooc)SZDxs>$#$Rk+v zBnS5w`E@bW=XprvmHYth4Gz&=q8VnWjIkY(j) z5s~e}I`5PxXyKwbRBC<54Yx%SPKhdcE7DU>cI3kJSQ@0)?*%5YaLyVQQl}!lsP+Fv zdZm;7o$mT6(#oGA<@lMF*gIJ;SU4G(+9cVcA^rC|cb5%3>6}vn?0dA_Af}0(D+U=zJF5eN_v=l|T*|8?+ZR8$Ems##)6X*iD%+gdgnlAIF!TchtaXlfs{i_e@McHfOjwmNinCu7t7Z0Gk%BiJKKQgc61+ zZP0d)r*5w{)EgEGe-*QFYV(7njrVG;x&^@L^7#i?L}5OByT5Fv@L$(0@{nrpcHOqJ zriCJn(25bJrkk&YSy}H{u>DKvNw{plOphymr?5TNipNw8X0%#HJ(S2f%&z-jR3q_sNTq1s%7&0Gt$P|xgVrQ~g9SOUti{HV&WvrH5L=c3Rtfw~*+qmFb27ivH= zfbRGyOrx9V%(8thJ~HUIAru0ZVNTWE-Op?T=V+-K(TwOA)5#*jN|Aa8wXINSK$E(I1wHAqAG!Fu~{$uvNxWtKljP z5?62fmwOZwlgnTrJ#-AV#QD~I`~xs#u)XDW@sfNtZe8e&a8`RF_WnqDY=qn6d_Wgk z0G~wHT}Cs912@ym)IT$|yg_Ag7>F;HJ!Am4-%F%0^`ylpiJi2iyuu z8)907bo$J<+}x4CMj;e_f)UN|!7DvbKUFZZ0+amRg9VnP9dh zQ4CL;xtnjE1abNr*g!DP4xfPhn_&Zs4r0E~_~A7FdU=3;go3mTKVXD)V#sp8)kC+W z58UjoMx210{7Nj!U#!YOHWPx;Ew0L%7>go4QLZ?;{6n0^Bjv6Vcq5x0UwDHDFLsxC z%cc{TLv%>AiU`|oGBjKdK8Z`xRJlE*g56y8%ueEz#2f`#TS$KrSp3Kb75foSH&C9X zz<~S_<3Ae}3n9nG~F~j_GCFNUAKv= z)R(&ciL5mJZo$Hcg(^T2Q}0GCC3?;6yr;l%)^qQ(t9hS~_cu~MvAWBHiFg=22AtQ1ul!T8?^=_u=ziBoscx#)IMjB~#4BzI$`c&p8+uK#8UVZD_*3W#jboPlb6h zN7^2BPwblV4VBZPb1dZU9KNJ0D&*hqAj=pRz!Ag+ zNw(C5qA_D)rklIcI_7xQNQG=P+^??H*L`iuCq74zV7ca{6U&+O_iDwMCjti*v~zTjmCt7 z;=T8z7`&v$Su@8#n{c9a2Y=5cUG2S^{;fnX{_9){ScC~36hNO`x@ENzFVmN#?8cyW zQ4>H$qKLXKc2QfyFgm@Pa$`_5v8Wy%ch4!f=Gr!7Msh0VA$5IJ^$b(Y3}*mIBSFLS zjqVmiUd8EQxs~GVjW;PHpi+qCnL!cWfngxTDj3y1f{m?59!JdzAuq^&(QwI|wqh>3 z+;=nwv}=hF#fJrSBffj>@XB0M#Z!&ra5dJ;tXt6@d#)}>*!uWMmwzK<8a@X(v$^bg zy)AQ?GuraWA)()aR^3wDT(#+-Yl~eJ*cj#2w@usd{^`5Kg`3?n66MtNyA1xbzgNpD z6B}re9&YJT*|&2}4Bj-^rw;$tXn2a|?+`=+2%~G5x%%?Ijllz97jWj5B12tgAO~u# z@}H1ajE$hSK}m$yz{>1YoA3#HeZ-#8mTgK9M9y6A3SmP;sXdUF^})!>rr7FIU5hm7 zt)tnLrYZ_a!xO;h%2O!I2=@DFp;VjC40lxxizzsa(#PG{G!Ibh!; zqJv{N`rq0JhZ#+{?H^>e{z+vN_#b3u6xV=C!7+g0u-iIiXo?rF0ER;>;)6i{323sR z`e7me??G??y@`#HvvZD?m7(rP!k2Vr28WkdtJy{)pP|hj$iGyk*7_qAejqFv_SA+1 zglSE$L~;DN@C>9@PT}@Jq*%mQLlocu!!Xdm4pW$b4Y~F~=&&MRx^vHCHv)m9-UxIy~ONLQl-w}Z^G5B}mm}VmcJ(Ck040Km z^ais%LteX4umg2>GT{YD6=L+rW`?M%Q|Qsa2us-{*T9LXK*uJ2WDb&BMPiqT3^`H& zWqrre>nw&Wr$8eg@-|ij#u})JBg<+sB)P2Is`Hq$LVc?c;~%p(U?C+DO8k@6r{8+j z+uDV6uC`Dt=5wQLR_M_!=CjZv`w^vAw#(KMjEmC0WM*0|r>8U5Oid<#x$*=tv6$@2 z1%5jW}YtyNbUY`3>G)EbTas9|0It=4F6QbJar!|EefU&#j#t}r!iZ>jZ= zr{}9Dyap;M>1>qnNnsT&mg5BK6;D`0w@3s=Tw&7bCUkW6e__Fk|EaS5b*~|2a=CKZ zU}(KwZ3h)riMOd9LR?yN@gbJX#f=Fs;m#iHmQfSi1v>f0wCXeJ>1a01iiXDo__uba z$lFe5vl!6}Rv<~)AQ`WtJn8&E8`YXA4Y*of?=i{3(kX)k3#lrk8@PEhq%HR2Ny-(K z2v02Y3F&NYs;F+0i2=1pwZXQrw`v8As$r9ZCp&C|{V3+5Hx8GgacfDRnBO2y*GUvt zo4Z$zM6l->QeMBUHhhW~m&ZW`oFwnFkkmxm;>+>{5oSiS9w}lxl9A5a6fRBRxIWFo zQA3$*%Nn7&n9*E25!->EqZcK)s)=N!S*^EE`=6dkgNI~|=?UwC-9SQHZ_J|BYqE7H z*8g6=7~&qD0HG2NcL1i;$H0P3Wcx;LM@guRi?26LU(rqi&WfNkVplloB-B;0}m<}+~i=cE-p+n|TXh3#Mm%z&Ug}vODE}%L+ zHA%v#J6ch<%NeHE11u3)70N?xHC;7wc(cJmICL%Q%Wk&kfpgt}00>ZeN|ju#3%dku z+)^b2o)VRe3J4wTX%C-2*%>TgOERJ20m}LdTwUhy4zp_67O-K?idqS%ObQV<41`&} zS^wk~t~6n+NkYaCz@;jconW^jbzryrap1P9#dilTMau)|W}!xT+GEJ+LYpJ4{(847 zDDt9Sz$XqgGZo7L{&WPnl!vzI&cv_9Si6?B^RR8$Nou-bA}5p+={YeWk-gu*MnDZQ zmNhQM2fM&fhix(S+^FK{39r{wZ@KIZ(jA3fB)1cF6_3Ts95IW~r_n&-kwqPpz>f@8 zGK=&QX;2s1V>_kj%6T-et~6?o*tUnLMYCvhlvGAL=7H-1CeCfdXwhS^oMM!{KK?dC zhUln`LSA;N*RmYyIQ0;5P)cl3YG67g`E15#9sL%u8@LSJqHe>w!y}`9-vS?LBx;*- z*V63hFOH1CV4ii=n`ZT_4O|M-LWkp}NVdLKoXH8@B6FvRaj9o%+_rHAj??0j-P?%6 z6zQdSHceLsU_|{y%rLW%Qb)pd2LTvO+jJTHiM$W>MS2;YEuHcLIF2AfxAI1EfvrXG z759!a@bmB|!ntvN!M*-$(TxY)AwFl=;Vr~rirwxTj~I>*QICvvnB3Uu zz$*=u8cEZ}iVyOQ&@D(3V@4`2)W#YH9}f%DjnLuoHlT-UX5UskHFnmpRQ56(UJk7t zI{qZ#(uk3#+UWbd9@kEt4<>t$lrEP${Y!0B7RimLI9nz%i6DDUB#H?2;h)1%9*)po z9Exy%c5gLYT?6F6LIf+^i085J(&9as64>!u2yB6&8Ju`B6UF6Bo&wGF_-Ana67(axgbJ{ET9OESa1Ez60$&?0iMij*+#C10&6I)I}3q1;r1d zu9|;A)$%Lm^!lu$UD#FRTYK%NaYuQ$|Dgo_ zfLdnPa?l@SBPjqI8Khh;GnwiLc$fLI2rNys8Yo1V~= zm0iOL`g%uq1{UvSgQfdgX#AftM!tV5X~1X}ETQthDTtc{Nj(2)S@YYeW55Hz8X5Uq zu;aa~;$|fc-n&BX)|^;&kYUIK{9G$2zH~8?!p=Z<-I~UP4--J5;DnA~>moS-o!j=l zw)K`DTYf#CaD!t%AVJ?XZclSMwbJeQZ3qMk?OJ$-H!bwMKH{+IQOc@4jdEq;cEfi$IlJ9ddzYtFQGcWZ83btpIhaB}+pK_;p}IEa8uR zIf`GqJJk^O`TRP@!HZTjzr|r`%s=Asmaw*k(9>~Yb@)JJ-~crGE86mOZ2Y(pn#*4) z=E#@wFU%my&4W?1VOw{tct~L1V7j)wS^s8KL)TG*e_MSy#(`T=KEXj2+P~mYUnhbx zkRDDe4tZj;ewqCwZ>EM-0LIPZJ}R=Ve4rG%kXpY^eLY5!wGX=)5>+Hx4f;Ir$5F@l zK3|HgMUqwIh)bo|zgzBNRGgbPWtXJ9;blHb;zw5HYau^@(tApI?*LlT%15dukY4`j z@q(^VDlL8s2^pU5qw(4mTIrdB?#f02GE`M<&DAI;G2NXg=oN)(z$3&*Px)5Npud0> zz1o1>@6O5vog|IqGF|mg!sA8iFJ(8hwet*OSBc_WWUUns+uRGDuYG>nQu@T&+NNHF zrLaXAq_fq88JjJ48*?)T`MPy`vGB+;3Z;Q3URgtASuvFJdUzT~{>?{7W02MZ;D>xH z4P%leLlhHR7W`3k0B;P;?b>>z!2xl%%;a-DTwW2_*a9_);iO0N1eIl)v5O=X_mQkk z8hNl8ikl=w;bI7V2QbEzT=<0k@R8D&A2`nu*TeW!yXwv`$DxQW6`-H(4y!gv;J}M3 z6vx>qJ(c>2V8rtLXb8bUV6%%6>qi!f%NMP*nk_y9>z&dGSa-p8&kBUNMRbWUVe%7= z<^A0dpR1H;fQib!W)>! z$Wb=={zAnzGh#B~(pK&_x^R%KtOAcavllH4T{C?T>ooObQ7~Vl`qj#cx`@jX zOjAp28XwL>xi61_q`}0V+aMO6_TwY9S$%U1WX_h%p^jg9d${Tm)h(6_kufQ@qt((I zX)2$a5X3({I}mE!6aBuc_Fxp7->?Wy6kX@SST0TkP!VI8-E#j3Y7EfK9aI7S+@m;_ z+pm~0H5h8=j63NLIO$EWD1FG0o1rL}=bE{HS(AZ%pyX50?8JhgqkUvSdAp&dlg};S zTbjdi4OQ9WnpJ$TI$gfW4n5g`-o6DZ#Zzi}M=&AIfZqe#B`lL%j&V}@{7?#esBh~7b9gkx}G zi}TJ2Orz~&E8dvGy>TQM5|)hV(hW}oLRW()lAf>WPZ>w&Ft)5b6QND{-3VSJsPS!4&eILoa8y> zF^rq?+#14qbZA2ADAAf^IW3_{LsA(@Lzd}wiX4wxztrw}ZSCx8dXP{#r@BOmN>tl( zjWJ9zCMIpt1N)mB+Pn9k-}n2Q&-Z)popbN~4c*<4qQA*Qwdpx=`=ar`MyjA)=TPVj(d-n08Z;$`OZaF0^yEZ&JDd+g%Zn=l$&+uh@K{Pw$6<)HL^Gt>_MJCo8fd|H80eCo5~iE+~0ScyWCJ* z!+v&WM_=34an9!x+DU;UjWraLi%E)4b$r$(3B9xtb^*Gg1;hEmqH>TE>f%mBYQN8g`;?eizdzJqapW8M zn0Iws_;WqzB4Jj?b(+qAo&8K$EMY)B#cE(R6LzE-A<+;D6;2>e6ILnQu+*CHdRJ6^ z`4q*gd{CBZ>JZ`lIfyrh3kTe=(gWvToJ1L^3-n+?Av^HRxS#0CfiG z7-h-VX;gjV!M>BQE({xF0p~DMEgD=3B%4UFzQG3S4za+E$VpWfh7UObtr${Ow$6vd z5FPuv)&klHyc#S}u`o*OI)yRX^@W)|+c$+5oxCRj@}&%Hx;+cARurBufTy)> zpjj6Svp-T84nJaaovD+G@cP5(M=RLg&A`+>VFBnNB2X7Tdx}7# z2tS)mLPumYXeYD5)ZHzoPzco)J#8)&kdrqFT4H2N0rHltjfz?*(8{AEq>|au$ns*i zu*V4ed<;$cL17Oaqm+J9EZ3eOE!%qRX=Kd|oIsX)O36u&UOS9Zc0jRAItd%x7ejHc zE%yJk?-VD(Q$z^zAg_Uv=A9zYD8dhy!w&W`Nc7TaWRe$_$&J7vG3j2N+m*|WX=I+P z;H443&rQzTVq{hV{b^UwyX;Ky$gd=C;Ki!BYOfe2KurOgsz}gjwK)k=0@M_6yas`m zFtN`GY;1;#@I~-W9}DpABheC?zFG>hAHbkjF(Bd*L>*Sf>jP*g1+M;bxN7*L*VE~- GTKgBj+ffbx diff --git a/01-Authorization-WebFlux/gradle/wrapper/gradle-wrapper.properties b/01-Authorization-WebFlux/gradle/wrapper/gradle-wrapper.properties index ffed3a2..744c64d 100644 --- a/01-Authorization-WebFlux/gradle/wrapper/gradle-wrapper.properties +++ b/01-Authorization-WebFlux/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip +networkTimeout=10000 zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/01-Authorization-WebFlux/gradlew b/01-Authorization-WebFlux/gradlew index 1b6c787..65dcd68 100755 --- a/01-Authorization-WebFlux/gradlew +++ b/01-Authorization-WebFlux/gradlew @@ -55,7 +55,7 @@ # Darwin, MinGW, and NonStop. # # (3) This script is generated from the Groovy template -# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt # within the Gradle project. # # You can find Gradle at https://github.com/gradle/gradle/. @@ -80,10 +80,10 @@ do esac done -APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit - -APP_NAME="Gradle" +# This is normally unused +# shellcheck disable=SC2034 APP_BASE_NAME=${0##*/} +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' @@ -143,12 +143,16 @@ fi if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then case $MAX_FD in #( max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 MAX_FD=$( ulimit -H -n ) || warn "Could not query maximum file descriptor limit" esac case $MAX_FD in #( '' | soft) :;; #( *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 ulimit -n "$MAX_FD" || warn "Could not set maximum file descriptor limit to $MAX_FD" esac @@ -205,6 +209,12 @@ set -- \ org.gradle.wrapper.GradleWrapperMain \ "$@" +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + # Use "xargs" to parse quoted args. # # With -n1 it outputs one arg per line, with the quotes and backslashes removed. diff --git a/01-Authorization-WebFlux/gradlew.bat b/01-Authorization-WebFlux/gradlew.bat index ac1b06f..6689b85 100644 --- a/01-Authorization-WebFlux/gradlew.bat +++ b/01-Authorization-WebFlux/gradlew.bat @@ -14,7 +14,7 @@ @rem limitations under the License. @rem -@if "%DEBUG%" == "" @echo off +@if "%DEBUG%"=="" @echo off @rem ########################################################################## @rem @rem Gradle startup script for Windows @@ -25,7 +25,8 @@ if "%OS%"=="Windows_NT" setlocal set DIRNAME=%~dp0 -if "%DIRNAME%" == "" set DIRNAME=. +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% @@ -40,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto execute +if %ERRORLEVEL% equ 0 goto execute echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar :end @rem End local scope for the variables with windows NT shell -if "%ERRORLEVEL%"=="0" goto mainEnd +if %ERRORLEVEL% equ 0 goto mainEnd :fail rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of rem the _cmd.exe /c_ return code! -if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 -exit /b 1 +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% :mainEnd if "%OS%"=="Windows_NT" endlocal diff --git a/01-Authorization-WebFlux/src/main/java/com/auth0/example/model/Message.java b/01-Authorization-WebFlux/src/main/java/com/auth0/example/model/Message.java index 9923910..bf78d34 100644 --- a/01-Authorization-WebFlux/src/main/java/com/auth0/example/model/Message.java +++ b/01-Authorization-WebFlux/src/main/java/com/auth0/example/model/Message.java @@ -3,15 +3,4 @@ /** * Simple domain object for our API to return a message. */ -public class Message { - private final String message; - - public Message(String message) { - this.message = message; - } - - @SuppressWarnings("unused") - public String getMessage() { - return this.message; - } -} +public record Message(String message) {} diff --git a/01-Authorization-WebFlux/src/main/java/com/auth0/example/security/AudienceValidator.java b/01-Authorization-WebFlux/src/main/java/com/auth0/example/security/AudienceValidator.java deleted file mode 100644 index 19e7445..0000000 --- a/01-Authorization-WebFlux/src/main/java/com/auth0/example/security/AudienceValidator.java +++ /dev/null @@ -1,31 +0,0 @@ -package com.auth0.example.security; - -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.oauth2.core.OAuth2Error; -import org.springframework.security.oauth2.core.OAuth2TokenValidator; -import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult; -import org.springframework.security.oauth2.jwt.Jwt; -import org.springframework.stereotype.Component; - -/** - * Validates that the JWT token contains the intended audience in its claims. - */ -class AudienceValidator implements OAuth2TokenValidator { - - private final String audience; - - OAuth2Error error = new OAuth2Error("invalid_token", "The required audience is missing", null); - - AudienceValidator(String audience) { - this.audience = audience; - } - - public OAuth2TokenValidatorResult validate(Jwt jwt) { - if (jwt.getAudience().contains(audience)) { - return OAuth2TokenValidatorResult.success(); - } - - return OAuth2TokenValidatorResult.failure(error); - } -} diff --git a/01-Authorization-WebFlux/src/main/java/com/auth0/example/security/SecurityConfig.java b/01-Authorization-WebFlux/src/main/java/com/auth0/example/security/SecurityConfig.java index 6683d43..64c1732 100644 --- a/01-Authorization-WebFlux/src/main/java/com/auth0/example/security/SecurityConfig.java +++ b/01-Authorization-WebFlux/src/main/java/com/auth0/example/security/SecurityConfig.java @@ -1,26 +1,18 @@ package com.auth0.example.security; -import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; -import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.context.annotation.Configuration; import org.springframework.security.config.web.server.ServerHttpSecurity; -import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator; -import org.springframework.security.oauth2.core.OAuth2TokenValidator; -import org.springframework.security.oauth2.jwt.*; import org.springframework.security.web.server.SecurityWebFilterChain; +import static org.springframework.security.config.Customizer.withDefaults; + /** * Configures our application with Spring Security to restrict access to our API endpoints. */ -@EnableWebFluxSecurity +@Configuration public class SecurityConfig { - @Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}") - private String issuer; - - @Value( "${auth0.audience}" ) - private String audience; - @Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { /* @@ -28,32 +20,15 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { an OAuth2 Resource Server, using JWT validation. */ return http - .authorizeExchange() - .pathMatchers("/api/public").permitAll() - .pathMatchers("/api/private").authenticated() - .pathMatchers("/api/private-scoped").hasAuthority("SCOPE_read:messages") - .and().cors() - .and().oauth2ResourceServer() - .jwt().and().and().build(); - } - - @Bean - ReactiveJwtDecoder jwtDecoder() { - /* - By default, Spring Security does not validate the "aud" claim of the token, to ensure that this token is - indeed intended for our app. Adding our own validator is easy to do: - */ - - NimbusReactiveJwtDecoder jwtDecoder = (NimbusReactiveJwtDecoder) - ReactiveJwtDecoders.fromOidcIssuerLocation(issuer); - - OAuth2TokenValidator audienceValidator = new AudienceValidator(audience); - OAuth2TokenValidator withIssuer = JwtValidators.createDefaultWithIssuer(issuer); - OAuth2TokenValidator withAudience = new DelegatingOAuth2TokenValidator<>(withIssuer, audienceValidator, - new JwtTimestampValidator()); - - jwtDecoder.setJwtValidator(withAudience); - - return jwtDecoder; + .authorizeExchange((auth) -> { auth + .pathMatchers("/api/public").permitAll() + .pathMatchers("/api/private").authenticated() + .pathMatchers("/api/private-scoped").hasAuthority("SCOPE_read:messages"); + }) + .cors(withDefaults()) + .oauth2ResourceServer(oauth2 -> oauth2 + .jwt(withDefaults()) + ) + .build(); } } diff --git a/01-Authorization-WebFlux/src/main/resources/application.yml.example b/01-Authorization-WebFlux/src/main/resources/application.yml.example index 8240a92..3306585 100644 --- a/01-Authorization-WebFlux/src/main/resources/application.yml.example +++ b/01-Authorization-WebFlux/src/main/resources/application.yml.example @@ -2,17 +2,9 @@ debug: true server: port: 3010 -auth0: - # Replace with the API Identifier for your Auth0 API. - audience: {API_IDENTIFIER} - -# The following is standard Spring Security OAuth2 configuration. -spring: - security: - oauth2: - resourceserver: - jwt: - # Replace with the domain of your Auth0 tenant. - # Note the trailing slash is important! - issuer-uri: https://{DOMAIN}/ - \ No newline at end of file +okta: + oauth2: + # Replace with the domain of your Auth0 tenant. + issuer: https://{DOMAIN}/ + # Replace with the API Identifier for your Auth0 API. + audience: {API_IDENTIFIER} diff --git a/README.md b/README.md index d376cfa..1ac35ca 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,8 @@ -# Auth0 Spring Security 5 API Samples - -> **Note** -> If you are using Spring Boot 3 / Spring Security 6, check out the [use-spring-6 branch](https://github.com/auth0-samples/auth0-spring-security5-api-sample/tree/use-spring-6), which contains an updated version of this sample for Spring Boot 3. Also see [this issue](https://github.com/auth0-samples/auth0-spring-security5-api-sample/issues/25) for more information. +# Auth0 Spring Security API Samples [![CircleCI](https://circleci.com/gh/auth0-samples/auth0-spring-security5-api-sample.svg?style=svg)](https://circleci.com/gh/auth0-samples/auth0-spring-security5-api-sample) -These samples demonstrate how to create an API with Spring Boot 2 and Spring Security 5, which only permits access to resources if a valid **access token** is included. +These samples demonstrate how to create an API with Spring Boot and the [Okta Spring Boot Starter](https://github.com/okta/okta-spring-boot). These samples do not demonstrate how to sign a JWT but rather assume that a user has already been authenticated by Auth0 and holds an access token for API access. For information on how to use Auth0 to authenticate users, see [the docs](https://auth0.com/docs).