From 5c3b70a1eb20aba09d28af472b3a622a4910e05b Mon Sep 17 00:00:00 2001 From: Snider Date: Sun, 8 Feb 2026 22:08:35 +0000 Subject: [PATCH] fix: resolve conflict markers and remove legacy code after branch consolidation - Remove conflict markers from 19 files that were accidentally committed during merge resolutions (keeping HEAD versions) - Remove legacy root-level code (core.go, main.go, config/, crypt/, display/, filesystem/, workspace/, docs/*.go, cmd/app/) from old architecture predating pkg/ restructure - Remove duplicate pkg/config/loader.go (Load/Save already in config.go) - Fix import alias in cmd_apply.go (errors -> core) Co-Authored-By: Virgil --- cmd/app/frontend/dist/assets/app.js | 1 - cmd/app/frontend/dist/index.html | 10 -- cmd/app/main.go | 31 ---- config/config.go | 52 ------- config/service.go | 175 --------------------- config/service_test.go | 165 -------------------- core.go | 148 ------------------ crypt/crypt.go | 23 --- crypt/crypt_test.go | 20 --- crypt/hash.go | 33 ---- crypt/lib/lthn/hash.go | 46 ------ crypt/lib/lthn/hash_test.go | 48 ------ crypt/lib/lthn/lthn.go | 16 -- crypt/lib/openpgp/encrypt.go | 106 ------------- crypt/lib/openpgp/key.go | 226 ---------------------------- crypt/lib/openpgp/openpgp.go | 12 -- crypt/lib/openpgp/sign.go | 39 ----- crypt/service.go | 43 ------ crypt/sum.go | 77 ---------- display/apptray.png | Bin 32953 -> 0 bytes display/display.go | 32 ---- display/menu.go | 32 ---- display/service.go | 146 ------------------ display/tray.go | 74 --------- display/window.go | 28 ---- docs/docs.go | 27 ---- docs/service.go | 54 ------- filesystem/client.go | 45 ------ filesystem/client_test.go | 31 ---- filesystem/filesystem.go | 29 ---- filesystem/filesystem_test.go | 3 - filesystem/local/client.go | 83 ---------- filesystem/local/client_test.go | 154 ------------------- filesystem/local/local.go | 6 - filesystem/mock.go | 47 ------ filesystem/sftp/client.go | 125 --------------- filesystem/sftp/sftp.go | 19 --- filesystem/webdav/client.go | 16 -- filesystem/webdav/webdav.go | 183 ---------------------- go.mod | 6 - go.sum | 24 --- internal/cmd/dev/cmd_apply.go | 4 - internal/cmd/dev/service.go | 10 -- internal/cmd/go/cmd_gotest.go | 8 - internal/cmd/php/cmd_qa_runner.go | 4 - internal/cmd/php/detect.go | 12 -- main.go | 13 -- pkg/agentic/config.go | 4 - pkg/build/signing/codesign.go | 4 - pkg/config/config.go | 197 ------------------------ pkg/config/config_test.go | 3 - pkg/config/loader.go | 45 ------ pkg/config/service.go | 3 - pkg/container/linuxkit.go | 4 - pkg/container/linuxkit_test.go | 12 -- pkg/container/templates_test.go | 36 ----- pkg/devops/claude.go | 8 - pkg/devops/serve.go | 4 - pkg/devops/shell.go | 4 - pkg/framework/core/core_test.go | 3 - pkg/io/local/client.go | 18 --- workspace/local.go | 41 ----- workspace/service.go | 124 --------------- workspace/workspace.go | 25 --- workspace/workspace_test.go | 157 ------------------- 65 files changed, 3178 deletions(-) delete mode 100644 cmd/app/frontend/dist/assets/app.js delete mode 100644 cmd/app/frontend/dist/index.html delete mode 100644 cmd/app/main.go delete mode 100644 config/config.go delete mode 100644 config/service.go delete mode 100644 config/service_test.go delete mode 100644 core.go delete mode 100644 crypt/crypt.go delete mode 100644 crypt/crypt_test.go delete mode 100644 crypt/hash.go delete mode 100644 crypt/lib/lthn/hash.go delete mode 100644 crypt/lib/lthn/hash_test.go delete mode 100644 crypt/lib/lthn/lthn.go delete mode 100644 crypt/lib/openpgp/encrypt.go delete mode 100644 crypt/lib/openpgp/key.go delete mode 100644 crypt/lib/openpgp/openpgp.go delete mode 100644 crypt/lib/openpgp/sign.go delete mode 100644 crypt/service.go delete mode 100644 crypt/sum.go delete mode 100644 display/apptray.png delete mode 100644 display/display.go delete mode 100644 display/menu.go delete mode 100644 display/service.go delete mode 100644 display/tray.go delete mode 100644 display/window.go delete mode 100644 docs/docs.go delete mode 100644 docs/service.go delete mode 100644 filesystem/client.go delete mode 100644 filesystem/client_test.go delete mode 100644 filesystem/filesystem.go delete mode 100644 filesystem/filesystem_test.go delete mode 100644 filesystem/local/client.go delete mode 100644 filesystem/local/client_test.go delete mode 100644 filesystem/local/local.go delete mode 100644 filesystem/mock.go delete mode 100644 filesystem/sftp/client.go delete mode 100644 filesystem/sftp/sftp.go delete mode 100644 filesystem/webdav/client.go delete mode 100644 filesystem/webdav/webdav.go delete mode 100644 main.go delete mode 100644 pkg/config/loader.go delete mode 100644 workspace/local.go delete mode 100644 workspace/service.go delete mode 100644 workspace/workspace.go delete mode 100644 workspace/workspace_test.go diff --git a/cmd/app/frontend/dist/assets/app.js b/cmd/app/frontend/dist/assets/app.js deleted file mode 100644 index 28abaa36..00000000 --- a/cmd/app/frontend/dist/assets/app.js +++ /dev/null @@ -1 +0,0 @@ -console.log("Hello from app.js!"); diff --git a/cmd/app/frontend/dist/index.html b/cmd/app/frontend/dist/index.html deleted file mode 100644 index 916c9c4b..00000000 --- a/cmd/app/frontend/dist/index.html +++ /dev/null @@ -1,10 +0,0 @@ - - - - Core - - -

Core

- - - diff --git a/cmd/app/main.go b/cmd/app/main.go deleted file mode 100644 index 01fd1d1c..00000000 --- a/cmd/app/main.go +++ /dev/null @@ -1,31 +0,0 @@ -package main - -import ( - "embed" - "fmt" - - "core" - "github.com/wailsapp/wails/v3/pkg/application" -) - -//go:embed all:frontend/dist -var assets embed.FS - -func main() { - app := application.New(application.Options{ - Services: []application.Service{ - application.NewService(core.New(assets)), - }, - }) - - core.Setup(app) - - app.Event.On("setup-done", func(e *application.CustomEvent) { - fmt.Println("Setup done!") - }) - - err := app.Run() - if err != nil { - panic(err) - } -} diff --git a/config/config.go b/config/config.go deleted file mode 100644 index 72bea66c..00000000 --- a/config/config.go +++ /dev/null @@ -1,52 +0,0 @@ -package config - -import ( - "fmt" - "reflect" - "strings" -) - -// Config holds the resolved paths and user-configurable settings for the application. -type Config struct { - // --- Dynamic Paths (not stored in config.json) --- - DataDir string `json:"-"` - ConfigDir string `json:"-"` - CacheDir string `json:"-"` - WorkspacesDir string `json:"-"` - RootDir string `json:"-"` - UserHomeDir string `json:"-"` - IsNew bool `json:"-"` // Flag indicating if the config was newly created. - - // --- Storable Settings (persisted in config.json) --- - DefaultRoute string `json:"defaultRoute,omitempty"` - Features []string `json:"features,omitempty"` - Language string `json:"language,omitempty"` -} - -// Key retrieves a configuration value by its key. It checks JSON tags and field names (case-insensitive). -func (c *Config) Key(key string) (interface{}, error) { - // Use reflection to inspect the struct fields. - val := reflect.ValueOf(c).Elem() - typ := val.Type() - - for i := 0; i < val.NumField(); i++ { - field := typ.Field(i) - fieldName := field.Name - - // Check the field name first. - if strings.EqualFold(fieldName, key) { - return val.Field(i).Interface(), nil - } - - // Then check the `json` tag. - jsonTag := field.Tag.Get("json") - if jsonTag != "" && jsonTag != "-" { - jsonName := strings.Split(jsonTag, ",")[0] - if strings.EqualFold(jsonName, key) { - return val.Field(i).Interface(), nil - } - } - } - - return nil, fmt.Errorf("key '%s' not found in config", key) -} diff --git a/config/service.go b/config/service.go deleted file mode 100644 index 745f358c..00000000 --- a/config/service.go +++ /dev/null @@ -1,175 +0,0 @@ -package config - -import ( - "encoding/json" - "errors" - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/adrg/xdg" -) - -const appName = "lethean" -const configFileName = "config.json" - -// ErrSetupRequired is returned by ServiceStartup if config.json is missing. -var ErrSetupRequired = errors.New("setup required: config.json not found") - -// Service provides access to the application's configuration. -type Service struct { - config *Config -} - -// NewService creates and initializes a new configuration service. -// It loads an existing configuration or creates a default one if not found. -func NewService() (*Service, error) { - // 1. Determine the config directory path to check for an existing file. - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("could not resolve user home directory: %w", err) - } - userHomeDir := filepath.Join(homeDir, appName) - configDir := filepath.Join(userHomeDir, "config") - configPath := filepath.Join(configDir, configFileName) - - var cfg *Config - configNeedsSaving := false - - // 2. Check if the config file exists. - if _, err := os.Stat(configPath); err == nil { - // --- Config file EXISTS --- - - // First, get the base config with all the dynamic paths and directory structures. - cfg, err = newDefaultConfig() - if err != nil { - return nil, fmt.Errorf("failed to create base config structure: %w", err) - } - cfg.IsNew = false // Mark that we are loading an existing config. - - // Now, load the storable values from the existing file, which will override the defaults. - fileData, err := os.ReadFile(configPath) - if err != nil { - return nil, fmt.Errorf("failed to read existing config file at %s: %w", configPath, err) - } - - if err := json.Unmarshal(fileData, cfg); err != nil { - // If unmarshalling fails, we log a warning but proceed with the default config. - // This prevents a corrupted config.json from crashing the app. - fmt.Fprintf(os.Stderr, "Warning: Failed to unmarshal config.json at %s, using defaults: %v\n", configPath, err) - } - - } else if errors.Is(err, os.ErrNotExist) { - // --- Config file DOES NOT EXIST --- - configNeedsSaving = true - - // Create a fresh default config. This sets up paths and a default "en" language. - cfg, err = newDefaultConfig() - if err != nil { - return nil, fmt.Errorf("failed to create default config: %w", err) - } - cfg.IsNew = true // Mark that this is a new config. - - } else { - // Another error occurred (e.g., permissions). - return nil, fmt.Errorf("failed to check for config file at %s: %w", configPath, err) - } - - service := &Service{config: cfg} - - // If the config file didn't exist, save the newly generated one. - if configNeedsSaving { - if err := service.Save(); err != nil { - return nil, fmt.Errorf("failed to save initial config: %w", err) - } - } - - return service, nil -} - -// newDefaultConfig creates a default configuration with resolved paths and ensures directories exist. -func newDefaultConfig() (*Config, error) { - if strings.Contains(appName, "..") || strings.Contains(appName, string(filepath.Separator)) { - return nil, fmt.Errorf("invalid app name '%s': contains path traversal characters", appName) - } - - homeDir, err := os.UserHomeDir() - if err != nil { - return nil, fmt.Errorf("could not resolve user home directory: %w", err) - } - userHomeDir := filepath.Join(homeDir, appName) - - rootDir, err := xdg.DataFile(appName) - if err != nil { - return nil, fmt.Errorf("could not resolve data directory: %w", err) - } - - cacheDir, err := xdg.CacheFile(appName) - if err != nil { - return nil, fmt.Errorf("could not resolve cache directory: %w", err) - } - - cfg := &Config{ - UserHomeDir: userHomeDir, - RootDir: rootDir, - CacheDir: cacheDir, - ConfigDir: filepath.Join(userHomeDir, "config"), - DataDir: filepath.Join(userHomeDir, "data"), - WorkspacesDir: filepath.Join(userHomeDir, "workspaces"), - DefaultRoute: "/", - Features: []string{}, - Language: "en", // Hardcoded default, will be overridden if loaded or detected - } - - dirs := []string{cfg.RootDir, cfg.ConfigDir, cfg.DataDir, cfg.CacheDir, cfg.WorkspacesDir, cfg.UserHomeDir} - for _, dir := range dirs { - if err := os.MkdirAll(dir, os.ModePerm); err != nil { - return nil, fmt.Errorf("could not create directory %s: %w", dir, err) - } - } - - return cfg, nil -} - -// Get returns the loaded configuration. -func (s *Service) Get() *Config { - return s.config -} - -// Save writes the current configuration to config.json. -func (s *Service) Save() error { - configPath := filepath.Join(s.config.ConfigDir, configFileName) - - data, err := json.MarshalIndent(s.config, "", " ") - if err != nil { - return fmt.Errorf("failed to marshal config: %w", err) - } - - if err := os.WriteFile(configPath, data, 0644); err != nil { - return fmt.Errorf("failed to write config file: %w", err) - } - return nil -} - -// IsFeatureEnabled checks if a given feature is enabled in the configuration. -func (s *Service) IsFeatureEnabled(feature string) bool { - for _, f := range s.config.Features { - if f == feature { - return true - } - } - return false -} - -// EnableFeature adds a feature to the list of enabled features and saves the config. -func (s *Service) EnableFeature(feature string) error { - if s.IsFeatureEnabled(feature) { - return nil - } - s.config.Features = append(s.config.Features, feature) - if err := s.Save(); err != nil { - return fmt.Errorf("failed to save config after enabling feature %s: %w", feature, err) - } - return nil -} diff --git a/config/service_test.go b/config/service_test.go deleted file mode 100644 index c3484eef..00000000 --- a/config/service_test.go +++ /dev/null @@ -1,165 +0,0 @@ -package config - -import ( - "fmt" - "os" - "path/filepath" - "strings" - "testing" - - "github.com/adrg/xdg" -) - -// setupTestEnv creates temporary directories and sets environment variables -// to simulate a specific user home and XDG base directories for testing. -// It returns the path to the temporary home directory and a cleanup function. -func setupTestEnv(t *testing.T) (string, func()) { - // Create a temporary directory for the user's home - tempHomeDir, err := os.MkdirTemp("", "test_home") - if err != nil { - t.Fatalf("Failed to create temp home directory: %v", err) - } - - // Store original HOME environment variable to restore it later - oldHome := os.Getenv("HOME") - - // Set HOME environment variable for the test - os.Setenv("HOME", tempHomeDir) - - cleanup := func() { - // Restore original HOME environment variable - os.Setenv("HOME", oldHome) - // Clean up temporary directories - os.RemoveAll(tempHomeDir) - } - - return tempHomeDir, cleanup -} - -func TestNewService(t *testing.T) { - tempHomeDir, cleanup := setupTestEnv(t) - defer cleanup() - - service, err := NewService() - if err != nil { - t.Fatalf("NewService() failed: %v", err) - } - - cfg := service.Get() - - // These paths are based on the mocked HOME directory - expectedUserHomeDir := filepath.Join(tempHomeDir, appName) - expectedConfigDir := filepath.Join(expectedUserHomeDir, "config") - expectedDataDir := filepath.Join(expectedUserHomeDir, "data") - expectedWorkspacesDir := filepath.Join(expectedUserHomeDir, "workspaces") - - // For RootDir and CacheDir, xdg library's init() might have already run - // before our test's os.Setenv calls take effect for xdg. So, we calculate - // the *expected* values based on what xdg *actually* returns in the - // current process, which will likely be the system defaults or whatever - // was set before the test started. - actualXDGDataFile, err := xdg.DataFile(appName) - if err != nil { - t.Fatalf("xdg.DataFile failed: %v", err) - } - actualXDGCacheFile, err := xdg.CacheFile(appName) - if err != nil { - t.Fatalf("xdg.CacheFile failed: %v", err) - } - - expectedRootDir := actualXDGDataFile - expectedCacheDir := actualXDGCacheFile - - tests := []struct { - name string - actual string - expected string - }{ - {"UserHomeDir", cfg.UserHomeDir, expectedUserHomeDir}, - {"RootDir", cfg.RootDir, expectedRootDir}, - {"ConfigDir", cfg.ConfigDir, expectedConfigDir}, - {"DataDir", cfg.DataDir, expectedDataDir}, - {"CacheDir", cfg.CacheDir, expectedCacheDir}, - {"WorkspacesDir", cfg.WorkspacesDir, expectedWorkspacesDir}, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if tt.actual != tt.expected { - t.Errorf("Mismatch for %s: got %q, want %q", tt.name, tt.actual, tt.expected) - } - // Also check if the directory was actually created - if info, err := os.Stat(tt.actual); err != nil { - t.Errorf("Directory %q for %s was not created: %v", tt.actual, tt.name, err) - } else if !info.IsDir() { - t.Errorf("Path %q for %s is not a directory", tt.actual, tt.name) - } - }) - } -} - -func TestNewService_DirectoryCreationFails(t *testing.T) { - // Create a temporary directory that we will make read-only - tempHomeDir, err := os.MkdirTemp("", "test_readonly_home") - if err != nil { - t.Fatalf("Failed to create temp home directory: %v", err) - } - // Ensure cleanup happens, and restore permissions before removing - defer func() { - os.Chmod(tempHomeDir, 0755) // Restore write permissions for os.RemoveAll - os.RemoveAll(tempHomeDir) - }() - - // Make the temporary home directory read-only - if err := os.Chmod(tempHomeDir, 0555); err != nil { // r-xr-xr-x - t.Fatalf("Failed to make temp home directory read-only: %v", err) - } - - // Store original HOME environment variable to restore it later - oldHome := os.Getenv("HOME") - os.Setenv("HOME", tempHomeDir) - defer os.Setenv("HOME", oldHome) - - // NewService should now fail because it cannot create subdirectories in tempHomeDir - _, err = NewService() - if err == nil { - t.Errorf("NewService() expected to fail when directory creation is impossible, but it succeeded") - } - // Optionally, check for a specific error message or type - if err != nil && !strings.Contains(err.Error(), "could not create directory") { - t.Errorf("NewService() failed with unexpected error: %v", err) - } -} - -func TestNewService_PathTraversalAttempt(t *testing.T) { - - problematicAppName := "../lethean" - - // Simulate the validation logic from NewService - if !strings.Contains(problematicAppName, "..") && !strings.Contains(problematicAppName, string(filepath.Separator)) { - t.Errorf("Expected problematicAppName to contain path traversal characters, but it didn't") - } - - // We'll create a temporary function to simulate the validation within NewService - validateAppName := func(name string) error { - if strings.Contains(name, "..") || strings.Contains(name, string(filepath.Separator)) { - return fmt.Errorf("invalid app name '%s': contains path traversal characters", name) - } - return nil - } - - // Test with a problematic app name - err := validateAppName(problematicAppName) - if err == nil { - t.Errorf("validateAppName expected to fail for %q, but it succeeded", problematicAppName) - } - if err != nil && !strings.Contains(err.Error(), "path traversal characters") { - t.Errorf("validateAppName failed for %q with unexpected error: %v", problematicAppName, err) - } - // Test with a safe app name - safeAppName := "lethean" - err = validateAppName(safeAppName) - if err != nil { - t.Errorf("validateAppName expected to succeed for %q, but it failed with error: %v", safeAppName, err) - } -} diff --git a/core.go b/core.go deleted file mode 100644 index 973702fd..00000000 --- a/core.go +++ /dev/null @@ -1,148 +0,0 @@ -package core - -import ( - "embed" - "fmt" - "sync" - - "core/config" - "core/crypt" - "core/display" - "core/docs" - "core/filesystem" - "core/filesystem/local" - "core/workspace" - "github.com/wailsapp/wails/v3/pkg/application" -) - -// Service provides access to all core application services. -type Service struct { - app *application.App - configService *config.Service - displayService *display.Service - docsService *docs.Service - cryptService *crypt.Service - workspaceService *workspace.Service -} - -var ( - instance *Service - once sync.Once - initErr error -) - -// New performs Phase 1 of initialization: Instantiation. -// It creates the raw service objects without wiring them together. -func New(assets embed.FS) *Service { - once.Do(func() { - // Instantiate services in the correct order of dependency. - configService, err := config.NewService() - if err != nil { - initErr = fmt.Errorf("failed to initialize config service: %w", err) - return - } - - // Initialize the local filesystem medium - filesystem.Local, err = local.New(configService.Get().RootDir) - if err != nil { - initErr = fmt.Errorf("failed to initialize local filesystem: %w", err) - return - } - - displayService := display.NewService(display.ClientHub, assets) - docsService := docs.NewService(assets) - cryptService := crypt.NewService(configService.Get()) - workspaceService := workspace.NewService(configService.Get(), workspace.NewLocalMedium()) - - instance = &Service{ - configService: configService, - displayService: displayService, - docsService: docsService, - cryptService: cryptService, - workspaceService: workspaceService, - } - }) - - if initErr != nil { - panic(initErr) // A failure in a core service is fatal. - } - - return instance -} - -// Setup performs Phase 2 of initialization: Wiring. -// It injects the required dependencies into each service. -func Setup(app *application.App) { - if instance == nil { - panic("core.Setup() called before core.New() was successfully initialized") - } - instance.app = app - - // Wire the services with their dependencies. - instance.displayService.Setup(app, instance.configService, nil) - instance.docsService.Setup(app, instance.displayService) -} - -// App returns the global application instance. -func App() *application.App { - if instance == nil || instance.app == nil { - panic("core.App() called before core.Setup() was successfully initialized") - } - return instance.app -} - -// Config returns the singleton instance of the ConfigService. -func Config() *config.Service { - if instance == nil { - panic("core.Config() called before core.New() was successfully initialized") - } - return instance.configService -} - -// Display returns the singleton instance of the display.Service. -func Display() *display.Service { - if instance == nil { - panic("core.Display() called before core.New() was successfully initialized") - } - return instance.displayService -} - -// Docs returns the singleton instance of the DocsService. -func Docs() *docs.Service { - if instance == nil { - panic("core.Docs() called before core.New() was successfully initialized") - } - return instance.docsService -} - -// Crypt returns the singleton instance of the CryptService. -func Crypt() *crypt.Service { - if instance == nil { - panic("core.Crypt() called before core.New() was successfully initialized") - } - return instance.cryptService -} - -// Filesystem returns the singleton instance of the FilesystemService. -func Filesystem() filesystem.Medium { - if instance == nil { - panic("core.Filesystem() called before core.New() was successfully initialized") - } - return filesystem.Local -} - -// Workspace returns the singleton instance of the WorkspaceService. -func Workspace() *workspace.Service { - if instance == nil { - panic("core.Workspace() called before core.New() was successfully initialized") - } - return instance.workspaceService -} - -// Runtime returns the singleton instance of the Service. -func Runtime() *Service { - if instance == nil { - panic("core.Runtime() called before core.New() was successfully initialized") - } - return instance -} diff --git a/crypt/crypt.go b/crypt/crypt.go deleted file mode 100644 index b6cff01d..00000000 --- a/crypt/crypt.go +++ /dev/null @@ -1,23 +0,0 @@ -package crypt - -import ( - "core/config" -) - -// HashType defines the supported hashing algorithms. -type HashType string - -const ( - LTHN HashType = "lthn" - SHA512 HashType = "sha512" - SHA256 HashType = "sha256" - SHA1 HashType = "sha1" - MD5 HashType = "md5" -) - -// Service provides cryptographic functions. -// It is the main entry point for all cryptographic operations -// and is bound to the frontend. -type Service struct { - config *config.Config -} diff --git a/crypt/crypt_test.go b/crypt/crypt_test.go deleted file mode 100644 index 2cde5070..00000000 --- a/crypt/crypt_test.go +++ /dev/null @@ -1,20 +0,0 @@ -package crypt - -import ( - "testing" - - "github.com/stretchr/testify/assert" -) - -func TestHash(t *testing.T) { - s := &Service{} - payload := "hello" - hash := s.Hash(LTHN, payload) - assert.NotEmpty(t, hash) -} - -func TestLuhn(t *testing.T) { - s := &Service{} - assert.True(t, s.Luhn("79927398713")) - assert.False(t, s.Luhn("79927398714")) -} diff --git a/crypt/hash.go b/crypt/hash.go deleted file mode 100644 index 723471dc..00000000 --- a/crypt/hash.go +++ /dev/null @@ -1,33 +0,0 @@ -package crypt - -import ( - "crypto/md5" - "crypto/sha1" - "crypto/sha256" - "crypto/sha512" - "encoding/hex" - - "core/crypt/lib/lthn" -) - -// Hash computes a hash of the payload using the specified algorithm. -func (s *Service) Hash(lib HashType, payload string) string { - switch lib { - case LTHN: - return lthn.Hash(payload) - case SHA512: - hash := sha512.Sum512([]byte(payload)) - return hex.EncodeToString(hash[:]) - case SHA1: - hash := sha1.Sum([]byte(payload)) - return hex.EncodeToString(hash[:]) - case MD5: - hash := md5.Sum([]byte(payload)) - return hex.EncodeToString(hash[:]) - case SHA256: - fallthrough - default: - hash := sha256.Sum256([]byte(payload)) - return hex.EncodeToString(hash[:]) - } -} diff --git a/crypt/lib/lthn/hash.go b/crypt/lib/lthn/hash.go deleted file mode 100644 index c9f0ac09..00000000 --- a/crypt/lib/lthn/hash.go +++ /dev/null @@ -1,46 +0,0 @@ -package lthn - -import ( - "crypto/sha256" - "encoding/hex" -) - -// SetKeyMap sets the key map for the notarisation process. -func SetKeyMap(newKeyMap map[rune]rune) { - keyMap = newKeyMap -} - -// GetKeyMap gets the current key map. -func GetKeyMap() map[rune]rune { - return keyMap -} - -// Hash creates a reproducible hash from a string. -func Hash(input string) string { - salt := createSalt(input) - hash := sha256.Sum256([]byte(input + salt)) - return hex.EncodeToString(hash[:]) -} - -// createSalt creates a quasi-salt from a string by reversing it and swapping characters. -func createSalt(input string) string { - if input == "" { - return "" - } - runes := []rune(input) - salt := make([]rune, len(runes)) - for i := 0; i < len(runes); i++ { - char := runes[len(runes)-1-i] - if replacement, ok := keyMap[char]; ok { - salt[i] = replacement - } else { - salt[i] = char - } - } - return string(salt) -} - -// Verify checks if an input string matches a given hash. -func Verifyf(input string, hash string) bool { - return Hash(input) == hash -} diff --git a/crypt/lib/lthn/hash_test.go b/crypt/lib/lthn/hash_test.go deleted file mode 100644 index 463ea5d6..00000000 --- a/crypt/lib/lthn/hash_test.go +++ /dev/null @@ -1,48 +0,0 @@ -package lthn - -import ( - "fmt" - "testing" - - "github.com/stretchr/testify/assert" -) - -func TestHash(t *testing.T) { - input := "test_string" - expectedHash := "45d4027179b17265c38732fb1e7089a0b1adfe1d3ba4105fce66f7d46ba42f7d" - - hashed := Hash(input) - fmt.Printf("Hash for \"%s\": %s\n", input, hashed) - - assert.Equal(t, expectedHash, hashed, "The hash should match the expected value") -} - -func TestCreateSalt(t *testing.T) { - // Test with default keyMap - SetKeyMap(map[rune]rune{}) - assert.Equal(t, "gnirts_tset", createSalt("test_string")) - assert.Equal(t, "", createSalt("")) - assert.Equal(t, "A", createSalt("A")) - - // Test with a custom keyMap - customKeyMap := map[rune]rune{ - 'a': 'x', - 'b': 'y', - 'c': 'z', - } - SetKeyMap(customKeyMap) - assert.Equal(t, "zyx", createSalt("abc")) - assert.Equal(t, "gnirts_tset", createSalt("test_string")) // 'test_string' doesn't have 'a', 'b', 'c' - - // Reset keyMap to default for other tests - SetKeyMap(map[rune]rune{}) -} - -func TestVerify(t *testing.T) { - input := "another_test_string" - hashed := Hash(input) - - assert.True(t, Verifyf(input, hashed), "Verifyf should return true for a matching hash") - assert.False(t, Verifyf(input, "wrong_hash"), "Verifyf should return false for a non-matching hash") - assert.False(t, Verifyf("different_input", hashed), "Verifyf should return false for different input") -} diff --git a/crypt/lib/lthn/lthn.go b/crypt/lib/lthn/lthn.go deleted file mode 100644 index 5a1f6e1d..00000000 --- a/crypt/lib/lthn/lthn.go +++ /dev/null @@ -1,16 +0,0 @@ -package lthn - -// keyMap is the default character-swapping map used for the quasi-salting process. -var keyMap = map[rune]rune{ - 'o': '0', - 'l': '1', - 'e': '3', - 'a': '4', - 's': 'z', - 't': '7', - '0': 'o', - '1': 'l', - '3': 'e', - '4': 'a', - '7': 't', -} diff --git a/crypt/lib/openpgp/encrypt.go b/crypt/lib/openpgp/encrypt.go deleted file mode 100644 index 9da18e7d..00000000 --- a/crypt/lib/openpgp/encrypt.go +++ /dev/null @@ -1,106 +0,0 @@ -package openpgp - -import ( - "bytes" - "fmt" - "io" - "strings" - - "core/filesystem" - "github.com/ProtonMail/go-crypto/openpgp" - "github.com/ProtonMail/go-crypto/openpgp/armor" -) - -// EncryptPGP encrypts data for a recipient, optionally signing it. -func EncryptPGP(medium filesystem.Medium, recipientPath, data string, signerPath, signerPassphrase *string) (string, error) { - recipient, err := GetPublicKey(medium, recipientPath) - if err != nil { - return "", fmt.Errorf("failed to get recipient public key: %w", err) - } - - var signer *openpgp.Entity - if signerPath != nil && signerPassphrase != nil { - signer, err = GetPrivateKey(medium, *signerPath, *signerPassphrase) - if err != nil { - return "", fmt.Errorf("could not get private key for signing: %w", err) - } - } - - buf := new(bytes.Buffer) - armoredWriter, err := armor.Encode(buf, pgpMessageHeader, nil) - if err != nil { - return "", fmt.Errorf("failed to create armored writer: %w", err) - } - - plaintextWriter, err := openpgp.Encrypt(armoredWriter, []*openpgp.Entity{recipient}, signer, nil, nil) - if err != nil { - return "", fmt.Errorf("failed to encrypt: %w", err) - } - - if _, err := plaintextWriter.Write([]byte(data)); err != nil { - return "", fmt.Errorf("failed to write plaintext data: %w", err) - } - - if err := plaintextWriter.Close(); err != nil { - return "", fmt.Errorf("failed to close plaintext writer: %w", err) - } - if err := armoredWriter.Close(); err != nil { - return "", fmt.Errorf("failed to close armored writer: %w", err) - } - - // Debug print the encrypted message - fmt.Printf("Encrypted Message:\n%s\n", buf.String()) - - return buf.String(), nil -} - -// DecryptPGP decrypts a PGP message, optionally verifying the signature. -func DecryptPGP(medium filesystem.Medium, recipientPath, message, passphrase string, signerPath *string) (string, error) { - privateKeyEntity, err := GetPrivateKey(medium, recipientPath, passphrase) - if err != nil { - return "", fmt.Errorf("failed to get private key: %w", err) - } - - // For this API version, the keyring must contain all keys for decryption and verification. - keyring := openpgp.EntityList{privateKeyEntity} - var expectedSigner *openpgp.Entity - - if signerPath != nil { - publicKeyEntity, err := GetPublicKey(medium, *signerPath) - if err != nil { - return "", fmt.Errorf("could not get public key for verification: %w", err) - } - keyring = append(keyring, publicKeyEntity) - expectedSigner = publicKeyEntity - } - - // Debug print the message before decryption - fmt.Printf("Message to Decrypt:\n%s\n", message) - - // We pass the combined keyring, and nil for the prompt function because the private key is already decrypted. - md, err := openpgp.ReadMessage(strings.NewReader(message), keyring, nil, nil) - if err != nil { - return "", fmt.Errorf("failed to read PGP message: %w", err) - } - - decrypted, err := io.ReadAll(md.UnverifiedBody) - if err != nil { - return "", fmt.Errorf("failed to read decrypted body: %w", err) - } - - // The signature is checked automatically if the public key is in the keyring. - // We still need to check for errors and that the signer was who we expected. - if signerPath != nil { - if md.SignatureError != nil { - return "", fmt.Errorf("signature verification failed: %w", md.SignatureError) - } - if md.SignedBy == nil { - return "", fmt.Errorf("message is not signed, but signature verification was requested") - } - if expectedSigner.PrimaryKey.KeyId != md.SignedBy.PublicKey.KeyId { - return "", fmt.Errorf("signature from unexpected key id: got %X, want %X", md.SignedBy.PublicKey.KeyId, expectedSigner.PrimaryKey.KeyId) - } - } - - return string(decrypted), nil -} diff --git a/crypt/lib/openpgp/key.go b/crypt/lib/openpgp/key.go deleted file mode 100644 index 71734447..00000000 --- a/crypt/lib/openpgp/key.go +++ /dev/null @@ -1,226 +0,0 @@ -package openpgp - -import ( - "bytes" - "crypto" - "fmt" - "path/filepath" - "strings" - "time" - - "github.com/ProtonMail/go-crypto/openpgp" - "github.com/ProtonMail/go-crypto/openpgp/armor" - "github.com/ProtonMail/go-crypto/openpgp/packet" - "core/crypt/lib/lthn" - "core/filesystem" -) - -// CreateKeyPair generates a new OpenPGP key pair. -// The password parameter is optional. If not provided, the private key will not be encrypted. -func CreateKeyPair(username string, passwords ...string) (*KeyPair, error) { - var password string - if len(passwords) > 0 { - password = passwords[0] - } - - entity, err := openpgp.NewEntity(username, "Lethean Desktop", "", &packet.Config{ - RSABits: 4096, - DefaultHash: crypto.SHA256, - }) - if err != nil { - return nil, fmt.Errorf("failed to create new entity: %w", err) - } - - // The private key is initially unencrypted after NewEntity. - // Generate revocation certificate while the private key is unencrypted. - revocationCert, err := createRevocationCertificate(entity) - if err != nil { - revocationCert = "" // Non-critical, proceed without it if it fails - } - - // Encrypt the private key only if a password is provided, after revocation cert generation. - if password != "" { - if err := entity.PrivateKey.Encrypt([]byte(password)); err != nil { - return nil, fmt.Errorf("failed to encrypt private key: %w", err) - } - } - - publicKey, err := serializeEntity(entity, openpgp.PublicKeyType, "") // Public key doesn't need password - if err != nil { - return nil, err - } - - // Private key serialization. The key is already in its final encrypted/unencrypted state. - privateKey, err := serializeEntity(entity, openpgp.PrivateKeyType, "") // No password needed here for serialization - if err != nil { - return nil, err - } - - return &KeyPair{ - PublicKey: publicKey, - PrivateKey: privateKey, - RevocationCertificate: revocationCert, - }, nil -} - -// CreateServerKeyPair creates and stores a key pair for the server in a specific directory. -func CreateServerKeyPair(keysDir string) error { - serverKeyPath := filepath.Join(keysDir, "server.lthn.pub") - // Passphrase is derived from the path itself, consistent with original logic. - passphrase := lthn.Hash(serverKeyPath) - return createAndStoreKeyPair("server", passphrase, keysDir) -} - -// GetPublicKey retrieves an armored public key for a given ID. -func GetPublicKey(medium filesystem.Medium, path string) (*openpgp.Entity, error) { - return readEntity(medium, path) -} - -// GetPrivateKey retrieves and decrypts an armored private key. -func GetPrivateKey(medium filesystem.Medium, path, passphrase string) (*openpgp.Entity, error) { - entity, err := readEntity(medium, path) - if err != nil { - return nil, err - } - - if entity.PrivateKey == nil { - return nil, fmt.Errorf("no private key found for path %s", path) - } - - if entity.PrivateKey.Encrypted { - if err := entity.PrivateKey.Decrypt([]byte(passphrase)); err != nil { - return nil, fmt.Errorf("failed to decrypt private key for path %s: %w", path, err) - } - } - - var primaryIdentity *openpgp.Identity - for _, identity := range entity.Identities { - if identity.SelfSignature.IsPrimaryId != nil && *identity.SelfSignature.IsPrimaryId { - primaryIdentity = identity - break - } - } - if primaryIdentity == nil { - for _, identity := range entity.Identities { - primaryIdentity = identity - break - } - } - - if primaryIdentity == nil { - return nil, fmt.Errorf("key for %s has no identity", path) - } - - if primaryIdentity.SelfSignature.KeyLifetimeSecs != nil { - if primaryIdentity.SelfSignature.CreationTime.Add(time.Duration(*primaryIdentity.SelfSignature.KeyLifetimeSecs) * time.Second).Before(time.Now()) { - return nil, fmt.Errorf("key for %s has expired", path) - } - } - - return entity, nil -} - -// --- Helper Functions --- - -func createAndStoreKeyPair(id, password, dir string) error { - var keyPair *KeyPair - var err error - - if password != "" { - keyPair, err = CreateKeyPair(id, password) - } else { - keyPair, err = CreateKeyPair(id) - } - - if err != nil { - return fmt.Errorf("failed to create key pair for id %s: %w", id, err) - } - - if err := filesystem.Local.EnsureDir(dir); err != nil { - return fmt.Errorf("failed to ensure key directory exists: %w", err) - } - - files := map[string]string{ - filepath.Join(dir, fmt.Sprintf("%s.lthn.pub", id)): keyPair.PublicKey, - filepath.Join(dir, fmt.Sprintf("%s.lthn.key", id)): keyPair.PrivateKey, - filepath.Join(dir, fmt.Sprintf("%s.lthn.rev", id)): keyPair.RevocationCertificate, // Re-enabled - } - - for path, content := range files { - if content == "" { - continue - } - if err := filesystem.Local.Write(path, content); err != nil { - return fmt.Errorf("failed to write key file %s: %w", path, err) - } - } - return nil -} - -func readEntity(m filesystem.Medium, path string) (*openpgp.Entity, error) { - keyArmored, err := m.Read(path) - if err != nil { - return nil, fmt.Errorf("failed to read key file %s: %w", path, err) - } - - entityList, err := openpgp.ReadArmoredKeyRing(strings.NewReader(keyArmored)) - if err != nil { - return nil, fmt.Errorf("failed to parse key file %s: %w", path, err) - } - if len(entityList) == 0 { - return nil, fmt.Errorf("no entity found in key file %s", path) - } - return entityList[0], nil -} - -func serializeEntity(entity *openpgp.Entity, keyType string, password string) (string, error) { - buf := new(bytes.Buffer) - writer, err := armor.Encode(buf, keyType, nil) - if err != nil { - return "", fmt.Errorf("failed to create armor encoder: %w", err) - } - - if keyType == openpgp.PrivateKeyType { - // Serialize the private key in its current in-memory state. - // Encryption is handled by CreateKeyPair before this function is called. - err = entity.SerializePrivateWithoutSigning(writer, nil) - } else { - err = entity.Serialize(writer) - } - - if err != nil { - return "", fmt.Errorf("failed to serialize entity: %w", err) - } - if err := writer.Close(); err != nil { - return "", fmt.Errorf("failed to close armor writer: %w", err) - } - return buf.String(), nil -} - -func createRevocationCertificate(entity *openpgp.Entity) (string, error) { - buf := new(bytes.Buffer) - writer, err := armor.Encode(buf, openpgp.SignatureType, nil) - if err != nil { - return "", fmt.Errorf("failed to create armor encoder for revocation: %w", err) - } - - sig := &packet.Signature{ - SigType: packet.SigTypeKeyRevocation, - PubKeyAlgo: entity.PrimaryKey.PubKeyAlgo, - Hash: crypto.SHA256, - CreationTime: time.Now(), - IssuerKeyId: &entity.PrimaryKey.KeyId, - } - - // SignKey requires an unencrypted private key. - if err := sig.SignKey(entity.PrimaryKey, entity.PrivateKey, nil); err != nil { - return "", fmt.Errorf("failed to sign revocation: %w", err) - } - if err := sig.Serialize(writer); err != nil { - return "", fmt.Errorf("failed to serialize revocation signature: %w", err) - } - if err := writer.Close(); err != nil { - return "", fmt.Errorf("failed to close revocation writer: %w", err) - } - return buf.String(), nil -} diff --git a/crypt/lib/openpgp/openpgp.go b/crypt/lib/openpgp/openpgp.go deleted file mode 100644 index 1e604a55..00000000 --- a/crypt/lib/openpgp/openpgp.go +++ /dev/null @@ -1,12 +0,0 @@ -package openpgp - -// pgpMessageHeader is the standard armor header for PGP messages. -const pgpMessageHeader = "PGP MESSAGE" - -// KeyPair holds the generated armored keys and revocation certificate. -// This is the primary data structure representing a user's PGP identity within the system. -type KeyPair struct { - PublicKey string - PrivateKey string - RevocationCertificate string -} diff --git a/crypt/lib/openpgp/sign.go b/crypt/lib/openpgp/sign.go deleted file mode 100644 index 2fd8b903..00000000 --- a/crypt/lib/openpgp/sign.go +++ /dev/null @@ -1,39 +0,0 @@ -package openpgp - -import ( - "bytes" - "fmt" - "strings" - - "core/filesystem" - "github.com/ProtonMail/go-crypto/openpgp" -) - -// Sign creates a detached signature for the data. -func Sign(medium filesystem.Medium, data, privateKeyPath, passphrase string) (string, error) { - signer, err := GetPrivateKey(medium, privateKeyPath, passphrase) - if err != nil { - return "", fmt.Errorf("failed to get private key for signing: %w", err) - } - - buf := new(bytes.Buffer) - if err := openpgp.ArmoredDetachSign(buf, signer, strings.NewReader(data), nil); err != nil { - return "", fmt.Errorf("failed to create detached signature: %w", err) - } - - return buf.String(), nil -} - -// Verify checks a detached signature. -func Verify(medium filesystem.Medium, data, signature, publicKeyPath string) (bool, error) { - keyring, err := GetPublicKey(medium, publicKeyPath) - if err != nil { - return false, fmt.Errorf("failed to get public key for verification: %w", err) - } - - _, err = openpgp.CheckArmoredDetachedSignature(openpgp.EntityList{keyring}, strings.NewReader(data), strings.NewReader(signature), nil) - if err != nil { - return false, fmt.Errorf("signature verification failed: %w", err) - } - return true, nil -} diff --git a/crypt/service.go b/crypt/service.go deleted file mode 100644 index 728cc88e..00000000 --- a/crypt/service.go +++ /dev/null @@ -1,43 +0,0 @@ -package crypt - -import ( - "context" - "fmt" - "log" - "path/filepath" - - "core/config" - "core/crypt/lib/openpgp" - "core/filesystem" - "github.com/wailsapp/wails/v3/pkg/application" -) - -// createServerKeyPair is a package-level variable that can be swapped for testing. -var createServerKeyPair = openpgp.CreateServerKeyPair - -// NewService creates a new crypt.Service, accepting a config service instance. -func NewService(cfg *config.Config) *Service { - return &Service{ - config: cfg, - } -} - -// ServiceStartup Startup is called when the app starts. It handles one-time cryptographic setup. -func (s *Service) ServiceStartup(ctx context.Context, options application.ServiceOptions) error { - // Define the directory for server keys based on the central config. - serverKeysDir := filepath.Join(s.config.DataDir, "server_keys") - if err := filesystem.EnsureDir(filesystem.Local, serverKeysDir); err != nil { - return fmt.Errorf("failed to create server keys directory: %w", err) - } - - // Check for server key pair using the configured path. - serverKeyPath := filepath.Join(serverKeysDir, "server.lthn.pub") - if !filesystem.IsFile(filesystem.Local, serverKeyPath) { - log.Println("Creating server key pair...") - if err := createServerKeyPair(serverKeysDir); err != nil { - return fmt.Errorf("failed to create server key pair: %w", err) - } - log.Println("Server key pair created.") - } - return nil -} diff --git a/crypt/sum.go b/crypt/sum.go deleted file mode 100644 index 74530374..00000000 --- a/crypt/sum.go +++ /dev/null @@ -1,77 +0,0 @@ -package crypt - -import ( - "encoding/binary" - "strconv" - "strings" -) - -// Luhn validates a number using the Luhn algorithm. -func (s *Service) Luhn(payload string) bool { - payload = strings.ReplaceAll(payload, " ", "") - sum := 0 - isSecond := false - for i := len(payload) - 1; i >= 0; i-- { - digit, err := strconv.Atoi(string(payload[i])) - if err != nil { - return false // Contains non-digit - } - - if isSecond { - digit = digit * 2 - if digit > 9 { - digit = digit - 9 - } - } - - sum += digit - isSecond = !isSecond - } - return sum%10 == 0 -} - -// Fletcher16 computes the Fletcher-16 checksum. -func (s *Service) Fletcher16(payload string) uint16 { - data := []byte(payload) - var sum1, sum2 uint16 - for _, b := range data { - sum1 = (sum1 + uint16(b)) % 255 - sum2 = (sum2 + sum1) % 255 - } - return (sum2 << 8) | sum1 -} - -// Fletcher32 computes the Fletcher-32 checksum. -func (s *Service) Fletcher32(payload string) uint32 { - data := []byte(payload) - // Pad with 0 to make it even length for uint16 conversion - if len(data)%2 != 0 { - data = append(data, 0) - } - - var sum1, sum2 uint32 - for i := 0; i < len(data); i += 2 { - val := binary.LittleEndian.Uint16(data[i : i+2]) - sum1 = (sum1 + uint32(val)) % 65535 - sum2 = (sum2 + sum1) % 65535 - } - return (sum2 << 16) | sum1 -} - -// Fletcher64 computes the Fletcher-64 checksum. -func (s *Service) Fletcher64(payload string) uint64 { - data := []byte(payload) - // Pad to multiple of 4 - if len(data)%4 != 0 { - padding := 4 - (len(data) % 4) - data = append(data, make([]byte, padding)...) - } - - var sum1, sum2 uint64 - for i := 0; i < len(data); i += 4 { - val := binary.LittleEndian.Uint32(data[i : i+4]) - sum1 = (sum1 + uint64(val)) % 4294967295 - sum2 = (sum2 + sum1) % 4294967295 - } - return (sum2 << 32) | sum1 -} diff --git a/display/apptray.png b/display/apptray.png deleted file mode 100644 index 0778fc6187abdbb56b8f7f4d0b9c78399642e59b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 32953 zcmZ^K1ymhDvgpMfg1ft3JU}iIAh^4`OK>MhaCZqVK@u#uySqz(;1>;Yk-$Yi+1>Yc z|DONnoH<=nUDnez-PK(^Q7TH(7^ozu0000(Rz^|{0DyS~VF1X8uZ4kYxz%d{Z~b2J zJpfRffc9vL@cK+;E~BOh0QfQh070Pu!2K&K=nw$#-~<4UO#lF)OaOq;Ij2n(^jZ;W zsUvHps0d(rg^>XWFgO6XR|w{>78nx1Uul2!$-$8RFRTW`^e-A%03gB^0RJxHtz1uLO`IGmluZ@ z4~LVhHIPeCP!Pz;4dmu#f2Ck|^ZDp*>dpSqjrN~H{zs0arJK2{t+TtW(?_bma!t*g zJlut8X#Oht-|L@ty4za)Thm9ke>Lm1fxy2tKrRkW;Qx!w(%bg`!}ho4pKSkV*FV*P z{t6S)RkL(+a`5;J9hKau~< zpzLaE`T8RNVHelG%=%BYIAmjt%%Yi(uu4sf6qGtTZE*@U;rK2M$Xi zKj8l88Zu1j1iPVUL(hCw5Q6!=Qn#L=H1_GwT1}(lTGP_mh=Gl+)*V4N!dG=d+?Po0A7t&HgxI z;%M1|-Bz6E?fSEtjb-0R!Z#z@7Vva`#Qnwi<$l>d0d$FcQ-+ddMLdb>aPAa*ykR_$ zhOx$x+cV)%!TPoX3X+jr-H)4sZiy_nZJ} z`q75pc@+q{m%>b@AWt4UW{7gTL7+qY+Ebr!<*dTDt9E{Q&X-mJkB_2^=M{>Jiv*tN zi5{mhFfpo#NyuUYE>rRqXr5~6stvjVo=7QCVL$E7=XafjmM7?mUX~!hP#OU(1$i8>A=G!iI*b!k?t?z&&qmXh_yL4TGcx(hrzIy$P- zvR8F7cG9R>E{4?3o~q)#7~=4~?Kf3m0!oam*WlAz56WIvZ{%%g2ffY8tKNNkGu`4A zSR|tP^M0v0?|vRuIZ*BN6H@H+ZMbx}kyb^LwcKS^^)jPsX<*dcot6UIN58{DCy>oD z(#Ou5rH$FyS*ckUT_`K$pc+AotjBHn54qb0fL8Q!)xLr=i}R)H{`kcC?Z-TrkU;Yi zy-$NwXBR0cDVzgG<=uf)cKoEOovML=@W4_1rI-7%m_AXDevFz(z1db5l6+xq?hYXN z;NBiQ0g@%EYH;k=CH0tBSAeSTx!~IX1Lw1q9<*5_B%V%0-LA4znC=Z{y4uvfN#Ww+ zV&}>P1_tu-^M||gz6dH7Pk)_Uic6=AFGHG#Q~0oh0F+s+s~jLK`)l$}!)}qxwn~1* z-N{l_KgeMJ7*0asp@UhjsM*}8>!Y`~=A6xft@|XMY^jMiTuX|ydJ68Ep6zwuRKV4j zxA;TH_oKP z->53Ks^E*ql)rb@WJ$9zbKQ}bC3%ACT6Z$P4Ln#V#Mho4=-WJB{NAW-8cy|STfv9$ z1)s>6(?1=-mN^;g5c$x=WCD)6uUuImeI43XJhu?ueYXEq5a&j*JcXPko!O+~~{G{0Ys7D|D^6Knq?D5E)qP?jw0kmiR z1vLBj1Bcay?SM8mJI&{_>v?70RH&<6kO^3ohICi3<*%R598M%h*MtXxm#To}yn2D~ zA?+sK7GDF&+>Qt+20~(==C^2!os22>589g;ZSN19e8%r9m?dfyv-vUp++gHqGaQ{` zVPSNy0FRkPBkq6nS5{oPr1fzYt1{Ufi3u1eZzF#<0FaUYf|7rI`B+e6y^F$_!&%yZ z?$mLV?v}Xtl5jLM{`lJWoPs+tTz20uF)&Phf51&q-!mEX8|QmILPQzz9kEKatF6lr zR{b7-j(Yvv?`wblbGoKpo$9pSQd_gM_A;zv*llC6_+8ULGGu$+dwMGapfm4 zJxuuf+P6V7&!byCTQR-z{TaFb zL9;$1;5hyX2#S@d?nyz{Z*0A^o=m*1@hGk z>AcqEM*Vcae6!<&>D5$Cne1Z#`i=3_I}w6wQmO-k?Ec>~`7&tP;R-tD{9h-uZEg}2 z*Sy0sbWn#7J2dCk*7T2h7fhB94*P*=8zgD1xJS_0ea_ho_6QACA6{`N%O7e5M%BkIb!Firr;+hE$s7vKE?4#dG`t6Q zh?`C+&fAtr5O;oBdjM;zgN^rLq@R54=>A>3u>=hpioVij5D+0FBj4Rk~ovrv6&5uWs^|=E04}^Ns4Yr$Gxde3tpC zL+Ru2)5aj|-F<$Zd$K-+5zd(Aeim2s2^TbRmmd-$p{am&oO4;AptGq^Rx2_SQZ-?~ zw5}C5e0h5D zS?!*Mk3B)T2+LwU#l^t{Ibx0u?hdfU!J9(h)ZH2r3U>-EL{rw~vqrH};&w*su(f7@ zacAd6UrL!x5AOWr_=Vb(pg-A?9e=Cy65MWLp(tKAY;gby*2)WD`l_Y@!~3SJrk|tz z(CGqx>jROJ+d$8D*E)Tg5{6)?q<8Uz1J8+332s2pV!7LeLMY?-9eF__0ag8E|EDa{ zaLztiyK+`9!~nuj!p`llyP_vQ=~}=`?>3^4PufuD^Bvs#X8~k%gebF0+Rukb30>Jr z9+q+@`cAjI(7d%zKI6LL{zuE*M&Nf)Z;qEMRkij2Z|}VW7o-6iL)3RYN+gweZWZia z`--s%hLqBin*k^KoA;DG{Z>18O1mFgP6BOAOb)LZ-a<_Bu)L=(e)eqitcpkM8XM^@ zvvi7uq>Nl(PIY%I@U^7ks!QpIg6H$HVcz2M)g~1V{fhB6b2g;6>x`I(Z9*Gcx?evy z6Xc986OC?vCM_#vsQtmLEGh7z2v=6SO3(0D?e3QdR+p3I-rGQJDcDjEFP_!fWl#09 zI zz&_`fX=g^VEnk4kR*FwoiMlyQc)Ss_VKYmdnChET2ejMgo+NlwI`+Pp$*XU?32gA` zx&EA1#L(E-SPf1RqL}$>Wn~fQKzE}<^SbBoJF1)WS;T%KjFECA@1|3{CX!n-I!=_X zxB0GPQEwer5*Y}M*&G|{I7~=g@*rRQT=M$TX$5Z~Cq=(X*|lF#&dvg(-tOFK<#1dt zdJutxggpJ|&x8|@><$eB$J47`n7<8Vn9)vG2oerC=U-VX;ji9Hy&p_G%~O5HU*gij zO~iFJW&k($h3dVY;5C+@9@vTX+n8mhglj?%?~=&f+?#ywb;^>stJ;|e_Mwk>?k82Z zWMqRk<3DIGy<_uQDhe>M`L@bNhE?Gy0=sVaa1&mrO4j~Z`+~EK(e`|;11eb;NI9oB zw~T-OYJg_RBSj!i4;!Lp#a01rH3pqfqc_IA4r+P-L^%1K`1&-IuzS6F^e4)^t(QT7 zQC9CfOc#s1#@ew+uwCTf%=TSI#)(o1cI4YbkV53u5GZ6@-)MOB(xy^Uiy}?lN0+;= zm+4zHA11H*J)_->oc~Fc*CY0l^fRg-`rU{+0ev8A_#K={=ik@qv{k#;G(Ls*z0 zx4R+H$>sizoM>FWS2gQfLl2(ROMmoVf)0bu+Tm4kniW#MwG!tqW(m*0`8%Ixnt-dN zDp9Y+vZjrNVo%x0+g(O!ynQFcD9I=&S&VrfIq|pwB`R5drnBoykyPCovHgCsCgKh+XC{0otsU6x?}Vz%Z2GSKbb2o5pH+PO zix(s$;(^cv$nWiZ@n#c1s7STGw?vfhq5;WQEL1*l=Y-gPSm+~571HvvfJI?K1Yj$!47j*#spNkQKEC<3=d+{impIuoMyS#_Vz0l|GS{bOgwVx+e zU&lr(dZQ_Lq2CAXw*nehtRWKp-9fo_yw4;QR?Xp3QY{IeNb_9sKW?t~?{?m9@!es$ z-eh@k5TT?sPhR9eY|!R84GrR0P2lr9vM(DW#@@d}>x2Cvqa3==>;i_6$(^SZK4x(w zBK?RHfU?OyFP(#6OgkLo{su!s%#eR|OGL967a1sS`-+u{nT@Q6+LoC(AC`TBe6#d9jzdh@5I z1&K26HayBmTsi&KSXGMTGCaDA+(6-4k|X)CWht}P;Y#69<7y-3xOT+;c+cPKtv9uN z6;rj8BCStT?V?=Vpv&sqcF&zSR28$+4>>*6xyC;mcaMs_OM9YmGdoYUO9Ax_*!;JV zkQDTxKvtte)m>$0?V1a&#lxxD7@NnovB1|*sMEbI@A>3nW+uBuAo3mFrX%6*^6%)O zHI%$r1k@;tiw>>~k~*Yh={w#~x*`zCpB!SZ0u0`~M7sNwkeeN>)}i8yN!?}af7OD9;THKgGT@< z#2ON#MyZXjdrPLLxW)@<1v9X}$I>b!(0cA_*M6IwsmKDmUB?$&b~_L#hZ7MPhyt+o zi>vICb6o!Xbm~G`3$pK!aO|==VI~?diWsaEaj*xEzazVp2(>>}qK=tCDMLg>Wj=Cn z=k0R#7|HNXvp>>o+Pacd0CUL8OLFDX{)u7(a=D7tC)Os*m%IkqlKqIR}<+eN&Wn_@9xw$D1upXCKZkVX<>~)W`!#%fWBOw&K zXtDgDVy;FTMnpZn1#MXE*at_+`ygwyrW;wl1MQ_m{%om4_M}=GK{F{ArM?JcYW{63 zRV-frBbH)CAPScxko;WrdfC_SWBcwI&|t*+#T}NB+-n`fC94DVsTTLCkCBUcgVd(d zsPmpo0rxq_HlT@Z+>72yUrc|qPiw~}7=!f3xKscA(RlTWI|aqfCs#B79AN2!3*&MB zQOjn+{OW3R_ot^@0lA)v()5gW{@s4o- z^w^V9syhtU#0B+OI$EL67`>X_63)Zc@$Wo;9kCoN0RvpR#}=;nUkLW$(-H1Rm+ijR z2p)Yk@9wx{scq6A$f}+S8W${O9nLTgfChM%+*0TCxdHM{6HH42-*~0hC@IEP_wV3z zf5vrjn~pc!^)mInVC`{nEI_26Z2ZPRyxQVujyAm`w>>!#GkJmP<=*>vAcxeXKwx=i zmOYoT17|5!?w(qt-Gz@Q^fH506dl`eBGjaJ+k@iYy10JOf~({mMy4G9p}X+N$`_c| z^~jw^@%#AXlzhm3QFKVwvfKN2?Xbw;hxea+Dwx~_OSP8(3N>y5(`n`~gNw?h$SAw{ zt6}fPsQAm*MQ61A;z(YG;`FiBYuz4CR@Sdr4UUi!*!~c^4E1oE*Ln{vdh<@~lIQQN zN=SG54NZeCu3+f7^Zkvw$f#U>1UpLH{P#RWORqAdnckOiPUGz*ts6{aO+U5bUM$Mq zSQ`&B6g)*8ob?`5QTXstV2K2kA@#5L)#6H5i+2B%tNG)dH=USa1rKaKjE3VBo;tte z@`2)KZzMcD)eLXr7iYd;os;~6_J}#1+6dR=8DGfSO(G#7BE|QR;bsS4X8XmCyqP3T zg+nU&lN8JFqwzyD?-bShC5Bf|-^V@-)o|Isj1{!F%uT8XNV1ATZc*EO9CzkmdKsSSrVJ+_|2G}S8G#HO*7^bu>JD8M`zxnvas^G%S6`nlof~s1_d|ZT8;<~2`o(;4)P`fwtEs`$cVU~ zQv~cf2qd1Ik|O$_d|5jQrORJfq|rdpwq|x_r=!D^-HOXTu5}rvW|r_lO3Q_!&Cnf* zjO-SKv~x)RUH9|hZC9t(`Qyf2x5DnQ{dXPP_y>*mi$BKPWn4&-rFKd7p&joD(ba6< zt>V9tE57`k!ZglPf7(;_D9H>owR@a+m(dLiGO&@&r*$nUO#SlAHN3OP0Nl%%g&ly? z-iE)wP1rfs?z#vAK9Yf*t6wJ6kvb^!8(wSyQ#nu33F$^ISCenCE~L#;&4qmvGAci5)HNIlNwMy zJcH7j^o7EX+SC<=0!>{x35m-ILE^Cjciq+5iX2dTN~u6T4lO3mxxQ zV+>Zm^*D!W>-Z;Os)juN5mz)|>mE+dj^FmeP+Yc>;`hdBEtf>$@IRu5C*Ph4$yT81 zO-LKh@9-i#0?3UIercaQ+LFYI@+4L=vrh~)I>!89Q$%HC48fnDl95d365B?%?Tw}e zZ+FF#$Q({gTCWZ5-sOUzq?HMO&Jlcg>G5l56tP9s^`y1sLQ+C_N&3Y4zrl=$Xot2^ zBa=ov!%1=uRH>+1<%>KOR;Q?Rv*E<4Z`>q zF-9)N_gkf~u~`-)8b|v$hzyb%d1>FcWe&zP)CdG%D3(5df(26M=X9ks94_y*>@NL^ zAdKD!zimLiKX2anbel8|t?IQr0XW}!y^WE(4u-=N2)cR}6*_;r;VG;gUTAVOq^NC} zpdD!3zuT3VE&(d%@>NBN$>=l4WVU=~h~4K-+}SsFNX|AsUnXpeIGvH=9DH|)RJ_zc zf7`$^{v|sdB_}*WH9r+cMr7|+)VMNHs|DlTti=VUPmtKjd%dw#G^L<~m!(RhPYVa# z&gW$?PA*dk%_yS6BK*%?2cj=fRle{3K@IlH)!?6@O@EZ6GF}YRF-_nSu7=P+`Rgsv zfls$<=c$aZ*|O+O?*~E3oqAIdp*FMm#lSf2!0DC7aq`>7H{>eh4IS^fzE$TH#47o) zaWHvr*)MCBj9OGs3q+wx@59=Z-3sCYMZaROw=zk9nZ6vLwxFNeq)Bhf8Kbl34#}GD za*#*U(`ZyLN&A56ZjY=z6?RX1ZoD=>og)bz1m0~&_;KRg^&|v7-lad?Zk{i+zYb}* zRK*@^j?ImNzDcu#fgR!QE*NNBK0$jTcNNH zWKg2;C;vxjq|ppN8IFu0V!QPnJS}utb5mUdP8yn!sBgg{>emJ9U2I<`55t7l5qJa; zymPkQ1cfA}P7dkRCGm}{X$d``R6n9c->oBC79Ok-Rk!43v#mr(X*S&l{a56J+~DGPZ-wgNMXo)4-0p| zkkZY-kUEN`^1+jpLf&WA>Xu`VM!UEn;MIp9`L!~IQR@(9BZ+;%6h$3_FOZZ?qt^+6 zZ(_C__d={>^wKrF(mAZBR0O- zvdTT3A;br~+=CNEw;Cd`uL58;xV)A6%2~+AO^;fzlWT*GgQ`sOfSc7v8Pg0=^P!q~ zB(ieJ!194r$OZUZ=z1z#o`AGE)S{evwu_Jw|74mQT@_2!dtlx_Df`?W;K5MG)Us7u zf&qWloJ5aSa*KBZ0dXw|F#-C5^d`#7zVjy!NJxLaDKEEzCQ_`{@Wk-t-_Wxp_cyzE z!8V}Pxxy~#e;>5GCoiv40LdIllq(RI#LQ-*E2sxgQ}JY~1t)>$xw(%5rM?m|_*mbA z4`W;%D2y~1_0{!d1?`^s3>R@HpH_axO@pDLGfLm z)MW_7$&)z{(S<8`zT3AoG+l6=26T`d7ouf^K~DK%<;vAIKDWXi`Js1%{B`y9wkGgt zRg~^CT918R^Jc_%*=vz5waR-M1;a;c-8jHXLfS^JvE5MB_-BZ5066>p0SP#;^G5j$ z98A%^_^Tdr0P*QJABqODhVNV=urb#lrOmRkrQ`$q9fp(x(h7%^QJU}sN!oCyiwjdX zx$k^g^9qen&4n_sY(cqm_Dl^%p<#jo&}0e_vCRz@y1_McdXtqA6#_2M!Z8&3W%r~# zXXxh$y~lF-<<3ru1o#l7u57wJ8Q8wH?nY_G7+^M@9#TyAQ>R9GoE-T+)jpx<60}BM zGgKZu_1LH|B!xa<-^pxKF#V;Re#C-?A+krElP1iMhEPY93D0(fq3|ouXY{2ryqw>a zkLl?+yzDNe#M@xfKFB+vh>>Shr=eb=_qLt!^~O6kySZK)P=7VbZqL*HNxf6*=GvhKK zM5@tK5Tq@(q%A78T;RTfB{DQ35?4$M%vu0zz$DDwfJ{T2PbVIQyle~*qK49`;Z-!S zBuJvp3rHC0K68|UbPo@&oos+!;@*~R8<|7Jy_#uy)A(O~ULH0n^B>!mg;Ac@9VDRb zT$mhls%rR6fgwg&*W*7tlXC0KmWW_@Ruv|-w0r0 z9vQnzk@zt&G3bc=rtter{IW~A=H8x<(s5|IdaYOQrKs*v11iUh2~U>@ypP_A^?6NMAide!zah4~Ywjb-L@z3}AjjOnAU# zqjv^F-#5_=#{h(>)2A{z*&VHl!9pW?YtE$=fBn?$sIgcUr-{5OI3t0uuQ{STA5Q?> ztLXW?+{JE#Z^6M(EB7voRw1EcjyVh48ip}kNr9F**(#7C*O~41A1vA-`*G@{L{($%sxc!mVSod~SQ3t`j81AjcAp1NThx z+J16yHenhXdLwd~;`Pv8k#9S*AyDtv{LO5``HLE@*2CmnJih=9uq1Mscb5Nbln_s5 ziYbwV3rw(!N?Vo5#|kJbyr_%)$xnu+LXh{;f2Xd5;49@77eIF1-DVJ*?^y4!1Q2BH6~jJ)Uyf-?E7A z^84yMzqvn%|Y&kY)NIqs)bgk#5h@?wqx)o|lc49P)ByDsR z23&tY8i0_(qPIV>*wnTXT4!Wp87Y>As{Xc=`)))3ta zhIPCv!RPRDdbiHl_Z2QT;z*_^skOazfJZzkNy)N80Gy@@sC`U0kI>*EwBgm;os_yp zW6W{BzD@79ecuac_|?W4`+96iW;R$W_3^Z)hbk_=;<@nb`$c7Y-1I7e9n}?B-TpN3 zz12rBeEm*{J{I=E_&6$dDgH{HvP}e8XR&%tIL$XP>6{(D>Z3pF2C{7A@>)_goEVzv zr4n%sAhrm`F)>urE{=HF_j3;XT&P4OrlIG@r;Kr%G#%OFol=$4pvxEIvdr;8tR zA6mZgK0MOQlqZv=yN67q7zd9frgc$S0Af^M9H$sHVMo6&(OCsW?cZ>khw&5r%LgY-T@wVIyqJ<@w&E^ zmc*n4_xK1L@%3Q3Do#2&iDylnG8JU`Lu74=l3GsU0@7k_5lr2uHEZrTDNn>0*sl_8yf3`7?p$;Z!G#DN*I=qGF*B^x!rEF~T^!U6k-S zZ;_Ew3)(5{;b7(zg6R}lg>E@DZ>17u&qSnXlL^NH6i+D=XOBrQCPLKnAY#za^8hIz z5!GKSm1BGyE4n7J3$QGlOHEswW6cd=<^ur;;7uRr?}}!UZmh2T22Nn>z~|{LOC9>h zxW~P%qybfNq;DxA)jxIXRxN4m3LGLzz3c!gVL7Xh%w&RJBaj%>Vtn>Eg1$Zjkclf4 z`(RHH6bB1WVKvUsiqNu4U3E}@Q(zjELnTK;4V<v%FV;mPFjhM6xwGj9;NGq)kC4zXZpK}rMmO)+~g5P6SWf^oxuSU4$+ z`JE}hlA3(kC4OmP32pb7%DtJ5Z6&(=G9vHgTcjf-|0l+=`SWx-CJUy?c$6g`nU z_FkX_aWs`{ei}{7H*JlX&L?T9mrTRO$brB+bPPZ5&prLeAtFk7|KV=ks)ioN@;=SUIX zx_+!xkFut0U1R^H$?I?~r)V;yCZt8pStLOX2Tmh}nkgoNh*l&C<1nN%iY(iBOP!%E zV}S=reRomiE2??6KP($?m)dZT@N6m&*4P>+WYo?oh+fqnrS7N2mp@gDc0iim=ZACA zcFZ)H)$I3%+SL4iQj|rQZ~E5AfnX%+LOalJ+7l$w=>h}Cx^IHRaeIPS4cJpO14UOJ zqjb7i06sDMyP;}0+cKH>noyZ>^SZHt3a;$L>)_!5X1#5G(l8(F&uTjH9OL+((T6y* z%Bg>-4$BCYOQ3Dy44_FsNn&D(+bPGCsbcr7p^W_P-As(X=hGSz%=+_C<92NQR4<1A6 z6jcpTsWO43-hVHC#lx~ zmCL*p#M5O-IFQQhAx1!RRmlEhDl?~QqSfEcF*}O=GhbC5--N(EX}zPBHy`b1SQL3O zoM0luc(a0=V7c8r&V((4x?BNg_D-2)L4fDX>p`6wWdLSxSK#&7x=>Zhjxek626c-6 z=sSUO?#>gcnppQLx(UK@|`;aL1@rvJ$=pTn+id@W(<-;$>)BdZ@$|Fj-XD9L39B3Pcc zK`p#oTi%$DGmvD>H96|8Um`J(eo3REH9ABVBQq_$_z3?dK?4!VN8+fh;)JXxi_d;Q z&TbMOlZxb89T2-S_P}vYlxGMxeqd-M^3L-MZYQC6TxG}}La-yxRF-tqEK6j^Sj`WW z0)DZc3Fac#wMfNnMc&tB5Q0Cp*>CFig8C9fFEyndPM=Qnr>m12G|gOK3=aSo-<*yL z8gOd1y|#o{LYj&fLmyAIm^l+iiegB{!G;_@OP2>Ll|5ud>|9=BuqSLox>`nImW8BT zDyjH{7YyV6f`)QO=wBqS8ZhlmmxA}(S5Df>N+XNL>fc+W`iW zkyKH@n_A8|d!oY*PBd$SKsmyTuDU{W>Y`LA=LNV|cZ_$V^7VN50wR_v*Yof}Ka|(R z65eFhswR%Ydn>qz!~2nUhwxj0?FXzMJv*cyauR6RIh%7_COK$X4G4G)N_skgDDkEQ zAz$o&)w5x%7fZTky?>2QA=#BqYgZ>W8oqp4l<5ihrabzI`p>D|>~C@7m=pb+KbJdS9oL8GK^2BZI)KCJpWp)GO&6L~ez<6y@s09p<0OnC(-q15pxY z>tg#%1hHLure=|@%)25tZn@M7T62|`DZJ>P^I0}v`%mKKVPZrkU3reSb40$f<-PKm z)M-kVZ;D+oc#hHEQtBLHS`b|Fz`|~TC*feC!bBi#O9+OS&1+<0k9WHX_W77~o19^5 z#fFw?b3@kC8ZlqAchH5}L)D_GdNAr^c$;ELu-K@yGQq4N!86GX5N53YH)Z}W^%JP- zQF6*8afJP3-N2YRog8*+W|0=aDBJKDynCb*f(Zr{Iq%4aEOnBoY1M`bGQc~XZkV9> zb1c*wGCq#_MmcN8p`r1ZvJ&9P57dfSV&)$V+YoAC$k?n;3ws4$PGTJ4S9cPjPVOCh~-&oi_97Gp1a{A~cg4J=*>Kmf-D|XUHYkw#h`Ng{5(=H8# zt#08Da~ee70tRi%-Lp8tqcdj4OWY@E(5`&;?_``}*TLB1Wqll7I^Q+ujO&i7T><{s zhdVLA^t{1=IL6=+5y1Q+x!?5MZ^h1Us2r9o%odo&TF#5!A@v{7BG)vIPT6LpuTur=i5i!> zWh2Wf8YAh?FEE-mREMM0K~@P^_I3a2l%fVtb!sV&$nbQ@Uts)(t0y$D4W5)n_CVpP%YUv8r>5L#Id6thYeV5IY zw=f{CN>NuhaQ%!vNQ;A>^+QSYl67iKt))-nBY{wCRqjv>FU@#!$c{$!R>K*E49UnG zc2IO9n>_zUBPM{-C)=l_X=Zegq9NK;cHCD~Ia?LJ3tjRZat2tvV34&o47{t9nPv|8 zqL6PZyHT_%N7VOu{j|xEk%H@d{{-i8w4!IT0geVxD#zd zVLRt!D7G3>N9?UWsp-nI{nkSYDkK3lo%S76TVH-(Fv8T_^NbbWH^xe{y~0$hEPY^u z?PQ#5NEburqgz1Eh2S_G(Nl2qC@{$J9$8Vl@pg5HJMG|=K@kNJK*$Q!9N$}6oJfOV zT0lM{l3rPI8H>j|l_%*f!&>x{EU5|1BJ)m6ZOb>@gC9eZ4B|czU+G4kGQ}176C`Wo zU`UX06E8PhPV=!{>Isry6{0TQH-yED9iVx5LVo!z5|k5Jl5@z7l<0xb z&bb*!T#Z|*@g7~DdBZ|2ej54G8>yKy&YG+;RGAw64iucKGOFOhV>FLLoIB=0=FW6_ zNgmhN$j0wCXe(nIn^8gz(iWFh$-A^E*WfpdO<_o-ugLt7%pZ|~cO={)c0OAIf^XY> z&#vh;(7psCa|?g!j9O}_wRHQP^J}dO7-mLNu|u+uty^v11Qi_z%_n^u!;#=rVdN2y zRJ+#;}U68^D@!?h_Pgzndcm^|wUqO zjB0X!<1gdv2(mw*nsiEVe+SMouxV0yMv1kYtq9F5Vao51nSW z);+5^+)ON(krfeg3CA>mkUl$sR}cDXFOORatML4FH!Uol>1+QlQD;9`!j;g=(43yn z!(#|ik6fQG7C4zMEnDE{@Gks{UH=VX6sFt){^%ZD6n_ zL@1mS60shTJ8&E)$|%(8hpP>y*(ML(iW;3`Q!dNjbGj%**AlUeHbCU4z9j43#mTv7 zO|})$KE&0q7)#dcQ-uT040hPo3Q;YZL}dZX35OctS+ z3XtxPeY3I*Vi^u%Yma%Cn_rtl9M~(?!8;itTS7na9GWVlEGB!8n{&_zsvk^CFjY<8 zrxlo-kH8%2X2TR5J@4xw-1WrP*=1|pZFPE%2N6GLVIYYgq05Zc&txzcdjQfhdWB;M3AQ-7 zpp4Gb`jw1xUzhV`XgZ(k=Js-622-D4TQ7O8GbSa*4qfErxPy7{j^bzMgh=2BSN&H@ z@U|}_Iyl;O+w?pwOLX|$*FK+=%I#?^@TERGsEYf59>@-MlHDGEb2+6XF zTaJ7=h#Ed+C@mjqw?R{^vUN~gh zd~fRvC^T2>e%&f1O(rh31QC?FU@$AZCct@|$E-}{tld|N=tTbi}xwp?(;TQkvp zppi58MYASE^a_?t%3C~lptxPtjW6P3dnLTOg$B@QAC#)pNqpWtdt|=v0@}Evp}$-2 z_vX8%sIdDu9_BSMgCc?t53*-x+xaZiKQNyH=2+q` z?aPlVj^5m(^RjbmEb4MXvAz{1PV{2GN$>qhaCY!Pu7DQ}<@HDd#s>h+i1~U(#C0Jk zT&Fl1?ONYJvt*@yo%+^3+ z&hpr_b#*sgx)ya_Wt+nxqtgBRfRFDqI7tq7L8zzG00Y%oI-xtrx+4oW6a7;US_v+b ze_sXIh0Ow2E5AlAhl{T20PQi4dT;m2)zYO8pD~yAip?6`eH^|-rsR*f1%_e-GI=iL zk4$8SfY{YX64YFvkGxYjK0gwY2Kw>DDGFV|F6fwVY%mf?VOoZRh%7G`n5R3hLtZ1E z-y5Sl!Yd*lFe#TGZnTxnl|ZUW)=%s=mbh z-`7Lc z!k^Uzkm0H>R}uwJN;*goTgIr^M|BATxxUM$$`@0o>su0m>AkQx*a^+9Y*{XvVrbgF80_(69e8Dh zB`DlzP}V8}{Uf}O;CqKlXgNqd98|-MU<*Dl`8uCpn0#MPb_LDY1&%HHOAs4!rAm*V zT#kf{<#S1#`D zsA5UIG8BWF)Q^u>C1Y=CDYvXt!kre5%AsB8kb8*t@oHRBB|W9weJaR+A{0SDEV*Pl z&mVT?vubi#b787SsVF@t%Q`WCyg#FVe4#^!LK`RL*87bzmR$Ecb9a8e;5Z}&L`iA%WnkP>V9JS z-RdhCEH|vN#DRzuFf&laaGT1fO%`OIRRVb{n_R0U--RBlX|Vi2vPuGwDk{YyW^^f4 z&1;EWF8SE`!8*JZQ5&RXF!n5<_RL^ad1M}q8Q)brKrr-j9EjGKDqj%l@_ zWn$xGod%Wry?}E+J$sj|rYQ4ay?~8UCP7B3HM?%CUGDhJID7%26g}8?8{}UrV+`&cw z-}=_KwCGy2B^`F1132)&1D!6#tjKz zo}Rc;saBH286A1(9Q22@j2fT`X_O??Fpe_79#g?Y$;z}s^QJP>1T;-rjZ=r6je!Oc zO*?DKcryAtoysap3IN&V3}U+nQunt;|?Hj2XTJ|fIp7a3m_0O zEJYU2V#?)YSU9Vbwoo>72bOxJNu=%B2k5f|-CBt%34REr4kW^Tz9GgwO=myWXf~dn zu1|j-McEII;H8av9TaX~jMkBPlb`*bR=B3reOK2xfY3$tXuMUyO&pi)P{jk*?Ca~V zj*pLSeD`_3@fZK_4_7{~w>KVXwVKbLZcQGH8{i9J&o6}99tubw`Uep4 z{j}NoL6TH|Fcmc)k0vLdIsNq0pSk7MJKsAvIQW65pMJW5{CYxOU|_9ScZ?ERX{9?C z0lUrtpd&?FDwWn)Gfk#pu)XM1!o(4XGK)GvJphJt?_=_Je&-!eA>i+OOc$>$Tegf$ z$I-s6R^!0tMC%1paeN49UdSJ0z5p2<1clkRR;%^*_Vz+MtIoKPN2AfiUB@{Hch?fd zmU5yDU>9SNKaeM(ft#X8H6+clldnCb!P20pz>G*X0xZ%}5YbA{ba6D`Xq*fwrx)i+ zsp36e1h7oP#Xq?V{GJ;nLCmLp3E3Y6#WKZ0JH{|_-p(<|O2k26q!vw0O-0l7`ULLg zKZS(H@%tf4@dJqaKH@*XcTC|TeoiQ-*3PD>Q6rTWWq;@ zoJt_wTDx{_lZtxIIp^#IKYx!{IU2w0vYUpJf$`@h^~Ql?&E^X*dw3xx3Wq_R4}}sP z4Atk{<|g_53Ek%zPn?y||HiOT0L)G3GM2^<{oY&Q`glrj$&e$twln5dk5^2t-cql{Wih|$Jy64CY?bVO5)T5V+t z;M!#G{)?S}(wmifeJrZT$Y${dx{l)APKA4tW*Z~Z8cg4jWxy(frB^{_VXfG2}Tj| z^P%VmpsZ`4a06U};1HL_$%}U=97`Q>HJZ~6IExnengFG^J5q;1NaAd&K|L0BictOb zKuID_`D_o(hiGTijv+V?79zWtpUlCzmJVJahNuKd&cS)tmOHl^x8~EJf#VJi1Lq^P zpCPmVK=>oH#rGlPF;w$0Jaqd3D)o4^(fH|!C!8>=(XsA$K_`K;md4WlVR7NiS+>@? zb?f*XFW0yC+;a~}(3ZY=r1Annb4is1A#D@K6Y=Dvo(SZKy5w)yjR0tr>>GIa$$_Ds zaaw^@@?yVH0eI;SLYE4EQ#b&x4FP5&y1o$Wd*YB2tFs^>l@Ly%`S!QJoyyGLWB7dq zzua}xO*aisOtkh-lGZ`flamKeM{o>q4zRUDu-5Q=X!ijyn0>G|IXE!Tm+E4W90h-$bpf=xDi&;^v7^=Pr@)qneR*&oNq;qn{;eX zw67GA2fz@fPMGoeU-SSXMp)JO6(sG`O2<(*ITqYImHB70mvVHS15oAo>Y;~Du6yd4 zu?}}J>GZ7I7u-8CJonr)inDhrD3OdSJztX!;=>=enm^)9xuwjyfX4)-Ifcc4{6AtI# zY(I*y*jcUh)UcxNird6m28ZbNdVLZG@l)_{xP>8k{C$iAzK_w#58;@8SgXcQVAS%{ zYc4?p~H#Az3e?94OIC%u+5`ZwWy`H2BO{IH)u-wQ)*Fq3VZ@kPM28{Y zgOTw|kUkP^K}%*i#Ky%DXao7S0D>{F#p&e4cXJNaf7p{GPhh_O z)JZ3u%r%i2FFHOq2Y(WC@FAIlV|122^2j4CI%_&V2qqY=j+=vE+AIEk(ndZd~)p)-5{2U+;d{$GgtdeEX5W*US4uf@$ zyA9+=y6FWgfJI6%MjGVzM3VV){q46OluR|hi3P}2SUqPR((lF5fM;o9Xpbp)V^@7D zKIV)wPWXutRTh;sl4AKt$U8ZvMs&!`GdBk>6ZBlctl_f^dV>(1K^iU~I6Bnlxhm!! z$+znq0Q(PjQyH_u|y98YM0@on+!-6Gl*^frmbI)Bj8IO-oV?lHr zZLv!4aP*6A*y|i5Z*%T$7aS!IE+sy0!sGrZT*-=m>L(RkLGpyU_te97?0cST0X@xVt_(wPZ0+t)XM{?DYui z*qr8?BExV6#s#ce#Vv>`TBS6neSX3ytp>ewqYng5TiYw zCXas)z&BoA%2G|a<=v%P`VQsxXM*6SpFTy6*GoHB({|_=U|krw;DQV4*fPK=fG9Pq zs0!}l;uv_R<1;_(xq$gU6ANX z2cZ3eJ!yCrU4BVVc3pSo>#C1L3B?^fJaf+*f7U|um2RkyhmC0~(C4LgS4x%uvL*-) z62{NCY^G?nVr*K9B0k0FuG)9$6ab1Z{e&Cd&)i`S{;?OJs{E$UyRA=i^`R0Ifcna| zS=L`Kjcc0-ouJ7Q%gVR%D^GWZez+gnhK(SLp)vP9zM90443&_Pa( zTj|f5aPd@PRrV#`U-K$HSFE{BmP}CbQLg+WCT*eZ!O+H$;KKmYiNoLyN0%n78!yoh zQ!(ct=?mBt?(NP*MgZkIFbwMwjCQ312=4<_-~g~a6_+yt_Nrde!yNKDppF_8-3=iv zSD(+rrp2J?3iMLLXIdQrvHW2zKA1;j@Zp2e%CvPfw;A4S5WxubOvB z6G%0>avy*$eqoab_5mbgc&^=pp&UC@?)NgJg*EWmH)v$B>)dnCo#aLjvOuCczq%NaX;p4{YdTi5DkPY2wX2-Gb%V(6B0@M+JS&hT0Owry)$>(|Hr+mZ1o z9(%Bx^`;?R&bD$FUIdC`aRA+R769wll@0)gEWIbjU5R$U0j!||V5d_1<$`B$Z+OOU z{_w{>f%nXlZNK}w=lvKsKKF?rBi?Y&J+6JWZEGPdaN%7-fApAi)Ey%Lr_`$3(h~AV zmEAr1;tNDN0$9rD;G@qH8a%rT-Hr`B(udNI*I$48K~XY&EX@Aw@iBSpxSF+(8zpi> z6s{fn_4Ub3g1aCI=%%YH9RNB=I_km;FP!@Ok9_QDbmUWPW5(T`mE$$LO|eX|*wQ5h~qH6 z|MfJUS~oa2G{o}>@P;Fu0^U;gje!K($WH;%9XvRM!gXZHc(+{L>Hv5LcP|8`=~Ld5 zXT6KwV`tL|u=DHq;gGo@oDp~`4B^zVvGJWB{rD&E!I6@miR0e8LH9$jh!W`Qt5Al< zQWzC{$3MHmzUWbXBwA2((PgjuQ2Hq0@nsk=EvbC~s8fO`9@J;PULBnD_19m2Xq42} z0sltqhFUi~JUqhskB^T>W1~1a(4W^xm|hyEqr?D-$Hb{VWkgE6#KW$20B-dfy^}^i zp#wnwQn}?~2eWg1$WtYu^v!f^Y?KE>;*g8#NMB#yX~3U0IWhjsrJua~i`WcuOD$>M z3FUeWLS#Sq1}e|{-@liy88{CRC+SW;(n6is3Zlr`25gipj?L~knhYyr@)RH}B9dq? zx>ygL({pH!^0QCe%S$)k{K8rzJrQRpora!13MZ(HPzSKJIoi2%XB`bdbH|BsQ5g2K zYSagF$vY7cEN?^N(J~i{gJUstOFG)M4ghy(XYO(QB$b=?ZhMNIO*k(fM>3{T@Bq&S zoBqY<^)n#+~m_vK^skHyiH{bk%daHFZy7i2x z-a4vxU|@)K;US`v2myg|!!~e8-s6SEr^9NiMul=HjmKDEEyw-gsCmu3{lCJ$rpv!66gU+M! z$kHx5lAZ7TLOvwUU$hVzCSnK)yJ_+?S-FA08w_BYa1zezI|-}EW1qb2ihHrA?3QZW z17~pdBV2%_4BoX+7LF|B=r6*a%}bwMW5shUt@KReD6uNW0jz`U2xM8*5n#egIIqbX zUI%v3=jN|nYq1Nj*WYr>;pueqcy!EZ%``fCcxbSn{m41}=;#>d^z1WKiI05K8albe z$lY`QvYJtrzwph7@hC}~4=}CgAt~$4IVM3P!QhTIW!pT?;kh?oTp#`arCmwue=|R(r)gpCAZ=*(C>jn z=B9K8_`o!N+n%+326_i?_4kkBR3JK~0hZZbnbON!fbat86b=QN^+aAPV|U{yLzvTZ z3T2N9+xpqhz9?z5PDV$a3giD(-06o9k0xNCoYOOJ^r4R0q$ud0wjyQqY(o{DL=#iL z3ceil$V(4D{9#i2lZD$EmpG(r9RQ7*N`-6u??3#puhptGI)HYq@Eu6y@I1Lt`?my7 z*?!HS*&H3+1!oZBVL}DdguWBNcLGKpfc6dqb;{-1@F}o&6Z#QU*8!jt;P9 zaP%HsGvM*%yjIt06Fa6FJSM%=!I4Jm2oErhVKhFi09VC7d+4G=>@=sp{(9W$ljg~2 zt<$1L`kH}(!2ue*pVQOva$^VeSNecu=dXB`!SXciqXFl#q?}+z;kg4=lEmIsM%^@ zeSn?^StSE-2FK!<{9`d%nA~{9=KHb9_Qtpt-}cV4&wd03AR`FMhm!ShxPJcm=krNK zyC#!p0hdmNz&eF7vE0>Jzi?q(BM-YAKo$XEN#hvu$`pp@4hGsqh_LM+eDJ|44h4;2 zR2&%vr~IiKZ+vkzjZcIF`t?@SIBIBMxW?}w_&GgCZ=Bb&aoFCXySciU@^ykMNfBR6 zd%7<&)b}Zrx0}Llb^s9`-9TTcEtP+SQSuX0oX=B{s6e@k3c$M~l%M0ta5wbHK&y1c zkOY8HK-J%6v1ZW1n!z{)rf>pSGUz`B(}iO&TA054iY;FR_@=m(+;Q%?XMfupLj(uF zLpHfyu_$W>cp4%G%*`y`weT?t_@CVE_o~^nyz*LcyuEjH$J{&d*9&jcQLPfvF`dR>m*SI z8i7YLO`kyhvzLQgC*hrkC-QhMLP3|v%f0nnGZ>S*I~-9@e}Dh6kb5j1H%@H4atjuk z(wn1dax3V$>KxV#I7H^0c%knmkPjmbU$O`bd#*gzUR)Vb0uMwmhKh?lEc6&`)?J^| zx6SEqy6NZA>DC*t1^?t$+ITfK=U^d^A9KN+e#Z{ho$Ur^?eFp|y)T1lGm-LNb=`F@twqVHz`PO9>3?NtXi&by%i;a5UAs6UARYCQqaP_#Te*ms<5k96 zgcZ}iVOqFR;N!uQU*!v8prOa?+N-M_0F*n$(36WqwEFwenP(#8$*zc&cP!vy{GGz0 zCMX@@Hr_cc2FMTBS7?iP=HA3`m&%WUK?Ps+>3J<2)obA(K6u6EtL_KQ4H%2w_KtVF z<6AJ|+?oON=yYN)asD#Lq=)_e!7H)Myyyt@0!VfN(s2|<5K0n4@blYzvJeLuY-cfe z5`5}YHynX|1t(#OaRyw$uVU+cg}V{`LY~a&LB{^z)GR9inHO+rU5cz0F4LV*dq-*T z#8mh)6b4H75zCL7;0ZuzcgN8^f4kZN*ltRqbmPb`|@Vm zfYC?424SzloW90GS=jcd2MvjNusr<9T8z&d$+=%;hOFFWxVAh{K%rA67q+-ggm(n6 z5YYNZg7(&}(D`C7JhdDg0Pi%>z(DPxUE@=a)~eORc*+YvPT4!O9Ti56r7TpoA|2rh zE7Dk;(r5@A%j3#~ys4kuXMnu9C%tE&zke;(!PbtA?W$k7`D!RXz@Dt3o~&~X4J?WZ&vGCvr;;I6*zx|icy#c#ka!#6Zq z^v2h1`OCDK{^HOOAKAHWxLC-mCy5-WOa1B* z^UwTDPS!#a+FnK8`NEao@Zq!U70mxz53XPT<_R1tk(_yEHl-q~rS*a)H zc3*NvHg|1Q<Q_PP%Qmxp13vbPuM>3C;7brt_Jizy=jX-ebFr;`y-P!tRisfkLyNO;8&?_+VOKGL0E;k~e> z5_J6tfE|Hn;j%E5Ch7fH-Nl_Y5yhNqCs9%4;h;AMNt?9+l~V>+n5AKyj!1DD5^m#6 z^CHY&ECDtgxpfSLbv#DwfxU=9K7PazqQqoT1{=bxcF?$ZsZ0$$4D!YJWD!tL6A}jV z=jp=_7a@3lU)i;5l(IM#;6h+-PR}~(W%E(kT*A5X&6SRM7HKujcEz*{m1%x?E@kTm znq@Hpz_3{6s&S+7Z`fJ(7^VT#%+k5-Or5HVLK=;0sC=4cXyc04(BhP~2vb@O3wVy% zIY%dYgnzhePidGgUbqwQ;wBr=kT;Z%be_*0gAKYOuT3AZYnM0xIK>ffl zITQrB1rpD%X>kCU%g^Wl^lUul%XvR9l~Wd)>@=Sl!!j8bHY2klQLHi^g#js)nnt5x z0gwaY_-oXYdvG44E^?~KZVZ=;1K>133wjR|fz8Q7J@jRI_(bKq9uz6nq!2DC994RL6}VLB7S z%4ih^3aO{fXQsIF%{R=+G+xKTDYKXs82)fHh2x>V$TXbXvapS1u?D~neb|310BgEm z=4+(T0`54Q)6)R*>qX_EqG(9C#x+#havY7pDVx%fkC)0-co9aty~xKqFhX$v#QA6U zmMqd&g0c3oi_hdCN2UOlNXyQ{Pw*T-P6N`@ge)E7WM_!1F#-@@z~r-fX`6M*w1_XJ zOZepd|3>WI|JQY+61uJeEekKl9^2~gTG-|J?|4Sd^8pB+*EE0(yi}Pq>;x0yS?HC< z%CPZb9yaahaL10)0jzU$bmlr_$05k$4LnAG40@8{XhGftghQD|MBW7iB42L*g~gaHb1*zW>jiSdTnbt8FJO+H*m=F;hN! zBW~F^0Ny>((J@Y!;p=%kAAtR_;M5ogyNE>faV%Im<=Z02R$9XGe@Y#I!fmJ{3^)hmmk!9bSrD)soi1C4 zxyI)!i}Xd=on#bgk#5$oE`%EV;|A<%^gA3oS7;`|OANPc902--=L5LMRPKBLDhwZ~ zEx4mq;n?SlmxTiKf0SNBrB~iS>kVJiiZAjJF9w)KgU_#2rh^X`a(}@sKPt@ z6s;VxLcKG&a3$EwGgJ|}$Uj!JqQY7V4&~{^Xkmam{>a2j<#Y_gpd(~0d~@c{id>qP z7uGSbVMeY2)FuaeXJYlGK@r5434(RXaDL-R)c9=6D;+Pk}lr@gM5*-f%QTbRa z7yvn(fb1O1$&+$Jp0tNAGxMPRJDi4&h9p8OMDCB3Q5H9(Ge#}15?UDI@S$lB_ETUS z5X<}j7hk+~w{=4E+S|irxfY6k;PA;O_OFWj}Kq3>;nf&}@FZX73<$Z=rXx4Wr>6{j!9RI50m z3)_4HuO%{Zwu+W_KA{mYuV^t3WwvmIF$5gPfAvQAYSMS`(rDMe|8MKg__A^Ue0+t) z9XTHWw#oAWitVvmX(|~n4fT$fg9(NEqe@xC2mTJUmfqiidtumZhkaUh#`#(+iil|d zMgUSw>rCKHK!f|?xIX{B_+pafFMY9SI+_~9trPhQiSsad(mkHi_OqeQv>cw*+2is4 zKlGs03h)0vCzY`Ue-`7*$^me`k3}rCdY%u!rsi(CHbq}(A9$IW6M&#Hn3ZqwS`fk% zUZhnxLplK5xN)vX+)p~aLt7rk>G(WsRBrTOCO?0?TnNVyNAd^|=^5=HuBU@|OEKXZ zgvu#~KEK@xiZX553Pvf~%At76D%u95sGI_-<_Ho#eVOU?**_s7v1Bl!in%q;q=ZE!n`i! z@5n|`JJ5?_^MwGMBIX=`Zu-f~wHt)eXXK8D!#N=z-`3#Qg5GSiA30#kI5=w{igE-HNB!Kz=gg2tW-Q zTXtHjR;`ZkKE%M_;9vzmEaweYabj`b>eZ`o?shC~G22#H&<)|>bJj~LAc3zd%i4am z*R!2wW(e~r`zcour|_~+X)6gvPiguMe86Rl(C28mGTY z@24!T520_u@n-XtzZB`0r327?-bqxsj|WuZk_|$8vIAB5)c6_lB3xliE1Yp&MLxm` zH2wj8EUyH2`j!vwZhYPi*7&m!!C%LVcS3yMFV=414O9z0BF+3&=r_+x9TdjBC2iOmA2#yKk9q(Cj1T+9u z%(D1Q24d+^UV0IZi{TX93qiPxbsTGhS6+)|J-OliNc>8!89zvpy&vG$03Z{W9}JX8 zD*Lj}e$2v$_tM$Z<`t+kwTz|-CJoBh$w@bJ830Rg6Kn($Rxe57hU{B8> z_y{;p%Gl!$fGVKMsK(4t;R<6~;ezyk+IR&n{BlS3WX>^IMj!Wg_Jt~Xtc#3z|7V1r zM#|$yF(ujUF_5;yOc|8XWUv?ufYqd4pZ+?}i^L6q@Beo^PjRMvmNIVHEdpw1>7MyG zjkj?Xoj1~F`%-0OI9t3}Hsz7qKgy09noI#uuRT@~=BaNMqQFD=apRB_EtJRC#imKX z^lTR?AW_IHe_6aJs}oHTu6%^E*D(_K5@8rQElXQimX-D$E}DkB?3a0bHS|u;2O#=c zyHr7$A>(=#;TESf49Oyo_57ItZr^_<$I>oFTvy3qsB#*Rn*q=bbNUaF)j)25Y1aT*Fu%+q;f+R%wi$rl{*EC5_u&>^m%Tf5h??#YmaX93Fc5QM2+ zk;b5!*#E)zC?1=b*dO~rme2eDrVS*zY#o3M`muP$=f4;XehmvkY>+*+AE4OqWocDd z;%r>g8kXW(ZdIN%d+xe8h(?>i0p#ztGp38y86@Q+Gs^J!<-Cq(FLMfc$+;9>0K)tK zY5LU*FFbi_Ilcd%YXu~htpnh)xtD6-aNrf{~xcjATc*;rjUb5!XzCUre1hgv3y z8rN!5H51>%GtED8TBSDm!6}2POB$SSD;PkT#@K((>-faK81iW%2FB{SZCuZ)|&%^Z#dhbUNSsmKy!Cb^wn* z{T4Kq08S}%<};jQxSp^L#W0nU*o(J!);+#@1QsU&eaz)f0d2FrU{7)&DCK(FT9hp2B82Tw_AByQ8sdCf z&i}__)33?-kZ3=@4Wr1uEYi!`0dPed!#}Zle9H0xugRsa!R{^EKw~Q?Hr4<*1xR~w zjL%Gmg6wt`j`k9eA@BZj9GC-@8>B5~dtB?G;oM~uE7C68$s%0=hh$p89Ds`@Soe|h z60!Mf`Mm$nI@@dSzUA4H?%_B-hVg*=ZlL?_-X6|wQN&ZZamD^~U%kono^=3P=y(dJ z4^?6w3Q7aZO*bSlr(3F&9U?VU>E)rXYdO+G=Rm_ZC#&Ol|GyQt@QL+o9cV_uU5s4T zBLLs8vMsi^Qu$ZxYWu#Q2Fy(>_Y%dxd3J6Av)YnVfgXPN$ed9wRx!rl=J_W+x!2;c3JigfP3Tl9GLS#+_)aBxpjcO z=1D-Y!%EUL_OyaifznnY2ZQ39_IvbdCCx#}PYfL=3_MFu0MzgoQaSQ+wBgJBjrT0m z_y3D+x9lB&ZxDG22#WlrrM4pE%PWV1B(0`>A*k5byPeh-fhuW5jst^0Sk)dGZ0u%P z+eaWQD||pA)0X`E|7QHMo7pZw_LVgNbeir1e>TqtSS($ER?7%L&iSiU zs22Ll>~m2qITZ*hKjX1ryIU|lZ3rJ19Kwf2VPM=-(|)%t!WNRR8gEfnF)gw?l)>f; zJ~vHD(?REuQ&iS0v`wJIe|!ijo*m_aOpSzp5~1OjJOr=(J6qQHiWDs zAKD$2$QmWn#mnO78mA1>hO2{-i@ZRTMT+?VBhUZQulD`_rPIe*)fP3jG6nF>sl#S} zKEN4JzeR26Jt<5#FJnv4sy&&HZkffb0}eo}pSSRvdtD5mj#7NsH$LESXUf%DyK@0Kw3)n^q1VDH@kmE{;fuXSmSI$tVBZ zobfE>sc@f1nz#c%b=_y7W$PBcC8OMXy1{in_}+3pz=GcOB3;+~ZWMkAJpKX?@w z-YbQt+V0)e2d6^2E*CC>3o1< zXLU;ZvcuR~G6K-iOegw5bW0_dH(BmDvpUcTIp;c)o`nQuH~`Zdd;9qSrl@UExs&?U`8MPt1F-DZaRji)SuKV*o?F&4A@Bc3^8WwB zGaQ}17#S`l87mIJ^wv^2AHWpZM^kqyP|7>AoNu>hZ_mib4c+(3ZGgq*Y4-Hu{E}Ad z5xfQ<@BeSbXX1-Q%Qd~?08Gy>wetb8qT_>p@`>wcfX8(KzQ-KEh7DVLVD>l;3{#GT zs}Fnq)v8r%Y!LJQ|B@*8v(m6D4!|@s=7>w~d;l#z@5mVH4jy{wq3&3)!t;5hTWF}K z4DGkylRQmxP|hG&>@-rL&?2b1{Y!19}b_L|o41%cta_y5Po@Xfc%%KQH%9kk*A z+8af-hc2=60dT9snE+ARhhxFyOaQ%Ow^wiXAmiid0P~S42bb3O?#sRZA4lIEAK$U^ z{{R1L@9JXXsIKtL?0A2?YoJv_lm0#OP(+}R$BLlRK2nK-(^TT6g2rC&dfi4sNJUUn zD6ds*Cr&`^TT#IxLiDjkQ3|b)fV2o=Re9hifQVFqA>Q?Re`coNcW3U#toLVTc6L2B zcZ9?4?7ipSIrpA(&pr2?Z#s;XQUGmC*{%2hG;?7Dq%6x6m;i_c7>aNjMr|DHev0kw zh6^tMp-1HWgAYDfp?^dMeC>w5kD`xC0d(f_Zo>!g;sCTH)?|STIIOd7WYlDEqMq~= zz)+M-=OGDpm-~Oz!21i}taNm-|A$gEz5Bt4?cvf&0dyE#2#+`>+GY3v4p%#=05lK5 zx5MLwx+N_N$Fj0)2ZBWbi>(3>f{*-v#{c6I`~Of6zQ-#m1<+xDB|d;@Iv0Qs@R4Z} zA3)~Zb*K=JTM`pMB5CcYhN8&tIt5-z)KZfZ`pZ?oERh0s0 z=Lo*jOq4i*Sms_&CIKX=8*zVkybExjFopsOBDWN}VNVG3A>`MCH$zb}9fl;#Eu8-g zi|7q+|8LU26Nb=UuA>w{m(guac+EK{CcHRi>ryx#w_OXsY6=SgXtzTVPTetD7C<~6 zyL&I7$l?EURQ`W=7AZuaZoH8hb(rw(`vMG|c+%YW#`N-X?+q6ha9EwRk#R`DqGS!L zjfm(bYPA|BctSV;rC%o^+IxnKvH-daB_@oR;FXNIinDcz6BzexfCjAop`ro-QNslT z>B6^|+_s48NPI`)JhD&HuM?C0#ikod0dyG(FZW%4=zhF6kT`+v3ngNlMB-ZfaC{3) zfK?Ip(&ga>y6p%BFc67hR|cM=z;(p99Y21&N`H~2miH4S`zvHTGAUYk^e9IKGI(7 zlE#z*=rK?dA3(RRecQI|OWX!v@<%FIJ(>^v6T60xKyeHh^*irYR^0C3;h_Ma1F^sc z?%-%D2>36{YQ9f=M>eU#f4ehYDS+<0;V*pig%854TXm0kI(QUE=M4L$&SWo1RYP8O>k zUMD3M|JeEgT;oKSs6bR+J)SPuPvC`1%+NhFp!fv>ddeAdTI^4*=Ksf6X$KpGA(U1M zz$a7TQ2H0om2nAx37^$QT1;#KG+iVEvEhhQf~f%L`U4mU1T2Q@D*9#9PqP91KaAI_ z`w!+sMv@E?lwQqL4gaYXEXuf~;=(0TNdT2oLbOJH~i2j;~9=d-W+ZICw0QDYbr2u;KNB%0}0dNHH zvM_xk+*`{AqWHfnsCouUDouK;tNS8ZrR7$_qnm+qf#f5hO+ryzt^Gf@C$8W8XY+wmXujgDe$BY8f>Z#+E`XqlSb)oyFGpel$gKo24JQl=S&U9WsGP5k zhk;W{_x0cCV=T96Vlu_(AEf|%4hB|JvGFw=?JUwvA!vyVZq(zX1Skwt05}X6(SSZ5 z&37@-pJ0*=t~faXc>LMGbEkMb3H<+;*g=*5PcHPolmh6_BT<6pB#)Jf#i{cEntXtA z0LZB%RvdT*<8je0cP#)nA0Vn;ef+VDF60=RgaeC;^uTn;f1FNW+oNlno7MXZg=7EW zIN>k$*bM_ed;|oP0tmoFOe%+yYql``$7a28d!yO-G?UK2DW*{g?C7fKS|V}_5Um9u zT?x9ayJ$c={H)%Pk>54)ztL!XVl|rIFBS8D@`OKb4%z^-Y_vs{0tm)$Dgfv7>CZ-8qP~)AJJ(IY!8F#o6JB$3!JW>)N*10(`oEf5b{jVhsdi+7L>U&&_N$mjeG^ zZ<_i|v$Oes!ts~n_za=FJxdZ{Q|b!H0S8{@1}0kacs~CTtnNcg%TGO%%jJ%i%VkbX z9zBiR0fl}D?>xhExL4;h9avk7L>OA=LWWcTBrALYY-ZG#h37M}+3Z-QT>dkxvHREo zjt91BvDuD|nkix1Qwks?=P=>wv;;628zAwsrIV*F;KiAb13yrMlaTjB7GX&8p{ofk z5V;f3MHhmHL7)MJ?%d!N8#so9>&4X8*DDW~iqlV$B*y_tSqXm#{;DlN2&Ty@o+V&% z^)1d!Ke1V>-9zDrA^>ub@C(SIBl$o2fp!Rmr3nkbON1GCscxYQ0TI~U{trwtFh9so z^0nEt>a}|P?ox5;Nho1D`%I2QV1lZG;DAy915N}?z$Rnmgu)$Fs#Mv;hQ@ieNTy$e_{TiLUAn%Y%UxR5Ht*- z;B^>jX=XARW4(N3p;XAvkp%fWKd+p9!P(il#ziU$8HgN~nS5cn?WF>XeFbO>G@!7w{MI9%$S)myt5&L0QuxVNCH#K5 z=&zho0RH$Cs1%)2Oh$pJYR=9~p8~Y#9SBzW469iZwzGI&bs&NP3JV1Q&<=?T6rgIy zq8BcFSD5=WyWwBVc=U(11zWxn=Te}^Rmrs$GllW84zK%mQ(9IEre&^ZW5u@A1__mx8kUU?4AK^Y?uX}&u16WkSAA4fbwB(Pvofn0apb)+XPfFL~Z zQ&#XHhm(_XW&JOo{O|IiJc6uf#gKm>poHHK7eka$7C;E51+5~TgZw}0{&exg@@guT znQt`e3CpsPQK<3AFoFwVz}P@TUecSJ5*_&PKy)RlZljUNYI-zE2#^X1dmUXm*I12EH zRw)B~RAgU^`@{R76u|I!yNxm?b(8yatf~xMU0GN-b+Nu#gI^%~opQMni6!6(Xv#6| z3_Eb~;$XOd2m%tq4l89G9t)`ewmnvHW=?|cjt5o{= zXQ2Fpg{9?_@POy}RvTP{Boh%7L^mxYAll z_skUvXBphX90NYTUm~hp^c+wMAbOq#rU(VVq!*3*U?_o?mX?-ohVcIth&MOkXp90v zfRVn|8sw6Dbcev5gzq9vO&d%D?7xaCbPdSzq6Of75?_1%BLGqm_mC>Dm*2E4{l{~2 zg-c#=kMi>OWZh_f>^rGO(+$-MIUxN4#bWV&1jF1~DX%||$U$xgC~$o} zSNa7!)A(Lw6#h1yPCrtw*WuT*>+tXOJc`5dn!w4|br%;fWH+`|gKnAd#Ggh+S4}`G z#I~Kf*$VEd%mcRTF%pEOqk?<3adu~KC<|a``QNd13P1PA6f`)?9t8~fQGB*i=@f;( zr*jbU2NNCtcoqQn*=VGzz;^7w)tkD9D#XPf7KMy7yjr0B6Z@A&KXF>n1ai+2^#3tF z2cHKDK$-pR4BO%FN&)Qf0CZ~}+W~RjMlU&5&}Wg0e+WTC9|B(>1v%skNqTtWkyqov zf_07;R1h5xO@Z68x;qX4`5WB9-tli1&D+*Gjn7OWDYMb zojN_99X}?6h9F=7A-yW(-be2gAduI-Q!fQ!m;u`Yi_k7l9a_OXNaH;PYb8%2P#kK% z--(+syQeIGm<>p`?rcdW(q@a(Q^c+wMVDvl>-6Djli9dr5HAD_BG%Wi^cs$2!23`($;rt{wcq!}+4vMv z7C?N)!go)&$a70TC)=-PX5JYCRz8IP1utkwDjxsprN~$PA>m0nN0nf=k);C zFp*eDP>|1i66yKlVeu;jo94ekp9A*$!04|$j{W|l{E^!O3V%;B>c`k}Kv@8>9U6Zf zlR-l)U7X23jEKRbO{=LPAK+_9yp!02{)n}ga^;`z1sFpn;65N5YY6U{WN;FSir^l$ z-(F39-#r{q7QpTqtFAp|kPV%0KpG-+_OlBM%kSz5{fv>)u1BRyT`Tta;edxG)NsuG zhGSo9>dkw9Stz{5RUZ+8mJ06a!$9@3;=m|5;5r9^-;WD0OUDeyC7j(qsLF zr=R}T^78UG`Pn@Y=$;F}GU`$sP#oAn4!{~{S$0y0!**wD{jGGv(o^*m2NVZJzyWRv wwhHecO_CP>2BD$qDh?