From 3542fe67546c5970f0704a56ec77118678c0277c Mon Sep 17 00:00:00 2001 From: thb Date: Thu, 12 Dec 2024 08:45:40 +0000 Subject: [PATCH] new configuration version --- .../k8s-nai-6ec6739e824c8e56d9633622.yaml | 2 +- ...client-trust-6ec6739e824c8e56d9633622.yaml | 2 - .../opt/nevisauth/default/conf/esauth4.xml | 198 ++++++++++-------- .../nevisauth/default/conf/klp-profiles.conf | 25 +++ .../cossa-token-exchange-authstates.jar | Bin 50623 -> 54296 bytes .../k8s-nai2-5a02ce1399ca42298422a320.yaml | 60 ++++++ ...signer-trust-5a02ce1399ca42298422a320.yaml | 14 ++ ...ult-identity-5a02ce1399ca42298422a320.yaml | 18 ++ ...client-trust-5a02ce1399ca42298422a320.yaml | 14 ++ ...fault-signer-5a02ce1399ca42298422a320.yaml | 16 ++ .../nai2/etc/nevis/nevisauth_default.yml | 18 ++ .../var/opt/keys/trust/tls-swissid/keypass | 2 + .../opt/keys/trust/tls-swissid/truststore.jks | Bin 0 -> 1777 bytes .../opt/keys/trust/tls-swissid/truststore.p12 | Bin 0 -> 2118 bytes .../opt/keys/trust/tls-swissid/truststore.pem | 38 ++++ .../nevisauth/default/conf/LitDict.properties | 80 +++++++ .../default/conf/LitDict_de.properties | 80 +++++++ .../default/conf/LitDict_en.properties | 80 +++++++ .../default/conf/LitDict_fr.properties | 80 +++++++ .../default/conf/LitDict_it.properties | 80 +++++++ .../opt/nevisauth/default/conf/bc.properties | 1 + .../var/opt/nevisauth/default/conf/env.conf | 19 ++ .../nevisauth/default/conf/esauth4.security | 2 + .../opt/nevisauth/default/conf/esauth4.xml | 121 +++++++++++ .../opt/nevisauth/default/conf/logging.yml | 51 +++++ .../default/conf/mockrelam_jwkmock.json | 1 + .../default/conf/mockrelam_klpapimock.json | 0 .../default/conf/mockrelam_metadatamock.json | 0 .../default/conf/mockrelam_wellkownmock.json | 1 + .../opt/nevisauth/default/conf/nevisauth.yml | 16 ++ .../nevisauth/default/conf/otel.properties | 4 + .../default/conf/prepare_done.groovy | 23 ++ .../nai2/var/opt/nevisauth/default/log/.empty | 0 .../cossa-token-exchange-authstates.jar | Bin 0 -> 50623 bytes .../nai2/var/opt/nevisauth/default/run/.empty | 0 .../nai2/var/opt/nevisauth/default/status.sh | 79 +++++++ .../nai2/var/opt/nevisauth/default/tmp/.empty | 0 .../k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml | 2 +- ...signer-trust-92e282d1dc2b69d9e4f91fc0.yaml | 2 +- ...am-tls-trust-92e282d1dc2b69d9e4f91fc0.yaml | 2 +- .../WEB-INF/web.xml | 2 +- 41 files changed, 1041 insertions(+), 92 deletions(-) create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/klp-profiles.conf create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-5a02ce1399ca42298422a320.yaml create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-default-signer-trust-5a02ce1399ca42298422a320.yaml create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-identity-5a02ce1399ca42298422a320.yaml create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-tls-client-trust-5a02ce1399ca42298422a320.yaml create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-sh4r3d-default-default-signer-5a02ce1399ca42298422a320.yaml create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/nevisauth_default.yml create mode 100755 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/keypass create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.jks create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.p12 create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.pem create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict.properties create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_de.properties create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_en.properties create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_fr.properties create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_it.properties create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/bc.properties create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/env.conf create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.security create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.xml create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/logging.yml create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_jwkmock.json rename DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/{nai => nai2}/var/opt/nevisauth/default/conf/mockrelam_klpapimock.json (100%) rename DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/{nai => nai2}/var/opt/nevisauth/default/conf/mockrelam_metadatamock.json (100%) create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_wellkownmock.json create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/nevisauth.yml create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/otel.properties create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/prepare_done.groovy create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/log/.empty create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/run/.empty create mode 100755 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/status.sh create mode 100644 DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/tmp/.empty diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml index 8c227af..79c6874 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml @@ -45,7 +45,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-621ede89458f283cbfccdeb8f940bdd13fc87352" + tag: "r-76cf157bd18ad492e7eea17645c765177d3ffea5" dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-default-tls-client-trust-6ec6739e824c8e56d9633622.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-default-tls-client-trust-6ec6739e824c8e56d9633622.yaml index bcbf911..8944eaa 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-default-tls-client-trust-6ec6739e824c8e56d9633622.yaml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-default-tls-client-trust-6ec6739e824c8e56d9633622.yaml @@ -12,5 +12,3 @@ spec: keystores: - name: "npi-cossa-realm-identity" namespace: "adn-postit-tknxchng-01-dev" - - name: "npi-mockrelam-identity" - namespace: "adn-postit-tknxchng-01-dev" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml index bb05470..ecb7b07 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml @@ -1,14 +1,14 @@ - + - + @@ -45,87 +45,84 @@ - + - - - - - - - + + - + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + @@ -223,6 +220,16 @@ + + + + + + + + + + @@ -242,18 +249,6 @@ - - - - - - - - - - - - @@ -272,6 +267,27 @@ + + + + + + + + + + + + + + + + + + + + + @@ -283,6 +299,18 @@ + + + + + + + + + + + + diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/klp-profiles.conf b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/klp-profiles.conf new file mode 100644 index 0000000..c9c07b9 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/klp-profiles.conf @@ -0,0 +1,25 @@ +suisseid_auth_address_verified +suisseid_auth_address_required +suisseid_auth_mobile_verified +suisseid_auth_mobile_required +suisseid_auth_phone_required +suisseid_auth +password_auth_address_verified +password_auth_address_required +password_auth_mobile_verified +password_auth_mobile_required +password_auth_phone_required +password_auth +email_auth_address_verified +email_auth_address_required +email_auth_mobile_verified +email_auth_mobile_required +email_auth_phone_required +email_auth +autologin_auth_address_verified +autologin_auth_address_required +autologin_auth_mobile_verified +autologin_auth_mobile_required +autologin_auth_phone_required +autologin_auth +default \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar index 4faa5bc467aa779dc3b9570c240256fcaeb86a14..15d156261f56820d39648206ba663711d6558eb1 100644 GIT binary patch delta 12647 zcmaL81ymeM*EWhf1b2tv?(XjH?(S}byA#~q-QC@T1|J9ncPAt_;k@7f{pY=R-JUi5 zR8{Z&OikD7?rq&41D;UbMAFB=WX9N4Y`?G=n`I=fW zf`k08Cc z2LA|SFq=SqjQDU;{4-L_)AEmu4qq|K-$P9b5D*_C&?+SV5YuWNBYliuT0}yAOe;F> z2UsvX2nZ!E2nhGbv%Oa+42@mI8u6ZpQ&VF8n`t;wR+lKRne~mIC`LR ze4D*F7*FWoyz*aryL8O=x(Jd4$&p1w^$T5T{8fR=IaBDyg3D^J8|RT30?2CgHmosZ ze{Hc?Y9Lr~I!Aq0rYe*Qg5VCZuoCSeSg~WjU_!i+WPNoLjp4WnDEBbeX(kXUP;}*C z-&~asQ9}8qy224}V;Nseusm(C_^OzClJKKU%&nS$1M?Rz300Iwdo^k{8%Xr0P z2%gj){4^0)zJa4CH@+0lKTdrc6%*~$@~d!pF%Pb-iYzP%xK`+AxGBi~BE+sj-XD`( zsmLDr>Q|AH)_EIe5v^h-*~UnC-8Et$)5vKJdcu$z4M^qf>kN{L$N(9;)^u&&G+a|W zyZD)cdp^e*{^W+_22u-(;_$q4=}l)|n`p}VsEwP!3c>^qO1D`j9nMKD`HHD0I!fKI zWo|h@QythUCHg`MVfs^;as^r%VdDrJ7p;=KmSPl*Lsq3rWsp=Y(gU}lTfg8FoboA< zX)RH$ty+qEuI}_jEWql4F&3Ym^GXmLkmn3NC#o4H%(<3wHol!F0a=@J(-*2GV>ke9 zfLn{PP*|9Z1367j>1dz>p;BwQ)?Dd>d>Pu7WWhZyJwDZeh2k^d=D zX$EeqsM2}R%-W2FdTF&NQ+M?ng&}+8%gY(kb_dMUoY+xqGb~di zbKlT2Mxb#YQnjfQuo@{;os2Nv9E@acSER>&$eaO{!Ijzgy+-eI{vEn0BSVr?W$?5U zxABD?i)m?k1fab^3)Z+&g&$8UN3G=$b%PBw+`XnqQbbM|KWjpZmDnj54|VfBwELFd z6O+4yxj$mwtU@}CO*Ly!%(Tq70ZE^*F|>;Ef;lRCyIx@ycs}Obv!1%L_{goyi7=kh z4xx|Ui+@Bt9V^aRbyK^^%V`Pv$pztik{c;9?*U(WKEOdjx7|`dBWI;dWl^lrOiwza z7_ZLKV8_zAlpzRFQbcDkv4Slr6TUTfpLE`WzKuPi|0}HIn1BeCVcs&`bc@(fKyh%j z6T4&|KMCG^BFs2^MXW6hZTWX6Z@p&Iw9DQb9uM95_Te2}^R0o#JVx=SDj$&;&W=J) zv>kHbEC6nYv}vXX%_R1WaVf9G)mr(D4W-mk_1Yt8{k?0^cB&&2gKI3*7n+wK##%=& zW-UTj3=d_FOEp9n3k*N+O6A(2M>1n%&MPfOZXKE1y1!bBTts;(FgZZd^}n`3$Mv4+ksavuRn4a^-}%%^Oj@=?@iX{b^=*d zZUFrk#evzJ=yhNz^Th01WH1@m6n$`(%;!hT(+k+=ofZ_dOI-UKj+tjrJ}MvyLKnV>q>e0?AUP_HM{}MYjs#d)oXYBgSGF0oY_$jXJ1?F7_Pu6o`#?( zcbl7BC0+Y%+@m)}r)I{Tb3)%b9I2iu@&HCAjWf)^`w2HL_09+NAyqzTIR$l=zFBz{ zgZeu<`h#wWd~PZr&Z4furG9T4JFO`o|EaS2uz_iiz~rSU~f4ptCdbtvK1 zGeDbC|2>Vn=8>GullX->h2OcI)t<|TrCaG|sG%o`ChcJOU1_!j_%lub0}u-?4=~Q? zEjOhmI2O}pF(&W`LntzW{@t4HEt%{HvWE(|1{V;rt8o28zKRO!m%+4Ixem@`NVdHS z=r$GU$rIeKK*1(reCh0`QnzXOZhapX$~?X=Sl5=2j6g(WPbYi9DV!%TdCQ)y!CV3By+;u)IQseft6l7AB!`$_|gCx7a zk%wiR)>6VqTrkTrbg=ysDZ#t9ft7P@1mFXid|FA8%8HsEr*qhew5!#hXK1yI8fRg zPLIcQEnmf!vb;*GiBph_Lu{+2p1%M)U<6Wrk&hSRgq-0rgRx|M zLSM3Jz~@PEVBwOkA_N-g4gusIGeQ>Oxjwl%EbPniELfM-W~>&$b7THkRPRj;&)*=q zH-|$^wP%x$uno?#S<4Avbx6ltoC2vWT0s>@uPU-}P*A{*!J{w3u~+@G+NsRT2I}Z2 zb={vQ&+E&ZmRcje7$-8P=zp`w3OP~B3-_WKse7ls_|CveS3X`l)eErKK#Nkywbzhn zO$pG&$rg1@kb$oh5K_L(J9cZY&SxpmIlxz}>zuZVp1H z6GxcK#YRDOM(cOcI7&RmC;VIneTbh9Dv{CsGrbei)Dhj3>k97qH^3QR;Aes$lu{&W zA7KSGws_Dd0`~;d#a;jvQd;~zIuYSWQA|jwB(hHnL&rUpg6*|n6}l}vG7V33Gv4<^zGzoiGAjovB#eZD2dXws2nZuhDyHB|B_Nf@ zo3cOAW9ZMqp+q``daFbvU@TN8M+R=#p{Tx-*7+mW^`+3YjwgUpN{=X6(&>O|M<;N2 z|BZlT@=%{3S>k$bQ;8ofNLS)UfCy;~QjnNQfGs$|N2opKidWJp{f%BgfHRsA`N{qX zycqj|FE2uA2Y7nv>n?d6BFXypW9!{`)sxrZ zXs~)s_pR4`Ko@|vW7AMdSVZ8JwYjIc^`L(0r0E<$o##G3N;5aA6S($#=^^&)2ybQ= z6s$ovqVX8wA#gF^V<(B`ajl8 zSwGzPYa>y8w@X?h!ujmTNxb)Rasr&v3_9(EVi-(=7^IpQDtTIEn%NPlXc;D)5^O*F z5VcYv_q8cMeL<(%RNt1EYenpQwAQ{ZO9!27q5_aLvy{r1M!3u;vpbuzCD!ooS$T)Ze4y!0r@x9+jf|EcpH&hqTaNGes zRx~QRyj|L>Ep#d~Ex(d+fBm2_+Y>*CYsQe2B0FKfT=J&+G0RlTaQK%Of~{BQ9kz|v z%QmxGbg2gffF}~!@wX3xaO3r)Ad<)}QE>mB11F#-48F#M9Za)%AE^OeFT}e8Q`U(f z?Z9VwAF5_FZhgXY2my%j#{BtOp(0L}jbqPS=aiZRWY?KZ+6(B{hBbAvEC)8|-Sax) z|A6wdyXz?6oO{MlKr@=OP$uWfMLQ!1_Xn!e63U`A4wnwa7g6IN+3CumQj`LW9vVO0 zNeY(gLLQ!w)m!PrtH;|59*&btH;!7#sPPAcFVZhIzKtSk_K|pB!W4_}6W;IVV z(KOM2^CQYhNenEPZfKB+XMyn4s_Wv_$}WS2iwo80$VN<(;bhE|GzTtk_&2}pZ20e{ zn_`LiD)c|dD*i6pc%uLniHyETC!Cn+;q?5y?Yo;R_`C0#H;~|&IaFMWj)b@vZUy12 zwZ`O@d0V-o*vCQRhH-1=m_pM7u;iLw-IY`5)9rA2nTrr(dIL&AMpX<&5+1m2sf8gM zS7BPU-`Q1ozpjzDSvQv}<|h<9vmj-&++rQ)%`M)HFR8w<^u9{P3Effq=`8E?Gz~|L zUi5;CGj>pU36~R^e-oyVQ1-K!nO=xF!ZZ!FF^px0uAU+j8-_iz8f)=AptH@v0`=xa zm!xJu26k;qD{KWp#+%%aUVClUHhfNAQ~9pztHg9kKY8s+*6jOUi~iKh^2($fgfqYR zaw|XK2(HVt>vKVwjW&xW1SyRv0WJ)EG zr-1%)-0uswGN=hMRu&!Z01^<6$7J%$4*RN1jt+vtSliS_P&}NH9{acxYq-_;45Bm^ zV_(@&=Wb`8T3jC;clz$~0s9nA&I3%?Y_qNCS%gJeY0}wI5SAYFZXLc~A%&VAU!TmY zV>d&|R^s!f@%Tcy+M>SpgvhXZn4{bT;f6Nqmra#z)U^H>$v2jT1i)&B(vyf?CO6{w zQmr7wkYY(|dq_CP0%yr&rl!mysUmw3x;HAH-EZGP^WrrU@%bsLUIM9(MB5q{e3EIldG@MP_h;NYm3ZNo z&$UgWAU^G}e=Ms8@-yfTZ2Rz_mlv%a|Cp92NMs)GX*Vt$yb*qcY?{KPHaS9qwQalQ zqj<}X#qgAJ+@dZVes7u|b_fRs2r?at;n5`F>muqb%SwW$fQQd25%KDFt=3Mk!(bLN z?#I|t>G|%tA4pp(O!8{9%XK>=;%4$ zxATiEB;u)51rP$=)%D2}k?>R=_STz(_&J4qN?qPlh@8#b{445v1A{o|#jT6z)}^L& zy`g=U4MIg5!|Ld4U^WK#N=rdBg?*vlMKG_)LN{}Al40$>ey(U5mzxBG_kI@DO~93evd zZONSTw_2at3Nyq-Cb^@57oy4#>H^1!2?44>-Ja_xb@j;Qo(G(S@gCfRc3$nxd)Gv; zEp1@0vXSht2v+9Sq&Q(x_ro%Q{&?$(AEjrr#ztlJm@Y|A94qQh(hb9osa1x&$~Hb( zqm0ZfBA`@#Un!#8mO6)4|6N^2Uc4+gcnAn&E2Fbro~C5jwEn^LsQCS*-&b47+k5Bv zXS?(Y)2mxL<>?LRFwt^oZH~!lC&|1tZ}jJaZzWtO%HoQ&7x4$mz8(0|B=Vb2X((}8 zNSZuIPZu04Y4Y@(nkVlQ&s2-}#|I`Z+0|t8@&MF2?J{Y}#ClshpE0K|x0PhdSR;}o zezA(=el%kd^Vq1rg$ajGe#>edccgAkT5Vo!7iF%@5onV8iA%oq6E2I%>+h$AI-dO0 zQtFd^&NH4pl(wFrMP5QCDr2NFV%CVEhDUf>s>-_L*w!2jlAR~yXBT? ztpto&l`iBi_Ex>%uWRSK^-w{ux#kp9>k$t?5Ek&F?b?co&(O(rtGBG}Zn+?-$eK-( zpYrIIHT2NB=*xZ&m#)bjiPHt2?I#H^^WH-^<gBO3RM&$M>idJW}P)m}VN z(32K8_FUpXEwL?WzR(EiN8Ej1hy)cOLb9n`EjQ%`Ss2-h^aU!QGlhWjuy9T3?--c0 zeuSBxFB2`4F^&Gw0rPuSBw}Xa-?Nw5!a{tr0K!G3?x+!A&Eq=r2VBJ<_^#tWAE^M8aZlXEX`?88;$G7N z+3<%dID67Hx&&Zsu34a}xnex>M141L?b=6K4Bru*6)2DTQ$V0(_eV=}mWH#;Fr(CH zI(le*we2-x-|#1`hfn``HlqBA@%@d}`GbAikO2h&VFF9(r^fW!>& zLPs5fMhGJHn|ocY>UfV%#0|U@KR34IL7`v|QT5~pBzEj95W?W_rtN1lf3h|*FjwcB$QeiZaTp>zx$l~NmoZjq`34$P} z7f9l350-tNVi~iPEs8XowC)$~*2&=LP>Izet1f`>t4e{(VgZ;;tGLfQ`qOtgJmAqc z#jBIMAyWqvx9ugkan#h`Iku&K!?blK^mAXUwg3!48a1xN&Qv8>t(rGKYTN<`21V;~ zCYXl3`D?k~PFY4*sm;!sCeOmX>ykJ0ORme#@>XAdj_SV3Ul~!AgIjsV~KGp^E zBlh}tT^P}pp(Xx=LW}-{LTUdRE&s2j5i@o({%0BD)NEBZCD8e8P5(T%)`fNu6BCW# zal?94lS&|yP1Xu?2NE;e3|ChvFxPd8QYXF(erBDN%b2?^6f6*|TIx02F9!OKK$h(n0oWwC>~G4CNkh;J{{=b!G$e`eBI9lf zB94HK&E^b8F}$L&c~r;fSyZ>3EaTkW*2B;q+D`&@RZ1CrVovDN1f<4@3Ixg&f9`I( za?eh3Nu~EjZ*$z3+HT@ss~aVje0!c7VUmdKc(JgR4@F2vLgOq&<;eZ^fYtxidxkn2 z8!(DJY;^1{F6yGGbYEjYQCKdYGpHSILbWzDaA(NOl`2uTmuq7xND2FGkzzi(BQVCS zX;$4=x+{2a%C4!5UXO)2Nct<4fn-lHHfGc9C$W27SJf7g@>l5L6q)evc{yV~?jePY z%B)-0evP>9*`!)OW|1zw;5Ci%;_+SI0{~s$u-f>e{V7b3)lBBa*3&Mp`1bTsq5~&P zQwgQx;p@hj3{L3Nr3n@r$!KJn9xue01`n;WX+M!3Qghjw)~Cpi52@EaZ%HR$+nL%c)gPt=-*X?z*p)!Prfk# z=bn;M=*A0+eYdRXa<6embrvsK-2`xuyOEm>w>ZsR<|&79&;0d^)GX+T`OJ~Y)&nb? zy*-A+)&{FIp(TG91NUvvN^g`c4)X>!p}GTVg!Uq0l=gxetG=b4&%%oT3nj=gObhIn zibi#qy4?AtnyB#B2gg~o-jAau{PSUxc*tbfn~&w3GicLd<7e@rmf zsBePa1k<(gK=qlV)vP=Sy+)BqK}A_=R;hXDf$)2w-S@?eFNv;(6Qxf$6Odbx%6A<& z^X*QQef54i^wPEDsV?b#C?>mP8Yl_ZXaQrSY5O`;i*xjJ2c&s>Sj$eAfPcFVd-vN1 zxG*3fq!@oPARift|Go_WxdMB&UVPEVQT*v)<63aZ5<5eg4TPX_5ugwxhT=<8nZW2t zrGy$%xQf47c$R$2G`G+Q=88X9@BH*5-gP(1^=*%$(RE$A@2B$1t&hcLjcRetKE{4K zMa4C>-YOq`{odcd<}cbo`QicA6#$fV`$GiQ1D~bQ9%FA|BV1FDzP$DL7Q%m=g`1SfuVYRZhPo(gc*|z*66|u>`o>+t$6zF1t$15=bR-q zwhKIMquL>b&GRj{^H?08U)HyJSpkCUfC2=z zi*$*4Q(Xg?ysF!M1HZxgV9yqdfB^(}4a$2HRqU`6-!yyZd3R%`CCQPLDGU16_~t*k!b$A&#V19>?oZ z`e3k!`gC*+?f!j6u0jwK-X-g!xK%zlga} zNMH^R7r5+SgYdiTCPl1#>%v9Bo+PW=ED;jY==sV{H~7!zHH&D(>f;6QOVQ%fG1i&) zU$j^0H88BN<tETU5WUP}5vQ;e<7zD{!{DLoAck*7S@3>HI zB}`P;3#hLUt5Um9T$hzYH%*+yXer-K)nF1}&wIL=&be4@dENusGAvDwa%_!r1?x<) zDIqw1%u;9G>P;ieyDHvM!^m@*U3zG4Yr`9SW(q|~-Dwf}u@4X$ckSaeRp3h2!eg2; zdPx@HqujDfrnc}&!SZLE*Sb(2^y!ahrBQKj^IeoR!nb74S#l;MLbfuzgdP5AzA|>I z&SrSTY5Bdh2w^Cw=wd|u)tavu7{VhE`UxIiCl?ot`Za#wCXCnbp+TT%cm$%7rO*Hl zU#m0SKl%)Z02P3x9pmB}(KOJPN_ZeYF}TW9X$p70tVM!q!IQ|)J5kdSq!qO$97LWD zaW=H1wBQUYH`kX+W0aJC&7%1ll5q@%w^8kofGm!<#AD&4ZM1398fQ&cK||gEI8m)_ zV&K>--oh})n`&m&I2=@K>&+V*N6*j4!mf0%b1zXVp8>#6eOrYv7@=hEDX|%zzEg

p|5VjU?Z++gxT}?NMoZ7DoG+o3+kK2kEs=>r`(vrZWXO(RjKYe){DC z-FVBLtGzKz7Ijv$*lez8P`G3D93Y6kZ77X-pv=b2uHyXpH`1qVnt`b>Y|-g-xo166 z>@B8ppUm88X|Z1Y(<%@8;zbmz1{r5FytW#rlsCYU9lE!(Hq9IadVV$7CKe-+o9Y8? z&)iluF5R{xJhqsdhM0ZmNFA`>TD+!QiFwy9xL^?5%q^Qr7IpUZm}!xc zyj;rItO(o>qjwK6eLz&N}!FnTc+ZpzSL8wds^u(*A%kdhrUo9=aNb_YZ&;_e*wX{FWU{t}L6WSE*ohF`ld8owjW z-qW#Drx$?e8_?z-XLPYsu2o{I6K5TlVB3>@X3;bRp2IE|hMVpqjfBnB;Z^wOHsku0 zmVkO88y;SjX;qcT@>AQJq4a6Ur(>Sj)GW7}GV8k!tlc0^`KMehGrv(G9f0(OX#y&r zy4SUuOkB(n$B*W!rQF<~T2{A*y4Wk&S}9rFnJ`D6uHPrrSOWryB+h1^Q3CKmt;ZCv zRiPC5-w_1M8+m?$_0whgroToa^yccXHBxVX^C!@)C-Xi<+F-c$_MDe@+ZpIvTXNi& znm*8PzwXo78e9mg+w_7v?h8t}5(9L3gO{`3JX=}w&0vIi(b_Ae_4AK3q|-truaEPd zlDQfz7i07f*@|t&x}(hLOxcar-(*k3>~ItL-st{}KL!wu?`tCh3LvhIeyS7pjxb^r z5r#dZqvY3(%E#USMGzf;+6I1gLtSAtS&ek%-HxOkcsmyh&%Tj4ymC|t#sKj6M6zDC zh4IbjMHnX*4kqZzh!gLS#Ep}QYzR%X!;ZWIP^e;wcX}1XtyCAM`E9hVaoRzCX{UDx zP9Z1iU_9~;5?n!#PfpG~=pC|m1Jq#ARFBLZY~zuXGtZPf-F1Vf=Y8QLco@r@Y8GWV zKG9dq59qtLM;BkAdcx9WzsPN(NIRFev2Bl(?+l@s3w^;^myM$h0e;l=c%#c!zO-(#;?B9s65Kb6j zIt8`VD__H9Gj+~N5ml(uIgmkNOXr6#*>KipzMm_A^*uj5TP6G`7>C~VyGgixz963k zl2;P@OZB~Y^qpOGpZ|KFCjx*yW4;X^i_(O&LRj;#Bjxl>8ic%QYWd`(!CS?+`FJze#w2weOW7^IOto{d0l<6>4D`r$_2;^aqkRJ z;+XMoji9IA64)^#v^jhpmWJku7*7M+IfE$K986p6>k(23pi*lk7>Pc}5`RO_H+R|` zX1ipH&90a^xLz3+HDEhzid_v;Z2UFBq?Xq9LUmHaN+8#^pFw)OJo8Ce@H^j(Q5p$G z7R#_zJM!?uc2`>!4Sd#^CIKMSMcdXiOkH9;O2(=R`Y2K`MMol3U5Mrc0}a`VOuY0^ zqt}PHm|r-0E{Ji+AEh$XkzZ~znpC#)66K7$+zin1bq5{c>Gzd`afXuc)uAxK9a45g zcw-WbGJC*fqbLI_AOB{JZwbS$A;L~0!mzx3{6oyPiAqu3fHi8C6ehrmSHX}9FFX8~#b=Jx6KxISS025soi~*PU6d9i^ByF&lRPG@ zR2<@98^W^3d2*Ze_}6t@Z?@u@SUWwLCHj-Ta^LJS-z*0+R$V-oDQm#-3E=DR!h2sb zlIgadP<$cB?kk2}{T+f|@BO-001&PyPqGTp-r&S&s8GoLlbSM1JIk_+wXg9%PILgf z6|DB_rs1{d$E0>&F<0GR;?*`y5)3pqtrzTRWY)*?q8oz*9J>uEMS!zK7KkND{w zqfEKl(cXt&I_)#Dm%NwaYnjZf;n{XXstZ(3#O3qHpP8-46|nR*qfct(0P`mX9#V{A z1;nKCHkcKTwnVl=P<}##5*YOBl7@V3TdAShDTqEhxLC_hxS!Ad}OR zFm0w0!MQXZ#_a>Y+_#H<0OaOrWvU{tbr?^*JWq^{hp4J>q6S#oNX4S=qUS%zjW4U#q#tS=sVzzz;%7q-1P$)z8O4!BRaCw>fEc(4Q?gc_8W~RH93M z^_d~kLybxL)KHJJzuWb#dZ(tzUNB;FWU`jnkzGJHSzOXySj&ba1320W^@Ss%74VB_ zccB@B#%?P~oV;OqI<@oR5*Q%OIs@%PN}6fViPr4#SYNc{ z;dC&$9L*fIC|}EuYdEPHDIz{sN0}+ORX!7UWd^0Oes17A>`<+NnPC$>m_sKsh~MU> zAH{gziIjx&nd_)K0E|r+BvKfxatO%wk6Biu(gqx!7ILvl8l;8R8FTv_NwE@+qrsul zBy$PNuOZVSvs_3^?nU9^Xt%l=lS*RSp0^}SW(bzqWuHm;_4C>DJhKT0RLh@ljV>pD$IRbZOJYi z>PGsKBncB0hCD3aQdBudUWBqWx)ANDX9z53b@zTF9UJDT)sWmZRo z%rtW!;S0jVir6YITvI*8NnE#r@NevNDGz64Gz`+-DEWG-_c2MSAQX2+`Y1CW@1T!Fxlt!9m9sNovSOkZiApe6b>3cv>p%)}dZSm@kI1 zJ!~3?2NuyQU$uWD&Ol3BG~JA^pSCKnET*2GRODLP0H}uBchm&n7+B*nm)mVKcGZN9 zV+l4I3`6srHgJUd$h1J?>X>BTl#e(`;n^6K+I0Iq+RD?QH~0xF z3TL)!&W;)~Yg)W#*@>o&SvQNld(2gQ7(SZU89+p=DLb!dcE9>3Z{#CqWc7giMwo53 zx@>Lg&{OE>6o25`SB({p zAb4ih6KDKWAXxJT8nV9fnd}#NgQIYf^?YJf8l2i8qQ8nFD@kR5YoE_UzRm1(x(wLd z3BY5FrDyfafgBb*yOZw8{;}SmSHp1f#L870qu|8~z3s?-oEiLB zKOzf6%&XR3-qOu1DfodJeka7J#pZ~_x;8OdC+-VngjRvR!SG`TF+w&RUV~lal=;48^9~-`3U#Hhe30@Hr1T_-0xK^E>vbLVZtVLfn6{$c&GF;FyePYMarN3BxcdWTV zs$CBk_)hhXFk>{+h&8Kzeib~m>tN%R)5b4zI^K}q>&c1QLOiKU>5Nj&G^ZXO`C|cX z&o!EGV}6MUGLLB7;%5dcPLTrulC}N(1=;Q=gy3fi`V5!_+Lt$~)5|3Bj!=UNi2R}J zVg8mP<3*1^8`)esxkIbtl;6G-WS@nAI-h|jUJ^h4iM4`)p@aXQdh-9AED> z_~>)@X?|czpUq!P?sxv^y7lXQ;8MT$2PzKed|=Ih>IZ@i{-bU>_@S1vFsO_8*CG2q zW#K7YLpnr%NB&i5@=-7U&#olMKBaMpGNpMKmH4mR|0dl)Km`9KR}heb0*Z$9UnboD zq~TIzhRHq%{*@j27lCBpUjm8$CivfE(f@tY|IX$A3UPx_{EKQeR0cKH6q)zJ7yN#=vYU=$B*x8+Zlisk=%M*nh`|HZ=F{r7*R{PCW-|79Zo_dNcw ou>WIV|BFGd|1Sf}|DV0BBn$ax`hPM9e?IGf-W{Ns_}lw`0CeeFssI20 delta 8930 zcmZ{K1#lEi7wyK0Y>4Z|-QA72ySuv+H5Gx{63)n+Cbj1h1fEU%_=y zw(@fk=MJ ztY_T4TXB7t|QF4aau(@8!Ex0jt=&QKh}Oy04%^aR_-I8|??988Znbq=!= zX>%BsfCgw)Rm#OgSwC1E`2lIF1@z{rfDg(%?LhSyp10kK-Q*Pl)o)7my;j_Z*cjDK zR2{T6N72d?1frWqSV)TVP{~KSpPk(_Mq!!Wlh_ z7AULM?7YOOXb0;z69$!{@fOWRJdWiXYRxOmCs9NlB3YHDhU-FOQ(VGEJaJ}(SP$y? zHg@U>N;>wh7_6|i6PEL1jiHxj$RIdY?;U+D%#IU-uoAjyjwL+HE#MVzW#jgjL93qY zdQ|%-o>g>KD=Qaqr)lN1t|^7q094_SH5q%&j$HgB9l>576W_EJc*Hf@+aoTU1UNt! z;d<{JP{7H<;?PvOuX4_0>CznbGd=8LyVA7MI8p8>(uwn|?RkhYVwTchGx8YE3_8SL zAa;T@OSNhYB!PBtN<`WkP)VqB2Wo{Al@-X0OcuG*(qtNDPG}{_jEt12ac<=x7c>Ug zJ$D;A3b5=QdwYQt`%$1YuAz@foO_lg{Y1YmG?i>8hy0Mf)|;@71g5M`-`=8)5EoP} zhEnb6_gv6!AL#0vCqFu`PIqb66CJ*%!f!<{WxnqbO9g)8eeJB`(iI_9iJhwYN+vf7 zsY7KUK7ROlQARDfV92fc>k@yZc8%x&TuUqgJ~DW!S+;zo4%ke?RFg|OM+U%H4^u?a z({PZg=;?4Zfy0_{nw$CBAEhJO=QJRR)FhkKgqX>lK0iq0=(DS(D3(Q0n=09a>E_%e z?fnzubjL%3FeK8*hqOFx*oGYUmFzqDOK#Z|p91%^Ea(cFZ}g#=B`EE#wL$V41`(sM zT1sGQ4y{L@d$EY5_~h~ns=LmW?YNY<59)RtGiizI9ZtNo9#whjqGFO5zIn^4c*>*) z711(YIKICq<@OffJXL^P|Dt`j&U?4g?*ZfCv0x0nuGzb_vO-(9=eeF?z_k2m=0t#?;7eTxS5yP zwCIQ$kg*Q13I!O?JJ!3W^aWOsR+xQa6siqpXihMlD=8ZRt$owx{sv#GOsYofder2& z#2(x&JCM{8QPzW>oK5p3N*tRjtO71MYIv)z@Ql)-54_U|J?n2B^XLrR_Js%MWv+pX z@acqf&j+?Yde;XvmwHzy2+S&nu@!b3bl0UdN*&KzE_N9X2v`)eaE~!Fgk_ZWh*CRH zXF8DQ9m@*o;;xZCMc7QF9d(MKn{{;Q5BOae*<#S_>k`-Xq%X=oSaZ0iMUKHjor7g0GpR4P~8qoCF<#SfI(5)wA4s(pMA z?p1G_lsgn2!VvUf9KL79_S!*q=%qC89yWF3*XgV~nc8N8?9>^75kFwB7Hoq@TeMA% zF6`ybTAHfan8pYp83IYQeMMwrPF=Cz?v>Fh3E zQ1Ed-x41B*dd;kx>j&sr%iU2Y=ER#?2a?L!1ZkPD4X=yPGLmt30^7UlTpl+25 zdF;t8?aYj~b1~kRd#fOsm`x4xA#!8$hm@$){mY=BjnaFjcRXV`3qFnAEu&2b8uDgv zE?0{5d4v{}KST#eE@_Z@W%RmP%omN89eHL7wuhyCh{39t^bwjKtbKRh zO!HH#D{(w-A4Mp56rfqP;|VDXwy7D0_m%Cp9PPQ+%2rNi_SUa6rqqbi9ltpLQn`E* z3e*iHq#c?3nPk4uLL@LZy|T|K*K;7jglp>d5IcS*tIbyoloJ8h7rptom$i+e6pT!r z>R`M1tgB~dtMRI~^q%O6pMSqFT~&AbN?M9rKKOFdnuVC@>z5ju&<7^-4>X@5*NB4~ zCO~Uh%B%bG*h|6LI$XBWh2$rBXPOD`HKyFd4*LPuIPIZ zD=ad(pj;+lo0=mTi%ltPCUeC>FZ9WKyYB%-de8lV%x?_531%1Om1O zX2p4oVvIBVCq!IdV&$NYy zqjgb%GMYl%_2{BU1=jC@DuMk2`NWn4n=q}qAu66K_Y+GkW&zL0WoA41&mXUc(0hJ8 zOh;lQUbT7oOoIUt&^A>8DD~%}y57qGCB#jrv32}xPuMtVyS}TK?S{u~1eMl$?hbcA zEx@n6?J<7Y#lR?0u8@Pg2u4RYMCMR6(~u+z7Qvo&6 z##b@%zfP}X|$^ZhfR zi*~VV4FSc3^!){e^kov1AWlz#cfPO=;m;<2`at{MjT>*`-VQBguZ>SaK_tTQD)0FC6~#Xo4?2t%w3B#)l^2DD8*Zi=ghoY=Q6v^9mS!grYY_A* z0!U6d@-UC5o=abxi&rtAz^18Cz`_$jmmg$Zlz6`fVzxw#RQJXy#QIiaSt^T>}`Reo6mb>@PA?&l$)IBVYBG zwZaBnwZQKN+@L>~_&x+IdZZddDMzT4$+czdvNIrX^;7K@QIIK(eh!CI<0Gec9S{?) z{ZfFA5!qVaQB^pc9I59D(HTx)J@>rw#8&hz=GCv1+V%J+NYSlhxE-{H0swe_2Qz~I zE#oo4TBZ)R7N+jbZ<pd)iu9zGXIdFm-eLsM@In!-nFCbS+0G5(-C+1FsX--=oH+ z5gH->3Qf{d$;~N)dtW1EH5_5H49^=tjI_l7-9PyT9^AB(GkH6DJj(&d?9qb7h8pr^ z)D)}!qF$DDCpS2pl|g>P#vxvy$r^q8IFc>_hD%wqsAfg9LT5x;Of40Yt+1i|gn;=~ z^bM!qYqX0NaG4?faAEK&jS+v+hs(I@VU2VN&q`6GOWR|=seYeC+`G;uqSmnx*Jb{D zRZB?!;WD~ww@>4Ca7N1Ip}@^+W%)NhPDFPqLA}y7jGM9hRE$w62l7&HnPa6ODowiQ zU^wgxj&S5_gKXOqf>CkDU$vQiZ;_!ro!pS92f8k;OllQ(d!ILu7dxMqHF#(Y+mb%g znQ&_mq*kiSM$F*~U4a<;7O`t|-?v3PCECtN$<7x-% zCVb(vazE?*tYWVo4>+E(sH|76>C&z01VQ~fNf*ecDEaUJ01yoT5dYsKNmyE$dN{cM zf99%4`^gJ)4(F$m9=|PqnTDvuz^hU+CL-c4(){KoNoYFKK(hel_*skPVTH`J22%2) zo6~RQcSoJV;OU~#M*l#0BjFU0)?{$v==oS-9#ie>XEMIY&dIye`a5C2cfWR?z&TJS zJ<>#Bd6ME4(Ns2=i>kDQR@1IDcGv}*k6pGF5eRFphbZ!s1dT{mCan{XP<(dtCnk#x zRr&ZW>+dGBY9eMZ4`QQ@uXf+#r$RFg1N%EoL&9g{|P&qbJP9=GC#&4|@ zG=Id`ZPti4;*Yk3hMD$BR+qDY2a_MtQHIMh(9$q&e3Eq@s@)L^4|0^H`GOJxGt1mc z%%j0O<5JXcv;wZ$v&zggVmTIN%qm$tfAxS}pa6?{%o{&hcyL;5LC^Rw zupW@snA<_6@g`up=~~SohLE#z+LZ!hS7@aMT0Vl^xL`VA_(ZZ`7dl2uNhCANvE&+J z3bcotxpGZSZNuM44bUE$KlWIS(uZ9hq#kl(N7La*7)w2t54ImX>+@?-!dwq2j0Vc6 z?m3Ot2Km7nDKhs!yEz_y0t?8t4R5u--hV7!Ena%$bQz%*g4PZltTUjfcfODj)k>1L zKfu<(W`_MPV{*bHWUQpWM(HwY43*jG75Rpx?@JtJva^h_BWJJ3VIre6LBPpAG)D_9 z=8z-w!YL<{J`QGJMyV8Wl8u290{0H8<-7o#nj*+#dF*rDzEZl6J~+Nwj(El0K{|cc zVS$m`YvG!Txh*v{-1I}Vp9@PuBtLmw;~TT48F@oXsz>+L5AUF|pfD9l_+#^))VVEo zzw~UP%#P&t*eS;|RgH9Dw3?fJbz=xOAM(?@U;Si`OS@{vS5Vzk<(5%~PEE8JTnQl~ z@~e&6;(FS%3$!HsMhY&KN*iIVNUn_(r~Vwj-D-GgkUIwTV4?W#*=&Ib>{Fm$V|j&!WWHt%HHBoX5I%U8rj_N4);c*qWV zHRUovVZ=k21PVkxSg=u&n%4*~k^E-xJx#*#h$(_*m#SJhod# z`W*?BB-jMNLi6B4wAmv*qs>r0;~_YafGhR%owEI>spWHe&MaMFRX_Wrj%(C%ZOY2; zNX0@9zR3g&G;m;s;-$vRL^?&$rSEWO<3FqPk|MU%2goW);g-UZv5)WbZLKV(f38YOA(+Ld>FIDm$-vX4Kl1(rb64koSFy>tcxfu1AsLCiINh zb3UuDs^s?P`*8|GeV**T)9&2R^0QuU_l1>@H}jh#B1^`@JArrJyH7eXuUo#8*%!uK zKwGP4u1z@S;a;khTBEV-V3VG7Ml8J2zcCu>e)WSA{N#ux&Gk&^T(>bYH?C9B_4TM9 z$swu#BhrPlPCEJL_6d{LAVZS%0Qh4iw^4T+67fEohHoVxFof$~Fr-+z{OG+B1YwXr zB~*HdZbLC2{V1 zt@cD+((%l*ktE__3h@_iIy z{x#kPrjEpf*?TW;!D0>+X!KhRy#5O%!)@?Z=r574-nw$lHsF@=4VF7De+s<2+uJzf94I7z$@B)!XCvjc!cPp4^lb~^)X4F zHW&~GaXi$HS__X`>-FuUEa-hM7a28%UA>}FOlxkf*g}Rx0wIz42DJ}g`wZP?aeQXI zR`Dh%s*g70KgZ{!7tsIW^DjGj!iR`IY30Y8;U;hH%DKVtb z5sBkb+bt`_<9 zs^w`}!r61Mo0vLkc8alg3;4k|EFPPAYTkDQXeh0N7{m_S=}v8MlApF^V$|zY{l{Gz z@l|}Jzu!YHC z*CwRSuvVGFtDYkj6K$8N@@F&1i8Kl7$V(5Q;U_cSM`ptntSqgZejculBsfTw@fgI(a4J>% zt3UF=;j{Uy4kz%&=hcD7;J#^|F{feiIM9qXxD_*e?efICl#fUYPu5G$AE5V$xf$Mz zp$azIcyFPx?B|Zh3_jwJyv1Z;GD2jVRWZX8JlG0MqrpPT$7?ao_j~N8lv~^;wybC+ zd91wT`lXY>Cb1@@Rifw2zfCpQU!>!p*M|&=OD=XZT%T4IGxq|k4B=$;G~QF>A$hjR z8cJ#4+jvf>j?^0@Wx6bz;MpG%z59Yp?QyhzrIb_|(UC6E|B%7dYEwgnq#&E`zK9<| z|Dhh?_kuhow5X(h3#F42w0z*KEHF`y2n8u=IHr7H8s^X$^lEq~b<7RQe+{J8lRl`V z`1+Xb2`?*EN6`od-coA>7`Z_k^uE5XI;S^*6N$Gt0;Ai~?HJ3jh<$%+XG6HGGMU%R z%P!CmJh`WK?&|a)G{IuLJQ(VD{Ub2Ym~GL`_MRxp^JIump7_mG3CsfB1Q1k!J`U_;LwkYk`MMxd>w*2KPJ%K&q671` znq?|1&Q#g&@DDmt&NnXw#-xtej}a+iX72C;y>MY#v{O{gSPEe0Ylz7c-+yG+m7YRC zEMYD{%6GXVJqI=hR%f3P`Ck#jZ-msG^$9B!8>NQDythca)$Az5f8YDW0|6Y@`?qmL(TqRSaJZA*e`^Lsm$}1V8)Uiko%pSc{GoF=qvA5mTrKfy906$cO zI-P^?;!DYB_IDlc)}Gpr+po^S;2$uXiqCjbnCV;%2R4#nTQdCismT;6kv@Ra4WX8gGnR|y^0VpT%F2db-|A{w{F0uiv(iws3&Jy79SE8ZEusp~ zk!Ual(q%?Fw!-|&4|KE1kXO-h!d*bwx4=oge5L}Nb{#xNn+3G_X{f9%_h5g#WscPt zKchIz$3Pn@()t7IA!zviPZBs`XW*~3z!iM=wt$DhB+9#e>m8JpaM9etzJOp)vyoUs zeoqq`ah;`Ni7{4!H3c0qUK$~%U9IFOi~t339`O@PIc5=$5NnM#>L|m-0*atcl)U<0 z^q+i?57Yc#1JH*PnOb&+O3b;YjJx78YdB`G-*FoscPO+MAS0~{6Fp6jPJx@M;jMM5 z0IB+yhZ6==#dh)r2}(TGZB3B#oPt zm=(K48aK#n@%U|oWtYO%sxtlbx1W;Qdr#-g?_7o8Xer-HkH$B!UcAfKd*j5I zTD>iJ`~5DzF1o=qxh|iPtf*!tiK?4XXo$6B+b5e$RbR(kw2U~6P;N;DkLNNQa;Le~ zDT$rSUP4EbPhTa{50)kno;M{QsA;cLGGLw6_JbN; zM%b@Sl6uLMbOlsWvhX-f;qvj?>_9j-=5OPL*j)1VMV-xcKW&AP}-k`MS&xYtB? zk-llcDs(uHoQ;<|dYI#6fn_V%V(yFXi4Y^WO#6rlyu(8kQ9kp~#2T>?DKO$N*}l^3 zKDtJptJe~x2e+_0DyY5YP7pMfdVZhx2@*OQPJ1KQHqjoG=XSLtDH^|KfSEH8<$I#! z&>7DXD?d4-Tc(IiV>zvOg)BDUqI{}Cq#0XkY?~he^SDvri_2PQi=986Un}3~%-J;K zE5fVFG;?Il?_A(&;bH@H=-`@ZgLf3AD~>WqJPIcQ3k#hL<*IrUK~5i}|g`v)zC z3uDzPY?3dAV^_{B5#?*-Q08o^uMX|s$G521cUFIa*~Yqf1O^x)e8@J*#gAc=NZ3*I z4w^*?27^g&VV%q7d>%>h-$gM@VjWUJk!E;olHS~Y2s;IoxutqWlgfz{Y5d|}w3Z79 z{UlpP8~6zMYL7$;vFT7I&G@>Y&g62Q7%VT0yDCQ2VhYV8wkd^}DY_Yr-m*jKf5Nxf z1!S!58Q=+2zcsg5IG_KVRiOGnA$b4l92NCPxY*(+!g%q($u=0oHL7wT;udKxH-au9 z@ixvl_6E#n!`#k_LpI@iqJRh{2J`mFpWUw|eq4zB^JA|UjhZ8R*>cA(&qH`=bk;Kd z-LOAtP=yCVL1V%EuPh;f?~CUjPD0%m<`>-g!u^7vVZj&FAAa+K*~7{&crmQMz(k z@mEhV`BxV^sSo^94)MS8frR@>J(53`e=?CTbrpYag@IlPu2VEnlnK{U6r_Kc|D?nI zVe?xF&xBTN+{}K3yz6gH%S=c{* zHUT_}^P({FPP7IS0RWpS0D! z7lq9I&c)vRPWK7^GsZ^Ee?**w^%=4kGPG7S4aRTc0}udU{D+L%@E;i)^mhrMA`kbQ S2mp}&K1F^" + san: + dns: + - "nai2" + - "nai2.adn-postit-tknxchng-01-dev" + email: [] diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-tls-client-trust-5a02ce1399ca42298422a320.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-tls-client-trust-5a02ce1399ca42298422a320.yaml new file mode 100644 index 0000000..2955595 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-tls-client-trust-5a02ce1399ca42298422a320.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "nai2-default-tls-client-trust" + namespace: "adn-postit-tknxchng-01-dev" + labels: + deploymentTarget: "nai2" + annotations: + projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT" + patternId: "5a02ce1399ca42298422a320" +spec: + keystores: + - name: "npi-mockrelam-identity" + namespace: "adn-postit-tknxchng-01-dev" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-sh4r3d-default-default-signer-5a02ce1399ca42298422a320.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-sh4r3d-default-default-signer-5a02ce1399ca42298422a320.yaml new file mode 100644 index 0000000..87df3f7 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-sh4r3d-default-default-signer-5a02ce1399ca42298422a320.yaml @@ -0,0 +1,16 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "nai2-sh4r3d-default-default-signer" + namespace: "adn-postit-tknxchng-01-dev" + labels: + deploymentTarget: "nai2" + annotations: + projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT" + patternId: "5a02ce1399ca42298422a320" +spec: + cn: "signer" + usage: "signer" + san: + dns: [] + email: [] diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/nevisauth_default.yml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/nevisauth_default.yml new file mode 100644 index 0000000..8411999 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/nevisauth_default.yml @@ -0,0 +1,18 @@ +schemaVersion: 1.0 +instance: + type: "nevisauth" + name: "default" + directory: "/var/opt/nevisauth/default" + pid: "systemctl show nevisauth@default -p MainPID | cut -d '=' -f2" + source: + url: "/nevisadmin/#/projects/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/patterns/5a02ce1399ca42298422a320" + projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT" + patternId: "5a02ce1399ca42298422a320" + patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable" + resources: + ports: + - "0.0.0.0:8991" + control: + start: "systemctl restart nevisauth@default &" + stop: "systemctl stop nevisauth@default" + status: "systemctl status nevisauth@default" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/keypass b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/keypass new file mode 100755 index 0000000..5b0d317 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/keypass @@ -0,0 +1,2 @@ +#!/bin/bash +echo 'password' \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.jks b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..d0ebc272c18f3841fd88c0cc8dac83ae2f1c46a8 GIT binary patch literal 1777 zcma)6YgAKL7QQ#Ri3o&@CPtBJE+|5P3nw9jgqD{u5=Ibt3KqdUh=4qk7=%&4lweg} z!lI0l@+`Imb*L0!ETo{k91x12ODTe}7F*;Yh#t8hif^{XqAsq1l- z*2Z@UU9~}rx5;h73kF?})bb%Wi}`N9FFAd!!z!!fW$h2C%z_yUMGof0pdIfcZ#r-< zUX-@BDxrOxfuy`#V1%9Q{oZewWZjfH9alJRlXdN1v1qrjoHk&1eFPFWXKTuw`Ki*$ zGTz{lea*#u)5DGTmhS9iJ)Hj5_w;>_;uExwQG@9%KcJ(Wp1$|wCX*wEny6AUp=asc z#7c;g-MObwZ>)YQdR^GzG4Cq(*3H`k<}J%#*@!P6$?x#dzHjMuiI!$ZZ$x*`7Vtm1 zV>5Rj4(GIJYVjc@&i(yg#-{Icynf{$!^7Hb&2q{6cgzZ;ADx`f=f^5d18 zxrpKx4i7_cwGtKrB^&|5iF(#Vm_S$q!^mE+2l)Kq16;OSv|OI#WM?Oc5!k++KwD9? zE+EAOQ4)#0BU_9CiK75xiyRy<0kCIdOg0{(#FPPJPoF#HD514NzC$?rEM zZ$S}LKnH7xghM9`VHoHUi3pUR1|vY9sCQ5$hr@6%9{8_T(~-XcKG;>^S+VmiA(1rh zzX^%NNf?jAVTxEh3C3fxm>65a=3oMmn2SXT#B2eJC2?eO0NAqnr8zUB?ms(l3 zZ#?oiM|<;>oV+XZr{<_Tx6007 zo%2K5AY|Cb$z}7xPgb@EpQLifFYI?0cupHxPQm9j}CHHUP(_(a6WE4 tDITbeDW~Ewhq7rGjargaE5YK8#^xHNoRR0oua8{LySe{;>$Bz={{d$_vUdOg literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.p12 b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..47fcca3a6f632c0db24885880d403a16c6e49910 GIT binary patch literal 2118 zcmV-M2)Xw#f(Swa0Ru3C2kZt3Duzgg_YDCD0ic2h-2{RM*)W0!)i8nw(FO@BhDe6@ z4FLxRpn?a&FoFlZ0s#Opf(N$-2`Yw2hW8Bt2LUi<1_>&LNQU+thDZTr0|Wso1Q6x#Gbd&*b}IC?6xX{C%6ou<2SBO9?ehkx9(i!9Z|h%O&Q!6i z+#r;Y7>P8{In{m@?06XzHkyz%t6@^&DH@(J}U^ zSg@XGlu3XGmAP=lWqN*iwXYt>p+V)eq{e{&`?DBF#frxbkfL3oUo+e*S@|MF`iBv- zT^qA#0Jc;Au-7{t4llj$srKcDJ_PpUVc?vEel%s4l~UfO2qW>aB5Iex?t@y+U|^x) zw}g6Z9Zz3R{6zKu?gc@5cr>>TKR&-Bpj78O6zd_knYYs$F~AK)E`wE)%33<^QoX78 zm{rdjQF>(}K!fAC&|Pk~efRzrmgU*Y9MFZ6d*|cFH=;=ASD!H~J$H%JZP>o&jeDS+ zSj10XLM%HSC}l`tmg0#R*ft==DjvVnD}Pp$bO_90|C|?}>*1qMI6zJK=YoJQPFPe* zK){26@ZU&3i+?$2$JS>)=`Y-l$Bhgd8cho4$KS0oY67W7PGI4t*i(hLI=>=7u^_VV|(^-5$Ri}D3cacMW!Jm{)^0}i)dCfqN-VsC= z5MPPHu=M^lXLs4AzCBwb6VYEfv12587veUgr)js=;CzOP--9akZs$NIUDO!uuK7># zk2$95dxfIpqpJmT&uauIbdNNI-ZK5L>GfNM4atqjC=Hnd7_a|tzAQP5H+l|=$m;^s(a;#{MrL5XC3pcP2K|RF zVt?LofbC-Q)P{VYiXiehawqG-Xn&!-xfx^`-j9>sN zu!fta>{G;(uhN0Y9v4y z=ZV-~Wd0EaH8tU!o&!18n7bm2rSu8T(cz?y4-+w`T=ih9RrTgS(EB5D5SA^%)*D9K zii4~X2oR`hoXW#Rse1F|a2G4;NYcB^-*Nwh6;^w9su3g<(8;+I%H7G!zp}$-%%6$;|WPPIC5ZMz0$-M3`-v7-9ym zPR>MdP0FCizdU-hE2fy`$B5gv3#quVF>;KT3=K~$l=abC8@Pw+$(6AAB3Dg1q9?j0 zeJt?3tNcIZX**7A3yl*es4mvWH$LLcae3;EM5`A@8NAEF7ubKHWlT z!Awixtws0CXt27a%YZz9iq`XUz1(-;IqNWHgcgT)07qJg(yHT1?C zM89)T&S24Lf4d5h-b0qSj@F;W2}0&X(|~z@C)6hkIP1`@Zvd`O(|vG=tInXKl!m#M zkVd=Dk2BX(r{Srn_s}TI0YchLI5o9F4*QCIRjlsE{Q5aJqDEiG=olZ^@AE7}>_`@I( z-Gua^P{=a<$}BF2Z1WM;-^pAS{eNf1JyS)rjoU~GOM`W1Hbe8Wtd8RGwHd>)NWlu{ zZE@h%3bnAl_GpJ2+4x!DXeEStg`>t+6cm%5;O8MvU)N*NQp&+Rig-#my`-A zL&%E>9wT8zmZ3A^vITJ8Ja^d(-qXBcL$(s*aRUt|hkoi2kYheAJjKl}W2Kh$j_aPL z+R_Mgfwm=j9de@*?ZVz}oS)T&4gAi*5vw_Z?KvruY)8DD7IFByx%_K$v(6Gyu_Ysz z@Gd0h2dPL-#|mcddj`af+j~r^4l4%1LtFi(3FVI-wo zXhMc-P=57~S-bSK#8O)LZDY+XPcVW_OzKPlO@DGezdmDfQV1O1#@5;%*xx3P)z~@A zBEK4x2}`NC9O71OfpC00bZix+s$mcToH#=0?Y0 w%G}%G$^K@9+xOPfE+Y4?qlZKU6j9&np=F{}*CVv1R;f>6PY0<{9 literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.pem b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.pem new file mode 100644 index 0000000..28d21f4 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGkzCCBHugAwIBAgIULa4PojoMOF/785XA2QNkLRQYTS4wDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UE +AxMiU3dpc3NTaWduIFJTQSBUTFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2Mjkw +OTMwNDdaFw0zNjA2MjkwOTMwNDdaMFAxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxT +d2lzc1NpZ24gQUcxKjAoBgNVBAMTIVN3aXNzU2lnbiBSU0EgVExTIEVWIElDQSAy +MDIyIC0gMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL61hlRf7Jxo +0msjavo1pgChwWBDYix5Zd0CnhciVYUCk30Ko6BxFBICoSsZ1gXGqlT20g/AYqYL +xuKcdNNAJ/LHT6k2zL3UhSpx+eHjeTGQ7id2jC1HKRZ9zA8YXdhtY3oJom7B3ykE +d/j0KVmHy9tP1A0rt3ntbJLfLIS6uWogx2KfFs8MwtoAZLiGvp49SHly6p450fcz +payPIWu12PfVQjLg7b9NitlDlYEWiCAL7R3jINw2yMwcdBvq2gy+ZZsiYkSb1m+h +ABOGxU6SCN6w7GgRWWveSaJBvRokUvIon/wsZK51j8RM4TsoR60Wei8ftSBL75BI +g9Us8dkBXDa8vqoDVpc9zs6pan5XN8KymNT52j4gEe161eYTtbiME4KdSWtVsA7e +rdkHsXKJTRIxxdpUkQXxhLXEoyDed/BVgV1yhTeN6YCFX7AiocAi5rPUplc6LV58 +CCUWFMSWEJxOYQUrwWFLNzQMnE969hnvdhuO8ZeqtpwFwX/OLryWoil+jGobRm/1 +OQS9+urcVygrzZ9Dy9Q/OF/oq9NeaijvL2Ncjkj5f6uJzgXkm7PwjnHrL2FWBkhp +oM/vyT1VAgWNoku3jIyedtyJ9lUECwPIzQuddQYOL8FwhaFmvtHnOLpiy2ctbwir +gJW+KcsNkpHg0N5stJcPzPvlssmNBHbNAgMBAAGjggFiMIIBXjBcBggrBgEFBQcB +AQRQME4wTAYIKwYBBQUHMAKGQGh0dHA6Ly9haWEuc3dpc3NzaWduLmNoL2Fpci1h +ZWZmMzc0ZC0wZjdhLTRjNTUtYTAzNC0xNDQwMjkwY2ZhMzIwEgYDVR0TAQH/BAgw +BgEB/wIBADAoBgNVHSAEITAfMAcGBWeBDAEBMAgGBgQAj3oBBDAKBghghXQBWQIB +AzBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vY3JsLnN3aXNzc2lnbi5jaC9jZHAt +OTY2MWMyOWYtOTEyMS00ZjQ2LWFjZDgtZWFkNGEyMmY3MTYwMB0GA1UdJQQWMBQG +CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFElS +3zCGkllfNJwlSCSrwOvRBvLWMB8GA1UdIwQYMBaAFG+OYouTQ7DhQPanw/3xD7gP +FTilMA0GCSqGSIb3DQEBCwUAA4ICAQBugn943V4fbEbG+Leb4YXTWLLfPIC+mrdc +H6v1+Iws+XCzoKthaDk0c346mSaXZM9to5xDOWgfEnBYbVioMyI/5EABbg4ARkgp +dj50FPe9MtLD4kOZFv/8LoRH+WdAfQUsxS1RQincUnYWAxmRNOHLdnbyiQt3sYDl +6tZzURSMnMUec4stxfLT4VQE1Ew6Phr06CouYOd5ON+mWkFhROz3jx5PTXcECrqQ +IT27wJ4mzKA6W9p69ZDFi/+FcpN9vCjzksi0w8i62DwtbO8Pj3ZEOL8z6+cwXyT7 +X7Zt96vufj+bsxFo1IXQ6cb2i13qpThSHL4NA1NhUbB/ipMbxNtBJ4fwtcG8SAUs +jRXgG/RYrXRorG90KU/dcezixY4yKnlIdkkhpV7h8jY2+XS7GbjaKee8pPeAFXgs +Hzdi+EhZvHOVfshaKL2CAELrYn8Tzo2Zt9zsbif8L7bPJROS3xqzn+GbCFt67/8Y +jTh84Taa4D49H6V+p01QPkvG7ub7Rw52fm56zY3mabbhbsREOceswsfunxSN/SOE +pLKVMopuVnRcwVIWmnzH9BlBhIzLqOS4kCYA5E5Irw217j/JTGVWEdMN0ar09nGh +WA2Eq8aDANjAP1bao/4nmxsFU2zKbTR40Tb7/HKB5jaItYdkz6ppnxQDLTWe7T6+ +nGZwqmYtbQ== +-----END CERTIFICATE----- diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict.properties new file mode 100644 index 0000000..a482f9b --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accept +cancel.button.label=Cancel +continue.button.label=Continue +deputy.profile.label=(Deputy Profile) +error.saml.failed=Please close your browser and try again. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +info.logout.confirmation=Please confirm that you want to log out. +info.logout.reminder=Your session on this application has expired. Try again with a login. +info.oauth.consent=Do you want to authorise this application to access your data? +info.timeout.page=Your session on this application has expired. Try again with a login. +login.button.label=Login +logout.label=Logout +logout.text=You have successfully logged out. +method.certificate.label=Certificate +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN Code +method.oath.label=OATH Authenticator App +method.otp.label=OTP (One-Time Password) +method.recovery.label=Recovery Codes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Never +policyFailure.dictionary=▪ must not be taken from a dictionary. +policyFailure.history.History=▪ must be different from previously selected passwords. +policyFailure.regex.control=▪ cannot contain more than {0} control characters. +policyFailure.regex.lower=▪ must contain at least {0} lower case characters. +policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyFailure.regex.maxLength=▪ must be at most {0} characters long. +policyFailure.regex.minLength=▪ must be at least {0} characters long. +policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyFailure.regex.numeric=▪ must contain at least {0} numeric characters. +policyFailure.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.dictionary=▪ must not be taken from a dictionary. +policyInfo.history.History=▪ must be different from previously selected passwords. +policyInfo.regex.control=▪ cannot contain more than {0} control characters. +policyInfo.regex.lower=▪ must contain at least {0} lower case characters. +policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyInfo.regex.maxLength=▪ must be at most {0} characters long. +policyInfo.regex.minLength=▪ must be at least {0} characters long. +policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyInfo.regex.numeric=▪ must contain at least {0} numeric characters. +policyInfo.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.title=The password has to comply with the following password policy: +reject.button.label=Deny +submit.button.label=Submit +tan.sent=Please enter the security code which has been sent to your mobile phone. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorization +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_de.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_de.properties new file mode 100644 index 0000000..6b68fda --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_de.properties @@ -0,0 +1,80 @@ + +accept.button.label=Akzeptieren +cancel.button.label=Abbrechen +continue.button.label=Weiter +deputy.profile.label=(Profil Stellvertreter) +error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut. +error_1=Bitte überprüfen Sie Ihre Eingabe. +error_10=Bitte wählen Sie den gewünschten Benutzer. +error_100=Zertifikat-Upload nicht möglich. Zertifikat bereits vorhanden. Bitte kontaktieren Sie Ihren Helpdesk. +error_101=Die angegebene E-Mail Adresse ist ungültig. +error_11=Bitte verwenden Sie ein anderes Zertifikat oder ein alternatives Authentisierungsmittel. +error_2=Bitte wählen Sie einen anderen Login-Namen. +error_3=Falls Ihr nächster Login fehlschlägt, wird Ihr Konto gesperrt. +error_4=Ihr neues Passwort wurde nicht akzeptiert. Bitte wählen Sie eines, das den Passwortvorgaben entspricht. +error_5=Die Eingabe zur Bestätigung des Passwortes ist falsch. +error_50=Das neue Passwort ist zu kurz. +error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden. +error_6=Passwortwechsel erforderlich. +error_7=Wechsel der Login-ID erforderlich. +error_8=Ihr Konto wurde infolge wiederholt fehlgeschlagener Authentisierung gesperrt. +error_81=Keine Rasterkarte gefunden, Zugang vom Internet verweigert. +error_83=Ihre Rasterkarte ist aufgebraucht. Bitte kontaktieren Sie Ihren Berater, um eine neue zu erhalten. +error_9=Die SSO-Session konnte nicht übernommen werden. +error_97=Sie verfügen nicht über die für den Zugriff auf diese Ressource benötigte Berechtigung. +error_98=Ihr Konto ist gesperrt. +error_99=Systemfehler. Bitte versuchen Sie es später. +info.logout.confirmation=Bitte bestätigen Sie, dass Sie sich abmelden möchten. +info.logout.reminder=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login. +info.oauth.consent=Wollen Sie der Anwendung den Zugriff erlauben? +info.timeout.page=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login. +login.button.label=Login +logout.label=Logout +logout.text=Sie haben sich erfolgreich abgemeldet. +method.certificate.label=Zertifikat +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN-Code +method.oath.label=OATH Authenticator-App +method.otp.label=OTP (One-Time Passwort) +method.recovery.label=Wiederherstellungscodes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Nie +policyFailure.dictionary=▪ darf nicht aus einem Wörterbuch stammen. +policyFailure.history.History=▪ muss sich von vorhergehenden Passwörtern unterscheiden. +policyFailure.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten. +policyFailure.regex.lower=▪ muss {0} Kleinbuchstaben enthalten. +policyFailure.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten. +policyFailure.regex.maxLength=Länge des Passwortes darf höchstens {0} sein. +policyFailure.regex.minLength=Länge des Passwortes muss mindestens {0} sein. +policyFailure.regex.nonAlnum=▪ muss {0} nicht-alphanumerische Zeichen enthalten. +policyFailure.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten. +policyFailure.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten. +policyFailure.regex.nonLetter=▪ muss {0} Zeichen enthalten, die keine Buchstaben sind. +policyFailure.regex.numeric=▪ muss {0} numerische Zeichen enthalten. +policyFailure.regex.upper=▪ muss {0} Grossbuchstaben enthalten. +policyInfo.dictionary=▪ darf nicht aus einem Wörterbuch stammen. +policyInfo.history.History=▪ darf keines der zuletzt verwendeten Passwörtern sein. +policyInfo.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten. +policyInfo.regex.lower=▪ muss mindestens {0} Kleinbuchstaben enthalten. +policyInfo.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten. +policyInfo.regex.maxLength=▪ darf höchstens {0} Zeichen enthalten. +policyInfo.regex.minLength=▪ muss mindestens {0} Zeichen enthalten. +policyInfo.regex.nonAlnum=▪ muss mindestens {0} Zeichen enthalten, die nicht Alphanumerisch sind. +policyInfo.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten. +policyInfo.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten. +policyInfo.regex.nonLetter=▪ muss mindestens {0} Zeichen enthalten, die keine Buchstaben sind. +policyInfo.regex.numeric=▪ muss mindestens {0} numerische Zeichen enthalten. +policyInfo.regex.upper=▪ muss mindestens {0} Grossbuchstaben enthalten. +policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen: +reject.button.label=Ablehnen +submit.button.label=Senden +tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorisierung +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_en.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_en.properties new file mode 100644 index 0000000..a482f9b --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_en.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accept +cancel.button.label=Cancel +continue.button.label=Continue +deputy.profile.label=(Deputy Profile) +error.saml.failed=Please close your browser and try again. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +info.logout.confirmation=Please confirm that you want to log out. +info.logout.reminder=Your session on this application has expired. Try again with a login. +info.oauth.consent=Do you want to authorise this application to access your data? +info.timeout.page=Your session on this application has expired. Try again with a login. +login.button.label=Login +logout.label=Logout +logout.text=You have successfully logged out. +method.certificate.label=Certificate +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN Code +method.oath.label=OATH Authenticator App +method.otp.label=OTP (One-Time Password) +method.recovery.label=Recovery Codes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Never +policyFailure.dictionary=▪ must not be taken from a dictionary. +policyFailure.history.History=▪ must be different from previously selected passwords. +policyFailure.regex.control=▪ cannot contain more than {0} control characters. +policyFailure.regex.lower=▪ must contain at least {0} lower case characters. +policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyFailure.regex.maxLength=▪ must be at most {0} characters long. +policyFailure.regex.minLength=▪ must be at least {0} characters long. +policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyFailure.regex.numeric=▪ must contain at least {0} numeric characters. +policyFailure.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.dictionary=▪ must not be taken from a dictionary. +policyInfo.history.History=▪ must be different from previously selected passwords. +policyInfo.regex.control=▪ cannot contain more than {0} control characters. +policyInfo.regex.lower=▪ must contain at least {0} lower case characters. +policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyInfo.regex.maxLength=▪ must be at most {0} characters long. +policyInfo.regex.minLength=▪ must be at least {0} characters long. +policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyInfo.regex.numeric=▪ must contain at least {0} numeric characters. +policyInfo.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.title=The password has to comply with the following password policy: +reject.button.label=Deny +submit.button.label=Submit +tan.sent=Please enter the security code which has been sent to your mobile phone. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorization +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_fr.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_fr.properties new file mode 100644 index 0000000..fc392a3 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_fr.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accepter +cancel.button.label=Abandonner +continue.button.label=Continuer +deputy.profile.label=(Profil du suppléant) +error.saml.failed=Fermez votre navigateur et r;eacute;essayez. +error_1=Veuillez vérifier vos données, s.v.p. +error_10=Choisissez votre compte. +error_100=Téléchargement du certificat pas possible. Certificat existe déjà. Veuillez contacter le helpdesk s.v.p. +error_101=L'adresse e-mail é n'est pas valide. +error_11=Choisissez un autre certificat, s.v.p. +error_2=Choisissez un autre nom, s.v.p. +error_3=Si l'authentification ne réussit pas au prochain essai, votre compte sera bloqué. +error_4=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité +error_5=Votre confirmation du mot de passe ne correspond pas au mot de passe donné. +error_50=Le nouveau mot de passe est trop court. +error_55=Le nouveau mot de passe doit différer de l'ancien. +error_6=Veuillez changer votre mot de passe, s.v.p. +error_7=Veuillez changer votre login ID, s.v.p. +error_8=Votre compte n'est pas active. +error_81=Pas d'access card trouvé, l'accès par l'internet est refusé. +error_83=Votre access card n'est plus valable, veuillez contacter votre gestionnaire. +error_9=Il n'est pas possible de transmettre la session. +error_97=Vous n'avez pas les autorisations nécessaires pour accéder à cette ressource. +error_98=Votre compte a été bloqué. +error_99=Problème technique. Veuillez essayer plus tard, s.v.p. +info.logout.confirmation=Veuillez confirmer que vous souhaitez vous déconnecter. +info.logout.reminder=Votre session sur cette application a expirée. Essayez encore avec un login. +info.oauth.consent=Voulez-vous autoriser l'application? +info.timeout.page=Votre session sur cette application a expirée. Essayez encore avec un login. +login.button.label=Login +logout.label=Logout +logout.text=Au revoir +method.certificate.label=Certificat +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=Code mTAN +method.oath.label=Application d'authentification OATH +method.otp.label=OTP (One-Time Password) +method.recovery.label=Codes de récupération +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Jamais +policyFailure.dictionary=▪ ne peut pas être pris d'un dictionnaire. +policyFailure.history.History=▪ doit être différent des mots de passe préalablement sélectionnés. +policyFailure.regex.control=▪ ne peut contenir plus de {0} caractères de commande. +policyFailure.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s). +policyFailure.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère. +policyFailure.regex.maxLength=La longueur doit être d'au plus {0}. +policyFailure.regex.minLength=La longueur doit être d'au moins {0}. +policyFailure.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques. +policyFailure.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII ({1}). +policyFailure.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables ({1}). +policyFailure.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres. +policyFailure.regex.numeric=▪ doit comprendre {0} caractères numériques. +policyFailure.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s). +policyInfo.dictionary=▪ ne peut pas être pris d'un dictionnaire. +policyInfo.history.History=▪ ne peut pas être l' précédemment choisis. +policyInfo.regex.control=▪ ne peut contenir plus de {0} caractères de commande. +policyInfo.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s). +policyInfo.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère. +policyInfo.regex.maxLength=▪ la longueur doit être d'au plus {0}. +policyInfo.regex.minLength=▪ la longueur doit être d'au moins {0}. +policyInfo.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques. +policyInfo.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII. +policyInfo.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables. +policyInfo.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres. +policyInfo.regex.numeric=▪ doit comprendre au minimum {0} caractères numériques. +policyInfo.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s). +policyInfo.title=Le mot de passe doit respecter les règles suivantes: +reject.button.label=Refuser +submit.button.label=Envoyer +tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Autorisation du client +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_it.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_it.properties new file mode 100644 index 0000000..2744457 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_it.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accettare +cancel.button.label=Abortire +continue.button.label=Continua +deputy.profile.label=(profilo del delegato) +error.saml.failed=Chiudi il browser e riprova. +error_1=Verificare i dati immessi. +error_10=Per favore selezionare il conto utente corretto. +error_100=Impossibile caricare il certificato. Questo certificato esiste già. La preghiamo di contattare il Suo help desk. +error_101=L'indirizzo e-mail inserito non è valido. +error_11=Scegliere un altro certificato. +error_2=Per favore scegliere un altro nome. +error_3=Il conto verrà bloccato se il prossimo login non andrà a buon fine. +error_4=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password. +error_5=La conferma della password è errata. +error_50=La nuova password è troppo corta. +error_55=La nuova password deve essere diversa dalla vecchia. +error_6=È necessario modificare la password. +error_7=Set up inizale dell'account per il portale necessario. +error_8=L'account è stato bloccato. Rivolgersi al servizio assistenza oppure provare con un altro strumento di autenticazione. +error_81=Nessuna carta di accesso trovata, accesso da internet rifiutato. +error_83=La sua carta di accesso non è più valida. Per favore contatti il suo assistente per ricevere una nuova carta di accesso. +error_9=La sessione non può essere ripresa. +error_97=Non si dispone delle autorizzazioni necessarie per accedere a questa risorsa. +error_98=L'account è stato bloccato. +error_99=Errore di sistema. Riprovare. +info.logout.confirmation=Si prega di confermare che si desidera disconnettersi. +info.logout.reminder=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login. +info.oauth.consent=Vuoi consentire all'applicazione? +info.timeout.page=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login. +login.button.label=Login +logout.label=Logout +logout.text=È uscito con successo. +method.certificate.label=Certificato +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=Codice mTAN +method.oath.label=App di autenticazione OATH +method.otp.label=OTP (One-Time Password) +method.recovery.label=Codici di ripristino +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Mai +policyFailure.dictionary=▪ non può essere presa da un dizionario. +policyFailure.history.History=▪ deve essere diversa da password precedenti. +policyFailure.regex.control=▪ non può contenere più di {0} caratteri di controllo. +policyFailure.regex.lower=▪ deve conenere almeno {0} caratteri minuscoli. +policyFailure.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali. +policyFailure.regex.maxLength=▪ deve contenere al massimo {0} caratteri. +policyFailure.regex.minLength=▪ deve contenere almeno {0} caratteri. +policyFailure.regex.nonAlnum=▪ deve conenere almeno {0} caratteri non alfanumerici. +policyFailure.regex.nonAscii=▪ non può contenere più di {0} caratteri non ASCII. +policyFailure.regex.nonGraph=▪ non può contenere più di {0} caratteri non stampabili. +policyFailure.regex.nonLetter=▪ non può contenere più di {0} numeri o caratteri speciali. +policyFailure.regex.numeric=▪ deve contenere {0} caratteri numerici. +policyFailure.regex.upper=▪ deve conenere almeno {0} caratteri maiuscoli. +policyInfo.dictionary=▪ non può essere presa da un dizionario. +policyInfo.history.History=▪ deve essere diversa dalle password precedenti. +policyInfo.regex.control=▪ non può contenere più di {0} carattere/i di controllo. +policyInfo.regex.lower=▪ deve conenere almeno {0} carattere/i minuscolo/i. +policyInfo.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali. +policyInfo.regex.maxLength=▪ deve contenere al massimo {0} carattere/i. +policyInfo.regex.minLength=▪ deve contenere almeno {0} carattere/i. +policyInfo.regex.nonAlnum=▪ deve conenere almeno {0} carattere/i non alfanumerico/i. +policyInfo.regex.nonAscii=▪ non può contenere più di {0} carattere/i non ASCII. +policyInfo.regex.nonGraph=▪ non può contenere più di {0} carattere/i non stampabile/i. +policyInfo.regex.nonLetter=▪ non può contenere più di {0} numero/i o caratere/i speciale/i. +policyInfo.regex.numeric=▪ deve contenere un minimo di {0} carattere/i numerico/i. +policyInfo.regex.upper=▪ deve conenere almeno {0} carattere/i maiuscolo/i. +policyInfo.title=La password deve rispettare le seguenti direttive: +reject.button.label=Rifiuti +submit.button.label=Continua +tan.sent=Inserisci il codice di sicurezza che è stato inviato al tuo telefono cellulare. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Autorizzazione del client +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/bc.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/bc.properties new file mode 100644 index 0000000..c399a82 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/bc.properties @@ -0,0 +1 @@ +bc.tracer.TraceIndentFactory=ch.nevis.bc.io.Log4jTraceIndentFactory \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/env.conf new file mode 100644 index 0000000..2a747a1 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/env.conf @@ -0,0 +1,19 @@ +RTENV_SECURITY_CHECK=no_shell + +JAVA_OPTS=( + "-XX:+UseContainerSupport" + "-Dfile.encoding=UTF-8" + "-XX:MaxRAMPercentage=80.0" + "-Djava.net.preferIPv4Stack=true" + "-Djava.net.connectionTimeout=10000" + "-Djava.net.readTimeout=15000" + "-Dch.nevis.esauth.config=/var/opt/nevisauth/default/conf/esauth4.xml" + "-Djava.awt.headless=true" + "-javaagent:/opt/agent/opentelemetry-javaagent.jar" + "-Dotel.javaagent.logging=application" + "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" + "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME" + "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/tls-swissid/truststore.p12" + "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/tls-swissid/keypass}" +) + diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.security b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.security new file mode 100644 index 0000000..fffe1dd --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.security @@ -0,0 +1,2 @@ +# this file is generated by nevisAdmin 4 +security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.xml new file mode 100644 index 0000000..47274f2 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.xml @@ -0,0 +1,121 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/logging.yml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/logging.yml new file mode 100644 index 0000000..a097b89 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/logging.yml @@ -0,0 +1,51 @@ +Configuration: + monitorInterval: 60 + Appenders: + Console: + - name: "SERVER" + target: "SYSTEM_OUT" + PatternLayout: + pattern: "[esauth4sv.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-20.20c %-5.5p %m%n" + RegexFilter: + regex: ".*GET /nevisauth/liveness.*" + onMatch: "DENY" + onMismatch: "ACCEPT" + Loggers: + Logger: + - name: "EsAuthStart" + level: "INFO" + - name: "org.apache.catalina.loader.WebappClassLoader" + level: "FATAL" + - name: "org.apache.catalina.startup.HostConfig" + level: "ERROR" + - name: "ch.nevis.esauth.events" + level: "FATAL" + - name: "AuthEngine" + level: "INFO" + - name: "HttpClient" + level: "TRACE" + - name: "OAuth2" + level: "DEBUG" + - name: "StdStates" + level: "DEBUG" + - name: "Vars" + level: "INFO" + - name: "ch.adnovum.cossa.CallPolicyVerificationAPI" + level: "DEBUG" + - name: "ch.adnovum.cossa.IdTokenVerification" + level: "DEBUG" + - name: "ch.adnovum.cossa.KLPScopeToProfileBinding" + level: "DEBUG" + - name: "ch.adnovum.cossa.SimpleIDTokenValidator" + level: "DEBUG" + - name: "ch.adnovum.cossa.TokenExchangeEndpoint" + level: "DEBUG" + - name: "ch.adnovum.cossa.TokenExchangeEndpointRefresh" + level: "DEBUG" + - name: "ch.adnovum.cossa.TokenGenerator" + level: "DEBUG" + Root: + level: "WARN" + additivity: "false" + AppenderRef: + - ref: "SERVER" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_jwkmock.json b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_jwkmock.json new file mode 100644 index 0000000..05e711d --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_jwkmock.json @@ -0,0 +1 @@ +{"keys":[{"kty":"RSA","kid":"yTX9hiBfyqkvtil57ivmlbK7a6c=","use":"sig","x5t":"9WDlp2619xwm3BQd1Xrx4cTAs1Y","x5c":["MIIDXzCCAkegAwIBAgIEXhUdxzANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MB4XDTIwMTExMzExMjMxOFoXDTMwMTExMTExMjMxOFowYDELMAkGA1UEBhMCVUsxEDAOBgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZvcmdlUm9jazEZMBcGA1UEAxMQcnNhand0c2lnbmluZ2tleTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI8q9sa2tIzt0BT1A1aRBZaMa7Y1jHYNi94na4/9txTekY6CyKm0RsYg4ImBJlbu3KkF6TUnIo3YCC8Mcxc2W3FCxP74Y7PwxqKz9wGshE+Tj2GkDR438apq2ckB/uN/vEcHts6Vd/yBUaVxwBqYU2wjKAh8X+sFiPWSO+RsZxNQo3IF0JrjzgzVmR+7tU+voXvnL785J6eXAvGune+CsvgDxn2xuMGXhAeZKL5ZvToT62aucMxbiUY+CSyWvPILzwxllAVspwE+gP/pMJly52sE0ya72VbqTJPhSrDhhl68FAS43yv52Fv4khS6La79ShZPv0fk3VUKKfZOta6CZWcCAwEAAaMhMB8wHQYDVR0OBBYEFP3hiLj4fppAnV6ILez0WZN2W2DYMA0GCSqGSIb3DQEBCwUAA4IBAQBt6KLUwIsI6gP6tpU/Ppli/xpzY/Z3d/wf8ezYPI6tBr3S2iN0CmSNlvn1jfGVplCjVUBIfKGKtycBiUoADWSGMIn33CJuM5hFewKJzldYwkY1QVVxcRRVKVNBVzF7AazVj1KMT+IKqbFAjuZvniraTaV4I1WA5innUzkCZ2MwUacwUDhGKSXVWLtgCP4k/PfUS++i/TpI/mSGcReL8JJ1Q7YNUwz8qfisQvr2d21xPk6uPK24Jq9ZdSb7IZ+hDbGa4RlzOHDFXfU1ht33IKbHqc/RkGJVfU7GAbo1thlNJdlYcF+OjAnuruvwyCB0wi/O4I0JRuoeXSyD7AOfNM4V"],"n":"jyr2xra0jO3QFPUDVpEFloxrtjWMdg2L3idrj_23FN6RjoLIqbRGxiDgiYEmVu7cqQXpNScijdgILwxzFzZbcULE_vhjs_DGorP3AayET5OPYaQNHjfxqmrZyQH-43-8Rwe2zpV3_IFRpXHAGphTbCMoCHxf6wWI9ZI75GxnE1CjcgXQmuPODNWZH7u1T6-he-cvvzknp5cC8a6d74Ky-APGfbG4wZeEB5kovlm9OhPrZq5wzFuJRj4JLJa88gvPDGWUBWynAT6A_-kwmXLnawTTJrvZVupMk-FKsOGGXrwUBLjfK_nYW_iSFLotrv1KFk-_R-TdVQop9k61roJlZw","e":"AQAB"}]} \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/mockrelam_klpapimock.json b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_klpapimock.json similarity index 100% rename from DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/mockrelam_klpapimock.json rename to DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_klpapimock.json diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/mockrelam_metadatamock.json b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_metadatamock.json similarity index 100% rename from DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/mockrelam_metadatamock.json rename to DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_metadatamock.json diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_wellkownmock.json b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_wellkownmock.json new file mode 100644 index 0000000..1050bb1 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_wellkownmock.json @@ -0,0 +1 @@ +{"request_parameter_supported":true,"pushed_authorization_request_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/par","introspection_encryption_alg_values_supported":["ECDH-ES+A256KW","ECDH-ES+A192KW","RSA-OAEP","ECDH-ES+A128KW","RSA-OAEP-256","A128KW","A256KW","ECDH-ES","dir","A192KW"],"claims_parameter_supported":true,"introspection_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/introspect","issuer":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2","id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"authorization_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/authorize","authorization_encryption_alg_values_supported":["ECDH-ES+A256KW","ECDH-ES+A192KW","RSA-OAEP","ECDH-ES+A128KW","RSA-OAEP-256","A128KW","A256KW","ECDH-ES","dir","A192KW"],"introspection_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["urn:swissid:identity_id","gender","urn:swissid:place_of_birth","language","urn:swissid:identification_date","urn:swissid:identity_valid_until","urn:swissid:nationality","urn:swissid:identity_check_date","urn:swissid:doc_hash","updated_at","urn:swissid:age_over","urn:swissid:doc_name","urn:swissid:suisseid_number","urn:swissid:cid","email","urn:swissid:identity_number","urn:swissid:first_name","email_verified","address","urn:swissid:place_of_origin","urn:swissid:date_of_birth","phone_number_verified","given_name","urn:swissid:complies_with","urn:swissid:qor","phone_number","urn:swissid:document_country","family_name","urn:swissid:identity_document_type"],"rcs_request_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none","client_secret_basic"],"tls_client_certificate_bound_access_tokens":true,"response_modes_supported":["form_post","fragment.jwt","query","query.jwt","fragment","jwt","form_post.jwt"],"backchannel_logout_session_supported":true,"token_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/access_token","response_types_supported":["code token id_token","code","code id_token","id_token","code token","token","token id_token"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"revocation_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none","client_secret_basic"],"request_uri_parameter_supported":true,"grant_types_supported":["implicit","refresh_token","urn:ietf:params:oauth:grant-type:saml2-bearer","password","client_credentials","urn:ietf:params:oauth:grant-type:device_code","authorization_code","urn:openid:params:grant-type:ciba","urn:ietf:params:oauth:grant-type:uma-ticket","urn:ietf:params:oauth:grant-type:token-exchange","urn:ietf:params:oauth:grant-type:jwt-bearer"],"version":"3.0","prompt_values_supported":["none","login","consent"],"userinfo_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/userinfo","require_request_uri_registration":true,"code_challenge_methods_supported":["plain","S256"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","A256KW","RSA1_5","dir","A192KW"],"authorization_signing_alg_values_supported":["PS384","RS384","EdDSA","ES384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"request_object_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","RSA1_5","A256KW","dir","A192KW"],"rcs_response_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"introspection_signing_alg_values_supported":["PS384","RS384","EdDSA","ES384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"check_session_iframe":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/connect/checkSession","scopes_supported":["identity_documents","photoid_selfie","address","internal_id_claims","openid","profile","photoid","usm_api","suisseid_number","swissid_signature","id_transfer","phone","sub_lookup","email"],"backchannel_logout_supported":true,"acr_values_supported":["loa-2","loa-1","qoa1.4","qoa2.3","qoa2.4","qoa1.1","qoa1.2","qoa2.1","idaas","qoa2.2","loa-2.2","loa-1.2","loa-2.1","loa-1.1","qoa2","qoa1","pwless","loa-2.3","reg-webauthn"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"rcs_request_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","RSA1_5","A256KW","dir","A192KW"],"userinfo_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"require_pushed_authorization_requests":false,"rcs_response_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","A256KW","RSA1_5","dir","A192KW"],"end_session_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/connect/endSession","rcs_request_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"revocation_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/token/revoke","rcs_response_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","A256KW","RSA1_5","dir","A192KW"],"token_endpoint_auth_signing_alg_values_supported":["PS384","RS384","ES384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"jwks_uri":"https://klp.agov-w.azure.adnovum.net/jwk","subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"registration_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/register"} \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/nevisauth.yml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/nevisauth.yml new file mode 100644 index 0000000..6688a81 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/nevisauth.yml @@ -0,0 +1,16 @@ +server: + name: "default" + protocol: "https" + port: "8991" + host: "0.0.0.0" + tls: + keystore: "/var/opt/keys/own/nai2-default-identity/keystore.p12" + keystore-passphrase: "${exec:/var/opt/keys/own/nai2-default-identity/keypass}" + client-auth: "required" + truststore: "/var/opt/keys/trust/nai2-default-tls-client-trust/truststore.p12" + truststore-passphrase: "${exec:/var/opt/keys/trust/nai2-default-tls-client-trust/keypass}" +management: + server: + port: "9000" + healthchecks: + enabled: "true" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/otel.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/otel.properties new file mode 100644 index 0000000..4e53a58 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/otel.properties @@ -0,0 +1,4 @@ +otel.service.name = nai2 +otel.traces.exporter = none +otel.metrics.exporter = none +otel.logs.exporter = none diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/prepare_done.groovy b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/prepare_done.groovy new file mode 100644 index 0000000..e916e2a --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/prepare_done.groovy @@ -0,0 +1,23 @@ +// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth. +// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups. + +// restore tokens +session.each { key, value -> + if (key.startsWith('outarg.token.')) { + def name = key.substring(7) + if (outargs.containsKey(name)) { + LOG.debug("not restoring token (outarg: $name) from session: outarg already set") + } + else { + LOG.debug("restoring token (outarg: $name) from session") + outargs.put(name, value) + } + } +} + +// store tokens +outargs.each { name, value -> + if (name.startsWith('token.')) { + session.put('outarg.' + name, value) + } +} diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/log/.empty b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/log/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar new file mode 100644 index 0000000000000000000000000000000000000000..4faa5bc467aa779dc3b9570c240256fcaeb86a14 GIT binary patch literal 50623 zcmbTd1#nzJwk#-%tQIpfGs|LTW@cuVS}a@4%xEz)Gcz+-%*@Q|_h({vXa4-R@%BdD zjvF24bVYPkp31D7r63IkjtT+-1qGr44A%ttdx8Gf$KMO^_m&k^5u}rp6Jr1aQTUg@ zx}TtzIDZ4M{@#Dn|DQlvK{-h=QDqf+S+P6WiE$ZeI{H~SX*%kuiRpSJ#s!w`gWUtr zfBUh&`TuvXV1J*DE&jLu{@)=m{|GTOv9kxd+WxnpNdFpYZ13!B_}?a={ig(L8;Acb zsrBfOjm_V`$`Jwtg!KQEBrT($U~gk->_KmAW9aN0rMxDGqKK+n+>m97MJ0-O<4>8> zNl5~2rL->?SzAktH22+yD=T}(?Km9{Tl3@axWW3!N%4j%{i@cNzd!5 z{^u9x3&b{=o=IF!s((Q+>Ktss_l|Mbh_$y@aYKpX(b!E!+xayUOd8ZPtdbGR5i87) zAx8TKm(2##W&5*W7u_lXExZq1TXS)(BFBN)i@*%qO>|i0M&}3JX{L*hG1S)7nb>~P zfYZ_AWW!1YoGKkE_@(qY2ekQu#a%mV=^s?5yB3vJ0-Z&M=*v|4H-ksX<28KoD|Hj!gTeT26}Q0N-SsiXrhyJE+8!rlkYM?rCI=zY z9cm3@jV={x=f!MtWY!N$xKDFw{$8mA0)^<4 z#2(q#A^;$ANA3EN1l7(MAIi-SyOBo0#0BJ*wE)HiZKP@rJ2q(!PzACDX=Q~(x->Db zvxz4#4W`c^`g^c5wF`-&FnNq3^@V_6N|IMva*#N=uV>HPgLT%CBk)3$T{$JWKU%iB$_xf_4s+_ zdHz1>V)=uh@2Qq!iBtEr2p@`BmvQ^gd7vvEAdMzgAG=&wPcesnbNRv-nm?U9OU4nA~HfI9Ayh+t!An1mB9t6 zO?1-Sp2}^?n!1e>6zNsWGOWB-L9~-9TuaM%(kxA5>zj$8sO m2C&-(xc6=Gx_O^ zAnRfMtwu81q##!yj|h3O9;YI#KH#ODjc&A1Q1M+pvYuVP!hbH5%)HwV2y(M55G0l}r4%iyZ@ z)$Hk0%Iumr>l)bGrhSoDW9B+>agm<`iW zlEj@{Qu;X*HzhK z)y>z9e6)6zqy(?+hrBd+m&#!D1!R|51bbF5uBcRgf8V{1FsH85OQMUq@-bT|wFZA$ zk!XNj)%z%(Y>K+qT`bLLR9%h7Da+R~slNG%=MowVqxv+aYO0%mDpAEhpCKM_||D388xdEcWg0^8}lg>RSyQn~?S5^?eTUG6<1;z$F)w*d19q|&y zn7yZCIk_J;>g42+qt0mZ9C0d;!ttA+q!$sM;L$pWa|RK}^74xsh%*Jl%T(X| z@mh^Z56jxBP?)U2uAQ8>>EPvE7H|dIEIOIP%QL4gJ70?@ZReR}RBYs)*`xlf)x%EQ zHR#4F!c{|i1$@5tMmvSgu%&^mZX;QU)O8k5;_20{Q=C`zsx?aIt~3*vg`>VzveT!V zKSkGAGF^kOxp_9Y;>BB%cf!qpWq&*}Xtkb5`j}Na%&*|#=oQe2LiwJ2f$$uoPt2L5KP*f3w( zI(p}Y)1T2G^n@iaO1DT44c#W$eV5_!%ccmg?hP;Gg&I`$l0c6+C(@k|eTt>R$KLAK zVZvDJf2WC$+%{h3&)))g3w1a1z)%_k9H^orTTzF994g`J4is{9l}I}V?$Hl24IO(y zy`_f$tYK3^rv^s|M^F(U3*>0ELM%N5eZ;6!BuyvaBn$D_9qXQP=B6Dgp1C(aaj5=G ze)$>0PBV($ud_hS9)*hOoe#4f>}C|gnvbkh;ADgx77(nVvEPn(?=ttR^23bZo3sR< zb-mes1w!wOP<}`Oe4_Jz5`UJ6M3N4R(DWlYh*Ue?n(8Z|RP9xmoA8%H@R#EH|6;nS z74WrtmSWe1Z3bl`ZD(pp6*5T0^(SJ3?uWMfZXm(%J{RG)r-kV!i0kjCUjW9m4ww)w z;zzjHqs03~#0f48RKchA^GJmm6Mo}B4>m}}_9tSeMsRbSuD<=<#yEj6{`Y$+zF-TC z-~~ijJ?oQ1+g`dgJ{7&V%_~86S^ep95oZ_k4}Y|9dj)X4wq3lfn<^nx@2&a!&UcSr zuUOlnln*c(cZ(?!=^OB=u_qwps*Zsyu z9mZG|3L%r`zmw(UXTsfQ0**K_jy>oz&0p=0QpB2Xy)maZWj!U->ra*Rx1~L^1t)$7 zT}X1AWn&h1Vy$q0BWSh9`Y|Go%Z$2UVZqajemc{G!IGtvmZz=%wNT?67g(khOF z@4|{~dT_HtXLz+3%GYq-&hG~@_)q$Orh`ZV_=G(+9yX5gg>x4-(?lQ=Aj`;$448EsA%9%G z-7@mk;9&)?Z$1S-?rknP-zd}eh3+Ul*W(0ld;&Y3q&NyJ?&XAS#Qn~?&nb&jWEK*K zM-2&oy710k&|E}@1<#?kpp@KYhI!C3>Y#_LM|hAn6&!I@L9v@UY~3{>+l=%8lU}sR z)1mnWLxk)0;%Iydf36MG%}w8MV2|{CsD4S#!nLK2lUHr)21}8mM8h^~cf!P9G;GPp za(YbEBK3x|j1x*$G+7IKQ<3 z-eESnVTMauHD;eh6yNk_L+M@f%9miIz&`=qx67Q%XvM%%=2|@sf2btLgLf+ZjQIX8 zAVN&IqC>M+|NQTf!g944wZA z0Y%TSGExrhti^geJB;B5?P1U|k?@h^NuXd>32O0Wvlb(G*&NXRnY)ewG$@ z%1(T{ad`JC?7`@U9TZ05^5c#)aac0w-!n|z*=xUeUZc9Y|37T)-S zwUwL2g10()+J_w=Xq~Q>wM1JfswE9;w)`ZTlYo@#Hw?S%w2|#c!OAg|F~>qNq><0W zBnYQb^i3o`x*!-^!PCBgJBqlIeg3X)v)q7HdM&W&_#WpX*vjOLfzjF(yuXd9uff$h zu#HV0*Ko-ySxloL{QxOhFW~@O%~eNi3)F7rNpbfZyCcj@ywN~I0f(%GWG%IYlFjM6igW_bhk(kW8a2Z1k9EoW;gG~W;f*Y$!VK2WN_4*$M%!l zor|C)4p4OjHoXUgbO)|qWcg>L#bMlu>P>+&9DKuY6xa3%pLQutnh)l*!%$XV^{--4 zR!@KRt=fv&f$?mFzBC3yxMBNo1DE8*ZkumE+po;}1@^B zQ!;gSu(xymCtHhB(N&&TK;&&EC`c6e_DvKOQE<&)L_~lt2XwDTBk5bncOM7(izLXo z_0)oi=ilD3SXk!n*WaJ>ai7Sk60i7JS8b+OdE33NK0n;00EtJ?d)4&!(3jFx?&Zx=y? zq?SgN-sG-dZU^&3vegur9zpA99noI&8l4H~Hc~PqSzaETapUT7E5zLBj zL+f&&+CF`-%AnFlTS(|MXzEqeH9nryTel~dCm1+pa9YaGa)~lL%&c!sD_}RBqzhv= zn+XcGlP$AwaX7`OaF&$Xy3@T3th{BWb59?FHDjANaSuL%6{fJ-NWaKXMJkP^bO~)b zQ^bVFhGD<(X{CrnY#F;?)~%k+OY~wZc38#54zo(8>7!{a+LLZZsK;n}Cr}fV8cz9M4VCVvi0?Zrp}BL2 zVk4y+MrGGJ#J%3OxbpqCeUew6T-9Nvmm89M{h=!urs2Y3#^^9Y$2CVhF;ddBFNljW z>Uc#=EmL=qlKTBevk^lIia5fuI(%gkp{$*CdHD}OC-<>e`ZZNYP8mjxL>KFe-Y#46 z?AO07h=jl_a=>5Ba{~(kLie9wq+)MvYA5P$Y+-0;ZYum2NiK$VF3$g47*jOe{%W7$ zBOyX+2vDlPz(Ps@5ugw#jq#_hK}-$VP!u^nQ-EDH&b}s;7K;urbHM#jdUT&lkV8;b zoIg0_O6u$$cUN!z>2^7h)jHPw_3?oK!t;w?u9t~}4}em<1D;9ha2eETzs$S#Q%~JZ zPl1Bm;kN6n{YDscSY54|+>fN@+~o{7jPRJCw*kl-smkcZe;8Dk!@w&=d{(r1a}?RG zBf<_YpjPW=bv;pBL!~RVOtX?!fsz>yiNJC^ex1HT;$XSntm_PPatQA6ZW5!DTh1B8 zW@}EUOnXC0rC~5>AmBxZNCT5USf4Yi6U zdgp5@E!9yxg=y=TUcW7PUeI#WTv}Y(keXSArPcZm&UAIEA)7Du;P0KpUUZr`3;qG^ z;OL;-VeM|=0g7j{E0-&^x@&i@YW&q;a=+@L>G>=p#I!Vp71$PD4;5&9AamcyrMuDQ zQUFoATKnKW3+Y3F)@4Qo$YR<*=o$xm!9a)oc|lnwVn~u+;3lR}jYtRH82@zABK77`kxdR?*FUH}|JcR}C*i;Bo`4JqS4R_$9*1~6(SXJfOGdML4 z>s^MChcccO=dQjJW&c^957#el&!nqPa-;ap>{lN!cw3ssI^xxqvtP}2JN=;!Mr+H?UKx}>uq(G8iHT8x2fdv z9$fak+Z;Ee-1$Ra43(hP>C4gBg&ikY7G-h0;_Ie*5l%{F>&j!Mp?McBcJ{|F)48t- z+)1Z?&!6a)di|Bkb*~Op_`#MaErce6dxeJ*F5|`@a7e|`9wmMeljzt;gGeYb$LsFa zXu-r59*(SE_7Ntm^1^W#C$g;ZxN1jsnnxqQq?|WmOIa%myGbNd5Q|(Gu>VESMAjoZKqtX(XW$N~+6B2NDtO-rVt6f^ zt6$fBb0?zt_Ph03wE6lO^uY5`?vFW&&`fU()#^iO{5{aZ;*eiv+|Src8+cr#O1Vl>CMJ%3NCp((^yent&*`gr_PlcBI#WT-tx`)8b1>h^oj&8V1C3LD_e+f z`kM6?BA9_#-^d;Pg}GlnwwmdkhA%Ae*KPD{z3&CPCGIT3_?w_A>mp`(*^kj^s(T=PCJ8q?FSjDAv;_H zp<_F@WYfk5fV)2TKuLs0K?F6+v)K~NM4f#(|i3QQig^eSUj_HnA{ zm|*pz%YO6eFsu8i%l>X)9DyIyfW|gKK}-V|*8xI^$(9ny6@pC{p{1=+*vcjaTY2xB zaD+4^Ma6{tJ})jV)WGW^I$aTtUuy1}0zgtIDbi{MiUl4r7__p;rtYUy>;9>_|5qywq zO4)a0$U8&=+M?W3dRdvJHjT?JhoAmWA&r=ZX5CggIoN(nzmTr2!`v0fY^p1*8T^z( zn~x9C)yco3Tf-kprBVp@di%G7n*m60C9yfsu^0N7j2Wtr12t(4q)97=BC{OnPL&zt zOSsnVrJCZXQ>T%7KdbYWa02ok>2COZ(C4IcxEt-Z;IhyFv1 z2lwnLRKvz!y3Y#Bx+b}%Ay$+-V{pd0HvU6TKW2IP?BRvWC-4B`!(dLE(?D#%6AQ-y zUl1#@JixET%0nCRMa3s}K1_I8J!8wzs)8R^Syw0;wYInbWBEa1MMNV(lDlN6k7%kw zBhr!`S&B zf(OtsYweKHQcF#C^ov209WE4wm}@(27!T8*C(n=@%d5FJMcF1nf_jE{t{^sCFw+Zs z&*d3{$+V}cvP3+Ln^7g@k(o_?04D}42FpF0JkQ#u_3BKRrAP8}dpg7gMwp)W`}QTP z$Cm~|yf@)e03XRFn`rdko8`GEd5Ed$lWweZhSG4Mf}p@w1yrCj>OEZ1^!is1l{MX6 zB}^?Oj)T!n0}(~0_#nm26K!{adahADL13V${yIaq7TIS8eh}2Jr1#^P0xc3H#dFnf zp*7Z`ZbvVA@Y!e(`8-*htXo7_NFtn&t=X1wM2(cm=I7aj2~$%g*u5w9qySS)may8s zY|tBq6eJ8w=Ab)rj#bNovgm+o<0hXhPq7k zy1PlWoKZxBeDbwea^0vJPpcA|s)ryFEA5f!a>uAZYts(&>iR#afNNHOHXCS@imth0 z1{{1M7$6|4p4k3ypLX@yQ-@&(j@hmU2Y^GadfOf)QTHbTSip&CLZyTNHQTonXP2i$ z?IU)Vpwtf~uBvWrrP!cipL~P9E|JRMiNG>BXHo|mDmwXV3kEcxm|dcqj)JLd>VU}Q#GjL^`3=i-1v&#q1@MQvL5b+ zk}j=4l4foBhcrlvn(cS4Q+3slC_#dEUa(T|{W3b*k4li*lcrX$Qg;g$?zhsO6`8DQaZ7Ofm|lZ<6v!+-^>W7FD!)p{S2q&3@Q1fM%~MabA4I4@q9<+y)XCW@Guz<;U3C! zfxDOFcaC~V=HbW&hEIeT*1-xrM1E-pS+QsI@jqc5$#(F-6#(BW=`NF-2HWep&6R+P zTZY#lC+G1fT~-rgdud3Dy$Fc7Cr7v_E2dvD-=19IS>t{A;6f3)(v!64y4*qU(y)or&q-X zCl`1Tm#YvvCVD=}vQw^Uu)2rrTh2|l3eRD|v1(!v%T`HB&yo&K-mz$0v+C)O%t8=~ zyF_GE8k;b2s3sU}(Bm_aPLpIO}+9$!1S(~R80kLs9i4=?TX*P=T&HaCBC|Ez9i zv*jnTA5~9up=F2cvq>UrwI4B> zgi0*SM%O{Yr#$$ysJpoRDyM~+SAo^EqxOzU2Da}qo$OivKsGyQf8Fs!p5Svei;vbd zs=KI!0k7|i$@;dOCE7eGbh1P@z6;>ex*J;KvNEsPb`>1+4+;2oXJSB&L~WLQzZ67x z61H#p)*!HS}d_FRGF_{tJLx(wkZ{oPSsr@y;#-ksc?^^(vXNw{$^s&iFbOvz|WJYE zOQ~Q@zb&@g95A=T8z$$4lxVbbG?G2$mg`9kNY5Gs|FrIjiY%TS#6uHMYHoHwS^M3u zo@D<#w6?xm8x;T7D1mFl<^Xc*Fg0W=>BbllS5f--c_*zrRjlqp%?H`Mp@k@*7@ze1 zF0nSLEtyt=PjhxwIdUaQ3wc^LvMuEt;P4QS-NiVrRJx(GVRQ6eYb=ls6wdt(lK_5^ z?ws+ALM#LAle@p~ge?uCUJ^4JtRZTa#|}tC-LD&@skIHBi!1W<%Z@+PGcv>f596g302-l#O=GY+6pBpPn-tUoTfgC;M>h74OaRHYX8Rw`8BjN99_O7REf z`V<$!XI}=6s^yvsRMKtGEHN>njqI_49mCphSJKSEuk;F?Q2nR~-5vme;NwWRsC#75 zsRn&9iB^S5Hl^syaD0$Hn1E*6q`eW!D(Zl>s+GiBB%Pz=LF>(iGDC2CS9#SU>O~Uw z5F?7ha6l3D;ryDI!ve1?m3k4?E!3rxy#7JU@IJFYLKeI6V`P4+{ukl7&G$_f*;*Q9 zamU|*#*`FKGB+(_j_;V%xWgOK^Bk>LtoVP5Wz@~G`>2Nd!;Qgza|KPeStq6&dixDN z-!eU~qX{M1L(O)VszmOt9Z(75_d}lTJPq~}nDJ+t^S;+=e4QjRon?G$ihTF((v;IZ zY)(bE6%?8nY);(@Jep{Ire_b>`(}6K$F-sugN@H11QsGm5;AJVYDl+ajQ8X22;W8k z;ivUVV7dE&mQ8QeO88n0oSPx{r8o<>!*_g9m~0W6>|l&(WA^VBI8z1)N%dP8IayPJ z-`R2!fVmNEHNVL^V;}p(eXf-gj{>||Ba9hzWANMJj@WmI+psX^vsT32_K;cJ^?P`d zMSHui?crxH9CpawLxk7l^g1T&%LP!f#)EVUHaxW?Oj#jRX>aCLrmPof&pK5ElW_0* zTLMVs7`VrMU{n>^Op-q#>*BIdc0B?m$>T5?wwcq#=9#iu^(9y=$jxfVtw#mfQb%8D z^ED?1d$m;OZPEjPTCnwW1MmSX?wZK_jd_}V z^fis?Q`>wu@^BEPKcrM>6gx%Wkl7>~wDKBhmw{nR-Qe6mf86!6ctcf;>=K#D>r(G% zetOxVXAQ?E)xWUkh5x8eq6^hB>VpYL4iLMJNYEfg44)vZU?rdv!D@xDiVJB2ILiHDQ)K#=k zd~HGHmIf{TYS{VB zQz6zgD-t6+_B@IlS2bfFIW47^@A26ExE8D}W^!{Cb7FRzbQ*YsJ;lW%)zbN+lpC9!98!~MpK!1_1l`IM2$Bm7~G?6 zQDwF=o6h|m9X<69KVZySX-`B^PBUiwWwC#pt@u}hb}sS~v?l##xzOY^!WfG-eM@i} zO4`i)by>kI@o;W@zEy3oQe?~xgt9PQ9+jR(Nj)7?8x;OipG*fvNPggqcJlIpgLpp{ zeKGoZS!#AZKo3{RwHZPI0dMPo;3r!@r;gxsAH4$O;-Y(|S6@HeEJixF6}hpJZ&)1- zOxkLC2!v=tk~)cD{@bUEv)~_9t;ds<7%&;T*)%i>Gd#DY>u{Fgqo@iNZk+99{{Sxd z+=%DdaX>vOM3bAV`O&24JSDTS*pwTcR}=r}sm#f-pq7F8s7`EubQb#uO)~#5n)Ku& z;G?&yF;i?Eo+#Z#OuKp8rFk86{FG9#$ZC)b)oFw}UU z1F;aTK_j%TLQ9~Z%CA30%E*9eNphR?RdpH;>Rjt$^?-A^)lv>aHH+2%V?j)G+5R^G zH-G-ZPDSE^q06NOD*$uOL2bB3sLMKElrq*J9;%taR^N~#4+PhgPEF8qF`>r%IDPEN z1J4)}V}-&NXrfnzsh);=*AY$&4(Ijq!u)i$Awe^U7cYR0!76jyQUV;Y`ISW7r5cGz zY!qz%9GJ9FWJRm)Xqwo}WIv(D8i5`rfX?bIv2Ed6G{RlQI@H>Rdi$+5^lmv2m)_c4 zY#6l)>RcV&rkqvx2D(;U&# zrECv78_j~Qz0RhM8CDt4nKCmv4B{?~LxcSl+A||ot6$4^KDKQVT5B}`*ECyViDsI+ z;r7S8zh1max=~wax(rqpZ+@iS(lk`V>cdHAgBBaAFQMr^3R%055F^SXY2apkFpQDV zb!g%=HGphJgaAg_tX3!s>QL2k{aRHFnKGxKKbT}D)7&{N z`GS}3_s?J6YS*1hp-13a>(?MKvaJ4S?TgTD6y8q#=3lINeduK^z@hk0nP4`9;9D-9Q;u9A18{=~k)N(QpV)ri=5)bkQ_jm7RGKjZRM@0j9MZ^Q5~;}<+DvP^RZ zEB=U^Q`6|KFPDN|&eWn!9Sy(GCXe?oSO%}LW|Skm@}B*^1@-s3nC82! z$SXLkibSy%4+)WF2aU3uU@eV8fg8^lR`>N&Rtpp-1_qU|vOEeYirs6F*aKkI**`hF z`*maZO`f%5=HA%e15p&vfIBWY_}wnQ2eFbWrJmD~&8v|psRR2#`bFdq=1cU4&U%@v5jMpir@M-w|?uE-$r=O59TigoK1s%-*ld> z!?0wzWyNjV-Sn_^?H2LRoxKwb?*P*r)+|YUTRs?jLtSju7k&S`6G+U=WP={Ti43Rt z2v1RvdGEvaw$7ey`Ue8wK4E4JiAT>1XJ7lkjv5+F23&m2lQE`@gpcNS&D6H$sC7mR z?!oX_?m0_wmn}m`KF-!xeE(v;n#xJ0F_1o`w^F{!J2};5?S}i1GdNQHq;Q7-&fKCr zL#umI##HZGcR)X|2?0#c2pS3>`Lj+Xw?ylTfmrej26=8+wxISoB#nVnZZmMS`OT1> zr$DS>D+e4pl&jtS#m)AS_X~L0A3Z&a_p_N!+k|0wu%+K@R|X{AxgT>-yr}A9lrA`i zdcI@UI9+m_QqB8S@8K-)iA~z?YU`BBPtF)NzW(S!0e8gS8hko_x7NAiURa!24qWz7 z9$uz+dE+yNaX|L6DDblv!xF!B@x&rPgxw2hlqgJbp!Y$L-xBjA{(vOE+UakuWm7H& z=l`SC92v7n>|Jesx|r9PEx7bOwP^<#jH`zs{;c-{{|KWeE;?ych5G?fMW4QK-1zBN#rKr*yZG`xTQDAm-B0O`c?AJvFw&_n+|U?vqc3Er`oqd6CY&0$ zQWP5n-GPHNQt1L+jI;f6uOd;W1^dNb0lV!e#x)@jux4I3&dXuW14le^4p%JeK9T*c z;cSB&^0D82gMWWViXKLa-ouEDID+2#LhcSHHc|VEVu~X9BPFl1TdzO7K8s`k%1Wkv zxl?bSwHZHm&TyS=(iaa3*$@kG~kB-!D<35dS*GlV(NV@m?gPzFmP*G%WCGOM`vZ| zYl5G32(`PfFagq&$gNUw5mA+3nrMx1vMxFt2DT$xq2(m2a%}Mzo9|LmdKKrqd=1Kl zEbue6zEAioI?CryfXWHh6DaAl8lqJg$R}yT&lfQ{ZA(p-QH+_ktdM6FwsHJ(D9jIG z6T+S2pBVcH)Sv#u%#AT?zsHk}H)Xg5hxT_)+ngc8C$SJIN`UA(HHL)>< z1?~2J2u_xN->GJyu6U-rN~kZGKo7c#bW5wfaQ|R-#ObAt5S-SfUV!e3v-v|a!u7w| zIjw!~zQF%F1it-!y~+QdM(MBdSlQU#!BoXw;UA7pAxk?GOFMH?B~u%F!~c4cH?lG{ z{-+BlOIcceK>_viQYLLGk&BQ}KB<=?GUmoF540 z8oN%?{7xrj=99O_227b=jl*%*y|B0?cZ;J&gbr0K!&!lzMw{f9A&duWnnhDB4qZ1> zS;cUe4${iSQl13lXhSnG1<%%#k*u9goOONe_X|+Yt+0ez(Gz+YDBF{U*+N=PQ>ugr z&-2<^b>71xl9v*4FgM*{jg=TZ6bKxj@PH2*K|QoS5simKUd_f(rFEv@jokbUtWuQU@V|R8X9E2%BwK@Cbp(>V)Ij(V=GGVy2HO6 ziRCxWV#Ml7s0rx5o)Ci}COqj1a3u4>G_3@mQ;X|+NZYBy_UPp~${z}rqA03#WIGr` zWnlpgpB1}P3(-OKQK!5$)Se@2K5I|xdK73-6f9JG`#?+zaxnpf44%5wVFkwjZ7gnPVq6i7maf~MdGUn zR{3c2QmjZ&aILL=$|0LS@Uq{fhQyu!8>I=+TMzTYlC#S?!A|G zJ0oj&a~>NN#WrUwO((77EgQ7$a@GoO;Y0e{^DQMWdVMv?BrP(Qv&n_NgEhYYb|L}4 zPAdHyBnZgc-?Ii{|Nj7{;ACmMU#M@K61wrtOBJiux&+;S$d{qa;B@h+HFp zES3KYEnO)$=#P+RTrweD$$T178juUcj65lim|9N(RYbvku`qNThdO9iOPB9W`W@!g zV8c8{3uxf;vg&d8rEh#5)l(geyq+6`e zt^w;o2!ijoZ%ERF%;z5ncCWOP4XonI7j{(Rh!g0K<|>6bbA>DWJXhRD7M?t!j%jMd z0#hkrC1P*^A;TjISYbsRt!e|%a_|~u1!pLdP6y(MuApjR8c~SC_qoDk<)fSCm_JBm zY4B3&;xiTZ+S24uVt%?s4#5+V|ksEwLn%82+^;6;fs?D#>ZX=yM^PE_ee zdX;t4**2lQRzRq&g~|0v{KfSxBV)=+Z!1 zLx96vgJ%H~^OlBy0iWz}UO0L9JMBz?#@Yx3{kQL;xI*z`?7wBvmT?#3OY%iUomO=rxHOLitAFt!O*>&O zCWkA?GRJS^X9HVoxFIFmjqEdk4X2l>iyYu1ZXT#w&8X(F$fU{N<#ZlVNyjAacM~ROQPrg@@%z|!B$<96;95~ zPfy5Ax{wGKrdz?K;ys&HDt>P$6gA0F?1APNgIS+~%rv@wvbGd ze6V3hi?2Q$IUbFID_;WPFY-oDt1BobmEL;;o!v8e{$?%xxrHT>os!kCpv<`#OYw)L zj7Q4(yvI^=k_#J6@)rw?slT!M6>f;oh*UBQJ9Wf7QMR0BY_83$%)_b2#4_ywV-~dO z-~IvumtHjGP0U%U^>ex;I8z?E<9Vb2ZC0Rq#jIlnVPb+>uCG$|ejh-jrij{JL@HrD z(r|%p?&aG(s|}+{%l$SNH7}L56V{j7N=p{mVIVElS|t~ja&39}wI0aTUfwSRjspGy zA)f0Jti8h$Er(2TkC1`>bb}T>*g1cLO^ad^O4h{Fgd)!LadIgZ4VgH%{K#j8G+_;^ zysWAb-*hR~ECv=Eo_JMKan(Li49AvV>5Oc-oD)#^y1}_x7cL$vxB`o0F~M!OE9eeU zhV#Ov4BN`V;$NDH!RmUchcPjFJRtc$J;P_*0)c3lK_OlDka>-A<$`~lrDScapXoIs zH~bJY2IkhP?lC`>+uo%M9OGzpi;f1x8AFl9$d&`bXt%45vq|~AU7@22Y-j%nqh>7K zQ&PFF3!>5=kg<;wv;bOm^vHs&t2~$(R2aW{5<~b+Zi`k#p@{@CY50u}P?s1R-u*I2AFpkm+e5uj+`P};@d2F=pE6kHYaz>){@`dxevZaD z5cKz;%BgKP;V?{>1Ef#BoS$zXL_f)vw#kj2!|4aLCHAbx9?)^U15&Q(^m^SmLas`C z_*>a53iFDI2typ_u0+5jqm*UUwrS;*gQ!Q8uu(Ynns%jf)qHh&#!Vu2RR1i-sp$E- z$bHg|c8hh8cCak4RD%$pAfnGu%{+u*c}l(<&4L$zXOd*1*vp2!|1Nn3%gw`Q>hNQS zxrm-_%z(b{*J&@;*>y=%J96~QmgzjG+8pA(WDj*aIU`wxxo;N{1szm6ajJ5ECSeba z0l=%@0IEpt+5eSmw}MOd{`t$ZTmG^*rvK3*!}QPfL`7SEK>+m=QVrU=6)Kb%S~SJg zO%Xa=9Tfl$L6=e!I53=x2aG7JPXl&#z8ZTk<%r1M>k@Q);_s!^`6HBIW;D!mI#0QE zIj7xyzMVCLR2k<1TuazvnH@pkU<2${5A`Uo)Y)y+#gLk>I3h&V)duQxRGcOe1_}r~ zeKp1+8CeHR`Nv=r((3KoYgw^pO$cpw31xztTz!A9eM69b>^p69F!t{}4DsceQusYy z&6*2Q3He6`SBP8KcPkn*T0M~=iQtVmeJ_a&NumnDw=Hd*|70TiX16*PRhj}G=a|`1 zWSIG;`xk1v6g;d8iwkM#O(AbP1EZxQ?e<)N+OS$HbB`XbmWTI6@u)1zaX` zTrY_5mi{|q!MlSjGpf^+onl1ooa&coosQb=H+{GP4d1~Y%iy$+Vq5tWIj6Z1;_A1u z9>&DCkn9DKDaMAYc%8D~+(QXLS;?4WwPA!oZ&zd0l7ou?pm-aP#?ILCTRLN5HF*E( z&*RECChEenVAx0ycy2G1EY|c0Cbuiam<8Ozh`KTz$NA+9lx{GBIRg=2E*CJYI0Lx> z)04Co=)MUtCUwU+=u=g&9YsU%r{n{m{Us}8P{P>8R5c^(R0L&q9Fi`+^AFgdbZB=} zfYR}+F8|YKt5J=`C#yd>l!kUjwjgWr>2V=;{5|bQ)V!YbTu?8DK@c70G;$Wv>yKFY z>u*1N+M5~~BasMSxMMSw&-yD2c?Es)lIU#wZS!8pxU%zxJ)(^-Is>W=7Wd%l+#Yt& zovyOUjxAaDC|50i4kP;#NIoVN{641l6=Ux*0NDa^G|bR)#LN!-&^C7V(*tvLhK$A+ zgvLk!q2FPyq+)LIw+<@^BCiA1$tv+@k>Z40o}sUUy#3qOIe0(yw)9_7n*A3na{nWs z{6`V=*YauV;9_ZS_YV{$DUHg33L^Rpc2R|fOXYQ93*GR88{q@bZLo@OQ#S5=jU>Kos|%X*7e(kZ8O= z3NF-1!BRK-X;2D5P}Y@i7dR;&lnKRI>5aqNUjN*OB87~+DbtcfBGj+bYC#i#IwxuJ zR}G0%Zq<>o*pL?wH8Sur9q9w2gHZJ{5G$9&0?i%>czQ!L#AP{%?4d`!KD{Thh;Y`p zlvtAn&yk!(wtqqz_i_Y|FG_x{C`80!QEt^fw?aWZ{w$k^O%{-NXgPCDIwPwUE~#9H zByuAnbL0BqtXn0{@!ZLPdzv6|a+V`R#1Y;z#}L6rx7@hA^b)$1=DGJx<)_H4o)^-7 zql^XYb+~_WAp+_T1#lr6{KNbe*cp<8uV%;N=O&Ts`=#PpVN=m+i1nW=OIk8TfB6A4; zG$r64V^yhon$K6_zpx}lx2RU$6iljN`=sb*o8r^lZr$Ft23*@{TH64wimFR?J6~oQ z#={~$J~@Bvbed1`9&vBIe12Uy%5Cznykq~eJ}Li(nxo(+9)!WycQAYTC$MX|#@ba| zy132yKv>=d3(yHP-}uKF=f0{JWD*sy&(Z4$t3#9QmFbfjGt?W8D>|5UZ;Ew6ij)1?m- zGUiHZy656QM4^}D0&1EDQCKf5Uf=o% z6m1P}DyFr(xzQD+6mIp0M!Qp#EJksyDV|MgYCyF&x7AmX z4-Y0_3nZ)5A}*>ucW?}AT6ELyicOOF$kz`Y1!%HTQ1e00A3{lpYqcf*(|XlBQ&}bVAAucTnUbR4VTWWXsQa5%*(-$F^*semKveZq+-<^{OD>h9t95*K+=@ut9 z^|Hn13C**zsQJkIdMETM#m&D*Se4R=m1SrHrKAgNh=3{KB?{VMR$;Q4#Qucm_xTBo z#mkXcSz;=?Gc%RqUf5)8D6^kxYcMbRHwGZ>v-yNoc^H7c{rd2RRANX-vM;bgZ;EhUW{c~SmHl<-~JR^fAv-7Q=J?B;L|7aVTji-kgls3%STuq($$|z@m1CblXcR!4;FAUWX18+hl?=VgNxTU-py5b0z+2S z=+3H1Xf2p3tF-7!YXkqZtPb|(NOx3kPKLU=o}inbi#saxnyd1VOK^XI?g0{D+o@(P ztCBQ1$P;-Bc5ALlf=U;P9!>?T#(~hSzm;zaMlkRLD8R2FcnY^8sI!L@g)FCp6ziK) zcqP(zsZ(_PvzkH^#MIra0?#ea-|eNsTIL)7e*Ua@{=_wO?s|8M zb7Zdu)klHhk=OA21V3zWEtESmy}B5H_}Nx~VnQ;X7sDN&N1u zJV*l?MXZ=^k++Z3ISg?Id56QK&x~;mSI$Ai!L(YleB3^#OTX`1K{I6SuG`zJ>MbtP ze+#3!nc>1c3UWp-K9NYj|CJlgk9>c9nry1|%^Sm>@)-r~XE=Kr0Y>~uV6`RCGbM{z z3Ac@#bsQ0z+4^;S8YVA4z5*~61FX74kv8}B{w=TrBDXt@_8t`8J)j>2DHV+($&Q5q z0pt^)w!_}S=-Jw~M|&3-M7VLo3S$()@CKp1>nzx>(l zJs2gzuztAWLNK^N+>UDPb7g}77jsMVgQ2P)AE%3uH zoW*E4+;E)kZ8d8<=|nTvUq*{p+Pn9c(QT|c(Qhf}7Zx<-WP;3}Hpbn`e5??mp$Kn! z)aab`lK&TD?--nE7;R}M>Dabyn;qM>ZQHhO+qP}nPC9sFcD|lDGgIH0I;U!WKELm( z{p`Kgwb#zk+JkQ>8%o#Ltk77*>5d1NrGPQK{!Xo*&x4-G4o^ei$+8+{uB2e`ye)0f?uC@akyPUS z$p$uA{m~CXtID41=3U5f!%cRE#3Ue49g&Qa{|~dWS8E@f)71%Ux9{y+r6x?9*%&Q0 z#S!imZFWNE!-&4wAvC>0&h^*tTeO88=h1p>qL4#-$-Wh5p+s+6`&Ges`%&+c4B+m*iMkHm(2d^5>Ht06rW!lNLccaywJ zD2pKTpCs;`7O|^L=6AG7s?zB%mypbJ(5Qx#XVUaIxXo`D=BZ94Zdn>yaTrg(4-lR$ z3wfsyA4O`D3@6oQ78*fn!&2{LH_pr-7Kn{95utVyG~%H3m@jwr5YO{-rgcQ)ipm8h zejT|81!%tPcjGOtaHjxQaARPCH)tS_cP@g|9co05*9TvS+mt(3joCZt(NpyP?<0kQ zQkq5AuWIz8gn>tz_+UNcVM{y#-=^lQthY+;UmXUWdQsg32p!4pLWj=8h}a=ZZEv9D zwx(3dXY>A8gG4h*4W~5&lawdt*}Pxg8KDFcgNB}qOY=Wv8y(CDguDA9WZB`6hJ*g8JAt@V%PWP{ZZ4Nqva^)+5tG~kLq z(Ab^bmO$(6c>^D{tK*H0wg4b@zCf_l)n6A5{xTR!9i6tA9KVDxe-^}^$8-Kx74YNf z1~Y;iKCm2B@&-PwjS|fRz2J@0)gQR6UB3YP9ATD;^cZ=+m5~U4?7Ah?4z;E@7VF5tn#R_+ zX=g-$`Y`(&SPL~rrNQqEvg$xpq0As~x!8b1VsLk~9KdON4#3~@MXPrtY3r)tAF_rq zqKEBcjKIKK>KQz*GtS5%S^(-(bjAI}@IX0kbaZ!FFnPbYf@{SvqvTz<1JzA;wgBHq z@sBa4#1vHcBI=W|az_U9dwbi5gqgXdbMX>QzA)Rm^Z?x*kNVJ@5tOVT8j`Y8fzZbr zYKO+$5}^F8+G;RO_?Pnt$}?ymXCNQ$sGekRDxp29^5+#v-*kc_fIvK@GaTt?l1Q|{ z0_cZz=AtNaIdU*F=%5Rx)8y1Lxj{Lbn0PX>hWS93G}j^ z5pUX1Ndn_$PY1A~jwn_^1e;Rborgkv9I7dOG{fkcNd%=B7pyLLB??!j-=ZDyU6TeA zZq9eGw~i&xCZ*4e0q~5WBpdMkAqOo(=01U-o+AR_z>i{#D0$8Lp276#lylO3p#+_X zxkmV?kLl+uh;+|6gj-r{BlrQwDyV>maLW=kxMfmyPFcffc*O+ywY~)V2)uyc5%R?> z**A7Mv6Rt4_00#?e#F&i(GbLqk7{8*D4`Ncl_y;pI8R|w;g$vM1_^~1P&n81HPE?#G47(K`U^5lbOgZxVYv`k(Xp2J}nj({`d5TXgW(8 zje;aiV;sUmwgsBof|ZLR-_c5dpH{T@CeSOOW*lpjBxX|ii+}3wyh8P;D;Ka4NG-+a z$cE-hii{RoSVCx7f;&h*ZQ+7o~IWf=nY208`e77jjwNt1$YxP=z~IrIbI zXj{2_*&pMjLkpOsfpz>awwisX?%H*c{-#4YfKCTu_FhOuk{?vM<7C#!mkvvy zD1lvIll~^#Bgs%Y5(tVywiAdArS%|(p$CMgAlpAPu6FL}9O+-dQPqx%=~czOopp6! zOo}B2^kPDE$N>HPMELMDv>RgE8$j5fn4vb4$Qh!9Z=O<9j$s6ApX5$HRc4>9|TRl=+_lGSYzhd{-9pZ zsuczqe#tHw0z$ra!_0$vJji5sGx63@BRlej&%t3Mwg>^qGT{QgjH)$NF#846T4a3I zeJ{Bqnu6Bh&HPV~$8Zc|D7UBGa37F&H=C|f;v`uy*aWJ@Em_?k2qq>~l5YF$$4}1_m7a=9=@{V0r_V33C$BddH-jX#xH-xbnqWb!1FI{fbzdmY5voi zw5p4x&40)FR-?+)Bty{QRI-29`rON~8#l=^ zqqvhR{*C+#^DL~r?flf;KY0w;g<+#xU_Uo;-}9`W_ulUR@qM5OkazHh6~=5!Xh;-^ zGMuyJR(j&Qu_$aUFKNb6NR2RPz!|c^JoawQLxNR*Jca0)&t*@CD;HXCQqOZ`vch4SjR4p$qfgi0OeefQ$wg#VG7VWZQnt|`4V(ZjL5_k%65jDKj zhB=0{o*zQbdX-s*A`oKdrOJWhR)^&r4xO9$5KLNo4us! zddQ+PGfst#I61mAM0w^gIn)yiM$1ea7PO=sC*9D>c#=BJ{d!#*QN~O5TBW^T%c4U` zfD#v40c1~Xei#*7?Qu;x1dIqvf@%m@fNXN7^6x4v4K~7-)@W-mGDfp!naKeUHPi_y zui|!MP8Fcc+rWq4YrMBhxOvTszLmQPbbuRn@Uz?pA$wp(%UUnJdgWf>)^aYd(h^cK z%_e0Cnlr>){_>`719%p6XEOA+RKnD+4#7qu8yaR%D$C!zaI+n%d)CTwY&JQ0dgp)Y z{T@$G}I?Y`;fVxfg-Md9%5r#WxbMxSEOYvJ&GMPP0yJG&bPKoZ>|ReqcSCafB(jH;Us@~&_QSuMCZaoqp zKa(sDKjrD`z5lX-kzeS*o=~KWILEDN_=N8t zQ+c}Y2q2;t5aGY)NA;2q-N{@i#*-|PSo_6K7mb-BoD-0);}_Dpucy!kk&;Y#=GA+C}_AwC%Q3p}e4e0l>}uK>X)2(3gz-wG8?%%Mk9r!P7-d z%?w>_{x^{RU-4hH>ekvQ;;4S&31GOQz@r}RsyL_`*4EaMT6J0$h-3jvO53LH66hS= zj^^l>qgyW+t@>@e-wOl_{woZ=US`P|gc!oh6!W)pr#t64?s9)W&f^7ucLo`9IRnst z)#5@djybr@YPHMEKRllOnaXNF6W+F6cVE>FOLO@#qS#tAEJ!{^AI{R0T-X5p43nEP}=3v+;)P#v(R`J4&xUC^Xm))aj5?%Bj zrOz`jxz9Szq4i~DO`6~?a1p*#IS4}2oPG%`=game*(qkAtd7dz3Z@4Z(q6T9X)<8*Xb`nC{4l)XLVJDm* zM$2f-)FMyRD0A8#z>aI?7*DWz@jr(%p?Bty2yuJzpo&c1GwW zMnv&vz#Z8p_jbhB$IKwg7&{+Dc6Qh1;2bN)bvk| zFOk}8BDU>g9Pd$va9m;QiD<}q`;seSrAQ-c2zsEODWeuFvA(HW*rKw=fyRh2h)9!{ zQ}Ia}uoJOh9@33vGgkiyAXE-X4jMmfuC1qRI?Ii))Ko4)mFA&sr~NgQfpSLBB4Fuqiaia_^0H<8S2%nr&GpBT zpo$LCVNdJP<PA7X zymBS_YG1k>)Ks2g?>hRFXz$hGgfi!U)ber@G z-E^9Nf~4*B$Oo|V7SjiX6DuMzu`C23YU$wMZH6$}*&RJPd`aZ2QS7+A$2qKHt~Y!C{wcKwX9f z;jl$#nSN9`g!3N`SQJbW&DkMg#+A;@_Y zikd=@lJu8}LLqA=EpZqpJ@~c<+R!nAP5r~KPp2i9n0^I6tPGa@sU_bM^YW3i0zWYS zxkfsnd_l#*0|9Li{WsX9u%V63e+0g&nL1gTSsEMu51Ua?LGmAW`9D+FBn<6LY)t=8 zE&_}P?yBqG`75UC-A1}KLT}*Vtqrj|whc@YEQ%x>!^2iu?Y7_S24dYLmNmPXrea<`&(FE%hGHJ83`wm;Qif-e583^td5Ut6e#T3u(Ywr`aev0&hX0&mzBUscEUp`~#{v>-IFXp5y}`#j{&g z6lsj)!WfaxSWh&|l!Rx~`YX;ZTT2X~sMw=R-Z`f@Ef*Poz0`=u4UyjTTAPZGY>jTa zLmb<)ysk8a#GcC0MKhi@4|!>~#E8P{?W+joA%?`cJ){u^3anf8$tWIzjs;iH@8T@N z@XB#;DqisA0%`YV{r!keS!8A~%(C3A=hCD8?QFTh25qC-h~NW@Z)q(eLF}zD8Gp}( zG_OHSjFU2$b0Fzeiz#2!W@9R|a*fe$uofCz6&F=qhsT?s@S(yi8`_SfB~L!sFTJ<< zV4etfXp9gZMNQ(((iJS_ia(`|yR#6H6_!e(N8150Pt`=%#N6{aD zoA$yf7?X;mB&{Ww5mG(vUs}U5e;D|nM#C5~cxT(HaMoJPtrZBNHr5Edc`qd#$uIV@ zQsU@t$m%n+ykFsbg~O&q;ZF287QUWOIhF9jD_u&+*Y4(AbI&R9SbS7qT!lL}-OVEa z-AMj@5@82N6@!7@5FT{Y-_GXn^pv;YK^@_UchhjCaONrHMr{;AGp$CnD%O7#=H&K0 zzWUC-K;rE&_X6+06XuZGh`gTs_9SA<+xUnir703V?D?1oA^}ZV#jKbu{sk z!>~bhh%;~;wMTSR8^Aty!IEw&x0^WGHEsen^7aFoz25@wJjbH6eE108qdeHH(xY9V z`u$GC=5Naucl*$;vjun58)7ke(O^4`j`ZP&Mlg_!>o*s3&l4{jmGdTidL*CYz*)*8 zxqa{aSDe$BiCUV?xG#(8%(A4FsPG=jM`kqt;8+Kii~dtYYz238?AdJe^2;LLf$0+p zEq_EgW~WYuq7mz4n2UuHOR6A!j^mNaM{97ITFx*iumRRSEg;lcRBl3Coh$D2 z6vaGOjfw25bgOk_HJa8zZ8RV1cZ^5nDvN3P*+n)76pD}9C>QTAHrE(mmrFt(;oqD` z%`k?QiL&ROU{1j=Q><+sFE8>JsIh!?0N59rvq=G3sHA)(rPBQlFXm-4%whCfQdIxo zep9{aqc|dc9YY}aP;7tEQT0%GsBzR)83o$NIux+A%peC;^|=YS02OL#wEukFvgzqk zWrk%Z?(U2Z!TKYVUdg^a%*tPQcj`y)I@-C=?$+qF`#WgAsw49^F2l#rM#J^VNO04Cv=sbl&?qwb zduf#Z;W{p%j5(x8k6obEZNk%X&Cr`XTK}LuS3}%ZSoO5e(%}hC5Z1HEJ3e8|{&7F* zS9{dYAWVogIvrH7_Y$-2X5p?%Q z6A#0iTd>NgW$84F*z{jxO+E=|2r)$}EPWGdQpC_r7_o1BW5d?2>Hl|~;A(cdjnr8FY)UBtz)k?G<-!|j;27Kdy~puka3S>32w!=KSa zq$1UgiiNH_Zy06n)|QLI*Hn7>VQO7j+eP@xG(;nEx10U4oP8F>x*C@HRiH=N*GIf^ z8fgbwH5}cDB6>?rJwS{CBpB_`7KiJXyHg zwWg<7(7M`1!MXc{J5d-lGfQ+>sp4ok&IWaX(@#$~FoaLN3LA2c4{!&m=a%+hwsZc$ z8iTXcJVHn*4q|Ij!<+T0FB`p`tmieRq1s>nL%eYmaQ$Me8HPH8WP-w9=+a`_p!7n<2__ zOjlVEi?lD)LcvwJCBiqD%It?3$2&FRDOzR}q>k~n8q!?ovZeDK%HFoqqm&E!CwT^f zfz54)n#P922E96GPI$)l*wdW zrgv}=B7iDONeyk^)e$}84d7Qx!YwkyP_a*8g~9K#NutcL8JJwpZNJ_K_Q&|&J@o|V z+td@rFi$IDgGOd6mZg2$4%l>?FB(yXmc|$QIGnZc7s@zCMM0dn@V)zJx3x8 zv8px6!Pkp+nZ1Jq&s#6}1VPF~4(DD!z1hvfxzh2e6ZaDcmjqjEeu9FbLH&5`hP zMv{~@wl+3+1Eb{)O^uhSboQLE8z~U^qMw5kKc?mjyc&p?HUt9CBz3&&64mQ@LSHOQ zp{i^>t1MI_SJTlwL}{xH9~teqJ1rf{alWK z>R}J$cA^wvk4$%L`q0}IS?;#ZEJf*7paFM=mUv0dj%~uf=hy%hLUDRS#Zp{X2a0I6 z2LNi7o(Tw58jZ3AHfSwqfq^d7mPASF%u_G+WAd&!7K>45Na)7P#PI zC(xnBsIl?ShSkMUCu7=IBiY0QW~MA=QRCE$n6y{|)7wKmtSnhkJq#k1KH1~bSV)SpT@M_w{O zEa1LpoxB?A?9$MEy3-}Ut#R3ZA&4FmOaLS+e9Y$)LhTPU?SkGUS6dYMITW?#qMwgF z^y(g!>!QmwFdmJ*1%2fI&sXY_s{k;-lj1XI%pATDUJ`!QaK#uDXG61nz~GfH2z1PY z>=y)i-0%>|#F1?SfOOsmm!3Sq*moR28+S<40kLmVb$7)76_NXW?!ncbUtd7IBfsi_ zrW>QaeCh#LJ0AQe8)1>0SEw7nEp_-0UofuO#i5MmXhM%)>h(a8{xtJ~q__axBNjgU zt`JR7YRRlSFQ_QLX%Ph<1>c%t925+st1-oiuUeFhU6~^RgNj;I!v{+&!R|_ID-1LJ zLW>N5ZsZpzNLPXwqJ1u2kLF?f zAu-6|anJkX$Dk8&FAR(EdYq~kavaP{abSFB`IQXWNA*P-u>2Mp(NzZZHIC{>0dndO zr7QwWTRwHF!Y4WijbA0RLN~75l49Lj?)Z+XJ95$zbf5Cu@{<30Gh*P_W{*N+x4k%1 zbUVnMIj$dO_n(w`$QKhDKW$z87(zw3tH-{@Zuj{xBrw0;fXCw@2HBrm3Fd2Syo~jN zp7uF|b=1P->((kViGT{IOTB>PLcWmT)ecAN<7)DW8d&IRZt-fcOsey;Y9DwzZRzt& zx|)}?6P)9;_EpiRt`r!;_DdoA%;2RMb0+GWxmlr+uc5I}4$qH7Ib~}$;e)QF1JOhN zNghl$#(5;H+?7s;#gdfL-$8RrT70CnG@ala|{%jBZ55D-v*cm(>{ z6LVic3`bi;de0y^{T6j z2+g*7*jD{qj$9Lokhx?cR*R#y)lPefc3iQv#tKt(dZG0hy8St1VTZ)}O0jhK z3vr>bGdk_E4x8#ioE@k`+~LTqtBb7kD75hHvaK_soV$Jcs<_9crfU#-Mj3*?1?kdX zqUk)hK~`&UcHxdl`p^-Pn8TdGE!~WN8@21U7h!X=>q^{QECV-c=9RF)*|I-dwKyx# zr^+{HLYSha@fFB1*^%?BdO6PX+mmZxiGpZ|ktLX6w+T#RiHd#PrdaY0TOuTN$P94Q zl8LG`+?1VS#$r_^8?$7Qp#_aP(kL>ns|x$io;LztjOE)Mc)9^+nxO0VtpV4>b_e9c zfL*umHA@Xx^%r29eYwK6DK?H{*IkYdIs>f{Jd+87{H3nr2X;fH>n-+DKTZ2b(OpKD z@w@eKJv?*Kol(B9V!EF{y&{Y%FKe!^kQb9?@I)6bw9AL6HjvE2H^C^X?K1e@mEE-& zv$=JLV`Ch9G2<>QZGf^H8PSAMUtlhzM~{I7&Klz|qAW17ed5^Y5q@6+F?<9tUgSc9 z#Dgcn-;FXL0SB_6dKQd1GQ5A*U-`{@iqJ(+0eHd)EU?6+b(hHqPh_QX^jJD1nN;SxFe4TveB(SEFVbxi7qtj@@Ug8YuiK%FwTqr1G@Z=Dp?H^EojLPrr>Uo*S5jQ+T1gnr5I*!%rw_+Mm;7w9 zYgNh9#?Y&NmD_cW-kPPu@43~LVxq0C@prc1J8A2n$@z>V7e0q_`!`NzKZa79TYbQ7 z3_waVy-ObB@{IwiVJCJ6bCs@By2AEuw)^{Wyuk4}Ry#!TLA|><-V`r_y_1Md?pcJc zZ*pXq%4D_=qZKq0?<<9VkRM0zvkPzg9~_YBwRN=s&t2*7(O)dQr(`L0H)PO0iQZ(S z{YHDFgdZL+P5fVgk}@79ApyJr!a46_Y}oxz++h?g@%vwS$loN3;tnZq=DuH+NB&pG z^T_%)$Kn@--JusiH($rXfJy(Sk=yyLxlnR>zn_P>2l+Rv2wN%Hc1qOlkj?5P&G zz_$pFvo$>8OMmOHC^msjJmnQ1nJ@_gJQT~mzTf0h95F3Ev0{fqM7Mys9U&Mfr*0x_ zrUJT^iXD3ya$y8Q^PJvLdGqSQq~eW`<7L;n6>&J6QXm|M)h zGAw`%1jO}Um10Sg|LMm3|0T!&Qg6)F@bp1l#rx@-Wy+ofa^%8LK!G z!iEHvgaqp$?@l%ux}D)>kuHdGxA)#q{!`nwp|)+rhIps9QN`Di-kM(fVt1q4`p-d} zl^Y`8#3lGEv6uboxBj`?@B6j-NdWFpSD}uGsF8LNX)U?Dl`T7tl6GtXaI=oLtJ_b% zSe&uzon*#SXVERk9i>!Ms1g!n3^%*-hNGzC(OM&edza_vhEtB`aO#)sC$8qH`(2^! zzU?y3M5}C|Xrrz=jaZe;6W2b)Ku}f)OO!&Rpei${5;&#!z(&Cb#pAMl!Hk@BjYKb{ zxeIcLK7AX?3WYJ^IIGSie@U%lmL29{ zj8uXs-f6nl`J~)d_tweFm$GN7<#+DNg*E^wg2AZL4jElJ_(a>f$EN)5EOt$7wYG-Z zGVrwlDaG(Oz90dU21Tc+aoJ&A%GIQ}9HDzZL35<&q_87BmZcKr*gbO6iU%gN&nX9RWp`|k^SQIBxF|tD}hoPk<%}8{v z!gWBT0X=iEpdyicW$rE(W4;O$$I$gONOZ|nrJftn1R;~`Wsx4&R{I^%lT4S}>orum zAL0P7MpL1_7{CVN98T5TJ|Anpv)HHFjCUD8hSiBwLH{-&lmU0jiD0kb&=)0EgO;HP zDNzsu-J`Iclr;IZA)%C3Jnr1SvdLYe-XJ&%){%gX1+&mDS+(5+*G@s#P(Zj!1cba7 zAq%agVk1^P(Bo(ThPq_8y0kJ9qaiqKH!2FmBXI3Hil>Gd7>sOluOc>A=-xG zY~LsD@fZ2#*i{85BwEjtuqt!Xf*1o*(oY(|E}8CG?2?%aQcZD69hy@P+wIsGB(0(o zH4UmJN6w=5;rS*Mm70`Rbx-!%yM2_Ho*1rd#j=!{ve#qBN$FZ!s4OTXitJUmrHCm{ zcu^fE;g0V0Lz*NdY?z)u;Y1>1ZR(ONf|6#bREZxiBE_;Kw}a6&`DwMRTgC(af-A44 zzJET}+krcE1`S&opg6)a(i-*7a${X|zo#@V>i zqC-Pahlp{MkPkeK@e1u-d4emaj3ArajqkwY+i)clT7C{S>@Wo=}O>@v6;s zlR3Cwax}Fgs&W7;EstU%Mi`APq8cnMX7aG9r%h2Q_MLx7 zxockPl7AeT*OPYgjULVY7{+FZ)VP1r(3xAKx9QKq5nb4Elb%0RINDC}(R7Ep!PULB z)NMyw9TVLQPFOZiYU6Mz(TrW6{wNZz>3o4HbLDp@h!02~jWu~m_ZY_;4s#y?0;Pw- zsIW(d7H%;6=T%D@5+?;aeQTpB%#k9nBFd0DfDKGv9RP=WY%LbZp;?LQYPku2?OQ*3 zwqf$XM3rNMieJZ+B5E}JlcNG8A;|e4pKfoHe89V>wv~P>BPmX3I@P) zlLhOYYj;81M}gGvM&+f;o=u#s*&jbM{X@`zWYg4CX|mF?Q&F27-=|K1t8ub%Pr}9i z)!{&s;l8wItnI61F7-;DlArJ=vfEa3nQiGk^r+ltS51v(GVFaxx|!$;w_o928g2ei zJtx~~HQobowu37Xf1pAcH>C`fsH={f5*0s1G^AQ@IfJCi`l=Zqu;Qu!i$~Q|o z!a7;7X40_b`*o0+mh#l{0bnxXGKrr^xk9#TYH}AiFqLw+z*N*ILXV=gOSfn%E23J{ zPMcUQGH1KCjmdH?ON}HYXwjxok(5PKE6n1ZhRpu7OR($}mGUHGGqupmt|6!GKe+r| zPkz_j7N268(44NcX{_PflnLzfpdESn#`->?ccvX5uf_J=E-6*A1(#JPvJ(3`W9H0{ zN*&p6yK4{ap)={t8Z)OdGS zk<0OJJJDwmP&@pA&tIH6IDZR9-W&w@&wlNa_upNN=kB$Cy?p`oQEv3@Lckgj2HcZ~ z15$x`(Fck>iug5f{n4jpLR3={A?ZiYoBBmd>dClxTWkNtbBO?FNapje* z%opX*D_CI|8kipO1G7{FR~9jd#AJ@Cp&7y6F#3hNI0f}h++l>%l;Tj|f$BRn;Ma3D zsVRtcF&lIl$7?0>8?`V76(iC}F$j^28o5*`P$<(%Bta(#G765Ebn1N#Q@Mb;tN^om zRE9}arkH^vimE8cyfo$Q442*%Dq7hCy#)2N1ettQx_8$F3$93g29X8Woq_1+Xci#=y z41HkvD5XlNuIv+L8VI%#vXfF0BDv|oNH8TXVrs`xp~i_~B;@GMs-D`C$+T!K$1sh_ zWX3zUM>jNCuQE>U8nF}C{|pv1(Y%bA|66e8{I}rD`~TYFs~Or@n*5I|3;!aX+$>H0 zH&qa;*emyo3DynzNs3A!6pS1lTq9y+K#55uG)fo}QPfn<*)E&?TqS)c65^l|(*p<} z`j7@>Wd1j}f7@~X{LA$9G7C`7fEp+o@VFPPs!-j8a%JwT)YxQhHt{nPi*T_jW8BNf zRF()>`mRYGBa|5uE%Zi4g^*;m1!+A5%8KA`R&NBv`wss~UFyk_;2jD*?$mHV;?tx` zmWW%8AT+@8+IwNdGX>+dw+*jzCd6@z`%Td_Y~*qa$+6$F^(Z(y9dOC>j36)l`}>dJ zaSiT}cmwT0!Z{gjO!|eim=k@1SeQba<{cQ?Jxe6alTM!HAM9yi+n>gqVJ8?6H#=u& z^3gtknL(rM$xg7cBa`4v@fSSzeod-!JU9O(n5qMjOIA? zU1B$@ziuTop#ks|#haeAf+>%Ybzk-&*FnS>NjglbUAvhCa>O-v4Vu z{T}89w&-785F8>9knsQO1O6|f?!S4*QuR-FlvVVrB@=41kTaz+5nJt9GSI;-6Rj*gQ{Qirj)2%*%(t7;q0-b68Dbsf|C53d2 z2wy~8^S$%0H_fm7-hMyFpZUOl2E_3q3PpvhwyPxRamSg0{95!(Q4OZt? zYh)O;l>j?qG-0LPcAy43UUg#ax5%+m?B+>P-bgE51Gnu-^I2kC7pO2)|y2}666!U?FJC(C}#cQ z#pKC9qQxg5@oI7cIk~pwPho~|)?iDIju{zUSo;~i>Qigit~)W>pj%_)88Z5~( z8Q0Rm)?>HB-W_r%dm$xpa1x4VcGHbP-k^H2^aCKywwLuhl3kOB-3aF&Wjke?AFK{j zzrMQM2@!+ToXow=iL~8$o6?=6=;fcN?0M5ImK9=))*~JKA3dWsSD64m;rt_ zk^LC-Wt*lC6Z`>!x0tx(j1UHK*U7^Msq}0cs5_C#{-)Cicjb*hGRy7BLfz={NV7~8 zz+VGE;+I-i_$p$;*l0CWNd!gUkE3AA;CZ5g#)uLZ%D*iUMH@LaQZR(I>bv6UBiD>n zgeAo>(vsM+ZeUY!;Vfv^7f`PNU{_O%L)lm&qdtaM z;>t5qmxbyztG6RXT+R970b7+YQQ3OOAIouvr}(?+dbK>XNS=O+gEq|;>gK^z?>wY1 z&oTuTzH>29@4Fs#OpVxL%ZV`Y`17rmATD2V=^cb}>5qd6_&zFU9ao-zE^OUVv*v2@ zD|%a}_B_E?sgu?`K$r2^c%@;lQ-Jx?lx?;GQmAAFHy^-mXaCk}rA8eoj}lc^fNe&k zsuzcxz_8{|g4P}I=wK2sR};~}*~_Rxut+lbvwfJX;rH@~^M<`PWlE;&>E|I$2hZje zj*=G|szE?l$r-4cj1}gHHu%OJgPY+gs;{}xc)IU&=yNX_TPl(!#pP%}LOYe0(%Yz_ zY`;>Qus-UE&C#o$O7aQ213qk*U&&VMKCTfWPt#|J1~=|P23Raa)1`pFf-aRV^KE5P z6Ah=Aa&M4tz0v0#zj(#_i(;7v46bNL+84U&EIy%fN$4u?8op@NPQmy=6VGar7)Hx2#**47C#th`4Cr8RR(Z z4f#WQp-6tG-y*^kQg7RkZe&zRU;ma@U>|~TrP|Ee*iheKdF-X|M3_2zXDj)EVY&YapMpm93j_XYprX)iNXSO zUQ2;%iKmd$z++0+mZoP(u{ttw?vPca`~`nvbV08lpCF#ZpD#0|LsCY{0m4pZKUh?e06+`(z*&JhvckIMd@&CAisu zJI@kZ`IXc>XByXCL`b`g5f^jBID80aw@q`sw3$E?Xg%(LI?noZ!5N1FOOXX;ctP*f z-{wD>P;qLM-DE-gQI|0KWN@qqOW`Q>Z)4NkA#IQ|LIkt)F#v-%JwEE+B>x=5$-ePvkJc^Tbv z*?k9dj->8tUwSYpKdYGfhs&q(&nH%x@TXc)k|9P{;({ZRWL5KLJ`CfIh0D{=s~k-_ z6`n9Axz(0jVj;zGhv;xK%=&svj52MK5-JI-dRat8P?P8EBY-^bcpml93>A>q@v?EY z_GqUwh6bnZsx#~wRt)hScEZ33>Vq=0nmbcp=V*=5k=;>x*cQk07KOWp)%)P1XU1s; zRwqr#5Xqd6)<)OUa9oCVQq29#;CfJ~F|DvaUk$o?b|n`g7t zn4Gc1SZfT9RkYA2G?u91Rco~coX^0BD=)XcU7f#NmE+8P);O?`cwP;xxno)BG;5tX zS`6(BWFB2{CWA&;=@W!k_V7J50_bkS`kb0=Yp1`kYAcgE;w0ibh>hgu? zE6=p!HdQ^>1;~)TU4luWNLGf~d=HKMv-B{v94TXFYG(KMa%U>pMy!%UCsBe`uFgmK zg9{9c$#Z8inKP-dX$I_6^_D&pmBWT&y2ZJSW~I*!6CfRx8JVV)Ry0cO8vi_b7Ecze zw;y1lvgPf9N$-EfBKm^DK&J=Aw5(u+$$N1am`Q;OU4+?TSmgaNLMpX!gl}5iN$^nv zVEfU?W)j)uQ!Cf9=RP7^9VykY(He#cOH3d6urdC#Wnv}hoMmXR!S*}#gT4sV9| z*SW`smXB$-_KBUw@%>q{^QJvdoe;A|<(7q)XU^Rxud zpDEor+P(A5G3alNh1x!S2L|dhZ8%%L;l;T98RwG5|NU70Yn^Hi4!0O-DPB8e?S|3K zYTci%O)FEQ6xU^`>B7s_#1Yuj0i;l&TPKkp#NC>!FHCGNa0K3tSK>P^u<)>5qT1wE zk@*$tq9^_C0KhXNcEx-RMH0XCiW%sR@vB2UUD1f47<8=xpExBTmRVDL0RpO=z8Jd5 z;g#?Xt~IbO?-tMJ5eIxfq~Ug$U#3hiBO*S)B;`f5rv&SrJESI8ZFi&Ok$N&;qK~w5 z73&-0KNrwgE&TJGf0n!NKf?UKyjQAhY3pEPDk<_GZqNUo{{ENWuI{OhqK^8*mj)X` zrKQ4J6rjr56kD_^RYMmo%^F1((Aqjp`Y557F%!*#GN5&1#Ify{@X}vbal`cu^sT_x zYafJ}R6#^>eq#H&``LZn{dnj9|8@2iP<1TZwn)(6?(Xg`!QI{6-6co}u+cz*ySuwP z!QI^*f;&O}KKI@8&Of=i@89=(4@P%0_L{SLb=B_bs#|gNEt<&8q=YFb=y~kbR5g8!|4EUa z45yJBmey>G({N-OnRgCLiOQQIInuTj>Qi#4l|lS|6&WMU5ijEoenLBkJ{O}^6U)wW z0cm~;G=0l8&i%T8f}_5f?URF-_*cGhRG#4mazN1?ID*nc905)7bxczK(m^WrR0{H0OjC zh=vyrhov1bq9Aw-H0V-uqZx%|Nf|p z5uk1>;|5&4Fo%T;rtE45keQp> z;40&EP3z_ov5~f8Nn3152>yYfi8a!A(Q1E$IPy&E((e+3Pjvn6lpME415Wda+G;KNLRx5~>e>pF4snkOrKw~q zB??>DV(~sl`-44QQpGmk-PL_gO;nvxLQM`GaemcwJb5P_{{U0rwpRwRl8&Z{P%%L$ zuJn>37UyLK;9hO3T?{>orI4C1ho)Tcy9AEFyb(!XRcnpBF4K%^_j%lUNnyT879KM? z!vtxU8hLoOMZ@6($;1ugOkcw=%Z*`t53#%!uVP|47Ml@74pxf|?ic-|)o=-M<3s;sP#7V<+)VBn zM;S4aK5tUjs;Ca44^3!!w&xKuG1AA6b8L+7mf#Ef%y^cu@D3m&fL_{ zhAjni^;r$Kuhlw_Z{E+8WuSEt{IpN?>8>QZuOnFx5 zIa4{+GVKm*4b$F&TuSuQ#}+&exlX2zmhiT1?9(lfc6@9_{TlNZ$4z&f?rV`j08)D7 zQ)Kt(D)yUa6zHLMvO0&IP&jwlv5Vr95p<`c2}#04Q15EV7s)iot{e{=Ql!u(@kZ@? z$>nkCWeI#fFNO)ARm*OYEQX<%O)uf+sAiI7ZmO&f96ZD{DcZDG41#Z?T|B}2>OqBM z7-nHdGmFOV$a#LAfeZ8}x_jqPJm>X9gzXneJArmY4oZ~jwn=n*7ZQ33QtXoC9z`TA zn6LWAvuGjh8(b+>Ocn41n6-f=0$8>w5T(v8sL(r}#|6p=V6F<2HyMF(3U7+TqzP?C zAvf)i`TXGC?0~1M=<4GPP`NWPT{xfbPR~_(B;|X6K1V=!30thhjS&f$XaR>=BQJr6 z*&@o~fYQPx*v1$`-vIB{%W5w@VitJ7_YJ3~HEE4_?L-uPx%fq4U*9v%!XF<5WK$6s zbN#!1@;`pw|4d8$XC9#6PUx@c!T=TW<^&JSy<&Gki9yNeSjqrpu%R(o(8QMSz$iXJ zVDgN%k&(tGAJGwM)}1vpNY7c<*O$_(mqXA5d?;=3Teh~dE0?i5tysf6HIJv+cw4>S zH#27mgE>6c@rxf#Z%zAnx3|vgyImfLh%#k$%pQm~1M^zpZ9s!W9vUSiwH;3Z|y zoOacxx^o2ctS*IQ%d-bl{yY4zMGE`F?!F@t4h#U5TvZYvL=YQZw75=UYX{SRQr^Uv z3dXkh{quhcALB8wxl zlSBazfLAGIMAF27gWAzkFXP{m0oh+1e*IukNn3EKYBc#SmSUQ$z^k|SV?E>kNfh{L zlxAM)kj7H96!=AxQmxA(FFQuy*gz^ z0#CwU%qFL-DC7#UWrGDeH^PMl&+uT=FR5JTt?_j2qVQ*;OcxoO<|D$$TFbFK*&^hb zil+0HR3Y?^70^|bs!ZHQ!*z@lcgpe5(hdjdN|=iij*}t{+nRY(7W?BgxIc;@?@fhK zq>H*-@S`1}jeYsfbFz~i<%Ky{8S3f|_9(3x*Z`A!`!LXi8kiGCJSDRmN5x|+UO*;6~|$R zy|_vVXfWkM{vi+Lf}yguQmw#C@9`yM+#IJ|EM%-FeI3Do$rK{|NLJfuTG~3;i6N*} z=0lHKpiN&&g{En#gUTQnDt{f0w&_o)fE49^xs|qb^~LZ(rZIdl3%hI7p8Ya0R)*Qo$U2%Pr-L-3#|co=Oa$eSe0Yjq+3yj7RpT|#OCt$x~xa`(gxrYbz#qt5VAEzfmXvS zww2)3_A5SM3upcwbgooocmmC}3sR8NX3Ad~jA_J`xB3sPuwlf81lB25A>T0)2``8omkrc07Qey^P=7O`<`Q2e!M@KxP5^MkrQ5bb*x}ZjQiC@W+F}03D^< zPY#{ap`<;g2J&?j_gr+9Qznwmhs5YlNq0Ac3r3V?pn>*yDGKvR1%@1bbmiJsQJ1+@ zJAFnDC@f*ZAkf8US)AMVlqSryS-uNn6l)|=HC^F-B-JD>@%F5TI}~g39!zqCgYRrJ z=jddTM(_3;+{Wy1Q&*PN>zT*!CLM2lBuGVhGTDygpU~piaB4U2ZC&PLmE)M};c1I; zdiry)I43P+pXhwYIXdH!0xM^R)%7HL`CKviqU8JfPHhx>nix~+WR%aI4Vy@}vl#>6 zPRoz$1nbkd^evXIMO-VT?tw9?<*vX8{qg+S=Bfu+F5XQ@TyXVO!uLGiTqlTPWK6`E zPYWug(|kS^J6~KJ-qc9~rUDIlifl%|8Zw{eg4ak@uA3I2EK7vQKH>Q44HVYSmuamP zBG<=*OEg!Al4xfNv@7LYiBRy%ZhZQ*txgABx`rU9gA-{~DNuBdjn(-2A;jV|nkgOG zg{N&wk_~&B`%ImSy)q%Aab^BPUbFsTvIfUZcsu2ezCW4a(apV*_h^}KSC&#fy=6;HgrW{_97lA&2}(@h-jK%XXA!cdbFG5d%rs0(KRnf_NoLjf z7Yle+q{0aCmSM_0QNO@3D^Uby3klA11b=QZTo$N;gy%KE!ukR_tW;ni$^9f#z!{=* zz*7h(qICR*E;gQJW`#}tR4>IiH6jUSEJf8De6FdMVUI^;(9@#(mFA(5;w8#&f^C>S zQ=>0M#MtK=k}<~x6z%+8;we_hpW}$}Mq_qRgc(EvN`?%puLYksi8HkD<^+AbC!s@) z=uqt`Rmh+7i10>%xzh*?1SRS*423nFO_fYp2I)j!gib!sW_VkXsz!~bb>Rp;5Fz!3 z&>Quep{C<0cw2!fAM%ktMxAg#BVvbrh4D0UY*_M)4zKyeC61tSi8DrzrzEj4~ zqb`UVgt=@;RG({f|2Tj=Aq}vQ5h>0rN61)hR1*@B6lWUj;!@JV>kpE!>jLwPm0CPg z=h5{MFSQ==&;r(z>=`cFIOFzhbq8T1WcMbHfM85DF)|qUvwBW$x4^Q^g-ytY2|bu3n)Q*3AbJ?_<{?iRH+AHh!_yN? zwsGuArnIoP{RLV9GWH>H_I5FaLM*wMlg#vx zDYRGp5UXs)P%RQlPPOFhLfGEvtK=-$=LPsQ3b?@u4p@ z6*%-IMmzP$dVgz%4CFvF6FVa&AZzn{OKh?W6o4^uD~ll6FsqXQiy}wCh)%{QZ_(8| zauZ-5Wu|G7?>V~i}NI&wy6$Lp4$BER$vi36RlG0 zRZHdP#I%khWto5Hc>m$ni{l-l1evHk$Aj-A$5>ibd=V5xAKqTm?C=hp ze2+o139T=&6J)~IB@g3q9U%wpb_`gp^bRDd4?(b$t6pYA&Z$Ey!Gk-yc<+Va-03W= z&t9yU9f)l^0~y&LSh$hFPOn3-r01JqzPWIqYnwYGAcpH$-nB8U zDq;n^^re1$;2Fv~HK~vL&i71AHI>XVKs(iq8~L#{@Ttn6;ejcs@0$F!se2cfoL}V| z0-}Fhv4BU~RO^ycKLR&3v)6-pfs>Tzy(Jq;U=zo2F)k`jZFIMV83}R}S=*Uzm~vy- zPpaFCQ`wyrJH+jvM1eT|XPAPak_7e@x#y~AAz?wZdj?6=?aqs4FXe21&MjspheZ$M)LyjlWq!XvIBQKJd zPJ%fRSH?N>qkh<6!D;?7{R7Dluos+jy0DW9S1TcL17rp1!a8*ayD_&YjjB zBKwNtuXi`2K_3B$FwWz5Fb=D91977SB6@)&XnVma`${1Q=7MWzLj-N`^{dVZ1ozCY zKqz=F<41n$E0dn-oG3%CDmttP%HhG@4UR`AKd{JzBzSR!;?b}>mcne8drG-i27knO z$wo#V#j7)hLFz{1SAn;#%|f|XV!_yOxI46RFKBVnzOq2(Qg#%3Ie@Shgr<3QoYp7) zfr;d2zBlM%?B^S6%Hp1WZ8|CyD4umE=gc4IUm)MOzz1r5fRQX6mdu@9jN$J)mU{(b zZOnPo7I6T1pmWS`J-Y^1m0kK_STf|;*iAj~kjh7^%1npkeoLDhNzXb?zTgB?1?APf zD15flD5HK3SA-AINXl$5X8i0>*MRTxh;P{QiBdr2=KbvN`<*Gzu${0!@IDj4gTNv$ru zhfTAg3Q_X4*qqB6LdF%<&zFQNi0)QT>P#k10v)?#QI#CF@21Cu+a-?5j$HXxhC(p- zlH58E$E-+MW>_>4FC)#Dn5Hrh1Zy0XJ{Diy zsE03~(MQVZ6BgvJBIeM@9IPoiEsM0U7s?v4J<(v>k&8!%#{c%i$SPbWxNXggDz3>ZPvnVxLf@EPdq8*c>F6 zI@Z1Jd!towjM^?UO_#`)OwWwpHzhN-(u(r6Lxb~VT$(Zzj8KMm{&*F4;hbG8uTm&d zqhoSmqZP(Iqb4FyG_38dO7ZRb@pGDeXT>^o!aun zHrS8H*2zHR(Ky}d+-tmXhGD5Xx4)HK#b(kg;PAlOi{KV5Xg+^}f6YVgWF6jqOh3eQ zy<;4&9xS(f=uA%C_DkA_V~bEf1Iu(qjJR|8LSzO01a3daf}@$vNY4E0XnBr{Dc`c1 z2{@zLX118HJ$;U`u@<3hrSOCbqAIREs_0B1Z#wdb?%D%ar7mlevpwgzNr=Em*4Up# zAMj!7_KAGArdmp7#NExjVesk67gA0RZ0mnWdB-5$z!6iTLjMB-1fHXxi3|ynkM3!9w?}bNki=Q zqG3vKsxh(vU)dq@Az=m%=^LQJr6Q>N+WA|W$YSq7HMFfA#f=Bt+2_}~-OuSN^{tRs z^u7v1(FkKdpyp&z(>GA-f~r|UvpTsVVQKOO&1i+coymP0yB+UW|Bxd)xX@0$nfgsh zdX!7-O_^$-^lR>2L%vlbY?Sfdx_5^kBU@AUfj8)BTIrn^lj_MhWFRITt31KgsF!T} zTQ4F@lsZ@rfk>V+!wk8E+@6wPfz-%d;r#&X$$=#6J`=tFK}KCU?sNv_ZLzI5Jm=2$ zIPK?&m*Z2-*_=fLn32!Q!LozR74o}5qm^o~g`s)<`7$KmMEQ`f#fZl$B#8t{6!EFl z+mExd5t5H>j!&=`YKl@p8~uXKGY30+4?+$^TxucMua_PM z`{Or_+-+kCnG!ExOPSZWn2g6rjEPsCNKZDzKgm^ml}>5$M`RwcZ(ih|{2WRqN?WDp z^ayS#z4VL?7>;Z!qLc(0gOI&ag|AFS7{F@%xA;g(r*Y@bFKRv<$N-*rXGV#c#}waW z+q1D8X{4n;vUmyg%90G{vOMbHX`5Z8+PyS?TaTEi{(g)%CoWx&>co$(NbEgPI)0uH zCRSdrhNvjT_(fgS_fwS3U}eeRdG-)I1UdwJJ^CY*6^#<&SQ*t}_VJ3|XN0Ee{I|gK#!uv-&2G?{zhVd}3 z>_{S3Nv$ZvB|jnS_&Z!i=cNbwkT0AtBI>u(+$p}N<%auD$2eO@5d6EP<0tv@V(mc9 zSz?1lK;4Ub3PU-)EaHs&mdn!5kB8H|MVj7~hRbfd!71RbUqD`~Alo92wf9!Wm-Sny zqpk0z2M{JHO~)BwkZkPxfnMCJK&@^1FgOdOrcY3WPa!zoK}x{du|fJ* z_8x|0@hr@kK0&LQ+?ci?$E?7>_@KGi7u37HFE5M+?Joq`Q$NmI0XcFXJVEGcMMV+> z<@QCX6)ex6g~X-@7~27OFhH(w(3RJ|O0uU9I}|fDc|&|rMn)GajV;mjTH75yq0rFh zG#eTLTnZ=>U1@&^c2KU*HiqmoFD6}NoFJOX5)LFF2Vg}jLhQBb9e!Y3yMT;059I{C ztid?9`>+`JExqS{;(i*FNM9$Ryxz>?ewrWls*JvM!yX+kXAMb6tlM(EIrEMKjUdPO zgckOG<`pux=P*0)>s%mpvR`dMA`;gv6sOh+#6)$P|qNYhRU zRw@v8cJ9ovSqPJ6yzSwc9=_CF&ezNkrgPzw_iSMulC@QRJ}tOCO;9`c-Dw?>_57N? zg6ii5T$}cV?VoB9zjnZid<4nas0>~Nl{A}$RFN@0mttzy>00;c;!Cfb{hY4gX8m3@ z3+bY;wEWl@>mdF@`oN~!eF_Gtntn08!qB7T^V$)#`ggAQEB)MYq3`UU}#E39k6dG8>t5CXKN=s2fh*Uyw;*A2U8!q-~ zRH99&iZvtN#IIru#1Xo}7|lU+&d}fH-Q8f`Sx*)pzgR=LV@pvM%gmV_DmgD%q2|dB za3LhRSe=6F&i9&Z&14nq>1NC2lNb!3WfT<^q(z^bRp#)kp+n5E^YiI7U4%PkrzwCu zZi9abe|FB$Gr}_rO3HB-u);)F#cJo{j5ghkTPD!o^wXiDRcO>`Nw+W@M!DBv?MT-e zANlB&p98+SkI+^qjp0y*d4KVE*42OPe0N(z*rDB0)v*Htgc_Z*dt_QBy7VHQA-Unv; zW3qnM#`elNa7+WdUC3V+b<;@WQ-~fYfjflfBKkj0>K9?F4n(wVgBQIjpFqlHC-3Iu zAL}KMboqS?#CG6mSP#_#^*J}e<6awHpgC|ol{5HZ-tY@jC5Lj=CFUAI;f1WWiK8ki z*C(o7NANpSb87t0e)Lr-HLa(2P(*z-Kc_l$8-JD! zi|?>!-8tY$RQ8svJ5GU6x#hP=I|%4Sd~%aX%jtP5Fic3tq=P^cy1P6k=#W0SP7-M| z@#Qwq87EwwSRmYt{=smN&H`K8Ov>)9!o9H_sV>;nXiop^xuK{vKZ!p+ssEZ6d3R-j zw)TzV^|2%0U{JfI)ZtJ@OXQwg1nS{+t)d_^3Q7Kk0_z4t?%hkgWHhED0lSkx`Ic}C zk^oPSm@9SL!WY}=Q%BwV3o7qVGDk`bGoyGGtON18J3LOcmdki8lD=Li4E@*B}J3Qf$r`(S!v3;RVPVT z7Te&{Z5~T&V6%;MZ}B|asE^>`G4u*g0jTHNR|B#9z9ORV^#^WqAk83>&<7#D$rD2E z7=HO4E9sZPoDvPSQ80PQM=e)f(4;A=M5szQ9nLPMS1FK|@MF=05EQ_n%=w9#)hl5q zO5!9a`fx7={CT#y{z?K$*iT(q{?R+sK(jN`pM#Ji8|iU%Pc=-2gk98rso^kc><3#6WA3rXq?{o~uO$8WEQKf-*)8 zm2V2gM}zj*`ukQ~D}C~JCHPDeSzsA3LK7rG=p~!dDgCup2pUty6~uxI#wR?>{ghMn zd?9Ch&2^avQz||z{9}dFwS1Ww2P%i;`dMPA!K7Cz%`Hm0l&6K4)`d@0XgB&P+4jnu zz5E6;BXjh}CXRv=GthZFjmJsPHMFCN^|a<|E%4(yNAm+)+*hB@XO7+7pyFI`_;UoZ z1;TcTH>rZ!d(+PlGQo5|&KIUHo8q8%h|$7Bn0J11y@xOHi>1J^CR?tY=^=-tCkXS^ zD4F2m`6zIQF~Lz_-I=1K)*d~tG4~@krexXIRVeeGcDBjg=D767BLlsOtI<#kd4B#h zJvGDiti@^lv5RPapRyD$LlX?zU^uK@`f-pmJMY_x_5M>^$sIxPpySKgXt`JT`ttl8 z>@7sGAt=&b3%Fyxd)?q_Ny$gm7kty*^PK0lpSm)&*|PGr=iipYB^%G&cf>%i5?Py6 zhd@KYTSkUR<$!UJhe|HB+}Enw;g&6F%xhh?Edfie;I&7P<}(PRM27@!m9;jM;-){i zq|#=oLnURbKhAyjDJieu&cdm6nWGfy_7GaSpB8mZTMu`oMURV`Nu^nf`5F(Ue6CUq z(!LrNN!leQP+K5De+-;t%K4;n=AuBV3tZ$grrAi=teCa$cZ&{n!JR~(8dXlCVR0O) zqvzgeKQ4z@!$FVO6G!kFmOqW6ygCJJnm+r3Xx++Kwo7OcxsIp-uQ>A2E~eoLGHpd#8=`!*#}~`xC|||^t4_h*AZ4~M)mGE=VV=uDwvSz3eARlrKb*!Y z9J(M1Fp7%T5}rcM^&TS^-WEMI*z;$11o}@uWq3>TpGLk;Cf^5nBfRN@zzZ&H_!s-- z>(7^O6m66U9)1%n5wxLuZ|LN8%*Zr<`S48pxb}s+5mZx3w(FLy${neZNv}~S~tepJBF^JKq zvcDg zeVM(Lifw1uTCMYvOUg>c$_|}JXCA)ix2c>@7c(d4;GQ5OIL2@v$CLq>b{5s@LrGBw zm!nn|LW=_oDdhGO5hm`{$C?e9qO{9w-`y-FnOyZYBluJbP?M#McHN3_k(CZ$mX%~NWf#9~8Zc05nJ<~?*eJ$Ei*&0JX~iea!A?|WQ>896($ zOrRTMLNbn2A(rOQ7nQHeohcl=I%-S{qx53hb#%*O1eDSo)45COocrh(1C8Jtj}{|* z;eJBH>CkEGi+i^1qq1B{EM6zjvq*#@C=q2I1pCK*OrX}7@a!2w9_K&$R(r%~m7hYp66)%8M!^N8BV{lxh<(2@0pau|`Klb&%wwAG_w+(tnaX;;p5%9D zW{1$hUNmqps|x!iu1S~Fp)irt-tbBjj2fSMYaK)@F|_b zvpwR?MyV5roFifajLB)#{H3IcC#R7s1bVvMDU`ab;4NHbw`_aM5pSdn$s^-tl|bYr z$d6693XQY}cDOo8l#ckfTYQFM8%I4LDw*(P7p^mvo$R2c9TlYus8e%tIC6KS90BSE zYnkcrQDbwqd%os9=wc(g9fS4(VL6c5CJ4K-8$2~bRN-}ux`3b4xH7sM0>vZKPD0}3 zXS^u;XjsEMG{EVqhjG{f%IU|k*^#1BGImurJ_r_mrEPtyQEJ$|zJ0dcyblHv@DaNZ zr%qZD1nYTCp%)psvviu*9QQU1*gQTe#!(e+myQYB_)T-kg(%)N>dEM5RsuTe4)6oJ zd(>yzSKPX`w=x)7zW4i)=8N-Gan`a_O*Xm@VeUDeB_+?VBzxMrj)8H8>q3jxxE8aQ7TawF^U-)=EXH_XWAA zU%9`WiZ_vO7|0DPV5Ftkgon^2qX&NbfFBp>O05vnJAi+r;FBMF%yY~ofR3mSe>HRx zxnm*qj8|#xDL24)!P9%D)}GKV3CrT8pG@z(z3H-ggYOZx?iBx27=643p9}^u(5y%I z-hu0!>wW!kfAc~Ym5aYiYQXRpFNyiHs7vQ&L#6c7o`@jnmiL{_)KRoyj!_N%iQmsJ z0RT?7XHb9B#cJ=-@}&+nWFuRVwBozbiVqWxd)MD(cy6*TWEV=5*^Ut-TH~w2NH0$7KELWIa<0-OHLi;Pbrx2e!-t* zJ+Rej8b)7|cVklph1bBcw}F*`cVJ#^xm0SQ?lwA>*t38sx|AL|hs#mEviUH^zqN`v z9=Ii&&ez_PLBRuvxM`Cq_n@NYt}_fP@}JWGybs>rYRP=Zn7hVR6)C@SXOI2`(bkkRMzDJL&oR%v=VDJQR-K0Ic= zfkt|HrGU!HNmprF9ex6}JcI=>7{bMX%%4Y1*&gm1y-N2bt^HjpYFMfr43v zQ;^~zZ#l;az7@NI6)REWrUIz!t65Sv6&xNx9!+d2;%V;`NkR>vj_C8~aY2BYP;foWk!JB%h% zd{f{>0ZlcB*(KNkuQTWi8$lbJ{mz@z7A{e_1G9-^ZgQhytm$T`C>|(BIy9aexbJtz z#qE?~n5qtdtX>kC92xZ%GE=AXQt$QXq4J5&QSI(vg7uiB!)Dvz!N|J#KEJC(r1Ji{ zC>5vWT%wA%OEAT_a;xvFZ=Adg9BTjT$;JH621Z)*w|Jpxd0+~w*_kM@u{`!6r6lwC$R1<=pVy4IA3FK*R-yzeqlfr$_M)0PT|*} zk%#xM;hkIOaf)ww-ZZohk?vTpU;KtI-?r`Gd?5e+jAp_X0?YwpEN_9KdcTdc{QcUi ze@5s5rJTi_ogMzE-kc6hzKkk__F7Q4)<9RM`l0*1e$&lov^FB`uJ^`7)RsXvLYW1p zK@4@gZXPl>f{#RD--Dq1KM4+dntL?6ljk9(va){caOrRuPrE)ipK<_^@l5{!&5zT= zLlVl8=l&=F9H4Agd7vtpE@2kMgr9Lt!1iWYa>ir+&Q9ifBW#gWIsd-ReE7w^Rx!R| z?EQ+fLQ<(gsT(X%AYEGqr+`&|A3nDqUnHe8ft(%?dSTn*n&LQ84d+r=qBcaN58dMJML1+BAY$FTt$7 z&Z7*RI=^O@u{GI2eSh%rx^scw-td5%zyhqz)9Kqzk_Czz5C(SGr}Q|_z{aGtUC^=7 zG0W;oH3JgiJQzIkQM|^J@*k0N{N7K+Wf6;&*5Oc?=H7@oM!c>T%mGq-Okc z>sD`wpAd8p@fXrTBTXXbJ@_?h?m;~Ag;_oFKZiJG&R-(omy+Tr$K8T*7sC!n@DIWT4pe^>pae5X`W~0sbT2B= zO^Gt}66Bs79!dx(A%H$>h2{Djc@i%+Uhl<6wi5l-K&`TX^$a`r!f2Z>8iH@&ed9jy z@_`cBP=sbbZRGPWU0N{pC`uGyQ+WjDgrNJ6yR`pYkggu$KBJEH%0RZr47nV{A|o;) z-J=LaPY$ZRL)HDI>Wc)CUWKv2iZt3#ys7v-f$P1TH%|}s!42q>BL52+E=hFUn&;IrUJM^&hBFE|UnB(^ z7^ouv_2n+?KQO`Smwd;&;|bULF3NtCH9%6%+sZe1Yl)kqg8pd1t&c1?<{q!NL{6+q zV)Lj2)cvKXCHyqdB0kSf?TdEoK2`&Iul~$J>P1mI3v<*|$b9$% zte)zIji<9{3uPJl%51IbvEz~Y<~|NEaMc*vI<_U%ifyq4XDlY#oCk4)V>3>C(U^;B z1$wAhXXN4AVgZ*0CUQ8_rScrE5(Z9`fzPtuex3^6jX2KJMR8zgeR*BQP%*sa;+B`T zecWl$o5FaETW0%)<=a;=+>53fOFxXFSt4X=e#qUPMcUxE1%zPkNE&Nze&|RVGk1n? zYl&mj_YsrBkPaSAOJP9AsIk^Jl)$X)dexn|ibPMYNm4VJih~)cY0tvY6I3r~ud!sL zJtav*ulX@ttPyVAp(wp;E>qhq+JY2%U;Gj0Q$|gP)#$;By#SJ*iCEUIbEnHF;L>7PQmW37j?IM80NCp)bZwp1-VpJCBp^8R$rBlSPJD5 zG-A2yk^0n9W+>dumM*XFEJL`5A|1L*!2<1M zyeBk(nW=M-wB~!xeD1T_Czo1DNLr8w9fQ4ADS#MwRT1VW&5sEars<{8F*2Y_{Svbd z6usr9@&$ATzLb<$HY zzK0__4ZlhKT4>hNTtk)qc|7WUR9=n!_({~(&fWee4bH)~^~EEB%j8bbx4SNr3SBcp zk6S|P9|F$9;**=mK3y)AKV>_MGbT;k*=}lXTzU_ENH2OI59k#* zbEjbw1*b?J}<>ES*Ut>W{^=69O! zjG$Jva_<1=Ja0SnV5?nn6=023nW_TUsiBadf;>)`--27Qwrkyt&{x!}eYX+$yfIrb zqbiNhX$ao%b8V(gKo@M<650tY7w2N8=Qlgs13ik5_&X3CeKRLQR_(0js*(kzlON!7 z2Na$IMAl+9w$=0y$p~$g))Vo1B_6mgC;CtqikUI>ASPi;dw zBnCtqqsWgn*R!IiI-tqjR6ek?@cBSd`uDl?S^y^2yJssUpHcE0<@(sLSp< z#Klxp8RW!&Mfk(yPhw!=vwv=X5W549O)UR~@{e!)X#k9F{pa?FK{D_dXkcV&@8Irc z_dgmU|7rJ+OZ@(KLlXz!Tjl>~j{Z0E+uxbn*gF0TMDxM2tu3(ZPQbu2vj2tv0m%!X z0qTwXUq%0~68r%nBdhpdIZXcRLH?`vDqDR(vw&zth#(;3e?wdZI`iKmIy;zK*_!!w^9ZJJ2U?t(#6ri-sRsE zlgK@t0tR^HmvH|Tp!X+iUce|&_TyhL|Mo5+0)%xnvUmOG5Z|v({gJm7`v8PBC;8O_ zL>T`LTEfiU%=r)fm*0CpaLflm4d_rr;CLkKpG5`k^8$28{~hG7Q76h~=FVm=mcJ+1 zofQ473#>$%!0Po!@9@tpF8~yH`Y-PIC)Pi_^8YBhjosPgvkSFQ5<@ z82K;AzzVBk;^1he>Ht*2`JOnST%e zu9s$026$&OfE4oo4gQD!5`ZJq|GEEu>s4SKF?0MQt8@tUvpLdiJup6E%zJnzqP=>GFSfE_>{sRPzsO+B|2Jg6zXQLD(f)-VXY(8M|5Tdx*Nga75bG}*50C$l z=HJLF{mS&Ka?@W-Twebn)BmjF^ef@7IvIZv@_zcy2!DTPehnZ03)d(3H@N>(F!`@V z{xxLrFKD2)`@gp7zcsu6F@W(`qF?9G{vzTn{@)V)-!p2z^87ju_!rMc)ql+M+fl(^ knSLEY`HKmm?muPv^L|4BpHd(oM8J Transport.InetAddress - nai:8991 + nai2:8991