From d1393544a66f31a7b2fae374335e9d49096b736e Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Tue, 22 Feb 2022 17:15:19 +0300
Subject: [PATCH 001/101] fix: flex-linux-setup start casa after install

---
 flex-linux-setup/flex_linux_setup/flex_setup.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index e0dd50348..439eebbf4 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -270,6 +270,7 @@ def main():
 
     if argsp.casa_integration:
         installer_obj.install_casa()
+        config_api_installer.start('casa')
 
     sys.exit()
     print("Restarting Janssen Config Api")

From 4c1fa73140e55cd00e91f98ad7d484b41ffa6820 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Tue, 22 Feb 2022 20:53:51 +0300
Subject: [PATCH 002/101] fix: flex-linux-setup casa installation fixes

---
 .../flex_linux_setup/flex_setup.py            | 64 +++++++++++++++++--
 .../templates/casa_config.ldif                |  2 +-
 .../casa_person_authentication_script.ldif    | 15 +++++
 3 files changed, 76 insertions(+), 5 deletions(-)
 create mode 100644 flex-linux-setup/flex_linux_setup/templates/casa_person_authentication_script.ldif

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 439eebbf4..72dc13f02 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -5,6 +5,7 @@
 import zipfile
 import argparse
 import time
+import glob
 from urllib.parse import urljoin
 
 if not os.path.join('/etc/jans/conf/jans.properties'):
@@ -17,7 +18,6 @@
 
 __STATIC_SETUP_DIR__ = '/opt/jans/jans-setup/'
 
-
 try:
     import jans_setup
     sys.path.append(jans_setup.__path__[0])
@@ -53,6 +53,8 @@
 from setup_app.installers.httpd import HttpdInstaller
 from setup_app.installers.config_api import ConfigApiInstaller
 from setup_app.installers.jetty import JettyInstaller
+from setup_app.installers.jans_auth import JansAuthInstaller
+
 
 Config.outputFolder = os.path.join(__STATIC_SETUP_DIR__, 'output')
 if not os.path.join(Config.outputFolder):
@@ -82,11 +84,13 @@
   "JANS_BUILD": "-SNAPSHOT", 
   "NODE_VERSION": "v14.18.2",
   "CASA_VERSION": "5.0.0-SNAPSHOT",
+  "TWILIO_VERSION": "7.17.0",
 }
 
 node_installer = NodeInstaller()
 httpd_installer = HttpdInstaller()
 config_api_installer = ConfigApiInstaller()
+jansAuthInstaller = JansAuthInstaller()
 
 
 class flex_installer(JettyInstaller):
@@ -103,8 +107,13 @@ def __init__(self):
         self.flex_setup_dir = os.path.join(self.source_dir, 'flex-linux-setup')
         self.templates_dir = os.path.join(self.flex_setup_dir, 'templates')
         self.admin_ui_config_properties_path = os.path.join(self.templates_dir, 'auiConfiguration.properties')
-        self.casa_web_resources_fn = os.path.join(Config.distJansFolder, 'casa_web_resources.xml')
-        self.casa_war_fn = os.path.join(Config.distJansFolder, 'casa.war')
+        self.casa_dist_dir = os.path.join(Config.distJansFolder, 'gluu-casa')
+        self.casa_web_resources_fn = os.path.join(self.casa_dist_dir, 'casa_web_resources.xml')
+        self.casa_war_fn = os.path.join(self.casa_dist_dir, 'casa.war')
+        self.casa_config_fn = os.path.join(self.casa_dist_dir,'casa-config.jar')
+        self.casa_script_fn = os.path.join(self.casa_dist_dir,'Casa.py')
+        self.twillo_fn = os.path.join(self.casa_dist_dir,'twilio.jar')
+        self.py_lib_dir = '/opt/gluu/python/libs/'
 
     def download_files(self):
         print("Downloading components")
@@ -114,6 +123,14 @@ def download_files(self):
         base.download('https://github.com/GluuFederation/flex/archive/refs/heads/{}.zip'.format(app_versions['FLEX_BRANCH']), self.flex_path)
         base.download('https://github.com/GluuFederation/casa/raw/gluu_cloud/extras/casa_web_resources.xml', self.casa_web_resources_fn)
         base.download('https://maven.gluu.org/maven/org/gluu/casa/{0}/casa-{0}.war'.format(app_versions['CASA_VERSION']), self.casa_war_fn)
+        base.download('https://maven.gluu.org/maven/org/gluu/casa-config/{0}/casa-config-{0}.jar'.format(app_versions['CASA_VERSION']), self.casa_config_fn)
+        base.download('https://repo1.maven.org/maven2/com/twilio/sdk/twilio/{0}/twilio-{0}.jar'.format(app_versions['TWILIO_VERSION']), self.twillo_fn)
+        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/Casa.py', self.casa_script_fn)
+        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_fido2.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_fido2.py'))
+        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_otp.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_otp.py'))
+        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_super_gluu.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_super_gluu.py'))
+        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_twilio_sms.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_twilio_sms.py'))
+        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_u2f.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_u2f.py'))
 
 
     def install_gluu_admin_ui(self):
@@ -156,6 +173,38 @@ def install_gluu_admin_ui(self):
 
 
     def install_casa(self):
+
+
+        jans_auth_dir = os.path.join(Config.jetty_base, jansAuthInstaller.service_name)
+        jans_auth_custom_lib_dir = os.path.join(jans_auth_dir, 'custom/libs')
+
+        print("Adding twillo and casa config to jans-auth")
+        self.copyFile(self.casa_config_fn, jans_auth_custom_lib_dir)
+        self.copyFile(self.twillo_fn, jans_auth_custom_lib_dir)
+        class_path = '{},{}'.format(
+            os.path.join(jans_auth_custom_lib_dir, os.path.basename(self.casa_config_fn)),
+            os.path.join(jans_auth_custom_lib_dir, os.path.basename(self.twillo_fn)),
+            )
+        xml_fn = os.path.join(jans_auth_dir, 'webapps', jansAuthInstaller.service_name+'.xml')
+        jansAuthInstaller.add_extra_class(class_path, xml_fn)
+
+        simple_auth_scr_inum = 'A51E-76DA'
+        print("Enabling script", simple_auth_scr_inum)
+        self.dbUtils.enable_script(simple_auth_scr_inum)
+
+        # copy casa scripts
+        if not os.path.exists(self.py_lib_dir):
+            os.makedirs(self.py_lib_dir)
+        for fn in glob.glob(os.path.join(self.casa_dist_dir, 'pylib/*.py')):
+            print("Copying", fn, "to", self.py_lib_dir)
+            self.copyFile(fn, self.py_lib_dir)
+
+        # prepare casa scipt ldif
+        casa_auth_script_fn = os.path.join(self.templates_dir, 'casa_person_authentication_script.ldif')
+        base64_script_file = self.generate_base64_file(self.casa_script_fn, 1)
+        Config.templateRenderingDict['casa_person_authentication_script'] = base64_script_file
+        self.renderTemplateInOut(casa_auth_script_fn, self.templates_dir, self.source_dir)
+
         Config.templateRenderingDict['casa_redirect_uri'] = 'https://{}/casa'.format(Config.hostname)
         Config.templateRenderingDict['casa_redirect_logout_uri'] = 'https://{}/casa/bye.zul'.format(Config.hostname)
         Config.templateRenderingDict['casa_frontchannel_logout_uri'] = 'https://{}/casa/autologout'.format(Config.hostname)
@@ -171,11 +220,14 @@ def install_casa(self):
         print(Config.casa_client_encoded_pw)
         print(Config.casa_client_pw)
 
+        print("Importing LDIF Files")
+
         self.renderTemplateInOut(self.casa_client_fn, self.templates_dir, self.source_dir)
         self.renderTemplateInOut(self.casa_config_fn, self.templates_dir, self.source_dir)
         self.dbUtils.import_ldif([
                 os.path.join(self.source_dir, os.path.basename(self.casa_client_fn)),
                 os.path.join(self.source_dir, os.path.basename(self.casa_config_fn)),
+                os.path.join(self.source_dir, os.path.basename(casa_auth_script_fn)),
                 ])
 
 
@@ -216,6 +268,7 @@ def install_casa(self):
 
         self.calculate_aplications_memory(Config.application_max_ram, self.jetty_app_configuration, installedComponents)
 
+        print("Deploying casa as Jetty application")
         self.installJettyService(self.jetty_app_configuration[self.service_name], True)
         self.copyFile(os.path.join(self.templates_dir, 'casa.service'), '/etc/systemd/system')
         jetty_service_dir = os.path.join(Config.jetty_base, self.service_name)
@@ -231,6 +284,8 @@ def install_casa(self):
         self.run([paths.cmd_mkdir, '-p', os.path.join(gluu_python_dir, 'libs')])
         self.run([paths.cmd_chown, '-R', '{0}:{0}'.format(Config.jetty_user), gluu_python_dir])
 
+
+        print("Updating apache configuration")
         apache_directive_template_text = self.readFile(os.path.join(self.templates_dir, 'casa_apache_directive'))
 
         apache_directive_text = self.fomatWithDict(apache_directive_template_text, Config.templateRenderingDict)
@@ -266,13 +321,14 @@ def main():
 
     installer_obj = flex_installer()
     installer_obj.download_files()
+
     installer_obj.install_gluu_admin_ui()
 
     if argsp.casa_integration:
         installer_obj.install_casa()
         config_api_installer.start('casa')
+        config_api_installer.restart('jans-auth')
 
-    sys.exit()
     print("Restarting Janssen Config Api")
     config_api_installer.restart()
 
diff --git a/flex-linux-setup/flex_linux_setup/templates/casa_config.ldif b/flex-linux-setup/flex_linux_setup/templates/casa_config.ldif
index 7d0bf9171..e0ab45fdf 100644
--- a/flex-linux-setup/flex_linux_setup/templates/casa_config.ldif
+++ b/flex-linux-setup/flex_linux_setup/templates/casa_config.ldif
@@ -2,4 +2,4 @@ dn: ou=casa,ou=configuration,o=jans
 objectClass: jansAppConf
 objectClass: top
 ou: casa
-jansConfApp: {"enable_pass_reset": true, "oidc_config": {"authz_redirect_uri": "%(casa_redirect_uri)s", "post_logout_uri": "%(casa_redirect_logout_uri)s", "frontchannel_logout_uri": "%(casa_frontchannel_logout_uri)s", "scopes": ["openid", "profile", "user_name", "clientinfo"], "op_host": "%(hostname)s", "client": {"clientId": "%(casa_client_id)s", "clientSecret": "casa_client_pw", "clientName": "Client for Casa"}}}
+jansConfApp: {"enable_pass_reset": true, "oidc_config": {"authz_redirect_uri": "%(casa_redirect_uri)s", "post_logout_uri": "%(casa_redirect_logout_uri)s", "frontchannel_logout_uri": "%(casa_frontchannel_logout_uri)s", "scopes": ["openid", "profile", "user_name", "clientinfo"], "op_host": "%(hostname)s", "client": {"clientId": "%(casa_client_id)s", "clientSecret": "%(casa_client_pw)s", "clientName": "Client for Casa"}}}
diff --git a/flex-linux-setup/flex_linux_setup/templates/casa_person_authentication_script.ldif b/flex-linux-setup/flex_linux_setup/templates/casa_person_authentication_script.ldif
new file mode 100644
index 000000000..ed345ed92
--- /dev/null
+++ b/flex-linux-setup/flex_linux_setup/templates/casa_person_authentication_script.ldif
@@ -0,0 +1,15 @@
+dn: inum=3000-F75A,ou=scripts,o=jans
+description: Gluu Casa Person Authentication
+displayName: casa
+inum: 3000-F75A
+jansLevel: 1
+jansModuleProperty: {"value1":"location_type","value2":"ldap","description":""}
+jansRevision: 1
+jansScr::%(casa_person_authentication_script)s
+jansConfProperty: {"value1":"supergluu_app_id","value2":"https://%(hostname)s/casa","description":""}
+jansConfProperty: {"value1":"u2f_app_id","value2":"https://%(hostname)s","description":""}
+jansScrTyp: person_authentication
+objectClass: top
+objectClass: jansCustomScr
+jansEnabled: false
+jansProgLng: python
\ No newline at end of file

From 44abfb2f85715f1a78453ca900e4799c484c9ffb Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Tue, 22 Feb 2022 21:11:21 +0300
Subject: [PATCH 003/101] fix: flex-linux-setup more verbosity

---
 flex-linux-setup/flex_linux_setup/flex_setup.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 72dc13f02..7372ed8bb 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -216,9 +216,9 @@ def install_casa(self):
 
         self.check_clients([('casa_client_id', '3000.')])
 
-        print(Config.casa_client_id)
-        print(Config.casa_client_encoded_pw)
-        print(Config.casa_client_pw)
+        print("Casa client id", Config.casa_client_id)
+        print("Casa client password", Config.casa_client_pw)
+        print("Casa client encoded password", Config.casa_client_encoded_pw)
 
         print("Importing LDIF Files")
 
@@ -303,6 +303,7 @@ def install_casa(self):
 
             https_jans_list.insert(n+1, '\n' + apache_directive_text + '\n')
             self.writeFile(httpd_installer.https_jans_fn, '\n'.join(https_jans_list))
+            print("Restarting Apache")
             httpd_installer.restart()
 
         self.enable()
@@ -326,8 +327,10 @@ def main():
 
     if argsp.casa_integration:
         installer_obj.install_casa()
-        config_api_installer.start('casa')
+        print("Restarting Jans Auth")
         config_api_installer.restart('jans-auth')
+        print("Starting Casa")
+        config_api_installer.start('casa')
 
     print("Restarting Janssen Config Api")
     config_api_installer.restart()

From 589f8a8a77f6a8baa6f909ac26107e4120c4f38b Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Wed, 23 Feb 2022 16:58:08 +0300
Subject: [PATCH 004/101] fix: flex-linux-setup enable Casa Person Auth script

---
 .../templates/casa_person_authentication_script.ldif          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/templates/casa_person_authentication_script.ldif b/flex-linux-setup/flex_linux_setup/templates/casa_person_authentication_script.ldif
index ed345ed92..32f391dbd 100644
--- a/flex-linux-setup/flex_linux_setup/templates/casa_person_authentication_script.ldif
+++ b/flex-linux-setup/flex_linux_setup/templates/casa_person_authentication_script.ldif
@@ -11,5 +11,5 @@ jansConfProperty: {"value1":"u2f_app_id","value2":"https://%(hostname)s","descri
 jansScrTyp: person_authentication
 objectClass: top
 objectClass: jansCustomScr
-jansEnabled: false
-jansProgLng: python
\ No newline at end of file
+jansEnabled: true
+jansProgLng: python

From 78999c00bda6dbad607621c873239abb03fce905 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Thu, 24 Feb 2022 16:48:31 +0300
Subject: [PATCH 005/101] fix: flex-linux-setup set jansTrustedClnt: true in
 casa client

---
 flex-linux-setup/flex_linux_setup/flex_setup.py              | 3 ++-
 flex-linux-setup/flex_linux_setup/templates/casa_client.ldif | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 7372ed8bb..4eb7a66de 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -64,7 +64,8 @@
 parser.add_argument('--setup-branch', help="Jannsen setup github branch", default='main')
 parser.add_argument('--flex-branch', help="Jannsen flex setup github branch", default='main')
 parser.add_argument('--jans-branch', help="Jannsen github branch", default='main')
-parser.add_argument('-casa-integration', help="Install Casa Integration", action='store_true')
+parser.add_argument('--install-args', help="Arguments for Jannsen installatin application")
+parser.add_argument('--setup-args', help="Arguments for Jannsen setup")
 
 argsp = parser.parse_args()
 
diff --git a/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif b/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif
index d01d6a8c1..4f5e67051 100644
--- a/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif
+++ b/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif
@@ -30,4 +30,5 @@ jansScope: inum=341A,ou=scopes,o=jans
 jansSignedRespAlg: RS256
 jansSubjectTyp: pairwise
 jansTknEndpointAuthMethod: client_secret_basic
-jansTrustedClnt: false
+jansTrustedClnt: true
+

From bdcfdb74c3b7bada0ccec76a984b520da614ef20 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Thu, 24 Feb 2022 18:28:16 +0300
Subject: [PATCH 006/101] fix: flex-linux-setup casa jansPostLogoutRedirectURI

---
 flex-linux-setup/flex_linux_setup/templates/casa_client.ldif | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif b/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif
index 4f5e67051..dedabe1e4 100644
--- a/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif
+++ b/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif
@@ -18,7 +18,7 @@ jansInclClaimsInIdTkn: false
 jansLogoutSessRequired: false
 jansPersistClntAuthzs: true
 jansRedirectURI: %(casa_redirect_uri)s
-jansRedirectURI: %(casa_redirect_logout_uri)s
+jansPostLogoutRedirectURI: %(casa_redirect_logout_uri)s
 jansLogoutURI: %(casa_frontchannel_logout_uri)s
 jansRequireAuthTime: false
 jansRespTyp: code

From 1e4752b1d8c796e4402c2aef93cf006345d036ed Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Thu, 24 Feb 2022 18:50:20 +0300
Subject: [PATCH 007/101] fix: flex-linux-setup casa python lib dir

---
 .../flex_linux_setup/flex_setup.py            | 24 +++++++++----------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 4eb7a66de..37d2a1ead 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -114,7 +114,7 @@ def __init__(self):
         self.casa_config_fn = os.path.join(self.casa_dist_dir,'casa-config.jar')
         self.casa_script_fn = os.path.join(self.casa_dist_dir,'Casa.py')
         self.twillo_fn = os.path.join(self.casa_dist_dir,'twilio.jar')
-        self.py_lib_dir = '/opt/gluu/python/libs/'
+        self.py_lib_dir = '/opt/jans/python/libs/'
 
     def download_files(self):
         print("Downloading components")
@@ -175,7 +175,6 @@ def install_gluu_admin_ui(self):
 
     def install_casa(self):
 
-
         jans_auth_dir = os.path.join(Config.jetty_base, jansAuthInstaller.service_name)
         jans_auth_custom_lib_dir = os.path.join(jans_auth_dir, 'custom/libs')
 
@@ -200,6 +199,8 @@ def install_casa(self):
             print("Copying", fn, "to", self.py_lib_dir)
             self.copyFile(fn, self.py_lib_dir)
 
+        self.run([paths.cmd_chown, '-R', '{0}:{0}'.format(Config.jetty_user), self.py_lib_dir])
+
         # prepare casa scipt ldif
         casa_auth_script_fn = os.path.join(self.templates_dir, 'casa_person_authentication_script.ldif')
         base64_script_file = self.generate_base64_file(self.casa_script_fn, 1)
@@ -281,10 +282,6 @@ def install_casa(self):
         self.copyFile(self.casa_war_fn, jetty_service_webapps_dir)
         self.copyFile(self.casa_web_resources_fn, jetty_service_webapps_dir)
         self.run([paths.cmd_chown, '-R', '{0}:{0}'.format(Config.jetty_user), jetty_service_dir])
-        gluu_python_dir = '/opt/gluu/python/'
-        self.run([paths.cmd_mkdir, '-p', os.path.join(gluu_python_dir, 'libs')])
-        self.run([paths.cmd_chown, '-R', '{0}:{0}'.format(Config.jetty_user), gluu_python_dir])
-
 
         print("Updating apache configuration")
         apache_directive_template_text = self.readFile(os.path.join(self.templates_dir, 'casa_apache_directive'))
@@ -326,17 +323,18 @@ def main():
 
     installer_obj.install_gluu_admin_ui()
 
-    if argsp.casa_integration:
-        installer_obj.install_casa()
-        print("Restarting Jans Auth")
-        config_api_installer.restart('jans-auth')
-        print("Starting Casa")
-        config_api_installer.start('casa')
+    installer_obj.install_casa()
+    print("Restarting Jans Auth")
+    config_api_installer.restart('jans-auth')
+    print("Starting Casa")
+    config_api_installer.start('casa')
 
     print("Restarting Janssen Config Api")
     config_api_installer.restart()
 
-    print("Installation was completed. Browse https://{}/admin".format(Config.hostname))
+    print("Installation was completed.")
+    print("Browse https://{}/admin".format(Config.hostname))
+    print("Browse https://{}/casa".format(Config.hostname))
 
 if __name__ == "__main__":
     main()

From d05061f1fd99ace2c6d3962722d484cfc71a7139 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Fri, 25 Feb 2022 19:44:40 +0300
Subject: [PATCH 008/101] feat: flex-linux-setup self installer

---
 .../flex_linux_setup/flex_setup.py            | 112 +++++++++++-------
 1 file changed, 72 insertions(+), 40 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 37d2a1ead..eb198a572 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -6,15 +6,11 @@
 import argparse
 import time
 import glob
-from urllib.parse import urljoin
+import code
 
-if not os.path.join('/etc/jans/conf/jans.properties'):
-    print("Please install Jans server then execute this script.")
-    sys.exit()
+from urllib import request
+from urllib.parse import urljoin
 
-if not os.path.exists('/opt/jans/jetty/jans-config-api/start.ini'):
-    print("Please install Jans Config Api then execute this script.")
-    sys.exit()
 
 __STATIC_SETUP_DIR__ = '/opt/jans/jans-setup/'
 
@@ -22,13 +18,27 @@
     import jans_setup
     sys.path.append(jans_setup.__path__[0])
 except ModuleNotFoundError:
-    if os.path.exists(__STATIC_SETUP_DIR__):
+    if os.path.exists(os.path.join(__STATIC_SETUP_DIR__, 'setup_app')):
         sys.path.append(__STATIC_SETUP_DIR__)
     else:
-        print("Unable to locate jans-setup, exiting ...")
-        sys.exit()
+        print("Unable to locate jans-setup, installing ...")
+        # split args to find jans setup branch
+        arg_list = []
+        for arg in sys.argv[1:]:
+            if '=' in arg:
+                arg_list.append(arg.split('=', maxsplit=1))
+        sys_args = dict(arg_list)
+
+        setup_branch = sys_args.get('--jans-setup-branch') or 'main'
+        install_url = 'https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-linux-setup/jans_setup/install.py'.format(setup_branch)
+        request.urlretrieve(install_url, 'install.py')
+        install_cmd = 'python3 install.py --setup-branch={} --no-setup'.format(setup_branch)
+        print("Executing", install_cmd)
+        os.system(install_cmd)
+        sys.path.append(__STATIC_SETUP_DIR__)
 
 logs_dir = os.path.join(__STATIC_SETUP_DIR__, 'logs')
+argsp = None
 
 if not os.path.exists(logs_dir):
     os.makedirs(logs_dir)
@@ -43,6 +53,26 @@
 print(paths.LOG_ERROR_FILE)
 print('\033[0m')
 
+
+parser = argparse.ArgumentParser(description="This script downloads Gluu Admin UI components and installs")
+parser.add_argument('--jans-setup-branch', help="Jannsen setup github branch", default='main')
+parser.add_argument('--flex-branch', help="Jannsen flex setup github branch", default='main')
+parser.add_argument('--jans-branch', help="Jannsen github branch", default='main')
+parser.add_argument('-shell', help="Jannsen github branch", action='store_true')
+
+
+if not os.path.exists('/etc/jans/conf/jans.properties'):
+    parser.add_to_setup_parser = True
+    from setup_app.utils import arg_parser
+    try:
+        from jans_setup import jans_setup
+    except ImportError:
+        import jans_setup
+    jans_setup.main()
+    argsp = arg_parser.get_parser()
+
+
+
 from setup_app import static
 from setup_app.utils import base
 
@@ -60,25 +90,22 @@
 if not os.path.join(Config.outputFolder):
     os.makedirs(Config.outputFolder)
 
-parser = argparse.ArgumentParser(description="This script downloads Gluu Admin UI components and installs")
-parser.add_argument('--setup-branch', help="Jannsen setup github branch", default='main')
-parser.add_argument('--flex-branch', help="Jannsen flex setup github branch", default='main')
-parser.add_argument('--jans-branch', help="Jannsen github branch", default='main')
-parser.add_argument('--install-args', help="Arguments for Jannsen installatin application")
-parser.add_argument('--setup-args', help="Arguments for Jannsen setup")
+if not argsp:
+    argsp = parser.parse_known_args()[0]
 
-argsp = parser.parse_args()
+    # initialize config object
+    Config.init(paths.INSTALL_DIR)
+    Config.determine_version()
 
-# initialize config object
-Config.init(paths.INSTALL_DIR)
-Config.determine_version()
+    collectProperties = CollectProperties()
+    collectProperties.collect()
 
-collectProperties = CollectProperties()
-collectProperties.collect()
+if os.environ.get('jans_setup_branch') and not argsp.jans_setup_branch:
+    argsp.jans_setup_branch = os.environ['jans_setup_branch']
 
 maven_base_url = 'https://jenkins.jans.io/maven/io/jans/'
 app_versions = {
-  "SETUP_BRANCH": argsp.setup_branch,
+  "SETUP_BRANCH": argsp.jans_setup_branch,
   "FLEX_BRANCH": argsp.flex_branch,
   "JANS_BRANCH": argsp.jans_branch,
   "JANS_APP_VERSION": "1.0.0",
@@ -116,22 +143,24 @@ def __init__(self):
         self.twillo_fn = os.path.join(self.casa_dist_dir,'twilio.jar')
         self.py_lib_dir = '/opt/jans/python/libs/'
 
+        self.dbUtils.bind(force=True)
+
     def download_files(self):
         print("Downloading components")
-        base.download(urljoin(maven_base_url, 'jans-config-api/plugins/admin-ui-plugin/{0}{1}/admin-ui-plugin-{0}{1}-distribution.jar'.format(app_versions['JANS_APP_VERSION'], app_versions['JANS_BUILD'])), self.admin_ui_plugin_source_path)
-        base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/server/src/main/resources/log4j2.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_path)
-        base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/plugins/admin-ui-plugin/config/log4j2-adminui.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_adminui_path)
-        base.download('https://github.com/GluuFederation/flex/archive/refs/heads/{}.zip'.format(app_versions['FLEX_BRANCH']), self.flex_path)
-        base.download('https://github.com/GluuFederation/casa/raw/gluu_cloud/extras/casa_web_resources.xml', self.casa_web_resources_fn)
-        base.download('https://maven.gluu.org/maven/org/gluu/casa/{0}/casa-{0}.war'.format(app_versions['CASA_VERSION']), self.casa_war_fn)
-        base.download('https://maven.gluu.org/maven/org/gluu/casa-config/{0}/casa-config-{0}.jar'.format(app_versions['CASA_VERSION']), self.casa_config_fn)
-        base.download('https://repo1.maven.org/maven2/com/twilio/sdk/twilio/{0}/twilio-{0}.jar'.format(app_versions['TWILIO_VERSION']), self.twillo_fn)
-        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/Casa.py', self.casa_script_fn)
-        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_fido2.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_fido2.py'))
-        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_otp.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_otp.py'))
-        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_super_gluu.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_super_gluu.py'))
-        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_twilio_sms.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_twilio_sms.py'))
-        base.download('https://raw.githubusercontent.com/GluuFederation/casa/gluu_cloud/extras/casa-external_u2f.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_u2f.py'))
+        base.download(urljoin(maven_base_url, 'jans-config-api/plugins/admin-ui-plugin/{0}{1}/admin-ui-plugin-{0}{1}-distribution.jar'.format(app_versions['JANS_APP_VERSION'], app_versions['JANS_BUILD'])), self.admin_ui_plugin_source_path, verbose=True)
+        base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/server/src/main/resources/log4j2.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_path, verbose=True)
+        base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/plugins/admin-ui-plugin/config/log4j2-adminui.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_adminui_path, verbose=True)
+        base.download('https://github.com/GluuFederation/flex/archive/refs/heads/{}.zip'.format(app_versions['FLEX_BRANCH']), self.flex_path, verbose=True)
+        base.download('https://github.com/GluuFederation/casa/raw/gluu_cloud/extras/casa_web_resources.xml', self.casa_web_resources_fn, verbose=True)
+        base.download('https://maven.gluu.org/maven/org/gluu/casa/{0}/casa-{0}.war'.format(app_versions['CASA_VERSION']), self.casa_war_fn, verbose=True)
+        base.download('https://maven.gluu.org/maven/org/gluu/casa-config/{0}/casa-config-{0}.jar'.format(app_versions['CASA_VERSION']), self.casa_config_fn, verbose=True)
+        base.download('https://repo1.maven.org/maven2/com/twilio/sdk/twilio/{0}/twilio-{0}.jar'.format(app_versions['TWILIO_VERSION']), self.twillo_fn, verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/Casa.py', self.casa_script_fn, verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_fido2.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_fido2.py'), verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_otp.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_otp.py'), verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_super_gluu.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_super_gluu.py'), verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_twilio_sms.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_twilio_sms.py'), verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_u2f.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_u2f.py'), verbose=True)
 
 
     def install_gluu_admin_ui(self):
@@ -313,8 +342,7 @@ def main():
         node_fn = 'node-{0}-linux-x64.tar.xz'.format(app_versions['NODE_VERSION'])
         node_path = os.path.join(Config.distAppFolder, node_fn)
         if not os.path.exists(node_path):
-            print("Downloading", node_fn)
-            base.download('https://nodejs.org/dist/{0}/node-{0}-linux-x64.tar.xz'.format(app_versions['NODE_VERSION']), node_path)
+            base.download('https://nodejs.org/dist/{0}/node-{0}-linux-x64.tar.xz'.format(app_versions['NODE_VERSION']), node_path, verbose=True)
         print("Installing node")
         node_installer.install()
 
@@ -337,5 +365,9 @@ def main():
     print("Browse https://{}/casa".format(Config.hostname))
 
 if __name__ == "__main__":
-    main()
+    if argsp.shell:
+        code.interact(local=locals())
+        sys.exit()
+    else:
+        main()
 

From d235ef4410d7481e284c757016abf82bf135fb8a Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Fri, 25 Feb 2022 22:07:15 +0300
Subject: [PATCH 009/101] feat: flex-linux-setup argparse pkg issue

---
 .../flex_linux_setup/flex_setup.py            | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index eb198a572..b5b533754 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -38,7 +38,6 @@
         sys.path.append(__STATIC_SETUP_DIR__)
 
 logs_dir = os.path.join(__STATIC_SETUP_DIR__, 'logs')
-argsp = None
 
 if not os.path.exists(logs_dir):
     os.makedirs(logs_dir)
@@ -60,18 +59,22 @@
 parser.add_argument('--jans-branch', help="Jannsen github branch", default='main')
 parser.add_argument('-shell', help="Jannsen github branch", action='store_true')
 
+from setup_app.utils import arg_parser
+
+arg_parser.add_to_me(parser)
+
+installed = False
+
 
 if not os.path.exists('/etc/jans/conf/jans.properties'):
-    parser.add_to_setup_parser = True
-    from setup_app.utils import arg_parser
+    installed = True
     try:
         from jans_setup import jans_setup
     except ImportError:
         import jans_setup
     jans_setup.main()
-    argsp = arg_parser.get_parser()
-
 
+argsp = arg_parser.get_parser()
 
 from setup_app import static
 from setup_app.utils import base
@@ -90,8 +93,7 @@
 if not os.path.join(Config.outputFolder):
     os.makedirs(Config.outputFolder)
 
-if not argsp:
-    argsp = parser.parse_known_args()[0]
+if not installed:
 
     # initialize config object
     Config.init(paths.INSTALL_DIR)
@@ -100,9 +102,6 @@
     collectProperties = CollectProperties()
     collectProperties.collect()
 
-if os.environ.get('jans_setup_branch') and not argsp.jans_setup_branch:
-    argsp.jans_setup_branch = os.environ['jans_setup_branch']
-
 maven_base_url = 'https://jenkins.jans.io/maven/io/jans/'
 app_versions = {
   "SETUP_BRANCH": argsp.jans_setup_branch,

From 116b791b80544ac9fe9fd4266f662b18397bea19 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Fri, 25 Feb 2022 23:49:09 +0300
Subject: [PATCH 010/101] fix: flex-linux-setup pass -yes to install.py

---
 flex-linux-setup/flex_linux_setup/flex_setup.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index b5b533754..793393378 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -33,6 +33,8 @@
         install_url = 'https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-linux-setup/jans_setup/install.py'.format(setup_branch)
         request.urlretrieve(install_url, 'install.py')
         install_cmd = 'python3 install.py --setup-branch={} --no-setup'.format(setup_branch)
+        if '-yes' in sys.argv:
+            install_cmd += ' -yes'
         print("Executing", install_cmd)
         os.system(install_cmd)
         sys.path.append(__STATIC_SETUP_DIR__)

From 32b4f561f1474b1e4fdd5fddb58b3fd4b4f2ddf7 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Mon, 28 Feb 2022 12:07:22 +0300
Subject: [PATCH 011/101] fix: flex-linux-setup restart jans-auth after casa

---
 flex-linux-setup/flex_linux_setup/flex_setup.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 793393378..03fd022ca 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -353,11 +353,13 @@ def main():
     installer_obj.install_gluu_admin_ui()
 
     installer_obj.install_casa()
-    print("Restarting Jans Auth")
-    config_api_installer.restart('jans-auth')
+
     print("Starting Casa")
     config_api_installer.start('casa')
 
+    print("Restarting Jans Auth")
+    config_api_installer.restart('jans-auth')
+
     print("Restarting Janssen Config Api")
     config_api_installer.restart()
 

From d97258a6ebc74171359c8449cd6f936bd5c9cae1 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Mon, 28 Feb 2022 14:34:03 +0300
Subject: [PATCH 012/101] fix: flex-linux-setup import package

---
 flex-linux-setup/flex_linux_setup/flex_setup.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 03fd022ca..69510750f 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -16,7 +16,8 @@
 
 try:
     import jans_setup
-    sys.path.append(jans_setup.__path__[0])
+    path_ = list(jans_setup.__path__)
+    sys.path.append(path_[0])
 except ModuleNotFoundError:
     if os.path.exists(os.path.join(__STATIC_SETUP_DIR__, 'setup_app')):
         sys.path.append(__STATIC_SETUP_DIR__)

From 1f2015bf78bb26ffb73ef026bca96496ab9c7d70 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Wed, 2 Mar 2022 12:53:45 +0300
Subject: [PATCH 013/101] fix: flex-linux-setup get py_lib_dir from Config

---
 flex-linux-setup/flex_linux_setup/flex_setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 69510750f..603e18e62 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -143,7 +143,7 @@ def __init__(self):
         self.casa_config_fn = os.path.join(self.casa_dist_dir,'casa-config.jar')
         self.casa_script_fn = os.path.join(self.casa_dist_dir,'Casa.py')
         self.twillo_fn = os.path.join(self.casa_dist_dir,'twilio.jar')
-        self.py_lib_dir = '/opt/jans/python/libs/'
+        self.py_lib_dir = os.path.join(Config.jansOptPythonFolder, 'libs')
 
         self.dbUtils.bind(force=True)
 

From 7fb45c5107e0585b47a95cfbc539b86caf52d4fb Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Fri, 4 Mar 2022 12:40:55 +0300
Subject: [PATCH 014/101] fix: flex-linux-setup change admin-ui-plugin name

---
 flex-linux-setup/flex_linux_setup/flex_setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 603e18e62..ae6af14f5 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -131,7 +131,7 @@ def __init__(self):
         self.gluu_admin_ui_source_path = os.path.join(Config.distJansFolder, 'gluu-admin-ui.zip')
         self.log4j2_adminui_path = os.path.join(Config.distJansFolder, 'log4j2-adminui.xml')
         self.log4j2_path = os.path.join(Config.distJansFolder, 'log4j2.xml')
-        self.admin_ui_plugin_source_path = os.path.join(Config.distJansFolder, 'admin-ui-plugin-distribution.jar')
+        self.admin_ui_plugin_source_path = os.path.join(Config.distJansFolder, 'admin-ui-plugin.jar')
         self.flex_path = os.path.join(Config.distJansFolder, 'flex.zip')
         self.source_dir = os.path.join(Config.outputFolder, 'admin-ui')
         self.flex_setup_dir = os.path.join(self.source_dir, 'flex-linux-setup')

From d2ec21f25ed5ffc6f378ca9f6b61adf9acea91eb Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Fri, 4 Mar 2022 18:17:42 +0300
Subject: [PATCH 015/101] fix: flex-linux-setup update config-cli plugins

---
 .../flex_linux_setup/flex_setup.py            | 28 ++++++++++++++++---
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index ae6af14f5..936bddafe 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -7,7 +7,9 @@
 import time
 import glob
 import code
+import configparser
 
+from pathlib import Path
 from urllib import request
 from urllib.parse import urljoin
 
@@ -90,6 +92,7 @@
 from setup_app.installers.config_api import ConfigApiInstaller
 from setup_app.installers.jetty import JettyInstaller
 from setup_app.installers.jans_auth import JansAuthInstaller
+from setup_app.installers.jans_cli import JansCliInstaller
 
 
 Config.outputFolder = os.path.join(__STATIC_SETUP_DIR__, 'output')
@@ -121,7 +124,7 @@
 httpd_installer = HttpdInstaller()
 config_api_installer = ConfigApiInstaller()
 jansAuthInstaller = JansAuthInstaller()
-
+jans_cli_installer = JansCliInstaller()
 
 class flex_installer(JettyInstaller):
 
@@ -196,13 +199,31 @@ def install_gluu_admin_ui(self):
         config_api_installer.check_clients([('role_based_client_id', '2000.')])
         config_api_installer.renderTemplateInOut(self.admin_ui_config_properties_path, os.path.join(self.flex_setup_dir, 'templates'), config_api_installer.custom_config_dir)
         admin_ui_plugin_path = os.path.join(config_api_installer.libDir, os.path.basename(self.admin_ui_plugin_source_path))
-        config_api_installer.web_app_xml_fn = os.path.join(config_api_installer.jetty_base, config_api_installer.service_name, 'webapps/jans-config-api.xml')
         config_api_installer.copyFile(self.admin_ui_plugin_source_path, config_api_installer.libDir)
         config_api_installer.add_extra_class(admin_ui_plugin_path)
 
         for logfn in (self.log4j2_adminui_path, self.log4j2_path):
             config_api_installer.copyFile(logfn, config_api_installer.custom_config_dir)
 
+        cli_config = Path(jans_cli_installer.config_ini_fn)
+
+        current_plugins = []
+
+        if cli_config.exists():
+
+            config = configparser.ConfigParser()
+            config.read_file(cli_config.open())
+            current_plugins = config['DEFAULT'].get('jca_plugins', '').split(',')
+
+        plugins = config_api_installer.get_plugins()
+
+        for plugin in plugins:
+            if not plugin in current_plugins:
+                current_plugins.append(plugin)
+
+        config['DEFAULT']['jca_plugins'] = ','.join(current_plugins)
+        config.write(cli_config.open('w'))
+        cli_config.chmod(0o600)
 
     def install_casa(self):
 
@@ -216,8 +237,7 @@ def install_casa(self):
             os.path.join(jans_auth_custom_lib_dir, os.path.basename(self.casa_config_fn)),
             os.path.join(jans_auth_custom_lib_dir, os.path.basename(self.twillo_fn)),
             )
-        xml_fn = os.path.join(jans_auth_dir, 'webapps', jansAuthInstaller.service_name+'.xml')
-        jansAuthInstaller.add_extra_class(class_path, xml_fn)
+        jansAuthInstaller.add_extra_class(class_path)
 
         simple_auth_scr_inum = 'A51E-76DA'
         print("Enabling script", simple_auth_scr_inum)

From 83d280e731197f732936d39d97de5d80f769de26 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Fri, 4 Mar 2022 19:13:59 +0300
Subject: [PATCH 016/101] fix: flex-linux-setup parser

---
 .../flex_linux_setup/flex_setup.py            | 30 ++++++++-----------
 1 file changed, 13 insertions(+), 17 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 936bddafe..66e02f1db 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -14,6 +14,14 @@
 from urllib.parse import urljoin
 
 
+def get_flex_setup_parser():
+    parser = argparse.ArgumentParser(description="This script downloads Gluu Admin UI components and installs")
+    parser.add_argument('--jans-setup-branch', help="Jannsen setup github branch", default='main')
+    parser.add_argument('--flex-branch', help="Jannsen flex setup github branch", default='main')
+    parser.add_argument('--jans-branch', help="Jannsen github branch", default='main')
+
+    return parser
+
 __STATIC_SETUP_DIR__ = '/opt/jans/jans-setup/'
 
 try:
@@ -24,15 +32,11 @@
     if os.path.exists(os.path.join(__STATIC_SETUP_DIR__, 'setup_app')):
         sys.path.append(__STATIC_SETUP_DIR__)
     else:
+        argsp = get_flex_setup_parser().parse_known_args()[0]
+
         print("Unable to locate jans-setup, installing ...")
-        # split args to find jans setup branch
-        arg_list = []
-        for arg in sys.argv[1:]:
-            if '=' in arg:
-                arg_list.append(arg.split('=', maxsplit=1))
-        sys_args = dict(arg_list)
-
-        setup_branch = sys_args.get('--jans-setup-branch') or 'main'
+
+        setup_branch = argsp.jans_setup_branch or 'main'
         install_url = 'https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-linux-setup/jans_setup/install.py'.format(setup_branch)
         request.urlretrieve(install_url, 'install.py')
         install_cmd = 'python3 install.py --setup-branch={} --no-setup'.format(setup_branch)
@@ -58,19 +62,11 @@
 print('\033[0m')
 
 
-parser = argparse.ArgumentParser(description="This script downloads Gluu Admin UI components and installs")
-parser.add_argument('--jans-setup-branch', help="Jannsen setup github branch", default='main')
-parser.add_argument('--flex-branch', help="Jannsen flex setup github branch", default='main')
-parser.add_argument('--jans-branch', help="Jannsen github branch", default='main')
-parser.add_argument('-shell', help="Jannsen github branch", action='store_true')
-
+parser = get_flex_setup_parser()
 from setup_app.utils import arg_parser
-
 arg_parser.add_to_me(parser)
-
 installed = False
 
-
 if not os.path.exists('/etc/jans/conf/jans.properties'):
     installed = True
     try:

From 1e66f1bcea52539ff9b0043733ff41de6871661c Mon Sep 17 00:00:00 2001
From: Jose <bonustrack310@gmail.com>
Date: Sun, 6 Mar 2022 07:58:18 -0500
Subject: [PATCH 017/101] chore: remove/adjust files as required per #125

---
 .../authnmethod/SecurityKeyExtension.java     |  82 --
 .../plugins/authnmethod/conf/U2FConfig.java   |  28 -
 .../rs/SecurityKeyEnrollingWS.java            | 196 -----
 .../authnmethod/rs/SuperGluuEnrollingWS.java  |   2 +-
 .../authnmethod/service/U2fService.java       | 141 ---
 .../gluu/casa/timer/AuthnScriptsReloader.java |   2 +-
 .../casa/ui/vm/user/SecurityKeyViewModel.java | 283 ------
 .../src/main/resources/labels/user.properties |  31 +-
 .../src/main/webapp/scripts/gluu/u2f-util.js  |  41 -
 casa/app/src/main/webapp/scripts/u2f-api.js   | 830 ------------------
 casa/app/src/main/webapp/user/u2f-detail.zul  | 123 ---
 casa/extras/enrollment-client/README.md       |   4 +-
 casa/extras/enrollment-client/index.html      |   3 +-
 casa/extras/enrollment-client/super_gluu.html |   4 +-
 casa/extras/enrollment-client/u2f-api.js      | 830 ------------------
 casa/extras/enrollment-client/u2f.html        | 123 ---
 casa/installer/casa_cleanup.py                | 216 -----
 casa/installer/setup_casa.py                  | 391 ---------
 18 files changed, 11 insertions(+), 3319 deletions(-)
 delete mode 100644 casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/SecurityKeyExtension.java
 delete mode 100644 casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/conf/U2FConfig.java
 delete mode 100644 casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/rs/SecurityKeyEnrollingWS.java
 delete mode 100644 casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/service/U2fService.java
 delete mode 100644 casa/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKeyViewModel.java
 delete mode 100644 casa/app/src/main/webapp/scripts/gluu/u2f-util.js
 delete mode 100644 casa/app/src/main/webapp/scripts/u2f-api.js
 delete mode 100644 casa/app/src/main/webapp/user/u2f-detail.zul
 delete mode 100644 casa/extras/enrollment-client/u2f-api.js
 delete mode 100644 casa/extras/enrollment-client/u2f.html
 delete mode 100755 casa/installer/casa_cleanup.py
 delete mode 100755 casa/installer/setup_casa.py

diff --git a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/SecurityKeyExtension.java b/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/SecurityKeyExtension.java
deleted file mode 100644
index bcfaf42f0..000000000
--- a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/SecurityKeyExtension.java
+++ /dev/null
@@ -1,82 +0,0 @@
-package org.gluu.casa.plugins.authnmethod;
-
-import org.gluu.casa.credential.BasicCredential;
-import org.gluu.casa.extension.AuthnMethod;
-import org.gluu.casa.misc.Utils;
-import org.gluu.casa.plugins.authnmethod.service.U2fService;
-import org.pf4j.Extension;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.Collections;
-import java.util.List;
-import java.util.stream.Collectors;
-
-/**
- * @author jgomer
- */
-@Extension
-public class SecurityKeyExtension implements AuthnMethod {
-
-    public static final String ACR = "u2f";
-
-    private Logger logger = LoggerFactory.getLogger(getClass());
-
-    private U2fService u2fService;
-
-    public SecurityKeyExtension() {
-        u2fService = Utils.managedBean(U2fService.class);
-    }
-
-    public String getUINameKey() {
-        return "usr.u2f_label";
-    }
-
-    public String getAcr() {
-        return ACR;
-    }
-
-    public String getPanelTitleKey() {
-        return "usr.u2f_title";
-    }
-
-    public String getPanelTextKey() {
-        return "usr.u2f_text";
-    }
-
-    public String getPanelButtonKey() {
-        return "usr.u2f_manage";
-    }
-
-    public String getPanelBottomTextKey() {
-        return "usr.u2f_buy_title";
-    }
-
-    public String getPageUrl() {
-        return "/user/u2f-detail.zul";
-    }
-
-    public List<BasicCredential> getEnrolledCreds(String id) {
-
-        try {
-            return u2fService.getDevices(id, true).stream()
-                    .map(dev -> new BasicCredential(dev.getNickName(), dev.getCreationDate().getTime())).collect(Collectors.toList());
-        } catch (Exception e) {
-            logger.error(e.getMessage(), e);
-            return Collections.emptyList();
-        }
-    }
-
-    public int getTotalUserCreds(String id) {
-        return u2fService.getDevicesTotal(id, true);
-    }
-
-    public void reloadConfiguration() {
-        u2fService.reloadConfiguration();
-    }
-
-    public boolean mayBe2faActivationRequisite() {
-        return Boolean.parseBoolean(u2fService.getScriptPropertyValue("2fa_requisite"));
-    }
-
-}
diff --git a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/conf/U2FConfig.java b/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/conf/U2FConfig.java
deleted file mode 100644
index a6f0318a8..000000000
--- a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/conf/U2FConfig.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package org.gluu.casa.plugins.authnmethod.conf;
-
-/**
- * @author jgomer
- */
-public class U2FConfig {
-
-    private String appId;
-
-    private String endpointUrl;
-
-    public String getAppId() {
-        return appId;
-    }
-
-    public void setAppId(String appId) {
-        this.appId = appId;
-    }
-
-    public String getEndpointUrl() {
-        return endpointUrl;
-    }
-
-    public void setEndpointUrl(String endpointUrl) {
-        this.endpointUrl = endpointUrl;
-    }
-
-}
diff --git a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/rs/SecurityKeyEnrollingWS.java b/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/rs/SecurityKeyEnrollingWS.java
deleted file mode 100644
index 0d1c2f71e..000000000
--- a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/rs/SecurityKeyEnrollingWS.java
+++ /dev/null
@@ -1,196 +0,0 @@
-package org.gluu.casa.plugins.authnmethod.rs;
-
-import com.fasterxml.jackson.databind.ObjectMapper;
-import net.jodah.expiringmap.ExpiringMap;
-import org.gluu.casa.core.PersistenceService;
-import org.gluu.casa.core.UserService;
-import org.gluu.casa.core.model.Person;
-import org.gluu.casa.core.pojo.FidoDevice;
-import org.gluu.casa.core.pojo.SecurityKey;
-import org.gluu.casa.misc.Utils;
-import org.gluu.casa.plugins.authnmethod.rs.status.u2f.FinishCode;
-import org.gluu.casa.plugins.authnmethod.rs.status.u2f.RegisterMessageCode;
-import org.gluu.casa.plugins.authnmethod.rs.status.u2f.RegistrationCode;
-import org.gluu.casa.plugins.authnmethod.service.U2fService;
-import org.gluu.casa.rest.ProtectedApi;
-import org.slf4j.Logger;
-
-import javax.annotation.PostConstruct;
-import javax.enterprise.context.ApplicationScoped;
-import javax.inject.Inject;
-import javax.ws.rs.*;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import java.util.Map;
-import java.util.Optional;
-import java.util.concurrent.TimeUnit;
-import java.util.stream.Stream;
-
-/**
- * @author jgomer
- */
-@ApplicationScoped
-//Disabled: u2f will be deprecated in favor of FIDO 2, see SecurityKey2EnrollingWS
-//@Path("/enrollment/" + SecurityKeyExtension.ACR)
-public class SecurityKeyEnrollingWS {
-
-    private static final int TIME_WINDOW_DEFAULT = 2;
-    private static final int MAX_STORED_ENTRIES = 1000;   //one thousand entries stored at most
-
-    @Inject
-    private Logger logger;
-
-    @Inject
-    private U2fService u2fService;
-
-    @Inject
-    private PersistenceService persistenceService;
-
-    @Inject
-    private UserService userService;
-
-    private ObjectMapper mapper;
-
-    private Map<String, String> usersWithPendingRegistrations;
-
-    private Map<String, String> recentlyEnrolledDevices;
-
-    @GET
-    @Path("registration-message")
-    @Produces(MediaType.APPLICATION_JSON)
-    @ProtectedApi
-    public Response getRegistrationMessage(@QueryParam("userid") String userId) {
-
-        String request = null;
-        RegisterMessageCode result;
-        logger.trace("getRegistrationMessage WS operation called");
-
-        if (Utils.isEmpty(userId)) {
-            result = RegisterMessageCode.NO_USER_ID;
-        } else {
-            Person person = persistenceService.get(Person.class, persistenceService.getPersonDn(userId));
-            if (person == null) {
-                result = RegisterMessageCode.UNKNOWN_USER_ID;
-            } else {
-                try {
-                    String userName = person.getUid();
-                    String code = userService.generateRandEnrollmentCode(userId);
-                    request = u2fService.generateJsonRegisterMessage(userName, code);
-                    result = RegisterMessageCode.SUCCESS;
-                    usersWithPendingRegistrations.put(userId, null);
-                } catch (Exception e) {
-                    result = RegisterMessageCode.FAILED;
-                    logger.error(e.getMessage(), e);
-                }
-            }
-        }
-        return result.getResponse(request);
-
-    }
-
-    @POST
-    @Path("registration/{userid}")
-    @Produces(MediaType.APPLICATION_JSON)
-    @ProtectedApi
-    public Response sendRegistrationResult(Map<String, Object> registrationResult,
-                                           @PathParam("userid") String userId) {
-
-        RegistrationCode result;
-        SecurityKey newDevice = null;
-        logger.trace("sendRegistrationResult WS operation called");
-
-        if (usersWithPendingRegistrations.containsKey(userId)) {
-            usersWithPendingRegistrations.remove(userId);
-
-            Person person = persistenceService.get(Person.class, persistenceService.getPersonDn(userId));
-            if (person == null) {
-                result = RegistrationCode.UNKNOWN_USER_ID;
-            } else {
-                try {
-                    String userName = person.getUid();
-                    String jsonStr = mapper.writeValueAsString(registrationResult);
-                    String error = u2fService.getRegistrationResult(jsonStr);
-
-                    if (error == null) {
-                        u2fService.finishRegistration(userName, jsonStr);
-                        newDevice = u2fService.getLatestSecurityKey(userId, System.currentTimeMillis());
-                        if (newDevice == null){
-                            result = RegistrationCode.FAILED;
-                        } else {
-                            recentlyEnrolledDevices.put(newDevice.getId(), userId);
-                            result = RegistrationCode.SUCCESS;
-                            userService.cleanRandEnrollmentCode(userId);
-                        }
-                    } else {
-                        result = RegistrationCode.FAILED;
-                    }
-                } catch (Exception e) {
-                    logger.error(e.getMessage(), e);
-                    result = RegistrationCode.FAILED;
-                }
-            }
-
-        } else {
-            result = RegistrationCode.NO_MATCH_OR_EXPIRED;
-        }
-        return result.getResponse(newDevice);
-
-    }
-
-    @GET
-    @Path("creds/{userid}/{id}")
-    @Produces(MediaType.APPLICATION_JSON)
-    @ProtectedApi
-    public Response getEnrollments() {
-        return Response.status(Response.Status.NOT_IMPLEMENTED).build();
-    }
-
-    @POST
-    @Path("creds/{userid}")
-    @Produces(MediaType.APPLICATION_JSON)
-    @ProtectedApi
-    public Response nameEnrollment(NamedCredential credential,
-                                   @PathParam("userid") String userId) {
-
-        logger.trace("nameEnrollment WS operation called");
-        String nickName = Optional.ofNullable(credential).map(NamedCredential::getNickName).orElse(null);
-        String deviceId = Optional.ofNullable(credential).map(NamedCredential::getKey).orElse(null);
-
-        FinishCode result;
-
-        if (Stream.of(nickName, deviceId).anyMatch(Utils::isEmpty)) {
-            result = FinishCode.MISSING_PARAMS;
-        } else if (!recentlyEnrolledDevices.containsKey(deviceId)) {
-            result = FinishCode.NO_MATCH_OR_EXPIRED;
-        } else {
-            FidoDevice dev = new FidoDevice();
-            dev.setId(deviceId);
-            dev.setNickName(nickName);
-
-            if (u2fService.updateDevice(dev)) {
-                result = FinishCode.SUCCESS;
-                recentlyEnrolledDevices.remove(deviceId);
-            } else {
-                result = FinishCode.FAILED;
-            }
-        }
-        return result.getResponse();
-
-    }
-
-    @PostConstruct
-    private void init() {
-
-        logger.trace("Service inited");
-        mapper = new ObjectMapper();
-
-        usersWithPendingRegistrations = ExpiringMap.builder()
-                .maxSize(MAX_STORED_ENTRIES).expiration(TIME_WINDOW_DEFAULT, TimeUnit.MINUTES)
-                .asyncExpirationListener((userId, nothing) -> userService.cleanRandEnrollmentCode(userId.toString()))
-                .build();
-
-        recentlyEnrolledDevices = ExpiringMap.builder()
-                .maxSize(MAX_STORED_ENTRIES).expiration(TIME_WINDOW_DEFAULT, TimeUnit.MINUTES).build();
-    }
-
-}
diff --git a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/rs/SuperGluuEnrollingWS.java b/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/rs/SuperGluuEnrollingWS.java
index de3957723..115f9bd36 100644
--- a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/rs/SuperGluuEnrollingWS.java
+++ b/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/rs/SuperGluuEnrollingWS.java
@@ -34,7 +34,7 @@
  * @author jgomer
  */
 @ApplicationScoped
-@Path("/enrollment/" + SuperGluuExtension.ACR)
+//@Path("/enrollment/" + SuperGluuExtension.ACR)
 public class SuperGluuEnrollingWS {
 
     private static final String BANNED_KEYS_PREFIX = "casa_blk_";   //Banned lookup keys
diff --git a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/service/U2fService.java b/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/service/U2fService.java
deleted file mode 100644
index 2898b86a7..000000000
--- a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/service/U2fService.java
+++ /dev/null
@@ -1,141 +0,0 @@
-package org.gluu.casa.plugins.authnmethod.service;
-
-import com.fasterxml.jackson.databind.JsonNode;
-
-import io.jans.as.client.fido.u2f.FidoU2fClientFactory;
-import io.jans.as.client.fido.u2f.RegistrationRequestService;
-import io.jans.as.client.fido.u2f.U2fConfigurationService;
-import io.jans.as.model.fido.u2f.U2fConfiguration;
-import io.jans.as.model.fido.u2f.protocol.RegisterRequestMessage;
-import io.jans.as.model.fido.u2f.protocol.RegisterStatus;
-
-import org.gluu.casa.conf.MainSettings;
-import org.gluu.casa.core.ConfigurationHandler;
-import org.gluu.casa.core.pojo.SecurityKey;
-import org.gluu.casa.plugins.authnmethod.SecurityKeyExtension;
-import org.gluu.casa.plugins.authnmethod.conf.U2FConfig;
-import org.slf4j.Logger;
-
-import java.util.*;
-import javax.annotation.PostConstruct;
-import javax.enterprise.context.ApplicationScoped;
-import javax.inject.Inject;
-import javax.inject.Named;
-
-/**
- * An app. scoped bean that encapsulates logic related to management of registration requests for u2f devices
- * @author jgomer
- */
-@Named
-@ApplicationScoped
-public class U2fService extends FidoService {
-
-    private static final String METADATA_URI = ".well-known/fido-configuration";
-    
-    @Inject
-    private Logger logger;
-
-    @Inject
-    private MainSettings settings;
-
-    private U2FConfig conf;
-    private RegistrationRequestService registrationRequestService;
-
-    @PostConstruct
-    private void inited() {
-        reloadConfiguration();
-    }
-
-    public void reloadConfiguration() {
-
-        conf = new U2FConfig();
-        conf.setEndpointUrl(String.format("%s/%s", persistenceService.getIssuerUrl(), METADATA_URI));
-
-        try {
-            props = persistenceService.getCustScriptConfigProperties(SecurityKeyExtension.ACR);
-            conf.setAppId(persistenceService.getCustScriptConfigProperties(ConfigurationHandler.DEFAULT_ACR).get("u2f_app_id"));
-
-            logger.info("U2f settings found were: {}", mapper.writeValueAsString(conf));
-
-            U2fConfigurationService u2fCfgServ = FidoU2fClientFactory.instance().createMetaDataConfigurationService(conf.getEndpointUrl());
-            U2fConfiguration metadataConf = u2fCfgServ.getMetadataConfiguration();
-            registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(metadataConf);
-        } catch (Exception e) {
-            logger.error(e.getMessage(), e);
-        }
-
-    }
-
-    public int getDevicesTotal(String userId, boolean active) {
-        return getDevicesTotal(conf.getAppId(), userId, active);
-    }
-
-    public List<SecurityKey> getDevices(String userId, boolean active) {
-        return getSortedDevices(userId, active, conf.getAppId(), SecurityKey.class);
-    }
-
-    /**
-     * Triggers a registration request to a U2F endpoint and outputs the request message returned by the service in form of JSON
-     * @param userName As required per io.jans.as.client.fido.u2f.RegistrationRequestService#startRegistration
-     * @param enrollmentCode A previously generated random code stored under user's LDAP entry
-     * @return Json string representation
-     * @throws Exception Network problem, De/Serialization error, ...
-     */
-    public String generateJsonRegisterMessage(String userName, String enrollmentCode) throws Exception {
-        RegisterRequestMessage message = registrationRequestService.startRegistration(userName, conf.getAppId(), null, enrollmentCode);
-        logger.info("Beginning registration start with uid={}, app_id={}", userName, conf.getAppId());
-        return mapper.writeValueAsString(message);
-    }
-
-    /**
-     * Executes the finish registration step of the U2F service
-     * @param userName As required per io.jans.as.client.fido.u2f.RegistrationRequestService#finishRegistration
-     * @param response This is the Json response obtained in the web browser after calling the u2f.register function in Javascript
-     */
-    public void finishRegistration(String userName, String response) {
-        //first parameter is not used in current implementation, see: io.jans.as.server.ws.rs.fido.u2f.U2fRegistrationWS#finishRegistration
-        RegisterStatus status = registrationRequestService.finishRegistration(userName, response);
-        logger.info("Response of finish registration: {}", status.getStatus());
-    }
-
-    public String getRegistrationResult(String jsonString) throws Exception {
-
-        String value = null;
-        JsonNode tree = mapper.readTree(jsonString);
-
-        logger.info("Finished registration start with response: {}", jsonString);
-        JsonNode tmp = tree.get("errorCode");
-
-        if (tmp != null) {
-            try {
-                int code = tmp.asInt();
-                if (code > 0) {
-                    value = U2fClientCodes.get(code).toString();
-                    logger.error("Registration failed with error: {}", value);
-                    value = value.toLowerCase();
-                }
-            } catch (Exception e) {
-                logger.error(e.getMessage(), e);
-                value = e.getMessage();
-            }
-        }
-        return value;
-
-    }
-
-    public SecurityKey getLatestSecurityKey(String userId, long time) {
-
-        SecurityKey sk = null;
-        try {
-            sk = getLatestFidoDevice(userId, time, conf.getAppId(), SecurityKey.class);
-            if (sk != null && sk.getNickName() != null) {
-                sk = null;    //should have no name
-            }
-        } catch (Exception e) {
-            logger.error(e.getMessage(), e);
-        }
-        return sk;
-
-    }
-
-}
diff --git a/casa/app/src/main/java/org/gluu/casa/timer/AuthnScriptsReloader.java b/casa/app/src/main/java/org/gluu/casa/timer/AuthnScriptsReloader.java
index 09cfe5437..0ffe3d308 100644
--- a/casa/app/src/main/java/org/gluu/casa/timer/AuthnScriptsReloader.java
+++ b/casa/app/src/main/java/org/gluu/casa/timer/AuthnScriptsReloader.java
@@ -37,7 +37,7 @@ public class AuthnScriptsReloader extends JobListenerSupport {
     private static final String LOCATION_PATH_PROPERTY = "location_path";
     private static final String FILENAME_TEMPLATE = "casa-external_{0}.py";
     private static final List<String> NOT_REPLACEABLE_SCRIPTS = Arrays.asList(SecurityKey2Extension.ACR,
-            SecurityKeyExtension.ACR, OTPExtension.ACR, SuperGluuExtension.ACR, OTPTwilioExtension.ACR, OTPSmppExtension.ACR);
+            OTPExtension.ACR, SuperGluuExtension.ACR, OTPTwilioExtension.ACR, OTPSmppExtension.ACR);
 
     @Inject
     private Logger logger;
diff --git a/casa/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKeyViewModel.java b/casa/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKeyViewModel.java
deleted file mode 100644
index a005f8a86..000000000
--- a/casa/app/src/main/java/org/gluu/casa/ui/vm/user/SecurityKeyViewModel.java
+++ /dev/null
@@ -1,283 +0,0 @@
-package org.gluu.casa.ui.vm.user;
-
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-import org.gluu.casa.core.pojo.BrowserInfo;
-import org.gluu.casa.core.pojo.SecurityKey;
-import org.gluu.casa.ui.UIUtils;
-import org.gluu.casa.misc.Utils;
-import org.gluu.casa.plugins.authnmethod.SecurityKeyExtension;
-import org.gluu.casa.plugins.authnmethod.service.U2fService;
-import org.zkoss.bind.BindUtils;
-import org.zkoss.bind.annotation.*;
-import org.zkoss.json.JavaScriptValue;
-import org.zkoss.util.Pair;
-import org.zkoss.util.resource.Labels;
-import org.zkoss.zk.au.out.AuInvoke;
-import org.zkoss.zk.ui.Component;
-import org.zkoss.zk.ui.event.Event;
-import org.zkoss.zk.ui.event.Events;
-import org.zkoss.zk.ui.select.Selectors;
-import org.zkoss.zk.ui.select.annotation.Listen;
-import org.zkoss.zk.ui.select.annotation.WireVariable;
-import org.zkoss.zk.ui.util.Clients;
-import org.zkoss.zul.Messagebox;
-
-import java.util.List;
-
-/**
- * Created by jgomer on 2017-07-23.
- * This is the ViewModel of page u2f-detail.zul. It controls the CRUD of security keys
- */
-public class SecurityKeyViewModel extends UserViewModel {
-
-    private static final int REGISTRATION_TIMEOUT = 8000;
-
-    private Logger logger = LogManager.getLogger(getClass());
-
-    @WireVariable
-    private U2fService u2fService;
-
-    private ObjectMapper mapper;
-    private SecurityKey newDevice;
-    private List<SecurityKey> devices;
-
-    private boolean uiAwaiting;
-    private boolean uiEnrolled;
-    private String editingId;
-
-    private String u2fSupportMessage;
-    private boolean u2fMayBeSupported;
-
-    public boolean isUiAwaiting() {
-        return uiAwaiting;
-    }
-
-    public boolean isUiEnrolled() {
-        return uiEnrolled;
-    }
-
-    public String getEditingId() {
-        return editingId;
-    }
-
-    public String getU2fSupportMessage() {
-        return u2fSupportMessage;
-    }
-
-    public boolean isU2fMayBeSupported() {
-        return u2fMayBeSupported;
-    }
-
-    public SecurityKey getNewDevice() {
-        return newDevice;
-    }
-
-    public List<SecurityKey> getDevices() {
-        return devices;
-    }
-
-    public void setEditingId(String editingId) {
-        this.editingId = editingId;
-    }
-
-    public void setNewDevice(SecurityKey newDevice) {
-        this.newDevice = newDevice;
-    }
-
-    @Init(superclass = true)
-    public void childInit() throws Exception {
-        mapper = new ObjectMapper();
-        newDevice = new SecurityKey();
-        devices = u2fService.getDevices(user.getId(), true);
-        checkU2fSupport();
-    }
-
-    @AfterCompose
-    public void afterCompose(@ContextParam(ContextType.VIEW) Component view) {
-        Selectors.wireEventListeners(view, this);
-    }
-
-    public void triggerU2fRegisterRequest() {
-        try {
-            uiAwaiting = true;
-            BindUtils.postNotifyChange(this, "uiAwaiting");
-            String jsonRequest = u2fService.generateJsonRegisterMessage(user.getUserName(), userService.generateRandEnrollmentCode(user.getId()));
-
-            //Notify browser to exec proper function
-            UIUtils.showMessageUI(Clients.NOTIFICATION_TYPE_INFO, Labels.getLabel("usr.u2f_touch"));
-            Clients.response(new AuInvoke("triggerU2fRegistration", new JavaScriptValue(jsonRequest), REGISTRATION_TIMEOUT));
-        } catch (Exception e) {
-            UIUtils.showMessageUI(false);
-            logger.error(e.getMessage(), e);
-        }
-
-    }
-
-    @Listen("onData=#readyButton")
-    public void notified(Event event) throws Exception {
-
-        String jsonStr = mapper.writeValueAsString(event.getData());
-        String error = u2fService.getRegistrationResult(jsonStr);
-
-        if (error == null) {
-            u2fService.finishRegistration(user.getUserName(), jsonStr);
-            //To know exactly which entry is, we pass the current timestamp so we can pick the most suitable
-            //entry by inspecting the creationDate attribute among all existing entries
-            newDevice = u2fService.getLatestSecurityKey(user.getId(), System.currentTimeMillis());
-
-            if (newDevice != null) {
-                uiEnrolled = true;
-                BindUtils.postNotifyChange(this, "uiEnrolled");
-            } else {
-                UIUtils.showMessageUI(false);
-                logger.error(Labels.getLabel("app.finish_registration_error"));
-            }
-        } else {
-            UIUtils.showMessageUI(false, Labels.getLabel("general.error.detailed", new String[] { error }));
-        }
-
-        uiAwaiting = false;
-        BindUtils.postNotifyChange(this, "uiAwaiting");
-        userService.cleanRandEnrollmentCode(user.getId());
-
-    }
-
-    @NotifyChange({"uiEnrolled", "newDevice", "devices"})
-    public void add() {
-
-        if (Utils.isNotEmpty(newDevice.getNickName())) {
-            try {
-                u2fService.updateDevice(newDevice);
-                devices.add(newDevice);
-                UIUtils.showMessageUI(true, Labels.getLabel("usr.enroll.success"));
-                userService.notifyEnrollment(user, SecurityKeyExtension.ACR);
-            } catch (Exception e) {
-                UIUtils.showMessageUI(false, Labels.getLabel("usr.error_updating"));
-                logger.error(e.getMessage(), e);
-            }
-            resetAddSettings();
-        }
-
-    }
-
-    @NotifyChange({"uiEnrolled", "newDevice"})
-    public void cancel() {
-
-        boolean success;
-        try {
-            /*
-             Remove the recently enrolled key. This is so because once the user touches his key button, jans-auth-server creates the
-             corresponding entry in LDAP, and if the user regrets adding the current key by not supplying a nickname
-             (and thus pressing cancel), we need to be obliterate the entry
-             */
-            success = u2fService.removeDevice(newDevice);
-        } catch (Exception e) {
-            success = false;
-            logger.error(e.getMessage(), e);
-        }
-        if (!success) {
-            UIUtils.showMessageUI(false);
-        }
-        resetAddSettings();
-
-    }
-
-    @NotifyChange({"editingId", "newDevice"})
-    public void prepareForUpdate(SecurityKey dev) {
-        //This will make the modal window to become visible
-        editingId = dev.getId();
-        newDevice = new SecurityKey();
-        newDevice.setNickName(dev.getNickName());
-    }
-
-    @NotifyChange({"editingId", "newDevice"})
-    public void cancelUpdate(Event event) {
-        newDevice.setNickName(null);
-        editingId = null;
-        if (event != null && event.getName().equals(Events.ON_CLOSE)) {
-            event.stopPropagation();
-        }
-    }
-
-    @NotifyChange({"devices", "editingId", "newDevice"})
-    public void update() {
-
-        String nick = newDevice.getNickName();
-        if (Utils.isNotEmpty(nick)) {
-            int i = Utils.firstTrue(devices, dev -> dev.getId().equals(editingId));
-            SecurityKey dev = devices.get(i);
-            dev.setNickName(nick);
-            cancelUpdate(null);
-
-            try {
-                u2fService.updateDevice(dev);
-                UIUtils.showMessageUI(true);
-            } catch (Exception e) {
-                UIUtils.showMessageUI(false);
-                logger.error(e.getMessage(), e);
-            }
-        }
-
-    }
-
-    public void delete(SecurityKey device) {
-
-        String resetMessages = resetPreferenceMessage(SecurityKeyExtension.ACR, devices.size());
-        boolean reset = resetMessages != null;
-        Pair<String, String> delMessages = getDeleteMessages(device.getNickName(), resetMessages);
-
-        Messagebox.show(delMessages.getY(), delMessages.getX(), Messagebox.YES | Messagebox.NO,
-                reset ? Messagebox.EXCLAMATION : Messagebox.QUESTION,
-                event -> {
-                    if (Messagebox.ON_YES.equals(event.getName())) {
-                        try {
-                            devices.remove(device);
-                            boolean success = u2fService.removeDevice(device);
-
-                            if (success) {
-                                if (reset) {
-                                    userService.turn2faOff(user);
-                                }
-                                //trigger refresh (this method is asynchronous...)
-                                BindUtils.postNotifyChange(SecurityKeyViewModel.this, "devices");
-                            } else {
-                                devices.add(device);
-                            }
-                            UIUtils.showMessageUI(success);
-                        } catch (Exception e) {
-                            UIUtils.showMessageUI(false);
-                            logger.error(e.getMessage(), e);
-                        }
-                    }
-                });
-    }
-
-    private void checkU2fSupport() {
-        //Assume u2f is not supported
-        u2fMayBeSupported = false;
-        try {
-            BrowserInfo binfo = getBrowserInfo();
-            String name = binfo.getName().toLowerCase();
-            int browserVer = binfo.getMainVersion();
-
-            //I can guarantee it only works in the following versions, however older browsers might work too (with some
-            //config flag tweaking or plugin installation)
-            u2fMayBeSupported = (name.contains("chrome") && browserVer >= 70) || (name.contains("opera") && browserVer >= 57)
-                    || (name.contains("safari") && browserVer > 10) || (name.contains("firefox") && browserVer >= 71);
-
-            if (u2fMayBeSupported && name.contains("safari")) {
-                u2fSupportMessage = Labels.getLabel("usr.u2f_unsupported_safari");
-            }
-        } catch (Exception e) {
-            logger.error(e.getMessage(), e);
-        }
-    }
-
-    private void resetAddSettings() {
-        uiEnrolled = false;
-        newDevice = new SecurityKey();
-    }
-
-}
diff --git a/casa/app/src/main/resources/labels/user.properties b/casa/app/src/main/resources/labels/user.properties
index 630c6e7ce..344eba478 100644
--- a/casa/app/src/main/resources/labels/user.properties
+++ b/casa/app/src/main/resources/labels/user.properties
@@ -22,15 +22,14 @@ usr.mfa_notenough=You cannot turn on 2FA until you register at least {0} credent
 #fido 2 security keys
 usr.fido2_label=Security key and Platform Authenticators
 usr.fido2_title=Security Keys and built-in Platform Authenticators
-usr.fido2_text=Protect your online accounts against unauthorized access by using 2 factor authentication with Security keys ( USB / NFC) and built-in Platform authenticators (Apple's Touch ID).
-usr.fido2_buy_title=Buy keys from <a href="${usr.u2f_buy_link1}" target="_blank">Amazon</a> or <a href="${usr.u2f_buy_link2}" target="_blank">Yubico</a>
+usr.fido2_text=Protect your online accounts against unauthorized access by using 2 factor authentication with Security keys (USB / NFC) and built-in Platform authenticators (Apple's Touch ID).
+usr.fido2_buy_title=Buy keys from <a href="${usr.fido2_buy_link1}" target="_blank">Amazon</a> or <a href="${usr.fido2_buy_link2}" target="_blank">Yubico</a>
 usr.fido2_buy_link1=https://www.amazon.com/fido2/s?k=fido2
+usr.fido2_buy_link2=https://www.yubico.com/store
 
 usr.fido2_label.security.key=Security key 
 usr.fido2_title.security.key=Security Keys and built-in Platform Authenticators
-usr.fido2_text.security.key=Protect your online accounts against unauthorized access by using 2 factor authentication with Security keys ( USB / NFC) and built-in Platform authenticators (Apple's Touch ID).
-usr.fido2_buy_title.security.key=Buy keys from <a href="${usr.u2f_buy_link1}" target="_blank">Amazon</a> or <a href="${usr.u2f_buy_link2}" target="_blank">Yubico</a>
-usr.fido2_buy_link1.security.key=https://www.amazon.com/fido2/s?k=fido2
+usr.fido2_text.security.key=Protect your online accounts against unauthorized access by using 2 factor authentication with Security keys (USB / NFC) and built-in Platform authenticators (Apple's Touch ID).
 
 usr.fido2_manage=Manage security keys
 usr.fido2_add=Register a security key
@@ -55,28 +54,6 @@ Security keys are apparently not supported by your browser. If your enrollment a
 version of Chrome, Opera, Firefox or Edge.
 }
 
-#u2f security keys
-usr.u2f_label=Security key
-usr.u2f_title=U2F Security Keys
-usr.u2f_text=Security keys are the most secure form of authentication available online. Most U2F tokens only support USB; newer tokens support NFC also.
-usr.u2f_buy_title=Buy U2F keys from <a href="${usr.u2f_buy_link1}" target="_blank">Amazon</a> or <a href="${usr.u2f_buy_link2}" target="_blank">Yubico</a>
-usr.u2f_buy_link1=https://www.amazon.com/u2f-security-key/s?ie=UTF8&page=1&rh=i%3Aaps%2Ck%3Au2f%20security%20key
-usr.u2f_buy_link2=https://www.yubico.com/store
-#https://www.amazon.com/FIDO-U2F-Security-Key/s?ie=UTF8&page=1&rh=i%3Aaps%2Ck%3A%22FIDO%20U2F%20Security%20Key%22
-usr.u2f_manage=Manage security keys
-usr.u2f_add=Add a security key
-usr.u2f_touch=Touch your key button
-usr.u2f_pressready=Insert your security key and press the "${general.ready}" button below
-usr.u2f_edit=Change nickname of your security key
-usr.u2f_del=Remove this key from your credentials
-usr.u2f_mobile_unsupported=You can only enroll security keys on a desktop device
-
-usr.u2f_unsupported_browser=This feature is not available in your browser. Please use a recent version of Opera, Firefox or Chrome.
-usr.u2f_unsupported_safari={
-You can use this feature in Safari only if the \
-<a href="/Safari-FIDO-U2F/Safari-FIDO-U2F" target="_blank">Safari FIDO U2F</a> plugin is installed.
-}
-
 #super gluu
 usr.supergluu_label=Super Gluu device
 usr.supergluu_title=Super Gluu Devices
diff --git a/casa/app/src/main/webapp/scripts/gluu/u2f-util.js b/casa/app/src/main/webapp/scripts/gluu/u2f-util.js
deleted file mode 100644
index 27d4c5a95..000000000
--- a/casa/app/src/main/webapp/scripts/gluu/u2f-util.js
+++ /dev/null
@@ -1,41 +0,0 @@
-var register_request = null;
-var register_timeout;
-
-//Special widget to send data to server directly
-var widget;
-
-//This is called when the ready button is pushed
-function initialize(wgt){
-    if (!widget)
-        widget=wgt;
-}
-
-//Triggers the u2f once some time has passed (allowing users to plug the security key to the USB port)
-function triggerU2fRegistration(req, timeout){
-    register_request=req;
-    register_timeout=timeout;
-    //Wait half a second to start registration
-    setTimeout(startRegistration, 500);
-}
-
-//Performs u2f registration
-function startRegistration() {
-    //The key should start blinking upon this call. In FF this is not always true ... I've faced cases where
-    //30 seconds elapse :(
-    u2fApi.register(register_request.registerRequests, Math.floor(register_timeout/1000))    //expects seconds
-            .then(function (data) {
-                sendBack(data);
-            })
-            .catch(function (err) {
-                sendBack({ errorCode: err.metaData.code });
-            })
-}
-
-//Captures the response of the registration start and sends it to backend as is
-function sendBack(obj){
-    zAu.send(new zk.Event(widget, "onData", obj, {toServer:true}));
-}
-
-function prepareAlert() {
-    alertRef = $('#feedback-key-edit');
-}
diff --git a/casa/app/src/main/webapp/scripts/u2f-api.js b/casa/app/src/main/webapp/scripts/u2f-api.js
deleted file mode 100644
index 37f49dc0d..000000000
--- a/casa/app/src/main/webapp/scripts/u2f-api.js
+++ /dev/null
@@ -1,830 +0,0 @@
-(function () {
-  'use strict';
-
-  //Copyright 2014-2015 Google Inc. All rights reserved.
-
-  //Use of this source code is governed by a BSD-style
-  //license that can be found in the LICENSE file or at
-  //https://developers.google.com/open-source/licenses/bsd
-
-  /**
-   * @fileoverview The U2F api.
-   */
-  // 'use strict';
-
-
-  /**
-   * Namespace for the U2F api.
-   * @type {Object}
-   */
-  var u2f = u2f || {};
-
-  const chromeApi = u2f; // Adaptation for u2f-api package
-
-  /**
-   * FIDO U2F Javascript API Version
-   * @number
-   */
-  var js_api_version;
-
-  /**
-   * The U2F extension id
-   * @const {string}
-   */
-  // The Chrome packaged app extension ID.
-  // Uncomment this if you want to deploy a server instance that uses
-  // the package Chrome app and does not require installing the U2F Chrome extension.
-   u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
-  // The U2F Chrome extension ID.
-  // Uncomment this if you want to deploy a server instance that uses
-  // the U2F Chrome extension to authenticate.
-  // u2f.EXTENSION_ID = 'pfboblefjcgdjicmnffhdgionmgcdmne';
-
-
-  /**
-   * Message types for messsages to/from the extension
-   * @const
-   * @enum {string}
-   */
-  u2f.MessageTypes = {
-      'U2F_REGISTER_REQUEST': 'u2f_register_request',
-      'U2F_REGISTER_RESPONSE': 'u2f_register_response',
-      'U2F_SIGN_REQUEST': 'u2f_sign_request',
-      'U2F_SIGN_RESPONSE': 'u2f_sign_response',
-      'U2F_GET_API_VERSION_REQUEST': 'u2f_get_api_version_request',
-      'U2F_GET_API_VERSION_RESPONSE': 'u2f_get_api_version_response'
-  };
-
-
-  /**
-   * Response status codes
-   * @const
-   * @enum {number}
-   */
-  u2f.ErrorCodes = {
-      'OK': 0,
-      'OTHER_ERROR': 1,
-      'BAD_REQUEST': 2,
-      'CONFIGURATION_UNSUPPORTED': 3,
-      'DEVICE_INELIGIBLE': 4,
-      'TIMEOUT': 5
-  };
-
-
-  //Low level MessagePort API support
-
-  /**
-   * Sets up a MessagePort to the U2F extension using the
-   * available mechanisms.
-   * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
-   */
-  u2f.getMessagePort = function(callback) {
-    if (typeof chrome != 'undefined' && chrome.runtime) {
-      // The actual message here does not matter, but we need to get a reply
-      // for the callback to run. Thus, send an empty signature request
-      // in order to get a failure response.
-      var msg = {
-          type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-          signRequests: []
-      };
-      chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() {
-        if (!chrome.runtime.lastError) {
-          // We are on a whitelisted origin and can talk directly
-          // with the extension.
-          u2f.getChromeRuntimePort_(callback);
-        } else {
-          // chrome.runtime was available, but we couldn't message
-          // the extension directly, use iframe
-          u2f.getIframePort_(callback);
-        }
-      });
-    } else if (u2f.isAndroidChrome_()) {
-      u2f.getAuthenticatorPort_(callback);
-    } else if (u2f.isIosChrome_()) {
-      u2f.getIosPort_(callback);
-    } else {
-      // chrome.runtime was not available at all, which is normal
-      // when this origin doesn't have access to any extensions.
-      u2f.getIframePort_(callback);
-    }
-  };
-
-  /**
-   * Detect chrome running on android based on the browser's useragent.
-   * @private
-   */
-  u2f.isAndroidChrome_ = function() {
-    var userAgent = navigator.userAgent;
-    return userAgent.indexOf('Chrome') != -1 &&
-    userAgent.indexOf('Android') != -1;
-  };
-
-  /**
-   * Detect chrome running on iOS based on the browser's platform.
-   * @private
-   */
-  u2f.isIosChrome_ = function() {
-    return ["iPhone", "iPad", "iPod"].indexOf(navigator.platform) > -1;
-  };
-
-  /**
-   * Connects directly to the extension via chrome.runtime.connect.
-   * @param {function(u2f.WrappedChromeRuntimePort_)} callback
-   * @private
-   */
-  u2f.getChromeRuntimePort_ = function(callback) {
-    var port = chrome.runtime.connect(u2f.EXTENSION_ID,
-        {'includeTlsChannelId': true});
-    setTimeout(function() {
-      callback(new u2f.WrappedChromeRuntimePort_(port));
-    }, 0);
-  };
-
-  /**
-   * Return a 'port' abstraction to the Authenticator app.
-   * @param {function(u2f.WrappedAuthenticatorPort_)} callback
-   * @private
-   */
-  u2f.getAuthenticatorPort_ = function(callback) {
-    setTimeout(function() {
-      callback(new u2f.WrappedAuthenticatorPort_());
-    }, 0);
-  };
-
-  /**
-   * Return a 'port' abstraction to the iOS client app.
-   * @param {function(u2f.WrappedIosPort_)} callback
-   * @private
-   */
-  u2f.getIosPort_ = function(callback) {
-    setTimeout(function() {
-      callback(new u2f.WrappedIosPort_());
-    }, 0);
-  };
-
-  /**
-   * A wrapper for chrome.runtime.Port that is compatible with MessagePort.
-   * @param {Port} port
-   * @constructor
-   * @private
-   */
-  u2f.WrappedChromeRuntimePort_ = function(port) {
-    this.port_ = port;
-  };
-
-  /**
-   * Format and return a sign request compliant with the JS API version supported by the extension.
-   * @param {Array<u2f.SignRequest>} signRequests
-   * @param {number} timeoutSeconds
-   * @param {number} reqId
-   * @return {Object}
-   */
-  u2f.formatSignRequest_ =
-    function(appId, challenge, registeredKeys, timeoutSeconds, reqId) {
-    if (js_api_version === undefined || js_api_version < 1.1) {
-      // Adapt request to the 1.0 JS API
-      var signRequests = [];
-      for (var i = 0; i < registeredKeys.length; i++) {
-        signRequests[i] = {
-            version: registeredKeys[i].version,
-            challenge: challenge,
-            keyHandle: registeredKeys[i].keyHandle,
-            appId: appId
-        };
-      }
-      return {
-        type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-        signRequests: signRequests,
-        timeoutSeconds: timeoutSeconds,
-        requestId: reqId
-      };
-    }
-    // JS 1.1 API
-    return {
-      type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-      appId: appId,
-      challenge: challenge,
-      registeredKeys: registeredKeys,
-      timeoutSeconds: timeoutSeconds,
-      requestId: reqId
-    };
-  };
-
-  /**
-   * Format and return a register request compliant with the JS API version supported by the extension..
-   * @param {Array<u2f.SignRequest>} signRequests
-   * @param {Array<u2f.RegisterRequest>} signRequests
-   * @param {number} timeoutSeconds
-   * @param {number} reqId
-   * @return {Object}
-   */
-  u2f.formatRegisterRequest_ =
-    function(appId, registeredKeys, registerRequests, timeoutSeconds, reqId) {
-    if (js_api_version === undefined || js_api_version < 1.1) {
-      // Adapt request to the 1.0 JS API
-      for (var i = 0; i < registerRequests.length; i++) {
-        registerRequests[i].appId = appId;
-      }
-      var signRequests = [];
-      for (var i = 0; i < registeredKeys.length; i++) {
-        signRequests[i] = {
-            version: registeredKeys[i].version,
-            challenge: registerRequests[0],
-            keyHandle: registeredKeys[i].keyHandle,
-            appId: appId
-        };
-      }
-      return {
-        type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
-        signRequests: signRequests,
-        registerRequests: registerRequests,
-        timeoutSeconds: timeoutSeconds,
-        requestId: reqId
-      };
-    }
-    // JS 1.1 API
-    return {
-      type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
-      appId: appId,
-      registerRequests: registerRequests,
-      registeredKeys: registeredKeys,
-      timeoutSeconds: timeoutSeconds,
-      requestId: reqId
-    };
-  };
-
-
-  /**
-   * Posts a message on the underlying channel.
-   * @param {Object} message
-   */
-  u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) {
-    this.port_.postMessage(message);
-  };
-
-
-  /**
-   * Emulates the HTML 5 addEventListener interface. Works only for the
-   * onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
-   * @param {string} eventName
-   * @param {function({data: Object})} handler
-   */
-  u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
-      function(eventName, handler) {
-    var name = eventName.toLowerCase();
-    if (name == 'message' || name == 'onmessage') {
-      this.port_.onMessage.addListener(function(message) {
-        // Emulate a minimal MessageEvent object
-        handler({'data': message});
-      });
-    } else {
-      console.error('WrappedChromeRuntimePort only supports onMessage');
-    }
-  };
-
-  /**
-   * Wrap the Authenticator app with a MessagePort interface.
-   * @constructor
-   * @private
-   */
-  u2f.WrappedAuthenticatorPort_ = function() {
-    this.requestId_ = -1;
-    this.requestObject_ = null;
-  };
-
-  /**
-   * Launch the Authenticator intent.
-   * @param {Object} message
-   */
-  u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) {
-    var intentUrl =
-      u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
-      ';S.request=' + encodeURIComponent(JSON.stringify(message)) +
-      ';end';
-    document.location = intentUrl;
-  };
-
-  /**
-   * Tells what type of port this is.
-   * @return {String} port type
-   */
-  u2f.WrappedAuthenticatorPort_.prototype.getPortType = function() {
-    return "WrappedAuthenticatorPort_";
-  };
-
-
-  /**
-   * Emulates the HTML 5 addEventListener interface.
-   * @param {string} eventName
-   * @param {function({data: Object})} handler
-   */
-  u2f.WrappedAuthenticatorPort_.prototype.addEventListener = function(eventName, handler) {
-    var name = eventName.toLowerCase();
-    if (name == 'message') {
-      var self = this;
-      /* Register a callback to that executes when
-       * chrome injects the response. */
-      window.addEventListener(
-          'message', self.onRequestUpdate_.bind(self, handler), false);
-    } else {
-      console.error('WrappedAuthenticatorPort only supports message');
-    }
-  };
-
-  /**
-   * Callback invoked  when a response is received from the Authenticator.
-   * @param function({data: Object}) callback
-   * @param {Object} message message Object
-   */
-  u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
-      function(callback, message) {
-    var messageObject = JSON.parse(message.data);
-    var intentUrl = messageObject['intentURL'];
-
-    var errorCode = messageObject['errorCode'];
-    var responseObject = null;
-    if (messageObject.hasOwnProperty('data')) {
-      responseObject = /** @type {Object} */ (
-          JSON.parse(messageObject['data']));
-    }
-
-    callback({'data': responseObject});
-  };
-
-  /**
-   * Base URL for intents to Authenticator.
-   * @const
-   * @private
-   */
-  u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
-    'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
-
-  /**
-   * Wrap the iOS client app with a MessagePort interface.
-   * @constructor
-   * @private
-   */
-  u2f.WrappedIosPort_ = function() {};
-
-  /**
-   * Launch the iOS client app request
-   * @param {Object} message
-   */
-  u2f.WrappedIosPort_.prototype.postMessage = function(message) {
-    var str = JSON.stringify(message);
-    var url = "u2f://auth?" + encodeURI(str);
-    location.replace(url);
-  };
-
-  /**
-   * Tells what type of port this is.
-   * @return {String} port type
-   */
-  u2f.WrappedIosPort_.prototype.getPortType = function() {
-    return "WrappedIosPort_";
-  };
-
-  /**
-   * Emulates the HTML 5 addEventListener interface.
-   * @param {string} eventName
-   * @param {function({data: Object})} handler
-   */
-  u2f.WrappedIosPort_.prototype.addEventListener = function(eventName, handler) {
-    var name = eventName.toLowerCase();
-    if (name !== 'message') {
-      console.error('WrappedIosPort only supports message');
-    }
-  };
-
-  /**
-   * Sets up an embedded trampoline iframe, sourced from the extension.
-   * @param {function(MessagePort)} callback
-   * @private
-   */
-  u2f.getIframePort_ = function(callback) {
-    // Create the iframe
-    var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
-    var iframe = document.createElement('iframe');
-    iframe.src = iframeOrigin + '/u2f-comms.html';
-    iframe.setAttribute('style', 'display:none');
-    document.body.appendChild(iframe);
-
-    var channel = new MessageChannel();
-    var ready = function(message) {
-      if (message.data == 'ready') {
-        channel.port1.removeEventListener('message', ready);
-        callback(channel.port1);
-      } else {
-        console.error('First event on iframe port was not "ready"');
-      }
-    };
-    channel.port1.addEventListener('message', ready);
-    channel.port1.start();
-
-    iframe.addEventListener('load', function() {
-      // Deliver the port to the iframe and initialize
-      iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
-    });
-  };
-
-
-  //High-level JS API
-
-  /**
-   * Default extension response timeout in seconds.
-   * @const
-   */
-  u2f.EXTENSION_TIMEOUT_SEC = 30;
-
-  /**
-   * A singleton instance for a MessagePort to the extension.
-   * @type {MessagePort|u2f.WrappedChromeRuntimePort_}
-   * @private
-   */
-  u2f.port_ = null;
-
-  /**
-   * Callbacks waiting for a port
-   * @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
-   * @private
-   */
-  u2f.waitingForPort_ = [];
-
-  /**
-   * A counter for requestIds.
-   * @type {number}
-   * @private
-   */
-  u2f.reqCounter_ = 0;
-
-  /**
-   * A map from requestIds to client callbacks
-   * @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
-   *                       |function((u2f.Error|u2f.SignResponse)))>}
-   * @private
-   */
-  u2f.callbackMap_ = {};
-
-  /**
-   * Creates or retrieves the MessagePort singleton to use.
-   * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
-   * @private
-   */
-  u2f.getPortSingleton_ = function(callback) {
-    if (u2f.port_) {
-      callback(u2f.port_);
-    } else {
-      if (u2f.waitingForPort_.length == 0) {
-        u2f.getMessagePort(function(port) {
-          u2f.port_ = port;
-          u2f.port_.addEventListener('message',
-              /** @type {function(Event)} */ (u2f.responseHandler_));
-
-          // Careful, here be async callbacks. Maybe.
-          while (u2f.waitingForPort_.length)
-            u2f.waitingForPort_.shift()(u2f.port_);
-        });
-      }
-      u2f.waitingForPort_.push(callback);
-    }
-  };
-
-  /**
-   * Handles response messages from the extension.
-   * @param {MessageEvent.<u2f.Response>} message
-   * @private
-   */
-  u2f.responseHandler_ = function(message) {
-    var response = message.data;
-    var reqId = response['requestId'];
-    if (!reqId || !u2f.callbackMap_[reqId]) {
-      console.error('Unknown or missing requestId in response.');
-      return;
-    }
-    var cb = u2f.callbackMap_[reqId];
-    delete u2f.callbackMap_[reqId];
-    cb(response['responseData']);
-  };
-
-  /**
-   * Calls the callback with true or false as first and only argument
-   * @param {Function} callback
-   */
-  u2f.isSupported = function(callback) {
-    var hasCalledBack = false;
-    function reply(value) {
-      if (hasCalledBack)
-        return;
-      hasCalledBack = true;
-      callback(value);
-    }
-    u2f.getApiVersion(
-      function (response) {
-        js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
-        reply(true);
-      }
-    );
-    // No response from extension within 1500ms -> no support
-    setTimeout(reply.bind(null, false), 1500);
-  };
-
-  /**
-   * Dispatches an array of sign requests to available U2F tokens.
-   * If the JS API version supported by the extension is unknown, it first sends a
-   * message to the extension to find out the supported API version and then it sends
-   * the sign request.
-   * @param {string=} appId
-   * @param {string=} challenge
-   * @param {Array<u2f.RegisteredKey>} registeredKeys
-   * @param {function((u2f.Error|u2f.SignResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.sign = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
-    if (js_api_version === undefined) {
-      // Send a message to get the extension to JS API version, then send the actual sign request.
-      u2f.getApiVersion(
-          function (response) {
-            js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
-            console.log("Extension JS API Version: ", js_api_version);
-            u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
-          });
-    } else {
-      // We know the JS API version. Send the actual sign request in the supported API version.
-      u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
-    }
-  };
-
-  /**
-   * Dispatches an array of sign requests to available U2F tokens.
-   * @param {string=} appId
-   * @param {string=} challenge
-   * @param {Array<u2f.RegisteredKey>} registeredKeys
-   * @param {function((u2f.Error|u2f.SignResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.sendSignRequest = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
-    u2f.getPortSingleton_(function(port) {
-      var reqId = ++u2f.reqCounter_;
-      u2f.callbackMap_[reqId] = callback;
-      var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-          opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-      var req = u2f.formatSignRequest_(appId, challenge, registeredKeys, timeoutSeconds, reqId);
-      port.postMessage(req);
-    });
-  };
-
-  /**
-   * Dispatches register requests to available U2F tokens. An array of sign
-   * requests identifies already registered tokens.
-   * If the JS API version supported by the extension is unknown, it first sends a
-   * message to the extension to find out the supported API version and then it sends
-   * the register request.
-   * @param {string=} appId
-   * @param {Array<u2f.RegisterRequest>} registerRequests
-   * @param {Array<u2f.RegisteredKey>} registeredKeys
-   * @param {function((u2f.Error|u2f.RegisterResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.register = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
-    if (js_api_version === undefined) {
-      // Send a message to get the extension to JS API version, then send the actual register request.
-      u2f.getApiVersion(
-          function (response) {
-            js_api_version = response['js_api_version'] === undefined ? 0: response['js_api_version'];
-            console.log("Extension JS API Version: ", js_api_version);
-            u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
-                callback, opt_timeoutSeconds);
-          });
-    } else {
-      // We know the JS API version. Send the actual register request in the supported API version.
-      u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
-          callback, opt_timeoutSeconds);
-    }
-  };
-
-  /**
-   * Dispatches register requests to available U2F tokens. An array of sign
-   * requests identifies already registered tokens.
-   * @param {string=} appId
-   * @param {Array<u2f.RegisterRequest>} registerRequests
-   * @param {Array<u2f.RegisteredKey>} registeredKeys
-   * @param {function((u2f.Error|u2f.RegisterResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.sendRegisterRequest = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
-    u2f.getPortSingleton_(function(port) {
-      var reqId = ++u2f.reqCounter_;
-      u2f.callbackMap_[reqId] = callback;
-      var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-          opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-      var req = u2f.formatRegisterRequest_(
-          appId, registeredKeys, registerRequests, timeoutSeconds, reqId);
-      port.postMessage(req);
-    });
-  };
-
-
-  /**
-   * Dispatches a message to the extension to find out the supported
-   * JS API version.
-   * If the user is on a mobile phone and is thus using Google Authenticator instead
-   * of the Chrome extension, don't send the request and simply return 0.
-   * @param {function((u2f.Error|u2f.GetJsApiVersionResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.getApiVersion = function(callback, opt_timeoutSeconds) {
-   u2f.getPortSingleton_(function(port) {
-     // If we are using Android Google Authenticator or iOS client app,
-     // do not fire an intent to ask which JS API version to use.
-     if (port.getPortType) {
-       var apiVersion;
-       switch (port.getPortType()) {
-         case 'WrappedIosPort_':
-         case 'WrappedAuthenticatorPort_':
-           apiVersion = 1.1;
-           break;
-
-         default:
-           apiVersion = 0;
-           break;
-       }
-       callback({ 'js_api_version': apiVersion });
-       return;
-     }
-      var reqId = ++u2f.reqCounter_;
-      u2f.callbackMap_[reqId] = callback;
-      var req = {
-        type: u2f.MessageTypes.U2F_GET_API_VERSION_REQUEST,
-        timeoutSeconds: (typeof opt_timeoutSeconds !== 'undefined' ?
-            opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC),
-        requestId: reqId
-      };
-      port.postMessage(req);
-    });
-  };
-
-  // Feature detection (yes really)
-  // For IE and Edge detection, see https://stackoverflow.com/questions/31757852#31757969
-  // and https://stackoverflow.com/questions/56360225#56361977
-  var isBrowser = (typeof navigator !== 'undefined') && !!navigator.userAgent;
-  var isSafari = isBrowser && navigator.userAgent.match(/Safari\//)
-      && !navigator.userAgent.match(/Chrome\//);
-  var isEDGE = isBrowser && /(Edge\/)|(edg\/)/i.test(navigator.userAgent);
-  var isIE = isBrowser && /(MSIE 9|MSIE 10|rv:11.0)/i.test(navigator.userAgent);
-  var _backend = null;
-  function getBackend() {
-      if (_backend)
-          return _backend;
-      var supportChecker = new Promise(function (resolve, reject) {
-          function notSupported() {
-              resolve({ u2f: null });
-          }
-          if (!isBrowser)
-              return notSupported();
-          if (isSafari)
-              // Safari doesn't support U2F, and the Safari-FIDO-U2F
-              // extension lacks full support (Multi-facet apps), so we
-              // block it until proper support.
-              return notSupported();
-          var hasNativeSupport = (typeof window.u2f !== 'undefined') &&
-              (typeof window.u2f.sign === 'function');
-          if (hasNativeSupport)
-              return resolve({ u2f: window.u2f });
-          if (isEDGE || isIE)
-              // We don't want to check for Google's extension hack on EDGE & IE
-              // as it'll cause trouble (popups, etc)
-              return notSupported();
-          if (location.protocol === 'http:')
-              // U2F isn't supported over http, only https
-              return notSupported();
-          if (typeof MessageChannel === 'undefined')
-              // Unsupported browser, the chrome hack would throw
-              return notSupported();
-          // Test for google extension support
-          chromeApi.isSupported(function (ok) {
-              if (ok)
-                  resolve({ u2f: chromeApi });
-              else
-                  notSupported();
-          });
-      })
-          .then(function (response) {
-          _backend = response.u2f ? supportChecker : null;
-          return response;
-      });
-      return supportChecker;
-  }
-  var ErrorCodes = {
-      OK: 0,
-      OTHER_ERROR: 1,
-      BAD_REQUEST: 2,
-      CONFIGURATION_UNSUPPORTED: 3,
-      DEVICE_INELIGIBLE: 4,
-      TIMEOUT: 5
-  };
-  var ErrorNames = {
-      "0": "OK",
-      "1": "OTHER_ERROR",
-      "2": "BAD_REQUEST",
-      "3": "CONFIGURATION_UNSUPPORTED",
-      "4": "DEVICE_INELIGIBLE",
-      "5": "TIMEOUT"
-  };
-  function makeError(msg, err) {
-      var code = err != null ? err.errorCode : 1; // Default to OTHER_ERROR
-      var type = ErrorNames[('' + code)];
-      var error = new Error(msg);
-      error.metaData = { type: type, code: code };
-      return error;
-  }
-  function isSupported() {
-      return getBackend()
-          .then(function (backend) { return !!backend.u2f; });
-  }
-  function _ensureSupport(backend) {
-      if (!backend.u2f) {
-          if (location.protocol === 'http:')
-              throw new Error("U2F isn't supported over http, only https");
-          throw new Error("U2F not supported");
-      }
-  }
-  function ensureSupport() {
-      return getBackend()
-          .then(_ensureSupport);
-  }
-  function arrayify(value) {
-      if (value != null && Array.isArray(value))
-          return value;
-      return value == null
-          ? []
-          : Array.isArray(value)
-              ? value.slice() : [value];
-  }
-  function register(registerRequests, signRequests, timeout) {
-      var _registerRequests = arrayify(registerRequests);
-      if (typeof signRequests === 'number' && typeof timeout === 'undefined') {
-          timeout = signRequests;
-          signRequests = [];
-      }
-      var _signRequests = arrayify(signRequests);
-      return getBackend()
-          .then(function (backend) {
-          _ensureSupport(backend);
-          var u2f = backend.u2f;
-          return new Promise(function (resolve, reject) {
-              function callback(response) {
-                  if (response.errorCode)
-                      reject(makeError("Registration failed", response));
-                  else {
-                      delete response.errorCode;
-                      resolve(response);
-                  }
-              }
-              var appId = _registerRequests[0].appId;
-              u2f.register(appId, _registerRequests, _signRequests, callback, timeout);
-          });
-      });
-  }
-  function sign(signRequests, timeout) {
-      var _signRequests = arrayify(signRequests);
-      return getBackend()
-          .then(function (backend) {
-          _ensureSupport(backend);
-          var u2f = backend.u2f;
-          return new Promise(function (resolve, reject) {
-              var _a;
-              function callback(response) {
-                  if (response.errorCode)
-                      reject(makeError("Sign failed", response));
-                  else {
-                      delete response.errorCode;
-                      resolve(response);
-                  }
-              }
-              var appId = _signRequests[0].appId;
-              var challenge = _signRequests[0].challenge;
-              var registeredKeys = (_a = []).concat.apply(_a, _signRequests
-                  .map(function (_a) {
-                  var version = _a.version, keyHandle = _a.keyHandle, appId = _a.appId;
-                  return arrayify(keyHandle)
-                      .map(function (keyHandle) {
-                      return ({ version: version, keyHandle: keyHandle, appId: appId });
-                  });
-              }));
-              u2f.sign(appId, challenge, registeredKeys, callback, timeout);
-          });
-      });
-  }
-
-  var u2fApi = /*#__PURE__*/Object.freeze({
-    ErrorCodes: ErrorCodes,
-    ErrorNames: ErrorNames,
-    isSupported: isSupported,
-    ensureSupport: ensureSupport,
-    register: register,
-    sign: sign
-  });
-
-  window.u2fApi = u2fApi;
-
-}());
diff --git a/casa/app/src/main/webapp/user/u2f-detail.zul b/casa/app/src/main/webapp/user/u2f-detail.zul
deleted file mode 100644
index f0a91b3b3..000000000
--- a/casa/app/src/main/webapp/user/u2f-detail.zul
+++ /dev/null
@@ -1,123 +0,0 @@
-<?page language="xhtml"?>
-<?init class="org.zkoss.zk.ui.util.Composition" template="/general.zul"?>
-<zk:zk xmlns:z="http://www.zkoss.org/2005/zul" xmlns:h="xhtml" xmlns:zk="zk" xmlns:w="client" xmlns:ca="client/attribute" xmlns="native">
-
-    <h:title self="@define(title)">${zkService.appName} - ${labels.usr.u2f_title}</h:title>
-
-    <z:div if="${empty pageScope.error}" viewModel="@('org.gluu.casa.ui.vm.user.SecurityKeyViewModel')"
-           self="@define(maincontent)">
-
-        <z:include src="/back-home.zul" />
-        <div class="ph4 mb2">
-            <div class="alert alert-success dn" id="feedback-key-edit" role="alert" />
-        </div>
-
-        <div class="${css['sectionsWrapper']}">
-            <section class="${css.section}">
-
-                <div class="${css.panel}">
-                    <h2 class="f4 dark-blue2">${labels.usr.u2f_title}</h2>
-                    <p>${labels.usr.u2f_text}</p>
-                    <!--z:label visible="@load(not empty vm.phones)" sclass="dark-blue2" value="${labels.usr.you_added}" /-->
-                </div>
-
-                <!-- keys list -->
-                <z:div children="@load(vm.devices)">
-                    <zk:template name="children">
-                        <div class="${css.panel} flex justify-between">
-                            <div class="flex items-start">
-                                <img src="${zkService.contextPath}${assetsService.prefix}/images/u2fkey.png" />
-
-                                <p class="ml3 mb0">
-                                    <z:label sclass="f5 dark-blue2" value="@load(empty each.nickName ? c:l('general.no_named') : each.nickName)" />
-                                    <br />
-                                    <label class="w4 ma0 truncate nb1">${labels.general.last_used}</label>
-                                    <zk:zk if="${each.lastAccessTime ne null}">
-                                        <z:label value="@load(each.lastAccessTime) @converter('org.gluu.casa.ui.CustomDateConverter',
-                                            format='MMM d, yyyy - hh:mm a', offset = sessionContext.zoneOffset))" />
-                                    </zk:zk>
-                                    <zk:zk unless="${each.lastAccessTime ne null}">
-                                        <z:label value="@load(each.creationDate) @converter('org.gluu.casa.ui.CustomDateConverter',
-                                            format='MMM d, yyyy - hh:mm a', offset = sessionContext.zoneOffset))"/>
-                                    </zk:zk>
-
-                                    <br />
-                                    <label class="w4 ma0 truncate nb1">${labels.general.added_on}</label>
-                                    <z:label value="@load(each.creationDate) @converter('org.gluu.casa.ui.CustomDateConverter',
-                                        format='MMM d, yyyy - hh:mm a', offset = sessionContext.zoneOffset)"/>
-                                </p>
-                            </div>
-                            <div class="pl2 pt2">
-                                <h:button class="${css.editButton} mb2 mr2" w:onClick="prepareAlert()" onClick="@('prepareForUpdate', each)"
-                                          data-original-title="${labels.general.edit}" data-toggle="tooltip" data-placement="top">
-                                    <i class="fas fa-pencil-alt" />
-                                </h:button>
-                                <h:button class="${css.deleteButton} mb2" w:onClick="prepareAlert()" onClick="@('delete', each)"
-                                          data-original-title="${labels.general.delete}" data-toggle="tooltip" data-placement="top">
-                                    <i class="fas fa-trash-alt" />
-                                </h:button>
-                            </div>
-                        </div>
-                    </zk:template>
-                </z:div>
-
-                <div class="${css.panel} bg-near-white">
-                    <h2 class="f5 dark-blue2 pt1">${labels.usr.u2f_add}</h2>
-
-                    <div class="alert alert-success dn" id="feedback-key" role="alert" />
-                    <!-- this could have been better written but zk choose tag seems not to work in zhtml -->
-                    <z:label if="${sessionContext.browser.mobile}" value="${labels.usr.u2f_mobile_unsupported}" />
-                    <z:label if="${not sessionContext.browser.mobile and not vm.u2fMayBeSupported}" value="${labels.usr.u2f_unsupported_browser}" />
-                    <z:div if="${not sessionContext.browser.mobile and vm.u2fMayBeSupported}">
-                        <h:p class="pt2 dark-blue2" unless="${empty vm.u2fSupportMessage}">
-                            ${vm.u2fSupportMessage}
-                        </h:p>
-                        <div class="pb2">
-                            <span class="mr2">${labels.usr.u2f_pressready}</span>
-                            <z:image src="${assetsService.prefix}/images/throbber.gif" visible="@load(vm.uiAwaiting)" />
-                        </div>
-                        <z:button id="readyButton" label="${labels.general.ready}" sclass="${css.primaryButton}"
-                                  w:onClick="alertRef = $('#feedback-key'); initialize(this)" onClick="@('triggerU2fRegisterRequest')" />
-                    </z:div>
-
-                    <z:div sclass="flex flex-wrap pt2" visible="@load(vm.uiEnrolled)">
-                        <div class="relative w5 mt3 pr3">
-                            <z:textbox sclass="focused-text w-100 pb1" onOK="@('add')" value="@bind(vm.newDevice.nickName)" ca:required="required" />
-                            <label class="focused-label">${labels.usr.enter_nick}</label>
-                        </div>
-
-                        <div class="pt2">
-                            <z:button label="${labels.general.add}" sclass="${css.primaryButton} mr2" onClick="@('add')"/>
-                            <z:button label="${labels.general.cancel}" sclass="${css.tertiaryButton}" onClick="@('cancel')"/>
-                        </div>
-                    </z:div>
-                </div>
-
-            </section>
-        </div>
-
-        <z:window title="${labels.usr.u2f_edit}" border="normal" mode="modal" visible="@load(not empty vm.editingId)"
-                  closable="true" onClose="@('cancelUpdate', event)" sclass="${css.modalWindow}">
-
-            <div sclass="pt1 mb3">
-                <span class="db f7-cust gray">${labels.general.new_nick}</span>
-                <div class="pa1">
-                    <z:textbox sclass="${css.textInput} w-100" value="@bind(vm.newDevice.nickName)" onOK="@('update')"/>
-                </div>
-            </div>
-            <div class="w-100 flex justify-center">
-                <z:button sclass="${css.primaryButton} mr3" label="${labels.general.update}"
-                          w:onClick="prepareAlert()" onClick="@('update')" />
-                <z:button sclass="${css.tertiaryButton}" label="${labels.general.cancel}" onClick="@('cancelUpdate', event)" />
-            </div>
-
-        </z:window>
-
-        <z:script src="/scripts/u2f-api.js" />
-    </z:div>
-
-    <z:div self="@define(extra)">
-        <z:script src="/scripts/gluu/u2f-util.js" />
-    </z:div>
-
-</zk:zk>
diff --git a/casa/extras/enrollment-client/README.md b/casa/extras/enrollment-client/README.md
index 7d7dd2c68..35d3d3e9a 100644
--- a/casa/extras/enrollment-client/README.md
+++ b/casa/extras/enrollment-client/README.md
@@ -18,9 +18,9 @@ This is a client-side only application (HTML+JS). Intended to be illustrative an
 ## Troubleshooting
 
 If you face errors (in the browser's developer console) when accessing endpoints such as `/.well-known/openid-configuration`
-or `/oxauth/restv1/token`, obtain a token manually and then gently add a line like `token = "token-value"` as the first statement
+or `/jans-auth/restv1/token`, obtain a token manually and then gently add a line like `token = "token-value"` as the first statement
 in the document.ready event handler for the page you are trying to visualize. The following shows how to obtain a token:
 
-`curl -k -u <clientId>:<clientSecret> -d grant_type=client_credentials https://<gluu-host-name>/oxauth/restv1/token`
+`curl -k -u <clientId>:<clientSecret> -d grant_type=client_credentials https://<gluu-host-name>/jans-auth/restv1/token`
 
 Alternatively, enrollment pages have a text field at the bottom where you can simply paste the token value.
diff --git a/casa/extras/enrollment-client/index.html b/casa/extras/enrollment-client/index.html
index bc3ab3848..3aed80ca2 100644
--- a/casa/extras/enrollment-client/index.html
+++ b/casa/extras/enrollment-client/index.html
@@ -8,8 +8,7 @@ <h1>Sample client for Casa credentials enrollment</h1>
 <ul>
 	<li><a href="twilio_sms.html">Verified mobile phones</a> (acr = twilio_sms)</li>
 	<li><a href="otp.html">OTP apps</a> (acr = otp)</li>
-	<li><a href="super_gluu.html">Super Gluu</a> (acr = super_gluu)</li>
-	<!--li><a href="u2f.html">Security keys</a> (acr = u2f)</li-->
+	<!--li><a href="super_gluu.html">Super Gluu</a> (acr = super_gluu)</li-->
     <li><a href="fido2.html">Security keys</a> (acr = fido2)</li>
 </ul>
 
diff --git a/casa/extras/enrollment-client/super_gluu.html b/casa/extras/enrollment-client/super_gluu.html
index 61e53ac24..22be62d8d 100644
--- a/casa/extras/enrollment-client/super_gluu.html
+++ b/casa/extras/enrollment-client/super_gluu.html
@@ -1,6 +1,6 @@
 <!DOCTYPE html>
 <html>
-<head>
+<!--head>
 	<script src="globals.js">;</script>
 	<script src="enroll.js">;</script>
 	<script src="jquery-3.3.1.min.js">;</script>
@@ -141,5 +141,5 @@ <h2>nameEnrollment</h2>
 <hr />
 <br>
 <input id="manual_token" onChange="token=this.value">
-</body>
+</body-->
 </html>
diff --git a/casa/extras/enrollment-client/u2f-api.js b/casa/extras/enrollment-client/u2f-api.js
deleted file mode 100644
index 37f49dc0d..000000000
--- a/casa/extras/enrollment-client/u2f-api.js
+++ /dev/null
@@ -1,830 +0,0 @@
-(function () {
-  'use strict';
-
-  //Copyright 2014-2015 Google Inc. All rights reserved.
-
-  //Use of this source code is governed by a BSD-style
-  //license that can be found in the LICENSE file or at
-  //https://developers.google.com/open-source/licenses/bsd
-
-  /**
-   * @fileoverview The U2F api.
-   */
-  // 'use strict';
-
-
-  /**
-   * Namespace for the U2F api.
-   * @type {Object}
-   */
-  var u2f = u2f || {};
-
-  const chromeApi = u2f; // Adaptation for u2f-api package
-
-  /**
-   * FIDO U2F Javascript API Version
-   * @number
-   */
-  var js_api_version;
-
-  /**
-   * The U2F extension id
-   * @const {string}
-   */
-  // The Chrome packaged app extension ID.
-  // Uncomment this if you want to deploy a server instance that uses
-  // the package Chrome app and does not require installing the U2F Chrome extension.
-   u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
-  // The U2F Chrome extension ID.
-  // Uncomment this if you want to deploy a server instance that uses
-  // the U2F Chrome extension to authenticate.
-  // u2f.EXTENSION_ID = 'pfboblefjcgdjicmnffhdgionmgcdmne';
-
-
-  /**
-   * Message types for messsages to/from the extension
-   * @const
-   * @enum {string}
-   */
-  u2f.MessageTypes = {
-      'U2F_REGISTER_REQUEST': 'u2f_register_request',
-      'U2F_REGISTER_RESPONSE': 'u2f_register_response',
-      'U2F_SIGN_REQUEST': 'u2f_sign_request',
-      'U2F_SIGN_RESPONSE': 'u2f_sign_response',
-      'U2F_GET_API_VERSION_REQUEST': 'u2f_get_api_version_request',
-      'U2F_GET_API_VERSION_RESPONSE': 'u2f_get_api_version_response'
-  };
-
-
-  /**
-   * Response status codes
-   * @const
-   * @enum {number}
-   */
-  u2f.ErrorCodes = {
-      'OK': 0,
-      'OTHER_ERROR': 1,
-      'BAD_REQUEST': 2,
-      'CONFIGURATION_UNSUPPORTED': 3,
-      'DEVICE_INELIGIBLE': 4,
-      'TIMEOUT': 5
-  };
-
-
-  //Low level MessagePort API support
-
-  /**
-   * Sets up a MessagePort to the U2F extension using the
-   * available mechanisms.
-   * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
-   */
-  u2f.getMessagePort = function(callback) {
-    if (typeof chrome != 'undefined' && chrome.runtime) {
-      // The actual message here does not matter, but we need to get a reply
-      // for the callback to run. Thus, send an empty signature request
-      // in order to get a failure response.
-      var msg = {
-          type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-          signRequests: []
-      };
-      chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() {
-        if (!chrome.runtime.lastError) {
-          // We are on a whitelisted origin and can talk directly
-          // with the extension.
-          u2f.getChromeRuntimePort_(callback);
-        } else {
-          // chrome.runtime was available, but we couldn't message
-          // the extension directly, use iframe
-          u2f.getIframePort_(callback);
-        }
-      });
-    } else if (u2f.isAndroidChrome_()) {
-      u2f.getAuthenticatorPort_(callback);
-    } else if (u2f.isIosChrome_()) {
-      u2f.getIosPort_(callback);
-    } else {
-      // chrome.runtime was not available at all, which is normal
-      // when this origin doesn't have access to any extensions.
-      u2f.getIframePort_(callback);
-    }
-  };
-
-  /**
-   * Detect chrome running on android based on the browser's useragent.
-   * @private
-   */
-  u2f.isAndroidChrome_ = function() {
-    var userAgent = navigator.userAgent;
-    return userAgent.indexOf('Chrome') != -1 &&
-    userAgent.indexOf('Android') != -1;
-  };
-
-  /**
-   * Detect chrome running on iOS based on the browser's platform.
-   * @private
-   */
-  u2f.isIosChrome_ = function() {
-    return ["iPhone", "iPad", "iPod"].indexOf(navigator.platform) > -1;
-  };
-
-  /**
-   * Connects directly to the extension via chrome.runtime.connect.
-   * @param {function(u2f.WrappedChromeRuntimePort_)} callback
-   * @private
-   */
-  u2f.getChromeRuntimePort_ = function(callback) {
-    var port = chrome.runtime.connect(u2f.EXTENSION_ID,
-        {'includeTlsChannelId': true});
-    setTimeout(function() {
-      callback(new u2f.WrappedChromeRuntimePort_(port));
-    }, 0);
-  };
-
-  /**
-   * Return a 'port' abstraction to the Authenticator app.
-   * @param {function(u2f.WrappedAuthenticatorPort_)} callback
-   * @private
-   */
-  u2f.getAuthenticatorPort_ = function(callback) {
-    setTimeout(function() {
-      callback(new u2f.WrappedAuthenticatorPort_());
-    }, 0);
-  };
-
-  /**
-   * Return a 'port' abstraction to the iOS client app.
-   * @param {function(u2f.WrappedIosPort_)} callback
-   * @private
-   */
-  u2f.getIosPort_ = function(callback) {
-    setTimeout(function() {
-      callback(new u2f.WrappedIosPort_());
-    }, 0);
-  };
-
-  /**
-   * A wrapper for chrome.runtime.Port that is compatible with MessagePort.
-   * @param {Port} port
-   * @constructor
-   * @private
-   */
-  u2f.WrappedChromeRuntimePort_ = function(port) {
-    this.port_ = port;
-  };
-
-  /**
-   * Format and return a sign request compliant with the JS API version supported by the extension.
-   * @param {Array<u2f.SignRequest>} signRequests
-   * @param {number} timeoutSeconds
-   * @param {number} reqId
-   * @return {Object}
-   */
-  u2f.formatSignRequest_ =
-    function(appId, challenge, registeredKeys, timeoutSeconds, reqId) {
-    if (js_api_version === undefined || js_api_version < 1.1) {
-      // Adapt request to the 1.0 JS API
-      var signRequests = [];
-      for (var i = 0; i < registeredKeys.length; i++) {
-        signRequests[i] = {
-            version: registeredKeys[i].version,
-            challenge: challenge,
-            keyHandle: registeredKeys[i].keyHandle,
-            appId: appId
-        };
-      }
-      return {
-        type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-        signRequests: signRequests,
-        timeoutSeconds: timeoutSeconds,
-        requestId: reqId
-      };
-    }
-    // JS 1.1 API
-    return {
-      type: u2f.MessageTypes.U2F_SIGN_REQUEST,
-      appId: appId,
-      challenge: challenge,
-      registeredKeys: registeredKeys,
-      timeoutSeconds: timeoutSeconds,
-      requestId: reqId
-    };
-  };
-
-  /**
-   * Format and return a register request compliant with the JS API version supported by the extension..
-   * @param {Array<u2f.SignRequest>} signRequests
-   * @param {Array<u2f.RegisterRequest>} signRequests
-   * @param {number} timeoutSeconds
-   * @param {number} reqId
-   * @return {Object}
-   */
-  u2f.formatRegisterRequest_ =
-    function(appId, registeredKeys, registerRequests, timeoutSeconds, reqId) {
-    if (js_api_version === undefined || js_api_version < 1.1) {
-      // Adapt request to the 1.0 JS API
-      for (var i = 0; i < registerRequests.length; i++) {
-        registerRequests[i].appId = appId;
-      }
-      var signRequests = [];
-      for (var i = 0; i < registeredKeys.length; i++) {
-        signRequests[i] = {
-            version: registeredKeys[i].version,
-            challenge: registerRequests[0],
-            keyHandle: registeredKeys[i].keyHandle,
-            appId: appId
-        };
-      }
-      return {
-        type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
-        signRequests: signRequests,
-        registerRequests: registerRequests,
-        timeoutSeconds: timeoutSeconds,
-        requestId: reqId
-      };
-    }
-    // JS 1.1 API
-    return {
-      type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
-      appId: appId,
-      registerRequests: registerRequests,
-      registeredKeys: registeredKeys,
-      timeoutSeconds: timeoutSeconds,
-      requestId: reqId
-    };
-  };
-
-
-  /**
-   * Posts a message on the underlying channel.
-   * @param {Object} message
-   */
-  u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) {
-    this.port_.postMessage(message);
-  };
-
-
-  /**
-   * Emulates the HTML 5 addEventListener interface. Works only for the
-   * onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
-   * @param {string} eventName
-   * @param {function({data: Object})} handler
-   */
-  u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
-      function(eventName, handler) {
-    var name = eventName.toLowerCase();
-    if (name == 'message' || name == 'onmessage') {
-      this.port_.onMessage.addListener(function(message) {
-        // Emulate a minimal MessageEvent object
-        handler({'data': message});
-      });
-    } else {
-      console.error('WrappedChromeRuntimePort only supports onMessage');
-    }
-  };
-
-  /**
-   * Wrap the Authenticator app with a MessagePort interface.
-   * @constructor
-   * @private
-   */
-  u2f.WrappedAuthenticatorPort_ = function() {
-    this.requestId_ = -1;
-    this.requestObject_ = null;
-  };
-
-  /**
-   * Launch the Authenticator intent.
-   * @param {Object} message
-   */
-  u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) {
-    var intentUrl =
-      u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
-      ';S.request=' + encodeURIComponent(JSON.stringify(message)) +
-      ';end';
-    document.location = intentUrl;
-  };
-
-  /**
-   * Tells what type of port this is.
-   * @return {String} port type
-   */
-  u2f.WrappedAuthenticatorPort_.prototype.getPortType = function() {
-    return "WrappedAuthenticatorPort_";
-  };
-
-
-  /**
-   * Emulates the HTML 5 addEventListener interface.
-   * @param {string} eventName
-   * @param {function({data: Object})} handler
-   */
-  u2f.WrappedAuthenticatorPort_.prototype.addEventListener = function(eventName, handler) {
-    var name = eventName.toLowerCase();
-    if (name == 'message') {
-      var self = this;
-      /* Register a callback to that executes when
-       * chrome injects the response. */
-      window.addEventListener(
-          'message', self.onRequestUpdate_.bind(self, handler), false);
-    } else {
-      console.error('WrappedAuthenticatorPort only supports message');
-    }
-  };
-
-  /**
-   * Callback invoked  when a response is received from the Authenticator.
-   * @param function({data: Object}) callback
-   * @param {Object} message message Object
-   */
-  u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
-      function(callback, message) {
-    var messageObject = JSON.parse(message.data);
-    var intentUrl = messageObject['intentURL'];
-
-    var errorCode = messageObject['errorCode'];
-    var responseObject = null;
-    if (messageObject.hasOwnProperty('data')) {
-      responseObject = /** @type {Object} */ (
-          JSON.parse(messageObject['data']));
-    }
-
-    callback({'data': responseObject});
-  };
-
-  /**
-   * Base URL for intents to Authenticator.
-   * @const
-   * @private
-   */
-  u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
-    'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
-
-  /**
-   * Wrap the iOS client app with a MessagePort interface.
-   * @constructor
-   * @private
-   */
-  u2f.WrappedIosPort_ = function() {};
-
-  /**
-   * Launch the iOS client app request
-   * @param {Object} message
-   */
-  u2f.WrappedIosPort_.prototype.postMessage = function(message) {
-    var str = JSON.stringify(message);
-    var url = "u2f://auth?" + encodeURI(str);
-    location.replace(url);
-  };
-
-  /**
-   * Tells what type of port this is.
-   * @return {String} port type
-   */
-  u2f.WrappedIosPort_.prototype.getPortType = function() {
-    return "WrappedIosPort_";
-  };
-
-  /**
-   * Emulates the HTML 5 addEventListener interface.
-   * @param {string} eventName
-   * @param {function({data: Object})} handler
-   */
-  u2f.WrappedIosPort_.prototype.addEventListener = function(eventName, handler) {
-    var name = eventName.toLowerCase();
-    if (name !== 'message') {
-      console.error('WrappedIosPort only supports message');
-    }
-  };
-
-  /**
-   * Sets up an embedded trampoline iframe, sourced from the extension.
-   * @param {function(MessagePort)} callback
-   * @private
-   */
-  u2f.getIframePort_ = function(callback) {
-    // Create the iframe
-    var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
-    var iframe = document.createElement('iframe');
-    iframe.src = iframeOrigin + '/u2f-comms.html';
-    iframe.setAttribute('style', 'display:none');
-    document.body.appendChild(iframe);
-
-    var channel = new MessageChannel();
-    var ready = function(message) {
-      if (message.data == 'ready') {
-        channel.port1.removeEventListener('message', ready);
-        callback(channel.port1);
-      } else {
-        console.error('First event on iframe port was not "ready"');
-      }
-    };
-    channel.port1.addEventListener('message', ready);
-    channel.port1.start();
-
-    iframe.addEventListener('load', function() {
-      // Deliver the port to the iframe and initialize
-      iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
-    });
-  };
-
-
-  //High-level JS API
-
-  /**
-   * Default extension response timeout in seconds.
-   * @const
-   */
-  u2f.EXTENSION_TIMEOUT_SEC = 30;
-
-  /**
-   * A singleton instance for a MessagePort to the extension.
-   * @type {MessagePort|u2f.WrappedChromeRuntimePort_}
-   * @private
-   */
-  u2f.port_ = null;
-
-  /**
-   * Callbacks waiting for a port
-   * @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
-   * @private
-   */
-  u2f.waitingForPort_ = [];
-
-  /**
-   * A counter for requestIds.
-   * @type {number}
-   * @private
-   */
-  u2f.reqCounter_ = 0;
-
-  /**
-   * A map from requestIds to client callbacks
-   * @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
-   *                       |function((u2f.Error|u2f.SignResponse)))>}
-   * @private
-   */
-  u2f.callbackMap_ = {};
-
-  /**
-   * Creates or retrieves the MessagePort singleton to use.
-   * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
-   * @private
-   */
-  u2f.getPortSingleton_ = function(callback) {
-    if (u2f.port_) {
-      callback(u2f.port_);
-    } else {
-      if (u2f.waitingForPort_.length == 0) {
-        u2f.getMessagePort(function(port) {
-          u2f.port_ = port;
-          u2f.port_.addEventListener('message',
-              /** @type {function(Event)} */ (u2f.responseHandler_));
-
-          // Careful, here be async callbacks. Maybe.
-          while (u2f.waitingForPort_.length)
-            u2f.waitingForPort_.shift()(u2f.port_);
-        });
-      }
-      u2f.waitingForPort_.push(callback);
-    }
-  };
-
-  /**
-   * Handles response messages from the extension.
-   * @param {MessageEvent.<u2f.Response>} message
-   * @private
-   */
-  u2f.responseHandler_ = function(message) {
-    var response = message.data;
-    var reqId = response['requestId'];
-    if (!reqId || !u2f.callbackMap_[reqId]) {
-      console.error('Unknown or missing requestId in response.');
-      return;
-    }
-    var cb = u2f.callbackMap_[reqId];
-    delete u2f.callbackMap_[reqId];
-    cb(response['responseData']);
-  };
-
-  /**
-   * Calls the callback with true or false as first and only argument
-   * @param {Function} callback
-   */
-  u2f.isSupported = function(callback) {
-    var hasCalledBack = false;
-    function reply(value) {
-      if (hasCalledBack)
-        return;
-      hasCalledBack = true;
-      callback(value);
-    }
-    u2f.getApiVersion(
-      function (response) {
-        js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
-        reply(true);
-      }
-    );
-    // No response from extension within 1500ms -> no support
-    setTimeout(reply.bind(null, false), 1500);
-  };
-
-  /**
-   * Dispatches an array of sign requests to available U2F tokens.
-   * If the JS API version supported by the extension is unknown, it first sends a
-   * message to the extension to find out the supported API version and then it sends
-   * the sign request.
-   * @param {string=} appId
-   * @param {string=} challenge
-   * @param {Array<u2f.RegisteredKey>} registeredKeys
-   * @param {function((u2f.Error|u2f.SignResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.sign = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
-    if (js_api_version === undefined) {
-      // Send a message to get the extension to JS API version, then send the actual sign request.
-      u2f.getApiVersion(
-          function (response) {
-            js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
-            console.log("Extension JS API Version: ", js_api_version);
-            u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
-          });
-    } else {
-      // We know the JS API version. Send the actual sign request in the supported API version.
-      u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
-    }
-  };
-
-  /**
-   * Dispatches an array of sign requests to available U2F tokens.
-   * @param {string=} appId
-   * @param {string=} challenge
-   * @param {Array<u2f.RegisteredKey>} registeredKeys
-   * @param {function((u2f.Error|u2f.SignResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.sendSignRequest = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
-    u2f.getPortSingleton_(function(port) {
-      var reqId = ++u2f.reqCounter_;
-      u2f.callbackMap_[reqId] = callback;
-      var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-          opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-      var req = u2f.formatSignRequest_(appId, challenge, registeredKeys, timeoutSeconds, reqId);
-      port.postMessage(req);
-    });
-  };
-
-  /**
-   * Dispatches register requests to available U2F tokens. An array of sign
-   * requests identifies already registered tokens.
-   * If the JS API version supported by the extension is unknown, it first sends a
-   * message to the extension to find out the supported API version and then it sends
-   * the register request.
-   * @param {string=} appId
-   * @param {Array<u2f.RegisterRequest>} registerRequests
-   * @param {Array<u2f.RegisteredKey>} registeredKeys
-   * @param {function((u2f.Error|u2f.RegisterResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.register = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
-    if (js_api_version === undefined) {
-      // Send a message to get the extension to JS API version, then send the actual register request.
-      u2f.getApiVersion(
-          function (response) {
-            js_api_version = response['js_api_version'] === undefined ? 0: response['js_api_version'];
-            console.log("Extension JS API Version: ", js_api_version);
-            u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
-                callback, opt_timeoutSeconds);
-          });
-    } else {
-      // We know the JS API version. Send the actual register request in the supported API version.
-      u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
-          callback, opt_timeoutSeconds);
-    }
-  };
-
-  /**
-   * Dispatches register requests to available U2F tokens. An array of sign
-   * requests identifies already registered tokens.
-   * @param {string=} appId
-   * @param {Array<u2f.RegisterRequest>} registerRequests
-   * @param {Array<u2f.RegisteredKey>} registeredKeys
-   * @param {function((u2f.Error|u2f.RegisterResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.sendRegisterRequest = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
-    u2f.getPortSingleton_(function(port) {
-      var reqId = ++u2f.reqCounter_;
-      u2f.callbackMap_[reqId] = callback;
-      var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
-          opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
-      var req = u2f.formatRegisterRequest_(
-          appId, registeredKeys, registerRequests, timeoutSeconds, reqId);
-      port.postMessage(req);
-    });
-  };
-
-
-  /**
-   * Dispatches a message to the extension to find out the supported
-   * JS API version.
-   * If the user is on a mobile phone and is thus using Google Authenticator instead
-   * of the Chrome extension, don't send the request and simply return 0.
-   * @param {function((u2f.Error|u2f.GetJsApiVersionResponse))} callback
-   * @param {number=} opt_timeoutSeconds
-   */
-  u2f.getApiVersion = function(callback, opt_timeoutSeconds) {
-   u2f.getPortSingleton_(function(port) {
-     // If we are using Android Google Authenticator or iOS client app,
-     // do not fire an intent to ask which JS API version to use.
-     if (port.getPortType) {
-       var apiVersion;
-       switch (port.getPortType()) {
-         case 'WrappedIosPort_':
-         case 'WrappedAuthenticatorPort_':
-           apiVersion = 1.1;
-           break;
-
-         default:
-           apiVersion = 0;
-           break;
-       }
-       callback({ 'js_api_version': apiVersion });
-       return;
-     }
-      var reqId = ++u2f.reqCounter_;
-      u2f.callbackMap_[reqId] = callback;
-      var req = {
-        type: u2f.MessageTypes.U2F_GET_API_VERSION_REQUEST,
-        timeoutSeconds: (typeof opt_timeoutSeconds !== 'undefined' ?
-            opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC),
-        requestId: reqId
-      };
-      port.postMessage(req);
-    });
-  };
-
-  // Feature detection (yes really)
-  // For IE and Edge detection, see https://stackoverflow.com/questions/31757852#31757969
-  // and https://stackoverflow.com/questions/56360225#56361977
-  var isBrowser = (typeof navigator !== 'undefined') && !!navigator.userAgent;
-  var isSafari = isBrowser && navigator.userAgent.match(/Safari\//)
-      && !navigator.userAgent.match(/Chrome\//);
-  var isEDGE = isBrowser && /(Edge\/)|(edg\/)/i.test(navigator.userAgent);
-  var isIE = isBrowser && /(MSIE 9|MSIE 10|rv:11.0)/i.test(navigator.userAgent);
-  var _backend = null;
-  function getBackend() {
-      if (_backend)
-          return _backend;
-      var supportChecker = new Promise(function (resolve, reject) {
-          function notSupported() {
-              resolve({ u2f: null });
-          }
-          if (!isBrowser)
-              return notSupported();
-          if (isSafari)
-              // Safari doesn't support U2F, and the Safari-FIDO-U2F
-              // extension lacks full support (Multi-facet apps), so we
-              // block it until proper support.
-              return notSupported();
-          var hasNativeSupport = (typeof window.u2f !== 'undefined') &&
-              (typeof window.u2f.sign === 'function');
-          if (hasNativeSupport)
-              return resolve({ u2f: window.u2f });
-          if (isEDGE || isIE)
-              // We don't want to check for Google's extension hack on EDGE & IE
-              // as it'll cause trouble (popups, etc)
-              return notSupported();
-          if (location.protocol === 'http:')
-              // U2F isn't supported over http, only https
-              return notSupported();
-          if (typeof MessageChannel === 'undefined')
-              // Unsupported browser, the chrome hack would throw
-              return notSupported();
-          // Test for google extension support
-          chromeApi.isSupported(function (ok) {
-              if (ok)
-                  resolve({ u2f: chromeApi });
-              else
-                  notSupported();
-          });
-      })
-          .then(function (response) {
-          _backend = response.u2f ? supportChecker : null;
-          return response;
-      });
-      return supportChecker;
-  }
-  var ErrorCodes = {
-      OK: 0,
-      OTHER_ERROR: 1,
-      BAD_REQUEST: 2,
-      CONFIGURATION_UNSUPPORTED: 3,
-      DEVICE_INELIGIBLE: 4,
-      TIMEOUT: 5
-  };
-  var ErrorNames = {
-      "0": "OK",
-      "1": "OTHER_ERROR",
-      "2": "BAD_REQUEST",
-      "3": "CONFIGURATION_UNSUPPORTED",
-      "4": "DEVICE_INELIGIBLE",
-      "5": "TIMEOUT"
-  };
-  function makeError(msg, err) {
-      var code = err != null ? err.errorCode : 1; // Default to OTHER_ERROR
-      var type = ErrorNames[('' + code)];
-      var error = new Error(msg);
-      error.metaData = { type: type, code: code };
-      return error;
-  }
-  function isSupported() {
-      return getBackend()
-          .then(function (backend) { return !!backend.u2f; });
-  }
-  function _ensureSupport(backend) {
-      if (!backend.u2f) {
-          if (location.protocol === 'http:')
-              throw new Error("U2F isn't supported over http, only https");
-          throw new Error("U2F not supported");
-      }
-  }
-  function ensureSupport() {
-      return getBackend()
-          .then(_ensureSupport);
-  }
-  function arrayify(value) {
-      if (value != null && Array.isArray(value))
-          return value;
-      return value == null
-          ? []
-          : Array.isArray(value)
-              ? value.slice() : [value];
-  }
-  function register(registerRequests, signRequests, timeout) {
-      var _registerRequests = arrayify(registerRequests);
-      if (typeof signRequests === 'number' && typeof timeout === 'undefined') {
-          timeout = signRequests;
-          signRequests = [];
-      }
-      var _signRequests = arrayify(signRequests);
-      return getBackend()
-          .then(function (backend) {
-          _ensureSupport(backend);
-          var u2f = backend.u2f;
-          return new Promise(function (resolve, reject) {
-              function callback(response) {
-                  if (response.errorCode)
-                      reject(makeError("Registration failed", response));
-                  else {
-                      delete response.errorCode;
-                      resolve(response);
-                  }
-              }
-              var appId = _registerRequests[0].appId;
-              u2f.register(appId, _registerRequests, _signRequests, callback, timeout);
-          });
-      });
-  }
-  function sign(signRequests, timeout) {
-      var _signRequests = arrayify(signRequests);
-      return getBackend()
-          .then(function (backend) {
-          _ensureSupport(backend);
-          var u2f = backend.u2f;
-          return new Promise(function (resolve, reject) {
-              var _a;
-              function callback(response) {
-                  if (response.errorCode)
-                      reject(makeError("Sign failed", response));
-                  else {
-                      delete response.errorCode;
-                      resolve(response);
-                  }
-              }
-              var appId = _signRequests[0].appId;
-              var challenge = _signRequests[0].challenge;
-              var registeredKeys = (_a = []).concat.apply(_a, _signRequests
-                  .map(function (_a) {
-                  var version = _a.version, keyHandle = _a.keyHandle, appId = _a.appId;
-                  return arrayify(keyHandle)
-                      .map(function (keyHandle) {
-                      return ({ version: version, keyHandle: keyHandle, appId: appId });
-                  });
-              }));
-              u2f.sign(appId, challenge, registeredKeys, callback, timeout);
-          });
-      });
-  }
-
-  var u2fApi = /*#__PURE__*/Object.freeze({
-    ErrorCodes: ErrorCodes,
-    ErrorNames: ErrorNames,
-    isSupported: isSupported,
-    ensureSupport: ensureSupport,
-    register: register,
-    sign: sign
-  });
-
-  window.u2fApi = u2fApi;
-
-}());
diff --git a/casa/extras/enrollment-client/u2f.html b/casa/extras/enrollment-client/u2f.html
deleted file mode 100644
index bf50d0887..000000000
--- a/casa/extras/enrollment-client/u2f.html
+++ /dev/null
@@ -1,123 +0,0 @@
-<!DOCTYPE html>
-<html>
-<!--head>
-	<script src="globals.js">;</script>
-	<script src="enroll.js">;</script>
-	<script src="u2f-api.js">;</script>
-	<script src="jquery-3.3.1.min.js">;</script>
-	<script>
-		var register_request = null
-		var register_timeout
-
-		//Triggers the u2f once some time has passed (allowing users to plug the security key to the USB port)
-		function triggerU2fRegistration(req, timeout, wait_start) {
-			register_request = req
-			register_timeout = timeout
-			setTimeout(startRegistration, wait_start)
-		}
-
-		//Performs u2f registration: uses the google u2f object to do all registering stuff (see u2f-api.js)
-		function startRegistration() {
-			u2f.register(register_request.registerRequests, register_request.authenticateRequests,
-					function (data) {
-						$("#sendRegistrationResult_result").val(JSON.stringify(data))
-					}, Math.floor(register_timeout/1000)    //expects seconds
-			)
-		}
-
-	</script>
-	<script>
-		var tokenURL;
-
-		function getRegistrationMessage() {
-			var endpoint = endpoints_root + "/u2f/registration-message"
-			var userid = encodeURIComponent($("#getRegistrationMessage_userid").val())
-
-			getToken(tokenURL, clientId, clientSecret)
-				.then(t => genericGET(endpoint + "?userid=" + userid, [{name : "Authorization", value : t}]))
-				.then(response => { alert(response); triggerU2fRegistration(JSON.parse(response), 8000, 300) })
-				.catch(r => err(r))
-		}
-
-		function sendRegistrationResult() {
-			var userid = $("#getRegistrationMessage_userid").val()
-			var endpoint = endpoints_root + "/u2f/registration/" + userid
-
-			getToken(tokenURL, clientId, clientSecret)
-				.then(t => genericPOST(endpoint, $("#sendRegistrationResult_result").val(), [{name : "Authorization", value : t}]))
-				.then(response => {
-							result = JSON.parse(response)
-							$("#nameEnrollment_key").val(result.id)
-							$("#nameEnrollment_userid").val(userid)
-					})
-				.catch(r => err(r))
-
-		}
-
-		function nameEnrollment() {
-
-			var userid = $("#nameEnrollment_userid").val()
-
-			var endpoint = endpoints_root + "/u2f/creds/" + userid
-			var cred = { "key" : $("#nameEnrollment_key").val(),
-						 "nickName": $("#nameEnrollment_nickname").val() }
-
-			getToken(tokenURL, clientId, clientSecret)
-				.then(t => genericPOST(endpoint, JSON.stringify(cred),
-								[{name : "Authorization", value : t},
-								 {name : "Content-Type", value : "application/json"}]))
-				.catch(r => err(r))
-
-		}
-
-		$(document).ready(
-			() => getTokenUrl(OIDCUrl).then(url => { tokenURL = url })
-		)
-	</script>
-</head-->
-<body>
-<!--
-<h1>Security keys</h1>
-
-<hr />
-<h2>getRegistrationMessage</h2>
-<label>userid
-  <input id="getRegistrationMessage_userid" style="width:380px">
-</label>
-<input type="button" value="getRegistrationMessage" onClick="getRegistrationMessage()" />
-<p>
-<i>Insert a security key, then press "getRegistrationMessage" button, it will start blinking...</i>
-</p>
-
-<hr />
-<h2>sendRegistrationResult</h2>
-<label>result
-  <textarea id="sendRegistrationResult_result" rows="2" cols="70">
-  </textarea>
-</label>
-<br><br>
-<label>userid
-  <input id="sendRegistrationResult_userid" style="width:380px">
-</label>
-<input type="button" value="sendRegistrationResult" onClick="sendRegistrationResult()" />
-
-<hr />
-<h2>nameEnrollment</h2>
-<label>userid
-  <input id="nameEnrollment_userid" style="width:380px">
-</label>
-<br><br>
-<label>key
-  <input id="nameEnrollment_key" style="width:380px">
-</label>
-<label>nickName
-  <input id="nameEnrollment_nickname">
-</label>
-<input type="button" value="nameEnrollment" onClick="nameEnrollment()" />
-
-<hr />
-<br>
-<input id="manual_token" onChange="token=this.value">
--->
-</body>
-</html>
diff --git a/casa/installer/casa_cleanup.py b/casa/installer/casa_cleanup.py
deleted file mode 100755
index 66686eb44..000000000
--- a/casa/installer/casa_cleanup.py
+++ /dev/null
@@ -1,216 +0,0 @@
-#!/usr/bin/python
-
-import re
-from setup import *
-from pylib import Properties
-from pylib.cbm import CBM
-import ldap
-import ldap.modlist as modlist
-ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
-
-from setup_casa import get_properties, unobscure, cur_dir, SetupCasa
-
-
-COUCHBASE = 1
-LDAP = 2
-
-storage_types = {'ldap': LDAP, 'couchbase': COUCHBASE}
-
-class casaCleanup(object):
-    
-    def __init__(self, install_dir):
-
-        self.install_dir = install_dir
-        self.cbm = None
-        self.ldap_conn = None
-        self.conf_prop = get_properties(setupObject.gluu_properties_fn)
-        self.detectedHostname = setupObject.detect_hostname()
-        self.twilio_version = '7.17.0'
-
-        if os.path.exists(setupObject.gluu_hybrid_roperties):
-             get_properties(setupObject.gluu_hybrid_roperties, self.conf_prop)
-
-
-    def get_storage_location(self, storage):
-        
-        retval = LDAP
-        couchbase_mappings = [ s.strip() for s in self.conf_prop['storage.couchbase.mapping'].split(',') ]
-
-        if self.conf_prop["persistence.type"] in storage_types:
-            retval = storage_types[self.conf_prop["persistence.type"]]
-    
-        elif storage == 'default':
-            retval = storage_types[self.conf_prop['storage.default']]
-        
-        else:
-            if storage in couchbase_mappings:
-                retval = COUCHBASE
-
-        if (retval == COUCHBASE) and (not self.cbm):
-            cbp = get_properties(setupObject.gluuCouchebaseProperties)
-            cbm_hostname = cbp['servers'].split(',')[0]
-            cbm_username = cbp['auth.userName']
-            cbm_pass = unobscure(cbp['auth.userPassword'])
-            self.cbm = CBM(cbm_hostname, cbm_username, cbm_pass)
-
-        elif (retval == LDAP) and (not self.ldap_conn):
-            lp = get_properties(setupObject.ox_ldap_properties)
-            ldap_pass = unobscure(lp['bindPassword'])
-            ldap_hostname, ldap_port = lp['servers'].split(',')[0].split(':')
-
-            self.ldap_conn = ldap.initialize('ldaps://{0}:{1}'.format(ldap_hostname, ldap_port))
-            self.ldap_conn.simple_bind_s('cn=directory manager',ldap_pass)
-
-        return retval
-
-    def del_casa_custom_scripts(self):
-
-        print "Deleting Casa Custom Scripts"
-
-        default_location = self.get_storage_location('default')
-
-        if default_location == LDAP:
-            for inum in ('BABA-CACA', 'DAA9-F7F8'):
-                dn = 'inum={0},ou=scripts,o=gluu'.format(inum)
-                try:
-                    self.ldap_conn.delete_s(dn)
-                except:
-                    pass
-
-        elif default_location == COUCHBASE:
-            for inum in ('BABA-CACA', 'DAA9-F7F8'):
-                self.cbm.exec_query('DELETE FROM `gluu` USE KEYS "scripts_{}"'.format(inum))
-
-
-    def del_casa_clients(self):
-        
-        print "Deleting Casa Clients"
-        
-        clients_location = self.get_storage_location('clients')
-        
-        if clients_location == LDAP:
-            result = self.ldap_conn.search_s('ou=clients,o=gluu',
-                                            ldap.SCOPE_SUBTREE,
-                                            '(oxAuthDefaultAcrValues=casa)',
-                                            attrlist=['inum'],
-                                            )
-            if result:
-                for client in result:
-                    self.ldap_conn.delete_s(client[0])
-                    
-        elif clients_location == COUCHBASE:
-             self.cbm.exec_query('DELETE  FROM `gluu_clients` WHERE objectClass="oxAuthClient" AND oxAuthDefaultAcrValues="casa"')
-
-
-    def del_casa_user_attributes(self):
-        print "Removing Casa attributes for people. This may take a while..."
-
-        attrlist = [
-                    'oxPreferredMethod',
-                    'oxOTPDevices',
-                    'oxMobileDevices',
-                    'oxStrongAuthPolicy',
-                    'oxTrustedDevicesInfo',
-                    'oxUnlinkedExternalUids'
-                    ]
-        
-        people_location = self.get_storage_location('people')
-
-        if people_location == LDAP:
-            result = self.ldap_conn.search_s('ou=people,o=gluu', ldap.SCOPE_SUBTREE, attrlist=attrlist)
-
-            for people in result:
-                mod_list = []
-
-                for attr in attrlist:
-                    if attr in people[1]:
-                        mod_list.append((ldap.MOD_REPLACE, attr, []))
-
-                if mod_list:
-                    print "Cleaning", people[0], mod_list
-                    self.ldap_conn.modify_s(people[0], mod_list)
-
-        elif people_location == COUCHBASE:
-            self.cbm.exec_query('UPDATE gluu_user UNSET {}'.format(', '.join(attrlist)))
-
-
-    def delCasaFiles(self):
-
-        print('Deleting Casa Files..')
-
-        if os.path.exists('/opt/gluu/jetty/casa/'):
-            setupObject.run(['rm','-r', '-f', '/opt/gluu/jetty/casa/'])
-
-        casafiles = [
-                    '/etc/gluu/conf/casa.json',
-                    '/etc/default/casa',
-                    '/etc/init.d/casa',
-                    '/etc/init.d/casa.gluu-3.1.6~',
-                    '/etc/rc0.d/K01casa',
-                    '/etc/rc2.d/S01casa',
-                    '/etc/rc3.d/S01casa',
-                    '/etc/rc4.d/S01casa',
-                    '/etc/rc5.d/S01casa',
-                    '/etc/rc6.d/K01casa',
-                    '/run/jetty/casa-start.log',
-                    '/run/jetty/casa.pid',
-                    '/opt/dist/scripts/casa',
-                    ]
-
-        for fn in casafiles:
-            if os.path.exists(fn):
-                setupObject.run(['rm', '-f', fn])
-
-        libdir = '/opt/gluu/python/libs'
-
-        for lib in os.listdir(libdir):
-            if lib.startswith('casa'):
-                setupObject.run(['rm', '-f', (os.path.join(libdir,lib))])
-
-    def removeTwilioPathOxauth(self):
-        print "Removing twilio jar path form oxauth.xml"
-        oxauth_xml_fn = '/opt/gluu/jetty/oxauth/webapps/oxauth.xml'
-        if os.path.exists(oxauth_xml_fn):
-            oxauth_xml = setupObject.readFile(oxauth_xml_fn)
-            oxauth_xml = oxauth_xml.splitlines()
-
-            for l in oxauth_xml[:]:
-                if re.search('twilio-(.*)\.jar', l):
-                    oxauth_xml.remove(l)
-                    break
-
-            oxauth_xml = '\n'.join(oxauth_xml)
-            setupObject.writeFile(oxauth_xml_fn, oxauth_xml)
-
-
-if __name__ == '__main__':
-
-    if not os.path.exists('/etc/gluu/conf/casa.json'):
-        print "Casa is not installed."
-        sys.exit()
-        
-    print "\033[91m\nThis script will remove all information pertaining to Casa from the disk and,"
-    print "DB backends including Casa related entries and user attributes.\033[0m"
-    prompt = raw_input("Do you want to continue? [N/y] ")
-
-    if not prompt.strip() or prompt[0].lower() != 'y':
-        print "Giving up Casa cleanup..."
-        sys.exit()
-
-    setupObject = Setup(cur_dir)
-    setupObject.log = os.path.join(cur_dir, 'clean_casa.log')
-    setupObject.logError = os.path.join(cur_dir, 'clean_casa_error.log')
-    
-    # Get the OS and init type
-    (setupObject.os_type, setupObject.os_version) = setupObject.detect_os_type()
-    setupObject.os_initdaemon = setupObject.detect_initd()
-    
-    casaCleanupObject = casaCleanup(cur_dir)
-    print "Stopping Casa"
-    setupObject.run_service_command('casa', 'stop')
-    
-    casaCleanupObject.del_casa_custom_scripts()
-    casaCleanupObject.del_casa_clients()
-    casaCleanupObject.del_casa_user_attributes()
-    casaCleanupObject.delCasaFiles()
-    casaCleanupObject.removeTwilioPathOxauth()
diff --git a/casa/installer/setup_casa.py b/casa/installer/setup_casa.py
deleted file mode 100755
index 637cd6bb5..000000000
--- a/casa/installer/setup_casa.py
+++ /dev/null
@@ -1,391 +0,0 @@
-#!/usr/bin/python
-
-import sys
-import os
-import os.path
-import json
-import traceback
-import ssl
-import base64
-import pyDes
-import re
-from urlparse import urlparse
-from setup import *
-from pylib import Properties
-
-cur_dir = os.path.dirname(os.path.realpath(__file__))
-
-#TODO: add command line options with argprase
-
-def get_properties(prop_fn, current_properties=None):
-    if not current_properties:
-        p = Properties.Properties()
-    else:
-        p = current_properties
-
-    with open(prop_fn) as file_object:
-        p.load(file_object)
-    
-    for k in p.keys():
-        if p[k].lower() == 'true':
-            p[k] == True
-        elif p[k].lower() == 'false':
-            p[k] == False
-
-    return p
-
-
-with open("/etc/gluu/conf/salt") as f:
-    salt_property = f.read().strip()
-    key = salt_property.split("=")[1].strip()
-
-def unobscure(s):
-    cipher = pyDes.triple_des(key)
-    decrypted = cipher.decrypt(base64.b64decode(s), padmode=pyDes.PAD_PKCS5)
-    return decrypted
-
-class SetupCasa(object):
-
-    def __init__(self, install_dir):
-        self.install_dir = install_dir
-        self.setup_properties_fn = os.path.join(self.install_dir, 'setup_casa.properties')
-        self.savedProperties = os.path.join(self.install_dir, 'setup_casa.properties.last')
-
-        # Change this to final version
-        self.twilio_version = '7.17.0'
-        self.casa_war_url = 'https://ox.gluu.org/maven/org/gluu/casa/4.1.0-Final/casa-4.1.0-Final.war'
-        self.twilio_jar_url = 'http://central.maven.org/maven2/com/twilio/sdk/twilio/{0}/twilio-{0}.jar'.format(self.twilio_version)
-
-        self.application_max_ram = 1024  # in MB
-
-        # Gluu components installation status
-        self.install_oxd = False
-        self.oxd_server_https = ""
-        self.distFolder = '/opt/dist'
-        self.casa = '/etc/gluu/conf/casa.json'
-        self.jetty_app_configuration = {
-            'casa': {'name': 'casa',
-                                'jetty': {'modules': 'server,deploy,resources,http,http-forwarded,console-capture,jsp'},
-                                'memory': {'ratio': 1, "jvm_heap_ration": 0.7, "max_allowed_mb": 1024},
-                                'installed': False
-                                }
-        }
-
-        self.detectedHostname = setupObject.detect_hostname()
-        self.ldif_scripts_casa = '%s/scripts_casa.ldif' % setupObject.outputFolder
-        self.casa_config = '%s/casa.json' % setupObject.outputFolder
-    
-
-
-    def check_installed(self):
-
-        if setupObject.check_installed():
-            return os.path.exists('%s/casa.json' % setupObject.configFolder)
-        else:
-            print "\nPlease run './setup.py' to configure Gluu Server first!\n"
-            sys.exit()
-
-    def download_files(self):
-        setupObject.logIt("Downloading files")
-        
-        # Casa is not part of CE package. We need to download it if needed
-        for download_url in (self.casa_war_url, self.twilio_jar_url):
-            fname = os.path.basename(download_url)
-            if fname.startswith('casa'):
-                fname = 'casa.war'
-            dest_path = os.path.join(setupObject.distGluuFolder, fname)
-            if not os.path.exists(dest_path):
-                print "Downloading:", fname
-                setupObject.run(['/usr/bin/wget', download_url, '--no-verbose', '--retry-connrefused', '--tries=10', '-O', dest_path])
-
-    def promptForProperties(self):
-
-        promptForCasa = setupObject.getPrompt("Install Gluu Casa? (Y/n)", "Y")[0].lower()
-
-        if promptForCasa == 'y':
-            self.application_max_ram = setupObject.getPrompt("Enter maximum RAM for applications in MB", '1024')
-
-            have_oxd = setupObject.getPrompt(
-                "Do you have an existing oxd-server-4.0 installation?\nNote: oxd is used to integrate this product with the Gluu Server OP. (Y/n) ?",
-                "n")[0].lower()
-
-            if have_oxd == 'y':
-                oxd_server_https = 'https://localhost:8443'
-                self.oxd_server_https = setupObject.getPrompt("Enter the URL + port of your oxd-server", oxd_server_https).lower()
-
-                o = urlparse(self.oxd_server_https)
-                oxd_hostname = o.hostname
-
-                if oxd_hostname in (self.detectedHostname, 'localhost'):
-                    self.start_oxd_server('restart')
-
-            else:
-                install_oxd = setupObject.getPrompt("Install oxd-server on this host now?", "Y")[0].lower()
-                if install_oxd == 'n':
-                    print "An oxd server instance is required when installing this product via Linux packages"
-                    sys.exit(0)
-                else:
-                    self.install_oxd = True
-                    self.oxd_server_https = 'https://localhost:8443'
-
-            promptForLicense = setupObject.getPrompt("\n\nDo you acknowledge that Casa is commercial software, and use of Casa is only permitted\nunder the Gluu License Agreement for Gluu Casa? [Y/n]", "n")[0].lower()
-            if promptForLicense == 'n':
-                print("You must accept the Gluu License Agreement to continue. Exiting.\n")
-                sys.exit()
-
-
-    def casa_json_config(self):
-        data = setupObject.readFile(self.casa_config)
-        datastore = json.loads(data)
-
-        o = urlparse(self.oxd_server_https)
-        self.oxd_hostname = o.hostname
-        self.oxd_port = o.port if o.port else 8443
-
-        datastore['oxd_config']['host'] = self.oxd_hostname
-        datastore['oxd_config']['port'] = self.oxd_port
-
-        datastore_str = json.dumps(datastore, indent=2)
-        setupObject.writeFile(self.casa, datastore_str)
-
-
-    def import_ldif(self):
-        
-        p = get_properties(setupObject.gluu_properties_fn)
-
-        if os.path.exists(setupObject.gluu_hybrid_roperties):
-             get_properties(setupObject.gluu_hybrid_roperties, p)
-
-        if p["persistence.type"] == 'couchbase' or p.get('storage.default') == 'couchbase':
-            self.import_ldif_couchbase()
-        elif p["persistence.type"] == 'ldap' or p.get('storage.default') == 'ldap':
-            self.import_ldif_ldap()
-
-
-    def import_ldif_couchbase(self):
-        setupObject.logIt("Importing LDIF files into Couchbase")
-        p = get_properties(setupObject.gluuCouchebaseProperties)
-        attribDataTypes.startup(setupObject.install_dir)
-
-        setupObject.prepare_multivalued_list()
-        setupObject.cbm = CBM(p['servers'].split(',')[0], p['auth.userName'], unobscure(p['auth.userPassword']))
-        setupObject.import_ldif_couchebase([os.path.join('.','output/scripts_casa.ldif')],'gluu')
-
-
-    def import_ldif_ldap(self):
-        setupObject.logIt("Importing LDIF files into LDAP")
-        
-        if not os.path.exists(setupObject.gluu_properties_fn):
-            sys.exit("ldap properties file does not exist on this server. Terminating installation.")
-
-        p = get_properties(setupObject.ox_ldap_properties)
-
-        setupObject.ldapPass = unobscure(p['bindPassword'])
-        setupObject.ldap_hostname = p['servers'].split(',')[0].split(':')[0]
-
-        setupObject.createLdapPw()
-        setupObject.ldap_binddn = "cn=directory manager"
-        setupObject.import_ldif_template_opendj(self.ldif_scripts_casa)
-        setupObject.deleteLdapPw()
-
-
-    def install_oxd_server(self):
-
-        print "\nInstalling oxd from package..."
-        packageRpm = True
-        packageExtension = ".rpm"
-        if setupObject.os_type in ['debian', 'ubuntu']:
-            packageRpm = False
-            packageExtension = ".deb"
-
-        oxdDistFolder = "%s/%s" % (self.distFolder, "oxd")
-
-        if not os.path.exists(oxdDistFolder):
-            setupObject.logIt(oxdDistFolder+" Directory is not found")
-            print oxdDistFolder+" Directory is not found"
-            sys.exit(0)
-
-        packageName = None
-        for file in os.listdir(oxdDistFolder):
-            if file.endswith(packageExtension):
-                packageName = "%s/%s" % ( oxdDistFolder, file )
-
-        if packageName == None:
-            setupObject.logIt('Failed to find oxd package in folder %s !' % oxdDistFolder)
-            sys.exit(0)
-
-        setupObject.logIt("Found package '%s' for install" % packageName)
-
-        if packageRpm:
-            setupObject.run([setupObject.cmd_rpm, '--install', '--verbose', '--hash', packageName])
-        else:
-            setupObject.run([setupObject.cmd_dpkg, '--install', packageName])
-
-        #set trust_all_certs: true in oxd-server.yml 
-        oxd_yaml_fn ='/opt/oxd-server/conf/oxd-server.yml'
-        oxd_yaml = setupObject.readFile(oxd_yaml_fn).split('\n')
-        
-        for i, l in enumerate(oxd_yaml[:]):
-            if l.strip().startswith('trust_all_certs'):
-                oxd_yaml[i] = 'trust_all_certs: true'
-        
-        setupObject.writeFile(oxd_yaml_fn, '\n'.join(oxd_yaml))
-
-        # Enable service autoload on Gluu-Server startup
-        setupObject.enable_service_at_start('oxd-server')
-        # change start.sh permission
-        setupObject.run(['chmod', '+x', '/opt/oxd-server/bin/oxd-start.sh'])
-        
-        # Start oxd-server
-        self.start_oxd_server()
-
-    def start_oxd_server(self, cmd='start'):
-        print "Starting oxd-server..."
-        setupObject.run_service_command('oxd-server', cmd)
-
-
-    def install_casa(self):
-        print "Installing Casa"
-        setupObject.logIt("Configuring Casa...")
-        
-        setupObject.calculate_aplications_memory(self.application_max_ram, 
-                                                 self.jetty_app_configuration,
-                                                 [self.jetty_app_configuration['casa']],
-                                                )
-
-        setupObject.copyFile('%s/casa.json' % setupObject.outputFolder, setupObject.configFolder)
-        setupObject.run(['chmod', 'g+w', '/opt/gluu/python/libs'])
-
-        setupObject.logIt("Copying casa.war into jetty webapps folder...")
-
-        jettyServiceName = 'casa'
-        setupObject.installJettyService(self.jetty_app_configuration[jettyServiceName])
-
-        jettyServiceWebapps = '%s/%s/webapps' % (setupObject.jetty_base, jettyServiceName)
-        setupObject.copyFile('%s/casa.war' % setupObject.distGluuFolder, jettyServiceWebapps)
-
-        jettyServiceOxAuthCustomLibsPath = '%s/%s/%s' % (setupObject.jetty_base, "oxauth", "custom/libs")
-        setupObject.copyFile(os.path.join(setupObject.distGluuFolder, os.path.basename(self.twilio_jar_url)), jettyServiceOxAuthCustomLibsPath)
-        
-        setupObject.run([setupObject.cmd_chown, '-R', 'jetty:jetty', jettyServiceOxAuthCustomLibsPath])
-
-        # Make necessary Directories for Casa
-        for path in ('/opt/gluu/jetty/casa/static/', '/opt/gluu/jetty/casa/plugins'):
-            if not os.path.exists(path):
-                setupObject.run(['mkdir', '-p', path])
-                setupObject.run(['chown', '-R', 'jetty:jetty', path])
-        
-        #Adding twilio jar path to oxauth.xml
-        oxauth_xml_fn = '/opt/gluu/jetty/oxauth/webapps/oxauth.xml'
-        if os.path.exists(oxauth_xml_fn):
-            oxauth_xml = setupObject.readFile(oxauth_xml_fn)
-            oxauth_xml = oxauth_xml.splitlines()
-
-            n = -1
-
-            for i, l in enumerate(oxauth_xml[:]):
-                ls = l.strip()
-                if ls == '</Configure>':
-                    n = i
-                if re.search('twilio-(.*)\.jar', ls):
-                    oxauth_xml.remove(l)
-                    n -= 1
-
-            oxauth_xml.insert(n, '\t<Set name="extraClasspath">./custom/libs/twilio-{}.jar</Set>'.format(self.twilio_version))
-            oxauth_xml = '\n'.join(oxauth_xml)
-            setupObject.writeFile(oxauth_xml_fn, oxauth_xml)
-        
-        setupObject.run(['chown', '-R', 'jetty:jetty', '%s/casa.json' % setupObject.configFolder])
-        setupObject.run(['chmod', 'g+w', '%s/casa.json' % setupObject.configFolder])
-        self.casa_json_config()
-        
-
-    def start_services(self):
-
-        # Restart oxAuth service to load new custom libs
-        print "\nRestarting oxAuth"
-        try:
-            setupObject.run_service_command('oxauth', 'restart')
-            print "oxAuth restarted!\n"
-        except:
-            print "Error starting oxAuth! Please review setup_casa_error.log."
-            setupObject.logIt("Error starting oxAuth", True)
-            setupObject.logIt(traceback.format_exc(), True)
-
-        # Start Casa
-        print "Starting Casa..."
-        try:
-            setupObject.run_service_command('casa', 'start')
-            print "Casa started!\n"
-        except:
-            print "Error starting Casa! Please review setup_casa_error.log."
-            setupObject.logIt("Error starting Casa", True)
-            setupObject.logIt(traceback.format_exc(), True)
-
-    def import_oxd_certificate2javatruststore(self):
-        setupObject.logIt("Importing oxd certificate")
-        oxd_cert = ssl.get_server_certificate((self.oxd_hostname, self.oxd_port))
-        oxd_alias = 'oxd_' + self.oxd_hostname.replace('.','_')
-        oxd_cert_tmp_fn = '/tmp/{}.crt'.format(oxd_alias)
-
-        with open(oxd_cert_tmp_fn,'w') as w:
-            w.write(oxd_cert)
-
-        setupObject.run(['/opt/jre/jre/bin/keytool', '-import', '-trustcacerts', '-keystore', 
-                        '/opt/jre/jre/lib/security/cacerts', '-storepass', 'changeit', 
-                        '-noprompt', '-alias', oxd_alias, '-file', oxd_cert_tmp_fn])
-
-    def load_properties(self, fn):
-        setupObject.logIt('Loading Properties %s' % fn)
-        p = get_properties(fn)
-
-        for k in p.keys():
-            setattr(self, k, p[k])
-
-if __name__ == '__main__':
-
-
-    setupObject = Setup(cur_dir)
-    setupObject.log = os.path.join(cur_dir, 'setup_casa.log')
-    setupObject.logError = os.path.join(cur_dir, 'setup_casa_error.log')
-
-    installObject = SetupCasa(cur_dir)    
-
-    if installObject.check_installed():
-        print "\033[91m\nThis instance has already been configured. If you need to install new one you should reinstall package first.\033[0m"
-        sys.exit(2)
-
-    # Get the OS and init type
-    (setupObject.os_type, setupObject.os_version) = setupObject.detect_os_type()
-    setupObject.os_initdaemon = setupObject.detect_initd()
-    
-    print "\nInstalling Gluu Casa...\n"
-    print "Detected OS  :  %s %s" % (setupObject.os_type, setupObject.os_version)
-    print "Detected init:  %s" % setupObject.os_initdaemon
-
-    setupObject.logIt("Installing Gluu Casa")
-
-    if os.path.exists(installObject.setup_properties_fn):
-        installObject.load_properties(installObject.setup_properties_fn)
-    else:
-        installObject.promptForProperties()
-
-    try:
-        installObject.download_files()
-
-        if installObject.install_oxd:
-            installObject.install_oxd_server()
-
-        installObject.install_casa()
-        installObject.import_ldif()
-        installObject.import_oxd_certificate2javatruststore()
-        installObject.start_services()
-        setupObject.save_properties(installObject.savedProperties, installObject)
-    except:
-        setupObject.logIt("***** Error caught in main loop *****", True)
-        setupObject.logIt(traceback.format_exc(), True)
-
-
-    print "Gluu Casa installation successful!\nPoint your browser to https://%s/casa\n" % installObject.detectedHostname
-    print "Recall admin capabilities are disabled by default.\nCheck casa docs to learn how to unlock admin features\n"
-

From f6be736fc97c284f94a3e4d0593fb2e19bd22942 Mon Sep 17 00:00:00 2001
From: Jose <bonustrack310@gmail.com>
Date: Sun, 6 Mar 2022 10:23:39 -0500
Subject: [PATCH 018/101] chore: update custom scripts #125

---
 casa/app/src/main/webapp/enrollment-api.yaml | 158 +------------
 casa/extras/Casa.py                          |   6 +-
 casa/extras/casa-external_u2f.py             | 225 -------------------
 3 files changed, 2 insertions(+), 387 deletions(-)
 delete mode 100644 casa/extras/casa-external_u2f.py

diff --git a/casa/app/src/main/webapp/enrollment-api.yaml b/casa/app/src/main/webapp/enrollment-api.yaml
index 5b0f62802..18967351c 100644
--- a/casa/app/src/main/webapp/enrollment-api.yaml
+++ b/casa/app/src/main/webapp/enrollment-api.yaml
@@ -698,162 +698,6 @@ paths:
                 type: string
                 description: Possible values for code&#58; NO_MATCH_OR_EXPIRED, FAILED
 
-#  /enrollment/u2f/registration-message:
-#    get:
-#      tags:
-#        - fido
-#
-#      description: |
-#        Gets a U2F registration message to be used in the browser using the U2F client API
-#
-#      security:
-#        - casa_auth: []
-#      parameters:
-#        -
-#          name: userid
-#          in: query
-#          description: Identifier (inum) of the user attempting the enrollment
-#          required: true
-#          type: string
-#
-#      responses:
-#        200:
-#          description: |
-#            A json containing an object useful to be passed to `u2f.register` javascript method.
-#            See: https://developers.yubico.com/U2F/Protocol_details/Specification.html
-#        400:
-#          description: A parameter is missing or inconsistent
-#          schema:
-#            type: object
-#            required:
-#             - code
-#            properties:
-#              code:
-#                type: string
-#                example: NO_USER_ID
-#        404:
-#          description: The user passed does not exist
-#          schema:
-#            type: object
-#            required:
-#             - code
-#            properties:
-#              code:
-#                type: string
-#                example: UNKNOWN_USER_ID
-#        500:
-#          description: An unexpected error occurred when processing the request
-#          schema:
-#            type: object
-#            required:
-#             - code
-#            properties:
-#              code:
-#                type: string
-#                example: FAILED
-#
-#  /enrollment/u2f/registration/{userid}:
-#    post:
-#      tags:
-#        - fido
-#      description: |
-#        Sends back to server the result obtained after the call to `u2f.register` was
-#        made. This occurs after the user touches the u2f key button
-#
-#      parameters:
-#        -
-#          name: registrationResult
-#          in: body
-#          required: true
-#          schema:
-#            type: object
-#        -
-#          name: userid
-#          in: path
-#          description: Identifier (inum) of the user owning the device
-#          required: true
-#          type: string
-#
-#      responses:
-#        201:
-#          description: Successful enrollment of device
-#          schema:
-#            $ref: '#/definitions/SecurityKey'
-#
-#        404:
-#          description: The user supplied does not exist or is not recognized
-#            to have a recent call to `registration-message`
-#          schema:
-#            type: object
-#            required:
-#             - code
-#            properties:
-#              code:
-#                type: string
-#                example: NO_MATCH_OR_EXPIRED|UNKNOWN_USER_ID
-#        500:
-#          description: The operation of enrollment failed
-#          schema:
-#            type: object
-#            required:
-#             - code
-#            properties:
-#              code:
-#                type: string
-#                example: FAILED
-#
-#  /enrollment/u2f/creds/{userid}:
-#    post:
-#      tags:
-#        - fido
-#      description: |
-#        Assigns the nick name for a **recently** enrolled security key device whose
-#        associated user ID is passed in path parameter. Details of the credential
-#        are passed in credential parameter. This is supposed to be called **after**
-#        a call to `registration/{userid}` having received the data of the credential
-#
-#      parameters:
-#        -
-#          name: credential
-#          in: body
-#          description: |
-#            Contains a nickname for this credential and the identifier (key) obtained in
-#            a previous `registration` call.
-#          required: true
-#          schema:
-#            $ref: '#/definitions/NamedCredential'
-#        -
-#          name: userid
-#          in: path
-#          description: Identifier (inum) of the user owning the device
-#          required: true
-#          type: string
-#
-#      responses:
-#        200:
-#          description: Update successfully applied. Empty body
-#        400:
-#          description: A parameter is missing
-#          schema:
-#            type: object
-#            required:
-#             - code
-#            properties:
-#              code:
-#                type: string
-#                example: MISSING_PARAMS
-#        500:
-#          description: The provided key in credential parameter is not
-#            recognized as a recent enrollment or the update failed
-#          schema:
-#            type: object
-#            required:
-#             - code
-#            properties:
-#              code:
-#                type: string
-#                example: NO_MATCH_OR_EXPIRED|FAILED
-
   /enrollment/fido2/attestation:
     get:
       tags:
@@ -1057,7 +901,7 @@ paths:
                 type: array
                 items:
                   type: string
-                example: ["otp", "u2f", "fido2"]
+                example: ["otp", "fido2"]
               total_creds:
                 type: integer
                 example: 3
diff --git a/casa/extras/Casa.py b/casa/extras/Casa.py
index 4d2453344..cefaa6106 100644
--- a/casa/extras/Casa.py
+++ b/casa/extras/Casa.py
@@ -32,7 +32,6 @@ class PersonAuthentication(PersonAuthenticationType):
     def __init__(self, currentTimeMillis):
         self.currentTimeMillis = currentTimeMillis
         self.ACR_SG = "super_gluu"
-        self.ACR_U2F = "u2f"
 
         self.modulePrefix = "casa-external_"
 
@@ -58,10 +57,7 @@ def init(self, customScript, configurationAttributes):
                     print "Casa. init. Got dynamic module for acr %s" % acr
                     configAttrs = self.getConfigurationAttributes(acr, self.scriptsList)
 
-                    if acr == self.ACR_U2F:
-                        u2f_application_id = configurationAttributes.get("u2f_app_id").getValue2()
-                        configAttrs.put("u2f_application_id", SimpleCustomProperty("u2f_application_id", u2f_application_id))
-                    elif acr == self.ACR_SG:
+                    if acr == self.ACR_SG:
                         application_id = configurationAttributes.get("supergluu_app_id").getValue2()
                         configAttrs.put("application_id", SimpleCustomProperty("application_id", application_id))
 
diff --git a/casa/extras/casa-external_u2f.py b/casa/extras/casa-external_u2f.py
deleted file mode 100644
index e1ecb56c7..000000000
--- a/casa/extras/casa-external_u2f.py
+++ /dev/null
@@ -1,225 +0,0 @@
-from io.jans.model.custom.script.type.auth import PersonAuthenticationType
-from io.jans.as.client.fido.u2f import FidoU2fClientFactory
-from io.jans.as.server.model.config import Constants
-from io.jans.as.server.security import Identity
-from io.jans.as.server.service import AuthenticationService
-from io.jans.as.server.service import SessionIdService
-from io.jans.as.server.service import UserService
-from io.jans.as.server.service.fido.u2f import DeviceRegistrationService
-from io.jans.as.server.util import ServerUtil
-from io.jans.service.cdi.util import CdiUtil
-from io.jans.util import StringHelper
-
-from javax.ws.rs import ClientErrorException, WebApplicationException
-from javax.ws.rs.core import Response
-
-import java
-import sys
-
-
-class PersonAuthentication(PersonAuthenticationType):
-    def __init__(self, currentTimeMillis):
-        self.currentTimeMillis = currentTimeMillis
-
-    def init(self, customScript, configurationAttributes):
-        print "U2F. Initialization"
-
-        print "U2F. Initialization. Downloading U2F metadata"
-        u2f_server_uri = configurationAttributes.get("u2f_server_uri").getValue2()
-        u2f_server_metadata_uri = u2f_server_uri + "/.well-known/fido-configuration"
-        #u2f_server_metadata_uri = u2f_server_uri + "/oxauth/restv1/fido-configuration"
-
-        metaDataConfigurationService = FidoU2fClientFactory.instance().createMetaDataConfigurationService(u2f_server_metadata_uri)
-
-        max_attempts = 20
-        for attempt in range(1, max_attempts + 1):
-            try:
-                self.metaDataConfiguration = metaDataConfigurationService.getMetadataConfiguration()
-                break
-            except WebApplicationException, ex:
-                # Detect if last try or we still get Service Unavailable HTTP error
-                if (attempt == max_attempts) or (ex.getResponse().getStatus() != Response.Status.SERVICE_UNAVAILABLE.getStatusCode()):
-                    raise ex
-
-                java.lang.Thread.sleep(3000)
-                print "Attempting to load metadata: %d" % attempt
-
-        print "U2F. Initialized successfully"
-        return True
-
-    def destroy(self, configurationAttributes):
-        print "U2F. Destroy"
-        print "U2F. Destroyed successfully"
-        return True
-
-    def getApiVersion(self):
-        return 11
-
-    def getAuthenticationMethodClaims(self, configurationAttributes):
-        return None
-
-    def isValidAuthenticationMethod(self, usageType, configurationAttributes):
-        return True
-
-    def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):
-        return None
-
-    def authenticate(self, configurationAttributes, requestParameters, step):
-        authenticationService = CdiUtil.bean(AuthenticationService)
-
-        identity = CdiUtil.bean(Identity)
-        credentials = identity.getCredentials()
-
-        user_name = credentials.getUsername()
-
-        if (step == 1):
-            print "U2F. Authenticate for step 1"
-
-            if authenticationService.getAuthenticatedUser() != None:
-                return True
-
-            user_password = credentials.getPassword()
-            logged_in = False
-            if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
-                userService = CdiUtil.bean(UserService)
-                logged_in = authenticationService.authenticate(user_name, user_password)
-
-            if (not logged_in):
-                return False
-
-            return True
-        elif (step == 2):
-            print "U2F. Authenticate for step 2"
-
-            token_response = ServerUtil.getFirstValue(requestParameters, "tokenResponse")
-            if token_response == None:
-                print "U2F. Authenticate for step 2. tokenResponse is empty"
-                return False
-
-            auth_method = ServerUtil.getFirstValue(requestParameters, "authMethod")
-            if auth_method == None:
-                print "U2F. Authenticate for step 2. authMethod is empty"
-                return False
-
-            authenticationService = CdiUtil.bean(AuthenticationService)
-            user = authenticationService.getAuthenticatedUser()
-            if (user == None):
-                print "U2F. Prepare for step 2. Failed to determine user name"
-                return False
-
-            if (auth_method == 'authenticate'):
-                print "U2F. Prepare for step 2. Call FIDO U2F in order to finish authentication workflow"
-                authenticationRequestService = FidoU2fClientFactory.instance().createAuthenticationRequestService(self.metaDataConfiguration)
-                authenticationStatus = authenticationRequestService.finishAuthentication(user.getUserId(), token_response)
-
-                if (authenticationStatus.getStatus() != Constants.RESULT_SUCCESS):
-                    print "U2F. Authenticate for step 2. Get invalid authentication status from FIDO U2F server"
-                    return False
-
-                return True
-            elif (auth_method == 'enroll'):
-                print "U2F. Prepare for step 2. Call FIDO U2F in order to finish registration workflow"
-                registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(self.metaDataConfiguration)
-                registrationStatus = registrationRequestService.finishRegistration(user.getUserId(), token_response)
-
-                if (registrationStatus.getStatus() != Constants.RESULT_SUCCESS):
-                    print "U2F. Authenticate for step 2. Get invalid registration status from FIDO U2F server"
-                    return False
-
-                return True
-            else:
-                print "U2F. Prepare for step 2. Authenticatiod method is invalid"
-                return False
-
-            return False
-        else:
-            return False
-
-    def prepareForStep(self, configurationAttributes, requestParameters, step):
-        identity = CdiUtil.bean(Identity)
-
-        if (step == 1):
-            return True
-        elif (step == 2):
-            print "U2F. Prepare for step 2"
-
-            session_id = CdiUtil.bean(SessionIdService).getSessionId()
-            if session_id == None:
-                print "U2F. Prepare for step 2. Failed to determine session_id"
-                return False
-
-            authenticationService = CdiUtil.bean(AuthenticationService)
-            user = authenticationService.getAuthenticatedUser()
-            if (user == None):
-                print "U2F. Prepare for step 2. Failed to determine user name"
-                return False
-
-            u2f_application_id = configurationAttributes.get("u2f_application_id").getValue2()
-
-            # Check if user have registered devices
-            deviceRegistrationService = CdiUtil.bean(DeviceRegistrationService)
-
-            userInum = user.getAttribute("inum")
-
-            registrationRequest = None
-            authenticationRequest = None
-
-            deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, u2f_application_id)
-            if (deviceRegistrations.size() > 0):
-                print "U2F. Prepare for step 2. Call FIDO U2F in order to start authentication workflow"
-
-                try:
-                    authenticationRequestService = FidoU2fClientFactory.instance().createAuthenticationRequestService(self.metaDataConfiguration)
-                    authenticationRequest = authenticationRequestService.startAuthentication(user.getUserId(), None, u2f_application_id, session_id.getId())
-                except ClientErrorException, ex:
-                    if (ex.getResponse().getResponseStatus() != Response.Status.NOT_FOUND):
-                        print "U2F. Prepare for step 2. Failed to start authentication workflow. Exception:", sys.exc_info()[1]
-                        return False
-            else:
-                print "U2F. Prepare for step 2. Call FIDO U2F in order to start registration workflow"
-                registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(self.metaDataConfiguration)
-                registrationRequest = registrationRequestService.startRegistration(user.getUserId(), u2f_application_id, session_id.getId())
-
-            identity.setWorkingParameter("fido_u2f_authentication_request", ServerUtil.asJson(authenticationRequest))
-            identity.setWorkingParameter("fido_u2f_registration_request", ServerUtil.asJson(registrationRequest))
-
-            return True
-        elif (step == 3):
-            print "U2F. Prepare for step 3"
-
-            return True
-        else:
-            return False
-
-    def getExtraParametersForStep(self, configurationAttributes, step):
-        return None
-
-    def getCountAuthenticationSteps(self, configurationAttributes):
-        return 2
-
-    def getPageForStep(self, configurationAttributes, step):
-        if (step == 2):
-            #Modified for Casa compliance
-            return "/casa/u2f.xhtml"
-
-        return ""
-
-    def logout(self, configurationAttributes, requestParameters):
-        return True
-
-    # Added for Casa compliance
-
-    def hasEnrollments(self, configurationAttributes, user):
-
-        inum = user.getAttribute("inum")
-        devRegService = CdiUtil.bean(DeviceRegistrationService)
-        app_id = configurationAttributes.get("u2f_application_id").getValue2()
-        userDevices = devRegService.findUserDeviceRegistrations(inum, app_id, "jansStatus")
-
-        hasDevices = False
-        for device in userDevices:
-            if device.getStatus() != None and device.getStatus().getValue() == "active":
-                hasDevices=True
-                break
-
-        return hasDevices

From ae455c5940fad46ddb80617aa2716d9de80c9023 Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Mon, 7 Mar 2022 13:22:01 +0530
Subject: [PATCH 019/101] feat: move health menu under Home menu #116

---
 admin-ui/app/redux/actions/HealthAction.js    |  11 +
 .../redux/actions/LicenseDetailsActions.js    |  26 +++
 admin-ui/app/redux/actions/types.js           |  10 +-
 admin-ui/app/redux/api/HealthApi.js           |  18 ++
 admin-ui/app/redux/api/LicenseDetailsApi.js   |  31 +++
 admin-ui/app/redux/reducers/HealthReducer.js  |  40 ++++
 .../redux/reducers/LicenseDetailsReducer.js   |  54 +++++
 admin-ui/app/redux/reducers/index.js          |   4 +
 admin-ui/app/redux/sagas/HealthSaga.js        |  49 +++++
 .../app/redux/sagas/LicenseDetailsSaga.js     |  73 +++++++
 admin-ui/app/redux/sagas/index.js             |   4 +
 .../app/routes/Apps/Gluu/GluuAppSidebar.js    |  12 ++
 admin-ui/app/routes/Health/HealthPage.js      |  97 +++++++++
 .../app/routes/License/LicenseDetailsForm.js  | 120 +++++++++++
 .../routes/License/LicenseDetailsForm.test.js |  24 +++
 .../app/routes/License/LicenseDetailsPage.js  | 192 ++++++++++++++++++
 .../routes/License/LicenseDetailsPage.test.js |  40 ++++
 admin-ui/app/routes/License/license.js        |  15 ++
 admin-ui/app/routes/index.js                  |   4 +
 19 files changed, 823 insertions(+), 1 deletion(-)
 create mode 100644 admin-ui/app/redux/actions/HealthAction.js
 create mode 100644 admin-ui/app/redux/actions/LicenseDetailsActions.js
 create mode 100644 admin-ui/app/redux/api/HealthApi.js
 create mode 100644 admin-ui/app/redux/api/LicenseDetailsApi.js
 create mode 100644 admin-ui/app/redux/reducers/HealthReducer.js
 create mode 100644 admin-ui/app/redux/reducers/LicenseDetailsReducer.js
 create mode 100644 admin-ui/app/redux/sagas/HealthSaga.js
 create mode 100644 admin-ui/app/redux/sagas/LicenseDetailsSaga.js
 create mode 100644 admin-ui/app/routes/Health/HealthPage.js
 create mode 100644 admin-ui/app/routes/License/LicenseDetailsForm.js
 create mode 100644 admin-ui/app/routes/License/LicenseDetailsForm.test.js
 create mode 100644 admin-ui/app/routes/License/LicenseDetailsPage.js
 create mode 100644 admin-ui/app/routes/License/LicenseDetailsPage.test.js
 create mode 100644 admin-ui/app/routes/License/license.js

diff --git a/admin-ui/app/redux/actions/HealthAction.js b/admin-ui/app/redux/actions/HealthAction.js
new file mode 100644
index 000000000..87a88c879
--- /dev/null
+++ b/admin-ui/app/redux/actions/HealthAction.js
@@ -0,0 +1,11 @@
+import { GET_HEALTH, GET_HEALTH_RESPONSE } from './types'
+
+export const getHealthStatus = (action) => ({
+  type: GET_HEALTH,
+  payload: { action },
+})
+
+export const getHealthStatusResponse = (data) => ({
+  type: GET_HEALTH_RESPONSE,
+  payload: { data },
+})
diff --git a/admin-ui/app/redux/actions/LicenseDetailsActions.js b/admin-ui/app/redux/actions/LicenseDetailsActions.js
new file mode 100644
index 000000000..487377212
--- /dev/null
+++ b/admin-ui/app/redux/actions/LicenseDetailsActions.js
@@ -0,0 +1,26 @@
+import {
+  GET_LICENSE_DETAILS,
+  GET_LICENSE_DETAILS_RESPONSE,
+  UPDATE_LICENSE_DETAILS,
+  UPDATE_LICENSE_DETAILS_RESPONSE,
+} from './types'
+
+export const getLicenseDetails = (action) => ({
+  type: GET_LICENSE_DETAILS,
+  payload: { action },
+})
+
+export const getLicenseDetailsResponse = (data) => ({
+  type: GET_LICENSE_DETAILS_RESPONSE,
+  payload: { data },
+})
+
+export const updateLicenseDetails = (action) => ({
+  type: UPDATE_LICENSE_DETAILS,
+  payload: { action },
+})
+
+export const updateLicenseDetailsResponse = (data) => ({
+  type: UPDATE_LICENSE_DETAILS_RESPONSE,
+  payload: { data },
+})
\ No newline at end of file
diff --git a/admin-ui/app/redux/actions/types.js b/admin-ui/app/redux/actions/types.js
index ef5efa84b..aeea155fc 100644
--- a/admin-ui/app/redux/actions/types.js
+++ b/admin-ui/app/redux/actions/types.js
@@ -68,4 +68,12 @@ export const ACTIVATE_LICENSE = 'ACTIVATE_LICENSE'
 export const ACTIVATE_LICENSE_RESPONSE = 'ACTIVATE_LICENSE_RESPONSE'
 //OIDC DISCOVERY
 export const GET_OIDC_DISCOVERY = 'GET_OIDC_DISCOVERY'
-export const GET_OIDC_DISCOVERY_RESPONSE = 'GET_OIDC_DISCOVERY_RESPONSE'
\ No newline at end of file
+export const GET_OIDC_DISCOVERY_RESPONSE = 'GET_OIDC_DISCOVERY_RESPONSE'
+// Health
+export const GET_HEALTH = 'GET_HEALTH'
+export const GET_HEALTH_RESPONSE = 'GET_HEALTH_RESPONSE'
+//License Details
+export const GET_LICENSE_DETAILS = 'GET_LICENSE_DETAILS'
+export const GET_LICENSE_DETAILS_RESPONSE = 'GET_LICENSE_DETAILS_RESPONSE'
+export const UPDATE_LICENSE_DETAILS = 'UPDATE_LICENSE_DETAILS'
+export const UPDATE_LICENSE_DETAILS_RESPONSE = 'UPDATE_LICENSE_DETAILS_RESPONSE'
\ No newline at end of file
diff --git a/admin-ui/app/redux/api/HealthApi.js b/admin-ui/app/redux/api/HealthApi.js
new file mode 100644
index 000000000..193b96c93
--- /dev/null
+++ b/admin-ui/app/redux/api/HealthApi.js
@@ -0,0 +1,18 @@
+export default class HealthApi {
+  constructor(api) {
+    this.api = api
+  }
+
+  getHealthStatus = () => {
+    return new Promise((resolve, reject) => {
+      this.api.getAuthServerHealth((error, data) => {
+        if (error) {
+          console.log(e);
+          reject(error)
+        } else {
+          resolve(data)
+        }
+      })
+    })
+  }
+}
diff --git a/admin-ui/app/redux/api/LicenseDetailsApi.js b/admin-ui/app/redux/api/LicenseDetailsApi.js
new file mode 100644
index 000000000..3c8f604eb
--- /dev/null
+++ b/admin-ui/app/redux/api/LicenseDetailsApi.js
@@ -0,0 +1,31 @@
+export default class LicenseDetailsApi {
+  constructor(api) {
+    this.api = api
+  }
+
+  getLicenseDetails = () => {
+    return new Promise((resolve, reject) => {
+      this.api.getAdminuiLicense((error, data) => {
+        this.handleResponse(error, reject, resolve, data)
+      })
+    })
+  }
+
+  updateLicenseDetails = (data) => {
+    const options = {}
+    options['licenseRequest'] = data
+    return new Promise((resolve, reject) => {
+      this.api.editAdminuiLicense(options, (error, options) => {
+        this.handleResponse(error, reject, resolve, data)
+      })
+    })
+  }
+
+  handleResponse(error, reject, resolve, data) {
+    if (error) {
+      reject(error)
+    } else {
+      resolve(data)
+    }
+  }
+}
\ No newline at end of file
diff --git a/admin-ui/app/redux/reducers/HealthReducer.js b/admin-ui/app/redux/reducers/HealthReducer.js
new file mode 100644
index 000000000..c86284473
--- /dev/null
+++ b/admin-ui/app/redux/reducers/HealthReducer.js
@@ -0,0 +1,40 @@
+import { GET_HEALTH, GET_HEALTH_RESPONSE } from '../actions/types'
+import reducerRegistry from './ReducerRegistry'
+const INIT_STATE = {
+  serverStatus: null,
+  dbStatus: null,
+  loading: false,
+}
+
+const reducerName = 'healthReducer'
+
+export default function healthReducer(state = INIT_STATE, action) {
+  switch (action.type) {
+    case GET_HEALTH:
+      return {
+        ...state,
+        loading: true,
+      }
+    case GET_HEALTH_RESPONSE:
+      if (action.payload.data) {
+        return {
+          ...state,
+          serverStatus: action.payload.data.status,
+          dbStatus: action.payload.data.db_status,
+          loading: false,
+        }
+      } else {
+        return handleDefault()
+      }
+    default:
+      return handleDefault()
+  }
+
+  function handleDefault() {
+    return {
+      ...state,
+      loading: false,
+    }
+  }
+}
+reducerRegistry.register(reducerName, healthReducer)
diff --git a/admin-ui/app/redux/reducers/LicenseDetailsReducer.js b/admin-ui/app/redux/reducers/LicenseDetailsReducer.js
new file mode 100644
index 000000000..4c1c0ebc0
--- /dev/null
+++ b/admin-ui/app/redux/reducers/LicenseDetailsReducer.js
@@ -0,0 +1,54 @@
+import { GET_LICENSE_DETAILS, GET_LICENSE_DETAILS_RESPONSE, UPDATE_LICENSE_DETAILS, UPDATE_LICENSE_DETAILS_RESPONSE } from '../actions/types'
+import reducerRegistry from '../../redux/reducers/ReducerRegistry'
+const INIT_STATE = {
+  item: {},
+  loading: true,
+}
+
+const reducerName = 'licenseDetailsReducer'
+
+export default function licenseDetailsReducer(state = INIT_STATE, action) {
+  switch (action.type) {
+    case GET_LICENSE_DETAILS:
+      return {
+        ...state,
+        loading: true,
+      }
+    case GET_LICENSE_DETAILS_RESPONSE:
+      if (action.payload.data) {
+        return {
+          ...state,
+          item: action.payload.data,
+          loading: false,
+        }
+      } else {
+        return {
+          ...state,
+          loading: false,
+        }
+      }
+    case UPDATE_LICENSE_DETAILS:
+      return {
+        ...state,
+        loading: true,
+      }
+    case UPDATE_LICENSE_DETAILS_RESPONSE:
+      if (action.payload.data) {
+        return {
+          ...state,
+          items: action.payload.data,
+          loading: false,
+        }
+      } else {
+        return {
+          ...state,
+          loading: false,
+        }
+      }
+    default:
+      return {
+        ...state,
+      }
+  }
+}
+reducerRegistry.register(reducerName, licenseDetailsReducer)
diff --git a/admin-ui/app/redux/reducers/index.js b/admin-ui/app/redux/reducers/index.js
index 97b5a3081..873acdfc5 100644
--- a/admin-ui/app/redux/reducers/index.js
+++ b/admin-ui/app/redux/reducers/index.js
@@ -2,11 +2,13 @@
  * App Reducers
  */
 import mauReducer from './MauReducer'
+import healthReducer from './HealthReducer'
 import authReducer from './AuthReducer'
 import fidoReducer from './FidoReducer'
 import initReducer from './InitReducer'
 import logoutReducer from './LogoutReducer'
 import licenseReducer from './LicenseReducer'
+import licenseDetailsReducer from './LicenseDetailsReducer'
 import oidcDiscoveryReducer from './OidcDiscoveryReducer'
 
 const appReducers = {
@@ -17,6 +19,8 @@ const appReducers = {
   licenseReducer,
   oidcDiscoveryReducer,
   mauReducer,
+  healthReducer,
+  licenseDetailsReducer,
 }
 
 export default appReducers
diff --git a/admin-ui/app/redux/sagas/HealthSaga.js b/admin-ui/app/redux/sagas/HealthSaga.js
new file mode 100644
index 000000000..28bad31e5
--- /dev/null
+++ b/admin-ui/app/redux/sagas/HealthSaga.js
@@ -0,0 +1,49 @@
+import { call, all, put, fork, takeLatest, select } from 'redux-saga/effects'
+import {
+  isFourZeroOneError,
+  addAdditionalData,
+} from '../../utils/TokenController'
+import { getHealthStatusResponse } from '../actions/HealthAction'
+import { getAPIAccessToken } from '../actions/AuthActions'
+import { postUserAction} from '../api/backend-api'
+import { GET_HEALTH } from '../actions/types'
+import HealthApi from '../api/HealthApi'
+import { getClient } from '../api/base'
+import { initAudit } from '../sagas/SagaUtils'
+const JansConfigApi = require('jans_config_api')
+
+function* newFunction() {
+  const token = yield select((state) => state.authReducer.token.access_token)
+  const issuer = yield select((state) => state.authReducer.issuer)
+  const api = new JansConfigApi.AuthServerHealthCheckApi(
+    getClient(JansConfigApi, token, issuer),
+  )
+  return new HealthApi(api)
+}
+
+export function* getHealthStatus({ payload }) {
+  const audit = yield* initAudit()
+  try {
+    payload = payload ? payload : { action: {} }
+    addAdditionalData(audit, 'FETCH', 'Health', payload)
+    const healthApi = yield* newFunction()
+    const data = yield call(healthApi.getHealthStatus, payload.action.action_data)
+    yield put(getHealthStatusResponse(data))
+    yield call(postUserAction, audit)
+  } catch (e) {
+
+    yield put(getHealthStatusResponse(null))
+    if (isFourZeroOneError(e)) {
+      const jwt = yield select((state) => state.authReducer.userinfo_jwt)
+      yield put(getAPIAccessToken(jwt))
+    }
+  }
+}
+
+export function* watchGetHealthStatus() {
+  yield takeLatest(GET_HEALTH, getHealthStatus)
+}
+
+export default function* rootSaga() {
+  yield all([fork(watchGetHealthStatus)])
+}
diff --git a/admin-ui/app/redux/sagas/LicenseDetailsSaga.js b/admin-ui/app/redux/sagas/LicenseDetailsSaga.js
new file mode 100644
index 000000000..3d4b48399
--- /dev/null
+++ b/admin-ui/app/redux/sagas/LicenseDetailsSaga.js
@@ -0,0 +1,73 @@
+import { all, call, fork, put, takeEvery, select } from 'redux-saga/effects'
+import { GET_LICENSE_DETAILS, UPDATE_LICENSE_DETAILS } from '../actions/types'
+import {
+  getLicenseDetailsResponse,
+  updateLicenseDetailsResponse,
+} from '../actions/LicenseDetailsActions'
+import { getClient } from '../../redux/api/base'
+import LicenseDetailsApi from '../api/LicenseDetailsApi'
+const JansConfigApi = require('jans_config_api')
+import { initAudit } from '../../redux/sagas/SagaUtils'
+import {
+  isFourZeroOneError,
+  addAdditionalData,
+} from '../../utils/TokenController'
+import { getAPIAccessToken } from '../../redux/actions/AuthActions'
+
+function* newFunction() {
+  const token = yield select((state) => state.authReducer.token.access_token)
+  const issuer = yield select((state) => state.authReducer.issuer)
+  const api = new JansConfigApi.AdminUILicenseApi(
+    getClient(JansConfigApi, token, issuer),
+  )
+  return new LicenseDetailsApi(api)
+}
+
+
+export function* getLicenseDetailsWorker({ payload }) {
+  const audit = yield* initAudit()
+  try {
+    //addAdditionalData(audit, FETCH, GET_LICENSE_DETAILS, payload)
+    const licenseApi = yield* newFunction()
+    const data = yield call(licenseApi.getLicenseDetails)
+    yield put(getLicenseDetailsResponse(data))
+    yield call(postUserAction, audit)
+  } catch (e) {
+    yield put(getLicenseDetailsResponse(null))
+    if (isFourZeroOneError(e)) {
+      const jwt = yield select((state) => state.authReducer.userinfo_jwt)
+      yield put(getAPIAccessToken(jwt))
+    }
+  }
+}
+
+export function* updateLicenseDetailsWorker({ payload }) {
+  const audit = yield* initAudit()
+  try {
+    //addAdditionalData(audit, UPDATE, UPDATE_LICENSE_DETAILS, payload)
+    const roleApi = yield* newFunction()
+    const data = yield call(roleApi.updateLicenseDetails, payload.action.action_data)
+    yield put(updateLicenseDetailsResponse(data))
+    yield call(postUserAction, audit)
+  } catch (e) {
+    yield put(updateLicenseDetailsResponse(null))
+    if (isFourZeroOneError(e)) {
+      const jwt = yield select((state) => state.authReducer.userinfo_jwt)
+      yield put(getAPIAccessToken(jwt))
+    }
+  }
+}
+
+
+export function* getLicenseWatcher() {
+
+  yield takeEvery(GET_LICENSE_DETAILS, getLicenseDetailsWorker)
+}
+
+export function* updateLicenseWatcher() {
+  yield takeEvery(UPDATE_LICENSE_DETAILS, updateLicenseDetailsWorker)
+}
+
+export default function* rootSaga() {
+  yield all([fork(getLicenseWatcher), fork(updateLicenseWatcher)])
+}
\ No newline at end of file
diff --git a/admin-ui/app/redux/sagas/index.js b/admin-ui/app/redux/sagas/index.js
index ab60195a3..e48540a5f 100644
--- a/admin-ui/app/redux/sagas/index.js
+++ b/admin-ui/app/redux/sagas/index.js
@@ -5,10 +5,12 @@ import { all } from 'redux-saga/effects'
 
 // sagas
 import mauSaga from './MauSaga'
+import healthSaga from './HealthSaga'
 import authSagas from './AuthSaga'
 import fidoSaga from './FidoSaga'
 import initSaga from './InitSaga'
 import licenseSaga from './LicenseSaga'
+import licenseDetailsSaga from './LicenseDetailsSaga'
 import oidcDiscoverySaga from './OidcDiscoverySaga'
 import process from '../../../plugins/PluginSagasResolver'
 
@@ -23,6 +25,8 @@ export default function* rootSaga() {
         licenseSaga(),
         oidcDiscoverySaga(),
         mauSaga(),
+        healthSaga(),
+        licenseDetailsSaga(),
       ],
       pluginSagaArr,
     ),
diff --git a/admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.js b/admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.js
index 3e2b70b3a..3fd11fc83 100644
--- a/admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.js
+++ b/admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.js
@@ -49,6 +49,18 @@ function GluuAppSidebar({ scopes }) {
             textStyle={{ fontSize: '18px', fontWeight: '600' }}
             exact
           />
+          <SidebarMenu.Item
+            title={t('menus.health')}
+            to="/home/health"
+            textStyle={{ fontSize: '18px', fontWeight: '600' }}
+            exact
+          />
+          <SidebarMenu.Item
+            title={t('menus.license')}
+            to="/home/licenseDetails"
+            textStyle={{ fontSize: '18px', fontWeight: '600' }}
+            exact
+          />
         </SidebarMenu.Item>
         <Divider />
         {/* -------- Plugins ---------*/}
diff --git a/admin-ui/app/routes/Health/HealthPage.js b/admin-ui/app/routes/Health/HealthPage.js
new file mode 100644
index 000000000..731f71389
--- /dev/null
+++ b/admin-ui/app/routes/Health/HealthPage.js
@@ -0,0 +1,97 @@
+import React, { useEffect } from 'react'
+import {
+  Container,
+  CardBody,
+  Card,
+  Badge,
+  CardHeader,
+  FormGroup,
+} from '../../components'
+import { useTranslation } from 'react-i18next'
+import applicationStyle from '../../routes/Apps/Gluu/styles/applicationstyle'
+import { buildPayload } from '../../utils/PermChecker'
+import { connect } from 'react-redux'
+import { getHealthStatus } from '../../redux/actions/HealthAction'
+import GluuRibbon from '../../routes/Apps/Gluu/GluuRibbon'
+
+function HealthPage({ serverStatus, dbStatus, dispatch }) {
+  const { t } = useTranslation()
+  const userAction = {}
+  const options = {}
+
+  useEffect(() => {
+    fetchHealthInfo(userAction, options, dispatch)
+  }, [])
+
+  function fetchHealthInfo() {
+    buildPayload(userAction, 'GET Health Status', options)
+    dispatch(getHealthStatus(userAction))
+  }
+
+  function getColor(status) {
+    return isUp(status) ? 'primary' : 'danger'
+  }
+
+  function isUp(status) {
+    if (status) {
+      return (
+        status.toUpperCase() === 'ONLINE'.toUpperCase() ||
+        status.toUpperCase() === 'RUNNING'.toUpperCase()
+      )
+    }
+    return false
+  }
+
+  return (
+    <Container>
+      <Card className="mb-3">
+        <GluuRibbon title={t('titles.services_health')} fromLeft />
+        <FormGroup row />
+        <FormGroup row />
+        <FormGroup row />
+        <CardBody>
+          <Card className="mb-3" style={applicationStyle.buttonStyle}>
+            <CardHeader tag="h6" className="text-white">
+              {t('titles.oauth_server_status_title')}
+            </CardHeader>
+            <CardBody
+              style={
+                isUp(serverStatus)
+                  ? applicationStyle.healthUp
+                  : applicationStyle.healthDown
+              }
+            >
+              {serverStatus && (
+                <Badge color={getColor(serverStatus)}>{serverStatus}</Badge>
+              )}
+            </CardBody>
+          </Card>
+          <Card className="mb-3" style={applicationStyle.buttonStyle}>
+            <CardHeader tag="h6" className="text-white">
+              {t('titles.database_status_title')}
+            </CardHeader>
+            <CardBody
+              style={
+                isUp(dbStatus)
+                  ? applicationStyle.healthUp
+                  : applicationStyle.healthDown
+              }
+            >
+              {dbStatus && <Badge color={getColor(dbStatus)}>{dbStatus}</Badge>}
+            </CardBody>
+          </Card>
+        </CardBody>
+      </Card>
+    </Container>
+  )
+}
+
+const mapStateToProps = (state) => {
+  return {
+    serverStatus: state.healthReducer.serverStatus,
+    dbStatus: state.healthReducer.dbStatus,
+    loading: state.healthReducer.loading,
+    permissions: state.authReducer.permissions,
+  }
+}
+export default connect(mapStateToProps)(HealthPage)
diff --git a/admin-ui/app/routes/License/LicenseDetailsForm.js b/admin-ui/app/routes/License/LicenseDetailsForm.js
new file mode 100644
index 000000000..a1543419d
--- /dev/null
+++ b/admin-ui/app/routes/License/LicenseDetailsForm.js
@@ -0,0 +1,120 @@
+import React, { useEffect, useState } from 'react'
+import { useTranslation } from 'react-i18next'
+import DatePicker from 'react-datepicker'
+import GluuLabel from '../../routes/Apps/Gluu/GluuLabel'
+import GluuCommitFooter from '../../routes/Apps/Gluu/GluuCommitFooter'
+import GluuCommitDialog from '../../routes/Apps/Gluu/GluuCommitDialog'
+import GluuToogle from '../../routes/Apps/Gluu/GluuToogle'
+import { LICENSE } from '../../utils/ApiResources'
+import GluuTooltip from '../../routes/Apps/Gluu/GluuTooltip'
+import {
+  Col,
+  Form,
+  FormGroup,
+  CustomInput,
+  Accordion,
+} from '../../components'
+import { Formik } from 'formik'
+
+function LicenseDetailsForm({ item, handleSubmit }) {
+  const { t } = useTranslation()
+  const [validityPeriod, setValidityPeriod] = useState(
+    !!item.validityPeriod ? new Date(item.validityPeriod) : new Date(),
+  )
+  const [modal, setModal] = useState(false)
+
+  useEffect(() => {
+    setValidityPeriod(new Date(item.validityPeriod))
+  }, [item.validityPeriod])
+
+  function toggle() {
+    setModal(!modal)
+  }
+
+  function submitForm() {
+    toggle()
+    document.getElementsByClassName('UserActionSubmitButton')[0].click()
+  }
+
+  const initialValues = {
+    maxActivations: item.maxActivations,
+    licenseActive: item.licenseActive,
+    validityPeriod: item.validityPeriod,
+  }
+  return (
+    <>
+      <Accordion className="mb-2 b-primary" initialOpen>
+        <Accordion.Header className="text-primary">
+          {t('fields.licenseDetails').toUpperCase()}
+        </Accordion.Header>
+        <Accordion.Body>
+          <Formik
+            initialValues={initialValues}
+            onSubmit={(values) => {
+              values.validityPeriod = validityPeriod
+              handleSubmit(values)
+            }}
+          >
+            {(formik) => (
+              <Form onSubmit={formik.handleSubmit}>
+                <GluuTooltip doc_category={LICENSE} doc_entry="validityPeriod">
+                  <FormGroup row>
+                    <GluuLabel label="fields.validityPeriod" size={5} />
+                    <Col sm={7}>
+                      <DatePicker
+                        id="validityPeriod"
+                        name="validityPeriod"
+                        dateFormat="yyyy-MM-dd"
+                        selected={validityPeriod}
+                        dropdownMode="select"
+                        onChange={(date) => setValidityPeriod(date)}
+                      />
+                    </Col>
+                  </FormGroup>
+                </GluuTooltip>
+                <GluuTooltip doc_category={LICENSE} doc_entry="maxActivations">
+                  <FormGroup row>
+                    <GluuLabel label="fields.maxActivations" size={5} />
+                    <Col sm={7}>
+                      <CustomInput
+                        type="number"
+                        placeholder={t('fields.maxActivations')}
+                        id="maxActivations"
+                        name="maxActivations"
+                        defaultValue={item.maxActivations}
+                        onChange={formik.handleChange}
+                      />
+                    </Col>
+                  </FormGroup>
+                </GluuTooltip>
+                <GluuTooltip doc_category={LICENSE} doc_entry="isLicenseActive">
+                  <FormGroup row>
+                    <GluuLabel label="fields.isLicenseActive" size={5} />
+                    <Col sm={7}>
+                      <GluuToogle
+                        id="licenseActive"
+                        name="licenseActive"
+                        formik={formik}
+                        value={item.licenseActive}
+                      />
+                    </Col>
+                  </FormGroup>
+                </GluuTooltip>
+                <FormGroup row></FormGroup>
+                <GluuCommitFooter saveHandler={toggle} />
+                <GluuCommitDialog
+                  handler={toggle}
+                  modal={modal}
+                  onAccept={submitForm}
+                  formik={formik}
+                />
+              </Form>
+            )}
+          </Formik>
+        </Accordion.Body>
+      </Accordion>
+    </>
+  )
+}
+
+export default LicenseDetailsForm
diff --git a/admin-ui/app/routes/License/LicenseDetailsForm.test.js b/admin-ui/app/routes/License/LicenseDetailsForm.test.js
new file mode 100644
index 000000000..3b12924f5
--- /dev/null
+++ b/admin-ui/app/routes/License/LicenseDetailsForm.test.js
@@ -0,0 +1,24 @@
+import React from 'react'
+import { render, screen } from '@testing-library/react'
+import LicenseDetailsForm from './LicenseDetailsForm'
+import license from "./license"
+import i18n from '../../i18n'
+import { I18nextProvider } from 'react-i18next'
+
+const Wrapper = ({ children }) => (
+  <I18nextProvider i18n={i18n}>{children}</I18nextProvider>
+)
+const permissions = [
+  'https://jans.io/oauth/config/attributes.readonly',
+  'https://jans.io/oauth/config/attributes.write',
+  'https://jans.io/oauth/config/attributes.delete',
+]
+const item = license
+it('Should render the license detail page properly', () => {
+  render(<LicenseDetailsForm item={item}  permissions={permissions} />, {
+    wrapper: Wrapper,
+  })
+  screen.getByText(/License Valid Upto/)
+  screen.getByText(/Maximum Activations/)
+  screen.getByText(/Is License Active/)
+})
diff --git a/admin-ui/app/routes/License/LicenseDetailsPage.js b/admin-ui/app/routes/License/LicenseDetailsPage.js
new file mode 100644
index 000000000..ccb5e5fb3
--- /dev/null
+++ b/admin-ui/app/routes/License/LicenseDetailsPage.js
@@ -0,0 +1,192 @@
+import React, { useEffect } from 'react'
+import { connect } from 'react-redux'
+import LicenseDetailsForm from './LicenseDetailsForm'
+import GluuRibbon from '../../routes/Apps/Gluu/GluuRibbon'
+import GluuFormDetailRow from '../../routes/Apps/Gluu/GluuFormDetailRow'
+import { LICENSE } from '../../utils/ApiResources'
+import {
+  getLicenseDetails,
+  updateLicenseDetails,
+} from '../../redux/actions/LicenseDetailsActions'
+import {
+  Card,
+  CardBody,
+  CardTitle,
+  Container,
+  FormGroup,
+  Row,
+  Col,
+} from '../../components'
+import {
+  buildPayload,
+} from '../../utils/PermChecker'
+import GluuLoader from '../../routes/Apps/Gluu/GluuLoader'
+import Alert from '@material-ui/lab/Alert'
+
+const FETCHING_LICENSE_DETAILS = 'Fetch license details'
+
+function LicenseDetailsPage({ item, loading, dispatch }) {
+  const userAction = {}
+  const options = {}
+
+  useEffect(() => {
+    buildPayload(userAction, FETCHING_LICENSE_DETAILS, options)
+    dispatch(getLicenseDetails({}))
+  }, [])
+
+  function formatDate(date) {
+    if(date == undefined) {
+      return '';
+    }
+    if(date.length > 10) {
+      return date.substring(0, 10);
+    }
+    return '';
+
+  }
+  return (
+    <React.Fragment>
+      <Card className="mb-3">
+        <CardBody>
+          <CardTitle tag="h6" className="mb-4">
+            <GluuRibbon title="fields.licenseDetails" doTranslate fromLeft />
+            <FormGroup row />
+            <FormGroup row />
+          </CardTitle>
+          <GluuLoader blocking={loading}>
+            {item.licenseEnabled ? (
+              <>
+                <Container style={{ backgroundColor: '#F5F5F5' }}>
+                  <Row>
+                    <Col sm={6}>
+                      <GluuFormDetailRow
+                        label="fields.productName"
+                        value={item.productName}
+                        isBadge={true}
+                        lsize={3}
+                        rsize={9}
+                        doc_entry="productName"
+                        doc_category={LICENSE}
+                      />
+                    </Col>
+                    <Col sm={6}>
+                      <GluuFormDetailRow
+                        label="fields.productCode"
+                        value={item.productCode}
+                        isBadge={true}
+                        lsize={3}
+                        rsize={9}
+                        doc_entry="productCode"
+                        doc_category={LICENSE}
+                      />
+                    </Col>
+                  </Row>
+                  <Row>
+                    <Col sm={6}>
+                      <GluuFormDetailRow
+                        label="fields.licenseType"
+                        value={item.licenseType}
+                        isBadge={true}
+                        lsize={3}
+                        rsize={9}
+                        doc_entry="licenseType"
+                        doc_category={LICENSE}
+                      />
+                    </Col>
+                    <Col sm={6}>
+                      <GluuFormDetailRow
+                        label="fields.licenseKey"
+                        value={item.licenseKey}
+                        isBadge={true}
+                        lsize={3}
+                        rsize={9}
+                        doc_entry="licenseKey"
+                        doc_category={LICENSE}
+                      />
+                    </Col>
+                  </Row>
+                  <Row>
+                    <Col sm={6}>
+                      <GluuFormDetailRow
+                        label="fields.customerEmail"
+                        value={item.customerEmail}
+                        isBadge={true}
+                        lsize={3}
+                        rsize={9}
+                        doc_entry="customerEmail"
+                        doc_category={LICENSE}
+                      />
+                    </Col>
+                    <Col sm={6}>
+                      <GluuFormDetailRow
+                        label="fields.customerName"
+                        value={
+                          item.customerFirstName + ' ' + item.customerLastName
+                        }
+                        isBadge={true}
+                        lsize={3}
+                        rsize={9}
+                        doc_entry="customerName"
+                        doc_category={LICENSE}
+                      />
+                    </Col>
+                  </Row>
+                  <Row>
+                    <Col sm={6}>
+                      <GluuFormDetailRow
+                        label="fields.companyName"
+                        value={item.companyName}
+                        isBadge={true}
+                        lsize={3}
+                        rsize={9}
+                        doc_entry="companyName"
+                        doc_category={LICENSE}
+                      />
+                    </Col>
+                    <Col sm={6}>
+                      <GluuFormDetailRow
+                        label="fields.validityPeriod"
+                        value={formatDate(item.validityPeriod)}
+                        isBadge={true}
+                        lsize={3}
+                        rsize={9}
+                        doc_entry="validityPeriod"
+                        doc_category={LICENSE}
+                      />
+                    </Col>
+                  </Row>
+                  <Row>
+                    <Col sm={6}>
+                      <GluuFormDetailRow
+                        label="fields.isLicenseActive"
+                        value={item.licenseActive ? 'Yes' : 'No'}
+                        isBadge={true}
+                        lsize={3}
+                        rsize={9}
+                        doc_entry="isLicenseActive"
+                        doc_category={LICENSE}
+                      />
+                    </Col>
+                  </Row>
+                </Container>
+              </>
+            ) : (
+              <Alert severity="warning">
+                {!loading &&
+                  'The License API is not enabled for this application.'}
+              </Alert>
+            )}
+          </GluuLoader>
+        </CardBody>
+      </Card>
+    </React.Fragment>
+  )
+}
+
+const mapStateToProps = (state) => {
+  return {
+    item: state.licenseDetailsReducer.item,
+    loading: state.licenseDetailsReducer.loading,
+  }
+}
+export default connect(mapStateToProps)(LicenseDetailsPage)
diff --git a/admin-ui/app/routes/License/LicenseDetailsPage.test.js b/admin-ui/app/routes/License/LicenseDetailsPage.test.js
new file mode 100644
index 000000000..73624d875
--- /dev/null
+++ b/admin-ui/app/routes/License/LicenseDetailsPage.test.js
@@ -0,0 +1,40 @@
+import React from 'react'
+import { render, screen } from '@testing-library/react'
+import LicenseDetailsPage from './LicenseDetailsPage'
+import { createStore, combineReducers } from 'redux'
+import { Provider } from 'react-redux'
+import i18n from '../../i18n'
+import { I18nextProvider } from 'react-i18next'
+import license from "./license"
+
+const permissions = [
+  'https://jans.io/oauth/config/attributes.readonly',
+  'https://jans.io/oauth/config/attributes.write',
+  'https://jans.io/oauth/config/attributes.delete',
+]
+const INIT_LICENSE_DETAIL_STATE = {
+  item: license,
+  loading: false,
+}
+const store = createStore(
+  combineReducers({
+    licenseDetailsReducer: (state = INIT_LICENSE_DETAIL_STATE) => state,
+    noReducer: (state = {}) => state,
+  }),
+)
+
+const Wrapper = ({ children }) => (
+  <I18nextProvider i18n={i18n}>
+    <Provider store={store}>{children}</Provider>
+  </I18nextProvider>
+)
+
+it('Should render the Custom Script add page properly', () => {
+  render(<LicenseDetailsPage />, { wrapper: Wrapper })
+  const key = license.licenseKey
+  screen.getByText(/Product Name/)
+  screen.getByText(/Product Code/)
+  screen.getByText(/License Type/)
+  screen.getByText(/License Key/)
+  screen.getByText(key)
+})
diff --git a/admin-ui/app/routes/License/license.js b/admin-ui/app/routes/License/license.js
new file mode 100644
index 000000000..571745aa1
--- /dev/null
+++ b/admin-ui/app/routes/License/license.js
@@ -0,0 +1,15 @@
+export const license = {
+  companyName: "Gluu",
+  customerEmail: "arnab@gluu.org",
+  customerFirstName: "Arnab",
+  customerLastName: "Dutta",
+  licenseActive: true,
+  licenseEnable: true,
+  licenseKey: "GFXJ-AB8B-YDJK-L4AD",
+  licenseType: "TIME_LIMITED",
+  maxActivations: 14,
+  productCode: "adminui001",
+  productName: "Gluu Admin UI",
+  validityPeriod: "2022-10-01T00:00Z",
+}
+export default license
\ No newline at end of file
diff --git a/admin-ui/app/routes/index.js b/admin-ui/app/routes/index.js
index 5672042a5..9ae0d7e04 100755
--- a/admin-ui/app/routes/index.js
+++ b/admin-ui/app/routes/index.js
@@ -5,6 +5,8 @@ import { useSelector } from 'react-redux'
 // ----------- Pages Imports ---------------
 import Reports from './Dashboards/Reports'
 import DashboardPage from './Dashboards/DashboardPage'
+import HealthPage from './Health/HealthPage'
+import LicenseDetailsPage from './License/LicenseDetailsPage'
 import NavbarOnly from './Layouts/NavbarOnly'
 import SidebarDefault from './Layouts/SidebarDefault'
 import SidebarA from './Layouts/SidebarA'
@@ -35,6 +37,8 @@ export const RoutedContent = () => {
     <Switch>
       <Redirect from="/" to="/home/dashboard" exact />
       <Route path="/home/dashboard" exact component={DashboardPage} />
+      <Route path="/home/health" exact component={HealthPage} />
+      <Route path="/home/licenseDetails" exact component={LicenseDetailsPage} />
       {/*    Layouts     */}
       <Route path="/layouts/navbar" component={NavbarOnly} />
       <Route path="/layouts/sidebar" component={SidebarDefault} />

From 94ea401c5b17f394a947a9ca668494d2b110123b Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Mon, 7 Mar 2022 16:25:06 +0530
Subject: [PATCH 020/101] feat: move health menu under Home menu #116

---
 admin-ui/app/redux/api/HealthApi.js                    | 1 -
 admin-ui/app/redux/sagas/LicenseDetailsSaga.js         | 1 +
 admin-ui/app/routes/License/LicenseDetailsForm.test.js | 1 +
 3 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/admin-ui/app/redux/api/HealthApi.js b/admin-ui/app/redux/api/HealthApi.js
index 193b96c93..89533c606 100644
--- a/admin-ui/app/redux/api/HealthApi.js
+++ b/admin-ui/app/redux/api/HealthApi.js
@@ -7,7 +7,6 @@ export default class HealthApi {
     return new Promise((resolve, reject) => {
       this.api.getAuthServerHealth((error, data) => {
         if (error) {
-          console.log(e);
           reject(error)
         } else {
           resolve(data)
diff --git a/admin-ui/app/redux/sagas/LicenseDetailsSaga.js b/admin-ui/app/redux/sagas/LicenseDetailsSaga.js
index 3d4b48399..baf8393c7 100644
--- a/admin-ui/app/redux/sagas/LicenseDetailsSaga.js
+++ b/admin-ui/app/redux/sagas/LicenseDetailsSaga.js
@@ -8,6 +8,7 @@ import { getClient } from '../../redux/api/base'
 import LicenseDetailsApi from '../api/LicenseDetailsApi'
 const JansConfigApi = require('jans_config_api')
 import { initAudit } from '../../redux/sagas/SagaUtils'
+import { postUserAction } from '../../redux/api/backend-api'
 import {
   isFourZeroOneError,
   addAdditionalData,
diff --git a/admin-ui/app/routes/License/LicenseDetailsForm.test.js b/admin-ui/app/routes/License/LicenseDetailsForm.test.js
index 3b12924f5..a69fcd9ca 100644
--- a/admin-ui/app/routes/License/LicenseDetailsForm.test.js
+++ b/admin-ui/app/routes/License/LicenseDetailsForm.test.js
@@ -18,6 +18,7 @@ it('Should render the license detail page properly', () => {
   render(<LicenseDetailsForm item={item}  permissions={permissions} />, {
     wrapper: Wrapper,
   })
+  expect(screen.getByText(/License Valid Upto/)).toBeInTheDocument()
   screen.getByText(/License Valid Upto/)
   screen.getByText(/Maximum Activations/)
   screen.getByText(/Is License Active/)

From 75d013879cc4d5d9b95e6fbdbb57dc1b591cb1bb Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Mon, 7 Mar 2022 16:44:23 +0530
Subject: [PATCH 021/101] feat: move health menu under Home menu #116

---
 .../Configuration/LicenseDetailsForm.js       | 120 -----------
 .../Configuration/LicenseDetailsForm.test.js  |  24 ---
 .../Configuration/LicenseDetailsPage.js       | 193 ------------------
 .../Configuration/LicenseDetailsPage.test.js  |  40 ----
 .../admin/components/Configuration/license.js |  15 --
 admin-ui/plugins/admin/plugin-metadata.js     |  15 --
 .../redux/actions/LicenseDetailsActions.js    |  26 ---
 .../admin/redux/api/LicenseDetailsApi.js      |  31 ---
 .../redux/reducers/LicenseDetailsReducer.js   |  54 -----
 .../admin/redux/sagas/LicenseDetailsSaga.js   |  73 -------
 10 files changed, 591 deletions(-)
 delete mode 100644 admin-ui/plugins/admin/components/Configuration/LicenseDetailsForm.js
 delete mode 100644 admin-ui/plugins/admin/components/Configuration/LicenseDetailsForm.test.js
 delete mode 100644 admin-ui/plugins/admin/components/Configuration/LicenseDetailsPage.js
 delete mode 100644 admin-ui/plugins/admin/components/Configuration/LicenseDetailsPage.test.js
 delete mode 100644 admin-ui/plugins/admin/components/Configuration/license.js
 delete mode 100644 admin-ui/plugins/admin/redux/actions/LicenseDetailsActions.js
 delete mode 100644 admin-ui/plugins/admin/redux/api/LicenseDetailsApi.js
 delete mode 100644 admin-ui/plugins/admin/redux/reducers/LicenseDetailsReducer.js
 delete mode 100644 admin-ui/plugins/admin/redux/sagas/LicenseDetailsSaga.js

diff --git a/admin-ui/plugins/admin/components/Configuration/LicenseDetailsForm.js b/admin-ui/plugins/admin/components/Configuration/LicenseDetailsForm.js
deleted file mode 100644
index 37465f020..000000000
--- a/admin-ui/plugins/admin/components/Configuration/LicenseDetailsForm.js
+++ /dev/null
@@ -1,120 +0,0 @@
-import React, { useEffect, useState } from 'react'
-import { useTranslation } from 'react-i18next'
-import DatePicker from 'react-datepicker'
-import GluuLabel from '../../../../app/routes/Apps/Gluu/GluuLabel'
-import GluuCommitFooter from '../../../../app/routes/Apps/Gluu/GluuCommitFooter'
-import GluuCommitDialog from '../../../../app/routes/Apps/Gluu/GluuCommitDialog'
-import GluuToogle from '../../../../app/routes/Apps/Gluu/GluuToogle'
-import { LICENSE } from '../../../../app/utils/ApiResources'
-import GluuTooltip from '../../../../app/routes/Apps/Gluu/GluuTooltip'
-import {
-  Col,
-  Form,
-  FormGroup,
-  CustomInput,
-  Accordion,
-} from '../../../../app/components'
-import { Formik } from 'formik'
-
-function LicenseDetailsForm({ item, handleSubmit }) {
-  const { t } = useTranslation()
-  const [validityPeriod, setValidityPeriod] = useState(
-    !!item.validityPeriod ? new Date(item.validityPeriod) : new Date(),
-  )
-  const [modal, setModal] = useState(false)
-
-  useEffect(() => {
-    setValidityPeriod(new Date(item.validityPeriod))
-  }, [item.validityPeriod])
-
-  function toggle() {
-    setModal(!modal)
-  }
-
-  function submitForm() {
-    toggle()
-    document.getElementsByClassName('UserActionSubmitButton')[0].click()
-  }
-
-  const initialValues = {
-    maxActivations: item.maxActivations,
-    licenseActive: item.licenseActive,
-    validityPeriod: item.validityPeriod,
-  }
-  return (
-    <>
-      <Accordion className="mb-2 b-primary" initialOpen>
-        <Accordion.Header className="text-primary">
-          {t('fields.licenseDetails').toUpperCase()}
-        </Accordion.Header>
-        <Accordion.Body>
-          <Formik
-            initialValues={initialValues}
-            onSubmit={(values) => {
-              values.validityPeriod = validityPeriod
-              handleSubmit(values)
-            }}
-          >
-            {(formik) => (
-              <Form onSubmit={formik.handleSubmit}>
-                <GluuTooltip doc_category={LICENSE} doc_entry="validityPeriod">
-                  <FormGroup row>
-                    <GluuLabel label="fields.validityPeriod" size={5} />
-                    <Col sm={7}>
-                      <DatePicker
-                        id="validityPeriod"
-                        name="validityPeriod"
-                        dateFormat="yyyy-MM-dd"
-                        selected={validityPeriod}
-                        dropdownMode="select"
-                        onChange={(date) => setValidityPeriod(date)}
-                      />
-                    </Col>
-                  </FormGroup>
-                </GluuTooltip>
-                <GluuTooltip doc_category={LICENSE} doc_entry="maxActivations">
-                  <FormGroup row>
-                    <GluuLabel label="fields.maxActivations" size={5} />
-                    <Col sm={7}>
-                      <CustomInput
-                        type="number"
-                        placeholder={t('fields.maxActivations')}
-                        id="maxActivations"
-                        name="maxActivations"
-                        defaultValue={item.maxActivations}
-                        onChange={formik.handleChange}
-                      />
-                    </Col>
-                  </FormGroup>
-                </GluuTooltip>
-                <GluuTooltip doc_category={LICENSE} doc_entry="isLicenseActive">
-                  <FormGroup row>
-                    <GluuLabel label="fields.isLicenseActive" size={5} />
-                    <Col sm={7}>
-                      <GluuToogle
-                        id="licenseActive"
-                        name="licenseActive"
-                        formik={formik}
-                        value={item.licenseActive}
-                      />
-                    </Col>
-                  </FormGroup>
-                </GluuTooltip>
-                <FormGroup row></FormGroup>
-                <GluuCommitFooter saveHandler={toggle} />
-                <GluuCommitDialog
-                  handler={toggle}
-                  modal={modal}
-                  onAccept={submitForm}
-                  formik={formik}
-                />
-              </Form>
-            )}
-          </Formik>
-        </Accordion.Body>
-      </Accordion>
-    </>
-  )
-}
-
-export default LicenseDetailsForm
diff --git a/admin-ui/plugins/admin/components/Configuration/LicenseDetailsForm.test.js b/admin-ui/plugins/admin/components/Configuration/LicenseDetailsForm.test.js
deleted file mode 100644
index 76deb4b27..000000000
--- a/admin-ui/plugins/admin/components/Configuration/LicenseDetailsForm.test.js
+++ /dev/null
@@ -1,24 +0,0 @@
-import React from 'react'
-import { render, screen } from '@testing-library/react'
-import LicenseDetailsForm from './LicenseDetailsForm'
-import license from "./license"
-import i18n from '../../../../app/i18n'
-import { I18nextProvider } from 'react-i18next'
-
-const Wrapper = ({ children }) => (
-  <I18nextProvider i18n={i18n}>{children}</I18nextProvider>
-)
-const permissions = [
-  'https://jans.io/oauth/config/attributes.readonly',
-  'https://jans.io/oauth/config/attributes.write',
-  'https://jans.io/oauth/config/attributes.delete',
-]
-const item = license
-it('Should render the license detail page properly', () => {
-  render(<LicenseDetailsForm item={item}  permissions={permissions} />, {
-    wrapper: Wrapper,
-  })
-  screen.getByText(/License Valid Upto/)
-  screen.getByText(/Maximum Activations/)
-  screen.getByText(/Is License Active/)
-})
diff --git a/admin-ui/plugins/admin/components/Configuration/LicenseDetailsPage.js b/admin-ui/plugins/admin/components/Configuration/LicenseDetailsPage.js
deleted file mode 100644
index 3199b0a20..000000000
--- a/admin-ui/plugins/admin/components/Configuration/LicenseDetailsPage.js
+++ /dev/null
@@ -1,193 +0,0 @@
-import React, { useEffect } from 'react'
-import { connect } from 'react-redux'
-import LicenseDetailsForm from './LicenseDetailsForm'
-import GluuRibbon from '../../../../app/routes/Apps/Gluu/GluuRibbon'
-import GluuFormDetailRow from '../../../../app/routes/Apps/Gluu/GluuFormDetailRow'
-import { LICENSE } from '../../../../app/utils/ApiResources'
-import {
-  getLicenseDetails,
-  updateLicenseDetails,
-} from '../../redux/actions/LicenseDetailsActions'
-import {
-  Card,
-  CardBody,
-  CardTitle,
-  Container,
-  FormGroup,
-  Row,
-  Col,
-} from '../../../../app/components'
-import {
-  buildPayload,
-} from '../../../../app/utils/PermChecker'
-import GluuLoader from '../../../../app/routes/Apps/Gluu/GluuLoader'
-import Alert from '@material-ui/lab/Alert'
-import {
-  FETCHING_LICENSE_DETAILS,
-} from '../../common/Constants'
-
-function LicenseDetailsPage({ item, loading, dispatch }) {
-  const userAction = {}
-  const options = {}
-
-  useEffect(() => {
-    buildPayload(userAction, FETCHING_LICENSE_DETAILS, options)
-    dispatch(getLicenseDetails({}))
-  }, [])
-
-  function formatDate(date) {
-    if(date == undefined) {
-      return '';
-    }
-    if(date.length > 10) {
-      return date.substring(0, 10);
-    }
-    return '';
-
-  }
-  return (
-    <React.Fragment>
-      <Card className="mb-3">
-        <CardBody>
-          <CardTitle tag="h6" className="mb-4">
-            <GluuRibbon title="fields.licenseDetails" doTranslate fromLeft />
-            <FormGroup row />
-            <FormGroup row />
-          </CardTitle>
-          <GluuLoader blocking={loading}>
-            {item.licenseEnabled ? (
-              <>
-                <Container style={{ backgroundColor: '#F5F5F5' }}>
-                  <Row>
-                    <Col sm={6}>
-                      <GluuFormDetailRow
-                        label="fields.productName"
-                        value={item.productName}
-                        isBadge={true}
-                        lsize={3}
-                        rsize={9}
-                        doc_entry="productName"
-                        doc_category={LICENSE}
-                      />
-                    </Col>
-                    <Col sm={6}>
-                      <GluuFormDetailRow
-                        label="fields.productCode"
-                        value={item.productCode}
-                        isBadge={true}
-                        lsize={3}
-                        rsize={9}
-                        doc_entry="productCode"
-                        doc_category={LICENSE}
-                      />
-                    </Col>
-                  </Row>
-                  <Row>
-                    <Col sm={6}>
-                      <GluuFormDetailRow
-                        label="fields.licenseType"
-                        value={item.licenseType}
-                        isBadge={true}
-                        lsize={3}
-                        rsize={9}
-                        doc_entry="licenseType"
-                        doc_category={LICENSE}
-                      />
-                    </Col>
-                    <Col sm={6}>
-                      <GluuFormDetailRow
-                        label="fields.licenseKey"
-                        value={item.licenseKey}
-                        isBadge={true}
-                        lsize={3}
-                        rsize={9}
-                        doc_entry="licenseKey"
-                        doc_category={LICENSE}
-                      />
-                    </Col>
-                  </Row>
-                  <Row>
-                    <Col sm={6}>
-                      <GluuFormDetailRow
-                        label="fields.customerEmail"
-                        value={item.customerEmail}
-                        isBadge={true}
-                        lsize={3}
-                        rsize={9}
-                        doc_entry="customerEmail"
-                        doc_category={LICENSE}
-                      />
-                    </Col>
-                    <Col sm={6}>
-                      <GluuFormDetailRow
-                        label="fields.customerName"
-                        value={
-                          item.customerFirstName + ' ' + item.customerLastName
-                        }
-                        isBadge={true}
-                        lsize={3}
-                        rsize={9}
-                        doc_entry="customerName"
-                        doc_category={LICENSE}
-                      />
-                    </Col>
-                  </Row>
-                  <Row>
-                    <Col sm={6}>
-                      <GluuFormDetailRow
-                        label="fields.companyName"
-                        value={item.companyName}
-                        isBadge={true}
-                        lsize={3}
-                        rsize={9}
-                        doc_entry="companyName"
-                        doc_category={LICENSE}
-                      />
-                    </Col>
-                    <Col sm={6}>
-                      <GluuFormDetailRow
-                        label="fields.validityPeriod"
-                        value={formatDate(item.validityPeriod)}
-                        isBadge={true}
-                        lsize={3}
-                        rsize={9}
-                        doc_entry="validityPeriod"
-                        doc_category={LICENSE}
-                      />
-                    </Col>
-                  </Row>
-                  <Row>
-                    <Col sm={6}>
-                      <GluuFormDetailRow
-                        label="fields.isLicenseActive"
-                        value={item.licenseActive ? 'Yes' : 'No'}
-                        isBadge={true}
-                        lsize={3}
-                        rsize={9}
-                        doc_entry="isLicenseActive"
-                        doc_category={LICENSE}
-                      />
-                    </Col>
-                  </Row>
-                </Container>
-              </>
-            ) : (
-              <Alert severity="warning">
-                {!loading &&
-                  'The License API is not enabled for this application.'}
-              </Alert>
-            )}
-          </GluuLoader>
-        </CardBody>
-      </Card>
-    </React.Fragment>
-  )
-}
-
-const mapStateToProps = (state) => {
-  return {
-    item: state.licenseDetailsReducer.item,
-    loading: state.licenseDetailsReducer.loading,
-  }
-}
-export default connect(mapStateToProps)(LicenseDetailsPage)
diff --git a/admin-ui/plugins/admin/components/Configuration/LicenseDetailsPage.test.js b/admin-ui/plugins/admin/components/Configuration/LicenseDetailsPage.test.js
deleted file mode 100644
index e855c3c56..000000000
--- a/admin-ui/plugins/admin/components/Configuration/LicenseDetailsPage.test.js
+++ /dev/null
@@ -1,40 +0,0 @@
-import React from 'react'
-import { render, screen } from '@testing-library/react'
-import LicenseDetailsPage from './LicenseDetailsPage'
-import { createStore, combineReducers } from 'redux'
-import { Provider } from 'react-redux'
-import i18n from '../../../../app/i18n'
-import { I18nextProvider } from 'react-i18next'
-import license from "./license"
-
-const permissions = [
-  'https://jans.io/oauth/config/attributes.readonly',
-  'https://jans.io/oauth/config/attributes.write',
-  'https://jans.io/oauth/config/attributes.delete',
-]
-const INIT_LICENSE_DETAIL_STATE = {
-  item: license,
-  loading: false,
-}
-const store = createStore(
-  combineReducers({
-    licenseDetailsReducer: (state = INIT_LICENSE_DETAIL_STATE) => state,
-    noReducer: (state = {}) => state,
-  }),
-)
-
-const Wrapper = ({ children }) => (
-  <I18nextProvider i18n={i18n}>
-    <Provider store={store}>{children}</Provider>
-  </I18nextProvider>
-)
-
-it('Should render the Custom Script add page properly', () => {
-  render(<LicenseDetailsPage />, { wrapper: Wrapper })
-  const key = license.licenseKey
-  screen.getByText(/Product Name/)
-  screen.getByText(/Product Code/)
-  screen.getByText(/License Type/)
-  screen.getByText(/License Key/)
-  screen.getByText(key)
-})
diff --git a/admin-ui/plugins/admin/components/Configuration/license.js b/admin-ui/plugins/admin/components/Configuration/license.js
deleted file mode 100644
index 571745aa1..000000000
--- a/admin-ui/plugins/admin/components/Configuration/license.js
+++ /dev/null
@@ -1,15 +0,0 @@
-export const license = {
-  companyName: "Gluu",
-  customerEmail: "arnab@gluu.org",
-  customerFirstName: "Arnab",
-  customerLastName: "Dutta",
-  licenseActive: true,
-  licenseEnable: true,
-  licenseKey: "GFXJ-AB8B-YDJK-L4AD",
-  licenseType: "TIME_LIMITED",
-  maxActivations: 14,
-  productCode: "adminui001",
-  productName: "Gluu Admin UI",
-  validityPeriod: "2022-10-01T00:00Z",
-}
-export default license
\ No newline at end of file
diff --git a/admin-ui/plugins/admin/plugin-metadata.js b/admin-ui/plugins/admin/plugin-metadata.js
index 270f7f258..47e1844a5 100644
--- a/admin-ui/plugins/admin/plugin-metadata.js
+++ b/admin-ui/plugins/admin/plugin-metadata.js
@@ -1,6 +1,5 @@
 import HealthPage from './components/Health/HealthPage'
 import ReportPage from './components/Reports/ReportPage'
-import LicenseDetailsPage from './components/Configuration/LicenseDetailsPage'
 import UiRoleListPage from './components/Roles/UiRoleListPage'
 import UiPermListPage from './components/Permissions/UiPermListPage'
 import MappingPage from './components/Mapping/MappingPage'
@@ -10,7 +9,6 @@ import CustomScriptEditPage from './components/CustomScripts/CustomScriptEditPag
 import SettingsPage from './components/Settings/SettingsPage'
 import MauGraph from './components/MAU/MauGraph'
 import scriptSaga from './redux/sagas/CustomScriptSaga'
-import licenseDetailsSaga from './redux/sagas/LicenseDetailsSaga'
 import apiRoleSaga from './redux/sagas/ApiRoleSaga'
 import apiPermissionSaga from './redux/sagas/ApiPermissionSaga'
 import mappingSaga from './redux/sagas/MappingSaga'
@@ -18,7 +16,6 @@ import mappingSaga from './redux/sagas/MappingSaga'
 import scriptReducer from './redux/reducers/CustomScriptReducer'
 import apiRoleReducer from './redux/reducers/ApiRoleReducer'
 import apiPermissionReducer from './redux/reducers/ApiPermissionReducer'
-import licenseDetailsReducer from './redux/reducers/LicenseDetailsReducer'
 import mappingReducer from './redux/reducers/MappingReducer'
 import {
   ACR_READ,
@@ -37,11 +34,6 @@ const pluginMetadata = {
       title: 'menus.adminui',
       icon: 'fa-cubes',
       children: [
-        {
-          title: 'menus.licenseDetails',
-          path: PLUGIN_BASE_APTH + '/licenseDetails',
-          permission: ACR_READ,
-        },
         {
           title: 'menus.config-api',
           children: [
@@ -131,22 +123,15 @@ const pluginMetadata = {
       path: PLUGIN_BASE_APTH + '/settings',
       permission: ACR_READ,
     },
-    {
-      component: LicenseDetailsPage,
-      path: PLUGIN_BASE_APTH + '/licenseDetails',
-      permission: ACR_READ,
-    },
   ],
   reducers: [
     { name: 'scriptReducer', reducer: scriptReducer },
     { name: 'apiRoleReducer', reducer: apiRoleReducer },
     { name: 'apiPermissionReducer', reducer: apiPermissionReducer },
-    { name: 'licenseDetailsReducer', reducer: licenseDetailsReducer },
     { name: 'mappingReducer', reducer: mappingReducer },
   ],
   sagas: [
     scriptSaga(),
-    licenseDetailsSaga(),
     apiRoleSaga(),
     apiPermissionSaga(),
     mappingSaga(),
diff --git a/admin-ui/plugins/admin/redux/actions/LicenseDetailsActions.js b/admin-ui/plugins/admin/redux/actions/LicenseDetailsActions.js
deleted file mode 100644
index 487377212..000000000
--- a/admin-ui/plugins/admin/redux/actions/LicenseDetailsActions.js
+++ /dev/null
@@ -1,26 +0,0 @@
-import {
-  GET_LICENSE_DETAILS,
-  GET_LICENSE_DETAILS_RESPONSE,
-  UPDATE_LICENSE_DETAILS,
-  UPDATE_LICENSE_DETAILS_RESPONSE,
-} from './types'
-
-export const getLicenseDetails = (action) => ({
-  type: GET_LICENSE_DETAILS,
-  payload: { action },
-})
-
-export const getLicenseDetailsResponse = (data) => ({
-  type: GET_LICENSE_DETAILS_RESPONSE,
-  payload: { data },
-})
-
-export const updateLicenseDetails = (action) => ({
-  type: UPDATE_LICENSE_DETAILS,
-  payload: { action },
-})
-
-export const updateLicenseDetailsResponse = (data) => ({
-  type: UPDATE_LICENSE_DETAILS_RESPONSE,
-  payload: { data },
-})
\ No newline at end of file
diff --git a/admin-ui/plugins/admin/redux/api/LicenseDetailsApi.js b/admin-ui/plugins/admin/redux/api/LicenseDetailsApi.js
deleted file mode 100644
index 3c8f604eb..000000000
--- a/admin-ui/plugins/admin/redux/api/LicenseDetailsApi.js
+++ /dev/null
@@ -1,31 +0,0 @@
-export default class LicenseDetailsApi {
-  constructor(api) {
-    this.api = api
-  }
-
-  getLicenseDetails = () => {
-    return new Promise((resolve, reject) => {
-      this.api.getAdminuiLicense((error, data) => {
-        this.handleResponse(error, reject, resolve, data)
-      })
-    })
-  }
-
-  updateLicenseDetails = (data) => {
-    const options = {}
-    options['licenseRequest'] = data
-    return new Promise((resolve, reject) => {
-      this.api.editAdminuiLicense(options, (error, options) => {
-        this.handleResponse(error, reject, resolve, data)
-      })
-    })
-  }
-
-  handleResponse(error, reject, resolve, data) {
-    if (error) {
-      reject(error)
-    } else {
-      resolve(data)
-    }
-  }
-}
\ No newline at end of file
diff --git a/admin-ui/plugins/admin/redux/reducers/LicenseDetailsReducer.js b/admin-ui/plugins/admin/redux/reducers/LicenseDetailsReducer.js
deleted file mode 100644
index 4f40aae7f..000000000
--- a/admin-ui/plugins/admin/redux/reducers/LicenseDetailsReducer.js
+++ /dev/null
@@ -1,54 +0,0 @@
-import { GET_LICENSE_DETAILS, GET_LICENSE_DETAILS_RESPONSE, UPDATE_LICENSE_DETAILS, UPDATE_LICENSE_DETAILS_RESPONSE } from '../actions/types'
-import reducerRegistry from '../../../../app/redux/reducers/ReducerRegistry'
-const INIT_STATE = {
-  item: {},
-  loading: true,
-}
-
-const reducerName = 'licenseDetailsReducer'
-
-export default function licenseDetailsReducer(state = INIT_STATE, action) {
-  switch (action.type) {
-    case GET_LICENSE_DETAILS:
-      return {
-        ...state,
-        loading: true,
-      }
-    case GET_LICENSE_DETAILS_RESPONSE:
-      if (action.payload.data) {
-        return {
-          ...state,
-          item: action.payload.data,
-          loading: false,
-        }
-      } else {
-        return {
-          ...state,
-          loading: false,
-        }
-      }
-    case UPDATE_LICENSE_DETAILS:
-      return {
-        ...state,
-        loading: true,
-      }
-    case UPDATE_LICENSE_DETAILS_RESPONSE:
-      if (action.payload.data) {
-        return {
-          ...state,
-          items: action.payload.data,
-          loading: false,
-        }
-      } else {
-        return {
-          ...state,
-          loading: false,
-        }
-      }
-    default:
-      return {
-        ...state,
-      }
-  }
-}
-reducerRegistry.register(reducerName, licenseDetailsReducer)
diff --git a/admin-ui/plugins/admin/redux/sagas/LicenseDetailsSaga.js b/admin-ui/plugins/admin/redux/sagas/LicenseDetailsSaga.js
deleted file mode 100644
index 6f4f5a573..000000000
--- a/admin-ui/plugins/admin/redux/sagas/LicenseDetailsSaga.js
+++ /dev/null
@@ -1,73 +0,0 @@
-import { all, call, fork, put, takeEvery, select } from 'redux-saga/effects'
-import { GET_LICENSE_DETAILS, UPDATE_LICENSE_DETAILS } from '../actions/types'
-import {
-  getLicenseDetailsResponse,
-  updateLicenseDetailsResponse,
-} from '../actions/LicenseDetailsActions'
-import { getClient } from '../../../../app/redux/api/base'
-import LicenseDetailsApi from '../api/LicenseDetailsApi'
-const JansConfigApi = require('jans_config_api')
-import { initAudit } from '../../../../app/redux/sagas/SagaUtils'
-import {
-  isFourZeroOneError,
-  addAdditionalData,
-} from '../../../../app/utils/TokenController'
-import { getAPIAccessToken } from '../../../../app/redux/actions/AuthActions'
-
-function* newFunction() {
-  const token = yield select((state) => state.authReducer.token.access_token)
-  const issuer = yield select((state) => state.authReducer.issuer)
-  const api = new JansConfigApi.AdminUILicenseApi(
-    getClient(JansConfigApi, token, issuer),
-  )
-  return new LicenseDetailsApi(api)
-}
-
-
-export function* getLicenseDetailsWorker({ payload }) {
-  const audit = yield* initAudit()
-  try {
-    //addAdditionalData(audit, FETCH, GET_LICENSE_DETAILS, payload)
-    const licenseApi = yield* newFunction()
-    const data = yield call(licenseApi.getLicenseDetails)
-    yield put(getLicenseDetailsResponse(data))
-    yield call(postUserAction, audit)
-  } catch (e) {
-    yield put(getLicenseDetailsResponse(null))
-    if (isFourZeroOneError(e)) {
-      const jwt = yield select((state) => state.authReducer.userinfo_jwt)
-      yield put(getAPIAccessToken(jwt))
-    }
-  }
-}
-
-export function* updateLicenseDetailsWorker({ payload }) {
-  const audit = yield* initAudit()
-  try {
-    //addAdditionalData(audit, UPDATE, UPDATE_LICENSE_DETAILS, payload)
-    const roleApi = yield* newFunction()
-    const data = yield call(roleApi.updateLicenseDetails, payload.action.action_data)
-    yield put(updateLicenseDetailsResponse(data))
-    yield call(postUserAction, audit)
-  } catch (e) {
-    yield put(updateLicenseDetailsResponse(null))
-    if (isFourZeroOneError(e)) {
-      const jwt = yield select((state) => state.authReducer.userinfo_jwt)
-      yield put(getAPIAccessToken(jwt))
-    }
-  }
-}
-
-
-export function* getLicenseWatcher() {
-
-  yield takeEvery(GET_LICENSE_DETAILS, getLicenseDetailsWorker)
-}
-
-export function* updateLicenseWatcher() {
-  yield takeEvery(UPDATE_LICENSE_DETAILS, updateLicenseDetailsWorker)
-}
-
-export default function* rootSaga() {
-  yield all([fork(getLicenseWatcher), fork(updateLicenseWatcher)])
-}
\ No newline at end of file

From 9f8008b6d05e5b387795044a8d4cd06026b5b606 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Mon, 7 Mar 2022 16:57:03 +0530
Subject: [PATCH 022/101] feat: relocating burger menu button

---
 .../SidebarTrigger/SidebarTrigger.js          | 63 +++++++++++++------
 .../app/layout/components/DefaultSidebar.js   |  1 +
 2 files changed, 45 insertions(+), 19 deletions(-)

diff --git a/admin-ui/app/components/SidebarTrigger/SidebarTrigger.js b/admin-ui/app/components/SidebarTrigger/SidebarTrigger.js
index 652d95f70..4235a93d6 100755
--- a/admin-ui/app/components/SidebarTrigger/SidebarTrigger.js
+++ b/admin-ui/app/components/SidebarTrigger/SidebarTrigger.js
@@ -1,32 +1,57 @@
-import React from 'react';
-import { NavLink } from 'reactstrap';
-import PropTypes from 'prop-types';
-import { withPageConfig } from './../Layout';
+import React, { useState, useEffect } from 'react'
+import { NavLink } from 'reactstrap'
+import PropTypes from 'prop-types'
+import { withPageConfig } from './../Layout'
 
 const SidebarTrigger = (props) => {
-  const { tag: Tag, pageConfig, ...otherProps } = props;
+  const { tag: Tag, pageConfig, ...otherProps } = props
+  const [showCollapse, setShowCollapse] = useState(
+    window.matchMedia('(max-width: 992px)').matches,
+  )
+  useEffect(() => {
+    window
+      .matchMedia('(max-width: 768px)')
+      .addEventListener('change', (e) => setShowCollapse(e.matches))
+  }, [])
   return (
     <Tag
-      onClick={ () => { props.pageConfig.toggleSidebar(); return false; } }
-      active={ Tag !== 'a' ? !pageConfig.sidebarCollapsed : undefined }
-      { ...otherProps }
+      onClick={() => {
+        props.pageConfig.toggleSidebar()
+        return false
+      }}
+      active={Tag !== 'a' ? !pageConfig.sidebarCollapsed : undefined}
+      {...otherProps}
     >
-      {pageConfig.sidebarCollapsed && <i className="fa fa-bars fa-fw fa-2x" style={{color: 'white', cursor: 'pointer'}}></i>}
-      {!pageConfig.sidebarCollapsed && <i className="fa fa-times fa-fw fa-2x" style={{color: 'white', cursor: 'pointer'}}></i>}
+      {pageConfig.sidebarCollapsed && (
+        <i
+          className="fa fa-bars fa-fw fa-2x"
+          style={{
+            color: props.color ? props.color : 'white',
+            cursor: 'pointer',
+          }}
+        ></i>
+      )}
+      {!pageConfig.sidebarCollapsed && (
+        <i
+          className="fa fa-times fa-fw fa-2x"
+          style={{
+            color: props.color ? props.color : 'white',
+            cursor: 'pointer',
+          }}
+        ></i>
+      )}
     </Tag>
-  );
-};
+  )
+}
 SidebarTrigger.propTypes = {
   tag: PropTypes.any,
   children: PropTypes.node,
-  pageConfig: PropTypes.object
-};
+  pageConfig: PropTypes.object,
+}
 SidebarTrigger.defaultProps = {
   tag: NavLink,
-};
+}
 
-const cfgSidebarTrigger = withPageConfig(SidebarTrigger);
+const cfgSidebarTrigger = withPageConfig(SidebarTrigger)
 
-export {
-  cfgSidebarTrigger as SidebarTrigger
-};
+export { cfgSidebarTrigger as SidebarTrigger }
diff --git a/admin-ui/app/layout/components/DefaultSidebar.js b/admin-ui/app/layout/components/DefaultSidebar.js
index 09a5de432..46fc066d8 100755
--- a/admin-ui/app/layout/components/DefaultSidebar.js
+++ b/admin-ui/app/layout/components/DefaultSidebar.js
@@ -16,6 +16,7 @@ export const DefaultSidebar = () => (
 
     {/* START SIDEBAR: Only for Desktop */}
     <Sidebar.HideSlim>
+      <SidebarTrigger id="navToggleBtn" color={'#00a361'} />
       <Sidebar.Section>
         <Link to="/" className="sidebar__brand">
           <LogoThemed checkBackground />

From 40d02769f673cb658c87b365e900011027e475f1 Mon Sep 17 00:00:00 2001
From: Jose <bonustrack310@gmail.com>
Date: Mon, 7 Mar 2022 07:33:59 -0500
Subject: [PATCH 023/101] chore: minor refactoring

---
 .../java/org/gluu/casa/core/pojo/FidoDevice.java   |  3 +--
 .../java/org/gluu/casa/core/pojo/SecurityKey.java  |  8 --------
 .../authnmethod/service/U2fClientCodes.java        | 14 --------------
 3 files changed, 1 insertion(+), 24 deletions(-)
 delete mode 100644 casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/service/U2fClientCodes.java

diff --git a/casa/app/src/main/java/org/gluu/casa/core/pojo/FidoDevice.java b/casa/app/src/main/java/org/gluu/casa/core/pojo/FidoDevice.java
index b5b6e9ce1..c283133f4 100644
--- a/casa/app/src/main/java/org/gluu/casa/core/pojo/FidoDevice.java
+++ b/casa/app/src/main/java/org/gluu/casa/core/pojo/FidoDevice.java
@@ -3,8 +3,7 @@
 import java.util.Date;
 
 /**
- * Represents a registered credential of u2f type.
- * @author jgomer
+ * Represents a fido registered credential
  */
 public class FidoDevice extends RegisteredCredential implements Comparable<FidoDevice> {
 
diff --git a/casa/app/src/main/java/org/gluu/casa/core/pojo/SecurityKey.java b/casa/app/src/main/java/org/gluu/casa/core/pojo/SecurityKey.java
index cd812214e..783affcbb 100644
--- a/casa/app/src/main/java/org/gluu/casa/core/pojo/SecurityKey.java
+++ b/casa/app/src/main/java/org/gluu/casa/core/pojo/SecurityKey.java
@@ -1,12 +1,4 @@
 package org.gluu.casa.core.pojo;
 
-
-/**
- * Created by jgomer on 2017-07-25.
- * Represents a registered credential corresponding to a fido u2f security key
- */
 public class SecurityKey extends FidoDevice {
-
-    public SecurityKey() { }
-
 }
diff --git a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/service/U2fClientCodes.java b/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/service/U2fClientCodes.java
deleted file mode 100644
index ee4b29204..000000000
--- a/casa/app/src/main/java/org/gluu/casa/plugins/authnmethod/service/U2fClientCodes.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.gluu.casa.plugins.authnmethod.service;
-
-/**
- * Created by jgomer on 2017-07-24.
- * An enumeration that holds the response codes that a u2f device registration request may output
- */
-public enum U2fClientCodes {
-    OTHER_ERROR, BAD_REQUEST, CONFIGURATION_UNSUPPORTED, DEVICE_INELIGIBLE, TIMEOUT;
-
-    public static U2fClientCodes get(int ord) {
-        return U2fClientCodes.values()[ord-1];
-    }
-
-}

From 2bad15129bc0443a0731c206f3c69a9d57c064ea Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Mon, 7 Mar 2022 12:38:30 +0000
Subject: [PATCH 024/101] chore: update admin ui version

---
 docker-admin-ui/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile
index 9684dfe4d..584f80f8a 100644
--- a/docker-admin-ui/Dockerfile
+++ b/docker-admin-ui/Dockerfile
@@ -28,7 +28,7 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 # TODO:
 # - use NODE_ENV=production
 # - download build package (not git clone)
-ENV ADMIN_UI_VERSION=51fe9e12269a9882a63f1a4d4dc1a3f537b204b6
+ENV ADMIN_UI_VERSION=11927ed4f036d7199d5340cf230100234c6aaaab
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the admin-ui code

From f780e0425ca36060f9dfbee4189a2b851e76b2b7 Mon Sep 17 00:00:00 2001
From: iromli <isman.firmansyah@gmail.com>
Date: Tue, 8 Mar 2022 12:40:21 +0700
Subject: [PATCH 025/101] chore: update admin-ui source

---
 docker-admin-ui/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile
index 584f80f8a..fe5dc690a 100644
--- a/docker-admin-ui/Dockerfile
+++ b/docker-admin-ui/Dockerfile
@@ -28,7 +28,7 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 # TODO:
 # - use NODE_ENV=production
 # - download build package (not git clone)
-ENV ADMIN_UI_VERSION=11927ed4f036d7199d5340cf230100234c6aaaab
+ENV ADMIN_UI_VERSION=303e707061773ba33bec74ecb3a78f5de0539e24
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the admin-ui code

From 5f7a3934a57f08f363075b5c5c8cb9d98f4e372d Mon Sep 17 00:00:00 2001
From: iromli <isman.firmansyah@gmail.com>
Date: Tue, 8 Mar 2022 12:40:34 +0700
Subject: [PATCH 026/101] chore: update dependencies

- base image pinned to liberica-openjre-alpine:11.0.13-8
- updated casa source
---
 docker-casa/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-casa/Dockerfile b/docker-casa/Dockerfile
index c96fb8abe..6a6efd22a 100644
--- a/docker-casa/Dockerfile
+++ b/docker-casa/Dockerfile
@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjre-alpine:11
+FROM bellsoft/liberica-openjre-alpine:11.0.13-8
 
 # ===============
 # Alpine packages
@@ -35,7 +35,7 @@ EXPOSE 8080
 # ====
 
 ENV GLUU_VERSION=5.0.0-SNAPSHOT
-ENV GLUU_BUILD_DATE='2022-02-28 21:45'
+ENV GLUU_BUILD_DATE='2022-03-02 11:52'
 ENV GLUU_SOURCE_URL=https://jenkins.gluu.org/maven/org/gluu/casa/${GLUU_VERSION}/casa-${GLUU_VERSION}.war
 
 # Install Casa

From 62ab2fa0db473bad52888bb7a062f1aba801ca50 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Tue, 8 Mar 2022 12:12:11 +0530
Subject: [PATCH 027/101] feat: change collapse option location

---
 .../SidebarTrigger/SidebarTrigger.js           | 13 +++----------
 .../app/layout/components/DefaultSidebar.js    |  7 ++++++-
 admin-ui/app/routes/Apps/Gluu/GluuNavBar.js    | 18 ++++++++++++++----
 3 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/admin-ui/app/components/SidebarTrigger/SidebarTrigger.js b/admin-ui/app/components/SidebarTrigger/SidebarTrigger.js
index 4235a93d6..7c7df3692 100755
--- a/admin-ui/app/components/SidebarTrigger/SidebarTrigger.js
+++ b/admin-ui/app/components/SidebarTrigger/SidebarTrigger.js
@@ -1,18 +1,11 @@
-import React, { useState, useEffect } from 'react'
+import React from 'react'
 import { NavLink } from 'reactstrap'
 import PropTypes from 'prop-types'
 import { withPageConfig } from './../Layout'
 
 const SidebarTrigger = (props) => {
   const { tag: Tag, pageConfig, ...otherProps } = props
-  const [showCollapse, setShowCollapse] = useState(
-    window.matchMedia('(max-width: 992px)').matches,
-  )
-  useEffect(() => {
-    window
-      .matchMedia('(max-width: 768px)')
-      .addEventListener('change', (e) => setShowCollapse(e.matches))
-  }, [])
+
   return (
     <Tag
       onClick={() => {
@@ -31,7 +24,7 @@ const SidebarTrigger = (props) => {
           }}
         ></i>
       )}
-      {!pageConfig.sidebarCollapsed && (
+      {!pageConfig.sidebarCollapsed && !props.showCollapseonly && (
         <i
           className="fa fa-times fa-fw fa-2x"
           style={{
diff --git a/admin-ui/app/layout/components/DefaultSidebar.js b/admin-ui/app/layout/components/DefaultSidebar.js
index 46fc066d8..2363114e8 100755
--- a/admin-ui/app/layout/components/DefaultSidebar.js
+++ b/admin-ui/app/layout/components/DefaultSidebar.js
@@ -16,8 +16,8 @@ export const DefaultSidebar = () => (
 
     {/* START SIDEBAR: Only for Desktop */}
     <Sidebar.HideSlim>
-      <SidebarTrigger id="navToggleBtn" color={'#00a361'} />
       <Sidebar.Section>
+        <SidebarTrigger id="navToggleBtn" color={'#8492a5'} />
         <Link to="/" className="sidebar__brand">
           <LogoThemed checkBackground />
         </Link>
@@ -31,6 +31,11 @@ export const DefaultSidebar = () => (
     <Sidebar.MobileFluid>
       {/* <SidebarTopA /> */}
       <Sidebar.Section fluid cover>
+        <SidebarTrigger
+          id="navToggleBtn"
+          color={'#8492a5'}
+          showCollapseonly={true}
+        />
         {/* SIDEBAR: Menu */}
         <GluuAppSidebar />
       </Sidebar.Section>
diff --git a/admin-ui/app/routes/Apps/Gluu/GluuNavBar.js b/admin-ui/app/routes/Apps/Gluu/GluuNavBar.js
index fb4b3ed92..609d2c4a3 100755
--- a/admin-ui/app/routes/Apps/Gluu/GluuNavBar.js
+++ b/admin-ui/app/routes/Apps/Gluu/GluuNavBar.js
@@ -1,4 +1,4 @@
-import React from 'react'
+import React, { useState, useEffect } from 'react'
 import PropTypes from 'prop-types'
 import {
   Avatar,
@@ -20,6 +20,14 @@ import GluuErrorFallBack from './GluuErrorFallBack'
 
 function GluuNavBar({ themeColor, themeStyle, userinfo }) {
   const userInfo = userinfo ? userinfo : {}
+  const [showCollapse, setShowCollapse] = useState(
+    window.matchMedia('(max-width: 992px)').matches,
+  )
+  useEffect(() => {
+    window
+      .matchMedia('(max-width: 992px)')
+      .addEventListener('change', (e) => setShowCollapse(e.matches))
+  }, [])
   return (
     <ErrorBoundary FallbackComponent={GluuErrorFallBack}>
       <NavbarThemeProvider
@@ -29,9 +37,11 @@ function GluuNavBar({ themeColor, themeStyle, userinfo }) {
       >
         <Navbar expand="lg" themed>
           <Nav>
-            <NavItem className="mr-3">
-              <SidebarTrigger id="navToggleBtn" />
-            </NavItem>
+            {showCollapse && (
+              <NavItem className="mr-3">
+                <SidebarTrigger id="navToggleBtn" />
+              </NavItem>
+            )}
           </Nav>
           <Nav className="ml-auto" pills>
             {/*<NavbarMessages  />*/}

From 5299b5a43bb7316b1c54d4528b608d235f0c0740 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Tue, 8 Mar 2022 12:54:30 +0530
Subject: [PATCH 028/101] feat: centre aligned x

---
 admin-ui/app/layout/components/DefaultSidebar.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/admin-ui/app/layout/components/DefaultSidebar.js b/admin-ui/app/layout/components/DefaultSidebar.js
index 2363114e8..8dc9c7dde 100755
--- a/admin-ui/app/layout/components/DefaultSidebar.js
+++ b/admin-ui/app/layout/components/DefaultSidebar.js
@@ -17,7 +17,9 @@ export const DefaultSidebar = () => (
     {/* START SIDEBAR: Only for Desktop */}
     <Sidebar.HideSlim>
       <Sidebar.Section>
-        <SidebarTrigger id="navToggleBtn" color={'#8492a5'} />
+        <div style={{ textAlign: 'center' }}>
+          <SidebarTrigger id="navToggleBtn" color={'#8492a5'} />
+        </div>
         <Link to="/" className="sidebar__brand">
           <LogoThemed checkBackground />
         </Link>

From abf4f1accfa49aad88a2232a902d37d16d798c84 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 8 Mar 2022 08:08:50 +0000
Subject: [PATCH 029/101] chore: update version

---
 docker-admin-ui/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile
index fe5dc690a..bfcc984c1 100644
--- a/docker-admin-ui/Dockerfile
+++ b/docker-admin-ui/Dockerfile
@@ -28,7 +28,7 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 # TODO:
 # - use NODE_ENV=production
 # - download build package (not git clone)
-ENV ADMIN_UI_VERSION=303e707061773ba33bec74ecb3a78f5de0539e24
+ENV ADMIN_UI_VERSION=415facf22ab3a4f98886139578aad78fbd4b19c1
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the admin-ui code

From 8d610898337ca88b685777e672c57ff49218f01c Mon Sep 17 00:00:00 2001
From: iromli <isman.firmansyah@gmail.com>
Date: Thu, 10 Mar 2022 02:20:26 +0700
Subject: [PATCH 030/101] refactor: use archived casa.war to avoid
 hot-deployment issue

---
 docker-casa/Dockerfile            | 25 +++++++++++++------------
 docker-casa/jetty/casa.xml        | 11 +++++++++++
 docker-casa/scripts/entrypoint.sh |  1 +
 3 files changed, 25 insertions(+), 12 deletions(-)
 create mode 100644 docker-casa/jetty/casa.xml

diff --git a/docker-casa/Dockerfile b/docker-casa/Dockerfile
index 6a6efd22a..498f12efb 100644
--- a/docker-casa/Dockerfile
+++ b/docker-casa/Dockerfile
@@ -7,7 +7,7 @@ FROM bellsoft/liberica-openjre-alpine:11.0.13-8
 RUN apk update \
     && apk add --no-cache py3-pip openssl tini py3-cryptography py3-lxml py3-psycopg2 \
     && apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/v3.15/community py3-grpcio \
-    && apk add --no-cache --virtual build-deps git wget \
+    && apk add --no-cache --virtual build-deps git wget zip \
     && mkdir -p /usr/java/latest \
     && ln -sf /usr/lib/jvm/jre /usr/java/latest/jre
 
@@ -35,16 +35,19 @@ EXPOSE 8080
 # ====
 
 ENV GLUU_VERSION=5.0.0-SNAPSHOT
-ENV GLUU_BUILD_DATE='2022-03-02 11:52'
+ENV GLUU_BUILD_DATE='2022-03-08 12:42'
 ENV GLUU_SOURCE_URL=https://jenkins.gluu.org/maven/org/gluu/casa/${GLUU_VERSION}/casa-${GLUU_VERSION}.war
 
 # Install Casa
-RUN wget -q ${GLUU_SOURCE_URL} -O /tmp/casa.war \
-    && mkdir -p ${JETTY_BASE}/casa/webapps/casa \
-    && unzip -qq /tmp/casa.war -d ${JETTY_BASE}/casa/webapps/casa \
+COPY jetty/jetty-env.xml /tmp/WEB-INF/jetty-env.xml
+RUN mkdir -p ${JETTY_BASE}/casa/webapps \
+    && wget -q ${GLUU_SOURCE_URL} -O /tmp/casa.war \
+    && cd /tmp \
+    && zip -d casa.war WEB-INF/jetty-web.xml \
+    && zip -r casa.war WEB-INF/jetty-env.xml \
+    && cp casa.war ${JETTY_BASE}/casa/webapps/casa.war \
     && java -jar ${JETTY_HOME}/start.jar jetty.home=${JETTY_HOME} jetty.base=${JETTY_BASE}/casa --add-module=server,deploy,resources,http,jsp,cdi-decorate \
-    && rm -f /tmp/casa.war \
-    && rm -f ${JETTY_BASE}/casa/webapps/casa/WEB-INF/jetty-web.xml
+    && rm -rf /tmp/casa.war /tmp/WEB-INF
 
 # ======
 # Python
@@ -65,8 +68,7 @@ RUN apk del build-deps \
 # License
 # =======
 
-RUN mkdir -p /licenses
-COPY LICENSE /licenses/
+COPY LICENSE /licenses/LICENSE
 
 # ==========
 # Config ENV
@@ -166,10 +168,9 @@ RUN mkdir -p /etc/certs \
     /opt/jans/python/libs \
     /opt/jans/jetty/casa/static \
     /opt/jans/jetty/casa/plugins \
-    /app/templates \
-    /app/tmp
+    /opt/jetty/temp
 
-COPY jetty/jetty-env.xml ${JETTY_BASE}/casa/webapps/casa/WEB-INF/
+COPY jetty/casa.xml ${JETTY_BASE}/casa/webapps/
 COPY jetty/log4j2.xml ${JETTY_BASE}/casa/resources/
 COPY jetty/casa_web_resources.xml ${JETTY_BASE}/casa/webapps/
 COPY templates /app/templates/
diff --git a/docker-casa/jetty/casa.xml b/docker-casa/jetty/casa.xml
new file mode 100644
index 000000000..d572f8055
--- /dev/null
+++ b/docker-casa/jetty/casa.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0"  encoding="ISO-8859-1"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_10_0.dtd">
+
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+    <Set name="contextPath">/casa</Set>
+    <Set name="war">
+        <Property name="jetty.webapps" default="." />/casa.war
+    </Set>
+    <Set name="extractWAR">true</Set>
+    <!-- <Set name="extraClasspath">%(extra_classpath)s</Set> -->
+</Configure>
diff --git a/docker-casa/scripts/entrypoint.sh b/docker-casa/scripts/entrypoint.sh
index 8ae4d5ac1..19c890013 100644
--- a/docker-casa/scripts/entrypoint.sh
+++ b/docker-casa/scripts/entrypoint.sh
@@ -42,6 +42,7 @@ exec java \
     -Dserver.base=/opt/jans/jetty/casa \
     -Dlog.base=/opt/jans/jetty/casa \
     -Dpython.home=/opt/jython \
+    -Djava.io.tmpdir=/opt/jetty/temp \
     -Dlog4j2.configurationFile=resources/log4j2.xml \
     ${CN_JAVA_OPTIONS} \
     -jar /opt/jetty/start.jar

From 9b3e463dd77827c9d4dcad58c4c9182dbcec8fa8 Mon Sep 17 00:00:00 2001
From: iromli <isman.firmansyah@gmail.com>
Date: Thu, 10 Mar 2022 02:21:06 +0700
Subject: [PATCH 031/101] chore: conform to log4j2 appender name

---
 docker-casa/jetty/log4j2.xml     |  6 +++---
 docker-casa/scripts/bootstrap.py | 11 ++++++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/docker-casa/jetty/log4j2.xml b/docker-casa/jetty/log4j2.xml
index 437739f06..ee40eb038 100644
--- a/docker-casa/jetty/log4j2.xml
+++ b/docker-casa/jetty/log4j2.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Configuration status="ERROR">
     <Appenders>
-        <Console name="STDOUT" target="SYSTEM_OUT">
+        <Console name="Console" target="SYSTEM_OUT">
             <PatternLayout pattern="%d{dd-MM HH:mm:ss.SSS} %-5p %C{4} %F:%L- %m%n" />
         </Console>
         <RollingFile name="LOG_FILE" fileName="${sys:log.base}/logs/casa.log" filePattern="${sys:log.base}/logs/casa-%d{yyyy-MM-dd}-%i.log">
@@ -24,12 +24,12 @@
         <Logger name="org.gluu.casa.timer" level="$timer_log_level" additivity="false">
             <AppenderRef ref="$timer_log_target" />
         </Logger>
-        <Logger name="org.gluu.casa" level="$casa_log_level">
+        <Logger name="org.gluu.casa" level="$casa_log_level" additivity="false">
             <!-- Configuration of this logger is tightly coupled with class org.gluu.casa.core.LogService -->
             <AppenderRef ref="$casa_log_target" />
         </Logger>
         <Root level="ERROR">
-            <AppenderRef ref="STDOUT" />
+            <AppenderRef ref="Console" />
         </Root>
     </Loggers>
 
diff --git a/docker-casa/scripts/bootstrap.py b/docker-casa/scripts/bootstrap.py
index bb66ea950..e64ca77f7 100644
--- a/docker-casa/scripts/bootstrap.py
+++ b/docker-casa/scripts/bootstrap.py
@@ -114,9 +114,14 @@ def configure_logging():
         "casa_log_target": "LOG_FILE",
         "timer_log_target": "TIMERS_FILE",
     }
-    for key, value in file_aliases.items():
-        if config[key] == "FILE":
-            config[key] = value
+    for key, value in config.items():
+        if not key.endswith("_target"):
+            continue
+
+        if value == "STDOUT":
+            config[key] = "Console"
+        else:
+            config[key] = file_aliases[key]
 
     logfile = "/opt/jans/jetty/casa/resources/log4j2.xml"
     with open(logfile) as f:

From b853698d9a7becfc507a7ce23c71300ff3a68501 Mon Sep 17 00:00:00 2001
From: Jose <bonustrack310@gmail.com>
Date: Wed, 9 Mar 2022 15:13:05 -0500
Subject: [PATCH 032/101] chore: avoid hardcoded appender ref #132

---
 casa/app/pom.xml                                          | 2 +-
 casa/app/src/main/java/org/gluu/casa/core/LogService.java | 6 +++++-
 casa/app/src/main/resources/log4j2.xml                    | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/casa/app/pom.xml b/casa/app/pom.xml
index 5757ec7ca..f340890f7 100644
--- a/casa/app/pom.xml
+++ b/casa/app/pom.xml
@@ -226,7 +226,7 @@
         <dependency>
             <groupId>com.twilio.sdk</groupId>
             <artifactId>twilio</artifactId>
-            <version>8.16.0</version>
+            <version>8.27.0</version>
         </dependency>
 
         <!-- OTP -->
diff --git a/casa/app/src/main/java/org/gluu/casa/core/LogService.java b/casa/app/src/main/java/org/gluu/casa/core/LogService.java
index 71265be8c..7091e5d58 100644
--- a/casa/app/src/main/java/org/gluu/casa/core/LogService.java
+++ b/casa/app/src/main/java/org/gluu/casa/core/LogService.java
@@ -111,7 +111,11 @@ private void inited() {
         loggerNames.add("org.gluu.casa.timer");
 
         loggerContext = LoggerContext.getContext(false);
-        mainAppender = loggerContext.getConfiguration().getLoggerConfig(MAIN_LOGGER).getAppenders().get("LOG_FILE");
+        LoggerConfig mainLogger = loggerContext.getConfiguration().getLoggerConfig(MAIN_LOGGER);
+
+        String appenderRef = mainLogger.getAppenderRefs().get(0).getRef();
+        logger.info("Main logger's appender is {}", appenderRef);
+        mainAppender = mainLogger.getAppenders().get(appenderRef);
 
     }
 
diff --git a/casa/app/src/main/resources/log4j2.xml b/casa/app/src/main/resources/log4j2.xml
index 605feb66f..68896ce00 100644
--- a/casa/app/src/main/resources/log4j2.xml
+++ b/casa/app/src/main/resources/log4j2.xml
@@ -24,8 +24,8 @@
         <Logger name="org.gluu.casa.timer" level="INFO" additivity="false">
             <AppenderRef ref="TIMERS_FILE" />
         </Logger>
+        <!-- This logger name is required in class org.gluu.casa.core.LogService -->
         <Logger name="org.gluu.casa" level="INFO">
-            <!-- Configuration of this logger is tightly coupled with class org.gluu.casa.core.LogService -->
             <AppenderRef ref="LOG_FILE" />
         </Logger>
         <Root level="ERROR">

From 8e70832f1db7161ce20a675985350ec95f8d051e Mon Sep 17 00:00:00 2001
From: iromli <isman.firmansyah@gmail.com>
Date: Thu, 10 Mar 2022 05:16:43 +0700
Subject: [PATCH 033/101] chore: update casa source (contains logging fix)

---
 docker-casa/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-casa/Dockerfile b/docker-casa/Dockerfile
index 498f12efb..8238e254a 100644
--- a/docker-casa/Dockerfile
+++ b/docker-casa/Dockerfile
@@ -35,7 +35,7 @@ EXPOSE 8080
 # ====
 
 ENV GLUU_VERSION=5.0.0-SNAPSHOT
-ENV GLUU_BUILD_DATE='2022-03-08 12:42'
+ENV GLUU_BUILD_DATE='2022-03-09 20:14'
 ENV GLUU_SOURCE_URL=https://jenkins.gluu.org/maven/org/gluu/casa/${GLUU_VERSION}/casa-${GLUU_VERSION}.war
 
 # Install Casa

From 7d0e928fc38125579a2aad2a11b6073dfec3c9f6 Mon Sep 17 00:00:00 2001
From: iromli <isman.firmansyah@gmail.com>
Date: Fri, 11 Mar 2022 16:35:02 +0700
Subject: [PATCH 034/101] refactor: set arguments for jetty via command-line

- jetty.httpConfig.sendServerVersion=false to disable server info
- jetty.deploy.scanInterval=0 to disable hot-deployment
---
 docker-casa/scripts/bootstrap.py  | 10 ----------
 docker-casa/scripts/entrypoint.sh |  2 +-
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/docker-casa/scripts/bootstrap.py b/docker-casa/scripts/bootstrap.py
index e64ca77f7..6de4e1de2 100644
--- a/docker-casa/scripts/bootstrap.py
+++ b/docker-casa/scripts/bootstrap.py
@@ -58,15 +58,6 @@ def modify_jetty_xml():
         f.write(updates)
 
 
-def modify_server_ini():
-    with open("/opt/jans/jetty/casa/start.d/server.ini", "a") as f:
-        updates = "\n".join([
-            # disable server version info
-            "jetty.httpConfig.sendServerVersion=false",
-        ])
-        f.write(updates)
-
-
 def configure_logging():
     # default config
     config = {
@@ -183,7 +174,6 @@ def main():
 
     modify_jetty_xml()
     modify_webdefault_xml()
-    modify_server_ini()
     configure_logging()
 
 
diff --git a/docker-casa/scripts/entrypoint.sh b/docker-casa/scripts/entrypoint.sh
index 19c890013..c04387f73 100644
--- a/docker-casa/scripts/entrypoint.sh
+++ b/docker-casa/scripts/entrypoint.sh
@@ -45,4 +45,4 @@ exec java \
     -Djava.io.tmpdir=/opt/jetty/temp \
     -Dlog4j2.configurationFile=resources/log4j2.xml \
     ${CN_JAVA_OPTIONS} \
-    -jar /opt/jetty/start.jar
+    -jar /opt/jetty/start.jar jetty.httpConfig.sendServerVersion=false jetty.deploy.scanInterval=0

From 76a19d2b44fd5024f5de699a20232f66779d4c2b Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Fri, 11 Mar 2022 17:50:56 +0530
Subject: [PATCH 035/101] feat: move health menu under Home menu #116

---
 .../app/routes/Apps/Gluu/GluuAppSidebar.js    |  2 +-
 .../app/routes/Dashboards/DashboardPage.js    |  4 +-
 .../components/Health/HealthPage.js           | 97 -------------------
 .../plugins/auth-server/plugin-metadata.js    | 16 +--
 .../auth-server/redux/api/HealthApi.js        | 18 ----
 .../redux/reducers/HealthReducer.js           | 40 --------
 .../auth-server/redux/sagas/HealthSaga.js     | 49 ----------
 7 files changed, 4 insertions(+), 222 deletions(-)
 delete mode 100644 admin-ui/plugins/auth-server/components/Health/HealthPage.js
 delete mode 100644 admin-ui/plugins/auth-server/redux/api/HealthApi.js
 delete mode 100644 admin-ui/plugins/auth-server/redux/reducers/HealthReducer.js
 delete mode 100644 admin-ui/plugins/auth-server/redux/sagas/HealthSaga.js

diff --git a/admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.js b/admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.js
index 3fd11fc83..81a887081 100644
--- a/admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.js
+++ b/admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.js
@@ -56,7 +56,7 @@ function GluuAppSidebar({ scopes }) {
             exact
           />
           <SidebarMenu.Item
-            title={t('menus.license')}
+            title={t('menus.licenseDetails')}
             to="/home/licenseDetails"
             textStyle={{ fontSize: '18px', fontWeight: '600' }}
             exact
diff --git a/admin-ui/app/routes/Dashboards/DashboardPage.js b/admin-ui/app/routes/Dashboards/DashboardPage.js
index 6a7f06ed7..9a09333d2 100644
--- a/admin-ui/app/routes/Dashboards/DashboardPage.js
+++ b/admin-ui/app/routes/Dashboards/DashboardPage.js
@@ -119,7 +119,7 @@ function DashboardPage({ statData, permissions, clients, loading, dispatch }) {
 
   return (
     <GluuLoader blocking={loading}>
-      <GluuViewWrapper
+       {!loading &&<GluuViewWrapper
         canShow={hasBoth(permissions, STAT_READ, STAT_JANS_READ)}
       >
         <Card>
@@ -200,7 +200,7 @@ function DashboardPage({ statData, permissions, clients, loading, dispatch }) {
           </CardBody>
           <CardFooter className="p-4 bt-0"></CardFooter>
         </Card>
-      </GluuViewWrapper>
+      </GluuViewWrapper>}
     </GluuLoader>
   )
 }
diff --git a/admin-ui/plugins/auth-server/components/Health/HealthPage.js b/admin-ui/plugins/auth-server/components/Health/HealthPage.js
deleted file mode 100644
index 8b1f0727a..000000000
--- a/admin-ui/plugins/auth-server/components/Health/HealthPage.js
+++ /dev/null
@@ -1,97 +0,0 @@
-import React, { useEffect } from 'react'
-import {
-  Container,
-  CardBody,
-  Card,
-  Badge,
-  CardHeader,
-  FormGroup,
-} from '../../../../app/components'
-import { useTranslation } from 'react-i18next'
-import applicationStyle from '../../../../app/routes/Apps/Gluu/styles/applicationstyle'
-import { buildPayload } from '../../../../app/utils/PermChecker'
-import { connect } from 'react-redux'
-import { getHealthStatus } from '../../redux/actions/HealthAction'
-import GluuRibbon from '../../../../app/routes/Apps/Gluu/GluuRibbon'
-
-function HealthPage({ serverStatus, dbStatus, dispatch }) {
-  const { t } = useTranslation()
-  const userAction = {}
-  const options = {}
-
-  useEffect(() => {
-    fetchHealthInfo(userAction, options, dispatch)
-  }, [])
-
-  function fetchHealthInfo() {
-    buildPayload(userAction, 'GET Health Status', options)
-    dispatch(getHealthStatus(userAction))
-  }
-
-  function getColor(status) {
-    return isUp(status) ? 'primary' : 'danger'
-  }
-
-  function isUp(status) {
-    if (status) {
-      return (
-        status.toUpperCase() === 'ONLINE'.toUpperCase() ||
-        status.toUpperCase() === 'RUNNING'.toUpperCase()
-      )
-    }
-    return false
-  }
-
-  return (
-    <Container>
-      <Card className="mb-3">
-        <GluuRibbon title={t('titles.services_health')} fromLeft />
-        <FormGroup row />
-        <FormGroup row />
-        <FormGroup row />
-        <CardBody>
-          <Card className="mb-3" style={applicationStyle.buttonStyle}>
-            <CardHeader tag="h6" className="text-white">
-              {t('titles.oauth_server_status_title')}
-            </CardHeader>
-            <CardBody
-              style={
-                isUp(serverStatus)
-                  ? applicationStyle.healthUp
-                  : applicationStyle.healthDown
-              }
-            >
-              {serverStatus && (
-                <Badge color={getColor(serverStatus)}>{serverStatus}</Badge>
-              )}
-            </CardBody>
-          </Card>
-          <Card className="mb-3" style={applicationStyle.buttonStyle}>
-            <CardHeader tag="h6" className="text-white">
-              {t('titles.database_status_title')}
-            </CardHeader>
-            <CardBody
-              style={
-                isUp(dbStatus)
-                  ? applicationStyle.healthUp
-                  : applicationStyle.healthDown
-              }
-            >
-              {dbStatus && <Badge color={getColor(dbStatus)}>{dbStatus}</Badge>}
-            </CardBody>
-          </Card>
-        </CardBody>
-      </Card>
-    </Container>
-  )
-}
-
-const mapStateToProps = (state) => {
-  return {
-    serverStatus: state.healthReducer.serverStatus,
-    dbStatus: state.healthReducer.dbStatus,
-    loading: state.healthReducer.loading,
-    permissions: state.authReducer.permissions,
-  }
-}
-export default connect(mapStateToProps)(HealthPage)
diff --git a/admin-ui/plugins/auth-server/plugin-metadata.js b/admin-ui/plugins/auth-server/plugin-metadata.js
index 385734ce3..6ad041b9f 100644
--- a/admin-ui/plugins/auth-server/plugin-metadata.js
+++ b/admin-ui/plugins/auth-server/plugin-metadata.js
@@ -11,7 +11,6 @@ import KeysPage from './components/Configuration/Keys/KeysPage'
 import DefaultPage from './components/Configuration/Defaults/DefaultConfigPage'
 import LoggingPage from './components/Configuration/Defaults/LoggingPage'
 
-import HealthPage from './components/Health/HealthPage'
 import ReportPage from './components/Reports/ReportPage'
 
 import oidcReducer from './redux/reducers/OIDCReducer'
@@ -20,7 +19,6 @@ import jsonReducer from './redux/reducers/JsonConfigReducer'
 import jwksReducer from './redux/reducers/JwksReducer'
 import acrReducer from './redux/reducers/AcrReducer'
 import loggingReducer from './redux/reducers/LoggingReducer'
-import healthReducer from './redux/reducers/HealthReducer'
 
 import scopesSaga from './redux/sagas/OAuthScopeSaga'
 import oidcSaga from './redux/sagas/OIDCSaga'
@@ -28,7 +26,7 @@ import jsonSaga from './redux/sagas/JsonConfigSaga'
 import jwksSaga from './redux/sagas/JwksSaga'
 import acrSaga from './redux/sagas/AcrsSaga'
 import loggingSaga from './redux/sagas/LoggingSaga'
-import healthSaga from './redux/sagas/HealthSaga'
+
 import {
   ACR_READ,
   CLIENT_READ,
@@ -76,11 +74,6 @@ const pluginMetadata = {
           path: PLUGIN_BASE_APTH + '/clients',
           permission: CLIENT_READ,
         },
-        {
-          title: 'menus.health',
-          path: PLUGIN_BASE_APTH + '/health',
-          permission: ACR_READ,
-        },
         {
           title: 'menus.scopes',
           path: PLUGIN_BASE_APTH + '/scopes',
@@ -140,11 +133,6 @@ const pluginMetadata = {
       path: PLUGIN_BASE_APTH + '/config/logging',
       permission: ACR_READ,
     },
-    {
-      component: HealthPage,
-      path: PLUGIN_BASE_APTH + '/health',
-      permission: ACR_READ,
-    },
     {
       component: ReportPage,
       path: PLUGIN_BASE_APTH + '/reports',
@@ -158,7 +146,6 @@ const pluginMetadata = {
     { name: 'jwksReducer', reducer: jwksReducer },
     { name: 'acrReducer', reducer: acrReducer },
     { name: 'loggingReducer', reducer: loggingReducer },
-    { name: 'healthReducer', reducer: healthReducer },
   ],
   sagas: [
     scopesSaga(),
@@ -167,7 +154,6 @@ const pluginMetadata = {
     jwksSaga(),
     acrSaga(),
     loggingSaga(),
-    healthSaga(),
   ],
 }
 
diff --git a/admin-ui/plugins/auth-server/redux/api/HealthApi.js b/admin-ui/plugins/auth-server/redux/api/HealthApi.js
deleted file mode 100644
index 193b96c93..000000000
--- a/admin-ui/plugins/auth-server/redux/api/HealthApi.js
+++ /dev/null
@@ -1,18 +0,0 @@
-export default class HealthApi {
-  constructor(api) {
-    this.api = api
-  }
-
-  getHealthStatus = () => {
-    return new Promise((resolve, reject) => {
-      this.api.getAuthServerHealth((error, data) => {
-        if (error) {
-          console.log(e);
-          reject(error)
-        } else {
-          resolve(data)
-        }
-      })
-    })
-  }
-}
diff --git a/admin-ui/plugins/auth-server/redux/reducers/HealthReducer.js b/admin-ui/plugins/auth-server/redux/reducers/HealthReducer.js
deleted file mode 100644
index 48b9ea473..000000000
--- a/admin-ui/plugins/auth-server/redux/reducers/HealthReducer.js
+++ /dev/null
@@ -1,40 +0,0 @@
-import { GET_HEALTH, GET_HEALTH_RESPONSE } from '../actions/types'
-import reducerRegistry from '../../../../app/redux/reducers/ReducerRegistry'
-const INIT_STATE = {
-  serverStatus: null,
-  dbStatus: null,
-  loading: false,
-}
-
-const reducerName = 'healthReducer'
-
-export default function healthReducer(state = INIT_STATE, action) {
-  switch (action.type) {
-    case GET_HEALTH:
-      return {
-        ...state,
-        loading: true,
-      }
-    case GET_HEALTH_RESPONSE:
-      if (action.payload.data) {
-        return {
-          ...state,
-          serverStatus: action.payload.data.status,
-          dbStatus: action.payload.data.db_status,
-          loading: false,
-        }
-      } else {
-        return handleDefault()
-      }
-    default:
-      return handleDefault()
-  }
-
-  function handleDefault() {
-    return {
-      ...state,
-      loading: false,
-    }
-  }
-}
-reducerRegistry.register(reducerName, healthReducer)
diff --git a/admin-ui/plugins/auth-server/redux/sagas/HealthSaga.js b/admin-ui/plugins/auth-server/redux/sagas/HealthSaga.js
deleted file mode 100644
index 2b5c1c851..000000000
--- a/admin-ui/plugins/auth-server/redux/sagas/HealthSaga.js
+++ /dev/null
@@ -1,49 +0,0 @@
-import { call, all, put, fork, takeLatest, select } from 'redux-saga/effects'
-import {
-  isFourZeroOneError,
-  addAdditionalData,
-} from '../../../../app/utils/TokenController'
-import { getHealthStatusResponse } from '../actions/HealthAction'
-import { getAPIAccessToken } from '../../../../app/redux/actions/AuthActions'
-import { postUserAction} from '../../../../app/redux/api/backend-api'
-import { GET_HEALTH } from '../actions/types'
-import HealthApi from '../api/HealthApi'
-import { getClient } from '../../../../app/redux/api/base'
-import { initAudit } from '../../../../app/redux/sagas/SagaUtils'
-const JansConfigApi = require('jans_config_api')
-
-function* newFunction() {
-  const token = yield select((state) => state.authReducer.token.access_token)
-  const issuer = yield select((state) => state.authReducer.issuer)
-  const api = new JansConfigApi.AuthServerHealthCheckApi(
-    getClient(JansConfigApi, token, issuer),
-  )
-  return new HealthApi(api)
-}
-
-export function* getHealthStatus({ payload }) {
-  const audit = yield* initAudit()
-  try {
-    payload = payload ? payload : { action: {} }
-    addAdditionalData(audit, 'FETCH', 'Health', payload)
-    const healthApi = yield* newFunction()
-    const data = yield call(healthApi.getHealthStatus, payload.action.action_data)
-    yield put(getHealthStatusResponse(data))
-    yield call(postUserAction, audit)
-  } catch (e) {
-
-    yield put(getHealthStatusResponse(null))
-    if (isFourZeroOneError(e)) {
-      const jwt = yield select((state) => state.authReducer.userinfo_jwt)
-      yield put(getAPIAccessToken(jwt))
-    }
-  }
-}
-
-export function* watchGetHealthStatus() {
-  yield takeLatest(GET_HEALTH, getHealthStatus)
-}
-
-export default function* rootSaga() {
-  yield all([fork(watchGetHealthStatus)])
-}

From b5c86bf1bd0df97a5a86300a0e8d5be890b54cbc Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Fri, 11 Mar 2022 19:17:25 +0530
Subject: [PATCH 036/101] feat: move health menu under Home menu #116

---
 admin-ui/app/routes/Dashboards/DashboardPage.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/admin-ui/app/routes/Dashboards/DashboardPage.js b/admin-ui/app/routes/Dashboards/DashboardPage.js
index 9a09333d2..6a7f06ed7 100644
--- a/admin-ui/app/routes/Dashboards/DashboardPage.js
+++ b/admin-ui/app/routes/Dashboards/DashboardPage.js
@@ -119,7 +119,7 @@ function DashboardPage({ statData, permissions, clients, loading, dispatch }) {
 
   return (
     <GluuLoader blocking={loading}>
-       {!loading &&<GluuViewWrapper
+      <GluuViewWrapper
         canShow={hasBoth(permissions, STAT_READ, STAT_JANS_READ)}
       >
         <Card>
@@ -200,7 +200,7 @@ function DashboardPage({ statData, permissions, clients, loading, dispatch }) {
           </CardBody>
           <CardFooter className="p-4 bt-0"></CardFooter>
         </Card>
-      </GluuViewWrapper>}
+      </GluuViewWrapper>
     </GluuLoader>
   )
 }

From 75abeb491d22bbeeec278b081564fd485e3d8457 Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Sat, 12 Mar 2022 23:05:51 +0530
Subject: [PATCH 037/101] fix: create oidc client not working #129

---
 admin-ui/app/locales/en/translation.json      |  6 ++--
 admin-ui/app/routes/Apps/Gluu/GluuAlert.js    |  2 +-
 .../components/Clients/ClientAddPage.js       | 21 +++++++++--
 .../components/Clients/ClientEditPage.js      | 21 +++++++++--
 .../auth-server/redux/reducers/OIDCReducer.js | 36 ++++++++++++++++---
 5 files changed, 75 insertions(+), 11 deletions(-)

diff --git a/admin-ui/app/locales/en/translation.json b/admin-ui/app/locales/en/translation.json
index bdc0697ad..6824c1396 100644
--- a/admin-ui/app/locales/en/translation.json
+++ b/admin-ui/app/locales/en/translation.json
@@ -301,7 +301,8 @@
     "request_waiting_message": "Performing the request, please wait!",
     "resource_not_found_message": "The requested resource doesn't exist on this server. Please contact the site administrator or the support team.",
     "resource_not_found_title": "Resource not found",
-    "view_client_details": "View client details"
+    "view_client_details": "View client details",
+    "error_in_saving": "Error in saving."
   },
   "tooltips": {
     "add_attribute": "Add attribute",
@@ -401,7 +402,8 @@
     "permissions": "Config API Permissions",
     "scopes": "OpenID/OAuth Scopes",
     "scripts": "Custom Interception Scripts",
-    "schemaName": "Schema Name"
+    "schemaName": "Schema Name",
+    "error": "error"
   },
   "links": {
     "support": "https://support.gluu.org/"
diff --git a/admin-ui/app/routes/Apps/Gluu/GluuAlert.js b/admin-ui/app/routes/Apps/Gluu/GluuAlert.js
index 54cbba021..c2955dfe6 100644
--- a/admin-ui/app/routes/Apps/Gluu/GluuAlert.js
+++ b/admin-ui/app/routes/Apps/Gluu/GluuAlert.js
@@ -33,7 +33,7 @@ export default function GluuAlert({ severity, message, show }) {
 
   return (
     <div className={classes.root}>
-      <Snackbar open={open} autoHideDuration={1000} onClose={handleClose}>
+      <Snackbar open={open} autoHideDuration={5000} onClose={handleClose}>
         <Alert onClose={handleClose} severity={severity}>
           {message}
         </Alert>
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js b/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js
index ba7723d4b..fd631ccfc 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js
@@ -8,6 +8,8 @@ import { getOidcDiscovery } from '../../../../app/redux/actions/OidcDiscoveryAct
 import { getScopes } from '../../redux/actions/ScopeActions'
 import { getScripts } from '../../../../app/redux/actions/InitActions'
 import { buildPayload } from '../../../../app/utils/PermChecker'
+import GluuAlert from '../../../../app/routes/Apps/Gluu/GluuAlert'
+import { useTranslation } from 'react-i18next'
 
 function ClientAddPage({
   permissions,
@@ -16,10 +18,14 @@ function ClientAddPage({
   loading,
   dispatch,
   oidcConfiguration,
+  saveOperationFlag,
+  errorInSaveOperationFlag,
 }) {
   const userAction = {}
   const options = {}
   options['limit'] = parseInt(100000)
+  const history = useHistory()
+  const { t } = useTranslation()
   useEffect(() => {
     buildPayload(userAction, '', options)
     if (scopes.length < 1) {
@@ -30,7 +36,12 @@ function ClientAddPage({
     }
     dispatch(getOidcDiscovery())
   }, [])
-  const history = useHistory()
+
+  useEffect(() => {
+    if (saveOperationFlag && !errorInSaveOperationFlag)
+      history.push('/auth-server/clients')
+  }, [saveOperationFlag])
+
   scopes = scopes.map((item) => ({ dn: item.dn, name: item.id }))
   function handleSubmit(data) {
     if (data) {
@@ -38,7 +49,6 @@ function ClientAddPage({
       postBody['client'] = data
       buildPayload(userAction, data.action_message, postBody)
       dispatch(addNewClientAction(userAction))
-      history.push('/auth-server/clients')
     }
   }
   const clientData = {
@@ -80,6 +90,11 @@ function ClientAddPage({
   }
   return (
     <GluuLoader blocking={loading}>
+      <GluuAlert
+        severity={t(titles.error)}
+        message={t(messages.error_in_saving)}
+        show={errorInSaveOperationFlag}
+      />
       <ClientWizardForm
         client_data={clientData}
         scopes={scopes}
@@ -99,6 +114,8 @@ const mapStateToProps = (state) => {
     scripts: state.initReducer.scripts,
     loading: state.oidcReducer.loading,
     oidcConfiguration: state.oidcDiscoveryReducer.configuration,
+    saveOperationFlag: state.oidcReducer.saveOperationFlag,
+    errorInSaveOperationFlag: state.oidcReducer.errorInSaveOperationFlag,
   }
 }
 export default connect(mapStateToProps)(ClientAddPage)
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientEditPage.js b/admin-ui/plugins/auth-server/components/Clients/ClientEditPage.js
index 51ea2d948..bd0022734 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientEditPage.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientEditPage.js
@@ -8,6 +8,8 @@ import { getScopes } from '../../redux/actions/ScopeActions'
 import { getOidcDiscovery } from '../../../../app/redux/actions/OidcDiscoveryActions'
 import { getScripts } from '../../../../app/redux/actions/InitActions'
 import { buildPayload } from '../../../../app/utils/PermChecker'
+import GluuAlert from '../../../../app/routes/Apps/Gluu/GluuAlert'
+import { useTranslation } from 'react-i18next'
 
 function ClientEditPage({
   clientData,
@@ -18,10 +20,15 @@ function ClientEditPage({
   permissions,
   dispatch,
   oidcConfiguration,
+  saveOperationFlag,
+  errorInSaveOperationFlag,
 }) {
   const userAction = {}
   const options = {}
   options['limit'] = parseInt(100000)
+  const { t } = useTranslation()
+  const history = useHistory()
+
   useEffect(() => {
     buildPayload(userAction, '', options)
     if (scopes.length < 1) {
@@ -32,22 +39,30 @@ function ClientEditPage({
     }
     dispatch(getOidcDiscovery())
   }, [])
+  useEffect(() => {
+    if (saveOperationFlag && !errorInSaveOperationFlag)
+      history.push('/auth-server/clients')
+  }, [saveOperationFlag])
 
   if (!clientData.attributes) {
     clientData.attributes = {}
   }
   scopes = scopes.map((item) => ({ dn: item.dn, name: item.id }))
-  const history = useHistory()
+
   function handleSubmit(data) {
     if (data) {
       buildPayload(userAction, data.action_message, data)
       dispatch(editClient(userAction))
-      history.push('/auth-server/clients')
     }
   }
 
   return (
     <GluuLoader blocking={loading}>
+      <GluuAlert
+        severity={t(titles.error)}
+        message={t(messages.error_in_saving)}
+        show={errorInSaveOperationFlag}
+      />
       <ClientWizardForm
         client_data={clientData}
         view_only={view_only}
@@ -69,6 +84,8 @@ const mapStateToProps = (state) => {
     scripts: state.initReducer.scripts,
     permissions: state.authReducer.permissions,
     oidcConfiguration: state.oidcDiscoveryReducer.configuration,
+    saveOperationFlag: state.oidcReducer.saveOperationFlag,
+    errorInSaveOperationFlag: state.oidcReducer.errorInSaveOperationFlag,
   }
 }
 export default connect(mapStateToProps)(ClientEditPage)
diff --git a/admin-ui/plugins/auth-server/redux/reducers/OIDCReducer.js b/admin-ui/plugins/auth-server/redux/reducers/OIDCReducer.js
index c38970b45..e75706df5 100644
--- a/admin-ui/plugins/auth-server/redux/reducers/OIDCReducer.js
+++ b/admin-ui/plugins/auth-server/redux/reducers/OIDCReducer.js
@@ -13,11 +13,14 @@ import {
   SET_VIEW,
 } from '../actions/types'
 import reducerRegistry from '../../../../app/redux/reducers/ReducerRegistry'
+
 const INIT_STATE = {
   items: [],
   item: {},
   view: false,
   loading: false,
+  saveOperationFlag: false,
+  errorInSaveOperationFlag: false,
 }
 
 const reducerName = 'oidcReducer'
@@ -40,16 +43,28 @@ export default function oidcReducer(state = INIT_STATE, action) {
       }
 
     case ADD_NEW_CLIENT:
-      return handleLoading()
+      return {
+        ...state,
+        loading: true,
+        saveOperationFlag: false,
+        errorInSaveOperationFlag: false,
+      }
     case ADD_CLIENT_RESPONSE:
       if (action.payload.data) {
         return {
           ...state,
           items: [...state.items],
           loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: false,
         }
       } else {
-        return handleDefault()
+        return {
+          ...state,
+          loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: true,
+        }
       }
 
     case EDIT_CLIENT:
@@ -57,6 +72,8 @@ export default function oidcReducer(state = INIT_STATE, action) {
         ...state,
         loading: true,
         items: [],
+        saveOperationFlag: false,
+        errorInSaveOperationFlag: false,
       }
     case EDIT_CLIENT_RESPONSE:
       if (action.payload.data) {
@@ -68,9 +85,16 @@ export default function oidcReducer(state = INIT_STATE, action) {
           ...state,
           items: [action.payload.data, ...clients],
           loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: false,
         }
       } else {
-        return handleDefault()
+        return {
+          ...state,
+          loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: true,
+        }
       }
 
     case DELETE_CLIENT:
@@ -118,13 +142,17 @@ export default function oidcReducer(state = INIT_STATE, action) {
     return {
       ...state,
       loading: false,
+      saveOperationFlag: false,
+      errorInSaveOperationFlag: false,
     }
   }
   function handleLoading() {
     return {
       ...state,
       loading: true,
+      saveOperationFlag: false,
+      errorInSaveOperationFlag: false,
     }
   }
 }
-reducerRegistry.register(reducerName, oidcReducer)
+reducerRegistry.register(reducerName, oidcReducer)
\ No newline at end of file

From b65076c20fc465c8c89c68e6115dad9b42121739 Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Sat, 12 Mar 2022 23:19:44 +0530
Subject: [PATCH 038/101] fix: create oidc client not working #129

---
 .../plugins/auth-server/components/Clients/ClientAddPage.js   | 4 ++--
 .../plugins/auth-server/components/Clients/ClientEditPage.js  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js b/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js
index fd631ccfc..156f40f1e 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js
@@ -91,8 +91,8 @@ function ClientAddPage({
   return (
     <GluuLoader blocking={loading}>
       <GluuAlert
-        severity={t(titles.error)}
-        message={t(messages.error_in_saving)}
+        severity={t('titles.error')}
+        message={t('messages.error_in_saving')}
         show={errorInSaveOperationFlag}
       />
       <ClientWizardForm
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientEditPage.js b/admin-ui/plugins/auth-server/components/Clients/ClientEditPage.js
index bd0022734..eebb46fe3 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientEditPage.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientEditPage.js
@@ -59,8 +59,8 @@ function ClientEditPage({
   return (
     <GluuLoader blocking={loading}>
       <GluuAlert
-        severity={t(titles.error)}
-        message={t(messages.error_in_saving)}
+        severity={t('titles.error')}
+        message={t('messages.error_in_saving')}
         show={errorInSaveOperationFlag}
       />
       <ClientWizardForm

From 6ff9d2b33306c0eae4db6e46d708d4fece2e12cc Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Sun, 13 Mar 2022 12:59:24 +0530
Subject: [PATCH 039/101] fix: we need to refresh the custom scripts list page
 to see the added/edited entries #137

---
 .../CustomScripts/CustomScriptAddPage.js      | 22 +++++++--
 .../CustomScripts/CustomScriptEditPage.js     | 21 +++++++--
 .../redux/reducers/CustomScriptReducer.js     | 45 ++++++++++++++-----
 3 files changed, 72 insertions(+), 16 deletions(-)

diff --git a/admin-ui/plugins/admin/components/CustomScripts/CustomScriptAddPage.js b/admin-ui/plugins/admin/components/CustomScripts/CustomScriptAddPage.js
index 7479dc051..e5e6f1b81 100644
--- a/admin-ui/plugins/admin/components/CustomScripts/CustomScriptAddPage.js
+++ b/admin-ui/plugins/admin/components/CustomScripts/CustomScriptAddPage.js
@@ -1,25 +1,39 @@
-import React from 'react'
+import React, { useEffect } from 'react'
 import { connect } from 'react-redux'
 import { useHistory } from 'react-router-dom'
 import { Container, CardBody, Card } from '../../../../app/components'
 import CustomScriptForm from './CustomScriptForm'
 import { addCustomScript } from '../../redux/actions/CustomScriptActions'
 import { buildPayload } from '../../../../app/utils/PermChecker'
+import GluuAlert from '../../../../app/routes/Apps/Gluu/GluuAlert'
+import { useTranslation } from 'react-i18next'
 
-function CustomScriptAddPage({ scripts, dispatch }) {
+function CustomScriptAddPage({ scripts, dispatch, saveOperationFlag, errorInSaveOperationFlag }) {
   const userAction = {}
   const history = useHistory()
+  const { t } = useTranslation()
+
+  useEffect(() => {
+    if (saveOperationFlag && !errorInSaveOperationFlag)
+      history.push('/adm/scripts')
+  }, [saveOperationFlag])
+
+
   function handleSubmit(data) {
     if (data) {
       let message = data.customScript.action_message
       delete data.customScript.action_message
       buildPayload(userAction, message, data)
       dispatch(addCustomScript(userAction))
-      history.push('/adm/scripts')
     }
   }
   return (
     <React.Fragment>
+      <GluuAlert
+        severity={t('titles.error')}
+        message={t('messages.error_in_saving')}
+        show={errorInSaveOperationFlag}
+      />
       <Container>
         <Card className="mb-3">
           <CardBody>
@@ -39,6 +53,8 @@ const mapStateToProps = (state) => {
     scripts: state.customScriptReducer.items,
     loading: state.customScriptReducer.loading,
     permissions: state.authReducer.permissions,
+    saveOperationFlag: state.customScriptReducer.saveOperationFlag,
+    errorInSaveOperationFlag: state.customScriptReducer.errorInSaveOperationFlag,
   }
 }
 export default connect(mapStateToProps)(CustomScriptAddPage)
diff --git a/admin-ui/plugins/admin/components/CustomScripts/CustomScriptEditPage.js b/admin-ui/plugins/admin/components/CustomScripts/CustomScriptEditPage.js
index acb7ade94..9167d70b9 100644
--- a/admin-ui/plugins/admin/components/CustomScripts/CustomScriptEditPage.js
+++ b/admin-ui/plugins/admin/components/CustomScripts/CustomScriptEditPage.js
@@ -1,4 +1,4 @@
-import React from 'react'
+import React, { useEffect } from 'react'
 import { connect } from 'react-redux'
 import { useHistory } from 'react-router-dom'
 import { CardBody, Card } from '../../../../app/components'
@@ -6,21 +6,34 @@ import GluuLoader from '../../../../app/routes/Apps/Gluu/GluuLoader'
 import CustomScriptForm from './CustomScriptForm'
 import { editCustomScript } from '../../redux/actions/CustomScriptActions'
 import { buildPayload } from '../../../../app/utils/PermChecker'
+import GluuAlert from '../../../../app/routes/Apps/Gluu/GluuAlert'
+import { useTranslation } from 'react-i18next'
 
-function CustomScriptEditPage({ item, scripts, loading, dispatch }) {
+function CustomScriptEditPage({ item, scripts, loading, dispatch, saveOperationFlag, errorInSaveOperationFlag }) {
   const userAction = {}
   const history = useHistory()
+  const { t } = useTranslation()
+
+  useEffect(() => {
+    if (saveOperationFlag && !errorInSaveOperationFlag)
+      history.push('/adm/scripts')
+  }, [saveOperationFlag])
+
   function handleSubmit(data) {
     if (data) {
       let message = data.customScript.action_message
       delete data.customScript.action_message
       buildPayload(userAction, message, data)
       dispatch(editCustomScript(userAction))
-      history.push('/adm/scripts')
     }
   }
   return (
     <GluuLoader blocking={loading}>
+      <GluuAlert
+        severity={t('titles.error')}
+        message={t('messages.error_in_saving')}
+        show={errorInSaveOperationFlag}
+      />
       <Card className="mb-3">
         <CardBody>
           <CustomScriptForm
@@ -39,6 +52,8 @@ const mapStateToProps = (state) => {
     scripts: state.customScriptReducer.items,
     loading: state.customScriptReducer.loading,
     permissions: state.authReducer.permissions,
+    saveOperationFlag: state.customScriptReducer.saveOperationFlag,
+    errorInSaveOperationFlag: state.customScriptReducer.errorInSaveOperationFlag,
   }
 }
 export default connect(mapStateToProps)(CustomScriptEditPage)
diff --git a/admin-ui/plugins/admin/redux/reducers/CustomScriptReducer.js b/admin-ui/plugins/admin/redux/reducers/CustomScriptReducer.js
index 95ad78a5e..e9f07f9e6 100644
--- a/admin-ui/plugins/admin/redux/reducers/CustomScriptReducer.js
+++ b/admin-ui/plugins/admin/redux/reducers/CustomScriptReducer.js
@@ -16,6 +16,8 @@ import reducerRegistry from '../../../../app/redux/reducers/ReducerRegistry'
 const INIT_STATE = {
   items: [],
   loading: true,
+  saveOperationFlag: false,
+  errorInSaveOperationFlag: false,
 }
 
 const reducerName = 'customScriptReducer'
@@ -23,10 +25,7 @@ const reducerName = 'customScriptReducer'
 export default function customScriptReducer(state = INIT_STATE, action) {
   switch (action.type) {
     case GET_CUSTOM_SCRIPT:
-      return {
-        ...state,
-        loading: true,
-      }
+      return handleLoading()
     case GET_CUSTOM_SCRIPT_RESPONSE:
       if (action.payload.data) {
         return {
@@ -38,10 +37,7 @@ export default function customScriptReducer(state = INIT_STATE, action) {
         return handleDefault()
       }
     case GET_CUSTOM_SCRIPT_BY_TYPE:
-      return {
-        ...state,
-        loading: true,
-      }
+      return handleLoading()
     case GET_CUSTOM_SCRIPT_BY_TYPE_RESPONSE:
       if (action.payload.data) {
         return {
@@ -56,6 +52,8 @@ export default function customScriptReducer(state = INIT_STATE, action) {
       return {
         ...state,
         loading: true,
+        saveOperationFlag: false,
+        errorInSaveOperationFlag: false,
       }
     case ADD_CUSTOM_SCRIPT_RESPONSE:
       if (action.payload.data) {
@@ -63,15 +61,24 @@ export default function customScriptReducer(state = INIT_STATE, action) {
           ...state,
           items: [...state.items, action.payload.data],
           loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: false,
         }
       } else {
-        return handleDefault()
+        return {
+          ...state,
+          loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: true,
+        }
       }
 
     case EDIT_CUSTOM_SCRIPT:
       return {
         ...state,
         loading: true,
+        saveOperationFlag: false,
+        errorInSaveOperationFlag: false,
       }
     case EDIT_CUSTOM_SCRIPT_RESPONSE:
       if (action.payload.data) {
@@ -79,9 +86,16 @@ export default function customScriptReducer(state = INIT_STATE, action) {
           ...state,
           items: [...state.items],
           loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: false,
         }
       } else {
-        return handleDefault()
+        return {
+          ...state,
+          loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: true,
+        }
       }
 
     case DELETE_CUSTOM_SCRIPT:
@@ -121,6 +135,17 @@ export default function customScriptReducer(state = INIT_STATE, action) {
     return {
       ...state,
       loading: false,
+      saveOperationFlag: false,
+      errorInSaveOperationFlag: false,
+    }
+  }
+
+  function handleLoading() {
+    return {
+      ...state,
+      loading: true,
+      saveOperationFlag: false,
+      errorInSaveOperationFlag: false,
     }
   }
 }

From f42ab3b82da7f30c7dc4575f958a200c6b03a5a7 Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Mon, 14 Mar 2022 13:03:10 +0530
Subject: [PATCH 040/101] fix:claims dropdown is not populated in Add/Edit
 scopes page #140

---
 .../components/Scopes/ScopeAddPage.js         | 40 ++++++++++++++++---
 .../components/Scopes/ScopeEditPage.js        | 34 ++++++++++++++--
 .../components/Scopes/ScopeForm.js            |  3 +-
 .../redux/reducers/ScopeReducer.js            | 24 ++++++++++-
 4 files changed, 90 insertions(+), 11 deletions(-)

diff --git a/admin-ui/plugins/auth-server/components/Scopes/ScopeAddPage.js b/admin-ui/plugins/auth-server/components/Scopes/ScopeAddPage.js
index 32ca8b43e..3ed371dd6 100644
--- a/admin-ui/plugins/auth-server/components/Scopes/ScopeAddPage.js
+++ b/admin-ui/plugins/auth-server/components/Scopes/ScopeAddPage.js
@@ -1,14 +1,38 @@
-import React from 'react'
+import React, { useEffect } from 'react'
 import { connect } from 'react-redux'
 import { useHistory } from 'react-router-dom'
 import { Container, CardBody, Card } from '../../../../app/components'
 import ScopeForm from './ScopeForm'
 import { addScope } from '../../redux/actions/ScopeActions'
 import { buildPayload } from '../../../../app/utils/PermChecker'
+import GluuLoader from '../../../../app/routes/Apps/Gluu/GluuLoader'
+import {
+  getAttributes,
+  getScripts
+} from '../../../../app//redux/actions/InitActions'
+import GluuAlert from '../../../../app/routes/Apps/Gluu/GluuAlert'
+import { useTranslation } from 'react-i18next'
 
-function ScopeAddPage({ scripts, dispatch, attributes }) {
+function ScopeAddPage({ scripts, dispatch, attributes, loading, saveOperationFlag, errorInSaveOperationFlag }) {
   const userAction = {}
   const history = useHistory()
+  const { t } = useTranslation()
+  useEffect(() => {
+    if (attributes.length === 0) {
+      buildPayload(userAction, 'Fetch attributes', {})
+      dispatch(getAttributes(userAction))
+    }
+    if (scripts.length === 0) {
+      buildPayload(userAction, 'Fetch custom scripts', {})
+      dispatch(getScripts(userAction))
+    }
+  }, [])
+
+  useEffect(() => {
+    if (saveOperationFlag && !errorInSaveOperationFlag)
+      history.push('/auth-server/scopes')
+  }, [saveOperationFlag])
+
   function handleSubmit(data) {
     if (data) {
       const postBody = {}
@@ -18,7 +42,6 @@ function ScopeAddPage({ scripts, dispatch, attributes }) {
       postBody['scope'] = data
       buildPayload(userAction, message, postBody)
       dispatch(addScope(userAction))
-      history.push('/auth-server/scopes')
     }
   }
 
@@ -34,7 +57,12 @@ function ScopeAddPage({ scripts, dispatch, attributes }) {
   }
 
   return (
-    <React.Fragment>
+    <GluuLoader blocking={loading}>
+      <GluuAlert
+        severity={t('titles.error')}
+        message={t('messages.error_in_saving')}
+        show={errorInSaveOperationFlag}
+      />
       <Container>
         <Card className="mb-3">
           <CardBody>
@@ -47,7 +75,7 @@ function ScopeAddPage({ scripts, dispatch, attributes }) {
           </CardBody>
         </Card>
       </Container>
-    </React.Fragment>
+    </GluuLoader>
   )
 }
 const mapStateToProps = (state) => {
@@ -56,6 +84,8 @@ const mapStateToProps = (state) => {
     permissions: state.authReducer.permissions,
     scripts: state.initReducer.scripts,
     attributes: state.initReducer.attributes,
+    saveOperationFlag: state.scopeReducer.saveOperationFlag,
+    errorInSaveOperationFlag: state.scopeReducer.errorInSaveOperationFlag,
   }
 }
 export default connect(mapStateToProps)(ScopeAddPage)
diff --git a/admin-ui/plugins/auth-server/components/Scopes/ScopeEditPage.js b/admin-ui/plugins/auth-server/components/Scopes/ScopeEditPage.js
index 194993cf8..b876dd51b 100644
--- a/admin-ui/plugins/auth-server/components/Scopes/ScopeEditPage.js
+++ b/admin-ui/plugins/auth-server/components/Scopes/ScopeEditPage.js
@@ -1,4 +1,4 @@
-import React from 'react'
+import React, { useEffect } from 'react'
 import { connect } from 'react-redux'
 import { useHistory } from 'react-router-dom'
 import { CardBody, Card } from '../../../../app/components'
@@ -6,10 +6,18 @@ import GluuLoader from '../../../../app/routes/Apps/Gluu/GluuLoader'
 import ScopeForm from './ScopeForm'
 import { editScope } from '../../redux/actions/ScopeActions'
 import { buildPayload } from '../../../../app/utils/PermChecker'
+import {
+  getAttributes,
+  getScripts
+} from '../../../../app//redux/actions/InitActions'
+import GluuAlert from '../../../../app/routes/Apps/Gluu/GluuAlert'
+import { useTranslation } from 'react-i18next'
 
-function ScopeEditPage({ scope, loading, dispatch, scripts, attributes }) {
+function ScopeEditPage({ scope, loading, dispatch, scripts, attributes, saveOperationFlag, errorInSaveOperationFlag }) {
   const userAction = {}
   const history = useHistory()
+  const { t } = useTranslation()
+
   if (!scope.attributes) {
     scope.attributes = {
       spontaneousClientId: null,
@@ -17,6 +25,20 @@ function ScopeEditPage({ scope, loading, dispatch, scripts, attributes }) {
       showInConfigurationEndpoint: false,
     }
   }
+  useEffect(() => {
+    if (attributes.length === 0) {
+      buildPayload(userAction, 'Fetch attributes', {})
+      dispatch(getAttributes(userAction))
+    }
+    if (scripts.length === 0) {
+      buildPayload(userAction, 'Fetch custom scripts', {})
+      dispatch(getScripts(userAction))
+    }
+  }, [])
+  useEffect(() => {
+    if (saveOperationFlag && !errorInSaveOperationFlag)
+      history.push('/auth-server/scopes')
+  }, [saveOperationFlag])
 
   function handleSubmit(data) {
     if (data) {
@@ -27,11 +49,15 @@ function ScopeEditPage({ scope, loading, dispatch, scripts, attributes }) {
       postBody['scope'] = data
       buildPayload(userAction, message, postBody)
       dispatch(editScope(userAction))
-      history.push('/auth-server/scopes')
     }
   }
   return (
     <GluuLoader blocking={loading}>
+      <GluuAlert
+        severity={t('titles.error')}
+        message={t('messages.error_in_saving')}
+        show={errorInSaveOperationFlag}
+      />
       <Card className="mb-3">
         <CardBody>
           <ScopeForm
@@ -52,6 +78,8 @@ const mapStateToProps = (state) => {
     permissions: state.authReducer.permissions,
     scripts: state.initReducer.scripts,
     attributes: state.initReducer.attributes,
+    saveOperationFlag: state.scopeReducer.saveOperationFlag,
+    errorInSaveOperationFlag: state.scopeReducer.errorInSaveOperationFlag,
   }
 }
 
diff --git a/admin-ui/plugins/auth-server/components/Scopes/ScopeForm.js b/admin-ui/plugins/auth-server/components/Scopes/ScopeForm.js
index 3c94a6c2b..08f96419c 100644
--- a/admin-ui/plugins/auth-server/components/Scopes/ScopeForm.js
+++ b/admin-ui/plugins/auth-server/components/Scopes/ScopeForm.js
@@ -32,7 +32,8 @@ function ScopeForm({ scope, scripts, attributes, handleSubmit }) {
     .filter((item) => item.scriptType == 'DYNAMIC_SCOPE')
     .filter((item) => item.enabled)
     .map((item) => ({ dn: item.dn, name: item.name }))
-  claims = attributes.map((item) => ({ dn: item.dn, name: item.name }))
+  claims = attributes.map((item) => ({ dn: item.dn, name: item.displayName }))
+
   const [init, setInit] = useState(false)
   const [modal, setModal] = useState(false)
   const [showClaimsPanel, handleClaimsPanel] = useState(
diff --git a/admin-ui/plugins/auth-server/redux/reducers/ScopeReducer.js b/admin-ui/plugins/auth-server/redux/reducers/ScopeReducer.js
index edc9324dc..4701f5386 100644
--- a/admin-ui/plugins/auth-server/redux/reducers/ScopeReducer.js
+++ b/admin-ui/plugins/auth-server/redux/reducers/ScopeReducer.js
@@ -20,6 +20,8 @@ const INIT_STATE = {
   items: [],
   item: {},
   loading: false,
+  saveOperationFlag: false,
+  errorInSaveOperationFlag: false,
 }
 
 const reducerName = 'scopeReducer'
@@ -73,9 +75,16 @@ export default function scopeReducer(state = INIT_STATE, action) {
           ...state,
           items: [...state.items],
           loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: false,
         }
       } else {
-        return handleDefault()
+        return {
+          ...state,
+          loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: true,
+        }
       }
 
     case EDIT_SCOPE:
@@ -87,9 +96,16 @@ export default function scopeReducer(state = INIT_STATE, action) {
           ...state,
           items: [...state.items],
           loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: false,
         }
       } else {
-        return handleDefault()
+        return {
+          ...state,
+          loading: false,
+          saveOperationFlag: true,
+          errorInSaveOperationFlag: true,
+        }
       }
     case DELETE_SCOPE:
       return handleLoading()
@@ -123,12 +139,16 @@ export default function scopeReducer(state = INIT_STATE, action) {
     return {
       ...state,
       loading: true,
+      saveOperationFlag: false,
+      errorInSaveOperationFlag: false,
     }
   }
   function handleDefault() {
     return {
       ...state,
       loading: false,
+      saveOperationFlag: false,
+      errorInSaveOperationFlag: false,
     }
   }
 }

From ac8b572596e9b2d662fb0e024180c9d940751d63 Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Mon, 14 Mar 2022 16:03:03 +0530
Subject: [PATCH 041/101] feat: add acrValues property in admin-ui
 configuration. #1016

---
 .../flex_linux_setup/templates/auiConfiguration.properties      | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/flex-linux-setup/flex_linux_setup/templates/auiConfiguration.properties b/flex-linux-setup/flex_linux_setup/templates/auiConfiguration.properties
index 9f936bf06..76fe65fa5 100644
--- a/flex-linux-setup/flex_linux_setup/templates/auiConfiguration.properties
+++ b/flex-linux-setup/flex_linux_setup/templates/auiConfiguration.properties
@@ -2,6 +2,7 @@ authserver.clientId=%(role_based_client_id)s
 authserver.clientSecret=%(role_based_client_pw)s
 authserver.authzBaseUrl=https://%(hostname)s/jans-auth/restv1/authorize
 authserver.scope=openid+profile+email+user_name
+authserver.acrValues=basic
 authserver.redirectUrl=https://%(hostname)s/admin
 authserver.frontChannelLogoutUrl=https://%(hostname)s/admin/logout
 authserver.postLogoutRedirectUri=https://%(hostname)s/admin
@@ -14,6 +15,7 @@ tokenServer.clientId=%(role_based_client_id)s
 tokenServer.clientSecret=%(role_based_client_pw)s
 tokenServer.authzBaseUrl=https://%(hostname)s/jans-auth/restv1/authorize
 tokenServer.scope=openid+profile+email+user_name
+tokenServer.acrValues=basic
 tokenServer.redirectUrl=https://%(hostname)s/admin
 tokenServer.logoutUrl=https://%(hostname)s/admin
 tokenServer.tokenEndpoint=https://%(hostname)s/jans-auth/restv1/token

From 79716a35706394af2292e53c92e00eb91be87a05 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Mon, 14 Mar 2022 11:06:53 +0000
Subject: [PATCH 042/101] chore: prepare for beta release

---
 docker-admin-ui/Dockerfile                    |   2 +-
 .../kubernetes/templates/helm/gluu/Chart.yaml |  48 ++++----
 .../kubernetes/templates/helm/gluu/README.md  |  76 ++++++------
 .../helm/gluu/charts/admin-ui/Chart.yaml      |   2 +-
 .../helm/gluu/charts/admin-ui/README.md       |   4 +-
 .../helm/gluu/charts/admin-ui/values.yaml     |   2 +-
 .../auth-server-key-rotation/Chart.yaml       |   2 +-
 .../charts/auth-server-key-rotation/README.md |   4 +-
 .../auth-server-key-rotation/values.yaml      |   2 +-
 .../helm/gluu/charts/auth-server/Chart.yaml   |   2 +-
 .../helm/gluu/charts/auth-server/README.md    |   4 +-
 .../auth-server-virtual-services.yaml         |  36 +++++-
 .../helm/gluu/charts/auth-server/values.yaml  |   2 +-
 .../helm/gluu/charts/casa/Chart.yaml          |   2 +-
 .../templates/helm/gluu/charts/casa/README.md |   2 +-
 .../helm/gluu/charts/client-api/Chart.yaml    |   2 +-
 .../helm/gluu/charts/client-api/README.md     |   4 +-
 .../helm/gluu/charts/client-api/values.yaml   |   2 +-
 .../gluu/charts/cn-istio-ingress/Chart.yaml   |   2 +-
 .../gluu/charts/cn-istio-ingress/README.md    |   2 +-
 .../helm/gluu/charts/config-api/Chart.yaml    |   2 +-
 .../helm/gluu/charts/config-api/README.md     |   4 +-
 .../helm/gluu/charts/config-api/values.yaml   |   2 +-
 .../helm/gluu/charts/config/Chart.yaml        |   2 +-
 .../helm/gluu/charts/config/README.md         |   4 +-
 .../helm/gluu/charts/config/values.yaml       |   2 +-
 .../helm/gluu/charts/fido2/Chart.yaml         |   2 +-
 .../helm/gluu/charts/fido2/README.md          |   4 +-
 .../templates/fido2-virtual-services.yaml     |   2 +-
 .../helm/gluu/charts/fido2/values.yaml        |   2 +-
 .../helm/gluu/charts/nginx-ingress/Chart.yaml |   2 +-
 .../helm/gluu/charts/nginx-ingress/README.md  |  10 +-
 .../nginx-ingress/templates/ingress.yaml      | 115 ++++++++++++++++++
 .../gluu/charts/nginx-ingress/values.yaml     |  12 ++
 .../helm/gluu/charts/opendj/Chart.yaml        |   2 +-
 .../helm/gluu/charts/opendj/README.md         |   2 +-
 .../helm/gluu/charts/oxpassport/Chart.yaml    |   2 +-
 .../helm/gluu/charts/oxpassport/README.md     |   2 +-
 .../helm/gluu/charts/oxshibboleth/Chart.yaml  |   2 +-
 .../helm/gluu/charts/oxshibboleth/README.md   |   2 +-
 .../helm/gluu/charts/persistence/Chart.yaml   |   2 +-
 .../helm/gluu/charts/persistence/README.md    |   4 +-
 .../helm/gluu/charts/persistence/values.yaml  |   2 +-
 .../helm/gluu/charts/scim/Chart.yaml          |   2 +-
 .../templates/helm/gluu/charts/scim/README.md |   4 +-
 .../scim/templates/scim-virtual-services.yaml |   4 +-
 .../helm/gluu/charts/scim/values.yaml         |   2 +-
 .../helm/gluu/openbanking-values.yaml         |   8 +-
 .../templates/helm/gluu/values.yaml           |  30 +++--
 .../kubernetes/templates/helm/index.yaml      | 115 +++++++++++++++++-
 50 files changed, 417 insertions(+), 135 deletions(-)

diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile
index bfcc984c1..61953f742 100644
--- a/docker-admin-ui/Dockerfile
+++ b/docker-admin-ui/Dockerfile
@@ -28,7 +28,7 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 # TODO:
 # - use NODE_ENV=production
 # - download build package (not git clone)
-ENV ADMIN_UI_VERSION=415facf22ab3a4f98886139578aad78fbd4b19c1
+ENV ADMIN_UI_VERSION=6c599304ae0167f925caf0474eac929e7ed162fb
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the admin-ui code
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml
index 83e353d96..ed28a363b 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml
@@ -5,23 +5,23 @@ annotations:
   artifacthub.io/containsSecurityUpdates: "true"
   artifacthub.io/images: |
     - name: auth-server
-      image: janssenproject/auth-server:1.0.0-beta.15
+      image: janssenproject/auth-server:1.0.0-beta.16
     - name: auth-server-key-rotation
-      image: janssenproject/certmanager:1.0.0-beta.15
+      image: janssenproject/certmanager:1.0.0-beta.16
     - name:  client-api
-      image: janssenproject/client-api:1.0.0-beta.15
+      image: janssenproject/client-api:1.0.0-beta.16
     - name: configuration-manager
-      image: janssenproject/configurator:1.0.0-beta.15
+      image: janssenproject/configurator:1.0.0-beta.16
     - name:  config-api
-      image: janssenproject/config-api:1.0.0-beta.15
+      image: janssenproject/config-api:1.0.0-beta.16
     - name: fido2
-      image: janssenproject/fido2:1.0.0-beta.15
+      image: janssenproject/fido2:1.0.0-beta.16
     - name: opendj
       image: gluufederation/opendj:5.0.0_dev
     - name: persistence
-      image: janssenproject/persistence-loader:1.0.0-beta.15
+      image: janssenproject/persistence-loader:1.0.0-beta.16
     - name: scim
-      image: janssenproject/scim:1.0.0-beta.15
+      image: janssenproject/scim:1.0.0-beta.16
   artifacthub.io/license: Apache-2.0
   artifacthub.io/prerelease: "true"
   catalog.cattle.io/certified: partner
@@ -39,64 +39,64 @@ maintainers:
   email: support@gluu.org
 description: Gluu Access and Identity Management
 name: gluu
-version: 5.0.2
+version: 5.0.3
 dependencies:
     - name: config
       condition: global.config.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: config-api
       condition: global.config-api.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: opendj
       condition: global.opendj.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: auth-server
       condition: global.auth-server.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: admin-ui
       condition: global.admin-ui.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: fido2
       condition: global.fido2.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: scim
       condition: global.scim.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: nginx-ingress
       condition: global.nginx-ingress.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: oxshibboleth
       condition: global.oxshibboleth.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: oxpassport
-      version: 5.0.2
+      version: 5.0.3
       condition: global.oxpassport.enabled
 
     - name: casa
-      version: 5.0.2
+      version: 5.0.3
       condition: global.casa.enabled
 
     - name: auth-server-key-rotation
       condition: global.auth-server-key-rotation.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: client-api
       condition: global.client-api.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: persistence
       condition: global.persistence.enabled
-      version: 5.0.2
+      version: 5.0.3
 
     - name: cn-istio-ingress
       condition: global.istio.ingress
-      version: 5.0.2
+      version: 5.0.3
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md
index 9c88930c4..60e319686 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md
@@ -1,6 +1,6 @@
 # gluu
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Gluu Access and Identity Management
 
@@ -23,27 +23,27 @@ Kubernetes: `>=v1.21.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | admin-ui | 5.0.2 |
-|  | auth-server | 5.0.2 |
-|  | auth-server-key-rotation | 5.0.2 |
-|  | casa | 5.0.2 |
-|  | client-api | 5.0.2 |
-|  | cn-istio-ingress | 5.0.2 |
-|  | config | 5.0.2 |
-|  | config-api | 5.0.2 |
-|  | fido2 | 5.0.2 |
-|  | nginx-ingress | 5.0.2 |
-|  | opendj | 5.0.2 |
-|  | oxpassport | 5.0.2 |
-|  | oxshibboleth | 5.0.2 |
-|  | persistence | 5.0.2 |
-|  | scim | 5.0.2 |
+|  | admin-ui | 5.0.3 |
+|  | auth-server | 5.0.3 |
+|  | auth-server-key-rotation | 5.0.3 |
+|  | casa | 5.0.3 |
+|  | client-api | 5.0.3 |
+|  | cn-istio-ingress | 5.0.3 |
+|  | config | 5.0.3 |
+|  | config-api | 5.0.3 |
+|  | fido2 | 5.0.3 |
+|  | nginx-ingress | 5.0.3 |
+|  | opendj | 5.0.3 |
+|  | oxpassport | 5.0.3 |
+|  | oxshibboleth | 5.0.3 |
+|  | persistence | 5.0.3 |
+|  | scim | 5.0.3 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.0-beta.15"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server |
+| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.0-beta.16"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server |
 | admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | admin-ui.dnsConfig | object | `{}` | Add custom dns config |
@@ -54,7 +54,7 @@ Kubernetes: `>=v1.21.0-0`
 | admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | admin-ui.image.repository | string | `"gluufederation/admin-ui"` | Image  to use for deploying. |
-| admin-ui.image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| admin-ui.image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. |
 | admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. |
 | admin-ui.replicas | int | `1` | Service replica number. |
@@ -68,8 +68,8 @@ Kubernetes: `>=v1.21.0-0`
 | admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
 | admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
 | admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.0-beta.15"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. |
-| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.0-beta.15"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
+| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.0-beta.16"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. |
+| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.0-beta.16"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
 | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config |
@@ -77,7 +77,7 @@ Kubernetes: `>=v1.21.0-0`
 | auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image  to use for deploying. |
-| auth-server-key-rotation.image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| auth-server-key-rotation.image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours |
 | auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
 | auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. |
@@ -99,7 +99,7 @@ Kubernetes: `>=v1.21.0-0`
 | auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | auth-server.image.repository | string | `"janssenproject/auth-server"` | Image  to use for deploying. |
-| auth-server.image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| auth-server.image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
 | auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py |
 | auth-server.readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py |
@@ -141,7 +141,7 @@ Kubernetes: `>=v1.21.0-0`
 | casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
 | casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
 | casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| client-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/client-api","tag":"1.0.0-beta.15"},"livenessProbe":{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. |
+| client-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/client-api","tag":"1.0.0-beta.16"},"livenessProbe":{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. |
 | client-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | client-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | client-api.dnsConfig | object | `{}` | Add custom dns config |
@@ -152,7 +152,7 @@ Kubernetes: `>=v1.21.0-0`
 | client-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | client-api.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | client-api.image.repository | string | `"janssenproject/client-api"` | Image  to use for deploying. |
-| client-api.image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| client-api.image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | client-api.livenessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
 | client-api.livenessProbe.exec | object | `{"command":["curl","-k","https://localhost:8443/health-check"]}` | Executes the python3 healthcheck. |
 | client-api.readinessProbe | object | `{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. |
@@ -167,8 +167,8 @@ Kubernetes: `>=v1.21.0-0`
 | client-api.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
 | client-api.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
 | client-api.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"gluu","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"gluu","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.0-beta.15"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. |
-| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.0-beta.15"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). |
+| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"gluu","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"gluu","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.0-beta.16"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. |
+| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.0-beta.16"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). |
 | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | config-api.dnsConfig | object | `{}` | Add custom dns config |
@@ -179,7 +179,7 @@ Kubernetes: `>=v1.21.0-0`
 | config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | config-api.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | config-api.image.repository | string | `"janssenproject/config-api"` | Image  to use for deploying. |
-| config-api.image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| config-api.image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
 | config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint |
 | config-api.readinessProbe.httpGet | object | `{"path":"jans-config-api/api/v1/health/ready","port":8074}` | http readiness probe endpoint |
@@ -245,7 +245,7 @@ Kubernetes: `>=v1.21.0-0`
 | config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. |
 | config.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | config.image.repository | string | `"janssenproject/configurator"` | Image  to use for deploying. |
-| config.image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| config.image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. |
 | config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section |
 | config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE |
@@ -264,7 +264,7 @@ Kubernetes: `>=v1.21.0-0`
 | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 |
 | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
 | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.0-beta.15"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. |
+| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.0-beta.16"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. |
 | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | fido2.dnsConfig | object | `{}` | Add custom dns config |
@@ -275,7 +275,7 @@ Kubernetes: `>=v1.21.0-0`
 | fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | fido2.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | fido2.image.repository | string | `"janssenproject/fido2"` | Image  to use for deploying. |
-| fido2.image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| fido2.image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. |
 | fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint |
 | fido2.readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. |
@@ -414,7 +414,7 @@ Kubernetes: `>=v1.21.0-0`
 | global.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 |
 | global.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 |
 | installer-settings | object | `{"acceptLicense":"","aws":{"arn":{"arnAcmCert":"","enabled":""},"lbType":"","vpcCidr":"0.0.0.0/0"},"confirmSettings":false,"couchbase":{"backup":{"fullSchedule":"","incrementalSchedule":"","retentionTime":"","storageSize":""},"clusterName":"","commonName":"","customFileOverride":"","install":"","lowResourceInstall":"","namespace":"","subjectAlternativeName":"","totalNumberOfExpectedTransactionsPerSec":"","totalNumberOfExpectedUsers":"","volumeType":""},"currentVersion":"","google":{"useSecretManager":""},"images":{"edit":""},"ldap":{"backup":{"fullSchedule":""},"multiClusterIds":[],"subsequentCluster":""},"namespace":"","nginxIngress":{"namespace":"","releaseName":""},"nodes":{"ips":"","names":"","zones":""},"openbanking":{"cnObTransportTrustStoreP12password":"","hasCnObTransportTrustStore":false},"postgres":{"install":"","namespace":""},"redis":{"install":"","namespace":""},"releaseName":"","sql":{"install":"","namespace":""},"upgrade":{"image":{"repository":"","tag":""},"targetVersion":""},"volumeProvisionStrategy":""}` | Only used by the installer. These settings do not affect nor are used by the chart |
-| nginx-ingress | object | `{"ingress":{"additionalAnnotations":{},"additionalLabels":{},"adminUiAdditionalAnnotations":{},"adminUiEnabled":false,"adminUiLabels":{},"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"authServerProtectedRegister":false,"authServerProtectedRegisterAdditionalAnnotations":{},"authServerProtectedRegisterLabels":{},"authServerProtectedToken":false,"authServerProtectedTokenAdditionalAnnotations":{},"authServerProtectedTokenLabels":{},"casaAdditionalAnnotations":{},"casaEnabled":false,"casaLabels":{},"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"hosts":["demoexample.gluu.org"],"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"path":"/","scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{},"tls":[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}],"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}}}` | Nginx ingress definitions chart |
+| nginx-ingress | object | `{"ingress":{"additionalAnnotations":{},"additionalLabels":{},"adminUiAdditionalAnnotations":{},"adminUiEnabled":false,"adminUiLabels":{},"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"authServerProtectedRegister":false,"authServerProtectedRegisterAdditionalAnnotations":{},"authServerProtectedRegisterLabels":{},"authServerProtectedToken":false,"authServerProtectedTokenAdditionalAnnotations":{},"authServerProtectedTokenLabels":{},"casaAdditionalAnnotations":{},"casaEnabled":false,"casaLabels":{},"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"hosts":["demoexample.gluu.org"],"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"path":"/","scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{},"tls":[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}],"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}}}` | Nginx ingress definitions chart |
 | nginx-ingress.ingress.additionalAnnotations | object | `{}` | Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" Specify if certificates are passed to upstream server nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" |
 | nginx-ingress.ingress.additionalLabels | object | `{}` | Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} |
 | nginx-ingress.ingress.adminUiAdditionalAnnotations | object | `{}` | openid-configuration ingress resource additional annotations. |
@@ -434,9 +434,15 @@ Kubernetes: `>=v1.21.0-0`
 | nginx-ingress.ingress.casaLabels | object | `{}` | Casa ingress resource labels. key app is taken |
 | nginx-ingress.ingress.configApiAdditionalAnnotations | object | `{}` | ConfigAPI ingress resource additional annotations. |
 | nginx-ingress.ingress.configApiLabels | object | `{}` | configAPI ingress resource labels. key app is taken |
+| nginx-ingress.ingress.deviceCodeAdditionalAnnotations | object | `{}` | device-code ingress resource additional annotations. |
+| nginx-ingress.ingress.deviceCodeEnabled | bool | `true` | Enable endpoint /device-code |
+| nginx-ingress.ingress.deviceCodeLabels | object | `{}` | device-code ingress resource labels. key app is taken |
 | nginx-ingress.ingress.fido2ConfigAdditionalAnnotations | object | `{}` | fido2 config ingress resource additional annotations. |
 | nginx-ingress.ingress.fido2ConfigEnabled | bool | `false` | Enable endpoint /.well-known/fido2-configuration |
 | nginx-ingress.ingress.fido2ConfigLabels | object | `{}` | fido2 config ingress resource labels. key app is taken |
+| nginx-ingress.ingress.firebaseMessagingAdditionalAnnotations | object | `{}` | Firebase Messaging ingress resource additional annotations. |
+| nginx-ingress.ingress.firebaseMessagingEnabled | bool | `true` | Enable endpoint /firebase-messaging-sw.js |
+| nginx-ingress.ingress.firebaseMessagingLabels | object | `{}` | Firebase Messaging ingress resource labels. key app is taken |
 | nginx-ingress.ingress.openidAdditionalAnnotations | object | `{}` | openid-configuration ingress resource additional annotations. |
 | nginx-ingress.ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration |
 | nginx-ingress.ingress.openidConfigLabels | object | `{}` | openid-configuration ingress resource labels. key app is taken |
@@ -548,7 +554,7 @@ Kubernetes: `>=v1.21.0-0`
 | oxshibboleth.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
 | oxshibboleth.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
 | oxshibboleth.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.0-beta.15"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and intial config for Gluu Server persistence layer. |
+| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.0-beta.16"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and intial config for Gluu Server persistence layer. |
 | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | persistence.dnsConfig | object | `{}` | Add custom dns config |
@@ -556,7 +562,7 @@ Kubernetes: `>=v1.21.0-0`
 | persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | persistence.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image  to use for deploying. |
-| persistence.image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| persistence.image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
 | persistence.resources.limits.cpu | string | `"300m"` | CPU limit |
 | persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. |
@@ -567,7 +573,7 @@ Kubernetes: `>=v1.21.0-0`
 | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
 | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
 | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.0-beta.15"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 |
+| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.0-beta.16"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 |
 | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | scim.dnsConfig | object | `{}` | Add custom dns config |
@@ -578,7 +584,7 @@ Kubernetes: `>=v1.21.0-0`
 | scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | scim.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | scim.image.repository | string | `"janssenproject/scim"` | Image  to use for deploying. |
-| scim.image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| scim.image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. |
 | scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint |
 | scim.readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml
index f80bcac18..63c113ed2 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml
@@ -1,7 +1,7 @@
 # All Rights Reserved © 2021
 apiVersion: v2
 name: admin-ui
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Admin GUI. Requires license.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md
index 657522181..51554e79f 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md
@@ -1,6 +1,6 @@
 # admin-ui
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Admin GUI. Requires license.
 
@@ -35,7 +35,7 @@ Kubernetes: `>=v1.21.0-0`
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"gluufederation/admin-ui"` | Image  to use for deploying. |
-| image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. |
 | readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. |
 | replicas | int | `1` | Service replica number. |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml
index a03e0210e..54d622f94 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml
@@ -28,7 +28,7 @@ image:
   # -- Image  to use for deploying.
   repository:  gluufederation/admin-ui
   # -- Image  tag to use for deploying.
-  tag: 1.0.0-beta.15
+  tag: 1.0.0-beta.16
   # -- Image Pull Secrets
   pullSecrets: [ ]
 # -- Service replica number.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml
index f83630ae6..cae609e50 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: auth-server-key-rotation
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Responsible for regenerating auth-keys per x hours
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md
index 24ece4677..3cb07d314 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md
@@ -1,6 +1,6 @@
 # auth-server-key-rotation
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Responsible for regenerating auth-keys per x hours
 
@@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0`
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"janssenproject/certmanager"` | Image  to use for deploying. |
-| image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | keysLife | int | `48` | Auth server key rotation keys life in hours |
 | nodeSelector | object | `{}` |  |
 | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml
index cd029dea4..e48661c5b 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml
@@ -18,7 +18,7 @@ image:
   # -- Image  to use for deploying.
   repository: janssenproject/certmanager
   # -- Image  tag to use for deploying.
-  tag: 1.0.0-beta.15
+  tag: 1.0.0-beta.16
   # -- Image Pull Secrets
   pullSecrets: [ ]
 # -- Auth server key rotation keys life in hours
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml
index b9a285c31..ac40f256d 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: auth-server
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md
index 4e5068bb6..f32e0e86b 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md
@@ -1,6 +1,6 @@
 # auth-server
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.
 
@@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0`
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"janssenproject/auth-server"` | Image  to use for deploying. |
-| image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
 | livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py |
 | readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-virtual-services.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-virtual-services.yaml
index 352f3dcc5..67d9e8ba8 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-virtual-services.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-virtual-services.yaml
@@ -26,7 +26,31 @@ spec:
     - uri:
         prefix: "/.well-known/openid-configuration"
     rewrite:
-      uri: "/auth-server/.well-known/openid-configuration"
+      uri: "/jans-auth/.well-known/openid-configuration"
+    route:
+      - destination:
+          host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local
+          port:
+            number: 8080
+        weight: 100
+  - name: "{{ .Release.Name }}-istio-device-code"
+    match:
+    - uri:
+        prefix: "/device-code"
+    rewrite:
+      uri: "/jans-auth/device_authorization.htm"
+    route:
+      - destination:
+          host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local
+          port:
+            number: 8080
+        weight: 100
+  - name: "{{ .Release.Name }}-istio-firebase-messaging"
+    match:
+    - uri:
+        prefix: "/firebase-messaging-sw.js"
+    rewrite:
+      uri: "/jans-auth/firebase-messaging-sw.js"
     route:
       - destination:
           host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local
@@ -38,7 +62,7 @@ spec:
     - uri:
         prefix: "/.well-known/uma2-configuration"
     rewrite:
-      uri: "/auth-server/restv1/uma2-configuration"
+      uri: "/jans-auth/restv1/uma2-configuration"
     route:
       - destination:
           host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local
@@ -50,7 +74,7 @@ spec:
     - uri:
         prefix: "/.well-known/simple-web-discovery"
     rewrite:
-      uri: "/auth-server/.well-known/simple-web-discovery"
+      uri: "/jans-auth/.well-known/simple-web-discovery"
     route:
     - destination:
         host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local
@@ -60,7 +84,7 @@ spec:
   - name: "{{ .Release.Name }}-istio-cn"
     match:
     - uri:
-        prefix: "/auth-server"
+        prefix: "/jans-auth"
     route:
     - destination:
         host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local
@@ -71,7 +95,7 @@ spec:
     - uri:
         prefix: "/.well-known/webfinger"
     rewrite:
-      uri: "/auth-server/.well-known/webfinger"
+      uri: "/jans-auth/.well-known/webfinger"
     route:
     - destination:
         host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local
@@ -83,7 +107,7 @@ spec:
     - uri:
         prefix: "/.well-known/fido-configuration"
     rewrite:
-      uri: "/auth-server/restv1/fido-configuration"
+      uri: "/jans-auth/restv1/fido-configuration"
     route:
     - destination:
         host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml
index 5a728aba2..02d7e7298 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml
@@ -28,7 +28,7 @@ image:
   # -- Image  to use for deploying.
   repository:  janssenproject/auth-server
   # -- Image  tag to use for deploying.
-  tag: 1.0.0-beta.15
+  tag: 1.0.0-beta.16
   # -- Image Pull Secrets
   pullSecrets: [ ]
 # -- Service replica number.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml
index 699e38a52..19e19ac2e 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: casa
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md
index 86f3cede3..69978c025 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md
@@ -1,6 +1,6 @@
 # casa
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.
 
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/Chart.yaml
index 33296b614..640f7f2ec 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: client-api
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/README.md
index f71c7faa6..d589c9d89 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/README.md
@@ -1,6 +1,6 @@
 # client-api
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting.
 
@@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0`
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"janssenproject/client-api"` | Image  to use for deploying. |
-| image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | livenessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
 | livenessProbe.exec | object | `{"command":["curl","-k","https://localhost:8443/health-check"]}` | Executes the python3 healthcheck. |
 | nodeSelector | object | `{}` |  |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/values.yaml
index 3f34c1dc7..c956c5e2d 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/client-api/values.yaml
@@ -28,7 +28,7 @@ image:
   # -- Image  to use for deploying.
   repository: janssenproject/client-api
   # -- Image  tag to use for deploying.
-  tag: 1.0.0-beta.15
+  tag: 1.0.0-beta.16
   # -- Image Pull Secrets
   pullSecrets: [ ]
 # -- Service replica number.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml
index 0149ab529..4b5942b66 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name:  cn-istio-ingress
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Istio Gateway
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md
index a7cb2352f..67c448c5e 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md
@@ -1,6 +1,6 @@
 # cn-istio-ingress
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Istio Gateway
 
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml
index 7b4390a61..79f731906 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: config-api
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md
index 132e912ba..1b53fcc91 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md
@@ -1,6 +1,6 @@
 # config-api
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)
 
@@ -38,7 +38,7 @@ Kubernetes: `>=v1.21.0-0`
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"janssenproject/config-api"` | Image  to use for deploying. |
-| image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
 | livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py |
 | nameOverride | string | `""` |  |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml
index 62ccec011..4a4704a93 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml
@@ -33,7 +33,7 @@ image:
   # -- Image  to use for deploying.
   repository: janssenproject/config-api
   # -- Image  tag to use for deploying.
-  tag: 1.0.0-beta.15
+  tag: 1.0.0-beta.16
   # -- Image Pull Secrets
   pullSecrets: [ ]
 # -- Service replica number.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml
index f02046748..8bf0296ec 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: config
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Configuration parameters for setup and initial configuration secret and config layers used by Gluu services.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md
index 1a9c5115c..9f1ab7b57 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md
@@ -1,6 +1,6 @@
 # config
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Configuration parameters for setup and initial configuration secret and config layers used by Gluu services.
 
@@ -78,7 +78,7 @@ Kubernetes: `>=v1.21.0-0`
 | fullNameOverride | string | `""` |  |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"janssenproject/configurator"` | Image  to use for deploying. |
-| image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. |
 | migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section |
 | migration.enabled | bool | `false` | Boolean flag to enable migration from CE |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml
index ee42c37f8..9b27aa1b8 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml
@@ -108,7 +108,7 @@ image:
   # -- Image  to use for deploying.
   repository: janssenproject/configurator
   # -- Image  tag to use for deploying.
-  tag: 1.0.0-beta.15
+  tag: 1.0.0-beta.16
   # -- Image Pull Secrets
   pullSecrets: [ ]
 # -- LDAP admin password if OpennDJ is used for persistence.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml
index 4c8a3e436..12d3e55c7 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: fido2
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md
index 7f5e757ec..89637e6ef 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md
@@ -1,6 +1,6 @@
 # fido2
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.
 
@@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0`
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"janssenproject/fido2"` | Image  to use for deploying. |
-| image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. |
 | livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint |
 | readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml
index ab39bcc63..970ab7780 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml
@@ -26,7 +26,7 @@ spec:
     - uri:
         prefix: /.well-known/fido2-configuration
     rewrite:
-      uri: /fido2/restv1/fido2/configuration
+      uri: /jans-fido2/restv1/fido2/configuration
     route:
     - destination:
         host: {{ .Values.global.fido2.fido2ServiceName }}.{{.Release.Namespace}}.svc.cluster.local
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml
index e1d14f189..c53add559 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml
@@ -29,7 +29,7 @@ image:
   # -- Image  to use for deploying.
   repository: janssenproject/fido2
   # -- Image  tag to use for deploying.
-  tag: 1.0.0-beta.15
+  tag: 1.0.0-beta.16
   # -- Image Pull Secrets
   pullSecrets: [ ]
 # -- Service replica number.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml
index ef39ca036..b4984e902 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: nginx-ingress
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Nginx ingress definitions chart
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md
index 4a3f36a1e..b22715480 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md
@@ -1,6 +1,6 @@
 # nginx-ingress
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Nginx ingress definitions chart
 
@@ -27,18 +27,24 @@ Kubernetes: `>=v1.21.0-0`
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | fullnameOverride | string | `""` |  |
-| ingress | object | `{"additionalAnnotations":{"kubernetes.io/ingress.class":"nginx"},"additionalLabels":{},"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"enabled":true,"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{},"hosts":["demoexample.gluu.org"],"legacy":false,"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"path":"/","scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{},"tls":[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}],"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}}` | Nginx ingress definitions chart |
+| ingress | object | `{"additionalAnnotations":{"kubernetes.io/ingress.class":"nginx"},"additionalLabels":{},"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"enabled":true,"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"hosts":["demoexample.gluu.org"],"legacy":false,"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"path":"/","scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{},"tls":[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}],"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}}` | Nginx ingress definitions chart |
 | ingress.additionalAnnotations | object | `{"kubernetes.io/ingress.class":"nginx"}` | Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" Specify if certificates are passed to upstream server nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" |
 | ingress.additionalAnnotations."kubernetes.io/ingress.class" | string | `"nginx"` | Required annotation below. Use kubernetes.io/ingress.class: "public" for microk8s. |
 | ingress.additionalLabels | object | `{}` | Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} |
 | ingress.authServerAdditionalAnnotations | object | `{}` | Auth server ingress resource additional annotations. |
 | ingress.authServerEnabled | bool | `true` | Enable Auth server endpoints /oxauth |
 | ingress.authServerLabels | object | `{}` | Auth server config ingress resource labels. key app is taken |
+| ingress.deviceCodeAdditionalAnnotations | object | `{}` | device-code ingress resource additional annotations. |
+| ingress.deviceCodeEnabled | bool | `true` | Enable endpoint /device-code |
+| ingress.deviceCodeLabels | object | `{}` | device-code ingress resource labels. key app is taken |
 | ingress.fido2ConfigAdditionalAnnotations | object | `{}` | fido2 config ingress resource additional annotations. |
 | ingress.fido2ConfigEnabled | bool | `false` | Enable endpoint /.well-known/fido2-configuration |
 | ingress.fido2ConfigLabels | object | `{}` | fido2 config ingress resource labels. key app is taken |
 | ingress.fido2Enabled | bool | `false` | Enable all fido2 endpoints |
 | ingress.fido2Labels | object | `{}` | fido2 ingress resource labels. key app is taken |
+| ingress.firebaseMessagingAdditionalAnnotations | object | `{}` | Firebase Messaging ingress resource additional annotations. |
+| ingress.firebaseMessagingEnabled | bool | `true` | Enable endpoint /firebase-messaging-sw.js |
+| ingress.firebaseMessagingLabels | object | `{}` | Firebase Messaging ingress resource labels. key app is taken |
 | ingress.legacy | bool | `false` | Enable use of legacy API version networking.k8s.io/v1beta1 to support kubernetes 1.18. This flag should be removed next version release along with nginx-ingress/templates/ingress-legacy.yaml. |
 | ingress.openidAdditionalAnnotations | object | `{}` | openid-configuration ingress resource additional annotations. |
 | ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/templates/ingress.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/templates/ingress.yaml
index c190f43b2..894ccedf8 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/templates/ingress.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/templates/ingress.yaml
@@ -56,6 +56,121 @@ spec:
 
 ---
 
+{{ if .Values.ingress.deviceCodeEnabled -}}
+{{ $fullName := include "nginx-ingress.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-device-code
+  labels:
+    app: {{ $fullName }}-device-code
+{{- if .Values.ingress.additionalLabels }}
+{{ toYaml .Values.ingress.additionalLabels | indent 4 }}
+{{- end }}
+{{- if .Values.ingress.deviceCodeLabels }}
+{{ toYaml .Values.ingress.deviceCodeLabels | indent 4 }}
+{{- end }}
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /device-code /jans-auth/device_authorization.htm$1 break;"
+    nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/device_authorization.htm
+{{- if .Values.ingress.deviceCodeAdditionalAnnotations }}
+{{ toYaml .Values.ingress.deviceCodeAdditionalAnnotations | indent 4 }}
+{{- end }}
+{{- if .Values.ingress.additionalAnnotations }}
+{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+  {{- $host := . -}}
+  {{- with $ }}
+    - host: {{ $host | quote }}
+      http:
+        paths:
+          - path: /device-code
+            pathType: Exact
+            backend:
+              service:
+                name: {{ index .Values "global" "auth-server" "authServerServiceName" }}
+                port:
+                  number: 8080
+  {{- end }}
+  {{- end }}
+{{- end }}
+
+---
+
+{{ if .Values.ingress.firebaseMessagingEnabled -}}
+{{ $fullName := include "nginx-ingress.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-firebase-messaging
+  labels:
+    app: {{ $fullName }}-firebase-messaging
+{{- if .Values.ingress.additionalLabels }}
+{{ toYaml .Values.ingress.additionalLabels | indent 4 }}
+{{- end }}
+{{- if .Values.ingress.firebaseMessagingLabels }}
+{{ toYaml .Values.ingress.firebaseMessagingLabels | indent 4 }}
+{{- end }}
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /firebase-messaging-sw.js /jans-auth/firebase-messaging-sw.js$1 break;"
+    nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/firebase-messaging-sw.js
+{{- if .Values.ingress.firebaseMessagingAdditionalAnnotations }}
+{{ toYaml .Values.ingress.firebaseMessagingAdditionalAnnotations | indent 4 }}
+{{- end }}
+{{- if .Values.ingress.additionalAnnotations }}
+{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+  {{- $host := . -}}
+  {{- with $ }}
+    - host: {{ $host | quote }}
+      http:
+        paths:
+          - path: /firebase-messaging-sw.js
+            pathType: Exact
+            backend:
+              service:
+                name: {{ index .Values "global" "auth-server" "authServerServiceName" }}
+                port:
+                  number: 8080
+  {{- end }}
+  {{- end }}
+{{- end }}
+
+---
 {{ if .Values.ingress.uma2ConfigEnabled -}}
 {{ $fullName := include "nginx-ingress.fullname" . -}}
 {{- $ingressPath := .Values.ingress.path -}}
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/values.yaml
index 5f67a0e23..4a1f865df 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/values.yaml
@@ -11,6 +11,18 @@ ingress:
   openidConfigLabels: { }
   # -- openid-configuration ingress resource additional annotations.
   openidAdditionalAnnotations: { }
+  # -- Enable endpoint /device-code
+  deviceCodeEnabled: true
+  # -- device-code ingress resource labels. key app is taken
+  deviceCodeLabels: { }
+  # -- device-code ingress resource additional annotations.
+  deviceCodeAdditionalAnnotations: { }
+  # -- Enable endpoint /firebase-messaging-sw.js
+  firebaseMessagingEnabled: true
+  # -- Firebase Messaging ingress resource labels. key app is taken
+  firebaseMessagingLabels: { }
+  # -- Firebase Messaging ingress resource additional annotations.
+  firebaseMessagingAdditionalAnnotations: { }
   # -- Enable endpoint /.well-known/uma2-configuration
   uma2ConfigEnabled: true
   # -- uma 2 config ingress resource labels. key app is taken
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml
index b674289ac..a23aec1c2 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: opendj
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md
index 023782c94..f8a716339 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md
@@ -1,6 +1,6 @@
 # opendj
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.
 
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml
index 6e63ed8fc..27750e282 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: oxpassport
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Gluu interface to Passport.js to support social login and inbound identity.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md
index 45777848b..4308f58f0 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md
@@ -1,6 +1,6 @@
 # oxpassport
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Gluu interface to Passport.js to support social login and inbound identity.
 
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml
index ae7e4d8b1..ae0dad72f 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: oxshibboleth
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Shibboleth project for the Gluu Server's SAML IDP functionality.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md
index 8e235df1c..6abc31ac1 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md
@@ -1,6 +1,6 @@
 # oxshibboleth
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Shibboleth project for the Gluu Server's SAML IDP functionality.
 
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml
index e3c6fcb35..62d442211 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: persistence
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: Job to generate data and initial config for Gluu Server persistence layer.
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md
index 0968c119e..d465d81f8 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md
@@ -1,6 +1,6 @@
 # persistence
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 Job to generate data and initial config for Gluu Server persistence layer.
 
@@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0`
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"gluufederation/persistence"` | Image  to use for deploying. |
-| image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | imagePullSecrets | list | `[]` |  |
 | nameOverride | string | `""` |  |
 | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml
index a2fe63087..db1d5cce4 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml
@@ -18,7 +18,7 @@ image:
   # -- Image  to use for deploying.
   repository: gluufederation/persistence
   # -- Image  tag to use for deploying.
-  tag: 1.0.0-beta.15
+  tag: 1.0.0-beta.16
   # -- Image Pull Secrets
   pullSecrets: [ ]
 # -- Resource specs.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml
index 9815a7f6a..dabec7cbe 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml
@@ -1,7 +1,7 @@
 
 apiVersion: v2
 name: scim
-version: 5.0.2
+version: 5.0.3
 kubeVersion: ">=v1.21.0-0"
 description: System for Cross-domain Identity Management (SCIM) version 2.0
 type: application
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md
index 3be8be49c..39f074e8b 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md
@@ -1,6 +1,6 @@
 # scim
 
-![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
+![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square)
 
 System for Cross-domain Identity Management (SCIM) version 2.0
 
@@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0`
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"janssenproject/scim"` | Image  to use for deploying. |
-| image.tag | string | `"1.0.0-beta.15"` | Image  tag to use for deploying. |
+| image.tag | string | `"1.0.0-beta.16"` | Image  tag to use for deploying. |
 | livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. |
 | livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint |
 | readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. |
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml
index d33804a85..9215e7640 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml
@@ -26,7 +26,7 @@ spec:
     - uri:
         prefix: /.well-known/scim-configuration
     rewrite:
-      uri: /scim/restv1/scim-configuration
+      uri: /jans-scim/restv1/scim-configuration
     route:
       - destination:
           host: {{ .Values.global.scim.scimServiceName }}.{{.Release.Namespace}}.svc.cluster.local
@@ -36,7 +36,7 @@ spec:
   - name: {{ .Release.Name }}-istio-scim
     match:
     - uri:
-        prefix: "/scim"
+        prefix: "/jans-scim"
     route:
     - destination:
         host: {{ .Values.global.scim.scimServiceName }}.{{.Release.Namespace}}.svc.cluster.local
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml
index bca9ad613..b0db52dca 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml
@@ -28,7 +28,7 @@ image:
   # -- Image  to use for deploying.
   repository: janssenproject/scim
   # -- Image  tag to use for deploying.
-  tag: 1.0.0-beta.15
+  tag: 1.0.0-beta.16
   # -- Image Pull Secrets
   pullSecrets: [ ]
 # -- Service replica number.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml
index f336a860d..f4427d509 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml
@@ -28,7 +28,7 @@ auth-server:
     # -- Image  to use for deploying.
     repository: janssenproject/auth-server
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
@@ -156,7 +156,7 @@ config:
     # -- Image  to use for deploying.
     repository: janssenproject/configurator
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Organization name. Used for certificate creation.
@@ -220,7 +220,7 @@ config-api:
     # -- Image  to use for deploying.
     repository: janssenproject/config-api
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
@@ -595,7 +595,7 @@ persistence:
     # -- Image  to use for deploying.
     repository: janssenproject/persistence-loader
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Resource specs.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml
index 6ebb2a9f4..73891192f 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml
@@ -94,7 +94,7 @@ admin-ui:
     # -- Image  to use for deploying.
     repository: gluufederation/admin-ui
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
@@ -166,7 +166,7 @@ auth-server:
     # -- Image  to use for deploying.
     repository: janssenproject/auth-server
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
@@ -233,7 +233,7 @@ auth-server-key-rotation:
     # -- Image  to use for deploying.
     repository: janssenproject/certmanager
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Auth server key rotation keys life in hours
@@ -363,7 +363,7 @@ client-api:
     # -- Image  to use for deploying.
     repository: janssenproject/client-api
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
@@ -518,7 +518,7 @@ config:
     # -- Image  to use for deploying.
     repository: janssenproject/configurator
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- LDAP admin password if OpennDJ is used for persistence.
@@ -593,7 +593,7 @@ config-api:
     # -- Image  to use for deploying.
     repository: janssenproject/config-api
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
@@ -666,7 +666,7 @@ fido2:
     # -- Image  to use for deploying.
     repository: janssenproject/fido2
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
@@ -1010,6 +1010,18 @@ nginx-ingress:
     openidConfigLabels: { }
     # -- openid-configuration ingress resource additional annotations.
     openidAdditionalAnnotations: { }
+    # -- Enable endpoint /device-code
+    deviceCodeEnabled: true
+    # -- device-code ingress resource labels. key app is taken
+    deviceCodeLabels: { }
+    # -- device-code ingress resource additional annotations.
+    deviceCodeAdditionalAnnotations: { }
+    # -- Enable endpoint /firebase-messaging-sw.js
+    firebaseMessagingEnabled: true
+    # -- Firebase Messaging ingress resource labels. key app is taken
+    firebaseMessagingLabels: { }
+    # -- Firebase Messaging ingress resource additional annotations.
+    firebaseMessagingAdditionalAnnotations: { }
     # -- Enable endpoint /.well-known/uma2-configuration
     uma2ConfigEnabled: true
     # -- uma2 config ingress resource labels. key app is taken
@@ -1411,7 +1423,7 @@ persistence:
     # -- Image  to use for deploying.
     repository: janssenproject/persistence-loader
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Resource specs.
@@ -1465,7 +1477,7 @@ scim:
     # -- Image  to use for deploying.
     repository: janssenproject/scim
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.15
+    tag: 1.0.0-beta.16
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/index.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/index.yaml
index 878410257..59ef75063 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/index.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/index.yaml
@@ -1,6 +1,113 @@
 apiVersion: v1
 entries:
   gluu:
+  - annotations:
+      artifacthub.io/changes: |
+        - Update always
+      artifacthub.io/containsSecurityUpdates: "true"
+      artifacthub.io/images: |
+        - name: auth-server
+          image: janssenproject/auth-server:1.0.0-beta.16
+        - name: auth-server-key-rotation
+          image: janssenproject/certmanager:1.0.0-beta.16
+        - name:  client-api
+          image: janssenproject/client-api:1.0.0-beta.16
+        - name: configuration-manager
+          image: janssenproject/configurator:1.0.0-beta.16
+        - name:  config-api
+          image: janssenproject/config-api:1.0.0-beta.16
+        - name: fido2
+          image: janssenproject/fido2:1.0.0-beta.16
+        - name: opendj
+          image: gluufederation/opendj:5.0.0_dev
+        - name: persistence
+          image: janssenproject/persistence-loader:1.0.0-beta.16
+        - name: scim
+          image: janssenproject/scim:1.0.0-beta.16
+      artifacthub.io/license: Apache-2.0
+      artifacthub.io/prerelease: "true"
+      catalog.cattle.io/certified: partner
+      catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management
+      catalog.cattle.io/release-name: gluu
+    apiVersion: v2
+    appVersion: 5.0.0
+    created: "2022-03-14T10:30:04.4075976Z"
+    dependencies:
+    - condition: global.config.enabled
+      name: config
+      repository: ""
+      version: 5.0.3
+    - condition: global.config-api.enabled
+      name: config-api
+      repository: ""
+      version: 5.0.3
+    - condition: global.opendj.enabled
+      name: opendj
+      repository: ""
+      version: 5.0.3
+    - condition: global.auth-server.enabled
+      name: auth-server
+      repository: ""
+      version: 5.0.3
+    - condition: global.admin-ui.enabled
+      name: admin-ui
+      repository: ""
+      version: 5.0.3
+    - condition: global.fido2.enabled
+      name: fido2
+      repository: ""
+      version: 5.0.3
+    - condition: global.scim.enabled
+      name: scim
+      repository: ""
+      version: 5.0.3
+    - condition: global.nginx-ingress.enabled
+      name: nginx-ingress
+      repository: ""
+      version: 5.0.3
+    - condition: global.oxshibboleth.enabled
+      name: oxshibboleth
+      repository: ""
+      version: 5.0.3
+    - condition: global.oxpassport.enabled
+      name: oxpassport
+      repository: ""
+      version: 5.0.3
+    - condition: global.casa.enabled
+      name: casa
+      repository: ""
+      version: 5.0.3
+    - condition: global.auth-server-key-rotation.enabled
+      name: auth-server-key-rotation
+      repository: ""
+      version: 5.0.3
+    - condition: global.client-api.enabled
+      name: client-api
+      repository: ""
+      version: 5.0.3
+    - condition: global.persistence.enabled
+      name: persistence
+      repository: ""
+      version: 5.0.3
+    - condition: global.istio.ingress
+      name: cn-istio-ingress
+      repository: ""
+      version: 5.0.3
+    description: Gluu Access and Identity Management
+    digest: a822a477c5244394cd8b4a7fc1c0e10d9a8341da5d5208dd813e14af65b0ebc8
+    home: https://www.gluu.org
+    icon: https://gluu.org/docs/gluu-server/favicon.ico
+    kubeVersion: '>=v1.21.0-0'
+    maintainers:
+    - email: support@gluu.org
+      name: moabu
+    name: gluu
+    sources:
+    - https://gluu.org/docs/gluu-server
+    - https://github.com/GluuFederation/flex/flex-cn-setup
+    urls:
+    - gluu-5.0.3.tgz
+    version: 5.0.3
   - annotations:
       artifacthub.io/changes: |
         - Gluu 5.0 Openbanking Distribution. Auth-server and config-api.
@@ -33,7 +140,7 @@ entries:
       catalog.cattle.io/release-name: gluu
     apiVersion: v2
     appVersion: 5.0.0
-    created: "2022-02-09T08:46:27.703526Z"
+    created: "2022-03-14T10:30:04.373598Z"
     dependencies:
     - condition: global.config.enabled
       name: config
@@ -150,7 +257,7 @@ entries:
       catalog.cattle.io/release-name: gluu
     apiVersion: v2
     appVersion: 5.0.0
-    created: "2022-02-09T08:46:27.6780644Z"
+    created: "2022-03-14T10:30:04.3496292Z"
     dependencies:
     - condition: global.config.enabled
       name: config
@@ -267,7 +374,7 @@ entries:
       catalog.cattle.io/release-name: gluu
     apiVersion: v2
     appVersion: 5.0.0
-    created: "2022-02-09T08:46:27.6569577Z"
+    created: "2022-03-14T10:30:04.3256206Z"
     dependencies:
     - condition: global.config.enabled
       name: config
@@ -348,4 +455,4 @@ entries:
     urls:
     - gluu-5.0.0.tgz
     version: 5.0.0
-generated: "2022-02-09T08:46:27.6384112Z"
+generated: "2022-03-14T10:30:04.2986375Z"

From 5ffa8f1bb95b8af818e70b8a541c14b80424f1ea Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Mon, 14 Mar 2022 11:09:18 +0000
Subject: [PATCH 043/101] chore: prepare for beta release

---
 .../kubernetes/templates/helm/gluu-5.0.3.tgz   | Bin 0 -> 104038 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 flex-cn-setup/pygluu/kubernetes/templates/helm/gluu-5.0.3.tgz

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu-5.0.3.tgz b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu-5.0.3.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..0fc94422562044b0c5b7b4ddf4c759f1119a53e2
GIT binary patch
literal 104038
zcmY(~V{|4>)GpxIwr$(Cor&#CZ0Ct>Yhv5Bjfpd{pKxO5%)8FFzOzpM>t6k@dRJBN
z`zqoX7z~jAu5VfpdJ`En7Bd+|E(LF1PE+<DEavK*HoEG(T*^Owa4Blp*_t?*duymV
z3d&g6*@ImAzx!@+HCYGte)WAIcK~-BQ|c(E6U_DUny*ytsogIkR+DqK?S0T9Ln)Ri
z20#kzTc^GQgnM2RWukpvlhnH7DA90c5CDTS#w<8KCLOLk!3rE>3(tM)Bjp=*Tt<Wh
z75%f8u5UNfpIXfQ>w@cB+kvgVP7Tk`%-P+(-Stm>AhU7C?2oXWfXkSZDSJiqX9=N1
z6uN?e)Z0}okVIGkKs-*^CsY~#985Cl0VB%>7zlu`15Td?1+c?Na36b@3KI!?Lq=_`
z9qaDA1I9Thrjb(%@XriZE=bS?2{+X^joc<F`vqPw)jHsq=oBwAaOOCH${*!YyDinc
zSo53&h}+ikUI4CH>sy8Ii7g<R4n;s9!Ha^A4@XAwAvm$NRA_^;L?nX}g)5M1amQhY
z#Mv&GGH7<bYD<m60T3JHpWy~8&>&H)0g>-|c%c~L;74SNAMs2}KC~u1o{NfA0RWtF
zeUgI$F#)t=AW@iuiLwjyd)R_`P}ZAz@y0L`89}QEKVS}K<r!~wLkv_L!5e1EWwFJn
z06;{@ML-i8v8*B1geT<y50MC46h36fihVy2a@bXN5QiPUw@_RNucR*lfn^2~1-}^|
z!UJt(tMD2bsh|zT2rln2iG^@GpB$IkGBCS?g%EsJ4$Ni5o~#oa8H{Xi1G-dnYFB`X
zCp;CdEfiM;!Cd-IY=c!U_CbP(gC1+Ea5)5JAB`$Dg?)l$x|Ey@aGLq!uKQfh4#Y`a
zv9X|&SwlJLt}{YzKeARvH1{+xr-xQk-65#ZgQN%1P%k2gus@~;Nrz|tSz*Ox8+k?8
zTi&ve9wsE-56JhCiM1S;I5=Lq1)uO1$(jH-7%}q8lSDM%gS&LR(I_#NNQ(RTj2cA8
zTR-NOQgwbYf%7-Y%z!8}b4-hj>l<%IN*9P`FR#QvhL^>33_BGB(bGCgbfsP=RVYt9
zqoy&&g~E9Kv^sryY9l@N4r$uQ@}NL@pAy<}t{h%r{_V;S?nNHM)gazpH!KuQ@om)q
zIX>%P=GeYi!~NZLEMAi;G_ni^@Qdul+A|@MzW$b|)jjZsd*A<I8nw@19&adca*)ap
zvJwnb36#D&bgvOW5O6F1s^l-3OM(fhrF9T$S^A6=n)>PvGK_o~Ll_WycYI!{{yd5O
z^lZ@D2z<VKMO(hu3-&TYaXAY9!ihu$%X9)2L~evSi$jqHkdw0Dy6mZmRDd|Kh{S`0
zvVq{rt+-1iMp@~hMt0S1`B1gaC9+CLP{`YIzH%UhBXr56fryB3N&J?qG5ngbKDUXo
z$%o@<5iUF|5Xsd|(-%&4iGW^+BErdg)}JI-m#RXf*5$}KVUx2MAX}Df3-`gz_{>W_
zQYMfPj)knrC&!L~`PO@1zIYxJEi##q8G&lHr1S>Cwc-CFH6;u1LFb8Bw_sHH$+i6L
zkqwL!7q?o@Xp3Yz^&-WNoF&BoN!T$YW9(FRlctW$3D^tOSNZ0AS{Ow%Md*eV@jug#
z5S2ipLQ;pvdFYyh=`4&$E<qGyzULJeV+u-rXvp^&gtTyq?0R_~Ib<Fzq{NqDm-k@C
zn1Ecfo^eMddMaI6dx9{9fb(Ntc}9Blms^@wGv*`?!l*Qkgi+)2DFPLRe3%pOPgoz_
zdtnlZ7rDmFh_QxXX;w%O9V#pq;36F9nvi{9dlVz4gpLVVGI@ZSo?OO6fa8cQi#-*a
z_7#4B5L&j*@92RHc;z&OlqMFJ2=&g{^494^S7AC*usx2A%W51I_9>l4q9ye4I149m
zPa00-VRy)}4)5;pyI-2Q5O;~2Tv)~x4Ul1ai@s4SJ#S2msVh*}6k9l)h>g5t%i9*L
z9NksJnpL$ZWb6MqS`>C?Cl713kp2VT%heqWDz&s%41kmxt4Omx-&T`Weyd4>q)1o-
z_br0^l{ZDZQs}^sk;=c2f(eQPxgbYGFAV{YC@DmhL37&x?hSvLZFS4^w<arfEh4X)
zK1lGRd#EKOlf3*dO6$OMSsuwF-))ld`aTHq$uf9mb!j-c$>u8OVN&IuJK>oL8w4TH
z1e%<^_str@k;Q`XcDy{2(SD7yNrp*Z=pprKW~Bf$@{bcq#X;r~g9iq_*j)T%9HB6;
zu?ukOjyut0a$_4yMK^uFxX!vU2U0&)1Ju}nHNh^!2}MRK?pQCwX|z>_z#Mb!a2{g~
zd|FJIX`%`k<p&bHaL=J1<uj3lH_iknz&B>TzJPh4#^}VxQ(iQTA}uikpa)CV04vjv
z^!Q;u5Hd`bDHkTg`(`QPCN>YQyMCLAcV7S*0NOA0=Mrd`k~yUV9*K5}$e5{?B9GY~
zL$?R&(m`v<NYVUYN(@f~YaqDKul43VEaVZ~0QqFdl@n04hkHkhublR{B5v@3pf?wQ
zfI4qG-b1^w<aWN%#zv7I;fRv7dIck@9Gi>kQm1J|yHP%37Fh~G3e!2EIbffMRQxHE
z<QB~2UY8VEkvP-|+2;_j-2xAWh2tYV5pu|s3?<+gr1hiDgm_U!V%{jbPYOYu+o#Kl
z2$|$bEZm1Y{3X)I0sfNH^~?;W%S#okSS}$?OlAzEYZDzzusGO>L`sFm=jiBy93%{&
zrqgi8Sm038D52JeamkK{#@Y|r%pZo6fWM^a{!<p!TJP4F*c<AB@ks!3%{>XeV3_6<
z?iK~k4SpO1{n3>qtUK}NBk`9usC7`baJZ<7x(hqio`$Gnknlix%@}%)tGpQrrha!;
ziN_xv<TRHf(m_<`bsm&QfT|~6yN9Wj3VDV7s0WRd$QStvTy2_L8dXzmb{`B1FK@De
zR7qHchVoip58qF#AGK?vFs_{k(`rH^5V<IoKIEWK3rQE<;-3IC2@Flg9u_+Q`d_VI
z`goiPIB29P2*qoWxAwP(TRTRr`3TZ_WVz&JG$~JvC#WF8M`CxLRe#5tYma`Im0D@~
ztmbRYPwj@(Yt+swt|S*3KHJ0E%Zm#4i7U}0rcV!Q$I@&l4>_zi;RbvVKTZHMlaA#^
z!&i>Is;Q+mly-|h35i{T*5h|D_xUHWf*Vm=Jtv~PfGWEYBXI%XD(z>K#8(3(G!WU9
zN>|+Mk7b`^j6a=QS=!mT=4TYP@4sHUwQ4fb_Z>@91Low;DGxv?37!Re7g)^w>eS3s
zhd=S+IthgLkYcTAvhvzxx2qm9g^P(&U|xKU1<UeK9@eZ8E(bKap$CS+DXda)M@0k$
zN5PlDpp6`5Iya1D+Bb}JTPJ@~D>rY<tJ=|-eDlKl5+1?uLd^fXQ@#r0Fd^NWz+bMV
z42*f3!h{m!G(&a1AeB~-m5z(i#YRD0Uu>42^2oeXgg`(<5g!r#V{4KLddAZ<PEn|G
zSmcirXQhX9)NqHSu@fZxw~DV7p4@80W!eVg{nOk4EXErm-4liZh^#$DNW$L~iY$Ux
z<cQXdS_S*c5>7C2phg0Xu@wX*0y0_wx$MR2VPe4f#n4(yO1g5$+DdEY+{gNBFkS(l
zH=mgGLy_GaaVJWy@GTd!iv6;Ss4EO1$m3L^$s@D}WI#k#rWCI849c4$5iS*6P&RxA
zX0z>GFtu`)&~*&-BPV<y!puoNDh8*6FfM3&pL9YrSDecMfDY>C6~{9GMl!)_s=HcI
zaBZGr*~nt=EI={UK+VK*Bu4-Z6P-xfhv?9Vv#0_Pa;d22N-)QTTQC4*HslB;uZlP-
zI}cPQ48R~u52VaW{Z?(gQv2MI*o{T$Niy{#dB{%V+18{DOuKtN)%<c%78GibJ{DaW
z*gg^S*&AH)F?JC5j@}zQ+``W8F5e5Ck^ibQq7K~fM@isYz*l9`H6kXsv^rBxaK^W4
z1j!Ex`2<r-hrO+I>l03z^UQ>!M<NLkLQ`8wKGY!0ULs}paZ;2d%_&vIT3`l1k2f_5
zLKpopwQNlV)5y>buqthgCR$j}Bx6B#DWlpmn{*^ZW7_w2t9a8B@8h#M`?_a6mk2r(
z92vdd`5Mglt3PD=2Sh7*SI%O!e3Xy|#R+F=oXx@nI>s5kMVyJn+cIQ6A^_v59`G3%
ziX(4B>FypMsD+R4*@&@bNkLVTUU!P3d9KFHC|ptXmO8rDy?aTSHXQg13>&T@Ua|wn
zX95-Rc98f!VF%iV%MT{}t{QUd^NjE@!L1WZW%RB<78F@59KW(lSf&yA!+D#?N{a=L
z32$Hl9WmgLW9B?IT$k#upqjmtc7l-7`}sMi{tk$8R_sRTFCjrE<?SvOzi!t{&t&DP
zDoDE-SZ-crI4@uyRK2sWv0}Xpst}+aAv<IIgAQE=%movS7kmLplr}902f6}OD7W30
zT9~;1hQP=}xvTf^e)tf1Yj61Y@1pFpxVZcM<m-F$VROuMV4yXCd>hwR$U-yDSvBqq
zow4~ic|xMAEJ}q#ssyP_Q4!hQP1-Xp>I;8y!L?N6X+dN?%Ni>7*Fsdt80??rW)Hwh
ziI9W>LGn@35!)H1-K9HOR*=~rH64Zb%nlby)rbpDEZrN(b{EWHP-8kl1Sb;J@v9lS
zbP;lN&xt`TkH09fKEDh(NO+_V(wi=n%!x{AUWm}2DXf3`E!%X}+rp0ck_&#<q<yKc
zYq91==8Rq=Kt&yUN(io1p+}V}GMcOY25KVE1pfv@%ChA%wg%joA1-F`Eg+YkSbB4d
z84jd5f;mxW>8})|w#fV;lK{j(+xE-Wa%QR?kXIsC#?j6fw=Xhb>?JE%owQ`FW?YgH
zgs5NeCV*L)-5~&OFn<wB4#qCX=BG7-FJGocvF-)Sb}Rn22De6au2{Agi=RZ9*sMoV
zK;_gHs8b<aP@%;&RuE4oIRiqhV~FkPImuRnL^vNJI*9>x`LA?`$kxy>r`88&Dwb*K
zkV_w~`}`SwzPM)tzx}RxkAw&Np98+Wc70E|ueUO01Fz$x{C6LH90MJma&|+%U#UOG
zA3)U8i;qe;2{ct;shGNc!!x_!7ZhU=Ma4(SVpUdkweT_GvBsi7gje-ln#izKuX9mS
z7lH@{OL#k%by!7!Q|{ozl0f@bQjK$@=8<G!dM${mD@ul*FLDeGCym;8rdLv<-Flzl
zXK284utzAhJglS6Boc7jA|}HZWQE1a2-;9=Cd#8O#E!UNz)L)kjE9<GQ*yG6W=pt6
z_l_B>2>ct+82d*~1h5f;sJw_!5e4DLGe)&7!l%aUz&k|ZcYk1z4$;W8`Dq|ezdf6$
z?ed7<ULgTf^uejEjZa}91w`*#TpZI?xQmMp=N|`!>G(X!VtSLGy`n)(YpAfX(QhPR
zM4l38qW;zbVdeuBW?1oY9x_72Cl$<%Eu8|KRV~@9?c@?g%j6~K)SyYWkraL$*X);I
z*_p2F@Pt%*kHQIawXo%;C=H41QKUvwkW&CPVJl=r{Pe6atx0(s`l(W}JgKK5t*F0&
zg!LX!GYCd?nQLH5MwDwb#famPii)dgS)4K1c&%vcTVKp?b~nB@?w@ca+t_(aKODq)
z&vq)vWGUBPUhN{ob${YMqO5&iTWhXmFY0nH$EdfMmZr1wPqofWqHv?(h8M6;sZ+Xm
zmqxc4;A9>?*=m#<+G>^2f-TcxmOk6eNhmDq%Mki=`C0$us%bgPdNCpCR=LpZ@;1)x
zfrTF$Sz%d_CZZId%y}=`G4?)an|bdNt!J{%8^+gYw;7Do<9<>ySU4XX1DAm@rG(0J
z7RZU^m%Bd*X5)uQzK#u*svOQh0NKXk;nlU~!^J4~H4@gW#EA@1`eXhhc!MjU2C;K)
zjB&y3khexqIGeVh<8ddpaMmNJ(xwTFa>erMQ_WF5h1b4G&adMs5I3scUuI|Bd<;T=
zpplhp&+EQf1Y2GXEJaY#JzT0iJ$q$JJ82nDD~}8}#crppk{CGb32r}=b*WI*@oKi6
zlO*K#eI)O+`b(CHKG|c!o5ghDQXs8ZxE1dVAl7?h*H&nN@#$6wFdnF=moP)>f!4;L
z*d~<pY!lKDp#3#ux6Y&0`q}@%G5t`)%zn;-y1?qnjDFUuJgBpJq&R3AB;3t1(^Ijg
zNiwmRzz*jOo=fHx0&=v<Y6+vo5jdf@DMT^xw%5t>f|BG891=O7<xENTcwYIcHpl+1
zA#hykS)^Z1xP=0%0#^fmziC|{>=?AoA0)!TYYRp6dGCO=_V?Ryq&Rg)P+O^uqsf%M
zfeN{!c32xd24p_OclS=N=<p{8AU*M`PO?`m(N`AH0zh4EjcZ0zvSS(>$v7#F!+8a5
zJqKKE^cI6G_S=?T+k?RKP&c6n;9F{uwH(1)bzOMDzvx{g;cWZ+tO2f9V1okZOG}3;
z6%)iI=uxv51?I>$F=W@p5+)l4RxB_qxNQtrutfS~*scqb62`#-x8aK{)&Tg@Kk{dI
zF$nD1nz^`i+lTi%ldpfzBcOPerF3x++Z0%m*!dyHcqSQns~BU7#hm4`*frdggN#YB
z<<4yYF(Nn5_8{2Tk452Z&QWu_7rg+7djEiBp<W*0ReXVna;@#1zsFGPCEQR4PnIm*
zT>_e9j0FnX#A|^OGw*GWyLXH27t*rw@M&&Uh2MFNje7M@-(QN!F}vzOQW-mu*h^gn
z4oG~F#A2prwa#h`G}ypS9f?$Ke+faYQzIEB_J2RSDNU`*$w{}Wf8rb1n_h`(YLu#7
zS%nOm<FfBM^VQCt3aMuav3Mnp<hBB~G?VPfO9WYxjJ#;VBrb8E-t5;bDm$vhZJ3%_
zohoAF?CXGc5pqX{?&Lh<LL-eCV<(p`{t7JEeCYZU;+3RnHk8!Gz~+zJdW*wWwDTi&
z;~lG!blpf}pLzo1<*s_HuTZLAGkfndM=d#z6L&BVkoaPzd8wN>eErBY_`jraSM%*l
z&1V?0<rP&Z8ImK1*E2rK1%Iz$`f#`W@jGgAgMavXykv*7+H`}dEIZaNa`i%*yJcyk
zI5N^1X-9U?FJG+*DnAa6H;j+5MPI*MlrEh8TT~1nFbOB1jVZE#@-ak%dQ#wVez=5b
z##(n)5%fU|iJ_NcY<KXxd5Z>v%}p+8Q8}kaWxW{8D5!>HaEXJhw{=b1U3L9y%<p0R
zeZ{Rb+2$VciMYekMQG9WahA2FcB9fr4fHgNMxfdIxgsVnT0gY<D-Br>{0fAc>>)2S
zoWi=Kvfx}JYpZb+G-~QWhZ~KP+6L1rV9~qqjg{FM(`)CtFB0re6*<TXD&S+FU-%dm
zU~MSSAf`hI>UB#Fa-R^Sl%LLFMWVS><VA5c@$KNDsPP>iilfOg$^0EqkYB?%Bh1d#
ze`zvj*A!iuj4}?Nq)91T<yJ1Xef~JP2)X`~W6<^0{zg&^IeRW_5R!t)yl%|kC#8N~
zthtkQlk?k~c12vUjEKk`Hzg5OlnAVXNPaZxtqrm7gkAREpQ0feEoO%s>3za=YQ=P%
zRcgh_T6AAooE6gf^1}#cM<CfqGFo{Ro@D>F$~r;yzc#@ox!hjx3PFsM{!DVXB5wNj
z0)K}Tk&~8h(jju@armhksBn8Q>lWDBMkKuU<l?}d2<WFLGK{6lp*Nu>R|}A&1#4H3
zcpRt~Ol6dDKlU_^{u{TN`MAW>i|)P>r!`3}fxXw#_-EHe5Ol%><2Fq3_|yY5R@$*k
zC{tzLU!`!_1CE&Pr;P+SVTQtC-Q>537?B}Q=g$Lw2yITg`)V2b<X`~Hts-Gc?}XT{
zv*O)~I>?RJdj2mHhB7AP^xz0!%mk)OnM>{E&#Ck1(?$>-4^<_$`X<F*x#e{&t#O&}
z+i298>i%S?{d}M&rj}`U$9QqSZ?{0dVB_@mn7&d0pnjO9*Q(Szf!ScMc)k^o9*It=
z6k2mE{>-!QDE$$j0fBL2l8Td^_<UkFfu(q7XWTxgofHSM)?w?^0PGZFlD-U-7~K={
ziHAp9b;0Ui%tIeIYNU{;d!`?pE#AF*((P4qYACxMT`-t7kzuJNcr;~H;Z?M1V#dJD
z=o)WaY#n3UaMKb`k)>w#do}>C8g&!^jgQYiHI7mekF{`k0%AqXQul5oz0cAc1tb9}
zg3lyvlPJ0^Odq`{92Tsd+?-RNFLn((T)&mQa#{|zBD!Km#SLUR2wCCMLyawU?$0=p
zWYz!)&x%(GV<HWz?{KmBp+E!V(V;ruWn~1T%EePWQ=Lz1@EcrnC9wQX2Yy*;&d8|b
zLeBngZ=>}NdmbOY#UAN2<zFv<7ax5rH8^r`8sg%}?B_}Ac%4`@#~9RU=u9yNL`Tt&
zoo+6IE|f)bbz9ib-;75lzpRZ_;RLXuZaOs}I|q>FNhH$G;Amdh&a8rzRg*#up*;Ov
zMWC|ZBy|YTjn&R1RDKLWhBINo|5aF-$ew@|!KI<40X|K2@v1naOPwLo4x1ib+%r%a
z?A%L)UPnw{?@Vj$HFbYKf_7Z?{n-W|2TnHnxYYb|TTY4hSxQnC>XDHN6!?IR^M+qe
z2W!QFjbaE?*J$zF?T5(N_V_IF|08?gsgMiPuTi);GsTnh6$t9ii%6xkdd(siQ0(7a
zbbLO^7p|XG{ZyxmDG7f&K;U89f2FIZZ57^mY+#@Q-EZ2ZhqiFDH08nC&jmPg1fR;q
z;Mi{&d;R`;U_-K5Ze=|BsqjZ(;x{00Xv97X9dQa8rF3F$K|(`qWr;45Ax}-H%mp#y
zOhAXcIk1L{HEn|x{*=c+%6rCMDh2_Oj-6T>SItx)TKbQ=Y9gAfgr%h2$e_3F5=LsO
zmm*kJQeC{XIJXwoUeIyP2@Ey@bYmd@9UuK%W-cuq5z~25gQ3sJ=)allenmC0#g3;)
zsR9AgzfD!~Jajrg!Kq(akV1;@2U4yfL7TF>6I-MEisXooL-iW!?VKG;F5dzHn!llJ
zUVi$|2MRd<oU`B9=wFLD6bT`7xf|A?DV?&=+fb1puJvppo+s<^23Y~!y(e@@De-?t
zAl$m`Z`mIja$wr1us;v^7gyW^dU{W^5X!lH<v5nE=O#^)Lqwu3sVa-5;?8K~p_aJ7
zcp_?sUk;uiCz504ff6+_P!@>HlHw@D^QniqUdx?rHa@NJ`vH?OL^%wKD&6p#MBxHL
zJaB`Y9<BBDN!x;3RiV5mL4x90(NU1XeOI7NrGSFBvoyZ-V0@U5i?^qv=k~*pknVPa
zd2ji-+s1p&uNTB!Uv~NAA=>;{iZ?WDo1f~IXd^A%KdwbuOR39MG(_EFB+7BnE2mAz
zN$%0{zC*YD?94-+gxvR78mAiCU?i|xu;&^zrlVUp+w^(Z%k<Kl_lGatG9{gOC8lDp
zI!HNvEYWU0UhX#-E_uNj!vg&x6`x(0<xb3zP;;t#67ln^`d)~P=fq(z8hRN6fds1d
zt$W#^P)J*{qAE1dH8|Q<%GKho+ed|+5_mI^9No)<^oJzsXA%T*ol|c#m6x*>EsLuy
z&L>;$#My_s>bOg6bBsAXRBv9_6hh0G>X|$$f56VcraAIw4pi11fO|TY)4R%)zOvM@
zi&36D%Y=f#+!Z8_u}R@4mu-qgG~@Y|W-a774XTvNP1GN1*(p#-3Jc?jT~#<feq-A|
z?{avYlg1o#sa$-qbm>*2AZswUOE*^Ket0>av*tP03UE5sjZuyNX#B|eSzQ7sQA~q~
z_1o2$S&;@x%}P1d1}w8F)*Q*q+8EpaT87+X-j`DpF`CTCMl5e(U$Jw*RHmjRDl#zZ
z-AAy@E5XyyabpKndUYg^w0PkGSMj#LA8b3mC~b@jvSJ+^`ZcIG{vEES^@1aYjLhN^
zB)=m0PA6ecw-ux7!MYFTW2gq&B%NJr-YQ+^2G??4vkQVC)Kvnhf28gP{W%~WcXWQt
zv%qausml_qh^btw_<P@(GM#e!#Hx{uR*j9S-ABlgGMc_zDyud}m{B9jol$6G087UU
zBa=H~oHyWSahGKLMPUe^!&E0xhdVwTadjduw2}KJDt^<^qcT_l`g6su3zc>=Z2=Rs
zTE?^WS@tdS;l7G=W+S*$!AW6;jLQK2-q5nFmg<H^fntmudAw5p8vY5KBIh+i(SnR6
z=N&<iV`2-*5y>y!);e{Hiodu}b#Rx&=Peido%ksp1!QpH!EebRX<H&q2={Bm1}?ai
zMlvtl$8u8lafL^d;M+!3U@DA!iCG#`&0^&P7Y22Z_|8_8g_r@k)z;Dm6QTOD!;3I-
zM|4VYsr)N$K{b}*%Lp#N8+DEO47KeeHhy$O0e}3cY*S87&!^KoHDgN5k3{)FqFdQ6
zyWhHjGZ9QPA&m;HLjap~7ON5cujCcWAm7YH{-u7PQwrRe$|osE%3YkHu+TrU$j}Z%
zU&)Fmq{4X~9g3XEk7eO6uQ)HikHy0zw~;DFSGzO}di71V5yLL>WkXuE^{5QAI`b+^
z(2VKQSHV)zay7s>y5RouAM2DU9N7>&)S1bpI<nNIIB?n42o&2P&Xx*LEp~fNQ|Bi-
z^f0!7&^p)BnjTPLUwDEq8Jp^BooWC;#-uULv314^VmggGh;7sEsiSPclo`VWmB=f%
z?ep_i?E_SNzjp(Js?qnz(Hy`jawYLN816LCcw2q&Z2ue}`t`z4nmFgwNl&qa7nz%<
zNF2ghHmT8B=!muIIJHr#>toDWTpJ5JB20Q7kH<6Q;j!Nhnrc^vdgg}#YjdfRL9^O8
zpX9@yBp=J|Y&HFrypkDOe;}(+4IG1?mkrhmC)Ra@t$?3f?$vWA)?vI@fS+UB{<|+5
zOnvyI0T~<PdmuUGnonG6oAq&wPb+bwqBciB-H$7NSB$pk><voK>B%^;lR7A4pGY}v
z@&cn~&tEB}=PLugFabj8aS3C{ABj2z@l+C!Smkn0G)cGlD2u~>Kr;a&hC?Z0oEz1=
zjM?y{c(Lj=KQtcL3zp?Sj&K+C7Uh%PvaIR(+KZMoWK%WL{V!R3J~=bsT3T+wthIc@
z36M>9e>wI_fNf4wx*2aiYnN&*Wl8UfF&L^p;juFz(I!!)L_;EnkcK#X>0+I7o0F<;
zd3J^O83Zpn@icWtb@t-2b@pOs{ID!kA{n>Bl5pS0TNVp!@ANHCW<IXDKG9z8TzYin
zJhswnw)F~^3#h5RIb#q>?W+JqVxCi)+XY;Yj(YRGeDiSoOp7&YZ!D0TEpWOaSfEs3
z#N6U3=Fv@XO&^&LU2BN#XJHwa{pE81DqR?ma~)v=yX0_4I$f!U?WN?`>A(@x>|H#C
zN^o@xbxA$?YulC=_g6kdJKlirRZLLGub7xX4g2^nrK*Lh$H+i)mMTnFA~fsK@e9iU
z!sCi$V5Do>ucA3e{C?*PoK?s9%V~j~9xg~x4Hs3cS&p>XN;X7HHoLOCm2$na;oh1_
zs(fr^PMsl#6XuC}951e7I8kgDnN|Hf+V%?J0dwnlHc8=oZB$I{R8-YbJ0Xk##v?He
zNB192m(WC2yF~%pqkjsyBjbvtil`xDqox=Jb1EE|eBlb_4^=eW5fxk-@;Rf9?ki<E
zdJBGDcvk9Qh|gOplb(rPk0fI6$JsI~&2^ybz_TtWHWmUvW7LK6EyWuK+qZeMNPYQ)
zsG<)ia%js$tUzZS;9R(nk?!}g*vP=T-!5^CGc1`{eM5NZXLgJ?Ajg8|bd2CYu$h^C
zLmqF*U1v3!PbT1-)q63t&~BSw)e!vRZP5k|L&dKoxCYO8A;f=1jzz@Zhs&YO1?xuz
zonGo-1~Iiokxj%jNDzk0-I57yQ}iDr#ft0Lt8Reu&Y<FFEksj79XX-$tq9honj-~`
zz^t1@#^h`hVtxwEYPr6{y7=DNhj-=z2-lma5(Cank{#T>3bMAGCPh;nJYj!ioV50`
zkz#{)*9Ptqv|lj|xyjD}{n~3YOh3tduNLmvwiS@uZw!fw!=Crd9%Xk!h5Q-l=cH_=
z>ACfW3w}q2bX&Lraq4cpKA~6zaMn0g-0f4Sc=#OsD!Bfpto_LTqxyuW=S~FLIS?e9
z`y!^jE+Eueh#k&<Ckv(#8r_>L+g5ekcFt{p5t(Fh#}Jr$h{`;Q4cQ54+s!VsC)x!&
zk-VlG28xX!N?elSn`)~oCc9*W-Quv{Dx%1=-+KNx=a=fLQEhY4IWZj^?Y{0j5^D<;
zAZo6?9pPi)!o6#+p;qQc4#3$Gdw<l}+bu;0Ug5EbDS3>X82wPL?K#~UBnW@o-`G5D
z!zGn-cJyWst6RpXiJ5wXmMDING5MRyLCN|e=DF0X2x%p%?J~Us(eQ8!1brMH^KZz)
zJwW_(;9t5;^OUiB84^JAfYiOw_oJK5S&s|)2-keg1Vo7xH{2<5;J)~J<9v1}W=t<U
ztdCA>JG9N7wk!nHl;EY1+G#sN4kf21>FpAKS!1GeqQZ(v8DL&Bw_2HpO`C+iNDbRe
zrNPZHAVNq53-0@1n7*WZ_j_onNO&n=4VRSrK?Q!fZ`1n~@kQ>tK7COoEwoKe?44Rx
zjDB<tq*DgJoZp#Y1)~K`$J&T1JMP36dwWKMIV0!?Y`nOCl<rtvb`sm98gNXaIjn{Y
zr<h??!x7!Em=&7T85NwE!zRxB6Is34OLv%4(E}A9<ZNdmENDEV?cRxHz*8qXt$=S#
zg4-s{I28wl8>K@)NYKGE;o|hF`LK&gD+5@qk8=_DQRu*n7fK`z2C>W;<t6N2_5Bz6
zMPA%MW>UR`gU2+aZM5;KtEPJK{b3U6@60ohh=1FzCAIZmpPQh>VL*c*61h;0(oi)w
z8WPG+fuLGb>iN%jZMAyiw|D1O;0o@STdVI=et*A!@W;I5%`85ULz&+fyZ%{trzc=E
zu>0NQV}3Z$=-Ui02xN3^fE1Ii_Q~H~FRF}>2Dedtjc*enC+E?03A?6~f0P6BqPm{E
z1e_lWhEk-CqJeqbttcmLWNEP+(TPDi;nEX7-d4GE47C`<1#rB1<^905q`&fm2Lp`t
z`zvBSW6#{!QE+Q}l@B`ACmN2S*(RBCxGhK)JF81j+0^+bdE?ZbAexO!G$FA2)>FL~
zz&lU}2fqJ=fG|ibj-mK_BrnX8Ms^#@Rux_FKqfQ@(l4fC9SUYDkQZ^(T8~NTE<p-~
z0}qiR_l(Wx2-=k4ogPj#WTZ6U?#MNjM~ai%wfEhdfKv%#z=1r4&Dw??yk6&9N-=5w
z!G!pc1CBgFLjA5yT8A9>#la4f>76yiqHoH8Ef_)tO*B@QhZK17Ri-qPivD7KbQLG-
z92&?yq#f`xD8n%|!l0_g!vUVUqS`6cx(*#!gcPUz6+#nuH#j&b`Y=MX#JIqJxgMe0
z2vopKSCkoTmVobmHwskm3hQXF56ZAP_}4qVQ<Mm^KzE5wwcfvQ#3CVMV$e&xE0ll_
z{5~lVKy=<;FlY>`E*`?V<huuG!7!$S2G)0e5Q@c|3?yt#v81`6kL#)Pq!E0|r_m+1
zdw7Iv#|{My7k<s*Gb0#{+g8Zu{TzvX***7d=`Ti{A|!OTzAvdR!wXuPc5PlH-X*2R
zm>7wQ8;wl<q^ROzyF}teeOI{E5es9%JcQ<Ffq`4lF$?wpfkN>m74JnA_xsmm^pH`q
zI<l(nU)z~b2x87Hpf{mR-cyFHQux(NXQ`y*^PMbEy|f)TcYZxfY8A8&0-R9sO)vkO
zvy@eX9IFm352fY~mLp?dt}OnlRl0|A_%E5SJd{lPUEzYKsYEX4!KOU4U3^#};@V9-
zdUXSTZokV=+jiWVQr_y{9J`dxL&p2vm47a8uOWV4{~h(@eL0Zjd86n95agP*1)86u
zWq^+Q(f3)ppvUT+WS7YGRxQ)hx*f7loZxj^3(?HVOKW~;5+6WPOB1rdL=}tb=Gg*k
zTuU`Ibu~*hX=~~3Wxfs<s;{TX+ty1ryXn0~uzEFpJ!uox6@cNh)!OTbY!6_9U8^-p
zj5QpUAnR$%rEzx!T@Kw#fpCxc#5P99-)z2K17TozH%SDFTzx`v?Q5K<)ltJ!e1})f
zwdahDwu9f7*dLYf1?c1j*Q#e_*IK@jTLoGM)9Ub-Ut;vHUrX@bhWy?aF9CCGhOpQ3
zI!>ONeFB^jNEY|*DKw8GUhkrQ)Z|_}f&#q0Cg|#bUa9+yAE`eo*|g|gTXlO08rjnj
zFG*Lc@5+Fu4$0Y#IRx}v_ttc;IWAhermRhk2JjZ4<iMFww$d`6e(^&MznDP|QJLBL
z`<~m*vQ{CmK4(`xKA_NPSAhJGc=j4D!^VumNOq>$##Y*9dU>0_s(<=t1$Z<!UqKE(
z`H{GL-i+>+HCN887Bn=_v3Wz`TX5Z;3pv~9lIZg4x_?uUXZ`&hdv^Pu;Y9uiHd{@T
z?*Biq8A$V2=RM~7UANj&{OgFOA_rA;!)e^YiNxb6+jsWudM7^MuZ6vy7WN^?iZ177
z2Jn|Z4htR$70W^ED)EoiwaYlHD66~17`GmhvXa%R^A8WlI;CZoG^GYEU;AF01(B(t
z(Vpxfn!mu5&o3MPF^)ws)Fy1;fVZ9zWhEo^;mlTivUWbfWNR>qG$39H$-&Stua&)e
z^<s#kKee>wQ#LfZ8XEjehJLy*KqRU~?0n#;QW!PxSQcCo-YQ&TqNJqkf9=Vmq9zvr
zQDlzNjHXeCn-Rpf!~CB-Ir0A0mDbq+&h$8X-*ICjA541arkO!47YVG<0^oFjljE`V
zkzNu`n2?rDEmkMn3IuAU1n#aFp8Xym@DAy+cw+?8m%{j*JpF7Zav4c|t<;*SB)_X-
zH?hTm{2!+Q^vm3cnR~!Z58d)s|HR$x*PF=rA2(6SAr~BsdItt_NWTb(aY&@jIT;B0
zr6CH)_S*6YP%WcMArf%@TGOkFf7y;78<?XBCK%y0H{&${AlE1HF@=$gN7_Uc&;Oy`
z<Or{_ncnfG-T2j!^T(28?KH=l#_Hcn$*E)UPf6sN|H?B@{^6<x0-gH?6MO4qo~%0F
zX#@euv~m-7i%;rBUON@EzNf!z+TO5>q@K*1q^Gs57%PF3Nr;@ge%CM>X9S6MusMs;
zx<6Qq(0|@7m`;gKA>{LVE+X_!=ZFbMa@wBS$>)Blvingk@hn@V1Af4afM{F0nZY0B
zhs%#8#c1&LTjMi3WV8dqG(yc>TI=mKh(m}5JhS5ks+;uTz?T6%S*0FcZDx;D)PZeV
z9E&u3@J(sI2JDTYaO5;FFz9i2>+$>Jt-XJybit5GJ$$BT@pzboMcQT(acxKeTPQ>n
zlo2;%bSYWboZ+D4eUTqXY;q=xvr%gKpQym-D4VnErqmIfzCHcQ416$DXx0lX%lcKe
z2R(%?zFSfriDb?OXwI|)inI0MEbI0k^+1ChaoU5JD-|SqyUPazJlYLqIATIu;LUnJ
zUK|+wF0`wxOX?c>vltd7B0iFi!+N?PJzZeoD74Zi*-7yM18a23k?2ysQxnKe?=`jH
zK3dNC&g&)#A<K6}H%eiV5K%z%w0M)su&RTqI<#t7p6lbfnxp@SL_HqSJNehyajEZ8
zF@CFea>LotCE!nvo04xzii6{we>?YU=T;8ElTQk9cdzVw1Gf$FGu5_(qsz{f;+)dI
zr$_e=j!Q}3dCyc<O@8g%yw^`u)M%>~jxJt1IW4;nRJ;G)kGR@FLtD~3EHcx&Y^rI&
zT;|CTH+$l19clP^<m!kDX^O-dv4C5db1A1@XbZA2kLa{>o%iAQ(dX*7A$a~2KaZTy
zKKP%+XeV6*q})GSjay-7d^-ThuS&I|fp(>>NaZ@W=wV9~VpfYp!Wvb5Q%*oLm&i;W
zisKE;EbdL5#_*6nQogLEnZiEhM~j@*p?IcrRUMF6H5(6s2O%<<OyvtKHhB5WOx38E
zs<n~2(7fj?wkuzSKPd(F=&20DO+r7OOXy+334I*V{=^r6@GN8vJ=Drj<^RYPQ3{^0
zBs<!pw<yax()-2L_kUr=&tCSPf`RN}zGHR;+3EZu475gFqja<1Ia#Qo=iSFv%xhXF
zr(Mvq2WH{nb24=kyAgAoXoTTVFAk)4;F^+b1C0$LMxf2$R-ruu`UR6oEj6Ki-Cz$%
z9g>kC*vP5xGNXdVQc<$9)DZ<!bm;aJRk_5@{9MP<2U7cAJfKS6kX}bkegc1l^hKV9
zVkh(D^klPIW;vI_*H*)#BgGAlva6*muC$=bBC{Kbv>5Quibo-0Z6?rSd-*^OjzZzS
z+V_&xK#>l|@b^N`AnL;h$(%jW#EHdc61#sm2!Gc-%6ESeYk&9Ze4jY-_kTIxo{ws=
zBR>m$9ulWK6n`pzd;Q&R>U9&-ck?8Aqq?(Utwf>JZz3h0qK>7M$x)<@79-KXdG3_a
zTq%WhSN+qRO2VS?m^J5;qB+_|+f4wsM{Xm&H|WN_^;+!kNGOW*q^1~eLn9q?xiS!P
zQnZ0E^zeYczdv!%!r%X#!G>B~H+f%W@gyw}5?pdnbBJ|Bqao{i|8Q2(wp<!?O~nuv
zEg~_UJ2E?x1g<*TDKT3)$IgFK1#KWOVyfql7y`m7y$eYT-4g&@)QeL3(2f#+4Nv$K
zdK~zqc}#zDz#(Z%MBGxJF0>HHc;t-9rw@A!`$|%2Uv{)3XmXf%FyNfZ`uU7|#N#ia
zCSW?%C1n;YFA2_S%S{v~TP7=`9t)4-9!vGC6EC*`THmO(^K@BR&6l^#<oJg*MkcI-
zoq;ub8aQ_c5}jnpPFD9Li0u5`@UboQTd1mYta1CLs-o2M<}I#1{pbzzJ{{*$E2G@9
zT%?wZsy(MGag#LfWkS@EpaNxYv17gg-rBS`o0XOYwEo-M&4Jv1`HK>ZJnd#J<7ZXZ
z>Q0bhkz;XaVpT>>@rM32T$IvM(Lwx7b*NkZELZ!U7qOq)WK)}*DW-1lr@FY$ah;bF
z?ML`hVT9X9EmE=-)%B{rs?H9pjmOYcKx=kctWV@cpy$I$AtLebFRWTMX&(<c*!DZ^
zY8c$jpykX=xz|iH>=TcK&MOEgFjn`lrquq*jBN5U7?nlLDNk0751%gG&g+}__&Xt;
z0WI4*&<W6*<DL_VR2q_`yj?feGxCJw!pk!1MO1mkToAP2b=Z9{G-$>F6$4@%ki8>o
zQk^09*2nl^qlX2b=en<pnELb-a=cpdX5mHweumKTfeZ*etm9~+9$DP?W+9Ij5G%Ld
zvmUh}*<y08%P^eATlwy1K^l}bZmLX5qx@fg$3T4Aon}C>o$LhcojxeafZsyjrT;$g
zwWu=t{XxDh#^eIXUXLy>Kb-Xk2&#d2i_d|Ys&ge=;JR>%k~XC@*W)ZPejec~&o8n1
z8hP*}4;iZw5@yG!3OmKBDKNogHFmf4Uq}e-&ZbP!0ae9&;8Om1h}8HypU;cBv!YRx
zR2D1hC~C^4ziO#IE%|*Amzdd=oN#p_qX6-!QCT9ydFJ|&ujNb#SdAa{>ASS9U7$*+
zJ))D~o>AsE#CIAc$gp(6UQ7r=c4F#P?O28ob9>vA53}dTOEaqNcocO#Z>T#W1@*|_
zkAa`nl!gB^2K(aAypWrn&Ona#XCcAB=Q`5<8;2WzpTFDY?Hj4e*}J_j4*N1#(C;Tx
zd<v7e?%0uVd;+}9+^4cYe;}FDVju96<($ydH>JAyNjFM4#4vSXq$2fx9|0=Ju9Ktj
z<cqzPs+yAY$->#IxY$}bVUzGS7p=9@?qs6PWz!BEnvc8%kq66KkGOFiN-pEXW#g@$
zhDTK8{ZSG;_hOrJCS|Ky_ZkK>As!0c24+4dXp*+VK<pwfbRKaEUG_p^iAVK8sRID!
z8k8s5eSy}Q>4}P(Npgc&Z1S4tuZg+dC8Fs7fInXR7dp&LIU!U>vy)Z(`t9)Z3JZNM
zfJAJr;7Exvqbp!2rGXV6Buu&b!&*AmkBc#N6x4iBaLoXJ0pSrfkD)qP)<}h1lCh(8
zey2)N|I)bJjQC%~@kL^F7%}|2+TrHqF5tau8R6n<p-+HMD0>7)8KDWCUo0crEQSUu
zJM3T0%GIk<f6xB9`+u|p|72S&XxG(iKs6)7YWO+T2L{b|U0R7q0TApad{|bGsyzmZ
z8liB$TN)KluUo1usk~9m_S^QJ6YpLMNL7GF=VTf)_Q!cL#l#o+iu3lL)?n-pbd@XI
ziXfs;I#3DaFxYhLrc0TFIVWtOd66>0*2f8G{<EI%&GSfc_@F2Qflqv59n#FN*~H<r
ztmvbabetEvkm`}bF`y+Rs&V~-az{FsJFi|rJniz^GqTcvYz8t!Y}7hp;eKoyC4EB=
zuC;6DDOWmtYBfc63{Qz}G|EdZ;XL?KD2L^I=Z1kt5|W{QVSbva1vMD26M|7dx|Gtu
z?af%1K=wC8nKIo$5MPCD9bUY?WfVp5afJIuaZD=W{T!^KFX=i88a`xkNE{b~o?O0?
zxl5%H;8oW#`}nIUdvMd2T+UQ8I#Ppf95F9{xey51>}7~=p~rTdOTxgA*!V|Mw%0{Z
zxtLE{MLQH7yiw<SY(53!P2DZDu`I=#QRW97<OUTj|FEmfw0GL8fE8(j%@WZ&Pm|5M
z(0Gy?aZ9Zy17i<V^}C~d<Xqjtc<QyN@SMRgn(%!y&&=#V;j^;{|3K6Ty3)`QCI=hj
zq8r$+tM$4NiET@LZh1MSYy8`fqI<Ddyt}(y!0FX>jG{%`zh37xX4B#ShcSX%&X?)+
zMGnMHY)_rtrg^$V5s(yr5gAdlG&)<t!T@)8<pdPa3av8%LYU-xzlEL>Hv~`Cf}tvZ
z^W>N&Z~@_8e@CUTRxB1)dzt0DA^I39%)xjIIY}kf0$gkjMe6%$4`EXZIdJ9m@a?7d
z@M%z>uYTVI)%GUmTbbCT<y6@E+p*F{VLz2r<~(cuLedEwAJyMgCNism4xd{y^Sn6z
zvxs*GQw>|pv}@G;uE44kgOBdmrBW7hKSDZ8Axe3d<uC-rXvlKUg91_R#v{Sdekxy~
zUg}0Wdifs$koY~yr<FZV7gSNReS5Y*QN^T2Jw;DsBkXr`c2LFb{V(^=J#@_fJOXN`
zZ>qb6z<tc$M`~sjaEV-8c+~sz@%HufbmaEf8~sxLj}9or$M^U9u%8>WA)mUC<liQt
z461E2(D!k79s8E4cNLZ|ZHEKHy7_a?sMoJxcb9BaKKz&DA4949vO%Zk-*MmapNx6f
z_@yuKF>Va-AD%g+rGv>Ya4BuV1qSyII$09aIgAcTl2~@7Md?0h<I*VjS2@I*I{rdH
zM^m|tsutx7m4c!s^$uCfsC+{36a51P7bvK33+ljkjAQzTK!umXt1q;jM9N(9tk<#M
zsX|oqk)qF{+hk}F^gT_=6814dx{fkgNvSv1^b<<I#y(NwYH6j@C_uH*0K+t|aZj@y
z-Hym7j5lyodo0{~`)&<=UF48XgER!d0%ZU+Rjb;&{hHxG(_P=RtAZzW=Cxw@;7(}F
zHms+I6~qREV1EPxZuHFJvm~s#dpT^1aZt?bBOc5}wtviXdB(PE1SxSu-<yMxTemdu
zIgJ{JLl}$vlUiX)Le;v7VR9|ABa5P5p;3tCXs(=;`KN!^Vp@~zRuAC9S$G^qn9Dn-
zIiVkPGJS85&s>{p=lP5|A$&rO&XMf=5Pj+2WWii>sg(3V{o9o=A$()V1MxtPgeiVy
zuDO3AscX4r6x_G5QplZlgJ`6kQHq<S>dGNyT_Z0^>6&u4-IUGssA|L|y#n-Yp;Jmi
zQn?}V>~}3)M%?L;F<R+$)>*UOe?S1kJWt!MGiOU8DlCyel{(d*N$a5rp}~FmUyD9d
zf`;jTjsj|kF(D0{kD9!@xd&rrvPl>`B-}`7?e5<lUUBxDZoq$Dp6e_`9O(in&*pLq
zTeSv1JbY(GC!G8qrP{ZkgvF7&Eyw{_WBk+>=LcTx-L7a^Ckq;6gEl}KXL7#D%tc5p
zCXdIUhE)O?%C~)Ljg!@Mmrs(orj^dGQ)3@z+l0~$;*oRVl65j7_qr=V#X1Jn$AN|`
z6K$%Fp3I9YCKbTJB`u1+nHIH+qdD@oz2*?X@bE8_{;4Lg0KYA8{W^hQVDUOof!u-Q
zw*F!(Wp_6o8R>e*L-3T5cX)hm?d6c$?`BpP!c|Koh;TSJf8m8%f9y`tnR*gawy40R
zlY=&3%b+_{46~eB(p^IoQC9XC3igs!#!Dni+jKE$VhcE6Vv0HW1Ys#VQboBMhEc82
z|7D}y+QX4=soMsTZ*g@xI#ep*GJ~q=Pv!lTAe>(-?HaeB(TULI-H9OQ>6*JDq7*OH
z&~2qQH}+FD^>I=^IN}e_`ReF1h%1p?L&TN+tGd;)BmMpF31_EurMkng=?;TY;ltN#
zXJT`_Y3a7LB%v+`u4N5w3G!jP+N>61e~O5ej~St#Ppk^m8FZ}7KB(SFF`(J5&+6^D
z<`m0p=XUOvRkD73fyaNbL$a;+C}aO_%z$1{?;de_X}INRgiTJT;;5~$ir2?td<W2N
zIP;k_&6Ug+V)2lBg}~iW;g2qvYyGBd!Jk`ZC8G6J&z-7qa5b+P*IRj!W3Rg&QBc8N
zw4#*Ew>X*Uowh;vu~`{JP}d^}&ijGxI3oijHrM05xzy{LO_Pd9-~PEZ9)t3Qj+~JR
zoj)%0i;!&k>acQC*&d%+^zLBGi#9s{iOFzo@AqHLXYVJu_KqPKjeAx&CHNkvNLVj1
zaki6zWN@|&&;-xWIWsAKx4$ln%a9DJL1oHL=GvAuu3jTOUOgctu{b$Mp$vsSh(cW(
zCQ0h2m*O^Ife3{W&^Vm~r9vZo^b2l7juw+9Ly!+WCGw+GuT7P?_HAJPSuu^@cg4_H
zeHhm1%NurJC$o4M3Xp!9t!kjJ_qM6oAM;{a8YK*rO`5aiB@()7*jN*+r3qTV6XgQT
z`9->e?-DEPW}CpCkb*x;{N)1=wj6FM;|2_wU$gtpN)N5huyxcQd`=f!T5}Xm7gP~d
zZ*$)NHnuZHfo_u)sY<P}DIBiOAboSFj?HU6pD7?`)8xyJoiAI04S+5J6)+7i%C#K}
zbU3i(AUWtgk#lN8GG+!x0K7W2fux03#1od6Z{X+o^P5b9nEE*@lqw7dC!I~=Ke~4}
z2H;PeF$}D1UZ<<K$LXMJT!0BeJr2I`Wk%2OiKfAU1ImMGU@Zsl%o?JycS#$+@pwig
zM`b+>{Fne6MS*5>MSs&bXhbk->NN9iG4?2QF-IsAX?G&9nf$?eBJhC99j5Rb#I;(2
zTq`a;2~LA^Smj4|(0WRoT`0I(^C_qsRyP(`l||G(Rblm}?Me>eq`jbK)!e^>*n#Y@
zM)&ONObm^sFSMPfX;Xs!OO0!*fG?axQYudX+i;<2lKayBq`eC$j2P2Wr98TrN?4g>
zWiQUba`z-Y?uG{j(v+?$+_%plgtr%KvW<SpEfnk~vE_6KRAfiLAn8{Ye-xMXuS!2S
zdff%6>2XUjW+8#=gR^&P4w*9pts;9R#7voZS2_`ptcHJu)Q5=a(rE4~yc|%JZ_Z8m
zCc~USRKDo4`5#BXy>m-M2_`d-{KoF!0~I3M=MovxDG_BC5OA+eSGz*sq^v_Xsuz$s
z&>X`^q*G}^f)+pko1!ox5oeqpmJNPc0ncCq%(X+Kh3}x_O~KX>TZeV1FD9i%>B1j1
zA*LSbL4{%*Hto(kA*H5(VcjR^g2R^!6?hW<9;u?2LO5@%#bX7>BI5ru_=TSR6G+xQ
zOM?}SSsjlGd-yj#9-$~-p-W|Qqx|SqpVq)y;_}el-C<^zkabTPct2PEZG#-XaxbOC
zeyp7Tf4F+*=t`dO-8W7qw(VqM+qP}nwzFenV%xSev29Fj8z<l2I``aj?>}9&s=9mi
zs@=Q0>wTZ+Q|t}tMDh-8RYdj&u<~Dvo+Q$a|9-(ItKN%I_k5h*iODH{dT{rI7<NtK
zF<6N|%m#CQot#!0?C%F;W;Q}5Yp&$Ce-j_Nx(oe9MB3JXq<tK5-jw<-A-dUH#Rb9#
zr8o$BBLvX@3)pPCV|R_gc;NA>OiISv0gu1I?N#a+HVv{e5gxsq3-EH$u=$;?MriDi
zWe;W;_`#XRi<WH_jieU<of{@{BAu2?4t%?s5%<+mvxz;~{>`~%#aJy0q6E@DEveZ0
zl?oyiWqPx&wO@>kP}8ehznr?v=z-PUuOwtjKur^)cxCDm3t7LDkM9<FrKQ^eoIP~s
zEu$k7X3m-RlxlCXN5=4D);`if`<TV=eZjXwM|RcF)@3$TP)oBD++SCKYEO5#SHklq
zz`E{?{K(4(T74GI=Lydsg-0|_w&nS!v2VVts{_8VzYr^m1{B|kluc|L7}a{To7TLO
z<rt>FBLWi`h2;chYHUC!&4e-X8W_HqZ3YyieL>tuh(*nR`oB}YL4{>*8;+zYcw*qL
zWu*v}8JFBRCVyLj$zw4p;0Z!<C?G|54JB}kK>g(6*0VExXAwfT;aIeFrEH@%nDq1<
zAl6(l1C%Agh;WH-KFYk^yc(YiZc`135P{PJ2=?GMTc`=}V2k9A!gKmue|(mh29#Xa
zop5<21NkBhXSTnoeI));E5<5Sv$>6EJ7Ju}nQMO^f1B8Y8xbSo2#AaR+klJtYftSo
z<rJk1DU2XN8$*fAaJr!IrApyB?BUEJV{2xvFc*_F1s*+)u6jNGS_`#!%=TU39?(Cg
z2nj1xknDb9i}-ljJpnuEU*wCHWZ|R^gaK`_`kS<O>h<}=BBY(2vAwqpq01f+VnI(C
zbxwUJwdXcUdF<+3^KU2`Do^>gf;4dEKZ^r>U(8S@a@~qW4VvNOa2{<;WRzg_W0Y@Z
zqShZ^nI{SPEjqQvEJ|R~1Q%~zhs4(rb&xXwcy&<3A5AEnj7zK)83Q$x4;fTBnLC+;
zm!l4x2x+N07)sQ53J}@Qgp@<kLppd~&xaMcb%BRaZyETXmBtl9tkRMv8sd`O%|29u
zBxR8>C)w8y20OCKy9d_tBRP*W;>){RBxLF(S~IP^x&F$z!&_?oa22ScwjwZK421es
zHT^+Cfyuc*QDn%^#lluV;E-{%#3;MZ#j|DVNKJ|A22VFne?U420m?-<pGWbc<O$T!
zU5h&j1TXX*MzdEcHq*_tQ`Mi^o$ridD9rIfhP8*XX?xB!>Du{9qbH!L^M~TjcO-Y0
z)SjRpL_)_jl3LD0OIJ+}(V10wVL@i1<S+``6@U&|D1*BJM(_Ln1lOToNIV3#T`}Mn
zair&4cSG<Zk)$Z4LxTJqUh<QM@kyv*a09IUKw*Xu(LLMrclzMWxBJ}{p8xH~s{|mx
zf5q$B?s%&+8)N75?rO{SbEWscpod{k&&x)qd(3rC>vp&E_tSpoafQKiCB{y-MsaX0
zoqXV{sXNkvN|G=BT6c{2wqb-YaOQRGx9`{0mU`0h%(LFtd{ys<Ys0g2qu<Rr{nQ(K
zubiLd)z@40TgBJw)$q@$G5jz5snuVG_0>*CovDGq*k=dnI8J$<=rS3D=kdZJ8z-dd
zzv=H2UmH?N<Egi0DcjE##)+^nTq*aQG!<S!V5E;Z8!(<6XYh!|z!_|X;$|<%x4Pgn
z2DdUaH@E)0Vq^64;i8);v-H#jo!=F15HV?foI~%077{WW>*x?xj}l~nMRL_VK#t#B
zE4kltE!u_$IYD}PzSRY)+r`;9gSLb;a=oEm-eJbv&OhnCmM|h&09GSq2Rp;9w8VXJ
z-D+yUo^Gzk@8<<41w}>;{dS@Sf(%PhQRao$RKPrdBB>hQ!0F*#B^OFs>(mRX;>2zs
z7J_IydFDIdABxC}+zuSfjAn3~rkZp*31?Dlh|EV0%%;U&7FjK8tV#GD1l3J}{%n>2
zHbq9pWJO*-qex<w_dnUB*MbgAkelZT7j1MSk`KMiekm<;(&-KyUz%eeUn0YUz!`id
z7>OUHujXU?_^_=fJ>EvNX~g&y=%y3Wvy_9#U-OMaX*ecjU3C+|$<^InvDz3?wOXlB
zV4Jo%@k4UdjY87rEy=SbvIJp?Jbx$i&Ez^~FoZX}4vr9KV~W_OoO?UP+976U!A_T-
zFbp9fNspvuh+#rgjs!Inb0&?&O*I(%2?d`p>+@6RFqUYr?Y+US_#%V>-u@zoA0G9L
z=XO;^LvvSerZa#kW5my1n^SDZ5+y5hMBOw!t$+aZGNh<wnhE{PjESZ6@!JA~_<CPM
z6By8b;uz{og9jHnr`CwllYuOprshHADOm_Vx7OEYc^<#>P$2LXNpF?_%i#hKhjKGP
z2%LEv4Z%?g6&-`W>fDNvAN=6jtP<QwxZzMY+-dl;2XS1XmUJEBTB)SDn;6G*;f?u-
zhbrCWpWJf?%NbLL!=;+8^%V8aJ1hA)HP2?{ncuZfPRXizm*bVy(rS8_7ia&|sjcxp
zg}G2!*LrBK_%%e;|31p!547XXD$Uc6K<{#LFh6c`I9sUU&VA-Xr?$5fwspeQ@bF)`
z56?Mq@!hQoU(PG-&t`nYcwC(?2lDAwr;w3<IGFR^U1}i2$mE_^w~(>U3h>b%7!C<#
z03ya>66&p;vQwJ3s?3o5yI213x%`7KcPF6cgU>YQm>fx$cXyJ``d<CA3Z&O=lqf}t
z<_R-P9yxz}j^*ANF17?@dfQpV)DG#qZ!`;7b<`Bi$<tp}ohXgWqEd)Xd8RUc;*hd(
z^EQQBFRg0xc5UgmyU$^4YaO-w2a5B^&wiF*zgN5uy;cr?ue_sbrJR2<<Ibj>`@X&E
zK<<88cl?;(7gcW^Q$D!=k=3PKMduQ^q4}DVtjjIm%Zg5!>FC{2wonr{Rlr64jP`0>
z`pAyeM!|Z^XsD{Kw#o)NXOrp%din8E%ka;DZ=f%=gwko+YMZFnw$N7C!oXCnx0JQe
zG7<gk`QL~iSO3=>Wwo(?k2AZ}BKqeT=iYN>yXlkCXB$Z?WybsHn9FDT{^i{xi69N}
zB4wkq>~s9G+hyUW24<VG!Ts3f<V`QGdH7Vbx!qxM_%vOk*WUfRwKY`rzrvk7Wc*V1
z#q+^$;HUhr<@uOB@2CCGai)_u!VjYeKV?MQP=&M8+^?p8O?POW0(YaEP29uuMjgW6
z^v2weI=GkV1;a}f>m#LK|Nq{E*5d!W^)aQcx%Bz6{#DJD*UMH5hh^lXK4LP8cpNwG
zoitE&w?Fxz6O2&`8?|zbLba4~C_3vypF|}ADpFVJi!@U5ery4gkMN9M;Slu(Dia1s
zp}#h|n#CFVOIB&2FTvesYPpI-BLV_DTvlm^q}e7Et{8|LxQX8_W)k6*W&voYjD1v5
z)y0?)1@^KPnq;N8-=8a5#h?1kT%g3BW&X!|O|khc=~AhQBRNfB_K~qY(#vyiNl6{d
z_7{XsHjv0>fDy3=D6U>sc2+O&R#enI`0_|ISSxmgoFRdybcnjxA|???l_VSwczwQI
zPoN+W10;wZNdr*eIlyKDnQ6i;`;xJ4p-nVLy_ftU_2LBmEH>iLGCSP1Jq3A$P76ij
zDCJJ&^G12&M4wlu%7FhYe9SMM7H%@Ie<l7^-5iZ<wXG;5H_w~yik%Z~x?sCV?wiqx
zP1`;HRuOnqdPP6I7Uw_RjTaxFd9nIEs<OxMF6@<3rCt!IrHw(-F8^NbjjfTS6(^3W
zzRM?ISr!`{vrBmBg7^i%YnNBzTM|rRMozdTV?|z0kIA@`!E<lhmx>P2Za72ys5h1O
zb5f=)JAJ#IoC0*;>bOda?JZNB?Qb;R<z743x4aRonMfscT0qeNBkQ4!c6G(P3=!U*
zrH7?9hdsOuNQTnfhR9&NcC2J8tnD`XZ`})Yd8Cc<D7qbkh#2gh+yx;7F3z8sC7yWQ
zcp3l!#ix)C-aDGw)%)VkoD^r%9pP(zVs*nib8MhL@1PU7>}&==(R)CQK_Ht(GoZd;
zdFR9!0^y3&zz<yjGCFL7pda1pV##9w69KdU<SqgvqvA7BpzsiO`qhs&Vn}OOcS<;j
zWWUal@C>-{s&l>c-85$#l!}0$FbR2590}$iEhhREMmSij^65}6D2h8cj;?%T>e*94
z4F*NYTl7%VKnPOJN{PnQ|4jLY<g7g%wjZHeuM`G;LjayWrEeEI24fX?O+=jzQ?z-N
zPE)7!qAXjmige1c8ypb#yP7ZWM?v90tXyTIku+VTz(h(>)1m^4mJXNuhkzT!cU<A?
zPi{>CF!7ar9JPRWp^E6y&%Z+0M2^V55>!pKq&`I@mU=-W#gZnx<)=LJthuOUic$UZ
zcUg3tYsA#`rj5%(=VGr69{-p{36G}+9=|mASWfSUN5mF%4t#V2VkUf)^H((B$JR?I
z34T)^g`LMffD6mR0oD-H6V7o%slxZyn&pU)l+I{3m`xr>5{Tf6+Y7Q@aHBf`_g~qM
z1`!ATCrj;^gK6gSqja<Y207^%&!iV`?7&!dc`6w6G{yE8k_M27PO@TW!gq@qciRIC
z3;I&lf%4kJzNB-wK@QHU`%L>Vqq-p)Nw@c{0f9j=Zm0v;`@jW%J~tEZIdpbSF<pC0
z1wn^6jzAJ1Ig!S1ucfm<SnnUgyz=7$g6h|r|0gZS{-U>%641bziIsVZv<K$uDs-%f
z8%MDyiZ?#4VQ-l%CD$|`z8Gv8PkD%^1qJgnOR>P}<cS&USj*p%m42KgmeEv{n_h6r
z&bw-7C=>I7zPBnW?emi(`E)$sDG&3)j<PDFSIC=GFsGzE?5Gj*B0^r0m=QR1jB&AK
zQ77RI^<<q_HsB9W!0-5J@9V-orK*!RDym%&RXOC5CDAzK$u>1kxo;Zx)H>w(<bibg
zsZZX=gzo)JD4okgcxx0spsJ~H{ePa>1GmSwt<Yn&LU-y~m6h=y)TI1Bzb+~NV;A(8
zery9ZX)pBH3fWJ`#hI#vA6lZlp(@d<JPm2@T~sMj)yIB{zD`>0$G)<Ks^9I5gMhl<
z?dh>|cF1$>>3nDGZDGx&P#va;>+e<UR?Ziw=l4ZnqlZy8E~BA}>exTI)@x_!6MI&T
zh3gj@lE9U0+!a%?xa&Wg#e1tpW6trPnpLB4S`{02L#28q-jZ4P&%4V_B@^!t;!oGW
zOyM*9|1^s?uid`Fo%|g0_FA}kaUzzp$ZF?4Bv1(#*KF%Sid?{3@fkZGv0iZ*d)UH#
z#Oy)aiKhlPO<jLl9XYP5(GI;LDs@O*r4xFuU8WP7QaPJks}qWF_0!@oL1aj+Lf1A9
zuHL>&jiGZG^xMz1_6z&U;9HT?ic}~i-0bKWn}-EFs~SYHQeZJf?T8w&8Cqm2zZzOZ
zmbVr}F|Dxbj!u2sRJY-d&Ro5=Ya+#cZJ?rSLVmha2fQF?9EMM|?Jh`N?*^-hn*PO{
zBkwo;%fr1mCSV-zqLvn@+1tZO4Lql&Eg`?h$E)S>H0tbL(?3iP^9t$!5+4<C-9<n|
zFA&WxvRhppW7fFl<LZ$2^`nD3?e(4tR{#IY--6R1YyXqK87kcTf8}o<_4jCP{eCbG
zKZHbY3FvPBmqglWsOCO(?p!|Jjl|&`+y8<QZBpZjAw&Ox-2OJwYB$lD(vU+f;?Bo|
zTj%9?kQCEf;8sXUIk5YM=>giPy&Quv2kAgi2sI>dZ>;ovhkJVX2o}$NSpeGJ!iR6-
ziGBcxirhaE?Z3OmP`o^Squ>lss8>I5ANvG5Ayvc%B1tGn-va?leCIQg8|78;Xu`lY
za?gN-V<#Z2`3@$h<`E?4n=XE}3l6U9@rHER6y2wSTbpweAk6vS2|@b`#DwHJjdJ{h
zLi&L_;`1Ethf3gRZ|FNRPvaoUG=GBug-^CaOJxdn5l%kO9w5v5s9)9o$=92tHAwU<
z>3@sOl56n(WqNgiB?1qMzzSS`-@bkSYo_w(I2{ht`HCy=Pd_o{^tMC%myW#FTai0e
zHdoBEDz2xeUrF5TlbEQpvg6NYE1OIY$_2Ifr3Tvk+zf8%YeA*z%l4>v{(b29esa;a
z*O_Tq=<vDYy|l@@nyK~eu7AZ=`S{Jprw_sj($eyEO)sX_)Hfm4SpR)~pMVH#e|cfx
zzq(7(e8I}Fbt>!*aFf~Vpw=ES5%^Qf)|~&0hhdEHX}l|_cuXKXItz2-?{5hySP^)X
z1+jlu5p%T3*3z==VF>jfWl=roY3PSGzzAU;-$!(Zgru#l@B0Y)s0b8Z_PC_J+e-`I
z+S&>?27oXfv~O+c`9RJRtXd`;dRbluOE*1U4POOCaTw-dSj!0T>ehpNi~B6dc}IN`
zW&r*#emC^3v1$O)C(?gyHFHViI=8F_f}-s-QVg%&dp4ggda<EGMI&a|yY~YhO#H-d
z2T*Na{9pV*P}!N{Sdm1XU2W}ptpyN*p8uC^$S<KqUwDazh=gBFs-5Ju&n)?wu+u^s
z3e>?z{)iYHfiKs`hcG-kt9(=87xULuEVRI)BMX!>%k#)kL<A3l8IG$cw!N<@b}W7@
zf$>w%mcWdEDu}(0ZY$GI;>YoI*en1lvbkfHBZk2?)e~`#BiAd93z6kFjCVniGe)<P
zk#;ec8-Fpr%@Myexn1*y&Z$@sn|(RwRWaDAlwJ8LU;x7Rp%`2f_4r_eV#F1<qUG<i
zF4x7C0v+p_vH7*cf9Ymk-D11{H<6J#x8)xLO}|i6cC6yMt=&jHSMNthHhj+dRt}EZ
zL&K{j_xh!*ZSQhoXIiuEV@+icyo~Y~-dILfQ?Q4amfKRx<6m7{^<PbV$aVGa6;GC(
zM|(ITh{t$h?-iH8LwchM_CtsSiZj*CPZ=AmGIf2k+(P)c?g_#X6V}!0Q<qu+m?d@(
z7T1SvvK)eGTr1Rd1Dj*-uJ_iGd3}5Z`2eZj57N1CIzIzgWW1D3*r@09Ci$+G=Z3Wh
z>x~3&4PK5xR&dh0-I?DXmfT2~sNoAf>#_e7P5$7Vh4OI~64moo=av!V@&){|nAisY
zPYUZ+VO)UGe8BYND0M=1Bv0b}x5zxjaxfK?K~W*vz=m09B}J_8hx1mkM1*>R9t%u<
zR;tHKCgsloi1@)bh?1-8OnL$|U>12uIf&tLAPevr&X)NO_bN*r87p$=8fjAh4-SqY
zMw*nTAt4<O=});GF$uZAySwS57Hy%I!8loE90&*5=assgB#X4@_;lV@9l-3ymaD?P
zr2)<|3kbnk^*&ACbjnl+Z(%lN)0UK2P3bc+vA3b$37F1P7ITePI4o@a7cYW{s2NdR
zkzcX^ll;|4{Dd*pE(07-w*{%-5x7fHf5~!sdA)b<fS=oi)@I-T!`wq-l=7km#xde-
z`H9Lql~PL6>%~PkLA9G&E;s?p0Fg%)>9Q&|lBkrNXQ;YFlHq76km)G{Q*pkqut303
zKrI;SfU3(x3;kqsW<4f@I2RV^(3ayN$CWq{h&t1FFyuIk8v3!SO)6%bP?O7-Dpcy6
z%$(trn;mGU;xHk8$cF9vmo0rUO<Zn`+Kd`#ElL5eS!#*n>(Lf*rDUYWh}KMflrAM1
z^J)hw$+ps=qGi5_D+NYfOMu&|77TkgyI^2fS81w=_J&TTi<%w6J=}x<#j&hxun}~I
z?pZvi<hH^dga~cxPbHYYMj~T=ww*1Y!3N?RlRgwgvpD^2Pv@msuBQHOx(RXPYli3I
z;x(3<6Pw2-$+}I#j39Re<!IK%Rh41`Eg32pz{C{dPEN?2F<jBx2LA`ex5P%U92SMZ
z2uvYD$&QUFAP(&n{sv42poBU4;mE={5Pyv;3(3fO{HKQgC0>iPx3N3Y+TCkaOV*+%
zJ<4fhMaM26&t?PsLWH5DB*VI$j*haR*912n{V1<zS%{6o>VNlRtKlC8Rk6nN;WZDq
zl80;m{Mh@W>|z^yk9-?|9Q&TLyo!ZQTo4VxwD?JJ3Ic5OA0p2pEh8((mq{<=^@Tr6
zod}_otQ!`5H}#h5AaEmZil=u>)b_*(;K}A1s6lD2_A}{VW9F{K`dwfIdiBHY*vOZR
zi@<CXGe#V<WPRq<1WjUU?5#>^g#b>s-kTbxUD@B5VSbSco@{7-in{21jlaL_|MYQo
z0In-mpo9F(sT$^-vLE%zS~)YT8tYOc80et+d+1j+MNy{D!<1s=N^9ggyjOmyQN*b4
zvtU&5_4Z7Q47VAD-GV-4&1m}jR6tW@Z9U6RwJqs3U^`Q^l@%F!x9OQbZZ(Y5K60Oo
zG9?}VKYND61e-ErggK~52=-^$i1<h}!p}nkuyj~fPT{cqpRMDcFdgEApi$W50B;uL
zLm+Kee$rOu^W?<vbF|VD!AOfDx|H+<E?S_b&pjo|y3@P(a9-+~kd#1|d*|-9OrZC|
zkEnBRrz_STgsQT-=#|JPQ8fWaYnY_>2S9xEm4NzaFH;AETBuc7Vuh2htFENYRtxe=
z<+LNHC-pMpbgR&nq;XbFZLPcTv^d`YYmBOcZKVsEh(Gy$-&6LhygS~DAM8IFdkSuA
z83O4@UTLbY$fnomAuKwog}3UIu?U!3le~PSQu?|gG$uA-7(mA?<|+UyAeJN{iH&@*
z?IgQYj72{;l94a;JXmuNI__}NUfcCor?#rE7DTJ4=g&N|qRkCOTW~wemKWSlu#ii!
z(}W`rxvF^b1ndIqom0<8YGWE&Ct>cxKzbR3yirN5<l;bc06Q!>tcYZ)4K~r_zCmcy
zDz7aVfTLi_wI&8VwE(GYg25{1?3qq(FG>E__So6caBy+)w|PR1V8Upl*n-DFM!u(-
zh1(+yPVMMhR#2k7+mUv*C!th66U?dK<fMsmW<9+!t<6xK3N257=pPIBq!N?64_#A*
zR4DsM%oZ(+0u-j&7TwAT@V{JGyk`RTBJCEwz7BP{smqzalyq3LzIF}#4~-2wr>GMA
z;^{x{$7`lyc?N6F^R-72E!^b}Y_N#vffy7PDPd+s*+&Zlvr2!WuDFYeQ5$R=2~21a
z7F~k7J1k&)xWU>|IzxSz7O*xP#DehqxD7v8C#c;)>mgutAi-Fqh4mzCyD_$y4vY1D
z4+)hAEXTn5Bhpw<Fws%O9f($q9}uMg0jG*7o1!VDfIG0!fEcBe7AT(dnCn|I5`Js|
zMP|$c@KTHPqqnn=UC3^X&KU&pvQ{D1or%phO*FyuT}-{^{Ff}S#$V`IU>-(oj?kBV
zbjOajx66IZFNo@YRbuGP38jX~aCcD{BTi3uF5Ktqu5v(n4hyeeD~FG^{KtyC=Fgsv
zi4&K?^7$$jk@iwZnhR_<uvAeSgJbK5Rr}49V(o5@5Pa>+^<g=t_!t6X4KfIk(FZgd
zuO&{{rA?vQQ01t4o;O!xb~%;~!prwI+?n<H|J?8g5_9Z)lb&3{I$GLjtKli!{>Nd^
ztX3V~wz{>!|I*N+>s%Lq--+iG81Yf9^<bD60?e6g@#yllaqo70aQyE%``^UXxB2x>
z=SE9?sH4Z%lh!Ld#~IHI>Agn7fwodM^F98OqgHE=tV!#_>6sKEa-xDVsc^j8BKfuX
zH?0j2sX!1a)tFmi<gtu#Lf_xNe{GHR<-^oRj>Sj1y8OW&Fhfv@4R8}E`R=qoQym+Z
zq)mU!;HJI#J>JOhI_$*Jx7MoX*9Aa?ueOLXJj9qW&O9V(NLUNcN|xG6a$)pbdnN%A
zrS)nIFkz&AxsKFLxccalS*K9Ucd`QrQB91~jp^XA0zKRxr>Z`z?;Y>=amP9Tz9~LD
zpGWNdwt0J9{kcxQtlhcrrgW~)N(nj(uU5wVztBDgLmc-z4?aDal3?vBcUbwXgFRn+
zqqkg1R;u`AgphTak(=L)UZnZbrXs6OTn`+HqY3d-BL7U<Wyg{<^ttTX%q$_nmHs0X
z6Ug8IzNEM*q2=s$!)?OqA+trZA9LR@Qa8Bdm=ypBqB?c~Jx^GMU{M*^Q_;#V1S(Y1
zaSI?j0DN;r=pCaC>vV`x#(nv2HKTpS-#>UG{=Hf|qWg%~Nf!`(W;eajd+A@_U6<0q
zgLjM8mHAyeTq9cL>^;}s%4~yceJ<Yz%VF^8m?h+STr%T^E#@}8(Q>LNoUl4l;UM#u
z@ZI*r1d*y>M$k`oMk1p(asU9gqBS3TOS>P3yAS&x9Pgwz(J#4pw>twxCj?i#-&&RZ
zqw${AUzpy}H?6|q({zP|<nTLi(;#WBu8eIxZ}8L+d)i&&QHN4$?Jw!oclkWpOUML0
z_j<8<N*74sz1dT1-1P4^x_v_%EwFp*VIVNeU@B<+la19NdU_z0?X4@kGWxo6Sg*V{
zo@?iog;ixb@?O5~D)m0yNIT505`G8VUi%|+9}@A;UaMN9I%Lc;ud7GK%ZH!b=P;ZL
z1`>iPkS$Td6Fq;uc?wbTdB9Ig6Ol$ell=}RZqWe3FLj+RRVzM{BnqPmZV(s$+<pVd
zog8}57Jij91VYF?ue`g{m@>v1vcJ1q>k^NWkRYo9NO(vXk4<0j!1qC*-HjcM$H8k7
ztFY(^HIWczJWbK+(W8|~TT5y{ye7M1;PbBTEXqLZC^P%bI6zwlzuh;I(k}7fiI(_!
zPxy9vG2jG{s;#OxLOf}kuE=!yDT-<08`cCRSh3oJKUt7HaEm6A4nW6k3p=S?OAJbm
zgsa9{x{A|=I0WSB>2mwW>7twia^S;e?yTP$kp?yx{CJ3b!ln|1JV5)HgkE6#%*jL8
z5$)+h*eh%Gp>q3s#fiGA6H0_$c%nOmUM^fJC_-jh8`+3_AlmYgHiQYHtx@~a9yI@$
z9lrJ0gr8&enYOK74qc40@O@ijC!VgdVC0@R^Ml{EgXfYB9iu5=N6pyQrK04j3uy`Y
z<n((J-g@Tudn4y!Y_t>HdM-~J17_~4cRF7_?u|70@!Xn?Pv9oWG9)v%OX_QdRhi)9
zF=X;s8Sz&r-sUekSf;Bz%KZZROK-b^YhHaJX;LLn7Z^hiWaLCdR$)NXl{8#fY(sx-
z6|@DUdRU^)2+s@JN11Nh6}HyK>F2=ixG5m!w^AJ2Psh&C>3x5+6bc;=1~saR9#U#G
zk&(A>R)!Z&7Ac7|Cb8)dn^Xzr7_h<kB#=poMP@=o9N$sxB{)`z3I8OZXa(8Vssdf~
zJR5P(GF~^hxa%;#vxLTmzOFrs#24LPjrK#yg!WlP-F@2U5JgvW5gjE*i1(l_Jg~)D
z><q%bYD}ygQ9W|viw#}m_B#nX+9&llCZ|;>dn02hW+`41YAFy`HA8(C#X-ut*hXEb
z5;!*~h|~8p9zxz2-HbfeT0m5_k!f_Nmj(vlee7eeN`}Ny=rIlDpX_({8OZ0_$Ky?X
zP$kBQp#}&CLJ%{G?(*r?fis2@y+HaoL9VC;(>RP1UBu_#Es@3h5P3o|o%+E%oI{8p
z`HUEICZ@1wt`o51gw3KrSX%`FykFF5917AkX{wX4O_sauktwq!n1F%_q=qu<D2y%C
zYz0)PzoUw*b5Io(#r$M?qkTZ=jL1e2V2^WvA@`7%(PHD9LomH)u|Nb)w~&R>V{rHK
za0(;h=UgjstC)ufwhZfC0jZe=g@ULKAFwf#rW`gkS7<t#Vfl^1;&&^av>P%<6&j^|
zZeVjh<i8t7%?Qt?NUNm05WcvOzfN#xc_fHqkXI;tZpnbYb5C3mhfXN1yMpC>SUS1z
zs3VKQW&~l~!La{em~(qNbv$0IugV^i>!5M=FLauYs)N?1+nO>J*AWacrCZympcQ}i
zkzsj)<mUZaJVpV2U#6~*m1D;(#OmjRDsgI3YJ^aGMP+WXX5mCYmUEKBPPnCSahH+l
zpvsm(lj|NPZDI~BrwZcqRq9cY{RZ4f$-&--h@{Z!-h%{nCDR9{zZiuo<SM3}tl$x*
zFXJNWZu14)(Phti;C#sp#EZa>Op`du5Z^AtTtT&AR;<){ykfBB#(>lY2~%sRr57Qw
zVOsf_HW_xc<qarP-phQ<dJw+I7LQNK0u?38Q+e{{g1{+M4$iB?=7u@*N)-*3x(5o6
zyOKnMh&O0Gb4N!}f@^L?J6k8bMoBiDuap*x*V)wrtE2ff{Y3g*74vAXL5?MSAI|jY
zXO<4(h~a0`>DK|1FX*TuP!4nKc7cUOWd|lHQors8f0HBWxF1s3DsGvWH>_KtCss3D
zD#No3QnkLQmn#2K<IF6?)svl!1A~MkL$cSsp#cF)Bs|~)^C|4QD@3{l@gHzs4L=^C
zo+_?b=A}oAR62Dv+ymc}${D1JtMUmi`kf#>pGz0Zh%Md^OQ{BOjgpsYN!J45CKXYr
zYJ*@vTG&S-^WiS8pg9&b^r*+6K&5V4rxUroFVln@-t`Zuf4V8!-H%1+c<PuYLxz=E
zM6qbRASo@z4VL_DMVOL#RXch%<F-y4!mR2vYI~&<7ltytL;-|RFJvZ>bEml2L4Jii
zg@t?yc1rFHJ-n+pD*lDOmmU`h&qeBnRxq84F}esee%BTYZrjTFp!#_K#+Hf-R#_ZH
zyw2-jR8UOX04Zel+1n>dkuVEw<NM1!cMvnnQfniz<zhL>tZ+OY8QoC=mn$bq7q%_q
zBH)MuYSU6qAD(VbdD;%lShUEN<Dw-YIGbusEc&mBHmUEbm_hh3CfvujoT#>A-j~m^
z;PHN#;2*zwR1|s$3V9~{duEF{#1mt}*!ep}%8Y2OWiV8s3e+GYJQrXbWP1rh6^L#I
z`mm8>b&BJWQhV+b31)9#N;QV^t`(rdkd_qQ1zEibZ#EuLN3E)0Iw2z0UjL6sA)6@(
zc43AoGUAX`%|ES#4SZbP_<DG~en4L6ElJp6{hI7G`ndy0pq37Yc#r;xqwnV5{x6mO
zd_Z3YnbCZCihb9RC$yMpPO!bdK;jJavB+<z1bqXay9-oVV%dJtTof59b8&J0^C_c=
zH0z@A`EqdO>3VbUWuvq$8W`#*q45Mit(UQa8|FvzbPQ#DO}sN&Yn&0X(UDB<+Urtn
zs*G?l9TA-6hT~Bu6`OCL#bGk%dRKr^zck9o;IY!mzmv0A{v<yem?aRq(=T;s0j)fZ
zY`}X!hX&BHX7%N&+WKJB34u2ILO^TCa5j-rtJ@XhLy*nef@Z}3Ru$|(EgvP@`R~($
z258UQi52m1)S$q{*HvYRGF7w^7+n<R>C2JMT9H6@C8A=20Wy0$AMx>3Hn(kEH#bER
zEEF;<w4MX5j(Y&V*G!~*HPjv@I5*6|mxD}bIw`W5A}jnibc=FnEN)D=)b>CxiJ!eq
zfvo;8mn+%CBD_a-IvNZ-<t`=sA?l%unXR982@M1WN^)I@eU9u~cY)?16M4!!K}n$E
zVK=6Vn@cZFCy#y=bKA1P!hCS-UJew7sO$%d89PE@`Qjrv0f(V49WTRcoM&y^^ql58
zeo|Kg+@DyRp2&9`@1W!Y%5g4`f~rDeZUbq4CmFD7<W+)FpjWl!R3W{z8);5@+!rpz
zIVf)SA$M*I%2X)FVgtA{#t@Pqj*Ckfg|}}%<G|i(Fr;sU9kG5kXi#){;(=|?JLY4|
zT|m&zQ~&u1Nqihk83M%hsx&qdq*{m(aNY6gLt&0#`BnnHCi$j4+OsE;Y+daGxKUwk
z?<m|(&4<cJ#+B5jRHU;n+0hq@#B9n)kt0_P6Oe3@J=!i!l2s+H#Ql&KGWyHTAxDru
zj2a<2y3|zcf;YQDb8}09t5xZ|jf-qaISjVv57h0wRT58`eRa!2Z22x4Osl$|3VHXU
zj<Ygy`1cQu^5*?~;Cvxwh+dtGLlhdrx|;jX$Vk-HIxeMtc2}1`XEvSJ`1iVR38(N8
z$!#O%J6)_!z0L5t0b(A*0Lq_!Px1n0YSj#gz?+@GYeoHq7Da-XAdg71et?(A8Sk1b
zZb%rf2E_(AAI9JVPeYtp8XcnMRcywx?tUconV+6t64i8!E_q{y^>Zp}-t~+k6GHEv
zsa~z#Jso{ZqgI*+-do4j4agDGS3H6zIhzXrl}2eAZGL`%OD|rwLvsR7X?KnVsV|t|
zS(XG%ZPw@4x0LGb+`q?TL`&Sd-XgyRz^5m}M92kw=p2t(FHmufk)PmZfviYodr$iB
zysGZPTb1nX8@BEp$@3E&At4dtLA@e?kOd_khcZ-!*w?Z}Bi2K>BLeGs2f>U&V}!RO
zG@2~WK)1I23x4gEP_ssx`%Kx69OaJw?zJ@+)G0#9HO+NnX|t`LuPCoy_8L(=C=NH&
zgL~d+W=Kyzk*~AxktS_E^zo)YxJBV?5W1PAW@G*Yr2`5@YJN}El!Yid3vy(lJuW<L
zHNCqp7RzrkgD2lel6|!YX4<+uPl!X4ZyE6ZkxTR^G2*>GQsQXK>t>Z<ABDjimUI~j
zFmWh39c%<++{Oh1Cn>v#m9y3#vy868#e=<i-(t&KwK_%V2rclE8u)feXt+8(eNC;&
z;y)wDS2lzVXGe{oq%SIc*#(HM<g*82An$x=g%m;>RZ;SFqw0rlO+onC`s)vYqpBtQ
zZhUwzd-&P&y*yt=j-F%@w7qaAW?38!%}6;V%1+4elShZ^VLmTjo|DT0V-IIo``EoH
zvaa?J_OuV#-|mLY6mbb=y_l}C7(K>=9Do~<Q1N2HIO8X8WTaO?Y=la}NTq|DqlZTZ
z^&7~u&T2nt8(_pS6lTP|TYp)uQP^b9Mb?>(fhPClXKTl-2l-de55;#I93&D8>p-4Z
z3{pCKUUC{fh}RKVA@vgQkF>y~8}}@zNI)ruc(5{Ua><ngE>hY{7Ma<wtuXcjx8|Q|
zdm2PTJbJN_>wo#9HjFovy$-F=1U<c-hQtn)k4dYu<9t{N64jwKBpJT@))`!P=LjZW
zpstN^>PSym$Kg(8CD(8?3#|}AZ`wF^r|xxuxMzm^&SHf>R}RsyvVXL{m?Vdi?-zZ<
zrswH($GhARm!S`nS^J`+HPbPX4kLgmril^oRNj{GJ@#~zjJbT61J`K!K9-r&{8l|F
z_q({!a6W~8U&#*?i_B<bX@4a$O2SY(cxCvid}Vk}CnHsK4WGqmo}#-oZl@jOTT@{B
zpXNzIEV`iUe!TPw4~I}|_0U}PCAw+tcKg@);sph3WFAdPpoT15v#94ibdvQt#4Qg@
zJ!mPWeeu*04LS2{eYD(wT5ogbhT`|my4@?vS+9MmL8Nz(19_dOb*QT`qFm}>^LBVT
zBM~gsGVHegcy0TeCT&1}i3<xf53>BFLfGju4{r65xUtx3$0#n>Z@KXqpOHM~4L@M}
zsPpnyh$L-M+y+hv0Tn<n49vmkppjqT_eY$=A-5laQEopzQC=VWz8<*YE;x!*azJ*Y
z-he@FuVuSQvW!-*U26kkn~|$P0W~~gOA(f9!R`_G`K*CCb{!^|$3``P1HYtErSdi7
zhTBH^G_NP$poBzN<2%IigBqYW2N)I)oJqur@Tg66KsHR%SQ{J0u8SMsrH|QxSytQE
zI-g2W1NYV|NytF956hy8O<tB<U#Za69%)<3ASV30N)3H!=M%(t1<Z)>HR3SU0;lUg
zIGG8-*iEa#5o2mNxK2&dO0BbBEyBI0ZPjDAH9EM~u54`5_CTP^zSZbH;5_N*eH7PA
zcaxtzuOt4ZvFVkJYpx#J_t}vP;d#(OF{wakK8!S_{ryKwSPBMfWZ=~lAakaunUq6g
z(T*O9qb+gOmK<1IBxtr8B_e<-0O&==*1}an^%@H~Lc9^f8#7y7$LC<|9%eMOaCn20
zg0Xs(wtJ{_8wHC()i@9d{MKeb#=A^5m><&!>*8@D$@4mpMx3l*5Xr$M!1^tyX#>;V
zApLid;>1oWnT<KUZgHH5m~OQzvcac87-`fOD;kNzL|Ol}<^;cp&NM&#Sn6Gk)0u0y
zJyE&vKKAY^;4A^u6I7K;k0D`|#YQB4+y=bNtc6$tW@@NGEXJ+jwX+NdjysPwuuGV%
zDvbDIUE_SB49r^ZAZD?<I|2#@G&ezvmqE?+*X@LM`BvHhwLV8?Q|NQpir?T1`KZxZ
zofsaC9WhMlYC(zhbB9rq)uO-p>m%!_$I{UX08H$B;=%V1AN|HsamQ+v`B6!4o$`8^
zYAb*HKjRp0qY`|^z#~>NT)t78btcU0gQGh3U&Pq*=3=<1ed6-Xvmo})v)g=?1Eqv;
zla4DHW+i<F<~!K;tDZC=9Tf5@rY!uA7Nt&x$55>z!G{O54f&4Ai+e(@15#%9$Apqw
z;Sq!$GzDTqz#v!4MYZ|8Ok+~PIZ%zj18}6pjEJT{bM>%S>@SvOO*iBQoe(tcFK6R*
z!?KR?S-c%o_Ggf1$39-kTyP#-0eN{lHw|njTn>=Tn`2bFPINQrdjrYG^qJGH7FMV2
zd0Mo3Tn{n_rtYz(&B3{Zr8bv#rL+Bspn~%5Hr&wY!uoxtN7$73U|NArQ`V+KrpCl(
zfzg?ABd~ExS7X@FEn`@ub|WeX^fuwK2|~ZjkSIg}Ov1vZsF0145Y`YFvbqdb1&WKp
znWX5{mN%x!;0XY1Q14{3jLdR`B6X6*NmjMu<r>t>WXrZdk#+_{voc1c&p1OQNykWg
zNzoz3H3F;&Vb6AFt8p%-_>{Xg$Pphj98m<Pl&7{lzt;3^{g5GXl8c?2)`M<X&SJUU
zeni1xnj0)J_C>TK>uhTzI8?ZB&<B#IG8mJsFk~hMm`4*6ts8#Poo|;=Oo9;(M8<SN
zAh=7!hwIGFq#gf^>+9Zc%M(uiSM!HePr)7EDYstQ>tq%@i_PktD?7|<ZC4Ln@8`3S
zEmja`S1HBb*fJ;GYD`Yc(>fOlPXA`Fw5xn^Q$r-2C)&w<^1G#7??C5Zp#*DLDG!1k
z?-eB78f8TLBAaw4S*<Efbk>Smn;sd?U~Ca4v0H<(CluJ!O&`l5w19Y@;$`ik62>Xw
zCL>iX8}?9+!JTgpwUchU)J7=2Yt8i#l;PjiAxu10G)kZdc_*K{ivE^|jQbO(wvN1L
zNczD2lTYPHZkjwCj3MfluufPFmO?(nSIL&?3sLrnrZjtXu@D;{rBJqf0l}(tcrGln
z>;dDCxpd#Ia5{V@#aQ8@V&WY%VtE0Wg%R{Zfr1jsGsAn~EN4TINai=7-p9TMY)^#E
z)MuzPBV25a^-M>+p-GmRA$-3AVR6<p-yo{hrM#?I?G0b7n|ggl)UBM?uIP%KPkCL8
zi=I8tN~?l5s9?<xKWKYh=)rnU=570G_28$Pi8L>d&f<TvVLHLmWx^M>>?>i(go@Sh
zmh&%6q#AkfnyVjgO+>C4S_R=TTx!x-1<lIEaGJA1TQw?H!cA=BmkG{7b(1XZgkTeL
z6(vG-Kes4pBNhZYR(iB=s~0GBQHc%cOK&n6>mmpVaTBm8&%<m!L?A1-?I8m7<<BZ{
z0Mqnooq2NU7Dg;jJwPL$ML!SBNjk8=3LxGkwkkNnE?EyB9XIbx6wAocfDJdHC&Q2+
zDE{S6%TNXk%cwA#(@Q}6Sw4Pn6s6QSzR*NE=@!IhLxZXdyh{Y4q0JV}V3}Vb?`(h2
zL=Yw=v$i{;L9eO_@0a-Hz8ZzVF&>4C4|Cf6eNd<8;HCG+G%bxrlrTgHoYV{cD_uW6
zp7K61d%7WY0nCvx=b%t2UsV0^DZ4FNtV(r&$PpRhDf>Z*u_E6=x1db4>j>hiS!}Gd
zO1hGc{;c6qwq!;~TXH)hDXF~+GBMHscVTUEOlaT)BENSRp<}Uh3#u=%fheAca9(by
zXs;=r3(<MHDq-DEQp!b2{A$5Igb8OBj7wUC5%~k`f>ln&{ulr4ON%OcO4_xA<cSb&
zX*r;7Qoytj<~>iDBO(~<Isiant-w~&e~jE$4t6Xa_0MEiS$nul{0w;kABYf>2~wPi
z)A-d2<x+JOWyM<lQOy?03c&!D7#Sc`fi}MA*Drb0X#u^@%vtE!tS!U44FF$SWc+QO
zlmBjU3d|*<83B}3A0!|^=@P&tUk1vU5td@tRLbpNeiY5I{A2Vq;K!aq@(9l-Oa!Rd
z!&0Qlq~-r*`hpeFUTVQs@F<$5Loy6>*Cx!^OKn-FG7CVyfJd`#@o4x3*@C8e$h0NL
z`I7Z7i`G+q?;u$K2S59d@D{YM5@FF)FJ9MDG5t#8WGDSjXO-JMzFEf`+KB8Mid1(m
zZudQ*7}0dl&-$#rj<P3t1RMp}sYVpH8u3>=gZ*ok+{8Jvl!&+#NQU1rHS)93FJo-P
z^$SIUl7t9}9Q}dR-v3gS%ZALE_!TnVO&rUZpkyJXkG0gb7QBEi_nD00vs3i@_?(IE
zyWd>>g4q9V8n89m9j9bQIag-r*pTT|PVM{B?wlk(U4$-Ig10?t=@u-&khY>-(k)E<
z&DO3^W_>THofFM23va9Msnpe1%5%M`verfjDN7_z3#ySkkYZ#4(m!nrXwo7(7MXVD
zEv0imsd50hOOuu7+k)Y{rg{PA7!pR5?2e+AgzVLjTvqk0J!c1_h#=k{+2)Z=(Vx2e
zz$LW^JDyLss1Z6a-8y<$8PwAn-I<fZxSm)W>46t`dtW(XXk>9x+z*xn1OT;2E>KF4
zE2o%53kFzSbasqMsA1C$5F5h$zTtBOa>Df3Ie*#~E<r3jMu=|#+Jz|rg4LK$jj+&i
zgwPBCb(M#J7esJY5c$YqB0Ruu&xM7O(n4&;iZDKthnC)Pl)%h|7Pmuc`Lz>4iIqVA
zjm6POQm`*lTu-h=oEHVlJ-A|Zf~%NTduIpvWnY^47dX;Pc+C%+o2>aP@B(DDT~Y{Y
zD9K}c_75`qEve2KHxd|aUpoR)M8u5xAzJpBx>E|=>9vRvB}&0qJfXoiV<vdd6OP4u
zq}RcIstA(nf?1%;emKTvc|aY-n>X(&oIM}#JUkCWaP%qd*m^`TruQ-8@{^Iz2Ok&&
z+QkTijmkx$i15A&YL8i6Wy`#;;#`iqvW+oQcOE6Fi(*#UFXns22`NNgt&mMe%c`)&
zVZ+CGpG~_dWcm{EpeBkM9uy5GqXS)`4-LPBP-hVk%TY=6D~e~$qZZ|me~+N*29m-h
z3A!Jz-n&u!rg?<z*1|<}oq^k?_UgrZ30QOt+|*IVCBzkFn_|RrCTp+(l!J8D%Ht;o
zY#PI~6-A;xl8wfgzv$-=(7T#;jhcQXnDMr$h~F{9I>?YKpgm>4@Vmp8yh8#$Fn8<^
z*!CeDe2fxkRuPCLP>NTkOjt`kCN=|_+T>$|6{!k4D!df-IWSr!HA_zGly-)w9W3*W
znO_v1`r(z2^vG)Fb4<#T)5=37@|QutYJza~)tlkLGg#qNAKdUJ9l)W!IQdCGvVn#E
zSgZ6anmQFGXu6zg+7Z6~RoqR4259Evj$Q=Aqa;U&&u`|VmZ?$iSYIanVkiEv;30_?
zgh-G&X>S;LJ#lKk_7cvkM*ip&&3&z0RVvq>>!OT5&$iI~E@H13Se33<1b6uIB=T$&
z@;o!se>i&8)|Tv+nf!h^j2nJ1w9NUZmb+qQ{l#7#_cMn`+;RlJ8oOGR>UijmRbd+J
zRIM}P;GZC^dkBWVjE&YA&)Q8DxrZ+Es>jv&REEDxe@hyNqoGv}q1rYF8ZO?&eGn+-
zO5W!zRB?VTRXco!z!9n}*8mqRYBlc9mY(1O>z4KYqltS9(N~x$KcbC1ciTmq_o(<g
zUh-J`1j@xm>rE3)T2}`#;zpK`&Z#aIymF-mXiYr+%$uT@VOC)~$CEpt;4E2sz@vgv
zqX;;f&34)Sr@vZnnFcRYfb)F7Q;3LBP6+*HiPm2*5ofG_E6;sxMg+Bi&kE6Vx2m<0
zTxh)>-jo+=l<9>VvUVB>X`a4YEbB|_l=ND>F#T-TT+s_1b?BfHtSRACN}Ouy;JG?D
zxH-Sk;ppk6t(z1XF_B&J`HgJ2h#^EUg@hb^gg?fYEB?r9zeg<kCRostPBFKjQ<V}|
zEIUc5Hzi>+tymRj)u?__lh{_1!$dm`5B<^2hF9EuU!Jz|-HL#UviIgzgm%IbNyWNX
z0G4$2s&&Us*7<E^OvaOcZ3(v5Q}6L|7Ms)8%n4B$qx~y%naN^3^a4q&>fy<}{}76~
z3!d0QeLOM(cu%EC7RFB<l(x74@7{D&)pMb_nTA?N3qF?&%6vP8c8c?Gigs=Te8oZf
zy+8~Hq^%}@F!Z<It76(E78ks$KpJvm1G99za{|~vP*77jIzGHLp@m|XVm%0RqT3bV
zxY_<=cN)VJ!8zKf8bbP1XKSn&N>`lJxc?xf3NW8>PSl}$rfkks*>U-&V$;k$dq*Sb
zNa~k<X{U62uMqrW06RidT_t?~W4WDZwO&*)OYO=QS(zSnPNS(mFBhjaWDLgW$GDc>
zj-OgQ1>5#CN60!!7KRer<!<6&N1Oeu)mIo~D#cPfK^0EDdC`lut`>~MIHBr7ALzgE
z>zW$6@DmFl5E2Fv3DByIdTNvxEvUqc*cA@@`-X!OZWMkd>zVbefDXgsA1avAUTgI!
zmL5g0GGY~bF%6_bZUd*K@4^?Y;6`W#5DdImwkzUVfw_g0nb>QP{Z4`+xA1>gTvT&)
z<kVE75WC8Vh_)<ZDttMgJcPx>x?V<XrI|)eMUATrZK;l<1!odQD~I~B14%N~a(K-R
zsbAO|_1$Pf?(FMUq_h%|TRvuF-N_0^G_^l?bh|TcBiK;%RNeFE#jmsYuogoWD~#kL
z8W$xEFl8yu1w>_?7%bPi;QKF8n*m|oxg_{>)_Wh&<zXN+8n@$sFAwTp+q|{jZ`ej6
zW38IwG>W?Y>$qB<->&s<x|gI#O$n0W$B^x#duJv2Z}#dWk!dN*vSen%33D3mTVuTv
zn8m$92UJo&SdxAT7W}r>EL{VW-Htg1thm#6wO+J@Uo!Q{b0^oXz1#dY5nRMc`~L7=
zg@Y4g2rJ!<-#q*r{BJYEORYOUdF}_N=l!Ma&JFeOi`M6zsc+YZ`zd~tVQG-RdcA$C
zO~ZgDRqac=&aSmLG_S6K+TjZmne-Vv9~jStK|*B71!D@EU_Ft86sIxMyebgUjONeJ
zPv5$i7*L9vAIZVeoT>EG{zTL0h%Hbt?37Ksmp6Tn9#90v9AUkZLb!K$lmOlpo|J;m
z?gU}?ix-hn7a(K^vL1H+zV;boZz$^L^+IMREU`jg9p85(Q*t4nW*5BVuA$@G2{}7w
zxVsr}TO)QI_vDIo>aC4!hQYLTnE3L1SN`hWd1(0|4YM*HQc|@qGT>OxIWBSVF(QuE
zcYXLwtX6eH3tiBToG;B!JncOR)k|gQBCZ=md?DXw^qnkMa*Mb3ElR(z4mz?&u~Ur8
zg@mT=bwnlZ+Y(cD?eS|<<Zr|=5k-0^{&0^lQ{%-3FN>7X-U$UsXuy*9a_R$}fH_Bp
zq>xMGr(_TX7_ToU4|n&L@A4~Efg|j`{{wH&@J7W*zlRKQn1QhE48zHv1IoXM7#LA{
z9DxMlfvs@e>4yIB`2zh30(T_yw-3y>j`Rla7TcG|DE&<bg`2GZ^tZ98ZeB|wNPi46
zQq~Nnt`)NLx(@h=htcCfNcCWYldABh?NxUyL+yTiG~%X-5eW0{f+GG1ADG^0f!q@N
z0i3HzJPu(l;`x>+z8tInRDdcJPR;UEQ#j7|VdKTho?W6V7}c+6WVq-gSNm|>nEo;x
z8x`LJy4q3na4m<M0}ckh`QcbqEChbZ-RUAS(7zs~ppUK0q${Eba_eUZR!8YaQ;_dQ
z7cT|=x~{egfcVbLEX~FJt&=ql?OSA+*C{dQc-F-d^Dq9<-Hn_jhrBQrWzwzZG4Vi^
z4WEwxjbzOFD!R*{iDVj(=$ATQKS-qxwYQcIaPak&&mtwCSCmv)<hF(_@l!l0Y6Y7p
zA>;Y0lLx2l=;QN72MkGkL%A&ECn@0*H?n^rqtA#;LDWG)vn>YpzX0|?3BU9IvLK14
z+sF?h{*U0&QK!=(v4c*=$Rpzzky#ke5zUU32>Wg@)8hk|_p8ETOy2e7*z2{>4Dxke
zr9pC31OYD)PGL7>&QRjJBtma3t-dWq$GmN!4~RmhhPPei<S65g_%Whx$4YsuXzzoE
z4C=POMj?sNBp*---lh%e-fg0&9!^Cb$PCYjZ7gSyq+yDE6!;D)r?!4`%sSUg1FHy(
zgRv53_<@i3ae_yDBv_1NGEO|kx5+q=flxZ=n9r~<aMQ>rDjIVZyaZv!XUI74yx>kw
ze;mgonxWUnr^kcgar=C5c3ij_{_%&_D6}DP{P?l`#~<jgogcB65N39=<Ti{xe&kaY
zQUwL5w=GyyjHI`V2!a)if%w}<X7d!WuB2ltZ~jhs<JY~&mX1Xkn#TGryGUz%|Bysu
zgcYC^XC|Oo_&v2J$T604Ld2SX$ib*0Od+&;BO!%Ql|*ALaQY3I3o;mSt`M91j$(l2
zVq)dXCl!6@e8m0BK+^7nghW}munxNL!QEA1ZXmAv<um$w&T;$TTdL2YTbYsy%4IOj
zOL;y}<AdJMi_Aib+@o^~N^+3fQPsUxewK@+W7bsJd~z{Z?nmOlu~MF*;3LlL*mOku
z9Vbl8X(K?xSX^F<q(jvZ1P-|vTLK*p<xG680;Kx42pL&!5tMoe*?`@<r?{oD6}`Jl
z{H}9ttmfQZ-G(l`DqOy@^^E<wt}l`jE?EtZFusx%gB8cvnTnq>DsYUc58HCS<>rkp
zY>uCM&`uhzYgL`kpG9$##W$;`ys@7!d@ui2o*B|tPr;RYbQ?D5R0<6>+G*P#S6AWG
z6;|IDs{HV@ou?~FwV&rsjjzj3n3AGvlW5D>voVRrSVZwq;qN-X!TzHJ$t-Xv_K+7q
z`VpVslSV<p|AowPv9yKJ;_!VgB3>KDk0<8Muvt>_Y5-V9`kDdw%p|Y|;?1S7X7%+;
zVl(*nD2=r>(o`awhf!B5YX;R^ESb%>vli)W2DC~-`-z@+4dk?1oKo%fRYii1>|TfW
zEteJ4-c61UuasdC0xeUUpj>lHTw)*n+-`E)&Bcc;r@Kjr6$qc<vWW5x?#0E*^{&Qi
zU|UMB#TINzug1^IZpIZrY?slmt1ibjSmhVw=jHd~N<g*HDueex*W^Nj_jFY*wsSw%
z<*c2@xH9Kkzt?NCmOOfMajti9*5XaqyE<D=FzSZ6^Gd+Ip9}Fi5V)6XZm*j=1$tGY
z)Uv{ByXtDe!ow(lwV)1lxCIN}>A#8K=;-9-B^oEbBbI`8ztuvRe>OK<E6$I2$JOvz
z_LggcSn8guf%x2Rx+dyN+;wvR?%}qpwQ!&JU28LqZ@dL4weP&S`~)>_y@j^cbMMu_
zR^5Cb^tftppDiSGDBP~fI#_kR;$5qGi`Bqa-eVv1xNUkng+LZnl&gO;U6yps6|`pk
znrhnh@D}CwQ5#O>%Gz$}m9z?u?e^EJRN30WRVZ$|6&KTLSoM%A2l-I9(_)kNbw9PV
zbWb-_t))k~qZZn~$6Kl%ME+hcscX0`{)T<Vh%c`XI~wY3FTgH|(mP|1AK~p0iE*cQ
zD0Zcao6=rxf7&bG%Swu_?UwX?FoJ}P(w-E#IL1=n$Imgvgr|8chcbSYHi|L@Zf<Zt
zm)nvZ<wv_L>F6wXSIR+H;;N)WxIbRr-bzDOz6hj@lV7}+Yw`2N1`F)Gxfj%C>2=6;
z*`hUUBxNj-6`fL!Xs^H!Ee2xaIQA;IAv>^gW@xXJ7g_+R7Gk9UABGXKw0J*!kgcJ6
zVT1IB9)SxgHh+&ykO-%<5z*IRx*!o&DVtSCJf8+I+F^5M*D}B8zUV%buzp2!K5fyx
zT;eLfi;|DXK{R@|CMiGU9)|Puh%;SnnRxv~nyDd?`esJ_7(E>xot!;W*{{%Ur<*Ru
z&xKpf;reK7D&Vmkf2yi3!I(nT&r5c%P;M-<Pb;onRu7QxkFU>xZ^+PVwQF+nX{N-5
zyt@W_T}-=3df80={!r&p18KYn;%Lf|i(RV{A6Im$mQ)#9YbuC;sH3#0SiY2;^~LdZ
z=viqkCfjQ)o|pBO7J=LAHx_;8z$_*5E`zazs9Pj#l}Q)<Lble7$w?i4^J!bbgz%2W
zQ{`~nB$unvymX9_1Ii~jZ}c+AGPgH}{V<nSy{Y@Ttr{)d%QY2Rc!c|@*6zJsOt;#N
zo-NMnq>%{FI0|MmE7Od`7$nIF<4fe1De-1)H*grb?RB1ay1zcP_>KBObQc8fZ#!w}
z9qB>Nc0{#jTYuR+pYQ`opR{b8?OWluKF2d}U2Sx`-R|N3KK$G5c60w8KJPy7{iV0R
z+uJ+r?eFhC|4X;G|Gc;N7t~!B0##4KVjTUYyK-Ck&V44&SE$`a7m#O!|A$|TL_7|m
zHQI))<{~8i$xFUv`FvA`tfa2`czrgoR&BRqnY^2q5;uH5hF~3Nj2*toIKeCoe16Xl
z#-OX}pp*D-%-GUl8;nStMEuSk+z_8_qwjyZ`Wq8EFC{d<jFCu2RfQl23V@2gk!!s3
zWD7EaiO_KUCtC;sEo$8pdFg40p%#(>SKL10*H`gMyQKC}Prl2pwSCm<ikH>*z&<*V
z<p8&3?vJu<QL~SJ`Bj6Lzr~7A>e|~!e|${I(v*4N73HDc*IKN_D5&y<(_DNI6%}?x
zz|}}q09Kjs?A^`;8~kf34e6s+tE{*Xp~&K5Vkziwr`0J_@47B3WTpB@zxNlwRRPKF
z>V1^EpKA-l0<!FOttRxOkBqB%0fa6=$T}on^wBTq*OZ_o*B<^oGS?Rr&uPU(F?pGg
z#1^+3`9rPw^gg6sJ7LmCy9eFw%qVDFdej$jHxb3ps3NYoxD?w_ca(Z9<x3aavTRzF
z7JOJw+m_yUIV3}Hpij+(fx1*#3y1i<m|2%{X35ARX<{!q%WA|Jkz4J1;-oZ{amUi%
z2(=Y@`m2gaWTKcw($GhHa^p3m4cTi`;?PG2C1X)7btoT<`zNL;*yukreRmJ6^i{9x
z(0BQZ69*=Xt0S=%?8f)NtRYd=Xzd;){=AL6&Y_R~Kp$<5Kd@HB#7)!PNCcm38Dk;C
z!{G?eNX)O+eDR3je8T97YF1CGxa0wN0jb9TlP8v@y$8!E$rkW~LX_$+&F^$pVR$<C
z#_=qIY+-qhz>@~z?{P}&X^kPI9SwYd>d<)JM}vgL)Q8_d!5I$q?tf3>c+R&zmqa3>
z7WL6+&JPnghqNtF)N_2O^je&J-$B(O{hjpDi{96}I`{goQ?Px599AyH9&zFhdOMr5
zcivkRMCffe;eRTy!*|}x(MwUTkDyo?v}wR%lti>+)cr1CP_Zp#9BqKnQKC6^>!`?-
z9WQWjDRl5HG$3CFQQSv+d)>pbIzFBev(7o55y82Y)kzqMiuJA;Uzb(&_}=?_;OFXH
z$+vxUeRY(p8e+!og2?52{cj>kB~^=%Asvnj?O)3BeRM@w+}qvT|4M^+#5YqE&qLBd
zZ_fu;CqEv)xjcS7JQ-dcpC28+-9~R;AHO^qzU{y$pPaurJ3hO3{qx%ndMU;NmVvEm
zh6^-uH4jN270YSJ<R!yDWC16|4t0h@ZP%Ozo~zCPZ9jtDCv6%&Wq?vRedPG6>0c&6
zF!9J6zNmjiAn8>x$ASCi_qK1Lh&~pQUB-?BQ7s{=V-$FViU011AyNA@qzFKK%n$bw
z@twehh~^RK%C6+?9d^uMEMkr`>Joi_0YXO*L9wLMaw`dZZ?58b1|#gLY?dw#V-oSX
z3>&QRQQQb*5d>Fy2v;d6la8dIf+#FZ2O>#_fgnR44S#wSU(LSm{`}*)=lK5#f8PD^
zo1b^jZ{42`y8qgpPDeA>yZY(J?x_29@}GYN|IkP(nJq+JH3LNRsfVJLmR-^njffZc
z6Hc3l>b=DB#O=%PZHZnx4%!Ug5}DMfjeS>Ud}r-A$WJyFV&5lGjY%i(Z_-vHf;dER
z5UDAkpO)I(2Z|~HqAhgtvXn^vWoF^Umnu*}RLhUPczfcr82b+4bP(5adz&xSR=3W^
z6;QMB64IW(EEE80y^(Y1euqHTRAx0YO0qigWhG-Vn_DZ#hY9wIO(6)ZU{Sm|!rmR8
zGsI#%m)jzq-~TEQ#q^!vN6|MJ41sRTSk+`q-)A=Rvdh%B)7I?$L`W)S#AgU#D(lOC
z6#pzk06#|eIXKbDK47T#9WxeABP<0t_4;p|2E3Z&>G^czSi2<s30fr3EP>;;9o{1x
z3cTN!&~H22QN1WWht+WJR27`c^2^M6Nn2*oQ9s6xTzgia555G8q$yj1)f;~CU?_ZO
zw-H2_2DV$A3*X~gjDip-(Ej(o`)Bz5>%m#35Kvh1_jo4X_fhNlL8q$^*lXfahK9tC
zsZTugZ4@M72VDU7$NLSmdn*XjNpE}|$A^min0%{|=<V?M{OaWV`1EZD9brFRPXNUV
zCgsWvFp}F>oq)C!j(}qBw3odYo}xHPSPZ9P2VI0h;&2bRFz+gD$cjs<%@UWI;nm>$
z<>2(<{8(I6k4~?LSI4jKflT6tleJgC?E3X7%y}?Tk<q9ACyBg&_Wy^!`seylx{ka)
zYDN6dj`(lk=G;Hrd;Yaf#czVZBiL7p2R^ja7d^NK1Q{7Jua6-4f`){4^^>~{TnttI
zS#uw{A#-M?F{rVpXxR*8t|}pSQz8cQywC6%N-<7$eQdYUX@K1k_BcPB21<vmc<|E@
zRESf8Uj6Ikxl$HJWWw3qNJ^j)@<s#KjSK}BBuj|q$bp;_HH1W>{88YNKDr*JaE@n~
zdij(Ba2=&Aj&K}AC}9adLhH0bIJCYBg!;cKWPF95ZArygHpIbWYsN033HFu79i%)p
z2o*#VAvXF}o=4h7AcO&_B!`ZdTSc&<Gx^Tt|MEY(k$X=%y1hm!y1k_}bY<<7Dd_eL
z{oF8yp{TiNAhARrUH$vZ)Op;8LVcrCsn)4zBaH?j)sn?K+Tj@o=^;i^;k?u;Zf7SF
z_93o(Tdw00>mc;>;_?}=7G)Mf=;>hiEY-cVaY#32I2$vZjTw%~ZSZyR$h^j*TH%1V
zK>Z_rf9WH>w4t&ye*Xb&aH_m<L^0`^l6E%4@wAVGS4uXMcKH8pd(uv0heJ#&fD-aW
z_xb*l^_s<4ElsjsmHEW1&@B#f-l$)HW^<Gc^HhU*y37nvfL9Xtd2g<;!Jd~XMW@7*
zeieNC6Gd0FE%{35f?P7DzEH1Ai9*7Na0F6B$}qdd)PsbBabV!L3Rm!{*s5S}WZ>?^
z^cKg2p~2}li29R=Fs9Z!{7B_FP&;S(Euoxiihiv~9mgyIg;x^HtvoZub=z)GtAtvR
zwKEPR1H0o=CbC3o2*6zGpr3;zRWT5OSd75TJ`P0pI;Fg@AX6A3FPKdDG?tuy%JIW~
zA?6pln-X=91(R%Q@ymTA>^u0B@`b5`M{bG7$p&@+)K@o!Sm8P%$fYdw@H~|*;V?WE
zc$lYiYRuU2f{A3WRRR9`G?-k$%RXuiuU=kUU$rXg17^AEr~F+XwNB1oU6^(GQS(L~
z_HQD>!oX+5f(I|B<MHa`^tdi010xBj9HX>1Z}eCvMU1qs)rge?G!Qf4HN@|YtF&a5
zh`yAimO$8Sp$v1afu=q1TpYe({1jj@b(p0iyu>iZF<S<G8+fA^I`lfY3+r18n&LxU
z95pZoIw_QuaKVX7<3==t8n%V30m`A2+uYkXWZsVCdET$T_vQ`&4hAVOX%2p|Dd#ra
zRB0gebTXG{97O!i6@wkgSekJRei|xH4xr#WHWUSg)`kYXnt*=iJfch4jReGhOHk4V
zO6q}P?7KK}-<-bAWbvZ5f_y`L*9tig_y_8{eW|Mj4%Wd8mmQ`M^|tmY%1ayPCw~D=
zc$D~YDk-uxl$L1F9Ml<v)N*oX@S05?4Ug(+^0^$$S%)l3JEh>F<2eV#Sk^j_!banG
zLE@G!U^-Tm6%=7{M8izzkV*o8GD7wsEL3!^Scy&ui;w+V8U-`Zk(&!zGYUf^?A#C^
zC>|xguy6p2OTK-7aDv2{jxZx1rt?um-4E=Y_dz!xD_EHIku*sb3Z9VoNP6WW@;)XJ
zzZx+*@%fA2?rs=ZC<}c8_0e!RKtE!Sx|;UQzZf0AkB6ep_jfn!I--W8tVSb)p`oe3
zLXaEJQ$x`b1cb?u^1f8orD9tVCZ`=;Kl-+l8s1ruR@$bLZXNL(e&cTOO?~xFtg8<{
zkol5*2s4AOI6#T-1<nl$g&5w|(tbZwH*`a*+8r7U(ZHjaWu|5r-B4HD06X^K*@hBQ
z?@vA1GcZX*-~V)l81X?r32wt+=|DRK{rl$b<oBQE`}^;I8hXx8{uw=XUeI@6v)ylt
zT>_lSyP>1capBjnAacYGJs2txEe262UqWdG7#5CBH71<Rp^il62QvSGy5-pL1|#f?
z+-DBIFfKo>6#`cZVC5P!T86HzvE|B@k#Cu=hPTD#P(*M!MC#1#tRa{^VuEV6^WXn?
zR)oD^q8a#SR!w4*)rv{Y4s#Jcz=!`EL>WsstfRp;|M@xyVstcsGf_@3bTrU6g35hB
zZ3F8ZX|SRi>Q+>mUseO=%do_evJ*fjrH~;-84;ZyE67e#KM-kHt<HTc?RRqC9~MhT
z=?NhW`aWb<K3NYn6U06;3oO&TZuec;u3?E}ZTXv=dx+^`(gDmE76U!Sx1_?;MDB*t
z+Ecj)@%bm~NbX2^B3(0K)($3L2InL|3_?&oaS|Uz1R_CTkM+?Gi5<`ofC_C#dPF!`
zk<M={(45vPFBEBs1{Vr3r1lGiO{rIVPM2ROJ~u(1z^3Fnq3E~pI$;1YZxb4f;%y=l
zLIKirV^Q_$-2GoAe4}}nV2_R|aghvj3O0i|<8qnfo5k4k^xab#$f;pbRvN<ND(}OJ
z(D<F}_mN9x0eO#Sp+`EpE!>#8!EV_+hmZBAI21P~HoR#@PSNI<aX*H>SmrXkUo?-i
z%Ela4b<4$WP-0!eVLPxUf??rnb#z=JO_CdbDo&a><kB@nUZLA&Qbv^>K-P(bW;hHv
zP|2fsqmvK`M*;ZFmx5xt!oX#Sa{^wFxKgDk??+&4M;$~%ScslxGs`;YLe?>>fER&W
znk3a?oqi)UF@Pq_JBcWk@>7_3PE2nJ=Rf!)F4$KJi(8nVN$B!@hC`kPEM{oTFE|<(
z37x`89L#tJz*Lr#jIvknT>o`y%d0IV%3>On?|8h60%a!03o0OJ(ZLZD!j0mtQ?YF8
zwV<@PYAaN`A7h|F7lou6kF%X}rz9>=Y6`*_IRw0#QhQ3|^7=oNckN{%c8F?)Nn0A=
zX$5zq^Nmod%^-xegr9=w8(*Io>d*Vst5;~&KMCD>wRT+_48vmm<Wf2BpwS%p6Y9T5
zK_rK%dNH3|GW}8%OA8yYY1Xy}kYuFV@`$j&yG`c}-%t8zcekVdpT7hw+G;{IJM4_Q
z;<%z>7%KTW052AuOIaMzQ6g$dYj-|o{JJEM=MP#eKLDv$>Lcwd|EO)}4SS<!6RO0Y
zIdoRWbJPubDys9+2FJl)G{YLA{C*kyMjCC{s`aC@T8i?teooy7)fXuHc&W9jrL6#$
zS4-!?tzRu&-NNc>=>q)qs-<gzUsf#*z*kpG=fTueOG~E<U@VV3%)ns_Br%-DxCn{=
z@_S{UWgHYv5=F$1y?Gia2(q4LyQZ<93WJ;(o=frWTp2lO(TXtB?K_!<lU&c(^MX5}
z-aURFVxPfAon7bQJ8`dqFz|v2C7Sj4EJ*xVxHT$hZRC<sGSPOj3>UQxkEK^&>Zf=E
zs@(Kv7zCd7lUWqW>BrdkskN0FfWg_!JH<JK8FixI<^|(i17~YP98X2Dh&UdmGi6Wx
zn#7n&Z#JPL|AzW5^(SZGO7;_`@v9(uMI#m;1wQ8!!LmwEjM(r*lc{ZGZd)ldJP%^t
zsWeP?`AqnMA6wd)B{*1*1u4fn9GsoDRV;@w!Eq81_TT9G1kH$_Y$FmoO&XNPrAP2B
z5jPLn8@Kdq<G|eC8q!6smenazh84&L+X-!Io*}Er_|+IBqBH6v{z^u`2q_A^WJ3MY
z#*=UoVYi(7$(%}~#0L?%r~z{RX%r-rsfrlDRKUEF#-t(XIdHP2eBhI<B9m!hIFH5M
zasWNPKFJ(<I_T))?Bx7gG`zStS3CqSbxn^;nH>d1VWl+Z^19Li#R?8X@JGcr#5V!k
zFCBblP&enEUuXeauO=q^LFM(qq)3`kVW)FPJg<G@2Y3FC4Hr>Yd=Zw`$0fqldOazl
zRk59Wqn7}&I=PY=-n9{nzpo}0FQJxSLkeZU?ewVxT}c*Rb9JKJk<pm?6J^4i{wyO!
zTA(Q*(u#IERKTsILRxQiQZPCTJ<`4-qqa+#6Wo$$o;H%csUS>RW(nG)bxX-p0eumL
z(yEJzBq=0k<ls`<gbV&DPfWc~8D(UF%LY4f4zislN9AxU36g?ceaeif8(6oL-SL7Q
zWp}*nhN3{1>?aj~tGAQg@p|ZC-DBZHjwJa5TPjYLqKXFJPM2!nm6Xw7H=)o#^M}i?
zA)KfiLgrghHdS;u4XKg=FOi^Dfv)CZQpin6GP^n*qQJM3Mx)G5L|A;=+W`xwe0!Hs
z5Q7Zrihs4ReH!dgm6gU)OOwxRbTKg(He8dqX1hy}x;Cv<oRm@wl=9`FDX!XWLUh%c
z)#<KUuSNPM8WHSy*6Y&aX-Dc~)L2uJu@ztqT`;{Rek?6sRC%~Ab|gBT%z%eC2QCb;
z$J)0fqT_j60PUkzAY);rF_w-%)uIP8m0qLbqDzF$8F7(=b(~luER+Xd3$hOJHyWrE
zm7$cS@m2wE*<s|8FrF$R7wH2RXu1?#0CFF-dIcot*lYqvdf2rjWN}3B44J-twVLKo
z^!~TwpsnEbQHvjKt^E8oSCkU436E&;19ZijEYNNVq9ml!0!u}(`tIuLa)^!w&}ERQ
z+>p64i}y0HERAp1N4Zf{vRNIEa!jO1<ojR*ntN%rC?ZIT;O<&%_smj8h7ZwoP{Pvf
z$yQ#YRpQvXiJI}nM$OP>K-&wj`{+4rRt<-t-hM{$t~NmtzWAUBkDa(~^Q`3oPE2S*
zcO1Vh445S6vU3C~pOsTVR_A~0_PV>zbNL?+5BGLA`5zzR!6B6)ocri@cMFGM`tyJv
zfLksRYIb;a0>)S0iv4A48gK?M%~K`0x*bRZE2E-AKB_J1@XCt|j`1xo+M!OcbwlQN
zLFBUjR$JJ7ZMD_Lw#7N>6wSZ=^B=dp&Tg;MZFm2+HN#Zx>%3-3WY8^Pwbw^y!4%JC
z*hPa;;^O(7OgZZpd3{^@tyzFa$(E>?Un^VcK;LTDp-9^XpYyh_h)aYtaA)k1_d9V!
z$PVum{A@dZ8&V(bgmYNA+1+9%CbJMCa6>ZQovMYsCA9W9bD!9{)kl4Av%CLUp341y
zO}T&<?El@~^KNecf8ISj-0c4k@qDF%?2F5!2oMdkpu;ccnJ@0ogR|4NU?stRg@T<d
zukLs_%2Ka0$!|*`3H9Ru&4VOD>HgH=%=KgUd-I5=a{XsV%9|<i_{F*tht0Qw1?zwB
zV1L(K|GT~2z20X1Kg9FLA3J|Xw{+HrP-1*lbKc+|Gfoy~O8V&UJ0Cwj+2X~XY=M2E
zFlE+LqA7!FRkW>)qg!Gl;bmK>t$l<Irz5TxU=ZH<Q5-eA=*2CGBI*+K0mV_`JLqr^
z{-m>EG9J_SsMXe>5#JR*6p~Vsjnj6<IX^rchAN%jPee2U6=L2H?+ZgC;^2f4#DbZT
z@eO)Cro?lFBp9SFN~S;=dMXV@U!D(nS?W(f=<}@eWb0&%WZFOhMamzf)t7ijW7E?Q
z^Np9IukbCSFfWs%G99NxRbNxWriDsN)FZveG+2LyF7*FVe|&XZQ*sC}o!5d^qIQO_
z@p=g)!-)Fv7`6TnYyThC%E1#&H=A|kKXUU?8)m+SRF)yk3`=8C3dBSe!wscc<-O7g
zFaDOdCG-IT_F{*i*8gjv)|=L{i!7MUz^{EoJXVgV_$~qQYe|Pq#c9(=fBb={?|6xu
z?^Xv1VENCCc*KbVsou=WiMcNNIY{rX@DYb$PW_VJbN=|lQs)DDmjp3EdcW;(gb>Yb
zkLCiDnn)^Caw+A8vKI?!m+x-dj)=I97O5q+gH8$hR3^$Zk%t+xXd>r#|6D)-DOa!R
zm!6yPymZ$x%XNe=m?()5;&`i#=4r0$*>2c*RtC;Dx|;40Imj*fN2?wf>pt+<Cw%o&
zlmC;Fm*uX4i{yWYyBq%Ru^wIi=acv@h`@7DEF`{P_OKUD@!pdy;Upque^0h%B*rd|
zMZ~{!6UuKTZQ)+op2T;moOG4V7Zy&qmVH1vYzmC>+7cudt=LQZaB9TC&v@q5to{K}
z-z9#G_6vJ{Jv21Mh{Q$H(=<Uy2ULL-XD5N=>Ufa)JmK4|tWqXwl#sMcU{V>boF@3M
zwup?bG<hPZe;>W*rf;y4@3!@NNI3PxffIOruo)<t9&qS<gv~yKPrlk_GlK#V2$#K<
zK9iYQUkQf$`+G$cnH{y^%DBzI;b?erc6oY?zEV#8&?E|c!S{1CQ}t;YX2xnDfxbdx
z5<632V*%lrZeFN_VjRZ9uK&vYzr$HJI`M;utkT9J`QO38enI}Xzqi@{AL986UE(+<
zkq>e^G1kK0X_Qc56%=CU22Vh4Ck291ox%{C63+t{dNjkaGo}7yTcj(dw*(B6wD;I|
zIRu|fggMvK5Rzj;%+7d<{_9x>UHIM{1wK^eNTHBK$fJ;ozVmYU210{zAoBk4<Ixbg
zG-6M-Iujc2h<`*Uo@{kSzehXbpY+vqvIGB3U$9$$M*}#*&P@`69E7vx9d;M;e@6I*
z{}a#num3+U|09lQkT7)e@|d?SjZdCzb*M}5jw~DnzdhON+%hL{$<C+A30AKE*T;jG
zXUCnHyILCy`M+K-um9~GZr1;UJYN+xnOpz$i=hMF`}L_(R?^v|!=@nr;>_U)yA!e_
z3%8+coBBdY08GvQkHvG3{A29lxXs=rI3mx`fBkZm*FG+2fR}G;#p|>&$SblJw2_sE
zesmYMv9)C?!?*ta_wRxk3GsyV|NeLMKZ}*X|J>U8>ML}XDXh1)J|HRB68SMdpzFv(
zAGSWAcDvn1;ve+~yf5mn(T9Sz8+|C%W}^>)#84Qh9R)7g+Nz1XUhENc*n)bm$-9I`
zWJdg$ZEa<e+CF-#nFYMv+G;m?wgyQY<br4l(VV*W$oNISa6H?bI_S37d9F`0jVOK)
z-35XB+fG_~N6LcPj;QwRu?`2F#NfTNE~6jqS+xJ}ck}i?`}_MF`=1ASn%V!nI(d14
zb~|14l>fE+Ov?tD^G-l2jGGzt%OkfW!V~IGAowQmTrLqwlj1;!0WlH-pEG}1UM1?I
zQNWqXU_?D3NOuXliGvUk2-)t#PSANc(<E3kTi{IiDVQY*bk<;t^t~{uzLZAQ5KI+3
zp;U)!)^P*phD7Z}RqyTC5N&Skoywl#{=X)pAMIJN{~zoZ?0@#3clS5@|3f^|180pJ
z`#o;!sl!ms?7%8Fa3LsNF)y$sD{#G>z<|%P8G&>8fQ3_*B^$7r3wTMNCf%c{nLksB
z(~;@R)XbBq1f=f8ROQ2z^I)p-U&?teWxh)dJ(sHdmTGw|RroBWv6E{%DcN0=DjbxG
z?n%-Guq3swk=WPn$7Fgj89q#=2a}2>5hi@qboHQ(7WXCPQgonPigK<?C5}rK(9ME5
z_;ONaQ{pP8;1=-^Ao0Q-ji<`1rb)bPO_O2{^<|Jn(rN@zCAEE#Z9>YB6LLZZ=sfTV
zIvJyRkf1v(6!SBDLl6`DCI%N@U&O^z>5w3_7j+U3N6N$2^mv73%!zXuxFU>YOlM>p
zT5+&1)lzb`GhyN~1`p{uWPNaj&P4g|{*9rNOD&f2XwK1(h10P}Yk33(PcFsw03Zhv
zVjnu05`cr9;rDcw%+khLOr4uKAjx;<900x@SHM5glTSFZT&ft#=LGI`Uv#_H1FA9^
zv>0|h4RkRHG{9Vx0@}=!tmjD<j2)XZnIE|g7|3!kk<6)Cks;ZdAK8)}*+PXZ&vQL8
zSkgw{a~DMxYinxj#a&#*)6wvAye}_Dn~&pC!5Ff<YK_A&lz2NXABG{rWi@w4TbPYM
zgZpFg{<kKhZ|zxR|9yCn*Z(~4?sqr$zlV74*Zy1Nwb<By-=F=rpzy~2`%hy3Er$E?
z?Y}u&wa^A!X0^%LFWc<|bpvL7*ANEG6{h0`MOH9({+w*c<&;VoiBgFN(A-5JZz&&)
zghg#$qNP4Z*q;#e*Bdh5Mt{A<9$&y}u}XnaM+%2{m3C(8$?HgiIgsCom$$ND-jY)N
zU84({;HbJIqG0p>$Oabl=T#J_#1*2#4`lwDjQghPA+Kng%zxDv;m40{-qE(`Xj}A5
zK)E4vv-L8<-P8GB#s3M3(~S6WXTFLupql^d?e@BRdH!#|x3T|zkcaO}nFbh#A=|m_
zDP!-K=>#aV_s(s@n&*XFO0_J$H3M$GCI*+6Z_Wp2$7xQvVnbf)1C-fHTR0!9xp>he
zdj+%bRV=}mH~!9qvzj5ZdMR7a8Hj@&=BZ9*$St$XX^c`|ZUtMP8xYURY{xRB>ci3~
z2v41I6MYq*F)M8jheCi+mpC}eJRTx)7txpu!tlGRt4okQMa&GyCt6mc0#MY*h)-b9
zs?Y+BLr0UpYdFETOHDMNA;#gT34=Z$U(SjbDDzV?aWLY#Y4aj|Yp^C(R8w7v2{e_1
zYI8W7r&Snb@+ZyszHIj>4zNZbOUE+8%KjB9T8d{{81(UDzwkN669Wt*P7(=Ga7^CE
z+V~(8CH{b2GZOVtuiNbwKAi{t>mZ2rFvSS+Lfjf)U>2K{NZB-<&b?g&v(kz>TU1eB
zE*^dvdFlsoaTS?)1kp3}G>Fhs@-AOe&uP=qvb~^IF7o9aYm*UcJ!=Le2#HTd0Kp3!
z?6safGx{NuZWttOqn#1;ci7Z?*>=p|AM~I6*-2OgHN$y44g5W{BaENej!4JojcC{j
z=ji_yD&jCq%Mw41<{*~u=orY=q2mr#^cv>c+Q>N^W}b#wqv_(h4CJjSUkQ{}dL`oD
zYJ9C|QYcE#aHw;);wks*lA-OLnchFkW^CcPvzEonCe2EBvNCSkwgoLfOuO8yNRp*+
zGlcSHQDbM;%cXpQ<#_0I3ya)N4*OcRBn3w;kw4qMZXN$Ji??|-4+(0?EZ(hWx#`*#
z`Km5KYg2T<s!r;igQdnnruJso{K%4#Xr?0dcacC}-riVs+G@Nyzn`Z2n@LG+$XaTH
zYb}~z?TQIjoG(t0IMWek^=H_0K8mO-Cs^S`93$(HarRCc0+rCn8MU1#Mim4gv9se4
zFh^HNcbq70mCQb)P##Yk+4Ar5nqYm=%l;Wf$~S_7GSvdgEK|Lyln!wDWVPjfYoUfS
zUe=#cpYj#dP60j3byu0Dq>+|W8heab&I3p%+ldK_kHO@O-+CK?w3jU*v{G6&*to0a
zc5XY;YH|7uJc=37IdB@<c3?=Mts}uJ!v)^p7Z&)=+HhC;ZM}r$c&j|wUR1X5IEPxh
z>KKx?Y`MKb3!QFdBJz-I2h^kOu*>YP6}#(F6cTV2trY9p`Rvd0TBkWGJ<e0Mwl+^&
zgi|E$V~a31&k9eK{9mM~atVv6FB~tU#9P8OV3GgVZXy25Zg+oU|NkIQl?YYe%}qT)
zok%e+vw8D6@ks56F=E!uVviN{2SxS4MtiV?_JFf>HvUhZB>cZxo_+N3W2a1Y(_yzx
z$MF(=Y<A$p0_{MA$7AY9iLDrwVnmgb;nm5-o3rby>%pmx=wq*lKi9K(|G%YCoM5l5
zymgv;hArCvpC1<De?9MQ;y*mdQ&)x7eE<JZ%$uR|`Kh`63n%}Q?3kO=;C@a6L9GQ>
zdl^(rFIyh%4eoi<I1Xj$B?nyUt<%h7Nkp}~iwGdpubEg?Dt6QQ9G2ldAoDwlA2t9%
zl2&gcjW6z-B9o?Pt8F6NPgdD&Jt!J7LbqkX+wKUROk>bYRv8ji?f=sduf+{`!T!J7
zeZE_W|Fge||NkJ5sT<=XuDJeoaofkzx0d=7%}S`${dP%{q0Ro?ED$88_7!*?XWB}u
zQ5XMEH0&}2Knn-Q@SN7RIX-i=Z>qHJRh=)LeUqhg<m81GcvDMjqy>)JxrS@Ov}p<e
zYw77N`zQUkRSiR?oiAP@*WTA#Oa*JjUpYjSOSmkNdWe^zVpLcfm(4xx%X+HLe`Q6o
zlJRei``^LtVgCGo-re|rJ;-Ao@Y$ih=-O73yDePWHYUJpI`-`sckGRFmaii8(RtvK
zOBtlt+}tx0G#PDqp&eNr6SbW2@lsa4=&RILxZwA1X+7`SpPgOCQCL#kFncWv17J0O
zwVj!dy{hX!Rr|kg$)*{Vu3i7rJ$#<m|MYe@^1lap%=@3kTC@Cs5CO|;iuE#AxhjvS
z%^6VV3=muTMTp-e<jGb_{3YDqkmh=p`R{!|qr-jTJLblwVX<NUznG`E|F0?NzxFKH
z|GS0!f4%*~jr{Lno=yD!`;Pzr*dtv16xaWng8pky_4@C14-WJGzkAQ0Ki{nXhj_k{
zA%izT|LX<)|2zVvZn6>7iDKQPRw0h{gC{_ctv1Sf@D)F(IP=d3^9M3V9}w7ge@KHx
z^1spm?|cwpOvQiIKgM71YwH6lyR`%(PBioZz5V0kTlC>mi|U3<+|!F*1={x;6Auu|
z{I0E-6vNu8TB&0<izB|Jd_ZqoElaIXmfQM(rXe<4X(`Q6tN+Kx?UvO4w)%0DknNVH
zrfc<k-R+iCX|?*l{JP!JRDP{~Z@X2kTWj?Xy3nUu@tYO4ndYiUoP4n4w2o4|eLx;%
zP~n$fd4**nH3QIsv$;WYJs>d9zg}G79Ap(AAdhr0qOVp_b7(hEvV|DdP+N#lj3*{Q
zBigV5sVq=2K+8L*=`&Bp^KAA1Xn_+~zf~2@v$fsgCrPW{%3^u8K5n-xu{>M--Gl9x
z5y?}$GUIr*`UjTz*eG0Uv5y_ut6X1~?%-Q_VwS~z1q=$ldk;kBy>5Zb{8b$?H;V@=
zdnpYDJ|O5gdfS6tz#ha}R>^$rbef28)tn?wn6&z>gKl@$;=9`{i00z=8Rgwp(We&{
zg)ZiTWSb~-M57%iOw6SP5P?Ez$ZUH}(Pp9Y8HL(LFzp-w)r|#>t5DfxwQC_@05P;f
zMm=qM@yctCyKOWMP|`{BqWhxDTU;vowgES<bTayP9{2=$_Jv30uA+#It!b%H+I&gn
zcM6E2E!NU%@w@>mDf7;?FJe9jc1K9V`QLeNt5#YCy%iNpqLPOz&$Lj?h+qJhI8*|!
zz|#)g2rH3iJJue9T5Ga-Yjq-N^9$rA(_52AzhQ=%7w}rMz%A1M_6`nm^1p-UoBW>-
z^EAu<_I)tot4*yJ1nYxukdil4w^Po<ed{F&aAqVz+RQ>8o|C9{hPIUxwCPQU5eYwq
zENvQ2)?97%MNt~0wijTRL=T)_P4CJk%i8Dnl<oiP%mTN_|KsqmVE?(hw~7DyAdk$w
zvA&Iclb-AgNKeLhg>iOVXro*J_Yg_Smd`vU-a%@xz1oS#_LfLIW`}N1JSO3P3HgHx
z@oV9|p5;NTfP8`p@phAcXvzFT>)Zd!&i{300a|eW@9*#D^1tqO_YOApUk~!!Z~h-`
zMs2bH-D4IYoz9zFK!1{4K>DCReny~$*?@F(o96^7?j#E{16k<v=gJS1-=~!-06Pw6
z;w0a`Xsl$dfv9v|y0e(&I*!1h{V~lAkZuM~twW^wnm;Q8>gywtt>zs3mi(ht4@{jE
z+bGqN-m5Pl;ZnXko3u+`(6gBT|1B7?`^^8;J>1{j&*y(S*xmSlKgeUc_l<DuOtsK1
z-v^_GVO&b~@U=L97u6f47od%&D7fZ++0KBeLwFo}(uiU(j!E>2`jkzH+ef`!k->UF
z&Zg>-E#~H_$nj(wHdSgRZVzozEtO&v5x$ef3afK+n~}X{8m8(2Pjf1@mP@LnWl4DG
ztV&jntbT5#Dh_CIhNaq(((RdyV(L@#O?#62-8O$Oll!Pn0wcgNi9FQ)H@dtSUWxdA
zJ0es$1itGXba%Tu?-ClT|2?V9Z?Q>7^m(KsT3<q<O-iChDT(xV50vqtK%$3Dj$`Zn
zs_9fV=|{|$OQs)r+^KlKc|`t9cYgg@eE(0Qz%6YGw8;K*FK_?3+ub|d-Q52l;;GA{
zeuYk{LwrV1OrjYBy#>E)QgxO6Dm6R2ySwY)5Ia)>mYSZZ$97Inj*icV$L-xtmlwZg
zD)Pe#Z*9pybT!2g8~MV@@`dtjrF`J^y;p>hdtqGNgtO(P{Gz_)!o;C<$OnWK>X8VY
zeR8=8Sz7rl-v3vR0=H=Y?;iAW`~Tkl-oa-7e~9N3jsLdUgf|i2HqQe*W&8g+qrffL
z|GNhVdHvsE@A-!Re~@Pr|Lwlxzjbbz6S!pO)08Wet^ajKfm^Wt5B3Z3-w*b7H|zgF
zp05mN#7z{qdQsrk=m*<4QrqVcsBIMo)&~!)rlGJ2ueJ%VwqkfSi}`%M^5+>(tlTH?
zF`|m)t$7N4gi>_|qHchwy<F6%z48E2B}G>V5Vcnb5LG`u)ZU8mq4rjd4^=?G0I~_u
zvkB3&3DNUdkIo25BPtxywTAy$tp7dC%YP2`4>t1u2YDLC|G_?!y8s%5Gz~$?Ai|t-
zSd0VYq&o$0`8bKE^7^v9h0xuUI#Vrjc3U2a7a{RaUh)QfzI|Rs!7X)3gq~hpK7&pE
z`fPv(NjwcA8Lw4dthNw(Iv75Cu%JRla^S5t8eE=y3UP(91-wL9As8qP!cy^w7S+GE
zOPtp5CJa%7r)2+MXZW9m^1s8wZXy0#Z{z>}AdifF0Ya*QJEK0jKIup)|1?NE*Z*70
zH+JgBunN%_J0iSGF3d<pAnzwz(@-cZrA1L@yKkfuh7dbO%HW>xTv?Fc_n@1Gm02dd
z_Y*CVFN80Vu=26RpXh0JAy^Opzvi({HgS<Y+qg)%nCjVvS%CHsVUbG0UO(B2^d+@o
z1SLJl(e6R*7)rYbO9W9Wfp3qZq*{=(Gn*UvIMUfD6@p1?pK3&Y&MaIYa<ygjzwkiM
zPi(1Jc_&i>tQNA_0zdVKgGnOGrRIWW@MwNsyy$kVM^j}?e||kdg5}pD&Og~Q!un?u
z?D#!#k{HAt1cmc>8u)uU+>R)@nEjQUbMT%curu<4(awHnFLlGxL56b<R0i@__L$&D
zk!Rd@fPd@B+B>`tnfYcPz34vQ=f5q{{QGDRPEsSDzj~P`^?{Yl)iM3c=zI^fGV>wy
zmn0sCGOta&-2)5t#7hhHfO!a9GE_FOlBI|PPxd*DvWBy~#~;6pxN)1fZ%f5}TfYrS
z$^CDg;olbB|Ms5u^7g;o?k4}|!#wvJ|1FzQoA7V<82(Ko^CtS+pCtO5Hs+5X{Eah6
z3j@Gu7&njqR@g}vhJPy(=+71Xtx?D_!B&3>(aN-*Yyy=neirh7*~_*|SWJCkhZ!Ya
zZT-L^{qOGcy#Mch_xXnZdyuED|F7u==9Bm?h;FDqkwy8w*TY^o#e2#@>}57vUMF6u
z18-R<7e3);vB#d|gNPMlh*i4y>QcIr<Ka*0RF-=7Lg*fGcDm%f0*G2-GPHDBr9TEC
z6{>f69ErG~A3t`=qP%t3t<!OYS8fL)27z28!s9V@q<~&J@M=-TW`Rrk=wx_xa`EQu
z`s#Xcy7A{->$7nG7pjXH@s~FTs^0&52Sxwi?!og-{Kp4*%zYh)A=AP?zD&n{VfY2>
z6?8p8AU8Ys!W}$Q_-R3`(qy@!^<1n4@XI?jV>qsI6I&c$vJfzGwdTYl#VI9MHzQ(^
zmB*p}BqB_Y<z<di8cm40#KBR<?nLA+qA?kS;dfV8m!M^cSRb|GC?Tz~=t-N{m3E9Q
z@hR;QDi_R#HHN6H4pLberm{Lvr8b(DQ7E{DSi(|{L2mTa58~pSe)Z1vUy}*tY!-3R
zGxXFRsEfrxgeT<4!;E#pD7dBk1RxP=nNkRR$J%7X?6JGbfdnD($p|0-uh)8(54~p#
zc3Bd<QiQKW`B%9Jmi*aCSOfr+RyNfSCZUUC;*Dt73FqklTB_CxfN6_PR}74URMbW>
zsYTSAulM)&7Zg$2MfDWJW1>azAW_pWnF!^z+?EJ?`5gX!S=iKq+SMAaFPEym6xuyR
zqqN0&Ee@z$W@Yyw?9Qm)PWWv|-jQ2{V37IHk~Lt#pVxE{(jUnD74=9Fsv2BXt1Y8z
z!FBnD%=4wwXp2zcO+w$`kiIDtTproWC~y-eJ_=mY5aUqPY&(HV7NadozbTep9{1rC
zN5pMTYX<e|kz15qC&kY|F3g$o=9tgYy7jQn%IAAfwr(CLj_bN3xh{z1+9aB*Nh-@G
z^ALeF^Zk=eTRDib=+vkXgELQ*C8EJDjt5&c*=%pWBp#^&58TceoQh#l3{GA0mQK&|
zUd^Zz1vf9CThoBWA&#dl)Q~i?{*3yRle(P(%2OyaW0mI2MxQ)JEEhk=3lg^z6BZx)
zw=@d)_SP6|S^4?_iWhSt4-vL_B|fL!fE!sVMsFUlS)0aWmS?*;QlK-dW_VC)0a#wH
zw0C8k%cFI%oH?@e(_Xl=vvy|Z(Yjj3Pgy!@D_Yvka?a?{x?0YBS-Wd5{wEDpp4;Fa
zipMg=a!om`a_(vk0nW>||B_4tpFQ`qD(95SSZXKSu)!%ka_f**tHl|hfk!bTdIldF
z+U`2u=p-~q!7GCb#t^O+D~{i}e#z|kG=tY|o|T`4`rm1YS9JqkVE?n*>pjos|LYw*
z-{^lI;xXet^TAdpQ@d#PgQZI^^(UH^xYX-+6_xQu7rd-47^r^*&d-^8z^dfuABu{8
zWX%OwIar1lw|1`Z>7;#ArF9SQeCh0)7K=JJLl<~<OKtQ5r}13FwP4zW3V^lrI+y*E
zzT~Qgab?dJFS)kwn~}Inf8`KS?&-2b>aAXiicw){Ts9V2pY5~o{9ir&&qDj(!~NZY
z|JOlpbN)ZX(=6@ISDEkEEMc)QA`-5>nPMe(+OKR<`eb84cK=+1Zo<%(&d$2Uf*8=)
z2^Sk@wHfnFK)PK+6F@4lP|kF1HM_Aw00WH^P@7#oMnQJu87F8-al<yMES`bYM#^^7
z-tYP^+5gv>{$X+chy4EEJ2>3j{~qSq<bSyD{11;k!qrd7`d?@Iheh`Pz25Ue{I_m*
zZ?pa%;`vGs8o5dTP&56*8p5EiKM1M_f%+%RCy|TcQ<gxYe(cf*PeGwKy~#lF1!kZ~
z1F#hl`D8OxOhcRt%CDq_A}qf$3F^mDLbh9)=(g4Gb+=nm%-QPy^6Pd>69c#Uz3o=D
zytUOo=zcUK&R4`2RoG_I%pwu<!93GCN*J4ub-zp`(a$rnM`=*Y$H?oE_cYL_pA6vE
z>i^LKW59l^M(n%Rc8i}vt^SMd^Zk$8ElcFKR)4R%-7?~~iC1RSwpRbZGAEY^ELiMl
zM|LgO;bnWtv0NCWaNRNYYA0OLgWi?xhXo&zmF5A2@vAivb`J^@fxoIV5ta#kcrRm+
z`h9*t)CZFFU<b5Ei*1wx2LiO}nQcT6R(lql(!wj`!4WWxL^vf?ZHZ_k0?VhuF`Hi|
z7fulc1B#L;%J@@S#azf)fN*b-ZVg=W!cYUP^S~GRpT6+Ww^bCeac(UYtCp{a{PqE1
zYQ-{GEnqHSr3DPNXTjQJSlVP*+GJSTJhn%dLiiKvzi-Qk2y09MwMhTpJILq%J>1>f
z$bTQ?X_o)#oX-%XVrJ-q5ST&_mVXIm>Q-A}@+stAG8WH*^h=shP*!NG9;wo%jXV&>
z34Dieo?o73teu5nQ*d@3IPH?z>rLjR&+aMT|JRoSYJvW*dsy86_c!q$ALfxU@E2_C
zPqySIdln~=6$9RaTrU_Sk4&&LM}y0gG{CVIG*bHa-u6Z$#y!rv$_*K1+Yah=dM{)u
zs<DSBG9MLZdLuFmZi$P0@;*+%tH9dW3;c;NDKIB=wvDMxS0D*f9CCJu-+eU3o^aWd
zNh0!nRQf)&)43y_*S_(CJAWq#iBH|OksFZL6z>IRe{3b4t!6qHO0Xc+6t;u`W*bI^
zgGMc2t173HH87~iOi)H5m+-?Xb(R%Bj{=w2X`vNwMuH5mjR2KkEBc*5U8e728j%rZ
zq&*{y;R*F8ZFblB4gBxbw=?z0PLEfz7)r}EBTJzf8+Gb5QbD9b8_Up2UrNag?-myl
ze_OSTk{L$3N<Y?!NEu`sb@<m(uoYzC^;V_C9T|<OKOqq>p8l}+KmFXS^Jz6(-z#8N
z^gOM#YWEqPg&t|&kx|>F%n5EuG?xveze|acmS{|mv}OrODj-)=C9SwJVH`Rut`Pn<
zw?fjhY(=VMplvi69-W*mvqUne^$7xPWhOU33I(gA+x*i~8w0Oc+TW%fU3JXI)D0}V
z;_kR|Q`{Xdw<RjD)*Z0|Xw`<eJ6;D3EJp*puAKQ$Vkt^!ux+%c23&b+rf}<11$&-s
zF<k*EtjeA@@3O745{rSR&D2(+P*Q@ULK07fRhoTP>HwA*lMKEMOC5TX5y_y|7?7q0
zM7GOSt=wg(V9r#ENPPpWdf2R($c!T>XN*+mae#D8MXseJo)SOSyoSCKH#QZNH<u6v
ztS4iSwQos8$Md!T*+;D)6y0wL7&3Q=(EETYNGe~1UJtT8v6#5X!8$&y0R}4HZ41OF
z{EY@kqA?7KL&qYS4`3`iid+)LQ$_3|UEs=1m!Jp0?W0yNhX5U$;7yfk60$fVcqZ3N
zgJwAlz2EIPXe(%XAY^+wJK@SBlhcB=qpM9{G$LMb*Fo2epnS3(ft2H6#`>rgCL@nJ
zEikl5V~<JS=E{oDM?i2IsPwe_o;VB0d(64cjuH-oJF%xq=wVlKBagm9FE7sjcEv}~
zpU9v;8T4}ab(2W1U;a}r|65-Qz=iQ2y3h0epNG2}{m+9u_nZIEm{FS)fcKaJ(4_Px
z3*et53!pjdkCzDWvA40!v*c6f{7-`!s(IE>C%EAJ-`hRN=YQMX+dtTx{}1t)@t@QH
z%TVLTdMKzr{y=}_=fb(%)>BXWvZJS?odxpiC61?h#zj>LJcVU4P-~XCRAH#%Q=EvJ
zWkIGgOtoN~g$NNUkU&Z4+_9Mvr&b7v(&F_)LF9&`W^;PkineT-ZYpm~FwUY})%{Q=
z#%T+$nLgV2>+a%8jCt*dxHKXTzgB|)tF^dV!bm$J6Y}0nyi-*rjDq*`c0{n-mS(wq
z)Y|KITZ^b~6$#ZF413jO=D{*3EEf`_1cf+_malHaSyt8Zvi#<&--C@>@F5qw^N&9u
zEQXnf$QDjB9|Se~T^Xl}e}NRH3%a1=1{)cF0Xvx3uC$;af6et(>?}~e*pX=*>w!i2
z{$~aRZY$dZm_koK{Po$>&flLsF+!2@62hbU5+W&>Uq{%vA%z4xNZCSH<&9~OLZcX}
z$9y0FOz}06?k9cpqWhwoAE!-pu?Kr<@qd}ydOM7Qm^d+U8!&?l_`m0eyLtZaptp(t
z@Gwsa|CcI4F4cHn1vkY1>^VW}OpXJot*F5qRsr~Q_{EaptJi*Y<#lqDnhahsZ9y~v
zW>DEU_fboud2RmAC+}lj89|~bh>&FX5cO}dN8LA5f?X29Vf^Nx+f{$;sz3JBANv*D
zVF|gGViz01`b7E1MFV8$?%T|#VaTruxom!PjGq3LG4G8~ki8K)F7#jjK*Q^!qvPT5
z8Tun4aT57xzq|L}InDzn!5c<mHN^jJ3zxYg62(Y|OPGU0jJ;)0TtVBviMzYIy9N?0
zxI=Jv9o$`lyIXL#;10pv-CcsaJIqd==l$=#TeTnd<C!`&Rns-+^xfC*>bv*49Hp>;
zPoXa#1HZPptfu}e-AT7t5#sv1lknYqaQ3dbQTe4vRCP$IKaVaYRk^h@4~%g?QKx9{
zjPnmtuC}Y8+#(H?`lMDk>OS&LFK%ZYH_<njh;|Ze9O`aoo%uIA>uq=NNWMXC0nbMK
zi6*Y=|8#dR%mObC{&qj1JU;Q<=7xEkPf(KHu!4SEyK)>g7PS!mP+Xx(1#^|5sCxC>
z1ZPa#B~&jmHMffgg@U|Jvb`dE=Ho1Ic&pvLC5F<oA9zOO4~sP4U~3_#=QC-=b0=uE
zzIk!^T%Wqh+2Hxgiv=$oO`k|E#h1Z5ZQ+k<M+Fv$JKDTQwSVctgh2-eorge&<rh+-
zZogaENLxr2VU5*(dO&Xe#BtWM=QHinyIh%`vzQTq$gz2QoG=YsC`-esAMp=%{o%aw
zWXtcm<d3TPno#QV(b8TV0c>blw_WnD@VGw{LN@JP?m|gMLpx=LOJSNeH~R(aT}G#p
zw2R0a%6#%yZLd}>rKyL?j19NR>KSELSt;c)j08`7=FdwF0rvRI$RcZru_{vo2lM!9
zrF>=+;9;#11u52U^VK)~fkENiX@u9HeM~Lh|2KAZ^6qMx4z^}l!GP|q#G<hpBLo}#
zX>3<l^MJ>f3jn`2m94f|mxKjtp>%~4&syVb$>N%7LT1cf<&P|JDJz5a&xyj}MU}!o
zKGPDJI6JdySh~p-vsIccIK4=b8MSnil=N%HMg4#N8shuvBuN#z5jN>mxsCUHBP5=1
zsnv%(ivQZ}w#Wz;zck;b9BNT$qoz9_iQzm-`0!gh;%=moz`oh1Kyt1=<X%>?ha;nj
z*Pu|2&`i5Zu3|QeFh#qrN^Lf$+bx?xSWClNmHee)wiH3tO+3KrR3h{D8kZ<8D=)Y_
zCV%gV)dLt~7<<k7TMU8i!m&x2lC<BKwFYhP-{=rs;Lr@v!ezyxAw<*CF%0N9zs<@s
z@|8+{b1V*y(arh(X;jQJe%R%+ijJhlwiEx9IQsI<ojqFz%fCda8~c<8H{#G*qf4YG
z+v|_U*tLyn4Z%?9e@64-aKVlR19Lv~8M0;N5K};RJ$1f@9U@h!UagG~d%bK0TCMU+
z;_5u3=0PH1HO$Mj3~SrsT;X;+OjXUd-1Mo+D&}syG8C3~{DKoKn68T6afv}LhC^XA
zPTl?E#?kq$bib0*;L}y%=c?~-^N+vOH8D2~<bXE!vTO7YJA%mz70X<WFzUyGqOM6!
z7WCn<w-YgY04zoMLCW!B?6O=6XCw85`(ZK{(rMGy?mNpr(#WRoO=l&h)*ZhP%i}*+
zk7=lpT>cH_kan3i;vIVj_h<HtSlpS=Z$v8n4WMjW9FCc_i)Eo`g{!6Of_JuzEy_+&
zg_4!ndyQT$PVi@qGwB?Bb54Q+_Mei&14(Y*LJe0hHGlRXpWTeBgcK|Gi*MQ88!^L?
z=P`k{Sm%2Pk5L=bKjcb^Nbb9*$1O8Xp6$hw5M+OO5vYO&_TF-d6;Yzk62d_B`p(Fa
zg<x=jt^`&x^tsP%{-|NxTl;<4_<j2k%Zt-}4;J0W5FZ;fMYc11+S}V(c-Qm-^#<=C
zvUD7gC`ki&!5Z6pH?dv~lUsBCzG9+jKgMtelyxq7fwPpdK+wV8ut|c+=O2Od19~PR
zFUrppzX(GKFuK{3r#JR_kGr!$lPVlP+6Yjo;D1xidp9dYp7OCrfygx-Oo1Se{(1CT
z+qq;#ic%Bih$bwzPxfmPg7n>y4Jwu}ze(MDZ;1F6)pkI;Lg3YXAs<*&Q<8-8V*d)U
z`AQr>mP#cJH&hKft9@ohxEb=Co8TG*jIelK2KJu-Ybki7(0B#;`-;Pqu1WTa9oJp+
z7L6hbcRpl-+L&&zrh!p~y}P4I-iQ3H(YG(#>t_$i&)uDyo1NyLHT$06Mf&zlpSNE&
z?arIqFD`_Z>ux1J6o#|q*DOy(rpYVj6At7I!>GSVYtKIn3v)FbL!1LeZ#IHzhI6np
zk425e9U$Kim>2id@w}?#G1Res&S#3;eltVr`(Y*4QV`7~0FZ2{k5)g!az<vW28T^F
zq&KaSrctSQxIL)pMG9SldNk;Q0#1$(-^H9GW%Wqx<La2bcP@I}KxAoFlj>BXQZ86+
zLe|%|!%A|FKlBK+M)Ess|A8$5Wc>W>2a;VW29|SYYN6moV+?0Z?_zB@8-4hDjP8&W
zr8xcta9FMPR&pX%DnVRIQ-=y;tfCP?q1ZGH{IM8qh(XwfOE)F@(34}mGM5Uv=xH&+
zD@57GN?*-MRXKg{%$qUjpnAdo7QaUK%>>o&d;mQ-JN;lTx8x!dZb%xWLx|PGKTPc5
z?}W&g{<xlvZT(4#!4t@NJY2T;DnLCCd-eJG+Pu7V+SG3TL@X_f8`s+H7v}7MdL0k_
zw1XB~H4rswFcP~FZ`t{_ByjTO)!;Mk9`|MO5A24MgBxPuh%1{smZT>2c947M4ax@O
z+=UO;R*+$E6WZtd=*(qs^e1hhDXI1Ss^H^YNxt1o%qQ)8vrk$njWG;nA*m!hmQXks
z;}4ZZF$8&R`!t#`rvios`pIM=PWIP<8D?LMDDs*nz=5i(;VHr#NjdW@1^L{BDbW0W
zn*b#X`nr%CQ2_LA+J1JPzup<BKLW_h#&6RL%ag(BC;0pT&w#FZjqaLd{}LlYs-IE6
z#}bhtW!B)uLoZt+OJ5RkLuxOi*1))~Pw1O9-e`o?Zc-VUck?nWUwE9AnOf-8=&(d@
zhr#5CzNh@Cr6>n}Q83EL+JBft?{eo}J<mkliX)T3FOQB6P5T)=s2TDFyI40rL^9d8
zNsNev*E-1Z8uDf#vN!w8(-11)fOiHwl^7ZheEhEQ!NnI%kvwl41}(ammS1%u{Xhp3
zFF~6udFP{hw---%JND4XCRAw$FL!+hX6hybt`%-z3Hct}j3{qbE`aSEEH!^7Zq=!b
zKU4=pQJ&uhkgS%Zd<IDg2Pi~#06nu<%h@PyhOnm4fs06fgp%-)`H(iUmC(O6Sg2QF
zVP>08p&<Iv)-F91#>mz7W1I}}6u&Co@ssuU=~Z3?o08&nR%*I4VKz~8+=#(_^I)Bj
zul`v*eTp605M|5t_j}{!o|d6%+@aeESZW%$3)|niiBzUow!~gIuU<VuU2;vME|jE%
zqcs?k9>c>mC5JnNCPb@@jOh^i(kU9Rl509lz!%zq*PdUKRcu^><BPw!_>Qd72UNDo
zJ7CboTxP8S&?4=5Qhp>Zs1m|IHIA<wQ2&aoykn0Cc45L)lTyyW3mOwZi$$$6q7@Fi
zzPze*Swlr?s&mVAYBz>&bz@E6_A(=Q4!uwfBh6qk?yCVptl7(lq}#RWMwM5%T~~^3
z)<&Pj)H$^!)I3G7u#`qRZ$lR>3|t9o@$!nz<|!ph3UbEPYiZmXwU4KnD5acP)|a7c
zAGpmW$oJd<;2}Ph^F`Wn#cxrGp9*LLBH6`+S)?X|aU&uU&aDE0b&LIDzwp_isA0S=
zwkp0fNyZ6SL(G6;5ZJSHxT!#$V=z*`Xq8*^dosKH1L)6S?JUMU;*7>bs`LB}=L7Ht
z)k7=DC}wVB7o!&|q|`Aw3vn~7*fcNs-`vJym!7`|QBY$QQ~&C6+XOUMhK1kqLyQ$9
z>IO08v*y+24hU>OzLx$057y~}fIS*Zps%En{vfke*|V?4NwtX~U8rfZW<Z?!K8Xy*
z{32qP!ktIbAXA&|95PuMR%LlRbB%Z_8`N4=YA{io4o%XUQ69wHys}@>&qo}(8@Mqa
z*at#?$xcNWC~7J+{h@lP?i^mXfzjiU%gW3qYD!JAFRHf3_UVWMRl*psn8*Dip#R;F
z5}U~q*Cja|M)0@?U&z*k3j|@ny1usoKQktZ!8_R>M2I6_TKP>QS%!uD)h{_OO73@-
zBsX|W&*3GPmRKHaIc_M|?Zu*gvWg)<Mf-~Onpfa`^JC^6P>sL9`{qJ@Tv>5SN5Rc)
z6}I2S2kh`h1S#|eD-iTb1Yh|1Knc;`J4)!_<AE|1VXvZeF?8o<O)z0ds!9^tqDzRY
zkzUQ&Z09)FYz<pQ$lHxb0sEjsLr)4!T51V#j|I&8VNE&s+f3Grx@X}|F)g1RO--uU
zpT5(3BmShieGNG}WzJB_GGP9VDHX6Nx!Eh3PwmRV8{i8`slrgF&^64bk`@`ORvNcd
zwQo9S8O!>BH3rl<#ec^`$P@Xzy1cZjxb^q;Z%F`Fcr0nN{sahW)^c*d+GI+gV)-Le
zJZ*z^e{Fg0>@3pNGowmaR{^B#OW9~+1bY~r-i;4mapU3O7hnZ$hhFJA$Yba45w?0?
z7S+zZm`bj`M%x?@gJ!H=7HRQQ&LGGAHMrKlk-8qtm$2;L<8|$gUtV`Ea_Ot`Z9P5O
zd`LX1FGMhK?4U}QstCn=uTMBldV3syX6Nz#0v8H5H;vl6Zcsbk#t_o++K}PTThfM)
zjD6QRMK$;?l8IW{)kJ}NSGx>r+J})dE7z#tnP{d)Pc@3_<T~l%10^z%{GvU6gT6c6
zfr=!Wn=Go!D_GDUqU>tXdN+qa`Zt$Mjz4aWlD0lP3lRb~RG-cLLz<9wdhWjW=9w#e
znle0(l(8rhUW^SXo)C7n1GScyD9Vc`Dg3L~QqeDS8~GK8)3tyWnWejdyPkLltQ(x#
zT;FS)_t7J&3v68>{?AqDz(;LHj8ZshuilnlbirRJq@P~{b+4T)?7Z+p6c+9nUz_C(
z){Fv6HCp&EF|vEK&?bvrIBz3q1RUv~1gX#t${U`zkH_g3F$VaEsFn|~5<~FdhD@&`
zttp+}0`Z<!+3W8U60Cxpy|5f0jo>!$H20y_WcamVoq{MkON0-G+U{c)AiL+5^3B;@
z<ipcUZPHVf4`YMihCG6^VFaOuP1sN|94ub;Hz)oCfGG)Eqvs-%t}P^re0jxztD<we
z7-*ol{7&A^6Ym+f>OsN_ru~?#OTSK4ypoEFc3+E=w+Eg;iDfMpdvauGYD5umoO447
zF?`hHlm$ltg^oAr_+WA>zK0?0{2hZNSH)9A3I%Ua5MVk6Cg*1E>tZp=#7s0;?aN7<
zGO(vh{`0^c-j~L5Mbq?TPUqV>%O=`dz!e(z-S2fhYk+IU(Uu4)1ysq*?OwS+$fNvk
zhGL_g*Z|ag$m~b$sH1Ojf#}3zt=s+qb-dQs714g-NhQtn8PS^wPTBDvG=<9eA_GZ%
zw<!4*lk+sTNsfelBgjMt#cQv6w(XRbU+tv(6S{T*&8$neReJK{C*!B7I-j~+U$$WM
zIf5oCpj*&U&(NXNiF6*hGBu2LDw{No|Adx_KT%1&w`P2Eo(V+X3z>;-ENV)%lrFN;
zbfqe>U)J{9=^;-)@_}zyiiC^<bSLMfOetpsTR(*O_$tRVmbFZ4%Rca*1}W}1cM&`g
zKiB`^Z{E())avb!w|Xy5dtEDa0H)bq)RfL38U?R8wr;4`8UtH8Yqo&vr<Zo_nIGE>
zIf}X8SbMAZ&XN{~RvrxbQFqVq&7%ZDe6Q<8Yl__TtD9m4Lp?Y#85!9)eAcX)a~6tJ
zh#*9Xlxz_K4G{n%45jkSll#9ByW=W}LI;%g)(!15-%qAOM?KE{phD??1PO|o?YNr7
zR;g>F-~>8flh^UPpBsCkg%)97G%X2{F$bE4I|{c-!$s%W?mh@0n4_7xf4BTQypMsd
zrIvurfjh$jaYlJM@8$7r0B}PA$2!5YW?l8y@iaoDjLm3@ID3?j2U8DT-%<-sv*@*>
z3p;uWjaF{*;&r1ckxR)a(o0~6JYWe`P;{_tbJAE(rTPcQ1>zV-246+Zy;p=xXu{dB
ziQzkTy1#g+NE}Y*$`0daK9X#H%T4s2f(%Z9z|;_`y!gG5YfaLCgyUba&-w23uS6S3
z%q3=`hVPSLLrr!2$&^t5w}jMccm_uKBz&UNV3D|ykL#BP>B|#N2kaOrKvL$d%JJly
zrA!Kb`+CiI|FamUmeGnjaiNmU%a?^Es!X}$pw+=%2&?jRLd@|4^Z<+jS)k`P7lFNB
zg>Aa5c9dlV_V9s9R>9=NyI{r;zt8ib#Ay^PuT`<W?u8NZZbJ!eXy?Eg^vh}4nm6}p
z$$<yK)TGjFfY&k2rnN8`u|tTM$wDQmS3S<$NAX0ZsLWR878(w@@o@EDIrxDOpSW?3
zmk}Ndg=0S4Szxv-7hP}zAn8*GdDCQB_YB%TYwA8TLzntv!5NnPbviGqje*<S)*w>i
zX*$5TvG`-4HSwmD$-LkFBjP8&n&sg#rP4`peR!hyQDU$RH?L5)AaNGaXjmCmt*mSu
zV`?+Xo1~?q{K9Y8JT>e>ymB%Xvq6?nb11NrAX($~3DdZRG^21SS_~tRZ%%kR>_oI%
zXdD&eeZDl=+i-C99=h<`9#%ItlJeQUm}pMP`Pz;p{Xa7qVxy7+t!L%Z5@kZ3Ju$6G
z`NR_)k|GoTLUla#3S1Ynu!thgIfatS)nT1{RWnj6LXusketVN0Z#pc0T9^UuS<eU1
zx%oy82%`;JF(EU2bU$K$fQ}VvTFe60>?@hV2JN{hox_~SkaeS>U7pSq?Kj6Bgs50&
zvLd21Bse8_)LMRx*MXGnx5e=er<KevUQbO}p3K-qUqYgf&gCGWqKUB3<&d*(FSA%X
zUb0))4>ZPW>g;LeFG!=b=6ADob5U$(dgRdT(c0+|<R#H3$<@o%)ze4b;(9%}$rV2U
zRuK+Hqy%Ivt>UYX0zay97=Z2Gd@=6^gDNz@7wFJ~eIThz5mKAIlKhS0u_N_PNe)j8
zgk}Q7&IG3`+$Jeeu9~s&;Pq6-c==*i(dvY>&oJtzw3GAAB`lUC2QzboF1lhWm~`YP
zI8wEce9-*g>6y6AU*gwsfmHHF5JpCfKlH0)n7+rWC79ee!)}gp(by?R{d#j!M1Gn6
zNKb7BS04jze!Rcf2LW3XB~#DRm1<;cSh<M_gu5t&tCvqxc@kZ|f!*s50d{)s$Rer7
zapZf%7H&Kb^J#Vb;ZPhH#L9J2*#uk9$^6psb(@b>%cZk@ac=jANE9zDf)E`oO1SA$
zd!1k-Rpa8Lp~C_Qge2rYR5iq*r8+6Tx)RLerv2eYFp(rCbqYH;^e29qp6G*P@g%L)
z{d{U}Zb^9~)#=Q>(5D1y+|a@DzyJ8|Om<y6pCxf#vo}LK-^?%#7VZLa-hGA&MilE0
z{V3f=O-2^1%E!!5YeIQ%um6s!F_6%|znQ51`LhOw1=xD`%UEQ@H4XJZZbfOVqFdK)
z*qk6k^6%{6r>$N<-*X7GhVB)aQ_7#^-mjO}X?3Sqi16XVtu8XfX5_{7N;#Z@WkP3x
zg70VX&5XiMtg!Num!i?GejT$)Zc{8}=B(IHx8s^Yl<h&w5MRyMq=m>8dUDP+LF5@6
zffEL*uU#gP7gb4|Mo~65wG<DK(@(R$b|uG4O9qrY)z9{SQ<@l|`FX%+xQV*=F8BNr
z^w*##B5FBh2At4PAiU?>dtM2s&z2UZ$Bq_UQ$Jm+Yh7$0`i~y=Dn8RbbdE1Llo-J?
zVU!{P=iM<e$mPUtY?)dza`>1o64l$nDlf%=@$ReT<ZIS!C~+za-ni0$Zsc$G3IeB8
z`6h!igl$HASwX-Nv&KF)dBhLij3hpE+d7yRbe5ViXVDJRk1T-`CVJf>Mp-X)2dser
zVh>*jPX`uc$6m(BrLZkX{yLFao=CyLLvoy{jhu*!WjNiKVRdy5-!`ebiFmdBsN$>O
zxkz{tCsfl>W!I$3n6f_6#BSp;jw7%tJmshZx!GxtHJ{&ZFtOM}9ytnuhI_&v=gl9^
z9Zurx_qI|$o{+J$yHF`jD0#T#+4^I6X?Y@UX^_@|A<0}L-w{wKq>w^W!?^NuEaPTQ
z(?^tr3QfhLjOov#HQxjhMVWBwPS@j$@?t}=-H>vHGSf9xR~hcfaig2QYO$T(292O#
zcz>(^@nOW19Y?V|8~shau^G6)=|<dto&b<^gvX6WiN1(MzJU>}a$k=%E_4u+8NFRx
zyi@e8&<9`*LRgn2i(z5wnQ2vRpfAKH&ST9pT%7EYXHn?43tJH6{Tg5cL!5$4^*?-N
z$<Z*Eu@nWcbZ1Pm93%3p>yABp+yxE*hS3HkKdT6#IXAAwrB3H@*fI=a7!T_B3C3XB
zD2jr0e+fZOH=$u^?AetiO>G_XCNl(ZVrB+5me2{*&n;&g%wwroVi}fSdaG&or73xu
zrw1B4pxka~n8+UD5HJ+?1zayyR7xsooLE&qDzhk-#t&A^nSGu86HmjqWGox=JtaDa
zPc|pmFIN%yt-G}WtrGTO8Ukd?dv6L1es*^*+rIm&-;QLePByna|HPv$zgSAz^k-~e
zS@;D^V*}2MZZyoi#`iR-ui?t-T0!=O)So+T3E*8^eBVxu!wk{p+WKX1r9uZJWqrTn
zxXEp4Ap`<b_~qY^Xg(X<K85t3j~IY)mwqTfXLpO5UVr`3I}r(LyFQ_1MBuw2*||Nx
zpbNa8>*Vni0n}N_a7ZemKZ{YmHPm-K!RC{B;X?4X%Qze{CxGEsZSu>M^cuLAoVHv`
z>kQatP){)+4tHW0&R1L}j4N*fZJ7=oKW`nvH|<s#`+M(A`5-+$o>zO|23N54i$r$|
zAbH!L=e1pL?onH6x}$mZ!bv`h8Cw18WIyZhHsrK8RsXt>W2hNhHUJ5C(N^5J298)x
zQx7#jGk;>Ud_m?Yz&|89us>e47=z6?KQ!ebvMNH3XOKFz467F(Q|44DhxZvTuXGle
zJoM?7J+s19tIhrz`g0E8v&F?lmo4Gn-VTt$%f3&Eo&nsubDP-Xi!J$Nu2o{&)&mk&
z#I^5Y%Lgfb&1JCrTn2=<X;Ha2m1f6HURG@qwck{HJJ&~mQ=k7WY2<O*<%K%JcwH@N
z8cFgs(`*!lSG-v{+GawHPcFJkxaT)A6O)B7mj$bW?u0Umryk{v1;H;Zk)za#*%IiM
z3$}!|?|?)Usop;iT7dGG4O*5_mR=7=EDx36kw<u&;;UzB!UYs<xzhN9=+VwXPyii<
z$kxhY(F3(7HQXeB<?oK=J`XhE3#aovVMT4*yzlP#k}k5$L4RHUo|MSYK`hE!toDEJ
zFV=>CigPLqp~Cu}==?i}%5ccFn0nzPj%BWFl^9r6O>G?#gC@H>6<o}?uqTD_5{`=D
zs2--gNByvXnbv`zh9dY)q4~%DUh$&v+oxCIUBtScX?w$P^xIJG*xk0k;%9e5=k^Y;
zYF~@(bDe0=K|<Xd)&tV+TknLEufqh(QV^yw5gCfrS%1*qq!_F<w~9?Yz55o>MJhbZ
z(eO0+Ibn`E_U@KngHLdtzk+;3_ET!yh`(H7iyMwPXT`{i=^=-*Ddy=#g_qMU5dCl0
zO(|$`ZTIA+`qI6;0o0r9H<1^Rs^yv8&N#N;7P)VEQZ22=6rezLc3~*&dKf|9gBwzB
zZ)tf9PT1}$#ItXubt=KTb-FRMR<4OGDHcBtdGT=AZe2CMV2oI6mYVodIg-Pspz{ai
zD(|a4%ilhE<!`by$OWwEEzH9|q4%21lB2Y)>G+>NDO$O~m%6gStf${cFMuTMm!OVB
zkN)f4d;*I=_wE~@&g5O=&GvP;)n1o?(FRZ74$aoOJH}Pa{o`HuojU$u%!2F9wO!yq
z8PXX|eIfjjI^Jh=?Fk{=-_+(p`0YmzkbD%k)@(i#w|)mp45PXMTsgJ7s<_#1cF%a&
zmdR0mpYC^oQtk6+Kuj18_$Vs*qs#usyKDQCdmC%oG39&CSJ!tk2L(GXUrp%mkPR;v
zJvKP^SCC+I_$)_GwOM_~Kix2tC|!_*#-yl~_E2ZA1JMQgMtr{^zekaUHzdiwCPVm+
zRW!bW<*unINk7^{7aUplAKCmE>*A8pBEfNG|FJ+#rbM_gUjzB%;<+$?D*RNuvrU3}
z(TF5f{bj5?hkHAeg+X^^As`~DmOq_^-Rj16(W4|T3ao`K6oBmqKriir*`I?EzH679
z(S3UbC+Q9P+KAUzsCsoJ5_PO3(wmeY;|I7iz2m=8F$U&_E`d7llwE^H;qs#VleE+B
zFR(jNa;tKe<;ZwzqR?M^B5M1AwvS#ozYypo2{WnHLxJASR>3-Y5NdN(DKOhhdRzJ}
zF|_Oy|HLn}_6L<E^D0k{c1L@D$y677S;5%%%GQQn1xkkMAUf#ff^tr$h;Xh--}BUw
z43=Mo86AeJ6^OHCZ^f!qA@lk4bKZ0zY6%=ndTEOC_aF9`^s~U{Qu^S*FQ5%;r{;!>
zA6Hd51i-eIZjdLhKdRyu&tUhA69@GF6_XV;z!*zaWhXmQn>k3LZT$|L!!*`CB_ie#
z1iZ_`dvr978LpmGum!{o1Pb*qIT(@>p|ZwJS1VSt)WFyi4BkTLGQ9YoNjMsN((vtR
zpBj5Ce%kY}0^Ofl2wu7)ORFg-_illx-<(3<-5mcFyGqnOR|q^-JLL;t2WlaU{{Ja+
zqX39gpcAr)J%lgwVK{jdt|DewoQAV797a32oZ`6O?8tk9<-OqDWAubfsabg~f2|V|
zqR>cDXw=3iU%v<*H(uo(rSteX9Jxawz=ufY<NvbI%pgv}xcVZ2HrUd+cP>m}`X!*Y
zEVZ&J%KGqKm2Pev&>kekJvM)Ku*xj=x*_b&5fc%n;`_LK)Sgf`J>py*E~z-3Pvq~i
zk>GKsHk`#U546D%oOo#;`m}eis95uVY9{#TPAui^P-$DM=Kdg9{NVbn({0(%k+AnB
zSJ$cl37Z3Zud4Rt((KcLraj!?U_pJ@K;cHfU}%!CV`q#C_G>=9j(ExlQ(7W<Baw6R
zvR>Txd{_S^ExGP{AN_m!1R!ec+c0Qww>Q_-9{qJTHxJ+Ksi!s2fi<%b@~z#6o{6-y
zKvMQgQh$d1Zko^Ssmss*RLopAz>H`Axp)78R{wYUTwv$rQfmF@ne7#5r~D#6D;>Wp
z=2MONMt2x^p8sDZpp4N(RKe3CIER7fzL2&h=FJsh^mEHtxSxDc*A=C5E)4IhF#0PM
z(g|(UoJRCyhD4J0qVJ-f*@Pf;yjvZwFZD$^zPw#stvBlab`tdNJbRtrb>}x-roK;K
zhaX)u1UZ5P`V2}W*!Z0i4jpD-bD6)~4U{I@X_WOa%P%X!RhRh{Z^AS686!&h8`n%i
z!7J~9C$@|rjr_yT1gJCGp!we2AdI01{)xIJq0IRikMv8P!f;CDn3U95IK-8cH!e_T
zd6%?C0mf+w$1q(!iB7JPGeX4K*WrA4U<P6+H6|pAc%rXo_?rM;5Qx$Of=ns{#KB_+
zNqZ%uF}-peA$=R+{oaNT;=<|Z({xU*6Uiv7!@ls%8d90VN7n7DM%vdfxsaQq$>E!F
z#0rM7g$BB4@@M4JA66$xH-f1j`f_mQY2LQruhdF?3Yp{eAb_TUi^D7671ymlHEPuD
zZEN7i&ERVi+yjk`5oYtX4xCQe5Hr@kN9@)eyn$4rKHFdX040eF>L3EUizO7R@FW(Z
zh1#E8f@S2a`5a|N*XZu5Qy#<mtRyRF7CQ6LUv#65G1ov}V;e41(uq<SNf#D;J1c2P
z%U(2=MoEt7vd(4p@S0h*c~W}@I=*9J6<}Y=J4!L?prCp>j3ufU;`+r?z8)9j*ePcv
zExb^3;DmN3l}6<6e1m-*TD1JeKn<hap7WEEO-`wI<RdT+AEw?I*xlJ(HQ>K-YRB^o
z;s`lkJ`33jGT7o3@nDqqoiUMb`66KG-Ci{?u#_ur_v*;+=88DPib5sji$?n3q9|Ir
z0)8e~IcKycyp(!<(01ryAlIM1`&%1)1+K2GZi3hZqh}83XCdzv2`r3qeHbnPcGK+k
zwtZ`R!1k7(flA>u0TT*_7(H}==`kwj7CxR;0uuM7Ng!$zcrZi8xDWiCQdjuA;(8L&
zxZ}@$_ec9IbPA>)^(QXSq5SApWRoiNfP*H#*9+@qCx`;Wj0}&*z=k;;xj}Hvi<daO
zRL`6$IF7GaoQZ=b(wb948F=8l=m|h{RTVTa%bj6bPCc$($Qk;EG<Ma%I%EeWi4%B;
zL}4ng>tENFG;LSV{^+gR;{W^B|LG%XqOvLsfjeL*kRk?r69@D8^6dyEmI!yXmpS@S
z)*a2sA|IBWS%tbeeu=)Y0dDOw?YMX_z{C0>?t*oJk=~#izj=|c-()$r2Xwe$rLv~w
z!XbzM1HXY?8I8{0Fqzl7Gbq%=`$4F#PK6he3z@}7Qd(r(7A6djwhxPnmc@1D51~gl
zcY?QR1`_HX$~c@~aafw@6G~SBGk#cT*F%9S{ehS##>^5<@#4_wnPo{l6w}rPuDHYl
zkUfJitinWG&o}#X2;S-beul1KbP%%BlC4J2GQ<NF0lKhj>dE+g>90h=yESQPM+4YA
zBEE(LN)X6(rtDcxYZ?R&xBP5M>a@2Px~<j;YLy&WUV=pp4(sB0^b}ochnaa*Rxo+g
z=*+`1tQAU!ON{44<Kl8%nb2PV8EK-)V`d9fxHCC|{+CCB!%JcmkRLjLPGOjw>f3Vb
zkdeHtRIy5m_T#Z1BGAHo5y!4Ucz(%gqW`H9`WOrJTh=H4Po3axH|O$tT3A()bL+C;
z`oEUIX5-*s|CYeC-P{SU%NFcQ>$^nnk}QSCQK+D0FD71bvnC|?&&=+zy)XObveLSt
zl?OI|vX>EFdP19bwnU=jAg7`fSnlZsH}liwylI*hDRY`E4?0X=of3>!6T}i!Vif4q
zROPN+yvSrze`mV92`ey+TETZ7Iy+u(>uUhK<lR<4hRCrAzYA^GnWA5NyKr~^OIygy
z3s-&ox7%mlCSOjx^lK9vii}wwfA^pXLS7zG#QgaEloy_UdES;i0I7?ijk`^_I}=BW
z+wrRtOLDYjPJJ+{^?9GXZh>B#uJ}bFhG3o^?AUvaO&al_Y$Ib@MVX#*U&xv(zLsF$
zZRKZcv}fu8jA=%v4=)at&L78z%ti-3nJ@$4`hztk?#p_&1yTnsXxT8Ge;+vFQ`6BH
zK5%DZ{zVEeSZ7^gAh+f_w_UU}G>YA8KGkqg-JF#l?Wya-t7-q&3q8-T$^7kzO~k|O
zcs>3nB_Um-52?hEM68m?{2d8=GZ2y9BEGkdNGzUASd&EA((yvJ!knVwr}TMyHo6t4
zLFB>y`<JEuMQ@hg%Db0_^eP)f$;#fe=FpswuQWJF4ew=jK?6ClOsf7_@<$*EV1;em
zwqfY|y6bPuWOI_ZS}F)?rV(>nZ2*%|bRat&wendxq4z1@gHucEj>(0JQ6M5tKwIVz
zf%4apjYMcOBUoJ2wRCIA-bqFdt5Wbt_*)iDhy8|k&Sm!-ISv&OLK)|;w^03L=pN_f
zWtcDe@w^v!1<xbhu7yAIK3PSSbDMw8zMEe|L_OBmRfSWN;~q};I5R_udq)$V?$`2s
zLn)TonHX4Oya1iWH+JuOlr}Pml~E;sQhlfffS0Wf!PSB1L?SS2PD(2c0fnc3Tm*iz
zFl^#Y{V-@^`gLC-wHQb!WHcD*4VWsgm>YbQn2vI8<8~lF3Qk7d)$KJmJ7K=RGqzxH
zCg%%DMyzdckW_LOs$*)Q3LLL1H|?fim(H}q$4OC~@2mRTV5s!cxKN^#DBg5vLOkEw
zu%q+xK3}2}Y7hOkGw9ZfYN459r(~kuIm<oXTq4WOFDc#f_tp5V%FIoN+PkWlSL{T!
zDzl04q{c6;yN84n%kFmGBzDb$$n%>gjz2*0*VSG5BQPU$3DW2%<0a7cp;`6)=_C6R
zR1h~sN-piT*0jNWxm*5Zf(bi&#q5=>L}PyvW-*CjUAgTtEP`Z#cXM#VsCu~TC%x_R
zOJu8AHNZfqH@qST->bLhZwimE1Qo<}3kWKX1qi05hcW8le=4zbqe`Yo=wNzHE=)8h
z_`^)wl#_5ZYupAfRMgUepqe;lM^dH8a{7O2;;UKDS3-~94?^w;+H)`MFrVW&k-+Z7
ziwmx2Rz^=#=v?}TNb5J$j+wfp=inM+;yicXW>6XTEGL?o1%twmdOW3>dY9gvKf2Rf
zkp*-1Ov$iyjOy?J!-{ouLzK}{Lc?I_UNT38tVPlk*CK{`S@jUSR6fVb1FSgcKK@15
zO3YeITbT$d#9}FcEiM0I92pW%V5ws}vpO2Dw5?_u5=<S^ZZ-NNBBD1#`?ScJD8#Zh
zK#?iH77j|c7pdTeB>K@U&wgB4woJTX2bhryYSEP=Vt=UcP8NvDQYiB2?(W{~bkps%
zDe+me=LtSl#T&}ih?7T*a#=D1TR8AQw4D2Mrry31UW_US8o5$D2$AAv$;=&?zQ){m
zaJA4X6#9MTN@vJEzmkXj3rfjOKRhx<vqDX!Xc$ZDXZ<XUMHdfjfMWfgOaPihkF)QJ
zzI797*s`cs=u;piGVuSGs<ksxZ=V>ylULZZH2&oe;*AjH84Rd#*L4jrY#wMNZWm7m
zO3j01E%MWrv~8CI)WfJ_1D~b^nnh;cyLkzSa)_ENrYMt@1cBb2)n35%miDHm?FmpO
z&sx-)Q`Oy((${TgL7ug_S`<?Pb>DRXll{N+EI=bhz0V8q2mjN~S)Iio&1<|S`UaT4
zr*}EbY$Y97DNo40>lj`cyA9*m$Xt?}3*)$DQ`fjdMAg!GS~m<Qo;K!+{|m;uyIJyj
zcZ)Ww{?8<)@3s}LsCc@-*$Jnc(_4mHsTt>aF8S}kUH|x}7mubLLEKH84P1#D=%*qK
zQ3CTzG6%y7>ZMM%m9_5WadouTX1XT^k>xqN|0PF_^=aMr@{#9U^ChO*VK~@-pd9Ux
zpykHCaiI`>GR7dpct^Mpe6Ru~U!&fwHiHT_V`vP4&ImbB`+rIa`x32$Y>(-c^Uq1T
znrU9HQ}{K!W=RLpQyHFivW+aALYVZ<NaRFiSq67XB_x3JNAf|$1cV>FGCL*YM7#JO
z`tI|F!+H|Hi`>jm2O`UR?@Wo8w#?b>i^MOBk@I8Lnb}qc>4h-j@^{ywZQeU=;ievM
zv{SWmV(KDXuzX}Ux=8QR&jzf1Wg_W+#miEr!p^Zc5N2SMQz9uN5U?vN)otWW>y>{f
zMJOxrD~rf?mQlnCJ)^Hl0F!zzZwNnHVA_4{Z3w8@FQbKo><Kc+-2cnO$S;o>zxHI$
zZZ9GYQTMSO60Qu%D{HrjojF`Eh<+7x(-oP^*f7g0y{M_$)b-!haDBB-w~SRB;5Y>J
zV${ub_$^75EEvc#p128xfiGurfPoVhG0P)0qYW9g1xnsmqcE4BI{=`qKHM0XhxAHb
z2Ud-MURyr7eQ8Ai#$l<j_y0q}LhjV)u1i$0r%fJk%xW~CBO+ajsLka1ZxTD=NS-tp
zvOz$9y5h2eg~hq;x*Nmj!AH(&7qBBb*J{tt<p3gKQLI73w}UFODPmO7tl3Jah;(vR
zgG|pdFIZ{8EMsN1q#*VMZw>8<E4%AKTg*7Q*LwBxeEz@KSDxa+;A|mm5q9K6TIf^W
zp@<@4jV0~Oa0c`@mz)_7hxZO-Dmc`Y7LUIcdoet%7fny%CSiG{|I2wXf>R1JU-vk4
z8$0yODD5%*eu*n?^LH~JwndgNKqCiub$+<lZFj-_xUI%NxBCflU2IF4X&dhEZ$#LT
zeD-7c{}@D(B`IlQCG0vw9))ME`9RH+Mf~`$;*x=&Qyqg?Cbx{Q)4~f_ZwgvM&f11f
z2zq5s(o_Yf{|H20Uy|nt1X%lFMe7PRo2ScTScHPq#n-P5#;3FKJR;3tQWP}?mToq)
z(c&t<2U*`*<cK3MG7FFkf34QtdukXdC9h*tNPH|+xrEP@r5?R4Bm!F&EKIeaf4BlI
z+`B74nO5h27RlOY&}@^`P<-R9$0f#9gE$`pvgJR6zmO_q>zrVgawbNIR+dqX|5lbt
z++?JtQVUEs^QodXJRt}br04ETDw<$T{!#p^0T6Pg<rl$P4d%c|5Ra`q2*ojPPfB;F
zFWj;}f{kx=B9JLfD)mL5y4^D5FlNVaXovYZsX>9QW3%V$4n+8=>ol?G&a2P!uDksP
z`*~2d#ws1og{n0(x+?4sNQ@_z#{MGI=61bMF_{aY{mBT~RWWAKro^PVipS)X_E9#6
zC2gW7n2wJIn$3`>-yLW$q%tzv)-M5&VH?z$(X&nJL>@N82{a8HxmJn6aW9KRK2=Q%
zCar?cP=ZGlH$<_>gJTFs*+oMJ+Lw2wsh`t0A<HVqA#5TSyp`QpWivp&PCLa}pw3$-
z&1b*N|7{guB3`aMkm*l$=NL7wsI0*9S9%>CXrCRMgg1Ft;x&$512n`8(<HFk+l>%T
zBCxew(2sJ)cu!WDqbZgHc1Zp|gaXFM5c}eTXw2!%Ak>J1HWS>aAT}yytD2@yZ~!`$
zXf$Hqq^Kd3Euys$)&$u|2Q3}t&_HpxW>rMuuJW?Dp)VJ$+&6yWy+#j#kfwPF?<!Y*
zm<a^QayIywU&V19&YYtuWV$L)Ov=9c+t9yq^wzk!_0Qg|$IkvE6LjwWlL?B{K9(Qa
zbt|pM$YmtD%;Fa{ygJ3G`$r!Bva@|gPIOa<=061)<T8+k4+<rdGu-p%0BlHOytD5G
z31zvkm13e|z!GQa?8;Vf@9oWn!0*fE>dDzY&B6YzX*x0N4PxFk6*Go}oK9bPpe07>
z<IPKxd3pOHbZQaGmy<Ac+*g}XQyYdD=?vLB`eNyHT{;!Im;`ftz5C9Tm%64>Z_On_
z!fqVq!A+$YR&7e;%$0UFIGtG$Y7uCdY-cBB@s*0V$GG#?Q1{N)Q(aYbuqS9VLN`6=
zIL3PK@yn{?%VSeEsgx>=<`~2ld8Da2Da?>|UTS$P2=*DI?*2ABd$RGeOgy25))4XU
z<U6`7o#AN)Uf}cms9rd_z;&gaZd8e=RS3o<;G4Ji=?Cy)OWhf0L5<ou;fV(QY2Pc=
zb@sL1*n6$*BF50>0Y~_bUfWgBi;K6MEF+e=3~|ve2Eo4+R~q_0kKP3X^)X-;nw76_
z(bLWeGFK=l?HLFc*+%^Ah9N%Fa<swr;*1uf3+wMg8qIR>%RvOIQMZFPFA5(Pp}!tn
z&+^N%Kk7v*YINNJIo(dBEHo=#AaZh;5u~d~-HFjv4+i;a<Kl9N8R)u!p1uEGZDGK&
zP!YPo@TP!J3N@<NoC!C0^2ca--Aa9lnuaoIj;*4~i8vjOgv~s<{<maeUxWhD8wUUM
za1x(Zesf*a*JO#OJjD+@Qse2vQgDwS@yvP}X=x22@#@5oIH=LR-de#ni>@OW>>SBC
zOwq|oVKuL;FKq5wK{CeeHx~J|?pn4ui2iAdWpqgTuC5HCQ)&%XH`g9<17nh9ZyIRP
z!Gh2?qQQ^M_`giiZ_Qp#!x*&W?zLv29(r{s2XxR(l76ed*8pIQqOT3AN&AnNZeL#?
z%5O@gRFG*PQjzEikmoY&`_feEiaqx7;MfV7f*AFe-dRgpQ`NK&5Uc?uCnMN*Ou#RJ
zbj=07Y9JKJg}-~r6|M(9=3*f^p=;DK0Jkr;+%Dfi-2^KSXGNh7X~z+-hnn)^$ij`d
z3V%Sj?Whn!;#9IK8!WW9w>M*JKVo5^>c<_5X7dcgN|yFhI)j1{0#_$T6BR3QZC>CL
z-~-)67Q{upQ=_OOfzJ#vxC*RdxeYD%ACL*e<2Eo0%g;TsKadLl-ody(2TTXv`qQ(G
zfbiwyD)8yg<`B@GdYW_4-v;RcdC%moa;KacND2p|MGm}sjswBXi;I7?E8v=x@O^mf
z1^At9B=V(ueSBBw^6KKtlfTAo2VGae+E3vn$ROQ4<@=|QB25S17g-Ss8OqLH$#<F?
z^eUt_sj88&8_aGuvhPM~e(+>H_lB&{f7U$3@$`XxborE9j!XnNt~ZO#*aM9h#x6~P
zMIkFzeND2&sXu}~?y-%81cs`1V1#~q<{YChOM*^q2{RTr$qAYE_vTyY)0zCV$DTHR
zR`dX%pfH&RxIzL=Y<9TwpwaG!XmCf}9mEvind8cwj`;?b;^=Uw^hF!NR&j-e%=x|+
z#4y2Q3PtbWNz4pK{sM3KgI;SxC~Hx<$gE8mnZ3<2m`(wyBmArHY7J1|J~MDj^y)~P
z(}!P_$(o1?EQNDH@V8DkJUbE|r}9X7j)Fz^LRnEMa{87<k8FQRCS7MsWPQiLV^=f+
zV|GfPllAUTwv=>P9uM^1)O~--?gU{}gHcfj6%y%6p+7&S!FQ6ufHh4e<N|PJcCx-`
zlJMZ3i6TjuKD6}j9yRUil<LoRJcC@?G(<faXjoZfCv4hQOo80&rY$)BzXMiZPYs)E
z<B2UI(Z^SbvSoaj>xtUkb}rVGSG1wyZ>_7OvIr3SEob2~_Sz8*wc6=5ail2&T5F`q
zwA-P7>CoGvwChXjDU{7v{ADLZrjYt}ne+|qWJ8?A*^RPDHQHT7LEOWjD0<>%DmiqV
zC$^=l1aT{xFr8z^Xyk<8_2fW`qgnIMdEoEh-Pn}D3OkL8Gz62M@pjXDQk6|bWu!$^
z8`IrIB!|Jgekrp^(qhQRd`3I36Z!m9%X!DYV^RT$BC8r4QpMm!5e2ibI_;)XQI1^C
zvP~E5Yi?=7b0ggPC>Y9XuhF;j-2Uwq06|}^&G#D2BSkQcf>+f+*8-5@M{XpIF)NMH
zALm%|F?^gxC)Fpoa=Q2Ov)Ec#W*wm_;jFC=@x=-Xj25BqJ`5hlertxbb$r^#-VYt>
zW*W3r1(ZmpG9T#wq`QGV=DK!_+<0SzqU4tZq!3v4)evOVda7UVKLSw)ycPto-+<W{
z7rO69AKCg1K!d@%#^<<!ku^gBLE<G!BZr`~=j@$tiCdqyc(EzZF-191Cfo>f1sG{c
zrh`u*y=5{6cDV=Ys#f9*=Qyc8-&JyPB9Xu9t(SykzWd#lDxSz0r16QjinJ+-P2#?h
zWfmeB1$`JTP^wsvus|6~XWSwGR4ci#{7IiF=_#`W%9BpMW3>yqw!~uCmnZdtg8Ql*
zFVH5umh}yw?x@PsXSWaXLfDNS+Ggt~RsUxDg_b^VQ}YY-Y`@LEE|van_9wqN42fIA
zil{Y%swoM5Jr-T!+J{qA=+*s_rB|;%L7paJr-ZsHPW_5V@PlMKTtP#O-9@uJ>t4%0
z@yeJhrt)T`X>}I=B5`Fr-rYO^@@>b%!_&vj*U8nB+hbmL7nlg@)d(UqymkDS(6z}X
zQYr7-n<_U3UhO(DKu|)-@p1*i@Dz<j@4%qgECi{vtY_N$InGRpPoY2Wxti=94Ts4F
z=J-QfR9$}&MCF)KQ*K~~EnIVk97pCBFATn4!IpY(O7A1E>0B3@4WCEHb;SfyK_d<k
zX1PR=?`!M!p1`E)cf#ZGQYhfMmW=p7T>n?SDpi{HFj1xemZOd#y`s9pvZet$t2#S3
zKDM(zV1U-taZJlqY+~6+e-GG*!BfI@f1eyF<!uqdSEuZx52uptKg+8Bf#?-4IwwpR
z=Qe6{`m)M(WjwS*wBU_$xS3>~Mhg4>A$r=WIw=gpq}8Ti9Ade9>ipvYy(4M^52f#V
zd3@Y?4-GS4kZq4{^yitHsTBN>pVI!bcG*oz_)QI!S9-p(jtG9GAAFG?b(S9qyNavu
zET+lg7+(w4&qwQoE7!885Yg&NbLb|~5VdjP89@psKN4<(zLvC$U21ZuNN1da9TNzx
z!zTWWN|45+7j^b}2Rq#T6BD;)ArJCP&uhWRR6T#~Wjws36sm-d92HzXs$?*P77GC(
z1Ai6qgn8=KJ_Ox=eWiycK!yF~vJ+h6KUnMke|)7sIR7tSX~wh(<SQZn1GiUynsqS+
z*e)O;u)@KTwC3xPgM1c}vTsIG6fLO5a~4bo4)*Utl+a+^b{={UdfPZ2xmT_bG{25G
zI~vVAnSpJO_imBGrRqcVcOvz8Q@6e)Ei|!h4c_Jx<Ot0?{T-Su3q&>`^ONwCkM9J2
zf%1&_#BKimPbNZA$7dMqHWXPY<J{?Dw|pqx`?(MSUJp0%=QO@XD_&Z93`%^eTaS=j
zSWbo7EyuSkvX2)76;Vk^zM0PVqZVt?SRa|VPHrV!V@yJsWp|t|VNMEt?I$dvWcUoX
zYw@1!78nadM<n#J^10IJaa-ZRvPKQZS()sQGS+$O;=Y@`Ces`Ra{IGd?(tx=9T0q^
zf=OZzAUwq}`sWE9AWkXB6&TAhD5x#02~~fz415Y9R}BY%m+=BOL5X$6CvX!6=*%70
zG1{*;C7z!y^w_jw>%E){R|*w^dz;3`VL1hXgScend7YStW=d#xk%00UFSL}fZ>hE{
z^&KH_rmtV(c}OLS4AJWJJQIwwCVBwD0otwdN5FdCKRjo*DPuMHlT`B!FAH*-yb57)
zADXeB7~iz}I!zfp7Ohvg=qLLB;JG2CvrKQ9d!TY%my2Qwa9Q7-)*o1N1JoXEFr}*Y
zs^+$if$f>M^!)%d9>gR!SVpG15%6B~=Xon?wT}08_0<<*8Sy9|Rhp-x8LmMtP*0sX
zgHdGs{*6bTUZ3P*A?$QA(gCL^=Iv6gQg7h&nKl9}HugQqVR*@n12!#gT0Q=Yp8)SQ
z5{O(k-5D0piVB}XY)fhXrqInzJ=c%!hW7UL5fE#Vf3GQx1uk}pyY2K$aXP<SDBAtc
zo!7vt%cq5x?#^x7YmhP3k;k?xUs>Z-*OkMl>@*o}Y#Qp1TsPp-RE^Cn2Uc$2>BA06
zT4m1(qp6$6G>r&&S-3f+d61c@!LWo5^2zg7gsW%c3Zd)>`Vul{uUvVM-T2M!w?Eqe
zaKrBZv6XU@@IN*$Ex!Iyg6HC^v2{a8u_%ZP$~oK(v$WDJHv7KPJ@vze;QktR&`>sD
z;B44HrIU0}czDJev>PtS1NJe7pQfe`U^r=bAA^<f4}n;sdB%J$U6zpV-ppxm5Y&K(
zOLX@iw27B5O<Ig=rqdL4vhx}4at+wKob#H_+$FV-7|Oz`-v-U@>Dvw4GtVI2e=FcJ
z1;bPUKn=f@ps*)p40B)r_dO)&U%kZMLju7r84^C+qJqG1sF;x;eyQinBigPT708*&
zCAbJjcGpZxk58BhI!fEYryG#>WGX4~4sWuK=~X~rB)miOUNpul<WSwN(hWzDV&@t#
zq@zj0F8znK*r(4xU}!z~$XKoaV=a~T`~=@YtYw@%sQ>A&R;dhQ;D%!9dcQFo7dmey
zT-LT6lmY-KgZJ=^PF6AH-{StL`UdoC`3ltg7c@%>ru>Q-i>$<tzIpFQ<Tqv~SB_z3
zSXKW;Yr!#an~n2y0-M7<y!sW6gB?)(!=#v<IArHJdqI6kS{$O?H)^3aZcq%tgg-LI
z@+Px&nzE0wT-!Bzc&%eD)K#_MrMtz4D(qenA4{wP1xXrzCOB00b#??O83(4t0&Hn^
zdr|`xyz85QeIP?lle$%v+x6{K3`Fk6;QshGhV@kum>Labd}K=T8CLv?+D@C=zQ?t{
zl8j7+<?tH3&L3QttR?%<n8qq4Ts5)l*35{s-z)&HI~WD6Elr(wfs(#Xe?19xji9BN
z)Yu|7>tscg(I#AZu0eNZKC`1>V6}g0N7Z|qhv4`71v&D=s#tzygBbbX8Cb-dH2JmG
zT1Ayp@7LdElWW?Rmw9O*J(T}uzXDt11#C;1BmSHw{E1uPK?zH=+^5s|#e*la5Os?W
zO>9Sxx7S}eu^)A7_c*@f6f#jt5kQcKN0qRSbNeCV@Mi9u#B3v<*ge@Ytj*uWZ&qn6
z{u_(b)VsaCRB>9wy6EHtTA^~~{sa?>k{cD7Pb~}9o&iYwtehkJSdCiEf?8yA;sH?|
z$Ias6fm>fJDKSJYZVk$Ha>Ly@22fj(x3W=K;()w=1cm<Kk$|KX1=QFr+dy|*$*|#m
zciXx2;nHPVNm>hBpx5%@5HyFVixzkVEPY_k)uD<RHhH_nJc6FXmmblCb%GJ1#83g(
zK{7e>PnvnM8=?;GyPf|F2SND0IOem9hY27Pl#wI!dA-P+LFkfcdH|#N!0!v`s;ibQ
zC?2(fx%vqp9kpsXa(#zeP*@G9r4QWUt*jeTM?gf(GnQ>bgaiW&se-oN76LDcu*OTn
zDDXVGD!0HX#d|$x@mQtW|K$44aX8@ioIWsK62OLZd3nP2yL4t{3%j+V;F&_iodbUL
zS2*392A;$B|HAfyY$aIT$cKzfN~I5MUn-WmAmM`3tL9*o*f)5VQ5H?17b5DRgdpDW
zkixKVh4CGPK5*PISy9KL`b6|d-}8dI^!%P0(Xw)wFk?msz6Hw2k@Yabb;Bx`4;r5R
zCsNCEQh!DE9ArfZqn7y>#B*jzWbK<JC<er0ZU+u@m{9`f-rHeG$SCp<spdFH$OaG0
zgCr6fb9D^(Ne1{kxCnw69At&J!Lbi!mv4r=QN+^64(1}Z{7_qXfCcyPA3w*Jv;XY=
z>yJ~<_Ww8h*VZ3D{cG#=*7?V7_kXsg)6vZFF8}dIchvpQ<bVGscr6bqV$sJOOpgFU
zvTAYQN2*<+lUii`AZ9kwSjtLM`+);9W(7V36OteItmSL7@G>zMtr*Op<&)z|g>!ru
z1im*1QwxDDsYqsJ#f+k{dt!aV=qQ@HlPRxLPi5#aCVQI9*g<a}bTvaJ)joXGMi7q|
zqK0Vf5i*(D=^CUhlz_DnpiFe}$c>>-2e#`Y*MZ_fi?Br~j<A-=48mW>ow)HP`7;Sa
z7}>aX9*koc(YIc32g%VMe@*5b{(|PSQQ!f!{h6LT|33)bbt6X_Eg26`f`<ud?K;s<
z8}x@D@yTzOSuUJ}nC97Pn7i=c4ppl##FXiBfe^0K0YYucc%PEaIzX%(rleFbi~^f!
zkSFbkA|8~kTQbRV@rJFB$qXUBsfG9-SYQ(b5WJen(1BEK=lbC1|2aJ6ejmh3%Z>5O
ziQo*&fgl28jVa1fI!_t9nD!;IaRh;dRYHtchF<zf81tFZ<75<`Tt!|V*dt=Lsb27A
zl~N|>gBhh(i;PrUD_Ztjit%!dH%@;7asWcSeW|USstyV~maS-&@Ki*TMgiVflK*z-
zqL#Z0(d8gjKdDZV6c!)XRJv#c3$98;&#Cl_ghDQnqzq=~l*ei-LE^z<ik`etzA*Mt
z4$!10v|U3faMc6U8neOy+;McZM2iN@16kN7Fkiz6jG!0z6U>*@w4BxP*h$faSmn$(
zFp+f&IW(f>JM3l|GUGrVVhpvY#!zFfG=Q-he@1Z-@vaxG59u0_@RDbzC4u9^g{BXy
zpxo#5-7&kNh&f;wMdcmx?cw7U%t?v`7clhnQ29(abj`-hQ?i}q<1rA0<u5%&AYY|v
zEAK^#EjXt1sYIv79&ZjT@6MVdfMRRTHVoGMsmDA`B+hwuDnL4cR@M;aFWGS5mNG*c
zX|C(*xhl7us0VO7rn@y})hEf>KivB<UE8j@>6jSblVoZGx7$J}oJJP&FRRyfN#0Xe
zYT`VK2O+Mp1Jj@6K$RS_VgXn{Z{=bixB8s4TDQh2p9o*W40vLW(tZ1~Q%igLxXeUz
z{n)bEeA5zL@wCgcML+GzMZ2m1l-H&S&O+!P{+3(Vw!s@{-9pKAi8PqB^<9zbdM7mJ
zo#$BLJJy^xjun#iFM*MB-uHWZ+k08J690I?9qBjg)&c=_hd2NE&;E(^@nUe2`TJ6$
z_^mZ#Z~MU5-)(m@n!^y<?s!h62AL+=-T*I9h=t?L;ouys<84eZ<}KYM%j`{HTlN%g
z0_4VU6U4y{^fv)fUc_tYzf#j*9PmFk+TfI07+fSBw2)yETQ?8^I3D9ATooThM$$z*
zXQhx7bM?duL)V}5c^%UBUqHu2U<m!#^`QrTiGn0-gEO+C#*}FdG`mfbG1r^Jqtnad
z)1x=<+Teihhmv$WXvw4|V~GqiMAN2_l6VbC1*NqVYr*ghh@%9>WaZHYXCZa%dGvZ9
z?=me$QxEP7#q8|E%fad4;LX|T5j`R~cyl$pJi2&v_E4jHR+>_)tBW^8!VnilW-|Kk
zB=Y{=|8M;2?~h#_I*B9vXPf>vw}tKRZSVhQ#=W0{z=M|0J<oA>x<0M_qgM{WA@cfQ
zY<Vc#oeHLACd-K-dK%EHud=kifpa8^x>}N3*!tg1U3*F{x@3m~(n>0;&5#{63g+rJ
zf#r-W5AQ3Y)W(37-QXWXatmS#sZk>}t8)BGQieAgI8H>zE;l0haWn^bi(TUYlBPZ&
z;Tx}pj0U|f#w)`%q+|>4qL?^@fCMFYVNzW}ftSo$iw3wz`A~N4VU0$|Vb>_ASsX#1
zZ9hArr%H}q(FF*Cqhn3_phxZqj$mxHdwWWD@k$2)))8WwfVbdJ#xJ5$Ecw*f9TP=M
zG_A1I4Kq>RUTa}}nKxe|M)oY4SU$JvQ6ps)w}WUx&trZe%LPGd<g2&Dv?J4Btgyum
zuB;@<-yNsVu$uup%wjMgbg-r#?)0S{CVjBo?aqWWk{|mT3o<k#<6yhnJ#p#apdRTe
zZSH$sNnK8;(5GvQn4S^VnN<j<?SspIrgQS)uBvM-4p|M}{#ldm!Vb5*5EgSGD@l8;
zZLKB5DM|&9_TC&x${>_7M~j0a;ud}iPTWbh^v3_LwPySk?o&ytj6FK1=|wn@CZzjB
zayHHG$YpAQ5IA%r0$w#w6@le>Vtxt_ki9u{qdw@^&`jTOQduUv)-;*H*@1YaiwOt5
zIMWIK0Q8B(egTG56hepXZb@E5yz@QB9dBlK+rPa>fxpQuLw~bwqhJ$+0g5LPL?1l%
z8LtJ1PX+nimKtEi*3X1~pU_@wt+m7pOtjm^iRYc>-e%ponhTk0E%kb6AAACz^VN6`
z*IC8N3iohXjlZ<_m)8F;^S8X7LJyD5b{sy$6|lnpdv||F#edk}?l$q?SMq%N)OiVR
z-C3XLa4gvH9_IB7v&EjmK6u%o$WNV@YptV?A(kPrdYOt`7+7oZq$Zuw1izmw94Mxr
zDSRcHV-XOHqf{xkCgUjaZLqgZ{&Z)<WIT310>c!jK|jT+rnNjERv2KV<zTTj2Okp4
zbH^^8_+iN1zWxDe5hO#53&M>-U<7RoF9lIBll)Ogv&RHSg34jM*x(A%MPPk2CoDNU
z9pbcD!s8{*MtiMwJO<3MjZ$IC6tP<&<ei(zD6$Z=5U@z~d3_66oPjl)8ho<cmGU%E
zVTyXZ_mDvA2hxWA>-rrm)-~k^B_kuqW%ZR_FHy-ba{YJ=jK3oDugFm7{ovQ9%7<O?
z4`o0K{fuW3H~U)I^@nsaQ4Lzw-z1q)+$@pv^lxT51@u0wWkX>6%>c%=vE($v>tBYN
zMD=}1Z8=gOAy5wsRFoVfHUwTGm|kExYpp5tW^FX3dP_krm)JvLL>Gn-<+Fz}E`y0F
zpq5@X$UqK-JYon=5ymf1hpsUkb2OLh#gEXd1{ie_VJm9V0S<|4SJpFWI7j}y4uqf(
z{7s1L!GHwu$RHk%8KR&LJu!<AR@nx@Tf3qqVtC0#8YEyMmNZC+4@fio4(DQ&yDXz_
zX#Y?H|B_(z!?|2~P0j_(_6d+3gb<NSkR|Nm$%iC0;}-bAhj(vW6k{flTa?0d5CXzz
zEdjtF+kXS7v|eM4i))>}S*KP)Bb^)@07w9n6zy|$k%FqKn~~>L-q2ULUPPu3UOg_6
zgt`KCAf&83dWgcqc+@GybF8qeUAj_i3t6=oXCZ4*+GE!Vwiams$*^cC$aZIo6oS)N
zmO(u?SxLa4MH#@zJg*Iq0`t`3pOEpsaNxzkZz%AyeD#Ahl<xnCDbP$@?xeHiov^C=
zzdL(91^>C%?KSxSD|sr$Egu2GsAY?nN5F(mhnMHt(5I&|DFU=+QTLtVJquCt3CFGz
z_u2~GYrasZ(Rbv}D|ZmOzr(qqB0LLp!zgePJHEEbInP4G&uP|!z=35Yps5u>XNk%W
zNydu$(<Sr_`tcGaoTQoarF^T<*QN5G9o<HO2S+ZkS1+XjD&+sxPIpU{|GV4Ujr?E5
zBa8BAWZ7*Ah_ub3z-B`JfDVd_z=J>0L9tK}09^nWlMOVc5k{PBaX<j+Ah%H!ylgyE
z`Hs{IUFJ4Z*sC~Mu2ZuvlzL^Yg%W}fM0>+z8Ltra>;>Qju%~3J?UJ)#a?8oG<HYi~
z@Be=h0~a~x=l3SYFeV3##Icyuq31827u-=FjM>b>MZKGlpuxcP#{swplL&@@In=*f
z69U;8gM)*!tJ6ysHo6uc)>@`%s=+QEWj077n47*z%v{vMwbU#U<n*^R458!3(&*!3
zPrg)<We~jGYDAy<(h~T~KIQtKn|U6F22!s7cecB`+v@q>{(iInTgg+jl}oQo3*rov
z%O!TH$DY-kc#VEvek=H5alns*)9c@kE-(LeeR1?ZS4YFk>tBxshesFJ!{h%wl0u}3
z#$7!|h;*hwC?6gVFE5UNy1G0*JJkgUbX*ii?kI`X6A>Q%K4&yN8y$U&hwj98{mE~4
zH|Q#Iv*ONvx<2~n<@NCRm(%0ZU#@@q$M3`ItBYf8XhJQeTm#O2x*iO#FE0kC!}GI?
z%j?0L<H4|q-eqL@C=4PR3S3J}tX?UttZq7DFTgm6*ro5mkUJ<^<WSiiyEZ^HFSvp8
ztnlIG;PUw3`uF3*qEd%=u-UBO-{Jgs*U5E@90j(-8n5wxHRz>++QxY1xnyjl?OyDv
z=`Uwzzq~oR9-N=QIX)QRQFwiDaddcedU-r}Q^0$gTLj;TAf9)w<*D7k$e&-F{dRP4
zd9CnOoG{7_$Qn#th(9^@Jnc2fgVSr)^x^s7^z`WB`uKEsIXFEys^&rNE@Xb5D6|g;
zmxG@M!}_$d>yEi;Q+n&MW;c|K>wGz@xITGsdObWkxH!5@IY)o}ada`nL%xJ>CASpw
z{h}@8WN<q8<>=!2d@vlI|9UYP7Hf^tn{YLY!wZ4y^NXXOkN>$qqq2)o`C<;vPJcfB
zWpUP(+(N5aNS(HnUFs?x-6c1><Ux+v{6BB54}ZEoJRZC`I=C!ms(|5@%lzxvup;NL
z0m^5?Dz!Y@Ifc<yM+VJK7lmcnh3KzYwyWXMMR_&?m!W36JU%)4-?P(-5;=ZXuImSf
zgY!$J;KB=l>Kv%dEQ=$x?BB0`I=VPLx;z>Zo(<0j2S-H<@S<t>AR764&^IT8^NNwL
zL2D|j8hukC8PxkUQavvR$5`o{99<5u;wd7fL$S)Y`(*IX>x;q3_4(1o!O`jE;Fsdj
zBi&5YaBy(&>(TY)zs`#(WF8m!b@<uA)ydK6<@NCL>_S5(U11ysb~1y0Od{%OXdRxN
z434!+`SAxwUBVxnUJtG=f4v?aUHox$asAWa;P<0bDo|}J2J6LVFiAXRz_jcajb|l<
z5jVgFF#4~$uezDH$UX1_aTm$U#~a8uXTSV%bTKSH`jLwb!#BZX0wY8$hWG3=o&KHr
z%Hce3g2^R`HN$9Jd%@(IMxQbC$=|?R=!vO4@<K^GjpI<HjenQWX3072G_{ttaJxV(
zLU>(LlAM_rsOGII_mEwnD=Ob%-|JOGpr)&kL`+*V&#^+h|3PAX@XKq2-<H%u%*o4E
zGHOet2-;$C^i4@oX%=3NkV9LBl{jvkYZiH1I!uLJ*<j_F#F7x1d-(5cFSDq}iy-FS
z9AhyxI6vl6<Lcr~4T&L<wK)c1k<{4P*)EkDLM?teK0UlXKEECu9$p*`heyL=@mqj=
zsFCFv`MRP>YF|CclyX7rc>0p~2^9Cfn3H$DlCf$8h})?0@xUN|ipB$5JT1a1kz!3&
z(FK^oD)O?5RYJ~`RdU8g{C<Dpx7L)vTlsZAh}D&pi+=v#_!sFtZLk5>^(HnH2az>_
z2cCscJB)%`7w<n|1Ps}O+`2<193j2gt(Zs<LLZI@1#(N@*x+`!H$M@9SRf1OopNo{
z4^BlC;F5)?YU+|WSKIxUxUeql`J3*ilN7JT9qXzNTm*0txI#3yP)VJRV3;NuGu|8y
z&QldvmP2DO^bjl{M0KU!0hr8|Od}G7NRU+u6=HtylA>4WhK>88R%c}JsZx&+MRIlU
zE3qP$aa#ml6qOLq`_t9I??;!_HX98Xua4aD>EY2ouTQT|t}l*=g}R!g0@kYAYNrh?
zvvbJUteV`ztMj9adL%N4(Sj-e`_aFyFU~Hh0siN+i-V&+Fv!(vLzm*<*Q0~q`@q=V
z>vpvXj!!R-F8&z2=>ucu6;Cl7zPUa)y12al`Qq$^83KlVV8l_979;HM2gj#^0V(H$
znr#K?@T2!4Q0hg{Nf3-W$c<r#fc|u_vT;%D+O-C12C|ux8?`4@Iz<+eh0Hhd1qF0X
z@uw{cKSG5>3S8q`GsszYM2^2M^H#TV`SSTQc=72I;NAnkuzlfHBJpiurD^m7k!mM{
z^Yi1=Ukb;e9^I()h~)(sBpCt#x%TCG44!vPZ+CLo(A54i99$or4t{!bq(42gkj1YJ
z<R>LDj-OpzmQe^kh87~nhXr&B?sa@bQ+G59JQz>YjG2XOaPp?SP)+VK&gHf**})nf
zAP1+_`=cDLefbXQ@Z@+A;u)yF_CR@|+e)M^<aepo;3!A=cF??~R=X6jsVMgq7RJM>
z(g}=F5eY0BFE6f!m&E*6PD#SFDkR8|y{><`IJ+t~;pV}*Dh@t%0~`z0AV0D*O_jBb
zjdWGH(6td~qwuXx@#1|TVO|{^pOnojDOcX4j&q-1oLwFrkg0QWc35((V7s&PD2OSr
z$w}boZ1k9*x<S@eDccX1Y=?15d0XVpN;gF$dA22Dshf>&v+=Dn!=!tC*_i(M`0#A2
zYEaX>wMI2bDmI$DC}}g#z?+<<e-0!2K~}e-`&(pXgcYuNb&P*e<$HBZT&dEnB{^E?
zcRI#n9pRARfn?3yi6Dw^d!6@pH>li1n;8br-(3B2e2SO)yjh#%QYJqF;%%Vmmarkx
zYd|&6gJ@#O*v@YumDt<UT&b~L%%r#Mv&&nF<Hp+JDvkUyfn3S;?frb*X`JP6dxCpn
z?4fHGGA@YP;k*y-O|l!I&|3l~qB|q#l(Zi<S%e~*lzsAo$%J^c)3>;q44mmT`0=mn
z7P4b^1~(8e!C%+$W@F<O{hKs~yx65LW)LB30yof)DJe|3J+hE%(^KblO8RwH$|fLm
zUh~Aqr$3)<WcgtPUZ;d6Fs37C-H1J8rW`Ofc<qU)NsLy&oY%q4D+DI)Esb6f1`dM*
z;O?%0<y;dVSQNwPn!a7%;AtXwZF??w&DhsI2qO4LZxFicX~7O0gV2iY>2(lYQ=H=K
z)JNB0jwFPAo4|8p7+KyXMLoC<#@FeaG|Ov)?T?MkH3nQz=V1;j1Y^iJ3#|_cG&b?u
zz;}2luTKLX3We*wE>b2Ql_b|jKg(tq#yMt(5S13oQ9p<Q{OF>XVL4|R`Xt&db$`yi
zWp&GcP&t@SkvU4|J_*dyeiXP;QgT&7;d&`~8^Jh<e3@0*j~9SC^u?|f(}B!fD`@cW
zEa50{=Gln+qeqkRF$)NIB8!79q&g#1PGD@2vG|%yUzuo|<-z}CUs&HMjZyP_;#|me
z%x9$#p>q6BB?ayl@LKF7sWydduU{v1V)TnTRj7O%&6Tpacxcn<Uo`2{_nV}48!{0p
z>e{Y94%UBUJq|v72CkoF#J{H&0wV~0Dr=zgW1C7*wU7;kJ{@$~JNVItVa&$`UMsW*
zp?gH$GSDQbv=i_7+jv2oAn^J%*y-+oAfgkRz3%6wMxI?cwv`G?Dhn0fz1A>L%Sejc
zlKOdm`b-ej@VLseR^g;D>`K@wvlm=O3Ct&0g4arGAWypv%Pa6R2VY)*gq(FPy=w^V
z8{Fp;A(8}<+$d9c6Bu9HFpAMSW0yJ#RVi0bIx`6g074!?b|u>52F~f~MyL@gkfI2A
zq+;MTz=}!!fC;JZ2|gMdkP);T&2X%4qEhmb1c}^w`y(gx<DdBgXbT=r{|3%6`K$mo
z7I@j4yfmC9>-L%D`s-rDvw8FyeEL-E$M{(gq(bdTu0`AoWwQ-^XniSXD#xX$Z|PnI
z+*%QmTLfMMvdk2)g{2|<f@};?>;`~@93b1j>@(dtYHe_?KZzhhV)Ydk>T>yI>=f{7
z<WVh5A7!Z4Tdoq}yU==2YK|bg7p1`$q_`8>cC_G17(c4Qe@zC-qEw_cwd@ZNduZ`m
zDeG<0yc;-wK=TxeH&E1$&_k+v;W{CTf@s}14J7#NAR@Eq&O%u*QjSlQZM57mxF#d!
z`WmkWjO%MG6|S!hp(rXRaE{_Tk89$UNA(t>a=e8nBQ=+;EpY>~x#gGv+f~^YlF+eY
z=#AV^GA_LMOD925XXN@F=-+~H9!~>*n=cv6mnN_ShXh1P;<5P(zsXh<SA-_n(j1?2
zXj{DT23gdFBo1a)?An&+&3VpDvA>}(Mj(dK4DmS14g<DM!x9}35Q9@Ic5fj#qM!Mo
zoW^m8`kl_*-Cf%XEqe;vK{V+wd?eI)b9``gIy^GB+FhY=$y|a0`v%GulmO`sD#E+i
zok79EQfStoj5ocJ>4t`625BQ06U)-N#!_NW1#-hUg4XO;%Xd5&@eSd477Ixz6nPAz
z^&dq$4mIP*7N5+hla__6l2I7XV!5K0<M6`m>4v;?7+LmB60T1J6eDp3feZA5JMfzP
z)kbkN#(%6Ef3=MbIT?zrS%`J>PlOf-Y&(e}=zzZ>@PB;+{FM{SvWc4llFjueAPGs7
zd_+K*K^%Y%jO`A2)yCBX?RHx%n*`PjLg=smsHFUH6Z~lX?Z*wgk{>IgcHF*;+!(H>
zHCI;Oc-VTbPi_|zikh7Or-9Qc{KP9Al5O1^U0aS5Z2~92a#v)o8(w=9|L(1@m?YVB
zA1oK)eK#5Bcx+;_gmq~V-Sq#3*5H;z5G5W70%o~tOIR)16oYS_CVgx6{(Rg0b3<2I
z{Leaq@j838p%mtZxFGgXDa>*l!WZxwC;J;PfC2u-SR<#**uZPX^KNKX##!o$C2@Y^
zdpE`73~v!NUCdYuUV{L&S@bH*`*nkP2pXHfFf^M#+9XXrdcg!|bKoq1AFWyF!8VWj
zq9cXdc1<S3>)bfULp=I%gKRbMFhuJG1Q1((>jz~%4~m0O8Gm9QlRhk&8a$oL6OjfK
zBm{Kbf|IqG@qXO^l(S?g<=&PM;+5y4#vqF&9bers@Swkr6K{aOye2<#0#JMeAxWB3
z!_;B?BXUWcMjze@Vog^aP$bK6AK&SvnE0p?tBT`{1#F=D0qIXnpdt^*OTMxy)fp)&
zSvJe-BsKo8U&PEB$*5BEAPm>HyQ0u!wxQqQd=yxbbL_`3ijq(jXRNF5tjKr$$+~fX
z*GnD+HBS(X{tLj5wEvmXdeUWj&dD!ZE;bAE<rn5(8mgvwp5Q6Pf5N*Tio4Io{d_49
zs0#eY{q3DS1^=<T*Wf>{=8-qqBP+J20=nIA!Du;K$TD&kG!RfVj3X$7HubTHy&<uy
zp}{zY(a)~$qA7IxptnVg1AH1Y&Pu%qKuJ#u7OnTV|Cx#xyQ!?J`1gm0`M^}t=28<f
zSr~HOk-(5`A=IK^a3|l+g(!@&DVp~JxCcIC^{X_u>|uo;A$*;15|F;l8T@lqO@rFW
zL|LFaX<%fXUsfX?<B$K&mB=Fo^6^vJVqFOUn6)jRvmo(fa{_%6FSf<CA+^k^hfpcL
zNgd*t?0XcbwCmSSw#)Lz=F3Q>au1=pYM3mU6O@>VtVKH@H$^p+@&hD`2ANVX=@VHu
z2$QrA3}H^uIi1CD1)o3nbDv`i&m-|X71~MU#`A-~kKsqTwNc^^&=rDFAN0E2Ztl}*
z;9mqm+y}9AIu89?i42kXN}JN)IpVDCZAon`&M5|~DIp*Q+EnRkraX(~Su*c?T}=(u
z$&WjeOzU$ip7ue<3d4>w>M)-+*nZDkA{U=H#livrl#FP3h2_Y#q7x8xRENXIo6=IP
z%8L0ib6;V|!Z>#_El?&&#NMIb?Tk>apLAmi`nN(1C0hAZ42zMJlx{1B8Wq{EG+q<m
zDJz-2T%=e^wJ>s%zR{%>6C!CnkR?miO$@s%3JX@*EG%lF@Zjj&@`#LG-<98(6Xmxl
z|0aiaXsRT#<=^+J<w{wIr{QdsO9s+IBpH_*(2t{e7`T4iMpG6J7XmYj<7+x@B+ja=
z2r>AtumA+6DMtFO$eM=T)%uKxJ(pbquiKhz5v|h7iF!(kpPjOE)4I|%-w!1hx}?WW
zA`h7V1m|bNOTg|L5CDQ{fZ~2{x4YHtd`R4w|F1@CB8d0%F<-5pLUOV9OYgFu?^A03
z2}Tc${6wD$`_InS?p6-}yVq^(KdX3ZqAwprRC_*3+^1k<!jG}Zpo`7-cQ?qiqu9KG
zb2FsppN;W7S9VQ<8o4b1=+z3rV@BqA+h%c7Yj=EYobKP#n3+nEJRZ{m6m&Sfb+QX!
zv)ZbJu3x(<Ia)>GI18(nqJ?u_67QzRnn^LI-b|sVpF%0K%O+5+ze|R0npT=NSurJ(
zMw7MXd=Yc%rb<?P$wVn7viuw&kOTyj^eLxGoB|&-Gv$eAiool3*xRZcPRamij-Q|Q
zDP8|RH1HpLs^Y)y?(C}PzrCGi{lAijOH(O;S^Xer4-Nb$g)D21jGySpI3GHVhwY<X
zhUO@Svp&0$&Z718i+Z5XZhnIofb_46fQ?l@f<AI%_m=3?T4CSBIC0r9BoP2zL~+YT
zkiH8deQ>zN!c6*Pz)1zn$Sv@AN-@y5-@m3zFb@)N=b|Zy1AxaYh=ZCf{nC@X<f)YZ
z4>SFcr%L{B^}34vXK#OZw~_y=ctrWXO2N;jVk7jQO6W(42dTv80t)rPTf_Jhya0v)
zA~=Q-0UN>M&c@5_!TB+m;Doq7*~t)iYh-aCjZI)MldwTt;%{LzB55Wt#veTwk$>;7
zSjB(P%bWNw>V=E{3i(F|dN78V(wCkG-|JH<{~yEnUoHRl_ILMH`~UXVUL*fk@hoRu
zS=3{z5%EtU;$`a#iX+#b9P+-B9B8sDvY+@tsWA;uO!}-wke~GGw?VcB(fryD93?0F
zav<YYW;s!erN5MgywVrr#&d<d8_%^#DU4ZoCnqOw&n<-Rg2>V4BLIqOHvF<QR|Fjw
z<+72trTIwIb2$?Ygsw{*M3d`$*96f-2|l%%d2iN_B>BNJg!6LzJJ%c~*qKA(q?I)<
ze-58{L)EKR1{@DI>gHj%*g*7%$_SOVDupyJ?X-**N<tVV2uAg&ra<Y7F^z_aLhj`H
z2F{VONDQkao(|o~?>L)&mSD=zx0j-P<lDuRDPX$gT_ZaPA)`&M$gZn$nkOC7ltf;S
zqhR(M3j9G7S$KlK4_qG@n}VAgK?GR+cw&-W8@EICYk9n53VUSQQQVwL)KGXSH`Bh(
zoyut^CqI@eKcrffBj@7{9m#3489jAJPk}G%BEfBkGM1-M@Mk8xRu;{M45t_1An=jv
zzz9Te7Tmi2B*nQL;~~r5@zoB90|qnI2A5M80T<D@79_&OXijYeQQ-d;jA$GjdIh}w
zNFx`MG%<ZMv=C~BZ+Yy007AB^C|kOY_I99et79>@|Et*llX3mT`~Tjydj8kj-|lWT
z`~OuuY((dRNJ(oPs;OR-0vz>mf`#ylUVtksUdR=eV_aOZG+|+5mc5DE*cFz$VhTVQ
zMAEGze!&ZOwCIhE)AhkC>2?(bBR^+f_%{SSXvaY$5Ph7RqEx-J1H0q%#&x9DQ!4+H
za1vP#r24tn?V0Z_e+g@Fsr=vC+1cLfDgGb5ot?)1yOKwLbAxrfw8#Db+57YDwsB=)
z6hD7!t-M2R#oyOSA4`@zCfcX>`P8<PR=1~Z**)z3^-3TTk`R*w1Aw;GanAa^!hMYU
z8uwA|liY=YBsfX7W4j%0Ypui*iKz;OLZMK@0}8QK8^O&ZztBrbvbRw|Kd$W{&*ilS
z7khr2Pgkato;7<AGTbr~S5lyLfyrblnmuTCnq}|xU0f?vo-@rJjPRH;+*0q<B_5%{
z4fdtGlz0=?<GEzqgRB44<9CA|IKg+^nPT5~D(WcoD#d9J1Px1`s$@FRNcl>Yyynr!
zZqNyOVE;x!FfxjSqFdgB7tn35wKv<{_PYG{YOC96%O_osG6sAjhu!C#Is^&qZhL|F
zCf@jVc8A;WP4ZG5vRsvy4h3-7kHmD<1m)H;5`qvjP6N3FPxt$9Y_4cwh($YTb@!jA
z{k_4-Z{SK1E|^3rDug8SeI%U3!EX55!Abwu%;3B0o15)!cca~1?aH64aoJy6hsT4r
zg9G^HM-*_A8Np3a@eRDZ8FE$)a@28omP5#3cnE9V&COO9`d&CityS38R|~LBU0ejz
zK^zYz0cAM|Pro0Y99wUP(MaEs@S9>{<K8f_7GuIJupK0D4j<d*707q`L_Vf0IRgU2
z91CFhV}!ZjMfB*4Admcs-4k+SDp*~Q%N`!@>>dve-sT%TWG<Fi%`|-Hh+4PS(+(ah
z4RQ`qCk#1fdKDQ1HKmbO*g^qlr`UL5sRl|`&4^MDqu_>E+PXKmH*7v41pArbi<4QH
z1AQ1`hm2=H0>GDg)4G^aa8Ll}1Ybz-lMa_b-Hk~u5^>DxwVpO}=-PFOxDmRvk;=ah
z!nSe<lN&_^wom{>sYu5Jvv^e{{j^~p&0vJVk32zID)u+P#T2tFHdTrcaY3~}whSIQ
z!z%Mppky`_xG*M+i<W#}vOvFPWWUNG`;d_d2`bPn8CksHD*?rk0t%o+n9x#zEM}2v
zx<R;vhaQ?i7_pFY%q?oK8CqZG&^lD+%;ih}<Z$N@TEGSIJhf>OhTZ?J7e2b3972j{
z*g*p6Ofyp4OxLiv43?a5gh4~L4B?atx(q?&V@8~1aBV529w_VPP<F~EmBe$(C;zQ6
z6(i~}#KB;vW++*;P_nIrr+po3J%^Qe3pE1P1@;{3WAJl@>w%Ot3n_2VIdNz(@QXMx
zl%o9DIGi5u$#pi?<!go!TQdK_*p%h5F~ty@o5da$s(YO(ROe+6oVwA9ExQlGzU#95
zQTGUt>oUywzY$h!5q%GFaT>ZgwCvM>2+BBki0jl8NybdfRN@zv&0kP(Xb@mW$gir1
zuWPFNZY2biNILa64|i?BeUDCP85fezlRNyFO)J^Z9FRRq&$P&mu~##xuxm@(+EBwi
zWD^t^Zx)_Imb#1-6ogVEDB1dAN}MTByHcu!BepDFGt|8<pf1n4Vr=pFC_PRwqfU5o
zHR_tcs8=&4w%REo=q<~OiwZ|dabO6D$|IQ4WG0v+m|Kcp`AxatfS4iy3X@v-5HfO3
zJnT*u9poOf+SeAc4?}SniTon`Wl98w5J@nTX1R*$#fT#`CyN(gs=WyrRf$0~#rfFM
zve$#&Y+3w}O^!6Y`;+`_g1)c=ef(Eni>QGyMj~R^Lg3@qgRZV+F)*A`Cd!mm@;SIz
zhpr<uSXTK$@CA5S2+SnYhLCbjMjl><K(0gNU|zG$Z`GE{hyDG%?&<L$kE;Iu9&{mM
zB%=hV86q}vh*+&a#A@9UVawe^hxohtZolF%KinSdCyb&MXAiX)%U>b#+#`Fj#pxmU
zb}vK1@;8%;PE>pvIL4lq2d5;o?8r#nPWP*}5Is~`wDU;O8Mlq_qNJPU<jmotU}kHt
zamoGUSB)N9P(GPrA8%8S=4Iu0O?h-8B{?*~btaiLTQ)vrUJe<mmsqs{r^kCWgFcpV
zNf7xt(0@H10BHr0KdRd;;#w@9`d9*YIR2{6C2O{9+4p~-JTF!wU+FJvHfgquxa}e0
zm&ntnhLeBL%T_Y34^iMKgA}DBkuTy7)eWwo;G+;6*`V?)vCeTMfW4jmQO$(ywTzKQ
z7#1&%6!!XI2==Rbz#fa0C=%1)gcJx!gDzh}=55XNv1?lv9{$W2s#$o*gwp}1e&%ei
z@+_s48iZhweOnLcZE5f=3l)fYd0AoLEekCyaCjkDq_j3;<Z=A+@vCFjJDG_N#2|l=
zRB*~SKx(EPUynsR#|!?Qz+Np(`GE5XyZyYhl;S`afPT#+r}ecQDzv|AB^q+C>w$yy
zQXK4Fh6Q?1hRep19bblom8k*hAqK2(<gilIHl}1@zpDpL*gD2-8jN>ldFw_6{mv{<
zzC1O9ek%w4E@PCH?*IBt9dYm~hl8O&f;eS3&~NI9gV#A6{DMb6;aMpm{DMay-_;Ne
z8=Wi~1aiuE$lR-X0H3G<Q901Ysi&^{;Kpj!U#IUdZCYHq9pEwa9R|4)^&o_`EF$*N
zWxrsjm0)2XT|&RiW|jm3PcXYFHQb|LQY`-A%Ti_6?q!Lht0uG^%Xkx3aqOKiRKo+{
z#%4ynfr1kE3ZvbS;MY#oxv`bb`@b3Fwp2H8PtJnfz&XY|?0b_kGz@m&<Sc;QzyVnb
z>|*sm$m<G(>;|Q>ZXO|av05Nxvy(^2kW2#XE+!IPuBLRdX<IxF0wM?!c#lp<P@xxy
z%YZ6WKMldAEf@ZHamFj~@Z&E(@ft$EmV>?u^qPU4s0uH{G5%N%^a<Fn>H+sg&PSty
z*p-_`{fIpl7lZOWF`%{cZQ9IO5n`?^=1LEH@+D;7)&m2!q<DmxPdFzuP;xPL_fe_T
zoR$Mq5bTomK+NkbVs!W`@#8Ni6&NuEz%Ee>Ol;YrqR!J^!58(*`f<jsZf;+Qs;-G@
zi-FYw1|&y3Ht`s4ii*c(9kI2RA#pA=h{xC^3_I16%?0R^5ErfC)Z6#Q3oue+ENo=3
zFd<xMTkyW)V9rm@O7BhWf}l%+U9=vk+039ug=uul;(aNUFjK(9`l_k(&em22Cm#<-
zABJR7p;$S_AK`HH0fuB!KaI-Ps{$r=17`syb_1t|n0Q@=i3$azjfvVRA76E{n5f)M
zKGts|dDYFrF6F0wB&JoC*rv!_i|ofHPQ6;qz{sl%?3E6=c9$=&)-sNp75kvFCeFUC
z2lTPH$enVhin_wRk)QP<(I5V5fv=*u)eHw2mt~bTV2}i$tYGrG7^LND$nrB<#zog`
zwZ30_m2po#Bca^Z{wzZSKO<qz{idd8g;%y*IMk{CD>h8?wtjo&>sTTbXTf&4E7r+b
zP{VlQuWfNqnI*U(C4rFZVjqhsE!C}Q+XP)wNrsRsTMyi<R^z7nG+o3^Ezi}j*U}YJ
z!7U^v>c=T;b>s=HvPU>M9M(^ecx}s=Dy~Ush6;@U{TedwAMJ_pwJkZG`l#&Kbb34h
zhR2xUz)?|2wFWT`9Yt#vqT#hIHJ);|b5J(Tr<{TH=4*)F@Y=|LFA~rO?l<sFr2oDw
z0W#v4)y_Ki_3P~X4ubJ~BTYHggJ4`^E6r}FQ-zZXHE97SwbPY$JGO+ldnp*oxE|TT
z3X*(Hbq-h5?bu?Wl9Ow9D(H4%=?*zH+t#|B^_;g|RqTxn4c9RCMz@pkJvI(zC&b5G
zAU`kBXReY(jRUiEJDXXCcUrfdzuU1zyTg;CZRAV~aZz<90;EIp9iAM4pb#>AjspP*
zrpP(N491N55OESrfCxYnM1nSKQ$O@n<XEI57pI7<s}8N(d6f<2l0Q3ersFi%4eU$=
zn~3DKMSWl>aH(%H!{}IF><k3<L&`LHoZ+Bm_Uqjwp-xmp$!S17M%c=XRX5nXx%?hw
zdu#oI<8?FXZ+1pfFw8-&bK<~Y=SW>F$oY3-;iA6cawY@Lz@b4g#HS(&;?Mvh>s?L2
zU(YzY<scu_mJ7tPB`+{Q<;qZBz%v;o`HvTQ{`b9BeZrVvPi4d)fh+j{hKnf{Q_M{K
zV<241UWk|5^glKoYB!T&rU>|tznlQWA;VlshKlc*AkYS2%797)To8`o!-XhKU8u{}
zjc79d(!n|P&b4Me@9-DDGtseXCpW#$<$5yK%|+WZ`4W(}Xs-2XG?O_-LcK>Pv@C9_
z!iXnd)*K-@XPBP}zQ9ap`p=_;PE<N$%xW!RWs<$@N1h-mnXcOxqGWe{blXNIQ%gxi
z>CB^=%-DJk<bhkfL)XvicZ1%|q*&2zTE~%>pLXNFm3dPW_;Z)d8q%S|cJfX<hrdFo
z(V*{`VW)(5J>sj@ZZ=Iyg>!Qa-I}|r*|>&LAPO1r%HBNQ_+8yh>XLp~X7OV`t;aNG
za+B=fbK+q8BBbIbbV0$Ipr%_u%};pt0}9*%E1y@QCdgPVAmazbrxjO=6$Kvg;?HC}
zDG$j~yJ#%kwXEmy$I{q++2=I@e4{|kJ4m2PO3u8j2?{cozyYJ4=i@+BEa-{?H9>_f
z!yQF@TE6+qH-N&>i!U|4GPA&LCKri;vtolUz*=YZLMBUzgj_HBd8lz!iCSZ2y;Bj8
zp#(1(+nE}Qg6mnIVooFG<k{p8lnV%vbtzgC*jGznAL5EYzswW>j_Viix4WK|63+>@
z*L}Pea*rRe)SF3JvWL%c{^C0O>@h>KkxS;QZ4tf_4e@$56>(mXqI{ZF{(FZ80+E2n
z>arK%OiXF83?I-rG7n3VWqsX?ZYztNf)a74abYf5A4)2F>qXI>fcGj3UQth8J^f-9
zVt9eulQ#T25W?#$rc}<D#kd+1#sy$m7%ry7$qKd;EWnMJG4RBf*okT=%w<xK41G~1
z_Ye0^j%qE@ZrD=XP>Cs-{lTC?%P)$M##9m$(LpuphK-E#FLBPw)3u50o0`C$$#3ik
za{d(r{poJl(pukjOS8s(-Se`Mb6qLd#Hhr<H9Tf!@`>#Fh}6wibYm-{bQDBrH;UTP
z@vE$dO_c(D_Yygx3O@C67>$OH54=pW51*?vRW+N!O#Y62EYP-Yvu<E^b71ZvF81pd
z=%ky;vZ27FP8~(uOg;?>=g(F4=U*x7*~}Z3y`juUqJ|4IV?#Ej0j?#N-ONHMXx&7C
zOa_c2M#sd%r^kDBgEA9@nAXnxC6lb;M2f9718^%B7^Hqixm#Jc&44m8Ce9JVV{%zH
zP*=-99Y*6Cf@%vq8=cqNm<b7N{S0n1X(B2D($z2GZ8wt_;?zfJYNRp*L_UJBSfVDV
zh=rvvNrqIogg+{K_1A)LrEVJR0K*)!bL=YJ`mn#hcMCjhS$LqqAc*{e7h&WB9fKkU
zUOz&3m6a(cdqLhaEM#=TknfXV0v-w`5h_cf{dHp@mdTi9eY8{bz{nUUxuqLJO*{va
zv=59HOw?;AlqZ=UICdBo{eWK-d{Bn!73AL41pd_w{QrzF7sY+iV4(1}COF9Cf}mqj
zsqp%GL5u}I!BD_S*{*+5@}?%h$Kqf80;eR&93ob`Rk@W!p!JFCdRVzQ!#DWS@gf)R
zThDUgX!R=ykdI&R$6~;A7~){C1KTtRup^+`?!Zu>z(vf3Z4VLu78pun^ajK^3o`gg
zpX9K!jd+ASg`GIG$Zp`aPWfZudG~>-jCDT4<5SK`oal#B%ES}}E<7T4`g=e}lE@*{
zy5#)%Pd|kaO)#7u@5N;DsLnz6ftGHvo<ib?h{@#?PN|^X!YWE|qznFAp(z#_FYt(y
z!cplLJkpdy8H_wS`L{w%EJ<P?5$|Wr$e0uo@1C#-1JMY<Em;tdGQ{FpG{F>c7-1a1
zxoPO{R_LcO^7wrkoZSa@Vj*;b1GjL>daEAhP=JXF_BF;n@)SkMzcr?xSW+DkCZ=vt
z5AnTzKFgwMISm=6L!qGn2E#*mwb|+RRy&<__<b-ul)wJp|Ns9bfByl${r1~$t^NJh
z&JK*#?f0WoXxs;SHxmZ`Ck-$O#`GKbMi3v%p9LN-2MO{GxJaN8;yA^#iqo2kPCCAp
zD%^%QlmWg(e(2$4*o_zs@yZcmgi8YM`<M|2t?W_$t{+UW_h<|-?*rkf4DV4#F5N^v
z-7~*)IM<ICkvDw5eYCy>zaPKZ-q>8<{3B6Mf<TWY-NJpKGuGLLQySod$RA;LjZH?C
zhCmfxw8bnx;1+XNC&eU5huKE+@qw}vF^-LW;K$+NLG1BUSlFdoa&1X#HA(6bg>u_*
z`*}lt#SA4TB-fM}v_exFV!A*aJj4Z<Hrg=64h>wcBcOL*Z*^LoZmZKh>GV3i&cFT*
zww%>Y*6Vk&ds&h*Ao7shF(d_YiB=WSR8Tla9+8+#yHh(+jj1r>PeQ3DNFH4#KD5v;
zC6-1Q_>^7*Km$dMr;jC}*nJ=<W1C6c$iqiczF=aO!;^jqVg79`l!L2<{3I1vkgsZs
zgN(Z}=Dfrat@Kq*z~9V9&10hE-c~)Y^@Z(fC+iR6mSABwaBGf(S6P#FMx3H`lYU-9
z`=-@Qf{~ISRENJlCb{9Rpic6KxF|2I))e4wX47-=_7r&@4kr2ae)uaK{j|NS(s6-P
zC{z<{#Im9@^$Mm-{~j1vvoWw=NTpJa1n_H^g?crUL1c&>L0L)m3_DA^DpT7O8>`)n
z?~gX0-1c-{?mzP?5`_^{NF^hNT(L*1{8`PU5|N^=3Y1(LSgP!8O(r{*0XYxKV``~<
zGG$?HzHYcPMy!bQ-OI2<{*`ZF_cByM@Vv_sc#+<VynL(|BX@?p*ZJt%gFtDV_UMG<
zEdb3c@Z>w$2lhk3!I9N!MpT((B7^<@QHex-G9_Gzm`a0gt3=U=MgnFuVnBQpf}^!R
zwX>RB&7>IlS!*hbmZOUhm1;Iiny3k)Y^CPW(O{?2-2#pf(N`}6bu9~74PxE!vX<Mq
z=j>dy+p#mrO;l>xl4x4$d7Z;)t!A>E?9qwNP*e!45O3pR3W5T@6qp6blbg}{ht>9_
zUo*4b)lBk}LEw1mx_}RYfqQaR>a->c=}QIq9R@Dg1s|{Yp2>Zp#;-yY<PRw74dh<c
zWUgQ3F>s7s!muMwj|Zh_h~I-<peD%3<WCWT<q0ACtR6ro`BPBw0;iVnX79wu4D;#9
zS+GaOg>-#ntZadpE~N8d7qRi^LJ6;CQk|sk#%~!4M8Q@k*1niRkT3OkxpyYx$pLZB
zN{s4DU)6+=*9$2?4yXwoP#)xd_fp`%#V&*qpF&_2uC<t#<VtZozf||AC6~HEZA)=G
zgrkvHSo=ePM5L_Dbh6s7VbR+n+b?+Z6Q1!Q7D8gbY;J$SBamfk7;STPEgN{7hIltI
z<I2ypd}~>G)eRGQ7c0ydcK5S)O(w^+TJeY@XhB@s+)BygUBt0cencEIK#`c@K#)2{
z+FQ+}M>#w>(pyM=5!vYak<*|gKltIvkx3`R+ptajP=`cCY$g$E0*Iaxd$2XbWF`b9
z9T5-T8kxSTJ_nzsKy7hp%dT#zQqHZPLN1e*r5}kYW#mun9x^f^LFvAh7J_`KnxG_e
zr!E)`CK6_yiFeMrT7A=p-C#_aqgD-=B*l`aKOQgRJ3~?|+KRK_`@r2U&G#jDF=)Zb
zSpeUYz$L*11}^-7c+C<$t!9$YoCY2V&ak^{^tGqNoyU&%2p5w7My48Y>Ja1sa?~v&
zhZh8cYs6@4Q+qTn{&$ANtxRSC2XlUM7WDa#7iHNM3~foWa*$B@Nw9L76ciX15ep;+
zG3Q!)0*J$pznpvp=Zs8Jn*<F*GU<DHb1w@I8CW@)1ah$<Z$cRnQ@?JM^133wUPUI-
z$|ChZM<zp!+^Q<jP<T}n@Vl8Dlp~KgKjB%a09W?5CP-K<;~H~x%QnOK8dS?0`Dj&z
z36>A*YuK2{U?V|QCVjrGJG0PGd|4AL*ca!=p{SA$3a=jTexJ!)lQD142+E0VbIz=J
zS}ILH!u1<VcWxn5rdyUL^YP77CNWJgU#qQxoCJc+mbF*wXa+tCX2$K>@et=_H~Nnc
z=*-2mM^KqcAp5)?j3$%AW{*zj5h^$ul)kD7__j>-2Ava!1{D}6ds`DE*fQ1k$T@SS
zC<w53au)1hkDOyR+b_@g4_0ZV{)o#%rb127v{sI$Z7&e^z3^_}hLjZKl>)w$BZgfO
z3N>qjxb<?x$#Yt8j6YVM`7`KJrQsNVgdv%LU7;pe+9=1;DQ8kzIzkNjSd@D^*?2nT
z3}gi;)_6EX-Q!lB$p>Tst}lda6-b3GrHw3I2{Q4&OD!wEZqnMCOIp{ZsJdar7Ib&0
zGZd7SnQ2$Pt_d2F@Jf-G9^;P%eS>Da41bI;7eKxejgmfrZ0i$975MAzj84tCXO!qx
zhNnmH0t5}yfM&y!<J0Yv)8qbL{AB-hcmgl%vrk%jzyBM&P`4Tb7nY#RjnzDsVnI^o
zl(T`Gwo(DT)#FX!&lxh>L9p%+<~~=KJp#K*=ve{>mcS)E^w8`8`52a9Le6nuzN=e)
z6rc%q57`6-<WI$!xp{RMio;06zszBD2}lt6ummdN<`VeWA7OSlh9#h;Wa^3Y<1Z&M
zwj~PXUO{}!1@c4l+!$1t4o{A>uZI4)hq#dEAyvsd(;1@UA1b(5+>#m4hg?3}w4-FU
z<2<P`3euFK))SL`(|%(7DXd37C*+h#fEXhp$rYGB5Huc9nt{$dIHq1)P~|mCY4c<j
z<13dfEB{m{mNHMXIhf*JQ}<3-0y}+;oXjK|I4nUN`Z^hI67N}7G=Y1UlF+?NU;^2~
z5@h1GN}|(2NtYlA$O%gj$Bu+0&`}L#W5tMku#^OmTY@C4ni_(!j@pZ(7A^tPD73Rs
zBtPS{3+e&xdtCO+<xfZcXNB~a9Vw!WIA#)I7nI4LT&VvT#_~%{Yz3dsga{e+JV}E}
zOf;lt93f+*9u0QP*SAr!4sv#1W+276Ol_TFlC({Bl69N4IEbmL<W||dS|schix~mu
zJ{hQeD16JpyXKyXQDW{e5*ixGvdvNss92w2eDoqPv=)=r9k7;r#HW2$w3+{XAXXV3
z%&vi99hGh$bFP=Or4JhT=_9!**uV82#<IWOvY2NcvWW^wZ*_Ds#XjDq9%botdUH3m
zstwFu8!AlN5`>fs<e5dE<rxBd*y3^WiQ)9=>W@``S@_kHd!z^ZRNN24i~xRzq(Gx<
zkiid>3v1_*%jGn5ODFq~P0T*JKN0adb%<{i>Ls$l&=;YZDD{(jyO$whv-~1gOp<vi
zeZ-U?S?PYt(RW7jK{|Io6MTW0_P|V^W<4@vnu;A(<EE_BPdpr*N2j<KeJ~OGc4mR~
zYnL&~xb;ASLmcaYu{1YNa(3rdxqg^Z_&HGyHTOt;n>l~AyC%Iw6es)Kb%{s?E%_u@
zK$|C84~8=?uwSf~{!$JZxn@rJBwJikO!{Ql-{0$=9uKUatJcrl9;8-8<Oy;v#Y|T=
zX9=VO*J{@xzUHr1p&^Z!gUy3<>xx*AvbWvKxCs+V)ci^#4csSXY~@0e9Al2fG5&bx
z%*pWgom9Ls5?Pws@IK+p-UbRbyYnTGA$oGp;ADcLc$TXDUZBY?Z)<7v!_Z!gQn(**
z9+?wF{LtiO%Rkt?3{^3#7J!RAt3<jYw`m}d6W89s<G#bRhjsdBA6@nnX+`-ZrlV56
z=(~Y)jCt7iCM8dI1IK<kB$EKUx#9s4^4zb^AL-bByg1|8UzUuKzR(8)`?o%LN5b-<
zP8dS*Nh$#)mO{z9kB6fV`r;w;Xg6?59;J{T<BxU^A0xuB+-EISfW&~!-e`zzt{Xqk
zX@4wMT7t)6q)0ApR?ULGEmHe_d>|`%mx1zxT8KYk5l?k8=1e~b#)VnWJWi3Zdnp*Q
zgo3<#yCo-?2_XJFB}yTVSwcm*5D5vUZRg^ctYZ`6l%gVgFzWXZ^LX~+f^MRQDYyqn
zaX2>rj>}~1cJmK2D9>1_S>jWw2ux(D4|$uX7*J#8V{OhQhvM9QZLvVrO=YoU_G+&3
zV4Yks-6zZLcJfYm_o1TP!Q*(T&J)Tk9<GY#M5^Q!+X)i38k)czF|UljI5g0L{0Eb_
zTCqF3ZamQ`r@v1;cdG;T+_nCjD+wki+vNANQoeD@+0FqhDbGQhcc>+k@K&DrUGUJ4
z(QB=#^jo3yK1%k);GBBrnqzXSGbO0r=hUohol}q{QMawT%eK{Bwr$&Xmu<Utmu=g&
zUDajVwr$rw^`CohoQHcN@*yK5V@1Y#$XIjC@r`N9{5_1g8tecvc2Eg^E`&+68#}gZ
zJc&X~DN9`FlM(8*KXWy${@v`%g*qhYt}mub|Jn&-Y0NB-WcveuQruVcfPuE<k8}ub
zj9KV>*WebFT&PoWXu{Dy*PIir=~A)TP1tqR;-5)q4mp3Vjpx)>f)CulLMJB<p7|#$
zF(i2*Jo*d`ZiKSA44^?slO4zx=Ej;W1v0_gH45oaQvTh7JYsT6xfRIAQ~k65aMPoV
z!jrerpxP;=sg~a>LvzkK*_xnjC`fo8aEpv1sz#+58i{y5Wl4?@-1RXuq9*>_XoH|4
zo~eDvAjx<Kqefk0-JADyKXxM*b<tvqSYn=U;~Lr^|5xMm<D9zkJ+@Yk)={<_i=j%-
z^T*QdWp)V<s=KPy$5l-B@u`87#pX`X?C2k)U+(qT?v=9a&*q3Z<l4@1v7=}2AqdLp
zH||bPQ0>dK9H;|L?q;5Ld!IxX=XoE2X8gJTWZ_^Q=6@mOXbH(mH4NUatD_a|rtK}-
z?kSs$X|-&g74z`^9WJ--f<3|SRcgkVqD?YO8g?v6hgS4z=jw)Jb&+cZnggbD##q91
zVB4O<5}SmS(mKSX&|+hd=``F)S0hmfcC~t#%6CatW#i7Q!F(CQ3?`O;QS_+$ao}#U
zEiG+QOD1UyqN78+Sv%+awbLPoAIx%^2LaNYX~6qlp+045_%`|+8@{rN+#;@W)IY=A
zsPP5gXWc{kd{8NxZ(RGap(Z@RJDir!J#URa{t+4^%`kNpe~EpDoxFzoMYH_{Id5nz
zv_z$|iZT+AUpa7RMF;{rUFe>K2NF;5)1-7tJfStZP?bt@v*a<$r&!^MX@wWhr<Gr=
zGP%4<|JTk=B7CXW@$dnh{WEkhZIEpOayuj=%dJ5z8h6-P#YOY3--t79#)Q%a{q~GX
zI29e~mZzc$^g@X|?f0;U9RBrf;Qpx*fb0)i6^HTwnBJ^|kNUSNiwHfTP86*<u6P!O
zfiUIa73_U|<m1ehHFfmX{<ePVd<R%oYheQxbab!ju3uEw)YyKCn>DRpT7N-0UxDs?
zkne%i0Z+Ug^gMRD<EKmH1%_sph|InAW|8mKkj*+A+nW@7v;?McC`kB?hM?g+?YDfE
zIEek$L2ZWaD|e0jbVwBB>E?dCwnFCc3BF@_VL5E5;eH-Z({2h<%WKrfhls80^LCBA
zi;G{AWSnaD7E>miV@d3|$3^6oZ8y4fku~nZNc@grsLihQfMq*q7rB!;xGcjdhJ$*;
zz3VzNB&}N0DQXPyMN%-p^D!3uk;r#CdA(H4U1G-w>wt(L{J_{ZjRSpVf*hRq&pFs^
zyw*9I=fuY?3Om_FmGtF9Q#QNY6TD#31&>1#nH9u}0U}~i1Wn<HSbov2NlVqaFv{&&
z@kK-mQBJCbl)%b#JnZ<5MOi4uDfBQ{Mx1XwSzG7sAk6%W>dUDm^0;P;x93Yf>|;6G
zaGHE<{MGhN<2TTSjcvK%PS34iT^A4!B-p#hi;hJ~1;+ye=RLP)9Q+wcv{&}hL+Cg)
z19tz^Fyy45iQ<74oCuBJ9nOn*(ENiBWhxOY!9;&Wcr1WJ#L$vg+>crt>PBQ6y9+7_
zK<m2eA4>UgX@ZLYY6rohpn915djO6HW#_3u%**UWuI*|>thwxZ{)g`tfxk2sV98uQ
zRAUyvf;5eDIh$iG3X~*}C8s_E9{l7-RI7v#AK{D;!a_y7H;b}c{~$^Ph@HrMA$NZ~
z^4EV%ha%%RU|n2{Z3&AV?%rz_$m&F@$ry<7^H@Q}^vqi*gPUC1Kee{1jlS`3U0z>Y
zH~TzSzoqtksk5`QbG1G8bhmfkHh%ruyWfD~h#K1Vl_#l+axLk48jdJKBD}7uL;}nm
zDf{!Lv_R`(6T11U%j_mot=G>L5ncDRrFy({)P;yd03wn4>38jVawz<M2IZMKSHW_{
z9%`%Io<GbY_QN4%f%_C5qT^)+`LN)uyWSB)8C5t``wuzM<SQ_7{T|aE7(bF?`g2$Q
z*Y_tu`skR$fMC(gUg~KeLex;p_LqPUUOx1d&pYjhI$Weqlg$_zHJwZA+hTkYgSMjW
zC5L^j&Ll{j08D#1b@yG2*#4{2iuge1PSg-OMcfNa<NFbMCKF;cj{1yclU6QpKyTsR
zhfB0OM&~4k2y@cZ9Y+1u_Xe<M(2Gt&OlpV|wTAGh?j0_MtWzdvUc!MMUNYMX`tO2l
zjsPI?^O%EUZo=ab6sFbs1+F3aW2@fey`1eJva^?NiMf^O>E<w8AFJji^dyIt+`KGI
z585m|D_fL!0)&R4#o0osREyG4o0ohDAPhcl&f+U|_Pq1S-_3p9tln`cS8@L*Y0<wi
zvpwequ3DfPwbdV=M=Xwfq2(d^vD~4^Q~~%4IO?t3gQKqC0y1N%+UozD!`Bl+eL{YC
zAq*Z$iDECvgD9ra9Hc9NP>>0F$D==#odOyw5VW>%4tIjZ$C(<IT;mgcxJHsGp8A-3
zYS8PjQ>#g#MOa{a?}U56`7?+R2>~R_0GuchFZ~EkJ7=Yu*AO#i(K1;91M+%W#fjJa
zjTtR?a@tgY4;n>%k9wxg|G+$*JT>C#Z0+s7m>^l61ecK%96Ux&g<a**najKa0-wlq
z)%6V-lSCoP8kNzizwCf89+p!LE#js4Ut_-cl(@k<^a5)wAwk7zz}M)`@ur)2$8dk|
zjq$U-m%3Y?|ImoA9_|+Ac&A?Q^Kb`u!0tPn0>m{W<n^~N5ithfwH-~V44rDCnrCcH
z)vv)%0>itW8g}`cTP7=@GDs*tB;_Me_>j7K``lxMNCejN=bgj4M1wMpM>PouVvJ~{
z`*J1u;RCFNo0E9Pm6{&YQDYJ}{%fWmKpw;m=}dzk@BX5;XEMfB1cV&{%SdbwIR^>>
z(@`=`!RiMG2gT$G!z4nH^+#xb%k35g)+0|BIT6RdJ^y-URGp$9L2qBlb73J(rV>{c
zWbX11D5JjU3`a#eG;c6v)+uB^PsF0Sp=C4zX+$gVVIhp*L1v@NE%&KxSdQ3_=Ef?u
zsHS<(7EDyE+ikZ+^Zu=g|JftGS3(>^i@S(55(PnJJ&GTt%N-5n3&0CddQVbtXZo9S
z?qC0iyi^~)$ISLuv+{&(A$O9*$|R2+^guTk8<K8jqE?@!L!5<&!FRrkd)E9o^{?qF
zxpJkN<M+^ws+97+Dtt>RUiF$hI7Q0SI%ASJW_-fvo|sH#nlUwhG(fz=iBs#?1=ez4
zTsaQ?HRY2~b<8QAbej6390-<ygP+3>I&A7&nI8yK&;@?cuw-%JJTZUFZ#6*vk<M7~
zM`JqVefPQxS<^KqDSM>`k9{jJv`8!0WsC*!zV5^_Uuw8}KD~E1dwcq})c{{#EsFt8
z&nZz;{OTq1ao3*YJs%s`E`P*<Z{(kHPHoQm7{{V(5o!}M?-10!13`GK2zXRQA)({l
zCYO^g$|4Q|G1NOlEJ~1|sk5P)6dd>?E*RhAM1Bq@!qo05G#McM1=O=gDiRuZ1PTiT
zg&Rwx8WShEV}sFk^MrmFRl1@V&8ZqHk`oH!lZ%tmtC_Sabs%Xn9x97VmC$(&rqhWQ
zm($@ZV3xS&{R|E(r!OG@FH+s(Bkha*@r#(!H0oX={8XgsfO4-k{nSy6ILs<6VMZ8X
z$|dPX@u;;F*}S{VCTA-(=1%k%;xQ)v(Ge6`+^(UNnTDEUU_KmP!?>%3d`bP^A?mmV
zI{REqP-qSZR*um+1^TsC?jRc{G9?PP(ZEoXM^+f&2|P|NL|DHx-?Ld*&di58t&%(V
zoLAzrq%e+Kfe^*eG#ncUa;YgPEU9obx(KTqy;3InM?~pR#hx%ukd8RZxy)?YP8!zJ
zW$bwuuq#efQ+U@cogxYevI&9?YfAR7SjFKHsb_A7BnqYBw+S{DCI5&x^!1Moiwx2w
zwKx!`RxaMHiVdj%60D+vX;jDl)F><mKP~Cj-}iApwmzJWfAh(VYW@>B1T|Vou?}X!
zZ<;w8^NfT@a+nbsH95qlQ;=jy<w{RiUwV^_IfP~}8&db{LtSOWm$CH&aQff%&-SG&
z>KzQS(1tWd9<`C0M-(_&7fxZoY$RiFdPpk}Ka|J+?pPEGu?3Mq4IZTko6a0E2;{|)
zA=&m8kQ_@^jGCZTf0|8{ten<duU9FRCe8m8GWZ&}C<)WBVnLw7)!y-sNXVf>f%@*X
z!>FQPekPgYoYCgj+#_xI@fhPoGUHkz$0{N^eFDS9>?%8Fhizzok{T+CnT8`*wY0`>
z%94YMOf^bv__)J`P(U%P3xZJkQMDkTXB%qGh!WDl24vwnfLEW>V~zga0Rf+C5_41s
zeL;q0<X-Y?0Q?&nw3hf9C}VjofA>^%tr_c8N%}z-A>p4YS#0HOM)jVjc81}(>ZGW#
zQf?j!`Yc@2(bin{n+MLJ_TI>EvBdzfzzHsN7zYWo4dl%Sec_sx%l*2I!dnl__m?gK
zF%XIw@>qRwNvxwltjGvyd=j6Ubt~os@8_b{%2G|wlQHh6&pbr>ju81$D+$h%BG#E)
z<rbX2r$z7z;eMK_loXO=i&`6MX~EEz91!Y{1hikYQDf<cm^C)ufy^zFJ<(0Q990Y4
z8G`U@0FZZ<7#auQvl<La3q-a3^}yl)?HtUxbE|Ph8WC%2q<bAi>drqzw=0YXg`$5=
zTcD^RbW@HrP$YnE)t|RVUk}L}kK!k%N)!9f{&~mPzP97J8-87@G8Bb~%7$#Vz%)H9
zDev&NgZyB{o<EZg{G2_ah*BkdNZyj(_Wr-{vz=W@pnge@n|rNQ)Wpr127YF;M@?eS
zx>rem!sh<_fWDt3!)s#|kRGa`YqF_odFe$y=6T@=Nr`Mvc@H2u@h*Pdb5H=-IR3{;
z;ApZbQq+lXJv_3nfpF=SB_YFx>`-Z%1LpbfnVFyq*EeqK0hXoc$W|U5IPOv)s^VQ{
zyYTlxwNzrfF3yq!zR<){M%u>Wx0=)><zlh0=ItfibZZy6o>lBp+2yxev8???+Ky97
z3^==veTj5%dd_b(@f8VJfL!0@e_rS=GiFgwvFZ0x6}Ydp&+krVtM-m}qHRfK<FYAZ
z!^o^)-jp}7LZ)uZR?JF!e`VUVDaNi+q_o)!rP?fwTUc7+$_QGEzf@h|Bjo#1mO@Gs
z%*?jN9R4jc8=f2<a^|Q|=&l4E&D~yIEZ&?(q5T)^F0!I1{~>oA)@NV{{C%joH58ag
zq{`j~(W$uYqB&aJEgr`$l#RBbnV%h7nGYOC3gwHX_L0b6&yolmox2kA(`QDPC*nr$
z*Ptidt}rfGZijOPbrM(f)kaw3)53^|QkAKCA*lXgSgn@2wQOMY$8d23H>wn)5nCz}
zzo1y5MC!6f5?h2PUgl2gcQo;I0;;=vG&ZrvK+(LoH%sp&!yV6LFo%wx_yQFG`2MRt
z72&7bcXx|KG(H?IBoS3`wNhdW4^phB-Y_GBWnOF_U(bJUZ>E6RMMo|Jlfn(|gi5;z
z8KZP_bD}Yj%t<SuB;%FJMt1gW=5Kv4v~lH>?%9sXsZ^gz^|H^4v0<xEaA~>*WQ@gA
zVrRpK%-Co_z1-Q{1uJh#WX6+pUwYS3c!2h3L2>@{r7raG)6Wa?Plt;EGWt`Bwc>3L
zkmZ$mjd@X8sKjD3FZN}_(Ge#me=s4}*k%%J$?+3TU7G2JdIosw56X3AyjB~mvm`&=
z0(+%Lj^Dw8&0U%0aKL-el3qt|OQ5{-)JgqV6oWx3;9<h*8xpgT{Ipf?6Lz$wj&OsX
zjfPqLeaf@78+W{lMNF^+OWZnCUSO?sP;F<VIX{(Z;M!tU>FxqjO5|v)yK#~r5I1H=
zu3oYvq*=f0iafbhQj97#`Nyeh{+86wD5pN{t4lsTCnbZ7e048B=W$1NK$5^P<T!X{
zDXTe)VT?$isZ?!xwyb%jw6yG<MrCW+mHPe7#sZWP3zmz0kjhHW>PMPbYj|9G5`^!f
z;oq4d=H(6ar~oNjf+q8=3!k^njfMDtkL+!#DB(nu(<YWk6XhYg;mmaA%>h0YCpUfN
z;>Iecfly=Z&FtpqQ&X+ux&ywFM-O6JyU$F|xR~dnPQ?uhqjwDtgfz`yk75k=#f3Vu
ze_HBneSZUEBPOCkVn+-%&hC!7XfMbM>2z3es&IX9J|z^4=INoOu29FyQ4M2Qj9_ox
z(Y$=eix5KYZN0{u#hYbhK*#7PT=*+Viqt18{A*4u>8~fv{xwUePSm2up<mLtahqMo
zPlEt+Y|Wg$M`Sg0KN$moNI8)KhnAp+@F%!x1I5{OYCc|E=EG#;cszSMfA?LDq<l64
zf|57j_eP2_w7p|oZVuTT%=h7@4<IJJqLRn5Bh%vGaA-+W5L|I+Ije(tGD(rVjj-hb
z^Eb-<ZmW@8@eeS~=V9a)vvXZPkr->#E!MYY(DzLi7}nD-tm_Qg>ZH}7B(z%P20I!g
z<lE6b)T4$xhFA|2Js5a>x(}4cfYVJiSGqPoU|)b@Eg8?iHH~%8Js{$p2ZGOZfDuy~
z3|-83AYc0p@MF7nP4kk^iYG+Pif)-*REbjtMwMSd>?;u@(@jK|lG*{%BbC=mM);D{
zR_>4&iKg$)Paec5cf@N(Req-Ev5@!|^Z=QL^{=dK7?gFjBFu8$6@{V&cW-oSC2W+b
z8g#354vcbj-5SUqU|b`sb1ZofXVDXp1~@F%E+rRv;^WTzF_<(vHzbc07G+n;gEMWK
zUJ9MW5fzw!dEu~%wd0loRmMWnSg(wW_cTtJRxRYDsfVIZzM3d&+lg9IH1(k0l5tSn
zF*d7F8J{$U{P=@D17Gf5s6jMnoK<=IcQWNNsLL-_Ik&}BObncgxmpX5tcTwPnd7Q0
zk0FduM`nn=A^dQAh84I*&6d>^>(e+Be~8P?<xqb|3>b#MSmq%-kd+4gDH~nY<9F^W
zg{;8Minc=^!@GTS@*!CkeGU`L;j22<j+s7;Sf5Uwc-9YPCXMQx>{Qzl5!v4VgTxpm
zE3*)BfMz9=GR=VC2emFh5`{~2SgB?(w>T-;-D1^D4Y?Sgo~2Hy9`5rH332)t0t;en
z;rmdOoBetM2f7@IR`%X6aL(GsXG#Qxj5-j;Gk_98Xo{OnBK9P{0B$28>fMQ#Aptu4
z$MT{?7+6quXP-eiPK#---*)cZZ(xsRb-)-hD}$hCF0G!=5#|bygJ<EJmwu6f;RQ1S
z_Oo8|mo5tbUBXn`@2OQ8c%}Mt9nko1X?mLhMcA@fhaLfqd|d^*9uKG064zt#H1SG<
zfOGig5neHthvAt_om27(I61TYkW|v&&2L#lXFqf{u2^w5P?&N6b{>%YBU17P;c12j
zd!~46*|C2^;UEAz&-Tt*l^2hAPZTak2Kz|)tc_QLHYCL0AU@+~qKXF?682@(R<P5~
zW}Ft~m5BNRZ_)cwe``3O)d9Y`*9|luX2>lTp3P;i7D1os0H6u){h@8M<l!Ub3~EcZ
z4%2XGov8Cu(O&UmxJr)Q?Q4Ba!z&zk|2s!MN3A=^Y415vfr*R&qX7wUEZxYVyb)lh
z?mSVIWS7JG?T+^-M&{&{iIacVB&J)N^F|V8E-r1R*$Pa4`~xlIs?p3Lq;YkmP)lL2
z?<DI(`o(|~GfK*$t!Bkx{}|(*NfpNfk@&zI&0`1gi})apF%FIy?lEbvVTfMCEsqLn
zH4ZGKABtN->NWEX`&tJ4MPm?omc3p{ESepwZ+FnVIJVx2A<?8LlSK4B<<cyw7c26Q
zUW*|cvF#PY0(1PGtIKFK$8XjT_fDr+nutRr8_|%6ZL(Hb7}exff+t?vrl!K&Z~5$#
zvUxaNUxYm&>L4YW{r&|b01g{^04p6B(ej09ceFOIyB&E`4mgmQOSfo?H{2IY6#FZQ
zk(kVTG~G(IQVB6J)b(ZSyl-EGkTTLc^D#}vvdwDOwos^HZfItqX>sMguMt)bjTW4A
zi<9s>f)im*ZTCmX%Kf@``7`aJSY4-JRQ2D!+N`sGNhe0$6jI``)%a13EHVnBR$-nz
z@T?Y#ZT>OH=&eXXbt}=ylN(Fs$@uD(NE#x4*4$=Gb<pl~f8g&pPF0FzmQkcmwhp*}
zaI6{V&aY&UMHUpo7733HfzZZ`_|Q_&94-oJIIm^|7(@Q5f;fdQ=;lN`h2h^_Wh5XE
znQAn|HlWufMk)Kq+|_J;rrPk?{pu0;iul!}GXW0m{F@HLgS{PJ!x`AIG&u;+(bd)k
zgabc+=VZp}%hW?-29h;9<t&CdU-A0+MB$y7(~_j7x{?H35YcDmH*xr1%Sp)%$A#43
zkFn>8>$&sLjR~s^jVu~9I8yt+7sK?-@g8imG}a`lqn8&a4zE{4(C<U!m6a8y8B%?D
zN=?YQ<hq_u=d7zHC^bf^dlCl^8SP<Jb!XGYP2m2O*WC#C);{cCY=I94jXlqaYrEro
z%ZI?@z%VF}DiWwcc)AeGTVPdG6c6y)HD?dNH*!qB2jsVM#2I>ySvCficTKR$1_LoU
zCsCh)Ojk8=OG*iGq;a?6><q%Gzy0WECg`-|Dh-I}cG}v5^7)X%h$QV`jPY8)M9QWY
zY1Q5c92j&c+P(++q7kw1TJ>3|DMzESOn&d>)B=(SERk3|Erbk5B>@ZTGczkz6quZ)
z#$K)Jeebh0v;J5hD-6T);H~WB2E5}>;PUf2AA*RNtCdmi>qk$=+UD3e@NO3s2nd~q
zf8l}=?v5whU6GV12=~F%v@FlF#@)Il>DeZRl%Eu(`N|p)n(wl5`Z4B-VYJau2XF5s
ziZ3uBwRdDA6!(jMUG?=~=(^kZ_Z_qR3SqCvD_(I?!#zrjA1WqyXi+|VKV~G<clY#{
zoLuz6A?H4?ISj^b@um|GZ+Vh?_yaY%8aaX5EH)#4f~T9YCVUZS!sS3Bs5%nXoqN*4
zRLswROl$Q}15Y<H=qW|Qvbqw?QDkb^7>p%g+;$?TpWYyvRs_P7Q*}WFDBspn93)tD
z>2U3<tZ!r;rUpFSIK8*m!<1c3MIFl{-?>R~UU#yQrKY;-Aafp!J&yFd^LS&TCZn%7
zb6lb$1+ytvqU`P>5MU%FYFU(~DN13#D=HxBz}fYB0x=x+%+wi(nb-^a!KfDxJ2nGW
zk(h89JL^Qmjx&*)wisRjyVXa$<?YcR_FWqCDAAfPzo*bMmpYVQ7yO&dEd-|~Myb59
zcrq9t{pzj<j7>`oq?Kb&4J1NX)#i7Ry-1<8OX%B)^to~b0Ch`4`xq!AKzmKUJ^JSB
z#I+~{gE1;^=vD_yL}9n6<0FFJC2_9lmG#7ySMqmBiK4pErL==BS94*Yi)&|gpJjY~
zX)n&vcKvQ$c!3tvZ@aSXSqZds0S7YT%ac~mK@@F^D@;q$tNGX%Sq@7Pq(SjM`Rk*8
ze}ba#nshJ*`U5Fw^jZdQjAZwRHoVh_moZ)(U&JM3yhzDsIk?jCeX<Oa#tA%lmeqI=
z$vla~S5tU!PHiW=$ZbkL{pR(N{m*)_F|FH^(SWZ`)F$?tDq2oUk(@dWcmQxXwHb{#
zV-)!pE7UXuHnm*Fd56==Ll*;47S4j?ey|C_9~e{N0WMoH99t#*A`Si@OhI@1G{hYr
z4V@n4U1#v#X+(>ex%!w|b1Kaf-qlK+U5gKAs3Efr>f!n&i4jO)7O1uo55?W`AVipo
z)D|Zu2pcQDTdj&398Vl{t4Me;Vz%1)bgrrrJm|>RWU|RARRYd9W;<({UIaGB9Pz5s
zdnMP%19h|!3AK^nUIl`w*nyRm(NEZZ2GtmK-WPSGwYvGnfQ*i&uJrYOy@raWqf6nT
zQ?g;)cqAKiC6VqTDIs_BD^J`lu8@W;81D8g(TYMeUA<3N-_1!pDz|%)%C2S^ZR?WI
z?H;Y?*9Xl~U{3JK_~u{C4PdqF^8KqGJA2LrfZ!;BcW>-8y3OG{c)5Gz<uzX4a1%wP
z9c24!Z0D42ht2IL%r*HKCfA~D;-Bjg%t7jGxQ?DF789Lz+EMwr)JHlxn+~sI>5}V8
z>mAN|-JK&FTVf3N*ki74wG0z-P*%%*f7>1A=tGC7NVp98KZL{8W=?tPUt{njPpa&s
zD9evydB#*5o;32VntJ_ay<fl11MC2=0QmQs$whzQ^4d}Ya5=!+wzjt<;|-*tN?W^!
z$BPN7RgW<D0|d{bVB@g`;fITWuD8fz8Rz)%{CP>T1B{+?h;!C?Stezljotfhn+>M|
zl!O9Pu=j+YGxPXG6#5`D`;O`@w3J=nINL1bA0X^Yj}N)YCdc-L%y$Lsw!Gx{q*sw4
z|I~wcKbj4cqSLi&6C8P4W;>VdIy!0-<*oa`t@WPlMf^X#tWms;K6C^c_Qr**YZ$SN
za}N7@ya}AagcYEwx6~`ZE1Wk+24w6;_o41D(2eaIpS=ZUKL8N#JrKktpe8`jM<u7*
zrly#}LlJHXh>qc88Pw~(oDt;lnUg?s45yVnbQ*UlpvlJn)rNp^4kHmUHf0z5OQHpH
z&o^rCnF)ScSyWou{?ok6aAQi9V^IoOgo5lv^6&d3@icX_sh|*SLOgW%aePVG8hHEt
zEHD)PQylcRa+ct8RP7<>VAi=l|4W|W=3al$(mpV=fnveoB8Rox<~~B<3p<bbRs7{{
z88~vsPb_9WU{KpY?Zr+>kj=U_FlauAX8O=?6cef3{uSf)&i&qDv)z@!hfxWvnw+fK
zc+=ZHsphK!hP?2|_oK6aJ$aEm-D}}gX1*k_<&@`=+X$(Pjb!bhE4LPnHB01z%2E;@
z{x3bHgMJwL6M<wq&B2;^asFTbJOzJQcz}zW8T^VG+W5T^W!LlR_r@WDy7B&`{ZbQT
zPz{_l=K&zRTUeio?Ze3EC+H@yikoy;=?GRVTKavV0u-ks^2&G1kydc3sX*2HlW+zU
z#N#)L>1<gp>b5D&ANi}*AFuk=tYp$DZykQS7sNqao%VWB<GgsOs=;=l?DFqo>-b3m
zutF>nx8rw?QD$MT-+(XjM;UL6t^QONT_mvmM&UOQt99g%nVkLI+b`~j*~OMP`8s<s
zFLWX$UlR3L&=|Xi#V(AC7cSi6vQA<17oT6lj`QsYmQU^Dldmn3lUriPPHaVknF?dK
z=JOrtM2>e35eZzks>*z6LpJ_o$8%;$yBpDyR-_eLXnW6ms7|V2@1N4~j)#>DHhbfc
z!`9#S?(xa^){Mz5Q?s@-=-SnbDq9-%1gPx)RR0?Y>0RH2N7nTCq;=?&sa-+fi!BcN
zV&VPhsy`oDs4X7m;$LIioCK0^U2aZKI+^<@6rr+_5!desgwIwUQWcY3dI^}K^-dc#
z3g*A-B|&4ZfQ(LsK|*6x;niojwD7dp>GH2l$kZt~!ij_3M3oB1vn{3}=i<{3crl0>
zP#pcN?y9ZZl4FBHnLzWQp9P07<4%a^)LQhF^buO044Q*i3}q`_M`&Ijl!ISgbAGFk
zlsJ3;KJAxRdoZ?vHqLiXIp^A&<nJ+%uNySLWrI*z2n{gXcvux`roD#^-;>jM_TR0)
z>DZoSo#DKUnb0vczP5i*r<iX$6pFYGl;$EVX39~<)xqlg2LL!6|CaKqiO~_4^L$T`
z(Ks|NC*T!4tfrUs(VztgO6nj)!rUzE>K2+~Ry5K2zQKmL#QATy>iKy}U9TBnAOeN=
z0~+TCf4);AUcc<H(J1f72x{RWF&#rh5Pw*Xi2x4Ds0G%e%#rG7<4w^&KM`s`D~|;V
zJ{j-YR7?yZWBL(&i&TVZIiEEj%e+NZLtfGikbCOOCF+GA{2dr|HS~RIij5g%buf$k
ztX_TFWPbG0Kb4o9$&SxmB!t$Iqb+|95R!&v&ZX?V&5D@L*<^W7(+Xba8q*Dr(#=ZU
zuGHv=gn?RL5`(6S>iMIL#}kew&Dqb4ptxfQam~tM)A98_!G%X0Q_@y0<0d>Y^moH)
z0&JH<P2|UN@2xZ)AK0Q6;->C|%v!td+>m`|N6Y%Jt7e3^_YSdI3q~GA@wKHAd8&k0
zjynzvD(<Ews-fBbsH|jokqjfYt6}1c4m#$zccX}fxfWjYp{!;j<eHWxkFM@j8O*N0
zPq=Bg;OQHg{%|5eACl03@AAnTgX7jECQM;u-C_FM@QV1=G>dOTAnVI@c?Gnx+Sh;A
z3n91LRw`+5YxI0Ez1)Azkp0@d3t8oF0dT+5t$TzrN+<E#aKP2pLx&L)4sGJ?vKXtt
zCi?dLU6ZpS_{UzkJo#IS5@C^N^m1mxTLARXB}gpZv&up>Q`{tL*k&cEk?2^H-@Z4d
zHFjZup=7Hq-+RDs1b_Pe1bjKGeB*FTVu+r!^s;Mycl7F3|CmqmoD*)Sj;XGr^4ThJ
z(m`lAyn-fR*6wW4Xd%lH4wL0h2m0E@0Z0RH-6C5ckXki20lF)oQv|*z29E}QU=)~O
zk{15Oh%A}*!=gE!N2vsS^8)<H5St+$=!6q?TEAg<@Qatlyk%X30|lLc0QR3Rg{dn6
zW-v&~+ZG%OdK{7V{NlgGj3B??k50e+e(W_%8wfF~1fOtKEn8|z;Q2|}?0T$?Nb$+)
zP{E;c9j+|0{b}cksnBQdPEv*0Kv8*Bu?hyw^|PS2@IiutmO0iWmgxt1xcgA4*!-Ko
zk6w`k@T$F4TRpSVw908uecr($R+qAQVVKEi;0qyT+9sSoC7R%~a=j%sNhywD;3|QE
z);B-#4HYd1_g<3d!U{C91%ZQwjyx9TVRbm`czk?xxnGxP;^kQ7n~Q0TbV;P7z<t^n
zu<I`0yjrVRUbbYX!)h7FWbJHg_UH<h6<n>=(S=>}d3;L;jfNd_C1uu}xmr4ZJdgT*
zudT)Q*}0^Cvxf}U>KQ^)gS%y<Pixj!6hm#kUpC%ks6>Lg;^02x%w0{40KclTWjVgo
zU5)<IUM<-}Svu^S79*)q;*NmsH(OS%-!egQW5)feL01n0n1b9NhA6~+ILc;qIeO47
zmopn~335$`2);Hs1q@jq?AB)`>p|0Y!oifirxal~&F5H%B~5o?<op6O*9;ywYjdZ0
z+YOM0*>F7PupV4zA@Uy!gL1hh>rm6I!oZ7GK1LuGmo;Qt=)~yNF{VU%F|?p-8vEip
z_hB{(l6%|YUYQHRUYXnacqq|W3G(GA-%@g4&^GjcEpknj$Ul~d00G0RdYH$6&5en7
zpmmi?&If?tz^Ug|FKX<P^8NhN1i(t+JNEfz7yrIE@w`9s(a!N$fqgZJ+GDCQ+}Bv6
zS;<4{QzesViKH5kSc5?#53OhSnMMsfWzLJ~qi=xFGzKnfu8)iZw6*2$wgbE!{e_P1
zhNH)|(NB%Iqv5o1E(#LIohF8=kf;wwCii)h>_6R|H0wbO7x??c{m;;HXz9*5sgwoj
z<&+Euxv6w6%dC{!PUnBMtsZ~%X^6<@ga9XwfsqiuPEMq4eqycwU7Eu`0H0w%{t5Eo
zUgwVpykqvv?AaZ0t}$CMVv@|$F%P#u@H0BNGi{EF^4R_MX_?YBN>^ffT>7cViP-|I
zbfPvi69o9oP)0nChLvyr!i0ElEaiK7l8mUSu|BmC6?J#S7Kv1dW!ZFywgHP^2Tb9i
z!#S^{qA!Zc{9=BSxSeBp7-K#%VXb>t%DME{qj1ThIlrmVLNtJFqOla<&Z9wz=4cug
zxmg~LYh&_w8l8C3WPa{({j|%`LY9Kp@nBdrQ<q|t5i>@#rL|?A-}AYD_olFN{v(YH
zD2bHAeRRM-t-MO#WF6Lob<3O1CN#?hZ{l#b6hYJ~kUT1Bz1tUcSj-MeZm$0P7A)ph
zf2JUNTHF+rL*T*9+0>XN5JRlGqq%44@lJLwqVV_!f1U?3=vqQxpo8+zu$Ko9pMZa|
z-)CA_Vm066#n-;}-u8IMg6hhSiUav&GZd^^TZyBC;;ny|K4h4?B`r#cROU5z{0V|{
zE*Xtji*V1IPNDuExQT7|jMLu;%G-s_pI_XqXssa*P#IZ0)FSTAcbjvtkYRmYPvNd*
z=JOJrAKVhN%K9m=PrCQU;Z9$0sl8~otw=W#n!{z|kw@EtQZ_xp=kn%sK1@D*fUirX
zwS$(NjGN(Y(o=8-L#(V%{Go&Ezgd()NA#f-m}iV8b#3JiPe>}yD~a~t9EhHpb26n;
znb4%8%y~S1#Uf{Jw<Q;c8S?>`3B9|$_JWgpR?&kUh$nbm!q$Cyoq_U)PG3450wOY;
z&U!m6vY%f27S9A6I7W7AfAosB{0a-M(~H#v&t`vB?97!M44avMzFA%K%X4l;7lr3J
zxW~~y%^o@c_+2($Y)|LcyXNQJ-aqxW@t>c!@h=JNt_d<9wy%64?$3t5ra#?6#9>@S
zp=ls=v2W$-5~+9a7<bS@W8p>$MizN4x`-l@$F~F6P^s)-^~z@n2rdaOK1#i=fA!$|
znt^IozP4HKReI2phHVBU>~BXSKthtfTQ%F>b^(r1AgUNzgtD0bsIC1d%6;{CcIV*W
z`Tn3FFet5C-l;SGFE`BUAG(=>=kVV5@4%YZs~EeTjDY>??sH$IW#-z(x7UmmlS^_<
zBb$N-SdqZ`ZmMK;E1=yBPQd6)50QBxT<k<ReNM)lZDnDD0k}oQ(7i5tM6~28Pc21g
z)xv|nMy=3zZA{h#52c(@DY6#iU}d{L)}0nxMco(PGomZP_ikif4a=+z9#hA$&8xBN
z&p7J56wj}{Kve68$HCG<w$n$*TJ+}ke9oWFcCZI@ZC*drl{F<k&C1E<Urf6^R=;|B
zu$YfokILmPhR<IKI#F_hvg9o)Ev)ODR|4KtY>#tT_r5;bh^<DmypMm|j*rOSMi4i!
z57q4B>voAxVIyqxMz=3>7OMzI!{0`2u-rcxQcHWV2vv}342W*uk1?uCWVl0~XzJ<d
z0X76M<^16)RFNu35Nfq_*`+#})PZi~->1i8;F<NoJ;1u!t>r%j*sW$P@SIQCJBcbg
z`^xi*CqjM56iaH}T~%&S8KtI#<d3{$r{zal2M`z39n(n=1m8bRbSugzfTkX(u}*UY
zIOQ1x`o>PnDhqkh!Puq1xAQ!!FoHU(9YEE#=3YdCp(-cNB;C{9^-*d?fX8Mf^2HF>
zFwttZk<DQKnMEiv556NwqluL{SS_bv^^U~H3{q=mfB9(BHMyEUI+o*hy;0X<Z8~RW
zAwV6@bZPue-1$H^T|#%&tMAUl;oSo8bX?o6V9I;1NZBZOn>Yk&&3_H%<zn0br<Oc>
zzl>}iPd}c2=YTwyE{JSO7So$lxCWcaPdq?Kb{G~u9<AM-qCu#sRa-f9f}d|21G<(U
zd)nGH>%VdidLUnU3O`a-R%rU?I3KzLD3AsMFb`R5hTRzz8(f5|)GF2p+IU#2{OWa{
zvs7EOmp+!!j4z<LrH?s%`fPA%3C0_O=cL^%DQz|-bRfm4*einDRbmQVB&5+>DJ`)s
zY%yye&Kx5=JS8{JnIFNEYKVzShRoReTq=;pNy$n{U}Qd8Y4TwcA(iWliYi^$YP=YY
z<&Ai1o2Jg!Ra)|Dh3Jxd9nT3cKzu7)mH*ZF<f(zThI6SP+}W%*=XRK&l4@9?gPg7?
zNW2!nL3KRzm94zRmr+DhN5eUPI*|VK>vq>ce{Hzb9=FVxFLEqUrk-!Eqla%uE>c}8
zWZQv_R94o}=t?!SC`<J^eP%4rjRc!Fl?p$kXKm=&e=!&5O)AZAB|Mr7;(z!ukvF}V
z)!I~e9a48VDaC6?@v%)x0FpTl<F^|(Ir)o?{?XXjl45VUtE&2^q7@Wsxw<5UQxV;@
zL?yzV(O{G$%9}B7iX&C+%uE4G#$M8tn3u$O=(yx|IaHtNtY{P*kxa84{_%CM)1AZO
z{``>!_>$ib@(n}K_X93#^#ZM$8rt6yfj~jNM-Cvl8X_qMqFyCbX>)vOJW{zF@Lt=K
z>u&jaBxn6jh3TQoy}5qwfmK$phT78iG%yKA>rc;pXKD6G>T)RnG_uyZJ8&a5%_cID
zWjNea;#9)vPcHTmA^#uOJ6j$f_TJqTd4r&)3)x_WMxIIG%(hYTUJ=okW^=NJ_B~Th
zhq?d_&$8(oaAJ_>{+p151Y&fv#9IOu@Cf^cvjKC?6EZOcY0YJ2ZZ~T#ipQ&wG5%Qa
z)&aFM)j>vd7~5Xyh)@6Tq-rOaW_*9?EWhI@%4i$Q0=jh*JSvxHzm*Ekl1J@W-wO~j
zMARb`hCIkD!+p)6J57F`(&!o^J#vf=3B$;NoPikn<>^c)zEyovb}b}D4ug?FCq_Z~
zq%ij><yVaT!jxYM3}%s}bh}QOz2jJd^~PfoU9msg6_mZA=xOb7^|W@_v!A`xN~huZ
z!fZ^&c{qDs&(d9K$~fUSQlFH)saq;{uWmEkKC^P%V&ozEH^1+)_AhiYG_)q~R+oZ3
zRKrI}ngkroT4l>awxV2eC#71GmIL6Qzjks5M7e^$hNv#Ao@oFG$4}n<+;LXV-kn~J
z>?>C}a0ti3zWo(pN1eR5|A>t)Ch!o=mgGln6lQpG>hcRqa#rq9eeH1g>yMaNn5)0z
z(H6*tU*zg1Tsf@1;xs!rYqr`H362;#;%^YvV)Fj^NBC{cbwBpwx>ROVMeeFazrG4L
z_@DVuYT2^3dy7QkZcA$zbvs~1p8dcw5$2s9X3b$Y%*J+PWbicjP$RK#%bjSC_@x%b
zLq`EP9=|b9Y;+4Yi}+U&KT~<D7HY9MCA6_=*;B7Dr_<ZVxXNh3@F$G4#uQsi>VO*-
zS2XXE%Lg4KQ}sy)>HW?JGrb-AteS9(7Uc#*WLIx@3hmvzX#KRgP(yuBI9)(RvDh1S
zglwv|l=3H?a&h_q3^d``+89Q<d`%ewQ;ZoMg)nO8CE?UMVZm`ADvmycYz{|ccGvfy
z*#E1*{@JQUpZ_Zl;)oGtPi=8(g0RO?5HU()zPrkSaQN=bgVSc?*R}%xZA<J9{3Nsa
z7GZ^4@z#Lp-h#|2-|Rm>LIk?r2zny{dKj7`a{a}F>?vVC21nI^f=xvu>zMUk=8GoT
zV3g($Pa&_QOQ$<>I)b^YV3tbP%eA*coMX1E0&!|Jtz3LM2#gH3B=3NiDA+5&0t0?f
z+PdBk+FIbo$_2(1V2LgJg8$b+g8A659f*<cI>y39HtC7(4#||EOWjaA%f8rM3Wu$E
zag&rk#S%6{$g?H?$s)XCS!NO}l!9q=4n8X8(P10k>R9OqX>n#-H$@b4mq|PDe5fp{
zSEkYqvBDkM_7mhOg(9*rz%q#WQ(DN3HpPJ8QZK~oko$txicH)KW_SyS@Eu+U+jq;<
z%7s`s=Cz*({re{YG=uX#+VY0+tk%*h-rgjI<XA4_LArtt<K3PigcC1oJ)Eos0#_f%
zA@SUOvSjj%l8NVxil%u+nU=bp*78;ZN#0(ZrOvBdkyp~=kYHz#%>oLL>IdYhlakI*
zA$j-MIqW1%66^+7hDDQTr|{9acMJz#eKt9|+7$9UsEx__nz8;*4busgFgPod{C`21
zNIU1m^-ArXiquYp<G5^zdAQEK+U^5AwMk)xn$JT~t<D4M2;?>?GNA$lE(|c=er>xA
zB|nWGBx-;dT#HWM^h7i&QLr~n<5I^+j8ukvc_LG>M)Y{2cSVpEU*0Wip;o4-k~rpu
zmT&P*YEJ3ii&7>3I5>0bXDFNl4c5#+uehy)gc~!M72ke@v2MdP$K8jwQV^-8od$*F
z+Kl7ShZcXFHAkTKU!^Xo?%G`{gdA?Oz(mh34s?0aw8TuD*yCB)Dk^2@oH-J5Cov5*
z$);lYi2ufojrBNB>CDR&gq!*g$fQ2vZ^lh*jHN2xq;?&#hBQx))LUT9`uC|h>b!)6
z&t{=}Bi5-F+*NL$j<bQ*vh^<XuJZ*u`7elBk3t_IO;uO(uh)cpt1t4T-%#_xOU98z
zdJ5F>C@IIbTadK<YSyqnoVfmGLm_866G8uIwtm#!=vw<y4$9Yd^05{ZG)2GL{P6c`
zxaY4QIk=nT!0V7#o)BUZFjGIJvJ=f^gHdth+d?pi|7IYZlC*Td$&R^57$Nxvvmuqv
zW{ayxQfWZ@2~ZC30(g$KrWJR_FhF=_+cPl<ztcy;bbZcWTT;G-m`>~&0o9~{@0`k_
zd<%Z7@Bhekp>wneG1>Lb^t!M;^!_*U0F6xj76Y-TS-|_2P<6sTT5xJC`kBMCbKD!g
zm>a!aewTaq|B(+=%<P7NVt5eT9re$#vxqCm(>OMJhK+_W%x}AO<cd_9z~PS1tk2En
z>n+t^upj(vY}~Kku)|v+5RfXLDcn8#vVI+w*fM+7xcueLh)#6Sm4v=0zvf*YzcnU&
z4Aq9(X$aGzvWfxiOyoei_Q8(Hj0j+ViZ#EDK{k9L{kU}Vc@Z(#V{6F;)$BGw?~(gu
z@g)l{V)j4UbTG7uEXVIrPnk|%RG#h9xX+n>K7>FTCqW%+5mv5X-ft&PRY*(z=kuZ}
z1s?V<uA)j69kh;78zMb6lscI8UmgS;3y8e_AVoPC%IJ}A-tb~^KMovloGj4y`7<>C
za$r3nCuG_pf+s-9GIXwBUtMR_bXx=aLXkLrp#1x`dD0H|cAUCLVndp6%-tblrurR%
zwOLmKlJJoVviF{M3iKgfl=O>`b}q&C*X;ngd<e5(&)uIGU)0$IqakaFvT8bK_K)L%
z(?Icp+YinQVwCk7HXL>Rc;MArs08v;qKEyr+O1Zx2=Yn(m7je*PkHBaAOt{bGiU2p
zZVjKk2kd3<!o>G}+hD|OLf)wPL<^v*7k&r7G3jTtx6alMXJY`qlYVe746_b}L7alq
z7?(eWAI~Crz1xVehN$_7-pt0KweTV+biN@9gAz+7ZY}1gk0c`gWhkDZZ={k%l?}(@
zDTbgEIP7-3`DEF$Y2mU}QU3-<cw1=%L%F$%evw)^b(hinqU>Rds}8gIKN5X;KO+8U
z7i#s+XUX*SF3g)G=Q|I$Vffs`%7{xH?1(|4lR$O~4#M9;9hboZwR#<w9J~n;>El(C
zx3!@E4V^%S4$5mc5i-;8gCad1<m_KETeOPNC~73d8Qa_WOtY+plm!I$)xK)NQ@CJJ
z;7i8Ku<s0|GgK$FlGx|bjaBdXG-xVOvmAbt9r1WPdYVZY!4%x-rg%ZktM3mUZ5A>`
z>Abx}og0lpAnab7Q;ze2(>71OK%+K`AWYl;ZWuUtXLLnH`}4{*1fb(k8!8VM$QB%6
z#BnV6RSWJ)mtD$aag1D}y9ZXl^Z*H|2c}2e1w#$9R>VsSaqDNlqt76^0&ahzi^DnL
zK?R-p(IBWf2ommv8w-?}|L!f!vf_008%5M&cO`jFD3nl|WtyIblVnPB7^`E+sT*px
z7Xgv2r!C)n{#Kuvt8zy(lkbu(*;aR@FIc>C(uYjjRvWC78_33$BY7BIidQ(5kH)^e
zhDIWtp}Pr`{oYc%Evwp>H0+BYqFdjFA?r|loYu}&?Q<G-;Rz@g<`}SB#wd|H>w-Y0
z{oMdo5O7l({m4mO=MHP_^p@$$@9Z2cO}iS^ADRPyv`tn<@^3Io69lgQ7?Pu;Qe*9V
z6T3<-dbPC(L2J)?)anGmxCr4Jgo50Co63z2WC%B5_ftXRLx?uT?<8z;?ETs_AR-Td
znPP_Ra6e7%Vq6pcx^_ebfd(+TyVLx5&rAI&nbs<YvNt*R@Q3urAV!`#L%zxw`SoH}
zw@{2H`gEPHG&lomSWlvZzpbd*P8`R#&Td=p*~Lz!_^q<<an$>Q428VGY`GmsC@EvT
zCX#Rt*SCr>HvcEu1|n<8%7rWi@As5?vHbm=#hd}ITpQ1_yn}wY*6QRQZL~CDwegd8
zc`_8tUx@lL5FOI&UG<ypic?Z-D*WNJDiEB~f3M~w4tC(I3JO%?7#qR5k}`xYlc1O%
zp|GsSsmj+nlel~FSVIf<CqaY`MWr{p?rwH1{2Mm-56^B!&zb*E(;jy1t7}*9I-T8`
zVicb%8`}`c>!?KhDM5h8u%{s#EaE=^WGd|?T2`G(bFLhg({0U-JC>qI8nJ=MhHFXi
zwka`m^yMlaO3|DQa`m*zT0YOPjLTSL7_f$;u%*DJS*}VNQDTH-n71CuhcAqhKHl#(
z&HL7&oSPYLYND>p@6GS#E!=>5+PIMGKrSAS_hhcDu7bsWcB^00+tzo8Df|;(ZJ+C_
zZZNbkzs%fC)r!%i(LX3qR0tIDldxi^LCBM-CSmqSt%jzavLt>?p3AkTRUYE1oQ%N$
zNbCc#8ou+_?fMP=qK}8}^Hd<~i4W0uI;LI(m(_?hTh4ZVaYcc@1zI#E)cIzw2XePh
zX>82qi**~rIl`9V1$no%KBYKcw;6lmlZ-e<;J)R@%|Q1oNt^`I+n%fum(@E@FYpeH
zd<G%=A%d3VSJxX(hmY9-`Jbj9*=@C@ciuJseIN#UUOzQkMIB!n|9$V3=m>JlFh(MG
ztD^|7tjy!JG$m0*Tn}IYzWdXM6-w}m8Lc{uAPQFIAy9^Md1v<D-+NR^!a$JZI6FyU
zTy0Fg^3ANjpc5RmD&0nRb3ji7DCLc^MC_Q-+q@4%-vCV;Rxbujdvh*|KED>nOs$$!
zvk%9^CPC~^Nuo;V|13!eX>v%0sVx|`m!dYM(v?!MSf7w|xoc`uCI(3fajB7?UL00d
z%TbJ{pk|1!Thg5N%S%bRbIF0)Ro-+I9q-i#PV}}?a1QSBZlFs+y1nqt8hSKR(8rKD
zZK$P~_r~XoM+QF6>hC71U&X1(dAuMw9F0Dyo=!W9F&4I<nK``_Z@h8y4{okRFnL+T
z92d+^@zuH6V-9(FS;&hO%vx=KIT|)FGr%+Lvw02cq$EIjhN(mmQo5grrj-(e%4{4}
zApSU>+mMn%zb-}>Xz3y2rzWixFQd*rn%~;0gz-l^!yxQ}a0E-SRzwbgegJroM-eQz
z1hDdQ!u>`O{Tw|F8A|Dkep0)dp5>uZY_Yv4P#t!c?B1yRow<~!<Sxp)*cSv^a;K(v
zi{0Lvy^ds(Cw5}vo*&I8&>SeEj9DOQ0Us`brW1E5T|o;edk(CpDN(JTYG9$6*<5yL
zE#R>^ItHr;b7|gYv+r<P%1imXetQ$y!s0MS2DRV8paXPBKjteMZ#YQYc<Lu!4*~b;
z^*JDeRvIZ8P(6pb7zSAF0NE*Te;r4>_N@TkCH$SX2OLd6%bVz|d8PYOo&(T^ma9Wr
zcGMb&;eh|Bf>-epX6`p>SAyAn|Ed=M(m|H^#DOTwxe8e#+vp`NZ31d`he%aVx_Mr1
z<yQ)C!&b@L12BiqjV(C6;b|dtW<0+y4TRQ%GfSVbYW*#cZKvY8>ndG?01?OCsmGS_
zcx=XJe;QnT+8_1q9SiB$w64aPKEW8=uvVP##Z0Y?ciI^ny=45)Raad3e)SX_NnN0o
z+P%2DVI8yHO_Bvb3zdj{xF1c&fboy*TVvA)z%L7ZA4t68)bK1RYvT}njf_wZ7Uhgl
zltPE#7<8BeO}q`o-0^6}l`aHu?%_6jAB4Io1db!>m&<3JWNRFP8xb|Uv7csE9qw2f
z&W=43(w2=%zuTmlJuhNo><o8FjpI~RXTuBQ-V$RpU*O?r=qU1SDjMRu)H0JGxCWFY
zJ6k*ZCNDN$Mo=-cqS-T~^B+K90-jMu#IAHWlM7EL779bQX3`dhSv!+#4=1lGzi57w
zzQBLTY0GvsG1La`lyH<Zo{4L|*y9*qb{ij;&#I@>-=AXdP-y!%%$g4$A}`$?aA|td
z_ewXek-?J(o{X3@EV@-WGZv8KxQ^vZ@8~NngrjdUs}6EqBUOe%!{s17EANn9;NhK;
zk%$3LNS6>qh}iIyBGO3EflkLIxRx#d6@w3a@N8conb)D2l~d|O%&Usp@!o_11Q*v}
zA7<dr4e+&{`w4=Cs8Sd2)dkQa-a>eR>Vn9PQ{T(BZVbGw4}%oAF$AcrVm*w_t*dZN
zY-XvygD1EY&kbmpVyXZVe0I;h#y&}VaOEN)A$fKp{rd!5tO{!mxZ0!Yr${B@bMt8k
zUg3-vE21&5$a5;O00Q6!Kw@|9y}!$LdErUwd!P2Wl1O1o0+5ETke|m)#a)i(%VWog
zTa0KRc`+IdEaj-B_0izEK(X66u;c(s0KfBJ^0=nB2z05C9N`^S7_6hv4=A5KB4MHO
z$rvf!!Nt=YxCfUylwuQh38uK03)`^lqTCj9d`wi@-(7;qNZC62jaca`;hU%wI7;6}
zh5Uzaq{&>-NaW(-jdb|N6+1RdryY&tw%&eYh0uU{xTJx_+hEDaEqniws{<<t*YJ|X
zH^&3_z)Hg{9WZl&ZvNSmENmjskFVswl07$<;4}DAuEtaFH03MHxya%gKhXSNv;Hd<
z?H@OA8^JgkrqRRjKStBD$)v>pF#CV~q|cvEe+0MwZiy!#*Zvl!`w0GXhnmIPz$N(c
zlpF><{c&L7ll^Pl<@vc1?mokT#j-l&BZa^&dK3*Q?Ql8pw1+<w%=~U7H;^>W0uL;v
z_`m*+`rX(LCk+N`@&~IaF>V7lF9#{HJ@_+oxBj({zUL^y&oCTV{{u-8_=Xe}gdQjX
zSI~3Oq&^9E5ELHs<k7G3NfJEG!V_brVEqLA<7$ta<)=57C@-27q3QS!!+~{iExKn>
zWt>nO1HQ(28)8eXn*f&__@MQzY~~^qmZLbjTyo^jGih@)YyWM+$@&|9j^#g_zhu6y
zd7BV1;z{zNzQW}LDjCIokX{4(?}_vG#Fpg!Eod&4bv^wbQm5qJHTs(9J|}w5_<hsf
zLvrEKtnQuTthWBq_|_-?r#sw$ShHOZ0{cH~V1Kj^{M_)&njWDf<9SV$*<pT%#D$Br
zK?8~?0J16}q25>wF5CuEaJW(n4QUv<NRGl4B&i#yg2f5v|4G{wXT~(r@{Q{v<^gvP
zAIVXOx>AxuW)W-WYA@D{Z3oo#vn+vezT1Ld!5RnQu6s9m{Ct+DNuU8PjJ2Z->rCT)
zvA6?OVJjOv2e)(8;A!}n{%szLi=I&NP+U-Ra>IYaJs-EbB4RhbSRWPxCB}cxOYac$
zlS{SpKeC;*gTdkE;F|Nlle38&|7AQHnfNcgq)Lw3Px-sAkHo2(f*cx+QzKXh6@A_j
zVDb>l0?kSTvueN_>oVH1c+B`l&1iW5L#un0>MO;C(|n@fs>kM5wZK+A7`3V?rl`6v
zaKND&-cU>2P*I!J`Q_#6?Ys9Me|`JQ$6tT`*U!HWBwh*wx%k0#D6k4d@{nTQ#Wz+B
zw@5$FsSu(fIW+<~@v&5cFfD&b|M}-Sct;U1a1DL{|4@gOJ|N6#rwEBZh_U<`%4Q${
z8&0qM;56BY7adRh`!D%5pJqvn?_`G^bKl`CTDvLSUir~5+Jk>D-N>J%gh3kb@$UAJ
zuR#-Fi|~c8CSr!EKvaP2@nuqrd|RY~wI~7pDy&Zp!KNxqoPzAb06NXlK2>m^s={me
zIqDZuQ$Ypbr$YlBSVs*yN1@UWWX@Efk2Im>aRZQX?0oG;Df)76!tiDb8;6%qA~y(N
zETK9|G@r7hUvN3+g}d3S7-9z&cPo>D*xMjga}sx;2C>lJy+Tk0Tju%c)D{D^Q)tG4
z7K%ePW3?`9%P#Q3%-dYKN%I~i01Qgw@HJ4rGBh)+#sYa)ju)pu`}hQb<UzD7&nrFj
z;?&mkJ|R>6XW0r4bVN2#H#E>u$Uu((26_Z8(7{-sy1p%`qv9siJm*{AO?Y;X1N=y(
zfwxx|k@#t#+wndDKRh{#Td)6I2O16zxuPZC9ua)|7{i)VH4ru7=awfEvLw|I^;`z1
zuESF;l(*EpWjWeUt^X11knyWx^g5{j5jl05h`&<$mU$->?modcrS(2Usg&Fqj@un#
zZY|xVb51i{0lX_st1?>c|JLsRZz8wrF@PHXkI85;ll=eBrVHc$(MuASuIOd651*P8
z1@i!P-1mbU&Pt&5?eAhTFt&h7TL5n2_xKz`v45bn<e(qQ)*NBrYW7Bi0~y@342Q%k
zeq*`$!y0n#;x{hrywnYA4rx$JL(TaQso+L3RTFnU>>qtTdMt$9At-b?yJnI(6NBz+
z|B@<_$1Ef{@`ESZst7k6T$keikFB#zI$o+B|BH*x8YZb9kYLPlwrzYqu=f1-L^}UB
znaz#;zn@fP66Kcw;zS^T>0KCq@`Ibg4thIwx6#I(7S02CZ+Vw(VPjGZ*Wq^QHW|qN
z17-ICGh=8lW7vdAs@jR+TBta(L0!z~D;esXHipTq$HI3GbCP5lqqUJojf-Tik#hF_
z9fp8iT)w|}`|<UM_aDxGHG|8er8fHi){oQ7-8$4t*!XyOo&H~pO8S2~Gy1=m)YK)W
zz5f3f=`EM+KygF$kL3vmwv6^aj`nAC|H>`(8#je_?w-%9F+ty?cLREQk7jQ3QmJnm
z9TXgp#Xh%rNXS4-VCU!isNE|Lv)r%D0o;U?yScxSj#f5|#f?vLKASsX3;-a^k0lt7
zMvu;X<WsHwXD%Tf_5kbj|6Jbxn~Ww4!~f|e>G6)$YP<EPRnp|f5BNY`t{$@8?Um%i
zN<u2Vp&>-en>)NCnL|%Y*ZYDsaW#{?kh{9~*17hU;tMEhCx;Ly_P2!XGEH{D$yFC_
zKxv{;?W;ZZH_xY9{eJ`oaGm}i&CVqKKb_7-M*sJbz6Sp9x32jO1K6a8N*eutR0eR3
z{#WpS7o)}8=>I;F;r|-`uj2bZDg(Is`yY=-^Ai7iGB)$SUeb4bxM9NpZpHvUW*F>m
z3y3SksBQ?vEk&vBAEe6_ZD6|35T={^_m(SSV7msk`=nsIxh{H2z+E*IibnRtm?t;g
z*h^a-uQO*`*+R5V`%915U1hvd1uB<5(=aO2<kZjhe{>wx#e8i{J`|2RXcW}}<gSN$
zNt3x6{?!TbrHw4Bc=`^nN*8*zJpil~|LaU5dcD-szcg7pu)of_pub*rB!8WC1%H()
zAP5m`RKk5?U(ON24-pAms0qF)??5j`FENz)@VMrJaM{=;Jn@?_Ak@ca9(lZ~MO2eH
zn}rHTADOJBaFlTJb#;qZj%&pq_>$)chEr!ab%s-CQcsEB<{%2taU;K9{@-F;+W(yy
z|F3>hJO1Bmf4$zqJ2b?fuP%@V+rVwaZ|H(GyoK8^LTb}<w`d#!Z_l%IbAs`_7e9e8
zwgC9>`W%q$%pv&SFatYx5AMQX4P$V(*^{vxE!?38lf;epLvWGe*+_!sJ<v^j7~=&2
z>9ZE#%cV<LT3+Jc1V|I20g>)bp?Y3JH_c+0oZtyvn5EzfdLfS1jq`*S0PsG7ahgy7
zKYC&uabOJ-5)^#n-)z7Z6`ZdSaOvxi{7z?b8|dDm8Syomr&NOv!~1n-;2~`i2UYkf
z@C*yJQo}R+FE>aM7_5jb?eq^fNbo-nC!z6;bl14i{SUTr%oY4Z0f!p>-z)!bKAy|^
z|7>E;|M!w82<146{n%>#_)7g@RJuVP8sy<~Kpy@<#!>3b!i@(dX|>41F*c=N!PFg&
z7lR{W4~GxOJsgi3gAZp1fDbj|)#SsOhJ5(UH|><}{7(=U*ajAeesr^RLr2CMVj!0M
z^F8#k6mK3uzyb?%a&c#Y_jwF)IiRrvye!@pe>tCu|FiioKE;O5%DtG)rX_yf5m<t)
znSr`iQa}S!FS<lCe0K7VGCgOrskZV9J@Zfj{(BZIKSSv2k<j<lT|Jdav;OOu|0kdS
zAB`5q|Ff6$u>8NGM;ZR#1M>g4W;Xo4Z-oEHz4NER|EtCSaW!s_|0`*dTKr$Rfeijn
z3(Vsh>lxtxq^B|XKYgm5{}mS>F8<%yT#o-Vo|ySxFX`#U|KmE`Ve$Xa=W@PUeSCBN
z`e)wyD4r@;j7Fuf4bS^nc{wy7%6iWP0-JOOn{TW9kMqdC#2YnSlo#8?3jFF)t^V(U
z|2mV;e@;e=(bVYwKGL!HugWFpq5M~)!JjZ1R<jZ#5{{0BRd)mSYxfEpaO|@M$EuM(
zHND}8@K_Z-_A^g!RV}(J*{{|2H>AJfWoi}^%V!GjWoS>F1?S0!1jfW-t@!ax7`zL^
zv~XMzn(h#=?DL^aso}C3yet9C0{K#jG24MM+l(`-1DlpvvlLy*^J8DkX0!S%Q|ZGf
zF=K0?sI9rNhmd2d*|8nTth#1Cgdp3gxjNLf3nx-mMBPY{va|<a+^XQ)I{a_{l-px-
zZfi)lZCJND+HLQ^JGn!*N4Cn?JGoH~ptd&Qw(2{ZPJ=v`0kp-uO-mB4VF_0^?-K{k
zYWc9;ptDWH>hd>7&(>>HgKrft9tYq0H3CLEH&A=ND0oJiw5t|92JrSl>C%ni(kixe
zOSJS?>D<>K)$afIz<(W&&t(4V_{`XUdr6PTf2}kb7+b*8Lc><REQ5wMXjo&B|0+}M
z_)lGZ$PvfGW&(BoU-QL6vj2|_|D&fw^#2?3l2`N`tH#xf?oXhhqcpTPFz?IJARKmV
z){ORtkM^Vu(L%gHIb9HoH2Hab+0gDU+SjR7o09#m3uBF=kg1cK%XYJLL&KH~^5c3O
zdnyjo&<nRq@cz|`-7KEylj@LnxwbW-&*gjygPRTyR2I|fi5~l_FH)`k?}7ifSSZea
z8UL?dQak?Ncg5MSU6!Qe8zDz`3lo#H+Ux96+G2<?<H+ITNErsm8}`WyO}(hzwaRhV
zJ3nx4GQT8ldXTs%a%d2P5Dy=R;03jAKi@b!uvY)~!2cVMWdGmkcxv>2FX@T$|BU`N
zXh4&CNE-eB$o#+g!q|WMNrwMt_<xG;zfb<(Xg-(izw^;#X1@PE(sz7#Uc>)u#{V<X
zQac5}ZiYMz@7G@!>aaohY8|<-c>wF)*@t}5hJ9$*hY!j=G)%*9gK4M@G~9`4D8w8-
z4%ZOgLk~mO$e})a`J3%!@zy@EoliDl=hehgwSVuEVyKUzsz4c{hm#ptU7i!wvo><=
zaZrZJ23?dJ6cYzos920R#0W!F`!B~}5mvNyD@@?96(<l!lIH1uGd(C!m$w5ckcd1K
z6*%jN3KUB}gcVq-fsz$yAbJL(XCQh8qGup_CYfZ?^GyFA00960rt7jS0DcVsx6mEN

literal 0
HcmV?d00001


From 18fb1409edd00bfef355983f3ccc590c3fee90a9 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Mon, 14 Mar 2022 11:25:18 +0000
Subject: [PATCH 044/101] chore: prepare for beta release

---
 .github/workflows/update_janssen_helm_chart.yml | 2 +-
 automation/janssen_helm_chart/analyze_chart.py  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/update_janssen_helm_chart.yml b/.github/workflows/update_janssen_helm_chart.yml
index c7f13ed28..3018909fb 100644
--- a/.github/workflows/update_janssen_helm_chart.yml
+++ b/.github/workflows/update_janssen_helm_chart.yml
@@ -64,7 +64,7 @@ jobs:
           git commit -S -s -m "chore(charts): update helm package"
           git push --set-upstream origin cn-autoupdate-helm-charts
           MESSAGE="chore(charts): update helm package"
-          ASSIGNEES="@moabu"
+          ASSIGNEES="moabu"
           BODY="This is an automated message propagated by a change in the parent Gluu chart. It will be automerged. Don't think about touching me before reaching out to @moabu."
           LABELS="ci,comp-charts-jans"
           echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt
diff --git a/automation/janssen_helm_chart/analyze_chart.py b/automation/janssen_helm_chart/analyze_chart.py
index a61135016..8fa25d2a3 100644
--- a/automation/janssen_helm_chart/analyze_chart.py
+++ b/automation/janssen_helm_chart/analyze_chart.py
@@ -149,7 +149,7 @@ def main():
     find_replace(main_dir, "Gluu", "Janssen", "*.*")
     find_replace(main_dir, "gluu", "janssen", "*.*")
     find_replace(main_dir, "5.0.0", "1.0.0", "*.*")
-    find_replace(main_dir, "5.0.2", "1.0.0-beta.15", "*.*")
+    find_replace(main_dir, "5.0.3", "1.0.0-beta.16", "*.*")
     find_replace(main_dir, "janssenfederation/opendj:1.0.0", "gluufederation/opendj:5.0.0", "*.*")
 
 

From 01327666bcbd391193ec90a2ebe10d7bf5bdea83 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Mon, 14 Mar 2022 11:29:35 +0000
Subject: [PATCH 045/101] chore: prepare for beta release

---
 .github/workflows/update_janssen_helm_chart.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update_janssen_helm_chart.yml b/.github/workflows/update_janssen_helm_chart.yml
index 3018909fb..cc626f219 100644
--- a/.github/workflows/update_janssen_helm_chart.yml
+++ b/.github/workflows/update_janssen_helm_chart.yml
@@ -66,7 +66,7 @@ jobs:
           MESSAGE="chore(charts): update helm package"
           ASSIGNEES="moabu"
           BODY="This is an automated message propagated by a change in the parent Gluu chart. It will be automerged. Don't think about touching me before reaching out to @moabu."
-          LABELS="ci,comp-charts-jans"
+          LABELS="area-CI,comp-charts-jans"
           echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt
           gh auth login --with-token < token.txt
           PR=$(gh pr create --assignee "${ASSIGNEES}" --base "main" --body "${BODY}" --label "${LABELS}" --reviewer "${ASSIGNEES}" --title "${MESSAGE}")        

From 0b2ed93cadcf031c5f92c050192f0b0c6f1a0918 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Mon, 14 Mar 2022 12:24:25 +0000
Subject: [PATCH 046/101] chore: prepare for beta release

---
 .../kubernetes/templates/helm/gluu-5.0.3.tgz  | Bin 104038 -> 105793 bytes
 .../templates/helm/gluu/values.schema.json    |  13 +------------
 .../templates/helm/gluu/values.yaml           |   4 ++--
 .../kubernetes/templates/helm/index.yaml      |  12 ++++++------
 4 files changed, 9 insertions(+), 20 deletions(-)

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu-5.0.3.tgz b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu-5.0.3.tgz
index 0fc94422562044b0c5b7b4ddf4c759f1119a53e2..ce6b8b20f1ed9077b11e0b62127e765095fd8529 100644
GIT binary patch
delta 101776
zcmZs?Q+Q@g6R;aQPdKq{Pi)(^lgUhMK1n9FZQFJxwr$(?&inoUwNLgw>8h)-`lP#8
z)m>GG6;QoxP%+iOEw2^c=e*YT=C|8z_~~^Rc9rZH_~9<gs`W)Sdxd>)*jz9;Sy)?Z
zP>|Ff@Z%7rWn06xy$B*~l1;F9dJvG3zvVrFV4%kv|Cpz!6heJdt{EJJg9bD)kLVTA
z=tLV=;Fg1_pCMjLAPuR+ouif!jZe8i%5>r1p<s_fAR<12L3p+CR7<PYY`7C1gs{uY
z-igqaK9PgY<}eHp7eo|ZlG`=NY<9d6Atikvm?Gg}KR_I*u(yqd(H)%U+?bb3py&sc
z6Vs#3R4YK1LE4?Fkt1l7K>VOWTDl8`B$?R+8D{&hj!7z$Q3pLSHwsRnL+r;PNdPqc
zq)JtnO2-($M>5wM0~k4slv078X?*8I|CHbxz>gyoy{l(3=+T+_V}f(&Fy-K(;f`mF
z`uv35B<0A-%8mA$1VK`Xtf<B@9GQ`LIjertY`Pi20Qhj)w)@3I4Vj^0T5>KpLmcgj
z1{0z~h6Bu|S!zs^|MY@<(XB{I!LOfN_Y#HplufPx9b(UEMDZfrewQ-@r-cX7Fx^`c
zdLZ(Z;e_;b1+UY`;9Tf{Frh0(L7MGhlt}5Xlj$ro`cg|+0d!dxll>}(HWAh>=NZ6R
ziT%w%iUT*4r}YTqJvhhU-;AYNtVpIn8o>;)LmW^iK-g4lvE58VM)dIGiA6G|K;%31
zT-eruHz=1+rNRA{F0y3$42S~08PEx#2*-~Lb@dPqoIC<V!R67r^TOI}1;rZcg~uW4
zQ(9JWXICsWXyN?`*Z0Ep2u|aWMUie0I0aIAotlQ0Z6Q1e&^Rq|x8emdCj_Cd0bYbk
zE3=XzzRfN!Hnz67%2^y#xHd)-V71lfd-%yfZru+SzGhZmjyg+l9;Y+z^L)wMuZK0@
z`Z@cf%lDbMtJdM~mp&1Zr3V=fUj7YA0Ohd%sW4wgzFAyDXhWWaB`<P#JYd2gKf<C(
zUjle=B@@se8tv;5aXrm$6FJ2TWm-<#Jrtqch(69g@5Vh246z*tp=<bZG3Z=<dy9bm
zaII<9SOGrW)YpQGfCHzax(;Oz<d5A2!?6kGj0hTf7`K-~qV+ZmP$jqwK$QGDa>bOb
zv`cqgxFC520UQGr)}|PG=O(?R_T|MMN74ee%R}<WO+A}q=5q=^ct!Zl_DbuzJW9f|
zjmGApiFdUwQaH$U(ir&G)PpK+uMtURtMG}BLt|NmCmT=6$$<|Eh6uF@_z=XHt#B=s
zb4Cq>r7`l;g_A!~QGO`XHTNt{RHwU8_kf99!MNM4i_JP6(O-{Bvz?RTgdM-g%q@i&
zor)_wjqic>>klj1_9GK2O<DVOnghHMgfJPU4OLHSRbWQ21U23Sb1V{&0R1p<V$m5c
z-Viy+ie<3sbwJ4ZNasY!u4I32aS@WkX2Zuq<UM<lwlW)f>i0kJ1m~nvzFh-Z#oKKR
z4xmn02fCmH!hSY8ScZ8%fC5cShs4i5LRt`d#k(OU7%OSxL5K{RWBP08=Y$0}V;!4c
z2nANZn`7toagTD9!+FU#NdUOec?3+S@_UQ&=de}~jljfZzyQoJus}HXA+~B(s7Y-O
z6O@EfqHZjt0Wop*WHnjC;$pn)p$*H3VaY>lG&sc<jU>^AtOtbK!OXRUP|-gm?=%uK
z2+@w@b2L6Y?+`_V#5B(69tWih(Z_4;t^6@&$C5R`u^-)Rwr+qIY&%$2@>Bljrdw0u
zx@iSl1yH*0_0CH3rTwa$O3R$1QMr*Iv5Z`-^KuP!HOb${D>y@uh(7smEtXPUcECoB
z87uFzz-jCPGwE1j7-IR@jk-caU1pcW8xQ|JSS@}h;Xl_ndI%FztE(8aoB7->q)^-s
zs2rOa8U9s2Aw?KAmCRLJ^HaGuG3~`&D<d0=KftWi)V8CK8`o-0M*6-jY3h%R#95hs
zaB0p<Pmf%qVK<$^!MvcipE!<OK0WwYGm0!cww`TjC(J-`J_?l6rydVk9^&Kb8LVZ$
z(nmz!U}(unD%LPR505bD5=cPTW{g99cZ^MacY{^@l6;nVeRlq`>c3A%j7RPc6bG2B
zCE$McD*Ug1!acDZB|0*n7!QfG2p(30B)f|uQ7LgzIGBwLL?ku&7Rd=0Ob6*OSU5yM
zA%9yI{xN}1+nYv93Fi)qy)ofTHQ@~#9pIOAfCG2coUOjZCPNOA=8_e>uFRN$J-3&>
zVx6EeT;Qf0N!K8ftoL%pjKV*O2?t}qwSc-|d%ngz;~+3OSdG3o^n)}N<%8LU>_5p0
zJb3fi&1fb$23VJ4e-R(ukp^}D3aaSkP%2f)uIF|R(pwT~jv=1D%#d7+iopcIqJk|&
zC&t_$iiT45cF3U|nO+lIb7>A{X>2r^WcLNmAwSz8*ihS}fH&te*SzsSaD_My4+6gr
zjxSO*3bZB&1edt%7|xIJ%s+E<KZ@w1f<;pw`XPgKL-#<0P+0n#d+9Mqap0yU01pd`
zv2-G!ZScrwE@Kk2IL8yz0L}*#teqVgx4IQe?y@GmvaR%zbQFIM<p`tz{aV!GHkyTM
z<&V#fGK0%sL(q@Kyd^j-Yr2w1yg*HDq;YF11r%O4uXbTaSM-b+_mQoKvwg;P_+2Gv
z57JSwv$MZ{KM+1nm~D3HFg6|SY77KNS$6mmC!Z*1UjQmQ{h+4P62fKL4jE;A%G`$H
zNL8iBCiQHiV6TwZ+nVZ4M*;~d;}uEDzNgA#SLJN#GvGM5DiDW4lk*T>bikKNkzR7%
zXn-2<_pk;f;s%hPB9qFnBe-RGV@=?hB}+y#0(V>bR;P6QHK7F@5)2^n%2`BrZpduo
z=Q0dQG4*HqWjgxb$B!DqSY#9G%7UuNn=32NT!EzB)rkIp`Pm1&JQ}^z!UJeEwd|^A
zkEis`0*B`*m2F|r1$!7w5g-y*9w`5_$>+=)(L@kZucA+*VLM@G{%0)15?Glg0UPzU
z(6Ak;+7mSOqn|+4n#nnwc%K+JmPcN%ZAK7R;*8>$D1nnR1_xwoKH1f$&z+h+KA3kx
zRep4k<N#H*{4h#-rR%`KIYSwx*xOZt?7~@UF}>XaPevI|B)9K~E$|dM6nk9S3`|O}
zN|?w3WR;kzkOg@U<Y!Otoy*n!(cV+$-q@v7v#Xbn+q)62R|_vc_lb{Xi48v&5a{CN
zV*hf5glJd5BQjB3QO3+rhT<J()})J?D!IgV6FL|&pW9G+k{fk?T*XogB*pQlLLVl;
zf#E@$@SQ>9w(sHe1EzZ{0&3FcgF`|^;&{V!p*jO1JLSn(?ILt&!haE>X;hJ&Ds~PE
zpLK4lR~d7H$QA~I0?1BNGPMR!Elqa;T+gEn1pZ1>bKy`BN0RHxE*qia`RI^aCc9Y>
z){)WNVoz%Her~n}N7;?DK)5#=e>D60<;-59+V`lEBW-6AU~NNbAf1(VXBeoMopukg
ziX1co;&tX9UTzua*WCGax-0Qv_?BBakf{Bza-4)Xj8L5b7`q$63-;1RC{}4NvIpWu
z`UCfS_SL^&y0a(a87y<Jae4tJc2;~xO3Qy_vp}yq|JCPHrJ!)1usXQ-rg^h4L+LX8
zYW{^|{Y*y!04BD{4KrhdX}vA@QRhL05B(?u$DttykN7o=3Za(?lFkj|1<yeJW1GpQ
z15_U7+Ot?sMsr^~PZ*mg1v`;j>>xK`bECOhZ0f7%<tlrMFZiAE`Dt@%>&x@%ebD=@
z?q#ZTrsS$!|LS6D!sjmiTHveTD}}&t)FC0GAt)b?8ra(}=IXH{W&`dt|BrNr8D)e-
zO)XiySd=tK$-hT&A(;<B%KXP#(LNb^k3<X=<0Sgixm`{_?q8IBL&k;ul%P5^vU)Hi
zZp*UL5GKAfaW~F7&WlNw2T?G7B=5aAD?jtY>Chws9)Ik(J@HB*2T->98kADXNKsq|
zYOu6eO<<I<UkJf|irsl$fq0Q-yrq2Y5*9+(5Ceg6ZDm)GkZ%fU?OhCV$Vo9lr<hfH
zAHVvYLf4K-w*nv2*k8BQ^LM19X1PQ8$g~tB-h@6erFUI=ImY|wfE<nP+L^))MR|tu
zpf&4XE4B5OPUL?oIjE)&xJmq!ln6z8_M#+7N`Oe=#W4t2&g1`TX8<EdeRvP#N$knR
z;)&|4hb{q<2@U~HyZeO7h_M0DgWf@Uf@qF5=DB?k9iK-ttv`2EA;2&kD46$US_QEc
zPmj)xjQUvWuW8(=t;JeZOH_vS?`fDntM?WreN%VFe%xvIoRk;fm^JKR)s~L5vDBL@
zsQ~lUjm_7-#IjGk87r#{{2Jc!=2k|nsh~G-)yPWsaRjmvrxkzG=M(I{ZsAv+YO`ve
z1$o$qsaMQ9m`k)KabfR@lk_1wiMyAHGE}S1G{J*Aj_XIB&dXekvWfX}=jYw?Po#!~
zrooqzP6Z)ZPXr}m@S*V`m||LWN^>AZ!~;2ugi=aypk9abO{v@+4d!v_6xNg64LFV$
zAS)f+{+_bqW7(e#ZkEDx^DVo9zzS9L=deau#Q&1`rLU`K9xOPU89Pnod>sdxvj#>f
z0WU}Sch~9ate6H8+<rPVeO#Pr?J%~Hcxj~tGR=lJxbaAW6%xI9Go86%g@Ng(96K<l
zV6~#t;MCfRrC3fq6lv*`k@Th!X#_VtBE=V;lYI~h&(;Uy*jP%+u&$_Na{72txn3Ka
zHcor5OohxOZeoq?LB#vsCMS|BK2hoi2e87EbvF1a+Y5Gbm372SY!<+UB#w}lS?q9M
ztPYMZU-FbW!QK#_m(75VjDYo!XbBwmdjbjfFKEv{o?HwLqa094LBu^OYx+vgHc!>R
zH>1F(0OK~lGz05=qUIb+>!8-8ySBg#O2vF=gM;9DwHGJ0@l}DaMfP3i9z@s)J4AAq
zSqp~HBILz{A|$Dk*TbUfY&BP&x$Ig6CZ6wRC+^9mad-s2qHGEZItxmF7y!SlGJD&{
z9<}h4jX=kara7i`avq<OBh685p04+0Pc^|x(FJ;n8Ne_v$~TeXH|?7_TDgBq%ue<C
zP|~=It7(&~u|YBk0tg}+-IN`f+0_ez3f7s5B`yGN4A!*VHFWFh++XZ=Ijq8Kz9xQ6
z4>PCMIqEVD7Ck_*DoLS>B_JlEU6meD3Z<U52Oivym%mP6weI){=fu`Z{oV;wbnRyd
zP@oijNdqLke`WTK0c{~LvN6z`OgK=8cDV_juzDu3Mo{HptRjV;UYk5z0{kD-Ai=AW
z@cF$-uoMpF#XVS*t>hAoX7;L7^3;w&VVBg%bo;{8e28`^#~)pY+rWRF`tynu3^OO5
zotV=XjZ@L9#h6D!9)FLn@5|PBy4FF`?*|3fHxbM=l8dDaAQNEE_Fk`I+_#!Ob@*Rh
zKB#{E%8irzdEd>-?sB&9xz#P@aN{Y>2N8-G5~~*;T4V?g<1l}qPh*iNOtQns5gu||
z6kT$3dJaEgc8C+{t_*BS(q=*B4_iZV5ocffo4D}HnPIT_caxF||C0*b2LF9QYadB)
zi0-d7+jg2d>wpGmid%T3!k7@gKK<^CHo70K&Qud->`(w_rP2vCy-&r^^>Q1Cqvc@E
z$Ju3Fy{c%~LtzVFcz3Fw1uT{Orpn$)grALnI@C!by`aY5B9?*5@F=oZiF<z9PYeID
zr~BhmJ+o7FUFr$62>iMXMI<ZYmEZJ^o<Pm|?x^Zt>njr?QpFrgVao!<Q0=ka;=URv
zU)zMQf|Amsb(3uTHoLRD#dl=W0mKUpcrs3asa|Y?!K8q9+VJPc+{?T9w4c`vy3;db
z_Da@Z>3pwL4O~EdC-fN7@fcDwrG|0ADVcvgS+JB*S@=eaU_5{_2?b+2d$H1k#mFl?
z134l;mAC{98f$VAbG~O(r$%3~D&`$E>#EyT4+eriLxA({k3s5{rpub{UR?3!e1v2|
zzB}zxe40nm4;$H7P)M&zZA<E7wdK|NTch7O_}iiZUGc!_7>G!=A8eT<jy&o-L`vBF
zXX1H>1r=aZjNFW>0*8f_U{h-wm`c7n&Ja1=U@?TxPsO}o$P?kv>Qv>VAV@wChM&yS
zCv$O!2nEtw=+OoEFIy8;p{HB1$oX&-4+mRF_wkK^FBXG`$$aCfa_Y=#sJm{&b!F&M
ziI=J+Je@#(t~L<QND4QG?u$;zW1+cJrWW7+!10Ba-<1L7@v#U1IR<$HLik1{WLOx<
z&!YZ5G88I5*kcuDF#Zb@q*OUpA9~A}Fqc2PYqL*-YF4U+;@{0J&455X)WfmkuN2Ts
zJi$58lQOgi`TlPMn)Z4@#WQC(2w*^p4nh~l157oq67tN}@b*x2BHLHhDa<WW31TdR
zKOMXjgIATixMt2yMkDRb2p&U?8%R<9CCo1DkO*C%j12#yU)~E&^=0<HD2t<MS#T=+
zp%vxU%X=sp{j%*i44Sul{>Fy^$1raXWxUCFI96Gggkm6NL-3q>s9seF?YT1Vk~axF
zA2@whZ08Em<p*Xz&Hq7=!b5uDwbYz2paBCK(*`J+{?)x_T;*=rOnpYY=v|IPxN=7I
z$JESMXgg3u7Dwgv@jmO;-S{OOBw0UEHInuZdi34AT2m8>W3|pMgkzZk*{%j<kM3}V
za+hwtJ&q4gk3g<H{Q5vPDwA)u@HpRTKk!XKg~-4Jsj&xu8Wp!cid}S-?@qY;#ME<D
zJ=0P`&E+a0ar{xO3XcCFe#M(C$_rbG{04DtjEd0zgleob<^_@3rEXnjv2Z7rLMTF0
zKm?{6(H+EIjro4ezMuuSo34(TOM+M%6Q>G3FyF8EQ%o90R!=+jC*vLoyzGQx1n?dp
z>EU9o56L8PN`|5+EKwX?S6d)SO5uc+nxj1|E0eW6yF`Zswmq|>NLiu0CNk3$^ILeH
zNod<8pdv^n_~!LrOt}k%vlcbD8cHH|7{HhN+AnlNUOH$t)pI$Y3JnXQ7$>>`61C9C
z*3HQ>1G>rA%S$?#@1X|LYGZR|0H{{2u4rJyuJ)nI|J!eM<mD{fNw1W?ivwfAvk1*1
zAA#4jm5iWTK|Xp+SlY-G<iG@7>5d<Jf;n7i*P7Y*1w<vJaECr*%X2A61e3(WRGQw;
zt}T#v91W39+VAM!HeYfX5$5s^cEB*I9w?*%)Cb))HBH>~*ml(w;;^7fH;^ja1WXn#
z6J}JprDuA;m^iBxM+=P$lnR_2Qfxz8ivxOeViu;8*i19R%R6hJV9YZsWctHyWyA9Y
zPS@qBn;#^3Be~skTa%AVT_I{AKFVWONrC%zBp4I+Bsy3im)X{DRXGQPlsNXlHZ1J%
z@-2D0Zmr6oA(}_(Jt`D!2bfHwny!Uy5&y-Q!%*DYU%HAfK4RNotKPuNr!^Eq>$tF~
zRGw!EN|4egf6=V>8~$vZskx&Z{&ZVI)>Q`VRZn|`;cy8m=G|H_HQt{hW0CV~D_eh%
zII^uN&?_=D9o8M^S|O!{-Z4+;1tbq*1v@Q7x=dReGPY1<bV#*m2Z)+U`P=j{dV!*d
zg~xmcuXv0qx^==bHdn~(aGy#<Izr+m#FGY2nIv?$A|#TNQ$a4xKMu88iimY~;l}d#
za1@NUCSw6_$A5?D(N;p=VgNgyRcxS-Tn~LwCc1@FoyV|?8!j#hQDPo8F*j$5y^K23
z?&a?PAV|rfQ9s~Zc;90wK%Szhs?Aq(%KCvDY%>)xNCi4gByWng^lr`}GD|eq7R~$B
z_@97B{J#BkDl0C%Aq&Sz&Kd}c;iU@H@g&|_E$y6b^O7#P!z^=Fimy#GqE8Tk3tI2u
zejd<^vaM}0x_Rk6Y-iqFAyj;IgG)=+0huaxgUorp1O<q1HX^tx4ssOZjAgLg1)}9}
zqm>!rJd;zgQ)mgZyO-*affmiZ#4cCuLcGq1Jz^4H2y5jkwAL3h1T8__GFbKa@UyPn
zLMM@Fh_}XqN`<+0d#IVOrw|=km9SG8TE`CD52&}5_5SJNWoP%)bjD>ng3a&JHAvXK
z<7sOyr3~aeh>sOD*d?*H9+mY^aakJ0FKN2pM-QVZv57rKHz9G>I>$2g5#GzLNso^F
zGrgG)z@t#dUc~S_Hh%oam1LzA+ccO2Z!zdJ=D_Zik_o7XVF;E?t;Odk5TBCW%_Ic!
zrw8&`<P=^<Bh{YhUy6-nj1wC>#$r0`sVrb_fm4sWQyJkmH6JKsl9p9s=(6_o81YcU
zz#aJh06#lFdA|LckNoO`q>s3dzrl3@Es3|pD**jjkBCo!2vq+l`5VT;U6am3x-a5f
zIj+5C$(}x;0S$d>TfZXv#b^21`SSFa(FN(z<;mcJ!+;&B%kuKF+oSOd(z5DDc!t6-
zq^SX$hRyG^7RuWfk<gh{1E;Me?Vq@>loCQ45ip}cJPd!qYwMTRe=oW|x!i{{{$6Wq
z!-6hZESu?4eFL8N`Obha`=L}fe%7#bo7*-?^2SH&73@JVlQ*i%9kqHoI_D)-I^{L4
zoSn)2g;K^~I9xy%57o#%e^OXuE(*m6i|JH^o?3gAma-PYF5YxW7=PWDtip!i0&{YT
zv%9-Jt;p1B)W@WNEut&DP$W_H;=>Y@(AEJwfJ+zrlm<dm7<`02(<<Q5XiKt^2~&`>
zcZvtt{w3Uc{4BGrsPp>+;=q6{5<1cK3v^k8LM4)eed=!hVmuJvu9Pun$Xh`N9Rd5O
zyiHU|Sk<Bntp7i}7juJXbR`IYXI29kB<k+Hw5PqlRXqx4!yOLe&ePA?Dj85qOtUr{
zwm-y>0*l5KJ00Zl6E!knRr;t5Eq$>_0K4i>edGFWMN@TT>r?5cQ_lpO!d)3gOApiZ
zrjms!sOS;@p)!L=C|#$&yen+bfcpX(u=)PArn_*KpQ-oTp?5u-%FgpwE^JUP;wbw>
zlf<}Vu;5;9k@L0G{{b=?Jnu*TnIdLQIUV5Rr_9J>KmGwbS}XsNs0f!M-f8&=&6uL^
zCE49MS$snp4>;%cyo6yuFll@O_arDOm0hWiZNL^xFYYfrKtI$`9!7iMhf7M_cqm@`
zX_PV9zn*ii?f%7JdYgCJ8000Ju#!k50<%}St(#i9RHB=iF$L(`6%F@tMG&s;!g1gN
zwQ2AxlpuMVg7O3oGSJ9U@%KX4y43!}axIh9$!&Jg=@K5@AUQHm0trvs>J(A|iZFIh
z{{Y7_VlL*EMQTidhhB^^6cVgM{4c^f7-ob;S9psb(-v^#{9kYI6<?cGUq?&bA7%`J
zk8!CiriYOXgiwB5$}%=B80Kx)*a$#4%MmQPq@;IZ6BNpg=uM?B7!iek!wf%VM4qyX
zdwx2buhEa3Y6S^A4ZY_-8K-T$vQFHyK?*2#VZBnwi8(RFgJukvsu0HA4CE}nk{|Jb
z5LN#ICvpS}952_oy(_ms>+&k+q?)swEH}WsN&}e5I7iO^IE-SDg}@<c>JI^O1@mh|
z(R+fIJu;7y??^~Ka~Jz1@I07*q-*u61Xa=USFTLu(vnEd5^GRXP<!%1Jk&({6r0vg
zhJ~OuJ#rt+r`K=pm$`Cs@t?~@MSI3Sn%O$6U&>8JdB)%EZ5BALre`>L#$UB}j!bQA
z?$<1(zb{|Ntp;~Wy|r+hxOf8N?`&)xTxQeXiLzZi<D=fMIykuE55A{=J84|8H4L8d
zeRrD$A4ME5pDi3*f1Z+JVybX3@!O4)%?c}X23zrP>X*vMgY-zVJ;SMx9ZR?ZCM7p4
zHPYbJz=wToeE&cEtpkxEI$FLBu@x#Kqg#Ln$lu=b?h20g%eGTl)q=LtnRCKFn<{|<
zg**K5Iam2Xtw@D1UZlUDn0l&exMOB8<R{*}+|0<lIpD#&jB%p@!^NpLVid|SLAw4f
z_X$ntpO<!XjF#rV{s?JZ%}xpz^7D?VgkS%Mq@|abVkbS+wlV4nF`Z9)CTzPvKmvRG
zCb5caC0N`WcSRjgMcL7ap$({6C&+eg8*U(bxlo%E^v>{iAt4v>7O1n0q_scM3*$l-
zUhDAEH|HaWWVe_FJV&}%1eW+LF$h`NoWvc(KKY%hVvm{FdR*aS2}@|=K%)X7U*S^l
zIZ5{+4@u;r3e3pw@iB6u`{{)tT7Ygj>k>4dpsdoeR@__=YA&gkB1#9JA#1gz0;nAD
zPeZVFqqIGw$p?Eok2_#(Pe!trs;|<c1=dxu>>W)Es-k$OBulznG{3vKnZ)KJ9$Ji7
z1PPfb3}r=<49^!}k4Y$1ue%|W6X5KyI5t5jMJYXgB4C8_Bw)Q_83(O5Iso5ZTq_M$
zAHI5CuO?nOfNL)g(SH>fyVBfSo=ynAQVIw!fUiU0S4kIzXuEmschejwis4d$R5x*m
zABy}&bV92Y(n@S#x&K<G#LCJT<VwPKvkD>na?7Tin$jz1n&egv6hR23aKVs@+E*qC
zo!hTq9BPuS9Arhfv`wp_2!L#uljg`p#al2)5*WoBFP+^9p;*pxSsL{90=wAgWIrtM
zyNM)nr8m=yB_tXP84#T~jHp#1NVE^hY^b8}LTEP0t>m4vR{S*hj(3SM)=qz8L4<I<
z%1d%>Kd3}+N;~ZiN#l)jc%46$LSIUhHaEETfz$^6S<cc1(C@WYR0Fl%b*U@<gKcev
zJ|=rH&LTxu6-tx3?NdZUC!}$^C@PCTanN*Wa6**YZ!Be5<b>0Vb$d!o*jlF?R7U}B
zk)5|q77BVRCj~C<dr?}VH2s-Ip)<PbuF24f5p3xw_Kk4pQd>`D&E)S-N)tb$E(SHk
z=sP`^Y`q%Ema0>lf&GTvZM;8uAgvmixi;qq<^d=D5=b6<f`MTFm(`suL`eC;x_wOL
zJL2BtKQh*0m3DM@>8dO|JOb`fy>ZEdR69-aCl2E@B%SIoegIAN$qU~8EVe=py=~{q
zBsHp`mQSOeXXDJ$x(@u6+2Ke4@D=RYIoI&A-ZUSU0Y`76r0UUZp2`>4%;rUOzuNOT
zkgTy%ADb-`xo7KDq+1e)w8e&}0R@Bos;5JE?M%&{<CT<5$RVZW35D-+o%49iV!mNj
zie2HkyGwHmqs~BAr-r8yurB3zOhJGl{n1a#ya3Qpx{so8Awu^A1Tzl4&?rr-U5FUu
zet8&7U<{`vXwd0v4+zLNcpE{jDz9|K`^*boY<GPyFz{;3z?-qePyGlzSTQ2zh3X<(
zuA|bp-<BI)&VIPbhvdvZ6FW*mmB+!aHDVkL2{c&kyb|(j>Ei08dwE5V<baxP4>SR^
z_?qnf`nyNTtoHTv!uWm4yXD!e;gJ?sY+@mR^v8{J1A8L9MU+gSE_7$m=4x`Tql!bH
zsSW>Vr0Pm-KbNU4hKFv@J<RlQLK;N4Nuk``Wkk)amDMngV-wPH`yQPPQ$o=kmF`vW
zVF{T|&nh@qt}nZz7p(x&vh395S^hB|sCR#Uo^Y(q{EqQSwf7$z7M6u@ijW+Kcs(Wq
z?g@_zI2+Z39N5->$fwRB+J$W+N)vR*ka>T_6q9&MD!%kO8eJQqr73qdUX$2CT`}a^
z$}=aMN40Gb**`2qUqgX;M`D$Hof*)>HhN=ZN9v#9c|A>j<hOP{oxHTWBEERLdS1<i
zUs1GA6nV|QUk<p!OVn{Lb7(9XNl%sl+XYppcSce>g%p&pR51O*AJwjcrLJ1m(seT%
zm!!RL?(+gD#0xW!ESO+S#|lG#KIN4D)S`#2Weo4b#TWDRn7{NrN+^*tW0h!1oHNJe
zoW{<z?x_`Adkq<2S8QWT9$N&8^}_nERx{#k>s~P!Wv%NkI7pPZIk90$inwh85oG0s
zE>N|v$h>S6vm~`C;|4?XT>n9$r@)`nt?DHY4|Ifw^gy`VVj+%QotKyOEJBt!fa_94
zN16JYs|T5As%4;PZS37`j=bEQ1VeGoR}C_udZZfW*_EMV{Q#<FoyjnTd-7p8^g@~)
zP}Ul$KdBo0DWT!$32eo<iH+|7DvqZWv2ouN7%%ZVd0yP*Kb{P{+(2{T3gBhwJ9`c#
zKdmhlnrl7<KOW57%#aPb8OLNUqqNQA>4-8<({;4*s(D0?f*3v~eDRoWHdlTnMR#p5
zT_wT2XZ3+cwRP~~b`{Ty#4PvmJKP$Ap%=Vib9hJgumD0hO{KpW<eYSYGc*G<9;5oH
zsp{#~GbtR(9AJrxerP&uhgC9J2y32})qYF1?KUqT>Hh<HME0n`Bn2n4K5J^&&f=0+
zzGA%`udCbtuG0?&Kgat@DY1)fg-Mp5nIv#CHcI0P{qk+*+r#LtOaqD<(hESlZejBr
zhJs^|><_)Ngg-Qs(t%wvvKOdE3|Qzi;yeLa9Qr{u<D1GQ3lB|4yez7VS+XpPcFNT9
z!zv!Kn5Hi)0a8ys7QNIohVFqr`boKw$n(SGmOETD^e1_9&~v+zX%tM}$|y+lLTZi&
zcKa+cWN35(6=MW?1%Fap<t<m?dxK(@sj%?>G#ITYzdDh`%K$&X#+N+i=$<ea5EeIa
zl~~G^MGKU<ZI0gy0BVdW19z)bYjM;^5JpCR5eE#?mx*g0I160<|41^hLcVXZPgcQn
zb{=WO&&>JXLUqce!|YNk*jXalljY+_T=0H!$&brJv2sI?Tu}vYIo6#fzjl6VZv52|
zc5(^iFLFY9wFh3}Bt55Q4;a}%0Xn0>S3%{;vg}YPs&itgLyFL@{|vd{lbx#XwP`6k
zIBfYIVP;~EF2y8&LGjwU8vLQDANVhMDF(k<A&Q|#KOZ)0%+`|;wLq>|e+LW|lSP9k
zI)80&2GQ8g^7j6j+b=YdRYp+pX-a9=C=N!f58}QQ3kaJ1SQ|Wk$=r>>CYd?7g6`R%
zWH6j9pAjJx3D6tBT|>8<zB6_ZAHMTr_5TBzpmGQ1@gaw;kb+P+qPe<i$pf|}=*MZ9
z?Su5^BJrIUUZ#9qRPD?pTuQE^hEi^$r~1}u_?3s@@HOie%Y=`~sf(aphw&(CF-AgD
z4$B$#3%I&r5oWKwp5ita$bz3i3Baa+rHNf~LSwhQ@lPG{BjPOVBQ|d3GZ4<CDU_i$
z&z?0>AkSb}Y@PK|4;3}L2$Be<FmjINR?@$beB1Gqz|`m*Ig6j$!vnsZQ)&#=&1dD|
zs%`_bBq~NB8bP%UnmsS(Ms5xc1`hVE-)_AefDWIp#tu&J9}DSHS9RW;$>1*m(E%_?
zr{-EWoip@XteLZje2JIrs*LL!E209uHVV&4>goGe@%m+yY&&xZnm(IT(_anHeX%QC
z+FLnpSF1VQ#a!H|cv@3bQmp&10L-aCzlMSr9O%%17k)V99fe;NWGl5rC~*Ukl$?re
zz+BoW)Q@{=#E_8lAL1hZr<BV#Ois0$!6AyiS;||*R0g?UCjSU+pOUYG=yvc%#yPTz
z?wQ@i5!#SWF=9D&cM`oxtaR>YJVZt#3cMtAgj{afE~72~$Z?gC!S=*~;QbE-4Q_aQ
zGTFLoC_)9duD})leOS<=_JtSUQG^D1gYhzzCa&7HKawORKIvtdwDI&h*|H!!Qs|z`
zx772H4x696@R<%PnnraoN~e_Z$fZEQ>yB4132H8#>vRZop38G1yl~zxxW47B@hNv#
z^Y-Sv)MA|o7%5YP3CEjBbq)4Ukhz<MJ@^s3@*}!yoy|p7CCIHFLh44paft(;Ye&{H
zyx$Qen;?)DiTmnqx+H+^Y@$iZ?r2hk*)dJ&1@1;>u3`HEsaa=kY~vVBzmYY-?CmRD
zvOdJ3<_pc~36|mIA4<QSNTM!h<~CR*YuEJtqSFW`2gaAKAMvTA8stg!qKMPMlRrsl
zJp2Pivu)H`|9nT5;;EdcM6-b#Y1h%41w?24#$y}n6w-77`yt%9=Z>v;$!5Nl`AJUs
zePqJ+FECGU^CHFts1EiZ@{EAB;&QZ#o&@64|B<0rKr*3i^~;Yj{bLJ-DSv*lC1pk-
z*F%KLPPoJ7wch~YpuKXAwhi`YY>#DnT+jxlO)hE~%%S#;%=lq8U~myCth|auDDI5Z
zU<5;reQh~XK;xkx%?y%2E=zM$!Ws0hgv!YW0qD7K6;HZ}Pa^p*;sK1C5=ZN+Uk+xW
zWza#^NPR552Lrmcu6|(X77BjbIPKiAo}`}7w&kdYSOkv<Z)!<DuJ_gmwjB;oR0#*v
zEpY7rU!Vm1{~=0?Bq{A+aOYTu?*W4XJ1j}IVLVb*lBkf0V}(*TYnQ9!=w+PV)Mfc_
zR+7>*9Fm67LjS-=`%%NAL^su;0chotO_WSBB<l3F3<a8nuMY}+We0^XY;$$w&vd^9
z7%>>g<4mGTPFY9lf$uNCKYVGw1Byn?rYFYC6x-7GDxe%3*!(y6;vLxaW%4Q%4pDjc
z2c?=Bx}a0;6#e=B*p6j$=lkfSW{XGt?Q?O!XVe|Mp!vj}T8elhn$zU3>x{aeajwrT
zY9q$MHvc_Q0C`5rRdHzXs8t_r#NDbI>OK=b9IlHnozb4%c0fi7%uSNAC}&lX+nsx%
zjqb*p7X@cDikLD7XbQYgRQKlRtrgJ7>KFCLv_)Zim=!!fsf<L;!NxmNSOXe+uzPV;
zV>ni*k|^5K7;-o4ilS~LSJHP?&7IRpP53s;1~t;`ohi-z+d}whsbA?>EiU!sO=@Q4
z5%=v5F0hApvfWI8;>uq{YoqQKTeH?xY}^g!`fL390oU1XE&aUDypK2M$XYgp3JX3~
zYi_V{m|KG~O79J>Hx5wQQPpiz^%`vhKg4s=qLu8l|BEH`py9+ZLnq<Iv?925kU9~t
zuI7d(hZivzhQhIV`;+#um}K^m9uDl`lbQ7|I}w?}F8l^w&rATqGq^1XrD@+yVEA}@
zh9Maqh!?f|iqL#$WdLXlIY;DrH0&eEatD9ve;kkLMtppSq-w4U1?vkY&C!@_7jq10
zw#&;B;fAv{^5^$~7^4LwX4J8jR{Z4TvvF-Tf>G4o9m*U)uu8Wmb(AkkK9O{}w>^A_
zgQQI^$ReOde(qoHOXJ>qTR^m9UUj659pBE9pH6eD1BIUs2bb!C>*Tk&Yx4P;FT;@U
zRA!b@kQxqt?HuKn-nn>|4IyYikn1xxuyyGNIe*}bn)8pg^^qZ65jh8-$_)Z7EpUVC
zZsZQGo5FoUL(|98(A=~3cBat1B;kRcCLPTjA`HwaRg(IP=Vu$k0k!UD`uHl7IiT)t
z-PfZQ8Ym7EL4~Qi<(axXuOiy3sAzziQ<sBrZ}S+IGQ$TpH`L0LAUj?F-6V`b6~q~n
znm&DW8fNw!H-SHv4_ObNNNNHD*%r7bDbp0je3TpALT#D`m7+tA(`wZap_)^M9aOi9
z*bmJ5V@iq_lg5XXQ@`9;qeL%*zyYhbpkBUtE@^XCs_e{v2=<aL^_-U7>tYm2KcFze
zSFL(^5+Bvs1a&{;i@@9po`4Pb5nd4wP_T)I7esc5mDfu{_NQT^m%bQ4F5Z;e93F1U
zw^LjUQ+{58rx@-FkCojc3FMHR{$$c2U;_&Fe_X)cOsz{b2;IpZsA$gkvupCRqj}uy
z*kej;3FHb1U$voHJ6iRKI%KGTf(-{;kaFEym&AmVr@!SsqJ5CHQ_o0vxZiU|Ce7Kr
zoi|Lz6#orCMkf||@9tTEy+(m;21T7DK}_4(DgE7;U}aH4ZJ+t<aUg_R%~Is6>IaN-
z=G-<yR-||V!?w~QkVoyWCTK|jb?V}aVY<(nR+KmV5TxzT42vp|o!2Hxw$35jVj(KP
zO8)Q(a?Hs<uSrSX$J69|0PQ?Wp-|UjHkORGUI@XixnAA@JZ4Yps$i~Ii`ObvXgWto
zVnw?;nIeCf&IU?P@{>;;NuLOl8UqQd%N<QVFGE0q%Gs{`9}1pK6<Hh(Y1F{ij@SVN
zcmF;!M0ZjPx7*@LT&*x%1-qPzG!EsP1BK-8NvA_=H{=L=W|zK7JbA$c<2Mot29Ri&
z(Ch0Nd^zK7fQb)G>gskhmY|U9L2k=Zfvi3CR}Mr!q@hEQYb;J;%z0=bpcgju{$OHv
z>F<u5qZysdg7aqv-+-g%#94X<G*wbuVVh{E`TRa(o!$m8?7w?nq%iRNQ?2Kv$Eqd~
z*I=s8Y-GX)ZSQQbAw!E^_e;(Pi-waQQzz=-zvxk8P=}r6!`dF2(G|7n{w^(|GA6p&
zeO!b!HZ?@`jvXT=q0+o50*!t}I56fr@`ii>9%@vamQH68kI9n0ft4`}?^tU?vll5m
zqn{CzDbrEecJSl#z>{5lOiADBX&Uw4x;7_x)TJQd;emkk<kRK1VYe-{eP~3;o-RVT
z1Fm^8dta>lKYQ3ir~>tuyEMxf*)DWtAinF7$LQGbx*b2EyDL5pff20luN2xay5G@r
zDqL_!t+-asNhIEaOEz%ibz@9Ws1d~%DTNz5GMm_UOgyp1wJ6fkb0(S+5k7Ctg+E&>
zM66wiO!gg$&d)^myj)aZNFuvL_}7l#ZsGd*UmvRPq?VOaWh<Taq?=oR*5Rr?kPKlK
zgdJqRBZ-arx%5s<U}Q4_ydO*t#5;`bc9Yu6u_2K&i@-fZ)msdFKZwYT`<6Ax&mRDC
ze<fQTr5zC#^-zZdtHxTM&A4_!An)3%z!#+_Ei#(lG6**f&X$cOn~zHD?<AcJZY&Q$
zt6!qAzEasix7FMuw1esSMpmpmf5U7t{xBG-HkEj2OajGnfc(ub8lB(>@=@G|$f$)K
zBDQ}^6t48l4L?aQ%2Pz++re5C1^e`gU#us)B_v44J3~i4#Jsn?MaV=wg|u`vVm08J
zMZ~$P(;e|C%|$^n!!*cYy*BxHxjaE_$TkyvJH;I<VageytbeKMB3M-#oUbL!k0Kb>
zNqC&P)TSMX0%3_l3)as3<HrTMP!*vaT5x=+u1>8C^Bh%a{gi~ZX@w-|TWN)6!}qL+
zNVqylQZ!YoAgGA-)%{5ehv+~a4m4P`&<4<6#ps7SvO1wgIDa-;pfE!oK@~lxWRS2V
z{2pBjw5QcdEUuRN>H4o7{a12ybc|xD4f7maG(bO+0T`|E!d)OtG(b)c)8ZB~(DaG}
z1!^1xpo`-?{x4e%fsCMBO!$AvYW2J>KPy)cPYz(A`q7_L3<d6cX$$3rC5V!mJ8_wh
zm14R}7V76?{9KbvCcHjAm*~WL6bS-HiX@zU#zyo#67_%7LtE+>Gj41|x8&E~|JWBf
zUvLIS)!gbf9XLNAC~3&x|JX>7rOB$XmvD+jo?VaCyME1<IP!(Z;3hF0js%lMRvMqX
zO2jV!NYM!Ug?oiv<}?i9h%h4HCYZUQ5iFp?r8e7t4&nKHcE`J3J%=AnNeDx{w|}D~
zo~zA^j_1o{*DIT|?$3+=u*luRz}9BxZ=lyx$HQgjTQlYsp9W;RLFe=301dvEvpd{4
zV|zGJaoYLa@TE2HEkFhjZrKa?adqc<)s@Bz?0ULQHvc%Nj_))`d-!Vr{I%Hq;(ROP
z__TC2ukkSD%J}{5j%SlEmDYcZpLNm_St_7JEq(+py;4WDt}7AP374F_DSGN*zz<+*
z@_2G3Z=mXpjqr$Gurgqzr9=cadCY$lQ&W?BDz>vG+Vc`dioy36nn!>+$H}4dG~VUn
z`0nN8_)-hZ<4z4xdfrXo58Y(K4M6P3u7L&&BOYWb_TDboFR{;QGR1lOLIK4fU~*gd
zQmzdTdIHb%*jzAThl8hSI&KX)Fk@k+*fM#@G9tO@YLp`~R8XW}{SVG2pXwa<>0XVa
zGkHxgP$MfDU<@D;2Hd@wL!ct?6sE)wj24mffGf(zE-<>;m&l~CcLsK%nt8MNbEIJW
zSviPZbk3ptN!&;p%!=lDm}6aZunOs3WeU&5L&4$5{;#-7%25yZCKss<NCQ5+&n~u4
z!7Xn?GJ0iz_p1Tps#$9kgN!o1BoQjt{7kxlZi!VUrf$;y1eM=bpgqPi*$&wf<SZJU
zhh?ZA(E0sN=$j1A32YiOzxp}YNA>S#pt6l1;nSM-8rhVc#nCaf){RZ|1lG>Csihj`
zJWSpY-FKjp_9w`*o`~)O5sYC*baL<AKQrb6xDqA^`7uuViLA<Xx8fb0{x0vE+R2Lr
z6Gw$;a(B(M{Zka=!bqT>NR{>ZlZ1bVh9jE&@~U(b!8}k0yJXRF>B%HI&ymDQ$MK~0
zxo>8sy8P>4Fn~Cv%{RbDfak^qAvfcnRzPuMH-_N-tg5n68RQKs5Eo79^|l8R{q|*o
zF(ROJ8^WkH4x7T_NZR19rZJ#kgqjCUwsPOga<Tj7NFMSdl@x$rNBD98kw=|<*qd7R
zLG*{S&+LV%TGrn0r97+)<IWLlGAPMPPym7S(pplWV+hS1Z$aBXaF}0?yPox*Jwc!V
z&tSR3uc>$4U>Q#a;9uHmmxG0>j@3jB&#<P^@=OnX_r~P>id!oUeQUkCTPq8V>i-7U
z{+0bFc+i9o78u@nJva>i@2a;u-04J(_VK&7Yby%^fVU~bC3;+9x98!J$H#_Qi(VBx
zEuq4}o)#u`Vs!EC&A4su?TsowflAly4R1{}@CYaJg_>YIwOa+10-ZGd>I5g!PfcVW
z3Bb!M2!h6xM@+lER`$*hIgsU_tNY?j)2(pu^zshnbnrxd$IB6Vd<tseqLtolW%1+L
zSp-n3YFs<C?G*>37FCp*{o9W1hh0-xNd*Z_dB`YDo<mp@O&-fbM_7q&RNd&BzWbUp
zaAb5XOYa-vYizo}m)|xCFxz_mP)ZfAxvkL1a@Om*tx(8Sb6*tb1J!e19OK<m6*U_i
zz=-}AiJz;+Rd3-_)tAZ_-TibvJ4tWc388gGo9%jV*ELl1En!z_vRzNz5AO88H#^dM
z>2MwyJ<9yv%Uy%t_Is~yaV5(NlQ`9WeRrH0@Gbw>HDxRKJ-{->ad?;28Tg{~+(Ftv
zll?S4<^0@nbn|o*WFJ2v6$89YCi;!A(Opz7D^`D+CDN@bDbdz!MlT3$RsGZ$VD9RL
zo3lqejM5@b1)>Qu>{lL{?m6qmo_DogycG0pwU(Q(n1<X*9CS(<sk_^o`&9LYs{{?4
z-GwHcj^2`3b|sIX7l4v1FLZ^N%zZdE1WpHg!mG82eSlJk^p7UHG6P+Y5smla)EXEI
z@VD#O&Ji(4K!c3u)i`A7baVSk1fv9PqV-AZL_1~J`gPHVJj%+d!VmI5I@yU2;Ue5`
zES3L6A0}cemEum;k9VGzXn%~jP;29j%1|A@rs#@wc3fMP()u?+fLF<bkk|+^qjZ1*
z7$@Z?w|p-L2429<_JG>{I*4k;HPId9|7c0AB9K8B3!t+6mld1ydWb+$z(K1~w0wJ<
zMVriEQ_b2ZAF-Byt&>cZ8=!f}xH!Q(5B1BQ=^S4+qs5Cdti@}YCR{DNUCghT8FuQ?
z><Cx}4?-}kWup4q&j~E*XK1A_t%agIdtSDeY?!q(fL(|1*Z{?)v~9QS&!Gv*w(@-V
ztWG}LnXNnmvmy+67bo`tj~vu8<nPdlh0K0qE+*eeu;;O3%2NAfAH~BF4azllxMUp+
zpaO!ymGf%R4bkQZ17<v<2m>xhrbX?j!T49rb0oV-7hK>u^}f{hQ_@Eb8(sQbTs;il
znwfL6%?+ci96+}U?_#fw^vllRpV+8m3~PRH{U#Uxv^bV$2~zqqE9Y)injE$WQbKA9
zGnruh37XU5&eC+77(X_DVJgP06o)cw7=?tVZ{REaLuzaNl$+~_+62&v=1_SGZxFaA
zX`H{z>P?Nd)?MX3F~*iNy|5zsj(_->Md9KyfehODVgZFfZEBDF_`#-~W8ri9sE$B9
z^!rgU5t+X0Qz@+GJOopbAalU4ga4+Kyv6ho8zaiPG93{c(_dE|68ECmFLNS4_$oc=
zUCe#3C|vm^L`Tm^!5-#^K;Djt555QH3RSATIZ*ZvWcErV&tDwA@lurs!j^XC-O@4T
zg46z_P6E~mJWxNQJm|^>Z3pXD&p`%T69p$r8`?z<!k_#8$)m-L$kYClOjo7iGCxVA
z9(UNX3D!T9s7^RNV`0M?ORdgcA!VUVg&l{cp+ge{Hy$)K9-SG=Z$|YsuAngkg7VZX
z@gpZ+sf@(&`)&}k6vs3#fR@wDElbl#B>t)xWdkOO=p_E4d*Ic0R7)K!lQlUbG0WVm
z<95@<=Vf@bQ-zLp#3=<3Xh28LO*v9l6MBH*_CA0(x`EacJ1Xpv2<{(C#1w!%&x;{W
z;~D{=2=KsG#J5E7+|X$V_rB}IkWn$2uZ7Z!BguS`p71;WF6UfqN=DhwyXY+<LW6rX
za{?6*SldDnK^j0no%9YSlJm8y-lI;=#e(lf***i3kR`%WezURTdqfU;Y=H&&zbYC+
zdu(D|Guxj7f^w^$GhWQ8&WZYy9Q^7*VUUfRs*!Dd;r#`DQ^=3(TYAQrPJI;qLjAAk
z7RiAmVQ(v$6VmGN1o1(b5ERm+{<lm$@N=Tt_PVo*7Szm<ot1r#^dIc$X~1MYCxJpq
zICnx~?dB|1VuocQQYrKpk<utn12RSg-03uni#txdbG=A=deUjCSV~=9Mn>@gx6p>8
zkz(XM`r(44g5O7m`0L)VyE5Vf8^(g7L5^T*?xdpPsIy+=y)ao>Y?j~X9?r=u(6UP0
z1MbeMpt#2eK+5M-{ypISb5_MLyI<0vIJ{)kJx#o3)SY{5kml%D;$6e2`>Q+P_*+js
z!iDeah9^2whV|6VeMZq%<NW-7TLbo{_H2K|83gWEH>hh6zo<$20Ia{8Q}-Wn-FRl-
z+K;$u8Fk{9m4)({cN#L_*1t00+iXoqp94$<Qq7kE+U^zxgO`Eg>9Y6T>>b~#_uaXv
zBW~C$gSkRi{5=W1wLnAW;ZyaRpEi!y|0i?qIM&*!KSWIjpH*O~Zh<+uZ^2xmaium6
zOx@Z=H65R;K`kA>^k~6+$RXidTQCo1(6V+h)u?9YDVqQQ;mcRgOW1i>h`*->W=mY*
zSN+!?WmUiT{XhO*bblw&x-t{VTl#zbGQ>|Em*Dr>wdA+cqWXqkh}NjKhCgQQI&N{T
z?ZQ)mlc8ojr}HDRyvE^2Rd~Xvnr189QL|zz9IZw!wLvQ!;re&ac9O_H)e>F1MEEL)
zUNr__%P6GA`>FoN&-LEVe200-02-u;@u{C~mT;Upka_BUCA5{}YD88)LefNZz8epH
z$UFuKtpmNPj<Gh=1HH*AefMPAtGYln_vGvh*H$=D$V5!9GP?uF>W*zzOEvxLDLX+8
z{p*vXXeQ)Do@E0a5UcNJv;vM-&z@Ao`vvCy&)FR2!qG@PgAy~)w(Adp*UUPfoBQ-T
z7~4{iP%q^^SRG>;ZSzmLb+niFo1saKZKyZ;o>&m@b7Jb{&mEa2PSSZWgA1?M`#&-m
zo=whPn1Z`BQqri(3)n&w-?fl`X4(?+Q-~BDB}FhQ{5*Ce6KZnoOK7Nf*1tJ2@ow4i
z0HQHMJB+NaA+bHMr`-GD$J=X|mtr|(4)N|OAx57_P>vvo_yvOS6z<<>;`?h5Qp_GA
z#TJe%>rSyYST&*HATnaS`&jTo*zwZn9t9&pW`Bs?w0%(VtT9ki$+N!U1%0vc-n&oD
z+P&ir+A(7m)uyHJ!TQR0P(#UTcDOK+@2Y*f3GNRBc<%|IH=z{xdg2(0>amU&>k2Kr
zY%LZNNz`gHiblS0EBWZn#vZIDQ0ck(Q>n`_zD2xa+7Kr>O{vW#!uIqART2sTjTxlz
zYv}ANdZ}ppqzDt&;YFYb$|NuP;Jj5R!bIBitIUTzUp)ENkkH-TyE1J4R!Z7I5BRmx
z@Kfm%?wAOu_@;w6zqy1_@Q_=m`mi!DQTdfTbdg`b7j$J)6#4G~c%|m}WN2&kvE{w8
zUcUJC_Ur|_53{`b+TD$%H3P<oJ2CiK{hzni(OCcgP<77VVTApIjcwbulg73h8;z4T
zwkEc1t4Z3}wrw=FZEW86ySr!iocROhhtX%Ad+!tYZX6gpU%S-pT#EdUbd@#uwEQPw
zBB)vCYIDejn_iT_U93N}L^gmxD#qOX`Cd#2@f(23aKZ~4tKiCTT3cTA+zlqR<U`ug
zgIz_(M)e=S$r1qz9hMUR`OD{i0eM~ul%QZy)6oC3k!O8lgNuS3FA1^h-|EYaoIO;H
zPAbZ-t}eP!O125{4`lgn%-e2L8?cjmPr@Uihe*#0)n()!h$|Kt8uU*S<3LytbjYrX
zjyfQ8UP4zFR{rM*Vd|F|UoIDjS!1VKT#Xa_9wPQmDDz;mM^@rq$9^@P{Ze`n$16pK
zz#)*zyDIJIZ})4!S^?hs>4BKLExO~MWZlLaiB(5bqq4BLdws%Bg_H0pihC*FwFC^X
zuP>u{F$5}49?(~Q40180o{ASvyd_-Bhyvi)5oyo<AUzZn)dgpq<0y{z0BnwzN{mWs
z@Xo72BJG_6e&cJQ((Z*6_lINZ5*Q+i1CZ%~r$5T^N;PTB^Umb3W%q*VR-Nlk)uv}-
zP%8z9*3x_J3Tv>xHl671(S-B5HcFlTM%t8h`9fv=V4tp}5L=lR=js%~j`<C2-hpc?
zzUvb;I-Ub7$4Jf3dfkkM)y8l{xxswz)fllq5b!guyhv6}Erdh6Z#So|yu#LQUbaWm
zV+W<@mQvge13GdS%8QK)ZGYhySQIGT2yGl^k#=ycR@B!PGo2drDW_kgy9X~SR!h$_
zLhVpQvfOaaD;l9uyhz15P{q8(1%Rf-RU6wSmY)A3*dtLgRW%rJHraswNNb%b>_}bX
z+=kFU(W}^kb-KLxvhgYX!Cu2c$mrg062*yIpZr;+oz)!s=r^QheJ@x4Qvs;@CB<ZP
zzlE@b5jQL+RCQH)E`Fs%z;<iJ7xOLN%(e{s<tQqo|DoQuz}Nc)0HMlb^ulg$;r*^#
z5)-aGpD?yOM4O+QCKNr6o0y|sf~bqsEiS?uP%{CeuZb6pRG3wv5vrW0%LA2Gmg{++
zMDxB)LUq!qgORT1!1|xhB<0(<tuUUS1Yw@tWxB6Pp;bA917)7A<F#5ZCXjiM)*m=f
zJseE&SHqG&xDZT%lGbqFG?4SY<OQ3Cs1twM)Jj3Pt)#m)!*7%`448;~fv$aI89hzM
z!yPN5Tt6Ma_{Y^J41JS1Q(-OS#WWq8;=^QR?&V}ZMxn+aYxX#eO&<|(@vN!u_)##^
zgS!)6zJrbMw-Adl#TNVZaa`RM#6zTG*T+L;>X?)aUcAEruPZe+4&dYv0<2#v)h!zR
zG{?UoeunKYlfkqMXBRMZxC^k&lI^7wD~v(1fTqzTxGsoK#E7Q<wb7WNP5EgllI*Sk
znZ36)H;u!QMIs;TfT+jH3fGnfF1E`Ge;}{argkJsL?gG)A9Ut>t;e$;HwtA@pYU67
z?7MP_MuiF}Fp@sODZkL$z#&A3vo0L6AJMc1#yxwoJYhRvq`oW*df=oZLubQYAdr(1
z7bQ|T0#Z1gZY`@Dull`_5fdx_K}0Vy;#z}zux{0$eWe8vYJP#SnBj2rVzj!=H!#Ra
z988kZ$rX)2xBE`iZTS06%!?p}?Vo!&Mx01g%GZW-U=;}=fbbXlZFZ2b9mMWxRj%V=
z^81R5gdm+o=pSOjmJ%~Yr`*Kvt~39WNzkZ_uK9}xyJoGT4-u9{Fft;u$8o~q8L0pI
zziDO7HE%6^Cc%D)ER_6pOCu0M+9Sdf=p>Q?hBR&i9Io#F0L!qfoZGl)q={4n9l-x3
zmOE0GJsC+4!+y7{g9xltL;k0fAj7)gZlWVE?={0k!@elwQ5<b8KmRu36+QTdfvo(;
z<?22Qv{i_6@8LGoLUE=6aq@qc3v^5@EW^Us@P?HibBo|1!u<JI3i9=>9X%gL+))p9
zKkW^I`PWnK*f9J6-NDm1Xxl)p+czrghWtp<gOz#6ANg6@`s-(_<7e&Wm0=Nx&4E?w
zcA->|R6n-xqD3f57uFw55#>k6KWa5L@F0x-26JOK=|$QJO>NO5vW+dSGS_|{h)p&@
zKi*FCKz65ywh-KT)nXlTbdjDq7*u4|P~GbIz?|0Nq`uYwT)BC^*TZTN3k_iln4zVO
zCh>#b*9wupUrslhq&e)Ft(SE;ss@t&6oH$4H?whiQQuY^1oyPV`nM=e<2SeQ$^QdC
zp`A7&HBaq_=l|3q*5n5$auDNCt?vqnhzZ#R^-lE2HBt*pa=JZAFK0etkXwWqpu=(5
z;2-UYrUB^2s}M!ksttB#>`iuAb%0<^Qk#ac#z_sr{Cc8L-g4}m7&B1E9G({RdgDC6
ziyiVp;T13n25xyfVT&po6AnVJWHcmfEiq%?HYB*yU!_#$yI6a`l%uTwWR(93a@Cjl
zwbBkpp<H|l_oCBiQ{oo87(Fhkt8MleQ<54I0GLsf9<A!#(gnRKPevYcK9@d-p1h;j
z?;)OOIIb56#t{VO=sci0oRX%pYbocQt8>PpqAt$}3ed_LTT9XY7dm%L=WGQx2jPto
zS6od~-Ysy;!JF~+p&NX{_={{FOwXUf-t}vN^2}EK-U@deYd@IryliJx;U}brQ{z2=
z@dO!tB7UB*?I&BE!d8f0ZE<$!eogy}kKSHF@-~oB8$NAZRy(~m(E`>6M+Gk-hGUma
zI$>fA&Y{A82kC3TPd+xqr{z#0{u!@7&oi-aoY791j?<JqH4u!bs#=vL(F!F&Hif6K
z8*dYGpq;<6Q1`Q)?9>TPwsR%j&gB5`rwJZqD0*dOPgM9d*eTyojoPQua0P;8R`5?D
zBVpv$Em=gHtey79vUPsA;&A(_>mMd;oKw@gGVl)6{et`Zo*rKv9Xl#%hXwnWuTDd9
zZ16c(srZXX=iL;28yDXVLfhX^TT-#Sf8XNk%!1lMx`n?NG6?@SQ{kAyI}Ic{DoZii
zu5F2rs!<eNLwyM`|6iwKJM4ct75{&x!bZuunR1Qeq`)e2m-PFLML*<VMj{W=f7b52
z@z;N_7UYBY>?tR&h$rWR{DTaG#m}d)LUd-JTsl_$GStCxesax1tF19DTuuP6Enk@m
z$KUv2S~k(<!-+K>bu7L-W88!0GOyf_M!57mP*?pww=s4ib^DJ`PMac4p785q>hQGZ
zC38Z)a}6^a5R9#i&7D`;EPVrY?@>5>HB4P<de4%&&-!;bAj8yzED)@cPuoc=VXCm!
z&0fS{i%e~kS{JcYfV00kfcpgO=?vj{rg-RqP>!()(6A-c8SQ6|T4l{**^(BixbOG0
zQMY-N^dM?a)t&zw42fCufRXcTy;oSB!#!EuX{_hXTK3P{R5@7GX&~D9;b!-_HMZ(H
z(IYx}={h{{X>qB)v^E$oF>}ARnd;W9VsUwVS8Mr<Mm<xRQ@7BV=(-9t)ts4nzTBk>
zQ&7|>pdyH@ey0|^bTZiGUwKvrk@kb2Rq3QSHaqVqF+rojh!D=VExQr>;Ev+yLuCoH
z4=r?|QduWLoP5|k>)>1ABfLPKdWdm-aDTOjK4J~?9`>sd+cBj+yW<NnuV@-|$qoJm
z+=$r;;kg^g<Lp|iA3_5&AaULj#}p)@(>%TGj%bNBpWk_Z(XWo&NxWtu#2s_Y;2n&_
z^>2n|!4YyNDX6&d_C~!W-Sm;+M~yL<2NG6aB5iicPnt7(c6EM(Tff?zslvDOeR0`6
zn)Q0Ef1HXwcILPZsB5zGEZm5^+x#pN%3ygAi}mK0wNU9kzw-hHZO%<{-iQbPde&Gx
z5SO5aPvM61`CLEK8)*KCXg~HKuqTTmAx<8R9B0xW!b~<G;8}zB>F-`~LopN%;Q>9T
zzAB=p?64JWLoiJEJKBWdso#UC#hs4_bB!uN#N7REif1AzyR54-Hs?&DS25;G0?X5D
zEWM+jW%Q(#Q!NW%8eE1l^yF7`_$nlr`qE7X<ib8k^WS|^WPjY=W8=TQ`-hT?*u^uH
zcXf8OAPOK~52^AewhEVSdOXY@_e3W0qhnn9gcS}WQ)l~1`O;ZB%kt+U%A`G!!Ws;4
zL}N(qAi_`XBvCTtv$AdsXAAM;6PzO<#l$|`Xo5|pea-=>pSn62@8=U1%=JW32-?%f
zu@2oZ0I&1=ii|w^j-#!;w1D8^_14>&#Sw+z=8nFBt!B;Gz?gR`^8QMB<I|N`HQ(yJ
zgRtI*GnWN%z}vu7Qh2F;dT#?fBGwt~5gl5}VI>$*j$c_z%gWj$QT8+Y4K<?2+HGBS
z`|ounPXMq}tMds&JxqU-GjNK@36bI7MBNi0cE!Tg96@+}Tf=f%#JqIl;&wD2iL?BN
z`11>O?;Nz?zoqW=fLl~DBab_!@fvB`m17CLn!0#4={WpL94Hp!>}0f5L5QccH{?N?
zg3e$Dj+k}5)Yhdnik1b!{i=D`C?CfsNmULr<PJ!pF^$<1Lf(KyoDPbb&{6zND8RKN
zk%$MG@~}v*!3t0<sxMIk6|mR{M9w>YusjB@=E)>A=Yeh<{JeD3r(3fj5Iykm-S`@V
zsfqm9bndkrU~VNX|H-rlRE=tr{HhBaUi!Jmgj6TL1v}A5O-q%eE1{{nnJt>81Jgp)
zrUJ-S4LkUC3JH3E@wL%Sfxh^%c&n_>ZAPJPgj}bx_Z}`YSOsx|Fqi~QfqI)rx`SUo
zNV?a(p5t#jJ-Jy1H6hL}!Wah4%){j7Do#XQ4LI0Nz~qA4;`Y04LhmwWY|$T7iq^q7
z8M^jPfNeSIojLq)HPy-eL<Apk{<)etbq{P920pI`Oragz;?ew>IONhAOP{hKWi%F?
z+WwdL+|IE@m_9YOyB___PkbnsHWgX8+4B6hhNj&`<gmc{26ccn@kimZZha}<I$arK
z8a9fmbLhFV(}i$J369U8m3V9Sb!1)SP;b*ej1rCdV>xt3-d0|G6&^gzQHv*|sTT;c
zb<pdUZs(LeKy{dYb<BLMIC?+cxcIp02(*maxFqi2Tj%2!e82A~R5|PmsdJH7pwVfk
zq-qQ<3(e*)QZcPdWYr@xs}v#P&74tI3r|SjDd9lm@1y`@Q=DH?UP$+&JR;3RjAP=p
zOA*tD2ihiJ83wzyl-X)N^TY0jkpY3uba#{RI39%=%uQS0pdSQ^Val^LG(2DgN`1pz
zh~v}9qa`W*956wQh=t?{dNWTuMP-fYiN76ulbLh6v-adVbGwZ!IB%Xw(S(avNydu%
z53F;;OhZgq(S_uzGrRl#VwU}osdi~mgU8Pd=^@ZpkO`v#CEOOCwA<RIAqB4E%j3-2
zF{DSRU}i~r15k2`PLvGK!8pPx-yuXDA=cIXnH&a-aHVDst<a>pQP_f?_C#S|4q(Kx
zz53DkQ^)b9F5~bFL&mY7t^Gw{hyV>5f-=mdF}?$-)g-7KG|GBPsFEY=Acl+8+Jek{
z^l&KWD7^*r=)8*67gaQI1OUtkl^iui`iT@TelH>p#p46#!ZCp1V2C3Kk8fwz0%f}5
zEQI<;!9y;dlxOr^Fjt1nR=4cbjaoruNjvy}X?=R5s|y@0L!Z*_%*~56Tj~|1gBp_x
zT5A$KG3~C&?Z%pJEiB83Uk||$2V^dI#vI2YjYH=Yw;|lsr@tbt0x+#8*c|vE#=*yj
zLl<G{Kg9t`*b}QTu%eg~U?-r7@3pcDp&pOUKgUSkiSIs?l{`}0L#klPw$y(_rxQ9)
z{>{TudK%*8HrP+h2Ah+r6kl;VY6}HH6;kK7I(VCR1nw$JNY-3ZVpgK0+MC=NI(nq-
ziBbt%>HPpjJ$$e>4G_@c&DNsK_?dR4XbW~4)Zaj!eG3)PF1QH>3p;>xEq34~uIc7y
zv}!Nx{M!d)UjW#luDF`wh>$*WJOfLhpukcB_mtR*$oE9ZOzkqhT?vEYL{p)y?WKqg
z>rp<XFGbv)fW+(!<x=V=&Om?wUT60Yia}IXOOrZsnEkQJ08Z3n8^PQVCw5uWT%}yF
zP_;Bk3{}kt9k*9p?C)^pt+<Da1y|UKriZ1_$x_usHK65iLOKV9%a14vjcziIcVc%p
zxouLi9)VHdzP;SP<ju1nXK+B7cz3aQWFur{G+L5agxb;20$b?~tujx@gc31JwWS+p
zYo{ot2}*kpfUa-Zbk%hI1ejOW=)M#bmX_g9N22DaBykX=&nUyuD*IC8Xw&w+-_G90
zOd7UTTwZgUBE&1?^|i`KvPPVE65|*Ck$NN#ldt3wDYD=VIYVJo_&s7Ok0D^UK|08$
z7pmJLqfnUOp-_FeDJW~NL<V^>LzKyvvxzfF*f~(?05M{M*J(y>I+T0>t0;EgAw!OQ
z1Dm*N(Q3i_KMjJw@Q(?UQSb*Wa_2GkWpZ$*nY-tgNW>V(dNEZ?e;m7B&5<l8E35Un
z4jIhA5f(A01kZj_;$t4N?Tgb{)a^X*0A|=;`E+9nLO+Ph3d<`4UGhtCWT{Jf8RH<{
z3?9*WfLscRPA4FYB&xIOno?3tPvh+4)X)dX#J<eq7yV$Zlu|}uxv=bVKdQs~wVpj|
zob?TOMlMO-9Kjiq;`F25dY*|ykvh+rMttNyT5XAOrQvd#m+A--q)67>5MWAP7gqh#
zdnb=P-}p&hlVPA&ZYzNrH})B~{s{eOQ<$I_STM{dV6$F9pN9FZ0h96V2nPp^Seir)
zvZJ0U#7oNJRmuzclCZuoxB~=(K5cx%#_zl2+G_eSY1INdK2aWp%|YI-wAQ~%qOMw0
z-N>E^)N$)@7;@K*1A(+kH>Al>3$M~g;VCpeD-@h8rQNqXkQf}AKzf(?PsQCW;`h%3
zAojxn`AO_2+e?(>7qELI0Fmm502FYL@TmF2ddocJcfTsm&_PROLSQ+}b|<+$Ah!_E
zWq!RP;j4sl&k?5tbBU4Ypnt>G*jmbU`rm6|HG~`(Ms_q)rFqME)nu)38*}}olx4Nw
zuwGq|Z*kl)I?A5yMh}j6ro9UoPiGPYIC|Ap<?G_4Cg{}!U>RFC#q}Xx`cmHxL9@<D
ztUU|<1a63d_ox)YzSY@A<<in4PCrcw!$#7ErVK7j{y7T~33gfYqdJpyiBlA(b)<E(
zwS8!m6XsF+3thm(mPV7Ed!EE9YdYuYXEqn$<EuBS!y$EhBA(4QE@I(Ivlprd%u(l*
zoYv7r<~92pqcR}TJV^3vSxaW6>+@vdv=fTnZ70F-DVZ<k*yH~Fxjf0_f?>(8_JH+4
z<j_$Q&HYX_^P4+D-eqese5J-26p|@Ij8Ed5x^||`n4sKN1gxy~Xu3tF$0kdqV|tvd
z2XTpn@_sgi8t+R7ew%>d8N0F#P>p-M9V?;)A@QC4Q@rKC7$I4|gO*CMxr1Jy`swkh
z(k*7%n2RW}HXadI3dxZAJsMm@b_Qb~9aMF3GKa9*j0lo6KnZpymfbHa*`+vsiCmBN
zFxsjN9W%PxOGI=^M65<4j2h8qI+m0Gz2CU%AY}IQC2+=G9hd9_-f++vz?4X$OiZgr
z_V=EkgyJdKvU?qJx?@%zhc5#V1Z(t#sF==RD8aT!rjHMyC5sx#?M&0{4QY>Wd2+Ut
zpWz`2?K(%I+w=#DV>maHr)5WN-X(kAHI?%!!emYz_0&ODu{P;?v`gkSIO86I8z>l>
z0nIp=4@z-=adDakKE+FbUwDCQ6|wLu3|T#+3#XvZGK?K5*YTP*UvoJV9hw;*Z7T`(
z$97wVqFdX<Nh38<6T#K+`0?xVtKvrQT0gd@Rne<iEJ@saa^GlcfKOt6bc>w{nG@T*
z1%C0*Fo|KYU)Mo|62%DA{2JIWipygeMAz=|psHo3)69VKzv=?4aGvrHe%*?36pUa@
z91SCfef=tl43d=OPfK+2x1(g~2s`^aA?z@Q(n52eRORmyn|7xgrXfzJ^obr*x?PO4
z!khmjM#$b$M%y<!@|l>IwaF<BLVb04+x=R`eTHB8(RB^NFvwK4>59xs6l_Hr)6ENQ
z;=p1XgF!Cdo9%$i-_;=pa_d!UgkA2PA7EsE&>uAK>@sV*V9e8#-ji8Y56`gklIXBf
z#u-;d>w`}t8^9)4>4nnE=kRmPU$UcOI!P!*eSh>vCVdY>C<Vuc>sc7i#WQIP^c7kX
zi>|piFfaSopREUnDdr8@p-cRPv|zif!*KkMUFfVt@Q@j}x^x0ip1V*cwFM8lCd;26
ziiz!A%%droSX^0-szegqet#lKeYC-|O?km;@}z#)2;)a%MX`*nW`Jk+&&&N2FL|j&
zD&*8=k*3h;boy3b*|qn=W~Cw7{q~MA)L)Tqv1rtDh42+NNk<AeT|h#TEZFL%po+4Z
zYET(?E0hFgK(png5u{)g1%z;^c#NT)9fg@>rjOkoVhxC#&hFeSNakH%vQuB7y$C@U
z79n%YqeCs)h7K**P90iWymf*I-FeEpWdQZF5)W|KV!jT9?u{}iHAWaY&F|rj>-1i>
zu5rYc%+3I*)8et4VrbyKo6^j&{j>nlS+;aR#2p|OoLu6gwKAG(s?3#RTR69UaLee-
z>)qPv|FAVe#J>_qO?|Zok&|^rogL6?&O}r=?)&YOz|MOh1UC9wyjbe~n0M%Gii7GV
z7=cJb2BUan`(Mv-_4F0C&>io4j1g$u2s%5<_Vs6ma~vj3WSI@Oo!r=ldXwSU=GRH<
z4FOB5Hfz|d35_YkyHFhWPe-uEBSgzW=5eiTHYgV=-1}2Js2HfoF>X-MI&=!}y$<sH
zXpZq|$txiUM{c)Vlf+RG^)W+*9kC<IYK=G$f||{I#n@F<Oli{V);^RtIt%pV=)W6g
zJkAcQo^l@apC7Q<J_o)4JPTGN+|*FGGQfNak)f^>D&R#G-*&|-%%9-IN(f%0@N1Z)
z>QOs5xS35%r6POBVPrAz@N^`y*)BX-L%YSSqJPzHiE05AH%f8=x2zhCdINCmCc}*X
zT|8SfR_FdW(k|T`*{x^e#V6GtpvsxzjQdW<^EahSgNBT<5h`|UPBnJS(8)?C1^DH~
z5+;)?Z$}JVL42^w3hroQph%77@j8rzTM!Y%FR33KO<E6GFblbFTVXvULP|U_T>oBH
zVC;|>xPnu))`7g`kF16-#UU;pJ76GXzp9CPC{*mKtJyC5+|)h~LKk{lp6E{U2xyi!
z8e4>W9VE&6Ip*aP#bVNnqjDi51mp}i1%G%j`}LH3Sc-!u$e$~Rth|yD{5fo>A^WLn
z`d5gadDJe;<cS@>%dd3*eLklL!xc63r!P1O-Cj>HVlBE+P3P9f8@}@MgP<gjX*W3p
zhPzZdJKl_+qIUtpncf{5=<A!z5P6~V?6XfpVre&K8#tW0gI{-oc_;o{Byc!>eY~1f
z3xVKXk)75I`e2c+d7ETU*jVVTEcA?0LawUSHQ;-bFv$F#M#;xvdK}g7tzpFxUL#ex
zv-bmexuH2Hb^kKhl0JVC%4uJ{M<mXxsDvVo)Gfkf-zDL?LDt3z;m;xm=y9uV&d#AX
zF=VHlDAh^2ew+t*x84kW5CF?KoplN&er3E}ZbM}IowYMxwJFQ+uL*OOxr~b)*IEG9
zCP*Zg(-Ove3VUiq7lNx5m-wwVzIkx)Zc}>Ape#e`W!vxSP$H`k`TK$z{TgdivpGu{
zE8|_Q=1zn}8Fo6G#Y9MQ?gIN$m=Vq?3lv(bI9&I5=`b*uYpGtbNPwJJLWK7k9tMJ3
zDgw8$2HJMVa3_d`gXam>46)$@6YpJt+B84{j=|9c??XiDM}Z<Fl_C=x#(6w4R5^1c
zL{E7H8OHD>xf5ks*e_$vhv8*p*wzfR{fQ#<6p3&B{efwkGbzljmS7Fc$2dK~KZVrX
zH1F_>a;6GErjj53xB~k;`wc4gg}321$9|{r;2zNWS$>KXT#V4DMQl=_<>`emv%M_g
zXER1w-tSBql4G!zx_R#TXs%+ot|pcDztsFW?QRrbHZ}%=Bsffq77(KJwME`ezT-_5
z*N<WUrTVqovD>l9Itih@(^k0vF(z-iji$@tysN#$@>}EfaUSUC<U+49@%<xh6xBJt
zo|=AJtEz7uac*wT_8y!#i=#33j1d#7yBFT#)eoU_mt_BBRChdT>a3E{*Aq18%a)Dn
zp=BA?xugQ$&MfTpS%j3Ez*$YAZ<CXr;FsNH!)StCgL08Wrk-;B#!;AE9;{EYjs~ug
z*u)S*<*+Iaw*bJ>2TvGUW#|)A1#E>6<HajO%>I!v>;uda7D`XaCZKS*<LU>6Q$Y7(
z%^bUW*79$9GyTqqs(ZI9`1-Jr2SgmNj|x1?4Bx8lOQl-ogiF9-;9el@Yy$s+yRr5u
z_JC?O-$dauF?xJdpX-F?rx?In&)3f8Ym!yXeoMJW@&$quYF%0ttpYHi0}L*fT`?F!
zI)z6W5R?UB>Y)~LmR6(221UowahvpGz7cWHC30f?j7%)~QvE`)V|HWXMPW5isU?DL
zgvBs1petmkY(nTWT8-z$3(rEiWEk{j?Nh&ViIdqNT+uLcaJvx?>qbx4v1n!Mwk_7H
z?r%e(VFI&3>AwfXAA~|As0L^|DL8S5_PkA*kX^>IRaGD2!z<^by_(ai91D+R{?_8A
zu3x51zwU+wSqAmNe<XP)(U#7`^5c*lrBMs^9rZqnKV>*E)%q7~+xu;7bwB!5R!oah
znO}par(<2@7A)CKq3mw5=959AQ{-I}27I_UGytE6YtM^|Lrs0%KKMj0UKdWEeejLf
z<(?{R&UyFsAI+^s-nRG0F6VPL39d`h<NIm_zC^DlC)N|GiSbBsN(p0{+_|%a<7IS=
zKgL=lJT}BT@q7JRv1!m67K?%(KT6$*UdI&RZlcwEN_yi`EK?)`PxvzJRGIQ-wGL>A
z5CBY}9+Z)ZCdoxmm=QPYIt6Q}IR;Vs?|&fMX!mh_-w&!eyaX65P`w4~e!_4o+Sa3&
zUs+bmAoBYaxCKhx{!#A_vnzeve^--ygMvAzQTkIocH0xK<esuml1iINML{82IzF34
z^cmzmsDfl;Q9b&J@p}T=zIyaepeqzFcp32TbLFAy53;7bw$*`g{7SsyC@u}jkR@J(
zno-;=$Cdrvw=v#p?LFMLaY2aObOrw5f`}}Yy)+Ye{0g)UcAl0dnWsdQ<?49-B0E;k
zKgFdpS6KdCJx^mwZ;~cVeE))-|IUjM2i$ckd?wxR@)l2NxA|5iUj%n!)Bb~cdpQTD
zH}Df4Z7-3u`5pTNnuGZI1zo-Dq#@DnFXFfYnZ*JiFXDpxHgmX(MwI2os~7t5zKPX4
zoV1g|OIq?K>)3^HNxJYm_Q0fsQl&;2J<BXC!ldjvu#f$W@gIPqa@zdo4U(*)8UuP`
zNR@zR>yL`M;m1bgd7>QHt&`Q*icAOWx+dX-nPp6h&QQrUu%>$$q}2)9jPT1HrNIi@
zp^|!htA(ZVRQ7byvG*(IHVZQgU$K{eu@3erL4_^WF=l{B|4}H*(>kQ}Sf$)cgEquE
z{Jm$^v=am$zapqfIAvHQWkmzl{1zOtl}S(@D@u9H`&>+IVn^~!T5q1Iju#YYb$96P
z=k9X!Rcp1~NbrdjaxX@-X^8{13RIaS7b@bp8WOyYld@RGUV)5k$ucf{C6%*BIm&31
zl`3}?raMIoyTMO5*2+R2SR<htd>KG7V(0V1WRkb~%lym|nJTkd)ST3SLQ!N?PfQx$
z%U4=eA1yI&5|%3fsvzL;wJ!i5h#FSFbVHtJm}k~yhQyoVGtLyZjAy~gyDxDOm>a~7
zKMlbvC(ep?1964Nea#Fjbj`C?J~}$~O$E;*Zpey`je*^M<!Dea4MP!~cNZPy*%Wb<
zO7L9+jYoa!ZQzCn_ld)m^(4KuzZMz<Mle0nL_4d-vnl-AdM7+Hy3`z~zzNs^jS`Ur
zn~{#*VIN@T84*QR=<%k~<hXPVfA>TFA;Q^~rVcYTeQ9|N%PX!M4wBds&@D{k?bj+_
z2F@B1l5HDRYWShjhwD-KsHE2G%aK9eOc-Lxfco14;gwpxDW8h%6Twt>K?{+Gzjlm?
z)tIB10d=A|#kEd#9E1|+Cp0`;xf!8is{S{v&NOze7RaoZRfl;=o1KMbIabKtrR)~?
zjTVLNU=wM>v$%?-?#<QE!PVpPfqmTPp8L)AMlk>Gb*#!w935ku-y@pp9^X13(04n`
zS_@7QjU~e&XM5`^4?j`Z9Ro&jHm$m=@YaWe+_*JDdZ!Ur8I1<;BU7}`8(nc<z$kBK
z*M3u8y&t(L9VM-Q*J_>jEEM=dJ<Vjte(+Lf4S9yo&9-^mF<GT-!r(pbI&<Fc<mF`h
zFD|k$2tQhTaVa8@33ti>uVce+?dLotRY$j@F8c*r-A{p*VyXpurWYc8j&SoZ{MWXR
z6FI1Q*c=6uQ-2h|WpPh-8ZlhYMiOd^o0loCQe)uT_vRJ@`_#6NN@uW}&|gY|?^xc~
zC0mADqWl!`^QC1G&h`Vc5r0n}TK|$ZTM;C(z#eG-e)Eh!)XXTr%^5Q)XpxOiRmz+*
zRPwSS?J8_wIvsl+>qHXXc(h|MJ}}$c;RuRD0R{b$Si-6RP^+q&Mu`Mi6L@+KOK;#|
z7=N!0PBzUA3Lu2asd`)#5-mnCIe1iV1lfYm2LaQnjSt7sk%96E057Hv49YA0Mnmo^
zg^2<exUK*RVa6EN7DW+GtSGCy=^~Rv5Ei*k_6xleO`B~;`NLvs(lu-pJ$XOlC@hGH
z?HpmVBED@G@bXT5BzOXBIv9|Z`SC}u>(*(t)sWS&yDud0M96YDU_vgE+^tBqU-I$A
zX2JB_Q4@oLyft&4*`K8^YV$v-<8ej<EZHbw`hjtCj`<I$)y_L`M{k*(<;PlMf9IW8
zKZD;v)vqs30xO8bf{?RFU@(F5Z*mE-iPI3!QgMsGgM0fUD;Ox|&JYU=ovY{$se=t(
zF8fw_b`&$+>a7(V7u6Vigk&%FKzIgQ9Z|y>#7d#WDB+aSJoUZ3+NaE4O};t~={G`=
zRUf4sSO!AY8&XPRvd!T^NHTv;Qz4~CRd+_4HQL_mk9l;h7u307rjKW8!~r3*0+Nvi
zQq@#IK={(sM=W_e9+Qb>?f0lj30ryDswA0`=>nV|LtoBjQ8Md@dRT<+yv*2Bg8C2(
zoPp^8qq`01fF(Rxg{OT%%$_mYZjgK){Z+<pwLOyg8@Rl0)GhvqBtP5`HP%3Y7@k-<
zO^2Or1?#yX75MCpV1uGWalpyRi%4XL=mr&lnO@R2dO@}5KZbXnJ`#F^?V48mKzE(=
zNFi0+sz5F-+kr)5FUc&e#m&oM$<5(BGvvbB$4T;Zx<kD^g@8h*SBMm2t@?!LA)acm
z4;5i|rW`vjJdTeke8B9Swk5wFzm1eE+@LX_ZBr%R%(^YLOKOZj7d9`-T>p>WJe3}3
zUxEg+OOD%Q{21Sal)LZ9*p>+FJ?kHSq4!Zv9yG{^w)VSSf*;A`ru!0+3z4UCS9MN)
zp?$<|3Nn@;kDU;>y|im;wgGc3A79gjZIq3@68E6Stl5-H(JbypSs-WMfI5}G8MCvc
zrs>}EcyTI4&XVv#Cg#>j6<pkqFAwnB%t$+vP5zo6nkFfL{0dzCMS1iv%5mafwr=t%
zB3F>@!4FJ`_$ETRrIz|~F_yKTDIWc(#2~iLxBKogKLGwqI7^@T{MsXL=yShV1$v<h
z$KUXf@nLPS{bEduHAWMIm?W<-vOZOq+)#M3=jpNFH03fL6tX1|0cLpJOAo->1flT5
zcMAdHMdD21mZM%XQDas`@|1oEczF2mOvJ&qQ>Qbk`U;Ty@1a!}iiHxM^uBioa&s4|
zRid>z8?_`1Pry>tvZ~f^-9}G5-(PFrB4?H>xPpcSk|^m^IW^M)U1N|RV-51Rudlxc
zvRVs<K<H=0K5@kigQ7|(D-!^Qan-K%p4)R=zH~l@6rGp}SdhAr$*QR8_}>cYb;iKb
z@uO7~mRdd3;~Qt<C`DS#x5p=uLc&7wU20eLmVWdmjNLczfVUu!jd|ZngN|5xZeFmJ
zDbwSbP}+)a&R|3Mm|P#)yxc?lJ!frRajVFi{^QM|K>7-1SgG<_w^a)S;&vjES<;zJ
z^!ho|;mrkfo%(C2%)~si?UgS$|00h>qE6|vfbC6htu^Cm@@%FwZxcpriemP3CiOpM
zly5HD(Ij^HHZ|>F3D%mB){v+jkQK>*f`wr!-_X2m4-dhZ$!+awq^NQj0U`28R-~C<
z=B0&#fsd#qbNC{|Byj{#QQ^W<F`G#x-M14Kto;#Gz^Xf0%l<v7@4Elivx=Z8^F%eL
zAMnQMTIMy+&oKCx3Sud>6|=#dTw}I<#W^+4v)E%&<K4yL^NP!|z576u^XB}zE<vD%
zlW!LV57;h<uRVuIeXEQ-get`1<PYQj9qMg2Ck<BEzd7-z!LJCASK%xMg%Eo4c6DVF
z=L2WK5g`#xG5Qyyp4_t}8s}`{9eLVlDQ7#D{uKZ9lEOlmXQXcGANtGTyB3nO{grr;
z4Y_Yj+6T!{Z8Z90$Ja$^**1-7)FX1~gfHIsgu9xM{_Nf7RyACfS-AMKUsh#F$?2QU
z5|7jwP8d>?xLF@?KAY12jSX?IjNE!5$(ojqsU&IiZ(|hRFu3k|T1eHgbmXsR<MU(q
zyTB(PWz^JQ*j4SA_u2xhc3Jyeo}8x6z02iI^HwXaz09Z74y)7f-17c(Kv{ANMu>c<
zpFH5(pAmRrx{STwb55R@{Eo2OBAye@FoZACdf%~;MPZ(SYy62sT10NXifm2-2^+F{
zjRo3J*=<FR%QxSSRa_GxX%k1TXxLq9+tRL?Hme#(c3zqJ$|Qf;V3fum1GVog+rK=8
z2|qAhE%B(XC~?Avz%LUb;iC}vnTbkvYd&k{F8fWv<QUL7UcQWB-8I4)DK(Y1$GQ8N
zhmpP1+xtEM5c2Y@zrEb8)2u36<KtQ3@ojnDzS-w`-QAtK1uot^uM5xIMM;)Vxu3Z7
zuO(WoD{ZTE1%BQlowoN~?w^>-2Tck1K)TG4<3$!6hvU2SFq56gdh7+2mkED2|7Bxi
z15f6QelnXkcbRpb<vdR(IFg}P1xABuX&zYL`TPb9fJwK9LxrmctZu9uKv;V@=?3f&
zcf!ryV#CMpC{R#*pjMCwc-1t(P;cycHY9!_dfAscq$1<#3@f?6{$aJ*wY9%;<@Ab&
z&Ug52=|^uYJ^0|Bwlm6oRSYiRB;J-Hi=VkY7tG%1@wv-`N(y$wdmMTQ%%~hch8kqI
znqC2&y$DRVNK1ZADrb+_urVU`UQWuWzuvKVIHBla%R*Pwb9)h2pAv1_m;R?WiI?KO
zyz!Wt8{?|j_bYTaV%*Xq=(wdKetNu-V8o$JBYm~Z+%q%^{Srdyv=9Xww>5j`V9sH?
zksPAXJXuBVqSKFUeSLvr(bSV`%Svc0pM}8E6IxX{?%Z`+KLV)O`6SCz`ktmd2{RK`
zoxN3BKZjPZ_P9Mys9K(VyznUb&CW5m<4{M?Id<DWCRS8YIo2_KzUTdp?_jy?3KTu%
zvZ||o>1AI@&5NFW(3#021_)F+wsFxz>BccWC33yA!*^LVs`MwRm-NApTn>4Adr_c6
zBt!XNM|iaR+iZ;JocW8rL-%hGwd;LO@IMv(+T0d?oT37cLuEuxF4@5&k#cBU!y$@H
zI9PwRj@ihFZF9M$betGTTbe&}i}C0X^AM;9XkpT*vpmccBHo?82Jva8)C1+roz$&x
zSRQOE7o(jA4FO@X55~&5Dn$$?W-}mIaF%7dO8R;C>}HljhHTMLH}h$PgYX+u_E&^v
z_Rj1>fZz9SNM%tEAJVy=YBDUsLt}PkJBhyd>ZgLZvf)?hQ6a3ojDq(hkyEhbFAYz6
zijlF-&R`mJy)j*^(h(rN4Tic-v#8=LBb_y5;^1l?iz71&qmP<WNfz+@$p&Ol&8cI|
zrhQ6D9}hbaBs5zBQD5i)O1i`d!Sizs+U|5AyMU1WeY-VNl#ITi@7FE`86q8%bqq2w
zqa-NG4zy<h<G8Y7vHeFKX7i89M`^2AFHzoQ^H-gvOy5S^$&CZNr)pG)=vPDS#h~t6
znU%$VaL`hz1(dG%y_|E+r~yi)WXPr=7X1&57Rp7&5n|$EscNdaO9Zzge=Ne)AqJf*
zqi{(PQH2z*!T{Kmt)QqmKL@UK<#d<<5ijpxiTN?M!m^*^9ye$~xQ3)Aco288Oh6U|
zMNa-)M_@;feU%pn&pN$TNUoq&U@s2X(CO(#snSu+Efh4Z@c{*WJz(tYGm*-W1Xp0`
zqaId<GqT1+28%@qeytf_c|hx^KN9)J`-$EKzw0-d?lWWgG{=KmGTEPzcQLeBR1H72
ztaLx~_(u$-xJ|9Uu<<q@f<lsn#<IWv>EhA`RZtMwgwHV#>&5j9I|VQEJ12uMaHCgj
z2&Ny4rIKH4KqV+plK~WybHU$^c!Ey<!a0FEyc-DKelqB-`@W1WEln3Q$UvSu;*_Wu
z$j`f1y?AJA4adFi%m&mFVDOaB+U(o3XcN?xmLI4N_c(H6LB}Mw(!#m*rxW5!MO`+3
zw`Rfz#p@gxX`$g&Ll)Um9<HIB-d08$IQ@d?eIw)I&#^?TLV!5L<?Kz2CIr{MwSSn8
zf8kBm&m7&}aa!-oi@f(=aYLQ{8B#Fn)#4KvdsEYc(#uryVFII--LMa0Mq>l<Ysjtk
zJiZq_Jld^)Ghe(vN_lK=-pnVmxF66%Zf`Vi#^c=XG4w_X+q#R`={fF>%uNh8*MsNg
zwR|+oZu;h2bAXNE^7l%6>-I81W4eru3<=$X90h6qL9)nDS>W&u^i2vk0oTQcAkR<q
zIX>=GhCJiuQ*^&se6ZKj<Eax9y$W%c+2UZLMtk<g8boXGB?J6vkf9oC=loB#`Quts
z|H0MeG@cE9(I1IMn8M%ci}K|y%WS#?hZ>c2-==xt&jC%(jfUzuYY$n@^NJXVn5>+>
zLya;x>s%_SP`A;VFuxRSd1d2f%A{pxU)!b`SNLb+iep=}9jKrw2W|0ZEKi3PC-#LW
zto{_)hUEZ-V(Yg`S@yr6KU5_R=V^zyv=-oQ>a5?Jv6RW{%eVd|X6WHv#i;Gy@VFH+
z9qxL=CIc-zFWKc2I@d?g11;%0mHU~tCA_+dESr&Vhsl0k+;G>wNbIStFFdR4;VPHX
zRVwf{Gs-I{;bVWmd5I97<UvNZ%>n2mGcz9-uz02U^o;=}o7S}BUATx#5x3a$4xHX8
z3yumXa>p%rVRj00oZk&aml#2s!GCGuZ!_KNp8_m@I5*Ie26^rB1x3LBG;u7RA9dg@
z^G-Y(#8zOv{QR9KCev1)VU+DTP`aobxzN3IQuFA!-ngJh8ZSY(pJ7unmhiVDaPe$&
zTEUC2R-!@By6^X@_F9FS%<0y0eb>EC>K{VA=-o!m!nDOc>kvK8;n!KkF|mzgUu)ds
z7!E+~R}phTVai~a7^Aup8Bi*F!e|)@Y{jvn$=(|)h;`sApT+ac;VwO+ZV<*p@SUy&
z&@WiZW<q|{Yfp^*=ZZ<W%ZSM%DU70)AX2Qpd%Sj%huzlxH<~|AT<jyE4c2t!(1rPH
zB<2QNHO1LEWiA;GB}F;e8ODuzY)#6F78p(SSChGkd~_uD=;Sw&$>R19F^M+_T~}jh
zg_KmGMAM%6ofO6;2R8GAge%;nP7<#cyaFqPi{30BG7gVa1NO=nf^;m*jU0Lfsui78
zn)nD_T4aCwQW*yA*qKQF4l#&{CP<yuoRf9R0yb)KIcue3e9CLe>(Q*Ti<H-}2{<;e
zbx_}wSdrS3;xKoU)9@`5KsY=`!ftJ?y?W_HP!%h<n}`a6eerFs1D?dyyF~F7nb)E=
zBkFa!?<2#1`wcnX{61+7GJ@0ZVqEJGZE2VgJas>9^z`#~bMyiAmh(3_{imETMMue$
z^pA77iSldnpVafS%SRWYhU&pc3LvJ0u!X;Y_ts&e2v0lNxV|yu>6KS@En}a4WM!RT
zGbpEF=7(eZ;(^DCofUd>2VgVj20E@nbxDUKm)0uLqoM80%AjsD5uA0_YghA=J_yC&
zc|=X0$5wT00mr}~DxNrr*<SDnc7ndCDbz<uwnA|JpJl}$j9WoTFN~qE5U?=V!9L(z
zymr#mYnIJ`4*G@AP*t!^NC)&JWU+Nh_+};;E#8-nP4Bnfjvv2&bnI_fO7GIkb_gxj
zF528cebYt%ms9yR)OSh$Au>b#2hZYBWnDLSSKD6K<j%8W<6#l&t!e2L^P}y(^6}@p
z&|(wUB6kzFmy(z6=Zx;AC$Q-CLR{vi3p4+&lCt$A<jGA`!P8>5_egl+I>S1TyZza>
zKo%b><{qu#zd#^GvA(&_K))xCTb|%~vj4o@z1py*V0vx4A#3?$3^u|$jnkGj((H^i
z6L<RTjL=C3eNGLSK*>RK;UrQ-w@fNBOAl+zoHkhiCcTHnQBY~D0NPk(dEA~bsPZ#6
zTp(YpMjlz3G~yCaAAmAl5T7%wt3-~_5hvfgbC0TNI6$r-b6)83%%ExWYS}?ew0P?8
zbEnn_zMe8eyuVyvLHz#E231uy5TPl1eqN}wgsZ&@humJsKmWQK77YQp(CM5JiCs|G
z`xl{^=r>+>Ia-bnu-alA*fmi}>N9_=#)(aZv7*Po07>Yqlg&0U?=nMbw;<KJVF;!P
zO|i7_T9%h<gWm^ME8C_4?>Q?KVr>AHuZwa6I|A)<hyNl#ZW+AVw>fn15pV!mm1aqm
z3@h_9|KG6Ce9qJz>HTu_tl+Bq>ghyONXTsA2FyQk4xu|tz#(`?g-Gg{W<rv#ktx>9
zSf>HiTZ?%u<+zO?!I)<{^`KW=zx<Dcs5hg=Vz{0*Tb;DVvfSTVsBe-K74OpPQ6+4b
zS`XZ!`oTFLWmM?tmgY4acQYlX?I8`Mz)u~5mm{lzrm`kpH6W^uy2NVvXp`HAJ4ffZ
zf`~i+@+JcPE8?G7L0*G;w&-aj7<XhH<r<0w2ujWzPD|xZH~hNt`YMJsTXo`xZxv$h
z>JH!8^9-^l*e_(*5yfXIK?pqS%qLninSpEwzp#?*g`1gOlCsH0K)&Un{CSZZ<C|1~
zAUd3+$dQO+B%4B7FY<r$%9{1mHj%bEoI}ZL^<}#R3PncIgo3*K1K0_U=YTH;dQv-A
z>PP(dG2|J`No4ev5DqMwmljfIUQFuEscDy^Pnnma{~%!cp6`dC{hcC+^ixBi4(QMw
zxf3g)TLJ~Fp2P}ILYT|jp+;`?^sD!%92Egv#S9`=XMB>IxwL^X`c}I~U<gv_2g}73
zY^ne+sEY%obF;3cuwcH!tW;)Z$9cIRX%1@L6lxACX^Z;33~u<?`y}pWs>?gi<$GdC
zu&>3974a8XgwZOQRzr{Hm9_Lq8lm=Ljm}oocWv~BzS0>x2_v`2&DGR7M{;3r9+BW7
zPH^{OY2Wy1e)(@?<JcZ>Z*;4#d-TQZ5CZ<K{Uh#l+oJz}NY_BufhNCSMyDCOV1Zc^
z<g-%yu6S$`V^_=`y)r%dNDf5~6SRo@E>M<lFwII_9POi^X7(?`hzrwQ3N+aedxV?w
zUF6kw<ypHVK29Cym>e@*!5FDEr=l8i!zVa%ek|8rHam$lf{2u0D4)Q=n(o){$a|7P
z4}{KI_TL@gLq#U>PFc@HGtclSydek?n29NsK_NYQ`?p2p1ZCDKL@{V+w+#pgi|(`>
zU@H**vdG7DkY=^av}GiCk<<QKv&JOD(^7p+%!zd?ksDQZF<{(pZg;1HnYq6Icv|l^
z1kc}{On3<=+PBWmGdF;;N3!=vq2pLQnd0hTZ>2vVtlq9--|5Ggjw2)~^0tHK4m!=5
zYt|oMZhSNgmJ}>gx8=wp@mw5^Mj|dNGpBccn4ltwp>b<Ds{n~Lc&vM*vX+%8e!e=^
zHpDdLAYnDrAGVb7y@~w2k#_2N0Y@5dFFVJ+!)OGpL31Ky`wsxC8)ik@L=UF2(-qt-
z(Rm6UNW;bmr*l)T@PnE$C!1U??~NI?343N`@@`*{`#?z?ghm)m55e{p+!XE)*c`dW
zutT>lcyab@^mbIIFI{>19H%WK>OIyYsy(Zgc-6{g(wB@OnQfPyf+hKVA4qy*Pz3?P
zkDcs)B=~eI=K_4@3>kx3c=j0+n>>i_+_ZDI`@=O4(ht<`@!fS0*iGkGo!$A}hdyAp
zjgf@+nLE16h;EANq`w)y9$K=iY?)v8$k}Lz1*GStZnb<yIiuFp)flwcu|!iONgGGl
zza2gIXlB*|ROP(aD&YRh9+>MfzCcmdx;b>G%6<HP2&|}<mIBqPJI@IJV+~AKq?N=6
z#)!P^-a@T*U<Wy{MNc`19Sz5hJmQ6KAV0=TKEysCZSYw_hpza7(P*%wtJ(U+&vs@&
zL>1dZV8EAlWDQ(_P&$mF@n8}<6Tn9H5pMMc)cqu(XG-Umqv7nU>zTRO+Iq57qABNt
zJ_P#eI_CID5~uBNu4U7*bBVe$Lch#OpOdaRo+qi#uIEBvT~PMWVOlEt%U1Z36=t(u
z*D|LJj?~`5XZ^O6zY#r^-ixsY@(IVqlfu8iL@--QTbAeUvE|{Eztm9?w~{!Sr?6Uf
ztJYgX)oLVHx6z^pdTbm%Ar#|MYZABV1J1%V+`XWwp>^WN-4W1sp<AL^X#YiON40Sh
zVX@szto$Wua1i;Kxd`->8Ax-;v8@$3SkS^B_~yxdoCU|X&L*mfG34O<cu(pm24SPW
zkE-|vap4BrTlyr!+<%rOU32<2QWBaxQ<oU7vbz!}*_ZKO80}jL)8HuutsDW#{IML8
zBvGL0ltaYKO_4@YhY#6_pM9SzksW+DGrt-gXMQoA=U3pBj*2u{JspO?dPjt0Lcz)1
z&8&2NWC+H#*_R1Dsh#-Ht)@zTxdssfZL8bq(`P8;=?(^-n3}ifu%U69o%D|m63!?u
zA5VL*VOZ*@qDQYiS271)$2-6<0MqC3--ERnv6H#8y7F40(0;2?_?Fz)=9s+GF|VB6
z_ms%Q{={}S%>2e&mTLuudQK3nN#!QF{=W{ypjD+qm^QS%sNki*nx}J{G3%mqqPK>+
z+Yeh7MkL1#YlF|kzVAdqrBJ<dGDLo0wF%RQfi1mI&>|NY*+7EuM#a{d5=V#e&k?s?
z?7jFJVz|fFdYYoBut?zu>2Kz#%gA|KMxuyswq%&zj5TyTIJnJi;XpWg@ATFd^<HRV
z8cWFo-&_2OQ=S{?ov!G&S%P<+L@Mk$2#gIGn5LU?jFU!zJPq82JZlTlVvx3jXL+^o
zc@)2fy}U2(0cgPq6J`)WG0#<I6)07~!ZQ8hNv21Fm`!M(EzpFn;A=Xk7m~^XqZDt7
z2a;d4`rWQ5F(Z^i{qz$25)pSm-juE2!h2oB;|}X+x^KrDg9?v?w~TWpwOI<$r^7L-
z)WJWV{1hj*jEP-B{>!apXMFf+=f8pii&EL|g{i=hxuNfTdt&H&TUvEkNR-yq*10pk
z!3FUdXRxUe1*p17(!@b_&S_Cp{6iyAjkO=t532T*r;gjC)Jm)w{S|B2pb6A+mL(`l
zzQFFj8NNX!(3B^pI{Ba`oG+SgEYA+yZd^2U1Hui}$3{f8-7=yOYEYOu(2-ov{^VJP
zJ_8UzUXxq|!BnPWdAxv3cQf(GdCa`s=mqWWA%Uc-=wVKC^xrmD1m7-AY!FAsbIPXo
z=SiqR*!^N->12@dw&=Mq5QCQnOHUC&-$%^Er!271P(F175?GaIk(0Kj`)VF9wm6yw
zA~)b}f{8sfh9$bYp7NJcJ9XlW^vCTNi~%@pJN(>&_67&v8)z2stwfd)28l-hS}ewp
zK*7M_rmXdE?XHnheTBa1-t^E;f}~@MlQhjo?o7h0jSWae|BI}14DRcT8g=XjjT+l#
zW7{?w+vbVwHf(I$HXEz48r#nA=Ks!nXYS11-_F;4&YZQ^+Ru8{pyhf%@#nqE!$?$p
z5Gj4+JN0)S(-g4Wm|Fe_I81$7jbilvq^_&E_+upBe+OYpLH#pu9oXbhQ6pB=r1-?U
zNkGHpG^6~+F&x{C7Z1@;_hY&roWLo#X%Sq5KoZGVe;;}x>X>d@gs+^`A9b<=MUju~
z_zFZAwDJC&?Qlyj{M_$cSNxN&ScLHp0+gb&hxd!nyzzbmDoZ~S`ev@wei)6)A86-V
zLPL<6N^Nwj%@ze!MI@+7KE`)@)c5it&H>|VYAjU*)jKWOSQaPWa|Z1ucd%IvospFZ
zXOfkEg@L;<DUtuV%GP*z?JmxP)#1pV`4IsV7_Uue9X1<!3IAoL4#-xwBzgbvC$@kg
zu{ye6V;hu$`;czsL`p>N7M<x~tbPFb@@}oZJh^{sbr=u@ru{Ae&pu9r<Ps<@bwE*6
zGH0)Ukr}rmNE9V(Tr9c|W4uLa30weCvV;(w@!+Xi?BIWx!ScEt$YCywrfI!uX2zaM
zOb82vALoQ@5@BT<yQ59K1zfCKUoI!s@?y4~BiOaqo`q_?2O$=X4-I>`=?4sIXOP}*
zODV6D7vskIkr8nOwvj=KqZahQeyux9#oM&140<D50Gl!+b0gafjxYm}lI=EU54)K1
zmwRg3a{~>;or#FS#Ab9Ms)7U~aU3*#Lb?@&dLLreTAi#{t>H@ydq9hnU|${%ZRU|X
z{$|XgG?e%uapgz)&VB3Us#B~K`RS-2W_5U)rW}56jL~&o$y3t8I(s6pt|Z}8ek$zy
zJ|>{Tqw+m*Djm)yJb_8n`71FD8dnZiq=zv?I<aH#i{&R1>j~Ez+Dz#n*6M|Rh$7J>
zYtw`vzLXy-LLyM6pI6I$k6UwW9lEQ_b_Z`uy8tiV6M7N?KDa>1{>{ve6iWhpE~T#2
zU)~jzN@KxJq=NrslH&<T6?2EC^@%vPRbEei#fRc~R0DTDX(*-s;<Q)p8IGBE4a;;!
z7XOF(Il@9&2%jIz{>;a<z&dMS;y@NZ0}l}|yOFHq+iguA(SRPk4Nf+b&WM+V$(M@m
zMf2~LPP)TJytSNRMo!Dt7B&4D<T!x2LPqPqK{h#q#AUNNiDV)`Xel(roGXe;iKYOm
z;2kb98sh5v7J|%CROtw6DilP9_goS6JsDi{t^PmBS~N%o^AzqQtp}ElUIvIZ4(Wp-
zo+oKfV=#FwkFUz~=Owi_>w`VydLP@-tr&(hr1nOB#fc-&Na1`%^hTC{F!AN1LZo-t
z^VkHy;ga{sZ&xM&6a&wUp&M)6F^fpW3U0!je4+HQOK1Yrn4{e^_&tgA(*@f#b24hC
zYU9wTR~8sT*IB9d>(;+C+!WUVDyq!Gql&#9G%Y1!)kh%Fp^7g0en#a2W*k{a)~W=1
z*ETdAH=M%Slq)t=zrAy^fp@P||9jl&7tI~rn#XDzqJaoNYfDf$)nmpou0N8<UyMB^
zr_7)2GKX28M#ePc%OJbW88|&odJ7+A3{2`u`_5ZoJSQjqJ?L4qH@^Z)tz%&7h%S!K
z&^JuS3%NI1{_y$p7o<$<J!a|gG1=Nq9)CEk!zc(==5a!H&H$9v-KI3mR=_XrPU`_0
z6fW%Y-n2mb?NZoaA5r4~ZvEQ_$G=$mwc5qg!)aXZ@rDm*4<c8??X$fq`$Yyj=+;i%
zcDRd&jk$ZW^>qgQAfUtkSYkWXO&0R%cSlk558U>m{UStEdJl*{+x=Kt#;p-f_=%2>
zO;OXV$OzwKO}<k0@yTL9sVllvTV1K5C9n;+SZxAX6~t5wx@hL!zEty$Nv}At;9XxY
zHoD@`ka3t#^s>Sq2YCz7z8now>D)cV6dRFNbI@Aq|4UTnndQ=si#8rG@uFkyDDecZ
zUO$_Tm=k*asf|CjGBNn1ibsbC7Tl1o7$pnGwiSCk<T6|Y!?+~Dl^$iz;skj%t;Tmx
zBV7wHIW)i%JuCVjJ@5QOtxoFte_+>t&ZJ@*$DwGt*_QQ<Rh4#hv0;+zJ3q(gTs3P#
z44>+Xvb05lzI>Y`-~5kpsc`0wf&c#z7s6EVzEm+w!cQmr{>pHm7tmN3z0UBxL<&>m
z2i{pR;J<c-v?6~{GyDTB>zQOX-V`QgR8l!X;jPyBialfSZ$*m#jckz<ZcwD&9T+c&
zz4+L)oE3&SnYqT88Ar++D#^A8|H-n5-c$!_ia$>m`N#0#>vJd}>^VNs1yPsCz}_Ai
zh3J*W;fFy{Z9y(|<*!4%ayn!#4M&VVKQ&)rKm@&3|9G2j;1OZ@R+j8Xg|%@%(Ly;2
zrFeZ5g3S~re9(osR82nz9%FuuCmCtgBW+CCq`8WC#b*gsf(d;0;Gc|z=YRzLM`yNL
zXXvUw1I;hUmiZDaR|aj*>EG!4Q8B~*T*@S!D>>?gqqvO}VoS3M;kd0$YNIb3nHYa^
z0CDhRgGA-!+jLnbX})QgvFrs@N}C2KyZY|re`SH)5hB{lLt;r7Np#MR`7Aqg@4qCA
z4NId~>-(e;74!mZOU4v9)^&nRe>ilT4tGmd(VLlc1{B!Fq?%D9xIzn-f$L2xa1OVK
zqR_>MVnZikpx7RBX-CoG`ts_Z1TL#c0Kpq!B9P|-dQK=iYF2R18&Ty&`2$wc$@re3
z&`rp$T}VHL?M0JTR{Bt9XJl|=S#4O1#`a%u#kep>cq6SKI7`_+mPjA0YRMKgU}PEO
z1zcu^2KBfcMRzmy7==%U8#TOCXjzn|QeTT(aa+F3E}GgacyM@=&9z)dY!la(1G0uw
zymR;kOW8?!l>wGVDn|_P=s4H;tHJF@Qm&bN0pTdHn%|NF+?b@#;t%z~8{>J@4*JKP
z>CXcy#1+kH9bys0QzO#Yc1f^Lx#~2uO7VONN_hrzEOS}a!sb$jC80a_LlPzPP0J(n
ziczR%K2%)6NBtJGnMiixCrKPDff9Y$|7eHl1h1Bw*%|yO0nleJIf4O^+tch4O|_wm
zBn{;6Ry2kWFvB`?#74;=YQ(abUKN~5e*s=zoct_sIUIUgY}4xg-C%tBiJP^1<sCZO
zwaPe24$3+5n~b<#7p4L%aTw{ub^VF+Y{~J_JCb%38L@VL9UAXOTE=ETz;yCy!hCW@
zL+E?%-`8CZTl)-TQU3R^8-0Fq@uvwY@u#`aQ$qii8%Sw6Pm$$cl4f?Wdi*UK5cS<3
zCJtRKUHYY<Cs)7QypO%EH^+Yy7*l?(ZFNBf)UUTRf?%3_r0Zu_Qe066S(m&=zkH?M
z)0i=y7~yf8G>U&s1Z%GVv^4*!gw?gu$+M#E=(;C_8EjiPhf_Pt_BvemgZ|W5p4ELs
zDVavfP_)b?KObte<JVv^+FGzZtqJ;f>UnT3Wf`<Qwj|>`U``zVpiK&^jtJ-$;3-t)
z`)!2sMWQVH(1mqh#R&h-F1gJdBYqBZR@trq(`~rM)lR>a{58oF5c~U~#==A_1d}H{
z;v^(cO~FE9;~R8kvHYb&iNuN_V*qAaJ)tS&52@6`7Y?6g+gCuG>)y$~!+2lC5aTz>
z9}v@R!wpEc8oV<AB&ctAiTMmVcz^`;q;7dwqCy=l<jA29b6`$+^WTBqdn^lD>KGSq
zd8!Smmzs(7OJtS+?WnH|R40vv$F?bj=vUgD;ua*rCACRfb1oTU+^OuWN0ediFkuLE
z0akjJ7CNP1Wxp{`Vi2Hziew4r{ZJT<g=dh5cMA)VFo)WR0K>!`el9EbG=kU4+V8dh
zURsCy%MNCaQ8UqDeze)@J7Zcg^g!*849s8AElNQ1c&Sn~z^7YFt@aoFWcxQmG}-7-
zI#aAMO*8#EBBQwBXCZqLBLw>k<V5Jq@P4KJaY4=u-wXp@6^UN5`;FIBvME1$GUt0l
z7}R<EY-aHhLbMt*o3Ah`dJIM|ngB*(1+5W0)Yh{-?zYxSul#TJGaH2>^pi-T+rgYf
z^>0H%ne@U2Ky!?686F=D(J=mnnNP$C)<X|VBapx0jyuWy66uH-G3dfO;|LPFLImSZ
zKz(H%ivi33`X&jaOx5>&BK6oVLP-s$5MWa|Hrtm+%LDo=jBHMr4er&C*^k~!=oJF`
z6)!j5)l1IBOM|gtdJ&p!GLz6hCVAQ!rZ{w+m2F6YIhKcDc1nx+v|5@kodT=1(-y)j
zMr$GT+B!XdV~{$w^tIn@IeUsSe|lx-EnSQuoNnFNkKw2OP6yfAAHuq98(vy0f}HXC
zI%wcYzp_z9rf5QA9|6Coy-%UvFIVPc&tcy$1^jaas@?+_-?fQClIn;OObHW-EHddY
ze%;LiC^pN>@fw~Dl5~!O;(BKD`^;{63LNL<6HWw8`S_ci!R@O)s3G`9R$;t>Q+P&h
z+w$>D()h20!Z~eW-`XvG&_9l+!;U@A0I{rUnAni)C(#|6U>rxzsn&$3z*`P&oM#3!
zQK9e<l);jLnTXaj+2@$4nEW2*>pDdUMJPxhAf^)eTTb5PepcQ_0g1!JJ~?BCpc7%$
zS$tw8K11&4fE3I}w1vMhrB5%Ck&xkzuBho|rI00%Iji0^Y5AL@+;%qR1$_Pof0*_i
zVEYm2rpFcq$2?U=oO+bCXTxUzF-H9`U>d^%igp8GpJHrB=B+Vwo(Lkys=UtmQk4NZ
zKhtm?C&lPcu}*rp*w54y<x0AqS{h>urgQa-Q*);PH>E>;i?OQVp?(6M-@-{`jC~8c
zbQw~fTv0Da^Cb|^H8mYM0wjX2!3%UQsIb@Bs$c)$b7CH1^-{N_7NQY2Vqo?=`fAhs
zjS}wmfSQF#*DQq4F(*9imGKiOK%oKToqIDQ+_^+JZ`%vnB2!u6=yeQe$ehfb6VrG5
zwpCx%Rj@p~3gWEM_8diK_7GVO#p9WrdLJ8BJLW9+r64gc=aPBuN)%^cvq_9ZzoIai
ziTd5V^x*vwVKZRJjJ90!mvN4PR`teFb<5LteG2`fIL4*Qa~szj`mVM0b9oui7g(-N
zv(c1O5NacKak-;i-MD%)BnFj9>c`g(q6q)H9JZPn=dB$Db+mPxjRSbU@pQXjpFck-
zXcA%bkpObMIGHk^FSu4!IYJ&};pA=kEabVUj$FZdBf{)MzvDFq_4hV>xwDGFy&74`
z;2#`G*CAK1XwP$P`KOWs%8CKjXPLS#sZ&z-YA(-zganzHoxHgC7yH#Z-9_{k5j@rS
zcR0^^lKoJ2B+-`Y3%h1`zh(@t=}Ya+1IrzpPT?|67!HeZU|;SBPW)_!4{m4^tYy-9
z4ES%9!NmybWO%rX76hmL7=$HZ^$mH|iHh`YG0!Ae2;==Ub?&1BOW=UX?VHDsD_hXh
z#?JG~^S02)o9tzg!}annkl~9{(r)f=3V-Vze1kzy4!@tyKhSBH1<D&pz~3+e)Ppu*
zRr(hHWu<4drl`XT>BI1V9c3M4zHW$Gh4`5cktP@_<`VD8-!~7TQ1Q4?jbXkZcPhCa
zP^FVdQ~tm^Osx1J01Gf_d=Rpcw<RdESZ9zY;%n1qD%_7diFy?ohoO69Y*<K{2=W@E
zMww22#BKZ6OUljD>r*fDvObHSdR-nCiKPukhCwHN81I*r@e^ZT0XtjSiOfz1vapbg
zx1jsjdkgXBo|f+J=U&j|-f~dQ9<{Me>S-HXO^O8OD`UgLIv{c^wRuh4vqb_sJs{5h
zQAIdDE6xR`Zgv&GLU^<ghT$rUdxEM`DHgbljj-;^5?&AJ-Cs~fTp4E77F@U-R83yy
zJO1dF)Wbi_mzS$H79<I#etAASgUUQ)VPm?AOk6w!r#?ZC)J)J)&w~b6j>Ez&+=04O
zXe`acXF-;%0zThwsIwQ}v^TaB^F^Q)BDs(CH^!<`^E^Gu8G2e#-9OJkRRh$I(>5Nk
zHs55P@od=Z|1gwPWg3?i6nPO+g;m$Q7A?bPfBPZjX_Yx#dm@u&A)%SYeu@WE*xucq
z*Z>1XW{(>!lpf;CJ`}?B1@<h{N!qAu`83&pVD{?Q93ZCHkb6#w?|t-|K)HWzN=YoC
zIP=IZvGo&WD8-wVPf`{=oF|m7L9<d;qVl$o02MbeAqETrPA-c|5ovDJRv$*X-O}z~
zxQ(r~z*+mjR?fZPvjc+}%U#UD*srkPmh$TvKWs?jU6^mks4@yb`X><u)HbsH<k_OD
z;F2Rk_5eD82jk80Z^Je6C;=G><YYxMBK9>iDzz8Is4U|A>e^C{ftGJ7P_Bf#Qs04S
z!zKhOm)%x2KYy%hTbA)dvgmNTuw(?O<hG6BXe{DlZXtWAq#{SQ{M0|iFwskEW=TQ&
znOc{a#RlTYuLjL(=)wfbo&((uvWwG7k}04gK7fXPxmwEA3*vEoBE!;;BLRZ`p1@Qd
zRat`>ROd<_R#t|iBAMF*W1;7GWUcac@Alook&>p#VM!Uk+N8uVG6>VAveUGl)F&1@
zoqAYP$He)^sV3cO|G25Mr2cmWr7z%8yVY$WHY+&ead=c&QTrC`w7XWi?n4$sS89IC
z6TmZ$d^xu;4dVjDxUK56I<26?y?2vY?0IfVw82BpbKdlK<?oPph0OYxf;sz^qn7y0
z#@wjHXk8{Lv9{22o6SKpw4Dvmht;}k&~b(LyLW;4redi>@1w&(c~4<+P?t#MT_ns4
zI%wyu6;eOCLic?u_*b)+<F3pUn(Q~Y$pNMf4A0;c*CASQ3=(z5kk^CiiK`{tsdfxE
zs7&#WL78fY4=xAqw1V+@K6D$riAFOnvloA>wZj32ymtV1=eHrG!8T|^Ym4?TXt||@
zXcxFRv?y<VbD^_ew>y3qy2-8~QebBi-dEq=*M~vr4lwft7xGZHCu@<{+TeW?2Udnm
zYF{aH##%qy-u!)ItuEDU-rGIu+&&bV8I^v0*KwTG^(MnwCuTxghbxw61FPJ}bmbQG
zs?)n?HvMaSi@@zJOT@w}Jpo{%Dtj!NMW3B`Q_xC;7dd%FOuS(EBTfNkC<dF)Tf`qW
zJ_W8I8<*FekL9j69sH~3yl!G!z~=ZURT2dp+=CA4FTpm~H_Y`dQt$<|`%!pIorbYP
zmq%4i0|di=qSm|Fv>~MQr{|Je$Diuk5GXACC~nxBfj?Y$bQySrSLJU|8j7vws9lHe
zJprIo0h-CZbp<NDLD2H|?}*oicxx!vJ&(6+_kz*$Zex%^j}G`tzqc|ffDWwt-W%Oo
z-@d+hvNsZnc#V38+Cg=$LVeMRnp;1Kf^&wi?Ub<dwVtT2J&`%dAl}dT`X>EJrQ(^;
zZ-cr@bn%Mb0F;NG*Jr<Q1;?ZWt`Iqe-QUsP;ROrW>foej2HWrp-XH}G*<@~29Ank5
zP)Z`YP;oCirkKK!vY;eD$Oz(`8<`)OgdAOYYR3o7Qjw3u?EMfOmLR+je-^dfx$qO2
z!+0Y3Jd$vA40sHL42M7_YEEsPAtfG;oXtkDUH{~`CSr+{q?<aL_LP64@?p=a>;svj
z{55MW2FEvgB#k9Tf$?d)2_C2>{m4P<-UdmVztw=kTYzAboMHg!{PN;@*6ik4k}mEN
zt&<XO<SxF3pDoS}lymXL9py1I-GkSJ{x4{{xg`hl0fYsb9{A`9-}3Nk-%SR+O^&{I
zKEFQFzSau<=CVbQR>aS#j;;MpVpH#gz3Tq1M4kabvJWyI<0BS~gUobY3C9@u2mdm?
zH5FwQijCB}<^ePv$Pa(RK-XgWM&^KWd&GcmVphZn|1gds_$FsT-j6;9+JU{>LY&tF
znV9W&T+SF}|MoW9XG@Bde=z@hn7`zOpF2&LqujD~PI^srkK$>dpdKrb`c=1JIytgp
z)<VdbnpOHjDZaAusI^5#=RMwB-$Br>DYx*Aob4;6tr<X}xIQm=*<`zYnOBAC&E5Ce
zD1V0|jPxmDktYLbro3gM;~p`7Xugj;VZSxqtQdR;_mglPM1jA<=>oaF6Z(CuvUZZ7
zKg#u$3BTIk?tzOu6F|~Y?jtpnYr01UQm~|&2oyYK#T99iuT}X<%)|XIaQ($pI1h5|
zT21VpRR9DdRqI!0@l~@vyd6H>J6u^G4m~yQ>{Oa1J>9EikCbjNpL4BBB+7naHn-Ij
z%VipG?pDS-bNERFPUj9d^xPs(kjum57U^QbOx~||3W3aN{1Fot_0ve__6OT_B+n1R
z0#(H84Zn1Ra#461_p{%8;3kx-z(6({V-$BkMFC?hyzjA_)+0$C4f9(URqioRzq3Au
z=NA=H`Wogz3p*piC7{m7PLHlt7FAdG7e$8X8aoZOG$k6WJDUvU)6P<7nYq_DoM)0h
zrUaa6{PGQFNwC%@P^j?f+!yx0++PSrW7c;vO(gc(d>xNGKHFtzdz^!Znde1lEz!S7
zA^~Urfr`4|=+wz(Va*<x1t~s6QGO=>Vi<*#RJGYVW#IG|yKoR-Fb1Z7xU#DVh=SG>
zneB4Hl<Fx4H5rIpSMcXyj`Cp#(vHx+!2h{q$_CowNIB8+3%*L+5@`G*OrX=Tt^93P
z1yfn5-^ASADnc%XXymjHVwB;GEr&lU07@&Qn{HIx0t1~%z#v-(^RPU>WV>$<GZgKj
z0jF&_O(YWqPG+V5;Ys_f>Ya1wuVRIcY9A=SSi64!d+oBRHUUS@8(zh9B^mh`b5Bt!
zm+?)N_Zf0{<4a;KR4o>2bC@)^iJv{Q%@qK{1Bm||b5F1(`<`%D@M3?t`ePYz66@bs
z&g?My_srsXdRSh1x47U@GMXbEIMa<Lq1i22*b^By8z`7gsTl&gL=frF1_hovN1l-v
z!@HGjyZ#WPBs7Lc=EwK3ReyPS5(x5bWy}%}j2BJq9qSC5>ATqe=ZqdZ2elKRYz7W~
z%}69KZ5PhfEk))UFd#j?e|HIZgoneX;wfgf)a8&XCHO$+{ST1s^$BFV#B1Y{`+J1t
z**9Z+aQSJVVX^IGQWk@!b<W1HG2F0_kOV`lK59_K{uE7-T=RS9z>q+HGb^jNtUrBU
z68#zcQB;wq{RCpr1X(A5N-#hmSHIIh(AI?FQbsGsu>YFv`$PH*Ku~)ZPHKrFKJ$Sf
zK7(Mc>_qsBn4vNNCTNd0UQfVU_Z_KuCvMa^Rn-KAGitTY8&3-EG$J>|DS*mZkp)8u
ziT<-n^1lFbT3o>+;BYp;f~;jwA%py#{Q8^GWzt~ebOfsyF=f)8E<O=FrUnX2rZHt)
zz$q_O)&;>C@FmP=qo8jm8^gApB|Si9?fov2f{SF2{Rg=)+I^wAvKdOMlg<k{zQpde
zkP+8ar<VDJCR*82i{FBBFptdOsl$VTt)0h>{Pdx}@Ig{PwkhL5)O^U4<8B8R+(E>o
zsAijwX_$!ees=sDV*2B3Pfm4wvm#|rW)0ED>&koqkOdIsba{(!Z1#-}Ur$V;q%yUv
z5D@{{AeY1CXrjqJGLhZ&r@h?01R=SI@sQFmZW6EYQbveZ|H#HJ`;8FY2i@;*&|#ua
z3U6G$3<U~F*4z8Zy1kpG5i&<Y^&XK|_iRD|i|by|hF=uE977?q+g~*V%tsHY3{Yq2
zC}BbY(q~k1wg$%1tl-<7mCfUi3w_3_%b5=?9Q0+)A+Oj;Tq;*2Ju^({*W$nYbL(SH
zt@&2l*Uy|q?*)8y8_4nlVuZ;zyiZ8agj#`V?2tuyAQFm|=0D;<Q$(v=0JQEHVPG?H
zufhMt&Htm#{Rgi=a0>~0T;xvNG{FDD=6W@I|FPx`KjK)?(dc!#7rLpC5xIlkvV(~z
zM<4M|Gix)F^<29y5dUIjO2EnJLIuLr?<zLXVJ5+6vF%2FW17t_V;od9&}QD&k>V)m
zXT>MQmGQ*6`)m;TdCad9dD95?PAZ6L{(bOGFmUk(^e{WGiCV#A3RH=npe;$3K>6rd
zla1tYWrh-_jQNh#QDc)#YkNiI2<c@g8Hveb3W|xgU4)a5RRzRr+~^`j((!{Qg@)W5
z1i!GC-)$@{Ev3Ba$~5`8HoK4#!sDC{T8@Il8n`=jBV4>3++xRWmxm!R>Oy(?xOCwB
zSV@39=&%7_KV-rs1uAi!TQk$?176RDG}wIA2Nra3FP`lw)|pg8-MYjvmo~quYte0M
zsu?AdHPWP%HA+>L|MRf3<FhFUh+AsToTR7A=8Qt0v`hXT`s*pNmF7_0v3``@*V{1R
zUclVz`{W&<zbO80MSeh+ucZ9ujP6<^k~J}T5|!4XG<EAQ1#Gr*mKu{iYMw7#eAPKZ
ziYk2^8jm^IpN1-+)i6+f*~8ml7#3`CPr80o(c4{+Nc}9-yj^YxZeplHwtFY*F)*y)
z#(p)sSB<jr*H(nUeuBiieRCpO6xoqKF`9wbg$h>CVnA|e1Pl6Jem>11jtBM8S-dCe
z_Lrh!z~2h*lYgmsv8V%WIo~f2-5a*FL_Y%AcGZIGptjVljU^zNvL*ba#zXU6J?Sa$
z;S`jxT65zA5F{I7r}`%!H8Z_g*T#jK8OoRQVfa<i|DuJz$EJQRpZu4%eLB~p^Q?Fj
z!iK*=k87&@X6SHhrTpRZa3=iGk!mQc#GEPUZLnDm$Pw|<vQ=`dgeOn1eU0xx1K*Q+
z^;N{Gu0c*6(GiL1@ehlSS>WdHh<S9$QxP`Aq?x@TNY?Y&=G+e#@SFU{{Rr)X#{YH!
z(wqkUkD=pxEVLdfXxT^O0Hphwsr&mwBU9cOVsQ2RyJPucIG^Z+8soUDu*|qDN#1vg
z_!D?ZaaEV%W*lZ$SyYHjg)#5uicF`g{WeY+`qhl_%LaR#^wE^M(t<2*yl;HZTX5Xe
zA8S_~%x0CM_Bo$Mu|D>NMoU~;427RD9ht1vN}CfJF9SN_@^7~3+oysEtp4>PIu>nT
zt+Gg4ot4Y*XES7EPL|6@e?4KIn(wR8pCAG>vm7vq7Y8rx5c47&46|Ef@8e6^qvg&R
z*R+7XX&Fn2BN{4-J1o_uzW`zO3Jk*u`;ei;Q&5KLn_udLzn5ury)m_52Al{Q=a&dB
zFU&%k_I{nw$S6l6R%f;}vhS|tl77<jsQEl#zrYws-=Gc@ikrCXsjo)AcxJR(hcf{c
z3L)y3!t#iG_+7W6f?nT?=(Vp16yg+#x(D=u@QC5)?g7PD$&O3+ctU}p4L^hfs(%}!
zDE!lNf7daBcdpK_k1tpa2dqQt$n1FWxQg`|C0xn=Xq^{&27jW7LlRpgt{nG}R|E+?
zWbvd}s9*EWH@5;&!L#0;o_w&WD0+a0j8>JM8FsH5k3sS25KsC@;4D*KdPe{<au$Pa
z5v~p+f3G)v_L+BAWzC`VmFk4=gM8%eqJxO=kQiva$lU@>r5Z#?u=HUAk|v<bh*s4o
z9)~&<&C(Hejh*tFdP$L?2m*nc1dI}Ux{Szj1PfBxYdKS<+_A`)f|nJ8Zh%j4m3vK4
z0GIJd+kaB(<^shxa%;!4zZ(b=Sm}B8*hLV-9SFUkOG+*KyeeGnl0=G^W^Q>5pW~&*
zI~s{QQ~wnHDcU?esXmNwoP3)5-a$MTrjpW_qFy_pJzRrCim>6&L$RL$#oNu%|Kq~(
zs>Y)vc))|or-b*@t{1Ec_$*6xd-Hp;d3yLl6w=B5us%T@<fYK77E0xkh#?i+L88w6
zi_Uk(Paj=9vPp(UX&Npr0MR@`<s;cqGjtR@uQ@<;FP-A^Ir}*CLBC4Y`10uNZu#fl
zJK4mu^#emsj=raVOuMpCcsur=B^?C>^IP*v*H*yyZg21MIYdblcy{9axb9h=wFs$U
zRC=U%S#tn+9By0!q5v<?`}N4Z;&!%h{P$|m!yt@c1#SgwmcEf-;8BIM&)-*2WV;DD
z-CYd@dng!r+ur%sFi(tzD`&aZDp)6%THEp87Qb+=FY3QC{-Pqfm&U#fa&)6R;<n)`
zKbGpLV@rp1T4`_qSUvNfK;HFEN5QS=P$9o_TS^qO-Bmzd^=V$ueY+wkOrU_KkMN}3
z@?9F|7b-mrZ%<}Ur%xMD`&gj#yFLDvC6kX_2E@_Sf%S?xMyz3;iW1bWukMcGMrgq!
z1nbsO>&^SSt4cBF%<01%_3_><{&AP;`64lhVxQ`MS1cQdJ!#^Z-Qjm<k~%uS3^F|Y
zH3#JeK9u@4Lq8l{#m|_8=GGydS#OF8<vyM~PPqx;)%>}-FQil1`_g(Dl_(?0AUZ14
zcan8px2n`YI(ndr$3`uXiI0und*6o#Q4jQe&qe)U>f+Vi_G#Nat%1ZJ=K7TD@=t%i
zcqd_$C%}(!{elRxo(6EhF40n+@}&CkON39?iKBM~Ia_4!4YLJ&MnQf|J<Sw(pW?^~
z_2A~^Y+B6#PVu+|a!vN`tAR+{lli6zH+(VG&N8Tk4PU?PVqr6F)(#5C6sUc!U(Vmg
zgH7v&Sa;f!tJpj9<HE_RR`J@q-OKy^@ZFDjfRi9Wt;Owy_-oIz4wYrJAi1yqx;t_1
zrHIZyRod}e1lc)RD9Gg^N8NWRujT$tZ-!c{4w(qn;Gj>~j&=yJwdXqm9&hNJ;$>tP
zs?=VBw3-lEfgi;TQSLPP_ckWaV(^evw3=jbEk8gLpOK^;)bhP~;uU!RFAQw?jRSyo
z%p|S1Z{&+$KD*o-n4g2;ymuUSI)^UUiF?Q5_2|P~qjQS;T8owaa{e<O0;_je)<`O}
zPk+78gmoJZ_4|_sSrJG4CmJSfr@>-VK_LA%flza%*w$z!T)%g&VvXV8IHh|s{UvBh
zUhE&=Qzd3qN0A<*_2(A-STNC*0I*FJi}Md<R?h6cyCEItD3dg=_|(aH_+jaci?8XW
z5E|_arUw01?5q>5vffQ_8x`0$GqP#W{TdQ#y`e%%;D@F6Q7bRv&~>HC*D+Q?y;sBv
z$uUAF3+HOmNqb^(YA|t<Hb3%^t6DYJ9K#g*XLPRIQpIl<F-X-#$FgA50`Q_6>KgPB
zr#00L;{GPvkgq!brn@i6dn}q4brYyXjqSg6nEJu87`tRG^blMla$G7#AeK{PebbW2
zYkw`1qKe8+Z(;Q8*+6LjP*63f)?O52P05Z}d$Mk`q0-!tfj*IPUkPKLEi>i)?Qhc9
zqR<3RMl8*mwxP)nN-BLQIlx(Y;-RYa($Hi7wJ*qHq{sVRa2nei9j`a&)$n)Gt07)j
z?0xtP=<(*&<_M&{5KOVVGaMFhLLEs9pC|KL6MmO_1G-oH=ud<lnn77uW-U4n%gdD)
zpZx95Y?Ett+ZUbhO=-e;v=u~Jr_GcX;9LnyX12ZS{7og!Y6q*d58!)ZViq(won8(L
z`wj}hoUON0qL%z*(QG|$-W?%ux|=vm&KRLno(Y|tGI{S!oH1YFal~e)Ei9-KEZEKc
z7NmE7xt6m_oCn!sLEZoD^e$hHn@kMypwf8<cj-^jDm%oqrlr+K^zVE!aKzDGEBf&+
zQhU$pNT5L5Ql`M;0!Ss(Hc<+ldBrw&56)?7_O`N;WCg5vqf&4Z;v`P*?kKzY6KrH@
z5t2@@<omDiclUE~;Q0PArKsW*!<9EaOVp8>iAN<hXf5l6%D&qp;;QVMb*AV%U~P>>
zGu0h#UXaDimE|9*x*kESjukX;bm;WF#E~)-5}2?nn&1od0d5!h@AXtTz;tTfGdCR>
zY+5~DZZ>{APHrBrd^lci{P1{Ocw1sk)fo9`68~Y4Y{W{(pd^5kLUTXkU<Y}wHic);
ze{?IbE?BRZsL|kH*Kg0q3Ublnb(YPM+DlY?R6u_4fU$TTxo2}Y&Ny1gT7iT9NNaWZ
zPCWb(Y0N5T2_#NiYR}!~v_D7spN{&NW~nc*R3~|b)Nsb_@lLU3S#CaW{Ot(U?P~fY
z{?f82x`JCrl#KiK#T=gh?iy7DLjN7dw|5_3E-0p0?4Z$3>90;hD`+wl8EA9EjX8n(
z#;L{>?KOGIYz{NNKX^p()+D#>D>~*^La1R>jeFA*4cKY%jBo2FJm(*)OIzZ0V;Zk|
zJCK~G@YJv;xh_fVj-RBl<JZuPRhW=Pi+9hLDr2o?#Hh<SYH&MCpV7tXLoCL*ei`f#
zhu93Ff3x|Mm4suUds*etre)D4nlV|LANvl+jA&t5LGwFvw%9u|8A0UlkM!7+WgGio
z`nhxpc3>F&Q=vDUNnM;OaBC%HypaBEFUOQE`gM`UOgiMJ6)e9Myf{SKa~_ZwC-pt}
zvk+~fJ}a()wQxkwgp4`j3Yp=pAfi=|ZSca9b=}qyXyu?QZkxQ?Lt=>f$Be4?L#}8@
z1-UJ0u^>M|ghVvOpqoaM)iqF+4r$-Aii3W#AK*SoSKgJd2fG%2O}<J8QPI#@wKTA^
zw|YC|m6fj+bGSD;mq0J=I2+gTXgWu~#Uj251{5Ry(%uAbB>uQPe()XxHMHHMg1ne|
z{;2q)5E5^gkfo-OwWM8ijI|8kXhy7sF@M7sU*vx;-<`7yTZkKv5GcCKpFdpH)1*wS
z2iT9I5GDz#_1tYQ`M)NFxQcVEDG<eurVVGF&PFq;m4s-84};&dprXbT2TN^!i<J_p
z$vr|6#|{z8*UEcxgnPocnfr@EB^7CL#Fd`(G;U#v>6MR6zR(4K1+@bO?JqUcPU|#j
zidm(uJSj{dp{)!fOrlu4t1_rMNxuIQ0HoIyL&1J_7Gkr_HB{55%!G3KEd<gwX02D!
zAy*AsU>TO0LiO%ksQGJHIq3aqCzW96FbqwI4$UrH9laUMiGC1i6McqRc4aeaR-!Vk
zn^sIqL_hahGCKb{0x?^?qG<@T3T4+PmpnM*PKnHa$B!WGBBCLaT9vyXmC68)1DwJb
z)-mGL;fbVQahx{6?9QUO=pFE83tpq+E2VDFI2~7V6wVoUk*I&jnath$x|1koero$A
zz8c*#-jdNhRYoVX&~Q%$bS_9V0ZRK}A(Pq$Cr?pUYl@tN4Q!SQ0+hP(2xCYoBT|fU
z&~Wm4&b!IV?F1N&mu2{4`G>u3K--6}hB(EhgO)X|5gd0x_cBv=I<iq@nc8I%9z^x-
z6*NCtKKoIH3SaWXU_Qq-ajs^+8Vq#K4Jj4Jw^bf+_B@7<f8p6g3dlQ27Z6HCgkV$$
z;iZBNg@(<2%sQd~b1S}NIjz2*M^{}sA<=>K|C%A|ziE_>XeK-K02-iqhOrF8$|~Ac
zYLKWy#V?SNi_fhvs3Sfn9W=Jf)K(PT;}u)jF2aSP85C`zsR!Tu%!j4MC6bXtQ8R10
z{%vXs>PvLE<!R5|bU%oodimvN!tg)$VXa@Fonwu<kHh)<@Yk)!+gIeQZE_N)Cs4!V
z!Is^c&hFD&rOTTju+5U?B|WmR%dsf8<)OAF|9&DqUH_VrNeD|y68S~E9_m<(>EX};
zL}*J67Zh!(?W9tF$c_cCr>6(@XaMGsCrN9&psjV|bk-^c2?^e~IY86T-o*7qE>2s@
z80iYBjgeRfh0V^b^OzGZ5s~Z=8N7Zvc~f+n5|xkL%z~Q<2u799j2|^`$p*X^VN$a@
zz`7+Xz7`4vh<J<5Z(29SOSXvdN<zU+^FB??!u?f<Xwf+@LwEZtSc$G%_3*T16#o9R
zGee&D4m5`7d+0_UK<`gC864H3v(<bZ9`ME%b~z?EoB8$vu(N$fA`l$jzIzI3Bn<g*
z7>#Pyu^W*9Y6lR*KOCm{Ba_VE4YQEqrWIFReDv+qo`5qV*TwsumibJO!vPxiKiw+9
zF8RjJclVaA*V74Y4CvOaW3F2(ylKlh-TGsEQJ*ND&RXe-jJT1nk*bRapn=(b@hwHY
zZ|P5u-@=YCpXPO&pF@OqIX_3F(m2Qroi-*OY?)>OM;eWZDJAbm8qKrT*GfysFbTDU
zgf%&^(}yFYx4q&n|HKRbz>Y}hsozp<|4E-Bbw_3re<hl!P-6Zk;Cfe^<g9E;)e`CX
z+h&m67C39~y*Ug#6^hSRlw`w=d9lZi*@F|pehreH{{~w50}&V6%Z&tI!W+EF9;OOq
zKo~y-OkcPgG=T_tltcKoJ-2JFknN+lH$F^*M372%BDll3L`V`ciCdoUnVKLG{8Ddx
zn8P<Aa^unRVIf*Kto>fk6+iHy9iv{h{1HDikx+I-?F2L3ZMXXGuu*bAsT!w4h>pkv
zMm?+68<5#=kEX~3`Td(AjI9nEkn`;Fy&q@*F!Ol$fi!hE0~73IJ1_(>+1o`t4T?<Z
z<CjWs%Gc(z*Zt^Zd)(oIdBliB>p<eVv0JbnYb_btYIS-et4Eu-5$3ri3|-f|Wx79+
z)4Quf4~26(m@yKRpI~E&+Ra6$ryfv<ANyxHIhy5h^OlKrh44<uOY%FpN+aXF0A&++
z-+%2e@F`io$k^~`q+b(7<!MM0xjQ=}#J{ba`p0B`EqS}%d_mK;0vZxb?>VYj;-_AH
zdom&A?c?`+Jl-K_g$*vu?973fMJhh7%d;cH6Qa9gfthhr9RL?HXYAU|qf4)BSHwaf
z`?<gJWu*x*PWdlvSTt!2ADtdlB2Ea<ZO7LLzCzkZoZBLI#h<SamGN#2ziL~fgJ+U4
zw`A1yhfL5=$<gn}A8cm07}zMK6Xx6@a_QnzBYSyjYYIkqu6%5>$L%a5OKa#(y;DNV
zq~MBVt2S-0hQHrP5vpcEceQqosx$>ep)9MMg$cb9J<A)Mo=<uOpoe8UQ3NKy_ReQb
z!VBN9pl7Sd58KKemBK{W);iD*m*TtPAR40U7wWE~I)WOqptnuP<-W%LHA89W>&<kv
z5Nh*CKhg}>V6aJ?X^T-Gp0=w3qX_03QkfG~6?~~7GNQpW1)N?LcCO9FDj_UJX4*NV
zzX_v13#C+)S*NFS#nS$e?`y>X(^9SK#u$B8Sft6_Eu8HWLV@#NrOJyk_|9h}O>y28
zVOq2~Uy>%BmrT9Fa`7fBaq2f!UG~H6OdtrpBhTK`i+LV&G|z4w+vB+giadU6b7T=o
zxm@{sbm`s_3l<vZU|}FWh5zjIt8;Dnk6fTY0(0&L2EuU2mUxSsahco{;5u9_cyZR`
zfyk3yV({Di?`V=E^jxAswy&55K8f5b^-b(3h1IFI1N0YNBd=Op8H9FG0y0#esmn7`
zB4HaC6>Vx`WK==~ZM-o$T7f>;kOI2^;%C8!J<H}Ve1ha4=I`(`_ASb$f%EW=v*Zw#
zgkp%>g>sn`@J`rP-c0i0K#2Ge|F>6xS;fs+UOySa7wMQfy=WNb{m7nDCy3yF)+^ME
zPD#W+4c=XQlKIZ>9$tL){t)ZoFNB?^U*%L(zuhcJJI9$>eSvQ3@)VFDIm+0Y<>%f3
zBQ?ZXoBY`#9c<?qJl5?W#%G{5ZcizOPbrgWes>_CPdWqHEh)7B0u)^%^}t?w+jf(e
zzMv<rjNkI(auLPBpBLrAG^Q@pLpSxor^^L8++uU4jd10g#MNGI&N>CB$%RE;wtv71
z3>^y(;p=5(W+6#X9Sm*1iM1Z$XKln(D^@GSn^EDHd9C6OxO0r)vnpC0P!ioWuTX*|
z#X<&so9!bOBfi^$0Wh>J*A}?vbC}ot@O-aKmMOamX}?SI3Ag-yTTxgvb>oV<ny5U$
z&-}1|?C64QAAPp|mgfkO3-*gR8izfWk%9}1$XtM7wbzR5+>>vS+LESU%_0&4w0aqf
z5;mXX;C%?<S?}R`S>C_@{k?mUAMZl%qxJQ5BOdmtC0>x>18~2ae%w;6SMvVc<!;tU
z9hp~@y-_M%wP;G1LB#2=IuwS&S`Fs^Y_}p|ek>5U3TUm#svRXF^iaOTp&|?=kgmg|
z66Vv34tf=TTb^aP&Bo{JFgmG7tjhRaQv><OgjWt;VfdvDBZR*?IGVp2;^rHE1RTv^
zkZ)!6d)k5i8j!v~0zsqs<w!a0NmUOK9f+y`UmPwRo#R)1L=b+x%tOzUou)07t@_(g
zeuF1@kWp#WJ5G~K*6fr@OLZuex`T%4qEc}uCRhPQDO?u8%0SwR<2Ue^6XIog^K&(m
z1PS8!?Y&r9Ms%$*)7;eBMS$svCwO<%^i%|hMM)(9jwGeQ8^N?nupO}Y7-)Fn2?l^>
zBnC}C2^yg;)bUkE7j33gVz`~C*jo9Q;{z?k$nrhDtKoz=hR5h=mifLyYVNXI!Yl;t
z5dtp-`Z|7|QHOZ<2bwAg(}Ayvj4<ifrFBj+39oXzCFH(R8n+mS<!@}u)T^B`C%?&l
z&VA0GQxGeu!yJ^@Iy(30a4}g+D`+EPjOnhMKX;!d*fUx~6=3E-P|eVXpEtuNMx?WB
z)E=;-i)c6t>?>p^+62=n&!x5D(EUv&RG!l?tpk@&r#^Y>9J+X#mk`)LN&3s^2V?75
zL==u(LeJt)_KQ+P{@*^xkYYkkKF-}U|1?5u0Egpee5L|OH(1f|GahfhW@jIqZTxVR
zZ3@qmKnr|@&&0tMN5p}IAR<bMtP@v#VGII8ca%Daor7kCI97~=qs`YQ`5d+BqkEAx
z)mtZ+>t=po<L6Ayt?z386#QVCTyqQCzbW~(7UtH|CY1f(l#wf*{!e|6=UY6|$H-gR
zzz%Z7!wK6K%ETk|dKDpzLU_7$70KfsurLm4ELjE4&N;3@oHwR1ukJcZT|#y%$NGvy
zZ<yX`HFC^w_yK&s&5?)MwI9B*Y>?hOCqrs?^$4T<W{xv|6L9E&R&l^PQkGx)S04p;
zHE%K(AgQ&=e0PbD7rMQ_e}!q*`TY<QV2&tAC%O@J%ckyv?w#m6QnxvnRwh#0q-n;F
zzALWRvw*minr$|Du6ne*?nAL#cSx6hq(){yM+z&cdc6Kd(fHcnTJ~_b#MjkD-ZYEP
zV=w3dp8i+ypoUHtY%p()sWaF18vlI^!XBP!HKnXVY#5EqVYE_%$28^$BnK}7oJZ+}
zmaButE_jN<$QEaE-BMX>JrA(BfBPXk3C3I35rQingM4PxpFu`7YgZt7KHVzpUUqQp
z)E`3bFWU#dh`4ssi8`7eExh3_Jkj(+e?Tyd{BHK@(rKyEt<vuOlkz+%MI>e<mj%oA
zY-R;FB8R*}D8FTpeC3vtlK)f*IKy^On7Knc0P;V|uzPi#H`Q@#1K+4}v>yVEY?~I=
zoF7uqZCAbwX++b#y+hULbiiuxl<cdL`RPc9WGV@#<f*_VNnREZs|S=Z^l8W<{F1WF
zryEa0Wf%`8QYobm(+hI!;&nWMp%Ab9Su=;JGz2y$dnKT5&V19_R5Hj6xXeUVSFiYH
zKM2RK{#H)i-V9XH?~cRvLk*<u)4ifA(d$bb(4a%dOvX}=gOoz!o`P9hcnlrj(EdC2
zk;4lM>qK;x@ZP3I-7sNsxl){o$?x&)opqM?>yfdE!52YY6}!OcDOdX$ULpVIq3@Z#
zzm9OIx~TRv6XvKAPmz#TfP0*KMh{Z3x~n{!5<*6?1{RJ2Cb`0=qV>>A5=S0zL_rv$
zT*<A;9Umy>y|e_vPBi`0jE|WON+@t7vXLnLZx9o13E1G@NKu7i<|i4tcnMxOJHVnd
zxmSy;P&qP(@DJ#)RVDej@?azonZuwWrhOFiKsdqkM&2Bd!-zrtfEX8%TTr~OqZnc~
z@`_3cF)Y3@?nchnfPk!l_$j_@s@T2Jx=kkPq!1=LFgP;Cz#J%{qMsqDvJicy(}<Cs
zo*U=Z;;MOV&|TQE1?kK?a*8M|I@Z19n`1I~up0FrJA0BrLW?_O;4(tp(*1=n^uE9H
zJv~Z4miC%>3sE|`09pB2{=&_i49GQszeP#xE~az_<%OHeNo`M#%`sDoLKS)e<;f9}
zx%Aem4i<)@{0}Ok{N;R4oVbywJ9<SCpZ3=D3Nl@WH2P+--s(M1Ij+MSck4d=mjp%j
z{(*;ULin*BoZzvl6zlF4*qmNb!q~$f_OxVlD`U<v%T*w3;0!dE^>B{V29Dswi;ztT
zlJt12T~^%_bbHKr-;&5y%;DJz;<eZ;;h7k8Qf`Esd2|uMvI%?HUPE?)Irr^Y%+G%3
z%sR(`jwZx%XcANYS)~XS<0^5TFjuS=WGz##T3g$p{6{FC`GMZCRu<%XuzoSjOkp|N
zu!0gu)3FW%Fk6M&j$>^<erul^B$4HYvm{#8t?D6Lf~rDI43i3H{ziuQ6`JtX1xh8_
zYv~^To;)uDM;(AZbz%18Hc+a^H;j?e&X+=~dR6zSaN`-vuyEpx{6v8KsI>9s=G7v=
zO_7Q4w^Ue5@@nN`Po1X{cxlwM@(JJd>HA*79tuE!-@9;%le}eruPOhSsxMoOrVuL}
z0aFIpo?zW`&R?Z%zrDq9+G2xi6f+eW6L}4E!A$Z!xsl(~gc?x@_2n!j;<3BcV+$6*
zt&4T9eM4So!1WdkvwbXPDxPveD=fv&f0*A84gG(Hh9V-Ez>o`rIcJ85d!v)IQp4BR
z?c6{C*0<EIfw&<P188@yb-Sz=pcvP(2`%u(f3@6SyoeVQA-T<is{d^>zxQ#DMAI7>
zFB@`98prhi`w@y9C~x9uGZI#|Xm#X!-K7u%P7~Br7JKwZ)Gsmt(hQBx=1!O=xBMs)
ze;i0hmKH{r;UOPlwZQb3K;+i*kj}M#spr83V7$au9}Dj#2VWNWlV1#9<{HuB@Z-5n
z!s>Ki{c}$~JPws&L2b+Yws$?Td{IFOWBX*1%~N54*GhMNC|kUn?DE?#%fa@{!5ySR
zf1G%9tBqT@SgeE{0oI*^#AugUzS}-NjygWrft~aJj%VHIlM>0ZQU%S7s1wV0I+Q@<
z2H$O6LKf!>H5f#&Jd9|u`i%)H*V&1_43SMhc(}WA>mp}&Lr8@pZzK;+s3WTry}!`(
zFk{k<&7@Ut?fmTh@&5Vq<o)D!<rrl9Qb`i1p(2|5M&mndc@$`7WBMHQh~kd>(Gyw1
z9)IA(`jDKM)}%W#B4%RG_4E~=?<a6nOFV59tM)5?C9*1k=h|s9aviMEx^IaA{RNbM
zK=-zOjF392@nkxNz_D_C_k2uiE=swqCtltbCFkO*i5-51z$!wtxE^A3_T}n}gb~qQ
z`$qM_Ug)L%v;QyL4pT=p*5gH)!c;jk+{xA3g15|%Ymc>#UFp_@F9w0BFTKDA9aM(D
zTFk0u&9CeTS7Yt|^jtRgPUP&e8hOOhnv0fSNM>NJ#`r2=yBeHrL@|(f5~BpX!n|4m
zpgFZ<{k25wP(<sM)v5e^*@~ajdC;!#b=|V{PuN&!Ez!GU7IKj4$9-U>buHtRWVF(V
zYU!9#ljT||*rhxS2?$lhJE_2D(3|>IBnz2Nq}2T<>OpjYVk&0LUMhrrtcX+fYt&+(
zIH=PJCh(R`=k2JK8buwcy40*aE|f3k$elaYSyl#JoNj%1iUBEeO|Ne;ksz#_KzBCL
zp@8BO0+OG<u~UoXWb*sX)WvgAfP<9S#aG2rr5V3odB#KIuP_}NsRDHK9o!b$^PkP%
zSffNO$xGAXjQgZPu+<u&qH(j_zn4W@m;CGlzvIKeEoUB^XM;WcVrP}06G{{sQ40mz
zZq3;HD*%ZfeLzIz`l|+l+!%E#MRM5Kf<mXsa~%hss9ug<`WY|lOQ%&8OkVaU9rcIc
z%WyHK1g)|&%^Uq-945fEX-5|mBO+rSwLiPacKo(hBQ2>T0?VliU1F*g5~P~i89MLM
zROov;HKv&+%=BB&Xr<BDtrshqX~vVi?YW#Iu^;2&bZWc1JlljZFLputDtlg2y?13*
zA>^QZRX!o#!+akBMT#CQdIIyITFT|wR-axYj{SWBoAIpDU<LSmW|%8sCs@Q}I5V#^
zzgub7sr0q#s9>trz0DDoWSd|wPnOCIE}U=RtTZu;-%nYrjcTe$hARx3Z2$$?ju>`6
z+-XhHaGTJK_hc8eAS>jJR*CAAVJQc|R6{yZHdUh^J@8ySv5zJMsTFH7rw=Up4vk$l
zYclg@`+R#n0JN{mIzd^`S9SKim=A)yU7P=hs(*~G;}6@0;n=ns+qP}HvDvV3GqG)}
zaT>dg)!1olH%8-RKl^`O_xnEg^KCxO+B18t`5ot>vv?2Wzp{SC^Vpl~)AU?8YKA;!
zbu<-7?tS{TtIAW!=;YsP7SsL_tIyIeGsSnuzi)Xa=yq(+W07Dpv+U>+@sBwCc4|Gl
zmh<~udKQ15nz98KO<6|k2wfkqyY&;K3b(RdL-wzcNbb_ETVj`h603t%+quI{i1Vun
zFPYvh8*DOlo&Zy_PYr%aN>u|VYrM=K{8#O9U>E-#;ZxE0$D{ZZsCD7ulINL>?-r-R
z`+$RtQ}Rvb@2kvrOD!tOqqSU<AN2DdbF^ij<6&1998sGPL&x&-tz%(%i;{7*iEXn9
zei?{284q#>*=R@ukMl97Yy0OT?vN<dD&p)yJhBpux13llMLr|E)$|3ye`FQu916YO
z@vlLxM?pV!KtJCS;io=axYSZXjborn1CZksq=7kT`|MNo&GrKt`eW|D-st0S67Hrk
zNCP(b1Hpl!Ixz%B<lvWdI{hD*oh|e;7Vj%%#50TZe4AE);~P>l4=v=%Z4~z^Nv=~u
zAy2NQx%z~hwddqeyOEl%9BE&?4QlY*<Owm4#dcYz(a%VKbmGZ<eUfX{)SzT<mDB6$
z?jM;^Zc`kO4z|}Rp<B2&gYzidN;A+zBlUlzS5}v8fB0&f<fLR@<5*sYAv$=u3)nuy
zVlU$01xkkiIr+b7Dpvuk5by<E<rsKwp;X1W^BqY`YL-p8xMiT+v~krym*TQBej=Tq
zcu0@zVfh}V>cJ)b!?1}|`$1xGvB~<nBd8OH3A~J4mBOxxl*b@3=ZD;s*3)PO#@6DE
zXpS)D0Fjos&L-&b0X^+*J2XH4=*^pI#{IdFbre8>q_l|$z>ut%9l2$j%U<JzrJbR8
z)U>(LE;UU-gY|{gx|dIzUK`aK(C@LOD7o{nkC@^{$qiaqbzLiSs?VKNGTqRc1TAMm
zRquV&`zIZP{8iq5PYDad1;ScxJKU(fFsm{%!F^Mj`S%8<KyVC^*$E10Ars1qk~exE
z>i|Ak%yZ1mbS|r;rcbkuk0y88+SvH2zM_mJ_YroN+Z4n;CzfeJ_`$8kXZ~6?no0Sy
z48+*VnG^~Y{8Ov_fsg$#KPRmd>7vzN=`UZ!E8ZbH>z=pn#C*7uJ1ldvH-buO{b#se
zu~|+%c~bi^;E~^QBs1B`*JWu3`!!j_F901?A!jr7l<cA?X<o_!Mz;)WvBUu4Q+o<r
z(*zg>vrmwU{TcT{;Xf6(=~SaeFsM8d*dw%l=jJ>~z4HA9*n09~)%^V4Mq`6ZH{7kp
zc)ovE&6ib-N^`WtH5^l7C>YFtlcaQ+$j}guG?Uv%WRWSwX-W`0aHLqlYD)4;ECYt%
zxeNHWaKcM{Zl$(C2Y2rIYSpJNCQ!|##|pK-y~u>XB=8YDH?K4N=Z{ZF_+7yV-V_`u
zSV{|2RR-cISfhv93XGyT>=|4$^%%Fh1{BfE{?s~}vw}Hs392)C29ykoFEGW<Wwd;0
zI8eG0?PC?`1khFbE8EsWFDo2{{6Jg%Zj4Z>W;uBILp%*qgJFU`R7)JirScyM=y<!L
zdL>&?mPRZZ>J>r5G-%fJ9K?+m?clnJ&&s;uP&F;b6W#{P1_{IBKc~`kDSwrgCLp<S
zTk6`s7%)KVTPtfm2{K!sOvK3}wT=WaJBpXC8!e3+!?_<Rhes{)^;JhsQ32T5m@v<A
zyUV^XMO<$Bb!GfH6l^J75he|vauLRBsHKblq$bBs3E>E)hL4Fq1n<KCc!dk?_lRup
zC-cJ{Vl!RoCY^c+qq2fV9)H@QVaIs>g6bC_xg{UOPxKwaU^<NEu9)C10g4!QP8mZ;
z4gcq%mu?Y!_&U6-nnYi=RX<=`ue}c;M-k%DV*=ie)0gz>EZf6SG!~rn@AN#230+N9
zsrHkz{Ywak`#U<AOT$!8{l{L)jBl|4FN=|A{F}3~SO&{K?v*!FxAa>n!gN4#LB=`u
zvFHmz^q*C{$ic<@6<nHw2Bz`RQ2d>z+r61(E0}Hu^p{jgwg^+c=zHL028fvf{mF!C
z;QWw!RR0GOKH+&3Bla!e1)18&@-RRYvcsBX%&Xw_iOJ*joi_kI(m{o}@jNpzYM-79
zVYqPaoW_Luk)C^hHP;^j>#Lh0P6r^`0;e}Rjy~bVr)UzSzYBENsL9Cqd9`!}4>Bbc
zEMrg~UlG1%=ecQUmjDF=!i1H)6Gral^m|%)O*t|W<(kT6W_g_mn3PH46817q<wI4t
zP$dmM@9G%iu8U5pte@vISQk`I6QUEinDpAj4x-(Zk9Zc~^Ig2Enas~~D4Oyy46Ht@
zpf|+*b>NV-i7G#_<h@ZfNGHD+W1Ym1SU<4o{APCU^-C7_Un?Ld`43LY^lQ3r0}@hA
zI1Gb0g<{EJ>?gMzoz@QK)#vfo9c7jmiRjJeQ*6}O<SD6A<ccad2^Ao7q>9qi4rw8V
zb+ki6R@OuvZDb`K2j_setUj)J_VzhpvP2$@S@Fq~m%M?&3H=1e&lfaRlX>A{>TE5U
zoPss^-A|s1!3yY2DE>!!h;<HOj%=L4XA_M>^sFwj8VMIP)(f}sUW#twZR)+`=1>yr
zd|p)sD*JL~gYkmdL}|rVjG}u2M8XSIf3$Bq?}<4bG0cKeVv~vqt{g!kw>>^8>O!eh
zh1<G|>Sz-X!erkX&7S_Ynwt3L6P0<wv8C~f<!M^0uK@gy!4z{{ZGp$diOB(k!2`4C
zka|x+`<oKWjV`tbYxJc9PhP$2xWIXonAb3wKh2ssWT&nserCu&<$u4cA;&j1b5}e<
zf}F6^oC2p|y58U{A2W=THk*W4uPd(lPmWGbthoJPMZ@W1q|nd5dV}QVgiokDhUu}S
z-q2G!CxK7J>`<IWVJrmXuYV-X@5SP8UnkSHsU1}5r1^iIeZ|tPT?kPVm1OesqtUmJ
zJJ&N`9H-L`Z#VqRvcSFC=&sU3t%)3vuPJ=c?H@<3W-e@Nz&hfl<5sumLha`qQ>##!
z8R~f8N3{&Hb2qlxinrU|`RJW~PK4zE#~81~{sJ4I3-Gz^|N0Al>UoBiwEI?G_Km6Y
zjmo&H0;?%yM)rp4WYIy1v7?kx&*3P0NUl8q)E(-uvD?VcL(AkcO<wR1vY>x!UT0N4
zB9LUs&THW>1;rzypP5^?ZS^&e;6n3!HVoB5m7HS_NUPaI66F*`EmGNe{wi1?__9r<
z4T!y@odK^xId5VII^RLgJ9B41P7<u?PtvUDAaykg?P_7-DR#2+;t~~=@EJ3Lwvu?g
z=zd+Dr4TBH(A-L$$g3nZ#_I9F1?YW@{zs4&bYot;(Yp<!%`jt*y}^_$pR?zJ!)A*r
z0ZIPW%WuIyH64u;G9%CPGIdzb6^1)D0HZLmTMZmuwH=3E7iO#U;y7d$wcBr#ZApPb
z6@R>`Wonh!zGZ@Q9cp`>3)vjr`4+<*#(-wbJlv3G`joXyR<XOe{lC!~#@)75D#&|t
zI^0IuVD?$M4KJK9jmBIfn+I`iPd@VNaX;g28*P&8Ij=>#;dut^nUfWJX1^aIkQY1o
zTo!A>0AVkZom+M76jn>L+)^@ZbR*kUT`}}L+Ct>m7EsKiuqydf#$|>(W@uE8Ssu?`
zi&wrhmq(mz*jTIcT?9Dg<iQ^QX;`8-To^B`BWbP2U77Kvw2Dz>;bae%uSg-7uEV&t
z!0ga`@+={cN|u=8CmKi2ZejdA@FSzZAtI<=Jjf=6d@-e1Gya%bHXQ|dsY|<d7C}oV
z>#w^t&X}n2Dji1S%l#)Fo8cI!_L4v<58~`!d6O*TVhd5*NH@6?(syOZrVP8PBCG#B
zgmit*NX7p=#QD+C7glWS%!q?f{>CYMzpfURNK;F=ACy)#4t$htm_VaajJ`8%a|M1w
zOe(QN=!eU9)i13FCwkNpXR*_^v|Nr#6Ek?)k=!3B-%oL9duk*mWQVvZk2EN3U?%1i
zQY-#t2bS-Jjjc*tw}w5~zH^wXb9M9@eXNdVTB-jHe^pm>F_~vaG20QAa!XaWEyMV9
zm`>ckfKZSVLN}4gOAZ9aBp_=^r;vsA8Ehx-?ryDFrRI!2DP^kMOj`+HYgWBAC#xtD
zoy5Q`%}?1E`x$1<?AA73P2z+7N|mh1J~vPGR-%U5waLZtD76{IO9oe8DO)>(COTxR
z2yc2leGQXddK1J-FRp~CvKdiTRF36Z1E}=Ay6aqJN%SI&wF5TAhA6+Lcj}LB^fkIM
z8{&hEP5J`yKq!Z!X?y)2pe{5OEkaPbyrx2U6`ceZZb3YW%5Up2WdfDGSR_AD))^V9
zETaDVlSz!i=Z*X4^V<U64@bAR?FW=j58J=b6n<93xX)xiUmf1IxB9ofv`2$}MIXZw
z4A4s!M@k$(^8y<?gDAdcBtmr;K3W*!XCir&8(R+D5X)Tf&?N9yIhH}TqhBEnxXsY0
z9FKe!oG~czWv4%t#OnH?i{y%5&!#!gn80~5P~~!@iFG@KD$N)}Y=755)Fc<DaQ%ed
z3U&+Z&t1^pN=XNiJl}O*1)C<w_IXKmEjg&=R}Oxd=L0Jat-nENLg$4COHOOWAT^U6
zp?WGv>O5++z9BcvEr)OGBV<swGXy<!AZd@=Gf?tvZ{O^VC5mdIn*5o>2`D1UVZ+M_
zMySj61k^TX#mXc+d<Ob!<r)w;U$CC|<$J*UBbuKG4amg>02LX4h<#0hCM(+w0l!=)
zzK8Wq;Nh~KE&6)oUG;ai+PcpX`EvQ%DZ!f7;%>N#;UCYgXtHSvt-cR25*DNT_o49Q
zXdux%$|P8<+gg(ZF8EBp#Y_gew2J|^eqn?hfiwUAb`uz5R70xrm{H|0hyTs-<Y+bA
z4tz}&lY`7F0iReQAl!@8f3n^HT$_veOROUyVBc!e1#vukLwVvuKUDiiq$p-ngg;yA
zH|*mMt!MwYGt#Vbd#H!Rr_dg;M_X6XNM3?COJY_$JGe{O<`1zs&JK7)PF3#M-_8?-
z-bbP&zjq2KId1o7C3i;KHEL+~3-HwV7%ix*=6&z+I|ID<q=cNF3&KMH1n;5pQRT-L
zD9vLw*!Ui|{U<pqDlgf&?2Z#lIwZ`$lf{F9IT^MVIKvWj`s&lPyV*xv<S{B0NjHtb
z9g@AjRilnZV_j?hc|et;Z~cG8d@a&3pZ7St9nvHQ<ja1JoW7O#6Vnx>{2;~d*FPek
zcprcpHQ<QtrRFR8&{+TBCnTxgwCrv;SjhqCTZAJ*uIMKXu?9ZqZyd>z2X}N*zpy!9
z3gc3~{g^v`T>&d%n?=O$Y6s5GtZFPn=*n?{I3w~O<byw=a;ot(&8ly_4BXOKw7)uy
zGag<k$BBxZOb4Xo7T330H<$elt74+}FL{tAMg)>|%3t}ugZ?zkZOD=B3cG52W)9e2
zb{>?`vSYzgR-)|X3d)hjfJzR~gwzeU`vw-u2-anbQQ4Rbc9lx-G{=6t(3Ty3r8(rp
zeBQsPaBweMcl@sAkPS8**h)%ca*_sa^2S_t8VFU(#FFP*(Doza%NQw&odq*U{L;Ts
zv;|fIIAFhQ9Sc@zVl7KDq((BxNmGQAArRLjm2+k?3GXKRnzG=@5vjhClRX97!BJiJ
zyBV{~LagyNLAFSeSwa}=#a8SG+eJWV5eJDu7LICj9M6Vo;b=0mCyae;yK00b+lI%I
zbB4~g$4Bz|B;rZaL7~B61|$miA;9bNY60XbLgGI3x0H2g>Bp|I-?J6UStgnsIPJcf
zJwcweKqg2^2VrfjTES<i@nBHejIPtixrI5INf06%)f>Y#p`$Q5FTujdLN?`%g|ta&
z;N&-HU`)ZN+;JBz3>eg1;aHIobhjATrobXeHQfvmtXi=#Cm2C4%>3n%t)2jH!UIf2
zf6>(RRTfNL%p>OMK(AQQdSuryw{fTT6Lfw=@^<uB?mY=c{jRelw1Nulv<&}vUG6Xr
zvUd+)WfAzw(<l_)%3S&!0(Ay$*%KsTCTulVE$lUIPAJF4Q3(}_VP1YO$s%Qk&&_Zd
zdfC777#;DE5XWvGR&UzLa<CeF<pW^CeF9MhYe2MQbz!l48E5`3oHHI&KWM8ST&z)<
zn0wVLF%a#Pp_qcnZxVpM??bZJiE(A2T<WmbBQDcHiY!OV=GGNr$gkx6PNSVpBQ1d)
zzQ}YX|Ls=iF}MNpkKs>YcQeLoBi#O+#_vnAzyYp=rpHnvE5c_}OKTk2H&(#8C@JCV
zPwm)BCqRR9i$gZ7>drlMmjUxFi;**D;({Z_ED^ynFp2_^<G<;=ebx7VC|oPZHt>8+
zdOGa?9njH}W98BR8_~V?jFPWrt>ouhB3F}{)UwL3^m6r`$_T$JP3T!RY1;@eIed5R
zSv=FMCDb}Pt^#<41O-J*<K36ckz1TaBGQkkikK(Hc#>)EQE?JdyCVIEp0vG#G?g@6
z<!ec@B)RQR<rH$U{5@J5eQa+l-KILLm^-0(NFfZb!xtIP#6>L9hrFhFcq0=R>~4#9
zGfOjR_u5DUIr@(<gf(-kus=I>4(mmF{UnG`(o`eHsRJtGD-NjAchz~EZ&w;>=2?kF
zd=&=DrW}hilB*FeGzE3Y?%OBJ3jUBMyfNIWBT!j|DxAzb+vhZ3z;MtycjZ%fe_87Z
z?>DahM!%h*kjYj+7I^*bwOv*7=b#SbhWV0-$X(6l(VXxtPZo$HhyYvUmxuJ$kG$*8
zzKrL9pAhgW^6vv=*4qi%9;M2~-@a%m^7GhgTKF{~>a#z>;o5}|j%`QL#6f&ZDD_Y<
zFN*q_0d2hVqV*ekwmEn|{ypo>k&4Z|MCKRI-Ek#4<JIuz1R29R=H=`@A<dQx{lGI3
z!+>ik;>XYBapn^+6(osT333xKREW!Xt7fz~PtAbm((8ZXZ7!Yb|BAQW1q8;&Z2SL5
zybW||j5+0W;^>#it?5Cp7?Q94Q)T}8#~&w0GxV!N?bVjC1Ha~!q@gz<SDI{_@RSy~
z=OoMc+7Ct?7PKukdIJhIxhmQP<@&T4vIW`Kr8as*$p!o#xx@o*rH;3I@Ff86lXYp1
zVLVT;&X5B;sS&>Jcn_&DJr>)!Z%i?c>PmKhLj0uRC*@q3&9^moeMIYSRIue8C5h~d
znO7pZQc*@P>VXrU5FX4`RVlORK9dL`ySNa&d=}c?OWPoe=NWw@d~f{Q9b*cEPnOH)
z_{p3sz;B0|V1>8Ag5=p_=NZ_|yVP}Zn~LcYQq=dlQ;aWeGvq*1>k_gdGKG-*oS4=V
zS}bL^at03jF-+;xL}-y(5i*9859im_<+epih(|T8IINPE-y7Tqo1etS*x|QDu6mlQ
z=L-;a!R%_?V#73^ar)f5<1H{rntkv4ho8XboVsV9Ey|y7^fbpVO#t{NLsb)qM?sMZ
zC6lqf1i6kVF#gj#$_j<67{;LDKg?OIjlWE*9$fj_A2pAS{PsK}>Vq73sJ$-=4<p3+
z+DX^1%apbZ&*DqdmcuWO_a&85GQ23kWO_p(PjiLw(^f;f^TRySo+$sh*Rf`{2lwNk
zO!-P)&)?9ipPL?$n3upK!LG2=M-P!-TM?A$!+ueEL>TTfwxH#EVu()k*gBk)*B=mR
zF$6zm(0vTy2y3XCF?ZkDrFWVTd(<+Q^gmuy?U!D3RqlPgg$cgVd%+Te>`n#hA21v-
zqs%|AMPO9v%yxh8K;NJI5(r3yu=#<b35|+waJ~|D`IiF0j6eX;Js(ilSF&;@JQ=6$
zCVt@+pUu$#H9D`wz={MV$Nq@of>6Fv+6mhlW9uWpBJXjEy|G16jf7b9iei@~h{K0@
zkIIhYPs=2k3#pJA;h-Odj9jV6S4I%;o8FbPC7nqfaXZkz!pBh<XuyRC1INOTe}t(C
zn6SEy?Iw6oSv>;<DzIZ`U%YF|(hci8B89^^vM5euxf~;YJbK0}Y4v48pi>a9UespL
zi=n)8<knhEZWqa$;2r2736RUAQqk+i{gR{^Cve;>ow~#Fggd6i;VB8a<Z$1mJl$c<
zKZHd3w5@AW-LgW*MmOuWk6}C`8D`t#_}H(ir<4z-Lgs)JIRhHb=oG~zZpB?Okz}t2
z9%&0UJvyv=yjzXK{Hqa<A!iE&iBUm9Dv0k0hRvSEa6R2id*Rt@8pxNOWd0gFo?o`Y
zC7FrLaSfC{vpkceD12E$$?o2C@a>70O>;x2wXMN@X2l0@6V77x*OjJ+QZhiIad$HK
zTnyHv+ZTcV6{TN}00!2xwwKi8bhO_LBWk4}e6TRB^7{W1rgb-wbk9Lv=-xP>-uz2d
zkB|23<AsXp_MPeM$0{gJHzOPtsQdT4q~V-m(WkaSBTb?0FRiMga8~fx3_r2*MgMz&
z4oxyKLCMpVyvV_3iZqpL3pR99i@=<W4;7Ohg$98?9{)-iAb6)CoXt-bY_2$)^xKjX
zLAld_NqLPz*$FZ*vG`1xq^Te@=%KiK=|#vwWflq3KFSjzl%t7U<8Pyw9Qi*8bK^pF
ze9CGYjbVLuefZE!OPe{r01is)XkF>W8@-F#Kd01<QpM{0TzEFq_xY(!1wfXa2?n(M
z9R5>Aia<QCxr6YT2Put0@c`DplPe3vKYXN#Q5yb9)<)Pl?Ccjzvh2D-!+dvsu+*Wm
zHzkPdAK1B|XjE8IN59T0y*H`sw0Zs1C2Ev3a-01rTXZIwGJ~b8g%Vk}Wvjo<z0Zhz
z9TonHb`)lB?T~SwEr$<fc>u>t$%zAB*zq4p6q0!jNmQ#GK0fSKfGB!(iY1NnUotVN
z%dU7^<uJFzj{sCv3SC$@iO)O{BbfKhrNflQ(s5o@&1PV=dM5{BVktS4YBb@)mtQ%y
zVd{o5Hj^K%GRKxf*4%wfGO`cu{zrv{lLbjmX%@wJgFfbVmt3s#H8Azb^Dv0#ZK!%m
z4cv(ePH#$ali=+Hk&-uNdUu(*O@@vK%G2rb_zfzuZ8K~s%2WiRybEl1H6V$7AI8n0
z7MgA;`4R$9vCTxnr{4du>gF+cBuIO-OLp##@|zd~DZVFuvYkq9fBEVf4tkv4ovy0}
zeImW&ec1+cltByx0E~VN!`HmHZyNdxpPJL5O&YBw19u_*5-@+8iluR@M1nvrp3B&K
zwoA*)39cl?465d5PbT84{;_%pg#(#H`l#5rFr>64i1+Fin1Dp(=tUd(s0bZUOX*Aq
zQ#XJouLJ>ehao@86)F4$ulQ?`c0A6`O<Jk>f!i?&i9nC*Igp}wOckVoceOGaQe2rX
z9YF%queQ7_<@W>EV)sl3XN-YRo1sJ#E6yIRqLO73R-S*(Md~z%Tqdp$(*tz_I#I21
zS>Ympn*qG8B1dy<-H5z`q<U;v1<%eMib)0J8Ix(AR-j5F!Zpzu|An;ync7S~-$GjD
z%DZn+O6*Y}1SqAFMMCiPR%E6No^oX;LS?J3bD3e?-YCd_b9XNv3D`qQ-1WiUP7<3p
zs616D@g5ucdqJ;JKJGB#r;3<lg=G&XmLCv+Hj4ZFLh&mjvw-Xne?GByeG4~75bWJ<
z>Swy1NAFj<_h%JSJ&1ITNid3X6GC_wiX0`wff~NS1OoeLi7fY*+{ND@eC?DeI(lG@
z_m^sv#h3xnNX0I8Y|oK|<^JY#rG@d29=*s;?ER!aD0p*|k6sdyt4h17BrEKamn(>C
z{ZMaub(AO}rOdY_t`chP>zr`UumcILOFQ<RNjZBK;|nsg%6O}@$NsdfL?Uf^HL%5G
z&ly(_K>xov_GVdXRDH9dI<FaXa>s!^g*hEUQ8hjDsb(#c!B!r@pBtk7-A4N;?!|B>
z+~l|jibCIcFzjSVxai&;c2Sfvm1uuP$=2QfBpNB@oj~}03>gQZoPg>?AZ>N1`VII?
z`R>==MKP!47AA~5N5BM!R&-oE>yu7(mFH<D4_rmvCfl%Fp*q_p<>Y<}k0NRi$3LbO
zB}R?Ni8g<rO8EVQ@MBXEvK1I~r{6rs(+hm%xn87!Y0Y*YVP+|lz|L#T!*}1qRc?3-
zXnb4AiKnO&8?=daJ6Q<`IXt+Av5Snei`Xct3X=V^(lUU6<F$QKH2POR%4q_-bX}K#
z5P)rF)2j3{INGlAUcPNQexJZ$uz~GlGC{3$%C^uigEkU2NJW54*v@|DFX6E7OW`V5
zE)*(|(oM>S@GJAw%UW?|Vu~JNl_eT8>kM>irwaRyeKn2vt*PGxskFxlvUu3qnjyZq
zx!CCo)46=i&EI{y9YG8#g@LR-L{E~HPe38uYMDg!f(Mj=aQ093-QIN*`#2-FudJEi
zvPjL-ho3FsGgN;jIVFZ_Z*eY*q>-l?uo<cIqh1VQ7A=RhN*exsT?<a=^5qX#a=ycI
z!hP1E?AFZzP*id0QnnBNG&zM)E={bIGk-%%cBJ8mNL7stGnm*fR+8n?gl=M((gd8D
zzkYo7{SZUmvD}1UJQwr&3GW~C4%+>K4f@KZ=5?kBM?5CLnsx^HrQ^y+>olWiwhhFg
z2RCIbergOsbHnq`Qho-#g-_r>>Vp?Ps7#J}KZ&Bs+G<*UTiSlrK#C<lFtucxX`x|2
zA#|G?oa&%QT@I<z+F<yz5ghiI_zMVkYUM^TW-%$Uy0o_dodq&PA*f-SP`U{-NYiMU
zTN};yit)`j6#NrOzZLstzlI=}@Vmry!HJRwH&hXH^=TO7V(U^5M(>kaUNnp@kVx1X
zG>=8zA}4TM9l1p4)Xj&CUK+`QN$WWB*k4FHeUw_sMsv}*iKI~DDaPi$qX4ba#f#Qd
zxj?P4Rm<Fnx9+;TWz(I@f(jq*IK?Wl!JB*XDN(ZLw%DWdB7DX7vxSNEyWF$fegi5a
z(e-8&P_M@TeT2Pa^Uv1-#t&e2>ISsA83A%RsB*+=76yUBr!taV>FdTm7`oyHbqC*<
z2j2<d>-aSb2N1pmA$L0U1Gx9xFAYm6n!mD@P#N1*_9gpa+)hRj_v~ycMcJ{yO^a8!
zFK!lkHc$!_>5ML_^KMp4aW3}de3#}Z5KlpQr_6stP1;`xJT_a!(%($8!i4uw8e%|K
zHOGL^X8wCO__yqh-Tu2*ua9wN>uzz+>uQ8HNzOcz;r09-gUW;qRC(^M+l^*_d2p5E
zrRM5v_iSa+|D?q=jP%@i)U8wA-T4GXbiRlIg^s?q-xRV(NVQzz3cbcewAs0KY;t$2
zH3qU);u`DmB=l7u2L1AnL;`JZZf@E?fi<x6_r#IPCVlZF%GRZqMf|$SxvJf_pKXLx
zy(l|Z9BU3VLni$|EUG-IRTbNo2m#qS#msmUBVz24_E8PkeF}O>5v$Jtb^ZcY{_~xx
zd>qq)nr+_e*`7UGK`!;b>gz!7`Cq`A!GSMDB=MINv1O%?u4(oaQ{R%4CW0lNJK^IJ
zZ5Ls&mW_K41vFzS)W3fTRSQ{%2uJsN+O$)c;G--Nq5;cdVaj{|zsEm@xycrE7ZpjW
zmI6rEiaO1*e{45HFdDdo=V$Ulw^@1G-urJlhZ0v3zPI;&Ax?oToV#)+KFn~J1$vcU
zO_)ZT`*>TW7Od7aDH-X$h7oRxxPDS*>UvMt)~Ctinm8yC<hLDVl0z*ot-}w{4`zOQ
z&?&vs0D!WX6c<0ZvH|`ftiW`A8P}ZfoG|KXafTQxWs0gx)7wR@eRHDs{L8j}Du1GP
zH3eN)=Pp&t^`cLIiL>qUM+V!9qyO07d;bC}>bi9P>G6y9_m4ato}Ec`&w=f}g=?N3
zsTB4S+gok|hB$YvHV=ibacWYS-^ZVqzV%3~tpYQsSiU;8NxD(YHK*@X5!Lkf%r4>U
ztlQ8pNL^<dc;)f)Q;wyoKDR*)J{w`Tx){XY_8ZpoiNm;N-d)Y_QHefsF!aNg>zH5q
zuq13tf^0SHnq}8@F>LK6DdrpHEke#5n|Pbk4em<4Xbn4{#67>4xM3o9ReG_&aEfz!
zYXjMStDVY!#SEygQD|E<IfG5Sd(TqZ^b#ElAnQ!Lto;IZ{iD3@nG%IfWHIwOZKKq8
zt&*#ZVq_6*YtGzm#u;>*1~aRvW})6rOeB(IQq0yq2`$nAHHvn%+Su+)l#()44xjVB
zQ5MorLg($PBXz;3iCiluA*F{nqNlO&bOHg6UkASNjlJg_bBWw?M1plOmm{$U?M=|t
zL)uefclYMz$cH1<4AL_wfjnZTOyYyX1alQG8mADU+4UMSzN#F?xVnjIrri5Iivfo;
zuLKVQ?EW5&ed=UQ*F8ulyG0e|fs~=Rjrudm1JJ?DHX%I1CBTyp+DN0zOe`SI1JSkA
zSkzZ*3XSN&3Qr=pC92#~9z&`|_9C~vB^x0JpC@31#Lx_Bb^J#0@y*{zZV@yOJPBcV
zS_~*ZlV9D@&Y0S#szmfv__)6Twb`H*t$q;t&;Q8&t&iQnK@i_f=_-hH=Fjr<Vy<?G
z3S)mgdph}UvjBe~U9{QjX%hl)xjaqT(JP53A>#QBum7FM0A?(UIaloZ>p0e;loXPx
z2&+*!DucC|&Ch_tNH0T=58EtO*KDg`&y_+}74oGu#pdm3#FmIjZ>0*z$*+N%h!A9}
z?}trPAB|XVuxZq8qj(BoqOw)@g*$x3Wboe_7OYRX+%y!B;atx<R1e63;&=$N$iSpG
z_WqsoxOZ}?z|+oHrtQQ)Popq=e#txSbbrW!72+M_Z7Le~D;IX8szmGdG47`gPE_6*
zj{x^qP^(R#mD=zJ;Ns0^3j$V#fR)L+mS?h43dhvvn^R6PO(;GAG7z}{*{L1y;gpyj
zP0CO(QQ?!;A!F?>mkr<mKUxwPA90VH_i)nlDRI$|*+k9C*pOCb+l<yN;&bi$cCE^K
zC(&YX1nzY(xz$KRJ>waJP(LCy(3SJQc4(_AujSX16Wh!u(xThk(W^y&s0G%M+-U_?
zgU?bwc*VEKt^UCJIq*Lr-1}7MxmJt!oO&JE@9N{v!7pb10HCkRV-a>!<Ch+up;2lO
zBBa@CV+_(h9h03@?SX1W-qH#gKYD?pBjEDlk?0ldL7n0LsOV@0e_+?1LARKqXCr9F
zlsJ_H+qdjRCsZwzfxjQ0o(hMdRQVcp<DQ;hR^{F%MQPpu)NIhI7ADB@ct>0WB(@=B
zw+A>K80Y~Xz`qmQ;iy7X`1<~SDPxO#_FN4)#D0a&a|7P14+q;Oh0Q~>&yW~#GG^2>
zbhjM_=eKv_T>#1!lR28W#_Up8!4UCST(=#O5O0%NR<$z43x*&j(f@*Y2Mp{zQT7sc
z*%4g{q%JF>Alr=o-lFgT{jioYYV2-y{f%+p0E$^<GFuI=GN<Sy*sbMuga!6gOv|4L
zv4}O>3cP1}@CSsDQB+RKMBzdMdYlm!z)&>wztG)klIuAv*}Fo5WxfAE*r)(Qpftu|
zoNiVC!rq#2aXAG@n=E}M@oST`_#Y6RyztSyTwd1GInzU~MmIuHOU7K1eFa?5MmG!D
zKg@YGK!D1skV45B;=AaL)X#o;;ibNDLf;N7xfU9Qr90^eoO`ad3YwQ4(ix-=HgzmL
z`$?S0^&I~C=K76W`>4k=IGHkIYytgNn^|DAlt;y}juj=Id~U=cea?*R;4Dp${yN@h
z&RB63L64kq(=~n8QL4jck_1>9t5JBLWMLqSS=c=!$m!XgNkz!PG#tmPUj?V$?36+m
zjW6k?xlc$u8*N0=OEciy3w%um6obKlxJOUAx;`~Ia}=;g*3MEOs_gs_z~=p{+!0?M
ztDCvig!o;8)!vigle*PcX6Zyq7_ifG?7bvAKHK6efA~kOLsGrQD6qJr7am7xyIlvF
z5j(Fv?uGRGmk-j+C#L)D-f|D0qx~p2FDRutXcOSl2h9KsL*(;`tNbzeUZ&MQE0i(X
z6rBC`5|ZQ>yt&MqElj;+LvE`KfSg+(S5|89HLqZE`OQsPrk&HJ%bVhma5qCCJ;|BT
ztI7LFLT#+qyW;ei2++>lj$QVWCL72Zg-H5lSEeBi$9^3X&XZjGL*Zx`eccC+(=xlk
zm_gCaGMNA8<GjV!%qNW=7pdyd(P%WidUhFm1`%<Bnk)7`yes@&vl2nu2VgSyj_?kI
zZ$!xL4LPv^t8QqzKo4^o@!7vjO7x)qD`!B9gB@ou&SEL>amuG*h}Kk;q1vlpV4Ie$
z&twefY{31GNz<<;XF&}0xIrh)+mzL$h)}m;b6Jx%b<PxtKqE@Ad|<qTJHpU(Q;QO`
zob;S3qVr%1zuDadGPMM?CfkZUiy<pJwh<u*(ZbR%%j<SGo9_1XjKLd%7<NI9qi<sc
zj33(~fciTaatnbCl~glaQ=nD(VA@Z1cTPKFH{cK3hm{&E=<4#S<^{C%VUh~+paPpN
z@2c*AwyTE2^~$?R6wq_(XRrYid^4n1(51PWG3Xb3q{<uE1i+@BbxnJBjFl}`XkL1d
zV=sM*1j53K`rBYaYd~Msbi-ZzV~$qh1klSOZ&83)qlWlKiztqm>8n~L#`8?&!Qq>}
zk=%l;mc-Ze1>xv$-tWl2xh<{0kgoI)+rQ2qfi&6lYn9!s672;uVbnjGb0@a+Mh{bk
z!A{e>#%Az`h|}v*jMnn_gNh4$!E0%Y21#RSTWhV6yu!7c?ifE~nlpO$l{NVoP&CWM
zDVPxow@oc>9-DpUu{xPNHx(hx4=2X_!Gv#h_<p52{qbm4(Fj@{Z8rM&t;H$QM~o*?
z$$d!qEQ3CzUTI^(%&MPelRQ11!61n*5_=FcZdj$-l2tq!aYt7@%G-&P8z}<r$W`ei
zuek*LBaL}Jv>uE8yWJh-sua-BU;g>)5q750<2-Q!fHpm&?4_#skMOrl%MeGCQIjc#
z1No66&bAo8$w6wqWY!R<AIxIibs@h~iI$y#Z)(Q)2Xy(dl|TgYu&w9>ZH|HuA5#J<
zd#pZTV<-aIU0Uc#GHPfP;!8GiSQIJlROoW*T&42Q&gO+R0eGyifNk{Z)gXS>u=S9?
zhJsM*uX57luDkL{PqJhp+xKT%>D~fX$oO&8LMgbM8J69N!kiZ}F<%2`CjGA;-VF;U
zK;fAIZ?%xvYt6-DGAfP91Yra7V)dVNsaxW)UwUbJ^;dfu5VpQRB2kcoz=!RpbNUX^
z9VTx^Swsl0J$mr|S4sa%9~<T7+T2zCBYTv)ABAMy^66*6$^^rOb@jd^!`!L?wUxB)
zx)^>0e&J4Z(iv$>?GS@tTqGQ$pSX51*U=b9^L+u_-H7M|nWcm4m}2ZCm{r0sUQv9b
z&s;P*Tpm6!n$7Q7cmt)ZZZ!qr`@1fDt9RrrB))Iu{Dtih06E^m8f<~~8-D%T{txEI
zgXH!>8XX_Y2gsULpnraU-(6gK|3|k!aN#62P4ep@U!A!2LnFAQxyC<^OqK~;n8qFF
zHlCl`tKr@<7)+($;Bn<L-}y0d8!58%W;z9G?rq;*0f7&@>5t=$MrZtQK@?D6g>8<&
zb`;eL&_#3dj5HDxr+~xrG=>my6^Q!2%G-gG<n4#@)&Sc#^&E7iyuMQyh;rl#Df(0p
zFL`a=W|qqc4~=esU`fEbw!>Xg{)2!YQyfEx-YVnWbGj{PgZ0sJ=fd3fZ*m!u2(jxi
zRmd?+KRp`eR{2^5nVeZ1bD_!VEN37x#65>NU>>%vd`2TuuA$}}wmLNnt{4bXB2q<}
zwm)l|>AAz6Ck*jM-Vsb4y(z!YY-Rv`f46gFP{m3me`8iI!)hzxNl|2a$Mpl37ms?L
zPP@zw-UH<@#a=R(2>LZ23y8HXyS5JQI(?vJtLMQ2q>tX-?R7nHln)zZ%Z0u=k#hv(
z5WN0eeR;`#S!nQ79WtCw`Y*MIHq{B(_-$k()~`*3t6zLQ8xq>QYDzU(FdCE5L~}yg
z`pD_ieCOgam$MHDG;}gxi>$?alsuthS#q~GEAyy>zfTC(#S(zlPO`4V2|2jgYTZ=M
z_ii`T<mDZl#kbz-Z=pxWkt=SZHUSU^{^hCK!-z4!r=I_+4q}8$^2>kdcTrBb9b{G@
zJt)HUjcp<nya*-Tlup!uS?`7}`*{vxd?Cl`3vS=hQ|*KTb=B(9vtb!(-xN~G%o||@
zWuHc2e*;&&CklX-7mJ*#R-sHJYm)sH|D(}A@cx^Zor9yljW)D*2C{330)V#Cd5FT?
z)5)iCk)D=aVg)*EDB)@E8fFu!PxL0No$q6Q$;lD{;FR0*x8ggFXM}yb5t{D@pr1>c
zTr=1I8&lU<riPKW;X`E2XFjn^LC~CHwuNFs+q}<w7JdJG(#x#@J(d3E=i<V*ucw6M
zND}&LmWh-Z=h)y=h2;R4DwVoF?ocuwy8ng1FzAo6d)o6#8fN`ARS(w+<_LGQ&*oG~
zpO=h(w;57~qoh}~?yz1!&=Ktl%-VtVhMD%{20jaSoBuS1?PKa;Ga~wQJWO{-t{a{<
z!@sowWC2j<zT5>;o>+tiry~WHZ=LDSxCJ5a+d0g=t6J8eZ$QWQ4bZvguUD0it9W5G
zM^OHB<p{zXVtgMBCtt=6fT84SKPlELz(3c=s4_qkXFOcqDeL5up2|LPgq3?M987AC
z@=jxrb!U%fi9<_=?up=(bJ*eFlmfF|qMTneuPJE8uuP23qH+W;qO4%4d=|&Dkk^?0
zo}}vLa4)MW2=pjdl*+Ht<fk;rHiJ3s@Vr<4+REIW?Zv1VRW80_nYMqFe_0qnO#gcC
z%j~I01W3915iHvu-o=;RucnLLKYE*&&v;(INj**`TLA_eUR3c<N;mtSZAQai+-S3n
z3MM@Vrl|0bCr9pd_tDD;txBaPp>D3>r>K&$QWm7h0a_vFdkqK}xLlM7<(h-v<gWTB
z1`PX&kffw*GG6b_0k*9yd?T1h>-Xo;1tVeqlfMcvwhH(r_*1mIOQg56hcJ)FVD!(6
z_AMZ!fY)*B>?#1dx;Ve6`4HQD9~}Acph`^H(V~u>q>K5XcvQ6>(zcum{bP4WheUYs
za1{k;M&!kfq;SXtXtlb&WU#)g#!2i{5QkTF!kA*pkEX`_$D5bfllO>{?mDDF(vP=~
z=oBiC@WklY<jDxFG$z9iYMUd?Mb1Xgk|PBE>>-`6iN|;h#ti4+Y(u)$rIV^t(9K8`
z%iELgMJ<c{Q>#pQJ74<md1G~6rk#8Dz!g|NWz~yyAW{>8ZV~o2B$PeXiCW}xUc0$n
z?PFMik63Ip3OI_447~J!QLsfJ#JRmpOFQ(Wv{zT)-E;^1g^(N${~bDiVIZJss}8Xs
z@P`fv)foNqgNKYQ;A;GlMywm<G$KVtGC@8?K?<*;o@U|O2dl2~@bt=!pig-ZFAGrA
z^Yi}za#(WKP@zdieD8Vf#|tya4<#*JI0;Q6UyY6;U6l)F#%Ekuab7X27}KUd5qtAr
z>wk{cHL;gkrYiGfoSKS?D-@=vP}SNQdVKA)TWRCP%!z}2ZD2;)Sm-=~sEC`yjZ%zs
zbfjFSa@AqMvpVgc)B8T`FB1pQd)L=PW*`TcAh38q*G*r<-H*Xke50R^%6F7h!{YVv
z^BRhXLfi~S4UJ+?uDVh)F0~cO;G<sSPe`(*$Uz?J`=4wUV+DnlnW`X1*qm~1#<IWE
zXQEP@Jh^CZ&S?p3u83k=i^{-}n=GDTrP8|Tj(6gRZc0sif^U$mw?KaT|FYI<b*mO6
zf^89o;HZ|5#>}rK?W2fu%LT>vu3@V9pgD=;rACZRW#q2^NbB&lNt~MIj~Ic`WlHhP
z+4V{7mvofaq`<FZpZP^%{dv59%mSbsFGnzXFE@u!N{RR%%39u;Hb@((>`(m0IL`td
zK2<z>qmdZUwvIV47wvr<Cc3)BhWa0RKUVdiXYSVsZ%ylho_D>{9C<ff{bl|6N%(Dz
zdB1LBfL};zbt2Y+p-yuCW&`zZ{k+ZH;LGPpdp*h|Bw0S(Tjd?c-O|Lvl4!3g^=|#z
z#s0a4E;|eQQWYjl6MolEQOP7D!-$>^i9({NoM`}g`YEB+ky8;RT-?t*(MN@g1>y8#
zP&0(+AJiZJA$o8Y7ew}emh-wDFT5I0N9fd_IrY}cc3`5Mz?c375$RJtsfYFK2J8<K
zf;e?h&WnH9Z>TjT(pw5(F4g?z9~{$u2W_KHPA}U#t>T2Lv%~3qZd#y8b}{a>(_4A*
z0HCI7-+`x`@5gdXfAGG4=}{sp>#GxsPv79bdhi<FizA%^6Z=DYuSoCz0Dit(({n8b
zP-hjohg(3-Q{gK-yu;hf=BDh2%YpeDC<OI3>9r9r%kSn6ky6mTq<iFF4-x7B&X?x+
z7E|LjE~1q94)Q`o)zx_JSEodWE#TGmYWcaAm&HP}cMc|i)CO|{hBxjzA^PX0^p3MK
zgbE6w`oxG5_dnm&`YE#ACoBeDt$QB3PpJgc;G4A*MIWox3Kc)t=GjCo(DjEw=xE#@
zrt$B~vIWe|YJ6X*FmWgbPfbgEOz#NfoZ{J+H}7K<Rxd=>N<9%V7e<qp4gvXyZ-=Z8
zt3k55>duD4p)zVREp}Swhf1NyP^s`7*HusI%&VlfFd4DD<jyFuDL3UpMUxTL!dkU$
zo$jG@o70X{XT2$)30|m_@Hx)gq8QNQ&+7N9FD@0kV6SD<F+jACWdYd_m9c#PS3ZAt
zTsWWTqnjFJqjAUz{p26l1{jX<|Jd1uqrPfdRJ$ULLw`uJwI)ms0~asdS&PAfVS6%|
zx9A6NUwQ+&-$Rc+Y`N61L7=LA5O9gf3LyOf<xqlWzX4FquipAC(51IO{M5_#(48dO
z%)0bPJ^piVbjC|1#L7QSnkTXgHVUZ$&E1;VCfY@Gv+n0EWKCc}$=b+AB8+;~IZ5J`
zkfl$g=pp1$0Y&Ln56h?k1@Dv4e=f!UH7UllDSTulp>KqG7m{uTzaHZWqglDBd1cVp
zi8-H$L?rPqjZ;bXR@C_!D&O@x%hV3xW5`kLGW=idK$B2e&chgRNV1@X!M1+q)VM$Z
zXT)wj>4!{QVEr#=*9oNm?FDKQ=6LCL{=P9Zcyi@!U+5s?hPP4<hvU0fNs*c=IPkGg
z+JRP%yY->S_yemx8*1wLkF_0ZBy9P8J-#uRTQ*VzbITOpz|``D6_{EUAN>DQ%h3XP
z!P+==S&~|t=?ABgqLjeI3BcK*RX7JY>bso~tw%g>t?)VwY4QYqTjAxtk&plQ;=Mi!
zLuy^$1gRMR(PN`qhvCS(y~KN(H@_|SFLlR&urp(i0-ly-Pe|Z58=)GD1o|z^=IS<Y
zih83JdGrb&{R8?x`EJD_!vwK*%U|#ba&wm&bw!B|Q#GZe*zSOf!JC61dg#gtF?ULf
z#LDIdI=<|7(OgM9*x?!Wy^dAsSM|`;H07MlR9h{%?jJ%}1%>pmxj%Z=@ival4+<B`
z0nV^NC-ORHlzv_s{|pJNf^dvqti+9;NJ}t!Zhbbaapvq{BM^#IXp4S!*_}J_-jL!C
z=UULfa!w=C7zP1k?o0@rwua@Z4f`&)?bTC@iYDaklzE;?UrYA_;GVmn|F1fdE;AjZ
zIuXg%#e>`0rRZiAUI&$ocI(1P-Nb|eKabvbx%k)ZO_AY`=63HD=iC2A4pvaEe#Lnl
zQxHYo_bBEsCFpa5u;ZMaUL%j8CH%JPv(3QgflibTSBdJ_zIK-lemo=OOk2fNuHtaJ
z5Xl3B%G7IOQcNgs(n3|0OKBzP$i5lMW+EAtTpec~!`cjE7K$XYFM_>9RDE1iwGTAH
z;Gp-P4HuBc7|7e}0bS<<jP@Nb0p44u))Xq^+>->=6Mt^*pjkpfmt#XLjR-7K6`-w)
zP`1|st>K|sp>OT;*$k8}oK`BF)1{ARp=>E^@WG3g-}SiJR$g1X;Ubay=)`?L&wz%D
zt@l;9JnX)7EN=$|RFcVI5xYArnu@Ghc$9ndgYHC0d2}d&TtfSj#X*6`j1$sPJ$($G
zSwvC1WKcdp6*A(3S$sgQFIY|93NR<?c3OPiF0>m?zH?cGulL`+pmvo5grKFdY1ie=
zgp!=N*LOApf&uSsNHLhJ5QgW}V3PMs(!@lAD$%0w`y?CD1aT5U=c+9=Zj_4vbNAZS
z(tqp1(LthtPNbZejhxzeK@Q&S{zYsvsf^Tz2HcR8EBA+%agwcQu^GBXK%|pB=)yl+
zaQV%cY{Q7mx|-$=k)JfVV-!znR3{N9P9^t`Dr<6VoKq?UW|H&urG@Lamx-~9>jMW*
zFa+%67xZmM-7?N6DNNXEJvA#Z*(fN?Gc|d?GyY8CJd0aWgTznTg6P$p%a%@=l6TV-
zJ9|(XT30;TVp~p-HoCC|SRMVYQ+fEtnj>xTHToROGgxtX1<_=nI*)aM3P)D1;O~)U
zLXKzQFI5<iCxzW?2Xg^0;m>*7t|%+P#82W6W2${|Aa)Uwkc@Elj0Aul$*_w8Zd=nv
zMSF18+qgVkYDtVa^c_9Hwh#{5EoTvaq@8<1qr{}(Zi@S}L6t=&aDQ$%Mn`pMD1gO5
zU&_>weYLjdDzRoVTMP3$K2W}&TK%Q(mUD^|n|j_A>k%f-@=QdLwHrJ+vp1^`M4kKC
zS%!6%oIp#GHsm8NRZ<xQSSZS#fQzZ}NboE(Ze>~qvkArKFg_RIkSs-V^v6dTao9`$
zBcsodis>EjPnf3#N)42rddURmLJBQ!KQzP=IG{$G1Bh4OhC&xbSN3I2nB6&KJobKj
zhQi|ok|^eP3cym4>Vl;Oqvt@Fg!z&6oki%ov*zRzZHx6Cx%>O{N-_uZM1+0P_xIl?
zejmn<g}p`{8ISclg+je=*E9LCLa$e^o4ps4Hv63yCZKm9^RnaB_^rP8dE1r_SL8Dt
zjxyRlbam^>2~}#{=$B9mwb6aKw=mvuZR;|TZCQrK0B~<dt(q*J-x_0yilhudus{fD
z_qrB6U3u_TCo+2|!MRn=fo)fqI<uBi=@mh)4417SHvd2EkOHg*{F}V(m<I_xE^Dk)
zDjVmh(STyWBC2e!D7Gs9gxt9bmNFiKszl1>OPDZk<0o_>-V|IGMZ78jMZ;+>`ftv*
zf2G&&XZR7+?J&=caAfGMT#P}`5_I2GmPwvN@b4P0pjtsyc_bfXBV<2|^RrnPP+gVF
z5ic&37z<4r$*_J`^nMC-H~)Qa5#%`d_A>*mGG-tO5V!dY1#4srLG3hdR~V!UFD{!P
zu8DynxxI&Vpa5SI1y|;$G;RP!t%1sV2(2nCD6%pHyr^<AE!o^{1&kLY=x<N$`^e@b
z67=zTQ9tr9rVz=lrNqA~XJ<Bj9UmJmV>^tugdxX7#GFIfJV@m})+(m!qv!5K+!SpX
zxnC&<40lzMHSvzWBbJrO*fRFVw7zGAll-C~t}un{HZK0tb533mjfUsWxn%eJ38sZv
z?17S2L8{P+`4l9iT!qWaqx{Kgk1kn(Fqr0uXP=d5L{c4bl_lFmfxZ-rW&C@Oanzd;
zP4Mn$p2cHe9BW=c9Mq2!fiwJyfgsFXOpEwJU;vWSRr#}p3iKBxiVJLr3I+nI<;U_c
z*4$Hp-#3e@A)9UolcRhbT~d@rZ1+x=S`kyDGpZb<()A<S`(AWGsW|~7$z(CbnQCNM
zpOWV_wQX5~7xv3C(B;^Lj?On3)aYgD%?M;JKE+<_z7XM&A4VV}___TED98DE=yAj_
z227ttcX_A0OnkvSS)Oc~x|BIJa2?v=N|;9T-+&FegzxBskaO+lLvg)X^eDhhSr+ca
zEeh>R;wk;7#79zE@kSo+wS050J@t?m1Mezm{);EDS}pbt2#Yo=S^x6$3?^$OwbUZ?
zp4ft9QgT$K;qO0@!K<pIqmhY?j8)k&HNfw)l8Y-MG;>h9Tbr7nNNM+<Q~pEbT_t@;
zHD!%97t^oy_AX?426hSf60!AsEVHO=zl06$C+hNAYoNq^opTobcb@76hTBl5F}kE6
zEZhc$g_K`kz$^8-Q-9t~x0+ukcppzjKrR9H(ps<Wfmdda<ezjMq*)22-f_1ib^xwi
zw>vV>N#S6kUg+H-e+DFt%Whup1@yja@1}}*0+f|ND(pUyXLhMSbV<=Hc0%)hKgRz9
z-asM0yd>Kge<FIiP1WpeU_on!wgGk`v<)KvJ@U2z6<*Y4>3@==zsMJVzG{ODcEaG`
z%tZ^GCK2`OK$8hk;i~8;6Ot+Mf|OEGLe+DB7zB<t?F$@|{$C;6!C-{E$nlU1-h_S}
zw816Ss0n0-fo8W!E9ORXbaHWhdU100t__aZeke}ngBDD3WSjxR529IDXiEY^ieN^U
z;yoChfhde|L^Y2#xD1%x(Ax39?sd|P1`lCq#n0JC*Mp1W!P(`-3A-XWI=dNNpIohf
zojmN&J#9_F>gMW<a+tsmBXMN(zj5gPrT@R=)nC?)4qL<_`LoUbpWDLr4|Wf~OR4vR
z@4E<k!Z@1@r{gi~*Nz-UBkcCU1iCogok~Z|oR`ys=$X%4U$fl)Jz8Ly)z#wM($@dO
z%&}(F8zj9P$Y@e2HY0x3C>>Xy`OqGJLznC;!sLvB2)n`GN7Q9thS;G-a;z%CDAP9F
z@xZo2Hh0A#f)|AgK(^R5E+ARyBbtx#X2fAICoF*s-;mNRyn`cZ5CUQx6UC&ug#s&?
ztrknjl+dBfJ7A0DLgPLM>{wj(GmtD*a`1|L1h!}}(P<xK+zXWIvi}1Orz2&5+5&IE
zubf^~q`>U0u`{89mP%Sl)eTZs-ri~vd6_@H#2oBpIE9`#)nkX0Rn+#wDZ7t(L)8U|
zYvj>eVcF5;FCz@afh%t*V|Px<r>O)0zs%xcK-gqW49(d~D~S7Gx7(ddWisaE>^-yo
zrX|lEHaVDGxC&cXfLB7#7F6JWGu<L$cZ79T6((i-;QAlQntZ$+>{d%;Pyla#tqFH&
zYhKX^&$g4cr1kCEYDo#>5(cDo9-~EhRHW3<;^>4LrC)$^XPT<sEZEpwydq<okt!3H
zt!d^p29knopGfbfxkFhh7ASyYC#0?^i$oAW*OlwD@BrzXV<+r`j)lyB<c$E8RwBBl
z$q$@uL^NFj*!Sd>PU8<Ck8<o6V8mD<via_o*2UB}z_p#pc6x66-@jqs+ZHE7{|)a#
ze;Wioj;0~Pzq|Z1(FLeY1^wO5bO1*1M+(1BVQ;mzsEy&}9STFo<~q+LcHN8I+jKZL
z<F&ZeQhg}<;1hVrqwySnd_HAlC1+KR@#nVw(%S!}_LjFZ<dWIhj)EtQ|G$5@x2MMc
z-|hAq`@c;*pFVZI1$WN8Ph~h^Y-A7f{hW}+nxQ`Uw!@-5b-vwdoqP-k4~Z0e4LW_=
zTP;!4WGk8`lc9<Oi@0Y>U+Lyp4hSY9Q^`yR+>_0nXMuxV`lmC0AH|c2^AQ-P1Pysf
zt^$VT5j}+gFlmRdtp)f!hORSl$ifc-VfOWR#G0TLBGM4)3<hIlL81!MC<f9dfp&XB
zBS<hlOq2~FARP=|ju(_9#}^|~mT-8Y;=F2awN57@)hvU;g(>DPC-j|@@+hhZLJS~9
zU*KCv;xs6~sfkH{CcY+=O$rs3s7HGjOR&D7edvE*e}H9N6M8T(*$8qezM0o6AQ^;?
z7fpcipV<6QY$)(p)5}e};vdR{l*XB?B5~{sQ}>5tF);~RHr}+DQQR$=^6YPZbPAYf
zDzp$V{@Vb?t+C=VBl<6on#AON3AQ3S9|ce^UZ>1CXc$m`q9T~C5AChi47u|*o-w(l
z<f+JzhXwhBLD0@-TyppYT|v@kv3eNc(f~09&=O~ZG{~V;N6v*ThwjV6VLFCwju%<H
z#1(qg1Y;&5T%)D~VAE8qWh0X$9v0v0gbkDul1fRYc<?|nGpNO58bweSF)>Z7RM`i~
zTDzhrath>sWjZ9qK`iNzl(Lpp_!%wa%&Tcd-PHc3M*K^fkp(TXt=FWS&(A&qw)_BL
z>S0+zE>V0$OLJ<0Z#?wj%)t>M5_Qp(mV=a=OnVXl47&X{fC}q-B5?`U$(xt#l+Z{P
z$14CbK_yw7&&{Q+t3o#gFHnA^N4Q>sz~9|^RH6lcbq(qQkMj1|C5lMnRHqf!hCx}s
zbgftr!&-!c7%mHY;@JMqG9925mTd)F&U~3hNcqY(YK1!&QEY0_PpWudIPoI?uh{p}
zdi9g?l<xmnAn(`_Mmj6{gjM<f?&aeD_qyG^X8*T|r()iU86eGCuDq-vCUi2rT*pEl
zyOl|QB0y`Dx<6=)=Y*1goz36I&Mgd_TcIe_7(4psjWY<GpV7ilqdH4)gV48QE4sDl
zJ<n3Whpg(6Z=<pn@C=5?UIF<LtyqCSQ=#X`i&kjiJgJ;-<!cRhUCRIY)otjzXzbAQ
z>Xjrw1^?gK%f<ii?KkoNH}hm!c{qkvn>z}BvFk)R=@(=2M{H7D`7Zi_O^T(G0O(S;
zn0%sfi7*ymixUE5E^-@DA=)M@RqRM%;Bd2<!cir~a)Y`hrD~H#Wvhi_8hl9P1Y;F%
zut@3k0$4M;)pqDzF!geRRun^5*#7?yJ>a7E{K9Wyf+BjsNDYex9CrWWy8Z`dgF!=o
z()Gc+Da~OI9B<--doT@A0JuT@yDcegsWCV@y1co#Hnv3S(`q_wwM^4glU=N3HDqS6
zIQl9%=3*yYE3G1lPk&9*5ZO+YnSEmJWt}S03X-*3jl5Bxn*)E|r(FJvW1h!F11XpP
zd%NBJUG@I&@SxfMZR9E1$|Ww-5<3Hb<$Q@d^;q+o3$Kyyt8WEgEFbXW=;HRTC)d~i
zyuCX4+s(=7`u3-j!STt}?dbGhCz-5g^5L#NMo8vPgF-$&9bI3Y{%~`BdU=rn#t++U
z2S=eZjwAI(gr*(R94~s8<CBlkhy||y>xcLFCUnx~E`PW^`N#F`==9CS>BXCW+rR$(
z=h5xW)v2y!J)~R*E`PWkjBc;51{b5@<<<4=;OulTDuQ<%LJtRi7!6#926)W_lhG@M
zmExuY_5w`&kUM=3M#4Z5(o1D$;#f&&|MzH-Ha@x@T%R7@{(O2|)ar;#Hj6j>Gg|!Y
z*tucJX8SHVjn~+}8qBGn_F+7Kw_M_<@yolKzPY@7b9Qn&7!J=)j|OBG-X2|@9G_fV
zpAOCnXwPcP!8bxg)|~@gbr?AK;nn3|PmZo{6}rj`M)82GLDZ$_lOxa5x=9{g-14rE
zhJ%ZXldId)i_!Jq;^?HB2035I{5nx!9}lhvKMY3oVW;knxn)!8^;mO%7)s`KzMW0D
zPaa*|j!urQPOcNmv0uNOT#d+-FQHqBmtuZgw2hn(E(UK-u5O2e(P;S7)nHUCHA+3<
zYBom{f!pEL$&aW1SfW#@BUHYbqsxmQPv0z0x)Lw6nvK-yOPNzw@$4?~?8;7ZLgv4n
z-5&pNdwe=LJ2|>8CaM&F!z)+$r^``A&7XXnuSP^_d9|S*Mw*$ysxzgqta@U)Ay>N@
zom`byqv0~tYS*XdC;z&<sAy5d@5&AR;CL{+RvIpJ094mNW#ue8QrrId=7*E3i<9e<
z5vAE^I5;{fQoxIr;iF*W@nCPx2g8b)uZh-Fh8lZQ!5LJ4nhc(Q*Mn0cbk0w%2So4`
zfzm~>%J=(x@Q>T8!TIg*<m%|;;(G9=c=lvG6EzeZ9Q|~1d;QO0F@)6OBCm&E9^IUu
zTwLFdt}m}NU=j`E*tg<2@*<j1PXp`t@_cZrRplqY+o}qGba6Ylx&G;PbaM5}$<^%-
zgQK5ME*L|#U<6)&7T>|d(ToSC<-ar;z+VBQ|GN9Sn_7$91J9Rtk)nOFfjql>^XBAg
zRDSi7Z8iwb{OJ^hn4TEk^V@XxcVa6?>YVx0Ynqsa!?<<*=`BmuV(5#Xp*!TtrD?J(
zweT#80vR^>T>_gI7qFAkTG*0zf!u`jx}>FSWznEox2oNLW9~p#)V|HX*F!{trb8$L
zOpBRo!+`96u#69Rd5g*05-jAJqHU$3wnY{}TW*fMDQPOHBHEE^Xxo6X?L@h5(YK}3
zRH~IuR#8cA3DdPl{!aHY%UZlhZ0_uou&KfDRB(-(tFsy$BLmhFF$jye#@^m;Dc6v&
z_~G>8`1W*vcsn>gzB(C=PDaJ-w;=MNhL@+{>$0Xy|LSq3gbMP&vzOFPpm_A<nqu&k
zid8c}-bR(r2OjdLXg+Y|X&F+<5Nnc(DPRhz=*ucnNi`EvWh*x9_m9VZYb^<~m4E5^
zk*Y~K_{ZOE?<(=r2Cu+N{Sh0E{18sjkqa?y(-fS4WdDgmU}P=G;RkG@G1ecu6$9}D
z<e@QzK)v*hSK=J*><7va3wR;(Dc5%W=t7PHT%w4oM_n1p)i(d7Cag<a{wDkBIEmNd
zOmwIN2LsXsL5S6skkrWt9@8Wx#@X>;n25Nt8kz$`7o!3|Ojha*faz*UB_b7wG_p#e
zK+I2nUfT2q&9KQ>)EbO5d}?Mys35sH`iY(*mQh;{yeJDHQTK<Nqn}T%tIupS!FYAx
zPA`s6{&9P8bAEeuLQklxK`OyobzAMEqh;qD+1RX_+M}D{$yGfNX^7E+CI9ouKX0!t
zuh{|okC#_RCw*X0*J?vo;^?Q7qo4c0*gfcfcC`ggFRo9nei@wgfwA{mlo*Z9ZjVl`
zu5W+5x;*Cx0i!-JqA*UHk@ok4(+lYUDQAP4ZUx!&V}21hu_EZi7=<0|M5sf9{&a}2
zad6~VwI*sBWHZM%YA>o}i7dqnxozYN7SJ_`KMh&<5ym8vz%?G6BSE?odi`~sKXogA
z=PwTr;Kip;Kv)j|!}27rL~7f@Thqt~%GJ&X!{O=0o5Fdhk8V_Y#qt6S;xqyPb^CH%
z9-eo?ygNnM(B%AOG`Kyv82oT{qQ5<Z7z($6{Gz0X<Cj<0Wf1(20mStBumDbhU&lv0
zbH-!eMbRv&n4XXg&d<sl)zmJdTyFb+l3uKl337B%y+6vuwJ+Zx9iN{r13V4tuf0%S
z%3F!zLVuS^4H4xi-w#%|^wchi*i=;ehA`t%RqHg2Q4t8j8n3TzM*ly1@4nr(t@Vq3
ze|rqS1D2At<8)cFB;OM4FW<La+ilg_v6p4{vb#GHh=e4>6u<zWZMDfB=M~O>E1oAg
z0~eA2FOqzb<FMjbtFcI2CxD5Gi8+7sT&e%2m*iktl@@4_z21F)c5+d!!p(zq&A9k1
zn&6VD()`R$cdE2!W~OI17cCpbWVF7`Q@!mEWUZ_H?(wvB<>bn%)Mf6|vy=0~eYJFs
zPY$MBD|mQ(%Bax5Cdbq-($UL*0<#C?q9&#1;VH*qnbJKL;qlZ%kxHH(iA?I{!FPG^
zoo9tPetqej{;qp)(w;S`b>6vVwMuGtTD_Rk=Qu;$<uv_MnA!Kzx|R8FDalA~xb=&!
z{G~VFi>@-IN{*K5YN4~SQG2K>92GoJ$=n+ZadFk!_;7v6r>kgF#o+0G(Z%=Ow^G!P
zyS1*IGUF?txDPtr9dwA=4QS5$Af4Dzw#QybQ}pdgu0+{xXDZh08|SUa$D**hnM!`Q
zfLzV<>-*z*S70oE)w0YJMZn*gka3hX!bt~ws;kq8hTgI;5%E}|Q|fV8HxY_-Qu8UG
z!=bWh*KcJr4LH*q@Zz6;Ymj>akI_pG>foPi^04vpmHu0GM!ne9FUE*-I7Bb`i=-%7
za-$D9_VlgunlAcHTFW|6<-Ca#ci(<@@-oej7<iKuG(<wroVA(=cs-#&?Pc70rE0RH
z6&T}naQTXZA->Yl3qtA}IDpvPl|uiWvVr9Sv3L6I+RHc%L+`wQ0E0J%e2sm|(9f;C
z5U(W_`)B|{D7?`-%HC<5;&+LSu5S!U6#3RcfCXYOSl6fr@95xN@+Qghre@B^we?j4
zTrkgL3|17zQ0*jyA0t#-mv1TY<67Rlr36`(7k#}=opM&HTrWFmwpy)rD#>9*rBwm^
zsQ~B(b78QY(+nMd7424=Kj+?>w&g!$DVR@@8cOFrS;Q**Xi;TK&9f3(?xpH2Ln30t
zB~|+48PEoO0z;uEvN5gDk;&79ed<rr8ToTdCyVDSP~eFs$hMX0M3r)k1XOeJjat5L
zp$(Hq{*!(&W0&bnHqT!%6><afIa7(%xcJXZ3OOv`jXg+zPHRfZK7X6C3!_sus8-_z
zn`G*W*+WAw|FT7&ykA$Xd+8RUSzQB@0bP4xMjZV08DNrTl)p!igFZq;^BUy8XlO2)
zt>k5<d_C#Xcj(4Lp@`>&loc9#AwE=Z4QLX|^i!Vs8&V*SIC%30Y&Ew4WqLuI*PT4q
z$dfBawyDg2QuD$L?cNj+u#k`%xh1jl{OhwqRFm^6PudJ6t!X!ftS))MIg3y}!5wIw
z=?#k0uA%7-_$~%tzC{sk*44z<5P6q!%!gJa3B|d2y5S9xc;_J|_?jVCb{1y2+<e^G
za7X|+4-~Si+C47OL`yeTi+Bka<vdUg18;!bnA{J4vY_mHg^y+?Bty_In2xi%n5p@W
z1uDMv`-`}s7k}g{&^@?+`Il%Si%%;sb0MyKJ+4irNr!z5F<G-ap01-e;IF^R?HE5>
zjMQqK%5@tvLsxC1AKhL}nVIv_-f#6;1zbVK-5!BAK#7?awy-mWpQ(c(7nlMSazGvb
z($D&T<XEVK!(_-1=XUcmBrM8BrjgUat8r(wwR|#Dbv|)bG2dIsgHCrW-hJCLVu4f+
zLc?RXl!WDz-SFS2Npjm#9GTj+2M__jeXBC^w(8y`n%tv%nG!FNy*r|SXSbJlPhgC)
zwc1<iz-LpYR?#)&X)w|lpC~<O;Q@H3X3V>PcTyUty?ZCQ!n=1ht18VWWR7y5$5q?q
zG3$kxx!#hCQLD>V@8AKs^m0sr?Plp0qR@u|1$`Vk%7thD*oZjW=wq^h$Q1}DVnoSi
zEHc!;sRNJtDj-TE2K86+O)61bs4~@&rh6Jg+scDCNTV)9f{vlU9t?s>oHO0nk2H*b
z5fF%tc^pUCH^A0OSfYIeV(=CUe1*WF{v1!rkq{y8Y;0U#UpHU~y%B0qHrz1yNPOd{
zyMOq$cUW&XnpWkGx`b2j61f@_%8L~$);od6$kMQssx>s>>p{Pc!<wT8X>cTzW@)WJ
zQ{s)R;(CH1IQ{_=KR_%#5Dvz|N}{2E$OU3+FKj)IR^zxDpH!)n)FqpemM|C#x1rGY
z<I26!OILL0L+>&Q*G7~JZc7ldLPD>>8}(O%3pS8{tkwSM)n2;ExPaqO?#<t-vH<nG
zh%w}Ye{%4DNDcfmE-cMv9|}}9Ooku|Rg`?LK$(G{U;_znL%nLqW`aheVb`sH0&CI`
zk+m0@lrPr73;3@WFQp_u$gtW$<C<ZC){>TIq;ENG15A{6u`03PBoLP&(`D!>B^{M*
zE$F|4zR%WyPbJ^AiHpN`fyTf4-4Z5MwxSOZb9wGo^IXnNS*#*mQbjZQpVb@L6NY#c
zs32evXM18=(a;!tYdY!g_0}JMzc>GQS=3nh&l*Q!&AfV<sSJm*BJ(j*8T5Tc7w|?V
z`xmHz8u*tXjhiwhL)@}B@5=(oI88l6B+egvuSas8$s=OH5F65hH-PeniC!gXzg9CA
zg0*!}s}&snbe9V9X$KRT%|~O3Zs0f!P$Q1|QdE@e+dH)w-sI-FoZ{?%#Y=V6kkgQ_
zl@!2@_+30H^Le<SVP^i>W30w-%F>9_;W&}%KuJQN<rbN&VU+i4HJ~Z0rc&<hl!D^M
z$FruUgry?7;sFQ{S(Axhf`7bGKXMGvek>-bx-*BWqxK8KDo!Io*A`nVY7QvlWpa$K
zi@BKnWI5I>iW?G`iAtz{8c$ikj65LE`KC2#o|%#@)~xb*lGgqYDI?|_$@HccAQY}`
zHf^S9bVEO(NuNUIcZooZMPZhmnW4Uhj9@ZctL;m9DbS$i5l8HQ0(7It-)ve771MJ@
zeyO;)6wL1~n15-gn&q>AXDa@aJpE|geKYSTcLIT$f&aL>xwVsj!GCP-Eb$*7=W!3&
zeJH$<g>LsF?cYroau+@emJm>LC`WjRJZ)nkf}YZ=@x6gS>^n>_A0fX3T5Y8qh?lXU
ztTT!LOc_Z_qxC_KzuDsLVVX8n@%Q_O`H-a~-PI~&B^buEQ-L8HR;Wcw;jX@&T2UBX
zRdhTG;1eK*)UT3%+^&U{e5~+w)=fb2HmC5<H8lxp=N4)L-8mB@9sFr6ievo6zjHOl
z5d-7-GquM>H2_ebTk|=l5fSwvB6TTj+p?k7%w{j45`2?+3YW!x;51wI{H=5Kvhm}^
zVq~Uq_bK(UVX|CG=)&q8-gW?TOSGV*`~*p(K_;b7854JZZ?G0=2h^-JrPp*C!xen~
z+{t|wP_85UJ{5Tp!(y^ei9k1QZ&^h4_ytF-16s{yGxzB&C1;e14iL`mI3ib0F^cDB
z`jiCEu~%)Y?ewucryZ<jN&!xw&1|^^OWwrtoU-m)&4LzY7rz`#wX9E}7<Iq~48sk-
zzhP|JP~(GtF^RnW!YOAK0Pv`<>np9tZIxbtd?Rac_;5?wY1Oo9zRcRs5aiZ4cWzl=
z8Yi(wM}POyf^y?jG^Y@`vSKLd#wTppj--?sw&_r#Hu*E1FNp7y)~sLNrdnNUY2>Ej
zPET!^6-n!!B)L=D?6Au=voMWK!=jclj~JcXosj~66YRdJ4>P~(?r(Kz$48k&p8NY#
zR&$jR#FKEg87BkhQJgI18;A%t2`MI`!AB+>E&}y5j&I$^%wAP#6?X7nO8^A*x*h3v
zM%E<kZlTSHJ#wiN_`JPIh3ITqIaaTWitkR%z3IH%H9rnh9J-vxi&y~azk<_~-Z?P7
z1`2?GU_`m-w6>e==Elbei}?R@^oAjMo)@vS{uU|6-Y<R1e!9<8{SWQmGxC#uX6S#m
z+S~0M{&%yz)c-ujGbj4;KGVDBgT#HJ{W`i4bpu^o|8RZD>mC#JOEjs6`u=mNe9zTA
zr$SA63jpm}VOh+$G;eq&ZtC0vKQ~VIPf5&w%uJPWJf>TeP=wPvPj(Azwy-H7CUZ9>
zS5{d#&eG;3XyGv}m37lYtt1hbzFb0!UqT77r!An|cu$$SNm^&wq}5DWGzD4bTrYOc
zqNS2nKV_jzE#&TNL_rcLP|`&%6_EfRELX~cSBgdJM%Zf4oKBeuu)Ka=>@!vVzi;4w
zKl99r|GK@koxT5UZ7${iM|omy>I5*GKM2}=1OGW8%a&Kh3%WAShfa&b_UR$x6E4uW
zV_ecrw7yQ+2y~3+H+Tlr_+kz`x%G2II2QOy?WuExeY4}lrPEMF0K{D5mi3W-M_F-j
zxZ8!9Bx=Gr6^xY^xEN^+wAk*ypiVG<p%J*od;|mqa?S!l=j`d1UgT4rnf(8Lsvq^t
z;{WYdGo%06+1=V*^8d$pZ2te4jNdH9CDUIN(`QkDG{=t_6z_oFYqdYXGf=Amh6ac!
zuo21bJSlGPop!-cCY0?-Z-&6{wKNW7Z5`B%O1P#>;;#_vt29F-<i`MW_3yQRWUKNI
z?Yt@f(pI?guQ2}TqW}pcOZw95;P3iO<^K<%{GZMLcXqdTv-<zdc5})9ALF^3cICDf
zTT2$d2o~>ZU$|hH3=iV5atvrv7umn!i_+SNa-qg-jvzmY>vv5Z4cO$JNBvAr^JU+~
ztxR)rA-TVkMZGGn28&6icq}G=g-JDxS$ORxS8q=t=hu|^h4~bKVm6z6IW-qUKIXY>
z>h08gD(bnLNe4nNN=(`CU4CdN8)kw}t*6$T^GA~W7}Tu$a``*golLMZU&TqA*1h~a
zd}<9fU$au+c<^%GJO&pV*cMS~K~sB`K$=e-w6rW9g@{EQvH40(fYNV&M>HKKisRwC
zOElrN+r+Sn#HfddKgn#xt3;NJh<B%w4~bV^vIb0t!8`8J5Sg--i|ksKPsd4nI;G;*
z14hR`a!U3XgK~j?pqPN#x@G335CI;4J{itl7`G#9*Ya@J6kfmXF|oXrm}A3BsF{p)
z?pCgFamLqj(=VwW%aHSb;iisbw7Hx;^Uj_UTh`kIx9z!Do>s-54fA@mXf|p(Jp=oc
zaO@)n7#h<nOoj>0<v>nZ^DdTlfS?9ussYYNm;=mpTniQ9qCe3(0!GP?w6EjfXczFt
z1I=7nWL=hD4<YBv={r64KLDYTDyE69{hcjDyzE@eo&RQ>|JA&IUhw(9wVA#DYwfmo
zx0dJs$9T+)&IOTjWE{OyJ(~(})R75pg<tdxTuAn!Tv)oYx^iw}!p7Xy6LqOqxSNY9
z03l_L*HP@?B?sEJ#+K<i;FaTDrNPKg&6oHaM*;E#WmcgN<0-1QcXMIaJzbiP%=Jv=
z|4}$(&_{ZIZZ%tf^$(ETK^r`k|F^fcHg{SX`;XSv)>8lbC{MBHh8cM0jQfZ}Y}rO|
zd*l~-Bd6?LRM1arJIHc*t-(dXxWPvoBT6r89S|~9Hv?CYpni?;a3pFSP;1tTzU#ZV
zdZ;{SY8}u=1IkcceN&fsn37xUOAjgWCafp$@t^}f{Y$rh-zOd5kvH5Mp|SB))F|{S
z#Aycz8Wy}&!E~a&@|7z1%%i?tphr5u{tbm-xE~2MZ+Qo-fmUO)vD0WZw&ed`?Y5c?
z`KAS=i~(NAX76!MJq!i%_X8qc#2eqiVQ(M2NIt4VmapQ{K>|+pA~9+kP;M<FK@cLw
zDUnO?;&=~#oS7?H&_kk;lzRB@i@l@n`ES6NA{-e;3Kc?5^J6Hy#KErj+uQTKU!BIc
zwsv+Jt=4v<)o#h3?KthP^^>#i_uaSP#gCA16B)rzN$~=_yd81chB)fDJjoEG+dBc9
zt(~2E3+x5q2-e$RUtcYNed?opM?J_<cStD9^zh<;+ur$^^|crE^&JVnEhV-WMv2Xs
z5@vxNK!Gy!*f*bm{H9Oj1Im&!AYh0i0T}uiAuf2HJo+Liz<(nD9N&5tw7254CuawT
zXWh5oXA3-GK9W>*3Vv`xZCUH-01cD|IYX#(2E9wYij0Ap(nu?6K?1Z>Y`m~k0R^k3
zPicUEAh{)#b{E#~ZJUn>!G6Z*`g{^*y50+shX)gY2|zb`)4Co};6VbeFuIoAPbypo
z>TXPOk%%K!t@X5%A=jag#jVJtja2?V1l!FJOl}k<)Pe+Hr6L_*#Nt(z)YAaRa02=W
zjH5u{y2Abj;Ch6ZOHCCbL|juXkgbCNUm_KM`G_c)4H6#=Fyo>wzZWdfubJ4dGQ>V%
zc!)^}xg{fuH+&_acv3(CFcBuSR3MXCQ#IWne9XfDPCyv3kaEPW*<LZSzRr-fr_7m)
zm;U+5!3n4XE^rX2O%pTZ|97?M(Q0N0k|)Cf6i`Q+k>X~$hRtQL<b-_$bkEj7IHH1o
zt^*Q{5yRd(@NFrj8YF9FNOr-8rIY7^5C2<JDkjuPh)DOKVkBu>B-vNO)3L@{&rl`a
zLXCiRjRKF35g2C@SA!^<7E!)~SJ<PZJI>R@%oOFv#=*tekz8j3oxWleu_f~#j7?dV
z8Y2W^bF<jPLRGIrh3dHM#H-p|v1RvvZn)?BEPK>F1<>~y;{0z!6<b6<f?QmLeugZ^
zlwd&_2La?dG({3I6EPL|MMd)$6nK;n<O%twN;1|t)qS@T0tzIZYMh5#w%~q5hqQ<b
z$@j?}e$1woY-kS10i~B(<VGl{m{i!ZrEP7f;h(S}B*vSCXNaXPBLxLQsS%WaY<)e#
z-Uv`TQ>ul-wk%#T(!I`+F3Y-NYVr6eJxD2|PIz)P>YRYlpkhp{-OLl{dzKX!6^)eQ
zz)T=2k6=oZnNSWRZYh4{U&;jsh!GS(QBo@(LWZw!fc)XCgWOYA``SYGNhnStkzItp
zjIcl;gtD7Sv0R~gG3*J=$>Ifnm}+lAMpa-CJ>$m6(y~`$zS*+)2^*g3{vHprw+Z^f
z4(Q{*`ZG@&FhEd53|Rzx`g+jzrb~g|h%!;6tdj46k2G{0res~k3qjW)KtdoUnKlS1
z=eQrBbwK1ggdXA*+x*(LRNmV=K5AW@b+e?}J3ay}5Haj10V+m_?F=D*+9iZ&SDg^H
z+}-o=_)y>NmmKDM``zP&QPkt;p%!EL5+ct6*^4bs_jqu46JnOVnN;&c;nRRK6li&H
zghR`Y3|H-R-?oM5o{FNKC5n!?ZG;yk-K-~Pjxi(?TYHTP?kB%$^4Nm%`3Q~CJ`HGA
zR*u(HK!;M2gF{s1DYI#R%f=Th$Ph!-600`A#o1BCdLPTUm_*}D*MB|h0$eB2xL>tf
z#LZYf9V6MflfhSYF4?qY%f0arlxM|iI9B@0iVd1ABkl(fj|=4K3&Y7j=w&Mz*N2FB
z${<DQNaTmOLUn^HC>X;Kc(Op{Sz?{zFabvgd#4o>wl^IkjWEoAUmPjw?S&z*KUJge
zu~-QsF(T(UH-U85<wxLrt(ZP`bJwE7pN^rLMF$5?2YA&pXM2@pDTT8^2nO7*)#$w~
z4Svr;)y1s5tSIn33oR;euqIffv^E16aP;!&t7EpB&Oj5<%^oCGKjjyIE2bUaibXsx
zAb+QBw{t_@<vc=v{$5sEN@<`IfW3-IPFtH9QfPnIQZi&dSAzyyg)}(433Ky787>=3
zc61YBR-^`~h8VE5ouNuz+n7!Z`&%{Ugso%Tr(|$2$yzt6-XBbe^5v;m?{_o3KV*!u
z!u?-=sUi(tWoXb7P++f!2Kq}CY4AEjgI`epCp0OX2*03zK9JukNQUjEO9lbG;vF*c
zsT!S6)PS(K)5fW%s{7z}+x6Gk^O!a*F5C{#0PJ}TWKvXPB5b;ZIEFWSIXkU{3disU
z>=oI}Vj|EGvD?mu1^Ok$;vc#xRCXQS6ezkXGPh$HZ^%lHy+Z~ocmUkqanu`-6u4Iy
z?S|}r<y4)2+q>zw|IK=COLblU{E{3J?+o#9FBle)p?d(%F9|p#9+0Vkova!Jd0j$~
zLsBT~W(i^^s{}!InpuMM@Q@&X_9W5iDmqVgY>US(!2&~pj_44R61_m22B<{U(-7>~
za^a8Hm%M}yKmPI)uVC*tGrceCdd0e(s0y#e8Twd%-05>*f2u~mw=+H(C6isbX;g2r
z$KoO>-V+I}oNv>PV?~I#vY0D8?8%S7{aOtQ*plKYVq?rXrbNlb$UlaKQgfOPn1sMi
zSq;Lxb_t{5uf&hPoR?6<Bmj1bN>F0g78P}z_7c9RKUR-3?zS@fLR5B5R9OnNa}<yq
z@yy_VG2E6EPt7`Fchi~TT<9*IAs;j3l@B%-K&J$8(h3f}eQ!L2A{C~>wnK#>=0e+o
z?|B~L{QR=;-qcPAbV^_+tp;g!9MUM5M!yK}OOb?`1P1G?qRu<JyADl0p7cNT@UTR&
za)v&Fll}+L!^7%nRCZtGC~-)<8I(9AUIi(C@w$i-B??HJ5|vXvzG}LZDBVpyR&OJD
z)pGkT<)^(!jLIyrO_He=*-uTJdewIN$jc1ul@7UbmoKk29mma*eNb5wyI-r(`&eA$
zUa?a}Rr|f29rgUAKl#<_zCv@W7!4ekWfe7`n*dOjFnOH}r0FWi@*OSXtZTMP-><!Y
za@><IaVWR7Ka0q~FL9W0zp3b1;gu~H_H^j~k`2>*t=^vbI+h5<CD|`_#X7$v6~q&N
zZHt4-EWr;cCPJ=@V<bkjP`9RS6Ld-?8G=mOYS5-#PMh-6be=YqJXgQoOjk?^w~&;m
z9;dL?k>|9`9^w3?S3N=EwJl>RT$93o2o;(D`ZI98KiL!GYg=->7{j7t)5TdAFf>36
z5l^9#Y7Jrx9Yre!(eT=q8ZS6Icw02g7n}j>%h!P3@Y=|LYf0C-{tNIT(*M3J=w!qZ
ztDJT2>(}o1cFAD6k)|B#E*VtVO0(5$meHg{O`4-g<#eU3rY#{J-UtRA*CQK$tRRWk
zRAsoLR?`*>m7H9;Q$ed4OLx$#*tXVcZe_gf%CI+_Ib1>PjaJj~JvI(z=Xi{`fa9!0
z?_4E|3InsWnmaDTyQtdE-)h>T-O2gsKJ-R8TvQ#20BUHylk-y`C<qz4LPP)vM$o%N
z3=9|@gNS1?1Xut#gqSqIJ{^aDfkKXj8o4+nWL0%&t>!Bi$|ZYt;7sE*SFPI)f=z_8
z+M+$cAo1zgM268=U+fYHG!7}#)8i76irKHXl7Ko<o+K9pe~ge78LMi2Z)M_p6z#3m
z1IKGQ;cpK5QZUT)T*t%#-Gftgu^`9ai-n8oipx#}oUTVn9^z9?3G7jS0wU{MMY_M`
zIJ#we-mNSbh-FKjV}Qz)p}HM+B1-Zfue1E`Tdn#81B?O{5d#xn@&N>{M@WniGx)~<
zb1i#8UTo9<)O4sVC&Wy?<3Ij#4j2j<;!-kHe9wSDn+{V3s3gEO<_LVa7KNb;b=s;;
z8pmInT+!f4Yu2+4fAKeegN{`>x#@K#)|0Vr&fBKRj{s_m=1QMNoyak=*GF_ni*QpF
zMFRP;;snV!!~BfVHDWr_f0iV4sKOZ|R%r>#3HEXv1p=#Jy8fOJ1-t8$+cum?Ed_|u
z&Z~-y*jA>?T|a+^uHRSh2EFBkSkZ1;XHk$HcH_V0e5pwPGndVOx~Dyl9b}z&PJRWU
zCWF3X1_uSa>j_`Aw%jl&CC<$ibZc(4U0lP6h+IUxqAyPuzpLehF4+r<EPm{_)fh%6
zHpv0H!XC0OLP~BzXC$l$X<9kb{DdYyK;q|E`Lq-jAx1k#j2|E$m0T^BBzVG$--&oq
z49QYCG?vz;>v{Ztu@Jk@eP5A|Z|7$70Ti%wCOaQ1LIUR!m@payV?;#Bf-Xr=5mMMP
z+-bx|#hbtU0$>;h@ukLBW)|3TVv(4BmTd63zE)Yi;6y2rJ=cqV8fko$qS92^YL);p
z6wt-7ovENGxaIm3a~d%(%O-!IT!0W-m!cKvd%K|TJyZgJ^vg^Fz)|(^ep_3vlz4@?
zz3$_+ka_)trCujw$q~9j*^6uU-Ba$#b|#pwwng|#G{jqODB`RlMfo(V`1c+q0%F2r
zb=g`t5hF_0!3TH+&C7ydSzq^}+jWVPQzG^>EzBkBV@YM-2T}AO-FxMBFRv#rAAT_j
z5m-ZwVFUbs9VWtSmr^Qb%xqc>FyjIsnHXG;u;&W4LnMG7F=OC~ZjcvMP?&Q<kMzc(
zNbc_)pPyD*qTRNoxSkSIoc+O&LCY^{A`PgVOjv_zRE-*r^Dp);i^H`E_e(|k?!-6t
z1itzTKz~}>wzRhA`-M^CzV30^&bY1=YhqO3;0hjpGo5%MhhvDVW-GeA>nI%s7TS%X
za`X6=>tR!-KtH^Jo+#^|`q+#5y{FebC)mfBt1wj+8$u_3$1xIcUzb_6ZniSrJc3*t
zR}JW-<wV&~-K1U>MO-JIhV19hW%lP^DeKwE8kT)W*%*onE=<RUY(xpFB$wTBdnstu
zL;)v%0>&w$100}>v!kl@(g7i+l{0^Ff>oSLv9)3y+|2-kRL>}P*LB+@l;HvPP8k~D
zo2qrSUDVZHG^k)#ZGmUI`FbBQAv;?=gIgy|L<t~W^$>4cPF#qKF-$`v6%imBLlEXu
zRD=|<uoNc2kaCysr$wK>Z1=6uP2B^)5J&8P3i(R6-rGAqx&s|{Ejm!rCDAzNMHr0%
z9RM{Mc=aa2D_5o*9+9kPSjgy*!SNWAAqXHDMzAP|_Sa2?SSDkZ_0d7z1H&;+@(VYH
zig*qtVILUHnW$G#C{H3iaO5#0_6Wbu`JnXFCy@D8k^Z-x{{K5dT;%sfLxJ4aiqOD+
zi3LFiqEzAa^>#59`~-u9<Dy;vyx>bkIv<OF)dNmRf;mL2a;tJTL7*LD-w%*-aRx8Y
zjTb~dI=0?r;Ar(HK;Rgy@uy<IbP^)cJplWZ5abEaYBWJlK;lE@gZ%*F@f|3XV)PR1
zT@r^r>6;97_92g8pr{i=iyRWae!-uA3eQ^vr5x*gh6Wd$6*$rNMwE#WBtCdT?(_>F
zM-s>()Vk#C`A@$EAsixbads3>lP7f!S_D~I$$AR0Cn6@7Q#hi6wsNZ|p^;Abw<1$4
zGG3!T$GM}@FQ~6)4rQPp(Ba>TG_fR!#t;WTBZdb!7kKxaMF?O`5LA~50aS*6SllHO
z7(ovD2oZ2)3i_WG^wR(ae31rci=a*{gboq$bEmBD)yoVC5LRGc12l$#no;uK3eTTd
zQte|VMt)uo@vVM8amlovLWXH5G)O?VcLHARG+Ui^v$+L+@AgjQumA7=`G4i_KfrIl
z{q|e^__%&>00!#z`^hOZ7D3*BorJ;vNeRMaKwp3t0*{gWnd9-YkwAU{J`}JIIZElQ
za9UH*N#kp&#0~HrWdPm4aTuU=a2PQfqK#9?Fqac}Z;TlB;KmW<@Ak+L1y9BRa}fkj
zW%z)4a_J`W>5=)Jp}BrNYkGrk_fNNW!S83^?QidF?fj9bCxL)ZCEUV)BFGu*Y{L;H
z=xsFaBR0n-qf!H+lF!;=)*o?;d8m_O5~Rayqgi|)cOV9_u@CsMck(v&_{lBo!Y#S7
zQ>&c>^@u{b?f83HLw>~!B_$-+loYg}Da~ZMh8zTt3t-A<fFANF@wrAoZ@u1a)|;(*
zvvuC=G&{}z{WsWh+D+Gg>vwo~QxG#C3ZUFE<P7AJtP0UoP;dnUEGd~*r*@(W&qBwa
zgwjCZEV&Fmw9p?VmHG(q5xpjW5;Yqyo=QNmMG(lb&7^)5pi?PdFfqx{Nq+=k_G=}S
zgY8^=k`gM&PnD&C<F1T2FK|RF{8W+d@3^RWOcdPPs`r(?ux&SgU4IzAfC`7iuQ&}}
zxhCrjdwJ_7{l0?sO>HN@NC61d$*)gIZg{9(C-Fmkm=#tl+ToV7>G^1X1cLyPVRpTr
z{0dHg+CNm`xPX^SR1s>#vZ6N%a;8gv4+?DB6gbX>QYj_^7*{X~b=!#`(nFr0tRQ-Z
z9i?5RsceXicFXa9{n6%=`+<(j{byE1q9|e#sbIt)lkCYVf7(tc5h>~_pyWbesiLnH
z8SGdF<eU^^YN>cKMX)wscfTDYR>=9`O;{lR$}iyXCR9T3w968(mfnlJe5w~C4@SJ#
zS@i8LQ5vTsI>cEEK=TO%@|&y!jYGkKC$m*-QaQmyy2pEerv(!A`3Q3*Vk!-~trCTO
z8VN9=5d(M(L*QxcPvxv8+fIm)pS7kkZ#g=PP^o6KpooeP%2sNgo^}sP-7UZ=#QN%`
ztFC2%t3j+9T{bg2_mrKhayzyY+(d<zEkM&!@2d=_)pnws9MPeUP?Q5!h_`Vu0)hf`
zBM>7nkekte)`xcEW?V6|-nJ9`q)WU&T^H~!>H6oFg-&ZSk-k)re}k?M?1WEOe0O4>
zsP-#}g6siBeF2$I6&dSSSqhvXA2Z~Mi?ePa8RGB2PEZkIIPp`2VA+Y_zN<#3llUnx
ze}PlU{<?SK1BUqM{E{5uK`vY$9w=KNrW5Hn*m-JyJUJ-gwiD_kbvOQ=K_YUtI<fY}
zBm&t~PnUZ;5l`M?@3O$CzVK5;Ch}G;1jt)zpaY6Q?hkJSB0lm#81WGxR^m#Fc}c7k
zFBli<9<}6BwO-p&+yUmWALQ14Pe2hVD>EIe_G?)5w#fDi>i>i$yoZF4)Gr#_Ur-;&
zG!;aD+iY*Tz}qxLhlv?icBJK3%gU>2l*qbRA;yq@?A|q*7}sjWLk>Y5#Hr1#lsw)=
z94X~T#1R895+g(et|HQ2+X;_ya(=3}knAF|$@L?rq#!={$@!@XC&L?HpN>Nfi3-_7
z64U^QUSPYi6{DmBK}q{KKzAnQSY@9=Pm`d3vb3~iSHDmx=T}c5=Y(b1i^PaB{3r5H
z7#?C$xUZ#&KsHrHNaEb73r5LM_E|^bowBal-|c}zGN8;;s|J`L#geB#9WUbtBT_8d
zic9h>@%IbkeaT%6)WP{B0pDWcV=@F?AN&A$#R5IGogg$9B*5en`G-bddx8CF?Dz<O
zb0PU}WU>KHJq!Z?J$1{-!5T)uH)6E4sXZAN{|6)Dt`k|nL!6&ql0E+8by0K$Gq>cl
z@}N-hNsw}y6cjKdB1R+y5$9Ta0w4!J{&M~moHLxDHVGMec(@m2&Alu-IDO@KNaSLJ
z!H_a6M&qi@l-DKk^-3a<mL{nNIh+W8HFB#eAw%v{MY`W|Vo>%2?EQo$g#ujB*NPCK
zUBoq}=$37U@inNHx3g$fxdE0ht83WkM6i)vRVIC7TX$xWA^))=RIo43&q7fq9ppYe
z-TmH)T;rIxJA!gz+nh0L9u-Q{PjLOl(w(1+l<616$$Wa_<OHT6)3w?P<b()+Hd)tR
zt^ElYLozXL*IocQFS^lxdYyJIrUML%R08h%YA_lnhRqQj(o>joG${O3k?z|v)pzg;
zdz6$=py+Ewh+xZ9-$L)w8$m))aDGV+P=K!xn;aL%{0CNQrT&Q111Cd8$h28Zru~2j
z`(F5v_#wqPc_l|L<%nTt1i74l6(QVKG2!Gnjhvy6rDuMJTq-p<Lmxp84}qPbB2?Ng
zrqTsxQd&BN433c~_I9%Abio;r89+YA;}L3sTeTAp$m+Ph5VBPuCAO3{v2-Tj;C~ld
zR({=6Yj^6@ns-K3jViXFdqBOOpsdJDyYzEK$dJG*MPhV@KIZfdn(;D!^f5wQ0Q{9`
zl=KN?U!OqAy1&(MbZW*uqd>RPyEp}FK+rG+H0zz8UF@G<ob4UOZ;mf|=U~k~`=qIl
z_kIIw>Q<xcgXf^gjn%xCVnLGTg0rrlmQvDttH#^*KV!&fgJ3;ipZB=B>=DRULeF#H
zf#<--JPhFEEgU2891QV)6(Z(ub;}P493uaO4I#mQD$dN!r;|{eL?ZrW4x`TjCeau?
z2MTfXIT)jHAF-1Gcn+vZnR?><_{(`rZAn78SKu+?0**uT-WXJv3eQiquZI441i6ss
zA(hFz(-ETM9|~M7F3B|LLnfYWT2V6Eah%kc1ZhZ7>y3%NX}>Xl{uI`$pOfk21VD@l
zk;Dp2UkDnvD2+g8UYyY&PN?FVrE~Lq64NUaEi3z02bMB#-55-9t*Lt_cn<9FHF7W$
zG;r`7#L(ACa}&I0nb83EK2M-~p92GA3!Vc9w^dF$4NCePB!HaYIf$_%!E>Nd4P{|@
zL_Y950g-zS5?D2V)dXW5brho(J_k&b(2hcp{EWjcs26B2;Id{ee|qvi7NozdNKML!
zBPI!UO_}`3h58ReNd6H|ww%vrG6@+C0yzhjm}sV+afFPCdfGiOe|{e&>mXzIWg3zn
z%hc8>o|3l7PO@%Yi-UMp72GPDPqT!*d@>{8ERuoRhr;iFS@_W0Q!z@!J%&RwM_jg9
z$N?4WGmMX36EoN1sr3M?Wr6gx&x$tlUj$*5;lX4M3TsrlW5l^$&Xzu?J5FE8O~L-H
z_b}%E`kuu+^Mnl*B)wJ9`3Q~CJ`E^KhclSEsg-SD_S#S|Y0p7OxqyLL^e)d3C_omE
zlWz>CPgj3`tO9iVuih+hKG>(?y)bkH@CTd<G@4@?{6M*|b{@H0E<(R>uus^~?4!p+
z5wBAZkBvgTKsM-&MQ8>}{p7*nO^DefyT}!jWI;MV;+Y^>>2b=@5Bl;&I(9!}bd8wy
zz)at|9+~l+iXB$tqO8+T+#DT8C%+ecFo=Bz6Jq^;I%JG8ZoQD*!JhTPSelzR8M|{U
z-Cmf^@GGnwY8E*Ab~65I4?Xo}%{W=-p^rr>XvsI31ll~&deNJ3fyViK=`ZDwktyba
z58dQ)#-wk0d&ftui?govvu*v%>_KWpM1jCpQq1&aah5>Z^{sL}Jl6cxO4Oqf^N@Lw
zZe0<7BPn}3yorl2P@?8niZrmunX#LJCOJbKi8J)^!I_ic?+2-PWhAmRwBaKA>D~qk
zHhJ(R;7oeF;O;n}D1oJFUr2A<<!vpEy)d*FqZIDDoJZya5x+EX*|IMVZ$gy}sRiJp
zz)F#>$bCu#^y1tHXt3uo?O~n1I)*oUiL|1B{1VevDPQzM;+-KL?ghhww}-^D-}dm3
zAU~6wU?I=_>im(m?Z@j&?*6i5jP!#(7}&q{!8;O`4|T#2@^4ZJD6teuzI{CDf6x~X
z&Z|S>6}(D&dWJsQHGGUPLvo+BQ~{C#HhZHXvbk>jKBN7ySZM(rdy$%QX|ZY)^lg!U
z+V|rFS;04_m*><X{5gwws*^Ei`YsvdM%{Ux665ejFlY${S@(8JPBH_4$J3N3IUKWO
z7G)q35=z_7#qqR`O^DMO71@nZzk7(sqZcRi6E#fEJwS@XvH5qL#<APYzH~_LSgBd!
zQ>q9|WT_8Xo2R&=#>~gsoC^-cnfuy*e1fu@%6v-qYOeHPom??3l4ZA=Stq<js3;H6
zAYQ7|gffeVtK=DxD*40?NWxY_1Kbhw%J>hD5-rGoFmbCDyR-Ag1D$gEMbf!d4%qY1
z`fsizn2c<b-Omd7#sy~wZ^3irIcW0^wPX_B%AMai5B-?D)|yKH%B4Pr$(~4mu4r(j
zIVQI%Q-bOuho<dDI6p&N3CNEii=`T*4@HW6(;$17D^QH2I*(-b$6d%C=FHCI?w_gG
zt!x&|3P1LOUF0Zi7LP(fy!i(jkL-%bP+D%imJT;=PY<Pgi@jBxWA8E%C(VIvk>uKP
zRHN|Wh3z5J9hEa;ksaA~!dBRShU5>_5u2IGzyCC&nxE=%mxnAC2CwC*6Fdh*iDldi
zwY0LY3J{k>CyUfY;&b2yMEwgrrMuB5Nd+(*|9h;IMqZ#cECo0!lk1asDg`Z)+&h_N
zc6z=@ddC#W(>kGIOuTrXPO)4J2^UF?T}S$Pa1E3r(6IC`Ic*l%EeG0vHR7Ya@WJm+
z^6Io?6s>ora&?SZWQSj8I;^j-79n9>SkpE6!*tX7r5j)!-xfUN4)Chh_$_WePt(H`
z&UHf<Mu$fvKJd5^c&tq~^Xdp)C0lexka6|>J&!3(c)U3W7%p@Rc0gS7ccu#y?`Kh8
zH{~ZZ`2i9?F(}Y)e}H^{WC=CtoXxl2zM?3EXNp(5!KZT4TDRTmraV1>$Es|-3+Nre
zQnu#KEv09br*fz2K-6Be2MbVBXJq@2_TSl4nVuqZ5qFV9*~|r%d1#_U1b>WB&cZ8+
zW|Z&<-}>dKhLd17`B`TZ@Pi2qWB&Ys@`Vb-F1l^3ty}1nDzJ)w%PS1@*=Ug+-<~H7
z#e;Lx9RJMgSPgv^+4qcCe!BnQV)-1R_y-q9cA*{K&0;t|IDgQ`uL6a}Vh^+qChd3F
zr){P0UC8xbGK&i~O?OB5ko61A?hGF+-~LC_VmOesidMD+@~9*$u>6`yz}!12UL}Ws
z1SOz|)LAr%c_giWLP=_o)_3-qLfOk8|D^w6ajaM^ReQlc!okS})P3+{veUUmcEgrJ
z_i-OCKnzWM7%at3qWUVjZFr<<y6Fb96pQ5>dX~bHONsA;C@SsLUw_pBB0l*1+5Y=K
zmXG}mgDBeYMvw`<p>cgT1R93{6o_v`9I?8m)Ejj~u6SdA0>{Da>u5Hc&7G|+^>4G;
z%>KLC-rf0+)>gZ<xwF~aZf^ZYv)yVnoBsiti|BCniMW95KbrThE8DrR<oW9_fCr$V
zMbO4DpnVuLBF+xwaBHJ}wSZPvV2FQ4jAKeV;HtH{a*2uG0osgbb!ChM^r3(qxkw2d
zqYn7%FVHxDLji&uHPlA``Ey-YP|r>*nJIvM6!4B-<a?*5?<AY)SYXqX$#o1c@q)-l
zpr*exbiNvBfKLDud4vI5$(pzN27Mn(o(Y2^mBXX~g8l}_L3y%*Qf;nMSi>G6R2WAe
znGgV&zUfS_*3LVnZZQc_2b_fPV}w>$64J{g3@U+t=@L!W!SgE^fX<saMp))mnZW1I
zYVcInPoTfEg@~6VQ7y0<W2jg@i3nw57^wX9dcABOY2)2v7%r#Mqfe!~P9AGyizm<g
zbEaTEPMIvXWIFQQzTD!HH_J)$rTEXoGM+EJdw%^-f&AAPp<s-am-EBaF+=`qZtrZl
z@?UFzyVcxT%72gXJOigt2*d~nf&zSfWo#T#x1`xI#t<`8%*>3jV`k=<nHky;Gc$9{
zF*7s7%*@QpH0$rZm3CLVTB(1Gx}~1Jt<juYbxu|BpM1^<d^wWfQh4ejxntNyxgI<j
zVa?4azo9~;M#sNGg@+(+f@TWt#WQ5lfklK?@IVPsi2VB)`&0`R5d1P>POtLOFbun>
z5!o%M$I%T3_emBcsdB*o4)q5^pVQE_z`xs|UL?>Q79fbB2EYX`AN^u*^mQ!|YnG-!
zM{<8F*<OHJq<8rnOSUxykgVPnZLJ~3QpkqMw*YWt6n)+2qMj<zXL%yM5ujh=<E4w`
zeKOV%*I|mEE3qLYa-{F@L<;iti*0Iuq_2i9DmYNwR|G$TyS-=OP!VtsxHh}ldoN+X
zepMa1yWiXZmX~c!7eH!WPHrt9M7tiQP?<?dz+3iDt<@+~quZE<|DM6#x~}e#z=jsE
zGiaR-`9QHr?RQCPv<;FD>H(aX;ifW#!G2@`k;I~mJ%YZ1>JX5KeceY|W-7$9ixqpf
zb2V7Oa+K+;CqHM)ec8+wYHDlkU<Dxzt=T6q0CPSGQh162NDYq&DBHi}yA)MuM_-Bk
z(9^iZ@m1jIqf?QOs%vk?IR&Sf;kQv-I-g<Q%+_#PEb$VNIK59C?#mfiNgDIkR#2~F
zb;conkwWXLVr)KDB_)|nb~E=MK<aBgLnZ!vgEM~|m){D2-kKeuRH#}!6#}7y@-~QO
z0aW~$ysr;0abGFX*&uRu-nW2(aflqD86`S##jfq?>%r7sUnqf6ar0s>=z+T08!&>p
zh@Vz(sAv<Y-1B1|yO88MnBHL;x*xhtCa<+Dd!gPT-hU+QjZktkka|#7utom@3;asz
zkX@*9-*`JBUqVsIQJS1BluA~HowWJC1A~C5zs29bZ;5-CevhF0gR*(^Cfsq)+YYI6
zXbWy<!92Jps68I=oNjR3ZYq?Ms=Mg>&n2)2ymVa)PUxR3elEuqV#-qW3a%Y=dh2xs
zcSdo1CJK#0M%B%Z3^659OScDk#5}_7Ck&QabGQ#?ke|zO&jaZU_Hl!PeqRGTa3@=#
zI}wsBfH#1_MTZW3&npRud})|OBA$d}LIgh$>X!b~`UU<o206V#-rA{YNdmGV-GuQr
zib!6?fj|LI-T-?+AOj|fSyCrV5IhQlTw9q}LZ^NuLwnM)Rnv%WIaHFG>dTRWs;H_g
z)_O3_RNt?i<T@+||1cV3q6kR<Qs*ZjX-lkGo<=_>bkR5V!$Br%cQIYajDJQLudbKv
zueaN6vwd}XO>VwVt{?^VJRzgKyejaG!`XIy*vm=eudN-ANJ2R7n?A1>PghTSXHAb$
z?xr;0byT!e<{9Bkjaa{aWc&2@3piwy8pX~VhPvFw=WK~Rho4@0;_Cze=E5=E%$C>|
zu3`n<DG9_vkf`VzoTrl9?*a9#r4_Pn<*)VJ^!viv0)^Y3Y=WC;)O{bSTgJO=V}p;(
z8#dEmJ$bhg9anR*G<=8_WVb);Y$!5W6ZMbt5PWa+%cy{9;wdjuD7(1kqO%#l@;%SI
zkB{sbL%({{pBEM|?L)^vm~mGb>p_7I-3xrFdCDNvkw{c09JU6On|L_^f-`I@f(CC{
zSyXxTRO)7`G;N(_Dc@s>a*ATjal4lQBJ_;FO+3Sd#5z@iSgmOE+&Anp4lG31Xc_Ul
zV^i$Jm8#$Q3CB-Ka#YfnWc1}!0!D6Ah2adM>??@1YM3zSV1ZTu*R~%57c(8U9Olnp
zi6XmJH%i=dMD!`TSMT3*Qqgh6v)-jNYb$x;Y*+WVj^C5w2@$l=JPHK%j#h`;#PZE4
zeqK{rgb0L`4@W!5O{r_{?(>TX58pFqkx}24tuTZ8kXNFTb`L>PWW)IlW0)qI>o7^G
zU_;$$MGVzK>bUX%6+;N549;It-7W7a)f}X%m7dl%%Y)Qb7Ja_2F+BJ_%Voysa{{l=
zHd}EZf{%rd=he*>yQ(++#te{cjQD#EQ6}idsczGo;QbPq<xC$fM5^Or{M@7b`ZdC-
zf+L|btVXt@NX;*%vq0~3X`MzM4hf^<Vk<=E!UTqn%NzkfVd=I^kg9$F{;X2a)%GR0
zxzgQFZzWg>BEyc%u)pDhj6>6m$qJp1(TLXDqXx}>p3_JbmiOnIvLLa`MZ@d;ov|-;
z?O`z*DV9r;(_IL^YyT#vmX)qRROp-s<)1gg7(y7|OXrXkZ=m4E9H2CYYaI4%61^e*
zQ$f|Jy#E^zk6(!YZV1MoSW0u8nr%wPhd*FrDVwKT1LpS9#nolYBFJiphQpA3jQCF`
zTY(jF;H*|rV>U=8_c(mt8Y}c@zz=Sy^Fq#%ZZ3kOQciI-Gwj<xAHM!yy6-qaB)_t)
zb^U$|$#fwdHCW5NXjLdb2gwim;C>6^auD@W3{ABJDn!vK%qTvobNG~hE{}^U=_xNE
z6#XTeOZfipKQS!iCSe$*kzV+0(j~UCSq#*SilbDe0*t%Q8b{+<&cEW^NB*r}@~5SU
z<5}QcRnUiH5LdIlqOCGa)(|CuHZ^x~a8+qdiie7vnLUJSF_d{heD%|k=Ayhcgy?*I
z>{)#Rm?$K`4Kcn(=G7RpCR)siWYC^+;3^H~2E~t#u;MEUv!(K+r^_$ANXG2LaZ(qn
z+XhqC8m**`L39cF*N#v3rYq_j53tdP%talvFqmic(Hj4m;34<bjmT_gC_(j9l_D;m
z7YSj2NF_x~P(;h&jtUfjr^1oyd=8CIq%Xh)(zGkjW>FJVa%vk*$`p#F#9q^S-&&UC
z(Q6jW@m1J3b|8r;1bwK8v6*<({?JfgO2?NLH-+*Ogj|8|eR|H~FDpd&MZ$!hf^5xi
z21oFG))vqdNHMutlx5621~ATSd9aD^#7%ZCc9pq)|0Z??gI0l1H6@_o8E_J&gm%yZ
zKJ{f7>RUXZ$Yf_YtXOxahP^!8D>AfSjz#`;fY6l0-w=>kDcf_|eJg#r`f>NqLNJ~0
zap=ED(<-O4N{>RcN;As$heHf)%kxP{KSJcJ%$y|dugJyrwubP_?fl4~s!;s+7W`7P
z%jLQlPw%~~2;0AUV|PxvePC~7_FPi~zX(Sv%hu1ul^djtP)5fIsM$ASuHYfc8mjO0
zf%9ROhiF+G`%uRujq`Y8u3*Cw+8Rq%f>~)+F+xHaHf5!NpREleSwaNt(Z~;SJ?V)k
zN5tPF!tMGO{9!v#wP5iP>MH|BDj;1#^4@wtX896mY#+BKknQs~f(H-6^70G-I3p^o
zIa93HKf3%?l|?T@@b$^q7>}>0{&4V}W^C{X-`l02c2tBYto+ai^o@~PDWD;;Mp82%
zI{KOp*PB8lF7XWXBQO+M!r&t$?@HvDYgp==rTG-xRdp1CN809iAxI?`z$o(;^ckxS
zJzVTBy)VyuHm3irik6!Ms}G$3TWsTAg>UPEtw&iz+4S)N+~0flR)at6<WkSitS>qn
zR{#gsKO7;kET}nXAl6?!fXjz+=S$TOj?4l=^#xg#k<+brFc|!QMLy+_VgE=;qvwu{
z^6}bJACA_q^gL(1%%#THv!y-;Tnapt*3>yITklj$enynWS(3}jN6e)H$tyE=8r19(
zDjCQvJF67w_FnSY<#7w8=bpbi;#!}i?YQB!K+If6L<ZPLr-J3<yKtbAuZ<l5QK^se
zKl4txRj^A{i1EJOyqCIa`~8GW>XwQ6X$##X=3Sk06~XwzAAh$z#Z^r&4kMhK<e0Sz
zlr;LORa+IwN^NX8+#Fi~idEWwKG8!*^3=jyQO#VNlTE^@e<&#Szs?Wn#_dR2xV?R}
zrxR+L=39fO4zpG!htC8uOwOa?Vd3Mg?(n_O;*^&C`-XD&=$(UMeIoJg#RvOmPZq@q
z+&`KJ-(&E<U-zVl;*VTIlz!FLx1pk1=U<Vp<sA)p!aeIk<7J()085ky(fLn}_~x(X
zX>=TF%q=@!%{o}DExmW0$T+uXv=R&EVoAB<3cpUU*@JjgEkUv)Lj7d_$PZ6;h~Xi)
z{V3H#nKLPLc)Z;aLrPG^g>#otU~`20=4k-XD-latupe(!02sMsd?aE}qLJ`2xnKu3
zsd!hdVMfN>jL0qlpzk^$VJJj-(wvFOXmEf%rPL_pLvB#eu$u@KqAZnAoN-KJ!(T9;
z2i_VC=bk&Ed$MJ6EY+)0x#$vkJ!S7@rZgW56I1Gv*j}e6J@c=i7WqW!bPj^(tL1~l
zm}S;VaLCEO^7Qna*O1zrSGyhuB_atu>znw-e8ZEh@AgO#fGm5~+=>6p-5HUo6rH(;
zxOi+<EXE%SNpU4kPdTE0w|`}1!ej+ayuw2_!T38^V(q@k(GbDLk`RyT$*Tr~Ub?9@
zW8}|40qT*J<x5{ggP(@Fy^|sQSCZ#0#Vr8)V4D`_6n-8B1tiDpAznU2h>TxcLY{`P
z+-d|SeSB{3fIu?)c_@ylTZYj<Il9m?dC0;*lmOhG+4K6|$(+`3*24-z{=#$lL6BmF
z@~Sn*kYhjrvkCh9EB2y5)uN0{?Xslc=^$ReBq3>xS^Cse5=T3eBV4YOO8McPh_-d&
z-ki$;3z1b@lF@rZwO=zHD-GvADW}PKuws--CM8`9U`w4I=8Fv<>tW^R-!02-$&XvD
z!>Y+sc6#pNt~%{PhfpQbj^yAtx{;;*ROLEl*)vgg7g!Dp_|et?MCr!)6LYVeWM!Th
zibv`~c`FNtV|BLB!6S_kyyqyE#+anT*f5h+Ge?I6SpussGp)4(5DH&fhTodu!te(x
zXzcV?fiX{!lR$Y|+Iww&TCcd=!6JP*sup>wayb;QKRDWcn-Wymi#{g~_Vbo!D-XlT
zVbpnN=}MqJ@p#X^%<oUZ6AzAt0+5YAPQYI4JM#GVFAk1%-^Q*$7B=i|bq^rz3~lMx
zPfZ0r?C1mh817V+MyM>omG0vfR6U+-^>>gZ(3QAKLhctFO4T7iO4_Ki2Z2V!qF*IM
zukC=6OWVJNlCTXQiiGQvsPm>_Lj0T&4~Bkf`vrZf_!rb5&6kXp?A?@r;OKQlBNMTq
z5=c|+q$&gX2P@ZJfAIiYgP2O4{IEn!ce6s|xpd9az!H9qIM}}5o{V&T=UBA6b4Pjy
zfYMN&+=Q*b^{;X5<ti|gnp|Z|^{#x@lY`WEl?66fxRW12m}wKV8PCmqZcI%%@h*mH
z53O=>_xzeIj^4W2iP8%N0v;bgA%P2#J!ERnr;NkZ=|i8lO&T;Q;i0CU?eF<cg7XTo
z{Bja*VN3HMiE{xva+RZ`hbULd_=EKV=mD#lPf{$&nu$Wog@lTT^=2OIUlP4RHZSG8
z8uXk^tb#HYC4Z1-WPpm6ZJBvpMP5=XRq+~xUsYPBmz%_(edIzbQ_HG?^aYVomml^B
z#VcAYGbt@W`LG43r`CRw9Cai;HZcU{v<C`Pl9uVGp?S)O$Pn-j!X`5|BUs!(1$E(%
z6PbZ^8P)J|+Az#oNXv$uKQCZa@h8Xm(yBBKi7;9YnBu|)_31$;tZ96*v*7DJ+B9-F
zJE5U6iu=%iw0e<;&0#PO$1zlj#%2?omcXM4nG)93R0lsXEAN)uRS1ce^_CHx@wkn-
zkxS6>sVK!b6@hWQ#+1Snj+7f<aK(B@BRhxqQivt)IL|huhAWYlyLsBzCFK#xzFn_H
ztnK<2ELF2LgGsqFE%7*UIQ^i!XWDJxlV13R#dOcXO^tVZB>h{&FUaP1{I7(cEyWke
z4Xx=8CuwzJ%bCdT^WI4;c}tK}N5vaT0Yd6HN`Y2C=h~Rt#r&)~;pWc)@@XyQ%C9vj
zzhmLfet;W?@uJm@YoVckD4#&u6a@{L^K*2=;6s;E=ONR9!Hxj7`DeY}LSg%ecL9MH
z7Jn}#@b4&VpG8)ue+_We?<zj3)WNFmWmDG_@T8##Ve$rZy5mPBjI?xb?2EB0IUdS@
z#}mj?Z(bp>cFDBLA&OE0qbk=;d{W*GR_&G?2%IHg`Xm8duw+n>%s1l0Z8CqO@2hwH
zXOxJ$YFg1K1x@Ph#-+J^X7WXzQHjwXq`t>*c1iTsGyeWH2cA6E*+Z!$kc?DPj+yFg
zN!p@3o61O(3nmwT(a<#CE{douc*`Okb}mB01m)w6z(Rhk%tO}<L}ZKyFr1{+wYj@N
z&z*!z{@wR$8R=-irLPn-n`1A;JKSv^tgJL9aN*rzyyD)BEZ)+v=3KZ5<)HtVaeNi!
zf4<fCO!egy5e~(+3%$~l=+S(N;a#m5d$wz8S=P%25$-;pRz=x$V-UI}E-`h3qa~np
z;7HfHlg)u|TAPmn6;XC->Ytqok6{!Xa7o#m!4s*>`pRbr2zK@YToxOoxr!Jmxf<r>
zU+&do4S5Er*WD9EFX%B|(*}NaLKU`2!J$<^f0T;i9;%-te<0PD?^{MtkbK?oUcd7?
z<#lwQp^s@)U`S}=eYSIB_^9@6<%XiIicao@{6mjUHK-eb!8J^$>V+JtaQyc3fAva{
zalJRApU>b17OAA4@{5a=6ASi)Kn^FX)i4BKX#TCa!{l4C1&d0f{q{~3oMD1kA@u>7
zPj^Lab~%Id#+YEIt2Vmh(JvjuuKJFNQ(iU}<J3^_lJ|r~&_AoR8|V3^43~XDmfLAu
z)0W_0b;7B@uP$<F$;)2lVC}-Pq{or(?H{Wpg*}umQ-OpK4Zyt6x$b#%giN?942yIG
z;(k=rHL9vFc5oqf6kK)wI6E#p$nJN5LtxCEcp>~SImfr@QbTMGrSs~Qr>G$@!}Vj&
z>3S()e<>+x=OOCqKS_t^PuPn7j(%a!j`hYni?8TFlkRnz_d?=KcDVR%p7{l2?l#>h
z4B3thxZc9f<gEew%9l#&u_9sXL?_{6JDsJ;UsvZXtp?Q5MQ&o0?LL5Y?DWlt_t4Q2
zKAUrJ&eR?vQv9xddW|`YU=E~%ia?6_&VrtJGxRxVc2BUv0hf#vH{n$WMkWQMb*|>b
zN(%yP*f~>fHjVfg`WX;KJL7iF2+7fN5v@4;f|a@d7$(QR4Tx&=d(K-W{Dtyf#9zF{
z!0^9NBXUw7i6<zK;uz7CR8iJ}aLlz@Oy?RwRK!3&jFUA5yJ*IPM7a%Zw)V0ernEn$
z#-4fV%gP|m8PmW9AjY7JkYs{Kg1KbRktKjNuxOt>Va&sPJVaeqx+y*E4|`wVGH3Zn
zHzC>TFY{;VyNZg1{bU7#)SS!BnjX75^|B|crG@G8c;83EC=s8aLens+;@6frzzo*I
zHEw$wm*jpV^cEF;-<Hb@Bb-a`JLbz;$X5X+-u=}Z;lF{jMlH!TqBfKTIpQG1Yc~Qb
zIf8DEInek#1NMPq|0VbC#U%pM_`e0;cPom5p*q|HC7NeSq^PsjJWVTdqf)FZzorx4
zOs|LghH>*qyTUtPj}q$o;lSIWtP=g%@0c^<5k|I9N{5-FVigJ4zA-B}4d}X$pO#Eo
zG1{qrK|%$DeN+P;ay_1Bjzc7djDC8D{BfzC9x@J$Sxa%5e1HE;4$g@RWldtu3`M2L
zFc8HPypE!}%M%hN3W>6Z_>f>AL+m4`Ck>EI)ao>B>h7hF(Wm}qQog^i5_*ij2^;rR
z9j}&7SE+0%_hVV+WM*XI_iz%$;t5R$w%tgw?Y%M(U213Wy}f3=>sci15Bq6KQ>m-e
z6l}<FTAF~qd$?Epo}7(S;*G6R2rDl~Q;m*7HGh42%a70WjhzOay$G{d@$f|(!XLS&
z?WmTFtg{WsgSF4aCkun=e<dYXKr=9k#y^Ap{05&)#E1z57v7$FA1>&u9Q6Lwu;UVO
zQ4Bx<WrTK_jjLL<t$aD(-^L67up2j|_RO1(SG^>{CFd}PagMIB%0R-T!X>Yw!sgl!
z|8d9ig2b2|K3(Mh-u(@Nc-zMPXTjrO2|wW{sj+-WKGIkhYQ5~XoMGTKo$<jfIf5g6
z!P1aR#X0U=q{P#`pWqV7FV3i6y3CWW^IIVju-r;!-Pj{C3fPA)qlE4lbLQlbWnPfP
zjDn1Ye}H7njoU;CjSw|)EV8G!RW^25K@%z75OHF?uyEq-i~g$<FF?b=TT5Y&kLj?L
zyNQ$~K0I~;b~%jj92poR@UMQ(#>>0QrkHAJqv*oAs%YWLgrni5-e!2I*2G;DqF#X%
z5HpshS;_6h4(UJuvU+td#Yl7~{w66kyLP_3dsnXGC)yr{Y4A45WH3_7uQ68i>Igi#
z7afD<FI!`pyTwAb3>58Q7yUFp^v_*+(Lr_VYdR|+!4X#3AWJ8w$80}yAy=8;(v7<^
z=s<fY&e_pG<BiN8;OV?tIoU2os8?&iyYR=0frpoU$SNfD0>(eUlrj#)u0CZdgKMJB
z>EVs%!rQ%N;KyH3GhaaZ_tcO1UJ=&W>u^26Z3ycS%S&PuY+U~&Z5&j^gpP`M0{3=T
z!QW^48G@Zf2eLcoXi9klF=u;JP1#O@fQ8#4tk<`(e;=wIrs(!teaUS-JFWnvYz2<Q
zE6KMbT)DG)3Yx3DX0^liIFvj|pCNG0#|2ZSQ{rDsJZ(qa7zEYR&EmoeUF3J^)``i+
z46X@pwRA&Xek2T)TER$|7(xZ)UIZGB4nwMGYp!<m>B9rO<;NT*7kQezHiZ{LH!b4s
zTxchzj_D-RY#)N~+kwsClUo4j{J=IC)a0tAJ^BQSxoLJYa_l!M?aDTLoqAgM#Zv$G
zx751br8!Ie-e%LzX86kC$SGGx1s&T-Jkd?CZZw4X!4_BcEM`Um>(C2kabrhWUFocy
zTIA)JaptzH&EGgvE=x0-?DDbv42XHl-D8^<v$v*Q{AfAejCQfAj(tF!i}5|l;^!Hf
ztr9umPNA#=%UTQlsFPMhw#6%8{lk%QcawVpSUt}=`;5A3y90S94y|v^%K9wS*vK7o
zxS4CGg9%PG>U-OV2n!lLm*vH5C=q2T`Pdw=JkCK?*y0zOEys-;<tH->bS5M*x+gEe
zAHIDcSWdP+6nmxAVSGv%+{W}q4Zz^X^&=j}7(2=ifud_*HGZ6h#^>ra=U~G2;iGt7
z>jXr&?=T5KFQo6|{gz>A(qeQ;$~Zu6Sc5!RhGdf#gxenaQc+3X-xc_ZSFJOt1nT(j
z2HGJDM>&S{b{C6$Hi%Q43VW9%50PJifb|J*@}eyVtpY2WpSM2rfRW2X2}KQR_!FWl
zVRkH`A=(}?)%IJoAFrHtQU*~zN_zyHD34gdL8m^OFkzd=fXWX-pCo9~s3W95g#v|b
zPAI@i%O}R0KKFgs1Tr($Ab%$<xK)t`#la8G^0T9b?0M-Kz(S6|+<Ewa_Pc=pZ^O$H
z|8+je4)={G5p=g*_$Cp#Uj?F_1tH=Tp~9{QifXojJ8J7%7!dU!C8SP&mDj}_s{+;a
zbp-DA4K4xIJVjL?H7761)6evpwpFdlPaKwwGraZL-nsx2v@80#@6KlpT*X1~Tm0``
zt>`duT_vTl|3_bIQsio)M5w4r``=-y5o3fNe?c@`$BBfKDFH35KCHsY$Oz}=o6r!|
zZ_&Bu1H7x8I>TI$mC61xt9|B<O4VO)2pH4-DX~jM#YZ&(f6op**q59q;Oo7>S8XJL
zeWA*pVkH!-D@peJV#Du`r7>!12iEOb)_UJgSNBG?HBwCU=;9j)3t0&s^rP-aq{8Lr
zz%S|Nt{-VCFhBMUK7N1SLT4f&G^+mjtPXL-0IL{P`eFALbDQ$ga08c^r3Fta%SWNY
zxz)(eeI#q~@QeAHkpJ5v74SQ4>-+V1EV5m^m?avW$SM12dgX!z`=Zr>RQba5d(3^h
z%f9+){eso(<$`6_`GFay_0YGsgXV_gan)=t&FVdJdGG6FBy2~lKL;|Q)uidGe%)$9
zm72}HG1%TRH8G56E_A!OrjvYuhnlBvs>*UYSu1R8lPjLG7vv3c^uWN)Umv|H3<Hk^
zp7Znj^uWDR{T8n5h6&dm?{*9wtIimt*>V~E%e9_I(;>P(Uv}X{mQJr2v4e5b=&_r5
zKI2XT!oSCb%-BEkH5<>U?r~5)<xB@F6Teqi7-Gg$<L?OLS{g6W)2v>z|MLMajdl@?
zlO@H6cW<w*C}r#o=x$z>+s{LXxL3VZRSsh9M0jabwtblScf6@B6^opqZex65@r@eI
z%91&;QAbHrE>EHUUaOTT`*Byy$*bGI79ncC5piGbS;5xL^9;QRBl1qTpnJUa(@ez9
z?Cw)txjOo~DdAy@1v-~lQTN{+_nf}Apa^8EHT3355?Ol$guhY$L*zCL5C)?R9Vf^;
z-vD1ZD-#XwEk-FEw^TO#+xV=is3v*uCqh&s5nW~KW`bjKe(E*y1QHeZ&)5gm)Fsq`
zteaAvs$y<Zm+-z0Ev0P#qe01*aSRe})zv7-q`hDcNL=T?N%buj3AC9YaJRli_8$tD
zW<=&Q9jOul-g5DMD?IHaJf>)g@eD+|bU(u@jNbA>c0neupWgwVUIVhTu`$`{YRt%3
zm42;~@W8|a4W%oNQVAhMLKx3_;2<2?p&<+t-Z2uPnwzo_x3x6Iz$G4%vywq#OdVcg
z5K)a5@0Nodc_@XlI==p`VQG1AE@~>w9FSeSa>fHrauSxn;8-<i@kvJ)-%K>~`U&Hl
z+090((gZDUF<2+VJ5)<3+SD<=G$)=<u$(CcWiQ`=U{?+!B0+O&%a(Q~yMi`N$se1a
zrQ^cqKL$$B=Qm{MlfNCPx3|CUyk&K5*mr<M7>8$m>bSDN(L?M>AdJLnI8j1<Lf{U_
z_5e4b@(MDI$<SpsALH8^kD`8e8r(*%`HnyQ)rbu$E2P2Xl;{rS8~NplXHLO}=>l7l
zGKDMa0W_M5XoS3FN_k=&fOVk-+SJ(>X(zHmED090RD(xZpVVhvH(-<EVVVy-QU#9;
z)9<Bf>+X+R<@GxUn@S5rr<D!o>UdNPDu8(nQZF8C(g-Gd;ps)?*AdD$`I)aBL|(he
zuhbucA4bT@C8v0Ki6>`*<J<4!F?2<y?@GhK5k0(lJZ2|YHwl7+U(1s9H(ds7P0s~a
z$H&hr_MiV#^iAf>w!V0U+CxG8GOE0w-!nuXl34ysyZw~fxIhL^;gOh>;v9Jc|GS+U
z%QJLL98qg+BQM1CcxkZ43D!l0K2?kw4eZ822d?-<l9Ti7L~`+g^cy`SIxL}xU~YxN
zBfGQfqcfZ)&;92v<T3_=GXlifq>b~@)iS^FU#2zLR3EGHaEz#%$&+M!CT}1T#Vyk-
z(7}W2!-rjQ15lR;BHGv7>7vI4RX7arpA<wDm#R}~gT97Aa2kDP&+cDsHgRf?-h-$n
zS%+{OKF<=tuR*@_Y~YrjTY*`&#Xz1GK$dIDYV?-VZ_i)ARjC;W<cz<$?1Uw~Lixg}
z)cj?auZ*FY=YwQs6q+-IxwojpCoUsD<_F8?Z~{{VZg)j(HqePIZ#$n9T41<>=tw-1
zQTU}pvl;J~0#F{Wo`n5@F;;2N=ExvmYh!akciu&`-$L*qZ`TWrTmJ5@KVs^VBXx}D
zoJ5_F>Ssj3DfJKM@BKsD5F`3wqieyld8%OTK@!gr@3{bUJyFZw3$WXQXbGCjtXTgM
zCx$bCxUfto0L({KJ{lxQeih?kdJN*w)_eyoOrU`d9S8$`90Uim`|#5OPC8my;P1~1
znHi;!p0k#E;q8XPh}LFo=~x5aZ8^~+)7lJts<ae+Fg`g-S_HOE%b_*;en_oeLLZlE
z37lc)e_x&U`Cv8_;j-^f;OkO`)`)*{$SDHl+?<H<GM-lWf8uW<{9|`;#}H+P1QDR=
zB}hY{D)c76mojmSsJbo8RBWJ*Rui#!g00I+!UOrLFoO(}vShy43pO7F+@R}ovA4;z
z_Nz=mM<*v7tJb+w(hS_D;H5z`ceU<pJ(Z^;I(PEl78_pUiAwHo#Y$aqhrZ8cvt$8c
z&{r=6)ujU5V6WGs)}SVYR{;WJK?yL<$Zi$*KNKkmTf*j38w|PrzT6ow`V?g=Xc*@R
z1^Mqj*=x_2B>tOYth;YbEp_uFE5P{$-7biKq)y|Fle-|f+YSNBR~br=wDVmSWpmCP
z@F?M=ZW{mXrEJr|KanxOYzoo7yazmak+iMDN6W;OLU0*N3MPXYe|?mR1J&DFMTRyL
zy)FKInmj)^u*C#fIayJE-hH>#t%qq3^KDU>1=6&2(-bN$#2++M)~dt)L(X9S5nLMI
zL7AdDNF!cMe6GO^-zo`xFb-kKrRm(ABYNqZPPN9pXBUhg&XiOtBF+v69}vNd2`2>g
z5C^N78DY!hJYFs2W%$(h{9HQY$Gic~-b1QF3)!#H8;8+kE;n2gf8B7TJXMu>ZVmo(
zd7WuQtqWT$jka(+MplgqV;qJep*WUZ<cBYu&*L<unR#f75aRO|g$8Y~=XL-Km)I-#
zUOOs_XV5-j0Cq`BEkpZ(3ov&$aKyMDG=+jXr%plTU9&Qp;^bGj4*i1Y_rGv2v9L&l
z2oe0ZJBOt&lv}_a%Y=WrDfg`D;8vqEfl<u#sCxK!vXP+heFR%c^#mXiE_qi)9^O+E
zqQ#gYzG7mS)g}Ac6FllISV#vyo_4IH7Nc1<?rYeSN+dw03S(f%3`wa~(RPLwU8G0{
z&r*svLeaUt7-ILRaO5fvyLv$qcV6Tl$q!YwuHJ=}1kbVHe{_53*_yUQ?#y&Irl*t<
zVH*S9^BJJH{WHlhy|u)q@I4!r_ljZI|Hox*${X}+M8Y5MmP6Z7gr+hXgOA?YqBxGa
zFMo9$FE;=LroCazS_h5#oj_ksXIw_s^4*p?-hEbNffr+%hix?7X&(;>=Yjd5A@%xl
zpV0mHsoY4DtArrGL?A*JD$$lK4Dr*|H0cu^t}<3+>j)tD79D{kNW3$jy2icVHV-al
zK0u0ukJaBp_)Kr_`CjnY)ZS7NE3^ZYL_ux3H~`%xgslTs?oXe}OuU&or|qcdx7e<E
z@F0IdDe=MU$!e${+*W_>94uGe$TE1|O@${+zV9IBAUWYN_YsgQU+b7)Qn#p-M+t@<
z=Uk(OIdPHNad?C+we3S(Bz=sqk-PFSQ=<tc&J=OsT&yKi#9H2GQ@?h-X+EN2rJA2n
zU;@x?H;9@0pmkf53(#uC`oj$9RWaM+x=UBskJv$Wnc{oj-NXMxugbgr#s`@{gsJ`9
zE;RCs)-|BKT`UBvQPPBeoKP#=QLPMvuxZ&?iKAG0IiHdiuh=GBMYGK3gU9{@V4bYW
zCB!ryz>H1`kdGcF+9)rh87CMYfaqkrQ7rFI$VxjV1{K)aveTMi^z`?3(={7p$9Szz
zbeOgnd+_iEGUInL?YA4Q0aUX$pnmCZ?{id_*a*#91}^|#pj(5{d2Rmbo+;=AnvHx-
zimv(jCU%FiEv$pqJ;EsaTvN130vo(cF4tT>_&zn~Jt}E5wlU^h5*TU-NOP9;gzy>^
zI79{H`br+LFIP*2vhjsa7|`{_pVd;WHpTr1-|jD47@Jf=N|(6SH#BXg-Ad<K>&v~!
zYN}CJt&g5J<Nr6f9qG03y_uAM)ROAd%9b)=)8Y$qyra&K7R{*Qah|Jx7esz@*2lQ|
z&+6LJ=0Tsnk2wI*VT;jH;dAn)<Eh@*f-YTsPi{_)&w_@IU1^M5X{V}7l2<9e&N|o5
zB#ULnkRF4PmoFBp-4)%2jAJZ1w2PS{h0=Io!54bTi&Xv;5`}N+f>;(ZU3Z?H=d3}X
zO~I=KkI#2|Ajk2c|7kbb4)RJo3>yTrE+9rV6h;qGvjKb%Fx)MFkk$jrSk>l!+dN-C
zhzAJ{)<uHqkDlc9J%1Mqw%mha{d2}xecqeW&t1hotZXhACP6W`e6v?`quuhi(7vsd
zU@x0YOUn8C^bx0QUt^yOhJMc^F$4<J2MVv#V$V_iPHX0<p~#N5Hlnk(B<LZn*Q*;N
zwaQX+0y<1(zF1{#f;6f$zb7}yS#@x%C)X@2+xof&Hp&R^M{8$j!5@Sr1a-^Z^an>T
z+cUfMY<}<<8DW4)0AaZrnoaCpJ2=>jpH0Jb$H$AgB7?ex1uI9l5*IyoeRjdBMR<En
ztE}+@&v9Xs`6?Zm1ue5S1I&qt;fzbwzPo}v02vE;y6FC}V|jDL-b<FNJhFV_*YV=U
z#I$^8dWdh6$UXhhs!yp#@ViwROY(Y-pC|N2)3;YD81@`iu=HLGH?rI$WBPERBLBfl
zRLJp)4+i0>8(DiPhYQ8bNI3JBk=NYeBf0UiSmWWn{-pbLXySEh4lnNAyK{O99#4Y-
zpl7yN@y}1}(gE|s_;q8P00^GNysHb?mQKX3rvEw~AAQe686*3tkSiWy4Z+M-K=mAT
z*PCvxDKB0B1uQO&8PUjyL1Zy;T2WP>KQ&qyr~hc7V<V+5#<vouY0rj;7^5H8{?c|E
zS1!&6Q$NZy<QYP=ic$SQz!n1JS+HWFMWyz#<zQ+4ctSewBU`iD|NHnRkRN*IGe|+|
zP4Fo-dPb-$s2kGap+;k(;AI<&3a0*r??A$BR`fDh5X6uOB?9Mv5}Yqj5}7wZU`sS!
zZF`tanNR_qndW9_Db#jg3B&POnZM$|*u#J}EjXM$Ko#Q@ARuu_%meVy82q@h_92n+
z!D+O|X{?4fM5uE>pclxdy*&QSs3JKTc_Y(9bvsB9h}+n7h-^ufu)$MeDET}fjI@hu
z3d8<~(=pd^g!lI4!5_(_aX!C0xQW&QXQdiG4{3kM_;a)$bzdRL+dZ)TCvnH~;Ll;T
z7Nji4#y1;dH~w>u7jWR*&YGPAJ=3^t*gn5;E(1!GAK_FdMmxUKUMS@@$R~^|+$2#C
ztO1^sjUn5+38AMsGULf*K-T+&BYf1%L4NreMA9cT!3DCrur=Kg{4~;}_}JX#i--c5
zkC&KW4?_q0*B`e>!aQ?^!B~8KQAhhWV|#OMBzn;DZww_4nhnqr52uT&Hdii(04J+k
z*Bp!*6Rg`8JUu6vCN^6KHMy}q3Z7S-pBKJ8QcceG0riKgeceJlFITnedBbVmtyOLm
z?f-5|Vp)!5b%;xjaTJ|GO?;2F1rTlu8-GW<tz@rWgWB?hC$>Os+UNM7O|2I|V4{xe
z17Lg`8p9~+13(cd>&a`NOE?%!+8hx!F{oFV=o;5gB#4JPLp|WfGw2@lBR95TZq4Sx
z(KZ74xtaG)6kI|Mhlc3i!~ExVT^mV7U~`OlT605qRi~60?FV)uFj<3b5d0Eb@B*6L
zNa1L*F}4CEFhHVTGt>Hgp)2$EL^{&68CF@Z`(0Il<oMT~eJP=8$zBL>Y$U0J24~>4
z;$m=ymSbctSWeYCaJ~3(c9nawF8B+#G^06(+uj~#>lq;K@>)#uUT~Q+zJhaEHiwOa
zq^bq)T#j{h^m>RkaX{$Uhk$LT?S^u*5cjo)PWsz|`8;*PER@Y7hi54_ie1HrL!fv^
zeA6iqXwm3t<h~6pjon1po&Q_BKuyZ~a<zS3VLcM7&GIFP^Q+s;ohSI$DrLgm4yF6|
zNxtF;s|YAPUl1!{l!Vdr$L`TpNgHTc0_6)KYokyab#=g)qK*Gl7b?ot1x)cElHA`N
ztw@jfAK+;jbd+|>9G?Lw6<(pR#L9S@$Y;4gPtT##?1SUOZS(-R5Nt97>)Ib2M}kBQ
zNDrqY9tVfzG=?0;{G*h*I`m)Rcw~5~lI{NAGgzgIGar*6GIe0S(~OAu@)~;6hX<(6
zl#V7&L^dI?DrtC^_i_kp&Or!8pld}Z>8a)S{!QWLPA<o8$w)I*Qjr%){M4rBvzp5T
zi;InSPCInm%uLN&4|v8~rSLf!YSl<=xK6z^@pVOr6iO)0oXjqqKeyC<dB52OU>&*r
zb`vYuwx@c(6F?OBZK(9r;xK!>QCAU>eB(TaWU9v`MEg;&e*@~=u|o#KwpNf)GSx$G
z@$u=Y*@$V}B2p4rz$Ai^Y^Pw7@@a$u5W(CYO1ErcO{L)&MHO$ITeIf!y?=&q7;T8u
zjlmsil40TARq?XL?N=_pP|ww&Rq&0b`C7-@ypZRymMKyfh6gYw%kgqZme)FLeDzk5
zQ+GOIU-Z1$oK`6D96zuR+%&D~`d+-jauu)-FicKY*?a8}JJ*I2kVm&$XSVtS7!!0)
z>@_H|=02T#5)0gGT5*92Vly}AO@pdj4)IAyFiZ}x4E>atdQyTn5CRx0W9I3#p>3*-
z4j9^V(w~!{SXd4ro*mx~0F#b2E(=9Q>ZD3Noqq9qo`@_kLmxFj=euUSD<q4&o&Y}k
zw3d3MZxZfef%B6^enYv$d^0U@q6l<jK+_S}rkkIiIAGc-h;*M=sZsX8q5NpFQ=|QE
zA&47grJ|4_qOX3B9L?Z%r*QM@LJV%hjlR$RSoGd@97)a~@@j&~o&;QiLvarZJaW8P
zNt9VNg&u8fYm+<&3mSiP6dR5F%aBCCU+eqAA9b+>7Ju&Cno#CIk-a0pzh|b0zIii-
z1FgfC6&lyZ6;vxzZEfZC-%4bb!D)P!YxcX9rpRT26KboPXXCSm-wEn4g_d3NQ4@a=
zPF8=1ppaD<TWO!t=u1s!9{zzgT8itn!#UlOv3^x}k8T*io+0#aR)a(;V2plQ!ID=)
z(0nl)FXV9YUx{uI70GZLkh?uBKU>w&-N*WG1ezbCEQ3V;4>q|B-s_h#l};ktgLkO>
zJs11!0TSVNJ5nVA_1UR3Gy6bUujM7oIkW`$rb&cNClupLqxPSLA@9o>p|ntPGPYhV
zb-zj_(^}8c(7EwM9qOt1=lK}N^Y-<cm*uzya#2lrpP%%+$mfO&fmcNb<zou_DC=v}
zp8RZ5RXkh#{BQ!d(`0nF!tn`lxAOf@Ca7^gHMOli^Pqa><%>^Ky0X+?8@cbMfd_Nh
zRF>J4D~*_x)w--nnd;5rN`qFjV*9fyUe4|4vMK`fN!MB&iWScqhbLQd_1e#G%AeP5
z)1B<=l&>z3zK_lWs-~N;y5(o)D`h+J<nv*t3lrKla@rJT6>9Wi`zq%dNxa8iz=)mw
zAnb~$@5h+pYm{g*8RxZ)b}!$Af(@u4Jd?oCkM<2TSWpuR^5x?exH#*2Kz(Aze{?Ad
zpkF?pl-#!OF!-ktW`XMD#`5X4(X+A|5Qoe~w$w8qT|Wa%d<7A&zBr7un*t70!(%>Q
zNkVCTM}O6Q`S<H=r-`j`s)S1kn#IvFN)5b~&R9pf=tLlvqDT5P<rlLVb#n$SbL+vw
zN$fbYKFvM=2mKG{%{&tSTvPiSgYaoBpZM-EEK1oTXpE|)@Y)UOErkpf1n}X@^1P*V
zK>7MJV%`JrP45H*Jf2yyPXZ6%ma}F<IdH*~i7R_PTp^Ss{5ZFsoz<N6O72%Q1wA|u
zp#khK$VD4lVFr8*c^<S<q!6xH(zs0`$#oAV?23V2wDftZ(#PlHAj|hj-0v)=Lr4?9
zRbK!$zHfIRW5=Z|&;#1jZBFl*T9?okRfC}}JT}nJ^1DrLnN#gS#SMhXt<O<yw#PpW
zv5Laf8~`o0i;+q|(A&M=fT<jA+Xv(X%7Gr$r}Vu>i6gfsJXDTA+jsVK*8tK`*2kuV
zJA_;&xqqS-!W1%W%BP@ddGPj7uNo?DH=9>F^h*vj#X|mGz?WQ%J0HKtq`9;ygk)Ia
zV4yR>9V@n-l4Uc?AesWoUQ)8xH=p6uUXD`-@LGZGg8sn#4K5ju08NSwxrt!VWp?)&
zx8@<Wd6jMavkz$JgLYyR=P&5GiwA!XRLeKJGXtT2JtBH8o_7@b$N_|~di+qioYrn-
z#q6gPC*2n$QcypP4l;KI<JmtJK|4<Xz*U1~i{gHJ!al)YsCR<nV~3n2jLVHIxandG
zz5WKedKoBpt9m_sM%q&p07(?&9fA1MqlXG?KQ77mw%z%ox_tJI^eLf(>YDT(ro;U<
z9y{!roDQV9ev)aESMEb6R{XZs|3IM7Ci-Z<%IX)<=a56p3Fz|SLziTuW$C^K=)Zer
z@#%%)H)42vyO!h+PV&GWEcheM7HKx=3%AJRm^|hCfcOTIN?rwU2NNi_bcGeHu+@o!
zPJs?rzV@~^{s*|@786a(T)-G0*)-|YvZtt74WOm>qHiV*;wofwV(jB)Lu@>2u&@GY
zGNuJLtEG4n%{A2H33M~!F$M!x*yO`Z@H_~3Zv$6wpdULkq7a{?=QgGe_^(-qq}%T8
zuKmAL%_%>Nr$J_bJwOIxsr0*WE+9VZlHQZ_WAySRrlWp%EX*c_rg^(cqKG@Dty5_!
z5S04$SGBTRzo_&lM&WfNZFM-l02ZqkJIlG<BCP3)x%J9t9f$pX`x`J@DcJT;6L3p=
z7?S@yfp5N209p68K3-oes#L7SSD|SUp-$i8Af`0OC;LF<2JQVd4vI){8_EV-GfV-_
z)z8W)`6;0u;Qvq%b_~WM!PF``Ge%>Xg3*b)lgXC>r;SMBlGdY>pc#>zxsF4#$S;8B
z{n%1JN`K&Fz2D_L2VzW5eC!BQDe&D6iccYxg&oaS61M&SDXvY+^Yvs|$YTW7KqD3C
z^axbOD~w_`^c9x>acsBH6H&tZhjaA$u;@;6kM*Ha+_h58?OXg^8i}CN4=Xkq7Zs_{
zbV@eiTegrjq;jRsO#k#?y{w3q)vx(B<XxMW?JP4rqEwuF8z5@<&oxxCUMIFsy2EA^
z$J?J`7RlYiKOHB3*wnf2d1J^AkG!GbG*!!LC!0N8{+(j@C-m}LIKVma=*2$_dH^kJ
zVX5ACd_)37JAA9tAjg1#N9M}l%RaF95q^8ity)Y)o6fPwQ7n0SMRZhLeVzhWvTxrD
zrR=VP-l!Si)`7(7HlH^)2YHQ%y{vJHK3?i|ixZDc6JJ+3cdcNhZHj#rgu`6<{_*K3
z^cfb-k(O=Nl6fj@cZs&&;Ch-{nG@(Euqho){z$!$4`c#QnonCu4C3!b54C}s#Q{v6
zh<(q8!h~M2Gbs7svJZFBo64@+uTbMj;Ma`dvw@F(0>D}$2Sk-ONH8<}K|kTTx(&20
zu|@be6il{}g?qbGG&G3ULxmX2d3)?ZA6y#UTNa9#<JA0PZ~lN*BPatKr`#UNM!`eX
z+?`<}mu16XTW71pXA&vOsksAjm%A1zVyy%s{x!sT3HLAqXUyuB%<12KK@GzNxx=q!
zSH8{UN&v$t0_GWQ2Fw8cweewPIv37Gd1N^A9Z8xZe@|{Y$RU2isC4#XS3IstnpE!u
z4{MD~q^W*wT|pY8uaFVfh#-^%n!IzTIsqLkK7KT%OtEHzjaud{&Hk4Cios8|euqv=
z5%tA{2VZ;T7`=cso+?lS^+z(s4_cOcS_;x1{-0_)_eq0lXIW)}B)yJ=l2To&I4Nec
zTZqNBXNtyV#BO>of4a~a1gc738)BVD7OMzyIX6Y=ck5)1tqb>{y)$}ewJ^jnY;UNX
z+9D%{jfrhcWBAa@)6OQpZiL$Hkgkq<%qf_V$q2=<4dr`8OcmHEgg;}gQ&AiosfZ!e
zXaIEwh(v$Gqdx6uT%qEK{IQJHWZ!}X{*a%nuLGP&a6WPM>2JD8d~Zm6rl&Z{#I}WL
zyzHR)<WCX7b&0*{%-*7Ov44YazJ#5g!B2>0fp%M341>Dv9L5NvpRwX-n~fWjA{F;t
zOW!_P0(_y2=H&BVwEe^HLH2C;aHpUrcVOvS@QlLymBSr|p}j%Y)*dVS>$UC2A-gT6
z8?;UAblKPJ`^ZIovi4TW-XIPffp>TqS6i{dPCQKXoHf$A?>lLQEYUBk(2+)V$UPW8
zcVxE$3gDj0n*`SBFgMf<v?AFEusRbC>z1BAFuj+#I-9Plc|u8*3VbJ@?0(h}!vScS
zsFj2etVcZV_oCal0ll699Q^^Q-{Q2bYKM)r7Dcy;my_9M${&ll7&hd$=Z`JA%-S{m
z?l7aJB-z=d>|TaBtEP1DeoKe@iH7GSH3=7B$+ac-TJpcL+nw^obBK3rT%nSk!Ya|e
z9=_;KB(vL*&;&oSP>qcG*eVWFJpcj5;A356r<cRu_TEwEQqqyc-UWY?jNI{MTO4!a
zKJpyDJJU^T7+Y9#K>QR@)>mv~JldRnMHkAUA;5yT1*LVr&02F~Tpv(3G!*g%iSJK(
z^Mwu<Asf*kiFGV~*6PRU@XA1~VmA|IC2+ZK_a1MUj6z}PC7F2KF{mrUK>&2VxR!5@
zQu8#Eg~lNA0=rnUs2huuRpb6>QU|9x(j-!VgKslQ7CYr0*tjS2Vb`$IoP&xX*dq=~
z#+)v646UOl?VFm401q^xl1W9Xk<o5z%^tpN+3?d&qDmaeuUt6aAnjzk+@B@s*n)Fc
zy`;G)_M?ZDR->yM-Oh%^Q-D3_a?tRKJCnT);qMZNh=?HU1C%gbatm6P&Yj3)++})_
z=i2q*H<R0`{ES4!k;zm<XCqp#yd7NLYK}B-cNVSCb+!8T6vq?KawJU4wfQs!bAZB!
z$5eT{oP^ih2{U;GKn<)RLAs$2G1)gQ5A1dIx*v>R$K>=a<4nR00oA#Z-VQ<oII#8g
z)<QqV51@1MGM2h^xC8<aCwNjEMBzCU<oaMv6lzKhFNF}KI83fp>#cK<*)zIviWu?(
z3ZjDH#f0CB@a#$U4Omy>s?+kh;vy<av|LE$@2n-lML6S1OstjRY-LR(0)q)?Xm8G$
zJdOMIzkBeTQ<*&G0(k;Mu&Z@9Y+$@`)}^hVQ)v7F^<}uZ+|1$&qjbjQWujX4#$WhL
zO-4#)D^K)|)7$bzDAsH>&BeUb6N_-(brneokn~&}Xs8d%GRnC5H;~x(krLktW8<cB
zx4#;mEXJq)345w_zAu$ZFBPEFBgOM(BlCu0{(3YM4yyml1W2KLWMGjqb=rGtcL=fz
z*0B6wL7j?M5R;stQQv+@UQ*(7$Q2!fv9TW*Ed#6&)K`C$d-qtbo6|VFa3pjMqEN_v
za!1{dvBbpddxhG4uQ~XLwPDm6N$;1&Y;hYv+iT7{6uVe1pJujSQ#Jx5lrY3Ddk~s^
zpWg<v!N3bS(Db9Dz5R?gZnu)SX6xR9ht2)<VE^>7xT?YdSi*IweKt|{jhN$l-)(<4
zY$;@|2=(Gnmi`91_L#tuBgmJZsk(cO9*#C~gPB`+D(n)5i`>j~Ztmj^4u0vvz&1|$
zAd-3nN%R?-f!b2+C9a9uB3_WMYY@D?G~9ur4Pr5X7yUs1|7-ECMKS0RmFH~;8C2u=
zarp&ClNnS@1_!!+GGF-&a;D&$ZYyy$h`sM7*5>*l$Uy!h>h;D(gw&C&qff#+_9;}(
zUxysi`0^?2k>E>gT4NJ9RI1?FzL0vzq-5Zt8#aZb29d;ibxA}O2P(?!cTZ<_Srz(5
z++A0ov={B9I_CoQVOG{1+U-eE_esuwohV3udL(09gy?&@E_2S3f(uBHkWl)Kh~NX{
zE5iErDN6PBb2f_&EZWiaf;R?{K@>A?bU@qbW%&(!w=eCzjkf{p%oVtRHwnFsHZYih
zi7I$7s%^w?z9yDRl)}+s5$T0(Eq$0NE+GJli+Z3M=rZ)VKe+6*>sVzE5KPB+c>}!Q
zs2xWt!*v77sQr&FamqslG>c%wIezXS`5W#0?1w``m-r@t`(Rn^DIdc9qJX#cK`6Q@
z%VejdNopk&L$Rnv`oqOf;}IDJp}Y^e?E({5F<w0^^aqCmFtPok3IjJ82CCDn{|xwM
zf$05%(lUB@qFXyEn7b1rtbe=mk!y_>Uo|WtNqRDOrhNaFc>sT=Ml%u-M=ncM53Pjf
z)(8peZVaNb+C+J|DbDc<<#fD`TIO`dMvLLu->B?S1!}xG-UIS1IJz=6hgT@RCUuZD
zQ-M3vmG3V5YY2CvCS=i9TkLORsQf_S?lbZ8jxWf~R#}dvHwXS1b$iOMhY!Akn4Kgh
zba%Epqj(|J`47D4&z>a1KscNxd~NXu#lP<=nwO4)h-&hV7>Crtwgm^frTGVUMlR!*
zl(9trBP0jg_=BEAmthgOiGJ-M{~jmg9~ZReza26E*ido)n;fg`zdHYqy@c<J|HqD~
ze-88SJ7WHE4c+1VJrbNhuGjAdwqG^4A6Mw+fPM;<QVHUxYNrmkPYZ6xHP-_G>yzr!
z0rcge#{O>=IlDarRP6u8qsdUR|LyjF`w6`N7w+oJ>(`RKznt_A-wT$5!V^q;&0pcf
ztJ$+ij=O+^f8(!YwelXRZx{pO=J@c8f81Rbx`*q_C_<zYi87%seTkF6#l}B{>8(rS
zKI7hR7+?-Uu3Y?<#b)1j#Ms4ej31gXR4d+eQjg(^=OQ8FS~6AGD=dL@TEFxaDNDhj
zjfl}Th$Dx*7oPTCLP2u&YZ@ber_vUMOVGM3oip}*3pLh%_OmsIDDeX7ei3i{e_9p-
zmG)l}|I>6l>fZnN66)fA@Ed^uCYND+?gh&Nck^Q8_|eLlWZQyQ#Yp+E@wJ#9(jJ%_
zZtKKHy`3RryFEj#J;N$Qi3*gFYb5rKD?NRtJ=fRuOdnmieV0OZ^!?Cve6lXb&SK%Y
z>C-*!vcxYiy4K+w+ThLU*_+?~e|-1*+3zpjcI(T{ho<`f!i$rQ<6G$?cP#_4D*b;v
z7Wsds!)eF=vzJh&|Gi)tLxfuD|3BzRsep8n)IX7zEdpL{dDATbds+Yr>?e64SbUiW
zX(5(Q0xz8{A6tXfxlAszhkp{?YTo^T;t1rqZDNms<D)<VtbITXFJq5^e-+2^@y{?w
zykwik2{(BR3osj7M)H1_L<V82$DjaG!>_{p2!~7PEmsLKliG=oqlW%(h55&ZO8q}Q
zmfn9So&Wz{LQ5pRcGIC#<a<)&>Q&wGXWW{eq3OL3=kO$?IHdyYubTnw6&8B@?GFzZ
zNX@dC@sa5cVwYK9o3cige~Q?}&rBL=>}9coVsNzq9@IW4f=W6Og&m`!e4?phac#!k
z!fB#&oDMp(MkTL<>bg#v|8?|#dM%7#OMk#}{XZH{CL;dp=x{vg^#4AB@W7Kj3Md`~
zc6-g~)c!smeTvmqY%>62)l*B%zp)7VlkB<QvR!f$I<;D>3amg9e<P637fC--vfpo_
z(AC8TK)3SB=jpUuN?Id{(kMO6yojP-&dyGVDRqo&U?%aVAUF~c#2LDyMpQ>7G)I*b
zM>2|eQ);7Hv__SbMr9>ZFd3;hj4DUNjWHI9TtytGklGffgubaNy_Sb)EZ43L15r8w
zoL~-qQo`{6>&ra&e*l*r-dDmocnW@MO2omNMmd+rf-|J%4$un;BN)ILkwDJh=2M<c
zzzx@HCzx|RV}ZfU3kGP#f3#fw-&Z|>C}6NbF-aM1lT{c@z<~PHqroPcI|=k>Ueu4a
z;2%;#CyMg8Fi7Gp@rmfOB~UR3u)A_;h?nf2i;&L}?IvB=f6}KJ$6*q>p>Kn;mnYm1
z7l?IASzsCw=`<zK(G%zFKsux9gr)>JEt{lO*|ZE{?a8g~J~hhCGLKaetu$a9E2UAn
z_nH*cSz(zI!}YaQs70|^nLf-EW9^oFID|B<*wgATr`0E?5nUP;L{MB5R#gmzZMEPd
zsN|Gl<LG7Ge*<bS4eQn}bY4{=)p6^ScgbzckA|{AE+{D`6>gswzULsw?!>)FrJeoR
zn}{m}PE76;xIIPbla;#cA~jeWTCnG(Io!^YSIPvYB(!SG0Hz%X_kPK`k>x7i&DGw@
z$#S$!ysx!PQmu_vGW{ynY6Oa6)UDI<CG>HI8u$OLe>i{GQ1$*h8cO{C)8o$mXD{K7
z^8bMD`oH4?>caOATK&Hx=MNhy^uNsiGdh}#JNy5=gpU8G<Ns04{~bAh*id2rF+7&=
zKc|OB9scuP!V?~qxa0h($N94}5cUIS04l++u1Wi&K(O9BVGy5rM-tSL1btVMAO-G{
zn3%*{e?^YK{E~TZQ|_1aCeE~zcmoei#+BZ*N5ca%bvrlhkDm@q#x38pM+auP|GQ~V
zhu1u<NeR+(R@%b5Ty8`WRyj|TIme5HDs3>G?<WUS2^jHCBuqIjaeV?N@hOiTd?}!(
zX@4`xbC+!nym@3En0Q$+ZIeOiG_Ma#1xlxBe@})7CWp~UKk*2irae`Ry*7xfa-I5V
zE&Alp!ZjDE&0p!VsDmk`^ink@Z#@bs;kEOon|nN!nj3$r)7-6qU=_8xkp|DrS94yl
z5z#4X<m^WDUIeU~CGDbs)M|n+ZDcLQS6+-h&A9JI8-Xf~$Rr(*gLSKu(p=@#?>v&6
zc!Tj4BxF^o%09#B)+Mi31WpQPe#RwaM=(yk3(_{16){=MhsyKe^C1@hT>-_p{6$X?
zuGa6v0FvrHaQN@C7Ex`r%nYv^Pd8CR5vXoD%XR||=Ss!+A4#L7Bk1c0`Z|KXE_9&_
U4<P(s00030|KG=AxBz?&06g{fcK`qY

delta 100007
zcmY(KV|brI_vd3fjcqixZL`1FY0$>z9ose<qp{7#Y;4<Xym_Ae@9wp4X68CGbH5nf
zGoSN4y=^cDl`wJDfR}yE<0ErMyH|VlLl@XYv=RF~e5>DC<iV(oBIcunP#hY4UQg21
z0ybD2yntT}ZtxpSG5;i70@)5D%Q6I*A72ZC9xa;R1|#8Z)J+mx82lwUjhR-Ii^B#4
zXRnw>=5Ifrv;gJ2SRJqs6OF^Lb<*M-$h^_U9=kaE7@3|Uz-}0wKiu*6x>Ws4<zu{G
z^g766`ee~k&mv??Y#PO+FBA#|Q515hKP-$7$)2^LR12IXGy$AAM1c&%9gPzhZ9Q$m
zpxOGQB{hiPhg>87h|pV#0gYzq7xtoyAM`~Wa*tf`HHK-{lg_xqZAP)&*AI6{k8~$b
zOaNp5ggDq1FjjVieF>g6^G|<PFIetJAt!7U;rE+_n}5WgSQY~pNAiFhb)0Fi&+{WD
z;v%FC3Z2sstHYPFMTClj{}s~rlNIN-Cvdl|cqbYsWNW%0A5lq90t(v{EF5tqCXff#
z!dl@eEKETQh7nTUbp#vfYAPW*si9|L0~;yesN^IIV8j`z5*z3ZYi>GmEN#^)g%FQ@
z$X}c;DEEgu^BP`<D4Xem1``M0*HYoK_0QNFRICergGh5MJm}#x^}$>6Je%l=mO5u+
z!6dhYvDaB*gkHaAEeoyhs9{bCs-V6>Quzv&;!jI6gCxR!pW-halD0O_ipMtagtRrc
zYA)Rm5Rq*A=6cFReIJt8*`K|F9QF`NANI2~WaO784XwY0bZmL1RbniZ6!-KT)Q^a<
zyw574ZhdEh<gb+(2UBL|7!w)NGg=9g&J)d;n~#JJDUNLEx6kwcN@pk0mUIzcsyzIN
zp3E2>1n2(4;_%_2iEQ5^ux=aMl@je`RA|EiDC?hR{_DgK=}r;JRU_V9)h`r5`C-`o
zHZ);tYS%nd$^Fr`FJ74>G%yF@=N;CGy=6=)eeogjTW7}y;br@qN%%I0S&V_e!A=rG
z;C#S|3Lt&6>ryFzB;Z`~UdCTI84nluo6c6KVfHOdX!O0^-yrPYAEX|!7rV##inoI(
zxHq>N&@%9NQ(p%u4hhKcK7SW+7Mp_9S-MKYzs-a81@D$xJ3BE*OdHjP48u4?W=vB{
zl*ek0q~8K}Y@z$kNLhbpLV`#PuP?aG4|?|K7jg}#fqpRH%JePY!n>g(P)@#|7uSD9
z(w+20LZ7l8>Y!Vmbv|BhVxvq6wL^<vIENEej><xJtkN{3TLwx7Ov8$x$lzLsHG6Eb
zQ3~E<;++GST&m*3O5^%kp}TB-*BcNauyH-5hXZ$+5?}=E{6XKUj7erxB&G~Ax}=cQ
zxjow~h*3!&#6mnNLjHw$+9IBDIvtt9wYjT86v)M9i^==}Yg@sD5G)9=CzVp6_1xP#
zr2q@|Q`4@wVFdDQD{Cdxy1tyT<72RPL)Y^M<Hi!qYP$T8MYq(wG9vMSxnq0~fL?To
zN6hP|Jw&)dLvThM0>iv_A`Nbj`*Bb5t_5!CpCKF~s-o`5PQ9feYUeN9Q&RZ{Gt)`l
zloU&^J-yI%jR!T^agVGQ-C>Cb?cPt-4Zqpd#6pFl)CL%IrIiwSr<h0ho$Q=UUH3bq
z3l5E!H$h*jFt}7hd9ka5?}x>=-;0BAPOUp*YC;20S!iXR6yPw^@u%(LZ+;jOUo`DH
zSbq9pUW0P<@Ht~~F~|~;3KqkzY_4`!Hw+tdk)(CWvnYyb6CW54(7}ZF#BSWmum9Bl
z-uq@+WT6RoF64ryMmGbiHGWSi&L{jbc(j4Hkrx&25?7*)OBw6cilSXs?z3I0!}EP5
zxgS1Bi{F<U44L0|ub`1yR@y9hBO-D1Uy9kl+U6g@4yZ+MbQ=zLKT+8X9f<aYRB1k<
zB029NrG?5UQ#$8nzb}3xXZ+#N$kNQtH8rlVe)|smYX?=Prfl04CHYRu9aHUqQxQH2
zc22XHc~_~Ks`kI(N4F9RZ=pn4(xzuO%dVH-r3n`hC&K;nG7>D#M!Q?IL^|uyXov0T
zhorPf!W$G36dZ({gMc-(lWAQxlxbcz)M*^~L8Dy1Jf-@R-uQzT(Tivgju&d`$BpuN
zFo!Wfwlz#J_nQicd>+Mu5#%&QcQ_@JR*;pBj?}?HLtmPymmhUayHSKfLPirG5M8r2
zP6I#UsT-oqSK0mLgBxw3i?Ua9gQBtFFMM6j*N8}AG2l36_2uQwOdlfB11iN0j^PAV
zYm|tTzb*(>1pk*EMmu^r{1ZzE;qZ<cDeM<u)gML#Y_Jr1&YjiOSfBHqq475v+59eR
zBb}*37i&&$i~<2~E(z<aBD)##Mz~!5a~4)P`&k=tTQHKp>!C!QYfuMRkBF>H5kl(`
zj0Z;?LK38)Y{&-OO4EyAQrQHN(;x8H%#fZ?Q+xUFNZb~pX#e$XvSHCIaV}dwOmJ_&
zJ({Nnf^?YGL}#Hi@4_tedo7ENg8=1d4Gj~^o*W@8TtpmM7qV?F?u?3`kYi~zSF9Nx
z!nD3$T1}=<!h(pMvO`Z<Y!4i&bWh@h)L+%cbG5e(iOndqj(8Jq(z}dgo^?$+Ao=F;
zQ1jhUSx~4(dS7(DXZ=9TbE|jO)5sPO_lVf)-Cf1WXfN3c8kc{sGNb{Peb8e0rU_J;
zbPP!d&n%9VV;u-AYQb^?1K%LjQsA%3oV$eMC*9HzzM_x@3Sp?tC+unvWz3SXd)g~X
zl4TaDVox*s!4B2c3BvwbGx^?_1fh|t<7-h=8$mq1lt#{i>R3#@WjbO<guw)CdpMUq
z>xy^rSslIKvK~wL?+OkKUTnPgre5pynXG|<5;o<`7fJ?+XwmF(XNTC#jbS4l5F5mq
zSUkQ5PKEk@d8qb#3k$-Px1w@!i2*<aNN=@Y7Qa(c7p7DlqG=whF*6F6mOm#AF1Bx;
zQ6={SIS@Dqr7@B%xSqr4$X7rw$!+WgtQD6xT*yrY^y=FY(S59QE4IquO`a?`s#pj?
zS(~s-E$XYoI<W<a1)mAOXBrdPcb8-QI4VSk`X;Y}y_Ig5h|1&fF|+#S1nsE6naD>%
zf?mqQMJ#6NXXjTY3pZ6kx)q?rtlVHqz{bB~V_Re1at>U<S3OjA+z9wak0}G;hy}q5
zIgKJpm+X%VTM90e)$BzhOwxTxXy~fk*13Dzzl*xM)xUo|Bl{>W?s7Zw^iscDA2|j9
zmVOlLc-BJZn$Zrb(MOn!_4^6K5^crdDjZUUD8-73s4mXZZpq>A1T)i4MIsN=B1`F(
zFi|<v;emhP*XHV7{ebyGAqfS-guVDZwj-*aXD;OF{-$ec+6pgeEsj*Gp{JbKI+xJR
zj#&NRM)ZP6_N1yq=i~G#A{3Zz!@VHaYqTiO90Lwg9_gKwx>F@H;v(9A#F&qimOs4b
ztlFxr;Rn1Z1V1X1-_@5utXW~1gBM6J;rnh9f{W#t;YEs!W`OG76HO%AfWHtZ>DGKk
zmVTFJyEEy0)2KxU-#xg+40@97AnYkYdh>Zn4Ki!w5`K}e*4?tdInz{kD9TXFqUojz
znrE24Y$YgJ95kdaq@Ixz2CAR(#zI(_-XQs1V&xD?_C`(1<|fxe&YdNNvu*{*wk!U%
zgtSC=D4nwrivdQ^hF7Xl6wo=f1gcbsrd8<hj1<IENRLjSmcEE>>DtSdfrUEkBHN4k
zZStS%^pP)OV2v*Ij+f5S(W4gKU3B>{dcJc{03Y5LynDjE-H*QS@0(tS+!w2<6Tn5Z
zl+Wh9ryXGXkhvN3@kH}BbO)xMQm|LZNvNp;PtDZ!7eHioB*-hkCJv7Ym&GnCZ)@OV
z#Al7dfC?$^Iy07Gt61WqqR9sn3Xt${C~mO`g{0cRjUt8hDx)6aNXjNn$8w(*RacY@
zI-cR^>yIC_a!V<r!MO4`B1qLh<X{g~YPefMACDvCwnk1s%u5fBmJzg~T#1uMpN<-E
z{DLTP2apa0nc`4!vJGZPI7M{+F;WruoYY90drl;X0mAU?&>#^7;rk;-wN;{r+6>?Z
zndHUi#9y0uV9e|g;OVwubF-cs@ZQQNWQy21w6^lh2PmOBpQEFh&O;m>wK>;p6~<z+
zB@4b9|L7F;XIeyukBWFEg&=m5z!3GZ6bLp0dP+^PW1?MUgh&obnQI$b1vtwaGFY1_
zB!10N6k^hV$6JR{dUIT`pFw1#Ik6)WQE%M~$4>r+FEK%@iDM5ZGaQ8;^-~kJKt(1<
zNe>2%$Xk6KEfUL?diVtjzXph^U17$N46D)>A(RZM7HJERhr$#U7n0LCBQx+DG1ymu
zcjo7xmtIybZwQ6!IN7t`Y{hwxHcH85sTTh|{R|7y`GI$jw)k;jskxXjqr*KHsor2x
zl)}zG+BiOf#*Kj&lE*%(PUYxP6w#!Qo3{I4tx;lN4JxLCn4`lgdbFC9P?*z`A@bq!
zw*0|W*>IHp&zQ7b<y5oH!zil*9<gr#m}i-mCZ-Y}$$a^>VdSyXH2%^iTFqpc-A|y=
zY}Fg4%l)9FKYiT$2T}&kgbF6xK_D}VU+#7%fQ=t2;UX$Xs;oa132YskhgZjv5AREf
zm!Ys`8E#mh(wf<~fMu@OO61nbKaA7PyS$Zx!WndVE%zHy`4g`GWma_%RP*1@fj2cf
z^+aBqIyvu_2LLa;+DB$%$?Ol5UQaD6*OvQjy$FuH97Lj^q)UiYb4teis8;+OJ}8?U
zFY)I_aT&=;zZ;~@c>0+_dCQaOdS<+k_s5>R{X&i`)7J#oVGkCQ=`(@k0^vsdBR{du
z%b!j8`d{9h^Zkr^N~<MIQ959?fG?EmM3QbzLK*^eIekBuctDMB-LD*DcfXj~k6F;C
zS)G_Mk2;lmwHNjjdrka>+gZjtN*6Urhi78h5gZ`1$lU|M_7+&b!+|(}VciuW%Hij&
zR+fKg@h&HQBF7V)i3zTc^Y0aAI3JaScC#HbU*}@4U?9pN)lNR1L8nL?fPT}|P8<TF
zmQZMy#|A`WclS?@MEmwo8Vj`{44I;5a3L4;7E8l>-?Y1!_Rf)cZT<vblm~v*5%%)g
zuVugJ{J<Trj4B5cGa_qi$vG+aLwE(P-Flp?bZ7j{x0`04n*AZO(N|yy5gUG^g6tq0
zbsTvi-@iIaB3O5KS^7Dh0}#Ce$FsA$Dy73Dg_z+Jr+H?mR*~cv1ro-~`W7s3EO<=}
z*zm-9<Ty^#k`hJ%0#_k3ES7$VMQid$_>oBLTAEpS^y|B~8zWEG$DuGhb5c6E$W00?
z@$CH2e|Sb1dCM6i3&b4c(%ChfmHmy#aO94y{31mzA8o*JF7AJY0BjE7lbffVezw&<
zzH>sIJi-eE0-+_K^^NO&n59B)n4O33EbVOqn&gam3R)zKK<M~O)BWbnO!KL<tUO|}
zb9w$pc5SV0^~1-zVnXDm`U#oLPm!oI9R&_(0+F}^rbo5biZ2-OK&!Sy61R_pAn4Fg
zhKYUAay+rFaV{YqxKdq<sbQ~sBCf1ds&HZz(yx!sxM|H*J9@~cnIOXEmDrP8^<CAB
zx1lH$WQjL)rwx`k!+UtPSu`(esSvkfs%Nz?jg+&gI=Kmz+cR*X;29Dcs7?KIaOUWv
zz=FevsW&WMMwV<vMN@E6|9VwzzT1d#yvJ^|VKI=R6K3QIR1>1kwN+!k2T|vYZ@rA~
zHDulo-@x5L6Ns5)C#_uab)(V}<VfQ!<k}ROjWcA(E2>a2B!u-ZrM{L3{$0fK<Zf8=
z-m7y)ynDYtV@I%9afT}^-q-r&<c>0V#nME%XQ(~UjOvnGvQX(?vL6s*5EE&QxpX!o
zoj-B?tH6&CFb*N4i~MB{<7t2a^Ps@vaCZh*kG<reBIt<`82MF>vDw!9@;L$mJ}aTH
zLFM=>I_qg~YF-62gJU#&wY5|7=7Q6;5x=X^$2qssNRvzG8}bHA8<Bb2>rwim+NDY@
z&54_71QPAmk9je9(dxd1oMcp8$a63n^1JMy5K7BJpe*lLBYm}Y1w4H8PMaHplg0|m
z-FL<#|CyE90n2^kqALtyt(*dE9^LP?r(1X*-OtiMphira2;BXO0_--{Unw_*!-7<E
z_Ln>5`S6FWtD?q7Oc1Un%Lwy_Z(eRC<G3(8SNECm<j=Z@vIMjt#CT0A*>dL+vGwEo
zks0VE;0H&q)054mq!?<(WN<GuC6igzAN?Oxdf8EC_Lg-H&(B(=(E&0dA~)Pr#MI#;
z@CqWi5$IP|BwoWmGp>J#25K~z?k=Zv30J8V&~uin6(oS@-_tourE}%`k&gDjGEihd
z*`;pepBHFt|LU9-NJ%c|fB5-eM)7MS98Sn9fLG_q-@soKWF;%~$eh_6-m3a4+^)<z
zdDhmUu}>XYxbO!8dMR-Xf0E=d>(CP_1W1zuv`R@`chvJnQ;WIpJ8B0%r>=4;I_~ha
zy{piEQ4%Du^;8t|=rjX{Nfc|;ge4x6w1dG)_vZ}8M430I2qB}#4$I}RmJm1CKsdM^
zptwT*5*GMy{MfTbWOdly^_!tf4$g0`Q6yODg$T!KLcCp38@2XA*XQ4`fs8T5S4boX
zW<rzMwAtp8$D}FDF+-@9yYfP7J>vrRtdgpR#^|({bqty`bsuu{Za(k>lkdql`}om+
zuU5g|;iGl8nBJ58z`e0dE>vkYfDDKy0N<+=+BMETi4ru);=?@gg4P`h?h8c!kyIRM
zCEydg1d8yFj<`J!TPb&BErXY6{BRPDNV`(eB6SWZhVSmJ)deeZnEPIF)ySaHw@h9+
z8$3F<q?^kp)zCIu+TgIP!h(|u@o9^xL(1vY#Eec>A}T%baI}rALre<YL}u#&_FFbT
zUNxF<KMX!TpQLCiNqpA){$Z$jvF|!J11VkKJ<z~nQ9}8QlUIl%nu7H(e}%w9G*g&y
z>hVP_;)LimvX_m?;gv>|j;lC>&H1A$oVlv8B~7jk5lg1`kn+sC7c$1tqI>lhi0=y2
zK=19U^PQE2GOC<D#4uHPHU>Nc2=!$rB{$lLb4rtjhJ~kcHrJiCmK*HZd<5oOWMfp<
z?mmv5de~|R6p*we1z{PFBbG7RQ5bfS=wq;HVhqT3qOTk6T!d|CGZgC9@IikW_l$Ea
zjZ_f?a9}Q5HK1F2P^L&FQjQR4|FIoe_$#Z%2N}S)`8bKdWIRi16Ji<xYDW?(-}<0K
zn6MGA73POChT%o<Xz6HA9!A@ERcuqFj*#j4P4-T28L0I)ZY6>)LdPyP#z0$j?H~8x
zEoWV8>ySeyBekB6l{wCHi7}qD@ybFSGBSX`D}1yE;#>+uBQAV61E8+a;I`QfmAdZw
z_RD8YcE?R23$9xue`OpP<;i>pz+HHesg)KkSmb;QeCmJgACK^b=%rUYROw(zB3|_n
zx>|Ri>*#7(gtYGK>#M+ao3!a-Okd89y0Uh2`R&<3j%Iz~*lzgq^znYjhGI3>$hh}I
zVNGH9uOHAiV3UrCJPM0eG(0&ip`kWEOCQFNttM3Lh@5&PpiKeP1C?B?$;+&WhdlaH
z9^*Drkx0n&>@?DNY9;~^(rfCfaTu}^-z9$z^m<s&eo0DlSA<B9uZoct=LTVK`R`XA
zz~Lal)&l%Dd|xNivgqiEnT~(e7<dj0ejaJJ^Qv(TKY4yBl_Ej=G^r{c2aV;%+IK4p
zQcCfCL&-8AY*GeX?AdBv<|PL_Z7UYhuO@%8WbsWCV)z)yX6L5-xT8ey$vpatgZVy_
zNf{eBnYC;Qp4ci2yABfu=2Xol;&!kUqo3~E-g!VDpBQsJ0Oj0nbH#pFlL^;Ejq|q4
zKQr&*+tGOdLMq|%lH-`Ym>e-l2owoFqb@6uiaw&1hnWSqAb3J6`~U4cKo2KGPMt_p
zM#7jQGfRr2kxV7+X1UL`Hd%Q#B5wPR$Pi~TD5|t0t`LU^2=O5Fa=JEFSI4glu9gS!
z9{3B2r$>ZC3wND^GZp#eJs&0WEd>z3y`DZl>^(N`1_rh_>rZ*ePhQpDa=!mV-t=OZ
zPw1n|jiLmeF>tJYsDH;8XlVa-A<|exQ=+0F>JlkYf{R%;W->&2i;4dcwC?@WEbu|d
zWs9YDw5AD80;d6IvQ}d(qJgtXkB7ZjH>G~N|I9f}(w<jhH0r#CjMMWw#^vk3+hv9`
zUP#7Zz&lLw(UDp1zzhXFv!Wx8Ah*2hAF<J-IQ%J1O(!F8La1ufxRn78gR&|sszM7}
ziK}IyTp{kXzL(!Bfj<t-(LR@WN8k!xp7?{X5L~hzjfff<NO>!TjNs<W%jBon6L-lT
z*IBjX%A5ef!k*aGFDrZqF4=IQW*D9kpPgTHuL$xiy}aN|tiOSnQ9peSjVAH8|DVqR
zpuN_9iM)8xsrWAbzDHY{i7vWqKV)uC>iUr3HSv705#xJpZlepr*#(=|;ao{Q$pL(D
zS@21zS#}y1NWLvBo<(DaTinz}I(Lv37cP_^zq;C0Da|=1E7fp$*>qY>i;VUSc4YL?
zUY{hsy<74B;g}IaufsX%@z6D-Dr2PC9bb(}(8?toX$&Bh_KQ(Mu{AKrZe*`mIPIhC
zPAY16lMRZffQ3Ag`8t;GD-zxyb`13Fl?kH*`?8Rdh!!Cd!-a*#{}(#mD{6B2A&X2>
znbOv3b2EZ@wU~V(#{-X?w&d0tNT&P2+m=f!`2ezAXU$X^xv-N;kRNUfBn3WO7ugxn
zurXQj=uAa|wEzH01UBalj{f!#dIYwaKQo?uErRnrc=*vw>^J}<J(YpR%P4Nj*^RAn
zq5lWZop`4$M^4`1r39^dsK4QDcIytO{tqoH<B$soK)-<i+x<G@7ik+ulX=kNpQ9n_
zm*KwZ>Z@8zok%R;@V=;99`kQK=1<QgZ2;i_ubC;Yu^(!6JRegq=}?$ec)`>f%?d|I
zxz!l3;YGKc(~`ONopkXq(~{OAM%;%}+x(M_Wt-(>n<ad60)fG1J;Oy^*_$P(4z(IW
zK{L%?Mqd$-xl{Ze^<Uc3n=@&y*+fxK;EmS>tt&=J;HD9wW-Z;+3`QG5W9+O<pfzsy
z79e#Ww+p6FVNwctJ{^k)z0liXA&?$6C$$26E@vv6uO$+XvgO*4JIqMP*1uO$`NO^O
z__3uJ_22($yk!Iqwm_MLs+mcHo}c_VglHktTK>VblilrjF<>UBR3oa5Z;^@GvaO3_
zlZEs?D{WUoJTv4E90Gv<{pRZZ$Ln)*_ju8?0h4;jc*o3sKPii})d=!pp8}3hpeO*&
zh!;3Gn;>k)uv7Rl!+%0zd?bszT=e}v9PLX>@#N2TDs92BtHbv+;LbpyUKc1%&ne!5
z9mNsfEG!8_F=O+qPy2Zy&enxHr_;UH0SmUrX#-}alo#jWBJb;a|FbXE4hz;Cf5PMb
zbVvVh{?D?i__n^anc#2{@qrXvR^V`2dMwY}PH4VMvX$}`4&LyPBhIm8qY_~M>OMN{
zGFZa-!s{#vCCj%*KS*gF8=6P_Fmsv2u%L~u+P7d(lI7{Nkg0c%LNgTFIdbh_H`{fl
z7_-_rvg}~z=)0EbtmKuLXlr-l)6D(Ux|&J&;F(C$-YNT1!)-<KNWE@r2RLq=D^4nX
zn)hyP?PlXYvLC4}>b#q|c`qKQX)qSd?Ht`VG8;DUs5d`5gr09;V9aXn{xSuf)m1iN
z&GDp)n?CS04%GbEbFxE+HbLPGoyIH6Jd;z;w+36DLbl(y$bR*H?Q-&77Ce54nL>?i
z?)?vcYbIOtOT2xw7y>MCQa^0{D9(#O5hp*38c|BLuP}pWDa9;ih=n!EyGHF#OdZ40
zcqsRmvC_F$aBD*XyU6&`XUFrql<&<m7y4qDQdG6UqSUNh1@45%Wzv*SvDpyi)6!JK
zBg+>Ds)Di~)7j3w6xI^+Y%r4;`s;+gJr;h23nB8f!&r;S0|R)b)BEmz%TVWj%Mwuv
z82(PaxAoP$IDJnyhpX#<^SB?K>>YVM83la%><Y4Dxxc<()an?fnEuU7M-Mt~-?w01
z1RWf<!A|U$hJ;MYR1I&2PI6)pg~0r?CA)#tlw|9vtr0N<uZOe<>gdtS8;NhI4C-o!
zxQlO*3<JXfP?KI{1_h0z!ewP?Li0xHF>NTzvq&8Hx%Q=Zq_*FAz?D3p-S_Ie1=fW0
zL>`5rMzZB}Wz!obIA=o^7lI?g#P#<wDx}QML9oSP8MVY927;r4L8vIJVT`CwK5+fL
zAcXhktpqi2l-)lBTR}%q)gis)4sICYB;w<7?cZzx;g70&`Sy1bt&dLaj{`gY?stc)
z<3SKR>Z8!xE=l5D!JG1j`}KNVr?Z%zvm5a<^^Fy485)&d9T~|eO%#<(rXpR07^w#C
zW2=njd=b2h>RNpgDT~H^`lMr`=3o<DJ0Zdrg_ZbLuQT`RQ-SS0ktoW8nqrI<t#sts
zd`}>7@M{^V@9vIZdwY1Nfxr7Pl?}b1YUH-u{6ShEFraX!au<7#Rzue7_U@>(X|Bls
zf|?;XLPTOLYhYp^9#VC%RbrxSlAZsu99Caoz(m&vIS`ChdJ~!sw!`;iMmJpPRV!Tl
zDJ1qy=)UKT_CDpo7MHXs4tZ65EZ<xp^_~-m%>5dCAN(G#(mZGPld#Tq_)ed5H2udT
z-X4#SgqncKXq%L2fV?Cmt2H-qv~01gjCvFzu1gg4qjrqkGI(_@Xyf6mtb#9lj>&F~
zHBu(Hg`I&lW9($|1}q}}J3D#RH-GZu7lZqzpbw$))<3oD|H?~?+%BJ^t5f!#v2IfU
z+%r&W$@dbG-(1wqnQd_^WZD0QMePVn(Y9t<rfLu^O*%7J=~%$4KRldmDSYPMsjw-M
zFBemPl(#Kx_#6DPD+r1!PpvFi*1JFmSDO8`6Ej{B<eWRf)x70S;_W<A*Cc0xr4#U`
zF7CNs<!(>+8Zw(7>iqf}CBcIFVnI(8(B5FRa_u|!ZOkZ+@(eo#-0lwYkxBl(WB*o@
z_H>nlZ@$s0fWuqypG!-VdrC9KIdF|_J%@sUV08(uOX@C5&7dfTQ<=dUbz{|d^=#8=
zy||2txe?Ot0a@RG4}(|kcN|D0(UQhzZ#uIcQN$+XpB2;0pvx;}fnfwJ!EZwV7_f{z
zD*7b2U|V~ZWZHc$jrTGAhIiARk5%udk<}@Q6!^a>>V<0s_!)wRdQzcuvG*g0J7n=*
z>V;ezz$~0Qk2=))WD6*`&Vq4kujJbw1!>V1xvA5r40Cg?|A2Wm+mD0e*#8u;v45p3
zKKT&(DEeIGi{ZsK+r50Nj0t%Fbf;^ZyEpFA9Tas>jQLwnW%;oZ-pP`1qLLPsG}rwE
z2|+f|6Hks<b)`IHysM1G04cLwc<E2Y@=*xE1T}W&r5qF_b_Wxt2;cI8El4S!Y-AdO
zjkm`coe9zK5o+^!bu=|)lbqkwZ{PVnk!P9NmF)4f!@~Vy(8JS3NV3fUy|AYeCM4|I
zSDTbgI;S>pCG-x_5lFXivrCd2jY3p-dSQ1aB%z;T>gCPY22hh*>r{6W$NRJ6s?GS6
zRUOah8zOntsF3%-TLo4ACxc_3`H>xXxzP%6G(QRn0*_T>-IunPKAzX>X3fh<${CxT
z|7^Equwh>gM)?#*@LT|#Fa$mU-g@ps*%O}=a{HOClQ))QA~&zZiuwngaOFUQr0Idu
zq}y#I82_KG9JL4U?2XhFRAdk44(<g7mddd!L|0iDjb%R%hMOE$enP_XQ8Xa)U|Z^v
z)Goour5-pgKUdT8h^oBYOG0Lyu2YRCu2$$=z+uJ4z(88TO=SZ9BXp(uVyD?bQ^=#3
zvZoTWJgRp}Eq)MA{@If4rx>kiZs_P~q?gDA#!uNknpjJ1BAT{-i2F0~3e)4G_DB^G
z?Bo?*-W&Y9!a{G;V4*AXxKd)wm<nH%k|7FqVn>~P;J-Um4~a3g<W;^>a*dzloFF1=
z?!&aOERqR1Cg1=O+JBRzXmT{pRzm+TyL%_K*bVLfTVZ?o@5c9~Z4T-5eY#74Pbgym
zR~e}elV2<~!!(i>CL{QB>&jKD(tJ$h-26YHM{uyN=D+FW-lLkDYSI6g<Ozr2wIr=X
ztl$^mEWBG>jjr_v96eOwc(W)x<}096q$R1mT*3C&`j!*_R_cU04};#`B=XOi!$_jB
z7wS3Z)hDE5>;|0V@>fHNDV26qf;jY7?AqxQC*h8XYH0sS8RF>S`qr;4<$CbkQ|{g=
z%0Lm299Ra{^J~^|*v~0?g5vkHqo$Kw6FGW7LZTWM|Ilv8CbOp0OG(BY{{n7dW%}gf
z(1BuumZ8(Pf5y;KmUR&t+cqAuq(ep*5@rA3E71>zyUWEM2b>9IvK((*GVn-3GgMDc
zjWIQ#2jI6tF$zc*QRzEB8|e_r{)H-5rr+`BE48k|kJ0-cP8qNt>atuAnS^{h39sly
zwuFX309_Cm&BdTAm#bvvSOysSJ?YqG?7#oY=w0!mkTcPY2-Bb+Le9>e%RhmxcQ+s~
z*Jaz!B4uERt6h_n?R3;tF5r_^(F($ZtkwSbGnM$|S=~9Pwm8v)QRW*x^fEOaf4`H=
zm`C!HfCX8N)hzJ~Po340&``WHNyBe92F4DUiWfWiu*s_Fp`;5@;YmQhA4B-Io@acb
zC;!nwguf?z08^=N4~v5hdd3+d=X|LuP-6YN9=E)l(gnfQ>#tj}C;Xe6O~1qQi%3QD
zCS0S`3#_``|1!A$gWv)hj_1DWiR_3SSRXn#kMXpLBB3be5F664)H-~JhdbHel@n0F
z$hS=M6T+eZw*Cq|#4QUREC#@o{pHCtiRC&$eEJ)n$XYs+U*T?=`HbvopfCyNA!IKV
z_uJ3W+CZebn{F3AF`olZUYEc|dW(P-4fg!+rT_2Fgj@?_tK`g5YoDL2bm2G;g=LwK
znmH)iz|f%HrZTZ<C2Yv#qN&^I{@M)w4O|6$0n?@-(Eg&psuW3pY1gJw9C$lG)=w!)
zb(3z}2g7K<a?67TRpQJe!O(mtU#ec@OgDJ;AMhjbcaRU1F-7lRTDg98G)-B~q((FP
zmDozy`|@a~oZI6Q^<?eZ<-YBmXr-*EI|m}XPThuSrsr{qoSwQ?`|$C0b#%03b=Vl@
zC@TS<xJV%;rn}pd{aC*V_0W+t_bMK(S8bi)YZrIhzE`n&TYkyxddNv|JAdX8&C)si
z=B#z%tIw?beGs*G2Kd<23*K|?gAorKzw{}=mrH$uyGIUb=>UpTJSwXYf!^(%R+hLF
z4#Qp2c$Q6RQTkW9=wwR%1rD*gmTM^32x`E2Q1w@?P!TwKd}p7fjLI7nKk+9-Iz>ZA
zm{vb|`Lh4@4p8{Fd;X5G5l59pk^c1OZ;}x8RG8?a=sGz@=+}-qWeJ-|AssuJ^!TJp
z%df*qIe*^Jqkq#$CsTrJVfgjaK1DxFw6xoy9xz@ajBc@T>ux*ObhS}H+xOBEp5y__
zez4SyYA-g620e8*U1LrPZZv5ZiXpulL6Ph5Zmt$k%M60up-6ZU<1>$v@airl@QFtL
zkx%#daHknQk&h**>$0I_B%xi;wua8_(kG9}G`JkX*c5Lx3ZoLLmURpxi)k(Cl+_Bg
zLM(feC1lJ$eA;G`>tt6u{7xN&hu{EVE|1Lm*lzHVl&xMqGcB%-$0O$0kYP1?JM!aQ
z%-PRVgSqldDgKq_uM<&h$a0@6@{SxSQ_TEiefMyD+g#-!q*ra3kPF>1@jx@96gO%4
zxozT-Ms~c?1=VJ=37gYi`G8|eDfshrtCWPKa!uUP-{179(T9CT7)2N9NA-a2f1uD8
zvuv%Ot(mJ5;lXi)sx(PHOrX0uq#BpG1Y74c30kKAk-BM!F`@Jv4;sHXy98jRu}SFP
z#a>E)Hn(qf&pEqImJ#31j<u&l_jFFEjwZA68$rFVu3i(O!}i|yQq8L{!s4jy<`jO|
zfB0$4k9XXg+nq4d4}fV6@?NVGS_cZgk+d0TE+*G||C$9t8LH=P8jXX66vsEx=(_pV
z_d_F32kY3PWs-qo;ld?yVwb9OLB%Qt)%%{Bb7L*)mX5U3b0!tPoijQ#JyQ^kqn#P*
zhmB?*VSj&)arbB)gs=B1q+XRkz)8W<i2{W!=~eaVYU1W*41kJqvEeFs$jIA2G`aY1
zm)rYtLI=tTB;rrhpOriPk4Ep$jiLk12$t-xJjYfJI^R|O_8>8=5@tyk4N+uS*?k!J
zGgcXQk#sGSnfT$=lOAIetdR$(@3I5sR13jhDm1#^t+X0DIC8)1G(qK>pC1nP6-hXb
zqigz5dpyJn=K{Z_oua2TT9Mj3T9M@3oU-Oclwzc6+AY*3|NM|mx*yRC2wmejUKo4?
zb0U_j2|c%YQn#41`+EC#*uj2DscJWPtVMrNc=sv8fy4}dOuA_?UZ~BMYfgh(f};QD
z@AL*EAIi}A*KwgA53C9_sr0POp6DL&k>D9lkLt}?W|Y7j+wo7A@8z=Ie8B!SPGE-R
z7FE>s@;LY@&E_7byM}Y7M)1g360X`Jt9W(Pmk(e1Wd}avy2-+cd~6;H_dtXjYJ$O8
zGtghE27<{sR$@9Y^{mlKTPL&1A>H|Za_m(X0}3iQGZs{mx#kDsonux=-&V@}39C8;
zA$eah?ZyF_6B09B-pe!Hwuxk^(3JHbt3#1!@0h5mX|TCNLODd_W9PeNE6O$m%%V3t
ztL}6WxerVRlUskUH6J}5<eFRh;52So5tI-+?8D&Q#l+bTdJ-VnQo&>0f+kI+_?@pE
zXXc<8RQ-#U?aj2lS30>5bhvi}7DnM_q69JIdm;luZOg{->W63IR>1&Lekd$%Yfq8T
z0N>YX=RQ005#v7SyN*KnLF%WvvMie>2%q%G+K-z8SnRGZmML?~KOqh#@V_WPduukT
zfj`|^CuO`&iKS~4GEmiNPLvc%=&0df53?4<f=&*U^RT97=yyH}EiCJ;fR4btwORg>
zo;$#r!&zlWpCRpiV%tIKuF(O$isqHi{*((eNojvd9a{c8>G65p9XAA=N6eFy8lw_9
zoE*TqCeiKc7d_t+!H&i#=ImPktqRuowGpa7Xt+}?ZkS^tK+O5e!ET8h(-@F5GuZhd
zs?+F8n!ATSV7q$(Z^w_%GO=Rn$E+}_Z~zA<y;a<&_vYr0AAj7q0Z>-IL|<)#+d^ME
z4d;)(A8_i$jG5^fL5quUA`hW~Jr}SsVSvuwCT;Z0;})6_o_^Q!Z5Uz@4VKLb^I1>7
z7Rj)#)zqWG$Ti>53@Klv*`Cm9<QwaOz#Tewu)<$3rwR!QP;^Q>f(B>5%C~m^B_J{S
zXAq=X{UNwBb~`p#xq0|Db$-Q)^?WALh>f6T`Q)eQ7+{Atyk%cvVyG?pN7s6oJSylj
zTf4a6_l_G!M(yUu)}L<@?=rhRV&e!7C&n~eCXXqm5?m}<)``0_*FHjkx9s`_WmHEM
z;lr~R%EO&C!Ah_23I=|K<oj443=r1RElBpB&L7TYnN#MC@Kt9TW^CxY7_*ST#m><S
z4TsE;KIoT?5^|bMj1#>GSbELpe(FNTa;!CT5}xz@m21XL^(@02OI$MJxMGu=y?}S)
z9ETP_ZWi`|)4~TXM83@>(x+W0$}S+_@;gQC9Ep>v3e&J!KxRkt&zCrQ6`&3URsacN
zl+ut?oN=sQHsIepWGb8AWHT&A$Ob0<D10S}WpIo7Ong$f4&q)Na?+kIOwgCzy3Hwj
zl%zxm?AwGaNW>DMJU61h1La?(kdAAA<Fi6y6Z5b2zGG(mI3aJJpv8{Bs)#{{-@T5B
zLHd=e(55o7T(bA1N2hNoaR%(VxY&+w60vS6pWIHCd|07|%->2WvF|JAa@VDiDciSH
zlG*JcDZkHoP{=#%!lNW<-b&GTy&m64DXG7?^LGUqcZ?IUSWDkc2lBoj9ak9b?D%D7
z*25-gFXp#?kng*=iTy!C-_U|(ydQE}llv$pyV_nN1S5u|*$a3k4Fi~W{nlD;xLu-g
z?gTt55|fBFq2sOyyVcqT%>%5>#D~vk{5+ktetu2+MrvxGWd~*K|H_*xh?Q*}g>K-7
zkQ*X#B%hi~4Sv0p5&Pa&wT3_5`oX(y&H7ssLJgvIQdYJ3Jq1E8()?;gXQv1QwW?dc
zb|Gbf)g7<1S53^EgdSjsR=qHHj)AS+%qMn@xX{sW1J53~@lw!J2(jQzeMqr0+oobc
z3PC#1!+M=2?*2z?i;dx;rK`_wuJSF_R&-}Y1+F#C{#K31iv;hoJ>oSlA8hGSJYOI*
zgAxVJG|5I_S8K;&L0=Dgb?0x4Bo<g)J9;*`sefei!B%SHW)|QOVz?=R=pTva2xV?+
z#3av#GxX#iI+y(&EI{{+yoVHzUig@fIA(w`;Ul1+)OFQ?GMPvU+NHDvwIbu3pTO)-
zGdOh&PB{umP!0{O<d(4vVIiciQtV20rq48L@CGu6uD+a2<SLtifj!K!3$CBKOb8hv
z`PFNwm#b&}<1gSk#h45YJk5_}8+omXo`eXgQ0X8vr^n?}j*DwV%Xit1oLAhJFTrwR
z^OfFP<`2DUjM{H5*CAa;oTFF^-H*c$GdpM#ax?-FY02GH<mf+k^o|pbk?OGGs4|Sv
zv=}VMe^uT!X*>qqoj4S1zFVlwL?=!_M~z}@UXDIh!_5JQTp#6be!U~Aut;LRlH87L
z(C&{r$B@Q>LLaO|OGgkG4ua*<SIX{*r^h49pjK|y*6vc&4!f`*OJ>^0Q~DdZZP#Ji
zLl>v2-GL~$JoW2xO8=?<=w6t6q6acDY8EZ4u#E2q^BAKeB1M1SNBU$Y=%j-yJjf`o
zGkvSiq6NSy<DI?q?Gv7cKoBP)C?H6*Pv0Q2f^&>D6$?F_Hx*nNl^d0er-L4{1Z4>b
z3Nvyv8H{RROwPXWE)6=b>(!e2$1iuW?o#OV#rj23yprMv2J+&qwVp2|iRuy|j*3rh
zEVfh?H+P(62TJa#<mWfn=os|#jNf&(XL>7U_JM19!%z*l!j?iPa2(XyrEiA)q$1-p
z{*oB5Z*v9BVg3WAjWWaB-e-?iDMMAonyUhx0=<4|5G0sqp+fFObFxQp12;`>6flAa
zH#m)+Dfnzxla7_?)tes~MR2&I1uV;VrIU8N%ktH;6($d06Q_4Y?JwwV&M931pFsg_
zlK}d+oUx{ksvNQt>#~AhnF+Fkm|PcOOc-Jr{B?*1AGb$@_Pt`#K}fBte(>ZG9?zY1
zfpcWClC<{m$}>bs4_c;2!N!4gNOpY%8DeC&T$3MZ{Zk)qHy1>}_3M*Nm>;m{`DlB%
z-ky!K`F3-$Zu7R-{U0o1+|~7OwcRZmxXfwZ=ydvc*l9m3H+rnV+3eIR3an;Q_J1;W
zL*LU#^dVmEjF#Ro4i^W{ysZB4dB0c(B_2*a8obX|cE7sRJ<8YnUY#;eJacy|`C47P
zKW9Iezdv0JetsJVI0NWG{{{`e9S=LvgF$gm_cQSv3p_AovIfo)g~Ha4$<+cM%(n?o
zb;%`h^c#w_t*0uZWOz6(wA+r_Do+rI@`t>2I1dg}L}Vk-EH+}X(`VG{9Vi+7>lxZ>
z>*-JUIK4uI*k<Y+T{QuxHwCL?Y}&7<2;0F0r0k}8dZfRHNiv`!_^R$;N3Sl`+^+fN
zY(fJZVLd&bYy3gBu|J(4n}UFPzUMFJH@MN)vk&@D#jNO-VM`H;{q3RFI?_Ibu2oe~
z4_B9?x3i+-q7uW#zMD}Z0mda?FlWV=HK5$VBIxR#p_x%!Wd9a7*MNRi#!6km{0(4i
z7np5BxhteDbltQ6ZZbvKFwvmbPCAwRlgwgh@B5_Gzd25;svi_WccLJ`94vjUIBZQ~
zXhc!s=`E5XdST~{OMW?E&kUn+mUQl?et6Qp=XZFu1zslozQc119E@`e6bNLaw|Eoj
zgS4f5oKM;Qk8$_sAzcP3VHKvy__Qqb0P3fF(_jXkaYYyX1ZZlI>l0oJONvf2Jtk7a
z1}||?4#*@ZZPto9TP6z-MI!U~nj|!p>y*I~TKCjHM4pW+VUv97<rrg&mYIb#S$4!S
zfQ~Ldl$s%hi$FURP*=p8I1)QiXX+~!c*JffOrOJAti`qcjI`*38WQ&W2P1U<pldX@
zqcRGC|MyxN3zRxe-1Mad%|;Aak~&Z1Rl~y~M3_N_9KAv#sqc5dlw8h`xW!LQsQW26
zo(1cZbb#3U_s;Z=f1t^a`*ZM`TLhFPXQ6(sulKdGJYlB+fA9;6?ko|G{l5Y{>Ww5p
z$QCUOBnQcKOe}!r%%X`eO8@e-8uC%7@jxf?ap<Evd2E4>d=1)iiL8aI6whSAmBo;|
zCewL(?y0@ilsRC(KVQ|ck_>9Uu~we>=FzA=^|kuJF-g<le6-@X{5OO1vy=Z;>T3Nr
zvk)uoSP9ORzJ#g#pI(43WZR8(s)sL$!TET9e(d;QwpiVb+tjOGb$2^b^O%eA{%)DK
zz$tmr&9#P5&J*KjGCE{B3KGhJeYghn3Rr~)19@-V<obe4%x(qs3s`Hc!(My+Lt){J
zAf!0Vg1vN;H%s!C)LD|gb}R2cmc0t)Zu(Wd3Yq5|Qlsk&ZjCejxCNb8LUh{>lO@YB
zJm6+2W8{y{aNIf}#}q?MZa7Jp+oGTL3}=CB4x3{+dH{+bvQ#R|3Na@2sR|%&Y@fDb
z?K+v?AhmMsdU^h<oA-W9a}B-QE2h)XXG1HfuZv#$o{Rfm7hk^UB%i*q6HX_e`aD1B
z!EU|%X!{JCnA5y=NPgwtrK(B3h{`2%#qzPBSW#NIRg|3gu4iyV+eA;^P>vk=Ip9k*
zX+xXVtG`y7hJ!V2bTwA7d9@ofSFy_u=bHvU$9xrgzA2bV+eX(6RNcf_Zi9$evC>r9
z#K=bW+4Mhye)#)8=1A++om+zG`6kKqLxNk6sf~s=TJH^Xo#ZL6gF`;=joW`O?ujIc
z<+5=A@$R*^Iepc+_xlg{-+X!9T-C^UCXS#XvthKu*io;<zRH`O@mIY-oD!tS#Y0TG
z`Q&}cX>aC4IvGfbnhGEEq2iZAOT>KCN9=O@$Y)4}kg#OtOOuOff`LC&6_$oF{5|GY
zO9TuO5J-ci6}ITwEn=an{)GN(#GO)R;hw30Wmqe1%)N%DKF*jVxTlTSI48~R&P?GF
z@x)j5UuxW07U^Egs*TTy=V}c+NvSH+_pGfEo*vutY9J^Zco@BGFo`uk6LNP*LW8XA
ztZwl2$jDphg`q~MX8dv`V-gSfAdu7?E*V6nEV2M}ZN6=nzbF_BEQA3?9hm=V*v~Nl
zgKf+;`<%7rZ;NCOsGIsO<?IOiBqlt4fg5?lj)pp1uZgC9n0B+`akZ>|tjDumqYs!y
ziH6r};-`YzEe0w(dFr{Un=vV_9@pGd+s9n>p|;T7)}j&`HoA6~Pz5x)CEq;fX5ZXQ
z=k5>$@p|1Wvqy-|?9@`^{-M&#n?eAo=YKA?N0up4ixP%4UzFqVtcr{dxn<n-A$<K%
zbjvD;tw<(tBgR~l@FLD9M-<$sQ200ON+bsuSDj!)EWp)wa*`*l+I>159sTs5Yxqiv
z?5vWV?5?z4l%CqS*S%1Guu;nBH9=y94Xp&%+tw5bvV?nil<b%M-0u=(K{p2E`HeB4
z1Z_E~7CBpg8a{XaWy+(hSH{$D>qo=kZs-3MMB?o9mRamU)JdcjCZhTf)FybtP`z|p
z)Si><WWFhWX-Ez-zOlduOMihJBjn~X0*l%PV-0{<Gns<)fyz52#}Nrtodmz@2%}=c
zHwth;R+uZk_hTbL5P{u7g=Ga)AIbd12k_G_K2<6MI$Qb^;sF#pH4daF-~|`$D<v=H
zIUA64BqRli7~|6Dh<mBgQBR2CfjSir`$_?k{DHAdWvdg99xC4uG1a^z_qC10V82<b
zF_;4<>Q@vet!YTTsGSBSh$yQfD9p({Tlmp9OW?~AASPVN#w8|gy%ON8G+VTia>Ah#
zIxP0<Z=t+T;e$Q7dgV{8#K}SxHcFbRCJiL4H00cL5`IjdQI+@f+^S#T<QI0a^diy)
z8j=T}dqdnziOjA7@|$LHZL&rT{a>wQD~8af&-}!r>a2n-S~LC6g5)UQkh#lM3!l5*
z*>))k@gavAkw6s+F;J3wsAM2~2gMa|3Vv_}@m>5N=Z~b{r|Ozi7W%3z5<ic-j}S?K
z2dXZ*E0pJoRzv8|4~_#;N+y%7KrUqhSum0deoxq1(bdj)!rjvIwn_q&Pq(r|4(@kn
zbOJC-aEPO}(M)FP`Zk;e=Z9bY9_ILfn0y$8<TxjOCQ7H2DbQ&LE-varTLUR*hx9Lv
z#}&4J8st6c&Hlv|%|yPnXBi9%j&&6j#@z!g`g!e3xaHB?GRJl4E)j(s;5mSZhvh{d
zy}p#sg5bQp3-Qd4^$Vz7Zv3wYjr*U$VzOTyZzf*mG5R)?i;LKyDq$?moFvicsFs~o
zlAKb*Z0H;iXdXwqPox8f`1xe8#A_Fb9%)<7UssgBA17DPR#lq(>zJK)(aKUP<%w`>
zU0BlNt3>hUuqRL!;)x$=UCOMIH?CqqOS|7zCFMzmF)uSEvhNV>Y{dbh5DfO<oK-gx
z4vi;n`?U9T;2+b~D4P^k|CQ9(7f__o+84++HwBV!8%8~J_66PqV4Xk9<G0bl+n*0S
zr?McyDwS8b-}HpQ=aJcWeR$oBFj6gc1JbFeh<l}{6#krHO5ytsgb~A-I(o`(gpoz6
z&x*4XO&MRT1Uq9*vL|H*%I=%U67<T~on%A3)autAbxTd(>nVE?kni>Jp;LCyV>NI*
z+a7aWP<1X=gKOsUbqT+j_aEHj%bd8$-7puQ$w2w<nDpEq%O`1L+t&33D`#4=;1yi_
z<r6W4E1${St#!RA@91aAx?ViBl8e8t0+dNK|2_2c=i#c6NtBNES=BdH@QCtXvvlL~
z^%L^ZXP@V%g0-_Fshl~0)7EW3qyjm%(Z-z;<CkFhTg+_uO8I%reiQ!zyE|h$(KqBt
z`r6~)5u=(~tq6;fa{Kg^dcn84rFy~171K%8dcmj{pBDQuGGlrTrj}7?Q0o>wj^2L2
zS6`Rvcl-;Z4^>`kO0ne7?+1tY0vym;zadmBMCOve9nhmSB1jla<o`yHP!z0&P)#kU
zykP=unCsWwFj;`AJI0dTmix*(#*`=9^`L(Rj3NqYw%i1O46g7R=$Zdn@Z^1E{&#mP
zjT<&fbXLs>*68K#_zgOzswF<Z%iFW*{y6gFRy&bHl@<6unzX=F*y{gi(u`HE{(nu{
zYwayoORq1YJ!KD=mkdHD@GpUJ60Wfa#Gfl9xSBASWAmRke~a8`LePMVR9yI<dPdy_
zCUXXAxH-bvIOrdFIqnoi%$9`Za&q?Ez99x-E%crafw=ul5SXM|G63O~wV}^oSC<gU
z+zGs8Sj%(h;8h&iXJox9f8eJ>ZOar+P@rcRng#C5#b=nMUA(QBCR!btEF7%Qo`@B(
z(+S0u`jT`MsecQ#hhO}mBN*On8=GU}5W3S<hw!&E9=^-bx-_I@{fA%IKTplTaA&{9
z2kfYjlTz!|D+%|D83O*B(z85n`)bfw&)Ay^52Fz341WT{3Lb0*=1Wy<!yUaJ-60kX
zzr6njk}lUMtI(M_(*6{EPpTr?&GhVmN&xSdKoU9sxPJcFZKQK=J01+tdyg&aO*=B>
z^|D3VO~Y93F3+7PohcGnk~T0ftRQdnPDs#O+yuC66qA@C`2e`N_ivDmkB!h)K9+Qv
zK3w;zryu(cFGpuB+wGZF1@>>7Uh`{$OPM+!ZiW|J755)PLWU5$5KT?*m&{V%8hXa0
z>T5qvZ{yLx?at4PfTb;p#xqWq^<#0jFjs}`HhSG5Gm-RauEzXFA{<lHxBtb|IfVz(
zMQt`tx?|f;$F^<T>eyDrwmTi$wr#uPq~nh5Oum_C{+a8li*s?Fs<ZcA>pdnrLP|%3
zBBQggR{&rMEd-PY9A-l8-IT{1Zm>5uZ+RHO{O9j$1U?LYi5^T)KjV9eZ;+97bPRm&
z!S9to!b<O#G<JIE5L#MV;K#zD%m(aRn!DdnGKDIa$p@d7mm$*4j#k4~!BHKCcp3j>
z_<MEfL%+nm=V!m7J%})Z{?{xU{M1}E1nU*;yR@1C&WT;;mes*fb(}_u5HxyD=hMZ`
z)>Wx##f^G)zohoWcbv9x>aDZ?&ua&ln<<JFP1N1d(W%p303+=Ff6lysq&7prIXV(D
zK^2)!lGh%K)O*5qGg$~oJ3qxeQcwhed@n!Z(CDnnRk>fxu&a1TK48(F3C@-2d1xdm
ziVwvC&s`YX*4r367C)B2^saA9Xf7}n$k9u``P)zOD?;F)Nf2CgW7|Ai9Fu*jJK`2s
zzDEWRD${QW|BNzwjD95}?QAY5{%m}UGk$4utNI0lODR7#>wM0ue4s@+tKwbI5RCs#
zDX2Q?{>}!~m^*Go8vuOP<U6@jzQ=lIY<w&UoV)$3YPQ`QPGq9VY5vPd+b7(Z6|1yn
zYd2EI-SgI-g^<0rnT@M{SO09uvvw|L+q0b5k=A5;UtJN1AgeNlKbDc%7~~<Y?Y7i>
zKdfh~@vV^`rMB+1{K2y0a2Hn;=?Gu^wfr1(P=8d>eh`UJ37DyBddOI3ldbKY<q;;p
zb59V7n6R$Wm^#<?$11kFv$#BPlj9Uh<6fbu?cW%Cb-lHg%I)RP&kL9Cc_W((qxUm}
zL%~nkfQx!eZ&c`Peysm<XT6@_t;xqZzy?WnvorJK&5{Qh3oUHHXD#-xlIbtp(-3~{
z0^&Nps+>~79Dv{do5jQy<bRy1Te(R-X45|NgQN5@`Jn=-^KjwM6w85Ba7HD?XhRzo
z;guBef-n2Ne2EzC7$X*x;<QAck6aqy43GG7XT&HpbSFK-HDMQd$v8<6aG~=F7*Ch^
z4|Xd`9GS|q=^JQM|3}hijFBPZtxrgYM+SbC*^!V^2)??T-D}eoco~k9SHyvFlD}VQ
z$V;)xh>cI@Zq|mIU)ge(+c($4TV{eFI;-8L8JJC(3F9x!rfk@fk*F)bCnomP_c?*m
zd&*(`;S&iBUHis|C@N-7TwCauEXb^IF%myvLcPNX&)a1|CUgktQrK6#oL*Mv-2?Rd
zxt(cm^#0#81au~8FB(u>W3J|}Ubs^Ul?;P^Ty!H$o0;W;6R0c*MP#8Kn^FU*YVp4e
zHJ3<oTx~^ieHBn@t|wMjD0oVk1ruFx4cTbnuQ|%B$7CSa!U8?|ay<07G8ZCoM;b4t
zJXc|TA9j^#`HT}<a@kV3Dp2cW?hLQe<UltShXutEZ`8JT-rO70$nDmk!=#DctnB}s
zsh&8#7Htt%LQZCaWX;@5<x-q6ufDIEY%3EYR_cqil5gC(6n<UVjA`#?7X<3+DnmWd
zR^P#VR=rKMi<jW9G?tkKF@nL^HH+_*+*;6$7@=eRt_(YDEIQ_A3v@Jt2N_DNPx??2
z&*JvAKKv`mbTtFq^b+F6{}}y~kf^rQn%FopP1b7^VFJ4$EJL?8sjLw1Z_ZG~1SO%A
zaB@Q7is6plGW?&6ge7*u<<KZZCQwRIDh?bhL5c5PVK1QM;Z(4PUr{CS4kRDrD#EgI
z9{<tG-z0z<<lXh1k(RC=s~YlVeVI`%V=H<NK?Qaj&?jO{Wo22mt#l031^q_&@#uR6
zeaiwIR5sv7|G%mmT-6%ihwrEVg#vur``hj>6&Kr}Ta;^ml-Sqo<yCAPlKf~W=EZl)
z6EINY|Dp>l(lRo$eVO%xpPvLWHHZ;g$h+Vmft}QA?)`xE+$r9kF)`a?<8V)Q*8okb
zpXy%)20IH+4fc<GWAKYFb80<LDlP)6Ronz=%#!VqPYXPWxuK^rr3DH!-FkOwh;C(X
zeTL;pI%u-K=^^T@=Q;lNyzkw|*#We+NRb};J-c#<Ys!AqD|6-4ymG8lov^>1cKE;#
zsGOoKHQ;4VF?OXhb{*O+JJ&2^GVob2F8_FWq(gz<h{9>cn6hRv`*9+urTS+r(@(86
z>Dqtmw^$1s%J-edM}fH2P%`_-J#wm)bb@VSN;Js{b`_?GpWvp!IPaw+5+l)wUmuU~
zrGwHkN{6iz@5Y|LBJ@ZTLdKz!{d}3wz+C`cXI|1~#pC3}&||dn65&X*5{9(Q86J9o
zmd`B}>YCH5#87VPA7N?1PWO(TE!hC?g)iK4ce^vz9*nx8s_>cECs8c{S9^%G=PT&u
z@FM~3-d?sA1g${3qSy*IPftTxhrI^uo9an>V0Y?y#>r-ZD`~^5y8554f|H^=zz}<k
zx}ANc^E<IX^6j3d+(%hgyq5sPf2?^5UP~z=*+_0ls;}sV*XRKp2AYMp+LVbXgj=J6
zLZou~n$mYH9HP*0UGta=e{BC)(u5>-ipAFBtP*ingPcev{*Zq`TD#xl4kqn&T)%bb
zsQGF`wTO8d$?%l7x}oX_ZDra5e2{)Z1>8y<rkuGbl|_@s5NFu0T>3uJ>(k$L6XxCw
zWtPDx8kE(G&-S(YaYB<r3rVM1;Sx=6>xDP0a$AGKaTU$D|A>E|T7cFu#blFr_DrX+
zm!cT9J#uz58dzNX@iU=XC}Ffge8FQsBhORa!tI_Gw`TMuGceKK?NBER@FbGXV}?EP
zo18RN`CZ4LLT58rt4hb~FZRpAJ*n9A=1tE`F%`x>602F;A|I8xrdh9I0&<ueo9|T6
zUbM}^*VmyoCw2MvH)UP6%#R&I;K0PFV~RS#FP`E3cD#BjmUp1~U!Kk=l7+kcz6~}p
z0|=wyA{Fec7{_QqKxPR7a94=8s1&u%&Y8fB9%0cbw6o0$!H*ZDBdt5wdu{<|!$~59
zu!mRwCE3F43|J3>Vt@$6A}_2Z;n<C_$Fy6l?RiM5-eEfi)E$z=f<uUnB5gypXny5{
z2oiFsnz1XHQ3<+(8uyD+No#}S%Z$0cBqI~V`cwXnxdUBlmbv!^oQ3UzcVcu;p-7gs
z3$SlYZMJBm38!yj>a^xR<UlotzsG{|GU;%JJndmPw!gfb?_qsFRsF3L$7o6@F-nHN
ziNYLldbn}n`M2gO52Ej|@cglIaBnMcq{R30(bF+;;#@=_Pt_vQUK&|zf&B`OI%<7j
zZ0(?OuZc>$&CL-C;BQ;53(Ynoz!V&-mqm<>-lx@kE_T8xX$;YUDMQouyt){(%eHh7
zS-!R5`CXUy*Nvb*G26~J>A@wmy}6aH3W3t?f13bJ>Q!N_tDEZrPxZ}u&b9Hk9r#WG
z5pPx6cSgCvpj^oo_bxB%w{DmFM}Hr){!Uzc{=D4oSZ@aELL5Cl9<-kkI8S+J$Zj?3
z_jQ!BSZ)cH9JO1z<xE=^PEMtXP!bhY$VB4Z7AY=&e$v^1kO>B&QIEMLMjpwUB=ims
z58Ij;D1>T^97&9Hb^;K0Sixu{hIk27{5Lx9sg4axGG^{MA!a>!-QFk&x*R0Y*VbzP
zF7rW%o^1gnSzZ#X7-wG6G-T|BM`cSLW%*DB?p;%V$&xyCM%Yj?zZ^%JMmz%ysmv1?
zmK(W##HdE5>4tR3Six?dw-YrVw%7L8+qk3bzn_$Eo{uB;ep`G!t^oJ(hqXI5{*><J
zX$fIR!NtlL@PYm|5bU_uvH$MLoCIfAvCYPB9Rzqj_e5{HlCD$=$O@zAv7j`)7(dDI
zr%gpx9=q;4l0*{`q(uIjw9ASmt?zZ&v6)#yhA;U`Brcf233^U>RZPd#<%ZXY-A!(b
zZa?O}ZmeN=&N(X>E`;XT3Gz5$8H`PBXirV2un?eFMb9IM;t=keBg)_yZB(mEoHFjq
ze+_6w`%1jN@kRW7wsyquk*Jl)Cw|Xrd|~i1xV*V6p+|u1600rsyL7ljvdZ3lthtum
zg4BLrz73Mc<kvM%$n`j9!3$l?X?&sMQdK-=bEL*a5h&)r?v4p0Q^ks4nCyr|!D!$N
z55E?xe%oEzc{|v-+k4}DCA*4#%E7<h?gt8w2`~6QwJZ8Y<2|cBu)L$MT13L8=?jP`
z5Vql`!O~h>nOeJF5NINHbvnnR4y4uFp3<vs@_2QYPzbwk^<(vw&yd4<vZns<FuY#r
z^$xB#!|kqxg266BsG|2xHdKM>>w{IawXE>T8tBboKl5FA{`pr?P+6+0;N|PCS_k-a
zA#bxhOZx5ec<qhMy-CJDdaY`c>5{X^KCd2{EFZk{{Db9MFq9NZfo_fxndlz&<}E<Y
z<AppaNkks?O!nKKxJC~bd8+Mjsa)}qB2^qsaDzJg>-Hm@!pWf<ec@YieE^jF<I1Z$
ztr=6S5yz{$wI0bRDJhCtI4LhF(-C0ygb%p~_TAmY(PSL5I<XR)fk+D(amLdOy$&N<
zg{-Bx8q905GX^2|;>MyByq4;BpE)OZ^T4P3dQ#dsJ_7L)f6p=hb`K`JAaa#eC1<cF
zUE>A0ZXab4ZG8P7AxSpuwxD-b6c4<@iKKn-aod6pYS&`J;zN<jvF6UAv_XJVP=SFy
zr*E7-%Go~~A#~=(`lSK6f1S~fm)IwCDpA-2yq8({39k1iMKA}FJ$*1oMU4SWPG64%
zac5ORvG5abbi44=nM*lk@JvesJFyQ`Yaa5t2w}7}T3_0o)-Usemu{P|f7rcdt*hsQ
zXQQnApVl~uC#$TOIscjjAg_To$Q<&)BXmWas2SVZRMZ>|VQpcb>^^UzYtOtsZ<HL&
z^)|w5&*f>8@R{4H?T)9nTVpK&e77c(WB5t(45{B+#dS3zYRm}nn6kNSOav>GFZ1V|
ztkYE<Wq$sBCD)xn)z7}rw5gJ43rr#Vvht#$tFYkd%9<{$wjtj(^IHM`R1ZtE8IgG*
z`zW(5yMmUQID>4sZ8t@vycWtM`{~#jdi~G0<^tiPfxreeu>&gYMskW~u8OdN$wFn(
zh9q`f64OedY(sWfp9FGg@yOp$5l1)Fy9th!;v!$OA37n9Ka~M4`koDVry0-d+&r~d
zpP9mAgCCckg%XSI&&I%B2)XbctC+h_+Z>YEY7Ua4)CkEg%$Wy{c(a{h=ts4wl_Q!*
zc6^bMi~L>(QG45@!TRL1DpgNpEafcab3zRz(yCU7&!PlaX(#)r3v~k5IweW^uI63v
z3zM6%$Dd{}H60XMz3HX?egq%;*o)#p2~-9wBZUY1ojpd1xi(-t-pmJ0a*PC~pQt|=
zDWmWvk3j=8V=&PRtd9%qf<`Ef(<ISFV*b?<MWPppHw4S655mJam>8Phm??W=3TNgr
z0VhtxJPM4hMJSx_gC>nrQKmXgZ8Emea;GgaWwsbAJbwbYzSKGja}zB~5e;T|REcd4
zro6mJfLwpH7X-jyLNShjxStCjbPs+SEi$<}fY6T?4?yH{3tlKWf^;tnqckRY%(0TN
zin)tm&#>MRl%A<q%#UjKffzGw%w|`2{Z3Ciq_AF4^lHVMc17-}N~^rb1NxI6WqAFt
z3GvYkd6kS0$`=p%+cDlOuOvwf$_k~=H95#<&ao@f;4wgD-5DhB!`i`(PZL=fIwJ(<
z4uSIv^Cyp|Q~Ukd+N#_Ug)TZ*-$IAks0MgVx~&;=Q7z#hbGo&SDtgg-FFCd+SWfP@
z#UoVE*JYY=Ie8Ae0_;A1m|~|!<pwDAXEc^ZYgR5q6nQ6koP=wJW_MZHcIqrybos6!
zvPPDWGHM`@%U8KuQSLMRN?IQ7Hdr);PVW{hurrw<ApOZWL@`Gx?RW*BD18|ZNpFka
z|Aszm)&uuLwm)7JVPu-rQI_O-8TJCE6{~!u*5etIJtqdNCQyV%Q$4*9nH|f@&#cj?
zvo*J0h3Z!JZPtV6Nv>#oN)DtjS%KP<F9!@>u>u&F*MQ3jb>@>U94K)Q5E*wRjRupb
z*M8)Qj-rCp+KhI#PI!)zs{glAQY2ApR|l$r?$`L$>~~elrMm<>lJvbhHDH)oI)EoZ
zm`!I`3!i+#Kof;=nB%YuC@3u5H%*cLc02Hc0$JDnfYMfJ)AVQknk7bJ72~-I0_y;E
z%M+kcqVi3h>vsX3zT9LS1T;K3vc29FEf_>1(LO(fPeJER0rE8%(C@w)b~HjWRaCyr
z$ABKGeBx@f3%M(uJwP2-=@VA?BSB_9hd!1GN1_joN*(MHH8<6gz8T6*I-)?$2GNkL
zpqEtk&0RuKYb<K;UY}8sTEnbXH*#xFwh_P!>->w{H{BTR?#C*8G<8IqA<M=hs#G|h
zpOhBk21jwaB0|NosuMk%ab2qeWnOs_wYAcL2TK)JtO&-WA3T%DwOv%?ps+%b!b&j(
zHzj|H5!P8075~K0!+?j3?;?FgCzMXj6kP}&zhjFHzh&jTUv;#1WlK#Bry_wWQ44tO
zj|z#)7$OJHK6?8^DG_C&uYZ2H=L}$FT57K+HlHmgnHP-5qhL5n;&Eq3>A|&TocSM8
z!faT|8z9insZ85Jn1~hHa-KCO1Z7eG5sw}=)gkj;6*mkU!h(PMlo!)+%>D3L7CPDs
z75e2@hla`kMXA6{aLZybhjeU06bsDXC{blZYcE5f374Y<8socw;-c6~5~)IUF*1aX
z9BEJ<jg;8)980ozgHow8mUXUx6a+V?@GZ#cPk6KQiaBam2GI)>yY>KYk-|1pP#hwR
zQ{*JUt6INWi0b*dy9o60d;CDWFq)HaLi@Bhstt1bk-;q;4)E`R#L?HEp8)Vw0q}!-
z82*mt&sFNZgg&OjN^^qi`34qeXn;*|MJ?nT@Yt2F#v051jrOe2NQIl5>#t8KZKQc8
zt<Q&pD{tqEgD*RkZDIdldoisi<Vl^Z75tC@x~F3Z({tjD@t=knVH;hk<j&nrwZ@7F
zC$kZuSsr*^4Knfhwpm=}p8)r(BCN)_aYhEOm3H2Zyv6c6#cBU6q4<qKi9<7Z#Ytp6
z{vF2ma5}ck-W)YsAIw@|@FriV@0zk)jbt<$c0~kG<ny-R8Sy{Vgxb-{M#;DTJ8RH_
z?0P$~Asvhw=DYa1st!`6idBGOh`~O5IMQ1y5z4JZlus~1XN~6}0r$^xIjw7YIVn;Q
zA<&^Ab)4|EJpBYc=Avb*A@-<2IiZHWoaDmONs&#InPES^H>;Gy;>CnXZ}s<(`q|s$
z%NY!DyOK{VB6wt_qr)Ol?NA{cpdF~1+xqDg(?VgQCf5erXUn~G<!c=<Q>4rj76&LD
zbYZEwx%A+6@ETOI0Ikc03-dv-yV)?9VsdY&<{XFxWsCO|gq%jc^n8rZah^4C({oyD
z1WBC<@V{bhx+7n4y#tf;sm8g%@+%8WcnoC(oMa&`QC0~{K%Ui?Q-$@@u4K3v@SeDp
z=3sa@2Hklqs8V4ZiwxmUnSx0JInT~z6<<F6OagkUAdo*1fo<_V_V3^r3MBnoo;NH<
zSUcf?+Yf#Jj!EO=U`r99E>~r6kfGIsjX`UVPVNe_jmkC?2(&0R?9m@Rk>zS@?jVf|
zYI;WDx2xY&M=~y?H>4w-eaR0$P$g$mMhYFdtC>OMlI+oUXp^ie@FZ^swNWshwhuT1
z0a$e+3=HWhAa=o<L$Rr;Ip5W)WZuR_uDA>q$MZ|Ie{GS%SK(OQ^blXZiH6Xw>Z3;4
zIjiNWh#dOy6&7;!`mg`rLd+n81~;eJcTDRlo?jy)Q5S1?R0dg{oq`=%^j_niYre%?
zB8Q~c4Op-AvAT6OLu-aexs3g&zxq5W@>yuqGN1ykfbD=wC4+@#CBm3Mk4W>ra4*qQ
zzCUt!!J&Mbl<ScEm;-mb^>OBD^hjD4u^G#HdyzD!e)@h%)YCC~6b%{HkEv+6morMt
zh&{Vz`ZfBu^bE}n+G!s6FYOmsV28{f@ra%j>@MMGw93=y^YaVb`tfq@S`+ZfJ9Dha
zy+MSJfE+2h`mE2lPieL5xxe>ENS1iDJ%xS?;qRV|6TxQ;A#=RuJs?HZ#(qK@`EsJa
z+q%<#<W_bST&renU9op<OZ_{>6&4mX8PG2b7q+0n=Tw0y7ynqcXu!S;b3|lYYbTsh
zY>4o7{EjZi+ux;Q|3px;Dcq#l>ONDtEl>3&u<Tq~bHkh<24B)%Hk35k`uU3S`DOhf
zt^>#Afw^<f9sM2L-AC-}EOMwtm-qc>1Aw$Bm<_}*x72FLo1k()rA*E1uAH(E!(c^;
zOti;CpsQkV_r+%YL2mfq8%esSe#b&ro9hX6VEQQw**9{I@gPpJ+e=0gZF$+GI^?4`
z09>)A%Su8>z{u<3Ae!JcEEqaT+eNILwtNMl=sBF-*=zJJHosJ9P?n6)fi9^-ZWV`w
zX)rKU*O)H;HFkVvM_hMy)C^4epf-?Ofa**>y(0nf&ik&ILPV=3MzLmGb=RdOgfLro
z`6hT+xn$o(fZ%11F#B&e*O!U2J6RNc7YK7=k;B#0ij-HT>VOVAzIV7B;`id?JwDGj
z@o<K-kKLUj?`#X^NPCm};cmo28JA$*gXJ2F*=;hw8Ga=iB2gq1XY$~Ug8VFmgIGZn
zsl0!6cz4gJaRq(aQROFN1Bx_;%7V0e4ajki!X<kyvdygbH@YW3T03UmDLi|=0ZOkn
zxX7dy)&ab+m}K<!d=#|&P|qW9!WzYpZ)pKZSMHfGk>Mqn5<x0-$;B5Ac*to_ndIg}
zwjwxpJX*h|?P-yW@EOEMF8}6@+Av*F^*FSAC+zO&Fd}iNxKCQ09p}eRkgN)+Ce85O
zv(DhY`G;uw0q)umr-A%{eH7+Y3KU<$(=N0?1-|Iu+MT%92H>3<2{?-ve61a-Pj&Bb
zZ!t+8HP0{lkX_%?>xOT+J}$!m_IJ&buJ%m(L^`Y>mbezC|3g`8!spn-VKUb8K{kAY
z+3VQv?53BhN%<c|4My`R413Cc;MnBGBTIWLkx`OHIzcN#7iB9$bGjL+fY=`bR^xff
zu9mp%Hn2}E!L7eq#|g0*Laux9GAq2C!Yx&Ub5-XUW;I)FAO9B5DA^)&X^R6i<=~sd
zJa4}zS+7A|^TO7Fmtff!O&!uwu*}v)%lE7IG<B>ieQvMWJ)@rX*q0badIvgC)QVY$
zxSAlzryewIg{3nQ!%;880b2&+HEl0ibpCzCF09{qQ54P<Lr)%g@v06bOvG2)NAb9S
z$dAwXjO4Pc`+?d={VRKhO41R-tLK6eR1FV;h20+=F!l@he2a59;PE3g&gml{&h6#c
z(}y(Lfkc%~_Rnh2?>Efpv1~I<meuaDYpF+SHFg!ur$In!F2r`t2X+o2|IHfy#Hq!C
z@K~=3=Oid@P_1~*xZ<&qImzwLGb|<*(fkaye4`21p9>$72$)I4j_{~SbU-mm)BH0w
zgi{;W&&Lq64ZEzqr~Pj#MIF*xzc?WS#XdBXIyQM(YHg)lM`xsUDT9RQ{USBwsf}NV
zz%_hEl)nL&xdt@d0Jw897lyT)R)Z(O(sXd0nxvCn<G5Iae@)x0!*pwKaIINc-=OP;
z!jOBZ*1N-f(A9q{s*~xWIDK40`ax^cBNf+FHMr-qEg#H#r;BP@j@Wb%X-4<sm$-;D
zEcQtMvst+8sghPwHmyY)MhLEs<V9<8KvAKP`D&D?Aevx!4}gNBji-#}H5Pn`bR~{I
zX1=;cz{%7##AIaQ@B%LlYjrPUcUR#y3K4~-xi1><sl$kZf1YeOKc*Sl$?HU#>$NX~
zG+E9lnvF+@{X<C02DYtUW_XeE*iJf`oh7|?ah#Zhezh~Q-ltv!dDIs>8ky5n#o)R6
zn4pl}EHCUx8hBOba^@atOH?VijlH?>KTQDl1XttMXG~aSwGoXUw}C7*Zzhq1of@nc
zk8!Ji?kL5D=gFlD=oBHZ3?(^R)BHD43Sq6kAG6ri6#)Yao|7QX$Ea@h?Rr9|Y%{H&
z#(?v8W5{FZir>H!#i;RVtvEid9SLm7YJRcxW4m#Z6|e|sJm0gOcq|>RghPn`o4E7+
z#m}(5RMfs&`SY;2r&eVxRINpz?XO9Uw{bB6Q@|k`IUfJ0%^EXS*8X8F$2Srjg`eVh
zsl5^kO|xM3&a+$m75ybd@RN=!8Ro^khCjD)ZdW~NgWD+;Qp{Kd?k!53jE-PhM1v0Y
z>FV<wlYzxuVb^|X^V=gLsm-tmA`jYp@j+0qi{-+aydLH;>7Z<w2GD+ZvLYrVGmyDD
zxC@Ra%hJXx3d0U4TKA{Z@!BCd$M{UXc53@m=+h$~uVij`4{rb5-0iD+_G4}bXqJsJ
z>K!Ngne^TM<RgaP)2<d)CvCafbo$(PvioN4v4B}qP!3Uv&ADC4Y+oX{kb=7n&vy(F
zgI=>k94Z0`?Et4KYqLQ!6B6@)=-=`qaB)i)V>sWN$FRxlMpO|QY{Fs_guj_1Q;LN%
zi-?$^K{rT2SwmsU=`mX6D=murCc~hyyfRCMObEvT_f9s?_+5rrs6o0o$);YkT#a^~
zYzedmh_*2rnU^vlzsDINOF2f`ONk9K{UOAj5b<ntwi@SVj!(I1g&y%i#}z|#N_l9_
z^=nDrG6)`&AU)f@YT56C<0_Kh=|d74qP@Zv=U7BPw9c|dhDU=B1HU7ED1|lM3`JpP
zguOR4)xHuC+x~P3!6F>tL}E%O0)anAx&tnMcO-2C8JCwmpO(j50?$A1Ry~EbeW%=d
z=q{64@hvv0wlD0kE_GZz^t>NWgE!g0oL!}rdSXkR^s2D9EKh1(D7k<pue6Ii2{R*P
z+y}bJJ&K#99q$0=AmIdSIcX2VZtoRjy=oOC`$C&^Cpqm(Eey8u8k=ret{@yyW<dPf
zu=D{HE_K7lvJl-r-lu3;r?8l5ilot4P1}YegmYl~(?k8Z%PzG6hW}D)Ef{s^M^!L0
zuNAE_IAZSc`;HP|dBC(caboMphmLFj+Bf-7hU})r%gGe1VF~AiU2iGuLvoR9nZ6KZ
zk7P!>TN?|t{#F8G%kLkgMvw2p3e0l&kKgCef4ai!@|zZ6hlz<xw9|^``ePMDFbD?-
zNvg~Y?S`?Q4niaUyaM+=@-<|CAZnsHMWY?zW^brtKI98Yviu#)|1AIx_m9>KRF#Ib
zmld16(UWy!kI#sPmGhqq`a<UuJ{Ob1N6*ue%Aj>>xSt1abUiK%5Z%Y~wm@%<KEhNJ
zvDW$FY5dm^O*crUROHN-V<j}1NT~|Ja{h^#OfwfjYxV7=k=QjuJ3lOjTU`b_ze%MC
zUTao(vs%?kq>+96Ji%GGc9OM?2x3CMyjZyQYoC%eU_)VGr$_s?c!ARt7TbV7^(2$C
zErOAfG=hrp-p%Gg1+ekh0tbjR=Wb}Y;b!U6y7Lq=%}m&y`r!@y7Ja<1$LXMgE8+1j
zv6Vp)cFFn#7<jp-V%Wx(hU|C=-5ExNf$>i_+D5Vv*v19XTwa1Yj|%Yvqo^e&@dc(b
zN!MUD>zdS^ke#AX^{uw(hRXtqxu<&rrb4hOziYZ8>h&ud@xMu&1AFR}f=Bq2vOX+n
zx3_^Eo&)FJZ_{+Nno%N9!SK>g1kdz+1o$d@Bpm5RH2JWHCR_u;CHzr!M<*P%=&`C*
z{-THENGBZo#U@Jp`&~k^(XJy%tLCw>GOFpyx(2gGhgnh?!L7+{NMvO8E+{0({X7LV
z$uS`T6G#HyokWgBfJ`%*FNvWTzNkoUPKj8L8NLhgzjQUC+OJWTi?qbWf_*SE?kohi
zj3^Vz8^jr#ysZ5<f$OJcHH?(BOG&9?VZ4&E@Y+d1vjW)HToulUAnZ&3a7t@M_Ts)H
zl-@FkBZ;WLraLM+L!}a@C<_E2L|Dww63kpC&sM1CYOAO#fVINCx-E<qq9Gg!O1N-2
z`uL(>pVVQ8#rHiHt^&^{9a+AuaLA=arXN4E^Ik1ZK)FS=B0!Sr0tE%BT>QBeO2L^j
zLR0J-OL%~?!)VUsFGtf*0A~u>BP@?7F<jLijxtR)EpM3l15Q+DsToJnqi~uY*(ktW
zhbUt=wRw#iF!x6}LqNA~_Ne~`-Hfhwz`QBX^_2NHlg?9NcRyJWmmuqx$mVxnWun5V
z9{kRwB8HWQ$qt6?j!L&%0`vA4^bxriROzlBysld!apLK~uNy>q9OaI42|4p|QjICE
zHRCUM2m1b4@{nZDQX%0{A{%|iR4dFzKaH`I)GZVW0a8SWiJW}_G~RzxRZ0hcG7BhX
zyqY?eGQ-G0%N%KIXfJqyobNH4AY`Q&^zu6s-*&yY`UP?fZy2&S*d3+(j&iQZ(6u4g
zt(e;LrQ1GEd^ihPu7GU4*VfBlfF)}|Kc`=q7|zluS7Ce2ubC6eDh+F`>#oo<P|kI|
zs<hTY1cFNwDbfO~rS_$nm_ZCqTKyZf$&W;*o%u@W-H$6Bz;4py6!<q``7f!TAUOv`
zkfgezXr!QfG^Li+JZt`OKu|`I?2T;k%B2`g-MrzES%e<Vr(0AD@0)EN-mMJiYmaWv
zNn>74{2A#+5PW%EIb>{LbyC_3k_z_+X_i``0wgI^QcR<T{H@M9+Q%f-ap?O=j9`CU
z@jHSzVR>x-d)N{wMk+W$jBf_nfh`7s)0|I@u+Vmd(((s)Re(YeLUdLXeamJh+Q(_j
zfrF9OMry*2FgaEDF0<_@iIwwR!VbCl+jayMb^^mEHfIBA{+?)29fdYYZWJ8Pz>3u|
z9-x#~b7KenVPEol7&Ovc<c}W?4|&sRz!}(To0KrjV3Nny>@O6KYckza9%Kl*-Zn(!
zh=>`D1N5vh4W|_NlS@%!D%AY3cp}43rr(g=54aYukzV_IsiMfP3+4eXdtsOxW&X94
zFW!8s@b>(m^9a0*LD464V`~vXSl&lS%fN%N&l^7k6#Cf+qmAlWqNvE8Dq6RBZAJ6E
zuhLw$yNZnob5|}EnTt|p={J^Jr3q;yKJDNQN6X64#UZ2nc%KcsDHMiciNHq6YF<=L
zX5)Q5;Wtgcgb-&@Fw0RXj0?&~t;1%O;J^3a8irCL#R+<E&)z#x0%o~HZPp@%^gu_z
zmYKaq(QX1ZJtGfIlu0p3dFh5YiM;6_IDe`E`YM(2<9&9`A-eKHF(0W06Rd9x^ZOW`
zjXTDT-xAFET2&=(7-Jn|DHPEkGGGPV5sF`-!{4yB?f2RDpd5UR6KGcvNhDE=R;EnZ
zir*$S{2N;pVnmdv3);)Q6!$nWTL3Ao;*(nC?Lis`%RCd7C&h<81eHU5^6L3))6(R$
zvJlC<WiW{9K-@izCIrX~Hh8r=H~dKlNSF^U0kXF&P~l(Js(ngkP6Y{CE+<-cM9;%Y
zJBi=Jwes*r&w>z8lOrVNH}cR*)oHe^&y&7!ki1#&l12+bB}gB))sH+MI{|H%ULv_w
zC~qBNInNcV%4IrpomBDvvMjVd3pvXBS7qvyARRtDi9H*HJx|RI?hc=IbfmguCqJJK
z;)d>wEVKWr=d4&+e{fXAeH9mpn~sndV;8H^?RQ<Vs>}l&YPIH^0uyAlcR>i}vC+EY
znLDYXx8F;>>hN^mRS<5{Ux1`>cv?D@VCt=(AVWnvcz1$D+{t@f1**=ECF%!{P`JVs
zWtxyeg)Jt1Suzvc5M6TKzqIhKp?V8`D~#x%%w2cV<=!j(h?hFjIfiku(SFfFm(kNj
zinx*^qIar|g{)Yq2Kgfqf9g%y!#JzBmF>ynpMRPx)9+DErCA6X%?{WuyMMh<rN2yz
z|67pjU%#g?F_XM7h6DucH`s_%w&99@zBVI5I-sWo7&)6&+DR^SUUx4l3)LzNBK4Wu
z^+dD}pUswaCAG@>&0bi3wtrkP3LJImVG^vV;8lyAs%sIr+c|l-J~7}K=%=k4m6)(l
zT=E2rZMaFGM6ra09RVMaxAEojUkW;}5sSVF7Ib7&EX^3yB_!p`PSP5UNjS_aRz;cB
zYVS0pwpA3c(N05yzx1*Yly+X1r>%T9BVeNJy?K<rJ7J5aV&5u)N;!MgxZ@=2{;)D3
z=gqscgxKw_^LRRq&F*dDf~tto`4+OwY_S${hAdur_wcjt00v;`L?E%y7>|qq-BoRr
zgZ0w@rz^_Gzcm|G^IT|ZqNUN*M#v$D`MH%sH^p@@MK`w&x#A%6nlFwE)>@r65c0$C
zSt;!tn;XGZFb$=lo<%0!IRT<SFtD)<g8;#r$U>=8sSb=K(d{DqsLB3qXByKJ(K*_<
z3QFcgcXO-=Mh}o6GwIt;sSKab_($BXcdGJ}xuX62SNVpyd)BsQ(xLP>gOU!J_#R<|
zdw&kZsM-pIzWXveu`2zjBG#IfP4ZHGn(PKMfRCF?2Ra6G^le;Qf7?$zo|1iQnlpHf
zG!s*q{d^~JpuN?8*6Je^I+b!Mp0E<P?q}hXj-EEG<Tya2w$KayH|(;ynm+8<0tAed
zQB)GVa=nfQ^+_8h@ho<Q)Bd)8znBMAfZ2LxEz`f<=qMHIOnJAZ>I7S#GDroflB0+g
zS}~`d%hGq@gHC8Yq#Ohm!7IxZ=}-Po3u$xl=Ro`I1SKAk|CU@>eR1g2Sgjbl%7lcz
zENUil4$LPHVl%U?m6BL#rO{B+;HiAK)WFq-Hw~qeM|;|aCY@?Nxa5I0DCmj$Y%ry8
z_H`>%UWv#l8#A`<V1p-~+8a2$-k!D*sxN$~>i+fQ*HLs(gDHm{O8OR!hnf~XWhuc8
zLT#NGB;T^&`!`XC5pmwRIOt^7doR4x!%%oM4%l`ePyh#Nnl{(^j9N)$t<|!fM$xvu
z9aR|!*tHC&dr65_7b6?J4cgwjcT`aP;HXLxotCyNO=dBg_({uiZK7WcySQ86fJWvA
zN7^UJO3>Ppsb^@q(>}+D9e47o-h-a-O|~w1?)cKRXG_2)f}1314?yrL7?>DCT<L1~
z1b78F1zu)`mRh#I#^iTSk9$j79qSrlXDyH0Q=hJPw^IV9Lo#5)`aQj?jYHv$YC7k3
z9i4w((7ihQYlhBDWz%QyePBHo28d9k7ECB@g7iiAQ=G=kax1~aGMe7s-+gPJV!$b{
zzL<rjIWw85y@|%r5nGTVxG9@>FK>o!Kp!LmbB?G^SuxBzEJ_gn0$*CuXJ>+_>&c5)
zxidU?5V{U-{<h{3b9XT6>t91|CnCARP!->MC|i7{kY*RO<gTgf+W|d0XSB27e_btp
z8Ta6ded4WyV~)wZd64+@cvJT5-f>|0CIh=N9$Z|xC))2=$2Bgw|286l-g|ifJd&ta
zUeSHeZ$rtG5g?iNo`mV4Hgb{B3nV#H=r#UKmM^}>-~AM0SXcue*`?er!sA9p*YG-|
zmhf$kDZTXgwjnwkaYRg+9zrnGEyCPzw$8^YZM=I-NgCq6<h`7FM=$u3vt3HqCGuS=
zkP?E=my4IDYtwi6nL6JQZV$Kv__~MI%SZY=WJy8|MQmpnkALk`4I^P<M(J|~5K08J
zz;~q^0SI}5eF=g$r1RHzEZ2?<hOZV|=P0Osjr#=~Y<~^5aHy}IizCRs)Ea4PMl;uP
zxp_SY0;GfJ@j&D{h=EBp1hclv8`i-#KYm&Xv&0C*d3PaE0PzjWJ1qd<k=*m=T2110
z2z8OjvqbgfT>YyGQm%Mno~xF^`EL&{UcB_tCAyqR<APR}n_g<Q7uSt>nDNNC=r+8w
z4OJh{a;V9FzyDJJo=w$4@SFUN9ugzN^I;0c*vd@05~>i7L55IOltDBl#ZGk5Qoy&%
zDl31e&)>gGa`1lWW{!Ucd<%_oJ0#~EPdiy-{>I<CyHT)aQxwFaPP%p9C+@4U6VMC1
zkd9ejM0XlCl1_&w`lZg-4Nz;q?EXm)ckuO9$RwkfSCUd)<gtb;_ES18Y=M|4Cg&a2
z&4pKS^znJ22ZbiNqFNUAlalm_8`(RPHDE%aByK0A-4chm{j4VfB1+ar5lKGccIK5z
z7KrPD<cCK||6(O*Va*^<#iqc#+A%Kt1y6gd=r@wxx<6R`*E9=v<EmdI<fIA#%77$q
z#9=zExYt1@Y)@C!O(!<eX`6=_E?gYiqIa-Q^*8p3Dc^2H+OyK)GAIo0w7Ex|IAWHJ
zQ1RPVG5qP4ZGI^MATLHR3O5sOOZzjv&?wRu?FoUpq}k7Tl6yr4yaFaVs1C*aDIo62
zF;K#XOf%YqS)O;eWsEaEK#}`6eWsStVPTYt2FDqr6T)ct=P2h@=Z?HQfHy*xk+(8Z
zG7_}w`0C@}rrV1BaUHfy)ky5{_Eh&iLU>%0MOc@HWbRfE?6XJn`|Yb>C__S)w$N#+
zMi;h3!33g52RyAyn%|<;RTrB4u>X+v{JYXMni?yHoiY4E-yv!3^BFH{5{#aU_LCx4
z>xr+4a+E36S$Hr580{-1ktJ^QCM6D0Oc6Dq`|9HTf@Q{XtVa6%8f)x-U~GIaL5c2r
z>@)a2Avk{l1P6<1wbmlEU-fOO8QBq4zaFr>cuzaN?&y@y<mvoM{622RI4R@FulP4;
zYbI(^IC7)F8CKdUeqCv)OWiLus>ozn^^cDeljeoQUT>XpcK#0O^x3M5=<8QaJ84NO
zIH0MkA5|!_gam=mhNT0Bk8mLCQw>)5(gK66Wrv&$c)|Sf-|Q%9EviHB>X3P>cDAiN
z+|b($rSGEA?XJI%es8O0NJOF6f{$hFPDBqvA6fksnZr!u5M742?$mv77(;Ipo8vtz
zk5g@}mNk<j=9o0ZQBl%am&548@Ts1SJ+GnAm*VY$%YLHz9iDB?a-C2^V|Ni<eH*j<
z?W!>gDET4P^kuol)J!O(C+1rxSxl@pFhvY&ie4-3e%<@f_fY^bM(aTJ5RWPNf}FFR
zBreqd88Ycu*BCOlcjZe@qK`WqM|n6^tEGHn1)?ebk^%ZONmdKBH&s+?et$1x%<}X|
z71P8vuS)VeOi6>r8fr<G_SaNP1ICFBRHL*o@EVcr4!_^1ovD2Ope7a=d!`@uNSB7b
zxFr{hP?Kzg3`VE&J6G3PM%S3|eZ$UaeQGF-uB1aM933WSw?6y^{$glo{JwhF+E7Qj
zW(dPZx@LH0!fqH{&?arJrh<NiUGo5Q|LEZHue4y(EKSg(;L5&m(4&hQeY3N`%0Xoo
zFw)9=q|>uv-H^)b<?LAP?zp@sx6;9_BhPpm+IB15+m!=*&5hKWW^GsVn+MWMEq}4T
z-@4<}s;_^5%D*WW!L=0<cKf6!V(0jH|9~8avYRwD(5+`lI2~Z;(ETwT=P|N$rS*_%
z9jJMlT@moKVb@M^DzoA0405sCT+!qJ<UHzGv&7hULQ*wdcDB7iu-SEmG%q_}F7>K!
z`Vii=S~=v<k-1Q9RF89Ox_0g9Rd_}%^=fRHd_A)D;t3JNP)n`=SoBg|rqCPB-!rV%
z?yoQo9+hzA560K*PEs1b$DTi|RD6-seQH#89q5<~R+{(mKcJr#TNaFy9$f)}rbZV9
z4%Mn6iM9fawVn~3asts0eTFjYR=ST+-{EkE8bltPQ(J~!`iOZRlQ_cNbL0re5_c-M
zqR8L#`gXwDkL?NR$m;XdJ731Y;OO~mv^LIR<?WFfrlH^x&mUpTe#z{S%#e0=4gzWG
ziTDQ+9keIMwC)<?LYjN!g(5(!fd1B&w1|2)Oks4AL1(J<_3aQ8>{(|U=A!wD>!|CW
zd^Q_0Guj07Eag~>nqDM2DC57J4>YaBJYVL3MNKlMHb@zUaS;e%C~|$Hhk#FfRi3v|
z&|N4&04xnV5GNZCQ__Guw_?~%gse{eTTOyD2a0jc$k}{_x#zh1m>)>4^%Ha9x1H<K
z-J|J=N{ky7V)bgFpcdFC2)(@vXVJ6$<?$|>QAV8bVlMuM#fMLjmC2{_r)Ji!<Tw5B
zOo-0Z?u&&D%}yO2P+m^omoB_CBjZ-1Xh++i@S|E!9Wnkgu4X2{estEl$=d10vUo70
zvjfUoPqstS>yPZmhazyK1a8?0vu81$5T#dvLa5<Vo~nwiZA}vnlom9WX?7=P-Va^7
z9&1_BQLJ0jW~be!Vg#)J<G}De>ZK*Wp%1DHF4ZBkNs+>Q7j9mT9+SfNyS3Em3%-gS
zRylCkAWN&5>vV}u03WC1w7+8>Wp3dJduL2j?<#w3tHPn%m;l(&wLOAg%a$*?^kiGs
zVzTL`{}m>{%yND=Xa2DeJ%~j%_U*6Cej4?)xh;nSR{ObYwtIUIf74UUi;xQ@#DzVN
z<q7_Y(6pOq(@!1X4{y#DxKvJ~P3F1IZVUeii@lz$OULHL?g#(d`nj9)CjtK@|K)p8
zOV9c`&)NCqB|q>f)6(+U+46|FsD}xrrqFMU_g>WDr1L!OOEIHSx+#ts|1<bA%pgjX
z7a@;rEwt*8gzRHXrrYe<M<ukfu=>Trm%Ucqw#DRE=kGKW4j+L~Lwt*9{O&Q%K3X^*
zzZt~g+=|oOq$m5y)p;Y_Xvs{`w`qb6q#WCVOQ8J)7Zu=UAZP83PLLE=3n7C3?jPBc
zVBL9Z3d<ZAG3)S7sRIK_XSIpyd14u!hmi=XvBAH$qH!(VQTU*w&^=Mz<h%GUGHvOx
zm!CWS0Hnq2BCg(6sUgnqSuH57XDCwPbZuP%@R1#xPxjnFKgio!(XJe#D!mC=(Dgw=
zM|TtJT>>Q4K-7O-oo!A-;J#VYz@HSTS5&ql<&Ewc8&e-Ulq^xJT(;BGm=?WA_B>+t
zs)3GOocbnr<XFQFfYqP5RZ-j(#zj|nf(FwIjdGJ2+|4l@uO#P^uMm9jF|S~v%~%eJ
zGI{=rAH-<EeHN*DzT+>{=P{a>=z!k5n544M^#T?#9XXJPW=ct_TU*iAmE4oP=niBs
z*XwPxQ!soq71mR?+_}g^9C8(=LIT=VwP3@Zy3)1MoXp2YNi2;SxF)Oyu@ZF7z4r=P
zQyfR;w_%#ly<RFJB~A0w#pY)vyq*5C6~h0qR@s}CfF?IlqI0DpjDDpord~Z3VD)uJ
ztOV}VYW~f-KS!ZLQ$$se)?u6tKlWA<D=k@^6Oey&#&k~S#eE18+Qtafst*pzEo@3c
z<k(=F5DyIO!pulc)-3y6hwu3GA4gcJE0nkHgL;6LjesOkrWSWWPf(3vTm=aypE68c
zx~Lm@a6b-T(+1iYdB*l8LG4{SO8>KrAqEQZ;eGs1XFawgf`W$@!?p$cuo3Pr0EIn|
z=@$MpQIdR&`#FngL{zS@MmohsXP?qL?M$C-p`|ZM`flz&7L5DxrADRJHwaIieu%(v
z55bG)cZ2(u4w~q(E$1#kQ#;_kH8CfnR2`SAiQQ<~Yn&|FXtMZDZ>U&DXNG4B_|GZj
zbGiL19Zkk(aB!e@xuRnwGJsOrknr~29H{5!&qi*T=E_FyYfD*@!itEzuf{e=Q@elK
zdiCBpI@KF%@%;jfk}GhGhc5z054_*)zwT^Pi;5@4kA*!q7{Bp#5!2jQ-(3Hc4)Pe}
zQ29Tg>kPC8r2s)s8?PT9FMzF&pF@b>vng(GK-j~J-F@Cmm6O@S#lzp>@qW9G;6*(Q
zmKsoH6$;Dh#D*wEh(2LCx=%hJU<yh(gy0$~V!M(Fm0d9nVk;21NokA2Z|1Me>AU|_
zequl&#CSc5+g%EX5uK<pjRd?NJ~rFuh4W)1>J7(&E71{`o1l3F0}-DW;lxU>tc5Uw
zK9h)#$k$oDA>oI}$K%!e=lE`uhP1}9ET<^G0I0A8l2BdYg42(0KK9jno=~J`Wj3kw
z2qq}kZE(1i*Gd~OrpOQ)UN9QeR7tUgxq(!)vd|<_VF5%Ugz$hDy1`WU#mC#<wxg%d
zZ@||3_3s?_8T-u~0HOVJElXa4Wu@cgWaOgs)%7L^fc%`5r1?cBs>cQ{dRrEjpPH&S
zj~)|_`GhL}JM6S;@MiFQ;?g!kp9f(LZX4y-Vrh)8hPltrbIwr(b`0ZfN~IVn%1irs
z^)K8>)DfwSIyWbEZ38-z1|*-(<)%Ja^25x0cPNcUQAl+Hi0k(7-uohi5O!UVR-C+l
zGc2jMOb??gHe933XZO&efmn4VI3N3k2`;OevoTB8bKjVen=t*>`7sjq?IBW*7^c!t
zsgtXJ3qPA>(3m%Eog{nvlLl$%E^9|(jspuWz-~fw$y9dxC;LtP#A3_B^4YtnB#qhN
zPZ&d*e-i*2@JTBIA|U?A#W^>|Z&><>&w?RON(;$(|6-pB)tRw>^6av&*+KUHO`B|%
zHsEhF{uU|T_s;FKS$m#!r7kM|uqB5}RrJj9n~6y;DIN1UC4u2sU2pYV#BPYFLTa7B
zC0xI2Ln<GO7G%*hsAio^*zLbM(Sb-*vmcK=uRovOfq#8k#Yl>pH;*0^+mA~Bo`p&(
z5Ld1DltV)Y<H{6x?`+Y?jG*;E9!Fl`8@+$PEJ)e=;E#kwzNPzABpjb#J-waozdhaA
zLgO0==qZ2<eWy4Whi6P&*U0j3MvL_~zGzJA!phF)l-7hRF^1L)7T$9}Y-PNpu^o++
zDW5_~12X={O3>6*jgzkl(-^6_43OOmO={BUJ$t#Qp7dl?N|-D8pp57Q9zMf*UXEUr
z+G9KUt;F7DVxR1H4>trhyg!=chwKA;Nmn%@q4^sZG5K1dA+WKTYvPEW14Dz|?vpy;
zbm7!Kw44dsiJi@hnM&(QEdIcmR?`5)?kXfux1BRr*wRe$ZoW1xbC&*_$Pb(XnNZSU
zRUTIhNUGr~f%@<N4%(D4#7+DEY)VS!BHxIEuf)JXVv@;(AC3lOqOt{x=D&S)e)-!8
ziXCEqrh7dngE`<A(Z)L9iBcJT6A=E_D9qW|{XO`lhsM+=B->VMNRxfA&%_!SrqBQO
zkTQ&4$jb(UE{aOb{-T~Ou_jIw3|dAO7MrFcR-4cAJbmzaBhZoHt-#&hB~H`cRmA3E
zcAiXq`~dg9!5ErX+GasiCrYUI{yMSfxe+GpTcA?5TxLNU14X=)IK;EIiw%83EUvuU
zxkzL8lM>~DxY|dj`Y*~qqPsg_?*_XT!wf_C_{8vucB!k;QIf-)6PG1320M1l_R95o
zv~##Xd)L23@SW5TI3ewB%&TYd`vkRhDDQL>Wjgtl=*B*H-53|FA<drT_Vj7zJuhz(
zCL;U8ALT~u@%ba^K4VCePOe@*<$17jmJY#btJDB6cm4{rRt@rOpM(Px{WVY?J?*P&
z`?Axh#YzT~{Lp<~QN=VG>7J#J19h2;yA^9>B82<H9UzoN#~C|@7K4I=91V9`zH3~S
zt(F_wo9<i;-eHUc=k=X%guf((GZruNyh$E#Df0Y$q07s(j`XXN#2=vr4becEtm0)E
za$UDmtO(YQZ(>0p1MdL-DpS;pTEX<{p62ERk*P5u1!zY1PVys&K5`dz))J{;kuapo
zKCz}|0^`>Me#D2E?Y~i6;~|r5tga_~$<BD5l5axFf+XxBM#iArKo&JPLNs@|Nk)rk
z@2+@L=yn--(LK^joUJBTuLC1YYt%qLURcw0`zH9U;A`~tbq#>8SvI(N+iA(09%0je
z%v-wav(l|N!Gk?Xe}C`K!9Zw+lE2rd`**GMWZ<OVO7RLBIqdH=DaE22YnH-Oz*&)4
zcG(6mV=5X=Q^LEGi&6zwZSvrps{)Gou5|Ibjo#1<nOxJ0NIM4^hnaMsd~rPrFuCuz
zTVem{z-H`;=mB_aj8NRv$tezf5i)<pS%YwzLn=YX^ODy$);UbKV)s3_YI+_I5kL^2
zs2MF0{OYKW*f&%yiSAsO(=7154s+;1_+y$Gj&OcBH1Y_!J3Q=YkRi*VP+b}Ren-6d
zGJj$q1_2qxc_``A0OPX`PN(h6?rGEO{N_L(5#N>XTma(J7b)jkRso5y+y|G2UyO9$
z{6IY}gL^~?fXaC!KRMD+*Rv(3TFl}tVh1n&FP6?SD37M=*0{TCa19Otf<w^YPH+hB
z?l8E!26uONcXxM!1$T%0@Vw`%>iID>HB~cRt$SZ<wS$A{RhsM<<d_rln^vNUUm*<A
zyoEb?f4{>HYAo@@_KE*>6W&W^(&tf2#KtnP7wwlhj{OPY%O>(b%An#@r4c3v7ZLNW
zMF7n{6PJ#t$&LX0pg7w=Bcc65)m38$79ri`4cPe)q(-w)kQCi2if*EwWj+dXk$%<q
zb05bcg@ce4`y}acKz<`YjowYb%5(i3@gJU{L5t`OaX)LvEhK0d)0Xxy*^Nis9TSo_
z_2|lV#*-IZP$5nckegfDBN9tEt^8va11fMd_NGf^sSq&KLZ>b!))9R9B(%4F#j33p
z#oG{H6Z-tMxt8_5m#Zj86^wn3_l9E+sNxn1yM&%XMhL>&TAcF{RN->^QNBh@fHd2a
z|Hrt<1aDJ8eFKd5VRtncL+MhUf0dm@>c{_plWSo?c$<Fxe?q)a@2`g!`;Xa&udkN?
zfyb0Q@PW_oqC4ZNSHEc+p#zaI)}EU`ZNIx*L+UVq!jDIf&IqGOt0!U(jfWF0_l-JZ
zGB;ZE5S9((*LJXS^|=O!*f2%uW?>Sn#D-8u&_5tx*9@+ztUVY@inC3v4sISiP!Rn*
zj_YLNyn^fxzoEZH)9rseNnodb9{!W5nyev^xEL-qiQ<SZ&=Ue86vdb3uE_7@1U>V>
z89H(JvMb85IC0Ey`Hy)ESwo%@nb+hIoT#a!>8U{;j@Jyt)nN+J6vmQ?;iG4ge0ql~
z38I;6R8Dy_oVz+~k>E&6{DUV$dJ!;E6ZnPt4Rb(%4Uu8K!{$+EwaOsO$oe@w!!s24
zXE+BwfrkUhKiFK*H!pe-Jh!IY3VZ!bb1Hcu=}xZ0Zm@(xtp{^NDTE}VAYhL{A_he+
ztRHhfixNgWgXW81E#V=`{VVPh#GJ`kqG!f34}-x)U@dq+43aHX_moS~qZQy1&h9DN
z=gB>8zTz<eW3|O3h}^R##}EOZbNUS^-k)r|>rr{-yQk>KMAO;FAvq#&27LePkoq@$
zaOL)HQyG7x)Id><pzkmJWq<h0Q|9SooU{qJdyHwW1Wy~|#-Fxcn^nG$nEPUGEG}x!
z4s&t2*~1ij!Qd{9L$(e*j+pwfAtE*B@j)8}L!CYY-WqCugI!B!Cv9@sctQZ6mrLW`
zpZg}No4anJB%VYpv=kO-!j1G@VKm<@KLHJ10{m$*#ow^4ug5sl5kfb%MX8YXQbONK
z;*;3W2+cBKALlt1Sz;~s#r4xpqg*u1^r7Hj^`)NR4WmuIQU2rpAFy#G_(aLHqK*)u
z^(R~E_{KZ<M-~i&iP;1*HvxbPpV=oxG~ou@qmrBuS*L!f4RW>^FK470GbBj7bnA$K
zFs2?xq$f3-?M27zi`uJFuC+RC%xP$`_^Q%Q@;gTuH>iLhrasf5n374s0-+D@J5)!S
zlIPF;n-{@E*K=bsmr#o!DJ_B>b7<H6+bD&yNz%Z^z-<3xLcMIflWE{}p<LZ;Nf3V1
zqtQi&5UJnreP8MOWzH<of8?lyFl9)o2Wz%A+q)8$G$LV*`BD>XtWm+*O=wL|yX+D2
zw)~5kYjgfbb~hBmnuW+W-m}QIy_P&fJo@MFV9Yp~(!Ypi70E56EL{am-r6W*j!-oj
z1i?zxPbkj6f=aB9kO9wpQ_Qk~?C(x$Lyil`9`t3mb1=ibdK~=(d2c@WZ{h^jD`ofj
z^_t-~4L)+4u#32~uWqG{WrdYsDeBTky_I^5I-7kb7XKjL?#l`-{q)ork$cqtd$OP+
zEnSSL&k(~m(PMx}$(k|P0v86l@ifjhCc=`#5F3c;bSIz%;OeqW+KXzl5dt#sv!t&t
zwDG^2&xW(ipYx^$CumQv-1_t8Zt?$*Y!%PcIojp5ul8rT@`tBNyMJPkeA8(8MsH@l
zAFs$Z>r#h=+lU-fsIGrf>;_r3ac7DLmGzMD3v2Y>@XAwZV-kUH@9G5a;P=2!?)4LU
z{i_XWY6<)xk{7G}4|`=dmVZwh`18}2GnWDs{K9lkW4iP60ki13oYX^%0*3@z;0Uv~
z?x%d@%9UtBskO0<799s4s^L~Chm7m9%#$C9)><kRw?+&!-7qgvMrM;LLkMfHJqG&2
z_VEkUWN5Y(1qQDyLE><s#1$ht7wRfu^PSb-9$;geU{0(md67;j7<&X}9p2g^i>!R~
zX%UYykNt$=<EMBJ934WZk;wbpP{Jp4+nn(_n(;IL6Gv+;0eAQ?$D&Lq4ae(I>FJ0c
zDj@s!-L9_CYbT+SJi*+6J7#dx0gS&(V3f#%=lFQ<Z2wJ*qoajeoezrHSvE#Gl^9yg
z04U@*x@nsOA4EX;aV0UxHNXYF&P?oOqQG^OrDq1NRZUI(CVX(;TOgUHXi)4Z!B_45
z7uNM78W~qn-3vW=X_%^S!GoVJU$r*VGd~5amZvoyf2$EaqPv<Jn>jaG?+1c$&-q;`
zl#UdRuA_6_M%?V57fj>6^bZCKG0hx0GGH#;g-4~QvOq-B)>(;#2a$iSiz2^CIu&yx
z-YknVzN?f}M$-g-t-x7&R2keGJ!q~hB8-xb(sX}EX+03}gHB$iQvu)D$Zs5m*B+%V
zlUm}y?kjw}zmE4<WGSIWbK>T;Ke4fE$60WmP|6t%wr_cJ!sfNdvBBo=-5=4E&j6$r
zy<Bo$ILx+Oip5S+;;cSb?u^iF$apnbMhT(Fp_U@2suMSIX*@V{T#lMw)uDmXh^!>r
zr(7_vr#W6ce?m@F!)tvV9I@ETGer?C0O=$gXsq!jI8#VU8d8!@n6`3aWyR&xPG~Xt
zOk=lkR;p$sDj_A_9OTkftyzmW0gI`N|Ee^r#a^fh(9hhLPUrrbOPu^(&`^%A#nwmG
zVd<puVPMo%ac^OAq2$S&@D1UDWkRYQUTdbz`|GX+cAo!fY;91;nj9^(m<P+Aq?^B&
zCmlG6Zyy)noS{L%kO-@XSch`WMNop3l$%(1tp;wpYOo*Al0{FB`wtS=3~0mB0dpW}
z^nj*3Ua^9Z@K|Z2G_n`HLQ3uOZcIB=xcg}Sn^U=SuNXmMUHSI*O+68#20q5@8q#Sn
zjbX+HK990s4nkV2=H=q##33{qX2v+SWFxkfE#i@_h9Sy!S)x@@rS2DTjDt*p<o>HZ
zRGO!GBQ3dP_|Ao<)#HScI1r3F>#Wc>cRs47o3FaJ(iWC>Jt#goV<NPUSo3=P-AWBP
zBzMb4{JM%$7`^K$2QDVF#pbr+09;PSOvII_n-S>`<x!m@6n%D*vas3_aQ4vFKJEBS
zf{Oa+!u3o-ve!$NM3(V-?Ba?TV(@b7OX91=gl^&D<_s~Uz8(H<3|JD_!LUp!Q?<4c
zOG19l&-)=z#&~iy7J(Rj&B(l#D_7(E<Iq)jzwSd#YsJgDadD_=@cRkYWcT|mNpt6v
zP4&FBE2!yPzsmV(hl!NY45LBgvV>_b*0jlrSb*Z*-gAb`_fuSVZ>^WgU%nEf$t8dE
zzG|HaZCfnoO0L6X-vUk5q0)gIcBW@>kG%GxBPf?xZ&tiMgi0jmfsPujtDA;2)b(iO
zc0bs*GRuNGsTv-*9kW;37A3rG>)S!Uvc}#4*;ZfNGtlPNt&I%`*y88gI0K<xdlmYh
zMT{4~p&{4j^fMo&GG9yw)Xz8RQ}y};`DZdzU$}9PDOIzN0=Cj*@b`bgCIcu%{(UU$
zPTc=~^t=r%c6c|H7)z(Sej04U44G{9hdu=^^?_w=P<!WQ=a$L4;K1!L2`?bg?6ef3
zVCbdlxV1yVE{9|K^X2%Gmqbutb#E}s%FjEG#dt|Mk1oJMwV^UHU(1kU*I28h(mN2j
zn4$_-A8qRyP$c@+aXiQvMt*{E2R^8{$9rst`cY7C!1iVSv1D;62Ynk`5G!6OK5E`&
z=(`{vQ80bxmb@qjIJV&y+9l!-ioKmc^a20WxNBq&{-OcLAWFOfrk_PZ_#X7g;(A%A
z?!Qjtg^q74ZjDZjB8}FBz{SQ$3Kmn`B!17&quxfP0QuEdjQK3g3HfZq#iFWu%6&ya
zKcyEaI)^zlfFPzjkRssatgY+-$CA11ua@T$Tz%~UPuU;(a*fycfocgNSsLrbl;uiy
zJ`i-cRU|a&3RX!bn?REOt%xunirtS~sCm#i2haSG+)Q-`4)I_ZlCuP|%w0-fs*7Ow
zGucxOc#HC>MVCA=fnQrng~$$?&r1MrexHf`u=GncSa|*C=}5PMFv!xaiLtO&rkC%M
zm(^G3AqH~q@mr1`PyI?qkRB;etim4M=XQZ;lh!eZ5Q%A$^ePT?2f=l?h~_DmHtW%$
zEzvloR80YL@GmOVW9)Gu`1NMwN3I}kAuu{Xz4|02EB(5|X_;-@Igt4eZ5Y~~TY1!>
zdDZEv&5FAk%oJB!+6DUe5yoeU@-KL&0#_?EUiZogpoI98gDU@seITTr@Z+-fi_XVU
z!V^<ykD~$uWtZMV4X)hvRs!QLCAl#m-(*5L#1t(y(CvgdW=mzgtGk*t;98d9lr#z8
z;>fimdkgVcAw=G+VNl{!u1LSySq$_}yB#i8e1I!%Q~5+bAbR@nb8rlX4v5Xqa|lbq
zs`z1>()jJ4xW&Hk?XFi=C{bG^#x}_4E8$mVP(M{Sg+^9!xRaLvB%Q}awl(pWP4^y>
z-1h^1m~P%R__S$X?2f$xCj|oJyVd{`_5cWUxRlOhfrQjwdho%oubyI9sl<)DV=a?C
zyJl_<F76(YT}pEAGn5Eky^oF@%J=33CPNmaeqAEJF?f{?euM9(+US-98WIilSAoXf
zyZe7}@>~amR?H2NKX3Q;`UrnCcQ>zsNcNr)boRKZ<4_%VS(o~@%@Y+2u(1HcBN%xh
z8yaYTrOZCGbc|_8Tn~=^TK2*ZBdvn3Ma@u12@Q`cuHT`uWdgr1&!ffv7MYlG3;#I%
z1*`M4MFcINav+%-D>{-N8{T#6@B||gU{8AUas77|t(C)2zKI8u;4%~trOC2#7Vnne
z-OIjPbgF{{$?DZ;0TPhheN%uehCfkY{UNan?hPRR6b!<geyRouGJ`0h&0<-cZf^cG
zGeyaNzFs1I70o~d-OayxvcX1UH#${33a?fLS{@EaF&)lKZPz43eD2m|t_GbG+bn?s
z`1G*9rD}ohBXS|PUhhkl)aF(T`in?GdlS2G?U;2Gh|RfH=`SKu0GP}qC}z+x=I!^{
zZp-8r6*u|x4Djxdv@F16=9^+`Ie6N@I`Xv+w;?Vm#K#G@skYIWzQ6h7<MGlTAO1S<
z?o%v%Cm4~`1KL=7Ir-|8Ojps|BtS~Hg7M5Mm~%SvgQQ6y$EAH!e2?TFwuAYkdN#zr
ziO`#N(Ig+$cR&FTC?SSsT3ss(>(D(zcUtlHs2*((6gLuo`(tfw9KR;uQJxCjvAJf!
z<<SHqMYQj4hA^Aa_Av4!)@{ePp22h6wCr9b&mKkVgSH9n_qr~p=^-)ZzZzZga8`=~
zn>n!4S<jSDa{j9Ubm@BgAo%+FO8A-$>z=j>>fmvA_jBO|bnX&CjjuA}FsZk4LiCa8
z`1j)!&6ItZC-S6E)K}U}=u!!LLLuO+7?9cQz%N~@lYGUV)G>Wgelkf{`1Y^>G<3Mt
zi+;HockX#g4R);^nJ2nGRPatq`Vn`XEM;AZ;)`f9*nGJvA(l(_kVnCy=VGdt=PPK|
zHfNb*S$iKqH}!wtR|6tB!#x8YvRxm!UO_+j<{(X@2w(YaPD}e0CeM24x$MYjby%5e
zsJ_~DX7u<@*Wvp)KKlkKCsPsDq$0XWWm9kFm!=9Tht0?R8()}6D1|Dx7*sjvPrTJH
zyU`nSXEyGVM&?f`drP)(XH<P+D6CDe<fU8HNd)ML62mW~=AdgR8>{11mM?~lJXrAs
zWQt%D!l}`zy%wGBbE0q_sScE!a<s!8s-&r+rLkuw{l7msD48hl(HHOFT%(a*_Yp@G
zkChimby&$J7^2)8$BNBaKq*o+ddFFdjKyL)h`=24UBUC<=ex(|@G@ZCvU~kN!+fQN
z!3Fg61_qV?#gaDQI%A+pjP)<wxdj<dggN53kVhKJm>Lmk+Sf2IDmgT=8|<;cp#J-A
z<ZTx;CHj2%5tW-D&6s>+HZ>a)G+!%e=?(=g&ouY|Mhc5zNWznf;Tw>-`{<NBF*o!}
zCNupz>8R@w5m*<odXL~-f;@Mfb{XE-5fpIY{CV)#5@Z=0egmEhKe7`mJV%dqBE;H6
zV#SdZP9$+Udn!pQGTw*-OWZ{1uQ;;RG?LYL;#H9#hG|EBHjO#)ZAV-&97{`!(?K2W
z!TH%M#|~y@iS(GiO1*e>9Trjjtch;COeDc%{l?#1CA9uT2?o6WzW!*Y&bK}PWds7e
z-C~zPe3uulT#wx$ZWqfRTKkPFE5LU4dvng!(8sI1A&4>f_4>T~yH?{2jJ8SR=qmI2
zIg~S`iT5%Z%mjAPUl=hp7T1pqtC54mpLk(PVX!kBVx+coB$0t)*1CCx0urCDCU?t(
zY}?{M=inE;9*f$aeu@$ZA#O=7CMUq?sbs+S*zM4i<~seYc%^rpe8jY!k~WGw{o9Wb
z7@WH!RjiT$?7Y5D-Dq0mYtcWlYP0kSU=eqBIL3Nww&~bR>rO_fmCUjJo~>_l{#kDj
z1RpjZ`DAa}70#BE20A@|X!CUcu<dTH1^L8=TuP_H;DwN_x1Q7ezD)TCMGMqFPFeS-
z9R+FsY-H&A25Hkp4U>{$I|XYxY%bSo_(S&uGI8~%7B@+GtJ^H4Cv^RlDnoAy*T+;~
zeHvN42c6b5erN#kVX2(S2xI+(d8Cq_4YXD^A=>nq)i7JZN&g%zoP4GOrZ;vr>sM=(
z5D{O+6mIS@zAxksxU+wd`mTWX@^a}|ez6Ip5gJXkd<cbwkx+U4nX(y(s2>su-Im<F
z&C;?Q*<?ezCGY_Pq<T}~xU{#*Z1yaBZRWS+-j+4gYAVV)VelMD0Tzzj>BXve#y2#R
zPhD1zv?w*=q|(D|ePbWk^qS$Ons|5Dzq_x#4`D(gQOIGyE859y4X*)Dq*zoRzMsZZ
z_lni)=QskHupg(Sq4z9<a5o|w1p4|o>4}o79GO#{I*|2q;XGO@ih4|6eDK{*VD0U(
zQ{ACv+3z?)XOwT4^pvK}=V$9WbJUn_4u~xi&@K5bVJP9k<i){y5sA(kv-sIx$P#Su
zD6R7|(eGVX7Q9wnCbj{RyX?1BDGjJ^{qB6oZ~P4uk=ZNJlEcSQW-IVV#~>W~Jr<d9
z48iC_(&WoyyphG+zbI;V1cz&DBj1TkvVwo*|J!Rr+OMS5gHKfRpxWEE@TxRZqWw8-
zSK`>bNB4LdpL?E}x+OSnVzt{^pFB8DJ^9nMj?HGR37SzzrhNmbkc=<1V-LJBQT%PX
zG+yZCci?vHj2N*Yhw`e~L<udy7$>;iWkU>Ni)eQLh6-;n%CJ>w+WKz|=edkY*izZ4
zr%di7GoWxtxah%T<!vNB&a8<1-Zf50Z);1#dCj7Or#rjoHC;-|dPLJAz>+ad?>rn{
zErVGumU|xE<lYomaS{kG`AVa)D@sIh8f*U`M*xvDGlJikNh^*GMOs_`7mY<iUD7p!
z)+T8}AYb8&JmKoi<xQHt_w4uwzStO-zdzd|#2ABeXK5me-Lp~SfsbWwFuU$jwqo`T
z_JSNZ|G2YyYEeO4vNC~Zq{bAaB+Ysld_+v|e&n_Xp<e@#!bsMjq{+F`Qhw-S!#ihT
z|ANF9jz9a|j$qA2Uoy9nqW5b*^wth8&ePPIo%)M)XW)TbIp3<TO4Aj0h-Ui<UVM{P
zYo{<`rj0TAO{^8{LjHNp_*pe}`>7HZh8<2N*6G^w+4QYu@ppRuDdnanPI;|BWy*`+
z5iDHO2=Yn5n_fYQ1AIg&GZAzCfL7l({W#FF4cW)IjVtgQ1R|ABf>Yg|l;s!Blw@VD
zcfaMimOKw-HC&oBjKRKx6}#^h_pAwg@U3^|{E*M0eCyWC^8Re*#WK$G2F-HA*BCxl
zE;|Dd=R$$QzfUB?D)EvGMUxVC7e@!v>rcy1drN`n<KNYxg3I-8pzcD&4E^fL4(Bw_
zV8%62HVMuiz<+7IC&)LVtRA%F1p+Bfr03o|m$tqm(tzU6{-n?E_{c#DS3;|M;;YCo
zYkfIKzHp!CMlt?J1*?5hIY04RO0=;(0*-W{I#olJ-evxUD0!Ek^p-cAgcD3SUd@&w
ziW#^_Cr>CcEw?6LmseZ0=BFiK6KOW?UB7_Kl=(d)qlS;6dJdXLs~$vl>;33n_wLdP
z1=V+leb!7&DdAs=s+JEI`}N_u=HwU5$)6<)?=DgaxsxB83}}?a57=(RrfWaT6>&id
z9A|7$LWr=#R~bu9-vt~SY|9!hR5O_~y@7;6$Nl{v95-cY%L3@=wbo$E-Uf37Fw1}c
z7+-1Ln^lp26lF5&k}q#9Yso-c4(fduO_Xk7i1P?d$um^ZAV`_yKOgrfn*xl*>f*0$
zqh7arFAP53fUV6ZfPduom#fv>uH!Yegmy;lHBRatOP+^wT-UQGhvaJVyIJ?0ct9Gz
zU}a;29g_p!+C7)}7cpjI#`U$5TGw&;f?CVYqpdmr<yv;8&XA&p(guqsBO;{!H=r>y
zHKw!dR8aM`+h()~KdDLwG|%sqwG6s*;kxODb)R_69@MOV^F;$6w+z2$Q*Wh@DVfAq
zI6^|xdJzlVrrIA>`}sz-u^oHp0VF?PdJE<Ed++fc4iy>H8hmvBDQ*E((;as|Fsy*u
zgWiD7_x`B2OM@)gH_&S|2(&_>{f@N^O7s8tl<vJ;I-{c8esp_IXA5pufI{55;>iNI
zgh8j!?;t*iLYq4Dg)qa-0yVPe`v4lD*h<bZk1K4!67Jh+*jrdO2@*75#TAeY5WDG~
z1H1G>Gmses76pg&t}IU>>DwEjDC9Wqz&qdn{?)qMRgO3bmf4t((1l)mB*a8T8+)s&
z{DalMR;F3{n=68%tI$ixR*O-(QXzT$#kYuzQ_GxgQlT6)Jba$K0BU-%PmDcJE-JFT
z_uM>BRxxjU`E+yMoKpdODt&C*RV%eD?@`-kiZ!p(v71s4%Oo?rYW5qVl{&nIz8EX)
zrs%l`8Iym5obj)36?Wt&Wtr*L)!rpC!X_b&abnG@R#S8|<5H*#!dp_%3RU=ot%WGo
zYQRew6j+7Ec}xDW%MaaJ-Gj{hFx9(Nu_x;rH}`0y%D2Z1-J1Xbn`VYuKCSo7fb(SZ
zQRNP{ziv%0u*uIWwAz-nF~qCo+IlG$J6i6B$%8)7NC;h?sG^6RHhvRts>Ezu5wKr9
z>5yRrNRPQa)&q2Uz6@xpje4CsrG?rpW>CugX?Up&uyI}5YhPywJ=}Z5KiE{8Eyl$O
zVmkCUN~d)a%_jyvDcwS7G(QpZ5i3vGS(Drw{Gc^)mUAMo#VF{ga)njnMoTh%FxG}2
z;{4Vg*JGB^?baM93UgAod9QinTH5q4P2gPBPHZo(U!I^m9)ctetMWplD$Pq3*1V(+
zToFR^7?<WOt~<cL(%nuqG8+oOxkyO%KX1F+l&fh%cVYwB(s}VAU#A-sCPMYWQn*zh
zs(a>9HsHR-ner}u3DC5xbGLLRH@`*Pr=HhJkmxoDPQ|^_tnXo*13jRiINWpx9HqZy
zquz3igC4wD_R3`|aiLBFY-8iORGO8i2E0$H;O$H(Mb;)nzGNkoxCA#PVK)4e4MB$&
z3}Ub*kXr(@t?$JY2@0BU^;1MqGxTIH$Ee5Gjvf=wL8lWC%_E?{S2g;e*7oKw&<knI
zL}zVRly^eb8KR{8kZX{=i?&(5HrOMY)L8N~AN7{7MNQ{g*ziNLB%eu$jXWRqE&%@=
zfN*WO+nIGBT;c2G4}a~F0GN%w{Wx6*jZcA`O#pCByN}Du%cGm_3ztU}&Idizn+@9!
z5^HhmI<U>(IHZ|V>Dod-ytdFwj-ZctPSC2alT-Q;6#WGyB0J=-<J+S#)Wq%LBziDj
z6w^J*?Jlzlqe{OLC*8LCKL<R~J-P3!lgP0)F!Gf@3ZByhze1jzQp8st61^qA<*TB~
zWCGahw2Sdu<;<kJN?p9^4bplu^?yJhM!eeB3D5%n#`fm)5x}$ZIhqNM{BC=UvOAM$
zoMGCA%?~or{`qj#$PM5w5*Fd+L>1Gv9Qv$I`Ii20Bl4UJHDrmFx(k0vlnq;#=+uep
z^$?yaI*DUEJS-i#HX`IywV<*=wN_$G0t~UxyAlQw${iij<2p?UicY}g9qAjBrOOJ8
zrQD7yeyT-R_}CQEqnOzT7p}$4ou@_`o+#hSdd9zQastc=uO)I26g{kAd<!33Z5?>J
zVNX81<SO5xx=x9mT-$jsF$l^*{G}7NwNesy?gbQ@dLntUKl8-t!tPvA6R&fHfV>dd
z=-;RBW&cz-|4B@wNEeZ~Z<M-qyNiCvxca>R@&d`{_b^%`G>m*WGTVY$*Ee}LHa9+l
z8KvX-K0$J&KfJ^hWb*JKJE6O+l$?{^>A&%Iw6~w`pz$h0B&TJS47<q5M@LVG44-ex
zrQmj((BJgK+ggtbIei;MBYf@~18#zDtUgl~_nqp2ah?X+n}PKQg>QLX2Ymy%&Lgma
z*e7vtncfbq@V_*l8MZ*`F%ZpWpvy0J4zHlCkF8!45D<EV83k%u4dg=K=A4G)Gkyi}
ze17rg&<zXg{=RK+`5X)aVofnY=Usohoo!MvTa1q86Tc=_f}F+uv}%A4)Ca`tZPW)B
zu2Yb3RyC68fGk#vhvLrCG3+|G()tlvi8VIt5-e&(QEm-<b<<}tbo&<Z?A3L1gfCyQ
zL372L7k*Ibj^G`r<P4K%<6F|Hy-?hF1ExqNrVfYJ_<5-c3M_1eU*|rkMWLz+^?=pE
z&({C1+-k&30dP_j^h9%w!JuCiApVJQ0ObLd^9BU#PA~-O6-a0YBM9U`79J(-%W%+$
zgxoLSg|>U<4lBNSsp|}y*-Ye7W^{1T`Vxjqb}g@a1LM`@tt;Nk=qweOrK>FvAp7xR
z<qIRlhfI!Nt*TqmgyzA6C*WC=BO>mwQ^`r7o#ll9*ay{pYV<Y8@Mw|yl&(W@7Q36J
zGnTHXkrV@pjX-*)PuW2?-TnQaOEN9nzyB>eBE7*y%KUiq1=<AuNz#EhB>9#>S`%C@
zC&M)evv|DZ9nwq_l47KnG+Oftv<!t}iYD#01(?BTyy9a!Sy$S>Vz(c2(u0$JQFlCI
zGR6VSfy{9=H?@P=$L20%8mOS|!&*5``#6F17RlB>C#%7~d>_yZ;(qq&3a*CVQ8gMu
zQSpz=UI?G#{cMMohEk;WvyI6s(2T8TPbYllo?E5G_Ls8Ewh;B1V$ddaXf(d-z7m?2
zw<^_er%{Hez^Pk>5WEiwkRl&1JoGoYGV=j+JC0o{C6tY203Uu~|AS@nDZy2?z86!>
zvnPK0c)S5(sGwUnf+tU&jcD4|KkrEyj#pU}HS9P3vr|5%%+CFD!oiLxDlj+d4}W$f
z;!HPOeSy=_HQo-?)Mt~=@T0)?Q8(l4+p8I>oDxM=w?`_?y<gJABJ2D3u@`Cs+buwL
zmqPg^gsob(a}yHren1-W-q#&Yn@xqYCcZEfQvTt4R9$d=$1q8EWQ%=zi>>saw^lc@
z)abiy=I%DmCg>sS@#dj>^MV?5)X(=w2x3fEOuw>y#QTt?xTSts&!&7y=RAxdd5dC~
zM1<@y$K#3tsjW!i1Os0&j;FETD*?q3wq7*=es-)O%L*ci(Ff-SSRHSY){yZw2*Ib)
zwSMm*f4{uA?Eqc+Jbrd1&)DKBQ1w5U!~bHvHYI{_V$WTlGI#Dl&oSXMV@@qy8r@Pz
z+h4S}0=p))!&&<Qq1eAeRok9Ul-lC|?#iF2BzruF9DlKQY1{9F2-P$M*czNP3k6}w
zu*+QCiNacPNCaKR@;aPXD(CG3)oozOVf?fy`~I>z7x?P(Tv;d%n)pe-92>bgJ6s>0
zy_|U1wOt?SoYvccaLXd_uT!{S%eFwCuwtO?i{4w=x8cvVpf_;{*?ga1m&~w_!4vc;
zwiCZFDHrckA2FZulesWZF=y18cduOmeKpSe?KgLo1Ev;{ejOT%L*wB9#ULG(Iv0gu
zT+(pv2PL^o%z<&V5`k=J+d!}4(1qweQywdR;I6B>dP<IQs0K;n9xYjA-LX{qN|H+?
z!!_MGIz8@0@VDTS3KXSZ_(gR*3Wc0$$%?csK^lEZ(ZV)&3#fa*UWU*8)V*E;{DBpY
z{pV(S;Y&%xpl~3~r>|3_b02L>;Tsewx<#rIoY(N0(ZE@4`<NdT+4U$KDOmNgM>1-s
zDWc0Sj1Hy1YSCx)R=DK<?WMsI)i@VXsdFQK@BQC4TC;2k!Ph)OP8}&SKxILkwNz{&
zz54O-5f{KxTob#;>i?Z5c1@}{&yosv(72Hd=lM+Z;qz-{!GCR$po%%AtP5+6Uo^jA
z(47&bMBBvpk?d^h)4%P>T5>B+D@Z@~c_#jwesA`&6WScf$Q$;(BzhTvwrV+JzGbiT
zbMVA%;k;Rd!mg~y_D*aU9hUZ&)&E(y2_R_C0cd{}7OZ&vq;c{YrMu~pb-z6BVo3~G
z%UQzQpTub;>d*{M3o%Wk-W>j!o@=|WnI1dxRA{pKLKA)3M$yU?day>BRxU+9PJN5!
z$8r0fAglE~wC;GJ1TBDFK9MS~mnj-n>)Wc8Z8znYQgGCbDZGqu14Se`ottF2=^Ne2
z5&#pLi#bPY-gl5Jx|nexmZR<?@+C2$EfZo)nU?)`(&2=7HlH{HuHY~tMl&WR4#{gX
z2g1|C5}wts=NIsBTt{+L^d>hdf#OYH!e8{_wqI&~r4Jb;o3?*f%3&`zaZ|7W*U+tM
za5c^t&v&lP_+EE6uiMg4?_zQ^+om}r{|n%;_^P=!=`eNtc|Ya#tKE|Mg9ceOYklWS
z_%Pd`gY5SThYJg2@Tu`8P`nIeHveM-{ZZnWh6T+=O)nk4!)dHq`5=Cdp9Cv~2Mh_p
z+6B+nF(rp&@7Dl?A+#!-uhHABKBH$(90AMLSxMPJFWcs!>duh5`k?ytQ~v2A5O7M&
zw|xwd?6Lk8yzNz^QEoST2q=_hzNbk`Zdo{W#ZI~w$L*+K!Ycuwr>0Xqddl{XNW#N?
zj3%KqzH0>IHoH_^{VVWRE_6n{^!j&}juXMd^#j+<McVofqWD_7zfpfJ5W%<cjwj_k
zp=-Y^*xq;=m$|j+GCi(E8aO~x1TOy7iJnyIhKDN}m}_(5{K`JBzk1W-f1eh4-R^(i
z^am{q+d6&-4$L#0PpPL~E;AU^vXEm`b*36pxvo`PDZLo|7Ipz?2iWw@Bu`DX4f^BF
ztia<Enl|F!$_TaT{J<2VuT_|Gvi{ayD*^@?g{hFPBOos9vX4(=CS~8x36wEp`7Mf%
zxh!m5zA&$XmQz0r>_0-@KDK$eH#R_D4p;YqmdiKP82-LR`Oz0W)0Ysj2T<qMt;k!m
zjjL__$7fpSCn`a!6i9*ny`P{jr%Dj649@R`W`ZUzVplm?D9`6?4pv?`m#cGB=o;E2
zM-s9I8~xdcT}9?c2I5#XP!L4U(9H&aGOQ@lq?LBuw0P;<tfe%udIGvRb&<w|Y<}rH
zS8MEOTogR^;h>mOAHY>zF`1hnN5Admo9Fq7mmcHXEkijw&0Z^Et}s44avJx@F;kq4
zw6k;qnuYk?<5Mnv*1qHtku6gB5pi+*9<$CUz2Bq;RJU)k?KOn~>Lv?KYM>rAniMz&
zjWaU|7slmXW6#lAZM*`zP1Z*X8tvJDt)%l1Xp*?3L-4@s@^9!as0f&T-DT|P$?)E8
z%)et_ynTcgVB_!gVH+eOtP>$&AsS9ntwqt)JaIDS`o8Y>qO(Maa#N{VhnZ1Aj2HK@
zrt4AT%ArF;hR4$aV^7MOgW4m%eC<BZ)<V|4=~IBLyzRk#&hEOJX;#ImwYOo!E>Erw
zd3yjiuoz_1VAN;QFN8*FH0@n8()ho^*Cdf5^7Nn6-gqdSr3`qZBxsv=<OsySvAI41
zknEc$gZ^bqqZJsM9Q&jF5kXA`;7v}{v<z<O_5ocsoN50%=`;leHM8<BrE^75d}u@P
zULkf_dRZnFnL!51b}nDI&*N85We*FdFX*;G%P9~RejnAI8XKTTu4@vK!#LI}T&pwr
zrhOVu9GW<6$Sr?uW;}`*nHqM9fbj&5o?09ZrI*L82XV?F{;BpcWPIawloMwUW+VEt
zS|EgmjRf1&gMtmwCM?41MnJB&yk~6%@hyynj)lglDXLUfofKY~$iXFa+nZx3%WgG6
ziu}e~<wc-jzLg?tx$8QB7oho!vTioT5ymcKT|%1zR#cglCOmjQYe*NdngYR12*rZ~
z#2NL=>5CJ-v6PI+D2S7%T=mmCCu0l701zoF=DFCm;{HfAQD8~>UtcnXb&4*36U3pL
z6!23-?!w>GSi3AgBfniPHnZQ4%EhSH;r$%{Mj@SxPw0HYp(I=&LO4G2Q}5>}(j^Wq
z2B6g#8ILdC{!?%%R1)8a(D`XusRr9<_g<}VfEYijRFDjvIqRe5QSg1E;@13|7O?$Q
zU+s>sveDuZKQriy`KMLFdf^1TjTA=;azVFrSX{E1OiY6byc9jDx-wN|3!A~GAz~HU
z2WPX$T)mZ8nNf~42mYrfkFj2qt>hja!rGXcO9%nFykPxpUWpL0T4Qayh*-yYVt4_W
zp?&Y7#X)(4n7NsXzGjKI7Q$>X7--?ug+*qNfb6Kscvdi^`)O8V-B1Ff?QT(Icd88S
znPtVQ15Q^lmc?~hS6Pn{;a4=dpq8hg<ex8sAs?ig=B;)DmW-c()P*cf?2&*znzMu#
zTLdH8G_G2?VO*j=r4lab4O!u_Qt@Xbl7iMWQsv0r*GWdKs*o}ZLvX1h80f;_;>1qm
zN<o9Jp!prsXe%W;eB1P&BMB+irY$@kn``LIt1rDIy<VU$Y8`*=pO%qc9)SvQ82W8%
z!~vSOC>Y5+R-~{W!{n)``V73`+89I1VrS$!J7cmbIj}vSco1_47;*ZJY?1{=9XGif
z^|Ew;$#<mA?Q?FkuVx;kfRQH;@9r2y!n}WDez~k32f41@vhZ?bj#u3mzr?==LoX%R
z)D$s1j4Tb3zhk7f568l1B!uh;O70rovbYgPJSSSGqA^eccx#J)9vi4TP{eeJFf&hq
zTm~g(vPW_R@$Vd-oD(Fg^*)rDKw5eTJwewbZPT|O*`L(F`*Z*w@R$zz6zZpA`9A)E
zm?^lUM%>A!M9leq7Lx*ZRoh%US--D*^d=vGU*^7~K-04Gw!O|jas+%zngmxeJ~@{^
z*VzkT;|hO=J!ne=KZJmTqrTRSC1v^7y8Pn&Oz4|as_0^mAu&~Wz93^Z1<T}C6@!vJ
z<&4lYW8oq;nMQpeBM1(iK2}KT-$rdJda)W@=-l4@58?gbd=p2H)$k^(R2zC*8J4L$
z?ZtNm>LGK)>QsTX=hKV5pONn8p)DNbDBWrSVC9W1nthVI<d`>GG9AjQRFVFVw=SYJ
z>&Ygq-V1A|E?N;Kw%G8Cgh-x?#)rLZv<$cy1yDiUQOVVS&A>0U#hbdf!}9HbD9tM}
z-1gfTK~jd`)Q}MzId&4LZ?8J|#o>S-RuN)b&R-Zpd;pyH&q`H84k<8suX@Iy(6th0
zPIT%g_WWTA17-7d9rBNeyx`mY>ipDpHb1LK+zm!w{tE^<-5))Pl~%GKC|=1`5%q&8
z^H`C5ys}}yixf=e`dj=3jrZMWL@S-7Sk|c)*3;q|NL}~fjr9M+&1z4`5`g&BeH7B}
z{&AV}83?*!k%tGR(2FoFy6Hi44S>$R3!lnFLzY&S^b)CoKRG=O#_yId`#2vsJ0zwd
z>9Sf2bAX#Dta3jpO6R*<e@xL_{?@@4&Z7;DHF^Tj?rm!&Ho27jbufAj-VSrtRe`fI
z!G{HsSL_V~_|{}YT*BTL(dS_?NTcJ6^@(DGk!tu>D<7xGtdAtt%P57|PIMloJ3Ww4
z|7m{y-`y+x7YcHFjAyg%_Q&n-Q;^iXgyM$Z20%85DXkP3gOVZAe*%8&b=gZ|fgXdO
z-v@v{+Z+~C{~zL$YPKN6^?Lild;QMdyXHdalO$f*A))p(x|C4q(#|+A_U(}>NpokM
zZ;)cOT@~d9X{gvMx!hj+fqQy!JL9;KuBqrpC&9*{_IAc8(B!DI-N7aC3b_S39RY|Y
zuIk#lyBB6b=LdhgA5k72xo)yU+|DKd3X*H)&);iTilM@y62u>h$yY9CtknOZRy8-l
z9u;!|)r(B^&B={iPF5??R-QHeVHPyJ)$ZCHMd98LIwb;Nk>=~IO=WbvCM~#b1uWJ#
z&o7?pk~i7w-Cww|;H4tz;>jd=)3~Qi0aP1GFn`?9raj923nvB)S}^Dw1X=*gC#Xox
zcDJH|CZ9CS607~>fXw8P?X+jlYuc%Ixgs@dF)a*{ZS&?hZW^>ul7dq=0t7lMIIcWe
z^Eod8s2VSE#a{2t?S)~W`sQ`(C7|5x?o<%jsCT&wB@qqngb^-@VcNv_53FYit#ZOH
zB6l$3zrU(`HL6LCJ(R{QxIm-D6UwZTV$ws%7d)|<w&!XB?D6N3Mdl(y6^42?#_`n(
z+4M&9`?UrXq-dMX7w^=2dbu-)5pKQqG1XY047)0EceO+dTcadzK>J2~(NOg(1PlC0
zbXQl?fE(wzIiDw`wWes7xG8hKRJjA!TElG7;+jfademNpLWY>61)$gdF_AyKsGQ&C
zH7%ZwvoouTrJYzlTdC2E(~A_IRzo{ULAPdD(BJk~AKzOmK{DTkuu-ehWxR)nka)tW
zMi=rZ_ItO>;#aWPrTJE+VAFgnRqgq3498Kz`!db2+mQwW+a|9(iMhI<J86j?wzNiW
zy?hx$W6esL^4Sc+BtWyaQgt?~+a;4;_?Nn+3fXi0Y%zk0i<qCqiFkV18pjV@W^Qm<
zOupWK7WZIZLs+ZVU!w@D7mk0IC`$QouGMRLmZ3v*fkV?n3zroB2qK!6ilRryDKjoj
z%T+8YV_O^?qn-0^Ymm<|yx--uhzzH~wh{XfKjP$ZWzE#W0)QgLZtN2-+^|DS^)8W~
zOpiA8u`4T;YJ#ES|5fPu;erhl2IhS56J+zsAtt}}dh&cVD@3wlooXu~_Ik+*v}y%s
z{ObHyje~f?DwyZ#pUka`bNSn`FqPFj*{M?%m5kkZB`8d9_<8@ZV7khC$HfOZ=nsX_
z*tPeM8%F1WtyG_)lfaWz;ipQW*ZGG(Y8sdudNLrZJLxsL`yGMAh4N*N1{k$tfgjEZ
z4yJUW(Ki!Od*)d3vV#=kh1ez8<c<bvad*R{P9)PtE#0?fZBocaZ;hu#MwT6a5KCh}
zR*$KvkevRj&LPbbO~hN)j&C2C&!RD>f@O%5x*MPR^VS#~V@oHq{2%4cX3h(qnLn*j
zb_&WBEkxg{b+T~+KdK!`=HQ#M;^eT~iVhDXzIo@XJA0@CtN~uTX_s+H7OdwyncW*v
z!{KL9{?=G$dk7B^8`BChMFn5(x~Ip@(*8Z!iY6dP|M4JD`K;PIvn6Ik@jf#MJ(a6l
z1ABmpU~qx92v#Easn2EpsD9j2^KIGiZTkVsgWYux7Trr9ANzC0Y^VRQwY4?%tnLNr
z4BkRyXxSrCkoa+fHMI9`V!h}mwq*T%!9>%1i2CMN(z)aT&Q#0<K?{G)A^|3wdj!sB
z-ZK$?UV19eDGbH`)y0-9wV}^*+?55IL=HH9u;Qmw#^+JVc{9#Op7OFqfyg!*OoAYb
z^gVj1>0GiPL8%V0M-!IWC;c-CLGotL0u@b|+o<NbH$?n`YCWJ?&i~@NkP9lPE=oXo
zwta!vd?EHDO{SEB8>)hx)jTyO+zfikj&lwGg_%ArgZlr0YRI`H(YOWp`U*o7uYfOm
zh4$;tIg18i`8)4F16mobv8F*0`MtZNik^pjEs;0R+v}(IiBH{~o12{`AJzNr;03z2
zjUP9hn>J@n?dRu$%e6P+?{dSLvTJ51BGY8$^Kl0<`XN-DQkwJk!@?Z(#}H?rAJ-cJ
z)x%lX>Bm0|#q1#84j32r)bKp2WC08{EZ_NbksBUkq&@`;(dN8J27Ysi=DJ9=Q!Gbh
zmMU=AczrsfN-1jP^81^E>RzPaC8!6zE-29C`0#Di8B#`%_&%<d@muGj$2CNTMiq%x
z6)MGo#U^B3O*^av`}lnie@i%@-F6#nk$IZ$M?Z-4Qr^GxTly~)yhx1UG+=rcYs1mt
z9dH}n`BIQ%|JR(&V!gM59kD_Y;zEilSQuj!jR*?Gs&SyrbhJJSVH+;hi0EBMhWXM&
zGT^+Y*#IveWg9DXH7i;9<gGJjMz4eN8J{P1jh5#(s?XT~dSGVi!CZFHc{<#X)F)6O
zS_gkWv4_7CBwMU-H5=XH3y@%N`LiDnmn^>UQ_aI(etf(%EpMGPwwpW>OG)F#v~>G~
zING6J#X>*sphZ^>M2zZ<L~q2Jb-pg~|Koho`-r*2eO_#X-EgpTLCha<W|75`(4g85
za1Fjj*?^oo_rlr=&<|`x`*<6jxd@E>pvgBPvAkOqc(^UfwV8?f0BGKtyi$s(4Ph|z
zNhIL01VcH#Dkv|CBFJLfrcj4C<k8pDO(qJmv%U<>FnVJ|kX1LDAE-F%pCHVADP^1`
zC!3ov0-4-x6QE>3U*&&8<o_I`wx1m5uXYCNj?87HW4GyqWl7<5<Gd8W)1a$gBD-c;
zIio~Kbkpkgn8MN|0pofPE;{LIX}Y4YYZ6;Q)%vgNx`f^t;|&H_?Y}F+bFQDKW%G|S
z(v$N&8tj(nY%mz?(f5=de#y&#pXZH!W$r&rpmVx)t(s?`YQg!L#wUx84o&kBIj9lD
ziCw6j8zhnF-6%@L#BCX1b_IF85Z;@4>aGvvcfdUZo=gl42Y`>?HrzXTqsf!yjKiQs
z_R{dFOr#!YVdBMUk|yrFcklM%32#Rq8dwD@?%-vw@4!r5r@^(r4J;wwfg2O$%*yz&
zoPj0h&cv)bl<);>VaUt!S(zuQCMcakQoxz#Bins;U99Cy6c>G1BWV9cBp*Tv`0!jv
zE9na8GIb^@U=<c-w&?^4q91MT!cA_BOm#oXK_5^4yZkL5X@8$i#d)9+30`M~hARVR
zBYDTQC>)O)^Mq`bZ`Je(c5r=!HOF6}hRwZS`YJJpF8{!iQ^1{A{?<+;Geon*_riJf
z>JVy^X&7{&B*Y!9!F=h_KU`C^yG3Y3v`9;v4x%fb0;oNTu4pmMIcWx7dj3pSvTz8D
zFP3re9$BOgC~uW^z@Upd&03m6i?ruR`h0Oh6&LnZKfbg>{VTHahCS}zg$YwdLNNm`
zU`PNh8nOBnEq~bg`9-<Q5-MCn?VC)eW<%&!H`eq`FC&8c&@<&Q(hTO;eO2=yOV-jM
zsdi1;Q9x<soAXM+_1fr@s2aPbxT?Dd7M9{j=S}c}sh%@o4PH*6@jQh@QC`-#S`D>J
zgXZxx1BIj`)A}-W&HXnMak4#EbMPRqiunRfnZnnI_zyX>0g=o?!VHq%gE1o_;*Kr+
z{<Vw!V}I~jp{QUy&bP`r8zo}+Eg@z;6DP2zsQ}!Rzt%AriBF{R4f-9aP3{5oN1$fL
z*FEC2hIq=e+zrPA@OqU)3&;q@Z-!0=&lX6@W3;AX##qrQ9<pWM4970q%LY+UqvezT
zYJaoxYpMtdz2Sox%Zt|zV8~_8smUJT-++86ZUYb0>Vtqi8jGW=pq6?kwN~D<t-?vR
ziULR$s#`7T5vPPEk--?BMQoD3<$S6CS(E7)G+7Z+X?8Png?J+!&{A2fH&K%c{iP+X
zG=Q;bWxu?impFLWe`DUi?=wW0=um)xqN+^YAFPw?%I0z7A2}Yrti<?RRk2a}S;hL;
zHWiV-QWygk^SFQHv+)fnvix4+xFCbW2n5F6c!RbkoFEAO)^$Dg_!u!!^xjC@5Fw7d
zX=FDIr0ExOS2?qu6<u%5zFgxmJcSlrm|?lGWVxVRwHN;Ik(Lhv$=jB<SHFPnnjX?`
zL8^Rtp4aDU<4W>VT5>KftFZk}USNmUB1pm4SpJ`bBlv>vJq1L6?<k?2mmA7Z7+|Zc
zcs_LNVo5NePonZAxLKPJS3R|gy~)OYuE`R%l90O_ksS73i<*uEl(5ts<Qi>0?}IgE
z2Utzk{cz2|onlx%J(`+Swmo^H^F;Keym<*aI$=yx%+O;j!<6(}l-TT*$fa^-<M#80
zq)?`>mFpVjRZa<yRxOTMs@yl41I(hC@3F=}S||8#cnCQnAD0&wHsv>fC(s-RDtBAb
zWcD=|(5PW&gSAQ*N5uk=$se~rrDj|1J3EWCb&ROumX+p`w#6(oQ35?*9o`HNUvOjL
z;1^)|Z-!oIJIJEv?+~_npBGinJQ#{Dzeidf4}VTyy-ZSKC+q?C`)hDO%inNqH^vKC
zR-ssJTf^s<o%3wE%3N!Aw^pw&ZdK<Z7&tai#Y>fhqTW~k*nju-*!yPYaQ^`p3^g%|
z*t@D%J>JF;)biN)$(OUF2_GK)rgeg<CnS=NTHMu0j(c0P3~SVfku@vRAm<)$tV%~Y
zit6Az>Es0^GLiVKIev`}>`r%}BK^ot{GrV)kk=oi<ZRk<JBL8>H=9(3FJ_K{rY<xC
z5dt<?m&Ns6ijZb{?ymRxi6eBHA~c8OYe6`?C<{_7A?$1iY7IA0ga=nb=y#8$f<Go!
zvMUfLYkti?mu?4cdt&Xdu5oIzy{~ZIMvo}Zv9$&HK31XqA2h#W0L5@p9=*+fXahOP
zrJi2=wXYmZZ9MRU<Q8tfzBI||tr_?it2gsvVr2IGLYpjfV!sKe=C`MN6re;qD6N0|
zc05kEh%vxRM7ex`6(58LH)M1bZb{+r>W}xh%36097iSUR=z(PiX#lr@r?C&U_LEN&
z)**nRvq<=0sP!&-0f6kDTgo+Ib&?HDF|tZcRyvFhfE#iP%!Cnu8vf0KieYE^yuUfo
z<_D%IY>A$YOtQ8RFT(kP16N7waz0Q`ej!BG&K2t(v+DMR8%*;dQJZd^vT!9C745DD
zCua{ljsnY4Ci>rzzL5dB-*MJ81;p@Ck3$9=ITSkHr2YNx6F_VaL&{MI<4d-(yNDzT
z-k^ZF(HNMFi;1_B=_msu(O{J~J5AESo;I29fh)W>wb_b>(Z4w@o-?LRv^Bp=v~Ra%
z>pGU^&S^(mA|&KcMKd>hrTjq;vSsvz20PJysJW1t51J82JTd<0#A7YnfL|@Q<yCp4
zPiR6>6J1*5CJ^V48T(G1uY@l$kkEI7l509SPi>uGPuMqtOmtAV_M&6mPGR=lMyfxq
zYuCJqdFiH7M|S+*_(`(Xhc*Z27K|=iz(hH8Gdk)iI+Plb)&obny1`CGqlRHyaEaI>
zrQ};n8js_QKl)zKOk_hrW3ri4frW-MWs&W&rq50f8IXG91z*1u4jE(KotTp}rIZ$E
zc^~BEtrXQz(mbsxeb09iAiv|-MQ~62RM*DWw4J5#tG7ee;;k^{Wv$o_lwy5eT|9$m
z5V&UFvY}RE2x{)E-U6+kT-dm#zi-oL$!GI0_g3<rCM*uE-0Sn9?w;bCMDPcBU)BAn
zE^yJU0ve+Qg5B6LzkX$5^IEfH%vvZ=CW81uq-c%cua96pLSHP)IJsYj*d0?r6g;4~
zx2|uS{`PMwc+~C82P&9OAwb}V@s6``bfuam3XZ?y6<IBx>zScDT5tjOdE=5GDWktp
zsJ(ED6kKGE_3k}Cf(e?DtB~2>;e8DBU#fA~Yyj>I6U6^x>@A||2)nIa+#Q0uy9ELS
z3-0dj9^4^N!QCymTX1)G3GM_5F2P;*-TBV>&wuV1w{e@bca3UPr`9{?Gv_*`I+^$J
z`aEcJMTx*R$+Koxwd;HmAzH?6GDVU-#?OOofM{r~gP>jX+}ZshdJ2P1{@2;_@2W&D
z6_ZFG!EK6wC3GRNp|Xu%rUq)&%A9A&<D41%6*ad$5wf8Prz2*@uOHF@iBQov+^&^v
zruTdlx%`%^=p98_+yX#wY8YKX;?~5yCTUR8c~|^>z9*fJ_;(UZiG`T)>o17mrn<dk
zswf+egw$$8Mka+M0^*Zk(YVpK%clmJ^W%?BA7Z3!k}|K=j()9K%cc-?tk+BoJc@tR
zF<H?hDOCCT^l4#<I#WJ5XmzL$%C<b62zz25GXQH)4&?pWO>hVJQP`%>=0H_O=!h7o
zVjE0B@(02c>gV5l7ztWM>q~VUzMU{4-Ypp6-?}*nMg#IX_Lj~4I`WV~a5bs)zai_G
zXVY4kO*o)LE#zR5G^_4sZlidjQq*QEa|?}!J$SeVE}Z-!M~*!{PLvTH35R3f-B@9_
zEEk<|+dwm<5b>q~a%?+BZSOU8@0p=X1F?{dOMqV2S+yx>Ys(HSrg)nVGW}ju9&Am#
zDrL4D@O+E-E}&t3uuP?LTwEWXC~=q=EX&O++#^JiMLZT(hEppi7sr&^jP@dB?X0ly
z6FyJlLm_@SxthfgYp5j*#Bq?EX~(2_+(Md3xHKJ>iRfp*1z(SYm~In;vtpv(k2ZS?
z0m0ErA92ge_UfyYLbe|^hD&n3u5-!2_e{pvsN_JqS^2a?*^ozXY&$Z3iA1NQ$i!Wk
z&WAq1%VJhmG2}UyP%`;CoMS!>6OAGixn-J{7rBY1gYt)k8PJa1d;q<NU*w<&#*i&D
zD&t$v{f9RIyeX+^F$+|)r(zBtwBx4o7w%Y=yaxm0{A8wRuQ_%<M9nUf4H>N=!6m_~
z)|xL~4_a=(9@jUVPAb26JvCwZSH>UAB@~9}Tuwr2+6XIsPI<eIGOM+tC5LsxKvVpt
zuHI&Wf;1{S0S|i*H>D2ddrs|Mo$X#BUQ$EST!UOd-@p)clk0i^Dpz73R7ErtkrI%x
zv`U~k270T?VFY#f^2fXy4XM$Bo?t`w_dsNBMJR2KDhgLhN6s|cB{@7XP}&Jl+mj#N
z5jMz(b2Us&hc2fwCdwDPi&iIPzKx*2%ec5+ox|fuak8*P=wm9SLdZnEL!wj*D+JB&
zf}>7x8$Tp2;{vG_OrT6mn3N5xWSPIjYb2Omxx#OZanU-cM*VnkQ9^y1eoIenhSVGf
zZM?lcIR=4R6Qxp5(^YC@zp`<Y5Q=nDic~M3r1B)XeTKL-9Jbl+y&;dJnZQ-(6<@gW
zKFFuj0}#-h7{$x=QrU%C|C0Ns6X-V|sh0yX*?zd!d&8tkXI4ST&Q>Md45@uC@R90q
z@zJnh0ffSm3UBIK60p);lzi@l^LT0P+(>3pBxEjO`v(BY)AVFN0;@M!t^WH%b8}0|
z3z=S5_L(6SNb8CoUf@;vi!1qM?R=Kx-<q8ny7^|tX^3z)Fj4<)xL{PN{=lEgV+=4G
zU9c@5w?MB6<-NY#9n)YWWq5rtQ*UoygTS%beD%**WWqBK^+Ih$YpkMQ*KOFCBu4?d
zItA#e7ch660_|Y?MCVlUXSw(474%v?DHkHX@#9q&nSWs7#q&uyn1W}<WQ9Q-VD-z4
z`jA**>!Tn|t6Tj%ZkybuRLb(PVh>1n;F>{}>&3{BSk2g=gUS_taLqMC<{27A5CLhf
zohMKfRY{&iQ8hQU6c17`OtU?AC&$Z31(ZD0&klT6nH;74zRz#Gfxh!9|M(QNYt$PN
zwVW~oNn|V--uwAAuLRuxrGxFYt%J}sK;P<K7aNGF+{;nLZ{Cl|`3aW_JpaywQHcip
z?TLv&Ehq6{&(x8XC%|@-tlkn)dn&e>=($)<zGTaWk)XEXjVlf4LH&HID0o7hZ#FbT
z)Mmn;6$Bc!XzXWKKz`%RNaDw|uY-HSWUU!@73(yA%Mv_hX3#HUlJn7Y!Wj%8@$z%>
zc49?!?qiBv3fqJhs1u##i3Eg(4k&P^e&<A-EhFg1jA&|d`n5^dO~z~NMHOEJ&qX4V
zx}cknsk$ef$CUMpCH9z(a~?ue;j2dN%g;`Gt$q9H0T=sW*egdd(0E7W?Qip&Yp06@
z$F04z@&hW4ZZ|rW85Iwg0{cJ=FC9<BH7&|IC?uI{^a~Oir8G)tY8b$kpJN?2bCN!)
zDqLtT9%ah#H(L8eFj0&dx9(&;z9=s?^n(XVu5f0$w)!gLEd^e56Q2(I$#u{u8kX<p
zdgV70p6ocv<=N=ZnvKn%g^wO21Ah~2q?{4)qS2zyVo|T)gsME(V@(U4#AU~>7Z-1o
z{3;A>aE74l%96!#J{SNNI#s_h7vdA=apoD%j&~@sC=EMAtO)ad46;KYPeG>w2hXfI
zT9&fbVm7Qj8NXPMkOegL#~;0J0tanIFovYwtB7Df{=SruKAFd5&oGK%+OHEJ9EWS8
zEDF~DAq+j;gn^^A<4~3~wRyyw%oy+yJ2SAcgkG?IZaLd%9!CwZ#xX8G_tnttPgC)>
zOb;}5Lc9L0WhQrkOUPK<A8@%?Q7NUOb!=OGuga=a8b4GqXTdky9#6}(WGWZ)B_%qC
zUoI!uKUWF$rKhz4qZ0mZ8VU^K`)&vhz4vr2+rI*u*Q1&0zna?~zvI)DpDiVA08AY#
z3qL?<?4WtE-wnXbb9`@;<{F-yzAbcrNc~@zO+oy#voBkzao8ccT$?|PF4X8jWNfcD
zoL9LmEkqztih#oFA?<sE$GfoM;~^s`?%W>@<mzcv(+3!i-H1xkIP?oIBZFRz$^SYE
z2)QBpyZ<_xB7`|j83{>623Sq<?O?tb2sIziixfh(oda>W;x0DEe7Y3pDd{x`PdRP5
z)^-{2&EU2(5H5FO7%m?kGuDMKp{{JFp1-di(Ti@YtmCckhC+}5KhLux=r>oe-IHWb
zi%s$t!1LT;Fn6yjJ>A*7dgh{##R99z_iKP{WD9y)f_h+G*g4dKJ=+EaZ_!@Dv<87h
zUfTdY0MO2#+$dj=Jq!Rsq5}uw)r+y%P4h!j?joxq<avf@Qp<4q2(V>ORC0J9@$*V&
zLCM4K9@#T1T(!C!&!OMvY`$%BanWZ>0v#PT()ii8DbX`Fx1QW)js)UM-!j)KKiJpX
zB&<m2-o%y<QT~|A;P`eP5Z<Ok?dDRN9rx?J3fLg-xT^U4*ANLobN;84iPuTD5Bez6
zWwn%fBq?8}#TXi|M6+u2*GUb2`RHzu-k+$<%vK^?R&0v;ld5Rm22@v8gg<md4^t~<
zOJG~h*b~~m*d(G!_qE^Y*pxs0rehsr?ek*7@lyL4d5FIuv3jZ@Qb5_3D?>1Z8SN?z
zV*}_hMz&TKi|uPXXy7FQs$ZPTzunP>FPzNxh84AK@xFQzNV&<e1ns)-9+$|{LoF&;
ztqyz{DAq-Mh;u0np~m@===w8<+IZN#m}cQPj&-hVl>}5(O=A}lgCX~4D!7<wVMiM4
zDI6WkSu;#^hvsepJFOE*15N0&VzctzPBE}3^78IecoVU1VBXO%68$oqJAShzxcJ`F
z(6zM<s@l_Ge_tmaa+1{ah4+GX_}n+?;^#EUx)g+MN=%MsdpZ!bn-qhy=25X>U~t<4
zzDPxcI~<v&_)C<d`Qgu|f5W%nJU~$)BKsjVZWNGDZ1KRg{8%yiWPZS@YL0z!22}XC
zT!S!oyRS;YXK#lG5A~;><=-HKUjt?eg3`4-vs)QQj$5L)Ef4CY_1J=x=&o*zh23|f
zm^%o=njI}I_rVEU-G%s$t#mFW_}4C1#&)VTktM|vM<GvMPFt<3mS;>6Yt7P=pDIUl
z*cJ8K(Ju1%3|V*k6;waV(V`Zx0hlc;Bi~_nnk<r|bS~)y9^WZjxgnRjvmxxJU&qcs
zq#Wl&0OLKd?#nN@2=eT?0_pv_X}sFH47c6s7Bu<I)4xr-x$cQ|5p#Qg6Mmyfa1gWL
zes$>(I9P^qN?Tuuc&Lg09$kA(gs_|1T!^@J?**oq;?|liXX4gx;7Q;B_1~bC6Nih6
ztF30wjJqw_9M#w90XG=+et;1<VI<(KsH9z=qusZA>z#WGXWBXCOAep=E4h=RgO8s!
z>=)>Ur?cL#xVIP35cCABhc2~Q{YT$DuvDnrP=v>&X;gO5XFddC3iglseMWtaA`fp!
zQg}{=@*A&ce1^zf(@>EC?j2zZ4($dGzbcP+bIIzE;<|GvFVK*y5dEI7fqroFUYI`-
zc_`lAB1J!IM3JukG+v&=y%oyJsK2rh5Rp_Xkj~0sdu6}qRT38k(ZU{T^TFQ+v$Pv-
zZw^l6rbB8*|K%Byv@eLS5x>7s{o+D2>PSVjFDXC9-{!{rM&L>fFa_m?E`h6n$}Yk0
z;ry)povh1Y7u1s|wORRx_0V*4vJlXnjM}=R>t_(jF9f+r!Tr+drNr!EuV5S75B+*k
zDLC6lc3t{8F|_Q2;MhO3R+-wGWtAsKx3eR^WU3pntYG|0Wotv9A{AqG5IyX2LHS3Q
zh;Xh-zrU%Y8LU5m!i-Mi)e7X<vX^3Y>X7+-hB;sQ5RC**W`i^(h1)mBbB0;aV<|)M
z&?j&_?!?k~@$I52hY-}((gViu4ad|x;u#$tapOS1kC?2eL8e&hDhIjI+RPzRUAtHK
z9Om(!DN%8+Aka-7{=Kt#%t-YwMSGjL!9d|&W+!7ZVswBlZn|2jnzaVbk#Oi5Hka`U
zIF)oZ^`_<D(LFKsT6}lpVFP(Sv=Bb^M3z=l{o1((p?`J>ef4nuHv+5B^j;wG*lw3E
zK<sOTECT--exq!Vr@))PNW4VO^Wi@7C|*R&u)2(7VL6R;ak<2Czc^6z1}pd=dd3(C
zo6`Vnyw*R~iHOi>r75*)V^lAngpL|7@($B^{GARxVUQ3*r1A-VSZQaFBw<~AlEfHl
z>Du`#LTUafptdZvvMI{$;8mS|Zo;M`NSb?m{&atpMgIA>h$m-EM3|c2{qkW)Lf!PJ
zYk9bo(sVvC;PyMg>qcWFi*X+G6<28Tsbd&;cl4~NSOXrK3Ez4WOL;rh+SaPM-v}4q
zxPI#OST}Sg?7Ya=wJJix=fK~pYkWGlcz2@h2shea&>S&Ryb?4T{zcTeJx&eJm(QRl
zkuu7hmPpY^?3%o65cehD9az$l@45YEc*~FgLXUkJ0l(g@jdhKCKyPE?;MI|4S_{Ag
z)yzUEwDuf$C(_Y@$T-f)0LHx@+V`!g^Y{M@(p*=dj7MPZ6&P#<UKw&hUFS=w_3x+l
z7vP}&q5vDcfIId>jpgs2FvvV$R|O<%G8t9yun5U%<h>`XYmI$%K@|PiG9K=)P}F@v
zrJ4)J`z(U_OpS6(7d599{R_yDO!8gyTQsnk6oQTSsN?mcIV&enaHy;GMc>;>g8ehk
zQRjcz^;w^}|J~0?xto?SM~KjnQHAsaL6@Xcrv=1Z<_}LJmB|iTRRiqu^NMiwWdWtD
z@JvIdh*E*ZHM3C2%3IK}JrkHwe{(Pc>5VmLzxFhUU@1Yqqi;&8egxj*QGO^;8c&HH
zk&&5-gt&j?jSJLU{zF!y2<NhdYn-l-L@!_YF+$YU&*|^T;0)AoYD`EJ$z*@;$Y(+P
zAh4oq6J%ByAORUWMAj!2jqQ`;4DHv5=>IaZ9~Vx~kfwKhnMh7)7xsyN)|lE7F|uw?
zJ<_p;*^R;yL!Q8#GZqjEV-F2<(-z3cXE>-%l4*p{Jn-ZEn5TW+La<UR{Vr^Y--`tP
zB%B>wfG)VM0UGqE>+9CQx2vJ&B!oNKuO`^dmwE_#Wy35udtR}dH;6{kiH7XE1OY0N
zXEZ^C4rfbfw&6*v#0$0GyM@Xq*z!5cOfE4!)u+5h4B1FmFaRsPdDu_-(WcmI;OE$f
z3zu}E6-LsB1z*ofS<`V8ji*sjAiJ$|S=>EmR&5;Do`Uy~EUel%mhz5KjyWl+pN!y$
z8HBih@>ZzF!#Z-wSxE~o)E+#h+fJnw-JNf6tiy;__&r#|<gnxVpz<}R)Hm`T6h{D8
zZwl(^>Zuw8fZrz$Jda?ZA?MS3A$vgvd%O}poa&w{HtIEh1RR6MvlbSPYUTA#9mUOD
z5vO=jsFXs{Xg@*}WlML!_XJzljMjvwQlB@vP6I5|`jc0{&WI1Ry0*Fj7B85*bI9Hc
zc{fSn;Z*Cx@ND2WEUvFRHn#@tuLT&X6`vEZVc<vr%+NvR`>332#CSGIXuPK;!Kg9N
z{tP+O9_W2aQ}O+R>p@uSMj-nYz<4io31%1rNDB0*-g=bSr3<|fU@2}5!umJ}qad&&
z!{f0&z@3a<A-U(pOCFqSW=<6x#aArO#K98l%xRzv-hDjl4M28R7c#QQonc;1J*r;F
z8U75Qj9)ac4LiU{;RYU{P?{^~19fdl(+&k4_rB^az|U*o;Vo&hvMLOTJ774FG6r%3
z7yI%2<q$2F7;m+YCHg?l6T`(SAD)9njixz%iJ`CoVeLHasCX#A%kD1jjBSC5!KjCz
zd68(qY&o|VyuYzhRoi;ufD^bAFmfoP)dP0JWS{F!VbBwAhhVz96rV`XWEbzr=uq)m
zn6bRt-mEHG7S~nZgzr5(316leNojhi;&6Y&;b>z{s$2xj_~T$)4hO0Y1Y#eXvPinb
zOTeaQmL>5}PTLi@<B<$P_YT3ai4b!=UhT~x`KAN@#_kaGP;%2!ttPOtB!d+J`T+cz
zW-<YP`ZICxpPIC^!@&<cqJGAMDp06(<{VirYg&X(*8=P+nsnD^`mJ^e8kL+`K0-we
zPU{l*43ym(2bp<Qws3hgm@Ff*Y!xa8OH6->CnV&%Ghsj3WTc5Dk6SEI<IUs<0q2K8
zBTM3x&~JJ+T_SKf)z{^AA)|SlsepJTWyjIDvM8(wf5ee{5WatMn%IBFhJL03!<O}5
z|7URUb(nK|J}IoK$hme~aQ|NiWQz$%h<^uUx*qO?=VdF7rS(6=uTrdqM^WhDLoqgf
zakDlw<oC>;@tse5mU1%sp_Thz+q0LEo_a%@w>JUND0%3qC`Hy=2BD4oba`LeW+kee
zChPr9^JkX?)71p=1hp7NdJT2?OE({KxzwMTZZ9H=jAOQlT?ektms^HfHa-d-D`3pz
z$V|YEuKQHUzoSE>XW*$VWaf#hKK}FdBX5)6NBs0lv#*pHv)=&Eph+TL9x>$n_`Q@T
zo&i9Cw`IqM%+2_#=htvgX3i9kqh}Y^<Y?=h`e1aszx@jO1qN;U5@(56LU{)8<F7Se
z(@2Ko8ky26$_!NdL)P30bcFh^E8knAy;Jw$%rm;a@#0eJwL9NsHahXkh8c;}@2{zF
zpVxaVkU8nV%7y9u`@xxjhMv~=jyn^37eEOwSZ7;eq_E@vYrkl1Y!bWEe4^!~zA>vX
z)?3$)U(@lg$34%#$@1lpUDV6sXg&Tr6%l>oH!{g#$ygQ9`5RKiW)L!iReWC^v3NYW
zh&HLJwey)=g(YRhcbUH(*_gKA7R&v;*H23Wi@vOVl{Zff=~Z8mr7HW<nnQC!06tn=
zl!n)`x}d?FSY~w~OW_bq5v;IJ*f$J+S$F@5ooq=OS4#~=!#rwfuWQ3>5*^4vPosKT
zPUL&Sf9KNDx@~r*W)g^u8_<?HOsL8?`a2QU!UP@<eJ$Nis_z#Qr)?=@B;qxzw$on2
z>&Io!D|t>eQ6gDazH68Pa!jwk07V)0lVLpX8GgazXpej0_q=yDQPte$@3XI#mrzmn
z^>tO@G!%FT)4i@NFcQAeL??T-JfG2uWw$2>*O<=0%Ld19-4D}7hj22g6ppJ8G;9#%
zszdPf5I>?2S~Mr6m4<+Q*LF9-pR9}<_*2S8P0T-TOQaVAiG)ptB7JS9fbxpDp?k^c
zDAzV_CyK-1Wb{A!eU=u-EVnnNR;;cR{2|H6wGB>EDz3tH%q`S`6Lsb0J(L_WnGOWF
zDN6JGRl5zwDo>3IC3=YxO$TNq^L-85dQY$OC3>NburJ#~9)0Lm+Bps?W}02I+!M_u
za@+z^GA+B$rY}_%9(pvsKvglX__2CbW)stKjelBCFDV(0!}Yvb?3xv^_h)Zhz((oE
z#ZCD=C?j+U+T=UaImrI5S^f3lE&CiiCO1V&E&XY&X+!vQv;58s7k2uL-6vOx!SNu%
zY8Jz`a@}oQ1kH-*;pBl;b$2sBcHQlt$X>H*goRXZd_e)ZQ|~AMG=;}kg6HJA1tc}+
z0wi<ugBVT7_DUT6sFEpCdbmEbGc)Z;fiUwn)g(Oa8jnFNHH~x-cv6npmQpLSp8oGi
z`C``lnaJzsov<g8?%Y!c-1|gMB&cWc?2PM?jmg^_HkaWp((VPlbEa<TF}TK*B+t{Y
z89doN%8LP+S#W3q=too9sW<68`D5FC6<Khnk5r7CN9ay>aBMh-SHu}DCA5sjo+WeC
zs5+!gaV_HL=T&#XOXYKHJfMpGo}(Z1tt4!<bd`zV*({b4)Y9_L`jI8|29-K@uxMiN
z%GhhCp}^Il{HeygM@IH#?3flk6@yyVwNYXY0PGQ9^!rc>u1KTrJ@OnUROQMf8n!_h
zx!~@w98t#u#aHq`bk;)AcTZ2xW|ylTpAE_PnjLS*sVd%3u14HE614M@8Ti7%JL2Ws
z?=$s|m5AchIk2de5<$q6-%Dn0APlwUCW5PlS79)3D_6Qg_5@VC9G}oiwg(VVv6>ZY
zfJ(72*4Fp>Svae19{2#I`W@K-49Q+szZFBfCiJjnF`v+fKq^$w|1a!od$is$F@8I*
zuxV-HQ#<mNFx4p>xKQk}1{5|AGLdkICkLDE!E#plX-m5H%K@5UG_gS7!?a+t=<I6`
zFClRbag)^)RkDf@$hWK72h`Eh(bTjx3HJ2aidu83dOB13dmOANvNl$WVoG3cyU*aV
z{}<|I(}-37?FpnT@UVSaXEj9o9IuV}8v^k5Er*+}q=zWw3E6WW$1mgf$}~PYm*nBb
zG-2J;JpnjHR4q-U^}v0^*Tr4|p0Hj$Et1!JT6EbAzb7$&v9EAP$JYnVPP$y3Tr*xv
z&$!NWDSQF_0pcH?yqdO!@HTLN<4M-QJ``bz5n7&;I~iBdEOmLTto1BUXkxTB(?2kZ
zF3&l%e*YiLYP?_PwvV48=aN4$)d9;1aC}2M+$P1yjeX%lBYtO!L5lH>a3g$U14%tc
zz1nUB6>P-N8iQPsa$xq_ONsguZH4WR7*zBBl6E)KK3%2=X!*>N4PmA-K5S>3Si6KU
z8=R8Li^;JLZI?<)g60nuf=CF7-gsrVODKr{5WE?B&Kr*yNP^CCGeez-t#5sSOv$IV
z%-OB8#7~Qn^W%1z*|z)Xg>VuIH<w~<zT0i#=3Xy!Q?>Hqnxb6r{Nz{qD6cY)Mr{6N
zqUpO5Whql(e{ndGX5ds)BB>&fK2%m}epN89S5;PtP*o976;<deql^`P#9WgECH0+O
z5xup*b@(}cC8Xgvj}{hoB+MWOJpW5Nqc}fe;_J<x-C9H$rs-!tAX*t#P}OY{KXp1|
z6yp=}&=;M{_-&C_dR9}lp%47ga(}i<w~kdB<U9cPMe64|{gk3k77ApYNZf$IB9J%R
z$HEPZnB|e4(S?rM1RM9OQP|6moi^Y|5jPh00fUOqzHOsTpFO`kuqUHrgLP0U;`@IE
zvydAN`pXja57TCMxE3{9uo01NMKl)j16PTiaikAgjM-oVV7lVGf|b>^?Xm~U<nEii
z?H`+MvAI@90WK%7UKYg`G;%$pCYK^k9nF@lf{sitZ#%^NDEowy7R)+cW={rI$Pn#d
zz47G!0A6&(Ouu$oFP<L%{x69vPibLjwh+GPL*!&y=tJIts1kCGHQmfe2JC0IoEa~t
z*G^Pw1oV{_uU)I17@pR%rUwbLu)Na$Mb4NYsDxRrdmVU;A9!b!_L_e=$CLQFyO9sy
zBF7(~l>@r?d$7~va0YPSZ)ph3{dor?Gxnt{bPcz+SEB4F-}Yh!+Kr;flT@^E68^YC
zABJbGeS?`Nk5K+EP$mOOuQ~>~On#X_uZ7oUy(wr3HERntA?TSUNn0I~;Vlq#eMx~c
z(8kUmCt6>)*)m-L%PJHMLq790n4ZkW^N2P>NK@7rS$hCqXQL(5eh#s{w8)c0U}YAd
z7XDbRyY<#GQAu9Ms*rqJs&WgTDN8+kSx5x6ELfTAz$&|gtUP-vz)o1#f6malr?Bk5
zXkhp!T8~OhtA=pj2Ib1X2Y(_{%+@=`F8!DoAy!#NJ@HdjI&p)EhFT*q-Qrsnjqx#I
zs1O5p7m!pm$(F2K{G-7p<W$E$f~^|DiHR`&gX$0r=e#2s{ehuK%iib*0^4K3Oc^ri
zPlhxd)*%Nm+s4D&ERRVIitL>my?onH;V16XBx2jo-yZ*XI{xPP8<efJN{@S{ZpVVD
z4zCQ2^}yOVP=wyxVGt@VdnUa1D?)BnoJFiDF$tKfxKB>$7-M%@(j|U?>wIgV-3WR3
z*@*#1CM&CJ_Y?pf_M0X%dbUZE*y}4v0&N3lu5Ds)+|wfQx2mQEvsR%;7@@<8E8<wx
zp>d?c?4n^K-SeB$)c0xJkY%-_5O&cs-pU@FvKbJ6mxIzQNbjYK_I*J1f3O5>0Qr37
zj@<B9PmW3RirNaiK&8*&zV7LfS$LCgC4S@BrHz)jahfDfM~4a0al{85H_XGFao*!q
zmT1c5fNj$M4<dmnGQ_cXKN@>FGYCCmzs(FUDu|t$#kQvD9nuDqS}Yp5|Cg9Cj6JfQ
zFwP|TD9}kqPc=MP9Ijmzk@!b-S;E+li%$Nt0Lf0HmtaWKyrgfHy8zrIl2kc6V$6@?
zxK7uPV=3hNYB0>Ieui7HKXMG#xVa5aU+u<E|3f2m{rN{D6luII-*xC$+Kp4lN_Jbs
zFKYR8iPH>>-tBU*zei5?P>SV01R3Qrl7$09!pRhjw*omfU&&&8vu}ln<hVYl#6-nF
zB+k-1l&#?1I$8=t-j>bPQ?S2VLhP<-yD;tyVc#?rGlhhlOka3mBt{wH&&!be`1&Dr
z=@2QDlQMVSR$I`}7>AhX4Ldsf;plaryA-;a1#|M<d|}Q@T~n*K;}Rw1Fb(tKrd9&N
zs?CXAxzbLDrZX!-tpbgc9UP>s_^5e%O}l;!_iXc>=&NHwJiuZQc^JUPG1dD{oL3#4
zADOdDr&M7z#~`;TpiI?CV~2F`(kS3Sam=9f47A}pl24Rn;tMadhDdy&*w$z53Qsfg
zft(jW_rcW%t*dPJpi4%rLNP6YUVH)HlQ+=Wrlu>%iUz%F(i;Qz-LX%)`;@QV)OW4z
zEXMfj9j?d?gRZ-f4;ODac}6Tt8S<h-3=&X^Cj)z%$KZyAejhLk%f{co=<VPFohuxa
z_6S0VY$JK}z>=70IsDE3<cbla4-b4Ji)P*b;UtRFsNcz(7exS%G*Ay|U=4g)2GGx1
z(WC43Dd@K=<zU(H15uO1OrYIG>yAw>da)>08yA;DEWp<d3>*Wu8ViHgg-Wmm##aSI
z(&$lrmdtp;zm&(y>sIPZG_+L7a_p7VjwR@ECBM#N8h%bD@k1&QyJ7^=!%4rj3Rvo+
zKPO8*<SD)3lbKE*ltOwb1Mw^dT4`wwqVbv}(75Q)eZD%uUl-j+u{b!BbC{!(Rl;hX
z*`C-vb%JC~JFcwqYdv-Bagl+v#WH#nLw9#Zu_=uP+p9~jxWRF$vKK9k=wKn(E3x2v
z7J?t<nAa9hCt-{_^0zv(Fn4`=RD*gLW=TIaUu$gOOrkH1s>ue9fTio_=ezQ&QfW0*
zTBuYM`U2Fs49EU7wYp-joje2%BIY0_!=+cYlGaoW-F+lGo08+v4>!!9Pl5E!1wU$_
zlqf{L_{bNo2j1u6ptxXa)iQ#%&Ne;HU%`Ecl?St8Fb8xK$d|)S`ElgoCR~NeP#)WA
zM9{dEY^p{J9UUFbzz5xX94vIhxC60lo)LJd(g7-0u$MyU?&55wW-Fn~3wp45!!(lv
zOQ^o7Q8baDN5&XDMK<x=hL+nm=me69uW$>?kG*orD22N>aGs9=(}C9j1N$gg==`+`
zdT8Gm26@s<e;fk7qTHeGnB7!vm(zgA5a4tuKsS$ZdK<vT+1bB|*5;Co=yhcL3G{`1
zH1erued3Ss`Ni3%2SDq(lfJuP?Yqblbddgz>g_{Fk+zfHlbk4}ELB&Z)GO^3W)(`C
zbk*qi6?TsY`4^Kle?;=$TVpoZ_BC$_d_zz_eLmHuGczHs`_*Fehrz}(Q@5tTqL3Ba
z{w6t+R6sfC?e>F-u;6gjHk|NJ@0=sdWhw9qnlMwr<D8Ibz?XlWU+>qu<A-U}M<p*C
zG&E-O0C#AR+1G9EJXnm|VOqQ~PbYCjM3%TRmm~hcr8s(AYD2L`h*dlhVM~6#f*58*
zY~ko_e94)S$RCgm?U=P+iR7#*7g=<PBD1$xhk$fSXg!f1{TFLC^&K;V*Tm1xbUFP5
zMVV}g=%7*rHzdF=-T3rSWP;i&<uM8#(+6!ut;pqb76Yo|3As$2J+a*lBacJTD4fL!
zLr&H!K)#f8ULFtf-Ozu1$nF9wu0~^GPHLnwmBQ`H(~#TA5TKf-5(+^C3kNwr3@JoN
zz&lYi3Huuz!>d<KhbEQgqXW+nmo6=FZw3ZV7Wpx|t}SyQH-~u(F7Pv8_4&lOxi+4}
zDiU*Il{j1W8%sTLhsXBWn(B%!Z2Yxdm2?&%@__X$V#ZDfvawDFgEp=VRX}Tv47qLx
z><>K#d$bNi83V<#8LM3mB2-H0&*w>>0gU6{60EKsR7L91o}!8pUPeXHlUGy8p%Xl@
zE!`!^o6$t+oZBX&$Ar(v`_i1v+U<V>e+K`FO&O|i(5gs7GW#CyFufyP*;G_URz&@K
zx~GWrAeh%bWfnz79QBCbWcztCUx0c!@91Yts!gKksurhoF=SCh!7RL9hq-i=Gr;vI
z*L2pg=8-lsH_B~@hNZgp9DO~{4esT%5%Sa7c&))cRD#edcvc^BF90)x6ecoQvocr%
zan2=gBS&fU()~g!Cp%Byi|s^Y*O96cPTT5`pKM_u=#ctv!w}&dH)qINC#JtS`eVXe
zO@jk5U@J3~W#8~S{T2KX*QIkL@cV@chDt!nCWX+tzlJcQ)?4#(?;eCc=(8aB;RTd^
zcBcP&_?B(h05Tf7X?%<u99=UO6e3xoGI0tzeazneoVfXZjUSux7*muJWyXy(SAdnK
zVm|Z`(pM&H<dD0ssctL5_!l?z+ZVN5+(=YDgY}Y-%vb;GQl(>gqcnaApjEU@Mf?}u
z3wdTCl1b2;$pV#{6)7u>u}sDd>UWKjGwbgRnNr@eOJEb~_zO;lkb6rkmScHRAK3V>
z%JBh*{#w?5gY?JL9^QMtp)Q178DMO*zEclube!oJ@-{U;!OjkR-P5Nw{FD7IU<pU+
z(Xb+B$Ea>j%21C(pSbo0xI~3s+%8%B^Z|r<+Q?m!n(DaqE26=7QXL2d4KWU9%?fNg
zE&m`cQ?8iGtCgnJS%R~~m5F#y%K+$?Z7(nHZytUw?%v#9^ZI{4iApK2U=fG6PT(B2
zHrY%%<#lUA?aIifLoWsdwl+DRF2JfiWn<ARC@3}yNjfd-5um%B`<N;DF5Lc_tIg5b
zaFA?dNie)g-Mxz>CeMPNas@wP<(@O_JUX{{X7uF(zSQfZ%pMZE-esZ1$lvI=?wCMo
zSma@%EVl@XJzf32W4KhqE<}7@N<}>PlF@Ham;Xg^m8wj8nW<8O%F)MBp3&Xm+0sB=
zRb5@b-?o74H#m?TO&s%b6}xyg%I-cp31mvR{?Fq>mAp+N#Ojpo^pRBZy+=9CcBnpy
zqQ6856Wk_kE}vGpE=-4)h!=d(4mOhP(#YUn-^5P3)PIS<G3&G`nub{aIdN6K!|aUu
zjgQuUxjZr9x`Tn8FT}n>Klc4p!(1A1*k5JuQMU}ZN(sNJq4r77SJe|GsPsoH@~6r2
zC*@Fc7n#L2TO8+a!TEk~mvG@;_7EagU1<s1Bo?AEAu=OG>EchyZPeeAcJ_yc0w&TG
zw_w{0O6Q<SAfpltL>WY#KHtEP^nAz0t69i{{?z+iFgjH)P<tMaC?$<9sV7g3kdH1E
z45b6kzY#GCRFO<tre5qp(f=3ubk}54;ds96g3$O+*aiL%`P7d4|017e%$vaE6Y4*a
z_oBU7A6t<93>pe293n|)z8*E`+d@+I)o6;66^%sBg8AV7-c5)K2E51iUEh9R8|OXu
z$_0`(->56#Y%=p;0kJjFw@HSOY6vsXh0^Ow)B2LM(8Rtube&I_BRuo4J3Lz!h-yUc
zFX^uk-v#;v;~nvi*Zk!lm4u>6z&O-nEV@$mal4zt`mT8A`$7a{J;G%BNqmh?yo}5^
zjKoxr0TG3Wyc&&1j$c`1KQ9(KvWkjAGriwiEe^0~YKTfwC%+P|H7=>j`e%YZVNM!z
z?K?cORQL?Hd-0CkCIl;EXC&;h>R*+yqqf5RWvv>{(=s{bGPZe|;{L0hCi5Ic3dhr0
z?ulTFZLms74VT0bKy-p@@((!LN1jrYFEEv3RMc2l6Rv)18GIK;tr`h{EaL@jfbH%I
z;2pF92Xf_(>l_;}n3Bj(7rt*=vG-lhMJR;{!Mjf5=d_-J!bM)P^}bBZ!!RduI7>i#
zj~8A_*t6DHmi~eiIMY8M`8cc=MUHHH@;4LWV@>oRk`t^)rE<V}-ai%3VMEsT*LO1Q
z7yK;fX^JYO#XVT20TKf9p35{<%vcPdPqpYf=6}n0!z!nlzOuI<)w*ssr4-Pzp(h;x
zs<{H`jy0H5SNl|R+r_~5&RhGv*);CQBsW+`rh5?bUJB&-D(SRN^mX^w7vh-ks2)~Y
zrehedK`+ouow`C$X8in#Pmx}q<Ypz}ay;6Jpd{|=R;^ZV<no?23Igvx^E=LAe9Daj
zH7#z~-v2YLY+h?5k-4sVGOS>g6yJr}m(u=yQ8zXW+~0Z{Iy%-z!Ge^+YfWh^Xt7(u
zW4m|iqwA}clEZ)Bc?r5We^_|x>Dsct1jARIdF+1_Dr<b|x^tLRU4Dg|nuh|Yb%SnA
z)gM^oA<B&a?{6GnmsajCQ8Z2SxV8x)FDv&)86H#?8VDTW{d|hN6_M)MxI!2Q!v2KJ
z*$a0bR1X1*+pYID8-x+h|8P&aNd#{j=T>~}Du`VCHTE7zDOLrMK{*G1!mMrei!Hva
z^h_y#CA__aA2OB;7(5*@QtKic5*eBCjd`aF@&e%RV+3ex>THaE8Q;d>B>YoJtTDV}
z-j~ixDE?f{X>k(PfJK?;o_37Mr%z2fOl#)Tly!3R8J_YDAO3ut*LLMDslCTi6;b~@
zWO2*TVcd~<3ibL^5sx_-uF3}7RIUQ^;g_s&4xG(xFDWLUkN9gyAjCOi!kb4_5CkqY
z3xERkLo;6i*?!%mK;B$F!A&Hxr)FAaV$wp$S;he|-H4($Q$>Y$WP@$opaKdj;T4wm
ztTA3Ohx&Szek6kIL#`2HI))7V(tqR_$MhK}ES<Y=vbO90<d{lF0m3g}Ic9<*Xy9R2
zr&N|H@V8Rw`hY0{7bb5eLe`c%j3QtIlEuG!#3Zkn0$M!p)n7pVEqow@e>Sz0P|A;(
z@yJSo=&RQOWC2qS3e^}E##PN9bXJ^$*V(ua$M8AaBddG}oE$dA%4WqJBq7_6*$bLW
zG7?Z7eo+gxaYN!rW&)8h)>oOW(^UOb<+|?CBWs;=q3-GhPdzQ)sKaiR00JEG3N#cM
zf|=k@{pZ<HkW?Im4lAgo+2cV2JO;0C*zAEAbDA`5t2{2Rr(&RTe-G_Vd}dr<6@{zO
zQYAp8l9*v5sHpAwTHAlWwkyTNTv(2%#q0XUb<S3@2a9d0R>D;iyKcvVO!wK!=6M^d
zptYr`>n2dj&t=z}NZ$k&kY?6kkKCw}6II2SbmzGQ-<tWzfrf?C@va+H?`s)CFyJ5L
zEC8=&&BqQk`o=T3i2uv%$69L@bxytiK-<?`^R~Rqb0eAI{1?X+_!=KjTgn{C`!vya
zyb3QWc;e-Ly{=DQJeh^)oBSB!+XlRSfNJ6Z`sSab_>vRoL}?|!hA<DGI$<66`c2m9
z#nLs2<*Pzs&##sdU4d=^i%L_8pEzXZz8xK<O4FitMaRdmij^z3$Jj7b+~}zM8d>m;
zj3AOn)f~C|YV>MW^rElFUQpF>+^lY1c=g3nlEV}dc3>|kH{6qR5WN+3GaHRH4#e9o
zB;1Zqiq00Nh#m`U+6Q{#NrjCJc-qgUkCZOcNzqy1fqa$^hG99y+;ku-;28pQE)LWz
zK2UU6%_A8&ed-lUSSK7MP7D=vA0n5xe5ai!zasABzS-tIXow0!B*#uppt|+$8qE|r
zO0@BTD17X_KtBFik;+0(+7#IKj7Uz>WXtE`7pAAIjamj2qyPR>RY{~O^+kO0W2(Ja
zFbp(Gd0_J<E)-it?XcVc{iQ%VV@of?kguTCm3HwOXzzK-nRoj>ONiYNt2flm+q?h1
z!_CqHxudCIJ6&`z8`}R)i+3XvE@$8Y)PEoNl}3AGG%Q+Pwix}Z5o2mQ`Jce~iUZ^1
z6&|lt6<h@%ACK}RKbU;;D!#wgDddVISjg!&hmOif!L#_S^wv#a$L(tl;cUIj4|X$2
z_-@$o(S$qpe)j>!G<3q8H#*e`S5-jbp4eOhp)mCcZ_pLI1L-W2h8}Lv)BzsN?S~4~
z;pV!D%qaaeM)?7+^e7zqWDqqLp{qN}qYT_5e=7nIh)--D($ZIlZkgs7+Nm-)H-dIR
z+5D=k=k*=-;gU>vB&`AT_x&_ZZTcR>^SZo5Cj4f1db{*A;_v`8m(0&jUa^9%q&yei
zruP64ofiu_qv`Ajv3wkaXuYlTw$x99{3KoTH*(8QbK2vwYA*rMA1z^pV6YR(9xC_k
z8ZH4&4!kP-$-MofUD*)VZ}>1^7eoy?fTdj8(qbsOpw8FSZ{UbNqdkeCMor1$h=bNQ
zV{%2rk<5)-jCN7z+kzxU99}`F^<PZR^tEHcB9`RuO_+J|Zdao*`AYE3r&P-UJEBpw
z67;dPsbeVpMkCp+SF}$b5ykLVTRljl&G3QQ7DFfau~||;;ehx(@Ss6u8?xywJx2f}
zjIiNOB}K?WfUX=EhG=v4c~*(&HjMmg%rQ-eH7oeX!K&?#j>~N{jSBX`<YSirjOuwv
zQTuVP+{CHRUn+@9iqzSop)zga>CVC_Nt3JfILBPBLaXA&P$;^~LmtVrjj>@cIx~Q=
znE-YB!{_Zo5TC%lKiQz%M9kG>#5T%A06CO-48yqUXC;D;ANMr%&M*NX8lur!p@z>g
z_&4cuyXH7K`Vxj@D^#Y<<%XA*DXO%GK?KE`QPJx9OuF}akykD;Jc<C63xsH=UwKv5
zPc$Tf)GF(gOLg%iNyts@M3Bc(K`PLJJiAY>AzZGQh=WVEtln-7gIp~uK3#qr6)eh{
zP=sQ6m^@<3B(l?I7Matj(#?Laf;Lk`*JvQd;Is(6K-ka^`P<p8NjwT}5?W`4j@@Vg
zoOA*&>YhwnY|L7`T9KIz(cYirWlwNN=Hn{Z=l^R-z`6T{)D)$uY*^W>nhW?|M+itd
zV_a3^RiPgfCR`?3mC^+44uq7TSLFRZyxrjF$Pec;#+TS9xjy@|`(aWh5*CmB_Ez~x
zp4aWy@T6LO_WmvhM#w&!pai*5u?^FOL<9?O$!)oK=`g7y8uP_e2Gw^{yQxnoORwc4
z0t(bq-X4r!J_l$nVH~inI&A}~oMMFFT}!8Jj4fGZ@J<3H9o&|SbYrW+zh5{E)~nl(
zf8cK=ncG6Qtc%iTN#fqHRV;hRY^rJ5?g&J}Q&iVM&*$!aNg=K`h1CAyxNl0<@|@ME
z+cM0M3r;Jcc$vn|`MuPu$@xCFPKvv}t<<l6o5wP^YMf}05I!51==cdhBrlgB{-dwn
zQ}tGw`-rSJM917CxPCO=86=$e&~Y7RA8P;MU&`W%{g8Oa7Lee&`QYoj?yJ*+1@h`6
zIp#TCf`W7p;{iQQzen6%nK~sty{HyER)GoVm)?~vd(V#<|CKB+hD)bi-GpFM4iDM=
z^=F&7a@Ss-{eT77pq}`vV61nK;{dfc?1VkohkDBcsbV;2chsXgZ$x}4%(J$gtc$Nt
zP0|=|f~CiU0m)0cOQZjROhR%_Lcppx9>?`=5J_w~_tu+a?%wFjh=ei1+sa)&ynjR>
z_1B<}^##MpHmF=33W*%cnFEFM6T9<;JQr)*-_OGm-2|+Gu_9Wt2$YZF^Cj_#UZ^s#
z#Z5SNeV3@=g)l?r`(Rg;!u`zq)`$FplSNVu{TzAd@85xmzT-dJzgCYi1u6NwT)8_1
z+P&QFl?#0}GgK=oqIksnG4LcTIiD}6uirO8j;|*daRwxxBdA`jGT(VxLe4JiFF;nq
zUAck1L8;S#;Iy-6yHM3zp%z*n#r3oCS8w|DY@`xP+KC7XAHtc6n)=3`09WeBcHKn1
zmFF!517BIzcJnakIa$VvU-2Z|NCzi80sGO+=od@{3&Y=2Hnz#cT#!wX%2lYiD_mY>
zRYQ3Qc@@P+Sa~QPow?w>q6~H+5=(^0{}9!LM#FUhtiwzLpNh<pFA9F}27ia4@iI|0
z5DiG1)Qy5`m3~t8I5UZn95Gp@FVi6w$+Z{eFDR9bHJpV-2rM*Hc+QhLM~F54+T`mi
z>v1Iu54nVCn(@75TWOfBK$ZDvVTA-+LXNAdb^-OH%BG>6iC;R85vAlkbB4B1%ZUn=
z#fO$4z*=<L%%5TcR>XF%qGhm=YTl@_b_lh)l6q{5q;$GA6Ow<@l%3qIwuJQjwwQ$0
zuXf{XDwr#g?1d1SlZ$HCxMN+=`FJ~z^qA59-1ooarBb`7A32yy=^6;7XF(G{iR<;B
z>YsKjXga8y?>b56{b((n7`Uz!OftSz_COWQAcHJy{QV}e%s6>6r&LrB)ef#dlHzZf
z=G$RVb(7`mhjTTVifF;lrN<Jy@w7!R;x3<losU}B24L{IQ9&7UD}4yq_crxMLXYp_
zb1M`&TA7jGa#98N8!vIC_pJta6-Ob$ck|98zC+wb4EjTcs^f@;ojJ%Dig(@!jsPT%
zmLBUpT~Yx(V=Q7ogF~S)b}(cl9i}*$z&$|?Y`7Ba(?%+x@zByVIOZ{9Xjj!Vh%Dc@
zJ{)nFeXwb{(UyUnZpU)xV@>uAD)(m53vF2kYy>?x>BRIjKBO&y*lt=nb41bOraXv+
z20zsHgM2*!sUcux>-^Kzme%z*;CaCt(P2X;_sEHP<&yN^4y9ozr(eixHGfnoJI$`D
zFpeUXqRuBhQXgO2?y873dlsfAmzkKpB$weEO{N(pMs%S%LksOL{gr)fi^98`)quHx
zhcMItPML`C(9e=40dh@z<KlheI&OF}tO?f<)|^L^(T(o^@q&ODk$+|o8>|X@(yNMe
z!w8I2;J8WW$~My6f2<&8zJFGbcK<HT)PGw+bup?Y<2ZGC6noj3WAybHjTp7kciw);
zI#~hSnS|f!f2Umk#|i3ui2rg5KNtFb`b@&S#JvwsLq#=eahGDqrZUFv^5%sS-9vd(
z1B@yky=^a-j)xgsp<8@GdW*Kg<ayCuy$f^WR6*5U+M-TZ`OTbg1Ga%a!`=#2{@+k4
z*TAV!XomQmpNu`9Dj9_`I<k5)G4&@HL&_h9#(Z{F47Zl{T*W?eBCKgEVkY8vp&0uO
zVVtZ%5e#{$hMz{ipoIvSA}9iw!)!`n)g1rj0maQ!z~Q@NnlRbUL83+2X)S%U;gx#t
zLJQ8rcvT4h+xH#jYLuKbj-Vh9O^_oBLvt0bPp_kZ#?)&}f{@ynGL=g@99{b3E83xH
zatCvvgEdGQ8kA^!JJ6=@qc8<Kd5;)R5{!``7f<tdXDp1Gdl&Z+=nM07)W<QS1$XWC
zyJ0}}TeCp+lCJ~MWsQbrF;RBe-8!Y3qEy+$L=e&tNjPV&?g@cEe`Y2eYHZGEwHk_-
zpc@LZCIq)bxsw-F3iyQg4|pvw47pa;RvNUcenr-4!ndNZQ&}@xMr_8lff%c`W*GIb
zioyw;*Gd%;<k67<dh;X*dPfCnP~)L)7It#uuezPKhx#1pFB`ty1#u^zgTfhR<n_;s
z8uqelf4=na`wGH>+Lq6_A3;psjKeHsko{#AQE5`W!HQvNhifyXrJM{<jg~48**k*B
zD%Xf3)z}YfNE>$D%4M^jd(%vw80}z(ET2*U*=>N{35y@-ZXV;C79E_nSqkb6u%O8+
z{~%%&F^(=X9Qiy?bBpqPg+-H9lzvnEtzu@m_&S$lLoxtfinUIQtr(JV545D{DVGB3
zSYQ7a5~Yf|wl-h2M+|TLRnTiG`u-g)GO9O7cvhrN83V!q0zV0rs{~Ur>#Oq@h-2~=
zl@Fa?1=N72*aakmgHLKJ6}&ptY7MN(J{DCWSb^x`z60h2H5hk)VYgvxOU*0J5*v(N
zCdTS_2d`T%KmaB*9^c{N1MM(7EqwG~-H-YFL$(~e-zsF$tCRf_U77KDeZ6-hkgf1Z
z2%+Ek7JBrsp;ifkf`S?<=H+ldwd0a4>6Y01>|+H;Ej~$8{mAT=oz!3GZ(3l++PiJx
zLdoA9o;%t#Q|eYvu)yftuocgJp2K>a5ZZsv&GaS>g;T8tc{YQ!kdvpacmD=3)~(i<
zB3C1iyn~WFLE}+AlCzlQ72|K@&-7^O+#44(f4UXR$_8@xbG{YUk{XyeHHw1^lfqjb
z*abj>iK0aj!v=zq;cg`&^km?38CxvS-Yy`-zX*%qrjH|aP9L#|jY;}0WW^;&MB*16
zc0TC&Hs<KbbHwP<uruY~F7$l3e|PzqHorS>R1Lh0TnwC6M48!Ji?S5!LxcY(MX6z9
zgDV}lX^5IQ?aSQls}0|@Fn^*)p(I2C^yTC$4H>E`9X^|~_40<V6kqhk^V93@DX)@r
zeEP!0)*5hAdHH95`}%SF`C)gUKsC&(cC~VQ>(8s_@|b%RF>Lc7Va*l5eN-H{HtcoK
zX8yJ4%<%8eV>T<Ro=(1Y(yZJbJ|X;V6>$2}+0Dz%$6LTlt=Bh04`wTzJjb&d*e~Dc
z9nCe$dh>8|@~*nn$YLKy9VL`E2p8tN7dYb{3!1lEy8ZLCeS3Sf^Ze-M#m6hi`}08L
zoYmYvhrSUVJ}oF0Zs57G;WW0*M$PB6&XOlN`t%!LMXQjvlaHXl=T_c!c|IxN&Do7(
zP^>%Hk){Rb=B<Eb&)n(r<NnbO@cfOPI0xjzfsbn!GneVa9W{U)aC#F}2v)?}z7*C+
zDL<K_O(_CG?-tHWDZfQ4bfmMJlMPN7NjGSCI`%|jS6_u4tI>gWApz1(zR#`9mOsD$
zNtt*(U9F`&tbrW28enV^Smz6w)dUA;6!AhVRzr?zbeb#v%u0BFf=bH=EIR~*_@1{K
zz@2$~{#w<i@L@qWa>d*I$lp(h%O;tlsG9z6)%bsI=M`)hAjHZ+orZ^(l0d#Juz4gW
zeDay$p$oc+OsEmDW2_+bQ==eQc;QkNWP=~kKF%UGK&#zhpez=v8*h0rznnge>KnUz
znjPw!J>K6=+nJ@>kY8{DoSZICXYclVrlJ_kN%5ZCA6NSp$G~^oU0(kc6{9sUA%^qd
z4Dy$!Jh8DR$;n2E1vlDU!AlwRlVur#B?q93l+@tW+0FTFetY|&P>oU9o(b-B$ckM?
zz@oSDFJ6olO)w@;FC6=GO?ypyddsNbCA2f%*u)6YD34Xos|(=9!7Tio5QRFx(`ODv
zCC(iB@Ruw5J^Ok5kAP#~7)=ECfVIAF-(H4fF30WIR<GVsM7iL#sEk0&u5wWfkTzpE
z#&^cml-lgn@r7B`%Rn_TD;=-wpo;M!-XM>Oam!@uR6{(kq#|BiUhm^{ooFXW#MJL{
z!Y+6#bwPA;Yy!~aw3RDDSTl9LRgh7!!8MGH7t;$(;dRKe!}b1u0Ixt$zgs#?g<RQS
z<(b5i5Se@U?`$u#sK<*S=H47*F*P_p=2GM8;!O>SA(6E?24RuZ*xA`Gl^Q}VemXuq
zygoj^9vmKC91Vv@!(#DUfPAQt<r(?9qDg9BJ;{`ELF{<?lK2S}fA_walXt$7v1$Z}
z+o<yKz#xB$#sgbCEy601Vog@j1(?Dr^0JCmLe7*`a>hpdet+V()|9|o`E@^t)s>Ws
ze*WP27wJ81umRTfCN>lYku`w_o`q05jDlMi?>}J#4B3O+x<e)$A-&nHm`D&pAC3qG
za!cRX;C8q-KM{dge;^C#opNo{4^BlC;F5)?YU+|WSKIxUxUeql`J3*ilN7JT9qXzN
zTm*0txI#3yP)VJRV3;NuGu|8y&QldvmP2DO^bjl{M0KU!0hr8|Od}G7NRU+u6=Hty
zlA>4WhK>88R%c}JsZx&+MRIlUE3qP$aa#ml6qOLq`_t9IfA2?^)ixUq7_W}p@#*2w
zKd(=(POdMGh=sbEqypBe+iIr`EwgjT*sPk|!>jY7i+Ut7h|z*6|NGIut}o6msR91y
zvx|eHJ}}7DYD1Ue;Mb#r-}}JW-s^U?364)Mk1qZgyy*jD=M_&e9KN|eIJ&sJ{`unU
zgc$;cePF~<f07m>?C%H1r-A_~=YyJU1?ljk_aad0MbJqQj5^4TVTXYJbg;5<QS92a
z25JVfnUfo}CsjH{7LtX`H}VAqbWQQ6EebzEg+vNm<6ASxS$9N^zb^Auw{rRN`7?O&
z=@a1I1HiC-;Z`E?ZDFNp^aGJ<Cxi3z<I`UX$DtnGf2j0`<pmfd83F*g_T_mDo_9=d
zcXHU!)c!IYTpyhdetL7HKRvUM#jg$ICnYhCpIuy*Q3yVU79z)o1#}ATb$moqcQgt-
z7*ErTnT2d{@}|5{P3|(z<+d-`!5SVQ2dCBhqa3b%`3~vu<aiO{8K}SZKzX6tN~A92
zcd6Fke<(-!cF??~R=X6jsVMgq7RJM>(g}=F5eY0BFE6f!m&E*6PD#SFDkR8|y{><`
zIJ+t~;pV}*Dh@t%0~`z0AV0D*O_jBbjdWGH(6td~qwuXx@#1|TVO|{^pOnojDOcX4
zj&q-1oLwFrkg0QWc35((V7s&PD2OSr$w}boe{A%apt?cURVmvKmu!b|N_ku4&Pq2$
zBzd+aVyT;rZ?o~OGsC2Nec71)`S|c`t7=fwytPI(Nh&s)yeMfi&%m3UrGE}1`$1N>
zqWfE9WrP*3d3B6`QRRDeOkAnbttB~H=yy8CV;$j;;DKb#-H9NIZ+o5hcQ>fqM4K4~
zf6w1s{c?PYm-@U}o8(d^KLX-ypy`&dA<}C=HP3@+V#(OfZy}Y~+tXaBv0cohx9qda
zTZ!Yw+TtpW{4#-D$@T61eB5cA<!^g}dt&UNYZfvth}z-25AIE}8==r!0w$t6Bj}X0
zA2wNpBAS$a@`A~Pc(l{ExS9-{={5NAf3NEnvSW7!HxMwvU)S+wW8)S5n>2>J*rhLK
z5Fu*<H_(qMDNMONvXE=jQ|EO``gK;yCLnZP^TfxeKc8)6`C$ZJr-UXjrXy$Fh&^Pc
z956O`?TM*Lj8?#$*TKyz1Sak+jb0E24ub>W?yiC5ToWHy6vOD6zFptoX(D)Se|s)?
z&DhsI2qO4LZxFicX~7O0gV2iY>2(lYQ=H=K)JNB0jwFPAo4|8p7+KyXMLoC<#@Fea
zG|Ov)?T?MkH3nQz=V1;j1Y^iJ3#|_cG&b?uz;}2luTKLX3We*wE>b2Ql_b|jKg(tq
z#yMt(5S13oQ9p<Q{OF>XVL4|RfBGcaEp>m+y=8UFe^5D?PmwuF=ROI{(tZ@UQc`kN
zLg9KTc^knviF}z=*^d{1I`qY^71M#tTq|hs@GRjdaOT;F{G&&c@i7Yscp{5~Eu=al
zR8C-Qk+JxiOkbI3o8`g(WM5d{DUDI{eBxZlb<Ag_5TSDXPbCHJ7Vui^e<Z0kg>0{1
zCv{@<i#k=Pd>qY{vbcC?)9GI{>C^X{q;?xJ5i081u0Iaee`GxlK79tRpJl|qrxpSu
z2z@GRpz~v!N>R0t4TU}(blE%j(S~8n#|2(1v<IPkMBXycB&f6#@A=z!L7X7)`Zd_;
z?tmbo6Pms5=cPuTT{*Uue+o+~3l-kI)-X`ZNQ&H&`gwl(Oc2%ZxXQCu;iNF^O4us1
z7hFaO%qLia*Gg+3PrDAwEATT1UtWNOoOLa|YY6Qd+~*S^k_3_5C{uV77+>2kiqSe_
zmpTenDOXQAGYJU*LLNbOCEDW#&gtq#s1YiVq6m4UV&FBvib?)}e+jAY2|gMdkP);T
z&2X%4qEhmb1c}^w`y(gx<DdBgXbT=r{|3%6`K$mo7I@j4yfmC9>-L%D`s-rDvw8Fy
zeEL-E$M{(gq(bdTu0`AoWwQ-^XniSXD#xX$Z|PnI+*%QmTLfMMvdk2)g{2|<f@};?
z>;`~@93b1j>@(dte`;-Tu0M$&LSpq57V2{OW$YC2YUEKZOdn;a)?2O;;k(d!P->1K
zyBDRw7o@lo+IF<yN*F(?!hcN$$)Z%GHMQ&y5PN9xS}E&o(!3iue?apTiZ@Wyj?hD@
zdf_@Dih^j}I1MED>>whu=*~h}Fj9_Blx?)!F}Nlp=K311e+G=}Yb+J6uMMFnDkpG`
z;yaIP;+04B7NT;zg(o95m#r;v1G2g0m;u{W*%y+~v0~_r+)y$uy!cBeK~ZPq`W@)s
zf^Z&B1Am(@8O)a^umgt#L`mYY`3k?uRuor+CfU*)pL1wiyzvHE)P*DtW>)OlmgmiR
z&P=htp)f`ue}>Tv@i@v31GY}X5*-i_gHtPZZy`9MpZTDi#&L-HozC6eUE2yRdkWh@
zH0dyWB-D9xd~kF+JTkZ1U7>KvT!I4o2Fezc0O<`X!n@d=LBYaOXx5;NH@%VRhK6JY
zX(JdD%hI~WQesa9a>F=+*6dfycRU#J4dHke3rQ#xe|Zd}^&dq$4mIP*7N5+hla__6
zl2I7XV!5K0<M6`m>4v;?7+LmB60T1J6eDp3feZA5JMfzP)kbkN#(%6Ef3=MbIT?zr
zS%`J>PlOf-Y&(e}=zzZ>@PB;+{FM{SvWc4llFjueAPGs7d_+K*K^%Y%jO`A2)yCBX
z?RHx%f13o>3_|Fy|EQ$=aTEM#{q4sMypkU)qITTAi`*Elr!`kr-+0)1u1{_k6N;Lh
z0H=Y|Dg4AM9g=O`8(mwD6Kw(~z;ah)t{Yx^6#wq6u$Uy-bRR4i;e9t5=Xh*lvV?VM
z5#99vh1TGfL=Yt&2?A!hYD-ux+7yFtohE&2fA;=-+x>GxS6TeeI)d>!d$pky=7zW+
z_E9O!avZ`J@ERxk8!&(Y{>E4%r_9*EYsT|#XjaBq>WU?Ce&c&L#p4Wb5j9=RSPNc*
z0JT~4D$M(JgLw!Vo4_zMn?KqlO+I?T1ZQ*LEPx-aS?IwwkNTn`h1+&bCd2F8ILAXg
zfBJEQY&GyOMC%0v5L<rh2W37Fii1!Ye_|h#J}j9UJe|uEkp>hb1a#ekleL-ge%%0+
zvt%gc-j)#JmFJ_zAd4j(U)?eApudh2Z-BqNCO>ilP<#X-Nt#o`)M5N1a!H&<AKnRK
zO;;UIB+GCg-|3~8_^1-AisOt0Y@qr9f9X$5pdt^*OTMxy)fp)&SvJe-BsKo8U&PEB
z$*5BEAPm>HyQ0u!wxQqQd=yxbbL_`3ijq(jXRNF5tjKr$$+~fX*GnD+HBS(X{tLj5
zwEvmXdeUWj&dD!ZE;bAE<rn5(8mgvwp5Q6Pf5N*Tio4Io{d_49s0#eY{q3DSe+B=s
zyVu}9uI7<9*&{2qrvkd&Z^39eTgWnU7Bmo0HH;%Dgf{iDh`k}PtD(U-hSATi@1iMm
z`k=Q(j01ccGtNrA2tY|s3Kp&Rxc`}o7rUvftN8bahxx!%(&kbVGFcdM-jTqNZ6Va6
zU~nhj&V?w9vMHMP0=Nf0WA&>vf4A&mg&!e&op2J6zRel@b5%`)+Q~#&pgU<`WSw7D
zBOc?A|IU@jBL?#EQ`%x(2>_V2EuXU>@ndrWeG@OX#kC=|%&Lb_DZWV^;+X7v6sWZ8
z*G{&}^2g@ONTqTQp}K0AESVFOn2D@KJ0LejHI(uLB#Q=_QZMNfSvLrif3yz_VNTIG
zoyBkkpFj6=pJNNpBk?>H+DYWb^Mk;T;YYc(QQ{BK6@pP8^t#<{?$c@DUj#wi2eEWI
z4*gq+43YUto6_Jp;;ij$No_37DF&-4As_|XROxD_Jd5R7GVgm`O%2t_k2{l0>vJof
z_Cd!A!;UlRFrPNqe$QMYe;1!P#livrl#FP3h2_Y#q7x8xRENXIo6=IP%8L0ib6;V|
z!Z>#_El?&&#NMIb?Tk>apLAmi`nN(1C0hAZ42zMJlx{1B8Wq{EG+q<mDJz-2T%=e^
zwJ>s%zR{%>6C!CnkR?miO$@s%3JX@*EG%lF@Zjj&@`#LG-<98(e-q`mDgP#ic4(?3
zvgP0Rs^v;qh^OIfl}iTFLnIlO8_<uVc^J5U+(uIt4i^G5i{ooLZY0jCtOzmqudo0F
zrYT1Ht;m{&-PQVxh&`8G0<YVeY!R)}%87bPil3dbbJM!gHQx^<7rLa!P9hJO{{-h}
z!%M*K8V~@2X@KH>e{Z+D)$M#p+?fBbMr$I7_wzAdt)D`2vG+^wvY+o$YX1pF4~+ao
zp9=fW&erZ$4*$E?ZR|g*cxs|AA4F7pK1$rDU}VCNvB{u|&G&aV$h4!_yn%Bwr01WF
z@jX{|O@kV_Edc1%3c+JW=6Ty@aZ_t|d~KZW-_w|xN|8Jsf71dKbU3|rvI}6d+Ny-E
zU%M(fT1DYF3#*r+g>zmK@21C^NinD1OrfWrLMgM$CQz=wONMTmR+=_hF(s2mleOl2
z5p(LMN>+TyL@6b*{2U>W1O$}yDW^)D0v|Lp<%wsC!0UF{+o~K+$^dANpP%+AUH?Bc
z@E?1s;=k_hf9$H~zrCGi{lAijOH(O;S^Xer4-Nb$g)D21jGySpI3GHVhwY<XhUO@S
zvp&0$&Z718i+Z5XZhnIofb_46fQ?l@f<AI%_m=3?T4CSBIC0r9BoP2zL~+YTkiH8d
zeQ>zN!c6*Pz)1zn$Sv@AN-@y5-@m3zFb@)N=b|Zye*=KWEQo`eE&bAyyyU5r{|__$
zkf%!iZ}qy0{bz4~cej!Mt9V5Dze>T+reY)XpGxRQi3h2~=K>1#!CS-l6TAS10U|ht
z5dj;);?Bm)?ZNpmnBauCKH13-cxz;FAdO96Fq5!BT;gwGG$LsxFvcG}7m<JOuvo=^
z(94_ne=q8Vi~kDwM+bT^hM3Zqo(JFSQ!4)-!}wn<|M&KH_f`A<_SRk_|5x!WXI)v;
zW2+JIPa)!E>kEn_*Pk5nzLFehvMaKm_(7>L4Ny$_tVWQZ^y;@kwg%Ds+728gC;M_B
z<5p%lQH-U(l!d&~7vsirg}fWjwMi+AS$HQWe<yFxErjlZ$kFB_0E%ih{IWDx1RWRU
zvXQr?`AF1rITH<pu1g$5lk0rf1kpqZKDC*7Z`O|_`N1=U^K$$<*Bm9-nM2~Fl{GJa
z4xf2L)vHzp91k|?=3%(lK=g>p2$i-fg)}eiw2T%?LKr0oM)jzsK<SGyjfROr?&SIg
zf6kGyNDQkao(|o~?>L)&mSD=zx0j-P<lDuRDPX$gT_ZaPA)`&M$gZn$nkOC7ltf;S
zqhR(M3j9G7S$KlK4_qG@n}VAgK?GR+cw&-W8@EICYk9n53VUSQQQVwL)KGXSH`Bh(
zoyut^CqI@eKcrffBj@7{9m#3489jAJe@}rg>mtEzhccF@Q1E9ayjB*?h76|{;2`jk
z>%a&^a2DLU{v^e@9OEI&-tpBAhyw;Q)drVS7XcU1xE3VB#b{1#1X1As7K~^d9C`)3
z{YWDhlQc1XGqezDhHrW7e*i+Zswi8!j`nt-Z>wW5xBsiy|C4e3#QXo=wtD{8f7{>g
zZZ-S=RXl7&=YmK{YaFVnUX%hH^>KoQ@QYr6D=c2f6_#UMT(LA^VPlrPiQ3o|mb+pK
zKo~^Qts{QH3wN~Wjg8aw!7J%@6$K+dXJ7a?1U+cSK_n1;oSULly|V+m<MYOKq}Ed^
z|C4YMSq`N7x!3KP?=61`YjCOjf8W~K+1~3Z{vW-aoyPvVl1G1YgLS;L$Nm4=`}6I#
zab;l?KYwejyhClp-`7bWOO`w)+NbyV)V7mWx2J8{J?#GVN+1%F5R(K0fVS0f&icK=
zeT@4W_fhVX+=YQ8I7zl+yB%(8t;7<EsS1Tcp-{sE3b9oi!ObJT&`U|Of45OVKd$W{
z&*ilS7khr2Pgkato;7<AGTbr~S5lyLfyrblnmuTCnq}|xU0f?vo-@rJjPRH;+*0q<
zB_5%{4fdtGlz0=?<GEzqgRB44<9CA|IKg+^nPT5~D(WcoD#d9J1Px1`s$@FRNcl>Y
zyynr!ZqNyOVE;x!FfxjSf1+F7gBQ?kueCSZ-S)ct_iC%#Y0D>FkTM2*BZuARoH_&v
z>~4F3_$J=?c6Nu`@J;ek9kN`NmktGR*pI|?)dc0%G7^FiGfo4!1W)(-aBQw<VTeUL
zX?6FXr~SRb$#39F5iXcSDk_8|^L-?o#KCU(+rdfy*UaF%>zkYHe{Of9-Cga<pQ~}%
zUt5RAgSUeN_~u6xaFZFqO;Pa;yu2B5Rt<90ae0<Q$Y6K~Yu(MwRu}qSI7O{h*w$AI
zuuWZD1k^zs4<-R+IS5a`AD$drZ->!H-;wZ}Vq)XoFtHY6!Yr^IBybKN+vXL>clty=
zrYt!F0>c~&VEAK%f4SgA^yrHqkNk<<6LMoJSY40H9v<)P9uE%Q<{La@E|yr$G<@fX
zTDR8I4jwBFat=`^3^`|d6&V9HrIA+HLIG%}*mz;721-`Vh*A%u;D%V*x;MBtY(63c
z`<dX2lUbMpeHdbgjAuXsz?XW{x|mXMPypuyUr6wi4wpgQe~n2l5^>DxwVpO}=-PFO
zxDmRvk;=ah!nSe<lN&_^wom{>sYu5Jvv^e{{j^~p&0vJVk32zID)u+P#T2tFHdTrc
zaY3~}whSIQ!z%Mppky`_xG*M+i<W#}vOvFPWWUNG`;d_d2`bPn8CksHD*?rk0t%o+
zn9x#zEM}2vf4V`qgohrQK^U=+a?CAiuNhij=g>M-=FH_w|KxDz5L&<m@jSI@5{BLX
zt`|PKog6}nXxKpl=}a?H+)UT7xeS(^aD+iawhZBv3c3tI<YPvhWpHgNr5-5j=1_LZ
zCzZr=$|wJ=F%=`~FvP)Nr)DTwwNSFHgr|KSYdwdRe|QTu0@elg9O`56bA{`Hlr;+}
zZ_qh$XfW`LI5Cu>{Mb009`DI@HrC~9h7nsb|H0Ul<*_lv5SyFD9u}&5ohnr4We=RX
z(TXj*55m6dviwo^2$1VC%=y0&R%{V{4{>oCx;eD$(|`!dICzNb)D%g^Ow3f`7nRLl
zP;h7ve_%(*ud0ZzYpVNhB?Od6I`udYcWuFak4|VA7n0ADJN%eUE7{N-kUdJzw8)LI
zS2L-wYfIbOP{TcB6BHP47M??vx{MSQgi<3Y+4^EioGDPdQmTa`wk%#V)V(gCF3-AR
zZ1MOgJx(#BPIz)P>YBi)S2HHI+9@LFEz66Ge+oxRabO6D$|IQ4WG0v+m|Kcp`Axat
zfS4iy3X@v-5HfO3JnT*u9poOf+SeAc4?}SniTon`Wl98w5J@nTX1R*$#fT#`CyN(g
zs=WyrRf$0~#rfFMve$#&Y+3w}O^!6Y`;+`_g1)c=ef(Eni>QGyMj~R^Lg3@qgRZV+
ze=#teQYOljRq{EwSck47G+0*oLhuE6SP0A{(}s|8PDUPHhCr@E<X~R2&2QC~%7^{^
zz3%DpAdjm4{vLE8VkDyks2L(Qa)?;1K*Va@5n;>SLx=dg`fk7CFhATL>?e$(6=x5%
z7|UNF^4uePvBl{j_jWHs!tythicVB~e;PQ(o|XrvB(&_vNZn5NtF{n5R9Uq1NYNR$
zjqswRo8{!p;iF(?Yp-$1{p44T9$Qd8nPMMrQ;+6l<#<hbbRs1=G{JQynKfHBK4o4G
z8LF39wE?Hcdo_bTmT^fC`8m*kJstpQ1(83h+b!Z+ET8&V0(Ut6s?H^Awrtt=e}AAn
zFIFR8=`U+GX|{~G?IGfq$kV5WlYh|5Rx+*+QQ#<p6s04PFX9f>4X&WzqYxa~pz<uS
z&T%Awy`BD1&4lf>jFCnd7B7wz_WEH6_N#ip9*dPI64T&>6bMLzE?+|CZO!ztYg-l`
z{>&JvS$N2V(*dV`=4`L>ETxnhe}rI=eOnLcZE5f=3l)fYd0AoLEekCyaCjkDq_j3;
z<Z=A+@vCFjJDG_N#2|l=RB*~SKx(EPUynsR#|!?Qz+Np(`GE5XyZyYhl;S`afPT#+
zr}ecQDzv|AB^q+C>w$yyQXK4Fh6Q?1hRep19bblom8k*hAqK2(<gilIe>SFMVZW;f
zP1ridZ5oVsW_jyI1^vz}P`*4hgMKRq{VrpamG1xgO&xLYDu;uiK!P}BIM8qEh=bQT
z9Q=YuKjB#^A^d_zAm7yx4I7;-8U%96cgWnUdH|oO0Z}>7#;K>S`{2fE)?cUZFl|~~
zx*gy#^c@Dd67?X2wJaj`f6-;XV5gN}VIN&WzszQq1OiVmyD2r?qhC@i{^83~W!LUy
ziK43}v>nTM6IOBToiJ3x1K`GHM!kW8688$D-H_ndPSv@wmCpOW8RWK9H*inRg5AJ5
z#ysqMlQJ|6cHrbJfZf0WSqki8^+3q$3WV$irLt}wA$GA^AY`+Xe@DoWOakmKCK6q)
zrgXAtTRaW|A_x+Ak4{KXp%;kDfGSi!4Z)@@7yfv0#w+mf<1at)8bZI8gT4y%nt`3D
z3NOSl{#Xw53D~dd0ry7EN27w+m77NWh&>h;gYrEwptbXD+RRuHVy-OaN)LPTC1l^$
z0|U0Cc!ZfxI43kve{wN)_fe_ToR$Mq5bTomK+NkbVs!W`@#8Ni6&NuEz%Ee>Ol;Yr
zqR!J^!58(*`f<jsZf;+Qs;-G@i-FYw1|&y3Ht`s4ii*c(9kI2RA#pA=h{xC^3_I16
z%?0R^5ErfC)Z6#Q3oue+ENo=3Fd<xMTkyW)V9rm@O7BhWe}bS(f?c#8sM*Y*Mull~
z%i?`0lrU4k#QLhK^Ul^*1}7g6M<0e{QlVHm#vkEu^Z|xsQa_E#)~f<0b^~VtCUyg-
zhM0I=hKULVq>YK%DIZ^TvY4pcO+MCdBYD-$!Y<{fek7(<me{7qT#M|-CQiLt&A`a3
z4D6K-xptQ?f3Mauj++(xpt2^;zO4uJvAD>ca;J*A!o887^&-(9{%V1*qPf)!2N{=T
zl{H|H1fZ;7^12wL<!Z?CGg`()*KD=EUwf5tPd+1|+}8dqLjyk}Vb1-gre}p$wp=*W
zssAfBO!KyWd*<s{A{1xAcDXCo$yrdtc;c^ZaZs5hf4CtffspHBAB!n1)vamU1YJ@|
zhL9^;58SL)<EHvFUBpc-&(*Kj(iKy|EhHxD$0=-e<O!{^M>shg)=!XlZOfP{u1RTz
z3XK5$8Zz%6?TPWVEjgb0sO;EudOQGz$C%;3QBg^?1~CpDMQawK;k7L_o^rNxP&Un{
zoPqV`e`|=|@Y=|LFA~rO?l<sFr2oDw0W#v4)y_Ki_3P~X4ubJ~BTYHggJ4`^E6r}F
zQ-zZXHE97SwbPY$JGO+ldnp*oxE|TT3X*(Hbq-h5?bu?Wl9Ow9D(H4%=?*zH+t#|B
z^_;g|RqTxn4c9RCMz@pkJvI(zC&b5GAU`kBe`l_eMU4ZqbUT|_hId-Goxj_$MZ3e3
zqiy6&3vp3(CIX~G^BtZXfuImFe2xPF2&Tw6!wklZ`VesvOn?YL6GVbGY*Rn<RODEs
zBNwNLtg8;K+j*4@<&r-;aHiul*A47U1e=KDwMBhkC~&E7GQ;RtU+fG7_Cv}vd7R;(
ze`faU-6Ww-R7A;XKt4v;%8XSv*t@y>9%XxL{et6lGwE-3Mp7`$L9TP+z+mS{T`b7?
zcVgk9zT$Ew1J1yqK{3RqA_?Nq03z#MO~7BzIJ)H^AJmo$#IhwXFhJ$XP+!0^8729T
z7kU2oy;gm~m|#z3#2|qy`2dECDHc=Ae@y&iAY98{h?m>+KQ<j|H<Mzf2>6e`oB+ci
z!(2*+itm{q&<0@2fJy{h5RT!)g(yv3sLR%kXfpoN!8!HLwPro<@E5-`(XnbLH@(i~
zdNS6{McXv_5|FlNuJvg&lQ~90y+<dsEN-g8h$mmx93eSpn4by0z)WZQ&!dD+e^feS
z%xW!RWs<$@N1h-mnXcOxqGWe{blXNIQ%gxi>CB^=%-DJk<bhkfL)XvicZ1%|q*&2z
zTE~%>pLXNFm3dPW_;Z)d8q%S|cJfX<hrdFo(V*{`VW)(5J>sj@ZZ=Iyg>!Qa-I}|r
z*|>&LAPO1r%HBNQ_+8yh>XLp~e`fJxKdr|!W^$A4;B(?&`y!;`CUil;nxLjzK+R8h
z_5%vs0xO?aq9({#Eg<6u#HSTkixmYP@#4>9JSh*!QoCp@-L<Ue@yF8Gec9(V0equC
z%{xe-N=nYWtO*J-m%ss|p6BC0R4nL<0yRN}EyEo}d|JNw%Qt|+(2FlMf4(xaz-}fN
ziGj0XgD=2ZXZ1oRONoSBFZy|?aaD<0V`aTl5s;w-FB#jJ8j6DJS)XD~Bj)7U<PVe!
z2$6LuS`*k;OJE=3ia@{26abFv7w@;bo|O{M3AfjMycTkgAF<S%Nm;Uo&vE|ZI{WM~
zL$Z-e=BsTHz7h@bdNvhte_oNIe417Mdxr)Bk$}hQvKQe@OlhzTAJ9264@;6|ecg+0
zD~p_h5^<<;VJ=x8N-BHnMbVvr_bLlsQBPhy{bCkkc!ArKHvBsf!s{%iRL+>ixEd42
z1z=eiE~doE3bqq0z>SzO@WhwciE1d!Wm1m}eNiU&5BE=wYAw-jf7nvoP>Cs-{lTC?
z%P)$M##9m$(LpuphK-E#FLBPw)3u50o0`C$$#3ika{d(r{poJl(pukjOS8s(-Se`M
zb6qLd#Hhr<H9Tf!@`>#Fh}6wibYm-{bQDBrH;UTP@vE$dO_c(D_Yygx3O@C67>$OH
z54=pW51*?vRW+N!e@y<4eJs$nZnJJ+c5`6vAujgo7U-m#$+Drqq)r`0+)O?V3FpsM
z_UB(I>)Fg3mc60ON1}!cGh;(Gr2(!bm)*=lDQMk9flLOBBSy!>!>7l4b%Qb!gqYUO
z{3VmD;zWwAH3M)f7Z{{|M!8#Ax6ObuGA7Ou!((z;H&9p0e?T2Z;~Ii$3p^X0*V~v0
z32glgZZl~jDgx5gFXC-ClNaLDM`>!LG6Y0Eg0NVkCa8#or7%f`RJepcDtq<Uf^Vg6
z8teeW9J6!mD&6|9zrS}2JZxEbpur%B{DK!@<O3apA_iVRLU@&xDJOeD-ZLy@bi$DD
zlVAcK3MLUMe@mkMbz>ox$(Ut*v{UrJ$QUQNr5i&{JO`7s4~!N})N3e|Cz&2Nb{H1@
zfL|1RP=@Li<lfZ;{?!cp|BNsf#eLCWpzyXPILPFJpkq;~@cMc|j0HczP{2vqu76VU
zrY6A0;$Qs&rzFW7B38Rqxs^nq^@;0xSh+aEH~7-=e<By}ThDUgX!R=ykdI&R$6~;A
z7~){C1KTtRup^+`?!Zu>z(vf3Z4VLu78pun^ajK^3o`ggpX9K!jd+ASg`GIG$Zp`a
zPWfZudG~>-jCDT4<5SK`oal#B%ES}}E<7T4`g=e}lE@*{y5#)%Pd|kaO)#7u@5N;D
zsLnz6e}R^6vYtZXh=|GM6i%t2-NGtLaHI?VTcIfy887gNlfqHy7d+CGLm7-bI{CLk
zO)N=b9}(|o%*dD&67Qa{2m{dw!7W)3kTS&LSv0{EaTsA7z`1GY?^fuiG4l9*8l2q+
zc48rPf&;g3%6h9F=1_o%3idU|KJpYr$-gzGf1g-V9T6s`Zcz{My?#E+qG>q|8Ky&_
zp#TQMLwL2>>GoDToptzqFg%pM{@?%q|0RF_0l)qB+i$J?{npM7jMeS;qf=<y2YNRX
z2LC4wFbT%=8~8>LAIqNw9xn$8@(s91pb_FY#j}djnu<<3zLqN7hBuS}zC?cL;bqv3
ze;5t%$`N9OO9Jlum=Oo9>{0%%A55_KXbdp#1L3I*?@>oC-9$d!Grw~<*N+#GH+;W+
zw7vzuAHUh&*j(TIBT-L+K#wKe!hN7K*4c(r8sLM-A7OTlO-7Z5KowuK#VkMI7IRl8
z#Ux3G*+%p6fwB`Zj*Wfb$Kl~Y?D11rf7qp4a&1X#HA(6bg>u_*`*}lt#SA4TB-fM}
zv_exFV!A*aJj4Z<Hrg=64h>wcBcOL*Z*^LoZmZKh>GV3i&cFT*ww%>Y*6Vk&ds&h*
zAo7shF(d_YiB=WSR8Tla9+8+#yHh(+jj1r>PeQ3DNFH4#KD5v;C6-1Q_>^7*e?S98
zji-+#q1b&OC}W#R-N?g7Qodkfmcx^N31R+iEtG?+h5RHHSdg!3i-U~2GUmL*5v}x9
zO~BvGM$KcQ<la_2ul0rPYA5Rt<Cb7yH*jl?gI8ITbw-?`b(4NxL;I%HOoEY;AXJCH
zJ|?;0uAolxhqx#&tkx9ZZf4VSfARJdc^(cX`SpJID;)i_y{po3fm0|{6Kuq?qBHdh
zrc3`G7+AA0uwO`}QjP@hYnX+4HIqSPh#f&$N%jmoOS>vl+Y}qC-Hh*#HlN(~bYAX1
z^C}XB5mQJdBZgeDN2~l<&7=~MqOJ;*TpC!a>}^dZJC*@C56WX|seCeJe_?IDZn!f>
ztcdg7%dkZLm2Y78GE_qFyvq`Jk=~2Ee5@BEcZR&z`RLn&Kxv%z=!E1g0L?4#<U831
z_CvwJk=1HORGDNVgZ=(di9~%eC0vP^N`r2zMA3*w0%kN~KztN}qqRS^vzlDZq!{^G
zYbuMDql*xgYBo!ns0pHMf2HQp(O{?2-2#pf(N`}6bu9~74PxE!vX<Mq=j>dy+p#mr
zO;l>xl4x4$d7Z;)t!A>E?9qwNP*e!45O3pR3W5T@6qp6blbg}{ht>9_Uo*4b)lBk}
zLEw1mx_}RYfqQaR>a->c=}QIq9R@Dg1s|{Yp2>Zp#;-yY<PRw7e+}eb)nu+;<uP!K
zUBa*<PLBtrXo%l~U7#k&$mCBEg5?Pz`>Y;7C;3xQ@dBro@MiDC#|-o7$yu;R#)Wi!
zWUOp~m@cIAU>C9R=t2pvW>TG`?#6E!3PizHC)U20LXa=@c)52b<H-SW&Pt5xOJCK5
zkk<<-Kn|!09Z(+Re}4B;;K0Q$gb|-YU=^;ln3v>AaXi0N_oyY8x<PGAaXW;gkylvz
zLxDu3tju(>+OJ{J+alX9c=QvV@gWvMV!v!|f59V=Woj60b9F5nc$<cJH!<VN&$N7N
zS$WkB6L}Xa%ouj}vv*A<$F*AVh$Co0T-w}9$>Uwbu~L3Se;hMFk(lB@kUB=%Tg{|L
zIXpSiTS$Hp+35O_)1V|j_~FTsNhibGuuc6?heSneCJ|}^h@KLAur<SECIlrN5f9%Q
znZBw%2cM=uZE<PKu5PJP&aIz9E|Zp}ABibt<WKA#GBP1S>Asd0f_$l(pd@prE*K3a
z5@wx=ch0(6e|^)3-C#_aqgD-=B*l`aKOQgRJ3~?|+KRK_`@r2U&G#jDF=)ZbSpeUY
zz$L*11}^-7c+C<$t!9$YoCY2V&ak^{^tGqNoyU&%2p5w7My48Y>Ja1sa?~v&hZh8c
zYs6@4Q+qTn{&$ANtxRSC2XlUM7WDa#7iHNM3~foWe{zse`AM*HniLcm77+_11~KPa
zdjg2VkH4IJ1?P-RQkw(~Lo(@md2=rd4;ffFnFMmNA#Xw%5mUczl=8YFzg|Tq(#j(B
zKu0D+johj#&`@|)6Y#s49F!xEI6vW8sQ_2@wkAkeE#n$<bjvow_!?Bp8~JEeg$b4q
z>ucDUf5~7YK~*MwzO6g6&`^9?6D-&l=f|O_k`4;59`Ami$y}2$Z_fzIiEVSvta(~0
zO+Ui*8%uX?AycMXmM8P^%~K{ZO)y`pt%95cg3Xq-SL<j7J_=^W?b`7W=Vdqgj}Pd~
z#k5CInMxr0ydI1ulf!0@PUsOTI2x3`stNeEe@yiTofC%!6&NUcTN5PMGS&CUIdi5c
z2(Wi@7VKb;oMSfIFVFc8R%xaFh|5E!LQT-LR*t4^FA(;<@NVFSloaHZ0=|?ZhFuW~
zHEV*n^>W0?b6RkWKUSXkGw4#K;TV5}A(?<(p(a?`D96$%XHr@^LJav>lzThbcsk__
ze`EzH)_6EX-Q!lB$p>Tst}lda6-b3GrHw3I2{Q4&OD!wEZqnMCOIp{ZsJdar7Ib&0
zGZd7SnQ2$Pt_d2F@Jf-G9^;P%eS>Da41bI;7eKxejgmfrZ0i$975MAzj84tCXO!qx
zhNnmH0t5}yfM&y!<J0Yv)8qbL{AB-he|Q2f?6Xf=dcXf0yim6q0~eN{%#GDNmSRCt
z=9II6o3>H`z18DQ;m;W|+Ci}H5avEtmpuZzO6XYv2bRDkJoM1)0Qne}U_#DuV7{wc
zeiWbyb`RME1>{e~nYnp&7>dJ4#J|j8bO}fh`LF~k;^q?g*dJkbIEE#lrex}gfAixn
zCo#4q3guowe9Q&%L-X7iRG1D=j<m0a{<(*^kmn&)$vo2;qT?SbxLDkh8PJDZKHIdT
zWVYixsWA%Dl%m!XlYP^EV*DwrM?WXzlu3XXBO=Kam_86R9#NWs&OA7#UR+S+HA`vp
zWESHqmn|#*R40})PqR6g;$Bnte@<8eJAI9u%p@8(EI}OlIvH*f?^#wffqR#d(7j7w
z0@=b6Wa73;qSHZ1mmmqq2}=;ij)W!9Q4M8d#fW^clmwAmf+Vb(8iKKo+KZzWE&<ah
zw6jnoKjX9u>H+S1T=vZ6Pe=Y|h4hylDWZ%xW)fi+l*yl5sQ(zo@=Hu?e+8e<ga{e+
zJV}E}Of;lt93f+*9u0QP*SAr!4sv#1W+276Ol_TFlC({Bl69N4IEbmL<W||dS|sch
zix~muJ{hQeD16JpyXKyXQDW{e5*ixGvdvNss92w2eDoqPv=)=r9k7;r#HW2$w3+{X
zAXXV3%&vi99hGh$bFP=Of29u^_~|3LDcHaD9>%i2-m;iy9<qrFNpE#@GQ~dLrXFSK
zbb50)wW<xwUK=V*+7g763*?zapXC_>d)VS}@`>T}>FSSFfLZv}lY68G`&8Ty!;Aoa
zhonHGYmmVYlnZO;k;~;YbW11ukWI`!x<3)|I(3L|6zV0i!O$0>f0-!tlY6_DAz`!p
zB3De3c`1FwlptB@e#+5zM)E;AcRv$+ftmKeOrK^wGGm&G9aiI}tkX|C9Gyp}xEFme
z5&L##f%R*bG0M30K!QUY>w&Q}H&1eQ=T^CXm{RyTQ4TftNPU|*f3>?Ny+sr!``mSj
zNChqVBv(M2Ct44Ne={zyU#yq@QVtopW={DeTU=61`efMO-|L<p53HZ7*3aA?q*g@a
z334vQOjkB%38VwpYS$sY=C4+vA&r=W&4YC7idc}cx82LQ2@^`x{7NGY+$Uvh<wBDj
zV~)i!{&?ri$?*4`RJ<}0S(@7LKH<#X1`0O2^CgfWdUDU;e`JE9c$TXDUZBY?Z)<7v
z!_Z!gQn(**9+?wF{LtiO%Rkt?3{^3#7J!RAt3<jYw`m}d6W89s<G#bRhjsdBA6@nn
zX+`-ZrlV56=(~Y)jCt7iCM8dI1IK<kB$EKUx#9s4^4zb^AL-bByg1|8UzUuKzR(8)
z`?o%LN5b-<e@+-e@kuHHC6+?TyN`#X5BlOE^Jq74N*<+<9^;R84<94Ku-s=YRe;2R
z&E9B;ZLS+X&uM=wR$79`VWdbdZC1^KzAaMwetaM+d6$9mgj$F{VG&PtGUiM_2*!n3
z&pb|%v3n^PvV?-Xd%GnknF%2NJS9pYj#)xQxey5nf2M8c;+U*s6XKMjB6~3E_Ym`V
z_TqwWqJ}BB2S{-^Hvf*xWbAhH4>KswSgBd!Q>q9|WT_8%o2M91W9DOR&LxN9+<k4a
zK-EoUv1ImYuJT}=Tru4z%kFmaPI&jBqTIpbc&W}4$}AqPiswYC<Q3Zq61Ezez#TEK
zjK4TEf6#*b2a~s2u{*nNJkcqqzfU}Os{{7jwf>tc2_`4o<oB~uzH!Rg&H*eb&q14a
zs3nu|R-XA?@X(LZYptpDTcPwmO7_IyoO<V)V{)rAC8*x#)U0MRoF8MZ1mp*h#ZnE@
zhcZRJ8IZlpl_*A1okv3bF$np?oY|SO`)BHPe=CQD^1_e3VDEDl*2-t0B;WiU%}0Jk
z<S;F_UQ34?k7tO}y~W-tPKa}sh?C~PcAw~4&!|Sx-3!|jrU8`{ai4%}WYSjHhU9ky
zh|SF8_dm_77D+t@dBS30@IszCVF>~ymT@Q4(#p1KK%51-Sfnlzm%#A?^%prxccV{|
ze=5Lm{C8g|jT}#HSSsMCEUr)DsT6dd=-$jNv!j#y#CMF5BCZoG#>k8J=`@y$LE(L3
zV=E*5+_?rSBhaw)n<Sh21S=ETHR98Lc;|N~MRi&-i`FyKxjM$&C%~_B0P8EP`;f3s
zEpko17%;70dH~k(?VhJR6L?i?{O*sQf9L68N@?BTh0)1g5FdE58F;KsH}_}{pC?;%
zPLRp!`-cuwn(%mY_6WMyEjSazwRmTGZ{qzT?CYWYgl9jXz)cJa^wS>@pISmqO0&iB
z+gB8&;hEyqZsJpA%38PG>ZUwBfXAwAy$k3a!BVys&MlQ^mB(_Ynh8;Rx;nlGe>HVZ
zw*P2<&!5UPiChc0_lcCXLQ<K#MoJWrj}b0dcqQ445+31NzcQ-fB-u@o>TCplFo|Kz
z*B>aqSAjSi-8R<N-786zSj80;2KsDtpMY;%Ck@4&bJGI<Eb3Sde(n?YoLGLeedl8N
zHAL|b**LQI3h-7whVz~C2Yvi1e^F@M?}0WGllBd9>8jHA-pln~Ld7MUW_CyTkoODC
z?+hO--~I>FVq`+rDqPtT$b+J+#PVw)0t?Tic$FLik|+UXsLn@|xQ?V%DoNd^^__jD
zQ1&v|Jsf?wKUS=ks=Z(z;NX-EsC(zf<P32435G3&Zj%wZ2Qf79VXzcCe~Id=?6%>7
z$aF26%u?Jh-_TTwDlR47dQnsf)Td7^z<~>&Kil8`<LP66CSDY+I8(#~U(s=WR|NJ$
z4++dyB92+hQR<Br4$gUdhJ5eleRMjV&gS~M`rGMr@_*M>w>JNyyT008+w88duWtQE
zXSLhyZ2kvy?gQZbC*lIJfB)!wabJ1hzLL+UPe8`d)*@(o;?WWE+7V~Fa=Nuqzgj@g
z8Ym<`W5x*$dT`!-);J@9+XHRJ^Q_@xfm|d|PcG5``M3w4K0*5!dl+%tRvZ22&n?|S
zD^FOml7~jv<2}8|`$tFbB%A43!KNvb>ljGjc#(^tso%79y(YBbe+oz-k1(*Fta%GI
z<hn%iOyupU8m0^g`Wy1S>S86W+FYfyhkg)HVH|yAK>(CK>CNxft~;l1F$-}I4ny=Y
z!p|BB>SYmzl)!X`XUnj3jy&jnca0gAbyX$!{8>$&s(J;Z&2=0&Nf9*yYcK|j)kG9f
z<|9wlZ?#%gbfk@UfA>-NL`n}%O1C8*Yi7%d=lV2LLXUHZ<%Ud0KHHXCT=L|JX#Ohx
zbGMA=uiibs{!fYg*Pdd}C(6tDZu(dt|8+Jt*R%3pcca@~f0F+m;`1DikPw&!90UbD
z>u@o}0gNKzsrbJka?a2M^Y*jGb5L0lc@&0}2@ZUUJrCrze*iub&Xfd`WnkDt%7ZvW
zVro4{fh$`G@I>Dky$F?mEq398h$;N-Wg89yZw53_Rpp={#0)$V;P$gdduRAgx$ekD
zwyE#a0Dj&cf=d{G)@V<NSkZqp5YHOz(VuKZ|4ANACoAgz<N-eqR;&g`$T^Eb7!wck
zXN_;${34Wpe@5s`{t>?X^*^%w&xjEkaTx6E%HBgp<>B*LqfK0lR!m_=KRjy)kH6Dt
zQw3%1aQ3*kR>}H5-tF(~@3wvSuKJk2{#Q3QH#)iXzrMP@@wEOQ;`7`HIE}{NeorK=
zjdrKK_Q#8<5FziatPp?F=2L<_m$wOB86kIqS4`oSe=6Iu(xoErzqy!s_`9)(M2mln
z5W_FwZ@-@?fdPe~XLPL#I*{dCR`Kif(GSB65S;~mq~#SHorQfg8rydABM4)wajt^K
zb1b4zGCCm2Tg1!eN-|#Zs(^k09-7I@al}ET(Bhcsgbt0yx8MFieH@|*?tS|${8tQ&
zT(xb=e<mv~b-4P~l9e!9QEu%xaIjp>0+B!px~eO_@{dO2`E%Gu#Ju2*#uX@$_zJZ9
z<`tYW53U+l&}y|>p#Q{Q)bo8hMZS+*=#L^7&1QHCSMh%Ef8t@m6(l1iVj7Lw4)s@j
zibfG!sX=I`I2DSg(YOP^>?YD4e?$T2I5^VGe|hBt3b<_e46~N}-m+!;sy5_|yumKk
zGq^JL@a2kN7_az<=$|boXsL-`31^C(o<$?f0xU4MbZJtkS}Af{JtxM0Lj}`lG=56z
z_u&0MzB})>SG(;_tMgu!)q=E~x}We2u0XC6xPl!#Mv*7fxAczns&S=eQ2!tQ$$V44
ze;QX%bpp_8Rk(uppFY2bE9fWX>_Y{JDH3o&JP$@#wuN0l4x^j{@;qS1o|glVK!w`W
z>kQ}^J~^0)malz|<=P~iN0{}X>0!Zf;ILUJS|Ouu^K%>IIRS+s5Do&JVFe<T9Gd0~
zTc6mjJz^J+)oPYd76<RoRC7IO`ZE-Uf6dQkKt2f)SK=$sv4Z4inkSfx?&{k5^QIn_
zPb3>LB?SeKPE<Ek^>jLDs|Fn+X4!W75f>y-jcgM!Ys0DJA(9I@Ruqf)rognKXwFAr
z+X>V)upu6+*@OPc;OE_UN4v+v!SH1FV0%}0p@PQ9Lth)-7t6d~hWE$2JA>i-e>PAC
z?*|9(_ILLWkAHjLjww?Km}OO=WNa$KSU)5RJ=>Ux?I1f$orA1}LZXM4{Ded0E3V(`
zdB`F}3wi<aaob3<QyO`$BmxhQMT~gYtS9C43u$+AN1N_eUoz&jl{+2zoPmE&0(TJV
zSU()|?6AMhk9I@?Hx3wMM&c2le+Uj2a!HX;YXCSnD9z|F%?_n({D{N1@!lvH^*p^N
zA~?X}g0eFcT%`bo`u>*EiHEgjNbYGScuxir$$k|u=A~RL`U<IRmnH$|MvcA+Ojv|0
zMXMbP24f8Z(T=KW<0@@5<~Qcj%B)%{&pqnYWmIgsZr??rz}iP%;wAG^e-FwOk?fFT
zMFJBw=90-Spvj0ngB*iW`;}05GJv1!g0l4y*0PG?Gd6%(tmrn>pv@#}WuZ3%<XxZ{
z2QJXeuwXR1M>ISze$%}>(P-zGfM(ezQ><2U9C<pem#V_89coHFSFfQAQ7P%MWF(O@
z9U+dtkDN0s%2t9Df0A+Ne{;CX>=@UCk*XRm?<w{|u8-*)OPN>oP68NVae;9FE*UHF
zOaKnf38R6I3nr0@Jda*z@mK=DCD3U<ju&yEQ^3TeHJVw?DZxs`=YFdeS|zO8Ok_bE
z{_;kg_^&&^{e0j#!N0=aR)7Bfx7CAl_m_>%KUb&Ik?(pZzx>=8e|26*|N1BWPII|*
zU>4^^+KX1qO#22ae#C_wH4YpqrH6>izGdyrbyGxfK#wcn#xzm~1DMf>StvLi$aNN}
z_WuFLlnSuoP_<zYfPb<#j8P$EyM#kPg^FZIm}DcBco_sPzC4KhW2|-+rP5VmQ70io
z9VbU6FIHu^Qo9gYe=+4#M@pwId&QbAMW(7Q9Z(mic%cD?iK;KB9tEXU;yxw9kN_Ve
zDQ1oHNQ&u1t>h`<u$t*|Mk9%9iIdPn4$gIz0H(=oN+#2IOx-!SD;MC7{txFD9p>f;
zCXwM{N@rMBa)hD`9J9-IX-}uJfW|A4)GlzK7Xt}6aWy!}f3Z+6+PFJ~ZF444D0j((
zh-LLP3Pa2sIXVvufth~l(F-}8^s!o}@(rK)BkGljIPpM-QHYruZ3ZVw&Po_ciWDx3
zYw%yFGB5QHONddwi8%thk!sSMo=v<gHR;zG({%*yITL0LcHUg2C`cyE9=mKQH~x@O
z$H+?eJ8_jLe^ST#%r-Pqf{T$A+x*;Vn<ds(kpgqLIz8U2+)9Ha7^S1n6LQ0tjTmu(
zT1&Vf^N|4F{B!3ZK1|73z(nN(W7wB$hB6(s(B{f|j0Tl)&_c;&<ryweNi>)`nwnSE
z`bm%F2{)<6SAoJ4*)bhVZh?O}g7U-B!kSTE<i#{Ce}}Y;=D8(ki=%UFq|O!!+?EzO
zc}q|u^s15|yVXL6ZURgbhRG<2&z#0#ggqKeB;R~MNy?T{jm#}q_R*9{tj}57vQ(%`
zC8GU8VgAJIr-@i=G!7~oTi}9=lb<dU2*!;13RM;D{gr4M>Mf$L^AO&FJY*V-GaG6V
zkWmkFfBpZ8MsKXV(Z_8q0VQHlMrMi;t+%+6-AyM0M9#EI+<kZqhbRaz+d%>;fhxBS
z6`o>R&_y9G3xk~-aRsjHFBr)n-~t8CwMKGR1NadOF+0|Qvwy(I#cW9a#Hlp-s{49X
zcCX68RFwcOi%5c)Nv3ObXDa)lR_Ydd*>h1?f7q&Mhy(XSue-UnsUSQIaj^4afz`KR
z52JGoh{qZb1GxhFeHGO2EjoDbxhQ;J1b!b~9wYw<GY98a)z(J4qei7;5X;RSD>dGa
z=o|snTG-aFzxHGs{e9C0n&3hw*0>}Z_E8w>PORPxV0vkW*dgPYW=cvBNw-$H6R4xc
zf8I|22wq4DfsSLesQgB3864zH@iK5C@Ul)Sw+!kIL-~XMJ<%fx8h?G+h664C6K)^$
zG;s-ZhB@HzSnef@kZxmL?}a6JKgKTMLmUVaVDBxXQCLFosu0AbKox7lq2e#H2R)J!
zflgH{kic;F;AC*HyZ62g+ghxM5+W*Xe<snRW}1nWq2(ZPPsOX^f-+nU(r^z%QmhS!
zq1IpD<G_mQ;NeOCV5h%#c(7}Y%<$@19h{bVuav*rd#A&b-Q)YjV1Y?6`LwP7F9@@}
z&9$x9*7#44_tfSPQYPY4;(tZV`$zA;<fDJw=fF80a%J5_rMwRB$H?PY4()rLe@IL=
z5pk?$p9Ffq_cI>78-9`A^b0hl=59|F|I2lwMO1vLZq$JERj5eIv5{&d4WwmiOiOKP
zAXZAvDb=P!S@G=*&$zuOUu%%osqJD)oT<9_OK&+!M*q><8SN0{>FYmh%>Imj)Cb$)
zKljwWsbn-)mu<s)RY3EwaH77Je>Sdsl5;J$m^M0XsWujzt25nCWor>Dxt>v-nfv)N
z-EF2Btx+j$;)p8UsFBpx);gPo+LG;6)IK3T{!>a2nL(VMY!}BMOwo##iihfQP^5TL
z3649uuBJz}nJ8O;1oDilrK0qp%L{$P#s&Mvwz!D@lp<9(xdyyZ-*s8Zf2O`ikvl@3
z6x>;&o{+4f|H}}FK9DPYNTS=FNQueP?nZ%NGZjxFI~BuNFCpKnWTV%*40Z!^M^S!T
z4%$9i7K@ElOs)7Ht^i`LY@KCL98tTi2?Td{3GVJrAUJ{G8r<DI9o*f5ySqCCcXxLP
z?hZ4T@0@$?{d20irn<VOx~95z@7eEq*R!_zpUovh<DW(g!-P>KI1Tu+k;M5$O2xA0
z-7@$Rg7NY<+GNobQwf+J9?|#|p8bV$Qa+qO&pGRj;6yO5uAkIAJpg_st^0%W$^D}z
zM)@s194RCbQ*5O|dXorNvb)YGJ)Lt-a*tTwe|L8}pTkx6dpa(yJJLUTokDb+l8ue=
zhCpg(?S$g=XL?(OnUm??b;0l^6_a`=+os2|y{c79zE37bExy4eX_~MxmJf*?_3QG$
z=tzFu_mkN(E}@jj^ar`#w9dou0G*NiqP(edJ@})CPiHjmj%WSUEXTB~MO&VbOUrYb
zbKjWY5{t~ed6tYuhMn2{KYw+LZKA}N8T-el$2e7A$BJz8Mz^Ly)MATwlH{kC@1T6o
zOBO8F)R|F+1ipnT?s4+50xP;q{;L}WqF4?80C(foA4r<5%)6aNueg&9Lxem0Of<p*
z*|Ff}PTbK79tFuFB1Ow!S-y?(ewDqk*4*SDL$_w@3J+Jv5^^UKz4d<yqH&}4G#bT=
zU$yF%+|VaBi;FNNCw@9t&RtXa8E4m}f;tt`vQyHjX;yagvhTMQ`ejIrLXLug>BY>Z
zOx96y(Z&+>shQHI<&u)pS4P#%B{zoG7h6jxHatXro&kDmeQStR$(HcAv?Q2c3r4@E
z2RWA3v7-WH?MNCeHqU%tI@ago1KzT>=%d6FF^(HKBTZEXnTImcI5zr)Rh``pREioZ
zo%=&gbT+b@9*@nmk81aYi|;)F3MTva46nGD$HI;u>$JwNnw}`BTEU)0I6MpUwbXyL
zHMo0!2gXK>M}@==8?K++9Ck9D(G)Q2auHM#`VzcLD;dwRz{_4>j+S8>#c&!UUcF*@
z{~9Yq3AwfN9&3_nl9z`XWu|o%sh}*>7`ODV{%6H<Ibr^{Nm^~Z20IQLIA?ShFu#nS
zf&^#VnLB@M{Z-%fU;+lCWk&`aSV0{i|07iIFUqP__x0wt7@{5{65QSXz2{~u>$@Hh
zl)R3-J6wdL;}he0b-?Xtv4=FZ4>RE%l{}ginHq;gz(kdT;zq#4R~0OnL51dHjIRjH
zU8(fBuSD|4-yt-ehS698Gqata(AcUqEY~)tvG+{pS=Z9eY-$Z#YvnZHq_tbV546`y
zE4E>KYD5is4sz}P@MIP8?b=rv1y40rU+CFFAU=U5o6{e`tD0+GyI|BCPZZy&0Au!4
z1m>8Jz`(XE@Y`0+s@A!%wP1+4HS-eBH)TF~1T_&QNl+qWhPwoyN5|j@>-k5>T3-B|
z%I^Dt5E^6ejh`Z<an7*!w3^~{;e7!GDSSV*rVVLk76QhadLeF^(6UnDyoV3AjWRyQ
zWHq++8ZS<nhF&#nH#n|=%O#d3h_CR0ToW1*Z-<VbCh>lI?&z}|j{vNoH6C4O%AE^S
zs(uQy^dbFc|FQyLNY%z^Q;9x(K54W^-qmM{AWXXkcEZf_hi{(xH?G!y>PgWI1AdDp
zL2*a;T*jrsayW`(cLuD&IlG~T(NJ;LWo;k%nM+Wvq+H+K7yjVl5R}i>SVCsrk>zKM
zsWsn+u)!Ugqy7pJLE1GcCp2!ds-j(+A{hTkQD*TSlPsbiFbYAi%0;=OE(!WsI<lfK
z;?i3JTTYl6ZI3-lbbasaOS$yzF-$UBxbjFRX6hhfZ7O;E(IAwADyn0mLw!?1Vr%aw
z8e5ct{CvbdmbHA!6f24!+?pt56e0ORg}UMF!h}p$vvm^#>_UJ>rUsoxxbIyg%<*p+
zJebk>k7ZI0koEiz32G@4tMs)`^pvYr*o+(w9kV}7upcAjiy2`SrR0OuJhZL!H=hoo
zbZMxepH^qZ;^6$+8;5kdF(zCKgVs}@K0^mA>wUJ68F>_a3ptHE-Y_?00wT*_xoKzV
zINk`upFh=Uk?LWH+$2o4l1;A2BP-XP>O#eT=-6AV0EW0#kuD1g7R{O}ejO1(ixr{g
z!g1n-CJEorr$eG5JWrz&`C8}XWoQ}>#X;Gm-y0vohwfhJOkB~Aoj`HAe#AK-86r~V
z3guy%5r4X9bIGZ1U1>i6KiBTYMoox_V)q+Twmkl!%1Nt`CR0d=;eLGjr$klH&uIAP
zQJcZe!1hL*Hr<7U#=KDB>tbI^xUls;v4-~*yfALaH6D@ed5<<puUS9PNc4Kwx>0=h
zmU05OsZfh+G`L3I@&3c%$J<clcOG}p+N!2^IQW(<TQOU`E692GF;R(~ngpjF4LFi(
z;8j@<u-9-IuS~Mf=K3(-dlsSd@yW+2zG_hb%&W6LXyP12B~6T*fywtj;lH|RHt~Md
zyf{><p>;5DR`8_)u@c0LP;u(0Tk|^H$9QDW#|gqD-f=_=+QX1i?8mXiA#otxC+*e`
zvS_;J(!;I9eGch^6OfjD&UnGUl!t!O96+DpsZ*AW=E3XT8L%jdt#f8gG%d`a{C1lH
zoSR4W;6?t_Z#Lqlu)9E+=ZL>?a~+B1CF6SY=x~l@j5t8E{T33jMctx+pqAW1@*rf_
z*jSMBp|ZWxH4UX1Nbn>??WaWZ+&<w1AmPLJ<E4QknnAeshpTgXTai~~z`pcsnq_Oe
z(VkeM<Zl_A#AKnvsTTU>3YhW1PLLhovgc5Uk}}*g{We9-xy5DQI$xk^VPtNpWqIMT
zrx{iTj}@GBO^`qq!G|)dz5`Lbe7ojT_Q<p#S=%8NRrR~KCiCQP(m!J#T3M;sD&nXH
zPI;wo)?r?P$Xu2St^P6S*ez&ZYnP*wC)O7&l8H4c&@?4}uDZ{Z=wjXIK@e{PPLmZ9
z8Kty;CR+MkA$eB~_2!n-sU!0X5DUde2O*hahJBf684nh|YPzhX2bjQ;R>B-3=Xdd;
z9wUhCtgw;LgiJOV;Ty8(QDBt5W$b7*J<_lH?tr>QK@p^ly5rFBE@aF&o;+>Dnl9k>
z#fbqxS5HR|2nWBDWoN`1$kzezxPjD7&e;oLE*C<6zEMQ~ESM<&{BffUI3s7t$ZO>F
zzx*!yeJC!Zns}5aS4!VQka<*Gb#QpWxZa7u|FsCAdsb+Fi?g9RQ3JcIC~;`5Jc4Bp
zCbzV-Ak~N-<Rv@)-8IMUbSisIEkU^<Qp1ZPc+hwkud*wPDQ=wbx1t`f9`GTLI6T>b
z@AezI9}`!1#)Ov+z(;{$aGsTva0AH9A-LDz%BUzo@TFV!E+9O7#Ig$(v34RDe2iH#
z0he`-b14Laarq`NAHnPw)p3i;32{_$*HS#J;(y5eSf<CBb>b=v$(grX+k*0h(Zk4P
z>=8_enm<dFPAxF0zW^kTth%(VA6pn>k#h=J_gbo}L}PMJd_2y{c{B+`a>;lm7<t|b
z5>Bp14lcZ?&)=;ycWcycdmiOD3`PUF5Lh1vt`#QMk)1w)mmb%IQ6#+Gtc`P?-@4mZ
zH%7<6H#?YMAan}(i623{E1r61Sw=cP+!t5Nsw~%raPyk78`z?NRh;<72+HjLI@f9K
z3^D43W4vBpi|pY2jaYPCcK6WsYaA)dn%eXJ;ANKy*$s!{@|PZoXQHCQ`df?`KTKSK
z(84_AKHNySkH#zM_wUj32Yh=%76>>yMH|k7LS;!F;dcz!>NF(kGx%)83103dTF8Y^
z3FrNZP#S1>H-Jad{AA3hzwE1ZaQzQg^4KYb;tG1w98uKj_&99Ep9SnCj^BMCwX8|R
z=_YG~@-aUAssw0=*mB`I7nvWxJVG^enn_wukEa=rx~c}AXP!&rk2$@G2F~iL%KePF
z&pdHdA1%u(Q+0WRAJa$0y0Qox--}f|Ttx$nWxrV!rUF{uXdQOGiGFkB>wNwPGZgm7
z-VunK*n{}SrXP<uI{mpkG2uLR#+jUlU_2*vAv_;(vzKDi$FpAYqihsZX0lj%O=00E
zaV)va|2vUW0L?&wQE_GYU^q4c>Z$`qr)2w6%kU@r6Je}t@;a%XWU<<$4eTX)-FO4Q
zdL^N~tN>jERFByQ17NX6QG-D;5Tp8nZN0xp9(Ij6HZ0~-9Osr+QAc5Qp?H&&_)Ram
zglVApVm1tFVfDoRy;Qh2^~ojLzR$grDA021Wk;bcGl7XYU|(KpX~Oz3h_-cMnSD`i
zB@Z7b({V9^Dk$DJZ*9cyXHfJ_qb^Q=Umz``KF~aHWvs9_xbBlmv4r#F^du!M?@dKB
z!^@vW?3-zrG)CenxTG$KO6^51wUQ!8aBMg3O=DZ~?l)(E?tjvQk89JGj0JvnW-xWo
zQq^`|jO5d;Cjy|6)TcG$OfVFmtT9tjxYcvm<{XbJ4qOetaq{IS_kA80gTR>#4{+U#
z0eCly`y}f9-`In0_82MJ-|9O&%Q{bxeNxF6GI9)XwP#hE#(k=k`8pTwPB24e>NUa*
ziW4Ky!YncEr0<Hl6d}oRe=u17Geucn{<YciLzDM`mw5$^C`Qsw$AH;QO<E8e{gPTC
zIi*t6g}{7!HN%_4_J}uLO>VdN61~5c35ZCjiG=pf7yE-BSWyxEfbVBmg;VQuR!dc*
zmuCW`w>NgCt@Y{Gmp2}siw_=C4-v+r*<ve8bQQ{e^{}|`BHZK;soz8pXv_RoUVx>i
z|L*o{V}gj@{Z^u)vq@gZrZ{w~Tl?|(POAi*9sF-><2UX)xXNwm_F12YC;JQ_0S*&{
zc1Mq+TOCh>m%4_Zp5qOSHZWA%Ah$rH+sDk?-0q(cE@?(_`4<!te_jsb4lraPwRcZ)
zn(DSOjVR9kxo2j!ZTCKsE559-+2*U$+dj0lqrmZqJ>u_DPdBB3;<DQFx7+53K5&eR
zL`rA*`DLie+&NbRG>T05pvFUm0W95*=9<v2doe1yY3cWw_kc)G1MGok0Qt3gV!<E0
zw7Qr8UJCHBtLZ6De}Sy8)Y0h{^k#=^(f^Y321(?Zzkc700^usE=Ob}n$~Sg2cUqk6
zh@kHh;*xn<nnBlVYyY~_YRjhtC#}RD>@)7?!ZCIhg+0K*v#oXwFKgcmjB(Gv{sbdF
zb^FqoZt!lM$$u2c?n{eK5BlZliVxkWw<B3#S!O-^R<YriCGJy&&cnmjZ$h<igf%`B
zJ*fZP0UIG&@5M%8<Y}1CyhM;pKjn3(BN`_dNLU7|`N%#4-r+*o@{prfdUv(I!S382
z)b2Gn>kdG@^+b^Zq~XRPu}5U4S|=yj!$VQ7Nyv|o6j(KCK`tnY#2iUb*+x?;p1KV?
zwD8npe``WM^9`Yqvo&Vr|4m~0?2%{O);%5ku)LtWxb?GXhxN*gKHIVcwh#l|oAU3+
z%Hm=2YC}mW*py=M;O*%AOH1JO$F;yv>~|@s>xvnY_YrmAE_;8*r7jPoNOE;+Fks~n
zm{CtV?|7EY)n$7dp#;Lu<#?8Qx>*7b--u91TJ#&%)H8VV(2-<ut@aOC3}Bhv^%=)R
zs<eS(++PJ=+ikZx(}i&=z?BmdmFqA1TmPzrE5RX8f{K0EJfH_}>W5oxf{Ki%1n%sz
z92(oN8j`?p<~FuUOW|mfbPkjP-Is&^r4hB?hrserG}&Hjpn6V9g!HeM7^$Tvw3N9a
zY1H64*>aS9_q*Q<uLS1$>x0fyb&z2dc*a5yKzX&aIg#8$kT*!sOW=|+ZMW7HD_^kk
z17QL`rXq67cFNF}390~kD2=`(f_^2b`1K-YJI=G(En16vkt&V*i#~O0`82v~M>3E6
zIGBs$9&ZMMCvP=%#7>MIksW+pKN$co#4>R!e)|Yx2I2Ar{G@o8{<6^GPjA^tiP&cx
zeg(5qO9Pw1*Vnc6<bj%1WJQptyBqVwEKv-SuET@J**Pe3Wdjz@Tm{AyoWthM-a$i7
zb8Y)p4{c);&&@Iuo03P)+=T-fN~6~nbM0y5PB)Gb3H;Y;D#EFQw*J&dv*t-V>(LX|
zROQ-OyN|+{&T5}u-{s<+4k}n}cgJ9dY(A{xV-xW$=@Xk~=B=slH7jS8c8oj;a9RIR
z2i8&2IzK8BAaiPL!X|Xm%sxNx$&LVfq2P98#b1~@)Q$*u;kSuhb^>L%o&cX0v;1uo
z#@Eu}VYiPIhW8dhDpk`R7HNdSwGLZ#T8`gq#X+NPKzfJLz!wut@s&rU)bP~UsWQ+8
z?4L=bFXQ_=iK^vJC!6epE=9+0$dWMAPy_~<U6q^HK=F}bfqbCF;HUfpgfVASYzA$X
z3YG}%cUG-|3)a%*&O<EkH@X2(=d9lfEFHn_-*<<lm2R9Zu&v9@L-wi82F+^>?DIM!
zc*!tS0Y>w)T|A;H1N-jX`mcY-b39}%WX#-;3NA?AChXX_nxHKRh7^k}#{vnr{*oM&
zg^cfXKwK@N?tch_gRu|EuZjX2bt(7PKXfc!&GT_&B~R<AB?ByYQIg_X7>O`<OZ(dS
zrkG_dtlkfHA}(?61LS&qoYc^70t_YKh#=qzAVl(<8;JT8hKxsq-i9#?4k(yeBZ5T2
zvQ0$^Fh(r#?&S~FMjEaP|N2QV04;)+7{maz(CTDN%onz_LzZUQ2(vO_8)42l%gXxP
zq${w%B*-=DNd)>89Cb1Hv5<<58R2p?k9@CMdD-B&_cl0Il$p+o&sq2aul=2=>@nc0
z93n>!UC(u9#8mbM=WD8V@EZT9UU-yV=AW$!&GtwHxV1$|c>1XBpDILx;aGBfeH;MF
zk8LBEOD<m9cF^lMKM_Stach~pyZHFv?{(+#&pW*85)ey0*K*9lpBJ=IH}uBkSKIVv
z2OT=vo7YG$nowR|+a+r(*#v(`tu7WT(kDFg-tgkk3p6g$56<*OWhNs_q#JWz3{jl5
zGjqhf8b{2}HVat{W;Pk4S2r(uc6I?P^0=LW??_Wf!BbcAec|L{zLcQ>AC;944)3*V
zOqkN}n&Z@mj}{fwI74hpqVS9V`~qxky=U;MA3|flrCeO^-r)6QcE0zVt^nG(30V<o
z1_WN2*E~bn<dQ^ed68=B;KL}s3~mtZaGIzhCjRRFz53mn<S$Rf(gc|-9SX1@IC4Hc
z?js6y;2I<u?^S83mLX-DIb^$>)IffuCF0N%(-J%1&sx0Mn&;E+H%vTr`wx04vuyof
zRC<tws^q+LZfE4;+Tci7=9CX<u$H~Hz2eb2al-NIP<T0Gz>NLLg7JK&6A~`xjV}D9
zt0R~Z*``?`U-VDq>^Rhps4h?ly(@`~1-)+^m|&V34q`)>NrkX%iWgKahTb@XJ~YB-
zjR!jugdNwd8|{+{aauI5Y4T!VlaL_({Y7i$MuHm*newuUgn=DLt~0mrcOgB<kL=!=
z%nxF>NzU*qn`-bs{>mjQEomY@S=$}Y)nQp-1zmb1O#XxA1@511f-yk30Z&(w8p1k;
z>a(hKFjS78C5xpm8XUa*krst~ALQN5n`-&S?*tL-@+82!=30H_#9GTbyY0{8HXenB
ztnCx)bb7sT2o?L*m$_r|abat>YYNkpq8L{GVgz^ti+{gDzm-AzEJ}Cc1sdByA|b*@
z9*GNbIi9rN-`~65u1N!pLcA-&voQ^ku8DNCgb(Ze_FZKg7pvt<OIAG0c+F$DTpg`V
zo}Ix8Vk<SedWfsO_b+Ks(TJmNR2*8<7mKI&r%@l@Yi+iBbSbXe=%z-reuUA|6lfmq
z)t>qF4M%;hPa)oPuvnU*eE&B6#6w+@gt)Szc`3fcL!IT^K^;i;RFMn&VACk8l?5W;
z`^=Zr>NZU=+&KtA)z}(gfEncNL5Nb^o0CFjr;{i1QW=NQrWpTJh}d(ZbHJd@{!U$H
zvOYXh2NFW*Yf2%0<6O3-WYSazPBtmfR6Vfoq9c&%W8Y5|X3P7S&9#4-i7Ij=4#n@5
ztjoZ-f`I(30=SPrEh??gveb>yuVqV#^k!|w)-w4;=+cYZC`RLBM|fc&hInCN=j*A=
zXe}n3t#VB#aK=>M2U_5tELOZPmH-1oEBd%cz{dLcE7+#eHTw-9*>~=K){h!Jr+Ynp
zHwCz8e~rGs*vG#vj6d!TzqRq+m*ZbdV0N2n4)rzw)mjyTRKAt+iB@Q80g2T(l#1~B
z_V1|-;A4*5m|m887%da<lGfVr7@(u0c(WDY<K+MK@Mb7_Ob7eeSRfinhu|zfam;yq
zuo8{oV0dCrD9Pd7!&$2i(r8|!SIYkcE1QY=l#gCTjODws(SQKG?s=)TO6&0)Y3s@n
zs8<t^P|OYij~{^}VMzb|le7JVy9{=13V#FM!@wfrG($ZuZxKXCJQ-Ot+fw|acAqII
zGmb|+-2<Udn2}C&c+1OT_u8i9OIGRJC|C$tCL_mZ^6}EhTd_=0kTXKrh<NLlX-|+%
zDRxIwK5kE$9yK}It3Ir%;epyL{Rd`AAq{|O?Y9he#1$VrnDtI71kq096^WR}Z67Hj
zm<UsgYu~!j&89schRYPr`b~}$U;%cCCbGbdXT37x;S?fzlOhuT`oz%`HpPVL-0c0@
zai^1|0<DnK{*YRR9_<JlZp^plmgYGTugAWftAdKTw^VAd3|h9p;l9X}$_h)P4G`9d
zcP*60{dI;P+0^l7F@n5BG<ihEW~Vpmpoj;G#zN!qC0Nq0?nFu9xTrBGo5WLqudyLh
zG=@TLTWi<K^OgEkLh1e|@th!T(519!e>>fQQI8-IF^R}TpYN2o^h%!R(=UgbTf3ue
zOZp3YdS3LWjnL0kI?BB5v@d--EI`PRKyzx8GL`&u&e#JC-)u4#h4z<SA7-VxztE<3
zUDM9LBj~Q@H$H&`TCiF|9O2S4yBQ=rTy8dI5n;o6J0HT`N-gH3JKhAOXH*PQ5Fhkz
zO~Rc)NPl{;u3ONqq_u`h$0856#AI!|#ZMJ2n0?uOg#pmH^6GwbcKX%O7C?0j&1!^~
z`A$5zfB8F;F6fXYlot1d&9t_)%<%zD^>I1T0h$-pOKVoXL^cDSYJ?+K(6311#QnPX
z>>zzE;5?ycr^i8TV%Iu)pdIxeQKz^~uYO0M;(;?rw_Q|1p3g;pn^WQ4d(ZNbgqOhB
zUj3(j;ig|f{$*N`y4cAKDNw#WTf9GHZt?zNeJP^Iw;5d+p6lol$MP_9;0TDgu0Pow
z&#iUN&AGq6>u(W1K5h}8lh|L9WZZ3C{DQeX83IkcyN5_2xPF6Ygweyl{$88Nuua6a
zjTIV;G@L)YAb8eE9+5n@6~K*2Z;z;7HbX*kPIC5E;(bZlP5jFo3ec)}ZnfF1@MNM2
z+XzV5+loekg{6A6ZnC@X1P(D^Dp{MqW^(*gUxg^ldG>tt;N=zk_(egV;k2)XCQn2_
z?zmMDdKqG;$Ue8P;Ogg#82jz?fW6DE(_hL<95oFu&*>?q=QLWzw)ypl5`lGH^vN35
zVEbu;fRX8La*F~aAa*>QB|ClAuA-pc5ZbbQ@Kz5yB3foeu!c6Ya{kU=v*znqO-$yv
zAl-N45_E0Yfr>T*yc=!q@>&qlBdQz9$MeXz7?NKdIAVz7o>S*Bn0C^ADw<n;f~hhH
zk3(dFZDWa0u<Xg}exEy@Y3B*(+_=1}Ep1GEnE9@dcQ)k;+*dt&d2(8e+Khb9SqPuI
z5Ob#EgW}9xP@Z4YJ*@y<RPBzkxpqNstrXTHnLbBkc4Nbe*AW!;JcHGH#Cn}lllUm>
zJ<)ATd_}6Fa>&<F>zua_MhtSEoL|eSH2c48-Hx(pNT++i{?pRe*9X=`aliW`m8+qZ
zQ=-&p>+#3}9qbxlcbbnS<q`PAX8#tjsd8`rPjPmw6$?HUR`E%q&&s;+x)6-e7&OC^
zo%2xpKA?h8T}=5?QKrM{Ewvp?2<3t6ECxyJpZaYx$~b_r4y?JxcnBN|4uF5fPARB-
z^=3w}PeE=Id{kwFa#7!ht7*wOi~NkKk~p1o%M9G~(rHIP$7Uu9$52$WGikL_Pvica
zK`FEdzM)KIjFsPCDP!dFi6q7iQg7mUdTZ4)y_h>Z`YzyhrJ>E$c*?;^f;p7o+CWCp
zamPGW%zV*f;K9!8(+qeyt!|aG=f0MwtmnUsAAq&zKm)lsI9K4wMXw%^vF-iw+ap;v
zB=A@=FR>w0#9~_R7HqCKeg`AdZd7o8xO#Jp1*5KBW$oAjeY#}=bS~X@x3+23fwK3z
zVV?yH-cpvA8T)4W?z#eK(fR{$4>)ayJlKBJyNXw;m#>nv3UXEY)#*NFsx|8@zAa&y
zoWTjm9r5}0+7dF6jMWFv%DG$7*=|Vd0<co_JmtY{sxbww(sI}>bXIt0cDOZnCr%Nb
zUNRe}9QV*k)fD8#gXTQFuH|TBRMaJu2=Z?&jCqKOuqw62g%z&c)!u9-ipGL9jgzNq
zs?E7IUzwA8oK8t_Ab*v+sr;?>%~gkP3FlWuxv^bq%4s*nq|&s;hCE(Yl77xd0^r*3
zdP|pI;!A0x8KRL~-W{nv`E_~dVn5fP>x@~Y&lNi5t1!$p)v_ShCl{(M7I1GPMyjaj
zYIgoHw=DhRef-E)mJ|7T&P+D^fQ75Rd+*6YN+_u$ujR|(Y>>zu$W+nnY({%S>3LAY
z@m~p18-}l4QUaLTX^6PZq|w=55*YcZxxOjO(|l7|`BzmtDAa0YQI?=Qx^t0ULLj}~
zIO&^E`kWboY?TWKEh05fabsd`65D~(qWk$^U53jK<KT#7#;x!-(5-G)HmAqqTPgrj
z+za{@hGO6cUefLXTQ}CXy(EIcV#4>lU>bE)DjZb(3b>M{_>y?EvhUzqK*x*!X6bS`
zd+kP*{jSrasc!a;OF^uf!Rps>U=o4$&+glflC0rBOC<nQWQ|Q%;CgJTZDb<nP`H`&
zv9$Bg9Q?yCB0t@3>;!#zdUjG24TBob6oQo+1SiBZT1RMlB)&a0Sy0!v?V9m9)&^*L
zl}=qjQ$RlUU4<khP+*%U0@oy*&=C&xC;b+D|EMLE<g}Jl1l(=-Y40zFM@3?xTl&>c
z)CSnF5$t;8BHsN!0=AtInuz`7GX0LC=%Q_{@|o96iRfLU{g%u5itlw|f1N>6qhcOn
zu;#*M8trKf-e`#kmPA(@>(k)0OB+S@XZOdjEKOy=39lGX@o1y{0C)|D2b|f&Sdzj#
zCRLts_6kx+l~~OqshD@1GkV7G#Oh2&r8{FkwJE81N3k$D5bA4h^JG1GtCvh63y0a7
zjtTO0KcA$zF_!Wnum5>a@nLAL*txh)cYn{!c8^hn>D%}?%iKHDP1n?(xLH{Y_EZZW
zp==a&G;dKT3)zeUTyrL5TauOnkRL(YIsM=GgF%DzXV#C50LsyWPoF@X^`lRRcLUGz
zMK%)3k@&B^^031WA;P~D#%JS1sOF1`!&gevg4wls1;yFRx0t`|2}J4+**Q6?K9bw!
zsfV7v*NwaJT7%-W+WD$CTYr!ovbM)xp{&N_{`HUW+nntJ?)wN`E7B_?chsYwpT+C_
zPkiaL?YP=}Bq9m7<TQ=D9PuJgAn;7Zg{FqMvU!ZM@SWILy$s*fDIHpK#@ixD)uRNN
zX@R4$D~rSi_h9pgzvc1M71!#amK&2_*Eg)X>y&17dwSVc*eqFphEY|U;cLt83m_7H
z%RT4!#fHoP)E;!vUT=JH)7tP)s=jP8VO-%z?C9@IV!c`vt{pcOXlm?=r-`cmDDpuZ
zrk<=Rq5H(FQk2$@0RLrlbrdH}vAPt6J;t1wRvfeA{LAFpm;9qZOacQKg>2r)tj>>Z
zasRJa`*X7fd+xU)q!Uh*1B2zUDatNye#8i)1+cTii*oSlB1q6`>({!B{9$zL3Vf%w
z{Sa)wx)H5{(|p7@Qa-{5L{K8I^@p(=NU+1OoY3pe?i7x{^x^PU_AA+zH*k&G>}EV^
zQ4d6EL3n-jPC9qKp<yPOy$I&4a64apDIhrF&dir$P}j~OW`@B@cTe&Oc#1;20OnbV
zfuPhieF&x+@cQx@&IPc@opmNcx}RV%O1cd*+*Qj~u)r-h-qkLXGI*{RYH!sWyF=@^
zIVWYB^0P?Vb`X80_&;fhH=IlCVg<4Y4KBflMS{BAW1H>EeUQyA+-qj2k{<G@`(Aey
zg>@?QIw97C!&`o0f+cX|mWFtSF+WRy0uHQ6RutE|uR@MFPgpJJ6g{7fu8~kavh@&q
zui0DpQ42=B_j2LMK9Rt)y6j;st((kfFRl>nPSDDX=CJLjDe1D^>>9y13vtyUDOjTL
z_d*^}%-$x;Bu^`wdQGcpS)`Y0YuIZqZPruf?#5Z^K7TLtPP!iy>nOCH#{km<5U|J2
z%DRIEG+m>oh!Y4&i0l06mW|&!#1Bt>Vt9q?vS_f?C(-AiY)wyBO$<J1nvJW5Az7Q|
z{SCrJ+dieJQ*P_{!QfmlM#!C*OX$+0<I&$;lN45<^*9*S;?lo{LSvgEA1X@X%8Kye
z1-D;U_S5V}V*n(Pnss}p#-lL-@?amvhQ;>b7}<2ivPAYG&FHZPpYkAW;oNJk0_}`%
z%2K%N+P{jf{$!WzJ}Fm-j6rj>yoVw=GU845_ej|}O1pD>wie!tFwv{O<h^<GQ4XTg
zve%@wTAg+peA5<*v*8WY`K{b3+f}nekCH859+>FW$&0N>m717A5PLKOAXd_=z-P}=
z(l|?Ms>?JMDMtJk=xn0Tcg$>2rX=3jw@)qm7JoHnYHK1}{vx~Mgg2;le5lckXx_KS
zz+3D6Rs3WIz9(Xhe%?d%`r#-GY@<-;%HlSczn%AlntA{AEu^vXV($6!i}1>mBGm^@
zz5kScD4mu9cQiu9y9Kxh$vLcK4*4TV8En)S@TIYn^o?X0MD32Owk>93fVPs4wAtZl
z``qV-K5j>N`uvtnxIqKH40#p|p`iS1=BHfxPix6=L<;@7;4{pBVHVCw+PcuxNBop*
zu)+gbu*xShMU|9)7@_(|F!qT81dp_*er%88Knl*ZW#E1RK7vrf^n6dBn^Qi-nhyMF
zQMIIik2uZ3JWCPlj|t_nz$Mz0g8FiMYE9e$e(!^-fJbL|iGkVG$`^V`sQf1~l7DRS
z?LAv?`=}>;At!pP>?Y^tf8dJ$$5zmD@E8S362S<x*FDD0pf00N5!mh;H5egq053bW
zG(YIIz(eitneQ7-mz!#&h;Jg?+yc)ZJjF`^82F=@A>K9fw00Sm*gSL5umtj8!zSPF
zOv2t(T=gl7-y9V`f@{U>FhXcnUBQ8OA$O!&edEF9Km~XnVlA#?(2bs`-p<{9pCk--
zxtnvKw7N{OyT6lKf)tP?%*9B7|537o;Y}5I$ws{7JAPpbZk5EnPxlF<1Ts2{>Dowe
z@dpciIC?5Wn)BWt7u0Bp@Jaa#D^zu{+DB~3^|>)>5!OgONqFZ`h5R84vvE|gBVT-w
zCF3CW9SNK*vG+vMwSM#BJ)kFK*r7rvz$vhHEaP8XW>$CEfO~;ZG+qddzaQRFrlFqp
zV~<FDSX18F8+6=1eg~ghZK{AIVzm6M-N)^G1DGdegF>|JbIH9mdmu*`W#;o^*E<e~
zA&X=rWHnJiUH8P{ek^bbER}!##&<@6u~yAZpkWXXzIX|hMt?~3bokK5)yo$k-)TU3
zS(kHkH@^E{0RXGjg1b+pC4A-<*v;BOi0}Du(@5Heyf6rV%ZIC)CkuXIH%M=5nW-7d
z!T~;_hX~J%G7rQdor6=^mfnW$Pa=hUTFLPS8HCAS%*Wuhi6UrqKR6A;Vk>q5ZH|Yx
zByy1@IKjaWijz}~o51oRhNJ^L<bJgAVAZ@~>AG1C)V&~mxvnrqpxao%KKoNKd6VAs
zq~d8usDZHY|0VshK2+k7PRy$9_u{F`9fTJdzE?qLqwv|g<zd%a#9_lkXVI(_0+inc
zx~>EH>UFxV*+k<Kaz`tsFRMZS8=Zj;AC%i>`qf<14}haO8sO_&G+(fe(JXABA{gD>
zeowWkf>i*5duyJxkZE1<Xo+Rw<$1OT(^#vLS|}ZInMbR(ee1Q988{C<=#h9LL4B>H
z^k7<nG&7>0rj^$_&sIzM!Ze{C@{aX}uaG?68<S3Rfm5~*zre<=mO;37|J7h{^hxiG
ziuMPDzSjp}6EGO54CO22@8iVr&ihq~?Z}m$%V+WqUt)U%mLqh7zcBPqjd+NK8f7j^
zl@t)x&3vS?!E^>(f5MhRawdWcI`LyfQFj#kvKww9T5LhqQ;=!R=jJzps?Fm@`It~3
ztvtg%HH9R@p6WPS%b8s}*yJDqsZhsMw($sjXw@8*IU^a#H_2AqD?4&$oZi`KgJ!KO
z^)|`%)MF}<f^4ou%X}(_qaW@?V~LK?odmi*A6cR16`gZNo(0Hnn;*_2n^0ncmW~yj
zQ$`-~aX43wn9tX2Q4%*c`GM?vI{{pf&}NJVkrR3@?KV1T%~KU0Q9jyQ_SI?-TK&LJ
z9n<CEyepiN1ksD1Ml=|I81VLdDBNTgyjz>U!t2a<*60QyxPB!z428V;u&f*J%YWHG
z-1`F+A40w%bt7$??cmp{2@|;w&X6=}L;7TT6XTZf+pRq+2r7Wh!-EmxHTTaanbel=
z7`qd*cR#5h25@pUSo2gzX)YHsyS~N%Uf5H$dUDXLTw&dbj{bJv%(vrsKXiG!I<HP1
z`X3*n{4Q_ZFUY}=7lcjseQ9MCyyrwpzM;AnNw%i{B<;XtE?T=%rx1}%Y7{Bn-dN5W
z5`J$LTvBv22-jYj*ky{A`%-1{;8T_ihwvMwt`t(2Dr-mMs;m5%3ZI^MD76xRBq;g&
zY(eR056z{dL_dbJ9;_!L|HX9z3imA(k?ZJ>%BAiE;ch(M;QZ~spf8SvC09Eh?)J?h
z>$b#qkM72g8ULez54rW$wrO-8&umVzNzImyu1n;$SD=29CLv<o)l>+U@b3q+m-LV?
zsZFN3R1AIBYsrZ_lBETbhHYW8keU;GY>SPYe({$Lrf5wBxp`S<E}f=Z#icK>_S+!Q
z+R@@OE>$KCE3?6}&e;s-As0l+9qo0Q<$j1&E={ag)lnA~w-z^ZmhNDE9YWYOFu$PZ
zYchXkXZ}JTk2UGkmdy=nipV&q^?hx{9f1jf)ZD{Ny$DMV`wgJQP$l_6oP-xU1xb@k
zKY_4IWj#3gkSPr@ar(V2wc>zK_1`E0K<N;OSN{<nZ{KJ58+$BtPp}+aUuuxi%jwTq
zaA~z<lhsTIh(8MYCD5`lq4rnSTA)DNq~`ieo@AE^k`rPnQIJn-%R`FGWvht~G3BsR
z1mR0w+%$amqBQU?kj3ubDn)6X%hbHk;P878x*sZ3ab8uO(Ny@TJy_&n@}9>|M{fI7
z>+c(Cpx5O?lXcY5xykR>9_jWV_jD698uwb-@QR9DAuBUVHPp2LPVlQgOIU%lkfia7
z<1ngNMJ@_mIKNLu-|ekur3?ZLWwwj6EY8LH#Ix}9+7p0Ha@eAL9o@wXKOUf*JHi>U
zZN_5z+8=!dHmhGb>o@DkJ}Z0&EsUC3H>zbFjD<}=Ivi6*6|?+Yl>Vy4D-)(ZZ`4+T
z+4zUKgqG9hA7!V9mJVHFknC4}b(-U|gNmx}v|}ll>EG6@7?1lDWo110zeCwqT(uV-
z?bZd3_p|`Cd;>c|>)5ie?oYxqMxG6{EHTv1>*^^MJ@I)`k%5mh20Muw7jf#}J)h7V
z4@Vx<j;CBC*$SGm%$=W#)?Wlf1~!%>*u5=dj`C+Fg=^g%a0k7;Efpp6XRNnCPDb?{
ztjO$p+}=aFDG6|1VX9GI=sf;?OD!P@m0v$BM}+{6X4hq9u`i3TMVq^+MHr}Rq)HjG
z4(B#ED-is#PH?_-!Z>|SvH5`>0)Gd1(nOKWy9RIx@gb36e0v``4jD}8jebzSn3@r!
z|IuuBmajJCA=9;9OO~;itL*VjXrVU<s`y6z$2ERiPu3cmX|CiyTaUbGVbP{Qc@^Az
z8B1g!TpCL^?p&^%30C10T*p|fRySGC$vC~S<k*rgXnT0{x$d)T(-yZwyYpgh%I~%7
ztH@?f$5Cpyy>?bzuw&YhaN$_}e&YH=AH`Y-w0Dp1J~h1ZaB;udDcso*V7(3Ip}QtM
zig@l_241E8owxd(OrgpenQesRdQ%<)um*vps*vVw^@brN@L&4i6{3Xc+YP4WV4h#U
z)rv@U(WT!BU`n$uLKdmld#Fkp!CGA*vQ-oAUgw*672;cnm5L4k?%=73C7%y66RhsE
z*T<oW(z1VI<vUtsunD>4TvU5msb?4<;j}Y(-#iwN&-UogNJz{CQRmS<pN7xm2AE{{
z2IB}ITJs?nvA3|@=%larP>VcPUhwDn)zR`MbwX9>^bqcZwa@r8%H)GBRU`J0AR3Q=
zvA3;j6SF&j)Y8BgmgwkDc&4n4NeHoKdMGcaO8N*!fn#tCHp0FZ(fW^^v1qpCP84W?
zp;iZ9l-fxY-b03`^GDre8v>FmKti2p^pm-Dy9b`8i&OWwoK=G|S*sj}*I8_gz0nSp
zNt~M6On5=uOJa=H6EYGbGi{!2d3}7RdPWiqf4{O!M@vWV#M#EvFeYwhG*7x*-W?=D
zz$3=6<b^I@a>4QVd_l<Obn5&NS4WcF!Nf%ch>?uy3Hj~2jzVW6Yfa!bP|RE0a3ZDk
z<Un9@-eq!BHlvZoa(j%wO{?QyKVva;fWCOM&#&dh(j(WfN{vht_;1*>e!;!cg)N^l
z+if&YZreb4J{)_KLv4Wn60IT>9w{5`QDvL@jELx%no<({k7^M`f}ER3IU<!38|-{k
zOlZ|?qfeH)l$)BQaw0Jfl!vcgZw7w)jJsq&YPLOzeASrw3hy6SqKtdF06k5y`PIYk
z#D6$SWoxX-4ymIOH2|xH?Q=<mkx=ABWx0cbjag}T08I<l6tcx1qcR8#AGfK_L17th
zhXe92Up(E&-(NrLRv=iTw5;Zz6iZX>I^SBt{oIMfWyoWz8Fr?x1t1`|VMLAGFFL!&
z+&p(=PQ0@pTH>V*<sf5&t75Z<<OlSk566s$LUkf7$UNBykQon33h!sO+eB;Ecx(0{
z<RH3l^>12=THsttV~KW%)$uCwr%`FMg~$zaZ$|LwHhKo;h+1G%_!EsV-QbH_QV`c_
z&hplAoPFd~SGV;1ff4By{+B4tV}_md5-eWXEy<v_5c`4=-5Kfq-JK|xr$KB1Zn<LO
zsQsqRU&cYxzr9)t{07zxMuwTZ!ExnK3~)<V@dG?VP>+9Q`<RGXo&D@UD+!D?<kK<L
z`+wtwcv7}Go|LNwRjxP>7{*$McL_wM-}LK23^?bcJPw3C055*gOy8A=<XrtoK|h%F
z6?iY0%2otEH-qfLXvmg8I7P2;Am@;@fwjL>PuGb=FhcK+20IDw*6Rn)tr!==eSQOV
z{QDF^f0@0okm=4H_^uj4M6kx+>?nC+IVT}e8H=8}LD4T8%P2I+FxEG)<#cRzP&_QK
zbhScH9L~)Es4=GNh_-i%l}Hl|C4>GHjD;OYLi<T$+Iglx7~UNXi{y5Hrute2LvW%O
z)40gs{qx(NRZRLpF;5CDOB#0W@e^vFpQ|HNoB0pZ3?)LSu0c;iBe}|Sh!moyocl_f
zLvpO-eBL%)r~OF|OJ`1Nux;<i3*oQm1CjJ@lddYjGaZd>SLP<KtM>qk9)I9h>`$oI
z%dp$W{^b34CJW{ySD|-O<>LKKu9vib!Zcn}Prh@T;!Zm=6&IO%6-}U-r$riYvB3Io
z&3Zjl$X5{?1E2x*ZT)IIjU<<H&r>03#qd{1e^5k&7*sedL>>K?+)Yg+=5-ilhZbc-
zWJ^4tO**<4o3fO!#D4((2rRRPZ9d33dlPj^e)!29m2~7sXq$4pxEZ?jkrm5gge~m+
zeLbU}W7nF$eh&fcPL(&0=bKM*u}sb<=E%l;q*M7l-`W-^HA4nMLD**Jg>B2HKOkF@
z@Q5s>Yb9MJXQw`(Pl&X+o!p40OOq4_ifRx5rsOWs?h@o0Z$;`d8v}ZF4!6^8yA$fe
zh`^?T1gTFfodvSdtBTL<)iM30Y5qh6Q7ROgu-Lwv=ms}vV~`WFQ1w=S2~R)#s~+P|
zk`or55aQ+DNhb^gL32KN+hs$C>WzQZh4327=!#0(SRDT55^O5Ttt<UVUwA$^I5`K}
zA4vh<*Rdge0JJpKjY9bo0jl+>$Cb7QLE<LXXmfx^9l2RrWU3S`kDQMSlJB}!HGq`~
zkOn^=@q0+2vpOLEf&eRpBngv^TNcBGiG<d^;g6b;K@fhge%t0;3B@H=e0ybi=E^pc
ziM;%npq;mN7`5B!)_*?Fu&xFGEWpNac443x!R7VELu|Dera{D2Pz|+FaH**3@3U)D
z<p>|00{=$ZPaygV#g80vdif0hvpxv^i5X!vhwQRm>u0_bTxAt8=<Q;0C}K@1WPYjK
zSyYor)!Z1)+yh6bSjRJ;b4j`vC;Q$jGep9W6h(3#I0MF9ep$}!x&nO%KHw;*eWe`F
z2o}ekA;E8XjZDoM!#xM4c6zJxs}i)%;q&o44pgIx#h@QfxHy;b$3N#7^HuNonr^Gi
zEeSOQlI-3Umr~b<;94;V>8TNoTP*te^x1D;tbuWgLFjIGe(_HDi^{wC3Id9Y1h*0o
z=k$+Z(HICAug}cWJ(@XfT>w*Q{x0>r;E~Rjf`?lS)SGmnU$X{o+>>R_+O_Z}5kbCi
zoocWyECC8iYaZ1W3A)cKUSFCD7aG^jQ8Eo?9pwVry)H~iRi6q|V)J~5Dc`DMB^doI
z_PX5Yj=uzq&gYsI+O7PO>`8-lA>6}LcrPqbnz)W1y+&+g$Fx!C41DL%{nWvrP|mJ>
z4qm(f+mkn+vi&9i$BbC8CA@*BiV*j}GjbRyRsT%uQM1#qpl=~u*B=82CuMW)&o7PG
zS(|>#>Ok1-K0XnN*8({W`#Geei$sRoRu7VaQ26T&NFn_Uzl>X-`v{yac6pf3I_8nB
zQ7o0@#3!CnOSdK20X0l_;WJWSVK2tOjW4t=eC=lOe3$_j*5G*h_#sA0zMBA=)iO99
zBHff-a7<;rJpa!!VsJ#nBms3PX{^DxW0S3qaLvQpqXa*gCv_s~y*pdg6yqQTVpoFf
z_pu%xa1)T;i{d5V);u$qi8Bf1Y44e0YiO*Dw6x=P%#A+`fS^ntKXDjauo^E1%9O2!
z?P!<q)`{tj|6{;E$>0tisT}HcM{$lfA;@oxlZuKksfu%Y01*fO*3<3k_ISO%4|yb=
z1h@jm@(a0Nz>6_+;~V_*vdd2%9+@EhNZA*FpW~%FWqzKjs1pRnJ!VQd6Ll27|6rnF
zn<5`Xq8|Wr7w{<4Jt0q!`$g7NIh)v4fjg9!SB#n6t#YY70WlU)?0|5yr}VI>oWar2
zYsm%!O8t8E_^0*2#P-(ixM+3m$bl$DC*gDfLnH{Y@fa$+7|EDPpM8}|kU8@g;s=P+
zJFxC1I6aaYu@8Jqb$lJYVAXzKtTwwpi25X|R|SyNZJa0V_sM>x@67!oF_tdSL6Iu1
zD7W<L&*jLK&=K3-_PE&kki3gXYef@+M*Gklc+Rfi)-$4pYbR=%_v5@==z(XdSo<CL
z4C9aqBAu9|d>6@_l#~QN#&yAfE}N^Kk)f6gLSzZv0aX}>D3Hb#fSW(C{tql1zXK)!
z0oA*&BJ@x#FR!FAQnwgjZ+7n6?w_;nJ}riQ5O#wQ!e)49_K2Yj{UvsA{Y>9VFGvf<
zux$<6rqGJgUmuehj11agnqCVG+FO~uWdG`MVTDUR^#7sZ*;tm-A+F{y*ID`6@cmUT
zW?9d)Lm8SrMR<;ter|t$>H%;eS{U%L1>}XXqWLYb7C!A)g?Py%v=V?8;IBW@2g^NP
zP^x8dy_$p|DzL$)^5kBf^K;#tS^_oQlWjTOKiw#SOjl?iiJlA&-A1+7*GPX7y%!Z7
zUbh6ki|$gCMUsUr@%gId(BENYnM&|Fot12U$ehHpqwJe%0$+L%f)r_LMWI6?;Be#W
z8le$wJwW;te*_n-V$SRO@u933wslB`Fzrautq<BV(p?2-;)APyDGPwMtbxwWUIEVj
z>}uv%n6<yQ{r3O-xjKT@Sif4$IX7DnLE2B%yEyw_ci@Wnu{J?GUA+*+o{xWd+G2$g
za7Vr9H9$6YXkJOEC1P67g-rnZqaMW_;&xZ0{SSqv6@2japg$eg<7|%=%4ur<+}-*t
zjhXi;?&5o{*H3Yt38Oz5+wgjS3bzrwzC<rZ-3H=7TnYO-rYS*)co`8n8X#k0VEOEA
z+5E-9&ZtInI6jSi`)=+;_-`{0|C%eUSTz8(@72|O`-?3GtlAUZ6%t}2pxnpt#=;|w
zfmadAbbg1*BYh=;LX&$P<+9W=^N!l&IF9`$@hODheTxBXFPt^@0=6-l1V6^p!X5C2
zzb{+8Kgqrus<w%d5bW<bi;{rE27jE4_eQ}|SvC&$v2hpb_skPV;|5R|p@yIi2@%B*
z1fZJ3{zm26UD)qS4fc5g#(B;YFWwZ<aF=0lLVvl`yNF8-5*U#szugMm)nVC_i2a2`
zbarwy_j~k2a^%aYh3a73!~yuS!@>2>EW!i9Q=^@KCW@$jZK7-XSEl;4sVj>@sj#$3
zaQL|0M6(N-*OxZkAPU_oeFAyoFp7x(JB^!uoYxadlBoxsrh;jJY%pmQ&LFrx<*w$f
zJ5LH9v;}noZZYG2>$VRB4|U!a_kha>z>ZvYF<=JEc<nd+RzD<=BI5WS!72VWxS*Kr
zNyN7-6O4^Z$_(0C(TxUkX8n2AXE{C|0Ppdy8(xE_kDR)+eSMrkFXo#sv|02Tk&=Zq
z$WtGnEgvV@DBv~q88Y1kCf&aLE#`K(yPuFtHxYNOAK~ppxe|2g2j)+h0=`Q|%*=nh
zv9q;L)uUAZa^E!ad$L&x)ax-QFruS_)!d;TtRE2w9nR{ZhsxqaxH@-2uQaiRA2<~4
z)tK5CR;m{sc?!CBO|5V+$IKBfO)V5NppQmEJ`eUA0hLeJ3V0oeeGLw}=xG;dHD|ZE
z@})a<1Rac@#vz}T!`RmR*w-RC%AwMewd%3-MsJPv$Ia?r7*&q@XxWUdb4w~)YeQm<
z%U5cNM=ILPgagUeN?ZBo8xd)g)g?Bh<LVk<4c5!H*ZAM;!HH|e&UV()&9<7&{HwN?
ze+62_fo7?u(Pe?wA1FCZ+&fJt0_ooa1XDgW40I^SVN@ByYw%oR!cJN}*KFj}EA*e-
z@JLN9TB`=wW3!OJZoP0pN(%5Od3VuzNTxNE;|RfAJ%}C8M(xbfH@V0)+-V%IFOe-=
zfFJ(?#4%GQpwp-EWx!h|W*DgC#K+V5JNLB@Q14<42<EcTG>!w)tDHY6>iG_%5A~Tr
zx`Om?2fo&UW01l5#S(X5!kc)FJEHQzg@_BqoZNiQ1|HVSu^BQVH=D)Chme?u0_2&m
z9in`CXc3&xp1v#77c8qwrE2N%?^TG#QTef@3F%{QAA`Fu8R=%vi^!WEWo{a=S?&q|
zErf3{X8lVziFI#n;>w*m@IeSjM?qD^nL7z1c`ax8?@`dKNjnLA%s@Z?GXuE~tW@hI
z7wi*$k#a}GOlVj=JyTva3T4|H-r1AJhZ!b(7(rC%EZJ-vbzBk<aj;|WrnK{lZJ~9t
zKnp-aB@NkzZnP8G;uWk>2R{OT!Gtj;;H_g1t2=<@IP3--3F5X8P4JQ?cn1%^b^k}W
zc##PPn?C{Jm)(k>Eeqk4^X}Uj6SJ<5@#ya3@v{$XJqYHQQ5JyyYZoktbh)IDdr~9z
zWJTOs;|X!Pxf0?t6YOiT9D+J3%qibzA7EL6%()(BN!w2(jIx9VY>K0bFAe7kdq1b2
zn_e#p*Jdhm8y+q6D>nj{2}UI`d1a#bc_9h-ntEB73-#Pi=Z;FjqcD1jgjkrcS|ys1
zy!~+Es;?|V2I%Syt_<?qHP|$0Qt^k!0EZB*Qc5!vU2Lcz7B=r`C<2z8NFcUmnO{8i
m|5=7Y72Be8Fd?Q;r8YC=(r2Il@(c|B|1W#JNr$11mjM7hd1YJx

diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.schema.json b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.schema.json
index 9e0f186b8..6bafcf228 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.schema.json
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.schema.json
@@ -1520,8 +1520,7 @@
                   "required":[
                      "image",
                      "replicas",
-                     "resources",
-                     "service"
+                     "resources"
                   ],
                   "properties":{
                      "hpa":{
@@ -1632,16 +1631,6 @@
                               }
                            }
                         }
-                     },
-                     "service":{
-                        "type":"object",
-                        "properties":{
-                           "casaServiceName":{
-                              "description":"Name of the casa service. Please keep it as default.",
-                              "type":"string",
-                              "pattern":"^[a-z0-9-]+$"
-                           }
-                        }
                      }
                   }
                }
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml
index 73891192f..02b9764e0 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml
@@ -94,7 +94,7 @@ admin-ui:
     # -- Image  to use for deploying.
     repository: gluufederation/admin-ui
     # -- Image  tag to use for deploying.
-    tag: 1.0.0-beta.16
+    tag: 1.0.0-0
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
@@ -289,7 +289,7 @@ casa:
     # -- Image  to use for deploying.
     repository: gluufederation/casa
     # -- Image  tag to use for deploying.
-    tag: 5.0.0_dev
+    tag: 5.0.0-0
     # -- Image Pull Secrets
     pullSecrets: [ ]
   # -- Service replica number.
diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/index.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/index.yaml
index 59ef75063..914266438 100644
--- a/flex-cn-setup/pygluu/kubernetes/templates/helm/index.yaml
+++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/index.yaml
@@ -31,7 +31,7 @@ entries:
       catalog.cattle.io/release-name: gluu
     apiVersion: v2
     appVersion: 5.0.0
-    created: "2022-03-14T10:30:04.4075976Z"
+    created: "2022-03-14T12:21:30.8656218Z"
     dependencies:
     - condition: global.config.enabled
       name: config
@@ -94,7 +94,7 @@ entries:
       repository: ""
       version: 5.0.3
     description: Gluu Access and Identity Management
-    digest: a822a477c5244394cd8b4a7fc1c0e10d9a8341da5d5208dd813e14af65b0ebc8
+    digest: 03d7f066407a17f46bea03736100af0911a18c91efcf83248d6d175b6a8ac069
     home: https://www.gluu.org
     icon: https://gluu.org/docs/gluu-server/favicon.ico
     kubeVersion: '>=v1.21.0-0'
@@ -140,7 +140,7 @@ entries:
       catalog.cattle.io/release-name: gluu
     apiVersion: v2
     appVersion: 5.0.0
-    created: "2022-03-14T10:30:04.373598Z"
+    created: "2022-03-14T12:21:30.8416289Z"
     dependencies:
     - condition: global.config.enabled
       name: config
@@ -257,7 +257,7 @@ entries:
       catalog.cattle.io/release-name: gluu
     apiVersion: v2
     appVersion: 5.0.0
-    created: "2022-03-14T10:30:04.3496292Z"
+    created: "2022-03-14T12:21:30.8200679Z"
     dependencies:
     - condition: global.config.enabled
       name: config
@@ -374,7 +374,7 @@ entries:
       catalog.cattle.io/release-name: gluu
     apiVersion: v2
     appVersion: 5.0.0
-    created: "2022-03-14T10:30:04.3256206Z"
+    created: "2022-03-14T12:21:30.7979486Z"
     dependencies:
     - condition: global.config.enabled
       name: config
@@ -455,4 +455,4 @@ entries:
     urls:
     - gluu-5.0.0.tgz
     version: 5.0.0
-generated: "2022-03-14T10:30:04.2986375Z"
+generated: "2022-03-14T12:21:30.7782624Z"

From d843f23fbd029aa347ef9c349963ba1e6281a0d9 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 08:36:25 +0000
Subject: [PATCH 047/101] chore: update admin ui base

---
 docker-admin-ui/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile
index 61953f742..c272a6f43 100644
--- a/docker-admin-ui/Dockerfile
+++ b/docker-admin-ui/Dockerfile
@@ -28,7 +28,7 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 # TODO:
 # - use NODE_ENV=production
 # - download build package (not git clone)
-ENV ADMIN_UI_VERSION=6c599304ae0167f925caf0474eac929e7ed162fb
+ENV ADMIN_UI_VERSION=0b2ed93cadcf031c5f92c050192f0b0c6f1a0918
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the admin-ui code

From a9427f6f2288821836606cd9c7b7aa568d5c0b07 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 09:52:30 +0000
Subject: [PATCH 048/101] ci: update release asset uploads

---
 .github/workflows/releaseplease.yml |  32 ++++++++-
 .github/workflows/uploadrelease.yml | 104 ++++++++++++++++++++++------
 2 files changed, 115 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/releaseplease.yml b/.github/workflows/releaseplease.yml
index 3182aeb5d..671321132 100644
--- a/.github/workflows/releaseplease.yml
+++ b/.github/workflows/releaseplease.yml
@@ -113,4 +113,34 @@ jobs:
          token: ${{ secrets.MOWORKFLOWTOKEN }}
          release-type: node
          package-name: ${{ matrix.node-projects }}
-         monorepo-tags: true
\ No newline at end of file
+         monorepo-tags: true
+  mega-release-pr:
+    needs: release-python-pr
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Import GPG key
+      id: import_gpg
+      uses: crazy-max/ghaction-import-gpg@v4
+      with:
+        gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
+        passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+
+    - name: Configure Git
+      run: |
+        git config user.name "mo-auto"
+        git config user.email "54212639+mo-auto@users.noreply.github.com"
+        git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
+
+
+    - uses: google-github-actions/release-please-action@v3.1
+      id: release-please
+      with:
+         token: ${{ secrets.MOAUTO3_WORKFLOW_TOKEN }}
+         release-type: simple
diff --git a/.github/workflows/uploadrelease.yml b/.github/workflows/uploadrelease.yml
index e049f515e..7dba18867 100644
--- a/.github/workflows/uploadrelease.yml
+++ b/.github/workflows/uploadrelease.yml
@@ -12,23 +12,49 @@ jobs:
     strategy:
       matrix:
         include:
+            # pygluu kubernetes
           - os: ubuntu-latest
             artifact_name: pygluu-kubernetes.pyz
             asset_name: pygluu-kubernetes-linux-amd64.pyz
-          #- os: windows-latest
-          #  artifact_name: pygluu-kubernetes-windows
-          #  asset_name: pygluu-kubernetes-windows-amd64
-          - os: macos-latest
-            artifact_name: pygluu-kubernetes.pyz
-            asset_name: pygluu-kubernetes-macos-amd64.pyz
+            asset_directory: flex-cn-setup
+            python_version: 3.8
+            # flex linux setup
+          - os: ubuntu-latest
+            artifact_name: flex-linux-setup.pyz
+            asset_name: flex-linux-setup-ubuntu-amd64.pyz
+            asset_directory: flex-linux-setup
+            python_version: 3.8
+            # flex linux setup on CentOS8
+          - os: ubuntu-latest
+            artifact_name: flex-linux-setup.pyz
+            asset_name: flex-linux-setup-centos8-amd64.pyz
+            asset_directory: flex-linux-setup
+            python_version: 3.8
+            # helm chart
+          - os: ubuntu-latest
+            artifact_name: helm # Will be changed automatically
+            asset_name: helm # Will be changed automatically
+            asset_directory: flex-cn-setup/pygluu/kubernetes/templates/helm/gluu
+            python_version: 3.8
 
     steps:
     - name: Checkout code
       uses: actions/checkout@master
-    - name: Set up Python 3.7
-      uses: actions/setup-python@v2.3.1
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v3.0.0
       with:
-        python-version: 3.7
+        python-version: 3.8
+    - name: Map outputs
+      id: output
+      run: |
+        echo ::set-output name=artifact_name::${{ matrix.artifact_name }}
+        echo ::set-output name=asset_name::${{ matrix.asset_name }}
+        ASSET_NAME=$(ls | grep ".tgz" | sort -rn | head -1)
+        if [[ "${{ matrix.asset_directory }}" == "flex-cn-setup/pygluu/kubernetes/templates/helm/gluu" ]]; then
+          echo ::set-output name=artifact_name::${ASSET_NAME}
+          echo ::set-output name=asset_name::${ASSET_NAME}     
+        fi
+        echo "::set-output name=tag::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1)"
 
     - name: Install dependencies
       run: |
@@ -39,7 +65,7 @@ jobs:
       run: |
         pip3 install flake8
         # stop the build if there are Python syntax errors or undefined names
-        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        flake8 . --count --exit-zero --select=E9,F63,F7,F82 --show-source --statistics
         # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
         flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
 
@@ -47,22 +73,52 @@ jobs:
       uses: actions/checkout@master
 
     - name: Build Zipapp
+      if: matrix.asset_name != 'flex-linux-setup-centos8-amd64.pyz'
       run: |
         sudo apt-get update || brew install jq
-        sudo apt-get install build-essential || echo "Maybe im on macor OS"
+        sudo apt-get install build-essential || echo "Maybe im on macos OS"
         pip3 install shiv
-        make zipapp
+        cd ${{ matrix.asset_directory }}
+        if [[ "${{ matrix.asset_directory }}" == "flex-cn-setup/pygluu/kubernetes/templates/helm/gluu" ]]; then
+          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+          chmod 700 get_helm.sh
+          ./get_helm.sh
+          helm package .
+          sha256sum ${{ steps.output.outputs.artifact_name }} > ${{ steps.output.outputs.artifact_name }}.sha256sum
+        else
+          make zipapp
+          sha256sum ${{ steps.output.outputs.artifact_name }} > ${{ steps.output.outputs.artifact_name }}.sha256sum
+        fi
 
-    - name: Get project
-      id: project
-      run: |
-        echo "::set-output name=gituser::$(python3 -c 'import os ; REPO = os.environ.get("GITHUB_REPOSITORY") ; print(str(REPO).split("/")[0])')"
-        echo "::set-output name=gitproject::$(python3 -c 'import os ; REPO = os.environ.get("GITHUB_REPOSITORY") ; print(str(REPO).split("/")[1])')"
+    - uses: addnab/docker-run-action@v3
+      if: matrix.asset_name == 'flex-linux-setup-centos8-amd64.pyz'
+      name: Build with CentOS8
+      continue-on-error: true
+      with:
+        image: centos:centos8
+        options: -v ${{ github.workspace }}:/centos
+        run: |
+          yum install python36u python36u-devel python36u-pip -y
+          yum install gcc openssl-devel bzip2-devel libffi-devel zlib-devel -y
+          curl https://www.python.org/ftp/python/3.6.15/Python-3.6.15.tgz --output Python-3.6.15.tgz
+          tar xzf Python-3.6.15.tgz
+          cd Python-3.6.15
+          ./configure --enable-optimizations
+          yum install make -y
+          make altinstall
+          yum -y install epel-release
+          curl https://bootstrap.pypa.io/get-pip.py --output get-pip.py
+          python3.7 get-pip.py
+          echo "Building flex-linux-setup package"
+          cd /centos/flex-linux-setup
+          pip install shiv
+          make zipapp
+          sha256sum ${{ steps.output.outputs.artifact_name }} > ${{ steps.output.outputs.artifact_name }}.sha256sum
 
     - name: Get latest tag
       id: previoustag
       run: |
-        echo "::set-output name=tag::$(curl https://api.github.com/repos/${{ steps.project.outputs.gituser }}/${{ steps.project.outputs.gitproject }}/releases/latest -s | grep "tag_name" | cut -d '"' -f 4)"
+        echo "::set-output name=tag::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1)"
 
     - name: Print Version
       run: |
@@ -73,6 +129,14 @@ jobs:
       uses: svenstaro/upload-release-action@v2
       with:
         repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
-        file: ${{ matrix.artifact_name }}
-        asset_name: ${{ matrix.asset_name }}
+        file: ${{github.workspace}}/${{ matrix.asset_directory }}/${{ steps.output.outputs.artifact_name }}
+        asset_name: ${{ steps.output.outputs.asset_name }}
         tag: ${{ steps.previoustag.outputs.tag }}
+
+    - name: Upload shas to release
+      uses: svenstaro/upload-release-action@v2
+      with:
+        repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
+        file: ${{github.workspace}}/${{ matrix.asset_directory }}/${{ steps.output.outputs.artifact_name }}.sha256sum
+        asset_name: ${{ steps.output.outputs.asset_name }}.sha256sum
+        tag: ${{ steps.previoustag.outputs.tag }}
\ No newline at end of file

From 83df984a45c13689e18658d5ff32d5481b86cb5f Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 11:54:19 +0000
Subject: [PATCH 049/101] ci: update release asset uploads

---
 .github/workflows/uploadrelease.yml | 67 ++++++++++++++---------------
 1 file changed, 33 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/uploadrelease.yml b/.github/workflows/uploadrelease.yml
index 7dba18867..d9cd27798 100644
--- a/.github/workflows/uploadrelease.yml
+++ b/.github/workflows/uploadrelease.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 jobs:
   publish:
-    name: Publish for ${{ matrix.os }}
+    name: Publish for ${{ matrix.asset_name }}
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -27,7 +27,7 @@ jobs:
             # flex linux setup on CentOS8
           - os: ubuntu-latest
             artifact_name: flex-linux-setup.pyz
-            asset_name: flex-linux-setup-centos8-amd64.pyz
+            asset_name: flex-linux-setup-centos-amd64.pyz
             asset_directory: flex-linux-setup
             python_version: 3.8
             # helm chart
@@ -44,15 +44,30 @@ jobs:
       uses: actions/setup-python@v3.0.0
       with:
         python-version: 3.8
+
+    - name: Build Helm Package
+      if: matrix.asset_name == 'helm'
+      run: |
+
+        cd ${{ matrix.asset_directory }}
+        curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+        chmod 700 get_helm.sh
+        ./get_helm.sh
+        helm package .
+        ASSET_NAME=$(ls ${{github.workspace}}/${{ matrix.asset_directory }} | grep ".tgz" | grep -Ev "sha256sum" | sort -rn | head -1)
+        sha256sum ${ASSET_NAME} > ${ASSET_NAME}.sha256sum
+
     - name: Map outputs
       id: output
       run: |
-        echo ::set-output name=artifact_name::${{ matrix.artifact_name }}
-        echo ::set-output name=asset_name::${{ matrix.asset_name }}
-        ASSET_NAME=$(ls | grep ".tgz" | sort -rn | head -1)
-        if [[ "${{ matrix.asset_directory }}" == "flex-cn-setup/pygluu/kubernetes/templates/helm/gluu" ]]; then
+        if [[ "${{ matrix.asset_name }}" == "helm" ]]; then
+          ASSET_NAME=$(ls ${{github.workspace}}/${{ matrix.asset_directory }} | grep ".tgz" | grep -Ev "sha256sum" | sort -rn | head -1)
+          echo "Modifying helm asset name to ${ASSET_NAME}"
           echo ::set-output name=artifact_name::${ASSET_NAME}
           echo ::set-output name=asset_name::${ASSET_NAME}     
+        else
+          echo ::set-output name=artifact_name::${{ matrix.artifact_name }}
+          echo ::set-output name=asset_name::${{ matrix.asset_name }}
         fi
         echo "::set-output name=tag::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1)"
 
@@ -69,63 +84,46 @@ jobs:
         # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
         flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
 
-    - name: Checkout code
-      uses: actions/checkout@master
-
     - name: Build Zipapp
-      if: matrix.asset_name != 'flex-linux-setup-centos8-amd64.pyz'
+      if: matrix.asset_name != 'flex-linux-setup-centos8-amd64.pyz' && matrix.asset_name != 'helm'
       run: |
         sudo apt-get update || brew install jq
         sudo apt-get install build-essential || echo "Maybe im on macos OS"
         pip3 install shiv
         cd ${{ matrix.asset_directory }}
-        if [[ "${{ matrix.asset_directory }}" == "flex-cn-setup/pygluu/kubernetes/templates/helm/gluu" ]]; then
-          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
-          chmod 700 get_helm.sh
-          ./get_helm.sh
-          helm package .
-          sha256sum ${{ steps.output.outputs.artifact_name }} > ${{ steps.output.outputs.artifact_name }}.sha256sum
-        else
-          make zipapp
-          sha256sum ${{ steps.output.outputs.artifact_name }} > ${{ steps.output.outputs.artifact_name }}.sha256sum
-        fi
+        make zipapp
+        sha256sum ${{ steps.output.outputs.artifact_name }} > ${{ steps.output.outputs.artifact_name }}.sha256sum
+        ls
 
     - uses: addnab/docker-run-action@v3
       if: matrix.asset_name == 'flex-linux-setup-centos8-amd64.pyz'
       name: Build with CentOS8
       continue-on-error: true
       with:
-        image: centos:centos8
+        image: centos/python-36-centos7:latest
         options: -v ${{ github.workspace }}:/centos
         run: |
-          yum install python36u python36u-devel python36u-pip -y
-          yum install gcc openssl-devel bzip2-devel libffi-devel zlib-devel -y
-          curl https://www.python.org/ftp/python/3.6.15/Python-3.6.15.tgz --output Python-3.6.15.tgz
-          tar xzf Python-3.6.15.tgz
-          cd Python-3.6.15
-          ./configure --enable-optimizations
-          yum install make -y
-          make altinstall
-          yum -y install epel-release
-          curl https://bootstrap.pypa.io/get-pip.py --output get-pip.py
-          python3.7 get-pip.py
           echo "Building flex-linux-setup package"
           cd /centos/flex-linux-setup
           pip install shiv
           make zipapp
           sha256sum ${{ steps.output.outputs.artifact_name }} > ${{ steps.output.outputs.artifact_name }}.sha256sum
+          ls
 
     - name: Get latest tag
       id: previoustag
       run: |
         echo "::set-output name=tag::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1)"
 
-    - name: Print Version
+    - name: Print outputs
       run: |
         echo "${{ steps.previoustag.outputs.tag }}"
+        echo "${{ steps.output.outputs.asset_name }}"
+        echo "${{ steps.output.outputs.artifact_name }}"
 
 
     - name: Upload binaries to release
+      continue-on-error: true
       uses: svenstaro/upload-release-action@v2
       with:
         repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
@@ -134,9 +132,10 @@ jobs:
         tag: ${{ steps.previoustag.outputs.tag }}
 
     - name: Upload shas to release
+      continue-on-error: true
       uses: svenstaro/upload-release-action@v2
       with:
         repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
         file: ${{github.workspace}}/${{ matrix.asset_directory }}/${{ steps.output.outputs.artifact_name }}.sha256sum
         asset_name: ${{ steps.output.outputs.asset_name }}.sha256sum
-        tag: ${{ steps.previoustag.outputs.tag }}
\ No newline at end of file
+        tag: ${{ steps.previoustag.outputs.tag }}

From 3d5cca6ee04c9f30212b80d9fb8f83117e06a646 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 12:10:24 +0000
Subject: [PATCH 050/101] chore: release 5.0.0-0 Release-As: 5.0.0-0

---
 casa/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/casa/README.md b/casa/README.md
index 94b4d1dce..9b52568ea 100644
--- a/casa/README.md
+++ b/casa/README.md
@@ -1,2 +1,3 @@
 # casa
 User-facing dashboard for people to manage authentication and authorization data in the Gluu Server.
+

From c783f54126cb38b17207288de9cd4fb16b80dd49 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 12:29:03 +0000
Subject: [PATCH 051/101] ci: fix release token

---
 .github/workflows/releaseplease.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/releaseplease.yml b/.github/workflows/releaseplease.yml
index 671321132..465404864 100644
--- a/.github/workflows/releaseplease.yml
+++ b/.github/workflows/releaseplease.yml
@@ -115,7 +115,7 @@ jobs:
          package-name: ${{ matrix.node-projects }}
          monorepo-tags: true
   mega-release-pr:
-    needs: release-python-pr
+    needs: release-node-pr
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
@@ -142,5 +142,5 @@ jobs:
     - uses: google-github-actions/release-please-action@v3.1
       id: release-please
       with:
-         token: ${{ secrets.MOAUTO3_WORKFLOW_TOKEN }}
+         token: ${{ secrets.MOWORKFLOWTOKEN }}
          release-type: simple

From 44a1d751b5e30e77d688b8fc85fd658d5a440dc2 Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Tue, 15 Mar 2022 20:05:50 +0530
Subject: [PATCH 052/101] fix: all scopes fields should be saved on add/edit
 #144

---
 .../components/Scopes/ScopeForm.js            | 31 +++++++++++++------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/admin-ui/plugins/auth-server/components/Scopes/ScopeForm.js b/admin-ui/plugins/auth-server/components/Scopes/ScopeForm.js
index 08f96419c..8de8c87d9 100644
--- a/admin-ui/plugins/auth-server/components/Scopes/ScopeForm.js
+++ b/admin-ui/plugins/auth-server/components/Scopes/ScopeForm.js
@@ -48,18 +48,19 @@ function ScopeForm({ scope, scripts, attributes, handleSubmit }) {
   function enableDynamic(type) {
     return type === 'dynamic'
   }
-  function handleScopeTypeChanged() {
-    const type = document.getElementById('scopeType')
-    if (type && type.value === 'openid') {
+  function handleScopeTypeChanged(type) {
+    if (type && type === 'openid') {
       handleClaimsPanel(true)
     } else {
       handleClaimsPanel(false)
     }
-    if (type && type.value === 'dynamic') {
+    if (type && type === 'dynamic') {
       handleDynamicPanel(true)
     } else {
       handleDynamicPanel(false)
     }
+    scope.dynamicScopeScripts = ''
+    scope.claims = ''
   }
 
   function getMapping(partial, total) {
@@ -103,10 +104,11 @@ function ScopeForm({ scope, scripts, attributes, handleSubmit }) {
         })}
         onSubmit={(values) => {
           const result = Object.assign(scope, values)
-          result['scopeType'] = document.getElementById('scopeType').value
+          //result[‘scopeType’] = document.getElementById(‘scopeType’).value
           result['id'] = result.displayName
-          result['attributes'].showInConfigurationEndpoint =
-            result.showInConfigurationEndpoint
+          result['attributes'].showInConfigurationEndpoint = scope.attributes.showInConfigurationEndpoint
+          result['attributes'].spontaneousClientId = scope.attributes.spontaneousClientId
+          result['attributes'].spontaneousClientScopes = scope.attributes.spontaneousClientScopes
           handleSubmit(JSON.stringify(result))
         }}
       >
@@ -177,7 +179,10 @@ function ScopeForm({ scope, scripts, attributes, handleSubmit }) {
                       id="scopeType"
                       name="scopeType"
                       defaultValue={scope.scopeType}
-                      onChange={handleScopeTypeChanged}
+                      onChange={(e) => {
+                        handleScopeTypeChanged(e.target.value)
+                        formik.setFieldValue('scopeType', e.target.value)
+                      }}
                     >
                       <option value="">{t('actions.choose')}...</option>
                       <option value="oauth">OAuth</option>
@@ -249,7 +254,10 @@ function ScopeForm({ scope, scripts, attributes, handleSubmit }) {
                         id="spontaneousClientId"
                         name="spontaneousClientId"
                         defaultValue={scope.attributes.spontaneousClientId}
-                        onChange={formik.handleChange}
+                        onChange={(e) => {
+                          scope.attributes.spontaneousClientId = e.target.value
+                          formik.setFieldValue('spontaneousClientId', e.target.value)
+                        }}
                       />
                     </Col>
                   </FormGroup>
@@ -272,7 +280,10 @@ function ScopeForm({ scope, scripts, attributes, handleSubmit }) {
                           defaultValue={
                             scope.attributes.showInConfigurationEndpoint
                           }
-                          onChange={formik.handleChange}
+                          onChange={(e) => {
+                            scope.attributes.showInConfigurationEndpoint = e.target.value
+                            formik.setFieldValue('showInConfigurationEndpoint', e.target.value)
+                          }}
                         >
                           <option value="true">{t('options.true')}</option>
                           <option value="false">{t('options.false')}</option>

From 08aeae7ae5c1ff9be8223d214237ea4f851495fe Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 15:41:52 +0000
Subject: [PATCH 053/101] ci: add rancher partner chart job

---
 .../post-to-rancher-partner-charts.yml        |   66 +
 .../rancher-partner-charts/app-readme.md      |   35 +
 .../rancher-partner-charts/package.yaml       |    2 +
 .../rancher-partner-charts/questions.yaml     | 1191 +++++++++++++++++
 4 files changed, 1294 insertions(+)
 create mode 100644 .github/workflows/post-to-rancher-partner-charts.yml
 create mode 100644 automation/rancher-partner-charts/app-readme.md
 create mode 100644 automation/rancher-partner-charts/package.yaml
 create mode 100644 automation/rancher-partner-charts/questions.yaml

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
new file mode 100644
index 000000000..6bd27dc61
--- /dev/null
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -0,0 +1,66 @@
+name: rancher-partner-charts
+# This posts the latest chart to rancher/partner-charts
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+jobs:
+  publish:
+    name: Publish on rancher partner charts
+    runs-on: ubuntu-latest we
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@master
+
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v3.0.0
+      with:
+        python-version: 3.8
+
+      - name: analyze chart
+        run: |
+          sudo bash automation/janssen_helm_chart/prepare_chart.sh
+
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v4
+        with:
+          gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Get latest tag
+        id: previoustag
+        run: |
+          echo "::set-output name=tag::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1)"
+          echo "::set-output name=version::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1 | cut -d 'v' -f 2)"
+      - name: Configure Git
+        run: |
+          git config user.name "mo-auto"
+          git config user.email "54212639+mo-auto@users.noreply.github.com"
+          git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
+          # open branch in rancher-partner
+          git clone https://github.com/rancher/partner-charts.git
+          cd partner-charts
+          git remote set-url origin https://mo-auto:${{ secrets.MOWORKFLOWTOKEN }}@github.com/rancher/partner-charts.git
+          git switch -c gluu-flex-main-source origin/main-source
+          cp ../automation/rancher-partner-charts/package.yaml ./packages/gluu/package.yaml
+          export PACKAGE=gluu
+          make prepare
+          cp ../automation/rancher-partner-charts/app-readme.md ./packages/gluu/charts/app-readme.md
+          cp ../automation/rancher-partner-charts/questions.yaml ./packages/gluu/charts/questions.yaml
+          make patch
+          make clean
+          git add -A
+          git commit -S -s -m "feat(gluu): patch helm package"
+          make charts
+          git add -A
+          git commit -S -s -m "feat(gluu): chart helm package"
+          git push --set-upstream origin gluu-flex-main-source
+          MESSAGE="feat(gluu): update Gluu helm partner chart"
+          BODY="This is an automated message propagated by a release in the parent Gluu chart."
+          echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt
+          gh auth login --with-token < token.txt
+          PR=$(gh pr create --base "main-source" --body "${BODY}" --title "${MESSAGE}")        
diff --git a/automation/rancher-partner-charts/app-readme.md b/automation/rancher-partner-charts/app-readme.md
new file mode 100644
index 000000000..84d58ba8c
--- /dev/null
+++ b/automation/rancher-partner-charts/app-readme.md
@@ -0,0 +1,35 @@
+## Introduction
+The Gluu Server is a container distribution of free open source software (FOSS) for identity and access management (IAM). SaaS, custom, open source and commercial web and mobile applications can leverage a Gluu Server for user authentication, identity information, and policy decisions.
+
+Common use cases include:
+
+- Single sign-on (SSO)   
+- Mobile authentication    
+- API access management  
+- Two-factor authentication (2FA)
+- Customer identity and access management (CIAM)   
+- Identity federation      
+
+### Free Open Source Software 
+The Gluu Server is a FOSS platform for IAM.
+
+### Open Web Standards
+The Gluu Server can be deployed to support the following open standards for authentication, authorization, federated identity, and identity management:
+
+- OAuth 2.0    
+- OpenID Connect    
+- User Managed Access 2.0 (UMA)    
+- SAML 2.0   
+- System for Cross-domain Identity Management (SCIM)    
+- FIDO Universal 2nd Factor (U2F)
+- FIDO 2.0 / WebAuthn
+- Lightweight Directory Access Protocol (LDAP)   
+- Remote Authentication Dial-In User Service (RADIUS)
+
+### Important notes for installation:
+- Make sure to enable `Customize Helm options before install` after clicking the initial `Install` on the top right. When you view your helm options, please uncheck the wait parameter as that conflicts with the post-install hook for the persistence image.
+
+### Quick install on Rancher UI with Docker single node
+- Install the nginx-ingress-controller chart.
+- Install the OpenEBS chart.
+- Install Gluu chart and specify your persistence as ldap.
\ No newline at end of file
diff --git a/automation/rancher-partner-charts/package.yaml b/automation/rancher-partner-charts/package.yaml
new file mode 100644
index 000000000..6e492bc97
--- /dev/null
+++ b/automation/rancher-partner-charts/package.yaml
@@ -0,0 +1,2 @@
+url: https://github.com/GluuFederation/flex/releases/download/v5.0.3/gluu-5.0.3.tgz
+packageVersion: 02
\ No newline at end of file
diff --git a/automation/rancher-partner-charts/questions.yaml b/automation/rancher-partner-charts/questions.yaml
new file mode 100644
index 000000000..0fd1713bc
--- /dev/null
+++ b/automation/rancher-partner-charts/questions.yaml
@@ -0,0 +1,1191 @@
+questions:
+# ==================
+# Distribution group
+# ==================
+- variable: global.distribution
+  default: "openbanking"
+  required: true
+  type: enum
+  label: Gluu Distribution
+  description: "Gluu Distribution. Openbanking only contains Config-API and the Auth Server customized for Openbanking industry."
+  group: "Global Settings"
+  options:
+    - "default"
+    - "openbanking"
+
+# ========================
+# OpenBanking Distribution
+# ========================
+- variable: global.cnObExtSigningJwksUri
+  required: true
+  default: "https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks"
+  description: "Open banking external signing jwks uri. Used in SSA Validation."
+  type: hostname
+  group: "OpenBanking Distribution"
+  label: Openbanking external signing JWKS URI
+  show_if: "global.distribution=openbanking"
+  subquestions:
+  - variable: global.cnObExtSigningJwksCrt
+    default: ""
+    required: true
+    group: "OpenBanking Distribution"
+    description: "Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set."
+    type: multiline
+    label: Open banking external signing jwks AS certificate authority string
+  - variable: global.cnObExtSigningJwksKey
+    default: ""
+    required: true
+    group: "OpenBanking Distribution"
+    description: "Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set."
+    type: multiline
+    label: Open banking external signing jwks AS key string
+  - variable: global.cnObExtSigningJwksKeyPassPhrase
+    default: ""
+    required: true
+    group: "OpenBanking Distribution"
+    description: "Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set."
+    type: password
+    label: Open banking external signing jwks AS key passphrase
+    min_length: 6
+  - variable: global.cnObExtSigningAlias
+    default: "XkwIzWy44xWSlcWnMiEc8iq9s2G"
+    required: true
+    group: "OpenBanking Distribution"
+    description: "Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G"
+    type: string
+    label: Open banking external signing AS Alias
+- variable: global.cnObStaticSigningKeyKid
+  default: "Wy44xWSlcWnMiEc8iq9s2G"
+  required: true
+  group: "OpenBanking Distribution"
+  description: "Open banking  signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G"
+  type: string
+  label: Open banking  signing AS kid
+  show_if: "global.distribution=openbanking"
+- variable: global.cnObTransportAlias
+  default: ""
+  required: false
+  group: "OpenBanking Distribution"
+  description: "Open banking transport Alias used inside the JVM."
+  type: string
+  label: Open banking transport Alias used inside the JVM.
+  show_if: "global.distribution=openbanking"
+  subquestions:
+  - variable: global.cnObTransportCrt
+    default: ""
+    required: true
+    group: "OpenBanking Distribution"
+    description: "Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64."
+    type: multiline
+    label: Open banking AS transport crt
+  - variable: global.cnObTransportKey
+    default: ""
+    required: true
+    group: "OpenBanking Distribution"
+    description: "Open banking AS transport key. Used in SSA Validation. This must be encoded using base64."
+    type: multiline
+    label: Open banking AS transport key
+  - variable: global.cnObTransportKeyPassPhrase
+    default: ""
+    required: true
+    group: "OpenBanking Distribution"
+    description: "Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64."
+    type: password
+    label: Open banking AS transport key passphrase
+    min_length: 6
+  - variable: global.cnObTransportTrustStore
+    default: ""
+    required: true
+    group: "OpenBanking Distribution"
+    description: "Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64."
+    type: multiline
+    label: Open banking external signing jwks AS certificate authority string
+
+# =======================
+# Optional Services group
+# =======================
+- variable: global.admin-ui.enabled
+  default: false
+  type: boolean
+  group: "Optional Services"
+  required: false
+  label: Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. This requires a license agreement with Gluu.
+  show_if: "global.distribution=default"
+  show_subquestion_if: true
+  subquestions:
+  - variable: global.admin-ui.adminUiApiKey
+    default: ""
+    required: true
+    description: "Admin UI license API key. Obtain this from Gluu."
+    type: multiline
+    label: Admin UI license API key. Obtain this from Gluu
+  - variable: global.admin-ui.adminUiProductCode
+    default: ""
+    required: true
+    description: "Admin UI license product code. Obtain this from Gluu."
+    type: multiline
+    label: Admin UI license product code. Obtain this from Gluu.
+  - variable: global.admin-ui.adminUiSharedKey
+    default: ""
+    required: true
+    description: "Admin UI license shared key. Obtain this from Gluu."
+    type: multiline
+    label: Admin UI license shared key. Obtain this from Gluu.
+  - variable: global.admin-ui.adminUiManagementKey
+    default: ""
+    required: true
+    description: "Admin UI license management key. Obtain this from Gluu."
+    type: multiline
+    label: Admin UI license management key. Obtain this from Gluu.
+- variable: global.auth-server-key-rotation.enabled
+  default: false
+  type: boolean
+  group: "Optional Services"
+  required: true
+  label: Enable Auth key rotation cronjob
+  show_if: "global.distribution=default"
+  show_subquestion_if: true
+  subquestions:
+  - variable: auth-server-key-rotation.keysLife
+    default: 48
+    description: "Auth server key rotation keys life in hours."
+    type: int
+    label: Key life
+- variable: global.fido2.enabled
+  default: false
+  type: boolean
+  group: "Optional Services"
+  required: true
+  show_if: "global.distribution=default"
+  label: Enable Fido2
+  description: "FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments."
+- variable: global.config-api.enabled
+  default: false
+  type: boolean
+  group: "Optional Services"
+  required: true
+  label: Enable ConfigAPI
+  description: "Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)."
+- variable: global.scim.enabled
+  default: false
+  type: boolean
+  group: "Optional Services"
+  required: true
+  show_if: "global.distribution=default"
+  label: Enable SCIM
+  description: "System for Cross-domain Identity Management (SCIM) version 2.0"
+- variable: global.client-api.enabled
+  default: false
+  type: boolean
+  group: "Optional Services"
+  required: true
+  label: Enable ClientAPI
+  show_if: "global.distribution=default"
+  description: "Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting."
+  show_subquestion_if: true
+  subquestions:
+  - variable: config.configmap.cnClientApiApplicationCertCn
+    default: "client-api"
+    description: "Client API application keystore name"
+    type: string
+    label: Client API application keystore name
+  - variable: config.configmap.cnClientApiAdminCertCn
+    default: "client-api"
+    description: "Client API admin keystore name"
+    type: string
+    label: Client API admin keystore name
+- variable: global.jackrabbit.enabled
+  default: false
+  type: boolean
+  group: "Optional Services"
+  required: true
+  label: Enable Jackrabbit
+  show_if: "global.distribution=default"
+  show_subquestion_if: true
+  description: "Needed for SAML. Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. https://jackrabbit.apache.org/jcr/index.html ."
+  subquestions:
+  - variable: jackrabbit.storage.size
+    default: "4Gi"
+    description: "Size of Jackrabbit content repository volume storage."
+    type: string
+    label: Volume storage
+  - variable: config.configmap.cnJackrabbitUrl
+    default: "http://jackrabbit:8080"
+    description: "Please enter jackrabbit url."
+    type: hostname
+    label: Jackrabbit URL
+  - variable: config.configmap.cnJackrabbitAdminId
+    default: "admin"
+    description: "Jackrabbit admin user"
+    type: string
+    label: Jackrabbit Admin User
+    valid_chars: "^[a-z]+$"
+  - variable: jackrabbit.secrets.cnJackrabbitAdminPassword
+    default: "Test1234#"
+    description: "Jackrabbit admin password"
+    type: password
+    label: Jackrabbit Admin User Password
+    min_length: 6
+- variable: installer-settings.jackrabbit.clusterMode
+  default: false
+  type: boolean
+  group: "Optional Services"
+  required: true
+  label: Enable Jackrabbit in Cluster Mode (HA)
+  show_if: "global.jackrabbit.enabled=true"
+  show_subquestion_if: true
+  description: "Requires postgres."
+  subquestions:
+  - variable: config.configmap.cnJackrabbitPostgresUser
+    default: "admin"
+    description: "Jackrabbit postgres user"
+    type: string
+    label: Jackrabbit postgres user
+    valid_chars: "^[a-z]+$"
+  - variable: jackrabbit.secrets.cnJackrabbitPostgresPassword
+    default: "admin"
+    description: "Jackrabbit postgres password"
+    type: password
+    label: Jackrabbit postgres password
+
+  - variable: config.configmap.cnJackrabbitPostgresDatabaseName
+    default: "jackrabbit"
+    description: "Jackrabbit postgres database name"
+    type: string
+    label: Jackrabbit postgres database name
+
+# ======================
+# Test environment group
+# ======================
+- variable: global.cloud.testEnviroment
+  default: false
+  type: boolean
+  group: "Test Environment"
+  required: true
+  label: Test environment
+  description: "Boolean flag if enabled will strip resources requests and limits from all services."
+
+# =================
+# Persistence group
+# =================
+- variable: global.cnPersistenceType
+  default: "sql"
+  required: true
+  type: enum
+  group: "Persistence"
+  label: Gluu Persistence backend
+  description: "Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner"
+  options:
+    - "ldap"
+    - "couchbase"
+    - "hybrid"
+    - "spanner"
+    - "sql"
+# LDAP
+- variable: global.opendj.enabled
+  default: false
+  type: boolean
+  group: "Persistence"
+  required: true
+  label: Enable installation of OpenDJ
+  description: "Boolean flag to enable/disable the OpenDJ  chart."
+  show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
+- variable: config.configmap.cnLdapUrl
+  default: "opendj:1636"
+  type: hostname
+  group: "Persistence"
+  required: true
+  label: OpenDJ remote URL
+  description: "OpenDJ remote URL. This must be resolvable by the pods"
+  show_if: "global.opendj.enabled=false&&global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
+- variable: config.configmap.cnPersistenceLdapMapping
+  default: "default"
+  required: false
+  type: enum
+  group: "Persistence"
+  label: Gluu Persistence LDAP mapping
+  description: "Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType`  is set to `hybrid`."
+  options:
+    - "default"
+    - "user"
+    - "site"
+    - "cache"
+    - "token"
+    - "session"
+  show_if: "global.cnPersistenceType=hybrid"
+# Multi cluster ldap replication
+- variable: opendj.multiCluster.enabled
+  default: false
+  type: boolean
+  group: "Persistence"
+  required: true
+  label: Enable OpenDJ multiCluster mode
+  description: "Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster`"
+  show_if: "global.opendj.enabled=true"
+  show_subquestion_if: true
+  subquestions:
+  - variable: opendj.multiCluster.serfAdvertiseAddrSuffix
+    default: "regional.gluu.org:30946s"
+    type: hostname
+    group: "Persistence"
+    required: true
+    description: "OpenDJ Serf advertise address suffix that will be added to each opendj replica. i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }}"
+    label: OpenDJ Serf advertise address suffix
+  - variable: opendj.multiCluster.replicaCount
+    default: 1
+    type: int
+    group: "Persistence"
+    required: true
+    description: "The number of opendj non scalable statefulsets to create. Each pod created must be resolvable as it follows the patterm RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} If set to 1, with a release name of gluu,  the address of the pod would be gluu-opendj-regional-0-regional.gluu.org"
+    label: The number of opendj non scalable statefulsets to create.
+  - variable: opendj.multiCluster.clusterId
+    default: "west"
+    type: string
+    group: "Persistence"
+    required: true
+    description: "This id needs to be unique to each kubernetes cluster in a multi cluster setup; west, east, south, north, region ...etc If left empty it will be randomly generated."
+    label: Unique kubernetes cluster id
+  - variable: opendj.multiCluster.serfPeers
+    default: "['gluu-opendj-regional-0-regional.gluu.org:30946', 'gluu-opendj-regional-0-regional.gluu.org:31946']"
+    type: string
+    group: "Persistence"
+    required: true
+    description: "Serf peer addresses. One per replica."
+    label: Serf peer addresses
+# SQL
+- variable: config.configmap.cnSqlDbDialect
+  default: "default"
+  required: false
+  type: enum
+  group: "Persistence"
+  label: Gluu SQL Database dialect
+  description: "SQL database dialect. `mysql` or `pgsql`. The former is still not supported yet!"
+  options:
+    - "mysql"
+    - "pgsql"
+  show_if: "global.cnPersistenceType=sql"
+- variable: config.configmap.cnSqlDbHost
+  default: "my-release-mysql.default.svc.cluster.local"
+  required: false
+  type: hostname
+  group: "Persistence"
+  label: SQL database host uri
+  description: "SQL database host uri"
+  show_if: "global.cnPersistenceType=sql"
+- variable: config.configmap.cnSqlDbPort
+  default: 3306
+  required: false
+  type: int
+  group: "Persistence"
+  label: SQL database port
+  description: "SQL database port"
+  show_if: "global.cnPersistenceType=sql"
+- variable: config.configmap.cnSqlDbUser
+  default: "gluu"
+  group: "Persistence"
+  description: "SQL database username"
+  type: string
+  label: SQL database username
+  valid_chars: "^[a-z]+$"
+  show_if: "global.cnPersistenceType=sql"
+- variable: config.configmap.cnSqldbUserPassword
+  default: "Test1234#"
+  group: "Persistence"
+  description: "SQL password"
+  type: password
+  label: SQL password
+
+  show_if: "global.cnPersistenceType=sql"
+- variable: config.configmap.cnSqlDbName
+  default: "gluu"
+  group: "Persistence"
+  description: "SQL database name"
+  type: string
+  label: SQL database name
+  show_if: "global.cnPersistenceType=sql"
+# Spanner
+- variable: config.configmap.cnGoogleSpannerInstanceId
+  default: ""
+  group: "Persistence"
+  description: "The google spanner instance ID"
+  type: string
+  label: Google Spanner Instance ID
+  show_if: "global.cnPersistenceType=spanner"
+- variable: config.configmap.cnGoogleSpannerDatabaseId
+  default: ""
+  group: "Persistence"
+  description: "The google spanner database ID"
+  type: string
+  label: Google Spanner Database ID
+  show_if: "global.cnPersistenceType=spanner"
+- variable: config.configmap.cnGoogleSecretManagerServiceAccount
+  default: ""
+  group: "Persistence"
+  description: "The service account with access roles/secretmanager.admin to use Google secret manager and/or roles/spanner.databaseUser to use Spanner."
+  type: multiline
+  label: Google Spanner Service Account json
+  show_if: "global.cnPersistenceType=spanner"
+- variable: config.configmap.cnGoogleProjectId
+  default: ""
+  group: "Persistence"
+  description: "The Google Project ID"
+  type: string
+  label: Google Project ID
+  show_if: "global.cnPersistenceType=spanner"
+#Couchbase
+- variable: config.configmap.cnCouchbaseCrt
+  default: ""
+  group: "Persistence"
+  description: "Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required."
+  type: multiline
+  label: Couchbase certificate authority string
+  show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
+- variable: config.configmap.cnCouchbaseUrl
+  default: "gluu.cbns.svc.cluster.local"
+  required: false
+  type: hostname
+  group: "Persistence"
+  label: Couchbase host uri
+  description: "Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster"
+  show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
+- variable: config.configmap.cnCouchbaseBucketPrefix
+  default: "gluu"
+  type: string
+  description: "The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu."
+  group: "Persistence"
+  required: true
+  label: The prefix of Couchbase buckets
+  show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
+- variable: config.configmap.cnCouchbaseIndexNumReplica
+  default: 0
+  type: int
+  description: "The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1."
+  group: "Persistence"
+  required: true
+  label: The number of replicas per index created
+  show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
+- variable: config.configmap.cnCouchbaseSuperUser
+  default: "admin"
+  group: "Persistence"
+  description: "he Couchbase super user (admin) user name. This user is used during initialization only."
+  type: string
+  label: The Couchbase super user (admin) user name.
+  valid_chars: "^[a-z]+$"
+  show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
+- variable: config.configmap.cnCouchbaseSuperUserPassword
+  default: "Test1234#"
+  group: "Persistence"
+  description: "Couchbase password for the super user config.configmap.cnCouchbaseSuperUser  that is used during the initialization and upgrade process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol"
+  type: password
+  label: Couchbase password for the super users
+
+  show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
+- variable: config.configmap.cnCouchbaseUser
+  default: "gluu"
+  group: "Persistence"
+  description: "Couchbase restricted user, used in Gluu operations with Couchbase. Used only when global.cnPersistenceType is hybrid or couchbase."
+  type: string
+  label: Couchbase restricted username
+  valid_chars: "^[a-z]+$"
+  show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
+- variable: config.configmap.cnCouchbasePassword
+  default: "Test1234#"
+  group: "Persistence"
+  description: "Couchbase password for the restricted user config.configmap.cnCouchbaseUser  that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ."
+  type: password
+  label: Couchbase password for the restricted user
+  show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
+
+# ==============================
+#  StorageClass and volume group
+# ==============================
+- variable: global.storageClass.provisioner
+  default: "microk8s.io/hostpath"
+  type: string
+  group: "Volumes"
+  required: true
+  label: StorageClass provisioner
+  show_if: "global.cnPersistenceType=ldap||global.jackrabbit.enabled=true"
+  subquestions:
+  - variable: global.storageClass.allowVolumeExpansion
+    default: true
+    type: boolean
+    group: "Volumes"
+    required: true
+    label: StorageClass Volume expansion
+  - variable: global.storageClass.reclaimPolicy
+    default: "Retain"
+    type: enum
+    group: "Volumes"
+    required: true
+    label: StorageClass reclaimPolicy
+    options:
+      - "Delete"
+      - "Retain"
+  - variable: global.storageClass.volumeBindingMode
+    default: "WaitForFirstConsumer"
+    type: enum
+    group: "Volumes"
+    required: true
+    options:
+      - "WaitForFirstConsumer"
+      - "Immediate"
+    label: StorageClass volumeBindingMode
+
+# ===========
+# Cache group
+# ===========
+- variable: config.configmap.cnCacheType
+  default: "NATIVE_PERSISTENCE"
+  required: true
+  type: enum
+  group: "Cache"
+  label: Gluu Cache
+  description: "Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` ."
+  options:
+    - "NATIVE_PERSISTENCE"
+    - "IN_MEMORY"
+    - "REDIS"
+  show_subquestion_if: "REDIS"
+  subquestions:
+  - variable: config.configmap.cnRedisType
+    default: "STANDALONE"
+    type: enum
+    group: "Cache"
+    required: false
+    label: Redix service type
+    description: "Redis service type. `STANDALONE` or `CLUSTER`. Can be used when  `config.configmap.cnCacheType` is set to `REDIS`."
+    options:
+      - "STANDALONE"
+      - "CLUSTER"
+  - variable: config.redisPassword
+    default: "Test1234#"
+    type: password
+    group: "Cache"
+    required: false
+    label: Redis admin password
+    description: "Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`."
+
+  - variable: config.configmap.cnRedisUrl
+    default: "redis.redis.svc.cluster.local:6379"
+    required: false
+    type: hostname
+    group: "Cache"
+    label: Redis URL
+    description: "Redis URL and port number <url>:<port>. Can be used when  `config.configmap.cnCacheType` is set to `REDIS`."
+
+# ==================
+# Configuration group
+# ==================
+- variable: global.fqdn
+  default: "demoexample.gluu.org"
+  required: true
+  type: hostname
+  group: "Configuration"
+  label: Gluu Installation FQDN
+  description: "Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services."
+- variable: global.countryCode
+  default: "US"
+  required: true
+  type: string
+  group: "Configuration"
+  label: Country code
+  description: "Country code. Used for certificate creation."
+- variable: config.state
+  default: "TX"
+  required: true
+  type: string
+  group: "Configuration"
+  label: State code
+  description: "State code. Used for certificate creation."
+- variable: config.city
+  default: "Austin"
+  required: true
+  type: string
+  group: "Configuration"
+  label: City
+  description: "City. Used for certificate creation."
+- variable: config.email
+  default: "support@gluu.org"
+  required: true
+  type: string
+  group: "Configuration"
+  label: Email
+  description: "Email address of the administrator usually. Used for certificate creation."
+- variable: config.orgName
+  default: "Gluu"
+  required: true
+  type: string
+  group: "Configuration"
+  label: Organization
+  description: "Organization name. Used for certificate creation."
+- variable: config.adminPassword
+  default: "Test1234#"
+  type: password
+  group: "Configuration"
+  required: true
+  label: Admin UI password
+  description: "Admin password to log in to the UI."
+
+- variable: config.ldapPassword
+  default: "Test1234#"
+  type: password
+  group: "Configuration"
+  required: true
+  label: LDAP password
+  description: "LDAP admin password if OpenDJ is used for persistence"
+  show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
+
+- variable: global.isFqdnRegistered
+  default: true
+  required: true
+  type: boolean
+  group: "Configuration"
+  label: Is the FQDN globally resolvable
+  description: "Boolean flag to enable mapping global.lbIp  to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically."
+- variable: config.migration.enabled
+  default: false
+  required: true
+  type: boolean
+  group: "Configuration"
+  label: Migration from Gluu CE
+  description: "Boolean flag to enable migration from CE"
+  show_subquestion_if: true
+  subquestions:
+  - variable: config.migration.migrationDataFormat
+    default: "ldif"
+    type: enum
+    group: "Configuration"
+    required: false
+    label: Migration data-format
+    description: "Migration data-format depending on persistence backend."
+    options:
+      - "ldif"
+      - "couchbase+json"
+      - "spanner+avro"
+      - "postgresql+json"
+      - "mysql+json"
+  - variable: config.migration.migrationDir
+    default: "/ce-migration"
+    required: false
+    type: string
+    group: "Configuration"
+    label: Migration Directory
+    description: "Directory holding all migration files"
+
+# ===========================
+# Ingress group(Istio, NGINX)
+# ===========================
+
+# ===========
+# Istio group
+# ===========
+- variable: global.istio.enabled
+  default: false
+  type: boolean
+  group: "Istio"
+  required: true
+  description: "Boolean flag that enables using istio side cars with Gluu services."
+  label: Use Istio side cars
+  show_subquestion_if: true
+  subquestions:
+  - variable: global.istio.ingress
+    default: false
+    type: boolean
+    group: "Istio"
+    required: true
+    description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available."
+    label: Use Istio Ingress
+  - variable: global.istio.namespace
+    default: "istio-system"
+    type: string
+    group: "Istio"
+    required: true
+    description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available."
+    label: Istio namespace
+  - variable: config.configmap.lbAddr
+    default: ""
+    group: "Istio"
+    description: "Istio loadbalancer address (eks) or ip (gke, aks, digital ocean, local)"
+    type: hostname
+    label: LB address or ip
+
+# ===========
+# NGINX group
+# ===========
+- variable: config.configmap.lbAddr
+  default: ""
+  group: "NGINX"
+  show_if: "global.istio.ingress=false&&global.isFqdnRegistered=false"
+  description: "loadbalancer address (eks) or ip (gke, aks, digital ocean, local)"
+  type: hostname
+  label: LB address or ip
+- variable: nginx-ingress.ingress.adminUiEnabled
+  default: false
+  type: boolean
+  group: "NGINX"
+  required: false
+  show_if: "global.istio.ingress=false"
+  description: "Enable Admin UI endpoints. COMING SOON."
+  label: Enable Admin UI endpoints
+  subquestions:
+  - variable: nginx-ingress.ingress.openidConfigEnabled
+    default: true
+    type: boolean
+    group: "NGINX"
+    required: true
+    description: "Enable endpoint /.well-known/openid-configuration"
+    label: Enable endpoint /.well-known/openid-configuration
+  - variable: nginx-ingress.ingress.uma2ConfigEnabled
+    default: true
+    type: boolean
+    group: "NGINX"
+    required: true
+    description: "Enable endpoint /.well-known/uma2-configuration"
+    label: Enable endpoint /.well-known/uma2-configuration
+  - variable: nginx-ingress.ingress.webfingerEnabled
+    default: true
+    type: boolean
+    group: "NGINX"
+    required: true
+    description: "Enable endpoint /.well-known/webfinger"
+    label: Enable endpoint /.well-known/webfinger
+  - variable: nginx-ingress.ingress.webdiscoveryEnabled
+    default: true
+    type: boolean
+    group: "NGINX"
+    required: true
+    description: "Enable endpoint /.well-known/simple-web-discovery"
+    label: Enable endpoint /.well-known/simple-web-discovery
+  - variable: nginx-ingress.ingress.configApiEnabled
+    default: true
+    type: boolean
+    group: "NGINX"
+    required: true
+    description: "Enable config API endpoints /jans-config-api"
+    label: Enable config API endpoints /jans-config-api
+  - variable: nginx-ingress.ingress.u2fConfigEnabled
+    default: true
+    type: boolean
+    group: "NGINX"
+    required: true
+    description: "Enable endpoint /.well-known/fido-configuration"
+    label: Enable endpoint /.well-known/fido-configuration
+  - variable: nginx-ingress.ingress.authServerEnabled
+    default: true
+    type: boolean
+    group: "NGINX"
+    required: true
+    description: "Enable Auth server endpoints /jans-auth"
+    label: Enable Auth server endpoints /jans-auth
+- variable: nginx-ingress.ingress.fido2ConfigEnabled
+  default: false
+  type: boolean
+  group: "NGINX"
+  show_if: "global.distribution=default&&global.istio.ingress=false"
+  required: true
+  description: "Enable endpoint /.well-known/fido2-configuration"
+  label: Enable endpoint /.well-known/fido2-configuration
+- variable: nginx-ingress.ingress.authServerProtectedToken
+  default: true
+  type: boolean
+  group: "NGINX"
+  show_if: "global.distribution=openbanking&&global.istio.ingress=false"
+  required: true
+  description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/token"
+  label: Enable mTLS on Auth server endpoint /jans-auth/restv1/token
+- variable: nginx-ingress.ingress.authServerProtectedRegister
+  default: true
+  type: boolean
+  group: "NGINX"
+  show_if: "global.distribution=openbanking&&global.istio.ingress=false"
+  required: true
+  description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/register"
+  label: Enable mTLS onn Auth server endpoint /jans-auth/restv1/register
+- variable: nginx-ingress.ingress.scimConfigEnabled
+  default: false
+  type: boolean
+  group: "NGINX"
+  show_if: "global.distribution=default&&global.istio.ingress=false"
+  required: true
+  description: "Enable endpoint /.well-known/scim-configuration"
+  label: Enable endpoint /.well-known/scim-configuration
+- variable: nginx-ingress.ingress.scimEnabled
+  default: false
+  type: boolean
+  group: "NGINX"
+  show_if: "global.distribution=default&&global.istio.ingress=false"
+  required: true
+  description: "Enable SCIM endpoints /jans-scim"
+  label: Enable SCIM endpoints /jans-scim
+
+# ============
+# Images group
+# ============
+# AuthServer
+- variable: auth-server.image.repository
+  required: true
+  type: string
+  default: "janssenproject/auth-server"
+  description: "The Auth Server Image repository"
+  label: Auth Server image repo
+  group: "Images"
+  show_if: "global.auth-server.enabled=true"
+- variable: auth-server.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The Auth Server Image pull policy"
+  label: Auth Server imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.auth-server.enabled=true"
+- variable: auth-server.image.tag
+  required: true
+  type: string
+  default: "1.0.0-beta.13"
+  description: "The Auth Server Image tag"
+  label: Auth Server image tag
+  group: "Images"
+  show_if: "global.auth-server.enabled=true"
+# AuthServer KeyRotation
+- variable: auth-server-key-rotation.image.repository
+  required: true
+  type: string
+  default: "janssenproject/certmanager"
+  description: "The Auth Server KeyRotation Image repository"
+  label: Auth Server KeyRotation image repo
+  group: "Images"
+  show_if: "global.auth-server-key-rotation.enabled=true"
+- variable: auth-server-key-rotation.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The Auth Server KeyRotation Image pull policy"
+  label: Auth Server KeyRotation imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.auth-server-key-rotation.enabled=true"
+- variable: auth-server-key-rotation.image.tag
+  required: true
+  type: string
+  default: "1.0.0-beta.13"
+  description: "The Auth Server Image tag"
+  label: Auth Server KeyRotation image tag
+  group: "Images"
+  show_if: "global.auth-server-key-rotation.enabled=true"
+# ClientAPI
+- variable: client-api.image.repository
+  required: true
+  type: string
+  default: "janssenproject/client-api"
+  description: "The ClientAPI Image repository"
+  label: ClientAPI image repo
+  group: "Images"
+  show_if: "global.client-api.enabled=true"
+- variable: client-api.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The ClientAPI Image pull policy"
+  label: ClientAPI imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.client-api.enabled=true"
+- variable: client-api.image.tag
+  required: true
+  type: string
+  default: "1.0.0-beta.13"
+  description: "The ClientAPI Image tag"
+  label: ClientAPI image tag
+  group: "Images"
+  show_if: "global.client-api.enabled=true"
+# Configurator
+- variable: config.image.repository
+  required: true
+  type: string
+  default: "janssenproject/configurator"
+  description: "The Configurator Image repository"
+  label: Configurator image repo
+  group: "Images"
+  show_if: "global.config.enabled=true"
+- variable: config.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The Configurator Image pull policy"
+  label: Configurator imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.config.enabled=true"
+- variable: config.image.tag
+  required: true
+  type: string
+  default: "1.0.0-beta.13"
+  description: "The Configurator Image tag"
+  label: Configurator image tag
+  group: "Images"
+  show_if: "global.config.enabled=true"
+# ConfigAPI
+- variable: config-api.image.repository
+  required: true
+  type: string
+  default: "janssenproject/config-api"
+  description: "The ConfigAPI Image repository"
+  label: ConfigAPI image repo
+  group: "Images"
+  show_if: "global.config-api.enabled=true"
+- variable: config-api.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The ConfigAPI Image pull policy"
+  label: ConfigAPI imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.config-api.enabled=true"
+- variable: config-api.image.tag
+  required: true
+  type: string
+  default: "1.0.0-beta.13"
+  description: "The ConfigAPI Image tag"
+  label: ConfigAPI image tag
+  group: "Images"
+  show_if: "global.config-api.enabled=true"
+# Fido2
+- variable: fido2.image.repository
+  required: true
+  type: string
+  default: "janssenproject/fido2"
+  description: "The Fido2 Image repository"
+  label: Fido2 image repo
+  group: "Images"
+  show_if: "global.fido2.enabled=true"
+- variable: fido2.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The Fido2 Image pull policy"
+  label: Fido2 imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.fido2.enabled=true"
+- variable: fido2.image.tag
+  required: true
+  type: string
+  default: "1.0.0-beta.13"
+  description: "The Fido2 Image tag"
+  label: Fido2 image tag
+  group: "Images"
+  show_if: "global.fido2.enabled=true"
+# Jackrabbit
+- variable: jackrabbit.image.repository
+  required: true
+  type: string
+  default: "janssenproject/jackrabbit"
+  description: "The Jackrabbit Image repository"
+  label: Jackrabbit image repo
+  group: "Images"
+  show_if: "global.jackrabbit.enabled=true"
+- variable: jackrabbit.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The Jackrabbit Image pull policy"
+  label: Jackrabbit imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.jackrabbit.enabled=true"
+- variable: jackrabbit.image.tag
+  required: true
+  type: string
+  default: "1.0.0-beta.13"
+  description: "The Jackrabbit Image tag"
+  label: Jackrabbit image tag
+  group: "Images"
+  show_if: "global.jackrabbit.enabled=true"
+# OpenDJ
+- variable: opendj.image.repository
+  required: true
+  type: string
+  default: "gluufederation/opendj"
+  description: "The OpenDJ Image repository"
+  label: OpenDJ image repo
+  group: "Images"
+  show_if: "global.opendj.enabled=true"
+- variable: opendj.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The OpenDJ Image pull policy"
+  label: OpenDJ imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.opendj.enabled=true"
+- variable: opendj.image.tag
+  required: true
+  type: string
+  default: "5.0.0_dev"
+  description: "The OpenDJ Image tag"
+  label: OpenDJ image tag
+  group: "Images"
+  show_if: "global.opendj.enabled=true"
+# Persistence
+- variable: persistence.image.repository
+  required: true
+  type: string
+  default: "janssenproject/persistence-loader"
+  description: "The Persistence Image repository"
+  label: Persistence image repo
+  group: "Images"
+  show_if: "global.persistence.enabled=true"
+- variable: persistence.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The Persistence Image pull policy"
+  label: Persistence imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.persistence.enabled=true"
+- variable: persistence.image.tag
+  required: true
+  type: string
+  default: "1.0.0-beta.13"
+  description: "The Persistence Image tag"
+  label: Persistence image tag
+  group: "Images"
+  show_if: "global.persistence.enabled=true"
+# SCIM
+- variable: scim.image.repository
+  required: true
+  type: string
+  default: "janssenproject/scim"
+  description: "The SCIM Image repository"
+  label: SCIM image repo
+  group: "Images"
+  show_if: "global.scim.enabled=true"
+- variable: scim.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The SCIM Image pull policy"
+  label: SCIM imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.scim.enabled=true"
+- variable: scim.image.tag
+  required: true
+  type: string
+  default: "1.0.0-beta.13"
+  description: "The SCIM Image tag"
+  label: SCIM image tag
+  group: "Images"
+  show_if: "global.scim.enabled=true"
+
+# ==============
+# Replicas group
+# ==============
+# AuthServer
+- variable: auth-server.replicas
+  default: 1
+  required: false
+  type: int
+  group: "Replicas"
+  label: Auth-server Replicas
+  description: "Service replica number."
+  show_if: "global.auth-server.enabled=true"
+# ClientAPI
+- variable: client-api.replicas
+  default: 1
+  required: false
+  type: int
+  group: "Replicas"
+  label: ClientAPI Replicas
+  description: "Service replica number."
+  show_if: "global.client-api.enabled=true"
+# ConfigAPI
+- variable: config-api.replicas
+  default: 1
+  required: false
+  type: int
+  group: "Replicas"
+  label: ConfigAPI Replicas
+  description: "Service replica number."
+  show_if: "global.config-api.enabled=true"
+# ConfigAPI
+- variable: config-api.replicas
+  default: 1
+  required: false
+  type: int
+  group: "Replicas"
+  label: ConfigAPI Replicas
+  description: "Service replica number."
+  show_if: "global.config-api.enabled=true"
+# Fido2
+- variable: fido2.replicas
+  default: 1
+  required: false
+  type: int
+  group: "Replicas"
+  label: Fido2 Replicas
+  description: "Service replica number."
+  show_if: "global.fido2.enabled=true"
+# Jackrabbit
+- variable: jackrabbit.replicas
+  default: 1
+  required: false
+  type: int
+  group: "Replicas"
+  label: Jackrabbit Replicas
+  description: "Service replica number."
+  show_if: "global.jackrabbit.enabled=true"
+# OpenDJ
+- variable: opendj.replicas
+  default: 1
+  required: false
+  type: int
+  group: "Replicas"
+  label: OpenDJ Replicas
+  description: "Service replica number."
+  show_if: "global.opendj.enabled=true&&opendj.multiCluster.enabled=false"
+# SCIM
+- variable: scim.replicas
+  default: 1
+  required: false
+  type: int
+  group: "Replicas"
+  label: SCIM Replicas
+  description: "Service replica number."
+  show_if: "global.scim.enabled=true"
+

From a15145b50d60d6a7677e8f944f1cf5212fecfc19 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 15:43:26 +0000
Subject: [PATCH 054/101] ci: add rancher partner chart job

---
 .github/workflows/post-to-rancher-partner-charts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index 6bd27dc61..c2dd0a54b 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   publish:
     name: Publish on rancher partner charts
-    runs-on: ubuntu-latest we
+    runs-on: ubuntu-latest
     steps:
     - name: Checkout code
       uses: actions/checkout@master

From f4580c926a75f8370c892d8c877ab77545507737 Mon Sep 17 00:00:00 2001
From: mo-auto <54212639+mo-auto@users.noreply.github.com>
Date: Tue, 15 Mar 2022 15:47:37 +0000
Subject: [PATCH 055/101] chore(main): release admin-ui 1.0.0 (#34)

---
 admin-ui/CHANGELOG.md | 63 +++++++++++++++++++++++++++++++++++++++++++
 admin-ui/package.json |  2 +-
 2 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 admin-ui/CHANGELOG.md

diff --git a/admin-ui/CHANGELOG.md b/admin-ui/CHANGELOG.md
new file mode 100644
index 000000000..1ec7e6105
--- /dev/null
+++ b/admin-ui/CHANGELOG.md
@@ -0,0 +1,63 @@
+# Changelog
+
+## 1.0.0 (2022-03-15)
+
+
+### Features
+
+* add message under the textinput field ([c8937ec](https://github.com/GluuFederation/flex/commit/c8937ecc92d59c97ec9a8ba5a874ed04e52b22c9))
+* admin UI - Option to specify a python file containing a custom script [#110](https://github.com/GluuFederation/flex/issues/110) ([f33fa7a](https://github.com/GluuFederation/flex/commit/f33fa7a9914ca57b2adc1643700f37cf8e8628cf))
+* admin UI - Option to specify a python file containing a custom script [#110](https://github.com/GluuFederation/flex/issues/110) ([53106c3](https://github.com/GluuFederation/flex/commit/53106c33e5193839e4e3f3b92f4e286863c1c492))
+* admin UI - Option to specify a python file containing a custom script [#110](https://github.com/GluuFederation/flex/issues/110) ([2bd248f](https://github.com/GluuFederation/flex/commit/2bd248f60296c954a38216a9d59d47dadac362ff))
+* **admin-ui:** fix issues with material list [#43](https://github.com/GluuFederation/flex/issues/43) ([0a98d9e](https://github.com/GluuFederation/flex/commit/0a98d9e795f97722a1f2d6478fc61e2f611424c8))
+* **admin-ui:** fix issues with material list [#43](https://github.com/GluuFederation/flex/issues/43) ([87eb557](https://github.com/GluuFederation/flex/commit/87eb5571ff618f7018751429f5ee8f79b4315e37))
+* **admin-ui:** fix maximum actives users page [#2](https://github.com/GluuFederation/flex/issues/2) ([ad157e3](https://github.com/GluuFederation/flex/commit/ad157e3efccf43d83324bcbbd271db7a714fc0ae))
+* **admin-ui:** show active users page on dashboard [#43](https://github.com/GluuFederation/flex/issues/43) ([8bffd11](https://github.com/GluuFederation/flex/commit/8bffd11d206d8ce055bc1d04a8a88655cebc3af6))
+* **admin-ui:** show active users page on dashboard [#43](https://github.com/GluuFederation/flex/issues/43) ([bfe2870](https://github.com/GluuFederation/flex/commit/bfe2870b932f09a89eb08130be99386b74c9be44))
+* **admin-ui:** show active users page on dashboard [#43](https://github.com/GluuFederation/flex/issues/43) ([003a2af](https://github.com/GluuFederation/flex/commit/003a2af72017fbc3ee0fe43a1c14c432a9678f05))
+* **admin-ui:** show active users page on dashboard [#43](https://github.com/GluuFederation/flex/issues/43) ([ae8b1e1](https://github.com/GluuFederation/flex/commit/ae8b1e1eeec14978af864db1d27ca0965c4cbdd4))
+* **admin-ui:** unable to add description of an existing permission in config-api [#66](https://github.com/GluuFederation/flex/issues/66) ([806f4fe](https://github.com/GluuFederation/flex/commit/806f4fe87a9bf28eee4d643f81180c743172f423))
+* centre aligned x ([5299b5a](https://github.com/GluuFederation/flex/commit/5299b5a43bb7316b1c54d4528b608d235f0c0740))
+* change collapse option location ([62ab2fa](https://github.com/GluuFederation/flex/commit/62ab2fa0db473bad52888bb7a062f1aba801ca50))
+* change in keys page [#117](https://github.com/GluuFederation/flex/issues/117) ([4ae82f1](https://github.com/GluuFederation/flex/commit/4ae82f1b279d6c04ff7b083088a2072a947646ad))
+* change in keys page [#117](https://github.com/GluuFederation/flex/issues/117) ([6ef2460](https://github.com/GluuFederation/flex/commit/6ef2460a6c8ddbe359639ea50302de6cbef46cac))
+* edit role permission mapping ([b905d11](https://github.com/GluuFederation/flex/commit/b905d11df7c06d9d0db2964bd80b9795e50ccde5))
+* implement deletable option ([4b5b3ab](https://github.com/GluuFederation/flex/commit/4b5b3ab30f45607faf3d00495bf64b97cfe55589))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([b5c86bf](https://github.com/GluuFederation/flex/commit/b5c86bf1bd0df97a5a86300a0e8d5be890b54cbc))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([76a19d2](https://github.com/GluuFederation/flex/commit/76a19d2b44fd5024f5de699a20232f66779d4c2b))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([75d0138](https://github.com/GluuFederation/flex/commit/75d013879cc4d5d9b95e6fbdbb57dc1b591cb1bb))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([94ea401](https://github.com/GluuFederation/flex/commit/94ea401c5b17f394a947a9ca668494d2b110123b))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([ae455c5](https://github.com/GluuFederation/flex/commit/ae455c5940fad46ddb80617aa2716d9de80c9023))
+* put MAU under admin ([bed0fa5](https://github.com/GluuFederation/flex/commit/bed0fa556ae8f4a910d86ade0435c81c96e314ce))
+* relocating burger menu button ([9f8008b](https://github.com/GluuFederation/flex/commit/9f8008b6d05e5b387795044a8d4cd06026b5b606))
+* upgrade i18next from 19.9.2 to 21.6.10 ([f077d69](https://github.com/GluuFederation/flex/commit/f077d69b4c8786b89ecf984b88a4b064010a05bc))
+* upgrade react-toastify from 5.5.0 to 8.1.0 ([cf0d35f](https://github.com/GluuFederation/flex/commit/cf0d35f548232c7d65c86a44a5d8104860e20490))
+
+
+### Bug Fixes
+
+* add mapping ([4b85cb8](https://github.com/GluuFederation/flex/commit/4b85cb8e221e1f72cd7abd37085edad7512b8add))
+* added delete functionality ([5cd1a66](https://github.com/GluuFederation/flex/commit/5cd1a663259f1d121a8971a0c595d5713df475b1))
+* **admin-ui:** add openid connect clients count to the dashbaord [#43](https://github.com/GluuFederation/flex/issues/43) ([18fa51e](https://github.com/GluuFederation/flex/commit/18fa51e6095f5c6415c20dad0ca2f96f7477ebe2))
+* change jans-config-api-swagger.yaml path in package.json [#59](https://github.com/GluuFederation/flex/issues/59) ([0c39429](https://github.com/GluuFederation/flex/commit/0c39429cc33197e13ccafc5c9d58d654f784c5b9))
+* claims dropdown is not populated in Add/Edit scopes page [#140](https://github.com/GluuFederation/flex/issues/140) ([f42ab3b](https://github.com/GluuFederation/flex/commit/f42ab3b82da7f30c7dc4575f958a200c6b03a5a7))
+* code issue ([39badec](https://github.com/GluuFederation/flex/commit/39badec6be1a0533db4a3308adbed31859115dd5))
+* create oidc client not working [#129](https://github.com/GluuFederation/flex/issues/129) ([b65076c](https://github.com/GluuFederation/flex/commit/b65076c20fc465c8c89c68e6115dad9b42121739))
+* create oidc client not working [#129](https://github.com/GluuFederation/flex/issues/129) ([75abeb4](https://github.com/GluuFederation/flex/commit/75abeb491d22bbeeec278b081564fd485e3d8457))
+* delete icon hanged with bordered icon ([7b01899](https://github.com/GluuFederation/flex/commit/7b01899b169ba4baf780a23783aab1ffc80dc5cf))
+* details show for access role ([b14d288](https://github.com/GluuFederation/flex/commit/b14d288330c2c96c045c07f2df83791b032751c7))
+* minor change ([db13fd3](https://github.com/GluuFederation/flex/commit/db13fd3ba83ac41ebbaecbe6dd699460a7aea08b))
+* permissions details not showing ([85344bf](https://github.com/GluuFederation/flex/commit/85344bfc36bca9b034cdc2ea177423300c9c01a5))
+* recheck code ([670984e](https://github.com/GluuFederation/flex/commit/670984e5e70ee644e4976cc8ce8c8206dce008ef))
+* redefine dates logic ([fc882ec](https://github.com/GluuFederation/flex/commit/fc882ecb1ef90790a7c0f71c80f6395b03314ad3))
+* remove bar graph ([7e5a729](https://github.com/GluuFederation/flex/commit/7e5a729b9b70e2ba128afa5ecb04e5c94ce7aa08))
+* remove console logs ([a983227](https://github.com/GluuFederation/flex/commit/a983227399c1f27a88cb00626f5420007810c2d5))
+* remove empty space created for response_type param in authz url created by admin ui [#55](https://github.com/GluuFederation/flex/issues/55) ([85f2ca5](https://github.com/GluuFederation/flex/commit/85f2ca5d9aae5e9daf0384aefd274c2811c3f1fa))
+* search pallets ([d22b09a](https://github.com/GluuFederation/flex/commit/d22b09afa234b657cc519ad37e0101f66915f61d))
+* show buttons ([45bf399](https://github.com/GluuFederation/flex/commit/45bf3997daa0dc3b8a47d8cea9d26223e91747eb))
+* some icons are not visible on admin-ui [#32](https://github.com/GluuFederation/flex/issues/32) ([93c5d12](https://github.com/GluuFederation/flex/commit/93c5d12008d28238edd6366d4cedfa03264cac09))
+* start const fix ([009aeb4](https://github.com/GluuFederation/flex/commit/009aeb4635e2fe7a9c66a8da09555312717e26f0))
+* typo fix ([957bdbb](https://github.com/GluuFederation/flex/commit/957bdbbd8e4fc7d1dc0cb69c93f8e5adccb013dc))
+* use authoriztion_url for authz request [#47](https://github.com/GluuFederation/flex/issues/47) ([40b703c](https://github.com/GluuFederation/flex/commit/40b703cc6b9ac44c66c8a8608bdc5364af79deeb))
+* use authoriztion_url for authz request [#47](https://github.com/GluuFederation/flex/issues/47) ([8d794d5](https://github.com/GluuFederation/flex/commit/8d794d56924ecff7277baac83788401df44ea775))
+* we need to refresh the custom scripts list page to see the added/edited entries [#137](https://github.com/GluuFederation/flex/issues/137) ([6ff9d2b](https://github.com/GluuFederation/flex/commit/6ff9d2b33306c0eae4db6e46d708d4fece2e12cc))
diff --git a/admin-ui/package.json b/admin-ui/package.json
index 1cc2eadbb..4604bd9c4 100644
--- a/admin-ui/package.json
+++ b/admin-ui/package.json
@@ -1,6 +1,6 @@
 {
   "name": "gluu-admin-ui",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "description": "UI to administer the jans-sever features",
   "keywords": [
     "jans-server",

From 152eab4f42d9decb120f1fde1fe20e8e2b18c0d6 Mon Sep 17 00:00:00 2001
From: mo-auto <54212639+mo-auto@users.noreply.github.com>
Date: Tue, 15 Mar 2022 15:47:56 +0000
Subject: [PATCH 056/101] chore(main): release flex-linux-setup 0.1.0 (#31)

---
 flex-linux-setup/CHANGELOG.md                | 52 ++++++++++++++++++++
 flex-linux-setup/flex_linux_setup/version.py |  2 +-
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 flex-linux-setup/CHANGELOG.md

diff --git a/flex-linux-setup/CHANGELOG.md b/flex-linux-setup/CHANGELOG.md
new file mode 100644
index 000000000..94155939f
--- /dev/null
+++ b/flex-linux-setup/CHANGELOG.md
@@ -0,0 +1,52 @@
+# Changelog
+
+## 0.1.0 (2022-03-15)
+
+
+### Features
+
+* add acrValues property in admin-ui configuration. [#1016](https://github.com/GluuFederation/flex/issues/1016) ([328c92e](https://github.com/GluuFederation/flex/commit/328c92e1ad62fde56def027711bc6e6c86926d4b))
+* add acrValues property in admin-ui configuration. [#1016](https://github.com/GluuFederation/flex/issues/1016) ([328c92e](https://github.com/GluuFederation/flex/commit/328c92e1ad62fde56def027711bc6e6c86926d4b))
+* add acrValues property in admin-ui configuration. [#1016](https://github.com/GluuFederation/flex/issues/1016) ([ac8b572](https://github.com/GluuFederation/flex/commit/ac8b572596e9b2d662fb0e024180c9d940751d63))
+* add main() function ([01f118c](https://github.com/GluuFederation/flex/commit/01f118c5bf3a63867b384883606f9a2410a3cc0f))
+* flex linux setup casa fix ([72903cd](https://github.com/GluuFederation/flex/commit/72903cd15ad3185f5eca48a5672d9d2a30b42ca7))
+* flex linux setup casa fix ([72903cd](https://github.com/GluuFederation/flex/commit/72903cd15ad3185f5eca48a5672d9d2a30b42ca7))
+* flex-linux-setup ([dac8b70](https://github.com/GluuFederation/flex/commit/dac8b705ecb723cc77c43339dd3ebed00cfafa8a))
+* flex-linux-setup add casa install ([0ff917f](https://github.com/GluuFederation/flex/commit/0ff917f82ced8bea57312c7a8e8565d192561d9b))
+* flex-linux-setup argparse pkg issue ([d235ef4](https://github.com/GluuFederation/flex/commit/d235ef4410d7481e284c757016abf82bf135fb8a))
+* flex-linux-setup package ([05d51ae](https://github.com/GluuFederation/flex/commit/05d51ae46b99a668996b3a0f0f6c3c4443cfaf1a))
+* flex-linux-setup self installer ([d05061f](https://github.com/GluuFederation/flex/commit/d05061f1fd99ace2c6d3962722d484cfc71a7139))
+* flex-linux-setup typo ([9523c8a](https://github.com/GluuFederation/flex/commit/9523c8a3878b8b51174e34fbd09e001761fb3a43))
+
+
+### Bug Fixes
+
+* flex-linux-setup able to use existing jans-setup to be used as standalone script ([3ce3b58](https://github.com/GluuFederation/flex/commit/3ce3b58f8d3ac817c07f96d4bb99bb4ae0336d2a))
+* flex-linux-setup able to use existing jans-setup to be used as standalone script ([3ce3b58](https://github.com/GluuFederation/flex/commit/3ce3b58f8d3ac817c07f96d4bb99bb4ae0336d2a))
+* flex-linux-setup able to use existing jans-setup to be used as standalone script ([1d1e979](https://github.com/GluuFederation/flex/commit/1d1e97997e2f24691975179c7d7fa81cbe50f16c))
+* flex-linux-setup auiConfiguration.properties link ([dc2418e](https://github.com/GluuFederation/flex/commit/dc2418e3bee478b4eca0cb8b66087ceb86813ca3))
+* flex-linux-setup casa installation fixes ([4c1fa73](https://github.com/GluuFederation/flex/commit/4c1fa73140e55cd00e91f98ad7d484b41ffa6820))
+* flex-linux-setup casa jansPostLogoutRedirectURI ([bdcfdb7](https://github.com/GluuFederation/flex/commit/bdcfdb74c3b7bada0ccec76a984b520da614ef20))
+* flex-linux-setup casa python lib dir ([1e4752b](https://github.com/GluuFederation/flex/commit/1e4752b1d8c796e4402c2aef93cf006345d036ed))
+* flex-linux-setup change admin-ui-plugin name ([7fb45c5](https://github.com/GluuFederation/flex/commit/7fb45c5107e0585b47a95cfbc539b86caf52d4fb))
+* flex-linux-setup download links ([22cf221](https://github.com/GluuFederation/flex/commit/22cf221b344801f8efec3f239d09aabda6fa3d6e))
+* flex-linux-setup enable Casa Person Auth script ([589f8a8](https://github.com/GluuFederation/flex/commit/589f8a8a77f6a8baa6f909ac26107e4120c4f38b))
+* flex-linux-setup get py_lib_dir from Config ([1f2015b](https://github.com/GluuFederation/flex/commit/1f2015bf78bb26ffb73ef026bca96496ab9c7d70))
+* flex-linux-setup import package ([d97258a](https://github.com/GluuFederation/flex/commit/d97258a6ebc74171359c8449cd6f936bd5c9cae1))
+* flex-linux-setup more verbosity ([44abfb2](https://github.com/GluuFederation/flex/commit/44abfb2f85715f1a78453ca900e4799c484c9ffb))
+* flex-linux-setup move version to version.py ([61ecb19](https://github.com/GluuFederation/flex/commit/61ecb197de425571f15a90d17522eb1c80a7182f))
+* flex-linux-setup parser ([83d280e](https://github.com/GluuFederation/flex/commit/83d280e731197f732936d39d97de5d80f769de26))
+* flex-linux-setup pass -yes to install.py ([116b791](https://github.com/GluuFederation/flex/commit/116b791b80544ac9fe9fd4266f662b18397bea19))
+* flex-linux-setup restart jans-auth after casa ([32b4f56](https://github.com/GluuFederation/flex/commit/32b4f561f1474b1e4fdd5fddb58b3fd4b4f2ddf7))
+* flex-linux-setup set jansTrustedClnt: true in casa client ([78999c0](https://github.com/GluuFederation/flex/commit/78999c00bda6dbad607621c873239abb03fce905))
+* flex-linux-setup start casa after install ([d139354](https://github.com/GluuFederation/flex/commit/d1393544a66f31a7b2fae374335e9d49096b736e))
+* flex-linux-setup update admin-ui plugin url ([9c92b0a](https://github.com/GluuFederation/flex/commit/9c92b0ae9851a84f88b8a78215e827e23b8609bb))
+* flex-linux-setup update config-cli plugins ([d2ec21f](https://github.com/GluuFederation/flex/commit/d2ec21f25ed5ffc6f378ca9f6b61adf9acea91eb))
+* **package:** fix package settings ([65453b1](https://github.com/GluuFederation/flex/commit/65453b1281709e74e2f8e5b8609a6979738e14aa))
+* update readme ([2c64ca4](https://github.com/GluuFederation/flex/commit/2c64ca4c2e16598cfb5d140ec06651b44f1055f1))
+* use authoriztion_url for authz request [#47](https://github.com/GluuFederation/flex/issues/47) ([92f9ade](https://github.com/GluuFederation/flex/commit/92f9ade78eeb6a1affeab2786cf8aaea92e480dd))
+
+
+### Documentation
+
+* add readme for flex-linux-setup [#28](https://github.com/GluuFederation/flex/issues/28) ([a90a21c](https://github.com/GluuFederation/flex/commit/a90a21c579d838f7ba6f797b32cfff846de7592f))
diff --git a/flex-linux-setup/flex_linux_setup/version.py b/flex-linux-setup/flex_linux_setup/version.py
index f102a9cad..3dc1f76bc 100644
--- a/flex-linux-setup/flex_linux_setup/version.py
+++ b/flex-linux-setup/flex_linux_setup/version.py
@@ -1 +1 @@
-__version__ = "0.0.1"
+__version__ = "0.1.0"

From d416f1922c1002307e4fae439253f6ca30e2e774 Mon Sep 17 00:00:00 2001
From: mo-auto <54212639+mo-auto@users.noreply.github.com>
Date: Tue, 15 Mar 2022 15:48:13 +0000
Subject: [PATCH 057/101] chore(main): release flex-cn-setup 0.1.0 (#30)

---
 flex-cn-setup/CHANGELOG.md                 | 21 +++++++++++++++++++++
 flex-cn-setup/pygluu/kubernetes/version.py |  2 +-
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 flex-cn-setup/CHANGELOG.md

diff --git a/flex-cn-setup/CHANGELOG.md b/flex-cn-setup/CHANGELOG.md
new file mode 100644
index 000000000..7049ae8fc
--- /dev/null
+++ b/flex-cn-setup/CHANGELOG.md
@@ -0,0 +1,21 @@
+# Changelog
+
+## 0.1.0 (2022-03-15)
+
+
+### Features
+
+* add applogers for the admin ui plugin ([1185372](https://github.com/GluuFederation/flex/commit/11853726e86193484fbcdb5a0b5bbdb0d6728031))
+* add applogers for the admin ui plugin ([1185372](https://github.com/GluuFederation/flex/commit/11853726e86193484fbcdb5a0b5bbdb0d6728031))
+* add applogers for the admin ui plugin ([5208e19](https://github.com/GluuFederation/flex/commit/5208e1993a76042ac50f2513f62e6bd37b9e824e))
+* add applogers for the admin ui plugin to values schema ([873dc55](https://github.com/GluuFederation/flex/commit/873dc5546cbbfe998bbcd5ef11dbea35728ff24d))
+
+
+### Bug Fixes
+
+* alb setup ([e703c4b](https://github.com/GluuFederation/flex/commit/e703c4b62e60d3cd299ea84f471417290987bdef))
+* **chart:** fix probes for admin-ui ([a110323](https://github.com/GluuFederation/flex/commit/a11032378f150c4c878ffc38d9b1b0d7353813ec))
+* **chart:** fix typo ([9079bb5](https://github.com/GluuFederation/flex/commit/9079bb5c6d59f669e03ac8fb3ebd2e061dd4c064))
+* prep for automatic chart generation ([a24cec3](https://github.com/GluuFederation/flex/commit/a24cec37c19173084ccf3dd7311adb80c1a915d4))
+* prep for automatic chart generation ([a24cec3](https://github.com/GluuFederation/flex/commit/a24cec37c19173084ccf3dd7311adb80c1a915d4))
+* prep for automatic chart generation ([b6e8cc7](https://github.com/GluuFederation/flex/commit/b6e8cc70eda8bcf020e923d32c1b0eb64d9e2738))
diff --git a/flex-cn-setup/pygluu/kubernetes/version.py b/flex-cn-setup/pygluu/kubernetes/version.py
index 626b32150..33a6bc86b 100644
--- a/flex-cn-setup/pygluu/kubernetes/version.py
+++ b/flex-cn-setup/pygluu/kubernetes/version.py
@@ -4,4 +4,4 @@
  
 """
 
-__version__ = "5.0.0"
+__version__ = "0.1.0"

From 0e7162110e3c25e6d2f2ba65aa0e0a24f6c95ab8 Mon Sep 17 00:00:00 2001
From: mo-auto <54212639+mo-auto@users.noreply.github.com>
Date: Tue, 15 Mar 2022 15:48:41 +0000
Subject: [PATCH 058/101] chore(main): release casa 5.0.0-0 (#53)

---
 casa/CHANGELOG.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 casa/CHANGELOG.md

diff --git a/casa/CHANGELOG.md b/casa/CHANGELOG.md
new file mode 100644
index 000000000..9b3c348dd
--- /dev/null
+++ b/casa/CHANGELOG.md
@@ -0,0 +1,18 @@
+# Changelog
+
+## 5.0.0-0 (2022-03-15)
+
+
+### Bug Fixes
+
+* [#45](https://github.com/GluuFederation/flex/issues/45) val of localPrimaryKey on Gluu is mapped with the primary key attr of the backend AD ([3c4a856](https://github.com/GluuFederation/flex/commit/3c4a856ec8c90ffa6cdb143debef4417a06d853a))
+* adjust python's lib path ref [#104](https://github.com/GluuFederation/flex/issues/104) ([d54ae9d](https://github.com/GluuFederation/flex/commit/d54ae9de578fe09976a3af8d2b5d64773191cb9e))
+* adjust wrong import ([7477adc](https://github.com/GluuFederation/flex/commit/7477adca4a35f5df9d98407fb88664e39f1acfa4))
+* ajust customObjectClass usage in non-ldap backends ([88c9638](https://github.com/GluuFederation/flex/commit/88c963861c35b653d580a8f6432fc709c1064905))
+* upgrade com.squareup.okhttp:okhttp from 2.3.0 to 2.7.5 ([d6310b2](https://github.com/GluuFederation/flex/commit/d6310b211f3a4c2451161dda7831ef07ba08aa4e))
+* upgrade net.jodah:expiringmap from 0.5.8 to 0.5.10 ([c3b6dfe](https://github.com/GluuFederation/flex/commit/c3b6dfe24fc405e45275ccd4d0d4b578ef2acb28))
+
+
+### Miscellaneous Chores
+
+* release 5.0.0-0 ([3d5cca6](https://github.com/GluuFederation/flex/commit/3d5cca6ee04c9f30212b80d9fb8f83117e06a646))

From d1baa265f007fea1b89e8708c422b23c94cf2993 Mon Sep 17 00:00:00 2001
From: mo-auto <54212639+mo-auto@users.noreply.github.com>
Date: Tue, 15 Mar 2022 15:48:55 +0000
Subject: [PATCH 059/101] chore(main): release docker-casa 5.0.0-0 (#54)

---
 docker-casa/CHANGELOG.md | 22 ++++++++++++++++++++++
 docker-casa/version.txt  |  2 +-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 docker-casa/CHANGELOG.md

diff --git a/docker-casa/CHANGELOG.md b/docker-casa/CHANGELOG.md
new file mode 100644
index 000000000..2b98a3f9a
--- /dev/null
+++ b/docker-casa/CHANGELOG.md
@@ -0,0 +1,22 @@
+# Changelog
+
+## 5.0.0-0 (2022-03-15)
+
+
+### Features
+
+* **image:** pull otp and super_gluu configuration from secrets ([5192cbb](https://github.com/GluuFederation/flex/commit/5192cbb11e3f6264f38fbfa084899fcd320cecc9))
+* **image:** pull otp and super_gluu configuration from secrets ([5192cbb](https://github.com/GluuFederation/flex/commit/5192cbb11e3f6264f38fbfa084899fcd320cecc9))
+* **image:** pull otp and super_gluu configuration from secrets ([2242843](https://github.com/GluuFederation/flex/commit/22428432c498785c454f393793036892d759fa1c))
+
+
+### Bug Fixes
+
+* add specific permissions for serverless runs ([fdf9c7b](https://github.com/GluuFederation/flex/commit/fdf9c7b8fd377cd8a7457252af5d1d0ebc05d07f))
+* download plugins with dependencies ([37d68d2](https://github.com/GluuFederation/flex/commit/37d68d2b6d4a6f99775581e247259ed6a84c7016))
+* image updater ([92d5fb4](https://github.com/GluuFederation/flex/commit/92d5fb4c2e2c01b3c745279a5c354631b5e51486))
+
+
+### Miscellaneous Chores
+
+* prepare release 5.0.0-0 ([1318a2d](https://github.com/GluuFederation/flex/commit/1318a2d1882412a7464015b7b7a1f4ffec7536dd))
diff --git a/docker-casa/version.txt b/docker-casa/version.txt
index b735eb6ea..fd8dae2c8 100644
--- a/docker-casa/version.txt
+++ b/docker-casa/version.txt
@@ -1 +1 @@
-5.0.0-0
\ No newline at end of file
+5.0.0-0

From 9c58aae041bb687f20326dec87029c8c61ad0cec Mon Sep 17 00:00:00 2001
From: mo-auto <54212639+mo-auto@users.noreply.github.com>
Date: Tue, 15 Mar 2022 15:49:09 +0000
Subject: [PATCH 060/101] chore(main): release docker-admin-ui 1.0.0-0 (#44)

---
 docker-admin-ui/CHANGELOG.md | 18 ++++++++++++++++++
 docker-admin-ui/version.txt  |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 docker-admin-ui/CHANGELOG.md

diff --git a/docker-admin-ui/CHANGELOG.md b/docker-admin-ui/CHANGELOG.md
new file mode 100644
index 000000000..3d4291284
--- /dev/null
+++ b/docker-admin-ui/CHANGELOG.md
@@ -0,0 +1,18 @@
+# Changelog
+
+## 1.0.0-0 (2022-03-15)
+
+
+### Bug Fixes
+
+* add specific permissions for serverless runs ([fdf9c7b](https://github.com/GluuFederation/flex/commit/fdf9c7b8fd377cd8a7457252af5d1d0ebc05d07f))
+* image updater ([92d5fb4](https://github.com/GluuFederation/flex/commit/92d5fb4c2e2c01b3c745279a5c354631b5e51486))
+* **image:** conform to nginx filesystem structure ([c5cf5a9](https://github.com/GluuFederation/flex/commit/c5cf5a9b3affc76ccf90a21f44644db6cad7995b))
+* **image:** update admin-ui image assets ([b92bcc6](https://github.com/GluuFederation/flex/commit/b92bcc6c4380e1aaec63e0939160cd744ffffc4a))
+* **image:** update admin-ui image assets ([b92bcc6](https://github.com/GluuFederation/flex/commit/b92bcc6c4380e1aaec63e0939160cd744ffffc4a))
+* **image:** update image manifests ([7e48528](https://github.com/GluuFederation/flex/commit/7e48528b11013e1b4f40a82d26846ff079dd6302))
+
+
+### Miscellaneous Chores
+
+* prepare release 1.0.0-0 ([68c02f8](https://github.com/GluuFederation/flex/commit/68c02f86c98cdee46566324cb3659f1417b4b869))
diff --git a/docker-admin-ui/version.txt b/docker-admin-ui/version.txt
index ea275684e..19b23fd36 100644
--- a/docker-admin-ui/version.txt
+++ b/docker-admin-ui/version.txt
@@ -1 +1 @@
-1.0.0-0
\ No newline at end of file
+1.0.0-0

From 8fb68ceb583cb6ede2651adb164f8cf9d1064767 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 15:56:42 +0000
Subject: [PATCH 061/101] ci: add rancher partner chart job

---
 .../post-to-rancher-partner-charts.yml        | 88 +++++++++----------
 1 file changed, 44 insertions(+), 44 deletions(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index c2dd0a54b..7dbba9aa5 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -18,49 +18,49 @@ jobs:
       with:
         python-version: 3.8
 
-      - name: analyze chart
-        run: |
-          sudo bash automation/janssen_helm_chart/prepare_chart.sh
+    - name: analyze chart
+      run: |
+        sudo bash automation/janssen_helm_chart/prepare_chart.sh
 
-      - name: Import GPG key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v4
-        with:
-          gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
-          git_user_signingkey: true
-          git_commit_gpgsign: true
+    - name: Import GPG key
+      id: import_gpg
+      uses: crazy-max/ghaction-import-gpg@v4
+      with:
+        gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
+        passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
+        git_user_signingkey: true
+        git_commit_gpgsign: true
 
-      - name: Get latest tag
-        id: previoustag
-        run: |
-          echo "::set-output name=tag::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1)"
-          echo "::set-output name=version::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1 | cut -d 'v' -f 2)"
-      - name: Configure Git
-        run: |
-          git config user.name "mo-auto"
-          git config user.email "54212639+mo-auto@users.noreply.github.com"
-          git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
-          # open branch in rancher-partner
-          git clone https://github.com/rancher/partner-charts.git
-          cd partner-charts
-          git remote set-url origin https://mo-auto:${{ secrets.MOWORKFLOWTOKEN }}@github.com/rancher/partner-charts.git
-          git switch -c gluu-flex-main-source origin/main-source
-          cp ../automation/rancher-partner-charts/package.yaml ./packages/gluu/package.yaml
-          export PACKAGE=gluu
-          make prepare
-          cp ../automation/rancher-partner-charts/app-readme.md ./packages/gluu/charts/app-readme.md
-          cp ../automation/rancher-partner-charts/questions.yaml ./packages/gluu/charts/questions.yaml
-          make patch
-          make clean
-          git add -A
-          git commit -S -s -m "feat(gluu): patch helm package"
-          make charts
-          git add -A
-          git commit -S -s -m "feat(gluu): chart helm package"
-          git push --set-upstream origin gluu-flex-main-source
-          MESSAGE="feat(gluu): update Gluu helm partner chart"
-          BODY="This is an automated message propagated by a release in the parent Gluu chart."
-          echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt
-          gh auth login --with-token < token.txt
-          PR=$(gh pr create --base "main-source" --body "${BODY}" --title "${MESSAGE}")        
+    - name: Get latest tag
+      id: previoustag
+      run: |
+        echo "::set-output name=tag::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1)"
+        echo "::set-output name=version::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1 | cut -d 'v' -f 2)"
+    - name: Configure Git
+      run: |
+        git config user.name "mo-auto"
+        git config user.email "54212639+mo-auto@users.noreply.github.com"
+        git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
+        # open branch in rancher-partner
+        git clone https://github.com/rancher/partner-charts.git
+        cd partner-charts
+        git remote set-url origin https://mo-auto:${{ secrets.MOWORKFLOWTOKEN }}@github.com/rancher/partner-charts.git
+        git switch -c gluu-flex-main-source origin/main-source
+        cp ../automation/rancher-partner-charts/package.yaml ./packages/gluu/package.yaml
+        export PACKAGE=gluu
+        make prepare
+        cp ../automation/rancher-partner-charts/app-readme.md ./packages/gluu/charts/app-readme.md
+        cp ../automation/rancher-partner-charts/questions.yaml ./packages/gluu/charts/questions.yaml
+        make patch
+        make clean
+        git add -A
+        git commit -S -s -m "feat(gluu): patch helm package"
+        make charts
+        git add -A
+        git commit -S -s -m "feat(gluu): chart helm package"
+        git push --set-upstream origin gluu-flex-main-source
+        MESSAGE="feat(gluu): update Gluu helm partner chart"
+        BODY="This is an automated message propagated by a release in the parent Gluu chart."
+        echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt
+        gh auth login --with-token < token.txt
+        PR=$(gh pr create --base "main-source" --body "${BODY}" --title "${MESSAGE}")        

From e4e91d01452773d8c35b42efb9858ae15e2947ec Mon Sep 17 00:00:00 2001
From: mo-auto <54212639+mo-auto@users.noreply.github.com>
Date: Tue, 15 Mar 2022 16:10:00 +0000
Subject: [PATCH 062/101] chore(main): release 5.0.0-0 (#145)

---
 CHANGELOG.md | 263 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 263 insertions(+)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 000000000..5c872c36d
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,263 @@
+# Changelog
+
+## 5.0.0-0 (2022-03-15)
+
+
+### Features
+
+* add acrValues property in admin-ui configuration. [#1016](https://github.com/GluuFederation/flex/issues/1016) ([328c92e](https://github.com/GluuFederation/flex/commit/328c92e1ad62fde56def027711bc6e6c86926d4b))
+* add acrValues property in admin-ui configuration. [#1016](https://github.com/GluuFederation/flex/issues/1016) ([328c92e](https://github.com/GluuFederation/flex/commit/328c92e1ad62fde56def027711bc6e6c86926d4b))
+* add acrValues property in admin-ui configuration. [#1016](https://github.com/GluuFederation/flex/issues/1016) ([ac8b572](https://github.com/GluuFederation/flex/commit/ac8b572596e9b2d662fb0e024180c9d940751d63))
+* add applogers for the admin ui plugin ([1185372](https://github.com/GluuFederation/flex/commit/11853726e86193484fbcdb5a0b5bbdb0d6728031))
+* add applogers for the admin ui plugin ([1185372](https://github.com/GluuFederation/flex/commit/11853726e86193484fbcdb5a0b5bbdb0d6728031))
+* add applogers for the admin ui plugin ([5208e19](https://github.com/GluuFederation/flex/commit/5208e1993a76042ac50f2513f62e6bd37b9e824e))
+* add applogers for the admin ui plugin to values schema ([873dc55](https://github.com/GluuFederation/flex/commit/873dc5546cbbfe998bbcd5ef11dbea35728ff24d))
+* add casa and janssen integration ([#25](https://github.com/GluuFederation/flex/issues/25)) ([973beca](https://github.com/GluuFederation/flex/commit/973beca709c14db5bd4b62eba2d89067aa68f66a))
+* add main() function ([01f118c](https://github.com/GluuFederation/flex/commit/01f118c5bf3a63867b384883606f9a2410a3cc0f))
+* add message under the textinput field ([c8937ec](https://github.com/GluuFederation/flex/commit/c8937ecc92d59c97ec9a8ba5a874ed04e52b22c9))
+* add plugins to casa plugins folder ([fd31ff3](https://github.com/GluuFederation/flex/commit/fd31ff3e43a78270dd4ff5e767f87c4c74185818))
+* adding .env.tmp ([6dcf479](https://github.com/GluuFederation/flex/commit/6dcf4799d348211ba2c9e738273039ca0f6fa68a))
+* admin UI - Option to specify a python file containing a custom script [#110](https://github.com/GluuFederation/flex/issues/110) ([f33fa7a](https://github.com/GluuFederation/flex/commit/f33fa7a9914ca57b2adc1643700f37cf8e8628cf))
+* admin UI - Option to specify a python file containing a custom script [#110](https://github.com/GluuFederation/flex/issues/110) ([53106c3](https://github.com/GluuFederation/flex/commit/53106c33e5193839e4e3f3b92f4e286863c1c492))
+* admin UI - Option to specify a python file containing a custom script [#110](https://github.com/GluuFederation/flex/issues/110) ([2bd248f](https://github.com/GluuFederation/flex/commit/2bd248f60296c954a38216a9d59d47dadac362ff))
+* **admin-ui:** create a shared redux that can use by all admin-ui plugins. [#350](https://github.com/GluuFederation/flex/issues/350) ([02a6427](https://github.com/GluuFederation/flex/commit/02a6427a7a24474014b9fc1a02ca3d0f82bd5e30))
+* **admin-ui:** date range showing undefined and ? [#359](https://github.com/GluuFederation/flex/issues/359) ([9dfda59](https://github.com/GluuFederation/flex/commit/9dfda5967c5bb9ace13b1a6e03aa1097dcfbede9))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([f848b42](https://github.com/GluuFederation/flex/commit/f848b427cb45a8824b0de0b2e3148b8e2d5df8fc))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([ad7b72c](https://github.com/GluuFederation/flex/commit/ad7b72c283adac5b33360d8a47202357522f9e8b))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([c8fcaf6](https://github.com/GluuFederation/flex/commit/c8fcaf6308f18420357998fcde87af21fbb7385b))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([a3048ef](https://github.com/GluuFederation/flex/commit/a3048ef64004741ac8f3c879b1c65c15d82a8ccf))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([056524c](https://github.com/GluuFederation/flex/commit/056524cc0ff805b813559a5cb400f5a883605ebe))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([a421a70](https://github.com/GluuFederation/flex/commit/a421a7000b2fc4315285c31504b0a3d16d132875))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([1cc2789](https://github.com/GluuFederation/flex/commit/1cc27891e372c60cf87b4dc5592eee9762a88152))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([9e7c947](https://github.com/GluuFederation/flex/commit/9e7c94770ae4a9d9af6e843e99a7de4acd694588))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([d121479](https://github.com/GluuFederation/flex/commit/d121479db8f299258e60ad0926e7b2143fa0e7fe))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([2403ff0](https://github.com/GluuFederation/flex/commit/2403ff01ec644d7699c7f2b26993156f67e4933d))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([44e5d1a](https://github.com/GluuFederation/flex/commit/44e5d1a50eec1871df440ae4dc835f42ad75fc50))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([b5d7bf9](https://github.com/GluuFederation/flex/commit/b5d7bf93d68cd12a9477bae393efcfc954e542a2))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([1951b9c](https://github.com/GluuFederation/flex/commit/1951b9c1f69f3a3a201ae094f36de487c79c38f5))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([96482db](https://github.com/GluuFederation/flex/commit/96482dbe73eec4c60299d0526bd13cef8afc2530))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([71de0da](https://github.com/GluuFederation/flex/commit/71de0dacbb2ae265ec544368fdf464880c5888cd))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([aac6eca](https://github.com/GluuFederation/flex/commit/aac6eca0de0680ce8959733d550d2af872982246))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([7ed9533](https://github.com/GluuFederation/flex/commit/7ed953363b74cb022dff76367da18565b6948695))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([5d17005](https://github.com/GluuFederation/flex/commit/5d1700557a85f2b814f7b2143b881919c6ec7862))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([14da9b9](https://github.com/GluuFederation/flex/commit/14da9b93ac2c077d5622e6501fc39b874c2e4827))
+* **admin-ui:** design the layout for api role management [#327](https://github.com/GluuFederation/flex/issues/327) ([86ba279](https://github.com/GluuFederation/flex/commit/86ba27925a5febe7f308be093710e045b3dcdfcc))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([3fe1760](https://github.com/GluuFederation/flex/commit/3fe1760611eaab277bf0b77f24e3c12f0c7d961c))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([b1d56f1](https://github.com/GluuFederation/flex/commit/b1d56f13dbbc99544c680f41a8691258db58eebb))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([36c8bfc](https://github.com/GluuFederation/flex/commit/36c8bfc9de5490122ba7cec593dfe79685216f76))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([207c282](https://github.com/GluuFederation/flex/commit/207c2829c8094407299e779b702a750260e74157))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([9d81a7a](https://github.com/GluuFederation/flex/commit/9d81a7a96eefe7a17277c6c0620541c3b89f5a47))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([256a24d](https://github.com/GluuFederation/flex/commit/256a24d05be59d12bf7b9c8f2ea68c3983c92349))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([f8ccaf5](https://github.com/GluuFederation/flex/commit/f8ccaf5d6670e43238bed73b4b3b520b46ab560b))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([392dbaa](https://github.com/GluuFederation/flex/commit/392dbaadbfb72f0d2db9f65afdd6c6d475ed1f00))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([4a28921](https://github.com/GluuFederation/flex/commit/4a28921da00c877a7ea6e7bcb11d9f164e1d655c))
+* **admin-ui:** design the layout for role-permission mapping [#336](https://github.com/GluuFederation/flex/issues/336) ([43173bf](https://github.com/GluuFederation/flex/commit/43173bff457898376d89a499f5b52c2bc7a7b558))
+* **admin-ui:** fix bugs [#363](https://github.com/GluuFederation/flex/issues/363) [#361](https://github.com/GluuFederation/flex/issues/361) [#362](https://github.com/GluuFederation/flex/issues/362) ([9bd5808](https://github.com/GluuFederation/flex/commit/9bd58087ddda650f009b6e38a33858051ebe5ac9))
+* **admin-ui:** fix bugs [#363](https://github.com/GluuFederation/flex/issues/363) [#361](https://github.com/GluuFederation/flex/issues/361) [#362](https://github.com/GluuFederation/flex/issues/362) ([aedc9ab](https://github.com/GluuFederation/flex/commit/aedc9abcbd54e6fd4faef335a74120a7136f2866))
+* **admin-ui:** fix bugs [#363](https://github.com/GluuFederation/flex/issues/363) [#361](https://github.com/GluuFederation/flex/issues/361) [#362](https://github.com/GluuFederation/flex/issues/362) ([fdc5d14](https://github.com/GluuFederation/flex/commit/fdc5d14f56deca4af2c2bcb6d9e4fbee2557b881))
+* **admin-ui:** fix issues with material list [#43](https://github.com/GluuFederation/flex/issues/43) ([0a98d9e](https://github.com/GluuFederation/flex/commit/0a98d9e795f97722a1f2d6478fc61e2f611424c8))
+* **admin-ui:** fix issues with material list [#43](https://github.com/GluuFederation/flex/issues/43) ([87eb557](https://github.com/GluuFederation/flex/commit/87eb5571ff618f7018751429f5ee8f79b4315e37))
+* **admin-ui:** fix maximum actives users page [#2](https://github.com/GluuFederation/flex/issues/2) ([ad157e3](https://github.com/GluuFederation/flex/commit/ad157e3efccf43d83324bcbbd271db7a714fc0ae))
+* **admin-ui:** fix the console errors that show up on list views [#357](https://github.com/GluuFederation/flex/issues/357) ([139feee](https://github.com/GluuFederation/flex/commit/139feee67e0cf883999810a8548d62bc17c1cfa7))
+* **admin-ui:** fix the console errors that show up on list views [#357](https://github.com/GluuFederation/flex/issues/357) ([183bdfd](https://github.com/GluuFederation/flex/commit/183bdfdea8d4d69e62bc70d7ed26d1af859bc442))
+* **admin-ui:** fix the console errors that show up on list views [#357](https://github.com/GluuFederation/flex/issues/357) ([9ad0431](https://github.com/GluuFederation/flex/commit/9ad0431561d42741b5f6895c9907adc1067e1718))
+* **admin-ui:** provide roles and permissions management screens in Admin UI [#339](https://github.com/GluuFederation/flex/issues/339) ([18e72e2](https://github.com/GluuFederation/flex/commit/18e72e243ed59a4d2829f490a11c425d1b90956a))
+* **admin-ui:** provide roles and permissions management screens in Admin UI [#339](https://github.com/GluuFederation/flex/issues/339) ([f36d313](https://github.com/GluuFederation/flex/commit/f36d3131dcbcfb1b6d7eac1e1475e5e9297a2fe4))
+* **admin-ui:** provide roles and permissions management screens in Admin UI [#339](https://github.com/GluuFederation/flex/issues/339) ([98e6318](https://github.com/GluuFederation/flex/commit/98e63186c2cd0da95ad916dcb476fcab0c5729c0))
+* **admin-ui:** provide roles and permissions management screens in Admin UI [#339](https://github.com/GluuFederation/flex/issues/339) ([957dc49](https://github.com/GluuFederation/flex/commit/957dc49b38346b1591e241ff1602e5cd291d99bc))
+* **admin-ui:** provide roles and permissions management screens in Admin UI [#339](https://github.com/GluuFederation/flex/issues/339) ([24487d7](https://github.com/GluuFederation/flex/commit/24487d75d46c8788bace5cec5ac87dbbc3e6ffee))
+* **admin-ui:** provide roles and permissions management screens in Admin UI [#339](https://github.com/GluuFederation/flex/issues/339) ([726823b](https://github.com/GluuFederation/flex/commit/726823b5b5476d16dd1433936faf3f9f10e9d52c))
+* **admin-ui:** provide roles and permissions management screens in Admin UI [#339](https://github.com/GluuFederation/flex/issues/339) ([2d1fa30](https://github.com/GluuFederation/flex/commit/2d1fa305679478db0d91c391b98334ad020483a9))
+* **admin-ui:** provide roles and permissions management screens in Admin UI [#339](https://github.com/GluuFederation/flex/issues/339) ([a6a4172](https://github.com/GluuFederation/flex/commit/a6a41722541cd5731f1c834b810ed13ddfa7f682))
+* **admin-ui:** show active users page on dashboard [#43](https://github.com/GluuFederation/flex/issues/43) ([8bffd11](https://github.com/GluuFederation/flex/commit/8bffd11d206d8ce055bc1d04a8a88655cebc3af6))
+* **admin-ui:** show active users page on dashboard [#43](https://github.com/GluuFederation/flex/issues/43) ([bfe2870](https://github.com/GluuFederation/flex/commit/bfe2870b932f09a89eb08130be99386b74c9be44))
+* **admin-ui:** show active users page on dashboard [#43](https://github.com/GluuFederation/flex/issues/43) ([003a2af](https://github.com/GluuFederation/flex/commit/003a2af72017fbc3ee0fe43a1c14c432a9678f05))
+* **admin-ui:** show active users page on dashboard [#43](https://github.com/GluuFederation/flex/issues/43) ([ae8b1e1](https://github.com/GluuFederation/flex/commit/ae8b1e1eeec14978af864db1d27ca0965c4cbdd4))
+* **admin-ui:** unable to add description of an existing permission in config-api [#66](https://github.com/GluuFederation/flex/issues/66) ([806f4fe](https://github.com/GluuFederation/flex/commit/806f4fe87a9bf28eee4d643f81180c743172f423))
+* **admin-ui:** update packages with security fixes ([f8e6dc5](https://github.com/GluuFederation/flex/commit/f8e6dc54ab27fc3bdfba9a608f0e05a5876dc07c))
+* **admin-ui:** update packages with security fixes ([8d6b0db](https://github.com/GluuFederation/flex/commit/8d6b0dbd7b5391c654fc10568d0eb1bbabae1e2e))
+* bulk of removals [#156](https://github.com/GluuFederation/flex/issues/156) ([73a09ad](https://github.com/GluuFederation/flex/commit/73a09ad6d524ba64d782837c889e6bfeba818437))
+* centre aligned x ([5299b5a](https://github.com/GluuFederation/flex/commit/5299b5a43bb7316b1c54d4528b608d235f0c0740))
+* change collapse option location ([62ab2fa](https://github.com/GluuFederation/flex/commit/62ab2fa0db473bad52888bb7a062f1aba801ca50))
+* change in keys page [#117](https://github.com/GluuFederation/flex/issues/117) ([4ae82f1](https://github.com/GluuFederation/flex/commit/4ae82f1b279d6c04ff7b083088a2072a947646ad))
+* change in keys page [#117](https://github.com/GluuFederation/flex/issues/117) ([6ef2460](https://github.com/GluuFederation/flex/commit/6ef2460a6c8ddbe359639ea50302de6cbef46cac))
+* create cli tool for adding/removing plugins [#351](https://github.com/GluuFederation/flex/issues/351) ([218bf55](https://github.com/GluuFederation/flex/commit/218bf55577e4c0f586dc97f8201bde26ff356acf))
+* create cli tool for adding/removing plugins [#351](https://github.com/GluuFederation/flex/issues/351) ([9c2e03f](https://github.com/GluuFederation/flex/commit/9c2e03fada2c498907273985fcd711e430960370))
+* create cli tool for adding/removing plugins [#351](https://github.com/GluuFederation/flex/issues/351) ([23ebd1d](https://github.com/GluuFederation/flex/commit/23ebd1db07b95352ea9f617789cd28c9c130e537))
+* create cli tool for adding/removing plugins [#351](https://github.com/GluuFederation/flex/issues/351) ([8e60c0e](https://github.com/GluuFederation/flex/commit/8e60c0ebc2a0954736495977a170f1fb2fb74fc7))
+* create cli tool for adding/removing plugins [#351](https://github.com/GluuFederation/flex/issues/351) ([6cd185b](https://github.com/GluuFederation/flex/commit/6cd185b21518008e68994297bd413c3f5c39bfd9))
+* edit role permission mapping ([b905d11](https://github.com/GluuFederation/flex/commit/b905d11df7c06d9d0db2964bd80b9795e50ccde5))
+* finish OIDC flow with nimbus lib [#156](https://github.com/GluuFederation/flex/issues/156) ([14fd5bf](https://github.com/GluuFederation/flex/commit/14fd5bf123120a0b51446ebc5dd39ded90a4321b))
+* flex linux setup casa fix ([72903cd](https://github.com/GluuFederation/flex/commit/72903cd15ad3185f5eca48a5672d9d2a30b42ca7))
+* flex linux setup casa fix ([72903cd](https://github.com/GluuFederation/flex/commit/72903cd15ad3185f5eca48a5672d9d2a30b42ca7))
+* flex-linux-setup ([dac8b70](https://github.com/GluuFederation/flex/commit/dac8b705ecb723cc77c43339dd3ebed00cfafa8a))
+* flex-linux-setup add casa install ([0ff917f](https://github.com/GluuFederation/flex/commit/0ff917f82ced8bea57312c7a8e8565d192561d9b))
+* flex-linux-setup argparse pkg issue ([d235ef4](https://github.com/GluuFederation/flex/commit/d235ef4410d7481e284c757016abf82bf135fb8a))
+* flex-linux-setup package ([05d51ae](https://github.com/GluuFederation/flex/commit/05d51ae46b99a668996b3a0f0f6c3c4443cfaf1a))
+* flex-linux-setup self installer ([d05061f](https://github.com/GluuFederation/flex/commit/d05061f1fd99ace2c6d3962722d484cfc71a7139))
+* flex-linux-setup typo ([9523c8a](https://github.com/GluuFederation/flex/commit/9523c8a3878b8b51174e34fbd09e001761fb3a43))
+* **image:** pull otp and super_gluu configuration from secrets ([5192cbb](https://github.com/GluuFederation/flex/commit/5192cbb11e3f6264f38fbfa084899fcd320cecc9))
+* **image:** pull otp and super_gluu configuration from secrets ([5192cbb](https://github.com/GluuFederation/flex/commit/5192cbb11e3f6264f38fbfa084899fcd320cecc9))
+* **image:** pull otp and super_gluu configuration from secrets ([2242843](https://github.com/GluuFederation/flex/commit/22428432c498785c454f393793036892d759fa1c))
+* implement deletable option ([4b5b3ab](https://github.com/GluuFederation/flex/commit/4b5b3ab30f45607faf3d00495bf64b97cfe55589))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([b5c86bf](https://github.com/GluuFederation/flex/commit/b5c86bf1bd0df97a5a86300a0e8d5be890b54cbc))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([76a19d2](https://github.com/GluuFederation/flex/commit/76a19d2b44fd5024f5de699a20232f66779d4c2b))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([75d0138](https://github.com/GluuFederation/flex/commit/75d013879cc4d5d9b95e6fbdbb57dc1b591cb1bb))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([94ea401](https://github.com/GluuFederation/flex/commit/94ea401c5b17f394a947a9ca668494d2b110123b))
+* move health menu under Home menu [#116](https://github.com/GluuFederation/flex/issues/116) ([ae455c5](https://github.com/GluuFederation/flex/commit/ae455c5940fad46ddb80617aa2716d9de80c9023))
+* populate the heath status from Config-api [#287](https://github.com/GluuFederation/flex/issues/287) ([c4867c3](https://github.com/GluuFederation/flex/commit/c4867c3363be54629df062b7f3a2b513599c39e5))
+* populate the heath status from Config-api [#287](https://github.com/GluuFederation/flex/issues/287) ([58d180a](https://github.com/GluuFederation/flex/commit/58d180ab2deefec01832bd04b0b5f4763befaaef))
+* protecting Admin-UI Plugin Apis [#346](https://github.com/GluuFederation/flex/issues/346) ([6e25fa5](https://github.com/GluuFederation/flex/commit/6e25fa5cd927abb43b9437705f1e363f0b72667c))
+* protecting Admin-UI Plugin Apis [#346](https://github.com/GluuFederation/flex/issues/346) ([ee4543f](https://github.com/GluuFederation/flex/commit/ee4543f9b5811e8455f9b42a9fe650c2657e9c87))
+* protecting Admin-UI Plugin Apis [#346](https://github.com/GluuFederation/flex/issues/346) ([ab4563b](https://github.com/GluuFederation/flex/commit/ab4563b3d7ca0f10562b7cac64c02fca7afd0dd2))
+* put MAU under admin ([bed0fa5](https://github.com/GluuFederation/flex/commit/bed0fa556ae8f4a910d86ade0435c81c96e314ce))
+* relocating burger menu button ([9f8008b](https://github.com/GluuFederation/flex/commit/9f8008b6d05e5b387795044a8d4cd06026b5b606))
+* rewrite OIDC flow using nimbus lib [#156](https://github.com/GluuFederation/flex/issues/156) ([b8ae92e](https://github.com/GluuFederation/flex/commit/b8ae92e4bb919d0be06b0317de27d7faa7af1e40))
+* sql- add/edit/delete of sql configuration not working [#283](https://github.com/GluuFederation/flex/issues/283) ([069fdb8](https://github.com/GluuFederation/flex/commit/069fdb8a08b9d58ea2c0b9f99f90b62efce70037))
+* sql- add/edit/delete of sql configuration not working [#283](https://github.com/GluuFederation/flex/issues/283) ([15da0a6](https://github.com/GluuFederation/flex/commit/15da0a6768c0f554f5e179b8e7484f28262dfcfd))
+* upgrade i18next from 19.9.2 to 21.6.10 ([f077d69](https://github.com/GluuFederation/flex/commit/f077d69b4c8786b89ecf984b88a4b064010a05bc))
+* upgrade react-toastify from 5.5.0 to 8.1.0 ([cf0d35f](https://github.com/GluuFederation/flex/commit/cf0d35f548232c7d65c86a44a5d8104860e20490))
+* write test for all pages under admin plugin [#302](https://github.com/GluuFederation/flex/issues/302) ([a69f4a4](https://github.com/GluuFederation/flex/commit/a69f4a44cd3416c12961d99f9c075710c2cbd981))
+* write test for the pages under admin plugin [#302](https://github.com/GluuFederation/flex/issues/302) ([37275a9](https://github.com/GluuFederation/flex/commit/37275a9d105ab36e7d386873fac65225261f3d53))
+
+
+### Bug Fixes
+
+* [#45](https://github.com/GluuFederation/flex/issues/45) val of localPrimaryKey on Gluu is mapped with the primary key attr of the backend AD ([3c4a856](https://github.com/GluuFederation/flex/commit/3c4a856ec8c90ffa6cdb143debef4417a06d853a))
+* add mapping ([4b85cb8](https://github.com/GluuFederation/flex/commit/4b85cb8e221e1f72cd7abd37085edad7512b8add))
+* add missing lib [#162](https://github.com/GluuFederation/flex/issues/162) ([4ec0da8](https://github.com/GluuFederation/flex/commit/4ec0da84e02654e209b100b08f4b975d86c2e868))
+* add specific permissions for serverless runs ([fdf9c7b](https://github.com/GluuFederation/flex/commit/fdf9c7b8fd377cd8a7457252af5d1d0ebc05d07f))
+* added delete functionality ([5cd1a66](https://github.com/GluuFederation/flex/commit/5cd1a663259f1d121a8971a0c595d5713df475b1))
+* adjust attribute names consent plugin [#159](https://github.com/GluuFederation/flex/issues/159) ([773f14c](https://github.com/GluuFederation/flex/commit/773f14cf35b8e1332e5164a513f05284e54d177a))
+* adjust gluu coordinates [#162](https://github.com/GluuFederation/flex/issues/162) ([57aedf1](https://github.com/GluuFederation/flex/commit/57aedf19c0d3ea2d6a42967490ed77415be884a4))
+* adjust location of webauthn js files [#171](https://github.com/GluuFederation/flex/issues/171) ([03bd1d3](https://github.com/GluuFederation/flex/commit/03bd1d3f17a1daefe8ed535f6af3c9929de33746))
+* adjust python's lib path ref [#104](https://github.com/GluuFederation/flex/issues/104) ([d54ae9d](https://github.com/GluuFederation/flex/commit/d54ae9de578fe09976a3af8d2b5d64773191cb9e))
+* adjust wrong import ([7477adc](https://github.com/GluuFederation/flex/commit/7477adca4a35f5df9d98407fb88664e39f1acfa4))
+* **admin-ui:** add openid connect clients count to the dashbaord [#43](https://github.com/GluuFederation/flex/issues/43) ([18fa51e](https://github.com/GluuFederation/flex/commit/18fa51e6095f5c6415c20dad0ca2f96f7477ebe2))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([afdf03b](https://github.com/GluuFederation/flex/commit/afdf03b8449839f21d2562438c43dab607831472))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([5ff03e6](https://github.com/GluuFederation/flex/commit/5ff03e6ec8ef33d74e7e341c3995e594e730ef15))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([57708d1](https://github.com/GluuFederation/flex/commit/57708d17e0ac1acd2e4be18fc147941b2e3c368a))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([100a706](https://github.com/GluuFederation/flex/commit/100a706c04ca556e950ff7eb4479cfb6e27e0777))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([18ac6f8](https://github.com/GluuFederation/flex/commit/18ac6f87bf7d2b09497e607570101bc71b893518))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([fa7b08d](https://github.com/GluuFederation/flex/commit/fa7b08daea19acd1bb53d5595011b9bc8784d1dd))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([b35a6e1](https://github.com/GluuFederation/flex/commit/b35a6e1c10d4c50195c2d561f6c7899292db30eb))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([e7bc830](https://github.com/GluuFederation/flex/commit/e7bc830bc5625a573768b9b4cd4f480c5ce8724e))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([d400154](https://github.com/GluuFederation/flex/commit/d40015425f82585922c3e91621efb0e0ad1eceb2))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([d4643c0](https://github.com/GluuFederation/flex/commit/d4643c03272e67945cf6a38c2080d6dde7a9588c))
+* **admin-ui:** resolve all bugs displayed for admin-ui [#308](https://github.com/GluuFederation/flex/issues/308) ([510f19e](https://github.com/GluuFederation/flex/commit/510f19ef9ad08e7c9fdb56ad5e5c8389d7f47800))
+* **admin-ui:** resolve all bugs displayed for admin-ui bug [#308](https://github.com/GluuFederation/flex/issues/308) ([ec60500](https://github.com/GluuFederation/flex/commit/ec60500dacedad39dd289d40c31b4864eeaa9e2c))
+* **admin-ui:** resolve all bugs displayed for admin-ui bug [#308](https://github.com/GluuFederation/flex/issues/308) ([b4d6521](https://github.com/GluuFederation/flex/commit/b4d652132f343e3eef11b045a3163e94c3f2b7b8))
+* **admin-ui:** resolve all bugs displayed for admin-ui bug [#308](https://github.com/GluuFederation/flex/issues/308) ([0e2a476](https://github.com/GluuFederation/flex/commit/0e2a47686807d26ca885db05380725b554f2bb8d))
+* **admin-ui:** resolve all bugs displayed for admin-ui bug [#308](https://github.com/GluuFederation/flex/issues/308) ([b7c9665](https://github.com/GluuFederation/flex/commit/b7c96653f9c618305ee5e2d48b6c2122dd49f31f))
+* **admin-ui:** resolve all bugs displayed for admin-ui bug [#308](https://github.com/GluuFederation/flex/issues/308) ([194e158](https://github.com/GluuFederation/flex/commit/194e158075223f0a703d6d64343a847264e525a1))
+* **admin-ui:** resolve all bugs displayed for admin-ui bug [#308](https://github.com/GluuFederation/flex/issues/308) ([45e4186](https://github.com/GluuFederation/flex/commit/45e4186213412068aa5fa065d6c26d1153e8811b))
+* **admin-ui:** resolve all bugs displayed for admin-ui bug [#308](https://github.com/GluuFederation/flex/issues/308) ([3241bc9](https://github.com/GluuFederation/flex/commit/3241bc9fc69a8a6b9ff48125ee00494db7668ba4))
+* **admin-ui:** resolve all bugs displayed for admin-ui bug [#308](https://github.com/GluuFederation/flex/issues/308) ([224da64](https://github.com/GluuFederation/flex/commit/224da64fd527609e0a8de51ae76e36428b8d1b07))
+* **admin-ui:** resolve all bugs displayed for admin-ui bug [#308](https://github.com/GluuFederation/flex/issues/308) ([2a3394a](https://github.com/GluuFederation/flex/commit/2a3394a38bc80bd2e188545cfa12eaf78946d6a6))
+* **admin-ui:** sample testing ([53d441b](https://github.com/GluuFederation/flex/commit/53d441ba1393218d5def23945ea22fc94a1fdbb0))
+* **admin-ui:** Setup sample jest test for base component ([10fe50a](https://github.com/GluuFederation/flex/commit/10fe50a0a7c5f9ee89682091cfa94caf087da734))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([b008af6](https://github.com/GluuFederation/flex/commit/b008af6173b3017e468fcbdd02e8862a2fe5ab52))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([a100a9a](https://github.com/GluuFederation/flex/commit/a100a9a3132d9585900244f2be913b8c03833f5e))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([144dabf](https://github.com/GluuFederation/flex/commit/144dabf5a32eca3cc5c6cf56728bb903065e3327))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([d0f1cc2](https://github.com/GluuFederation/flex/commit/d0f1cc29535081c7b0802f5ab6faf88c710ed12d))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([6878eed](https://github.com/GluuFederation/flex/commit/6878eed21363317104a2ec058577421fed69f819))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([72a59af](https://github.com/GluuFederation/flex/commit/72a59afe8cdcf6eacd7c33afb318c824abb11533))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([9c18d31](https://github.com/GluuFederation/flex/commit/9c18d31b9f0f06b24de305f867a6445590699eb4))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([06e7bd2](https://github.com/GluuFederation/flex/commit/06e7bd2f16e80b5f0f45477ff7f53976871980ae))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([df9c3e1](https://github.com/GluuFederation/flex/commit/df9c3e1e54a1a9b65bf20c70bb9e2ed02c822df9))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([5dcd4b6](https://github.com/GluuFederation/flex/commit/5dcd4b62df7634ebd08732dd1129be302eed04b5))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([e6c76c0](https://github.com/GluuFederation/flex/commit/e6c76c0f292e094214a000e913a862dbf9c9ca39))
+* **admin-ui:** write test for all Gluu custom base UI components [#290](https://github.com/GluuFederation/flex/issues/290) ([98d75df](https://github.com/GluuFederation/flex/commit/98d75df4b35299ae63130c9aa396b6b377f6c9a7))
+* **admin-ui:** write test for all pages under auth-server plugin [#301](https://github.com/GluuFederation/flex/issues/301) ([2c1cb78](https://github.com/GluuFederation/flex/commit/2c1cb783cab286d40a2839a625640f3fe335f2ff))
+* **admin-ui:** write test for all pages under auth-server plugin [#301](https://github.com/GluuFederation/flex/issues/301) ([ea4d016](https://github.com/GluuFederation/flex/commit/ea4d016890c98454f71be415d9a64f508dea122f))
+* **admin-ui:** write test for all pages under auth-server plugin [#301](https://github.com/GluuFederation/flex/issues/301) ([7d31e72](https://github.com/GluuFederation/flex/commit/7d31e72358bd0e3f509976bf0f1be7cfd44efab8))
+* **admin-ui:** write test for all pages under auth-server plugin [#301](https://github.com/GluuFederation/flex/issues/301) ([e2a1ff8](https://github.com/GluuFederation/flex/commit/e2a1ff81ec5addb5f0a4455d33950c4c6107ffd9))
+* **admin-ui:** write test for all pages under auth-server plugin [#301](https://github.com/GluuFederation/flex/issues/301) ([a9cbcf0](https://github.com/GluuFederation/flex/commit/a9cbcf03f03b02d275a261e5c83f8da2b6cfaf57))
+* **admin-ui:** write test for all pages under auth-server plugin [#301](https://github.com/GluuFederation/flex/issues/301) ([bd2a35b](https://github.com/GluuFederation/flex/commit/bd2a35b640556fa6df2d794e84295cfbc02e689a))
+* **admin-ui:** write test for all pages under auth-server plugin [#301](https://github.com/GluuFederation/flex/issues/301) ([3cefa36](https://github.com/GluuFederation/flex/commit/3cefa36d0154f32a78f764392f368684893c8c24))
+* **admin-ui:** write test for Openid connect client pages [#295](https://github.com/GluuFederation/flex/issues/295) ([82e3b8f](https://github.com/GluuFederation/flex/commit/82e3b8f2ff91e2e135bb4aa17d0f160c932b0f3d))
+* **admin-ui:** write test for Openid connect client pages [#295](https://github.com/GluuFederation/flex/issues/295) ([4f3538d](https://github.com/GluuFederation/flex/commit/4f3538d556e9dd4fe7270e973b200d56947f0fdf))
+* **admin-ui:** write test for Openid connect client pages [#295](https://github.com/GluuFederation/flex/issues/295) ([237a3a5](https://github.com/GluuFederation/flex/commit/237a3a584c0eff6cac00ad84944ae7c142cd3452))
+* **admin-ui:** write test for scopes management [#300](https://github.com/GluuFederation/flex/issues/300) ([14f4c32](https://github.com/GluuFederation/flex/commit/14f4c32b353c35f896807190736e3de7698fc85d))
+* **admin-ui:** write test for scopes management [#300](https://github.com/GluuFederation/flex/issues/300) ([fde30a9](https://github.com/GluuFederation/flex/commit/fde30a9acb330d0cadbe3243a55503a42396b59f))
+* ajust customObjectClass usage in non-ldap backends ([88c9638](https://github.com/GluuFederation/flex/commit/88c963861c35b653d580a8f6432fc709c1064905))
+* alb setup ([e703c4b](https://github.com/GluuFederation/flex/commit/e703c4b62e60d3cd299ea84f471417290987bdef))
+* avoid crash at startup [#162](https://github.com/GluuFederation/flex/issues/162) ([57e106f](https://github.com/GluuFederation/flex/commit/57e106fe4c0cf5655c45ab2e252c3d4c58001041))
+* change jans-config-api-swagger.yaml path in package.json [#59](https://github.com/GluuFederation/flex/issues/59) ([0c39429](https://github.com/GluuFederation/flex/commit/0c39429cc33197e13ccafc5c9d58d654f784c5b9))
+* **chart:** fix probes for admin-ui ([a110323](https://github.com/GluuFederation/flex/commit/a11032378f150c4c878ffc38d9b1b0d7353813ec))
+* **chart:** fix typo ([9079bb5](https://github.com/GluuFederation/flex/commit/9079bb5c6d59f669e03ac8fb3ebd2e061dd4c064))
+* claims dropdown is not populated in Add/Edit scopes page [#140](https://github.com/GluuFederation/flex/issues/140) ([f42ab3b](https://github.com/GluuFederation/flex/commit/f42ab3b82da7f30c7dc4575f958a200c6b03a5a7))
+* code issue ([39badec](https://github.com/GluuFederation/flex/commit/39badec6be1a0533db4a3308adbed31859115dd5))
+* code smells ([c1ec8bf](https://github.com/GluuFederation/flex/commit/c1ec8bfda6cb19a3178a1355afbff1dbe9e5d182))
+* create oidc client not working [#129](https://github.com/GluuFederation/flex/issues/129) ([b65076c](https://github.com/GluuFederation/flex/commit/b65076c20fc465c8c89c68e6115dad9b42121739))
+* create oidc client not working [#129](https://github.com/GluuFederation/flex/issues/129) ([75abeb4](https://github.com/GluuFederation/flex/commit/75abeb491d22bbeeec278b081564fd485e3d8457))
+* create script based on Gluu one [#160](https://github.com/GluuFederation/flex/issues/160) ([c3fe27e](https://github.com/GluuFederation/flex/commit/c3fe27eb19c5b2a6fec0b44a69ef450a6caac12c))
+* delete icon hanged with bordered icon ([7b01899](https://github.com/GluuFederation/flex/commit/7b01899b169ba4baf780a23783aab1ffc80dc5cf))
+* details show for access role ([b14d288](https://github.com/GluuFederation/flex/commit/b14d288330c2c96c045c07f2df83791b032751c7))
+* download plugins with dependencies ([37d68d2](https://github.com/GluuFederation/flex/commit/37d68d2b6d4a6f99775581e247259ed6a84c7016))
+* fix malformed markup [#171](https://github.com/GluuFederation/flex/issues/171) ([78d7ca6](https://github.com/GluuFederation/flex/commit/78d7ca6fb190d0f9d4572ba9d96d1881cb156dfb))
+* fix plugins resolver ([ec76f9f](https://github.com/GluuFederation/flex/commit/ec76f9ff86522999ab3f54be47a8dbc305f1503c))
+* flex-linux-setup able to use existing jans-setup to be used as standalone script ([3ce3b58](https://github.com/GluuFederation/flex/commit/3ce3b58f8d3ac817c07f96d4bb99bb4ae0336d2a))
+* flex-linux-setup able to use existing jans-setup to be used as standalone script ([3ce3b58](https://github.com/GluuFederation/flex/commit/3ce3b58f8d3ac817c07f96d4bb99bb4ae0336d2a))
+* flex-linux-setup able to use existing jans-setup to be used as standalone script ([1d1e979](https://github.com/GluuFederation/flex/commit/1d1e97997e2f24691975179c7d7fa81cbe50f16c))
+* flex-linux-setup auiConfiguration.properties link ([dc2418e](https://github.com/GluuFederation/flex/commit/dc2418e3bee478b4eca0cb8b66087ceb86813ca3))
+* flex-linux-setup casa installation fixes ([4c1fa73](https://github.com/GluuFederation/flex/commit/4c1fa73140e55cd00e91f98ad7d484b41ffa6820))
+* flex-linux-setup casa jansPostLogoutRedirectURI ([bdcfdb7](https://github.com/GluuFederation/flex/commit/bdcfdb74c3b7bada0ccec76a984b520da614ef20))
+* flex-linux-setup casa python lib dir ([1e4752b](https://github.com/GluuFederation/flex/commit/1e4752b1d8c796e4402c2aef93cf006345d036ed))
+* flex-linux-setup change admin-ui-plugin name ([7fb45c5](https://github.com/GluuFederation/flex/commit/7fb45c5107e0585b47a95cfbc539b86caf52d4fb))
+* flex-linux-setup download links ([22cf221](https://github.com/GluuFederation/flex/commit/22cf221b344801f8efec3f239d09aabda6fa3d6e))
+* flex-linux-setup enable Casa Person Auth script ([589f8a8](https://github.com/GluuFederation/flex/commit/589f8a8a77f6a8baa6f909ac26107e4120c4f38b))
+* flex-linux-setup get py_lib_dir from Config ([1f2015b](https://github.com/GluuFederation/flex/commit/1f2015bf78bb26ffb73ef026bca96496ab9c7d70))
+* flex-linux-setup import package ([d97258a](https://github.com/GluuFederation/flex/commit/d97258a6ebc74171359c8449cd6f936bd5c9cae1))
+* flex-linux-setup more verbosity ([44abfb2](https://github.com/GluuFederation/flex/commit/44abfb2f85715f1a78453ca900e4799c484c9ffb))
+* flex-linux-setup move version to version.py ([61ecb19](https://github.com/GluuFederation/flex/commit/61ecb197de425571f15a90d17522eb1c80a7182f))
+* flex-linux-setup parser ([83d280e](https://github.com/GluuFederation/flex/commit/83d280e731197f732936d39d97de5d80f769de26))
+* flex-linux-setup pass -yes to install.py ([116b791](https://github.com/GluuFederation/flex/commit/116b791b80544ac9fe9fd4266f662b18397bea19))
+* flex-linux-setup restart jans-auth after casa ([32b4f56](https://github.com/GluuFederation/flex/commit/32b4f561f1474b1e4fdd5fddb58b3fd4b4f2ddf7))
+* flex-linux-setup set jansTrustedClnt: true in casa client ([78999c0](https://github.com/GluuFederation/flex/commit/78999c00bda6dbad607621c873239abb03fce905))
+* flex-linux-setup start casa after install ([d139354](https://github.com/GluuFederation/flex/commit/d1393544a66f31a7b2fae374335e9d49096b736e))
+* flex-linux-setup update admin-ui plugin url ([9c92b0a](https://github.com/GluuFederation/flex/commit/9c92b0ae9851a84f88b8a78215e827e23b8609bb))
+* flex-linux-setup update config-cli plugins ([d2ec21f](https://github.com/GluuFederation/flex/commit/d2ec21f25ed5ffc6f378ca9f6b61adf9acea91eb))
+* image updater ([92d5fb4](https://github.com/GluuFederation/flex/commit/92d5fb4c2e2c01b3c745279a5c354631b5e51486))
+* **image:** conform to nginx filesystem structure ([c5cf5a9](https://github.com/GluuFederation/flex/commit/c5cf5a9b3affc76ccf90a21f44644db6cad7995b))
+* **image:** update admin-ui image assets ([b92bcc6](https://github.com/GluuFederation/flex/commit/b92bcc6c4380e1aaec63e0939160cd744ffffc4a))
+* **image:** update admin-ui image assets ([b92bcc6](https://github.com/GluuFederation/flex/commit/b92bcc6c4380e1aaec63e0939160cd744ffffc4a))
+* **image:** update image manifests ([7e48528](https://github.com/GluuFederation/flex/commit/7e48528b11013e1b4f40a82d26846ff079dd6302))
+* make bean named to prevent NPE at logout [#156](https://github.com/GluuFederation/flex/issues/156) ([657288b](https://github.com/GluuFederation/flex/commit/657288b23681d80a89b1aecc891aced4b1a4fb3a))
+* mau reporting page i18n and refactoring ([3ee22a8](https://github.com/GluuFederation/flex/commit/3ee22a8d16394563d7c6da7df3c7bac6b742c188))
+* minor change ([db13fd3](https://github.com/GluuFederation/flex/commit/db13fd3ba83ac41ebbaecbe6dd699460a7aea08b))
+* **package:** fix package settings ([65453b1](https://github.com/GluuFederation/flex/commit/65453b1281709e74e2f8e5b8609a6979738e14aa))
+* permissions details not showing ([85344bf](https://github.com/GluuFederation/flex/commit/85344bfc36bca9b034cdc2ea177423300c9c01a5))
+* populate the heath status from Config-api [#287](https://github.com/GluuFederation/flex/issues/287) ([80d15c6](https://github.com/GluuFederation/flex/commit/80d15c60ccbcf9bc78c8503387f52ad99305c1f0))
+* prep for automatic chart generation ([a24cec3](https://github.com/GluuFederation/flex/commit/a24cec37c19173084ccf3dd7311adb80c1a915d4))
+* prep for automatic chart generation ([a24cec3](https://github.com/GluuFederation/flex/commit/a24cec37c19173084ccf3dd7311adb80c1a915d4))
+* prep for automatic chart generation ([b6e8cc7](https://github.com/GluuFederation/flex/commit/b6e8cc70eda8bcf020e923d32c1b0eb64d9e2738))
+* recheck code ([670984e](https://github.com/GluuFederation/flex/commit/670984e5e70ee644e4976cc8ce8c8206dce008ef))
+* redefine dates logic ([fc882ec](https://github.com/GluuFederation/flex/commit/fc882ecb1ef90790a7c0f71c80f6395b03314ad3))
+* reference jans jars for truezip [#162](https://github.com/GluuFederation/flex/issues/162) ([7677026](https://github.com/GluuFederation/flex/commit/7677026990e51259dc8ae12b4583a4fcd56af063))
+* remove bar graph ([7e5a729](https://github.com/GluuFederation/flex/commit/7e5a729b9b70e2ba128afa5ecb04e5c94ce7aa08))
+* remove conflicting lib [#162](https://github.com/GluuFederation/flex/issues/162) ([d6a2c41](https://github.com/GluuFederation/flex/commit/d6a2c415500b6567f533415dc50783dabbfa66dd))
+* remove console logs ([a983227](https://github.com/GluuFederation/flex/commit/a983227399c1f27a88cb00626f5420007810c2d5))
+* remove empty space created for response_type param in authz url created by admin ui [#55](https://github.com/GluuFederation/flex/issues/55) ([85f2ca5](https://github.com/GluuFederation/flex/commit/85f2ca5d9aae5e9daf0384aefd274c2811c3f1fa))
+* removing querystring from polyfill ([dca182d](https://github.com/GluuFederation/flex/commit/dca182d04aa2e144a325704afc1db6ced3c0d756))
+* replace ox attributes with jans [#160](https://github.com/GluuFederation/flex/issues/160) ([5f3c03c](https://github.com/GluuFederation/flex/commit/5f3c03ca8df878091404425fc800d5b055c0fc3e))
+* search pallets ([d22b09a](https://github.com/GluuFederation/flex/commit/d22b09afa234b657cc519ad37e0101f66915f61d))
+* show buttons ([45bf399](https://github.com/GluuFederation/flex/commit/45bf3997daa0dc3b8a47d8cea9d26223e91747eb))
+* some icons are not visible on admin-ui [#32](https://github.com/GluuFederation/flex/issues/32) ([93c5d12](https://github.com/GluuFederation/flex/commit/93c5d12008d28238edd6366d4cedfa03264cac09))
+* start const fix ([009aeb4](https://github.com/GluuFederation/flex/commit/009aeb4635e2fe7a9c66a8da09555312717e26f0))
+* typo fix ([957bdbb](https://github.com/GluuFederation/flex/commit/957bdbbd8e4fc7d1dc0cb69c93f8e5adccb013dc))
+* update imports OTP [#160](https://github.com/GluuFederation/flex/issues/160) ([75af40d](https://github.com/GluuFederation/flex/commit/75af40dcd1fe3eb9e092f59b78814a3c805b7ee1))
+* update readme ([2c64ca4](https://github.com/GluuFederation/flex/commit/2c64ca4c2e16598cfb5d140ec06651b44f1055f1))
+* upgrade com.squareup.okhttp:okhttp from 2.3.0 to 2.7.5 ([d6310b2](https://github.com/GluuFederation/flex/commit/d6310b211f3a4c2451161dda7831ef07ba08aa4e))
+* upgrade net.jodah:expiringmap from 0.5.8 to 0.5.10 ([c3b6dfe](https://github.com/GluuFederation/flex/commit/c3b6dfe24fc405e45275ccd4d0d4b578ef2acb28))
+* use authoriztion_url for authz request [#47](https://github.com/GluuFederation/flex/issues/47) ([40b703c](https://github.com/GluuFederation/flex/commit/40b703cc6b9ac44c66c8a8608bdc5364af79deeb))
+* use authoriztion_url for authz request [#47](https://github.com/GluuFederation/flex/issues/47) ([92f9ade](https://github.com/GluuFederation/flex/commit/92f9ade78eeb6a1affeab2786cf8aaea92e480dd))
+* use authoriztion_url for authz request [#47](https://github.com/GluuFederation/flex/issues/47) ([8d794d5](https://github.com/GluuFederation/flex/commit/8d794d56924ecff7277baac83788401df44ea775))
+* we need to refresh the custom scripts list page to see the added/edited entries [#137](https://github.com/GluuFederation/flex/issues/137) ([6ff9d2b](https://github.com/GluuFederation/flex/commit/6ff9d2b33306c0eae4db6e46d708d4fece2e12cc))
+
+
+### Miscellaneous Chores
+
+* prepare release 1.0.0-0 ([68c02f8](https://github.com/GluuFederation/flex/commit/68c02f86c98cdee46566324cb3659f1417b4b869))
+* prepare release 5.0.0-0 ([1318a2d](https://github.com/GluuFederation/flex/commit/1318a2d1882412a7464015b7b7a1f4ffec7536dd))
+* release 5.0.0-0 ([3d5cca6](https://github.com/GluuFederation/flex/commit/3d5cca6ee04c9f30212b80d9fb8f83117e06a646))

From 3d139bb167b4d0772aff6595b67c0aa1b6dbd49e Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 16:16:04 +0000
Subject: [PATCH 063/101] ci: add rancher partner chart job

---
 .github/workflows/post-to-rancher-partner-charts.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index 7dbba9aa5..33a058c97 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -18,10 +18,6 @@ jobs:
       with:
         python-version: 3.8
 
-    - name: analyze chart
-      run: |
-        sudo bash automation/janssen_helm_chart/prepare_chart.sh
-
     - name: Import GPG key
       id: import_gpg
       uses: crazy-max/ghaction-import-gpg@v4

From 27dd62899d05f0001c398fc5bddd96edc1146a0e Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 16:23:58 +0000
Subject: [PATCH 064/101] ci: chart url

---
 automation/rancher-partner-charts/package.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/automation/rancher-partner-charts/package.yaml b/automation/rancher-partner-charts/package.yaml
index 6e492bc97..5b4db22a4 100644
--- a/automation/rancher-partner-charts/package.yaml
+++ b/automation/rancher-partner-charts/package.yaml
@@ -1,2 +1,2 @@
-url: https://github.com/GluuFederation/flex/releases/download/v5.0.3/gluu-5.0.3.tgz
+url: https://github.com/GluuFederation/flex/releases/download/v5.0.0-0/gluu-5.0.3.tgz
 packageVersion: 02
\ No newline at end of file

From c5eab1599acdf0c46f156c77221db04c3d05aecf Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 15 Mar 2022 16:31:47 +0000
Subject: [PATCH 065/101] ci: fix rancher job

---
 .github/workflows/post-to-rancher-partner-charts.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index 33a058c97..3d42397c8 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -34,9 +34,6 @@ jobs:
         echo "::set-output name=version::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1 | cut -d 'v' -f 2)"
     - name: Configure Git
       run: |
-        git config user.name "mo-auto"
-        git config user.email "54212639+mo-auto@users.noreply.github.com"
-        git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
         # open branch in rancher-partner
         git clone https://github.com/rancher/partner-charts.git
         cd partner-charts
@@ -49,6 +46,9 @@ jobs:
         cp ../automation/rancher-partner-charts/questions.yaml ./packages/gluu/charts/questions.yaml
         make patch
         make clean
+        git config user.name "mo-auto"
+        git config user.email "54212639+mo-auto@users.noreply.github.com"
+        git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
         git add -A
         git commit -S -s -m "feat(gluu): patch helm package"
         make charts

From 0b2df8e4fdb4484ec05d71f7da31ce176ee55770 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Tue, 15 Mar 2022 23:23:51 +0530
Subject: [PATCH 066/101] fix: fields value not set to state

---
 .../components/Clients/ClientAdvancedPanel.js | 25 +++++++++------
 .../components/Clients/ClientBasicPanel.js    |  8 ++---
 .../components/Clients/ClientWizardForm.js    | 32 +++++++++++--------
 3 files changed, 37 insertions(+), 28 deletions(-)

diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientAdvancedPanel.js b/admin-ui/plugins/auth-server/components/Clients/ClientAdvancedPanel.js
index a43c3002e..c77c7a225 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientAdvancedPanel.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientAdvancedPanel.js
@@ -20,7 +20,7 @@ function ClientAdvancedPanel({ client, scripts, formik }) {
   const contacts = []
   const claimRedirectURI = []
   const requestUris = []
-  const authorizedOrigins = client.authorizedOrigins || []
+  const authorizedOrigins = []
   scripts = scripts
     .filter((item) => item.scriptType == 'PERSON_AUTHENTICATION')
     .filter((item) => item.enabled)
@@ -167,12 +167,13 @@ function ClientAdvancedPanel({ client, scripts, formik }) {
         <GluuLabel label="fields.show_software_settings" size={6} />
         <Col sm={2}>
           <Toggle
-            defaultChecked={softwareSection}
-            onChange={handleSoftwareSection}
+            name="softwareSection"
+            defaultChecked={client.softwareSection}
+            onChange={formik.handleChange}
           />
         </Col>
       </FormGroup>
-      {softwareSection && (
+      {client.softwareSection && (
         <GluuInputRow
           label="fields.softwareId"
           name="softwareId"
@@ -181,7 +182,7 @@ function ClientAdvancedPanel({ client, scripts, formik }) {
           doc_category={DOC_CATEGORY}
         />
       )}
-      {softwareSection && (
+      {client.softwareSection && (
         <GluuInputRow
           label="fields.softwareVersion"
           name="softwareVersion"
@@ -190,7 +191,7 @@ function ClientAdvancedPanel({ client, scripts, formik }) {
           doc_category={DOC_CATEGORY}
         />
       )}
-      {softwareSection && (
+      {client.softwareSection && (
         <GluuInputRow
           label="fields.softwareStatement"
           name="softwareStatement"
@@ -202,10 +203,14 @@ function ClientAdvancedPanel({ client, scripts, formik }) {
       <FormGroup row>
         <GluuLabel label="fields.show_ciba_settings" size={6} />
         <Col sm={6}>
-          <Toggle defaultChecked={cibaSection} onChange={handleCibaSection} />
+          <Toggle
+            name="cibaSection"
+            defaultChecked={client.cibaSection}
+            onChange={formik.handleChange}
+          />
         </Col>
       </FormGroup>
-      {cibaSection && (
+      {client.cibaSection && (
         <GluuSelectRow
           name="backchannelTokenDeliveryMode"
           label="fields.backchannelTokenDeliveryMode"
@@ -215,7 +220,7 @@ function ClientAdvancedPanel({ client, scripts, formik }) {
           doc_category={DOC_CATEGORY}
         ></GluuSelectRow>
       )}
-      {cibaSection && (
+      {client.cibaSection && (
         <GluuInputRow
           label="fields.backchannelClientNotificationEndpoint"
           name="backchannelClientNotificationEndpoint"
@@ -224,7 +229,7 @@ function ClientAdvancedPanel({ client, scripts, formik }) {
           doc_category={DOC_CATEGORY}
         />
       )}
-      {cibaSection && (
+      {client.cibaSection && (
         <GluuToogleRow
           name="backchannelUserCodeParameter"
           formik={formik}
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientBasicPanel.js b/admin-ui/plugins/auth-server/components/Clients/ClientBasicPanel.js
index 186d662b6..869b3b46d 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientBasicPanel.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientBasicPanel.js
@@ -141,12 +141,12 @@ const ClientBasicPanel = ({ client, scopes, formik }) => {
         name="expirable"
         formik={formik}
         label="fields.is_expirable_client"
-        value={expirable}
+        value={client.expirable && client.expirable.length ? true : false}
         handler={handleExpirable}
         doc_category={DOC_CATEGORY}
       />
 
-      {expirable && (
+      {client.expirable && client.expirable.length && (
         <FormGroup row>
           <GluuLabel label="client_expiration_date" size={5} />
           <Col sm={7}>
@@ -156,12 +156,12 @@ const ClientBasicPanel = ({ client, scopes, formik }) => {
               showTimeSelect
               dateFormat="yyyy-MM-dd HH:mm:aa"
               timeFormat="HH:mm:aa"
-              selected={expDate}
+              selected={client.expirationDate}
               peekNextMonth
               showMonthDropdown
               showYearDropdown
               dropdownMode="select"
-              onChange={(date) => setExpDate(date)}
+              onChange={(e) => formik.setFieldValue('expirationDate', e)}
             />
           </Col>
         </FormGroup>
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
index aa09da725..5ae40edb1 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
@@ -115,7 +115,7 @@ function ClientWizardForm({
     }
     return total.filter((item) => partial.includes(item.dn)) || []
   }
-  client.description = extractDescription(client.customAttributes || [])
+  // client.description = extractDescription(client.customAttributes || [])
   client.spontaneousScopes =
     getMapping(client.attributes.spontaneousScopes, scopes) || []
   client.introspectionScripts =
@@ -133,19 +133,19 @@ function ClientWizardForm({
     getMapping(client.attributes.postAuthnScripts, postScripts) || []
   client.rptClaimsScripts =
     getMapping(client.attributes.rptClaimsScripts, rptScripts) || []
-  client.tlsClientAuthSubjectDn = client.attributes.tlsClientAuthSubjectDn
-  client.runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims =
-    client.attributes
-      .runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims ||
-    false
-  client.backchannelLogoutSessionRequired =
-    client.attributes.backchannelLogoutSessionRequired || false
-  client.keepClientAuthorizationAfterExpiration =
-    client.attributes.keepClientAuthorizationAfterExpiration || false
-  client.allowSpontaneousScopes =
-    client.attributes.allowSpontaneousScopes || false
-  client.additionalAudience = client.attributes.additionalAudience || []
-  client.backchannelLogoutUri = client.attributes.backchannelLogoutUri
+  // client.tlsClientAuthSubjectDn = client.attributes.tlsClientAuthSubjectDn
+  // client.runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims =
+  //   client.attributes
+  //     .runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims ||
+  //   false
+  // client.backchannelLogoutSessionRequired =
+  //   client.attributes.backchannelLogoutSessionRequired || false
+  // client.keepClientAuthorizationAfterExpiration =
+  //   client.attributes.keepClientAuthorizationAfterExpiration || false
+  // client.allowSpontaneousScopes =
+  //   client.attributes.allowSpontaneousScopes || false
+  // client.additionalAudience = client.attributes.additionalAudience || []
+  // client.backchannelLogoutUri = client.attributes.backchannelLogoutUri
 
   const initialValues = {
     inum: client.inum,
@@ -164,9 +164,13 @@ function ClientWizardForm({
     tosUri: client.tosUri,
     jwksUri: client.jwksUri,
     jwks: client.jwks,
+    expirable: [],
+    expirationDate: new Date(),
     softwareStatement: client.softwareStatement,
     softwareVersion: client.softwareVersion,
     softwareId: client.softwareId,
+    softwareSection: client.softwareSection ? client.softwareSection : false,
+    cibaSection: client.cibaSection ? client.cibaSection : false,
     idTokenSignedResponseAlg: client.idTokenSignedResponseAlg,
     idTokenEncryptedResponseAlg: client.idTokenEncryptedResponseAlg,
     tokenEndpointAuthMethod: client.tokenEndpointAuthMethod,

From ef0f470618f70e04c9db847067d47ec89765da38 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Wed, 16 Mar 2022 08:31:33 +0000
Subject: [PATCH 067/101] ci: fix rancher job

---
 .github/workflows/post-to-rancher-partner-charts.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index 3d42397c8..88ec3b611 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -54,7 +54,6 @@ jobs:
         make charts
         git add -A
         git commit -S -s -m "feat(gluu): chart helm package"
-        git push --set-upstream origin gluu-flex-main-source
         MESSAGE="feat(gluu): update Gluu helm partner chart"
         BODY="This is an automated message propagated by a release in the parent Gluu chart."
         echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt

From e39943244055160e2649f76a6bc083e949a2de5b Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Wed, 16 Mar 2022 08:39:24 +0000
Subject: [PATCH 068/101] ci: fix rancher job

---
 .github/workflows/post-to-rancher-partner-charts.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index 88ec3b611..f53744492 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -54,6 +54,7 @@ jobs:
         make charts
         git add -A
         git commit -S -s -m "feat(gluu): chart helm package"
+        git push --set-upstream remote gluu-flex-main-source
         MESSAGE="feat(gluu): update Gluu helm partner chart"
         BODY="This is an automated message propagated by a release in the parent Gluu chart."
         echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt

From 50a44cf5b17dcd00a4b968c9552e3dc697655455 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Wed, 16 Mar 2022 08:40:58 +0000
Subject: [PATCH 069/101] ci: fix rancher job

---
 .github/workflows/post-to-rancher-partner-charts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index f53744492..d09055403 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -54,7 +54,7 @@ jobs:
         make charts
         git add -A
         git commit -S -s -m "feat(gluu): chart helm package"
-        git push --set-upstream remote gluu-flex-main-source
+        git push gluu-flex-main-source
         MESSAGE="feat(gluu): update Gluu helm partner chart"
         BODY="This is an automated message propagated by a release in the parent Gluu chart."
         echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt

From f1fe7044f908a8251e028f7461e233526649cc8e Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Wed, 16 Mar 2022 08:48:36 +0000
Subject: [PATCH 070/101] ci: fix rancher job

---
 .github/workflows/post-to-rancher-partner-charts.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index d09055403..ecfb731b5 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -37,7 +37,7 @@ jobs:
         # open branch in rancher-partner
         git clone https://github.com/rancher/partner-charts.git
         cd partner-charts
-        git remote set-url origin https://mo-auto:${{ secrets.MOWORKFLOWTOKEN }}@github.com/rancher/partner-charts.git
+        git remote add origin .
         git switch -c gluu-flex-main-source origin/main-source
         cp ../automation/rancher-partner-charts/package.yaml ./packages/gluu/package.yaml
         export PACKAGE=gluu
@@ -54,7 +54,7 @@ jobs:
         make charts
         git add -A
         git commit -S -s -m "feat(gluu): chart helm package"
-        git push gluu-flex-main-source
+        git push --set-upstream origin gluu-flex-main-source
         MESSAGE="feat(gluu): update Gluu helm partner chart"
         BODY="This is an automated message propagated by a release in the parent Gluu chart."
         echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt

From a21f5f8661910e33ce18334d2602a61966016f85 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Wed, 16 Mar 2022 08:54:19 +0000
Subject: [PATCH 071/101] ci: fix rancher job

---
 .github/workflows/post-to-rancher-partner-charts.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index ecfb731b5..936c52122 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -37,7 +37,6 @@ jobs:
         # open branch in rancher-partner
         git clone https://github.com/rancher/partner-charts.git
         cd partner-charts
-        git remote add origin .
         git switch -c gluu-flex-main-source origin/main-source
         cp ../automation/rancher-partner-charts/package.yaml ./packages/gluu/package.yaml
         export PACKAGE=gluu
@@ -54,7 +53,7 @@ jobs:
         make charts
         git add -A
         git commit -S -s -m "feat(gluu): chart helm package"
-        git push --set-upstream origin gluu-flex-main-source
+        git push origin gluu-flex-main-source
         MESSAGE="feat(gluu): update Gluu helm partner chart"
         BODY="This is an automated message propagated by a release in the parent Gluu chart."
         echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt

From c107c80047d4e612db9ad5e296cc9e3299b169b2 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Wed, 16 Mar 2022 12:22:31 +0000
Subject: [PATCH 072/101] ci: add params for the rancher ui

---
 .../post-to-rancher-partner-charts.yml        |  26 +++-
 .../pull_request_body.md                      |  28 ++++
 .../rancher-partner-charts/questions.yaml     | 140 +++++++++++++++---
 3 files changed, 164 insertions(+), 30 deletions(-)
 create mode 100644 automation/rancher-partner-charts/pull_request_body.md

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index 936c52122..86af3c327 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -34,10 +34,21 @@ jobs:
         echo "::set-output name=version::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1 | cut -d 'v' -f 2)"
     - name: Configure Git
       run: |
-        # open branch in rancher-partner
-        git clone https://github.com/rancher/partner-charts.git
+        git clone  https://mo-auto:${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}@github.com/mo-auto/partner-charts.git
+        git config --global user.name "mo-auto"
+        git config --global user.email "54212639+mo-auto@users.noreply.github.com"
+        #git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
         cd partner-charts
-        git switch -c gluu-flex-main-source origin/main-source
+        git remote add upstream https://github.com/rancher/partner-charts.git
+        git fetch upstream
+        # ensures current branch is main-source
+        git checkout main-source
+        # pulls all new commits made to upstream/main-source
+        git pull upstream main-source
+        # this will delete all local changes to main-source
+        git reset --hard upstream/main-source
+        # take care, this will delete all changes on the forked main-source
+        git push origin main-source --force
         cp ../automation/rancher-partner-charts/package.yaml ./packages/gluu/package.yaml
         export PACKAGE=gluu
         make prepare
@@ -45,17 +56,16 @@ jobs:
         cp ../automation/rancher-partner-charts/questions.yaml ./packages/gluu/charts/questions.yaml
         make patch
         make clean
-        git config user.name "mo-auto"
-        git config user.email "54212639+mo-auto@users.noreply.github.com"
-        git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
         git add -A
         git commit -S -s -m "feat(gluu): patch helm package"
         make charts
         git add -A
         git commit -S -s -m "feat(gluu): chart helm package"
-        git push origin gluu-flex-main-source
+        git push origin
         MESSAGE="feat(gluu): update Gluu helm partner chart"
-        BODY="This is an automated message propagated by a release in the parent Gluu chart."
+        BODY=$(<../automation/rancher-partner-charts/pull_request_body.md)
         echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt
         gh auth login --with-token < token.txt
         PR=$(gh pr create --base "main-source" --body "${BODY}" --title "${MESSAGE}")        
+
+#TODO: Add docker test before opening a PR in rancher-partner charts.
\ No newline at end of file
diff --git a/automation/rancher-partner-charts/pull_request_body.md b/automation/rancher-partner-charts/pull_request_body.md
new file mode 100644
index 000000000..8df15cc5a
--- /dev/null
+++ b/automation/rancher-partner-charts/pull_request_body.md
@@ -0,0 +1,28 @@
+# Updating Gluu flex Partner Chart
+
+This is an automated PR triggered by a release in [Gluu](https://github.com/GluuFederation/flex) charts.
+
+## Description
+
+This PR updates the Gluu official chart to rancher ui partner charts.  We reported an [issue](https://github.com/rancher/partner-charts/issues/235) regarding using dashed keys inside `questions.yaml`. 
+
+
+## Type of change
+
+- [x] Update Chart (non-breaking change which adds functionality)
+
+## How Has This Been Tested?
+
+- [x] Followed instructions regarding testing, using a docker based rancher ui setup. 
+
+**Test Configuration**:
+OS Ubuntu 20 LTS with docker 20.10. 7 and rancher 2.6.
+
+## Checklist:
+
+- [x] My code follows the style guidelines of this project
+- [x] I have performed a self-review of my own code
+- [x] I have commented my code, particularly in hard-to-understand areas
+- [x] I have made corresponding changes to the documentation
+- [x] My changes generate no new warnings during validation
+- [x] I have checked my code and corrected any misspellings
diff --git a/automation/rancher-partner-charts/questions.yaml b/automation/rancher-partner-charts/questions.yaml
index 0fd1713bc..b9768fcbf 100644
--- a/automation/rancher-partner-charts/questions.yaml
+++ b/automation/rancher-partner-charts/questions.yaml
@@ -166,6 +166,13 @@ questions:
   required: true
   label: Enable ConfigAPI
   description: "Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)."
+- variable: global.casa.enabled
+  default: false
+  type: boolean
+  group: "Optional Services"
+  required: true
+  label: Enable Casa
+  description: "Gluu Casa ('Casa') is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server."
 - variable: global.scim.enabled
   default: false
   type: boolean
@@ -726,7 +733,7 @@ questions:
   group: "NGINX"
   required: false
   show_if: "global.istio.ingress=false"
-  description: "Enable Admin UI endpoints. COMING SOON."
+  description: "Enable Admin UI endpoints."
   label: Enable Admin UI endpoints
   subquestions:
   - variable: nginx-ingress.ingress.openidConfigEnabled
@@ -736,6 +743,20 @@ questions:
     required: true
     description: "Enable endpoint /.well-known/openid-configuration"
     label: Enable endpoint /.well-known/openid-configuration
+  - variable: nginx-ingress.ingress.deviceCodeEnabled
+    default: true
+    type: boolean
+    group: "NGINX"
+    required: true
+    description: "Enable endpoint /device-code"
+    label: Enable endpoint /device-code
+  - variable: nginx-ingress.ingress.firebaseMessagingEnabled
+    default: true
+    type: boolean
+    group: "NGINX"
+    required: true
+    description: "Enable endpoint /firebase-messaging-sw.js"
+    label: Enable endpoint /firebase-messaging-sw.js
   - variable: nginx-ingress.ingress.uma2ConfigEnabled
     default: true
     type: boolean
@@ -782,10 +803,18 @@ questions:
   default: false
   type: boolean
   group: "NGINX"
-  show_if: "global.distribution=default&&global.istio.ingress=false"
+  show_if: "global.distribution=default&&global.istio.ingress=false&&global.fido2.enabled=true"
   required: true
-  description: "Enable endpoint /.well-known/fido2-configuration"
+  description: "Enable endpoint /.well-known/fido2-configuration. Enable this!"
   label: Enable endpoint /.well-known/fido2-configuration
+- variable: nginx-ingress.ingress.casaEnabled
+  default: false
+  type: boolean
+  group: "NGINX"
+  show_if: "global.distribution=default&&global.istio.ingress=false&&global.casa.enabled=true"
+  required: true
+  description: "Enable endpoint /casa. Enable this!"
+  label: Enable endpoint /casa Enable this!
 - variable: nginx-ingress.ingress.authServerProtectedToken
   default: true
   type: boolean
@@ -806,18 +835,18 @@ questions:
   default: false
   type: boolean
   group: "NGINX"
-  show_if: "global.distribution=default&&global.istio.ingress=false"
+  show_if: "global.distribution=default&&global.istio.ingress=false&&global.scim.enabled=true"
   required: true
-  description: "Enable endpoint /.well-known/scim-configuration"
-  label: Enable endpoint /.well-known/scim-configuration
+  description: "Enable endpoint /.well-known/scim-configuration. Enable this!"
+  label: Enable endpoint /.well-known/scim-configuration. Enable this!
 - variable: nginx-ingress.ingress.scimEnabled
   default: false
   type: boolean
   group: "NGINX"
-  show_if: "global.distribution=default&&global.istio.ingress=false"
+  show_if: "global.distribution=default&&global.istio.ingress=false&&global.scim.enabled=true"
   required: true
-  description: "Enable SCIM endpoints /jans-scim"
-  label: Enable SCIM endpoints /jans-scim
+  description: "Enable SCIM endpoints /jans-scim. Enable this!"
+  label: Enable SCIM endpoints /jans-scim. Enable this!
 
 # ============
 # Images group
@@ -846,11 +875,40 @@ questions:
 - variable: auth-server.image.tag
   required: true
   type: string
-  default: "1.0.0-beta.13"
+  default: "1.0.0-beta.16"
   description: "The Auth Server Image tag"
   label: Auth Server image tag
   group: "Images"
   show_if: "global.auth-server.enabled=true"
+# AdminUI
+- variable: admin-ui.image.repository
+  required: true
+  type: string
+  default: "gluufederation/admin-ui"
+  description: "The AdminUI Image repository"
+  label: The AdminUI Image repository
+  group: "Images"
+  show_if: "global.admin-ui.enabled=true"
+- variable: admin-ui.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The AdminUI Image pull policy"
+  label: AdminUI imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.admin-ui.enabled=true"
+- variable: admin-ui.image.tag
+  required: true
+  type: string
+  default: "1.0.0-0"
+  description: "The AdminUI Image tag"
+  label: AdminUI image tag
+  group: "Images"
+  show_if: "global.admin-ui.enabled=true"
 # AuthServer KeyRotation
 - variable: auth-server-key-rotation.image.repository
   required: true
@@ -875,11 +933,40 @@ questions:
 - variable: auth-server-key-rotation.image.tag
   required: true
   type: string
-  default: "1.0.0-beta.13"
+  default: "1.0.0-beta.16"
   description: "The Auth Server Image tag"
   label: Auth Server KeyRotation image tag
   group: "Images"
   show_if: "global.auth-server-key-rotation.enabled=true"
+# Casa
+- variable: casa.image.repository
+  required: true
+  type: string
+  default: "gluufederation/casa"
+  description: "The Casa Image repository"
+  label: Casa image repo
+  group: "Images"
+  show_if: "global.casa.enabled=true"
+- variable: casa.image.pullPolicy
+  required: true
+  type: enum
+  group: "Images"
+  default: IfNotPresent
+  description: "The Casa Image pull policy"
+  label: Casa imagePullPolicy
+  options:
+  - "Always"
+  - "IfNotPresent"
+  - "Never"
+  show_if: "global.casa.enabled=true"
+- variable: casa.image.tag
+  required: true
+  type: string
+  default: "5.0.0-0"
+  description: "The Casa Image tag"
+  label: Casa image tag
+  group: "Images"
+  show_if: "global.casa.enabled=true"
 # ClientAPI
 - variable: client-api.image.repository
   required: true
@@ -904,7 +991,7 @@ questions:
 - variable: client-api.image.tag
   required: true
   type: string
-  default: "1.0.0-beta.13"
+  default: "1.0.0-beta.16"
   description: "The ClientAPI Image tag"
   label: ClientAPI image tag
   group: "Images"
@@ -933,7 +1020,7 @@ questions:
 - variable: config.image.tag
   required: true
   type: string
-  default: "1.0.0-beta.13"
+  default: "1.0.0-beta.16"
   description: "The Configurator Image tag"
   label: Configurator image tag
   group: "Images"
@@ -962,7 +1049,7 @@ questions:
 - variable: config-api.image.tag
   required: true
   type: string
-  default: "1.0.0-beta.13"
+  default: "1.0.0-beta.16"
   description: "The ConfigAPI Image tag"
   label: ConfigAPI image tag
   group: "Images"
@@ -991,7 +1078,7 @@ questions:
 - variable: fido2.image.tag
   required: true
   type: string
-  default: "1.0.0-beta.13"
+  default: "1.0.0-beta.16"
   description: "The Fido2 Image tag"
   label: Fido2 image tag
   group: "Images"
@@ -1020,7 +1107,7 @@ questions:
 - variable: jackrabbit.image.tag
   required: true
   type: string
-  default: "1.0.0-beta.13"
+  default: "1.0.0-beta.16"
   description: "The Jackrabbit Image tag"
   label: Jackrabbit image tag
   group: "Images"
@@ -1078,7 +1165,7 @@ questions:
 - variable: persistence.image.tag
   required: true
   type: string
-  default: "1.0.0-beta.13"
+  default: "1.0.0-beta.16"
   description: "The Persistence Image tag"
   label: Persistence image tag
   group: "Images"
@@ -1107,7 +1194,7 @@ questions:
 - variable: scim.image.tag
   required: true
   type: string
-  default: "1.0.0-beta.13"
+  default: "1.0.0-beta.16"
   description: "The SCIM Image tag"
   label: SCIM image tag
   group: "Images"
@@ -1125,6 +1212,15 @@ questions:
   label: Auth-server Replicas
   description: "Service replica number."
   show_if: "global.auth-server.enabled=true"
+# Casa
+- variable: casa.replicas
+  default: 1
+  required: false
+  type: int
+  group: "Replicas"
+  label: Casa Replicas
+  description: "Service replica number."
+  show_if: "global.auth-server.enabled=true"
 # ClientAPI
 - variable: client-api.replicas
   default: 1
@@ -1143,15 +1239,15 @@ questions:
   label: ConfigAPI Replicas
   description: "Service replica number."
   show_if: "global.config-api.enabled=true"
-# ConfigAPI
-- variable: config-api.replicas
+# AdminUi
+- variable: admin-ui.replicas
   default: 1
   required: false
   type: int
   group: "Replicas"
-  label: ConfigAPI Replicas
+  label: Admin UI Replicas
   description: "Service replica number."
-  show_if: "global.config-api.enabled=true"
+  show_if: "global.admin-ui.enabled=true"
 # Fido2
 - variable: fido2.replicas
   default: 1

From 2413660f40586ac7c2c530b5f9676df18ca43dc9 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Wed, 16 Mar 2022 12:24:48 +0000
Subject: [PATCH 073/101] ci: add params for the rancher ui

---
 .github/workflows/post-to-rancher-partner-charts.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index 86af3c327..f54ca5324 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -34,7 +34,7 @@ jobs:
         echo "::set-output name=version::$(curl https://api.github.com/repos/${{ github.repository }}/releases -s | grep "tag_name" | cut -d '"' -f 4 | grep -o '^\v.*' | head -n 1 | cut -d 'v' -f 2)"
     - name: Configure Git
       run: |
-        git clone  https://mo-auto:${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}@github.com/mo-auto/partner-charts.git
+        git clone  https://mo-auto:${{ secrets.MOWORKFLOWTOKEN }}@github.com/mo-auto/partner-charts.git
         git config --global user.name "mo-auto"
         git config --global user.email "54212639+mo-auto@users.noreply.github.com"
         #git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
@@ -64,7 +64,7 @@ jobs:
         git push origin
         MESSAGE="feat(gluu): update Gluu helm partner chart"
         BODY=$(<../automation/rancher-partner-charts/pull_request_body.md)
-        echo "${{ secrets.MOAUTO4_WORKFLOW_TOKEN }}" > token.txt
+        echo "${{ secrets.MOWORKFLOWTOKEN }}" > token.txt
         gh auth login --with-token < token.txt
         PR=$(gh pr create --base "main-source" --body "${BODY}" --title "${MESSAGE}")        
 

From 141663cff0c1bc91d23e29034d28fad4e05d6095 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Wed, 16 Mar 2022 12:28:00 +0000
Subject: [PATCH 074/101] ci: set signing key

---
 .github/workflows/post-to-rancher-partner-charts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index f54ca5324..70cb83e68 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -37,7 +37,7 @@ jobs:
         git clone  https://mo-auto:${{ secrets.MOWORKFLOWTOKEN }}@github.com/mo-auto/partner-charts.git
         git config --global user.name "mo-auto"
         git config --global user.email "54212639+mo-auto@users.noreply.github.com"
-        #git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
+        git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}"
         cd partner-charts
         git remote add upstream https://github.com/rancher/partner-charts.git
         git fetch upstream

From 29feb73a7292e8e3fdc59c37661328e7cf757165 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Wed, 16 Mar 2022 12:41:40 +0000
Subject: [PATCH 075/101] ci: add dependabot

---
 .github/dependabot.yml | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..2c7d17083
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

From 59fcf22361442e7edd70c09b2f20ff17b2e7bba4 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Wed, 16 Mar 2022 23:06:19 +0530
Subject: [PATCH 076/101] fix: edit params mapping correct

---
 .../Clients/ClientAttributesPanel.js          |  2 +-
 .../components/Clients/ClientWizardForm.js    | 28 +++++++++++++------
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientAttributesPanel.js b/admin-ui/plugins/auth-server/components/Clients/ClientAttributesPanel.js
index 5b0fec757..2f4ea90a9 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientAttributesPanel.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientAttributesPanel.js
@@ -1,5 +1,5 @@
 import React from 'react'
-import { Container} from '../../../../app/components'
+import { Container } from '../../../../app/components'
 import GluuBooleanSelectBox from '../../../../app/routes/Apps/Gluu/GluuBooleanSelectBox'
 import GluuInputRow from '../../../../app/routes/Apps/Gluu/GluuInputRow'
 import GluuTypeAheadWithAdd from '../../../../app/routes/Apps/Gluu/GluuTypeAheadWithAdd'
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
index 5ae40edb1..1c515d281 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
@@ -165,7 +165,7 @@ function ClientWizardForm({
     jwksUri: client.jwksUri,
     jwks: client.jwks,
     expirable: [],
-    expirationDate: new Date(),
+    expirationDate: client.expirationDate,
     softwareStatement: client.softwareStatement,
     softwareVersion: client.softwareVersion,
     softwareId: client.softwareId,
@@ -183,6 +183,16 @@ function ClientWizardForm({
     userInfoSignedResponseAlg: client.userInfoSignedResponseAlg,
     userInfoEncryptedResponseEnc: client.userInfoEncryptedResponseEnc,
     authenticationMethod: client.authenticationMethod,
+    idTokenTokenBindingCnf: client.idTokenTokenBindingCnf,
+    backchannelUserCodeParameter: client.backchannelUserCodeParameter,
+    refreshTokenLifetime: client.refreshTokenLifetime,
+    defaultMaxAge: client.defaultMaxAge,
+    accessTokenLifetime: client.accessTokenLifetime,
+    backchannelTokenDeliveryMode: client.backchannelTokenDeliveryMode,
+    backchannelClientNotificationEndpoint:
+      client.backchannelClientNotificationEndpoint,
+    frontChannelLogoutUri: client.frontChannelLogoutUri,
+
     backchannelUserCodeParameter: client.backchannelUserCodeParameter,
     policyUri: client.policyUri,
     logoURI: client.logoURI,
@@ -200,22 +210,24 @@ function ClientWizardForm({
     oxAuthClaims: client.oxAuthClaims,
     customAttributes: client.customAttributes,
     attributes: client.attributes,
-    tlsClientAuthSubjectDn: client.tlsClientAuthSubjectDn,
+    tlsClientAuthSubjectDn: client.attributes.tlsClientAuthSubjectDn,
     frontChannelLogoutSessionRequired: client.frontChannelLogoutSessionRequired,
     runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims:
-      client.runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims,
-    backchannelLogoutSessionRequired: client.backchannelLogoutSessionRequired,
+      client.attributes
+        .runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims,
+    backchannelLogoutSessionRequired:
+      client.attributes.backchannelLogoutSessionRequired,
     keepClientAuthorizationAfterExpiration:
-      client.keepClientAuthorizationAfterExpiration,
-    allowSpontaneousScopes: client.allowSpontaneousScopes,
+      client.attributes.keepClientAuthorizationAfterExpiration,
+    allowSpontaneousScopes: client.attributes.allowSpontaneousScopes,
     spontaneousScopes: client.spontaneousScopes,
     introspectionScripts: client.introspectionScripts,
     spontaneousScopeScriptDns: client.spontaneousScopeScriptDns,
     consentGatheringScripts: client.consentGatheringScripts,
     postAuthnScripts: client.postAuthnScripts,
     rptClaimsScripts: client.rptClaimsScripts,
-    additionalAudience: client.additionalAudience,
-    backchannelLogoutUri: client.backchannelLogoutUri,
+    additionalAudience: client.attributes.additionalAudience,
+    backchannelLogoutUri: client.attributes.backchannelLogoutUri,
     customObjectClasses: client.customObjectClasses,
     requireAuthTime: client.requireAuthTime,
     trustedClient: client.trustedClient,

From 285e3bdba66250eb8895b7231fd7a9376f921709 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Wed, 16 Mar 2022 22:55:49 +0300
Subject: [PATCH 077/101] fix: flex-linux-setup url of casa extrnal files

---
 flex-linux-setup/flex_linux_setup/flex_setup.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py
index 66e02f1db..3d4470b9c 100755
--- a/flex-linux-setup/flex_linux_setup/flex_setup.py
+++ b/flex-linux-setup/flex_linux_setup/flex_setup.py
@@ -152,7 +152,7 @@ def download_files(self):
         base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/server/src/main/resources/log4j2.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_path, verbose=True)
         base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/plugins/admin-ui-plugin/config/log4j2-adminui.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_adminui_path, verbose=True)
         base.download('https://github.com/GluuFederation/flex/archive/refs/heads/{}.zip'.format(app_versions['FLEX_BRANCH']), self.flex_path, verbose=True)
-        base.download('https://github.com/GluuFederation/casa/raw/gluu_cloud/extras/casa_web_resources.xml', self.casa_web_resources_fn, verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa_web_resources.xml', self.casa_web_resources_fn, verbose=True)
         base.download('https://maven.gluu.org/maven/org/gluu/casa/{0}/casa-{0}.war'.format(app_versions['CASA_VERSION']), self.casa_war_fn, verbose=True)
         base.download('https://maven.gluu.org/maven/org/gluu/casa-config/{0}/casa-config-{0}.jar'.format(app_versions['CASA_VERSION']), self.casa_config_fn, verbose=True)
         base.download('https://repo1.maven.org/maven2/com/twilio/sdk/twilio/{0}/twilio-{0}.jar'.format(app_versions['TWILIO_VERSION']), self.twillo_fn, verbose=True)
@@ -161,7 +161,6 @@ def download_files(self):
         base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_otp.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_otp.py'), verbose=True)
         base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_super_gluu.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_super_gluu.py'), verbose=True)
         base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_twilio_sms.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_twilio_sms.py'), verbose=True)
-        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_u2f.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_u2f.py'), verbose=True)
 
 
     def install_gluu_admin_ui(self):

From 6e3e6986ddbe7febb26615c71f8332b3de60f35e Mon Sep 17 00:00:00 2001
From: Jose <bonustrack310@gmail.com>
Date: Wed, 16 Mar 2022 19:15:27 -0500
Subject: [PATCH 078/101] fix: update plugin due to removal of associatedPerson
 in DB schema #17

---
 casa/extras/Casa.py                           |  2 +-
 .../plugins/consent/AuthorizedClientsVM.java  |  7 -----
 .../service/ClientAuthorizationsService.java  |  7 ++++-
 .../consent/service/ClientService.java        | 31 -------------------
 .../src/main/resources/assets/index.zul       |  6 +---
 .../main/resources/labels/zk-label.properties |  1 -
 .../java/org/gluu/casa/core/model/Client.java | 11 -------
 7 files changed, 8 insertions(+), 57 deletions(-)
 delete mode 100644 casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/service/ClientService.java

diff --git a/casa/extras/Casa.py b/casa/extras/Casa.py
index cefaa6106..2ff236f85 100644
--- a/casa/extras/Casa.py
+++ b/casa/extras/Casa.py
@@ -609,7 +609,7 @@ def getGeolocation(self, identity):
 
         session_attributes = identity.getSessionId().getSessionAttributes()
         if session_attributes.containsKey("remote_ip"):
-            remote_ip = session_attributes.get("remote_ip")
+            remote_ip = session_attributes.get("remote_ip").split(",", 2)[0].strip()
             if StringHelper.isNotEmpty(remote_ip):
 
                 httpService = CdiUtil.bean(HttpService)
diff --git a/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/AuthorizedClientsVM.java b/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/AuthorizedClientsVM.java
index 9ccc789ee..bd734a0a5 100644
--- a/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/AuthorizedClientsVM.java
+++ b/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/AuthorizedClientsVM.java
@@ -3,7 +3,6 @@
 import org.gluu.casa.core.model.Client;
 import org.gluu.casa.core.model.Scope;
 import org.gluu.casa.plugins.consent.service.ClientAuthorizationsService;
-import org.gluu.casa.plugins.consent.service.ClientService;
 import org.gluu.casa.core.pojo.User;
 import org.gluu.casa.service.ISessionContext;
 import org.gluu.casa.ui.UIUtils;
@@ -30,7 +29,6 @@ public class AuthorizedClientsVM {
     private ISessionContext sessionContext;
 
     private User user;
-    private ClientService clientService;
     private ClientAuthorizationsService caService;
     private Map<Client, Set<Scope>> clients;
 
@@ -43,14 +41,9 @@ public void init() {
         logger.info("Authorized Clients ViewModel inited");
         user = sessionContext.getLoggedUser();
         caService = new ClientAuthorizationsService();
-        clientService = new ClientService();
         reloadClients();
     }
 
-    public String getAssociatedPeopleAsCSV(Client client) {
-        return clientService.getAssociatedPeople(client).stream().collect(Collectors.joining(", "));
-    }
-
     public String getContactEmailsAsCSV(Client client) {
         return client.getContacts().stream().collect(Collectors.joining(", "));
     }
diff --git a/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/service/ClientAuthorizationsService.java b/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/service/ClientAuthorizationsService.java
index 8e21d38ee..ae48d2479 100644
--- a/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/service/ClientAuthorizationsService.java
+++ b/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/service/ClientAuthorizationsService.java
@@ -36,6 +36,11 @@ public Map<Client, Set<Scope>> getUserClientPermissions(String userId) {
         caSample.setUserId(userId);
         List<ClientAuthorization> authorizations = persistenceService.find(caSample);
 
+        int caEntries = authorizations.size();
+        logger.debug("{} client-authorization entries found", caEntries);
+        
+        if (caEntries == 0) return Collections.emptyMap();
+
         //Obtain client ids from all this user's client authorizations
         Set<String> clientIds = authorizations.stream().map(ClientAuthorization::getJansClntId).collect(Collectors.toSet());
 
@@ -80,7 +85,7 @@ public void removeClientAuthorizations(String userId, String userName, String cl
 
         logger.info("Removing client authorizations for user {}", userName);
         //Here we ignore the return value of deletion
-        persistenceService.find(caSample).forEach(auth -> persistenceService.delete(auth));
+        persistenceService.find(caSample).forEach(persistenceService::delete);
 
         Token sampleToken = new Token();
         sampleToken.setBaseDn(TOKENS_DN);
diff --git a/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/service/ClientService.java b/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/service/ClientService.java
deleted file mode 100644
index f0a5e04fd..000000000
--- a/casa/plugins/client-authorizations/src/main/java/org/gluu/casa/plugins/consent/service/ClientService.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package org.gluu.casa.plugins.consent.service;
-
-import org.gluu.casa.core.model.BasePerson;
-import org.gluu.casa.core.model.Client;
-import org.gluu.casa.misc.Utils;
-import org.gluu.casa.service.IPersistenceService;
-
-import java.util.List;
-import java.util.stream.Collectors;
-
-/**
- * Small utility for OpenID clients
- * @author jgomer
- */
-public class ClientService {
-
-    private IPersistenceService persistenceService;
-
-    public ClientService() {
-        persistenceService = Utils.managedBean(IPersistenceService.class);
-    }
-
-    public List<String> getAssociatedPeople(Client client) {
-        List<String> dns = client.getAssociatedPeople();
-
-        return dns.stream().map(dn -> persistenceService.get(BasePerson.class, dn))
-                .filter(person -> person != null).map(BasePerson::getUid).collect(Collectors.toList());
-
-    }
-
-}
diff --git a/casa/plugins/client-authorizations/src/main/resources/assets/index.zul b/casa/plugins/client-authorizations/src/main/resources/assets/index.zul
index 68dfa90f8..3f284aba4 100644
--- a/casa/plugins/client-authorizations/src/main/resources/assets/index.zul
+++ b/casa/plugins/client-authorizations/src/main/resources/assets/index.zul
@@ -50,10 +50,6 @@
                                                 <h:a href="@load(each.key.jansClntURI)" target="_blank">${each.key.jansClntURI}</h:a>
                                             </dd>
                                         </z:div>
-                                        <z:div class="flex flex-wrap" visible="@load(not empty vm.getAssociatedPeopleAsCSV(each.key))">
-                                            <dt class="w4">${labels.clients.authorized.associated}</dt>
-                                            <dd>${vm.getAssociatedPeopleAsCSV(each.key)}</dd>
-                                        </z:div>
                                         <z:div class="flex flex-wrap" visible="@load(not empty vm.getContactEmailsAsCSV(each.key))">
                                             <dt class="w4">${labels.clients.authorized.emails}</dt>
                                             <dd>${vm.getContactEmailsAsCSV(each.key)}</dd>
@@ -67,7 +63,7 @@
                                         <z:div class="flex flex-wrap" visible="@load(not empty each.key.tosURI)">
                                             <dt class="w4">${labels.clients.authorized.tos}</dt>
                                             <dd>
-                                                <h:href href="@load(each.key.tosURI)">${each.key.tosURI}</h:href>
+                                                <h:a href="@load(each.key.tosURI)">${each.key.tosURI}</h:a>
                                             </dd>
                                         </z:div>
                                     </dl>
diff --git a/casa/plugins/client-authorizations/src/main/resources/labels/zk-label.properties b/casa/plugins/client-authorizations/src/main/resources/labels/zk-label.properties
index 412f2d4e2..1cf056d01 100644
--- a/casa/plugins/client-authorizations/src/main/resources/labels/zk-label.properties
+++ b/casa/plugins/client-authorizations/src/main/resources/labels/zk-label.properties
@@ -6,7 +6,6 @@ clients.authorized.panel_text=You have granted {0} applications access to your a
 clients.authorized.panel_text_noapps=There are no authorized applications currently.
 
 clients.authorized.homepage=Client homepage
-clients.authorized.associated=Associated people
 clients.authorized.emails=Contact email(s)
 clients.authorized.policy=Policy
 clients.authorized.tos=Terms of service
diff --git a/casa/shared/src/main/java/org/gluu/casa/core/model/Client.java b/casa/shared/src/main/java/org/gluu/casa/core/model/Client.java
index 7161884f2..e11f9c9e9 100644
--- a/casa/shared/src/main/java/org/gluu/casa/core/model/Client.java
+++ b/casa/shared/src/main/java/org/gluu/casa/core/model/Client.java
@@ -14,9 +14,6 @@
 @ObjectClass("jansClnt")
 public class Client extends InumEntry {
 
-    @AttributeName(name = "associatedPerson")
-    private List<String> associatedPeople;
-
     @AttributeName
     private String displayName;
 
@@ -46,10 +43,6 @@ public void setJansClntIdIssuedAt(String jansClntIdIssuedAt) {
         this.jansClntIdIssuedAt = jansClntIdIssuedAt;
     }
 
-    public List<String> getAssociatedPeople() {
-        return Utils.nonNullList(associatedPeople);
-    }
-
     public String getDisplayName() {
         return displayName;
     }
@@ -83,10 +76,6 @@ public String getAlternativeID() {
                 .map(str -> str.replaceAll("\\W","")).orElse (null);
     }
 
-    public void setAssociatedPeople(List<String> associatedPeople) {
-        this.associatedPeople = associatedPeople;
-    }
-
     public void setDisplayName(String displayName) {
         this.displayName = displayName;
     }

From 1b08d60583430e514f9317dde9c5b970efd953e1 Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Thu, 17 Mar 2022 15:40:55 +0530
Subject: [PATCH 079/101] fix: scriptType dropdowns is not working perfectly in
 Script-List and Add Script page #155

---
 .../Apps/Gluu/GluuCustomScriptSearch.js       |  3 ++-
 .../CustomScripts/CustomScriptForm.js         |  8 +++---
 .../CustomScripts/ScriptListPage.js           |  1 +
 .../components/CustomScripts/scriptTypes.js   | 27 +++++++++++++++++++
 4 files changed, 33 insertions(+), 6 deletions(-)
 create mode 100644 admin-ui/plugins/admin/components/CustomScripts/scriptTypes.js

diff --git a/admin-ui/app/routes/Apps/Gluu/GluuCustomScriptSearch.js b/admin-ui/app/routes/Apps/Gluu/GluuCustomScriptSearch.js
index 3a02c8c21..1385f1748 100644
--- a/admin-ui/app/routes/Apps/Gluu/GluuCustomScriptSearch.js
+++ b/admin-ui/app/routes/Apps/Gluu/GluuCustomScriptSearch.js
@@ -13,6 +13,7 @@ function GluuCustomScriptSearch({
   limitId,
   typeId,
   limit,
+  scriptType,
 }) {
   const { t } = useTranslation()
   return (
@@ -27,7 +28,7 @@ function GluuCustomScriptSearch({
       />
       &nbsp;
       <InputGroup style={{ width: '210px' }}>
-        <CustomInput type="select"   data-testid={typeId}  id={typeId} onChange={handler}>
+        <CustomInput type="select"   data-testid={typeId}  id={typeId} defaultValue={scriptType} onChange={handler}>
           <option>PERSON_AUTHENTICATION</option>
           <option>INTROSPECTION</option>
           <option>RESOURCE_OWNER_PASSWORD_CREDENTIALS</option>
diff --git a/admin-ui/plugins/admin/components/CustomScripts/CustomScriptForm.js b/admin-ui/plugins/admin/components/CustomScripts/CustomScriptForm.js
index bf7a56383..a0591985d 100644
--- a/admin-ui/plugins/admin/components/CustomScripts/CustomScriptForm.js
+++ b/admin-ui/plugins/admin/components/CustomScripts/CustomScriptForm.js
@@ -18,13 +18,13 @@ import GluuCommitDialog from '../../../../app/routes/Apps/Gluu/GluuCommitDialog'
 import GluuTooltip from '../../../../app/routes/Apps/Gluu/GluuTooltip'
 import { SCRIPT } from '../../../../app/utils/ApiResources'
 import { useTranslation } from 'react-i18next'
+import items from './scriptTypes'
 
 function CustomScriptForm({ item, scripts, handleSubmit }) {
   const { t } = useTranslation()
   const [init, setInit] = useState(false)
   const [modal, setModal] = useState(false)
   const [scriptTypeState, setScriptTypeState] = useState(item.scriptType)
-  const scriptTypes = [...new Set(scripts.map((anItem) => anItem.scriptType))]
   const [scriptPath, setScriptPath] = useState(() =>
   {
     if (!item.moduleProperties) {
@@ -293,10 +293,8 @@ function CustomScriptForm({ item, scripts, handleSubmit }) {
                 }}
               >
                 <option value="">{t('options.choose')}...</option>
-                {scriptTypes.map((itemCandidate, index) => (
-                  <option key={index} value={itemCandidate}>
-                    {itemCandidate}
-                  </option>
+                {items.map((ele, item) => (
+                  <option key={index} value={ele.name}>{ele.name}</option>
                 ))}
               </CustomInput>
             </InputGroup>
diff --git a/admin-ui/plugins/admin/components/CustomScripts/ScriptListPage.js b/admin-ui/plugins/admin/components/CustomScripts/ScriptListPage.js
index c62d0519a..5404cef0e 100644
--- a/admin-ui/plugins/admin/components/CustomScripts/ScriptListPage.js
+++ b/admin-ui/plugins/admin/components/CustomScripts/ScriptListPage.js
@@ -92,6 +92,7 @@ function ScriptListTable({ scripts, loading, dispatch, permissions }) {
           limit={limit}
           typeId={TYPE_ID}
           patternId={PATTERN_ID}
+          scriptType={type}
           handler={handleOptionsChange}
         />
       ),
diff --git a/admin-ui/plugins/admin/components/CustomScripts/scriptTypes.js b/admin-ui/plugins/admin/components/CustomScripts/scriptTypes.js
new file mode 100644
index 000000000..b26630fbe
--- /dev/null
+++ b/admin-ui/plugins/admin/components/CustomScripts/scriptTypes.js
@@ -0,0 +1,27 @@
+export const items = [
+    {name: "PERSON_AUTHENTICATION"},
+    {name: "INTROSPECTION"},
+    {name: "RESOURCE_OWNER_PASSWORD_CREDENTIALS"},
+    {name: "APPLICATION_SESSION"},
+    {name: "CACHE_REFRESH"},
+    {name: "UPDATE_USER"},
+    {name: "USER_REGISTRATION"},
+    {name: "CLIENT_REGISTRATION"},
+    {name: "ID_GENERATOR"},
+    {name: "UMA_RPT_POLICY"},
+    {name: "UMA_RPT_CLAIMS"},
+    {name: "UMA_CLAIMS_GATHERING"},
+    {name: "CONSENT_GATHERING"},
+    {name: "DYNAMIC_SCOPE"},
+    {name: "SPONTANEOUS_SCOPE"},
+    {name: "END_SESSION"},
+    {name: "POST_AUTHN"},
+    {name: "SCIM"},
+    {name: "CIBA_END_USER_NOTIFICATION"},
+    {name: "REVOKE_TOKEN"},
+    {name: "PERSISTENCE_EXTENSION"},
+    {name: "IDP"},
+    {name: "UPDATE_TOKEN"},
+];
+
+export default items
\ No newline at end of file

From beed6d584e5860a3c917a04f6ea84bc6a842d38a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Mar 2022 11:40:18 +0000
Subject: [PATCH 080/101] chore(deps): bump actions/checkout from 2 to 3 (#150)

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/central_code_quality_check.yml     | 2 +-
 .github/workflows/codeql-analysis.yml                | 2 +-
 .github/workflows/commit-check.yml                   | 2 +-
 .github/workflows/docker_build_image.yml             | 2 +-
 .github/workflows/post-to-rancher-partner-charts.yml | 2 +-
 .github/workflows/releaseplease.yml                  | 6 +++---
 .github/workflows/testcases.yml                      | 2 +-
 .github/workflows/update_janssen_helm_chart.yml      | 2 +-
 .github/workflows/uploadrelease.yml                  | 2 +-
 9 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/central_code_quality_check.yml b/.github/workflows/central_code_quality_check.yml
index 5e037dd65..9bc940ed6 100644
--- a/.github/workflows/central_code_quality_check.yml
+++ b/.github/workflows/central_code_quality_check.yml
@@ -39,7 +39,7 @@ jobs:
 
     steps:
       - name: check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of sonarqube analysis
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 465480576..5259b0547 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -26,7 +26,7 @@ jobs:
         language: [ 'javascript', 'python', 'java' ]
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/commit-check.yml b/.github/workflows/commit-check.yml
index 3417b5312..2a9e408e4 100644
--- a/.github/workflows/commit-check.yml
+++ b/.github/workflows/commit-check.yml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Project
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           # We need to fetch with a depth of 2 for pull_request so we can do HEAD^2
           fetch-depth: 2
diff --git a/.github/workflows/docker_build_image.yml b/.github/workflows/docker_build_image.yml
index 59eb785d3..abf770f9b 100644
--- a/.github/workflows/docker_build_image.yml
+++ b/.github/workflows/docker_build_image.yml
@@ -44,7 +44,7 @@ jobs:
         docker-images: ["casa", "admin-ui"]
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index 70cb83e68..0d0fa4ba4 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@master
+      uses: actions/checkout@v3
 
     - name: Set up Python 3.8
       uses: actions/setup-python@v3.0.0
diff --git a/.github/workflows/releaseplease.yml b/.github/workflows/releaseplease.yml
index 465404864..48949165c 100644
--- a/.github/workflows/releaseplease.yml
+++ b/.github/workflows/releaseplease.yml
@@ -11,7 +11,7 @@ jobs:
         simple: [ "docker-casa", "docker-admin-ui", "casa"]
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         fetch-depth: 0
 
@@ -49,7 +49,7 @@ jobs:
         python-projects: ["flex-cn-setup", "flex-linux-setup"]
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         fetch-depth: 0
 
@@ -87,7 +87,7 @@ jobs:
         node-projects: ["admin-ui"]
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         fetch-depth: 0
 
diff --git a/.github/workflows/testcases.yml b/.github/workflows/testcases.yml
index 6265e2181..eea74c548 100644
--- a/.github/workflows/testcases.yml
+++ b/.github/workflows/testcases.yml
@@ -22,7 +22,7 @@ jobs:
       matrix:
         python-version: [3.7]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v2
       with:
diff --git a/.github/workflows/update_janssen_helm_chart.yml b/.github/workflows/update_janssen_helm_chart.yml
index cc626f219..532824318 100644
--- a/.github/workflows/update_janssen_helm_chart.yml
+++ b/.github/workflows/update_janssen_helm_chart.yml
@@ -13,7 +13,7 @@ jobs:
       HELM_DOCS_VERSION: "1.7.0"
     steps:
       - name: Checkout code
-        uses: actions/checkout@master
+        uses: actions/checkout@v3
 
       - name: Set up Python 3.7
         uses: actions/setup-python@v2.3.1
diff --git a/.github/workflows/uploadrelease.yml b/.github/workflows/uploadrelease.yml
index d9cd27798..400deb055 100644
--- a/.github/workflows/uploadrelease.yml
+++ b/.github/workflows/uploadrelease.yml
@@ -39,7 +39,7 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@master
+      uses: actions/checkout@v3
     - name: Set up Python 3.8
       uses: actions/setup-python@v3.0.0
       with:

From 49ab6129e468cbc891b7b776d91476fba57e6d06 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Mar 2022 11:40:49 +0000
Subject: [PATCH 081/101] chore(deps): bump actions/setup-java from 2.5.0 to 3
 (#152)

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.5.0 to 3.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v2.5.0...v3)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/central_code_quality_check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/central_code_quality_check.yml b/.github/workflows/central_code_quality_check.yml
index 9bc940ed6..9963128fd 100644
--- a/.github/workflows/central_code_quality_check.yml
+++ b/.github/workflows/central_code_quality_check.yml
@@ -65,7 +65,7 @@ jobs:
 
       - name: Set up JDK 11
         if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module)
-        uses: actions/setup-java@v2.5.0
+        uses: actions/setup-java@v3
         with:
           java-version: '11'
           distribution: 'adopt'

From f96f9cb39b6732777540e92aecdbd79843edffc3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Mar 2022 11:41:10 +0000
Subject: [PATCH 082/101] chore(deps): bump codecov/codecov-action from 1 to
 2.1.0 (#151)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 2.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v2.1.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/testcases.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/testcases.yml b/.github/workflows/testcases.yml
index eea74c548..3b9c183bf 100644
--- a/.github/workflows/testcases.yml
+++ b/.github/workflows/testcases.yml
@@ -35,7 +35,7 @@ jobs:
       run: |
         tox
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v1
+      uses: codecov/codecov-action@v2.1.0
       with:
         file: ./coverage.xml
         files: ./coverage1.xml,./coverage2.xml

From c5143bf82119ea0e3b0ffa704a4746e2e03e7da1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Mar 2022 11:41:37 +0000
Subject: [PATCH 083/101] chore(deps): bump actions/setup-python from 2.3.1 to
 3 (#149)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2.3.1...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/docker_build_image.yml             | 2 +-
 .github/workflows/post-to-rancher-partner-charts.yml | 2 +-
 .github/workflows/testcases.yml                      | 2 +-
 .github/workflows/update_janssen_helm_chart.yml      | 2 +-
 .github/workflows/uploadrelease.yml                  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/docker_build_image.yml b/.github/workflows/docker_build_image.yml
index abf770f9b..2cf5ad718 100644
--- a/.github/workflows/docker_build_image.yml
+++ b/.github/workflows/docker_build_image.yml
@@ -100,7 +100,7 @@ jobs:
       # UPDATE BUILD DATES INSIDE THE DOCKERFILE BEFORE BUILDING THE DEV IMAGES TRIGGERED BY JENKINS
       - name: Setup Python 3.7
         if: github.event_name == 'workflow_dispatch'
-        uses: actions/setup-python@v2.3.1
+        uses: actions/setup-python@v3
         with:
           python-version: 3.7
 
diff --git a/.github/workflows/post-to-rancher-partner-charts.yml b/.github/workflows/post-to-rancher-partner-charts.yml
index 0d0fa4ba4..f617e9536 100644
--- a/.github/workflows/post-to-rancher-partner-charts.yml
+++ b/.github/workflows/post-to-rancher-partner-charts.yml
@@ -14,7 +14,7 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Set up Python 3.8
-      uses: actions/setup-python@v3.0.0
+      uses: actions/setup-python@v3
       with:
         python-version: 3.8
 
diff --git a/.github/workflows/testcases.yml b/.github/workflows/testcases.yml
index 3b9c183bf..f6c73cd3a 100644
--- a/.github/workflows/testcases.yml
+++ b/.github/workflows/testcases.yml
@@ -24,7 +24,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v3
       with:
         python-version: ${{ matrix.python-version }}
     - name: Install dependencies
diff --git a/.github/workflows/update_janssen_helm_chart.yml b/.github/workflows/update_janssen_helm_chart.yml
index 532824318..840afb5f8 100644
--- a/.github/workflows/update_janssen_helm_chart.yml
+++ b/.github/workflows/update_janssen_helm_chart.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up Python 3.7
-        uses: actions/setup-python@v2.3.1
+        uses: actions/setup-python@v3
         with:
           python-version: 3.7
 
diff --git a/.github/workflows/uploadrelease.yml b/.github/workflows/uploadrelease.yml
index 400deb055..64fbdcd73 100644
--- a/.github/workflows/uploadrelease.yml
+++ b/.github/workflows/uploadrelease.yml
@@ -41,7 +41,7 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v3
     - name: Set up Python 3.8
-      uses: actions/setup-python@v3.0.0
+      uses: actions/setup-python@v3
       with:
         python-version: 3.8
 

From 1d8f3d140f46ffaf4598cfb1ac73e27d359aaaa3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Mar 2022 11:42:27 +0000
Subject: [PATCH 084/101] chore(deps): bump actions/setup-node from 2.4.1 to 3
 (#148)

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.4.1 to 3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.4.1...v3)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/commit-check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/commit-check.yml b/.github/workflows/commit-check.yml
index 2a9e408e4..ced3af3db 100644
--- a/.github/workflows/commit-check.yml
+++ b/.github/workflows/commit-check.yml
@@ -27,7 +27,7 @@ jobs:
           # We need to fetch with a depth of 2 for pull_request so we can do HEAD^2
           fetch-depth: 2
 
-      - uses: actions/setup-node@v2.4.1
+      - uses: actions/setup-node@v3
         with:
           node-version: 14
       - run: |

From 1cac02f70a98316a91af1028053dd711b43e8b20 Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Thu, 17 Mar 2022 19:15:44 +0530
Subject: [PATCH 085/101] fix: default authentication method dropdown is not
 populating #159

---
 .../components/Configuration/Defaults/AcrsPage.js  | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/admin-ui/plugins/auth-server/components/Configuration/Defaults/AcrsPage.js b/admin-ui/plugins/auth-server/components/Configuration/Defaults/AcrsPage.js
index a86b813e4..594b52bb5 100644
--- a/admin-ui/plugins/auth-server/components/Configuration/Defaults/AcrsPage.js
+++ b/admin-ui/plugins/auth-server/components/Configuration/Defaults/AcrsPage.js
@@ -15,23 +15,31 @@ import GluuTooltip from '../../../../../app/routes/Apps/Gluu/GluuTooltip'
 import applicationStyle from '../../../../../app/routes/Apps/Gluu/styles/applicationstyle'
 import {
   hasPermission,
+  buildPayload,
   ACR_READ,
   ACR_WRITE,
 } from '../../../../../app/utils/PermChecker'
-import { SIMPLE_PASSWORD_AUTH } from '../../../common/Constants'
+import {
+  getScripts,
+} from '../../../../../app/redux/actions/InitActions'
+import { SIMPLE_PASSWORD_AUTH, FETCHING_SCRIPTS } from '../../../common/Constants'
 import GluuViewWrapper from '../../../../../app/routes/Apps/Gluu/GluuViewWrapper'
 import GluuLoader from '../../../../../app/routes/Apps/Gluu/GluuLoader'
 import { useTranslation } from 'react-i18next'
 
 function AcrsPage({ acrs, scripts, permissions, loading, dispatch }) {
   const { t } = useTranslation()
+  const userAction = {}
+  const options = {}
   const authScripts = scripts
     .filter((item) => item.scriptType == 'PERSON_AUTHENTICATION')
     .filter((item) => item.enabled)
     .map((item) => item.name)
   authScripts.push(SIMPLE_PASSWORD_AUTH)
   useEffect(() => {
+    buildPayload(userAction, FETCHING_SCRIPTS, options)
     dispatch(getAcrsConfig())
+    dispatch(getScripts(userAction))
   }, [])
   const initialValues = {
     defaultAcr: acrs.defaultAcr,
@@ -98,8 +106,8 @@ const mapStateToProps = (state) => {
     acrs: state.acrReducer.acrs,
     loading: state.acrReducer.loading,
     permissions: state.authReducer.permissions,
-    scripts: state.customScriptReducer.items,
+    scripts: state.initReducer.scripts,
   }
 }
 
-export default connect(mapStateToProps)(AcrsPage)
+export default connect(mapStateToProps)(AcrsPage)
\ No newline at end of file

From 18ab757b8d7154d569e4111582d5680420379068 Mon Sep 17 00:00:00 2001
From: Arnab Dutta <arnab.bdutta@gmail.com>
Date: Thu, 17 Mar 2022 19:28:59 +0530
Subject: [PATCH 086/101] fix: correct typo

---
 .../plugins/admin/components/CustomScripts/CustomScriptForm.js  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin-ui/plugins/admin/components/CustomScripts/CustomScriptForm.js b/admin-ui/plugins/admin/components/CustomScripts/CustomScriptForm.js
index a0591985d..9bb24117a 100644
--- a/admin-ui/plugins/admin/components/CustomScripts/CustomScriptForm.js
+++ b/admin-ui/plugins/admin/components/CustomScripts/CustomScriptForm.js
@@ -293,7 +293,7 @@ function CustomScriptForm({ item, scripts, handleSubmit }) {
                 }}
               >
                 <option value="">{t('options.choose')}...</option>
-                {items.map((ele, item) => (
+                {items.map((ele, index) => (
                   <option key={index} value={ele.name}>{ele.name}</option>
                 ))}
               </CustomInput>

From 7c883497b3ad7492645e1bd854c920d3151e8e74 Mon Sep 17 00:00:00 2001
From: Mustafa Baser <mbaser@mail.com>
Date: Thu, 17 Mar 2022 17:45:37 +0300
Subject: [PATCH 087/101] fix: flex-linux-setup casa-client jansAccessTknAsJwt:
 false

---
 flex-linux-setup/flex_linux_setup/templates/casa_client.ldif | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif b/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif
index dedabe1e4..179137684 100644
--- a/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif
+++ b/flex-linux-setup/flex_linux_setup/templates/casa_client.ldif
@@ -5,7 +5,7 @@ objectClass: jansClnt
 del: false
 displayName: Client for Casa
 inum: %(casa_client_id)s
-jansAccessTknAsJwt: true
+jansAccessTknAsJwt: false
 jansAccessTknSigAlg: RS256
 jansAppTyp: web
 jansClntSecret: %(casa_client_encoded_pw)s

From 80708e6223abb7292c5aa603db21f753deeef55c Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Fri, 18 Mar 2022 14:43:06 +0530
Subject: [PATCH 088/101] fix: edit fields issue fix

---
 .../components/Clients/ClientBasicPanel.js    | 21 ++++---
 .../components/Clients/ClientScriptPanel.js   |  2 +-
 .../components/Clients/ClientWizardForm.js    | 61 +++++++++++--------
 3 files changed, 47 insertions(+), 37 deletions(-)

diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientBasicPanel.js b/admin-ui/plugins/auth-server/components/Clients/ClientBasicPanel.js
index 869b3b46d..fe46974ba 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientBasicPanel.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientBasicPanel.js
@@ -110,7 +110,7 @@ const ClientBasicPanel = ({ client, scopes, formik }) => {
                 id="clientSecret"
                 name="clientSecret"
                 type={showClientSecret ? 'text' : 'password'}
-                defaultValue={client.clientSecret}
+                value={client.clientSecret}
                 onChange={formik.handleChange}
               />
               <IconButton
@@ -137,15 +137,16 @@ const ClientBasicPanel = ({ client, scopes, formik }) => {
         value={!client.disabled}
         doc_category={DOC_CATEGORY}
       />
-      <GluuToogleRow
-        name="expirable"
-        formik={formik}
-        label="fields.is_expirable_client"
-        value={client.expirable && client.expirable.length ? true : false}
-        handler={handleExpirable}
-        doc_category={DOC_CATEGORY}
-      />
-
+      {client.expirable && (
+        <GluuToogleRow
+          name="expirable"
+          formik={formik}
+          label="fields.is_expirable_client"
+          value={client.expirable && client.expirable.length ? true : false}
+          handler={handleExpirable}
+          doc_category={DOC_CATEGORY}
+        />
+      )}
       {client.expirable && client.expirable.length && (
         <FormGroup row>
           <GluuLabel label="client_expiration_date" size={5} />
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientScriptPanel.js b/admin-ui/plugins/auth-server/components/Clients/ClientScriptPanel.js
index 9ca7081ba..95d8bb7a0 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientScriptPanel.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientScriptPanel.js
@@ -63,7 +63,7 @@ function ClientScriptPanel({ client, scopes, scripts, formik }) {
         doc_category={DOC_CATEGORY}
       ></GluuTypeAheadForDn>
       <GluuTypeAheadForDn
-        name="rptScripts"
+        name="rptClaimsScripts"
         label="fields.rpt_scripts"
         formik={formik}
         value={client.rptClaimsScripts}
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
index 1c515d281..cfeb65931 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
@@ -116,23 +116,23 @@ function ClientWizardForm({
     return total.filter((item) => partial.includes(item.dn)) || []
   }
   // client.description = extractDescription(client.customAttributes || [])
-  client.spontaneousScopes =
-    getMapping(client.attributes.spontaneousScopes, scopes) || []
-  client.introspectionScripts =
-    getMapping(client.attributes.introspectionScripts, instrospectionScripts) ||
-    []
-  client.spontaneousScopeScriptDns =
-    getMapping(
-      client.attributes.spontaneousScopeScriptDns,
-      spontaneousScripts,
-    ) || []
-  client.consentGatheringScripts =
-    getMapping(client.attributes.consentGatheringScripts, consentScripts) || []
+  // client.spontaneousScopes =
+  //   getMapping(client.attributes.spontaneousScopes, scopes) || []
+  // client.introspectionScripts =
+  //   getMapping(client.attributes.introspectionScripts, instrospectionScripts) ||
+  //   []
+  // client.spontaneousScopeScriptDns =
+  //   getMapping(
+  //     client.attributes.spontaneousScopeScriptDns,
+  //     spontaneousScripts,
+  //   ) || []
+  // client.consentGatheringScripts =
+  //   getMapping(client.attributes.consentGatheringScripts, consentScripts) || []
 
-  client.postAuthnScripts =
-    getMapping(client.attributes.postAuthnScripts, postScripts) || []
-  client.rptClaimsScripts =
-    getMapping(client.attributes.rptClaimsScripts, rptScripts) || []
+  // client.postAuthnScripts =
+  //   getMapping(client.attributes.postAuthnScripts, postScripts) || []
+  // client.rptClaimsScripts =
+  //   getMapping(client.attributes.rptClaimsScripts, rptScripts) || []
   // client.tlsClientAuthSubjectDn = client.attributes.tlsClientAuthSubjectDn
   // client.runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims =
   //   client.attributes
@@ -150,7 +150,7 @@ function ClientWizardForm({
   const initialValues = {
     inum: client.inum,
     dn: client.dn,
-    clientSecret: client.secret,
+    clientSecret: client.clientSecret,
     displayName: client.displayName,
     clientName: client.clientName,
     description: client.description,
@@ -164,13 +164,21 @@ function ClientWizardForm({
     tosUri: client.tosUri,
     jwksUri: client.jwksUri,
     jwks: client.jwks,
-    expirable: [],
+    expirable: client.expirationDate ? ['on'] : [],
     expirationDate: client.expirationDate,
     softwareStatement: client.softwareStatement,
     softwareVersion: client.softwareVersion,
     softwareId: client.softwareId,
-    softwareSection: client.softwareSection ? client.softwareSection : false,
-    cibaSection: client.cibaSection ? client.cibaSection : false,
+    softwareSection:
+      client.softwareId || client.softwareVersion || client.softwareStatement
+        ? true
+        : false,
+    cibaSection:
+      client.backchannelTokenDeliveryMode ||
+      client.backchannelClientNotificationEndpoint ||
+      client.backchannelUserCodeParameter
+        ? true
+        : false,
     idTokenSignedResponseAlg: client.idTokenSignedResponseAlg,
     idTokenEncryptedResponseAlg: client.idTokenEncryptedResponseAlg,
     tokenEndpointAuthMethod: client.tokenEndpointAuthMethod,
@@ -220,12 +228,13 @@ function ClientWizardForm({
     keepClientAuthorizationAfterExpiration:
       client.attributes.keepClientAuthorizationAfterExpiration,
     allowSpontaneousScopes: client.attributes.allowSpontaneousScopes,
-    spontaneousScopes: client.spontaneousScopes,
-    introspectionScripts: client.introspectionScripts,
-    spontaneousScopeScriptDns: client.spontaneousScopeScriptDns,
-    consentGatheringScripts: client.consentGatheringScripts,
-    postAuthnScripts: client.postAuthnScripts,
-    rptClaimsScripts: client.rptClaimsScripts,
+    spontaneousScopes: client.attributes.spontaneousScopes || [],
+    introspectionScripts: client.attributes.introspectionScripts || [],
+    spontaneousScopeScriptDns:
+      client.attributes.spontaneousScopeScriptDns || [],
+    consentGatheringScripts: client.attributes.consentGatheringScripts || [],
+    postAuthnScripts: client.attributes.postAuthnScripts || [],
+    rptClaimsScripts: client.attributes.rptClaimsScripts || [],
     additionalAudience: client.attributes.additionalAudience,
     backchannelLogoutUri: client.attributes.backchannelLogoutUri,
     customObjectClasses: client.customObjectClasses,

From c161812e810d2caa3bb9c2f38f808a351ddf7322 Mon Sep 17 00:00:00 2001
From: Dhaval D <343411+ossdhaval@users.noreply.github.com>
Date: Fri, 18 Mar 2022 17:37:27 +0530
Subject: [PATCH 089/101] ci: fix the change detection logic in Sonar WF (#163)

---
 .../workflows/central_code_quality_check.yml  | 25 ++++++++++++++-----
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/central_code_quality_check.yml b/.github/workflows/central_code_quality_check.yml
index 9963128fd..c1d377110 100644
--- a/.github/workflows/central_code_quality_check.yml
+++ b/.github/workflows/central_code_quality_check.yml
@@ -12,6 +12,7 @@ on:
       - 'docker-**/version.txt'
       - '**.md'
 
+  # TODO: Optimize so that workflow is only triggered for `opened` and `synchronize` actions
   pull_request:
     branches:
       - main
@@ -47,21 +48,33 @@ jobs:
         run: |
           if [ $GITHUB_BASE_REF ]; then
             # Pull Request
+            echo "Triggerring event: pull request"
+            echo Pull request base ref: $GITHUB_BASE_REF
             git fetch origin $GITHUB_BASE_REF --depth=1
-            echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} ${{ github.event.pull_request.head.sha }}  | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV}
+            if [ ${{ github.event.action }} = "opened" ]; then
+              echo "Triggerring action: opened"
+              echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }}  | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV}
+            fi
+            if [ ${{ github.event.action }} = "synchronize" ]; then
+              echo "Triggerring action: synchronize"
+              echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} ${{ github.event.pull_request.head.sha }}  | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >>${GITHUB_ENV}
+            fi
           else
             # Push
+            echo "Triggerring event: push"
             git fetch origin ${{ github.event.before }} --depth=1
             echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} $GITHUB_SHA  | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV}
           fi
 
       - name: check env
         run: |
-          echo ${{ env.CHANGED_DIR }}
-          echo ${{ matrix.module }}
-          echo ${{ github.event.before }}
-          echo ${{ github.event.pull_request.head.sha }}
-          echo $GITHUB_SHA
+          echo changed dir list: ${{ env.CHANGED_DIR }}
+          echo Matrix module: ${{ matrix.module }}
+          echo GH event action: ${{ github.event.action }}
+          echo PR base sha: ${{ github.event.pull_request.base.sha }} 
+          echo PR head sha: ${{ github.event.pull_request.head.sha }}
+          echo event before: ${{ github.event.before }}
+          echo GH sha: $GITHUB_SHA
 
       - name: Set up JDK 11
         if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module)

From 9408ce8367e49ebb6a5b9a509588f5bd9b4855db Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Fri, 18 Mar 2022 19:07:55 +0700
Subject: [PATCH 090/101] chore: update images (#162)

- updated image's LABELs
- sync upstream sources
---
 docker-admin-ui/Dockerfile | 4 ++--
 docker-casa/Dockerfile     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile
index c272a6f43..a7fae65f3 100644
--- a/docker-admin-ui/Dockerfile
+++ b/docker-admin-ui/Dockerfile
@@ -28,7 +28,7 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 # TODO:
 # - use NODE_ENV=production
 # - download build package (not git clone)
-ENV ADMIN_UI_VERSION=0b2ed93cadcf031c5f92c050192f0b0c6f1a0918
+ENV ADMIN_UI_VERSION=2a4a7fcb16554d23ea0ff599d46f86b9de292e30
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the admin-ui code
@@ -122,7 +122,7 @@ ENV CN_WAIT_MAX_TIME=300 \
 # misc stuff
 # ==========
 EXPOSE 8080
-LABEL name="Gluu Admin UI" \
+LABEL name="gluufederation/admin-ui" \
     maintainer="Gluu Inc. <support@gluu.org>" \
     vendor="Gluu Federation" \
     version="1.0.0" \
diff --git a/docker-casa/Dockerfile b/docker-casa/Dockerfile
index 8238e254a..7afe930d9 100644
--- a/docker-casa/Dockerfile
+++ b/docker-casa/Dockerfile
@@ -35,7 +35,7 @@ EXPOSE 8080
 # ====
 
 ENV GLUU_VERSION=5.0.0-SNAPSHOT
-ENV GLUU_BUILD_DATE='2022-03-09 20:14'
+ENV GLUU_BUILD_DATE='2022-03-17 11:52'
 ENV GLUU_SOURCE_URL=https://jenkins.gluu.org/maven/org/gluu/casa/${GLUU_VERSION}/casa-${GLUU_VERSION}.war
 
 # Install Casa
@@ -155,7 +155,7 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \
 # misc stuff
 # ==========
 
-LABEL name="Casa" \
+LABEL name="gluufederation/casa" \
     maintainer="Gluu Inc. <support@gluu.org>" \
     vendor="Gluu Federation" \
     version="5.0.0" \

From d5df5e329daed027fe96dfbb6d84af6317505154 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Fri, 18 Mar 2022 21:54:41 +0530
Subject: [PATCH 091/101] fix: edit data issues fix

---
 admin-ui/app/locales/en/translation.json      |  2 +-
 .../components/Clients/ClientAddPage.js       |  2 +-
 .../components/Clients/ClientWizardForm.js    | 68 +++++++++----------
 .../auth-server/components/Clients/clients.js | 18 ++---
 4 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/admin-ui/app/locales/en/translation.json b/admin-ui/app/locales/en/translation.json
index 6824c1396..3bd8b5441 100644
--- a/admin-ui/app/locales/en/translation.json
+++ b/admin-ui/app/locales/en/translation.json
@@ -166,7 +166,7 @@
     "subject_type": "Subject Type",
     "test_config": "Test Config",
     "test_connection": "Test Connection",
-    "token_endpoint_auth_method": "JWS alg Algoritm for Authentication method to token Endpoint",
+    "token_endpoint_auth_method": "Authentication Method to token endpoint",
     "tls_client_auth_subject_dn": "Tls Client Auth Subject Dn",
     "run_introspection_script_before_accesstoken": "Run Introspection Script Before AccessToken As Jwt Creation And Include Claims",
     "keep_client_authorization": "Keep Client Authorization After Expiration",
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js b/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js
index 156f40f1e..c5723c56f 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientAddPage.js
@@ -64,7 +64,7 @@ function ClientAddPage({
     trustedClient: false,
     persistClientAuthorizations: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: false,
     backchannelUserCodeParameter: false,
diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
index cfeb65931..30afa9dd2 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
@@ -85,36 +85,36 @@ function ClientWizardForm({
   function isComplete(stepId) {
     return sequence.indexOf(stepId) < sequence.indexOf(currentStep)
   }
-  function buildDescription(description) {
-    return {
-      name: DESCRIPTION,
-      multiValued: false,
-      values: [description],
-    }
-  }
-  function removeDecription(customAttributes) {
-    return customAttributes.filter((item) => item.name !== DESCRIPTION)
-  }
+  // function buildDescription(description) {
+  //   return {
+  //     name: DESCRIPTION,
+  //     multiValued: false,
+  //     values: [description],
+  //   }
+  // }
+  // function removeDecription(customAttributes) {
+  //   return customAttributes.filter((item) => item.name !== DESCRIPTION)
+  // }
   function submitForm(message) {
     commitMessage = message
     toggle()
     document.querySelector('button[type="submit"]').click()
   }
 
-  function extractDescription(customAttributes) {
-    var result = customAttributes.filter((item) => item.name === DESCRIPTION)
-    if (result && result.length >= 1) {
-      return result[0].values[0]
-    }
-    return ''
-  }
+  // function extractDescription(customAttributes) {
+  //   var result = customAttributes.filter((item) => item.name === DESCRIPTION)
+  //   if (result && result.length >= 1) {
+  //     return result[0].values[0]
+  //   }
+  //   return ''
+  // }
 
-  function getMapping(partial, total) {
-    if (!partial) {
-      partial = []
-    }
-    return total.filter((item) => partial.includes(item.dn)) || []
-  }
+  // function getMapping(partial, total) {
+  //   if (!partial) {
+  //     partial = []
+  //   }
+  //   return total.filter((item) => partial.includes(item.dn)) || []
+  // }
   // client.description = extractDescription(client.customAttributes || [])
   // client.spontaneousScopes =
   //   getMapping(client.attributes.spontaneousScopes, scopes) || []
@@ -216,7 +216,7 @@ function ClientWizardForm({
     defaultAcrValues: client.defaultAcrValues,
     scopes: client.scopes,
     oxAuthClaims: client.oxAuthClaims,
-    customAttributes: client.customAttributes,
+    // customAttributes: client.customAttributes,
     attributes: client.attributes,
     tlsClientAuthSubjectDn: client.attributes.tlsClientAuthSubjectDn,
     frontChannelLogoutSessionRequired: client.frontChannelLogoutSessionRequired,
@@ -237,7 +237,7 @@ function ClientWizardForm({
     rptClaimsScripts: client.attributes.rptClaimsScripts || [],
     additionalAudience: client.attributes.additionalAudience,
     backchannelLogoutUri: client.attributes.backchannelLogoutUri,
-    customObjectClasses: client.customObjectClasses,
+    customObjectClasses: client.customObjectClasses || [],
     requireAuthTime: client.requireAuthTime,
     trustedClient: client.trustedClient,
     persistClientAuthorizations: client.persistClientAuthorizations,
@@ -276,15 +276,15 @@ function ClientWizardForm({
           values[ATTRIBUTE].backchannelLogoutUri = values.backchannelLogoutUri
           values[ATTRIBUTE].postAuthnScripts = values.postAuthnScripts
           values[ATTRIBUTE].additionalAudience = values.additionalAudience
-          if (!values['customAttributes']) {
-            values['customAttributes'] = []
-          }
-          if (values[DESCRIPTION]) {
-            values['customAttributes'] = removeDecription(
-              values['customAttributes'],
-            )
-          }
-          values['customAttributes'].push(buildDescription(values[DESCRIPTION]))
+          // if (!values['customAttributes']) {
+          //   values['customAttributes'] = []
+          // }
+          // if (values[DESCRIPTION]) {
+          //   values['customAttributes'] = removeDecription(
+          //     values['customAttributes'],
+          //   )
+          // }
+          // values['customAttributes'].push(buildDescription(values[DESCRIPTION]))
           values['displayName'] = values['clientName']
           customOnSubmit(JSON.parse(JSON.stringify(values)))
         }}
diff --git a/admin-ui/plugins/auth-server/components/Clients/clients.js b/admin-ui/plugins/auth-server/components/Clients/clients.js
index 526064fb2..7d4c69417 100644
--- a/admin-ui/plugins/auth-server/components/Clients/clients.js
+++ b/admin-ui/plugins/auth-server/components/Clients/clients.js
@@ -60,7 +60,7 @@ export const clients = [
     persistClientAuthorizations: true,
     includeClaimsInIdToken: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: false,
     accessTokenSigningAlg: 'ES256',
@@ -110,7 +110,7 @@ export const clients = [
     persistClientAuthorizations: false,
     includeClaimsInIdToken: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: false,
     disabled: false,
@@ -141,7 +141,7 @@ export const clients = [
     persistClientAuthorizations: false,
     includeClaimsInIdToken: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: false,
     disabled: false,
@@ -173,7 +173,7 @@ export const clients = [
     persistClientAuthorizations: false,
     includeClaimsInIdToken: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: false,
     disabled: false,
@@ -218,7 +218,7 @@ export const clients = [
     persistClientAuthorizations: true,
     includeClaimsInIdToken: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: false,
     accessTokenSigningAlg: 'RS256',
@@ -264,7 +264,7 @@ export const clients = [
     persistClientAuthorizations: true,
     includeClaimsInIdToken: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: true,
     accessTokenSigningAlg: 'RS256',
@@ -307,7 +307,7 @@ export const clients = [
     persistClientAuthorizations: true,
     includeClaimsInIdToken: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: false,
     accessTokenSigningAlg: 'RS256',
@@ -353,7 +353,7 @@ export const clients = [
     persistClientAuthorizations: true,
     includeClaimsInIdToken: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: false,
     accessTokenSigningAlg: 'RS256',
@@ -401,7 +401,7 @@ export const clients = [
     persistClientAuthorizations: true,
     includeClaimsInIdToken: false,
     customAttributes: [],
-    customObjectClasses: ['top'],
+    customObjectClasses: [],
     rptAsJwt: false,
     accessTokenAsJwt: false,
     accessTokenSigningAlg: 'RS256',

From 6ea2e88b1d915184a1373714220a9e66a57caa31 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Fri, 18 Mar 2022 22:43:19 +0530
Subject: [PATCH 092/101] fix: remove commented code

---
 .../components/Clients/ClientWizardForm.js    | 66 -------------------
 1 file changed, 66 deletions(-)

diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
index 30afa9dd2..7e2c6e2e7 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
@@ -85,68 +85,12 @@ function ClientWizardForm({
   function isComplete(stepId) {
     return sequence.indexOf(stepId) < sequence.indexOf(currentStep)
   }
-  // function buildDescription(description) {
-  //   return {
-  //     name: DESCRIPTION,
-  //     multiValued: false,
-  //     values: [description],
-  //   }
-  // }
-  // function removeDecription(customAttributes) {
-  //   return customAttributes.filter((item) => item.name !== DESCRIPTION)
-  // }
   function submitForm(message) {
     commitMessage = message
     toggle()
     document.querySelector('button[type="submit"]').click()
   }
 
-  // function extractDescription(customAttributes) {
-  //   var result = customAttributes.filter((item) => item.name === DESCRIPTION)
-  //   if (result && result.length >= 1) {
-  //     return result[0].values[0]
-  //   }
-  //   return ''
-  // }
-
-  // function getMapping(partial, total) {
-  //   if (!partial) {
-  //     partial = []
-  //   }
-  //   return total.filter((item) => partial.includes(item.dn)) || []
-  // }
-  // client.description = extractDescription(client.customAttributes || [])
-  // client.spontaneousScopes =
-  //   getMapping(client.attributes.spontaneousScopes, scopes) || []
-  // client.introspectionScripts =
-  //   getMapping(client.attributes.introspectionScripts, instrospectionScripts) ||
-  //   []
-  // client.spontaneousScopeScriptDns =
-  //   getMapping(
-  //     client.attributes.spontaneousScopeScriptDns,
-  //     spontaneousScripts,
-  //   ) || []
-  // client.consentGatheringScripts =
-  //   getMapping(client.attributes.consentGatheringScripts, consentScripts) || []
-
-  // client.postAuthnScripts =
-  //   getMapping(client.attributes.postAuthnScripts, postScripts) || []
-  // client.rptClaimsScripts =
-  //   getMapping(client.attributes.rptClaimsScripts, rptScripts) || []
-  // client.tlsClientAuthSubjectDn = client.attributes.tlsClientAuthSubjectDn
-  // client.runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims =
-  //   client.attributes
-  //     .runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims ||
-  //   false
-  // client.backchannelLogoutSessionRequired =
-  //   client.attributes.backchannelLogoutSessionRequired || false
-  // client.keepClientAuthorizationAfterExpiration =
-  //   client.attributes.keepClientAuthorizationAfterExpiration || false
-  // client.allowSpontaneousScopes =
-  //   client.attributes.allowSpontaneousScopes || false
-  // client.additionalAudience = client.attributes.additionalAudience || []
-  // client.backchannelLogoutUri = client.attributes.backchannelLogoutUri
-
   const initialValues = {
     inum: client.inum,
     dn: client.dn,
@@ -216,7 +160,6 @@ function ClientWizardForm({
     defaultAcrValues: client.defaultAcrValues,
     scopes: client.scopes,
     oxAuthClaims: client.oxAuthClaims,
-    // customAttributes: client.customAttributes,
     attributes: client.attributes,
     tlsClientAuthSubjectDn: client.attributes.tlsClientAuthSubjectDn,
     frontChannelLogoutSessionRequired: client.frontChannelLogoutSessionRequired,
@@ -276,15 +219,6 @@ function ClientWizardForm({
           values[ATTRIBUTE].backchannelLogoutUri = values.backchannelLogoutUri
           values[ATTRIBUTE].postAuthnScripts = values.postAuthnScripts
           values[ATTRIBUTE].additionalAudience = values.additionalAudience
-          // if (!values['customAttributes']) {
-          //   values['customAttributes'] = []
-          // }
-          // if (values[DESCRIPTION]) {
-          //   values['customAttributes'] = removeDecription(
-          //     values['customAttributes'],
-          //   )
-          // }
-          // values['customAttributes'].push(buildDescription(values[DESCRIPTION]))
           values['displayName'] = values['clientName']
           customOnSubmit(JSON.parse(JSON.stringify(values)))
         }}

From ec305ca5df96c101c889e18aa7ffacf8b67f61ab Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 21 Mar 2022 07:04:23 +0000
Subject: [PATCH 093/101] fix: casa/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244
---
 casa/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/casa/pom.xml b/casa/pom.xml
index 9aed1bdae..27ec07884 100644
--- a/casa/pom.xml
+++ b/casa/pom.xml
@@ -26,7 +26,7 @@
         <casa.version>5.0.0-SNAPSHOT</casa.version>
         <jans.version>1.0.0-SNAPSHOT</jans.version>
         <log4j.version>2.17.1</log4j.version>
-        <jackson.version>2.13.1</jackson.version>
+        <jackson.version>2.13.2</jackson.version>
         <zk.version>9.5.0.2</zk.version>
         <ldapsdk.version>5.1.4</ldapsdk.version>
         <resteasy.version>4.7.2.Final</resteasy.version>

From 7f4140a39dfcb6ddee26eb7ef5f523b2bd185ee7 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Mon, 21 Mar 2022 18:07:42 +0530
Subject: [PATCH 094/101] fix: popup message textbox fix

---
 .../app/routes/Apps/Gluu/GluuCommitDialog.js  | 15 +++++---
 admin-ui/app/routes/Apps/Gluu/GluuDialog.js   | 35 +++++++++++++------
 2 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/admin-ui/app/routes/Apps/Gluu/GluuCommitDialog.js b/admin-ui/app/routes/Apps/Gluu/GluuCommitDialog.js
index d97cef676..66a334739 100644
--- a/admin-ui/app/routes/Apps/Gluu/GluuCommitDialog.js
+++ b/admin-ui/app/routes/Apps/Gluu/GluuCommitDialog.js
@@ -44,9 +44,14 @@ const GluuCommitDialog = ({
     setLoading(true)
     onAccept(userMessage)
   }
+  const closeModal = () => {
+    handler()
+    setUserMessage('')
+  }
+
   return (
-    <Modal isOpen={modal} toggle={handler} className="modal-outline-primary">
-      <ModalHeader toggle={handler}>
+    <Modal isOpen={modal} toggle={closeModal} className="modal-outline-primary">
+      <ModalHeader toggle={closeModal}>
         <i
           style={{ color: 'green' }}
           className="fa fa-2x fa-info fa-fw modal-icon mb-3"
@@ -80,9 +85,9 @@ const GluuCommitDialog = ({
                   ? t('placeholders.action_commit_message')
                   : placeholderLabel
               }
-              defaultValue=""
+              value={userMessage}
             />
-            {userMessage.length <= 10 && (
+            {userMessage.length < 10 && (
               <span className="text-danger">
                 {10 - userMessage.length} {userMessage.length ? ' more' : ''}{' '}
                 characters required
@@ -106,7 +111,7 @@ const GluuCommitDialog = ({
         <Button
           color="danger"
           style={applicationStyle.buttonStyle}
-          onClick={handler}
+          onClick={closeModal}
         >
           <i className="fa fa-remove mr-2"></i>
           {t('actions.no')}
diff --git a/admin-ui/app/routes/Apps/Gluu/GluuDialog.js b/admin-ui/app/routes/Apps/Gluu/GluuDialog.js
index 5be79d914..5412a0e76 100644
--- a/admin-ui/app/routes/Apps/Gluu/GluuDialog.js
+++ b/admin-ui/app/routes/Apps/Gluu/GluuDialog.js
@@ -1,4 +1,4 @@
-import React, { useState } from 'react'
+import React, { useState, useEffect } from 'react'
 import {
   FormGroup,
   Col,
@@ -15,23 +15,31 @@ import applicationStyle from '../../Apps/Gluu/styles/applicationstyle'
 const GluuDialog = ({ row, handler, modal, onAccept, subject, name }) => {
   const [active, setActive] = useState(false)
   const { t } = useTranslation()
+  const [userMessage, setUserMessage] = useState('')
 
-  function handleStatus() {
-    var value = document.getElementById('user_action_message').value
-    if (value.length >= 10) {
+  useEffect(() => {
+    if (userMessage.length >= 10) {
       setActive(true)
     } else {
       setActive(false)
     }
-  }
+  }, [userMessage])
 
   function handleAccept() {
-    onAccept(document.getElementById('user_action_message').value)
+    onAccept(userMessage)
+  }
+  const closeModal = () => {
+    handler()
+    setUserMessage('')
   }
   return (
     <>
-      <Modal isOpen={modal} toggle={handler} className="modal-outline-primary">
-        <ModalHeader toggle={handler}>
+      <Modal
+        isOpen={modal}
+        toggle={closeModal}
+        className="modal-outline-primary"
+      >
+        <ModalHeader toggle={closeModal}>
           <i
             style={{ color: 'red' }}
             className="fa fa-2x fa-warning fa-fw modal-icon mb-3"
@@ -46,10 +54,17 @@ const GluuDialog = ({ row, handler, modal, onAccept, subject, name }) => {
                 id="user_action_message"
                 type="textarea"
                 name="user_action_message"
-                onKeyUp={handleStatus}
+                onChange={(e) => setUserMessage(e.target.value)}
                 placeholder={t('placeholders.action_commit_message')}
                 defaultValue=""
+                value={userMessage}
               />
+              {userMessage.length < 10 && (
+                <span className="text-danger">
+                  {10 - userMessage.length} {userMessage.length ? ' more' : ''}{' '}
+                  characters required
+                </span>
+              )}
             </Col>
           </FormGroup>
         </ModalBody>
@@ -66,7 +81,7 @@ const GluuDialog = ({ row, handler, modal, onAccept, subject, name }) => {
           <Button
             color="secondary"
             style={applicationStyle.buttonStyle}
-            onClick={handler}
+            onClick={closeModal}
           >
             {t('actions.no')}
           </Button>

From ca18adf47ba05385fa1129347fef9a97dca5f083 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Mon, 21 Mar 2022 22:31:02 +0530
Subject: [PATCH 095/101] fix : prevent enter button

---
 .../auth-server/components/Clients/ClientWizardForm.js     | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
index 7e2c6e2e7..00b7a1918 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
@@ -191,6 +191,11 @@ function ClientWizardForm({
     deletable: client.deletable,
     tokenBindingSupported: client.tokenBindingSupported,
   }
+  function onKeyDown(keyEvent) {
+    if ((keyEvent.charCode || keyEvent.keyCode) === 13) {
+      keyEvent.preventDefault()
+    }
+  }
   return (
     <Container>
       <Formik
@@ -224,7 +229,7 @@ function ClientWizardForm({
         }}
       >
         {(formik) => (
-          <Form onSubmit={formik.handleSubmit}>
+          <Form onSubmit={formik.handleSubmit} onKeyDown={onKeyDown}>
             <Card>
               <CardBody className="d-flex justify-content-center pt-5">
                 <Wizard activeStep={currentStep} onStepChanged={changeStep}>

From aabe13aa769d8f5aaec0b19f0699d635002ef151 Mon Sep 17 00:00:00 2001
From: = <mjatin78@gmail.com>
Date: Mon, 21 Mar 2022 22:32:27 +0530
Subject: [PATCH 096/101] fix: commit message

---
 .../plugins/auth-server/components/Clients/ClientWizardForm.js   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
index 00b7a1918..14e323a68 100644
--- a/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
+++ b/admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js
@@ -196,6 +196,7 @@ function ClientWizardForm({
       keyEvent.preventDefault()
     }
   }
+
   return (
     <Container>
       <Formik

From 7e31ec6f083d0d95e327e2a23c190730227fb212 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Mar 2022 10:21:35 +0000
Subject: [PATCH 097/101] chore(deps): bump actions/cache from 2.1.7 to 3
 (#168)

Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/central_code_quality_check.yml | 2 +-
 .github/workflows/docker_build_image.yml         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/central_code_quality_check.yml b/.github/workflows/central_code_quality_check.yml
index c1d377110..8cc7a10bf 100644
--- a/.github/workflows/central_code_quality_check.yml
+++ b/.github/workflows/central_code_quality_check.yml
@@ -85,7 +85,7 @@ jobs:
           
       - name: Cache SonarCloud packages for JVM based project
         if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module)
-        uses: actions/cache@v2.1.7
+        uses: actions/cache@v3
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
diff --git a/.github/workflows/docker_build_image.yml b/.github/workflows/docker_build_image.yml
index 2cf5ad718..5acc490f2 100644
--- a/.github/workflows/docker_build_image.yml
+++ b/.github/workflows/docker_build_image.yml
@@ -135,7 +135,7 @@ jobs:
 
       - name: Cache Docker layers
         if: steps.build_docker_image.outputs.build && steps.prep.outputs.build
-        uses: actions/cache@v2.1.7
+        uses: actions/cache@v3
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}

From feda72b9aca54366aa9c93f405bf1462fb5ce23a Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 22 Mar 2022 10:41:04 +0000
Subject: [PATCH 098/101] ci: automatically update admin-ui commit on dev image
 build

---
 automation/auto_update_image_pr.py | 14 ++++++++++++++
 automation/requirements.txt        |  1 +
 docker-admin-ui/Dockerfile         |  2 +-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/automation/auto_update_image_pr.py b/automation/auto_update_image_pr.py
index d5952ee3d..65c262907 100644
--- a/automation/auto_update_image_pr.py
+++ b/automation/auto_update_image_pr.py
@@ -3,6 +3,8 @@
 from dateutil.parser import parse
 from dockerfile_parse import DockerfileParser
 from requests_html import HTMLSession
+# This is a temp import until the dockerfile for the admin-ui starts using packages
+import git
 
 
 def should_update_build(last_build, new_build):
@@ -39,6 +41,15 @@ def update_image(image, source_url_env, build_date_env):
         print(f"No updates found for {image} {build_date_env}")
 
 
+# This is a temp function until the dockerfile for the admin-ui starts using packages
+def update_git_commit():
+    dfparser = DockerfileParser(f'../docker-admin-ui')
+    repo = git.Repo("../")
+    commit = repo.head.commit
+    print(commit)
+    dfparser.envs["ADMIN_UI_VERSION"] = str(commit)
+
+
 def main():
     docker_image_folders = [name for name in os.listdir("../") if
                             os.path.isdir(os.path.join("../", name)) and "docker" in name]
@@ -50,6 +61,9 @@ def main():
             print(f'Docker image {image} does not contain any packages to update')
             continue
 
+    # This is a temp function until the dockerfile for the admin-ui starts using packages
+    update_git_commit()
+
 
 if __name__ == "__main__":
     main()
diff --git a/automation/requirements.txt b/automation/requirements.txt
index c48999824..ecca1c52b 100644
--- a/automation/requirements.txt
+++ b/automation/requirements.txt
@@ -2,4 +2,5 @@ ruamel.yaml>=0.16.10
 python-dateutil
 dockerfile-parse
 requests-html
+GitPython
 websockets>=10.0 # not directly required, pinned by Snyk to avoid a vulnerability
\ No newline at end of file
diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile
index a7fae65f3..7c1a91d1e 100644
--- a/docker-admin-ui/Dockerfile
+++ b/docker-admin-ui/Dockerfile
@@ -28,7 +28,7 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf
 # TODO:
 # - use NODE_ENV=production
 # - download build package (not git clone)
-ENV ADMIN_UI_VERSION=2a4a7fcb16554d23ea0ff599d46f86b9de292e30
+ENV ADMIN_UI_VERSION=7e31ec6f083d0d95e327e2a23c190730227fb212
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the admin-ui code

From 99faddfd5dea59f6e4bf57125cf7e6c0b16fbed3 Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 22 Mar 2022 10:53:20 +0000
Subject: [PATCH 099/101] ci: automatically update admin-ui commit on dev image
 build

---
 automation/auto_update_image_pr.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/automation/auto_update_image_pr.py b/automation/auto_update_image_pr.py
index 65c262907..7313fb35b 100644
--- a/automation/auto_update_image_pr.py
+++ b/automation/auto_update_image_pr.py
@@ -43,16 +43,16 @@ def update_image(image, source_url_env, build_date_env):
 
 # This is a temp function until the dockerfile for the admin-ui starts using packages
 def update_git_commit():
-    dfparser = DockerfileParser(f'../docker-admin-ui')
-    repo = git.Repo("../")
+    dfparser = DockerfileParser(f'docker-admin-ui')
+    repo = git.Repo(".")
     commit = repo.head.commit
     print(commit)
     dfparser.envs["ADMIN_UI_VERSION"] = str(commit)
 
 
 def main():
-    docker_image_folders = [name for name in os.listdir("../") if
-                            os.path.isdir(os.path.join("../", name)) and "docker" in name]
+    docker_image_folders = [name for name in os.listdir(".") if
+                            (os.path.isdir(os.path.join("./", name)) and "docker" in name)]
 
     for image in docker_image_folders:
         try:

From 54ac76eac7f2be2c854083e7f3bbb5e58ee5c4ba Mon Sep 17 00:00:00 2001
From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Date: Tue, 22 Mar 2022 11:02:46 +0000
Subject: [PATCH 100/101] ci: automatically update admin-ui commit on dev image
 build

---
 automation/auto_update_image_pr.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/automation/auto_update_image_pr.py b/automation/auto_update_image_pr.py
index 7313fb35b..2ff44ba76 100644
--- a/automation/auto_update_image_pr.py
+++ b/automation/auto_update_image_pr.py
@@ -46,13 +46,12 @@ def update_git_commit():
     dfparser = DockerfileParser(f'docker-admin-ui')
     repo = git.Repo(".")
     commit = repo.head.commit
-    print(commit)
     dfparser.envs["ADMIN_UI_VERSION"] = str(commit)
 
 
 def main():
-    docker_image_folders = [name for name in os.listdir(".") if
-                            (os.path.isdir(os.path.join("./", name)) and "docker" in name)]
+    docker_image_folders = [name for name in os.listdir("../") if
+                            os.path.isdir(os.path.join("../", name)) and "docker" in name]
 
     for image in docker_image_folders:
         try:

From fe01bcb3d46311355b15a37b655253ca17997358 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Tue, 22 Mar 2022 11:06:33 +0000
Subject: [PATCH 101/101] fix: docker-admin-ui/Dockerfile to reduce
 vulnerabilities (#164)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE314-OPENSSL-2426333
- https://snyk.io/vuln/SNYK-ALPINE314-OPENSSL-2426333
---
 docker-admin-ui/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile
index 7c1a91d1e..5ce84734f 100644
--- a/docker-admin-ui/Dockerfile
+++ b/docker-admin-ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:14.18.2-alpine3.14
+FROM node:14.19.1-alpine3.14
 
 # ======
 # alpine