From 88d445110cc1336dc8d5e4da037204d3aa7eed16 Mon Sep 17 00:00:00 2001
From: Shlomo Heigh <shlomo.heigh@cyberark.com>
Date: Thu, 24 Aug 2023 11:52:01 -0400
Subject: [PATCH] Design for single-use-token (SUT) authenticator

---
 design/authenticators/AUTHENTICATORS.md       |  49 +-
 .../authn_sut/authn_sut_solution_design.md    | 433 ++++++++++++++++++
 design/authenticators/authn_sut/psm.drawio    |  95 ++++
 design/authenticators/authn_sut/psm.png       | Bin 0 -> 42474 bytes
 design/authenticators/authn_sut/sut.drawio    |  72 +++
 design/authenticators/authn_sut/sut.png       | Bin 0 -> 23264 bytes
 .../authn_sut/sut_3rd_party.drawio            |  92 ++++
 .../authn_sut/sut_3rd_party.png               | Bin 0 -> 32790 bytes
 8 files changed, 722 insertions(+), 19 deletions(-)
 create mode 100644 design/authenticators/authn_sut/authn_sut_solution_design.md
 create mode 100644 design/authenticators/authn_sut/psm.drawio
 create mode 100644 design/authenticators/authn_sut/psm.png
 create mode 100644 design/authenticators/authn_sut/sut.drawio
 create mode 100644 design/authenticators/authn_sut/sut.png
 create mode 100644 design/authenticators/authn_sut/sut_3rd_party.drawio
 create mode 100644 design/authenticators/authn_sut/sut_3rd_party.png

diff --git a/design/authenticators/AUTHENTICATORS.md b/design/authenticators/AUTHENTICATORS.md
index 11911a5e68..1dd86df67c 100644
--- a/design/authenticators/AUTHENTICATORS.md
+++ b/design/authenticators/AUTHENTICATORS.md
@@ -4,24 +4,26 @@ Authenticators allow you to customize the user login and authentication methods
 for Conjur. There are two endpoints used by Conjur to authenticate users and
 services to the API.
 
-* '/login' is used to authenticate users with a username and password. This
+- '/login' is used to authenticate users with a username and password. This
   endpoint allows users to initially authenticate with a memorable password
   and exchange it for an API key. The format of this key is configurable by
   the authenticator.
 
-* '/authenticate' is used to authenticate either a user or service and returns
+- '/authenticate' is used to authenticate either a user or service and returns
   a short-lived access token for API requests.
 
 ## Existing Authenticators
 
 Links to the current Authenticator Feature specs:
-* [Authn-LDAP](authn_ldap.md)
-* [Authn-IAM](authn_iam.md)
-* [Authn-OIDC](authn_oidc.md)
-* [Authn-Azure](authn_azure/authn_azure_solution_design.md)
-* [Authn-GCP](authn_gcp/authn_gcp_solution_design.md)
+
+- [Authn-LDAP](authn_ldap.md)
+- [Authn-IAM](authn_iam.md)
+- [Authn-OIDC](authn_oidc.md)
+- [Authn-Azure](authn_azure/authn_azure_solution_design.md)
+- [Authn-GCP](authn_gcp/authn_gcp_solution_design.md)
 
 ## Authenticator Status
+
 This feature allows the person who configures an authenticator to get immediate feedback on 
 its configuration. If there was a problem during the authenticator configuration process, 
 the reason will be returned to the user so that they can make the necessary changes.
@@ -35,9 +37,11 @@ separate login step allows users to authenticate with a memorable password,
 while using a random, rotatable access key for actual API authentication.
 
 To login, send a `GET` request to:
-```
+
+```txt
 /:authenticator-type/:optional-service-id/:conjur-account/login
 ```
+
 [Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication)
 is used to send the username and password.
 
@@ -68,9 +72,11 @@ Successful authentication returns a new **Conjur token**, which you can use to
 make subsequent requests to protected Conjur services.
 
 To authenticate and receive this token, `POST` to:
-```
+
+```txt
 /:authenticator-type/:optional-service-id/:conjur-account/:username/authenticate
 ```
+
 with the key (or other credential relevant to your authenticator) as plain
 text in the request body.
 
@@ -80,7 +86,6 @@ The request parameters are the same as login with the addition of:
   your authenticator.  This could be an ordinary password, an API key, an
   OAuth token, etc -- depending on the type of authenticator.
 
-
 ## Security requirements
 
 ### Must whitelist before using
@@ -99,7 +104,8 @@ authenticators must be explicitly whitelisted via the environment variable
 
 Here is an example `CONJUR_AUTHENTICATORS` which whitelists an LDAP
 authenticator as well as the default Conjur authenticator:
-```
+
+```txt
 CONJUR_AUTHENTICATORS=authn-ldap/sysadmins,authn
 ```
 
@@ -112,22 +118,26 @@ webservices in your Conjur policy, and users must be authorized to use them.
 This requires two steps:
 
 1. Add the authenticator as a webservice in your conjur policy:
-```yaml
-- !policy
-  id: conjur/my-authenticator/optional-service-id
-```
+
+  ```yaml
+  - !policy
+    id: conjur/my-authenticator/optional-service-id
+  ```
+
 2. Add any users that need to access it to your policy, and grant them the
    `authenticate` privilege.
 
-
-## Creating custom authenticators:
+## Creating custom authenticators
 
 1. Create a new directory under `/app/domain/authentication`.  For example:
-```
+
+```txt
 /app/domain/authentication/my_authenticator
 ```
+
 2. That directory must contain a file named `authenticator.rb`, with the
-   following structure:
+  following structure:
+
 ```ruby
 module Authentication
   module MyAuthenticator
@@ -182,6 +192,7 @@ end
    authenticator is instantiated by conjur, it will be passed the `ENV` through
    the kwarg `env`.  If you don't need any configuration from the environment,
    you can opt out like so:
+
 ```ruby
 module Authentication
   module MyAuthenticator
diff --git a/design/authenticators/authn_sut/authn_sut_solution_design.md b/design/authenticators/authn_sut/authn_sut_solution_design.md
new file mode 100644
index 0000000000..c323901181
--- /dev/null
+++ b/design/authenticators/authn_sut/authn_sut_solution_design.md
@@ -0,0 +1,433 @@
+# Single Use Token (SUT) Authenticator
+
+## Overview/Introduction
+
+The Single Use Token (SUT) Authenticator is a new authenticator for Conjur that
+will allow users to authenticate to Conjur using a single-use token. A user will
+be able to generate a single use token by providing their username and password
+to a new API endpoint. The user will then be able to use the token to
+authenticate to Conjur.
+
+## Summary of Existing Functionality
+
+There is currently no way to create a single-use token for authenticating to
+Conjur.
+
+## Requirements
+
+The driver behind this effort is to enable integration between Conjur UI and
+PSM. That integration will require a mechanism for generating a single-use token
+that can be used to authenticate to Conjur. The requirements for this effort are
+as follows:
+
+### Feature Spec for Conjur UI-PSM Integration (CNJR-2392)
+
+> Privileged Session Manager (PSM) enables users to log on to remote
+> machines/applications securely through a proxy machine facilitating
+> streamlined and native workflows for the IT admins. Conjur is now going to
+> integrate with PSM providing integrity across Cyberark products and easy
+> access to the Conjur UI via PSM.
+>
+> In order for PSM to connect to the Conjur UI, a new API(s) would be provided
+> that PSM could call to establish the UI session and login the user directly
+> into the main UI dashboard, without showing the initial login screen. More
+> details will be added in the solution design (TBD).
+>
+> The overall UX will remain the same where users will continue to use the
+> existing workflow of logging onto the PVWA, clicking connect on a defined
+> Conjur instance 1 and connecting through PSM straight into the Conjur UI
+> console.
+
+The SUT authenticator will be the mechanism used to authenticate the user to
+Conjur when they click "Connect" on a Conjur instance in PVWA. PSM will generate
+a SUT for the user using their stored username and password or API key. PSM will
+then pass the SUT to the Conjur UI via a URL parameter. The Conjur UI will use
+the SUT to authenticate the user to Conjur and start a session.
+
+## Out-of-scope
+
+- SUTs will not be able to be used to authenticate to Conjur via the CLI
+  - SUTs are intended to be used in automated processes. The CLI is intended to
+    be used by humans (developers, operators, etc.)
+  - There is no technical reason we couldn't support it, there's just no reason
+    to do so.
+- There are many possible use cases for SUTs. This effort will focus on the
+  basic use case necessary for Conjur UI-PSM integration. Additional use cases
+  may be considered in the future.
+- The PSM integration itself will not be part of this effort. This effort will
+  only focus on the SUT authenticator and the API endpoint for generating SUTs.
+  The PSM team will implement the PSM integration in a separate effort in the
+  PSM codebase.
+- The SUT expiration time will be a fixed value. In the future we may want
+  to allow the expiration time to be configured via policy to allow for
+  different use cases, but that will not be part of this effort.
+- There is an idea to provide a way for clients to register a key pair to use for
+  signing the SUT generation request. This would allow us to verify that the
+  request came from a trusted client. This would significantly increase the
+  complexity of the implementation and is not necessary for the initial use
+  case. We can consider this in the future if there is a need for it.
+- We will not be including a mechanism to revoke SUTs (other than manual
+  deletion from the database). This is not necessary due to the short TTL of the
+  SUTs. The time it would take to find and delete a SUT from the database would
+  likely be longer than the time it would take for the SUT to expire.
+
+## Design
+
+### High-Level Design
+
+#### Workflows
+
+##### Basic SUT Workflow
+
+The following diagram shows the basic workflow for using a SUT to authenticate
+to Conjur. The first step is to call the
+`POST /authn-sut/<account>/login` endpoint with the user's
+credentials and a code challenge to generate a SUT. The SUT and code verifier
+are then passed to the `POST /authn-sut/<account>/<login>/authenticate`
+endpoint to authenticate the user to Conjur and retrieve a short-lived auth
+token.
+
+Note: In this use case it would be simpler to just use the standard Conjur
+authenticator. This is only included to illustrate the simplest possible use
+case for the SUT authenticator.
+
+![Basic SUT Workflow](./sut.png)
+
+##### 3rd Party Client Workflow
+
+The following diagram shows the workflow for using a SUT to authenticate to
+Conjur on behalf of a 3rd party client. The first step is to call the
+`POST /authn-sut/<account>/login` endpoint with the user's
+credentials and a code challenge to generate a SUT. The SUT and code verifier
+are then handed off to the 3rd party client. The 3rd party client then calls the
+`POST /authn-sut/<account>/<login>/authenticate`
+endpoint with the SUT and code verifier to authenticate the user to Conjur and
+retrieve a short-lived auth token. This way the 3rd party client never has
+access to the user's credentials.
+
+![3rd Party Client Workflow](./sut_3rd_party.png)
+
+##### PSM Integration Workflow
+
+The following diagram shows the workflow for using a SUT to authenticate to
+Conjur via the PSM integration. The first step is to call the
+`POST /authn-sut/<account>/login` endpoint with the user's
+credentials and a code challenge to generate a SUT. The SUT and code verifier
+are then passed to the Conjur UI via URL parameters:
+`GET <conjur-ui-url>/ui/callback?sut=<sut>&code_verifier=<code_verifier>`.
+The Conjur UI then calls the `POST /authn-sut/<account>/<login>/authenticate`
+endpoint with the SUT and code verifier to authenticate the user to Conjur and
+retrieve a short-lived auth token. The Conjur UI then starts a session for the
+user.
+
+![PSM Integration Workflow](./psm.png)
+
+##### Log Messages
+
+##### Error Log level
+
+| | Scenario | Log message |
+|--- |-----------------------------------------------------------------------  |----------------------------------------------------------------------------------------|
+| 1  | Authenticator is not enabled (in DB/ENV)                                | Authenticator '{0-authenticator-name}' is not enabled                                                 |
+| 2  | Webservice is not defined in a Conjur policy                            | Webservice '{0-webservice-name}' not found                                          |
+| 3  | User or host is not permitted to authenticate with the webservice               | '{0-role-name}' does not have 'authenticate' privilege on {1-service-name}             |
+| 4  | User or host is not defined in Conjur                                           | '{0-role-name}' wasn't found                                                           |
+| 5  | Login error                               | Login error: ...                                     |
+| 6  | Missing SUT in /authenticate request body | Single use token not provided    |
+| 7  | SUT not found for user, or expired | Single use token is invalid    |
+| 8  | Missing code challenge in /login request body | Code challenge not provided    |
+| 9  | Invalid code challenge in /login request body | Code challenge not valid    |
+| 10 | Invalid code challenge algorithm in /login request headers | Code challenge algorithm not supported    |
+| 11 | Missing code challenge algorithm in /login request headers | Code challenge algorithm not provided    |
+| 12 | Missing code verifier in /authenticate request body | Code verifier not provided    |
+| 13 | Code verifier does not match code challenge | Code verifier does not match code challenge    |
+
+###### Debug Log level
+
+|    | Scenario                                              | Log message                                                                            |
+|--- |-------------------------------------------------------|----------------------------------------------------------------------------------------|
+| 1  | After validating SUT | Single use token for {0-role-name} has been validated successfully                |
+| 2  | Attempt to use expired SUT | Single use token for {0-role-name} has expired    |
+| 3  | Attempt to use used SUT | Single use token for {0-role-name} has already been used    |
+| 4  | Attempt to use SUT for different user | Single use token for {0-role-name} is not valid for {1-role-name}    |
+
+##### Audit Log Messages
+
+Same as other authenticators - one message for successful authentication, one for failed authentication.
+
+#### Policy
+
+As with other authenticators, the SUT authenticator will be disabled by default.
+It will be enabled by creating an authenticator policy resource in Conjur and
+adding it to the list of enabled authenticators in the Conjur configuration, for
+example in the `CONJUR_AUTHENTICATORS` environment variable.
+
+The authenticator webservice must be declared in Conjur policy:
+
+```yml
+- !policy
+  id: conjur/authn-sut
+  body:
+  - !webservice
+
+  - !group 
+    id: authenticatable
+    annotations:
+      description: Group with permission to authenticate using this authenticator
+
+  - !permit
+    role: !group authenticatable
+    privilege: [ read, authenticate ]
+    resource: !webservice
+```
+
+and the `authenticatable` group can be used to entitle a user(s) to use the
+authenticator:
+
+```yml
+- !grant
+  role: !group conjur/authn-sut/authenticatable
+  member: !user <username>
+```
+
+#### API
+
+We will need two new API endpoints for the SUT authenticator:
+
+##### `POST /authn-sut/<account>/login`
+
+This endpoint will be used to generate a SUT for a user. The user will provide
+their username and password (or API key) in the `Authentication` header using the
+standard format for HTTP Basic authentication.
+
+Additionally, the client will provide a Code Challenge in the request body and a Code Challenge Algorithm
+in the headers. For example:
+
+Headers:
+
+```txt
+Authorization: Basic ...
+Code-Challenge-Algorithm: sha256
+```
+
+Body:
+
+```json
+{
+  "code_challenge": "3iod..."
+}
+```
+
+For more details on the code challenge, see the [Code Verifier and Code Challenge](#code-verifier-and-code-challenge) section.
+
+The endpoint will return a SUT that can be used to authenticate the user to Conjur.
+
+The format of the URL matches the existing authenticator endpoints for authn and
+authn-ldap. However, the request action for authn-sut is `POST` instead of `GET`
+since we need to send a code challenge in the request body.
+
+##### `POST /authn-sut/<account>/<login>/authenticate`
+
+This endpoint will be used to authenticate a user to Conjur using a SUT. The
+user will provide the SUT and code verifier in the request body.
+The endpoint will verify that the SUT is valid and has not expired, and that
+the code verifier matches the code challenge associated with the SUT. If this
+is the case, the endpoint will return a short-lived Conjur auth token.
+
+Example request body:
+
+```json
+{
+  "single_use_token": "lkduj...",
+  "code_verifier": "3iod..."
+}
+```
+
+The format of the URL matches the existing authenticator endpoint for
+authn-ldap.
+
+For more details on the code challenge, see the [Code Verifier and Code Challenge](#code-verifier-and-code-challenge) section.
+
+### Low Level Design
+
+#### Data Model
+
+The SUT will be a cryptographically secure, random string. It will be generated
+by the Conjur server and stored in the database. The SUT will be associated with
+the user and expiration time. The SUT will be deleted once it is utilized
+to authenticate the user to Conjur.
+
+When we store the SUT in the database, we will store a hash of the SUT instead
+of the SUT itself. This will prevent an attacker with access to the database
+from being able to use the SUTs to authenticate to Conjur. The SUT will be
+hashed using a cryptographically secure hash function, such as SHA-256. When a
+user presents a SUT to authenticate to Conjur, we will hash the SUT and compare
+it to the hash stored in the database. We do not need to salt the hash since the
+SUT is already a cryptographically secure random string, as opposed to a
+password which is likely to be reapeated across users.
+
+##### SUT Format
+
+We cannot use JWTs for the SUT as we need the ability to revoke the SUT after it
+is used, a feature not easily implemented with JWTs. This would make it
+impossible to prevent replay attacks.
+
+##### SUT Expiration and Revocation
+
+The SUT will have a short expiration time, on the order of 20-30 seconds. This is
+enough time to allow the client to use the SUT to authenticate to Conjur, even
+in the case of network latency, but short enough to limit the window of
+opportunity for an attacker to steal and use the SUT.
+
+Additionally, only one SUT will be valid at a time for a given user. If a new
+SUT is generated for a user, the previous SUT will be deleted.
+
+When a SUT is used (or revoked), it will be deleted from the database. In
+regards to deleting expired SUTs, we can either choose to delete them when
+creating new SUTs, or we can create a service to periodically delete them. The
+former option is simpler, but the latter option may be more performant. The
+specifics of this effort will be left to be determined as part of the
+implementation. In any case, when deleting used or expired SUTs, we must not
+cascade the delete since this would delete any related audit logs.
+
+##### Code Verifier and Code Challenge
+
+As an additional layer of security, the client will generate a code verifier,
+which can be a Guid or other cryptographically secure random string. The code
+will then be hashed and sent along with the login request to be associated
+with the generated SUT. This hashed code verifier, known as the code
+challenge, will be stored by Conjur along with the SUT. When the client
+attempts to authenticate with the SUT, they will also send the code verifier
+(in plain text form), and Conjur will hash it and compare it to the stored
+code challenge.
+
+Initially we will support the SHA-256 algorithm for the code challenge. In the
+future we may want to support additional algorithms. We should require the
+client to specify the algorithm in the request headers, despite only supporting
+one algorithm for now, to allow for future expansion without breaking API
+compatibility.
+
+The code challenge and code verifier flow are modeled after OIDC PKCE.
+
+##### Example Database Table
+
+| role_id | token_hash | code_challenge | code_challenge_algorithm | expires_at |
+|---------|-----------|----------------|--------------------------|------------|
+| account:user:john.doe | lkduj...  | 3iod... | sha256 | 2023-09-28 12:08:23 |
+| account:user:demo.user | 2k1g2...  | kld80... | sha256 | 2023-09-28 12:09:45 |
+
+For this example, we would need a migration to add the `authn_sut_tokens` table.
+That would look something like this:
+
+```ruby
+Sequel.migration do
+  change do
+    create_table :authn_sut_tokens do
+      primary_key :token_hash, type: String
+      foreign_key :role_id, :roles, type: String, null: false, on_delete: :cascade
+      String :code_challenge, null: false
+      String :code_challenge_algorithm, null: false
+      DateTime :expires_at, null: false
+      index [:token_hash, :expires_at], unique: true
+    end
+  end
+end
+```
+
+#### Authenticator
+
+The SUT authenticator will be implemented as a new authenticator plugin. The
+implementation will follow the existing authenticator plugin pattern, as
+documented in [AUTHENTICATORS.md](../AUTHENTICATORS.md)
+
+## Security
+
+Due to the fact that this feature will be used to authenticate to Conjur, it is
+critical that the implementation is secure. Threat modeling should be performed
+before implementation begins to identify potential security issues and ensure
+that they are addressed. There should be an additional security review of the
+implementation before it is merged.
+
+Much of the security of this feature will be provided by the underlying
+authenticator architecture, so we only need to be concerned with the security of
+the SUT and the implementation of the SUT authenticator plugin.
+
+## Testing
+
+### Unit Tests
+
+Unit tests should cover virtually all lines of code in the implementation. In particular,
+the following scenarios should be covered by RSpec controller tests:
+
+| Scenario | Path Type | Test Purpose | Failure Scenarios | Details |
+|----------|-----------|--------------|-------------------|---------|
+| Generate SUT | Happy | Verify that a SUT can be generated for a user | | |
+| Generate SUT - Invalid credentials | Sad | Verify that a SUT cannot be generated for a user with invalid credentials | | |
+| Generate SUT - Authenticator not defined in policy | Sad | Verify that a SUT cannot be generated with an authenticator that is not defined in policy | | |
+| Generate SUT - Invalid authenticator | Sad | Verify that a SUT cannot be generated for a user with an invalid authenticator | | |
+| Generate SUT - Disabled authenticator | Sad | Verify that a SUT cannot be generated for a user with a disabled authenticator | | |
+| Generate SUT - Authenticator not enabled for user | Sad | Verify that a SUT cannot be generated for a disabled user | | |
+| Generate SUT - Missing code challenge | Sad | Verify that a SUT cannot be generated without a code challenge | | |
+| Generate SUT - Invalid code challenge | Sad | Verify that a SUT cannot be generated with an invalid code challenge (eg too short or long) | | |
+| Generate SUT - Missing code challenge algorithm | Sad | Verify that a SUT cannot be generated without a code challenge algorithm | | |
+| Generate SUT - Invalid code challenge algorithm | Sad | Verify that a SUT cannot be generated with an invalid code challenge algorithm | | |
+| Authenticate with SUT | Happy | Verify that a user can authenticate to Conjur with a SUT | | |
+| Authenticate with SUT - Invalid SUT | Sad | Verify that a user cannot authenticate to Conjur with an invalid SUT | | |
+| Authenticate with SUT - Expired SUT | Sad | Verify that a user cannot authenticate to Conjur with an expired SUT | | |
+| Authenticate with SUT - Used SUT | Sad | Verify that a user cannot authenticate to Conjur with a used SUT | | |
+| Authenticate with SUT - Authenticator not defined in policy | Sad | Verify that a user cannot authenticate to Conjur with an authenticator that is not defined in policy | | |
+| Authenticate with SUT - Invalid authenticator | Sad | Verify that a user cannot authenticate to Conjur with an invalid authenticator | | |
+| Authenticate with SUT - Disabled authenticator | Sad | Verify that a user cannot authenticate to Conjur with a disabled authenticator | | |
+| Authenticate with SUT - Authenticator not enabled for user | Sad | Verify that a user cannot authenticate to Conjur with a disabled user | | |
+| Authenticate with SUT - Incorrect user | Sad | Verify that a user cannot authenticate to Conjur with a SUT for a different user | | |
+| Authenticate with SUT - Missing code verifier | Sad | Verify that a user cannot authenticate to Conjur without a code verifier | | |
+| Authenticate with SUT - Invalid code verifier | Sad | Verify that a user cannot authenticate to Conjur with an invalid code verifier | | |
+| Generate & Authenticate - Multiple SUTs | Sad | Generate two SUTs for a user. Verify that the first one cannot be used after the second is created. | | |
+
+### Integration Tests
+
+Integration tests should cover the following scenarios:
+
+| Scenario | Path Type | Test Purpose | Failure Scenarios | Details |
+|----------|-----------|--------------|-------------------|---------|
+| Generate SUT | Happy | Verify that a SUT can be generated for a user | | |
+| Generate SUT - Invalid credentials | Sad | Verify that a SUT cannot be generated for a user with invalid credentials | | |
+| Authenticate with SUT | Happy | Verify that a user can authenticate to Conjur with a SUT | | |
+| Authenticate with SUT - Invalid SUT | Sad | Verify that a user cannot authenticate to Conjur with an invalid SUT | | |
+| Authenticate with SUT - Expired SUT | Sad | Verify that a user cannot authenticate to Conjur with an expired SUT | | |
+| Authenticate with SUT - Invalid code verifier | Sad | Verify that a user cannot authenticate to Conjur with an invalid code verifier | | |
+| Authenticate with SUT - Incorrect user | Sad | Verify that a user cannot authenticate to Conjur with a SUT for a different user | | |
+| Generate & Authenticate - Multiple SUTs | Sad | Generate two SUTs for a user. Verify that the first one cannot be used after the second is created. | | |
+
+## Documentation
+
+We will need to create an artifact to provide to the tech writers that describes
+the steps necessary to enable the SUT authenticator and use it. It will need to
+include the policy required to enable the authenticator and the API endpoints.
+It can be mostly copied from this design document.
+
+We may or may not need to update the customer-facing documentation at this
+point, since this is intended to only be used by PSM initially. We will however
+need documenation to provide to the PSM team, and to admins who want to enable
+the PSM integration.
+
+## Project Cost & Schedule
+
+For the following table, "Effort" is estimated in terms of developer days. "Risk"
+is an estimate of the risk of missing said estimate. Low risk means high likelihood
+of hitting the estimate, while high risk means low likelihood of hitting the estimate.
+
+| Task | Jira ID | Effort | Risk |
+|------|---------|--------|------|
+| Solution Design | CNJR-2514 | 4 | Low |
+| Threat Modeling | CNJR-2927 | 3 | Low |
+| Implement SUT Generator | CNJR-2928 | 5 | Low |
+| Create SUT Generator Feature Tests | CNJR-2929 | 3 | Low |
+| Implement SUT Authenticator | CNJR-2930 | 5 | Low |
+| Create SUT Authenticator Feature Tests | CNJR-2931 | 3 | Low |
+| Create End-to-End Tests | CNJR-2932 | 4 | Low |
+| Create service or logic to delete expired SUTs | CNJR-2933 | 5 | Medium |
+| Implementation Security Review | CNJR-2934 | 3 | Low |
+| Conjur UI support | CNJR-2935 | 4 | Low |
+| Documentation for tech writers | CNJR-2936 | 2 | Low |
+| Total | | 41 | Low |
diff --git a/design/authenticators/authn_sut/psm.drawio b/design/authenticators/authn_sut/psm.drawio
new file mode 100644
index 0000000000..85720aefd5
--- /dev/null
+++ b/design/authenticators/authn_sut/psm.drawio
@@ -0,0 +1,95 @@
+<mxfile host="65bd71144e">
+    <diagram id="mrHBdlVszPShT8bBfDRI" name="Page-1">
+        <mxGraphModel dx="1007" dy="359" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
+            <root>
+                <mxCell id="0"/>
+                <mxCell id="1" parent="0"/>
+                <mxCell id="2" value="PSM" style="shape=process;whiteSpace=wrap;html=1;backgroundOutline=1;" parent="1" vertex="1">
+                    <mxGeometry x="40" y="40" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="3" value="Conjur" style="shape=process;whiteSpace=wrap;html=1;backgroundOutline=1;" parent="1" vertex="1">
+                    <mxGeometry x="280" y="40" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="4" value="Conjur UI" style="shape=process;whiteSpace=wrap;html=1;backgroundOutline=1;" parent="1" vertex="1">
+                    <mxGeometry x="520" y="40" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="6" value="" style="endArrow=none;dashed=1;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" target="2" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="100" y="610" as="sourcePoint"/>
+                        <mxPoint x="640" y="210" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="7" value="" style="endArrow=none;dashed=1;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="339.5" y="610" as="sourcePoint"/>
+                        <mxPoint x="339.5" y="100" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="8" value="" style="endArrow=none;dashed=1;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="579.5" y="610" as="sourcePoint"/>
+                        <mxPoint x="579.5" y="100" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="9" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="100" y="140" as="sourcePoint"/>
+                        <mxPoint x="340" y="140" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="10" value="Conjur credentials + code challenge&lt;br&gt;/authn-sut/login" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="9" vertex="1" connectable="0">
+                    <mxGeometry x="-0.1291" relative="1" as="geometry">
+                        <mxPoint x="5" y="-17" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="11" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="340" y="190" as="sourcePoint"/>
+                        <mxPoint x="100" y="190" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="12" value="New single use token" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="11" vertex="1" connectable="0">
+                    <mxGeometry x="-0.1459" y="-4" relative="1" as="geometry">
+                        <mxPoint x="-18" y="-6" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="13" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="100" y="240" as="sourcePoint"/>
+                        <mxPoint x="580" y="240" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="14" value="Single use token + code verifier&lt;br&gt;/ui/callback?sut=..." style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="13" vertex="1" connectable="0">
+                    <mxGeometry x="0.4604" y="1" relative="1" as="geometry">
+                        <mxPoint x="-10" y="-14" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="15" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="580" y="280" as="sourcePoint"/>
+                        <mxPoint x="340" y="280" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="16" value="Single use token + code verifier&lt;br&gt;/authn-sut/authenticate" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="15" vertex="1" connectable="0">
+                    <mxGeometry x="0.2374" y="-3" relative="1" as="geometry">
+                        <mxPoint x="8" y="-14" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="17" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="340" y="320" as="sourcePoint"/>
+                        <mxPoint x="580" y="320" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="18" value="Conjur access token" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="17" vertex="1" connectable="0">
+                    <mxGeometry x="0.1876" y="3" relative="1" as="geometry">
+                        <mxPoint x="-23" y="-7" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="20" value="User Session" style="ellipse;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+                    <mxGeometry x="540" y="340" width="80" height="80" as="geometry"/>
+                </mxCell>
+            </root>
+        </mxGraphModel>
+    </diagram>
+</mxfile>
\ No newline at end of file
diff --git a/design/authenticators/authn_sut/psm.png b/design/authenticators/authn_sut/psm.png
new file mode 100644
index 0000000000000000000000000000000000000000..e520f7823d2eb627b3c3f2019715c0fc21c4125d
GIT binary patch
literal 42474
zcmeFZXINCrwl3U+1_Vh;P{}9)l0h;OMNlLN5}F(u5Xrg8O-2xGK|mxcD3WP%6ak3}
zib~F)AUTL2h<-H*E9|w;clUkvy3g77KIg}B(X(sLs##TIjQ4%VsJ^42rbJ47h8PBe
zkzQ54tO<kRBEWxAL<HbU)60fJ@IM?^O(l6)VK@C37>uFSO;OLy9%W@?X9;5yQaJdF
zO-K>^jkGbdb}_SO6Xdr+vI$*g6BM*}QI<#A>9~4pXx+LgW-f1aS@SBm3|cst*;^j8
z(J-^N<Pm_b?mxsHrQ~AfbW7C{X=w-AAyEgd1o-(y5AH;I9b6F-7C*RP?Q+!J{!;|`
zp$l3z-iOZ@;6H5UZiBRRJ$%~1B{xS$J2xArKVP(Pba1e=aQjn3GZz;}&p$V_a<n^q
z$-`cqz<d1ZCg_5eg_+%7uj<+$-EJMU6%#%j9@JXd(#HDMQP1Fw4@PNkcGURrg6l0a
zq@(A-{ri{pC(gyu5!|Y{za|QncF^P<&C9`kSN@A{e;dDxrNd$8|Nl3D^@Ens!_3b8
z@ZB`DR1dDXx_KSFFBqj0^tF?VqlKj_m^^vUTQ+W%T25vb&}C1s%HY~9H+wtqNdWw5
zZf0R??c(U}fK+#Pv$Ju4T0z$jp6q1y`|u7&>|yERW_h$fpjJm4$kNf?(#^#SjPdZ>
zi-$9JxOI*`dj7r+0)mH4Zv9~mL=LZ+9WK4~Zx06Ve>k1s4|~-9eE;*g7y8R&DL6XZ
zc6a%Yo-aYM|Go*k_+L&KzxJW?_z&G>!bf}PzhRq+{AJeuvcW7JkaCb817_vm2w9gr
z(#-XiCFI2*Gy8)j0zcs5r3bF_^9qA+_CF#Ho9%zN4A~X`(N~wD_k}(kbooy#)y>Ss
z+Var19C{B+<e%K-UrqN9#(Cr;|7e>>*IX>^%-n1|AZG!(KlBX$%wP|D&~UT?UhX%~
z@SB%CTr-iQaB=hqS4Vdj3(Ld1em8r2)IU5(<jAQUK1lE%A9OGWe|gZp|4=$|Ec=7}
zU%8aSK==p$`=7Md{~-%2BqR<t?|z{AcbE3BkNR!b9PN_7Z*j#A#{55v3&ro>Li#@#
zo3QBLwzz+N)c?W7Jw&Yk;^JD^nYp^!Sp3;HA8e0*;$#0q?C!VOJG451BfofLD*viO
z6*{`{zk1N$XLCoc`VZ@J1k(5|Tr80w=GmCpxq_&{CJ2HYzXc#C(Eo0k+1Xh-fH)>7
zVh5s|yg5L1BG%Afz=fN+yWMi&adij5=8B!8wT;8U%KZVmKr43L%pCBXKSf_NI~!{U
z5Y8+>x0Wv8I|%3603soG_=UX<5(%Mfc^6Ap8*el7eZ&pLUneNG?PFD8c{bt8;L2Zj
z%h4A6N9+u})jsh#d>*)S9|Qh1Fdt%S9)4Z{LGi<Y`)@|!KRaq3fx`%Qv}GKvtXu(n
zfSmasQTP8|)D$>k4ZqWtzplvd5b6I)<NJ%vi2nnF`B#naFIN1I5BeL8?+_6F!T8iH
zJ%M?-+BjH)tu4s!?h5_u=4fmAA7VqlZKc1(h%O!p8HbLJ=a2#Yn>NKGa0n%i9(za;
z{$8W{E4}@H&Zz#;76gw1)6q=+t41aK53Kqx5BeL8>TnPJ!Kk$UsX6^QqJc<bV`T$^
z&OZxi?l!>vf-qzU2{mj&SD?@)beWfz_pdAd-x1gZj<({zZIt}H7e)9FC-4Y-9K7Sd
zZIXxX_{by$4tqJ;Nq<kEJB+4(So^=O(EsIu?k}cvWLifv`LEjKKSs>ol&_-){f##H
zSB>W1w#h$&Oz3Y2salx1fp`g`D*t~s))Y9}iGPDh3JQt-*(7-m?fu`h$$tov|7R@n
ze^0Ube*$_69f_ewhV-vm<UgABUmo-~TI65Fmfv`vnZ<tA;y(*_9_^#Q!JY)fL=XMZ
zVKDl8%!x<v@Hs~z?*9apJK9=*h;Z7j5NhGq0+}Wo$A3Z-?Ce0E58}-KizL*6<NPP`
z%D<j$5<bF*M-zMW`45WrQMme}qJ4Dj$YB13Y!d)vzo-4chd(7xkF?~YwCvI6-%_?`
zS^czNFlN}*%W^kS#*3-P>a^eQ{z^Y@^EN{;oI?;9@tW<lV7$13NduK&d~8XG^2rl|
zSDvyqJSFn8<h|U=YI5!A@pt(M_g_U@JA+#RHL1gwc1K*h$7b_;yz7_qhU<NbCO7iS
zdv>LJO8av)GUY>sX$o)hmp*o?oSQ#>fkOY+<HwI9PurPjzfuY$roM1fj{z&0Iji2j
z<NkeznkYNq#tq8;jciR6@vXhj>8c6^CSkJ<92c&oCSACh(@6TAT{ZBlSpHALqHwps
zQvsu9rX#}73zZ7<^hzH0IbME`v&W^Ki?r>_`sQhG%2zNRaXewqN}*_+e}jE@bSp2^
zt-pwwtLO6_@Xzst(d96IWfCmb7PI*=ZCODdL!J5tJK{38$<^M8RqWI9t69*6uJztV
zVB!<(LcO)-!poSsYMx{M(ik7{?ihVy0vzF7a+!OFa)*VdJ+j*&D1WZ(o=sOK)TxBZ
z(^~&e9g*EuHs##y*HkLx>p8zdeU9E#-eTcV*Krf+aye+)MRT8>OCoT(7t74Wn-HNW
zBQKK$N4y(U1%vq}U@!i4hZ?D9-2vW33S8wb0NvVj=;VloLT~dpnfQxz)_z9_hyA9O
zgRJXFMRq4ceH!GeS0_s5l=fdkqV^c}@q6i~JmJPKz(Bc^mUrSox5?QbLAN}E#G6mw
zlH17XxM{JBhL`Pk)OFC5+u(9q{v3XcN>@;Rl^!e29?>3#1`J3PG#+Xz`}B5y*4W+~
zy#U=>mzIHUv)K$X$Efya#o<EME+zr$$g+CBX}o1rdmMFYqq7YHLrtsF@|Y=;sTT}r
z@qBxv+U~;&dhb1A?Bh}-SPamuU4jniwhYPjA^BidR72gEdiOixuH0{mwWIXHK0YbN
z%R_>lGQXqu_3ZvMr;dU(vSE6kpipE22AXi)bFUM0`_C75zoSnFO%r%n!Q$YyWn0SW
z7;;la`G@RJb7?YI(<O_c{p}Lj9s8xw1aw=9&<EZ2#ujKe67SE7D0Q!&au?Lm?>lRz
zBT{Xms*JlmGK$Uo-Mxcp_Be@DeCBuEfUMphtTjS#bdw9(6DoP2TYW6`yz0TMJe98@
zx7qI~;h-s^A_6SVfA;3f=35=9c8w-~SmVC%)a2^%Wh&&WMxwPZ@^j&C^vt#&bG5(i
zZH*h0-~MP9#Z%$5&>PO$zW%Z^v-Ons-e+R$=QqjLrPe(aVWf2WZypINkmhResd?^w
zE@!tL#9HdqdvBK84Lw#QkzA?U7@_^N*>6($GMI39du@937rE4`Z0*i`-qL`@z4D?L
zKZiWVysWoM@0?^W)b6>j#Ax$tZzW(Uim#z~)MJ=OWaA2knog@F^DLO{8}c+x!lsR|
z+U1&s$ns%_+NH&{Hl|8EGBIYJONqQjw}o$iC{7Zx)_-y(x;OW%u4wlD#@40j^pec%
zcdTHs9V)Z&_?%=t^eo+9pZiLs!{}n4fn)gv?c6N3x1^#YrlnSIu!Ky$`~|z!HbwQ{
zu<z9*-xO9&MNUabf1f!y?6Xq8)Fbn&Y-e*pl6i5svdDe@1Lu-QpQlC5f@l#77pk#g
zdn&48rD1nyJm8nTMeE%X@FD{^A3!fljE%B=inK<^x8FxS$L)g&NL|K%eH(VH=;Eyv
zGfKiYaH!7S_3us*@5_+G+p1^g;@Z%Tx4IJemi!9`OBCV6rL7T*9;uDH3~q1bmiay<
zJ2nh5`hC5TEMO64kL@_0sg0=jF0bGFHcZyLdiPZ|uxa3226I2n8_aDctF}+M-jnf0
z=l|T>t?lW)C%x0|B<8j<HtJBf)>=l;HDp|3uDE7xFA)zzJWKP=HS+ot|Ee<J$68yM
z)~9<iKb_M1Wocylt6gW^9&v1>x%E5B$<i2e)ZKU>Y}==oD&an2^4fm5qWrw-qX957
zn{axUh}}zLMS*yP`e0$~UIxLtS9g~x)06ekr#^vIF4<jqF%DXvYro(+|0Rfs8n~<&
zVr&98VycPk?3KI4uHE9#^aOuu)O;JVU0N*d@nE$0X<GC7k?rDadO(GU{m?+MS+iYU
zL50i0TB3=+vsr7uvCo@5OOh0@dArDDemMEeKYuo|qBs0O&TFN9YY|Mfr^eQ5GkNW}
zmeQxrcq6}RUf`GEi0X=)-9sex{-wtdqN8qcmsT6`y17#3%A1@6!=v2qYy|aOty5M_
z7I9yQ>M=H5tQdB1O@G!LPVO1NKlyf|bTc!Y(IqBIg}1uJkL<;26A7=X>DtsQhv*kS
z*1NhpUNRYqsa%Pn|03;qGK!hY+SO$#3|E~dQ}$=<r(a+%)ujgf{O+I$)014Tdg98y
zZrYYnpkIEWyKCyqd3d45`QF-<hJ`cC589Dc;CXNa<)F@+r&+SVPH$p1KP8&zgDq>f
z^Yu$#mGg8~FiGFp0O6BoCNg`N<WHWz?i7%@o_KMLU;YOw@4I<4!DJI;Tn<Zkx2PD$
zLL?e?mnFAggrB#Y7jp9oFZ_JM#TGB*cAuF`L7qlU7+8!53yC`A7ttSbvH26x=1bTZ
zpUwGCy*A5L(`2)uX@ZuKyB4z{C)J!NTD?CZnyu%7p|AX`!fA3s<7fKyiHP_9h!O6z
z-XN1)oRANiP4g*a<|5mWLg%+M$iBVg{ng1!mrDM`y-VL7KCw8D8#<1sBlRGV`)6pU
zfCx)?wCLDC!`?RoYo}0>X;YicOe#2tFHeHF>#l_m1^n9c9CmxJ8b=mRxMkp2Z^`7l
z8n}CD!R1-12bL+|$Gbh@*DFCXAyo<K8@jH!828y!&l;-0oD)lMgnk<v71923E73cL
z7&xM}u!0UFVv_SYPwd`3R;+k;g|1p<_1rY|c|$_v9(bj0i#O#A5^hfYVS)L*KZ)Yl
zxgM9Fl<kXCm;Pd2O0`~$t2?{?sVf>eJh4Q?xO#4U^UM1-ufhx$W|GI!Yb__29%!jK
z_fLI3*FyA>1j{N|_()X|vg#b>C?}ZsNxu58u^UwEG_rU2amLQCvxXl(J>}0(Hz2<Z
zXK76L-+8`WWVe1n=EthSR-2X$=GB=Oi`cHnO9)iwmFP3^k%frrE0}m{#71@R+Xc~N
zjQeCL?GP}o7iu{%?h0dP?Ki?Zbxr)V^Th+iQhnDuDi#WB_1j_?QniBRFNIJhZDh;o
zV0P(I*ckE8rwA=OI^QWV+3zlv-rK;yLoa3~@EFwi7Lke!$ciHd^^V~n**+uLDw<7R
z{CGuoN_v}td^hcq&zTuUS(=P1#)KhidiPU!<a9*xpGpYj9BfkRnQO5Rt}!ZU5S?6Y
z>n4}^F)=3i<Htsi5gE1R{D<ef>QOQY$}OMF=<70Xo<ZIprq162{=F-VjNw9i=R}B>
z_GxYAuRCwfBPR`+9dolPlWx*66GTjrXMNw8m7KuMxZPj4RHx%h<7z~aYr=$tkLC7A
z@4kK{>S#>QYsiGWze=_k%^+DZ0Q=$Gx<i(serM%$YVt2#1i&^kC{rSi)DYdNc8xVU
z$2zlQ`wD~r^8Q1*I-~aBfQ>hzv`EXBR=I*thylV-f+OzkjQOm%e?OxxvsY#i9I}j>
z3|VFAD6SJ3t8usW`4q2fc<cUU1I7$gNzjY1enLdZ1&?t*Pam-N49EIj5;85qc-lK+
z*}0y$s>jEh1n#fbD{E#Op?sE~vMifcU+3QO%0z;qyps8kdDfL9E>S+g_Y7~XSE00+
z)O8UUI2Deim~@TD((OcJ@8>Fb%CF*HF&STe)Lwla*`e<+-cTPboyJ8ar}LeCMnV{W
zGNe}uF@mN%88?U0x<lx<`V^mhI+TRAW<ZeKV;(6Fcjq#E2ycGgd7YDDhlPO+Nm;Wp
zT3b1+$;L6`yxPjL5c}e8kJ$9_Ez`Cq*Zt2;DmLMFFx#%rbnuP~649<>;A5z5LPnc9
zGg+E6{;|7F1~l3?s`xK_vKV&Q4>|H|@*Al9_N!#XPE@{O1Y^8?v;iMhzjrp=TvS5P
zAlC>_@D&v&aQ+B<<&BS34zpfLpy8eI?)3%HRd<BX*xc*ep!MhuEmBdcZ4G61`FyL$
zu-!>#$Ikvbk+VGM{%{XZ-~}IGsBiUnBPHR+(`p{L%>Yo$GfoUUzNp`jE-G3*Beo#n
zETq}QP**1(aaK(cL(Oj6@|bTQ43KC)e1;~EArRT-sV3+!JKq+2sr;G)LE3fgpT(>p
zOsGuf+ZwC4LwOcMuU6fc$qAa-Eq2fH0Te{EXshFzZoY4WIwroSuM0J<Ad@u>LnLVi
z67q`csY|Ves4%>>%1YAI*_=^^R+$zP-%&z1oHOysoFv|tHz?n?!Z@OV1S=n*y`2ac
z5A6vgrT>imvp6*gPCls*AS#ugwt2}r18yB>j<VNXy>^nAyNip#lk3?&W2v=N`3m~B
zCg^hT1bven!(zGYKijGU*3#Zt$78N(0p{NkLwzz;s5g3_V4Yo`Ej%Hovs~64oN$2B
z5yF5(0KohQ(4YToXTR}(!8rchnCO2H{r}L(|DltL|BOyz0ogAczAdgqT>Ma*SRH2z
z!&_%&bD53m?GDdt&dg1NhaN_@H}&fnPazZ@;A+YeE8}o7!(EEd%v@WK@)W_}S!gN@
zu4W@1+&3hD;Z1%KVZ}#^Y}riCw>#-L^+vbw-lMY6gv6+7f4`7?R<>C0;uPT)`I{32
zLKb`T_p;>63R`c^L0`iWq0$Ay(wrJ%#HjBWUiuB2b7@=?pLRAWu~fWYeY0)1z4FkB
zlVNq`2@<^UKApy{&4sf_n<*7&KnH_hULYpIVtGr>fB_wj)c0niQoCl=+qR@a0oov3
z<1jknmriGbsrZHX`it&ivMWi-$FgPpFHBfY+4(=ZR-b^ozyUg?MuIwVDrecGNUC-P
z_ys3^tGcK}@-L|5%k^=%oY1hMcNK&!7ecG}^Cp`vx9?2fld;>J|5)+;b8`5cu`i!d
z`R#aTS(_g+Q9^lU=UY?nNC-;iy4!Z)wXX|~VC-x2{5dga;dO>Dq~&#VW=~>-En1ID
zZhp{Odao{19xXD|{%yd5yml&*E8nQrBXih)xq8;FC4y4KV{zc^meo#}k;mXG0M%`L
zmaDCEa%s8sOw})KK5+li`|4B=9=Vk1bZazMc})Gcp)LpkOU`8k%a_L$M7?M5G!O6?
zaaQtKENQbF_uEo^o~&!+9{;h>XqdNdRel&X9nFI-d*Gn9@fd*Li%L(2_owz92XlL8
z@p4xpAK&efsuBi3w>*aJD-o|EsToXH&Ax+CBLKCMFBkJ%Hrxe#JeqtbN2R71$4$g>
zY=nkKAGtBxQ#n{_ZSel7YCj1=A)Krn;I%84kp2EO)4Y60hzar5%&`(80A8-tE;JO+
z^9E~qq3A*)*jx(G=E@Hv`L&V$i^|A%?G;&0u1<lzRQ7W1inQbe8qW^kp^`$Q+949Y
zx(O-a(OS>SvoT^##sPcovtRTYe5*IsS4)+c{60wU%$@c5lAUPRj$!F*@bjq!3s!(A
zwfgqr*Ip0riytntlQn>tGE`kp5qnqIuyb1yEJW0Bb}GP*LsPG!3M|@U$bP^cwk+Ue
zIE>Z|h8#O-w>9eNX`GenG1NiBYj`Ws(B%%qZToVyx%!oMDmJ<$4br9k7CYF}%Tz@M
zTl~mxCWwS7kcqdPS5LERWAIEd^8S+j4ZzIdRL?OR6aVko3o8(lDmyKODqaE{E{r`&
zdbzYmT8*jBB%HzH;pW`C=5GMrWp%ktGzO{(wQ6E9=RK#RMQch#?FQa{@#q$x6(a?N
z&36|(wE)bu+B3J-)B$4~`^gUTyLaQ8wpZ;Ep5mnC$6^%c#FLf*!51{8-+hxJ{+_pL
z0(SwZ1*J@`O9ho<*b4jMGmNhQZTVO+>S5rsJsD2=W)%apgpR`M&u8RcItMVKPCKlw
zx?WY_y$<bX=YSk5i(Jdir6vGVOXdLcaHfdQhw&FR?BtTtiM;mXz&#BZLh$b3RrXXQ
zU&HoepoFx?NX&E80@js6I1RvOnXa+dtBP@dAD^i^?1t@Mz`K`%2Mt0ba2oHltQR2r
z3=wOS*C)rkH|NEbClwgCar=yYmdeWuXZ?v;ROP*Ztg=t8a2U{Vinr2!Z1_8GM90M_
zri0I*Bo^{Z4Q0^rNQ(iNE}jDSg+3A6K5jyD7`va?diz<1IvitJTK9MTFzg(jea5k+
z_ve|D^7$R=Lg#d_Z>?eEjX<}FVep>Ibnr#f7%L4uTef-swA#a==F3x!=`kSnL?&|=
z6o4(zQ!!vpLMQE8b!qSG`|jHBuV_sk<jM)Qdjnl3c3y4#U39~fH9%sPGDwsIAmX23
z;NWaF253)r!_GVxZBwgcTM7yDLKvMxV+=IYNn**-;TiJ}a48`t1-T%)4dy(Iu+u~%
zD{KnTP`$hrl$i3VHXrw;^8OlfUE(p?3G_IgEY9T=zi)$mK<7%lm`;r3F{=3hgsH;v
zp_bs6;lgA5oe&t^fn9|66Eb@YS|(OkY`=Zw6RLzCG2Kjiud6ejE7h7TqESV&Kwp?p
z?ScQ^&LA2GFCWbQ)iyLO8xbuo9?m`i74iRpI-3%qM8?PHN6H-a4R&oOSgn!L9zV1p
z=Cn}jUS+_qpUY>Yj8J*2L2x)<UnDgb{Y6dmWm&xK=30eiE&hga|J^r$;62os{@MTH
zXZctKnrjC>GohO0*OWa_cabz!j^>;4Q%R?5%4<6d&b^Q9!L*Z^ujSy5quv6S^0^ET
z`!M;Q)Oy6m)Qz_oY3Z+T6`-m6j_Gby&~U#NNJO>jve&wo`6${8^U-P2wdazq8`x$v
z0VqN|82u_f&T$wVrpWT(N=^*<2<+*$*KBvHQII&3e+M(kJ&HRsf$StJ+ACxA{k>7-
zno=gd6PoSek15U*7q(5`c;W9y$k}*BLrrq&BCW*PvbONAkA!Uvr3Zn!XaQq>OLaHU
zr#=0Vw4Zmc0PF#HAjjhrmrhRLBc*%*gXj<9o^P=T4<`_te$xs&RZXsO&iYP}ZW#ah
zNxdC982*bVFJwt~w9u+UXBW@RNWdxNf6}pZ@lQWZ%Q$D72i(!}r*P&qh8(-ztUIM%
zHfPQSbAQ$l98F@9J9QDw-BbhQ!eYGKMzsOo-mI%+#bW`#{3NIE3PtWli!SFpiHY3Z
zXzX%Q5Md0;)gr!}flgcyT_*oX^jYrvBf~nBGbK}R$eYy^7y<dEub2&E%FfB=la436
zE`~g74{S<q3O7SwLOlt#aSPkaaiseQ5iq<l&N@w${kQRefLZ6q1(!MSf>3m^tEZV7
ztkb-nE)2)(8h>eFPCQn{%15kDGxp5!#a^FR7P<^5W@2b&{6xFsAINXwr?D^Nncwcq
zw=oIWE5~D&_W=6IOMQ%DGM!y<;DQoA%}}$g7B-*HkSK#vaCar(*TVV(qIkbwdt1CW
z?<A5KtP!whO6|y+G~K1!K6cH<9><@JB}%Hg_o6ZZ0wodmMXkPrIch{mmLbP#F(hgY
zxrU3o5mBP^T=NwU=j3akm0j)$UgrrI<$*wko(j&Tn?h1715G$9Bx%gj6vtF1S<YPY
zE@MDV1d?3{;-}lab^jM0I({T~a>TXAoe6ViQhq&7S@Zm03b{v<8V>T^l_KN%zSE>*
zbm$nLcHO2ZN;`52LvlSFds$|`rd{`)FV7_3HoXr^d?pu6z?&6D8?&;;yvFio^W3vI
zUz4Fz-I6O(v($KBt3(Ex0!2F1aWBHePJH>o<a8~Ka%t7I$q;sCRcTugfnY*TuCd}P
z7t&9PG<k&dwmUaPg^Aq7b37$`%46it9%liM%T#+3-h-2u5ZN}Xli^H-rJ;CyT<6|1
zaEy2_6c|lO!zY^5U>7RR7m=;9%S4G^bztJ7<YzD8d10{#)b`#D=H?zeZFVp%<HXzB
z8gFh_@eka6pz)UP#g8d@c?0|MkNR||6OWr}%Lc8I3#cEfh)`d}d~OyW00u+|=f7G$
z!P)$TV6~uVby7Y3#KQT+FF-E!aLkGykw+KP$>3>rUI?MX!Nl&hDun8iV)U`dJ9&I-
z1=lBt`Pt+cWG|?*j1xPl&=Y!_v$rM=IC!<C<`?wt7$*?0t*B^w%7?+IEzU|s+T&Q(
z=~8`$vmlMjGG<=VkO2tTDKzU|L=|x#*SOGxiG?fg&PtM$4&lAdW9%st6|{}h*{tv;
z4)n7~(JRMJuD5cq$V<g!$4jBP`A%9l4;c1e3p@oOKnNpVu{wcWm8NJqoAQJe-g^UG
z-$-OKUBG&?<8xI|zT1NjmjDiZpoJr+BMyI^IP7|Y_cg7+2X#&g4h&%$H(xX9qfE^V
zS;!&n%yo3m`@YFy=gMQy{-l`^g6joCV3Qzd&0Iu9fwUYj49a(hv%Qm1uIMfv$>j|O
zP*;%SX>Ke8bywx@hhN|@Jk>Opa#eZ#;;?!M=OSrqeH}x)fqk82QdE<)2EA5G0x1>j
zUZvz<eCpY-SbNtSIxhzN1DAvb7IHBvjIs#;Tg#`po=Mg{1nYHPwfys++V1n&r8d$K
zvQ;{A<T=tWH9dW1mxNJiH&5sJ=4-w{(g`&5FCwaJYm$S7+m_M6<LaprA4i$2hVR~-
zj~*5VZ()4CyVX7|M@Exb6#@uB`4_EKY$~ZWt1uQ0Vhyv9PGz9%)XpCott0*d<M+_m
z|NEyYp_AgjR)GTUnQY=>#i&$X{DQV^wD>#QFp<+DX>uyoR&wmTh?QlfyMMR8DJuFJ
zjYo<#o>pV@*$A=bdmAU#G@S2}hK?={QZlTZrn574eIvXawXi0;7G?xPe7zGbImjM4
zy77fhX}p+;HrWqLPHkXa97+(bRZ1tVL{nnMS)1qD%4#vIOiyN3c;m^HFzXu^KZ2C!
zJEMYYIO<?Myv%Qfl4xDLD4Fk?Az)2|6_QwOd76oS3-BQQ0~iDSio)dUE8o7FZ@Ej!
z(5K?vDzUx9+`Rm`k#tPp=d0$A&(xU+CFo=8o5>^x0L-e<S!wvOuHxA`ks|I&|AXG|
z>pO>84>AR-C#o?qnNBw;l|I4z=y&nj?W-ok$i|*tPtx=?KCASVLIj^)yew(7R~+>S
z!?8!uE@nk2JN;TICgWIBsNI>)6&PP@8`;j*i0eH`*;<NghpYV1;5P=8mY?7KO@0kI
zS%9M<b`LX+Kr_U6o9UwJZl;8`NgIO@rLNoI#Nws-L8*|28Gi<bK&7HtntU6pqGNWB
zY5_>9)n5(<(sQ+VMW*;DtDQ2=1+cNECJ-Bo*#yj>n!=KTH|qsz1l>5nE!#bZmk|{F
zR9rK{B0!8a;>n#LyeHy81Q8dGAy8fC)l%j@Qy5<)Gx;2mCeHzOPbhO~E5z@Vp#5&Q
zC?Ck(WEQeTG+DpdX8?#yn|KkWF<ZAja&|Qq<Nj8T(7C;sggqf4j=J$C3?U~kwKVaa
z^<0NARmNQmtGF3o-D*%UJ1ko0$B9b_`hJD>!gI*`Gh`7Z??G27>Fr6OF9j6o<y9jv
z^t`P!vNXrOhA^wh>tOMUPrI@JwUR~eh6QAjYQ)<_2x8i&{CI0r&SFB70;ceLG;c$d
zA~jB@aTE9Z0WVHgMMUb-?g~T5QfkCK+%~2`I=8!-v#{UA&=X#b^HrZCb3DPwkwM%;
z3%epFgy#O)LyHdWzvE;HL(tc$1`zSA^NAb4SYFK9DGjw*gjGg)z!99+6Gn`tEUQ>N
z*K^r8G1><NGGUCD+k(OQp^&NkEsE8~JV3GN@=RVd;H5I(RW_y>V?5E)@odU-Mh^!u
z<5K^%S4G68_uQ~$qETd}69*}F)f7jJjfJGAmnEEjYCZRih~3=K`TTae00=J79b=Ik
zW5vg!>jAbp^Brm8yQb)Ti#&pro`^q|oFGR)WXvDz3Z*(^zmaFEYP$3&gJsJL)SDBo
zSmj>wI#U=Oi)tuI>5i#d{zzBLV9N8nuq;^*YT)sRv4T?1iP;SGG-<xo?krV~)6Z$3
zPmfWY8)-A}L<OH9k(ph(G&a<A83&a^@|J`c7WVAU<!>!m^H;=M<GI>-2}2kCjO$P(
z_O(kD%Th8sD(xruXgc=L^ae7RAImBo!A_Zp<TfUs(_0a%2Of<(l!U~e=b5Oie0qAo
z&uX7t%APaT1|ceboC1OQX;$CRNqg~^J%Lwlcr6oMIspxGhX{d4?FgOk=*+z(@SNUp
zw2diXalM-e@BDBn*LkBi*F?>65nZqIA19IioaH)gXKDE(_a>x~U~J&{h$Nkxn^$o-
zH5lRE4-qc{Vt!10ck7Zd2`X66$@R%bQ$<|Hfx^#ZlX8B}m26ovPX4ynL6;?^45Xe7
zWPkG$n*QZT+vg;FhI1kmmzdVu%&K%G<>um@hi9Hrwa4Px{yauU@UiG(spFf)(?Sc$
z*&^BnAYKe=$=+ERd@rISjE9)<%>iSfP>28Ieif%Z_&NbpHP~F-yhi*W6V2Qe$NAVP
zlRd1De?v2H*~-IJUaimm*SSW%_07f7y0XU-Jn%kk*-7~~#E`%u+d_=*NE^G_O&8V}
zAGsfw_^4L})-LgpW~-?HpJ<w%KN-ZOo?l>gEf80CUv(*NWG@fXEhYvGkwee+wrK+=
z2%A99!FqdSI_6!Oj>i?h*$8$8{d^wC6N(({3aohc%}Vh6B=A+Z+j;m+BTZ)c!;Rh)
zN?9l<%meStgp?qcxom@M*_8e8NrZ5I<Tf7#jcZ@|(Z~S)g7`!6nS|diQ54`x%O^C2
zzUvk*=Y{ubLs+-Q{EIXvh0t$yba${*%QH(hk{F^|k40*(6So-Q0HuhTYx%wAUL3G|
z4KS***L-l|%g}Y8AUT-@=IfC*OTz1pi=wP8NvkvtH%_QTpfK<6+SC;=Aamq#cf|t<
z4S-1wdLU~+o6`E{?Q{N|6P8sk`A*uF!Sey~?pJE>9S()pMGBV%0jaBHFsLGjU^Wgy
zEOH6zT80+!xZexVK$7|)lH|<?k38&?nD+KZmB1fh>YNn*AZLL&zqkc9+|le{+`;Zd
zB<hjwt9knhkMxC!vq(<Ex#{cu4@u;3fE9$Aibcy2KTJ9rjQ)xyvkdjBptFdKYPPXT
zpgT12#MrVE;Qn@6c%85EY?LzqHyU9FxJqSG{t`*nzP47y@`qc1O+DH@(&wOiYjA_|
z^HuT*_Q$dR1rzn^zUt@v)b@2KAR+*n@TY(<@YN$z##PplcE`dtx~!NAjHROZdd@r4
z!HlUVFn3LB7iP|u;~Gn6Z48;u*HLZ%`px#s7a^f9!^zBlNEPUO5QB#1W%OT~7d`W*
zwA9r1pFKTc0SCoo6Vv)UHk4qJ1kw`bA5jrKftIX|u=2z>9AU<IyrfD8^XWCDDRQ6B
zkYIs#7J=_|G1@=x#BB*rbTr-QEi{t!S$jnr)%G5UP?AvU6%-D151j%jR?T7GjW<j4
zc|~NStw7VT^c-;xhbk#DSKhRcn)q$T?*Uxo@miqmf&QqL`lU}78H8`&tbRm=JcjKQ
z4s<J}iZBL%^Q%bvRdOoc>r)-Xk8ku`+Db`vYC5(|%pA4SBR-pwfBG}<WM!b5WPrxN
zj<SZ7*>>)2W*^qF3#f}zVM>f%EyjME+IU&lxSlB8s{lE?tC;v>FE9B?atif6r{Sci
z1`g?p1Fk#s2{^8LABZJZXO&{gzPx{C07?S-g7QJ~^lgpjii41KciEGB(nAg}_B`lB
z>>hs1xzX(Xb<S*S%%>>$4y5x~y?JB_QsIwOAM(FEp>+qyCn7!*frNJNRYl7og$?Lt
zc0cls>%9wkq~r?>Dk~_@UKs%CH49MdQMFVx9V24(`qaY5yhK})B5j~SE&^Sn^m4m5
zkgDu~JXUf0<AsF}&*O{$1k@=pe`S8DEt<|6a1`vQd%w}L_1#S{o0U&uBsw=UkuP-e
z_00TszLv13`}T?qB2RAZfvO!7!|}VPg%%s}$jdCd5~?d!TSmbO75;o9GW;6S%eLTX
zI7ZlGQI8G?c6ld_-om1xWa{kwVVh^Ec5gG}M1Ux|<y!VMronI5rT(7rta4xQnRv)k
zA+O<FsuIdZGWLTkeVNVs#m7;+*h}9An&oajX14`ZD4zT{dWO!gsL3A0NUbZ=ff`G{
z)t7`GbD7~oQ1J>V+=$vuq!<J!%P7AS6qne58mCfm*Utlxpd-5k$#16eRTPe=op4{f
z0d;s^<TVRt$Ok%%4v;H!X@3Dp`5nkXFUzu_^X)4~`+)vKJF88+FFO?r^+=Ug`AJ=a
zDj$MniOt@UF-Qy))-FFPGr5bi3aS8rhH0JZp5O;WP@oVFSMTZ;8QX&o>CsFwV`-?V
zW4q(Oep*8^XK-#jm##igQ&P7gomeq&4czOEV`)CiUs{#qRABdP*XD8ZQ77^A6xlQK
zz;f&7dDXRka0d<)xHDi{O`&X`y<rG6?ikYqL2=buE1gjl#T>33nwXfMfCy;9wB00|
zU{jx>AaF}{>%B^Lj!b%cqTHn#QlC{HU3A8TDdm8|AF>ZYDfuw$>Tw85U*RCrz}s2<
zSqDmY3YT#32nHT-YJu$w#M2QYQ0+2XYrE=8=?@eK!mbc*=JSXba~6R6rdUV!7MaNO
ze|zzBvuH}<WOJx2gA<%eb2ax(+NI%dqn;+BS1#57J(J#W4~XGvqIEW~^QNc{wnVWW
z>d79cUZn6vn$2ysv#kwnj6T~{Ix5of^~XiGzrV}6L7TDfKbc0nYn?7(6j5Zd+dTn4
zElAH?EC%NOanGmqv~^WFA)JDhyB}!Ggg3RGskyIS)}w@hT8N&$j?$*C%_b5)v3n;o
zC7H7Tqa08T(wN-nk#U5INGPqQqg;SEG7Kf2X^@kg-r$1~Q*cn*u{n}!SJi3Elp4c|
zt+4)-*YLRw%5L2-B&;?;O$WsiA!J!!;H7Xtg-36aMT<^hSG(VBL7I&mwXrxl-(zX$
z)#f`|`Cy>(mUZ#Hs5^y4_krrWUGQ@L-5{PCpqVPp#HR22V_zo{Y$uvqN-(5sRqsC2
zt8f`c>N*2dHPI6st&l~B>Q6Ma>z!Oi{xrrc69i%`R1fv`rTh+-Mcrx_%S2nn97;Y_
z^Qz)=NF1I<QZvyVrvbBYaiXioX=BCIQ8C4A<J0ekz}Ob2qWE~1ahE0(cfP(?XZZ0}
zeIDi!yBQ@)h{Iav8L|M1?53NdLpV;dklZ@n;84G*L;JazE}RC{aEpZKTz|C0BN6-g
z^?sNvj7AKP;+XwoQGH_UwLSdxb(W>s*^(<p=-<Li7n<9D4~V(qe8<JF+D*djD4TE_
zIb=_!(aC$Bb2uq60&L50U=>(HrOI`6?vQpe@fixwOB8bEl9P=fyC89o)*cf_ElZ;j
zq;!{0b{PmgZuXAlA9Z+tU4Sv7SI~H5PSw{@c`*8&z)HI((IOX?aVI;$?ivp~o<THs
z|Cb_42=Rhwg)$d^WIHV@VEw}h5(@$tj@$%M5#99eLeUGu6Tg6xz5wGMXqp7h!x^&)
z`l$L=>#;O%d?Lety+%!D&y7|eQh!o;smhw7o;hX4H3KAp<3Dg)8RW?J1LlvEv4zv_
zxsnZd*Jem@G-c%_LPcp8`U)1Ll%G?{M}`nyrGG|orTIy`ok;<lgl6E!_l*L;ps(f;
zOu)`8^C7M+&|clS8!vi1j(SW!>t=!eM;z9U1>bv~yzxy2k&TwXf%W@TkMUktR5dya
zX>JjT03Vbu1uje*3K<MrQt~BR)`>os*J-6w%amVFTs6G!OU_IgcFyi<)w^e)_OoN?
zOddcwp^wq`F!9`mM21G+d-~4^<>_z`s9DlGhjH(`K&_c4i#b2$F=-eH{SoW+So5^C
zw8`0am%a^<oa@=p@k_)#cCfJdEiGHHLR5TI`o_oM*I~D9AUqAQ-u0B|RO$~boR~Do
zSWQ^+`ecmrV1>9n9}R_6cn}=*SD)5`u`8S4@G<p%>B^SOmd!r|sv#uF*e{hy_85Nn
zv6DMFO8GjO5@+F^8WT5!y2i{N#hMT+2ikE0oKo>1+N}OgTK-2XoxODFZh=w)fyJVl
zbI_dZ1G$+b+y)<qYfUuXh89+yGf4~|jedulRuDt&7~?%|x<K6hQ+3tu)oa7~7^+o$
z2-+DN7zXp5J3zgCJ24+|DhAkXm08}{MJp0hMc@L(h9+X^;&BMBQy-*QF?>)~wwrc3
zCtWk+_#s~I=KWAAOFZ)oN~^BFzd2t{rKfa=imUm48>Vt#J{QOy*0kI{%*lfBuigO6
z2LMDS>zY<WqJ4sZ-)wVSv$4Na3FL`4>y2{aA=2Tyk2f1WYxHEvazMQX<!iWJrUf})
zicARPo&8{-suFnpaBEWWzMjF}0DQrdn8Wa)WWmQ+s`j!2Fv|7*q!Pr%j#9;@3;+Q?
zqWU8Y4LYC)h=<C#n#41*&^(F1)mBvwG(3cgUp>rt6XJ#dHPM9-`RlHnGug7|pnU>I
z+<z@Bd;tvj3^Yw@3hbk-@Tr^w9Isi$AJe7o7mI7j1t5N=9l|Y?s-5Iu3U!QMUvby`
zjS;jvf>C|9m)SJ_?NY?^gJB7z-kndN;!uEw^@#dNH6%iK*A~m_<cCeBLaXNe8~-52
z61z*-8fs>&Qnhy|)a2wu$h6$dlI^3)(Z~$CmtHT9c!3boe?+}|3+PzyQ@CqXi7)5N
zsx^_~AbAkj78*WdyJUwNo0evs4NJ~q@6Fr61{VN0>dQX;YY(z$fXp)IH>t2LSbv4n
ztc0|?L<n&Vm@L42i-=!?@Guud!dncg`9A*KS>UrBtE(P$Y9{T2U@u5zF9s4a7CTS3
zhBA(6>l#^>+xAz0h#%S@dQy~IuedSId!BQlH(TZT$G!C~z6wy;Jos2KO7I=Bd%g-(
z6xspCUkZfza|`yyAax4m-08kafttw0yrKr|yC+J+Q0+3LR9su~Ax3c8Xx*Ych9!RU
z_{=?EIG;34S0`R7f^=KjrJcDag=uEZVT0xU#<o!6Ik@mJN3Br#GTa3~*?iBHv3=kz
zWcAvqu}T^Z@;M1hbsOD5`I|&PLDpYC{(^SCX7;rTAaV~jg_5MwMyIa;2+Ems4HF-G
z9qxR8pCig$HzI9PfV-S<5Ziby6b1APtF7^X7jY<1-n+aDDu~-4Bn1`Oj(W|edVqu!
zR4toAYXK7DP^Ntl;7~^>1F~`Z$Ie2LN7FI(0SGUGl%iYOJs6hJf7^^s%qgR`2%rIv
zH^Tk-)bqGAG15D?c4y+$4Vlt>*RSHmg5ulhp_j>5PL&!|I(V#iun&X$+sI0lL!7FJ
z^Z5J37Az=8toq3WD2Kyw(Q)5W2qTkGt&XgPvU8!iha>^QC@^{9U-9ebE_*@1A+$~A
zHw$_La>pOvRXUDmX~pd@`mV}}E+gTo5}wP8QVM`gWG&EHT<ufu{X9p@TnCi9+IcmJ
zFXv`Eb^!P;@Yz}}l(~fhXx9MX_sC@5@1GKvfGk{IV$oKUzV-_sq}N{GV+Sp#TJ994
zW~(F)LGT~KLm>Y+cv4-;Y`X1UWiz?V2m~CgY3E-q55QF+2wpoKBbnlf@i*0-2len<
zLrH_b+#Azl<2LC;#r;CK>y1uTB65Bz2Y#SxzdE%DpkE}IYtdnVj~64(#uS4RgTazE
zMq4!PWYg|)Z4Y2$!o$vO4E7K(pWyf1cG{9`Qd}CYgzEYm{pRr04WqU=(D|j^5?v6A
zrj0oc3TJ1MtkV$rxQyA*5d=)|JyFu_Do}dQFz_ZxsLk&oA@jG-$&NMTuFN=?$I+l3
zzdQ78(E68W>G~k3M%UmlnvxX5SOb$m3?0-lu>ZsyC2>lW0)7i8wqt(Q`tB~sqB(E&
zGG*9;0s!N-$DpFPghZQQLT?>6!|BD|w^C4l&|{-$@>UQb6W9r%cfb{vCc-@e1(`{b
zGj@R`-qJO64h?=6&gh*}CGL_l$K)-jGe77#?l=0PW3j1xfC+W^88{PB>%;<!R*K_a
z1T+Id4~Rq)iIG7W>G3CA#=JW%^?;6vRTSD=eW#97wT~`b$xX>0U-uL$6$ZL(-m}|~
zcH%=kGsB`fB}uUX4jBwWH4b&B05TU~#v#{WMNU$JG<tL}O(Bch<uU5aS0L#;UE<^=
zc?T0Jx&YPT0|-0LDGb=&uz3^@eLg(<Vmq$)EkZQx+E9i40&~zxpe%D_P@;7s8s}S4
zz+PTecZ(B?2BG2R%J}#m<H`x+1PEqTH3z!^I4>EI`9Md8pCH6A;1Uk5s~^sVwF!L7
z&Ig<#emibk?tsAzzs*z_Et>NIfMj$l#OxhBRb=Sa*{u~Y!)Ac&ULWcKRxBY43DKi_
zvJ_){ZY<{_qd8D*=tdwfdKDnNfC^mumhtViUJ1rJ>vTVn=SFBwmxhM#pXqd!Fman8
zS2;XLO3~Vl;!8S<s;*+BcybTTWGuXcPk|ep7DnQV^)KDpzFK4jh03O{pCgxJac^*8
zqMQ^$yHh2LaO79B@L|QD5)5iqPprlhAwt4egH~B0387l$?)Ox(G-D^^?eAdV5%s`a
zJpgN<TDa48OquA~)plHSG+722GYV8-r?B7Epmn<3PF!^hl$1L&@EBCM`5n8)ilp3`
z@oa>BdYbHj_1gGMtw1x$Cndn-_w|0>$y?WSWK4-37=cX9E6ghu9H<J(xfb<u`}7|B
z%_|S%arp@x9SAUy;kScHMV$D9!Xti^BllVi!upThqlMqXEryCop4pl!yEK!Ey0Hwl
z1bKWty>f#2s@PU1SJCy`v}1<!fa=x*l4mJT!}tn1#DaoX1iK8`JgZ(Km^4>s;i6p-
zowxoVu>>MdiBOOPfJL&tRM0EDlOtr9aj{drb$$_?G_cs62qrg-aPY%~DiNq3A3Iqm
z;~Oy!vi`Pmec(96e3RM-C0t=fo+czpJLm+;gGd3#5r!|W9m4#aoWD`)O8W^I>@!r{
z-!BToUpWJ-0%tc0;0V;q)xtU;rFWBDe&`4e67i0N%|@*vFmZ4cj&jK9V<hME(nUIh
z@-y%(LrG4PeAm58x!v5Q_$zKRu0R+jw?qDratLnsmfESgxwU6bR9t^1myPBkEXC$*
zdv@|g8%@nxn8R~<nn`oh?;o_(-Nk(yFPfQ3-G)T=6%2K{Vp?+=5!QvH;t|OIG5;jK
zo+?ouL4H|Y_T2SpZI+qf{&UVGgc;}`XC`JrfxYK<^^llVUT2v}0hiisT1Tzo(B_Z2
zCic*|1{mIi6KNXt1a}FBL^0>Yy)(!9QEtjrGBX&3yA<?J%{^;P6Kt%8@T#>-cgD}@
zv(q#MpEJdyMJ2S0K4C;JKeUK(o)naF2Z>cs9OlW$y<Q6oLvEgwIJ=g@e>PNla!utp
zErB01ZImxtoka)nn7F)a$c1;Y{1+%5<fqH_0#|E=rmUI#$a;}DC+3tuQz+kQKIjyd
zN!JtFvS<capUkfx?}=mz5vAv!8xfsO4B>7HnbQ<BBtqiofYLa3@!JDI_+C=>cMMRd
z`Hsk6Q$6zJz_o*%1ONS-*;MU;xZ=k|@ssbLm}=(wkaOe7gKz>QjxnkvSGQ;x#<A)f
zpC96M>gvEkUi!CV0+VakxY2agmqVVOAW0LEGDKg);wr<U8%g}wSm+v=132O}b@rZr
zC~2^TNoL#=-44>!mpM)1q%!_aqJ*N5RK9AC@@bZN;?4Q9_?^kga$|_8OKI{tYJH9u
zDmp$11NC`~_w}daS_YcTuEaCvoGa?u<|hiiLnjO(?zb#~s)*LmMu5^X(9baOAV^gr
zz%j;T#ScsXwqDa>W+(r$E>Dxmy?)Psdy+5_rlxm8k+?n15@0#!WSf0$+c`OO{vMUG
zYG6tTT_*|RIjN%V_k8rTw0z)<tKM*dY=eV{MgT;r?gLVF>hu%Y+9^&Xb&hbq47XfD
zqE&weP(wLXanf0$G^__MuN4d3neq5mxL!?!{ZY~YA(>2>4TG~h+z^t9z(cNiuqFp$
zWpp~4JSghQTZi2jr(Y$z*=@*@ovLkkraurI>6bMi6csHrc<zC!s>*Uq+HJp=?(`p<
z4dUt9<MalGBkhl)c4I3E2Tw++N;K2Nw97Gh==Ai1L488*wc4uz660OV?@+3-cOUmT
zCnm0CFoz|I=Qv8}e(GqPSNy67C~LBQRa;xyB{qB+Uuh!ie0FuTwD?q*U%|k6+;(&I
zTrg$30XPnz=p((<i_?Vu@tZNj#jaOmD`v#W(b!#ywy7E0wS6EvEy9kEa4wD50kl)r
z28vY-!pIU%4!T<|W$I3_i$TS<;y!#OljmzAOXI}T@&N{}#(Vz#^srL#=?k#XXA$Y8
zffs6@lsZyLzI3Hhi#{V9D^H_@k0bNprBx0pZJ_Q!>g-@$T(tP}xZs$<%kinN2Q5<>
zW^K}4zl&`Mpt)f&wqGPoTh2dOeEJJmZS7vcHf_#~GMz}kCn;GGF*t8rG=t-*%^T#?
zeAViD4crWJIt_ZcKlZ*tS~>Txx*MdL%*6W(a|SCGmJKQuyS19h=IvUqo(9Tm@aYLI
za1=t)!_RuwL+Ub&Z1Uo_&#c^Szt*U5>=&=A*VDf~p2N0*bj~7c`+_g|z%`59dKpIp
zU|<(mOW_8+!AW|Cmiw~cgh(2mU{eBg$_(QUK}a~Q;e<z`x>Og&!YRiQ2!&3yz3Ct#
zIHW9U_9O+P&(?Oa(@82#6nk+Ix}S7Grm&G<h+wVNC}IS(b4zRQVW>svKz)ELaf@;w
zI6#=?lyN6@;8=D%96^8MeWjy`XBZQO8&uGSVG2Jp?T0HOHueeBN;;?IPd10wPMfZ}
z#1kM?61bfub6lm4Tdz_|w+vqdg=n)^n<W)x)~-`pA+3F5Dke>0?wj4?H@&+eUO}*;
zZ$2rd)D((Z1S0rMOg_#Gj4P%SXUHF5yDW=Y^dhsN^13gUf)f+JsF!|9RX|oVz1~?+
znP!(&!TN@wHYf*@{mDtehMe4FNj%0!<@A6Ek<vz3b<P{>y|uhVh9M)n(%P&bMovzv
z)a~?*m5_e=CF`A^fM~e7ClDZjknJ(ct+}dm|6w=IAe!zIIC)h9!mPOL)OBgHlvbh8
z%DdCvVzFTuR?Nq271~-5!be~Bp6ero!)gE)H5$O+QsCNsjdu0~wU}N*vC)?(vD=s4
z>SAHfoypG<W7k)zF%I|kJ>mOQo*H%H%XtvJ1LsnWnd-#pn}fHA)F~M`0VQXhNhCs?
zYgY#aub)J5L{MSvh^Zy%^<r2lgcbp%88!PLOXWyW*c11P<vqaBm0fYHqLC6}0pu$u
zGi8S+&qNi;>mStu)ZJRNQaAd#h3(>X?RVA_nv{>BVkNxmgMO0X3-AzcNqWf*B8G4C
zAG^G!(3RkfCnQ9sx-H@$oijwHCo`5}Lz}C=$fQZ4<LZi#<4WT3mqH=$#j*4#-yQ%V
zN7`0<np{v!A`B;%SWD$Ojb^J83K{1(mo5X?9B=<Ia#cW_B3W#q16#Al+8+a{UX<)D
z?816Hqt^^2p(UDt@hK3ZYkaxo?dnpAeB(!&0vD>c0QGVkV|S^6JqBgOHM?kzA?Ew3
zJ6t;Xx7bshf+R7IkY5EXTC045c<AR&Vic=RL_DTgwn!#K-;+0{9^<Mr{~9M%@NH?B
zok0>4s!JBp+?;^IxJ^+#_HT@~y|yb|&Y75+M|=wF{b&%+>YMI~Pk=d>T9kaXrAB5K
zr7nZodgjV~my^xTm6YN-+wE?g3U=m$=OUS+O@0P;C9m}Re*z72*&6lqb5HsTj9B)X
z4*HUOe4TcLH8%$;WRCE={*3(%T|gKi-L$e7{p__`a<wn-5PtiK-FUmj5c$9o=nS={
zJ9iPMX}i9a)%E<BzkJ!6pa3;;d>Kmr{ecfvu{dDjA6=}ukWR&6+Ro}f-1FL$q`~3)
zEXhD;$4>OH6iCrcS>bIe0lDfFCv$t`eF5S!F8FbTo?T25e0XhoFi6NjxKz%nqDod(
zf4&%`It>&0zgyjk);$zAWMin9x5Nb)>w90P36~1FeDJq>v<CUIyKlZ~DeVhB$3;Ul
zm1$K1=cqZ}#BBy9@d%ezK3Oqe_6EtyFH21$Z}`g3!3CeA6YrEJQE9ke4dmw15M*Dd
z2skl8n*=hKx|sM+r=QJ(pw|8n(u;(ird^1|9n@t;)nY<C$N2FJgQoUXO&}fpl-DBB
zWTu0pBT{YcXH@MexQlVZb@+zxa-aRv3$In#KmM-1DF<qTIv|_dzo$?&nMn@HLafYK
zpI_s|;6W+j8ChLn7Pt#YSRdwetM$}wD-a`%aX>Yh5Z{yA4{+~8`V#n62EqOhIY6MW
z0Us44NK@USs3M*mrBa*3cx5)P5<dVr-^nnn<vVIkX1+r`(My2t<5hqV9^a6)roHl{
zR=t2`doWZw3H!Q)7~A<knHG$2A`bUY!p?K`=AN#SLgV@&kjylt<~q-qn3$aTI$dUb
zzOR5TS3pjOqk4VEe4lvKrD5mm+5lb|;ddOXdrZPx)d=MVAw@YKcq|V9;q`!qyjVS(
zR!Yc-YHW?Bqa8YabgBSQbn2b4>m$XcFL9w`&iN{dyxBTiAVDwys$`K-G;9tZQt$MY
z8ni)4M4)t}8o6|^4cfQA<~>Y>lKL>Zf4K1t0M@~|cTbj}3>hdJXU+b0;20hp$23QQ
z%~fyou=&_iP)9&O4UzeYm%&j$L%8Jg^_`MYe>f?f6$IR&Yz$eARZp5dh+m|axTPO}
z9}uvt_t_%zb3E_x5FAj)Yu&{8kdG*}1A&ePS)jBE9nsCb`P>}nJXk2>2WtH1>Tdn;
z1yEeI<K_XpyGGDHsTh<`A6f7eU@MM9TyZbubg$1zioh64q2uH39{<njJXfAJfC8bn
z(UJ(cXMm1M_Phlg{mV|PUhHORPEPwK3B?#xM(WO<>K40!^aJVGzIq?eex{3cpfbKd
zEmh)`DyVtu@_=-iff9?+p6y>2_bz>|^X*s^be_80-wgynd+1mP0qGe%@G}jIci7X4
z*QVQsL8+<(bl|j<WYg4hG3Y$d5o$+)D$^~gEK|(2Sr1anORpDyNld7B06&$S@)uwX
zmCu!dpJW&WhrLaqoEXUHb;ex!riWKYL^}p_50DHj8jO)#z6IsT@WLUGF;2;Q8ys3?
zaB9R^R$xL+>DMXYAXDA@5YTTTR5>AGh>)}3Cl6kmQ?GIegF_hTW5i<@C#FIA$-`9C
zx|@E>j1dj}+`t#<*Ma!5ks{Dh23mQNPVnmvw*eLqnI}M@c^Yve@EyQWX-iN%8z0O)
zZ#p7Nl>t`<R5D#)8OoJ^R0%*Ag6tuRA<7?|f#AJ)8g0=*f^LG&8bF1?&#3+6x{!PL
z7bM;0OrfK{!AwJNkY}?CS_YPxVFV?TuP}j=3saxlGam=cb?7~}28V#$f1NKS={FCU
zpiCtoXIyLwg<WJ+Z7K#wQ7oOSfXu_^X8%rv|860wdhX<w^v~_-ff^6a+1>1l6YCq0
z%u{uB`YiI*8v;N*Ft`Gm=oU}r&(Pr!FqQpY0*@}*n9JfaW?XJ>I@=3M(+GJC73L!9
zxa6Zi7;d$gT=zJ^LgLtW_MVhEC;)Dt+XQB~|5F~tG!J^2N#-&cV7MGM!xaU=L=A+v
zfgHrfX;7l}kEz#>F9HI#eCkwC2=8x;Una=Nd!ZxD%wd}PdyS_kT=q79EZr{TlVxK}
z$+(^*`0A;8`f|f^!>$9Jgj>!owO<jU^yzLIKX*;W`zv(zGe7sB(_Ay{_pk0E%5Q5E
z=2VV(=hZS1HSLD-hFmV8gs+^U*al)$k#O^V#%u^r|Ehjl@D|9vo-ZfiSM2Tw(&_X(
zkqh=G_z45aTAZeV(<^MQ_<Xeec;;UzSDW*$q{HM*-@bP;yQ|~1T*KPlnc8>zDu|=o
zTpF1m^xL8-q&RV4cGaH}c<b<e*?<nfQpfBYF(sEI;hwv35snG14AC%PMdFyRy!h3S
z>fCzz)$Ivq+!H~XC$Q*K8F)E(M8>E|`0TN>AK>(qSX^FxD3PnwmB3?U0%dYTq`x!p
z%T|ARnrt^#=k*GsxJ{z|8XS+Bna6(=`;q(<t|id;yabSInvEbqj~L-K=J&ty>sUOc
zRW|JI%j9I7tf|Z)(_m8iyAv#|0XztqwS-CcrfEf-N3i`8f-jFw#f|{I-$+@cB!j`P
zwH9CbM0Y*N=*A6!WFh$30CUH>wJS+Lk|_a4Nyv-?moid3hHM<_<f`;A)V~Pjo_fzg
zaOC0h!6)8XvJSwbS7j<j(I^r!xM8|VSTd7}4ZsPvrC@StCzhH`IU2^(QUWOT)t{>@
z{-D++AC7>;OcKc(OvgT;%8247wU1q!7-Ru?D;$cMo0LIW(v2|n(<~}5*u!1$V;e@}
zFp4@`*aXmb%Rx#U-dwxhtHLMFM`6|g6?{0+rSUac%c;>!z?mtn&T&7?_aEXQ!3L2%
zpyow#&zJ~YnIPw*-Ba&Vujqr}e~~f0a*Ou=YwydWsqWu)*^yy45Ro!$5*b2C#@JEj
zDf5^iQHGE?<4&lkNRc5!MKaswS(K1a88Xjgo-&Jbf46#m@A<8Fz2|+_@0@kcd)E8>
z(X&?BzTf>B?$3Q+_jO&L><hY8`wt$IdeuL2JuEFkuZ74V`5`9qCI~MSW>7^*l=^pr
zaid5-e{`Ps+g;p3im_X-ON9)Qi``^VxK=nuNO17u0hysFM=cEJ{agU{PYvw}qoSht
z=B`b?J|LvfQ%!slQ@M9-eS34xc$+5ic$rd<ntMnO-}Z-YTH8T~<u+Zz$IRy$tB6F5
z{H;hulz2y^sZ-y-lC2hEW;!%`5E{_ONyvKUoyr8<@005i-}F)&629MlKVTk1@x6*P
z?!@Bf6tV>IvFBHfiuS1)18M~35iiJsxA^>6^?%)Ml9%9YluuN1-#SziaDk=n1DgrO
zoF4v;+oKl7M8!Pz5K590Q=FmB(3)p3y?fI=pZp;z6%11x29;`+JixA^WAO*6-BmKb
zWk|lyRzJ3BPgk&}m#&3UU4XUZ={|atzMpnSrm^v(qXn1?%xZ>1bj)$Lk(Sf&%D^EA
zIBbM~lLW9pkaIQz7pr8MG!)&6ooraTfdKk6NIeetp_+B;70H9b?v__<+=!>5Va|Gw
zDhgA&c%3_E;6_aiX$m`!A4v;&S&Qx=Jn_E8APuf-ZSjgsQ>A;e_iVWP^Pfyw4$mPf
z{K=F-gC6X{+zn<nQ{;A4NRpIJC@W?dd2yoec%9;<chyC;h|V-yU@TL1Fdo62p04UK
zl?fq4Q}pR4MZX#an~SKPKcEHq(QmNf6KEQXI<Ww3XkcV1pVH&WuZ8*kgf>PIi9_`R
zZVhZ4uhcluG}TINTA?<6`V#BGs#L9r!_&^UhHFRglCFCa^0Pa!4M(4nA^91mZqbzE
zlEg(oM>(g2&A(-SD+9=;5IuYj-NwQd8jTWF@lwlBDlUIuVP8?r;WS<lIc5LQ`_0MN
zU*msaAaDK&19@>ujc!vV$Bsz+Wf0di?vf9EH*a<T$uU2?lolVQ_vn7nf~W)w^L@6P
zp+$u{9<}crMa$|Hm>GYOU^}~cl_@4o->euNzMzx&^ijnNhuqT}+m<iMDCsSwFSS8l
zoP`vnop*SfDz4fD4A_=xjSiDDuY4JbeP<*?=joDjnVU>X^UUc$Wof!&kMT6(R^&ba
z_}I+2$EQ|YU}DS-Puqox#u@_O7QiW#l=?6eS`DBW#gponU8}2o&Y0#e7p%f3DjzN5
z4`l5=%(2I)bF`0!&1jS*glr8OW*1tCe`FWZ$rWXnicr<=eLh{$B&qpM_LZ##V$KA9
zYkew=EH$!evE^j*RJZpXh#oU{l^YkU3Sep#r3sUH)VU={b9D_8%ie9BtxuB1wwQ*o
z4B7)lWAd>B1Gcq|BH<5bYLD4FcjY*8U7h`&^Qya-$(vaJT)?%D?yg~SRz%N?hdQN#
znHCnvIojWqPtP{XW*Yf(*#2k;%!}fK1T*<sWAFxvzK0nH(kjLoafR-$8*(svq-$2_
zRF$HgrgOmI`@0v%O^JxA{Ej={aU!DdBtBkMjaXPU4OWqO-ptvd>z2v0>1bkN0u91e
z>}NG%fdfgF!cIQ%dQIn7jp$SNu=_D|nR2@M)F#J2g@$PH)!QkNlDV(E!FP($9cI^$
zM&JW+kL?yknd411xzTJV@hhc7coCUH>dNQNJ>oP^XYAU4J%@{HQ2K1r&1%2t%e7<K
zTk(R_IHTG<p^jJ~@lG-qqWoz)*&UJEd%4FJZe3PO29Kd{4{8e~39ERmNp4x0GF=Tp
zF7d?rv6W=+=ihyPG=`<=V|$eFZWE3{|8($}sSl`uXj9b*A!FJZb(?&g_=tPCh+otl
z;Sm29>!^a0jIoXS_ZYSI=@AR}Y(fHeB7pb6E7g7Ume%`zvNZRAIC@~?!=n|%awzV6
z*{#@7`9VFVM;Y&4J+-xUuezhoBL1FCR3G8K8^duhE5iH)*wt~;kBXr$>&D1?fJL&0
zDcC=fC&k}*NR%XoX@e_Pn0#xm0bC+?n}BFV<!N$EE>h!xF2G^=XfhO4tc$Uy>0gK&
zxXjv98zhB5J&w$bP5XE$^clVV$v7D-PH<EV-)Cjt8^XRFE5H)RS7v$P<@r8_#YcYU
zd}MvaTqZ}VUGB&6HvJlIEPoRE?Ct5NjrFKo^DWfL?9&wc_L3evY`}i(*ti0RKd&iz
zj*eBjiq0OxDs|v?t$)CQkoeP_(scavE$5gk5^RC=rus^mem6vXE8w>GzLUPlowA9P
z$iT<;khkgz58x!pqGqi*p%hV+J6*B8VH3GT;^2@X7}{3qW>2Pl_p1mm134NKytAZz
zW}%$74t4Pmx}_~mm!Ce9WOie9&K{Uo1xp-*3#>*IcZsyHbjx$lMn#(1mbUwnE+C>$
zqXS27JLnu|&Ztr<l&q`%^f9pm#~G}CvRfuJ>(bg&3Erw4&@J<sp!tzD=nS-p`2%?;
z2TW}f9?s7oCQa2zBR7bBqrjm=ndfN#27yRDEY8v<$dxULV4!tpEqbA&&&Mw3L!D&P
zk+}lciTHO^#Tpf-vg}Q&L_SJ0$wL)5-ZEooc;!J7-xyFX8**f@I)oN;9cmKS!Rq(%
z;hq7UXnt*TRym4h<!}xaBT3r(z0mJ<GrMqTRH3ZjGR6){Mau(t@-$-cs-uRCuu~Wx
zARR%&=D7359Yn_@l=3=X$sIff62U#JwUk>_2B++7-IIa0a01#qPd<&aaZbS^btyq<
z-KG9Qcl~|thv)Ss$63(F=4IIwR$DK872iQw7|E~(1^Zkp*@aA_3bZ|@mZ<R!X;HJF
zj!*DA3}5y{_yggod1mdbE4?0t?loD~ZK<+XT7Wje*uqX%CPACYWuNG?7(V}6J6$iQ
zs08fMN+bs_De_iPV)bq<wb(u+rb4~<Yr<0wVl%T03ug@?p9BkeuGrGcs_<fYq-5;7
zQjALrl(yB<_Z$l?4AA8_jH!V2el02&<I7*iEuU+xu2H2#dhSfF)92}x#SlsQQ0=(w
ziM}meZ0NI{bIL9xggWeP(*a{n(xD{mjlsPGlMTKV?a%e|7o815wV9Wl?YSx88-lFn
zj40*6(Q;!wBH31|GOYxQAx|RR$QXvH=&U}=bFE4)XRmWn*^}N{98&CIpZ^kmqV7RA
zua@s?tTiRc!3owK_Y71KrG&22=X4)y?FnwcMsB5pVa3Nga&58I0hhV5T$8ZtwB*(M
zjT@&g3U*@>#j5Y_NClUA&HT6tKa77>b-au==0)nTe%j->baw;ka-_?qO=^9@9j_Ck
zzwCQ6_NwK6jf{&O1V#})1AcioC0IJZXOplB--kS0A4c_tW$e|?LYP{ZkX;IondQCA
zXQ+kC33-L#sP84!jfc(~E=&~PW&^5JAKy=l11A@HX=H4klfJ>~-_Nb0+q4Kfk_G>W
zEu%eY^Q$(kkYV!S<2c?6I)NOIQ^QcApbH3cek7#hq=7N~i-wq+e^)Duwk{LlWZ`+<
zS_2lLxoed%YAgGe6<%?dK2~J{RHN;#E5~64{pMxiQ-CoCdImbqr>PMreS(O9Zdt2M
z0~7iC*Po~uzoq~76j!Jy!hri6>y@fNc`=p1Z9hB_t2qq6=`JFWa3=S5eoK2V_aEpL
zzs#}<<<m?+ulA~tbE#u?e_=W*D(h$<GDd_~pt6E@ax8eX!SVYgfn4@mwBaFc+~(K}
zY_Ohz;?F``)t7g_6JUVV`guq1n;?RXsmS|6T`0sDgr|;sfFUDM0f&O`9^{PcRIgdk
z{iD}NtPD0f-fT|*=L+jvJ-O8X2rgp(F&03TIt;2yV{@TD1BRts+Z~_8$AZRJ`ACq@
z)7}|8yO+z<lAt36Xxh4bSA6llbL;H0+n}F8UX!Qpt0J-rOlap9SzqwiUY1J2GW<1P
z%e<kebpS921OLrO5Mz^Bg0Tsu2JYocwy&&O<_XvU%ELd`kM0q_*h{K%C*@Sa3dHPC
z6oUrFk5_LBq4OiWV%Yc361%ijj=)fwwQ~2^5Ly6eH%S|d00MX@z(I-!h|UVJi7P}r
z<6IlK-h7Au+m}w`m7b^e<Rgw<b`Zqc!8fyIwRSlWu`2}1jUb?Ny^1qKP%+sf1bQL6
zuCp^{<oNcmCW03WOhz8dv69P#C2>F3j5hw9oxvBtC2SF@z6;RIFVOi3U2CBA1gc84
z)@bH0u<x)1_%QEOVb7VL<&NcpP(l|VU<T0Y?<`BV11@9-+5kn*BOrc#y@be3zFv`r
zC&+`^5J5>pYQb(p;mdSq?hG(y_$ut`pPV@7{6oDI2sSf7uqs42Ba%B?PUADczLMW}
z^laT&(+e9o{1Nj_F`@~ux&YR?T>+HBT?nuQMR1-sbhR@35D9=~<8y)>0IAb}_+<&I
zhHM1M0_Oa$p#o@fiIxKW!svxvS6&VRhFQ0!5F~~+o?xqZVDAm9!Ri24;8=(q{0g<@
zHH1-xAV`@_v%RIIVn1p?^>!1yG#pnYz{xSwx3|QF;B&D&0W63-z_FSM0D_tk8)kc4
zY9|L^HiFM7^sx)tbPP|l?NOr(&4;P^4w8<mh!frv|5Zj{fkD%*0kQ^*4kM?Br+`q0
z80OjZmgGN#27B+G5fIq7er)boR?$TyOyStUY5_GnV;<5Wkg*H~3M@j>SMp<R__3Qq
zSo(Y^ESA##egN3uV`mZTxSkziwu*S*!TB>Jpj)iJXD5R9$&J~5OqLHgT@rv=0O6+m
zuCFhS9`GT03q+pMWawYncLQWF4J*wp6s4SR*WG?W1#mqhPsC1=2@Gk@S=3Q&0^yHf
zJOTxLU7W`l0~t3Br|MZhvge{OL^BU~G9A?0;6NpFbsB5TK?re2h!Cg84T`74G9z)T
zbN!Wi4**x{0@BsQ#-8WYiYm!uc8Is3D^d-^8QvpuBPetVn1TlT^o4sI{FxlzQ}b<+
zJGg>60yhMy1rf={+ImUF1pLxAcJd{XZ}~`c0?l^|s9Ilw4AKB`f0#VsaPdbrklve?
zsw;`)0O*Cu^vMNes)*e~I+zw4*mFWc@GX{(>MrM7i}m&K_!*>Sc_jtV#BP177uOIc
z7h{(;?G@mR7k|Rho032N4&A}2glpg<bf9F7{vH6En?3nhR)@U<#8Q6r1LS32tW5W3
z^#HqZq>GhT@2y5se#zmxXfVDD(O6EnQf3PPk5jgOlH%b~@DP~>Jk~K(o<Yzu#4hIp
zUDNPh3&&H5+L<08m6(C|=@_>O=}^opNmdBuNospUIH^8Sg41gGJ#~E|fwMt{hy}q4
z>`{X>os8HZ3VRxL_43;;^wRIU_bBgje=ecUSB37w`{hV&uf6&neo5p|krFRh{kSCx
zO6XzHEwaW{)K}QH)ds~V6~+*DBbpk_Gktf;{kdj8@*IXyQtw6l0;(UmN06UB#PLB!
zc9y|qm||Fr=u8etDCylVkruaGf`G=?)D~<-*?h#T4t90FUv7eJVXtceC@jS4D9gO^
zK8b*yEpFOFqnvPp#VM=0Xi`3fqsT$#xxN6<y4d=n5r>T#!~(RBdogV-l99dI7?9Lg
zh*qRYDZp(40h0!+0ZcLzD7aHqdhz7`>ue)*chTV&bmk+D7wZr)i7Jh_y3BO7o$L2<
z8t-K@u?Fdc8-}E1z~v|?f0jtXJ}m>4PwZgZNPW05`6DV$p!I0?0@sLdb)PBw^gVjC
zJq@dj>7o68A2E-4Tf!LA5UJ0@;<M-P#PU|ngvuPq0R@$~UXt<8>f8W1v>F4m#04G2
z+}1zg^=Z35-xE|09BS`71$0c&K|pq;56UB_MhUy?$}e(s+?RNbcno>GoJTQvjD$_u
zwh=jmtuft2FE|Vm-$q&?=iO84?o(pWYog!@)jl~1xp=JZgL(E)Ir)PpHz58p_E5LK
zVv%EVdAju68+xaF@5!DHdJJ2+fBdm0PH-|IbU2^`y*8Mku%YNnBq(9%o;9!jh0ntr
z(qfY|lf3<yFyC4w;`*QR2s*V1QQ3BDZGn$|pEpj{l<rpqpK%GD#Y0BXuK{OA>kX{N
zZX@hzvpCZd9oS<h55p13Bs*^^s3C1?D{D}A)0kcwP^+WV*4+@LjaAz>DDBw~9YU|v
zvq@1rri+W!Li<V29%AN{_8;+w%=XI#s<<?;&q^uczLh=C?C5Q7CgEP;7mvw_>mN2V
z54mrD7O>E|6LWja^TN}KZh<AR^Gwhe|B@fV!`E9=zT7_1LU-T}FD*fSsJuLpGKFMc
zkabYil7L49=l5BnIhsDcXAVfBI&H8?v^l_W`4eG!0t~rI43N%dC?}=GA^dlz2kcJO
z{@jCy0q=>3VwkN#daeE$^X6j<On1^H&c&7R{mya#{rM@7>$7vQejwOzdwr3vfKbg`
z&0}jj%ta-QFuqxTeo4~69H4AGor|HSYNm^IOp7YFx7^y95ph1F>kY39)n=w;WLFp}
zO55-Ks{dzRzl_HA%q~dw>YnaOg_jqse-v7-ghVZW);hkf{usl<lKxs!k(kR5^{zWW
zSn&YlhURHi@k#D@5&Ij(7@h*xPkJArG5Y*zsyyY07I6UDiM#M<I4be*kDHdloFf*!
zD{82%mm~-Cssj?Qwe2S)ac<9*SN?DT2+8K$ztIhMeE8^)*s-@`fRMSs&s!)Euhbvq
zE85tZ1X(DcLN{FA8gPYPBZbG}t5UB}T3r5}wiTjtiymm@)7HI2iRo|#52acoKSodl
z@HTU6gWLdHOGvOzFKdO--qZP$?V07FRWg)t&PeJQnyCjwi1*67|8_Xn<IU_py0-x-
zewZ|>jMUTrPzi+b5Hztz*7G#UUSkaqnS#6$S1&v1(3`*7xeJC~lVP;-mymX@Cbevb
zJWc|_4sr{Cf7Dw(7~KKntxk0-;ZVPGRxTqw43AFDyecxWefs))__ThD0TNYBA1eKB
zj{il`k}(E=@OOqzDMye^R98n;5^`Q}-um?Zs2%ZdpFCIt#98M1GZGNhL_xx-)OYKz
z3Ca2BH`)$8P`?s#rb?CMJ|&#_?lVCTZLqwn>+K1RPu9pfuWf2C*bV3Mq}PmrmR73+
zSiBv}GAhQ`0^2nes@-IB_?r%`Or!NV@Y*$1fRk@rJ4JnP9EjOI#h@|dZw$$Lj8+h5
zVNDC2ev|WOgzqWh&VQax0V-#_i0}4RFU0Te6Q>OFQd-MAmZFhP8`3vB*XyjArupU(
zQpW=Q!6HpJs{mnq-yucYu1t5XKt9)vh%rIPWVi(<XT~-V<84|q3|E6e^(bLuIovp%
zo3c0ZKDZ@Bsb6;a^YnQc9EW9l4zwL#z^}Zr`JP6tXQ1x*<Mb|&&~;yb^{^qM3W{ah
z>bn%@ZuS%%hAu)+13Z||2pZQimggE8lOs!UjJkvc@qAbzdF(YdkXF4&Kt?+CC|778
zO0GT2WTyez1vC9`HQ!KL#X8EiK_<)p(7L+!4EQY^1Dmr4K`cH+DF*r0ERB$ThDQAo
zHahjic!q%V{}_ugh(L|P8hPKjNS^GOgxyOkk__FEU*H<t`vXj`Q@#5<#;+wb{7gLp
zmSRAEzYf_Yx-wqSO4VM_^F(>{Ew@MvkDEc-3D|cHZ(ub8;pQe6l`O7zvLj0>4}`X#
zH^HyA6o_GFv!5sP5yh^g_Xe*)nfn4Kq*D_&Ej967rlQ=d1VY)zyI(R8={@i<)V+je
zo}q-bAmdoA!tLQP0d{*1(^@F2%rxkfuPnovyegPm;W(WFTrN5B6tzDK_N7jO2dpJ#
zDe&kkKzK_w3$CU;pP)5qK@S3rmj@-+OxwZUf9G&vAvIip5r1Ja{&zWuo91!IjM`s`
zv~xjAQs-mCa1-Za;{4@OYlDdUvD0)P5Wro4PE+kgD1;=Kiad*w3&4=TLOVCm7F@wz
zY=d23YoDk63eD%{Gaic;Q!R-#FG1iTRb<<Vk8?Z{u#1ihEVYtxQC%TEQ4!Rk>?V&}
z=2i!fCVE76(GI@&Z(rQ^&U_gW<6ZCwvYY_TWMvPV*`8v~i@hutbXw`u5iR@cRDb}q
zlbm1B%3r|260dZDrpL@LkY2Pa4=$FKjO2Y&HQWLeSUC=+E9Rv5F56}_M6+81;|)Ws
zY$D#vMcS@GRE12pBy>qquB3d81!0I1IACv@Jxv%rZgF_h>ub?&`40Vnw?wSfU~)Lr
z!WrlOazH}w1leP`DafvU&!@H|V$vEXQqX^XmNpOt+q4uh#gZC_Dlx_Q$Z>8@S}0re
zMQ(h39rRK@aCgo<RVOLAsN|42f2G~}#!F+M2l~;yD<Csz<-W_lsujS=-~-%v6Qoa(
zoolUH=(c<IqzY<wDB#?=65g-6cgmF4^OHu$baL7{g*JDeea#~}+z0&kA|@tDrNX%E
zRSJAHck&dR0rwO^sjk(K)?22V00N+IFmi>Ok~hyrb1igc=c&a@euHYQR4I9qH;tKq
z65}lceE3O+-uhJsEaU~>KI}`nQ2^lHCR|;h$Fptx`R2jye4E1S)8BJsZn?B4f&kDM
zo$5+BhhSMPTsB>WprX7DIc@4ljsD%vh=;icjtSpvO#JE@)%n!6kh89#pgI*4c*MwO
zuoo$_S#)467_9#Ia{MLp`>ak@nZWPheAn0TVOw8Pn$CmC>n;3js0qRvGFj2Ef2BL{
z97gP6w5U_EaJSHFZp4Yuy?fpnc4(XD*WxCEufs$mZSQf?m%8B8@ueGkzV0|F?9iQc
z5FEJ8LCwp&EGBHsBzo&LI6V$8L0p@T`b<Zv->IeR0-!*s0+jYqTAD70OHgtUtlWS8
zocK2Sf&0VPhsT7ktig>9FRU$hKDS%!&P;)2_~bKGCpdXj!)EP5%M;(q*}LyZ%Le$9
zol3ZT&GjT)5KsuCe@#gElU!Xx`ZKMVKU>h9D_aISY884AAp#dBb+&G60=aG!sFt0d
z8<VYGx!p;(O-U8|bDCd#jfJzpz6^@*ERaZvr^&Vkl-)okhzGPU=L8J-->(z+y!OeJ
zV%)IW!CeH<pwK%gD1xJeAnu-mwbf6Xxw830A)KT0vK*6;4cy1DKR59%VXNkz4%Y%=
zRs~AYtGS}qnsw*!cbiYA3ca9nsDEs9NBx%I9e@%Rv!E_q9<YtQak8%A;r=$ntz;Bn
zNNu0}+A@PYEv4{6-n87xy)8R;_iaXZ`nAp}&M3nAvZqfzC+z%;_FfFQ8`MI3QEi$w
z#iVkZ6E2~+z63S~Vy@o7HbG!ebq!HMNkI^A>Wi9v1<UNle(k>km&i%=L{NnJ^6O<M
zXn=ZTxFx>qM-6hiAQGK?I9j=*X0wszN2=tXrTOJ#wi<M_O}_1YJ@^4E5NGJ&dW|Ik
z!A+5^-lYCPLNmOc;dRMt>@0HXK$K6~(i$iOEsu8{D4<w{b>uf+_-srB%ROf9?QLYH
z^q9KM4|^JELRf`PK0y^DwlKxt3{H(Eq5!IAX$P%VFqB@4dOv+2nt?UKr8E$Q@owZ+
zsP1Ey_`b0+<JkceoYHIfT)@~<-<BY$WHPYEZBx@qmaY(@+<C9Hd4B+R)`oJXp>_on
z;7#XYU8BoexoVQ@@4=(geiIJt3^>IYSXO~Ab`$#vx>Cly1Tu>Ea+@o-&|2nY9J^Wc
z4xzMrj)ciI7|%h$WMy39T)##wPQZ*u;~u4ADKEZ+O&?a5DZ6wD2Q<c}BT_zFD}LJQ
zYug}@$mhu_!>?H(;-~!UU#fwka?l3UX|h3u&J!AGmtO_?rw8+u)FGF_04b#q4$nI8
zc!jKXIJoSA<C&eT5)<LMFPu}&Qu8YVFfi;iW*ZK1!v;F@HXa6V_c)_MlY$SS=p1~J
z%u>K#0`Bk<T?bR%y%@xI7g)b`a3xhXa$yPic^{~p+6(LqOCblyfX%f69gJgsOF(<m
z118uEH0=3r+Si6Kw7*uM@r0j6ia$pwlLFhQ{fr_lZRH>644)dzfzopSTr05NUIab#
z?8>*XO8T`0q7^(;(7nsZfV!#&MIQL^GRwW?NDY8<mH^=eJ7Ruv#MllcKoe%g@ROy~
zub(s>jfP<0Sgw3jGxV8)kapys{e6!%MI))<0kHV&LW{g*^yAWDNgHgg%-A(PKh5{k
z6$}uL4OZ9{bRvHCf>T}jX~?|{O@beE$N-zjL~JlzftM{dUox4R_Q33cSr!0Kh`liV
z1Bvlir*t6Mfemh&`N4KT=#(;6LH6Zhr?~_7e;6GDxkw@0p1?EFytz6zXL`^bF&2h;
ztP%FdHNwR@z`zplvj<6*D?o1Dh&dl--@W5%A&%^HwQ%!{|6v~8%*G#yU4%tKeV(W_
zo%ZA#*trp!*xoDODYa76%|64^xrwMRaG~*iKAU!s0Qe)Kq62|2;bYSG5YOZ#qQSv;
zX#v9MgI{38EZswA%a&AEz0D0T#Q3!WBMmV&aSoN4`0^@<_;Qb~K{;Z8;21Fg;b2li
z4Uv%wfyMD?_=!zXW)aL(h+q?@bsXdH>f!d>*+j_oL=PUjN{mNTuzMtN!nL3B?~{t8
z8{|&{p4hI{Fv1Ir*MDb|#-qIAvbea1j?eDUyZZFQ=^0DLc@m(oJOH3dypk24aqEMX
z2Ge(<lkV{l&Ics4Y6ABg$^}63DV9Yqa1NkI7oW%D6s8nqH|{PWip;5RZyuLEwpjZ*
znE?s5(pR!f@D>&)vqTJwAxgnSfM>{UxC(+4SBSXv7D*v&o29B5P_wq@T$S6ibrNA4
zl~%k~-P&O>Z9GYTEe|gd6%NJh>8B-Jq>A7X{q<=mYU(m3iZl4Gn;&uve{ef=1z}nF
zKY_hTeelsHn-*E?&#8`Pk8JYN!HJh!&^KR!yJ1T1t|PY!X+bOSQXQXPbix-zEeTDu
zhjvVgX{%5k<ioLAY(s=cR2QyrD8KkQK5~;-A0VJiPp7b+Qwh|jsnDTXG6=KUE3yrm
znyCO@5B!<JJSZh&BcM?+qJdPfZwtB_#7UowTAT+RE&=+62sI~djYW&<Ve1jx@>V25
zZ}nW<$#>gHyd5{nR29#0PU!TFucLm_r_Q=l)ym?xoi~Ca@a+$U)K6YxUklp*fDW<_
zDTB0q!qZ>R+~d*V&D(qN@dGM(C7v1Uj{BG!85yT)q$0TAi6lClQHyrB4biXl7VuOG
z|Hi&j-YmNM>lY)ryh`7Ag=B~Kc_WFAUuEMl{joO6nXs*jD@~fTp9$*rZ}zQjSLSe&
z)qXNtJ(C<Wr=YVwcdb=7x(HZ>9<!!iH&PpD^3Ocs{oLpkZx|<G*Hh#;`&O4>?wQOA
z6f;Ka+o_t{t6+@XETo^5!{b|c)_3%+k%xg!Ukb0iU<Aj4ax||MKDv9BPT7x$7)3&-
zI-q4wACVTBoFwr=Y(X<R7SvXsz1yTchO{aK(?UiXin7m&0wC_NZtUZv76&der&pUB
z3_X&ldB{3H;g%N9^><XP<ZJHLjgDJ%o_Me3(VfF6w)69i)cMu;vCSU1yUBWXNi8;w
z+v-h2ietsjmD+$&1*7%2^sht_ZyZMZBlc#bn{^l1IjM~|y{=z`hU|={E*lnkyU!G{
zlb(20lFPN;ARcCF_&$4)#%XAW$11nMFmO~nz2R6u)-Nu5iU`^CvhvmT!npNdw`<C}
zlDS4{WpCFu;@2e$B`$N@i&jh-&qdpy)V3N|`%N~B1qB72KAVd+LjjSR+YmojFUFH8
zy!ELzU^w@u0tuZ)RgnX0zHyo;PSbnX)9C{5*E`<Bn`;A1UM%rRYHZn|r~?)JuM2F1
zII~-Q+{~2xMkPANC09i&OC9zpe6x5+{6&sRkAzsIoh_l%LKDRTaQ_s2a&oe)Q$cb>
zrF(EM*e?y*druh_9;lgr=9tO0z{41V{#fkqMTZNZ5#TctvC*~G9B8PoulMaPb(`xt
z7g_0^78e^UvGy%~`zL>(nY(Ljn!GK(c49o2oC<^WtJ0tru>urc&dSm<qH;xdiuc)v
zQ*AC!3#s{`!P3tp?mFG$m~}Z^=;q~kx!q}3Ff}(Hk~8@=smp(=Uukr_kp!;p`Z8F<
zvOWJe`OO=Csa#*jF<+jXdhT&C*-Ddv#*8f$SS`9RHjclH%lG4&d%#qC#{mLk=Jl(^
z!Icea-jkYgka1V|G6tG$7U_n6w-8;EoHZU<BIgb9^PfWxPjlO$jaHi6Dwg^I!1wj(
zHskG?1gpksnaZtEekp-{HA}-4sT?*vFC`xn;S5mG=>~YoLLMAAcmEoK`oA)J%lx{O
zJ#V&EbKK%opwDTT$IJWE-gA8F4iIvE(#)=IQdN{)k;CJR$%e|$cVmQ8%A+)Fa3b6T
zvPZ`CA^J*pw~VV7@2j*=wEfzTB7wnc$*d{`py1aq&=4|gh3^LFuft6@Ccl=me9Ik=
z1eObBrqrh<P6|>G#+i-ssYy<*_vXsMvK4wE{-IkDBS|b^2|NhhFE8ucw>KsY(8{*>
zGGjd(;dLXF3uy>?YGdPP1<AJcty_yR70;cwUvF=t<##NP1b(zhlFWhiZkEwI;zZGU
z*kQgrGfQnw8JU=mPz}!|BjO>t&X|K%*4EZVKsNA|IDg)|K4vFxUFt%(wq}PF4Mso}
z)|rTqx6Yj^7x3L$+i3P#5v;Tvcj@ed%gElrn?9Re5*HGdHV+@2sg4$Ju%b!fG&Ry|
zZs&C4R&TOITnJc-z<plq;rw(>7bx+w;WMdLIjZU0IrU<jA#3!=C}9&+a8ia~t0f4=
zWnYWwjkQM85~4NM*PDGMl~q-@XCZfq++Q<qKJ&o_Z;jscB8+YJJ=CaYF1SdQRC<Gx
z)lem=&(hfEED11QH%VD8*UM6KBD~fmUe`#Dc@B~gbU#U)Z}h2bNF?KXz>)ycyvN?W
zbVHCvu}E%qHgAsrD&dP)C%>-}QHZ9ub}K%BTc8wKlf0r9A8|sx_A1yKOy|~Ii+r{d
zwX8W*0rx5>wnVnCF$FB$u*Tz8qOMcq@g~$;i+Z+K(2_`&00YVwX_It-LgF@8y48ht
z2e3yog9JSbuF{*E3o>(exWKou8O(l8zmLzTj%mz*q!xxxL{cf9mOJ~_Xaj%QYWZCG
z1elkFtQ!PDw`pSl#OJQtW5Si|r2(p*=HdA*wVAtnE+V7~3SSoF`nas^TH%T>zlPI+
zl)~r(gqb)A@OEDg4kJ=&H%}?$fWS;nrFRi`|Ni|q;2Q2V3N1n1Q$uG`uWW!$JK7r(
z=(x=FQVKPCta<n~Bli;H!5z-*v#{JEEw7}fUdDaBju@duuC857lX$l=>sGm0^T9T|
zp#Y*rneq1@``_V*Ng2H!_oIkv3B%nRbIz{BdUdwfrXyWnaQ3mud^1l_4<rg3{>TRP
z<!!$=pMSvyPv?a$!Vsf;6Z|-)4&GgACNB%aitgKa<W@GEZ120-ZG)5=mN^X_XM5m^
ziL5eU{*Q)kK3O|24O8Z5mJ2$%K~!zP;4$o)HmT&9eKmVbwihFV9{X+$Yx8Rj*L<RX
z*az9>=qss`7L#xDvI{WsLW@(o+YdX1ip+#MZEDW5f0J+PYh;D954v*7VQ2eS4X5P7
zeO;e<f0nIPxZzLo?7kW&B`%8S^rWZzZCDA1NieUvPsboITjz=(nP@7XDL8T3MLenQ
z5tDcz(wf}DkNYwQCMv&;=utxkwP>Uuk(65GIPq|`p!s4XdB`QxZ|~o~uLOzm*b{K-
zTC#!usaV88rjJ3&Dk{(VFRX!6dQf~!TwI0AkwE&|g<>Je<Ae?V@WqHAMJqjQaEMJ*
z?&Vb`YRbwzi0fT2lDy}$tjmj*<cmlFN;cpCl`)Hi`}{z~#Kc7NzMA<TL+K-pS*i76
zPCUNhM7R%!TP#jxR;F2@w?^S@W?;ol#@oa3+1Z|9s9QFEe(o*bB5<G%YHDiAxz6@@
zctIWF2@!pcA#gBflAie+>7f|j;p)?N%q%jdI9M_CM|wudW2Farp{uyr0u95;89RH=
z?saII)_AaN4Up-UL7L7|yP)*u)2fm8&SpOgGjwr}gBA!bI}!K1ZfQBjQzM`Z+utPP
z8hcK?^(nb_CBi8a@v<tZM&K!@k?_`}Ze^D<Y&Dh&pod4Afc7Vilan)O(RHZ1e|yCY
z&d3_b;R8oMMIHno?3ksMRZvt^)F7mc%njW*B<jpVuE*j7S1LS$7L@%m$WiC3fByWL
z*)Nr2pka@WvpaNF-->5!js^}y$Q|AsDl$J3r~)lbZr|;nP>#|A(lYYcXS2IMQw*#L
zi$6YQfjX=czvKPMu<w>LAR4*A{Oj96z_?8-E2|wRSJwi@EBwAb-)Zd3!?l}So=W+U
zQ(aerGbY1J{}ir+@?yI^62PPb)Dl#P$@;q+W3*{bqQaKb>hbFoRM#(I7CCwqZ>5J<
z-5_C`5=PcSq9-x#94Xt!{dUO>sT8s7RQi>$G0N2l!$nS&!k18=sya=Go>)KZOW55I
zw%@<t8)GJc51nUM-A58=b}zl3aOO?Ez{a4$$gH}RpJ~&GC}8kDLi*e|BAgBhoBh`e
z_K#u|v9j=&G%>vP^d<CE*EKP>dRi<~)1#{t;3Z?eTXb#`g1a9PZW0dL$@hGOks~2z
zrz8YC<(>)i*$c>rWQN{jtGWY3J&`|(>28=HkKI&EyncrizSx371P4!1LqK01c0{FQ
zB1B&T7lyU?#eoD(tre0kS^+*=L3<sQ1aiWFT`T=PMI@={>-bcfQX~(BLnicO=ywYS
zdX8D=)2kRN(VIV59nCSOM$dD}7`>Y7^W`@W-IEaM)}_2e!;1`?8vd;QJ8iz7$)xaY
zRje9^C_;8e`OJTfhdwKISRW1|!WAGhYnN1KP0`4+yBz%IW>GL|$hZA#w$kb~C`icj
z*r+_hZ=MisR~R_EJB1#lE#-d5G8hg#r+KZ7MD@__>gePAJ(pVaEf(6GuDe5w#azY^
zLeh{bz0*PDL(GRb_o6C7&RQLGFBRbIV4G3GEDqS3aM7w{BU30@|J8z2x40#S?p~RK
z@Qc&IoC3ce&>hea2hXhyup9fFN<oXO+fcE^+q(T(x-P^jIxgn)yL*x35E69k|MjVb
z4TR@xN%nIzi}A>{MqS!n-Q6#KuOM|}Y`FG|@1%sJm<V?f2iv4b!0}CRF&VDTQRd)%
znmrKBW6uu^c&cVz>WajUyz8vcI2mn<yuH_xq<YHCTZzJ_kTDj!N~dP}dwV+m_d^NO
z`tJ;HT4TT`7AaVmCt$-~=eeY#WO`+HDKL7u(PLVYks<zTVVbB!C_*lI7*`kL%u}DE
zih4u+Czj2UA}gLzI4_Djjl<!|ZunS{{Jm@wO8hv|#B$I`5)N~HA4SL}{`Ey%q~1w$
zT@wQO=Q4dE9NX^pn^FA_qOsfml||ega9`ZG@jUs(N5^i<#~vX+LO(VQ2aeONQ(r4c
z*bX+WJd^%Hf`;fi6wa%n<M0e!eghffZw$HasN=iyQD&SnO_9fCYV_T*FFhLjd*EIF
zgD`Q1@1G8UA_1#|B5QHsHeo9#s5~4BvS=T0=)o2=pH3?$A|iXKaPfi`O}xbo{GBwT
zA1dgJeXnDho`0Y@La`h6jsETnES92a+)AE%Qo*|T87gv`N`SAibI*Z_@eza9-V_&^
zV`q2*UQ*B@ONdiHI(>kf{`NOinD9ihpydLI?4S7fx2O1@58M#6(+bqD{~w-v>%IR^
zudDx^Yw16|nE(5sNb&P`w<@>O;Nr)F#3(xo2vJ>%VQq(=>+T-TWc|IQ<au03y!fmI
zK{gzcG~Mu|Ly$@TpUIEC7;ZE%&%2uaofEzg{p>vC<ss<5Qg|dgp8XH9<Jy0H=Y;(2
zhXUI8Kc9KENJ{>0HP$FNj~`d(pX;5Ze)b&__}18!!VepbO4}PCHHdR9Z(No9pHhI^
z6J<wvguWn3IE_PnH)Y2667VfJTH8p^>bKoD{(S<<(*j@+@~=l>2KxUJ4{b0i+FFqD
z!x|!)ae;<KKFQeO-2~;Gn;R@{N;q@u1hsWk2H4?HZL@ewf+8`XhRnF|3F8#I!_hw{
z?T;%6U<Mgy%v-!Qiu3pR_op)b&y+m_pXA}tDMbIB6aIg>o_5HN^l*Hkb}{oOg8vjQ
Msb0*KHofyd0HeV7{{R30

literal 0
HcmV?d00001

diff --git a/design/authenticators/authn_sut/sut.drawio b/design/authenticators/authn_sut/sut.drawio
new file mode 100644
index 0000000000..9bbd00fe55
--- /dev/null
+++ b/design/authenticators/authn_sut/sut.drawio
@@ -0,0 +1,72 @@
+<mxfile host="65bd71144e">
+    <diagram id="mrHBdlVszPShT8bBfDRI" name="Page-1">
+        <mxGraphModel dx="1007" dy="359" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
+            <root>
+                <mxCell id="0"/>
+                <mxCell id="1" parent="0"/>
+                <mxCell id="2" value="Client" style="shape=process;whiteSpace=wrap;html=1;backgroundOutline=1;" parent="1" vertex="1">
+                    <mxGeometry x="40" y="40" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="3" value="Conjur" style="shape=process;whiteSpace=wrap;html=1;backgroundOutline=1;" parent="1" vertex="1">
+                    <mxGeometry x="280" y="40" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="6" value="" style="endArrow=none;dashed=1;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" target="2" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="100" y="350" as="sourcePoint"/>
+                        <mxPoint x="640" y="210" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="7" value="" style="endArrow=none;dashed=1;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="340" y="350" as="sourcePoint"/>
+                        <mxPoint x="339.5" y="100" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="9" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="100" y="140" as="sourcePoint"/>
+                        <mxPoint x="340" y="140" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="10" value="Conjur credentials + code challenge&lt;br&gt;/authn-sut/login" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="9" vertex="1" connectable="0">
+                    <mxGeometry x="-0.1291" relative="1" as="geometry">
+                        <mxPoint x="5" y="-17" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="11" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="340" y="190" as="sourcePoint"/>
+                        <mxPoint x="100" y="190" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="12" value="New single use token" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="11" vertex="1" connectable="0">
+                    <mxGeometry x="-0.1459" y="-4" relative="1" as="geometry">
+                        <mxPoint x="-18" y="-6" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="13" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="100" y="240" as="sourcePoint"/>
+                        <mxPoint x="340" y="240" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="14" value="Single use token + code verifier&lt;br&gt;/authn-sut/authenticate" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="13" vertex="1" connectable="0">
+                    <mxGeometry x="0.4604" y="1" relative="1" as="geometry">
+                        <mxPoint x="-55" y="-14" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="17" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="340" y="280" as="sourcePoint"/>
+                        <mxPoint x="100" y="280" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="18" value="Conjur access token" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="17" vertex="1" connectable="0">
+                    <mxGeometry x="0.1876" y="3" relative="1" as="geometry">
+                        <mxPoint x="22" y="-13" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+            </root>
+        </mxGraphModel>
+    </diagram>
+</mxfile>
\ No newline at end of file
diff --git a/design/authenticators/authn_sut/sut.png b/design/authenticators/authn_sut/sut.png
new file mode 100644
index 0000000000000000000000000000000000000000..97a1e5313f97752a80159451e3054c1e4b807975
GIT binary patch
literal 23264
zcmeIa2Ut_vx-LuyrASeb9zp<7dN0xgBuW=WqzF=@)X+OfmtqoZR1qVHD5CTxT|uM;
zqzQ_O^d?25=^a5>d$n`UzUS=czx%(>^?BA3W@hFXbBwRN-}`>Ucq0Q{`hy$?Nk~ZO
zkqEd62?;3*{HH)e1+Jv#lW~E+NWDySHAxCPxu!`-SgF0W&wIQ2JEB}1NCc#{e*GjM
ztqp#*N7*`|ZCwSVBvAGO(r^JODOWT?)86HrSD?`uXH$hsnvQT2B)AOjaI<xF_;rtw
zt&@YOB=PF*LtOoJ(Y7AW`tJ4)F5o_U|6g}WN=V56`lfxruPf5BioY&6q4$T|eTtL>
z@xmEY;NJ5kCH8LfLD@Ta?LF<+C2x0k7jKluA1~UuySX{odH>-?TQu6;?~k`Ry1VSX
z<ld+r;648ECE|rMcD62my=sQC_jdkuuY&B}^oVyO98gZq`y+!l{xwTi+x?sOE_gZH
z+PnMx`u^^v-GxKDyMwQ4@9v3~g9~x-_Sfat_jLY)Pk);~+QDsa@c;Y^VE>3)=xgiZ
zv-fUVE-2!6cQ1Q+2kgHxn5YNw4iB`uor4!xKTSVpl()kf4_iCpWk0ad;F`0ys|)x|
z68w0{*6xZE+TF*^-q6R}1?5J(i+KIllRa$zF~hw{`#PY#9rjIxc-OuSIk>wzc%uWr
zH1|H0*;~9l>)HR+?;l$sDYbWt^Y6AnZtt4y-tIg7_F%9Cdn*claP{9^^1okx>A$X*
zyW3?S^uP6bNh$oFTQIr5EZAR`%E8TEgXomNK-}DkcA{x->*ee~bV;JY{LZF;VWI=h
zgX<Dvvfz{5U(NS!+x-Pjv=E8?kKjZDA^!Gj$iJ~UZ(FpJ!=9t;xq^fJAAJ9>M)*53
z+jsciTiO0Kw1bPSH_Df2_F(uu8~;1g+Z(~i9Yu7zeH;HRWc(H)|75*h?mlQchrMt8
z!+>4=|MVcaefQXVkkoz<-Ji>^HTcVec0ECN-$iyO`CmE5UR3{GF!^`d>wlAtmHyLy
zNbeiW{(k(k8!IiX2)tl7PVa5)Z#J|4sDIto?&arya%=5eY`wftc7Jr<|Ii8lO*ZDY
z)!Sdq{f*jR&3}4h_P_WaJ?LMzE&IOwyM58x%SRG+Xa{=`6j8P=ULdRpNP#FQVF#cX
z@h@jv7Z(RN5a^`jTtN8KyaW=MoD=aU;N!MF-p+2KUOpfi>A1K%q1^uJ#UMuN*<J#u
z?hoPF)&=F{2I8F^7}fy|J|m`d6o5?{dmp%>?CptwLKE%ag$lI2v<ohX0osEY{C3l_
ztfqi099;RUwd|YVpJ4*=t#)DF-t)jWcSGf0BljMB5S0*<lv3P_$p6DI{YM8BmD~$~
z`zGV==;#IV3(-k`4>11s!m8vxK>7zr`|FPUBZvO~()s=z6(tq_o9XT^Ui{|={R^FM
z4>A1C`3xNVfO~nN+?;@EOG)^65&!S)e#PP6#D{(}rGJSN$?TVHdx1_==9gXm4}D5h
zQsLKg_8+^4A^){b^;abSf1OkP*%zet6Vv`m{&zFlUmo-?bgDfY`khmq`CE7TV@3m+
z2IYtXN$0;xXvE}3%!+ol-oQ732TS~}$R#3?|IhQ9<h~{Tk9|@?Oh!&(Z~gYM$G^rS
zW&fP#_D0z^q<>AG``@b{{;$Y$zm?|uEBVj5<X?PyzsBEx(7(_n_rme-T=F-NX=}I3
z2K{>_xqUnO7dVupg8W|g*>k8pXZ;_hIAY)-#-9BQw;u!cH}AjWPXJ>6gEs`f{DFPl
zuiy81-TmKx<9tP-C@B&W2niCdVd`%^pLw9-+?lPHizZmA4yO2=9C4^I@_1Ss<EaDj
zCOD&GIZy$aRwo`Q2L^UEuVcLI35gD`F=25zMx8%5MV;<0&JRv{cfJcUaGGCxJgYR2
zzp_yKEpWkUK1gNOy6b|wFw*=v&YR+tz-YbteACk~%F98Fj<=7WJx(j+<lt~5Bk%Oh
z<1O?WB&LK!igm(+(`-k7P6Z-$2m&3csi^Dx(^p?yw=8dAwU~NZmpC9z9`^CFu*i?0
z0Zt?v!$e0=DRy<DrH(>%6j4Q?B=A&_9T_zK*gO3)EK>{}U)zNk<{#krf0zD`tpwF+
zg4&Po_iu?`EUfaGeRQei8c*fpC4E_(*h$9&bxo&n*5z)Qs#|l?H^nbn`^@wiPZJ)n
zEacX8&?e*A#H}BP?rcs!DS!XkbE(L-$-Cu<*+bKOlj9a;k5#vqv_jV2n$5f`f6Bk?
z{d%$PXJPe1)#=)x_5OYf_e_H$?A5OjN_Iwq51>yG9Ox_s&m6IurADsp*@34|l@}_s
zo>-I{v<ubkd`mxW`Y`*!>D!klGyMz-l0Q`mAH!KcyA<sq1`C;fa9c^J_Q&Sz4B<gS
z%pu+dB~sW<12ykM-}&Lqsr%Rao;$Rc1Z&`}YXf~kcGd>m`aWc|AOgK|E<*3lA3<K{
zls6c#^h)CKA0sVA^}eJuU=h^ob}b*xHB{R%Exr8qxJ)aU&p?9siz!4_YYpsnHe&Nr
zf_Oi@{K%M&VXMON>nE4v;)-;Wxl*+V1!hlu;i^I3T>OUKq)N;B%$R;%|D3FBVD~bS
zi9h&VnX9aGH$*>GO8d${;oFDC_q~_fgbG5oz7?{}J$uCy_-)APY_VfUNB^NjygcWs
zz*@t5%<9v+A2Z{v7H*Z=J6r2r4JnB4S82t%<At)O-ak|HnyB!*&h8P*!0io|`bsRf
zZ}-~3#YHj!dtBb#&<h>u@_ysim1qZ_xk2Og_d!p$TnKn%A;asMfR&Nz&TNm_C*@UL
z`S<lwr3zns64StXKeevSSS4BVq$DIkrybgFeQD)3RNcS>)5t9-tU6UaUzR>Al9z$L
zrjvN|W6swYdd|x)6WOa4Uu=1=bjV-nNRtf&JJMI_<)phjTJ2|6iT-l!UAbbHH154i
z_w7FFAT7dT?Rr+4oa-a-TzK`|^V1?(6zBERWIT&)$F;9MyLrNF=F9Di{e#c!WJ9<8
znUcVx7nJ5pdPfXb7nqCq+!?qOx|vRX`TB~Njd=<uaN4rD)26;Uc%gE#YOJ8*v=MAH
z|BR6C^WHo|@x#dVsh%eNe7CA;K|kL6n+~_Fa?3x2zQeArbg3<7l!M)s*W|zLQQOAd
zGMYIbKnbts#0fsq{`7sJdNG57-Av~?&l5Ile~qUvHXm&rC45o&3AWy{yV;3C|8U`#
zMfvyscFBUZk~l$yt#9w#<=<&K7{OHhmux!js$C?`o9cxlOef7oCMf~WDSH`zUG0Z|
zWYF=mkH(c4V3|s<i@$&GR9>uj%)~!UW)fp{ZiL2Pi}1!d;5JXlsxddZm5+0bqGtij
zSZsJSbZb6y9APWip16@D|K5Z7<?V~1snS7$6@l}m1Kz+fCXj^IyH1%t=L}%<Y8Z;5
z%2P(LoyD-97Fw|kJFgxl21jr;OnSmbADunH?LQWwSkSJvvzk&6*`u_6@EM5FGq1mm
zXhO#5kw1Y2Ju-Q4jf(E*nD?iL5N$|U@Q;m2vG&M%8v4}d&OOk)GsQa1Rm_2C8QRVS
zd{5bZJu!ScsyCM%$(Ez#FlWNb$06_bSY>^r7uAYjULWzgZZQ=E%p=q8Ga^k}b9F)}
z%U=`T4Ig<-BYpFA0)F;wLEfXY1qb!%YhAopd-3u@n*z&2?=dn{RzdTn98&giLDc4)
znt>24+Kta2V|jh2OXi15y%vQCG_-LbuDnRd5wDucNy5oU31mq4Em-DRuwXQnu!62w
zZ^?DrT=j9ayw_}c>5v)cj}m@aG6{?-LEpTGr5|V~u)6gX8sFCuLGtIRfA>BrQ`(Uk
z;{>yMllgdDt@8wKqW0v^?G@R8<#8_iwl_AeadZrues@(vEbFxywMn8+J_oz}61RGl
zlGb}`zI?K#x>XqSQ@ZQq=LI3<C}%F5AhT0aymN@x&Ft}H8vDc;g`Pr$y-=y6U3AcS
z51W*OLtL#Kl)?ypcwc()QKY-U>gn;~TIe*524MjaYxhB8M0u@4{zFB}78N~*%W9_J
zO;$~V(KlD4%%5B+?MRD1GGK8PHqE>-eAxDWB0ho9Qmx<{4lhl)b~o(D^m2hyN18y~
z2f1Q<{?p?J%+CvlQh=LySD1e^XCpZ_qDqutdi}|#0-qtO@IlAO=cRF-Bynwzpw75&
z9XE9dF9Jl8zHuP)NH08hm&AQ*t<xd!D4rP21(y;mFD*)gOQrws(*L=YNQV=6hEV$Y
zhe)j*Pqb;(W4)K(NF_iiPTf3yGde{pC_?;(jB1e^=E$Aedv`cLRVQ?O*7TI{jhV1_
z5nMjTjZ5h`rv>4ovAoe?ZpU)TFyf5_PK;5{7t3cubAtp}%IR>HYxfT%Hfkg_w~#(k
zX<|G^MS(e<N=d!;BjzZQP3z)w-J@hN;d~f&aI<ve{kNBB!0+l<2qP33duP-bmig+q
zEX6hU2wIq{?GSfM;-;g2hJ&9ARrfqLMxBZ=9AADzMv&Ym;EZ-0wgg)uKibQ2nZ_l&
zegjt~g)<0!S~QnDzBMSKCrF0zHg8`*<a#A^JQ9(cvXG=W3C{*FgRk@P>6*MZ!tB1r
z$B|(_ch)b|h1Qn6bE~FPb67DgcN<l5eb&NyaNepjYBcrX{fD(~FsnYAJhQMkm=%7A
z8?y>><RbtKhycdq!Ks^lkIki%xD-udc><m9)yjZ8K8kJ^4FtLQV2FFJyE6eFzfiMc
z00ORc^rOHpuWwd?oJvgTwp{=YWaniC9`900lXowi?#(OEPnU}hG%&WxC>+h7NA*3#
zy4CIY&Vyi1d3mC8GONI~Y)B`P`p`LmF%DycBisyDpob8FH}L3NquAU?m8vHQHim&h
ztMt-#vFfR%rb7ca&8+hQ`c}UB$zf}`UHmMVu%^aZ(;>B~>ctl<@Mo2$tL$5{OTm<8
zL2l>)_yzx^{dR%p=a(C})e=;%cReY!i(AU*N^fb<8Dtgu%WGm}<)2pjxqZgr^$lT@
zlPCG6PvLafgc$`MFEjE_Lj|U{7VFezOL`5wqH4a}vZvj#0uWBA)NS;_+RWSD>Absz
zvAm&!+Si(551Hi|WUkH?cU2*-fY>bddfdHy)HmHaY{y3hz_2tahiieWQ}+(A2tEXf
zViUZN?4@QJHe16?rMFBUPCTv2S?N?ZjO9WjI=uoqhn(&{d0Svs;Qrx-+gLcsnWwSp
zvGkm|;I+(y7Ao@+F8RH4mEYN3>EclGerO&1RlC&nU4JRIY#!uX4r#~4g%?|HZy%j)
z-$~aH7Uvu;cYjJr%Q{um#L&y`lyMJiFT%{q=jQvMMU{c~x2*%)Y^4L1?dJgmgW__N
zwic?NHpNbDjYS^nPj$-55BWAE^zBHR3<}poXMtwBb>QW7-bI(E7UhLaPr`owU}%aU
zr=H35d*37ZitDq-saFeqlV8?EpeUE-a|gdk7Qdz?hfa^clDt`Cw*UYUr1IJ>_ntP%
z44laaSu$gVH)KAV&Dv<PGqWXe;@XMAZUg0cyoG!1SsR_GPy$j2n2s^RTp;sMXNu_%
zqADs0s@<Id?N~Uf78=~2?*3vLp-`wEP6TO%FE%f)n`oGT;9t3A(Uqkl>(t3LU$fFV
zGhA9wSUJJLrZMW>s~`9&UZ^iygB)PBcKy^3p<AxpK7Ga)p4-R!-{Y$Qz`Kb_QCvPc
z2!PoI1OqO-hHne_Nnqq`<=v~W$itokR({g}4ttQ3QPAI83Ld@|wbG-@s|cOcjtwRv
zoB@VbvCbG^>DIsydI9|A!b;op#E4l{DJ;iU@VU<9JYhoiQe}|}p1kWM#n^IW&asTl
zt&-N&F+3b%_W1n0NCu_WA!=jk*^e82wf<i(t!IGYDvW#wo?cX&#0IDo09^X$OkT2E
z%~zdKzYig9zH0!lO~h+(A=Q@Z$)8p9`g+`-w;6e2A+I}3x4bgZ(F+jeg8d^}@fsr{
zTu2$a!`(dz#qlWniiEC4;E@f*#md*hk4EOB0X#Nm?DpzXDUaxYpBJfMQn~2SK)LV*
z&$y!@7R(T#1M>#U_lO7_dY(aGJMY}<PyhgPo=l;+c01EKW0{z)<<zTs)|jw&efrH8
z%xg;EU2uCkvYHxraM<?O*mQPvO*jg8reE{v%5mIj8P88}*V?uIXL5`!+GuKfX6!1!
zLaT42yJ!@n*h!0NhB>e@U3Tg@Dq|Ft%ZU%W`*nE&ns?R-r^S5+7*Q;uEYZ5r$2QkL
zg!x4>L~BsxTv~!u!MBp;h>-LxsJ1kRLPk7aec2LeP4(5ly>awcMITb_qK#C*z2x<*
zkgnj1xAbO;ZAO+}8SssSNGnmfL%+*j=~tM8pf)E!88a$!l`N*@>qNS{*fflr?mC|1
zvO!zXJEyL!OrLSA?nKSD@fzbH?6D|vK8^arcoIC7^<Z4$##T5f`3M=exFHvk1^b+l
zO`8Dkn!IbsG5zzPI20={E<&ktr%^_}Dl4u)Cy66@98&Obbz$_K{ti~qzwPJdtax5t
zSEjNV9R%ZMPrjbb8wP5nXL1sd7OV{Zlp=^JYoD*H&45a8Bpjcg!cNWv9XD`9%8YsN
zlGCS&Mn7a^r&5gnrbE%}RKjLL5q2>0NSBt}wUYO7&D}q-mIv+R*WdyR=4T7e`6RsR
zY2=F}fY3G*oW(}v3Df7j)|B~!sZD_i$$y#%mXk63Y9CjA{#dU|&YtYL`&2b#bG#&d
zNFBuIq(f3~s8b(`!SfEId|%DHEhzSHOZ~=DsUaf&A-FgpEA`s)GE+wmzf`RbxnSC7
zhvB107H-Y=80icA<2QMcS_<%2@D_Lyz;kFO@vc(>K8PDGhjV|{)a-1odATZ2W_Vfh
zYPCma^hC$w<3mBIZpX%?wal&L?LiS0#pp!7rgh4AygdYC({k;|8dwblGHtX!s0HOA
zs4VkBOT~fYR@N-tzB|?9LVoH?dK*7i?*3HByp{jM>2Ambo;AlMSeuI8gu*pjH2N9m
za^flLu1jOB`h>?U<I%vMq<g_i1b#+v%x6YqX|TV;R>$GZ>mTsiUKx7sFd81iCG9=c
zjq9ZLZe0dx>%ffokk8@iMm}MGco;mV#z?Oq-e|FMl4ri|=a1wY(A4mgmsbsGPWn9>
zZ4<gXXI*4kNgi@bn}>B4LY3RWgj`ANx&O0rN`JLAyk2Fh6mD!BXy&cbOgAkZ*DaW{
zXm?$upGg+0YU~I?S0=1pBs`3zVHxM8k`N?fJ>k$KoR{$_2TgUbFv(=eUvN_d-a=BZ
z37fa`&~o~sxSfeoqUain*k(3c=0`!@V08TlF|-(N3|Y5-{HF#g<+zvZMhCC>T@G3f
zWW7T6m|dbfSBDT_yEJ^|=?*{T^_KSvBkZQWBc8hDOUQ_#uPo$TFC48R>PbV=RNIEB
z5{g!l!R=0i#A2HlQB{SnV>2cb78n)Q{ul!lLUDAMew%$-=UeADXd6o}7cS8vST*Vk
zk{IUbr$mQ{_}j{_Qv^42)Lke=;WO}6x}zIMS|jBi^e5fgdTVyEGBJEa*rt_gn;!S>
zyoOjrJ-R%dCiNi?^am)_tU~h5B{9<EoV3A=bGe6C9plvAGAuP44&L4z(JxhAFb^mV
zu{%2c;%RmTe}H=HU`$P<JG*mymhdVqOoH{1Fb{q#>4xbU!iO_8>Zg7Iqtp>r1Grx^
zlWxVT1k~+BjJho&#6-}JIyEwp8^+*xGT?|IqUx%H-{D-g!P1}VkQA8yY9vL2ci%NW
z3<KHtRsK3AQU21R%GY){18TCx#RHN!F_Sz896q7s-nmLX3@zy)=rkmR6^dj-`Nm?s
zF^k5~#Bbqvb9M(wM@uM)cs3Is&ik1N7c1jWh?w0ynG25(Hrf~_tw!M$P0&$!jCpTe
z_@_&3+P8A?+Jua@hEFWhk<r5AF<#<B?Dj_v4@kZnCoS&Cx}kiKoMK3J?x1}_uw~k(
zmvhjN<W*gCW{TxW$aFExReXBUvWfW8^ZLH8CKe)H%mvqy4wp7&)xYewm+QbRpUZ&h
zXUQto;l)g{!hQslPsc<TS6HP|Hu(4CXfOO|#H+C4-{X9fgkT*FGQPgL$k~&sr9w!o
z%)64I&`^LAs}8F(Oy4Uqj$Ki1Z3@}``pT=5?&J3LWNziE4wek|hI4ky)kB3H69)+O
zgJm6#?7sBO^Ut5fj)rb$27Bc6k3@4{cL|U9KBU>j&YHod8TCfa<zTh&5LS1!lZxKJ
z=X30Ae0ZBj93oBb+1JREw!ZEJxiYtu>m80v%NS$`j1t$BIhfRTD@d-UIn(s~Ju-9K
zA8dyZ!(o`-B1khriT=*P(9<|X8h0ocO>-*u+?&YYA#XA)`YJD;3iV7SvoTd*+`D+|
zdTYv)4~(+af_$330~*Qj$!)>Li7EX!oK`M}oXb=)K~I$HOWV-V3~TBDbR(xSwW3~J
z5{FAjZqeJUC-3PvTr8X*gO>}QaBYZNR!B_NFqhro50Y5&m}074Q>ZwAjP=!;a$$)b
zQ(TD>?Zb{V<fc@d`9au_ioLr2@KZGbQT4q@>`jU$4As7HO#RSDxDrkBio&2Zo%!>#
zsaEmuwhT%Q9zT#~P?NWmyW{f@J>h^x!}w4+)~$zAuRc67FR!E=>H0N8sIijQ`4hPP
zq3$Rq&<!_1=MKAtSjeu0Z_`10%#UUmlalIE%RUpxa-DVYbh;AaJ;rSDa7gEFI{vf4
zar=Y-=4;e26-(y4aC2W>W+h8ix%0ldq+E$NB2Gq7G+^^GUg`CnGHo~KpR;V&CvY{r
z77p`-af@>4*mGgMSN*cI#*^@kvWF4eNDBRol}f&gG+ELjCj6+fbbiHgK@{r&KD6(!
zHmqZVFJp+wwRn<I2*w~Y*LUXY`Ea;qn?Avl8e!|jd`$>uWk^Ux)>miCMIA)~mOa~#
zF&|yQ)Em^A9LGTrgzCJ8;Bq~<g+6NxA~?Blhe5(TD4Z+C<(7z7#0!^Z$FF>$=4x*K
zBtRhV5n+<R>y6V#@V|n?I(}|MWGmj~tQ3Hv7z%S#5d7OZ#e!0kUY&9uH{f&dcP9rB
zRV0}YzKebI*JR+}%VEfkLJ)3^KEp0_*diD?2~^G6rfr`13}t#_9VwbBnI1t}m#Mbk
zn3r_O`wlCm7c(xt>B;6yz{h9vwE{%EU5^Z&dY!TGvKXt~S}|5*e{fPDrG*qJecppX
zHc;t9Fmp(}=1g1I)JH~@GHghrdVRgtjm`rB83`Tdf<swK^DYzeFCOH|G<8PnKKm*F
zvwHhn`5OJAz3MR}ZEQXd^h0XODCE>ZdqfP?`00M~9_Py+7wru(ve<YsTN5^NZBvK`
z)QXkt46V?hv58@6`zY1$n*;tCjIRP%OW4|?kEOL3Q(c|nw3q4$<(*klUsxi2nOH6f
z+~zZ60-E<28WMii+MWh7x}=h1f0uFSz7_v^l*uU?WU=iR9b|!KLx`Pk%<lR;vu2u_
ze8c+Q|1*7Fb&5Ij?cz*(XK>?FY_oAlN^zJ;+om@%SoFGsAFPu9)Nw*|Q<R<41Us2_
z5=koOZOmrYj#nit6mkU-XohUMR>dTc|AUbq#XpVfBYz?qQ?JJKolp7F1Pk<v|1~Rv
z69V%$^!ppeKy<BxOfQy@oB%btkqMKHtI!(f!5^3s1i|jssIiHa<Gd6FU4#+ic|PG&
zL&zk2Pky9@5uGHC;lcg%%$V@&G)2Y^n%4wF9KMl#5?AF&iI<B-5VX@kn$J7W9iv`P
z10UiRVP#g#!>wTE+-b|_lB4_>Efn-BB0Ek#Wg1ftTgHEeIw7j!@%9<cXVvASca62k
zYtSJ^{eYHD5k40OnYGzXIZl2Qy<TsOw6ec5h2s^&>R+Tj`2MV1h=WKk*w8fdF<yeX
zsx&Z4P|%UOGtyx3qSa053n+S73ORKf4BmAf5C!W8!O$<RcQo2VNsx;I(|z`7Z0=`?
z#DX_MWyD3FnT%XO_BMq%^_kr`LX#Vme(!)539is?i2K0Gqf|R0c@f@416*orPW(zW
z7?&bOJr3qN#2w*-mX?>K$q+#W0Tv=rZAGS;l_6!(u2>?KMxC&QR1!#?01+W7{2xQX
zN^!eG-B1>(=D)Mx8Y4(Yil{0C8~mogF&RAjD48lhc&qv1y2tb2B^i&B@!?7w{3!a{
zI!2ly-4_YT08bqayWp$4Y=vT_iXnl8gyT~*pDQ;bhMy~I&U|#df@4%LCPeJ5A(&=^
zx4X2AElmal<pidA$E<@(s~#*_unvgy!%ku5@90UjAQBXsu;~O%3vPzThUt}U+GF2c
zD(x)M`rCO9U;?6CF?~%P{V=|6Lla#j#z&$Bp>)(N{a#G?I?YjJ&|>3NcAFt?%BHqL
zDT-4ZWUr9JEzgxtrCB^y+1)6LMD;kdZvBE>FBqy`9t;H{_R^Ev7lP;`>X@d|Mg2g)
zYz&G5%P`X5Xnl!kia$R{&RnR!btGojIwof*&B33BRewWz(X)?C;}$QwxdXv)IE?n4
zOZx&Ks9f$2%>iXmnT_j2J{FKk-xi$dkGWCA;ScmNsH_@wq)H1-epLxv?Z)cz<g*x#
zFFnf<cFORK0j!WRsL=zWL)Ae&C>yfr4b-08?sdmcF`#m~NGzGF{G6zGE-uurTgOgY
z`Hhw$ugl=x!@k$N7|J!Wt`?V0x{gR2cI?V}!k?_rc$N;iviM^sVZpvt{Ka=oP?4U^
zRPs6KN(WPM9hTwtAkn2`3rkh>%FPO1Mrt$%+yuOZ?se78hgk2g)k2bnbVMWOH(O6a
zY(6gTB!H>q6ZH_Fe!LIIUksX;rRP<(Jbhd2EMT!@fR1DZq_jsy_pWxHT+t(v;>n3w
z{+|wrT9oM#^|W^Jy2qx%Yp+i{?IRLV!=+cQ3>Mic%{;u{{NWKO<FmBk!-ZDLL^ccj
znzc~znL+k)AA%@d0f}QiOS{kV!Kouw{vV@H2}~2YhZI450?>TC_xOk7R#o1~4-8e-
zZt#R{dv@HBY}%o>Q1+dBSZGyUB{%LiKos{R?OslSI{X|cWk%`_sckQ1Y^v_8o*`oY
z3&oB}L9Egdfc~l21iX+1k^NYpCcBQ<1f)yvcw359<`@~3P03_dP!)TFTlIV{V7>If
zGa|Q?&!2f!;rY2jwb@TrzUN!#Euu?FY8ln=m3iEuMv7b4oY#t>GX}aD*MU480zHR}
zhdqTPpz#PyuD8XkWE@@}uHBp|P@2k)Tm_8L>@EyX{qzA42a1M)K#b}uL7jPW{+Z^7
z;FTo)O;EM<GI64*dz8kh*cmuv5JZlyDTdw$$Xbs;p;{;wx<3ETENHQ|oWCj#?>CGR
zl0^}kwM&_h*SVF??QA|v_`awK4+3&PwMNv{M6WlJucj{k+%$8kE+YLDwaq4SJ{uIS
z)~9cY7=sdTbcd)e`V3g*Ib{XtfR`WuM(tq}gYp~fGH=-SJyLQildZ<#{a%2IDRxB)
zoTK_x4|b7n!&k(ecqv8LAr-gGDam<?Q=N;*g%H(&Yco0o6LF;8%5Hc~mdABQ;`umo
z3|pBlaj1pXq$opN<Csix)F&9*0CPB-GX{3g8l!+8Ep{^0g;N75l<LAa@w)9C;0157
zCz()yo8s=#P4k8m;JFsAr8hCmkU%Q>oGw5M4XXrwYL359;qj3QwnG%NW~mvtrV9C%
zbyO>-bJOKc5imBE)y{Ss%U`VQ4T*fmNbz;$<jl6P+oqL~8l-4PqkD{R#V@|F1PgYz
zm?@FSQ|Wew{n*HBN^;I3y%ymx)qPJ4t@9%P+><o1s<;DpxpW5KKQ=FB{P1=J?gHa(
z?Y1A{-oVH#lTmm93b+6ihoB0-y)~L=$h*G&P#xcT(DhxJPgD&Mu5@3tLK(jU&SvLO
zX6msmqLjoWP9TTfQpP1eC&eo91Wxe*jT_lYv29dX_am_O`=<m>j0|>Wdt=3l^S)+t
zdp6U}5v<Jf1I=+FECXVAMygy^(F@~!5#KsoAjx=k`|ot09#{r{ZP^6+q!%J>h}8Ax
z_s`e4g{4n~cb5-2re|zA(-L$>t9$_c8OMcl?0yF<DGC3;4mR%wGL1xO>V_HxR6h;D
zffIz<pE77pRHX}G>|wHEao{Ice~DlK9B5^y;v`p|A<Iq8WDKW?&gB508(YERU5s<}
z*w?x6%sI`bmHhHZtw0R_b5d7@?_-hN@ef{ei=2dtL#mhDp)<EcEoK0z+m0gZ;=2|C
zG+?d(g27C<$me10396{qbEK8`fM{qSrf~@=fTGHrngq0@hZJQoX%S?3!kiB3ywlfH
z;c1umK{{N5M00^o0wFy{e@ln(%{LcnbH8|v`ime65&*<@tHW`Erw{VjcO2#-%Tup{
zCnFAt1oMRu#cqRd3Lm3bMjEXz+g|(dA|%L91=idMLB9ml?>y8kD?*SPz*Zf2=OOZj
zvu0LbvTA`(DC{Ug^{5j2pI9i1-gaicisy#U-aLNxHHr*<y5QUsE+(mN38U;V{;uXy
z+5obA%1@IYMACA4^H^ORNo*kzmhqd<+yO1@#<U8E5^oBg2V)_tJ-W$wVBfP@VVl!=
z)!OG~bO%(w4ccYOJO{$PlI1a*7LmsBWRHt|j7X4p(QE5h7ZjqLd-VA(Ap|ouClKIy
zRumSPtFWsz4UL?X?BQ`rVo!<M0C?Qpl9kS2vuQP2a+0XloyybJ^OvwJ7Hvy$C+s7P
z%0|$q<?D;Szp6{+K8(i*G>(}*yVMdaUOvY_-PJRMjs^8K-YXzjKa@5$%3A33u!Q~c
z;NVr6+H9B=rb;S=ep3`Hop75`MC#ykS~L>Tf*1}+$ELMtwJP0Vz69geC16$*htz_t
zRqyaX6f5t;-hs$)xpw*Wi3`=fPf|oaK|kU~e(05SAchf2EIX~Yl}w72p=d{8?wn7P
z!N}fV$(O?@8j2`&LnMA+i2>lIM7*b)8#);}$qPH8Cqkc_a0dVbz9K~?nw$7V$KF&t
zT6m1#E9%;-iMhycE?U_VG)2zNw6W0|Z<?;OE!fyH(sQKR)#9HN&qHv9)A#iI?X@5j
z6f}?Z7HH~w^J!ymdSPX;tH+SN<n;}DG8DmD;a<uL7|Q3M%uuMk-o6mm8fae#-Y(fD
zhJ%a;Vgs9xNRjGk-tJrof83Umg^Q;)=LQqP7*i;mC`)zlvp;;M;LR>*)Ur9lNMpP(
zc(`WHdKVO3I}!o*vvc8CznJ48X$q;BdRwsK55^qm2sm>r_vS^Zol8%oDCA<)4<X56
z8vPA7b^*6dRXKZ_1dzK}Cc10hJaczE(A?wb_=!=$l=(xIjgud&v(yo@i|(?Zj5#A8
z^9vpi5z!s=7rKiY?CqF<LAtF7s=oCm%$BKj^dN@?^QK3)!AWpDBGZ_^fYwpi*CR^+
zhzY=PWpl}U<3pxH0C=#qmi3|oIE!(KJp#<`?v8`2JOK3dzW_3Sk%8NUAXS7I?pyI(
za`Sg-LoJt&5*w;=v?=ibOvc~~+hn?)D?`D{X#GNyQzFxPM9e1uuWWj*e0BQ0qjMt=
z=_~-WZLCS7@OlpZ;A~=tjL=NSh}ewOqRj_!s{M^5PlYga`eNA5S)dr41DwB#v(KQu
zC6MCAYKh%q%8bNDgGT@tJe=e}vK=hERI32TeG{wx{E9d1jnZ1*nYHm0!^^;thCwWp
z^_@G<9XNF_O(m$zt>Pn<3iv#FK>+}R!m=Sp&Lkd{s$JAZ>=OY3&f9E_$mPciAgT8g
zQNzX14FQ(xB4tXQO0yzwpI*EO;+W{NQ<mpT_F?dOlv=g#{39aZBQ_<((6Q$L6i}|-
zwH}36K6M#jXi9Yc09!!0hXPRi9|x>VOat8LReuqHud1=Dw5yYM!;}ctFM=z9a%1V7
zw`5{gXlV{EhTdE3Xr{j#x|z@EvCKaP&>(7k)DI+H>ZLt&_?Fee<sN7&ItSFY;)G8d
zTXjFyo|09*=Ev~}=bwp4Jk_err$cy;^{xxudH(vg_*3vk?|rHP-`liP4OFHJMK%${
z>}2Kh_N>x!EB{*nTG+IS9a3i20S_3|wmm|Y8mPq{Z33F!8!&gyUq7{^NjoJc)If1B
z*7_{~MuGW#Kni8zLAQge#91fERR5Fo_rWXr12F&uSYYPvNZO5f#Z6#sK~GQa{bZ$6
z0Jl|dCC-A4`SL^G!lWH&YqP^)fWK7a6x6$u%`WYzkYhVhe+Ub3!O6vD7Q;S)+m<<C
zn_K$Bh8%8B10d5)1g4;It4ir*Qo_$uCugbwCde4|q|6{Tmq2@gCR9;od)iXjTrS&+
z4iB`a`vrwSSP;Vz$upVY?;Zm@5*bQ9j~<!k<5pUMy;u%d2R-2lnv-0Y{}D#SSmrtz
z7p()n99ho*N|rv5CC>nI_$+Al0)L(EI=Pal1Yjzd#>hr=;F5AEX$ojdIRl!5{EAtI
zBQEB<zpn}4dic|i{FIyGc|s*F?qQ@bD1`imxM|tM-V6iExv$7pi--vTh<M8v%LR?&
zto&RxTiDxcsP+Wl!F-KKs$_qn6t&LYJIbRH_|RvzKUoHHu}~lofP0Yq%>bCr$Y93G
zpihC#MO#xqhXJ%cexV7L7Fz?vJ{ft5$LF6lVm097U1~pT_{kAe&<S>c4?UUHP2UI3
ziUMKAppV{Gv!9VAl5yN0=x->{=;Z;^=N_a#pw&kQ_gq_%p9=-Llx1xRHKFj_lVLUM
z8PJ^6gcR+mPuU`)x=GCVH_jM%p6_8TO1vTzNdQ{qeIRspVTHP)`}k17WD7v*t<y>7
znx-lSqN3uYr*mt`p_9*U1_BjHZC$xj+%n-OdvHB!dA!YF!G^?9CpvKz_#fyGi=_7Q
z$QUVR*K4?WEM3lXk=t)1;%Pb7lprgBs7eAgt+eWf-7(r&%oxz$vWar5wlQb~EP${>
zyG;SgneDz8$*)pqJCm@GC}RRJ3{)`BA{Qsqvr6ot^B7a7e$9XVWR8;0jKcHlr>tT0
zsAVo18k5<P%3^-L9~}^~183r-gbXqsf`l!W*ZB)pzE~xk9-V}j!vlcMQO3y?XLIP}
zlDh8I8#ObrZ}^@ih+Uf2C={hT1;-ehS9si0-56(CUm<o&_2%k(@%DVXcH~4=7(agm
ztpW&jZ96}HY%ThLCaafaUhSgg-sB@k%q%}H#KPlWG*BX`d5z;b+2Johl|ipG2C&U6
z{s5H<>&_jGlK^`?3ynzZsZraU;y2U9Bky`N9_VzZ!+%d5VhM>lmOjge9&WAIFf~j+
zYIIcZBvyGl03|(00O~tkqnXIrn;a50^%pTmv6gTMfUULZJX-JbVI8ZtjwRm4(6|8>
zT8xl{NOPvohup;TEpMz$78u@DRitA2swowKm4VTqB#)^d1I1WTLUZaPtwOy@zPw$)
z>Is?wD$3vjH}P1v?{rf4eur77m9b+W`Yg;ud4Ha9vWe)^O+1R#B8WU%0DTXNT>=Lu
z-AnG~t4c9NlM21gh^JD7j)PtTMJaww?Yiq%gnE>W#hK(O3DMca+9>wQBmDEX=PVSF
z!lmKdu7Xt#5Y1#IplV&((VS?#A$(?a#H-8o20pb1$lOizp>+Mm)1%ep#qzjn(5v*t
z%3zl7mph7HC~3Xio14^o)SOXMZV)Kxt1|^pmE!r-fC<5vVS)UcQ52wfNTWw=W=Arh
zdmU%&NUz1Ep;V2nOmkXsD4Fp?r1ymR?-}tnYvPl~$s#0<1_MIA(3SCMj|w?rWg__c
z)CU2mW=^#(Z%Ci^z1G85`X76uNwM<1KM^T06@2IIneCG*HUnP1L?{LRcsb7Cq7n8|
zhw4y{%P{YNfeAl5!db03S%y;b>WOB<sICvr@*J`kLN0>}&N_?fiNN-H-Or>o+UAQ!
zIGu${Mf0FWv1qc9(0K{XsatBK4dI_=z%hW9my(M21?e>w3YI0##;oFp&zxt?h?}|d
zoVoNt?wH2$sRYa<QMp^anEL`=KGL<y<C^{fUTu8veZXX99_T#lWr9$&$-;dxL6<dX
zbuRPeI5k|0!%?<>n}0`pfD}Ex2#<j0>y`6`{^)3Ar#+ib84yV+(i-2&TALYol(EWh
zaUpl>&EcHGH6ZF#(Qt%tHpUm+%~zxKYlR&iZcgMsyAU@V&YEO>+MCDh4mU&;QW`EG
z#R%gVFhG0*9TTk02i@Rr5z2Jl<s;~Xl#4~TmqAmAo5cONtR&u}OFtHW{xED63foyT
zdwda7gHDl=qOKUfr3^vEZLIbh`f;edu!+DT)MP1pQ-~$dk!i@&qfRWGoPa9hM(U=U
zV~)k00yNGfSv5B<rXoJ4{C(gR-E8CW%xdP`6_HC{%+$J^uIV*rUVwy_nCAB9M<edi
zaONbOU}TD97}vEh@4lMdZAfb(cP>n0rgf2nii(O}>R1lWO!--K1GX&E=dy;|HQ2GG
zV|v1I7Y~~7O0!8hK}S{Ac!1zli<jIZ+vcr&U*)>d3S9^WAt3|a*f>Cb=;T=L(mA>a
z8dAV%sJAZ^g<5=K95lr_9#8(UxiNXSno`D|2{5rlwab7Ow9|F=q@N<ZXLq3&^QAZ$
zk5Ayfja#Y*n6!G10T8=Ok6_jGSr{1;>iG4q76_J^9PrV*=qB7CwYkXWyrKkKfi~9V
zWZ{eurpsUB@O)Eseh5mFM7)ZJx3M;1oHONHOL9%)VRUv+IWmQx5<?Fgr)JZ=_r(4f
zMi9{!MUS6<FmcZP8n?^3U`mV+$#5IVxxxEs_mu{P&s(;z;N03(g^=(*fO?Ti6?4fo
zfznQD7!J0~d82OYE>`sNLq(_i705J8SGi#i4`u-tIeQ#_sG`w8y|ddNBxU(QPjjQ-
z`$`7`uUcu$b}T9Z=4@5@{YN6%JD=&5a2zMt9+`B+g;prXF@=I!(sPOddwkNh$dmFC
zz9=(8|1kWTOQ7vK)JOfs__<=r)KOQA0_U;89o;O?665G3i6h5N2T8)venUUr=x}#t
zg-c)!J{gQeejjXjl?vfvZl1vE4K9Jskjibx(3HFms>5<WjXoLNYwA>ZN9^4xvinRc
z2S}WOc`=HMRGM-}p4nlo635<<yb{x1&KttECBjM>799Lgp+Zv*kEDY%38_*81%brX
zH8aM@#I6*n+!^&{JR$T(12YG)r<JB4dsakwQi(berEE_%<N*^@9)R$p3)|`hYp;t#
zZDysbXTK|_J3%}cd@jjz-_5&~VyHTVq-SKBv{<6^Wqz4ip<7#$%6*fo_CTdWBNY{A
z>mBmPg9>CDUT!oNwVw^{*=5HUC(W-7zP@M1D4Tu(qg;QZ3M<)a?BvDtb5f6y3ON_i
ztvD8+dBd2S?%H_Sq~BHR+^VNo?_A8AV3l2B8L_Z^z_-)WnMrvDVwH2D%!p-2^Svi*
z2Q<c1O$R?3A+6NStI|koWnw&REKhyZIPRt5(Rkk0w8jRl49Z3gHAd<2)>>k(kO<Q2
z&Y4FeSYb|QHEHtXulS<-xZ>NX=FOQ5h#S04oJ{_(vqf5x1iT`6ca)8?V#1BVH+s>o
z!(Nk}K9Tgg?a!a2A5(r5X?2ZKQA3=iWb6RaOHbIM5fn5m2I37q=Y3<xbL62)<7BOo
zXi%M3)8M3~L7cECkB59lDEWNEATYuq-hHT&>^MCQynY{#s3{u3Qgs3kBJQEQCJo<w
ztoKZOP(CbEm=k@4fPqO<Flby;=4KQzaZPsleDbCOF6ME3Ay(n&(bOalDq3m*CXGn)
zZ+2eCk;MuY7?xG3uZ00{0!#5B^Vd;B)_qK%mOhDOSz|7R1}uFk%lJ}XUY@<7d7kSU
z1=34I2%mVk-c}3a4<~Hjy*ol1%gH}I@?nD-wZfgyDoV$Y!L<%r#;cs=*5iZVguV};
z!_cqBIoG8%0k7C0w&1Pqcwhr7Q%uK@bPbBaa}l<>3$S6`_t^av`gm*8j%9h3E54V7
zqGrZy@~>uO-#(E0H448z2_Kq^{3&f)#^wVAxCSS`rMDJ{gBiy9AERWFIier)sX`IC
z8_xIj-U_!K7P+HAfWOP2@A#Uj_fGMP=;n+N!uxK>H&3+g%!i(=c>I~`Y7eYsF6219
zP#{scld}B%TS^7XIs|1;nrsq1hcs@FqUSn(GZ1aPs!f`)%;u*AAsAVgF|m8i9nbrC
z&*?tW3xB*qv$Yjs(=HO;%8}l)*mM6YDLbFY1rzFom~FAv1A*zU<pkpJiZ2*PQD+nN
zF)|l39fr8mXFRIaifInFG}<n(;)c{$Ur)Qj2kg&#aBx>0%Uk@?IVA8J@6nOVI-`46
z04EM8Xak>s%nIru$?Wm>!6v41hbImzjnfrQ!t494vUYqeYE{pV*0^35As<Oey;AI-
zcHvcSMz)#JhZ_)_HGjN;gyNP^@?+Y|=b(kV0ob!egYZ7$5`E_}GBCNW@pt{O2K{Zz
ztQ{5+bD(qq{iSE%-SN|8#7`r<qVdkv0$ACTEw^=F+<BsFK~#XPRORdiMpUJ{7!hP-
zm2BTPE~HoDzUPkhBPEJ<#o3_SqsB%~!#*+UnvAU{aG@Fm3b{JL=1#IyCMc5lA;fT4
zJ4RiKvGob^Vrp&p_XPYc-1mb-nJMOJ$3bFk&lqv6I+9XL>Lg?``*a-EyPHA&GkpYe
zGD!eIo<s3x*XdvINMQTHbD$WuMAyH-RSkn~Tgvr`pkz@lH`TfMwwU@{aFnbIQ}Q9#
z^wYaqP-ueg?lqGuPx+SQ$wXm0=_?JIWUyU^0TWm;lm?^thV_mEDoxu1$An*W#;#aZ
z+5UKgNM|tb(HVPM(MgMiqGDy-_}ilvfMWQ_Ah*JtQ2&0&N&mk7E^Cy8kK88{hNd*(
z+<FIg#gAXISVS$1+wq^3;AGl=vHxO8@<4)PS+J27e?~JWjLL<TOoQY?6#FDb-_hwG
zCBv+`?$>gl0_m;o=#JtmipBH))4WOUE&~U9`QU5JV54m#x66b8YeX0_P2hm*F2Cjq
z%hX-(eEs_M!Q9E)9$Mgt+>uY!m6A`@34W)cL}h%CNu=72A4YE$_O*o#upep1%?i2R
zv>V~*WO2!BIxI+{4IyXp`)^&+4o7U}=VcL#vd>x7;8Y4X;3dI<hJ-%+fkoYquZc~o
zpsF$kz|Z%in@EEhAXIvXLHkhYE1rO^3Qig4Y+`Ag1kN(OV+M^e_fC%_flZG0x|B<I
zp~l~{AILI=#1mEEsF4qhUITPt7<H+vTi)X>wr^v0Eq!}#7#uI54RJ@-egt*AY5Ofv
zpPBr;i6QteeFiWmx60Uc2q>-F6`Wc`QLptr=OJz-nJa+SC!YO57k&qwNU}ir%JdyZ
zZGz!sK;2dgT6)EX1vO*h#H#0{c0kW>;KrBRrJ(s$*XHxfq+Vh}GmxqZ>|Q0$?2!>>
ziy&=3As)Q~N2ZLyVI-nBGa5Migm}uu^uA6~24DwNEQlm{K{4QVssNv0dQX#5WqYY<
zVTgGAD)K<r2Ebdg;1mv9gPi+&OK_gcXtw`}RVHXs_VekE$v>0#2(-vAWO2GxG?cpU
z>13AaL{c4`mogN}@VI*C0G>et&_s2BrpR9Y(mo4%0|^YubBqbPZ~~EI`1xa}6ufuU
zw@aV#$dnS$X`TtRG7j0xH_jDW<}Zv^7g$yMR(-i;(X2v;1N*}8b#&xt!$KBO0e$rn
zv%KwPq41_D0+40xN?_{TiY-S}-+`KDWD-yl1D{$F*1$eg{M3559RwQflIi$d<Eq?7
zt7brHw8j18v^5~40)g1!16D;z6Abl)-!QHMoZ?#OAu1=YZ=T2lw$hK~vL7Ly#JUE0
zsr|aHfF5)P#c@XB`7`1fENlOdl%v5b9f4yJ)LcD8V)&{AU(?R|hl~8W$=>+jiBzYm
z2wTurNaU2zRG6Ooy4Aj#GZ^73exQg)F&rj#vu>`<P7ael<EL!-*dPtgn>--4aTBZi
z;*?1UyUNCRiXuz}P<nttX=@XrJ0D3!k0#d#dKx=C5&v`OKx*1aNdD4r`YZgAOS%%c
z&ihTi3nPlN;p7b6U>EBej$lp@Udg?4`3zMH)jAJO!994f^UXp(L!n1h3YugD(JZlm
zHeJQYz)r!^tAjz`W16yGVZv2+z{hZd`6+<{+y@*Dn*rwOcUvnIBh0ix$!0l*a0l93
za>+&q#ADQFpz;d4Da4P8rj_NBBj^xBN!xclwrR!iEhx5fShzfEq3XCco=oidjHg~>
z{_@nk_$B>0!129JWS5rln$VMPHR1^vXL_4|=9Ts~MrHs?@7a-|=(XCdbtw9~n_J>3
zzG(n5j6p1%qXAh(cb!Ky*q`;xP8>;PqBD^E(sqx`mAP85ePo{3JP!2N(iHVLIlj+K
z{5s<p8CndZ0T)th;zQWa5Cd3JM&lUfLg?nSko=m^)tFUC$jnvCc#{pa=-Fc;1Qjr-
z!6zG|4N!D(v3sc*dzwNt@iE{G;c%NEybJ+rJqe$3UhLC{b^6e$=YvKcL`GTjM-5J3
z+!AKuSV^p+)N3GiQC8|c04F;^?_(_&Qn#2cD}h^w@GSGj&B6D#Mw#Axw~v|7vH92-
zZEi10<T#W*#qnE~B))j#E^|J2_VcUjX246WZs>V$5o`2Hel?sUhv9MF9#In#e1bh=
z8#m~Sa!AdVm4;*w<+uXgbehP{T6!m0kAUN8x_CyY@gh+ahF!Zw?DDUs323-VX`rc|
zqj6uy?8QXdm5gtl;gK$yhxJPm#v5!XsOVI&$vn2vFGm2ra`LkFho{Lj6IG=U&@}8;
z^tp0O+g=~8kME>wL=3-g*=D4X#Fg=2smbtTqoCJY@eCTq(2AW()|M)<_8z=YdbtvD
z=U54l-;;|>&dftxo^wJgBWcoUR*7`*8YAER1G+H!fHG9CW8}FVKn;l<*Ri(6sN=#-
zi4a*{0dl%KnJA6N?cBevie{$78;o~-i0ed=W0if3x+~(V_za()b3QR2F&O_iJ}Vv*
zAf^;>okvB^nXN0vrsspXX;KrvEaf4SpWvLw8t4R95akMH_dZJ3ut+?<7>-{Ar%;62
z&cj@vqN0BFr~m<!S2Eg3`ZS=?Gbu0^x-Vc4f>11!hnzHPrLjH5`vrNwi`ke3$y%cB
z;am={L2yoe1k9{2?9{krzR81(N8Q=+)|INIHixkC<Lsh(%Zf~5a=DH-w!swKzOq0k
z6+NRPvcd7-g^lQj$SP-f-#KuyU_;YJ*#Fs*%xhv^zMn0Q$s71m?$OE__8gy|HC%@5
z=o~LwI%btLb=&#fsgH~jxa5|Cdw4|=jl&H3bx#>2amoCs){TrgURCkMa*N(8A%e)X
z3_I3ojQr!nJf!^7Cy|@R`-P}%H9ypez^q^y$GhB>OW8{f8iwk5DSU7C4Ln!g_8iPD
zk&#!_#jYH}{V4z9dM3+eeYbxILrMXZtB9n}3>$?dXyKz!pit>jRpHLs(j2BG6X6(c
zw0)*tyTPOBOHCW;+}+AGE8v<r$_1THOMi;`W)Cn}D|Lhw(5UW*;l;Sn=h4T_S&-Lp
zGAeY(-kj2^KS9BP2t36+>@6YCJRM@`s|)Yv_tNff@TQRNV_YI3MQp0=0TJ&|CqMQ6
zairmaTxz0nrbg3u+q=fW@B3$oEBU)9D_)n_l=;;_mYmqCqeuh5J!mRLZ$33=W+mhD
zzdB-DY+wZb*;op9;=c<Z?0;arntSuE2X%Ttyta)HQXKL6r}v|%R9?_61<NclaG9Wp
zB!TVZz(RMMo>KNTorgmCb^k>tQrmvh)7+iirkzWc9PV+VT!O#ab{?KUWx;;QjIJ<l
zy>&S)7SN!ia*?@imppIVZ$(<Na>;now4uDqBOIMfBg%ziYGgWuA6wlbpqVRzf}atJ
zOdr9HF}UUma74@(e_;U7w<KNQR~uPPGt@|zK(;GNfgUD=(tan^COvX{xA{=;H*A-Q
z*8s6q;%S;97{rF=J7`71mUR7iUd9Q|q}dRc65RW%yQ;{wYy=!gi}ytB_K^Hqzw9!+
zpTM7mKFD-5?)xrY)nC}_7|Xte=lf>|GLi<!7>I8bGVk{q<A`shMWFu0BmDuc#{OlX
zDtzyMfmXq!9;c*N#%p9>_`5fHgctamflU6qbVk|)kN>=343(lxHaqU<c8PIN@bBKp
zoM84h14;d5AS7YvpI$o2zZ*z{fc~>FL_87Lxw~tOL`!1&WsK?p$Vt#T*I09TV)uyR
zm^2x{!>U{D!)~DSE&>R$#Cy*R$$POx)}Q-3q%SJ)<VKVn*m_Bv9FAeXS@4HBGt;gX
zD_6PK)fa)r=>Q!6PmQEL<U&+dnLiW!iCXNhLP?z+S%=h22iANP^zu^ws#HioYbg9z
zq4b;K+0Y{GK<CqcruzQF9=!j?9>TNHnSZI1mfi;L#n<8SU-Gg##Y?bsWVM$C*@^9!
eV<*Ud9=f#=(&Z?f!3bgx2~yhtUZ`nv^?v~gU<K#^

literal 0
HcmV?d00001

diff --git a/design/authenticators/authn_sut/sut_3rd_party.drawio b/design/authenticators/authn_sut/sut_3rd_party.drawio
new file mode 100644
index 0000000000..3dae77f9f0
--- /dev/null
+++ b/design/authenticators/authn_sut/sut_3rd_party.drawio
@@ -0,0 +1,92 @@
+<mxfile host="65bd71144e">
+    <diagram id="mrHBdlVszPShT8bBfDRI" name="Page-1">
+        <mxGraphModel dx="1007" dy="359" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
+            <root>
+                <mxCell id="0"/>
+                <mxCell id="1" parent="0"/>
+                <mxCell id="2" value="Client" style="shape=process;whiteSpace=wrap;html=1;backgroundOutline=1;" parent="1" vertex="1">
+                    <mxGeometry x="40" y="40" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="3" value="Conjur" style="shape=process;whiteSpace=wrap;html=1;backgroundOutline=1;" parent="1" vertex="1">
+                    <mxGeometry x="520" y="40" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="6" value="" style="endArrow=none;dashed=1;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" target="2" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="100" y="350" as="sourcePoint"/>
+                        <mxPoint x="640" y="210" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="7" value="" style="endArrow=none;dashed=1;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="580.08" y="350" as="sourcePoint"/>
+                        <mxPoint x="579.58" y="100" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="9" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="100" y="140" as="sourcePoint"/>
+                        <mxPoint x="580" y="140" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="10" value="Conjur credentials + code challenge&lt;br&gt;/authn-sut/login" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="9" vertex="1" connectable="0">
+                    <mxGeometry x="-0.1291" relative="1" as="geometry">
+                        <mxPoint x="-106" y="-17" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="11" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="580" y="190" as="sourcePoint"/>
+                        <mxPoint x="100" y="190" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="12" value="New single use token" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="11" vertex="1" connectable="0">
+                    <mxGeometry x="-0.1459" y="-4" relative="1" as="geometry">
+                        <mxPoint x="-179" y="-6" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="13" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="350" y="275" as="sourcePoint"/>
+                        <mxPoint x="580" y="275" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="14" value="Single use token + code verifier&lt;br&gt;/authn-sut/authenticate" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="13" vertex="1" connectable="0">
+                    <mxGeometry x="0.4604" y="1" relative="1" as="geometry">
+                        <mxPoint x="-55" y="-14" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="17" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="580" y="315" as="sourcePoint"/>
+                        <mxPoint x="350" y="315" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="18" value="Conjur access token" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="17" vertex="1" connectable="0">
+                    <mxGeometry x="0.1876" y="3" relative="1" as="geometry">
+                        <mxPoint x="22" y="-13" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="19" value="3rd Party" style="shape=process;whiteSpace=wrap;html=1;backgroundOutline=1;" parent="1" vertex="1">
+                    <mxGeometry x="290" y="40" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="20" value="" style="endArrow=none;dashed=1;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="350" y="350" as="sourcePoint"/>
+                        <mxPoint x="349.5" y="100" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="21" value="" style="endArrow=classic;html=1;" parent="1" edge="1">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="100" y="250" as="sourcePoint"/>
+                        <mxPoint x="350" y="250" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="22" value="Single use token + code verifier" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="21" vertex="1" connectable="0">
+                    <mxGeometry x="0.4604" y="1" relative="1" as="geometry">
+                        <mxPoint x="-55" y="-11" as="offset"/>
+                    </mxGeometry>
+                </mxCell>
+            </root>
+        </mxGraphModel>
+    </diagram>
+</mxfile>
\ No newline at end of file
diff --git a/design/authenticators/authn_sut/sut_3rd_party.png b/design/authenticators/authn_sut/sut_3rd_party.png
new file mode 100644
index 0000000000000000000000000000000000000000..f362ebc13e4f2a4a57f543781fc690c9f1bacbbe
GIT binary patch
literal 32790
zcmeFZbzGEPzb-yAfOIM$AfX^iH-exD(h@2R3?(VuH6SUegaZmFA|W9iLpOpTf~1s4
z4J{oaVVyO^6YsP4@4S2O=XcJ#&u9Om%*{RPUiWu><GQZ(T|CfGQy?XxCxSpAq)Lj{
zZ$Th11Ox)TL~sIJv8<e92me7`ZYjt>3c46SLm-S{u5voAcF4O{w&oCaA=$&9*oEZ4
z&t_J}7S6_Y?1KDOX6!=O*#!mdoE2rvY~e0m8n-PqFPX^Py?#pxTn2a88{3&5-lJh`
zVa_9fy?QW+9a6#B*wIqe!OYwi+-HV7yi0(eU+nOkW}b&vgha#-FIYGqKki@@L4NFo
z+g4sj;|uT~-R5RxX6|w{+TkTv2M1eME5|=yG<C4IH#c?t(~ZW?&JG@bzU{7q?a@mf
zJ=GDs$Dh80y>Q#q*!HhiwXMutEf4R#Byu!8?A?myRu-1WPX=#%I7>U@<C~8zxL6vS
zId~j?|KQSr;hY^Dz*prC)<o9a7Hhm?yBvN`{@?lSZ}WFHw?BIL|MwTb`eB#Q-PqRc
z=-p&(t+3xcxa{KUdHl*?qK?=*9Gx9Z&0T=~WIQabT+MGg8k=G-dw_)o*DPJ_Y{4f1
z@S};bsf~rRgPXmXx|^%5l|A+@?DfNu9gTmV;nAes&7ED%k6i?N*Rc<oJJ^}KI(vd?
z9{pDM$aqKIbNtcc_oWaJJi5j556d8Wbj|o^^(}rI7?|M5qTmNR<blcmZSxEL)m{$v
z)^5)K()JQLw#NSjgNgpdV1F@{xxLvnY)}FRv3J1wiHw=Ci={a>B(V<j2cH6t>FlWk
zuJiMXfZrT^L>%3A@ZmbvL->z>bshV@*iVO#{5O2g)!5m>{3uY4Lc!eZPqF`3C;Wq(
z9S8g$z3lj!v$?IYtCc&}?ZM-ZeEi>Xy`v{+I9OrB?%2nFOBqLNCUiXR@enQ!ZqBCW
zN8kG0f$fn0Fp%hRcpMERc$`F!2RgLDUj{me1cl=eIhf@CE;x>|`X7?XztUR&i!7|j
zC4OH1ONWN}udc0#m^iP<pU3*mZ~p$}J*v_F<no%@8oRhynf^I||J^|R7g?O&tar3B
z0>{B~Y|Vc*>cA@hX^H<b(BBtz$MO7!b&)-)N&KeH=4K!<S{d8AfYib+2r?nRDS%_x
z|16DdZO!dLvJ(`w1u0O*1Qan*3+zuI&W+t%E$w+++(1T>w{@_vvj1x&gFJb|*aRTE
zKc#46TPq8Dkn>EzW6hnx@33Xv3P7i8N58PMGBd-13K?f}7b`DglLLT(P126o1b9%I
zMP%4Tu7fLo^_F87{70yOeX9egcQhXO=7IhHn!S%81P?#2fS~wMR{k%hY90apqbhgg
zH9P`Gnef<a9PZwA0c8e@ss4yF{$try;20<Uj@ACUD8HA||CaIhm#`842h8@*#@}B8
z`5y=R8{_W?IQ$|0)XY6Vgt=JRTLAAC<acwy{_E;sWBxA^M!&hz-x5c{$L#Ic{e=(x
z^1mEbVn^YAJnm7H{k>83S498+TvYvr9ghqtC?<0Fj>ne#XQS#L!}Bi#{f$v|<V1gn
zs@wl&JpH+<fofxQ*9sJ#|6NhT7C3BWG&Obw!3jc`{|{sri$?yB*EWG;Py8<jB|opQ
zDF2cDj+Xpys&pbpj&mH50!L3dcBH?j(EZ1F#Qzh8PDtQC8Iu1P+kYA8Zw$#Jrtyc6
z{0(Rtn;xh_|5{b<*pL2(fD*VQ_GgTD6s-Tn8i!3h*xd75JRJ@D_r}vPYW^KK3OSpB
zr)n5GyL$d5`TZ*?eS*iZ?Z`mKbnFir%>Qpv-?3=+2Y3IAt^O}cSN|f6`7inBKdVy-
z2?H(TPtoujhChymzb};?>v8|&+WxmJF~6DbD0T$@(<^iQ#eZ+0zj0lT^5GxW<v)h{
z{uO}SZ_f2M)SdrhK<*y|>i-Oo1LDT-8&}}NpSJ&w1?1z6#pBPvZ8|DMag{(IED)vZ
z*EEraD=+Y#GPVqcT)mG=zDlL<yb-QYoI*%1tm8;v54~^WSXFshf7I_j{=CU+-c_>K
zu-98x9g6F2eC;~_sZL5r>h^?Zk`Jur1N$8}w+5H4?3@j@$hiDoYP!PS%L_jvwV<uP
z)NT6LiI7P{LlpN62Zxa6);xidUSAf<T?UcUk#F&yac;@2XtU)1^fruPu3w3-Pf{Tu
z-zx9YyE2q2i{HIPA9-p2(bb>3`&-@RPELY`N%JD~Mau)3N%2;z;me(yv9qVzB=|@X
zZtho4qZe%(ANG#+le@^mS5ELQHIJgSY6LoTToyg8+S;>R$>Pml#E0ZDzA3y*8Iot6
zGsf?h;ro;UZ7uc{!8{j|Hxh|xO}O2yA`6$#aH-^8suebyW$_gW=Qq>3y%LhmwS6#P
zarZvInAw2+d%?j(FGG5?Am@u_bHscGD;NGoE+U9EH^Ex$hC%k>fIfqvRjj%0rg6n{
z{abyg*qfgjc{{N46%V`9d6on*pjl(QsQlw#z~z!F?@1A53?&gFuadw#Bb4VI5rf#N
zU;A!NW89XLIYN3{d+~6<<ZWa7ww$r2=6T}VV4mih5}_UFE--bnDeV#hS-8l6{nP4O
zR}TjKmUm#0R&LYIZ0tPK`o#6)+`!bGDH;;w=+HUY?#=zN`v(IKTlgGU<nC!3H7PL9
z)3IF`bRKr<fx83TO(-qZGKS28Lld`N`5zPikBR?&FYc%g&7(Xgzp&MPb!fSyyWky1
zvLyb+a03uq!_&8W20_r$o<{rr`r)C<{~8xBw)#hBJ2ocE?tJ5nM|m02K+#YA*6P0%
zoPTCU)hXD)J%ykQ1flOnj3}(%&)MHuE1XZdSK#UGG2!F!!nIEccKv*!qs)(;hF=4r
z%)VKjViS`7IyB#A<L|f*XlYwLRu%0{f2@{}5vE@#U^dHX!5s{ypiPfP8ohAo60Zh>
z2{)4nS$2vH_3tkgPGoL8b#A{XVmr*wQ$B2B>RoR$RN%E-{5HW)?2~PY)lz=NU;sW-
z*1Pl1^Hj~ZQgyrc4g&OfXypaw8&Z5Wgowrgr?+Qb$&yQzA{wgZlk~Lpor2*y#=$od
zet!9&Zfsw_)pa?+rl3kN_GW%Kx~ro)C=a}uG6^rr4Lm30n%Dm4S7rN)xi;NWJ0xOI
z)b@x?p;hZ?i~gm;hJx8RJ>CyGlNX=6k63MQyk*9>E-X8Zww8jqA^a9YJu_IBfYApj
z6&O=}cE+?nsEWNPA9L4}T5rTz9LOEIgvZ2S=C(F2C5eM%5nQ|XWg(TAuT}%+1PPr*
z)jND^sriF6X2&%3(wl#~Hjmv*;LfuOu~EmsU75h?si&q<z2@--nHA$+T;2#}8^7-x
zp-f&2sSqn<>qA?_yt#qQ;7x@y8DQ<N_VDq?4(C^lb4u!eTdBAsWERONF6ck3DmHfN
ziu>n`_{IL)>eLMrCgD87$aSM@3zCT*qfQDhfbIA9=95J%dsyr$#@sQf-Ks?kFT)q>
zzpZ`%*1PlJTO&&A_TEz2W<U9svMfCLice{uG8Z086I{<ugr|OY3iEt(vxBejg~zx!
zGQ**2Hf|CzV){txORoYm-lNTE1*U9TLu6_mhfRLjAd!n$F{#)n|91|)6Sd=##OwEY
z>b~?zO#0*W=j(|{{rbLzF)v<5cPzGZ74{2%xbZ=9extx=qlI>VsNpAd`{^s*NF*=G
z841l75^gzdKTrpGz0FY*-P6B?hNHHpA6*S`O$_I&*8#qxT5=xwl1zLCH7PK6#`BY1
zMev>i?t?v_L4*b2qfO8G7qpDjL8sU1b_{vS`fowIcAH8Ub8;7}mkNmeF8|z}mOV{p
zXf;0YeoTe8itYOgK}G76T5G*QPeeSbY@?MSwC7Ayyim%;4YLg+wWeTfco3*0I<=nG
zwM-3e>O}we`YF`m1G0H8+0XZd=iIaEpZiO0y>hfx{aH7?W}+4PYdqE<R+5bz36?Ld
zAFa@B1GnPztAi))8yi}+O)+r0t&=_tz34*e`1xar#nYPGHw5IK#y1YcsPJa*%{}Ks
zrm0>1@nwB)kR=>n^bYz0bC#~f3pdxzcO0Rf^^Gv%pv}ECo5DJ{B)OsQp1IWiLK;Se
zW-Hld9(dK9_(ZYkTmH3%Uq8R~oQFJ$#~spaM`J5$EPeFD*ymn`gGA`39O2yPuyOA#
z)y~UnwdQ!QU-xFH#ILtJ;FG;1TMu4uJ!5XYnVj4O-(k3km@m)3V@%{b+nOQc`ShLT
zqGmE^PZ9Xu?Q}>TxEG^B!T+}ADW8Jf26A4?`oMQ-CcFaJm@2JU!X3IRg$bFBH1-HN
z5-IB6!4OK7Qy{qz1gTa=cVE_jy0fylnUg1d5O7?df5qw9pLUjj&@~3*^P^g5FVvse
z(!lqv|GwEl0XHjv8RTDsTdC2wO;S!nrMCNT;}=b-(A?2n_j+vKNSkeu<au5iz6rZX
zN;_3`_vcpry}Io|Vm?YkvYKVIN=pd;L7gsU&DMOKJ#U`R67DG%wqDYGh4|v7+2xc#
zvc5p_D_I;#$g|&1TTV&+`1x%O{}rBJvsJ(b!q@LL9<A`aStK#qG0GdH6%m!vZVA36
zDm2pZ3h*c|;K^_4Y!nlEn1uDa9=C{n6dOmHM%W-LU8W(3j3-@zPw~ZbX}~IYwN{RD
zUPJ*`;AwmL3vz0FZo>B)53=NG&3kjE9?8T|lG9Y1x%`rvLBzU&+%mp|kPW;CdoOfi
z@a1<OC92g+aiC(6xx2O<iQMheF5Zvl^t>~+gbtF8R)XrD*5iW}4kOs$tp$ry_I1SO
zQ7R<mP3?5Y`@E7a`djw=b0n0netn<6%8I-D8lPEMA=%Mh64;VeGMTNuB8a=5V5M$n
zyfcYAiI7_+Hx^qk2oW<1%jKW!f5{F6F%ryg>^P(33h*Bky;}@(sNXyP<aKlHED^pe
zJm21YNDqn!zyKF1;=LSGDH6r+%pG-Qe*xtY{eBFOR-YdkuWjf#3o&Y>p76cwu{t`J
zn0H-8h73Z*l<oUtKbTK1PtBIttT)7M$Ur;vjQi8o%IT=}$l92=gM=`XrJ25bm=NZZ
z{j77cGl^L5ZKmsX<?f8%<3pzJZOW2Sf9+G@3zp<@PJ9<U)1gEqXHAM;H{`esMOC|u
zSiL%p=5$_)Ow)*2M?$txW-Pm{$`|~D`Yn=uL`iJL+s?jw;hkHvTFvF%+%nzr@I*aN
z#R&wcZWaV06pznqYS_4_!SfYTc$d_F@D~c3Z4|Wz$`L@2XF~(8f9#8W{eI()-w%->
zLQlmKSadBJQ;(ghx4L}zz+3N6bJreOcuh72uxh?839^vS<_MRJ=@VCv;&`{7PFXY=
zl31Xez?vJgNRxB;hQZdhRrj^yJuVn~$an;e5;CKugBcZ_nLHb)blIRkW3>$l4Y})6
zB8bsX@6>)^_T9yxMEzxPrB$5K%kOeF>%xg+C}gd6ABCPzi3JNg$`Kwqe}ci5qW+9&
z9{>Gn&#?GF?xtvn9{QJBMl-HmbPsBPCieR?8lv>WqRvuS+)8ge%T(Sg&k#HiWcxT~
z*+~J(JRN?DuxR)pR{<S-H@cx^lv`xZs$(Gd-2{|2W>P7$MX{?6RNS(5&fK6{9z%Mz
z3XVbNuG?2vjK0ya<j34?%So>e=Dd7R5jPB_b|(X6cdrQ0B%nUMCz4tH)G7Lj`;w%i
z$z&r-ZRLBxjwiv~&a8Y5-#6zx_%ModtQT?gyW@FljiqVspxdHb_2689Ml1>H>+DbB
zdOPlwL?iUv1LQBrkZ}`pq|#Vgg;VOze6q{$L}@KiW_9e}KJd(}u=t1TlkbJP8EFzC
zI{lvmjKn*0tIVw{j_XmZ3NmB&R!fDMFG1jwl0Nb7kj!N7O(o<-%@L4A&+z7bX`3<h
zUGzk#v?+Uamy^ENtEY&)$04Y`uG}fqEjjJYQ4&iftyO*c;zh~#y}E@n4&o!&lqd^d
zt?)i`%Capd@EWJ#NidOID5B-@XFt85o#zg#%M-ynb`RL&vXCVQp-j!3P|Kw##TO1i
zcs`I$Vi(szK7ook$d9Dkj>LN#;!HXJyam{z>csx1xq_0m$Q+PCt5}x`^#Ul)KBy0(
z|0wa29@sjhJvi&!cC9U2+u84mYUeLX&Rn4#1N`V7`r#Ec&xl1^P6?Dt-UZAC%eX25
z{<;Tf;34T@AVdpV!%Gh7RA&gcUQ0-xZMB@Q)*<!sxbZ)n?tf_W|Ip_Dj>-fS?VL3s
zcS;Z1`jMs(hB0Px*h%|bHSg&|S~hR)6RDj!DA-o4`d*g(%rm9@{kk?5g9g)hg$~oi
z=`VX>l5cX;1SPwdEQ`*1@2qlKjSP=B6iazOyDu4Lvh3j_<vXg&g)#_ePMF)pd<<WY
zg*Ot-<UvqnsPr*s-in@<76OKlJei3Y`$THX3Rp;<yUGGAPkNPT`D}JLn-Ld%I3;@5
zeaWG+cXVpiGKdI8)$@8wvMJglJ{*i9B5S)PDBs4psk%^(fN~k(<@r+=!AM{Fv*unq
z(Kl8E15eYzUVoS&9f6Xom$%K0dgwM(B?3=D6EU8(^6uVhf4JP2FRhH{9wTgeFqrey
zz4m9AM|uGgw;^qd7pxp#lzr+fgGFK|{WSdrL)BxRZ+F`sT9uAzb5VrC@Kq9qQPgjZ
zYU16}8lz(3P`I{orUEi?+O+a6_iECjIU#1Mbe}jg72l4G6)@xZ=RGrh9xosRuW@+S
z%V=U&0&~l1L^AqXl^o19Am_p)zWs@3Dy&O@-1IQ}eNTO6aiV8w0?X^22&`<^rX=@Y
zD4dS14<tdv!iQ(|uy6Mh&LZDty|XC80$B8TUn_${9$?>UfJg+>-0^l=shIG^QifX-
zcf`hAAM@7lnv4M^on6@Z?LMzT^#YcIQK?W!IMnz6Mp?aDy;M3Kb@}1XM8BVVSQ@X(
zW0ai{*Z28VazTMXO?h1mk*}algUa(#Kt2`#B^*L`@P5jSV{&YSF7{_Xb|3e&P!;MF
zR%XdprM393!G;o1?7Lo^Z_<ub*%jo{;K3`87gjm2HJEc#vfoe7FST1;xmb+Hk?f6@
za9yB)1jf(eGkd3GXC`nCsD9fXy0Zk3`ANQgT|M|PL?T|_S;^<ukDdLw=MG;0tF-}e
zoRQ1y1>o+BgZX;-HH?ehBWqt}2A|wk%QkTT$SytT(C{OZ@ch%1mtNO#5w{g3vR;~0
zI|AGFU4WSJ@K}Wk(++&I0Lq^H`oyoFI}2Ej1JQaLm3Qh_N0-!&etuCCQ33#dB94>N
zW6m8suWy$C%UG8Uz&`*zfL8L%)nDIT);HH{I(Tbts9*h2YTxj~9ZR|wKfHPrB|b;T
zgKj&!zvlNV7u+s}tW*Ph1;YF2%6=A^<hpcz-Pe)M?OWYfzAdLkpHr~j>J%fN#BY4!
z%LEw#_aBQUuft1wWQaf4tkr+8uUW|i5`p4ajR(11x*ZT3icXL-<pK3WUg$l)?5;x!
zy6noA#Q~LW$*qX}uPeDyUx#JICcI0!E=`lv0Roj;_egS6vFC0ZidEOOS1y<%T$H!u
zz2G(G+B>;<=!bwP@cr0I{>6Qn^DVQVcTYrpsc_#+l;mbx&(24SWT}O6fX#48J%)|(
z>(-ly7l#V(^juVFP+79c=aoc!iLN*KLf(DXhJNy$H6bD>spGS66CnoyoyGTY&-pVe
zr61HJrozrO?K%}=G2h}?O~v|!B%nDhj#icMR?SeQo@PP=nF1bog7oYu#^%JU8huYf
z@<_<V?wH_lzG`%jaoobu>(wD4AB_wAxH=H5z~nizfCcT+n&LP{tM%XPU$_k-Fc}19
zwSWp>JQ!??0)WXxff%K)YZ@uy`t_p)K6z^}tzi~G_bOZOg&q~u?=Mm~d;Q#-FT;c|
zEP|k+;WLBG0%%LX(%Nx)8jyt-qS8cso|D8nHDJ)UyOKkuLBfQy25tjdUceb~dZ0QG
z==KM=OiE$HPcMjoVSnQXEQ1|^<~><z26QVYN$TEW+M_E(EGHcMLI$+&NHsD{;<?_W
zu~TIU7uCQ|(75Ubi<yn^o#we-5hwo~DhZj-Ev)YY0m`_KZ;5eB_igvx9?+JRQaIzL
znd1v|tkF)ba`+H%$XAHF&*W(J9Rms)e(q0>c>@NjH;}?;Hs;t&YVP)GWkLQ^FA}^y
zNe^E7)vv>*5*u$$%0AucktHACDy*fF8Ai@m&QrBXd|z)q{g!S{64gROb|p<XLHpTd
zU3?-4qNGKX&lEX1=eu?Ws8easuy1P(ei7&mM-+e5&LT>djF3;8WR2LdaRQoxd$xSs
z%Lc3Xuv*pgpte7#U;T{5*J)~!bhUXKA;wq?ZHd$K#QO@g7_iIB{VgiAYt&4XEK%`%
zOz~LGgq-sysAYS6Lr@9AvAmG>Xb>y?DRI0gwPjv^$%c_JVhP9tB<GrJC>b^8x}-C5
z!_o$Z=*QRSV{(N>Wt|fk@dCLp<QH&z(`JixS4@5raU7jt-W}gPcIk5`*kJUH%;RUA
zlVg7R0Q#;AG^<<N_riI~>1+%dsaIgm>*sG>#oTJG6(McEMl*d=&13QjYRWh?`qqWc
zOVbfhlZ`Cc1hPjylAgL02VE(~2i|qErMU+sY6yZUX{+igrG5%1MevkbnD6A>N+J8|
z&zZeIXY}3bxO@@j*mx3`A94zEO8!Em#u>g*+|1n{{!kp5`{H~J&ZuC8u<M&|9tZC%
zP6mF2EjUceJ)94x<(0p3O8)7EJxQiVpEIBHN)r`D51)T-OC@6w^cAV}3uHmo<Yi1K
zGYy15nB8ZRe)APjbUM*KkP98xXf%TCN_*w$1x$kMYd2a2Si%K2hB2woE}f50A?Jpm
z4`;ZIk>&)ZR8bjqgwpF`BgFkFS5Mg9Vm2OP8@d=ku{lA2$owoe%LXqf$bOY1!R@O^
zH4)H`Ri`36ZRno_a<8U3SG)MJ8EcF{%_s*~deamjIcAA;TOgqeLI#0cR{-)wUey?K
zdQiudw0n=lWjy|%GNUh0Oyg9H<q|7IF^VU|3mXeba`?ZNqcu2Hs~zNw^qf*X`zU1n
zl(+`+Hu7{7F?ziVa;K5HO0@CqFblC!<K<v&qQXv4gqS7O`n8D6r73b*36nQAS0)<#
zEI$FwhIy62`I$f0=F4?6jE~oJq}Y80B1Ju`j98d7#eJ?J{C0d!s_v6RP=UwlSE>x}
zt&~BegO-z!QxAZVB(RcQPgFWzf9OzVMkJ3uK?<edw}xNe8c?sUXDyF;OpvB3*Xl=5
zb6p~w?L9FPlR43-ZjwKMw_6s(y*Z=%0mL8XGxw{@vvGmk&fO5Vl!W?|yseL0V7RO2
z_9ZYuCr_}jCsuv3uW8|*ugd0lU`KsBj@G}h7^bCZq^DH!_8{cSYePrss!=?Q>-Cd_
zQ^ATlMC83?Lx#E3+WG?0a#VLsnRzz-AVqO{BDPpz7Y{+t%Xakvn|Vy9XYomQW$+qg
z5(|E`H!yY3g~||b_FB4kUm@@2p<F4X1nH{C2GKFs4-j4C$ol3Dpfj?jhtNj-Y7Km&
zlF<D)QEk)5#%I{~+e)A|NzZi2I~uZnC10u(Xk)aZ`ZxdEn-N)|6DQ|jJ^ojl;%9Ab
zQNeG+DOjqUgFX>_qEtTjmXMErq=&rL7-Br)8(;path(*NISVok-fgq8%-6TorM9o?
zT`JN^O<a}6FuJ^_q}mbi4|jrToVM9qg!pZiRC2sqF{Om=u$gvDEPMmC{B(07J~}h@
zi}u-<okThTXF=`GSEP7F5Sa~UFhNejanTo^X!L-B#rX4uUHQk>;l{@l)Z-b??j~48
zP#9DNuwP4vcR{PujFXe_TjgRdHm99fkL*P5eaP%Xzcb$lB4_i%(l|W=3ioLb>GsM9
z$8(TA^cXU0JqLOVY`2<TD0J02?}+y_CWVZp>}^{GY*hJMKvKlXA6)qrbw7BuwQcN}
z<4^Du+T^YVkw7{3<&jT{@t$lL8jsQjp%9h<a_Hb@-<Zt!FY(U@@8ac2Q=S?Q$vdgk
z2p6U~XI6I4%{b}p;^a+)L)~`MR~WL^7S0k0L+0oRC_hC}rv(vgTq?gyd2P@PU@2vn
ziQN)-$_bE}U0Q*g1m(F;=y}S}jN{87gIvHD!(q#K^1Jj7)Tzp%ZzCDe=(Yu$19V))
zWz^QrVwHr7P4xoRRFI3}0S8yfmHHkmQbxUkVX>(;Ej@a(7S8}KLLG*S);S|BGfg?r
zKj;Q9Ha{G%Jf>f~-1GD~vsrX?&tt0_c#2=tWAgJ=ov6bI(0AiX9h?-JcuHWs7mG5|
zW7(m4y-!)Wnl;1{IKqVpm6Gm$dm!98ZlvF_C=D+wZb#F%UeRE@{U(l-&j0PAn!EXY
zSgP|U{fJxx+lI!kr<dIZ+Gq&PR(P!7N`5OI#sDU#5D?L!AMz7vS<0ruY2m32rup~J
z-5Hh$;33nspWrVjFJ8LzJPB<sBf=W)Q$D=)AfK-Yp9#rgo1i@9QDw04c7XinPpl}o
z^uhLdZ=7@Z*JoiY;muM$?#8|L(iI$9O%acddjam^?W-hkfR|0<$Q={&Jm-nNG#4^`
zuS<MBu_zcfl*H7ww0$plx!HC8g@<VJv$nm^+=6QB;qNg*TbFWzf7D%C4e8|jDDQ9T
zFueT4;M0a^u>e<1{?@&(IL$WweZx*kq&J{qQ7ls=SG!c+$hHWG($#z{IVUkLBs$C}
zY^kw}*+Qo17{^P~*qKbLeSKiE<2};aE4KW$<!<t_Y|G$j+tk;X{^gMFXgOP*_SMD2
zV#Nt@s!-Xd9M2=pKo=*@2ITECU)TX8C?G_m5fy7p2V|UK;}<xQ;w7jTy#XAeq<BFg
zqzp7ExC@g=<_IB%j~~LvhBm%Cx{{@|6m0vG)I7%#L%!XmB_Eo69f-5wsQC5!R(IiJ
zH3=({0Z>b49a|^0@AyzpT415Y<q8)%K?XZ#SCZD7a*VM!U!0c7S;PR)z(+EG9i1)D
zNXA~-VG75Yp1bZU^OIIGFH0F%rk|dHL<%vB-#<@Ci?+Jphf}-2e0d?+=j%rdWJR7|
z7Je?`<u}0Wr0XtFoHO%uGyX94pyGryMp7oq0_uKgG1vgJam$H@=^HXOkXzD#r#W~=
z=_XT^u0I6|#|+~J3nAEo^37afx4?JKqnN+wyvizWjLi1hSv}K!qFq;J5YP+?nI}q>
zsIOB_IIzbh5b-o}e`T_SIYri}ADA$fsPoEX5px9eEII6E7@m7zyDLx`*?Y<R**P!z
z*TBG1>`qkG+O(ogs!LadAHwv6gNf4;0K)?eP*fGsWE`|ZfH?rUpDG;I=`mVUd2;S#
z4ulAU8uwWghC<Djhl4918y6iDgj{^RC8rqEZ6tk~RnED|9&E8e)FJd1yRlyAO9i1Q
z0~Mf0pP?{)wS|kmbTwLt__683OF;<~tm67#cmlYo76`AE2jw~A8-19UF9I(8B4fuo
zNWg_TPde~IQB}GK+i#($TuGr$87g#=2?xGz2{k~b6U1WPHSLbNbW73thxf3AN^+p^
zPC-R79;{8@=O%l`E8^Tl@XiS({B9>`b^Sah0G6}v4K)f9I@vb$YY$qqE<ssvgC#t$
z!iqdq?kBqiG0V(a;)>!A<ok8^n}s0y*)Du#zo$4=BrmBeilyVJfT7b(Yiz)gZmDc!
zE+=jfkiwXdZg5>IcCeA@3U!U)KkJD=-czLDNPgH5ZHi|W-Qfnv=@QuW){N&hNT_hM
z1UkME^b!v%ardo4!#Wwm0kA>Kw0J(R?O_9xlvfbLebkv;f&gx#LcI$6v&qXXw0CUD
zR-iY7aG>&=uOTA)t&0lMWR7oC+!s<q7s2i}iNfg(KEsl}MDCa`C;8|a<rP0*njUs{
zNOD2YnNgrLC&8+@xip}7qK}3Bu=G_OUbFT>e#5Nn)cqd?SAKl?0Fj{MZzj6d<daw3
z%%ExgJ!#-x-bhC?gsC0&g$k!}T{ybU&>E=MD!UU=XD*lPir6uUJEu!{tTJ|OrPT#-
zZ<s`nlD8Fa<Gfod)?vdm>4bdvQ3?{?BuIFIBpPWl@DmpoSE*!@`D)i?bbf?cM2_+_
zWfX(-8W-(;HD6lwlo8J47W)s4$0Ni#RuQP#fndB^%G?3ATDM<&-F`CTr;Qt(@40K`
z@|0z9P_@xtu%a*I&1*R`Cvi^O=t(+ROo;H0CryKysu-C<UfcEO=>V27=renC6ZO}?
zqzAoY+zWT2Du2LJx=tC%t@Ya441aNX$>!^yugbO^d!T!Gp-B+EqvNZV=|n{nC*Bf4
z^svjFliN6?nq+3(Qi5kugtPrA#)|=+bD6FzYvr1f9}l7gl$D+=qIILft_QP`IVs=F
z@z7k2qvvd&4j0D!JZF`qO?#JiKwB3pbsUs1C$9C_bTe@zcGDz(fojT>gtpb^Tg}d~
z+QXR!VSq5-j(P0nd>i(CCpNoaH=~sRv0`YT^WE5uIA6LS$V*mUg}f2_Opfz5Y0~Iw
zl$nR5c824CdY?>jX9pc?$Ah)9XWj(^M4Bp4mfZ04)=L95x;a%$Ts^*c!yHTZX&hsp
zR7Ydq-SRz(x>KVj4bDQ3=N?xY#%9!kE$srQ_|2$I89B!vx+fdxY|vE0!0boTAgGqp
z8t>hn18&fwVI-^cE6mQYb>SUn>&hJb01qE3Sot76QbUJc9I8Ut7q`YLSYScRsz2!$
zQfEcME-NQoEZ4d*5ItC?6Y!qMw&xV@myf~E*z+C{*Hsr?X?>Sp3PVss&~d2J+k-Ig
z7vPCiTt)Tio!E-36OqI%3m2}axJ;i7yR4|IOjTr#Ev<Ce(kehk?GUU@3)eT%2G7j_
zGMkER?o;cWO0EjnG~7r^DICiMznDdSgRgTO%=ggnJ!*I)h?P@4@du*R;V)7W0iXb>
z(2G|mpcQU(S*gU!&DfM2eNWqiDDM-P@?ujpL$xcZ`_w&&y6;w88V&%_bSRJ1kJGPy
z)eSfSPbo~d!zQjj%@~J`hmUX=4g5xf1U$2aF7#nVQ!X(VZ!uR9OhgOPmLLU8Bce4L
zs~6zJ)uYfCgI!c9#B@FNcfw;Y0+TMi4V8so#``jR>^Wf47hWA2I*AybQcTTK<xU1-
zVfmW-+M-&3TS8MXa3T-c_=4AJ-s-R7uiD`)ssaajo^H34kFhVLwlu;Uw3k>U8h+Sn
z^2O{l`ejw!Sg#`Wu<or#nX^;T%9Hkb0ZkW;+Bip1nwi(YSf>pPa;PtWx}lW71?DVA
zIk8d%%fC<*m!5$Y3cb*hIDas)h7)*Q>iA*m-+e`Z^RO&NcvOF5d<@eQ1@%X_<<tjA
zO`%(MBYjNV1G@nS;5u)1suPp#OQ|hOU_aRNIe#;se_lY$Ah*0r&Ick{xSOjx53q%%
zI<U)jsk<sXC7&pd*NXfIqJrvs<THAT31VQn(NSeJ23N65hINUcy!|Tnv0J|xIK`ft
z-)vx|rwa3%eWjzR!zj_U)kSR{>7VZ6jTAP{9cG(`INsMpGZ~H6F>yc?texSu7YEiE
zEq3b2lV&2aJ^x@VBY@{HY#?nT3b)owgkMSIhxI<z@<54reX$&|1xpX;oneGacGfwQ
zHqOPiN&^9|#&XVYO0e>m#dLQ_+$ySjP+H&jEZaEy>FhYI0*2uN)YiD8bX@BV;1#$I
zaddUfUH~^E`%+#>6i|%H=f3WI{-6Mudp*!JmL6_fJ(Bv`1H_Cx9CAs1w=*g{WlunR
zhO67kh{$%Cr~W$7Y8HT`@j=&yQk>Ia$iTy(=Sxm*fwgul(6-;rhvy$C)Y%}u$wEW|
zxD&iUE0GnpF(Lm1dUp+wmQ0g6Bv6w?06VmfL)=v|z(=_O?I{~nF`(E^-&f(Q(*!*z
z6_D(~WzfJh0E8<0wsu*^c;mz5Xo`hN17nL#xahCr_Z$p7XJfs9o+vW=<aQJk0XWx_
zucI#Nb)Z*D*QHa$Z87`RB9Nx~%pR*|0u@qaKG8+Z{{dDMWA^zHE&9>yBq@XFjg0K;
zSZTKF>Mw7s{(%)Gu`1ca3DwIhrK!A<GE(=x_JazW2Y~TyY+n|QjuCVWNH7u$DS<Ku
z$o$L%YtA#Eqlq&(4|LgF2NbOqD{0#S3)2f*qJZYx<1I7}@JBV6nA_Yli;#)lAuVkK
zEt|Yzc}v+2_aA`c(@P?Y3aaMlJNcVQFb%-AV{@BeQF!tzrykOaSZihxtB(r2WjxuQ
zY?b*8XpEPGnIYT(d6!o!Wo1K12+dy-)2H-;#wZ#|XJVdGl-eZ>uFsF{A<T}Y>S+Z=
zC*0&mPQ29HPSr}cD|>Q@!zE<wwIhh~xE~bBYi<d)(#jf~uiql`0|HzbP<btZ!bVP^
zwfHUpG@8I}KxnYtSda{$>KVLBbbbgV1j78<&33QJ0Q@hYpDfgmFxtTH$9Ct*AE1M7
z@N78uOKfu*RtbZYVU<gNLX1qUc_Sfz2@v0{0iPJeB5lxM1qU8ta3S0esJAXWRWmVA
zO{zAmPFn5ynW|Qq(CiG@>tCEm{-FL-P*OSmj<2V`bOgU;gYS<okNm!;+14!JOybl^
z0f}=2$b{QpKRMW}R?U+Q{Q{Gc*co*Zab3_b@Yx<X5U1;XzMaV02XecJQKSE4-PuF}
zGw2h@$)bukR4PF~jV%c$HxRX65U%kzxbR-Wg#;kDn<lEr`P{VSCiLJtt|1UaAY1;e
zh&jzy)B^Q%i!^8mUhUOJQX?nO4He?Z+JiR?p{C<MK~TFp75<ud8~6<Y0Zz5(uu&j{
zO3LdC-MRQBpe_yp`HGf>^pVEecpXj_yEuZ-40AdGC^K>w$TV>F*ME-QTdPZ51=dn)
z4kc&CK^r15!Rvcx+=p4cPju5_-U3nFF%gCL=7|lhU7}fx(tQik%b+_-c1+Lq^#e{n
zgjFR)7EXb`3`yY#Xdfv64S1qoC?mUo2oKS2`0-V*htz@IpO9`9w7R@@k=u1iu*&Q;
z4#iMt^@P>)frdDNu8c*=jJ_e0Hs!)+g+;JfxDmS&zRGd7sj8+>r$Naf$)tBd4`n{s
zJ~3o)sCC-)DCra>ZcrzoILkd$cW(!x3B<!&{v1sYA;X}*@7GmNII;?h{U@Eyy5a|w
zelcUOQKI0i1!7y-h;{A*euk^Vpr`E>Q2#AS+L~^E*`0nADtbQTE#ZPnUIs^a(K#bo
zof7>T0(Mv&$Q7<Gr)PXIkzDu)>9c+~iA8Bq63XY~BP>I>Yh6lzM2d|QXasAMu`Kmx
z-*)jV4epu5_LhS1t~ibMA7qc$7i_K4?8i61szm&@{9$%hAjTaLa2{-9trmBxG|(+h
z{#18HQ?)gnlT{>sM7?*j_WMTG<XBUO93AP?vt}Ms4>+trG9%wZAcOrGCWADLvVm&m
z^ZK#uu)}@A^91|~S(JRLR+UBUW>B6+Qe&}^BG4*=O8|PdVlJs8ql(ynMJm_;V|*y6
zSsfY0U3?w>1+Wyn-P9LPpvz!kx$vQ9YdwON0CUKouxGoDAVNr+Zo2d-aRl=-k6$Wn
z+>$epW~s7&QapK|IOMwsgu)-M3vylN`9fq|NS?$~Vf&W{GA#rEA0mE&X=@pkwy7<!
zf#bT~gnImjhOCi>l^a5WldwKYQGL$oc@O4gI4^xuh@M@Umf{UQ5gD^OuWh1a{IiO-
z9E_D<0|)mJtsClbtTc_reT4{S>D36KE&{i1(NDIlzc`^x{tm&^aDu8E$Xp2HNI-?{
z!;6`g_ApF4NC{W`Nm2+FqJPODv5U7xnS(pJ>k#wv-EA(BeG&-lej}x!*#1s4`PCq{
zpTLg<AUZ%y0(FUrWeKRhWZUG7m-xA<QoJ{-v4S3jZlY<F_<deFT}+EhrK7$_@h^L9
zeF#$zpkvMD)ut_<9mIXo#sEwA58`fZZ^5d%NYsc)&?!Rlm`hQV^37>l_IL8Zt{Hs7
zdn<Ad^wpx}a2z3|LlvciBXTiUe9VK5#Z9Tt4ubwdNEln;)&z2X#3b()E-xq)o5jAP
zxx}Ad-W|A7a`Sd2e~#7-t=mJ?hyYt6l=P?OT;h@k+UnYoJR4_*+TCMXT_5yUddQ7$
zy!g&8sm(TlqZq_Ws7GZV@s0!$Om7#KJmYbUsUc`b=P#UCu<{VVxmgzC%8`c8^Xf{E
zH5GoA58N_qdx?KeA*vtjvE+b#Me(5T?Vc}320!foc*2^iVQK*izhk8UoaF)vS^QI%
zis?ZM0U{%p_++I?Hr;v)xylXoaI^1Ys$4x`M7Ass%rlRHI;5>BoO+-(f)ZUhrrV@7
zRkg2s>r+hhL#Geb)W1WUYt&)X=mO*0PD&?ZBZ!Tgbha-ntbD!;P%2iwz`59H@+6BU
z{S5&%+j#V_8X1jo(^WRr5!aK`?-J?*>@7W7h~8vD6c#CXB?Vi%YP#VmDMYT1--M)-
z(bBm3Z(75xroKJlF(O`=vCa6fmGgcUU_cEwJb!Mo);D@~hv*%Gcq_cJZx}(Nl}Zh;
zV|zaD4I`TdnxuSAl7L*W9l>G&@S`~K;#8hA8IkKOQtt@ZMXoH%7=`<w)gH`|IV$8!
zPhTu5NN+JERuLZOuT~(<1bg4ghdZ`K-v-Buf8STn0zf7#ZA$d;C9&AXtq|a6Ee{LY
z!5;>5WI6$hoIMp6_2~v~Z7eD;kK{>P<H1p-ITenI`Fdjp{N*LYO9evqMc|9S(xjP{
zZ~)dnR0tp_x0mVE;k}8ArDx^U<5+VgcH(S`VP&^KpEB310f5>D0kiBcxCyaPJ1DO>
zpEu&}<k(HFo<^d)b5_{^+lj0rt8F4vA*g}N2XduI>&l|x@4z`24n|tQI8FbCuLHca
zz()G!Vv|>$-k3dCk0{<?%$II3Qkg2fUprC%jR14@e5OxWKS<m)ED@i3m@ln$3W5f-
z&t1#fg&nv;sT`Cg+$A91rX!SLRwyJ-{<P9gGmzh|2Z*q*{0_R~qFpnOx*KY%`4c{U
zIuof0zKAd3GImHFjno9i4rC;_fW25n(_t3_n5d;CSU^&#+SNpC+B)cN(BQ%|3E~Ds
zeqe0QD_`2}lo8%ZPv$E%MG{^$G+aG2csd&@NoD}S9K2fj4Sc^=qW(g_=b2&#vnF^e
zXW=QBQ<JAcT-bTW9HkgkLP-z;k>%g4@uoEV(=LCt9(l|W#Z(gyPuT?^d0u42So{0n
zTz?bb$hpKW)t+Gc<3bipnr1#-uIyoUiYewU0=z9dyA$%>;WK$04uL6lwgC@;`kYhw
zrr==a2XsE{Cdf!&DAU>xWAjf>>1g#40e$<SmH*gKwWiU7OvhAh+QHfNvbtVFgJJjl
z?@C-6kHAE}De2}jF|3K|1)R__a#EsIIV%R5MS35bw>_Nu>aK83%ZOSDUlCSr3m$t)
z7Rs_jrGzX6Gywakv_nz`L07kyKfKsi>|U{?5YWPwPkXSmi}P`=DhDwAV8+#2z)dP-
z=R<yHwQ|^g3*aVaC!+12Q(HE`xRe&>27*^;``C2?7^!tiFX}H01dBh^ee)9d$(x%_
z&-0{x!JP3`bj2Ia8pMF5ThTP4RMJ-d$4RHer@xNz|BdHVD^oG$TXG*f%+lV$L--b`
zyi8d0xaN(m?BASZjuDLj0s;YI+eM{1<Io?l$!3fbnE6wxOY`sVahB_lCq}O+R&)}T
z-hs*lO97$ahfFmt7b*>Aa6oOJre(=-w?9~uW2CNlM>O*a$Q6N%Jx4^FCeF2v&A9{^
zQ3?@~cQl`B6^WdSds4RuNA0*YE`jO!sWhcgM}ov^Xh7GwvJxc^1ca8aq{pe$h*gOJ
zyRQ|LXEJJUAN-pa_w;}YOz(vp6aSq)!inAxAV@2!9ltE}&OG~=C*5+2&Y^Z=@iU^g
z?6cyFEVzJ{?Ycn`b(=x}-t(s5o1GnAUXF7@?{77;*K-^k60n|Wi%tNo`dfYNvzm$l
zU=K&uQ6-e@45y~-Qj0I3MG0Pu*|!JuLQ!t|A6R>{_dk<^W!4bDqd~cbW8YOk7LG%*
z9R?2GtN}t%{cW{o8<b$nckJ=~pz0QYCIba*PYsqBjRE$Oeb1{Ail24+l^T}#+`9Ap
zEgtCS&IjN{Vg<A==hN%})NPX*Ow+eB;g_rstHoss&Ls>2NRvP2{waUTZMFC<Qvx_d
z(1I)g{kC4SvD&UHWkc5S2JXF}A!s;re~APQf8u(d?N~?!X)+gl0Qv}Oz%iE?^otAb
zgE2k;G)rSYTGAz<63XZt26pf&AO@f$R?+D5|M2Nl@oc~Nsvq=w>pv#k7}RsXGh$?r
z_5s?qF2K;F2-DN4V19Q_s$EKL1>GN=;DpBhYR%ex+Q^At)690C(3xbcHUl6r4w%JM
z-{R_V$D4~UMI080Z#*|Sl9wkMek~}Se|8=47(>eq&<{cX^WJm2@?OvsoA%tH9$}H_
z6f$_n&j;HU^E!M3!2P9}$LfRNOh)dI;XNLt$d$dBlc1T&%L~vgH*lr{uUi3z0DV6X
zqQD|LjsZ-bdoA!pB;_J(W>DWnRqESvNh;}(zDuNk`s+aaP_Ok&%GS{%nz{&B5ux9-
z%VB5C$Svy*?vfjpeiQXRvdq}t9PFtL=&AM5jX)s9b1!}ZywwfZ!e(zao=@*5II4hc
z=+JErA^iZ(Ih<_2G!?da5%$Cb6HFW88!zNa&u=8XPLdD$M^f#+WawX3dY)$BzmDC|
zeE7*Ikn}#s5<pjdN%vMyj|7IiO7hA9WH@JzbFFqu?ck&oU@%Q<yT3a48YGc>?U5Y-
zz0fc20lpv%$hb9VPZ$EOmkSy}bV0Yn01y*$PO3`^L=eyNuSO6jaD&rS5<q+o^gy}u
z7d+V+Hhq+T?sMUZ;lr|)q6*?_gza|mRblVl_1<va>MZO*mHhG%>&5Z9nnA;Rc2L70
zV$e#WKL+@eu2BG<Fz6Y=b*uz{xoLucb{ohaTzN$@$j><H-ZX1BVF*3@sthdoY>Fl{
zql^Me?N`E&d~!G0$DLh#7x}^e5w>~Ce+;`XWH?6{hCL&NF(+e#-0I%|>@$=?*91H*
z(d+B-#r6|Of1XBI7_NOm^&%(e5U_=!F9iDH-1MhmK@@oVDm1JCkI>*<fmUaNP269n
zXAVv(Xg>2d?I4E)ckomsmV@|8p|-o$;k<&&`E7gY6@bK78p*d|=F&8#_gA?JDqn(!
zHbBy74P0-!xXozvUip$<_@o3JJ__;ch$K!n{~n;=N-t=pNI(ngK?)N#V~>|~Vw$k$
zociU)8u_cIW?!o6-)o`P<{x~)HlTf@eE7p)KEPWnFi?2&Li7y?-bjKjChS?C`?RL@
zdvhmI{`gs^(CcA&;0P5|cb6pf+-3m*j~Y0ahvb$SSG#D2>8$?Jr&88Tb~)&x6KGVy
zDm{cnaXL0Aye}H$5a^RHt7Dg?aetBG!fw(TCSf_Qo^7$5%d-rOObS`01h%VXVuKfB
z4tlYCV5698i=gAepDwR#GeCf4rl`4+^wbDUbLzE{?e01TEB`ciH~ie@!#2oa)JuK9
z*&*^@s&q64Jyw8$5d885T1NF|J6A_}iRs%YsD`@4=X6IYil7~01A+&F@^s?@EMRZ^
zD&zD<3Ftiu>0#<o?vr4u1vI31xe{`F#=8!jc}k67<FLuiFDIHlK_JwH<f~Fxci!-n
zju3_UA_pu_N)wO_A}Sp{m2&r%n+V2@R!yWX^4~d7T9&N(1xw3%;j~d=Kz6tqKp}aN
z5b|DPDUY=l*E?2*2E$s*QhR+Pr54!i^@k_YG~-k<b{QzVFez}>X2e#g>9gNyCJq+X
z;yA$eA!nq|NIL@8z*VP9<(&*eQ9Blc?}^3t=Id4T#Jy2w4e#Ob!#VK>CfsxfX_Dl-
z|5@XFk7j{)BgKVJfTPNaOVfnI;&e<N%z16x-?%)Yo)y8*b%Osqm)J?g7Fm(r>nHK(
zUdvwpsaxef#nZeL^p+SW0g~7C;xfL0ifjxBQ73|Tar7g-cWYJr*)XF&b|xB@D~p^r
zKp#Ud_;6LNttssiplWzXyz-Nufc_@q_t??tjLhJ>7<k*d_c|6%YRU(AvX8Mp7|jDH
zKpmb2I(Y=D!NEz^w;@4yo9uyBR*3CYp?Jx_V1|i)eKK$dca5BH1N2JXBWcqG(x2?`
zgH6Sh)-<`NB!$W*4=h6YPpzMjM%|Vph}neTNSX(6Lm@`1SQ)?$M|!;g>JJ3XemYbz
zEy-FtP!^eLrGxgcT~1AQ$a;cgAj0_5`d@z<U1U_XnQf|%iWN4}$H?r<{G|55{kiVk
z`_p;F%!X7N^%duCkUNyY6>oIC2$)Vail)jsBjkj?kQ-Z-tNN8avyV>D(Gem<P<X&B
zc=)B6b?AqnfQ>AyM7T|a=unc-qGI|T2I(EaAnVG3U~H?ErD0f*zv9!@T$wifLZ#0%
zWYW+*k;ZP&7|Bq3Gbn1E*GUQ^;9Rpy>u?*8WbCn0AZ>C%Nc=%7SRTY8L!S3ks<Nat
zoBnh!E2dt%(C{oS{^<I>T7KjM0&S@Mcd-W(Y`XFEm}^rV7n6^B0jP=sh$U5Kp5G*s
zt{Bv{33fc4RBc8aishNeqP8^{U3;whLc|-FrU*K_rfF?@-Wwy*yfk~t$hYmM$Hiq_
zf;f9)_&F&w3tmX~apvZoZ6p|5x2B}W)5K~?6!qy1!=PM=g(&c4KX-!YV7Cb=eSrjc
zwIhm{bvh0u_msjwH-tEVyU`kZY)B!pnB^Liy546RCbzkFFtlUI{&JJ0q4}!inG5`n
z*r+@Y*~6L9@XrZPZRM52$P0V)T{;KmVE){V#C(I`=q^3v!iIMlcaS5U(y%F4@;;#e
zW`k3tF;f4m%<YVjSES^$DYv>HgejEB)O<EG9J(3uvX)jYU%hs^PZp5NDUYbVACwKM
z?ZZa<+)H^yn#z<2Xr=me^jb4`W+`Fjvv*@W;9jaPuEF)Hm%0yV7iR%ri&IqE_4mIr
z<px&Ff%Z!RR(Yxlhe}Kc1*`<{2B>V@8r}h2_BzU~Pkk4D)!)~k*;BwC;8cWg<be$g
zx8--b@_qD%1`GFwiB2g)zs|E_5qB_s+;@f#jt|!MRA#91r7_e-&pzWVXWq=rkRE&%
z6UXDtH!96V@d!3kTr{({)=6=0;oiYM7_L}(&G0%=M9iDdBeDs;%EsY7*M749VTS~t
ztxU?Ql5WLbn+u!q^$dm!E;rKZ1?+1Y@qI0deIpc+eDXQi3-m)z*idQ<l!^JFuY|Ve
z7i7Zlx{{Z<t(MMqbtp%v1755oWl#<<@4)Rz8>M%iipX+gQgOyl!WemY;c2_Vi=e5|
z@B7W=7jd@spT1Ike`n3rI9I=XbvP9#>cb*^ZWSW-MJo{r!m7HLKRJ>Ty>519g#X+^
zluke;HOu!q`(I5<iW#0qtzAeI1R5V*XX?zd(Az=gMCC>+Qm~=XMR#u`!w&g5>8=&n
zN!YSI*HrZ~ar<L})21x?l>w6*JeNe2{w}lRSEjsDb_FAWBu0nU%+6)?wj{r0t05X8
zvog7iMW6HVwujbkvfK6?LuPn6IgRl#nRYqF{f|X7Zxx;`Faf2s%~F)~?gzt&z<zRY
zD%UZOx~JuQBjePI!I<Vz@xg2wxEC(mX1nC0owI~2&&boVE^8T@ZxHm`Ng!o1f6bd#
z6sooSo>Zdp$pkMXPaKQv>-<cExH;-8%rp0e;3>mI%NIXCjY;J0;$$QIc~412S)$>h
zSguCh0)U;CWb#)5w34YAo=yHW7X*ufPf2^IDNWYiP`l9>{+fpC-A(1fy05zH)<y4l
zUy(X~r(__Am%&P%R9#Io5?zfmS$TaLv@CCnH4`oUoq|rHz&Ywkjc(9j$=vi5q?j7f
zQO9OSl2ZUs+S0%GEAe#7c6x}rvIhD)7I5CGIu%_?@t==kmIQkBO=gbkj{K4q8F5_6
zB|;xZk;6sC#%YEJ2y)G$eOkY-Pe@wjQ>YrFaj-?0X}TqY&&44%(UX}5{`{|Gjg}e0
zIKs~rUV3r=YYOWtO~-b5lf<Ogp81Jq12%p!&IZR9j#fH~a&8x41Ya2!Weeb!yDT>K
zq{=p*E@XV$QmH{U-Bp=F2);-{JAQ5Cb>*#bu$@pImEJ(F!7cmVIOY$V*D0x|6ydZn
z>q(7Teb-pRSI+#rLQukDz<kAf*D@+&Dp5J=&hK!MF+j_!>w<+pj0`j!U)yECyu9MG
zZ;4el`FtinkKbE6Go5%dN^Pp`{2@e~k!*jX%QP1yM!Gv0#?cs+mV<o8!P3e)Rr@{w
zSNfsECFWQF3KMBZN-Vk^g-<r(*g|Qf*&JQKpBV_AF8AkdPnnQDm4c@TtT@r@(Df}{
ze+0)>RY)}^WM?NOYANw%3Tg`u4mo^-q?h9Hbd;UUS_b{-mmH{fQw>u{+DvZryeL74
zqnPOGz=`(+1{pHy6<PItWpS{JW4l{1TDgvBWkz0q#VQ*TbdnWfDVY#tEKV*8+L4@u
z<$nW!9iPwq__i~j?on@hs?$GDf&GVEK{Q}pU{5}JbaeHuELS7uvA<?j{5z_ceHtg~
zlMmLU--9E>7rLIl34hJHAPr+mxdnvsrq`dPiIZ7ff#Cj%LU(3?y(wyD#W4{+^=?Wr
z7YO#kj8jogN$2OaU^bxlCMDDhLXeW~u{I7pyX(M05!ST6>3Hd~g~NF`JumK}KNp$w
z+jW2gF|`_9L@j~+X$p@Z0y;LcIHuAB^Ij&Ucv;+17EelUh@-=k{eCRnkpR8-O%_)7
zoFz4#kx~*)_7{FR%X7Tadt$@!)*YI~_$3N@4cX8W%qY=H(0us>F4$WNHN7F+^@FVx
zzci*a3jdJ{9H3@?xl5a1mx$b)O&kHF@PS{6LhVxb<HNggOiC%&n{(x#Lu8DK8Zk{D
z*-0-<)#lAS2I^BzdJ^v^tdiA}0GlSI<DXP#!Br<Z0da&#VAv;fPoW9OF?dQ{rQYDL
z7~Fq#F@U?4J!nLkm6&3>aqXacm=u}lA2i5990rx}m+<!w?A{0h{4a_C0i{*p>-=i!
zhp4b0YrXWQ77XRnr)C7XyqJ|HZ1N`TE;#TQ%n=eebn&Dmr}h;if+s5=kULQ=*ESNB
zqv;I!eHFeD#!}vGfwY><-i2i&v(AIgU&uLRSlb=0A+=g_<O_&4i6yKE+pFWsL#m`E
zx$%aTP0!j=;rRwHG$zOe(B)s~>8AFUxX>yb4IoTEI&0AYD{OQ(d2WkVTHy0nO$K@U
z=9SanAF`Uuc0i-yIi=(EIYYq%>>SSwqk3)(M+(U%AA>ol8Pa4uY4Qh#-4`5Hcmzd&
zCVgju%Qu+_`;nytk1<+G+#AajA!oni{Q=A|7UDr5E<hoXw`73a_aKGnTW2?<6%)2i
z8dQPP-+{DY{1aI>(_|`1!S+}Q8wc?^3`HPBMZ>Lq#SI)Bj=2)arLTCWt>NXPMrK3a
zkvj!1Z1bT6eZGwmJ-kMN1^x_7qP_|>?|RQ_=lAzO95bWX;#WaK7WZXde?2|ca7Te6
z&|J<C%6P>nfuEnL4E&{zew0=?;aG?Skb6Qd*A$UXFF(==03u)QMSY!0tsBQ!ZvPm|
z5w2fPB27A-;{Tm~avs}Xy{FD*Hf=EF)nq#3zQH%12>=(^c-H`Z+S(90NND#Y0@|e<
zseeHx7TK>@*_tNX<O7<)t`m?|Vs?<m>r~MvaVs|_*nA&b8dwL7DK?(qwY<7__X$o9
z_#+j%tok9Zct18_!0sOz6Zd8fB*c04q{O+6ME-N~&)0WjLx>-XqTZ<2Q;iophj>Kw
zFs3S(vPBT##@cY8O2IxA0l$n`t!|J!bO2~GmxA~{^SMv>>_lRERTl3uLI%M><y%3_
z;BQ@Yqo-xsD%s5_$K_~$n!m5o2BqsSC=Tzd8K#~cn8g$EF4XiOuf*1->6cSy)xpA*
zsx|v2oH9l#E|#)<jCex9Y?xX#XZ?-vT&*LNuT}@!j|oooZw;XD1vM)+G3o8~tA`Oj
z($0q3&rne&aEeIUAuA!V&L<Qhk&VQ5?5qrpEZ+xc7_|57E}GgVLzn%pz}MLabuWJ=
zc2xP)Tis7Ebe>iJi=wIB>G<*|q4TKN=St&<&my24BiN<bKNsqFvVk*jW+`B=gd!S<
zzYI4qy_`?Vc683vieQ`52n1p(eVR$df+(JL60s4TVnjQNz_3j`*mQZ+AjZx4fW&gn
zD>bhUC3hkGdm8r4KAZnZcqt;_79I$e5=E1bHkdhc_O%qSWfkL9ZF>L=bBRi6(cJme
zbn!4S9Vd}G)?fB*)@{aauYllj;Uzdics5GewCo*9D{lh`^`O<{e|2`|@ldvX8=oON
zSu&__Q)DkiSyCo$GL}M2wnWx!p+cyPEy^;+k`N<H$|#gwnI>EA6jCW<kZwYTB$T|r
zYjoH9JkR_7^ZYq|^yzY5*IeiCJdW>iWb>75@4_~RcS<StcOC}jV`HV!!Us9uUBU07
zUgysB1#^#1HQAI=i7nimw3wLetLcqL*A(^l5@VHR*l7%1X0TK?CEHrQRM@p*NVuQ9
z9N<qEet2a1+zBc&eW<jR{M*j=(=mZQYJ{<Fj_ULBgZ8ESR_L|j_&^fJ!M$kng*_%N
zxQ$c2jw(v3uAMRy=WxFEes(I46dexN?=7Y!-m;vHr6_Vudr`27U@7!T3nk<8DVD^R
zH^Dw-#2nw(uMVB=<@x3r@XV=7`pSd)KKb;hyb7IVqMU2R>^Ph!|9B=44&kM?zS)Om
z%iG-ipB}2B(1~9n|J`OFY$xqe98oMbJ|I%c`$jC)<t)Rq;)yH=?zE?B?v`hpT}Lgb
z?4z2Jdmc3(d0bpHC3$#b#QHGrfM}kEE3D2w5l=o%PN}8)sCO6^Lj}+qu^Q1Zjev08
zY>z-?UaJ21PA$(Y{(F11^H?4F4qR6g)Ow%Usrz~SG3XQ`3pFFh7bZ@yTI@O1qDjx%
z8bFG=H=(wo{JLgqvd%8gw$`Hgb4c{9p`l=h)L+HrQ)17z&yDkvD@}C1c~orOFZrlv
zS8c}N%A5A|=VY$U^_9}T@9<9TSr$Ta4gk-;i~2OTCVJ6lI*mT}Mm~<wa*P>#hA#Lt
z*uX(`<_J!TK%-EsNnN;SXqhRt1QZVlYJ7Vyv2K{EYx!aC!(Z`CdosGfrEf52=-!e7
zsx`lN%Kh1p2|}sx<ZEMDGV|95DgGVovmDQimt{(J6m?E{Hi0V4!Dt6;c!O#Sdcfy9
zS7U(RmV;yEr}sKG0II7mWUl;LBT4SYUGcYko)roT!+PpPKD3A_i`Eb2-*r8<u++_S
zNR38#1yvsIKzY6CPgn>@5cJRh-6^LL9?SILqmwrpL3BU6Q`N5!P7jGUv9db0IZYhR
zj1l*Pr^#HW1P^x6&$B%2IKaf2Y0e-M(WgMM;ia+ei~fw_ZFCf;CJgh9I(b}(P)UeN
z)#6Esx{Ow$$9hBL<3%O0#ksd=nAW(A{WkkFKu54OX#vzup4@$nfjMJw0hIM^ujm$v
zuQha>a3#qSBdIwQAZ*8x&{x|m(e-fNtZ?AdPDCJbnvLYy&e=9XA2aT7x*D?nk^7|!
z37^>sLw`={%$(83=XzB)QJ5Y~|HYx&bxP*0Y$AT#q9T5nBeGIFGhC7&G&Fv%NZj*Q
zKEz*B4X}WKc|OUUK%#ZlVv<}eQB2ixIgAz_QqRbejb8}yXy427c2Q#bO;EqDe(jy!
z)Rwx7Id!jvD(61xLnDe52fu`~F)f$sbRwjr>xRRS=HW_lSG0Xd4W}SWbqFihQb3oQ
zr1BZ^>U^DWrHuo2Fl13E8@Avm!*lio=_{WzIpNYAKkQ>K8UsV)Q25<{UI;cuJ$$70
zPQ|n_KHCsI#wNjC-$B@aY#W4}EZWbpXlnLuY}W=+kkv}ic(mMAN|~ViBQGz5$x~ws
zdn4{dt=E>1Rw6VYfDiw^d2^tuXQdsuqES{@kugLOumf1=^rXHw@e2sU(c-G}bPCYZ
z@mKvIWpg!I|L%svBKhXkm!ytgVJMuliEshnNAIDC<9)~&dcolA8>`$wck&@8GNxez
z`h!;V{v`S$^S9F9dOXGI2jj2C7<r>}v6M*O=xjj8uzp}rX&BQAtmXgOT=@)yZUNHP
zCeF>8{$wOkh_a`O?g*f{zGoNwNaOsR!r*fqo`$S#HZW#00t@v(^5|y@vPS*@&N$ZJ
zd1B_t16pd#)!V)87Bn?AKnP;O<%Jr)%};EgMap!fhUg;Fc8Y-r7tz3muMhpIZ$v72
zzrXwfsOI^A{>!QJl|Q=o=XKcUuigRe2BkNTS(Lv2)^3PlItXS)C@7fv`$e^EkzuC`
zL*9}QSB>48tFmnRW7CpN0$NE3SAUb2^lnL1YE(^3%i+G#snVUU(mEAy|LB<KX%DsT
z8In8m_uvvshA1;rfIju72KZei)JW1E1$a3&N|)xiQz(za)F%p4*=IzQzH0|f$<IYT
zgdQc7dQt3Ej#0Jg-5qkeT!-zzPRhFS4Jyv`vl&~`H<hypR1fIfw>*!EM(re@b}-Z=
zJ_qWq*Cjm7fdYJwPPByypXXTcxS0f$TX8>GEpk(3fA2f|vb4AO?(SHM1xajC+Dx~o
zeD`&kfjq}!ns>6FU#wwzy@YvgE7r=MnvSFDBo_G52Qm^WTpa6l<@T(kefHT+nkrk6
z1(i^kb@C9v(&jn{8oN2w(Ay$Wnn$aNlvZmp>+@)%98UW{PrKoZFo%_RWPb!WBnIG+
zkM;yMnF{<vkMqHg%W7E8mQwS~oF5mm%G^kq(g2!cGRU-lz#mxHdsaWlm=Y7Pe9mNp
zMTQuxR!0f1bZkY{uOG8{5G7vPKT}!NGX7+jD~8^BdIJT^1{kv6)#!svF#3zI=e3_;
zHmNve9{-~0C0wBQW#(4hs&T!vh6RIn+K<adcq3X?eF$P<lU~NiG~S~L)EXzaWrZ~}
z{ln@3`5y_t{6pd)^um)Z$~N3bCyYJI4{xsA<bxfQ`0XW%AzmU7r3qor%K+7~bb1HF
zfR#s~wXx|{Z?-^7r`yP9#3Y9TfJ17nEjENmMb+fOFqxF>pJ?<M()>eYH&t^rQ0x6v
zf{8N(TX|JxxcjF+8bRTgnLUL>xqfr9r%m4O`pwCjDx93@```vTkZw((z1J^aytfR-
zmU;<oje%cAzkKByI4!c2bf%wz{f5abMJNiz;)TCH2vM*Gn9Li<XM{z75$DF|_85CY
zmQt5(Pt-5}*eMW~XACqNc$n(?(@Ay&PZ%sDNzF}bfCbf+wEybAw-u<~Ec88L-y%F=
z)6oB=fLcgeNd7PVWr7ws$`)lOyqbJ~?6tBY;E>NuwjM}r?PP~qOi3NfJ(Ez=U+lT5
z^2z9*rtAN@;H&>!FpBsk@u$`Kdy0Iz?PLQOkp|kYJ_W7FcUkn1|LX;=`nLrx`9Bs|
z^-7@!f}{73cNd)d@P?aAg~C?R(Y+cL7xZvjVMYY&Ta*6F9gm=_8jTE%LpsN15@xj5
zV5Al(+|1b(ddy2YLfS+Z-nakil~bRRf)XHW;_brciWtgBuzs<fU-vs1_CzD30t=is
z&==mozM<YGe%cd)Qn>TJ7CUNTeBS-SRP7`*&-qrxBZ>A;U@)qHjd!g<P|MX!YJ$jI
zne=m!i+apS`hf!DW9i)_1e-hy?v^JqdJ);2`2N`M0LR&jA3q_LVOg*p?w+J1Zb(FM
z-l~DXzaR%6v`NVosgOV#@GQME90asn-CmXD?ofAq`FXr<n#oNB$d^N~HSq`RK4$^4
z)wnnZ&~GpN<zlc0t>Ln-1^p}!c+?+riJPbi!1Fw43f`cRg@SF&5+NSYEU3NoK6UqK
zf*P`=y#xsD7J|yAg+bbE9I3j1P#RLv=M6haHz;^Fz+E*)aM{y?h%1kr(#<~@E0q-@
zWsESbUPHJ_^RMkGTUmK6pM%MBli6lS%&_xPkU0Hxr=4>QM(<kKr#cV$s69D=27pm}
zi?$oihZj7DzyQC4bQ<122}I*-SpQ-$QH?`JjM1}D8BqgOk7UI0K6>nIx;t3im7#Qy
z<v##U?F+!Co%=O6y|9T<m=f-SRB#NIri`6$Qy~J_LHIla+|XOdA<}{M{dTxz7ydTf
z<KiL?uiJ#FZNb3>N1Te0*HdYx-R3da;FBDK2hXxPq^bSb15#&fQy!RCOrso_=$KWG
zxWyT0mXN1H*59)eaMrhAF43BBjw`kv*NdQV%>aSCQ8y6hg32$o`_Z~TFBgJ(X12jh
zJq3QthbRTA6$0J%nj&=fLpBi`EEEh@AJQ5VMyex18IL%Sg2Rc}&3>HZIY{So)6wpD
zhX4blX#{;6x+CtQf{vg6k`5+*syj*tPzb%fgk4T?1D|2ps%<Yr!rvOiH2!JyQ_iA{
z7g5@PLVHPs&<R;kAg8B$>k@Gi4*!F^w$Ke&3;mN-0vFb4LXBk`>M|H2x&mVGh3gLe
zzV^m$MF)?Botbe6*4)MBo;H62UeTeGgAHHD{RZnN=u!NV`aJZwF6Wzvu1EeIa}k{c
z(W{TpNPv`yijv-Qsho)5tuqO6f6HQv704~jSOBi$BSKU<mhfz^#Uf@m-qsBx0qrJ8
zf#~Blf~XT`a-Z}iaUt>;lrVF4wKQP|ppSI(ejZ^K50oT>H3XeR-R#T$iqSC*)hPLr
zw8+uq=ih#uGNHx5gJD}5YQEjE+M>XatuM!)#)Z)CA0dy*M~p+hVp(n(wvlao?IZW1
z@k>vk1fv*u39Z&(KcIneO~%VtYPVL1aSRYKPdcal3`-%MBfdQjPaq}Dz%>+brOToo
z=P?$LC^xfw5(s0uGp&D}uqk-D($R4>9GP$7!OxbyvMw|tAEsfK<KeRg_vEhl%lIGl
zf<euU^ZM{37Q2W&9V|%<q1jcjyvIhnnt(pmj}wp&|2i1VY8tT5@m4cxquyCCD*`z8
zj@WK#Hp&#{-&p67mME9-98CoMi?cvwY@W<_{@ViI*vK`SnxWVnJo}>l8GQ)sBAa2e
z1&bdUD{x$PZtpooYLyva&nsLDO)i>Ee=@jB<s}6nd3f&vkf0gel&l8$o>u|w&vpv4
zWc}S_z0mL-I5k>Av&R93<?yjkK#lck{e6fAVhLqZjO~KPtXZ6Ovct4MVmc*I<~28Y
zt4I969Re$d7p(XCcPev584zGa>7n=>5#@K?VSzdae&}Lhm?Nyb^tyv_sp2Ygw-Fqi
z7{;zD6x4hrrY4>!ts2ixbs-(h@H9+%IdWx(<nln4B<_$1{Z;AF9S>lc(D+-T4;Vhf
z-LxaI9M6egbc1CY3HE8h{>WfppjHcm1CV<WD&ojo`++DTtw(2{;l{mtubpxUDa>7W
zSlE$_bc3J{PT=`aqVYqxS^<7h=W0-^mD8dwUCt?4R~eB9O*~0EQHV>(Fc!>RH^(`F
zHh}3eJYp{`^gcA4yyBF+_xkw7ebI{%yL3){Uq2(}OFeD4QB2D*<UzzAc(We-Th`3s
zH?**rOP52RY?yp;^SRjc4L?-;cQp~Vv=;?ucsR&YAYXTZpP;{8Y?&pIs=N$m#ltSx
zS5P*%Q7<bctnx-qLM%o8(%|)KpdnyN>onpbRBW7p23iR{&mzM+g89|phhNH}RBTid
z;)<93=9-cheURtyA$vZobTC))hWrC_kC46}DbD9Fg^!qaI|xIyUGif1t?oZ`j#Cel
zY@QFzs&=>aU=rb_dEV$9M{~)|9CRRbHJmHaO_WSCXqadNS93R>t1(93eumh(<iM1e
z5>Kzz%i$q>_Ch0u$KJlBd2{$)+|5?0;}Ecy>6f6Nr}ev;+>DS`iiWV9>Y(qD;5<m6
z4f0*v?89cMKrJ@C3!x!nzJKWALdB{>x;db<{4I?85Y6E`0lB95uRHEEdp>)SfG~%~
zt3C`2o}3E<)(<6xH)u72QpS^=t4q$hQ7-^6^DD)8qSzJ#AAi(CcrthIV~me9c1efe
zPHv+u!=B{A)a*t)mxF9>>0J}l(?}%OwvR1jRZ;=qRvP5U40e`(LJt1*hCR!qZHnEI
zm%^5wdhj5qXc5fTIjPns(~mtwo+~mpx2f&OlV$y$LbJ0MthXI6<?akX80F?-Y(g$&
z9Iw$FbflrFTS?Unxa_6Y0io)UPkf{^q4UPJC?)e_$iJ!*zhj>TBGom2mG|=v-gSbl
zIAgwA#;LSdsPFCF3F*9$>Ma=^$7)!tt?9wI4JIQ)@{oaSQEf=YODO^Y7z|Ue7Hf5%
z++<pbRe%RmK%3GNA&XUd>55>y2@owbwG;JW<IbmAkrooB6YlHD&luVeDwL?-zKSV`
z3robn>EZGTr$OBB`Mnx2Ca=;a@3oT<f>dv^S_4Nn&$|cJP_U^i*O38px^1)@PA_EC
z%+RRJiXDe<XHh)!z49S&vQ|LJ+=k7_XVv`Y$f?QweM|h(lO~HyX{F1~L2_kSD{h9s
zYRQDNq;=b%t&+Jv+XcVnIhS_DMQqhhdX*cfM`FnT5peSyz^Ia6!pku74_U-HA0!_Y
z6}d<rpp6UDSHc=$2jT`471KhkPeo=S<Z3BcUnC5NzxbNT;WOb~^^&z2f6sX5lphkS
z*mjCrH1ur#DJ~^*Ww;aTQ`B$Ubl!IGUQ;6nR^F4!pfe)VwCC@ChI|Y9LEH<I<y)F&
zw|z{Y671#cA_QPO&!)M!WP+n+AT=2y@~W0Sys?xKUL#q%k(V*)<}cms;7_UO`y3%>
zodejLRVrA_xEVk8Spa7tkANmWkC042x16O4L167yjy3!`ZFP~?j#GVPje8AlY+1sY
zwM^#qp)3VkfviC#GRK#%(YCc!gHPfx<MI>sxcBaF5S2EGWymDUx`)5zq@|nviT2x+
zhua6?LO&{@T+hpKCI7r?YGV#Gb>^UN{b>S69HHCwrb_1GY}-g@h_Koo*a0D>u0puY
zN8kkZFW-{2B{#Q+<8Rf=p{n29F5m67XeVE&T7x~Fj3aP?w+s-0J&jw~1pTh*=I$|5
zky1B|ml^XVf~mjeK*7kzv20M6=s)21^Qst$g>_l@Rgs(47@v6Q(#Vl|Pq@8aH((<M
zT6c|Ev2cnmtmCt7*+?|L-wdan{M&!sXKAr;3dcnOa;wQYl3@dPJ7hI?J6AGZSfoHs
z=`!K0+;3L*ErRcs{kQ{*!hCjs`!-*LynVW|-wam5-8$p>FON#D0x&{w>kusY=a)9*
z&dT=q0cB=p(t@sp<1t#U|BuH6en|S)f-{N=+5Y3IEvcUyZAOP**`S4;9CKy=zYAup
ZHceBPWj}GjcLasP865iaj-FHG{{V2ExdQ+I

literal 0
HcmV?d00001