From bf2b5bb5251d9eff13ba9a04cff222a96f582809 Mon Sep 17 00:00:00 2001 From: Tommy Schmidt Date: Fri, 15 Nov 2024 21:26:55 +0100 Subject: [PATCH] feat: encrypt the bot database at rest (#130) Configures MVStore to encrypt the database at rest. I initially expected Nitrite to do this when the database is secured with a username and password but this doesn't seem to be the case. The bot will attempt to migrate existing databases automatically on startup. However, **existing backups are not migrated automatically** but new ones will be stored encrypted as well. --- docs/self-hosting.md | 2 +- pom.xml | 2 +- .../discord/migration/DatabaseHelper.kt | 7 ++ .../persistence/DatabaseConfiguration.kt | 80 +++++++++++++++- src/main/resources/application.yml | 3 + .../discord/DatabaseConfigurationTestUtils.kt | 3 + .../migration/DatabaseMigrationServiceTest.kt | 87 ++++++++++++++++++ .../persistence/v2.10.5-with-password.db | Bin 0 -> 28672 bytes .../persistence/v2.12.0-with-password.db | Bin 0 -> 36864 bytes 9 files changed, 177 insertions(+), 7 deletions(-) create mode 100644 src/test/resources/persistence/v2.10.5-with-password.db create mode 100644 src/test/resources/persistence/v2.12.0-with-password.db diff --git a/docs/self-hosting.md b/docs/self-hosting.md index 0e1b558..0ed39b6 100644 --- a/docs/self-hosting.md +++ b/docs/self-hosting.md @@ -25,7 +25,7 @@ You can also build it from scratch by cloning the repository and then running `m ```yaml services: v-rising-discord-bot: - image: ghcr.io/darkatra/v-rising-discord-bot:2.11.0-native # find the latest version here: https://github.com/DarkAtra/v-rising-discord-bot/releases + image: ghcr.io/darkatra/v-rising-discord-bot:2.12.0-native # find the latest version here: https://github.com/DarkAtra/v-rising-discord-bot/releases command: -Dagql.nativeTransport=false mem_reservation: 128M mem_limit: 256M diff --git a/pom.xml b/pom.xml index 7a5195a..f69f658 100644 --- a/pom.xml +++ b/pom.xml @@ -12,7 +12,7 @@ de.darkatra v-rising-discord-bot - 2.11.6 + 2.12.0 jar diff --git a/src/main/kotlin/de/darkatra/vrising/discord/migration/DatabaseHelper.kt b/src/main/kotlin/de/darkatra/vrising/discord/migration/DatabaseHelper.kt index eb7234f..6681eaa 100644 --- a/src/main/kotlin/de/darkatra/vrising/discord/migration/DatabaseHelper.kt +++ b/src/main/kotlin/de/darkatra/vrising/discord/migration/DatabaseHelper.kt @@ -3,8 +3,15 @@ package de.darkatra.vrising.discord.migration import org.dizitart.no2.Nitrite import org.dizitart.no2.collection.Document import org.dizitart.no2.collection.NitriteId +import org.dizitart.no2.common.Constants +import org.dizitart.no2.common.meta.Attributes import org.dizitart.no2.store.NitriteMap fun Nitrite.getNitriteMap(name: String): NitriteMap { return store.openMap(name, NitriteId::class.java, Document::class.java) } + +fun Nitrite.listAllCollectionNames(): List { + return store.openMap(Constants.META_MAP_NAME, String::class.java, Attributes::class.java).keys() + .filter { key -> !key.startsWith("\$nitrite") } +} diff --git a/src/main/kotlin/de/darkatra/vrising/discord/persistence/DatabaseConfiguration.kt b/src/main/kotlin/de/darkatra/vrising/discord/persistence/DatabaseConfiguration.kt index 30e4605..17ca519 100644 --- a/src/main/kotlin/de/darkatra/vrising/discord/persistence/DatabaseConfiguration.kt +++ b/src/main/kotlin/de/darkatra/vrising/discord/persistence/DatabaseConfiguration.kt @@ -2,17 +2,30 @@ package de.darkatra.vrising.discord.persistence import de.darkatra.vrising.discord.BotProperties import de.darkatra.vrising.discord.migration.SchemaEntityConverter +import de.darkatra.vrising.discord.migration.getNitriteMap +import de.darkatra.vrising.discord.migration.listAllCollectionNames import de.darkatra.vrising.discord.persistence.model.converter.ErrorEntityConverter import de.darkatra.vrising.discord.persistence.model.converter.PlayerActivityFeedEntityConverter import de.darkatra.vrising.discord.persistence.model.converter.PvpKillFeedEntityConverter import de.darkatra.vrising.discord.persistence.model.converter.ServerEntityConverter import de.darkatra.vrising.discord.persistence.model.converter.StatusMonitorEntityConverter import org.dizitart.no2.Nitrite +import org.dizitart.no2.NitriteBuilder +import org.dizitart.no2.exceptions.NitriteIOException import org.dizitart.no2.mvstore.MVStoreModule +import org.dizitart.no2.store.StoreModule +import org.slf4j.LoggerFactory import org.springframework.boot.context.properties.EnableConfigurationProperties import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration +import java.nio.charset.StandardCharsets +import java.nio.file.Files import java.nio.file.Path +import kotlin.io.path.absolutePathString +import kotlin.io.path.copyTo +import kotlin.io.path.deleteIfExists +import kotlin.io.path.exists +import kotlin.io.path.inputStream @Configuration @EnableConfigurationProperties(BotProperties::class) @@ -22,12 +35,61 @@ class DatabaseConfiguration( companion object { + private const val ENCRYPTED_MARKER = "H2encrypt" + private val logger by lazy { LoggerFactory.getLogger(DatabaseConfiguration::class.java) } + fun buildNitriteDatabase(databaseFile: Path, username: String? = null, password: String? = null): Nitrite { - val storeModule = MVStoreModule.withConfig() - .filePath(databaseFile.toAbsolutePath().toFile()) - .compress(true) - .build() + // version 2.12.0 introduced database encryption at rest. the following code attempts to perform the migration if necessary + val firstFewBytes = databaseFile.inputStream().readNBytes(ENCRYPTED_MARKER.length).toString(StandardCharsets.UTF_8) + if (firstFewBytes != ENCRYPTED_MARKER) { + + // if the automated migration was aborted while writing the files to disc, restore the backup + val unencryptedDatabaseBackupFile = Path.of(System.getProperty("java.io.tmpdir")).resolve("v-rising-bot.db.unencrypted") + if (unencryptedDatabaseBackupFile.exists()) { + logger.info("Found an unencrypted backup of the database at: ${unencryptedDatabaseBackupFile.absolutePathString()}") + unencryptedDatabaseBackupFile.copyTo(databaseFile, overwrite = true) + logger.info("Successfully restored the backup. Will re-attempt the migration.") + } + + logger.info("Attempting to encrypt the bot database with the provided database password.") + + // retry opening the database without encryption if we encounter an error + val unencryptedDatabase = try { + getNitriteBuilder(getStoreModule(databaseFile, null)).openOrCreate(username, password) + } catch (e: NitriteIOException) { + throw IllegalStateException("Could not encrypt the database.", e) + } + + unencryptedDatabaseBackupFile.deleteIfExists() + + // create an encrypted copy of the existing database + val tempDatabaseFile = Files.createTempFile("v-rising-bot", ".db") + + val encryptedDatabase = getNitriteBuilder(getStoreModule(tempDatabaseFile, password)).openOrCreate(username, password) + for (collectionName in unencryptedDatabase.listAllCollectionNames()) { + + val oldCollection = unencryptedDatabase.getNitriteMap(collectionName) + val newCollection = encryptedDatabase.getNitriteMap(collectionName) + + oldCollection.values().forEach { document -> newCollection.put(document.id, document) } + } + unencryptedDatabase.close() + encryptedDatabase.close() + + databaseFile.copyTo(unencryptedDatabaseBackupFile) + tempDatabaseFile.copyTo(databaseFile, overwrite = true) + + unencryptedDatabaseBackupFile.deleteIfExists() + tempDatabaseFile.deleteIfExists() + + logger.info("Successfully encrypted the database.") + } + + return getNitriteBuilder(getStoreModule(databaseFile, password)).openOrCreate(username, password) + } + + private fun getNitriteBuilder(storeModule: StoreModule): NitriteBuilder { return Nitrite.builder() .loadModule(storeModule) @@ -38,7 +100,15 @@ class DatabaseConfiguration( .registerEntityConverter(PvpKillFeedEntityConverter()) .registerEntityConverter(ServerEntityConverter()) .registerEntityConverter(StatusMonitorEntityConverter()) - .openOrCreate(username, password) + } + + private fun getStoreModule(databaseFile: Path, password: String?): MVStoreModule { + + return MVStoreModule.withConfig() + .filePath(databaseFile.toAbsolutePath().toFile()) + .encryptionKey(password?.let(String::toCharArray)) + .compress(true) + .build() } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 388f6f8..7322acd 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -9,6 +9,9 @@ logging: level: root: info com.ibasco.agql: warn + # nitrite is logging some of the exceptions before throwing - disable all nitrite logs since we already log all exceptions + nitrite: off + nitrite-mvstore: off pattern: console: "%clr(%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}){faint} %clr(%5p) %clr(${PID:-}){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m %mdc%n%wEx" diff --git a/src/test/kotlin/de/darkatra/vrising/discord/DatabaseConfigurationTestUtils.kt b/src/test/kotlin/de/darkatra/vrising/discord/DatabaseConfigurationTestUtils.kt index 32917d7..a572718 100644 --- a/src/test/kotlin/de/darkatra/vrising/discord/DatabaseConfigurationTestUtils.kt +++ b/src/test/kotlin/de/darkatra/vrising/discord/DatabaseConfigurationTestUtils.kt @@ -15,6 +15,9 @@ object DatabaseConfigurationTestUtils { val DATABASE_FILE_V1_2_x by lazy { DatabaseConfigurationTestUtils::class.java.getResource("/persistence/v1.2.db")!! } val DATABASE_FILE_V2_10_5 by lazy { DatabaseConfigurationTestUtils::class.java.getResource("/persistence/v2.10.5.db")!! } + val DATABASE_FILE_V2_10_5_WITH_PASSWORD by lazy { DatabaseConfigurationTestUtils::class.java.getResource("/persistence/v2.10.5-with-password.db")!! } + val DATABASE_FILE_V2_12_0_WITH_PASSWORD by lazy { DatabaseConfigurationTestUtils::class.java.getResource("/persistence/v2.12.0-with-password.db")!! } + private val logger by lazy { LoggerFactory.getLogger(javaClass) } fun getTestDatabase(fromTemplate: URL? = null, username: String? = null, password: String? = null): Nitrite { diff --git a/src/test/kotlin/de/darkatra/vrising/discord/migration/DatabaseMigrationServiceTest.kt b/src/test/kotlin/de/darkatra/vrising/discord/migration/DatabaseMigrationServiceTest.kt index 01c98f4..c583c18 100644 --- a/src/test/kotlin/de/darkatra/vrising/discord/migration/DatabaseMigrationServiceTest.kt +++ b/src/test/kotlin/de/darkatra/vrising/discord/migration/DatabaseMigrationServiceTest.kt @@ -7,8 +7,12 @@ import de.darkatra.vrising.discord.persistence.model.Version import org.assertj.core.api.Assertions.assertThat import org.dizitart.no2.collection.Document import org.junit.jupiter.api.Test +import org.junit.jupiter.api.extension.ExtendWith +import org.springframework.boot.test.system.CapturedOutput +import org.springframework.boot.test.system.OutputCaptureExtension import java.time.Instant +@ExtendWith(OutputCaptureExtension::class) class DatabaseMigrationServiceTest { @Test @@ -226,4 +230,87 @@ class DatabaseMigrationServiceTest { assertThat(server.statusMonitor!!.recentErrors).isEmpty() } } + + @Test + fun `should migrate schema of password secured database from 2_10_5 to 2_11_0`(capturedOutput: CapturedOutput) { + + DatabaseConfigurationTestUtils.getTestDatabase(DatabaseConfigurationTestUtils.DATABASE_FILE_V2_10_5_WITH_PASSWORD, "test", "test").use { database -> + + assertThat(capturedOutput.out).contains("Successfully encrypted the database.") + + val repository = database.getRepository(Schema::class.java) + repository.insert(Schema(appVersion = "V2.10.5")) + + val databaseMigrationService = DatabaseMigrationService( + database = database, + appVersionFromPom = "2.11.0" + ) + + database.getRepository(Server::class.java).use { serverRepository -> + assertThat(serverRepository.size()).isEqualTo(0) + } + + val oldDocument = database.getCollection("de.darkatra.vrising.discord.persistence.model.ServerStatusMonitor").use { oldCollection -> + assertThat(oldCollection.size()).isEqualTo(1) + oldCollection.find().first() + } + + assertThat(databaseMigrationService.migrateToLatestVersion()).isTrue() + + database.getCollection("de.darkatra.vrising.discord.persistence.model.ServerStatusMonitor").use { oldCollection -> + assertThat(oldCollection.size()).isEqualTo(0) + } + + val server = database.getRepository(Server::class.java).use { serverRepository -> + assertThat(serverRepository.size()).isEqualTo(1) + serverRepository.find().first() + } + assertThat(server.id).isEqualTo(oldDocument["id"]) + @Suppress("DEPRECATION") + assertThat(server.version).isEqualTo(Version(1, Instant.ofEpochMilli(oldDocument["version"] as Long))) + assertThat(server.discordServerId).isEqualTo(oldDocument["discordServerId"]) + assertThat(server.hostname).isEqualTo(oldDocument["hostname"]) + assertThat(server.queryPort).isEqualTo(oldDocument["queryPort"]) + assertThat(server.apiHostname).isEqualTo(oldDocument["apiHostname"]) + assertThat(server.apiPort).isEqualTo(oldDocument["apiPort"]) + assertThat(server.apiUsername).isEqualTo(oldDocument["apiUsername"]) + assertThat(server.apiPassword).isEqualTo(oldDocument["apiPassword"]) + assertThat(server.pvpLeaderboard).isNull() + assertThat(server.playerActivityFeed).isNotNull() + assertThat(server.playerActivityFeed!!.status).isEqualTo(Status.ACTIVE) + assertThat(server.playerActivityFeed!!.discordChannelId).isEqualTo(oldDocument["playerActivityDiscordChannelId"]) + assertThat(server.playerActivityFeed!!.lastUpdated).isNotNull() + assertThat(server.playerActivityFeed!!.currentFailedAttempts).isEqualTo(0) + assertThat(server.playerActivityFeed!!.recentErrors).isEmpty() + assertThat(server.pvpKillFeed).isNotNull() + assertThat(server.pvpKillFeed!!.status).isEqualTo(Status.ACTIVE) + assertThat(server.pvpKillFeed!!.discordChannelId).isEqualTo(oldDocument["pvpKillFeedDiscordChannelId"]) + assertThat(server.pvpKillFeed!!.lastUpdated).isNotNull() + assertThat(server.pvpKillFeed!!.currentFailedAttempts).isEqualTo(0) + assertThat(server.pvpKillFeed!!.recentErrors).isEmpty() + assertThat(server.statusMonitor).isNotNull() + assertThat(server.statusMonitor!!.status).isNotNull() + assertThat(server.statusMonitor!!.status).isEqualTo(Status.ACTIVE) + assertThat(server.statusMonitor!!.discordChannelId).isEqualTo(oldDocument["discordChannelId"]) + assertThat(server.statusMonitor!!.displayServerDescription).isEqualTo(oldDocument["displayServerDescription"]) + assertThat(server.statusMonitor!!.displayPlayerGearLevel).isEqualTo(oldDocument["displayPlayerGearLevel"]) + assertThat(server.statusMonitor!!.currentEmbedMessageId).isEqualTo(oldDocument["currentEmbedMessageId"]) + assertThat(server.statusMonitor!!.currentFailedAttempts).isEqualTo(oldDocument["currentFailedAttempts"]) + assertThat(server.statusMonitor!!.currentFailedApiAttempts).isEqualTo(oldDocument["currentFailedApiAttempts"]) + assertThat(server.statusMonitor!!.recentErrors).isEmpty() + } + } + + @Test + fun `should not attempt to encrypt an already encrypted database`(capturedOutput: CapturedOutput) { + + DatabaseConfigurationTestUtils.getTestDatabase(DatabaseConfigurationTestUtils.DATABASE_FILE_V2_12_0_WITH_PASSWORD, "test", "test").use { database -> + + assertThat(capturedOutput.out).doesNotContain("Successfully encrypted the database.") + + database.getRepository(Server::class.java).use { serverRepository -> + assertThat(serverRepository.size()).isEqualTo(1) + } + } + } } diff --git a/src/test/resources/persistence/v2.10.5-with-password.db b/src/test/resources/persistence/v2.10.5-with-password.db new file mode 100644 index 0000000000000000000000000000000000000000..0bdbadaba596e8300ea4e1704e471c8e7ed3dbda GIT binary patch literal 28672 zcmeHQ3v?S-nf_-qBgv9qv0~?4jT|RU8cUW&Z-+MHI1M#%-fdcv25U4ka@5F@B8_6F zWQ&p(+TGG6O%rHBQyd^bA6qzGwv=uQ2~bK2WodQ`gY3Ezxsf@I}J!G^SlQ%2vKCjo?Ds3yIx3~LS zrIaG3+kLH4P7zf_Zudp~exKhj1tO8wL?+iKs`#RvN-m$wq_LMsDXO$h$+d?=J~*)R3cD`KqUf|2vj0ai9jU+l?YTKP>Db#0+k3U;c0L#& zoosu!HJ8b#?Ey3ec*9a0)Bb9*PiYS%Mza3C*0eI9wg+3)jMVN+L`81ueu#bGP51!N z6g|)B*z)jifz9W@naTBf~bmVg4uI^-B9oYIQ`wJ@{+V@Qpz(BU2;R--;M__?wJHnB zcJBB;uaEypWBd=4#(!+G@x#;f7Mh_k#2^6txIu3z>6Fp_>J&v$|3En%AESnYbJ>Kz zsLG^0E0an}&J$ep^tY|habZgcj#+EOJ|(Y0y#Wq#;@imCMObiaz#&Wrk1(C}=x1G+ zWf|CWYTlt|#3Nj%wF{U$x@GWnn`o+^5m>8^qk#d(J=)&8t>(Ncs)al`iS!a`jftV? zKhRFceeZ;C+N46AoXks^oV-!Vp?RlE#;^T4J9s~En)QBjGA%0uo-TnktyWZ#TW*7` zZ%D70z|;+OvAH!Xl)RKnX4Onig+<+*0By%#f;JA1*nB($jaqD4+6~s&Om?-1S64&v zKW+L|w^7X{5$#T!C7EB5%&EInSW>)9__?D^%9O6PHc`#=C8f5GnAyBMlOgV-J&mxC zyKRV-W7~^QYt(Jrce#_4d{^wGtyanyms%#>vBR7xz34ZF?T) zz64b`^z6(f^RA-n zs(1_I$)dHXIc-zYlH%#h$V$qyH(a$*Kewwh>7?r{JJ6qkn_4&cLb=bN}&D^cJOY3j=RUBBY0tSoI-TqF&R3(e_nLFcp-FH4Rl<8UUbN#=qR{$ z80dHi(eY3@I_!uJE0~9&ao^B~emyZXvMx`Re)SmWSU}oBoIdd^5@|hWbZ-1*&|92@>7HW&K`K2 zW}plqzaK`(>pDWH8tVx&tFwjFC1MK>A3q(LVJH;#1_C@E^ap*Rh)x~SNF5@>)S>q+ zQiqQK#XUl(!y_f?@aVbJ;mbO8c-Ei}kCmvyqmxkw=Et?P#Z1v(V4RM=;b<(FfF9ri zQio&>DFTu;GKF`^$P%1{t?4WQ`I=5CaUClokVxF-qY z?6-0(aGYt{41F3W3nZh0h1hjnPS;gX8;f-S?di^Ne>UHFX5aTdHvc8=PSg94F?THB zJ`D95)l$2r&=*&7A9?uTJo^FdPMUkMF^jx(pRn+m-;JRWoH)BnRsjKW4nB}x4PI{U z+$N^eN=maXst<+vXduk1a9K7b?ox6cuIHGYNp;tX;s>J1R|9TgQ!xP+t~Pdq;Dza&7xovurt9)b zuIP$+p`bynu$oyX=JWlo_~2Z~;uGfKX^*qA9i4|VR~)+rj{R2OS@fXObX$H z-=+ft*$!ls0z-KRVjlv(UL=kwHejtxEoGh&Ugt-uIQU^F@ntWXbDjjpGvcC<)f!yef2scO=x!A>pd z)M2Ndbf#ek)mlBufqG~pohIzeAf1`mnMFFYu``Es=3-|a>0E{#C+Tq5X(pZdnx!6E z$gc(X)IyEs;d1OOBLB7+J6Dj-670B1Cybp4=|qKk&D06)LOs2d$O-s*U5(Yk7@CNg zyI-wm?4if<}K0I)*}Xs7wwi z?h_5qR#_)>t-fOD5DUU>&UGvXpO& zM(@z5trYH) zVcCY4xj#Wy^H-an0|jS>kT!djd2PQwVQQvstN*1he)XUFG7r#4pSQv?0U(d7RdX-w zz!j{TYta7BF;qPR)d-vEPb(-q&#WF~Rj^@MitA-c?rGWXgc@Ji7xjkxyw?{F;^M*- z3Q1g%T0((@Yy&-xE%Mp13c%cm838qlB0-XV-{XKIfx&a_3t$Z;$sNnbGDzya$YBv*N)}lW2ksK zS%-T7jyJ2yNw0HKwt%}Fg!NJt+WR+1d!rvM;q>1KPOl$>(`Ya}ic?usFq@cgCft5G z62jS*54+=`NWks)%Rxzr$UZ(aI@`9KJr}4^gZEN4XIm{*P473GSl3*Dx=ul^7G}~q^dL3p}ZY^f3%QalNx>{NgXQat6S!c+)_b;{XU2Uhy>T8qxS zld_p4$34EH8F)PWcm(hW;t?vE*)Zj^1-u+E;Yif06m5)`k4Vy>jS7W{XcWVeTx>M) zVSiw73B$)j(NM9G@hiyg@Uw~li@t~Lae!WIaRV4W|D4g1L?}Mi6QQL2)hYZX0G(fh zZ4v0lK922iF#YDF-s+nK_*ma0z*gTRz*gTRAnnia??C{|-`8RbU^#h5PS$f9=bv?O z(&-^*y?yLiAI~8#w68F3F2i>nWsr$W^Zt1~fj7Fu>);(Xj56?E2)mO&7q?pwx|e1I zF_8wCI%y#PQ7`O81!ZTCq9z<#+Z?v)NNoya6Ka8QN3YaV4sZ^Sag8}YQMi>l-` z{sK0MN?yaTNnDD&M%L`25yX2jui+Tk8O-BWn1aTmM8@&`kvzr3gmC-}vmqG|N5i_`PN%XrTVPDW2Ovn+xM3Q2YK&{HYfU#2arb%YDCz;_4 z?2@??JI#lU=EaD$WDEzxYhJR3lM=;qyy3IQo5LsahEJc+8_s>cuH+3LV-2s?t>N{Y zsRj+<#6^b}{k2%v$vp$LvG-%{8m*w+8FaXpY~ix5O zaqkPiKreCL)P_c5*U2iZP&4O=(O5<=X#GG|Fasknv}GWVy*l(9TX&!ZzKS?-ZD_@{ zlTI~yaBFoB?g{(rY!yYDoi`FIwByUAdYp4A3>rQ9%I6`D^3I$hV=X{ZOyOB?+WLmv zi9Y@$*=2SoY`x$4=)@wENfua+2rIWku zNqJrHvj;lo^SjT!Je_;upTF_b_0_I#HywGcF~2HsGu2!Wt^yOccv}5$yZ+})wuS%6 zXC7Jn)LFkHMG8yT+a5Ag_4Etp$>~BEbGs4D?MC0Bx!v!>OpR@Vyero62r_Di#?B;+ z`jeRQbqqyLi0h&KG&^^w{lpNvUQhY1kH1V(zSonKFZPU-@5`l>uS8P55-eJdx!G`JS%`CaQxo^J4E{f+h%lx{sG+2a+lGHFYyL!C^?6lBi(N&elcTp)~2p7!| zDVpi%Au6`^GQ82caX)rLla08+&L567GYFQg(@WXl9fAL3X)r1?_k|h;<)z{j=Qj&9gss2cRV6_-QfsUZAL?pXhdp$$!-`F&rwrPn7=^Od!;<5 zQl9g-Rh~l~vaC1RDBACoMsEv|cRXq;X|fSXW+~k@Mxz$im&$&pT#&uRVqHpCWHe{0 z!WvO4TCLWIecV>fdcAFD# zMmr0+F$pO>=k8}v%%GOK7AS5v(NfEambz*pEyev}jF#%CwHkNQA!6#2^`l~nNS3M* zHDxAZiON>ZV5kQAjf>D45RI`j#71I18}*V7uXLL=w$Z7VE}qAl=bXHL(HOpY_}(3y z{I-0hzq$zR0et*Ys1GcZXXk%5qnQ^p@RT@#6!|;rgDlk0`zY&(7Aacl__riTAc~?y zL{YNoB1B1iyeN^*5hVvMN|f}%&cUi#zL7ggja4Q7j}IOO9*=`q)Dd;%?o^+^nXSFU(hZ;&J1qo|C0VL T>Ho6-MNbT%{tsQU{Qv(0>&IvL literal 0 HcmV?d00001 diff --git a/src/test/resources/persistence/v2.12.0-with-password.db b/src/test/resources/persistence/v2.12.0-with-password.db new file mode 100644 index 0000000000000000000000000000000000000000..bc0974bd21ba7197f8a69cd4417fc921d0af9bb2 GIT binary patch literal 36864 zcmeF&gN`W5vH;MrXZF~(ZQHhO+qP}nwr$(CZNB>*FQ>ntvnr`hp~V?ZY>gZ}?46;` zfBaXgwLg{t{yYB({3r0Az<&b&3H&GUpTK_t{|Wpj@Snhc0{;p8C-DDFK<3Ec$p1*R zg%QI+0jHaKV@{E%+{s8MU(WvD&M!&6N z2I$~CuDDW66aYAQ;uMh7V60cbjjB@f!`w7SM}D@QqOEFck{rQSC}E0zJOV!~-AkN=wA;c^NJVm5kBHuiT_cEY#Nq2}+|3WK_6~GY z7}9#?)hut|=Iovnz^VWjhCj)pe;q}EEWvy;U*6`5`@! zTZ`LS6n{cX0b1$-WNGk~9zQ^DL&@@F%;bT`a;g!U!GZ^XKVcJe7^k{1@kcQd99_+M z1HY}6%vNW>W?tRJEgQgcO&N<%Opwdi7gPUuQj&EQU6u5=aUT zsY(=sGqX1)l0Mk7AwZYI|8x;FN|YN<+FbaclK`1+RoK!n6nfEJTUFNh{on?$6w9bz z!z|Hw<<{E)U7rCn`JD3&Z2NUuVx z?3aFL4;%n+A-@&yBUl~vLH2~8 zP)dVFNHBz=->a>ni$S!6Fy7kvFn>kQYi#Fp24gh3(m3j*WzTcncNjeuh>AFjuFbsx z>8+fsT%oTOSH!LC$@<1pBY{JFvEP$Mu>ZafKorgq&IvV>HUg_A)*`T}MlkM|*kg2w zuT4^E>N@iIr!!0I4t-;61W1cg#uu>K_H9!A3 zZe_eg7CdVCVbKEGu}ewj$w8XDL`52!*trL_CvXB|?Q=DJT-$a?z0ol<@1Qun&90Ig z!3Y%Rq6C7a2n2e*1wBxZxqMIOXp#`GR6c?3{xP^j1b5L@|e#(!^tror8Tjll+|N3~JR#d~0j@%c=8* zeY89?WVASNONid_{c})v9igRBLXVaj6Q__smb?-+( z`eJ}Nd^Hy)xD4S!$iA!|)SnRlf&>#A5={EVv%u8lo~W*6M_F?-mAZKePQ22@;u|iE z@+uEgQNa>ovybKq1RzAb_~V|Zkxh^D_jBkIzeG>kUt$5K2WEHI=`0GyhZLF6=_W&d zz55Eu*A~$F*4bMba&#XG&t0!`dt;#)3z>It1A^WasBCHjv18tlLwVCOZs)A&uhR`c z{m2l||3nhAEJsrxtIpSX31fl*Yzy2v~f5Wu6^@G#RqH&6!C{=(sFtgD~6=hf2 zqX>^S?)g=+;%SB=SMb?Nl-^^?53g$~rmHWUOMrXWccaPw%Wv(0sK{w5Ofr_JR>lK-x@0 zSWJ{)Top}TH2wDF-Q0Uz-r<+;sMl=#{fpz|87A?QFbr!mUoP5j>@|I5Uo(Y@S;Wnr z{FL(gvE#X>{G0&IWi zIi@*XN$++il*y=wFVT?rAR^{qj?w@?N5aWD%C5rs*o(Ki&!Mvf62XY!_YOIZ&QS zpo&)XrPLM)%HB#Wt(re+$r}kD&{DHQe_R@UFk0Img1ehrf(*w@WEh!P4dYKOyyQ^( zHlBm#tH)6_v14RL1zh+SwjY!UMi=i`hs~Q#u#O^?w!46M)dI(u4ZV6KBSzgDU9*`w z&jQ4)S=F2nQA7}I=~Vj+lbOJ*U-pzc1)GdP)F6GlrinHn!OT-mmoN7V2E(yNOWTO4 z#HRa+MQ}UqAu`ker73zk(v0k2%jn}SxaBI6+u;QsMe?}Sd?2QnWF^n2<&`Luj3 zl{oa=qY~j}FMX0OX!`i&lw9?9u7Sf8qiy;`@iFU2E`Ep#hR0eS9s0>NAc#*50Kb^9 zJ2-_=!?+>V>uYYSCgk7nSsrNuSVBYmbuC(@oTM^v28m8Rn&}ZL4>GMo&9c#3+P(A$FOXoJR?yCi@AJxai~Hx8pL@kWaat zbTlOfSP6MO+~lo+zi-?L4HKREydP`kHAaW0*K`J*h)KroJ~9N8Hv(K_7n^~S6Q$w&4LROFEPplU zWF~gpi?PqkjgDnRWv4EoVQTGbrOT&ywT`vga`P6LcToamKD|M0biPKoun^(mEHcEt zpx`&NC`%f8v)5GPj-Pbc;Ke_Noq74Wxgvrvxq<6*?xN3*H`7BnNVT14tw7NT>sjVqY=*hnU%b2m^<= zs*nM4riX4qsYC)g;wixN#k4c(`S@;vse?prFa?;UiaZ*!blGwrcOyt_xozz2Lb{PpTkUDr326-6`wN z1e)r^FCY{Axj?u-H7Z!lUF_&ND|PeUhZ@1l_F+8isfg`t2?g5?@M|vY64M~wXt^$q zqyk`^15I|_-)h&n9uUf~yjTq41N>|lk_V)sa7_T5NK=U0cO9LOuO>XF{LGVR;~_hZ z{P~ymPa>uo+COm2Qj({$hiJ2nRm-^pPN$>a(m}TfH0FSp$=WlectVxF4N}Hdv>Ab2 zlT1Ln*{!~wV8`kfO93C@6%f>IeZz)Fa%0g%A0U>rcDk8=XqT)THkM~wY^ETSrS~o~OV`>Opm0D`l3Jc6 z67tW9QHY}Ly716bb9)zxRHoSUCjkxyL33zl=nV?PO)7sAr35ABk>nXeAFskWQP~)= zkl^Q2csG;V)4_<3Ot`%u`u5&lo^63Y=|u*j1v0glWu%ck?C}ut0*XQC-Ij495e-V!)AB`mO-B&%K&waRR$&d$e!7@_hfgWUKm2E9* zxJHzldD48L`U@F5)pXD#Dtyv?ahnxn9)9UD7W0flPk&gMch}kU$I(OEdkx0G6C$s% zs#c<3tAFi)@Oy{SP+*5Z!IscwMV?u0Q(qX3XGC6x-@MvE-g!`~!BlIxs{6;*BTy5~ zlF0toI)okcoDRM9`ynlZn_Z+RX??#NQpfX3aK1eIGmb8|Y{4sP_8A6j+OeZ zc15P%Et6U^b(RjGj*oV#3gcyElmfY8J^a6$%w&dF^-Mi^8FM$N4H3Te6XPI%g@sUE za7WSxKN9oClBW{<(lh>p;h?+#s)40aGl&?izUBK1)Qg1q{yC!RTs_6wv_;`!< zDe}&k!j$T9i2auQGxcFYB!T`1E%l1UNJO|luL^a{A1_}nr;AiZNsIUOPoi-`D6n`y zh~e9>KzNU{!l}$lUBwBFYW(vmWdZDJ7&I$jqpxNgrqoKYXwK%B&=v>61PjmKi#Z~r z^q)ua;Y2BMFB-3M2S5>VBM(W1 zkl4imU^=XTXwBa2-@E4{3`+-EUH?{XnslsQbARrw8$~}*?ehc^8`0-zqPk6y&($w@ zLLVE?33sh_9S8QSh8ap1Xj}CUt~L_r%i|eZ+iyx%^iA1hGi6P;gn4P1d6O z;QA}dG|}4(DkWdDt@t?eA_4k$X8Mlf8Kk5$ekn0g)(rM;?sIZ&3ui;XI49m)P{Q$Y zD$wJ+$rp%-OtUiTZeR*af^8bR+r%!{)ovNa;vAygfsrUdp7!VbQwl3w`pTu`4CkX_e0* zKdYIjfY(8o3MCTbs;1+5()P3jZGqV+4>yCTth-7)$%d9L{^oF|=lIW zIlcS3iA-lCrn-t+Km7K~@ux_SAFDFUa!iVw>){W;?%0}-ix@wHD7zf%Mxi~E`#y|W zm`GRA7$yM2>Y4dhcU`0?<$+vN4Y(EZu9rya^GZn(cN=Flp%gI|Ujym01&oBp1ETp& zb4@l+IgUF5FkyrCbr?O1VtqKUstmhkQ#kgr|tA)ZELir9$}o6v;%?3OyspUolIY+4|x{Xc{Z9Z5!ig z14n+tvso)A6M#fX*{;zAo~JdfrK+hSThvC(vT;=%{FXoivqnu=VMz0~C1;jq-B2_~ zez3j?m-xdlA=dV^&xw2U5VeJp(scevgzXYniB{3*rQnf+XskG&Ov6E?Hp$^PVj;n8#dW|gxfCJ zDypOt7Y!+~lmMKu2n}Q#k6DU4BGU(atS3^FjElKGxA`+rWc(T;R-c1u%As)CAj*{U z9GOQ6*F%M&S<6?(Q3fOPc6)JUn<%u3pp_dVgEMsU&J<|rU;haR-l*CNLc_VfwNE%@ zv1)BrfqbzrRu{&leg(kVaQzdOh!3p=ggYCA_y#VD<)(QU=_}XMy;DkoO#nTS^f@s- z-Td#TpfqmT;13+GOj#L*w(EG`E@KCEtBs^ps#q};*2E}!B|jV-Qbar4qal$7NWxrMX2XzoSX0%-|N1lpe=^z-WT6Wth7{I7Y`7AX0`wn?k9E{Vzc-<4T4Bk#U zZ-_9u2x5h=Dv8e+XS+TIZ6A^_?n4{;0LCu3k>1wpy{xo?SmpeYykI<*E5OA1JUARs zRFbsy+7LN|f@ZVJwjFFNht3IAB;tn&(mcnZI=jPoHY)`i;!TaMJ;bLi;htsBSr7!Y zmVJVldrXdZ#rnD@>^D6C#zW<}n z(z}|biLkOO9M`{rr>h6l`VUwc4N9!ATdtC~NojmZ14ViC6PYwXu3Yiw$AcLyVUR77M< z`b>nElRu;S4u;U;u3P2eC7751k{B~;7a0GUx({Wl(TzD4o%Vu4LN*&ccE%Rm+P`kE z2JUu2{r;)t3Z`7&t@^8=yfOQCNUdb3V~>Mz;^pgnw~+$Jkr|rkEHIE-uD!>hQ3lm% z>Z@k_p>m2GfY@gq`MJK?gn2f+w^Rz1Y zgo$4jBSWt>k5$YL!|ZNBh^=Ok`(D3fD^_^WWw;>c(dMfi%%`hs9@y}9k+r8Z7Ac*G z7_2Q&-502j8FhBmUyq{)3VBr`eYQ9SzEx{eOj@V&3+1rs4# z%;{GY3vAzRSb+DZyT0Bs)L1MT$nt8N=B7p~wG{%{5q}ueT*O0LY<8X%t0(ID@XETa zR+{ap;aZu-^~>bg+&%A=G}fbX%Og93@Rg8PKl)iKd1ZSyzvl{gda=D#%UVZzGW8LH z_heevuE<R|p>NQNmfTZq zNp8!Wlu(=q4O4V$5fDpeq^pJy0{6Q)HQ;!i1%p=P7AXSyFMUuE2K{Tq@q~0bz~wAb z{C+8_ZYhyx@OC*Fx??@iQj$ZRL=@=PhD?;uySP(TdXX`~8M`BrieMoM_~PTSnMw1J zPK2Zma}vG^aSv&<@MpDr1FbfCA@9$Hq$D0VjV`6FHC~^_#FW98S(`jd?$SD+d}X5) zaXfg~kPggVcCw0Z+DZ2<0VzVz=^i(z&20VL8tD z#y0S921^VdHnQl9zIq8d>{%4&1qoN>QzNztkDIgvjIfPn*yh*+tzd75aOtro&fY@g z2<}-&i#6E6B9G9jR!>N9s$}^n(?DtT514B(%G(mwf+y#08s4fjT9`xoTIZh5W8B4< zyJpc-!%6s?*{SE+EeFV-v0;cgeyb5iL9PC+pjmxkQfyEeBYvxMoG$wva?LdEXQspM zj}dOWk2?G)2mTbcsyl_{0zpf~V@$cXCa)k?fCk zhDjX2;y_%gi;iT`XdEj4C5&ZTY1Vwd^T$iC0PJArzy6S z!eFIq9hhG|$PMK$Tu>ii&y?Ohl` zE%s{?Z7$hhrK?7eey)$UZipCqpts#;6b1Z&{U>Kg7i1lQP)T@I@p^+nYU^e_gD&21 zGz!s1Tco&W)f}OFYf$`_C;BTq1UHfS&)8RR-S(>Z*#T7y%O&!+zG@np+XQ$Tw&jQN zXF}1HN54NPo#$?8o@PLFjyNw`MqlvEO`9B2dx6b3EunlmKH2HSUK4`2J0_=< zisD9bnXhkN>Y3r?<*vzk(QnjK>uI~~Qk&Yv!sD5Z2BCK5BeAY8Ha3$7p@|ZvAV|`eVv#eJfH^CZA`SaO)7sPm zSPiY;=hXGxYIBtzNyAPtjbVY38m_l68GtVf|w=w|#(wJf-*kVMNvG503)+>#KwkbRBu&ROvRPe&6{pCdl@^;TIo1TCko2= z-iOjEeF>4V@|9*tNA?@jOBi(uU{Zr1xOADY5URbQkdIle$oN*Yuz|JLIMHEd<+!|Y zbEj^)yowg8)BQ1S&UNE4?M%gIqA2w!KI@vq7O4*;_zxJe2H&6;VN%-9w#hZYVy_4eeodFoi}ja7)YpM7!F}Qax$R1V;$K@1RQRtzjCj(A zZ;*3~$2sEMnfB1tk3wVyl=1??H3lObl(RcsS5>_8Dp{=N9UEKqy#CQe6(cHVt)Q5d zNH$nV#pORfGl(kyDuw>7j%y|TZYn7ShuzYpG^-2&7ebgHnN;^W#TI4QgksfD9kv4D=%@LQW7i)&K824XiTM_HVET;o@}Z-6G;(j zW`-G4SvCIY#dsft{Vb0k6Z%#1{3H|^rxch3!I4&OAF5oEzBOTK^46>dZcSLZeiy6_m2ZRabC$tEZX z!jf1p~rf?GSeV7(s)84i2)>${1CEAR;#jf}8M8*e8lX!xFxy}07!i9wW$ch34` zi!WRiGRn`)wk_FM1OjJqvjDvh&@Og*qmC#W*4C4^yOO-m3yaxbJ40R1bY^ftLBHkq zcVI-T=Uc3KeE!6%rDwRNI3BSD%RadoLQj^?ztX-YF7i%`dxHySa!-vypP>`wf8*xd z%=J@wx5+(TYLAOlEAOmaKiKY+G}IbX%;nHG-)a~g?Ta3w5GnQtwP=YjbsmF^XaA$i z$Qdk+e}if(Yr&&#W zW~9jo%@Wpkj9V3d-PPh09Be>Okm!>5A&d^G12No+gPRJ;_yyJJ#cZmpG~wSXC#uXU zY#!(=kT^Xa24R4iCU}@4kT7)hHZ)`LQ$r-;XC>0r zhZeGx7*z88w`8=5m45GR?-C5eLX{fIBZZR$Fe}&z8@=rcS2;}(o`oB_nc#E_ZcZ!c z4e|FvJ){&3N9748wlAkBF&^vi2%7-!p$zUcT|yz0S(^C481-HPye34Yg|*!Z=o5QV z?uu5bJ91DUbqt#&^HLHHZk1<%K`b1qJEM^?g5uhClwJ!21KDLYfz5J(spkOSJIhk) zuG0NL9^QCoiml7gX18_)>X>kXY;7oEs?@v$^`#jOk!4gV7cRrdN_48O-$uBzC$a+4)UsTAZMyF^Xq&7+8QxaW{gSR44Ac?EWV63i2P8d^om;^`rUn^S3?( z?ugNy0;jt(5{0D$(aIcPdpCk#CO87y?vD2`%~!;z+MlgWPMfwX1XA*X zW=OD^-_X48HhbKqwjTy+8t?64;sDbx>sO{qA%25L`Nc1y@5lBeM;66T+?}k(m2g~y zGzOOU+9%h`(V|@_EFo{E8}c*p)HyiaM~*F(;Y%abfKS3()2$DMpuXarjp8C{n$7{3?TjUMM#4O(m_kw>nbKNwNI6K_$7#Zkis#^LOLo0}} z?X+n!7!OQH%f>0P`Vf?KXneldF|2r2pVnIsJ=VblRxBx)8mQPn7ev-&(b!WLe)coa zPq0At6>;}=Rd4~<5a3__AuP!t(<7{ydRO8q zZaG7SEWCz97n+GeY~z@}i=?jTiy&laUykm z6F2T2yv6iov;&&oktYRJy?XAlsF~LJ+&i}<6)xB<^=x%hGQvY?F8Xo6xkQzYU}C&x{R%HOsqpHg0MLtcA%$BeuZ%MYXS7q0FAlQxW3|EaFg$XO2-&QuIC^(2xd>b ziop(a@9_|DfaWNSrpQ?oa;OF}fG0-S#*0Zratuza@x;pj`Q7oiI*!fpIhhiPt@AcW zGnJ*;lCLJv4-!yVa@lQ>2T7W2nLAnDxz+lsC55T5ajquZgcN75 zOf7N+G%y*mqeS-wjB)6lIML@}<11x=T)9`QrX)81nwdiBJb5vV1QI062-DZe%{PD7Ef|V zPP3T3Ymf!hmyyJb+w5H>eBHM=Hsm+!fIpN1!VX!=PJ|MZ6Wb0&PpZ8|-RuclVJ#TI zw@vGtG<1Q|GS&7Uh5V{RpoeBA-|t@$%p-h=7@W*hn^pZsR;Qh~efjVj>W(GJ*N}g>;v>_E9*VOkH_F*SpvN9Ht@txODn1I0j z9@Vk?kABg_p85$iEtK;T!#3$Vo#{*f|NRBbfwE|8k+zS8{Y}LD8jvQg+p-%;!7G-_ zf_bXV8Nu3-I4R`XGcN)k;f4BuA-&*5!J&R(336i630%XdQu$u8x_kT;!zVzS@%6e*10L*Ukwnu}Ct z+Y5XE_O&c9lvPRgRar`q|JeyLY3{5eLuwHt@Nb!FNF=5z4t6Vz@!H-@t(e8WIORVmGWeT@0v2ZJey8r3wXC)*91-n-MM zD?3&m&bY>QRFWAL`jtmr;5X(TlcEwy&FwwEZ&v zoyhrO1XCI9hHvcighrufqzlA^*`MLeynM^xA&-3W3iIRjGWBDl41t6Xcc|f7i8D`-%hD2*g*gdRYan`A_UmtAeCQ% zu@7obyCA-uu?ej)%2%SU6yz0GyHG8nCrIvc?P2yA6q3})3_djXBg$P=$9mA6%>&)a zhLB6=_*f)b$_q31?8ua2O%P!`m=x*4Pu~n&jI=@eh>B`H7|ejJ1`qALAggmguKHb3 zuzQ*V&h}^}>))7@wzD3y3lo-r_y23KE8sZruL#YYAj2k!F3M7ymf&c$Zt)RC8&62* zlQu3z2*uCN(olIfL(j6Ktm5B1!YXgYHO}-mT=GL5)*jU)&s}%oC%-cwonE-$N)6^t z?XE|HQ>*5a^fyJgOb_=IIm zbvR!e^}&=Cinyf;Y}sX&bu-qF+>ts$?w1hG|3n|_8`02vKMnD}2AP~8BQrDCgpmgT zx44CHao0P?3okWzC`!*i^`Ab7!P+3TtHXihLBRRwD|9Is{r3i=EC+QdPT9A09o!;B zJSop#tyVlqpM@9n2*o>a@o&&;BgY9fiJBY>cHhP%9Aw!jA!i)(y{evva^^@jh-l5@ z+WuPM)6hZ*y^9B(2Qo#An}p#~yfBkCh+_ERp1*#_s%$#s2O0kf=abYKdQb_v85>t| z?`(b-1{g9B5sygB23+RAcZ{Xg^EFcKpxxNX8L$r(t?oM1wYYsfKwN6}4Xp%Z=*ijW zOLD&jV2>meFfP%L!I-n_J>pfOn)EO$4r+I{W^>0CG`lH}*d2dSftu8~u`NCDdA=)J zH3$Z|GELN@F@`$+YA50Fo((t-jBG##aW1p4G0VJ7Gi^foj6^5@Jkwd`<|$HT*={C} zUs1$ED3&QdS;h9yZaFMyw?G3Jf8{B$FgmQTA{*VkmD}$K)5N3Ehs$P-_58QL{!syF z5VWRVIf&CoG9)ub{wo5*Dt_kPog{u8?fv;)GACogdGw+6=!6}}dW7oTQY(LY;5X!S z71q7fuTIw0Ki-iJ@Q+avg+GJX$yqGjP=5wpu%+P#zM(Fk(4L6~P}LrUIu9w#H*#l8 z&`CY3Ki6VSL_<3$)>1FMFb=J6&CDdl$^S^zZYMy%$>iJCo+`nJL2A6oXOO@qwkX8H z7Z8tK)+=!McMI^zGccmmqWp~75D9}iJg-@+uuTN-fxG`J%Wu^xQY_Zp-Q*+n&#W(* zbR!$jDpW&y-M7A(NP@Vxq-a`Y%X6^UgJ`8K#w}Iba!n~EZ7rvFj#vT7w>ij9CO62; zhen~BlFy3dIXP`p5LADAxWr4Y?d?y7jNDe^g+o_FP_3MuxkzSyPOm{%1_;y(Sw?Cv z^7SPyJC5;WfkufsA?@d4%Dn_APCxJORQZRwClJ$Wx{b2K5kr0J=H^7D6+GVlQvYVv zCilh%))6203!U;E2n(1Ya*?!k85MwKN$wARDVoqYzBIb` zhez^$78c!;Cvp0sa!e-#Mhel=j;k!YY0tQw^%4ps^PF+0|74SVRaO(P$J(=m@=46> zx%jG;{uX7tJSJ=OidtEZ>9D+3j`H1_&UiUwi&JxoW@rTawHaM7P-JVL>oNv`KJo?c zavqYVtNYLv7S>O(Y{_e!2As>?T|{q6SY4qv4{goOOqbUvZsM zK22^%zVtpWA&``PXwVi*p28y{3)C(@#~n*%hnF^tM}v!9GouA`q6;kSwJce~-3Qax zl#Md-IM}pu=NfFV`CxwY-CJ#Z?!0fulbkiBlB*GB6YKvrrj0BNOhM;Q{6_GKJb$8? z$IT0}0W4t|LOsnO@8tU_4ANS&RA|+)nNF(`WXYdvtXtod)g5eubU@w|Q^|JQg>yn# z3O}3H!-fFsK19d_I14Zr<6ab4NY2_Md1jmdeZ;@XIly zI0`JFFz*9OhkN5NrZL~JW(>ogAT*s}EIXU|pkCq7pVa})bT#xKhB0r{(=fc&L~u*Z zdJm$~-f=WS6f$M)!f*mXFB!{C=xyo5qg{w`3VVrshAEsYewxr_RS8tDgd*u0)t;YA z`1Vu09f0{0dg@>M)b4p4zdBYU!yT!Dy59UETB>UAQbIRPJ?w#zO7GhM7%8`W(&Aq> zL{Kb|#`r@&*C>@KHRElDqQ-ZEL40<+7XjnkdZ5s50 zuj;koW#T~sm)w7vbk(}Ofk?V$R;Ub~{Y>y2SqSz;0G-&V!)M@=wr2JPd2Lfl7HRu) zlMnE#3MjOW$1RD8D}A9Rr1tw^azM%d`$^;{S`@Hv$e=zDPR(-egdJ$w zzb9-LW<&ljgiSYJ7+x2?7Jk@@znzuza4{EvKi@u`FzMc9#m9u=6e>SJG0H4ftd1+q z-*;w3B61+KHOppPE>4N^Nj<>4jE$87y-fL*V;8_&Q?OE1k)jwLc!9L+Y7$l7p{_k0 zNef`3eTl@2^=Pw(4w zkcb(-1;8PI0i6^->%XZ**#SPOQv?!}!1Z%l{l*A3D~e~u3NCb8?a#yc>h?BTCc48{ zqT<-1#h4u+wh@?(9*4iZ>sNsY>Bok&J$yuDqBS`2#R-kADJb^+oBCyh%Kp&}-Yd!b=>v1s!;k3X(%bjq z#rio6Sk=AMUDH|KDBOIWV*csi>8LykYN3aOX5wr^&fR`d8E7PN1h13syxiVr#L@0h^V zd6oCJy)V(((ji!UjX(RPEZVUzZ_ubBEW@%#YL$G=QKW<8tWTk;yffnl7dx7Xk2A*!?A-);{uy?}JpvnhyiLIh7V1VW^p$L8 z^phkKdSq-(>17;;y**jmk?d7L}^ucBzOuKYz0p2BUQcgnGBN ziC#fvxh#OnT%Xwwxg5=92Q`D1O4hUAu7i-$fH9#W3xcit{Caso(Y|kS+v0Tn;jKNo z53JN(GcN|DnszAF5}DFS)c80o!~^G}15Z!8v5a-8g!zqK9=V*IY*T`v?M-Uy7Z?_r zK21y{%$Eq{M`j@2hIH$cFn3ywR(F5x$g$6x7q7~tX>r{D`vwqvnn>e+%Gfw_CQEO9 z))R9Q##bKVrQtV>YWfzB$&c7xx3to6tg>vwdm+$<^`dsz2sz)rTPp5H$R0cILIC^D zQq8+r@@Bv`G-p;C@45feC1Q&Q50CPboW)mIbL;Yj8Nu}yRf%~k8{ZbH@vUvrf32DYG`swN-KMde1OvapS=`-5!4S(Kg(c-QGtLwv{dO@7*z zIJ|`3f)2i24`1@&63dS&fIDUPn9)L-8Qsvm2Mw;;i5mcWc)xvSV-z^k-K_YCZ;5Q! z^2TNPSYtHHB07U{27at5niYCTv+te(UaWK4INaOJoe`yqlq;&pZAo;X(-^q>Tp7^v z$9c)C!0G6G*Kb-$8q`>CdG;GT7>Z-{Iu2`MPWSK$M!gM((m zv~w{K*xG2*Ve6cEr0X1Bri(~B^=f}#;JSl{<3!jTB92@2rQXlN0qNxtg4dsh0#p&} zO9N?s7u21CCR0b@9j3=G$S5LX3}^(?(L%&bbyet(Ruq;hWZnqt^&;2v_TtO5z$*beLX zE|9#<#B<619VWwv<|I=wnjo58X85ckw}6P9x>bIMwUhO=E;{Cx(%<0tS($@oLap+b z9-?gg`_1~)EZ+L~a0$Ifvvu5Vuo4(i8U=Q2y*^9I-CefElKY*|@Bt_(7D*~|o_=_b z2wm6ia(=^V!PH|>I0#pw3oSUWf$u2p&&=6A+J7-jf!1C8l}`Iy4o5On5DjF{^tj<3 zMKVxF2Knfbjd;*sjBlJ$L)_Jj;51FQ6qMvRX*Jym%x|PHLBlN8)thGFTr>lY7`~C zMX*_{EQa(L{6?1W){=4;IpU{GSkMQD(qFKB`Qmmo4!Oy6oJC15iNDjuYdu~Ue72u) zW}RC-yp7$3y|*OBP8hI4_dOR{$ZNV*At=tT%MOK&9xzea#<$v*|5Onc+%x8lBYu@R ztegm5P_pb_V3ET>js=76q!6+Z;bDK%GLgrN3H#>Py4vNxKLMf*-(1P6!5xNBBgXO~ ztB^U(0is*Rr)Dy~l@*vvCjIM_32-Y+LtSQjm0jnA6E!KQ(PJUY?rn2GZc|3rlI~9$l$^|-PscU>y=f^F0HWf& zRub@Je{t=kV^IpKTQRInnxocxek3nL+#u1iZ5Aq$yD|~IMdt-5uI&o{R`q_Zhn=G6 zVP@6G9hkqboTp*O1XmD}vk=i`mES=0VhUt`wHqr_adH`>$VVPR`To;@F*w}JR0 z03;w(lQOh=dXIKG0d^pl?jTtIwa|t%vCCRQ)|BvQJ?4hCgfZY-m27v1bDzTOQDePc z28Cz?O$Po>o88Sh2+jrUMY#Uiea$H%+xz2H3Ge;>*FhbxbH9mhBNtBJZSt}UPO~gb z_D-s4F*;$GHwJAOK1-1yUQ|%v)QML!4YMo}OoP0F!tv~+P1t&OHE!s$oxg)Hxpm7( z@2!Gw0>*=;p%sNu%t=sXd<;}RvE#moN6i^T1958)h}`Q>crwX0_Dg#z=RJqysNKw zsgQdV9T+}^KNoftnSk~jQYxT4E)IG=l4wOF4t3~XX4@Z-N|zxtvZbZY`g63@1sv0f z*GgG_dn#4!Z|}oL3Be>~YCBocFEjxv?*28ZXM{TBB(S6E(IS#<=F1%Adt;uU*K0Qp z1n1mlPVEXD5q#E;!%fIB<+qu8LbP*@ZiGPxl`~y19i&cg2wg^jyMC=S4R#;YkddRc z;m0{e{gYJfG|OwSn60W!eclnSzW7JK#cH&;Ivmf_FwhwzpwRp>A431bMf*ooSwlO< zXxV@fM^%`#vHT|Tz+RE&wfz@Kw)`^;7Q$LX{i}qGbII+Nt+E6nn%`MIsp>S*mo2u( zja>-JW{sEu5ya$XnOZA;4+aDG+}wm^rqL1?3Q%X)4j=YJ`>Q{?iOX01e*p|Y^S?{v zXQeg7OMuhj+YL%8YFkVDqzSA6#fy5og|(PX{;E~*{EYCQE)7YAkc{{@^8B-6k|J*E zj`o7kbc>woLx=^bfntMAcLmQ1C_`UAh2u<1o^RI|t)o00VOXlJtXSGb{|3Yp=} zGo#gQ=0=7XJ*AVONQ^R#YK0Y{@IBb8wtXg2=U=h4MYbHY3zD6LzZXBFj)RD@&_=OI;LltVPqJ=0= zgRX67%5Z>&i*G3bPR0g z{?-y@Y@@M&^0&olls&^VoUV~dwqIjpkt~{wXndN;#S;%84UG&est9NF6YrI8O48e# z+)Ep}l2f%>p911yjAu?bqYXAY8g|(vEPGryR+LhCE$4OcD zjIB?>Oc!S*eFi)yn0`-Qb0V|ls635iF>~unvco|UX`u76cJIwaZ0S_q!hL;cJf@~;WIVVY`4YjU!}0Tefyvv?*%Ror`P^bFdx>ZD z?oSAwf_T7ZCOR(_ZG*7_g_;qi(}0L3(9C;9;|hDL)gGCf5WekT877!FIJqPGaT~43 z5~-7fEML1FT*Ea~%g}wc!L6Ug|E=z~eQs8%a3Y42R2DCTo*h?&6PjYCLBLdeVbf@& zO2|d7*Q#Wfe+XbWkorMzv!o>8KGO0lC6h1!Of0tkn?t?O(BUz?Qb$!M0rXVs$uIfL z3x6GpDk)i<4wtU;unUbY->RS^c2XTB7KIk^!0+QI0!qZd2l%>1hQ*nNjl0SLr)AT$ zNB-;9KAI;oIX}~8g3#e(*0CN>&Wc%|vc>Cce9o5%hxl1%XXbpN`Hx9wjPd+2A7&TU zbJ`bXT?jBWe0*l~`_iFoQkIsxvl=d+(go7V?x!O;$|md!(^5`jPIE{LiL%M>YbLKP z!-kN|=v(J2Rux2#&7f!!?hff}a70c{2tg_H%J`zEnB>&k;^q2aB=^rwu0NLVp+bWK z9DX_6Zbe&x(ETzqL|ozXKbE4aEm5M zdz0|3?j}Yz5`n~goZT071Mmy`fQsN{Kt`Qbz3q%1tyBvDnc%lcYz7`Pd&7~p!< zp3l5CEevmfZitf(NMmDB`eiG{RtNP#5gqY*qQ`__fGw&FQWd8)H98^ipK2!uQdS8l z^LZmLKgaLW+aMrnHE=zLqnL32@Nd_i_MQiRwig@^LF~R2XP|fz=6SxEhW4? zuT)Q)&68X03g*ZX%o49`y3yG+m2OOvm5?ht=XZ%EvyC1%*BZo=Ow~Z}?VbRC?x(kU zmnp7h95J4yDQbbWvcaP}^?)k^z_c){W#td*3znq}JR#QC-7pAvz9e%tOIQM%AoKZj z^bY}5?}wUv;fAn|AigX4cxkA_fLXq?na~+1Fp^<3n5^vqRllx2M^~#KgJ}x;aL?Q$g4x^ba!FA7sp;N=m?4j`62>AOAlOG#6}=!ptKrUo;#CW zrUDXSnj>gwhM8G}YO}CW83lP)xa$$p<8Kwcov40>CiVR_!(SPnzt9l5!m46KIl&&F zG{OnZBh9&~mOi{BjB*`W^;X;L!fYb$ON@DN;@IVG`|>{3hHUY=@RyUx7O4AktvJ0Y9w-tUP{$s|G8W%lzr7aMgqBnyBc%*0QLrnP9_ z$NEfmeSR`0&cjN=Kw1U%^{p*ZU)O*w_tCk-96R9d-C(MQW7Q%f z6s97H|6^{UD4)|s+t9zMKZD)TVu3*WNL?HXTNKtW7GZ?D{s08HYV(PnjSSLSL!^cl zZpaVr3e#G~+XeCZnk9mbE|=ENPD$cKw97ZvXie*z??{k{G!SsGl8~CBi%q9^BR=I@ z+U>5AWt5T*WvDw@#wMIpgoT(=NQwTtNc~ZrD6+dPpvq_oI0NDpWb3MRWe2}r++Vi- zCYbhXD`B0Y)=DPecCBeg)^qRU3I8>DuQP6FDrZ@b|C(0}9t_x#jID$8%OubMR#9N% z&Ie@E;sW5ZP9E<2b7+2n{M@v4Og$zr|9I2D?>g>7o(gQf;J@yoB1i7lfh*2K6u?gl zJY6|}iA{(UiU+Jz7j(AIdk@kCPzS z_cC6=sXF*nyLqFg=6*rZolDpU;yeig`&gEG{G8;Dra})u-@5ju%Oh^!U>mNNT%6x8^+jZYEHJNG@vVvW#fXv-sA*2DBE4H3a@wjyuQ zV#L2@FqRD()Np}Zuc$7T!{xvqrV2sw%b{KNIx8nh*s2nRm>FX*ns6aGH_mM+0z$aW ziMP=b+56HOQnGl(GVenW97p>n4_R4-FjruXCijx;7^@z9OEn{X>-B5th1pP=dukD$$U7H8;7;SlS9h{95u z-Mq`WqN?kd#^D)!QmD=9pWxY)4dug+tw4*8Sm<~+Wut_ce#9La7PdBzI;MW~GuZpi zne$+q$iGvtiQ5%bMP!?!yu=rCZEJ5{1?~GeG9E^tqox7LWM%r%;B5!1RLg2}4H#|` zvOg6M=PUd*m*=2kvh>E@v9>DvU0wM6ltrTppYH7xuEZ`0nQ|Dh(5ygR!AvjMjKW$Y zZ;iaLlL_+0bi zjUkB)U6UCZk=+|PoO0Mec4IEwrYa2@K2G1Y?}V3}|U)ajEjd&yV z&|xP7+;Z*tk>^V#uWc`h`0cd#lG~u#ohSF|!aXPttp6aveXw!JU7QNMscv=kJ3!-E zLOH!M`d;*S2xTvM6i^ECqd}dyqnB?{(uQs)Lt$j4ddm^!*_<5#1`OLTKncy&H zx(03$H6z(2PD$_;CxF0mTD=IrQs^#}DC3}DsXvd$A8t}#&F)5w_;Oy@u|ydpJ4gZH z`~p2+%VqonUvLL^_z?s|A|nWJ&WHl27CEX+R{6zA# z0{`*v#3WLEnA!LhO)s~Tm_x=a$C<2vo40=KxZZFqaSg@a4dG0fYaQIyFijK-i-8Ua zX?Z#GPqD{X%4HiFdgk#9ei1RVo>90jNl9C4Vz`GQI--yviy6HtgY2WgR8^AZJ|q_n zU#ioa#O4hdx+4YO_LPc>8u7$*#)rUeF0z)oL3iB2zxSoOov`Cvg~!EQ+cJ|V1wx7} zql@a;_LREUJ=xu69K(^HI!MCWjp>5}Qtwxb#eW~oC6=+!DWTOK@{(OqdM8=FuV>^y z$(l3+=PPjnWvNQ{TG=|uH8GLB@U-cV*F_*R-6F~IY$=ODAnVHoq(95a_J=-+q_^Ul zpDCnHl^mYf@5m_9KhSGN0da3Sqr34E?Y-wN8E|McR^)Hi>-lcsDQc!CDLHMyw?NMp zZt0)7M%RCqOf~IyD275MksIjQB`kpFp)oPs9Ae1j6gJ(dTGa_r;^+e*h^k<`?GN-{ zXN;n?MA_|rpoL9_Z6q=bkoc9te-gG=LJF< z?tvBW*VO!tnTM+cLUx|HVlYxE^1?$;o`3^ab%ar73Ma92Two-yFNK`Dr)2r$W&H}P zZhb1|L<|o_ z{WR7U&&vMfDPnuhcX3A=oTheW=@JR3vcWv_kxf;OzjVqdu8GLeYs|EA2giMnFVZZhZmD+=gAaVh;@|b(q zJO+xP4LQ9_dL!(nn}O3qXWzH@#;t>~%Cvu2%f~2`9QK>2mCy*Y1U)+E#4pBRuhEH) zgu(E4tAZ(FYXwo=4K~7s{+RZvzI^A>xKqYa%cC%|9x_LEqnB^ROx>v#WSh_RIl?Rm z+JhaUOi*>z019v6E382ZV_#;Y&ju4kH>&~kPy(frDAMV7DArpc$eS`l6o>B$O^%|X z7-)+L`ji|jB=BAKRaq)=HG(|XE;FYK(67qvG{z8k*iFbtYwLQPa;<&4#K%U^FV0~#gsB_#p+M{qdv8L|3}>PzyEyg z@Hpgb4o-h)LP*X8#t-DTnwMc+lZDPla_RWPX2cPFl56+v`(cV;0=klQ3pBXFsNHhe zLd0g>Y_k{O|NP|?^~nGL>;*_P+}D3|5l;oOtflNDQA-R;?W&ybfs+p?Z7`~GDcvSa zt*&wyB(&Z*-Zf^&<0jTM{m5hi7^jyIxzwS_%tJ9{GMJxGB+nsE07*1SHr{LdPwok+ z`$p!+>7Dg#gD!dM4sB$Fg7m<@diWJ~;Ey*2;ZB)KR|3x7PwRc+jA6DAx&;9gF$k9U zv()%|4#*_1ZHK>+TT8xjt4RRLZ9tQ~>l5CiUmd^2B?(wekYk=rmQCtW^9NyWPG)h_ z)p%eP$WZf@$rT9Q5_&_3`TwgNwmcnkBOQ)whNgxL%7$qXIRXOs{(vr=#4{>U_!P2e zp{^JHjdA@I!1|bL(R~zw_cP5xqQ-AC2)&JX80JI`C$AD?@SZ`igyFZF&*UV^3Bfh= z4*^*l$3iCS(8z7uG+J0@kKtNMt<|a+H_;)$N)(Q9&Z*nqQu)8{b~3jd%B<`c~D8+Y*&H^L8q6EEnjaA z7~vRpC;}`>%r7k!A-a-81<={7K-b+q(3i+l4j8l-gz7hAQ|{UoUO$>KCqJ1x6`R)C$KzQ6)Ds$FRW^K`=a&KO!=GUzu&-NZSy zqyw~s@;KhjzSD9aOGS$`QL0I=r2@mq-YgvnFb|RSlQ^yd^PKcK_iW#nc%Xifw<;~b zt|lW@!~pD@9CtHP`9&GvoOL5MdY~S*vSdy>(5BeHm4F+z;1ckLaB0QL#Ai9=7>7zP z|8T>O;~YNBil*j~Ft~0ZN<=Ux^P|VUGk||)7pR(V(KQ443oc&>5VPJ(%;H{{m8s^`d*OoGO zVD25;Qnve6K&GQ>{?O)$c=@d`)IEZc;=EzL+MYfd4{lIZodSr4Wz}^L*5B={uO_R1{4p9d1r6 zNtIm_s$CX;7co(KWCZ}%xg%L7aFWqExUU zORnAgLwyi1Dk_w4u(}>g9fn$%&m(KEita9v<;(h*v+!F{JJwM z*$%y4V$==**JsLR$p@+c@6dXGE646`9}YN0%tCu6L0Yw{1ROuO71KFO+=LY{7{A)a zc{!Vq>=3oot-yjIOw-_o*%%*>sRf+L5811Jjs%P%$^KkD6?gabQB!dFnIX@$GlG&I z9#$l>e3F>@6r72nV8m?1vO4lQoL1?_+@1t54(vqNL@|fvI)0?JJ*9t8!JluAwO_q<6P$DKu63%>XeM9>P_M$Up5 zp?kI{ffWuu*gvi$YF9ufUMwx+=TY0~JTghqB{lV+C;urSzx>%Ttv?qQB5#qaUd{{M zpiN?Gq>k5A7VfXT0=aN!ze;}~jX0;eL7hEC9P*$}Q5!{0?piI~;n=3O10gmD(+@H^WsL#n$T1_N#5&h-{L@g!N6?-uFWpRPqiMGZ=A^Ndx|M9T-mWRL!tHKhh!!gA0`;DU~1^QCpW#F4UObgO> zyjbP!?HCdSGkDZj9326GClk3?qoSojZFY+9g1JTE^2Tv89wy}u2lpCn-*Nw#;qKR=nsK>L%ct4V2Aua32v`pegoV3B|71QRaEw|4r z8}PKCWkUVmWCsfI8f@w^%`~jECdL+a$LX0e`+i(gQZ%lnJaUCPGIp7Cb&9i%pev|y z*Hz`ppMSo&K&Y1yc=~%D_>$NctM5p2&#C}fq%Asx&`AS}oOk3=$WD@X?wE@`_WaS0 zZM9KT6UF=FN2%l6DZYC}mautpljoP)(Wu+_rCZrv;hm+mXqOBX>HS-T*b(ZDwXUvB zxhSEj434Q_v8*eXp^C;?J{B^1Ids>VY!mI5nQC=~o5=T1-YQqSi-YdaK4YN%ZcJHm zXYdqLeG+yCJtYy42r*~o?81Do{LNZrX9lN!VUL5{VW~UdX8IhAT^7A{w+9O)<2276 zS^v!#uLNhz8JG%^A7HwN8De=&W^4Zq;~LZ@;7FEr@*M|Rbr)9nrWYr1Sh<(BJV;SB zUh7DD-z9vgLrZcwJs0kraupIEGmu%6QUd+4--mZ0g68jh5+qn!nMzj$Zbj!(w(O0a z+`bVDxbMi*<5XwB17$|KChaDI4h@8X`_eEhIM`@%U2RbfsgM`@rj4{tLu=*ivu9>$ z7^oa`rJ-p!A^VPNcUYaT{Z@wlRzS}c+~JU@my!y`+tA}`qoAzO)u!fi3ePMcs_CRb z5gEvv|6*Vai^ZG2j;Bs3krj z+n=YEw>2XDL(5z%lz~Aia_^*nwKpiiMhsIsAz%!#piyRm9S!Vbtk>*!mP)eTcFqp# zQp21-(A+qEv_j2LaB|I{&E(C^?W4VVwf2j>-nX-m}AjwjqnS?T7K z;N&{E*EfkyU6Jp=db;9O3Rl{wqnE%;k-UoVY8ecE289;rJq&^$mM2u{JxI^;=fG+e zPk^dF$>cECnVOuDg0S-iDGgiThxoPKjxE{JH%^mKBgol{;du;4CUi9J62#YCij8EPaf zp9t6KDNk3I5oq7pq6zL!l9*mZ?R($eL%&?Gw6;Z(FOb|Hv-6!F0rAmP;vv4Y8VAFmOcaKNUYzB#&2H zOj7mHf)Q3$3ndktnpXybvIa&V}_hB9e}@z;t+% z+U4$|%YXPooQ>=UWkI+v>VS;RD4g;-5jCEc|NY8Oj_dOC+Rz4~$3rw-_>RAj9K&)R zqA1A?C9>`WKz%%lvrDQ#eV;ScmipBsNCc6pNJ-s__45_KYVx4x>~SCg)L*?b80mpP zYf+Si$Y24x$(9OsrcyM&ST|JtL90zmA!CxkvY#v#vrU z^1!<+wB*D_!b)iCUS4gxyMzUoX-ZA(bagAV$_QB6<_&qtFqGx9uGeQ;k<~SLA@TGA zLC?pIC}X#Ru5>#mm^H%1sq#(m$?+K0dhe>1a8+UDBqXn_$Ndj!1tYjAwE4A~rcf`% zh`3*O|Ek;a$hgHz3;dFIA_WsS5qvA(1W0#0-RK&{?uv3flrP2H&{N7y7H97Y*pJhc zqKk>P9&&zg*5zhpr2%Z7VyI8W7S)5kmHO5*0#4hq2O~W7r0S@2a+wnk(>gvx zkxeQdb}|avDR?MA6*D#1P|e#>y`Ql6!JV*P_aUbu?lVG+-j7gMwu3pKrqs4W z`E;F)(F4p(8JSMI7={_0&!yg$zQq&E8sR^`8h1kvTqM#%nf0JMVUV^Iv%H)`uSPP8 z;hvaXzP}do;nh`r^7V56ux|0i71zRe+W3buj>T7{p?rwFWE4h}VT`$IQw+b$kW+y``^di;^ikHfQ zd=?Y0kDJVc*K}^z2UBZu)8lYu`~)5W(LCJD-FXiw0AhYIM`e7ABc*{Y)wO5H3blGW z2|v@-pxEVMJ3V$xK?CJ~jhbUnqO+y;Ur&Z`EoJ6xnDj_SiU7R@R+-Ew0^e+}3f)wH ze>Oc6y|M#_$C`ao7rk;lTu{JFH__%vOT~eAu4}!eh>)IK(5-g5{8g>qYXur2xuz?s zBE4|Sfzt1P@z}|qRiMEvNR&4npBi5T8Z(%HMUL6WPN$ENM;Yqqd4BMRN^j6hk1Bc+ zt|E>d<(DBcWusp031-D2y-YEI^ONOKFuPaqBpD#DD^W+-7858GES}~5sm={QLTZFu zc=aOZb$YJCDn=E}y#rqLz#XO^$^usHE8zP~hydcF(1epdj3c$5<@&%hZ7xaDH5)O_ zT`2L(-j6La)k+}DvvM-qmw5`XP(-*ZF{ANYeGu3mlXDvn9K5>fc-BhClob|M_6Io_k*u%3 z5`U(rkm4EzG9cfF{5gfy%Jme5>Rxw((mzz>6&bUN{Kh-Uj2in_(QUwTT*kxxR~R6EDrurG&ACMJz~r}vu-gWOnFd-tn+rJ7<3XT| z(zFONTN2CXp1HUK41M#=u<=Sc#}f0~WD;^59>{b_-CsNvtrwPrLIUDW+rhnKXnVb9 zQVU`Y*FGo-&I#24{NYts_x5rA<&DVpUwX}sQW+pwO@#_5$(42ZlX3C;$%Tp&#co_e zA1T@U_V0q$=a3i3B(|z?#n;KLibxj_Op)@e%MJ}t9Wig3FU(T{>Wak&QF5V7GY2Lp z$K1UwZ7|6Dd@UreL$M;O6)e!T!x1d|J+vYD({2@Q&L9v>E=RQrc2YIX7O2jrvZG>s z$ory+;yjr(L)7%IZwn^|Ds5&%F0H)eGuH$fUM6Dy)2CW=T7W9jM?hZt1qQb9ah9Tg zRYn?7&nE%0kA^4Qe@BFUq|-_;T{Dmu+fm5|twv;6W6T8_R*kBJv-_j{KMyXgga>5K z(gY4h$Uj+xX=@VVnCG%j~*@Rxwl- zW^Z817~to9>r}6*jK$cb$4*6h^=iRcxv!}hnUN;L4M>Hd8S{HAWx)IBOrbE@ z#Bb=Gjd$OWP0(SMH_wZb`#)IRCv#DlwN%LeOg9O~ zp#!hfw){eDRECtlVM?25ctwp z#f#p4MQW$pujZi${O9HG%|ZX_Q32Kzm_9o+&8?QH)prw95z|SbtvL4?eNo-s4SMv( zEPqZPRQa{}cCSFFR;`eg(Z4+3YK0`4v=y>88?QG!XrklD|5;h3?D5q5y6G*7#*bq8 z;KXJ9RnzjTLQ871s}Idrjx&R~=8FP2UiPt|n4<{^^ZNw?tS_=9r8Y)YGHT4d&(hy9 z5xcvl&)FuGnuaZAAgxd2JDJlp~<`f(iU@8*f#KaBpMSFPB#j9usC|md0OY$ib zM9s2@xyyA>bmH7%p*QmO3w_)O@w#KM(3`qmZ2AiHVcNPvTg(}jQVQMc43v%s_HUdw z)s$M7^=?bw3n+*K3wy_G?LtM!)K03ZQ`ZVdybzV{hN=q6ZnI#KU;5DOzihrhYCOT% zL#F}G@JsRh!I|9Xt(NeekxN|w@x;F1JF=aid|H|}+Gvy>f}u_?5-PYVAq#BLpo62$ z4GmYq73JQR6Ba9uDdIMVp2zDfPlUet0&*9Xa_n;zB(~EX_L+DpkguJ@Q+9bTzvcYd|VdS`TiL7LB7S4jlKADj#)J@yf1w90-r4aV6Bq`#mEgIQC@b3aaSaov&XP@D zleUZS<`ygCnK@NmVI0O9gpb8MIe&Lft_GiM{ztp$mNc$LLx)nwSe``y;j--KKrH3A{8Fv36h>dHqOsbh{ z8hAyPTXHn{J=nA18xI}AXKVuIc8?(*OCGIXQ2Z4CPi>R9dr5spe7BhQz% zq(q3CF8AVsgJ;Vj73=$UNZV;C+I3zOCXrDFa6t;!syHO{n39@7s6t+n_isM%-vv?1 zxcp-Pbd7SNn>5PFTp3;Ju2XIbX8p)v_Zj#C$_qrboVT$sz)rD)?jusI{2uYU+EXI{ zQWP9ek{|jlnO0vikF4cdU9nRr^=xKvp=7(qg4vc0RQG6wf+?dCyli9FyHo5>-mS$k zn}s;7yHm3P5AaE{BG_cniZ2y3Z)R*6@1D|BV2n|8#XaTupR>4tL{bhBlMoWN4CrAf zlPB>VAFG*5daD1FSX72m8V+JlU+LjeXL+dlS}C;~cI-akox@rHOQ4nje$QRXm%UB= zMCuhhe^;`&1q!>4v_lS&=M!zrP2JyJvrf}tbc%8^(yV&HOk!2Ff z=O?WRANe{X{{e;^NmCqZchaU@<@_7tL^JfH@t&q6ULfC|%^E4qqWb(J+Pwu>6XB7U z1G3EC;+j&sqOzi|D!I^PFf3u5&mufQ7k$*@`8dN6VaHr&DhBU}?qN-5r6QffWS1r9 zklALn%DRaA*PmS0u9+M5N8$eE$JeT_N&?m=$9#WOd<54= zCTE-wycAqG$P`MnY-^M=E4BX`{yVBS*pp(RgYFLo8OzVPOC*cE6iXQaWZyNh*W6|% z(Ry=y3_hf5d*7~}KV8mso)prgTS$|BGcWUltY_xS7@2a4Z%Tcv^_H$@QtAkd1Biq= z0DA*jTl-bKF`pCxBP^#mdr+^IHCfBvOLtY`h2jdf2+1g4i3I^1(|#T=X!(oWL$(v z*;C32<@RG)#79SPsPPGeV7VTnO>2kiKG z`A?L+hFiSf3Tnm)%_{rE=129&icCmza@ik(E`Uweb z^&g*58y7V!4qT712@|*k$wlH6EYB-$jevCAKR6+04^p|f)B7_l1DBaeg-oDTp6^3- z!V*xl!j+}#x{|9QBZK_u+xNz1Dwo$5rv44dDifY-?dS*6jaww0eE@10UDJVN`W|w7q*nzFMHF+e!GK>YTa!-*)7mcm9VrL7B+A))5}WBktNmRVagE zQn^QXkHf|ttW;x@?Zumw%PwIn(&_yvB zIWuyoSLRn>zUqj0keoO`!{9LTD(T?^>BIXR+%u1knv@A~biGWQww)_uA@{ov*I>U$ z#Wcq{&4^Y>o91S{8KIJP4mhihO?1wD-8j#i$w}MBZ0#^>S^L( zPfx3HgoWcgSvvXPS7xSQcQB+(xsyO8rU+y8dPNXpDFo2FQ`<13=MC#&u7$IrPwYj- z-Pvf-dG80@7$?DRpkV+-0yJ**+I(^OW&bAm%ZQun!LB7Ztykh7 z>PMuI-&QZHrL_l*8T@}++tJZb zWJy;<%^Vz}Hq1sV$T(qxQ8Q8Iz@2fD=7iE>@q3AvEWpKW-!ITja3D zeY%Lm$)O6^UOx%~gbNQ8OrX$+@JV~gRa ziPa#UvhZ&btQUUaMk;=dNYi4C%oz=W&4k`9+b#7RhFM;~z%iYQ;SrF>&hs$amS6>nZW%Uqd0m?ibuz#CK9rLMW)?7vJ0xo!Uz6a=xD_ zx&7pO=)k~hL?NtW&}>(>p!&8UkIA?Njkl1AxiMI_&|7F_4XT-`K9>p$ zyQ`&?=0CE4TmpP~hw{n+2se5}{AL!%nyhDd0VX^>j2W;5WhNUBTpVk=2Ld|Z!>O5$crQ6Dc8g}j+c+WR(HLS_EQf$mA2k!CS$Cw5aa=N+9 ztOY+(&6J({XhP7bgeZGwzZCg8Y6Wqslm1`e)~S6K8K{;*%qz3drVYXTh&~{)jv^%$ z{%`&Hi=6bmztuyDzGLWNm)Buf3FFE@z6d#W&^yC;DQg|zzK)^jf^yXytZmkAO@&0^ zcMRXE0ls^ZqP1J*DbMAwMU`dj7(Y?tYOQ4TcCtCr5lJNNrI%tj=WYsoWX<99}ZRD1f{nOkv1sh6zOaRjm<-Vjt;*M)8qh6L#MH|=_l%J^n``dYI8H*5x z(^h_0nOzWuLG}WB-T7=?o|+#q@8V^r>2cc+8yd0VEULsIh+R}{>{)+4@ISdUb}0z|@jiC8J^na&ZLvb+R%t<%i<-^c z^J)q7v*_0HQaw70Fm&+U!#_(VP+WLEg2GE60&LpH&*xR*l?=)v;C4BdxeWnBFL2qf zcO9B$^RMp`7j4d*PWJ+>dAeeYIBnKHqEg^#i|2foFmxLl_*}v42sU@+%-nDcIMXf< zKkP}`hOQqfn8sG*YSD6MMbYg{QkHQPq)EnlfiF0vuS($qia)-f%ljkJ)l?LuYc|9$ zXW0Szikkz59gdGM;dFwPkk3Je-ewlxsZw08L1Q_2OjcLuh)(pmhS3sfc<)8H&Yvz52W`JCV(S@q%-%}$pC_a8 zCQ0A+V1%BV0RZ_=yQe=esbm3yRL$+8l&&C<0=LR5Xb}Af&d_*Zri7uf8|ndoSiu(YemVNzk}!1WFnu4a-%8KWBC zs$P@b`wT_FU6vzn_m9fF^g+|f;;Y$>#V&WcmW{fS5#?07ET?yD9W$=Y5c zmX3tw@DS8ng7owwdjmnZU;RsTH$>+x1rrjEO{KpS7)1e(Cyj#S&$KxBE>BZF%9P9C zF1Ge*0WDx+7;L#eldFhtO;$B6G0%J(F=VyERMx__IafA}d#csDfR!<|Teza8wK5_T zVPxn``uMy?L&Z8|RQb0PiN+%ps0=w(F*J`L$CUtdyUg~ka1RHZiBivP(7eII!V~oe zc0)Yoc*dR3?+?W%hZtNP!o%6W*l9*eL$*>RohC(Az2&=_Yd5`8O2G3a2Bw*A6O4us zEM}WTMWvh{%Yn}t>rEUQ-ZqnNs&tc?f)G=aX5hN)X_6Du;yB9~Hnp?gFV$*J&lner z0rBV2n_^Nw;uKGG=$Xn2-&oT9F!_KdMf~Z6Sp!n6`dTa!Y;+bkf!QLys|ItLuBPl6 zZEA3J-FR*?;u0#cwqZz09YkEu$tZOK)Lx>hxA>VTgI#}(6(O;RhviV8&ZD6vFJQx0 z4CEsK0eht>s{i?#cLpG==tg&B`E6q%@r%eZ$!@@M%|oJ5)F0DsZlOVc{%^gEvM^{C zt`PsGwEJq{Fu+){iFamqiBvBD>75hmC>kvdtYcFrU}iWs)=VrIeRlr5mr1Ln8sX)x92ni4}eeWG|1xf+2iw%c^s8v)Bh$TRytwR$) zLRXo;`c|2BaH&o8CYDvr8M3G2y5HVs|32#6;X9muQsB1j>LxcGs*U)C>;`pfd-@8`qNFX5PgImDVmsR<6r_oRapIJiehTDL0H3jH&)2eXTgqdh^ z&Mcg0qQ_aoHx-7-k;1-=8qZ76aOyOw33cLGxoZ@Cl=~woKlMM514wN{&{y7h)GtHj zJGK3-atluJ7Cuggdi>wk?B^{HRxDRF$Ozqk;iuntLk(*re=lUQ%XLj0GYhdg;ZJ}+C@EAwVXSUzR&svc37cFgWn**q*A#;1@q-&b?X!-} zQA9TgV|&z}HP|oOQxW(xVrYf^MDRPsAHtGLTzTGKW+(;xYmj%OjpoOm&Lmf!nOk}j z=U7==ut;;1J~t!Y0UnP8_oYT&uhch31~1O`1-&$Ei#2u%f9R6lg3>A8tm|zG@uLzkS zS~^$zh`K-ErtjRQgq4}GfvCh+N~`s1{XUa*X@?MJprUnbWXzg{Bt2)$!Oi%N+zRHkJm4;q6h=8@z4@Uq1 literal 0 HcmV?d00001