From f0c06d2d8e606e1340330a83e7b5465755d6abd8 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Wed, 10 May 2023 18:22:04 -0400 Subject: [PATCH] docs(auth): remove outdated Bearer form, add details on OpenShift and Basic mechanisms (#113) * doc(auth): remove outdated Bearer form, add details on OpenShift and Basic mechanisms Signed-off-by: Andrew Azores * reflow * formatting * backtick quotes --------- Signed-off-by: Andrew Azores --- get-started/index.md | 72 +++++++++++++++++++++++++++---------- images/token-auth-page.png | Bin 43998 -> 0 bytes 2 files changed, 53 insertions(+), 19 deletions(-) delete mode 100644 images/token-auth-page.png diff --git a/get-started/index.md b/get-started/index.md index 2ef83fe3..094ac813 100644 --- a/get-started/index.md +++ b/get-started/index.md @@ -62,7 +62,7 @@ the specifics of how to deploy your Cryostat instance. Continue to [Setup](#setu Note: Alternative methods for installing the operator are described in [Alternate Installation Options](/alternate-installation-options) (not recommended). ## [Setup](#setup) -### Deploying Cryostat +### [Deploying Cryostat](#deploying-cryostat) Create a `Cryostat` object to deploy and set up Cryostat in the `cryostat-operator-system` namespace. For full details on how to configure the Cryostat deployment, see [Configuring Cryostat](https://github.com/cryostatio/cryostat-operator/blob/v{{ site.data.versions.cryostat.version }}/docs/config.md). @@ -116,7 +116,7 @@ Then apply the resource: $ kubectl apply -f cryostat.yaml ``` -### Deploy an Application +### [Deploy an Application](#deploy-an-application) For demo purposes, let's go ahead and deploy a sample application to our OpenShift cluster in the same namespace as our Cryostat instance. If you have deployed Cryostat into a namespace where you are already running other @@ -156,12 +156,12 @@ We can also find the URL using `oc`: $ oc get cryostat -o jsonpath='{$.items[0].status.applicationUrl}' ``` -### Authenticate through Cryostat +### [Authenticate through Cryostat](#authenticate-through-cryostat) -#### OpenShift +#### [OpenShift Authentication](#openshift-authentication) When deployed in OpenShift, Cryostat will use the existing internal cluster authentication system to ensure all requests come from users with correct -access to the namespace. +access to the Cryostat instance and the namespace that it is deployed within. {% include howto_step.html details-attributes="open" @@ -176,23 +176,57 @@ access to the namespace. Once you have authenticated through the cluster's SSO login you will be redirected back to the Cryostat web application. The redirect URL contains an access token for Cryostat's service account with the permissions you have -granted to it. This access token will eventually expire and you will be -required to log back in on the cluster SSO login page. +granted to it. The Cryostat web application passes this OpenShift token back +to the Cryostat server on each request using `Bearer` authorization headers. +The Cryostat server forwards this token back to the OpenShift auth server on +each client request to check the token authorization for the current request. +This access token will eventually expire and you will be required to log back +in on the cluster SSO login page. + +For direct access to the Cryostat HTTP API you may follow the same pattern. +Using a client such as `curl`, an OpenShift auth token can be passed with +requests using the `Authorization: Bearer` header. The token must be base64 +encoded. For example, +``` +curl -v -H "Authorization: Bearer $(oc whoami -t | base64)" https://cryostat.example.com:8181/api/v1/targets +``` -#### Kubernetes +#### [Other Platforms Authentication](#other-platforms-authentication) -When deployed in other Kubernetes environments, Cryostat will use a Bearer -Token authentication scheme. This will require you to paste in an access token -for Cryostat to use when making Kubernetes API requests. You may create and -configure a separate Service Account for Cryostat to use for this purpose, or -you may simply use an access token from your own user account. +In non-OpenShift environments, Cryostat will default to no authentication. +Access to the web application and the HTTP API will be unsecured. You should +either configure Cryostat's built-in `Basic` authentication system, or better, +place an authenticating reverse proxy server in front of Cryostat so that +accesses to the Cryostat application must first pass through the reverse +proxy. The configuration of a reverse proxy is out of scope of this guide. -[comment]: FIXME This token auth page contains outdated nav drawer and masthead. -{% include howto_step.html - details-attributes="open" - summary="OpenShift SSO Login" - image-name="token-auth-page.png" -%} +##### [Basic Auth](#basic-auth) + +Cryostat includes a very rudimentary HTTP `Basic` authentication implementation. +This can be configured by creating a `cryostat-users.properties` file in the +Cryostat server `conf` directory, defined by the environment variable +`CRYOSTAT_CONFIG_PATH` and defaulting to `/opt/cryostat.d/conf.d`. +The credentials stored in the Java properties file are the user name and a +SHA-256 sum hex of the user's password. The property file contents should look +like: + +``` +user1=abc123 +user2=def987 +``` +Where `abc123` and `def987` are substituted for the SHA-256 sum hexes of the +desired user passwords. These can be obtained by ex. +`echo -n PASS | sha256sum | cut -d' ' -f1`. The `Basic` user credentials `user:pass` +would therefore be entered as +`user:d74ff0ee8da3b9806b18c877dbf29bbde50b5bd8e4dad7a3a725000feb82e8f1`. + +This mechanism only supports fully-privileged user definitions, authorized to +perform any action within the Cryostat API. + +Once the `cryostat-users.properties` file defining the user credentials is +created, the environment variable `CRYOSTAT_AUTH_MANAGER` should be set +to the value `io.cryostat.net.BasicAuthManager` to enable the corresponding +auth implementation. ## [Next Steps](#next-steps) Now that you have installed and deployed Cryostat and know how to access its diff --git a/images/token-auth-page.png b/images/token-auth-page.png deleted file mode 100644 index cbfbcdf0166396e96ec07b49ef4012ada9a8a507..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 43998 zcmeFZcUY6@)-E1o3o|OPXDrx&QBiDwfPmEKIEr+UCS659KtMW#60FRKf`ZZ^Dotus zgwO&wN-t5Wv;=9P2M8gMKyucLb$@4H*YA&Wec$hV=NzxO_9kzhJn!?YXO(-cb-(Xl zXZ17$)@@&hLZJjS&-`%?h2jrEq5fg|6CYgp#XYbQh58Mp`Ns((zr@Kt$48HDUtgdp z*KL)Mi}RgJR-D?h@zlf9|2(nhr&m`l%)1%=apJOj%x`&zZ!|pri!bKhdZ`bZrwvj* zY!%*QbadJvw}tHeHahbUS(Ns-FVFpT85RBQ zhpE5Tp$>l=skt|j=lr*kky_%sFTRZwe|(1T!uOE}AO7Ec!|toRGfzWBOEj}-Vu{~{ z5aSVlx_ylag5gX&zN9HwXX^XIh$U$SJA z;IT_7VuU82o{Xv!YWYotJ?(7g@A@*&bU=|S7sdiFvCs;NeOTp#0Y2l=Ftt|eLg>hY zH;Q(ZgY*_o5q*4Rr-hg|Mz3tR{eEz7v+hEDzeBV=n>J}l!=L!3DJ>Knj~}m7+Z=n_ z;=3EKr@VcVn5Ko}v3(1!Hq;x0tx z-B5+mk6ZW|I>_#VlyR};zV~%$6Sz9x?Fx035?d}a75Lkg3zx87`rHqmuU33_q&|DL zTOdAIS}kvT5+?;+zip4h&f=J**K?H+g#3Td^rE)%PHgb(R?{EcLE1x}MNd|9UMaGp))!U5JG=tJZem96 zJruJ~m@32vv9D`T8$%uJN=1BhPMtbcUTV?0A@I_P+1wPNiqYns{&i{vqWOrPkwo0= zDw25(LAV=TIkpQ*lkdEPX#zp(M_2UAe$%j7Iy3A1gFi9a?!SJNG)604Q$%qiTd>Pr z3NtMWb)hOGX!n1S{XFkYIf_t+#f7; zvB5eb`*cRn@E*`RZ^6pVo5#GyhsTsA{|d~0wmS%`R^HLy1NUDdKb6Q~#NK4tB;=i> z9SSCb!0qujBQ$HuPkIjIVzo%l!3l0Fv>a=|{czYzWAvTgr}Y9ZXyp?AnqI~c zhW`x1T1_mv6!u9;aOau^ERJIfr+k)On}eO)-FtJLQPVzMyj|RP>z(^L3Oj%Mk9T_! zB#2hx6~)E4#zfR6ij8Asj9zS@n1C25@GD=0Pglp^BI@Wf` zsgKjw7Z1uH=g~iAYERu4kajU_rDbaF7bW*a=Pvu6Da4lc1PA(>`z&4bS)7*YvM-%# z1;^o0kC)g);lto>22dLfTX5wobWP#mcNW%7VA7hPP(D4SR(eHC5e0nx zBITvpeCYh60V07qKD`C*$b1YA{d=@}J?m1)v-tj`P+w|$jgT{J!ejAvg-%6)gkAr} z^&YH0Gsjp_0j*bXymxB?$*A7(T0_~fnKxj_o0bz%_upJUZUyw}L#6Ix=tm8^^HgDpPoy$5G_I#7(xz8gEGxVBXJGLrZ`3Gmx;zTD?%;4J= zB{P3-wb)|cRN^%yrI}E0z%YH2M!%5y;*;iI{H#oQ{&nnu)y2*Y)fJrXZ#P|o=jim8 z=$FT@Sx|WY&0uh!_cC2d%adP&4?Z*s0_|WOzTn0y`E@m~ zrvcxN6Mx>gZ-~ewH>7Gt&2iW?w;AKg?nd}gO?^2r} zA*ZrK#ph~ugc#135=7`QuJk4fy#Aj=M=PT@o160BmlWQ^={Dw=<^KS%aZ#(n@2ud+ z+t!3j25*@eCtT-DQc+sce6DYwdFryxFS0*_?I%=Qp!C=7|7GHlm zq8Ga!f7c604zieJ%tY=$&+$%%QYD12yfxo^uDJ>#Xj(3TTyMi=bq=6Z5sC8mBT57} zrv4!CJ*!93#N+q(t)G7oQia^=40OJJA@uV5A6CkQ7aC$gh?R7^)S}8* zLW9*CDm|&qO)#7nayJy}MOv&{fX_&Ck~0h{2{PcFNmTNj1BLEjQruTZggk>K9`PJ$ zltF19>?{A1$B$g*pP84}3>rJmrX5=ybo>K+I%j3Iayv*AEC6iclt87iv2mQNomLQ6 zgnxC={&@HVMh1tWrO10^_1ak}FlFe~?hZ-(i5O|R@4 z&Z#-*i3VP|9Il$BF)L$g<>`_hG;<q3z#@4h63SWQebh!k5q^aS? z+VyiohWgY|>zXZMX!n8CUT>zF|B?{4u_aAg4$E2Y4dC(?lxxJ~^?BAiIt($;D@qN~ zk_|U*ucyC@(odtx)O0G3RC76}s>650oC@1w_vXghr4?;y>a8et2g{n!i?Of{nqo92 zDN4s|Am%Lgy4~9r6(1kp7)LkYP@^pbDi8K-s9Y7u@#6hUJVn}_)Bc>>!eORUq93M4 zdp#yxlm>IIk989rnvXeONY`cmM(7LHKz85Syz{}57^D_A`KYxin4w0_&AE?*6-@^+ zk{(J~p+!Q_tkD!pwaF4Ml@e3F%bEkZJ<2pIMMk1K5&2h5cxU0z1mJe`1V1@crs?BOBpLl(~rA^GBLA9A!Qg8s{WMOhDv8^p58QPX76lv=^W?L zfjEV!n`JU1O{-g6u%RG#@idAc`#Ve)>EJjQk(rhUMm{MOyHyO>POvugbIWEl%wGGs z&rWy;@y)2v?lsNy1jk8Pl{!EWES?*`=qy6-uQe#JZm=_5Hmwe4&j(iP$3D;y4LYpZ z!6w=_K4%vb*S@Zo|E~GLD0R*|bwrwZrJt(3#=6zsx)IfAXoyF1Fd zuksCbr~>Qmi7e`{`Ro0{D~l3iEd|p&i_7a3uA(>-Dzr`f{oCa1M=J74>~n2JcPbr} z=5W%G8E^985+cx?V>d}^XsZ$*eP(jaKX}|DZHIy&t z6Qb0C$81lRi1ZzTpO6}`i?+f3HFzfxCY@Vsm&@bVbXxV8tiC$KtHi5shG#L~jVH*1 z5^PrD<;W+Xu8905N?(oGVWBDJZxo@Eq>#I~*W5v?>kFjyE*Q|a^ z3e#PQy1ZW2e~#^Mf4?T_ng`|Z`Jy9CwIjQO*h$H9Y@vE&)BE(|AMJ@42a7AECek@_ zVOu2YLE*Gx@^IF<%afiJ+OUfveTree-|T?u(Ya6aQ@$9zW5sUM0T=#&a>Yj87xl8= zkJ}z)ZK$iOi`Y4n%sq|~^SuN~JUBGOmLSq3EYYb{rZh3phT`ewj+*|!EdP`*WD=Erzbfi?h+cNQR)xj z1)plDy6{j#w9d4A?lBBH>eRNMU&QNd`BIaceRghPcR!C`j|)M!CR~J`BDS(07O4C5 zY^`F&Qd1)UpjPg0tM?0G01!O5RPTbCZqGIaNrkH|d_?p|Q`Wg7XR?@@3^yzuiFb|^ z*N#41=UYxsf}2@-w;Na0kmBSdT)JO(_45<~;xa36GLF1FT>rSs8BaX7f0GBjNzv_9 zr_kzcu0jnaH4>l5*AL-$7{?jI&9&o$<>4%|y(zX4YSF(xeGs(JC80UjL*Xdg{(VG} z;+n3dQ-!e3`SEt=Tw5*_yZ&A;tpnS?Eo@!%0l#r|g2kG^PrTPYr(rp;GKLk;@@Ps# z`q}-d#@QyC9G_Fyz)y5wM86n*pwg<|3?D^FXwt~UFw+Goi^9X2vbNRtCP9%9IdNDM zQGv=^+&~GCj|<(-VG-QL!HCv8E0wRa{Jc6#+EEm@r((t8;Gshklh^r0&qNwQl2;?* zi>y+i=W3KmuKBPHmtkYLe^X1QVFnyY*fXfacQC zJ3hm_e(l;-wN2yk3lb1hFY{Y&jFW4{+f-bwSXt+vjao>@jRkT3M!( zGVB_nyC4bZ-sX^a@pH@#k>0g>a+~=2o2DKa>S@CAJLiR1exC*Vj#gBL$xROMDjUagdYoFQ$mM0FW&OcK!Nlmn?a7VLt!l^r|X<18PSQ_4sf2snb(&Wm#Bh`c~BVifZb)<{!N`t!!et!1^QPOmoZY zrAHn#Ta5<=n%h8j*zn}d$(AP!BrT2Xgi@_+)3eBco09~57$oLr|`e3#G8QrEion%!dUOoZq37NhUX5$Xq z>eTe~eQ>J9>`vxTK(4tkt>W^i-BSO}vCK@fWcR^pz~#Z`1Fk|Ovs{kSrq9cf(zCJ- z*5KMC1h$)`zh$Zn-xjuMgk(b2b0lYZaRAr0J%l|!6*JbF(TPcJz%SzO?PQ!u*GY

j@~d z?U!)L`!0Yko}!C(QI^*}L>L<8t8ytqg4*CX#(HS4b&`}Ni4kh*P3DtHNa>rh} z^nUf}kAwP+fM`9IHgg~Quzee!hKfCOz_G2GEBc=uy>dRz!j&iq3A!GHb$gtNOAEHY z3))A)dgy#Er8=EJX-1%_kf2JLUr#x^fV8|s2jE3WTj3FDEpcHZNe5!V82vf*wUFnDSj%wWueSj~Y>yuwiiThYBxM-PK7vmf6u>+?pQr zASHa-c;Y27TuHs%bL4VN-}a0XZ|jkhHeH^tSFX?xrTJ><>Nc61k_1%)&OlwsDlnWt z4i3mYq!1;-nIOdl3xS-^V zoz}RFeO@s{B_b+4vrVI3QJ7ty&dkm2*R%GRTUKuNXCuZ>%hI*}Lg4~bm z;!L&|@RCF${pllVW61$&C*D@vPs{Bow4u^-)YFXRB>8zDs8w6KVz;CPq3KPiSM#6zVgT_O2h>LpqZp_Pqep2=>z4{r zNQlE3tr3+j52BN})Dcjy1Bgx`KMXl>Q_hWCmWW}+VRs~qZ*^rl6R=wjTgE21ZA%7& z(rM^$@f_4elkRRl#CgiI_{dP71S!Ag!UNCNfq>i=PDuFD)JFY%OI|3Bb#{k8q9`fM zmzh^zX)N?Q;}92t6e5VwH5#e^?qo$nd?_jZfZ}859Qus`7d4DXlp=S|#K|c-1Jf*0 zI$rpd3y|0wKv{7trUe&>`g)Pb+yEV2q|l1vlA4g4%yPo89*$5KO^%Nr-lpgpn9Eaq z;%!N251+uH*4fIN^iXtpB*1u-+;pb`H<+#poPhVSL`i7)kRu0)qC zM&8?@s168B6a3~hhoRP$vP5R6*J~#HU<{BdPj!1Q2Akwr#`Q6;SVK3!1<*zmsNnEm z1Uiq_x@y&^@(X@ft@a<0*_`h^+jPW4@Xv2;XfCdr0?)7YLgL@H8vG$ zKwKCcx1p6)(!&%{O*pZMmEKgzG-)PMq`kt5y$qo;)_+I_!3`rkyh`8s$T`mOgpiVPOnZYUzhn<3mosY zNTZbzQ-5zZwy8)oDN0{GGsbgu-yt5W`Of3FsO3=f@-FstsaqiwKqrd^!;4wt+4MSY zcrH#PL?c2p2_H1&jG*`^ad4lFW)4Y@xoj-gt$g;r+t9m>`iQ8=p(oMb2l>-NYc5|Uh+VF}|8|Zn6wzgbUiaCt3L@1_n@pif z0FQMh7A}u{rn-j1i>#a zQ_&<5-`5{>GGj(eD z9(BLscs>{QY>uqLx;FlPDXWqp3ku6*i=??xS*|`#eQDgZB3{XJ1S%0cynI6wHe3v! zz;+{5*U67B5mY;to^Y3-wmkC|J}l93T+5vy{2R8OE#uzV;fe?(!L7Xb4RxjN@3mN( z_UFQl!j09eW}Nq0zI{_mc@W#YrZ14*1QYlV-dDWKJJVUdP;iyV=!iRV@%PyxgOt-q z?zDrlcpBLR@neUDTT;MuaYi%GVob%d9g@&tR~XWqwV%_r9aXD{m%+36=brHA^mYAM zRtB~nnkr$uGv1w6F;j&-QUcqL)&dZY5_hXu@qr0ki$2{^hEmw)l1aJc=M+*bgaYfj zTF`Fd*qW~ETD~-r=syy-RBu`yNpDt>)|?`tf?>sTZrlYoM~JiPoW((LBpU$lwM;7R zzp>r}F#J%gZFpTlr**=+FK)#~;p=&8&doJQJ5Yj{O~{s4b#FW?d#+9bC!VQ>!gDZ? zx@keq2I*Z?ns&?x*g_-dMS@%4;10*W67SRZw?F<5vmOwr{A||~w*MRD^Ru^wDyJ4` zTQ##t-(b|WwX3^m)Orfr%^|~gg~2MkZ|`uz7{hiuS2Ir;lvjlb3yw8Dmqp7!I#7S_$yKd z*?9R2GA{hb|7kxZS58Boz$mXJT1=Ok)uiu^0@$^$m3d#hw)+YMRwuf8 zk`HO<3enIWj z9G;tV)v+>}$#N3X<%?{u#o!DC%^t#+?}Lh&X5?@~Oa>$kisX4Za{Z*TZ(TON9I1@i zb-xyxdtYlX=Joy!L;arS@Q3OC3flG6T&%bzL!k+Fd_iId+ERWf% z9X(W=5-vqvfCj~II*z*=kd*z55_K5DZ&`o|bs1*YvsN zlDtD9p%kBhENWw2N{U#+V^f=`lS1fcWDS{2%dZ%8RYwYUx$*QtRuw+lp$4@RtyVQ= zy!9t0XI|7f82ZKK zR7O{#%C7hMclP-Y)MczD5LY2p5sp~-P!)5zBc}^`-agw+6fzmANU6H|p1+(`_+&Ja zD{**9&47ueLFgs9HJe!WgGgM1yA5@V>VB^wgN?Y4uk_{Q7;;@GV6c(r(szXcIFL#9CUeuaMfEJfokK=?DL&qA06-OajQrILuRSpmrf#( zF^7PMkoyG&fBbDVCLh>P87da+hZGM3**%nILdD9|BsAs606uW$Vk$O8j6q=(DP%Qy zs9VHm=an2>VKZ&0D{n)ENd0eaDh_UIuYf$#t}b$KfoqRrMv^RWHFOu$lChkn*RFla z*(SNH&}3>pwInmy*9u};nL$kqy+RTZQh!6uDsp)Yofsacu2*)&6M3bt0GU#O7NT{I zyr&)7`BA3U{&q>sm_bx;1(w?jfClc^F8$F>aKkCMbPoZGs|o78CS`8pZJA>qQZ%+Jx+X%c({6tBgLg75 zR>rm^&#KhYr^~Jj%Ux-OLKpJ4*~?3(W@D3lx(@&-*B4Zqe~(<%j0DN-6;bigv9p6P z;Aj}=0=$t6%D&T<69Hua=@ASUIh3B@TJKLyGA*M$Hnpzf;ote7`u>g#=gvF?t~m)* z?qDgK7dSnptW5hBxWZ+tc+=7`kC+9>v3J6Ym0 z6%VOV4uhDX6Bik!r+gsSyrAAXVCpeky^PR7XgyH0HLnp8RXv6%3gkeoCEgQ9ue|?F zH$g#nq9d0+->NT+9YHF(!813-fN8Q%iQXue?={w9jwW~$liMp=FTTAq47Ji`PzLid zNzG<;_T=QN2C1sTKA#?Bahh`g4^yEyi$LDmY7 zA3t{N$T7=}U-zg0} zI4SGeTQo4}S~8ZN7|a^mCVTmepvvS6uhI7xbGgZgW}+12KNpty`yseflLMwT;k1x$ zzIcH~7O1@(zgXZk;8MKu7_PVUY?2@A$hDZAg$~a-xOkU)@&%G>AtW6z)cj8C03^lL zn;Sb@f>E`EDu;RD)i^LDX-$N{lK}?mUCx*T^?C(3UYKS9BUtleQDM^MMShKXDpN)~ ze~P-iyg2I!dIaZKAYKRDo)#!Emd*UVJ~J~@6VzM|I4}dVynGvKrGsa~#0&WQf!U*Y ze}`f-orJat6bRkvamF1*j_s7W`tb#_?J7LQZ}9$6H?k@Y1dk#4GHlUqtBsbVlXj5+ z34Q~CUj^-d4C@<4S`-z*D@ZfX+QrHgB?JZr&ZGX>sW6YlPoY$37qNSB*ts#9S4NUg zy&Or^FtD5?SddLzS?F;D=P~OvI6GJ)Y{Nu;QM)U2$h3mhu1xZ7qFNyW0UZYoICRJ~ zuMy0u1x4&0(vOqmby<>SI~0UemqB zevj$nSPO*krR+8O0FEuMgER?NuNA2ZrirN8EM-VnvG0*yk}^V2(2Rtmk-WcMzI&AP z+iEiSaqH(?XhS8Eq{bh0jNGRip9-dmcmpzM<$#Q{V5JN6)8Mq6)HHeuUF0tQeM=cv zVT!l*A9|>Pu!W3FOh$yTizl7np9p>CtxyJhS>U=u-pL4#HNS)2F2A7}hem@QdCnf} z2hWjt?01PeC2C?+f@?`;hplMP{D%SKc*vFAgXf}f;!9qCTm=Q6J=i4A-;bnvoi^B@ zT&fve@`>Vzw+>ES4HC%xf<8!Io>$Hq7f_}Ev{W4Nbgcod$ih^Q#8M4kzdU6P>kYqH zBea7`Pv9LIV`aJ^-Rw}#AaRm~51)U4ctBY8TVF}LqfmS#MRGtAGfdK148J$E3Tn?KG6_Ycd2ICHBwi!59n+b0uJ9b`a zY=#Z?2D7KCI*Ughk7>4~>n03bSWU2IPOY{>wCqrvGSY8Wo+vU5Yb6FScY+|Q1dsKH z4D^t~x614WRnY_==sBL5F~X*BgJ;*(Q@9*v6+u*e^vTV;rYIY*jxGmWkdqqq7mb|{ z$;1G>x70+5>}x19#VLC`MHXn3y7rZ9uIO}v&b|(4aHKetxwXK$^Pz;?>q$~mntI)O zwaFJ6+?|T4Etcq4(ol$f0o9i!zibNw0 zcBcOgk_$)bDx%O!Ls3c))f7h=Z48y%i9+=t)=;-I-fE)AnuvjrC#5u9H0S{_s}rL= z%@C*rb###`9*QgoRtHZk$&u<{mZ(qU^UfT?mqqdlsb0$+)KeOMq&ic{tEs+XC4cqf z5ng`59B&59tf$nkuS zogo&`6P?IE(|Ocq^5bi#_N-&El9okBl2m-91S_49?z9iIXpwH~p40bgp$1TPf@;xu z$ zNOk5oW??ceR1~ux;%+Y=j)s)hJe!p=I#zbbp%5Qbyfl&!W`mx6x3P+6adlRwUM$o{ z%R2LciswS;i$+RW;35u_3t_!SUAm8Aml|v$#o@=Ah}Z-~Lp1JfH7Hx>UjQ9=1SnNy zw;>Hys60U!9yWKY>VxMW2C%k745J>8U76VF_5MUb_0)-*e8W)2$)&T!KSRPN!9{D3 zR(Ck>%%8vP@#w$KzlG!m%+4y3YY?=K^8t`;rgZp$&lzjWG!(^*K85m)1QMq1GKpZJ zh_69hCz2Y%!z9Jv1nD5c%S&^^{s0H_FTA-?&};`LxYX=h9tFOolhxZHj~`l|yh6al zvIoVuvEoZm+=_={bqA)Q4~kB9+!dyc^PiTUR}!EO~zEKu!V7>D8juBEv11o-lwa zyY}htqo7V$4jmUIE*3Oz&|Tnc>WmTvlg}%gs~0z;j+T#{W%=W&z?wwRD%65~a|sN+ z$j66F?V+dK0Lf_>RrbpJC+55}4v1sVg~$XB62VzW;0My89w}K3qGjhMu?iX984y`M z$jSjcaTTs1gon2U@#(-kLilmRF*eB%{kMqavwY^ycv zL)8B=a&m{Q%Z|lZ`Iy0mW58EZ`O%9fa$hea!YTo2sdes|z^*VN}vRbB1OM_ZpU_7-?(OBxy&${lJA zJSgvy-zX_;Y2NFhSkSn|^T5Vj9ru&(to|_jW11qyIVO9g^2Jtwvc^uoRX)y zgP^4+U8&WGhldADvdo}J(@a}Mv-_oOXm_E@Av78-??$$q=)@CB(0liu0*w7Ke%m2C zN%*oS9g3#UA<|)h001_AKKt(vy? z_uP=CH;rrsDU2x?2hDSrEx9RJ2{$>-j7(Zx!mn|MWKR5BYgly3pF03X;y+85``%UMv<1rR%KcimRClj0v$c zKyCb8M-1w>IJ0&AKw#Dn4i1i&u{~|z_PK5jgM6N@-e^-L{Jr|G(%|gpUtRce0oA|% z%e_7maN+W`O`9rj{j)Xn>vB=3W9!yk`2EkZlV8f=FlOi4wMTZnn}7PHDhOA?Z>)*^ z=OxzJFC|8}qH%&p=O>w<{hyf@a3Lh+^S=K#UQX;Yl;HCKJlWs(m7wUdhNh+_a=5`= zv)R^Siq_sVm-9ozQ8;W!_iNgdj~@-!P0Yo*_h7qUcfP&Im7H_g^KSA-k^H@B?F=D- zu>YV_#owh&qrrV|oZ3rr?^LL21uQJ52N@WgvQ}SO;(vbetl=ps^PK)IlJ|Scm&cu< zx|Cf@xc|@mAJ5?KB^y-et-^=mw_iKC&^cRnJ%wM}3B$>7l75uB!SeckliadmcS{lnTyc;-(PVBv<*mNrNiX(tv>*5g8Tb&6;uGW2mK5e@;F)+?v0ebiwREj_&s#zg1i z`1q`$q01|C4TADNyFPvNXp^`9%!jiBV(eZ z(ed`|_?ZswreC{HC;eSA+S6ol)MI|@(o&BNO5@ZN0QAsp1iQl_t#0}9yna(93^P$| zA4|ae#gSLF+DCuC>-?ia9yztTh-o!kdt;a9d@Bh(0VTe>VPUO**Pe3fR(*GVBuu)Z zCAE%bmMi@6$;)4V{dKrFp@BQZj^+I1}A2yRfB_q}pi_BV~2& zcwfLU>~3Gvw5gWXU1hJp)PHkxU7kcGmu}zpirJl`*Suakb!JPWxhN4OjFF6l{`mW+ zZ%v@HbdRNuKHfC#c0kifwB=w=O#uNVs&FZF^=|FX9UXtgZY3_Z{1fzOv`^D;zCl{$ zZrSlYsmFfQopr5SDuX#Z>z?m;4mtbSY@U7{?BIh&_?4OW7rUfz)+mQW`9vi`32K2Z z^gf`K+{vW4A$lGzs+N9Ty4+}J?e<+&Nl&1>t4>aJx?>~8hH>D?`Ebl|{&?VP#&RaI4)_EVTs z)=z#pm-wT5IrUOHL`;y4*Q>5}s==$YGnaT^_ga#_|IYaP$s1)Ta7N?LJ09*4FS^}~ zt9Y_kyTa&7g3r32T~d4{bU!@GY`tffJUx3a&$9TLB02HN1C!j%9m6s~`I!4M>zT0q z14>G#`jXehz!tan3FkCf6pm!0l9d9&gE_;(eVwn1&2QZ@m#nax@YT}MX=`Jm_s`AU zdoUpSZxpza?>=KX^#IG3qHa~}acXvUmIaMQ#@zD{Sq9nR?XQ@G<%kZqkI!%2`o~^z z@hkM`TudrG#iYS2XpTGILkoDEn3z*kbS!AOE(6ZzN-z4-&=nCij1B~|&O7%LK(}K9 zH&=2UTdmnlv9q8|3ik2Fs^XVo0ga@C%Lpq|-IH4MFQ;v|snWjj#_fmZM0=NqZv4CK ze_H!5-ko4}BVM6Zj>Is5SSA`UP`8^R`g`L)f85;u5I3mAw|ABVDxGL0b6?aFZvQj? z*8f6Ci1gI`!PC8AegA{^3cGJTc(&ok(`)?yKcY9DMG0AZ=rHef zAJV2IrPB2Js+$bmo|ua7G^y^LTlvg!MWK$n z|GtV3?gsEouCyfYmNs|m?3Ht(Nm97~W|C7@ugKG%i45?q;uq|5!Sgdq87}qy@da%( zedamCrE43%fD{GauQOKae!(^$d;jYv^BsRHnNhIVN#||hwkSaJWA3MqW=Wc}kGZL^FcV*2Y z<#SgVWK>l5|AkomF*%@>k*OHQ4!dF+1a9O$?Ji>2xy%x^&DKL}g?EXw&!Qj}n~D)l zDU-zKhw3`LrFI$P;Q41ezNtdoP$M`5MIz1Wx$j-N?|NQKrn_y6pisFR4m&h={Q8>D-9jAM~R8MH321=czC=jVFsGG zRj6pz)zw9&0!G>^A%Q@$a)ZMwv!QqHZ#@9vpE2I5FQJ$CK1^ER!?ap}*T|$<5O+nP zz^SjpX~%fGTPgrFsC)0NvMJAzE??FP+amp8AkAiLL*UG(8fEW;dJusSWM}QqkZ*r( zoKYJFpvQK9$kd?_>Q!|1S~M=dq^X!IHHD6Q9!!s@1vQ)AR$!{x*|KSorJg;^Vb7wA zn^Db0fx{OoG$XUhmQ}v{pWDwr3L{9uyf83LFY(yZ1BMx6UDiRbByU>Wx;5U|mA@UJ z$@ZhJ&lW_Ko!AlRu?f3|`*w56yvICw5+Tq%OsT0QajTg>V1leW5dha0@=YiLCy}F#vff$%Vw4lh&+Gdmj47hSu3Z38PZ$pzPt1#+BavA?T#pICTIdwc2vOH~zY+gg4za zF<0RgBJ2B4skk<72*z|=oC^D%CG`8)#jiQ$i6j(mCioAZMz5q?Rr8pCen~I64RYUH zkCDc0jG*9<<>mDi2s%6K(JGsWae^H@3LF!nzAZdFBU zv4yL5I^K8Os?-pLOMgl3*_2VCw|5L3#fhYbm2Os@4OyrXKld%KytZTi!rE(5 z{aX-!m%uCtdU8{I?7CnQlDnJ=ix~}_LXRx^0hAS0zIqG6uOTH&bIGV;RC8iqz`|(S zu3t`Br~Yzo=SiNx6jZZbOTkfFr3!-pMiV)#Br?#7iccMnqUklztNKhLjKNFaUuNCX zv(_=Vq!r&WU7Gq-JHqf^*D?dSUwhrh^HYo78LL?RqMN{6&mHC3-L_utB}gCC!Zj}H`x zoMIx9ZAWuk63eB$F!=fBpS8}Mc|Rg)!8k+J$c>I;aro~>M05@}{9HYpf>>0k4L0fC zePa)gyX5%Ah5MHdM1Xp5??)~n859gdGU?sIk{ysA+*`AVcIkE=&T{iw=v6{sF-;8n zoSIMks;x!W22}=pPX)SL%GWIKBJh+NaqsU(;-$5j&y8;=G-NkK!;c%51{(15vl6&1 zOFsX+RDBjD?3xwcn=M30?08cozBe7P`PEm|cy&jH+MDkg%qD?#{kv-sy#**8uOMVF zg<&unJ&E2+9ydzVm$0YGU2et7Y^od){E8il{#sM?)7h#yaAqii~DldvZ)9&C4*Jod_+rP~DxoVQ2^7WVf`@R%g{-??G-K9f_ z*4>6fdjU*2?O~GtEtp#Fu8&;>Q)Pv+BhfVM*Lm-5T%Fgjcm0L2(?46f43T$BTe`&< z?I@0!6aG4A$LgvhwtY_pPyzpip!YwmVssaL78Fl@*>!7^-S=P+l5&CX|Hv}dfAWzX z(^?JY8Mt8cmoHzQA|5zi4s=wDtn)9Qsj8}a0jJ~{d1t955n~*owh*g_Q(wWWQGw~2 zDX>Ff*_q_958A@-p=W5-mSAw@*cOfz)Y-;6aueXkZP1QY&22cp8NIYE|HjTeUE9FMdYg$0uY1s9}Zo|cx@7fEdl1Kb4!1TE;>HPB1YEAvrM3HDiEIKFUgh2_1Lk8d2h zGl$1@>pooPt!Rt{eFyDoN!KG8H? zB)D!}3p_128QcqRr?{--c1%Sj8|vLGAo8s*>*E&QD5KCzXs!~4&Bol32_?UoCs5V4 z^X>tH^e~NvfA{X41xxjmyHqS1TMmzK*n9U#-~yjPomoWH?<_#VTA#kU9>>N$hyI8*)Z!l| zBqWp(iS4iKv=L$jxb$id5c6dCLxdIqJ;$YPGO(AgzyU6qE2|EDU3}ak!fl8zalWY@R=y{f`weV(dRq{xM_DJb7^1Yq8mc{3w znr%XWCmZ#lZYljt@|FI@EtPRLZay{M!R!0s#I{lkU=>X`v`w1UTIe1zrqHVpW zdzBbdJ*F};GXCTa3mL(+1)wp-B_&zVDqt=2xG_Lo9pBy&Shs$CRB34`G_|vL_Y}hE zW&-a7Xb@5G%9#}CtRe5&SSKiGl5+a~y_Hy;OvCh6cyUVjjT<-S3W$JM57er!Hb3(} zSLUmTsOB6HzM1;g7}q|2e>jpXlic{^V3uQAYU<@;F7%|7qBFQ1p&zPpQRT+$VIS5E z8V_B#bm)R_s`C`ST(Q}nC(-Ppa3#Os&RP!&v70T549n!x@}C`=CBr(wYA2lWpjC>H!Nm$(Zp2(2>-8e9*WBxFblX&Q2x$ufP7< zt{zx)&^Sw6QBiR%Kfgs&Z@tT83&9U^ptsdB`XMD(6c64l@-hSCshrnJsDSp^ z+|0~b;7iHd)jzsgb0lMpAMieq^|iYcPlYCuO(UUGe-H>cxGecN3bo{!aPZV;&tC&?*21h*JCYOP26p8`P(&fXZj|Eul!_X^!8dGM%R z9bAC}>HvO;TcC!IUX7j}DQd~`H_aW2u0~+SLjwcPz#BV(UY7)~V6ImmOu4sqCSKlo zXnZ^iX58M>0W{OY6PqsQ$O?P-E15cohV}+K*gfiDE1}skhYug_%)a^BrN`vcr%xvM zAZXD$^%lKURZ}z0x7P*L6K}w*4T=y|@_08rASZ1b-70eq2uMmwN@gqJ+FDw#mJ&k+ zMOtnOsqY6(=?h}^v4Fvo53VFp+qv!eQ*hgv@SMXztCH71YI_PqfToc`hrnsXH5p}| zJ7}7hh(s+o9?eL&2IlU7JjHC%Q|dEi?(gR}3deQ#&p*%l`4#aAiRM7lIs06i7Sh{= z^x`>CS4`kg<`|52;1%SGraYlOFPk3px;@Kuym~d~@D}Z8+Brc%!RA>Uf4CSruSPUL zM^sewpkewwQU9S|Yy**o$#^#YAVgz0#Yj9JZymg3H|X|rz=DQ7u%6EyKOWNV0_I>+ zQwi?6Ez9_jKL%4zBI);)`Vv^By9k2_0I!_7z1m(pX3n!yR5TAB;T@YBZon|wO^rcV z*_WJ%lCLE={Mp3v#0Y z8N@>$f6rL8ZyO&!{{+0~$i&F#5wa5mp1>3`>W^5H`6PfP>!De3Kt{#@0)jDwz57Bz z`3b))!c@+{B`5*Ug)|#{$^IIMr9%t(zMV$`&oUK<%>p713&tUi>iP5i0y~eLg%geR zvMqd{cD!m&SYGYHr%RISu%WL&ta*fhZ|k{|Ij39}tiYyp`&e6pe@u@R3)`$%*zT z3b6hVc0gogB=Sr;82#u3zM`;Lplfp_Xkd$#Z=ap_a!aLu_50}B+A}Kv&q^?iESRDV z@g`VKZ7xbLrZ1V&Xs#j!DA%bO~pww87F z=?x5XIu{MCWW=4#e0qC-a1k6623SM|SZ*+&ohx8f0JrjHN&E}b5%(q!gaiczZH7~A zYconZ=Ki}Ikr55RXJ1|Ue{>1Uu&AvB(E2*?8?clpFI#&Jc-;F{V>b|yb40Pr?g=E* z3_XNFr{UvfbN1}n=q?8;2^Rx^c=lqBID-1Y!#)siN>VWeRVT?Brufpx7$5-e)r2l) zXXSO?{2+3f<*yxJ1faLF!OgiSINSmNyZOYOQ@}4x0XnHg-xe`3X(1t@L0)|e_NmC} z3U07&;;|2l{s0l3K0LcE&aOTb)C*H5wQ3h0BmyzylJTFzmp}b|dv11C#vWy7Px@%* z8&?OQfAHfY59yGUl$7D|ai_^vFTk+gfCD9hJQ|fsXbM(X8t%E?0 z)dBX~IUu>*8@7N*fY6})iDP&rcq9g1$zoQ>h4+)>7YmH7y>@%uW(W;?jkAn2$z<|D zgJ-wEPKc^Behb-hJkZ3_z_(ghDFh?23eu!#2Jl$Ykk`KTFs{BVumQ^#H#O}%yq5_t z8$;08Ho23nl=VRED*>E~5MNb^J{EEY!jk5xpl8&grfpNb#fHhr$!#G4^m#0^O(cl``n$?JdSr1?QwN|nyF3q!Ni#`Lc>8g2X{j@4g+k}UIRz8KvsLqn zIBDJ7zO7~#fnv5$du*S7Uj(%|DXQv{4Cmni6(rbKT{3`5d|^#LL~SD=>JBEJjir46 zgTDenfw0Iwr#A{i;0YUrtCdF3J=RZ^s?Po23BLRSXEsOD6MO&vjtmSRn-!lcwtE{%!Pow z)W6jt1W!i*;h~3}v*t`Uom{(mWNm5~%Ef8eNeFmdf5zzf#-4MD^0u)pgM~-{=-$$HUHNk9&|wKg6;{nkU2F~uJZ-9Q4>dBbTSj)U0i;>cccu?E(O47 zy^5@D{Yk{Bx!CSyEd!s*#<=LlK7|wcmTrE8pgMTvbcXFYRV-8mz4xhgZ(3t9O2qU- zX}PNlAzZXaJT&suU&E-ZkfI&2XS=n(_*PFeOjIh_d2&S?YG=DqPk2+rrTfic)H7(I z5PYcnam=pGn-3sbD5gh-^T-X3&`@hWW~!1t#N&o4yMUk|Eg%-++TjQjP@}(I((Iqj zlLtztye*TwKGY(+L{|hIjr9oo!2P&=|IJn zh}Kx#V)sBuB$KZ(+S$o|(I*%VOS-P@n$@^4>1nksD(0b8EY60)btSt7BDu3W7S+9Ib&<-NohIC=5shur2QG z$`6jve9BYb+G+y)_u9#`SpCPf9fqi`(}uThY#PC{uIFC6%)dodAZ`eOgBD6~*hpH!$qJl|-&1*Ne0)XQuhZVY#gH#kDH*t+p{`y{B73qDh#5RkkxIPhm8(~e zruq6>SX3?}65k&o%b|%{;C+tmhmw57GrDpJ8G7EzGGWu#S^&>4fp9QNP`G<+ps+$v zNA(~v3M3M4ZjHEWRFzAv*xjALFD1_rO#;6r;ZE#a8Y(V8dFd1!Z&1wb+qW~_2dz*- z==rgp9-F9{U}ngu(cTPjvO`!{m|#MLAJEyT`Rnz)&iC&_9`ndG_c!MaW9uX$CPqjh zBX05mOw6LCYdWYbk!{-&Z5z@Eyg-~B2W+ukSg}#cczmZ{oM2ohY~=7?_Z$*|c}RR} zSFxt2IWK!+r0-rI`<>LqD_Rt5olmQ^7eqG7Jqp)w7xOz2t(X9?-GdJjrYyy{AQ6$+ zZc))=2&HAMysUi+PPZ&+lWp~qs^h7zb)^Wy5wE#%n3r#3234hgkeQ~XJk;N;P$v4c ze938wgznQHFI~E%7j`_RW(X(mD1$zLZk{K5ElX{1ytK>S4H{Qab2F%Q;#%=14=7yh zy(wY@N)DK%Aa2q5V)Of(xv=sZ zYqDAt8m1~rUq(y5s`Od5bZOa0=?~qcL8(*0PfGYQGMT&d(jK0ov<8gYsDj6Ha&meD zSFvfQuetV39=W{lWy}{C-gNE;Cy^%RH#Idij7nN7Jpwn2ZFSTL};6wT(`n&SH#?!F15)p2!Z(R^x1^u~9 zl#8;vdIL1n67|v_5lRs@P0#4)ML6a})H;U^aC;Hb)?5ol4`l5zbX(uC$or10!qIT? zD9ZvE)y^bJg-yrHkdM`mX%7X%KT~0Ig3G!xOo*k$E~6IuE%4}$3lD7UTbD|fofHcZ zXr^paZiAm;V8f>uWMnCs>*y{5Ji12QzF~`W-Y}v&OT%rFQA&%RDzSA7JX~T8kA@qd zDs}i{O*I;OXW5T8L3#-|1=Tku%DpOBlL6@zDR! zH*(sa{_Cp3Bf&x;;Id8)J-QJX__o=#HLCObKSM%7Nc2`SSr%=+DYf$r`u*;9o{j+^ ze7egIlFKRZm-Y`h|V|pRaI5F#ypIi)rIRi zFQioT72M{yYO9U}s`-qtVVwx8iZ+GDd{j=J1!MF2^M+KE(`D(~qn3d{MaOSHJaeN( zL#u%_Lgd;{cshezyfuwt1z>~Ban}>YJoPQkq?0SXN!hfJ!k#RVa`22%_8vl~n1PsY z-#cjn<35hIpba^YKFs0J85X`iOWK|(9_f5c30pEUdKT#$kOIHBtn=JCs{W%jcjH(& zkRnGk{0+XxmP7P``kZUz(W{>E+;$>_7-6~%~c&$NhnL(s6?VUn4lhb>?&AK zs@GF*bZQXptx{<;($VYq-8~1$MHo$P-L>l|f%_n-g7}_ScghfBh@+T--tv!V+dHbJ zRt27*v#ZN`@XZ6<%97>FwSXLaxSS*8R={*>O^)=1-nwO0R}b4Ls&<)|4}dc>!?J7* zut*Q=m^MnUpVUqw6er9Jm_vDpWWOJp5+NI*PEh?SNsS#lbYrqSdd z(W9Zsdw0PMp&e5bHR$LjYV^s0hxRSiZ%kSV!cZrKv=*kY>wIi{odU!1s*QMhn{}fsW zKEBILf)en#(ftjzgBC4NEJ_Il7FC|%I!7tGpGH4M6oQlF>FdSObdnsftq2TVqD|?t zezNy}fzaz3q_&NVy+JG_fy}{`YuBh~c9=k?B9P`bCG-k8IXkB_-a1ZD9cmIo3BB_E z*&;%iVzbqunJ}nx30sK)A2U8Nu}ehc5I&8Xh!XO&#EkQGLE=xaW+qk43!aJk={(WB zPaDINwbA&Fo zXnazW!I{hl8Y*6Gh}GN0$49fB>A!K~#u)@fZ$Y1uv;~QNA+JY-6xA6VSqG51j{S(1 zRo)`@=UH92R>D{lZzrfmO;$Wr85hBJM4Bu4>C-)S%?vG4HV!`K+4JW$u}ApKO*$^l zR-5G%%;n|Uo(M1YMr;Y!ay2q4N((kUNLWR=toLd;`tVY9OuV%~6Ni#)O@97c$RQ?~ z9WKrNaE$fOl;nYIb)?}Dk7_Z!+{sO%h3+l5YP%-iPi+U3(BU42wkRlP{H!q(*KL~!0;Hy((9a$zKJMqjnZ{933PXD90*58uC1x5=>nqu9<{{Euh`d{03AC+l7I$SQKkGcxuS zpm~rWP>|-DEFW*&RmHi2@=1Fb4|146IoQ@wD^IMGv91t8BS;chzH{(?XmYX8qHN#3 zor=ag1ofv#Ckav+%hBBY<%oNVc65;=?t$keZS&`k6%`f5z0wBeBQRV^h)YNc15^)s zgc2S;6j2+Ax^1UKOP-oWR)k;?Cr8Iqpcsi!PkOdJn@-xR5v502ZgXV7sgJKqDrese zcXlaueA)%4n;WEd!0I%}{sgf3=!zxISJcGBLNQJ9k6YL=zze`2%ciap=ah#u3mdv%Hx~9LZFS1y2N$aCZCl$D-*~Kzr&} zoP*OcY3%m)AsD%?F<1Ko)5@XthH6^?ltHgP2E_mtN4QgNp)TXph->$oBDra-!8t?a z8IaeYvTtJXaAg`Ueebl8mD+t0ZU($lEMXJJ$HwAuCHgF%0*)N~6AT=UJY6j4QJC@B zB!KjE?uLI0y=@nrcg#XY6Cd7lhH~W`p+(S7cgkTgWm8P=l=Zgy?GiJ`ZVO{ec%`&* zyz=f!Q^P?0Obdm-A2@@6hhp`$IQ2#gHfDzBsC`YcfzHZp$98;teL(Uecg*qlZ~N4c z*2w;T<;r1L-`(KL*(EfIkH;5MI#w<^|DK_>=o4xSGp$~)$DtPtuV6L9L>vbn`_x_7 zH-_ko?va`+95Eb%vYMEVjt=~M!{bIv9@Zj!T{Z}{r!2A7XMuwxk`L){k^EGukqx_J@~t7w}W@K z5Lr@vLB1nfRod>ICY}Px%)mpehCQ;(#i1iaH}LFj_#!TsyNaLxK0JEElp&MJM3{cZ zXf%((K<3DC{ay=y*saF^@@RJZ1vx23jr`_B;O z8OO`kz6|;7&W?^deNz!}4&ljI(ZX{L=%BS}E4+k&{nlKD63kSRrS0lMG}2y29%LUt zRgxuv59oe>`TF&7fDav9t_va{(MB0a24o_?2I{Aw|BHMs4#V!*hhct|#|`Wqg3{AK zWWxZ@Hb~GDF9b94B%l`D36if#$0GK6Km~T1wP;3zp zWFpNw{BXrjkh>)D$9lQ*reQxxC@UMo!Gy%b#J~YOgo)`!Ed#+e7l4G!a}hLA5gejw zATM|yrE)1>PybI`O$4JT*!D38@pOa z$je}LA##$p;9oKOAOR912jI4}L9wh76r_sYHnwU(%QzwGAFtl69S=f@xC_J!^d>+@ zuuMZxEItR~lOUy|VWJ5H;@lb;XqCXhz>PLEg+Xv`*Nz=8`|VB~J-T;M}^dFX{$ihV;`9Niu{a%`&y=yMmy zhGe$2p18Fax;&9x?Ubw5y+yQ55V+~}-2kWk^DQ_c2ir2jgMnO2a*{N%vH4)9MY(qM zY9gM@esL@>Df}q5Bgaj2&5fGCT2hHa=I_)nK(5|Fo*5wNAA5t zCIOWazTbNE17f#Z_WkJq3G2!p&OGNy|5^$^*P)5+o`Y}-MJnkGF>FaJhXZr`k)r{k zJWZz8IFCvzik$)*GEgH<&II<2h#K;B+Mp}xPm+?TVc*LlaR~nADThSd@cyBl?$|4~ z($!-qcp|AetyE*B(4A*gk+8y7+ye0~{>ug=B5_oXG91-RZxops{_w84TB^+Qa&`9O zJxkh#=qG5&r7AY0J;NwR}bExJ+3eK$`Xj8tI1|?&*Lo}Y<4VCzc%PVCubZa&sMD5 zorkCrP>sk%QALtdJ<2mMXy?^uMUaWG{`%fseTc2nMQ@KQI3f2RVi^HLBygBfWJXRU z^xsW~m0ow#Zadayh=hvjy{T{Q?(9ZLZJ$|=M)G9wY9-SBJR@u0q=S^2guE7UpP-(1cCJQ3a2J3rsiV>Ev3-{TX8SPK z1>QC@080!B8q?ALu!wz83z|sCTefxWAsd_c#Vds3iKj(kQwIW<8RjJ`Kt@vuz;pum zM&TM66O^WSqw4}i!QVlZ03u2gcRW2kjpF7# zwXjy?TthlYYJ=SQP3nlo9RAZSJ^x~|$?9j55{||Jibl+MggE5)PP77U!bG12S*e+K z(GJmR540mr;sjdIbu*CaG~e%uGciDEAxRno*yb8gz48}+#^ob|kqJ{%S3d*64u^X@ zW7_yPDK~?ivTm|+h#*p3NmwE6vY~<2*0B|)-Nk|CcqGFgstyuj9F*2B?I-aV^7J+* z@}kdMfK1r>boW*Sh+?p(7}aH=w>=M6Ym$l{67BTzR5THijZ1_x96kRojr9ZeX{SgY zT#%2)gROKLqYJ8lIQE$rFC)Pth$KRr&<)X#`0M4%VAJm--A)|KZ%Uq7@U4OB{qLx7 zkHpHL)FR04JpO@z{Yj|>?jCRld;y9D&*?uky~G@AUy2%ypGksn>#s<@r6B!@1Ezt* zF=@qx5(9uuL@Li11P=m&gSFuf@uM|NZ%=mD(7M>eaj?#WNJj2+7cNwdEXDQjw>}9_ z_be;NjI@_9B%oiBUk@Uk`zYG6+NpjS0Dw7=4Zw?Qd;{+|I3-VtwX{+U^?z+AlWBI`9_VIWd?Ynov)4KWY zg%qnl()dfP`nx>Oq^h5Uj;Eh?4p8HKzxh|gJ7QPzcMr4*FPn7E-PjxCpfKrHp*Y$?5Uj9CPl=ctUMB6l*!1^q>E{$7e#f5V>|&HEJxER#d)L^= zu8x_$00Ef`QEW^i;C~$Hbd>02RlR$+o@fmnyC;)ecCzW`4I4H<4up0WVl{`JFbRKo z$??wvye|7wLKeuG4M#YP#a^T%9i$zzsH6i7Vx`d|GOUandWBZJvR+DGwqewQ9u z|7#d!^VWrX{v3iH@7(iF$b%x}|J_A&2VDSZSX81sLjM@PdF~4Cg_29gFya{w%{Op6 zN*<3-dQeB<0!jd;g;F8KvW*snL2g2hFZdmvC7pInsj9R%a^y%8gi7vtPopMs|J7yd zJ})+jn!Capa)HK}+y|BB>-h6H`9jd9T${6JuLCyOf3BydQBWC~A3KkNL{J*6dl%km{}s>-L1|Ep?O(Em7qL!X6!FnR>P-E!TnAa zWM+xcMg?d`G4ivQ8&%fHqL}S2a)a`9>|u60Q799D{?|}nqpT`z;|7%SdvKxe^U=%a z%z*D}X%%*$lo<%DsF;wKQO8~cS!bEf>&_9r0M#&kWi-*qCbNe8?Yr`bVZJBlXl)VF?vUmY`= znw{{+AhILDa8Sjq(<9k#sDfl;fdYxNB2wFRpC)5)PrVt{8juDGT+R&k_eTwSG5o_y zLQ#og5D(($RYZZWYY{s9g84x~ffCVz zhZMXbKk!-5324aCk)(H>)_7mXSFUWE^0gMA5Q)`5a-d+!-?|4M_fDzfP7;f)z&e3S zinBm$+mXY}sjB;GF&*|1^Y@zzC0f?On4CDcojf5~+;%;RHS(Gq$0y+N8#^^h{r#Z> zDb|muT%6X7qbvzBr()37mSQ~F-wbua<59lg^svWU_TMVN)1>3=E-h8#WE_<8*dKf; zgT^h8b}PZ2%x@XZMV)OCHevI47gjyN`K0~OJ81~(dMnl0pSj#cG_2}Tsw+EYeoxSS z21(4Gy&W>|K=29!BK2?wQKjD=>0Hs!#<}O=1F@@<;dGO0RqM5^BAnG&f)6Ws##ZSjX&Q_K$QE79; ziAo(UugI=b$<} zbyShcN2RJ3)Xn5{3=iY}R4Y|LdW;qFDu2h%PY@HJkgKvQl(344{9zS~brHb?!BMlv zlsxyq_0oxhxvHtn_oOMQq~6J&3{l&5B3h`guaDRtf1BPZSvclS3E%6){5cL3jHn8oY^8$@#n{=p&)^rzMrAKIE)K44S3PuWrGphezx3BtqL2w( zoaoW~?aJ5*C1fX7csAE}{XH=^;fJ|HhBR(TEGlJsmKC7GDUjf|SQQ?RzF+K6&Ebe4 zZgxXGtf~b$Rf7_+F|ht@R0ju;4UM#)d`uoje3=73qB?+H<@}@>cP@ycQ7@tMg$s;) zG%v)~_4_Sc;SUM6)G|p23yLyvLhUcE8*MabrEn)S@J!`krGI!pA8ma}0hO}01ZJ

xp^(aDLL?33`H5>3UL)4Mo14mj<*fenz-^{MCAqdUZ~q% z$3{;b-10kkMSgJYG|WPKGB~>Mi0y>4-B*C688QcdXmDqkL6C}Y?g&v`{6U-cPvYI# z=nbNQ-Xs`65ctubfKoxl%89F)#5U8>7FPn?D2)2I>j?K>NR|k#L^l?-OR`dN@EE}b z%VnFsgQ&2kA|U2+zQUkLl^@!%hiDKbl!Tdn+sQ$#Z_#ASD6<~+l?`7Mgd9RKh*UP_ z(Dd$oncPf_0}9x5hI;BGfaR+?b5&ECi31V91Mi|KMoU?1EE87tO6P3@U!_1E44IeY z?+=o*_HRDsn&Tbz#~#3UWz zM~eXEs@;#*VZtesv|pH^l#&B-RrSRqmAas1v#{WVSNlrA{3QK3uP=ic!*CUr6eg!w z&>Yx?L^?#F^w5)yizT33D*)ZyjI69;0EXO(c*aG+^`d0pw1BL=A$b`k?d`yPeL}z0 z4JA8x@6Kwlx<}wx6YM;BZqYNacm!MKV1h=iyEkel481ycn_P#Vo`scIdd}?_u0`yC zwAt{0$JDd6%%>IXAj3Skww)RnoQeC|U^fP)G%L@7V zS+J+(NFr3#)~R)q+`Mk3c1#j4B=>EW-crwGyet)09J zAn+&&UEg|)zav2u2i;^qGz2Nh;lYrS=_;1*3}EKb@R?I>!{qYGFV=%YYmbi&{wQ=w zb|lx{fI<|2&lpchPmY&;Hcs)G{rCD89zPpKxWw-uhXH2 zN=y%k1=|o#9c5YmR@(%~&Knh?awG^H#w8%bzX%8&C32mpBw-vLn3kq2boiEBjTDb7 zC<)>!OqfEmS&rXd{8nJ59?V*7+9vjk`ijC-;a|UeewW>=_v8mG^ViKyMElXzl(M*V zZZHPL2{eP#V$<0#@e=|)5IHwMVAHh)0z0hda*QuAfpY#MUsiN}#pXB6{CR=Fm^T;m z)^gri5YIX9E9arYJW?VjVIC;XK=7HjWJ5U_+ z?Q2#)y+(Ka;i~Zy6018le-rR|S>!Vlv47k?l#!L!t00Wm(5Jrn8ULZ}|d&m){o7 z{+lAmv*+f@IUhLx1OJnj=x64}77AtQS+zq4G%1w%2R^@LXHTr@!TD1?Z}`Yom^aFg z6yG1=I#qbv($l5pAaa|@_kNd}h?tz5yu8P^g;0HPSlkBb+vjXH`+aw}+MK6xyA1fO z3}FVmO&+aQLKT&je0cLU^te3_moQm@_ApN=%FGyty_HhOxAV)>m|2QT@P@R-dFbxS zDJdyM#>5DVOGxmc8~GZMRTK0}_WhEkod%e9s%%w>iH_c=j0Vq~{Cq_(NV;yNw6?S` zzcC%1d!Ns7ysxCBsiSe9fx>H9Shoj5}dz(Lz;Yz@ia4-#q?b~yFz19 zh(7X|%<0&%Nsp=BbFmFKid^FJfx*|Ub)3=UMpnDTm-STnw(!UP{oHBs=_Q4;uTW-x z4l+vWW2?U|B)Jo%BdvAsb+})em&XPWEA=OTnoJt|`xk!0FZcvA2d