From 68c4a4f696c84d5d12574ccd228f125cd3bd3ca6 Mon Sep 17 00:00:00 2001
From: Anusha Sunkada <sunkadaeanusha@gmail.com>
Date: Wed, 29 Mar 2023 14:27:50 +0530
Subject: [PATCH 01/12] release version changes (#58)
Co-authored-by: ase-101 <>
---
.github/workflows/push_trigger.yml | 1 +
.github/workflows/push_trigger_charts.yaml | 1 +
mock-esignet-integration-impl/pom.xml | 4 ++--
mock-identity-system/pom.xml | 4 ++--
pom.xml | 2 +-
5 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml
index 3e458666..4ecad795 100644
--- a/.github/workflows/push_trigger.yml
+++ b/.github/workflows/push_trigger.yml
@@ -7,6 +7,7 @@ on:
- release-*
- master
- develop
+ - 0.9.0
jobs:
build:
diff --git a/.github/workflows/push_trigger_charts.yaml b/.github/workflows/push_trigger_charts.yaml
index 8cf2ba3a..d8136d9a 100644
--- a/.github/workflows/push_trigger_charts.yaml
+++ b/.github/workflows/push_trigger_charts.yaml
@@ -5,6 +5,7 @@ on:
branches:
- 1.2.0.*
- develop
+ - 0.9.0
paths:
- 'charts/**'
diff --git a/mock-esignet-integration-impl/pom.xml b/mock-esignet-integration-impl/pom.xml
index bccea627..b0cd033c 100644
--- a/mock-esignet-integration-impl/pom.xml
+++ b/mock-esignet-integration-impl/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>io.mosip.esignet.mock</groupId>
<artifactId>esignet-mock-parent</artifactId>
- <version>0.0.1-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</parent>
<artifactId>mock-esignet-integration-impl</artifactId>
@@ -55,7 +55,7 @@
<dependency>
<groupId>io.mosip.kernel</groupId>
<artifactId>kernel-keymanager-service</artifactId>
- <version>1.2.1-SNAPSHOT</version>
+ <version>1.2.0.1-B2</version>
<scope>provided</scope>
<classifier>lib</classifier>
<exclusions>
diff --git a/mock-identity-system/pom.xml b/mock-identity-system/pom.xml
index 0f473d46..20a36070 100644
--- a/mock-identity-system/pom.xml
+++ b/mock-identity-system/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>io.mosip.esignet.mock</groupId>
<artifactId>esignet-mock-parent</artifactId>
- <version>0.0.1-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</parent>
<artifactId>mock-identity-system</artifactId>
@@ -120,7 +120,7 @@
<dependency>
<groupId>io.mosip.kernel</groupId>
<artifactId>kernel-keymanager-service</artifactId>
- <version>1.2.1-SNAPSHOT</version>
+ <version>1.2.0.1-B2</version>
<classifier>lib</classifier>
<exclusions>
<exclusion>
diff --git a/pom.xml b/pom.xml
index c83d6fb6..11c84954 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,7 +16,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>io.mosip.esignet.mock</groupId>
<artifactId>esignet-mock-parent</artifactId>
- <version>0.0.1-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<packaging>pom</packaging>
<name>esignet-mock</name>
<description>Parent project of MOSIP e-Signet Mock Services</description>
From 37b8fb8837745c14817840cee7fd5f786bddc7eb Mon Sep 17 00:00:00 2001
From: syed salman <72004356+syedsalman3753@users.noreply.github.com>
Date: Fri, 31 Mar 2023 23:17:27 +0530
Subject: [PATCH 02/12] [ MOSIP-26666 ] updated esignet-mock deployment scripts
(#59)
* [ MOSIP-26666 ] updated esignet-mock deployment scripts
* [ MOSIP-26666 ] updated esignet-mock deployment scripts
---------
Co-authored-by: syed-salman-technoforte <syed.salman@technoforte.co.in>
---
.gitignore | 3 +
db_scripts/init_db.sh | 38 ++++++++++++
db_scripts/init_values.yaml | 68 +++++++++++++++++++++
helm/install.sh | 16 +++--
helm/mock-identity-system/Chart.yaml | 2 +-
helm/mock-identity-system/values.yaml | 1 +
helm/mock-relying-party-service/Chart.lock | 6 --
helm/mock-relying-party-service/Chart.yaml | 2 +-
helm/mock-relying-party-service/values.yaml | 2 +-
helm/mock-relying-party-ui/Chart.lock | 6 --
helm/mock-relying-party-ui/Chart.yaml | 2 +-
11 files changed, 124 insertions(+), 22 deletions(-)
create mode 100755 db_scripts/init_db.sh
create mode 100644 db_scripts/init_values.yaml
delete mode 100644 helm/mock-relying-party-service/Chart.lock
delete mode 100644 helm/mock-relying-party-ui/Chart.lock
diff --git a/.gitignore b/.gitignore
index ec10b1b2..b607e6a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,6 @@ mock-esignet-integration-impl/.idea/*
mock-identity-system/target/*
mock-esignet-integration-impl/target/*
mock-identity-system/local.p12
+.idea
+helm/*/charts
+helm/*/Chart.lock
diff --git a/db_scripts/init_db.sh b/db_scripts/init_db.sh
new file mode 100755
index 00000000..e2d81a60
--- /dev/null
+++ b/db_scripts/init_db.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+# Script to initialize mockidentitysystem DB.
+## Usage: ./init_db.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+NS=esignet
+CHART_VERSION=12.0.1-B3
+
+helm repo add mosip https://mosip.github.io/mosip-helm
+helm repo update
+
+while true; do
+ read -p "CAUTION: Do we already have Postgres installed? Also make sure the mockidentitysystem DB is backed up as the same will be overriden. Do you still want to continue?" yn
+ if [ $yn = "Y" ]
+ then
+ kubectl create ns $NS
+ DB_USER_PASSWORD=$( kubectl -n postgres get secrets db-common-secrets -o jsonpath={.data.db-dbuser-password} | base64 -d )
+
+ echo Removing existing mosip_mockidentitysystem DB installation
+ helm -n $NS delete postgres-init-mockidentitysystem
+ kubectl -n $NS delete --ignore-not-found=true secret db-common-secrets
+
+ echo Copy Postgres secrets
+ ../helm/copy_cm_func.sh secret postgres-postgresql postgres $NS
+
+ echo Initializing DB
+ helm -n $NS install postgres-init-mockidentitysystem mosip/postgres-init -f init_values.yaml \
+ --version $CHART_VERSION \
+ --set dbUserPasswords.dbuserPassword="$DB_USER_PASSWORD" \
+ --wait --wait-for-jobs
+ break
+ else
+ break
+ fi
+done
\ No newline at end of file
diff --git a/db_scripts/init_values.yaml b/db_scripts/init_values.yaml
new file mode 100644
index 00000000..3b28a62c
--- /dev/null
+++ b/db_scripts/init_values.yaml
@@ -0,0 +1,68 @@
+#dbUserPasswords:
+# dbuserPassword: ""
+
+databases:
+ mosip_toolkit:
+ enabled: false
+
+ mosip_master:
+ enabled: false
+
+ mosip_audit:
+ enabled: false
+
+ mosip_keymgr:
+ enabled: false
+
+ mosip_kernel:
+ enabled: false
+
+ mosip_idmap:
+ enabled: false
+
+ mosip_prereg:
+ enabled: false
+
+ mosip_idrepo:
+ enabled: false
+
+ mosip_ida:
+ enabled: false
+
+ mosip_credential:
+ enabled: false
+
+ mosip_regprc:
+ enabled: false
+
+ mosip_regdevice:
+ enabled: false
+
+ mosip_authdevice:
+ enabled: false
+
+ mosip_pms:
+ enabled: false
+
+ mosip_hotlist:
+ enabled: false
+
+ mosip_resident:
+ enabled: false
+
+ mosip_digitalcard:
+ enabled: false
+
+ mosip_esignet:
+ enabled: false
+
+ mosip_mockidentitysystem:
+ enabled: true
+ host: "postgres-postgresql.postgres"
+ port: 5432
+ su:
+ user: postgres
+ secret:
+ name: postgres-postgresql
+ key: postgresql-password
+ dml: 1
diff --git a/helm/install.sh b/helm/install.sh
index f83717fc..63a89df3 100755
--- a/helm/install.sh
+++ b/helm/install.sh
@@ -8,13 +8,15 @@ fi
NS=softhsm
CHART_VERSION=12.0.1-B2
+SOFTHSM_CHART_VERSION=12.0.1-B2
+
echo Installing Softhsm for mock-identity-system
-helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $CHART_VERSION --wait
+helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait
echo Installed Softhsm for mock-identity-system
./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server
-kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM
+kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM_
kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status
@@ -54,7 +56,7 @@ if [ $? -gt 0 ]; then
fi
NS=esignet
-CHART_VERSION=0.0.1
+CHART_VERSION=0.9.0
echo Create $NS namespace
kubectl create ns $NS
@@ -90,8 +92,9 @@ ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host})
echo Installing Mock Relying Party Service
helm -n $NS install mock-relying-party-service ./mock-relying-party-service \
- --set mock_relying_party_service.ESIGNET_SERVICE_URL="https://$API_HOST"/v1/esignet"" \
- --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST"/v1/esignet/oauth/token""
+ --set mock_relying_party_service.ESIGNET_SERVICE_URL="http://esignet.$NS/v1/esignet" \
+ --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST/v1/esignet/oauth/token" \
+ --version $CHART_VERSION
echo Installing Mock Relying Party UI
helm -n $NS install mock-relying-party-ui ./mock-relying-party-ui \
@@ -100,7 +103,8 @@ helm -n $NS install mock-relying-party-ui ./mock-relying-party-ui \
--set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \
--set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \
--set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \
- --set istio.hosts\[0\]="$MOCK_UI_HOST"
+ --set istio.hosts\[0\]="$MOCK_UI_HOST" \
+ --version $CHART_VERSION
echo Installing mock-identity-system
helm -n $NS install mock-identity-system ./mock-identity-system --version $CHART_VERSION
diff --git a/helm/mock-identity-system/Chart.yaml b/helm/mock-identity-system/Chart.yaml
index 6c37268d..a170e20d 100644
--- a/helm/mock-identity-system/Chart.yaml
+++ b/helm/mock-identity-system/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: mock-identity-system
description: A Helm chart for MOSIP mock-identity-system module
type: application
-version: 0.0.1
+version: 0.9.0
appVersion: ""
dependencies:
- name: common
diff --git a/helm/mock-identity-system/values.yaml b/helm/mock-identity-system/values.yaml
index 9f716b1a..288b9990 100644
--- a/helm/mock-identity-system/values.yaml
+++ b/helm/mock-identity-system/values.yaml
@@ -248,6 +248,7 @@ extraEnvVarsCM:
- global
- config-server-share
- artifactory-share
+ - softhsm-mock-identity-system-share
## Secret with extra environment variables
##
diff --git a/helm/mock-relying-party-service/Chart.lock b/helm/mock-relying-party-service/Chart.lock
deleted file mode 100644
index ba7e7a4e..00000000
--- a/helm/mock-relying-party-service/Chart.lock
+++ /dev/null
@@ -1,6 +0,0 @@
-dependencies:
-- name: common
- repository: https://charts.bitnami.com/bitnami
- version: 1.17.1
-digest: sha256:dacc73770a5640c011e067ff8840ddf89631fc19016c8d0a9e5ea160e7da8690
-generated: "2022-11-16T14:22:53.378615881+05:30"
diff --git a/helm/mock-relying-party-service/Chart.yaml b/helm/mock-relying-party-service/Chart.yaml
index 449983a5..98d3a7fa 100644
--- a/helm/mock-relying-party-service/Chart.yaml
+++ b/helm/mock-relying-party-service/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: mock-relying-party-service
description: A Helm chart to file server application.
type: application
-version: 0.0.1
+version: 0.9.0
appVersion: ""
dependencies:
- name: common
diff --git a/helm/mock-relying-party-service/values.yaml b/helm/mock-relying-party-service/values.yaml
index 3bcaa27d..3b25a453 100644
--- a/helm/mock-relying-party-service/values.yaml
+++ b/helm/mock-relying-party-service/values.yaml
@@ -71,7 +71,7 @@ mock_relying_party_service:
mock_relying_party_serviceMountDIr: /home/mosip/oidc/
puburl:
privurl:
- ESIGNET_SERVICE_URL: https://api.sandbox.xyz.net/v1/esignet
+ ESIGNET_SERVICE_URL: http://esignet.namespace/v1/esignet
ESIGNET_AUD_URL: https://api.sandbox.xyz.net/v1/esignet/oauth/token
USERINFO_RESPONSE_TYPE: jwt
## Port on which this particular spring service module is running.
diff --git a/helm/mock-relying-party-ui/Chart.lock b/helm/mock-relying-party-ui/Chart.lock
deleted file mode 100644
index 550b6cd7..00000000
--- a/helm/mock-relying-party-ui/Chart.lock
+++ /dev/null
@@ -1,6 +0,0 @@
-dependencies:
-- name: common
- repository: https://charts.bitnami.com/bitnami
- version: 1.17.1
-digest: sha256:dacc73770a5640c011e067ff8840ddf89631fc19016c8d0a9e5ea160e7da8690
-generated: "2022-11-16T13:53:14.40504912+05:30"
diff --git a/helm/mock-relying-party-ui/Chart.yaml b/helm/mock-relying-party-ui/Chart.yaml
index 5e298311..28d3e5da 100644
--- a/helm/mock-relying-party-ui/Chart.yaml
+++ b/helm/mock-relying-party-ui/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: mock-relying-party-ui
description: A Helm chart for MOSIP OIDC UI module
type: application
-version: 12.0.2
+version: 0.9.0
appVersion: ""
dependencies:
- name: common
From 73317e4195e1d3527ed7bc127c8440a0c8e915f9 Mon Sep 17 00:00:00 2001
From: syed salman <72004356+syedsalman3753@users.noreply.github.com>
Date: Wed, 12 Apr 2023 12:52:13 +0530
Subject: [PATCH 03/12] [ MOSIP-26666 ] updated README.md & deployment scripts
(#61)
* [ MOSIP-26666 ] updated README.md
* [ MOSIP-26666 ] updated README.md
* [ MOSIP-26666 ] Updated esignet-mock README.md and deployment scripts
* [MOSIP-26666]
* [ MOSIP-26666 ] Updated README.md
* [ MOSIP-26666 ] updated mock-relying-party-service install.sh
* [MOSIP-26666]
* [ MOSIP-26666 ] set default value for ESIGNET_SERVICE_URL
* [ MOSIP-26666 ] updated chart url in release_chart.yml
---------
Co-authored-by: syed-salman-technoforte <syed.salman@technoforte.co.in>
Co-authored-by: Keshav Mishra <chandrakeshavmishra@gmail.com>
---
.github/workflows/release_chart.yml | 2 +-
README.md | 55 +++++++++
db_scripts/README.md | 28 +++++
helm/{delete.sh => delete-all.sh} | 2 +-
helm/install-all.sh | 41 +++++++
helm/install.sh | 114 ------------------
helm/mock-identity-system/copy_cm.sh | 8 +-
helm/mock-identity-system/delete.sh | 18 +++
helm/mock-identity-system/install.sh | 26 ++++
helm/mock-identity-system/restart.sh | 13 ++
.../copy_cm.sh | 3 +-
helm/mock-relying-party-service/delete.sh | 18 +++
helm/mock-relying-party-service/install.sh | 65 ++++++++++
helm/mock-relying-party-service/restart.sh | 13 ++
helm/mock-relying-party-ui/delete.sh | 18 +++
helm/mock-relying-party-ui/install.sh | 45 +++++++
helm/mock-relying-party-ui/restart.sh | 13 ++
helm/{restart.sh => restart-all.sh} | 0
18 files changed, 360 insertions(+), 122 deletions(-)
rename helm/{delete.sh => delete-all.sh} (91%)
create mode 100755 helm/install-all.sh
delete mode 100755 helm/install.sh
mode change 100644 => 100755 helm/mock-identity-system/copy_cm.sh
create mode 100755 helm/mock-identity-system/delete.sh
create mode 100755 helm/mock-identity-system/install.sh
create mode 100755 helm/mock-identity-system/restart.sh
rename helm/{ => mock-relying-party-service}/copy_cm.sh (92%)
create mode 100755 helm/mock-relying-party-service/delete.sh
create mode 100755 helm/mock-relying-party-service/install.sh
create mode 100755 helm/mock-relying-party-service/restart.sh
create mode 100755 helm/mock-relying-party-ui/delete.sh
create mode 100755 helm/mock-relying-party-ui/install.sh
create mode 100755 helm/mock-relying-party-ui/restart.sh
rename helm/{restart.sh => restart-all.sh} (100%)
diff --git a/.github/workflows/release_chart.yml b/.github/workflows/release_chart.yml
index 4c9e2158..98c63f92 100644
--- a/.github/workflows/release_chart.yml
+++ b/.github/workflows/release_chart.yml
@@ -19,6 +19,6 @@ jobs:
with:
token: ${{ secrets.ACTION_PAT }}
charts_dir: ./helm
- charts_url: https://github.com/mosip
+ charts_url: https://mosip.github.io/mosip-helm
repository: mosip-helm
branch: gh-pages
diff --git a/README.md b/README.md
index 0f4f6bfb..c8ddaa9b 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,57 @@
# esignet-mock-services
Repository contains mock implementation of auth for e-signet
+
+## Installing in k8s cluster using helm
+### Pre-requisites
+1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC.
+1. Make sure [DB setup](db_scripts/README.md#install-in-existing-mosip-k8-cluster) is done.
+1. Add / merge below mentioned properties files into existing config branch:
+ * [mock-identity-system-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/mock-identity-system-default.properties)
+ * [application-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/application-default.properties)
+1. Add below properties in [esignet-default.properties](https://github.com/mosip/mosip-config/blob/v1.2.0.1-B3/esignet-default.properties) incase using MockAuth for esignet.
+ ```
+ mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration
+ mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl
+ mosip.esignet.integration.authenticator=MockAuthenticationService
+ mosip.esignet.integration.key-binder=MockKeyBindingWrapperService
+ mosip.esignet.integration.audit-plugin=LoggerAuditService
+ mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService
+ ```
+1. Below are the dependent services required for compliance toolkit service:
+ | Chart | Chart version |
+ |---|---|
+ |[Keycloak](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 7.1.18 |
+ |[Keycloak-init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/iam) | 12.0.1-B3 |
+ |[Postgres](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 10.16.2 |
+ |[Postgres Init](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/external/postgres) | 12.0.1-B3 |
+ |[Config-server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/config-server) | 12.0.1-B3 |
+ |[Artifactory server](https://github.com/mosip/mosip-infra/tree/v1.2.0.1-B3/deployment/v3/mosip/artifactory) | 12.0.1-B3 |
+ |[esignet-softhsm](https://github.com/mosip/esignet/blob/v1.0.0/helm/install-all.sh) | 12.0.1-B2 |
+ |[redis](https://github.com/mosip/esignet/blob/v1.0.0/helm/redis)| 17.3.14 |
+ |[esignet](https://github.com/mosip/esignet/tree/v1.0.0/helm/esignet) | 1.0.0 |
+ |[oidc-ui](https://github.com/mosip/esignet/blob/v1.0.0/helm/oidc-ui) | 1.0.0 |
+
+### Install
+* Install `kubectl` and `helm` utilities.
+* Run `install-all.sh` to deploy esignet services.
+ ```
+ cd helm
+ ./install-all.sh
+ ```
+
+### Delete
+* Run `delete-all.sh` to remove esignet services.
+ ```
+ cd helm
+ ./delete-all.sh
+ ```
+
+### Restart
+* Run `restart-all.sh` to restart esignet services.
+ ```
+ cd helm
+ ./restart.sh
+ ```
+
+## Onboard esignet mock and relying party services
+* Run onboarder's [install.sh](https://github.com/mosip/mosip-infra/blob/v1.2.0.1-B3/deployment/v3/mosip/partner-onboarder) script to exchange jwk certificates.
diff --git a/db_scripts/README.md b/db_scripts/README.md
index 567dfea5..02966181 100644
--- a/db_scripts/README.md
+++ b/db_scripts/README.md
@@ -1,2 +1,30 @@
# esignet-mock-services
Mock implementation of auth for e-signet
+
+## Overview
+This folder containers various SQL scripts to create database and tables in postgres.
+The tables are described under `<db name>/ddl/`.
+Default data that's populated in the tables is present under `<db name>/dml` folder.
+
+## Prerequisites
+* Make sure that the esignet database has been initialized and its associated service is currently running.
+* Command line utilities:
+ - kubectl
+ - helm
+* Helm repos:
+ ```sh
+ helm repo add bitnami https://charts.bitnami.com/bitnami
+ helm repo add mosip https://mosip.github.io/mosip-helm
+ ```
+
+## Install in existing MOSIP K8 Cluster
+These scripts are automatically run with below mentioned script in existing k8 cluster with Postgres installed.
+### Install
+* Set your kube_config file or kube_config variable on PC.
+* Update `init_values.yaml` with db-common-password from the postgres namespace in the required field `dbUserPasswords.dbuserPassword` and ensure `databases.mosip_mockidentitysystem` is enabled.
+ ```
+ ./init_db.sh`
+ ```
+
+## Install for developers
+Developers may run the SQLs using `<db name>/deploy.sh` script.
diff --git a/helm/delete.sh b/helm/delete-all.sh
similarity index 91%
rename from helm/delete.sh
rename to helm/delete-all.sh
index f7706ec3..258d21d8 100755
--- a/helm/delete.sh
+++ b/helm/delete-all.sh
@@ -13,7 +13,7 @@ while true; do
then
helm -n $NS delete mock-relying-party-service
helm -n $NS delete mock-relying-party-ui
- helm -n $NS delete mock-identity-system
+ helm -n $NS delete mock-identity-system
break
else
break
diff --git a/helm/install-all.sh b/helm/install-all.sh
new file mode 100755
index 00000000..be719f00
--- /dev/null
+++ b/helm/install-all.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# Installs all esignet mock service helm charts
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+ROOT_DIR=`pwd`
+NS=softhsm
+SOFTHSM_CHART_VERSION=12.0.1-B2
+
+echo Istio label
+kubectl label ns $SOFTHSM_NS istio-injection=enabled --overwrite
+helm repo add mosip https://mosip.github.io/mosip-helm
+helm repo update
+
+echo Installing Softhsm for mock-identity-system
+helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait
+echo Installed Softhsm for mock-identity-system
+
+./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server
+
+kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM_
+
+#kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status
+
+declare -a module=("mock-identity-system"
+ "mock-relying-party-service"
+ "mock-relying-party-ui"
+ )
+
+echo Installing esignet mock services
+
+for i in "${module[@]}"
+do
+ cd $ROOT_DIR/"$i"
+ ./install.sh
+done
+
+echo All esignet mock services deployed sucessfully.
diff --git a/helm/install.sh b/helm/install.sh
deleted file mode 100755
index 63a89df3..00000000
--- a/helm/install.sh
+++ /dev/null
@@ -1,114 +0,0 @@
-#!/bin/sh
-# Installs all esignet mock service helm charts
-## Usage: ./install.sh [kubeconfig]
-
-if [ $# -ge 1 ] ; then
- export KUBECONFIG=$1
-fi
-
-NS=softhsm
-CHART_VERSION=12.0.1-B2
-SOFTHSM_CHART_VERSION=12.0.1-B2
-
-echo Installing Softhsm for mock-identity-system
-helm -n $NS install softhsm-mock-identity-system mosip/softhsm -f softhsm-values.yaml --version $SOFTHSM_CHART_VERSION --wait
-echo Installed Softhsm for mock-identity-system
-
-./copy_cm_func.sh secret softhsm-mock-identity-system softhsm config-server
-
-kubectl -n config-server set env --keys=security-pin --from secret/softhsm-mock-identity-system deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_MOCK_IDENTITY_SYSTEM_
-
-kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status
-
-read -p "Please provide client private key file : " CLIENT_PRIVATE_KEY
-
-if [ -z "$CLIENT_PRIVATE_KEY" ]; then
- echo "Client Private key file not provided; EXITING;";
- exit 0;
-fi
-if [ ! -f "$CLIENT_PRIVATE_KEY" ]; then
- echo "Client Private key not found; EXITING;";
- exit 0;
-fi
-
-read -p "Please provide jwe userinfo private key file : " JWE_USERINFO_PRIVATE_KEY
-
-if [ -z "$JWE_USERINFO_PRIVATE_KEY" ]; then
- echo "Client jwe userinfo Private key file not provided; EXITING;";
- exit 0;
-fi
-if [ ! -f "$JWE_USERINFO_PRIVATE_KEY" ]; then
- echo "Client jwe userinfo Private key not found; EXITING;";
- exit 0;
-fi
-
-read -p "Please provide mock relying party ui domain (eg: healthservices.sandbox.xyz.net ) : " MOCK_UI_HOST
-
-if [ -z "$MOCK_UI_HOST" ]; then
- echo "Mock relying party UI Host not provided; EXITING;"
- exit 0;
-fi
-
-CHK_MOCK_UI_HOST=$( nslookup "$MOCK_UI_HOST" )
-if [ $? -gt 0 ]; then
- echo "Mock relying party UI Host does not exists; EXITING;"
- exit 0;
-fi
-
-NS=esignet
-CHART_VERSION=0.9.0
-
-echo Create $NS namespace
-kubectl create ns $NS
-
-echo Istio label
-kubectl label ns $NS istio-injection=enabled --overwrite
-
-echo "Build esignet mock service charts"
-cd mock-relying-party-service
-helm dependency update
-cd ../mock-relying-party-ui
-helm dependency update
-cd ../mock-identity-system
-helm dependency update
-
-cd ../
-
-echo "Copy configmaps"
-./copy_cm.sh
-
-echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists"
-cat "$CLIENT_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/client-private-key
-cat "$JWE_USERINFO_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/jwe-userinfo-private-key
-
-
-kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-service-secrets
-kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets
-kubectl -n $NS create secret generic mock-relying-party-service-secrets --from-file="/tmp/client-private-key"
-kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-file="/tmp/jwe-userinfo-private-key"
-
-API_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-api-host})
-ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host})
-
-echo Installing Mock Relying Party Service
-helm -n $NS install mock-relying-party-service ./mock-relying-party-service \
- --set mock_relying_party_service.ESIGNET_SERVICE_URL="http://esignet.$NS/v1/esignet" \
- --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST/v1/esignet/oauth/token" \
- --version $CHART_VERSION
-
-echo Installing Mock Relying Party UI
-helm -n $NS install mock-relying-party-ui ./mock-relying-party-ui \
- --set mock_relying_party_ui.mock_relying_party_ui_service_host="$MOCK_UI_HOST" \
- --set mock_relying_party_ui.ESIGNET_UI_BASE_URL="https://$ESIGNET_HOST" \
- --set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \
- --set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \
- --set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \
- --set istio.hosts\[0\]="$MOCK_UI_HOST" \
- --version $CHART_VERSION
-
-echo Installing mock-identity-system
-helm -n $NS install mock-identity-system ./mock-identity-system --version $CHART_VERSION
-
-kubectl -n $NS get deploy mock-relying-party-ui mock-relying-party-service mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status
-
-echo "Installed Mock Relying Party Service, Mock Relying Party UI & Mock Identity System"
diff --git a/helm/mock-identity-system/copy_cm.sh b/helm/mock-identity-system/copy_cm.sh
old mode 100644
new mode 100755
index c9a16fa9..cb7e1651
--- a/helm/mock-identity-system/copy_cm.sh
+++ b/helm/mock-identity-system/copy_cm.sh
@@ -1,11 +1,11 @@
#!/bin/sh
# Copy configmaps from other namespaces
-# DST_NS: Destination namespace
+# DST_NS: Destination namespace
COPY_UTIL=../copy_cm_func.sh
-DST_NS=mock-identity-system
+DST_NS=esignet
-$COPY_UTIL configmap global default $DST_NS
-$COPY_UTIL configmap artifactory-share artifactory $DST_NS
+$COPY_UTIL configmap global default $DST_NS
+$COPY_UTIL configmap artifactory-share artifactory $DST_NS
$COPY_UTIL configmap config-server-share config-server $DST_NS
$COPY_UTIL configmap softhsm-mock-identity-system-share softhsm $DST_NS
diff --git a/helm/mock-identity-system/delete.sh b/helm/mock-identity-system/delete.sh
new file mode 100755
index 00000000..0c25a7e7
--- /dev/null
+++ b/helm/mock-identity-system/delete.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Uninstalls all esignet helm charts
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+NS=esignet
+while true; do
+ read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn
+ if [ $yn = "Y" ]
+ then
+ helm -n $NS delete mock-identity-system
+ break
+ else
+ break
+ fi
+done
diff --git a/helm/mock-identity-system/install.sh b/helm/mock-identity-system/install.sh
new file mode 100755
index 00000000..b86778d7
--- /dev/null
+++ b/helm/mock-identity-system/install.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+# Installs all esignet helm charts
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+NS=esignet
+CHART_VERSION=0.9.0
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+echo "Copy configmaps"
+./copy_cm.sh
+
+echo Istio label
+kubectl label ns $NS istio-injection=enabled --overwrite
+
+echo Installing mock-identity-system
+helm -n $NS install mock-identity-system mosip/mock-identity-system --version $CHART_VERSION
+
+kubectl -n $NS get deploy mock-identity-system -o name | xargs -n1 -t kubectl -n $NS rollout status
+
+echo Installed mock-identity-system service
diff --git a/helm/mock-identity-system/restart.sh b/helm/mock-identity-system/restart.sh
new file mode 100755
index 00000000..5afc516e
--- /dev/null
+++ b/helm/mock-identity-system/restart.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Restart the esignet services
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+NS=esignet
+kubectl -n $NS rollout restart deploy mock-identity-system
+
+kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status
+
+echo Retarted mock-identity-system services
diff --git a/helm/copy_cm.sh b/helm/mock-relying-party-service/copy_cm.sh
similarity index 92%
rename from helm/copy_cm.sh
rename to helm/mock-relying-party-service/copy_cm.sh
index af4c31fc..cea78d46 100755
--- a/helm/copy_cm.sh
+++ b/helm/mock-relying-party-service/copy_cm.sh
@@ -2,10 +2,9 @@
# Copy configmaps from other namespaces
# DST_NS: Destination namespace
-COPY_UTIL=./copy_cm_func.sh
+COPY_UTIL=../copy_cm_func.sh
DST_NS=esignet
-
$COPY_UTIL configmap global default $DST_NS
$COPY_UTIL configmap config-server-share config-server $DST_NS
$COPY_UTIL configmap artifactory-share artifactory $DST_NS
diff --git a/helm/mock-relying-party-service/delete.sh b/helm/mock-relying-party-service/delete.sh
new file mode 100755
index 00000000..744ad424
--- /dev/null
+++ b/helm/mock-relying-party-service/delete.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Uninstalls all esignet helm charts
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+NS=esignet
+while true; do
+ read -p "Are you sure you want to delete all mock-identity-system helm charts?(Y/n) " yn
+ if [ $yn = "Y" ]
+ then
+ helm -n $NS delete mock-relying-party-service
+ break
+ else
+ break
+ fi
+done
diff --git a/helm/mock-relying-party-service/install.sh b/helm/mock-relying-party-service/install.sh
new file mode 100755
index 00000000..f90dbd4c
--- /dev/null
+++ b/helm/mock-relying-party-service/install.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+# Installs all esignet helm charts
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+NS=esignet
+CHART_VERSION=0.9.0
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+echo Istio label
+kubectl label ns $NS istio-injection=enabled --overwrite
+
+echo "Copy configmaps"
+./copy_cm.sh
+
+read -p "Please provide client private key file : " CLIENT_PRIVATE_KEY
+
+if [ -z "$CLIENT_PRIVATE_KEY" ]; then
+ echo "Client Private key file not provided; EXITING;";
+ exit 0;
+fi
+if [ ! -f "$CLIENT_PRIVATE_KEY" ]; then
+ echo "Client Private key not found; EXITING;";
+ exit 0;
+fi
+
+read -p "Please provide jwe userinfo private key file : " JWE_USERINFO_PRIVATE_KEY
+
+if [ -z "$JWE_USERINFO_PRIVATE_KEY" ]; then
+ echo "Client jwe userinfo Private key file not provided; EXITING;";
+ exit 0;
+fi
+if [ ! -f "$JWE_USERINFO_PRIVATE_KEY" ]; then
+ echo "Client jwe userinfo Private key not found; EXITING;";
+ exit 0;
+fi
+
+echo "Create secret for mock-relying-party-service-secrets and jwe-userinfo-private-key delete if exists"
+cat "$CLIENT_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/client-private-key
+cat "$JWE_USERINFO_PRIVATE_KEY" | sed "s/'//g" | sed -z 's/\n/\\n/g' > /tmp/jwe-userinfo-private-key
+
+kubectl -n $NS delete --ignore-not-found=true secrets mock-relying-party-service-secrets
+kubectl -n $NS delete --ignore-not-found=true secrets jwe-userinfo-service-secrets
+kubectl -n $NS create secret generic mock-relying-party-service-secrets --from-file="/tmp/client-private-key"
+kubectl -n $NS create secret generic jwe-userinfo-service-secrets --from-file="/tmp/jwe-userinfo-private-key"
+
+API_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-api-host})
+DEFAULT_ESIGNET_SERVICE_URL='http://esignet.esignet/v1/esignet'
+read -p "Please provide Esignet service url : ( default: http://esignet.esignet/v1/esignet )" USER_PROVIDED_ESIGNET_SERVICE_URL
+ESIGNET_SERVICE_URL=${USER_PROVIDED_ESIGNET_SERVICE_URL:-$DEFAULT_ESIGNET_SERVICE_URL}
+
+echo Installing Mock Relying Party Service
+helm -n $NS install mock-relying-party-service mosip/mock-relying-party-service \
+ --set mock_relying_party_service.ESIGNET_SERVICE_URL="$ESIGNET_SERVICE_URL" \
+ --set mock_relying_party_service.ESIGNET_AUD_URL="https://$API_HOST/v1/esignet/oauth/token" \
+ --version $CHART_VERSION
+
+kubectl -n $NS get deploy mock-relying-party-service -o name | xargs -n1 -t kubectl -n $NS rollout status
+
+echo Installed mock-relying-party-service service
diff --git a/helm/mock-relying-party-service/restart.sh b/helm/mock-relying-party-service/restart.sh
new file mode 100755
index 00000000..60898df3
--- /dev/null
+++ b/helm/mock-relying-party-service/restart.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Restart the esignet services
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+NS=esignet
+kubectl -n $NS rollout restart deploy mock-relying-party-service
+
+kubectl -n $NS get mock-relying-party-service deploy -o name | xargs -n1 -t kubectl -n $NS rollout status
+
+echo Retarted mock-identity-system services
diff --git a/helm/mock-relying-party-ui/delete.sh b/helm/mock-relying-party-ui/delete.sh
new file mode 100755
index 00000000..7f7b9415
--- /dev/null
+++ b/helm/mock-relying-party-ui/delete.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Uninstalls all esignet helm charts
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+NS=esignet
+while true; do
+ read -p "Are you sure you want to delete all mock-relying-party-ui helm charts?(Y/n) " yn
+ if [ $yn = "Y" ]
+ then
+ helm -n $NS delete mock-relying-party-ui
+ break
+ else
+ break
+ fi
+done
diff --git a/helm/mock-relying-party-ui/install.sh b/helm/mock-relying-party-ui/install.sh
new file mode 100755
index 00000000..7ea8a39b
--- /dev/null
+++ b/helm/mock-relying-party-ui/install.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+# Installs all esignet helm charts
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+NS=esignet
+CHART_VERSION=0.9.0
+
+read -p "Please provide mock relying party ui domain (eg: healthservices.sandbox.xyz.net ) : " MOCK_UI_HOST
+
+if [ -z "$MOCK_UI_HOST" ]; then
+ echo "Mock relying party UI Host not provided; EXITING;"
+ exit 0;
+fi
+
+CHK_MOCK_UI_HOST=$( nslookup "$MOCK_UI_HOST" )
+if [ $? -gt 0 ]; then
+ echo "Mock relying party UI Host does not exists; EXITING;"
+ exit 0;
+fi
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+echo Istio label
+kubectl label ns $NS istio-injection=enabled --overwrite
+
+ESIGNET_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-esignet-host})
+
+echo Installing Mock Relying Party UI
+helm -n $NS install mock-relying-party-ui mosip/mock-relying-party-ui \
+ --set mock_relying_party_ui.mock_relying_party_ui_service_host="$MOCK_UI_HOST" \
+ --set mock_relying_party_ui.ESIGNET_UI_BASE_URL="https://$ESIGNET_HOST" \
+ --set mock_relying_party_ui.MOCK_RELYING_PARTY_SERVER_URL="https://$MOCK_UI_HOST/mock-relying-party-service" \
+ --set mock_relying_party_ui.REDIRECT_URI="https://$MOCK_UI_HOST/userprofile" \
+ --set mock_relying_party_ui.REDIRECT_URI_REGISTRATION="https://$MOCK_UI_HOST/registration" \
+ --set istio.hosts\[0\]="$MOCK_UI_HOST" \
+ --version $CHART_VERSION
+
+kubectl -n $NS get deploy mock-relying-party-ui -o name | xargs -n1 -t kubectl -n $NS rollout status
+
+echo Installed mock-relying-party-service service
diff --git a/helm/mock-relying-party-ui/restart.sh b/helm/mock-relying-party-ui/restart.sh
new file mode 100755
index 00000000..637fa666
--- /dev/null
+++ b/helm/mock-relying-party-ui/restart.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Restart the esignet services
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+NS=esignet
+kubectl -n $NS rollout restart deploy mock-relying-party-ui
+
+kubectl -n $NS get mock-relying-party-ui deploy -o name | xargs -n1 -t kubectl -n $NS rollout status
+
+echo Retarted mock-relying-party-ui services
diff --git a/helm/restart.sh b/helm/restart-all.sh
similarity index 100%
rename from helm/restart.sh
rename to helm/restart-all.sh
From ecd8aa261210de6b535127a290a11a1d252b01be Mon Sep 17 00:00:00 2001
From: syed salman <72004356+syedsalman3753@users.noreply.github.com>
Date: Wed, 12 Apr 2023 23:58:15 +0530
Subject: [PATCH 04/12] [ MOSIP-26666 ] added onboarder for demo-oidc (#64)
Co-authored-by: syed-salman-technoforte <syed.salman@technoforte.co.in>
---
README.md | 2 +-
helm/mock-relying-party-ui/values.yaml | 2 +-
partner-onboarder/README.md | 33 +++++++++++++
partner-onboarder/copy_cm.sh | 10 ++++
partner-onboarder/copy_cm_func.sh | 33 +++++++++++++
partner-onboarder/copy_secrets.sh | 10 ++++
partner-onboarder/delete.sh | 28 +++++++++++
partner-onboarder/install.sh | 66 ++++++++++++++++++++++++++
partner-onboarder/values.yaml | 22 +++++++++
9 files changed, 204 insertions(+), 2 deletions(-)
create mode 100644 partner-onboarder/README.md
create mode 100755 partner-onboarder/copy_cm.sh
create mode 100755 partner-onboarder/copy_cm_func.sh
create mode 100755 partner-onboarder/copy_secrets.sh
create mode 100755 partner-onboarder/delete.sh
create mode 100755 partner-onboarder/install.sh
create mode 100644 partner-onboarder/values.yaml
diff --git a/README.md b/README.md
index c8ddaa9b..f00b84a2 100644
--- a/README.md
+++ b/README.md
@@ -54,4 +54,4 @@ Repository contains mock implementation of auth for e-signet
```
## Onboard esignet mock and relying party services
-* Run onboarder's [install.sh](https://github.com/mosip/mosip-infra/blob/v1.2.0.1-B3/deployment/v3/mosip/partner-onboarder) script to exchange jwk certificates.
+* Run onboarder's [install.sh](partner-onboarder) script to exchange jwk certificates.
diff --git a/helm/mock-relying-party-ui/values.yaml b/helm/mock-relying-party-ui/values.yaml
index 228f61e9..5398fe52 100644
--- a/helm/mock-relying-party-ui/values.yaml
+++ b/helm/mock-relying-party-ui/values.yaml
@@ -422,7 +422,7 @@ mock_relying_party_ui:
MOCK_RELYING_PARTY_SERVER_URL: https://healthservices.sandbox.xyz.net/mock-relying-party-service
REDIRECT_URI: https://healthservices.sandbox.xyz.net/userprofile
CLIENT_ID: 88Vjt34c5Twz1oJ
- ACRS: mosip:idp:acr:generated-code%20mosip:idp:acr:biometrics%20mosip:idp:acr:static-code
+ ACRS: mosip:idp:acr:generated-code%20mosip:idp:acr:biometrics%20mosip:idp:acr:linked-wallet
MOCK_RELYING_PARTY_SERVICE_INTERNAL_URL: http://mock-relying-party-service.esignet
REDIRECT_URI_REGISTRATION: https://healthservices.sandbox.xyz.net/registration
## oidc UI swagger should have only internal access. Hence linked to internal gateway
diff --git a/partner-onboarder/README.md b/partner-onboarder/README.md
new file mode 100644
index 00000000..bead756e
--- /dev/null
+++ b/partner-onboarder/README.md
@@ -0,0 +1,33 @@
+# Partner Onboarder
+
+## Overview
+Loads certs for default partners for sandbox. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding).
+
+## Install
+* Set `values.yaml` to run onboarder for specific modules.
+* run `./install.sh`.
+```
+./install.sh
+```
+# Troubleshootings
+
+* After completion of the job, a very detailed `html report` is prepared and stored at https://onboarder.{sandbox_base_url}.mosip.net
+
+* The user can go and view the same for more information or response messages.
+
+### Commonly found issues
+
+ 1. KER-ATH-401: Authentication Failed
+
+ Resolution: You need to provide correct secretkey for mosip-deployment-client.
+
+ 2. Certificate dates are not valid
+
+ Resolution: Check with admin regarding adding grace period in configuration.
+
+ 3. Upload of certificate will not be allowed to update other domain certificate
+
+ Resolution: This is expected when you try to upload `ida-cred` certificate twice. It should only run once and if you see this error while uploading a second time it can be ignored as the cert is already present.
+
+
+
diff --git a/partner-onboarder/copy_cm.sh b/partner-onboarder/copy_cm.sh
new file mode 100755
index 00000000..9d69e071
--- /dev/null
+++ b/partner-onboarder/copy_cm.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Copy configmaps from other namespaces
+# DST_NS: Destination namespace
+
+COPY_UTIL=./copy_cm_func.sh
+DST_NS=esignet
+
+$COPY_UTIL configmap global default $DST_NS
+$COPY_UTIL configmap keycloak-env-vars keycloak $DST_NS
+$COPY_UTIL configmap keycloak-host keycloak $DST_NS
diff --git a/partner-onboarder/copy_cm_func.sh b/partner-onboarder/copy_cm_func.sh
new file mode 100755
index 00000000..7b225948
--- /dev/null
+++ b/partner-onboarder/copy_cm_func.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Copy configmap and secret from one namespace to another.
+# ./copy_cm_func.sh <resource> <configmap_name> <source_namespace> <destination_namespace> [name]
+# Parameters:
+# resource: configmap|secret
+# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is
+# clash of names
+
+if [ $1 = "configmap" ]
+then
+ RESOURCE=configmap
+elif [ $1 = "secret" ]
+then
+ RESOURCE=secret
+else
+ echo "Incorrect resource $1. Exiting.."
+ exit 1
+fi
+
+
+if [ $# -ge 5 ]
+then
+ kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5
+ kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f -
+else
+ kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2
+ kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f -
+fi
+
+
+
+
+
diff --git a/partner-onboarder/copy_secrets.sh b/partner-onboarder/copy_secrets.sh
new file mode 100755
index 00000000..0438ce7e
--- /dev/null
+++ b/partner-onboarder/copy_secrets.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Copy secrets from other namespaces
+# DST_NS: Destination namespace
+
+COPY_UTIL=./copy_cm_func.sh
+DST_NS=esignet
+
+$COPY_UTIL secret s3 s3 $DST_NS
+$COPY_UTIL secret keycloak keycloak $DST_NS
+$COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS
diff --git a/partner-onboarder/delete.sh b/partner-onboarder/delete.sh
new file mode 100755
index 00000000..1240de56
--- /dev/null
+++ b/partner-onboarder/delete.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# Uninstalls partner-onboarder helm
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+function deleting_onboarder() {
+ NS=esignet
+ while true; do
+ read -p "Are you sure you want to delete all partner-onboarder ?(Y/n) " yn
+ if [ $yn = "Y" ]; then
+ echo Deleting esignet-demo-oidc-partner-onboarder helm
+ helm -n $NS delete esignet-demo-oidc-partner-onboarder
+ break
+ fi
+ done
+ return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace # trace ERR through 'time command' and other functions
+set -o pipefail # trace ERR through pipes
+deleting_onboarder # calling function
diff --git a/partner-onboarder/install.sh b/partner-onboarder/install.sh
new file mode 100755
index 00000000..49317c55
--- /dev/null
+++ b/partner-onboarder/install.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+# Onboards default partners
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+echo "Do you have public domain & valid SSL? (Y/n) "
+echo "Y: if you have public domain & valid ssl certificate"
+echo "n: if you don't have public domain & valid ssl certificate"
+read -p "" flag
+
+if [ -z "$flag" ]; then
+ echo "'flag' was provided; EXITING;"
+ exit 1;
+fi
+ENABLE_INSECURE=''
+if [ "$flag" = "n" ]; then
+ ENABLE_INSECURE='--set onboarding.enableInsecure=true';
+fi
+
+NS=esignet
+CHART_VERSION=12.0.1-B3
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+function installing_onboarder() {
+
+ read -p "Is values.yaml for onboarder chart set correctly as part of Pre-requisites?(Y/n) " yn;
+ if [ $yn = "Y" ]; then
+ echo Istio label
+ kubectl label ns $NS istio-injection=disabled --overwrite
+ helm repo update
+
+ echo Copy configmaps
+ kubectl -n $NS --ignore-not-found=true delete cm s3
+ sed -i 's/\r$//' copy_cm.sh
+ ./copy_cm.sh
+
+ echo Copy secrets
+ sed -i 's/\r$//' copy_secrets.sh
+ ./copy_secrets.sh
+
+ echo Onboarding default partners
+ helm -n $NS install esignet-demo-oidc-partner-onboarder mosip/partner-onboarder \
+ --set onboarding.configmaps.s3.s3-host='http://minio.minio:9000' \
+ --set onboarding.configmaps.s3.s3-user-key='admin' \
+ --set onboarding.configmaps.s3.s3-region='' \
+ $ENABLE_INSECURE \
+ -f values.yaml \
+ --version $CHART_VERSION
+
+ echo Reports are moved to S3 under onboarder bucket
+ return 0
+ fi
+}
+
+# set commands for error handling.
+set -e
+set -o errexit ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace # trace ERR through 'time command' and other functions
+set -o pipefail # trace ERR through pipes
+installing_onboarder # calling function
diff --git a/partner-onboarder/values.yaml b/partner-onboarder/values.yaml
new file mode 100644
index 00000000..8bc87148
--- /dev/null
+++ b/partner-onboarder/values.yaml
@@ -0,0 +1,22 @@
+onboarding:
+ modules:
+ - name: ida
+ enabled: false
+ - name: print
+ enabled: false
+ - name: abis
+ enabled: false
+ - name: resident
+ enabled: false
+ - name: mobileid
+ enabled: false
+ - name: digitalcard
+ enabled: false
+ - name: esignet
+ enabled: false
+ - name: resident-oidc
+ enabled: false
+ - name: demo-oidc
+ enabled: true
+ - name: mimoto-keybinding
+ enabled: false
\ No newline at end of file
From a91756d426df337ca9e56f74f8ee5418e7207970 Mon Sep 17 00:00:00 2001
From: syed salman <72004356+syedsalman3753@users.noreply.github.com>
Date: Thu, 13 Apr 2023 01:21:25 +0530
Subject: [PATCH 05/12] [ DSD-2545 ] updated docker images (#66)
Co-authored-by: syed-salman-technoforte <syed.salman@technoforte.co.in>
---
helm/mock-identity-system/values.yaml | 4 ++--
helm/mock-relying-party-service/values.yaml | 4 ++--
helm/mock-relying-party-ui/values.yaml | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/helm/mock-identity-system/values.yaml b/helm/mock-identity-system/values.yaml
index 288b9990..90fd331d 100644
--- a/helm/mock-identity-system/values.yaml
+++ b/helm/mock-identity-system/values.yaml
@@ -52,8 +52,8 @@ service:
image:
registry: docker.io
- repository: mosipdev/mock-identity-system
- tag: develop
+ repository: mosipqa/mock-identity-system
+ tag: 0.9.0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/helm/mock-relying-party-service/values.yaml b/helm/mock-relying-party-service/values.yaml
index 3b25a453..3728c06b 100644
--- a/helm/mock-relying-party-service/values.yaml
+++ b/helm/mock-relying-party-service/values.yaml
@@ -51,8 +51,8 @@ service:
image:
registry: docker.io
- repository: mosipdev/mock-relying-party-service
- tag: develop
+ repository: mosipqa/mock-relying-party-service
+ tag: 0.9.0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/helm/mock-relying-party-ui/values.yaml b/helm/mock-relying-party-ui/values.yaml
index 5398fe52..ccdfab0c 100644
--- a/helm/mock-relying-party-ui/values.yaml
+++ b/helm/mock-relying-party-ui/values.yaml
@@ -51,8 +51,8 @@ service:
image:
registry: docker.io
- repository: mosipdev/mock-relying-party-ui
- tag: develop
+ repository: mosipqa/mock-relying-party-ui
+ tag: 0.9.0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
From a0a92b1af1ed8640fec5b0f722ce9da9e184d90b Mon Sep 17 00:00:00 2001
From: Keshav Mishra <chandrakeshavmishra@gmail.com>
Date: Thu, 13 Apr 2023 11:25:31 +0530
Subject: [PATCH 06/12] [MOSIP-26864]
---
partner-onboarder/README.md | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/partner-onboarder/README.md b/partner-onboarder/README.md
index bead756e..3a5ac842 100644
--- a/partner-onboarder/README.md
+++ b/partner-onboarder/README.md
@@ -1,7 +1,7 @@
# Partner Onboarder
## Overview
-Loads certs for default partners for sandbox. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding).
+Uploads certificate for default partners. Refer [mosip-onboarding repo](https://github.com/mosip/mosip-onboarding).
## Install
* Set `values.yaml` to run onboarder for specific modules.
@@ -11,23 +11,21 @@ Loads certs for default partners for sandbox. Refer [mosip-onboarding repo](http
```
# Troubleshootings
-* After completion of the job, a very detailed `html report` is prepared and stored at https://onboarder.{sandbox_base_url}.mosip.net
+* After completion of the job, a very detailed `html report` is prepared and stored in Minio inside onboarding bucket.
-* The user can go and view the same for more information or response messages.
-
-### Commonly found issues
+### Troubleshooting
1. KER-ATH-401: Authentication Failed
- Resolution: You need to provide correct secretkey for mosip-deployment-client.
+ Resolution: Update secretkey for mosip-deployment-client.
2. Certificate dates are not valid
- Resolution: Check with admin regarding adding grace period in configuration.
+ Resolution: Check grace period in configuration.
3. Upload of certificate will not be allowed to update other domain certificate
- Resolution: This is expected when you try to upload `ida-cred` certificate twice. It should only run once and if you see this error while uploading a second time it can be ignored as the cert is already present.
+ Resolution: Expected when we try to upload `ida-cred` certificate twice. It can be ignored as the certificate is already present.
From 43b64fb49c4877376dfce0f9cffafecc86652fb3 Mon Sep 17 00:00:00 2001
From: Keshav Mishra <chandrakeshavmishra@gmail.com>
Date: Fri, 14 Apr 2023 15:59:38 +0530
Subject: [PATCH 07/12] Release Bot Pre-release changes (#71)
Co-authored-by: Mohanraj209 <Mohanraj209@users.noreply.github.com>
---
.github/workflows/push_trigger.yml | 2 +-
mock-esignet-integration-impl/pom.xml | 2 +-
mock-identity-system/pom.xml | 2 +-
pom.xml | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/push_trigger.yml b/.github/workflows/push_trigger.yml
index 4ecad795..a52ed15a 100644
--- a/.github/workflows/push_trigger.yml
+++ b/.github/workflows/push_trigger.yml
@@ -120,7 +120,7 @@ jobs:
mvn -B package --file pom.xml -s $GITHUB_WORKSPACE/settings.xml
- name: Publish the maven package
run: |
- mvn deploy -DaltDeploymentRepository=ossrh::default::${{ secrets.OSSRH_SNAPSHOT_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml
+ mvn deploy -DaltDeploymentRepository=ossrh::default::${{ secrets.RELEASE_URL }} -s $GITHUB_WORKSPACE/settings.xml -f pom.xml
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_token }}
GPG_TTY: $(tty)
diff --git a/mock-esignet-integration-impl/pom.xml b/mock-esignet-integration-impl/pom.xml
index b0cd033c..72fedc93 100644
--- a/mock-esignet-integration-impl/pom.xml
+++ b/mock-esignet-integration-impl/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>io.mosip.esignet.mock</groupId>
<artifactId>esignet-mock-parent</artifactId>
- <version>0.9.0-SNAPSHOT</version>
+ <version>0.9.0</version>
</parent>
<artifactId>mock-esignet-integration-impl</artifactId>
diff --git a/mock-identity-system/pom.xml b/mock-identity-system/pom.xml
index 20a36070..18430cee 100644
--- a/mock-identity-system/pom.xml
+++ b/mock-identity-system/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>io.mosip.esignet.mock</groupId>
<artifactId>esignet-mock-parent</artifactId>
- <version>0.9.0-SNAPSHOT</version>
+ <version>0.9.0</version>
</parent>
<artifactId>mock-identity-system</artifactId>
diff --git a/pom.xml b/pom.xml
index 11c84954..20881df4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,7 +16,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>io.mosip.esignet.mock</groupId>
<artifactId>esignet-mock-parent</artifactId>
- <version>0.9.0-SNAPSHOT</version>
+ <version>0.9.0</version>
<packaging>pom</packaging>
<name>esignet-mock</name>
<description>Parent project of MOSIP e-Signet Mock Services</description>
From ff5392a1775523aeee1bd26826aaf15f1b2e80e9 Mon Sep 17 00:00:00 2001
From: Keshav Mishra <chandrakeshavmishra@gmail.com>
Date: Sat, 15 Apr 2023 17:24:53 +0530
Subject: [PATCH 08/12] [DSD-2478] updated release images (#77)
---
helm/mock-identity-system/values.yaml | 2 +-
helm/mock-relying-party-service/values.yaml | 2 +-
helm/mock-relying-party-ui/values.yaml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/helm/mock-identity-system/values.yaml b/helm/mock-identity-system/values.yaml
index 90fd331d..74e2910d 100644
--- a/helm/mock-identity-system/values.yaml
+++ b/helm/mock-identity-system/values.yaml
@@ -52,7 +52,7 @@ service:
image:
registry: docker.io
- repository: mosipqa/mock-identity-system
+ repository: mosipid/mock-identity-system
tag: 0.9.0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
diff --git a/helm/mock-relying-party-service/values.yaml b/helm/mock-relying-party-service/values.yaml
index 3728c06b..cbc942db 100644
--- a/helm/mock-relying-party-service/values.yaml
+++ b/helm/mock-relying-party-service/values.yaml
@@ -51,7 +51,7 @@ service:
image:
registry: docker.io
- repository: mosipqa/mock-relying-party-service
+ repository: mosipid/mock-relying-party-service
tag: 0.9.0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
diff --git a/helm/mock-relying-party-ui/values.yaml b/helm/mock-relying-party-ui/values.yaml
index ccdfab0c..922c6c6f 100644
--- a/helm/mock-relying-party-ui/values.yaml
+++ b/helm/mock-relying-party-ui/values.yaml
@@ -51,7 +51,7 @@ service:
image:
registry: docker.io
- repository: mosipqa/mock-relying-party-ui
+ repository: mosipid/mock-relying-party-ui
tag: 0.9.0
## Specify a imagePullPolicy
From 4fc94b63e1eb65767782d6ff89de5d42e89747e8 Mon Sep 17 00:00:00 2001
From: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com>
Date: Tue, 18 Apr 2023 18:11:00 +0530
Subject: [PATCH 09/12] [DSD-2478]Updated Readme.MD (#80)
* [DSD-2478] updated release images
* [DSD-2478]Updated Readme.MD
* [DSD-2478]created docs folder.
* [DSD-2478]created docs folder and updated README.md
* [DSD-2478]created docs folder and updated README.md
* [DSD-2478]created docs folder and updated README.md
---------
Co-authored-by: Keshav Mishra <chandrakeshavmishra@gmail.com>
---
README.md | 12 ++++++++++++
docs/images/get-jwks-details.PNG | Bin 0 -> 45320 bytes
2 files changed, 12 insertions(+)
create mode 100644 docs/images/get-jwks-details.PNG
diff --git a/README.md b/README.md
index f00b84a2..df1bf5be 100644
--- a/README.md
+++ b/README.md
@@ -55,3 +55,15 @@ Repository contains mock implementation of auth for e-signet
## Onboard esignet mock and relying party services
* Run onboarder's [install.sh](partner-onboarder) script to exchange jwk certificates.
+### Configurational steps after onboarding is completed.
+* Below mentioned onboarding steps are added after 1.2.0.1-b3
+ * Onboarding the default demo-oidc partner
+
+###.Onboarding the default resident-oidc partner
+* After successfull partner onboarder run for demo-oidc partner , download html reports from `onboarder` bucket of object store .
+* Get `CLIENT_ID` from response body of request `create-oidc-client` from the report **_demo-oidc.html_**
+* Update deployment of `mock-relying-party-ui` in esignet namespace with `CLIENT_ID` value from last step .
+* As per screenshot get the private and public key pair (shown as selected in the screenshot )from the response of the `get-jwks` request from the report **_demo-oidc.html_**
+ 
+* Update `client-private-key` in esignet namespace with `base64 encoded` value of the keypair from previous step.
+* Restart mock-relying-party-service pod
\ No newline at end of file
diff --git a/docs/images/get-jwks-details.PNG b/docs/images/get-jwks-details.PNG
new file mode 100644
index 0000000000000000000000000000000000000000..0c82e1a5ff5320c95900759589940df5825634f8
GIT binary patch
literal 45320
zcmbrm2UwG7^DpeKuB;Um6_FAfq9Q~@KuVHT5Nv>0C{iNQR7!-<A;~H$sFaBG8kJR4
z0x=*pBvFxGA_9RBNI(byLWmHOkbdypegFS`&-I<}eCK>~UAf5f+~t{>d+wQee)oh&
zmmKUit>3+V)v8sS&YiWnylT~I&Z<>EF@9aUa%bXDK62&HPw>ljr&m?<Xw9r#tO+<}
ze`?h#JbHu7`<IpLb$8FY!B?%?-1Ot~Q!DJX@2XYriq6@bx*F}pl{3q@?vX=}1j&j-
zt6vv02ltSp_8bg*xnWy`*29~6_wU;}OF#bN>CySB|3<>hZyFIt>-T$mud&rLgkA{W
z;IwDQ+qbXdzl5H98P={_b|CoMSZf@^u(X>Mws^N-0Nw>)nz!Wo^zfp%)uQ1*3_tJt
zIMxJ}Vvg*trw#>j5sD1*qKl$q-3psOsG?K(O(`dMlYhf+{_D>7HJ7lf|N1(z3w;@@
zWGSas#QzuZHaP{yuiO6bOZ9C7Ejj-+@b2FKn?|!PKoLn;s$}+wRx7@vm2*o4P^rAn
zF;`4RNoE19d}EX>p)Y4ihEdA<fbpE9QkZhAr%R0nl?!0Oe9}@m`PhUeWSQSLNEX<Y
z0_BZQ-z>`@;=xj=xTbB8Gw;Au^k52+GlQfEN&Guoo*)UQm|n{Gs1?jEgULzSmbdz#
zigJj_L@`dD{Z!+fuszBV#nE4AAj`5~7?O;R3X@1gg-E7!e8!9<oL$Q3ZFo}=6*CH3
zYqTs=e&;!$T-ov5+RRbSjwGhSVb_LLtA2++yfbm(nXAgG-!*M_a8?*<x`^<?KcH$f
zOMrSbhiqH*kA0usFC;)f@=riB?LU|x`O=``{mx{#7g07pvw@y}f0Q%7R6te`{2PxQ
zrc&O`>`fMIQ+JO?DdUt>#f<|CV$>q>B{C19h$_XHkuJ_nU$3)7$ZMf*J(gWcp;9mH
z3k@=R17L5m7-A`Z%v4>qYD~wbdO`Qc>VDYNmmG1$N+IK6kSxpcld`HloFc=tX8AMi
zdwCxaQQ9R{s7|V}Q3H_YO0kkM6L97Ein`Y{H;8=|nx(*(F}TXjx5+RiCs^V5>RXt8
zf0Zn!R7r?mlxD$-NZ$id;gVFI@RN|vjP(N#Xd{n(Z(UJiTvKUxdJ&t}zhP`e@Y5X2
zggi%*tQ>+1W2tPq(+!*j92hAgiOV4;<>ktG&D(QPju3Gt&Vl@$3*msJ3{?k6S#a^R
zL=2S?`zQ)3rjYbz63MMa;?S^P#Lz<I1V$9m@PvIOV%4hXLobGxw;iJXv}!CdZ#(A`
zPJTl_Q##apQ?BYjcH7YC^2Rld9scdp)#cGXVB?Xn8aytXcKH^{T=rPTdl@mCv`P6M
zEg&l9mb$xlx_@bnEDq?K*v@%`i{~u~j=Hq6q8ycDepN2(0}g*3$nQ|^S2ZVz1*m~m
zVYpn3LP%0)(LCiCvq<sLd0O<sLwWuqTiJ~19}$nw<RJ0gD{i7L<+Ukk&Epkb>%4b1
z#~!IW?=51ltlR(<_1=}oCn-l!aLEjf=i)NeEIBC@m%nSYlus$QARZ7Gla*6T-By&@
zw=DS_PUM(KmIPjR_GQPIg0ABglwnn;{!$urCREmx!}N@QDlhND#n*NjhpA4#McH|x
zUNEIsiYEb&mtcFQVb&`<+vEIIP3X_f7OPf`91F!OR!mE!lzEGcmW}etn0DanSd@Ip
zjI0RoBd)AttRxGi;NIS94y2-R>N#(I%XSP=GHN+`ZII=RKBh4o#01OlxJ!$8!EtnA
zzuwoWs1H7t6#R_QV*zHl6lAz~PAHTv(^Z}49mos7hLndGM$qz#T834%HqQ*hn_Ik4
zEYJ?NvJv^#5Ebyd<G{)q{`Ba-Hq<Ni8+1T!AVm$eJPIgO6pJTr%=WQXxqn7XEU{p(
znHf73%Soj;g~W9%@xcsAG`q9`DCGszl23x;4Unf!L=9b#SBPqBndTVzrEhii#8qiS
zz%etBisIXn0458Ry3ExQSH2IRUP<=9s84z<5Ubv)aU8sIPf;KkRF!G1?C%Tz&CbgH
zPJ^L1P!-H>%oVIU@*76pyW%K(HaLp)xst$1{-^iPly9X8>YPUk70xiPma^f>_(OYD
zH*76=Eev(`nc}VV+G7E)5a}Z=Lh#fCIpYri2S$ZR`;~<myZGN$yZ}v5w#>j3k`=S}
zl**u&nff<f+Fa_$Zx!bW3jJ|!@BAl9;3#S!UOFr>hbEu|cJ8RF*aFB|(GN@dbjs4j
zR9pXd_UG6R)%A+*84g!<4#AFNsR_AJJc@XC<5$kZidopIcz$iG(uJs;Z-}=(C0|%E
zir-cCy-fw)yQ#fuRmd(VR-N>nUj9tVUyX|9YLP-EVlM8z=+j;2TwB@XAkuYEdFIGP
zb<~adoNJ+C0SqSZBO=9d?ptNuE1p;*vc(kSj1OtapM%b!_9Erbmowy_zOOj^TE*&y
z*}_Apvps!bGapK&E7FVh{MTc1>s)hiCNRu-CSSFyd%3-QngGQsa>$FL3TUlZ35>T^
z4h9R!s_tCD1DyPwVqSnLBGDALhJUi$U!YUvs&s>5m1g9)6=umHe8`QNX=MYK1HFPt
z<Nfd_a<ft)s+^;I(S7<y97JFE@BL796SU(NU72NoIid98Lat+#KbBX-b09AQy^4{S
zcl1FP9F@~c1rZ1Z<ZGbPtvU9zdXX4cS&JYomiMV64Y=i`e1`Ithc_`tGFktXYejk0
zdW70NI7Sx1q^g&Z=FOFY();2-vb?B|DLHd^7$sWDAj?+lmg$VzMUk<jpKS(Zb_$Z9
z$w0M>*RJ|67e4V{!Pl&-(KSa2jFX1PN?~=ec%8oW)rMwMKnJpzBhMIxCr2Fq4JG8v
z<0@6!0PWIswUJRkfgt9TI)^>9;)>VJil+CQg4D(VxzdlABIE$#zCsL@DunBnGkNl{
zB^IVOjys#bOBt|A^@oeFGW>U(zuSa;EcgtuZ-(kqy%Zm3_({nErX@mLtDIaC@Wem!
zfey@g0c^!lVutqdWjBd?P-EOdFF9={%kUB(@Jjk|MqNQO`($D#{Hnyn0;!a$l`t2P
zFeh4!D+P-06BhW&*(FudLTM>X5vq*5CmXMa$QY`QP<c5MfQ(Mho5>GenIy+qiIJ`S
zPu~8Oulye;C@cBS-?`5R`SX?V{V%FB`VmI{MIjr1`0F3^yJo_V{qTdvT7E?Of6@Q{
zt`km=1ps+3;71<0LeYBSB;|L&=6^@-f88wn>4&U8=tJtMf9Gv?eg2WR{a1=+_Aj;k
z)pfyPCkL_!l@a39+W(fa?%;M#+F6}{&9&--$#d5zo5jB_R#mKPZrK0yZ@KQ;AEIif
zTm9Aad*I@{ItPFZi-kWG(q>pmZ&9ZYtmGFzXe_^RqFG{Bnu95JfX#z1BLeru{ME8*
za8escg@8x3Wj4gE|6dqrCwOAn5JQo0>GY0?xc_FX-SRrNQ*ZVSLef5y@N5tCACvKJ
z;k}Y!V7I^6{ym^=WeUFK-}&nIjsGw5F&1vhOZqw;9ZLx=HUBwhG`_eE<?AqvcO2UP
z-@=TpnCpT6g?>)s=O0e~Z89Eek0VanOa}a=g=noq)bTCpn7<mwLZ7)NS=%6gyjZN5
zRO^b1-Mm$-@mE(JmH&C5HQ0hETMD-zDo%nF%i%dXq<U#vw-X;MpIrKQ%yfK!{(g)*
zbLK?0lN7PsK4TvnFFKMRweA|P#_?q9wtvhkcoIc$RgTS9@xvYd`E<mm<iYaafWL?n
zc61S%8yJr3MHB}hWC?CqLf?tD`)5~qki?~}wgzz?q(679m-|>CI~;X~y@SH)6D_u*
zPLLA+-W_8#&t1t|lv#^)ThfvRmtW(+ewcsT>~}+JJaR9|HHZCji!-K@%>?1j#28Sa
z48kRHrW8>QSv3Aj6;_+KbJV{j3p`Rf^%!q{Bge^w;d&1U+d07whSWd;TW>;i2J8eG
z<wuR}hx}#QA0~cVncEugwSlkxMmayQVv@K%SN$=+c<JtV@eye~)Q+t6Z$qhzI79{d
zI%CQ4o}_PzZxKg^)!dy(J2(*`v5_I;UA(`YLL>bW7TR_RD?QzS<RbLjBJdS06#d4-
ze|rap-^wfp)H$M~`Iz;8`-$J_i8tl@if2VVzzHzq#zWc0za&DhZkE*dGmV+U#?q_A
zONzF__a%^9|7^C<+V@ZK?>=m!{5ACZ$xGO#z5D(l=ihH`|9cPcZ^f_r(G~JDU<46q
zQN$?r`m+`2RhooBhDknj=kXV23=Lx7qTU%huxxVaAcz#Vqnn_LJ}liDBQU*vU8a!+
z6i+WL_66KzyPZ7>u_Vfl?M`SdDSXcFS%SYBlFk<aqHis77#wty(IK3*d)%Nblj%4j
zGLfu{sfZ;fWQw}W#ku{1qr;1FuEt2f`z{fS*nfot085Gm+GKs+x@O7#?;gnlY}p-u
zrpGZ3DfU@qu;8n4(%UpPIBNONO)8h5h4aV3m#~xwDAd8P=&7eXjGBB(V1JwKB{3#k
zK+W+?kxcbnKz*anQE8%x+vn9M&|lYDhF__FLP@g(5-C!fhmxt327O}ST<z4-q5kLx
zK5CVa7T1}$7Z4bigcqz)^w>}4;13NpJHA9w$OC|eO(Z;gs{Zb)?o-8CMAaddPZ3>`
zwt$_u7Jf26NA!Zm<9!Ws4@w@WuYrffoXQ4`a0d5QmVHL;RG9%9#XTAPUAq!_1yTzi
zgSTOb7Pt=DAfdh7Af@{o*fJd8ywf}i5O0;_dUhUS!`MwMAsEimy(0~C>Riv!sX6#-
zo6%wz{I-@0{_(ui?W84GEN3X0B2i2PhCI<T-wak-y0z3tb$S!9B-N&){@R*qoD3r`
z`Nm139H|qui{zE##8VrPc(uwJE1M;Lnbky68Obv-?#iLaNm8WhY@>Osa#E|1C8hU?
zDnUJIjkc1<o4ZllIp}-qeH|*Q3^fqBI+AVX)-?pH<}|aJ2i_NMY2>gCyaP|yey&vM
zfo_@I^E!0Ddwc%Dc)#!XJaR*!FLubJ8lKcxyWsOwEcvi^=i8!Koa#Ko*-iNDI;v(t
zI%Vr7o$8zKQ^&EyU5<fkm6}-XxcXzmZ={V_lHxTZEDvKWYOJyh$n+B!#`I5&V<3lS
z<82fn;;pRlhbh3NrGS{`9&^AY5f(tN*5^c^lvC090>ub!z9{M0P*_e6_eqILP_i7Z
z;Wo9pC<mU$^Za&<!Tt)YzoZ~envDJ0X_meXw>??C5|`&gDNd!47-I23T-)(QPE6eG
zNz;C}c1i#e>k(bNQQ;9lyPk8S2VoTJj#7U?GGUq6Qi~?g-<TwH+F+MRSLHL%)a)Q-
zK-?x8>_=JRP5bN5sg@CvU3?;2ffF+bIMhGVV2NmEX<-Rjj$V$w9Ul~cFj8f8KFmXD
zw#uvs`c<hN0gC!}jR7u`(cz<ER{2Vfyo3n^kWn4xLIri98ehw=*4fS(w7p+g2;Elx
zo}W>+COk41ur}_U4bv<NQ#gO;GV8@+7UEuyY5Vf`Z?nK(qh60T>*h9nYboFjOU8fC
zS0Ag161auL9-YYxI?U<gFD1G&PE->G&v*N^sw^C8Y57T)KKG_IW8QpiwYYP?w7j;W
z6l(zcdL9~Eyfh?p9TZ15=Uhqmi|9LKxyawCDs60rbv_R!&hsn(cnwP%iVm+pBRUBq
ziFMZ?ldc1=xOW3S4QtSD$iLn!i8#dPHr^_4EmSXcvHb?=E2jmtuoob$Ofbc-yk32l
zQ7~`o*jnrvg1cv0OVclJwt8BAC>C8lt=()fT^8`p1kl-N_qBEER=RPGlS=_A-zkyW
zS$MBM5&vg$4N8+DJc%kGosEj~`mFMN&H`NAejmG_(3d`nH`kwG&IJCpMYB&2ow3Qn
zaV@!mGVzMgb}VoJY)zV<8J&u_-jm5b7dfiW<3;EQH^`>L`dezJN!1?>3o@<?cU>@n
zN@?#);`Cm{=0xya0na%{Oa&1juX<f+nAK%{`1!OU@u*$`&lrK*n`nq+lzMk*o|-EF
z6RQ{AM#aL0;I$mT$@RUUC$6)`$sgy7zWvJGwo~GeZgMWW$F78oE^TQs&0vLVw-|qU
z6wi__!Uy8Lnt4f@vDo*;CCOTmrYTn;I7XE%seOA979#b4@u=}VWm7&G!Rcaf(j7*d
zlw}XhtC}J8Jg^TzFnqogN6{1O&#ONc1ZEWBey%JS+bTGgw<h|=#pBsFIW}32H~5-b
z;_Yt^hC-&V0dJR0V$Y2hv#tM}f+fA>;<nYK%z)_887{)v#aTFO0=dWcq9lV+>GG9R
zp)G4*aHyL@7|@yORKP317eRENkq%E97c)~&rB5G$_xa$@O#Nx(riZ+plP-iKv0<l5
z20up=H&5QDmx*HBPWPMHErCo2XWr}z+jnItx7C_mq}gZwa+=Taxh<#{_Kj5?g@u)F
zjN4%uu`&2!R)wK6BEFx9)&&hG$AwhYr$duNUc&l~*-Hn2QQZ9H_!7q90#Zk50@->>
zTr!crAUcZ#KVq7CO(oUW1-S34`6%t8y(<aG&Ks^_bO9*VuL-;R@cc@mLf;KEf77wA
zmKDsoKsn>JScKZ-+FCZWgHCIS@52v(v&FI4_OG#KLV<8&<kd#thBLTwX7hDSlA=-k
z3@eD~7YQS61F9gD*f_Zj=2U=p0PiKEn;8)_T>IOMpU-pIn>h}=W4Xq$sIM3Yk5*d!
z(eOGn_0buB6Eeq>p?RLUi@6CNc_%0#TZ9AeqFZ?}Lb`9c_&n!jRz?lJTz=lkLp~au
zmFHu@D8D4M;7dT*@D-moLW<Gd`mJ=Q!THJWvg%GL)(TijPz@@pJZS1Rs%{h+V>S|S
zzr$?558ZNRC_ZQ&0L$S&XIj3~l^!$W5$5-=n1s*$qti{_``<S?=TmQ6t~sYP!(9p0
zLzkXotMzmUCg|Rjb4A0E8dqs1H2$Dq1X+X};(BkA5wvyOu7szn=M#K$tmbpjh{APC
zj|H?6z^8$__um(t8fr=6<n(7#Fw=*y%SSUtZze#Y#ieHVtgZBKlG|Co!r1pb9$sgZ
zN<Y_@u<e4r27h<yJat=*o><tX^~f$SgWQ1ib6h;cxh`r)3wFbWa|}H4fm5jkDuc^C
z1g2mL+sFx+&S==3V5*VH%g!4~ZZP>^>lN~L8Cb`{x%>?=JJMt{yl=58sN9ikm*Qd2
zI;}opxk=3ukWm@Z*11XFETuXF;ElMV(No3Hr(WQIXD`F``mar%S#Wr$aHu_1Q)PrE
zn9jNTTwB^P>WiQx(*i$Ocp2gnL%p~5dD32{2C7b%Yb@4h3@&?o@u{c9?+)sZv=Qau
z`E``A0-D-PW0mMKZx$BkUqUjsC8d}5Je}n&Toz9G%d5IO1L-<13ZD90r@NH9bW5&#
zhgaBuM=wRTHwJa?Vx~UAVwne2T#Tj_8SEFGzRb3Y)CZ(1EhZ&~RgJd;<GTEcdy0&T
zJ)I}@`&{4$7?xiywA$!s(qc)mT2pu3N+N1wOeH~)^GUM8$yDrM9D4B&SN{`coqXvb
zcRwpSO!hu!!*K>;UjCAuA|JI~F#==rjXw85CeFCxAqyiG{`_3*xyc&%ST&J8P7QpI
zSv*y4aCYi=Ma22wjF+N{pd?4yH&K~%qsj&CkxHE9kWM+_y*=(lX>aG3maMd<I<6?k
zu|7JyjIXC&ZdDWG8vYKE`T@6>(X+b#8UMpljN5%qpLs6*2v}dbEn|7JdHPm2PV}!a
z<>&xLKuRd#Px{20;zwXZu(qFHCG5V@D6nCdQXP<0lfk)Pa|V-T+h4o2+01Bx^195&
zZ}2ku^XbUUk_p*>_>0fYDyq-7gvS)(F?CVUg+iEh5W1(+NxjyVql>mycH|pT6M_PK
zrd1%>bDg3$a|A9>u{q2}2ev5u<|ojm+;IaGF;BtN60$c;==d|=FtX;#j3QI9O*H`}
z(<8nt^Ybk?O45?>dv`JUdA+r>-tol`g}H(<VooefQQ^}^(qI@Cna$#dt6EWoWdaZO
z-7VG&3146G)Vi)cM8zwxQ|Q=aPoH?RN-x9gM*^MXUDL~lQOhyuo<;v!VCq_~x+C81
zI-r&x(P)*9OC-&)hr33819F?jWy{OdR`1QVCRtW`)xkkaw7WVSof_cyV*U7pMTgqY
z1!_$mT;pIg#Yn>#Io$b6Iol(LDs%1S7&J=;+;kG@rvazWy>hZE`m;IBimdY$xur1G
zL|n6h4sp!ga6=QAGolzb<aZ$Np=x)vSrKsBs)qYecWV(nXT<tiE~aY~G{SNv!#_12
z7+auq)YZL!`5qVmcUcy2JlevFLWsbxx>VkwrU${7z*ppW?!?F?;fZX<T25(o@uTdj
zjG^`W_NTegE=;1O;iHR^M{{XH>oEud`E#P2E^C8z`;P{=4po=5UXG+T(@eUeV&;d!
z&QkMovD7Sl-C=|<=z<M9DA-!WGGz)<*`Hd;of-Ac&fWtsUrWta;*Nn<U=3`GZqcOZ
zU{(1GpD}%Qvb|yp&ZxE3c)Pelgf4GaqYWr4alQOpMzdotqbSHdbAtn^xYo+?<8^wi
zFwd$6yjjNP_REurgQDLklwhkb5$73tw`e<c-MKVAmCNNmVc+&DY;xLI-bg}Qxx`d=
zJNgoTcK7484d#VnMqv};<pZ{I6E%b}LRlI0gl$YP?RmJ+Qr99GYVNz#f~{~a&SL%g
z4WEyp^qE4wT<FyF<%nlPbDM(g_0YkKwwO(9qovd>tPi(358){8yepGzwz*x_$avaW
z(_EN@%R2pnMNEI$+9A;@8;{>UdWeckwcKd_+WM~W(8mIuDV2{po6qfwyEI&w|L2i$
z->zYn>b3Yw4WLM#K`$%RLFhz{K9+A-M)bpc5FN3d@Y`RG(@=GJ3R4_ex{oataCA|d
zyr5T+$lj_Rb--@72aT^Jz1Tqo<)X}a#`Hj9by>7c<Sdwzak@WhONQS5bVGOLT_JU0
zXqU{XZNVvy1?q3Sl>J;{M11lGsg3PVp)UCc<d(?Yg|4HPj5L`?w}`SSA<fh*vHDx*
z9&r8}&)(!${)Y*YQ)m@_P7O7_7u8J|_aWabPUaXp$-d3O6%>iSd4iW=4$-hz=c{OH
zeqxgRf%Jev3<8k7Ju+C2amjO7>m#u}hpFs^Bk~4EnLp)i_e4(}wWm7ty~65Ql+fut
zuDPRpa_G+J91ReWPF*@ok&+mS4~8ZXb`iC7*n5%2x)VSYUFR)yC6e-<uq9eu$nD}Y
z=%9p-QIc&cySgW!Q)~0mh|qvS3~7>mmXQ|01JT4j4><Exr~rAZ#_mtY)~RGY>CMQ}
z15=SEHpt8i`Xl*!?TFB$G_Ps~9fP5S>x7}05Ko~)u{n(vRS;Bd+BIJJ>dKS|-%HuY
zoXYC6OOIFpUp6NReu+8JmD-aO8zQ`1Q&YWY@kK=Id|;|a)8(Y#_5o6b$>5cQ|DfKZ
z5K~&3)6W*5F42pFsdp5=(I?gJJVlZZ1cXnYKdr*40<>%>tq!e#+<H^LhG*ZY&8<|w
zGKNYgYugaP?GdP-ptsbo-;U+2u8W@rA2k*43Wr=}Is(BQHGW@+546;?f%WZiysNNA
zD5Q!a!N!V1K2;tM4e1OvVxJAd80(l=#lGn+_+t9TKkV)f^m)eqw)#_wT%UxaNvMxA
zS7~L^7o-m<G2?Q2ysKydtSP)3nHLH`?_s|O+qWKU;u&;vAXR08f>-f+l`2rzMEJ1<
z&p<FTM(&H=*2(b4Q}{3Hb~D4tvGw(bwU?q}RtHhCJz;#r6YXJV#PR7l`1AMvq8p_I
zLQ<%`pn1x=$j%|nZDI*Mp&QF9l0NOU-l%7u9o#N&)*DrFkLn^+r$LheA@(j&hVEA+
z8y8L}1~_M4O}`a{E-c}D#d$4QitXqN>F8`!I1faWGwz|SI~trQJFQJBZVvKIT``EO
z6W8QBrtW6=<af7|969>2!HY{?bgfkW%+$)8^wX&G&VAReKjEFG!j4lByHeL(GxLG^
z`Q`L{EH96LwxIYf5nCOxrx+Q*YtRc}Cr1UN$EQ9WA-Bez!`0$`vNYEc!`sX`%%-T9
zyEz6H1tDp}E5QGZlb~kdin+;1bwp4y&C786Faq0p9#ggdtDe9K3)NirdFk@czl-wY
zo$P?8rE{bYP4-44r+SnAf~vbR`8VOjFRKQ<k6JP9L%y4g-4~rjH${ZqyD1-D!G%BE
z7pe_?-Ap>f!YD|pFdfF$koiq^Ynml3RS(ryd8j-Vluml_(sedH7U(*qGahavYOG-1
zW6v)^jsAQcyLR%0<1jqB#15}${PqjFb@`f0-?D9=<pYDYh>UMfZfft|&bjbnA91V3
zkD7@U`tI?+Ld2tSj~4#|XUE<=cTE!IA42^#q<Ht^i2s8|)EaP|bZ!L-1rg7pp^Xlz
zkQEH{lqO0LsmbRUvVS1C8Owu!($+<Q0P_Qh4uj8AzE;?=7UmxRg8|eULqn=x4{`mt
z-cf3mX9FTKR{Y!xy41^^&(d)`q2Y!C+5Qc%^VENUAxCQ9_sWtfb_Uc7TRqp)E{|>g
zWkGk2_A;FM0MX}%`>=DA=XK5qEMepS<2hv03RmEnU;`V-4@3>ZFYiIGm%oN3$=)pI
z1xAK8H}vY$S&-YJv*}(_nJ+;3{O>m6zi`a&{VSNG=C#kmj+oKH?-_!{9d|w3rar|j
z4=?8jZs)|HxiRwH(ziEUI7yCNK>9z_DG0ohEXb)kP3&Hm906?;I+n;A%QCo^4Gz`N
zYk&PyjQe~clq_I5egiBgty6m;`wNnezVjo>7~ToM=l~x_TxsiQ)JObGOs1OC>sH1M
z%1a^P(SI;&F<V%FA^sn(tYEmoHK%LhUxH*Mfn_&6cT^6_M&~_KdZegJhNzB^$I@q>
z<0@O76n`zWmB|kX12yXb@zz;CPlU9sWL^{p*sEXU`GK;Y20Z+kVso59OB2%xT7f?K
zJ#OKr{}|b#{#+b$r^0oB%mnQ$Pj+Of-p#t{sXp0lJ8BvyHTxx{aST1f?TwG@`KM_K
z0@^ppz3bigDKGu*_!nF|Cbq^aHnw9@q_|Y_V5Z|Z#i0MeKh+mtBbLP85y?CwcKzSl
z>|YZ9A08FSw=S<B^L;Z*!liv6<bnlAwv^GQ64FzMc8t2+UO+%QKo-aKO3h{#M$2w7
z5U!nuv4cX1PjyAPd~RvcdQ`>Eh*Vy`wVPm4T*g>A?}-nO72m!r##Ti=ae*aUhQ&=A
zJN4WO6k`+lj7^JjS9*QT)QHyn8{0?9rqQCigvJec(kNUR4_!SL`C2UBg=<CI^hl+%
z1<d_-opp9BEcmecd^$*aE8F3>n9w+6bL@Vk+R;FsTds}z;A&6*z75qnH9TFV9W4HU
zVHEDpDfRc(u<XiBH4iwII3K2`#P+PZB?93)2#VL9DGJsJ?ls3rDX%0~rA9ripl>(j
z$jTF}joJ{iUo=apwvefq4H{LACl=)~zb-BnTKe@9XNVRMrH{r2UV3j@R<JP@@3H-E
z61;ADc(`8Dy-WT^*ws)EpOjv-va@uaBxX?_ci&5?Ny@jJHLx!?iG8`V+5bgcZ&S^L
zdBekq5)z|2vSJReEg*D1AGtrM4^Z#J<quds@#On<u}){Zh@hPn7rh9T@xgYf9B(q%
z%_{P{`O$LPOgLkBY4h%dn0elIOP!(q@F9>pd->|!df!P3zpKO5$!|?PL~pqEJ(oxy
zORBV$SxnygByvN!7rYQ8wc}3?+NFL731CO7LoO*)*~HneLO@UJYHl3BCdUB00n>dm
zJ-Fy|Tbnb&J#GzwPAi_&YnJ#t`?;tH<Z(!UNmKRQhop;-eJXv5fM0Yij#jM>H*8{E
ze$si-a4!DMFNz!_|7IirA<K^)N;DH30VE=;!JOUQ8{Pn&{gIEIYN}IigF0A9Rq4+N
zTTFKHVxyUg+F~)Li18Xhfmp*0v#aaIDCydi0XE!52A<5`1E%{9H0I8RBC&~8+s4Dp
z)e5_VL<dSw(|2O!MBW7gRjhlm6EH$VJRuD6inzB($+BA#8wxmts`FtERBzd-gLz5t
zWifpewF)&)0rGYa=jn!+i|jKs;#<WPKH9CqVw~UU?Injzy^P`{E^CPw3U6B4DuLYM
z)JNqXW2zUz6r-%e6ZodjjNB~c>c*geC~!eb8WKDi!xwjs&!6`N9P*U$b#-+>E-%>X
zpV>d{npfG|rU?RG_mOxomc`@6cA=G&rXuusOncS@o4fHvVSoKp*h%U1^BzY1F3(1E
zhukF`AlLI94ZuO47g-F>(HaXSyT4lu)q+c1QR^2^QMn_&z;-iKNw`Mnw$9?iZqRn`
z3VYpa{{AlWQKoOfMNfi9L|IK=3m}<O_UHOcw6R0kvB#FiQ^T>#L^ERK+;I*Ow~v^l
zj@cd1H@keAIi%;q94WmM|HX2AX^FoUb<Wu6P(zSCZ*SyF_G03nGZ`$FAfgC^xt_<F
zJP(&dxe;L{^P_B$)p59U%<+uiE%oUs+jz$|I~B}ju`LOfA*y&i;`Da1t~*`q%uyv8
z<t{gqhFXQyF{V&8%Y|Etp16LhUyesz+%@4*`<dE|rlx}J32oWcYBUXyf3T*XKG_E8
zG3l|CSltEdP7@FdQ2iEW0Y#J-e4En8Z8MSjnxj^GJKRR~&}W>f<uxVvG+)ip&(Lnh
zaH7XmSHc?2z}ud+2nbjFYCk{RN)AuzEZ8~d?R7AFhqy<is%TRbG7on~PsVSS=^kGV
zT0>Os(mchI>}jPDhg$bX4iP0_+F*SIjTSP2s*VazGdb=x=ufkCpbgTwY?gfGpk~pu
zV8o4`m*q|mf|f*S#KA@9o&pWHIU;+5T=nMW;X|=P`1bM{L^=gqghV9IL^{B`uJ&1I
zDzCY{NtM2-;rem6_`-<J#he8PeCLoS;`&r)-Oy{1Guxi+9lkRjgNNJI)S8)Px$M&y
zzZ0L&r`!f*(?11VH$&}QatlTTv<sI#+RBHK{f0D(IEv$lKD-hw$(ek3(HFbd=U`8H
z<8AAXw}q(K11@HT>l3=}RZN4)rrw5nWH5xsk2npR5Y*Sagx=*|e#58l#`*N)e3Jq*
z4aE0<y^g;idlPX>!Ogi}f1`4wedzaOd%sNep#oP<`IN6)oO)gg9Wkeu=`c72?ZwUB
z;p6895hs~(ZOK$KenDEW?PSg_R)o`)%IwM=-z?P%cGK~0<V~D|Hjz<<l(5Y?Y~A_F
zfLiydvq~#c*7VU|XRWYH>x11tTNl^n=8n+955>IXJqp4+c0|qd+aRL3b|IV6!H>;d
zXhRz_*LRS|;k7kf1JVZgxo#+{s?Cl4B6Z+vqD`)*S5E(MaiqdRCtdp$kk`isMszC%
ze85yzefP^O>}&g}WUplYu@~X|nDNlcD&>9CWhhmw^+vHBu-*Ko<6wj~`jLGCcZWLq
zY|W$gV$}d?bfVRk>pGE;8LOZLQ=bT2H^!}J_kLqFX;<6DIA*Z<omLw!3iEM$4$-Qw
zZR8}XWN4Cflpt{kUmtHNK!5F{JfbdvQ4YV*O9wfwS@kzdA?yycc;j}>%EFI&A;@F?
ze(uU-uya&uHrKCOD|oSkZ;$TAR2n`ku>??omX+Gy)Qz(d+4<(cju2KKS6owDTa{KT
zMwV0XSwRrfvAHfjk@3ca&}bE0$}oEle{xgau~EImF<*0!-b2FGk_}Bz|0{&+m7B}y
z!GoOSec<o@B+GvPpbLty++@#veZ$AKo?WEH)vd}-isqJvdeN-&=lUXm63K-cnl68C
z92Z;#TgrPBD9o$s-pUz0Bw^z^9N61IE^)uw;=0KoTYrz&^@6V=%YAYcx82(Gu3eoc
zryjhVYk8N{(mHZ;F}5YdV^rrnpdfB^zA*6Z1B*EcYefp~XP>3on&7a=)U-2<+@>D8
z)oL{R#Lpj^T{-#kH%mPfx(w^nzmK^S^!_NVRnj}#(EN2qy}M|Nza_`Pt1sWna+&dT
zFeXn>*qMJy-K0j7W93pb5o>E2lK?WMoUkt597r_O&52E(tXM2>sWY`~?Q{tK)?}Fj
ze~>kIdRGn=<G$qzD`OtW>hrU*(F4J@DbMdhTL4GmfYjsj^v|#o@>_^Nb`ClDYDxoQ
zhB~_;9z%J@Xp&YPPxkcZ2luuzG=dx3t)2wz=r!n>IGIRv6klx~?JAga^G(44dv}kr
zTlsL^l2kU-(zWe2;vm%=JsX!fmhuP3%oZhGp47TzkOp1Sx!pC2y-<)bn6<N|7lVfT
z2Kr*Ml*g|#4$*s7UWg}HF`{Jc+E{K|1zu~uKG9tNexKjF3oX)kcv5}6h2u(goU$%u
zi^oMr`}hw*_x-NkG~hmdIx3nukkwk2koiuUWzMSat7^BGjEo`*r`n5;2iRe{K${ot
z-sRq-PYtX#DDNDUX0;Xo3P<AI2)hJzw^2(A-u6^-%_(voBV>gAhwY@LwlQtz;II`N
zir?GOT3L(E(ftZ}TK!zqb1@8A$-5kRuuadp{Sj^XZp+#Z$$oeZD6`uWc|+9Vi+%td
z&d-9Krbm7=lEhg-T5==~Z!@hHYb*ep)>Kx@#i3u`R*1D`Uj?VgPA&vzPb|hg@pSJq
zLF<9`q2f?2;>Mh&qDIn;8Gdge{Zims&x=PzK1GAI*}|CgVwkWK?9V%=AXuI>#*QvH
z*368=2X3c<LexOox_VP2U^MN)F~he|*~!U=i{~g+V{<jmtoKB})aBEpd%EPN!-2k}
zL4%Z}B^I#{dHI9is4wr1(hHlk@cT?*(NF+_9-SAsNbfA1>+AVW4Va9?cGX})Dx<g}
zqZ1@hc7PicXqPSsomg3SLtZf7WQmeEZ8p56+)X@bk3{Wa--<SDEVuAltgHT@XT5P#
zbFmKPT#9Lj>{9Fah(3f9V;`9urx@5lHZ>Z0&7NyB<=>D0T3H*@UEx$y1cm=*!b8u)
zfq{0y8>OvcCIv9}R6Kx$Oce(x2iV&=F0aVZ1EjH=v3I_$ezomrZtZ*h^TOx2PIWiM
z9$JE#F!&rd1G;pU0`13nbv7;%QsX4QvH{<)cKxLh9X63}0Cwk@>W_?DfC!D$N(5Ao
z#|lpoIR60-TmxoER=Zy(<t^{fXmU*A6v}KvpF{s7(>i^GJA<rh%+(5VD%Ij9y3GzU
zw>N1RXI2M_@6)YmBP^9j{nMbG$VdF%<5~3&Tc;gCBzR;5^I4RerHGX_cMEU^9B52S
z2cLpwZ(X)rDtW=<E<U4a)nrlBrw4zRMHkcED)?^HYT+hn{$O_k-udBNu;Q3mk8<8}
z0D|2VZe&x5I6CDD`5YU&k7;XzFDmECo4qpN9eN<ZV8d+m!@0{RUoO8o**REi-`JmT
zr0$1#Z#c6@N;>-sp=}7<OivaZn|Gt()8wyli$!xBmP5E(M=1X~)T_kr4PUKgXby3J
z@|M|z|8#;JhFL5!r{7_mFvQE#mHV_UsENT8EIKvtPxMUZ!gjZP@cv+^YK~oo$E|7C
zfLYlB=xc6?ZB9_&qX^%UfhH-!u4Y#ArtU`5J253emXPmxc2gHFCd!7>wLdd2Q#q!C
zSGIU2qxtoPC(@t$tW*a1&HZ#}-A>}n^(%w+s!~52m5X|=C`LxuZ5PV}G1zTO=e|vy
z9zGD6RnE3uoYmzY)ZPu>8YDlTBg=Y&K>QJ(+jS=UdLISXPHD9cModVu9J?FGPcNjH
zKN)1RS&QFuZvAP!|7++gQOoCmaaOH2-=BZG%G&oW=uDCs#*`q7g_Zi<$ym($IMio&
zLv+yZ4nJ)UD>_nqpP%ZZgEmq>F$G%_EzcrLH;~%kksNXF&?jJA=(a>N&HL%*ElpCo
zq?J8pla$A(XSTeM_I4U7c$IQ^a{U#nbZ`X_hY?#)iar|}F#`DYKHy}}48-cjq7p_s
zI)l6xg8|+Q=Cvl^D>f?BF?sMElgcia3i8lNNK;Jw$tGQ>f1m}@>si3>qTq|zrl4|e
zRA3gQnXxUYz5=YX&r;coAIYJ<9GtgQo*Ow4<p&V|gp-WN#}b*71yxrUKNsfgRX=*B
z_9U*w>itGM#q_=SnmP#F+bq4%w(uoDpHAae2Ih}Okb12TExZ@GX%RjR&)ZUszFLY7
zYq$Xrj{Pxxb(z)H9*J6qBb#H>eEc2Rlsrle+k%o<pF!G$>-<bg9PGx50$W}4>P})d
z)lb1M)9dvJ-I(UyR95v7)fB@46hd*NCiQqL33C+dHyE0c(M}Z(j=7kwYpR<zGIvZ@
zorOOZlwH}@@P7L{+Ms=Q=AZm^Q5x5Q12v%8;<vN}{JRU=zR-6G2CTPvo@b5K?9`2=
zGgGS**xc_)`d{@*xDFGNV=R+~W|d2Ty1Q5tvr>;OHEzr`MxBv85<(Ei@pcJUpJ=Rx
zNv(V-h>09QgjLA(bC-XKf%+Wl)+j~2E_hms@FLwCziEMYb8Sz%dANJlbFP3qR#)dt
z!;`DEqD+aP0lODIy>|3+KJ<E!v;!EdG_v)IydBFpqLVOskUF99FwFN&RChU5BH3SQ
zN55`WX>XBak`8Xb6{#@q8~3{Butg!@lrTf|oBB9&tIzx2^>(;^{wn^!xh(rKHP_tK
za`R!<a_3}Pca=Tz2Kre95c8`(O5*y*@yAG?jkbh2EnL7wDrGc5TDf6i_!)UP4^bvN
zykMxHHt0OGyJL@eYHR^;UU=<eUpoeR(DQLTO|<ZI$~U!p%6qc)6N!>!Tq7Qm1O;}e
zR8?h#HZVtL_!)O2>A6_`MK%h?ugY^Du*7wvvv^%J=eX(k6}M)svu-6}9=e5LR?+I)
z@2;E$swf7`IsDr@0y8*B59!;q8F2*f1v9q<w00(jdQSSHBe3DoQMIJqP(YJKh_7Ab
z%NlX_XY2g#p9tX8M-@E*{3@4Q0ltN`Pd#%nxY^Z%HK4VacCQTn<Wx;zhAm#vKiM>%
zv8X-fSsi#X8f`O49x+4pu1Q8bU-|V&i<$1KU&2-wKS^fn&m1v1qxYe@jvB{FI{4LH
zqEn}M?uuFg$}sAK4VUgWc_BN5n<Yz5haiVpsVY`h+kKBEjQn1D2DMuqakKFN8OBK+
zbgbJ=dGAVLch3|-9-wZxuMFP(Sio-H0n8lN58XZ+IHI`;d@ZT<-u;dKPc&Dp3gBN%
z7DTcOguh1q@9KL0qpI)k!rqZx|BofW|Izh-DgflkRK!1udatmvN&kkLW`}0NMd!Q8
z4_h-g@pN&FS4a1uhiS1$<noUKz*xOMCM?g&N=5Vsl^9Dw8fc|3RR?wy@$2_pnN=}L
z>D!U0mp>3y?-ME&j*mE0;k?f8D`(8J?ay3MYl>m`dBa#-ltI_|WazUh;v0>6f6v>B
zP4Vuf?io%kndrCk_O=VPf#*eMh4EYsm{p~xMPvo=oqN8JEJ%3lh$N|@{}>>1E(cL-
zmdpYyAl2B$sgdNm;pn4wWuPX_UtyyAvu1rMJraB0+pXb*%t~Gu4lA7&A#4j8R6WyP
z?_@a#f?KJiC@E+8oUGKmN{`L~PnCI=Nj4W@cHDF1?I`%gz=dK!^-NPWuQr>PTg)+A
z^rAcowFhHsEn9hnC{^gE=p>Ho3e?Ya)zR|JV~Zx*Kw9GWG?TQ{h4*k<O!<6SV<a$&
zZ*DPRVyyQ0g4i^cm=<Kr&n!--R2G@z5{!{cUTHmiT8t6-f(sseK6~Lq%q&mycDk3Y
zj-dnBP-FNf6mQ$exTT`YUffDqh}=|vtEb5-y9BrtQzphuT$N|Gu12w^_#uJpV)E(}
z;ugj*q!ahHR_MK8{iqr_(vqxv32bQMrSI>K3c%c>ft&@4$k%vgP=pajbjR1__Q65_
zShnJY`VVwzn}y!QmRn~wCpw%*ybf3w4t1_XT$ZqplQ}e1H+S6BL;3Jj{P%&8{9MH)
zX>#SB*!alUj9U#IjKvWO#p0KwaKktc<BYA}xcLH;cr1S;#D&yVs3b7JI=!qM8ML*k
zyT#6rh{PWQJLP<$igvA$7P9!`jkkU#R3uK4NPn)*Zoqx7)Qjs51M&jpiyuenyAwc|
z<~SJNk8*piCnc#Da-Ac|W(TO^C)SIRYbLDmPBW|^t#3w!rN`%a&<y>`gIv++`QAOI
z-&zSS`&!wT`AR)!l~y;lcn`QH6iex<g&#ADJ@hle)2a%nXHJw3XTeKbk4b|xfpL_Z
zhp@tV4`iBf(XYQ`nzVSKaP|D$)ihe(YkUm<jfFaU^2}XTPF0L6`j>4JcJ0d4>6B~a
zS8?77oo_}xuh8tHz;AV`_~ahOiJCM1wXI-EXf8?lwB8i$)tJq`mzH;&$yh)HQ;lOs
z$*X!H@ta&(aXJ?wgA|S&miS;(bL(<k7djqVblb&T3ea<7GtMzu*XO9;@80BAc2m8J
z@(^`Ucv0Y7x#BtQYn>SF0o~FyHzW>ia@yDZG{m$<+c&ChKdl0$*tb9FBsb%6^6}zg
zvLWmQQC`&<A^6!8+aBrW+4-_Jzf%0WXMWgEX$ab8vO{s4`}>fxp#zV*7hg5B_XBr6
z`k)-eOf+Acyat%6u8AR3LTmlyM)LzyOKr1E@Tqvy$oR^@oUtHd)6&LHpy|Gethub=
z#ZMs<enCO{o+b{FH@~>wH41h`#mSO=`>Na8Lze>mF#b`9LW)nYC-r(w`r+ImNp&dG
z-~Cox9<xA4-IJ=QH80G!KzA!+)6kBA)WlEcYnofYI5<4Q&}O38$}aw(LT4(H{Lmvf
z1FKIdcPOskY@leU-qq&%*wNDLYi5c;k9~H}$JCgfl!i#lD(nGEjwk(~HOD8v<K<lk
zZA#2cK9$ZYuZ1UHLsV$U8l#Yl(flZWa@wQH!}wuBiR`t+-Qf<V7y~@ry<ya4!jBzc
zQ`~*8=ZT#mWO&#LS7XncW#(K*K1mw(za1>EtJTHP1)|4?ln=gH_qty{ynZqr9A}zn
zfOJkfHoy0QzgOU5r*WSF{v;&9@nTxeh)E2q=gQvPoL%yA`MWP>>4TEOYjNtzZU#ya
z9Yo2{F~)Ry8H0{9cm{gaP&3PFod;O}o6?WubCJujKp!#aa<w@KC`$es+&3UKTdd`{
z4-c@DNk3c&DVS4Kyg4q?FGO@9bA$KMGs?YY4<0a%)U2Gbv;eR&tMy}#pB^=J0{U3J
zyKjF!p>}_-+Iu~yPV&?Ka*XHIGud4i8u}ArbEeKnY?EwrJ9P%5>&K(3bSncR_t4Kw
zNUH$n`z&HX>p?nRK*uV#sjQQAx&7=I%HHfs%F!AkZp-9D{>Nu!!xVJ0^blfk_yalb
zW?$p4jH*B_W}E2_OFw(OBgF;z+Q<aFb!Bs3s;p(-EB2ljSL<Y{L{tb-yHtyS13>qR
z-P+VjkSSX*Y^pb1M#`S@bB`&0q^iltSsY>A4!NdyGI57-gP#_ZoC@{5!b^^yIt+i@
z_(A1-PQ4QAP@DxcjcL+2e4GHC)A0{RfQL2c0Lrx*cJv{!1(`0poibAFMm>u2tpHr%
zBp}#EyW~M^$&jhi6qAi0RFv?X<Dz8X2U@_}5%QyY!j>09S)@g78a3STaib9<OA8Po
ztfWZ!*b8@piM_!E1wkPQLtsa&E~;c173u#+W8@%nD`@5PzOFws-4pJ)G)>a>*@e;Y
z?#f7=9trBA)+3{kYcaXezkme`McrzZSW;9EZErTd{5dL99_-<piAXMD;ioggGsPwc
zO?ABdGac7g!;oG+jpC0ffuQvXXg`F&`sBfK!EM^{Y)L^k(5q7s8j|&j`<TC<5*%m1
zy+h&TRz61y>fI`IRF_V?7SQy-j_=V25ob`raMlwB;0hL6F#g-@Z=k(Xmx3-D*2lh^
zi!Ycv=+<<gnlJq+q&!s+v#2&g2>&Ta<)Fo$sZ~2|X``<iTTYY*_>vpu_7OG@%^sG}
zOstE2B@APCO?qrQ&I;D}r~CY9yCT_jJs$jNdVgLZ!n8ww;X)jt`YTlEB$+jS3Lxxc
zoeFklg9wieo)^t-;|9KOoK2El`wfO-F#?Ef)Zn*1xp8WU<INOqH!e$a@}e!RTy{Lg
zz>gy?pBZ{zT>|z>`|R_c!1~z5EO8`g-y7}eX)LXY+vZ*X{X`0~Z$vL%u~Zdr{H!oK
z2_hn=#3!JG<~x}7$kf4WZ2ME3r}Ag+)3_nUsHNX`rH0Ysg6r}t&UnjP!wFCjuacTS
z7kaVvt+;AvpFK4KlV<84a|flg@=qyvGGQ_qoOvMv(^mVOQUE%i-F3xcBhtupXnAfJ
zD{w|Pla4k`pF|S@ed3_-P=jofl4bucqaFKS!YB`n5)oL@4*$3ViB-??u$oltgb%+>
zO0Yt6G2%+rl{-!qZ22Afw?<g!6lA88(~*yD@=sW5ujiTj`Mou9$CS?EBBIzIJ2d=a
z0h*u`vRYH#(M4ayK|5+&9N{Rut9+kv&4AE+G&?fJa*h;pkyGS%n6M9|eMYfdTs>4m
zb(UVd_=h*;(|Mk~^PLso!vEwG^IblxaH-RNs?WDT!^S;O534<$o;Iuj0N*B__aY`)
zMJ9Qle3Df^N81|`dq&08b4$ACDGVrOrE1L7M9-^FkVhN-Vw!_{lbRD=VCJ=_WR$af
ztKJWTkAY-IB%~Tt9EMDuxkx&b4u46D?TKlJ3v^WG?gWNikv{agmPE4cEE7(e_VTnw
zH>m;aNE>|2TZknSET0pP2sPH?mnnf5tRMQ8XXkZ7)E6^zNa|DOOE<Ucj*hg}<t~~z
zL^V5<L7KA#Pn;rUDu%x{C<yFy%KhqLM}HVE<F~<JhE?e|!ke~XVUPKrqTLhE5jhjD
zm(mc%cxX^&^=-;`2MrmZE${Pd@y!B#{tM#@(S}1Y7LOvH4AOJ6^H$!Gj>ewjgnnJn
z^5KZCb4N8M4r+k_pKjRs_rn;F0($FvZBUL7abw;>={hyj*fvoDT;H3Am+~Z*tuED%
zD7NIXU562IDJ{EtCd}yj@$XSD3udF(0UGEA=UP{Go9NNeGJ(4MQ&mClgaD7us)R~m
z(aM)WUxe*GCFGv+b>=zpLYBo#J8l(NSU)zUQdv;$ndY@0Z5Q)0RSrhdNU!L5k$GA@
zF#{swFyjf0U2nwx)E$-Fa$W5vvPwq8cX4$|ROcHP%#S(&wO>DafE~|fp1l`h-o6@f
zK{*t*ZEfX+FcIk^P&4ee7Ws>W0>8CMF@~1cOH>`h+sjCYBE4{a@yS@MyD)uN{~e{R
zgU`-M#=A{XnYA@FUGWEF-Dp2ndxE8=2JNA>{E7C6jKX~_{8Oajri?vhC^x^!wQM!a
zDLJBpNX;IU@0loZR1278EPx$s#Od%)oj_!o*NvsRA)mSONif-&2bzA4sLa-WK4H}I
zs*Qs@glvaba?2X8z-!r6{0Y&yla?+qCA8YTM$7M5jEj)ux!%e4iM>G64u(&e^eSL;
za9hzHzz#RjZ%NpKJJglH_MW$Ry~J)ixfn(S;-gA8Dj+-egIsERfyV>1JM$=?_@%8Y
zb^EPw0NPYSTygc^;D7qm+WAWF@SKFVlKr1#@vTPBd_-7vt^D^4+3r5eB6U1){TaK!
zi~(sb*=2i72{X&<2$}$}BeE9?xan;QH#(%E4Cxe{m0`N}g~)2YD4G#ndNfEa6X6C#
zd08{5NV(#|<Z|`8K+chz^=_yfa^8%m?sm;ma8JPgTd^Z;^NTh;M@hltMi***3nF8O
znDn`OIn>`J&Hl@<%zH!{%w!V8&z}q}$Lo_Kq&i;-(`SAlR(pZ%yL9SwBZ}&888&OD
zMCSJE^mTsJZfl9ukQ^vizh4Y9G)tJ?F{h#B!J+qfM80cT`FZT62`5>D_Jnt~py_$}
zQgWG9ZCvxhu5Uhb_JMaAvE9ebJpVkEauef5cwB4@hy|oXHm8s}`qe9Q=q^o@E`a{z
z-$;!@U$eL98ZB^Z#UDMtWWh#j_u)LhU$0@-8cAk%AxA$)8Ab(@(N40#F$AerJ%dD@
zc_I7STHqMz8`r-f!wL}AM`QDY44Bf39P|Id*_+2DmH++U^PQQ-nHFs~b1SW^+)_((
z!)eT%GPSZ&bD`YGJw;Juamp!kB{MZep>oX3h1^p?D;HcLHxv;pQBhG45D)>q>6+{J
zz2>?fkNdu_>-Il9aL)Oh^ZtC!=e$3!*Yo`}uzu}^_Fby2(vp?y=}1>db!Zj3t9$ob
zn_3XxE5$tkEOugyvBI9a0kjS6C;zN)e}Yyoj+lsJknW+VO-~5JlM6-D(c`SqW4ft5
zPd0V0D#!c5LfTL%TEn5A1cR{+f;8Mx(d}=2IfXnpF;^Fqt=@S#z$m(t74W<`CqXN$
zDp!`%rjU24hf$zx@Y!W_;F|+8Hbt}c6gRe?|GoYx{bLfG{}HR}@`UtMyL7Fx@aUle
zXBO3RTphjedeuapQ_*McySh}}kU&mh?Wo=gE^(8+0-qxr!cI%WHqw?C<#`o5!YI5v
zViInzr`VHZj98q$0=~wzp1F;26Z30EJt}HRQEXkdJyv^G@@}lZ>h9&);ta<>=gs@*
zkH$=n5sz6BCs56iFB_4UtC6uGyXTIbdvYXSqxr<q1>=_S9~Qq-3v#){TiKRSgLf~F
zf;QY6c~>s03}1pc^P^LmUn~FGG#(ZT%Lw(SCxDwP;O65#==qz(rEN*5P=qgSUc1O?
zs5ydx9dKy@Dzw`VU&OkuUuL?+Zl7H=UovS~D^$T_gCvK}D{MzAV7yOzLe4hRo8j}J
z=f}*6(wCj2g%HsJu;J^TYXh{S0aPM<Sk7U7j=r=o7d_c=OH#5Lj8&{3LNYeqfm}1(
zVPT9LP^v|^@n|}^4zuf4<BS`KCA0aNQ8ly<*YlFK^kj~S2+Q$r+Lv4o`rSAl_hEB$
zb<=5s&w9U{C-qUTr%=-4f<s84R!{7B{9SESXe>sl+9iCYQDh&2u1xabsnv+;EqM$u
zb*KxErnfiQS+T?W>ry5u>9SXinT=DS&#(o8m*I#_q2%{@A*uDa>tDgpn~gV&Izag4
zm&>Ynm45cX%7mMsw{w6UDOv%U)tdvB5ayktLGEH$%2avlu?t380OZ8$&memN61&g<
zM)t=)&EHhb-Ty<Zg<3v_ijU#~O1mhhHKl)A|G)sQLj_lJaekk>8ZCEk9&)@i3_Vbn
zYrRLJo`5LG+pK~4ddW=IFG|SN3dD4{(dqorF&EslYEO>I{&r7=Dtf|NoDA4TstI-k
zk5_3D^{H{@$(aj2s|vgDeYlA<>HD2JsyS^V-!V)?jPE`c$X>S-s5c_d_fLj`FNPJ@
ze?*&p_jA061-kj+qv5W7o#aZALTvY)*zMTXxaU`proHNJ@x-RTUL>vTSR0tsRP8XQ
zeWA=*+@IO{!HC--iNa1?dp~t>Q04li3_+ovgF*oZ$^u?)>?&Q%^OG;A+x^`1i^A#}
z)Gtu)Sx)owV*Ffi0rQ>4pMoFU53L=Pfu%3E{(l+NH+gm&#QT2(P~uHr$^KSKee>ad
zEjrfwx3ugJuVg<>M)3c5qxO9j4#2v|CDPS+h^dMjZg;h_M0}a+m#oE%ZM1K!YfGjG
zsdMyX;xmL=o+QlWnfBjDZB+i|H?2q$PH3~eDUr)UVg!ByU68}3Tm*;yA9JsjLhkgj
zywR&VKkf62H${TMh1t@|@f;m-?Qoxpyii(W?6ryji=zry#Op7$0g;HZFZ-n#1A!67
zU*v)g2LO7{?BBY_50wht+1}spG}lY_GE2r0Zyq!Zr%A5WiGQ<E{k$>E33HU3hQlzd
zkyi+`^?nwAp~-MnJNdZX-{%^ksW5M3w*^&gjRCG`O=qPFE4)S>5JQIkccPZV7Qm}|
zYY&Vmvl0aI_b9;CZ=@>4-=yN?-MbR~Z1*>~Cd=2GjNYVWvi<1$zZ4tLs(5A1JO6QN
z$iNBh+k)kVG$Akfr;Tj>*KD{?MT_h7K<R3`9(xZI_3J+`TTT;&8-jH<s!DpjIq$V<
z&90A>+y4x#pw)X#>HfFfhV!{^fa}r;Vd$)iq$lRO4cnCzYBIHr^D1d$hQ61X;{5@n
z$#kWV<u4ti_y3pzIsEfDZcnyB=$H+a{!Z*#%d3e6f)I_v>+|6Yxb;PdHl4k}+AH~I
zYwsNsORvk$9RSd$^!^!5B%&NCWvX(7Dnlg@mzPH8C4Z|P@39r0YHR0z9MTFu{6F6a
zbAI-p_s4ZdrxkwepW@B-|M^Bm6n><GN{1H|CjJE3bZo-ff?lc0WFhhEH$Cex5@+Xv
zQUDZ6lK)fBIt$rXL;{NAArAi#i`sp^mu>ccfEAg)R&N}@C$#MQtLejlL(nPit|vOp
zduvKQ5McYrEvnoXKL1Tzd0`*E#1(Kt0X^ck14`i!=xD>s?9%>9dhu-%Hg(LkyO;;l
zZ76$fCpR~DuuA;K7|`S_?}~}}XM=%gf}gEwr9kJ5>V#Ld*H$sOZTH66&h<6><i~4!
zpdd%1b#b8WkN@q!b62VX(t^hRSO?J|ZrM({DDmFT{cLKGPob)(%KE;IU;f*-gK!>^
z;9JAsc3f&HWKU<pr+L-HXzj!r&Q^KYCNpu1@8f?+eA~<&Q)3-AdK1uXf_)ONSF+6Y
zH|)jGm1ZBs^X_o(-($cZr3#z=#B<jSuPiHL3OK4|pE!2o$`XcHEWd9#Ff+`1=b?@K
zBT8F@P}}tn;p@ha&-|L|THHknU2aNUMC%t#yN9hQcBk^v!1S0wo5e!f%{n5Jg=}WP
z<4Dc_5SPZrC%kf{=wbVfdqUR&{^p2a?Dn!(X2x;rs{PzW?zN3y>4=S%#()0k{l6aI
zJ_2RdOT>RR@P8wsRzM~|E~~eGRtySc^>2uR|KA^lj$e{m$S$SBwBfYXwNCcx%CM`8
zb{)?>veBf?C3~z0@Qn+g71@oqh|?ZrX&3n-3v&Mrt`JrCc}{E*&)u!~s<!e?%(|Nd
z|0#)wE}m42!@a8hp&KE}ocdvw0qYh>&WdCHea1q^Km6!}TMtYr??2tC>QCF6zT`Ga
zGJH0<UVZOGYuLbg%$eK+VcPyy8N!;KHPTD!{yu`2XIOc=$&^f0T`2v@@Ia)4F}wW@
z7jPYR43_M0Lkowv;ClFpd$1)ari$ITf0p`}hcSPo2`6ZHzTBNj`qir?)6qY-v{Ol(
znX$A_;XbyW3#fJwd(kdvhZ|0U{M`2@|2lSxlz9qg^lHwBQaP_JS@3=}_M74o$1@a^
zg`XCk?;wj=Q>V0!Q&77JJVUZEe2-Rj4clO5$KsYqq(GfVU594ve9C+oAYrw>xdgu_
zZpf4p;8z#1*c86_EC=o(T!l#|Lz%4~^tbd><Lg3E<M5Z-=BWdbfaQeNctdi_k~iEr
zW)EQsUT~MU8`}fsGMB_N<+Bn?J#s(<wWTxkbKvvHKq<J&lc*bYD4DB?cF4R%IC%6?
zLZr1`hASsW!^^gzMjw@ey5XYIoN5&8z0O7C(NV<rrN#el3Q!&D|0ea7?9t7(uN9HM
zI;EwSuK(m-Pere(Nu0SqY<&3Q9sP3m{3LvEVrfShrZFCDyWiXln}fuq8Et*^{W+%J
zi39WpQSA!F$MkQ-X&4b+YQT<)ue^u9`?<yu=w;j0YO;T*AI{7hG2cupyq;bn?~|?C
zWO!<>`vM@Z#OM~+YrA}7$PelIR3~X`<&-$N(U$9u7N&Gx+HjHPY^=(JdZnsX?iyKP
z`n9#0j-#P9t|(Y_OPv|#Q9&^^ccMWa`Z0`unYGH0+<RV|<1vvVHfpL_V3LPL_?aAv
zE;q2i&UgY?7TmPY*gwZf<=lS-UT87nMXm)n+oD`J@LF3CdBr_)8Wf;bi_k`=_&5O%
z%sAI1GAq=GEI?XdpihGZFU^9wF|hf0jPaQ}euj7Pcw+kkM)20wc+2={W92zY`hZ;x
z>y#az`U#b^-LBDw%e$12wo!AeG6%Y`eO0HY>*jhO27Yjp-+t{>;urWJ;&bYFD?_I_
zy-7D7(cmX<ue%`272%zjp5)I{#Y<O%ShD!LsYS_PVz$7jz9ACHkXiN)L1KXJo=$KZ
z$kN30Erb!`723+xN7a~?6}S)|-_i>Xck21bOSe5X7<yO{uQrhib(1r~Odq>uFxB6r
z<40*s*pmqBXYA$f+gs#$-;JR$_L}GpP-pz9+As}rH@5S|NWZsMJzD>;=9R~`s`u|k
z2o0~tq<)`FvaAJ_rBbWUmaEi$)KFw#%v3qld1}Db4|s9}m{-qKd(#@#5GHtvw+OD>
z+utQVrW{q}BDlPZ?Z&^1ymBa^&!5Z92`jR%JVPg;l7s4o+4TY4B@yK|<eG*k>)h}V
z>ElAmDx*1Z9CRlywPY!qrRMX4Eyx_?xrphuvIL?hsR9XeCt?5h3P_UR+u+{Mc$UzQ
zZi7yF9I(-BeQ{vbG%|PJ#=y!m|Huc<_uuh7wbW;YLM72K?-^o7Vo(*!`I2{>@~I!F
z<`Wig8<#5VK{|rVBzhYM<7R5dQC_=B)<3-}lbl<qWcB!0Hj?ZO+h{C=o+)DRpenln
zqt}qQT0G%OjLFjX6`eE>=kVh1YBhRTfM^2)QPENZajwvd!5J?Bduyd#=E5q)GnZFQ
z0*7yd(Z!-+0q*=iBCnS4)gaQmwDaofoXNZwA*Ic561~>$U*s8e`V>A2BQY=vk*|II
zbo8)Q)%31?$L~};d~<yK9YE09Bh~Qs8aH-PN8q{>vkGt9RU58^?qycG%Jz;wBcdzd
zt-ZcfrCuB#UWZ#0AyPj6H6S~i;zh<%^k9W*Kt0$qs^xAJR2juH-I(-$_mSAlo(b=k
zo^7iTQ)=RtOgFNdg6TeE^)p@LpJe2kXU>*HZyRUe6R!KA1j8Q{4;R*s&h`4i$VEQ-
z!>Ias@uO31zbpy*&~%An$e7J|n<sz&xJuu))}{8-QU7pYR$zGK^cX;W>mv>A&8|rf
zZS!fv(LSr&?O&2lQGTJqPLfrBB-x#5?DxIst1jMPj1l}<nF?H?N&tC@-c@IF6xj8>
zW~~g5HU3i3=3rb2!tU93(|;G62U$d_`%{_twFGK$KgrjIVrer$l~bj!x0|PL7_65F
z?ADs*-zqW&;memRmiU&rbG^VRV>WY~H0>FX0jeYxcMtP=YK~Rgp0`zEbwBpqrkFK;
zfqpZ-@YOE^HD2GGIx=VRm;JUmC#TSWjU{JUy6i&qO#|DXmNQtNE0i5@j8*i)D0=E6
zXk$mCAiw({!z0r0_~h#Phzz}2*@P(eSVWLhV?)s@#~iYJxpK~`83cQE?+jv9_Lenb
ze2j#wFt0=p!?N|IKPChrLcEjlRm}sN&C+?|r?ZKV^LQXb8=t;r5UkMmK@G?dW}`k-
z02DC?rMCpt2bW@`u4;a}*TA0fKS@4|AXdq25M&1c$J?c*FnG$Lt>j&*+z&uNkUyvL
zF7lVv{Qv4Tnhfh1=eiRCf3EDX{0=YfPn9|zQ<Z*IIqUad54d)iqeq3_QYm^b=ev8z
zLAc2>?RyYM?cY65v5%lmt0Vl<$AU*w3|$7zdj&Yqwo$q$KK$<>QP9jjnCbn`KPtwm
z{~h}5T=mA!is!1rwUGcz$kJ+yFVaFP=wUxtfKYhO>Nkd2#L_6O63F$Ro6J*a9aLAo
zz2BYC5O?c-hQpiFNF&z2S=N>g)63&Ees$x|(rs17&T*b4fsEQ(86-)V*dYREr_Aa<
z0m-|dOy7$C>AT63LIgY%#As5yH~wK1GnL~<$G>9-g$)~jDcjL=m#EVAV#LC-VR=4R
zcruweKzB^K%!?e^T&Y0##bP^6jVMl;<3R|k7L7uep}Hj%J4-?ty)qb>(c~!#hM^L+
zK<aH})Nv}zr9Sp4*x`{4hESaz-6>k0n2ntZqvgqW)_L<;AxOZ423m#1t|Rf(JdIU1
zUy_UD5nj~ci4f^)-Zil|kS03<4l&x25I@CGRnMNEbjMn420St|tu1Nzz016`GDCJ^
zFK}if7^(en_HkVjRL3K6v|+hT*BUPW-Fa@NnkxTGx~wHn@0ac0IeX>a)V`KEang+N
zrI}SuI4f}KLiO1vpw10yk=5bP<ut+0xIo*s${h{M8N_kHwX1O#wc<81)-PxsqU1na
zUctlsON!KL)%+3zu&e5A6N1`>xI?O46z;qa)-d`#9`MG@m!-uMzcaroQ=dF4o|znv
z9D#M!(KW8eW9#crjtOPS4X{o*_-uT}J-`W*<>k*s$e%pL!5YU{_KFBN@MfEV()^dS
zkB9l^-YWS+t}^oMYxE*rUZolJtmN?>lnw#+3!DyHZRh=~iKw0qy9ysgOk=EJ{J^LS
zHe-2ETbY%(A%5)uMYXdbE;EOZf?>q+RkQjy	R}>yg&k2lY|et%~VxX{?bllKU}v
z+oO8GhECsd<1WG)t+n3Ax52l?SbDGn^pX7)?4O)am7%#lY5aKA1R;SR#}=@%Fx%+G
zwfph;2BA&{Q}DN}K7pC6=F@`d+RMzg?aX>@Y#8lb1a?p_MFR+fsDG86@Z}<`b*42$
zHJ4n-vBQ?y>@0CGJ4s{ni%}=2AQ|*-g*!>1YR-9dQx14pWKP6B0%TO=`MQZtZV+Tu
zb<navF{_Ia!^rF+V+`5F$9<!=I~rvQm3@&&<RJ@4R9yZ-97}Jtn*8vvg~9aZ{yqej
zy5@1DbjF1XOR<r*20d)?hpe`$Oi*ffPHA^H9l$EM9T{;Oy+oD1Kud!J5-Z4);}ZWw
z@bY;VI2N#XFWdE;%a8Qy*G4|%K-vOMT$H_2b<_hCG7oDJ^Lp+sxfnjJ2mc|vLpq-~
ze=mPDEiM#-3PXp^e$LspIh)+6S0b!`2|(`<?e0I|LvSgx^c-%-{w!uZ_ItDb6Lz1^
zgsg_Ex5!r~j;SVKjT1<SD=Q8C%&%gRv{!IMn$uhF9I;bnOrhLm+s-+AwisK}=F!yh
z{;|qF{e)*hh*D2hG1^_6NttgQ)Z3aRU(bHq$cOo~<Z4PTb6NiS=MnoNOZ&{q)4ES|
zMrY+<N^M~_urNXMgpN;)J~PY5v~l67ma%M4XWt=+<jmH}$l#MeNc2Z0ai(cJ$N##Q
z_#!V^lqD*~6r+U;9eVedO0bij%a)^a&kme{GT(PC7X_A5V)_%tgI2e5c397mYP-E=
zk{7&sZmyjT67j?AmsDa_Lt}xr-N&r0w3~4@<`8#nP@7R85imRxHI*KjfJgYAuOYU+
z-K5L`2CGSAfyPt;R!EJCes!Qpqmk`K6VX$MM~F4_QHyE4Y(c@t2wdK8bIKbYYX-gT
zJE(e<1Q<<ll5mr7C1IPnc40;M<_E``xTnQq;wWCM{7x7rPsMQNYIP^4tbo*xZ;ZTQ
zhqZY0syq_iR_h&F+EiLZjzyxO>Hv%p`5LVYf|&EO?S?d{Y461nn|96v*6xhJtU;FK
z?```xN+MUuB*~R;i&l9{gI_&F+Aof@xGp8XI#TIe^~Tjr<yP|nn7Ybu3W$tK3IPva
z?i`d7?fq1OY(3U>MxNWsC)eSEdb&Oy->~M64Kq1u?vy4wK-~|_{B*arQ|fgk6cSyx
ztZ%hXEigP=k4eEs*cp=B-mMY#bcq6Oc8AF4Yv=r1TGvkS^OwD7H)2f^%&kR%Ugsmk
zjbFr>{>JPI?&+_Rl?^fCoXtAJs0y=`WQq}z&0{rn5edMsG)*zgc+~{zHV+W8XP^c8
z4Sn&qXkn+C4pnw_OicTGVN@mSQM!xhj`GFD@Zgy<G?m{krGX7hIw;b^lu+|r@lC0x
zTvwY-NW+hVigH~0Cl4`pXcE)0X!#IEsb)ur4bJ*(qcERf!_adPA4W!OT!WO(q_>X!
z`HJ12teMXuFWfDq`hWH!#@0bs?X!TG7Q&HSE4%2hk`&FXrF}ZEIy-g&t^biHkeav}
zt3BLIwTWd?jks}#9}|zL@HKD7s*(Qmt8-d@8JOm>2r%F;PEuiZ*lojwh9X*RJ*)Pq
zdX#eCEvm)9F4|CQT(D0=eJ7E=?JB%h1q_DO;kO0eAOuv9_O!sa&zVqrwm><ng*sq#
zX1)&0iyNp{GXQn2F7E7Di?AmS5S>s*-x`~%Sy>!|4#sB5X^llcw&l$qoIO{<sT7Vh
z%p+2bE^*H{5PBP-L(!ib=iJm>QKj`)lfOA@l<q++2iCC~uwRQ?3&-ncTMH)b`D1@(
z8hu>()T0!_$-YAR3{**O9p7&{aM;<ylT#DSgtoRBoTRGOBn}t*ZZAtIJZyI|D|~`n
za;D`NEb_d`by#D3*=tq-)KibG#I2QiFEA8RbRQe@&3P7>ngvXiUB7KfNG42p2ilJm
zXp5I7W@cZ5Lx2qzW)2c+Rl+iR3!|3rVvq4hpKqIO!hpn2d9Txa(DJKZ95>MWzIiJM
zu<2MRT<d!CjvM3`)aUM>z`ij}uw_||#A`a2e|+|7#W1qF;Zf)i^DC!@)lPgV`N-BJ
zmY-UiSS6EDhgYI}r=q=SBi+b~frVV*4OV-VHZzbPM+9Yz>zS+21U&c=9rR>EXmZ|i
z88dF1UF457A@Iv+Mq~{#eJrT7G29X2{}}C;3o5#*_p$ex$9iGm?EJ@;nu!9tqLJoC
zn~5;h#M7E-OQ(##?+`T&lv!dOnu6CqS-+`GuNQlc-Wf4|OuW~y)#`#J>0{x8>=S%*
zn$)8w#}C_0LPkVgX*Gp~M=cuin<%mKSV_fh);o%q?+=$=vJ{h-UuN9p$%O~uRby|7
zA(*Ao*)^6rtm%oMzy3p9pid!+s?y}ZblChF>o)5!X4_ET9Tg`FfgjNC=lf~s0~QB5
z2M4N=#&TQLY1m)m22*D<0$e#5g5c!~k2cfxfAxRds@zer*~3e*X1ggF);I_sDj8W7
z4mGY^%-wSYO4V;Y^*Zz<6iyq~J{wq!!G@pkPx3(<$^BOH{t)^f9s(!it0W}M@p?n+
z+D2r@T)FzjG0V<Zvh$49>FJE(jIK<4V|W6`N-Ja0iz}Vv8Vwn0>v%SBANz!pUx9`Z
zK+&W5J#*;;(zBxbh}7fBrV{V^ToKP|-ps#i4*E<w(p(ieW-<g~mqTv{vd;`Mt^$wJ
z&N4KQx{yG<Q&8{D>#R@no2erA3zGA;k%ltbj+BV<Ws888W}_@$H=krM<_dDCA^9v;
zS>ViAAHS|$CusrbcK}Y*#G*Sdz;{tcr1I9Z!fVWu3`yWG0b4+{7yhT$x<w1JrBHE<
z)lSf1q7}b<{PbKE)k`asAb1`QFkS*&1&-2a?!wb@v{7~8&MY(DMN-a0j6w0_2x9R4
zVYX#jY)_H1I1IFxc1X)=|5ljs-l@7dfe$%{h`=xBQO0mtedFeO6JFwAv;`D!AzNcl
zE&x0-dAug)GQmZw9CkbGmWnNL!D9YZ_+xPc?*KNg5LM&TOKfMDm}h2$xDCjoySkty
zQ&fZMZs{@kO#4#<`<Tk+9SJ!Eb80p(4D`(L7iO^yv7SoEMZ8|MAg3j^7*X{6N#@?(
z+k5xZwW+hxnh3pb+$xO^7k9fzv4u~ch*p{dZXyCP6~8D$>La-h5nkEZ5Kguv?T+2?
zq|M}QpRTI(Qu@8a{SUKW7&mu6npD+fd~nVAogy<e_6N5-I4~DK(kdHYe7S5YO|=z<
zHahz<V33Ox#3M?~4w1P5bMP@-KYe2v;t(1(HB?oRH!z@8i=b{9<c|C7BqA|(zdc9&
z%QSMNygLU0W9(J0aJ>Y?)Xp|j8v9aLJ*EA9QI;B_8xPhlOFO6TV{0M?)mDzTIAQrI
zn8w2isAkQKy!oNkA*)5+m9dqIGuoU5gH?}S!JWwL#&cnHSmkvCQI8I%V3a<@zkN2;
zL4`Z)GG$G?qlWvHe8<k!PAN*mYkL5uHryR@xHtdjB2ZC78)r{~?0oAWY@bpfw+1)o
zw4v$0Ecm^lw^DxK7r)_-NK4mLnSm2oJ$hVXexR|!&!;OUO<<eqI5Nf@mY$?0M}!U2
zr59$7P;tFu-GYe#+&qw?1Y_g3PtOXXRv!k<)@Etc8o+il2S^VSPkNFKin}flA&=`t
zNeLBmP&rF9BEO#IU$Smv3Od_YKP5RzTbSJ<Fvq^G-i=!In5I#b6D+ljiAgpGyDHn@
zTAp=y9pZX(cWCo0{%Ux-({N{%fXQtBV1)QKQ*`e-hWuse`D)6=51Chtc45a=I*+Ic
zzK+V*4=p&E#$&=qL)~Hhh~2&?gA5442V~bo2UW6eho3c#FnXNg6K<?sijXgl%S>HI
z2m|qapu&ODXw#SwYDbkofV^{jwhrad*WX;`<&OwwV7$A}pv93LnfX402WgF=d09S`
zT#2-XCKxwoZ$7nfT&k_$mz$t<8(6A3b`4hIlN4J}bLOCLGj6<$)WWM4UOXp0YU>+E
z9Uc$N=eT5PY==J)mYFI@OfFrs_ZZe^%0qQ)ich6IEUB1^;juumm}CB)Q*iexU?Ltl
zVV7^v*0Ta>mf6kMj_ZN7Lta}xDMMa{sDK}7sM=0&9Ty2{&M?>k+YFRn>cC)Vp1N47
z^~7*{)V8t>OD1Vo)2x^7M@hl#U*xoRk*iSca+C4sjtmx|NVa!ME8BFc<8E;;13n8k
z9iL^|3hsaohQ{VCN_3-adh;Qm*pp;7ef^q7w${zf#i_r*`M^1PiF_g<k<%}*#rCXa
z(%rB-_EH@-Lr~aaS>db;8I_xZ8N*MkYE2&%pplE!1$xNA)}pSv#;T&O+NwP*0hPRB
zGSrsbcN~y2)s`!K)dv3rNQ)&UjRXM%8$i~*l;j@uT^wPRhv)r_2^Ias8|g+bBNr`y
zA+=hnd=&hofR~k}WO-eBBvX9~yY2K~y}@O#Yt~DZN&9K#hp#nvj;`B;$AtjY=(n;*
zEF}mUFW+k9LMxZN7oFg?ktu>CdrNiLrW)%E*_|`Z$<1ZZ2yf-sm^BNyjX42NaB<n`
zXv-0Yo1eDpH$t16FIE`U;Ke#|dAz&*MqPsuSS%!C*^7E~JM{ekJ<qmcApB|a#VVeE
zJfK;{o@$ibXkLq(`?LOI=0dLgWWp$-xpjBaE3aq6t;SM#sFm?6Shp~k@JOR9V5&)a
zLy;Q{qQ6a?wt;{{Llc+dhWk4DSj}mUp*OI{bCa~3B&k%-P&UHoKvS7R^>Ap7Y>viT
zf=cwU4iK@t*!x}pUA6W1I`3_>XK5{DIb*;j&+Y5vpS;08bBVPYRm>!Y6E)kW+=Mz{
zhTYZ#-Mk50v*}G3@T-n<|H-u62$4}g(0l20V#DizhtQh{4}QC(mP3#r3-mH_wJR;5
z!yZIl!LnC@u)4`91CDe1D^8Gs@)|CuT@?)q3OQB~!2Ys<={L0aN7vFgx?|>4sPjGZ
z4%8*mAzjoB!YBD#x{C`hN|2)H{290tW^J8F&$&;p`#MU?&0a7^yJ7L0mTe>N@1pCL
zgzQ&!CIEqkD50ed^fge$Tw-=xFuCOARomBLOO6Ck*7E@BKx@ThVCokIiYN#Y{9(rx
z<t*qO53Oc3v8R8J>Zh5VZFV--Z7_DsZBpyYt-8x;EP+lhP5sMjAS_}8r22B|o!udP
za=iGeL(zgRhpWxKZ1mn5P{ZE;m@}pq@A{j<?z8e6to<3bA>Sh1(pMb6$8)S6;`{Q(
zYW&pJp)93zq8W>DlCnosI!CU&*EaCUEb-R8w8%_Tu5Yz(^x8`xI}IBj9^cs0#3U_-
zV}bDoj3V#&W1R^rNl%DPePfEH9tGK^(HZcj!Dn{IU-}%$bpro7@4X45(N7Kq>puhy
z7B_k!=}-#=EB#nPsEWk?*ghv;b;b`es&mF~a@$#-o-J|2sgP>SJMsHEb{pj1wFv$v
zW}g48@25dtDv{U?1LcmJ-%LMXQsTSK#qiy0-*RCP>^)ACL0}@hx!k|KIqnZXuEGU$
zQY%qZm=Cgy3{_AUuAWt5Yyo_u(ccvKatbLJ4(CK%dkajgd8`d!z<B~E)`|YWIk^`X
zKCDzM`iWU<V??eBSHzavAI4?l0f2off{EBcSQ~^zpOL=++TpTFk7{u_&^H?zi%rSz
z^+7e(e<#jPP>dZ_GYOhwM{jYBpGh8Sw%xZrF9Lm5?j0Y7X#m$cW;|<y?OJP+g*Rdj
zV__Gqu_ThCU<%>;GcD~+Zg^_Skd8HHa~fzoNhxF)5^u3#d9jeG7sfRUen$1sy1qpg
z{OK)PsK?mEZD1if`4s3~-*J%RY@#syS-S)I?q&#jI4;<oqW8X*CfOc+x={&gHcz5c
zzDMW;HNy%F2gm<hs_jPE8`)^p%A+@bSZkw?ZB*<KuMHAHBI2NDT0xS24B3eNz^u{n
z33GiigXPFJVdzzAHn+<dBzI=$q7{lbMm$4lC<gsCZnNYTZs{kUA7-+^nyBKAxY@uZ
z0;IEPnq?tXo<)_;4qJ+o3TfRcLv8w?pxRa1`x$TKld+6mMyUJfa-m?SNsFGC`<DsB
z`9fy3sHw#oRfO_X#;v}Ms|jXxbN*vB^3>cB56$O>gGtpt+a^Nhxqa6}jB`y|Er8fU
z>4Udfg!PH&7o0@3qPYC!1w&>s@b+cQ4cnnv#u$;O8T&ZwEU_v98qO1t)g7=cW30~R
zD*+4w#Ig|aB7Bus!OmPCxf0-+c#^tdqvj)<c#oTzCSD{a+a%|W7j_#b)Jn^{8RWEX
zWJWqR5)Azph5ZzOJNnZrcYX=qUsSoO+57c;y|iS>gph>lyzzW0SX?VV4x(rDdFc21
zfYZa;1pXu9=lyUK)PUNIU{e&sB264M@4b~>J1s68Q<|MUJ3ylA&MC|>Hfu*%^f!I>
zGszv^M2a05W)LlTDgfthe54ARtGZ!OYZcD2(1ymnAr|^TwKH2GopGG(T^-TvsSMWA
znR@(dp;`2Z1?!!7;>_@}MgVFC{aLl#I+)NnKpo6<A`zPs0;yMJaSAKjR{ovQ0pBmX
z$9I1oBH7-v<Y~zsHXNHN=YNkyUz$7oFSh!9%wMyAgoU5|Il`uXJR%>o2SEl6*;#i$
zrV!X!+y0~1l$n&9dEqO^8am#dY1zERHEr$B2*!-2$&42KjouAzTuq+8R_OD4<%y=j
zZKEr5l~StjtI;v5xVIVYo%-N_%j6v*>f9V_)OZ_qB3{^Zlbkw{s4=!-WO-LCMEF=_
z1<LF?EYAeSp>h7Ey`!uToy5YdL!{b56`AH9DlUt6H526!fi}|5_X9tT6E{pe#gyu7
zJWL%t?#0Chu-`9gm~~jC1JEq`PWI)jmNVSV!wOiv{%-8Aagoy3?zyzUdT0{zqwQGO
zYGqHR?2Q!f(lo#~>R1n34IYeK!of-j(*oW1@qg{lm?H3_FkGsdoTA`@L=I^(z$W|7
zON32pt?4+RY9;32pyjM=M(FF&c|M?zkw9t~BiUAH=kdl}nfR_r5XQiMb}-)DYiUBD
zNu`>PntNvL7$s6wioJt}y`umICO1J<i-U78YgVhe+T2epFV?tcTp*$Rr_BcF@|o+>
zQAvz^;^^9eiH)H!K!mhFLP1T;c_JVFxUmPG9#mHwD2+9$XJri#`Ij+qQg4i!rc@?+
z&!)&|TwU()%Sb^>g%H3uKRF3qnMdesLZ@H^zJT)RfZ}=BG9(RHqU9CIo-7r6w3!3S
zCO?MXr#)aZ4r#vZey+!nzf+35{E3f0;$^d+T!ccY4otr&X%JdtJM++>s9ncpfq__<
zwLy~B2~pf4w87qICoDk$%PH<RB{wGm@eyD@siUTjdN{VRxTAEbNIO~eX^lf?WFc@a
zmoRB{j<yWEM{wPJa}3G|Ojj|yQ?ZIv2>Emc($@Q$t*+eVWz)wy?q`&B@=lnGrJsmn
zb|}A`iJfjA`!Kt{MS!m9^{`3J+rfZKp&cqcjnT@?$;<O+n@tpO><%LwI<qopXmh%r
z1BS)>fNDa+@DWGdUrBx`5l1s(TpxB{Yt59M6<4MSjmkBQP(%vCBkTs-S%zO4#7QbZ
zUc~Bi4aK-+GR@mlAJwOc3FvFQ@Qgc_kVX&oIk^HG281K?#~1kh43My??rlp-3Hho;
z#9R;_MLg4-IBV8-@@Azgs}~by-DqpfWco${JBv`2xGw*Z+U}Ex;<g%GgCrrs%Z@0e
z_7<e0y;E8F8&-+Wv%_<5&gM^+LDp<EmiSS;?)L*ks%EYb%nw)A__gn5)PAbt%&NR&
z<8|ZslYk)VRrT<m?NADQBHR>k!}2*+-EILt+=OG@vV%=|(%}6M&W5Kqy`b_#-nnN)
z%5P9O_zTtbQU~cdJ5Ff2t3Iqo!2(KmbxAyt{x7ei^JmnA<H~<vbtAufv~A31|HdcN
z=vPSv2j=#P;JGS~LYbY24`iycts~`Z%Q36<v&ru*VF^;++EBS5BWxBpXdyLfNPM!#
z7triF6Tc~v*O0Qel~q(%s~EovaoV_5q;9sp?lBYF+a>d6hlsTf%vl7n@veRN$wzP@
zI~*%a%A;jL&CTztfSPs=<TV*#iO=`?IH`ke$hZNvg7h%fza0Mi<iI-oCWuwpm;IX~
z(&slV6yye+ahzW;j|T-os2lN9Mc&uv3$;n*DY1GCu%7a0sbta_fquS3%|a}_C+!;k
zeoDET!MviZn&>F8B;7zB<iJ!dm}wU;3koOdDn6j@RAehhUQ=di%if-;W}HFMFd^PE
zLiy;V6=rrcN`4mAA_xjRT4yM!e(Dn&jO5h_z^vrEz8AP|gMhvOpHMKnmSKin>Q)wB
zmF%MJo8`v?4no`Zvey7_O$6Mw-QhUOD;w<Bu?deiweN(TP_6aSYqGVTC*Y$un_c^q
zMNv?X$1x-6O%Z-C{N6C>kJl-y@__JRcNzG+i>P?!uB}C2#*jrVsP@a)&z+@nj4L8o
z6WS;wJjH)$54-$#mX?w}Oas*&8Zs;uBO|%*T_y~ai(NjwamVB#C~&`7hiFlN!dsR9
z^>&NuA11eVR}k#uc05S(Q?6dLHg%=hrYq&$8+RWUP^<e+zjJjnzEGREtX|M~Cd+vC
z>mf?oU>#-~aW!HunkI|I1Ot2h7f{REvByJMh^)d^ps4+e0>Y@>xAuLxd}CS&oxv*c
zOnIk~`A-Bb=0~m5b3{!&*c#WdHrmt}yY(t=0eOzI15h~k+bJNe+-v8a!^Aj9X2E81
zeU`l7c<J6(#d-Nch@|@E%z{SB%+H?O_|2vA53GkxK2%pI?jk9eU_&*h-7?w^z2irJ
zz6QPny1=zgNjx@Lt80}2)3tllTGV;h;R|juy>NH(*ULvA35xyAJ1!E3iICmw4Aa)x
z@Gp*<QyU&cH?6!g#f+2M#Ru|R4>{IVQcDqd7C2E$Vwx?kc9tGthZhXHkp+@!X6^kj
zM=W;vvvc26mhHOr9e#0VV;yx$dsqIjMp>&D&8&B%`61HlRKEr6eB8xC78~Idp$t*m
zgg!t#IFOIGkZ0uYC~<A=Ib!#DU;fpwT*<y6krQkL*tR?Wg6Q6bW@j&h>_|TDyT^$E
zt-N8(K&?%he`!|i(LC8CAAg!lPR%T}p|CoM36BH!mi{u3Xv7lYnuE=;Z=0@?7NAAH
z;s$c3_h7Z@$%IH(^Un1gHRT4UZj;-fBlE?kizf3EVOi%#ll$$&h>a&dsa`1Tt~DuV
ze-S)+h-H7&4%nX8^QTSZvm%wH>1eChagJmlD_@9PGnSP>bcXIM4f8ut8#V5Tt43kX
z3w;cW60d<gIPc_Uif?VM7}N36Y>u9a2h#2OU312uRcgkteRdb5Z{ht3O3o~o++8$t
zTg3$aePg~|;ehR{wYZw4bBu%xp2OKW{>3*64U!9`Kg?&wIn34nj=QzevHckj3HN>0
zZInS~Pwe`s9umvJm?}u8>F$@#`?9{0FY54_;}$72t>kDAtfO@h$^L>Q_(>(nE#t;`
z(E7}o8zPsb8Qya*pT-i#TvX?hMW#A5DI9F8RG0BF{@J!&U-6pQ3=iwTh-cV*O$Bl$
z)GHuTKN144stJlNJuPnlPY^FJ-8B9Fg8FLcg(Ld8c4CKY)e0{Roma1qX#?TXQ4$Z5
z`@ucXixCp^9v&WwbhvJbTg08aG<hwo7dZ%b9LN%}uSmvj&xlJh=+@@$YD|wWZm5bJ
z*+G)Mr+#a<V!B(j&?*x33f>4UqY8uO;cQe(X8Yt1taegpdV&x-h;-PvrDWUK{aTSo
zwhf+v{!-u)qW!M$!`x0zc3@%F2yx{X&lv76;n}9_<)>|WrA}Yq^DRq|yUT|&l#zGH
zApWFw`mRXeQMS1kaOr@`^UifY3NY}5HEO}9NA>PlVi73Nm^rmNy^C-^HRfH-o@IU&
zxz;DdW~ijkTl$&UP-)!UV#9yzd&@Nsq{}c4P4_wD8b%Va7<$Oofh~G8+TkBTL37C;
zlcCE7sxr7XPSacKR#0_A>%lDE?{ikZRK@u8yFdU;QiV3R?Us0Y%w(htf9S1R9E;)L
z?at4QO!?+5akaF|U8(JBzfxR<JNVbL#cykBwD!<0BQ@t;&m-#)tRiP8q0ls0foF7~
z_(RNnY%Y-oRwo+|_c7oBg3|O@%|P7M+=>(H@dQMe0BqN4%Z*+av|{^xBw$Mpe9mOU
zXD8W9+RqG($9g~lR6w6djX(OQ2?q0f>Ll#t?&fut65L=rSZMpC8&<~4U$U3Gh*n)l
zYl73(?d4~GHU-QTj~`9^vr%=V?6%5uZNKozTTrt!&84Odp3pXQH4E|7SNAQjBT?e6
zn~vRYZY&7f%nYd^j#V8}N*WJrYtViWCg-(!cCEVHx;j%|Z!W$tHN#WfWU_udp$^W@
zcE-WJ-C?UU9!(c_9yuWYGV{m6{vTseI?TJ*v`db>h_Iz5{a9h_EqYNl_w*Xgr&WtG
z%lbjR4)UD{zQ1xx*%cYJQYkfJcu8*(YfpotK$2{a)7qoCn^rBo4@(&KHnQ24-dfYw
z#^p8c!{GG#)8Toe;dP3lQuIPPbIWM8s>i4k8OJjNjQQKUxcFtM`Jbqi1b5eJw$vr+
zQrS^xrD8-Nk~7tFhuwaj0>*4>mn~3HvJ#p4!oIHN?#7MZHL64JnjgD^IVjx+03Nhw
zoQIT}R}_uk2yV`g%Cjd>;p4X^1SLHxm0m-h^4OI!Mp>|C1$o3HGnwy|=9;l!rIk$(
z-eTF&<Bm{5gDfYHuRDml-^Kj}3g4(#yzI^U7rP`muWvsB6t;Zm3whlCv>cY8VqzIH
zr+)_np|@Z{oc+(b?$;FG#hVma2=mpm=P0a63*^1C)K^K>!;;SQd;&qv77V6vo;Ba3
z4XwUm*W%JEbU+7nJD)h7TUsi536A%3AFc1E@F!#^?cwGF4;8>sJu6^u96&Xi-Rwcf
zqx`9kGRyJj$2ZjF2d@bkqUdU)^H813)76!ROs17nTHLc_x>C3?$bEEd?WDM=#kISk
zVWXRM1G3j?7Ny}-<VZ?p3#wVQS8<%Y+m%$-`><4@y8q<@an{ohFx3k`U~OF?QwRPv
z`F*X$Zt{Irg|v1CKUM|KvL43w_^dp~rDbU~CSb8lv+w?(ol6z+e^8{I)RR8BDc<Jn
z?%8D>d2}ynMkio>fs~;Tc?B|({RrcCg`ctK7n)qZ)xfk-VBjM6Z*~1v5*3pgy}2q%
zPou}Rdc@hS2$mOd+qm|Ml7Y}bTIK$Zz3god&MrQhBI#jUg00tX#Qm}T-`<$Ni;aF0
zGyUI7w~3GR+J5{0cYh@R;ivfpbH3?s^T^6h1q@~~`?&Z&Hh!n|eQN9<u-&tN7jXPw
zuc*a+&-K;h-?^appN~`iA1pDKB`ev(=(@k^baV?<`QM~Y!BjSC*k3|kbuCp0Seh)w
zES(n2Q}@X18mvOOeK-7P7UtYD*xyH0`PVnU%pr$xqY3QQYRoo2`lYDJF;zrN3#_DT
zU|n9H<yz}f8K^yC@}EWU;)A|r9<FIn{7hAooA2555>kcN-sOHz*vol+sP$QnPsn8q
z?bZ8v)6I|f_cG~}>K6@6-Sy<XAK!~gh6TI-*&yr#*~Q4nJLhZ-DM_yR$*!*y<mMOd
zom|@$hkFgxoUCw5d*Yo9mue#zou#Cs`p-*)jJ@{N67FDq{JdUgf>9l9-G(J|CF8DE
zuxuMx!fbBw7HNKGg2eoz-dyqlmGz7Vzg*?~?GCZ|Q6XH(-23X>F7^HFSvR5YV-A8K
zOP$fSdb1xs<kQOVo$zMO>o0e57<FwED&IfD)fg!yp1Sw1|F(l)B>`TI#huOi0m-f}
zush{F>r1rnGuAWyc=MtW+wFR)GoF_sKVrKGi~nbXahGMp;mrMP|Cfn-uy40Dd*C|x
zml~Ip+@Gn^_B(7m5_&2s_cGG{v)UrY;@iTBYFWvzwjLF(Ti3vrzI(CvPf*x`1uc&H
z_bK3*Ua&jNP@H)}igo|u_>ZUpYD%SJvns_xKc7wCxJbfEm_tc~!nuI_54v_!Jj6M1
zODn>V(P&P@sk8zj<q#Fxq84k-^dEsLw=|L0*{%g>k%~7y{F}4AU(u;tegty05|tDi
zkUt!%2PYD3|M|0g6XXueZ}PIo(SIAiz8qHI<KOH3^Xh%~|Joz|j?4dLniTaxDGpoY
zQrcLmy1+{tTliXvEd<;Hn|~{M_?onXXp3VUyZ;~2FaCvv=~E!DcRO(X>`!kn4pn>4
z(mlU%wHLl6Mis>mS(i7luu|_&NpsYPlTVE-F12d&c1`ZZw|*#)0oE-ExIS(Pc1p@(
ze`>N*!1f)#5EQt1%?5&^erI|(dCx4rk}qgI2a`wTB|cFyrsyilzx6qoEv_j_F~-7Z
zUc;(xgQNAi`uFX?<<i-DBiv=|JfXMcPkQ3MP*_=}aUts7!a*sDXvPmt>zn{}{!~;v
zU_`Sh?w~gc;Mc$*@5GlkgQhfXT3{gXa8HACULa;m=m1m=0qGyx^OMiy#(hjDWxSC{
zPVQXCT?xo(HF5O9m$$;=dbgYheX;tH#axkVvA!fR1gP$vk*q}Pi0}|e8Lispxuk!t
zq+4Zn3(k(IY0@Ai{Iu6cc#B&Lj!v`zDhao8euIhpunm$yYU+BG>!=s|>eSfjwg6id
zEV1|*qIld{5b;}2<2=6Qc_BMgyb;m8Cr(+JT{v3>Gz-IMB_evZvjks!4lKm}I@T56
zu-eKNm|UB~k>p?Fo6m}JmwNq+6MKE>5#Z9I97k2WcpHa0xwzp;Tz~E-H+eGindIy9
zz|sSxaorZUyoY3)r<A>Hv|zxl9YznRoM@VrjBq4J6Ju{8yEkg`{s4F{?~F_~e{NTm
zf4F9S;%>$QEloj(PYbb{@_j3Lcyqe36NHa3)?u5kFZ^6CXb^cm1B-j?RR!QDvfrEW
zzgsyZXylfWd0H(XFo+w7k<@ou(9O}q4%}`0?)hsXPSY3cwwlBmH;SaN$1;8u9zW^J
znN)#37r$kG)Z8_@jDY^`$@)rm*o!i|$7}M0toHM+FgKvBp^E&^-1(Z<{A8O|(Ach-
z<)}&9!+>GSgx6ubuLQ(vvR?v*EPqn$0Bm!NX~1ys!M(Q9IkzHrK3;0WhECPKKh!Wq
zmx{Zl4ucpcHo}_6^H?I`d{RpzaaB}f8zIAwsV3%O&iyrpsY*SJQB-9Lgaa--04H8S
zDNMCY%Lc$Iq?3h2ZJU1e85T<T#vdwt)=d3z;9o<_D~FAq300!htoUiKBL}}mD_vMZ
z$S*FIgNFqz?rGbsxy+e^SZZuiTmSoc9dh5fli^2cn&xU=Yg1Z_!Y!ZYw4qtzZViHw
zg3|q#ac!-hGNz<DF*A@KF;L~#t{04#4Ei*;Jd+R>;_KoUBwD3tzP;$<%u^q!!OF$Y
zd8~5ti7@bO|8CuU)tTyfqv}&&bYeZ7t)WGp?Euw8K+S0k=S=3W7-2mF%TRJ~B#dF&
z<nOEdq#s!Eqw*v?j(jd}Tf5{qI3|sSs!1SudWMr0T?PRIg6QFdqczKf9UIqS7HX!B
zUA;}Yxw65TdBIG8Iyx`CTGRjfTv&K?=9Wa10#2yC?&}f}VWa{#<9W`0wbE*e3~~ID
zeMmJIK!U!W2s4f=jfXW*C@K=I*-CXc7>;>3-6WXldow>YcA=G1DY-~7Mwl1+z+A&j
z)cLh{{6`+k%vKG_WN%#k((l@Iy$vUapaLMg5ThrJi3s%UVx|7T^1t-N(UZ}D?Ee95
z?u=~lIL|YY?rQ<wRim|b+L`MKp=th;I};7LmrA`vks)r>Tik9Vx@v~?1hO(5!s#K6
zKfh}WBh@#-n#R@-`s2|Nv?g`R&qs5gwhu8T5ryIdzS1CAi%lJ5Z_#C=8Oem61BddP
z?GKh9T~j~XZ`f<6g2N|dAG26<_m<q0-?~maMI|3%Ther&qn~=MK0S}*-CC->ST<;^
zqsFcM8hv%GiFP;?v2jYzcJ-t6*k*`bV%98+bH!B(5x)~%2)zt!(5-LCQ{0<YZ_}Y(
z2PWb=hV68tE5OcnbN=W)$?f8a38UG`^dblMZ0*#XrFt@c-~oHv^r>sB>Tr{pEYy9`
z9UJq3J6J&yW*auew+CpL%cPDZY%vh@R}Lfudn(8=6gzi_h8hl#DR{B=a+y2z+*$aR
z{ntYMt&Mx2ddsE-kMq#8C{|cio%z(_)0k0+wRSKRTJ*Gt$Zw5RQ8R0rkw+_2#A>Bp
zJp^;D{>bf;O1MwBww#hxy<!m10Rj2H1A_Fls27CZW?AK9eaxmRhU2W{Y}@<+N%TqJ
z>}@t$8q=Q^Ym*8<084=kn#7G8%748Ml*HM!LKKES;4K3p8~9k}FTG$F%%9BnJ!ccM
z)I|{b^3O_~0v^j|?0CX=$l2^2)rg4p?)may($Vv%dj_;f@}&x}<qt>mdYKq~WLTZQ
z!2b*Pj;|I@Qde09E7LFp*K?5E*QKK{YZd3Npip$Ayn5GKNISjBAB)Nx4HUR~sbe0#
zF<vw#TUgg>l|6)dgjY%Qohcbjr)ez=UC#zF&PH6_fIw8*V3)tnVo({iLW^$+k*9qc
z26^}gM_yZMxOUuwR_-1?CdmCmN0)F|Kk``d4^MwKI_Rmb*?o_Dj;yFov~z!{d&{pe
z;LtRDfcrsHE2s}&(6b(#?(Zcicyq?mo^iKjf~n(G&^;9m_6Us~pG&cYGIX^5<scqS
zO9ANKATHL{<NVrA6DW#8a_6B9!qK(L<-)==g`m?DB2FRbUDyordh1Gw>zx3hH9YrV
z1{M>CpD~<TWVh-g(B)`S%5kj;%AnpYRfT>sKO;lfCIV@**ZU4;i;WVK5Bz)v2ya6<
zA~`er5D%<NB-d%?9l!1w&!21EyZQbMU8%RRi!$Bzkz{{&O3c#teCetuw`5FU4qfot
z9C7bdYR8<(G*`~h<sEOxeI4@@dOwqzd(zkrQn@hb7aaCW^h@H6f%1O1ci2r<?AN5<
zH%zsXGCz7oAanNj+(a-`Bux<s@(vbeT1>^iLW^ndB16#;>_THUtC{MNVqoizDUVMn
z8sH3wUo}qh0*i80J5T*KH?WG$3RKrVZhPicY0ox`IXF}B;tJe5I(Ra)*78YSa8o{!
zb}J{X9w&90t;+QjRKVxIh=UVin`)3+D)|=c1~eer(%Mrc5p&WL_vVIXU}f5UN@rIM
zKzm6avI9B<XU}=sI>{~#N8d2W(O5P!G$Re_Fgf-0=T@4o!)b6Mc40=6;ctVstJ1^I
zGU{<_ji*zE`esM+nod8M*^xbc;&{sY1&j*8?ynuN+v|76L_N%&Eq^HwP*m$yt~__T
zc>wX&So_X197UU-$jcb>`kd@Mlir5%X7!7nFKJhrAlj`EyRIYL*vPBMgOpp^iyFC8
zh)`pzJ2uDeV$~DRi{7>#w>u4JXn&qfm!|G8H$R7+A1W9#bAwy2`Kh6PjWkPK#bI#F
zER%0R;giX**Rr5@5q3DW;4gEhO!TAxUMrn)dy>_&Q@cKSjJ8(MpS^#PDbwF>@<!mq
zj@n;Cc246AzHQ&xIBr}J))H()4yj#tiT+3{z&7q*uq~F>ooP$VObKl-#J34cPp#Yi
zwsdeT;_=d9(8*gCW*|GQg5Bu1_PJ^_Q(M|rgi_cVo`l5GY;q!}y>EpTTe-bWR70I}
zWGU9!p}t))RXG|F<i0f<Q7l5}=4+i6Wlu~voA?_ZbObg}v$Q*EcS${L2$@ZEu~-H}
z!{nZ#Axm8p4NkWUj0N1Bk>4OCn|731gN7yg(vT-5f~bBur+Cdf4EfnAl8JB@yZ1cA
zV<}Pj_70B0Ug>rJS94z;msIxt-%Ou!%1PU;T$omEOc^tG#VIRmO3gNRDA#f=aYv+b
z%3R4DB~xM4(oB@p+(jyLU#Kj=4NO#25JW%(1b#T$=R5P;zkmE*zwiC;-gECc&w0*s
zpL6bW-{<{kM3?(?(lcpH@F56a78Asdj4qb&%||ZxQ6{~8#&`<LvdHaC3*G7Z<K?D5
zH1c@&JE@rk@?DXd+ip%ceU~W@Al&R8w!mO>GD;+hy@NfE+{G78cUl}+yyO_xAB6s6
z;mw(MsR`Pzj3l0xXXtm`f9cpI>{NQ=4idj}MBTHr9!CUlHdeGs^vs{FD^A|0SOu)d
zS7XmWjGCb(Pop}9mn?{-vCfYAb#`bo)g8}~X&&$WV~KuM$p~Lmk8u8}Rm;=0++8`E
z<fGMj@zlNq7^uQnIfhWJnntNE%dAhX@}*xQo#yJm?}A-X*KxnkpG))j@VYl5<axlO
zLeTnwEX(4KPoT<(zK3B`(yAyv+>Q3WePF$=Hgdw!5q6T{NW`S1KGcHZyFn4LmPn)E
z<NCHxs{&4J8f94edLMIiKFptdXTfHCn{J2?d1v=28X8hWH`9{H9)@kslBh(s-Ka{v
zy_+^ZQB~&pig1WY8Q%nh{dRsH9F8%lvBz|!D>9{1_)9ug=OKxSi#I+5RM|})uHV}I
ztJ16*y>N4dh$7lGEqgj~p9K(voD^P2Loy9{4TQlc8f|jew0Qv`L_IDPQp1wRPm1W_
zv!Rjjj9tVO^#Cq1wn$Q=agm-BDD-UFJb>Ee-EJ_ootAlf0&vi;r?``v+9CS^?prXd
z{85ZP*K}2qqrh5Iyn)|+>hx0auz&pd{5?*F@D}QGD@((3H*KpPb3}*)=5YVC2j<4U
zQ5mE!q%CyHN+gu1%bI+#RimMW+DRW@4EeZ_=&hK{X@Ax>um;`bO}&wzBcN%}9}Ev*
zh1GO@Q<zf}ZPpU!=UL-a<27HPz?omSWQ;65P8+ua2JSDVe3piIUHTA#YHtsXYPxh4
zlu<oG-h`*s)n3o`iz}<?BnA;BOM$4Gme!WsV*f&6JhAYob<NpsU0CGEK7gAQ-h-E0
zUFjPI8HmHdTDtZ9B0X&viq(0t&IX6RH+`a4&X`T(@XPw%1ATGUw%0k&?(B8YYh>;q
zwKJoBG{rC$b?}veDEcM5J9rZ)i+jKK9ubv#A7{aP!e-9K{yDA)ds-0r!uPg@Bm3k?
zSt8MQyt@Q(e?pWf+zg*Dj>|t^q1SmXw721`miGuBPG*0)<726MVd)V#pdfe9EGJvT
zmZJ;k9;*sYNEwp8)^yR<>u)VgVG2CJLR6P+Sz(sZ_^3|fqF+zme8T6Z5iO2Va=PY3
z?zDvs=?~M$WI#i&DDb(lRksVy7}9!CT&m&)wqFQ7xd6*Wdx3j(nk`~Y4*SM^ktzZK
z#p^*PXMfo6${xLS?$brWZ#|Az&#SyTTa)lBb0o*UCt~rLNXDJp9zA3U{blWZU2w))
z6SEtx7#0AUFT5&ySL|xd${E~@tZctghze>ym+Kx-$y{e$;~5!NXGeQvQjjdb4Ol<E
zk~5`e5D4OP1EJMO#=oMEx!(&QY-)CF@bfr?ddVd|b6~t8+RkQt@@3SRAXHop5x3!?
zZH>V&Gc5e)qo-;t0NXILnBJejB|!~Gc!8fAbBm4389S4ZjcgJlqFfN|y5HE}qp7zS
zQcn}vb~M;6EO0xa0p~&+0i}fDrG2GS7yvAK?WsO<<1K^Ql~k%<9LKkil>zVrlvusS
zz3#0SMPYSfdIb@Fz-b+V6Kxh3mzO(hic}|Qmj&^Z8lRbAvWuX8JCHA{ZYmy5>pe%$
z7);62Z&yOB>z$dI%r>k{3n2wPR#=ELrpq#$CfE~hVs6VF<j)1{SC0izmTF`r&@c6K
zimXsX(uZ10>$@x+azK+`vtC@dad-3a-1*^#gtT_jpv;0n->m1LWJU5b{Cp0x1tll>
z?Hihz=6&j_^#d9vx(GcI-TJbz$$bY8;yNA0+4%TH$}m%!?l5V5mKS4ck<e^#X!gAK
zKz{i<aqJJSCes`S$hFj~*z>UXs%9IksG|a&)FJy_Fkq@RO%^_cQmFft{Z(vv)r7;O
z5Y5adUl*$%@}C@#WfTC<uZiNMtA)uQF!FcPj;+aktJj=GJ@C>r6rM{Eq5_7wYaBMT
zip!w;TVwd!s$-8+->GihUi)I(8q0%hZ5nc}D9uw-{~#eEDD|CHQLfJ=ED)4^Pk6tb
zK>rTCHA&#cxC(MXHW!6v#BdKW4p)Sj!uK1`1<yCDF>_&cdqi$O)HuGd-joZwW46E)
zH0KFR5B#4QtN#-qx4+$r{8faUqoKji+JWHW1Wa70_)Tv%PZ3(ti-rn6PTMXAd=6PP
z!*=vGsv-}okN&VsRw4c++Np2AuNVbrqpw*r5srj;c9qsnYX!~jUMy*jJY3d9+{nN?
zjPDvtX4pnMP+j9fWOq2}qdPwsG&7`6*_O*uo{=M@+2{Mp+>d-5hIxX22Ta-7WQfFc
zsx~lC?~pI?Q-epVFLOW5NuN{}RDt%W`veK>uD|{?reYJnYZmJs+HezKxpT0#*_uNT
zo;Ws{{rZON0@gOfITj-<C52}z+d2>Vj=@iBv;cndZq%Ae!BPaB?<QSTaxBBRB(G9u
zt2M$@TP{9`LA@_yg~%)(x41$4GYm(@aZpEwLl}93l>%~Gjd`h3WfiPc5d^=w5SpL+
zmgIg!<paqLQZI=P*hfe?6@9Rwxn2T@=Zc=1Rn=)f;03@<g=Yg%UjlBkbzx@ie05=-
zB(NR$g?ffK961GoX<%{Z4C4~n4@*7i1MsP_BX**Ix=V-Pm)^6X>|lpRTc|q6rvEcY
zjp@;81{!zhq>sS9jMHt<z2}}x9N%YZogf^s$eFIMZ-Fu+kY1lixDETi7z4aAZ1AZy
zoiPNz&B!Ux*@a8X<Qm_1CQM?x-2tC<>QJ{515F58=n>@!9kZ{1Po&>SJVmI-;mds^
z{Ae;lyjM4&fAEE5X(?tdv`Ol0BTmkf73iz6me!dxQ~b7D^)7h}<68qxr+HnA=j#$!
z%q^n0gc~9KjL@h(h4_ly%0tGIiRkP|%PgY>w?1l%iSRiZ0At$%wE9~m1j<+9P>&+{
zgIopmzJ=j}S4K{D%{~2dB6=VL#BCkX<)U(ON~CS4t+Gf|k*WPsPLM8)Vp4de&nR@x
z^Q2Qi>D$G_9qSkf*iNC&JoNwqz(sWgM|(?0ZqyvBH)j+yYhI3>rP#;jIe2>biMJ2n
zY1Scd1q%3I4LEp_<dAoxcvz4JeK4%No7ENba<MMTJ#$nh8D$3v&LsvB_e(63oHSZC
zcnUw(qp^`l2sM(IPi~|thvSk3ecQ9?yK@A(?&vfx#l9QKj8<f;KDdaN&lAqYs`~Nf
z1KGI=8l}_qDlg{2T8X!B0e2KAAVdv|N0O8k8~oG%EIx2p&E_Tp@MP<Us>idNuaw`^
ztB)<ntnXHy_~r4dWSd61;WUaNnj`rFABJ|+80`aE-m*ZYa+1ei#J{9P4G3CE+)5YG
zYg|7xh)K5vo4!^AI(dcFUJ&k;5JBiu_sh}nnraVwSNTAzvDov2i{u&j#px`za#*t0
zfjak&fZ5^4A*axNRwJGR%7BnwOafaq#{}dD$6!l=M@tl8*19&kZehjc`N|Rcu$G!!
zv3@HSq{MD+d-a$R5@9R4E^!U4hWN!iXy~DISDpXp6Y$%@Bd9r0wOij{i%Y!SQEQHq
zC(Z{S<>6)a-e?P}3|<aDMj4&-eZZUK^$h)iCPTAw=CeDpq@ir`B;9@dSQz*!0-xjq
z3)J6k=GF9?Gg-0I#UmkF=5w-~6tJ_<Qu{-<u)2P**c=p;mMp5Y-Ztw2$A)iWC{Wx>
zaXEQLK>qOQn(kCR_|?!>)+Kmhcn|cw!#Myymj%~X4ZYOxu<3w_;?vCovQ%v}QP|;E
zM4TR6m}^FsfJo5=!oiO)o>NZ9E*=;|_GnzVP_e1Khx&yOE_+c+3jgdToSnf>__|~a
z{pt5Q;Q~LGVEgzsg2aE43=2C{5WP_|;O43J8>ur;v%1ckAT7R5fQcla={yu<5o1iI
zkC9sk?;az}+&*A(s@<UI9!tGFp9p~G2HB@7Xf|H|9=M?i6}DHf*#X!gxvr0kxh*^p
znwTX(d+hSN2&}n!VZ2E7eHwAFwenz{78&K6ahU$~E>G$C;(%5Y)la|Rn){NAcjEA*
z?rvbiZbW1C)yY7h1y!J>x^#z^&+Qz)D44f_8zYL__f_>xi@#LoEM=ENAqt8PyqyhX
z#EtRxSi)L7f9VFU!M6l@u>BI_TIGcOtWipB^DwqA9m__IwQD3`tBAb@sshTWmnN;}
zcuqoiFy;X*#B12k)LQ>gwENSp<DC9B|G=M;@ckCA%ksxwO?X%Be>^K0kN#rBEQ3Fq
zf&o3Zi3c!djd8qm7H46&Eu4@X{Vbq(a(X#*L@ufkT^1e4Dh(G_c2kaka`Hs=*e`MZ
zl?}n&&LPgQ(*@3{F=EOf+yk<Z{@TAbDVoRlU~C<OxjEUuo(BFddy2-K32vQmx<1^`
zc4|w`tB5-le6!_A_BKUkJ&-Ze&GISoiV8|J+kfNjj4!mZfGpv?D$HqZADo!E$iX))
z(C3@l%_?<Yhd-FAd{PR(J|S*;8J+IRjrMjzc9v7!RE*p*Ei)lCMi^s{LDw8*J>i(J
zn?wkL+%$BHfgG0{(J+iCl@>TpHDhZ(1w}tNX&q#HN~He@-ZK7Tf&$mv);jX4#}=TT
z|NeTiT{W@or6Q$H(1UBIzl+`2mCrsqrV6#@Kkro;u<B4c$GNg#3{+9ZOssv4@4Q8y
zIq}Hm>1>YH3#%O1HZyKMCn2Q2RO`)AC+`UOYpN*v1*$so*YTWis)_^oHWLams5uN!
z1o*j}24C2WCHGXi3EQd-*LmAKrV`u*Oa~u_P=U4Cn@+G=3Ygl3@}qYl`~5+zp-Dlh
zXqVVOLhJLBB<@byHH^VRjSC)0(dbQ-s<*#3Mi}R^Pjke>*bVSOvFiJ>Et7=Qx37f1
zruz7|DJg|Ur6AFSu66f?(1Xm8Ns9p(!<VA#4!{Xwln47hs-Vc>Slq|?(*rJw|7&~I
z1_vMGK6#&KX2EMxs(%WdG&3G77MlzVrcEu?HRqZPvPU%@)DL&od?_MF%O@DYeS0<4
z4*`Oje4DwVFHa;`N6E$8mdS1vuu0S#q}IpY?wydF<}<ZvHA51M!dcwyBkP7O(FTQD
z<^*y~H$4;BRTpf&pcnGMII;W9pF?LVPQ`6HHAL~Egu3%*K*(ADxWuvR;s>zzqGN`<
zktYxj9N)6twfkpYBh}My_FUP(4WT~0#=&%}!-VZeAB&v0plCL{U?>n!5&607!dP_%
zU10emRAsz7Nr$b;$g!bY*+1_kFLQ|Rby@g6R*!$zfyjINDdwhC_ugE<lwqREBer52
zPJKrW_a!Foct-otkeF-Ibvp+JByEbMULS+h9V8RDW1Z*%n~_HRnLxeIH#zq<=fPz?
z`kofSta*?l(FdUyQ07o&J)531sCKiQwZA4y+J<Mu@tY$THFo4l*9D2Ys6n`<5Pz<g
zA;5L_N6JNpKlyU`P14RhU>s8Bc_cIp#E<=KFfyt5N7V5f5sy@os!~``T|+MY6~^-+
zj_SsDr5H>^SsJSsTB`GFn5l?)v2iVnAkuyuB))8^KprBpOW~UDYlTX2S79RPKp#GL
zT1TD$)nJuDDdOQFAG!&3OKZqL@PPJEt{7b0XiUuDW)rtk9fq3D;6BCtm`8M~pz4H9
zdL2LVFHP-2=s^F>jQE7Q=FilxQTvJg5|^BA963sT(p;a2CtGwBN@a=I(=~o$JpX{;
z<7fw;;D@PqS=aNDVWgqz280F7mx%SNMmYGX0dHEVwJ#Y)GA?qifRz<lJ*+Fc6=->T
zR@(_3^WUSV#Em2A9zLlloEfWbyOthBR;Ce*Pi@_4;}H0%qGKFhwjLgsPfTMwO$|S4
zKV9BuQvpGn;FSg(-DjFy&Q~w}Lez~$3lZZ9yoY1KZCA~GVEB+~`-~@-6)~OOh!?Jq
z?Qe>YtDu98Z(`A<&#ZE$Jp1DYxdTyWKG&t|CF~VAAPU&3$sODTH^HWugZ#LoXnssO
z_17-mlB8fBmJx2ZAe_IYoUWo-VP!t-5^<w&v%BjhfD>kVDTPIS!OO@K1&oX#S!-c?
zr}6Z2!9kISB(BpD2av;ymPok%_V;NEFj^sPEn!cRonuczRJ2<qyOm@a>0697TzGBz
z(yW9)air6|gS_U4C8pQu;qQGLo41I;?E%;RsGi=(%!Q<C?&U=t>8$u+zN7tFI{XHY
zHgkpFK|gMp;xJD=UTXZu@UEfFn4ik;7j=*4`dW=uUFYrFGEnKbFnzR*GPAg;vNtw5
zcj0Vvx=7TViLbTX<I_HWQ9bnfPFzRihHU|M>DCLJiJLSUQJq}>WV$JP%lLdsu3J1}
zkJ0*~kaTS@@Oc1L`^Ie*+Xf;$>n8KW(7D|Cr<QD?$NT1e3!7jYZ7g3OsSeR3o9z)D
zk(3C6YEnWMb_X4ebDQyq#rG*QYz_h|b$gJz<Ac!=hfZ6y#gZ7>AKWmr*C3iW!3g<>
zg^n9m8yhQ4;4$nFuj8?T-P7<B$H*142ccx+B<hfsONj0eC36ejSE7dSi7v32YWz*B
zwjmXk=a98!V(4pB`)vyA2Y#@EjUh+xqZ{pRi@}A*3!mN_vJT~ttEPUjI^y>gs3MGQ
z_mgdYs%8-4^jL7nWBpK6O!L4m?uXJ-6<icxW}bd&gHv<eC-qK6cCG1&pMH#U^j0Jn
z+2B(;(AX!a?4lM_kv|TVm4MDL8<6Au<&%byW(Q-JHl}kl8@U_Du1})4K^!0bKe)5|
zQrouip6nd)<<>A?g59X*RyJ}cHxq)1ckq`>6Ui(mk{f2i`Nn_}JW$9Q&sF6eaO9Qa
zQdu+a{qiZ=5w;ai*dD^CtzL<J@w1{~C6XT~D^Zct5Fn`?*n-Zq!<g>8Zf`&D)WMq=
z4p84ll7op+u?uZ2Lsur<;9*NmBZ~iosMvLNOMSSWOb3c27C6KNhYLV2$MIic0*c$a
zsnaOa^FBMe;<l<XF~^ZQz({Y^fTHbEI`3H3Kzm)KrBLxt3@hpJ18W0o-#2u>j=tLF
z1-N__1ZaEDF2eAx3mp4<+Z(1z0{d@kEHx&O3jZWhT{-6Lg&et26cZ6b#)fot(KhTq
zC%FMD4>P2LIrFjInJlkaLlZ=LjwZp@%W~~Nnx2ESeq-#*uw?19Pgrap@*%aeW*m0|
z?nQ|t`fbRFO!IUSmV7Z(?04a0w)emt!>MQ*l7jLf7^G=^e2cC!Ao1#!NBnDO;`ep7
zXG3#RP#N2XtI@{_(Xu)B)72%$8CVODZp;f~_sy>D4ald3vo%WPJs!f@sWQn-@{Q!7
zsC?6zrNynUBsIPZA(CoicW_x|a%A1_eS-v1ox5?%^M=-Lh`mu<PH=@szKV-=WJH#+
zQvFz4as36a5((BL)fDgm9xya+hVMp{U5RyG_-K~<13!^iICUxfvcb-5xAMy_^#>78
z3^>Hk=hK3?HG0e)SUtPx7ef2qjtDQCxT}?jdj?(!UM5<)O<)VNpL%D$wj(F!q9Qh)
zqK+V@%)HvFnx9+O49(J5$$e=H&^&TbfBhrxNd;>Yf5ZIy4yR~WN!ZeQyj@c%i{vCF
z3--_r&^Z-$j3@X=Ppk3YZk~#Wjd+&5t2Xw@cvQ%7jd-K=nd%MJ^PR)`wVe0miWO8v
zAQK)+Dcb;_oIgp-aL1Yt@UGBx=|SudgH$j5Ged#fL^kX&noHvh2SYYII>=&OkxdgX
zLH$hIX7)a5gxYd~()_JRcOCw)A5gI9JJPn-h6INPakEKP6F#HG!>=7|@pdwmfRV)`
z$W1<~IUy%LLhBIckCerMO)`LOD5XB%cU0ZNw89Vtgp>ik71z`3cw|T`JTS%>AB(c4
zqDc>)Ja`WpTKGX=A7n<2HEC<;387o{ZD(G1sE-<EsE*GXfW2=ShaRs}W>b{=wuLgq
z9@z=zN|ULBS9E~R!V#WW{I2?I8bYm}r9hT70WV-}_R5d7?*vU0`_)2z<ep}Kw<}37
zgxH^naGgQCnQNZEW9<xkJZ8eA4Skiy!<4C3b#$5|8>T>0QTOYRu6r%L?5Hq#`}_r_
zT0XrU9`7BXI=4Q>BvkdyRctA4X*ky*Gq~RI*|bR`ojlEMuUdR&t~UKCSe|2j%S;iL
zS~K?{B^()C%hSqOMLn$<ZBqb-RzN^?2H&`E*98BVBv3l^X|-TfLji|-a%PqD`3_Wp
zO1icWzVgtTzPp~%yNUc2xYrs}1w`kc588l0BVXiO<?JiRK-zz=(J59zg4?@H*n7-)
z@81hhf5C&6<432x4AMcX?J$0=X#V}1)a9zJ;;pL?xixj5?M#cND7d-eV^v2Z`QhJX
zS$pPfoVkKn-0B|<bdX1h63)=y`vC78izM+7%&fs>EYk()Kic&cC{1=1v$citSGM9+
zd2-jbiXRIg@kBy*pEh&l;@q1HSX>7rycUz|2gYY2KPQ~<_=h-;6xrdPYgjW0LEHY`
z`2SXcf7g7JcCvzbcKNu&_zy5->OXSR{VjaAa_btC^{p`-$h_t`D8x)!2$V&|EYXXB
z@Cn^wg8Y*8<m8KJYvHA0!m$*)MJ^C6`{>jhC3Zg+@q3euVGmiX09Z+%W5o5{-o1+z
z7;~xA8#<(&yV?qJxoU|!RxQU9wqgRKdoExd7Khc`-nu4{fzl{TPN2RXiC0Vw$9I@B
zl-4CY0@%+bDroBz$D2zhD&mX<{rn{(Zr9ach#O&7)--zJW6guDJA>h=3K-1=MJ|oe
zqE!oxQsfN;9#CtW>7SJ)Hlfwjm|w{hfi^?<%`W~T7TnwHjAFEq8B!;5KOK1Te!~TM
z-B3JyR_3lXny_v~CAW5OXR3`Q3*1w>0Y&FdaZt^Rt^KHHw@}~L^>((#NRwc)wGkeq
z2k1f{>!0Tn#YV!F{@z)B?&x-A^)GVw8TluqoHDHpIqy|=2gMb4iW&a5n}kl}i2#9<
z-k+jXZsO6-d}qQVmkQZ^VAee$6mtF)%u~0k))U`nw@xyn%ZXoFJ8rbpx2lk;`<~Jh
zZJrHrdBd@f%QuF4U`x5igzbaVqBapG^b&SOjAgdbWkpoctPok>avWMJ_E4+cW(oT+
zYE^RG6<q6@@^!7^`p+~&T62-i9{v(M5IDXq;x8TCDOSK^SG4iJ^a0;&O+EfUbE|aA
z;yG&pv>3t91foGGEd)Dx+3qlsl75Ik-CEWf)PsY?#x3!m<6<ZHLc~nFy|viOI$SK7
z=Az;(pGG>o>_J?PzA&&N9cPPTJM$Zf2i7_>X!VK;vBp_GEaz&koUfs(7Yr_L)q3tM
zx0Y5DR93FeQ8#~SLn&~*E2p>iItImV_;;XOZR>xHLSm7#oM|mJEXK%2Iq0}a&eHI7
zGJ?T*3wuXg$^$a$&Mg%-t@NO7-EuF{rz&J*c^e{H{0<?V=$FgnqN-wfFA%<lvs*rZ
zkW`t;5PB2Gzwxm<*j-kKysOe7A;ckakBtJM#$n1q)o+ObqWr&AX(H=GwS2Ea1&-@-
zztO>48ZE1gSm2DJd88$oL=hfYKAc~%z|oRKfBHE^P6fZUtC;NJpI7ud7q~j1+;Kbj
zG8L%6d80S2YW-H}$!hLF1zmjAGWvV@2+my1V_>{$#c#@1$A!3l)xFnUSr(Dn=_v&u
z<c0kh8LU-E*wP0xUJ}x*;7&t4j=W_WA`|+s2;zA8s{s^1E{b%JXM!7l#le5>`}mKh
zeviaD%iE?S?~N@fYD*|aV9^j|QU2RV`Dp1^iesojX%g@J&s0Ql7yj9QxSd^pNs#X;
zEiFcf7$~)N)y~#du?gbIMu9+e&$mevjaKyK_sC*rB4mg4{Dv4QA8vz7HxO-iBTi%d
zZCe%Ge$oqpSpbcb5I5kux;<{&U)m<YFR_wXvjKCb5@@2LFB6f?X63!|KEBHgbN0tr
zky1FG<k%}mt?F-1W!a+V*xQ*!7xEmFZh5R>oCtR#Cxu-Jn;cWXP8M#o!ePO?lV%l6
zH4wP^pF4({X_Zdc9O=C3F){DzGodsO1QWl+(UCQmAu}i3B^PfHk{woG5Mu7K_`*_W
zRmRjki=UgrKVkve5exj*n8mZA%MXSE-hnIF<N(c{!3U3Tqnp9hsqQo27cKw#=P;Gx
z-nQS**Y~G8bUp6~JcY~3m+TL`ZGN~}EheG0vV{`%r!z{_?dieqJeoGGYrcT1W;%4@
zfedkqL1O-jn_sb;uX&QS(9$t8*=1*vrqtW2Vn^xGNNLM=kidji;Z=>&=C-j*thV~r
z2GZUme`Kau!KHPXk*tjH>B7}o81~DCZ*du`{p`b%(D67W$^Y<A@!vyrZ*|w{Yt2UO
zRm&@R1K8-&ej(Ra+UAhM2<@tqwge?!{v|;k?sfsIKEjiETm=X44=;qQlU;<!TkbT_
z3Y>wG!*27cpw&Si6>VD{k>DN7Y}Z@5fd;HLyS-rLo&~iY!?(o@n=KakI|^fh!9(7-
zjRO0_p^~Thqu}jK0#C_KX|E2NARoEtO*V@M>B4&{2vcdFFjN0{h5jzL$K`ToCgGoN
z7Ux<;+=knC&8{VlxwRtZrAz-%*Imz%TMG7dOb;z?%lXw2y`{How>qRvOiwGh!RyN}
z0HPUjzs-MF`gP!&i>&=kp|S5<%`Mfx_3rBb{3Ta-1bH@rH}NVeUZ~s||1H4=`suO-
z`8i_ce44DWSk59y2VUKY7p_etjQ@}RNIpng1Uf(#afI`4W$1mkQHyc`Mwb1{YBq>}
zSEhXNg_N&^FhT5ajf>n(RXsr68o6<0Vyg4`%X``V+r_W?m({h2`<a#gta#5i_g9?H
z|C2(?-zsDn`MBKZ^6I=h>S5zQx~vY{!z8&XLLk@Jvm(Ztx$?b6x0X$_a61zt8D>1L
zL@2(LSJzH?r~JVs@aOB(6wWp3k8hLi8us$enZJ%V{}*e$|1!7gaqEeBGL#&r*l)h!
z+iLxeE)OGv$Ofko(pq_(>7j4Smo@H*@(~6oQtW`3mq&;pQtLPopCBd5{Y`Bb9mXx@
vzv*wW!-+PrO>iY&f3EZYb5~mx>l$Lvt}kA%aMNbX@|`_pf3p0<wR`^!Rv$zI
literal 0
HcmV?d00001
From 4602d83c1b56c754ca4d0c0a2297ad34408f60ef Mon Sep 17 00:00:00 2001
From: Keshav Mishra <chandrakeshavmishra@gmail.com>
Date: Tue, 18 Apr 2023 18:32:12 +0530
Subject: [PATCH 10/12] Ckm patch 1 (#83)
* [DSD-2478] updated release images
* [DSD-2487]Updated Readme.MD (#82)
* [DSD-2478]Updated Readme.MD
* [DSD-2478]created docs folder.
* [DSD-2478]created docs folder and updated README.md
* [DSD-2478]created docs folder and updated README.md
* [DSD-2478]created docs folder and updated README.md
* [DSD-2478]Updated Install.sh (#79)
---------
Co-authored-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com>
---
partner-onboarder/install.sh | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/partner-onboarder/install.sh b/partner-onboarder/install.sh
index 49317c55..35b289ff 100755
--- a/partner-onboarder/install.sh
+++ b/partner-onboarder/install.sh
@@ -52,7 +52,24 @@ function installing_onboarder() {
-f values.yaml \
--version $CHART_VERSION
- echo Reports are moved to S3 under onboarder bucket
+ echo "Reports are moved to S3 under onboarder bucket"
+ echo "Please follow the steps as mentioned in the document link below to configure mock-relying-party-partner:"
+ BRANCH_NAME=$(git symbolic-ref --short HEAD)
+ GITHUB_URL="https://github.com/mosip/esignet-mock-services/blob"
+ FILE_PATH="/README.md"
+ FULL_URL="$GITHUB_URL/$BRANCH_NAME$FILE_PATH#configuration"
+
+
+ echo -e "\e[1m\e[4m\e[34m\e]8;\a$FULL_URL\e[0m\e[24m\e]8;;\a"
+
+ echo -e "\e[1mHave you completed the changes mentioned in the onboarding document? (y/n)\e[0m"
+ read answer
+
+ if [[ "$answer" =~ [yY](es)* ]]; then
+ echo -e "\e[1m\e[32mPartners onboarded successfully.\e[0m"
+ else
+ echo -e "\e[1m\e[31mPartner onboarding steps are pending. Please complete the configuration steps for onboarding partner.\e[0m"
+ fi
return 0
fi
}
From 1ebeb2c8d9ad4b6f23cd5b374f56bf1ce37f2695 Mon Sep 17 00:00:00 2001
From: Keshav Mishra <chandrakeshavmishra@gmail.com>
Date: Tue, 18 Apr 2023 18:44:53 +0530
Subject: [PATCH 11/12] [DSD-2478] (#84)
* [DSD-2478] updated release images
* [DSD-2487]Updated Readme.MD (#82)
* [DSD-2478]Updated Readme.MD
* [DSD-2478]created docs folder.
* [DSD-2478]created docs folder and updated README.md
* [DSD-2478]created docs folder and updated README.md
* [DSD-2478]created docs folder and updated README.md
* [DSD-2478]Updated Install.sh (#79)
---------
Co-authored-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com>
From e4a6388165b598098d2038218a84befd0d234c59 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 9 Jul 2023 21:14:55 +0000
Subject: [PATCH 12/12] Bump tough-cookie from 4.0.0 to 4.1.3 in
/mock-relying-party-ui
Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) from 4.0.0 to 4.1.3.
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](https://github.com/salesforce/tough-cookie/compare/v4.0.0...v4.1.3)
---
updated-dependencies:
- dependency-name: tough-cookie
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
---
mock-relying-party-ui/package-lock.json | 58 +++++++++++++++++++------
1 file changed, 44 insertions(+), 14 deletions(-)
diff --git a/mock-relying-party-ui/package-lock.json b/mock-relying-party-ui/package-lock.json
index 2fa88a92..f1f5fc26 100644
--- a/mock-relying-party-ui/package-lock.json
+++ b/mock-relying-party-ui/package-lock.json
@@ -13334,6 +13334,11 @@
"url": "https://github.com/sponsors/ljharb"
}
},
+ "node_modules/querystringify": {
+ "version": "2.2.0",
+ "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
+ "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ=="
+ },
"node_modules/queue-microtask": {
"version": "1.2.3",
"resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -15465,22 +15470,23 @@
}
},
"node_modules/tough-cookie": {
- "version": "4.0.0",
- "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.0.0.tgz",
- "integrity": "sha512-tHdtEpQCMrc1YLrMaqXXcj6AxhYi/xgit6mZu1+EDWUn+qhUf8wMQoFIy9NXuq23zAwtcB0t/MjACGR18pcRbg==",
+ "version": "4.1.3",
+ "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz",
+ "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==",
"dependencies": {
"psl": "^1.1.33",
"punycode": "^2.1.1",
- "universalify": "^0.1.2"
+ "universalify": "^0.2.0",
+ "url-parse": "^1.5.3"
},
"engines": {
"node": ">=6"
}
},
"node_modules/tough-cookie/node_modules/universalify": {
- "version": "0.1.2",
- "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
- "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==",
+ "version": "0.2.0",
+ "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz",
+ "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==",
"engines": {
"node": ">= 4.0.0"
}
@@ -15742,6 +15748,15 @@
"punycode": "^2.1.0"
}
},
+ "node_modules/url-parse": {
+ "version": "1.5.10",
+ "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
+ "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
+ "dependencies": {
+ "querystringify": "^2.1.1",
+ "requires-port": "^1.0.0"
+ }
+ },
"node_modules/use-isomorphic-layout-effect": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/use-isomorphic-layout-effect/-/use-isomorphic-layout-effect-1.1.2.tgz",
@@ -26200,6 +26215,11 @@
"resolved": "https://registry.npmjs.org/qs/-/qs-6.9.7.tgz",
"integrity": "sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw=="
},
+ "querystringify": {
+ "version": "2.2.0",
+ "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
+ "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ=="
+ },
"queue-microtask": {
"version": "1.2.3",
"resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -27791,19 +27811,20 @@
"integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA=="
},
"tough-cookie": {
- "version": "4.0.0",
- "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.0.0.tgz",
- "integrity": "sha512-tHdtEpQCMrc1YLrMaqXXcj6AxhYi/xgit6mZu1+EDWUn+qhUf8wMQoFIy9NXuq23zAwtcB0t/MjACGR18pcRbg==",
+ "version": "4.1.3",
+ "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz",
+ "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==",
"requires": {
"psl": "^1.1.33",
"punycode": "^2.1.1",
- "universalify": "^0.1.2"
+ "universalify": "^0.2.0",
+ "url-parse": "^1.5.3"
},
"dependencies": {
"universalify": {
- "version": "0.1.2",
- "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
- "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg=="
+ "version": "0.2.0",
+ "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz",
+ "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg=="
}
}
},
@@ -27987,6 +28008,15 @@
"punycode": "^2.1.0"
}
},
+ "url-parse": {
+ "version": "1.5.10",
+ "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
+ "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
+ "requires": {
+ "querystringify": "^2.1.1",
+ "requires-port": "^1.0.0"
+ }
+ },
"use-isomorphic-layout-effect": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/use-isomorphic-layout-effect/-/use-isomorphic-layout-effect-1.1.2.tgz",